On 31 Jan 2011, at 19:40, Dongting Yu wrote: > On Mon, Jan 31, 2011 at 6:17 PM, Andree Toonk <[email protected]> wrote: >> >> Now AS17557 start to announce a more specific: 208.65.153.0/24. Validators >> would classify this as Invalid (2). > > Would it be classified as invalid or unknown? Or are both possible > depending on whether 208.65.153.0/24 is signed? Do these two cases > differ in this particular case?
No, it would classify as invalid because as Randy said earlier in the thread: Before issuing a ROA for a block, an operator MUST ensure that any sub-allocations from that block which are announced by others (e.g. customers) have ROAs in play. Otherwise, issuing a ROA for the super-block will cause the announcements of sub-allocations with no ROAs to be Invalid. In a ROA you can specify a maximum length, authorising the AS to deaggregate the prefix to the point you specify. If no max length is specified, the AS is only allowed to announce the prefix as indicated. So if the ROA for AS36561 with prefix 208.65.152.0/22 was created with no 'max length' specified, the /24 that AS17557 announces would be invalid because it's the wrong prefix length *and* because it's the wrong origin AS. If a max length of /24 was specified in the ROA, it would be invalid only because of the latter. There could be another ROA for 208.65.153.0/24 specifically, but obviously not for AS17557, so again invalid because of the wrong origin AS. Pakistan Telecom also can't create a valid ROA, because they are not the holder of the address space. -Alex
