On Thursday, February 02, 2012 01:00:43 AM George Bonser wrote:
One problem is the number of routing registries and the requirements differ for them. The nefarious operator can enter routes in an IRR just as easily as a legitimate operator. There was a time when some significant networks used the IRRs for their filtration policy. I'm not sure how many still do.
I've dealt with AfriNIC and APNIC WHOIS databases, and they normally control the 'inetnum' and inet6num' entries that go into the WHOIS databases. So there is some degree of certainty that what is in there is generally true. You're right, anyone can create an IRR record, and it's quite terrible how easy it is to create false information that could break another person's network. This is why we don't generally trust IRR or PeeringDB data when verifying downstream prefixes which we should permit through our filters. We rely on the RIR 'inetnum' and 'inet6num' records for that. My memory fails me on what ARIN do, but before AfriNIC was established and the majority of Africa's prefixes were allocated by RIPE and ARIN, I recall the ARIN policy (SWIP templates, et al) being a hassle-rich experience that anything else is long forgotten :-). Mark.