August 1994 - db-wg - mailman.ripe.net

2nd draft agenda for DB-WG in Lisbon
by Wilfried Woeber, UniVie/ACOnet 31 Aug '94

31 Aug '94

Dear folks, this is the *2nd* draft agenda for the Lisbon Database-WG meeting. Thanks for the input received so far! I tried to - slightly rearrange the individual items - key the topics indicating the type of activity expected - provide a list of references to have ourselves prepared :-) Any feedback appreciated! Wilfried. -------------------------------------------------------------------------------- 2nd Draft: Proposed Agenda for the DB-Working-Group at RIPE-19, Lisbon. ----------------------------------------------------------------------- 0. Opening (30') . appointment of scribe . amendment/rearrangement of agenda . any admin stuff I . review of DB-WG in the context of a changing RIPE x. The Classless Database (60') S . review of beta (as announced by Marten Terpstra) S . review of requirements and scheduled changes A . (ripe-clarep, ripe-inetnum) document review, and decision x. Database Operations Review (60') A . (ripe-auth) proposed guardian mechanism changes A . (inet-rtr) proposed router object review and decision A . RIPE-Handles (flag day?) I . any loose ends? (experiences) I . ownership of objects, update, coordination (Daniel Kalchev) I . need for new types of lookup/backlinks? (Havard Eidnes) x. Interworking with other regions (30') S . DB-Exchange (status) S . RWhois, aggrwalk, ... x. CLNS Routing Registry (10') A . status review and decision about further activities Z. AOB Key: I ... Informal discussion S ... review of Status, on-going A ... discussion and Approval requested Supporting documents: ftp://ftp.ripe.net/ripe/drafts/ripe-clarep.txt ftp://ftp.ripe.net/ripe/drafts/ripe-inetnum.txt ftp://ftp.ripe.net/ripe/drafts/inet-rtr.txt ftp://ftp.ripe.net/ripe/drafts/ripe-auth.txt (a "transition document" to be announced by the NCC) -------------------------------------------------------------------------- Wilfried Woeber : e-mail: Wilfried.Woeber(a)CC.UniVie.ac.at Computer Center - ACOnet : Vienna University : Tel: +43 1 4065822 355 Universitaetsstrasse 7 : Fax: +43 1 4065822 170 A-1010 Vienna, Austria, Europe : NIC: WW144 --------------------------------------------------------------------------

1 0

1st draft agenda for DB-WG in Lisbon
by Wilfried Woeber, UniVie/ACOnet 31 Aug '94

31 Aug '94

Dear folks, attached is the *1st* attempt on a draft agenda for the Lisbon Database-WG meeting. Due to the fact that I'll leave Vienna on Monday the 5th of September, I'd ask for comments, suggestions, etc. before Friday to allow for distribution of the next draft agenda to the ripe-list before Monday 5th. This draft is based on the assumption that (again) the ripe-81++ stuff will be reviewed by the Routing-WG (Jean-Michel?). Could the NCC people please point me to the items that need a decision in Lisbon (if any). I'd like to try for one more (and actually maybe for the last time) to get a WG scheduling agreed that allows active participation by a reasonable number of interested people to really facilitate consensus and decisions... Any feedback appreciated! Wilfried. -------------------------------------------------------------------------------- 1st Draft -- 1st Draft -- 1st Draft Draft agenda for the DB-Working-Group at RIPE-19, Lisbon. --------------------------------------------------------- 0. Opening (30') . appointment of scribe . amendment/rearrangement of agenda . any admin stuff . review of DB-WG in the context of a changing RIPE x. The Classless Database (60') . review of beta (as announced by Marten T.) . review of requirements and scheduled changes . document review (ripe-clarep, ripe-inetnum) . discussion and decision x. Database Operations Review (60') . potential guardian mechanism changes . RIPE-Handles . any loose ends? (experiences) . ownership of objects and update responsibility and coordination (Daniel K.) . need for new types of lookup/backlinks? (Havard E.) x. Interworking with other regions (30') . DB-Exchange (status) . RWhois, aggrwalk, ... x. CLNS Routing Registry (10') . status review and decision about further activities Z. AOB -------------------------------------------------------------------------- Wilfried Woeber : e-mail: Wilfried.Woeber(a)CC.UniVie.ac.at Computer Center - ACOnet : Vienna University : Tel: +43 1 4065822 355 Universitaetsstrasse 7 : Fax: +43 1 4065822 170 A-1010 Vienna, Austria, Europe : NIC: WW144 --------------------------------------------------------------------------

3 2

Testing classless database
by Marten Terpstra 30 Aug '94

30 Aug '94

Folks, As you may have guessed, we have put quite some work over the last few months into getting the RIPE database classless. We currently have a beta implementation running, with the idea that we will switch to this software shortly after the RIPE meeting. We would like you to have a look at the whois server we currently have running on my workstation rijp.ripe.net. If you have some time, please fire off some queries to this machine to see if the server responds like you would expect it to respond. A few things: - the new server is slightly slower than the current one. This mainly because of the classless lookups, and the fact that the database is no longer kept in one file, but seperate files per object type, each with their own index. Also the server uses data on a remote file system. - although the server supports more and less specific lookups for networks, the current client you may have will not support this. A new client will be given out as soon as this has been properly tested at the NCC. - you can now specify network lookups of the forms: 192.87.45.1 192.87.45.1/32 ie host addresses are recognized, and prefix/length lookups are recognized. The old style queries like "128.141" are still supported as well. - the default behaviour for network queries is that the server will give an exact match if available or the first less specific match for this query. So for host or subnet queries, the server will output the classful network mostly. - the test database is aligned with the real database for most of the data. We have also put in quite some test data like the ripe-81 routes and some inet-rtr objects. Please use this database only for testing, not for authoritative output. Because we are still working on all this, the new objects may sometimes show up and sometimes not. - we have also generated objects for the class C blocks that we have delegated to local IRs. So, for queries of non-assigned numbers, you should get the class C block they come out of. Basically we would like to get an idea from you that we have not changed the look and feel of the server in a way that may cause tools you may have that use the whois server to fail. If you find any problems, please direct them to me personally. Cheers, -Marten PS Please note you have to do: whois -h rijp.ripe.net <query> to get the new database software to respond.

1 0

Alternative nic-hdl reference syntax?
by Havard Eidnes 29 Aug '94

29 Aug '94

Hi, see the attached which contains my original question/suggestion and Tony's response. My main motivation for wanting this is to make it easier to see the references when a subset of the database is presented (without having to follow the nic-hdl cross-references). Such a superset might be an overview of all the objects a given person is registered as contact (either admin- or tech-) for. I have plans to make people more aware of the fact that they are registered as contacts and their roles and responsibilities in connection with this (e.g for the domain objects, where I have my own set of roles and responsibilities I want to make them aware of). I agree that what I am asking for is syntactic sugar, and that "pulling up" the names instead of the NIC handles in the objects could be done by my "database extraction" tool rather than having it implemented in the database. I do however not think that I myself had the idea for the syntax for the reference (in tech-c and admin-c), but I can't think of where I have seen it suggested before. This is merely to suggest the issue and not put too much pressure behind it; I can take "no" for an answer. Oh, yes, while on a bordering issue I probably should mention this (although it is beginning to deviate from the main issue in this letter, modify Subject line if you respond to this): The description of what kind of roles and responsibilities the contact persons are supposed to have are IMHO a bit imprecisely defined. This may be intentionally, but then again it may not. I personally would be happy with a better clarification on this point (I am referring to the descriptions in the documents ripe-50 etc., I'm sorry that I haven't kept track of whether the new database documents are out yet). - Havard

1 0

A summary of changes of RIPE-81++ from last RIPE meeting
by Tony Bates 26 Aug '94

26 Aug '94

This is the promised summary of changes of document to help focus discussion at the forthcoming RIPE meeting. URL: ftp://ftp.ripe.net/ripe/drafts/ripe-81++.changes.txt -- Text version URL: ftp://ftp.ripe.net/ripe/drafts/ripe-81++.changes.ps -- PS version --Tony. Summary of changes in RIPE-81++ from previous RIPE Meeting. Tony Bates 23rd August, 1994 1. Introduction In an effort to focus discussion for the forthcoming RIPE meeting in Lisbon in September I have made a brief outline of the changes to the RIPE-81++ draft from the last RIPE meeting. It is divided into two sections; basic and major changes. The major changes section will be most relevant for the forthcoming RIPE meeting and in par- ticular the RIPE routing working group. The latest RIPE-81++ draft is available from: URL: ftp://ftp.ripe.net/ripe/drafts/ripe-81++.{ps,txt} 2. Basic Agreed Changes This sections details the changes that were agreed and have been fully incorporated into the current draft of RIPE-81++. All the changes are with respect to the RIPE-81++ proposal tabled at the RIPE meeting in Amsterdam in May, 1994. In each case only very brief detail is given as these changes have been agreed by consensus. Network Lists. Add the use of network lists in the routing policy expression com- ponent. This will be in the form proposed by Merit. i.e. list of nets separate by commas within braces: { 35.0.0.0/8, 192.87.45.0/24 } Extension to "default" attribute There is a set of additional OPTIONAL components added to the default attribute. See RIPE-81++ for more details. - 2 - Syntactic SUGAR We added in the additional reserved words to make the syntax clearer. NOTE: the reserved words will all be in lower-case to dis- tinguish them from special policy keywords and communities. Here is a summary of current SUGAR to add and where. accept announce exclude from to transit Examples of the usage of the reserved words are: as-in: from neighborAS accept route as-out: to neighborAS announce route as-exclude: exclude ASpath to destination as-transit: transit ASpath to destination default: from neighborAS accept route default: to neighborAS announce route Note: that as-transit is an experimental attribute. See below. Network Representation We used the "prefix length" notation documented in the classless proposal paper. i.e. 35.0.0.0/8 192.87.45.0/24 "as-reject" changed to "as-exclude" The text remained the same. The name of the attribute changed. 3. Major Changes This section details the major changes with respect to the draft - 3 - presented at the RIPE meeting in Amsterdam in May, 1994. The "component" attribute is gone The component attribute was dropped as it was deemed to be too com- plex to understand and too difficult to maintain and guard. The out- come of this is two new attributes and one new object that facili- tate the functionality of the component attribute 1) withdrawn attribute Often is is useful to show a route that has been withdrawn from the routing table. The has become very important now that CIDR is deployed as service providers start to withdraw more specific routes from an aggregate. 2) hole attribute For tools in can be very useful to indicate "holes" in a CIDR aggregate where there is currently no expected connectivity. 3) inet-rtr object This allows you to detail the interfaces of a router as well as the AS the router belong to. This is extremely useful for routes/networks which fall into the category of what used to be called "inter-as networks" described by the proposed to be obsoleted "ias-int" attribute in the "inetnum" object. This object is described in: Bates, T., "Specifying an `Internet Router' in the Routing Registry", July, 1994. DRAFT. URL: ftp://ftp.ripe.net/drafts/inet-rtr.{ps,txt} The "interas-in" and "interas-out" attributes. This is an additional set of attributes added to detail local poli- cies between any two ASes which have more than one interconnecting link. This description is necessary only if the ASs are connected in more than one way and the routing policy and differs at these two connections. Example: LINK1 193.0.1.1 +----------+ 193.0.1.2 | | AS1------AS2== ==AS3-----AS4 | | 193.0.1.5 +----------+ 193.0.1.6 LINK2 - 4 - Descriptions of interas policies do not replace the global pol- icy described in as-in, as-out and other policy attributes which always describes the global policy between the two ASes. The interas-in/out attributes only specify local variations to the glo- bal policy described in the other attributes. If the global policy mentions more routes than the local policy then local preferences for these routes are assumed to be equal for all links. A simple extendable syntax has been defined for this additional information. For details of this refer to the ripe-81++ draft. Possible outstanding issues with interas-in/interas-out A major discussion point came from these attributes The ordering There were two styles of ordering proposed. A) interas-in: <my id> [from] ASxx <neighbor id> <pref> <pol- icy> B) interas-in: [from] ASxxx <my id> <neighbor id> <pref> <pol- icy> Fortunately, an executive decision has been made by the chair of the RIPE routing group to go with option B. The main reason behind this is for consistency with the as-in and as-out attri- butes. Clarification of evaluation of operators. Some text has been added to clarify the ordering of how the logical operators are evaluated in routing policy expressions and what they actually mean. It was recognised that ripe-81++ was weak on this point. This text is taken verbatim from the ripe-81++ draft: .... <routing policy expression> can take the following formats. 1. A list of one or more ASes, AS Macros, Communities or Net- work Lists. A Network List is a list of network numbers in prefix length format, separated by commas, and surrounded by curly brackets (braces, i.e. `{' and '}'). Examples: - 5 - as-in: from AS1103 100 accept AS1103 as-in: from AS786 105 accept AS1103 as-in: from AS786 10 accept AS786 HEPNET as-in: from AS1755 110 accept AS1103 AS786 as-in: from AS3333 100 accept {192.87.45.0/16, 128.141.0.0/16} 2. A set of KEYWORDS. The following KEYWORD is currently defined: ANY this means anything the neighbour AS knows. 3. A logical expression of either 1 or 2 above The current logical operators are defined as: AND OR NOT This operators are defined as true BOOLEAN operators even if the operands themselves do not appear to be BOOLEAN. Their operations are defined as follows: Operator Operation Example OR UNION AS1 OR AS2 | +-> all routes in AS1 or AS2. AND INTERSECTION AS1 AND HEPNET | +-> a route in AS1 and belonging to community HEPNET. NOT COMPLEMENT NOT AS3 | +-> any route except AS3 routes. Rules are grouped together using parenthesis i.e "(" and ")". The ordering of evaluation of operators and there associa- tion is as follows: Operator Associativity () left to right NOT right to left AND left to right OR left to right - 6 - NOTE: if no logical operator is given between ASes, AS- macros, Communities, Network Lists and KEYWORDS it is implicitly evaluated as an `OR' operation. The OR can be left out for conciseness. However, please note the opera- tors are still evaluated as below so make sure you include parentheses whenever needed. To highlight this here is a simple example. If we denoted a policy of for example; from AS1755 I accept all routes except routes from AS1, A2 and AS3 and you enter the following as-in line. as-in: from AS1755 100 accept NOT AS1 AS2 AS3 This will be evaluated as: as-in: from AS1755 100 accept NOT AS1 OR AS2 OR AS3 Which in turn would be evaluated like this: (NOT AS1) OR AS2 OR AS3 -> ((ANY except AS1) union AS2) union AS3) --> (ANY except AS1) This is clearly incorrect and not the desired result. The correct syntax should be: as-in: from AS1755 100 accept NOT (AS1 AS2 AS3) Producing the following evaluation: NOT (AS1 OR AS2 OR AS3) -> (ANY) except (union of AS1, AS2, AS3) Which depicts the desired routing policy. Note that can also be written as below which is perhaps somewhat clearer: as-in: from AS1755 100 accept ANY AND NOT (AS1 OR AS2 OR AS3)

1 0

More modification to RIPE-81++
by Tony Bates 24 Aug '94

24 Aug '94

Unfortunately, a couple of small changes needed to be made to the RIPE-81++ draft. The changes concern the semantics, ordering and associativity of the logical operators defined for the routing policy expression syntax. My thanks to Cengiz Alaettinoglu at ISI for pointing this out to me. The other change was to make the local-rid and remote-rid fields mandatory in the interas-in/interas-out attributes to avoid ambiguity in the syntax. This I hope to be the last change before the RIPE meeting. The latest draft is available as: URL ftp://ftp.ripe.net/ripe/drafts/ripe-81++.ps URL ftp://ftp.ripe.net/ripe/drafts/ripe-81++.txt I will not include a copy of the text this time ;-). Please also note I will send a very brief summary of changes document out on Friday to help focus discussion at the RIPE meeting. --Tony.

