The Internet Routing Registry (IRR) is a set of public databases that allow Internet service providers (ISPs) to publish, and look up, the information they need to determine who is authorized to connect networks to the Internet. By validating this authorization, ISPs seek to prevent accidental or malicious route hijacking, which could cause Internet resources (such as websites and email) and people's Internet access to be interrupted or misdirected.[1] Regional Internet Registries (RIRs) and other organizations maintain Internet Routing Registries that network with each other to create a unified global Internet Routing Registry.[2]
Function
editIn more technical terms, IRRs are databases of Internet route objects for determining and sharing route information and related information used for configuring routers, with the goal of preventing problematic conflicts between Internet service providers. Route objects include autonomous system numbers (ASNs) and IP address prefixes.[2] The earliest IRRs depended on access control to prevent unauthorized parties from entering false route objects. More recently, cryptographic signatures have been employed to allow direct validation of the objects themselves.[vague] Because many IRRs exist, disambiguating conflicts between conflicting or disagreeing route objects held in different IRRs had come to significantly hinder their use prior to the advent of cryptographically signed objects.
Internet Routing Registries work by providing an interlinked hierarchy of objects designed to facilitate the organization of IP routing between organizations, and also to provide data in an appropriate format for automatic programming of routers. Network engineers from participating organizations are authorized to modify the Routing Policy Specification Language (RPSL) objects, in the registry, for their own networks.[3] Then, any network engineer, or member of the public, is able to query the route registry for particular information of interest.
IRRs can have incomplete information and errors.[4] Network operators may neglect to update their IRR entries.[5] Resource Public Key Infrastructure (RPKI) is an alternative approach to validating network routing information, and people have compared IRR data to RPKI data to learn about inconsistencies in IRR data.[6] Network operators can use both IRR and RPKI.[7]
Relevant objects
editSee also
editReferences
edit- ^ Honlue, Musa Stephen (2024-03-22). "Securing Internet Routing with Cryptography: Quick Introduction to RPKI". AFRINIC. Retrieved 2025-08-19.
- ^ a b "Internet Routing Registry (IRR)". ARIN. Retrieved 2025-08-19.
- ^ Durand, Jerome; Pepelnjak, Ivan; Döring, Gert (February 2015). RFC 7454 (BCP 194): BGP Operations and Security (Report). Internet Engineering Task Force. Retrieved 19 August 2025.
- ^ "How accurate are the Internet Route Registries (IRR) | BGPmon". BGPMon. March 28, 2009. Retrieved 2025-08-19.
- ^ Du, Ben (2024-04-15). "A First Look at Suspicious IRR Records". MANRS. Retrieved 2025-08-19.
- ^ Du, Ben (2022-04-07). "IRR hygiene in the RPKI era". APNIC Blog. Retrieved 2025-08-19.
- ^ "Enhancing Internet security with IRR: protection against incorrect route advertisements". INCIBE-CERT. 4 July 2024. Retrieved 19 August 2025.
- ^ "4.2.1 Description of the AUT-NUM Object". Retrieved 28 January 2016.
- ^ "4.2.3 Description of the INET6NUM Object". Retrieved 28 January 2016.
- ^ "4.2.5 Description of the ROUTE Object". Retrieved 28 January 2016.
- ^ "4.2.4 Description of the INETNUM Object". Retrieved 28 January 2016.
- ^ "4.2.6 Description of the ROUTE6 Object". Retrieved 28 January 2016.
- ^ "4.2.7 Description of the AS-SET Object". Retrieved 28 January 2016.
External links
edit- RFC 2622, Routing Policy Specification Language
- RFC 2650, Using RPSL in Practice
- RFC 1786, Representation of IP Routing Policies in a Routing Registry (ripe-81++)
- IRR LIST, A list of routing registries with links to databases and general information