{"id":245,"date":"2015-03-02T21:10:19","date_gmt":"2015-03-02T21:10:19","guid":{"rendered":"http:\/\/www.mtin.net\/blog\/?p=245"},"modified":"2015-03-02T22:05:24","modified_gmt":"2015-03-02T22:05:24","slug":"internet-routing-registries","status":"publish","type":"post","link":"http:\/\/www.mtin.net\/blog\/internet-routing-registries\/","title":{"rendered":"Internet Routing Registries"},"content":{"rendered":"

Routing Registries are a mysterious underpinning of the peering and BGP world. To many they are arcane and complicated. If you have found this article you are at least investigating the use of a registry. Either that or you have ran out of fluffy kittens to watch on YouTube. Either way one of the first questions is “Why use a routing registry”<\/a>. <\/p>\n

As many of us know BGP is a very fragile ecosystem. Many providers edit access lists in order to only announce prefixes they have manually verified someone has the authority to advertise. This is a manual process for many opportunities for error. Any time a config file is edited errors can occur. Either typos, misconfiguration, or software bugs.<\/p>\n

Routing registries attempt to solve two major issues. The first is automating the process of knowing who has authority to advertise what. The second is allowing a central repository of this data.<\/p>\n

So what is a routing Registry?<\/strong>
\nFrom Wikipedia<\/a>: An Internet Routing Registry (IRR) is a database of Internet route objects for determining, and sharing route and related information used for configuring routers, with a view to avoiding problematic issues between Internet service providers.<\/p>\n

The Internet routing registry works by providing an interlinked hierarchy of objects designed to facilitate the organization of IP routing between organizations, and also to provide data in an appropriate format for automatic programming of routers. Network engineers from participating organizations are authorized to modify the Routing Policy Specification Language (RPSL) objects, in the registry, for their own networks. Then, any network engineer, or member of the public, is able to query the route registry for particular information of interest.<\/p>\n

What are the downsides of a RR?<\/strong>
\nNot everyone uses routing registries. So if you only allowed routes from RR’s you would get a very incomplete view of the Internet and not be able to reach a good amount of it.<\/p>\n

Okay, so if everyone doesn’t use it why should i go to the trouble?<\/strong>
\nIf you are at a formal Internet Exchange (IX) you are most likely required to use one. Some large upstream providers highly encourage you to use one to automate their process.<\/p>\n

What are these objects and attributes?<\/strong>
\nIn order to partipate you have to define objects. The first one you create is the maintainer object. This is what the rest of the objects are referenced to and based from. Think of this as setting up your details in the registry.<\/p>\n

From this point you setup “object types”. Object types include:
\nas-set
\naut-num
\ninet6num
\ninetnum
\ninet-rtr
\nkey-cert
\nmntner
\nroute
\nroute6
\nroute-set
\nIf you want to learn more about each of these as well as templates visit this ARIN site<\/a>.<\/p>\n

So what do I need to do to get started?<\/strong>
\nThe first thing you need to do is setup your mntner object in the registry. I will use ARIN as our example. You can read all about it here:https:\/\/www.arin.net\/resources\/routing\/<\/a>.<\/p>\n

You will need a couple of things before setting this up
\n1.Your ARIN ORGID
\n2.Your ADMIN POC for that ORGID
\n3.Your TECH POC for that ORGID<\/p>\n

Once you have these you can fill out a basic template and submit to ARIN.<\/p>\n

mntner: MNT-YOURORGID
\ndescr: Example, Inc.
\nadmin-c: EXAMPLE123-ARIN
\ntech-c: EXAMPLE456-ARIN
\nupd-to: hostmaster@example.net
\nmnt-nfy: hostmaster@example.net
\nauth: MD5-PW $1$ucVwrzQH$zyamFnmJ3XsWEnrKn2eQS\/
\nmnt-by: MNT-YOURORGID
\nreferral-by: MNT-YOURORGID
\nchanged: hostmaster@example.net 20150202
\nsource: ARIN<\/code><\/p>\n

