On Mon, Apr 04, 2022 at 06:35:31PM -0400, Jon Lewis wrote:
On Tue, 5 Apr 2022, Job Snijders wrote:
Are others jumping ship or planning to from ALTDB (no offense intended, and grateful for the service you've provided) and other non-auth IRRs like RADB due to networks like Tata announcing that they won't honor route objects created in non-authoratative IRR DBs after late last year and plan to ignore them entirely by late next year? i.e.
From: https://lg.as6453.net/doc/cust-routing-policy.html
Special note, deprecation of non-authoritative registries
Please note that 'route' and 'route6' objects created after 2021-Aug-15 in non-authoritative registries like RADB, NTTCOM, ALTDB and others will not work. Objects created before that date will continue to work till 2023-Aug-15. It is recommended to create RPKI ROA objects instead. In rare cases if that's not possible, 'route' and 'route6' must be created in the authoritative registry - AfriNIC, APNIC, ARIN, LACNIC, RIPE, RIPE, NIC.br or IDNIC.
I very much appreciate Tata's efforts to strive to only use authoritive data when making BGP routing decisions; however the scope of their charter is of course confined to just Tata's own operations. Tata's routing policies affect only Tata's customer cone.
I'm (well, work is) a Tata customer. So their policy wrt which IRR's they'll honor objects in matters to me, and going forward, it makes no sense for us to create new objects in ALTDB or RADB...and those proxy registrations Kenneth created in ALTDB, if any of those networks are originated by Tata customers, I presume the new ALTDB objects won't cause Tata prefix-list filters to include those routes.
Right.
I just wonder if Tata is alone leading the charge to deprecate non-auth IRRs, or if there are other notable networks with similar policies?
I think there clearly is an industry-wide trend to move away from 'unsigned plain-text non-authoritative' datasets, towards better sources of truth such as the VRP data available through the RIR RPKI Trust Anchors. There are variances in how stakeholders implement this paradigm shift: some operators move towards wholesale ignorance of non-auth databases (like Tata); some operators use softer transition mechanisms (examples: what RIPE NCC did in lieu of RIPE-731, or how IRRd v4 in its default configuration magically makes RPKI-invalid IRR objects disappear). I think all of us recognize a need to declaw "third party" IRR databases like RADB and ALTDB ("declawing" meaning that it is not desirable that anyone can just register *anything*); on the other hand our community also has to be cognizant about there being parts of the Internet which are not squatting on anyone's numbers *and* also are not contracted to a specific RIR. Kind regards, Job