[rpd] Last Call - RPKI ROAs for Unallocated and Unassigned AFRINIC Address Space AFPUB-2019-GEN-006-DRAFT03.

[Mark Tinka]

On 6/14/21 23:38, Fernando Frediani wrote:


> I feel that some people have some a bigger fear of something that 

> requires a chain of mistakes to happen and are not willing to take any 

> risks even in the aim to improve things.

> Some examples that have been given in this discussion (although late 

> as we are already in the last-call) seems rather simplistic as if a 

> push of single button would lead to a regional or global Internet 

> disaster.

>

> I think most people understand the difference between a ROA issued by 

> a resource holder and a ROA issues by a RIR for unallocated space. 

> Although RIR staff didn't detail, I find hard to believe they will 

> implement change processes that even with double checks could easily 

> lead to theoretical situations as mentioned. Also once done for first 

> time all the unallocated space for that RIR the further adjustments 

> and issues of AS0 ROA will only happen on 2 situations: 1) When some 

> IP space is recovered 2) When IANA allocates new space to the RIR 

> (rarely then). In both cases the issue of these ROAs can be done in a 

> more simple and safe way and more specifically.

>

> One of the upsides of this policy is to make sure organizations will 

> not be able to use IP space that is not allocated to it, damage it and 

> make it bad for a future member who receives it.

> Finally I am glad to see that organizations will have the option to 

> implement and use AS0 TAL in their infrastructure. I guess that was 

> one of the good points out of the proposal: to leave each one free to 

> choose whatever their prefer.

>


So the question that comes up, here, is that we are obviously trying to 
filter unallocated space from entering our routing domains.

There have been a number of solutions already available for some years 
now... the IRR, Team Cymru's BGP feeds, WHOIS data, e.t.c. Those 
solutions still exist today, and dare I say, are in use in a number of 
operations that would amount to non-zero.

It would seem, to me, that if we are proposing the RPKI is extended to 
support the implementation of this filtering within our networks, that 
the pre-existing solutions, for some reason or other, have not worked. 
We should ask ourselves why that is, and why we suddenly think that 
bloating the RPKI with AS0 is going to magically get us to the promised 
land.

Mark.