RFC 1786
Representation of IP Routing Policies in a Routing Registry (ripe-81++)
Pages: 83
Informational
Informational
Part 2 of 2 – Pages 41 to 83
9. Representation of Routing Policies Routing policies of an AS are represented in the autonomous system object. Initially we show some examples, so the reader is familiar with the concept of how routing information is represented, used and derived. Refer to Appendix A, for the full syntax of the "aut-num" object. The topology of routing exchanges is represented by listing how routing information is exchanged with each neighboring AS. This is done separately for both incoming and outgoing routing information. In order to provide backup and back door paths a relative cost is associated with incoming routing information. Example 1: AS1------AS2 This specifies a simple routing exchange of two presumably isolated ASes. Even if either of them has routing information about routes in ASes other than AS1 and AS2, none of that will be announced to the other. aut-num: AS1 as-out: to AS2 announce AS1 as-in: from AS2 100 accept AS2 aut-num: AS2 as-out: to AS1 announce AS2 as-in: from AS1 100 accept AS1 The number 100 in the in-bound specifications is a relative cost, which is used for backup and back door routes. The absolute value is of no significance. The relation between different values within the same AS object is. A lower value means a lower cost. This is consciously similar to the cost based preference scheme used with DNS MX RRs. Example 2: Now suppose that AS2 is connected to one more AS, besides AS1, and let's call that AS3:
AS1------AS2------AS3
In this case there are two reasonable routing policies:
a) AS2 just wants to exchange traffic with both AS1 and AS3 itself
without passing traffic between AS1 and AS3.
b) AS2 is willing to pass traffic between AS3 and AS1, thus acting
as a transit AS
Example 2a:
In the first case AS1's representation in the routing registry will
remain unchanged as will be the part of AS2's representation
describing the routing exchange with AS1. A description of the
additional routing exchange with AS3 will be added to AS2's
representation:
aut-num: AS1
as-out: to AS2 announce AS1
as-in: from AS2 100 accept AS2
aut-num: AS2
as-out: to AS1 announce AS2
as-in: from AS1 100 accept AS1
as-out: to AS3 announce AS2
as-in: from AS3 100 accept AS3
aut-num: AS3
as-out: to AS2 announce AS3
as-in: from AS2 100 accept AS2
Note that in this example, AS2 keeps full control over its resources.
Even if AS3 and AS1 were to allow each others routes in from AS2, the
routing information would not flow because AS2 is not announcing it.
Of course AS1 and AS3 could just send traffic to each other to AS2
even without AS2 announcing the routes, hoping that AS2 will forward
it correctly. Such questionable practices however are beyond the
scope of this document.
Example 2b:
If contrary to the previous case, AS1 and AS3 are supposed to have
connectivity to each other via AS2, all AS objects have to change:
aut-num: AS1
as-out: to AS2 announce AS1
as-in: from AS2 100 accept AS2 AS3
aut-num: AS2
as-out: to AS1 announce AS2 AS3
as-in: from AS1 100 accept AS1
as-out: to AS3 announce AS2 AS1
as-in: from AS3 100 accept AS3
aut-num: AS3
as-out: to AS2 announce AS3
as-in: from AS2 100 accept AS1 AS2
Note that the amount of routing information exchanged with a neighbor
AS is defined in terms of routes belonging to ASes. In BGP terms
this is the AS where the routing information originates and the
originating AS information carried in BGP could be used to implement
the desired policy. However, using BGP or the BGP AS-path
information is not required to implement the policies thus specified.
Configurations based on route lists can easily be generated from the
database. The AS path information, provided by BGP can then be used
as an additional checking tool as desired.
The specification understands one special expression and this can be
expressed as a boolean expression:
ANY - means any routing information known. For output this means that
all routes an AS knows about are announced. For input it means
that anything is accepted from the neighbor AS.
Example 3:
AS4 is a stub customer AS, which only talks to service provider
AS123.
|
|
-----AS123------AS4
|
|
aut-num: AS4
as-out: to AS123 announce AS4
as-in: from AS123 100 accept ANY
aut-num: AS123
as-in: from AS4 100 accept AS4
as-out: to AS4 announce ANY
<further neighbors>
Since AS4 has no other way to reach the outside world than AS123 it
is not strictly necessary for AS123 to send routing information to
AS4. AS4 can simply send all traffic for which it has no explicit
routing information to AS123 by default. This strategy is called
default routing. It is expressed in the routing registry by adding
one or more default tags to the autonomous system which uses this
strategy. In the example above this would look like:
aut-num: AS4
as-out: to AS123 announce AS4
default: AS123 100
aut-num: AS123
as-in: from AS4 100 accept AS4
<further neighbors>
Example 4:
AS4 now connects to a different operator, AS5. AS5 uses AS123 for
outside connectivity but has itself no direct connection to AS123.
