Follow

Q&A: What is the Internet Routing Registry (IRR)?

Question

  • What is the Internet Routing Registry?
  • Why do we use the IRR?

 

Environment

  • Silverline DDoS
    • Routed

 

Answer

What is the Internet Routing Registry? 

  • Distributed set of databases allowing network operators to describe and query objects for routing intent.
  • Silverline operates with the RADB 

Today why do we use an IRR?

  • Transit providers require all redistributed announcements to be maintained and registered in an IRR to be accepted. 
    • Route-objects must contain an originating ASN and minimum accepted length route object.
      • IPv4 Subnet masks must be /24 minimum length or IPv6 prefix length of /48 or shorter for route-objects acceptance and redistribution. 
  • Registered objects allow orchestration to rebuild filter-sets with any changes in an IRR.
  • Minimizes the impact of accidental route leaks and prefix hijacking due to improper filtering

Benefits:

  • Route filtering: Traffic may be filtered based on registered routes, preventing network problems caused by accidental or malicious routing announcements. Routing announcement filtering can be created between:
  • Peering networks: Peers agree to filter based on registered routes. If a peer's route is not registered, it will be filtered.
  • Provider and customer networks where the provider protects its network from accidental routing announcements by its customers. The customer must register its routes before the provider.
  • Network troubleshooting: A routing registry makes it easier to identify routing problems outside a network where whois contacts associated with the source ASN can be used to resolve associated traffic problems.

Why Silverline use an IRR?

  • Nearly all transit providers require their customers to register routes (with an IRR) to build and maintain prefix filter lists based on registry contents.
  • Filters prevent unauthorized announcements; protect again stroke hijacking, denial of service, etc.

IRR limitation solved by RPKI

RPKI solves problems, as you can be absolutely sure that an authoritative, cryptographically verifiable statement can be made by any legitimate IP resource holder globally.

 

Related Content

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request