Would it be safe to assume that squatting wouldn't happen in the RIR's authenticated IRRs? And that if multiple entries exist among them, that keeping them in sync or free of bad data would be on the individual participant? If so placing the authenticated RIRs above everything else seems a pretty safe bet. Order among them wouldn't really matter.
Personally given that I would love to see us grab the sets from the aut-num object for the participants ASN. Seems like ignoring the routing policy in the aut-num object in favor of PeeringDB or a manual process is only half using the IRR system. (That said I understand that bgpq3 doesn't use the aut-num object.)
Tom Krenn
Network Architect
Enterprise Architecture - Information Technology
-----Original Message-----
From: MICE Discuss <[log in to unmask]> On Behalf Of Chris Wopat
Sent: Thursday, May 11, 2023 10:30 AM
To: [log in to unmask]
Subject: [External] Re: [MICE-DISCUSS] IRR Mandatory at MICE / New Route Servers
CAUTION: This email was sent from outside of Hennepin County. Unless you recognize the sender and know the content, do not click links or open attachments.
Can't folks just specify which IRR in their IRR entry if desired? Ie
ARIN::AS1234
FWIW we only use RADB but are fine if the common IRR's (but not legacy
arin) are used.
Also is there any reason at all to use non-ARIN teritory IRR data? Do any MICE participants have anything in RIPE for example?
--Chris
On 5/11/23 10:01, Jeremy Lumby wrote:
> External
>
> I do not see a need for per participant IRR, I would rather that they
> all just default to your example below.
>
> *From:*MICE Discuss <[log in to unmask]> *On Behalf Of
> *Richard Laager
> *Sent:* Thursday, May 11, 2023 3:58 AM
> *To:* [log in to unmask]
> *Subject:* Re: [MICE-DISCUSS] IRR Mandatory at MICE / New Route
> Servers
>
> On 2023-05-09 14:01, August Yang wrote:
>
> Should I reorder RADB,ARIN to be ARIN,RADB?
>
> Definitely. We have objects registered in all databases feasible to
> prevent AS-SET squatting, which has occurred in the past, while only
> RADB has the actual members listed. Turns out correct prefix list
> can be generated using bgpq4 regardless of the order, so it's better
> to prioritize authenticated sources.
>
> In thinking about this some more... Is IXP Manager's behavior of
> per-participant IRR sources actually useful? In other words, what's
> wrong with just setting everyone to:
> ARIN,RIPE,LACNIC,APNIC,AFRINIC,RADB,LEVEL3?
>
> --
>
> Richard
>
> ----------------------------------------------------------------------
> --
>
> To unsubscribe from the MICE-DISCUSS list, click the following link:
> https://gcc02.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists
> .iphouse.net%2Fcgi-bin%2Fwa%3FSUBED1%3DMICE-DISCUSS%26A%3D1&data=05%7C
> 01%7Ctom.krenn%40HENNEPIN.US%7C2f7c1b8d95af410486a008db5234a38e%7C8aef
> df9f878046bf8fb74c924653a8be%7C0%7C0%7C638194158303151171%7CUnknown%7C
> TWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVC
> I6Mn0%3D%7C3000%7C%7C%7C&sdata=hdjzW0mk8Kd2pgvauE5I0544Xhlox3CaSJ%2FaF
> NQAWWg%3D&reserved=0
> s.iphouse.net%2Fcgi-bin%2Fwa%3FSUBED1%3DMICE-DISCUSS%26A%3D1&data=05%7
> C01%7Ctom.krenn%40HENNEPIN.US%7C2f7c1b8d95af410486a008db5234a38e%7C8ae
> fdf9f878046bf8fb74c924653a8be%7C0%7C0%7C638194158303151171%7CUnknown%7
> CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXV
> CI6Mn0%3D%7C3000%7C%7C%7C&sdata=hdjzW0mk8Kd2pgvauE5I0544Xhlox3CaSJ%2Fa
> FNQAWWg%3D&reserved=0>
>
>
> ----------------------------------------------------------------------
> --
>
> To unsubscribe from the MICE-DISCUSS list, click the following link:
> https://gcc02.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists
> .iphouse.net%2Fcgi-bin%2Fwa%3FSUBED1%3DMICE-DISCUSS%26A%3D1&data=05%7C
> 01%7Ctom.krenn%40HENNEPIN.US%7C2f7c1b8d95af410486a008db5234a38e%7C8aef
> df9f878046bf8fb74c924653a8be%7C0%7C0%7C638194158303151171%7CUnknown%7C
> TWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVC
> I6Mn0%3D%7C3000%7C%7C%7C&sdata=hdjzW0mk8Kd2pgvauE5I0544Xhlox3CaSJ%2FaF
> NQAWWg%3D&reserved=0
> s.iphouse.net%2Fcgi-bin%2Fwa%3FSUBED1%3DMICE-DISCUSS%26A%3D1&data=05%7
> C01%7Ctom.krenn%40HENNEPIN.US%7C2f7c1b8d95af410486a008db5234a38e%7C8ae
> fdf9f878046bf8fb74c924653a8be%7C0%7C0%7C638194158303151171%7CUnknown%7
> CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXV
> CI6Mn0%3D%7C3000%7C%7C%7C&sdata=hdjzW0mk8Kd2pgvauE5I0544Xhlox3CaSJ%2Fa
> FNQAWWg%3D&reserved=0>
>
--
Chris Wopat
Network Engineer, WiscNet
[log in to unmask] 608-210-3965
Disclaimer: If you are not the intended recipient of this message, please immediately notify the sender of the transmission error and then promptly permanently delete this message from your computer system.
