[DBWG] RIPE proposed changes to the routing registry

Daniel Shaw daniel at afrinic.net
Fri Jun 8 10:39:29 UTC 2018

On 08/06/2018, 13:58, Job Snijders	typed:
> Hi,
> Daniel, what is the status on the request that it becomes easier to
> create route-objects for AfriNIC-managed IP space in the AFRINIC IRR
> where non-AfriNIC-managed ASNs are specified as Origin?

Thanks for the nudge!

I'll repeat I personally see no downside, and there is clearly at least a handful of people that would like this. Further to summarise in this thread, I'm not aware of any specific objections to changing in this way.

That being said, form a wider organisational perspective there are (as always, with any org or company) a myriad of other changes and tasks in the queue to do, with varying priorities. And, again, not unusually, a limited number of people and time to get things done.

(I am sure you see where this is going).

If the WB chairs (who are on this list, and also the primary DB developers) initiate something internally bottom up, I'd certainly be in support.

However, apart from that, I am not sure I see sufficient urgency or sufficiently huge demand to put it at the top of my own priorities and motivate to get implemented in the short term. So for now, it's noted as a nice to have feature to do one day.

Before you get annoyed with me, let me re-iterate why I don't fully agree that this is such a big deal, or should hold up the RIPE changes.

In short, I maintain it is already easy enough. My experience is

- When an AFRINIC member who has in-region IP resources, but an out-of-region ASN logs a request by email/ticket system, the repose from the customer service folks is good, and they respond to the request in good time.

- I also do not believe the argument about operational changes at odd hours and short notice holds. I stand to be corrected, but I believe that once the out-of-region 'autnum' is added to the IRR manual (once) along with a 'mnt-by' that the member controls, that thereafter they can create, add, or change route(6) objects themselves and auth against their 'mnt-by' person or role, attached to the origin 'autnum'.

In other words. There is a once off "bootstrap" involving a single email and maybe a days wait, to be able to use an out of region autnum. 

I am not yet convinced that a handful of members saying that is "too difficult" is sufficient motivation to bring development work on the DBs current authentication model forward to absolute top priority in the organisation.

> It is no different with RPKI ROAs. With a RPKI ROA the prefix owner can
> input any ASN they want in the Origin ASN field.

Preaching to the choir :) - which is why I am comfortable in saying we'll probably do this. At some point.


More information about the DBWG mailing list