[ARIN-consult] Consultation on ARIN IRR Roadmap

Job Snijders job at ntt.net
Fri Feb 23 11:18:09 EST 2018


On Thu, Feb 22, 2018 at 04:42:02PM -0600, David Farmer wrote:
> On Thu, Feb 22, 2018 at 3:19 PM, Job Snijders <job at ntt.net> wrote:
> 
> > On Thu, Feb 22, 2018 at 04:06:28PM -0500, Jason Schiller wrote:
> > > I am confused...
> > >
> > > the current ARIN IRR is rr.arin.net
> >
> > ARIN manages an IRR database called "ARIN" in a daemon running on host
> > rr.arin.net. You can publish data from multiple databases via a single
> > fqdn like 'rr.arin.net'. I think what David Farmer is talking about is
> > the "source: ARIN" aspect of the data you show:
> >
> >     $ whois -h rr.arin.net 199.43.0.0/24 | grep source
> >     source:         ARIN # Filtered
> >
> > RIPE is developing something similar, where non-authoritative data will
> > be marked with "source: RIPE-NONAUTH" rather than "source: RIPE" to show
> > which objects came into existance because of the chain of trust from the
> > RIR data to the IRR data, and some didn't.
> >
> > With an example from the ARIN IRR:
> >
> >     job at vurt ~$ whois -h rr.arin.net -- "-B 192.0.2.0/24" | egrep
> > "route:|source:"
> >     route:          192.0.2.0/24
> >     source:         ARIN
> >     route:          192.0.2.0/24
> >     source:         ARIN
> >
> > 192.0.2.0/24 is a Special Use IPv4 prefix (RFC 3330 / RFC 5735) and not
> > owned by either of the organisations that created a route object for it
> > in the ARIN IRR. It is crazy that there even are route objects for this
> > prefix.
> >
> > In my opinion, IRR 'route:' objects covering prefixes like 192.0.2.0/24
> > should either be purged from the ARIN IRR - or should be clearly marked
> > by changing the "source: ARIN" to "source: ARIN-OLD" (or perhaps "source:
> > ARIN-NONAUTHORITATIVE-LEGACY-GARBAGE" ;-))
> 
> Yep, that is what I was trying to get at. I didn't know if "-" was a valid
> character, since none of the current IRRs have a "-" in their source
> field.  Therefore it was just easier to assume "-" wasn't valid.
> 
> But if "-" is valid then "ARIN-OLD" is what I really thought of first, but
> better yet is "ARIN-LEGACY" (and "ARIN-NONAUTHORITATIVE-LEGACY-GARBAGE" is
> fine with me too;-)).
> 
> And, then after a year or so all the "ARIN-NONAUTHORITATIVE-LEGACY-GARBAGE"
>  magically just disappears.

I'd avoid the term "LEGACY" as that may confuse some because we also
have the concept of "Legacy IP space".

Perhaps "ARIN-NONAUTH" to align somewhat with the work being done in
RIPE?

If a subset of the data in ARIN's IRR can be validated, and the set of
objects that are not validated are tagged with "ARIN-NONAUTH" (since
those objects are not authoritative due to lack of validation) - we'll
be in much better shape.

I maintain that no new "ARIN-NONAUTH" objects should be allowed to come
into existence.

Kind regards,

Job



More information about the ARIN-consult mailing list