AS5 traffic to and from AS123 thus has to pass AS4. AS4 agrees to
act as a transit AS for this traffic.
|
|
-----AS123------AS4-------AS5
|
|
aut-num: AS4
as-out: to AS123 announce AS4 AS5
as-in: from AS123 100 accept ANY
as-out: to AS5 announce ANY
as-in: from AS5 50 accept AS5
aut-num: AS5
as-in: from AS4 100 accept ANY
as-out: to AS4 announce AS5
aut-num: AS123
as-in: from AS4 100 accept AS4 AS5
as-out: to AS4 announce ANY
<further neighbors>
Now AS4 has two sources of external routing information. AS5 which
provides only information about its own routes and AS123 which
provides information about the external world. Note that AS4 accepts
information about AS5 from both AS123 and AS5 although AS5
information cannot come from AS123 since AS5 is connected only via
AS4 itself. The lower cost of 50 for the announcement from AS5 itself
compared to 100 from AS123 ensures that AS5 is still believed even in
case AS123 will unexpectedly announce AS5.
In this example too, default routing can be used by AS5 much like in
the previous example. AS4 can also use default routing towards
AS123:
aut-num: AS4 as-out: to AS123 announce AS4 AS5 default: AS123 11 as-in: from AS5 50 accept AS5 Note no announcements to AS5, they default to us. aut-num: AS5 as-out: to AS4 announce AS5 default: AS4 100 aut-num: AS123 as-in: from AS4 100 announce AS4 AS5 <further neighbors> Note that the relative cost associated with default routing is totally separate from the relative cost associated with in-bound announcements. The default route will never be taken if an explicit route is known to the destination. Thus an explicit route can never have a higher cost than the default route. The relative cost associated with the default route is only useful in those cases where one wants to configure multiple default routes for redundancy. Note also that in this example the configuration using default routes has a subtly different behavior than the one with explicit routes: In case the AS4-AS5 link fails AS4 will send traffic to AS5 to AS123 when using the default configuration. Normally this makes not much difference as there will be no answer and thus little traffic. With certain datagram applications which do not require acknowledgments however, significant amounts of traffic may be uselessly directed at AS123. Similarly default routing should not be used if there are stringent security policies which prescribe any traffic intended for AS5 to ever touch AS123. Once the situation gets more complex using default routes can lead to unexpected results or even defeat the routing policies established when links fail. As an example consider how Example 5a) below could be implemented using default routing. Therefore, generally it can be said that default routing should only be used in very simple topologies.
Example 5:
In a different example AS4 has a private connection to AS6 which in
turn is connected to the service provider AS123:
|
|
-----AS123------AS4
| |
| |
| |
AS6 ---------+
There are a number of policies worth examining in this case:
a) AS4 and AS6 wish to exchange traffic between themselves
exclusively via the private link between themselves; such
traffic should never pass through the backbone (AS123). The
link should never be used for transit traffic, i.e. traffic not
both originating in and destined for AS4 and AS6.
b) AS4 and AS6 wish to exchange traffic between themselves via the
private link between themselves. Should the link fail, traffic
between AS4 and AS6 should be routed via AS123. The link should
never be used for transit traffic.
c) AS4 and AS6 wish to exchange traffic between themselves via the
private link between themselves. Should the link fail, traffic
between AS4 and AS6 should be routed via AS123. Should the
connection between AS4 and AS123 fail, traffic from AS4 to
destinations behind AS123 can pass through the private link and
AS6's connection to AS123.
d) AS4 and AS6 wish to exchange traffic between themselves via the
private link between themselves. Should the link fail, traffic
between AS4 and AS6 should be routed via AS123. Should the
backbone connection of either AS4 or AS6 fail, the traffic of
the disconnected AS should flow via the other AS's backbone
connection.
Example 5a: aut-num: AS4 as-in: from AS123 100 accept NOT AS6 as-out: to AS123 announce AS4 as-in: from AS6 50 accept AS6 as-out: to AS6 announce AS4 aut-num: AS123 as-in: from AS4 100 accept AS4 as-out: to AS4 announce ANY as-in: from AS6 100 accept AS6 as-out: to AS6 announce ANY <further neighbors> aut-num: AS6 as-in: from AS123 100 accept NOT AS4 as-out: to AS123 announce AS6 as-in: from AS4 50 accept AS4 as-out: to AS4 announce AS6 Note that here the configuration is slightly inconsistent. AS123 will announce AS6 to AS4 and AS4 to AS6. These announcements will be filtered out on the receiving end. This will implement the desired policy. Consistency checking tools might flag these cases however.
Example 5b: aut-num: AS4 as-in: from AS123 100 accept ANY as-out: to AS123 announce AS4 as-in: from AS6 50 accept AS6 as-out: AS6 AS4 aut-num: AS123 as-in: AS4 100 AS4 as-out: AS4 ANY as-in: AS6 100 AS6 as-out: AS6 ANY <further neighbors> aut-num: AS6 as-in: from AS123 100 accept ANY as-out: to AS123 announce AS6 as-in: from AS4 50 accept AS4 as-out: to AS4 announce AS6 The thing to note here is that in the ideal operational case, `all links working' AS4 will receive announcements for AS6 from both AS123 and AS6 itself. In this case the announcement from AS6 will be preferred because of its lower cost and thus the private link will be used as desired. AS6 is configured as a mirror image.
