Send ARIN-consult mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.arin.net/mailman/listinfo/arin-consult
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of ARIN-consult digest..."
Today's Topics:
1. RPKI/IRR Consultation Reminder and Update (ARIN)
----------------------------------------------------------------------
Message: 1
Date: Fri, 25 Aug 2023 13:31:35 -0400
From: ARIN <[email protected]>
To: <[email protected]>
Subject: [ARIN-consult] RPKI/IRR Consultation Reminder and Update
Message-ID: <[email protected]>
Content-Type: text/plain; charset="UTF-8"
ARIN would like to remind the community about the ongoing consultation on
possible new features in ARIN Online that will provide tighter integration of
ARIN?s Resource Public Key Infrastructure (RPKI) and Internet Routing Registry
(IRR) routing security services. This consultation is slated to close on
Sunday, 10 September, so be sure to submit your comments to the arin-consult
mailing list before then. Read the full text of the consultation at:
https://www.arin.net/participate/community/acsp/consultations/2023/2023-4/
As of 24 August, we have received a range of opinions on how best to proceed.
As a result of the feedback received so far, we are planning to develop the
following features:
- A per-OrgID setting entitled ? Automatic IRR Route Object Maintenance for
RPKI ROAs?. This setting will be ?on? by default when we add it to all OrgIDs,
but customers can readily turn it off
- On the Routing Security Dashboard, there will be a checkbox entitled
?Automatic IRR Route Object Maintenance? which is where an Org can opt-out of
the default IRR route automation
- At the Org ID level, there will be an option for a one-time ?catch up? that
will automatically create Route Objects for each ROA in question. This one time
?catch up? will also result in existing Route Objects being automatically
maintained.
We are also planning to make the following changes to RPKI and IRR
functionality:
- Upon creation or removal of a ROA with the default automation attribute set
to on, we will make the appropriate change to corresponding IRR Route Object(s)
- When a Route Object is automatically generated by ROA creation, its existence
is dependent on the ROA; however, the customer will maintain the ability to
delete or modify the Route Object and not impact the state of its corresponding
ROA
Regarding the question of the appropriate number of Route Objects that should
be created based on the ROA prefix and max length configuration, ARIN plans to
provide an additional checkpoint that will require a user to positively
select the option to apply a maxLength value, only after being presented with
information about the RFC 9319 best practice recommendation to limit the use of
maxLength in ROAs, and the exposure to a potential forced origin sub-prefix
hijack with a liberal use of maxLength. If an organization has automatic IRR
generation turned on, and a maxLength is set on a ROA, ARIN will generate the
IRR Route Object with the least specific match based on the prefix(s) in the
triggering ROA.
There has been strong and consistent feedback against automatically creating
managed IRR Route Objects for all validated ROAs in the Hosted RPKI repository
that do not have matching IRR Route Objects, so we will not force this action.
No IRR objects will be created without the customers' expressed permission.
There is still time to share your thoughts on this important consultation on
pending features and functionality that will integrate ARIN?s routing security
services. We would appreciate your feedback on the changes proposed above.
Please provide your comments to [email protected].
You can subscribe to this mailing list at:
http://lists.arin.net/mailman/listinfo/arin-consult.
We look forward to your feedback on this important topic.
Regards,
John Curran
President and CEO
American Registry for Internet Numbers (ARIN)
------------------------------
Subject: Digest Footer
_______________________________________________
ARIN-consult mailing list
[email protected]
https://lists.arin.net/mailman/listinfo/arin-consult
------------------------------
End of ARIN-consult Digest, Vol 99, Issue 5
*******************************************
