RIPE-NCC-LEGACY-MNT
Not sure which list is appropriate so please reply only to the list that people point out as the one which should handle the following issue: I have modified a number of objects to be now LEGACY objects. inet-nums and aut-nums. When the object is processed and converted into a LEGACY object, RIPE auto-adds the following line to each object: mnt-by: RIPE-NCC-LEGACY-MNT This is documented here: https://www.ripe.net/data-tools/db/release-notes/ripe-database-release-1.77 Policy 2012-07: Legacy holder organisations cannot change their organisation name in their org object if it is referenced by an INETNUM or AUTNUM that is maintained by RIPE-NCC-LEGACY-MNT. I then noticed I needed to delete some import and export lines on my aut-num policy. No can do any more. I now get the error: Authorisation for [aut-num] AS378 failed using "mnt-by:" not authenticated by: RIPE-NCC-LEGACY-MNT, AS378-MNT So this now means *every* change to any legacy IP block or ASN has to go via RIPE. But I have been unable to find how to go about informing RIPE that I need to make an object modification. Any pointers would be helpful. Regards, Hank
Hi Hank, Thanks for your email. The error message you received is normal, though it's understandable that it might be a little confusing. When a legacy Internet resource is covered by a contractual relationship, it receives the RIPE-NCC-LEGACY-MNT maintainer, in addition to the End User's maintainer (as "mnt-by:"). For an object to be updated, only one of these two maintainers must pass the authentication. In this case, the update was not authenticated on your end, and so the error message is correctly telling you that neither our maintainer nor yours was authenticated. This legacy maintainer follows the same business rules as other RIPE NCC maintainers: - RIPE-NCC-LEGACY-MNT can only be added or removed by the RIPE NCC - If RIPE-NCC-LEGACY-MNT is present in AUT-NUM and INETNUM objects as MNT-BY, ORG-ID cannot be changed - If the ORGANISATION object is referenced in resources where RIPE-NCC-LEGACY-MNT is present, then the "org-name:" cannot be edited by anyone other than the RIPE NCC. So this means that all other attributes can be updated with only the End User's maintainer and without involving the RIPE NCC. Please let me know if you have any further questions. Kind regards Andrea Cima Registration Services RIPE NCC On 7/4/15 14:03, Hank Nussbacher wrote:
Not sure which list is appropriate so please reply only to the list that people point out as the one which should handle the following issue:
I have modified a number of objects to be now LEGACY objects. inet-nums and aut-nums. When the object is processed and converted into a LEGACY object, RIPE auto-adds the following line to each object: mnt-by: RIPE-NCC-LEGACY-MNT
This is documented here: https://www.ripe.net/data-tools/db/release-notes/ripe-database-release-1.77 Policy 2012-07: Legacy holder organisations cannot change their organisation name in their org object if it is referenced by an INETNUM or AUTNUM that is maintained by RIPE-NCC-LEGACY-MNT.
I then noticed I needed to delete some import and export lines on my aut-num policy.
No can do any more. I now get the error:
Authorisation for [aut-num] AS378 failed using "mnt-by:" not authenticated by: RIPE-NCC-LEGACY-MNT, AS378-MNT
So this now means *every* change to any legacy IP block or ASN has to go via RIPE. But I have been unable to find how to go about informing RIPE that I need to make an object modification. Any pointers would be helpful.
Regards, Hank
At 17:28 07/04/2015 +0200, Andrea Cima wrote: Thanks! Works. -Hank
Hi Hank,
Thanks for your email. The error message you received is normal, though it's understandable that it might be a little confusing.
When a legacy Internet resource is covered by a contractual relationship, it receives the RIPE-NCC-LEGACY-MNT maintainer, in addition to the End User's maintainer (as "mnt-by:"). For an object to be updated, only one of these two maintainers must pass the authentication. In this case, the update was not authenticated on your end, and so the error message is correctly telling you that neither our maintainer nor yours was authenticated.
This legacy maintainer follows the same business rules as other RIPE NCC maintainers:
- RIPE-NCC-LEGACY-MNT can only be added or removed by the RIPE NCC - If RIPE-NCC-LEGACY-MNT is present in AUT-NUM and INETNUM objects as MNT-BY, ORG-ID cannot be changed - If the ORGANISATION object is referenced in resources where RIPE-NCC-LEGACY-MNT is present, then the "org-name:" cannot be edited by anyone other than the RIPE NCC.
So this means that all other attributes can be updated with only the End User's maintainer and without involving the RIPE NCC.
Please let me know if you have any further questions.
Kind regards
Andrea Cima Registration Services RIPE NCC
On 7/4/15 14:03, Hank Nussbacher wrote:
Not sure which list is appropriate so please reply only to the list that people point out as the one which should handle the following issue:
I have modified a number of objects to be now LEGACY objects. inet-nums and aut-nums. When the object is processed and converted into a LEGACY object, RIPE auto-adds the following line to each object: mnt-by: RIPE-NCC-LEGACY-MNT
This is documented here: https://www.ripe.net/data-tools/db/release-notes/ripe-database-release-1.77 Policy 2012-07: Legacy holder organisations cannot change their organisation name in their org object if it is referenced by an INETNUM or AUTNUM that is maintained by RIPE-NCC-LEGACY-MNT.
I then noticed I needed to delete some import and export lines on my aut-num policy.
No can do any more. I now get the error:
Authorisation for [aut-num] AS378 failed using "mnt-by:" not authenticated by: RIPE-NCC-LEGACY-MNT, AS378-MNT
So this now means *every* change to any legacy IP block or ASN has to go via RIPE. But I have been unable to find how to go about informing RIPE that I need to make an object modification. Any pointers would be helpful.
Regards, Hank
participants (2)
-
Andrea Cima -
Hank Nussbacher