[DBWG] route-object auto-created from a ROA

Avinash GOKHOOL avinash at afrinic.net
Fri Oct 19 05:58:48 UTC 2018 

On 17/10/2018 16:50, Nishal Goburdhan wrote:
> > Avinash wrote:
>
>
> hi,
> sorry for the out of thread reply;  i just realised i wasn’t sub’d to
> this list :-/
>
> > Thanks for the encouraging words.
> > To answer your question, we need to be sufficiently confident that such
> > a tool will be useful and actually used by members.
>
> i am an afrinic member.  i asked for this feature.  so i will use it.
> and i will add this to the training workshops that i teach.  so i
> imagine those students will use it too.  and i am sure that frank
> implied that he would use it.  edd too.  both of whom are afrinic members.
>
> let’s take a step back for a second.  this history to this request, is
> that i want you (afrinic) to make it easier to interact with your IRRDB.
>  regardless of what you think now, a large percentage of your membership
> feel the IRR is “not easy to use”.  yes, some of those people have no
> problem using the front-end of your RPKI engine.  i’ve been asking you
> to fix your IRRDB interface for a while now, but the last response i
> received, at the recent SAFNOG event was :  “we can not commit to a
> date”.  (it’s in the video archive if you care to look it up ..)
>
> given that you have something that’s relatively easy to use  (the RPKI
> front-end).
> given that you have rules that govern the data that goes into your RPKI
> system that keep this “clean”.
> given that people that care enough about routing security will likely
> have ROAs  *and* IRRDB objects.
> given that this seems like an unnecessary duplication ..
> i think it’s a safe bet that, if the system is in place, and easy to
> use, people (your members) will use it.
>
>
> > As for the implementation, I think we can make it quite simple.
>
> when i asked about creating objects using my.afrinic i was given the
> proverbial run-around.  :-)
> so, i am super-happy to see that the people that will be responsible for
> the work, think this is “quite simple”  :-)
>
> (and, btw, you’ll also need to allow, *at least* as-sets)
>
>
> > Create and Delete, as required, only route & route(6) objects via
> > MyAFRINIC. If
> > someone does not wish to issue ROAs, she may still use the current
> > method to create her route objects.
> >
> > However, if she wishes to issue ROAs, then when submitting the ROA form
> > on MyAFRINIC, we can lookup the existing route objects and if there are
> > some missing, ask if these need to be created. For that we will need to
> > have another form to capture and validate input for the other attributes
> > of the route object.
> >
> > Similarly, when someone wishes to revoke her ROA, we may lookup the
> > route objects and delete them if she so wishes.
> >
> > In this scenario, we do not really have to worry about route objects
> > being modified, since only the attributes "route" & "origin" are common
> > to a ROA.
>
> i think that what’s important is that you design so that there is as
> little pollution as possible, and it’s made as easy as possible.  you’ve
> laid out a simple enough framework;  if you’d like us to comment more on
> it, i am sure people here will be happy to, but i think it would be more
> constructive if you have the discussion internally, and perhaps present
> here your workflow?
>
>
> > However, in the event that a route object is deleted directly on the
> > WHOIS, the ROA cannot be automatically revoked.
>
> yes.
>
> there’s also no reason you can’t incorporate a check to see if ROA
> matches or equals IRRDB object equals BGP announcement, and signal that
> to your member, *along* with a  what/how to fix.   (obligatory hat tip
> to irrexplorer!)
>
> so now to echo the rest in the thread;  how soon can you have this done?
>  ;-)   of course, you can have different bits of this done in different
> stages too  (ie. ver1, ver2, ..) and i’m sure that will assuage members’
> feelings towards these important activities ..
>
> —n.
>
> _______________________________________________
> DBWG mailing list
> DBWG at afrinic.net
> https://lists.afrinic.net/mailman/listinfo/dbwg

Hi All,

Thanks a lot for the invaluable feedback.

To answer your question, based on our resource availability and workload, we are planning to have this available during Q1 of 2019.

Best regards

- Avinash Gokhool

More information about the DBWG mailing list