<div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr">Hi all,<div><br></div><div>In the attachment is raw data that was used in <a href="https://ripe77.ripe.net/presentations/123-RIPE-NONAUTH.azimov.pdf" target="_blank">https://ripe77.ripe.net/presentations/123-RIPE-NONAUTH.azimov.pdf</a></div><div>It shows a list of globally visible prefixes that have route objects ONLY in RIPE-NONAUTH. For these prefixes, the removal of route objects from this database may lead to DoS.</div><div><br></div><div><b>Numbers for IPv4:</b></div><div><div>Total number of objects - 69178</div><div><br></div><div>Address space covered In other IRRs - 43527</div></div></div></div></div><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div>Address space covered In other IRRs with same ASN - 33839</div></div></div></div></blockquote><div dir="ltr"><div dir="ltr"><div dir="ltr"><div>Unique Objects in RIPE-NONAUTH - 25651</div></div></div></div><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div><div>Globally visible prefixes – 4507</div></div></div></div></div></blockquote><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div><div>ASNs - 543</div></div></div></div></div></blockquote><div dir="ltr"><div dir="ltr"><div dir="ltr"><div><br></div><div><br></div><div><b>Numbers for IPv6:</b></div><div><div>Total number of objects - 1991</div><div><br></div><div>Address space covered In other IRRs - 1502</div></div></div></div></div></div><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div>Address space covered In other IRRs with same ASN - 1336</div></div></div></div></div></blockquote><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div>Unique Objects - 489<br></div></div></div></div></div><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div><div>Globally visible prefixes – 303</div></div></div></div></div></div></blockquote><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div><div>ASNs - 86</div></div><div><br></div></div></div></div></div></blockquote>I haven't yet analyzed to which IRRs the route objects from NONAUTH should belong. So, please take it as input, but there is a significant place for improvement. <br></div><br><div class="gmail_quote"><div dir="ltr">чт, 18 окт. 2018 г. в 12:58, Alexander Azimov <<a href="mailto:aa@qrator.net">aa@qrator.net</a>>:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr">Hi all,<div><br></div><div>In the attachment is raw data that was used in <a href="https://ripe77.ripe.net/presentations/123-RIPE-NONAUTH.azimov.pdf" target="_blank">https://ripe77.ripe.net/presentations/123-RIPE-NONAUTH.azimov.pdf</a></div><div>It shows a list of globally visible prefixes that have route objects ONLY in RIPE-NONAUTH. For these prefixes, the removal of route objects from this database may lead to DoS.</div><div><br></div><div><b>Numbers for IPv4:</b></div><div><div>Total number of objects - 69178</div><div><br></div><div>Address space covered In other IRRs - 43527</div></div></div></div></div><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div>Address space covered In other IRRs
with same ASN - 33839</div></div></div></div></blockquote><div dir="ltr"><div dir="ltr"><div dir="ltr"><div>Unique Objects in RIPE-NONAUTH - 25651</div></div></div></div><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div><div>Globally visible prefixes – 4507</div></div></div></div></div></blockquote><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div><div>ASNs - 543</div></div></div></div></div></blockquote><div dir="ltr"><div dir="ltr"><div dir="ltr"><div><br></div><div><br></div><div><b>Numbers for IPv6:</b></div><div><div>Total number of objects - 1991</div><div><br></div><div>Address space covered In other IRRs - 1502</div></div></div></div></div></div><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div>Address space covered In other IRRs with same ASN - 1336</div></div></div></div></div></blockquote><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div>Unique Objects - 489<br></div></div></div></div></div><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div><div>Globally visible prefixes – 303</div></div></div></div></div></div></blockquote><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div><div>ASNs - 86</div></div><div><br></div></div></div></div></div></blockquote>I haven't yet analyzed to which IRRs the route objects from NONAUTH should belong. So, please take it as input, but there is a significant place for improvement.<br></div></div><br><div class="gmail_quote"><div dir="ltr">чт, 18 окт. 2018 г. в 12:48, nusenu <<a href="mailto:nusenu-lists@riseup.net" target="_blank">nusenu-lists@riseup.net</a>>:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">here is my data for you to scrutinize since<br>
