<div dir="ltr"><div class="gmail_default" style="font-family:courier new,monospace;font-size:small">Hello Carlos!<br><br></div><div class="gmail_default" style="font-family:courier new,monospace;font-size:small">Well...<br></div><div class="gmail_default" style="font-family:courier new,monospace;font-size:small">I'm with two tasks on my todo list:<br></div><div class="gmail_default" style="font-family:courier new,monospace;font-size:small"><br></div><div class="gmail_default" style="font-family:courier new,monospace;font-size:small">1- Import all the ROAs in the world as ROUTE and ROUTE6 objects to a private IRR.</div><div class="gmail_default" style="font-family:courier new,monospace;font-size:small">2- Import NRO Extended Delegation File, Use Opaque-ID to vinculate ASNs, IPv4, IPv6, and insert it to to a Private IRR.<br><br></div><div class="gmail_default" style="font-family:courier new,monospace;font-size:small">Actually, task #1 is almost stoped... But task #2 is i already have something working.</div><div class="gmail_default" style="font-family:courier new,monospace;font-size:small"><br></div><div class="gmail_default" style="font-family:courier new,monospace;font-size:small">The idea is propose that ALL IRRs in the world use those bases as a filter to not accept proxyed entries that with an Orign that is not from the real Owner, or somebody he explicitly authorized through RPKI.<br></div><div class="gmail_default" style="font-family:courier new,monospace;font-size:small"><br></div><div class="gmail_default" style="font-family:courier new,monospace;font-size:small"><br></div><div class="gmail_default" style="font-family:courier new,monospace;font-size:small">Now, the provocation:<br>---------------------</div><div class="gmail_default" style="font-family:courier new,monospace;font-size:small"><br></div><div class="gmail_default" style="font-family:courier new,monospace;font-size:small">Is this code that is used to populate the LACNIC IRR base from LACNIC's RPKI open?<br>At least the part that imports LACNIC's ROAs and injects it into the IRR, is it open?<br>How about doing this for the whole world?</div><div class="gmail_default" style="font-family:courier new,monospace;font-size:small"><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">Em qua., 4 de mar. de 2020 às 11:40, Carlos M. Martinez <<a href="mailto:carlosm3011@gmail.com">carlosm3011@gmail.com</a>> escreveu:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><u></u>
<div>
<div><div><p dir="auto">Hi all,</p>
<p dir="auto">Just a clarification: LACNIC’s IRR does support AS-SETs, but operators/users need to create them.</p>
<p dir="auto">Our IRR is “mostly automatic” in the sense that route/route6 objects and maintainers are synthesized based on RPKI and WHOIS data.</p>
<p dir="auto">However, unlike route/route6 and maintainers, our IRR cannot synthesize AS-SETs for our users.</p>
<p dir="auto">Our IRR is still in its infancy (it has been in production for less than three months) but I hope when the word gets out we will see significant uptake of this tool.</p>
<p dir="auto">If there are any specific, architectural or service questions regarding LACNIC’s IRR please refer directly to us LACNIC staff.</p>
<p dir="auto">Cheers!</p>
<p dir="auto">/Carlos</p>
<p dir="auto">On 3 Mar 2020, at 9:00, Arturo Servin wrote:</p>
</div>
