This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[routing-wg] RPKI ROA MaxLength - feature or misfeature? (UX/security)
- Previous message (by thread): [routing-wg] Weekly Global IPv4 Routing Table Report
- Next message (by thread): [routing-wg] RPKI ROA MaxLength - feature or misfeature? (UX/security)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Job Snijders
job at fastly.com
Fri Dec 10 19:10:49 CET 2021
Hi all,
I'm writing the working group to initiate some conversation about a
long-standing point of confusion in the RPKI ecosystem: the ROA
MaxLength field.
What is the ROA MaxLength field?
================================
The data format profile of RPKI ROAs allows an operator to specify the
following fields:
* 1 (one) Origin AS
* one or more IPv4 or IPv6 prefixes
* for each IP prefix, a so-called 'MaxLength' value
Operators are allowed to create multiple ROAs with different Origin ASNs
covering the same prefix, folks can mix-and-match as needed. The
"MaxLength" feature essentially is a macro function (a 'shortcut'): when
you create a ROA with the following parameters:
Prefix: 2001:67c:208c::/48
MaxLength: 50
Origin AS: 15562
The above Prefix + Maxlength has the exact same meaning as:
Prefix: 2001:67c:208c::/48 or 2001:67c:208c::/49 or 2001:067c:208c:8000::/49 or 2001:67c:208c::/50 or 2001:67c:208c:4000::/50 or 2001:67c:208c:8000::/50 or 2001:67c:208c:c000::/50
Origin AS: 15562
The confusion & an UX experiment proposal
=========================================
I suspect that many people think that "xxx/48 maxlength 50" means "the
/48, AND the four individual /50s" (mentally skipping over the
intermediate /49s). Going back as far as 2011 [1] - the concept of
"MaxLength" appeared less than straight-forward, the quest for a good
'default setting' seems a challenge.
My experience at NTT taught me that encouraging customers to create IRR
"route:" or "route6:" objects that *exactly* match what people intend to
announce in the BGP plane, greatly simpifies things. Just register what
you want to announce, nothing more, nothing less.
A proposal for UX experiment: would it be beneficial to HIDE the
'maxlength' field (for some period of time) in the RPKI ROA management
system hosted by RIPE NCC? If the option isn't there, it can't confuse
people. Wouldn't it be better to encourage people to create ROAs that
align one-to-one with BGP announcements? (keep in mind: IRR route/route6
objects don't have the notion of maxlength).
Or an enhancement: a button "also create ROAs for all /24s and /48s, but
not the intermediate prefix lengths". This saves people a lot of
clicking if they want to prepare for maximum de-aggregation.
Is MaxLength used in the wild?
==============================
Only 15% of Validated ROA Payloads (VRPs) under the RIPE NCC Trust
Anchor have the MaxLength field set to something other than the
aggregate Prefix Length.
I'm not entirely convinced that accommodating the 15% is worth the
hassle of explaining what the heck MaxLength is. Removing MaxLength from
the UI does not in any way impact anyone's ability to create as many
ROAs as they deem fit, it just forces people to be precise! :-)
Thoughts?
Kind regards,
Job
[1]: https://labs.ripe.net/author/alexband/using-the-maximum-length-option-in-roas/
- Previous message (by thread): [routing-wg] Weekly Global IPv4 Routing Table Report
- Next message (by thread): [routing-wg] RPKI ROA MaxLength - feature or misfeature? (UX/security)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]