[afnog] RIPE WHOIS & IRR Database for Out-Of-Region Resources

Andy Davidson andy at nosignal.org
Wed Aug 8 08:04:58 UTC 2018 

On Thu, Aug 02, 2018 at 09:33:14AM +0400, Daniel Shaw wrote:
> > I know that there are also some global operators that are querying the 
> > AFRINIC IRR database for filter generation.
> And therefore, operators can also (and often do) query the records via 
> RADB. For example:
> % whois -h whois.radb.net 2001:42d0:0:200::6
[...]
> And this also means the tools like 'bgpq3' will "just find" the data by 
> default, for example:
> % bgpq3 -6 -b as-afrinic

bgpq3 is a good utility for building prefix lists from the IRR sources.  I 
myself use bgpq3 to build prefix filters for Asteroid IXPs and use the RADB 
database to query it.  RADB does server-side expansion of as-sets which 
makes the queries nice and fast, and thanks to the mirroring it is a single 
resource which can be queried for global results.

However, the default command line as per above caused me to add some IRR 
sources which contained some 'junk' data allowing misconfigured 
announcements to reach the exchange route-servers.  I added the field:

-S RIPE,APNIC,AFRINIC,ARIN,JPIRR,NTTCOM,RADB,ALTDB,BELL,LEVEL3,RGNET,TC

.. after some experimentation to exclude those sources which seems to have 
improved things significantly.

I still do not like that we have imported non RIR originated databases to 
our queries as I want there to be a link through from prefix assignment, to 
prefix holder, to announcement that I can verify.  Hence whilst I ask 
operators to please register their announced prefixes in Afrinic's database, 
please also create RPKI ROAs for your prefixes.  We are testing methodology 
to accept/reject prefixes based on ROAs when RPKI hints exist in addition to 
generating prefix-lists from IRR.  I hope to have some conversations about 
how this is going at AfPIF next week.

Kind wishes,
Andy

 
-- 
Andy Davidson            Asteroid International BV
https://www.asteroidhq.com    @asteroidhq   @andyd
--------------------------------------------------
Local interconnection.          Where you need it.

More information about the afnog mailing list