1 0

Latest and final draft of ripe-81++
by Tony Bates 22 Aug '94

22 Aug '94

Please find below the last draft of ripe-81++ to be issued before the RIPE meeting. The changes are only slight but include some comments from Kannan Varadhan sent direclty to me and a further slight clarification to the interas-in/interas-out text as well as the Table of Contents being updated to be correct. I intened to send out a seperate `short' document summarising the major changes from the last meeting and also highlighting any currently open issues to focus the discussion at the forthcoming RIPE meeting. As usual the draft is available as: ftp://ftp.ripe.net/drafts/ripe-81++.{ps,txt} Regards, --Tony. Representation of IP Routing Policies in a Routing Registry (ripe-81++) DRAFT DRAFT DRAFT Tony Bates Elise Gerich Laurent Joncheray Jean-Michel Jouanigot Daniel Karrenberg Marten Terpstra Jessica Yu Document-ID: ripe-1nn Obsoletes: ripe-81 August, 1994 ABSTRACT This document is an update to the original `ripe- 81'[1] proposal for representing and storing routing polices within the RIPE database. It incorporates several extensions proposed by Merit Inc.[2] and gives details of a generalised IP routing policy representa- tion to be used by all Internet routing registries. It acts as both tutorial and provides details of database objects and attributes that use and make up a routing registry. ripe-1nn.txt August, 1994 - 2 - Table of Contents 1 Introduction ................................................ 3 2 Organisation of this Document ............................... 3 3 General Representation of Policy Information ................ 4 4 The Routing Registry and the RIPE Database .................. 10 5 The Route Object ............................................ 14 6 The Autonomous System Object ................................ 23 7 The AS Macro Object ......................................... 30 8 The Community Object ........................................ 31 9 Representation of Routing Policies .......................... 34 10 Future Extensions .......................................... 43 11 References ................................................. 45 12 Authors Addresses .......................................... 46 Appendix A - Syntax for the "aut-num" object .................. 48 Appendix B - Syntax for the "community" object ................ 57 Appendix C - Syntax for the "as-macro" object ................. 61 Appendix D - Syntax for the "route" object .................... 65 Appendix E - List of reserved words ........................... 69 Appendix F - Motivations for RIPE-81++ ........................ 70 Appendix G - Transition strategy .............................. 72 ripe-1nn.txt August, 1994 - 3 - 1. Introduction This document is a much revised version of the RIPE routing registry document known as ripe-81[1]. Since its inception in February, 1993 and the establishment of the RIPE routing registry, several addi- tions and clarifications have come to light which can be better presented in a single updated document rather than separate addenda. Some of the text remains the same the as the original ripe-81 docu- ment keeping its tutorial style mixed with details of the RIPE data- base objects relating to routing policy representation. However this document does not repeat the background and historical remarks in ripe-81. For these please refer to the original document. It should be noted that whilst this document specifically references the RIPE database and the RIPE routing registry one can easily read "Regional routing registry" in place of RIPE as this representation is certainly general and flexible enough to be used outside of the RIPE community incorporating many ideas and features from other routing registries in this update. As you can see this document has a new RIPE document identification number but can also be referred to as ripe-81++. Appendix F summar- ises the changes from ripe-81 plus the motivation for these changes. We would like to acknowledge many people for help with this docu- ment. Specifically, Peter Lothberg who was a co-author of the ori- ginal ripe-81 document for his many ideas and Gilles Farrache. We would also like to thank the RIPE routing working group for their review and comment. Finally, we like to thank Merit Inc. for many constructive comments and ideas and making the routing registry a worldwide Internet service. We would also like to acknowledge the funding provided by the PRIDE project run in conjunction with the RARE Technical Program, RIPE and the RIPE NCC without which this paper would not have been possible. 2. Organisation of this Paper This paper acts as both a basic tutorial for understanding routing policy and provides details of objects and attributes used within an Internet routing registry to store routing policies. Section 3 describes general issues about IP routing policies and their representation in routing registries. Experienced readers may wish to skip this section. Section 4 provides an overview of the RIPE database, its basic concepts, schema and objects which make up the database itself. It highlights the way in which the RIPE database splits routing information from allocation information. Sections 5, 6, 7 and 8 detail all the objects associated with routing policy representation. Section 9 gives a fairly extensive "walk through" of how these objects are used for expressing routing policy and the general principles behind their use. Section 10 provides a list of references used throughout this document. Appendix A, B, C and D document the formal syntax for the database objects and attributes. Appendix F details the main changes from ripe-81 and motivations for these changes. Appendix G tackles the issues of transition from ripe-1nn.txt August, 1994 - 4 - ripe-81 to ripe-81++. ripe-1nn.txt August, 1994 - 5 - 3. General Representation of Policy Information Networks, Network Operators and Autonomous Systems Throughout this document an effort is made to be consistent with terms so as not to confuse the reader. When we talk about "networks" we mean physical networks which have a unique classless IP network number: Layer 3 entities. We do not mean organisations. We call the organisations operating networks "network operators". For the sake of the examples we divide network operators into two categories: "service providers" and "customers". A "service pro- vider" is a network operator who operates a network to provide Internet services to different organisations, its "customers". The distinction between service providers and customers is not clear cut. A national research networking organisation frequently acts as a service provider to Universities and other academic organisations, but in most cases it buys international connectivity from another service provider. A University networking department is a customer of the research networking organisation but in turn may regard University departments as its customers. An Autonomous System (AS) is a group of IP networks having a single clearly defined routing policy which is run by one or more network operators. Inside ASes IP packets are routed using one or more Inte- rior Routing Protocols (IGPs). In most cases interior routing deci- sions are based on metrics derived from technical parameters like topology, link speeds and load(1). ASes exchange routing information with other ASes using Exterior Routing Protocols (EGPs). Exterior routing decisions are frequently based on policy based rules rather than purely on technical parame- ters. Tools are needed to configure complex policies and to commun- icate those policies between ASes while still ensuring proper opera- tion of the Internet as a whole. Some EGPs like BGP-3 [8] and BGP-4 [9] provide tools to filter routing information according to policy rules and more. None of them provides a mechanism to publish or com- municate the policies themselves. Yet this is critical for opera- tional coordination and fault isolation among network operators and thus for the operation of the global Internet as a whole. This document describes a "Routing Registry" providing this functional- ity. _________________________ (1) The entity we refer to as an AS is frequently and more generally called a routing domain with the AS just being an implementation vehicle. We have decided to use the term AS exclusively because it relates more direct- ly with the database objects and routing tools. By us- ing only one term we hope to reduce the number of con- cepts and to avoid confusion. The academically inclined reader may forgive us. ripe-1nn.txt August, 1994 - 6 - Routing Policies The exchange of routing information between ASes is subject to rout- ing policies. Consider the case of two ASes, X and Y exchanging routing information: NET1 ...... ASX <---> ASY ....... NET2 ASX knows how to reach a network called NET1. It does not matter whether NET1 is belonging to ASX or some other AS which exchanges routing information with ASX either directly or indirectly; we just assume that ASX knows how to direct packets towards NET1. Likewise ASY knows how to reach NET2. In order for traffic from NET2 to NET1 to flow between ASX and ASY, ASX has to announce NET1 to ASY using an external routing protocol. This states that ASX is willing to accept traffic directed to NET1 from ASY. Policy thus comes into play first in the decision of ASX to announce NET1 to ASY. In addition ASY has to accept this routing information and use it. It is ASY's privilege to either use or disregard the information that ASX is willing to accept traffic for NET1. ASY might decide not to use this information if it does not want to send traffic to NET1 at all or if it considers another route more appropriate to reach NET1. So in order for traffic in the direction of NET1 to flow between ASX and ASY, ASX must announce it to ASY and ASY must accept it from ASX: resulting packet flow towards NET1 <<=================================== | | announce NET1 | accept NET1 --------------> + -------------> | AS X | AS Y | <------------- + <-------------- accept NET2 | announce NET2 | | resulting packet flow towards NET2 ===================================>> Ideally, and seldom practically, the announcement and acceptance policies of ASX and ASY are identical. ripe-1nn.txt August, 1994 - 7 - In order for traffic towards NET2 to flow, announcement and accep- tance of NET2 must be in place the other way round. For almost all applications connectivity in just one direction is not useful at all. It is important to realise that with current destination based for- warding technology routing policies must eventually be expressed in these terms. It is relatively easy to formulate reasonable policies in very general terms which CANNOT be expressed in terms of announc- ing and accepting networks. With current technology such policies are almost always impossible to implement. Usually policies are not configured for each network separately but for groups of networks. In practise these groups are almost always defined by the networks forming one or more ASes. Routing Policy limitations The generic example of a reasonable but un-implementable routing is a split of already joined packet streams based on something other than destination address. Once traffic for the same destination network passes the same router, or the same AS at our level of abstraction, it will take exactly the same route to the destina- tion(2). In a concrete example AS Z might be connected to the outside world by two links. AS Z wishes to reserve these links for different kinds of traffic, let's call them black and white traffic. For this purpose the management of AS Z keeps two lists of ASes, the black and the white list. Together these lists comprise all ASes in the world reachable from AS Z. "W" <---> ... AS Z .... NET 3 <---> "B" It is quite possible to implement the policy for traffic originating in AS Z: AS Z will only accept announcements for networks in white ASes on the white link and will only accept announcements for net- works in black ASes on the black link. This causes traffic from networks within AS Z towards white ASes to use the white link and likewise traffic for black ASes to use the black link. Note that this way of implementing things makes it necessary to decide on the colour of each new AS which appears before traffic can be sent to it from AS Z. A way around this would be to accept only _________________________ (2) Disregarding special cases like "type of service" routing, load sharing and routing instabilities. ripe-1nn.txt August, 1994 - 8 - white announcements via the white link and to accept all but white announcements on the black link. That way traffic from new ASes would automatically be sent down the black link and AS Z management would only need to keep the list of white ASes rather than two lists. Now for the unimplementable part of the policy. This concerns traffic towards AS Z. Consider the following topology: B AS ---) "W" W AS ---) ---> B AS ---)>> AS A ---> ... AS Z .... NET 3 B AS ---) ---> W AS ---) "B" As seen from AS Z there are both black and white ASes "behind" AS A. Since ASes can make routing decisions based on destination only, AS A and all ASes between AS A and the two links connecting AS Z can only make the same decision for traffic directed at a network in AS Z, say NET 3. This means that traffic from both black and white ASes towards NET 3 will follow the same route once it passes through AS A. This will either be the black or the white route depending on the routing policies of AS A and all ASes between it and AS Z. The important thing to note is that unless routing and forwarding decisions can be made based on both source and destination addresses, policies like the "black and white" example cannot be implemented in general because "once joined means joined forever". Access Policies Access policies contrary to routing policies are not necessarily defined in terms of ASes. The very simplest type of access policy is to block packets from a specific network S from being forwarded to another network D. A common example is when some inappropriate use of resources on network D has been made from network S and the prob- lem has not been resolved yet. Other examples of access policies might be resources only accessible to networks belonging to a par- ticular disciplinary group or community of interest. While most of these policies are better implemented at the host or application level, network level access policies do exist and are a source of connectivity problems which are sometimes hard to diagnose. There- fore they should also be documented in the routing registry accord- ing to similar requirements as outlined above. Routing vs. Allocation information The RIPE database contains both routing registry and address space allocation registry information. In the past the database schema combined this information. Because RIPE was tasked with running both an allocation and routing registry it seemed natural to initially ripe-1nn.txt August, 1994 - 9 - combine these functions. However, experience has shown that a clear separation of routing information from allocation is desirable. Often the maintainer of the routing information is not the same as the maintainer of the allocation information. Moreover, in other parts of the world there are different registries for each kind of information. Whilst the actual routing policy objects will be introduced in the next section it is worthy of note that a transition from the current objects will be required. Appendix G details the basic step of such a transition. This split in information represents a significant change in the representational model of the RIPE database. Appendix F expands on the reasons for this a little more. Tools The network operators will need a series of tools for policy rout- ing. Some tools are already available to perform some of the tasks. Most notably, the PRIDE tools [3] from the PRIDE project started in September 1993 as well as others produced by Merit Inc [4] and CERN [5]. These tools will enable them to use the routing policy stored in the RIPE routing registry to perform such tasks as check actual routing against policies defined, ensure consistency of policies set by dif- ferent operators, and simulate the effects of policy changes. Work continues on producing more useful tools to service the Inter- net community. ripe-1nn.txt August, 1994 - 10 - 4. The Routing Registry and the RIPE Database One of the activities of RIPE is to maintain a database of Euro- pean IP networks, DNS domains and their contact persons along with various other kinds of network management information. The database content is public and can be queried using the whois protocol as well as retrieved as a whole. This supports NICs/NOCs all over Europe and beyond to perform their respective tasks. The RIPE database combines both allocation registry and routing registry functions. The RIPE allocation registry contains data about address space allocated to specific enterprises and/or delegated to local registries as well as data about the domain name space. The allocation registry is described in separate documents [6,7] and outside the scope of this document. Database Objects Each object in the database describes a single entity in the real world. This basic principle means that information about that entity should only be represented in the corresponding data- base object and not be repeated in other objects. The whois ser- vice can automatically display referenced objects where appropriate. The types of objects stored in the RIPE database are summarised in the table below: R Object Describes References ____________________________________________________________________ B person contact persons A inetnum IP address space person A domain DNS domain person R aut-num autonomous system person (aut-num,community) R as-macro a group of autonomous systems person, aut-num R community community person R route a route being announced aut-num, community R clns CLNS address space and routing person The first column indicates whether the object is part of the alloca- tion registry (A), the routing registry (R) or both (B). The last column indicates the types of objects referenced by the particular type of object. It can be seen that almost all objects reference contact persons. Objects are described by attributes value pairs, one per line. Objects are separated by empty lines. An attribute that consists ripe-1nn.txt August, 1994 - 11 - of multiple lines should have the attribute name repeated on consecutive lines. The information stored about network 192.87.45.0 consists of three objects, one inetnum object and two person objects and looks like this: inetnum: 192.87.45.0 netname: RIPE-NCC descr: RIPE Network Coordination Centre descr: Amsterdam, Netherlands country: NL admin-c: Daniel Karrenberg tech-c: Marten Terpstra rev-srv: ns.ripe.net rev-srv: ns.eu.net notify: ops(a)ripe.net changed: tony(a)ripe.net 940110 source: RIPE person: Daniel Karrenberg address: RIPE Network Coordination Centre (NCC) address: Kruislaan 409 address: NL-1098 SJ Amsterdam address: Netherlands phone: +31 20 592 5065 fax-no: +31 20 592 5090 e-mail: dfk(a)ripe.net nic-hdl: DK58 changed: ripe-dbm(a)ripe.net 920826 source: RIPE person: Marten Terpstra address: RIPE Network Coordination Centre (NCC) address: PRIDE Project address: Kruislaan 409 address: NL-1098 SJ Amsterdam address: Netherlands phone: +31 20 592 5064 fax-no: +31 20 592 5090 e-mail: Marten.Terpstra(a)ripe.net nic-hdl: MT2 notify: marten(a)ripe.net changed: marten(a)ripe.net 931230 source: RIPE Objects are stored and retrieved in this tag/value format. The RIPE NCC does not provide differently formatted reports because any desired format can easily be produced from this generic one. ripe-1nn.txt August, 1994 - 12 - Routing Registry Objects The main objects comprising the routing registry are "aut-num" and "route", describing an autonomous system and a route respectively. It should be noted that routes not described in the routing registry should never be routed in the Internet itself. The autonomous system (aut-num) object provides contact information for the AS and describes the routing policy of that AS. The routing policy is described by enumerating all neighbouring ASes with which routing information is exchanged. For each neighbour the routing policy is described in terms of exactly what is being sent (announced) and allowed in (accepted). It is important to note that this is exactly the part of the global policy over which an AS has direct control. Thus each aut-num object describes what can indeed be implemented and enforced locally by the AS concerned. Combined together all the aut-num objects provide the global routing graph and permit to deduce the exact routing policy between any two ASes. While the aut-num objects describe how routing information is pro- pagated, the route object describes a single route injected into the external routing mesh. The route object references the AS injecting (originating) the route and thereby indirectly provides contact information for the originating AS. This reference also provides the primary way of grouping routes into larger collections. This is necessary because describing routing policy on the level of single routes would be awkward to impractical given the number of routes in the Internet which is about 20,000 at the time of this writing. Thus routing policy is most often defined for groups of routes by originating AS. This method of grouping is well supported by current exterior routing protocols. The route object also refer- ences community objects described below to provide another method of grouping routes. Modification of aut-num object itself and the referencing by route objects is strictly protected to provide net- work operators control over the routing policy description and the routes originated by their ASes. Sometimes even keeping track of groups of routes at the AS level is cumbersome. Consider the case of policies described at the transit provider level which apply transitively to all customers of the transit provider. Therefore another level of grouping is provided by the as-macro object which provides groups of ASes which can be referenced in routing policies just like single ASes. Membership of as-macro groups is also strictly controlled. Sometimes there is a need to group routes on different criteria than ASes for purposes like statistics or local access policies. This is provided by the community object. A community object is much like an AS but without a routing policy. It just describes a group of routes. This is not supported at all by exterior routing protocols and depending on aggregation of routes may not be generally usable to define routing policies. It is suitable for local policies and non-routing related purposes. ripe-1nn.txt August, 1994 - 13 - These routing related objects will be described in detail in the sections below. ripe-1nn.txt August, 1994 - 14 - 5. The Route Object As stated in the previous chapter routing and address space alloca- tion information are now clearly separated. This is performed with the introduction of the route object. The route object will contain all the information regarding a routing announcement. All routing related attributes are removed from the inetnum object. Some old attributes are obsoleted: connect, routpr-l, bdryg-l, nsf- in, nsf-out, gateway). The currently useful routing attributes are moved to the route object: aut-sys becomes origin, ias-int will be encoded as part of the inet-rtr [15] object and comm-list simply moves. See [6] for detail of the "inetnum" object definition. The information in the old inetnum object inetnum: 192.87.45.0 netname: RIPE-NCC descr: RIPE Network Coordination Centre descr: Amsterdam, Netherlands country: NL admin-c: Daniel Karrenberg tech-c: Marten Terpstra connect: RIPE NSF WCW aut-sys: AS3333 comm-list: SURFNET ias-int: 192.87.45.80 AS1104 ias-int: 192.87.45.6 AS2122 ias-int: 192.87.45.254 AS2600 rev-srv: ns.ripe.net rev-srv: ns.eu.net notify: ops(a)ripe.net changed: tony(a)ripe.net 940110 source: RIPE will be distributed over two objects: ripe-1nn.txt August, 1994 - 15 - inetnum: 192.87.45.0 netname: RIPE-NCC descr: RIPE Network Coordination Centre descr: Amsterdam, Netherlands country: NL admin-c: Daniel Karrenberg tech-c: Marten Terpstra rev-srv: ns.ripe.net rev-srv: ns.eu.net notify: ops(a)ripe.net changed: tony(a)ripe.net 940110 source: RIPE route: 192.87.45.0/24 descr: RIPE Network Coordination Centre origin: AS3333 comm-list: SURFNET changed: dfk(a)ripe.net 940427 source: RIPE The route object is used to represent a single route originated into the Internet routing mesh. The actual syntax is given in Appendix D. However, there are several important aspects of the attributes worthy of note. The value of the route attribute will be a classless address. It represents the exact route being injected into the routing mesh. The representation of classless addresses is described in [10]. The value of the origin attribute will be an AS reference of the form AS1234 referring to an aut-num object. It represents the AS injecting this route into the routing mesh. The "aut-num" object (see below) thus referenced provides all the contact information for this route. Special cases: There can only be a single originating AS in each route object. However in todays Internet sometimes a route is injected by more than one AS. This situation is potentially dangerous as it can create conflicting routing policies for that route and requires coordination between the originating ASes. In the routing registry this is represented by multiple route objects. This is a departure from the one route (net), one AS principle of the ripe-81 routing registry. The consequences for the different tools based in the routing registry will need to be evaluated and possibly additional consistency checking of the database is needed. ripe-1nn.txt August, 1994 - 16 - The examples below will illustrate the usage of the route object further. Suppose three chunks of address space of 2 different enterprises represented by the following inetnum objects: Examples inetnum: 193.0.1.0 netname: ENT-1 descr: Enterprise 1 ... inetnum: 193.0.8.0 netname: ENT-2 descr: Enterprise 2 ... inetnum: 193.0.9.0 netname: ENT-2-SPEC descr: Enterprise 2 ... Supposing that the Enterprises have their own AS numbers straight application of routing without aggregation would yield: route: 193.0.1.0/24 descr: Enterprise 1 origin: AS1 ... route: 193.0.8.0/24 descr: Enterprise 2 origin: AS2 ... route: 193.0.9.0/24 descr: Enterprise 2 origin: AS2 ... NB: This representation can be achieved by straight translation from the ripe-81 representation. See Appendix G for more details. Homogeneous Aggregation The two chunks of address space of Enterprise 2 can be represented by one aggregate route turning two route objects into one and poten- tially saving routing table space for one route. ripe-1nn.txt August, 1994 - 17 - route: 193.0.8.0/23 descr: Enterprise 2 origin: AS2 ... Note that AS2 can also decide to originate all routes mentioned so far, two 24-bit prefixes and one 23-bit prefix. This case would be represented by storing all three route objects in the database. In this particular example the additional routes will not add any func- tionality however and only increase the amount of routes announced unnecessarily. Heterogeneous Aggregation Consider the following case however: route: 193.0.8.0/24 descr: Enterprise 2 origin: AS2 ... route: 193.0.9.0/24 descr: Enterprise 2 / Special origin: AS2 comm-list: SPECIAL ... Now the prefix 193.0.9.0/24 belongs to community SPECIAL (this com- munity may well not be relevant to routing) and the other prefix originated by AS2 does not. If AS2 aggregates these prefixes into the 193.0.8.0/23 prefix, routing policies based on the community value SPECIAL cannot be implemented in general, because there is no way to distinguish between the special and the not-so-special parts of AS2. If another AS has the policy to accept only routes to members of community SPECIAL it cannot implement it, because accept- ing the route to 193.0.8.0/23 would also route to 193.0.8.0/24 and not accepting this route would lose connectivity to the special part 193.0.9.0/24. We call aggregate routes consisting of components belonging to different communities or even different ASes "hetero- geneous aggregates". The problems introduced with heterogeneous aggregates are that once the homogeneous routes are withdrawn one cannot tell if a more specific part of the heterogeneous has a different policy. However, if can be counter argued that knowing this policy is of little use if you cannot implement a routing policy based on the less specific (and only route present) heterogeneous aggregate. In fact, this displays a facet of CIDR itself in that one may actually compromise slight variations on policy over announcing a larger (albeit ripe-1nn.txt August, 1994 - 18 - heterogeneous in terms of policy) aggregate to save address space. However, it is still useful to be able to document these variations in policy especially when this homogeneous more specific route is just being withdrawn. For this one can use the "withdrawn" attri- bute. The withdrawn attribute can serve to both indicate that a less specific aggregate is in fact heterogeneous and also allow the gen- eral documenting of route withdrawal. So there has to be a way for AS2 to document this even if it does not originate the route to 193.0.9.0/24 any more. This can be done with the "withdrawn" attribute of the route object. The aggregate route to 193.0.8.0/23 is now be registered as: route: 193.0.8.0/23 descr: Enterprise 2 origin: AS2 ... With the two homogeneous routes marked as withdrawn from the Inter- net routing mesh but still preserving their original routing infor- mation. route: 193.0.8.0/24 descr: Enterprise 2 origin: AS2 withdrawn: 940701 ... route: 193.0.9.0/24 descr: Enterprise 2 / Special origin: AS2 comm-list: SPECIAL withdrawn: 940701 ... It should be noted that the date value used in the withdrawn attri- bute can only be in the past. Proxy Aggregation The next step of aggregation are aggregates consisting of more than one AS. This generally means one AS is aggregating on behalf of another. It is called proxy aggregation. Proxy aggregation should be done with great care and always be coordinated with other providers announcing the same route. Consider the following: ripe-1nn.txt August, 1994 - 19 - route: 193.0.0.0/20 descr: All routes known by AS1 in a single package origin: AS1 ... route: 193.0.1.0/24 descr: Foo origin: AS1 withdrawn: 940310 ... route: 193.0.8.0/24 descr: Bar origin: AS2 withdrawn: 940310 ... route: 193.0.9.0/24 descr: Bar-2 origin: AS2 withdrawn: 940310 comm-list: SPECIAL ... If AS1 announced no other routes to a single homed neighbouring AS, that neighbour can in general either take that route or leave it but not differentiate between AS1 and AS2. Note: If the neighbor was previously configured to accept routes originating in AS2 but not in AS1 they lose connectivity to AS2 as well. This means that proxy aggregation has to be done carefully and in a well coordinated fashion. The information in the withdrawn route object can help to achieve that. Aggregates with Holes If we assume that the world of our example still consists of only three chunks of address space the aggregate above contains what are called holes, parts of an aggregate that are not reachable via the originator of the route. From the routing information itself one cannot tell whether these are holes and what part of the route falls inside one. The only way to tell is to send a packet there and see ripe-1nn.txt August, 1994 - 20 - whether it gets to the destination, or an ICMP message is received back, or there is silence. On the other hand announcing aggregates with holes is quite legitimate. Consider a 16-bit aggregate with only one 24-bit prefix unreachable. The savings in routing table size by far outweigh the hole problem. For operational reasons however it is very useful to register these holes in the routing registry. Consider the case where a remote net- work operator experiences connectivity problems to addresses inside an aggregate route. If the packets are getting to the AS announcing the aggregate and there are no more specific routes, the normal cause of action is to get in touch with the originating AS of the aggregate route and ask them to fix the problem. If the address falls into a hole this is futile. Therefore problem diagnosis can be sped up and unnecessary calls prevented by registering the holes in the routing registry. We do this by