IRR - 1 - AFRINIC’s Internet Routing Registry (IRR)
The AFRINIC Internet Routing Registry (IRR) is a database of routing policy information for networks both within and outside the AFRINIC region. This routing policy information is stored in the IRR database as defined by the Routing Policy Specification Language (RPSL) standard in RFC2622.
The AFRINIC IRR acts as part of the global IRR system that consists of several other databases where network operators publish their routing policies and announcements in order for other interested network operators to use that data, for ease of interconnecting and working together. There are other IRRs, including ARIN, APNIC, RIPE, RADB and many others. A full list of active IRRs is maintained here. Some of the listed IRRs mirror each other’s databases.
The IRR service is integrated with the new AFRINIC whois database that also contains the usual IP address and Autonomous System Number registration data, and is searchable using the whois directory service (TCP port 43).
2. Benefits of using the AFRINIC IRR
In the most simple and basic manner, a network operator (or AFRINIC member) can describe routing policy into the AFRINIC IRR by using a route or route6 (whois database) object.
For advanced networks requiring complex definition of their routing policies, RPSL provides advanced technical attributes (and associated whois database objects) to cater to these requirements. These are outside the scope of this manual, but are very well documented in the following Request for Comment (RFC) documents:
2.1 Benefits to IP network operators
The IRR contains announced routes and routing policy data in a common format that network operators can use to configure their backbone routers. This makes network management in a number of ways, including:
- Route filtering: Traffic may be filtered based on registered routes, preventing network problems caused by accidental or malicious routing announcements. Routing announcement filtering can be created between:
- Peering networks: Peers agree to filter based on registered routes. If a peer's route is not registered, it will be filtered.
- Provider and customer networks where the provider protects its network from accidental routing announcements by its customers. The customer must register its routes before the provider.
- Network troubleshooting: A routing registry makes it easier to identify routing problems outside a network where whois contacts associated with the source ASN can be used to resolve associated traffic problems.
- Router configuration: Tools such as IRRToolset can create router configurations, and can be further used to:
- Suggest CIDR aggregates,
- Check aut-num whois database objects and their routes,
- Perform RPSL syntax checking on routing information registered in the IRR.
2.2 Benefits to AFRINIC Members
- Reduced costs: The AFRINIC Routing Registry service is free to all AFRINIC members in good standing, as one of the services that AFRINIC provides to its members and the community at large.
- Ease of maintenance: Use one set of maintainer and person whois database objects to manage both Internet resources and routing information.
- Integrated resource and routing management: Before route objects can be registered in the AFRINIC Routing Registry, AFRINIC ensures the address range and AS number are within AFRINIC resource range. In addition, the mnt-by, mnt-lower, and mnt-routes authentication attributes in aut-num and inetnum whois database objects are checked to ensure the registered resource holder has control over routing objects that specify their resources.
3. Features of the AFRINIC IRR
The AFRINIC IRR supports the following features:
- RPSL: Routing policies in the AFRINIC IRR are populated using RPSL (Routing Policy Specification Language) as defined in RFC2622. The simplest routing policies can be created by the use of route and route6 whois database objects. It is also possible for the network operator or AFRINIC member to specify more advanced routing policies using the RPSL syntax. A helpful reference document is the informational RFC2650, “Using RPSL in Practice”.
- Mirroring: AFRINIC is working along with the other IRRs for mirroring agreements. A full list of IRRs that mirror the AFRINIC IRR will be published, continually updated and announced to the community.
- whois TCP Port 43: The AFRINIC IRR is integrated with the standard AFRINIC whois service, and can be queried as a normal whois directory service at TCP port 43. AFRINIC offers other ways to interact with the whois service, such as via the AFRINIC website, and through the MyAFRINIC portal for members in good standing.
- Data Security: Protection of all routing policy data in the AFRINIC IRR is already included and bundled as part of the security and data protection features of the new whois 2.0 software implemented by AFRINIC. Routing policy can only be authorised in a hierarchical manner using mntner whois database objects already specified in the IPv4, IPv6 and ASN resources already registered in the AFRINIC whois database. Auth mechanisms supported are MD5-PW and PGP.
To register your route objects in the AFRINIC IRR, please see Creating Route Object
4. Route Object Queries
Our Route Registry is currently mirrored by APNIC, RADB, RIPE and NTT Communications. APNIC, RADB, and NTT Communications do near real time mirroring (NRTM), while RIPE picks up a daily dump around 22:00 UTC.
By default, queries on RIPE’s Routing Registry only return objects created directly with their registry. Objects mirrored from other registries are located in a non-RIPE address space placeholder. Thus, when querying RIPE NCC for an object created on AFRINIC Routing Registry one has to either:
- Specify the source with a (-s) flag,
Ex: whois -h whois.ripe.net -s AFRINIC-GRS 126.96.36.199
- or, Request all sources with a (-r) flag
Ex: whois -h whois.ripe.net -r 188.8.131.52