How Change route object origin entry
Hi A question I need to change the "Origin" entry on a /20 route object. This route is to be advertised via a different upstream provider, from a different AS number. The upstream provider will not advertise the route "until RIPE have been informed". I cannot change the route object entry. I get the following "Error: Hierarchical authorisation failed, request forwarded to maintainer" and I get the request forwarded to me. The mnt-by on the route object is not the problem - I can update other objects with that mnt-by object and I can change the "notify" entry on my route object. Therefore the error must be because of the mnt-by entry within the "receiving" AS number. (which I am not authorised to update) but I don't understand how. Is this the correct diagnosis? and is there something else I should be doing? I could ask RIPE hostmaster to make the changes but the ticketing system could take a couple of weeks. I could ask the new upstream AS owner to add me to their mnt-by entry but I am nothing to do with them. All suggestions gratefully received. kevin
Kevin, This just happened to me! My problem was that mnt-by of the /20 inetnum object was RIPE-NCC-HM-MNT. For you to be able to change the /20 route object, you need to tell RIPE to add mnt-routes: YOUR_MNT into the /20 inetnum object. It took me 2/3 weeks to do this with the hostmaster's help. Regards, Duncan
-----Original Message----- From: owner-lir-wg@ripe.net [mailto:owner-lir-wg@ripe.net]On Behalf Of kevin.bates@bt.com Sent: Friday, September 28, 2001 11:23 AM To: lir-wg@ripe.net Subject: How Change route object origin entry
Hi
A question
I need to change the "Origin" entry on a /20 route object. This route is to be advertised via a different upstream provider, from a different AS number.
The upstream provider will not advertise the route "until RIPE have been informed".
I cannot change the route object entry. I get the following "Error: Hierarchical authorisation failed, request forwarded to maintainer" and I get the request forwarded to me. The mnt-by on the route object is not the problem - I can update other objects with that mnt-by object and I can change the "notify" entry on my route object.
Therefore the error must be because of the mnt-by entry within the "receiving" AS number. (which I am not authorised to update) but I don't understand how.
Is this the correct diagnosis? and is there something else I should be doing?
I could ask RIPE hostmaster to make the changes but the ticketing system could take a couple of weeks.
I could ask the new upstream AS owner to add me to their mnt-by entry but I am nothing to do with them.
All suggestions gratefully received.
kevin
Dear Kevin, kevin.bates@bt.com wrote:
Hi
A question
I need to change the "Origin" entry on a /20 route object. This route is to be advertised via a different upstream provider, from a different AS number.
The upstream provider will not advertise the route "until RIPE have been informed".
I cannot change the route object entry. I get the following "Error: Hierarchical authorisation failed, request forwarded to maintainer" and I get the request forwarded to me. The mnt-by on the route object is not the problem - I can update other objects with that mnt-by object and I can change the "notify" entry on my route object.
The problem here is that "origin:" is part of the primary key for the route object. So in fact you are creating a new route object, not updating the existing one. In this case the authorisation procedure is more complex and is defined in the RFC2725 (Routing Policy System Security). To be able to create a route object the request should pass authorisation from - the aut-num which is referenced from the "origin:" attribute - the exact match route object (or one level less specific one if the exact match does not exist), or the inetnum object (exact or one level less specific) if route objects don't exist. When checking authorisation from aut-num and route (inetnum) "mnt-routes:" attribute is considered (or mnt-lower, mnt-by if mnt-routes doesn't exist). I may be more specific if you could send us the actual object you would like to create.
Therefore the error must be because of the mnt-by entry within the "receiving" AS number. (which I am not authorised to update) but I don't understand how.
Is this the correct diagnosis? and is there something else I should be doing?
I could ask RIPE hostmaster to make the changes but the ticketing system could take a couple of weeks.
I could ask the new upstream AS owner to add me to their mnt-by entry but I am nothing to do with them.
All suggestions gratefully received.
kevin
Regards, Andrei Robachevsky RIPE NCC
For a change to your allocation object (maintained by the RIPE-NCC-HM-MNT) you can send a message to the ticket in which the allocation was approved. You could also open a new ticket by sending a message to <lir-help@ripe.net>. BTW, the RIPE NCC Hostmaster wait queue is currently between 2-3 working days. Regards, Sabrina -- o------------------------------------------o | Sabrina Waschke sabrina@ripe.net | | Registration Services Operations Manager | | | | RIPE NCC tel +31 20 535 4444 | | www.ripe.net fax +31 20 535 4445 | o------------------------------------------o kevin.bates@bt.com writes: * Hi * * A question * * I need to change the "Origin" entry on a /20 route object. This route is to * be advertised via a different upstream provider, from a different AS number. * * The upstream provider will not advertise the route "until RIPE have been * informed". * * I cannot change the route object entry. I get the following "Error: * Hierarchical authorisation failed, request forwarded to maintainer" and I * get the request forwarded to me. * The mnt-by on the route object is not the problem - I can update other * objects with that mnt-by object and I can change the "notify" entry on my * route object. * * Therefore the error must be because of the mnt-by entry within the * "receiving" AS number. (which I am not authorised to update) but I don't * understand how. * * Is this the correct diagnosis? and is there something else I should be * doing? * * I could ask RIPE hostmaster to make the changes but the ticketing system * could take a couple of weeks. * * I could ask the new upstream AS owner to add me to their mnt-by entry but I * am nothing to do with them. * * All suggestions gratefully received. * * kevin * * * * * * *
participants (4)
-
Andrei Robachevsky -
dvella@melitacable.com -
kevin.bates@bt.com -
Sabrina Waschke