using the "hole" attribute. In our example the representation would be: route: 193.0.0.0/20 descr: All routes known by AS1 origin: AS1 hole: 193.0.0.0/24 hole: 193.0.2.0/23 hole: 193.0.4.0/22 hole: 193.0.10.0/23 hole: 193.0.12.0/22 ... Note: there would also be two routes with the withdrawn attribute as displayed above (i.e. 193.0.8.0/24 and 193.0.9.0/24) Multiple Proxy Aggregation Finally suppose that AS2 decides to announce the same aggregate, they would add the following route object to the registry: route: 193.0.0.0/20 descr: All routes known by AS2 origin: AS2 hole: 193.0.0.0/24 hole: 193.0.2.0/23 hole: 193.0.4.0/22 hole: 193.0.10.0/23 hole: 193.0.12.0/22 ... As per the update procedures below both AS1 and AS2 will be notified that there already is a route to the same prefix in the registry. This multiple proxy aggregation is very dangerous to do if the sub- ripe-1nn.txt August, 1994 - 21 - aggregates of the route are not the same. It is still dangerous when the sub-aggregates are consistent but connectivity to the sub- aggregates varies widely between the originators. Route object update procedures Adding a route object will be have to be authorised by the guardian of the originating AS. The actual implementation of this is outside the scope of this document. This guarantees that an AS guardian has full control over the registration of the routes it announces. What is an Inter-AS network ? An inter-AS network(3) exists for the purpose of passing traffic and routing information between different autonomous systems. The most simple example of an inter-AS network is a point-to-point link, con- necting exactly two ASes. Each end of such a link is connected to an interface of router belonging to each of the autonomous systems. More complex examples are broadcast type networks with multiple interfaces connecting multiple ASes with the possibility of more than one connection per AS. Consider the following example of three routers 1, 2 and 3 with interfaces a through f connected by two inter-AS networks X and Y: X Y a1b --- c2d --- e3f Suppose that network X is registered in the routing registry as part of AS1 and net Y as part of AS3. If traffic passes from left to right prtraceroute will report the following sequence of interfaces and ASes: a in AS1 c in AS1 e in AS3 The traceroute algorithm enumerates only the receiving interfaces on the way to the destination. In the example this leads to the pas- sage of AS2 going unnoticed. This is confusing to the user and will also generate exceptions when the path found is checked against the routing registry. _________________________ (3) Inter-AS IP networks are those networks are currently called FIXes, IXFs, DMZs, NAPs, GIX and many other acronyms. ripe-1nn.txt August, 1994 - 22 - For operational monitoring tools such as prtraceroute it is neces- sary to know which interface on an inter-AS network belongs to which AS. If AS information is not known about interfaces on an inter-AS network, tools like prtraceroute cannot determine correctly which ASes are being traversed. All interfaces on inter-AS networks will are described in a separate object know as the `inet-rtr' object [15]. ripe-1nn.txt August, 1994 - 23 - 6. The Autonomous System Object Autonomous Systems An Autonomous System (AS) is a group of IP networks run by one or more network operators which has a single and clearly defined rout- ing policy. An AS has a unique number associated with it which is used both in exchange of exterior routing information and as an identifier of the AS itself. Exterior routing protocols such as BGP and EGP are used to exchange routing information between ASes. In routing terms an AS will normally use one or more interior gate- way protocols (IGPs) in conjunction with some sort of common agreed metrics when exchanging network information within its own AS. The term AS is often confused or even misused as a convenient way of grouping together a set of networks which belong under the same administrative umbrella even if within that group of networks there are various different routing policies. We provide the "community" concept for such use. ASes can strictly have only one single rout- ing policy. The creation of an AS should be done in a conscious and well coordi- nated manner to avoid creating ASes for the sake of it, perhaps resulting in the worst case scenario of one AS per routing announce- ment. It should be noted that there is a limited number of AS numbers available. Also creating an AS may well increase the number of AS paths modern EGPs will have to keep track of. This aggravates what is known as "the routing table growth problem". This may mean that by applying the general rules for the creation and allocation of an AS below, some re-engineering may well be needed. However, this may be the only way to actually implement the desired routing policy anyway. The creation and allocation of an AS should be done with the following recommendations in mind: o Creation of an AS is only required when exchanging routing information with other ASes. Some router implementations make use of an AS number as a form of tagging to identify the rout- ing process. However, it should be noted that this tag does not need to be unique unless routing information is indeed exchanged with other ASes. o For a simple case of customer networks connected to a single service provider, the IP network should normally be a member of the service providers AS. In terms of routing policy the IP network has exactly the same policy as the service provider and there is no need to make any distinction in routing informa- tion. This idea may at first seem slightly alien to some, but it highlights the clear distinction in the use of the AS number ripe-1nn.txt August, 1994 - 24 - as a representation of routing policy as opposed to some form of administrative use. o If a network operator connects to more than one AS with dif- ferent routing policies then they need to create their own AS. In the case of multi-homed customer networks connected to two service providers there are at least two different routing pol- icies to a given customer network. At this point the customer networks will be part of a single AS and this AS would be dis- tinct from either of the service providers ASes. This allows the customer the ability of having a different representation of policy and preference to the different service providers. This is the ONLY case where a network operator should create its own AS number. o As a general rule one should always try to populate the AS with as many routes as possible, providing all routes conform to the same routing policy. Each AS is represented in the RIPE database by both an AS object and the route objects representing the routes originated by the AS. The AS object stores descriptive, administrative and contact information about the AS as well as the routing policies of the AS in relation to all neighbouring ASes. The origin attributes of the route objects define the set of routes originated by the AS. Each route object can have exactly one origin attribute. Route objects can only be created and updated by the "guardian" of the AS and not by those immediately responsible for the particular routes referenced therein. This ensures that opera- tors, especially service providers, remain in control of AS routing announcements. The AS object itself is used to represent a description of adminis- trative details and the routing policies of the AS itself. The AS object definition is depicted as follows. ripe-1nn.txt August, 1994 - 25 - Example: aut-num: AS1104 descr: NIKHEF-H Autonomous system as-in: from AS1213 100 accept AS1213 as-in: from AS1913 100 accept AS1913 as-in: from AS1755 150 accept ANY as-out: to AS1213 announce ANY as-out: to AS1913 announce ANY as-out: to AS1755 announce AS1104 AS1913 AS1213 tech-c: Rob Blokzijl admin-c: Eric Wassenaar guardian: as-guardian(a)nikhef.nl changed: ripe-dbm(a)ripe.net 920910 source: RIPE See Appendix A for a complete syntax definition of the "aut-num" object. It should be noted that this representation provides two things: o a set of routes. o a description of administrative details and routing policies. The set of routes can be used to generate network list based confi- guration information as well as configuration information for exte- rior routing protocols knowing about ASes. This means an AS can be defined and is useful even if it does not use routing protocols which know about the AS concept. ripe-1nn.txt August, 1994 - 26 - Description of routing policies between ASs with multiple connec- tions - "interas-in/interas-out" Description of multiple connections between ASs defines how two ASs have chosen to set different policies for the use of each or some of the connections between the ASs. This description is necessary only if the ASs are connected in more than one way and the routing policy and differs at these two connections. Example: LINK1 193.0.1.1 +----------+ 193.0.1.2 | | AS1------AS2== ==AS3-----AS4 | | 193.0.1.5 +----------+ 193.0.1.6 LINK2 Note: LINK here denotes to connection points between ASs. It is not necessary just a serial link as it may be inter- preted. It could be ethernet or other type of connection as well. It may be that AS2 wants to use LINK2 only for traffic towards AS4. LINK1 is used for traffic to AS3 and as backup to AS4, should LINK2 fail. To implement this policy, one would use the attribute "interas-in" and "interas-out." This attribute permits ASs to describe their local decisions based on its preference such as multi-exit-discriminators (MEDs) as used in some inter-domain rout- ing protocols (BGP4, IDRP) and to communicate those routing deci- sions. This information would be useful in resolving problems when some traffic paths changed from traversing AS3's gateway in Timbuktu rather than the gateway in Mogadishu. The exact syntax is given in Appendix A. However, if we follow this example through in terms of AS2 we would represent this policy as follows: Example: aut-num: AS2 as-in: from AS3 10 accept AS3 AS4 as-out: to AS3 announce AS1 AS2 interas-in: from AS3 193.0.1.1/32 193.0.1.2/32 (pref=5) accept AS3 interas-in: from AS3 193.0.1.1/32 193.0.1.2/32 (pref=15) accept AS4 interas-in: from AS3 193.0.1.5/32 193.0.1.6/32 (pref=10) accept AS4 ... ripe-1nn.txt August, 1994 - 27 - Here we see additional policy information between two ASs in terms of the IP addresses of the connection. The parentheses and keyword are syntactic placeholders to add the readability of the attributes. If pref=MED is specified the preference indicated by the remote AS via the multi-exit- discriminator metric such as BGP is used. Of course this type on inter-AS policy should always be bilaterally agreed upon to avoid asymmetry and in practice there may need to be corresponding interas-in attributes in the policy representation of AS3. The interas-out attribute is similar in the same way to interas-in as as-out to as-in. The one major difference being that interas-out allows to associate an outgoing metric with each route. It is impor- tant to note that this metric is just passed to the peer AS and it is at the peer AS's discretion to use or ignore it. A special value of IGP specifies that the metric passed to the receiving AS will be derived from the IGP of the sending AS. In this way the peer AS can choose the optimal link for its traffic as determined by the sending AS. Descriptions of interas policies do not replace the global pol- icy described in as-in, as-out and other policy attributes which should be specified too. If the global policy mentions more routes than the local policy then local preferences for these routes are assumed to be equal for all links. Any route specified in interas-in/out but not specified in as-in/out is assumed not accepted/announced between the ASes concerned. Diag- nostic tools should flag this inconsistency as an error. ripe-1nn.txt August, 1994 - 28 - How to describe the exclusion policy of a certain AS - "as-exclude" Some ASes have a routing policy based on the exclusion of certain routes if for whatever reason a certain AS is used as transit. Whilst, this is in general not good practice as it makes implicit assumptions on topology with asymmetry a possible outcome if not coordinated, this case needs to be accommodated within the routing policy representation. The way this is achieved is by making use of the "as-exclude" attri- bute. The precise syntax of this attribute can be found in Appendix A along with the rest of the defined syntax for the "aut-num" object. However, some explanation of the use of this attribute is useful. If we have the following example topology. Example: AS4--------AS3 | | | | | | AS1--------AS2--------AS5 With a simple corresponding policy like so: Example: aut-num: AS1 as-in: from AS2 100 accept ANY as-out: to AS2 announce AS1 as-exclude: exclude AS4 to ANY .... We see an interesting policy. What this says in simple terms is AS1 doesn't want to reach anything if it transits AS4. This can be a perfectly valid policy. However, it should be realised that if for whatever reason AS2 decides to route to AS3 via AS4 then immediately AS1 has no connectivity to AS3 or if AS1 is running default to AS2 packets from AS1 will still flow via AS4. The important point about this is that whilst AS1 can advise its neighbours of its policy it has no direct control on how it can enforce this policy to neigh- bours upstream. Another interesting scenario to highlight the unexpected result of using such an "as-exclude" policy. If we assume in the above example AS2 preferred AS4 to reach AS3 and AS1 did not use default routing then as stated AS1 would have no connectivity to AS3. Now lets sup- pose that for example the link between AS2 and AS4 went down for some reason. Like so: ripe-1nn.txt August, 1994 - 29 - Example: AS4--------AS3 | | AS1--------AS2--------AS5 Suddenly AS1 now has connectivity to AS3. This unexpected behavior should be considered when created policies based on the "as-exclude" attribute. The second problem with this type of policy is the potential of asymmetry. In the original example we saw the correct policy from AS1's point of view but if ASes with connectivity through AS4 do not use a similar policy you have asymmetric traffic and policy. If an AS uses such a policy they must be aware of the consequences of its use. Namely that the specified routes which transit the AS (i.e. routing announcements with this AS in the AS path information) in question will be excluded. If not coordinated this can easily cause asymmetry or even worse loss of connectivity to unknown ASes behind (or in front for that matter) the transit AS in question. With this in mind this attribute can only be viewed as a form of advisory to other service providers. However, this does not preclude its use with policy based tools if the attribute exists. By having the ability to specify a route keyword based on any of the four notations given in the syntax it allows the receiving AS to specify what routes it wishes to exclude through a given transit AS to a network granularity. ripe-1nn.txt August, 1994 - 30 - 7. AS Macros It may be difficult to keep track of each and every new AS that is represented in the routing registry. A convenient way around this is to define an `AS Macro' which essentially is a convenient way to group ASes. This is done so that each and every AS guardian does not have to add a new AS to it's routing policy as described by the as- in and as-out attributes of it's AS object. However, it should be noted that this creates an implicit trust on the guardian of the AS-Macro. An AS-Macro can be used in <routing policy expressions> for the "as-in" and "as-out" attributes in the aut-num object. The AS-Macro object is then used to derive the list or group of ASes. A simple example would be something like: Example: aut-num: AS786 as-in: from AS1755 100 accept AS-EBONE AND NOT AS1104 as-in: from AS1755 100 accept AS-EBONE AND NOT AS1104 as-out to AS1755 announce AS786 ..... Where the as-macro object for AS-EBONE is as follows: as-macro: AS-EBONE descr: ASes routed by EBONE as-list: AS2121 AS1104 AS2600 AS2122 as-list: AS1103 AS1755 AS2043 guardian: guardian(a)ebone.net ...... So the policy would be evaluated to: aut-num: AS786 as-in: from AS1755 100 accept (AS2121 OR AS1104 OR AS2600 OR AS2122 as-in: from AS1755 100 accept AS1103 OR AS1755 OR AS2043) AND NOT AS1104 ...... It should be noted that the above examples incorporates the rule for line wrapping as defined in Appendix A for policy lines. See Appen- dix C for a definition on the AS-Macro syntax. ripe-1nn.txt August, 1994 - 31 - 8. The Community Object A community is a group of routes that cannot be represented by an AS or a group of ASes. It is in some circumstances useful to define a group of routes that have something in common. This could be a spe- cial access policy to a supercomputer centre, a group of routes used for a specific mission, or a disciplinary group that is scattered among several autonomous systems. Also these communities could be useful to group routes for the purpose of network statistics. Communities do not exchange routing information, since they do not represent an autonomous system. More specifically, communities do not define routing policies, but access or usage policies. However, they can de used as in conjunction with an ASes routing policy to define a set of routes the AS sets routing policy for. Communities should be defined in a strict manner, to avoid creating as many communities as there are routes, or even worse. Communities should be defined following the two rules below; o Communities must have a global meaning. Communities that have no global meaning, are used only in a local environment and should be avoided. o Communities must not be defined to express non-local policies. It should be avoided that a community is created because some other organisation forces a policy upon your organisation. Communities must only be defined to express a policy defined by your organisation. Community examples There are some clear examples of communities: BACKBONE - all customers of a given backbone service provider even though they can have various different routing policies and hence belong to different ASes. This would be extremely useful for statistics collection. HEPNET - the High Energy Physics community partly shares infrastructure with other organisations, and the institutes it consists of are scattered all over Europe, often being part of a non HEPNET autonomous system. To allow statistics, access or part of a routing policy , a community HEPNET, consisting of all routes that are part of HEPNET, conveniently groups all these routes. ripe-1nn.txt August, 1994 - 32 - NSFNET - the National Science Foundation Network imposes an acceptable use policy on routes that wish to make use of it. A community NSFNET could imply the set of routes that comply with this pol- icy. MULTI - a large multinational corporation that does not have its own internal infrastructure, but connects to the various parts of its organisations by using local service providers that connect them all together, may decide to define a community to restrict access to their networks, only by networks that are part of this community. This way a corporate network could be defined on shared infrastructure. Also, this community could be used by any of the service providers to do statistics for the whole of the corporation, for instance to do topology or bandwidth plan- ning. Similar to Autonomous systems, each community is represented in the RIPE database by both a community object and community tags on the route objects representing the routes belonging to the community. The community object stores descriptive, administrative and contact information about the community. The community tags on the route objects define the set of routes belonging to a community. A route can have multiple community tags. The community tags can only be created and updated by the "guardian" of the community and not by those directly responsible for the par- ticular network. This ensures that community guardians remain in control of community membership. Here's an example of how this might be represented in terms of the community tags within the network object. We have an example where the route 192.16.199.0/24 has a single routing policy (i.e. that of AS 1104), but is part of several different communities of interest. We use the tag "comm-list" to represent the list of communities associated with this route. NIKHEF-H uses the service provider SURFNET (a service provider with customers with more than one rout- ing policy), is also part of the High Energy Physics community as well as having the ability to access the Supercomputer at CERN(4). _________________________ (4) The community `CERN-SUPER', is somewhat national, but is intended as an example of a possible use of an access policy constraint. ripe-1nn.txt August, 1994 - 33 - Example: route: 192.16.199.0/24 descr: Local Ethernet descr: NIKHEF section H origin: AS1104 comm-list: HEPNET CERN-SUPER SURFNET changed: ripe-dbm(a)ripe.net 920604 source: RIPE In the above examples some communities have been defined. The com- munity object itself will take the following format: Example: community: SURFNET descr: Dutch academic research network authority: SURFnet B.V. guardian: comm-guardian(a)surfnet.nl admin-c: Erik-Jan Bos tech-c: Erik-Jan Bos changed: ripe-dbm(a)ripe.net 920604 source: RIPE For a complete explanation of the syntax please refer to Appendix B. ripe-1nn.txt August, 1994 - 34 - 9. Representation of Routing Policies Routing policies of an AS are represented in the autonomous system object. Initially we show some examples, so the reader is familiar with the concept of how routing information is represented, used and derived. Refer to Appendix A, for the full syntax of the "aut-num" object. The topology of routing exchanges is represented by listing how routing information is exchanged with each neighbouring AS. This is done separately for both incoming and outgoing routing information. In order to provide backup and back door paths a relative cost is associated with incoming routing information. Example 1: AS1------AS2 This specifies a simple routing exchange of two presumably isolated ASes. Even if either of them has routing information about routes in ASes other than AS1 and AS2, none of that will be announced to the other. aut-num: AS1 as-out: to AS2 announce AS1 as-in: from AS2 100 accept AS2 aut-num: AS2 as-out: to AS1 announce AS2 as-in: from AS1 100 accept AS1 The number 100 in the in-bound specifications is a relative cost, which is used for backup and back door routes. The absolute value is of no significance. The relation between different values within the same AS object is. A lower value means a lower cost. This is cons- ciously similar to the cost based preference scheme used with DNS MX RRs. Example 2: Now suppose that AS2 is connected to one more AS, besides AS1, and let's call that AS3: AS1------AS2------AS3 ripe-1nn.txt August, 1994 - 35 - In this case there are two reasonable routing policies: a) AS2 just wants to exchange traffic with both AS1 and AS3 itself without passing traffic between AS1 and AS3. b) AS2 is willing to pass traffic between AS3 and AS1, thus acting as a transit AS Example 2a: In the first case AS1's representation in the routing registry will remain unchanged as will be the part of AS2's representation describing the routing exchange with AS1. A description of the addi- tional routing exchange with AS3 will be added to AS2's representa- tion: aut-num: AS1 as-out: to AS2 announce AS1 as-in: from AS2 100 accept AS2 aut-num: AS2 as-out: to AS1 announce AS2 as-in: from AS1 100 accept AS1 as-out: to AS3 announce AS2 as-in: from AS3 100 accept AS3 aut-num: AS3 as-out: to AS2 announce AS3 as-in: from AS2 100 accept AS2 Note that in this example, AS2 keeps full control over its resources. Even if AS3 and AS1 were to allow each others routes in from AS2, the routing information would not flow because AS2 is not announcing it(5). Example 2b: If contrary to the previous case, AS1 and AS3 are supposed to have connectivity to each other via AS2, all AS objects have to change: _________________________ (5) Of course AS1 and AS3 could just send traffic to each other to AS2 even without AS2 announcing the routes, hoping that AS2 will forward it correctly. Such questionable practices however are beyond the scope of this document. ripe-1nn.txt August, 1994 - 36 - aut-num: AS1 as-out: to AS2 announce AS1 as-in: from AS2 100 accept AS2 AS3 aut-num: AS2 as-out: to AS1 announce AS2 AS3 as-in: from AS1 100 accept AS1 as-out: to AS3 announce AS2 AS1 as-in: from AS3 100 accept AS3 aut-num: AS3 as-out: to AS2 announce AS3 as-in: from AS2 100 accept AS1 AS2 Note that the amount of routing information exchanged with a neigh- bour AS is defined in terms of routes belonging to ASes. In BGP terms this is the AS where the routing information originates and the originating AS information carried in BGP could be used to implement the desired policy. However, using BGP or the BGP AS-path information is not required to implement the policies thus speci- fied. Configurations based on route lists can easily be generated from the database. The AS path information, provided by BGP can then be used as an additional checking tool as desired. The specification understands one special expression and this can be expressed as a boolean expressions: ANY - means any routing information known. For output this means that all routes an AS knows about are announced. For input it means that anything is accepted from the neighbour AS. ripe-1nn.txt August, 1994 - 37 - Example 3: AS4 is a stub customer AS, which only talks to service provider AS123. | | -----AS123------AS4 | | aut-num: AS4 as-out: to AS123 announce AS4 as-in: from AS123 100 accept ANY aut-num: AS123 as-in: from AS4 100 accept AS4 as-out: to AS4 announce ANY <further neighbours> Since AS4 has no other way to reach the outside world than AS123 it is not strictly necessary for AS123 to send routing information to AS4. AS4 can simply send all traffic for which it has no explicit routing information to AS123 by default. This strategy is called default routing. It is expressed in the routing registry by adding one or more default tags to the autonomous system which uses this strategy. In the example above this would look like: aut-num: AS4 as-out: to AS123 announce AS4 default: AS123 100 aut-num: AS123 as-in: from AS4 100 accept AS4 <further neighbours> ripe-1nn.txt August, 1994 - 38 - Example 4: AS4 now connects to a different operator, AS5. AS5 uses AS123 for outside connectivity but has itself no direct connection to AS123. AS5 traffic to and from AS123 thus has to pass AS4. AS4 agrees to act as a transit AS for this traffic. | | -----AS123------AS4-------AS5 | | aut-num: AS4 as-out: to AS123 announce AS4 AS5 as-in: from AS123 100 accept ANY as-out: to AS5 announce ANY as-in: from AS5 50 accept AS5 aut-num: AS5 as-in: from AS4 100 accept ANY as-out: to AS4 announce AS5 aut-num: AS123 as-in: from AS4 100 accept AS4 AS5 as-out: to AS4 announce ANY <further neighbours> Now AS4 has two sources of external routing information. AS5 which provides only information about its own routes and AS123 which pro- vides information about the external world. Note that AS4 accepts information about AS5 from both AS123 and AS5 although AS5 informa- tion cannot come from AS123 since AS5 is connected only via AS4 itself. The lower cost of 50 for the announcement from AS5 itself compared to 100 from AS123 ensures that AS5 is still believed even in case AS123 will unexpectedly announce AS5. In this example too, default routing can be used by AS5 much like in the previous example. AS4 can also use default routing towards AS123: ripe-1nn.txt August, 1994 - 39 - aut-num: AS4 as-out: to AS123 announce AS4 AS5 default: AS123 11 as-in: from AS5 50 accept AS5 Note no announcements to AS5, they default to us. aut-num: AS5 as-out: to AS4 announce AS5 default: AS4 100 aut-num: AS123 as-in: from AS4 100 announce AS4 AS5 <further neighbours> Note that the relative cost associated with default routing is totally separate from the relative cost associated with in-bound announcements. The default route will never be taken if an explicit route is known to the destination. Thus an explicit route can never have a higher cost than the default route. The relative cost asso- ciated with the default route is only useful in those cases where one wants to configure multiple default routes for redundancy. Note also that in this example the configuration using default routes has a subtly different behavior than the one with explicit routes: In case the AS4-AS5 link fails AS4 will send traffic to AS5 to AS123 when using the default configuration. Normally this makes not much difference as there will be no answer and thus little traffic. With certain datagram applications which do not require acknowledgments however, significant amounts of traffic may be use- lessly directed at AS123. Similarly default routing should not be used if there are stringent security policies which proscribe any traffic intended for AS5 to ever touch AS123. Generally it can be said that default routing should only be used in very simple topologies. Once the situation gets more complex using default routes can lead to unexpected results or even defeat the routing policies established when links fail. As an example consider how Example 5a) below could be implemented using default routing. ripe-1nn.txt August, 1994 - 40 - Example 5: In a different example AS4 has a private connection to AS6 which in turn is connected to the service provider AS123: | | -----AS123------AS4 | | | | | | AS6 ---------+ There are a number of policies worth examining in this case: a) AS4 and AS6 wish to exchange traffic between themselves exclusively via the private link between themselves; such traffic should never pass through the backbone (AS123). The link should never be used for transit traffic, i.e. traffic not both originating in and destined for AS4 and AS6. b) AS4 and AS6 wish to exchange traffic between themselves via the private link between themselves. Should the link fail, traffic between AS4 and AS6 should be routed via AS123. The link should never be used for transit traffic. c) AS4 and AS6 wish to exchange traffic between themselves via the private link between themselves. Should the link fail, traffic between AS4 and AS6 should be routed via AS123. Should the connection between AS4 and AS123 fail, traffic from AS4 to des- tinations behind AS123 can pass through the private link and AS6's connection to AS123. d) AS4 and AS6 wish to exchange traffic between themselves via the private link between themselves. Should the link fail, traffic between AS4 and AS6 should be routed via AS123. Should the backbone connection of either AS4 or AS6 fail, the traffic of the disconnected AS should flow via the other AS's backbone connection. ripe-1nn.txt August, 1994 - 41 - Example 5a: aut-num: AS4 as-in: from AS123 100 accept NOT AS6 as-out: to AS123 announce AS4 as-in: from AS6 50 accept AS6 as-out: to AS6 announce AS4 aut-num: AS123 as-in: from AS4 100 accept AS4 as-out: to AS4 announce ANY as-in: from AS6 100 accept AS6 as-out: to AS6 announce ANY <further neighbours> aut-num: AS6 as-in: from AS123 100 accept NOT AS4 as-out: to AS123 announce AS6 as-in: from AS4 50 accept AS4 as-out: to AS4 announce AS6 Note that here the configuration is slightly inconsistent. AS123 will announce AS6 to AS4 and AS4 to AS6. These announcements will be filtered out on the receiving end. This will implement the desired policy. Consistency checking tools might flag these cases however. ripe-1nn.txt August, 1994 - 42 - Example 5b: aut-num: AS4 as-in: from AS123 100 accept ANY as-out: to AS123 announce AS4 as-in: from AS6 50 accept AS6 as-out: AS6 AS4 aut-num: AS123 as-in: AS4 100 AS4 as-out: AS4 ANY as-in: AS6 100 AS6 as-out: AS6 ANY <further neighbours> aut-num: AS6 as-in: from AS123 100 accept ANY as-out: to AS123 announce AS6 as-in: from AS4 50 accept AS4 as-out: to AS4 announce AS6 The thing to note here is that in the ideal operational case, `all links working' AS4 will receive announcements for AS6 from both AS123 and AS6 itself. In this case the announcement from AS6 will be preferred because of its lower cost and thus the private link will be used as desired. AS6 is configured as a mirror image. ripe-1nn.txt August, 1994 - 43 - Example 5c: The new feature here is that should the connection between AS4 and AS123 fail, traffic from AS4 to destinations behind AS123 can pass through the private link and AS6's connection to AS123. aut-num: AS4 as-in: from AS123 100 accept ANY as-out: to AS123 announce AS4 as-in: from AS6 50 accept AS6 as-in: from AS6 110 accept ANY as-out: to AS6 AS4 aut-num: AS123 as-in: from AS4 1 accept AS4 as-out: to AS4 announce ANY as-in: from AS6 1 accept AS6 as-in: from AS6 2 accept AS4 as-out: to AS6 announce ANY <further neighbours> aut-num: AS6 as-in: from AS123 100 accept ANY as-out: to AS123 AS6 announce AS4 as-in: from AS4 50 accept AS4 as-out: to AS4 announce ANY Note that it is important to make sure to propagate routing informa- tion for both directions in backup situations like this. Connec- tivity in just one direction is not useful at all for almost all applications. Note also that in case the AS6-AS123 connection breaks, AS6 will only be able to talk to AS4. The symmetrical case (5d) is left as an exercise to the reader. 