Hi Nick On Tue, 22 Nov 2022 at 20:11, Nick Hilliard <nick@foobar.org> wrote:
denis walker via db-wg wrote on 22/11/2022 19:00:
Any thoughts on this? There are 2128 AUT-NUM objects with source RIPE-NONAUTH. Do we want these to be able to authorise the creation of hierarchical AS-SET objects when we don't know who maintains the AUT-NUM objects?
I don't see a particular reason to prevent holders of existing NON-AUTH ASNs from defining a hierarchical AS-SET object associated with their ASN. The as-set object would be no more or less authoritative than the aut-num object.
Then another option could be to only allow such objects to also have the source NON-AUTH
Another suggestion. There are 1361 short named AS-SET objects that don't have any 'members' or 'mbrs-by-ref' attributes. In other words they are operationally empty objects. (This includes AS-AMAZON.) We could introduce an automated cleanup process similar to the way we remove unreferenced PERSON and ROLE objects. If an AS-SET object remains operationally empty for 90 days it will be automatically deleted. This would include hierarchical objects. The hierarchical objects can easily be recreated by the ASN maintainers at any time if they are needed later. This gets around the problem of who has the authority to remove rogue objects. It becomes a database cleanup operation. Any thoughts?
Careful with this, e.g. AS-NULL. There are some situations where referencing an empty set can be useful in RPSL.
We have a mechanism to protect specified PERSON and ROLE objects from automatic deletion. We could also protect AS-NULL from such automatic deletion. cheers denis co-chair DB-WG
Nick