[NANOG] Re: Are IXP route server operators filtering routes that lack authenticated route objects

[Malte Tashiro via NANOG <nanog () lists nanog org>]

On 3/22/25 01:53, Chris Woodfield via NANOG wrote:
> Fair point and you appear to be correct. I’ll caveat I’m speaking without concrete data, but I suspect that there are 
> enough routes not held in RIR-hosted route servers that dropping the unauthenticated IRRs would be… impactful.

In the RIPE Connect-WG there are efforts to establish a BCP document to only use RIR IRRs for filtering.

As part of this there was a presentation at RIPE 88 [0] where someone from DE-CIX showed an impact analysis.
Their takeaway is that dropping RADB would result in a loss of 11% of /24s and 250 Gbps traffic at peak, i.e., a 
significant amount. Other non-RIR IRRs contribute only a small amount.

There is a follow-up mail thread with lots of discussion [1] (which also has the full BCP draft attached), and in my 
understanding it seems to be normal operating practice to use non-authenticated IRRs (especially RADB).

So coming back to Steve's original question:

On 3/21/25 22:29, Steven Wallace via NANOG wrote:
> Are many/any/most IXP route server operators filtering routes without authenticated (i.e., RIR-hosted) route objects?

If there is filtering in place, it seems like many IXPs allow non-authenticated route objects.

Best,
Malte

[0] Video: https://ripe88.ripe.net/archives/video/1356/
   Slides: https://ripe88.ripe.net/wp-content/uploads/presentations/87-RIPE88_RS_Proposal_BCP_IRRDBs_1.2.pdf
[1] https://mailman.ripe.net/archives/list/connect-wg () ripe net/thread/FGUT3D37HOP4KMMGN5A7XGCYJ5FFBZ6Z/

Attachment: OpenPGP_signature.asc
Description: OpenPGP digital signature

_______________________________________________
NANOG mailing list 
https://lists.nanog.org/archives/list/nanog () lists nanog org/message/5SGRI35VMO4LRU5UHZ2EUFUZJAI2Z5T2/