Example 5c: The new feature here is that should the connection between AS4 and AS123 fail, traffic from AS4 to destinations behind AS123 can pass through the private link and AS6's connection to AS123. aut-num: AS4 as-in: from AS123 100 accept ANY as-out: to AS123 announce AS4 as-in: from AS6 50 accept AS6 as-in: from AS6 110 accept ANY as-out: to AS6 AS4 aut-num: AS123 as-in: from AS4 1 accept AS4 as-out: to AS4 announce ANY as-in: from AS6 1 accept AS6 as-in: from AS6 2 accept AS4 as-out: to AS6 announce ANY <further neighbors> aut-num: AS6 as-in: from AS123 100 accept ANY as-out: to AS123 AS6 announce AS4 as-in: from AS4 50 accept AS4 as-out: to AS4 announce ANY Note that it is important to make sure to propagate routing information for both directions in backup situations like this. Connectivity in just one direction is not useful at all for almost all applications. Note also that in case the AS6-AS123 connection breaks, AS6 will only be able to talk to AS4. The symmetrical case (5d) is left as an exercise to the reader. 10. Future Extensions We envision that over time the requirements for describing routing policy will evolve. The routing protocols will evolve to support the requirements and the routing policy description syntax will need to evolve as well. For that purpose, a separate document will describe experimental syntax definitions for policy description. This document [14] will be updated when new objects or attributes are proposed or modified.
11. References [1] Bates, T., Jouanigot, J-M., Karrenberg, D., Lothberg, P., Terpstra, M., "Representation of IP Routing Policies in the RIPE Database", RIPE-81, February 1993. [2] Merit Network Inc.,"Representation of Complex Routing Policies of an Autonomous System", Work in Progress, March 1994. [3] PRIDE Tools Release 1. See ftp.ripe.net:pride/tools/pride-tools-1.tar.Z. [4] Merit Inc. RRDB Tools. See rrdb.merit.edu:pub/meritrr/* [5] The Network List Compiler. See dxcoms.cern.ch:pub/ripe-routing-wg/nlc-2.2d.tar [6] Lord, A., Terpstra, M., "RIPE Database Template for Networks and Persons", RIPE-119, October 1994. [7] Karrenberg, D., "RIPE Database Template for Domains", RIPE-49, April 1992. [8] Lougheed, K., Rekhter, Y., "A Border Gateway Protocol 3 (BGP- 3)", RFC1267, October 1991. [9] Rekhter, Y., Li, T., "A Border Gateway Protocol 4 (BGP-4)", RFC-1654, May 1994. [10] Bates, T., Karrenberg, D., Terpstra, M., "Support for Classless Internet Addresses in the RIPE Database", RIPE-121, October 1994. [11] Karrenberg, D., "Authorisation and Notification of Changes in the RIPE Database", RIPE-120, October 1994. [12] Bates, T., "Support of Guarded fields within the RIPE Database", ripe-117, July 1994. [13] Estrin, D., Li, T., Rekhter, Y., Varadhan, K., Zappala, D., "Source Demand Routing: Packet Format and Forwarding Specification (Version 1)", Work in Progress, March 1994. [14] Joncheray, L., "Experimental Objects and attributes for the Routing Registry", RIPE-182, October1994. [15] Bates, T., "Specifying an `Internet Router' in the Routing
Registry", RIPE-122, October 1994.
[16] Bates, T., Karrenberg, D., Terpstra, M., "RIPE Database
Transition Plan", RIPE-123, October 1994.
12. Security Considerations
Security issues are beyond the scope of this memo.
13. Authors' Addresses Tony Bates MCI Telecommunications Corporation 2100 Reston Parkway Reston, VA 22094 USA +1 703 715 7521 Tony.Bates@mci.net Elise Gerich The University of Michigan Merit Computer Network 1075 Beal Avenue Ann Arbor, MI 48109 USA +1 313 936 2120 epg@merit.edu Laurent Joncheray The University of Michigan Merit Computer Network 1075 Beal Avenue Ann Arbor, MI 48109 USA +1 313 936 2065 lpj@merit.edu Jean-Michel Jouanigot CERN, European Laboratory for Particle Physics CH-1211 Geneva 23 Switzerland +41 22 767 4417 Jean-Michel.Jouanigot@cern.ch Daniel Karrenberg RIPE Network Coordination Centre Kruislaan 409 NL-1098 SJ Amsterdam The Netherlands +31 20 592 5065 D.Karrenberg@ripe.net
Marten Terpstra Bay Networks, Inc. 2 Federal St Billerica, MA 01821 USA +1 508 436 8036 marten@BayNetworks.com Jessica Yu The University of Michigan Merit Computer Network 1075 Beal Avenue Ann Arbor, MI 48109 USA +1 313 936 2655 jyy@merit.edu
Appendix A - Syntax for the aut-num object. Here is a summary of the tags associated with aut-num object itself and their status. The first column specifies the attribute, the second column whether this attribute is mandatory in the aut-num object, and the third column whether this specific attribute can occur only once per object [single], or more than once [multiple]. When specifying multiple lines per attribute, the attribute name must be repeated. See [6] the example for the descr: attribute. aut-num: [mandatory] [single] as-name: [optional] [single] descr: [mandatory] [multiple] as-in: [optional] [multiple] as-out: [optional] [multiple] interas-in: [optional] [multiple] interas-out: [optional] [multiple] as-exclude: [optional] [multiple] default: [optional] [multiple] tech-c: [mandatory] [multiple] admin-c: [mandatory] [multiple] guardian: [mandatory] [single] remarks: [optional] [multiple] notify: [optional] [multiple] mnt-by: [optional] [multiple] changed: [mandatory] [multiple] source: [mandatory] [single] Each attribute has the following syntax: aut-num: The autonomous system number. This must be a uniquely allocated autonomous system number from an AS registry (i.e. the RIPE NCC, the Inter-NIC, etc). Format: AS<positive integer between 1 and 65535> Example: aut-num: AS1104 Status: mandatory, only one line allowed
as-name:
The name associated with this AS. This should as short but as
informative as possible.
Format:
Text consisting of capitals, dashes ("-") and digits, but must
start with a capital.
Example:
as-name: NIKHEF-H
Status: single, only one line allowed
descr:
A short description of the Autonomous System.
Format:
free text
Example:
descr: NIKHEF section H
descr: Science Park Watergraafsmeer
descr: Amsterdam
Status: mandatory, multiple lines allowed
as-in:
A description of accepted routing information between AS peers.
Format:
from <aut-num> <cost> accept <routing policy expression>
The keywords from and accept are optional and can be omitted.
<aut-num> refers to your AS neighbor.
<cost> is a positive integer used to express a relative cost
of routes learned. The lower the cost the more preferred the
route.
<routing policy expression> can take the following formats.
1. A list of one or more ASes, AS Macros, Communities or
Route Lists.
A Route List is a list of routes in prefix length format,
separated by commas, and surrounded by curly brackets
(braces, i.e. `{' and '}').
Examples:
as-in: from AS1103 100 accept AS1103
as-in: from AS786 105 accept AS1103
as-in: from AS786 10 accept AS786 HEPNET
as-in: from AS1755 110 accept AS1103 AS786
as-in: from AS3333 100 accept {192.87.45.0/16}
2. A set of KEYWORDS. The following KEYWORD is currently
defined:
ANY this means anything the neighbor AS knows.
3. A logical expression of either 1 or 2 above The current
logical operators are defined as:
AND
OR
NOT
This operators are defined as true BOOLEAN operators even
if the operands themselves do not appear to be BOOLEAN.
Their operations are defined as follows:
Operator Operation Example
OR UNION AS1 OR AS2
|
+-> all routes in AS1
or AS2.
AND INTERSECTION AS1 AND HEPNET
|
+-> a route in AS1 and
belonging to
community HEPNET.
NOT COMPLEMENT NOT AS3
|
+-> any route except
AS3 routes.
Rules are grouped together using parenthesis i.e "(" and
")".
The ordering of evaluation of operators and there
association is as follows:
Operator Associativity
() left to right
NOT right to left
AND left to right
OR left to right
NOTE: if no logical operator is given between ASes, AS-
macros, Communities, Route Lists and KEYWORDS it is
implicitly evaluated as an `OR' operation. The OR can be
left out for conciseness. However, please note the
operators are still evaluated as below so make sure you
include parentheses whenever needed. To highlight this
here is a simple example. If we denoted a policy of for
example; from AS1755 I accept all routes except routes
from AS1, A2 and AS3 and you enter the following as-in
line.
as-in: from AS1755 100 accept NOT AS1 AS2 AS3
This will be evaluated as:
as-in: from AS1755 100 accept NOT AS1 OR AS2 OR AS3
Which in turn would be evaluated like this:
(NOT AS1) OR AS2 OR AS3
-> ((ANY except AS1) union AS2) union AS3)
--> (ANY except AS1)
This is clearly incorrect and not the desired result. The
correct syntax should be:
as-in: from AS1755 100 accept NOT (AS1 AS2 AS3)
Producing the following evaluation:
NOT (AS1 OR AS2 OR AS3)
-> (ANY) except (union of AS1, AS2, AS3)
Which depicts the desired routing policy.
Note that can also be written as below which is perhaps
somewhat clearer:
as-in: from AS1755 100 accept ANY AND NOT
as-in: from AS1755 100 accept (AS1 OR AS2 OR AS3)
Examples:
as-in: from AS1755 100 accept ANY AND NOT (AS1234 OR AS513)
as-in: from AS1755 150 accept AS1234 OR {35.0.0.0/8}
A rule can be wrapped over lines providing the associated
<aut-num>, <cost> values and from and accept keywords are
repeated and occur on consecutive lines.
Example:
as-in: from AS1755 100 accept ANY AND NOT (AS1234 AS513)
and
as-in: from AS1755 100 accept ANY AND NOT (
as-in: from AS1755 100 accept AS1234 AS513)
are evaluated to the same result. Please note that the
ordering of these continuing lines is significant.
Status: optional, multiple lines allowed
as-out:
A description of generated routing information sent to other AS
peers.
Format:
to <aut-num> announce <routing policy expression
The to and announce keywords are optional and can be omitted.
<aut-num> refers to your AS neighbor.
<routing policy expression> is explained in the as-in
attribute definition above.
Example:
as-out: to AS1104 announce AS978
as-out: to AS1755 announce ANY
as-out: to AS786 announce ANY AND NOT (AS978)
Status: optional, multiple lines allowed
interas-in:
Describes incoming local preferences on an inter AS connection.
