Context: Hurricane Electric is now doing IRR filtering now. My question isn't specific to HE's filtering, but is more about what the best practices are. I'm looking for clue, on or off list, about whether my AS should have an aut-num object. We already have an as-set object listing our AS as well as those of our transit customers. This as-set's name is listed in PeeringDB. We also already have a route-set object containing route objects for each of our prefixes. I've looked at some other networks and this approach (list an as-set in PeeringDB) seems to be the common case. I am only aware of a couple networks who are using an aut-num object. I'm cool with creating an aut-num object, but how much do I really need to fill in? That is, do I need to have import/export statements for literally every AS I peer with, or can I just use "from ANY accept ANY" and "to ANY announce AS-WIKTEL"? I don't want to create and have to maintain an aut-num that is more complex than necessary. I also don't want to break working traffic with peers who might pick up that aut-num object automatically. If it matters, I use the ARIN IRR. I was previously using email templates but would intend to switch (which I understand is permanent) to the web interface on my next modification. -- Richard
Good Afternoon; I am also using ARIN IRR and have setup an AUT-NUM object. I was told that I had to set it up to get updates to appear properly. The problem I have is not with my IP Addresses, but with my customers that have their own blocks and ASNs. HE is still rejecting them. I am not sure how to get the AUT-NUM or Route-Set to work for my customers. Thank you! Larry L. Larsen Director of Information Technology O: 712-271-5920 | F: 712-271-2727 llarsen@longlines.biz Connect | Empower | Erich 504 4th Street | Sergeant Bluff, IA 51054 www.longlines.com -----Original Message----- From: MICE Discuss <MICE-DISCUSS@LISTS.IPHOUSE.NET> On Behalf Of Richard Laager Sent: Tuesday, June 23, 2020 1:44 PM To: MICE-DISCUSS@LISTS.IPHOUSE.NET Subject: [MICE-DISCUSS] IRR Filtering WARNING!! This message originated from an External Source. Please use proper judgment and caution when opening attachments, clicking links, or responding to this email. Context: Hurricane Electric is now doing IRR filtering now. My question isn't specific to HE's filtering, but is more about what the best practices are. I'm looking for clue, on or off list, about whether my AS should have an aut-num object. We already have an as-set object listing our AS as well as those of our transit customers. This as-set's name is listed in PeeringDB. We also already have a route-set object containing route objects for each of our prefixes. I've looked at some other networks and this approach (list an as-set in PeeringDB) seems to be the common case. I am only aware of a couple networks who are using an aut-num object. I'm cool with creating an aut-num object, but how much do I really need to fill in? That is, do I need to have import/export statements for literally every AS I peer with, or can I just use "from ANY accept ANY" and "to ANY announce AS-WIKTEL"? I don't want to create and have to maintain an aut-num that is more complex than necessary. I also don't want to break working traffic with peers who might pick up that aut-num object automatically. If it matters, I use the ARIN IRR. I was previously using email templates but would intend to switch (which I understand is permanent) to the web interface on my next modification. -- Richard
HE.net <http://he.net/> will parse out your AS-SET or export: line in AUT-NUM object. See: http://routing.he.net/algorithm.html <http://routing.he.net/algorithm.html> Ideally, best case, you have: AS-SET including your ASN and your downstream customers (if any) ROUTE objects created for each prefix with origin set to the correct ASN AUT-NUM for your ASN with an export line matching your as-set (ie: export: to ANY announce AS65535-AS-SET-OBJECT) If you haven’t also update PeeringDB.com <http://peeringdb.com/> with your as-set info.
On Jun 23, 2020, at 1:53 PM, Larry Larsen <llarsen@LONGLINES.BIZ> wrote:
Good Afternoon;
I am also using ARIN IRR and have setup an AUT-NUM object. I was told that I had to set it up to get updates to appear properly. The problem I have is not with my IP Addresses, but with my customers that have their own blocks and ASNs. HE is still rejecting them. I am not sure how to get the AUT-NUM or Route-Set to work for my customers.
Thank you!
Larry L. Larsen Director of Information Technology O: 712-271-5920 | F: 712-271-2727 llarsen@longlines.biz
Connect | Empower | Erich
504 4th Street | Sergeant Bluff, IA 51054 www.longlines.com
-----Original Message----- From: MICE Discuss <MICE-DISCUSS@LISTS.IPHOUSE.NET> On Behalf Of Richard Laager Sent: Tuesday, June 23, 2020 1:44 PM To: MICE-DISCUSS@LISTS.IPHOUSE.NET Subject: [MICE-DISCUSS] IRR Filtering
WARNING!! This message originated from an External Source. Please use proper judgment and caution when opening attachments, clicking links, or responding to this email.
Context: Hurricane Electric is now doing IRR filtering now. My question isn't specific to HE's filtering, but is more about what the best practices are.
I'm looking for clue, on or off list, about whether my AS should have an aut-num object. We already have an as-set object listing our AS as well as those of our transit customers. This as-set's name is listed in PeeringDB. We also already have a route-set object containing route objects for each of our prefixes.
I've looked at some other networks and this approach (list an as-set in PeeringDB) seems to be the common case. I am only aware of a couple networks who are using an aut-num object.
I'm cool with creating an aut-num object, but how much do I really need to fill in? That is, do I need to have import/export statements for literally every AS I peer with, or can I just use "from ANY accept ANY" and "to ANY announce AS-WIKTEL"? I don't want to create and have to maintain an aut-num that is more complex than necessary. I also don't want to break working traffic with peers who might pick up that aut-num object automatically.
If it matters, I use the ARIN IRR. I was previously using email templates but would intend to switch (which I understand is permanent) to the web interface on my next modification.
-- Richard
On 6/23/20 2:03 PM, Andrew Hoyos wrote:
AUT-NUM for your ASN with an export line matching your as-set (ie: export: to ANY announce AS65535-AS-SET-OBJECT)
This look reasonable as a starting point? import: from AS-ANY accept ANY export: to AS-ANY announce AS-WIKTEL mp-import: afi ipv6.unicast from AS-ANY accept ANY mp-export: afi ipv6.unicast to AS-ANY announce AS-WIKTEL -- Richard
I just noticed you can also lookup your range against HE filter and it'll tell you wether it passes or not (as well as fully explaining the filters conditions.) Decent for double checking if the rules are working and why if not Link is at https://routing.he.net note that it can take awhile to load after querying a range On Tue, Jun 23, 2020 at 2:15 PM Richard Laager <rlaager@wiktel.com> wrote:
On 6/23/20 2:03 PM, Andrew Hoyos wrote:
AUT-NUM for your ASN with an export line matching your as-set (ie: export: to ANY announce AS65535-AS-SET-OBJECT)
This look reasonable as a starting point?
import: from AS-ANY accept ANY export: to AS-ANY announce AS-WIKTEL mp-import: afi ipv6.unicast from AS-ANY accept ANY mp-export: afi ipv6.unicast to AS-ANY announce AS-WIKTEL
-- Richard
participants (4)
-
Andrew Hoyos -
Austin Gillmann -
Larry Larsen -
Richard Laager