Even if you are not on an exchange that requires IRRs, I would highly recommend utilizing the tutorial for getting IRRs setup with ARIN if you do not already have them.
-----Original Message-----
From: MICE Discuss [mailto:[log in to unmask]] On Behalf Of Richard Laager
Sent: Tuesday, September 25, 2018 10:43 PM
To: [log in to unmask]
Subject: [MICE-DISCUSS] Fwd: route server IRR objects: RIPE use for ARIN addresses deprecated, ARIN IRR & RPKI tutorials
This is from the SeattleIX announce list. I'm forwarding it, with
Chris's permission, in case this is relevant to anyone here.
-------- Forwarded Message --------
Subject: route server IRR objects: RIPE use for ARIN addresses
deprecated, ARIN IRR & RPKI tutorials
Date: Tue, 25 Sep 2018 22:22:14 +0000 (UTC)
From: Chris Caputo <[log in to unmask]>
To: [log in to unmask]
tl;dr:
- RIPE made changes which don't break anything now, but may in future.
- I recommend you move your IRR records to the RIR which assigned or
allocated your prefixes.
- link to ARIN RPKI tutorial at bottom.
Many of you that used RIPE to create your Internet Routing Registry
(IRR) objects received an email from RIPE at the beginning of September
about a change in their registry in which non-RIPE prefixes are now
labeled with "source: RIPE-NONAUTH".
This is part of an effort to improve the quality of IRR data for the
purposes of reducing accidental or fraudulent BGP announcements. The
idea being that the Regional Internet Registries (RIRs) know best who
addresses have been assigned/allocated to.
If you have your records at RIPE (or elsewhere and want to move to
ARIN), I recommend you do the following: (note the example with my
AS6456 will soon no longer work because I will be deleting my records at
RIPE since they have been moved to ARIN)
- First, determine your maintainer object name. This can be figured
out by going to http://www.radb.net/query/ and running a query on
your ASN or prefixes. For example, a query on my AS6456 reveals a
RIPE maintainer "mnt-by" field "MAINT-ALTOPIA-RIPE". You may find
you have multiple maintainers and multiple IRRs. Focus on the RIPE
one if that is what you want to move.
aut-num: AS6456
[...]
mnt-by: MAINT-ALTOPIA-RIPE
source: RIPE-NONAUTH
- Using my "MAINT-ALTOPIA-RIPE" I can do an inverse query at RIPE to
see all of my objects:
$ whois -h whois.ripe.net -i mnt-by -B MAINT-ALTOPIA-RIPE
aut-num: AS6456
as-name: ALTOPIA-6456
descr: Altopia AS 6456
[...]
as-set: AS-ALTOPIA
descr: Altopia Corporation
members: AS6456
[...]
route: 208.90.168.0/22
descr: ALTOPIA-V4-1 assigned by ARIN
origin: AS6456
[...]
route6: 2620:0:cf0::/48
descr: ALTOPIA-V6-1 assigned by ARIN
origin: AS6456
[...]
etc...
- Save a copy of all of your objects so you can use the result to aide
in your move to ARIN.
- Refer to https://www.seattleix.net/irr-tutorial#arin for a new
tutorial on how to get set up at ARIN's IRR.
- Use http://irrexplorer.nlnog.net to visualize which IRRs are
reporting your prefixes or ASN.
- After all of your ARIN objects are moved to ARIN, work to delete your
ARIN objects at RIPE or elsewhere as part of being tidy.
Bonus! I also made an ARIN Resource Public Key Infrastructure (RPKI)
tutorial. Turns out RPKI is pretty easy to configure, with respect to
making it so your own ARIN prefixes are somewhat (*) protected from
being announced by unauthorized ASNs. (*: with respect to networks
running RPKI validators)
- https://www.seattleix.net/irr-tutorial#arinrpki
Feedback & corrections welcome!
Chris
|