The SIX has moved to strict route filtering using the Internet Routing Registry (IRR), because it is the right thing to do.

The SIX has two route servers and they both have strict route filtering (as of March 7, 2017). You need to have valid IRR records for the routes your ASN will be announcing in order for them to be accepted by the SIX route servers. You also will need to keep those IRR records up-to-date for any network changes you make.

In order to create valid IRR records so you do not show errors on the SIX participants page, you need to register prefixes as valid route/route6 objects in the IRR registry, or register downstream ASNs as part of your as-set. That can be done at ARIN. However, ARIN is a little difficult to get working properly. An easier path is to use RIPE.

0. If you do not already have a RIPE NCC account, create one. This is a personal account, not an organizational account. If you have one, then login. It is a good idea to setup two-factor verification, and you can do that in your profile.

1. Click on the left side to Create maintainer and person pair. This record must be created before you can create the remaining ones.

2. Create an organization object, by clicking on the left side Create an object and then using the pull-down menu to select "organisation". Use your maintainer object for the mnt-by (it will automatically fill this out if you are still logged in).

3. You must now create an aut-num object. If your ASN was not assigned by RIPE, you must create an "out-of-region" (non-RIPE) placeholder "dummy" aut-num object. This must be done because the "origin:" attribute must not show it is from RIPE. To do this, follow the same link as above to create an aut-num object. For the maintainer field use the following literally, "RIPE-NCC-RPSL-MNT", and then for the password use (again literally), "RPSL" (without the quotes). When using the webupdate mechanism, it will detect that you are creating an aut-num for an ASN that is not managed by RIPE. You can simply create the object with your own maintainer on it. An aut-num object will be created with the status "OTHER", instead of "ASSIGNED", indicating that it is a dummy object. After this, you can create other objects that refer to this aut-num. Keep in mind that if you are using an update method other than webupdates to create a route object for a prefix that is not managed by the RIPE NCC, you must also add the "RPSL" password when submitting it. See the following for more details.

4. For prefixes you directly announce, create a route object for each of your IPv4 netblocks, and create a route6 object for each of your IPv6 netblocks, associating them with your maintainer objects.

5. If you have downstream ASNs, create an as-set object listing them. Then set your PeeringDB IRR Record to be simply your as-set name. (Please no colons in your as-set name. If you must have a colon, email for special handling.)

6. Optionally create a key-cert object with your PGP public key for authorization, it must be formatted correctly, here is an example of correct formatting.

You should be good now! Since RIPE's database is mirrored quickly to RADB, you can check out your IRR data with these commands:

IPv4 prefixes: whois -h '!gasYOUR_ASN_NUM'
IPv6 prefixes: whois -h '!6asYOUR_ASN_NUM'
AS-SET ASNs: whois -h '!iYOUR_AS_SET_NAME'

You should also routinely check the SIX participants page to see if your networks has any errors. The error counts/details reset on a daily basis.

Corrections, additional examples, and questions are welcome at

Tutorial originally contributed by Riseup Networks.