maximum ipv4 bgp prefix length of /24 ?
Delong.com
owen at delong.com
Tue Oct 10 19:55:36 UTC 2023
Isn’t this supposed to be one of the few ACTUAL benefits of RPKI — You can specify the maximum prefix length allowed to be advertised within a shorter prefix and those (theoretically) block hijackers taking advantage of advertising more specifics to cut you off?
While I recognize that RPKI is not ubiquitous, enough of the major backbones are dropping RPKI invalids that I think any sort of hijacking in violation of that wouldn’t be very effective today.
YMMV of course, but that seems to me to be a far better solution (almost enough to make me rethink the questionable value of RPKI) than disaggregation.
Owen
> On Oct 7, 2023, at 05:32, Willy Manga <mangawilly at gmail.com> wrote:
>
> Hi.
>
> On 06/10/2023 16:00, nanog-request at nanog.org wrote:
>> From: Matthew Petach<mpetach at netflight.com>
>> [...]
>>> The IPv6 FIB is under the same pressure from more specifics. Its taken 20
>>> years to get there, but the IPv6 FIB is now looking stable at 60% opf the
>>> total FIB size [2]. For me, thats a very surprising outcome in an
>>> essentially unmanaged system.
>>>
>>>
>>> Were you expecting it to be lower than IPv4?
>>>
>>> Mark.
>>>
>> I've dug through the mailman mirror on nanog.org, and there's currently no
>> post by Geoff Huston saying that:
>> https://community.nanog.org/search?q=geoff%20huston%20order%3Alatest
>
> I read (and send) NANOG emails through the digest emails sent once a day. I noticed the same thing . I assumed it was sent directly to Mark (or the mail will enter my next digest...)
>
>
>> But I'll play along.
>> There's significantly less pressure to deaggregate IPv6 space right now,
>> because we don't see many attacks on IPv6 number resources.
>> Once we start to see v6 prefix hijackings, /48s being announced over /32
>> prefixes to pull traffic, then I think we'll see IPv6 deaggregation
>> completely swamp IPv4 deaggregation.
>
> How about we educate each other to not assume you must deaggregate your prefix especially with IPv6?
>
> I see 'some' (it's highly relative) networks on IPv4, they 'believe' they have to advertise every single /24 they have. And when they start with IPv6, they replicate the same mindset with a tons of /48 . You can imagine what will happen of course.
>
> A better alternative IMHO is to take advantage to the large prefix range and advertise a sub-aggregate when necessary. But absolutely not each end-node or customer prefix.
>
>
> --
> Willy Manga
> @ongolaboy
> https://ongola.blogspot.com/
More information about the NANOG
mailing list