Re: [swinog] IRR and trust
Hey Vincent Back in 2015 there was a community consultation on the topic and it seems that ARIN is finally making progress when it comes to IRR route validation: You might want to read the announcement made in January https://www.arin.net/announcements/2018/20180109.html Enjoy your weekend! Cheers, Manuel -- Manuel Schweizer cloudscale.ch AG Dörflistrasse 67 CH-8050 Zürich Fon: +41 44 55 222 55 Fax: +41 44 55 222 56 Web: https://www.cloudscale.ch > On 10 Mar 2018, at 23:06, Vincent Bernatwrote: > > ❦ 10 mars 2018 23:02 +0100, Vincent Bernat : > >> I am peering with Atlantic Metro at DE-CIX. Their IRR record is >> "AS-AMC". I have noticed recently some invalid prefixes: >> >> $ bgpq3 -4 -R 24 -m 24 -A -J -E AS-AMC >> [...] >> route-filter 1.0.0.0/24 exact; >> route-filter 1.1.1.0/24 exact; >> >> I didn't check which members of the macro pulled those prefixes (is >> there an easy way to get where it comes from?) but I thought information >> from IRR records were veted by RIR. It seems this is not the case. Is it >> because some RIR don't check anything or just because there is no way to >> secure such a macro? In this case, what is the best practice when >> peering with such a transit provider? > > Those two routes are from CloudFlare (just got it by luck): > > http://irrexplorer.nlnog.net/search/AS13335 > > So ARIN doesn't check anything? > -- > Don't just echo the code with comments - make every comment count. >- The Elements of Programming Style (Kernighan & Plauger) > > > ___ > swinog mailing list > swinog@lists.swinog.ch > http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] IRR and trust
On Sun, Mar 11, 2018 at 11:28:45AM +0100, Arnold Nipper wrote: > On 11.03.2018 09:54, Vincent Bernat wrote: > > ❦ 11 mars 2018 09:49 +0100, Vincent Jardin: > > > >> Did you try contacting radb.net or the ARIN first? Their answers > >> would be interesting about it. > > > > As I am not familiar with how things work, I did not. But I have > > mailed CloudFlare NOC. > > I found Job's presentation "IRR 101" [0] very useful. Absolutely worth > to dive into. > > [0] > https://events.dknog.dk/event/1/contributions/20/attachments/9/10/DKNOG8_IRR101_Job_Snijders.pdf Thanks Arnold for looping me in. As to the OP's question: - ARIN IRR does _not_ perform validation at this point in time. The only check is whether the prefix is already covered by another prefix or not. - RADB IRR does _not_ perform validation, the only check is whether the prefix is already covered by another prefix. RADB support is quite responsive when you notify them of errors in the data, more responsive than some of the RIRs even. ARIN is currently soliciting feedback from the community on what the future of their IRR service should be. John Curran from ARIN gave a presentation at NANOG 72. slides: https://pc.nanog.org/static/published/meetings/NANOG72/1618/20180220_Curran_Arin_S_Internet_Routing_v1.pdf video: https://youtu.be/tsWq_LgNS5s Kind regards, Job ps. ARIN also has a WHOIS database which contains routing information. :-) pps. ARIN also has an RPKI repository which contains routing information. :-) ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] IRR and trust
On 11.03.2018 09:54, Vincent Bernat wrote: > ❦ 11 mars 2018 09:49 +0100, Vincent Jardin: > >> Did you try contacting radb.net or the ARIN first? Their answers would >> be interesting about it. > > As I am not familiar with how things work, I did not. But I have mailed > CloudFlare NOC. > I found Job's presentation "IRR 101" [0] very useful. Absolutely worth to dive into. Cheers Arnold [0] https://events.dknog.dk/event/1/contributions/20/attachments/9/10/DKNOG8_IRR101_Job_Snijders.pdf -- Arnold Nipper email: arn...@nipper.de mobile: +49 172 2650958 signature.asc Description: OpenPGP digital signature ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] IRR and trust
❦ 11 mars 2018 09:49 +0100, Vincent Jardin: > Did you try contacting radb.net or the ARIN first? Their answers would > be interesting about it. As I am not familiar with how things work, I did not. But I have mailed CloudFlare NOC. -- Localise input and output in subroutines. - The Elements of Programming Style (Kernighan & Plauger) ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] IRR and trust
Vincent, Did you try contacting radb.net or the ARIN first? Their answers would be interesting about it. My 2 cents, ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog