nanog mailing list archives

Re: IRR for IX peers

From: Rubens Kuhl <rubensk () gmail com>
Date: Mon, 4 Oct 2021 17:04:02 -0300

Some IX'es set communities telling which member announced that prefix;
if SIX is one of those, that can be used to automate origin
verification.


Rubens

On Mon, Oct 4, 2021 at 2:08 PM Randy Bush <randy () psg com> wrote:


so i have an AS (3130) which peers at the SIX (RSs and some direct).

in the hope that leak detectors such as artemis would stop false
positives when they see my prefixes announced customer cones of SIX
peers, i want to add the SIX peers to my aut-num: policy.

export:  to    AS-SEATTLEIX-RS-CLIENTS  announce AS-RG-SEA

seems clear and obvious.  but

import:  from  AS-SEATTLEIX-RS-CLIENTS  accept AS-SEATTLEIX-RS-CLIENTS

would seem to allow bill's bait and sushi to announce microsoft to me.
and i am not sure that expansive `from` clause is actually allowed.

what are others in this space doing?

[ and let's not descend into the rat-hole of dissing the IRR.  i have
  heard of this RPKI thing and might try it some day. ]

randy

---
randy () psg com
`gpg --locate-external-keys --auto-key-locate wkd randy () psg com`
signatures are back, thanks to dmarc header butchery

Current thread:

IRR for IX peers Randy Bush (Oct 04)
- Re: IRR for IX peers Nick Hilliard (Oct 04)
  - Re: IRR for IX peers Randy Bush (Oct 04)
    - Re: IRR for IX peers Nick Hilliard (Oct 07)
    - Re: IRR for IX peers Randy Bush (Oct 07)
    - Re: IRR for IX peers Nick Hilliard (Oct 07)
    - Re: IRR for IX peers Mark Tinka (Oct 07)
  - Re: IRR for IX peers Mark Tinka (Oct 04)
    - Re: IRR for IX peers Łukasz Bromirski (Oct 05)
    - Re: IRR for IX peers Mark Tinka (Oct 05)
- Re: IRR for IX peers Rubens Kuhl (Oct 04)
- Re: IRR for IX peers Ben Maddison via NANOG (Oct 04)
  - Re: IRR for IX peers Randy Bush (Oct 04)
    - Re: IRR for IX peers Ben Maddison via NANOG (Oct 04)
    - Re: IRR for IX peers Randy Bush (Oct 04)