<html theme="default-light" iconset="color"><head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head><body style="font-family: Calibri; font-size: 14px;"
text="#485663"><div style="font-size: 14px;font-family: Calibri;"><span>Kaupo
Ehtnurm wrote on 12/07/2023 14:43:</span><br><blockquote type="cite"
cite="mid:1708658273.105623.1689169381026.JavaMail.zimbra@wavecom.ee"><div
style="font-family: arial, helvetica, sans-serif; font-size: 12pt;
color: #000000">I was hoping that somebody is experienced with this
situation and could advise me, what the correct way by-the-book would
be.<br></div></blockquote><br>a /32 will work just fine. The IRRDB
design is too simplistic to model even basic inter-domain routing
policies properly, so there is no "by the book" option which will work
without breaking something else, badly. 65k /48 entries will break
things on the internet. If you have a /29, then that's 512k entries,
which will cause even more trouble. <br><br>Transit providers and DDOS
mitigation companies understand this, and take it into account. Your
only concern in this situation should be whether your DDOS mitigation
provider will accept more-specifics, and this will depend on the
relationship they have with their upstreams. I.e. it's not RIPE DB-WG
you need to check this out with, it's your DDOS provider.<br><br>Nick<br><br><blockquote
type="cite"
cite="mid:1708658273.105623.1689169381026.JavaMail.zimbra@wavecom.ee"><div
style="font-family: arial, helvetica, sans-serif; font-size: 12pt;
color: #000000"><div>But I will just accept creating /32 route6 object
and hope that the /48s won't be filtered out only because of the
inaccuracy of route6 object in different ASs across the globe.</div><div><br></div><div
data-marker="__SIG_PRE__"><div style="font-family:'helvetica' ,
'arial';font-size:12.96px;background-color:rgb( 253 , 253 , 253 )"><span
style="font-size:11pt">Lugupidamisega / Best regards,</span><br><br><span
style="font-size:11pt">Kaupo Ehtnurm</span></div><div
style="font-family:'helvetica' ,
'arial';font-size:12.96px;background-color:rgb( 253 , 253 , 253 )"><span
style="font-size:11pt"><br></span></div><div
style="font-family:'helvetica' ,
'arial';font-size:12.96px;background-color:rgb( 253 , 253 , 253 )"><span
style="font-size:11pt"><img
data-mce-src="https://zimbra.wavecom.ee/home/kris@wavecom.ee/Briefcase/logo
signatuur.png" src="cid:part1.71AF2640.59145E9D@foobar.org"
name="image.png"></span><br><span style="font-size:11pt">Network &
System administrator</span></div><div style="font-family:'helvetica' ,
'arial';font-size:12.96px;background-color:rgb( 253 , 253 , 253 )"><span
style="font-size:11pt">WaveCom AS <br></span></div><div
style="font-family:'helvetica' ,
'arial';font-size:12.96px;background-color:rgb( 253 , 253 , 253 )"><span
style="font-size:11pt">ISO 9001 & 27001 Certified DC and verified
VMware Cloud<br></span></div><div style="font-family:'helvetica' ,
'arial';font-size:12.96px;background-color:rgb( 253 , 253 , 253 )"><span
style="font-size:11pt"><span class="Object"
id="OBJ_PREFIX_DWT778_ZmEmailObjectHandler" style="color:darkblue"><span
class="Object" id="OBJ_PREFIX_DWT796_ZmEmailObjectHandler"><a class="moz-txt-link-abbreviated" href="mailto:kaupo@wavecom.ee">kaupo@wavecom.ee</a></span></span> | <span
class="Object" id="OBJ_PREFIX_DWT779_com_zimbra_phone"
style="color:darkblue"><a style="color:darkblue" moz-do-not-send="true">+372
5685 0002</a></span></span><br><span style="font-size:11pt">Endla 16,
Tallinn 10142 Estonia | <span class="Object"
id="OBJ_PREFIX_DWT780_com_zimbra_url" style="color:darkblue"><span
class="Object" id="OBJ_PREFIX_DWT797_com_zimbra_url"><a
href="http://www.wavecom.ee/" style="color:darkblue" rel="nofollow
noopener noreferrer nofollow noopener noreferrer" target="_blank"
moz-do-not-send="true">www.wavecom.ee</a></span></span></span></div></div><div><br></div><hr
id="zwchr" data-marker="__DIVIDER__"><div data-marker="__HEADERS__"><b>From:
</b>"Nick Hilliard" <a class="moz-txt-link-rfc2396E" href="mailto:nick@foobar.org"><nick@foobar.org></a><br><b>To: </b>"Kaupo
Ehtnurm" <a class="moz-txt-link-rfc2396E" href="mailto:kaupo@wavecom.ee"><kaupo@wavecom.ee></a><br><b>Cc: </b>"Kaupo Ehtnurm via
db-wg" <a class="moz-txt-link-rfc2396E" href="mailto:db-wg@ripe.net"><db-wg@ripe.net></a><br><b>Sent: </b>Wednesday, July 12, 2023
3:51:00 PM<br><b>Subject: </b>Re: [db-wg] Route(6) objects<br></div><div><br></div><div
data-marker="__QUOTED_TEXT__"><div
style="font-size:14px;font-family:'calibri'">Kaupo
Ehtnurm wrote on 10/07/2023 08:06:<br><blockquote><div
style="font-family:'arial' , 'helvetica' ,
sans-serif;font-size:12pt;color:#000000"><span
style="color:#000000;font-family:'calibri';font-size:14px;font-style:normal;font-weight:400;letter-spacing:normal;text-indent:0px;text-transform:none;word-spacing:0px;white-space:normal;background-color:#ffffff;display:inline
!important;float:none">No, but I was wondering what do other AS-s do
with my ipv6
prefix, if they are using IRR filtering in bgp. <br></span><div><span
style="color:#000000;font-family:'calibri';font-size:14px;font-style:normal;font-weight:400;letter-spacing:normal;text-indent:0px;text-transform:none;word-spacing:0px;white-space:normal;background-color:#ffffff;display:inline
!important;float:none"><span
style="color:#000000;font-family:'calibri';font-size:14px;font-style:normal;font-weight:400;letter-spacing:normal;text-indent:0px;text-transform:none;word-spacing:0px;white-space:normal;background-color:#ffffff;display:inline
!important;float:none">I am not talking only about providers and
providers
providers. I am talking about all the AS-s in that participate in the
global table and accept the full bgp table and filter it based on the
IRR and/or ROA record. How can I be sure that they
won't just drop my prefixes only because of the incorrect route6 object
values?</span></span><div>To eliminate the risk of my prefix getting
blocked in some third party AS I would like to have correct route(6)
objects, not almost correct (which technically are incorrect).</div></div></div></blockquote><br>Most
transit providers accept <= the route/route6 prefix length. Some
IXPs filter strictly.<br><br>The best thing to do is to test this out
and see if announcing an upstream /48 works. You can use e.g. ripe
atlas or other measurement networks to test connectivity paths while
upstream mitigation is in place, both with a /48 IRRDB entry for the
announcement in question, and without. This should give you a clear
idea about whether using individual /48s is worth the effort (I suspect
the answer is probably not).<br><br>Nick</div><br></div></div></blockquote><br></div></body></html>