Format:
from <aut-num> <local-rid> <neighbor-rid> <preference> accept
<routing policy expression>
The keywords from and accept are optional and can be omitted.
<aut-num> is an autonomous system as defined in as-in.
<local-rid> contains the IP address of the border router in
the AS describing the policy. IP address must be in prefix
length format.
<neighbor-rid> contains the IP address of neighbor AS's border
router from which this AS accept routes defined in the
<routing policy expression>. IP addresses must be in prefix
length format.
<preference> is defined as follows:
(<pref-type>=<value>)
It should be noted the parenthesis "(" and ")" and the
"<pref-type>" keyword must be present for this preference to
be valid.
<pref-type> currently only supports "pref". It could be
expanded to other type of preference such as TOS/QOS as
routing technology matures.
<value> can take one of the following values:
<cost>
<cost> is a positive integer used to express a relative
cost of routes learned. The lower the cost the more
preferred the route. This <cost> value is only comparable
to other interas-in attributes, not to as-in attributes.
MED
This indicates the AS will use the
MUTLI_EXIT_DISCRIMINATOR (MED) metric, as implemented in
BGP4 and IDRP, sent from its neighbor AS.
NOTE: Combinations of MED and <cost> should be avoided
for the same destinations.
CAVEAT: The pref-type values may well be enhanced in the
future as more inter-ASs routing protocols introduce
other metrics.
Any route specified in interas-in and not specified in
as-in is assumed not accepted between the ASes concerned.
Diagnostic tools should flag this inconsistency as an
error. It should be noted that if an interas-in policy
is specified then it is mandatory to specify the
corresponding global policy in the as-in line. Please
note there is no relevance in the cost associated with
as-in and the preferences used in interas-in.
<routing policy expression> is an expression as defined in
as-in above.
Examples:
NB: This line is wrapped for readability.
interas-in: from AS1104 192.(pref=10)/accept.AS786.AS987
interas-in: from AS1104 192.87.45.(pref=20)2accept.AS987
interas-in: from AS1103 192.87.45.2(pref=MED)8accept2ANY
Status: optional, multiple lines allowed
interas-out:
Format:
to <aut-num> <local-rid> <neighbor-rid> [<metric>] announce
<routing policy expression>
The keywords to and announce are optional and can be omitted.
The definitions of <aut-num>, <local-rid> <neighbor-rid>, and
<routing policy expression> are identical to those defined in
interas-in.
<metric> is optional and is defined as follows:
(<metric-type>=<value>)
It should be noted the parenthesis "(" and ")" and the
keywords of "<metric-type>" must be present for this metric to
be valid.
<metric-type> currently only supports "metric-out". It could
be expanded to other type of preference such as TOS/QOS as
routing technology matures.
<value> can take one of the following values:
<num-metric>
<num-metric> is a pre-configured metric for out-bound
routes. The lower the cost the more preferred the route.
This <num-metric> value is literally passed by the
routing protocol to the neighbor. It is expected that it
is used there which is indicated by pref=MED on the
corresponding interas-in attribute. It should be noted
that whether to accept the outgoing metric or not is
totally within the discretion of the neighbor AS.
IGP
This indicates that the metric reflects the ASs internal
topology cost. The topology is reflected here by using
MED which is derived from the AS's IGP metric.
NOTE: Combinations of IGP and <num-metric> should be
avoided for the same destinations.
CAVEAT: The metric-out values may well be enhanced in the
future as more interas protocols make use of metrics.
Any route specified in interas-out and not specified in
as-out is assumed not announced between the ASes
concerned. Diagnostic tools should flag this
inconsistency as an error. It should be noted that if an
interas-out policy is specified then it is mandatory to
specify the corresponding global policy in the as-out
line.
Examples:
interas-out:ntoiAS1104p192.87.45.254/32t192.87.45.80/32
interas-out: to AS1104m192.87.45.254/32n192.87.45.80/32
interas-out: to AS1103 192.87.45.254/325192.87.45.80/32
(metric-out=IGP) announce ANY
Status: optional, multiple lines allowed
as-exclude:
A list of transit ASes to ignore all routes from.
Format:
exclude <aut-num> to <exclude-route-keyword>
Keywords exclude and to are optional and can again be omitted.
<aut-num> refers to the transit AS in question.
an <exclude-route-keyword> can be ONE of the following.
1. <aut-num>
2. AS macro
3. Community
4. ANY
Examples:
as-exclude: exclude AS690 to HEPNET
This means exclude any HEPNET routes which have a route via
AS690.
as-exclude: exclude AS1800 to AS-EUNET
This means exclude any AS-EUNET routes which have a route via
AS1800.
as-exclude: exclude AS1755 to AS1104
This means exclude any AS1104 route which have a route via
AS1755.
as-exclude: exclude AS1104 to ANY
This means exclude all routes which have a route via AS1104.
Status: optional, multiple lines allowed
default:
An indication of how default routing is done.
Format:
<aut-num> <relative cost> <default-expression>
where <aut-num> is the AS peer you will default route to,
and <relative cost> is the relative cost is a positive integer
used to express a preference for default. There is no
relationship to the cost used in the as-in tag. The AS peer
with the lowest cost is used for default over ones with higher
costs.
