Newbie Questions: How-to remove spurious IRR records (and keep them out for good)?

Brandon Martin lists.nanog at monmotha.net
Mon Nov 2 18:28:29 UTC 2020


On 10/30/20 9:26 PM, Rubens Kuhl wrote:
> 1 - You should worry a little, but not much. Filters allowing unwanted
> announcements might be created using these erroneous IRR records, but
> they won't do any damage by themselves. An actual wrong BGP
> announcement is required for any damage to happen, and even without
> those IRR records, a wrong announcement will cause some havoc since
> not everyone builds filters based on IRR and not everyone runs RPKI
> validation.

I've had problems where people who build filters on IRR will build their filters SOLELY based on IRR.  That is, they are not permissive and will assume that, if there is an IRR object present for a prefix, that ONLY the announcements matching that object should be accepted.  This can lead to severe reachability issues if not corrected.
-- 
Brandon Martin


More information about the NANOG mailing list