On 3/22/25 01:53, Chris Woodfield via NANOG wrote:
Fair point and you appear to be correct. I’ll caveat I’m speaking without concrete data, but I suspect that there are enough routes not held in RIR-hosted route servers that dropping the unauthenticated IRRs would be… impactful.
In the RIPE Connect-WG there are efforts to establish a BCP document to only use RIR IRRs for filtering. As part of this there was a presentation at RIPE 88 [0] where someone from DE-CIX showed an impact analysis. Their takeaway is that dropping RADB would result in a loss of 11% of /24s and 250 Gbps traffic at peak, i.e., a significant amount. Other non-RIR IRRs contribute only a small amount. There is a follow-up mail thread with lots of discussion [1] (which also has the full BCP draft attached), and in my understanding it seems to be normal operating practice to use non-authenticated IRRs (especially RADB). So coming back to Steve's original question: On 3/21/25 22:29, Steven Wallace via NANOG wrote:
Are many/any/most IXP route server operators filtering routes without authenticated (i.e., RIR-hosted) route objects?
If there is filtering in place, it seems like many IXPs allow non-authenticated route objects. Best, Malte [0] Video: https://ripe88.ripe.net/archives/video/1356/ Slides: https://ripe88.ripe.net/wp-content/uploads/presentations/87-RIPE88_RS_Propos... [1] https://mailman.ripe.net/archives/list/connect-wg@ripe.net/thread/FGUT3D37HO...