Leonardo Furtado - released on March 18th, 2025.

This tiny project provides a Python-based submission tool for IRRd (Internet Routing Registry Daemon) that leverages the IRRd HTTP API to create, modify, or delete RPSL objects. The tool supports both plain text/JSON input and human-friendly TXT files that include header metadata for actions, passwords, and a "multiple_routes" flag. When enabled, the multiple routes feature automatically subdivides IPv4 (route) or IPv6 (route6) objects into smaller subnets according to configurable rules.

Flexible Input: Accepts full-path files in plain text, JSON, or specially formatted TXT files with header metadata.

TXT files may start with header lines:

action: add|modify|delete password: <password> (optional) multiple_routes: true|false (optional) The tool extracts these values to build the JSON submission payload.

The tool automatically sanitizes the admin-c: and tech-c: fields. For example, "John O. Player" is converted to "JOHN-O-PLAYER," ensuring compliance with IRRd’s requirements.

For IPv4 route objects:

The original object is always included. If multiple_routes: true is specified, additional route objects are generated by subdividing the original network from (prefix length + 1) up to /24.

For IPv6 route6 objects:

The original object is included. If multiple_routes: true is specified, subdivisions are generated from (prefix length + 1) up to /36. If the original prefix is longer than /36, the tool raises an error, as multiple routes are not allowed for prefixes longer than /36.

The tool supports different IRR instances:

• irrd: your own local private IRRd instance (default HTTP API on port 8080)
• altdb: ALTDB (defaults to whois.altdb.net:43)
• radb: RADB (defaults to whois.radb.net:43)
• tc: TC IRR (defaults to whois.tc.net:43)

When processing TXT files, the tool creates a corresponding JSON file in an objects/ folder (filename derived from object type and identifier). Once the API submission is successful, the status in this JSON file is updated to "submitted".

• Docker and Docker Compose
• Python 3.12+
• A running IRRd instance configured to use PostgreSQL and Redis

1. Build the Docker Containers: docker-compose up --build

2. Create the Database Schema: In a separate terminal window/tab, run:

docker-compose exec irrd python -m alembic -c /app/irrd/alembic.ini upgrade head
docker-compose exec postgres psql -U irrd -d irrd -c "\dt"

3. Stop the Docker Container (Foreground): Press CTRL-C in the window running Docker in the foreground.

4. Restart Docker Containers: docker-compose up

Since IRRd does not allow creating maintainer objects via the API, you must manually insert a maintainer into the database. For example, run the following command in another terminal window (and ensure to change the values to reflect whatever it is you require):

docker-compose exec postgres psql -U irrd -d irrd -c "INSERT INTO rpsl_objects (rpsl_pk, object_text, source, object_class, parsed_data) VALUES (
  'MAINT-AS64496',
  E'mntner:          MAINT-AS64496\n\
descr:           FAKE TELECOM\n\
admin-c:         FAKEME5-NICBR\n\
tech-c:          FAKEME5-NICBR\n\
upd-to:          [email protected]\n\
auth:            MD5-PW \$1\$1dwDrK3S\$4U0XfqK1qS/07BvguD6qQ0\n\
mnt-by:          MAINT-AS64496\n\
source:          IRRD',
  'IRRD',
  'mntner',
  E'{}'::json
);"

Verify that the maintainer was created:

docker-compose exec postgres psql -U irrd -d irrd -c "SELECT rpsl_pk, source, object_class, parsed_data FROM rpsl_objects WHERE rpsl_pk = 'MAINT-AS64496';"

Test with WHOIS:

whois -h localhost -p 8043 MAINT-AS64496

TXT Files: A human-friendly TXT file should include header lines followed by the RPSL object. For example:

# MAKE SURE TO CHANGE THE DESIRED ACTION. OPTIONS ARE: add, modify, delete
action: add
password: Juniper
multiple_routes: true
route: 198.18.0.0/15
descr: FAKE TELECOM
origin: AS64496
admin-c: FAKEME5-NICBR
member-of: AS64496:RS-ROUTES
geoidx: BR
geoidx: BRA
geoidx: 021
geoidx: BR-RJ
geoidx: Rio de Janeiro
remarks: ==========================================================
remarks: This is a FAKE TELECOM (AS64496) owned route object
remarks: Abuse/UCE: [email protected]
remarks: Network: [email protected]
remarks: Peering: [email protected]
remarks: Website: http://www.faketelecom.null
remarks: Peering and Routing Policy: http://as64496.peeringdb.com/
remarks: ==========================================================
mnt-by: MAINT-AS64496
notify: [email protected]
changed: [email protected] 20250219
source: IRRD
rpki-ov-state: valid

JSON Files: Alternatively, JSON files can be used. They must include an object with keys like "object_type", "action", "data", and "status".

Run the submission tool by providing the full path to the input file:

python irr_rpsl_submit.py --instance irrd /full/path/to/your_txt_file.txt

The tool will:

1. Read the file.
2. Process header lines (action, password, multiple_routes).
3. Sanitize NIC handle fields.
4. Generate a JSON file in the objects/ folder.
5. If multiple_routes: true is set and the object is a route (or route6), it will generate additional objects as described.
6. Submit the object(s) via the IRRd HTTP API.
7. Update the JSON file's "status" to "submitted" if the submission is successful.

If you see errors such as "500 Internal Server Error" from the API, check the IRRd logs for more details. Sometimes, email notifications (via SMTP) can cause transient failures. You can consider the operation successful if the objects are being created/deleted despite the error.

For IPv4 objects, subdivisions are created up to /24. For IPv6 objects (route6), subdivisions are created up to /36. An error is raised if an IPv6 prefix is longer than /36.

If NIC handle fields (admin-c, tech-c) are not accepted, ensure they are properly sanitized. The tool now converts names like "Leonardo Furtado" into "LEONARDOFURTADO". If an object is created with an incorrect NIC handle, consider adjusting the header file or using the -o override option.

The docker-compose.yml file defines services for IRRd, PostgreSQL, and Redis. Ensure these containers are running as described in the build instructions.

The Alembic migrations in IRRd set up the necessary PostgreSQL schema. Be sure to run the migration commands after building the containers.

The tool uses the IRRd HTTP API endpoint (typically on port 8080 for local IRRd) to submit RPSL objects.

Future enhancements could include support for IPv6 multiple routes beyond /36 (if rules change) and additional logging or error-handling improvements.