1Denis Walker . RIPE 45, May 2003, Barcelona . http://www.ripe.net

DBupdate

Denis Walker

RIPE NCC

<denis@ripe.net>

Denis Walker . RIPE 45, May 2003, Barcelona . http://www.ripe.net 2

dbupdate

LOVE IT or HATE IT

You have probably all used it.

Denis Walker . RIPE 45, May 2003, Barcelona . http://www.ripe.net 3

What is it ?

• The front end processor for updating objects in the database.

• Part of the Whois server software.• It allows you to:

– CREATE– MODIFY – DELETE

objects in the database.

Used to be UPDATE

Denis Walker . RIPE 45, May 2003, Barcelona . http://www.ripe.net 4

“If it ain’t broken

don’t fix it”

Why the change ?

Denis Walker . RIPE 45, May 2003, Barcelona . http://www.ripe.net 5

Motivation for Change

• Mature program with many experienced users providing feedback.

• Error reporting was inadequate and misleading.• Need to provide more information on authorisation

success / failure.• Better handling of generated attributes.• Need for plug in capabilities.• Want to be able to add new features in the future

more quickly and with more confidence.

Denis Walker . RIPE 45, May 2003, Barcelona . http://www.ripe.net 6

Team Project

• Design / Development– Shane– Tiago– Denis

• Early Design– Andrei

• Test System– Katie– Denis

• Infrastructure Support– Engin– Can

Denis Walker . RIPE 45, May 2003, Barcelona . http://www.ripe.net 7

What has changed ?

• From a users viewpoint the only change will be seen in the responses received back from dbupdate.

• Method of access is unchanged.– email– sync updates– Web updates– (internally – override for ripe-dbm and hostmasters)

• Format of input is unchanged.

Denis Walker . RIPE 45, May 2003, Barcelona . http://www.ripe.net 8

Format of InputPlain Text or MIME

Atomic

text/plain

Application/pgp (readable text)

Composite

Multipart

Message/RFC822

7 bit

8bit

Binary

Quoted printable

X base 64 X

Signed (pgp)

Alternative

Mixed

X encrypted X

Denis Walker . RIPE 45, May 2003, Barcelona . http://www.ripe.net 9

Nested Authentication

password

pgp

pgp

password

pgp p2

pgp p1p2 + p1

p1

password

Denis Walker . RIPE 45, May 2003, Barcelona . http://www.ripe.net 10

Nested Authentication

s1s1, s2

signature s1

text/plain

signed

signature s1

signature s2

text/plain

signedsigned

Denis Walker . RIPE 45, May 2003, Barcelona . http://www.ripe.net 11

Nested Authentication

s1 s2 pw

s1 s2 pw

s1 s2 pw p1

s1

s1 s2

signature s1

signature s2

password pw

pgp p1

signed

signed

signature s1

signed

signed

signature s2

message

Denis Walker . RIPE 45, May 2003, Barcelona . http://www.ripe.net 12

Responses

• Biggest change is in the acknowledgement reply to the user.

• Slight change to the forward and notification replies.

Denis Walker . RIPE 45, May 2003, Barcelona . http://www.ripe.net 13

Acknowledgement Messages

• Handle all error conditions gracefully and return an acknowledgement back to the user.

• Extreme errors will report “internal error, please contact ripe-dbm@ripe.net”.

• Much more information, more logically set out.• Start with a quick summary, follow up with the

detail.• Record separators before each object to make

parsing by scripts easier.

Denis Walker . RIPE 45, May 2003, Barcelona . http://www.ripe.net 14

Acknowledgement Messages

• Better recognition of an ‘object’ in the input to reduce the “class not recognised” errors on textual paragraphs in the input message.

• Detailed authorisation information for each object.• Per-class information messages (allowing results

to point the user to more specific help, e.g. IN-ADDR.ARPA help for failed domain objects).

