Search RPD Archives

[rpd] AFPUB-2019-GEN-006-DRAFT01: "RPKI ROAs for Unallocated and Unassigned AFRINIC Address Space"

JORDI PALET MARTINEZ jordi.palet at consulintel.es
Sat Jan 4 11:15:00 UTC 2020

Previous message: [rpd] AFPUB-2019-GEN-006-DRAFT01: "RPKI ROAs for Unallocated and Unassigned AFRINIC Address Space"
Next message: [rpd] AFPUB-2019-GEN-006-DRAFT01: "RPKI ROAs for Unallocated and Unassigned AFRINIC Address Space"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Daniel, all,

Responding to several of the emails on this topic (several of the responses provided by others already addressed most of the questions).

So:
Yes, it is perfectly reasonable that resources holders register ROAs with AS0 for more specifics, regardless of the status of what AFRINIC is doing as a result of this policy implementation. Nothing changed on this regard by this policy.

As a result of this proposal implementation, when resources that are in the AFRINIC ROAs for AS0, become allocated/assigned to a member, there are two possible cases:

If the member is using RPKI. The more specific ROAs take precedence over the AFRINIC AS0. This clearly helps to promote the usage of RPKI and allows more members to drop invalids.

If the member that get resources allocated/assigned and is not using RPKI. In this case, if the member is announcing those resources “immediately”, AFRINIC should know that, so there is a revocation of the AS0 ROAs that include the “just allocated/assigned” resources. This is already considered by the proposal “If AFRINIC wants to allocate address space to one of its members, the RPKI ROA or ROAs with origin AS0 will have to be revoked beforehand”.

As you can see, the policy allows AFRINIC to handle this the best possible way as a staff operational decision “The process for ROA validity periods and release of ROAs before assignment/allocation by AFRINIC is left for AFRINIC staff to define in internal procedures”.

The impact may be that AFRINIC need to ask in the resource request form “if you’re not using RPKI AND *REALLY* intend to use the resources in the next 48 hours (to consider caches?) immediately after allocation, please mark this check-box”.

This will then start an automated revocation procedure for the relevant ROAs. 48 hours from the allocation/assignment of the resources is not a big deal, and I don’t believe this actually a real issue. Why? Because (AFRINIC can provide stats on that), most of the time, resources allocated/assigned take several weeks, if not months, to appear in the routing tables, so the “regular” revocation/reissuing timing may be sufficient. Anyway, this is up to staff to decide.

I also suggest to read the RFC6483 (Validation of Route Origination Using RPKI and ROAs), and more specifically Section 4 (Disavowal of Routing Origination).

The proposal is basically following that RFC, not changing it at all, neither contradicting it, and provides some text, which may be not necessary in the proposal itself (if you have read RFC6483), but it helps a lot to understand the rest of the text (specially if you haven’t read RFC6483).

Regards,

Jordi

@jordipalet

El 4/1/20 11:18, "Daniel Yakmut via RPD" <rpd at afrinic.net> escribió:

The current state of RPKI infrastructure, does not provide a sufficient period between revocation of ROA and notification that a given prefix has been allocated to an organization, which can impact considerably on allocations. Except we can be able to provide a sufficient period or create a different procedure, the proposal for the RPKI-ROAs does not fly.

On 30/12/2019 6:12 pm, Paschal Ochang wrote:

Yes in a way.

On Monday, December 30, 2019, Fernando Frediani <fhfrediani at gmail.com> wrote:

On 30/12/2019 11:38, Paschal Ochang wrote:

It is suggested to always drop invalid announcements, rather than applying a lower preference. This is because sub-prefix hijackings would be still possible if invalids are accepted and this would go against the purpose of RPKI validation. However I think the text should state how invalids should be dropped in order not to trigger loosing connectivity.

If I understand correctly what you are willing to say, no proposal should have on the text a way Autonomous Systems must treat announcements they receive as it's their own decision. Some may decide to drop what is recommended and some might just lower preference at their own discretion right ?

On Tuesday, November 5, 2019, JORDI PALET MARTINEZ via RPD <rpd at afrinic.net> wrote:

Hi Sylvain,

El 5/11/19 6:11, "Sylvain Baya" <abscoco at gmail.com> escribió:

Hi all,

Hope you are doing well.

