On Tue, Jun 2, 2020 at 10:53 AM Douglas Fischer <fischerdoug...@gmail.com> wrote: > > SGVsbG8gZXZlcnlvbmUKClAuUyAuOiBJIGFwb2xvZ2l6ZSwgYnV0IEkgd3JpdGUgZm9yIG11bHRp > cGxlIGVtYWlsIGxpc3RzLCBwcmVjaXNlbHkgYmVjYXVzZQppdCBpcyBhIHRvcGljIHRoYXQgaW50 > ZXJlc3RzIG11bHRpcGxlIHJlZ2lvbnMuClAuUy4yOiBUaGUgb2JqZWN0aXZlIGluIHRoaXMgcHJv > cG9zYWwgaXMgdG8gbWFrZSBmZWFzaWJsZSB0aGUgY3JlYXRpb24gb2YKdmFsaWRhdGlvbiBtZWNo > YW5pc21zIGZvciB0aGUgY3JlYXRpb24gb2YgSVJSIFJvdXRlIC8gUm91dGU2IE9iamVjdHMsCndp > dGhvdXQgcmVxdWlyaW5nIGFueSB0eXBlIG9mIGNoYW5nZSBpbiB0aGUgcHJvdG9jb2xzIGN1cnJl > bnRseSBpbiB1c2UuCkp1c3QgYWRqdXN0aW5nIHRoZSBpbmZvcm1hdGlvbiBhbHJlYWR5IHB1Ymxp > YyBhbmQgYXZhaWxhYmxlLgoKCgpJIGFtIGZyb20gQnJhemlsLCBhbmQgUmVnaXN0cm8uQlIgKE5h > dGlvbmFsIEludGVybmV0IFJlZ2lzdHJ5KSBwcm92aWRlcyBhCmZpbGVbMV0gb2YgZGVsZWdhdGlv > bnMgaW4gYSBmb3JtYXQgc2xpZ2h0bHkgZGlmZmVyZW50IGZyb20gdGhlIG9mZmljaWFsIE5STwpm > b3JtYXQgWzJdLgoKSW4gdGhlIGxpbmsgYmVsb3cgWzFdIGl0IGlzIHBvc3NpYmxlIHRvIHNlZSBh > IGxpc3Qgd2l0aCBhbiB1bmVxdWl2b2NhbAphc3NvY2lhdGlvbiBiZXR3ZWVuIHRoZSBBU04gYW5k > IHRoZSBJUCBibG9jayBkZWxlZ2F0ZWQgdG8gdGhlIG93bmVyLgpbMV0gZnRwOi8vZnRwLnJlZ2lz > dHJvLmJyL3B1Yi9udW1lcmFjYW8vb3JpZ2luL25pY2JyLWFzbi1ibGstbGF0ZXN0LnR4dApOb3Rl > OiBSZWdpc3Ryby5CUiBkZWxlZ2F0aW9ucyBhcmUgYWxzbyBwdWJsaXNoZWQgaW4gdGhlIG9mZmlj > aWFsIE5STwpmb3JtYXQsIGluY2x1ZGVkIGluIExBQ05JQydzIHB1YmxpYyBhcmNoaXZlIFszXSB0 > byB3aGljaCBOSUMuQlIgaXMgbGlua2VkLgoKVGhpcyB1bmVxdWl2b2NhbCBsaW5rIGFsbG93cyB1 > cyBhbiBleHRyYSBsYXllciBvZiB2YWxpZGF0aW9uIHdpdGggcmVzcGVjdAp0byBIaWphY2sgb2Yg > cHJlZml4ZXMsIGFuZCBhbHNvIHRoZSBjcmVhdGlvbiBvZiBJTlZBTElEIFJvdXRlIC8gUm91dGU2 > Cm9iamVjdHMgaW4gSVJSLgoKSW5zcGlyZWQgYnkgdGhpcyBmaWxlIGZvcm1hdFsxXSwgSSBkZWNp > ZGVkIHRvIHRha2UgYSBjbG9zZXIgbG9vayBhdCB0aGUKb2ZmaWNpYWwgTlJPIGZvcm1hdC4KQXMg > ZXhwZWN0ZWQsIEkgd2FzIGFibGUgdG8gZXN0YWJsaXNoIGEgbGluayBiZXR3ZWVuIHRoZSBPd25l > ciBvZiB0aGUgQVNOLAphbmQgdGhlIE93bmVyIG9mIHRoZSBJUHY0IC8gSVB2Ni4gSG93ZXZlciwg > dGhpcyBsaW5rIGlzIE5PVCB1bmFtYmlndW91cy4KClRoZSBhdHRyaWJ1dGUgdGhhdCBtYWtlcyB0 > aGlzIGxpbmsgaXMgT3BhcXVlLUlEIGFuZCBpcyBkZXNjcmliZWQgb24gTlJPCm9maWNpYWwgZm9y > bWF0IGZpbGVbMl0uClRoaXMgYXR0cmlidXRlIHJlZmVycmVkIHRvIGFuIG9yZ2FuaXphdGlvbiB0 > aGF0IGhvbGRzIHNvbWUgdHlwZSBvZgpudW1lcmljYWwgcmVzb3VyY2Ugb24gdGhlIEludGVybmV0 > LgoKSW4gOTAtOTUlIG9mIGNhc2VzLCB0aGUgQVNOIDwtPiBPcGFxdWVJRCA8LT4gSW5ldE51bSBs > aW5rIGlzIGFzc2VydGl2ZS4KSG93ZXZlciwgdGhlcmUgYXJlIGNhc2VzIGluIHdoaWNoIHRoaXMg > YXNzb2NpYXRpb24gaXMgbm90IHN1ZmZpY2llbnQgdG8gYmUKYXNzZXJ0aXZlLgoKQSkgRGVsZWdh > dGlvbnMgb2YgSVB2NCBhbmQgLyBvciBJUHY2IGJsb2NrcyB0byBlbmQgdXNlcnMgd2l0aG91dCB0 > aGUKZGVsZWdhdGlvbiBvZiBhbiBBU04gdG8gdGhhdCBpbnN0aXR1dGlvbi4KIC0gVGhlc2UgY2Fz > ZXMgZG8gbm90IGFsbG93IGFuIGFzc2VydGl2ZSBsaW5rIGJldHdlZW4gQVNOIGFuZCBJUHY0IC8g > SVB2NiwKc28gdGhleSBBUkUgTk9UIFRIRSBGT0NVUyBvZiBteSBhbmFseXNpcy4KCkIpIE9yZ2Fu > aXphdGlvbnMgdGhhdCBvd24gbXVsdGlwbGUgc2V0cyBvZiBBU04gPC0+IEluZXROdW0uCiBCLjEg > LSBUaGUgY2F1c2UgdGhhdCBJIGJlbGlldmUgdG8gYmUgdGhlIG1vc3QgY29tbW9uIGZvciB0aGlz > IGlzIG1lcmdlcnMKYW5kIGFjcXVpc2l0aW9ucyBvZiBvcmdhbml6YXRpb25zLCB3aGVyZSBkZXNw > aXRlIHRoYXQgT3BhcXVlSUQgcmVmZXJyaW5nIHRvCnRoZSBzYW1lIG9yZ2FuaXphdGlvbiAoQ05Q > SiAvIEVJTiAvIFJVQyAvIEZpc2NhbCBOdW1iZXIpLCB0aGUgQVNOIHNldHMgPC0gPgpJbmV0TnVt > IGFyZSBmcm9tIGRpZmZlcmVudCBTZXJ2aWNlIFByb3ZpZGVycyAoc29tZXRpbWVzIGV2ZW4gaW4K > Z2VvZ3JhcGhpY2FsbHkgZGlmZmVyZW50IHJlZ2lvbnMpLgogQi4yIC0gQnV0IHRoZXJlIGFyZSBv > dGhlciBleGFtcGxlcyBvZiB0aGlzLCBzdWNoIGFzIHRoZSBuZWVkIGZvciBzcGVjaWZpYwpzZWdt > ZW50YXRpb24gb2YgbmV0d29ya3Mgd2l0aGluIHRoZSBzYW1lIG9yZ2FuaXphdGlvbi4KCkJ5IGNv > bnN1bHRpbmcgaW4gdGhlIFdob2lzIGRhdGFiYXNlcyBzb21lIG9mIHRoZXNlIEFTTnMsIGl0IGlz > IHBvc3NpYmxlIHRvCnZlcmlmeSB0aGF0IHRoZSBsaW5raW5nIGluZm9ybWF0aW9uIGJldHdlZW4g > QXV0bnVtIDwtPiBJbmV0bnVtIGV4aXN0cwp3aXRoaW4gdGhlIHdob2lzIGRhdGFiYXNlcy4KCmZp > c2NoZXItbWFjLTM6IH4gZmlzY2hlcmRvdWdsYXMgJCB3aG9pcyAtaCB3aG9pcy5sYWNuaWMubmV0 > IEFTMjgwMDAgfCBncmVwCm51bToKYXV0LW51bTogQVMyODAwMAppbmV0bnVtOiAxNzkuMC4xNTYg > LyAyMgppbmV0bnVtOiAyMDAuNy44NCAvIDIzCmluZXRudW06IDIwMDE6IDEzYzc6IDcwMDEgOjog > LyA0OAoKClRoZSBzdWdnZXN0aW9uIGl0c2VsZjoKLS0tLS0tLS0tLS0tLS0tLS0tLS0tCkluIHRo > ZSBvZmZpY2lhbCBmb3JtYXQgb2YgdGhlIE5STyBbMl0sIHRoZSAiRXh0ZW5zaW9ucyIgY29sdW1u > IHByb3ZpZGVzIGZvcgp0aGUgYWRkaXRpb24gb2YgZGF0YSB0aGF0IHdhcyBub3QgeWV0IGZvcmVz > ZWVuLgpJbiB0aGlzIGNvbHVtbiwgaW4gdGhlIElQdjQgYW5kIElQdjYgcmVzb3VyY2UgbGluZXMs > IGlmIHRoYXQgYmxvY2sgaXMKYXNzb2NpYXRlZCB3aXRoIGFueSBBU04sIGFkZCB0aGUgQVNOIHRv > IHdoaWNoIHRoYXQgYmxvY2sgaXMgYXNzb2NpYXRlZC4KCgoKVGhlIHF1ZXN0aW9uczoKLS0tLS0t > LS0tLS0tLQogLSBBbnkgY29uc2lkZXJhdGlvbiBhYm91dCB0aGF0PwogLSBXaGF0IGlzIHRoZSBw > YXRoIHRvIHJlYWNoIHRoZSByaWdodCBwZXJzb25zIHRvIG1ha2UgYSBvZmZpY2lhbCBwcm9wb3Nh > bD8KCgpQLlMuMzoKWWVzLCBJIGtub3cgdGhhdCB3ZSBoYXZlIGVudGVyZWQgdGhlIGVyYSBvZiBS > UEtJLgpZZXMsIEkga25vdyB0aGF0IHByb2JhYmx5IGluIDUtNiB5ZWFycyB3ZSB3aWxsIGhhdmUg > YW5vdGhlciA5MCUgb2YgREZaIGFzClZBTElELgpCdXQgSSBiZWxpZXZlIHRoYXQgc3VjaCBhbiBh > Y3Rpb24gd291bGQgcmVxdWlyZSBtaW5pbWFsIGVmZm9ydCwgYW1wbGUKcmVzdWx0LCBhbmQgd291 > bGQgYWxzbyBzZXJ2ZSBhcyBhbiBpbmNlbnRpdmUgZm9yIHRoZSBkaXZlcnNpZnlpbmcgT3duZXIg > b2YKSVAgYmxvY2tzIHRvIG1vdmUgYW5kIGNyZWF0ZSB0aGVpciBST0FzLgoKCgpFeGFtcGxlcyBv > ZiBvcmdhbml6YXRpb25zIHdpdGggbXVsdGlwbGUgc2V0cyBvZiBBdXROdW08LT5JbmV0TnVtOgpC > LjEuYQogICJURUxFRsOUTklDQSBCUkFTSUwgUy5BIiB3aXRoIDkgQVNOcwogIDEwNDI5LCAxMTQx > OSwgMTY4ODUsIDE2OTExLCAxODg4MSwgMTkxODIsIDIyMDkyLCAyNjU5OSwgMjc2OTkuCkIuMS5i > CiAgIlRlbGVjb20gQXJnZW50aW5hIFMuQS4iIHdpdGggMTEgQVNOcwogIDczMDMsIDc5MzQsIDEw > MzE4LCAxMDQ4MSwgMTA4OTUsIDEwOTgzLCAxMTM1NiwgMTIyNjQsIDIxNTkwLCAyNjYwOCwgMjc4 > NzEuCkIuMi5hCiAgIk7DumNsZW8gZGUgSW5mLiBFIENvb3JkLiBEbyBQb250byBCUiAtIE5JQy5C > UiIgd2l0aCAxNiBBU05zCiAgMTA5MDYsIDExMjg0LCAxMTQzMSwgMTE2NDQsIDExNzUyLCAxMjEz > NiwgMTM4NzQsIDE0MDI2LCAxNDY1MCwgMjAxMjEsCjIyNTQ4LCAyNjE2MiwgMjYzMDQ0LCAyODM0 > NSwgNTMwMzUsIDYxNTgwLgpCLjIuYgogICJMQUNOSUMgLSBMYXRpbiBBbWVyaWNhbiBhbmQgQ2Fy > aWJiZWFuIElQIGFkZHJlc3MiIHdpdGggNyBBU05zLgogIDI4MDAwLCAyODAwMSwgMjgwMDIsIDI4 > MTE5LCA1MjIyNCwgMjY0ODQ1LCAyNjQ4NDYKCgoKWzJdIGh0dHBzOi8vd3d3Lm5yby5uZXQvd3At > Y29udGVudC91cGxvYWRzL25yby1leHRlbmRlZC1zdGF0cy1yZWFkbWU1LnR4dApbM10gZnRwOi8v > ZnRwLmxhY25pYy5uZXQvcHViL3N0YXRzL2xhY25pYy9kZWxlZ2F0ZWQtbGFjbmljLWV4dGVuZGVk > LWxhdGVzdAoKLS0gCkRvdWdsYXMgRmVybmFuZG8gRmlzY2hlcgpFbmfCuiBkZSBDb250cm9sZSBl > IEF1dG9tYcOnw6NvCi0tCmd0ZXIgbGlzdCAgICBodHRwczovL2VuZy5yZWdpc3Ryby5ici9tYWls > bWFuL2xpc3RpbmZvL2d0ZXIK > > > Hello everyone > > P.S .: I apologize, but I write for multiple email lists, precisely because > it is a topic that interests multiple regions. > P.S.2: The objective in this proposal is to make feasible the creation of > validation mechanisms for the creation of IRR Route / Route6 