Support Center

Routing Registry

The scope of this document is limited to the routing registry maintained by the Global IP Network. Please see Merit’s RADB site for more complete information about routing registries in general.

RPKI based BGP Origin Validation

NTT GIN rejects RPKI Invalid BGP routes across all eBGP sessions with AS2914.

Further documentation on RPKI can be found at rpki.readthedocs.io.

 

RPKI suppression of conflicting IRR information

NTT GIN utilizes RPKI-aware mode on its Internet Routing Registry service (rr.ntt.net) and will suppress route(6) IIRR records that conflict with published RPKI ROAs.

More information on this functionality can be found at the IRRd RPKI integration documentation.

IRRd version 4 Questions and Answers

Attn: In June 2019, NTT upgraded its Routing Registry service software. The following Questions and Answers list was compiled to address what we suspect would be the most common questions.

Q: What recently changed?
A: NTT updated its Internet Routing Registry service (rr.ntt.net) from IRRd version 2 to IRRd version 4. For the new version 4 series (which is a complete rewrite) every attempt was made to carefully mimic IRRd version 2 and 3’s features.

Q: Does rr.ntt.net still support all whois queries? My software depends on this service.
A: Yes, or at least, we’ve attempted to replicate all existing whois functionality in the new version. We hope that the new IRRd releases will bring a new era of features, service and reliability for rr.ntt.net.

Q: I received an ACL diff, but nothing seems to have changed for our services.
A: It is possible that certain IRR entries which are no longer part of your filter were operationally unnecessary anyway, and as such you didn’t notice any impact. A NTT Customer Engineer can always help you confirm and compare the EBGP prefix filter as installed on NTT’s side, and the list of prefixes you are announcing to NTT or intend to announce to NTT.

Q: How can that change potentially have affected me?
A: During the re-implementation process, the team uncovered some non-deterministic behaviors in legacy versions of IRRd that could not be replicated in version 4 due to their inconsistent nature. Specifically in cases of duplicate AS-SET names across multiple IRR databases older versions of IRRd would often assume an incorrect order of the IRR sources.

Q: I maintain IRR objects in NTTCOM, will my “mntner:” object and password continue to work?
A: Yes, users shouldn’t experience any changes.

Q: What IRR databases does NTT currently consider in its EBGP prefix filter generation process?
A: At this moment, in this specific order: NTTCOM,INTERNAL,LACNIC,RADB,RIPE,RIPE-NONAUTH,ALTDB,BELL,LEVEL3,APNIC,JPIRR,ARIN,BBOI,TC,AFRINIC,IDNIC,RPKI,REGISTROBR,CANARIE. The NTT IP Development team regularly reviews and revises this list.
NTT reserves the right to modify this policy without prior notice.

Q: What is the support email address for NTT’s IRR service “NTTCOM”?
A: The support team can be reached via db-admin@rr.ntt.net.

Q: Where can I find documentation on IRRd 4?
A: All documentation is available via readthedocs.

Q: Is IRRd v4 open source software I can use?
A: Yes, IRRd is free and open source software under a BSD 2-Clause license. The project was developed by Dashcare.nl and funded by NTT. The source code can be found on github.

Q: Where can I find more information about the differences between legacy IRRd and IRRd v4?
A: The following URL documents all inconsistencies: link.

Q: bgpq3 tells me: “ERROR:Error expanding !gas2.405i : F Invalid AS number AS2.405: number part is not numeric”.
A: Support for ASDOT format was removed in IRRd version 4, so we can no longer support this query. Also, we recommend upgrading from bgpq3 to bgpq4 (see the next answer on that topic).

Q: Both bgpq3 and bgpq4 exist, which does NTT recommend using?
A: NTT strongly recommends the use of bgpq4, because bgpq3 does not support the faster, more efficient “!a” queries in IRRd version 4. Using bgpq4 will result in a much faster response, and a better experience for both you and for NTT.

Q: My question is not answered, who can I contact?
A: Please contact the NTT NOC.

Registry Use Policy

The data found on and/or mirrored by NTTCOM Registry servers is strictly for Internet operational purposes only. It may not be used for any other purposes, such as advertising.

Background

The Global IP Network applies filters to routes advertised by customer BGP peers. These filters are built from the Internet Routing Registries (IRRs). Every route wished to be announced by a customer requires an exact prefix to be registered. This is a safeguard to help protect the Global IP Network (and the rest of the Internet) from accidental announcement of prefixes which do not belong to the ASN or similar errors which have caused other ISPs to have (multi-day) outages/instability. Once a customer registers a prefix, they can announce the prefix or any specifics covered by that prefix.

The routing registry whois server used by Global IP Network is the same software in use by the RADB. It conforms to RPSL syntax (see RFC2280, RFC2622, and ISC’s list of Tutorial Materials).

Thus, syntax of objects and operations are almost entirely the same. The only differences are the address for object submission, the hostname for queries, the source: is NTTCOM, and MAIL-FROM authentication is not accepted.

Service Expectations & Policy

Use of the NTTCOM Registry is being made available to Global IP Network customers free of charge. However, the following disclaimers apply:

  • Mail to db-admin@rr.ntt.net and any other issues requiring manual intervention are handled Monday-Friday approximately 1700-0100 UTC. It may take up to 48 hour before the issue can be addressed. Automatic updates to auto-dbm@rr.ntt.net are normally immediate. Actual response time is likely to be better
  • Although maintenance of the routing registry is done on a best-effort basis; the Global IP Network will not be responsible for lost data, lost service, etc. resulting from any failure of this service.
  • Abuse this service will not be tolerated.
  • You are responsible for the email addresses that you place in the NTT Commuications Global IP Network Routing Registry. Updates to NTTCOM Registry data result in email being sent to those addresses, and bad addresses produce bounced mail. The Global IP Network will make a reasonable effort to resolve errors, after which the failing address will be moved to a remark in the registry and will not be used in processing updates.
  • The Global IP Network reserve the right to modify this policy at any time without notice.
  • Customers who leave the Global IP Network will have 1 month to move their objects to another routing registry.
  • The NTT Network Operations Center does not provide assistance with utilizing the NTTCOM Registry or setting up route objects, aut-num objects, and so on

 

Filter Updates

Filter updates (extraction of routes from the NTTCOM Registry and loading new filters onto the routers) are done by an automated process. PLEASE plan your changes ahead of time based on the timeline for update processing outlined in the rest of this section.

