nanog mailing list archives
Re: IRR for IX peers
From: Rubens Kuhl <rubensk () gmail com>
Date: Mon, 4 Oct 2021 17:04:02 -0300
Some IX'es set communities telling which member announced that prefix; if SIX is one of those, that can be used to automate origin verification. Rubens On Mon, Oct 4, 2021 at 2:08 PM Randy Bush <randy () psg com> wrote:
so i have an AS (3130) which peers at the SIX (RSs and some direct). in the hope that leak detectors such as artemis would stop false positives when they see my prefixes announced customer cones of SIX peers, i want to add the SIX peers to my aut-num: policy. export: to AS-SEATTLEIX-RS-CLIENTS announce AS-RG-SEA seems clear and obvious. but import: from AS-SEATTLEIX-RS-CLIENTS accept AS-SEATTLEIX-RS-CLIENTS would seem to allow bill's bait and sushi to announce microsoft to me. and i am not sure that expansive `from` clause is actually allowed. what are others in this space doing? [ and let's not descend into the rat-hole of dissing the IRR. i have heard of this RPKI thing and might try it some day. ] randy --- randy () psg com `gpg --locate-external-keys --auto-key-locate wkd randy () psg com` signatures are back, thanks to dmarc header butchery
Current thread:
- IRR for IX peers Randy Bush (Oct 04)
- Re: IRR for IX peers Nick Hilliard (Oct 04)
- Re: IRR for IX peers Randy Bush (Oct 04)
- Re: IRR for IX peers Nick Hilliard (Oct 07)
- Re: IRR for IX peers Randy Bush (Oct 07)
- Re: IRR for IX peers Nick Hilliard (Oct 07)
- Re: IRR for IX peers Mark Tinka (Oct 07)
- Re: IRR for IX peers Randy Bush (Oct 04)
- Re: IRR for IX peers Nick Hilliard (Oct 04)
- Re: IRR for IX peers Ćukasz Bromirski (Oct 05)
- Re: IRR for IX peers Mark Tinka (Oct 05)
- Re: IRR for IX peers Randy Bush (Oct 04)
- Re: IRR for IX peers Ben Maddison via NANOG (Oct 04)
- Re: IRR for IX peers Randy Bush (Oct 04)