Internet Routing Registry

The Internet Routing Registry (IRR) is a set of public databases that allow Internet service providers (ISPs) to publish, and look up, the information they need to determine who is authorized to connect networks to the Internet. By validating this authorization, ISPs seek to prevent accidental or malicious route hijacking, which could cause Internet resources (such as websites and email) and people's Internet access to be interrupted or misdirected.^[1] Regional Internet Registries (RIRs) and other organizations maintain Internet Routing Registries that network with each other to create a unified global Internet Routing Registry.^[2]

In more technical terms, IRRs are databases of Internet route objects for determining and sharing route information and related information used for configuring routers, with the goal of preventing problematic conflicts between Internet service providers. Route objects include autonomous system numbers (ASNs) and IP address prefixes.^[2] IRRs were first deployed in the 1990s.^[3]

Internet Routing Registries work by providing an interlinked hierarchy of objects designed to facilitate the organization of IP routing between organizations, and also to provide data in an appropriate format for automatic programming of routers. Network engineers from participating organizations are authorized to modify the Routing Policy Specification Language (RPSL) objects, in the registry, for their own networks.^[4] Then, any network engineer, or member of the public, is able to query the route registry for particular information of interest.

The earliest IRRs depended on access control to prevent unauthorized parties from entering false route objects. Because many IRRs exist, disambiguating conflicts between conflicting or disagreeing route objects held in different IRRs has come to significantly hinder their use. IRRs can have incomplete information and errors.^[5] Network operators may neglect to update their IRR entries.^[6] Attackers may also try to register false records as part of attempting BGP hijacking.^[6]

Resource Public Key Infrastructure (RPKI) is an alternative approach to validating network routing information, and people have compared IRR data to RPKI data to learn about inconsistencies in IRR data.^[7] Network operators can use both IRR and RPKI.^[8]

An IRR database commonly contains route objects of several different types, each serving a distinct purpose. The RIPE database operated by the RIPE NCC mainly uses the primary object types listed below, containing information regarding Internet resources and forming the primary purpose of the IRR. Apart from these, the database also defines several less commonly used primary object types, and secondary object types, which contain administrative information.^[9] Other IRR databases use the same or equivalent object types.

• AUT-NUM: Represents an Autonomous System (AS) number. Also includes the AS-level routing policy defined by the AS, which may be used to perform BGP path validation.
• AS-SET: AS Sets, mainly used for simplifying routing policies defined in AUT-NUM objects.
• INETNUM: Represents an IPv4 prefix, and includes information on which organization this prefix is assigned or allocated to.
• INETNUM6: Represents an IPv6 prefix.
• ROUTE: Associates IPv4 prefixes (INETNUM objects) with ASNs. This association is used as the basis for BGP route origin validation based on IRR data.
• ROUTE6: Associates IPv6 prefixes (INETNUM6 objects) with ASNs.
• DOMAIN: Contains the authoritative name servers handling the reverse DNS delegation for an IP prefix, along with related information.

• Border Gateway Protocol
• BGPsec

• RFC 1786, Representation of IP Routing Policies in a Routing Registry (ripe-81++)
• RFC 1787, Routing in a Multi-provider Internet
• RFC 2622, Routing Policy Specification Language (RPSL)
• RFC 2650, Using RPSL in Practice
• RFC 7682, Considerations for Internet Routing Registries (IRRs) and Routing Policy Configuration
• List of Routing Registries