Oh yeah. I got hit by that sort of thing a week or two back. It wasn't
origin: AS14179 / mnt-by: MAINT-AS28071, by any chance? AS14179 have been
hijacking chunks of space from the various registries.
Nick
courtneysmith@comcast.net wrote the following on 1/16/2014 12:26 PM:
Thanks for the responses, these objects are all older. However, none of
them are stale or from previous owners, allocations, etc. Each of these
objects were posted to their respective IRR's after the IP space was
allocated to us. This leads me to believe that the individual IRR's really
do very little checking for accuracy and their usefulness is then
questionable.Oh yeah. I got hit by that sort of thing a week or two back. It wasn't
origin: AS14179 / mnt-by: MAINT-AS28071, by any chance? AS14179 have been
hijacking chunks of space from the various registries.Nick
------------------------------
Another possible scenario.
a.b.c.d/24->small_isp->regional_isp->Level3
Imagine a regional ISP is a customer of Level3. Level3 filters the regional ISP based on Regional ISP's IRR objects. Small ISP buys access from Regional. Small ISP doesn't maintain their own objects. Regional ISP wants Small's business so doesn't force the issue. Regional manually maintains the filters. Regional adds objects under Regional's maintainer whenever Small request a filter change. If they don’t, Level3 wont accept the announcement from them. Customer with a.b.c.d/24 has no idea about any of this.
Now we are years later. Customer has either moved to another small ISP or Small ISP found a different regional ISP.
a.b.c.d/24->small_isp->new_regional_isp->Level3
or
a.b.c.d/24->new_small_isp->new_regional_isp->Level3
The original Regional ISP didnt remember to delete all the objects related to Small ISP's customers. The objects just sit there until one day customer has interest in registring their own object. Customer sees entries for their /24 under Regional ISP's objects. Customer knows they have never done business with Regional. Also the objects are newer than the customer's allocation from their RIR. Customer comes to the conclusion that Regional ISP must have been hi-jacking their space or doing some other naughtiness.
Proxy registering objects isn't a good idea. However, the number of networks with allocations from ARIN registering objects in any IRR appears to be extremely low. ARIN doesn’t charge you more to use rr.arin.net. Folks seem to not be aware of IRR or perceive it provides no benefit to them. Will RPKI adoption suffer the same fate?
I can understand the scenarios you've described. In fact, the timing does seem to indicate that someone was thinking they were doing something helpful (the route objects were introduced around the time we started announcing the allocation). The part that doesn't make sense is that one of the route objects has valid information and the other three were entered for AS #'s that are not peers of ours and should not have ever been transit paths to L3. We do peer with folks that peer with L3, however the route objects in L3's databases are for different ASs.
I'm glad that ARIN provides an IRR, and hope to use it. With an authority that actually has the information necessary to perform authorization checks, I'm not sure why there's a need for independent IRRs to exist. Perhaps they filled a gap at some point in the past?
--Blake