There are about 1,000,000 IPv4 and 130,000 IPv6 route announcements on the Internet today. The most common routing error we see is the accidental mis-origination of a prefix, meaning someone unintentionally announces an IP prefix that they are not the holder of.
With our filtering, we aim to ensure that,
any route announcement to CNX is authorized
by the legitimate holder of the address space.
In order for your prefix to be allowed on our RS, you must maintain a Route Origin Authorization (ROA) for that prefix with your RIR or the RADB Internet Routing Registry (IRR). If you have downstream peers that you announce to CNX, please ensure they also maintain ROA records for their prefixes.
More details about route security can be found on the APNIC Services page. Additionally, information about IRR is available on APNIC’s What is in the IRR DB page.
Whenever your delegation changes, our automated system will pick up this change within 24 to 48 hours. You can test if all your prefixes are correctly stored in the IRR using whois queries against whois.radb.net.
For example, query IPv4/IPv6 allocations for AS7712 (Sabay):
whois -h whois.radb.net '!gas7712' # IPv4 allocation
whois -h whois.radb.net '!6as7712' # IPv6 allocation
We use information exclusively from the IRR database for our filter lists, as this provides the most up-to-date information on allocated IP address space. We do not add any prefixes to our filters manually. Please update your route origin with your RIR if the information in the radb.net whois database is incomplete.