liu haoran wrote on 13/05/2025 17:48:

As the administrator of AKIX , we have observed a recurring issue where newly joined members frequently submit AS-SET objects without populating the mandatory members attribute in IRR databases. From both operational and RPSL (Routing Policy Specification Language) specification perspectives, an AS-SET containing no members represents an invalid configuration, as it fundamentally defeats its purpose of aggregating Autonomous Systems (AS) for routing policy management.

RPSL is based on set theory, where an empty set is completely ok. If someone has configured an as-set to be empty when it ought to have included some elements, then this is a configuration error on the part of the user, not a problem with the rpsl specification. You will need to engage with your members to help them understand how this component of RPSL works. Nick

Dear Ed Shryane, Thank you for your questions. Regarding the validation requirements for AS-SET objects, I would like to provide the following clarifications: Parent-Child AS-SET Hierarchy: If a parent AS-SET includes a "members:" attribute, this does not exempt the child AS-SET from its own member requirements. Each AS-SET should independently fulfill its intended purpose, even within a hierarchical structure. A child AS-SET must still have explicitly defined members to ensure operational validity. RFC 2725 vs. RFC 2622: RFC 2622 explicitly defines the "members:" attribute of an AS-SET as "optional, multi-valued." While RFC 2725 focuses on routing policy system security, it does not directly override RFC 2622’s definition. RFC 2725 provides security recommendations but does not replace the foundational RPSL object specifications in RFC 2622. Validation of ASN/AS-SET Values: From a data integrity perspective, validating referenced ASNs or AS-SETs is beneficial. However, there may be use cases where referencing objects not yet created (e.g., pre-configurations) could serve specific operational needs. This becomes a policy decision, balancing flexibility with data quality. Empty AS-SET Observations: The 2,000 AS-SETs lacking members highlight a significant data quality issue. While technically compliant with RFC 2622, these empty AS-SETs serve no practical purpose and may lead to routing policy management challenges. Revised Proposal: To reduce empty AS-SETs at the source, we recommend modifying terminology and validation workflows to emphasize that AS-SETs must include members . Specifically: Retain the warning and secondary confirmation mechanism for submissions lacking members: Warning: "You are creating an AS-SET with no members Are you sure you want to proceed?" Secondary prompt: "Confirm creation of empty AS-SET (not recommended)." Best regards, HaoRan Liu Akaere NetWorks ________________________________ 发件人: liu haoran <qq593277393@outlook.com> 发送时间: 2025年5月14日 0:48 收件人: db-wg@ripe.net <db-wg@ripe.net> 主题: [db-wg] Regarding the issue of empty AS-SET in databases As the administrator of AKIX , we have observed a recurring issue where newly joined members frequently submit AS-SET objects without populating the mandatory members attribute in IRR databases. From both operational and RPSL (Routing Policy Specification Language) specification perspectives, an AS-SET containing no members represents an invalid configuration, as it fundamentally defeats its purpose of aggregating Autonomous Systems (AS) for routing policy management. We formally propose that IRR database maintainers implement mandatory validation during AS-SET creation to enforce: 1. Require at minimum one valid AS number in the members field 2. Reject AS-SET submissions containing empty/null members attributes 3. Provide clear error messaging specifying the validation requirements This technical enforcement would align with RFC 2725 (Routing Policy System Security) recommendations while significantly improving routing registry data quality and operational reliability for Internet Exchange ecosystems.