10. Future Extensions We envision that over time the requirements for describing routing policy will evolve. The routing protocols will evolve to support the requirements and the routing policy description syntax will need to evolve as well. For that purpose, a separate document will describe experimental syntax definitions for policy description. This docu- ment will be updated when new objects or attributes are proposed or modified. Two new attributes of the AS object which are proposed and supported by the Merit Routing Registry are as-transit and db-selector. as-transit describes the transit preferences of an AS. It allows an AS to describe its path preference in order to reach certain ripe-1nn.txt August, 1994 - 44 - destinations. The AS(s) specified in the path preference may or may not be an immediate neighbor of the AS defined in the AS object. as-transit accommodates policy decisions involving AS path whereas as-in and as-out do not. It is not unusual for ASs to have routing policies which involve path selection based on AS. Emerging proto- cols like SDRP [13] will allow an AS to choose a path independent of a neighboring ASs path choice. as-transit permits descriptions based on AS path selection. The DataBase Selector (db-selector) function allows one to take advantage of information registered in other Registries. It permits the selection of networks in a database based on their attributes. It is proposed to be used within the as-in/as-out attribute family to make the description of policy concise. For example, if an AS has the policy of not accepting any routes from country XYZ, the AS can use the db-selector to check a database which has a network and country attribute and relate that information to the information in the routing registry. The advantage of referencing another database is that the routing registry will avoid duplicating the information maintained in other information registries. Detailed examples and syntax are described in document ???? [14]. ripe-1nn.txt August, 1994 - 45 - 11. References [1] Bates, T., Jouanigot, J-M., Karrenberg, D., Lothberg, P., Terpstra, M., "Representation of IP Routing Policies in the RIPE Database", RIPE-81, February 1993. [2] Merit Network Inc.,"Representation of Complex Routing Policies of an Autonomous System", DRAFT, March, 1994. [3] PRIDE Tools Release 1. See ftp.ripe.net:pride/tools/pride-tools-1.tar.Z. [4] Merit Inc. RRDB Tools. See rrdb.merit.edu:pub/meritrr/* [5] The Network List Compiler. See dxcoms.cern.ch:pub/ripe-routing-wg/nlc-2.2d.tar [6] Lord, A., Terpstra, M., "RIPE Database Template for Networks and Persons", DRAFT, May 1994. [7] Karrenberg, D., "RIPE Database Template for Domains", RIPE-49, April 1992. [8] Lougheed, K., Rekhter, Y., "A Border Gateway Protocol 3 (BGP- 3)", RFC1267, October 1991. [9] Rekhter, Y., Li, T., "A Border Gateway Protocol 4 (BGP-4)", RFC-1654, May 1994. [10] Bates, T., Karrenberg, D., Terpstra, M., "Support for Classless Internet Addresses in the RIPE Database", DRAFT, May 1994. [11] Karrenberg, D., "Authorisation and Notification of Changes in the RIPE Database", RIPE-96, October 1993. [12] Bates, T., "Support of Guarded fields within the RIPE Data- base", ripe-108, February 1994. [13] Estrin, D., Li, T., Rekhter, Y., Varadhan, K., Zappala, D., "Source Demand Routing: Packet Format and Forwarding Specifica- tion (Version 1)", INTERNET-DRAFT, draft-ietf-sdr-sdrp-04.txt, March 1994. [14] ?????, "Experimental Objects and attributes for the Routing Registry, ???, ????. [15] Bates, T., "Specifying an `Internet Router' in the Routing Registry", DRAFT, July 1994. ripe-1nn.txt August, 1994 - 46 - 12. Author's Addresses Tony Bates RARE/PRIDE Project c/o RIPE Network Coordination Centre Kruislaan 409 NL-1098 SJ Amsterdam The Netherlands +31 20 592 5064 T.Bates(a)ripe.net Elise Gerich The University of Michigan Merit Computer Network 1075 Beal Avenue Ann Arbor, MI 48109 USA +1 313 936 2120 epg(a)merit.edu Laurent Joncheray The University of Michigan Merit Computer Network 1075 Beal Avenue Ann Arbor, MI 48109 USA +1 313 936 2065 lpj(a)merit.edu Jean-Michel Jouanigot CERN, European Laboratory for Particle Physics CH-1211 Geneva 23 Switzerland +41 22 767 4417 Jean-Michel.Jouanigot(a)cern.ch Daniel Karrenberg RIPE Network Coordination Centre Kruislaan 409 NL-1098 SJ Amsterdam The Netherlands +31 20 592 5065 D.Karrenberg(a)ripe.net ripe-1nn.txt August, 1994 - 47 - Marten Terpstra PRIDE Project c/o RIPE Network Coordination Centre Kruislaan 409 NL-1098 SJ Amsterdam The Netherlands +31 20 592 5064 M.Terpstra(a)ripe.net Jessica Yu The University of Michigan Merit Computer Network 1075 Beal Avenue Ann Arbor, MI 48109 USA +1 313 936 2655 jyy(a)merit.edu ripe-1nn.txt August, 1994 - 48 - Appendix A - Syntax for the aut-num object. Here is a summary of the tags associated with aut-num object itself and their status. The first column specifies the attribute, the second column whether this attribute is mandatory in the aut-num object, and the third column whether this specific attribute can occur only once per object [single], or more than once [multiple]. When specifying multiple lines per attribute, the attribute name must be repeated. See [6] the example for the descr: attribute. aut-num: [mandatory] [single] descr: [mandatory] [multiple] as-in: [optional] [multiple] as-out: [optional] [multiple] interas-in: [optional] [multiple] interas-out: [optional] [multiple] as-exclude: [optional] [multiple] default: [optional] [multiple] tech-c: [mandatory] [multiple] admin-c: [mandatory] [multiple] guardian: [mandatory] [single] remarks: [optional] [multiple] notify: [optional] [multiple] maintainer: [optional] [single] changed: [mandatory] [multiple] source: [mandatory] [single] Each attribute has the following syntax: aut-num: The autonomous system number. This must be a uniquely allo- cated autonomous system number from an AS registry (i.e. the RIPE NCC, the Inter-NIC, etc). Format: AS<positive integer between 1 and 65535> Example: aut-num: AS1104 Status: mandatory, only one line allowed descr: A short description of the Autonomous System. Format: free text Status: mandatory, multiple lines allowed as-in: ripe-1nn.txt August, 1994 - 49 - Example: descr: NIKHEF section H descr: Science Park Watergraafsmeer descr: Amsterdam A description of accepted routing information between AS peers. Format: from <aut-num> <cost> accept <routing policy expression> The keywords from and accept are optional and can be omit- ted. <aut-num> refers to your AS neighbour. <cost> is a positive integer used to express a relative cost of routes learned. The lower the cost the more pre- ferred the route. <routing policy expression> can take the following for- mats. 1. A list of one or more ASes, AS Macros, Communities or Network Lists. A Network List is a list of network numbers in prefix length format, separated by commas, and surrounded by curly brackets. Examples: as-in: from AS1103 100 accept AS1103 as-in: from AS786 105 accept AS1103 as-in: from AS786 10 accept AS786 HEPNET as-in: from AS1755 110 accept AS1103 AS786 as-in: from AS3333 100 accept {192.87.45.0/16, 128.141.0.0/16} 2. A set of KEYWORDS. The following KEYWORD is currently defined: ANY this means anything the neighbour AS knows. 3. A logical expression of either 1 or 2 above The current logical operators are defined as: AND OR NOT ripe-1nn.txt August, 1994 - 50 - NOTE: if no logical operator is given between ASes, AS-macros, Communities, Network Lists and KEYWORDS it is implicitly evaluated as an `OR' operation. The OR can be left out for conciseness. Rules are grouped together using parenthesis i.e "(" and ")". Example: as-in: from AS1755 100 accept ANY AND NOT (AS1234 OR AS513) as-in: from AS1755 150 accept AS1234 OR {35.0.0.0/8} A rule can be wrapped over lines providing the associated <aut-num>, <cost> values and from and accept keywords are repeated and occur on con- secutive lines. Example: as-in: from AS1755 100 accept ANY AND NOT (AS1234 AS513) and as-in: from AS1755 100 accept ANY AND NOT ( as-in: from AS1755 100 accept AS1234 AS513) are evaluated to the same result. Please note that the ordering of these continuing lines matters. Status: optional, multiple lines allowed as-out: A description of generated routing information sent to other AS peers. Format: to <aut-num> announce <routing policy expression The to and announce keywords are optional and can be omit- ted. <aut-num> refers to your AS neighbour. <routing policy expression> is explained in the as-in attribute definition above. Example: as-out: to AS1104 announce AS978 as-out: to AS1755 announce ANY as-out: to AS786 announce ANY AND NOT (AS978) Status: optional, multiple lines allowed ripe-1nn.txt August, 1994 - 51 - interas-in: Describes incoming local preferences on an inter AS connection. Format: from <aut-num> [<local-rid>] [<neighbor-rid>] <preference> accept <routing policy expression> The keywords from and accept are optional and can be omit- ted. <aut-num> is an autonomous system as defined in as-in. <local-rid> contains the IP address of the border router in the AS describing the policy. IP address must be in prefix length format. This field is optional. <neighbor-rid> contains the IP address of neighbor AS's border router from which this AS accept routes defined in the <routing policy expression>. IP addresses must be in prefix length format. This field is optional. <local-info> contains the IP address of the local border router, followed by a space, followed by the IP address of the remote border router. IP addresses must be in prefix length format. <preference> is defined as follows: (<pref-type>=<value>) It should be noted the parenthesis ``('' and ``)'' and the ``<pref-type>'' keyword must be present for this prefer- ence to be valid. <pref-type> currently only supports "pref". It could be expanded to other type of preference such as TOS/QOS as routing technology matures. <value> can take one of the following values: <cost> <cost> is a positive integer used to express a rela- tive cost of routes learned. The lower the cost the more preferred the route. This <cost> value is only relevant to other interas-in attributes, not to as-in attributes. MED This indicates the AS will use the MUTLI_EXIT_DISCRIMINATOR (MED) metric, as implemented in BGP4 and IDRP, sent from its neighbor AS. NOTE: Combinations of MED and <cost> should be avoided for the same destinations. ripe-1nn.txt August, 1994 - 52 - CAVEAT: The pref-type values may well be enhanced in the future as more inter-ASs routing protocols intro- duce other metrics. <routing policy expression> is an expression as defined in as-in above. Examples: interas-in: from AS1104 192.87.45.254/32 192.87.45.80/32 (pref=10) accept AS786 AS987 interas-in: from AS1104 192.87.45.254/32 192.87.45.79/32 (pref=20) accept AS987 interas-in: from AS1103 192.87.45.254/32 192.87.45.32/32 (pref=MED) accept ANY Status: optional, multiple lines allowed interas-out: Format: to <aut-num> [<local-rid>] [<neighbor-rid>] announce [<metric>] <routing policy expression> The keywords to and announce are optional and can be omit- ted. The definitions of <aut-num>, <local-rid> <neighbor-rid>, and <routing policy expression> are identical to those defined in interas-in. <metric> is defined as follows: (<metric-type>=<value>) It should be noted the parenthesis ``('' and ``)'' and the keywords of ``<metric-type>'' must be present for this metric to be valid. <metric-type> currently only supports "metric-out". It could be expanded to other type of preference such as TOS/QOS as routing technology matures. <value> can take one of the following values: <num-metric> <num-metric> is a pre-configured metric for outbound routes. The lower the cost the more preferred the route. This <num-metric> value is only relevant to other interas-out attributes, not to as-out attri- butes. IGP This indicates that this means that the metric reflects the ASs internal topology cost. The topology is reflected here by using MED which is derived from the AS's IGP metric. ripe-1nn.txt August, 1994 - 53 - NOTE: Combinations of IGP and <num-metric> should be avoided for the same destinations. CAVEAT: The metric-out values may well be enhanced in the future as more interas protocols make use of metrics. Examples: interas-out: to AS1104 192.87.45.254/32 192.87.45.80/32 (metric-out=10) announce AS23 AS10 interas-out: to AS1104 192.87.45.80/32 (metric-out=15) announce AS10 interas-out: to AS1103 192.87.45.254/32 (metric-out=IGP) announce ANY Status: optional, multiple lines allowed as-exclude: A list of transit ASes to ignore all routes from. Format: exclude <aut-num> to <exclude-route-keyword> Keywords exclude and to are optional and can again be omitted. <aut-num> refers to the transit AS in question. an <exclude-route-keyword> can be ONE of the following. 1. <aut-num> 2. AS macro 3. Community 4. ANY Examples: as-exclude: exclude AS690 to HEPNET This means exclude any HEPNET routes which have a route via AS690. as-exclude: exclude AS1800 to AS-EUNET This means exclude any AS-EUNET routes which have a route via AS1800. as-exclude: exclude AS1755 to AS1104 This means exclude any AS1104 route which have a route via AS1755. ripe-1nn.txt August, 1994 - 54 - as-exclude: exclude AS1104 to ANY This means exclude all routes which have a route via AS1104. Status: optional, multiple lines allowed default: An indication of how default routing is done. Format: <aut-num> <relative cost> <default-expression> where <aut-num> is the AS peer you will default route to, and <relative cost> is the relative cost is a positive integer used to express a preference for default. There is no relationship to the cost used in the as-in tag. The AS peer with the lowest cost is used for default over ones with higher costs. <default-expression> is optional and provides information on how a default route is selected. It can take the fol- lowing formats: 1. static. This indicates that a default is statically configured to this AS peer. 2. A network list with the syntax as described in the as-in attribute. This indicates that this list of routes is used to generate a default route. A special but valid value in this is the special route used by some routing protocols to indicate default: 0.0.0.0/0 3. default. This is the same as {0.0.0.0/0}. This means that the routing protocol between these two peers generates a true default. Examples: default: AS1755 10 default: AS786 5 {140.222.0.0/16, 192.87.45.0/24} default: AS2043 15 default Status: optional, multiple lines allowed tech-c: Full name or uniquely assigned NIC-handle of a technical con- tact person. This is someone to be contacted for technical problems such as misconfiguration. Format: <firstname> <initials> <lastname> or <nic-handle> ripe-1nn.txt August, 1994 - 55 - Example: tech-c: John E Doe tech-c: JED31 Status: mandatory, multiple lines allowed admin-c: Full name or uniquely assigned NIC-handle of an administrative contact person. In many cases this would be the name of the guardian. Format: <firstname> <initials> <lastname> or <nic-handle> Example: admin-c: Joe T Bloggs admin-c: JTB1 Status: mandatory, multiple lines allowed guardian: Mailbox of the guardian of the Autonomous system. Format: <email-address> The <email-address> should be in RFC822 domain format wherever possible. Example: guardian: as1104-guardian(a)nikhef.nl Status: mandatory, only one line and e-mail address allowed remarks: Remarks/comments, to be used only for clarification. Format: free text Example: remarks: Multihomed AS talking to AS1755 and AS786 remarks: Will soon connect to AS1104 also. Status: optional, multiple lines allowed notify: The notify attribute contains an email address to which notifi- cations of changes to this object should be sent. See also [11]. ripe-1nn.txt August, 1994 - 56 - Format: <email-address> The <email-address> should be in RFC822 domain syntax wherever possible. Example: notify: Marten.Terpstra(a)ripe.net Status: optional, multiple lines allowed maintainer: The maintainer attribute contains a registered maintainer name. See also [11]. Format: <registered maintainer name> Example: maintainer: RIPE-DBM Status: optional, multiple lines allowed changed: Who changed this object last, and when was this change made. Format: <email-address> YYMMDD <email-address> should be the address of the person who made the last change. YYMMDD denotes the date this change was made. Example: changed: johndoe(a)terabit-labs.nn 900401 Status: mandatory, multiple lines allowed source: Source of the information. This is used to separate information from different sources kept by the same database software. For RIPE database entries the value is fixed to RIPE. Format: RIPE Status: mandatory, only one line allowed ripe-1nn.txt August, 1994 - 57 - Appendix B - Syntax details for the community object. Here is a summary of the tags associated with community object itself and their status. The first column specifies the attribute, the second column whether this attribute is mandatory in the commun- ity object, and the third column whether this specific attribute can occur only once per object [single], or more than once [multiple]. When specifying multiple lines per attribute, the attribute name must be repeated. See [6] the example for the descr: attribute. community: [mandatory] [single] descr: [mandatory] [multiple] authority: [mandatory] [single] guardian: [mandatory] [single] tech-c: [mandatory] [multiple] admin-c: [mandatory] [multiple] remarks: [optional] [multiple] notify: [optional] [multiple] maintainer: [optional] [single] changed: [mandatory] [multiple] source: [mandatory] [single] Each attribute has the following syntax: community: Name of the community. The name of the community should be descriptive of the community it describes. Format: Upper case text string which cannot start with "AS" or any of the <routing policy expression> KEYWORDS. See Appendix A. Example: community: WCW Status: mandatory, only one line allowed descr: A short description of the community represented. Format: free text Example: descr: Science Park Watergraafsmeer descr: Amsterdam Status: mandatory, multiple lines allowed ripe-1nn.txt August, 1994 - 58 - authority: The formal authority for this community. This could be an organisation, institute, committee, etc. Format: free text Example: authority: WCW LAN Committee Status: mandatory, only one line allowed guardian: Mailbox of the guardian of the community. Format: <email-address> The <email-address> should be in RFC822 domain format wherever possible. Example: guardian: wcw-guardian(a)nikhef.nl Status: mandatory, only one line and email address allowed tech-c: Full name or uniquely assigned NIC-handle of an technical con- tact person for this community. Format: <firstname> <initials> <lastname> or <nic-handle> Example: tech-c: John E Doe tech-c: JED31 Status: mandatory, multiple lines allowed admin-c: Full name or uniquely assigned NIC-handle of an administrative contact person. In many cases this would be the name of the guardian. Format: <firstname> <initials> <lastname> or <nic-handle> Example: admin-c: Joe T Bloggs admin-c: JTB1 ripe-1nn.txt August, 1994 - 59 - Status: mandatory, multiple lines allowed remarks: Remarks/comments, to be used only for clarification. Format: free text Example: remarks: Temporary community remarks: Will be removed after split into ASes Status: optional, multiple lines allowed notify: The notify attribute contains an email address to which notifi- cations of changes to this object should be send. See also [11]. Format: <email-address> The <email-address> should be in RFC822 domain syntax wherever possible. Example: notify: Marten.Terpstra(a)ripe.net Status: optional, multiple lines allowed maintainer: The maintainer attribute contains a registered maintainer name. See also [11]. Format: <registered maintainer name> Example: maintainer: RIPE-DBM Status: optional, multiple lines allowed changed: Who changed this object last, and when was this change made. Format: <email-address> YYMMDD <email-address> should be the address of the person who made the last change. YYMMDD denotes the date this change was made. ripe-1nn.txt August, 1994 - 60 - Example: changed: johndoe(a)terabit-labs.nn 900401 Status: mandatory, multiple lines allowed source: Source of the information. This is used to separate information from different sources kept by the same database software. For RIPE database entries the value is fixed to RIPE. Format: RIPE Status: mandatory, only one line allowed ripe-1nn.txt August, 1994 - 61 - Appendix C - AS Macros syntax definition. Here is a summary of the tags associated with as-macro object itself and their status. The first column specifies the attribute, the second column whether this attribute is mandatory in the as-macro object, and the third column whether this specific attribute can occur only once per object [single], or more than once [multiple]. When specifying multiple lines per attribute, the attribute name must be repeated. See [6] the example for the descr: attribute. as-macro: [mandatory] [single] descr: [mandatory] [multiple] as-list: [mandatory] [multiple] guardian: [mandatory] [single] tech-c: [mandatory] [multiple] admin-c: [mandatory] [multiple] remarks: [optional] [multiple] notify: [optional] [multiple] maintainer: [optional] [single] changed: [mandatory] [multiple] source: [mandatory] [single] Each attribute has the following syntax: as-macro: The name of a macro containing at least two Autonomous Systems grouped together for ease of administration. Format: AS-<string> The <string> should be in upper case and not contain any special characters. Example: as-macro: AS-EBONE Status: mandatory, only one line allowed descr: A short description of the Autonomous System Macro. Format: free text Example: descr: Macro for EBONE connected ASes Status: mandatory, multiple lines allowed ripe-1nn.txt August, 1994 - 62 - as-list: The list of ASes that make up this macro. Format: <aut-num> <aut-num> ... See Appendix A for <aut-num> definition. Example: as-list: AS786 AS513 AS1104 Status: mandatory, multiple lines allowed guardian: Mailbox of the guardian of this AS macro. Format: <email-address> The <email-address> should be in RFC822 domain format wherever possible. Example: guardian: as-ebone-guardian(a)ebone.net Status: mandatory, only one line and e-mail address allowed tech-c: Full name or uniquely assigned NIC-handle of a technical con- tact person for this macro. This is someone to be contacted for technical problems such as misconfiguration. Format: <firstname> <initials> <lastname> or <nic-handle> Examples: tech-c: John E Doe tech-c: JED31 Status: mandatory, multiple lines allowed admin-c: Full name or uniquely assigned NIC-handle of an administrative contact person. In many cases this would be the name of the guardian. Format: <firstname> <initials> <lastname> or <nic-handle> Examples: ripe-1nn.txt August, 1994 - 63 - admin-c: Joe T Bloggs admin-c: JTB1 Status: mandatory, multiple lines allowed remarks: Remarks/comments, to be used only for clarification. Format: free text Example: remarks: AS321 will be removed from this Macro shortly Status: optional, multiple lines allowed notify: The notify attribute contains an email address to which notifi- cations of changes to this object should be send. See also [11]. Format: <email-address> The <email-address> should be in RFC822 domain syntax wherever possible. Example: notify: Marten.Terpstra(a)ripe.net Status: optional, multiple lines allowed maintainer: The maintainer attribute contains a registered maintainer name. See also [11]. Format: <registered maintainer name> Example: maintainer: RIPE-DBM Status: optional, multiple lines allowed changed: Who changed this object last, and when was this change made. Format: <email-address> YYMMDD ripe-1nn.txt August, 1994 - 64 - <email-address> should be the address of the person who made the last change. YYMMDD denotes the date this change was made. Example: changed: johndoe(a)terabit-labs.nn 900401 Status: mandatory, multiple lines allowed source: Source of the information. This is used to separate information from different sources kept by the same database software. For RIPE database entries the value is fixed to RIPE. Format: RIPE Status: mandatory, only one line allowed ripe-1nn.txt August, 1994 - 65 - Appendix D - Syntax for the "route" object. There is a summary of the tags associated with community object itself and their status. The first column specifies the attribute, the second column whether this attribute is mandatory in the commun- ity object, and the third column whether this specific attribute can occur only once per object [single], or more than once [multiple]. When specifying multiple lines per attribute, the attribute name must be repeated. See [6] the example for the descr: attribute. route: [mandatory] [single] descr: [mandatory] [multiple] origin: [mandatory] [single] hole: [optional] [multiple] withdrawn: [optional] [multiple] comm-list: [optional] [multiple] remarks: [optional] [multiple] notify: [optional] [multiple] maintainer: [optional] [single] changed: [mandatory] [multiple] source: [mandatory] [single] Each attribute has the following syntax: route: Route being announced. Format: Classless representation of a route with the RIPE database known as the "prefix length" representation. See [10] for more details on classless representations. Examples: route: 192.87.45.0/24 This represents addressable bits 192.87.45.0 to 192.87.45.255. route: 192.1.128.0/17 This represents addressable bits 192.1.128.0 to 192.1.255.255. Status: mandatory, only one line allowed origin: The autonomous system announcing this route. Format: <aut-num> ripe-1nn.txt August, 1994 - 66 - See appendix A for <aut-num> syntax. Example: origin: AS1104 Status: mandatory, only one line allowed hole: Denote the parts of the address space covered this route object to which the originator does not provide connectivity. Format: Classless representation of a route with the RIPE database known as the "prefix length" representation. See [10] for more details on classless representations. It should be noted that is sub-aggregate must be a component of that registered in the route object. Example: hole: 193.0.4.0/24 Status: optional, multiple lines allowed withdrawn: Used to denote the day this route has been withdrawn from the Internet routing mesh. This will be usually be used when a less specific aggregate route is now routed the more specific (i.e. this route) is not need anymore. It should be noted that this date cannot be in the future. Format: YYMMDD YYMMDD denotes the date this route was withdrawn. Example: withdrawn: 940711 Status: optional, multiple lines allowed comm-list: List of one or more communities this route is part of. Format: <community> <community> ... See Appendix B for <community> definition. Example: comm-list: HEP LEP ripe-1nn.txt August, 1994 - 67 - Status: optional, multiple lines allowed remarks: Remarks/comments, to be used only for clarification. Format: free text Example: remarks: Multihomed AS talking to AS1755 and AS786 remarks: Will soon connect to AS1104 also. Status: optional, multiple lines allowed notify: The notify attribute contains an email address to which notifi- cations of changes to this object should be send. See also [11]. Format: <email-address> The <email-address> should be in RFC822 domain syntax wherever possible. Example: notify: Marten.Terpstra(a)ripe.net Status: optional, multiple lines allowed maintainer: The maintainer attribute contains a registered maintainer name. See also [11]. Format: <registered maintainer name> Example: maintainer: RIPE-DBM Status: optional, multiple lines allowed changed: Who changed this object last, and when was this change made. Format: <email-address> YYMMDD <email-address> should be the address of the person who made the last change. YYMMDD denotes the date this change was made. ripe-1nn.txt August, 1994 - 68 - Example: changed: johndoe(a)terabit-labs.nn 900401 Status: mandatory, multiple lines allowed source: Source of the information. This is used to separate information from different sources kept by the same database software. For RIPE database entries the value is fixed to RIPE. Format: RIPE Status: mandatory, only one line allowed ripe-1nn.txt August, 1994 - 69 - Appendix E - List of reserved words The following list of words are reserved for use within the attri- butes of the AS object. The use of these words is solely for the purpose of clarity. All keywords must be lower case. accept announce exclude from to transit Examples of the usage of the reserved words are: as-in: from neighborAS accept route as-out: to neighborAS announce route as-exclude: exclude ASpath to destination as-transit: transit ASpath to destination default: from neighborAS accept route default: to neighborAS announce route Note: that as-transit is an experimental attribute. See section 10. ripe-1nn.txt August, 1994 - 70 - Appendix F - Motivations for RIPE-81++ This appendix gives motivations for the major changes in this propo- sal from ripe-81. (It is not complete yet). The main goals of the routing registry rework are: SPLIT Separate the allocation and routing registry functions into different database objects. This will facilitate data manage- ment if the Internet registry and routing registry functions are separated (like in other parts of the world). It will also make more clear what is part of the routing registry and who has authority to change allocation vs. routing data. CIDR Add the possibility to specify classless routes in the routing registry. Classless routes are being used in Internet produc- tion now. Aggregation information in the routing registry is necessary for network layer troubleshooting. It is also neces- sary because aggregation influences routing policies directly. CALLOC Add the possibility to allocate address space on classless boundaries in the allocation registry. This is a way to preserve address space. CLEAN To clean up some of the obsolete and unused parts of the rout- ing registry. The major changes are now discussed in turn: Introduce Classless Addresses CIDR, CALLOC Introduce route object. SPLIT, CIDR and CALLOC. Delete obsolete attributes from inetnum. CLEAN. ripe-1nn.txt August, 1994 - 71 - Delete RIPE-DB and LOCAL from routing policy expressions. CLEAN Allow multiple ASes to originate the same route Because it is being done. CIDR. Made possible by SPLIT. ripe-1nn.txt August, 1994 - 72 - Appendix G - Transition strategy from RIPE-81 to RIPE-81++ Transition from the routing registry described by ripe-81 to the routing registry described in this document is a straightforward process once the new registry functions have been implemented in the database software and are understood by the most commonly used registry tools. The routing related attributes in the classful inet- num objects of ripe-81 can be directly translated into new routing objects. Then these attributes can be deleted from the inetnum object making that object if conform to the new schema. Proposed transition steps: 1) Implement classless addresses and new object definition in the database software. 2) Make common tools understand the new schema and prefer it if both old and new are present. 3) Invite everyone to convert their data to the new format. This can be encouraged by doing conversions automatically and pro- posing them to maintainers. 4) At a flag day remove all remaining routing information from the inetnum objects. Before the flag day all usage of obsoleted inetnum attributes has to cease and all other routing registry functions have to be taken over by the new objects and attri- butes. The current estimate is that point three can be reached in the Sum- mer 1994 if the draft is accepted by mid-June. The flag day should be scheduled 3-4 months after this point. ripe-1nn.txt August, 1994

