I use RAdb for IRR entries. I created my /24 record and it’s seen and accepted by our upstreams.
On Wed, Jan 27, 2021 at 10:14 PM Jay Koby via 44Net 44net@mailman.ampr.org wrote:
Confirming that ARIN's web-based IRR system won't allow 44net addresses, since there's no underlying allocation from one of ARIN's ranges. Your upstream provider will probably not be able to put in the IRR objects for you.
For IRR, AltDB doesn't have a simple web interface but it does work regardless of the RIR (or lack of) that originally allocated the IPs.
I don't think there's a way to use RPKI on the 44net range as of yet, though - that would likely need either a contract for one of the RIRs to sign resources or ARDC to set up, maintain, and gain trust for a certificate authority and handle RPKI requests like the RIRs do. Either of these is a pretty significant undertaking.
73 de K0BYJ,
-- Jay
On Mon, Dec 14, 2020 at 3:00 PM 44net-request@mailman.ampr.org wrote:
Send 44Net mailing list submissions to 44net@mailman.ampr.org
To subscribe or unsubscribe via the World Wide Web, visit https://mailman.ampr.org/mailman/listinfo/44net or, via email, send a message with subject or body 'help' to 44net-request@mailman.ampr.org
You can reach the person managing the list at 44net-owner@mailman.ampr.org
When replying, please edit your Subject line so it is more specific than "Re: Contents of 44Net digest..." Today's Topics:
- Re: 44NET Route Objects IRR (Caleb Pal)
- Re: 44NET Route Objects IRR (G1FEF)
---------- Forwarded message ---------- From: Caleb Pal cleb@defcon-3.net To: James Colderwood via 44Net 44net@mailman.ampr.org Cc: Bcc: Date: Mon, 14 Dec 2020 08:57:53 -0800 Subject: Re: [44net] 44NET Route Objects IRR Hello,
Your upstream providers may be able to put a proxy obj into the ARIN db for you. Unfortunately ARIN changed their IRR db in June of this year. They added a web based IRR service. According to ARIN, the web based service only allows you to add object for resources you own (your upstream ISP could not create those proxy objects since they do not own the 44net resources). If they still use the ARIN email IRR system, they can add proxy objects, they will just appear as ARIN-NOAUTH in the IRR db. I don't think NOAUTH is a problem for most providers now, but could be down the road if they start filtering/ignoring NOAUTH entries.
Of course altdb, radb and others are options (full list at: http://www.irr.net/docs/list.html). Not sure how other RIR's outside the US are handling NOAUTH entries.
I assume since AMPR does not have a RSA with ARIN, Chris cannot create IRR records for those folks who BGP advertise AMPR resources?
v/r,
Caleb
On 12/13/2020 10:08, James Colderwood via 44Net wrote:
Hi Pierre,
Thank you for the heads up. I was aware of altdb but it hadn't crossed my mind. Hopefully one of these solutions will work :-).
On 2020-12-13 17:32, Pierre Emeriaud wrote:
Le dim. 13 déc. 2020 à 12:04, G1FEF via 44Net 44net@mailman.ampr.org a écrit :
On 13 Dec 2020, at 09:54, James Colderwood via 44Net
44net@mailman.ampr.org wrote:
Hi All,
May I wish you all happy holidays!
Quick question, I'm working on establising my 3rd upstream but hit
a snag. The suppliers validation automation prohibits announcing AMPR addresses as the system can't qualify validity.
Are you talking about automatically checking entries in an IRR, or RPKI?
For service providers requesting an IRR route object to automate filter creation I've been using altdb. While it has not a lot of value in terms of authorization (anyone can create objects about any resource - a proper LOA has more value here) it is usually enough for provisioning tools to create appropriate filters / prefix-lists:
$ whois -h whois.altdb.net 44.151.210.0 route: 44.151.210.0/24 descr: F4INU origin: AS206155 mnt-by: MAINT-AS206155
$ bgpq3 -4 -l F4INU as206155 no ip prefix-list F4INU ip prefix-list F4INU permit 44.151.210.0/24
73 de F4INU
pierre
---------- Forwarded message ---------- From: G1FEF chris@g1fef.co.uk To: AMPRNet working group 44net@mailman.ampr.org Cc: Bcc: Date: Mon, 14 Dec 2020 17:26:28 +0000 Subject: Re: [44net] 44NET Route Objects IRR
I assume since AMPR does not have a RSA with ARIN, Chris cannot create IRR records for those folks who BGP advertise AMPR resources?
The vast majority of folk advertising their subnet over BGP are using altdb with no issues (currently).
IIRC, altdb is run by one person, so if you don’t already have a MNTNER object there, it can sometimes take some time to get one.
Chris
v/r,
Caleb
On 12/13/2020 10:08, James Colderwood via 44Net wrote:
Hi Pierre,
Thank you for the heads up. I was aware of altdb but it hadn't crossed my mind. Hopefully one of these solutions will work :-).
On 2020-12-13 17:32, Pierre Emeriaud wrote:
Le dim. 13 déc. 2020 à 12:04, G1FEF via 44Net 44net@mailman.ampr.org a écrit :
> On 13 Dec 2020, at 09:54, James Colderwood via 44Net 44net@mailman.ampr.org wrote: > > Hi All, > > May I wish you all happy holidays! > > Quick question, I'm working on establising my 3rd upstream but hit a snag. The suppliers validation automation prohibits announcing AMPR addresses as the system can't qualify validity.
Are you talking about automatically checking entries in an IRR, or RPKI?
For service providers requesting an IRR route object to automate filter creation I've been using altdb. While it has not a lot of
value
in terms of authorization (anyone can create objects about any resource - a proper LOA has more value here) it is usually enough for provisioning tools to create appropriate filters / prefix-lists:
$ whois -h whois.altdb.net 44.151.210.0 route: 44.151.210.0/24 descr: F4INU origin: AS206155 mnt-by: MAINT-AS206155
$ bgpq3 -4 -l F4INU as206155 no ip prefix-list F4INU ip prefix-list F4INU permit 44.151.210.0/24
73 de F4INU
pierre
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net