Hi Christian, On 2002-11-05 10:49:59 +0100, Christian Rasmussen wrote:
Hi Harald,
I have recently had the same problem, just with a PA block. I solved it by asking my customer to have Ripe insert our maintainer as MNT-ROUTES, then our customer asked their current ISP to delete their route object, hereafter I could create our route object.
It would have been preferable if we could have added our route object, then after we had verified everything was working then we could have the route object for the previous ISP deleted. I have a ticket at Ripe asking how to solve this problem, but maybe someone on the list has a suggestion?
The solution could be to ask the previous ISP to modify the "old" route object to add a mnt-routes attribute that lists your mntner name. This will allow you to create exact match and less specific route objects.
Looking at:
http://www.ripe.net/ripencc/faq/database/route-creation-checks.html
it seems that the reason for the "Hierarchical authorisation failed" is that when a route object exists and a second is beeing created, the first one has to authorize the second.. Im not sure I understand the reason for this...?
This is what the RFC that RIPE Routing Registry implements says. It's RFC2725, Routing Policy System Security (ftp://ftp.ripe.net/rfc/rfc2725.txt). Best regards, Engin Gunduz RIPE NCC Database Group
I think it would make sense if it was only the enduser of a PA/PI block who could authorize the creation of route objects by adding MNT-ROUTES for each upstream provider.
Med venlig hilsen/Best regards
Christian Rasmussen Hosting manager, jay.net a/s
Frederiksgade 7, 2., 1265 København K., Denmark
Email: noc@jay.net Personal email: chr@corp.jay.net Tlf./Phone: +45 3336 6300, Fax: +45 3336 6301
Produkter / Products: http://hosting.jay.net
-----Original Message----- From: db-wg-admin@ripe.net [mailto:db-wg-admin@ripe.net]On Behalf Of Harald.Singer@tesion.de Sent: 4. november 2002 17:59 To: db-wg@ripe.net Subject: Hierarchical authorisation failed, request forwarded to maintainer ???
Hello,
i have the problem to create a route-object for a customer of me. The customer will transfer his PI-Network (192.109.176.0/24, I´m CNSPLUS-MNT) from another ISP into my AS. And of course a mnt-routes:CNSPLUS-MNT exists. I need to create the new route-object, but i get the error: "Hierarchical authorisation failed, request forwarded to maintainer." I think I should be able to create such an object without assistance from another ISP.
- As the ISP and I are using Crypt-PW I don´t want to send a mail with my password to this ISP (like the proposal from Daniel in this WG).
- Some time ago i was able to create such objects without any assistance, what was the reason to change this behaviour?
- The discussion some weeks ago doesn´t have any hints for a solution, or i missed it.
- Do you have any proposal to create the object?
Regards
Harald
-- Harald Singer Telefon: +49 (0)711/2021-847 tesion )) Telekommunikation Telefax: +49 (0)711/2021-93-847 Systemingenieur / CCIE #7326 Mobil: +49 (0)178/2021-847 Kriegsbergstrasse 11 Mail: harald.singer@tesion.de D-70174 Stuttgart Web: http://www.tesion.de