Level 3's IRR Database
alexb at ripe.net
Mon Jan 31 13:20:52 CST 2011
On 31 Jan 2011, at 19:40, Dongting Yu wrote:
> On Mon, Jan 31, 2011 at 6:17 PM, Andree Toonk <andree+nanog at toonk.nl> wrote:
>> Now AS17557 start to announce a more specific: 220.127.116.11/24. Validators
>> would classify this as Invalid (2).
> Would it be classified as invalid or unknown? Or are both possible
> depending on whether 18.104.22.168/24 is signed? Do these two cases
> differ in this particular case?
No, it would classify as invalid because as Randy said earlier in the thread:
Before issuing a ROA for a block, an operator MUST ensure that any
sub-allocations from that block which are announced by others (e.g.
customers) have ROAs in play. Otherwise, issuing a ROA for the
super-block will cause the announcements of sub-allocations with no
ROAs to be Invalid.
In a ROA you can specify a maximum length, authorising the AS to deaggregate the prefix to the point you specify. If no max length is specified, the AS is only allowed to announce the prefix as indicated.
So if the ROA for AS36561 with prefix 22.214.171.124/22 was created with no 'max length' specified, the /24 that AS17557 announces would be invalid because it's the wrong prefix length *and* because it's the wrong origin AS. If a max length of /24 was specified in the ROA, it would be invalid only because of the latter.
There could be another ROA for 126.96.36.199/24 specifically, but obviously not for AS17557, so again invalid because of the wrong origin AS. Pakistan Telecom also can't create a valid ROA, because they are not the holder of the address space.
More information about the NANOG