1 0

FINAL draft of RIPE-81++
by Tony Bates 03 Aug '94

03 Aug '94

Find below the last iteration of ripe-81++. This has changes to the text and syntax for interas-in / interas-out following some comments to me from Merit. The ordering issues still exists but as stated before this will be decided by the working group chair. Please also note my earlier plea that we must agreement on this at the RIPE meeting if this is to be implemented in a timely manner and preferably before. Working group chairs please take note and see if you can't get this agreed within your groups before hand. Please note that the TOC will not be completed until the issued docment. versions online as usual from: ftp://ftp.ripe.net/ripe/drafts/ripe-81++.ps ftp://ftp.ripe.net/ripe/drafts/ripe-81++.txt --Tony. Representation of IP Routing Policies in a Routing Registry (ripe-81++) DRAFT DRAFT DRAFT Tony Bates Elise Gerich Laurent Joncheray Jean-Michel Jouanigot Daniel Karrenberg Marten Terpstra Jessica Yu Document-ID: ripe-1nn Obsoletes: ripe-81 July, 1994 ABSTRACT This document is an update to the original `ripe- 81'[1] proposal for representing and storing routing polices within the RIPE database. It incorporates several extensions proposed by Merit Inc.[2] and gives details of a generalised IP routing policy representa- tion to be used by all Internet routing registries. It acts as both tutorial and provides details of database objects and attributes that use and make up a routing registry. ripe-1nn.txt July, 1994 - 2 - Table of Contents 1 Introduction ................................................ ? 2 Organisation of this Document ............................... ? 3 General Representation of Policy Information ................ ? 4 The Routing Registry and the RIPE Database .................. ? 5 The Route Object ............................................ ? 6 The Autonomous System Object ................................ ? 7 The AS Macro Object ......................................... ? 8 The Community Object ........................................ ? 9 Representation of Routing Policies .......................... ? 10 Future Extensions .......................................... ? 11 References ................................................. ? 12 Authors Addresses .......................................... ? Appendix A - Syntax for the "aut-num" object .................. ? Appendix B - Syntax for the "community" object ................ ? Appendix C - Syntax for the "as-macro" object ................. ? Appendix D - Syntax for the "route" object .................... ? Appendix E - List of reserved words ........................... ? Appendix F - Motivations for RIPE-81++ ........................ ? Appendix G - Transition strategy from RIPE-81 to RIPE-81++ .... ? ripe-1nn.txt July, 1994 - 3 - 1. Introduction This document is a much revised version of the RIPE routing registry document known as ripe-81[1]. Since its inception in February, 1993 and the establishment of the RIPE routing registry, several addi- tions and clarifications have come to light which can be better presented in a single updated document rather than separate addenda. Some of the text remains the same the as the original ripe-81 docu- ment keeping its tutorial style mixed with details of the RIPE data- base objects relating to routing policy representation. However this document does not repeat the background and historical remarks in ripe-81. For these please refer to the original document. It should be noted that whilst this document specifically references the RIPE database and the RIPE routing registry one can easily read "Regional routing registry" in place of RIPE as this representation is certainly general and flexible enough to be used outside of the RIPE community incorporating many ideas and features from other routing registries in this update. As you can see this document has a new RIPE document identification number but can also be referred to as ripe-81++. Appendix F summar- ises the changes from ripe-81 plus the motivation for these changes. We would like to acknowledge many people for help with this docu- ment. Specifically, Peter Lothberg who was a co-author of the ori- ginal ripe-81 document for his many ideas and Gilles Farrache. We would also like to thank the RIPE routing working group for their review and comment. Finally, we like to thank Merit Inc. for many constructive comments and ideas and making the routing registry a worldwide Internet service. We would also like to acknowledge the funding provided by the PRIDE project run in conjunction with the RARE Technical Program, RIPE and the RIPE NCC without which this paper would not have been possible. 2. Organisation of this Paper This paper acts as both a basic tutorial for understanding routing policy and provides details of objects and attributes used within an Internet routing registry to store routing policies. Section 3 describes general issues about IP routing policies and their representation in routing registries. Experienced readers may wish to skip this section. Section 4 provides an overview of the RIPE database, its basic concepts, schema and objects which make up the database itself. It highlights the way in which the RIPE database splits routing information from allocation information. Sections 5, 6, 7 and 8 detail all the objects associated with routing policy representation. Section 9 gives a fairly extensive "walk through" of how these objects are used for expressing routing policy and the general principles behind their use. Section 10 provides a list of references used throughout this document. Appendix A, B, C and D document the formal syntax for the database objects and attributes. Appendix F details the main changes from ripe-81 and motivations for these changes. Appendix G tackles the issues of transition from ripe-1nn.txt July, 1994 - 4 - ripe-81 to ripe-81++. ripe-1nn.txt July, 1994 - 5 - 3. General Representation of Policy Information Networks, Network Operators and Autonomous Systems Throughout this document an effort is made to be consistent with terms so as not to confuse the reader. When we talk about "networks" we mean physical networks which have a unique classless IP network number: Layer 3 entities. We do not mean organisations. We call the organisations operating networks "network operators". For the sake of the examples we divide network operators into two categories: "service providers" and "customers". A "service pro- vider" is a network operator who operates a network to provide Internet services to different organisations, its "customers". The distinction between service providers and customers is not clear cut. A national research networking organisation frequently acts as a service provider to Universities and other academic organisations, but in most cases it buys international connectivity from another service provider. A University networking department is a customer of the research networking organisation but in turn may regard University departments as its customers. An Autonomous System (AS) is a group of IP networks having a single clearly defined routing policy which is run by one or more network operators. Inside ASes IP packets are routed using one or more Inte- rior Routing Protocols (IGPs). In most cases interior routing deci- sions are based on metrics derived from technical parameters like topology, link speeds and load(1). ASes exchange routing information with other ASes using Exterior Routing Protocols (EGPs). Exterior routing decisions are frequently based on policy based rules rather than purely on technical parame- ters. Tools are needed to configure complex policies and to commun- icate those policies between ASes while still ensuring proper opera- tion of the Internet as a whole. Some EGPs like BGP-3 [8] and BGP-4 [9] provide tools to filter routing information according to policy rules and more. None of them provides a mechanism to publish or com- municate the policies themselves. Yet this is critical for opera- tional coordination and fault isolation among network operators and thus for the operation of the global Internet as a whole. This document describes a "Routing Registry" providing this functional- ity. _________________________ (1) The entity we refer to as an AS is frequently and more generally called a routing domain with the AS just being an implementation vehicle. We have decided to use the term AS exclusively because it relates more direct- ly with the database objects and routing tools. By us- ing only one term we hope to reduce the number of con- cepts and to avoid confusion. The academically inclined reader may forgive us. ripe-1nn.txt July, 1994 - 6 - Routing Policies The exchange of routing information between ASes is subject to rout- ing policies. Consider the case of two ASes, X and Y exchanging routing information: NET1 ...... ASX <---> ASY ....... NET2 ASX knows how to reach a network called NET1. It does not matter whether NET1 is belonging to ASX or some other AS which exchanges routing information with ASX either directly or indirectly; we just assume that ASX knows how to direct packets towards NET1. Likewise ASY knows how to reach NET2. In order for traffic from NET2 to NET1 to flow between ASX and ASY, ASX has to announce NET1 to ASY using an external routing protocol. This states that ASX is willing to accept traffic directed to NET1 from ASY. Policy thus comes into play first in the decision of ASX to announce NET1 to ASY. In addition ASY has to accept this routing information and use it. It is ASY's privilege to either use or disregard the information that ASX is willing to accept traffic for NET1. ASY might decide not to use this information if it does not want to send traffic to NET1 at all or if it considers another route more appropriate to reach NET1. So in order for traffic in the direction of NET1 to flow between ASX and ASY, ASX must announce it to ASY and ASY must accept it from ASX: resulting packet flow towards NET1 <<=================================== | | announce NET1 | accept NET1 --------------> + -------------> | AS X | AS Y | <------------- + <-------------- accept NET2 | announce NET2 | | resulting packet flow towards NET2 ===================================>> Ideally, and seldom practically, the announcement and acceptance policies of ASX and ASY are identical. ripe-1nn.txt July, 1994 - 7 - In order for traffic towards NET2 to flow, announcement and accep- tance of NET2 must be in place the other way round. For almost all applications connectivity in just one direction is not useful at all. It is important to realise that with current destination based for- warding technology routing policies must eventually be expressed in these terms. It is relatively easy to formulate reasonable policies in very general terms which CANNOT be expressed in terms of announc- ing and accepting networks. With current technology such policies are almost always impossible to implement. Usually policies are not configured for each network separately but for groups of networks. In practise these groups are almost always defined by the networks forming one or more ASes. Routing Policy limitations The generic example of a reasonable but un-implementable routing is a split of already joined packet streams based on something other than destination address. Once traffic for the same destination network passes the same router, or the same AS at our level of abstraction, it will take exactly the same route to the destina- tion(2). In a concrete example AS Z might be connected to the outside world by two links. AS Z wishes to reserve these links for different kinds of traffic, let's call them black and white traffic. For this purpose the management of AS Z keeps two lists of ASes, the black and the white list. Together these lists comprise all ASes in the world reachable from AS Z. "W" <---> ... AS Z .... NET 3 <---> "B" It is quite possible to implement the policy for traffic originating in AS Z: AS Z will only accept announcements for networks in white ASes on the white link and will only accept announcements for net- works in black ASes on the black link. This causes traffic from networks within AS Z towards white ASes to use the white link and likewise traffic for black ASes to use the black link. Note that this way of implementing things makes it necessary to decide on the colour of each new AS which appears before traffic can be sent to it from AS Z. A way around this would be to accept only _________________________ (2) Disregarding special cases like "type of service" routing, load sharing and routing instabilities. ripe-1nn.txt July, 1994 - 8 - white announcements via the white link and to accept all but white announcements on the black link. That way traffic from new ASes would automatically be sent down the black link and AS Z management would only need to keep the list of white ASes rather than two lists. Now for the unimplementable part of the policy. This concerns traffic towards AS Z. Consider the following topology: B AS ---) "W" W AS ---) ---> B AS ---)>> AS A ---> ... AS Z .... NET 3 B AS ---) ---> W AS ---) "B" As seen from AS Z there are both black and white ASes "behind" AS A. Since ASes can make routing decisions based on destination only, AS A and all ASes between AS A and the two links connecting AS Z can only make the same decision for traffic directed at a network in AS Z, say NET 3. This means that traffic from both black and white ASes towards NET 3 will follow the same route once it passes through AS A. This will either be the black or the white route depending on the routing policies of AS A and all ASes between it and AS Z. The important thing to note is that unless routing and forwarding decisions can be made based on both source and destination addresses, policies like the "black and white" example cannot be implemented in general because "once joined means joined forever". Access Policies Access policies contrary to routing policies are not necessarily defined in terms of ASes. The very simplest type of access policy is to block packets from a specific network S from being forwarded to another network D. A common example is when some inappropriate use of resources on network D has been made from network S and the prob- lem has not been resolved yet. Other examples of access policies might be resources only accessible to networks belonging to a par- ticular disciplinary group or community of interest. While most of these policies are better implemented at the host or application level, network level access policies do exist and are a source of connectivity problems which are sometimes hard to diagnose. There- fore they should also be documented in the routing registry accord- ing to similar requirements as outlined above. Routing v Allocation information The RIPE database contains both routing registry and address space allocation registry information. In the past the database schema combined this information. Because RIPE was tasked with running both an allocation and routing registry it seemed natural to initially ripe-1nn.txt July, 1994 - 9 - combine these functions. However, experience has shown that a clear separation of routing information from allocation is desirable. Often the maintainer of the routing information is not the same as the maintainer of the allocation information. Also, in other parts of the world there are different registries for each kind of infor- mation. Whilst the actual routing policy objects will be introduced in the next section it is worthy of note that a transition from the current objects will be required. This is described with in Appendix G. This split in information represents a significant change in the representational model of the RIPE database. Appendix F expands on the reasons for this a little more. Tools The network operators will need a series of tools for policy rout- ing. Some tools are already available to perform some of the tasks. Most notably, the PRIDE tools [3] from the PRIDE project started in September 1993 as well as others produced by Merit Inc [4] and CERN [5]. These tools will enable them to use the routing policy stored in the RIPE routing registry to perform such tasks as check actual routing against policies defined, ensure consistency of policies set by dif- ferent operators, and simulate the effects of policy changes. Work continues on producing more useful tools to service the Inter- net community. ripe-1nn.txt July, 1994 - 10 - 4. The Routing Registry and the RIPE Database One of the activities of RIPE is to maintain a database of Euro- pean IP networks, DNS domains and their contact persons along with various other kinds of network management information. The database content is public and can be queried using the whois protocol as well as retrieved as a whole. This supports NICs/NOCs all over Europe and beyond to perform their respective tasks. The RIPE database combines both allocation registry and routing registry functions. The RIPE allocation registry contains data about address space allocated to specific enterprises and/or delegated to local registries as well as data about the domain name space. The allocation registry is described in separate documents [6,7] and outside the scope of this document. Database Objects Each object in the database describes a single entity in the real world. This basic principle means that information about that entity should only be represented in the corresponding data- base object and not be repeated in other objects. The whois ser- vice can automatically display referenced objects where appropriate. The types of objects stored in the RIPE database are summarised in the table below: R Object Describes References ____________________________________________________________________ B person contact persons A inetnum IP address space person A domain DNS domain person R aut-num autonomous system person (aut-num,community) R as-macro a group of autonomous systems person, aut-num R community community person R route a route being announced aut-num, community R clns CLNS address space and routing person The first column indicates whether the object is part of the alloca- tion registry (A), the routing registry (R) or both (B). The last column indicates the types of objects referenced by the particular type of object. It can be seen that almost all objects reference contact persons. Objects are described by attributes value pairs, one per line. Objects are separated by empty lines. An attribute that consists ripe-1nn.txt July, 1994 - 11 - of multiple lines should have the attribute name repeated on consecutive lines. The information stored about network 192.87.45.0 consists of three objects, one network object and two person objects and looks like this: inetnum: 192.87.45.0 netname: RIPE-NCC descr: RIPE Network Coordination Centre descr: Amsterdam, Netherlands country: NL admin-c: Daniel Karrenberg tech-c: Marten Terpstra rev-srv: ns.ripe.net rev-srv: ns.eu.net notify: ops(a)ripe.net changed: tony(a)ripe.net 940110 source: RIPE person: Daniel Karrenberg address: RIPE Network Coordination Centre (NCC) address: Kruislaan 409 address: NL-1098 SJ Amsterdam address: Netherlands phone: +31 20 592 5065 fax-no: +31 20 592 5090 e-mail: dfk(a)ripe.net nic-hdl: DK58 changed: ripe-dbm(a)ripe.net 920826 source: RIPE person: Marten Terpstra address: RIPE Network Coordination Centre (NCC) address: PRIDE Project address: Kruislaan 409 address: NL-1098 SJ Amsterdam address: Netherlands phone: +31 20 592 5064 fax-no: +31 20 592 5090 e-mail: Marten.Terpstra(a)ripe.net nic-hdl: MT2 notify: marten(a)ripe.net changed: marten(a)ripe.net 931230 source: RIPE Objects are stored and retrieved in this tag/value format. The RIPE NCC does not provide differently formatted reports because any desired format can easily be produced from this generic one. ripe-1nn.txt July, 1994 - 12 - Routing Registry Objects The main objects comprising the routing registry are "aut-num" and "route", describing an autonomous system and a route respectively. It should be noted that routes not described in the routing registry should never be routed in the Internet itself. The autonomous system (aut-num) object provides contact information for the AS and describes the routing policy of that AS. The routing policy is described by enumerating all neighbouring ASes with which routing information is exchanged. For each neighbour the routing policy is described in terms of exactly what is being sent (announced) and allowed in (accepted). It is important to note that this is exactly the part of the global policy over which an AS has direct control. Thus each aut-num object describes what can indeed be implemented and enforced locally by the AS concerned. Combined together all the aut-num objects provide the global routing graph and permit to deduce the exact routing policy between any two ASes. While the aut-num objects describe how routing information is pro- pagated, the route object describes a single route injected into the external routing mesh. The route object references the AS injecting (originating) the route and thereby indirectly provides contact information for the originating AS. This reference also provides the primary way of grouping routes into larger collections. This is necessary because describing routing policy on the level of single routes would be awkward to impractical given the number of routes in the Internet which is about 20,000 at the time of this writing. Thus routing policy is most often defined for groups of routes by originating AS. This method of grouping is well supported by current exterior routing protocols. The route object also refer- ences community objects described below to provide another method of grouping routes. Modification of aut-num object itself and the referencing by route objects is strictly protected to provide net- work operators control over the routing policy description and the routes originated by their ASes. Sometimes even keeping track of groups of routes at the AS level is cumbersome. Consider the case of policies described at the transit provider level which apply transitively to all customers of the transit provider. Therefore another level of grouping is provided by the as-macro object which provides groups of ASes which can be referenced in routing policies just like single ASes. Membership of as-macro groups is also strictly controlled. Sometimes there is a need to group routes on different criteria than ASes for purposes like statistics or local access policies. This is provided by the community object. A community object is much like an AS but without a routing policy. It just describes a group of routes. This is not supported at all by exterior routing protocols and depending on aggregation of routes may not be generally usable to define routing policies. It is suitable for local policies and non-routing related purposes. ripe-1nn.txt July, 1994 - 13 - These routing related objects will be described in detail in the sections below. ripe-1nn.txt July, 1994 - 14 - 5. The Route Object As stated in the previous chapter routing and address space alloca- tion information are now clearly separated. This is performed with the introduction of the route object. The route object will contain all the information regarding a routing announcement. All routing related attributes are removed from the inetnum object. Some old attributes are obsoleted: connect, routpr-l, bdryg-l, nsf- in, nsf-out, gateway). The currently useful routing attributes are moved to the route object: aut-sys becomes origin, ias-int will be encoded as part of the "to be proposed" `border-router' object and comm-list simply moves. See [6] for detail of the "inetnum" object definition. The information in the old inetnum object inetnum: 192.87.45.0 netname: RIPE-NCC descr: RIPE Network Coordination Centre descr: Amsterdam, Netherlands country: NL admin-c: Daniel Karrenberg tech-c: Marten Terpstra connect: RIPE NSF WCW aut-sys: AS3333 comm-list: SURFNET ias-int: 192.87.45.80 AS1104 ias-int: 192.87.45.6 AS2122 ias-int: 192.87.45.254 AS2600 rev-srv: ns.ripe.net rev-srv: ns.eu.net notify: ops(a)ripe.net changed: tony(a)ripe.net 940110 source: RIPE will be distributed over two objects: ripe-1nn.txt July, 1994 - 15 - inetnum: 192.87.45.0 netname: RIPE-NCC descr: RIPE Network Coordination Centre descr: Amsterdam, Netherlands country: NL admin-c: Daniel Karrenberg tech-c: Marten Terpstra rev-srv: ns.ripe.net rev-srv: ns.eu.net notify: ops(a)ripe.net changed: tony(a)ripe.net 940110 source: RIPE route: 192.87.45.0/24 descr: