[ARIN-Suggestions] New ACSP Suggestions

ARIN info at arin.net
Mon Jan 30 13:18:09 EST 2023

Two new suggestions have been received (2023.1 and 2023.2). You may find the new suggestions and links in full below.


American Registry for Internet Numbers (ARIN)


2023.1: Limit Length of Members Lines for API

Author: Joe Abley   
Submitted On: 30 January 2023


We publish an as-set object AS13335:AS-CUSTOMERS by sending XML payloads through the API in an automated fashion. This results in as-set objects being published and mirrored from rr.arin.net which has all the many members formatted on a single members: line in the resulting RPSL as-set object, like this:

>>>> jabley at YYT0L7C2CL ~ % whois -h rr.arin.net as13335:as-customers
>>>>  as-set: AS13335:AS-CUSTOMERS
>>>>  descr: Cloudflare, Inc
>>>>  101 Townsend Street, San Francisco
>>>>  California 94107, US
>>>>  +1-650-319-8930
>>>>  remarks: ---------------
>>>>  Cloudflare announces its ASNs via many upstream ASNs
>>>>  All Cloudflare abuse reporting can be done via
>>>>  https://www.cloudflare.com/abuse
>>>>  ---------------
>>>>  members: >>>>AS31,AS112,AS823,AS1204,AS1294,AS1421,AS1448,AS1921,AS1958,AS2047,AS2535,AS2639,AS3268,AS3557,AS3756,AS3955,AS4>>>>058,AS4373,AS4657,AS4739,AS4802,AS4892,AS4927,AS5006,AS5032,AS5049,AS5390,AS5408,AS5419,AS5430,AS5539,AS5715,AS>>>>6169,AS6450,AS6752,AS6908,AS6973,AS7377,AS7380,AS7484,AS7545,AS7810,AS7828,AS8248,AS8643,AS8651,AS8660,AS8781,A>>>>S8831,AS8851,AS9011,AS9022,AS9090,AS9166,AS9426,AS9502,AS9520,AS9547,AS9554,AS9832,AS9942,AS10082,AS10384,AS103>>>>97,AS10461,AS10584,AS10641,AS10666,AS10668,AS10725,AS10823,AS11082,AS11086,AS11144,AS11179,AS11207,AS11298,AS1>>>>1318,AS11326,AS11331,AS11334,AS11369,AS11374,AS11657,AS11744,AS12130,AS12179,AS12273,AS12564,AS12766,AS13008,A>>>>S13038,AS13267,AS13283,AS13428,AS13461,... many, many, many, many more... >>>>AS399868,AS399880,AS399921,AS399939,AS400011,AS400183,AS400566,AS400608

>>>>  admin-c: ADMIN2521-ARIN
>>>>  tech-c: ADMIN2521-ARIN
>>>>  tech-c: CLOUD146-ARIN
>>>>  mnt-by: MNT-CLOUD14
>>>>  created: 2021-07-15T17:06:11Z
>>>>  last-modified: 2022-11-18T19:53:28Z
>>>>  source: ARIN
>>>>  jabley at YYT0L7C2CL ~ %

This is all glorious legal RPSL but the long “members” line in the middle with no breaks causes problems for some people. For example, this is the full, non-truncated output from one (I think irrdv3 instance) that is mirroring the ARIN dataset, which gives a profoundly wrong answer:

>>>>  jabley at YYT0L7C2CL ~ % whois -h irr.wolcomm.net '!iAS-CLOUDFLARE,1'
>>>>  A61
>>>>  AS132892 AS13335 AS133877 AS14789 AS202623 AS209242 AS394536
>>>>  C
>>>>  jabley at YYT0L7C2CL ~ %

The XML schema for your REST API doesn’t allow us to specify how many members are stacked on a single line in the RPSL object you publish; that decision is made by your code when it constructs the RPSL. We confirmed this is true with your helpdesk, who gave us an entirely prompt and clear answer to that question.

So, what are the chances you could imagine a code change that limited the number of items on single members lines, so that instead of the big long line above you produced something like this?

 >>>> ...
>>>>  members: AS31, AS112, AS823, AS1204, AS1294, AS1421, AS1448, AS1921, AS1958, AS2047,
>>>>  members: AS2535, AS2639, AS3268, AS3557, AS3756, AS3955, AS4058, AS4373, AS4657,
>>>>  members: AS4739, AS4802, AS4892, AS4927, AS5006, AS5032, AS5049, AS5390, AS5408,
>>>>  members: AS5419, AS5430, AS5539, AS5715, AS6169, ... and so on
>>>>  ...

This ought to be entirely backwards-compatible with what you do right now, it just won’t cause other weak links in the IRR chain (so many weak links) barf in the same way.

Value to Community: Improved accuracy of global routing; increased compatibility with legacy IRR software; greater applicability of REST API

Timeframe: Not specified

Status: Confirmed   Updated: 30 January 2023


2023.2: Allow Multiple Security Keys for 2FA

Author: Joe Abley   
Submitted On: 30 January 2023

Description: Allow multiple FIDO2-compatible hardware security keys to be associated with an account, so that a single key is no longer a single point of failure.

Value to Community: Improved robustness of 2FA with hardware security keys.

Timeframe: Not specified

Status: Confirmed   Updated: 30 January 2023

More information about the arin-suggestions mailing list