Re: [swinog] IRR and trust

2018-03-11 Diskussionsfäden Manuel Schweizer 
Hey Vincent

Back in 2015 there was a community consultation on the topic and it seems that 
ARIN is finally making progress when it comes to IRR route validation:
You might want to read the announcement made in January 
https://www.arin.net/announcements/2018/20180109.html

Enjoy your weekend!

Cheers,
Manuel

-- 
Manuel Schweizer 
 
cloudscale.ch AG 
Dörflistrasse 67 
CH-8050 Zürich 
 
Fon: +41 44 55 222 55 
Fax: +41 44 55 222 56 
Web: https://www.cloudscale.ch


> On 10 Mar 2018, at 23:06, Vincent Bernat  wrote:
> 
> ❦ 10 mars 2018 23:02 +0100, Vincent Bernat  :
> 
>> I am peering with Atlantic Metro at DE-CIX. Their IRR record is
>> "AS-AMC". I have noticed recently some invalid prefixes:
>> 
>> $ bgpq3 -4 -R 24 -m 24 -A -J -E AS-AMC
>> [...]
>>  route-filter 1.0.0.0/24 exact;
>>  route-filter 1.1.1.0/24 exact;
>> 
>> I didn't check which members of the macro pulled those prefixes (is
>> there an easy way to get where it comes from?) but I thought information
>> from IRR records were veted by RIR. It seems this is not the case. Is it
>> because some RIR don't check anything or just because there is no way to
>> secure such a macro? In this case, what is the best practice when
>> peering with such a transit provider?
> 
> Those two routes are from CloudFlare (just got it by luck):
> 
> http://irrexplorer.nlnog.net/search/AS13335
> 
> So ARIN doesn't check anything?
> -- 
> Don't just echo the code with comments - make every comment count.
>- The Elements of Programming Style (Kernighan & Plauger)
> 
> 
> ___
> swinog mailing list
> swinog@lists.swinog.ch
> http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] IRR and trust

2018-03-11 Diskussionsfäden Job Snijders 
On Sun, Mar 11, 2018 at 11:28:45AM +0100, Arnold Nipper wrote:
> On 11.03.2018 09:54, Vincent Bernat wrote:
> >  ❦ 11 mars 2018 09:49 +0100, Vincent Jardin  :
> > 
> >> Did you try contacting radb.net or the ARIN first? Their answers
> >> would be interesting about it.
> > 
> > As I am not familiar with how things work, I did not. But I have
> > mailed CloudFlare NOC.
> 
> I found Job's presentation "IRR 101" [0] very useful. Absolutely worth
> to dive into.
> 
> [0]
> https://events.dknog.dk/event/1/contributions/20/attachments/9/10/DKNOG8_IRR101_Job_Snijders.pdf

Thanks Arnold for looping me in.

As to the OP's question:

- ARIN IRR does _not_ perform validation at this point in time. The
  only check is whether the prefix is already covered by another
  prefix or not.

- RADB IRR does _not_ perform validation, the only check is whether
  the prefix is already covered by another prefix.

RADB support is quite responsive when you notify them of errors in the
data, more responsive than some of the RIRs even.

ARIN is currently soliciting feedback from the community on what the
future of their IRR service should be. John Curran from ARIN gave a
presentation at NANOG 72.
slides: 
https://pc.nanog.org/static/published/meetings/NANOG72/1618/20180220_Curran_Arin_S_Internet_Routing_v1.pdf
video: https://youtu.be/tsWq_LgNS5s

Kind regards,

Job

ps. ARIN also has a WHOIS database which contains routing information. :-)

pps. ARIN also has an RPKI repository which contains routing information. :-)


___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] IRR and trust

2018-03-11 Diskussionsfäden Arnold Nipper 
On 11.03.2018 09:54, Vincent Bernat wrote:
>  ❦ 11 mars 2018 09:49 +0100, Vincent Jardin  :
> 
>> Did you try contacting radb.net or the ARIN first? Their answers would
>> be interesting about it.
> 
> As I am not familiar with how things work, I did not. But I have mailed
> CloudFlare NOC.
> 

I found Job's presentation "IRR 101" [0] very useful. Absolutely worth
to dive into.


Cheers
Arnold


[0]
https://events.dknog.dk/event/1/contributions/20/attachments/9/10/DKNOG8_IRR101_Job_Snijders.pdf
-- 
Arnold Nipper
email: arn...@nipper.de
mobile: +49 172 2650958



signature.asc
Description: OpenPGP digital signature

___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] IRR and trust

2018-03-11 Diskussionsfäden Vincent Bernat 
 ❦ 11 mars 2018 09:49 +0100, Vincent Jardin  :

> Did you try contacting radb.net or the ARIN first? Their answers would
> be interesting about it.

As I am not familiar with how things work, I did not. But I have mailed
CloudFlare NOC.
-- 
Localise input and output in subroutines.
- The Elements of Programming Style (Kernighan & Plauger)


___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Re: [swinog] IRR and trust

2018-03-11 Diskussionsfäden Vincent Jardin 

Vincent,

Did you try contacting radb.net or the ARIN first? Their answers would be 
interesting about it.


My 2 cents,




___
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog