[DBWG] RIPE proposed changes to the routing registry
madhvi at afrinic.net
Fri Jun 8 11:06:48 UTC 2018
On 08/06/2018 2:55 PM, Job Snijders wrote:
> On Fri, Jun 08, 2018 at 02:39:29PM +0400, Daniel Shaw wrote:
>> On 08/06/2018, 13:58, Job Snijders typed:
>>> Daniel, what is the status on the request that it becomes easier to
>>> create route-objects for AfriNIC-managed IP space in the AFRINIC IRR
>>> where non-AfriNIC-managed ASNs are specified as Origin?
>> I'll repeat I personally see no downside, and there is clearly at
>> least a handful of people that would like this. Further to summarise
>> in this thread, I'm not aware of any specific objections to changing
>> in this way.
>> - When an AFRINIC member who has in-region IP resources, but an
>> out-of-region ASN logs a request by email/ticket system, the repose
>> from the customer service folks is good, and they respond to the
>> request in good time.
> That is good to hear
>> - I also do not believe the argument about operational changes at odd
>> hours and short notice holds. I stand to be corrected, but I believe
>> that once the out-of-region 'autnum' is added to the IRR manual (once)
>> along with a 'mnt-by' that the member controls, that thereafter they
>> can create, add, or change route(6) objects themselves and auth
>> against their 'mnt-by' person or role, attached to the origin
> Wait - AfriNIC staff should NOT be creating additional "autnum:" objects
> in the AFRINIC database. Those objects already exist in other databases,
> AfriNIC is not authoritative for non-AfriNIC managed objects. Can you
> elaborate? It would truly be a shame if the community expends
> significant energy to clean up one database to introduce a new level of
> pollution in another database.
> Simply don't require the Origin ASN to be a reference to any object,
> consider it a 32-bit integer (and forbid the private & bogon asns).
AFRINIC does not create the autnum in the AFRINIC database.
Documentation similar to below will be published on the AFRINIC website
Creating a Route object with OOR ASN:
Requester submits object to be created on the AFRINIC IRR, via one
of the whois interfaces(CLI, Web-update)
A message shall be displayed to the person with details on the
ticket number created that shall need validation from AFRINIC
Request is received on the IRR RT queue via automation on whois
which triggers creation of the ticket and also sends the correct
object to be created, should the request be approved.
AFRINIC Hostmasters shall carry out the validation and check whether
such a request can be accepted.
In case this request is approved, AFRINIC Hostmasters shall
authorise creation of the object by submitting the object
communicated in (3)
*In regard to the checks that are conducted internally - we determine
whether the org holding the prefix in the AFRINIC registry is also the
holder of the ASN in another RIR registry. *
>> In other words. There is a once off "bootstrap" involving a single
>> email and maybe a days wait, to be able to use an out of region
>> I am not yet convinced that a handful of members saying that is "too
>> difficult" is sufficient motivation to bring development work on the
>> DBs current authentication model forward to absolute top priority in
>> the organisation.
>>> It is no different with RPKI ROAs. With a RPKI ROA the prefix owner
>>> can input any ASN they want in the Origin ASN field.
>> Preaching to the choir :) - which is why I am comfortable in saying
>> we'll probably do this. At some point.
> Is the creation of RPKI ROAs a fully automated process which can be
> initiated by end users through the AfriNIC portal?
> Kind regards,
> DBWG mailing list
> DBWG at afrinic.net
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the DBWG