ALLOCATED UNSPECIFIED ???
Hello, we've problems with creating a route object for the network 193.102.74.0/24. Sony Europe is our customer and told us, this network is their PI space, but the status for the whole IP block is ALLOCATED UNSPECIFIED ! What does this mean an how can I create (or who) a route object for this network ? Thanks, Marcus inetnum: 193.96.0.0 - 193.103.255.255 netname: DE-EUNET-193-96-193-103 descr: ALLOCATED BLOCK descr: Provider Local Registry descr: UUNET/DE country: DE admin-c: HE15-RIPE tech-c: HE15-RIPE status: ALLOCATED UNSPECIFIED notify: robot@de.uu.net notify: hostmaster@de.uu.net mnt-by: RIPE-NCC-HM-MNT mnt-lower: UUNETDE-I changed: od@Germany.EU.net 19970220 changed: od@de.uu.net 19971119 changed: hostmaster@de.uu.net 19980120 changed: od@de.uu.net 19990123 changed: hostmaster@ripe.net 19990309 changed: hostmaster@ripe.net 19990817 changed: hostmaster@ripe.net 19990818 changed: hostmaster@ripe.net 20020510 changed: hostmaster@ripe.net 20020522 source: RIPE inetnum: 193.102.74.0 - 193.102.74.255 netname: SONY-STC descr: Sony Europe GmbH, STC country: DE admin-c: VM1-RIPE tech-c: PB4313-RIPE tech-c: MV1843-RIPE mnt-by: RIPE-NCC-NONE-MNT changed: ip@Germany.EU.net 19940726 changed: mn@Germany.EU.net 19940802 changed: ripe-dbm@ripe.net 19990706 changed: ripe-dbm@ripe.net 20000225 source: RIPE route: 193.96.0.0/13 descr: UUNETDE-AGG-193.96 origin: AS702 member-of: RS-UUNETEUDE mnt-by: UUNET-MNT changed: mz@de.uu.net 20011123 source: RIPE
Hi Marcus, inetnum: 193.96.0.0 - 193.103.255.255 netname: DE-EUNET-193-96-193-103 admin-c: HE15-RIPE tech-c: HE15-RIPE status: ALLOCATED UNSPECIFIED mnt-by: RIPE-NCC-HM-MNT mnt-lower: UUNETDE-I role: Hostmaster UUNET Deutschland e-mail: hostmaster@de.uu.net nic-hdl: HE15-RIPE Please contact hostmaster@de.uu.net if they have not yet contacted you directly. ALLOCATED means that the block has been given to a LIR for further assignment. UNSPECIFIED means that the LIR may either do PI or PA assignments from this block (or is a legacy allocation). All INETNUM objects that do not have a status: line should be treated as ASSIGNED PI. From ripe-238: <quote> 3.6.5 Protection of route object space The route object creation must satisfy several authentication criteria. It must match the authentication specified in the aut-num and the authentication specified in either a route object or, if no applicable route object is found, then an inetnum. Finally the creation must be authorised by the maintainer of the route object itself referenced by the "mnt-by:" attribute of the object. When checking for prefix authorisation, an exact route object prefix match is checked for first. If there is no exact match, then a longest prefix match that is less specific than the prefix is searched for. If the route prefix search fails, then a search is performed for an inetnum object that exactly matches the prefix or for the most specific inetnum object that is less specific than the route object submission. The aut-num object used for authentication checks is referenced by the "origin:" attribute of the route object. A route object must pass authorisation from both the referenced aut-num object and the route or inetnum object. Authorisation shall be tested using the maintainer(s) referenced in the "mnt-routes:" attribute(s) first. If that check fails, the "mnt-lower:" attributes are checked. If that check fails, the "mnt-by:" attributes are used for the authorisation check. </quote> Regards, - marcel In message <B7D4A6AD0130014A8710EF0B160C6FC703AB9794@franoa01.de.eu.colt>, Marc us.Ruchti@colt.de writes:
Hello,
we've problems with creating a route object for the network 193.102.74.0/24. Sony Europe is our customer and told us, this network is their PI space, but the status for the whole IP block is ALLOCATED UNSPECIFIED ! What does this mean an how can I create (or who) a route object for this network ?
<Snip>
Hi, Marcus.Ruchti@colt.de wrote To lir-wg@ripe.net:
we've problems with creating a route object for the network 193.102.74.0/24. Sony Europe is our customer and told us, this network is their PI space, but the status for the whole IP block is ALLOCATED UNSPECIFIED ! What does this mean an how can I create (or who) a route object for this network ?
This has nothing to do with PI vs. PA vs. UNSPECIFIED. To establish an route-object in the RIPE-db you have to fullfill the following maintainers: - the maintainer of the inetnum - the maintainer of the AS number referenced in the route-object as origin - the maintainer of a less specific route-object (if there is any) Maintainers for route-objects are always checked in the order mnt-routes, mnt-lower, mnt-by. In your concrete case this would mean you have to fullfill RIPE-NCC-NONE-MNT (inetnum), DE-COLT-MNT (AS9126) and UUNET-MNT (193.96.0.0/13). I don't know how this is possible to achieve. IMHO the only possibility is to get an route-object entered by RIPE hostmaster who can overwrite the authorisations needed. I would like to hear an official statement from RIPE about this, if this is the only way to go and what the procedure should look like. -Marcus -- Marcus Rist
On Tue, Jun 11, 2002 at 09:57:27AM +0200, Marcus Rist wrote:
In your concrete case this would mean you have to fullfill RIPE-NCC-NONE-MNT (inetnum), DE-COLT-MNT (AS9126) and UUNET-MNT (193.96.0.0/13).
I don't know how this is possible to achieve.
Colt signs their request with their PGP key, sending the mail to UUnet instead of auto-dbm. UUnet then signs the Colt request with their key and send it to auto-dbm. Caveat: never tested that, but I was told it should work. Regards, Daniel
At 12:03 +0200 11/6/02, Daniel Roesen wrote:
On Tue, Jun 11, 2002 at 09:57:27AM +0200, Marcus Rist wrote:
In your concrete case this would mean you have to fullfill RIPE-NCC-NONE-MNT (inetnum), DE-COLT-MNT (AS9126) and UUNET-MNT (193.96.0.0/13).
I don't know how this is possible to achieve.
Colt signs their request with their PGP key, sending the mail to UUnet instead of auto-dbm. UUnet then signs the Colt request with their key and send it to auto-dbm. Caveat: never tested that, but I was told it should work.
This is correct. The authorization model of the RIPE DB is rps-auth (rfc2725). It provides a means of ensuring not only proper authentication (normal maintainers as before) but also provides a means to have proper authorization (when creating a new route, did the owner of the AS allow to put them down as origin AS, and did the holder of the address space allow the AS holder to announce the prefix?) PGP is the best suited way of doing this. MAIL-FROM fails because an email can only have one from address. Passwords have the little problem that, since the password is sent in cleartext in the update, you would disclose your password to someone else when co-signing an update. So if you need to do co-signing the advise is to use PGP in your maintainers Regards Joao Damas RIPE NCC
Regards, Daniel
participants (5)
-
Anne Marcel Roorda -
Daniel Roesen -
Joao Luis Silva Damas -
Marcus Rist -
Marcus.Ruchti@colt.de