 

  • Route lists are built at 0100 UTC. If there is an email address listed in the NTTCOM Registry, unix style uni-diffs will be emailed depicting any changes from the last build of the route list plus a copy of the full list and any errors encountered while expanding your as-set.
  • Updated filters are loaded onto the routers and peers are soft-cleared at 0400 UTC.

Getting Started

The first step in making use of the NTTCOM Registry (like using the RADB) is to register a maintainer object (mntner). This object will be referenced by several other objects (including itself) for authentication and other purposes.

To register a maintainer object complete a maintainer object template and email it to the database administrator (db-admin@rr.ntt.net). The database administrator will insert the object in the NTTCOM Registry database and you will receive an acknowledgement.

Once the maintainer object is registered, all other object additions/changes can be done by using the automatic registry processor. You can add/delete/modify objects by emailing the completed template(s) to email address of the automatic registry processor: auto-dbm@rr.ntt.net.

Add an object:
Complete a template and email it.

Delete an object:
Use the existing object and add a “delete: reason” field to end and email it.

Modify an object:
Modify the existing object and email it.

Multiple adds/deletes/modifies may appear in one email message. Please click here for an example.

Time to create your objects.

Example

Where password: is the cleartext password for the maintainer MAINT-BEARD, the route: is a new route 
object, the as-set is being modified to include AS64999, and the aut-num object is being deleted.

    To: auto-dbm@rr.ntt.net
    From: alias@email.com
    Subject: multiple mods

    password: PasswordTemplate001

    route:         192.168.0.0/16
    descr:         Description title
                   Address line 1
                   Address line 2 with full zip code
    origin:        AS65000
    remarks:       this is non-portable space, no exceptions
    notify:        alias@email.com
    mnt-by:        MAINT-BEARD
    changed:       alias@email.com 19990401
    source:        NTTCOM 

    as-set:        AS-BEARD
    descr:         ASes to which we provide transit (+ our AS)
    members:       AS65000, AS-BIGCUST, AS-STARSHIP, AS-ITSABUST,
                   AS65001, AS64999
    tech-c:        VP0-ARIN
    admin-c:       VP0-ARIN
    notify:        alias@email.com
    mnt-by:        MAINT-BEARD
    changed:       alias@email.com 19990401
    source:        NTTCOM

    aut-num:       AS65000
    as-name:       UNSPECIFIED
    descr:         something
    remarks:       ----------- Customers --------------
    import:        from AS65001
                   action pref=10;
                   accept AS65001 AND NOT {0.0.0.0/0}
    export:        to AS65001
                   announce ANY AND NOT {0.0.0.0/0}
    admin-c:       VP0-ARIN
    tech-c:        VP0-ARIN
    notify:        alias@email.com
    mnt-by:        MAINT-BEARD
    changed:       alial@email.com 19990401
    source:        NTTCOM
    delete:        unused aut-num

How to verify your Objects (making Queries)

Use IRRToolSet (version 4.7 or greater) to query the database for registered objects.

The Global IP Network maintains two servers. rr.ntt.net is the primary server (authoritative for the NTTCOM Registry database) and rr1.ntt.net is a backup.

For example, here is the Global IP Network as-set:

    eng% whois -h rr.ntt.net AS2914:AS-GLOBAL

        as-set:     AS2914:AS-GLOBAL
        descr:      Global IP Network transit customers
        members:    AS2914, AS3949,
                    AS2914:AS-US, AS2914:AS-ASIA, AS2914:AS-EUROPE
        admin-c:    NCGE-VRIO
        tech-c:     NCGE-VRIO
        remarks:    contacts per RFC2142:
        remarks:    Abuse / UCE reports abuse@ntt.net
        remarks:    Security issues security@ntt.net
        mnt-by:     MAINT-NTTCOM-BB
        changed:    boudreat@us.ntt.net  20070413
        source:     NTTCOM

        person:     NTT Communiations Global IP Network Engineering
        address:    NTT
                    8005 S Chester St Ste 200
                    Centennial, CO 80112-3523
                    US
        phone:      +1 303 6451900
        fax-no:     +1 303 7082490
        e-mail:     ip-eng@us.ntt.net
        nic-hdl:    NCGE-VRIO
        remarks:    contacts per RFC2142:
        remarks:    Abuse / UCE reports  abuse@ntt.net
        remarks:    Security issues      security@ntt.net
        mnt-by:     MAINT-NTTCOM-BB
        changed:    boudreat@us.ntt.net  20070413
        source:     NTTCOM

Mirroring the NTTCOM Registry database

NSPs wishing to mirror the NTTCOM Registry database should contact the db-admin@rr.ntt.net.

Contact the Global IP Network Team

Thank you for your interest in the Global IP Network.

Please click the button below and fill out the form, and a representative will contact you shortly.

NTT | Global IP Network
NTT is a global leader in all Internet-related businesses. Our Tier 1 Global IP Network, consistently ranked among the top networks worldwide, spans the Americas, Europe, Asia and Oceania, providing the best possible environment for content, data and video transport through a single autonomous system number (AS2914).