<default-expression> is optional and provides information on
how a default route is selected. It can take the following
formats:
1. static. This indicates that a default is statically
configured to this AS peer.
2. A route list with the syntax as described in the as-in
attribute. This indicates that this list of routes is
used to generate a default route. A special but valid
value in this is the special route used by some routing
protocols to indicate default: 0.0.0.0/0
3. default. This is the same as {0.0.0.0/0}. This means that
the routing protocol between these two peers generates a
true default.
Examples:
default: AS1755 10
default: AS786 5 {140.222.0.0/16, 192.87.45.0/24}
default: AS2043 15 default
Status: optional, multiple lines allowed
tech-c:
Full name or uniquely assigned NIC-handle of a technical contact
person. This is someone to be contacted for technical problems such
as misconfiguration.
Format:
<firstname> <initials> <lastname> or <nic-handle>
Example:
tech-c: John E Doe
tech-c: JED31
Status: mandatory, multiple lines allowed
admin-c:
Full name or uniquely assigned NIC-handle of an administrative
contact person. In many cases this would be the name of the
guardian.
Format:
<firstname> <initials> <lastname> or <nic-handle>
Example:
admin-c: Joe T Bloggs
admin-c: JTB1
Status: mandatory, multiple lines allowed
guardian:
Mailbox of the guardian of the Autonomous system.
Format:
<email-address>
The <email-address> should be in RFC822 domain format wherever
possible.
Example:
guardian: as1104-guardian@nikhef.nl
Status: mandatory, only one line and e-mail address allowed
remarks:
Remarks/comments, to be used only for clarification.
Format:
free text
Example:
remarks: Multihomed AS talking to AS1755 and AS786
remarks: Will soon connect to AS1104 also.
Status: optional, multiple lines allowed
notify:
The notify attribute contains an email address to which
notifications of changes to this object should be sent. See also
[11].
Format:
<email-address>
The <email-address> should be in RFC822 domain syntax wherever
possible.
Example:
notify: Marten.Terpstra@ripe.net
Status: optional, multiple lines allowed
mnt-by:
The mnt-by attribute contains a registered maintainer name. See
also [11].
Format:
<registered maintainer name>
Example:
mnt-by: RIPE-DBM
Status: optional, multiple lines allowed
changed:
Who changed this object last, and when was this change made.
Format:
<email-address> YYMMDD
<email-address> should be the address of the person who made
the last change. YYMMDD denotes the date this change was made.
Example:
changed: johndoe@terabit-labs.nn 900401
Status: mandatory, multiple lines allowed
source:
Source of the information.
This is used to separate information from different sources kept by
the same database software. For RIPE database entries the value is
fixed to RIPE.
Format:
RIPE
Status: mandatory, only one line allowed
Appendix B - Syntax details for the community object. Here is a summary of the tags associated with community object itself and their status. The first column specifies the attribute, the second column whether this attribute is mandatory in the community object, and the third column whether this specific attribute can occur only once per object [single], or more than once [multiple]. When specifying multiple lines per attribute, the attribute name must be repeated. See [6] the example for the descr: attribute. community: [mandatory] [single] descr: [mandatory] [multiple] authority: [mandatory] [single] guardian: [mandatory] [single] tech-c: [mandatory] [multiple] admin-c: [mandatory] [multiple] remarks: [optional] [multiple] notify: [optional] [multiple] mnt-by: [optional] [multiple] changed: [mandatory] [multiple] source: [mandatory] [single] Each attribute has the following syntax: community: Name of the community. The name of the community should be descriptive of the community it describes. Format: Upper case text string which cannot start with "AS" or any of the <routing policy expression> KEYWORDS. See Appendix A. Example: community: WCW Status: mandatory, only one line allowed
descr:
A short description of the community represented.
Format:
free text
Example:
descr: Science Park Watergraafsmeer
descr: Amsterdam
Status: mandatory, multiple lines allowed
authority:
The formal authority for this community. This could be an
organisation, institute, committee, etc.
Format:
free text
Example:
authority: WCW LAN Committee
Status: mandatory, only one line allowed
guardian:
Mailbox of the guardian of the community.
Format:
<email-address>
The <email-address> should be in RFC822 domain format
wherever possible.
Example:
guardian: wcw-guardian@nikhef.nl
Status: mandatory, only one line and email address allowed
tech-c:
Full name or uniquely assigned NIC-handle of an technical
contact person for this community.
Format:
<firstname> <initials> <lastname> or <nic-handle>
Example:
tech-c: John E Doe
tech-c: JED31
Status: mandatory, multiple lines allowed
admin-c:
Full name or uniquely assigned NIC-handle of an administrative
contact person. In many cases this would be the name of the
guardian.
Format:
<firstname> <initials> <lastname> or <nic-handle>
Example:
admin-c: Joe T Bloggs
admin-c: JTB1
Status: mandatory, multiple lines allowed
remarks:
Remarks/comments, to be used only for clarification.
Format:
free text
Example:
remarks: Temporary community
remarks: Will be removed after split into ASes
Status: optional, multiple lines allowed
notify:
The notify attribute contains an email address to which
notifications of changes to this object should be send. See also
[11].
Format:
<email-address>
The <email-address> should be in RFC822 domain syntax
wherever possible.
