No More Near Real Time Mirroring (NRTM)
Starting on April 4th 2022, the ARIN-NONAUTH (not-authenticated) data stream will no longer be available using Near Real Time Mirroring (NRTM), File Transfer Protocol (FTP) or Whois Port 43. The outdated email template entry method will also be deprecated. So what does it mean for organizations IPv4 address objects which ONLY use the ARIN-NONAUTH database?
Many of today’s global Internet Service Providers (ISPs) and Network Operators reference the Internet Routing Registries (IRR’s) to validate IPv4 address route objects and announcements. This method of validation of route announcements prevents hijacking from unauthorized users.
While this has been security standard for a long time, many ARIN members are still unaware of the significance of the IRR and how it will impact network outages when there is no existing route object
Validate your records!
Any organization that has used or currently uses IPv4 Address blocks can create an IRR record using many different sources. In addition to ARIN, RIPE, APNIC, AFRNIC and LACNIC, there are third party providers such as RADB and AltDB who offer a service to create IRR records which can be validated by ISPs and Network Operators.
In many cases, any organizations may have multiple IRR records. However, if your organization currently ONLY has an ARIN-NONAUTH record, then your network will likely experience network interruption once ARIN retires the ARIN-NONAUTH on April 4th, 2022.
You can use https://irrexplorer.nlnog.net to validate BGP and route objects for all internet registries. If you only see an ARIN-NONAUTH record, make sure to add an additional route object. In this example, there is a duplicate record through RADB.
Don’t lose your IPv4 route
To ensure your ISP doesn’t drop your IPv4 route announcement, it is important to create an ARIN IRR Route Object otherwise know as RPKI using the correct method. You can follow the following steps to create a new ARIN Internet Routing Registry Route Object.
- Log into your ARIN Online Account
- On the left side bar, click on IRR Object Record
- On the top right, Click on Create an Object
- You will end up on this page and will need to fill out the following: https://account.arin.net/public/secure/irr/route/create
Maintained By: Choose the ARIN Org ID associated with your IPv4 address block
Prefix: Input the IPv4 address block that is being routed by a specific ISP or Network Carrier
Origin: The AS Number which is announcing the IPv4 address block
Description: The name of the ISP or Network Carrier announcing the IPv4 address block and the location
Member Of: List any route-set objects to which this prefix should belong. For inclusion, those route-set objects must cross-reference this (not a required field)
Remarks: Any additional public information you think is important (not a required field)
Once completed, click Review
To note
One thing to note is that ARIN will require you to sign a Registered Services Agreement (RSA) or Legacy Registered Services Agreement (LRSA), if you don’t already have one on file with them.
While many ARIN members will not need to complete this to avoid network disruption, there are many that benefit from taking this step. Feel free to reach to our team for assistance, by emailing info@brandergroup.net.