- db-wg - mailman.ripe.net

Re: Latest and hopefully last iteration of ripe-81++
by Wilfried Woeber, UniVie/ACOnet 22 Jul '94

22 Jul '94

= * > .... = * > - A route/AS name attribute. You currently use the first line of the 'des = * c' = * > attribute to generate a name (with prtraceroute for instance). Having = * > a separate name attribute can make the query of the server (whois or what = * ever) = * > easier since it doesn't require any parsing. = * = * I strongly agree. = * =Umm... do not see the need for routes to have names - doesn't effect =prtraceroute or any other tool for that matter. Whats to parse in =description ? It is there in the aut-num object so a tool uses it..and =works as far as I can tell ? = =However, if the groups want this fine by me. Just I didn't hear any =other votes for this until now. ...Well no strong feelings about introducing a name atrtribute, but I don't see the need for it. It's very easy to spoil the first line for the description and it's comparably easy to spoil the value for a name attribute... I think the issue here is to make people aware that these strings (however they are stored) are used by software and shold give useful *and concise* information. Would some others, having strong feelings, please speak up?! = * > = * > - Include the time (hour, min, second) in the "changed" attribute. This i = * s = * > in case of several changes in the same day. Proposed syntax = * > (compatible with the older one): = * > = * > changed: <email> YYMMDD [hh:mm:ss] [+oo] = * > = * > If hh:mm:ss is missing we assume 00:00:00 +00 ??? = * > +oo if the offset from GMT. (i know, we have to deal with the times = * > zones :-) = * = * I agree not because I think that frequent updates are necessary but because = * including the time zone better identifies the exact time of the update. = * = =Makes no odds to me either way. The software allows more than one =update a day so this is a misnomer from Laurent. =However, this is VERY much a general database issue and not at all in =context with the ripe-81++ proposal I am afraid. DB chair what say you ? There are two aspects to it: - 1) do we need it? do we have to specify implementation? - 2) if we need it - what do we want? 1) My personal opinion is (shaped by the experience of dealing regularly with a *very reliable* RIPE-DB implementation) that we don't need this gadget. Given the responsiveness of the overall system I won't come to think of submitting another update before I've checked the reply from the database! So I think it's an issue of trying to solve the problem only when we have proof that it is there. And - btw - I strongly advocate keeping the possibility to submit more than one update per day!!! I consider this a feature, not a bug. 2) *IF* and when we decide to implement finer granularity, then I think wiring in the weirdness of timezones (to DST or not to DST :-) is definitely a *bad* idea! Do we really need time-information? If this is the case then we should agree on UTC. But I think what Laurent is perhaps advocating is something like an update sequence number. So my proposal would be to add an *optional* (positive, integer :-) sequence number with no other restrictions like being contiguous etc. much like the DNS serial numbers. Wilfried. -------------------------------------------------------------------------- Wilfried Woeber : e-mail: Wilfried.Woeber(a)CC.UniVie.ac.at Computer Center - ACOnet : Vienna University : Tel: +43 1 4065822 355 Universitaetsstrasse 7 : Fax: +43 1 4065822 170 A-1010 Vienna, Austria, Europe : NIC: WW144 --------------------------------------------------------------------------