Denis Walker . RIPE 45, May 2003, Barcelona . http://www.ripe.net 15

Example update messageFrom: dbtest@ripe.net Subject: Route updateTo: auto-dbm@ripe.net

Please update these routes:

password: mb-childpassword: ml-parent

route: 20.13.0.0/16descr: Routeorigin: AS200mnt-by: CHILD-MB-MNTchanged: dbtest@ripe.net 20020101source: DB-TEST

route: 20.0.0.0/8descr: parent route objectorigin: AS100mnt-by: PARENT-MB-MNTchanged: dbtest@ripe.net 20020101source: DB-TEST

RegardsLIR Admin

Denis Walker . RIPE 45, May 2003, Barcelona . http://www.ripe.net 16

Acknowledgement Reply

From: RIPE Database Management <ripe-dbm@ripe.net>To: dbtest@ripe.netSubject: FAILED: Route update

> From: dbtest@ripe.net > Subject: Route update > Date: Wed, 23 Apr 2003 12:01:07 +0200> Reply-To: dbtest@ripe.net > Message-ID: 20030423100107.GA26859@somebox.ripe.net

Denis Walker . RIPE 45, May 2003, Barcelona . http://www.ripe.net 17

Acknowledgement SummarySUMMARY OF UPDATE:

Number of objects found: 2 Number of objects processed successfully: 1 Create: 1 Modify: 0 Delete: 0 No Operation: 0Number of objects processed with errors: 1 Create: 0 Modify: 1 Delete: 0 Syntax Errors: 0

Denis Walker . RIPE 45, May 2003, Barcelona . http://www.ripe.net 18

The Detail

DETAILED EXPLANATION:

***Warning: Invalid keyword(s) found: Route, update***Warning: All keywords were ignored

Denis Walker . RIPE 45, May 2003, Barcelona . http://www.ripe.net 19

Errors are Listed First~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~The following object(s) were found to have ERRORS:

---Modify FAILED: [route] 20.0.0.0/8AS100***Error: Authorisation failed***Info: Syntax check passed route: 20.0.0.0/8descr: parent route objectorigin: AS100mnt-by: PARENT-MB-MNTchanged: dbtest@ripe.net 20020101source: DB-TEST

***Info: Authorisation for [route] 20.0.0.0/8AS100 using mnt-by: not authenticated by: PARENT-MB-MNT

Denis Walker . RIPE 45, May 2003, Barcelona . http://www.ripe.net 20

Followed by the Successes~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~The following object(s) were processed SUCCESSFULLY:

---Create SUCCEEDED: [route] 20.13.0.0/16AS200

***Info: Authorisation for parent [route] 20.0.0.0/8AS100 using mnt-lower: authenticated by: PARENT-ML-MNT

***Info: Authorisation for origin [aut-num] AS200 using mnt-by: authenticated by: CHILD-MB-MNT

***Info: Authorisation for [route] 20.13.0.0/16AS200 using mnt-by: authenticated by: CHILD-MB-MNT

Denis Walker . RIPE 45, May 2003, Barcelona . http://www.ripe.net 21

Ending with the random text~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~The following paragraph(s) do not look like objectsand were NOT PROCESSED:

Please update these routes:

RegardsLIR Admin~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ For assistance or clarification please contact:RIPE Database Administration <ripe-dbm@ripe.net>

Denis Walker . RIPE 45, May 2003, Barcelona . http://www.ripe.net 22

Notifications / Forwards

• General layout same as before.• Same record separators before each object as

used in the acknowledgement message.• Where authorisation is required from a parent

object, messages will be sent ALL maintainers in a list, rather than only the one that is used for the authorisation.

Denis Walker . RIPE 45, May 2003, Barcelona . http://www.ripe.net 23

Testing

• Full testing environment developed in parallel with program development.

• Hundreds of updates designed to test all parts of the system.

• Includes a batch of ‘real’ updates that have caused problems in the past.

• Full test run takes about one hour.• Full test will be run after every change, before

putting a new binary into production.• Test system and data will be included in a future

release of the software.

Denis Walker . RIPE 45, May 2003, Barcelona . http://www.ripe.net 24

Documentation

• Detailed design specs to be issued later.• RIPE Database User Manual: Getting Started

http://www.ripe.net/ripe/docs/db-start.html• RIPE Database Reference Manual

http://www.ripe.net/ripe/docs/databaseref-manual.html• Release Notes.• Full list of error messages with detailed explanations to be

prepared.• Explanation of the new acknowledgement reply.

http://www.ripe.net/db/dbupdate/acknowledgments.html

• Description of some of the benefits.http://www.ripe.net/db/dbupdate/

Denis Walker . RIPE 45, May 2003, Barcelona . http://www.ripe.net 25

Questions, Discussion