Tag prefixes/origin ASNs present/not-present in IRRDb
Built to test the irrdb.tag_as_set
option.
Two sub-scenarios exist for this test:
AS-SETs are populated with origin ASNs and prefixes reported below.
AS-SETs are empty.
Communities:
OK / Not OK
Comm
prefix OK
64512
prefix NOT OK
64513
origin OK
64514
origin NOT OK
64515
RPKI ROA OK
64516
ARIN Whois OK
64518
route wht list
64517
RPKI ROAs:
prefix
ASN
2.4.0.0/16
AS2
2.5.0.0/16
AS2
2.7.0.0/16
AS2
2.0.4.0/24
AS2
3.1.0.0/16
AS3
3.3.0.0/16
AS3
6.0.1.0/24
AS6
ARIN Whois DB entries:
prefix
ASN
2.6.0.0/16
AS2
2.7.0.0/16
AS2
3.2.0.0/16
AS3
3.3.0.0/16
AS3
2.0.5.0/24
AS3
6.0.1.0/24
AS6
AS2
allowed objects:
prefix: 2.0.0.0/16
origin: [2]
configuration:
enforcing: no
tagging: yes
white lists:
prefixes: 2.2.0.0/16
asns: 21
AS2 announces:
id
prefix
AS_PATH
prefix ok?
origin ok?
expected result 1
expected result 2
AS2_pref_ok_origin_ok1
2.0.1.0/24
2
yes
yes
64512 64514
64513 64515
AS2_pref_ko_origin_ok1
2.1.0.0/24
2
no
yes
64513 64514
64513 64515
AS3_pref_ok_origin_ko1
2.0.2.0/24
2 3
yes
no
64512 64515
64513 64515
AS3_pref_ko_origin_ko1
3.0.1.0/24
2 3
no
no
64513 64515
64513 64515
AS2_pref_wl_origin_ok
2.2.1.0/24
2
yes (WL)
yes
64512 64514
64512 64515
AS2_pref_wl_origin_ko
2.2.2.0/24
2 3
yes (WL)
no
64512 64515
the same
AS2_pref_wl_origin_wl
2.2.3.0/24
2 21
yes (WL)
yes (WL)
64512 64514
the same
AS2_pref_ko_origin_wl
2.3.1.0/24
2 21
no
yes (WL)
64513 64514
the same
AS2_pref_ok_origin_wl
2.0.3.0/24
2 21
yes
yes (WL)
64512 64514
64513 64514
AS2_roa2
2.5.0.0/16
2
no
yes
64513 64514 64516
64513 64515
AS2_arin1
2.6.0.0/16
2
no
yes
64513 64514 64518
64513 64515
AS2_roa3_arin2
2.7.0.0/16
2
no
yes
64513 64514 64516 64518
64513 64515
AS2_ok_ok_roa3
2.0.4.0/24
2
yes
yes
64512 64514 64516
64513 64515
AS2_ok_ok_arin3
2.0.5.0/24
2
yes
yes
64512 64514 64518
64513 64515
AS3
Not a route server client here, used just to track RPKI ROAs and ARIN Whois DB entries:
AS4
allowed objects:
prefix: 4.0.0.0/16
origin: 4
configuration:
enforcing: origin only
tagging: yes
white lists:
prefixes: 4.2.0.0/16
asns: 41
routes:
exact 4.4.0.0/16, AS 44
4.5.0.0/16, AS 43
4.6.0.0/16, no origin AS
AS4 announces:
id
prefix
AS_PATH
prefix ok?
origin ok?
