This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/ripe-list@ripe.net/
max len in roas
- Previous message (by thread): RIPE 62: Remote Participation
- Next message (by thread): Participate Now: RIPE NCC Membership and Stakeholder Survey
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Randy Bush
randy at psg.com
Tue May 10 11:13:03 CEST 2011
re alex's preso on how the ripe/ncc roa generation gui works, with help from geoff, the latest version of draft-ietf-sidr-origin-ops gives more detailed advice on the subject. Use of RPKI-based origin validation obviates the utility of announcing many longer prefixes when the covering prefix would do. To aid translation of ROAs into efficient search algorithms in routers, ROAs SHOULD be as precise as possible, i.e. match prefixes as announced in BGP. E.g. software and operators SHOULD avoid use of excessive max length values in ROAs unless operationally necessary. Therefore, ROA generation software MUST use the prefix length as the max length if the user does not specify a max length. Operators SHOULD be conservative in use of max length in ROAs. E.g., if a prefix will have only a few sub-prefixes announced, multiple ROAs for the specific announcements SHOULD be used as opposed to one ROA with a long max length. the third para specifically addresses the issue alex raised, thanks alex. randy
- Previous message (by thread): RIPE 62: Remote Participation
- Next message (by thread): Participate Now: RIPE NCC Membership and Stakeholder Survey
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]