This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/routing-wg@ripe.net/
[routing-wg] Analysis tool for RIPE Proposal 2018-06
- Previous message (by thread): [routing-wg] Weekly Routing Table Report
- Next message (by thread): [routing-wg] Analysis tool for RIPE Proposal 2018-06
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Job Snijders
job at ntt.net
Wed Mar 6 13:51:25 CET 2019
Dear all, I wrote a small tool to help understand the effects if RIPE Policy Proposal 2018-06 is accepted by the community. This is the "Let's use RPKI ROAs to clean up the non-authoritative RIPE-NONAUTH IRR source!"-proposal (source: https://www.ripe.net/participate/policies/proposals/2018-06). The tool can also be used by RIPE NCC staff to validate their implementation or help their impact analysis. Quick reminder: this proposal does *not* impact any RIPE Managed space, this does *not* impact IP space for which no RPKI ROAs have or can be created, and it does *not* impact route objects where the route object and the RPKI ROA are match each other. Currently there are 793 IRR "route:" objects and 17 "route6:" objects that conflict with published RPKI ROAs. Out of those ~ 800, roughly 33 prefixes are visible in the BGP DFZ as exact matches between what is registered in RIPE-NONAUTH and in BGP (note: this means these 33 announcements are "RPKI Invalid", and the likes of Cloudflare / AT&T probably aren't accepting those announcements anyway)... You can install the tool through 'pip3 install ripe-proposal-2018-06', or download the source from https://github.com/job/ripe-proposal-2018-06 Usage example: $ ripe-proposal-2018-06 -a 7018 Downloading https://rpki.gin.ntt.net/api/export.json Downloading https://ftp.ripe.net/ripe/dbase/split/ripe-nonauth.db.route.gz INVALID! The 99.122.224.0/21AS1273 RIPE-NONAUTH route object has conflicts: route: 99.122.224.0/21 descr: route for customer Akamai International origin: AS1273 created: 2008-09-08T14:40:49Z last-modified: 2018-09-04T15:54:45Z source: RIPE-NONAUTH mnt-by: CW-EUROPE-GSOC Above non-authoritative IRR object is in conflict with this ROA: ROA: 99.112.0.0/12, MaxLength: 12, Origin AS7018 (ARIN) Note that AT&T has no method of getting this erroneous "route:" object removed, other than to beg & plead with maintainer 'CW-EUROPE-GSOC'. We're working on an updated version of RIPE Policy Proposal 2018-06 to incorporate feedback from the community, such as an attempt to send notifications and a grace period before the object is actually removed. All in all it appears that if this policy proposal is deployed *now*, the operational impact is virtually non-existent; and after deploying this the global community has an industry-standard way to get rid of stale proxy route registrations. With every published ROA the "RIPE-NONAUTH" source becomes cleaner! Kind regards, Job
- Previous message (by thread): [routing-wg] Weekly Routing Table Report
- Next message (by thread): [routing-wg] Analysis tool for RIPE Proposal 2018-06
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]