Details
RPKI ROAs for Unallocated and Unassigned AFRINIC Address Space |
|||
ID: |
AFPUB-2019-GEN-006-DRAFT01 |
Date Submitted: |
4th November 2019 |
Author: |
Frank Habicht geier at geier.ne.tz Tanzania ISP Association Mark Elkins mje at posix.co.za POSIX Jordi Palet Martinez jordi.palet at theipv6company.com The IPv6 Company Haitham El Nakhal Hytham at tra.gov.eg National Telecom Regulatory Authority (NTRA) |
Version: |
1.0 |
Obsoletes: |
Amends: |
New section |
Proposal
1.0 Summary of the problem being addressed by this proposal
Address space managed by AFRINIC which has is either “Unallocated” or “Unassigned” is considered “Bogon address space”. As defined in RFC3871, A “Bogon” (plural: “bogons”) is a packet with an IP source address in an address block not yet allocated by IANA or the RIRs as well as all addresses reserved for private or special use by RFCs.
The purpose of creating RPKI ROAs with Origin AS0 for AFRINIC’s unallocated and unassigned address space is to restrict the propagation of BGP announcements covering such bogon space. When AFRINIC issues a ROA with AS0 for unallocated address space under AFRINIC’s administration, BGP announcements covering this space will be marked as Invalid by networks doing RPKI based BGP Origin Validation using APNIC’s TAL.
2.0 Summary of how this proposal addresses the problem
This proposal instructs AFRINIC to create ROAs for all unallocated and unassigned address space under its control. This will enable networks performing RPKI-based BGP Origin Validation to easily reject all the bogon announcements covering resources managed by AFRINIC.
Currently, in the absence of any ROA, these bogons are marked as NotFound. Since many operators have implemented ROV and either planning or already discarding Invalid, then all the AS0 ROAs which AFRINIC will create for unallocated address space will be discarded as well.
The process for ROA validity periods and release of ROAs before assignment/allocation by AFRINIC is left for AFRINIC staff to define in internal procedures.
It is suggested that, if this policy is adopted, it is placed as a new section at the end of the CPM. This editorial modification can be done by the staff, renumbering/reordering any relevant sections, even adjusting titles/subtitles for the new section to better match the adopted text.
3. Proposal
New CPM section as follows:
Current |
Proposed |
1 RPKI ROAs for Unallocated and Unassigned AFRINIC Address Space AFRINIC will create ROAs with origin AS0 for all the unallocated and unassigned address space (IPv4 and IPv6) for which it is the current administrator. Any resource holder can create AS0 (zero) ROAs for the resources they have under their account/administration. An RPKI ROA is a positive attestation that a prefix holder has authorized an Autonomous System to originate a route for this prefix to the global BGP routing table. An RPKI ROA for the same prefixes with AS0 (zero) origin shows a negative intent from the resource holder to have the prefixes advertised in the global BGP routing table. Only AFRINIC has the authority to create RPKI ROAs for address space not yet allocated or assigned to its members. If AFRINIC wants to allocate address space to one of its members, the RPKI ROA or ROAs with origin AS0 will have to be revoked beforehand. Address space can only be allocated once the ROA or ROAs with origin AS0 have been fully removed and are not visible in the repositories. |
4.0 References
An equivalent proposal has already reached consensus in APNIC (https://www.apnic.net/community/policy/proposals/prop-132) and has been proposed in RIPE NCC (https://www.ripe.net/participate/policies/proposals/2019-08). It is also in preparation for submission to the other RIRs.