Oct 31, 2025 Current Resources

Re: CAIDA and Internet2 are working on a tool to assist network operators plan their RPKI-ROAs

nanog mailing list archives

From: Job Snijders via NANOG <nanog () lists nanog org>
Date: Thu, 30 Oct 2025 22:21:02 +0000

Dear Malte,

On Fri, Oct 31, 2025 at 06:11:09AM +0900, Malte Tashiro via NANOG wrote:

I am more surprised by the "Best Practice" tag on the "Required
Multi-prefix ROAs" tab, I assume this should be on the "Single Prefix
ROAs" tab (see RFC9455 [0]).

[0] https://www.rfc-editor.org/rfc/rfc9455.html



RFC 9455 essentially recommends to "maximally deaggregate" prefix
information into distinct ROA objects, however, this practise results a
massive overhead for the validation process in RPKI caches. I believe
these effects previously were underestimated: this practise seems to
result in non-linear growth of resource consumption.

With progressive insight, BCP 238 is *NOT* the best practise for the
general case. The growth patterns observed in the global RPKI in the
last two years lead me to believe that RFC 9455 needs to be revised.

When ROAs are created through RIR-hosted systems (ARIN Online, the RIPE
NCC LIR Portal, MiLACNIC, etc), those systems SHOULD bundle as many
prefixes into as few ROAs as possible in order to conserve resources
(cpu/storage) in the RPKI caches around the planet.

RFC 9455 Section 4 contains too little nuance and lacks guidance when
exactly bundling or deaggregation are helpful, and the tiny warning
about "may increase the file-fetch burden" in Section 5 turns out to be
a lot more taxing than expected.

Kind regards,

Job
_______________________________________________
NANOG mailing list 
https://lists.nanog.org/archives/list/nanog () lists nanog org/message/DZV7OZPHM46UQ2MHJFPJ2GR7TEZIGGZC/