Isn’t this supposed to be one of the few ACTUAL benefits of RPKI — You can specify the maximum prefix length allowed to be advertised within a shorter prefix and those (theoretically) block hijackers taking advantage of advertising more specifics to cut you off?
While I recognize that RPKI is not ubiquitous, enough of the major backbones are dropping RPKI invalids that I think any sort of hijacking in violation of that wouldn’t be very effective today. YMMV of course, but that seems to me to be a far better solution (almost enough to make me rethink the questionable value of RPKI) than disaggregation. Owen > On Oct 7, 2023, at 05:32, Willy Manga <[email protected]> wrote: > > Hi. > > On 06/10/2023 16:00, [email protected] wrote: >> From: Matthew Petach<[email protected]> >> [...] >>> The IPv6 FIB is under the same pressure from more specifics. Its taken 20 >>> years to get there, but the IPv6 FIB is now looking stable at 60% opf the >>> total FIB size [2]. For me, thats a very surprising outcome in an >>> essentially unmanaged system. >>> >>> >>> Were you expecting it to be lower than IPv4? >>> >>> Mark. >>> >> I've dug through the mailman mirror on nanog.org, and there's currently no >> post by Geoff Huston saying that: >> https://community.nanog.org/search?q=geoff%20huston%20order%3Alatest > > I read (and send) NANOG emails through the digest emails sent once a day. I > noticed the same thing . I assumed it was sent directly to Mark (or the mail > will enter my next digest...) > > >> But I'll play along. >> There's significantly less pressure to deaggregate IPv6 space right now, >> because we don't see many attacks on IPv6 number resources. >> Once we start to see v6 prefix hijackings, /48s being announced over /32 >> prefixes to pull traffic, then I think we'll see IPv6 deaggregation >> completely swamp IPv4 deaggregation. > > How about we educate each other to not assume you must deaggregate your > prefix especially with IPv6? > > I see 'some' (it's highly relative) networks on IPv4, they 'believe' they > have to advertise every single /24 they have. And when they start with IPv6, > they replicate the same mindset with a tons of /48 . You can imagine what > will happen of course. > > A better alternative IMHO is to take advantage to the large prefix range and > advertise a sub-aggregate when necessary. But absolutely not each end-node or > customer prefix. > > > -- > Willy Manga > @ongolaboy > https://ongola.blogspot.com/
