Post on 05-Jan-2016
description
1Denis Walker . RIPE 45, May 2003, Barcelona . http://www.ripe.net
DBupdate
Denis Walker
RIPE NCC
<denis@ripe.net>
Denis Walker . RIPE 45, May 2003, Barcelona . http://www.ripe.net 2
dbupdate
LOVE IT or HATE IT
You have probably all used it.
Denis Walker . RIPE 45, May 2003, Barcelona . http://www.ripe.net 3
What is it ?
• The front end processor for updating objects in the database.
• Part of the Whois server software.• It allows you to:
– CREATE– MODIFY – DELETE
objects in the database.
Used to be UPDATE
Denis Walker . RIPE 45, May 2003, Barcelona . http://www.ripe.net 4
“If it ain’t broken
don’t fix it”
Why the change ?
Denis Walker . RIPE 45, May 2003, Barcelona . http://www.ripe.net 5
Motivation for Change
• Mature program with many experienced users providing feedback.
• Error reporting was inadequate and misleading.• Need to provide more information on authorisation
success / failure.• Better handling of generated attributes.• Need for plug in capabilities.• Want to be able to add new features in the future
more quickly and with more confidence.
Denis Walker . RIPE 45, May 2003, Barcelona . http://www.ripe.net 6
Team Project
• Design / Development– Shane– Tiago– Denis
• Early Design– Andrei
• Test System– Katie– Denis
• Infrastructure Support– Engin– Can
Denis Walker . RIPE 45, May 2003, Barcelona . http://www.ripe.net 7
What has changed ?
• From a users viewpoint the only change will be seen in the responses received back from dbupdate.
• Method of access is unchanged.– email– sync updates– Web updates– (internally – override for ripe-dbm and hostmasters)
• Format of input is unchanged.
Denis Walker . RIPE 45, May 2003, Barcelona . http://www.ripe.net 8
Format of InputPlain Text or MIME
Atomic
text/plain
Application/pgp (readable text)
Composite
Multipart
Message/RFC822
7 bit
8bit
Binary
Quoted printable
X base 64 X
Signed (pgp)
Alternative
Mixed
X encrypted X
Denis Walker . RIPE 45, May 2003, Barcelona . http://www.ripe.net 9
Nested Authentication
password
pgp
pgp
password
pgp p2
pgp p1p2 + p1
p1
password
Denis Walker . RIPE 45, May 2003, Barcelona . http://www.ripe.net 10
Nested Authentication
s1s1, s2
signature s1
text/plain
signed
signature s1
signature s2
text/plain
signedsigned
Denis Walker . RIPE 45, May 2003, Barcelona . http://www.ripe.net 11
Nested Authentication
s1 s2 pw
s1 s2 pw
s1 s2 pw p1
s1
s1 s2
signature s1
signature s2
password pw
pgp p1
signed
signed
signature s1
signed
signed
signature s2
message
Denis Walker . RIPE 45, May 2003, Barcelona . http://www.ripe.net 12
Responses
• Biggest change is in the acknowledgement reply to the user.
• Slight change to the forward and notification replies.
Denis Walker . RIPE 45, May 2003, Barcelona . http://www.ripe.net 13
Acknowledgement Messages
• Handle all error conditions gracefully and return an acknowledgement back to the user.
• Extreme errors will report “internal error, please contact ripe-dbm@ripe.net”.
• Much more information, more logically set out.• Start with a quick summary, follow up with the
detail.• Record separators before each object to make
parsing by scripts easier.
Denis Walker . RIPE 45, May 2003, Barcelona . http://www.ripe.net 14
Acknowledgement Messages
• Better recognition of an ‘object’ in the input to reduce the “class not recognised” errors on textual paragraphs in the input message.
• Detailed authorisation information for each object.• Per-class information messages (allowing results
to point the user to more specific help, e.g. IN-ADDR.ARPA help for failed domain objects).
