This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/db-wg@ripe.net/
[db-wg] Route(6) objects
- Previous message (by thread): [db-wg] Route(6) objects
- Next message (by thread): [db-wg] Route(6) objects
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Kaupo Ehtnurm
kaupo at wavecom.ee
Fri Jul 7 16:51:52 CEST 2023
Hello Here the problem is "for longer defensive prefixes" For example in normal situation I advertise /32 to my ip transit providers. When DDoS happens then one of my providers will start advertisin 1x/48 of my /32 prefix to hi-jack the route from us and filter it. But in order for that provider to be able to do that I need ROA records and route6 objects pointing that all of the /48s that fit into my /32 would be originated from that provider. There is no issue with ROA records, because I can say that maximum prefix that this provider can advertise is /48 of my /32. But as far as I know I cannot do the same with route6 objects, I need to create all the /48 route6 objects pointing to that provider(65535 objects). But in ripe as far as I know there is 1000 objects per day limitation that I can create. With this rate I will create more than 2 months these objects only for 1x/32. What If I need to protect 5x/32? :) In my opinion managing these is a nightmare and it also creates unnecessary amount of objects to IRR db. Lugupidamisega / Best regards, Kaupo Ehtnurm Network & System administrator WaveCom AS ISO 9001 & 27001 Certified DC and verified VMware Cloud kaupo at wavecom.ee | +372 5685 0002 Endla 16, Tallinn 10142 Estonia | [ http://www.wavecom.ee/ | www.wavecom.ee ] ----- Original Message ----- From: "Randy Bush" <randy at psg.com> To: "Kaupo Ehtnurm" <kaupo at wavecom.ee> Cc: "Kaupo Ehtnurm via db-wg" <db-wg at ripe.net> Sent: Friday, July 7, 2023 5:36:19 PM Subject: Re: [db-wg] Route(6) objects > By doing this the internet will always (also under normal > circumstances) prefer that one provider. 0 - register irr and rpki objects for aggregates and for longer defensive prefixes 1 - announce only aggregates to both providers 2 - when ddosed, - do not change announcement of aggregate to non-mediating - deaggregate announcement to mediating provider 3 - when ddos ends, return to state 1 randy
- Previous message (by thread): [db-wg] Route(6) objects
- Next message (by thread): [db-wg] Route(6) objects
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]