[DBWG] RIPE proposed changes to the routing registry

Job Snijders job at ntt.net
Fri Jun 8 10:55:34 UTC 2018

On Fri, Jun 08, 2018 at 02:39:29PM +0400, Daniel Shaw wrote:
> On 08/06/2018, 13:58, Job Snijders	typed:
> > Daniel, what is the status on the request that it becomes easier to
> > create route-objects for AfriNIC-managed IP space in the AFRINIC IRR
> > where non-AfriNIC-managed ASNs are specified as Origin?
> I'll repeat I personally see no downside, and there is clearly at
> least a handful of people that would like this. Further to summarise
> in this thread, I'm not aware of any specific objections to changing
> in this way.
> [snip]
> - When an AFRINIC member who has in-region IP resources, but an
> out-of-region ASN logs a request by email/ticket system, the repose
> from the customer service folks is good, and they respond to the
> request in good time.

That is good to hear

> - I also do not believe the argument about operational changes at odd
> hours and short notice holds. I stand to be corrected, but I believe
> that once the out-of-region 'autnum' is added to the IRR manual (once)
> along with a 'mnt-by' that the member controls, that thereafter they
> can create, add, or change route(6) objects themselves and auth
> against their 'mnt-by' person or role, attached to the origin
> 'autnum'.

Wait - AfriNIC staff should NOT be creating additional "autnum:" objects
in the AFRINIC database. Those objects already exist in other databases,
AfriNIC is not authoritative for non-AfriNIC managed objects. Can you
elaborate? It would truly be a shame if the community expends
significant energy to clean up one database to introduce a new level of
pollution in another database.

Simply don't require the Origin ASN to be a reference to any object,
consider it a 32-bit integer (and forbid the private & bogon asns).

> In other words. There is a once off "bootstrap" involving a single
> email and maybe a days wait, to be able to use an out of region
> autnum. 
> I am not yet convinced that a handful of members saying that is "too
> difficult" is sufficient motivation to bring development work on the
> DBs current authentication model forward to absolute top priority in
> the organisation.


> > It is no different with RPKI ROAs. With a RPKI ROA the prefix owner
> > can input any ASN they want in the Origin ASN field.
> Preaching to the choir :) - which is why I am comfortable in saying
> we'll probably do this. At some point.

Is the creation of RPKI ROAs a fully automated process which can be
initiated by end users through the AfriNIC portal?

Kind regards,


More information about the DBWG mailing list