Hi all,

In the attachment is raw data that was used in https://ripe77.ripe.net/presentations/123-RIPE-NONAUTH.azimov.pdf
It shows a list of globally visible prefixes that have route objects ONLY in RIPE-NONAUTH. For these prefixes, the removal of route objects from this database may lead to DoS.

Numbers for IPv4:
Total number of objects - 69178

Address space covered In other IRRs - 43527
Address space covered In other IRRs  with same ASN - 33839
Unique Objects in RIPE-NONAUTH - 25651
Globally visible prefixes – 4507
ASNs - 543


Numbers for IPv6:
Total number of objects - 1991

Address space covered In other IRRs - 1502
Address space covered In other IRRs with same ASN - 1336
Unique Objects - 489
Globally visible prefixes – 303
ASNs - 86

I haven't yet analyzed to which IRRs the route objects from NONAUTH should belong. So, please take it as input, but there is a significant place for improvement.  

чт, 18 окт. 2018 г. в 12:58, Alexander Azimov <aa@qrator.net>:
Hi all,

In the attachment is raw data that was used in https://ripe77.ripe.net/presentations/123-RIPE-NONAUTH.azimov.pdf
It shows a list of globally visible prefixes that have route objects ONLY in RIPE-NONAUTH. For these prefixes, the removal of route objects from this database may lead to DoS.

Numbers for IPv4:
Total number of objects - 69178

Address space covered In other IRRs - 43527
Address space covered In other IRRs  with same ASN - 33839
Unique Objects in RIPE-NONAUTH - 25651
Globally visible prefixes – 4507
ASNs - 543


Numbers for IPv6:
Total number of objects - 1991

Address space covered In other IRRs - 1502
Address space covered In other IRRs with same ASN - 1336
Unique Objects - 489
Globally visible prefixes – 303
ASNs - 86

I haven't yet analyzed to which IRRs the route objects from NONAUTH should belong. So, please take it as input, but there is a significant place for improvement.

чт, 18 окт. 2018 г. в 12:48, nusenu <nusenu-lists@riseup.net>:
here is my data for you to scrutinize since
Alexander Azimov (slides [3]) had some slightly different (lower)
numbers (maybe that difference is either caused by a difference in
TALs configured - or just because we didn't produce the data at the very same time
or just a problem on my side)

[1] 69178 route objects - 758 invalids - 55 of them are announced as defined in the route object
[2] 1991 route5 objects - 16 invalids

That said these are just current numbers but they obviously will change
over time with the increasing creation of ROA outside of the RIPE region.


kind regards,
nusenu
PS: I've a few more remarks but I'll postpone them.

[1] https://gist.githubusercontent.com/nusenu/21687b0902cc64cd61b92ec5ae66bbc1/raw/ed4a92f84493ce0e274c1a1890c92aa48c522c17/RPKI-validity-state-of-RIPE-NONAUTH-2018-10-17-2000UTC.txt
[2] https://gist.githubusercontent.com/nusenu/7d4c7f6ea5cadb47ff49760e5f2e5aa0/raw/f30a202baa93fcc9d48ba0af494bd6a7cfe24f44/RPKI-validity-state-of-RIPE-NONAUTH-route6-2018-10-17-2000UTC.txt

format: origin,prefix,RPKI validity state

[3] https://ripe77.ripe.net/presentations/123-RIPE-NONAUTH.azimov.pdf



--
https://twitter.com/nusenu_
https://mastodon.social/@nusenu



--
| Alexander Azimov  | HLL l QRATOR
| tel.: +7 499 241 81 92
| mob.: +7 915 360 08 86
| skype: mitradir
| visit: radar.qrator.net


--
| Alexander Azimov  | HLL l QRATOR
| tel.: +7 499 241 81 92
| mob.: +7 915 360 08 86
| skype: mitradir
| visit: radar.qrator.net