This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[routing-wg] RPKI ROA MaxLength - feature or misfeature? (UX/security)
- Previous message (by thread): [routing-wg] Weekly Global IPv4 Routing Table Report
- Next message (by thread): [routing-wg] RPKI ROA MaxLength - feature or misfeature? (UX/security)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Job Snijders
job at fastly.com
Fri Dec 10 19:10:49 CET 2021
Hi all, I'm writing the working group to initiate some conversation about a long-standing point of confusion in the RPKI ecosystem: the ROA MaxLength field. What is the ROA MaxLength field? ================================ The data format profile of RPKI ROAs allows an operator to specify the following fields: * 1 (one) Origin AS * one or more IPv4 or IPv6 prefixes * for each IP prefix, a so-called 'MaxLength' value Operators are allowed to create multiple ROAs with different Origin ASNs covering the same prefix, folks can mix-and-match as needed. The "MaxLength" feature essentially is a macro function (a 'shortcut'): when you create a ROA with the following parameters: Prefix: 2001:67c:208c::/48 MaxLength: 50 Origin AS: 15562 The above Prefix + Maxlength has the exact same meaning as: Prefix: 2001:67c:208c::/48 or 2001:67c:208c::/49 or 2001:067c:208c:8000::/49 or 2001:67c:208c::/50 or 2001:67c:208c:4000::/50 or 2001:67c:208c:8000::/50 or 2001:67c:208c:c000::/50 Origin AS: 15562 The confusion & an UX experiment proposal ========================================= I suspect that many people think that "xxx/48 maxlength 50" means "the /48, AND the four individual /50s" (mentally skipping over the intermediate /49s). Going back as far as 2011 [1] - the concept of "MaxLength" appeared less than straight-forward, the quest for a good 'default setting' seems a challenge. My experience at NTT taught me that encouraging customers to create IRR "route:" or "route6:" objects that *exactly* match what people intend to announce in the BGP plane, greatly simpifies things. Just register what you want to announce, nothing more, nothing less. A proposal for UX experiment: would it be beneficial to HIDE the 'maxlength' field (for some period of time) in the RPKI ROA management system hosted by RIPE NCC? If the option isn't there, it can't confuse people. Wouldn't it be better to encourage people to create ROAs that align one-to-one with BGP announcements? (keep in mind: IRR route/route6 objects don't have the notion of maxlength). Or an enhancement: a button "also create ROAs for all /24s and /48s, but not the intermediate prefix lengths". This saves people a lot of clicking if they want to prepare for maximum de-aggregation. Is MaxLength used in the wild? ============================== Only 15% of Validated ROA Payloads (VRPs) under the RIPE NCC Trust Anchor have the MaxLength field set to something other than the aggregate Prefix Length. I'm not entirely convinced that accommodating the 15% is worth the hassle of explaining what the heck MaxLength is. Removing MaxLength from the UI does not in any way impact anyone's ability to create as many ROAs as they deem fit, it just forces people to be precise! :-) Thoughts? Kind regards, Job [1]: https://labs.ripe.net/author/alexband/using-the-maximum-length-option-in-roas/
- Previous message (by thread): [routing-wg] Weekly Global IPv4 Routing Table Report
- Next message (by thread): [routing-wg] RPKI ROA MaxLength - feature or misfeature? (UX/security)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]