Hi, See my reply below.
On Thu, Nov 10, 2022 at 4:32 PM Arnold Nipper <[email protected]> wrote: > > On 10.11.2022 15:31, Netmaster (exAS286) wrote: > > Arnold Nipper wrote on Thursday, November 10, 2022 2:14 PM: > > > >> Isn't there only a limited number of "trusted" IRRs? Hence, moving > >> to ASx:AS-SET would be a huge step forward. > > > > Would you trust e.g. RADB and/or NTTCOM? If not, you likely miss quite > > some information. If you do ... who's the one owning AS517 in NTTCOM, > > and who's the one owning it in RIPE? [SCNR using AS517 for that ...] > > > > Hmmm ... isn't this information [0] trustworthy anymore? > > > Arnold, and please give me back *my* ASN :D > > [0] https://www.irr.net/docs/list.html That list still contains open registries like ALTDB and RADB. One of my upstreams added a route object in RADB without my consent. (It was identical to one in the RIPE DB that I created so not a huge issue in this case) In my opinion, at this point, when all RIRs have their own authoritative IRR databases requiring authorization*, we should only really consider those** as authoritative. I see very limited purpose for any other IRR DB. Sure there are still plenty of objects in those other IRRs but those objects should probably be migrated over to the relevant RIR managed IRRs. Slightly off-topic maybe but I will also say that personally I see IRR and especially as-sets/route-sets as a lost cause and I'm not sure if it is worth trying to fix it. To me it seems like a much better idea to just spend our effort on putting in the features in RPKI to make it so it can replace IRR entirely. As others have pointed out, it could very well take a very long time to get widespread support for a feature like this. These tweets[1] from Ben Cox who many of you might know really highlights another issue with recursive as-sets. (Essentially, there are as-sets that are recursively so big as to include more AS's than exist in the DFZ. To me feels like you might as well just ignore the filter entirely and just always accept in such a case.) * = I'm not 100% certain if LACNIC's IRR DB requires authorization but I hope it does. ** = Possibly also NIRs if they run their own IRR DBs that make sure that only the orgs holding the resources can create objects for them. [1]: https://twitter.com/Benjojo12/status/1578417574790205441 -Cynthia -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/routing-wg
