RPSL: Police’ing’ the Net Anwar M. Haneef Electrical and Computer Engineering University of...
-
date post
21-Dec-2015 -
Category
Documents
-
view
214 -
download
0
Transcript of RPSL: Police’ing’ the Net Anwar M. Haneef Electrical and Computer Engineering University of...
RPSL: Police’ing’ the NetRPSL: Police’ing’ the Net
Anwar M. HaneefElectrical and Computer EngineeringUniversity of Massachusetts, Amherst
RFC-2622: Not the most RFC-2622: Not the most fun thing to read on a fun thing to read on a
Friday nightFriday night
Aim of my talkAim of my talk
Not to make you expert network Not to make you expert network managersmanagers
I want all of you to go back home, I want all of you to go back home, knowing that you have learnt the knowing that you have learnt the BASICS of a new languageBASICS of a new language
Prepare you all for the next talk on Prepare you all for the next talk on the practical applications of RPSLthe practical applications of RPSL
AgendaAgenda
What is Routing Policy ?What is Routing Policy ? Why define Routing Policy ?Why define Routing Policy ? BGP ConfigurationBGP Configuration IRR ConfigurationIRR Configuration RPSL – IntroductionRPSL – Introduction RPSL – ObjectsRPSL – Objects What’s nextWhat’s next
AgendaAgenda
What is Routing Policy ?What is Routing Policy ? Why define Routing Policy ?Why define Routing Policy ? BGP ConfigurationBGP Configuration IRR ConfigurationIRR Configuration RPSL – IntroductionRPSL – Introduction RPSL – ObjectsRPSL – Objects What’s nextWhat’s next
What is Routing Policy ?What is Routing Policy ?
Public description of the Public description of the relationships between external relationships between external BGP peersBGP peers
Can describe internal BGP peer Can describe internal BGP peer relationshipsrelationships
Routing PolicyRouting Policy
Who are the peersWho are the peers What routes areWhat routes are
Originated by a peerOriginated by a peer Imported from each peerImported from each peer Exported to each peerExported to each peer Preferred when multiple routes Preferred when multiple routes
existexist What to do if no route existsWhat to do if no route exists
Routing PolicyRouting PolicyUnfortunately, Chun gets Unfortunately, Chun gets to do all the really COOL to do all the really COOL stuff….. stuff…..
Routing Policy ExampleRouting Policy Example
AS1 originates AS1 originates route “d”route “d”
AS1 exports “d” to AS1 exports “d” to AS2, AS2 importsAS2, AS2 imports
AS2 exports “d” to AS2 exports “d” to AS3, AS3 importsAS3, AS3 imports
AS3 exports “d” to AS3 exports “d” to AS5, AS5 importsAS5, AS5 imports
Routing Policy ExampleRouting Policy Example
AS5 also imports AS5 also imports “d” from AS4“d” from AS4
Which route does it Which route does it prefer?prefer?
AgendaAgenda
What is Routing Policy ?What is Routing Policy ? Why define Routing Policy ?Why define Routing Policy ? BGP ConfigurationBGP Configuration IRR ConfigurationIRR Configuration RPSL – IntroductionRPSL – Introduction RPSL – ObjectsRPSL – Objects What’s nextWhat’s next
AgendaAgenda
Why define a Routing Why define a Routing Policy ?Policy ?
DocumentationDocumentation Allows automatic generation of Allows automatic generation of
router configurationsrouter configurations Provides routing securityProvides routing security
Can peer originate the route?Can peer originate the route? Can peer act as transit for the route?Can peer act as transit for the route?
Provides a debugging aidProvides a debugging aid Compare policy versus realityCompare policy versus realityNo one ever does anything No one ever does anything
for documentation, but its for documentation, but its good to have it good to have it
AgendaAgenda
What is Routing Policy ?What is Routing Policy ? Why define Routing Policy ?Why define Routing Policy ? BGP ConfigurationBGP Configuration IRR ConfigurationIRR Configuration RPSL – IntroductionRPSL – Introduction RPSL – ObjectsRPSL – Objects What’s nextWhat’s next
AgendaAgenda
BGP ConfigurationBGP Configuration
Too many routersToo many routers Too detailed, large & tediousToo detailed, large & tedious ConsistencyConsistency Heavy consequences of mistakesHeavy consequences of mistakes
?!?!?!