1 0

Latest and hopefully last iteration of ripe-81++
by Tony Bates 21 Jul '94

21 Jul '94

Find below the latest and hopefully last iteration of ripe-81++. We have ratified all the outstanding issues with the possible exception of the ordering of the interas-in/interas-out attribute which is not a `show-stopper' at this point. We have used our preferred syntax "for now" for clarity reasons. Anyway, here it is. We must reach agreement on this at the RIPE meeting if this is to be implemented in a timely manner and preferably before. Working group chairs please take note and see if you can't get this agreed within your groups before hand. The major changes from the last draft is the inclusion of the interas-in/interas-out work and pointers to the `inet-rtr' object (already circulated). versions online as usual from: ftp://ftp.ripe.net/ripe/drafts/ripe-81++.ps ftp://ftp.ripe.net/ripe/drafts/ripe-81++.txt All comments welcome. Enjoy ! Regards, --Tony. Representation of IP Routing Policies in a Routing Registry (ripe-81++) DRAFT DRAFT DRAFT Tony Bates Elise Gerich Laurent Joncheray Jean-Michel Jouanigot Daniel Karrenberg Marten Terpstra Jessica Yu Document-ID: ripe-1nn Obsoletes: ripe-81 July, 1994 ABSTRACT This document is an update to the original `ripe- 81'[1] proposal for representing and storing routing polices within the RIPE database. It incorporates several extensions proposed by Merit Inc.[2] and gives details of a generalised IP routing policy representa- tion to be used by all Internet routing registries. It acts as both tutorial and provides details of database objects and attributes that use and make up a routing registry. ripe-1nn.txt July, 1994 - 2 - Table of Contents 1 Introduction ................................................ ? 2 Organisation of this Document ............................... ? 3 General Representation of Policy Information ................ ? 4 The Routing Registry and the RIPE Database .................. ? 5 The Route Object ............................................ ? 6 The Autonomous System Object ................................ ? 7 The AS Macro Object ......................................... ? 8 The Community Object ........................................ ? 9 Representation of Routing Policies .......................... ? 10 Future Extensions .......................................... ? 11 References ................................................. ? 12 Authors Addresses .......................................... ? Appendix A - Syntax for the "aut-num" object .................. ? Appendix B - Syntax for the "community" object ................ ? Appendix C - Syntax for the "as-macro" object ................. ? Appendix D - Syntax for the "route" object .................... ? Appendix E - List of reserved words ........................... ? Appendix F - Motivations for RIPE-81++ ........................ ? Appendix G - Transition strategy from RIPE-81 to RIPE-81++ .... ? ripe-1nn.txt July, 1994 - 3 - 1. Introduction This document is a much revised version of the RIPE routing registry document known as ripe-81[1]. Since its inception in February, 1993 and the establishment of the RIPE routing registry, several addi- tions and clarifications have come to light which can be better presented in a single updated document rather than separate addenda. Some of the text remains the same the as the original ripe-81 docu- ment keeping its tutorial style mixed with details of the RIPE data- base objects relating to routing policy representation. However this document does not repeat the background and historical remarks in ripe-81. For these please refer to the original document. It should be noted that whilst this document specifically references the RIPE database and the RIPE routing registry one can easily read "Regional routing registry" in place of RIPE as this representation is certainly general and flexible enough to be used outside of the RIPE community incorporating many ideas and features from other routing registries in this update. As you can see this document has a new RIPE document identification number but can also be referred to as ripe-81++. Appendix F summar- ises the changes from ripe-81 plus the motivation for these changes. We would like to acknowledge many people for help with this docu- ment. Specifically, Peter Lothberg who was a co-author of the ori- ginal ripe-81 document for his many ideas and Gilles Farrache. We would also like to thank the RIPE routing working group for their review and comment. Finally, we like to thank Merit Inc. for many constructive comments and ideas and making the routing registry a worldwide Internet service. We would also like to acknowledge the funding provided by the PRIDE project run in conjunction with the RARE Technical Program, RIPE and the RIPE NCC without which this paper would not have been possible. 2. Organisation of this Paper This paper acts as both a basic tutorial for understanding routing policy and provides details of objects and attributes used within an Internet routing registry to store routing policies. Section 3 describes general issues about IP routing policies and their representation in routing registries. Experienced readers may wish to skip this section. Section 4 provides an overview of the RIPE database, its basic concepts, schema and objects which make up the database itself. It highlights the way in which the RIPE database splits routing information from allocation information. Sections 5, 6, 7 and 8 detail all the objects associated with routing policy representation. Section 9 gives a fairly extensive "walk through" of how these objects are used for expressing routing policy and the general principles behind their use. Section 10 provides a list of references used throughout this document. Appendix A, B, C and D document the formal syntax for the database objects and attributes. Appendix F details the main changes from ripe-81 and motivations for these changes. Appendix G tackles the issues of transition from ripe-1nn.txt July, 1994 - 4 - ripe-81 to ripe-81++. ripe-1nn.txt July, 1994 - 5 - 3. General Representation of Policy Information Networks, Network Operators and Autonomous Systems Throughout this document an effort is made to be consistent with terms so as not to confuse the reader. When we talk about "networks" we mean physical networks which have a unique classless IP network number: Layer 3 entities. We do not mean organisations. We call the organisations operating networks "network operators". For the sake of the examples we divide network operators into two categories: "service providers" and "customers". A "service pro- vider" is a network operator who operates a network to provide Internet services to different organisations, its "customers". The distinction between service providers and customers is not clear cut. A national research networking organisation frequently acts as a service provider to Universities and other academic organisations, but in most cases it buys international connectivity from another service provider. A University networking department is a customer of the research networking organisation but in turn may regard University departments as its customers. An Autonomous System (AS) is a group of IP networks having a single clearly defined routing policy which is run by one or more network operators. Inside ASes IP packets are routed using one or more Inte- rior Routing Protocols (IGPs). In most cases interior routing deci- sions are based on metrics derived from technical parameters like topology, link speeds and load(1). ASes exchange routing information with other ASes using Exterior Routing Protocols (EGPs). Exterior routing decisions are frequently based on policy based rules rather than purely on technical parame- ters. Tools are needed to configure complex policies and to commun- icate those policies between ASes while still ensuring proper opera- tion of the Internet as a whole. Some EGPs like BGP-3 [8] and BGP-4 [9] provide tools to filter routing information according to policy rules and more. None of them provides a mechanism to publish or com- municate the policies themselves. Yet this is critical for opera- tional coordination and fault isolation among network operators and thus for the operation of the global Internet as a whole. This document describes a "Routing Registry" providing this functional- ity. _________________________ (1) The entity we refer to as an AS is frequently and more generally called a routing domain with the AS just being an implementation vehicle. We have decided to use the term AS exclusively because it relates more direct- ly with the database objects and routing tools. By us- ing only one term we hope to reduce the number of con- cepts and to avoid confusion. The academically inclined reader may forgive us. ripe-1nn.txt July, 1994 - 6 - Routing Policies The exchange of routing information between ASes is subject to rout- ing policies. Consider the case of two ASes, X and Y exchanging routing information: NET1 ...... ASX <---> ASY ....... NET2 ASX knows how to reach a network called NET1. It does not matter whether NET1 is belonging to ASX or some other AS which exchanges routing information with ASX either directly or indirectly; we just assume that ASX knows how to direct packets towards NET1. Likewise ASY knows how to reach NET2. In order for traffic from NET2 to NET1 to flow between ASX and ASY, ASX has to announce NET1 to ASY using an external routing protocol. This states that ASX is willing to accept traffic directed to NET1 from ASY. Policy thus comes into play first in the decision of ASX to announce NET1 to ASY. In addition ASY has to accept this routing information and use it. It is ASY's privilege to either use or disregard the information that ASX is willing to accept traffic for NET1. ASY might decide not to use this information if it does not want to send traffic to NET1 at all or if it considers another route more appropriate to reach NET1. So in order for traffic in the direction of NET1 to flow between ASX and ASY, ASX must announce it to ASY and ASY must accept it from ASX: resulting packet flow towards NET1 <<=================================== | | announce NET1 | accept NET1 --------------> + -------------> | AS X | AS Y | <------------- + <-------------- accept NET2 | announce NET2 | | resulting packet flow towards NET2 ===================================>> Ideally, and seldom practically, the announcement and acceptance policies of ASX and ASY are identical. ripe-1nn.txt July, 1994 - 7 - In order for traffic towards NET2 to flow, announcement and accep- tance of NET2 must be in place the other way round. For almost all applications connectivity in just one direction is not useful at all. It is important to realise that with current destination based for- warding technology routing policies must eventually be expressed in these terms. It is relatively easy to formulate reasonable policies in very general terms which CANNOT be expressed in terms of announc- ing and accepting networks. With current technology such policies are almost always impossible to implement. Usually policies are not configured for each network separately but for groups of networks. In practise these groups are almost always defined by the networks forming one or more ASes. Routing Policy limitations The generic example of a reasonable but un-implementable routing is a split of already joined packet streams based on something other than destination address. Once traffic for the same destination network passes the same router, or the same AS at our level of abstraction, it will take exactly the same route to the destina- tion(2). In a concrete example AS Z might be connected to the outside world by two links. AS Z wishes to reserve these links for different kinds of traffic, let's call them black and white traffic. For this purpose the management of AS Z keeps two lists of ASes, the black and the white list. Together these lists comprise all ASes in the world reachable from AS Z. "W" <---> ... AS Z .... NET 3 <---> "B" It is quite possible to implement the policy for traffic originating in AS Z: AS Z will only accept announcements for networks in white ASes on the white link and will only accept announcements for net- works in black ASes on the black link. This causes traffic from networks within AS Z towards white ASes to use the white link and likewise traffic for black ASes to use the black link. Note that this way of implementing things makes it necessary to decide on the colour of each new AS which appears before traffic can be sent to it from AS Z. A way around this would be to accept only _________________________ (2) Disregarding special cases like "type of service" routing, load sharing and routing instabilities. ripe-1nn.txt July, 1994 - 8 - white announcements via the white link and to accept all but white announcements on the black link. That way traffic from new ASes would automatically be sent down the black link and AS Z management would only need to keep the list of white ASes rather than two lists. Now for the unimplementable part of the policy. This concerns traffic towards AS Z. Consider the following topology: B AS ---) "W" W AS ---) ---> B AS ---)>> AS A ---> ... AS Z .... NET 3 B AS ---) ---> W AS ---) "B" As seen from AS Z there are both black and white ASes "behind" AS A. Since ASes can make routing decisions based on destination only, AS A and all ASes between AS A and the two links connecting AS Z can only make the same decision for traffic directed at a network in AS Z, say NET 3. This means that traffic from both black and white ASes towards NET 3 will follow the same route once it passes through AS A. This will either be the black or the white route depending on the routing policies of AS A and all ASes between it and AS Z. The important thing to note is that unless routing and forwarding decisions can be made based on both source and destination addresses, policies like the "black and white" example cannot be implemented in general because "once joined means joined forever". Access Policies Access policies contrary to routing policies are not necessarily defined in terms of ASes. The very simplest type of access policy is to block packets from a specific network S from being forwarded to another network D. A common example is when some inappropriate use of resources on network D has been made from network S and the prob- lem has not been resolved yet. Other examples of access policies might be resources only accessible to networks belonging to a par- ticular disciplinary group or community of interest. While most of these policies are better implemented at the host or application level, network level access policies do exist and are a source of connectivity problems which are sometimes hard to diagnose. There- fore they should also be documented in the routing registry accord- ing to similar requirements as outlined above. Routing v Allocation information The RIPE database contains both routing registry and address space allocation registry information. In the past the database schema combined this information. Because RIPE was tasked with running both an allocation and routing registry it seemed natural to initially ripe-1nn.txt July, 1994 - 9 - combine these functions. However, experience has shown that a clear separation of routing information from allocation is desirable. Often the maintainer of the routing information is not the same as the maintainer of the allocation information. Also, in other parts of the world there are different registries for each kind of infor- mation. Whilst the actual routing policy objects will be introduced in the next section it is worthy of note that a transition from the current objects will be required. This is described with in Appendix G. This split in information represents a significant change in the representational model of the RIPE database. Appendix F expands on the reasons for this a little more. Tools The network operators will need a series of tools for policy rout- ing. Some tools are already available to perform some of the tasks. Most notably, the PRIDE tools [3] from the PRIDE project started in September 1993 as well as others produced by Merit Inc [4] and CERN [5]. These tools will enable them to use the routing policy stored in the RIPE routing registry to perform such tasks as check actual routing against policies defined, ensure consistency of policies set by dif- ferent operators, and simulate the effects of policy changes. Work continues on producing more useful tools to service the Inter- net community. ripe-1nn.txt July, 1994 - 10 - 4. The Routing Registry and the RIPE Database One of the activities of RIPE is to maintain a database of Euro- pean IP networks, DNS domains and their contact persons along with various other kinds of network management information. The database content is public and can be queried using the whois protocol as well as retrieved as a whole. This supports NICs/NOCs all over Europe and beyond to perform their respective tasks. The RIPE database combines both allocation registry and routing registry functions. The RIPE allocation registry contains data about address space allocated to specific enterprises and/or delegated to local registries as well as data about the domain name space. The allocation registry is described in separate documents [6,7] and outside the scope of this document. Database Objects Each object in the database describes a single entity in the real world. This basic principle means that information about that entity should only be represented in the corresponding data- base object and not be repeated in other objects. The whois ser- vice can automatically display referenced objects where appropriate. The types of objects stored in the RIPE database are summarised in the table below: R Object Describes References ____________________________________________________________________ B person contact persons A inetnum IP address space person A domain DNS domain person R aut-num autonomous system person (aut-num,community) R as-macro a group of autonomous systems person, aut-num R community community person R route a route being announced aut-num, community R clns CLNS address space and routing person The first column indicates whether the object is part of the alloca- tion registry (A), the routing registry (R) or both (B). The last column indicates the types of objects referenced by the particular type of object. It can be seen that almost all objects reference contact persons. Objects are described by attributes value pairs, one per line. Objects are separated by empty lines. An attribute that consists ripe-1nn.txt July, 1994 - 11 - of multiple lines should have the attribute name repeated on consecutive lines. The information stored about network 192.87.45.0 consists of three objects, one network object and two person objects and looks like this: inetnum: 192.87.45.0 netname: RIPE-NCC descr: RIPE Network Coordination Centre descr: Amsterdam, Netherlands country: NL admin-c: Daniel Karrenberg tech-c: Marten Terpstra rev-srv: ns.ripe.net rev-srv: ns.eu.net notify: ops(a)ripe.net changed: tony(a)ripe.net 940110 source: RIPE person: Daniel Karrenberg address: RIPE Network Coordination Centre (NCC) address: Kruislaan 409 address: NL-1098 SJ Amsterdam address: Netherlands phone: +31 20 592 5065 fax-no: +31 20 592 5090 e-mail: dfk(a)ripe.net nic-hdl: DK58 changed: ripe-dbm(a)ripe.net 920826 source: RIPE person: Marten Terpstra address: RIPE Network Coordination Centre (NCC) address: PRIDE Project address: Kruislaan 409 address: NL-1098 SJ Amsterdam address: Netherlands phone: +31 20 592 5064 fax-no: +31 20 592 5090 e-mail: Marten.Terpstra(a)ripe.net nic-hdl: MT2 notify: marten(a)ripe.net changed: marten(a)ripe.net 931230 source: RIPE Objects are stored and retrieved in this tag/value format. The RIPE NCC does not provide differently formatted reports because any desired format can easily be produced from this generic one. ripe-1nn.txt July, 1994 - 12 - Routing Registry Objects The main objects comprising the routing registry are "aut-num" and "route", describing an autonomous system and a route respectively. It should be noted that routes not described in the routing registry should never be routed in the Internet itself. The autonomous system (aut-num) object provides contact information for the AS and describes the routing policy of that AS. The routing policy is described by enumerating all neighbouring ASes with which routing information is exchanged. For each neighbour the routing policy is described in terms of exactly what is being sent (announced) and allowed in (accepted). It is important to note that this is exactly the part of the global policy over which an AS has direct control. Thus each aut-num object describes what can indeed be implemented and enforced locally by the AS concerned. Combined together all the aut-num objects provide the global routing graph and permit to deduce the exact routing policy between any two ASes. While the aut-num objects describe how routing information is pro- pagated, the route object describes a single route injected into the external routing mesh. The route object references the AS injecting (originating) the route and thereby indirectly provides contact information for the originating AS. This reference also provides the primary way of grouping routes into larger collections. This is necessary because describing routing policy on the level of single routes would be awkward to impractical given the number of routes in the Internet which is about 20,000 at the time of this writing. Thus routing policy is most often defined for groups of routes by originating AS. This method of grouping is well supported by current exterior routing protocols. The route object also refer- ences community objects described below to provide another method of grouping routes. Modification of aut-num object itself and the referencing by route objects is strictly protected to provide net- work operators control over the routing policy description and the routes originated by their ASes. Sometimes even keeping track of groups of routes at the AS level is cumbersome. Consider the case of policies described at the transit provider level which apply transitively to all customers of the transit provider. Therefore another level of grouping is provided by the as-macro object which provides groups of ASes which can be referenced in routing policies just like single ASes. Membership of as-macro groups is also strictly controlled. Sometimes there is a need to group routes on different criteria than ASes for purposes like statistics or local access policies. This is provided by the community object. A community object is much like an AS but without a routing policy. It just describes a group of routes. This is not supported at all by exterior routing protocols and depending on aggregation of routes may not be generally usable to define routing policies. It is suitable for local policies and non-routing related purposes. ripe-1nn.txt July, 1994 - 13 - These routing related objects will be described in detail in the sections below. ripe-1nn.txt July, 1994 - 14 - 5. The Route Object As stated in the previous chapter routing and address space alloca- tion information are now clearly separated. This is performed with the introduction of the route object. The route object will contain all the information regarding a routing announcement. All routing related attributes are removed from the inetnum object. Some old attributes are obsoleted: connect, routpr-l, bdryg-l, nsf- in, nsf-out, gateway). The currently useful routing attributes are moved to the route object: aut-sys becomes origin, ias-int will be encoded as part of the "to be proposed" `border-router' object and comm-list simply moves. See [6] for detail of the "inetnum" object definition. The information in the old inetnum object inetnum: 192.87.45.0 netname: RIPE-NCC descr: RIPE Network Coordination Centre descr: Amsterdam, Netherlands country: NL admin-c: Daniel Karrenberg tech-c: Marten Terpstra connect: RIPE NSF WCW aut-sys: AS3333 comm-list: SURFNET ias-int: 192.87.45.80 AS1104 ias-int: 192.87.45.6 AS2122 ias-int: 192.87.45.254 AS2600 rev-srv: ns.ripe.net rev-srv: ns.eu.net notify: ops(a)ripe.net changed: tony(a)ripe.net 940110 source: RIPE will be distributed over two objects: ripe-1nn.txt July, 1994 - 15 - inetnum: 192.87.45.0 netname: RIPE-NCC descr: RIPE Network Coordination Centre descr: Amsterdam, Netherlands country: NL admin-c: Daniel Karrenberg tech-c: Marten Terpstra rev-srv: ns.ripe.net rev-srv: ns.eu.net notify: ops(a)ripe.net changed: tony(a)ripe.net 940110 source: RIPE route: 192.87.45.0/24 descr: RIPE Network Coordination Centre origin: AS3333 comm-list: SURFNET changed: dfk(a)ripe.net 940427 source: RIPE The route object is used to represent a single route originated into the Internet routing mesh. The actual syntax is given in Appendix D. However, there are several important aspects of the attributes worthy of note. The value of the route attribute will be a classless address. It represents the exact route being injected into the routing mesh. The representation of classless addresses is described in [10]. The value of the origin attribute will be an AS reference of the form AS1234 referring to an aut-num object. It represents the AS injecting this route into the routing mesh. The "aut-num" object (see below) thus referenced provides all the contact information for this route. Special cases: There can only be a single originating AS in each route object. However in todays Internet sometimes a route is injected by more than one AS. This situation is potentially dangerous as it can create conflicting routing policies for that route and requires coordination between the originating ASes. In the routing registry this is represented by multiple route objects. This is a departure from the one route (net), one AS principle of the ripe-81 routing registry. The consequences for the different tools based in the routing registry will need to be evaluated and possibly additional consistency checking of the database is needed. ripe-1nn.txt July, 1994 - 16 - The examples below will illustrate the usage of the route object further. Suppose three chunks of address space of 2 different enterprises represented by the following inetnum objects: Examples inetnum: 193.0.1.0 netname: ENT-1 descr: Enterprise 1 ... inetnum: 193.0.8.0 netname: ENT-2 descr: Enterprise 2 ... inetnum: 193.0.9.0 netname: ENT-2-SPEC descr: Enterprise 2 ... Supposing that the Enterprises have their own AS numbers straight application of routing without aggregation would yield: route: 193.0.1.0/24 descr: Enterprise 1 origin: AS1 ... route: 193.0.8.0/24 descr: Enterprise 2 origin: AS2 ... route: 193.0.9.0/24 descr: Enterprise 2 origin: AS2 ... NB: This representation can be achieved by straight translation from the ripe-81 representation. See Appendix G for more details. Homogeneous Aggregation The two chunks of address space of Enterprise 2 can be represented by one aggregate route turning two route objects into one and poten- tially saving routing table space for one route. ripe-1nn.txt July, 1994 - 17 - route: 193.0.8.0/23 descr: Enterprise 2 origin: AS2 ... Note that AS2 can also decide to originate all routes mentioned so far, two 24-bit prefixes and one 23-bit prefix. This case would be represented by storing all three route objects in the database. In this particular example the additional routes will not add any func- tionality however and only increase the amount of routes announced unnecessarily. Heterogeneous Aggregation Consider the following case however: route: 193.0.8.0/24 descr: Enterprise 2 origin: AS2 ... route: 193.0.9.0/24 descr: Enterprise 2 / Special origin: AS2 comm-list: SPECIAL ... Now the prefix 193.0.9.0/24 belongs to community SPECIAL (this com- munity may well not be relevant to routing) and the other prefix originated by AS2 does not. If AS2 aggregates these prefixes into the 193.0.8.0/23 prefix, routing policies based on the community value SPECIAL cannot be implemented in general, because there is no way to distinguish between the special and the not-so-special parts of AS2. If another AS has the policy to accept only routes to members of community SPECIAL it cannot implement it, because accept- ing the route to 193.0.8.0/23 would also route to 193.0.8.0/24 and not accepting this route would lose connectivity to the special part 193.0.9.0/24. We call aggregate routes consisting of components belonging to different communities or even different ASes "hetero- geneous aggregates". The problems introduced with heterogeneous aggregates are that once the homogeneous routes are withdrawn one cannot tell if a more specific part of the heterogeneous has a different policy. However, if can be counter argued that knowing this policy is of little use if you cannot implement a routing policy based on the less specific (and only route present) heterogeneous aggregate. In fact, this displays a facet of CIDR itself in that one may actually compromise slight variations on policy over announcing a larger (albeit ripe-1nn.txt July, 1994 - 18 - heterogeneous in terms of policy) aggregate to save address space. However, it is still useful to be able to document these variations in policy especially when this homogeneous more specific route is just being withdrawn. For this one can use the "withdrawn" attri- bute. The withdrawn attribute can serve to both indicate that a less specific aggregate is in fact heterogeneous and also allow the gen- eral documenting of route withdrawal. So there has to be a way for AS2 to document this even if it does not originate the route to 193.0.9.0/24 any more. This can be done with the "withdrawn" attribute of the route object. The aggregate route to 193.0.8.0/23 is now be registered as: route: 193.0.8.0/23 descr: Enterprise 2 origin: AS2 ... With the two homogeneous routes marked as withdrawn from the Inter- net routing mesh but still preserving their original routing infor- mation. route: 193.0.8.0/24 descr: Enterprise 2 origin: AS2 withdrawn: 940701 ... route: 193.0.9.0/24 descr: Enterprise 2 / Special origin: AS2 comm-list: SPECIAL withdrawn: 940701 ... It should be noted that the date value used in the withdrawn attri- bute can only be in the past. Proxy Aggregation The next step of aggregation are aggregates consisting of more than one AS. This generally means one AS is aggregating on behalf of another. It is called proxy aggregation. Proxy aggregation should be done with great care and always coordinates with other providers announcing the same route. Consider the following: ripe-1nn.txt July, 1994 - 19 - route: 193.0.0.0/20 descr: All routes known by AS1 in a single package origin: AS1 ... route: 193.0.1.0/24 descr: Foo origin: AS1 withdrawn: 940310 ... route: 193.0.8.0/24 descr: Bar origin: AS2 withdrawn: 940310 ... route: 193.0.9.0/24 descr: Bar-2 origin: AS2 withdrawn: 940310 comm-list: SPECIAL ... If AS1 announced no other routes to a single homed neighbouring AS, that neighbour can in general either take that route or leave it but not differentiate between AS1 and AS2. Note: If the neighbor was previously configured to accept routes originating in AS2 but not in AS1 they lose connectivity to AS2 as well. This means that proxy aggregation has to be done carefully and in a well coordinated fashion. The information in the withdrawn route object can help to achieve that. Aggregates with Holes If we assume that the world of our example still consists of only three chunks of address space the aggregate above contains what are called holes, parts of an aggregate that are not reachable via the originator of the route. From the routing information itself one cannot tell whether these are holes and what part of the route falls inside one. The only way to tell is to send a packet there and see ripe-1nn.txt July, 1994 - 20 - whether it gets to the destination, or an ICMP message is received back, or there is silence. On the other hand announcing aggregates with holes is quite legitimate. Consider a 16-bit aggregate with only one 24-bit prefix unreachable. The savings in routing table size by far outweigh the hole problem. For operational reasons however it is very useful to register these holes in the routing registry. Consider the case where a remote net- work operator experiences connectivity problems to addresses inside an aggregate route. If the packets are getting to the AS announcing the aggregate and there are no more specific routes, the normal cause of action is to get in touch with the originating AS of the aggregate route and ask them to fix the problem. If the address falls into a hole this is futile. Therefore problem diagnosis can be sped up and unnecessary calls prevented by registering the holes in the routing registry. We do this by using the "hole" attribute. In our example the representation would be: route: 193.0.0.0/20 descr: All routes known by AS1 origin: AS1 hole: 193.0.0.0/24 hole: 193.0.2.0/23 hole: 193.0.4.0/22 hole: 193.0.10.0/23 hole: 193.0.12.0/22 ... Note: there would also be two routes with the withdrawn attribute as displayed above (i.e. 193.0.8.0/24 and 193.0.9.0/24) Multiple Proxy Aggregation Finally suppose that AS2 decides to announce the same aggregate, they would add the following route object to the registry: route: 193.0.0.0/20 descr: All routes known by AS2 origin: AS2 hole: 193.0.0.0/24 hole: 193.0.2.0/23 hole: 193.0.4.0/22 hole: 193.0.10.0/23 hole: 193.0.12.0/22 ... As per the update procedures below both AS1 and AS2 will be notified that there already is a route to the same prefix in the registry. This multiple proxy aggregation is very dangerous to do if the sub- ripe-1nn.txt July, 1994 - 21 - aggregates of the route are not the same. It is still dangerous when the sub-aggregates are consistent but connectivity to the sub- aggregates varies widely between the originators. Route object update procedures Adding a route object will be have to be authorised by the guardian of the originating AS. The actual implementation of this is outside the scope of this document. This guarantees that an AS guardian has full control over the registration of the routes it announces. What is an Inter-AS network ? An inter-AS network(3) exists for the purpose of passing traffic and routing information between different autonomous systems. The most simple example of an inter-AS network is a point-to-point link, con- necting exactly two ASes. Each end of such a link is connected to an interface of router belonging to each of the autonomous systems. More complex examples are broadcast type networks with multiple interfaces connecting multiple ASes with the possibility of more than one connection per AS. Consider the following example of three routers 1, 2 and 3 with interfaces a through f connected by two inter-AS networks X and Y: X Y a1b --- c2d --- e3f Suppose that network X is registered in the routing registry as part of AS1 and net Y as part of AS3. If traffic passes from left to right prtraceroute will report the following sequence of interfaces and ASes: a in AS1 c in AS1 e in AS3 The traceroute algorithm enumerates only the receiving interfaces on the way to the destination. In the example this leads to the pas- sage of AS2 going unnoticed. This is confusing to the user and will also generate exceptions when the path found is checked against the routing registry. _________________________ (3) Inter-AS IP networks are those networks are currently called FIXes, IXFs, DMZs, NAPs, GIX and many other acronyms. ripe-1nn.txt July, 1994 - 22 - For operational monitoring tools such as prtraceroute it is neces- sary to know which interface on an inter-AS network belongs to which AS. If AS information is not known about interfaces on an inter-AS network, tools like prtraceroute cannot determine correctly which ASes are being traversed. All interfaces on inter-AS networks will are described in a separate object know as the `inet-rtr' object [15]. ripe-1nn.txt July, 1994 - 23 - 6. The Autonomous System Object Autonomous Systems An Autonomous System (AS) is a group of IP networks run by one or more network operators which has a single and clearly defined rout- ing policy. An AS has a unique number associated with it which is used both in exchange of exterior routing information and as an identifier of the AS itself. Exterior routing protocols such as BGP and EGP are used to exchange routing information between ASes. In routing terms an AS will normally use one or more interior gate- way protocols (IGPs) in conjunction with some sort of common agreed metrics when exchanging network information within its own AS. The term AS is often confused or even misused as a convenient way of grouping together a set of networks which belong under the same administrative umbrella even if within that group of networks there are various different routing policies. We provide the "community" concept for such use. ASes can strictly have only one single rout- ing policy. The creation of an AS should be done in a conscious and well coordi- nated manner to avoid creating ASes for the sake of it, perhaps resulting in the worst case scenario of one AS per routing announce- ment. It should be noted that there is a limited number of AS numbers available. Also creating an AS may well increase the number of AS paths modern EGPs will have to keep track of. This aggravates what is known as "the routing table growth problem". This may mean that by applying the general rules for the creation and allocation of an AS below, some re-engineering may well be needed. However, this may be the only way to actually implement the desired routing policy anyway. The creation and allocation of an AS should be done with the following recommendations in mind: o Creation of an AS is only required when exchanging routing information with other ASes. Some router implementations make use of an AS number as a form of tagging to identify the rout- ing process. However, it should be noted that this tag does not need to be unique unless routing information is indeed exchanged with other ASes. o For a simple case of customer networks connected to a single service provider, the IP network should normally be a member of the service providers AS. In terms of routing policy the IP network has exactly the same policy as the service provider and there is no need to make any distinction in routing informa- tion. This idea may at first seem slightly alien to some, but it highlights the clear distinction in the use of the AS number ripe-1nn.txt July, 1994 - 24 - as a representation of routing policy as opposed to some form of administrative use. o If a network operator connects to more than one AS with dif- ferent routing policies then they need to create their own AS. In the case of multi-homed customer networks connected to two service providers there are at least two different routing pol- icies to a given customer network. At this point the customer networks will be part of a single AS and this AS would be dis- tinct from either of the service providers ASes. This allows the customer the ability of having a different representation of policy and preference to the different service providers. This is the ONLY case where a network operator should create its own AS number. o As a general rule one should always try to populate the AS with as many routes as possible, providing all routes conform to the same routing policy. Each AS is represented in the RIPE database by both an AS object and the route objects representing the routes originated by the AS. The AS object stores descriptive, administrative and contact information about the AS as well as the routing policies of the AS in relation to all neighbouring ASes. The origin attributes of the route objects define the set of routes originated by the AS. Each route object can have exactly one origin attribute. Route objects can only be created and updated by the "guardian" of the AS and not by those immediately responsible for the particular routes referenced therein. This ensures that opera- tors, especially service providers, remain in control of AS routing announcements. The AS object itself is used to represent a description of adminis- trative details and the routing policies of the AS itself. The AS object definition is depicted as follows. ripe-1nn.txt July, 1994 - 25 - Example: aut-num: AS1104 descr: NIKHEF-H Autonomous system as-in: from AS1213 100 accept AS1213 as-in: from AS1913 100 accept AS1913 as-in: from AS1755 150 accept ANY as-out: to AS1213 announce ANY as-out: to AS1913 announce ANY as-out: to AS1755 announce AS1104 AS1913 AS1213 tech-c: Rob Blokzijl admin-c: Eric Wassenaar guardian: as-guardian(a)nikhef.nl changed: ripe-dbm(a)ripe.net 920910 source: RIPE See Appendix A for a complete syntax definition of the "aut-num" object. It should be noted that this representation provides two things: o a set of routes. o a description of administrative details and routing policies. The set of routes can be used to generate network list based confi- guration information as well as configuration information for exte- rior routing protocols knowing about ASes. This means an AS can be defined and is useful even if it does not use routing protocols which know about the AS concept. ripe-1nn.txt July, 1994 - 26 - Description of local connections between ASes - "interas- in/interas-out". Description of local connections between ASes is necessary only if the ASes are connected by more than one link and routing policy differs between the two links. These local differences are visible only to the two ASes concerned and not beyond them. Note: The description of local connections is applicable only to very few configurations. The tutorial description below is less detailed than other parts of this document. Those interested but not experienced should contact their routing registry for support. Often two ASes will have more than one physical connection between them. In practice certain local policies my be placed on these inter-AS connections as agreed by the two ASes. If we look at the example of two ASes, AS2 and AS3 connected with links 193.0.1.1- 193.0.1.2 and 193.0.1.5-193.0.1.6: Example: LINK1 193.0.1.1 +----------+ 193.0.1.2 | | AS1------AS2== ==AS3-----AS4 | | 193.0.1.5 +----------+ 193.0.1.6 LINK2 It may be that AS2 wants to use LINK2 only for traffic towards AS4. LINK1 is used for traffic to AS3 and as backup to AS4, should LINK2 fail. While this is purely of local information and at the AS level will have no significance per se to any other ASes except AS2 and AS3 this may be useful to represent. The way this is done is by using the attributes "interas-in" and "interas-out". The exact syn- tax is given in Appendix A. However, if we follow this example through in terms of AS2 we would represent this policy as follows: Example: aut-num: AS2 as-in: from AS3 10 accept AS3 AS4 as-out: to AS3 announce AS1 AS2 interas-in: from AS3 193.0.1.1/32 193.0.1.2/32 (pref-type=5) accept AS3 interas-in: from AS3 193.0.1.1/32 193.0.1.2/32 (pref-type=15) accept AS4 interas-in: from AS3 193.0.1.5/32 193.0.1.6/32 (pref-type=10) accept AS4 ... ripe-1nn.txt July, 1994 - 27 - Here we see additional local link based information in terms of the IP addresses of the link. It should be noted that the preference on interas-in attributes is only of relevance to other interas-in attributes in the same AS and not to as-in or default attribute. The parentheses and keyword are syntactic sugar to allow further extensions. If pref-type=MED is specified the preference indicated by the remote as via the multi-exit discriminator metric of BGP is used. Of course this type on inter-AS policy should always be bila- terally agreed to avoid asymmetry and in practice there may need to be corresponding interas-in attributes in the policy representation of AS3. The interas-out attribute is similar in the same way to interas-in as as-out to as-in. The one major difference being that interas-out allows to associate an outgoing metric with each route. It is impor- tant to note that this metric is just passed to the peer AS and it is at the peer AS's discretion to use or ignore it. A special value of IGP specifies that the metric passed to the receiving AS will be derived from the IGP of the sending AS. In this way the peer AS can choose the optimal link for its traffic as determined by the sending AS. Descriptions of local policies do not replace the global policy described in as-in, as-out and other policy attributes which should be specified too. If the global policy mentions more routes than the local policy then local preferences for these routes are assumed to be equal for all links. If a route is only referenced in some interas-in/out attributes and not in others it is assumed not announced/accepted on the links concerned (see the example above). The key difference between interas-in/interas-out and as-in/as-in attributes is the former describes a local inter-AS policy and the latter the general inter-AS policy as seen by other ASes. The gen- eral policy should always be defined. The local inter-AS policy should only be defined when such a policy really exists and the implications of setting such policies is fully understood. ripe-1nn.txt July, 1994 - 28 - How to describe the exclusion policy of a certain AS - "as-exclude" Some ASes have a routing policy based on the exclusion of certain routes if for whatever reason a certain AS is used as transit. Whilst, this is in general not good practice as it makes implicit assumptions on topology with asymmetry a possible outcome if not coordinated, this case needs to be accommodated within the routing policy representation. The way this is achieved is by making use of the "as-exclude" attri- bute. The precise syntax of this attribute can be found in Appendix A along with the rest of the defined syntax for the "aut-num" object. However, some explanation of the use of this attribute is useful. If we have the following example topology. Example: AS4--------AS3 | | | | | | AS1--------AS2--------AS5 With a simple corresponding policy like so: Example: aut-num: AS1 as-in: from AS2 100 accept ANY as-out: to AS2 announce AS1 as-exclude: exclude AS4 to ANY .... We see an interesting policy. What this says in simple terms is AS1 doesn't want to reach anything if it transit AS4. This can be a per- fectly valid policy. However, it should be realised that for what- ever reason AS2 decides to route to AS3 via AS4 then immediately AS1 has no connectivity to AS3 or if AS1 is running default to AS2 pack- ets from AS1 will still flow via AS4. The important point about this is that whilst AS1 can advise its neighbours of its policy it has no direct control on how it can enforce this policy to neighbours upstream. Another interesting scenario to highlight the unexpected result of using such an "as-exclude" policy. If we assume in the above example AS2 preferred AS4 to reach AS3 and AS1 did not use default routing then as stated AS1 would have no connectivity to AS3. Now lets sup- pose that for example the link between AS2 and AS4 went down for some reason. Like so: ripe-1nn.txt July, 1994 - 29 - Example: AS4--------AS3 | | AS1--------AS2--------AS5 Suddenly AS1 now has connectivity to AS3. This unexpected behavior should be considered when created policies based on the "as-exclude" attribute. The second problem with this type of policy is the potential of asymmetry. In the original example we saw the correct policy from AS1's point of view but if ASes with connectivity through AS4 do not use a similar policy you have asymmetric traffic and policy. If an AS uses such a policy they must be aware of the consequences of its use. Namely that the specified routes which transit the AS (i.e. routing announcements with this AS in the AS path information) in question will be excluded. If not coordinated this can easily cause asymmetry or even worse loss of connectivity to unknown ASes behind (or in front for that matter) the transit AS in question. With this in mind this attribute can only be viewed as a form of advisory to other service providers. However, this does not preclude its use with policy based tools if the attribute exists. By having the ability to specify a route keyword based on any of the four notations given in the syntax it allows the receiving AS to specify what routes it wishes to exclude through a given transit AS to a network granularity. ripe-1nn.txt July, 1994 - 30 - 7. AS Macros It may be difficult to keep track of each and every new AS that is represented in the routing registry. A convenient way around this is to define an `AS Macro' which essentially is a convenient way to group ASes. This is done so that each and every AS guardian does not have to add a new AS to it's routing policy as described by the as- in and as-out attributes