Search RPD Archives
Limit search to: Subject & Body Subject Author
Sort by:

[rpd] New policy proposals and updated ones

Nishal Goburdhan nishal at controlfreak.co.za
Tue Dec 31 11:19:54 UTC 2019


On 30 Dec 2019, at 16:38, Paschal Ochang wrote:



> I think statistically AFRINIC has a good percentage of IPv4 address

> space

> covered by route origin authorization as compared to APNIC.


really? citation needed please.

otoh, it is pretty easy to see that the apnic region has more than 10x
the number of ROAs that afrinic has.
# http://validator.afrinic.net/
# https://rpki-monitor.antd.nist.gov



> APNIC has a very low percentage statically hence it's hurried

> acceptance of the

> proposal.


see above.



> It is suggested to always drop invalid announcements, rather than

> applying

> a lower preference. This is because sub-prefix hijackings would be

> still

> possible if invalids are accepted and this would go against the

> purpose of

> RPKI validation.


this is correct.



> However I think the text should state how invalids should

> be dropped in order not to trigger loosing connectivity.


no. policy text should *never* deal with implementation for a third
party network (“your network, your choice”)
so what you write above is *explicitly* incorrect for policy.



> Finally I dont think it will be a nice idea allowing resource holders

> to

> create AS0 ROA as I think this scenario might increase the issue of

> invalid

> prefixes in the routing tables.


this is incorrect. there are legitimate use cases for AS0. and the
decision to register *any* ROA, by a resource holder, is an active
decision that they have to make.

what i think is worth thinking about, is how quickly afrinic thinks that
they can revoke the AS0 VRP; see this disappear from validator caches
around the world, and how this might affect the timeline on new
allocations. i would have expected to see that in the impact analysis,
but perhaps i missed it.

-n.



More information about the RPD mailing list