AgendaAgenda
What is Routing Policy ?What is Routing Policy ? Why define Routing Policy ?Why define Routing Policy ? BGP ConfigurationBGP Configuration The Internet Routing RegistryThe Internet Routing Registry RPSL – IntroductionRPSL – Introduction RPSL – ObjectsRPSL – Objects What’s nextWhat’s next
AgendaAgenda
IRR – What is it ?IRR – What is it ?
Database of Database of IP networks, IP networks, DNS domains,DNS domains, DNS domain Contact Persons and DNS domain Contact Persons and IP routing policies IP routing policies
Data from the IRR may be used by anyone Data from the IRR may be used by anyone worldwide to help debug, configure, and worldwide to help debug, configure, and engineer Internet routing and addressing.engineer Internet routing and addressing.
Currently, the IRR provides the only Currently, the IRR provides the only mechanism for validating the contents of a BGP mechanism for validating the contents of a BGP session or mapping an AS number to a list of session or mapping an AS number to a list of networks.networks.
Internet Routing RegistryInternet Routing Registry
Policy and contact Policy and contact informationinformation
APNIC, ALTDB, APNIC, ALTDB, BELLCA, TELSTRA BELLCA, TELSTRA etc.etc.
Internet Routing RegistryInternet Routing Registry
Route:Route: 128.9.0.0/ 16 128.9.0.0/ 16
descr: ISI-NETdescr: ISI-NET
origin: AS226origin: AS226
notify: [email protected]: [email protected]
mnt-by: LN-MAINT-MCImnt-by: LN-MAINT-MCI
changed: [email protected] 990420changed: [email protected] 990420
source: CWsource: CW
Internet Routing RegistryInternet Routing Registryperson:person: Walt Prue Walt Prue
address: USC/ Information Sciences Instituteaddress: USC/ Information Sciences Institute
4676 Admiralty Way Suite 10004676 Admiralty Way Suite 1000
Marina del Rey, CaliforniaMarina del Rey, California
USAUSA
phone: +1 310 822 1511 x89191phone: +1 310 822 1511 x89191
fax-no: +1 310 823 6714fax-no: +1 310 823 6714
e-mail: [email protected]: [email protected]
nic-hdl: WP8nic-hdl: WP8
notify: [email protected]: [email protected]
mnt-by: LN-MAINT-MCImnt-by: LN-MAINT-MCI
changed: [email protected] 20000222changed: [email protected] 20000222
source: CWsource: CW
Internet Routing RegistryInternet Routing Registry
BGP Configuration from BGP Configuration from IRRIRR
RPSL:RPSL: Abstract, high level, per-as policies Abstract, high level, per-as policies
IRR:IRR: Benefit from others’ data & delegation Benefit from others’ data & delegation
RtConfig:RtConfig: Details/ tedious aspects automated Details/ tedious aspects automated
RPSLRPSLIRRIRR
RtConfigRtConfig
AgendaAgenda
What is Routing Policy ?What is Routing Policy ? Why define Routing Policy ?Why define Routing Policy ? BGP ConfigurationBGP Configuration IRR ConfigurationIRR Configuration RPSL – IntroductionRPSL – Introduction RPSL – ObjectsRPSL – Objects What’s nextWhat’s next
AgendaAgenda
Meet Mr. RPSL – An Meet Mr. RPSL – An IntroductionIntroduction
RPSL allows a network operator to be able to RPSL allows a network operator to be able to specify routing policies at various levels in the specify routing policies at various levels in the Internet hierarchy; for example at the Internet hierarchy; for example at the Autonomous System (AS) levelAutonomous System (AS) level
At the same time, policies can be specified At the same time, policies can be specified with sufficient detail in RPSL so that low level with sufficient detail in RPSL so that low level router configurations can be generated from router configurations can be generated from them.them.