Denis Walker . RIPE 45, May 2003, Barcelona . http://www.ripe.net 15
Example update messageFrom: dbtest@ripe.net Subject: Route updateTo: auto-dbm@ripe.net
Please update these routes:
password: mb-childpassword: ml-parent
route: 20.13.0.0/16descr: Routeorigin: AS200mnt-by: CHILD-MB-MNTchanged: dbtest@ripe.net 20020101source: DB-TEST
route: 20.0.0.0/8descr: parent route objectorigin: AS100mnt-by: PARENT-MB-MNTchanged: dbtest@ripe.net 20020101source: DB-TEST
RegardsLIR Admin
Denis Walker . RIPE 45, May 2003, Barcelona . http://www.ripe.net 16
Acknowledgement Reply
From: RIPE Database Management <ripe-dbm@ripe.net>To: dbtest@ripe.netSubject: FAILED: Route update
> From: dbtest@ripe.net > Subject: Route update > Date: Wed, 23 Apr 2003 12:01:07 +0200> Reply-To: dbtest@ripe.net > Message-ID: 20030423100107.GA26859@somebox.ripe.net
Denis Walker . RIPE 45, May 2003, Barcelona . http://www.ripe.net 17
Acknowledgement SummarySUMMARY OF UPDATE:
Number of objects found: 2 Number of objects processed successfully: 1 Create: 1 Modify: 0 Delete: 0 No Operation: 0Number of objects processed with errors: 1 Create: 0 Modify: 1 Delete: 0 Syntax Errors: 0
Denis Walker . RIPE 45, May 2003, Barcelona . http://www.ripe.net 18
The Detail
DETAILED EXPLANATION:
***Warning: Invalid keyword(s) found: Route, update***Warning: All keywords were ignored
Denis Walker . RIPE 45, May 2003, Barcelona . http://www.ripe.net 19
Errors are Listed First~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~The following object(s) were found to have ERRORS:
---Modify FAILED: [route] 20.0.0.0/8AS100***Error: Authorisation failed***Info: Syntax check passed route: 20.0.0.0/8descr: parent route objectorigin: AS100mnt-by: PARENT-MB-MNTchanged: dbtest@ripe.net 20020101source: DB-TEST
***Info: Authorisation for [route] 20.0.0.0/8AS100 using mnt-by: not authenticated by: PARENT-MB-MNT
Denis Walker . RIPE 45, May 2003, Barcelona . http://www.ripe.net 20
Followed by the Successes~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~The following object(s) were processed SUCCESSFULLY:
---Create SUCCEEDED: [route] 20.13.0.0/16AS200
***Info: Authorisation for parent [route] 20.0.0.0/8AS100 using mnt-lower: authenticated by: PARENT-ML-MNT
***Info: Authorisation for origin [aut-num] AS200 using mnt-by: authenticated by: CHILD-MB-MNT
***Info: Authorisation for [route] 20.13.0.0/16AS200 using mnt-by: authenticated by: CHILD-MB-MNT
Denis Walker . RIPE 45, May 2003, Barcelona . http://www.ripe.net 21
Ending with the random text~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~The following paragraph(s) do not look like objectsand were NOT PROCESSED:
Please update these routes:
RegardsLIR Admin~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ For assistance or clarification please contact:RIPE Database Administration <ripe-dbm@ripe.net>
Denis Walker . RIPE 45, May 2003, Barcelona . http://www.ripe.net 22
Notifications / Forwards
• General layout same as before.• Same record separators before each object as
used in the acknowledgement message.• Where authorisation is required from a parent
object, messages will be sent ALL maintainers in a list, rather than only the one that is used for the authorisation.
Denis Walker . RIPE 45, May 2003, Barcelona . http://www.ripe.net 23
Testing
• Full testing environment developed in parallel with program development.
• Hundreds of updates designed to test all parts of the system.
• Includes a batch of ‘real’ updates that have caused problems in the past.
• Full test run takes about one hour.• Full test will be run after every change, before
putting a new binary into production.• Test system and data will be included in a future
release of the software.
Denis Walker . RIPE 45, May 2003, Barcelona . http://www.ripe.net 24
Documentation
• Detailed design specs to be issued later.• RIPE Database User Manual: Getting Started
http://www.ripe.net/ripe/docs/db-start.html• RIPE Database Reference Manual
http://www.ripe.net/ripe/docs/databaseref-manual.html• Release Notes.• Full list of error messages with detailed explanations to be
prepared.• Explanation of the new acknowledgement reply.
http://www.ripe.net/db/dbupdate/acknowledgments.html
• Description of some of the benefits.http://www.ripe.net/db/dbupdate/
Denis Walker . RIPE 45, May 2003, Barcelona . http://www.ripe.net 25
Questions, Discussion