On 03/10/2015 10:57, Randy Bush wrote:
i worry that 'improving' the data by throwing much of it away is not operationally productive. there are many isps who got their space out of region who peer at european exchanges where route:s in the ripe irr are expected.
there's two categories of data in the irrdb: data which is protected by the hierarchical authentication mechanism, and other entries which are authenticated by RIPE-NCC-RPSL-MNT. The RIPE area objects are probably reasonably good quality but many of the external entries are unmaintained junk. There's no real way of telling which is which, unless you build smartness into the query agent to filter out all non ripe address space. It would be nice to have a server-side way of determining which is which. Regarding IXP filtering, if irrdb filtering is a requirement, then it's not really possible to depend on a single irr source. The only practical way to handle this is either to query RADB and accept all sources or else to allow each connected ixp participant to choose their own set of irrdbs and a source: policy. RADB includes a large quantity of junk from third party databases and is also regularly targeted by hijackers in the same way that RIPE-NCC-RPSL-MNT is abused. Nick