maximum ipv4 bgp prefix length of /24 ?
Owen DeLong
owen at delong.com
Thu Oct 12 15:59:36 UTC 2023
> On Oct 12, 2023, at 01:42, Willy Manga <mangawilly at gmail.com> wrote:
>
> .
>
>> On 12/10/2023 10:00, Owen DeLong wrote:
>> [...]
>>>> However, IF YY is paying attention, and YY wants to advertise 2001:db8::/32 as well as allow 2001:db8:8000::/36 and 2001:db8:f000::/36, I would expect AS YY would generate ROAs for
>>>> 2001:db8::/32 with ORIGIN-AS=YY MAXPREFIXLEN=36
>>>> 2001:db8:0::/33 with ORIGIN-AS=0 (no MAXPREFIXLEN needed)
>>>> 2001:db8:8000::/36 with ORIGIN-AS=YY MAXPREFIXLEN=36
>>>> 2001:db8:9000::/35 with ORIGIN-AS=0 (no MAXPREFIXLEN needed)
>>>> 2001:db8:a000::/34 with ORIGIN-AS=0 (no MAXPREFIXLEN needed)
>>>> 2001:db8:c000::/34 with ORIGIN-AS=0 (no MAXPREFIXLEN needed)
>>>> 2001:db8:e000::/36 with ORIGIN-AS=0 (no MAXPREFIXLEN needed)
>>>> 2001:db8:f000::/36 with ORIGIN-AS=YY MAXPREFIXLEN=36
>>>
>>> As Dale suggested in another email[1], it's better to just cover ROAs for what you are advertising. Why?
>> If that works, perhaps… OTOH, I’m not sure it does. I’m not sure the /32 MAXLEN 32 wouldn’t prevent effectiveness of the /36 ROAs.
>>>
>>> 1. I can't confirm at this stage that all the implementation allows you to leave the maxLength field empty.
>> I can… It’s an Optional Field in the specification.
>
> For the _specification_ yes. But by "Implementation" I'm referring to whatever either the RIR (those using hosted mode) or your own RPKI Certificate Authority (those using the delegated mode) will allow.
I don’t consider non-compliant implementations as something that needs to or even should be accommodated.
Owen
More information about the NANOG
mailing list