Hello! You could check awesome project for this purposes: http://www.stableit.ru/2015/06/generate-bgp-filters-with-bgpq3.html It's authored by Russian carrier RETN.net.
On Thu, Feb 4, 2016 at 2:58 PM, Henrik Thostrup Jensen <h...@nordu.net> wrote: > Hi Martin > > On Thu, 4 Feb 2016, Martin T wrote: > >> am I correct that ISPs (in RIPE region), who update their BGP prefix >> filters automatically, ask their IP transit customer or peering >> partner to provide their "route"/"route6" object(s) or "as-set" object >> in order to find all the prefixes which they should accept? > > > This is a common practice to do. Both within and outside the RIPE region. > For bigger networks, prefix lists become somewhat unwieldy, and one can then > use as-path filters instead. Use a prefix limit with this. > > Typically you use a tool (bgpq3) to generate the prefix lists. > >> If the IP transit customer or peering partner provides an "as-set", then >> ISP needs to ensure that this "as-set" belongs to this IP transit customer >> or peering partner because there is no automatic authentication for this, >> i.e. anybody can create an "as-set" object to database with random "members" >> attributes? > > > I don't know the procedure for creating as-sets, maybe someone else can chip > in. > >> This is opposite to "route"/"route6" objects which follow a strict >> authentication scheme. > > > I believe this differs depending on the irrd software/operator. > >> In addition, in case of "as-set", an ISP needs to recursively find all the >> AS numbers from "members" attributes because "as-set" can include other >> "as-sets"? > > > Some irrd servers, can expand this automatically (I think). But seriously, > use a tool for this. > >> Quite a lot of question, but I would simply like to be sure that I >> understand this correctly. > > > There are basically two abstractions: > > 1. as-set. Can contain other as-sets or as numbers. > 2. prefixes are registered to an as-number. > > Remember that there are multiple IRR servers, and they mirror each other. > > Use http://irrexplorer.nlnog.net/ to play around a bit :-). > > > Best regards, Henrik > > Henrik Thostrup Jensen <htj at nordu.net> > Software Developer, NORDUnet > > -- Sincerely yours, Pavel Odintsov