<blockquote><div dir="ltr">Douglas<div><br></div><div>Thanks for getting this stats and bringing awareness that there is a lot to do in LATAM.</div><div><br></div><div>I have these stats that I have presented in some fora in the past few months, these represent the percentage of valid prefixes (according to IRR data.) As you can see LATAM (69.11%) is way behind the rest of the regions and the global average of 86%.We are working to include LACNIC IRR so stats might improve soon but I am not sure how much as the IRR does not have AS-SETs and I would bet that a good chunk of invalid are coming from ASs that provide transit services to other ASNs (so AS-origin is not enough to validate.)</div><div><br></div><div></div><div><div><img alt="Initial Experiences Route Filtering at the Edge AS15169.png" width="562" height="316"><br></div></div><div><br></div><div>Some places to check your prefixes:</div><div><ul><li>IRR Explorer NLNOG: <a href="http://irrexplorer.nlnog.net/" target="_blank">http://irrexplorer.nlnog.net/</a> </li><li>RIPE RIS Routing Consistency: <a href="https://stat.ripe.net/widget/as-routing-consistency" target="_blank">https://stat.ripe.net/widget/as-routing-consistency</a> </li></ul></div><div><br></div><div>Finally, Google is in the process to start filtering all invalid prefixes that do not match any IRR entry, so I recommend that if you peer with AS15169 you take a look if your prefixes are validated (Google ISP Portal</div><a href="https://isp.google.com/bgp/" target="_blank">https://isp.google.com/bgp/</a> and check your AS-SET in PeeringDB)<div><br></div><div>Regards</div><div>as</div><div> <div><br></div><div><br></div><div><br></div><div><br></div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Mar 2, 2020 at 9:39 PM Douglas Fischer <<a href="mailto:fischerdouglas@gmail.com" target="_blank">fischerdouglas@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div><div><span class="gmail_default" style="font-family:"courier new",monospace;font-size:small">Acabei de criar mais uma visão sumarizada de quem está criando sujeira nos IRRs, especificamente nos prefixos brasileiros.<br></span><div><div class="gmail_default" style="font-family:"courier new",monospace;font-size:small"> -> <a href="https://docs.google.com/spreadsheets/d/1RXqzCP2uN-dZ1hRkridm4EBg4_6tYC09Y8ZAW68JSf8/" target="_blank">https://docs.google.com/spreadsheets/d/1RXqzCP2uN-dZ1hRkridm4EBg4_6tYC09Y8ZAW68JSf8/</a></div><span class="gmail_default" style="font-family:"courier new",monospace;font-size:small"></span></div><span class="gmail_default" style="font-family:"courier new",monospace;font-size:small">Esse arquivo nos mostra or Objetos IRR Route: e Route6: classificados com INVALID e UNEEDED em 2020-03-01</span></div><div><span class="gmail_default" style="font-family:"courier new",monospace;font-size:small"><br>O 5 maintainers que mais tem criados registros INVALID de prefixos BR são:</span></div><div><span class="gmail_default" style="font-family:"courier new",monospace;font-size:small">Maint | Name | INVALID | UNEEDED |<br>MAINT-AS8966 | Emirates IX - ChinaTel | 2511 | 2 |<br>MAINT-AS7786 | NeuStar | 887 | |<br>MAINT-AS18678 | Internexa | 670 | 605 |<br>MAINT-SAMM | SAMM CCR | 140 | 80 |<br>MAINT-NRT-BB | NOROESTECOM | 60 | 3 |</span></div></div><div><span class="gmail_default" style="font-family:"courier new",monospace;font-size:small"><br></span></div><div><span class="gmail_default" style="font-family:"courier new",monospace;font-size:small">P.S.:</span><br><span class="gmail_default" style="font-family:"courier new",monospace;font-size:small"></span><div><span class="gmail_default" style="font-family:"courier new",monospace;font-size:small">Procedimento de como se chegou a essas informações detalhado nessa troca de e-mail</span></div><div><span class="gmail_default" style="font-family:"courier new",monospace;font-size:small"><a href="https://mail.lacnic.net/pipermail/lacnog/2020-February/007809.html" target="_blank">https://mail.lacnic.net/pipermail/lacnog/2020-February/007809.html</a></span></div><div><span class="gmail_default" style="font-family:"courier new",monospace;font-size:small"><br><br></span></div><span class="gmail_default" style="font-family:"courier new",monospace;font-size:small">Eu preciso agradecer e parabenizar as equipes das empresas:<br></span></div><span class="gmail_default" style="font-family:"courier new",monospace;font-size:small"> - G8 Networks<br></span><div><div><div><span class="gmail_default" style="font-family:"courier new",monospace;font-size:small"> - Nexusguard</span></div><div><span class="gmail_default" style="font-family:"courier new",monospace;font-size:small">Desde a análise que eu havia feito no dia 13-Feb-2019 [1] tive a oportunidade de conversar com pessoas dessas duas empresas, e eles fizeram esforços e corrigiram/eliminaram grande parte dos registros incorretos que eles haviam criados.