The templates is very specific on what to fill out. The mnt-by and referral-by are key to following instructions. MD5 is another sticking point. The process is documented just in a couple of places. In order to generate your MD5-PW follow these instructions.<\/p>\n

1.Go to https:\/\/apps.db.ripe.net\/crypt\/<\/a> Enter in a password. Make sure you keep this cleartext password as you will need it when sending future requests to ARIN\u2019s Routing Registry.
\n2.Submit the password to get the md5 crypt password. Keep this password for your records, as you may need it when interacting with ARIN’s IRR in the future.
\n3.Add the following line to your mntner object template in the text editor.
\nauth: MD5-PW
\nOur example above has a MD5 password already generated.
\nOnce this is done and created you can add objects. The most commonly added objects are your ASN and IP space. <\/p>\n

Create your ASN object using the as-num template<\/p>\n

aut-num: AS65534
\nas-name: EXAMPLE-AS
\ndescr: Example, Inc.
\ndescr: 114 Pine Circle
\ndescr: ANYWHERE, IN 12345
\ndescr: US
\nimport: from AS65535 accept ANY
\nimport: from AS65533 accept AS65534
\nexport: to AS65533 announce ANY
\nexport: to AS65535 announce AS2 AS65533
\nadmin-c: EXAMPLE456-ARIN
\ntech-c: EXAMPLE123-ARIN
\nmnt-by: MNT-YOURORGID
\nchanged: user@example.com 20150202
\nsource: ARIN
\npassword: <\/code><\/p>\n

The things to know about the above template are the import and export attributes.<\/p>\n

Now on to adding IP space
\nSuppose you have IP space of 192.0.2.0\/24 Your template would look like:<\/p>\n

inetnum: 192.0.2.0 \u2013 192.0.2.255
\nnetname: EXAMPLE-NET
\ndescr: Example, Inc.
\ndescr: 115 Oak Circle
\ndescr: ANYWHERE, IN 12345
\ncountry: US
\nadmin-c: EXAMPLE123-ARIN
\ntech-c: EXAMPLE456-ARIN
\nnotify: user@example.com
\nmnt-by: MNT-YOURORGID
\nchanged: user@example.com 20150202
\nsource: ARIN
\npassword: <\/code><\/p>\n