of it's AS object. However, it should be noted that this creates an implicit trust on the guardian of the AS-Macro. An AS-Macro can be used in <routing policy expressions> for the "as-in" and "as-out" attributes in the aut-num object. The AS-Macro object is then used to derive the list or group of ASes. A simple example would be something like: Example: aut-num: AS786 as-in: from AS1755 100 accept AS-EBONE AND NOT AS1104 as-in: from AS1755 100 accept AS-EBONE AND NOT AS1104 as-out to AS1755 announce AS786 ..... Where the as-macro object for AS-EBONE is as follows: as-macro: AS-EBONE descr: ASes routed by EBONE as-list: AS2121 AS1104 AS2600 AS2122 as-list: AS1103 AS1755 AS2043 guardian: guardian(a)ebone.net ...... So the policy would be evaluated to: aut-num: AS786 as-in: from AS1755 100 accept (AS2121 OR AS1104 OR AS2600 OR AS2122 as-in: from AS1755 100 accept AS1103 OR AS1755 OR AS2043) AND NOT AS1104 ...... It should be noted that the above examples incorporates the rule for line wrapping as defined in Appendix A for policy lines. See Appen- dix C for a definition on the AS-Macro syntax. ripe-1nn.txt July, 1994 - 31 - 8. The Community Object A community is a group of routes that cannot be represented by an AS or a group of ASes. It is in some circumstances useful to define a group of routes that have something in common. This could be a spe- cial access policy to a supercomputer centre, a group of routes used for a specific mission, or a disciplinary group that is scattered among several autonomous systems. Also these communities could be useful to group routes for the purpose of network statistics. Communities do not exchange routing information, since they do not represent an autonomous system. More specifically, communities do not define routing policies, but access or usage policies. However, they can de used as in conjunction with an ASes routing policy to define a set of routes the AS sets routing policy for. Communities should be defined in a strict manner, to avoid creating as many communities as there are routes, or even worse. Communities should be defined following the two rules below; o Communities must have a global meaning. Communities that have no global meaning, are used only in a local environment and should be avoided. o Communities must not be defined to express non-local policies. It should be avoided that a community is created because some other organisation forces a policy upon your organisation. Communities must only be defined to express a policy defined by your organisation. Community examples There are some clear examples of communities: BACKBONE - all customers of a given backbone service provider even though they can have various different routing policies and hence belong to different ASes. This would be extremely useful for statistics collection. HEPNET - the High Energy Physics community partly shares infrastructure with other organisations, and the institutes it consists of are scattered all over Europe, often being part of a non HEPNET autonomous system. To allow statistics, access or part of a routing policy , a community HEPNET, consisting of all routes that are part of HEPNET, conveniently groups all these routes. ripe-1nn.txt July, 1994 - 32 - NSFNET - the National Science Foundation Network imposes an acceptable use policy on routes that wish to make use of it. A community NSFNET could imply the set of routes that comply with this pol- icy. MULTI - a large multinational corporation that does not have its own internal infrastructure, but connects to the various parts of its organisations by using local service providers that connect them all together, may decide to define a community to restrict access to their networks, only by networks that are part of this community. This way a corporate network could be defined on shared infrastructure. Also, this community could be used by any of the service providers to do statistics for the whole of the corporation, for instance to do topology or bandwidth plan- ning. Similar to Autonomous systems, each community is represented in the RIPE database by both a community object and community tags on the route objects representing the routes belonging to the community. The community object stores descriptive, administrative and contact information about the community. The community tags on the route objects define the set of routes belonging to a community. A route can have multiple community tags. The community tags can only be created and updated by the "guardian" of the community and not by those directly responsible for the par- ticular network. This ensures that guardians remain in control of community membership. Here's an example of how this might be represented in terms of the community tags within the network object. We have an example where the route 192.16.199.0/24 has a single routing policy (i.e. that of AS 1104), but is part of several different communities of interest. We use the tag "comm-list" to represent the list of communities associated with this route. NIKHEF-H uses the service provider SURFNET (a service provider with customers with more than one rout- ing policy), is also part of the High Energy Physics community as well as having the ability to access the Supercomputer at CERN(4). _________________________ (4) The community `CERN-SUPER', is somewhat national, but is intended as an example of a possible use of an access policy constraint. ripe-1nn.txt July, 1994 - 33 - Example: route: 192.16.199.0/24 descr: Local Ethernet descr: NIKHEF section H origin: AS1104 comm-list: HEPNET CERN-SUPER SURFNET changed: ripe-dbm(a)ripe.net 920604 source: RIPE In the above examples some communities have been defined. The com- munity object itself will take the following format: Example: community: SURFNET descr: Dutch academic research network authority: SURFnet B.V. guardian: comm-guardian(a)surfnet.nl admin-c: Erik-Jan Bos tech-c: Erik-Jan Bos changed: ripe-dbm(a)ripe.net 920604 source: RIPE For a complete explanation of the syntax please refer to Appendix B. ripe-1nn.txt July, 1994 - 34 - 9. Representation of Routing Policies Routing policies of an AS are represented in the autonomous system object. Initially we show some examples, so the reader is familiar with the concept of how routing information is represented, used and derived. Refer to Appendix A, for the full syntax of the "aut-num" object. The topology of routing exchanges is represented by listing how routing information is exchanged with each neighbouring AS. This is done separately for both incoming and outgoing routing information. In order to provide backup and back door paths a relative cost is associated with incoming routing information. Example 1: AS1------AS2 This specifies a simple routing exchange of two presumably isolated ASes. Even if either of them has routing information about routes in ASes other than AS1 and AS2, none of that will be announced to the other. aut-num: AS1 as-out: to AS2 announce AS1 as-in: from AS2 100 accept AS2 aut-num: AS2 as-out: to AS1 announce AS2 as-in: from AS1 100 accept AS1 The number 100 in the in-bound specifications is a relative cost, which is used for backup and back door routes. The absolute value is of no significance. The relation between different values within the same AS object is. A lower value means a lower cost. This is cons- ciously similar to the cost based preference scheme used with DNS MX RRs. Example 2: Now suppose that AS2 is connected to one more AS, besides AS1, and let's call that AS3: AS1------AS2------AS3 ripe-1nn.txt July, 1994 - 35 - In this case there are two reasonable routing policies: a) AS2 just wants to exchange traffic with both AS1 and AS3 itself without passing traffic between AS1 and AS3. b) AS2 is willing to pass traffic between AS3 and AS1, thus acting as a transit AS Example 2a: In the first case AS1's representation in the routing registry will remain unchanged as will be the part of AS2's representation describing the routing exchange with AS1. A description of the addi- tional routing exchange with AS3 will be added to AS2's representa- tion: aut-num: AS1 as-out: to AS2 announce AS1 as-in: from AS2 100 accept AS2 aut-num: AS2 as-out: to AS1 announce AS2 as-in: from AS1 100 accept AS1 as-out: to AS3 announce AS2 as-in: from AS3 100 accept AS3 aut-num: AS3 as-out: to AS2 announce AS3 as-in: from AS2 100 accept AS2 Note that in this example, AS2 keeps full control over its resources. Even if AS3 and AS1 were to allow each others routes in from AS2, the routing information would not flow because AS2 is not announcing it(5). Example 2b: If contrary to the previous case, AS1 and AS3 are supposed to have connectivity to each other via AS2, all AS objects have to change: _________________________ (5) Of course AS1 and AS3 could just send traffic to each other to AS2 even without AS2 announcing the routes, hoping that AS2 will forward it correctly. Such questionable practices however are beyond the scope of this document. ripe-1nn.txt July, 1994 - 36 - aut-num: AS1 as-out: to AS2 announce AS1 as-in: from AS2 100 accept AS2 AS3 aut-num: AS2 as-out: to AS1 announce AS2 AS3 as-in: from AS1 100 accept AS1 as-out: to AS3 announce AS2 AS1 as-in: from AS3 100 accept AS3 aut-num: AS3 as-out: to AS2 announce AS3 as-in: from AS2 100 accept AS1 AS2 Note that the amount of routing information exchanged with a neigh- bour AS is defined in terms of routes belonging to ASes. In BGP terms this is the AS where the routing information originates and the originating AS information carried in BGP could be used to implement the desired policy. However, using BGP or the BGP AS-path information is not required to implement the policies thus speci- fied. Configurations based on route lists can easily be generated from the database. The AS path information, provided by BGP can then be used as an additional checking tool as desired. The specification understands one special expression and this can be expressed as a boolean expressions: ANY - means any routing information known. For output this means that all routes an AS knows about are announced. For input it means that anything is accepted from the neighbour AS. ripe-1nn.txt July, 1994 - 37 - Example 3: AS4 is a stub customer AS, which only talks to service provider AS123. | | -----AS123------AS4 | | aut-num: AS4 as-out: to AS123 announce AS4 as-in: from AS123 100 accept ANY aut-num: AS123 as-in: from AS4 100 accept AS4 as-out: to AS4 announce ANY <further neighbours> Since AS4 has no other way to reach the outside world than AS123 it is not strictly necessary for AS123 to send routing information to AS4. AS4 can simply send all traffic for which it has no explicit routing information to AS123 by default. This strategy is called default routing. It is expressed in the routing registry by adding one or more default tags to the autonomous system which uses this strategy. In the example above this would look like: aut-num: AS4 as-out: to AS123 announce AS4 default: AS123 100 aut-num: AS123 as-in: from AS4 100 accept AS4 <further neighbours> ripe-1nn.txt July, 1994 - 38 - Example 4: AS4 now connects to a different operator, AS5. AS5 uses AS123 for outside connectivity but has itself no direct connection to AS123. AS5 traffic to and from AS123 thus has to pass AS4. AS4 agrees to act as a transit AS for this traffic. | | -----AS123------AS4-------AS5 | | aut-num: AS4 as-out: to AS123 announce AS4 AS5 as-in: from AS123 100 accept ANY as-out: to AS5 announce ANY as-in: from AS5 50 accept AS5 aut-num: AS5 as-in: from AS4 100 accept ANY as-out: to AS4 announce AS5 aut-num: AS123 as-in: from AS4 100 accept AS4 AS5 as-out: to AS4 announce ANY <further neighbours> Now AS4 has two sources of external routing information. AS5 which provides only information about its own routes and AS123 which pro- vides information about the external world. Note that AS4 accepts information about AS5 from both AS123 and AS5 although AS5 informa- tion cannot come from AS123 since AS5 is connected only via AS4 itself. The lower cost of 50 for the announcement from AS5 itself compared to 100 from AS123 ensures that AS5 is still believed even in case AS123 will unexpectedly announce AS5. In this example too, default routing can be used by AS5 much like in the previous example. AS4 can also use default routing towards AS123: ripe-1nn.txt July, 1994 - 39 - aut-num: AS4 as-out: to AS123 announce AS4 AS5 default: AS123 11 as-in: from AS5 50 accept AS5 Note no announcements to AS5, they default to us. aut-num: AS5 as-out: to AS4 announce AS5 default: AS4 100 aut-num: AS123 as-in: from AS4 100 announce AS4 AS5 <further neighbours> Note that the relative cost associated with default routing is totally separate from the relative cost associated with in-bound announcements. The default route will never be taken if an explicit route is known to the destination. Thus an explicit route can never have a higher cost than the default route. The relative cost asso- ciated with the default route is only useful in those cases where one wants to configure multiple default routes for redundancy. Note also that in this example the configuration using default routes has a subtly different behavior than the one with explicit routes: In case the AS4-AS5 link fails AS4 will send traffic to AS5 to AS123 when using the default configuration. Normally this makes not much difference as there will be no answer and thus little traffic. With certain datagram applications which do not require acknowledgments however, significant amounts of traffic may be use- lessly directed at AS123. Similarly default routing should not be used if there are stringent security policies which proscribe any traffic intended for AS5 to ever touch AS123. Generally it can be said that default routing should only be used in very simple topologies. Once the situation gets more complex using default routes can lead to unexpected results or even defeat the routing policies established when links fail. As an example consider how Example 5a) below could be implemented using default routing. ripe-1nn.txt July, 1994 - 40 - Example 5: In a different example AS4 has a private connection to AS6 which in turn is connected to the service provider AS123: | | -----AS123------AS4 | | | | | | AS6 ---------+ There are a number of policies worth examining in this case: a) AS4 and AS6 wish to exchange traffic between themselves exclusively via the private link between themselves; such traffic should never pass through the backbone (AS123). The link should never be used for transit traffic, i.e. traffic not both originating in and destined for AS4 and AS6. b) AS4 and AS6 wish to exchange traffic between themselves via the private link between themselves. Should the link fail, traffic between AS4 and AS6 should be routed via AS123. The link should never be used for transit traffic. c) AS4 and AS6 wish to exchange traffic between themselves via the private link between themselves. Should the link fail, traffic between AS4 and AS6 should be routed via AS123. Should the connection between AS4 and AS123 fail, traffic from AS4 to des- tinations behind AS123 can pass through the private link and AS6's connection to AS123. d) AS4 and AS6 wish to exchange traffic between themselves via the private link between themselves. Should the link fail, traffic between AS4 and AS6 should be routed via AS123. Should the backbone connection of either AS4 or AS6 fail, the traffic of the disconnected AS should flow via the other AS's backbone connection. ripe-1nn.txt July, 1994 - 41 - Example 5a: aut-num: AS4 as-in: from AS123 100 accept NOT AS6 as-out: to AS123 announce AS4 as-in: from AS6 50 accept AS6 as-out: to AS6 announce AS4 aut-num: AS123 as-in: from AS4 100 accept AS4 as-out: to AS4 announce ANY as-in: from AS6 100 accept AS6 as-out: to AS6 announce ANY <further neighbours> aut-num: AS6 as-in: from AS123 100 accept NOT AS4 as-out: to AS123 announce AS6 as-in: from AS4 50 accept AS4 as-out: to AS4 announce AS6 Note that here the configuration is slightly inconsistent. AS123 will announce AS6 to AS4 and AS4 to AS6. These announcements will be filtered out on the receiving end. This will implement the desired policy. Consistency checking tools might flag these cases however. ripe-1nn.txt July, 1994 - 42 - Example 5b: aut-num: AS4 as-in: from AS123 100 accept ANY as-out: to AS123 announce AS4 as-in: from AS6 50 accept AS6 as-out: AS6 AS4 aut-num: AS123 as-in: AS4 100 AS4 as-out: AS4 ANY as-in: AS6 100 AS6 as-out: AS6 ANY <further neighbours> aut-num: AS6 as-in: from AS123 100 accept ANY as-out: to AS123 announce AS6 as-in: from AS4 50 accept AS4 as-out: to AS4 announce AS6 The thing to note here is that in the ideal operational case, `all links working' AS4 will receive announcements for AS6 from both AS123 and AS6 itself. In this case the announcement from AS6 will be preferred because of its lower cost and thus the private link will be used as desired. AS6 is configured as a mirror image. ripe-1nn.txt July, 1994 - 43 - Example 5c: The new feature here is that should the connection between AS4 and AS123 fail, traffic from AS4 to destinations behind AS123 can pass through the private link and AS6's connection to AS123. aut-num: AS4 as-in: from AS123 100 accept ANY as-out: to AS123 announce AS4 as-in: from AS6 50 accept AS6 as-in: from AS6 110 accept ANY as-out: to AS6 AS4 aut-num: AS123 as-in: from AS4 1 accept AS4 as-out: to AS4 announce ANY as-in: from AS6 1 accept AS6 as-in: from AS6 2 accept AS4 as-out: to AS6 announce ANY <further neighbours> aut-num: AS6 as-in: from AS123 100 accept ANY as-out: to AS123 AS6 announce AS4 as-in: from AS4 50 accept AS4 as-out: to AS4 announce ANY Note that it is important to make sure to propagate routing informa- tion for both directions in backup situations like this. Connec- tivity in just one direction is not useful at all for almost all applications. Note also that in case the AS6-AS123 connection breaks, AS6 will only be able to talk to AS4. The symmetrical case (5d) is left as an exercise to the reader. 10. Future Extensions We envision that over time the requirements for describing routing policy will evolve. The routing protocols will evolve to support the requirements and the routing policy description syntax will need to evolve as well. For that purpose, a separate document will describe experimental syntax definitions for policy description. This docu- ment will be updated when new objects or attributes are proposed or modified. Two new attributes of the AS object which are proposed and supported by the Merit Routing Registry are as-transit and db-selector. as-transit describes the transit preferences of an AS. It allows an AS to describe its path preference in order to reach certain ripe-1nn.txt July, 1994 - 44 - destinations. The AS(s) specified in the path preference may or may not be an immediate neighbor of the AS defined in the AS object. as-transit accommodates policy decisions involving AS path whereas as-in and as-out do not. It is not unusual for ASs to have routing policies which involve path selection based on AS. Emerging proto- cols like SDRP [13] will allow an AS to choose a path independent of a neighboring ASs path choice. as-transit permits descriptions based on AS path selection. The DataBase Selector (db-selector) function allows one to take advantage of information registered in other Registries. It permits the selection of networks in a database based on their attributes. It is proposed to be used within the as-in/as-out attribute family to make the description of policy concise. For example, if an AS has the policy of not accepting any routes from country XYZ, the AS can use the db-selector to check a database which has a network and country attribute and relate that information to the information in the routing registry. The advantage of referencing another database is that the routing registry will avoid duplicating the information maintained in other information registries. Detailed examples and syntax are described in document ???? [14]. ripe-1nn.txt July, 1994 - 45 - 11. References [1] Bates, T., Jouanigot, J-M., Karrenberg, D., Lothberg, P., Terpstra, M., "Representation of IP Routing Policies in the RIPE Database", RIPE-81, February 1993. [2] Merit Network Inc.,"Representation of Complex Routing Policies of an Autonomous System", DRAFT, March, 1994. [3] PRIDE Tools Release 1. See ftp.ripe.net:pride/tools/pride-tools-1.tar.Z. [4] Merit Inc. RRDB Tools. See rrdb.merit.edu:pub/meritrr/* [5] The Network List Compiler. See dxcoms.cern.ch:pub/ripe-routing-wg/nlc-2.2d.tar [6] Lord, A., Terpstra, M., "RIPE Database Template for Networks and Persons", DRAFT, May 1994. [7] Karrenberg, D., "RIPE Database Template for Domains", RIPE-49, April 1992. [8] Lougheed, K., Rekhter, Y., "A Border Gateway Protocol 3 (BGP- 3)", RFC1267, October 1991. [9] Rekhter, Y., Li, T., "A Border Gateway Protocol 4 (BGP-4)", RFC-1654, May 1994. [10] Bates, T., Karrenberg, D., Terpstra, M., "Support for Classless Internet Addresses in the RIPE Database", DRAFT, May 1994. [11] Karrenberg, D., "Authorisation and Notification of Changes in the RIPE Database", RIPE-96, October 1993. [12] Bates, T., "Support of Guarded fields within the RIPE Data- base", ripe-108, February 1994. [13] Estrin, D., Li, T., Rekhter, Y., Varadhan, K., "Source Demand Routing: Packet Format and Forwarding Specification (Version 1)", INTERNET-DRAFT, draft-ietf-sdr-sdrp-04.txt, March 1994. [14] ?????, "Experimental Objects and attributes for the Routing Registry, ???, ????. [15] Bates, T., "Specifying an `Internet Router' in the Routing Registry", DRAFT, July 1994. ripe-1nn.txt July, 1994 - 46 - 12. Author's Addresses Tony Bates RARE/PRIDE Project c/o RIPE Network Coordination Centre Kruislaan 409 NL-1098 SJ Amsterdam The Netherlands +31 20 592 5064 T.Bates(a)ripe.net Elise Gerich The University of Michigan Merit Computer Network 1075 Beal Avenue Ann Arbor, MI 48109 USA +1 313 936 2120 epg(a)merit.edu Laurent Joncheray The University of Michigan Merit Computer Network 1075 Beal Avenue Ann Arbor, MI 48109 USA +1 313 936 2065 lpj(a)merit.edu Jean-Michel Jouanigot CERN, European Laboratory for Particle Physics CH-1211 Geneva 23 Switzerland +41 22 767 4417 Jean-Michel.Jouanigot(a)cern.ch Daniel Karrenberg RIPE Network Coordination Centre Kruislaan 409 NL-1098 SJ Amsterdam The Netherlands +31 20 592 5065 D.Karrenberg(a)ripe.net ripe-1nn.txt July, 1994 - 47 - Marten Terpstra PRIDE Project c/o RIPE Network Coordination Centre Kruislaan 409 NL-1098 SJ Amsterdam The Netherlands +31 20 592 5064 M.Terpstra(a)ripe.net Jessica Yu The University of Michigan Merit Computer Network 1075 Beal Avenue Ann Arbor, MI 48109 USA +1 313 936 2655 jyy(a)merit.edu ripe-1nn.txt July, 1994 - 48 - Appendix A - Syntax for the aut-num object. Here is a summary of the tags associated with aut-num object itself and their status. The first column specifies the attribute, the second column whether this attribute is mandatory in the aut-num object, and the third column whether this specific attribute can occur only once per object [single], or more than once [multiple]. When specifying multiple lines per attribute, the attribute name must be repeated. See [6] the example for the descr: attribute. aut-num: [mandatory] [single] descr: [mandatory] [multiple] as-in: [optional] [multiple] as-out: [optional] [multiple] interas-in: [optional] [multiple] interas-out: [optional] [multiple] as-exclude: [optional] [multiple] default: [optional] [multiple] tech-c: [mandatory] [multiple] admin-c: [mandatory] [multiple] guardian: [mandatory] [single] remarks: [optional] [multiple] notify: [optional] [multiple] maintainer: [optional] [single] changed: [mandatory] [multiple] source: [mandatory] [single] Each attribute has the following syntax: aut-num: The autonomous system number. This must be a uniquely allo- cated autonomous system number from an AS registry (i.e. the RIPE NCC, the Inter-NIC, etc). Format: AS<positive integer between 1 and 65535> Example: aut-num: AS1104 Status: mandatory, only one line allowed descr: A short description of the Autonomous System. Format: free text Status: mandatory, multiple lines allowed as-in: ripe-1nn.txt July, 1994 - 49 - Example: descr: NIKHEF section H descr: Science Park Watergraafsmeer descr: Amsterdam A description of accepted routing information between AS peers. Format: from <aut-num> <cost> accept <routing policy expression> The keywords from and accept are optional and can be omit- ted. <aut-num> refers to your AS neighbour. <cost> is a positive integer used to express a relative cost of routes learned. The lower the cost the more pre- ferred the route. <routing policy expression> can take the following for- mats. 1. A list of one or more ASes, AS Macros, Communities or Network Lists. A Network List is a list of network numbers in prefix length format, separated by commas, and surrounded by curly brackets. Examples: as-in: from AS1103 100 accept AS1103 as-in: from AS786 105 accept AS1103 as-in: from AS786 10 accept AS786 HEPNET as-in: from AS1755 110 accept AS1103 AS786 as-in: from AS3333 100 accept {192.87.45.0/16, 128.141.0.0/16} 2. A set of KEYWORDS. The following KEYWORD is currently defined: ANY this means anything the neighbour AS knows. 3. A logical expression of either 1 or 2 above The current logical operators are defined as: AND OR NOT ripe-1nn.txt July, 1994 - 50 - NOTE: if no logical operator is given between ASes, AS-macros, Communities, Network Lists and KEYWORDS it is implicitly evaluated as an `OR' operation. The OR can be left out for conciseness. Rules are grouped together using parenthesis i.e "(" and ")". Example: as-in: from AS1755 100 accept ANY AND NOT (AS1234 OR AS513) as-in: from AS1755 150 accept AS1234 OR {35.0.0.0/8} A rule can be wrapped over lines providing the associated <aut-num>, <cost> values and from and accept keywords are repeated and occur on con- secutive lines. Example: as-in: from AS1755 100 accept ANY AND NOT (AS1234 AS513) and as-in: from AS1755 100 accept ANY AND NOT ( as-in: from AS1755 100 accept AS1234 AS513) are evaluated to the same result. Please note that the ordering of these continuing lines matters. Status: optional, multiple lines allowed as-out: A description of generated routing information sent to other AS peers. Format: to <aut-num> announce <routing policy expression The to and announce keywords are optional and can be omit- ted. <aut-num> refers to your AS neighbour. <routing policy expression> is explained in the as-in attribute definition above. Example: as-out: to AS1104 announce AS978 as-out: to AS1755 announce ANY as-out: to AS786 announce ANY AND NOT (AS978) Status: optional, multiple lines allowed ripe-1nn.txt July, 1994 - 51 - interas-in: Describes incoming local preferences on an inter AS connection. Format: from <aut-num> <local-info> <pref> accept <routing policy expression> The keywords from and accept are optional and can be omit- ted. <aut-num> is an autonomous system as defined in as-in. <local-info> contains the IP address of the local border router, followed by a space, followed by the IP address of the remote border router. IP addresses must be in prefix length format. <pref> is defined as follows: (pref-type=<value>) It should be noted the parenthesis ``('' and ``)'' and the ``pref-type'' keyword must be present for this preference to be valid. <value> can take one of the following values: <cost> <cost> is a positive integer used to express a rela- tive cost of routes learned. The lower the cost the more preferred the route. This <cost> value is only relevant to other interas-in attributes, not to as-in attributes. MED This indicates the AS will use the BGP MED metric sent from its neighbour AS. NOTE: Combinations of MED and <cost> should be avoided for the same destinations. CAVEAT: The pref-type values may well be enhanced in the future as more inter-ASs routing protocols intro- duce other metrics. <routing policy expression> is an expression as defined in as-in above. Examples: interas-in: from AS1104 192.87.45.254/32 192.87.45.80/32 (pref-type=10) accept AS786 AS987 interas-in: from AS1104 192.87.45.254/32 192.87.45.79/32 (pref-type=20) accept AS987 interas-in: from AS1103 192.87.45.254/32 192.87.45.32/32 (pref-type=MED) accept ANY Status: optional, multiple lines allowed ripe-1nn.txt July, 1994 - 52 - interas-out: Format: to <aut-num> <local-info> announce <metric> <routing pol- icy expression> The keywords to and announce are optional and can be omit- ted. The definitions of <aut-num>, <local-info>, and <routing policy expression> are identical to those defined in interas-in. <metric> is defined as follows: (metric-out=<value>) It should be noted the parenthesis ``('' and ``)'' and the ``metric-out'' keyword must be present for this metric to be valid. <value> can take one of the following values: <num-metric> <num-metric> is a pre-configured metric for outbound routes. The lower the cost the more preferred the route. This <num-metric> value is only relevant to other interas-out attributes, not to as-out attri- butes. IGP This indicates that this means that the metric reflects the ASs internal topology cost. The topology is reflected here by using MED which is derived from the AS's IGP metric. NOTE: Combinations of IGP and <num-metric> should be avoided for the same destinations. CAVEAT: The metric-out values may well be enhanced in the future as more interas protocols make use of metrics. Examples: interas-out: to AS1104 192.87.45.254/32 192.87.45.80/32 (metric-out=10) announce AS23 AS10 interas-out: to AS1104 192.87.45.254/32 192.87.45.79/32 (metric-out=15) announce AS10 interas-out: to AS1103 192.87.45.254/32 192.87.45.79/32 (metric-out=IGP) announce ANY Status: optional, multiple lines allowed as-exclude: A list of transit ASes to ignore all routes from. ripe-1nn.txt July, 1994 - 53 - Format: exclude <aut-num> to <exclude-route-keyword> Keywords exclude and to are optional and can again be omitted. <aut-num> refers to the transit AS in question. an <exclude-route-keyword> can be ONE of the following. 1. <aut-num> 2. AS macro 3. Community 4. ANY Examples: as-exclude: exclude AS690 to HEPNET This means exclude any HEPNET routes which have a route via AS690. as-exclude: exclude AS1800 to AS-EUNET This means exclude any AS-EUNET routes which have a route via AS1800. as-exclude: exclude AS1755 to AS1104 This means exclude any AS1104 route which have a route via AS1755. as-exclude: exclude AS1104 to ANY This means exclude all routes which have a route via AS1104. Status: optional, multiple lines allowed default: An indication of how default routing is done. Format: <aut-num> <relative cost> <default-expression> where <aut-num> is the AS peer you will default route to, and <relative cost> is the relative cost is a positive integer used to express a preference for default. There is no relationship to the cost used in the as-in tag. The AS peer with the lowest cost is used for default over ones ripe-1nn.txt July, 1994 - 54 - with higher costs. <default-expression> is optional and provides information on how a default route is selected. It can take the fol- lowing formats: 1. static. This indicates that a default is statically configured to this AS peer. 2. A network list with the syntax as described in the as-in attribute. This indicates that this list of routes is used to generate a default route. A special but valid value in this is the special route used by some routing protocols to indicate default: 0.0.0.0/0 3. default. This is the same as {0.0.0.0/0}. This means that the routing protocol between these two peers generates a true default. Examples: default: AS1755 10 default: AS786 5 {140.222.0.0/16, 192.87.45.0/24} default: AS2043 15 default Status: optional, multiple lines allowed tech-c: Full name or uniquely assigned NIC-handle of a technical con- tact person. This is someone to be contacted for technical problems such as misconfiguration. Format: <firstname> <initials> <lastname> or <nic-handle> Example: tech-c: John E Doe tech-c: JED31 Status: mandatory, multiple lines allowed admin-c: Full name or uniquely assigned NIC-handle of an administrative contact person. In many cases this would be the name of the guardian. Format: <firstname> <initials> <lastname> or <nic-handle> Example: admin-c: Joe T Bloggs admin-c: JTB1 ripe-1nn.txt July, 1994 - 55 - Status: mandatory, multiple lines allowed guardian: Mailbox of the guardian of the Autonomous system. Format: <email-address> The <email-address> should be in RFC822 domain format wherever possible. Example: guardian: as1104-guardian(a)nikhef.nl Status: mandatory, only one line and e-mail address allowed remarks: Remarks/comments, to be used only for clarification. Format: free text Example: remarks: Multihomed AS talking to AS1755 and AS786 remarks: Will soon connect to AS1104 also. Status: optional, multiple lines allowed notify: The notify attribute contains an email address to which notifi- cations of changes to this object should be sent. See also [11]. Format: <email-address> The <email-address> should be in RFC822 domain syntax wherever possible. Example: notify: Marten.Terpstra(a)ripe.net Status: optional, multiple lines allowed maintainer: The maintainer attribute contains a registered maintainer name. See also [11]. Format: <registered maintainer name> ripe-1nn.txt July, 1994 - 56 - Example: maintainer: RIPE-DBM Status: optional, multiple lines allowed changed: Who changed this object last, and when was this change made. Format: <email-address> YYMMDD <email-address> should be the address of the person who made the last change. YYMMDD denotes the date this change was made. Example: changed: johndoe(a)terabit-labs.nn 900401 Status: mandatory, multiple lines allowed source: Source of the information. This is used to separate information from different sources kept by the same database software. For RIPE database entries the value is fixed to RIPE. Format: RIPE Status: mandatory, only one line allowed ripe-1nn.txt July, 1994 - 57 - Appendix B - Syntax details for the community object. Here is a summary of the tags associated with community object itself and their status. The first column specifies the attribute, the second column whether this attribute is mandatory in the commun- ity object, and the third column whether this specific attribute can occur only once per object [single], or more than once [multiple]. When specifying multiple lines per attribute, the attribute name must be repeated. See [6] the example for the descr: attribute. community: [mandatory] [single] descr: [mandatory] [multiple] authority: [mandatory] [single] guardian: [mandatory] [single] tech-c: [mandatory] [multiple] admin-c: [mandatory] [multiple] remarks: [optional] [multiple] notify: [optional] [multiple] maintainer: [optional] [single] changed: [mandatory] [multiple] source: [mandatory] [single] Each attribute has the following syntax: community: Name of the community. The name of the community should be descriptive of the community it describes. Format: Upper case text string which cannot start with "AS" or any of the <routing policy expression> KEYWORDS. See Appendix A. Example: community: WCW Status: mandatory, only one line allowed descr: A short description of the community represented. Format: free text Example: descr: Science Park Watergraafsmeer descr: Amsterdam Status: mandatory, multiple lines allowed ripe-1nn.txt July, 1994 - 58 - authority: The formal authority for this community. This could be an organisation, institute, committee, etc. Format: free text Example: authority: WCW LAN Committee Status: mandatory, only one line allowed guardian: Mailbox of the guardian of the community. Format: <email-address> The <email-address> should be in RFC822 domain format wherever possible. Example: guardian: wcw-guardian(a)nikhef.nl Status: mandatory, only one line and email address allowed tech-c: Full name or uniquely assigned NIC-handle of an technical con- tact person for this community. Format: <firstname> <initials> <lastname> or <nic-handle> Example: tech-c: John E Doe tech-c: JED31 Status: mandatory, multiple lines allowed admin-c: Full name or uniquely assigned NIC-handle of an administrative contact person. In many cases this would be the name of the guardian. Format: <firstname> <initials> <lastname> or <nic-handle> Example: admin-c: Joe T Bloggs admin-c: JTB1 ripe-1nn.txt July, 1994 - 59 - Status: mandatory, multiple lines allowed remarks: Remarks/comments, to be used only for clarification. Format: free text Example: remarks: Temporary community remarks: Will be removed after split into ASes Status: optional, multiple lines allowed notify: The notify attribute contains an email address to which notifi- cations of changes to this object should be send. See also [11]. Format: <email-address> The <email-address> should be in RFC822 domain syntax wherever possible. Example: notify: Marten.Terpstra(a)ripe.net Status: optional, multiple lines allowed maintainer: The maintainer attribute contains a registered maintainer name. See also [11]. Format: <registered maintainer name> Example: maintainer: RIPE-DBM Status: optional, multiple lines allowed changed: Who changed this object last, and when was this change made. Format: <email-address> YYMMDD <email-address> should be the address of the person who made the last change. YYMMDD denotes the date this change was made. ripe-1nn.txt July, 1994 - 60 - Example: changed: johndoe(a)terabit-labs.nn 900401 Status: mandatory, multiple lines allowed source: Source of the information. This is used to separate information from different sources kept by the same database software. For RIPE database entries the value is fixed to RIPE. Format: RIPE Status: mandatory, only one line allowed ripe-1nn.txt July, 1994 - 61 - Appendix C - AS Macros syntax definition. Here is a summary of the tags associated with as-macro object itself and their status. The first column specifies the attribute, the second column whether this attribute is mandatory in the as-macro object, and the third column whether this specific attribute can occur only once per object [single], or more than once [multiple]. When specifying multiple lines per attribute, the attribute name must be repeated. See [6] the example for the descr: attribute. as-macro: [mandatory] [single] descr: [mandatory] [multiple] as-list: [mandatory] [multiple] guardian: [mandatory] [single] tech-c: [mandatory] [multiple] admin-c: [mandatory] [multiple] remarks: [optional] [multiple] notify: [optional] [multiple] maintainer: [optional] [single] changed: [mandatory] [multiple] source: [mandatory] [single] Each attribute has the following syntax: as-macro: The name of a macro containing at least two Autonomous Systems grouped together for ease of administration. Format: AS-<string> The <string> should be in upper case and not contain any special characters. Example: as-macro: AS-EBONE Status: mandatory, only one line allowed descr: A short description of the Autonomous System Macro. Format: free text Example: descr: Macro for EBONE connected ASes Status: mandatory, multiple lines allowed ripe-1nn.txt July, 1994 - 62 - as-list: The list of ASes that make up this macro. Format: <aut-num> <aut-num> ... See Appendix A for <aut-num> definition. Example: as-list: AS786 AS513 AS1104 Status: mandatory, multiple lines allowed guardian: Mailbox of the guardian of this AS macro. Format: <email-address> The <email-address> should be in RFC822 domain format wherever possible. Example: guardian: as-ebone-guardian(a)ebone.net Status: mandatory, only one line and e-mail address allowed tech-c: Full name or uniquely assigned NIC-handle of a technical con- tact person for this macro. This is someone to be contacted for technical problems such as misconfiguration. Format: <firstname> <initials> <lastname> or <nic-handle> Examples: tech-c: John E Doe tech-c: JED31 Status: mandatory, multiple lines allowed admin-c: Full name or uniquely assigned NIC-handle of an administrative contact person. In many cases this would be the name of the guardian. Format: <firstname> <initials> <lastname> or <nic-handle> Examples: ripe-1nn.txt July, 1994 - 63 - admin-c: Joe T Bloggs admin-c: JTB1 Status: mandatory, multiple lines allowed remarks: Remarks/comments, to be used only for clarification. Format: free text Example: remarks: AS321 will be removed from this Macro shortly Status: optional, multiple lines allowed notify: The notify attribute contains an email address to which notifi- cations of changes to this object should be send. See also [11]. Format: <email-address> The <email-address> should be in RFC822 domain syntax wherever possible. Example: notify: Marten.Terpstra(a)ripe.net Status: optional, multiple lines allowed maintainer: The maintainer attribute contains a registered maintainer name. See also [11]. Format: <registered maintainer name> Example: maintainer: RIPE-DBM Status: optional, multiple lines allowed changed: Who changed this object last, and when was this change made. Format: <email-address> YYMMDD ripe-1nn.txt July, 1994 - 64 - <email-address> should be the address of the person who made the last change. YYMMDD denotes the date this change was made. Example: changed: johndoe(a)terabit-labs.nn 900401 Status: mandatory, multiple lines allowed source: Source of the information. This is used to separate information from different sources kept by the same database software. For RIPE database entries the value is fixed to RIPE. Format: RIPE Status: mandatory, only one line allowed ripe-1nn.txt July, 1994 - 65 - Appendix D - Syntax for the "route" object. There is a summary of the tags associated with community object itself and their status. The first column specifies the attribute, the second column whether this attribute is mandatory in the commun- ity object, and the third column whether this specific attribute can occur only once per object [single], or more than once [multiple]. When specifying multiple lines per attribute, the attribute name must be repeated. See [6] the example for the descr: attribute. route: [mandatory] [single] descr: [mandatory] [multiple] origin: [mandatory] [single] hole: [optional] [multiple] withdrawn: [optional] [multiple] comm-list: [optional] [multiple] remarks: [optional] [multiple] notify: [optional] [multiple] maintainer: [optional] [single] changed: [mandatory] [multiple] source: [mandatory] [single] Each attribute has the following syntax: route: Route being announced. Format: Classless representation of a route with the RIPE database known as the "prefix length" representation. See [10] for more details on classless representations. Examples: route: 192.87.45.0/24 This represents addressable bits 192.87.45.0 to 192.87.45.255. route: 192.1.128.0/17 This represents addressable bits 192.1.128.0 to 192.1.255.255. Status: mandatory, only one line allowed origin: The autonomous system announcing this route. Format: <aut-num> ripe-1nn.txt July, 1994 - 66 - See appendix A for <aut-num> syntax. Example: origin: AS1104 Status: mandatory, only one line allowed hole: Denote the parts of the address space covered this route object to which the originator does not provide connectivity. Format: Classless representation of a route with the RIPE database known as the "prefix length" representation. See [10] for more details on classless representations. It should be noted that is sub-aggregate must be a component of that registered in the route object. Example: hole: 193.0.4.0/24 Status: optional, multiple lines allowed withdrawn: Used to denote the day this route has been withdrawn from the Internet routing mesh. It should be noted that this date cannot be in the future. Format: YYMMDD YYMMDD denotes the date this route was withdrawn. Example: withdrawn: 940711 Status: optional, multiple lines allowed comm-list: List of one or more communities this route is part of. Format: <community> <community> ... See Appendix B for <community> definition. Example: comm-list: HEP LEP Status: optional, multiple lines allowed ripe-1nn.txt July, 1994 - 67 - remarks: Remarks/comments, to be used only for clarification. Format: free text Example: remarks: Multihomed AS talking to AS1755 and AS786 remarks: Will soon connect to AS1104 also. Status: optional, multiple lines allowed notify: The notify attribute contains an email address to which notifi- cations of changes to this object should be send. See also [11]. Format: <email-address> The <email-address> should be in RFC822 domain syntax wherever possible. Example: notify: Marten.Terpstra(a)ripe.net Status: optional, multiple lines allowed maintainer: The maintainer attribute contains a registered maintainer name. See also [11]. Format: <registered maintainer name> Example: maintainer: RIPE-DBM Status: optional, multiple lines allowed changed: Who changed this object last, and when was this change made. Format: <email-address> YYMMDD <email-address> should be the address of the person who made the last change. YYMMDD denotes the date this change was made. Example: ripe-1nn.txt July, 1994 - 68 - changed: johndoe(a)terabit-labs.nn 900401 Status: mandatory, multiple lines allowed source: Source of the information. This is used to separate information from different sources kept by the same database software. For RIPE database entries the value is fixed to RIPE. Format: RIPE Status: mandatory, only one line allowed ripe-1nn.txt July, 1994 - 69 - Appendix E - List of reserved words The following list of words are reserved for use within the attri- butes of the AS object. The use of these words is solely for the purpose of clarity. All keywords must be lower case. accept announce exclude from to transit Examples of the usage of the reserved words are: as-in: from neighborAS accept route as-out: to neighborAS announce route as-exclude: exclude ASpath to destination as-transit: transit ASpath to destination default: from neighborAS accept route default: to neighborAS announce route Note: that as-transit is an experimental attribute. See section 10. ripe-1nn.txt July, 1994 - 70 - Appendix F - Motivations for RIPE-81++ This appendix gives motivations for the major changes in this propo- sal from ripe-81. (It is not complete yet). The main goals of the routing registry rework are: SPLIT Separate the allocation and routing registry functions into different database objects. This will facilitate data manage- ment if the Internet registry and routing registry functions are separated (like in other parts of the world). It will also make more clear what is part of the routing registry and who has authority to change allocation vs. routing data. CIDR Add the possibility to specify classless routes in the routing registry. Classless routes are being used in Internet produc- tion now. Aggregation information in the routing registry is necessary for network layer troubleshooting. It is also neces- sary because aggregation influences routing policies directly. CALLOC Add the possibility to allocate address space on classless boundaries in the allocation registry. This is a way to preserve address space. CLEAN To clean up some of the obsolete and unused parts of the rout- ing registry. The major changes are now discussed in turn: Introduce Classless Addresses CIDR, CALLOC Introduce route object. SPLIT, CIDR and CALLOC. Delete obsolete attributes from inetnum. CLEAN. ripe-1nn.txt July, 1994 - 71 - Delete RIPE-DB and LOCAL from routing policy expressions. CLEAN Allow multiple ASes to originate the same route Because it is being done. CIDR. Made possible by SPLIT. ripe-1nn.txt July, 1994 - 72 - Appendix G - Transition strategy from RIPE-81 to RIPE-81++ Transition from the routing registry described by ripe-81 to the routing registry described in this document is a straightforward process once the new registry functions have been implemented in the database software and are understood by the most commonly used registry tools. The routing related attributes in the classful inet- num objects of ripe-81 can be directly translated into new routing objects. Then these attributes can be deleted from the inetnum object making that object conform to the new schema. Proposed transition steps: 1) Implement classless addresses and new object definition in the database software. 2) Make common tools understand the new schema and prefer it if both old and new are present. 3) Invite everyone to convert their data to the new format. This can be encouraged by doing conversions automatically and pro- posing them to maintainers. 4) At a flag day remove all remaining routing information from the inetnum objects. Before the flag day all usage of obsoleted inetnum attributes has to cease and all other routing registry functions have to be taken over by the new objects and attri- butes. The current estimate is that point three can be reached in the Sum- mer 1994 if the draft is accepted by mid-June. The flag day should be scheduled 3-4 months after this point. ripe-1nn.txt July, 1994

