New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Ipv6 route object/RPKI ( Will pay for the help )
dhruva21stuff
Member
Hi,
I need help with RPKI + object route ( confusing )
Well, I got my ASN registration done and ipv6 block rented from an LIR.
now, I'm doing co-location at london but DC company asking me to RPKI and object route to their ASN.
Does it mean, it will show their ASN information on my ipb6 block if someone checks in?
Please help.
Comments
Just ask your DC to announce/Tag your ASN and make sure your IPv6 RPKI record is set for your ASN
What this means is that it has a valid route6 object for your AS and also that it will have a valid ROA certificate be it if you host your own Krill server and have the LIR delegate ROA to you or ask the LIR they will most likely run their own ROA server and can at the correct record that would make your prefix valid, the IRR/Route6 may not be needed but best to have it.
For an idea check our prefix here and see it is RPKI valid as we host our own Krill and have added an ROA prefix https://bgp.tools/prefix/2001:67c:d84::/48#validation
This might help you to understand the whole thing a little better.
https://www.ripe.net/media/documents/DeployingRPKI-Webinar-Slides.pdf
https://freetransit.ch/freetransit_ripe-objects-for-ASN-and-PI.pdf
https://www.ripe.net/media/documents/Route-Object-Creation-Flowchart.pdf
It's most effective to pay your LIR for help.
The LIR has account access and can directly help you create necessary database objects.
Yes, if the route6 object says someone else's ASN, that ASN would be able to announce the route.
I'm confused, currently my ipv6 block says my ASN details, how can i ask DC to use my Ipv6 without changing my ASN?
I already replied to your DM request, but here again for everyone. Maybe it will help someone else.
Here are several options now:
Once the question of how the network should be announced is clarified, you go to the RIPE website:
RIPE DB --> create an object
(direct link: https://apps.db.ripe.net/db-web-ui/webupdates/select)
Choose "route6" as the object type
While it may not be (unfortunately) mandatory everywhere, even if your data center doesn't require it, please create a Route Origin Authorization (ROA). The video should help you. The RIPE hosted version is also very straightforward:
Thanks for the help but my problem is bit different.
I don't own hardware/router or anything in physical.
I have IPv6 block linked with my Own ASN and I rented dedicated server from hosting company and want them to use my ipv6 block with my asn of course so that it will showcase my ASN registration details.
Now, the point is what should i ask with hosting company? BGP session or anything else ? to link my ipv6 block with their server
If you just want to learn or have fun, ask your Hoster for a BGP session and then experimenting with a software router like VyOS.
For production use, I would suggest asking your hosting provider what they can do. Perhaps they can announce prefixes and AS on your behalf. With Juniper (for example), I think this can be achieved using an "as-path-expand" policy.
However, I would say most hosting providers unfortunately do not offer this service to customers. They either announce it under their ASN or rent out a virtual router instance.
The easiest solution would be to ask DC for a BGP session with your server and install and configure quagga or bird daemon on your server.
It should work!