I-Light and Indiana GigaPOP Move the Needle on Routing Integrity: Maintaining Proxy IRR Data for Members
By Amber Rasche - Senior Communications Specialist, Internet2
Q&A with Tom Johnson and Sean Carver, I-Light and the Indiana GigaPOP
We’ve said it before, but it bears repeating: Routing integrity is an end-to-end challenge that requires the participation of the entire Internet2-networked community and beyond.
So, what does that mean? It’s in everyone’s best interest to work together to ensure our research and education (R&E) networks are protected from common routing threats that impact security and resiliency. The path forward to strong routing integrity requires collaboration, and the benefits ripple far beyond any one network’s border.
This blog series puts the spotlight on R&E community members and organizations who are moving the needle on routing integrity by implementing best practices and capabilities – and supporting their constituents in doing the same. Among those organizations are I-Light and Indiana GigaPOP, which combined provide Indiana’s R&E network services as well the state’s connection to the Internet2 national network.
In this Q&A, I-Light and the Indiana GigaPOP’s chief technology officer, Tom Johnson, and network engineer, Sean Carver, discuss the effort to maintain proxy Internet Routing Registry (IRR) data for their organizations’ members. They share the challenges and opportunities driving that effort, along with the progress they’ve made and lessons they’ve learned thus far.
Tell us more about the I-Light and Indiana GigaPOP member community. What is the scope of the institutions and communities your organizations serve?
Tom Johnson: I-Light and Indiana GigaPOP serve the higher education community within the state of Indiana. We connect public and private institutions that range in student population size from a modest 200 to a bustling 44,000. Our primary focus is intra-campus connectivity, national or international research and education connectivity, commodity transit, and cloud connectivity.
With that scope in mind, let’s talk about I-Light and Indiana GigaPOP’s routing integrity efforts – specifically the initiative to maintain proxy IRR data for your members. What was the impetus behind that initiative, and what are you hoping to achieve?
Tom Johnson: I-Light and Indiana GigaPOP differentiate ourselves from commercial providers by striving to provide any service we’re able to – and that our membership needs. Managing IRR centrally allows our members to rely on our expertise, providing assurance to them that the data is handled promptly and accurately. With I-Light and Indiana GigaPOP taking this on, our members can focus on other topics and issues closer to their campuses.
What process is I-Light and Indiana GigaPOP implementing to support members in this effort, and what resources have you and your members found most valuable?
Sean Carver: We have historically used RADb for our IRR needs, and the process has been manual. We keep an internal database of our own network prefixes and our members’ prefixes, coded in such a way that allows us to query for specific data. When a member adds, alters, or deletes a prefix, we can work with them to adjust our database and manually update our IRR route/route6/aut-num object records.
Tom Johnson: Now we’re starting the process of coding a tool that can automate the query of our database and, utilizing the API provided by RADb, automatically update the IRR records. Our goal is for our internal database to be the single source authority for all I-Light, Indiana GigaPOP, and our membership prefixes.
What progress have you made thus far? What challenges and wins (big or small!) have you encountered, and what are the lessons learned that you can pass along to the community?
Sean Carver: We have documented an as-set object record for the network, as well as aut-num, route, and route6 objects for our network and our members. All of our members’ prefixes and Autonomous System Numbers, or ASNs, are updated where necessary, and all of our published objects are up-to-date.
Tom Johnson: Regarding lessons learned that we can share – simply, don’t get behind. It is far easier to keep up with the work in small incremental steps than to get behind and sort through hundreds of prefixes that are in various states of accuracy and documentation. Keeping our internal database has helped immensely in that regard, though as is the case with any data entry process, accuracy is paramount.
What advice would you offer to network operators and network engineers in the R&E community who are new to routing integrity efforts and aren’t sure where to start?
Tom Johnson: Start with a policy of what autonomous system numbers (aut-num) and prefixes (route/route6) require documentation. Keep the process simple and straightforward. Plan the implementation with small increments starting with aut-num and route/route6 objects that have minimal impact on the operation of network services in the event an undesirable consequence occurs. Then verify your updates with upstream providers. Many providers offer looking glasses or router proxies that allow public users to view received and announced routing information. Lastly, as previously mentioned, stay up-to-date. Small incremental changes are easier to implement and generally are less risky to your network and membership.
Is there anything else you would like to add?
Tom Johnson: Slightly out of scope for the topic of IRR data, we are urging our members to rely on us to be their routing POC (RPOC) to maintain their Regional Internet Registry (RIR) data with the American Registry for Internet Numbers (ARIN), specifically Route Origin Authorization (ROA) using Resource Public Key Infrastructure (RPKI) certificates. Our expertise can be further leveraged to provide our members with comprehensive secure routing information.
Join the Conversation
If you have questions about community efforts to move the needle on routing integrity or would like to share about your own routing integrity initiatives, please contact us at firstname.lastname@example.org.
Read the other Q&As in the “Moving the Needle on Routing Integrity” series.