 |
 |
Even if you are not on an exchange that requires IRRs, I would highly recommend utilizing the tutorial for getting IRRs setup with ARIN if you do not already have them. -----Original Message----- From: MICE Discuss [mailto:[log in to unmask]] On Behalf Of Richard Laager Sent: Tuesday, September 25, 2018 10:43 PM To: [log in to unmask] Subject: [MICE-DISCUSS] Fwd: route server IRR objects: RIPE use for ARIN addresses deprecated, ARIN IRR & RPKI tutorials This is from the SeattleIX announce list. I'm forwarding it, with Chris's permission, in case this is relevant to anyone here. -------- Forwarded Message -------- Subject: route server IRR objects: RIPE use for ARIN addresses deprecated, ARIN IRR & RPKI tutorials Date: Tue, 25 Sep 2018 22:22:14 +0000 (UTC) From: Chris Caputo <[log in to unmask]> To: [log in to unmask] tl;dr: - RIPE made changes which don't break anything now, but may in future. - I recommend you move your IRR records to the RIR which assigned or allocated your prefixes. - link to ARIN RPKI tutorial at bottom. Many of you that used RIPE to create your Internet Routing Registry (IRR) objects received an email from RIPE at the beginning of September about a change in their registry in which non-RIPE prefixes are now labeled with "source: RIPE-NONAUTH". This is part of an effort to improve the quality of IRR data for the purposes of reducing accidental or fraudulent BGP announcements. The idea being that the Regional Internet Registries (RIRs) know best who addresses have been assigned/allocated to. If you have your records at RIPE (or elsewhere and want to move to ARIN), I recommend you do the following: (note the example with my AS6456 will soon no longer work because I will be deleting my records at RIPE since they have been moved to ARIN) - First, determine your maintainer object name. This can be figured out by going to http://www.radb.net/query/ and running a query on your ASN or prefixes. For example, a query on my AS6456 reveals a RIPE maintainer "mnt-by" field "MAINT-ALTOPIA-RIPE". You may find you have multiple maintainers and multiple IRRs. Focus on the RIPE one if that is what you want to move. aut-num: AS6456 [...] mnt-by: MAINT-ALTOPIA-RIPE source: RIPE-NONAUTH - Using my "MAINT-ALTOPIA-RIPE" I can do an inverse query at RIPE to see all of my objects: $ whois -h whois.ripe.net -i mnt-by -B MAINT-ALTOPIA-RIPE aut-num: AS6456 as-name: ALTOPIA-6456 descr: Altopia AS 6456 [...] as-set: AS-ALTOPIA descr: Altopia Corporation members: AS6456 [...] route: 208.90.168.0/22 descr: ALTOPIA-V4-1 assigned by ARIN origin: AS6456 [...] route6: 2620:0:cf0::/48 descr: ALTOPIA-V6-1 assigned by ARIN origin: AS6456 [...] etc... - Save a copy of all of your objects so you can use the result to aide in your move to ARIN. - Refer to https://www.seattleix.net/irr-tutorial#arin for a new tutorial on how to get set up at ARIN's IRR. - Use http://irrexplorer.nlnog.net to visualize which IRRs are reporting your prefixes or ASN. - After all of your ARIN objects are moved to ARIN, work to delete your ARIN objects at RIPE or elsewhere as part of being tidy. Bonus! I also made an ARIN Resource Public Key Infrastructure (RPKI) tutorial. Turns out RPKI is pretty easy to configure, with respect to making it so your own ARIN prefixes are somewhat (*) protected from being announced by unauthorized ASNs. (*: with respect to networks running RPKI validators) - https://www.seattleix.net/irr-tutorial#arinrpki Feedback & corrections welcome! Chris