Ability to validate AMPRnet prefixes

[bswinnerton]

Today in the BGPeople Discord, Zach of AS206699 asked if Neptune had a way of verifying AMPRnet prefixes other than via email whois (which validates the entire /9). Let's look into ways this can be done safely.

[bswinnerton]

It appears that one way to validate these would be via portal.ampr.org, for example: https://portal.ampr.org/networks.php?a=region&id=192. This isn't automatable, though.

[natesales]

While this is far from ideal, it's possible to parse the portal information to discern the callsign and then perform a lookup to get the name/organization that has been assigned that call. Although not really production-ready, ampr-whois.natesales.net returns a fake mntner with the blocks callsign:

➜  ~ whois -h ampr-whois.natesales.net 44.26.163.0/24
% This is the unofficial AMPRNet WHOIS server.
% Data provided by this server is subject to AMPRNet Terms of Use
% available at http://www.ampr.org
%
% MNTNERs don't have a corresponding mntner object and are generated from
% the callsign of the block in the format of AMPR-MNT-CALLSIGN
%
% To report a data error, contact the AMPRNet portal administrator: https://portal.ampr.org/contact-us.php
% To report a whois daemon or server error, contact [email protected]

inetnum:  44.26.163.0/24
descr:    Nathan Sales
mnt-by:   AMPR-MNT-KJ7DMC
changed:  [email protected] 20200608
remarks:  This inetnum object represents data extracted from the AMPRNet portal.
remarks:  Original data can be found here: https://portal.ampr.org/networks.php?a=region&id=301
source:   AMPR

And the FCC has a public (but slow and lacking modern ciphers) API: https://data.fcc.gov/api/license-view/basicSearch/getLicenses?format=json&searchValue=KJ7DMC

[ewpratten]

Just query RADb. AMPR users who want to announce their space are supposed to request an entry anyways, so the data is mostly all there (except for the occasional person who doesn't remember to ask for an entry)

[tedb]

I have had the same challenge with getting my AMPRnet prefix to be advertised from Neptune. Vultr was able to accept my LoA, but I can understand if Neptune didn't want to do that due to a) the support burden and b) the risk of fraud.

Just query RADb. AMPR users who want to announce their space are supposed to request an entry anyways, so the data is mostly all there (except for the occasional person who doesn't remember to ask for an entry)

Rather than "not remembering" to register one's AMPR prefix with RADb, I suspect the lack of IRR registration is due to exorbitant fees ($425/year for nonprofit).

[ewpratten]

I suspect the lack of IRR registration is due to exorbitant fees

No, RADb entries are made by ARDC for you, for free. You just have to ask for it to be done when you obtain your IP space.

For example:

route:          44.31.62.0/24
origin:         AS54041
descr:          VA3ZZA
admin-c:        SMITH5996-ARIN
tech-c:         SMITH5996-ARIN
notify:         [email protected]
mnt-by:         MAINT-ARDC
changed:        [email protected] 20230209  #22:10:56Z
source:         RADB
last-modified:  2023-11-13T16:14:56Z
rpki-ov-state:  not_found # No ROAs found, or RPKI validation not enabled for source