Dear Malte, On Fri, Oct 31, 2025 at 06:11:09AM +0900, Malte Tashiro via NANOG wrote: > I am more surprised by the "Best Practice" tag on the "Required > Multi-prefix ROAs" tab, I assume this should be on the "Single Prefix > ROAs" tab (see RFC9455 [0]). > > [0] https://www.rfc-editor.org/rfc/rfc9455.html
RFC 9455 essentially recommends to "maximally deaggregate" prefix information into distinct ROA objects, however, this practise results a massive overhead for the validation process in RPKI caches. I believe these effects previously were underestimated: this practise seems to result in non-linear growth of resource consumption. With progressive insight, BCP 238 is *NOT* the best practise for the general case. The growth patterns observed in the global RPKI in the last two years lead me to believe that RFC 9455 needs to be revised. When ROAs are created through RIR-hosted systems (ARIN Online, the RIPE NCC LIR Portal, MiLACNIC, etc), those systems SHOULD bundle as many prefixes into as few ROAs as possible in order to conserve resources (cpu/storage) in the RPKI caches around the planet. RFC 9455 Section 4 contains too little nuance and lacks guidance when exactly bundling or deaggregation are helpful, and the tiny warning about "may increase the file-fetch burden" in Section 5 turns out to be a lot more taxing than expected. Kind regards, Job _______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/[email protected]/message/DZV7OZPHM46UQ2MHJFPJ2GR7TEZIGGZC/
