Re: [routing-wg] some stats for proposal 2018-06
Hi all, In the attachment is raw data that was used in https://ripe77.ripe.net/presentations/123-RIPE-NONAUTH.azimov.pdf It shows a list of globally visible prefixes that have route objects ONLY in RIPE-NONAUTH. For these prefixes, the removal of route objects from this database may lead to DoS. *Numbers for IPv4:* Total number of objects - 69178 Address space covered In other IRRs - 43527 Address space covered In other IRRs with same ASN - 33839 Unique Objects in RIPE-NONAUTH - 25651 Globally visible prefixes – 4507 ASNs - 543 *Numbers for IPv6:* Total number of objects - 1991 Address space covered In other IRRs - 1502 Address space covered In other IRRs with same ASN - 1336 Unique Objects - 489 Globally visible prefixes – 303 ASNs - 86 I haven't yet analyzed to which IRRs the route objects from NONAUTH should belong. So, please take it as input, but there is a significant place for improvement. чт, 18 окт. 2018 г. в 12:58, Alexander Azimov <aa@qrator.net>:
Hi all,
In the attachment is raw data that was used in https://ripe77.ripe.net/presentations/123-RIPE-NONAUTH.azimov.pdf It shows a list of globally visible prefixes that have route objects ONLY in RIPE-NONAUTH. For these prefixes, the removal of route objects from this database may lead to DoS.
*Numbers for IPv4:* Total number of objects - 69178
Address space covered In other IRRs - 43527
Address space covered In other IRRs with same ASN - 33839
Unique Objects in RIPE-NONAUTH - 25651
Globally visible prefixes – 4507
ASNs - 543
*Numbers for IPv6:* Total number of objects - 1991
Address space covered In other IRRs - 1502
Address space covered In other IRRs with same ASN - 1336
Unique Objects - 489
Globally visible prefixes – 303
ASNs - 86
I haven't yet analyzed to which IRRs the route objects from NONAUTH should belong. So, please take it as input, but there is a significant place for improvement.
чт, 18 окт. 2018 г. в 12:48, nusenu <nusenu-lists@riseup.net>:
here is my data for you to scrutinize since Alexander Azimov (slides [3]) had some slightly different (lower) numbers (maybe that difference is either caused by a difference in TALs configured - or just because we didn't produce the data at the very same time or just a problem on my side)
[1] 69178 route objects - 758 invalids - 55 of them are announced as defined in the route object [2] 1991 route5 objects - 16 invalids
That said these are just current numbers but they obviously will change over time with the increasing creation of ROA outside of the RIPE region.
kind regards, nusenu PS: I've a few more remarks but I'll postpone them.
[1] https://gist.githubusercontent.com/nusenu/21687b0902cc64cd61b92ec5ae66bbc1/r... [2] https://gist.githubusercontent.com/nusenu/7d4c7f6ea5cadb47ff49760e5f2e5aa0/r...
format: origin,prefix,RPKI validity state
[3] https://ripe77.ripe.net/presentations/123-RIPE-NONAUTH.azimov.pdf
-- https://twitter.com/nusenu_ https://mastodon.social/@nusenu
-- | Alexander Azimov | HLL l QRATOR | tel.: +7 499 241 81 92 | mob.: +7 915 360 08 86 | skype: mitradir | visit: radar.qrator.net
-- | Alexander Azimov | HLL l QRATOR | tel.: +7 499 241 81 92 | mob.: +7 915 360 08 86 | skype: mitradir | visit: radar.qrator.net
On Thu, Oct 18, 2018 at 01:01:50PM +0300, Alexander Azimov wrote:
In the attachment is raw data that was used in https://ripe77.ripe.net/presentations/123-RIPE-NONAUTH.azimov.pdf It shows a list of globally visible prefixes that have route objects ONLY in RIPE-NONAUTH. For these prefixes, the removal of route objects from this database may lead to DoS.
I somewhat disagree with your use of the word "denial of service" in this context. :-) The route objects are *only* removed if the owner of the prefix creates a RPKI ROA - and iff they *do* create a RPKI ROA, a route object is automatically published via NTT's IRR service. Question (which may be really hard to answer) - how many of those prefix holders are able to create RPKI ROAs for those prefixes? Kind regards, Job
participants (2)
-
Alexander Azimov -
Job Snijders