RPSL is extensible; new routing protocols and RPSL is extensible; new routing protocols and new protocol features can be introduced at new protocol features can be introduced at any timeany time
Meet Mr. RPSL – An Meet Mr. RPSL – An IntroductionIntroduction
Object oriented languageObject oriented language RPSL is based on RIPE-181, a language used to RPSL is based on RIPE-181, a language used to
register routing policies and configurations in register routing policies and configurations in the IRRthe IRR
Operational use of RIPE-181 has shown that it Operational use of RIPE-181 has shown that it is sometimes difficult (or impossible) to is sometimes difficult (or impossible) to express a routing policy which is used in express a routing policy which is used in practice practice
RPSL has been developed to address these RPSL has been developed to address these shortcomings and to provide a language which shortcomings and to provide a language which can be further extended as the need arises can be further extended as the need arises
RPSL obsoletes RIPE-181RPSL obsoletes RIPE-181
Meet Mr. RPSL – An Meet Mr. RPSL – An IntroductionIntroduction
RPSL was designed so that a view of the global routing RPSL was designed so that a view of the global routing policy can be contained in a single cooperatively policy can be contained in a single cooperatively maintained distributed database to improve the integrity of maintained distributed database to improve the integrity of Internet's routingInternet's routing
RPSL is not designed to be a router configuration languageRPSL is not designed to be a router configuration language RPSL is designed so that router configurations can be RPSL is designed so that router configurations can be
generated from the description of the policy for one generated from the description of the policy for one autonomous system (aut-num class) combined with the autonomous system (aut-num class) combined with the description of a router (inet-rtr class), mainly providing description of a router (inet-rtr class), mainly providing router ID, autonomous system number of the router, router ID, autonomous system number of the router, interfaces and peers of the router, and combined with a interfaces and peers of the router, and combined with a global database mappings from AS sets to ASes (as-set global database mappings from AS sets to ASes (as-set class), and from origin ASes and route sets to route prefixes class), and from origin ASes and route sets to route prefixes (route and route-set classes)(route and route-set classes)
The accurate population of the RPSL database can help The accurate population of the RPSL database can help contribute toward such goals as router configurations that contribute toward such goals as router configurations that protect against accidental (or malicious) distribution of protect against accidental (or malicious) distribution of inaccurate routing information, verification of Internet's inaccurate routing information, verification of Internet's routing, and aggregation boundaries beyond a single ASrouting, and aggregation boundaries beyond a single AS
RPSL: Getting to know itRPSL: Getting to know it
RPSL constructs are expressed in one or RPSL constructs are expressed in one or more database "objects" which are more database "objects" which are registered in one of the registriesregistered in one of the registries
Each database object contains some Each database object contains some routing policy information and some routing policy information and some necessary administrative datanecessary administrative data
When objects are registered in the IRR, When objects are registered in the IRR, they become available for others to they become available for others to query using a query using a whoiswhois service service
Uses RIPE database style (Uses RIPE database style (whoiswhois) objects) objects
RPSL: Object RPSL: Object RepresentationRepresentation