Objects, > without requiring any type of change in the protocols currently in use. > Just adjusting the information already public and available. > > > > I am from Brazil, and Registro.BR (National Internet Registry) provides a > file[1] of delegations in a format slightly different from the official NRO > format [2]. > > In the link below [1] it is possible to see a list with an unequivocal > association between the ASN and the IP block delegated to the owner. > [1] ftp://ftp.registro.br/pub/numeracao/origin/nicbr-asn-blk-latest.txt > Note: Registro.BR delegations are also published in the official NRO > format, included in LACNIC's public archive [3] to which NIC.BR is linked. > > This unequivocal link allows us an extra layer of validation with respect > to Hijack of prefixes, and also the creation of INVALID Route / Route6 > objects in IRR. > > Inspired by this file format[1], I decided to take a closer look at the > official NRO format. > As expected, I was able to establish a link between the Owner of the ASN, > and the Owner of the IPv4 / IPv6. However, this link is NOT unambiguous. > > The attribute that makes this link is Opaque-ID and is described on NRO > oficial format file[2]. > This attribute referred to an organization that holds some type of > numerical resource on the Internet. > > In 90-95% of cases, the ASN OpaqueID InetNum link is assertive. > However, there are cases in which this association is not sufficient to be > assertive. > > A) Delegations of IPv4 and / or IPv6 blocks to end users without the > delegation of an ASN to that institution. > - These cases do not allow an assertive link between ASN and IPv4 / IPv6, > so they ARE NOT THE FOCUS of my analysis. > > B) Organizations that own multiple sets of ASN InetNum. > B.1 - The cause that I believe to be the most common for this is mergers > and acquisitions of organizations, where despite that OpaqueID referring to > the same organization (CNPJ / EIN / RUC / Fiscal Number), the ASN sets > InetNum are from different Service Providers (sometimes even in > geographically different regions). > B.2 - But there are other examples of this, such as the need for specific > segmentation of