Example:
notify: Marten.Terpstra@ripe.net
Status: optional, multiple lines allowed
mnt-by:
The mnt-by attribute contains a registered maintainer name. See
also [11].
Format:
<registered maintainer name>
Example:
mnt-by: RIPE-DBM
Status: optional, multiple lines allowed
changed:
Who changed this object last, and when was this change made.
Format:
<email-address> YYMMDD
<email-address> should be the address of the person who
made the last change. YYMMDD denotes the date this change
was made.
Example:
changed: johndoe@terabit-labs.nn 900401
Status: mandatory, multiple lines allowed
source:
Source of the information.
This is used to separate information from different sources kept
by the same database software. For RIPE database entries the
value is fixed to RIPE.
Format:
RIPE
Status: mandatory, only one line allowed
Appendix C - AS Macros syntax definition. Here is a summary of the tags associated with as-macro object itself and their status. The first column specifies the attribute, the second column whether this attribute is mandatory in the as-macro object, and the third column whether this specific attribute can occur only once per object [single], or more than once [multiple]. When specifying multiple lines per attribute, the attribute name must be repeated. See [6] the example for the descr: attribute. as-macro: [mandatory] [single] descr: [mandatory] [multiple] as-list: [mandatory] [multiple] guardian: [mandatory] [single] tech-c: [mandatory] [multiple] admin-c: [mandatory] [multiple] remarks: [optional] [multiple] notify: [optional] [multiple] mnt-by: [optional] [multiple] changed: [mandatory] [multiple] source: [mandatory] [single] Each attribute has the following syntax: as-macro: The name of a macro containing at least two Autonomous Systems grouped together for ease of administration. Format: AS-<string> The <string> should be in upper case and not contain any special characters. Example: as-macro: AS-EBONE Status: mandatory, only one line allowed descr: A short description of the Autonomous System Macro. Format: free text
Example:
descr: Macro for EBONE connected ASes
Status: mandatory, multiple lines allowed
as-list:
The list of ASes or other AS macros that make up this macro. It
should be noted that recursive use of AS macros is to be
encouraged.
Format:
<aut-num> <as-macro> ...
See Appendix A for <aut-num> definition.
Example:
as-list: AS786 AS513 AS1104
as-list: AS99 AS-NORDUNET
Status: mandatory, multiple lines allowed
guardian:
Mailbox of the guardian of this AS macro.
Format:
<email-address>
The <email-address> should be in RFC822 domain format
wherever possible.
Example:
guardian: as-ebone-guardian@ebone.net
Status: mandatory, only one line and e-mail address allowed
tech-c:
Full name or uniquely assigned NIC-handle of a technical contact
person for this macro. This is someone to be contacted for
technical problems such as misconfiguration.
Format:
<firstname> <initials> <lastname> or <nic-handle>
Examples:
tech-c: John E Doe
tech-c: JED31
Status: mandatory, multiple lines allowed
admin-c:
Full name or uniquely assigned NIC-handle of an administrative
contact person. In many cases this would be the name of the
guardian.
Format:
<firstname> <initials> <lastname> or <nic-handle>
Examples:
admin-c: Joe T Bloggs
admin-c: JTB1
Status: mandatory, multiple lines allowed
remarks:
Remarks/comments, to be used only for clarification.
Format:
free text
Example:
remarks: AS321 will be removed from this Macro shortly
Status: optional, multiple lines allowed
notify:
The notify attribute contains an email address to which
notifications of changes to this object should be send. See also
[11].
Format:
<email-address>
The <email-address> should be in RFC822 domain syntax
wherever possible.
Example:
notify: Marten.Terpstra@ripe.net
Status: optional, multiple lines allowed
mnt-by:
The mnt-by attribute contains a registered maintainer name. See
also [11].
Format:
<registered maintainer name>
Example:
mnt-by: RIPE-DBM
Status: optional, multiple lines allowed
changed:
Who changed this object last, and when was this change made.
Format:
<email-address> YYMMDD
<email-address> should be the address of the person who
made the last change. YYMMDD denotes the date this change
was made.
Example:
changed: johndoe@terabit-labs.nn 900401
Status: mandatory, multiple lines allowed
source:
Source of the information.
This is used to separate information from different sources kept
by the same database software. For RIPE database entries the
value is fixed to RIPE.
Format:
RIPE
Status: mandatory, only one line allowed
Appendix D - Syntax for the "route" object. There is a summary of the tags associated with route object itself and their status. The first column specifies the attribute, the second column whether this attribute is mandatory in the community object, and the third column whether this specific attribute can occur only once per object [single], or more than once [multiple]. When specifying multiple lines per attribute, the attribute name must be repeated. See [6] the example for the descr: attribute. route: [mandatory] [single] descr: [mandatory] [multiple] origin: [mandatory] [single] hole: [optional] [multiple] withdrawn: [optional] [single] comm-list: [optional] [multiple] remarks: [optional] [multiple] notify: [optional] [multiple] mnt-by: [optional] [multiple] changed: [mandatory] [multiple] source: [mandatory] [single] Each attribute has the following syntax: route: Route being announced. Format: Classless representation of a route with the RIPE database known as the "prefix length" representation. See [10] for more details on classless representations. Examples: route: 192.87.45.0/24 This represents addressable bits 192.87.45.0 to 192.87.45.255. route: 192.1.128.0/17 This represents addressable bits 192.1.128.0 to 192.1.255.255. Status: mandatory, only one line allowed
origin:
The autonomous system announcing this route.
