Hi Martin On Thu, 4 Feb 2016, Martin T wrote:
am I correct that ISPs (in RIPE region), who update their BGP prefix filters automatically, ask their IP transit customer or peering partner to provide their "route"/"route6" object(s) or "as-set" object in order to find all the prefixes which they should accept?
This is a common practice to do. Both within and outside the RIPE region. For bigger networks, prefix lists become somewhat unwieldy, and one can then use as-path filters instead. Use a prefix limit with this. Typically you use a tool (bgpq3) to generate the prefix lists.
If the IP transit customer or peering partner provides an "as-set", then ISP needs to ensure that this "as-set" belongs to this IP transit customer or peering partner because there is no automatic authentication for this, i.e. anybody can create an "as-set" object to database with random "members" attributes?
I don't know the procedure for creating as-sets, maybe someone else can chip in.
This is opposite to "route"/"route6" objects which follow a strict authentication scheme.
I believe this differs depending on the irrd software/operator.
In addition, in case of "as-set", an ISP needs to recursively find all the AS numbers from "members" attributes because "as-set" can include other "as-sets"?
Some irrd servers, can expand this automatically (I think). But seriously, use a tool for this.
Quite a lot of question, but I would simply like to be sure that I understand this correctly.
There are basically two abstractions: 1. as-set. Can contain other as-sets or as numbers. 2. prefixes are registered to an as-number. Remember that there are multiple IRR servers, and they mirror each other. Use http://irrexplorer.nlnog.net/ to play around a bit :-). Best regards, Henrik Henrik Thostrup Jensen <htj at nordu.net> Software Developer, NORDUnet