[RPKI] suggestion to remove as0 restriction in krill 0.8.0
Job Snijders
job at ntt.net
Sun Nov 1 10:09:40 UTC 2020
Hi,
I saw in the release notes:
"""
ROAs that use AS0 can be used in the RPKI to indicate that the
holder of a prefix does NOT want the prefix to be routed on the
global internet. In our understanding this precludes that ROAs for a
real ASN for those resources should be made. Krill will therefore
refuse to make AS0 ROAs for prefixes already covered by a real ASN
ROA, and vice versa. Furthermore the presence of an AS0 ROA implies
that announcements for covered prefixes are intentionally RPKI
invalid. Therefore Krill will not suggest to authorize such
announcements.
"""
I believe this to be a misunderstanding on the meaning of the value '0'
as the asID in RPKI ROAs. I suggest to remove this restriction.
A network operator may create a 'asID 0' ROA for its aggregate, as the
starting point of the use of the allocation, and then subsequently
create one or more covering ROAs with asID's referencing the customers
of such allocations. The co-existence of 'asID 0' and other ROAs can be
the result of thinking that as a baseline the space should not be
routable, unless specified otherwise.
>From a BGP routing perspective the presence of 'asID 0' ROAs is
effectively is moot if other ROAs exist too, making this phenomena
somewhat counter-intuitive. Combining 'asID 0' with partially or fully
covering ROAs with non-zero asIDs is a perfectly valid configuration,
which I believe krill should support.
The asID 0 restriction introduced in krill 0.8.0 is not supported by any
standards documentation as far as I know.
Kind regards,
Job
More information about the RPKI
mailing list