Greetings:
A discussion has come up in the R&E community about the maximum number
of prefixes one can include in a ROA request in the hosted environment.
Using the feature of pasting in a manually signed ROA, I've been able to
request about 4k prefixes in a single ROA. Seeing that work, I got
greedy and request 65k. That didn't work. (this was all done in the OT&E)
Is there a limit to the number of prefixes that can be included in a ROA
request? I can't find anything in an RFC that specifies a max number;
if that's the case, is there a practical number?
Here's the background of the query-
Let's say you have a large summary prefix, say a /16. You've subscribed
to a DDoS scrubbing service that can, on demand, originate any arbitrary
/24 of your space under a different ASN. You would need to create a ROA
that covers the /24s for the DDoS mitigation ASN. In this case, that's
256 prefixes, so that's manageable. How about individual /64s out of a
/44, or much worse, a /32.
I imagine this was exactly the concept behind the max length field that
is now considered harmful.
It's an interesting discussion for the operational community, but the
immediate question is, what is the capacity of ARIN's hosted service?
Thank you.
_______________________________________________
arin-tech-discuss mailing list
[email protected]
https://lists.arin.net/mailman/listinfo/arin-tech-discuss