6 9

Re: Latest and hopefully last iteration of ripe-81++
by Dale S. Johnson 21 Jul '94

21 Jul '94

> > bonito(a)nis.garr.it (Antonio_Blasco Bonito) writes: > * > > Firstly, > this is just my opinion.. it is up to the working group chairs > to decide any new extensions here. I am just `trying' to complete the > action for ripe-81++ from the last meeting. The points you raise are > more general (esp. the time related one). However, find below my > personal view on this. > > * > Ok, here are my last comments again (seens that last time they > * > went directly to /dev/null). I won't accept a document which does not > * > allow more than 1 update of an object per day. > * > Laurent > * > > * > A few things i'd like to propose: > * > > * > - A route/AS name attribute. You currently use the first line of the 'des > * c' > * > attribute to generate a name (with prtraceroute for instance). Having > * > a separate name attribute can make the query of the server (whois or what > * ever) > * > easier since it doesn't require any parsing. > * > * I strongly agree. > * > Umm... do not see the need for routes to have names - doesn't effect > prtraceroute or any other tool for that matter. Whats to parse in > description ? It is there in the aut-num object so a tool uses it..and > works as far as I can tell ? > > However, if the groups want this fine by me. Just I didn't hear any > other votes for this until now. I'd vote for routes having names. I think the arguments for this are essentially the same as in the discussion a couple of years ago about whether nets needed names (or, more precisely, whether net names needed to be unique). When working on routing problems, Routes will be the entities that are looked at during the analysis like nets have been in the past. Giving the tools the ability to put up even a slightly descriptive name provides a lot of sanity checking. It also gives a pronouncable verbal shorthand for human communication ("Hey, has that JvNC AGG-one come back up yet?") --Dale

1 0

The router object
by Tony Bates 21 Jul '94

21 Jul '94

Please find below a draft of a proposal for a router object known as ``inet-rtr''. This is the missing link of the current ripe-81++ specifically for the ias-int information which was rightly removed along with the component attribute iself. This proposal is really a modification of a similar proposal made by Merit with just one or two clarifications and all credit belongs to them. This object could very quickly added to the Database. Please let me have comments asap. --Tony. Please note: a postscript version is available as ftp://ftp.ripe.net/ripe/drafts/inet-rtr.ps Specifying an `Internet Router' in the Routing Registry Tony Bates DRAFT - DRAFT - DRAFT Document ID: ripe-xy ABSTRACT This paper describes a simple specification for defining an Internet router within a routing registry. 1. Introduction It has become apparent as routing registries are evolving that there is a need to register some details of an Internet router (1) within the routing registry. By adding this kind of detailed information it adds functionality to information based on routing policies [1] facilitating the ability to build operational tools [2],[3] such as configuration generators and diagnostic tools within increased local information. It also provides a direct method to find a contact for an important component of the Internet infrastructure. This can be extremely useful when resolving operational problems. 2. Acknowledgments This specification is based on a similar specification by Merit Inc. for a `route' object (2). All credit should go to them. This paper acts purely to clarify the original ideas set out in the Merit paper. _________________________ (1) Here an Internet router means any IP [4] node ca- pable of running an IP routing protocol. Be that RIP, BGP or any other of the current IP based routing proto- cols found in the Internet today. This definition is intentionally looser than what might be found in the "Router requirements" Internet draft [5]. (2) This specification does not use `router' as the object name to avoid possible clashes with the `route' object which already exists within the routing regis- try. ripe-xy.txt July, 1994 - 2 - 3. Router Representation The representation must be capable of representing both ``interior'' and ``border'' routers within ones own autonomous system. Each object is uniquely identified by its object name. Here is a simple example of a router object: inet-rtr: Amsterdam.ripe.net localas: AS3333 ifaddr: 192.87.45.190 ifaddr: 192.87.4.28 ifaddr: 193.0.0.222 peer: 192.87.45.6 AS2122 BGP4 peer: 193.0.0.219 AS2122 BGP peer: 193.0.0.221 AS1104 BGP peer: 192.87.4.18 AS1103 BGP4 peer: 192.87.4.24 AS1103 BGP4 peer: 192.87.4.20 AS286 BGP4 peer: 192.87.4.5 AS3333 IBGP4 admin-c: Daniel Karrenberg tech-c: Tony Bates tech-c: Marten Terpstra notify: ops(a)ripe.net remarks: The router for the RIPE NCC changed: tony(a)ripe.net 940720 source: RIPE This object provides several key pieces of information. The exact syntax for each attribute is discussed in the next section. However, some general remarks about this example are worthy of note. From this you can see immediately that this router "Amsterdam.ripe.net" is in the autonomous system 3333 and has three configured inter- faces. You also see that it has several exterior peers and one inte- rior peer (192.87.45.6). Details of the actual routing protocol are given. This can be extremely useful. For example a BGP3 router is not CIDR [6] capable whereas a BGP4 capable router is. A tool could use this information when examining routing policy to see if a peer can make use of aggregation. Finally, we also see who we can con- tact when problems occur with this router. ripe-xy.txt July, 1994 - 3 - 4. `inet-rtr' Syntax Definition Here is a summary of the tags associated with inet-rtr object itself and their status. The first column specifies the attribute, the second column whether this attribute is mandatory in the inet-rtr object, and the third column whether this specific attribute can occur only once per object [single], or one or more [multiple]. When specifying multiple lines per attribute, the attribute name must be repeated. inet-rtr: [mandatory] [single] localas: [mandatory] [single] ifaddr: [mandatory] [multiple] peer: [optional] [multiple] tech-c: [mandatory] [multiple] admin-c: [mandatory] [multiple] remarks: [optional] [multiple] notify: [optional] [multiple] maintainer: [optional] [single] changed: [mandatory] [multiple] source: [mandatory] [single] Each attribute has the following syntax: inet-rtr: The fully qualified domain name of the router. Format: Fully qualified domain name without trailing "." (dot). This must be registered in the DNS. For routers with more than one DNS you should pick the one that seems most suit- able. It should be noted that it is commonly general prac- tice for a router to have single uniquely defined domain name. Example: inet-rtr: Amsterdam.ripe.net Status: mandatory, only one line allowed localas: The autonomous system in which this router belongs. Format: AS<positive integer between 1 and 65535> Example: localas: AS3333 Status: mandatory, only one line allowed ripe-xy.txt July, 1994 - 4 - ifaddr: An interface address within the router. Format: <Interface Address> [Local AS] <Interface Address> must be a "dotted-quad" represented host address. It should be noted that at ONE ifaddr must be configured for the inet-rtr object to be valid. This facilitates the registering of route servers which may only have one interface address and are purely routing engines. [Local AS] is an optional piece of information which allows this interface to be configured as being in a DIF- FERENT autonomous system. This is useful only when a router is configured to `fake' that it is another AS. The format of [Local AS] is AS<positive integer between 1 and 65535>. Examples: ifaddr: 192.87.45.190 ifaddr: 192.87.4.99 AS1755 Status: mandatory, multiple lines allowed peer: Details of any router peerings. These can be both interior or exterior. Format: <Peer address> <Peer AS> <Routing Protocol> <Peer address> is the interface address of the remote peer. This is same format as that used in the ``ifaddr'' attribute above. <Peer AS> is the autonomous system number of the peer. Its format is AS<positive integer between 1 and 65535>. It should be noted that even interior peers should have their <Peer AS> detailed. <Routing Protocol> represents the routing protocol running between the router and the peer. This can be any one of the following reserved routing protocol keywords: EGP The routers are using the exterior gateway protocol, EGP [7]. BGP The routers are using the exterior gateway protocol, BGP conforming to [8]. This can mean either BGP ripe-xy.txt July, 1994 - 5 - version 2 or BGP version 3. BGP4 The routers are using the exterior gateway protocol, BGP conforming to BGP version 4 [9]. IBGP The routers are using the exterior gateway protocol, BGP as an interior routing protocol conforming to [8]. This can mean either BGP version 2 or BGP ver- sion 3. IBGP4 The routers are using the exterior gateway protocol, BGP as an interior routing protocol conforming to BGP version 4 [9]. IDRP The routers are using the exterior gateway protocol, IDRP conforming to [10]. IGP This is an interior peering using a standard interior gateway protocol (i.e. RIP, OSPF, etc.). OTHER This peering is using a protocol not in one of the categories above. Example: peer: 192.87.45.6 AS2122 BGP4 peer: 193.0.0.219 AS2122 BGP peer: 193.0.0.221 AS1104 BGP peer: 192.87.4.18 AS1103 BGP4 peer: 192.87.4.24 AS1103 BGP4 peer: 192.87.4.20 AS286 BGP4 peer: 192.87.4.5 AS3333 IBGP4 Status: optional, multiple lines allowed admin-c: Full name or uniquely assigned NIC-handle of an administrative contact person. Format: <firstname> <initials> <lastname> or <nic-handle> Examples: admin-c: Joe T Bloggs admin-c: JTB1 Status: mandatory, multiple lines allowed ripe-xy.txt July, 1994 - 6 - tech-c: Full name or uniquely assigned NIC-handle of a technical con- tact person for this macro. This is someone to be contacted for technical problems such as misconfiguration. Format: <firstname> <initials> <lastname> or <nic-handle> Examples: tech-c: John E Doe tech-c: JED31 Status: mandatory, multiple lines allowed notify: The notify attribute contains an email address to which notifi- cations of changes to this object should be send. Format: <email-address> The <email-address> should be in RFC822 domain syntax wherever possible. Example: notify: Marten.Terpstra(a)ripe.net Status: optional, multiple lines allowed maintainer: The maintainer attribute contains a registered maintainer name. Format: <registered maintainer name> Example: maintainer: RIPE-DBM Status: optional, multiple lines allowed remarks: Remarks/comments, to be used only for clarification. Format: free text Example: remarks: This is a router ripe-xy.txt July, 1994 - 7 - Status: optional, multiple lines allowed changed: Who changed this object last, and when was this change made. Format: <email-address> YYMMDD <email-address> should be the address of the person who made the last change. YYMMDD denotes the date this change was made. Example: changed: johndoe(a)terabit-labs.nn 900401 Status: mandatory, multiple lines allowed source: Source of the information. This is used to separate information from different sources kept by the same database software. For RIPE database entries the value is fixed to RIPE. Format: RIPE Status: mandatory, only one line allowed ripe-xy.txt July, 1994 - 8 - 5. References [1] Bates, T., Gerich, E., Joncheray, L., Joanigot, J-M, Karren- berg, D., Terpstra, M, Yu, J., ripe-81++, July 1994. WORK IN PROGRESS [2] PRIDE Tools Release 1. See ftp.ripe.net:pride/tools/pride-tools-1.tar.Z. [3] Merit Inc. RRDB Tools. See rrdb.merit.edu:pub/meritrr/* [4] J. Postel, "Internet Protocol", RFC 791, January 1981. [5] Kastenholz, F., draft-ietf-rreq-iprouters-require-01.txt, April, 1994, INTERNET DRAFT [6] V. Fuller, T. Li, J. Yu, K. Varadhan, "Classless Inter-Domain Routing (CIDR): an Address Assignment and Aggregation Stra- tegy", RFC1519, Sep., 1993. [7] Mills, D., "Exterior Gateway Protocol formal specification", RFC904, April 1984. [8] K. Lougheed, Y. Rekhter, "A Border Gateway Protocol 3 (BGP-3)", RFC1267, October 1991. [9] Y. Rekhter, T. Li, "A Border Gateway Protocol 4 (BGP-4)", <draft-ietf-bgp-bgp4-10.txt>, INTERNET DRAFT, May, 1994. [10] C. Kunzinger, "ISO/IEC 10747 - Protocol for the Exchange of Inter-Domain Routing Information among Intermediate Systems to Support Forwarding of ISO 8473 PDUs", <draft-kunzinger-idrp- ISO10747-00.txt>, INTERNET DRAFT, April 1994. ripe-xy.txt July, 1994