Format:
<aut-num>
See Appendix A for <aut-num> syntax.
Example:
origin: AS1104
Status: mandatory, only one line allowed
hole:
Denote the parts of the address space covered this route object
to which the originator does not provide connectivity. These
holes may include routes that are being currently routed by
another provider (e.g., a customer using that space has moved to
a different service provider). They may also include space that
has not yet been assigned to any customer.
Format:
Classless representation of a route with the RIPE database
known as the "prefix length" representation. See [10] for
more details on classless representations. It should be
noted that this sub-aggregate must be a component of that
registered in the route object.
Example:
hole: 193.0.4.0/24
Status: optional, multiple lines allowed
withdrawn:
Used to denote the day this route has been withdrawn from the
Internet routing mesh. This will be usually be used when a less
specific aggregate route is now routed the more specific (i.e.
this route) is not need anymore.
Format:
YYMMDD
YYMMDD denotes the date this route was withdrawn.
Example:
withdrawn: 940711
Status: optional, one line allowed.
comm-list:
List of one or more communities this route is part of.
Format:
<community> <community> ...
See Appendix B for <community> definition.
Example:
comm-list: HEP LEP
Status: optional, multiple lines allowed
remarks:
Remarks/comments, to be used only for clarification.
Format:
free text
Example:
remarks: Multihomed AS talking to AS1755 and AS786
remarks: Will soon connect to AS1104 also.
Status: optional, multiple lines allowed
notify:
The notify attribute contains an email address to which
notifications of changes to this object should be send. See also
[11].
Format:
<email-address>
The <email-address> should be in RFC822 domain syntax
wherever possible.
Example:
notify: Marten.Terpstra@ripe.net
Status: optional, multiple lines allowed
mnt-by:
The mnt-by attribute contains a registered maintainer name. See
also [11].
Format:
<registered maintainer name>
Example:
mnt-by: RIPE-DBM
Status: optional, multiple lines allowed
changed:
Who changed this object last, and when was this change made.
Format:
<email-address> YYMMDD
<email-address> should be the address of the person who
made the last change. YYMMDD denotes the date this change
was made.
Example:
changed: johndoe@terabit-labs.nn 900401
Status: mandatory, multiple lines allowed
source:
Source of the information.
This is used to separate information from different sources kept
by the same database software. For RIPE database entries the
value is fixed to RIPE.
Format:
RIPE
Status: mandatory, only one line allowed
Appendix E - List of reserved words The following list of words are reserved for use within the attributes of the AS object. The use of these words is solely for the purpose of clarity. All keywords must be lower case. accept announce exclude from to transit Examples of the usage of the reserved words are: as-in: from <neighborAS> accept <route> as-out: to <neighborAS> announce <route> as-exclude: exclude <ASpath> to <destination> as-transit: transit <ASpath> to <destination> default: from <neighborAS> accept <route> default: to <neighborAS> announce <route> Note: that as-transit is an experimental attribute. See section 10.
Appendix F - Motivations for RIPE-81++ This appendix gives motivations for the major changes in this proposal from ripe-81. The main goals of the routing registry rework are: SPLIT Separate the allocation and routing registry functions into different database objects. This will facilitate data management if the Internet registry and routing registry functions are separated (like in other parts of the world). It will also make more clear what is part of the routing registry and who has authority to change allocation vs. routing data. CIDR Add the possibility to specify classless routes in the routing registry. Classless routes are being used in Internet production now. Aggregation information in the routing registry is necessary for network layer troubleshooting. It is also necessary because aggregation influences routing policies directly. CALLOC Add the possibility to allocate address space on classless boundaries in the allocation registry. This is a way to preserve address space. CLEAN To clean up some of the obsolete and unused parts of the routing registry. The major changes are now discussed in turn: Introduce Classless Addresses CIDR, CALLOC Introduce route object. SPLIT, CIDR and CALLOC.
Delete obsolete attributes from inetnum. CLEAN. Delete RIPE-DB and LOCAL from routing policy expressions. CLEAN Allow multiple ASes to originate the same route Because it is being done. CIDR. Made possible by SPLIT.
Appendix G - Transition strategy from RIPE-81 to RIPE-81++ Transition from the routing registry described by ripe-81 to the routing registry described in this document is a straightforward process once the new registry functions have been implemented in the database software and are understood by the most commonly used registry tools. The routing related attributes in the classful inetnum objects of ripe- 81 can be directly translated into new routing objects. Then these attributes can be deleted from the inetnum object making that object if conform to the new schema. Proposed transition steps: 1) Implement classless addresses and new object definition in the database software. 2) Make common tools understand the new schema and prefer it if both old and new are present. 3) Invite everyone to convert their data to the new format. This can be encouraged by doing conversions automatically and proposing them to maintainers. 4) At a flag day remove all remaining routing information from the inetnum objects. Before the flag day all usage of obsoleted inetnum attributes has to cease and all other routing registry functions have to be taken over by the new objects and attributes.