expected result 1
expected result 2
AS4_pref_ok_origin_ok1
4.0.1.0/24
4
yes
yes
64512 64514
rejected
AS4_pref_ko_origin_ok1
4.1.0.0/24
4
no
yes
64513 64514
rejected
AS3_pref_ok_origin_ko2
4.0.2.0/24
4 3
yes
no
rejected
rejected
AS3_pref_ko_origin_ko1
3.0.1.0/24
4 3
no
no
rejected
rejected
AS4_pref_wl_origin_ok
4.2.1.0/24
4
yes (WL)
yes
64512 64514
rejected
AS4_pref_wl_origin_ko
4.2.2.0/24
4 3
yes (WL)
no
rejected
rejected
AS4_pref_wl_origin_wl
4.2.3.0/24
4 41
yes (WL)
yes (WL)
64512 64514
the same
AS4_pref_ko_origin_wl
4.3.1.0/24
4 41
no
yes (WL)
64513 64514
the same
AS4_pref_ok_origin_wl
4.0.3.0/24
4 41
yes
yes (WL)
64512 64514
64513 64514
AS4_routewl_1
4.4.0.0/16
4 44
r WL
r WL
64513 64515 64517
the same
AS4_routewl_2
4.4.1.0/24
4 44
r WL KO
r WL
rejected
rejected
AS4_routewl_3
4.5.1.0/24
4 43
r WL
r WL
64513 64515 64517
the same
AS4_routewl_4
4.5.2.0/24
4 45
r WL
r WL KO
rejected
rejected
AS4_routewl_5
4.6.1.0/24
4 45
r WL
r WL
64513 64515 64517
the same
AS5
allowed objects (AS-SET from PeeringDB):
prefix: 5.0.0.0/16
origin: 5
configuration:
enforcing: prefix only
tagging: yes
white lists:
prefixes: 5.2.0.0/16
asns: 51
AS5 announces:
id
prefix
AS_PATH
prefix ok?
origin ok?
expected result 1
expected results 2
AS5_pref_ok_origin_ok1
5.0.1.0/24
5
yes
yes
64512 64514
rejected
AS5_pref_ko_origin_ok1
5.1.0.0/24
5
no
yes
rejected
rejected
AS3_pref_ok_origin_ko3
5.0.2.0/24
5 3
yes
no
64512 64515
rejected
AS3_pref_ko_origin_ko1
3.0.1.0/24
5 3
no
no
rejected
rejected
AS5_pref_wl_origin_ok
5.2.1.0/24
5
yes (WL)
yes
64512 64514
64512 64515
AS5_pref_wl_origin_ko
5.2.2.0/24
5 3
yes (WL)
no
64512 64515
the same
AS5_pref_wl_origin_wl
5.2.3.0/24
5 51
yes (WL)
yes (WL)
64512 64514
the same
AS5_pref_ko_origin_wl
5.3.1.0/24
5 51
no
yes (WL)
rejected
rejected
AS5_pref_ok_origin_wl
5.0.3.0/24
5 51
yes
yes (WL)
64512 64514
rejected
AS6
allowed objects:
prefix: 6.0.0.0/16
origin: 6, 3
configuration:
enforcing: both origin ASN and prefix
tagging: yes
white lists:
routes:
3.2.0.0/16+, AS3 (1)
AS6 announces:
id
prefix
AS_PATH
prefix ok?
origin ok?
expected result 1
expected results 2
AS2_roa1
2.4.0.0/16
6 2
no
no
rejected
rejected
AS3_roa2
3.1.0.0/16
6 3
ROA
yes
64513 64514 64516
rejected
AS3_arin1
3.2.1.0/24
6 3
ARIN (1)
yes
64513 64514 64518
64513 64515 64517
AS3_roa3_arin2
3.3.0.0/16
6 3
no
yes
64513 64514 64516 64518
rejected
AS6_ok_ok_roa6_arin6
6.0.1.0/24
6
yes
yes
64512 64514 64516 64518
rejected
1) The route white list is used to verify that: - in scenario 1, 3.2.1.0/24 AS3 is accepted and tagged with the ARIN db community, and not because of the white list entry; - in scenario 2, 3.2.1.0/24 AS3 is accepted anyway, but solely because of the route white list