This is what we are seeing in IXP Manager. Looks like your config got pulled from PeeringDB.
Network Information =================== Name : HENNEPIN-COUNTY Primary ASN : 40382 Also Known As : Website : https://www.hennepin.us/ IRR AS-SET : AS40382:AS-MEMBERS Network Type : Government Approx IPv6 Prefixes : 100 Approx IPv4 Prefixes : 100 Looking Glass : Route Server : Created at : 2021-12-21T16:47:05Z Updated at : 2022-08-29T22:55:11Z
Prefix | First seen | Last seen |
---|---|---|
137.70.0.0/16 | 2023-03-27 00:08:07 | 2023-05-09 12:55:43 |
204.73.55.0/24 | 2023-03-27 00:08:07 | 2023-05-09 12:55:43 |
50.217.178.0/24 | 2023-03-27 00:08:07 | 2023-05-09 12:55:43 |
Prefix | First seen | Last seen |
---|---|---|
2606:e540::/32 | 2023-03-27 00:08:07 | 2023-05-09 12:55:43 |
2606:e540::/36 | 2023-03-27 00:08:07 | 2023-05-09 12:55:43 |
Will the filters be built off our aut-num object or just the as-set listed on PeeringDB?
Tom Krenn
Network Architect
Enterprise Architecture - Information Technology
From: MICE Discuss <MICE-DISCUSS@LISTS.IPHOUSE.NET> On Behalf Of Richard Laager
Sent: Tuesday, May 9, 2023 5:20 AM
To: MICE-DISCUSS@LISTS.IPHOUSE.NET
Subject: [External] [MICE-DISCUSS] IRR Mandatory at MICE / New Route Servers
CAUTION: This email was sent from outside of Hennepin County. Unless you recognize the sender and know the content, do not click links or open attachments.
[I plan to send this to MICE-ANNOUNCE too, but I want to see if anyone has corrections.]
MICE will soon be deploying new route servers which will require IRR (Internet Routing Registry) records, as is a best practice at IXPs.
What
- You MUST have an as-set object listing your AS and your downstream ASes (if any).
- You MUST either list that as-set in PeeringDB or email the name of your as-set to me (off-list to rlaager@wiktel.com please).
- A route/route6 object MUST exist for each prefix you announce to the route servers (whether originated by you or transited through you) and it must list an Origin AS that is in your as-set.
When
- If you are a transit AS (i.e. have ASes behind you) and don't have an as-set object, fix this now. Without an as-set object, your downstream ASes announcements will be blocked (filtered) immediately when the first new route server is cut in. (Granted, they will still work through the second route server until it is upgraded.) Figure you have 1-2 weeks at most.
- Enforcement of the route/route6 objects (for both transit and non-transit ASes) will come later, but not a lot later. So please, start on this now.
Where
If you are not sure where to create IRR records, use ARIN (assuming you are in the ARIN region).
How (with ARIN)
- Login to ARIN Online. (Go to arin.net and click Login in the top right.)
- On the left side, expand "Routing Security" and click "IRR".
- Click "as-set" at the top.
- Click "Create an Object".
- Fill in the fields:
The "AS Set Name" is what you will list in PeeringDB (or email to me).
"Description" is unparsed, but they suggest the location and have a button to "Copy the Address from My Org ID".
"Members" is where you list your ASN and downstream ASes (if any).- Click "Review". Once ready, click "Submit".
- Click "route/route6" at the top.
- Click "Create an Object".
- Fill in the fields:
"Prefix" is the prefix, e.g. 192.0.2.0/24.
"Origin" is your ASN.- Click "Review". Once ready, click "Submit".
- Repeat to create additional route objects until all of your announcements are covered. Don't forget IPv6!
Examples
Here is my as-set: https://www.radb.net/query?keywords=AS-WIKTEL
Here is one example route: https://www.radb.net/query?keywords=69.89.192.0%2F20
(I created the AS33362 one. The AS19905 one is because another AS can originate this route for DDoS scrubbing reasons.)
--Richard
To unsubscribe from the MICE-DISCUSS list, click the following link:
http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1
Disclaimer: If you are not the intended recipient of this message, please immediately notify the sender of the transmission error and then promptly permanently delete this message from your computer system.
To unsubscribe from the MICE-DISCUSS list, click the following link:
http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1
To unsubscribe from the MICE-DISCUSS list, click the following link:
http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1