<html><body><div style="font-family: arial, helvetica, sans-serif; font-size: 12pt; color: #000000"><div>Hello</div><div><br data-mce-bogus="1"></div><div>For example I have 2001:1234::/32 ipv6 network.<br>And I want to start using DDoS protection service that one of my ip transit provider offers.</div><div>But my edge routers are multihomed and enabling ddos protection on one transit provider lets half of the attack still come in from our other ip transit providers in case of DDoS attack.</div><div>But if our ip transit provider that provides also a ddos protection would hijack the routes from us with more specific routes, then instead of traffic flowing from my other ip transit providers to my AS it flows to my DDOS protection providers AS.</div><div>Route hijacking solves the problem where half of the attack still comes in to my AS from other transit providers.</div><div>For in order for the DDoS protection service provider to be able to hijack the routes correctly from us we need to have more specific ROA and route(6) objects done.</div><div>With ROA it is easy, I just create the following ROA: "<span style="color: #000000; font-family: arial, helvetica, sans-serif; font-size: 16px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; white-space: normal; background-color: #ffffff; text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; display: inline !important; float: none;" data-mce-style="color: #000000; font-family: arial, helvetica, sans-serif; font-size: 16px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; white-space: normal; background-color: #ffffff; text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; display: inline !important; float: none;">2001:1234::/32 max length 48 ASN AS1234"</span></div><div><span style="color: #000000; font-family: arial, helvetica, sans-serif; font-size: 16px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; white-space: normal; background-color: #ffffff; text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; display: inline !important; float: none;" data-mce-style="color: #000000; font-family: arial, helvetica, sans-serif; font-size: 16px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; white-space: normal; background-color: #ffffff; text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; display: inline !important; float: none;">But with route(6) objects this isn't so easy, because these objects don't have max length or any other operators that it accepts.</span><!--EndFragment--><div style="clear: both;" data-mce-style="clear: both;">And because of that I need to hope the entire internet to accept all the /48s that fit into <!--StartFragment--><span style="color: #000000; font-family: arial, helvetica, sans-serif; font-size: 16px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; white-space: normal; background-color: #ffffff; text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; display: inline !important; float: none;" data-mce-style="color: #000000; font-family: arial, helvetica, sans-serif; font-size: 16px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; white-space: normal; background-color: #ffffff; text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; display: inline !important; float: none;">2001:1234::/32 prefix if I have following route6 object: </span>"<span style="color: #000000; font-family: arial, helvetica, sans-serif; font-size: 16px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; white-space: normal; background-color: #ffffff; text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; display: inline !important; float: none;" data-mce-style="color: #000000; font-family: arial, helvetica, sans-serif; font-size: 16px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; white-space: normal; background-color: #ffffff; text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; display: inline !important; float: none;">2001:1234::/32 AS1234".</span><!--EndFragment--><div style="clear: both;" data-mce-style="clear: both;">But to be correct with my db records I would need to make all the /48 route6 objects that fit into that /32 and instead of 1 object I need to create 65536 objects.</div><div style="clear: both;" data-mce-style="clear: both;">First of all I would hit the object creation limit per day in ripe DB. With this limit enabled, I would create the records over 2 months.</div><div style="clear: both;" data-mce-style="clear: both;">And the manageability of those records would be a nightmare.</div><div style="clear: both;" data-mce-style="clear: both;"><br data-mce-bogus="1"></div><div style="clear: both;" data-mce-style="clear: both;">If ROAs and route(6) objects go hand-in-hand anyway for the most of the time, then why can't route objects have "max length" or somekind of operator like ROAs have?</div></div></div><div><br data-mce-bogus="1"></div><div><br></div><div data-marker="__SIG_PRE__"><div style="font-family:'helvetica' , 'arial';font-size:12.96px;background-color:rgb( 253 , 253 , 253 )"><span style="font-size:11pt">Lugupidamisega / Best regards,</span><br><br><span style="font-size:11pt">Kaupo Ehtnurm</span></div><div style="font-family:'helvetica' , 'arial';font-size:12.96px;background-color:rgb( 253 , 253 , 253 )"><span style="font-size:11pt"><br></span></div><div style="font-family:'helvetica' , 'arial';font-size:12.96px;background-color:rgb( 253 , 253 , 253 )"><span style="font-size:11pt"><img data-mce-src="https://zimbra.wavecom.ee/home/kris@wavecom.ee/Briefcase/logo signatuur.png" src="cid:c9fc7b6bb402e573dfe4668eb81b82e9251cb7b0@zimbra"></span><br><span style="font-size:11pt">Network & System administrator</span></div><div style="font-family:'helvetica' , 'arial';font-size:12.96px;background-color:rgb( 253 , 253 , 253 )"><span style="font-size:11pt">WaveCom AS <br></span></div><div style="font-family:'helvetica' , 'arial';font-size:12.96px;background-color:rgb( 253 , 253 , 253 )"><span style="font-size:11pt">ISO 9001 & 27001 Certified DC and verified VMware Cloud<br></span></div><div style="font-family:'helvetica' , 'arial';font-size:12.96px;background-color:rgb( 253 , 253 , 253 )"><span style="font-size:11pt"><span class="Object" id="OBJ_PREFIX_DWT778_ZmEmailObjectHandler" style="color:darkblue"><span class="Object" id="OBJ_PREFIX_DWT796_ZmEmailObjectHandler">kaupo@wavecom.ee</span></span> | <span class="Object" id="OBJ_PREFIX_DWT779_com_zimbra_phone" style="color:darkblue"><a style="color:darkblue">+372 5685 0002</a></span></span><br><span style="font-size:11pt">Endla 16, Tallinn 10142 Estonia | <span class="Object" id="OBJ_PREFIX_DWT780_com_zimbra_url" style="color:darkblue"><span class="Object" id="OBJ_PREFIX_DWT797_com_zimbra_url"><a href="http://www.wavecom.ee/" style="color:darkblue" rel="nofollow noopener noreferrer nofollow noopener noreferrer" target="_blank">www.wavecom.ee</a></span></span></span></div></div></div></body></html>