Thank you for your efforts in making routing more secure for the entire
MICE community.
Could you please clarify which IRR source will be included for filter
generation? We currently rely on RADb instead of ARIN for our IRR
records, and it would be helpful to confirm if this will be used with
the new route servers.
On 2023-05-09 6:19 a.m., Richard Laager wrote:
>
> [I plan to send this to MICE-ANNOUNCE too, but I want to see if anyone
> has corrections.]
>
> MICE will soon be deploying new route servers which will require IRR
> (Internet Routing Registry) records, as is a best practice at IXPs.
>
> *What*
>
> * You MUST have an as-set object listing your AS and your downstream
> ASes (if any).
> o You MUST either list that as-set in PeeringDB or email the
> name of your as-set to me (off-list to [log in to unmask] please).
> * A route/route6 object MUST exist for each prefix you announce to
> the route servers (whether originated by you or transited through
> you) and it must list an Origin AS that is in your as-set.
>
> *When*
>
> * *If you are a transit AS (i.e. have ASes behind you) and don't
> have an /as-set/ object, fix this **/now/**.* Without an as-set
> object, your downstream ASes announcements will be blocked
> (filtered) immediately when the /first/ new route server is cut
> in. (Granted, they will still work through the second route server
> until it is upgraded.) Figure you have 1-2 weeks at most.
> * Enforcement of the route/route6 objects (for both transit and
> non-transit ASes) will come later, but not a lot later. So please,
> start on this now.
>
> *Where*
>
> If you are not sure /where/ to create IRR records, use ARIN (assuming
> you are in the ARIN region).
>
> *How (with ARIN)*
>
> 1. Login to ARIN Online. (Go to arin.net and click Login in the top
> right.)
> 2. On the left side, expand "Routing Security" and click "IRR".
> 3. Click "as-set" at the top.
> 4. Click "Create an Object".
> 5. Fill in the fields:
> The "AS Set Name" is what you will list in PeeringDB (or email to me).
> "Description" is unparsed, but they suggest the location and have
> a button to "Copy the Address from My Org ID".
> "Members" is where you list your ASN and downstream ASes (if any).
> 6. Click "Review". Once ready, click "Submit".
> 7. Click "route/route6" at the top.
> 8. Click "Create an Object".
> 9. Fill in the fields:
> "Prefix" is the prefix, e.g. 192.0.2.0/24.
> "Origin" is your ASN.
> 10. Click "Review". Once ready, click "Submit".
> 11. Repeat to create additional route objects until all of your
> announcements are covered. Don't forget IPv6!
>
> *Examples*
>
> Here is my as-set: https://www.radb.net/query?keywords=AS-WIKTEL
>
> Here is one example route:
> https://www.radb.net/query?keywords=69.89.192.0%2F20
>
> (I created the AS33362 one. The AS19905 one is because another AS can
> originate this route for DDoS scrubbing reasons.)
>
> --
> Richard
>
> ------------------------------------------------------------------------
>
> To unsubscribe from the MICE-DISCUSS list, click the following link:
> http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1
>
>
--
Best regards
August Yang