2 7

Latest draft of ripe-81++
by Tony Bates 12 Jul '94

12 Jul '94

Please find below the latest draft of ripe-81++. This has several changes which have been worked in, over the weeks following the RIPE meeting as agreed. There are still a couple of open issues for which we are waiting on input. However, these have been clearly separated (and marked) such that we can (and will) begin implementing the rest of ripe-81++. We would like to have this agreed by the next RIPE meeting at the very latest (if not sooner) to make sure implementation work can take place. If this is not done it may be next year before implementation work can begin on this. --Tony. Also note that both this and the postscript version are available from ftp://ftp.ripe.net/ripe/drafts/ripe-81++.ps ftp://ftp.ripe.net/ripe/drafts/ripe-81++.txt Representation of IP Routing Policies in a Routing Registry (ripe-81++) DRAFT DRAFT DRAFT Tony Bates Elise Gerich Laurent Joncheray Jean-Michel Jouanigot Daniel Karrenberg Marten Terpstra Jessica Yu Document-ID: ripe-1nn Obsoletes: ripe-81 July, 1994 ABSTRACT This document is an update to the original `ripe- 81'[1] proposal for representing and storing routing polices within the RIPE database. It incorporates several extensions proposed by Merit Inc.[2] and gives details of a generalised IP routing policy representa- tion to be used by all Internet routing registries. It acts as both tutorial and provides details of database objects and attributes that use and make up a routing registry. ripe-1nn.txt July, 1994 - 2 - Table of Contents 1 Introduction ................................................ ? 2 Organisation of this Document ............................... ? 3 General Representation of Policy Information ................ ? 4 The Routing Registry and the RIPE Database .................. ? 5 The Route Object ............................................ ? 6 The Autonomous System Object ................................ ? 7 The AS Macro Object ......................................... ? 8 The Community Object ........................................ ? 9 Representation of Routing Policies .......................... ? 10 Future Extensions .......................................... ? 11 References ................................................. ? 12 Authors Addresses .......................................... ? Appendix A - Syntax for the "aut-num" object .................. ? Appendix B - Syntax for the "community" object ................ ? Appendix C - Syntax for the "as-macro" object ................. ? Appendix D - Syntax for the "route" object .................... ? Appendix E - List of reserved words ........................... ? Appendix F - Motivations for RIPE-81++ ........................ ? Appendix G - Transition strategy from RIPE-81 to RIPE-81++ .... ? ripe-1nn.txt July, 1994 - 3 - 1. Introduction This document is a much revised version of the RIPE routing registry document known as ripe-81[1]. Since its inception in February, 1993 and the establishment of the RIPE routing registry, several addi- tions and clarifications have come to light which can be better presented in a single updated document rather than separate addenda. Some of the text remains the same the as the original ripe-81 docu- ment keeping its tutorial style mixed with details of the RIPE data- base objects relating to routing policy representation. However this document does not repeat the background and historical remarks in ripe-81. For these please refer to the original document. It should be noted that whilst this document specifically references the RIPE database and the RIPE routing registry one can easily read "Regional routing registry" in place of RIPE as this representation is certainly general and flexible enough to be used outside of the RIPE community incorporating many ideas and features from other routing registries in this update. As you can see this document has a new RIPE document identification number but can also be referred to as ripe-81++. Appendix F summar- ises the changes from ripe-81 plus the motivation for these changes. We would like to acknowledge many people for help with this docu- ment. Specifically, Peter Lothberg who was a co-author of the ori- ginal ripe-81 document for his many ideas and Gilles Farrache. We would also like to thank the RIPE routing working group for their review and comment. Finally, we like to thank Merit Inc. for many constructive comments and ideas and making the routing registry a worldwide Internet service. We would also like to acknowledge the funding provided by the PRIDE project run in conjunction with the RARE Technical Program, RIPE and the RIPE NCC without which this paper would not have been possible. 2. Organisation of this Paper This paper acts as both a basic tutorial for understanding routing policy and provides details of objects and attributes used within an Internet routing registry to store routing policies. Section 3 describes general issues about IP routing policies and their representation in routing registries. Experienced readers may wish to skip this section. Section 4 provides an overview of the RIPE database, its basic concepts, schema and objects which make up the database itself. It highlights the way in which the RIPE database splits routing information from allocation information. Sections 5, 6, 7 and 8 detail all the objects associated with routing policy representation. Section 9 gives a fairly extensive "walk through" of how these objects are used for expressing routing policy and the general principles behind their use. Section 10 provides a list of references used throughout this document. Appendix A, B, C and D document the formal syntax for the database objects and attributes. Appendix F details the main changes from ripe-81 and motivations for these changes. Appendix G tackles the issues of transition from ripe-1nn.txt July, 1994 - 4 - ripe-81 to ripe-81++. ripe-1nn.txt July, 1994 - 5 - 3. General Representation of Policy Information Networks, Network Operators and Autonomous Systems Throughout this document an effort is made to be consistent with terms so as not to confuse the reader. When we talk about "networks" we mean physical networks which have a unique classless IP network number: Layer 3 entities. We do not mean organisations. We call the organisations operating networks "network operators". For the sake of the examples we divide network operators into two categories: "service providers" and "customers". A "service pro- vider" is a network operator who operates a network to provide Internet services to different organisations, its "customers". The distinction between service providers and customers is not clear cut. A national research networking organisation frequently acts as a service provider to Universities and other academic organisations, but in most cases it buys international connectivity from another service provider. A University networking department is a customer of the research networking organisation but in turn may regard University departments as its customers. An Autonomous System (AS) is a group of IP networks having a single clearly defined routing policy which is run by one or more network operators. Inside ASes IP packets are routed using one or more Inte- rior Routing Protocols (IGPs). In most cases interior routing deci- sions are based on metrics derived from technical parameters like topology, link speeds and load(1). ASes exchange routing information with other ASes using Exterior Routing Protocols (EGPs). Exterior routing decisions are frequently based on policy based rules rather than purely on technical parame- ters. Tools are needed to configure complex policies and to commun- icate those policies between ASes while still ensuring proper opera- tion of the Internet as a whole. Some EGPs like BGP-3 [8] and BGP-4 [9] provide tools to filter routing information according to policy rules and more. None of them provides a mechanism to publish or com- municate the policies themselves. Yet this is critical for opera- tional coordination and fault isolation among network operators and thus for the operation of the global Internet as a whole. This document describes a "Routing Registry" providing this functional- ity. _________________________ (1) The entity we refer to as an AS is frequently and more generally called a routing domain with the AS just being an implementation vehicle. We have decided to use the term AS exclusively because it relates more direct- ly with the database objects and routing tools. By us- ing only one term we hope to reduce the number of con- cepts and to avoid confusion. The academically inclined reader may forgive us. ripe-1nn.txt July, 1994 - 6 - Routing Policies The exchange of routing information between ASes is subject to rout- ing policies. Consider the case of two ASes, X and Y exchanging routing information: NET1 ...... ASX <---> ASY ....... NET2 ASX knows how to reach a network called NET1. It does not matter whether NET1 is belonging to ASX or some other AS which exchanges routing information with ASX either directly or indirectly; we just assume that ASX knows how to direct packets towards NET1. Likewise ASY knows how to reach NET2. In order for traffic from NET2 to NET1 to flow between ASX and ASY, ASX has to announce NET1 to ASY using an external routing protocol. This states that ASX is willing to accept traffic directed to NET1 from ASY. Policy thus comes into play first in the decision of ASX to announce NET1 to ASY. In addition ASY has to accept this routing information and use it. It is ASY's privilege to either use or disregard the information that ASX is willing to accept traffic for NET1. ASY might decide not to use this information if it does not want to send traffic to NET1 at all or if it considers another route more appropriate to reach NET1. So in order for traffic in the direction of NET1 to flow between ASX and ASY, ASX must announce it to ASY and ASY must accept it from ASX: resulting packet flow towards NET1 <<=================================== | | announce NET1 | accept NET1 --------------> + -------------> | AS X | AS Y | <------------- + <-------------- accept NET2 | announce NET2 | | resulting packet flow towards NET2 ===================================>> Ideally, and seldom practically, the announcement and acceptance policies of ASX and ASY are identical. ripe-1nn.txt July, 1994 - 7 - In order for traffic towards NET2 to flow, announcement and accep- tance of NET2 must be in place the other way round. For almost all applications connectivity in just one direction is not useful at all. It is important to realise that with current destination based for- warding technology routing policies must eventually be expressed in these terms. It is relatively easy to formulate reasonable policies in very general terms which CANNOT be expressed in terms of announc- ing and accepting networks. With current technology such policies are almost always impossible to implement. Usually policies are not configured for each network separately but for groups of networks. In practise these groups are almost always defined by the networks forming one or more ASes. Routing Policy limitations The generic example of a reasonable but un-implementable routing is a split of already joined packet streams based on something other than destination address. Once traffic for the same destination network passes the same router, or the same AS at our level of abstraction, it will take exactly the same route to the destina- tion(2). In a concrete example AS Z might be connected to the outside world by two links. AS Z wishes to reserve these links for different kinds of traffic, let's call them black and white traffic. For this purpose the management of AS Z keeps two lists of ASes, the black and the white list. Together these lists comprise all ASes in the world reachable from AS Z. "W" <---> ... AS Z .... NET 3 <---> "B" It is quite possible to implement the policy for traffic originating in AS Z: AS Z will only accept announcements for networks in white ASes on the white link and will only accept announcements for net- works in black ASes on the black link. This causes traffic from networks within AS Z towards white ASes to use the white link and likewise traffic for black ASes to use the black link. Note that this way of implementing things makes it necessary to decide on the colour of each new AS which appears before traffic can be sent to it from AS Z. A way around this would be to accept only _________________________ (2) Disregarding special cases like "type of service" routing, load sharing and routing instabilities. ripe-1nn.txt July, 1994 - 8 - white announcements via the white link and to accept all but white announcements on the black link. That way traffic from new ASes would automatically be sent down the black link and AS Z management would only need to keep the list of white ASes rather than two lists. Now for the unimplementable part of the policy. This concerns traffic towards AS Z. Consider the following topology: B AS ---) "W" W AS ---) ---> B AS ---)>> AS A ---> ... AS Z .... NET 3 B AS ---) ---> W AS ---) "B" As seen from AS Z there are both black and white ASes "behind" AS A. Since ASes can make routing decisions based on destination only, AS A and all ASes between AS A and the two links connecting AS Z can only make the same decision for traffic directed at a network in AS Z, say NET 3. This means that traffic from both black and white ASes towards NET 3 will follow the same route once it passes through AS A. This will either be the black or the white route depending on the routing policies of AS A and all ASes between it and AS Z. The important thing to note is that unless routing and forwarding decisions can be made based on both source and destination addresses, policies like the "black and white" example cannot be implemented in general because "once joined means joined forever". Access Policies Access policies contrary to routing policies are not necessarily defined in terms of ASes. The very simplest type of access policy is to block packets from a specific network S from being forwarded to another network D. A common example is when some inappropriate use of resources on network D has been made from network S and the prob- lem has not been resolved yet. Other examples of access policies might be resources only accessible to networks belonging to a par- ticular disciplinary group or community of interest. While most of these policies are better implemented at the host or application level, network level access policies do exist and are a source of connectivity problems which are sometimes hard to diagnose. There- fore they should also be documented in the routing registry accord- ing to similar requirements as outlined above. Routing v Allocation information The RIPE database contains both routing registry and address space allocation registry information. In the past the database schema combined this information. Because RIPE was tasked with running both an allocation and routing registry it seemed natural to initially ripe-1nn.txt July, 1994 - 9 - combine these functions. However, experience has shown that a clear separation of routing information from allocation is desirable. Often the maintainer of the routing information is not the same as the maintainer of the allocation information. Also, in other parts of the world there are different registries for each kind of infor- mation. Whilst the actual routing policy objects will be introduced in the next section it is worthy of note that a transition from the current objects will be required. This is described with in Appendix G. This split in information represents a significant change in the representational model of the RIPE database. Appendix F expands on the reasons for this a little more. Tools The network operators will need a series of tools for policy rout- ing. Some tools are already available to perform some of the tasks. Most notably, the PRIDE tools [3] from the PRIDE project started in September 1993 as well as others produced by Merit Inc [4] and CERN [5]. These tools will enable them to use the routing policy stored in the RIPE routing registry to perform such tasks as check actual routing against policies defined, ensure consistency of policies set by dif- ferent operators, and simulate the effects of policy changes. Work continues on producing more useful tools to service the Inter- net community. ripe-1nn.txt July, 1994 - 10 - 4. The Routing Registry and the RIPE Database One of the activities of RIPE is to maintain a database of Euro- pean IP networks, DNS domains and their contact persons along with various other kinds of network management information. The database content is public and can be queried using the whois protocol as well as retrieved as a whole. This supports NICs/NOCs all over Europe and beyond to perform their respective tasks. The RIPE database combines both allocation registry and routing registry functions. The RIPE allocation registry contains data about address space allocated to specific enterprises and/or delegated to local registries as well as data about the domain name space. The allocation registry is described in separate documents [6,7] and outside the scope of this document. Database Objects Each object in the database describes a single entity in the real world. This basic principle means that information about that entity should only be represented in the corresponding data- base object and not be repeated in other objects. The whois ser- vice can automatically display referenced objects where appropriate. The types of objects stored in the RIPE database are summarised in the table below: R Object Describes References ____________________________________________________________________ B person contact persons A inetnum IP address space person A domain DNS domain person R aut-num autonomous system person (aut-num,community) R as-macro a group of autonomous systems person, aut-num R community community person R route a route being announced aut-num, community R clns CLNS address space and routing person The first column indicates whether the object is part of the alloca- tion registry (A), the routing registry (R) or both (B). The last column indicates the types of objects referenced by the particular type of object. It can be seen that almost all objects reference contact persons. Objects are described by attributes value pairs, one per line. Objects are separated by empty lines. An attribute that consists ripe-1nn.txt July, 1994 - 11 - of multiple lines should have the attribute name repeated on consecutive lines. The information stored about network 192.87.45.0 consists of three objects, one network object and two person objects and looks like this: inetnum: 192.87.45.0 netname: RIPE-NCC descr: RIPE Network Coordination Centre descr: Amsterdam, Netherlands country: NL admin-c: Daniel Karrenberg tech-c: Marten Terpstra rev-srv: ns.ripe.net rev-srv: ns.eu.net notify: ops(a)ripe.net changed: tony(a)ripe.net 940110 source: RIPE person: Daniel Karrenberg address: RIPE Network Coordination Centre (NCC) address: Kruislaan 409 address: NL-1098 SJ Amsterdam address: Netherlands phone: +31 20 592 5065 fax-no: +31 20 592 5090 e-mail: dfk(a)ripe.net nic-hdl: DK58 changed: ripe-dbm(a)ripe.net 920826 source: RIPE person: Marten Terpstra address: RIPE Network Coordination Centre (NCC) address: PRIDE Project address: Kruislaan 409 address: NL-1098 SJ Amsterdam address: Netherlands phone: +31 20 592 5064 fax-no: +31 20 592 5090 e-mail: Marten.Terpstra(a)ripe.net nic-hdl: MT2 notify: marten(a)ripe.net changed: marten(a)ripe.net 931230 source: RIPE Objects are stored and retrieved in this tag/value format. The RIPE NCC does not provide differently formatted reports because any desired format can easily be produced from this generic one. ripe-1nn.txt July, 1994 - 12 - Routing Registry Objects The main objects comprising the routing registry are "aut-num" and "route", describing an autonomous system and a route respectively. It should be noted that routes not described in the routing registry should never be routed in the Internet itself. The autonomous system (aut-num) object provides contact information for the AS and describes the routing policy of that AS. The routing policy is described by enumerating all neighbouring ASes with which routing information is exchanged. For each neighbour the routing policy is described in terms of exactly what is being sent (announced) and allowed in (accepted). It is important to note that this is exactly the part of the global policy over which an AS has direct control. Thus each aut-num object describes what can indeed be implemented and enforced locally by the AS concerned. Combined together all the aut-num objects provide the global routing graph and permit to deduce the exact routing policy between any two ASes. While the aut-num objects describe how routing information is pro- pagated, the route object describes a single route injected into the external routing mesh. The route object references the AS injecting (originating) the route and thereby indirectly provides contact information for the originating AS. This reference also provides the primary way of grouping routes into larger collections. This is necessary because describing routing policy on the level of single routes would be awkward to impractical given the number of routes in the Internet which is about 20,000 at the time of this writing. Thus routing policy is most often defined for groups of routes by originating AS. This method of grouping is well supported by current exterior routing protocols. The route object also refer- ences community objects described below to provide another method of grouping routes. Modification of aut-num object itself and the referencing by route objects is strictly protected to provide net- work operators control over the routing policy description and the routes originated by their ASes. Sometimes even keeping track of groups of routes at the AS level is cumbersome. Consider the case of policies described at the transit provider level which apply transitively to all customers of the transit provider. Therefore another level of grouping is provided by the as-macro object which provides groups of ASes which can be referenced in routing policies just like single ASes. Membership of as-macro groups is also strictly controlled. Sometimes there is a need to group routes on different criteria than ASes for purposes like statistics or local access policies. This is provided by the community object. A community object is much like an AS but without a routing policy. It just describes a group of routes. This is not supported at all by exterior routing protocols and depending on aggregation of routes may not be generally usable to define routing policies. It is suitable for local policies and non-routing related purposes. ripe-1nn.txt July, 1994 - 13 - These routing related objects will be described in detail in the sections below. ripe-1nn.txt July, 1994 - 14 - 5. The Route Object As stated in the previous chapter routing and address space alloca- tion information are now clearly separated. This is performed with the introduction of the route object. The route object will contain all the information regarding a routing announcement. All routing related attributes are removed from the inetnum object. Some old attributes are obsoleted: connect, routpr-l, bdryg-l, nsf- in, nsf-out, gateway). The currently useful routing attributes are moved to the route object: aut-sys becomes origin, ias-int will be encoded as part of the "to be proposed" `border-router' object and comm-list simply moves. See [6] for detail of the "inetnum" object definition. The information in the old inetnum object inetnum: 192.87.45.0 netname: RIPE-NCC descr: RIPE Network Coordination Centre descr: Amsterdam, Netherlands country: NL admin-c: Daniel Karrenberg tech-c: Marten Terpstra connect: RIPE NSF WCW aut-sys: AS3333 comm-list: SURFNET ias-int: 192.87.45.80 AS1104 ias-int: 192.87.45.6 AS2122 ias-int: 192.87.45.254 AS2600 rev-srv: ns.ripe.net rev-srv: ns.eu.net notify: ops(a)ripe.net changed: tony(a)ripe.net 940110 source: RIPE will be distributed over two objects: ripe-1nn.txt July, 1994 - 15 - inetnum: 192.87.45.0 netname: RIPE-NCC descr: RIPE Network Coordination Centre descr: Amsterdam, Netherlands country: NL admin-c: Daniel Karrenberg tech-c: Marten Terpstra rev-srv: ns.ripe.net rev-srv: ns.eu.net notify: ops(a)ripe.net changed: tony(a)ripe.net 940110 source: RIPE route: 192.87.45.0/24 descr: RIPE Network Coordination Centre origin: AS3333 comm-list: SURFNET changed: dfk(a)ripe.net 940427 source: RIPE The route object is used to represent a single route originated into the Internet routing mesh. The actual syntax is given in Appendix D. However, there are several important aspects of the attributes worthy of note. The value of the route attribute will be a classless address. It represents the exact route being injected into the routing mesh. The representation of classless addresses is described in [10]. The value of the origin attribute will be an AS reference of the form AS1234 referring to an aut-num object. It represents the AS injecting this route into the routing mesh. The "aut-num" object (see below) thus referenced provides all the contact information for this route. Special cases: There can only be a single originating AS in each route object. However in todays Internet sometimes a route is injected by more than one AS. This situation is potentially dangerous as it can create conflicting routing policies for that route and requires coordination between the originating ASes. In the routing registry this is represented by multiple route objects. This is a departure from the one route (net), one AS principle of the ripe-81 routing registry. The consequences for the different tools based in the routing registry will need to be evaluated and possibly additional consistency checking of the database is needed. ripe-1nn.txt July, 1994 - 16 - The examples below will illustrate the usage of the route object further. Suppose three chunks of address space of 2 different enterprises represented by the following inetnum objects: Examples inetnum: 193.0.1.0 netname: ENT-1 descr: Enterprise 1 ... inetnum: 193.0.8.0 netname: ENT-2 descr: Enterprise 2 ... inetnum: 193.0.9.0 netname: ENT-2-SPEC descr: Enterprise 2 ... Supposing that the Enterprises have their own AS numbers straight application of routing without aggregation would yield: route: 193.0.1.0/24 descr: Enterprise 1 origin: AS1 ... route: 193.0.8.0/24 descr: Enterprise 2 origin: AS2 ... route: 193.0.9.0/24 descr: Enterprise 2 origin: AS2 ... NB: This representation can be achieved by straight translation from the ripe-81 representation. See Appendix G for more details. Homogeneous Aggregation The two chunks of address space of Enterprise 2 can be represented by one aggregate route turning two route objects into one and poten- tially saving routing table space for one route. ripe-1nn.txt July, 1994 - 17 - route: 193.0.8.0/23 descr: Enterprise 2 origin: AS2 ... Note that AS2 can also decide to originate all routes mentioned so far, two 24-bit prefixes and one 23-bit prefix. This case would be represented by storing all three route objects in the database. In this particular example the additional routes will not add any func- tionality however and only increase the amount of routes announced unnecessarily. Heterogeneous Aggregation Consider the following case however: route: 193.0.8.0/24 descr: Enterprise 2 origin: AS2 ... route: 193.0.9.0/24 descr: Enterprise 2 / Special origin: AS2 comm-list: SPECIAL ... Now the prefix 193.0.9.0/24 belongs to community SPECIAL (this com- munity may well not be relevant to routing) and the other prefix originated by AS2 does not. If AS2 aggregates these prefixes into the 193.0.8.0/23 prefix, routing policies based on the community value SPECIAL cannot be implemented in general, because there is no way to distinguish between the special and the not-so-special parts of AS2. If another AS has the policy to accept only routes to members of community SPECIAL it cannot implement it, because accept- ing the route to 193.0.8.0/23 would also route to 193.0.8.0/24 and not accepting this route would lose connectivity to the special part 193.0.9.0/24. We call aggregate routes consisting of components belonging to different communities or even different ASes "hetero- geneous aggregates". The problems introduced with heterogeneous aggregates are that once the homogeneous routes are withdrawn one cannot tell if a more specific part of the heterogeneous has a different policy. However, if can be counter argued that knowing this policy is of little use if you cannot implement a routing policy based on the less specific (and only route present) heterogeneous aggregate. In fact, this displays a facet of CIDR itself in that one may actually compromise slight variations on policy over announcing a larger (albeit ripe-1nn.txt July, 1994 - 18 - heterogeneous in terms of policy) aggregate to save address space. However, it is still useful to be able to document these variations in policy especially when this homogeneous more specific route is just being withdrawn. For this one can use the "withdrawn" attri- bute. The withdrawn attribute can serve to both indicate that a less specific aggregate is in fact heterogeneous and also allow the gen- eral documenting of route withdrawal. So there has to be a way for AS2 to document this even if it does not originate the route to 193.0.9.0/24 any more. This can be done with the "withdrawn" attribute of the route object. The aggregate route to 193.0.8.0/23 is now be registered as: route: 193.0.8.0/23 descr: Enterprise 2 origin: AS2 ... With the two homogeneous routes marked as withdrawn from the Inter- net routing mesh but still preserving their original routing infor- mation. route: 193.0.8.0/24 descr: Enterprise 2 origin: AS2 withdrawn: 940701 ... route: 193.0.9.0/24 descr: Enterprise 2 / Special origin: AS2 comm-list: SPECIAL withdrawn: 940701 ... It should be noted that the date value used in the withdrawn attri- bute can only be in the past. Proxy Aggregation The next step of aggregation are aggregates consisting of more than one AS. This generally means one AS is aggregating on behalf of another. It is called proxy aggregation. Proxy aggregation should be done with great care and always coordinates with other providers announcing the same route. Consider the following: ripe-1nn.txt July, 1994 - 19 - route: 193.0.0.0/20 descr: All routes known by AS1 in a single package origin: AS1 ... route: 193.0.1.0/24 descr: Foo origin: AS1 withdrawn: 940310 ... route: 193.0.8.0/24 descr: Bar origin: AS2 withdrawn: 940310 ... route: 193.0.9.0/24 descr: Bar-2 origin: AS2 withdrawn: 940310 comm-list: SPECIAL ... If AS1 announced no other routes to a single homed neighbouring AS, that neighbour can in general either take that route or leave it but not differentiate between AS1 and AS2. Note: If the neighbor was previously configured to accept routes originating in AS2 but not in AS1 they lose connectivity to AS2 as well. This means that proxy aggregation has to be done carefully and in a well coordinated fashion. The information in the withdrawn route object can help to achieve that. Aggregates with Holes If we assume that the world of our example still consists of only three chunks of address space the aggregate above contains what are called holes, parts of an aggregate that are not reachable via the originator of the route. From the routing information itself one cannot tell whether these are holes and what part of the route falls inside one. The only way to tell is to send a packet there and see ripe-1nn.txt July, 1994 - 20 - whether it gets to the destination, or an ICMP message is received back, or there is silence. On the other hand announcing aggregates with holes is quite legitimate. Consider a 16-bit aggregate with only one 24-bit prefix unreachable. The savings in routing table size by far outweigh the hole problem. For operational reasons however it is very useful to register these holes in the routing registry. Consider the case where a remote net- work operator experiences connectivity problems to addresses inside an aggregate route. If the packets are getting to the AS announcing the aggregate and there are no more specific routes, the normal cause of action is to get in touch with the originating AS of the aggregate route and ask them to fix the problem. If the address falls into a hole this is futile. Therefore problem diagnosis can be sped up and unnecessary calls prevented by registering the holes in the routing registry. We do this by using the "hole" attribute. In our example the representation would be: route: 193.0.0.0/20 descr: All routes known by AS1 origin: AS1 hole: 193.0.0.0/24 hole: 193.0.2.0/23 hole: 193.0.4.0/22 hole: 193.0.10.0/23 hole: 193.0.12.0/22 ... Note: there would also be two routes with the withdrawn attribute as displayed above (i.e. 193.0.8.0/24 and 193.0.9.0/24) Multiple Proxy Aggregation Finally suppose that AS2 decides to announce the same aggregate, they would add the following route object to the registry: route: 193.0.0.0/20 descr: All routes known by AS2 origin: AS2 hole: 193.0.0.0/24 hole: 193.0.2.0/23 hole: 193.0.4.0/22 hole: 193.0.10.0/23 hole: 193.0.12.0/22 ... As per the update procedures below both AS1 and AS2 will be notified that there already is a route to the same prefix in the registry. This multiple proxy aggregation is very dangerous to do if the sub- ripe-1nn.txt July, 1994 - 21 - aggregates of the route are not the same. It is still dangerous when the sub-aggregates are consistent but connectivity to the sub- aggregates varies widely between the originators. Route object update procedures Adding a route object will be have to be authorised by the guardian of the originating AS. The actual implementation of this is outside the scope of this document. This guarantees that an AS guardian has full control over the registration of the routes it announces. What is an Inter-AS network ? An inter-AS network(3) exists for the purpose of passing traffic and routing information between different autonomous systems. The most simple example of an inter-AS network is a point-to-point link, con- necting exactly two ASes. Each end of such a link is connected to an interface of router belonging to each of the autonomous systems. More complex examples are broadcast type networks with multiple interfaces connecting multiple ASes with the possibility of more than one connection per AS. Consider the following example of three routers 1, 2 and 3 with interfaces a through f connected by two inter-AS networks X and Y: X Y a1b --- c2d --- e3f Suppose that network X is registered in the routing registry as part of AS1 and net Y as part of AS3. If traffic passes from left to right prtraceroute will report the following sequence of interfaces and ASes: a in AS1 c in AS1 e in AS3 The traceroute algorithm enumerates only the receiving interfaces on the way to the destination. In the example this leads to the pas- sage of AS2 going unnoticed. This is confusing to the user and will also generate exceptions when the path found is checked against the routing registry. _________________________ (3) Inter-AS IP networks are those networks are currently called FIXes, IXFs, DMZs, NAPs, GIX and many other acronyms. ripe-1nn.txt July, 1994 - 22 - For operational monitoring tools such as prtraceroute it is neces- sary to know which interface on an inter-AS network belongs to which AS. If AS information is not known about interfaces on an inter-AS network, tools like prtraceroute cannot determine correctly which ASes are being traversed. All interfaces on inter-AS networks will be described in a separate object know as the `border-router' object. This is still to be defined. ripe-1nn.txt July, 1994 - 23 - 6. The Autonomous System Object Autonomous Systems An Autonomous System (AS) is a group of IP networks run by one or more network operators which has a single and clearly defined rout- ing policy. An AS has a unique number associated with it which is used both in exchange of exterior routing information and as an identifier of the AS itself. Exterior routing protocols such as BGP and EGP are used to exchange routing information between ASes. In routing terms an AS will normally use one or more interior gate- way protocols (IGPs) in conjunction with some sort of common agreed metrics when exchanging network information within its own AS. The term AS is often confused or even misused as a convenient way of grouping together a set of networks which belong under the same administrative umbrella even if within that group of networks there are various different routing policies. We provide the "community" concept for such use. ASes can strictly have only one single rout- ing policy. The creation of an AS should be done in a conscious and well coordi- nated manner to avoid creating ASes for the sake of it, perhaps resulting in the worst case scenario of one AS per routing announce- ment. It should be noted that there is a limited number of AS numbers available. Also creating an AS may well increase the number of AS paths modern EGPs will have to keep track of. This aggravates what is known as "the routing table growth problem". This may mean that by applying the general rules for the creation and allocation of an AS below, some re-engineering may well be needed. However, this may be the only way to actually implement the desired routing policy anyway. The creation and allocation of an AS should be done with the following recommendations in mind: o Creation of an AS is only required when exchanging routing information with other ASes. Some router implementations make use of an AS number as a form of tagging to identify the rout- ing process. However, it should be noted that this tag does not need to be unique unless routing information is indeed exchanged with other ASes. o For a simple case of customer networks connected to a single service provider, the IP network should normally be a member of the service providers AS. In terms of routing policy the IP network has exactly the same policy as the service provider and there is no need to make any distinction in routing informa- tion. This idea may at first seem slightly alien to some, but it highlights the clear distinction in the use of the AS number ripe-1nn.txt July, 1994 - 24 - as a representation of routing policy as opposed to some form of administrative use. o If a network operator connects to more than one AS with dif- ferent routing policies then they need to create their own AS. In the case of multi-homed customer networks connected to two service providers there are at least two different routing pol- icies to a given customer network. At this point the customer networks will be part of a single AS and this AS would be dis- tinct from either of the service providers ASes. This allows the customer the ability of having a different representation of policy and preference to the different service providers. This is the ONLY case where a network operator should create its own AS number. o As a general rule one should always try to populate the AS with as many routes as possible, providing all routes conform to the same routing policy. Each AS is represented in the RIPE database by both an AS object and the route objects representing the routes originated by the AS. The AS object stores descriptive, administrative and contact information about the AS as well as the routing policies of the AS in relation to all neighbouring ASes. The origin attributes of the route objects define the set of routes originated by the AS. Each route object can have exactly one origin attribute. Route objects can only be created and updated by the "guardian" of the AS and not by those immediately responsible for the particular routes referenced therein. This ensures that opera- tors, especially service providers, remain in control of AS routing announcements. The AS object itself is used to represent a description of adminis- trative details and the routing policies of the AS itself. The AS object definition is depicted as follows. ripe-1nn.txt July, 1994 - 25 - Example: aut-num: AS1104 descr: NIKHEF-H Autonomous system as-in: from AS1213 100 accept AS1213 as-in: from AS1913 100 accept AS1913 as-in: from AS1755 150 accept ANY as-out: to AS1213 announce ANY as-out: to AS1913 announce ANY as-out: to AS1755 announce AS1104 AS1913 AS1213 tech-c: Rob Blokzijl admin-c: Eric Wassenaar guardian: as-guardian(a)nikhef.nl changed: ripe-dbm(a)ripe.net 920910 source: RIPE See Appendix A for a complete syntax definition of the "aut-num" object. It should be noted that this representation provides two things: o a set of routes. o a description of administrative details and routing policies. The set of routes can be used to generate network list based confi- guration information as well as configuration information for exte- rior routing protocols knowing about ASes. This means an AS can be defined and is useful even if it does not use routing protocols which know about the AS concept. ripe-1nn.txt July, 1994 - 26 - Description of local connections between ASes - "interas- in/interas-out". Often two ASes will have more than one physical connection between them. In practice certain local policies my be placed on these inter-AS connections as agreed by the two ASes. If we look at the simple example below. Example: LINK1 +----------+ |a b| AS1------AS2 AS3-----AS4 |c d| +----------+ LINK2 It may be that AS2 prefers to get to AS3 on LINK1 (a and b being the interface addresses of this link) and to AS4 on LINK2 (c and d being the interface addresses of this link) with LINK2 as a backup for AS3. Whilst this is purely of local information and at the AS level will have no significance per se to any other ASes except AS2 and AS3 this may be useful to represent. The way this is done is by using the attributes "interas-in" and "interas-out". The exact syn- tax is given in Appendix A. However, if we follow this example through in terms of AS2 we would represent this policy as follows: Example: SYNTAX TO BE PROPOSED BY MERIT Here we see additional local link based information in terms of the IP addresses of the link (in this example represented by a and b and c and d respectively). It should be noted that the preference on interas-in attributes is only of relevance to other interas-in lines and not to as-in lines. Of course this type on inter-AS policy should always be bilaterally agreed to avoid asymmetry and in prac- tice there may need to be corresponding interas-in attributes in the policy representation of AS3. It should also be noted that there are no interas-out attributes defined. In this case the general policy is assumed. The key difference between interas-in/interas-out and as-in/as-in attributes is the former describes a local inter-AS policy and the latter the general inter-AS policy as seen by other ASes. The gen- eral policy should always be defined. The local inter-AS policy should only be defined when such a policy really exists and the ripe-1nn.txt July, 1994 - 27 - implications of setting such policies is fully understood. ripe-1nn.txt July, 1994 - 28 - How to describe the exclusion policy of a certain AS - "as-exclude" Some ASes have a routing policy based on the exclusion of certain routes if for whatever reason a certain AS is used as transit. Whilst, this is in general not good practice as it makes implicit assumptions on topology with asymmetry a possible outcome if not coordinated, this case needs to be accommodated within the routing policy representation. The way this is achieved is by making use of the "as-exclude" attri- bute. The precise syntax of this attribute can be found in Appendix A along with the rest of the defined syntax for the "aut-num" object. However, some explanation of the use of this attribute is useful. If we have the following example topology. Example: AS4--------AS3 | | | | | | AS1--------AS2--------AS5 With a simple corresponding policy like so: Example: aut-num: AS1 as-in: from AS2 100 accept ANY as-out: to AS2 announce AS1 as-exclude: exclude AS4 to ANY .... We see an interesting policy. What this says in simple terms is AS1 doesn't want to reach anything if it transit AS4. This can be a per- fectly valid policy. However, it should be realised that for what- ever reason AS2 decides to route to AS3 via AS4 then immediately AS1 has no connectivity to AS3 or if AS1 is running default to AS2 pack- ets from AS1 will still flow via AS4. The important point about this is that whilst AS1 can advise its neighbours of its policy it has no direct control on how it can enforce this policy to neighbours upstream. Another interesting scenario to highlight the unexpected result of using such an "as-exclude" policy. If we assume in the above example AS2 preferred AS4 to reach AS3 and AS1 did not use default routing then as stated AS1 would have no connectivity to AS3. Now lets sup- pose that for example the link between AS2 and AS4 went down for some reason. Like so: ripe-1nn.txt July, 1994 - 29 - Example: AS4--------AS3 | | AS1--------AS2--------AS5 Suddenly AS1 now has connectivity to AS3. This unexpected behavior should be considered when created policies based on the "as-exclude" attribute. The second problem with this type of policy is the potential of asymmetry. In the original example we saw the correct policy from AS1's point of view but if ASes with connectivity through AS4 do not use a similar policy you have asymmetric traffic and policy. If an AS uses such a policy they must be aware of the consequences of its use. Namely that the specified routes which transit the AS (i.e. routing announcements with this AS in the AS path information) in question will be excluded. If not coordinated this can easily cause asymmetry or even worse loss of connectivity to unknown ASes behind (or in front for that matter) the transit AS in question. With this in mind this attribute can only be viewed as a form of advisory to other service providers. However, this does not preclude its use with policy based tools if the attribute exists. By having the ability to specify a route keyword based on any of the four notations given in the syntax it allows the receiving AS to specify what routes it wishes to exclude through a given transit AS to a network granularity. ripe-1nn.txt July, 1994 - 30 - 7. AS Macros It may be difficult to keep track of each and every new AS that is represented in the routing registry. A convenient way around this is to define an `AS Macro' which essentially is a convenient way to group ASes. This is done so that each and every AS guardian does not have to add a new AS to it's routing policy as described by the as- in and as-out attributes of it's AS object. However, it should be noted that this creates an implicit trust on the guardian of the AS-Macro. An AS-Macro can be used in <routing policy expressions> for the "as-in" and "as-out" attributes in the aut-num object. The AS-Macro object is then used to derive the list or group of ASes. A simple example would be something like: Example: aut-num: AS786 as-in: from AS1755 100 accept AS-EBONE AND NOT AS1104 as-in: from AS1755 100 accept AS-EBONE AND NOT AS1104 as-out to AS1755 announce AS786 ..... Where the as-macro object for AS-EBONE is as follows: as-macro: AS-EBONE descr: ASes routed by EBONE as-list: AS2121 AS1104 AS2600 AS2122 as-list: AS1103 AS1755 AS2043 guardian: guardian(a)ebone.net ...... So the policy would be evaluated to: aut-num: AS786 as-in: from AS1755 100 accept (AS2121 OR AS1104 OR AS2600 OR AS2122 as-in: from AS1755 100 accept AS1103 OR AS1755 OR AS2043) AND NOT AS1104 ...... It should be noted that the above examples incorporates the rule for line wrapping as defined in Appendix A for policy lines. See Appen- dix C for a definition on the AS-Macro syntax. ripe-1nn.txt July, 1994 - 31 - 8. The Community Object A community is a group of routes that cannot be represented by an AS or a group of ASes. It is in some circumstances useful to define a group of routes that have something in common. This could be a spe- cial access policy to a supercomputer centre, a group of routes used for a specific mission, or a disciplinary group that is scattered among several autonomous systems. Also these communities could be useful to group routes for the purpose of network statistics. Communities do not exchange routing information, since they do not represent an autonomous system. More specifically, communities do not define routing policies, but access or usage policies. However, they can de used as in conjunction with an ASes routing policy to define a set of routes the AS sets routing policy for. Communities should be defined in a strict manner, to avoid creating as many communities as there are routes, or even worse. Communities should be defined following the two rules below; o Communities must have a global meaning. Communities that have no global meaning, are used only in a local environment and should be avoided. o Communities must not be defined to express non-local policies. It should be avoided that a community is created because some other organisation forces a policy upon your organisation. Communities must only be defined to express a policy defined by your organisation. Community examples There are some clear examples of communities: BACKBONE - all customers of a given backbone service provider even though they can have various different routing policies and hence belong to different ASes. This would be extremely useful for statistics collection. HEPNET - the High Energy Physics community partly shares infrastructure with other organisations, and the institutes it consists of are scattered all over Europe, often being part of a non HEPNET autonomous system. To allow statistics, access or part of a routing policy , a community HEPNET, consisting of all routes that are part of HEPNET, conveniently groups all these routes. ripe-1nn.txt July, 1994 - 32 - NSFNET - the National Science Foundation Network imposes an acceptable use policy on routes that wish to make use of it. A community NSFNET could imply the set of routes that comply with this pol- icy. MULTI - a large multinational corporation that does not have its own internal infrastructure, but connects to the various parts of its organisations by using local service providers that connect them all together, may decide to define a community to restrict access to their networks, only by networks that are part of this community. This way a corporate network could be defined on shared infrastructure. Also, this community could be used by any of the service providers to do statistics for the whole of the corporation, for instance to do topology or bandwidth plan- ning. Similar to Autonomous systems, each community is represented in the RIPE database by both a community object and community tags on the route objects representing the routes belonging to the community. The community object stores descriptive, administrative and contact information about the community. The community tags on the route objects define the set of routes belonging to a community. A route can have multiple community tags. The community tags can only be created and updated by the "guardian" of the community and not by those directly responsible for the par- ticular network. This ensures that guardians remain in control of community membership. Here's an example of how this might be represented in terms of the community tags within the network object. We have an example where the route 192.16.199.0/24 has a single routing policy (i.e. that of AS 1104), but is part of several different communities of interest. We use the tag "comm-list" to represent the list of communities associated with this route. NIKHEF-H uses the service provider SURFNET (a service provider with customers with more than one rout- ing policy), is also part of the High Energy Physics community as well as having the ability to access the Supercomputer at CERN(4). _________________________ (4) The community `CERN-SUPER', is somewhat national, but is intended as an example of a possible use of an access policy constraint. ripe-1nn.txt July, 1994 - 33 - Example: route: 192.16.199.0/24 descr: Local Ethernet descr: NIKHEF section H origin: AS1104 comm-list: HEPNET CERN-SUPER SURFNET changed: ripe-dbm(a)ripe.net 920604 source: RIPE In the above examples some communities have been defined. The com- munity object itself will take the following format: Example: community: SURFNET descr: Dutch academic research network authority: SURFnet B.V. guardian: comm-guardian(a)surfnet.nl admin-c: Erik-Jan Bos tech-c: Erik-Jan Bos changed: ripe-dbm(a)ripe.net 920604 source: RIPE For a complete explanation of the syntax please refer to Appendix B. ripe-1nn.txt July, 1994 - 34 - 9. Representation of Routing Policies Routing policies of an AS are represented in the autonomous system object. Initially we show some examples, so the reader is familiar with the concept of how routing information is represented, used and derived. Refer to Appendix A, for the full syntax of the "aut-num" object. The topology of routing exchanges is represented by listing how routing information is exchanged with each neighbouring AS. This is done separately for both incoming and outgoing routing information. In order to provide backup and back door paths a relative cost is associated with incoming routing information. Example 1: AS1------AS2 This specifies a simple routing exchange of two presumably isolated ASes. Even if either of them has routing information about routes in ASes other than AS1 and AS2, none of that will be announced to the other. aut-num: AS1 as-out: to AS2 announce AS1 as-in: from AS2 100 accept AS2 aut-num: AS2 as-out: to AS1 announce AS2 as-in: from AS1 100 accept AS1 The number 100 in the in-bound specifications is a relative cost, which is used for backup and back door routes. The absolute value is of no significance. The relation between different values within the same AS object is. A lower value means a lower cost. This is cons- ciously similar to the cost based preference scheme used with DNS MX RRs. Example 2: Now suppose that AS2 is connected to one more AS, besides AS1, and let's call that AS3: AS1------AS2------AS3 ripe-1nn.txt July, 1994 - 35 - In this case there are two reasonable routing policies: a) AS2 just wants to exchange traffic with both AS1 and AS3 itself without passing traffic between AS1 and AS3. b) AS2 is willing to pass traffic between AS3 and AS1, thus acting as a transit AS Example 2a: In the first case AS1's representation in the routing registry will remain unchanged as will be the part of AS2's representation describing the routing exchange with AS1. A description of the addi- tional routing exchange with AS3 will be added to AS2's representa- tion: aut-num: AS1 as-out: to AS2 announce AS1 as-in: from AS2 100 accept AS2 aut-num: AS2 as-out: to AS1 announce AS2 as-in: from AS1 100 accept AS1 as-out: to AS3 announce AS2 as-in: from AS3 100 accept AS3 aut-num: AS3 as-out: to AS2 announce AS3 as-in: from AS2 100 accept AS2 Note that in this example, AS2 keeps full control over its resources. Even if AS3 and AS1 were to allow each others routes in from AS2, the routing information would not flow because AS2 is not announcing it(5). Example 2b: If contrary to the previous case, AS1 and AS3 are supposed to have connectivity to each other via AS2, all AS objects have to change: _________________________ (5) Of course AS1 and AS3 could just send traffic to each other to AS2 even without AS2 announcing the routes, hoping that AS2 will forward it correctly. Such questionable practices however are beyond the scope of this document. ripe-1nn.txt July, 1994 - 36 - aut-num: AS1 as-out: to AS2 announce AS1 as-in: from AS2 100 accept AS2 AS3 aut-num: AS2 as-out: to AS1 announce AS2 AS3 as-in: from AS1 100 accept AS1 as-out: to AS3 announce AS2 AS1 as-in: from AS3 100 accept AS3 aut-num: AS3 as-out: to AS2 announce AS3 as-in: from AS2 100 accept AS1 AS2 Note that the amount of routing information exchanged with a neigh- bour AS is defined in terms of routes belonging to ASes. In BGP terms this is the AS where the routing information originates and the originating AS information carried in BGP could be used to implement the desired policy. However, using BGP or the BGP AS-path information is not required to implement the policies thus speci- fied. Configurations based on route lists can easily be generated from the database. The AS path information, provided by BGP can then be used as an additional checking tool as desired. The specification understands one special expression and this can be expressed as a boolean expressions: ANY - means any routing information known. For output this means that all routes an AS knows about are announced. For input it means that anything is accepted from the neighbour AS. ripe-1nn.txt July, 1994 - 37 - Example 3: AS4 is a stub customer AS, which only talks to service provider AS123. | | -----AS123------AS4 | | aut-num: AS4 as-out: to AS123 announce AS4 as-in: from AS123 100 accept ANY aut-num: AS123 as-in: from AS4 100 accept AS4 as-out: to AS4 announce ANY <further neighbours> Since AS4 has no other way to reach the outside world than AS123 it is not strictly necessary for AS123 to send routing information to AS4. AS4 can simply send all traffic for which it has no explicit routing information to AS123 by default. This strategy is called default routing. It is expressed in the routing registry by adding one or more default tags to the autonomous system which uses this strategy. In the example above this would look like: aut-num: AS4 as-out: to AS123 announce AS4 default: AS123 100 aut-num: AS123 as-in: from AS4 100 accept AS4 <further neighbours> ripe-1nn.txt July, 1994 - 38 - Example 4: AS4 now connects to a different operator, AS5. AS5 uses AS123 for outside connectivity but has itself no direct connection to AS123. AS5 traffic to and from AS123 thus has to pass AS4. AS4 agrees to act as a transit AS for this traffic. | | -----AS123------AS4-------AS5 | | aut-num: AS4 as-out: to AS123 announce AS4 AS5 as-in: from AS123 100 accept ANY as-out: to AS5 announce ANY as-in: from AS5 50 accept AS5 aut-num: AS5 as-in: from AS4 100 accept ANY as-out: to AS4 announce AS5 aut-num: AS123 as-in: from AS4 100 accept AS4 AS5 as-out: to AS4 announce ANY <further neighbours> Now AS4 has two sources of external routing information. AS5 which provides only information about its own routes and AS123 which pro- vides information about the external world. Note that AS4 accepts information about AS5 from both AS123 and AS5 although AS5 informa- tion cannot come from AS123 since AS5 is connected only via AS4 itself. The lower cost of 50 for the announcement from AS5 itself compared to 100 from AS123 ensures that AS5 is still believed even in case AS123 will unexpectedly announce AS5. In this example too, default routing can be used by AS5 much like in the previous example. AS4 can also use default routing towards AS123: ripe-1nn.txt July, 1994 - 39 - aut-num: AS4 as-out: to AS123 announce AS4 AS5 default: AS123 11 as-in: from AS5 50 accept AS5 Note no announcements to AS5, they default to us. aut-num: AS5 as-out: to AS4 announce AS5 default: AS4 100 aut-num: AS123 as-in: from AS4 100 announce AS4 AS5 <further neighbours> Note that the relative cost associated with default routing is totally separate from the relative cost associated with in-bound announcements. The default route will never be taken if an explicit route is known to the destination. Thus an explicit route can never have a higher cost than the default route. The relative cost asso- ciated with the default route is only useful in those cases where one wants to configure multiple default routes for redundancy. Note also that in this example the configuration using default routes has a subtly different behavior than the one with explicit routes: In case the AS4-AS5 link fails AS4 will send traffic to AS5 to AS123 when using the default configuration. Normally this makes not much difference as there will be no answer and thus little traffic. With certain datagram applications which do not require acknowledgments however, significant amounts of traffic may be use- lessly directed at AS123. Similarly default routing should not be used if there are stringent security policies which proscribe any traffic intended for AS5 to ever touch AS123. Generally it can be said that default routing should only be used in very simple topologies. Once the situation gets more complex using default routes can lead to unexpected results or even defeat the routing policies established when links fail. As an example consider how Example 5a) below could be implemented using default routing. ripe-1nn.txt July, 1994 - 40 - Example 5: In a different example AS4 has a private connection to AS6 which in turn is connected to the service provider AS123: | | -----AS123------AS4 | | | | | | AS6 ---------+ There are a number of policies worth examining in this case: a) AS4 and AS6 wish to exchange traffic between themselves exclusively via the private link between themselves; such traffic should never pass through the backbone (AS123). The link should never be used for transit traffic, i.e. traffic not both originating in and destined for AS4 and AS6. b) AS4 and AS6 wish to exchange traffic between themselves via the private link between themselves. Should the link fail, traffic between AS4 and AS6 should be routed via AS123. The link should never be used for transit traffic. c) AS4 and AS6 wish to exchange traffic between themselves via the private link between themselves. Should the link fail, traffic between AS4 and AS6 should be routed via AS123. Should the connection between AS4 and AS123 fail, traffic from AS4 to des- tinations behind AS123 can pass through the private link and AS6's connection to AS123. d) AS4 and AS6 wish to exchange traffic between themselves via the private link between themselves. Should the link fail, traffic between AS4 and AS6 should be routed via AS123. Should the backbone connection of either AS4 or AS6 fail, the traffic of the disconnected AS should flow via the other AS's backbone connection. ripe-1nn.txt July, 1994 - 41 - Example 5a: aut-num: AS4 as-in: from AS123 100 accept NOT AS6 as-out: to AS123 announce AS4 as-in: from AS6 50 accept AS6 as-out: to AS6 announce AS4 aut-num: AS123 as-in: from AS4 100 accept AS4 as-out: to AS4 announce ANY as-in: from AS6 100 accept AS6 as-out: to AS6 announce ANY <further neighbours> aut-num: AS6 as-in: from AS123 100 accept NOT AS4 as-out: to AS123 announce AS6 as-in: from AS4 50 accept AS4 as-out: to AS4 announce AS6 Note that here the configuration is slightly inconsistent. AS123 will announce AS6 to AS4 and AS4 to AS6. These announcements will be filtered out on the receiving end. This will implement the desired policy. Consistency checking tools might flag these cases however. ripe-1nn.txt July, 1994 - 42 - Example 5b: aut-num: AS4 as-in: from AS123 100 accept ANY as-out: to AS123 announce AS4 as-in: from AS6 50 accept AS6 as-out: AS6 AS4 aut-num: AS123 as-in: AS4 100 AS4 as-out: AS4 ANY as-in: AS6 100 AS6 as-out: AS6 ANY <further neighbours> aut-num: AS6 as-in: from AS123 100 accept ANY as-out: to AS123 announce AS6 as-in: from AS4 50 accept AS4 as-out: to AS4 announce AS6 The thing to note here is that in the ideal operational case, `all links working' AS4 will receive announcements for AS6 from both AS123 and AS6 itself. In this case the announcement from AS6 will be preferred because of its lower cost and thus the private link will be used as desired. AS6 is configured as a mirror image. ripe-1nn.txt July, 1994 - 43 - Example 5c: The new feature here is that should the connection between AS4 and AS123 fail, traffic from AS4 to destinations behind AS123 can pass through the private link and AS6's connection to AS123. aut-num: AS4 as-in: from AS123 100 accept ANY as-out: to AS123 announce AS4 as-in: from AS6 50 accept AS6 as-in: from AS6 110 accept ANY as-out: to AS6 AS4 aut-num: AS123 as-in: from AS4 1 accept AS4 as-out: to AS4 announce ANY as-in: from AS6 1 accept AS6 as-in: from AS6 2 accept AS4 as-out: to AS6 announce ANY <further neighbours> aut-num: AS6 as-in: from AS123 100 accept ANY as-out: to AS123 AS6 announce AS4 as-in: from AS4 50 accept AS4 as-out: to AS4 announce ANY Note that it is important to make sure to propagate routing informa- tion for both directions in backup situations like this. Connec- tivity in just one direction is not useful at all for almost all applications. Note also that in case the AS6-AS123 connection breaks, AS6 will only be able to talk to AS4. The symmetrical case (5d) is left as an exercise to the reader. 10. Future Extensions We envision that over time the requirements for describing routing policy will evolve. The routing protocols will evolve to support the requirements and the routing policy description syntax will need to evolve as well. For that purpose, a separate document will describe experimental syntax definitions for policy description. This docu- ment will be updated when new objects or attributes are proposed or modified. Two new attributes of the AS object which are proposed and supported by the Merit Routing Registry are as-transit and db-selector. as-transit describes the transit preferences of an AS. It allows an AS to describe its path preference in order to reach certain ripe-1nn.txt July, 1994 - 44 - destinations. The AS(s) specified in the path preference may or may not be an immediate neighbor of the AS defined in the AS object. as-transit accommodates policy decisions involving AS path whereas as-in and as-out do not. It is not unusual for ASs to have routing policies which involve path selection based on AS. Emerging proto- cols like SDRP [13] will allow an AS to choose a path independent of a neighboring ASs path choice. as-transit permits descriptions based on AS path selection. The DataBase Selector (db-selector) function allows one to take advantage of information registered in other Registries. It permits the selection of networks in a database based on their attributes. It is proposed to be used within the as-in/as-out attribute family to make the description of policy concise. For example, if an AS has the policy of not accepting any routes from country XYZ, the AS can use the db-selector to check a database which has a network and country attribute and relate that information to the information in the routing registry. The advantage of referencing another database is that the routing registry will avoid duplicating the information maintained in other information registries. Detailed examples and syntax are described in document ???? [14]. ripe-1nn.txt July, 1994 - 45 - 11. References [1] Bates, T., Jouanigot, J-M., Karrenberg, D., Lothberg, P., Terpstra, M., "Representation of IP Routing Policies in the RIPE Database", RIPE-81, February 1993. [2] Merit Network Inc.,"Representation of Complex Routing Policies of an Autonomous System", DRAFT, March, 1994. [3] PRIDE Tools Release 1. See ftp.ripe.net:pride/tools/pride-tools-1.tar.Z. [4] Merit Inc. RRDB Tools. See rrdb.merit.edu:pub/meritrr/* [5] The Network List Compiler. See dxcoms.cern.ch:pub/ripe-routing-wg/nlc-2.2d.tar [6] Lord, A., Terpstra, M., "RIPE Database Template for Networks and Persons", DRAFT, May 1994. [7] Karrenberg, D., "RIPE Database Template for Domains", RIPE-49, April 1992. [8] Lougheed, K., Rekhter, Y., "A Border Gateway Protocol 3 (BGP- 3)", RFC1267, October 1991. [9] Rekhter, Y., Li, T., "A Border Gateway Protocol 4 (BGP-4)", INTERNET-DRAFT, draft-ietf-bgp-bgp4-10.txt, May 1994. [10] Bates, T., Karrenberg, D., Terpstra, M., "Support for Classless Internet Addresses in the RIPE Database", DRAFT, May 1994. [11] Karrenberg, D., "Authorisation and Notification of Changes in the RIPE Database", RIPE-96, October 1993. [12] Bates, T., "Support of Guarded fields within the RIPE Data- base", ripe-108, February 1994. [13] Estrin, D., Li, T., Rekhter, Y., Varadhan, K., "Source Demand Routing: Packet Format and Forwarding Specification (Version 1)", INTERNET-DRAFT, draft-ietf-sdr-sdrp-04.txt, March 1994. [14] ?????, "Experimental Objects and attributes for the Routing Registry, ???, ????. ripe-1nn.txt July, 1994 - 46 - 12. Author's Addresses Tony Bates RARE/PRIDE Project c/o RIPE Network Coordination Centre Kruislaan 409 NL-1098 SJ Amsterdam The Netherlands +31 20 592 5064 T.Bates(a)ripe.net Elise Gerich The University of Michigan Merit Computer Network 1075 Beal Avenue Ann Arbor, MI 48109 USA +1 313 936 2120 epg(a)merit.edu Laurent Joncheray The University of Michigan Merit Computer Network 1075 Beal Avenue Ann Arbor, MI 48109 USA +1 313 936 2065 lpj(a)merit.edu Jean-Michel Jouanigot CERN, European Laboratory for Particle Physics CH-1211 Geneva 23 Switzerland +41 22 767 4417 Jean-Michel.Jouanigot(a)cern.ch Daniel Karrenberg RIPE Network Coordination Centre Kruislaan 409 NL-1098 SJ Amsterdam The Netherlands +31 20 592 5065 D.Karrenberg(a)ripe.net ripe-1nn.txt July, 1994 - 47 - Marten Terpstra PRIDE Project c/o RIPE Network Coordination Centre Kruislaan 409 NL-1098 SJ Amsterdam The Netherlands +31 20 592 5064 M.Terpstra(a)ripe.net Jessica Yu The University of Michigan Merit Computer Network 1075 Beal Avenue Ann Arbor, MI 48109 USA +1 313 936 2655 jyy(a)merit.edu ripe-1nn.txt July, 1994 - 48 - Appendix A - Syntax for the aut-num object. Here is a summary of the tags associated with aut-num object itself and their status. The first column specifies the attribute, the second column whether this attribute is mandatory in the aut-num object, and the third column whether this specific attribute can occur only once per object [single], or more than once [multiple]. When specifying multiple lines per attribute, the attribute name must be repeated. See [6] the example for the descr: attribute. aut-num: [mandatory] [single] descr: [mandatory] [multiple] as-in: [optional] [multiple] as-out: [optional] [multiple] interas-in: [optional] [multiple] interas-out: [optional] [multiple] as-exclude: [optional] [multiple] default: [optional] [multiple] tech-c: [mandatory] [multiple] admin-c: [mandatory] [multiple] guardian: [mandatory] [single] remarks: [optional] [multiple] notify: [optional] [multiple] maintainer: [optional] [single] changed: [mandatory] [multiple] source: [mandatory] [single] Each attribute has the following syntax: aut-num: The autonomous system number. This must be a uniquely allo- cated autonomous system number from an AS registry (i.e. the RIPE NCC, the Inter-NIC, etc). Format: AS<positive integer between 1 and 65535> Example: aut-num: AS1104 Status: mandatory, only one line allowed descr: A short description of the Autonomous System. Format: free text Status: mandatory, multiple lines allowed as-in: ripe-1nn.txt July, 1994 - 49 - Example: descr: NIKHEF section H descr: Science Park Watergraafsmeer descr: Amsterdam A description of accepted routing information between AS peers. Format: from <aut-num> <cost> accept <routing policy expression> The keywords from and accept are optional and can be omit- ted. <aut-num> refers to your AS neighbour. <cost> is a positive integer used to express a relative cost of routes learned. The lower the cost the more pre- ferred the route. <routing policy expression> can take the following for- mats. 1. A list of one or more ASes, AS Macros, Communities or Network Lists. A Network List is a list of network numbers in prefix length format, separated by commas, and surrounded by curly brackets. Examples: as-in: from AS1103 100 accept AS1103 as-in: from AS786 105 accept AS1103 as-in: from AS786 10 accept AS786 HEPNET as-in: from AS1755 110 accept AS1103 AS786 as-in: from AS3333 100 accept {192.87.45.0/16, 128.141.0.0/16} 2. A set of KEYWORDS. The following KEYWORD is currently defined: ANY this means anything the neighbour AS knows. 3. A logical expression of either 1 or 2 above The current logical operators are defined as: AND OR NOT ripe-1nn.txt July, 1994 - 50 - NOTE: if no logical operator is given between ASes, AS-macros, Communities, Network Lists and KEYWORDS it is implicitly evaluated as an `OR' operation. The OR can be left out for conciseness. Rules are grouped together using parenthesis i.e "(" and ")". Example: as-in: from AS1755 100 accept ANY AND NOT (AS1234 OR AS513) as-in: from AS1755 150 accept AS1234 OR {35.0.0.0/8} A rule can be wrapped over lines providing the associated <aut-num>, <cost> values and from and accept keywords are repeated and occur on con- secutive lines. Example: as-in: from AS1755 100 accept ANY AND NOT (AS1234 AS513) and as-in: from AS1755 100 accept ANY AND NOT ( as-in: from AS1755 100 accept AS1234 AS513) are evaluated to the same result. Please note that the ordering of these continuing lines matters. Status: optional, multiple lines allowed as-out: A description of generated routing information sent to other AS peers. Format: to <aut-num> announce <routing policy expression The to and announce keywords are optional and can be omit- ted. <aut-num> refers to your AS neighbour. <routing policy expression> is explained in the as-in attribute definition above. Example: as-out: to AS1104 announce AS978 as-out: to AS1755 announce ANY as-out: to AS786 announce ANY AND NOT (AS978) Status: optional, multiple lines allowed ripe-1nn.txt July, 1994 - 51 - interas-in: STILL TO BE PROPOSED BY MERIT Status: optional, multiple lines allowed interas-out: STILL TO BE PROPOSED BY MERIT Status: optional, multiple lines allowed as-exclude: A list of transit ASes to ignore all routes from. Format: exclude <aut-num> to <exclude-route-keyword> Keywords exclude and to are optional and can again be omitted. <aut-num> refers to the transit AS in question. an <exclude-route-keyword> can be ONE of the following. 1. <aut-num> 2. AS macro 3. Community 4. ANY Examples: as-exclude: exclude AS690 to HEPNET This means exclude any HEPNET routes which have a route via AS690. as-exclude: exclude AS1800 to AS-EUNET This means exclude any AS-EUNET routes which have a route via AS1800. as-exclude: exclude AS1755 to AS1104 This means exclude any AS1104 route which have a route via AS1755. as-exclude: exclude AS1104 to ANY This means exclude all routes which have a route via ripe-1nn.txt July, 1994 - 52 - AS1104. Status: optional, multiple lines allowed default: An indication of how default routing is done. Format: <aut-num> <relative cost> <default-expression> where <aut-num> is the AS peer you will default route to, and <relative cost> is the relative cost is a positive integer used to express a preference for default. There is no relationship to the cost used in the as-in tag. The AS peer with the lowest cost is used for default over ones with higher costs. <default-expression> is optional and provides information on how a default route is selected. It can take the fol- lowing formats: 1. static. This indicates that a default is statically configured to this AS peer. 2. A network list with the syntax as described in the as-in attribute. This indicates that this list of routes is used to generate a default route. A special but valid value in this is the special route used by some routing protocols to indicate default: 0.0.0.0/0 3. default. This is the same as {0.0.0.0/0}. This means that the routing protocol between these two peers generates a true default. Examples: default: AS1755 10 default: AS786 5 {140.222.0.0/16, 192.87.45.0/24} default: AS2043 15 default Status: optional, multiple lines allowed tech-c: Full name or uniquely assigned NIC-handle of a technical con- tact person. This is someone to be contacted for technical problems such as misconfiguration. Format: <firstname> <initials> <lastname> or <nic-handle> Example: ripe-1nn.txt July, 1994 - 53 - tech-c: John E Doe tech-c: JED31 Status: mandatory, multiple lines allowed admin-c: Full name or uniquely assigned NIC-handle of an administrative contact person. In many cases this would be the name of the guardian. Format: <firstname> <initials> <lastname> or <nic-handle> Example: admin-c: Joe T Bloggs admin-c: JTB1 Status: mandatory, multiple lines allowed guardian: Mailbox of the guardian of the Autonomous system. Format: <email-address> The <email-address> should be in RFC822 domain format wherever possible. Example: guardian: as1104-guardian(a)nikhef.nl Status: mandatory, only one line and e-mail address allowed remarks: Remarks/comments, to be used only for clarification. Format: free text Example: remarks: Multihomed AS talking to AS1755 and AS786 remarks: Will soon connect to AS1104 also. Status: optional, multiple lines allowed notify: The notify attribute contains an email address to which notifi- cations of changes to this object should be sent. See also [11]. ripe-1nn.txt July, 1994 - 54 - Format: <email-address> The <email-address> should be in RFC822 domain syntax wherever possible. Example: notify: Marten.Terpstra(a)ripe.net Status: optional, multiple lines allowed maintainer: The maintainer attribute contains a registered maintainer name. See also [11]. Format: <registered maintainer name> Example: maintainer: RIPE-DBM Status: optional, multiple lines allowed changed: Who changed this object last, and when was this change made. Format: <email-address> YYMMDD <email-address> should be the address of the person who made the last change. YYMMDD denotes the date this change was made. Example: changed: johndoe(a)terabit-labs.nn 900401 Status: mandatory, multiple lines allowed source: Source of the information. This is used to separate information from different sources kept by the same database software. For RIPE database entries the value is fixed to RIPE. Format: RIPE Status: mandatory, only one line allowed ripe-1nn.txt July, 1994 - 55 - Appendix B - Syntax details for the community object. Here is a summary of the tags associated with community object itself and their status. The first column specifies the attribute, the second column whether this attribute is mandatory in the commun- ity object, and the third column whether this specific attribute can occur only once per object [single], or more than once [multiple]. When specifying multiple lines per attribute, the attribute name must be repeated. See [6] the example for the descr: attribute. community: [mandatory] [single] descr: [mandatory] [multiple] authority: [mandatory] [single] guardian: [mandatory] [single] tech-c: [mandatory] [multiple] admin-c: [mandatory] [multiple] remarks: [optional] [multiple] notify: [optional] [multiple] maintainer: [optional] [single] changed: [mandatory] [multiple] source: [mandatory] [single] Each attribute has the following syntax: community: Name of the community. The name of the community should be descriptive of the community it describes. Format: Upper case text string which cannot start with "AS" or any of the <routing policy expression> KEYWORDS. See Appendix A. Example: community: WCW Status: mandatory, only one line allowed descr: A short description of the community represented. Format: free text Example: descr: Science Park Watergraafsmeer descr: Amsterdam Status: mandatory, multiple lines allowed ripe-1nn.txt July, 1994 - 56 - authority: The formal authority for this community. This could be an organisation, institute, committee, etc. Format: free text Example: authority: WCW LAN Committee Status: mandatory, only one line allowed guardian: Mailbox of the guardian of the community. Format: <email-address> The <email-address> should be in RFC822 domain format wherever possible. Example: guardian: wcw-guardian(a)nikhef.nl Status: mandatory, only one line and email address allowed tech-c: Full name or uniquely assigned NIC-handle of an technical con- tact person for this community. Format: <firstname> <initials> <lastname> or <nic-handle> Example: tech-c: John E Doe tech-c: JED31 Status: mandatory, multiple lines allowed admin-c: Full name or uniquely assigned NIC-handle of an administrative contact person. In many cases this would be the name of the guardian. Format: <firstname> <initials> <lastname> or <nic-handle> Example: admin-c: Joe T Bloggs admin-c: JTB1 ripe-1nn.txt July, 1994 - 57 - Status: mandatory, multiple lines allowed remarks: Remarks/comments, to be used only for clarification. Format: free text Example: remarks: Temporary community remarks: Will be removed after split into ASes Status: optional, multiple lines allowed notify: The notify attribute contains an email address to which notifi- cations of changes to this object should be send. See also [11]. Format: <email-address> The <email-address> should be in RFC822 domain syntax wherever possible. Example: notify: Marten.Terpstra(a)ripe.net Status: optional, multiple lines allowed maintainer: The maintainer attribute contains a registered maintainer name. See also [11]. Format: <registered maintainer name> Example: maintainer: RIPE-DBM Status: optional, multiple lines allowed changed: Who changed this object last, and when was this change made. Format: <email-address> YYMMDD <email-address> should be the address of the person who made the last change. YYMMDD denotes the date this change was made. ripe-1nn.txt July, 1994 - 58 - Example: changed: johndoe(a)terabit-labs.nn 900401 Status: mandatory, multiple lines allowed source: Source of the information. This is used to separate information from different sources kept by the same database software. For RIPE database entries the value is fixed to RIPE. Format: RIPE Status: mandatory, only one line allowed ripe-1nn.txt July, 1994 - 59 - Appendix C - AS Macros syntax definition. Here is a summary of the tags associated with as-macro object itself and their status. The first column specifies the attribute, the second column whether this attribute is mandatory in the as-macro object, and the third column whether this specific attribute can occur only once per object [single], or more than once [multiple]. When specifying multiple lines per attribute, the attribute name must be repeated. See [6] the example for the descr: attribute. as-macro: [mandatory] [single] descr: [mandatory] [multiple] as-list: [mandatory] [multiple] guardian: [mandatory] [single] tech-c: [mandatory] [multiple] admin-c: [mandatory] [multiple] remarks: [optional] [multiple] notify: [optional] [multiple] maintainer: [optional] [single] changed: [mandatory] [multiple] source: [mandatory] [single] Each attribute has the following syntax: as-macro: The name of a macro containing at least two Autonomous Systems grouped together for ease of administration. Format: AS-<string> The <string> should be in upper case and not contain any special characters. Example: as-macro: AS-EBONE Status: mandatory, only one line allowed descr: A short description of the Autonomous System Macro. Format: free text Example: descr: Macro for EBONE connected ASes Status: mandatory, multiple lines allowed ripe-1nn.txt July, 1994 - 60 - as-list: The list of ASes that make up this macro. Format: <aut-num> <aut-num> ... See Appendix A for <aut-num> definition. Example: as-list: AS786 AS513 AS1104 Status: mandatory, multiple lines allowed guardian: Mailbox of the guardian of this AS macro. Format: <email-address> The <email-address> should be in RFC822 domain format wherever possible. Example: guardian: as-ebone-guardian(a)ebone.net Status: mandatory, only one line and e-mail address allowed tech-c: Full name or uniquely assigned NIC-handle of a technical con- tact person for this macro. This is someone to be contacted for technical problems such as misconfiguration. Format: <firstname> <initials> <lastname> or <nic-handle> Examples: tech-c: John E Doe tech-c: JED31 Status: mandatory, multiple lines allowed admin-c: Full name or uniquely assigned NIC-handle of an administrative contact person. In many cases this would be the name of the guardian. Format: <firstname> <initials> <lastname> or <nic-handle> Examples: ripe-1nn.txt July, 1994 - 61 - admin-c: Joe T Bloggs admin-c: JTB1 Status: mandatory, multiple lines allowed remarks: Remarks/comments, to be used only for clarification. Format: free text Example: remarks: AS321 will be removed from this Macro shortly Status: optional, multiple lines allowed notify: The notify attribute contains an email address to which notifi- cations of changes to this object should be send. See also [11]. Format: <email-address> The <email-address> should be in RFC822 domain syntax wherever possible. Example: notify: Marten.Terpstra(a)ripe.net Status: optional, multiple lines allowed maintainer: The maintainer attribute contains a registered maintainer name. See also [11]. Format: <registered maintainer name> Example: maintainer: RIPE-DBM Status: optional, multiple lines allowed changed: Who changed this object last, and when was this change made. Format: <email-address> YYMMDD ripe-1nn.txt July, 1994 - 62 - <email-address> should be the address of the person who made the last change. YYMMDD denotes the date this change was made. Example: changed: johndoe(a)terabit-labs.nn 900401 Status: mandatory, multiple lines allowed source: Source of the information. This is used to separate information from different sources kept by the same database software. For RIPE database entries the value is fixed to RIPE. Format: RIPE Status: mandatory, only one line allowed ripe-1nn.txt July, 1994 - 63 - Appendix D - Syntax for the "route" object. There is a summary of the tags associated with community object itself and their status. The first column specifies the attribute, the second column whether this attribute is mandatory in the commun- ity object, and the third column whether this specific attribute can occur only once per object [single], or more than once [multiple]. When specifying multiple lines per attribute, the attribute name must be repeated. See [6] the example for the descr: attribute. route: [mandatory] [single] descr: [mandatory] [multiple] origin: [mandatory] [single] hole: [optional] [multiple] withdrawn: [optional] [multiple] comm-list: [optional] [multiple] remarks: [optional] [multiple] notify: [optional] [multiple] maintainer: [optional] [single] changed: [mandatory] [multiple] source: [mandatory] [single] Each attribute has the following syntax: route: Route being announced. Format: Classless representation of a route with the RIPE database known as the "prefix length" representation. See [10] for more details on classless representations. Examples: route: 192.87.45.0/24 This represents addressable bits 192.87.45.0 to 192.87.45.255. route: 192.1.128.0/17 This represents addressable bits 192.1.128.0 to 192.1.255.255. Status: mandatory, only one line allowed origin: The autonomous system announcing this route. Format: <aut-num> ripe-1nn.txt July, 1994 - 64 - See appendix A for <aut-num> syntax. Example: origin: AS1104 Status: mandatory, only one line allowed hole: Denote the parts of the address space covered this route object to which the originator does not provide connectivity. Format: Classless representation of a route with the RIPE database known as the "prefix length" representation. See [10] for more details on classless representations. It should be noted that is sub-aggregate must be a component of that registered in the route object. Example: hole: 193.0.4.0/24 Status: optional, multiple lines allowed withdrawn: Used to denote the day this route has been withdrawn from the Internet routing mesh. It should be noted that this date cannot be in the future. Format: YYMMDD YYMMDD denotes the date this route was withdrawn. Example: withdrawn: 940711 Status: optional, multiple lines allowed comm-list: List of one or more communities this route is part of. Format: <community> <community> ... See Appendix B for <community> definition. Example: comm-list: HEP LEP Status: optional, multiple lines allowed ripe-1nn.txt July, 1994 - 65 - remarks: Remarks/comments, to be used only for clarification. Format: free text Example: remarks: Multihomed AS talking to AS1755 and AS786 remarks: Will soon connect to AS1104 also. Status: optional, multiple lines allowed notify: The notify attribute contains an email address to which notifi- cations of changes to this object should be send. See also [11]. Format: <email-address> The <email-address> should be in RFC822 domain syntax wherever possible. Example: notify: Marten.Terpstra(a)ripe.net Status: optional, multiple lines allowed maintainer: The maintainer attribute contains a registered maintainer name. See also [11]. Format: <registered maintainer name> Example: maintainer: RIPE-DBM Status: optional, multiple lines allowed changed: Who changed this object last, and when was this change made. Format: <email-address> YYMMDD <email-address> should be the address of the person who made the last change. YYMMDD denotes the date this change was made. Example: ripe-1nn.txt July, 1994 - 66 - changed: johndoe(a)terabit-labs.nn 900401 Status: mandatory, multiple lines allowed source: Source of the information. This is used to separate information from different sources kept by the same database software. For RIPE database entries the value is fixed to RIPE. Format: RIPE Status: mandatory, only one line allowed ripe-1nn.txt July, 1994 - 67 - Appendix E - List of reserved words The following list of words are reserved for use within the attri- butes of the AS object. The use of these words is solely for the purpose of clarity. All keywords must be lower case. accept announce exclude from to transit Examples of the usage of the reserved words are: as-in: from neighborAS accept route as-out: to neighborAS announce route as-exclude: exclude ASpath to destination as-transit: transit ASpath to destination default: from neighborAS accept route default: to neighborAS announce route Note: that as-transit is an experimental attribute. See section 10. ripe-1nn.txt July, 1994 - 68 - Appendix F - Motivations for RIPE-81++ This appendix gives motivations for the major changes in this propo- sal from ripe-81. (It is not complete yet). The main goals of the routing registry rework are: SPLIT Separate the allocation and routing registry functions into different database objects. This will facilitate data manage- ment if the Internet registry and routing registry functions are separated (like in other parts of the world). It will also make more clear what is part of the routing registry and who has authority to change allocation vs. routing data. CIDR Add the possibility to specify classless routes in the routing registry. Classless routes are being used in Internet produc- tion now. Aggregation information in the routing registry is necessary for network layer troubleshooting. It is also neces- sary because aggregation influences routing policies directly. CALLOC Add the possibility to allocate address space on classless boundaries in the allocation registry. This is a way to preserve address space. CLEAN To clean up some of the obsolete and unused parts of the rout- ing registry. The major changes are now discussed in turn: Introduce Classless Addresses CIDR, CALLOC Introduce route object. SPLIT, CIDR and CALLOC. Delete obsolete attributes from inetnum. CLEAN. ripe-1nn.txt July, 1994 - 69 - Delete RIPE-DB and LOCAL from routing policy expressions. CLEAN Allow multiple ASes to originate the same route Because it is being done. CIDR. Made possible by SPLIT. ripe-1nn.txt July, 1994 - 70 - Appendix G - Transition strategy from RIPE-81 to RIPE-81++ Transition from the routing registry described by ripe-81 to the routing registry described in this document is a straightforward process once the new registry functions have been implemented in the database software and are understood by the most commonly used registry tools. The routing related attributes in the classful inet- num objects of ripe-81 can be directly translated into new routing objects. Then these attributes can be deleted from the inetnum object making that object conform to the new schema. Proposed transition steps: 1) Implement classless addresses and new object definition in the database software. 2) Make common tools understand the new schema and prefer it if both old and new are present. 3) Invite everyone to convert their data to the new format. This can be encouraged by doing conversions automatically and pro- posing them to maintainers. 4) At a flag day remove all remaining routing information from the inetnum objects. Before the flag day all usage of obsoleted inetnum attributes has to cease and all other routing registry functions have to be taken over by the new objects and attri- butes. The current estimate is that point three can be reached in the Sum- mer 1994 if the draft is accepted by mid-June. The flag day should be scheduled 3-4 months after this point. ripe-1nn.txt July, 1994

