This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[db-wg] Route(6) objects
- Previous message (by thread): [db-wg] Route(6) objects
- Next message (by thread): [db-wg] Route(6) objects
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Nick Hilliard
nick at foobar.org
Wed Jul 12 16:09:03 CEST 2023
Kaupo Ehtnurm wrote on 12/07/2023 14:43: > I was hoping that somebody is experienced with this situation and > could advise me, what the correct way by-the-book would be. a /32 will work just fine. The IRRDB design is too simplistic to model even basic inter-domain routing policies properly, so there is no "by the book" option which will work without breaking something else, badly. 65k /48 entries will break things on the internet. If you have a /29, then that's 512k entries, which will cause even more trouble. Transit providers and DDOS mitigation companies understand this, and take it into account. Your only concern in this situation should be whether your DDOS mitigation provider will accept more-specifics, and this will depend on the relationship they have with their upstreams. I.e. it's not RIPE DB-WG you need to check this out with, it's your DDOS provider. Nick > But I will just accept creating /32 route6 object and hope that the > /48s won't be filtered out only because of the inaccuracy of route6 > object in different ASs across the globe. > > Lugupidamisega / Best regards, > > Kaupo Ehtnurm > > > Network & System administrator > WaveCom AS > ISO 9001 & 27001 Certified DC and verified VMware Cloud > kaupo at wavecom.ee | +372 5685 0002 > Endla 16, Tallinn 10142 Estonia | www.wavecom.ee <http://www.wavecom.ee/> > > ------------------------------------------------------------------------ > *From: *"Nick Hilliard" <nick at foobar.org> > *To: *"Kaupo Ehtnurm" <kaupo at wavecom.ee> > *Cc: *"Kaupo Ehtnurm via db-wg" <db-wg at ripe.net> > *Sent: *Wednesday, July 12, 2023 3:51:00 PM > *Subject: *Re: [db-wg] Route(6) objects > > Kaupo Ehtnurm wrote on 10/07/2023 08:06: > > No, but I was wondering what do other AS-s do with my ipv6 prefix, > if they are using IRR filtering in bgp. > I am not talking only about providers and providers providers. I > am talking about all the AS-s in that participate in the global > table and accept the full bgp table and filter it based on the IRR > and/or ROA record. How can I be sure that they won't just drop my > prefixes only because of the incorrect route6 object values? > To eliminate the risk of my prefix getting blocked in some third > party AS I would like to have correct route(6) objects, not almost > correct (which technically are incorrect). > > > Most transit providers accept <= the route/route6 prefix length. Some > IXPs filter strictly. > > The best thing to do is to test this out and see if announcing an > upstream /48 works. You can use e.g. ripe atlas or other measurement > networks to test connectivity paths while upstream mitigation is in > place, both with a /48 IRRDB entry for the announcement in question, > and without. This should give you a clear idea about whether using > individual /48s is worth the effort (I suspect the answer is probably > not). > > Nick > -------------- next part -------------- An HTML attachment was scrubbed... URL: </ripe/mail/archives/db-wg/attachments/20230712/6477c42a/attachment.html> -------------- next part -------------- A non-text attachment was scrubbed... Name: image.png Type: image/png Size: 2985 bytes Desc: not available URL: </ripe/mail/archives/db-wg/attachments/20230712/6477c42a/attachment.png>
- Previous message (by thread): [db-wg] Route(6) objects
- Next message (by thread): [db-wg] Route(6) objects
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]