Level 3's IRR Database

Alex Band alexb at ripe.net
Mon Jan 31 13:20:52 CST 2011


On 31 Jan 2011, at 19:40, Dongting Yu wrote:

> On Mon, Jan 31, 2011 at 6:17 PM, Andree Toonk <andree+nanog at toonk.nl> wrote:
>> 
>> Now AS17557 start to announce a more specific: 208.65.153.0/24. Validators
>> would classify this as Invalid (2).
> 
> Would it be classified as invalid or unknown? Or are both possible
> depending on whether 208.65.153.0/24 is signed? Do these two cases
> differ in this particular case?

No, it would classify as invalid because as Randy said earlier in the thread:

  Before issuing a ROA for a block, an operator MUST ensure that any
  sub-allocations from that block which are announced by others (e.g.
  customers) have ROAs in play.  Otherwise, issuing a ROA for the
  super-block will cause the announcements of sub-allocations with no
  ROAs to be Invalid.

In a ROA you can specify a maximum length, authorising the AS to deaggregate the prefix to the point you specify. If no max length is specified, the AS is only allowed to announce the prefix as indicated.

So if the ROA for AS36561 with prefix 208.65.152.0/22 was created with no 'max length' specified, the /24 that AS17557 announces would be invalid because  it's the wrong prefix length *and* because it's the wrong origin AS. If a max length of /24 was specified in the ROA, it would be invalid only because of the latter.

There could be another ROA for 208.65.153.0/24 specifically, but obviously not for AS17557, so again invalid because of the wrong origin AS. Pakistan Telecom also can't create a valid ROA, because they are not the holder of the address space.

-Alex



More information about the NANOG mailing list