Aftab, I don’t think you actually addressed his concern…
Revoking the previously valid ROAs moves the prefix from VALIDATED/GOOD to UNVALIDATED/UNKNOWN status in any route validator. This would not affect the routing table in most cases since there won’t be a validated route (in this instance) to supersede the UNVALIDATED/UNKNOWN route which was previously VALIDATED/GOOD. Issuing the AS-0 ROA would subsequently move the prefix from VALIDATED/GOOD or UNVALIDATED/UNKNOWN status to INVALID/KNOWN status, thus causing most validating routers to discard the route.
APNIC issues 2001:db8:feed::/48 to XYZ Corp. who creates a ROA for AS65551. If you’re doing ROV, then this prefix 2001:db8:feed::/48 is validated assuming you receive the route with an AS PATh that matches "* 65551 $”. Subsequently, XYZ Corp forgets to pay their APNIC invoice and APNIC revokes the space. Under current policy, APNIC Simply deletes the ROA and anyone doing ROV no longer sees 2001:db8:feed::/48 as valid, but they don’t see it as invalid. It moves to unknown. In the current (and foreseeable future) world, and unknown route is probably still going to be accepted by the vast majority of peers, so this has little effect on routing. Under the proposed policy, at some point, APNIC issues a new ROA for 2001:db8:feed::/48 tied to AS0. This has two effects that are not present in the current situation: 1. The route with origin AS6551 is no tagged as “Invalid” — There is no matching VALID ROA since they were all revoked by the RIR. 2. Most peers doing ROV will likely drop the prefix. While unknown prefixes are not likely dropped, known invalid prefixes are a different matter and even though some ROV operators will not drop them today, more and more will sooner rather than later. This means that the RIR now has much greater direct power over influencing routing decisions than in the pre-RPKI/ROV days. I’m not saying whether this is good or bad (who am I to judge at this point), but I am saying it’s a valid concern and a huge potential operational consequence of this proposed policy.
what measures would be taken to avoid the erroneous (and potentially disastrous) combination of revocation of all previous ROAs and issuance of an AS-0 ROA. Also, a clear description of the timelines for how non-payment/cancellation would be handled in terms of when ROAs would be revoked and when the AS-0 ROA would be issued for a reclaimed block in relation to the revocation of previous ROAs and in relation to the invoice due date. I hope that’s a clear enough _expression_. That is my current question about this proposal. I am sure Javed will speak up if it doesn’t also reflect his question/concerns. Owen
|