Hi Geoff,I have been thinking on the scenario introduced by a ccTLD that has its DNS server inside a University network and has a different routing policy even if inside the network. They may want to avoid accidental de-aggregation of the university block at large and only allowed it for a small portion (example the ccTLD). There is even
ROA 1: University: ROA 1: 10.0.0.0/16 maxlength = 16, AS 1. ROA 2: ccTLD Net: ROA 2: 10.0.0.0/23 maxlength = 24, AS 1.I can also see a case in local anycast implementations where you only want a more specific for the prefix you are anycasting and not necessarily for the rest of the possibilities.
In conclusion, I believe that overlapped ROAs will be useful and should be supported in RPKI architecture.
r. On Nov 17, 2008, at 11:44 PM, Geoff Huston wrote:
Wg chair hat off On 18/11/2008, at 9:27 AM, Matt Lepinski wrote:Geoff,My understanding of the discussion at the meeting was that the proposed prohibition would cover all three cases that you list below. The proposal was raised by Rob Kisteleki and Rob Austein, so I defer to either of them who would like to clarify.Either way, it seems to be a small issue, and so I'm inclined to do whatever makes implementation of the spec easiest.I could possibly understand this "prohibition" if it was restricted to enumeration of those cases where the 'overlap' was one where there was no additional information provided in the overlap. But in the cases I enumerated below only in case b) is the overlap redundant in that the announced prefixes that would be matched by the ROA are identical with or without the overlapping more specific. In cases a) and c) the overlap defines additional more specificsWhy are cases a) and c) potentially useful?One possible scenario is in TE use, where a prefix holder wants to load share across two upstreams through the use of more specifics and have mutual backup via an aggregateROA 1: 10.0.0.0/8 maxlength = 8 10.0.0.0/16 maxlength=16, AS 1 ROA 2: 10.0.0.0/8 maxlength = 8 10.128.0.0/16 maxlength=16, AS 1now if I have this right what this equates to is an explicit authority for AS 1 and AS 2 to advertise only a certain subset of more specifics as well as the covering aggregate.There may well be other scenarios of such selective authorities.- Matt Lepinski Geoff Huston wrote:WG Chair hat off On 18/11/2008, at 8:01 AM, Matt Lepinski wrote:Two issues came up during the ROA Format presentation at IETF 73:1) Should the ROA Format draft explicitly prohibit a ROA with overlapping prefixes? (E.g. A ROA that says AS # 1 can originate routes to 10/8, 10.10/16 and 10.20/16)What do you mean by overlap Matt? a) 10.0.0.0/8 maxlength=9 and 10.0.0.0/24 maxlength=24 or b) 10.0.0.0/8 maxlength=24 and 10.0.0.0/16 maxlength=16 or c) 10.0.0.0/8 maxlength=17 and 10.0.0.0/16 maxlength=24seems to me that b) is the only case where the second item is completely subsumed by the first, yet all three contain "overlapping prefixes"It also seems to me that all these cases are essentially harmless.My opinion is NOT to put this prohibition into the document, assuming of course that there is some clarity over what is meant precisely by "overlapping prefixes" in the first placeGeoff_______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
PGP.sig
Description: This is a digitally signed message part
_______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
