Hello I have never said that I want 100% of the world to accept my ipv6 /48 prefixes. I am sorry if I haven't been clear enough. But again I will try to explain my situation. I am about 10% certain that ASs that filter their BGP table according to IRR info would accept the /48 prefixes that have /32 route6 object(In good conscience and bearing in mind BGP security risks I wouldn't accept these prefixes). But I would be 90% certain that with /48 route6 object the /48 prefixes get accepted. Do you see the difference here? I am talking about if some AS-s filter their bgp table according to IRR info, then how does plain /32 route6 object cover all the /48s within that /32 prefix? If theoretically it would be possible then I would just configure "::/0 AS1234" and that would cover everything right? As I am trying to explain then correct records in my opinion greatly increases the odds of my prefix being accepted world wide.
Maybe they can, maybe they can't advertise /33, /34 etc... I would like the provider to hijack most specific prefix in order to avoid the unnecessary redirection of other customers traffic that fit into that /33 or /34 etc. But no need to further discuss this subject. I will just use /32 route6 object for all the /48 that fit that /32. Lugupidamisega / Best regards, Kaupo Ehtnurm Network & System administrator WaveCom AS ISO 9001 & 27001 Certified DC and verified VMware Cloud [email protected] | +372 5685 0002 Endla 16, Tallinn 10142 Estonia | [ http://www.wavecom.ee/ | www.wavecom.ee ] ----- Original Message ----- From: "Cynthia Revström" <[email protected]> To: "Kaupo Ehtnurm" <[email protected]> Cc: "DB-WG" <[email protected]> Sent: Monday, July 10, 2023 3:36:42 PM Subject: Re: [db-wg] Route(6) objects Look, you can never be certain that 100% of networks are going to accept your prefixes but for DDoS that shouldn't matter as others have pointed out. What I can say is please don't create 65536 route6 objects or otherwise I feel like we are going to have to start discussion about a policy to prevent people doing that. Also why do you need them to be advertised as /48s? If you just need them to be more specific than a /32 couldn't you just do /33s, /34s, /35s, /36s, or something like that? -Cynthia On Mon, Jul 10, 2023 at 2:13 PM Kaupo Ehtnurm via db-wg <[email protected]> wrote: > > Hello > > Thank you very much for the explanation. > But I think we have steered away a little bit from my original question. > > As I can conclude from all the answers earlier, then still my only option if > I want my ip transit provider to be able to advertise some /48 within my /32 > at random times and for random durations is using /32 as route6 object and > hope that everyone in the internet filters "2001:1234::/32 le 48 permit" or > "2001:1234::/32 eq 48 permit" instead of "2001:1234::/32 permit"? > Or actually make the 65536 route6 objects (for each of the /48 that fits into > that /32)? > Or is there a third possibility instead hoping that AS-s from all over the > internet are familiar with this kind of issue and allow /48 prefixes into > their routers instead of exact /32 prefix (although the route6 object states > that our provider should advertise only /32) or making unnecessary > amount(65536 objects for 1x/32) of route6 objects? > > I ultimatelly want my ip transit provider to be able to advertise different > /48 prefixes at random times for random durations. And want it to pass IRR > filtering also, not just rpki filtering in different ASs across the globe. > > > Lugupidamisega / Best regards, > > Kaupo Ehtnurm > > > Network & System administrator > WaveCom AS > ISO 9001 & 27001 Certified DC and verified VMware Cloud > [email protected] | +372 5685 0002 > Endla 16, Tallinn 10142 Estonia | [ http://www.wavecom.ee/ | www.wavecom.ee ] > > ----- Original Message ----- > From: "Job Snijders" <[email protected]> > To: "Kaupo Ehtnurm" <[email protected]> > Cc: "Nick Hilliard" <[email protected]>, "Kaupo Ehtnurm via db-wg" > <[email protected]> > Sent: Monday, July 10, 2023 2:18:57 PM > Subject: Re: [db-wg] Route(6) objects > > Dear Kaupo, others, > > (Speaking as individual working group contributor.) > > On Mon, Jul 10, 2023 at 10:06:30AM +0300, Kaupo Ehtnurm via db-wg wrote: > > Since route6 object is a must and ROA is a should and they ultimately > > fill the same purpose, than why isn't there a "max length" in route6 > > object? > > That's a good question! > > The specification of IRR 'route6:' objects pre-dates the specification > of RPKI ROAs by a number of years. One explanation might be that the > designers of RPSL-NG simply didn't think of it. > > Another aspect is that RPKI ROAs are used as an input into the RFC 6811 > Origin Validation procedure (which yields invalid/valid/not-found as > outcomes), but no such algorithm existed when RPSL-NG route/route6 > objects were defined. I can see how RPKI ROAs and RPSL-NG route/route6 > objects look kind of similar from a high level, but the devil is in the > details: they do fulfill slightly different purposes. > > It's important to note that in recent years new insights arose how to > make the best use of RPKI ROAs: last year's BCP 185 / RFC 9319 > recommends to avoid using the maxLength attribute in RPKI ROAs. > > Porting 'maxLength' functionality to RPSL-NG route/route6 objects would > represent a significant community effort: people would need to write an > Internet-Draft to specify what the field really means, and lots of > software toolchains would need updating. Given that maxLength in RPKI > ROAs was not universially perceived as a good idea, I'm not very > optimistic that porting such functionality to the 'legacy' IRR system is > worth the effort. > > Kind regards, > > Job > > -- > > To unsubscribe from this mailing list, get a password reminder, or change > your subscription options, please visit: > https://lists.ripe.net/mailman/listinfo/db-wg -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/db-wg
