In order for your ASN and prefixes to be accepted by us or in the BGP global routing table they have to have proper IRR records else they will be rejected by upsreams and internet exchanges. All IRR records should be created on the primary registries - RIPE , ARIN , LACNIC , AFRINIC , APNIC. Or if you don't have the ability to use those - RADB - but there shouldn't be overriding records on the primary registries with different configuration at the same time.
ASN
Your ASN should have proper export records :
export: to AS396998 announce AS-YOUR-ASN
If you have an AS-SET :
export: to AS396998 announce AS-YOUR-ASN
export: to AS396998 announce YOUR-AS-SET
Where AS-YOUR-ASN is AS1234 if your ASN is 1234
If your prefixes are announced over Tempest they should have AS36231 instead of AS396998 on export
Make sure your exports include all your upstreams if you have other upstreams than us !
Example of properly configured ASN IRR exports AS203391 :
aut-num: AS203391
as-name: CLOUDNSNET
org: ORG-CDL10-RIPE
import: from AS396998 accept ANY
export: to AS396998 announce AS203391
admin-c: CN3742-RIPE
tech-c: CN3742-RIPE
status: ASSIGNED
mnt-by: RIPE-NCC-END-MNT
mnt-by: bg-cloud-1-mnt
created: 2016-01-28T14:44:02Z
last-modified: 2023-04-03T17:59:25Z
source: RIPE
Prefixes
All your prefixes should have proper origin records :
origin: AS-YOUR-ASN
Where AS-YOUR-ASN is AS1234 if your ASN is 1234
Example of properly IRR configured prefix 185.136.96.0/24 with origin AS203391 :
route: 185.136.96.0/24 descr: Cloud DNS Ltd origin: AS203391 mnt-by: bg-cloud-1-mnt mnt-by: bg-cloud-2-mnt created: 2016-01-28T15:57:11Z last-modified: 2016-01-28T15:57:11Z source: RIPE
Make sure you have proper origin records for all prefixes announced with the exact length. Some upstreams reject non exact matching records - for example record for /22 but /24 announced.
Customers in AS-SET
Customer ASNs in your AS-SET if you have such should have proper export records :
export: to AS-YOUR-ASN announce AS-YOUR-CUSTOMER-ASN
RPKI requirements
If you are creating RPKI make sure it matches the prefix length of your announcement ( or bigger )
The following without RPKI enabled will be rejected by some upstreams :
- IPv4 Prefixes registered on RIPE
- IPv6 Prefixes
Internet Exchange requirements
If you have a peeringdb page you should have "Never via route servers" unticked ( not selected )
Comments
0 comments
Article is closed for comments.