Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Can an IP be geolocated to any IP regardless of RIR ?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Can an IP be geolocated to any IP regardless of RIR ?

Hello all,

As far as i understand , an IP doesn't belong to a specific region and can be geolocated to anywhere but its mostly set to the location of the server. What is the importance of the RIR used ( ARIN , RIPE etc...) , when renting ip addresses?

Is it possible to rent ip addresses in RIPE to be used on a server based in USA for example ?

Thanks for the info

Comments

  • ramnetramnet Member, Host Rep
    edited December 2019

    Short Answer: 1) RIR doesn't matter. 2) Yes.

    Longer Answer:

    Organizations hold resources with a RIR that is in the same region as them.

    IP's can be announced and routed (via BGP) and geolocated (via whois) anywhere the organization holding them requires.

    In the ARIN region for example, I hold some IP addresses directly. I can submit to ARIN a REASSIGN-SIMPLE template to the hostmaster@ to geolocate them to a particular datacenter anywhere in the world that I want (otherwise they would just geolocate to my company main office). If I was renting them to a customer, I can do the same for them for whatever whois information the customer provides to me.

    With BGP, all I have to do is provide an LOA (letter of agency) to my upstream transit provider to BGP announce my IPs with them anywhere in the world. If I rented IP's to a customer to route themselves, I would provide an LOA to my customer which they can pass along to their datacenter / preferred upstream transit provider anywhere in the world.

    I can't speak to how other RIRs work in detail, but it should be a similar process.

    Thanked by 1khav
  • I really wish LOAs would die already. Easily faked paper.

    Thanked by 1khav
  • ClouviderClouvider Member, Patron Provider

    @hzr said:
    I really wish LOAs would die already. Easily faked paper.

    Me too.

    We don’t accept them for any RIPE/APNIC subnet anyway

    Thanked by 1khav
  • Clouvider said: We don’t accept them for any RIPE/APNIC subnet anyway

    I thought you could no longer add route objects for out-of-region ASNs, or is RPKI the expected one?

    Thanked by 1khav
  • ramnetramnet Member, Host Rep
    edited December 2019

    @hzr said:
    I really wish LOAs would die already. Easily faked paper.

    Easily validated against Origin AS, which everyone accepting LOA's should be doing (yet sadly most probably don't).

    https://www.arin.net/resources/registry/originas/

    If somebody wants you to announce their IPs for them and gives you an LOA, the least they can do is declare your AS number in the Origin AS whois field for the block so you know it's legit.

  • SplitIceSplitIce Member, Host Rep

    @Clouvider said:

    @hzr said:
    I really wish LOAs would die already. Easily faked paper.

    Me too.

    We don’t accept them for any RIPE/APNIC subnet anyway

    You require Origin AS?

    Honestly most people just check the name at the bottom against the contacts for the range. If they do any checks at all.

    It's primarily paper to point at after a hijacking to say "it wasnt our fault".

    Thanked by 1khav
  • ClouviderClouvider Member, Patron Provider

    @SplitIce said:

    @Clouvider said:

    @hzr said:
    I really wish LOAs would die already. Easily faked paper.

    Me too.

    We don’t accept them for any RIPE/APNIC subnet anyway

    You require Origin AS?

    Honestly most people just check the name at the bottom against the contacts for the range. If they do any checks at all.

    It's primarily paper to point at after a hijacking to say "it wasnt our fault".

    For APNIC/RIPE route(6) object is strictly required.

    For ARIN we accept the LoA but we strongly suggest that the route object is created instead as many peers will built their own prefix lists on IX, etc, for optimal routing.

  • Clouvider said: For APNIC/RIPE route(6) object is strictly required.

    Is it still possible to add an ARIN or APNIC ASN onto a RIPE route object? I thought that was restricted a while ago

  • SplitIceSplitIce Member, Host Rep

    @Cloudvider do remember that doesn't mean much if that route object is for their own ASN.

    If that's all you use someone could send you the request to announce one of my ranges, under my ASN. There are route(6) objects for those in APNIC whois. Doesn't mean I'm authorizing you (or anyone else) to announce my ranges.

  • trewqtrewq Administrator, Patron Provider

    @hzr said:

    Clouvider said: For APNIC/RIPE route(6) object is strictly required.

    Is it still possible to add an ARIN or APNIC ASN onto a RIPE route object? I thought that was restricted a while ago

    Yes, it's possible.

    Thanked by 1Clouvider
  • ClouviderClouvider Member, Patron Provider

    @SplitIce said:
    @Cloudvider do remember that doesn't mean much if that route object is for their own ASN.

    If that's all you use someone could send you the request to announce one of my ranges, under my ASN. There are route(6) objects for those in APNIC whois. Doesn't mean I'm authorizing you (or anyone else) to announce my ranges.

    True, sufficient malicious intent at scale surely can bypass verification through fraud to a degree, but I was talking about not accepting LoAs for a subnet from regions where route(6) objects are popular, and surely that’s a good practise.

Sign In or Register to comment.