Well.. good news people: the RIPE NCC has now reached the implementation stage of the public consensus process that drives development work in their service and will be closing off the creation of new foreign ROUTE and ROUTE6 objects in their database.
All existing objects that refer to out-of-region resources are going to move into a new whois ‘source’ tag, which will permit anyone who depends on them for their BGP configuration to continue to be served, but ordinary queries to the source RIPE routing registry will not return these objects.
This is good news for anyone who has suffered the consequence of permitting these ‘foreign’ records to be created. It was a move supported (at that time) by the RIPE region routing community since it permitted European network operators to trust a single source for routing configuration as they faced the inclusion of African, Latin American and Asia Pacific addresses into European routing contexts.
Unfortunately, the model deployed depended inherently on a shared password maintainer for these out of region resources. It didn’t provide any checks with the actual external resource owner and so also permitted spamming and abuse of the prefixes, until anyone noticed and complained. Typically, this takes time, and in a 24/7 world means that extended misrouting was possible for almost any resource worldwide, if not protected in other ways. This process will now close, with the removal of the ability to add foreign inetnum and inet6num objects, and thus the removal of the ability to add new route and route6 objects referring to them.
APNIC Hostmaster, Helpdesk and Research staff have been participating in this community discussion for a number of years, along with other interested parties. We’re delighted this process has come to fruition since we’re acutely aware of how it impacts resource holders in the Asia Pacific community.
Many thanks to the RIPE NCC staff, and the DB-WG and ROUTING-WG participants for their reflection on this problem and work towards a resolution.
The views expressed by the authors of this blog are their own and do not necessarily reflect the views of APNIC. Please note a Code of Conduct applies to this blog.