Hello Here the problem is "for longer defensive prefixes" For example in normal situation I advertise /32 to my ip transit providers. When DDoS happens then one of my providers will start advertisin 1x/48 of my /32 prefix to hi-jack the route from us and filter it.
But in order for that provider to be able to do that I need ROA records and route6 objects pointing that all of the /48s that fit into my /32 would be originated from that provider. There is no issue with ROA records, because I can say that maximum prefix that this provider can advertise is /48 of my /32. But as far as I know I cannot do the same with route6 objects, I need to create all the /48 route6 objects pointing to that provider(65535 objects). But in ripe as far as I know there is 1000 objects per day limitation that I can create. With this rate I will create more than 2 months these objects only for 1x/32. What If I need to protect 5x/32? :) In my opinion managing these is a nightmare and it also creates unnecessary amount of objects to IRR db. Lugupidamisega / Best regards, Kaupo Ehtnurm Network & System administrator WaveCom AS ISO 9001 & 27001 Certified DC and verified VMware Cloud [email protected] | +372 5685 0002 Endla 16, Tallinn 10142 Estonia | [ http://www.wavecom.ee/ | www.wavecom.ee ] ----- Original Message ----- From: "Randy Bush" <[email protected]> To: "Kaupo Ehtnurm" <[email protected]> Cc: "Kaupo Ehtnurm via db-wg" <[email protected]> Sent: Friday, July 7, 2023 5:36:19 PM Subject: Re: [db-wg] Route(6) objects > By doing this the internet will always (also under normal > circumstances) prefer that one provider. 0 - register irr and rpki objects for aggregates and for longer defensive prefixes 1 - announce only aggregates to both providers 2 - when ddosed, - do not change announcement of aggregate to non-mediating - deaggregate announcement to mediating provider 3 - when ddos ends, return to state 1 randy -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/db-wg
