RIPE NCC IRR Database Non-Authoritative Route Object Clean-up
This policy proposal has been accepted and has been implemented
The new RIPE Document is: ripe-731
You're looking at an older version: 1
The current (published) version is 3- State:
- Accepted
- Publication date
- Draft document
- RIPE NCC IRR Database Non-Authoritative Route Object Clean-up
- Authors
- Proposal Version
- 3.0 - 22 Jul 2019
- All Versions
-
- Accepted
- 05 Nov 2019
- Implemented
- 06 Jan 2020
- Working Group
- Routing Working Group
- Proposal type
-
- New
- Policy term
- Indefinite
- New RIPE Document
Summary of Proposal
The goal of this proposal is to change the business rules for the RIPE Internet Routing Registry (IRR) database to allow for a better hierarchy and to document this. This will give the resource holder the ability to update / fix their intention regarding which AS will announce their resources.
Using this update, the various tools will produce a much cleaner filter set with a high level of trust in the actual resource holder’s intent on the routing of their resources.
Only non-RIPE resources in the RIPE Database will be affected by this policy.
Policy Text
New policy text
1.0 Introduction
Routing information can be found within the authoritative RIPE Internet Routing Registry (IRR), the RPKI ROA database, and the non-authoritative RIPE IRR. Incorrect routing information can be problematic for Internet operations, specifically in context of the non-authoritative RIPE IRR, as the holder of a resource might have never consented to the creation of RIPE-NONAUTH route/route6 objects.
2.0 Policy Text
If a non-authoritative object stored in the RIPE IRR conflicts with an RPKI ROA issued by one of the five RIRs, then the IRR object must be deleted by the RIPE NCC.
3.0 Attribution
This document is developed by the RIPE community.
Rationale
a. Arguments supporting the proposal
Presently routing registry data can be found within both the RIPE IRR and the RPKI ROA database. To-date, there has been no way to ensure consistency or allow clean-up between the two data sources.
This proposal will allow a cleaner and consistent method of creating and updating IRR data for the usage of filtering by using the authoritative nature of RPKI ROAs.
Over time, lots of information has been stored in the various IRRs and little to no clean-up has been done, resulting in a blurred view of the prefixes that have been authorised by a resource holder. Due to the way authorisation (or lack of authorisation) is currently set up, there is room for abuse in the RIPE Database, by creating out-of-region inetnums and out-of-region ASN’s without the consent of the resource holder.
Resource holders can reliably establish their intent by using RPKI ROAs if this proposal is implemented.
No attempt is made to modify non-RIPE IRRs, except where the non-RIPE IRR is using replicated RIPE data.
RIPE members need only update one database (i.e. RPKI ROAs) to have both the legacy-IRR database and the going-forward RPKI database fully updated and synchronised.
RIPE-managed resources that are already properly authorised will not be affected by this procedure.
b. Arguments opposing the proposal
none