This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/

max len in roas

Previous message (by thread): RIPE 62: Remote Participation
Next message (by thread): Participate Now: RIPE NCC Membership and Stakeholder Survey

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Randy Bush randy at psg.com
Tue May 10 11:13:03 CEST 2011

re alex's preso on how the ripe/ncc roa generation gui works, with help
from geoff, the latest version of draft-ietf-sidr-origin-ops gives more
detailed advice on the subject.

   Use of RPKI-based origin validation obviates the utility of
   announcing many longer prefixes when the covering prefix would do.

   To aid translation of ROAs into efficient search algorithms in
   routers, ROAs SHOULD be as precise as possible, i.e. match prefixes
   as announced in BGP.  E.g. software and operators SHOULD avoid use of
   excessive max length values in ROAs unless operationally necessary.

   Therefore, ROA generation software MUST use the prefix length as the
   max length if the user does not specify a max length.

   Operators SHOULD be conservative in use of max length in ROAs.  E.g.,
   if a prefix will have only a few sub-prefixes announced, multiple
   ROAs for the specific announcements SHOULD be used as opposed to one
   ROA with a long max length.

the third para specifically addresses the issue alex raised, thanks
alex.

randy

Previous message (by thread): RIPE 62: Remote Participation
Next message (by thread): Participate Now: RIPE NCC Membership and Stakeholder Survey

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[ ripe-list Archives ]