personperson: : Randy BushRandy Bushaddress: RGnet NOCaddress: RGnet NOC 5147 Crystal Springs Drive NE5147 Crystal Springs Drive NE 10361 NE Sasquatch10361 NE Sasquatch Bainbridge Island, WE 98110Bainbridge Island, WE 98110 USAUSAphone: +1 206 780 0431 phone: +1 206 780 0431 # day time# day timefax-no: +1 206 780 0653fax-no: +1 206 780 0653e-mail: [email protected]: [email protected]: RB366nic-hdl: RB366remarks: This object is automaticallyremarks: This object is automatically converted from RIPE181converted from RIPE181mnt-by: RGNET-MAINT-MCImnt-by: RGNET-MAINT-MCIchanged: [email protected] 19970614changed: [email protected] 19970614source: MCIsource: MCI
RPSL: Object RPSL: Object RepresentationRepresentation
personperson: : Randy BushRandy Bushaddress: RGnet NOCaddress: RGnet NOC 5147 Crystal Springs Drive NE5147 Crystal Springs Drive NE 10361 NE Sasquatch10361 NE Sasquatch Bainbridge Island, WE 98110Bainbridge Island, WE 98110 USAUSAphone: +1 206 780 0431 phone: +1 206 780 0431 # day time# day timefax-no: +1 206 780 0653fax-no: +1 206 780 0653e-mail: [email protected]: [email protected]: RB366nic-hdl: RB366remarks: This object is automaticallyremarks: This object is automatically converted from RIPE181converted from RIPE181mnt-by: RGNET-MAINT-MCImnt-by: RGNET-MAINT-MCIchanged: [email protected] 19970614changed: [email protected] 19970614source: MCIsource: MCI
Attribute Attribute namename
Attribute Attribute valuevalue
CommenCommentt
ContinuatioContinuationn
Common Attributes for Common Attributes for allall classesclasses
descr:descr: Short free text description of the object Short free text description of the object
remarks:remarks: Free text comment attribute Free text comment attribute
tech-c:tech-c: Technical contact nic handles Technical contact nic handles
admin-c:admin-c: Administrative contact nic handles Administrative contact nic handles
notify:notify: Emails to send notification of changes Emails to send notification of changes
mnt-by:mnt-by: Maintainer authorized to do changes Maintainer authorized to do changes
changed:changed: <email><date> <email><date>
source:source: Registry Registry
AgendaAgenda
What is Routing Policy ?What is Routing Policy ? Why define Routing Policy ?Why define Routing Policy ? BGP ConfigurationBGP Configuration IRR ConfigurationIRR Configuration RPSL – IntroductionRPSL – Introduction RPSL – ObjectsRPSL – Objects What’s nextWhat’s next
AgendaAgenda
RPSL ClassesRPSL Classes
Person, Role, MaintainerPerson, Role, MaintainerRouteRouteSet classes: as-set, route-setSet classes: as-set, route-setAutonomous SystemAutonomous System
RPSL ClassesRPSL Classes
Person, Role, MaintainerPerson, Role, Maintainer Person and Role objects are for contact Person and Role objects are for contact
informationinformation Maintainer objects are for authenticationMaintainer objects are for authentication
RouteRoute Set classes: as-set, route-setSet classes: as-set, route-set Autonomous SystemAutonomous System
Person ClassPerson Classperson: Randy Bushperson: Randy Bush
address: RGnet NOCaddress: RGnet NOC
5147 Crystal Springs Drive NE5147 Crystal Springs Drive NE
10361 NE Sasquatch10361 NE Sasquatch
Bainbridge Island, WE 98110Bainbridge Island, WE 98110
USAUSA
phone: +1 206 780 0431 # day timephone: +1 206 780 0431 # day time
fax-no: +1 206 780 0653fax-no: +1 206 780 0653
e-mail: [email protected]: [email protected]
nic-hdl: RB366nic-hdl: RB366
remarks: This object is automaticallyremarks: This object is automatically converted from RIPE181converted from RIPE181mnt-by: RGNET-MAINT-MCImnt-by: RGNET-MAINT-MCIchanged: [email protected] 19970614changed: [email protected] 19970614source: MCIsource: MCI
Person Person class class
attributesattributes
Common Common attributesattributes
MaintenancMaintenancee
Role ClassRole Classrolerole: RIPE NCC Operations: RIPE NCC Operationsaddress: Singel 258address: Singel 258 1016 AB Amsterdam1016 AB Amsterdam The NetherlandsThe Netherlandsphone: +31 20 535 4444phone: +31 20 535 4444fax-no: +31 20 545 4445fax-no: +31 20 545 4445e-mail: [email protected]: [email protected]: CO19-RIPEadmin-c: CO19-RIPEtech-c: RW488-RIPEtech-c: RW488-RIPEtech-c: JLSD1-RIPEtech-c: JLSD1-RIPEnic-hdl: OPS4-RIPEnic-hdl: OPS4-RIPEnotify: [email protected]: [email protected]: [email protected] 19970926changed: [email protected] 19970926source: RIPEsource: RIPE
The nic-hdl attributes of the The nic-hdl attributes of the person and role classes share person and role classes share the same name space.the same name space.