Alexander Azimov (slides [3]) had some slightly different (lower)<br>
numbers (maybe that difference is either caused by a difference in<br>
TALs configured - or just because we didn't produce the data at the very same time<br>
or just a problem on my side)<br>
<br>
[1] 69178 route objects - 758 invalids - 55 of them are announced as defined in the route object<br>
[2] 1991 route5 objects - 16 invalids<br>
<br>
That said these are just current numbers but they obviously will change<br>
over time with the increasing creation of ROA outside of the RIPE region.<br>
<br>
<br>
kind regards,<br>
nusenu<br>
PS: I've a few more remarks but I'll postpone them.<br>
<br>
[1] <a href="https://gist.githubusercontent.com/nusenu/21687b0902cc64cd61b92ec5ae66bbc1/raw/ed4a92f84493ce0e274c1a1890c92aa48c522c17/RPKI-validity-state-of-RIPE-NONAUTH-2018-10-17-2000UTC.txt" rel="noreferrer" target="_blank">https://gist.githubusercontent.com/nusenu/21687b0902cc64cd61b92ec5ae66bbc1/raw/ed4a92f84493ce0e274c1a1890c92aa48c522c17/RPKI-validity-state-of-RIPE-NONAUTH-2018-10-17-2000UTC.txt</a><br>
[2] <a href="https://gist.githubusercontent.com/nusenu/7d4c7f6ea5cadb47ff49760e5f2e5aa0/raw/f30a202baa93fcc9d48ba0af494bd6a7cfe24f44/RPKI-validity-state-of-RIPE-NONAUTH-route6-2018-10-17-2000UTC.txt" rel="noreferrer" target="_blank">https://gist.githubusercontent.com/nusenu/7d4c7f6ea5cadb47ff49760e5f2e5aa0/raw/f30a202baa93fcc9d48ba0af494bd6a7cfe24f44/RPKI-validity-state-of-RIPE-NONAUTH-route6-2018-10-17-2000UTC.txt</a><br>
<br>
format: origin,prefix,RPKI validity state<br>
<br>
[3] <a href="https://ripe77.ripe.net/presentations/123-RIPE-NONAUTH.azimov.pdf" rel="noreferrer" target="_blank">https://ripe77.ripe.net/presentations/123-RIPE-NONAUTH.azimov.pdf</a><br>
<br>
<br>
<br>
-- <br>
<a href="https://twitter.com/nusenu_" rel="noreferrer" target="_blank">https://twitter.com/nusenu_</a><br>
<a href="https://mastodon.social/@nusenu" rel="noreferrer" target="_blank">https://mastodon.social/@nusenu</a><br>
<br>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" class="m_-2131494298810875433gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div style="font-family:Helvetica;font-size:12px;border-collapse:collapse"><font color="#999999">| Alexander Azimov | HLL l QRATOR</font></div><div style="font-family:Helvetica;font-size:12px;border-collapse:collapse"><font color="#999999">| tel.: +7 499 241 81 92</font></div><div style="font-family:Helvetica;font-size:12px;border-collapse:collapse"><font color="#999999">| mob.: +7 915 360 08 86</font></div><div style="font-family:Helvetica;font-size:12px;border-collapse:collapse"><font color="#999999">| skype: mitradir</font></div><div style="font-family:Helvetica;font-size:12px;border-collapse:collapse"><span style="color:rgb(153,153,153)">| visit: </span><a href="http://radar.qrator.net/" target="_blank">radar.qrator.net</a><br></div></div></div>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div style="font-family:Helvetica;font-size:12px;border-collapse:collapse"><font color="#999999">| Alexander Azimov | HLL l QRATOR</font></div><div style="font-family:Helvetica;font-size:12px;border-collapse:collapse"><font color="#999999">| tel.: +7 499 241 81 92</font></div><div style="font-family:Helvetica;font-size:12px;border-collapse:collapse"><font color="#999999">| mob.: +7 915 360 08 86</font></div><div style="font-family:Helvetica;font-size:12px;border-collapse:collapse"><font color="#999999">| skype: mitradir</font></div><div style="font-family:Helvetica;font-size:12px;border-collapse:collapse"><span style="color:rgb(153,153,153)">| visit: </span><a href="http://radar.qrator.net/" target="_blank">radar.qrator.net</a><br></div></div></div>