Print

Print
Thanks for your work on this, Richard! This is most excellent to see progress on.

Will there be any "self-service" and/or visibility of this moving forward? (ie: IXP Manager login per member).

Is RPKI validation part of this as well, or a future item (at least rejecting RPKI invalids from route servers)?


Thanks,
Andrew

On May 9, 2023, at 5:19 AM, Richard Laager <[log in to unmask]> wrote:

[I plan to send this to MICE-ANNOUNCE too, but I want to see if anyone has corrections.]

MICE will soon be deploying new route servers which will require IRR (Internet Routing Registry) records, as is a best practice at IXPs.

What

  • You MUST have an as-set object listing your AS and your downstream ASes (if any).
    • You MUST either list that as-set in PeeringDB or email the name of your as-set to me (off-list to [log in to unmask] please).
  • A route/route6 object MUST exist for each prefix you announce to the route servers (whether originated by you or transited through you) and it must list an Origin AS that is in your as-set.

When

  • If you are a transit AS (i.e. have ASes behind you) and don't have an as-set object, fix this now. Without an as-set object, your downstream ASes announcements will be blocked (filtered) immediately when the first new  route server is cut in. (Granted, they will still work through the second route server until it is upgraded.) Figure you have 1-2 weeks at most.
  • Enforcement of the route/route6 objects (for both transit and non-transit ASes) will come later, but not a lot later. So please, start on this now.

Where

If you are not sure where to create IRR records, use ARIN (assuming you are in the ARIN region).

How (with ARIN)

  1. Login to ARIN Online. (Go to arin.net and click Login in the top right.)
  2. On the left side, expand "Routing Security" and click "IRR".
  3. Click "as-set" at the top.
  4. Click "Create an Object".
  5. Fill in the fields:
    The "AS Set Name" is what you will list in PeeringDB (or email to me).
    "Description" is unparsed, but they suggest the location and have a button to "Copy the Address from My Org ID".
    "Members" is where you list your ASN and downstream ASes (if any).
  6. Click "Review". Once ready, click "Submit".
  7. Click "route/route6" at the top.
  8. Click "Create an Object".
  9. Fill in the fields:
    "Prefix" is the prefix, e.g. 192.0.2.0/24.
    "Origin" is your ASN.
  10. Click "Review". Once ready, click "Submit".
  11. Repeat to create additional route objects until all of your announcements are covered. Don't forget IPv6!

Examples

Here is my as-set: https://www.radb.net/query?keywords=AS-WIKTEL

Here is one example route: https://www.radb.net/query?keywords=69.89.192.0%2F20

(I created the AS33362 one. The AS19905 one is because another AS can originate this route for DDoS scrubbing reasons.)

-- 
Richard

To unsubscribe from the MICE-DISCUSS list, click the following link:
http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1



To unsubscribe from the MICE-DISCUSS list, click the following link:
http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1