Re: [sig-policy] prop-132-v001 AS0 for Bogons

[Andrew Dul]

Hello!

On 8/15/2019 5:00 PM, Aftab Siddiqui wrote:

Hi Andrew,



On Thu, Aug 15, 2019 at 5:10 PM Owen DeLong mailto:o...@delong.com>> wrote:

Looks like IETF wants the global BOGONs to be attested by
IANA rather than by an RIR from what you quoted.


Yes, for resources not allocated by IANA or marked as Reserved
But IANA has nothing to do with resources allocated to RIRs already.

Any reason APNIC feels the need to usurp that process?


Accordingly to IANA 103/8 was allocated to APNIC and now they
don't have unallocated IPv4 address space.
103/8   APNIC   2011-02 whois.apnic.net 
https://rdap.apnic.net/ ALLOCATED

The policy is addressing the unallocated address space within APNIC


If this policy is only speaking to /8 IPv4 blocks & IPv6 blocks
which are administered by APNIC, it should be noted that because
of inter-RIR transfers of IPv4 addresses between regions RIRs
other than APNIC are now administering sub-portions of the larger
IANA allocated blocks.  There are portions of a /8 for example
which are now delegated to other RIRs for registrations in those
regions.   Should it be assumed that those sub-portions
administered by RIRs now are considered allocated (and not bogons)
for purposes of this policy?

The policy is for unallocated address space (v4 and v6) under APNIC 
bucket. If the resources has been transferred to other RIRs means they 
are not unallocated anymore. If a /8 has been chopped by IANA and 
allocated to multiple RIRs e.g. 202/8 then APNIC will create AS0 ROAs 
for only those unallocated address space under APNIC's management. Any 
address space which is not under APNIC's resource bucket is not 
covered by this policy. I hope that answers your question.


I'd like to suggest that the text "in its bucket" is not very well 
defined.  Can I suggest this updated policy text to clarify the intent 
as you've described.



APNIC will create AS0(zero) ROAs for all the unallocated (IPv4 and IPv6) 
address space for which APNIC is the current administrator.  APNIC will 
not create AS0(zero) ROAs for any block which is currently allocated or 
transferred to another RIR, or is a private, special purpose, or any 
other IANA reserved or unallocated block.



Hope this helps,

Andrew

*  sig-policy:  APNIC SIG on resource management policy   *
___
sig-policy mailing list
sig-policy@lists.apnic.net
https://mailman.apnic.net/mailman/listinfo/sig-policy

Re: [sig-policy] prop-132-v001 AS0 for Bogons

[Andrew Dul]

On 8/15/2019 12:19 AM, Aftab Siddiqui wrote:

Hi Owen,

On Thu, Aug 15, 2019 at 5:10 PM Owen DeLong > wrote:


Looks like IETF wants the global BOGONs to be attested by IANA
rather than by an RIR from what you quoted.


Yes, for resources not allocated by IANA or marked as Reserved But 
IANA has nothing to do with resources allocated to RIRs already.


Any reason APNIC feels the need to usurp that process?


Accordingly to IANA 103/8 was allocated to APNIC and now they don't 
have unallocated IPv4 address space.
103/8 	APNIC 	2011-02 	whois.apnic.net  
https://rdap.apnic.net/ 	ALLOCATED


The policy is addressing the unallocated address space within APNIC


If this policy is only speaking to /8 IPv4 blocks & IPv6 blocks which 
are administered by APNIC, it should be noted that because of inter-RIR 
transfers of IPv4 addresses between regions RIRs other than APNIC are 
now administering sub-portions of the larger IANA allocated blocks.  
There are portions of a /8 for example which are now delegated to other 
RIRs for registrations in those regions.   Should it be assumed that 
those sub-portions administered by RIRs now are considered allocated 
(and not bogons) for purposes of this policy?


Andrew



Owen



On Aug 14, 2019, at 21:58 , Aftab Siddiqui
mailto:aftab.siddi...@gmail.com>> wrote:

Hi Owen,
Thanks for your response, sorry for replying late though.

IMO, IETF has done its part already.

RFC6483 defines the term “Disavowal of Routing Origination”.

“A ROA is a positive attestation that a prefix holder has
authorized an AS to originate a route for this prefix into the
inter-domain routing system.  It is possible for a prefix holder
to construct an authorization where no valid AS has been granted
any such authority to originate a route for an address prefix. 
This is achieved by using a ROA where the ROA’s subject AS is one
that must not be used in any routing context.  Specifically, AS0
is reserved by the IANA such that it may be used to identify
non-routed networks

A ROA with a subject of AS0 (AS0 ROA) is an attestation by the
holder of a prefix that the prefix described in the ROA, and any
more specific prefix, should not be used in a routing context.
The route validation procedure will provide a “valid” outcome if
any ROA matches the address prefix and origin AS even if other
valid ROAs would provide an “invalid” validation outcome if used
in isolation.  Consequently, an AS0 ROA has a lower relative
preference than any other ROA that has a routable AS, as its
subject.  This allows a prefix holder to use an AS0 ROA to
declare a default condition that any route that is equal to or
more specific than the prefix to be considered “invalid”, while
also allowing other concurrently issued ROAs to describe valid
origination authorizations for more specific prefixes.”

RFC6491 says - "IANA SHOULD issue an AS 0 ROA for all reserved
IPv4 and IPv6 resources not intended to be routed." also "IANA
SHOULD issue an AS 0 ROA for all Unallocated Resources."

Once allocated to RIRs then IANA can't issue any ROA (they are
not doing it to any resource anyway) but there is unallocated
address space with RIRs, they can issue AS0 ROAs.

I hope this clarifies your point of IETF's involvement first.

Regards,

Aftab A. Siddiqui

On Sat, Aug 10, 2019 at 6:40 AM Owen DeLong mailto:o...@delong.com>> wrote:

IMHO, while I’m perfectly fine with APNIC administering this
and maintaining the ROAs, etc., I believe that the decision
to allocate AS0 to this purpose and documentation of this
intent should be done through the IETF and be documented in
an STD or RFC.

I support the idea, but I believe the proper place to start
is the IETF.

Owen



On Aug 9, 2019, at 3:01 AM, Sumon Ahmed Sabir
mailto:sasa...@gmail.com>> wrote:


Dear SIG members,

The proposal "prop-132-v001: AS0 for Bogons" has been sent to
the Policy SIG for review.

It will be presented at the Open Policy Meeting at APNIC 48 in
Chiang Mai, Thailand on Thursday, 12 September 2019.

We invite you to review and comment on the proposal on the
mailing list
before the meeting.

The comment period on the mailing list before an APNIC
meeting is an
important part of the policy development process. We
encourage you to
express your views on the proposal:

  - Do you support or oppose this proposal?
  - Does this proposal solve a problem you are experiencing?
If so,
    tell the community about your situation.
  - Do you see any disadvantages in this proposal?
  - Is there anything in the proposal that is not clear?
  - What