Please comments below (inline)...

Le mardi 5 novembre 2019, JORDI PALET MARTINEZ via RPD <rpd at afrinic.net> a écrit :

Hi all,

[...]
This is the list of new policy proposals (note that the numbering can be modified by the staff when published).

1) AFPUB-2019-IPv6-002-DRAFT01: "Adjusting IPv6 PA Policy"
Solves a discrepancy between IPv6 PI and IPv6 PA regarding the announcement of aggregated addressing space.

2) AFPUB-2019-GEN-003-DRAFT01: "Chairs Elections Process"
Including in the CPM a detailed procedure for the chair's elections.

3) AFPUB-2019-GEN-004-DRAFT01: "M&A Resource Transfers"
Including in the CPM intra-RIR M&A for ASN, IPv4 and IPv6.

4) AFPUB-2019-GEN-005-DRAFT01: "Impact Analysis is Mandatory"

5) AFPUB-2019-GEN-006-DRAFT01: "RPKI ROAs for Unallocated and Unassigned AFRINIC Address Space"

...i like this one. I recall that i was thinking ok how to solve the problem of 'Internet resources

squatting'. I was naively imagining a solution where a RIR will have to flag all their

unallocated|unassigned Address Space ; via a particular attribute of the IRR (Internet Routing

Registry). Now i understand that i was not too dummy or even crazy :-)

Oh no! In that case the crazy one is me :-) !

Please send me your DPP (Draft Policy Proposal), i can not wait more to review it ;-)

Thanks.

I was thinking in sending them in order (2 more today, 2 more tomorrow), but as you have interest in this one. My next one will be this one, I promise! Give me first a few minutes to respond to all the emails I got till now …

Shalom,

--sb.

Updated policy proposals:

a) AFPUB-2019-ASN-001-DRAFT03: "Multihoming not required for ASN"

b) AFPUB-2019-IPv4-002-DRAFT02: "IPv4 Inter-RIR Resource Transfers (Comprehensive Scope)"

c) AFPUB-2018-GEN-001-DRAFT04: "Abuse Contact Policy Update"

Regards,
Jordi
@jordipalet

[...]

--

--

Best Regards !

Sylvain BAYA

cmNOG's Co-Founder & Coordinator

(+237) 677005341

PO Box 13107 YAOUNDE / CAMEROON

baya.sylvain [AT cmNOG DOT cm]

abscoco2001 [AT yahoo DOT fr]

http://www.cmnog.cm

https://cmnog.wordpress.com

************************

‪#‎LASAINTEBIBLE(‪#‎Romains15:33):"Que LE ‪#‎DIEU de ‪#‎Paix soit avec vous tous!‪#‎Amen!"

‪#‎MaPrière est que tu naisses de nouveau.

‪#‎Chrétiennement

« Comme une biche soupire après des courants d’eau, Ainsi mon âme soupire après toi, ô DIEU! » (Psaumes 42 :2)

_______________________________________________ RPD mailing list RPD at afrinic.net https://lists.afrinic.net/mailman/listinfo/rpd

**********************************************
IPv4 is over
Are you ready for the new Internet ?
http://www.theipv6company.com
The IPv6 Company

This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.

_______________________________________________
RPD mailing list
RPD at afrinic.net
https://lists.afrinic.net/mailman/listinfo/rpd

_______________________________________________
RPD mailing list
RPD at afrinic.net
https://lists.afrinic.net/mailman/listinfo/rpd
_______________________________________________ RPD mailing list RPD at afrinic.net https://lists.afrinic.net/mailman/listinfo/rpd

**********************************************
IPv4 is over
Are you ready for the new Internet ?
http://www.theipv6company.com
The IPv6 Company

This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.afrinic.net/pipermail/rpd/attachments/20200104/c21f66da/attachment-0001.html>

Previous message: [rpd] AFPUB-2019-GEN-006-DRAFT01: "RPKI ROAs for Unallocated and Unassigned AFRINIC Address Space"
Next message: [rpd] AFPUB-2019-GEN-006-DRAFT01: "RPKI ROAs for Unallocated and Unassigned AFRINIC Address Space"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the RPD mailing list