2 1

A slight change in the current guarded update procedure.
by Tony Bates 08 Jul '94

08 Jul '94

DB group, please note that next Tuesday I plan to send out an update to ripe-108. This represents little change except that in the future automatic block splitting will not be done by the guarded field process. This is being put in place becuase of the way we're implementing the classless database. I am sending the draft below for any immediate reactions before it gets a ripe number and is sent to all guardians. The only real change is in Section 4 which details the difference from now and the future. It provides an example of how an object can be split. We realise the implication this will have in that the guardian must liaise with the object registrar but this is something we cannot avoid. There are of course plans for alternate guardian mechanims in the future. It should also be noted that as we move toward RIPE-81++ in production this document will undoubtably change again. If you are interested in the details as to why we need to make this change please send a mail to either marten or myself. It should also be noted that whilst we will not start this technique as of Tuesday we will be encouraging all guardians to follow the "exact match" technique as soon as possible. Regards, --Tony. Support of Guarded fields within the RIPE Database Tony Bates Document-ID: ripe-??? Obsoletes: ripe-108 Status: DRAFT 1. Introduction The RIPE database contains several significant attributes which make it well suited for use as part of operational procedures and confi- guration. Most significantly are the attributes which make up the RIPE Routing Registry (RR) as specified in RIPE-81 [1][2], namely the "aut-sys" and "comm-list" attributes. For these attributes to be of use to service providers they must be: o Properly authorised. o Efficient for both maintainers of the attributes and the main- tainers of the whole database. This document describes an overview of the RIPE database attributes which are guarded, the procedure for updating these guarded attri- butes and the general use of "guarded" fields within the RIPE data- base. It should be noted that this document is an update of the ori- ginal document, ripe-108 [5]. The significant change is section 4 which provides details of the exact matching algorithm now used for updating objects. This is a change from the original method used in ripe-108. 2. The Database Guarded Attributes All the guarded attributes currently supported in the RIPE database are contained within the "inetnum" or network object. However, the association corresponds to their relevant guarded database objects. If we look at a simple example this becomes clear: ripe-???.txt 11th July, 1994 - 2 - inetnum: 192.87.45.0 netname: RIPE-NCC descr: RIPE Network Coordination Centre descr: Amsterdam, Netherlands country: NL admin-c: Daniel Karrenberg tech-c: Marten Terpstra connect: RIPE NSF WCW aut-sys: AS1104 comm-list: SURFNET ias-int: 192.87.45.80 AS1104 ias-int: 192.87.45.6 AS2122 ias-int: 192.87.45.254 AS2600 rev-srv: ns.ripe.net rev-srv: ns.eu.net notify: ops(a)ripe.net changed: tony(a)ripe.net 940110 source: RIPE This shows that the RIPE-NCC network belongs to autonomous system 1104 and is in a community known as SURFNET. This is valuable infor- mation that could easily be used for example for routing policy pur- poses (as well as other operational uses). Currently support for the following set of guarded attributes is implemented: aut-sys The "aut-sys" attribute has a direct mapping to "aut-num" objects as defined in RIPE-81. That is the Autonomous System (AS) that the network number is a part of. As defined in RIPE- 81, a network can only belong to one AS and hence the "aut-sys" attribute can only contain one AS number. The syntax of the "aut-sys" attribute is: AS<positive integer between 1 and 65535> (1). i.e. AS1104 comm-list The "comm-list" attribute has a direct mapping to "community" objects as defined in RIPE-81. A network can belong to more than one community. The syntax of "comm-list" is: Multiple text strings which cannot start with "AS" or any of the <routing policy expression> KEYWORDS defined in RIPE-81. _________________________ (1) This represents a change from RIPE-50 [3] where the "aut-sys" attribute was defined to be a positive integer only, not containing the string "AS" at the start. This change has been made to be consistent with the "aut-num" object syntax. ripe-???.txt 11th July, 1994 - 3 - As these attributes are tightly coupled to their associated objects it makes sense for these attributes to be updated not by the network maintainer but by the maintainer of the referenced object(s). The basic premise behind this is that these attributes should be used for various operational procedures such as setting routing policy, accounting and so on. For these attributes to be used by network operators for day to day operations they need to be guarded in such a way that can be trusted and are guaranteed to be unique - with any conflicts quickly and easily resolved. The procedure for achieving this is detailed below. 3. The Basic Procedure For each of the guarded attributes detailed above, a list of all networks having this attribute is kept separately from the general database itself. These lists (also called `guarded files') will be maintained and be served as the `only' source of membership informa- tion used in the database. Normal database updates `never' change these attributes. If an update includes such an attribute and a discrepancy between the values in the update and those in the data- base is found, a diagnostic message will be sent to the originator of the update and the guarded value(s) will not be affected. The attributes as defined in these files are incorporated in the data- base once a day. To ensure proper control and authorisation, these lists will be maintained at the RIPE NCC on the same machine that contains the RIPE database. The "guardians" of the corresponding database objects will have to maintain their own guarded files. The guardians are provided with individually assigned login accounts at the RIPE NCC. The guardians can themselves decide in what manner they want to update their file. The NCC will offer interactive logins, ftp logins or any other means that might be deemed useful. 3.1. Some Details As stated each guardian will be issued with an account on the cen- tral NCC machine known as `guardian.ripe.net'. This account will contain a `restricted' environment which will allow the guardian of the relevant object to update their associated guardian file (2). Wherever possible the account name issued to the guardian will be the same as the object name. For example, the guardian of the AS1104 aut-num object will receive an account known as "AS1104". With each guardian account the corresponding file will be parsed at each update run (once a day). This file will contain the list on networks associated with the object. See appendix A for details of the format and syntax of the guardian files. _________________________ (2) As stated, the mechanism for updating the guardi- an file will initially be by interactive login or file transfer. However, this doesn't preclude other mechan- isms in the future. ripe-???.txt 11th July, 1994 - 4 - A tool will also be provided within the restricted environment to syntax check the guarded file to avoid against possible typos and errors. With each account, an electronic mail address (this is a mandatory attribute for all guarded objects) will be used by the NCC and data- base software. To make this flexible for the guardian a ".forward" file with the account which can be change when required. This will mean mail sent to <guardian-name(a)guardian.ripe.net> will go the to correct guardian. 3.2. How does it work ? For each of the guarded files found on `guardian.ripe.net' the data- base software will load any guarded attribute value(s) for the net- work object(s) listed in the guarded file. This will take place at the same time as the database is garbage collected (currently at 0500 MET). If a conflict is found (i.e if more than one entry exists for an attribute which can only contain one entry, currently only "aut-sys" contains this property), the current value will remain unchanged and all guardians involved in the conflict will be sent an electronic mail message informing them of the conflict. See Appendix B for an example. If no conflict is found the attribute will be updated with the guarded value. Correspondingly, to remove a guarded attribute just remove the net- work entry from the relevant guarded file and it will be deleted at the next update run. To be notified of this delete the "notify" attribute should be used. If a guardian file contains an entry which is not in the database then the guardian will be notified as part of the conflict handling procedure. If an update is sent to the database software using another mechan- ism (i.e. mail to auto-dbm(a)ripe.net) that contains a guarded attri- bute, this will not be allowed to change the guarded attribute. If the value of the attribute is the same as what is currently registered in the database then no warnings will be given. However, if the update contains a value for a guarded attribute that is dif- ferent to that registered in the database, a warning will be sent to the originator and the guarded value will remain unchanged. Any changes of other (unguarded) fields in the update will be checked for syntactic correctness and if they pass will go through to the database irrespective of any conflicts for the guarded fields. When through the normal database update procedure an object with guarded attributes is deleted, the guardians of these guarded attri- butes will be notified of this deletion. Only deletions will be notified in this way to guardians. For normal changes the "notify" attribute of the database should be used. ripe-???.txt 11th July, 1994 - 5 - Although the guarded process will run once a day as part of the database garbage collection procedure it will also be possible to, "on request to the NCC", run an emergency guarded update process for a particular guarded object. To have complete guardian accounts removed from the NCC machine, and thus all references to this guarded value, please contact the RIPE NCC at <ripe-dbm(a)ripe.net>. Removing an account and the guardian file that goes with it means that this guarded value will not be added any longer to any of the objects in the database. 4. Block Splitting 4.1. Current implementation Whilst it was not directly stated in ripe-108. The implementation used for guarded attributes meant that if a value in a guardian file matched any value which was part of an object registered as a range in the database the object would be automatically split into separate objects by the guarded field mechanism. For example, if we had a database registered object of the following: inetnum: 193.0.0.0 - 193.0.3.0 netname: NCC-RS-TEST descr: Test networks country: NL admin-c: Tony Bates tech-c: Tony Bates tech-c: Marten Terpstra connect: RIPE changed: tony(a)ripe.net 930312 source: RIPE And we entered in the AS3333 file the entry 193.0.1.0, the guarded field mechanism would produce the following entries: inetnum: 193.0.0.0 netname: NCC-RS-TEST descr: Test networks country: NL admin-c: Tony Bates tech-c: Tony Bates tech-c: Marten Terpstra connect: RIPE changed: tony(a)ripe.net 930312 source: RIPE ripe-???.txt 11th July, 1994 - 6 - inetnum: 193.0.1.0 netname: NCC-RS-TEST descr: Test networks country: NL admin-c: Tony Bates tech-c: Tony Bates tech-c: Marten Terpstra connect: RIPE aut-sys: AS3333 changed: tony(a)ripe.net 930312 source: RIPE inetnum: 193.0.2.0 - 193.0.3.0 netname: NCC-RS-TEST descr: Test networks country: NL admin-c: Tony Bates tech-c: Tony Bates tech-c: Marten Terpstra connect: RIPE changed: tony(a)ripe.net 930312 source: RIPE Here you can see the original object (193.0.0.0 - 193.0.0.0) has been split into three objects with the 193.0.1.0 object having the associated aut-sys attribute value AS3333 added. 4.2. A change in implementation - exact match algorithm Due to implementation restrictions the current automatic splitting technique will not be used anymore. A guarded attribute will now only be updated (in accordance with the details in 3.2) if the object value and the value in the guarded file are EXACTLY the same. If they DO NOT match the guardian will be notified that the entry in the guarded file could not be found in the database. One direct implication of this is that the guardian must now know the exact value of the object registered in database before he or she can update the object with their guarded attribute value. This will mean that some manual block splitting may need to take place before the attribute can be successfully added. This is an extremely simple procedure. This produce can be summarised as the following simple steps: 1) Delete the current object 2) Send in new objects split at correct values to provide exact match needed for adding relevant guarded attributes. ripe-???.txt 11th July, 1994 - 7 - If we look at the above example of an object registered as 193.0.0.0 - 193.0.3.0 in the database and we would like to add the guarded aut-sys attribute to 193.0.1.0. We would need to send the following message to auto-dbm(a)ripe.net: inetnum: 193.0.0.0 - 193.0.3.0 netname: NCC-RS-TEST descr: Test networks country: NL admin-c: Tony Bates tech-c: Tony Bates tech-c: Marten Terpstra connect: RIPE changed: tony(a)ripe.net 930312 source: RIPE delete: tony(a)ripe.net deleted for guarded split inetnum: 193.0.0.0 netname: NCC-RS-TEST descr: Test networks country: NL admin-c: Tony Bates tech-c: Tony Bates tech-c: Marten Terpstra connect: RIPE changed: tony(a)ripe.net 930312 source: RIPE inetnum: 193.0.1.0 netname: NCC-RS-TEST descr: Test networks country: NL admin-c: Tony Bates tech-c: Tony Bates tech-c: Marten Terpstra connect: RIPE changed: tony(a)ripe.net 930312 source: RIPE ripe-???.txt 11th July, 1994 - 8 - inetnum: 193.0.2.0 - 193.0.3.0 netname: NCC-RS-TEST descr: Test networks country: NL admin-c: Tony Bates tech-c: Tony Bates tech-c: Marten Terpstra connect: RIPE changed: tony(a)ripe.net 930312 source: RIPE The key point to note is the ordering of the update sent to auto- dbm(a)ripe.net. The delete of the original entry must take place first. The split objects can then be added without any problems. The objects can of course be sent in separate messages if preferred. 5. Conclusion The update procedure as detailed above has the following advantages: o Authorisation of adding/deleting is guaranteed. o No need for mailing back and forth of authorisation messages. o Simple procedure for both database maintainers and guardians. o Guardians keep full control of their attribute. It allows for the addition of any number of guarded attributes in the future. It describes a simple but effective procedure for main- taining the guarded files whilst not precluding alternate mechanisms in the future. 6. References [1] Bates, T., Jouanigot, J-M., Karrenberg, D., Lothberg, P., Terpstra, M., "Representation of IP Routing Policies in the RIPE Database", RIPE-81, February 1993. [2] Bates, T., Karrenberg, D., "Description of Inter-AS Networks in the RIPE Routing Registry", RIPE-103, December 1993. [3] Karrenberg, D., "RIPE Database Template for Networks", RIPE-50, April 1992. [4] J.-M. Jouanigot, "Policy based routing within RIPE", May 1992. [5] Bates, T, "Support of Guarded fields within the RIPE Database", July 1994. ripe-???.txt 11th July, 1994 - 9 - Appendix A - Format of Guardian Files. We propose to keep the file format as simple as possible. The name of the file is identical to the name of guarded object. The format used within the file is kept simple. It allows lines to be either comments or the actual object entry that is to be guarded. A comment must contain either a semi-colon (;) or hash (#) at the beginning of the comment line. The object name entries must be exactly the same as they are in the database. Currently, the only object containing guarded attributes is the "inetnum" object so the file can contain either the `well-known' dotted quad network notation or RIPE dotted quad range notation. Here is a simple example of what the AS1104 guarded file would look like. The file would be stored in the home directory of the AS1104 account on guardian.ripe.net and be called AS1104 (told you it was simple). It would contain something like the following: # # File : AS1104 # ; An alternate comment format ; ; This file was updated by jan.dijkstra(a)gouda.nl ; on 940109 ; 192.16.183.0 192.16.185.0 - 192.16.186.0 192.16.194.0 192.16.199.0 192.87.45.0 Empty lines in the file are also ignored but you are encouraged to keep the file as concise as possible. As stated above, a tool known as `checkguard' will be available to make it simple to check the syntax of the guarded file. NOTE: the entry in the file must match exactly the object entry in the database. See section 4 for more details. ripe-???.txt 11th July, 1994 - 10 - Appendix B - Example of conflict handling If a conflict occurs (e.g. by listing the same network number in more than one AS guarded file), then each of the guardians involved will be notified of the conflict by electronic mail. Let's look at a simple example. Suppose the guardians for AS1104 and AS2122 update their relevant guardian files and create a conflict by having the same network in them. For this example he network in question is "192.16.183.0". Here is the AS1104 guardian file: # 192.16.183.0 192.16.185.0 192.16.186.0 192.16.194.0 192.16.199.0 192.87.45.0 And here is the AS2122 guardian file: # 192.16.183.0 193.0.0.0 - 193.0.7.0 As you can see "192.16.183.0 exists in both files. At update time the following mails are generated. Firstly, to the guardian of AS2122. Date: Fri, 14 Jan 1994 13:22:43 +0100 Message-Id: <9401141222.AA07125(a)ns.ripe.net> From: RIPE Database Conflict Handler <ripe-dbm(a)ripe.net> Subject: Guarded attributes conflicts found To: as2122(a)ripe.net Dear Guardian, One or more conflicts have been found regarding guarded attributes in the RIPE database. Some of the conflicts concern the guarded values you are a guardian for. Please verify and correct the conflicts below. The guarded values for objects below have been set to the value they had in the database before this guarded attributes run. Kind Regards, RIPE Database Conflict Department ------ "192.16.183.0" also appears in guardian files: AS1104 And similarly to the AS1104 guardian. ripe-???.txt 11th July, 1994 - 11 - Date: Fri, 14 Jan 1994 13:22:42 +0100 Message-Id: <9401141222.AA07121(a)ns.ripe.net> From: RIPE Database Conflict Handler <ripe-dbm(a)ripe.net> Subject: Guarded attributes conflicts found To: as1104(a)ripe.net Dear Guardian, One or more conflicts have been found regarding guarded attributes in the RIPE database. Some of the conflicts concern the guarded values you are a guardian for. Please verify and correct the conflicts below. The guarded values for objects below have been set to the value they had in the database before this guarded attributes run. Kind Regards, RIPE Database Conflict Department ------ "192.16.183.0" also appears in guardian files: AS2122 >From this you can see conflict can be quickly and easily resolved, assuming good collaboration between the guardians. The existing database entry will of course not be changed with regard to the guarded attribute) as long as there exists a conflict. ripe-???.txt 11th July, 1994