RIPE Network Coordination Centre origin: AS3333 comm-list: SURFNET changed: dfk(a)ripe.net 940427 source: RIPE The route object is used to represent a single route originated into the Internet routing mesh. The actual syntax is given in Appendix D. However, there are several important aspects of the attributes worthy of note. The value of the route attribute will be a classless address. It represents the exact route being injected into the routing mesh. The representation of classless addresses is described in [10]. The value of the origin attribute will be an AS reference of the form AS1234 referring to an aut-num object. It represents the AS injecting this route into the routing mesh. The "aut-num" object (see below) thus referenced provides all the contact information for this route. Special cases: There can only be a single originating AS in each route object. However in todays Internet sometimes a route is injected by more than one AS. This situation is potentially dangerous as it can create conflicting routing policies for that route and requires coordination between the originating ASes. In the routing registry this is represented by multiple route objects. This is a departure from the one route (net), one AS principle of the ripe-81 routing registry. The consequences for the different tools based in the routing registry will need to be evaluated and possibly additional consistency checking of the database is needed. ripe-1nn.txt July, 1994 - 16 - The examples below will illustrate the usage of the route object further. Suppose three chunks of address space of 2 different enterprises represented by the following inetnum objects: Examples inetnum: 193.0.1.0 netname: ENT-1 descr: Enterprise 1 ... inetnum: 193.0.8.0 netname: ENT-2 descr: Enterprise 2 ... inetnum: 193.0.9.0 netname: ENT-2-SPEC descr: Enterprise 2 ... Supposing that the Enterprises have their own AS numbers straight application of routing without aggregation would yield: route: 193.0.1.0/24 descr: Enterprise 1 origin: AS1 ... route: 193.0.8.0/24 descr: Enterprise 2 origin: AS2 ... route: 193.0.9.0/24 descr: Enterprise 2 origin: AS2 ... NB: This representation can be achieved by straight translation from the ripe-81 representation. See Appendix G for more details. Homogeneous Aggregation The two chunks of address space of Enterprise 2 can be represented by one aggregate route turning two route objects into one and poten- tially saving routing table space for one route. ripe-1nn.txt July, 1994 - 17 - route: 193.0.8.0/23 descr: Enterprise 2 origin: AS2 ... Note that AS2 can also decide to originate all routes mentioned so far, two 24-bit prefixes and one 23-bit prefix. This case would be represented by storing all three route objects in the database. In this particular example the additional routes will not add any func- tionality however and only increase the amount of routes announced unnecessarily. Heterogeneous Aggregation Consider the following case however: route: 193.0.8.0/24 descr: Enterprise 2 origin: AS2 ... route: 193.0.9.0/24 descr: Enterprise 2 / Special origin: AS2 comm-list: SPECIAL ... Now the prefix 193.0.9.0/24 belongs to community SPECIAL (this com- munity may well not be relevant to routing) and the other prefix originated by AS2 does not. If AS2 aggregates these prefixes into the 193.0.8.0/23 prefix, routing policies based on the community value SPECIAL cannot be implemented in general, because there is no way to distinguish between the special and the not-so-special parts of AS2. If another AS has the policy to accept only routes to members of community SPECIAL it cannot implement it, because accept- ing the route to 193.0.8.0/23 would also route to 193.0.8.0/24 and not accepting this route would lose connectivity to the special part 193.0.9.0/24. We call aggregate routes consisting of components belonging to different communities or even different ASes "hetero- geneous aggregates". The problems introduced with heterogeneous aggregates are that once the homogeneous routes are withdrawn one cannot tell if a more specific part of the heterogeneous has a different policy. However, if can be counter argued that knowing this policy is of little use if you cannot implement a routing policy based on the less specific (and only route present) heterogeneous aggregate. In fact, this displays a facet of CIDR itself in that one may actually compromise slight variations on policy over announcing a larger (albeit ripe-1nn.txt July, 1994 - 18 - heterogeneous in terms of policy) aggregate to save address space. However, it is still useful to be able to document these variations in policy especially when this homogeneous more specific route is just being withdrawn. For this one can use the "withdrawn" attri- bute. The withdrawn attribute can serve to both indicate that a less specific aggregate is in fact heterogeneous and also allow the gen- eral documenting of route withdrawal. So there has to be a way for AS2 to document this even if it does not originate the route to 193.0.9.0/24 any more. This can be done with the "withdrawn" attribute of the route object. The aggregate route to 193.0.8.0/23 is now be registered as: route: 193.0.8.0/23 descr: Enterprise 2 origin: AS2 ... With the two homogeneous routes marked as withdrawn from the Inter- net routing mesh but still preserving their original routing infor- mation. route: 193.0.8.0/24 descr: Enterprise 2 origin: AS2 withdrawn: 940701 ... route: 193.0.9.0/24 descr: Enterprise 2 / Special origin: AS2 comm-list: SPECIAL withdrawn: 940701 ... It should be noted that the date value used in the withdrawn attri- bute can only be in the past. Proxy Aggregation The next step of aggregation are aggregates consisting of more than one AS. This generally means one AS is aggregating on behalf of another. It is called proxy aggregation. Proxy aggregation should be done with great care and always coordinates with other providers announcing the same route. Consider the following: ripe-1nn.txt July, 1994 - 19 - route: 193.0.0.0/20 descr: All routes known by AS1 in a single package origin: AS1 ... route: 193.0.1.0/24 descr: Foo origin: AS1 withdrawn: 940310 ... route: 193.0.8.0/24 descr: Bar origin: AS2 withdrawn: 940310 ... route: 193.0.9.0/24 descr: Bar-2 origin: AS2 withdrawn: 940310 comm-list: SPECIAL ... If AS1 announced no other routes to a single homed neighbouring AS, that neighbour can in general either take that route or leave it but not differentiate between AS1 and AS2. Note: If the neighbor was previously configured to accept routes originating in AS2 but not in AS1 they lose connectivity to AS2 as well. This means that proxy aggregation has to be done carefully and in a well coordinated fashion. The information in the withdrawn route object can help to achieve that. Aggregates with Holes If we assume that the world of our example still consists of only three chunks of address space the aggregate above contains what are called holes, parts of an aggregate that are not reachable via the originator of the route. From the routing information itself one cannot tell whether these are holes and what part of the route falls inside one. The only way to tell is to send a packet there and see ripe-1nn.txt July, 1994 - 20 - whether it gets to the destination, or an ICMP message is received back, or there is silence. On the other hand announcing aggregates with holes is quite legitimate. Consider a 16-bit aggregate with only one 24-bit prefix unreachable. The savings in routing table size by far outweigh the hole problem. For operational reasons however it is very useful to register these holes in the routing registry. Consider the case where a remote net- work operator experiences connectivity problems to addresses inside an aggregate route. If the packets are getting to the AS announcing the aggregate and there are no more specific routes, the normal cause of action is to get in touch with the originating AS of the aggregate route and ask them to fix the problem. If the address falls into a hole this is futile. Therefore problem diagnosis can be sped up and unnecessary calls prevented by registering the holes in the routing registry. We do this by using the "hole" attribute. In our example the representation would be: route: 193.0.0.0/20 descr: All routes known by AS1 origin: AS1 hole: 193.0.0.0/24 hole: 193.0.2.0/23 hole: 193.0.4.0/22 hole: 193.0.10.0/23 hole: 193.0.12.0/22 ... Note: there would also be two routes with the withdrawn attribute as displayed above (i.e. 193.0.8.0/24 and 193.0.9.0/24) Multiple Proxy Aggregation Finally suppose that AS2 decides to announce the same aggregate, they would add the following route object to the registry: route: 193.0.0.0/20 descr: All routes known by AS2 origin: AS2 hole: 193.0.0.0/24 hole: 193.0.2.0/23 hole: 193.0.4.0/22 hole: 193.0.10.0/23 hole: 193.0.12.0/22 ... As per the update procedures below both AS1 and AS2 will be notified that there already is a route to the same prefix in the registry. This multiple proxy aggregation is very dangerous to do if the sub- ripe-1nn.txt July, 1994 - 21 - aggregates of the route are not the same. It is still dangerous when the sub-aggregates are consistent but connectivity to the sub- aggregates varies widely between the originators. Route object update procedures Adding a route object will be have to be authorised by the guardian of the originating AS. The actual implementation of this is outside the scope of this document. This guarantees that an AS guardian has full control over the registration of the routes it announces. What is an Inter-AS network ? An inter-AS network(3) exists for the purpose of passing traffic and routing information between different autonomous systems. The most simple example of an inter-AS network is a point-to-point link, con- necting exactly two ASes. Each end of such a link is connected to an interface of router belonging to each of the autonomous systems. More complex examples are broadcast type networks with multiple interfaces connecting multiple ASes with the possibility of more than one connection per AS. Consider the following example of three routers 1, 2 and 3 with interfaces a through f connected by two inter-AS networks X and Y: X Y a1b --- c2d --- e3f Suppose that network X is registered in the routing registry as part of AS1 and net Y as part of AS3. If traffic passes from left to right prtraceroute will report the following sequence of interfaces and ASes: a in AS1 c in AS1 e in AS3 The traceroute algorithm enumerates only the receiving interfaces on the way to the destination. In the example this leads to the pas- sage of AS2 going unnoticed. This is confusing to the user and will also generate exceptions when the path found is checked against the routing registry. _________________________ (3) Inter-AS IP networks are those networks are currently called FIXes, IXFs, DMZs, NAPs, GIX and many other acronyms. ripe-1nn.txt July, 1994 - 22 - For operational monitoring tools such as prtraceroute it is neces- sary to know which interface on an inter-AS network belongs to which AS. If AS information is not known about interfaces on an inter-AS network, tools like prtraceroute cannot determine correctly which ASes are being traversed. All interfaces on inter-AS networks will are described in a separate object know as the `inet-rtr' object [15]. ripe-1nn.txt July, 1994 - 23 - 6. The Autonomous System Object Autonomous Systems An Autonomous System (AS) is a group of IP networks run by one or more network operators which has a single and clearly defined rout- ing policy. An AS has a unique number associated with it which is used both in exchange of exterior routing information and as an identifier of the AS itself. Exterior routing protocols such as BGP and EGP are used to exchange routing information between ASes. In routing terms an AS will normally use one or more interior gate- way protocols (IGPs) in conjunction with some sort of common agreed metrics when exchanging network information within its own AS. The term AS is often confused or even misused as a convenient way of grouping together a set of networks which belong under the same administrative umbrella even if within that group of networks there are various different routing policies. We provide the "community" concept for such use. ASes can strictly have only one single rout- ing policy. The creation of an AS should be done in a conscious and well coordi- nated manner to avoid creating ASes for the sake of it, perhaps resulting in the worst case scenario of one AS per routing announce- ment. It should be noted that there is a limited number of AS numbers available. Also creating an AS may well increase the number of AS paths modern EGPs will have to keep track of. This aggravates what is known as "the routing table growth problem". This may mean that by applying the general rules for the creation and allocation of an AS below, some re-engineering may well be needed. However, this may be the only way to actually implement the desired routing policy anyway. The creation and allocation of an AS should be done with the following recommendations in mind: o Creation of an AS is only required when exchanging routing information with other ASes. Some router implementations make use of an AS number as a form of tagging to identify the rout- ing process. However, it should be noted that this tag does not need to be unique unless routing information is indeed exchanged with other ASes. o For a simple case of customer networks connected to a single service provider, the IP network should normally be a member of the service providers AS. In terms of routing policy the IP network has exactly the same policy as the service provider and there is no need to make any distinction in routing informa- tion. This idea may at first seem slightly alien to some, but it highlights the clear distinction in the use of the AS number ripe-1nn.txt July, 1994 - 24 - as a representation of routing policy as opposed to some form of administrative use. o If a network operator connects to more than one AS with dif- ferent routing policies then they need to create their own AS. In the case of multi-homed customer networks connected to two service providers there are at least two different routing pol- icies to a given customer network. At this point the customer networks will be part of a single AS and this AS would be dis- tinct from either of the service providers ASes. This allows the customer the ability of having a different representation of policy and preference to the different service providers. This is the ONLY case where a network operator should create its own AS number. o As a general rule one should always try to populate the AS with as many routes as possible, providing all routes conform to the same routing policy. Each AS is represented in the RIPE database by both an AS object and the route objects representing the routes originated by the AS. The AS object stores descriptive, administrative and contact information about the AS as well as the routing policies of the AS in relation to all neighbouring ASes. The origin attributes of the route objects define the set of routes originated by the AS. Each route object can have exactly one origin attribute. Route objects can only be created and updated by the "guardian" of the AS and not by those immediately responsible for the particular routes referenced therein. This ensures that opera- tors, especially service providers, remain in control of AS routing announcements. The AS object itself is used to represent a description of adminis- trative details and the routing policies of the AS itself. The AS object definition is depicted as follows. ripe-1nn.txt July, 1994 - 25 - Example: aut-num: AS1104 descr: NIKHEF-H Autonomous system as-in: from AS1213 100 accept AS1213 as-in: from AS1913 100 accept AS1913 as-in: from AS1755 150 accept ANY as-out: to AS1213 announce ANY as-out: to AS1913 announce ANY as-out: to AS1755 announce AS1104 AS1913 AS1213 tech-c: Rob Blokzijl admin-c: Eric Wassenaar guardian: as-guardian(a)nikhef.nl changed: ripe-dbm(a)ripe.net 920910 source: RIPE See Appendix A for a complete syntax definition of the "aut-num" object. It should be noted that this representation provides two things: o a set of routes. o a description of administrative details and routing policies. The set of routes can be used to generate network list based confi- guration information as well as configuration information for exte- rior routing protocols knowing about ASes. This means an AS can be defined and is useful even if it does not use routing protocols which know about the AS concept. ripe-1nn.txt July, 1994 - 26 - Description of routing policies between ASs with multiple connec- tions - "interas-in/interas-out" Description of multiple connections between ASs defines how two ASs have chosen to set different policies for the use of each or some of the connections between the ASs. This description is necessary only if the ASs are connected in more than one way and the routing policy and differs at these two connections. Example: LINK1 193.0.1.1 +----------+ 193.0.1.2 | | AS1------AS2== ==AS3-----AS4 | | 193.0.1.5 +----------+ 193.0.1.6 LINK2 Note: LINK here denotes to connection points between ASs. It is not necessary just a serial link as it may be inter- preted. It could be ethernet or other type of connection as well. It may be that AS2 wants to use LINK2 only for traffic towards AS4. LINK1 is used for traffic to AS3 and as backup to AS4, should LINK2 fail. To implement this policy, one would use the attribute "interas-in" and "interas-out." This attribute permits ASs to describe their local decisions based on its preference such as multi-exit-discriminators (MEDs) and to communicate those routing decisions. This information would be useful in resolving problems when some traffic paths changed from traversing AS3's gateway in Timbuktu rather than the gateway in Mogadishu. The exact syntax is given in Appendix A. However, if we follow this example through in terms of AS2 we would represent this policy as follows: Example: aut-num: AS2 as-in: from AS3 10 accept AS3 AS4 as-out: to AS3 announce AS1 AS2 interas-in: from AS3 193.0.1.1/32 193.0.1.2/32 (pref=5) accept AS3 interas-in: from AS3 193.0.1.1/32 193.0.1.2/32 (pref=15) accept AS4 interas-in: from AS3 193.0.1.5/32 193.0.1.6/32 (pref=10) accept AS4 ... ripe-1nn.txt July, 1994 - 27 - Here we see additional policy information between two ASs in terms of the IP addresses of the connection. The parentheses and keyword are syntactic placeholders to add the readability of the attributes. If pref=MED is specified the preference indicated by the remote AS via the multi-exit- discriminator metric such as BGP is used. Of course this type on inter-AS policy should always be bilaterally agreed upon to avoid asymmetry and in practice there may need to be corresponding interas-in attributes in the policy representation of AS3. The interas-out attribute is similar in the same way to interas-in as as-out to as-in. The one major difference being that interas-out allows to associate an outgoing metric with each route. It is impor- tant to note that this metric is just passed to the peer AS and it is at the peer AS's discretion to use or ignore it. A special value of IGP specifies that the metric passed to the receiving AS will be derived from the IGP of the sending AS. In this way the peer AS can choose the optimal link for its traffic as determined by the sending AS. When both as-in,as-out and interas-in,interas-out are used, for the routes mentioned in both set of attributes, the preference defined in interas-in and interas-out will take precedence for the particu- lar interas connection point identified by <local-rid> and <remote- rid>. For the routes which are not mentioned in interas-in and interas-out, their preference will be using what defined in as-in. If a route is only referenced in some interas-in/out attributes and not in others it is assumed not announced/accepted on the con- nection concerned. The key difference between interas-in/interas-out and as-in/as-in attributes is the former describes a more specific inter-AS policy based on multiple connections between ASs and the latter the general inter-AS policy. The general policy should always be defined. The more specific inter-AS policy should only be defined when such a policy really exists and the implications of setting such poli- cies are fully understood. ripe-1nn.txt July, 1994 - 28 - How to describe the exclusion policy of a certain AS - "as-exclude" Some ASes have a routing policy based on the exclusion of certain routes if for whatever reason a certain AS is used as transit. Whilst, this is in general not good practice as it makes implicit assumptions on topology with asymmetry a possible outcome if not coordinated, this case needs to be accommodated within the routing policy representation. The way this is achieved is by making use of the "as-exclude" attri- bute. The precise syntax of this attribute can be found in Appendix A along with the rest of the defined syntax for the "aut-num" object. However, some explanation of the use of this attribute is useful. If we have the following example topology. Example: AS4--------AS3 | | | | | | AS1--------AS2--------AS5 With a simple corresponding policy like so: Example: aut-num: AS1 as-in: from AS2 100 accept ANY as-out: to AS2 announce AS1 as-exclude: exclude AS4 to ANY .... We see an interesting policy. What this says in simple terms is AS1 doesn't want to reach anything if it transit AS4. This can be a per- fectly valid policy. However, it should be realised that for what- ever reason AS2 decides to route to AS3 via AS4 then immediately AS1 has no connectivity to AS3 or if AS1 is running default to AS2 pack- ets from AS1 will still flow via AS4. The important point about this is that whilst AS1 can advise its neighbours of its policy it has no direct control on how it can enforce this policy to neighbours upstream. Another interesting scenario to highlight the unexpected result of using such an "as-exclude" policy. If we assume in the above example AS2 preferred AS4 to reach AS3 and AS1 did not use default routing then as stated AS1 would have no connectivity to AS3. Now lets sup- pose that for example the link between AS2 and AS4 went down for some reason. Like so: ripe-1nn.txt July, 1994 - 29 - Example: AS4--------AS3 | | AS1--------AS2--------AS5 Suddenly AS1 now has connectivity to AS3. This unexpected behavior should be considered when created policies based on the "as-exclude" attribute. The second problem with this type of policy is the potential of asymmetry. In the original example we saw the correct policy from AS1's point of view but if ASes with connectivity through AS4 do not use a similar policy you have asymmetric traffic and policy. If an AS uses such a policy they must be aware of the consequences of its use. Namely that the specified routes which transit the AS (i.e. routing announcements with this AS in the AS path information) in question will be excluded. If not coordinated this can easily cause asymmetry or even worse loss of connectivity to unknown ASes behind (or in front for that matter) the transit AS in question. With this in mind this attribute can only be viewed as a form of advisory to other service providers. However, this does not preclude its use with policy based tools if the attribute exists. By having the ability to specify a route keyword based on any of the four notations given in the syntax it allows the receiving AS to specify what routes it wishes to exclude through a given transit AS to a network granularity. ripe-1nn.txt July, 1994 - 30 - 7. AS Macros It may be difficult to keep track of each and every new AS that is represented in the routing registry. A convenient way around this is to define an `AS Macro' which essentially is a convenient way to group ASes. This is done so that each and every AS guardian does not have to add a new AS to it's routing policy as described by the as- in and as-out attributes of it's AS object. However, it should be noted that this creates an implicit trust on the guardian of the AS-Macro. An AS-Macro can be used in <routing policy expressions> for the "as-in" and "as-out" attributes in the aut-num object. The AS-Macro object is then used to derive the list or group of ASes. A simple example would be something like: Example: aut-num: AS786 as-in: from AS1755 100 accept AS-EBONE AND NOT AS1104 as-in: from AS1755 100 accept AS-EBONE AND NOT AS1104 as-out to AS1755 announce AS786 ..... Where the as-macro object for AS-EBONE is as follows: as-macro: AS-EBONE descr: ASes routed by EBONE as-list: AS2121 AS1104 AS2600 AS2122 as-list: AS1103 AS1755 AS2043 guardian: guardian(a)ebone.net ...... So the policy would be evaluated to: aut-num: AS786 as-in: from AS1755 100 accept (AS2121 OR AS1104 OR AS2600 OR AS2122 as-in: from AS1755 100 accept AS1103 OR AS1755 OR AS2043) AND NOT AS1104 ...... It should be noted that the above examples incorporates the rule for line wrapping as defined in Appendix A for policy lines. See Appen- dix C for a definition on the AS-Macro syntax. ripe-1nn.txt July, 1994 - 31 - 8. The Community Object A community is a group of routes that cannot be represented by an AS or a group of ASes. It is in some circumstances useful to define a group of routes that have something in common. This could be a spe- cial access policy to a supercomputer centre, a group of routes used for a specific mission, or a disciplinary group that is scattered among several autonomous systems. Also these communities could be useful to group routes for the purpose of network statistics. Communities do not exchange routing information, since they do not represent an autonomous system. More specifically, communities do not define routing policies, but access or usage policies. However, they can de used as in conjunction with an ASes routing policy to define a set of routes the AS sets routing policy for. Communities should be defined in a strict manner, to avoid creating as many communities as there are routes, or even worse. Communities should be defined following the two rules below; o Communities must have a global meaning. Communities that have no global meaning, are used only in a local environment and should be avoided. o Communities must not be defined to express non-local policies. It should be avoided that a community is created because some other organisation forces a policy upon your organisation. Communities must only be defined to express a policy defined by your organisation. Community examples There are some clear examples of communities: BACKBONE - all customers of a given backbone service provider even though they can have various different routing policies and hence belong to different ASes. This would be extremely useful for statistics collection. HEPNET - the High Energy Physics community partly shares infrastructure with other organisations, and the institutes it consists of are scattered all over Europe, often being part of a non HEPNET autonomous system. To allow statistics, access or part of a routing policy , a community HEPNET, consisting of all routes that are part of HEPNET, conveniently groups all these routes. ripe-1nn.txt July, 1994 - 32 - NSFNET - the National Science Foundation Network imposes an acceptable use policy on routes that wish to make use of it. A community NSFNET could imply the set of routes that comply with this pol- icy. MULTI - a large multinational corporation that does not have its own internal infrastructure, but connects to the various parts of its organisations by using local service providers that connect them all together, may decide to define a community to restrict access to their networks, only by networks that are part of this community. This way a corporate network could be defined on shared infrastructure. Also, this community could be used by any of the service providers to do statistics for the whole of the corporation, for instance to do topology or bandwidth plan- ning. Similar to Autonomous systems, each community is represented in the RIPE database by both a community object and community tags on the route objects representing the routes belonging to the community. The community object stores descriptive, administrative and contact information about the community. The community tags on the route objects define the set of routes belonging to a community. A route can have multiple community tags. The community tags can only be created and updated by the "guardian" of the community and not by those directly responsible for the par- ticular network. This ensures that guardians remain in control of community membership. Here's an example of how this might be represented in terms of the community tags within the network object. We have an example where the route 192.16.199.0/24 has a single routing policy (i.e. that of AS 1104), but is part of several different communities of interest. We use the tag "comm-list" to represent the list of communities associated with this route. NIKHEF-H uses the service provider SURFNET (a service provider with customers with more than one rout- ing policy), is also part of the High Energy Physics community as well as having the ability to access the Supercomputer at CERN(4). _________________________ (4) The community `CERN-SUPER', is somewhat national, but is intended as an example of a possible use of an access policy constraint. ripe-1nn.txt July, 1994 - 33 - Example: route: 192.16.199.0/24 descr: Local Ethernet descr: NIKHEF section H origin: AS1104 comm-list: HEPNET CERN-SUPER SURFNET changed: ripe-dbm(a)ripe.net 920604 source: RIPE In the above examples some communities have been defined. The com- munity object itself will take the following format: Example: community: SURFNET descr: Dutch academic research network authority: SURFnet B.V. guardian: comm-guardian(a)surfnet.nl admin-c: Erik-Jan Bos tech-c: Erik-Jan Bos changed: ripe-dbm(a)ripe.net 920604 source: RIPE For a complete explanation of the syntax please refer to Appendix B. ripe-1nn.txt July, 1994 - 34 - 9. Representation of Routing Policies Routing policies of an AS are represented in the autonomous system object. Initially we show some examples, so the reader is familiar with the concept of how routing information is represented, used and derived. Refer to Appendix A, for the full syntax of the "aut-num" object. The topology of routing exchanges is represented by listing how routing information is exchanged with each neighbouring AS. This is done separately for both incoming and outgoing routing information. In order to provide backup and back door paths a relative cost is associated with incoming routing information. Example 1: AS1------AS2 This specifies a simple routing exchange of two presumably isolated ASes. Even if either of them has routing information about routes in ASes other than AS1 and AS2, none of that will be announced to the other. aut-num: AS1 as-out: to AS2 announce AS1 as-in: from AS2 100 accept AS2 aut-num: AS2 as-out: to AS1 announce AS2 as-in: from AS1 100 accept AS1 The number 100 in the in-bound specifications is a relative cost, which is used for backup and back door routes. The absolute value is of no significance. The relation between different values within the same AS object is. A lower value means a lower cost. This is cons- ciously similar to the cost based preference scheme used with DNS MX RRs. Example 2: Now suppose that AS2 is connected to one more AS, besides AS1, and let's call that AS3: AS1------AS2------AS3 ripe-1nn.txt July, 1994 - 35 - In this case there are two reasonable routing policies: a) AS2 just wants to exchange traffic with both AS1 and AS3 itself without passing traffic between AS1 and AS3. b) AS2 is willing to pass traffic between AS3 and AS1, thus acting as a transit AS Example 2a: In the first case AS1's representation in the routing registry will remain unchanged as will be the part of AS2's representation describing the routing exchange with AS1. A description of the addi- tional routing exchange with AS3 will be added to AS2's representa- tion: aut-num: AS1 as-out: to AS2 announce AS1 as-in: from AS2 100 accept AS2 aut-num: AS2 as-out: to AS1 announce AS2 as-in: from AS1 100 accept AS1 as-out: to AS3 announce AS2 as-in: from AS3 100 accept AS3 aut-num: AS3 as-out: to AS2 announce AS3 as-in: from AS2 100 accept AS2 Note that in this example, AS2 keeps full control over its resources. Even if AS3 and AS1 were to allow each others routes in from AS2, the routing information would not flow because AS2 is not announcing it(5). Example 2b: If contrary to the previous case, AS1 and AS3 are supposed to have connectivity to each other via AS2, all AS objects have to change: _________________________ (5) Of course AS1 and AS3 could just send traffic to each other to AS2 even without AS2 announcing the routes, hoping that AS2 will forward it correctly. Such questionable practices however are beyond the scope of this document. ripe-1nn.txt July, 1994 - 36 - aut-num: AS1 as-out: to AS2 announce AS1 as-in: from AS2 100 accept AS2 AS3 aut-num: AS2 as-out: to AS1 announce AS2 AS3 as-in: from AS1 100 accept AS1 as-out: to AS3 announce AS2 AS1 as-in: from AS3 100 accept AS3 aut-num: AS3 as-out: to AS2 announce AS3 as-in: from AS2 100 accept AS1 AS2 Note that the amount of routing information exchanged with a neigh- bour AS is defined in terms of routes belonging to ASes. In BGP terms this is the AS where the routing information originates and the originating AS information carried in BGP could be used to implement the desired policy. However, using BGP or the BGP AS-path information is not required to implement the policies thus speci- fied. Configurations based on route lists can easily be generated from the database. The AS path information, provided by BGP can then be used as an additional checking tool as desired. The specification understands one special expression and this can be expressed as a boolean expressions: ANY - means any routing information known. For output this means that all routes an AS knows about are announced. For input it means that anything is accepted from the neighbour AS. ripe-1nn.txt July, 1994 - 37 - Example 3: AS4 is a stub customer AS, which only talks to service provider AS123. | | -----AS123------AS4 | | aut-num: AS4 as-out: to AS123 announce AS4 as-in: from AS123 100 accept ANY aut-num: AS123 as-in: from AS4 100 accept AS4 as-out: to AS4 announce ANY <further neighbours> Since AS4 has no other way to reach the outside world than AS123 it is not strictly necessary for AS123 to send routing information to AS4. AS4 can simply send all traffic for which it has no explicit routing information to AS123 by default. This strategy is called default routing. It is expressed in the routing registry by adding one or more default tags to the autonomous system which uses this strategy. In the example above this would look like: aut-num: AS4 as-out: to AS123 announce AS4 default: AS123 100 aut-num: AS123 as-in: from AS4 100 accept AS4 <further neighbours> ripe-1nn.txt July, 1994 - 38 - Example 4: AS4 now connects to a different operator, AS5. AS5 uses AS123 for outside connectivity but has itself no direct connection to AS123. AS5 traffic to and from AS123 thus has to pass AS4. AS4 agrees to act as a transit AS for this traffic. | | -----AS123------AS4-------AS5 | | aut-num: AS4 as-out: to AS123 announce AS4 AS5 as-in: from AS123 100 accept ANY as-out: to AS5 announce ANY as-in: from AS5 50 accept AS5 aut-num: AS5 as-in: from AS4 100 accept ANY as-out: to AS4 announce AS5 aut-num: AS123 as-in: from AS4 100 accept AS4 AS5 as-out: to AS4 announce ANY <further neighbours> Now AS4 has two sources of external routing information. AS5 which provides only information about its own routes and AS123 which pro- vides information about the external world. Note that AS4 accepts information about AS5 from both AS123 and AS5 although AS5 informa- tion cannot come from AS123 since AS5 is connected only via AS4 itself. The lower cost of 50 for the announcement from AS5 itself compared to 100 from AS123 ensures that AS5 is still believed even in case AS123 will unexpectedly announce AS5. In this example too, default routing can be used by AS5 much like in the previous example. AS4 can also use default routing towards AS123: ripe-1nn.txt July, 1994 - 39 - aut-num: AS4 as-out: to AS123 announce AS4 AS5 default: AS123 11 as-in: from AS5 50 accept AS5 Note no announcements to AS5, they default to us. aut-num: AS5 as-out: to AS4 announce AS5 default: AS4 100 aut-num: AS123 as-in: from AS4 100 announce AS4 AS5 <further neighbours> Note that the relative cost associated with default routing is totally separate from the relative cost associated with in-bound announcements. The default route will never be taken if an explicit route is known to the destination. Thus an explicit route can never have a higher cost than the default route. The relative cost asso- ciated with the default route is only useful in those cases where one wants to configure multiple default routes for redundancy. Note also that in this example the configuration using default routes has a subtly different behavior than the one with explicit routes: In case the AS4-AS5 link fails AS4 will send traffic to AS5 to AS123 when using the default configuration. Normally this makes not much difference as there will be no answer and thus little traffic. With certain datagram applications which do not require acknowledgments however, significant amounts of traffic may be use- lessly directed at AS123. Similarly default routing should not be used if there are stringent security policies which proscribe any traffic intended for AS5 to ever touch AS123. Generally it can be said that default routing should only be used in very simple topologies. Once the situation gets more complex using default routes can lead to unexpected results or even defeat the routing policies established when links fail. As an example consider how Example 5a) below could be implemented using default routing. ripe-1nn.txt July, 1994 - 40 - Example 5: In a different example AS4 has a private connection to AS6 which in turn is connected to the service provider AS123: | | -----AS123------AS4 | | | | | | AS6 ---------+ There are a number of policies worth examining in this case: a) AS4 and AS6 wish to exchange traffic between themselves exclusively via the private link between themselves; such traffic should never pass through the backbone (AS123). The link should never be used for transit traffic, i.e. traffic not both originating in and destined for AS4 and AS6. b) AS4 and AS6 wish to exchange traffic between themselves via the private link between themselves. Should the link fail, traffic between AS4 and AS6 should be routed via AS123. The link should never be used for transit traffic. c) AS4 and AS6 wish to exchange traffic between themselves via the private link between themselves. Should the link fail, traffic between AS4 and AS6 should be routed via AS123. Should the connection between AS4 and AS123 fail, traffic from AS4 to des- tinations behind AS123 can pass through the private link and AS6's connection to AS123. d) AS4 and AS6 wish to exchange traffic between themselves via the private link between themselves. Should the link fail, traffic between AS4 and AS6 should be routed via AS123. Should the backbone connection of either AS4 or AS6 fail, the traffic of the disconnected AS should flow via the other AS's backbone connection. ripe-1nn.txt July, 1994 - 41 - Example 5a: aut-num: AS4 as-in: from AS123 100 accept NOT AS6 as-out: to AS123 announce AS4 as-in: from AS6 50 accept AS6 as-out: to AS6 announce AS4 aut-num: AS123 as-in: from AS4 100 accept AS4 as-out: to AS4 announce ANY as-in: from AS6 100 accept AS6 as-out: to AS6 announce ANY <further neighbours> aut-num: AS6 as-in: from AS123 100 accept NOT AS4 as-out: to AS123 announce AS6 as-in: from AS4 50 accept AS4 as-out: to AS4 announce AS6 Note that here the configuration is slightly inconsistent. AS123 will announce AS6 to AS4 and AS4 to AS6. These announcements will be filtered out on the receiving end. This will implement the desired policy. Consistency checking tools might flag these cases however. ripe-1nn.txt July, 1994 - 42 - Example 5b: aut-num: AS4 as-in: from AS123 100 accept ANY as-out: to AS123 announce AS4 as-in: from AS6 50 accept AS6 as-out: AS6 AS4 aut-num: AS123 as-in: AS4 100 AS4 as-out: AS4 ANY as-in: AS6 100 AS6 as-out: AS6 ANY <further neighbours> aut-num: AS6 as-in: from AS123 100 accept ANY as-out: to AS123 announce AS6 as-in: from AS4 50 accept AS4 as-out: to AS4 announce AS6 The thing to note here is that in the ideal operational case, `all links working' AS4 will receive announcements for AS6 from both AS123 and AS6 itself. In this case the announcement from AS6 will be preferred because of its lower cost and thus the private link will be used as desired. AS6 is configured as a mirror image. ripe-1nn.txt July, 1994 - 43 - Example 5c: The new feature here is that should the connection between AS4 and AS123 fail, traffic from AS4 to destinations behind AS123 can pass through the private link and AS6's connection to AS123. aut-num: AS4 as-in: from AS123 100 accept ANY as-out: to AS123 announce AS4 as-in: from AS6 50 accept AS6 as-in: from AS6 110 accept ANY as-out: to AS6 AS4 aut-num: AS123 as-in: from AS4 1 accept AS4 as-out: to AS4 announce ANY as-in: from AS6 1 accept AS6 as-in: from AS6 2 accept AS4 as-out: to AS6 announce ANY <further neighbours> aut-num: AS6 as-in: from AS123 100 accept ANY as-out: to AS123 AS6 announce AS4 as-in: from AS4 50 accept AS4 as-out: to AS4 announce ANY Note that it is important to make sure to propagate routing informa- tion for both directions in backup situations like this. Connec- tivity in just one direction is not useful at all for almost all applications. Note also that in case the AS6-AS123 connection breaks, AS6 will only be able to talk to AS4. The symmetrical case (5d) is left as an exercise to the reader. 10. Future Extensions We envision that over time the requirements for describing routing policy will evolve. The routing protocols will evolve to support the requirements and the routing policy description syntax will need to evolve as well. For that purpose, a separate document will describe experimental syntax definitions for policy description. This docu- ment will be updated when new objects or attributes are proposed or modified. Two new attributes of the AS object which are proposed and supported by the Merit Routing Registry are as-transit and db-selector. as-transit describes the transit preferences of an AS. It allows an AS to describe its path preference in order to reach certain ripe-1nn.txt July, 1994 - 44 - destinations. The AS(s) specified in the path preference may or may not be an immediate neighbor of the AS defined in the AS object. as-transit accommodates policy decisions involving AS path whereas as-in and as-out do not. It is not unusual for ASs to have routing policies which involve path selection based on AS. Emerging proto- cols like SDRP [13] will allow an AS to choose a path independent of a neighboring ASs path choice. as-transit permits descriptions based on AS path selection. The DataBase Selector (db-selector) function allows one to take advantage of information registered in other Registries. It permits the selection of networks in a database based on their attributes. It is proposed to be used within the as-in/as-out attribute family to make the description of policy concise. For example, if an AS has the policy of not accepting any routes from country XYZ, the AS can use the db-selector to check a database which has a network and country attribute and relate that information to the information in the routing registry. The advantage of referencing another database is that the routing registry will avoid duplicating the information maintained in other information registries. Detailed examples and syntax are described in document ???? [14]. ripe-1nn.txt July, 1994 - 45 - 11. References [1] Bates, T., Jouanigot, J-M., Karrenberg, D., Lothberg, P., Terpstra, M., "Representation of IP Routing Policies in the RIPE Database", RIPE-81, February 1993. [2] Merit Network Inc.,"Representation of Complex Routing Policies of an Autonomous System", DRAFT, March, 1994. [3] PRIDE Tools Release 1. See ftp.ripe.net:pride/tools/pride-tools-1.tar.Z. [4] Merit Inc. RRDB Tools. See rrdb.merit.edu:pub/meritrr/* [5] The Network List Compiler. See dxcoms.cern.ch:pub/ripe-routing-wg/nlc-2.2d.tar [6] Lord, A., Terpstra, M., "RIPE Database Template for Networks and Persons", DRAFT, May 1994. [7] Karrenberg, D., "RIPE Database Template for Domains", RIPE-49, April 1992. [8] Lougheed, K., Rekhter, Y., "A Border Gateway Protocol 3 (BGP- 3)", RFC1267, October 1991. [9] Rekhter, Y., Li, T., "A Border Gateway Protocol 4 (BGP-4)", RFC-1654, May 1994. [10] Bates, T., Karrenberg, D., Terpstra, M., "Support for Classless Internet Addresses in the RIPE Database", DRAFT, May 1994. [11] Karrenberg, D., "Authorisation and Notification of Changes in the RIPE Database", RIPE-96, October 1993. [12] Bates, T., "Support of Guarded fields within the RIPE Data- base", ripe-108, February 1994. [13] Estrin, D., Li, T., Rekhter, Y., Varadhan, K., "Source Demand Routing: Packet Format and Forwarding Specification (Version 1)", INTERNET-DRAFT, draft-ietf-sdr-sdrp-04.txt, March 1994. [14] ?????, "Experimental Objects and attributes for the Routing Registry, ???, ????. [15] Bates, T., "Specifying an `Internet Router' in the Routing Registry", DRAFT, July 1994. ripe-1nn.txt July, 1994 - 46 - 12. Author's Addresses Tony Bates RARE/PRIDE Project c/o RIPE Network Coordination Centre Kruislaan 409 NL-1098 SJ Amsterdam The Netherlands +31 20 592 5064 T.Bates(a)ripe.net Elise Gerich The University of Michigan Merit Computer Network 1075 Beal Avenue Ann Arbor, MI 48109 USA +1 313 936 2120 epg(a)merit.edu Laurent Joncheray The University of Michigan Merit Computer Network 1075 Beal Avenue Ann Arbor, MI 48109 USA +1 313 936 2065 lpj(a)merit.edu Jean-Michel Jouanigot CERN, European Laboratory for Particle Physics CH-1211 Geneva 23 Switzerland +41 22 767 4417 Jean-Michel.Jouanigot(a)cern.ch Daniel Karrenberg RIPE Network Coordination Centre Kruislaan 409 NL-1098 SJ Amsterdam The Netherlands +31 20 592 5065 D.Karrenberg(a)ripe.net ripe-1nn.txt July, 1994 - 47 - Marten Terpstra PRIDE Project c/o RIPE Network Coordination Centre Kruislaan 409 NL-1098 SJ Amsterdam The Netherlands +31 20 592 5064 M.Terpstra(a)ripe.net Jessica Yu The University of Michigan Merit Computer Network 1075 Beal Avenue Ann Arbor, MI 48109 USA +1 313 936 2655 jyy(a)merit.edu ripe-1nn.txt July, 1994 - 48 - Appendix A - Syntax for the aut-num object. Here is a summary of the tags associated with aut-num object itself and their status. The first column specifies the attribute, the second column whether this attribute is mandatory in the aut-num object, and the third column whether this specific attribute can occur only once per object [single], or more than once [multiple]. When specifying multiple lines per attribute, the attribute name must be repeated. See [6] the example for the descr: attribute. aut-num: [mandatory] [single] descr: [mandatory] [multiple] as-in: [optional] [multiple] as-out: [optional] [multiple] interas-in: [optional] [multiple] interas-out: [optional] [multiple] as-exclude: [optional] [multiple] default: [optional] [multiple] tech-c: [mandatory] [multiple] admin-c: [mandatory] [multiple] guardian: [mandatory] [single] remarks: [optional] [multiple] notify: [optional] [multiple] maintainer: [optional] [single] changed: [mandatory] [multiple] source: [mandatory] [single] Each attribute has the following syntax: aut-num: The autonomous system number. This must be a uniquely allo- cated autonomous system number from an AS registry (i.e. the RIPE NCC, the Inter-NIC, etc). Format: AS<positive integer between 1 and 65535> Example: aut-num: AS1104 Status: mandatory, only one line allowed descr: A short description of the Autonomous System. Format: free text Status: mandatory, multiple lines allowed as-in: ripe-1nn.txt July, 1994 - 49 - Example: descr: NIKHEF section H descr: Science Park Watergraafsmeer descr: Amsterdam A description of accepted routing information between AS peers. Format: from <aut-num> <cost> accept <routing policy expression> The keywords from and accept are optional and can be omit- ted. <aut-num> refers to your AS neighbour. <cost> is a positive integer used to express a relative cost of routes learned. The lower the cost the more pre- ferred the route. <routing policy expression> can take the following for- mats. 1. A list of one or more ASes, AS Macros, Communities or Network Lists. A Network List is a list of network numbers in prefix length format, separated by commas, and surrounded by curly brackets. Examples: as-in: from AS1103 100 accept AS1103 as-in: from AS786 105 accept AS1103 as-in: from AS786 10 accept AS786 HEPNET as-in: from AS1755 110 accept AS1103 AS786 as-in: from AS3333 100 accept {192.87.45.0/16, 128.141.0.0/16} 2. A set of KEYWORDS. The following KEYWORD is currently defined: ANY this means anything the neighbour AS knows. 