[lacnog] Mess up - IRR de prefixos brasileiros - EMIX(ChinaTel) - Neustar - Internexa
Douglas Fischer
fischerdouglas en gmail.com
Mie Mar 4 16:09:03 GMT+3 2020
Hello Carlos!
Well...
I'm with two tasks on my todo list:
1- Import all the ROAs in the world as ROUTE and ROUTE6 objects to a
private IRR.
2- Import NRO Extended Delegation File, Use Opaque-ID to vinculate ASNs,
IPv4, IPv6, and insert it to to a Private IRR.
Actually, task #1 is almost stoped... But task #2 is i already have
something working.
The idea is propose that ALL IRRs in the world use those bases as a filter
to not accept proxyed entries that with an Orign that is not from the real
Owner, or somebody he explicitly authorized through RPKI.
Now, the provocation:
---------------------
Is this code that is used to populate the LACNIC IRR base from LACNIC's
RPKI open?
At least the part that imports LACNIC's ROAs and injects it into the IRR,
is it open?
How about doing this for the whole world?
Em qua., 4 de mar. de 2020 às 11:40, Carlos M. Martinez <
carlosm3011 en gmail.com> escreveu:
> Hi all,
>
> Just a clarification: LACNIC’s IRR does support AS-SETs, but
> operators/users need to create them.
>
> Our IRR is “mostly automatic” in the sense that route/route6 objects and
> maintainers are synthesized based on RPKI and WHOIS data.
>
> However, unlike route/route6 and maintainers, our IRR cannot synthesize
> AS-SETs for our users.
>
> Our IRR is still in its infancy (it has been in production for less than
> three months) but I hope when the word gets out we will see significant
> uptake of this tool.
>
> If there are any specific, architectural or service questions regarding
> LACNIC’s IRR please refer directly to us LACNIC staff.
>
> Cheers!
>
> /Carlos
>
> On 3 Mar 2020, at 9:00, Arturo Servin wrote:
>
> Douglas
>
> Thanks for getting this stats and bringing awareness that there is a lot
> to do in LATAM.
>
> I have these stats that I have presented in some fora in the past few
> months, these represent the percentage of valid prefixes (according to IRR
> data.) As you can see LATAM (69.11%) is way behind the rest of the regions
> and the global average of 86%.We are working to include LACNIC IRR so stats
> might improve soon but I am not sure how much as the IRR does not have
> AS-SETs and I would bet that a good chunk of invalid are coming from ASs
> that provide transit services to other ASNs (so AS-origin is not enough to
> validate.)
>
> [image: Initial Experiences Route Filtering at the Edge AS15169.png]
>
> Some places to check your prefixes:
>
> - IRR Explorer NLNOG: http://irrexplorer.nlnog.net/
> - RIPE RIS Routing Consistency:
> https://stat.ripe.net/widget/as-routing-consistency
>
>
> Finally, Google is in the process to start filtering all invalid prefixes
> that do not match any IRR entry, so I recommend that if you peer with
> AS15169 you take a look if your prefixes are validated (Google ISP Portal
> https://isp.google.com/bgp/ and check your AS-SET in PeeringDB)
>
> Regards
> as
>
>
>
>
>
>
> On Mon, Mar 2, 2020 at 9:39 PM Douglas Fischer <fischerdouglas en gmail.com>
> wrote:
>
>> Acabei de criar mais uma visão sumarizada de quem está criando sujeira
>> nos IRRs, especificamente nos prefixos brasileiros.
>> ->
>> https://docs.google.com/spreadsheets/d/1RXqzCP2uN-dZ1hRkridm4EBg4_6tYC09Y8ZAW68JSf8/
>> Esse arquivo nos mostra or Objetos IRR Route: e Route6: classificados com
>> INVALID e UNEEDED em 2020-03-01
>>
>> O 5 maintainers que mais tem criados registros INVALID de prefixos BR são:
>> Maint | Name | INVALID | UNEEDED |
>> MAINT-AS8966 | Emirates IX - ChinaTel | 2511 | 2 |
>> MAINT-AS7786 | NeuStar | 887 | |
>> MAINT-AS18678 | Internexa | 670 | 605 |
>> MAINT-SAMM | SAMM CCR | 140 | 80 |
>> MAINT-NRT-BB | NOROESTECOM | 60 | 3 |
>>
>> P.S.:
>> Procedimento de como se chegou a essas informações detalhado nessa troca
>> de e-mail
>> https://mail.lacnic.net/pipermail/lacnog/2020-February/007809.html
>>
>>
>> Eu preciso agradecer e parabenizar as equipes das empresas:
>> - G8 Networks
>> - Nexusguard
>> Desde a análise que eu havia feito no dia 13-Feb-2019 [1] tive a
>> oportunidade de conversar com pessoas dessas duas empresas, e eles fizeram
>> esforços e corrigiram/eliminaram grande parte dos registros incorretos que
>> eles haviam criados.
>> Esta, em minha opinião, deve ser a postura de operadores de rede. Estando
>> abertos a informações, validando, e corrigindo se cabível.
>>
>>
>>
>>
>> [1]
>> https://docs.google.com/spreadsheets/d/1XxUI2_JcKgkg5CniRi1E3ieEu9HgRJCfYfaH3hTIaHg/
>>
>> --
>> Douglas Fernando Fischer
>> Engº de Controle e Automação
>> _______________________________________________
>> LACNOG mailing list
>> LACNOG en lacnic.net
>> https://mail.lacnic.net/mailman/listinfo/lacnog
>> Cancelar suscripcion: https://mail.lacnic.net/mailman/options/lacnog
>>
> _______________________________________________
> LACNOG mailing list
> LACNOG en lacnic.net
> https://mail.lacnic.net/mailman/listinfo/lacnog
> Cancelar suscripcion: https://mail.lacnic.net/mailman/options/lacnog
>
> _______________________________________________
> LACNOG mailing list
> LACNOG en lacnic.net
> https://mail.lacnic.net/mailman/listinfo/lacnog
> Cancelar suscripcion: https://mail.lacnic.net/mailman/options/lacnog
>
--
Douglas Fernando Fischer
Engº de Controle e Automação
------------ próxima parte ------------
Se ha borrado un adjunto en formato HTML...
URL: <https://mail.lacnic.net/pipermail/lacnog/attachments/20200304/be7179be/attachment-0001.html>
Más información sobre la lista de distribución LACNOG