nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: maximum ipv4 bgp prefix length of /24 ?

From: "Delong.com via NANOG" <nanog () nanog org>
Date: Wed, 11 Oct 2023 19:01:22 -0700



On Oct 11, 2023, at 18:53, Willy Manga <mangawilly () gmail com> wrote:


.
On 11/10/2023 22:29, Delong.com wrote:

[...]

Yes, but in that scenario any advertisements between /32 and /36 from that prefix originated by AS65500 are *valid* 
. That's why "ROAs should be as precise as possible, meaning they should match prefixes as announced in BGP" [1]

You completely ignored my statement of the need for appropriate AS-0 ROAs to block those.


I did not want to comment because you can go down that path *and* you will assume everyone doing ROV will consider 
AS0 ROAs as well.


Well, true, but AIUI, if you’re processing ROAs, one with AS0 must be considered as making every matching prefix 
“Invalid”. In fact, even if one doesn’t treat AS0 as a special case in an RPKI validator, AS0 isn’t going to match the 
origin AS for any route you see, or your router and all of the routers between you and the origin router are truly 
broken.


IMHO the bare minimum is to cover your advertisements with a ROA as precise as possible.


Agree, but in the case where you have to advertise some more specifics, as in the example I provided, then if I 
understand things correctly, you can’t be that precise and that’s why I provided the AS0 based solution for the invalid 
more specifics.

Owen
Previous By Date Next
Previous By Thread Next

Current thread: