Hi, On Thu, Nov 14, 2024 at 12:50:54AM +0800, xiaoyu.net via Manrs-community wrote:
I don't agree with this view. For example, a /40 ipv6 address block is assigned to a person who has no connection with the LIR. Submitting RPKI settings to the LIR is difficult and impossible to keep up to date. Because updating and setting up RPKI for a large number of IPv6 prefixes to LIR is a very heavy task. What I mean is that the person who actually manages the use of the IP prefix should be allowed to set up RPKI himself in RIPE.
A /40 IPv6 can be assigned by the RIPE NCC, or by an ISP (acting for the LIR). So the chain of assignment is clear, and if the ISP is permitting independent BGP announcement of said /40, they can do the RPKI ROA just fine ("two clicks in the RIPE LIR portal") - and if not, it's their decision to not allow that. If the /40 is coming from the RIPE NCC, the NCC will do RPKI. Normally the ROA setup is a one-time thing - if you have "a large number of prefixes" and RPKI changes all the time (making it a "very heavy task"), it sounds as if you're mostly holding it wrong. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Ingo Lalla, Karin Schuler, Sebastian Cler Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279