[lacnog] Hijack de prefixo em IRR
job en ntt.net
Vie Sep 13 11:02:33 -03 2019
Dear fellow networkers,
I want to highlight two efforts that I believe will help reduce the
number of erroneous route objects that exist in the various databases.
effort 1) The RIPE Routing Working Group is working on a policy proposal
that would give mandate to RIPE NCC to remove route objects from the
RIPE-NONAUTH database that are in conflict with published RPKI ROAs. A
tool to analyse some of the changes this would bring can be found here
https://github.com/job/ripe-proposal-2018-06 and the full proposal can
be read here: https://www.ripe.net/participate/policies/proposals/2018-06
effort 2) NTT is working on extending the IRRd software (IRRd is the
software that insecure DBs like RADB, NTTCOM, ALTDB, etc run) to
incorporate the RPKI Origin Validation process into the IRR workflow.
Similar to proposal 2018-06, the IRRd software can be modified to
automatically delete IRR route objects that are in conflict with
published RPKI ROAs. This means that the moment you create a ROA...
GLOBALLY the conflicting route objects will be hidden or deleted. IRRd
4's developement can be tracked via https://github.com/irrdnet/irrd4 - I
hope that this specific feature will be available this year, in 2019!
My recommendation to everyone is: create RPKI ROAs for your prefixes...
and just wait a few months. Significant change is coming to the IRR
ecosystem, it'll be much safer quite soon!
Más información sobre la lista de distribución LACNOG