Zoom Logo

IRR office hours Q/A - Shared screen with speaker view
Linda Roos
18:20
Here are links to the recording and slides from the Merit RADb session (first is recording; second is slides):https://internet2.zoom.us/recording/share/WDE8Gtk2A843DDoktOr2tZgAJ-2wKjNq4xqi9UxiSdwhttps://internet2.box.com/s/8ckdn6ynw1cb1glsjvg8w0iegtlhw00u
Patrick McEvilly
19:16
One of our ISPs have our prefixes registered in an IRR for us. Is that sufficent?
Greg Grimes
24:26
Where are people "looking" at this data? PeeringDB?
Jay Ford (uiowa)
24:48
whois -h whois.radb.net as3630 | more
chmorl
24:56
thanks
Greg Grimes
25:12
ahh.
Adair Thaxton
26:19
Or, type “AS3630” in the search box on RADb
Steve Wallace
26:36
https://www.radb.net/query?advanced_query=&keywords=as3630%3Aas-connectors&-T+option=&ip_option=&-i+option=
Steve Wallace
26:49
https://www.radb.net/query?advanced_query=&keywords=as3630&-T+option=&ip_option=&-i+option=
Jay Ford (uiowa)
30:35
Those proxy objects often have incorrect origin AS.
Jay Ford (uiowa)
31:29
It seems that some users of IRR data allow prefixes up to /24 for IPv4 &/48 for IPv6 within the space covered by a route or route6 object.How prevalent is this implied "as long as" behavior?
chmorl
33:55
So, if I have a Class B, a.b.0.0/16, and as an end user university, I also advertise more specifics, such as a.b.0.0/17 and a.b.128.0/17 , I also need to list these more specific routes, in the IRR, via RADb?
Chris Wopat - WiscNet
34:19
also note that there are more IRR sources than radb and arin. IRRexplorer (http://irrexplorer.nlnog.net/) is a good spot to put your asn in and check between various sources
Patrick McEvilly
34:32
If the RR entries are used for dynamic prefix lists - when I have my ISP pull the prefix from their IRR will the prefix get withdrawn until we get it into our own RADB entry?
jeff_wilson
34:38
+1 to chmorl's question
Bill Owens
35:27
If you’d like to see an example of someone with a lot of more-specifics:
Bill Owens
35:28
http://irrexplorer.nlnog.net/search/11872
Jay Ford (uiowa)
35:50
How likely is that users of IRR data will accept & act on mp-membersfields in route-set objects with prefix length specs such as?mp-members: 128.255.0.0/16mp-members: 128.255.0.0/16^24-24mp-members: 2620:0:e50::/45mp-members: 2620:0:e50::/45^48-48
Kevin Schmidt
38:19
Won't this create problems for the I2 DDoS Mitigation Service? Invoking the service creates new /24 prefix advertisements that don't usually exist and originate from a different AS.
Patrick McEvilly
38:22
who was it that offered the no down time transfer?
chmorl
38:40
Is there a whois server to query to see that AS11872 output that Bill shows?
Bill Owens
39:40
IRRExplorer combines the results of a bunch of queries against IRRs and the routing table, so I don’t think there is a way to do that with a whois query. There is a CLI client for IRRExplorer but I think it only works if you run your own copy.
Adair Thaxton
40:10
chmorl: whois -h whois.radb.net as11872 | more
Adair Thaxton
40:13
I assume :)
John Kristoff
40:42
another commitment, thx all
chmorl
41:32
YIKES!
Adair Thaxton
42:34
Whoops - remove the host specification for that command, they’re in ARIN but not RADb
Brad Fleming
43:09
http://irrexplorer.nlnog.net/search/2495 is the best way we’ve found to deal with RPKI and DDoS so far
Brad Fleming
43:14
which isn’t pretty
Brad Fleming
43:46
and doesn’t scale at all for v6
Jay Ford (uiowa)
43:59
When do you intend to create IRR entries for I2PX?