Maintainer ClassMaintainer Class
mntnermntner: MAINT-RGNET: MAINT-RGNETdescr: RGnet RADB maintainerdescr: RGnet RADB maintaineradmin-c: RB366admin-c: RB366tech-c: RB366tech-c: RB366upd-to: [email protected]: [email protected]: [email protected]: [email protected]: PGPKEY-23F5CE3auth: PGPKEY-23F5CE3mnt-by: MAINT-RGNETmnt-by: MAINT-RGNETchanged: [email protected] 19970804changed: [email protected] 19970804source: RADBsource: RADB
Maintainer ClassMaintainer Class
mntnermntner: MAINT-RGNET: MAINT-RGNETdescr: RGnet RADB maintainerdescr: RGnet RADB maintaineradmin-c: RB366admin-c: RB366tech-c: RB366tech-c: RB366upd-to: [email protected]: [email protected]: [email protected]: [email protected]: PGPKEY-23F5CE3auth: PGPKEY-23F5CE3mnt-by: MAINT-RGNETmnt-by: MAINT-RGNETchanged: [email protected] 19970804changed: [email protected] 19970804source: RADBsource: RADB
Maintainer ClassMaintainer Class
mntnermntner: MAINT-RGNET: MAINT-RGNETdescr: RGnet RADB maintainerdescr: RGnet RADB maintaineradmin-c: RB366admin-c: RB366tech-c: RB366tech-c: RB366upd-to: [email protected]: [email protected]: [email protected]: [email protected]: PGPKEY-23F5CE3auth: PGPKEY-23F5CE3mnt-by: MAINT-RGNETmnt-by: MAINT-RGNETchanged: [email protected] 19970804changed: [email protected] 19970804source: RADBsource: RADB
Maintainer ClassMaintainer Class
mntnermntner: MAINT-RGNET: MAINT-RGNETdescr: RGnet RADB maintainerdescr: RGnet RADB maintaineradmin-c: RB366admin-c: RB366tech-c: RB366tech-c: RB366upd-to: [email protected]: [email protected]: [email protected]: [email protected]: PGPKEY-23F5CE3auth: PGPKEY-23F5CE3mnt-by: MAINT-RGNETmnt-by: MAINT-RGNETchanged: [email protected] 19970804changed: [email protected] 19970804source: RADBsource: RADB
Maintainer ClassMaintainer Class
mntnermntner: MAINT-RGNET: MAINT-RGNETdescr: RGnet RADB maintainerdescr: RGnet RADB maintaineradmin-c: RB366admin-c: RB366tech-c: RB366tech-c: RB366upd-to: [email protected]: [email protected]: [email protected]: [email protected]: PGPKEY-23F5CE3auth: PGPKEY-23F5CE3mnt-by: MAINT-RGNETmnt-by: MAINT-RGNETchanged: [email protected] 19970804changed: [email protected] 19970804source: RADBsource: RADB
It defines access control for other objects in the database
Auth AttributeAuth Attribute
auth: PGPKEY-23F5CE3auth: PGPKEY-23F5CE3auth: CRYPT-PW lz1A7/JnfkTIauth: CRYPT-PW lz1A7/JnfkTIauth: MAIL-FROM [email protected]: MAIL-FROM [email protected]: MAIL-FROM .*@canet.caauth: MAIL-FROM .*@canet.caauth: NONEauth: NONE
RPSL ClassesRPSL Classes
Person, Role, MaintainerPerson, Role, Maintainer RouteRoute
Specifies origin AS for a routeSpecifies origin AS for a route Can indicate membership of a route setCan indicate membership of a route set
Set classes: as-set, route-setSet classes: as-set, route-set Autonomous SystemAutonomous System
Route ClassRoute Class
route: 156.36.0.0/16route: 156.36.0.0/16
origin: AS2914origin: AS2914
descr: my routesdescr: my routes
mnt-by: MAINT-RGNETmnt-by: MAINT-RGNET
tech-c: RB366tech-c: RB366
changed: [email protected] 19960829changed: [email protected] 19960829
source: RADBsource: RADB
Policy Policy InformatioInformatio
nn
Route 156.36.0.0/16 is originated by AS2914
Inter-AS RoutingInter-AS Routing
AS1 originates AS1 originates route “d”route “d”
AS1 exports “d” to AS1 exports “d” to AS2, AS2 importsAS2, AS2 imports
AS2 exports “d” to AS2 exports “d” to AS3, AS3 importsAS3, AS3 imports
AS3 exports “d” to AS3 exports “d” to AS5, AS5 importsAS5, AS5 imports
Hmm… looks familiar, doesn’t it ?
