nanog mailing list archives
Re: 2749 routes AT RISK - Re: TIMELY/IMPORTANT - Approximately 40 hours until potentially significant routing changes (re: Retirement of ARIN Non-Authenticated IRR scheduled for 4 April 2022)
From: Kenneth Finnegan <kennethfinnegan2007 () gmail com>
Date: Mon, 4 Apr 2022 16:20:07 -0700
On Mon, Apr 4, 2022 at 4:04 PM Nick Hilliard <nick () foobar org> wrote:
Please don't. You're not doing the routing security ecosystem any favours by doing this.
The routing security ecosystem is less of a concern to me than the lone network engineer at some water district or county who were about to have a really bad / confusing few days while they tried to figure out why their Internet is somewhere between slightly and completely broken due to no action of their own.
Couple of reasons why: 1. this isn't your data and this is an unexpected action on the part of the registrants,
The registrants had a year to fix this themselves, and they didn't, which implies to me that they are unaware of the issue. How can something be unexpected to those who are unaware?
2. this is a sure-fire way of accumulating even more cruft in ALTDB in a way which is troublesome to clean up afterwards,
Is it? What is terrible about cruft sitting in IRR databases? It doesn't cause conflict with anyone else announcing their new address space from any other ASN. Cleaning it up is easy too. Publish an RPKI ROA for your space. We will automatically delete any route objects which disagree with an RPKI ROA. The routing security ecosystem should be doing that anyways.
3. there are several thousand objects in there which are already marked as proxy registrations, and are already likely to be inaccurate,
And there's lots of non-proxy registrations which are inaccurate too. The fact that RPSL was so contrived and routing security has been so sidecar for decades that carriers have found it easier to create proxy registrations vs getting their customers to go spend money on an RADB account or figure out this IRR thing in general means that proxy registrations are a reality we live in. IRR objects lacking any kind of expiration date was a failing of the original design. Proxy registration or not, when a company shuts down operations, there is kind of by definition no one left around to care about cleaning up their IRR records. If RIRs published RPKI ROAs for unallocated space to AS0 to give us an authoritative way to know that the address space is defunct, clean up could happen automatically. I looked into using the RIR registration databases to try and find objects which predate the current allocation, but even that data isn't clean enough to trace which objects are actually "stale" in some definition of the term.
4. you're losing authentication information for people to self-manage their registrations
Anyone on that list who would like to self-manage your IRR objects, PLEASE email me saying so. Bonus points if you include a reason why you waited until T-0 to change your mind on managing them. -- Kenneth Finnegan http://blog.thelifeofkenneth.com/ On Mon, Apr 4, 2022 at 4:04 PM Nick Hilliard <nick () foobar org> wrote:
Kenneth Finnegan wrote on 04/04/2022 21:05:I've taken it upon myself to create proxy registrations for all of these prefixes in ALTDB.Please don't. You're not doing the routing security ecosystem any favours by doing this. Couple of reasons why: 1. this isn't your data and this is an unexpected action on the part of the registrants, 2. this is a sure-fire way of accumulating even more cruft in ALTDB in a way which is troublesome to clean up afterwards, 3. there are several thousand objects in there which are already marked as proxy registrations, and are already likely to be inaccurate, 4. you're losing authentication information for people to self-manage their registrations, and 5. you have likely not cross-checked this data against RIR transfers / de-registrations - it's not really possible to do with with the arin-nonauth db because that db doesn't include the last-modified timestamp, and the changed: attribute is unreliable. Nick
Current thread:
- Re: [nanog] Re: [nanog] 2749 routes AT RISK - Re: TIMELY/IMPORTANT -, (continued)
- Re: [nanog] Re: [nanog] 2749 routes AT RISK - Re: TIMELY/IMPORTANT - Dan Mahoney (Gushi) (Apr 04)
- Re: [nanog] [nanog] 2749 routes AT RISK - Re: TIMELY/IMPORTANT - John Curran (Apr 04)
- Re: [nanog] Re: [nanog] Re: 2749 routes AT RISK - Re: TIMELY/IMPORTANT - Dan Mahoney (Gushi) (Apr 04)
- Re: [nanog] [nanog] Re: 2749 routes AT RISK - Re: TIMELY/IMPORTANT - John Curran (Apr 04)
- Re: 2749 routes AT RISK - Re: TIMELY/IMPORTANT - Approximately 40 hours until potentially significant routing changes (re: Retirement of ARIN Non-Authenticated IRR scheduled for 4 April 2022) John Gilmore (Apr 04)
- Re: 2749 routes AT RISK - Re: TIMELY/IMPORTANT - Approximately 40 hours until potentially significant routing changes (re: Retirement of ARIN Non-Authenticated IRR scheduled for 4 April 2022) John Curran (Apr 04)
- RPKI adoption (was: Re: 2749 routes AT RISK ) John Curran (Apr 04)
- Re: RPKI adoption (was: Re: 2749 routes AT RISK ) Livingood, Jason via NANOG (Apr 05)
- Re: 2749 routes AT RISK - Re: TIMELY/IMPORTANT - Approximately 40 hours until potentially significant routing changes (re: Retirement of ARIN Non-Authenticated IRR scheduled for 4 April 2022) babydr DBA James W. Laferriere (Apr 04)
- Re: 2749 routes AT RISK - Re: TIMELY/IMPORTANT - Approximately 40 hours until potentially significant routing changes (re: Retirement of ARIN Non-Authenticated IRR scheduled for 4 April 2022) Nick Hilliard (Apr 04)
- Re: 2749 routes AT RISK - Re: TIMELY/IMPORTANT - Approximately 40 hours until potentially significant routing changes (re: Retirement of ARIN Non-Authenticated IRR scheduled for 4 April 2022) Kenneth Finnegan (Apr 04)
- Re: 2749 routes AT RISK - Re: TIMELY/IMPORTANT - Approximately 40 hours until potentially significant routing changes (re: Retirement of ARIN Non-Authenticated IRR scheduled for 4 April 2022) Tom Beecher (Apr 04)
- Re: 2749 routes AT RISK - Re: TIMELY/IMPORTANT - Approximately 40 hours until potentially significant routing changes (re: Retirement of ARIN Non-Authenticated IRR scheduled for 4 April 2022) Aftab Siddiqui (Apr 04)
- Re: 2749 routes AT RISK - Re: TIMELY/IMPORTANT - Approximately 40 hours until potentially significant routing changes (re: Retirement of ARIN Non-Authenticated IRR scheduled for 4 April 2022) Rubens Kuhl (Apr 04)
- Re: 2749 routes AT RISK - Re: TIMELY/IMPORTANT - Approximately 40 hours until potentially significant routing changes (re: Retirement of ARIN Non-Authenticated IRR scheduled for 4 April 2022) Tom Beecher (Apr 04)
- Re: 2749 routes AT RISK - Re: TIMELY/IMPORTANT - Approximately 40 hours until potentially significant routing changes (re: Retirement of ARIN Non-Authenticated IRR scheduled for 4 April 2022) Wes George (Apr 06)