3. A logical expression of either 1 or 2 above The current logical operators are defined as: AND OR NOT ripe-1nn.txt July, 1994 - 50 - NOTE: if no logical operator is given between ASes, AS-macros, Communities, Network Lists and KEYWORDS it is implicitly evaluated as an `OR' operation. The OR can be left out for conciseness. Rules are grouped together using parenthesis i.e "(" and ")". Example: as-in: from AS1755 100 accept ANY AND NOT (AS1234 OR AS513) as-in: from AS1755 150 accept AS1234 OR {35.0.0.0/8} A rule can be wrapped over lines providing the associated <aut-num>, <cost> values and from and accept keywords are repeated and occur on con- secutive lines. Example: as-in: from AS1755 100 accept ANY AND NOT (AS1234 AS513) and as-in: from AS1755 100 accept ANY AND NOT ( as-in: from AS1755 100 accept AS1234 AS513) are evaluated to the same result. Please note that the ordering of these continuing lines matters. Status: optional, multiple lines allowed as-out: A description of generated routing information sent to other AS peers. Format: to <aut-num> announce <routing policy expression The to and announce keywords are optional and can be omit- ted. <aut-num> refers to your AS neighbour. <routing policy expression> is explained in the as-in attribute definition above. Example: as-out: to AS1104 announce AS978 as-out: to AS1755 announce ANY as-out: to AS786 announce ANY AND NOT (AS978) Status: optional, multiple lines allowed ripe-1nn.txt July, 1994 - 51 - interas-in: Describes incoming local preferences on an inter AS connection. Format: from <aut-num> [<local-rid>] [<neighbor-rid>] <preference> accept <routing policy expression> The keywords from and accept are optional and can be omit- ted. <aut-num> is an autonomous system as defined in as-in. <local-rid> contains the IP address of the border router in the AS describing the policy. IP address must be in prefix length format. This field is optional. <neighbor-rid> contains the IP address of neighbor AS's border router from which this AS accept routes defined in the <routing policy expression>. IP addresses must be in prefix length format. This field is optional. <local-info> contains the IP address of the local border router, followed by a space, followed by the IP address of the remote border router. IP addresses must be in prefix length format. <preference> is defined as follows: (<pref-type>=<value>) It should be noted the parenthesis ``('' and ``)'' and the ``<pref-type>'' keyword must be present for this prefer- ence to be valid. <pref-type> currently only supports "pref". It could be expanded to other type of preference such as tos/qos as routing technology matures. <value> can take one of the following values: <cost> <cost> is a positive integer used to express a rela- tive cost of routes learned. The lower the cost the more preferred the route. This <cost> value is only relevant to other interas-in attributes, not to as-in attributes. MED This indicates the AS will use the MED metric, as implemented in BGP, sent from its neighbor AS. NOTE: Combinations of MED and <cost> should be avoided for the same destinations. ripe-1nn.txt July, 1994 - 52 - CAVEAT: The pref-type values may well be enhanced in the future as more inter-ASs routing protocols intro- duce other metrics. <routing policy expression> is an expression as defined in as-in above. Examples: interas-in: from AS1104 192.87.45.254/32 192.87.45.80/32 (pref=10) accept AS786 AS987 interas-in: from AS1104 192.87.45.254/32 192.87.45.79/32 (pref=20) accept AS987 interas-in: from AS1103 192.87.45.254/32 192.87.45.32/32 (pref=MED) accept ANY Status: optional, multiple lines allowed interas-out: Format: to <aut-num> [<local-rid>] [<neighbor-rid>] announce [<metric>] <routing policy expression> The keywords to and announce are optional and can be omit- ted. The definitions of <aut-num>, <local-rid> <neighbor-rid>, and <routing policy expression> are identical to those defined in interas-in. <metric> is defined as follows: (<metric-type>=<value>) It should be noted the parenthesis ``('' and ``)'' and the keywords of ``<metric-type>'' must be present for this metric to be valid. <metric-type> currently only supports "metric-out". It could be expanded to other type of preference such as tos/qos as routing technology matures. <value> can take one of the following values: <num-metric> <num-metric> is a pre-configured metric for outbound routes. The lower the cost the more preferred the route. This <num-metric> value is only relevant to other interas-out attributes, not to as-out attri- butes. IGP This indicates that this means that the metric reflects the ASs internal topology cost. The topology is reflected here by using MED which is derived from the AS's IGP metric. ripe-1nn.txt July, 1994 - 53 - NOTE: Combinations of IGP and <num-metric> should be avoided for the same destinations. CAVEAT: The metric-out values may well be enhanced in the future as more interas protocols make use of metrics. Examples: interas-out: to AS1104 192.87.45.254/32 192.87.45.80/32 (metric-out=10) announce AS23 AS10 interas-out: to AS1104 192.87.45.80/32 (metric-out=15) announce AS10 interas-out: to AS1103 192.87.45.254/32 (metric-out=IGP) announce ANY Status: optional, multiple lines allowed as-exclude: A list of transit ASes to ignore all routes from. Format: exclude <aut-num> to <exclude-route-keyword> Keywords exclude and to are optional and can again be omitted. <aut-num> refers to the transit AS in question. an <exclude-route-keyword> can be ONE of the following. 1. <aut-num> 2. AS macro 3. Community 4. ANY Examples: as-exclude: exclude AS690 to HEPNET This means exclude any HEPNET routes which have a route via AS690. as-exclude: exclude AS1800 to AS-EUNET This means exclude any AS-EUNET routes which have a route via AS1800. as-exclude: exclude AS1755 to AS1104 This means exclude any AS1104 route which have a route via AS1755. ripe-1nn.txt July, 1994 - 54 - as-exclude: exclude AS1104 to ANY This means exclude all routes which have a route via AS1104. Status: optional, multiple lines allowed default: An indication of how default routing is done. Format: <aut-num> <relative cost> <default-expression> where <aut-num> is the AS peer you will default route to, and <relative cost> is the relative cost is a positive integer used to express a preference for default. There is no relationship to the cost used in the as-in tag. The AS peer with the lowest cost is used for default over ones with higher costs. <default-expression> is optional and provides information on how a default route is selected. It can take the fol- lowing formats: 1. static. This indicates that a default is statically configured to this AS peer. 2. A network list with the syntax as described in the as-in attribute. This indicates that this list of routes is used to generate a default route. A special but valid value in this is the special route used by some routing protocols to indicate default: 0.0.0.0/0 3. default. This is the same as {0.0.0.0/0}. This means that the routing protocol between these two peers generates a true default. Examples: default: AS1755 10 default: AS786 5 {140.222.0.0/16, 192.87.45.0/24} default: AS2043 15 default Status: optional, multiple lines allowed tech-c: Full name or uniquely assigned NIC-handle of a technical con- tact person. This is someone to be contacted for technical problems such as misconfiguration. Format: <firstname> <initials> <lastname> or <nic-handle> ripe-1nn.txt July, 1994 - 55 - Example: tech-c: John E Doe tech-c: JED31 Status: mandatory, multiple lines allowed admin-c: Full name or uniquely assigned NIC-handle of an administrative contact person. In many cases this would be the name of the guardian. Format: <firstname> <initials> <lastname> or <nic-handle> Example: admin-c: Joe T Bloggs admin-c: JTB1 Status: mandatory, multiple lines allowed guardian: Mailbox of the guardian of the Autonomous system. Format: <email-address> The <email-address> should be in RFC822 domain format wherever possible. Example: guardian: as1104-guardian(a)nikhef.nl Status: mandatory, only one line and e-mail address allowed remarks: Remarks/comments, to be used only for clarification. Format: free text Example: remarks: Multihomed AS talking to AS1755 and AS786 remarks: Will soon connect to AS1104 also. Status: optional, multiple lines allowed notify: The notify attribute contains an email address to which notifi- cations of changes to this object should be sent. See also [11]. ripe-1nn.txt July, 1994 - 56 - Format: <email-address> The <email-address> should be in RFC822 domain syntax wherever possible. Example: notify: Marten.Terpstra(a)ripe.net Status: optional, multiple lines allowed maintainer: The maintainer attribute contains a registered maintainer name. See also [11]. Format: <registered maintainer name> Example: maintainer: RIPE-DBM Status: optional, multiple lines allowed changed: Who changed this object last, and when was this change made. Format: <email-address> YYMMDD <email-address> should be the address of the person who made the last change. YYMMDD denotes the date this change was made. Example: changed: johndoe(a)terabit-labs.nn 900401 Status: mandatory, multiple lines allowed source: Source of the information. This is used to separate information from different sources kept by the same database software. For RIPE database entries the value is fixed to RIPE. Format: RIPE Status: mandatory, only one line allowed ripe-1nn.txt July, 1994 - 57 - Appendix B - Syntax details for the community object. Here is a summary of the tags associated with community object itself and their status. The first column specifies the attribute, the second column whether this attribute is mandatory in the commun- ity object, and the third column whether this specific attribute can occur only once per object [single], or more than once [multiple]. When specifying multiple lines per attribute, the attribute name must be repeated. See [6] the example for the descr: attribute. community: [mandatory] [single] descr: [mandatory] [multiple] authority: [mandatory] [single] guardian: [mandatory] [single] tech-c: [mandatory] [multiple] admin-c: [mandatory] [multiple] remarks: [optional] [multiple] notify: [optional] [multiple] maintainer: [optional] [single] changed: [mandatory] [multiple] source: [mandatory] [single] Each attribute has the following syntax: community: Name of the community. The name of the community should be descriptive of the community it describes. Format: Upper case text string which cannot start with "AS" or any of the <routing policy expression> KEYWORDS. See Appendix A. Example: community: WCW Status: mandatory, only one line allowed descr: A short description of the community represented. Format: free text Example: descr: Science Park Watergraafsmeer descr: Amsterdam Status: mandatory, multiple lines allowed ripe-1nn.txt July, 1994 - 58 - authority: The formal authority for this community. This could be an organisation, institute, committee, etc. Format: free text Example: authority: WCW LAN Committee Status: mandatory, only one line allowed guardian: Mailbox of the guardian of the community. Format: <email-address> The <email-address> should be in RFC822 domain format wherever possible. Example: guardian: wcw-guardian(a)nikhef.nl Status: mandatory, only one line and email address allowed tech-c: Full name or uniquely assigned NIC-handle of an technical con- tact person for this community. Format: <firstname> <initials> <lastname> or <nic-handle> Example: tech-c: John E Doe tech-c: JED31 Status: mandatory, multiple lines allowed admin-c: Full name or uniquely assigned NIC-handle of an administrative contact person. In many cases this would be the name of the guardian. Format: <firstname> <initials> <lastname> or <nic-handle> Example: admin-c: Joe T Bloggs admin-c: JTB1 ripe-1nn.txt July, 1994 - 59 - Status: mandatory, multiple lines allowed remarks: Remarks/comments, to be used only for clarification. Format: free text Example: remarks: Temporary community remarks: Will be removed after split into ASes Status: optional, multiple lines allowed notify: The notify attribute contains an email address to which notifi- cations of changes to this object should be send. See also [11]. Format: <email-address> The <email-address> should be in RFC822 domain syntax wherever possible. Example: notify: Marten.Terpstra(a)ripe.net Status: optional, multiple lines allowed maintainer: The maintainer attribute contains a registered maintainer name. See also [11]. Format: <registered maintainer name> Example: maintainer: RIPE-DBM Status: optional, multiple lines allowed changed: Who changed this object last, and when was this change made. Format: <email-address> YYMMDD <email-address> should be the address of the person who made the last change. YYMMDD denotes the date this change was made. ripe-1nn.txt July, 1994 - 60 - Example: changed: johndoe(a)terabit-labs.nn 900401 Status: mandatory, multiple lines allowed source: Source of the information. This is used to separate information from different sources kept by the same database software. For RIPE database entries the value is fixed to RIPE. Format: RIPE Status: mandatory, only one line allowed ripe-1nn.txt July, 1994 - 61 - Appendix C - AS Macros syntax definition. Here is a summary of the tags associated with as-macro object itself and their status. The first column specifies the attribute, the second column whether this attribute is mandatory in the as-macro object, and the third column whether this specific attribute can occur only once per object [single], or more than once [multiple]. When specifying multiple lines per attribute, the attribute name must be repeated. See [6] the example for the descr: attribute. as-macro: [mandatory] [single] descr: [mandatory] [multiple] as-list: [mandatory] [multiple] guardian: [mandatory] [single] tech-c: [mandatory] [multiple] admin-c: [mandatory] [multiple] remarks: [optional] [multiple] notify: [optional] [multiple] maintainer: [optional] [single] changed: [mandatory] [multiple] source: [mandatory] [single] Each attribute has the following syntax: as-macro: The name of a macro containing at least two Autonomous Systems grouped together for ease of administration. Format: AS-<string> The <string> should be in upper case and not contain any special characters. Example: as-macro: AS-EBONE Status: mandatory, only one line allowed descr: A short description of the Autonomous System Macro. Format: free text Example: descr: Macro for EBONE connected ASes Status: mandatory, multiple lines allowed ripe-1nn.txt July, 1994 - 62 - as-list: The list of ASes that make up this macro. Format: <aut-num> <aut-num> ... See Appendix A for <aut-num> definition. Example: as-list: AS786 AS513 AS1104 Status: mandatory, multiple lines allowed guardian: Mailbox of the guardian of this AS macro. Format: <email-address> The <email-address> should be in RFC822 domain format wherever possible. Example: guardian: as-ebone-guardian(a)ebone.net Status: mandatory, only one line and e-mail address allowed tech-c: Full name or uniquely assigned NIC-handle of a technical con- tact person for this macro. This is someone to be contacted for technical problems such as misconfiguration. Format: <firstname> <initials> <lastname> or <nic-handle> Examples: tech-c: John E Doe tech-c: JED31 Status: mandatory, multiple lines allowed admin-c: Full name or uniquely assigned NIC-handle of an administrative contact person. In many cases this would be the name of the guardian. Format: <firstname> <initials> <lastname> or <nic-handle> Examples: ripe-1nn.txt July, 1994 - 63 - admin-c: Joe T Bloggs admin-c: JTB1 Status: mandatory, multiple lines allowed remarks: Remarks/comments, to be used only for clarification. Format: free text Example: remarks: AS321 will be removed from this Macro shortly Status: optional, multiple lines allowed notify: The notify attribute contains an email address to which notifi- cations of changes to this object should be send. See also [11]. Format: <email-address> The <email-address> should be in RFC822 domain syntax wherever possible. Example: notify: Marten.Terpstra(a)ripe.net Status: optional, multiple lines allowed maintainer: The maintainer attribute contains a registered maintainer name. See also [11]. Format: <registered maintainer name> Example: maintainer: RIPE-DBM Status: optional, multiple lines allowed changed: Who changed this object last, and when was this change made. Format: <email-address> YYMMDD ripe-1nn.txt July, 1994 - 64 - <email-address> should be the address of the person who made the last change. YYMMDD denotes the date this change was made. Example: changed: johndoe(a)terabit-labs.nn 900401 Status: mandatory, multiple lines allowed source: Source of the information. This is used to separate information from different sources kept by the same database software. For RIPE database entries the value is fixed to RIPE. Format: RIPE Status: mandatory, only one line allowed ripe-1nn.txt July, 1994 - 65 - Appendix D - Syntax for the "route" object. There is a summary of the tags associated with community object itself and their status. The first column specifies the attribute, the second column whether this attribute is mandatory in the commun- ity object, and the third column whether this specific attribute can occur only once per object [single], or more than once [multiple]. When specifying multiple lines per attribute, the attribute name must be repeated. See [6] the example for the descr: attribute. route: [mandatory] [single] descr: [mandatory] [multiple] origin: [mandatory] [single] hole: [optional] [multiple] withdrawn: [optional] [multiple] comm-list: [optional] [multiple] remarks: [optional] [multiple] notify: [optional] [multiple] maintainer: [optional] [single] changed: [mandatory] [multiple] source: [mandatory] [single] Each attribute has the following syntax: route: Route being announced. Format: Classless representation of a route with the RIPE database known as the "prefix length" representation. See [10] for more details on classless representations. Examples: route: 192.87.45.0/24 This represents addressable bits 192.87.45.0 to 192.87.45.255. route: 192.1.128.0/17 This represents addressable bits 192.1.128.0 to 192.1.255.255. Status: mandatory, only one line allowed origin: The autonomous system announcing this route. Format: <aut-num> ripe-1nn.txt July, 1994 - 66 - See appendix A for <aut-num> syntax. Example: origin: AS1104 Status: mandatory, only one line allowed hole: Denote the parts of the address space covered this route object to which the originator does not provide connectivity. Format: Classless representation of a route with the RIPE database known as the "prefix length" representation. See [10] for more details on classless representations. It should be noted that is sub-aggregate must be a component of that registered in the route object. Example: hole: 193.0.4.0/24 Status: optional, multiple lines allowed withdrawn: Used to denote the day this route has been withdrawn from the Internet routing mesh. It should be noted that this date cannot be in the future. Format: YYMMDD YYMMDD denotes the date this route was withdrawn. Example: withdrawn: 940711 Status: optional, multiple lines allowed comm-list: List of one or more communities this route is part of. Format: <community> <community> ... See Appendix B for <community> definition. Example: comm-list: HEP LEP Status: optional, multiple lines allowed ripe-1nn.txt July, 1994 - 67 - remarks: Remarks/comments, to be used only for clarification. Format: free text Example: remarks: Multihomed AS talking to AS1755 and AS786 remarks: Will soon connect to AS1104 also. Status: optional, multiple lines allowed notify: The notify attribute contains an email address to which notifi- cations of changes to this object should be send. See also [11]. Format: <email-address> The <email-address> should be in RFC822 domain syntax wherever possible. Example: notify: Marten.Terpstra(a)ripe.net Status: optional, multiple lines allowed maintainer: The maintainer attribute contains a registered maintainer name. See also [11]. Format: <registered maintainer name> Example: maintainer: RIPE-DBM Status: optional, multiple lines allowed changed: Who changed this object last, and when was this change made. Format: <email-address> YYMMDD <email-address> should be the address of the person who made the last change. YYMMDD denotes the date this change was made. Example: ripe-1nn.txt July, 1994 - 68 - changed: johndoe(a)terabit-labs.nn 900401 Status: mandatory, multiple lines allowed source: Source of the information. This is used to separate information from different sources kept by the same database software. For RIPE database entries the value is fixed to RIPE. Format: RIPE Status: mandatory, only one line allowed ripe-1nn.txt July, 1994 - 69 - Appendix E - List of reserved words The following list of words are reserved for use within the attri- butes of the AS object. The use of these words is solely for the purpose of clarity. All keywords must be lower case. accept announce exclude from to transit Examples of the usage of the reserved words are: as-in: from neighborAS accept route as-out: to neighborAS announce route as-exclude: exclude ASpath to destination as-transit: transit ASpath to destination default: from neighborAS accept route default: to neighborAS announce route Note: that as-transit is an experimental attribute. See section 10. ripe-1nn.txt July, 1994 - 70 - Appendix F - Motivations for RIPE-81++ This appendix gives motivations for the major changes in this propo- sal from ripe-81. (It is not complete yet). The main goals of the routing registry rework are: SPLIT Separate the allocation and routing registry functions into different database objects. This will facilitate data manage- ment if the Internet registry and routing registry functions are separated (like in other parts of the world). It will also make more clear what is part of the routing registry and who has authority to change allocation vs. routing data. CIDR Add the possibility to specify classless routes in the routing registry. Classless routes are being used in Internet produc- tion now. Aggregation information in the routing registry is necessary for network layer troubleshooting. It is also neces- sary because aggregation influences routing policies directly. CALLOC Add the possibility to allocate address space on classless boundaries in the allocation registry. This is a way to preserve address space. CLEAN To clean up some of the obsolete and unused parts of the rout- ing registry. The major changes are now discussed in turn: Introduce Classless Addresses CIDR, CALLOC Introduce route object. SPLIT, CIDR and CALLOC. Delete obsolete attributes from inetnum. CLEAN. ripe-1nn.txt July, 1994 - 71 - Delete RIPE-DB and LOCAL from routing policy expressions. CLEAN Allow multiple ASes to originate the same route Because it is being done. CIDR. Made possible by SPLIT. ripe-1nn.txt July, 1994 - 72 - Appendix G - Transition strategy from RIPE-81 to RIPE-81++ Transition from the routing registry described by ripe-81 to the routing registry described in this document is a straightforward process once the new registry functions have been implemented in the database software and are understood by the most commonly used registry tools. The routing related attributes in the classful inet- num objects of ripe-81 can be directly translated into new routing objects. Then these attributes can be deleted from the inetnum object making that object conform to the new schema. Proposed transition steps: 1) Implement classless addresses and new object definition in the database software. 2) Make common tools understand the new schema and prefer it if both old and new are present. 3) Invite everyone to convert their data to the new format. This can be encouraged by doing conversions automatically and pro- posing them to maintainers. 4) At a flag day remove all remaining routing information from the inetnum objects. Before the flag day all usage of obsoleted inetnum attributes has to cease and all other routing registry functions have to be taken over by the new objects and attri- butes. The current estimate is that point three can be reached in the Sum- mer 1994 if the draft is accepted by mid-June. The flag day should be scheduled 3-4 months after this point. ripe-1nn.txt July, 1994

1 0