<br></span></div><div><span class="gmail_default" style="font-family:"courier new",monospace;font-size:small">Esta, em minha opinião, deve ser a postura de operadores de rede. Estando abertos a informações, validando, e corrigindo se cabível.<br></span></div><div><span class="gmail_default" style="font-family:"courier new",monospace;font-size:small"><br></span></div><div><br><span class="gmail_default" style="font-family:"courier new",monospace;font-size:small"></span></div><div><br><span class="gmail_default" style="font-family:"courier new",monospace;font-size:small"></span></div><div><span class="gmail_default" style="font-family:"courier new",monospace;font-size:small"><br></span></div><div><span class="gmail_default" style="font-family:"courier new",monospace;font-size:small">[1] <a href="https://docs.google.com/spreadsheets/d/1XxUI2_JcKgkg5CniRi1E3ieEu9HgRJCfYfaH3hTIaHg/" target="_blank">https://docs.google.com/spreadsheets/d/1XxUI2_JcKgkg5CniRi1E3ieEu9HgRJCfYfaH3hTIaHg/</a></span></div><div><span class="gmail_default" style="font-family:"courier new",monospace;font-size:small"></span><br>-- <br><div dir="ltr"><font size="2"><span style="font-family:"courier new",monospace">Douglas Fernando Fischer</span><br style="font-family:"courier new",monospace"><span style="font-family:"courier new",monospace">Engº de Controle e Automação</span></font><div style="padding:0px;margin-left:0px;margin-top:0px;overflow:hidden;color:black;text-align:left;line-height:130%;font-family:"courier new",monospace"></div></div></div></div></div></div>
_______________________________________________<br>
LACNOG mailing list<br>
<a href="mailto:LACNOG@lacnic.net" target="_blank">LACNOG@lacnic.net</a><br>
<a href="https://mail.lacnic.net/mailman/listinfo/lacnog" rel="noreferrer" target="_blank">https://mail.lacnic.net/mailman/listinfo/lacnog</a><br>
Cancelar suscripcion: <a href="https://mail.lacnic.net/mailman/options/lacnog" rel="noreferrer" target="_blank">https://mail.lacnic.net/mailman/options/lacnog</a><br>
</blockquote></div></blockquote>
<div><blockquote>
</blockquote><blockquote><p dir="auto">_______________________________________________<br>
LACNOG mailing list<br>
<a href="mailto:LACNOG@lacnic.net" target="_blank">LACNOG@lacnic.net</a><br>
<a href="https://mail.lacnic.net/mailman/listinfo/lacnog" target="_blank">https://mail.lacnic.net/mailman/listinfo/lacnog</a><br>
Cancelar suscripcion: <a href="https://mail.lacnic.net/mailman/options/lacnog" target="_blank">https://mail.lacnic.net/mailman/options/lacnog</a></p>
</blockquote></div>
</div>
</div>
_______________________________________________<br>
LACNOG mailing list<br>
<a href="mailto:LACNOG@lacnic.net" target="_blank">LACNOG@lacnic.net</a><br>
<a href="https://mail.lacnic.net/mailman/listinfo/lacnog" rel="noreferrer" target="_blank">https://mail.lacnic.net/mailman/listinfo/lacnog</a><br>
Cancelar suscripcion: <a href="https://mail.lacnic.net/mailman/options/lacnog" rel="noreferrer" target="_blank">https://mail.lacnic.net/mailman/options/lacnog</a><br>
</blockquote></div><br clear="all"><br>-- <br><div dir="ltr" class="gmail_signature"><font size="2"><span style="font-family:courier new,monospace">Douglas Fernando Fischer</span><br style="font-family:courier new,monospace"><span style="font-family:courier new,monospace">Engº de Controle e Automação</span></font><div style="padding:0px;margin-left:0px;margin-top:0px;overflow:hidden;color:black;text-align:left;line-height:130%;font-family:courier new,monospace"></div></div>