1 0

Re: Merging RIPE DB CLNS object (and IPng) into ripe-81++ ?
by Victor Reijs 21 Jun '94

21 Jun '94

==> From: Marcel Wiget > Any comments ? > > Kind regards, > > Marcel > Looks good to me. As long as a good synergy between IP/CIDR and CLNS/NSAP is possible, I am satisfied. As I already have said many times, the authorization of changes is in my idea even more essential for keeping a good database. I know that all earlier problems with CLNS routing, can be traced back because of these problems. All the best, Victor

1 0

Merging RIPE DB CLNS object (and IPng) into ripe-81++ ?
by Marcel Wiget 20 Jun '94

20 Jun '94

Hi all, Henk Steenman and Susan Hares are working on a proposal for 'CLNS routing-domain object for the RIPE database'. One of the aim of this proposal is to be as close to the ripe-81++ objects as possible. Now, instead of defining a new set of objects I have the following proposal: Network protocol address prefixes and hosts should be prefixed by a two character protocol identifier. For the current IP networks: IP192.87.45.0/24 For CLNS networks: NS39.756f.1111/40 Autonomous numbers (AS): AS1104 (already defined in rip-81++) Routing Domain Identifier: RD39.528f.1103 To prefix numbers would also simplify any transitions to IPng and allow the usage of the RIPE database also for other network protocols. Due to CIDR IP & NSAP network numbers are both classless and are prefixed by a number of bits. Maybe someone has a better idea about prefixes to use. I just made them equal to the already defined AS number prefix ('AS'). The following attributes from ripe-81++ would get a more general 'touch': attribute object ------------------------------- route route origin route component route inetnum inetnum New objects needed for CLNS: rdi Routing Domain Identifier (comparable to aut-num object) (maybe even these objects could be merged, especially because AS numbers can be mapped into RDI's in IDRP) rd-macro Equal to 'as-macro' object, for IDRP RDI's. Any comments ? Kind regards, Marcel IP network prefixes and IP host addresses should be prefixed by 'IP' and any other network protocol Existing ripe-81++ objects: --------------------------- aut-num community as-macro route -- e-mail: wiget(a)chx400.switch.ch \|/ Swiss Academic and Research Network phone : +41 1 268 15 30 | SWITCH, Marcel Wiget fax : +41 1 268 15 68 hb9rwm CH-8001 Zurich, Limmatquai 138

1 0

Re: Removal nameserver an rev-srv tags
by Daniele Vannozzi 24 May '94

24 May '94

On Fri, 20 May 94 18:28:53 GMT you said: >> Concerning the assumption of dns-wg about the useless of those tags and >> the absence of procedures based on them we would like to inform you that >> we are presently testing some automatic tools based exactly on those >> tags which we use before actually registering a new direct or inverse >> domain. >> Starting from the contained information, each server is queried on >> properly resolving the query. > >Do you mean, you first build the domain object, insert it into the database >and then get a list of nameservers out of it, in order to do your querying? >And only then you consider the domain configuration ok? > >If this is the case, why don't you get the NS list from the (soon to be) >primary nameserver, and if all is ok then you register the domain itself >and the domain object in the database? Or did I miss something? Artur, many thanks for your help. I think it's necessary to explain our procedure. When we receive a domain form (domain registration template) we check the primary nameserver (we use the first "nameserver:" tag to locate it). How to find otherwise that server without a nameserver tag? If the primary nameserver is reachable and properly configured we continue checking secondary nameservers which should be listed in the domain form and as NS records in the primary nameserver. The above is a useful check because many times there are discrepancies in what is "declared" and what is actually configured. In addition, if in the domain form there is our nameserver listed as a secondary, we also check the refresh time, retry time, expiration period and default ttl. Only after a successful check the domain object is added to database and the country master server is reloaded with the new information. Regards, Daniele > >We do this before registering a domain under PT... > >.artur > Daniele Vannozzi Phone: +39 50 593280 GARR-NIS Phone NIS: +39 50 593360 c/o CNUCE - Istituto del CNR Fax: +39 50 904052 Via Santa Maria 36 Telex: 500371 - CNUCE 56100 Pisa - Italy E-mail: vannozzi(a)nis.garr.it

2 1

Re: Removal nameserver an rev-srv tags
by Artur Romao 20 May '94

20 May '94

> Concerning the assumption of dns-wg about the useless of those tags and > the absence of procedures based on them we would like to inform you that > we are presently testing some automatic tools based exactly on those > tags which we use before actually registering a new direct or inverse > domain. > Starting from the contained information, each server is queried on > properly resolving the query. Do you mean, you first build the domain object, insert it into the database and then get a list of nameservers out of it, in order to do your querying? And only then you consider the domain configuration ok? If this is the case, why don't you get the NS list from the (soon to be) primary nameserver, and if all is ok then you register the domain itself and the domain object in the database? Or did I miss something? We do this before registering a domain under PT... .artur

1 0

RE: Removal nameserver an rev-srv tags
by Wilfried Woeber, UniVie/ACOnet 20 May '94

20 May '94

Dear all, >Blasco has informed us about the proposals and the decision taken during >the last Ripe meeting. >While we found all greats, we disagree about a particular proposal made >at the dns working group. To be concise, we believe obsoleting the I don't want to assess the technical merits of any decisions taken at the DNS-WG, however I'm worried about the organizational merits of any decisions that were taken in WG meetings that had to compete against the Routing-WG and the RIPE-81++ discussions. I for my part did certainly not feel having quorum in the DB-WG, and thus no decisions were taken this time. I'm also going to state this is my minutes... Wilfried. -------------------------------------------------------------------------- Wilfried Woeber : e-mail: Wilfried.Woeber(a)CC.UniVie.ac.at Computer Center - ACOnet : Vienna University : Tel: +43 1 4065822 355 Universitaetsstrasse 7 : Fax: +43 1 4065822 170 A-1010 Vienna, Austria, Europe : NIC: WW144 --------------------------------------------------------------------------

1 0

Removal nameserver an rev-srv tags
by Daniele Vannozzi 20 May '94

20 May '94

Dear all, Blasco has informed us about the proposals and the decision taken during the last Ripe meeting. While we found all greats, we disagree about a particular proposal made at the dns working group. To be concise, we believe obsoleting the rev-srv and nameserver flags from the inetnum and domain objects to not be a meaningful action. Concerning the assumption of dns-wg about the useless of those tags and the absence of procedures based on them we would like to inform you that we are presently testing some automatic tools based exactly on those tags which we use before actually registering a new direct or inverse domain. Starting from the contained information, each server is queried on properly resolving the query. Daniele & Giuliana Daniele Vannozzi Phone: +39 50 593280 GARR-NIS Phone NIS: +39 50 593360 c/o CNUCE - Istituto del CNR Fax: +39 50 904052 Via Santa Maria 36 Telex: 500371 - CNUCE 56100 Pisa - Italy E-mail: vannozzi(a)nis.garr.it

2 1

classless range notation
by Marten Terpstra 19 May '94

19 May '94

Dear folks, In a draft document sent out last week on representations of IP addresses in the RIPE database there was an invention by us, the classless range. This was in addition to the various notations used in the database currently, and the various classless notations. In the database working group at the RIPE meeting (with small attendance, since the routing working group met at the same time) there were some different ideas on the classless range notation. Some said we should simply use prefix/length notation also for assignments, but this does not allow non bit-aligned blocks registered as one in the database, others suggested some other notations. What I would like to get a feel of is whether you feel that we should allow for a representation that can contain non bit-aligned blocks, and if so how this should be represented in the inetnum object. I would like some discussion and preferably proposals and work from there. This will need to be implemented some day, and also the document should be finalized at some stage, preferably at the same time ripe-81++ is finalized. -Marten PS If you have not seen the document, it is available as: ftp.ripe.net:ripe/drafts/ripe-clarep.{ps,txt} General comments are also welcme, although it seemed that the classless range notation needs some discussion.

1 0

RE: Agenda's
by Wilfried Woeber, UniVie/ACOnet 10 May '94

10 May '94

> could I have your requirements for meeting space/time and agenda's > for the coming RIPE WG meetings? Thanks. Below please find attached the draft agenda for the Database group. I'd be more than happy to get feedback on the list of agenda items *AND* on the proposed time-slots. See you in Amsterdam! Wilfried. Draft agenda for the DB-Working-Group at RIPE-18, Amsterdam. ------------------------------------------------------------ 0. Opening (15') . appointment of scribe . amendment/rearrangement of agenda . admin x. The Classless Database (60'??) . review of requirements and scheduled changes . document review (ripe-81++, ripe-clarep, ripe-inetnum) . discussion and decision x. Database Operations Review (50') . national characters? . guardian mechanism . RIPE-Handles . any loose ends? (experiences) . documentation . retired objects/attributes? . tools x. DB-Exchange with US (30') . MeritRR . handling of invalid data . handling of retired attributes (nsf-in:, nsf-out:, decision!) . RWhois, aggrwalk, ... x. CLNS Routing Registry (30') . the Sue Hares proposal . dom-prefix: . NSAP registry Z. AOB -------------------------------------------------------------------------- Wilfried Woeber : e-mail: Wilfried.Woeber(a)CC.UniVie.ac.at Computer Center - ACOnet : Vienna University : Tel: +43 1 4065822 355 Universitaetsstrasse 7 : Fax: +43 1 4065822 170 A-1010 Vienna, Austria, Europe : NIC: WW144 --------------------------------------------------------------------------

1 0

New Draft Document available: ripe-inetnum
by RIPE NCC Draft Document Annoucement Service 10 May '94

10 May '94

Short content description ------------------------- This is to announce a draft update to the inetnum document originally known as ripe-050. FTP Access ---------- All RIPE documents and Internet RFC`s are available via anonymous FTP from host ftp.ripe.net. Type "ftp ftp.ripe.net". Login with username "anonymous" supplying your email address as the password. After logging in, type "cd ripe/drafts/" followed by the command "get filename". The relevant filenames for this document are: ripe-inetnum.txt for the ASCII version ripe-inetnum.ps for the PostScript version Electronic Mail Retrieval of Documents -------------------------------------- Documents can also be retrieved from the RIPE document store using a mail server program. For more information on how to use the program, send email to: mail-server(a)ripe.net with "send HELP" in the body text. RIPE NCC Interactive Information Server --------------------------------------- Type "telnet info.ripe.net". This is a menu driven service allows the document store to be browsed. After reading documents you are prompted as to whether you would like to receive an email copy of the document you have just read. If you would, you simply enter your email address and the document will be mailed to you. Below are details of alternative methods of access. Gopher Access ------------- The same documents are available via a "gopher" server at "gopher gopher.ripe.net". MIME Mail Reader ---------------- Below is the data which will enable a MIME compliant Mail Reader implementation to automatically retrieve the RIPE document by FTP or mail server. SEND ripe/drafts/ripe-inetnum.txt

1 0

New Draft Document available: ripe-clarep
by RIPE NCC Draft Document Annoucement Service 10 May '94

10 May '94

This is to announce a draft version of the classless reperesentation document. FTP Access ---------- All RIPE documents and Internet RFC`s are available via anonymous FTP from host ftp.ripe.net. Type "ftp ftp.ripe.net". Login with username "anonymous" supplying your email address as the password. After logging in, type "cd ripe/drafts/" followed by the command "get filename". The relevant filenames for this document are: ripe-clarep.txt for the ASCII version ripe-clarep.ps for the PostScript version Electronic Mail Retrieval of Documents -------------------------------------- Documents can also be retrieved from the RIPE document store using a mail server program. For more information on how to use the program, send email to: mail-server(a)ripe.net with "send HELP" in the body text. RIPE NCC Interactive Information Server --------------------------------------- Type "telnet info.ripe.net". This is a menu driven service allows the document store to be browsed. After reading documents you are prompted as to whether you would like to receive an email copy of the document you have just read. If you would, you simply enter your email address and the document will be mailed to you. Below are details of alternative methods of access. Gopher Access ------------- The same documents are available via a "gopher" server at "gopher gopher.ripe.net". MIME Mail Reader ---------------- Below is the data which will enable a MIME compliant Mail Reader implementation to automatically retrieve the RIPE document by FTP or mail server. SEND ripe/drafts/ripe-clarep.txt

1 0

New Draft Document available: ripe-81++
by RIPE NCC Draft Document Annoucement Service 10 May '94

10 May '94

This is to announce a draft version of ripe-81++. FTP Access ---------- All RIPE documents and Internet RFC`s are available via anonymous FTP from host ftp.ripe.net. Type "ftp ftp.ripe.net". Login with username "anonymous" supplying your email address as the password. After logging in, type "cd ripe/drafts/" followed by the command "get filename". The relevant filenames for this document are: ripe-81++.txt for the ASCII version ripe-81++.ps for the PostScript version Electronic Mail Retrieval of Documents -------------------------------------- Documents can also be retrieved from the RIPE document store using a mail server program. For more information on how to use the program, send email to: mail-server(a)ripe.net with "send HELP" in the body text. RIPE NCC Interactive Information Server --------------------------------------- Type "telnet info.ripe.net". This is a menu driven service allows the document store to be browsed. After reading documents you are prompted as to whether you would like to receive an email copy of the document you have just read. If you would, you simply enter your email address and the document will be mailed to you. Below are details of alternative methods of access. Gopher Access ------------- The same documents are available via a "gopher" server at "gopher gopher.ripe.net". MIME Mail Reader ---------------- Below is the data which will enable a MIME compliant Mail Reader implementation to automatically retrieve the RIPE document by FTP or mail server. SEND ripe/drafts/ripe-81++.txt

1 0

Classless Registry Drafts
by Daniel Karrenberg 10 May '94

10 May '94

Dear colleagues, we have prepared three draft documents describing how support for classless addresses can be added to the RIPE database. At the same time we propose a clear split between the allocation registry and the routing registry functions of the database. The allocation registry holds information about address space assignments done by Internet registries, while the routing registry holds information about routing policies and is largely maintained by the service providers. The three documents each describe one part of this new database. ripe-81++ - routing registry ripe-inetnum - allocation registry ripe-clarep - representation of classless addresses ripe-81++ is the longest document of the three. It describes the routing registry part of the database. It is a direct descendant of ripe-81. There are major changes as required by the separation of allocation and routing information. Also there is now support for classless routes and hence CIDR aggregation. It is also now possible to describe multiple ASes originating the same route. ripe-inetnum describes the changed inetnum object which is basically stripped of all routing and obsoleted attributes. ripe-inetnum also describes the person object and thus constitutes a complete reference for the allocation registry. ripe-clarep describes the representation of classless addresses in the RIPE database and thus in both the routing and the allocation registry. As these proposals are relevant to all three working groups addressed, we would appreciate if they could be discussed at the upcoming meeting and if at all possible consensus reached at least about the general design behind them. We need to make the registries classless as soon as possible and it will take some time to do the implementation. The documents can be found in ftp.ripe.net:ripe/drafts/<name>.{ps,txt}. We will be sending MIMEd announcements for all three shortly. Comments are very welcome indeed. Daniel Marten Tony

