Job wrote:
Yes, it seems that adding a separate extra ROA just for the /24 is better than using "MaxLength=24".
Wall of text on what that is :-) https://tools.ietf.org/html/draft-ietf-sidrops-rpkimaxlen
In a world doing RV I agree on above statement. In a world where most transit networks do not drop invalids I think by doing so the risk of suffering heavier from even a "simple prefix hijack" (on purpose or not) and not being able to react quickly might be higher as your "get at least something back /24 announcement" eventually doesn't get far if your transit does RV (and esp. not to the networks doing RV - the networks "stating" to have a cleaner table - what might be still true, but useless if there's a more specific between source and destination). Has anyone ever done measurements on the time from publishing ROAs 'till these show up on their routers and what reasonable timers might be? So please "push" transit networks (the larger the better) and IXes to do the reject of invalids with all the consequences (and don't blame them for the missing prefixes). Then not using MaxLength=24 as a default perfectly makes sense (except some of the cases the draft mentions). For the time being I think every network should carefully think about what fits to them best (service, customer, connectivity,...) 'till RV is wider deployed (in larger transit networks, on IXes as always on, ...). Might be perfect for you to follow the draft if you host Dutch content for EU-Dutch eyeballs, doing 95% of your traffic via RV forced-enabled IXes or in-country transit networks doing RV. It might come with additional challenges if there are between you and your customers some "questionable" networks not doing RV or the IX not doing RV for e.g. the party most of your traffic goes/ comes from. Or when your upstream is the only one doing RV. Cheers, Markus -- FvD, Markus Weber, AS286 KPN EuroRings Germany B.V. Rüsselsheimerstr. 22, DE-60326 Frankfurt Amtsgericht Frankfurt HR99781, GF Jesus Martinez & Hugo van den Akker