[arin-tech-discuss] Maximum number of prefixes in a manually signed ROA
Mark Kosters
markk at arin.net
Mon Aug 20 17:36:49 EDT 2018
Hi Andrew
There is a limit and it based on the interface with our HSM. We are trying to figure out #'s and will have an answer for you soon.
Thanks,
Mark
On 8/17/18, 4:49 PM, "arin-tech-discuss on behalf of Andrew Gallo" <arin-tech-discuss-bounces at arin.net on behalf of akg1330 at gmail.com> wrote:
Greetings:
A discussion has come up in the R&E community about the maximum number
of prefixes one can include in a ROA request in the hosted environment.
Using the feature of pasting in a manually signed ROA, I've been able to
request about 4k prefixes in a single ROA. Seeing that work, I got
greedy and request 65k. That didn't work. (this was all done in the OT&E)
Is there a limit to the number of prefixes that can be included in a ROA
request? I can't find anything in an RFC that specifies a max number;
if that's the case, is there a practical number?
Here's the background of the query-
Let's say you have a large summary prefix, say a /16. You've subscribed
to a DDoS scrubbing service that can, on demand, originate any arbitrary
/24 of your space under a different ASN. You would need to create a ROA
that covers the /24s for the DDoS mitigation ASN. In this case, that's
256 prefixes, so that's manageable. How about individual /64s out of a
/44, or much worse, a /32.
I imagine this was exactly the concept behind the max length field that
is now considered harmful.
It's an interesting discussion for the operational community, but the
immediate question is, what is the capacity of ARIN's hosted service?
Thank you.
_______________________________________________
arin-tech-discuss mailing list
arin-tech-discuss at arin.net
https://lists.arin.net/mailman/listinfo/arin-tech-discuss
More information about the arin-tech-discuss
mailing list