Re: IRR Upstream\Downstream

[Matthew Petach <mpetach () netflight com>]

On Mon, Sep 20, 2021 at 5:09 PM Mike Hammett <nanog () ics-il net> wrote:

> I'm trying to firm up my grasp of how I define my neighbor ASes in my IRR
> entries.
>
> https://bgp.he.net/AS40764#_irr
>
> In my aut-num, I've defined my two upstreams (Intercarrier and Cogent).
> I've used their AS-Set or just their AS and used that in the export lines.
>
> I'd assume I'd do the reverse in the import fields for any downstream
> customers.
>
> I realized after looking at this that I need to add an export to IX and
> other peering connections.
>
> What else do I need to change?


I find it easier to put in a set of entries like this:

import: from AS-ANY accept ANY export: to AS-ANY announce
AS-DIGITALNETWORKACCESS
<https://bgp.he.net/irr/as-set/AS-DIGITALNETWORKACCESS> mp-export: afi ipv6
to AS-ANY announce AS-DIGITALNETWORKACCESS
<https://bgp.he.net/irr/as-set/AS-DIGITALNETWORKACCESS>-V6
mp-import: afi ipv6 from AS-ANY accept ANY

That takes care of anyone on an IX peering port that is doing filtering
based off IRR policies,
and then you should apply your own sanity filters on your import policies
on your router,
which you can update programmatically without having to keep updating your
IRR
policies.  ^_^

Matt





> Yes, I realized that I just asked NANOG to criticize me. Hopefully, I get
> more help than flames.  ;-)
>
>
>
> -----
> Mike Hammett
> Intelligent Computing Solutions
> http://www.ics-il.com
>
> Midwest-IX
> http://www.midwest-ix.com