On 31 Jan 2021, at 19:05, Scott Nicholas via 44Net
<44net(a)mailman.ampr.org> wrote:
Sorry for the top post, I'm on my mobile.
The announcements and RPKI are both things I've looked at once and just
sort of lost much care.. hopefully some people like yourself have submitted
resumes and joined the TAC.
I do believe RIPE has a fair deal that would allow amprnet to stay legacy
and do RPKI for perhaps their standard LIR fees if I'm remembering
correctly.
RPKI isn’t really the one and only solution to this problem, but it can certainly help a
lot. It’s just that for various reasons, there’s no RPKI yet on the network. And even if
there was, there are some decisions that could be made on how it’s deployed, that can
affect whether it would work like this or not. IRR and other things can help as well, but
like everything, it relies on people checking it.
A thing that can be done to prevent this retroactively is monitoring. There are some tools
that can help in this, but most are created with the typical network in mind: I have some
prefixes and an ASN (or more), and I want to see if some other AS advertises my IPs. What
44Net has is more like an RIR: I have a very large IP space, I allocate/assign/… parts of
it to various entities that do stuff with it, and I just want to make sure that no
“unallocated” space is being squatted. Of course, in this case, there’s a clear
intervention path for hijackings, etc. but the thread tries to combat squatting: use of
“unallocated” IP space that’s unauthorized.
I did a quick survey of the available tools and whether they can be used for something
like that, despite not being the primary use case, and I even had a quick chat with the
creators of ARTEMIS (
https://bgpartemis.org/ <https://bgpartemis.org/> ) and it
seems that some can be used for things like that: here’s a list of all “allocations”, and
if you see anything else under 44/8 (or 44/9+44.128/10) that’s not in your config file,
please alert me. I’ll also try to reach out to RIRs maybe to see how they all deal with
that problem. It seems that we’re just in the middle so it’s not completely clear what can
be done / it’s not a common problem to have. Maybe if we have some RIR staff here, they
can chime in :)
The new portal is probably already in the works.
I'd like that it allowed
IRR entries for advanced users or a simple view with just description, AS,
prefix. Our whois server should be registered at ARIN to allow clients to
be referred to it. Our portal records can become IRR at the source..
The entire e-mail is my personal opinion, I am speaking on my personal capacity, and I
have to admit that I don’t know anything about the new portal. However, I totally agree
with you that it should be the source of truth for everything, and should be built with
this in mind: route objects, ROAs, whois, squatting monitoring tools, hijacking monitor
tools, … all depend on it for the single source of truth, and all use this, or frequent
data dumps of it, to work.
Of course, things aren’t always that easy, and I understand that some times it can’t be
possible to do this, but in my personal view we should at least try to go towards that
direction.
Thanks,
Antonis