[lacnog] Usando originAS del WHOIS para aceptar prefijos
Job Snijders
job en ntt.net
Mie Ene 3 10:06:50 BRST 2018
Dear Arturo,
On Wed, Jan 03, 2018 at 11:36:36AM +0000, Arturo Servin wrote:
> Just to make sure that I got it correctly.
>
> You could do the same using RPKI and importing the verified ROAs to
> the IRR database (instead of using whois), right?
Yes, I call this "RPKI as whitelist". I've run trials at the Calgary
Internet Exchange (YYCIX) where people have a choice of registering
their announcement either in the ARIN WHOIS, or in the IRR, or register
an RPKI ROA which is then semantically interpreted as a route object. We
didn't see a significant increase in 'valid' routes when adding the RPKI
ROA information as a whitelist source (unlike with ARIN WHOIS data).
RPKI also has its challenges, for instance the distribution of RPKI data
is more restricted than other types of data in some regions, some more
information on this unresolved topic can be found here:
http://lists.arin.net/pipermail/arin-ppml/2017-January/031231.html
The arouteserver software (which I highly recommend to any IXP with
route servers) has support for "RPKI ROA as Route object", see
http://arouteserver.readthedocs.io/en/latest/GENERAL.html?highlight=rpki#irrdb-filters-irrdb
and look for "use_rpki_roas_as_route_objects".
At this moment NTT is not importing RPKI data into their IRR at
rr.ntt.net, but I'd welcome feedback and guidance on whether the LACNOG
community thinks this is useful or not.
Kind regards,
Job
Más información sobre la lista de distribución LACNOG