[routing-wg] Analysis tool for RIPE Proposal 2018-06
- Previous message (by thread): [routing-wg] Analysis tool for RIPE Proposal 2018-06
- Next message (by thread): [routing-wg] Analysis tool for RIPE Proposal 2018-06
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Jay Borkenhagen
jayb at braeburn.org
Wed Mar 6 15:55:29 CET 2019
Hi, I support this clean-up of RIPE-NONAUTH IRR using information published in the RPKI. AT&T has been allocated 99.112.0.0/12, and we have not sub-allocated 99.122.224.0/21 to Akamai, CW-EUROPE-GSOC, AS1273, or anyone. Folks are encouraged to use the ROA we have published for 99.112.0.0/12 authorizing origination in our as7018 in all ways that make sense, including removing bogus / obsolete route objects from the IRR. Thanks! Jay B. On 06-March-2019, Job Snijders writes: > Dear all, > > I wrote a small tool to help understand the effects if RIPE Policy > Proposal 2018-06 is accepted by the community. This is the "Let's use > RPKI ROAs to clean up the non-authoritative RIPE-NONAUTH IRR > source!"-proposal (source: https://www.ripe.net/participate/policies/proposals/2018-06). > The tool can also be used by RIPE NCC staff to validate their > implementation or help their impact analysis. > > Quick reminder: this proposal does *not* impact any RIPE Managed space, > this does *not* impact IP space for which no RPKI ROAs have or can be > created, and it does *not* impact route objects where the route object > and the RPKI ROA are match each other. > > Currently there are 793 IRR "route:" objects and 17 "route6:" objects > that conflict with published RPKI ROAs. Out of those ~ 800, roughly 33 > prefixes are visible in the BGP DFZ as exact matches between what is > registered in RIPE-NONAUTH and in BGP (note: this means these 33 > announcements are "RPKI Invalid", and the likes of Cloudflare / AT&T > probably aren't accepting those announcements anyway)... > > You can install the tool through 'pip3 install ripe-proposal-2018-06', or > download the source from https://github.com/job/ripe-proposal-2018-06 > > Usage example: > > $ ripe-proposal-2018-06 -a 7018 > Downloading https://rpki.gin.ntt.net/api/export.json > Downloading https://ftp.ripe.net/ripe/dbase/split/ripe-nonauth.db.route.gz > > INVALID! The 99.122.224.0/21AS1273 RIPE-NONAUTH route object has conflicts: > > route: 99.122.224.0/21 > descr: route for customer Akamai International > origin: AS1273 > created: 2008-09-08T14:40:49Z > last-modified: 2018-09-04T15:54:45Z > source: RIPE-NONAUTH > mnt-by: CW-EUROPE-GSOC > > Above non-authoritative IRR object is in conflict with this ROA: > ROA: 99.112.0.0/12, MaxLength: 12, Origin AS7018 (ARIN) > > Note that AT&T has no method of getting this erroneous "route:" object > removed, other than to beg & plead with maintainer 'CW-EUROPE-GSOC'. > > We're working on an updated version of RIPE Policy Proposal 2018-06 to > incorporate feedback from the community, such as an attempt to send > notifications and a grace period before the object is actually removed. > > All in all it appears that if this policy proposal is deployed *now*, > the operational impact is virtually non-existent; and after deploying > this the global community has an industry-standard way to get rid of > stale proxy route registrations. With every published ROA the > "RIPE-NONAUTH" source becomes cleaner! > > Kind regards, > > Job
- Previous message (by thread): [routing-wg] Analysis tool for RIPE Proposal 2018-06
- Next message (by thread): [routing-wg] Analysis tool for RIPE Proposal 2018-06
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]