This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[db-wg] Route(6) objects
- Previous message (by thread): [db-wg] Route(6) objects
- Next message (by thread): [db-wg] Route(6) objects
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Kaupo Ehtnurm
kaupo at wavecom.ee
Wed Jul 12 15:28:51 CEST 2023
Hello I have never said that I want 100% of the world to accept my ipv6 /48 prefixes. I am sorry if I haven't been clear enough. But again I will try to explain my situation. I am about 10% certain that ASs that filter their BGP table according to IRR info would accept the /48 prefixes that have /32 route6 object(In good conscience and bearing in mind BGP security risks I wouldn't accept these prefixes). But I would be 90% certain that with /48 route6 object the /48 prefixes get accepted. Do you see the difference here? I am talking about if some AS-s filter their bgp table according to IRR info, then how does plain /32 route6 object cover all the /48s within that /32 prefix? If theoretically it would be possible then I would just configure "::/0 AS1234" and that would cover everything right? As I am trying to explain then correct records in my opinion greatly increases the odds of my prefix being accepted world wide. Maybe they can, maybe they can't advertise /33, /34 etc... I would like the provider to hijack most specific prefix in order to avoid the unnecessary redirection of other customers traffic that fit into that /33 or /34 etc. But no need to further discuss this subject. I will just use /32 route6 object for all the /48 that fit that /32. Lugupidamisega / Best regards, Kaupo Ehtnurm Network & System administrator WaveCom AS ISO 9001 & 27001 Certified DC and verified VMware Cloud kaupo at wavecom.ee | +372 5685 0002 Endla 16, Tallinn 10142 Estonia | [ http://www.wavecom.ee/ | www.wavecom.ee ] ----- Original Message ----- From: "Cynthia Revström" <me at cynthia.re> To: "Kaupo Ehtnurm" <kaupo at wavecom.ee> Cc: "DB-WG" <db-wg at ripe.net> Sent: Monday, July 10, 2023 3:36:42 PM Subject: Re: [db-wg] Route(6) objects Look, you can never be certain that 100% of networks are going to accept your prefixes but for DDoS that shouldn't matter as others have pointed out. What I can say is please don't create 65536 route6 objects or otherwise I feel like we are going to have to start discussion about a policy to prevent people doing that. Also why do you need them to be advertised as /48s? If you just need them to be more specific than a /32 couldn't you just do /33s, /34s, /35s, /36s, or something like that? -Cynthia On Mon, Jul 10, 2023 at 2:13 PM Kaupo Ehtnurm via db-wg <db-wg at ripe.net> wrote: > > Hello > > Thank you very much for the explanation. > But I think we have steered away a little bit from my original question. > > As I can conclude from all the answers earlier, then still my only option if I want my ip transit provider to be able to advertise some /48 within my /32 at random times and for random durations is using /32 as route6 object and hope that everyone in the internet filters "2001:1234::/32 le 48 permit" or "2001:1234::/32 eq 48 permit" instead of "2001:1234::/32 permit"? > Or actually make the 65536 route6 objects (for each of the /48 that fits into that /32)? > Or is there a third possibility instead hoping that AS-s from all over the internet are familiar with this kind of issue and allow /48 prefixes into their routers instead of exact /32 prefix (although the route6 object states that our provider should advertise only /32) or making unnecessary amount(65536 objects for 1x/32) of route6 objects? > > I ultimatelly want my ip transit provider to be able to advertise different /48 prefixes at random times for random durations. And want it to pass IRR filtering also, not just rpki filtering in different ASs across the globe. > > > Lugupidamisega / Best regards, > > Kaupo Ehtnurm > > > Network & System administrator > WaveCom AS > ISO 9001 & 27001 Certified DC and verified VMware Cloud > kaupo at wavecom.ee | +372 5685 0002 > Endla 16, Tallinn 10142 Estonia | [ http://www.wavecom.ee/ | www.wavecom.ee ] > > ----- Original Message ----- > From: "Job Snijders" <job at sobornost.net> > To: "Kaupo Ehtnurm" <kaupo at wavecom.ee> > Cc: "Nick Hilliard" <nick at foobar.org>, "Kaupo Ehtnurm via db-wg" <db-wg at ripe.net> > Sent: Monday, July 10, 2023 2:18:57 PM > Subject: Re: [db-wg] Route(6) objects > > Dear Kaupo, others, > > (Speaking as individual working group contributor.) > > On Mon, Jul 10, 2023 at 10:06:30AM +0300, Kaupo Ehtnurm via db-wg wrote: > > Since route6 object is a must and ROA is a should and they ultimately > > fill the same purpose, than why isn't there a "max length" in route6 > > object? > > That's a good question! > > The specification of IRR 'route6:' objects pre-dates the specification > of RPKI ROAs by a number of years. One explanation might be that the > designers of RPSL-NG simply didn't think of it. > > Another aspect is that RPKI ROAs are used as an input into the RFC 6811 > Origin Validation procedure (which yields invalid/valid/not-found as > outcomes), but no such algorithm existed when RPSL-NG route/route6 > objects were defined. I can see how RPKI ROAs and RPSL-NG route/route6 > objects look kind of similar from a high level, but the devil is in the > details: they do fulfill slightly different purposes. > > It's important to note that in recent years new insights arose how to > make the best use of RPKI ROAs: last year's BCP 185 / RFC 9319 > recommends to avoid using the maxLength attribute in RPKI ROAs. > > Porting 'maxLength' functionality to RPSL-NG route/route6 objects would > represent a significant community effort: people would need to write an > Internet-Draft to specify what the field really means, and lots of > software toolchains would need updating. Given that maxLength in RPKI > ROAs was not universially perceived as a good idea, I'm not very > optimistic that porting such functionality to the 'legacy' IRR system is > worth the effort. > > Kind regards, > > Job > > -- > > To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://mailman.ripe.net/
- Previous message (by thread): [db-wg] Route(6) objects
- Next message (by thread): [db-wg] Route(6) objects
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]