[DBWG] RIPE IRR and AFRINIC

David Hilario d.hilario at laruscloudservice.net
Fri Jul 21 03:58:27 UTC 2017


Dear Colleagues,

I am emailing this as one of the RIPE DB-WG co-chairs.

A discussion started/was revived in the RIPE DB-WG mailing list, whose
results can directly impact AFRINIC community and can directly affect
your operations.

The initial email can be found here:
https://www.ripe.net/ripe/mail/archives/db-wg/2017-July/005567.html

Quick summary:
The RIPE Database's "Internet Routing Registry" part has always been
an open routing registry, anyone can make use of it, for the RIPE
issued resources it uses the authentication methods used for the
internet resources issued by the RIPE NCC.

To create route(6) and Aut-nums for internet resources outside of the
RIPE region, it offers a common password for all in the initial
creation of the objects, this has the disadvantage this has several
drawbacks:

A) not typo/fat finger proof (wrong range or AS number, happens regularly).
B) not authoritative (Can be entered on behalf of third parties or
de-registered resources at 3rd party RIR are left behind in RIPE IRR).
C) prone to abuse (Mainly unannounced resources being BGP hijacked by
creating route objects toi make them seem like valid and
authoritative).

And advantages:
A) free and open to anyone.
B) Allows registration of foreign RIR and hybrid objects, such as
combination of ASN from RIPE with address space from ARIN for example.
C) API support.

AFRINIC ltd in the past asked the RIPE Community to help definie a
plan in cleaning up the RIPE IRR from AFRINIC objects and closing it
down for AFRINIC users.
RIPE Community asked for solutions to prevent abuse of the IRR.

As the co-chairs from the RIPE DB-WG, we want to know how we will
proceed, keep it open or request a close down?
We have two agenda points we inherited from the previous chairs that
are list in the NWI (Numbered Work Items):

https://www.ripe.net/manage-ips-and-asns/db/numbered-work-items

Namely NWI-3 which relates to AFRINIC space present in the RIPE
Database and NWI-5 that relates to all address space outside of the
RIPE registry present in the RIPE Database.
Depending on the outcome of the current round of discussion we will
know how to proceed further with NWI-3 and 5.

Please note that as a RIPE DB-WG co-chair I will not partake in the
discussion, feedback is much welcome, but we can only take in
consideration what will be told in the RIPE DB-WG mailinglist, if
discussions take place here in the AFRINIC DB-WG, please make sure
whatever is voiced here gets forwarded to the RIPE DB-WG.

You can register here for the RIPE DB-WG to participate via email, it
is open to anyone:
https://lists.ripe.net/mailman/listinfo/db-wg

Or you can participate via the Web Forum platform, all posts get sent
from it to the respective mailing lists:
https://www.ripe.net/participate/mail/forum/

I believe the forum uses "single sign on" credentials, that system is
available to anyone as well.

David Hilario
co-chair RIPE DB-WG



More information about the DBWG mailing list