Chris Wopat - WiscNet
44:01
was about to say that doesnt return much.. but wait for megabytes of html :)
Andrew Gallo (GWU)
44:01
is "AS-ANY" in the export statement a well known set? does that have to be defined anywhere? RFC 2622 seems isn't exactly clear, but implies that it's well known
Jeff Bartig
44:44
whois -h rr.arin.net XXXXX is what you want to use to query the ARIN IRR directly. ARIN is mirrored by RADb, so you will also see ARIN records if you query RADb with whois -h whois.radb.net XXXXX
Greg Grimes
44:47
After attempting and failing all day to register a maintainer object with ARIN, it might be worth the price to use RADB.
Jay Ford (uiowa)
44:59
as-any is reserved, meaning all IRR-documented ASes, not quite the same as all possible ASes
Michael Lambert (3ROX)
45:00
Section 5.3 of RFC 2622, Andrew.
Bill Owens
45:17
RADb has been great for us.
Andrew Gallo (GWU)
45:47
Thank you Michael. I see it
Andrew Gallo (GWU)
46:42
Greg- it took me a while to get ARIN working--- undocumented password restrictions. initial mntnr object creation worked, everything else failed. I believe your initial cleartext password needs to be < 16 chars and no special characters
Greg Grimes
47:33
@Andrew, I can't even get the maintainer object created. keeps telling me to fix my stuff. however it doesn't tell me WHAT to fix. jeez.
Andrew Gallo (GWU)
48:00
YIkes- I can send you a doc that I wrote internally in case we ever needed to start over with ARIN
Adair Thaxton
48:02
It’s supposed to send you a failure email with what you failed… supposed to.
Greg Grimes
48:38
ARIN was unable to process your email. Please ensure that it contains one or more valid RPSL templates. Please fix any issues and re-submit your email.
Greg Grimes
48:42
That's what it tells me
jcotton
49:47
(make sure your ARIN emails are plain text, not MIME or HTML)
Michael Bloom
51:05
dumb question. is the key to export the as-set to AS-ANY in the aut-num object? Is there anything more specific that needs to be done so I2PX picks it up. How does I2PX know to pick these up?
Andrew Gallo (GWU)
51:39
That's a good point on email format- the rejections I've gotten back from ARIN's parser at least tells me what succeeded and what failed. for example:SUMMARY OF UPDATE:Number of objects found: 1Number of objects processed successfully: 0Create: 0Modify: 0Delete: 0No Operation: 0Number of objects processed with errors: 1Create: 0Modify: 0Delete: 0Syntax Errors: 1DETAILED EXPLANATION:~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~The following object(s) were found to have ERRORS:---Update FAILED: [as-set]***Error: Syntax error in object
Greg Grimes
52:30
Thanks @jcotton. That might be the issue. I just checked an Thunderbird is defaulted to Rich Text.
Adair Thaxton
52:30
Greg, are you following this example? https://www.arin.net/resources/manage/irr/quickstart/#sample-mntnr-object
Greg Grimes
52:45
@Adair. Of course.
Greg Grimes
53:23
I did get my very first "FAILED" email. So I think I fixed the Rich text. yay
Adair Thaxton
53:32
Log into the ARIN portal and submit a help request?
Patrick McEvilly
54:01
probably not the next two weeks. we are in a mandatory change freeze
jeff_wilson
54:01
we have outstanding ARIN help request for dusting off our ancient POC records
Brad Fleming
54:02
I think we’re good which is famous last words.
chmorl
54:45
Does Google have anything published, as to what they are looking for, in an ideal IRR record?
Adair Thaxton
54:46
I assume a change freeze is going to be fairly common among our universities at this time of year.
Michael Bloom
55:01
I think we can do it. Will it be possible to set it up and ask I2 to check to see if it is setup correctly or how do we verify we did it correctly?
Patrick McEvilly
55:20
so we peer with the NoX Northern CrossRoads. Is this more of a problem for NoX than us?