1 0

suggestions for RIPE-81
by Laurent Joncheray 03 May '94

03 May '94

(Sorry if you have already received this information from another list. You can forward this mail to /dev/null.) Merit Network Inc. has been running a Routing Registery for about 3 weeks now. Our software is based on the RIPE database distribution (beta version), plus some changes we did to meet our requirements. The main ones are: - support of aggregates in the inetnum object. - extension to the RIPE-81 policy syntax to support US autonomous system policies (in particular AS 690 - NSFNET) - development of a 'Policy Server' (called alcd) which is used by astrace (a prtraceroute like tool) to query the database (instead of whois). The server does the difficult task of parsing the policy, making prtraceroute and any other tools easier to design. We also developped a few tools to work with the registery. We'd like to propose our new syntax as an official extension for the RIPE-81 document, and ask this working group to discuss/comment/modify it and (I hope) accept it. A detailed description of the syntax is available on rrdb.merit.edu:pub/meritrr/policy_syntax.txt (FTP anonymous) and the main extensions are: - AS path (limited) - Explicit listing of exported/imported networks - Per interface policy description - More detailed default policy This syntax is fully backward compatible with RIPE-81 and the software has been running in production for 3 weeks without any major problems (bugs, bugs... :-). I'd be glad to give a presentation of our registery and tools during the next RIPE meeting but in order to give you time to read and evaluate our work I have sent this announcement. Following are an example of our tools. Enjoy. Laurent PS: Everything (tools, DB software, documentmentation) is available on rrdb.merit.edu:pub/meritrr. PS/2: This is part of my action item from the last RIPE meeting to propose these extensions. Another prtraceroute (called astrace) output: (lpj@merit: 71) astrace ftp.ripe.net Connected to ALC server traceroute to ns.ripe.net (192.87.45.1) with AS and policy additions 1 AS 237 eth1.michnet1.mich.net 35.1.1.127 [INT 0 0] 2 AS 233 fd-0.enss131.t3.ans.net 192.203.195.1 [INP 1 !RO -1] 3 AS 690 t3-1.Cleveland-cnss41.t3.ans.n 140.222.41.2 [!RO -1 !RO -1] 4 AS 690 mf-0.Cleveland-cnss40.t3.ans.n 140.222.40.222 [INT 0 0] 5 AS 690 t3-1.New-York-cnss32.t3.ans.ne 140.222.32.2 [INT 0 0] 6 AS 690 t3-1.Washington-DC-cnss56.t3.a 140.222.56.2 [INT 0 0] 7 AS 690 mf-0.Washington-DC-cnss58.t3.a 140.222.56.194 [INT 0 0] 8 AS 690 t3-0.enss145.t3.ans.net 140.222.145.1 [INT 0 0] 9 AS ??? 192.203.229.245 192.203.229.245 [!RO -1 ?AS 0] 10 AS ??? icm-dc-1-H1/0.icp.net 192.157.65.121 [INT 0 0] 11 AS ??? 192.157.65.226 192.157.65.226 [INT 0 0] 12 AS1128 194.41.0.17 194.41.0.17 [?AS 0 !RO -1] 13 AS1104 hef-router.nikhef.nl 192.87.4.21 [!RO -1 !RO -1] 14 AS3333 ns.ripe.net 192.87.45.1 [!RO -1 !RO -1] AS Path followed: 237 233 690 ??? 1128 1104 3333 AS 237 = MichNet AS 233 = UMnet AS 690 = NSFNET/ANSNET AS1128 = SURFNET-AS AS1104 = SURFNET-AS AS3333 = RIPE-ASNBLOCK4 Example of an aggregate: (lpj@merit: 82) whois -h rrdb.merit.edu 192.87/16 inetnum: 192.87/16 netname: SURFNET-C-AGGR descr: SURFnet descr: P.O. Box 19035 descr: NL-3501 DA Utrecht descr: NETHERLANDS country: NL aut-sys: AS1103 nsf-in: 1=1800 2=1133 3=1674 4=1240 changed: skw(a)merit.edu 940401 source: PRDB The syntax... ------------------------------------------------------------------------------ Copyright (c) 1993 The Regents of the University of Michigan and Merit Network, Inc. All Rights Reserved Permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies of the software and derivative works or modified versions thereof, and that both the copyright notice and this permission and disclaimer notice appear in supporting documentation. THIS SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE REGENTS OF THE UNIVERSITY OF MICHIGAN AND MERIT NETWORK, INC. DO NOT WARRANT THAT THE FUNCTIONS CONTAINED IN THE SOFTWARE WILL MEET LICENSEE'S REQUIREMENTS OR THAT OPERATION WILL BE UNINTERRUPTED OR ERROR FREE. The Regents of the University of Michigan and Merit Network, Inc. shall not be liable for any special, indirect, incidental or consequential damages with respect to any claim by Licensee or any third party arising from use of the software. -------------------DRAFT DRAFT-------------------------- Representation of Complex Routing Policies of an Autonomous System Version 0.0.3 03-10-94 I. Background The community of IP network providers and operators are unanimous in their desire to define their own routing policies independent of any core infrastructure of the Internet. Due to numerous different routing policies which impact the ability to achieve global connectivity, several groups have worked together to develop a description language which clearly expresses the various policies. RIPE-60 and RIPE-81 tackled the problem of representing the description of routing policies of European Autonomous Systems.[1,2] Yu, Chen, and Rekhter defined a Policy Description Language which describes very complex routing policies. [3] In addition, Laurent Joncheray documented the syntax to describe the policies implemented by Merit's Route Server. [4] The RIPE Network Coordination Center has implemented the recommendations of RIPE-81, and has become a repository for publishing the routing polices of European ASs. The RIPE NCC and Merit Network Inc. have collaborated to define a minimum set of attributes which are needed to represent routing policy, and both organizations will maintain routing policy information based on this minimum set of attributes. In addition to the minimum set, Merit will implement and will define some extensions to the syntax based on previous work [1,2,3,4] which will permit the description of more complex routing policies. As RIPE and Merit continue to collaborate to define a syntax which clearly expressses the routing policies which are implemented by network service providers and operators, our goal is that the registration of routing policies, no matter how simple or complex, will aid the network operators in diagnosing and resolving routing problems. This document focuses on the extensions and defines the attributes which provide the capability to describe more complex routing interactions. The more complex routing policies which can be described include: a. announcements and acceptances of routing information at network granularity b. grouping of networks into communities of interest c. syntax to describe peer gateway interactions/preferences d. expansion of the default syntax e. introduction of transit and exclusion syntax f. syntax to assign metrics to outbound and inbound announcements II. Explanation and Examples of the Policy Description This section describes the routing policy statements. For each statement, the function of the statement is followed by a simple format explanation. Examples of how to use the syntax to express policy are illustrated and the formal syntax is defined in Appendix C. The yacc description in Appendix C is authoritative. Policy is described by six attributes: - 'as-in' and 'as-out' to specify the policy of one AS toward its neighbors. - 'as-transit' and 'as-exclude' to specify the policy in terms of preferred path. - 'as-default', to specify the default policy. -as-aggr, to describe routing aggregation policy 1. Definition of some global key words ANY means any routing information associated with a particular AS. ASANY means any routing information associated with any AS. OTHER means any routing information excluding specified routing information. "net of AS" refers to a net which claims the AS as its home AS. "net via AS" refers to a net which transits an AS. 2. Policy Description Syntax 2.1. as-in attribute The as-in attribute describes the policy of importing routing information from neighboring ASs. The simple format is as-in: [from] neighborAS:preference... [accept] route 'neighborAS:preference' is a pairing of a neighbor AS number and an associated metric. The as-in attribute may contain a list of neighborASs and preferences. When there is a list of neighborAS:preferences, a comma must separate them. For compatibility with RIPE-81, the colon is optional when there is a single neighborAS/preference per as-in attribute. 'neighborAS' is of the form of ASdddd where dddd is the AS number. 'preference' is the preference at which the route will be accepted. It is an integer between 1 and dddd. The lower the value, the higher the degree of preference. 'route' is a list of destinations (or routes) imported from the neighborAS. 'route' can be: - keywords "ANY", "OTHER', 'NONE' - an AS number - a community name - a set of explicit network numbers Routes can be grouped together by the following operators to form expressions: - 'OR' or '||' or ',' for example, "route1 OR route2" means we accept networks belonging to route1 OR route2; the union of the routes - 'NOTIN' or '/' for example, "route1 NOTIN route2" means we accept networks belonging to route1 but not to route2 - 'NOT' or '!' for example, "NOT route1" means we accept networks not belonging to route1 - 'AND' or '&&' for example, "route1 AND route2" means we accept networks belonging to route1 AND route2; the intersection of the routes A note of caution, the word 'AND' may be very confusing with the current common usage of this word. The recommendation is to avoid using 'AND' unless you have carefully checked what the results will be. The use of 'AND' may result in many inconsistencies in the policy. The expressions can be grouped with parentheses. For compatibility with the syntax of RIPE-81, if no operator is present between two routes, the statement will be interpreted with an 'OR' operator. For instance, "AS690 AS1133" will be interpreted as "AS690 OR AS1133." Words in [ ] are optional. Their purpose is to increase the readability of the statement. In the appendix, a more complex syntax is defined to describe different routing policies at different border routers. A DB selector value is also defined. The DB Selector is used to select and AS or network from any database based on its attributes. Examples: 2.1.1. AS183 accepts ANY routes known to AS690 with preference 1 aut-num: AS183 as-in: from AS690:1 accept ANY An alternative way to express this is similar to the RIPE-81 format: aut-num: AS183 as-in: AS690 1 ANY 2.1.2. AS183 accepts all the routes of AS237 from AS690 with preference 1 aut-num: AS183 as-in: from AS690:1 accept AS237 This may also be expressed: aut-num: AS183 as-in: AS690 1 AS237 In this example, AS183 only accepts routes associated with AS237. AS183 does not accept nets from AS690 or any other AS. 2.1.3. AS183 accepts routes of AS237 from AS690 with preference 1 and from AS 701 with preference 2 aut-num: AS183 as-in: from AS690:1, AS701:2 accept AS237 The following format is also acceptable. aut-num: AS183 as-in: AS690 1 AS237 as-in: AS701 2 AS237 2.1.4. AS183 accepts routes of AS237 from AS690 with a preference 1 and from AS701 accepts routes from AS237 and AS233 with a preference 2. AS690 also announces nets from AS233, but AS183 does not accept those routes from AS690. aut-num: AS183 as-in: from AS690:1 accept AS237 as-in: from AS701:2 accept AS237, AS233 2.1.5. AS183 accepts 35/8 and 192.12.18/24 from AS 690 with preference 3 aut-num: AS183 as-in: from AS690:3 accept {35/8, 192.12.18/24} This introduces the capability of describing access lists based on network granularity. Examples 2.1.1-2.1.4 describe access lists that are based on AS granularity. 2.1.6. AS 183 accepts all nets which belong to the CIX community. aut-num: AS183 as-in: from AS690:1 accept CIX_COMMUNITY The community name CIX_COMMUNITY adds the ability to group networks from various ASs into communities so that routing policies can be described for those communities independent of the AS. 2.2. as-out The as-out attribute describes the policy of exporting routing information to neighboring ASs. The simple format is: as-out: [to] neighborAS:metric... [announce] route 'neighborAS:metric' is a pairing of a neighbor AS number and an associated metric. The as-out attribute may contain a list of neighborASs and metrics. The colon is optional when there is a single neighborAS:metric per as-in statement. When there is a list of neighborAS:metrics, a comma must separate them. 'neighborAS' is of the form of ASdddd where dddd is the AS number. 'metric' is the degree of preference at which the AS wants other ASs to accept the routes. It is an integer between 1 and dddd. The lower the value, the higher the degree of preference. Designating a preference in the as-out statement is optional. 'route' is a list of destinations (or routes) exported to the neighbor AS. It has the same format as defined for the as-in attribute. Words in [ ] are optional. Their purpose is to increase the readability of the statement. Examples: 2.2.1. AS 690 advertises routes of AS237 and AS233 to AS 200 aut-num: AS690 as-out: to AS200 announce AS237, AS233 The syntax defined by RIPE-81 is also acceptable. aut-num: AS690 as-out: AS200 AS237 AS233 2.2.2. AS200 advertises routes of AS200 and AS201 as primary and secondary respectively to AS690 aut-num: AS200 as-out: to AS690:1 announce AS200 as-out: to AS690:2 announce AS201 With the addition of the preference option to the as-out statement, advisory information can be offered to neighboring ASs. This capability is an extension to the as-out syntax. 2.2.3. AS200 advertises all routes to AS 1000 aut-num: AS200 as-out: to AS1000 announce ANY An alternative way to express this is: aut-num: AS200 as-out: AS1000 ANY 2.2.4. AS690 advertises only nets 35/8, 192.1.1/24 to ASs 1000 and AS1001. AS1000 and AS1001 have intersecting sets of routes and AS690 wants to establish symmetric traffic flows to the intersection from nets 35/8 and 192.1.1/24. Therefore, AS690 would like AS1000 to accept these two nets with a higher preference than AS1001. aut-num: AS690 as-out: AS1000:1 announce {35/8,192.1.1/24} as-out: AS1001:2 announce {35/8,192.1.1/24} This routing statement is possible due to the addition of metrics to the as-out statement and the ability to express announcments with a finer granularity than AS. 2.2.5. AS690 advertises all the CIX routes to AS200 with preference 5 and other routes with preference 1. aut-num: AS690 as-out: to AS200:5 announce CIX_COMMUNITY as-out: to AS200:1 announce OTHER OTHER means ANY routes except CIX route. Whenever there is a statement which uses OTHER, an additional statement is expected. or this same policy may be expressed using the 'NOTIN' operator: aut-num: AS690 as-out: to AS200:1 announce ANY/CIX_COMMUNITY 2.3. Default There are four commonly employed types of default policies: a. Static default b. Point to a net from a neighborAS as default c. Accept 0.0.0.0 from a neighborAS d. advertise 0.0.0.0 to a neighborAS Case d is clearly expressible in the as-out policy statement. The 'as-default' attribute permits non-ambiguous expression of cases a,b, and c. The simple format of a default statement is: as-default: neighborAS:preference... default_policy 'neighborAS:preference' is a pairing of a neighbor AS number and an associated metric. The as-default attribute may contain a list of neighborASs and preferences. When there is a list of neighborAS:preferences, a comma must separate them. 'neighborAS' is of the form of ASdddd where dddd is the AS number and is the neighbor AS to which default is pointed. It is possible to have several neighbor ASs to which an AS defaults. 'preference' is the degree of preference which is placed on the default announcement. It is an integer between 1 and dddd. The lower the value, the higher the degree of preference. 'default policy' defines the means of implementing default. The options are either static, acceptance of 0/0, or the default based upon a specified ip address. Examples: 2.3.1. AS 1000 points a static default to its neighbor AS 690. aut-num: AS1000 as-default: AS690:1 static or alternatively, aut-num: AS1000 as-default: AS690 static 2.3.2. AS 1002 points default at 140.222/16 which it accepts from AS690. aut-num: AS1002 as-default: AS690:1 {140.222/16} 2.3.3. AS 1001 accepts 0/0 as default from AS690 aut-num: AS1001 as-default: AS690:1 {0/0} 2.3.4. AS 1005 points primary default at 140.222/16 from AS690 and points a static default to AS266 as a secondary default. aut-num: AS1005 as-default: AS690:1 {140.222/16} as-default: AS266:2 static 2.4. as-exclude 'as-exclude' describes the transit policy of an AS. This is a special case which rejects traffic paths which include the excluded AS. It allow an AS to define a policy which applies not only the neighbor ASs but ASs in the path. Therefore it is a complimentary statement of the as-in statement which does not deal AS path information. Simple format: as-exclude: [exclude] AS [to] [destination] 'AS' is the AS number in the path which the source AS prefers not to traverse. 'destination' has the same meaning and format as the 'route' list in 'as-in'; however, if no destination is designated, the source AS never wants to transit the excluded AS no matter what the destination. The words in [ ] are optional. Examples: 2.4.1. AS 600 never wants to transit AS400 to reach destinations in AS237 aut-num: AS600 as-exclude: exclude AS400 to AS237 2.4.2. AS150 never wants to traverse AS690 to reach CIX routes. aut-num: AS150 as-exclude: exclude AS690 to CIX_COMMUNITY The as-exclude statement is only advisory. 2.5. as-transit as-transit describes the transit preferences of an AS. It allows an AS to describe its path preference in order to reach certain destinations. The AS specified here does not need to be a neighbor AS. Knowledge of these preferences is especially useful when source based routing (such as SDRP) is employed for policy routing. If the as-transit statement is employed, only the specified routing paths will be permitted. Any other routing paths that may exist to destinations from the source AS will be ignored. Simple format: as-transit: [transit] AS:preference [to] destination 'AS' is the AS that your AS prefers to transit. 'preference' is the degree of preference to transit this AS. The lower value has the higher degree of preference. 'destination' has the same meaning and format as the 'route' list in 'as-in'. word in [ ] is optional. Examples: 2.5.1. To reach destinations of AS237, AS 500 prefers to transit AS300 rather than AS400 aut-num: AS500 as-transit: transit AS300:1, AS400:2 to AS237 This statement means that AS500 prefers to only use paths via AS300 and AS400 to destinations from AS237. 2.5.2. To reach destinations of AS237, AS600 prefers to transit AS300 and not other ASes. That is if a path via AS300 is unavailable, AS600 would rather not use any other path to reach destinations from AS237. aut-num: AS600 as-transit: transit AS300:1 to AS237 If not explicitly expressed as in 2.5.3, this statement will be interpreted as a not transit to any. 2.5.3. To reach destinations of AS237, AS700 prefers to transit AS300 and will transit any other AS as backup. aut-num: AS700 as-transit: transit AS300:1, ASANY:3 to AS237 Any integer may be selected to represent preference. In the case of 'ASANY:3', the integer need only be larger than one. 2.5.4. AS250 would like to use AS300 as primary and AS400 as secondary to reach net 35/8. For other networks, it use AS400 as primary and AS300 as secondary. aut-num: AS250 as-transit: transit AS300:1, AS400:2 to {35/8} as-transit: transit AS400:1, AS300:1 to OTHER 2.6 as-aggr This policy statement will allow the description of the AS policy concerning aggregation in relationship to CIDR. The detailed syntax will be defined when more experience with CIDR is gained. I. Appendix A Extended Functions A.1. Express Routing Policy at Border Router Level Within an AS It is not unusual that two ASs have multiple interconnections and therefore, each AS will have more than one border router peering with more than one corresponding border router from the other AS. The routing exchange policy of each peer need not be identical. That requires the ability to describe the import and export routing policy between the two ASs at the border router level. The as-in and as-out statements defined in this appendix provide such function. Example 1: AS 200 connects to AS690 at two locations. At the east coast, AS200 has router 192.12.18.1/32 peering with a border router of AS690. At the west coast, AS200 has router 192.13.254.1/32 peering with another border router of AS690. To any destination of AS237, AS 200 prefers to use its west coast connection to AS 690 as primary and its east coast connection as secondary. That means AS 200 will prefer routes of AS 237 imported via AS690 at the west coast rather than from the east coast connection. aut-num: AS200 as-in: <192.13.254.1> from AS690:1 accept AS237 as-in: <192.12.18.1> from AS690:2 accept AS237 This concept is consistent with developments which are being proposed for RIPE-81. Example 2: The connections between AS200 and AS690 are the same as described above. AS200 also has connections to AS120 at the west coast and AS130 at the east coast. AS 200 would like AS 690 to use the west coast connection as primary and east coast connection as secondary for reaching destinations in AS120. In other words, AS 200 will advertise networks of AS120 to AS690 at west coast with a lower metric than the outbound metric at the east coast. aut-num: AS200 as-out: <192.13.254.1> to AS690:1 announce AS120 as-out: <192.12.18.1> to AS690:2 announce AS120 This is another concept which is under development for inclusion in RIPE-81. Example 3: AS300 and AS500 each have two routers connected to a DMZ network. / AS 300 \ / \ 192.12.80.1 192.12.80.2 | | ----------------------------------------------- | | 192.12.80.100 192.12.80.101 \ / \ AS 500 / 192.12.80.1 and 192.12.80.2 both peer with both 192.12.80.100 and 192.12.80.101. AS 300 can be used to reach AS120 and AS130. The policy of AS300 is to load share between its two border routers 192.12.80.1 and 192.12.80.2 for the traffic coming from AS500 to destinations of AS120 and AS130. aut-num: AS300 as-out: <192.12.80.1> to AS500<192.12.80.100>:1 announce AS120 as-out: <192.12.80.1> to AS500<192.12.80.101>:2 announce AS120 as-out: <192.12.80.2> to AS500<192.12.80.100>:2 announce AS130 as-out: <192.12.80.2> to AS500<192.12.80.101>:1 announce AS130 A.2. DataBase Selector This function will take advantage of information registed in other Routing Registries. The format is: database_name '{' selector_expression '}' - 'database_name' is a name of an 'official' (or known - to be defined) database. - The selector_expression is an expression of the form: attribute_name operator attribute_value - attribute_name is the name of any attribute (e.g 'country', 'source', 'connect') supported in the database, - operator is '==' (equal) or != (different) attribute_value is the value to be compared. This syntax permits the selection of networks in a database based on their attributes. For instance to select only the French networks: RIPE_DB { cc == FR } In order to maintain compatibility with the RIPE-81 format we added an alias named LOCAL which is merely RIPE_DB { co == LOCAL } Examples: A.2.1. AS 690 accept from AS 701 all networks in the NSFNET database with 701 as the primary announcing AS: aut-num: 690 as-in: from AS701:100 accept NSF_DB { aslist == 1:701 } A.2.2. Accept all german networks and all networks from AS 513 aut-num: 690 as-in: from AS701:100 accept AS513 OR RIPE_DB { cc == DE } II. Appendix B References: [1] RIPE-60 [2] RIPE-81 [3] Yu, Chen, Rekhter document [4] Joncheray document III. Appendix C Syntax in BNF and Yacc C.1 BNF syntax policy = *(policy_attribute) policy_attribute = as_in_attribute / as_out_attribute / as_transit_attribute / as_exclude_attribute / as_default_attribute as_in_attribute = KW_AS_IN ":" *(interface) *(kw_from) aslist_pref_noany *(kw_accept) accept_list as_out_attribute = KW_AS_OUT ":" *(interface) *(kw_to) aslist_nopref_any *(kw_announce) announce_list as_transit_attribute = KW_AS_TRANSIC ":" *(kw_transit) aslist_nopref_any *(kw_to) transit_list as_exclude_attribute = KW_AS_EXCLUDE ":" *(kw_exclude) aslist_nopref_any *(kw_to) exclude_list as_default_attribute = KW_AS_DEFAULT ":" aslist_nopref_noany default_type interface = "<" interface_addr ">" default_type = KW_STATIC \ *(kw_net) ip_netmask_addr /* Preference optional, ASANY not allowed */ aslist_nopref_noany: as_number interface / as_number interface INTEGER /* RIPE-81 */ / *(as_number_pref) /* Preference mandatory, ASANY not allowed */ aslist_pref_noany: as_number interface INTEGER /* RIPE-81 */ / *(as_number_pref) /* Preference mandatory, ASANY allowed */ aslist_pref_any: as_number_any interface INTEGER /* RIPE-81 */ / *(as_number_any_pref) /* Preference optional, ASANY allowed */ aslist_nopref_any: as_number_any interface / as_number_any interface INTEGER /* RIPE-81 */ / *(as_number_any_pref) as_number_pref = as_number interface ':' INTEGER as_number_any_pref = as_number_any interface ':' INTEGER as_number = AS_NUMBER accept_list = accept_item bin_operator accept_list / accept_item bin_operator accept_list / un_operator accept_list / "(" accept_list ")" accept_item = AS_NUMBER / community / ip_net_set / db_reference / KW_DEFAULT / KW_ANY / KW_NONE / KW_OTHER community = STRING ip_net_set = "{" ip_netmask_addr *("," ip_netmask_addr) "}" db_reference = STRING /* We do not know yet */ bin_operator = /* Nothing. It is a pain in the b... (RIPE-81). Means "OR" ?? */ / KW_OR / "," /* Means OR */ / KW_AND un_operator = KW_NOT announce_list = accept_list /* Same as as_in? */ interface_addr = dotted_ip_addr ip_net_addr = dotted_ip_addr / INTEGER /* = -( */ dotted_ip_addr = DOTTED_IP_ADDR; ip_netmask_addr = ip_net_addr / (ip_net_addr "/" ip_net_addr) kw_from = KW_FROM kw_to = KW_TO kw_accept = KW_ACCEPT kw_announce = KW_ANNOUNCE kw_transit = KW_TRANSIT kw_exclude = KW_EXCLUDE kw_net = KW_NET KW_AS_IN = "as-in" / "AS-IN" KW_AS_OUT = "as-out" / "AS-OUT" KW_AS_TRANSIC = "as-transit" / "AS-TRANSIT" KW_AS_EXCLUDE = "as-exclude" / "AS-EXCLUDE" KW_AS_DEFAULT = "^default" / "as-default" / "AS-DEFAULT" :-) KW_STATIC = "static" / "STATIC" KW_NET = "net" / "NET" KW_DEFAULT = "default" / "DEFAULT" KW_ANY = "any"/ "ANY" KW_NONE = "none" / "NONE" KW_OTHER = "other" / "OTHER" KW_ACCEPT = "accept" / "ACCEPT" KW_ANNOUNCE = "announce" / "ANNOUNCE" KW_TO = "to" / "TO" KW_FROM = "from" / "FROM" KW_TRANSIT = "transit" / "TRANSIT" KW_EXCLUDE = "exclude" / "EXCLUDE" KW_OR = "or" / "OR" / "||" KW_AND = "and" / "AND" / "&&" KW_NOT = "not" / "NOT" / "!" KW_EXC = "notin" / "NOTIN" / '^' INTEGER = 1*DIGIT AS_NUMBER = ("AS" / "as") (INTEGER / "ANY") STRING = ???? DOTTED_IP_ADDR = DIGIT *(DIGIT / ".") C.2 Yacc & lex syntax (authoritative) %token KW_AS_IN KW_AS_OUT KW_AS_TRANSIC KW_AS_EXCLUDE %token AS_NUMBER DOTTED_IP_ADDR NULLNET KW_ASANY KW_DEFAULT %token KW_STATIC KW_NET KW_AS_DEFAULT KW_ANY KW_NONE KW_OTHER %token STRING INTEGER %token KW_OR KW_AND KW_NOT KW_NOTIN %token KW_ACCEPT KW_ANNOUNCE KW_TO KW_FROM KW_TRANSIT KW_EXCLUDE %left NETMASK %% policy: /* Nothing */ | policy_attribute_list ; policy_attribute_list: policy_attribute | policy_attribute_list policy_attribute ; policy_attribute: as_in_attribute | as_out_attribute | as_transit_attribute | as_exclude_attribute | as_default_attribute ; as_in_attribute: KW_AS_IN ':' interface kw_from aslist_pref_noany kw_accept accept_list; as_out_attribute: KW_AS_OUT ':' interface kw_to aslist_nopref_any kw_announce announce_list; as_transit_attribute: KW_AS_TRANSIC ':' kw_transit aslist_nopref_any kw_to transit_list; as_exclude_attribute: KW_AS_EXCLUDE ':' kw_exclude aslist_nopref_any kw_to exclude_list; as_default_attribute: KW_AS_DEFAULT ':' aslist_nopref_noany default_type; /* Types of AS lists: with/without ASANY and with/without preference */ /* Preference optional, ASANY not allowed */ aslist_nopref_noany: as_number interface | as_number interface INTEGER /* RIPE-81 */ | as_number_nopref_list ; /* Preference mandatory, ASANY not allowed */ aslist_pref_noany: as_number interface INTEGER /* RIPE-81 */ | as_number_list ; /* Preference mandatory, ASANY allowed */ aslist_pref_any: as_number_any interface INTEGER /* RIPE-81 */ | as_number_any_list ; /* Preference optional, ASANY allowed */ aslist_nopref_any: as_number_any interface | as_number_any interface INTEGER /* RIPE-81 */ | as_number_nopref_any_list ; as_number_list: as_number_pref | as_number_list ',' as_number_pref ; as_number_any_list: as_number_any_pref | as_number_any_list ',' as_number_any_pref ; as_number_nopref_list: as_number_nopref | as_number_nopref_list ',' as_number_nopref ; as_number_nopref_any_list: as_number_nopref_any | as_number_nopref_any_list ',' as_number_nopref_any ; as_number_pref: as_number interface ':' INTEGER; as_number_nopref: as_number interface | as_number interface ':' INTEGER ; as_number_any_pref: as_number_any interface ':' INTEGER; as_number_nopref_any: as_number_any interface | as_number_any interface ':' INTEGER ; default_type: /* Nothing. To be compatible with RIPE-81 */ | KW_STATIC | KW_NET ip_netmask_addr | ip_net_set ; accept_list: accept_item | accept_item bin_operator accept_list | un_operator accept_list | '(' accept_list ')' ; accept_item: as_number | community | ip_net_set | db_reference | KW_DEFAULT | KW_ANY | KW_NONE | KW_OTHER ; transit_list: accept_list; exclude_list: accept_list; community: STRING; /* Anything alse? */ ip_net_set: '{' ip_net_list '}'; db_reference: STRING '{' '}'; /* We do not know yet */ bin_operator: /* Nothing. It is a pain in the b... (RIPE-81). Means 'OR' ?? */ | KW_OR | ',' /* Means OR */ | KW_AND | '/' | KW_NOTIN ; un_operator: KW_NOT ; announce_list: accept_list; /* Same as as_in? */ interface_addr: dotted_ip_addr; ip_net_addr: dotted_ip_addr | INTEGER /* :-( */ ; dotted_ip_addr: DOTTED_IP_ADDR; ip_netmask_addr: ip_net_addr | NULLNET /* 0/0 */ | ip_net_addr '/' ip_net_addr ; ip_net_list: ip_netmask_addr | ip_netmask_addr ',' ip_net_list ; as_number_any: as_number | KW_ASANY ; as_number: AS_NUMBER; interface: /* Nothing. This is optional */ | '<' interface_addr '>' ; kw_from: /* Nothing. This is optional */ | KW_FROM ; kw_to: /* Nothing. This is optional */ | KW_TO ; kw_accept: /* Nothing. This is optional */ | KW_ACCEPT ; kw_announce: /* Nothing. This is optional */ | KW_ANNOUNCE ; kw_transit: /* Nothing. This is optional */ | KW_TRANSIT ; kw_exclude: /* Nothing. This is optional */ | KW_EXCLUDE ; %% /* Lex syntax */ punctuation [<>:,;{}\.\(\)/] integer [0-9]+ string [A-Za-z_][A-Za-z_0-9-]* dotted_ip [0-9][0-9\.]* asnumber as[0-9]+ ASnumber AS[0-9]+ %% as-in return(KW_AS_IN); AS-IN return(KW_AS_IN); as-out return(KW_AS_OUT); AS-OUT return(KW_AS_OUT); as-transit return(KW_AS_TRANSIC); AS-TRANSIT return(KW_AS_TRANSIC); as-exclude return(KW_AS_EXCLUDE); AS-EXCLUDE return(KW_AS_EXCLUDE); ^default return(KW_AS_DEFAULT); as-default return(KW_AS_DEFAULT); AS-DEFAULT return(KW_AS_DEFAULT); static return(KW_STATIC); STATIC return(KW_STATIC); net return(KW_NET); NET return(KW_NET); default return(KW_DEFAULT); DEFAULT return(KW_DEFAULT); any return(KW_ANY); ANY return(KW_ANY); none return(KW_NONE); NONE return(KW_NONE); other return(KW_OTHER); OTHER return(KW_OTHER); accept return(KW_ACCEPT); ACCEPT return(KW_ACCEPT); announce return(KW_ANNOUNCE); ANNOUNCE return(KW_ANNOUNCE); to return(KW_TO); TO return(KW_TO); from return(KW_FROM); FROM return(KW_FROM); transit return(KW_TRANSIT); TRANSIT return(KW_TRANSIT); exclude return(KW_EXCLUDE); EXCLUDE return(KW_EXCLUDE); or return(KW_OR); OR return(KW_OR); \|\| return(KW_OR); and return(KW_AND); AND return(KW_AND); && return(KW_AND); not return(KW_NOT); NOT return(KW_NOT); ! return(KW_NOT); NOTIN return(KW_NOTIN); notin return(KW_NOTIN); 0\/0 return(NULLNET); {integer} return(INTEGER); {asnumber} return(AS_NUMBER); {ASnumber} return(AS_NUMBER); ASANY return(KW_ASANY); {string} return(STRING); {dotted_ip} return(DOTTED_IP_ADDR); {punctuation} return(yytext[0]); \n ++current_lex_line; ^#.* ; . ; -- Laurent Joncheray, E-Mail: lpj(a)merit.edu Merit Network Inc, 1071 Beal Avenue, Phone: +1 (313) 936 2065 Ann Arbor, MI 48109, USA Fax: +1 (313) 747 3745 "This is the end, Beautiful friend. This is the end, My only friend, the end" JM

1 0

Re: Invalid data in the RIPE database
by farrache＠ccpnxt5.in2p3.fr 26 Apr '94

26 Apr '94

> Why not deciding this by mail and doing it *now*? (since everybody > seems to agree) Good for me. Gilles

1 0

Wilfried Woeber: Fwd: Re: Invalid data in the RIPE database
by Marten Terpstra 26 Apr '94

26 Apr '94

Wilfried has some mail connectivity problems to the RIPE NCC, therefore he asked me to resend the mail below concerning the as-in and as-out attributes. -Marten ------- Forwarded Message Date: Tue, 26 Apr 1994 16:36:51 +0100 From: "Wilfried Woeber, UniVie/ACOnet" <woeber(a)cc.univie.ac.at> Sender: <woeber(a)cc.univie.ac.at> To: marten(a)ripe.net cc: woeber(a)cc.univie.ac.at Subject: Fwd: Re: Invalid data in the RIPE database Marten, this was (one of) the message(s) that made it to L.Joncheray, but didn't reach you personally and the -wg lists. Maybe you could forward them, to keep the chaos down to a reasonable level. Sorry, Wilfried. From: ACCESS::WOEBER "Wilfried Woeber, UniVie/ACOnet" 26-APR-1994 11:31 :48.07 To: MX%"Marten.Terpstra(a)ripe.net" CC: MX%"lpj(a)merit.edu",MX%"routing-wg(a)ripe.net",MX%"db-wg(a)ripe.net",WOEBER Subj: Re: Invalid data in the RIPE database =Daniel Karrenberg <Daniel.Karrenberg(a)ripe.net> writes = * = * > Laurent Joncheray <lpj(a)merit.edu> writes: = * > Dear database managers, = * > i had a look at some entries in the RIPE database and at the = * > 'nsf-in' network attribute. For a lot of them the value in the RIPE = * > db is inconsistant with the Merit (NSF) database... = * = * More radical question: Considering that the NSFnet is going away and = * the routing registry has routing policy, should these attributes = * be deprecated or even removed totally? = =Jean-Michel writes = = * 1- obsolete this field. = * 2- Implement what Laurent proposes (automatic download from Merit). = =I feel for Daniels and Jean-Michel's first option. They should =definately be deprecated (although I have always viewed them as info =only attibutes) and preferably removed. Although some people may find I agree with this point of view. I'm going to put it on the agenda for the DB-WG at the Amsterdam RIPE-Meeting. We should have a *short* review and then agree on a proposal and a *timeschedule* to remove this information from the database. =this information useful currently, wrong information is worse than no =information. I'd say obsolete. Agreed. At the same time we should come up with a recommendation for new ways of storing pieces of information that people maybe still want to record in the DB. (Like connect, gateway, and the like). Wilfried. -------------------------------------------------------------------------- Wilfried Woeber : e-mail: Wilfried.Woeber(a)CC.UniVie.ac.at Computer Center - ACOnet : Vienna University : Tel: +43 1 4065822 355 Universitaetsstrasse 7 : Fax: +43 1 4065822 170 A-1010 Vienna, Austria, Europe : NIC: WW144 -------------------------------------------------------------------------- ------- End of Forwarded Message

1 0

Re: Invalid data in the RIPE database
by Laurent Joncheray 26 Apr '94

26 Apr '94

Why not deciding this by mail and doing it *now*? (since everybody seems to agree) 10 min to remove those lines from the DB file (grep -v is fine) 10 min to disable the nsf-in attribute in the conf file (or dbupdate.pl) 1h ? to rebuilt the index file. No big deal... > =I feel for Daniels and Jean-Michel's first option. They should > =definately be deprecated (although I have always viewed them as info > =only attibutes) and preferably removed. Although some people may find > > I agree with this point of view. > > I'm going to put it on the agenda for the DB-WG at the Amsterdam > RIPE-Meeting. We should have a *short* review and then agree on a > proposal and a *timeschedule* to remove this information from the > database. > > =this information useful currently, wrong information is worse than no > =information. I'd say obsolete. > > Agreed. > At the same time we should come up with a recommendation for new > ways of storing pieces of information that people maybe still want to > record in the DB. (Like connect, gateway, and the like). > > Wilfried. > -------------------------------------------------------------------------- > Wilfried Woeber : e-mail: Wilfried.Woeber(a)CC.UniVie.ac.at > Computer Center - ACOnet : > Vienna University : Tel: +43 1 4065822 355 > Universitaetsstrasse 7 : Fax: +43 1 4065822 170 > A-1010 Vienna, Austria, Europe : NIC: WW144 > -------------------------------------------------------------------------- > -- Laurent Joncheray, E-Mail: lpj(a)merit.edu Merit Network Inc, 1071 Beal Avenue, Phone: +1 (313) 936 2065 Ann Arbor, MI 48109, USA Fax: +1 (313) 747 3745 "This is the end, Beautiful friend. This is the end, My only friend, the end" JM

2 1

Re: Invalid data in the RIPE database
by farrache＠ccpnxt5.in2p3.fr 26 Apr '94

26 Apr '94

Hello, I would prefer to obsolete this field. Gilles

2 1

Invalid data in the RIPE database
by Laurent Joncheray 26 Apr '94

26 Apr '94

Dear database managers, i had a look at some entries in the RIPE database and at the 'nsf-in' network attribute. For a lot of them the value in the RIPE db is inconsistant with the Merit (NSF) database. Moreover some networks in the RIPE DB have this attribute but are not routed by NSF (for instance 193.128.12/24). It is usefull to keep such data when it can mislead people who use your DB to generate configuration files or aggregate lists? Or can you automaticly generate those values from the NSF database so they will be consistant? Thanks for your answer, Laurent -- Laurent Joncheray, E-Mail: lpj(a)merit.edu Merit Network Inc, 1071 Beal Avenue, Phone: +1 (313) 936 2065 Ann Arbor, MI 48109, USA Fax: +1 (313) 747 3745 "This is the end, Beautiful friend. This is the end, My only friend, the end" JM

7 6

Re: Whois database and list of networks
by jimi＠dxcoms.cern.ch 22 Apr '94

22 Apr '94

Daniele, Thank you for your proposal. We all agree that the aggregates should be stored somehow in the Ripe database and that the current structure does not allow such representations of blocks/aggregates. This is now becoming the main priority of the routing-wg and (probably) the Ripe NCC. A proposal will be sent out very soon now, and we'll then be able to discuss this in more details. I'm sure your input will be considered and appreciated. -- Jean-Michel >----- Text sent by Daniele Vannozzi follows ------- > > We would like to know your opinion about this problem and our proposal. > The GARR-NIS manages a whois database (whois.nis.garr.it) where each > network is described with the RIPE database format plus other "italian > GARR-NIS" tags. We produce the access lists for the GARR border routers > starting from GARR-NIS whois database (we use the nlc tool). > In addition to that we are requested to produce the "aggregate" networks > list (CIDR) from GARR-NIS database as well. > > In our opinion it is difficult to get the right information about > network blocks from the whois database as it is currently managed > because many network blocks are splitted in smaller blocks (usually > corresponding to the really announced networks or because of different > contact point). > > We would like to announce the whole original block while maintaining > into the GARR-NIS database the splitted blocks. > An additional gain using this scheme would be to store different > rev-srv: server for each block for example). > > We have thought the following solution: add a new tag inet-block: into > the network object which describes the original block size. In this way > it is possible to store in the same object entry both the information > for route aggregates (inet-block:) and other data we need (like > rev-srv:, contact people, etc). > > This is a example: > > inetnum: 193.204.160.0 - 193.204.161.0 > netname: ROMA3-NET > inet-block: 193.204.160.0 - 193.204.167.0 > country: IT > admin-c: Fabio Martinelli > tech-c: Aldo Altamore > connect: GARR > aut-sys: AS137 > bdrygw-l: INFN-MIL INFN-CNAF > rev-srv: decsrv.caspur.it > rev-srv: dns.nis.garr.it > rev-srv: matrm3.mat.uniroma3.it > ...... > ...... > > inetnum: 193.204.162.0 - 193.204.167.0 > netname: ROMA3-NET > inet-block: 193.204.160.0 - 193.204.167.0 > country: IT > admin-c: Fabio Martinelli > tech-c: Aldo Altamore > connect: LOCAL > ....... > ....... > > Please let us know your opinion. > > > The GARR-NIS Staff > > Daniele Vannozzi Phone: +39 50 593280 > GARR-NIS Phone NIS: +39 50 593360 > c/o CNUCE - Istituto del CNR Fax: +39 50 904052 > Via Santa Maria 36 Telex: 500371 - CNUCE > 56100 Pisa - Italy E-mail: vannozzi(a)nis.garr.it > -- Jean-Michel

1 0