[routing-wg] Analysis tool for RIPE Proposal 2018-06
- Next message (by thread): [routing-wg] Weekly Routing Table Report
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Carlos Friaças
cfriacas at fccn.pt
Mon Apr 1 22:30:09 CEST 2019
Hi, I support 2018-06. This cleanup is a very good idea! (this proposal is originally from Oct'2018) Is there any special reason to be "stuck"? Best Regards, Carlos On Wed, 6 Mar 2019, Jay Borkenhagen wrote: > Hi, > > I support this clean-up of RIPE-NONAUTH IRR using information > published in the RPKI. > > AT&T has been allocated 99.112.0.0/12, and we have not sub-allocated > 99.122.224.0/21 to Akamai, CW-EUROPE-GSOC, AS1273, or anyone. Folks > are encouraged to use the ROA we have published for 99.112.0.0/12 > authorizing origination in our as7018 in all ways that make sense, > including removing bogus / obsolete route objects from the IRR. > > Thanks! > > Jay B. > > > On 06-March-2019, Job Snijders writes: > > Dear all, > > > > I wrote a small tool to help understand the effects if RIPE Policy > > Proposal 2018-06 is accepted by the community. This is the "Let's use > > RPKI ROAs to clean up the non-authoritative RIPE-NONAUTH IRR > > source!"-proposal (source: https://www.ripe.net/participate/policies/proposals/2018-06). > > The tool can also be used by RIPE NCC staff to validate their > > implementation or help their impact analysis. > > > > Quick reminder: this proposal does *not* impact any RIPE Managed space, > > this does *not* impact IP space for which no RPKI ROAs have or can be > > created, and it does *not* impact route objects where the route object > > and the RPKI ROA are match each other. > > > > Currently there are 793 IRR "route:" objects and 17 "route6:" objects > > that conflict with published RPKI ROAs. Out of those ~ 800, roughly 33 > > prefixes are visible in the BGP DFZ as exact matches between what is > > registered in RIPE-NONAUTH and in BGP (note: this means these 33 > > announcements are "RPKI Invalid", and the likes of Cloudflare / AT&T > > probably aren't accepting those announcements anyway)... > > > > You can install the tool through 'pip3 install ripe-proposal-2018-06', or > > download the source from https://github.com/job/ripe-proposal-2018-06 > > > > Usage example: > > > > $ ripe-proposal-2018-06 -a 7018 > > Downloading https://rpki.gin.ntt.net/api/export.json > > Downloading https://ftp.ripe.net/ripe/dbase/split/ripe-nonauth.db.route.gz > > > > INVALID! The 99.122.224.0/21AS1273 RIPE-NONAUTH route object has conflicts: > > > > route: 99.122.224.0/21 > > descr: route for customer Akamai International > > origin: AS1273 > > created: 2008-09-08T14:40:49Z > > last-modified: 2018-09-04T15:54:45Z > > source: RIPE-NONAUTH > > mnt-by: CW-EUROPE-GSOC > > > > Above non-authoritative IRR object is in conflict with this ROA: > > ROA: 99.112.0.0/12, MaxLength: 12, Origin AS7018 (ARIN) > > > > Note that AT&T has no method of getting this erroneous "route:" object > > removed, other than to beg & plead with maintainer 'CW-EUROPE-GSOC'. > > > > We're working on an updated version of RIPE Policy Proposal 2018-06 to > > incorporate feedback from the community, such as an attempt to send > > notifications and a grace period before the object is actually removed. > > > > All in all it appears that if this policy proposal is deployed *now*, > > the operational impact is virtually non-existent; and after deploying > > this the global community has an industry-standard way to get rid of > > stale proxy route registrations. With every published ROA the > > "RIPE-NONAUTH" source becomes cleaner! > > > > Kind regards, > > > > Job >
- Next message (by thread): [routing-wg] Weekly Routing Table Report
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]