On Oct 12, 2023, at 01:42, Willy Manga <mangawilly@gmail.com> wrote:
.
On 12/10/2023 10:00, Owen DeLong wrote: [...]
However, IF YY is paying attention, and YY wants to advertise 2001:db8::/32 as well as allow 2001:db8:8000::/36 and 2001:db8:f000::/36, I would expect AS YY would generate ROAs for 2001:db8::/32 with ORIGIN-AS=YY MAXPREFIXLEN=36 2001:db8:0::/33 with ORIGIN-AS=0 (no MAXPREFIXLEN needed) 2001:db8:8000::/36 with ORIGIN-AS=YY MAXPREFIXLEN=36 2001:db8:9000::/35 with ORIGIN-AS=0 (no MAXPREFIXLEN needed) 2001:db8:a000::/34 with ORIGIN-AS=0 (no MAXPREFIXLEN needed) 2001:db8:c000::/34 with ORIGIN-AS=0 (no MAXPREFIXLEN needed) 2001:db8:e000::/36 with ORIGIN-AS=0 (no MAXPREFIXLEN needed) 2001:db8:f000::/36 with ORIGIN-AS=YY MAXPREFIXLEN=36
As Dale suggested in another email[1], it's better to just cover ROAs for what you are advertising. Why? If that works, perhaps… OTOH, I’m not sure it does. I’m not sure the /32 MAXLEN 32 wouldn’t prevent effectiveness of the /36 ROAs.
1. I can't confirm at this stage that all the implementation allows you to leave the maxLength field empty. I can… It’s an Optional Field in the specification.
For the _specification_ yes. But by "Implementation" I'm referring to whatever either the RIR (those using hosted mode) or your own RPKI Certificate Authority (those using the delegated mode) will allow.
I don’t consider non-compliant implementations as something that needs to or even should be accommodated. Owen