[ixpmanager] IRR updating issue with BGPQ3

Richard Laager rlaager at wiktel.com
Mon Jul 3 23:06:13 IST 2023 

On 2023-07-03 16:22, Paul Emmons via ixpmanager wrote:
> In short RADB doesn't mirror any other datasets this member uses.

That's not what's going on here. As you can see from your own output, 
you're querying RADB in both cases. RADB is mirroring those other 
sources. It's just that IXP Manager (for good reasons) is passing a -S 
to limit the sources to those configured in IXP Manager.

It looks like you need to add ARIN and ALTDB at a minimum. You should 
order the authenticated IRR sources like ARIN above unauthenticated 
sources. So set this one to something like: ARIN,RADB,ALTDB

At MICE, we ended up using one list for everyone, rather than trying to 
customize per network based on who they were using:
ARIN,RIPE,LACNIC,APNIC,AFRINIC,RADB,ALTDB,NTTCOM,LEVEL3,BELL

I'm told all of the RIRs are authenticated, so there's not really any 
harm in including all of those (and listing them at the front). Then 
it's just a question of what people are using. RADB is pretty popular, 
so you're almost certainly going to need that one.

If I were you, I would also tell AS14237 to fix their own missing IRR 
entries at ARIN. Here is what I wrote and sent to people; this 
particular AS has already done steps 3-6, so you could remove those when 
sending them the advice. I found that with a little hand-holding like 
this, most networks were able to fix their records.

 1. Login to ARIN Online. (Go to arin.net
    <https://linkprotect.cudasvc.com/url?a=https%3a%2f%2farin.net&c=E,1,bishIqF6tagnpfV2E58sQ4CjI107UL_Da1_s1BI_WNE1gal7FtY4lqXaJyfOuozk0T4ronTJnWwNrniVqixSF9Sdv_xe3jaqCPJqGKvk2wA,&typo=1&ancr_add=1>
    and click Login in the top right.)
 2. On the left side, expand "Routing Security" and click "IRR".
 3. Click "as-set" at the top.
 4. Click "Create an Object".
 5. Fill in the fields:
    The "AS Set Name" is what you will list in PeeringDB.
    "Description" is unparsed, but they suggest the location and have a
    button to "Copy the Address from My Org ID".
    "Members" is where you list your ASN and downstream ASes (if any).
 6. Click "Review". Once ready, click "Submit".
 7. Click "route/route6" at the top.
 8. Click "Create an Object".
 9. Fill in the fields:
    "Prefix" is the prefix, e.g. 192.0.2.0/24.
    "Origin" is your ASN.
10. Click "Review". Once ready, click "Submit".
11. Repeat to create additional route objects until all of your
    announcements are covered. Don't forget IPv6!


On 2023-07-03 16:56, Paul Emmons via ixpmanager wrote:
> Member uses ARIN as their IRR - very high quality IRR and that member 
> doesn't have any down streams.
> Member B provides downstream to A
> Member B has their AS-SET as RADB


In this case, you need to list (at a minimum) ARIN,RADB as the sources 
for "B" in IXP Manager.


> It is probably more of an issue of training member B not to use 
> AUTNUMs for down streams.

Whether B uses an as-set or just an AS12345 is irrelevant, I'm pretty 
sure. The issue is finding the route/route6 objects. AFAIK, that's done 
by looking for route/route6 objects for a given ASN.

-- 
Richard
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.inex.ie/pipermail/ixpmanager/attachments/20230703/dbac8564/attachment-0001.htm>

More information about the ixpmanager mailing list