 |
 |
[log in to unmask]">In my (limited) experience, the filter generator makes a prefix-list using objects from all the approved IRRs that match the contents of the AS-SET.I am specifically interested in feedback on this point. But please, only real-world scenarios, no speculation ("someone might ...").
Background:
- This setting is per-participant.
- Order is important. When looking for a given IRR object, the first source that includes that object will be used.
In my case, that means route(6) objects from ARIN and RADB are
combined to make a prefix-list that's bigger than just ARIN or
RADB-sourced objects.
The order has not been relevant, nor specified.
No need for NONAUTH sources, and ARIN has completely retired
theirs.
Cheers,
Jonathan
Jonathan Stewart Network Engineer LES.NET - AS18451 Desk: 1-204-666-6191 Mobile: 1-204-990-2120 130 Portage Avenue E Winnipeg, MB R3C 0A1 CANADA
[log in to unmask]">
- I think we want to prefer RIR-authenticated sources over others.
Questions:
- Should I reorder RADB,ARIN to be ARIN,RADB and similar for RADB,RIPE and RADB,APNIC,ARIN? Tentative: Yes.
- Should I drop RIPE-NONAUTH choices? Tentative: If nobody is using it by the end of this, I'll just remove it.
- Does anyone know if AFRINIC, APNIC, and LACNIC are authenticated?
- Does anyone know if people care about LEVEL3's IRR? Tentative: If nobody is using it by the end of this, I'll just remove it.
- How do I set the source per participant? I think what we want is the following, for each participant:
- I use RADB's web interface to view the specified as-set. If the "source" of that object is an RIR registry, e.g. ARIN, I set the source in IXP Manager to that RIR source. If the source is RADB, I set the source to $RIR,RADB where $RIR is the RIR that issued the participant's ASN. For example, if someone is in the ARIN region, ARIN. If someone is in the RIPE region, RIPE. The idea is to make it easy for them to move to the RIR registry in the future.
- I manually trigger the AS and prefix update and make sure I get results.
- If the source is just $RIR, I then change this to $RIR,RADB. I manually trigger the AS and prefix update. If that second update changed nothing, I remove RADB. If that update did change something, then I eyeball it and make a decision. I would be looking to detect the scenario where e.g. the as-set is in the ARIN region but references customer ASes/as-sets that are in RADB; in such a case, I need to allow RADB. In contrast, if the records in RADB appear to be outdated and someone has moved to ARIN, I would want to remove RADB.
If that becomes too tedious, a fallback option is to set everyone to something like ARIN,RIPE,RADB or ARIN,RIPE,LACNIC,APNIC,AFRINIC,RADB. (The order of the RIRs is negotiable. I don't really know much about non-ARIN IRR.)
On 5/9/23 11:25, Jay Hanke wrote:
[log in to unmask]">Here are the current IRR sources. Please note ARIN-NONAUTH is not included.whois.radb.net RIPE
whois.radb.net RIPE,RIPE-NONAUTH
whois.radb.net RADB
whois.radb.net LACNIC
whois.radb.net AFRINIC
whois.radb.net APNIC
whois.radb.net LEVEL3
whois.radb.net ARIN
whois.radb.net RADB,ARIN
whois.radb.net ALTDB
whois.radb.net RADB,RIPE
whois.radb.net RADB,APNIC,ARIN
whois.radb.net RIPE,ARIN
Could you please clarify which IRR source will be included for filter generation? We currently rely on RADb instead of ARIN for our IRR records, and it would be helpful to confirm if this will be used with the new route servers.
-- Richard
To unsubscribe from the MICE-DISCUSS list, click the following link:
http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1
To unsubscribe from the MICE-DISCUSS list, click the following link:
http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1