[DBWG] route-object auto-created from a ROA

Wed Oct 10 13:37:28 UTC 2018

Hi @ll,

Le mer. 10 oct. 2018 7:33 AM, Amreesh Phokeer <amreesh at afrinic.net
<mailto:amreesh at afrinic.net>> a écrit :

    Hi Avinash,

    Thanks for starting this discussion. We had an internal discussion
    about which way (IRR->ROAs or ROAs -> IRR) would be best.

    IMO, creating route objects from the current MyAFRINIC ROA interface
    doesn’t seem to be practical, as a ROA can contain several prefixes
    (v4 and/or v6) + max length. We can have a section on MyAFRINIC
    where the user can manage all IRR objects related to the resources
    the member holds. During creation of a route(6) object, if the
    member’s RPKI engine is activated, an option to create a ROA
    appears, the user ticks the “Create ROA” checkbox and both route
    objects and the ROAs are generated. Similarly, when a route object
    is deleted, the equivalent ROA is revoked.

    Caveats to be dealt with:
    - ROAs have additional information such as start and end dates and
    max length, route objects have prefix-length only.
    - ROAs cannot be modified, they can only be revoked
    - Route objects do not have max-length i.e. the max-length in the
    ROA should be set equal to the prefix-length to match the route object

    Thoughts?

This article [1] would, perhaps, be of interest. 

Amresh, can we also have a similar OT&E (Operational Test & Evaluation)
[2] environment in our context ?

I suggest you to implement your idea in a test environment then allow
users to try it and propose changes|ameliorations until we reach the
next 'release'...
__
[1]: https://teamarin.net/2017/10/31/implementing-rpki-its-easier-than-you-think/
[2]: https://www.arin.net/resources/ote.html

Regards,
--sb.

    --
    Amreesh

    > [...] 

-- 

Regards,
Sylvain B.
http://www.chretiennement.org <http://www.chretiennement.org/> 
__
Website : https://www.cmnog.cm <https://www.cmnog.cm/>
Wiki : https://www.cmnog.cm/dokuwiki
Surveys : https://survey.cmnog.cm <https://survey.cmnog.cm/>
Subscribe to Mailing List : https://lists.cmnog.cm/mailman/listinfo/cmnog/
Mailing List's Archives : https://lists.cmnog.cm/pipermail/cmnog/
Last Event's Feed : https://twitter.com/hashtag/cmNOGlab3
https://twitter.com/cmN0G
https://facebook.com/cmNOG
https://twitter.com/hashtag/REBOOTcmNOG
https://twitter.com/hashtag/cmNOG
https://cmnog.wordpress.com/

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.afrinic.net/pipermail/dbwg/attachments/20181010/452d412a/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x0387408365AC8594.asc
Type: application/pgp-keys
Size: 4826 bytes
Desc: not available
URL: <https://lists.afrinic.net/pipermail/dbwg/attachments/20181010/452d412a/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.afrinic.net/pipermail/dbwg/attachments/20181010/452d412a/attachment.sig>