I've seen use cases developed into an i-d in other working groups, but
that involves a lot of effort to ensure the list is complete and
consistent. I mention two, Geoff has added four more. It would take time
to be complete - do we want to take the time?
One aspect of the use cases is new operational practices that may arise
from different approaches. (For example: if I'm worried that my customers
may be impacted if they do not sign ROAs, perhaps I automatically do it
for all customers as part of allocation. But then we'd have to look
carefully about moving out-sourced-CA services from me to my customer at
some point. This is NOT NOT NOT a definite suggestion, just an example of
my belief that operational practices will be induced by any solution.)
--Sandy
On Tue, 25 Nov 2008, Andy Newton wrote:
Perhaps these should be considered for informative text in an I-D.
-andy
On 11/25/08 8:39 PM, "Geoff Huston" <[EMAIL PROTECTED]> wrote:
Sure. So here's some use cases of BOAs:
1. I have been allocated 203.10.61.0/24. I do not use it today in any
public routing context. It should not appear in BGP at all. I do not
give my authorization to any AS to originate a route for this prefix,
or any more specific of this prefix. If I generate a BOA for
203.10.61.0/24 then my intention of saying that any use of this prefix
in the public Internet is unauthorized is clear.
2. I have been allocated AS 131074 as an AS number. I do not use it
today in any public routing context. It should not appear in BGP at
all either as an origination AS nor as a transit AS in any AS path. If
I generate a BOA for AS131074 then my intention of saying that any use
of this AS number in the public Internet is unauthorized is clear.
3. I have been allocated 203.10.60.0/22. I wish to ensure that any
more specific advertisement of this prefix is unauthorized. If I
generate a BOA for 203.10.60.0/23 AND 203.10.62.0/23 then my intention
is clear.
And a non-use case of BOAs:
4. I am a wholesale ISP, and while I allocate address space to my
clients from my aggregate address block (10.0.0.0/8) I also permit my
clients to use their more specific prefix at local exchanges. My AS
number is 131072 and I have generated a ROA for 10.0.0.0/8 ,
maxlength=8 origin AS 131072. I do not have a problem with more
specifics of 10.0.0.0/8 being used in routing contexts, as part of my
wholesale stance. I would prefer that my ROA did not cause my
customer's more specifics to be treated as unauthorized routes,
irrespective of whether they are ready to use a ROA today or not.
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
