IRR for IX peers

Rubens Kuhl rubensk at gmail.com
Mon Oct 4 20:04:02 UTC 2021


Some IX'es set communities telling which member announced that prefix;
if SIX is one of those, that can be used to automate origin
verification.


Rubens

On Mon, Oct 4, 2021 at 2:08 PM Randy Bush <randy at psg.com> wrote:
>
> so i have an AS (3130) which peers at the SIX (RSs and some direct).
>
> in the hope that leak detectors such as artemis would stop false
> positives when they see my prefixes announced customer cones of SIX
> peers, i want to add the SIX peers to my aut-num: policy.
>
> export:  to    AS-SEATTLEIX-RS-CLIENTS  announce AS-RG-SEA
>
> seems clear and obvious.  but
>
> import:  from  AS-SEATTLEIX-RS-CLIENTS  accept AS-SEATTLEIX-RS-CLIENTS
>
> would seem to allow bill's bait and sushi to announce microsoft to me.
> and i am not sure that expansive `from` clause is actually allowed.
>
> what are others in this space doing?
>
> [ and let's not descend into the rat-hole of dissing the IRR.  i have
>   heard of this RPKI thing and might try it some day. ]
>
> randy
>
> ---
> randy at psg.com
> `gpg --locate-external-keys --auto-key-locate wkd randy at psg.com`
> signatures are back, thanks to dmarc header butchery


More information about the NANOG mailing list