Dear Pirawat, On Mon, Oct 26, 2020 at 08:13:19PM +0700, Pirawat WATANAPONGSE wrote:
I am seeking advice concerning someone else announcing IRR records on resources belonging to me.
Change is underway in the IRR ecosystem! The situation we are all used to is that it is rather cumbersome to get IRR databases to remove IRR objects. The IRR database operator may not trust your request for object removal, or is busy doing other things. There was no industry-wide automated process for IRR object removal. With the introduction of "RIPE-731" (https://www.ripe.net/publications/docs/ripe-731) in the RIPE region, the "RIPE-NONAUTH" database has slowly been shrinking. The RIPE-NONAUTH database exclusively contains IRR objects covering non-RIPE space. As more and more people create RPKI ROAs, which in turn provide automated evidence whether objects in RIPE-NONAUTH are valid or not valid. If an object is found to be invalid, it is deleted. While RIPE-731 addressed the issue of stale objects in the RIPE-NONAUTH database, of course it did not change anything for non-RIPE databases. Most non-RIPE databases use software called "IRRd" (the likes of NTTCOM, RADB, TC, etc). The IRRd software is the main entrypoint into the IRR system, and recently IRRd v4.1.0 was released which can automatically delete RPKI invalid IRR route objects. A youtube video from last week with some information on IRRdv4 can be seen here: https://www.youtube.com/watch?v=V9fsU0mNcA4 NTT has not yet upgraded from 4.0.0 -> 4.1.0, we are working on that. RADB is also investigating a migration path. LACNIC & ARIN already are on the v4 train. The moment NTT and RADB have deployed 4.1.0 at rr.ntt.net and whois.radb.net there will be an industry-wide fully automated IRR cleanup process running which accomplishes two things: - stale/rogue/erroneous objects (conflicting with RPKI) are deleted - new objects which are in conflict with RPKI ROAs cannot be created Using RPKI to clean up the IRR is a continuous process: this mechanism helps clean up the past, but also going forward ensures that IRR does not contain new information which is in conflict with published cryptographically signed RPKI ROAs. This 2018 video outlines the strategy how to migrate to an improved state of internet routing security: https://www.youtube.com/watch?v=3BAwBClazWc https://nlnog.net/static/nlnogday2018/9_routing_security_roadmap_nlnog_2018_... Reality is now nearly synced up to all slides of the deck :-) Kind regards, Job