[arin-tech-discuss] Who can generate ROAs when a holder reassigns or reallocations address space?

Andrew Gallo akg1330 at gmail.com
Mon Jun 24 13:49:51 EDT 2024


This is helpful.  Thank you for the explanation.


On 6/24/2024 11:08 AM, Brad Gorman wrote:
> Hello Andrew,
>
> Thanks for your question.
>
>
>    *   Only holders of resources received directly from ARIN are able to create ROAs for those resources.
>    *   Organizations who are recipients of reallocated or detailed reassignments can create IRR objects, not RPKI ROAs for those resources.
>    *   Organizations who are recipients of simple reassignments may not user IRR or RPKI services.
>
> Best regards,
>
> Brad Gorman
> Sr Product Owner, Routing Security
> ARIN
>
> From: arin-tech-discuss <arin-tech-discuss-bounces at arin.net> on behalf of Andrew Gallo <akg1330 at gmail.com>
> Date: Monday, June 24, 2024 at 10:52
> To: David Farmer <farmer at umn.edu>
> Cc: arin-tech-discuss at arin.net <arin-tech-discuss at arin.net>
> Subject: Re: [arin-tech-discuss] Who can generate ROAs when a holder reassigns or reallocations address space?
> I like that idea.  I was thinking along the same lines.
>
> When a prefix is delegated, associate a Routing POC with the prefix
> which would be allowed to generate ROAs and IRR objects. If no
> association is made, only the parent can take these actions.
>
> Question- do you think the delegating/parent holder should be allowed to
> generate ROAs if there is a downstream Routing POC?
>
> On 6/24/2024 10:08 AM, David Farmer wrote:
>> I wonder if a tactic to address this issue is expanding the use of the
>> Router POC. Maybe a Router POC could be created at the resource level or
>> with a Detailed Reassignment instead of a Router POC at the Organization
>> Level, providing a fine-grained mechanism to delegate control of ROA and
>> IRR.
>>
>> Just a thought.
>>
>> On Mon, Jun 24, 2024 at 8:34 AM Andrew Gallo <akg1330 at gmail.com> wrote:
>>
>>> If a holder of address resources reassigns or reallocates a portion of
>>> that space, who can create an RPKI ROA?  The original holder (parent),
>>> the downstream org that has the delegated portion of the space?
>>>
>>> The three options for reassignment/reallocation are
>>>        Simple Reassignment
>>>        Detailed Reassignment
>>>        Reallocation
>>> (definitions below)
>>>
>>> Based on my reading, Simple Reassignment allows only the 'parent' (or
>>> delegating) org allowed to create ROAs.  But what about Detailed?  The
>>> downstream org can have POCs and maintain reverse nameserver records.
>>> Can they also generate ROAs or IRR objects?
>>>
>>> What about Reallocation?
>>>
>>> Thank you.
>>>
>>>
>>>
>>>> Simple Reassignment
>>>>       Use this option if you will manage abuse and network contacts for
>>>> your customer.
>>>>
>>>> Detailed Reassignment
>>>>       Use this for a downstream organization that needs to maintain its
>>>> own reverse nameservers and/or separate Point of Contact (POC)
>>>> information.
>>>>
>>>> Reallocation
>>>>       Use this for a downstream organization that needs to maintain its
>>>> own reverse nameservers and/or separate Point of Contact (POC)
>>>> information and make reassignments of IP addresses to its own customers.
>>>>
>>> _______________________________________________
>>> arin-tech-discuss mailing list
>>> arin-tech-discuss at arin.net
>>> https://lists.arin.net/mailman/listinfo/arin-tech-discuss
>>>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0x1C61021F8B5942A2.asc
Type: application/pgp-keys
Size: 4097 bytes
Desc: OpenPGP public key
URL: <https://lists.arin.net/pipermail/arin-tech-discuss/attachments/20240624/65395e1f/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: OpenPGP digital signature
URL: <https://lists.arin.net/pipermail/arin-tech-discuss/attachments/20240624/65395e1f/attachment.sig>


More information about the arin-tech-discuss mailing list