networks within the same organization. > > By consulting in the Whois databases some of these ASNs, it is possible to > verify that the linking information between Autnum Inetnum exists > within the whois databases. > > fischer-mac-3: ~ fischerdouglas $ whois -h whois.lacnic.net AS28000 | grep > num: > aut-num: AS28000 > inetnum: 179.0.156 / 22 > inetnum: 200.7.84 / 23 > inetnum: 2001: 13c7: 7001 :: / 48 > > > The suggestion itself: > --------------------- > In the official format of the NRO [2], the "Extensions" column provides for > the addition of data that was not yet foreseen. > In this column, in the IPv4 and IPv6 resource lines, if that block is > associated with any ASN, add the ASN to which that block is associated. > > > > The questions: > ------------- > - Any consideration about that? > - What is the path to reach the right persons to make a official proposal? > > > P.S.3: > Yes, I know that we have entered the era of RPKI. > Yes, I know that probably in 5-6 years we will have another 90% of DFZ as > VALID. > But I believe that such an action would require minimal effort, ample > result, and would also serve as an incentive for the diversifying Owner of > IP blocks to move and create their ROAs. > > > > Examples of organizations with multiple sets of AutNumInetNum: > B.1.a > "TELEFÔNICA BRASIL S.A" with 9 ASNs > 10429, 11419, 16885, 16911, 18881, 19182, 22092, 26599, 27699. > B.1.b > "Telecom Argentina S.A." with 11 ASNs > 7303, 7934, 10318, 10481, 10895, 10983, 11356, 12264, 21590, 26608, 27871. > B.2.a > "Núcleo de Inf. E Coord. Do Ponto BR - NIC.BR" with 16 ASNs > 10906, 11284, 11431, 11644, 11752, 12136, 13874, 14026, 14650, 20121, > 22548, 26162, 263044, 28345, 53035, 61580. > B.2.b > "LACNIC - Latin American and Caribbean IP address" with 7 ASNs. > 28000, 28001, 28002, 28119, 52224, 264845, 264846 > > > > [2] https://www.nro.net/wp-content/uploads/nro-extended-stats-readme5.txt > [3] ftp://ftp.lacnic.net/pub/stats/lacnic/delegated-lacnic-extended-latest > > -- > Douglas Fernando Fischer > Engº de Controle e Automação > -- > gter list https://eng.registro.br/mailman/listinfo/gter
-- William Herrin b...@herrin.us https://bill.herrin.us/