Patrick McEvilly
55:59
yes please
Michael Bloom
56:03
that would be grear
Dave Kokoszyna
56:09
Yes please
Andrew Gallo (GWU)
56:21
I think taking a simple case of a non-transit campus, and a connector that provides transit would be helpful
szajih saniatan
56:30
is there a way someone can see if ours is setup correctly?...not sure how to decipher irrexplorer
Patrick McEvilly
56:32
+1 for Andrew
John W. O'Brien (Penn/MAGPI)
56:39
I think we can do it (are mostly done). The thing I'm still not totally comfortable with is where to look for validation. I'm in the Google ISP portal, on IRRExplorer, etc, but it's not clear that's sufficient.
Linda Roos
57:44
Irr-help@internet2.edu
szajih saniatan
57:53
perfect...thanks
jcotton
57:53
Is the Google ISP Portal open to anyone? I tried to login but got nothing.
jeff_wilson
58:02
+1 Andrew Gallo's example
szajih saniatan
58:13
i use slack...
Dave Kokoszyna
58:20
Slack here ...
Patrick McEvilly
58:20
There is an Internet2 Slack instance?
Greg Grimes
58:43
Yes
Greg Grimes
59:01
I would suggest a new channel
Greg Grimes
59:28
She is magic
Adair Thaxton
01:00:00
Linda the Good Witch?
John W. O'Brien (Penn/MAGPI)
01:00:58
"To request access to the Google ISP Portal please visit https://isp.google.com/portalaccess"
jcotton
01:01:10
Thanks Jeff!
Greg Grimes
01:01:32
I'm in a panic for sure.
jeff_wilson
01:02:26
I missed the URL to the introductory webinar, can you post that again?
Brad Fleming
01:02:30
@greg if you’d like a second set of eyes let me know.
Greg Grimes
01:02:40
Thanks, Brad
szajih saniatan
01:02:49
thanks for the info
chmorl
01:03:20
Is there a URL where Google has their IRR requirements documented?
jeff_wilson
01:03:25
wompwomp, I signed on late, can someone copy/paste that again?
John Sallee
01:03:30
https://internet2.zoom.us/recording/play/HRSF4hEs0wOOF6wsGm4d4HIgpSYGqT6dbMsGfQk0obCpu2IMuxy6NlCPZyw5-Ky-?continueMode=true
Steve Wallace
01:03:32
https://youtu.be/P829hIoWf4Q
jeff_wilson
01:03:42
muchas gracias
Steve Wallace
01:03:57
https://docs.google.com/document/d/1Zw5XaoG2y7M5-ue3-axfb4IXCch_Mh_fKqlOWEO8B7o/edit
Adair Thaxton
01:04:18
Google’s requirements: https://peering.google.com/#/options/peering
chmorl
01:04:34
Nice, thanks
Bill Owens
01:04:42
This is the best doc I’ve found for Google
Bill Owens
01:04:43
https://support.google.com/interconnect/answer/9368848?hl=en&ref_topic=9326690
THolmes
01:05:00
👍
Bill Owens
01:05:04
It does say that they want aut-num objects, but I don’t think that is true for downstreams, only direct peers.
robert
01:05:28
Ah nice outline
jeff_wilson
01:07:03
antidote to panic turtle? gratitude turtle? many thanks for all who contributed to putting this conversation together
jeff_wilson
01:07:42
how do you spell BGP? oh no!
Greg Grimes
01:08:31
Yes. I want to thank everyone for all of your help. I2 staff are amazing folks! Except Karl
Greg Grimes
01:08:50
ok...Even Karl
John W. O'Brien (Penn/MAGPI)
01:08:53
Thanks all. Always fun hanging out.
Regis Donovan - Tufts University
01:08:56
Thank you very much. Very helpful!
Mitchell Kuch
01:08:57
Thank you!
Michael Bloom
01:08:57
thank you
jcotton
01:08:59
Thanks!