[ARIN-consult] Consultation on ARIN IRR Roadmap

Jay Borkenhagen jayb at braeburn.org
Fri Feb 23 15:36:46 EST 2018


John Curran writes:
 > > For example, John may have meant that the ARIN Online registry + RPKI
 > > + IRR system of the future system would enforce a rule whereby the
 > > presence of ROAs placing the origin of a block of IPs in one or more
 > > ASNs would make it impossible to register any route objects that
 > > contradict the ROAs.  If so, I think that would be great.
 > 
 > That was not the intent of my statement, but that can certainly be done if the community wishes that level of integration. 

Thank you.  Please consider the suggestion recorded.  Other folk are
invited to comment.

 > What I intended by the remark is simply that parties which rely upon RPKI will often more heavily weight local-preference based on the RPKI validation result.  This is not assured but is indeed probable. 
 > 

It's about weighting only in a limited and temporary sense.  Breaking
it down:

Once a CIDR block is covered by a valid ROA (a "VRP" per
https://tools.ietf.org/html/rfc6811), that CIDR route and all its
more-specific routes can be either valid or invalid only -- no longer
can they be 'not found'.  Thus it does nothing to change local-pref of
'not found' routes relative to valid and invalid ones.

When a service provider first begins using validation state in their
routing policies, yes, they probably will give valid routes a higher
local-pref than the invalid ones.  But until they begin outright
blocking invalid routes, they will not be addressing the YouTube /
Pakistan Telecom case of more-specific hijacks.  So this phase should
be only temporary.

Networks that use validation state in their policies obviously need
valid ROAs to exist.  Networks that do not use validation state in
their routers directly can potentially still augment their current
IRR-based tools so they utilize RPKI information when generating
prefix list route filters, but I bet most will not do so.  For those
networks that do not, there is no pre-empting of IRR by RPKI.  (Other
than through the integration suggestion above.)


 > We are continuing to enhance our RPKI tools, but no new functionality is being announced at this time.   If there is specific functionality that you seek, please submit a suggestion so that it can be prioritized.
 > 

Thank you, I will.  Please announce ARIN's rpki enhancement plans
prior to beginning development.

						Jay B.





More information about the ARIN-consult mailing list