The password attribute is the cleartext password for your MD5 key.<\/p>\n

Further Reading:
\nUsing RPSL in practice<\/a><\/p>\n

NANOG IRR<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Routing Registries are a mysterious underpinning of the peering and BGP world. To many they are arcane and complicated. If you have found this article you are at least investigating the use of a registry. Either that or you have ran out of fluffy kittens to watch on YouTube. Either way one of the first […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false}}},"categories":[67,17],"tags":[147,150,149,145,151,43,148,15,146],"jetpack_publicize_connections":[],"aioseo_notices":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p6VLMf-3X","jetpack-related-posts":[{"id":2267,"url":"http:\/\/www.mtin.net\/blog\/what-is-a-bgp-confederation\/","url_meta":{"origin":245,"position":0},"title":"What is a BGP Confederation?","author":"j2sw","date":"May 15, 2018","format":false,"excerpt":"In\u00a0network routing,\u00a0BGP confederation\u00a0is a method to use\u00a0Border Gateway Protocol\u00a0(BGP) to subdivide a single\u00a0autonomous system\u00a0(AS) into multiple internal sub-AS's, yet still advertise as a single AS to\u00a0external peers. This is done to reduce the number of entries in the iBGP routing table.\u00a0 If you are familiar with breaking OSPF domains up\u2026","rel":"","context":"In \"BGP\"","block_context":{"text":"BGP","link":"http:\/\/www.mtin.net\/blog\/tag\/bgp\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.mtin.net\/blog\/wp-content\/uploads\/2018\/05\/atasco.jpg?fit=1122%2C711&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.mtin.net\/blog\/wp-content\/uploads\/2018\/05\/atasco.jpg?fit=1122%2C711&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.mtin.net\/blog\/wp-content\/uploads\/2018\/05\/atasco.jpg?fit=1122%2C711&resize=700%2C400 2x, https:\/\/i0.wp.com\/www.mtin.net\/blog\/wp-content\/uploads\/2018\/05\/atasco.jpg?fit=1122%2C711&resize=1050%2C600 3x"},"classes":[]},{"id":452,"url":"http:\/\/www.mtin.net\/blog\/rfcs-you-need-to-know-rfc-2796-bgp-route-reflection\/","url_meta":{"origin":245,"position":1},"title":"RFC’s you need to know: RFC 2796 BGP Route Reflection","author":"j2sw","date":"November 29, 2015","format":false,"excerpt":"https:\/\/tools.ietf.org\/html\/rfc2796 Currently in the Internet, BGP deployments are configured such that all BGP speakers within a single AS must be fully meshed and any external routing information must be re-distributed to all other routers within that AS. For n BGP speakers within an AS that requires to maintain n*(n-1)\/2 unique\u2026","rel":"","context":"In "BGP"","block_context":{"text":"BGP","link":"http:\/\/www.mtin.net\/blog\/category\/networking\/bgp\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":443,"url":"http:\/\/www.mtin.net\/blog\/how-does-bgp-select-which-route\/","url_meta":{"origin":245,"position":2},"title":"How does BGP select which route?","author":"j2sw","date":"November 26, 2015","format":false,"excerpt":"BGP can be a complex and almost mystical protocol. For those of you who are trying to determine how BGP selects which route here is your guide. Before we get into it a couple of things to keep in mind. First, BGP is not a multipath routing protocol. This is\u2026","rel":"","context":"In "BGP"","block_context":{"text":"BGP","link":"http:\/\/www.mtin.net\/blog\/category\/networking\/bgp\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":132,"url":"http:\/\/www.mtin.net\/blog\/mtin-services\/","url_meta":{"origin":245,"position":3},"title":"MTIN Services","author":"j2sw","date":"August 26, 2014","format":false,"excerpt":"WISP and Wireline\/Fiber Design and Operation MPLS Design and Implementation Multicast Routing IGMP, PIM eBGP\/iBGP design\/implementation Cisco Routers 2800, 3600, 7200, 7600, ASR, ISR Cisco Switches 2950, 3550, 3560, 3750, 6500 Switching (Layer 2) STP, RSTP, EOIP, MSTP, VLAN \u2013 dot1q and q-in-q Routing (layer 3) OSPF, BGP, MPLS, L2VPN\u2026","rel":"","context":"Similar post","block_context":{"text":"Similar post","link":""},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":3342,"url":"http:\/\/www.mtin.net\/blog\/mum-2019-presentation-on-bgp\/","url_meta":{"origin":245,"position":4},"title":"MUM 2019 presentation on BGP","author":"j2sw","date":"April 13, 2019","format":false,"excerpt":"For those of you not able to attend the US MUM presentation here is my presentation slides in PDF for my BGP session. 200 meg download. bgp_presentation","rel":"","context":"In "BGP"","block_context":{"text":"BGP","link":"http:\/\/www.mtin.net\/blog\/category\/networking\/bgp\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":309,"url":"http:\/\/www.mtin.net\/blog\/osfp-and-areas\/","url_meta":{"origin":245,"position":5},"title":"OSFP and areas","author":"j2sw","date":"June 13, 2015","format":false,"excerpt":"OSPF areas are one of the more common topics I am asked about as networks grow. \u00a0 Before we dig into this, we need to understand the reasons why OSPF areas were created in the first place. \u00a0Next, we will go into how to apply areas to modern network designs.\u2026","rel":"","context":"In \"areas\"","block_context":{"text":"areas","link":"http:\/\/www.mtin.net\/blog\/tag\/areas\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"jetpack_likes_enabled":true,"_links":{"self":[{"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/posts\/245"}],"collection":[{"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/comments?post=245"}],"version-history":[{"count":6,"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/posts\/245\/revisions"}],"predecessor-version":[{"id":251,"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/posts\/245\/revisions\/251"}],"wp:attachment":[{"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/media?parent=245"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/categories?post=245"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/tags?post=245"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}