 |
 |
Here are the current IRR sources. Please note ARIN-NONAUTH is not included. whois.radb.net RIPE whois.radb.net RIPE,RIPE-NONAUTH whois.radb.net RADB whois.radb.net LACNIC whois.radb.net AFRINIC whois.radb.net APNIC whois.radb.net LEVEL3 whois.radb.net ARIN whois.radb.net RADB,ARIN whois.radb.net ALTDB whois.radb.net RADB,RIPE whois.radb.net RADB,APNIC,ARIN whois.radb.net RIPE,ARIN On Tue, May 9, 2023 at 11:14 AM August Yang < [log in to unmask]> wrote: > Thank you for your efforts in making routing more secure for the entire > MICE community. > > Could you please clarify which IRR source will be included for filter > generation? We currently rely on RADb instead of ARIN for our IRR records, > and it would be helpful to confirm if this will be used with the new route > servers. > On 2023-05-09 6:19 a.m., Richard Laager wrote: > > [I plan to send this to MICE-ANNOUNCE too, but I want to see if anyone has > corrections.] > > MICE will soon be deploying new route servers which will require IRR > (Internet Routing Registry) records, as is a best practice at IXPs. > > *What* > > - You MUST have an as-set object listing your AS and your downstream > ASes (if any). > - You MUST either list that as-set in PeeringDB or email the name > of your as-set to me (off-list to [log in to unmask] please). > - A route/route6 object MUST exist for each prefix you announce to > the route servers (whether originated by you or transited through you) and > it must list an Origin AS that is in your as-set. > > *When* > > - *If you are a transit AS (i.e. have ASes behind you) and don't have > an as-set object, fix this **now**.* Without an as-set object, your > downstream ASes announcements will be blocked (filtered) immediately when > the *first* new route server is cut in. (Granted, they will still > work through the second route server until it is upgraded.) Figure you have > 1-2 weeks at most. > - Enforcement of the route/route6 objects (for both transit and > non-transit ASes) will come later, but not a lot later. So please, start on > this now. > > *Where* > > If you are not sure *where* to create IRR records, use ARIN (assuming you > are in the ARIN region). > > *How (with ARIN)* > > 1. Login to ARIN Online. (Go to arin.net and click Login in the top > right.) > 2. On the left side, expand "Routing Security" and click "IRR". > 3. Click "as-set" at the top. > 4. Click "Create an Object". > 5. Fill in the fields: > The "AS Set Name" is what you will list in PeeringDB (or email to me). > "Description" is unparsed, but they suggest the location and have a > button to "Copy the Address from My Org ID". > "Members" is where you list your ASN and downstream ASes (if any). > 6. Click "Review". Once ready, click "Submit". > 7. Click "route/route6" at the top. > 8. Click "Create an Object". > 9. Fill in the fields: > "Prefix" is the prefix, e.g. 192.0.2.0/24. > "Origin" is your ASN. > 10. Click "Review". Once ready, click "Submit". > 11. Repeat to create additional route objects until all of your > announcements are covered. Don't forget IPv6! > > *Examples* > > Here is my as-set: https://www.radb.net/query?keywords=AS-WIKTEL > > Here is one example route: > https://www.radb.net/query?keywords=69.89.192.0%2F20 > > (I created the AS33362 one. The AS19905 one is because another AS can > originate this route for DDoS scrubbing reasons.) > > -- > Richard > > > ------------------------------ > > To unsubscribe from the MICE-DISCUSS list, click the following link: > http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1 > > -- > Best regards > August Yang > > ------------------------------ > > To unsubscribe from the MICE-DISCUSS list, click the following link: > http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1 >