Odp: Re: IRR information & BYOIP (Bring Your Own IP) with Cloud Providers
Dnia 21 stycznia 2024 21:07 Christopher Morrow <morrowc.lists@gmail.com> napisał(a): On Fri, Jan 19, 2024, 4:55 PM Owen DeLong via NANOG < nanog@nanog.org > wrote: Sounds like you’ve got a weird mix of route origination. Why wouldn’t you advertise to Google via BGP and have your prefix originate from your own ASN? I think in this case the customer has their own disconnected deployment, and they are asking 396982 to announce some subset of their prefixes such that gcp gets that traffic. Yes, this is the case. GCP is advertising our prefix on our behalf. Owen On Jan 19, 2024, at 02:39, kubanowy < kubanowy@o2.pl > wrote: Hi, We have our own prefix assignment from ARIN. We have our infrastructure in GCP (Google Cloud Platform) where we started using BYOIP functionality (Google advertises our IPs). We followed their recommendation with ROA configuration in ARIN cloud.google.com https://cloud.google.com/vpc/docs/bring-your-own-ip#live-migration-recommend... but they don't mention if IRR (whois database) should be updated as The roa is really for two reasons: 1) tell Google you actually control that asset. 2) tell the world that 396982 is permitted to originate that prefix. Use of irr data is nice, but not required here... This is understood, however due to missing entries in IRR those tools flag those prefixes as suspicious to mismatch between what's advertised and what's in ARIN database. My goal is to avoid it. I'm looking for information on what's community approach for this. How this should be handled? well. I've checked with their support and they said no additional changes need to be done there. But currently we are in situation where ARIN's whois contains entry for our prefix with our own ASN and Google advertised to RADb entry for our prefixes with their own ASN. I don't believe to robots at google are supposed to register irr data for byoip customers... Can you mail me off list and I can go do a.little digging? ;) I haven't seen info on that in their documentation, but we did notice a new entry in RADb for prefix that we added in GCP that had MAINT set to Google. When we use online tools like irrexplorer.nlnog.net https://irrexplorer.nlnog.net/ or Cisco's CrossWork Cloud (former BGPmon), they mark our prefixes due to mismatch of ASN in those 2 databases. We haven't observed any routing issues so far (i.e. ISP not importing our prefixes), but we aim to sort this out for better credibility. I'm wondering what's community approach for updating whois databases when using BYOIP functionality with Cloud providers and if there is a risk of any potential impact if we were to change information in ARIN. Thanks
On Mon, Jan 22, 2024 at 7:39 AM kubanowy <kubanowy@o2.pl> wrote:
On Jan 19, 2024, at 02:39, kubanowy <kubanowy@o2.pl> wrote:
Hi, We have our own prefix assignment from ARIN. We have our infrastructure in GCP (Google Cloud Platform) where we started using BYOIP functionality (Google advertises our IPs). We followed their recommendation with ROA configuration in ARIN https://cloud.google.com/vpc/docs/bring-your-own-ip#live-migration-recommend... but they don't mention if IRR (whois database) should be updated as
The roa is really for two reasons:
1) tell Google you actually control that asset. 2) tell the world that 396982 is permitted to originate that prefix.
Use of irr data is nice, but not required here...
This is understood, however due to missing entries in IRR those tools flag those prefixes as suspicious to mismatch between what's advertised and what's in ARIN database. My goal is to avoid it.
I'm looking for information on what's community approach for this. How this should be handled?
well. I've checked with their support and they said no additional changes need to be done there. But currently we are in situation where ARIN's whois contains entry for our prefix with our own ASN and Google advertised to RADb entry for our prefixes with their own ASN.
I don't believe to robots at google are supposed to register irr data for byoip customers... Can you mail me off list and I can go do a.little digging? ;)
correction: yes the robot will make IRR entries on behalf of the byoip custromer... I should have remembered this, but oops :)
I haven't seen info on that in their documentation, but we did notice a new entry in RADb for prefix that we added in GCP that had MAINT set to Google.
I believe(based on the source code) google will add this shortly after the customer processes start, and remove it automatically when the customer goes away.
When we use online tools like https://irrexplorer.nlnog.net/ or Cisco's CrossWork Cloud (former BGPmon), they mark our prefixes due to mismatch of ASN in those 2 databases.
do you have an example you can share?
We haven't observed any routing issues so far (i.e. ISP not importing our prefixes), but we aim to sort this out for better credibility. I'm wondering what's community approach for updating whois databases when using BYOIP functionality with Cloud providers and if there is a risk of any potential impact if we were to change information in ARIN. Thanks
participants (2)
-
Christopher Morrow
-
kubanowy