peering-toolbox:route_origin_authorisation
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| peering-toolbox:route_origin_authorisation [2022/05/06 15:26] – [Route Origin Authorisation] philip | peering-toolbox:route_origin_authorisation [2022/08/26 17:15] (current) – [Legacy address space] philip | ||
|---|---|---|---|
| Line 2: | Line 2: | ||
| One of the major problems with the Internet Routing Registry is that the information contained therein is historically placed there on trust. While the five RIRs have made big strides to tidy up their instances of the IRR (allowing object creation only by members), the remainder of the IRR still contains a lot of inaccurate, incorrect, and out dated information. And there is no validation or verification of any of the information provided either - any entity can place anything in the RADB, for example, simply by paying the subscription fee. | One of the major problems with the Internet Routing Registry is that the information contained therein is historically placed there on trust. While the five RIRs have made big strides to tidy up their instances of the IRR (allowing object creation only by members), the remainder of the IRR still contains a lot of inaccurate, incorrect, and out dated information. And there is no validation or verification of any of the information provided either - any entity can place anything in the RADB, for example, simply by paying the subscription fee. | ||
| + | |||
| + | Route Origin Authorisation is one of the four recommendations of the global programme known as the Mutually Agreed Norms for Routing Security ([[https:// | ||
| + | |||
| + | The following sections discuss the key components for Route Origin Authorisation. | ||
| * [[route_origin_authorisation# | * [[route_origin_authorisation# | ||
| + | * [[route_origin_authorisation# | ||
| + | * [[route_origin_authorisation# | ||
| ===== Background ===== | ===== Background ===== | ||
| Line 24: | Line 30: | ||
| **Note very well**: only create a ROA for the exact route that is being announced - never create a ROA for an unannounced route or subnet, as that could result in that route or subnet being hijacked. | **Note very well**: only create a ROA for the exact route that is being announced - never create a ROA for an unannounced route or subnet, as that could result in that route or subnet being hijacked. | ||
| - | ===== What about legacy | + | ===== Legacy |
| Holders of legacy (InterNIC assigned) address space are encouraged to create ROAs to assist with ensuring greater integrity of the global routing system. | Holders of legacy (InterNIC assigned) address space are encouraged to create ROAs to assist with ensuring greater integrity of the global routing system. | ||
| - | Some (but not all) RIRs have a mechanism allowing legacy address holders whose IP address space is now managed by the RIR under the ERX project to create and maintain a ROA for a small annual fee. | + | Some (but not all) RIRs have a mechanism allowing legacy address holders whose IP address space is now managed by the RIR under the ERX project to create and maintain a ROA for a small annual fee. These operators are encouraged to contact the RIR holding these legacy addresses to find out how to create ROAs. |
| - | [[: | + | [[: |
peering-toolbox/route_origin_authorisation.1651814813.txt.gz · Last modified: 2022/05/06 15:26 by philip