1.79k likes | 1.96k Views
Routing Policy Specification Language. Ambrose Magee LM Ericsson Ltd. <ambrose.magee@eei.ericsson.se> Tuesday, 28th August, 2001 APNIC-12. Introduction. Tutorial not a substitute for reading the RFC documents Target Audience knowledge of Internet Routing
E N D
Routing Policy Specification Language Ambrose Magee LM Ericsson Ltd. <ambrose.magee@eei.ericsson.se> Tuesday, 28th August, 2001 APNIC-12
Introduction • Tutorial • not a substitute for reading the RFC documents • Target Audience • knowledge of Internet Routing • familiar with APNIC Whois Database • no need to know Internet Routing Registry
Contents of this tutorial • The Internet Routing Registry • Routing Policy Specification Language • RIPE Database Version 3 • Routing Policy System Security (RPSS) • security for Internet Routing Registry (IRR) • RAToolSet & RtConfig
The Internet Routing Registry • Background • Structure • Why use it ? • BGP configuration from the Internet Routing Registry
The Internet Routing Registry (IRR) • Established in 1995 • http://www.irr.net/ • Stability and consistency of routing • network operators share information • Both public and private databases • These databases are independent • but some exchange data • only register your data in one database
Internet Routing Registry ARIN, ArcStar, FGC, Verio, Bconnex, Telstra, ... RIPE CW RADB Bell.db ANS Policy and contact information is shared.
Why use the Internet Routing Registry ? • When peering • register your routes and filter your peers • Some transit providers and big ISP’s ask for this • Useful for fixing problems • contact information
Why use the Internet Routing Registry ? • BGP->RIP->BGP injection • 128/7 leak • bogon 0/0, 10/8 leaks • Daily, someone is leaking somelse’s prefix.
BGP Configuration from Internet Routing Registry • Routing Policy specification Language (RPSL) • abstract, high-level policies • policies for each Autonomous System (AS) • Internet Routing Registry • policies, routes and contact informatiom • benefit from the data and delegation of others • RtConfig • RAToolSet • generate router configuration files • automates details and tedious aspects
Routing Policy Specification Language • Background • RPSL Objects • Contact Information • Specifying Policy • Set Objects • Inet-rtr object • Advanced Features
Routing Policy Specification Language • Object-based language • route, autonomous system, router, contact and set objects • Defines the syntax, semantics and format of data in IRR • Vendor independent • Extensible • IETF Proposed Standard (RFC2622) • Based on RIPE-181 (RFC 1786) • Currently, no support for IPv6
Routing Policy Specification Language 2 • RIPE-181 • some policies cannot be specified • Internet Routing Registry • needed a more powerful language • RPSL • more expressive than RIPE-181 • policies can be expressed at the AS level • policies can be detailed => router configurations PRDB RIPE-81 RIPE-181 RPSL
Routing Policy Specification Language • Background • RPSL Objects • Contact Information • Specifying Policy • Set Objects • inet-rtr object • Advanced Features
Objects in RPSL • RPSL is based on objects • Format of RPSL similar to RIPE-181 • Objects and Attributes • Attributes and Values • Object Names • Reserved Names
RPSL is based on Objects • Each object describes an entity in the real world • Object classes (= object types) • 12 types of object • RPS-Sec defines one more (as-block)
RIPE Database Version 3 • Includes most RPSL object classes • Excludes dictionary object class • Defines 4 other object classes
RPSL Object Attribute name Attribute value person: Clare Lancers address: Corrofin phone: + 123 123 # day time e-mail: clancers@apnic.net nic-hdl: CL123-TEST remarks: This is a test object changed: clancers@apnic.net 20010730 source: TEST Comment Continuation
RPSL Objects • RPSL objects are similar to RIPE-181 objects • Objects • set of attributes • Attributes • mandatory or optional • values: single, list, multiple • see the object template
RPSL Objects • Class “key” • set of attributes • usually one attribute has the same name as the object’s class • uniquely identify each object • Class “key” = primary key • must be specified first
RPSL Object Attribute name Attribute value person: Clare Lancers address: Corrofin phone: + 123 123 # day time e-mail: clancers@apnic.net nic-hdl: CL123-TEST remarks: This is a test object changed: clancers@apnic.net 20010730 source: TEST Comment Continuation
RPSL vs RIPE-181 objects • Line continuation possible • space, tab, ‘+’ • Comments • begin with ‘#’ • can be anywhere inside an object • but cannot start at beginning of a line (column 0) • Objects ends at “\n\n” (blank line) • The order of attribute-value pairs is significant
Attributes • Case insensitive • ASCII • Value of an attribute has a type • <object-name> • <as-number> • <ipv4-address> • <address-prefix> • etc. • Complete list of attributes in RFC 2622 & RIPE-223
Object Names • Objects names can have - or _ inside • e.g. RIPE-DBM-MNT • Can have digits • Case-insensitive • First character: alphabetic • Last character: must be a letter or a digit • Reserved names • Reserved prefixes
Reserved Names any as-any rs-any peeras and or not atomic from to at action accept announce except refine networks into inbound outbound
Reserved Prefixes PrefixObject type as- as set rs- route set rtrs- router set fltr- filter set prng- peering set
Routing Policy Specification Language • Background • RPSL Objects • Contact Information • Specifying Policy • Set Objects • inet-rtr object • Advanced Features
Contact Information • person • role • mntner
Person Object person: Clare Lancers address: Corrofin phone: + 123 123 # day time e-mail: clancers@apnic.net nic-hdl: CL123-TEST remarks: This is a test object mnt-by: TEST-MNT changed: clancers@apnic.net 20010730 source: TEST Person object information Auxiliary information
Person Object 2 • Information about technical or administrative contact • The value of the “person” attribute cannot be changed • The nic-handle is the primary key. • In RIPE-181, name && nic-handle was the primary key • The role object is very similar • Auxiliary information is in all object types
Mntner object 2 • New attribute: referral-by • the mntner that created this mntner • New attribute: auth-override • date after which the mntner can be modified • only the mntner in “referral-by” can do this
“auth” attribute • NONE • MAIL-FROM • e.g. MAIL-FROM webmaster@apnic.net • e.g. MAIL-FROM .*apnic.net • CRYPT-PW • produced by the UNIX crypt routine • e.g. CRYPT-PW lz1A7/JnfkTI
“auth” attribute 2 • PGPKEY-<PGP Key ID> • e.g. PGPKEY-1290F9D2 • RFC 2726 • key-cert object • Be careful using many authentication methods in mntner • logical OR used • avoid using authentication NONE
Routing Policy Specification Language • Background • RPSL Objects • Contact Information • Specifying Policy • Set Objects • inet-rtr object • Advanced Features
Specifying Policy • Internet Routing • aut-num object • route-set object • as-set object • AS Path Regular Expression • Composite Policy Filters • Specifying Actions
Specifying Policy 2 • Community Based Policies • Ambiguity Resolution
Internet Routing ISP-2 A ISP-1 ISP-3 B
Inter-AS Topology Regional ISP Backbone Providers Other ASes
AS Relationships • Customer-Regional Provider • Provider forwards traffice • advertises customer routes • Peer-Peer • mutual benefit • Regional Provider-Backbone Provider • similar to Customer-Regional Provider • Typical routing policies implement these
Inter-AS Routing Regional ISP AS level peering export AS1 AS2 128.9.0.0/16 import AS2 originates 128.9.0.0/16 AS2 exports 128.9.0.0/16 to AS1 AS1 imports 128.9.0.0/16 from AS2
BGP Routes: Path Attributes • Destination address prefixes • AS path • Originator AS • List of communities (flags) • Metrices: med, pref
aut-num Object expresses routing policy Auxiliary information not shown