Route ClassRoute Class
route: 156.36.0.0/16route: 156.36.0.0/16
origin: AS2914origin: AS2914
descr: my routesdescr: my routes
mnt-by: MAINT-RGNETmnt-by: MAINT-RGNET
tech-c: RB366tech-c: RB366
changed: [email protected] 19960829changed: [email protected] 19960829
source: RADBsource: RADB
Policy Policy InformatioInformatio
nn
Route 156.36.0.0/16 is originated by AS2914
Some NotationsSome Notations
AS Numbers AS Numbers AS2914AS2914
Address Prefixes Address Prefixes 156.36.0.0/16156.36.0.0/16
Route-set Names Route-set Names RS-VERIORS-VERIO
AS-set Names AS-set Names AS-VERIOAS-VERIO
Rules for WordsRules for Words
Words can have - or _ in the middleWords can have - or _ in the middle RGNET-MAINT-MCIRGNET-MAINT-MCI
Can have digitsCan have digits RGNET-MAINT-MCI_ 1RGNET-MAINT-MCI_ 1
Case insensitiveCase insensitive rgnet-MaInT-MCIrgnet-MaInT-MCI
RPSL ClassesRPSL Classes
Person, Role, MaintainerPerson, Role, Maintainer RouteRoute Set classes: route-set, as-setSet classes: route-set, as-set Autonomous SystemAutonomous System
RPSL ClassesRPSL Classes
Person, Role, MaintainerPerson, Role, Maintainer RouteRoute Set classes: Set classes: Route-setRoute-set
Collects routes together with similar Collects routes together with similar propertiesproperties
Autonomous SystemAutonomous System
Route-SetRoute-Set
route-set: route-set: rs-foors-foomembers: 128.9.0.0/16, 128.9.0.0/24,members: 128.9.0.0/16, 128.9.0.0/24, 128.8.0.0/16128.8.0.0/16descr: some address prefixesdescr: some address prefixesmnt-by: MAINT-RGNETmnt-by: MAINT-RGNETtech-c: RB366tech-c: RB366changed: [email protected] 19960829changed: [email protected] 19960829source: RADBsource: RADB
route-set: route-set: rs-barrs-barmembers: 128.7.0.0/16,members: 128.7.0.0/16, rs-foors-foo
Route SetRoute Set
route-set: RS-BCMI2route-set: RS-BCMI2descr: routes via BCM to be announced descr: routes via BCM to be announced to I2to I2members: 128.249.0.0/16, members: 128.249.0.0/16, 192.31.88.0/24,192.147.26.0/24192.31.88.0/24,192.147.26.0/24admin-c: JCYadmin-c: JCYtech-c: SM346tech-c: SM346mnt-by: MAINT-AS302mnt-by: MAINT-AS302changed: [email protected] 20000213changed: [email protected] 20000213source: demosource: demo
Indirect MembersIndirect Members
route-set: RS-ANS-IGP_ ONLYroute-set: RS-ANS-IGP_ ONLYdescr: ANS IGP aggregatesdescr: ANS IGP aggregatesmbrs-by-ref: ANYmbrs-by-ref: ANY
route: 207.25.17.0/24route: 207.25.17.0/24origin: AS1675origin: AS1675member-of: RS-ANS-IGP_ ONLYmember-of: RS-ANS-IGP_ ONLYmnt-by: MNT-ANSmnt-by: MNT-ANS
route: 192.157.69.0/24route: 192.157.69.0/24origin: AS1675origin: AS1675member-of: RS-ANS-IGP_ ONLYmember-of: RS-ANS-IGP_ ONLYmnt-by: MNT-ANSmnt-by: MNT-ANS
Restricted Indirect Restricted Indirect MembersMembers
route-set: RS-ANS-IGP_ ONLYroute-set: RS-ANS-IGP_ ONLYdescr: ANS IGP aggregatesdescr: ANS IGP aggregatesmbrs-by-ref: MNT-ANS, MNT-CENGIZmbrs-by-ref: MNT-ANS, MNT-CENGIZ
route: 207.25.17.0/24route: 207.25.17.0/24origin: AS1675origin: AS1675member-of: RS-ANS-IGP_ ONLYmember-of: RS-ANS-IGP_ ONLYmnt-by: MNT-ANSmnt-by: MNT-ANS
route: 192.157.69.0/24route: 192.157.69.0/24origin: AS1675origin: AS1675member-of: RS-ANS-IGP_ ONLYmember-of: RS-ANS-IGP_ ONLYmnt-by: MNT-ANSmnt-by: MNT-ANS
Direct and Indirect Direct and Indirect MembersMembers
route-set: RS-ANS-IGP_ ONLYroute-set: RS-ANS-IGP_ ONLYdescr: ANS IGP aggregatesdescr: ANS IGP aggregatesmembers: 207.25.17.0/24, 207.25.16.0/24,members: 207.25.17.0/24, 207.25.16.0/24, 207.25.20.0/24207.25.20.0/24mbrs-by-ref: MNT-ANSmbrs-by-ref: MNT-ANS
route: 207.25.17.0/24route: 207.25.17.0/24origin: AS1675origin: AS1675member-of: RS-ANS-IGP_ ONLYmember-of: RS-ANS-IGP_ ONLYmnt-by: MNT-ANSmnt-by: MNT-ANS
route: 192.157.69.0/24route: 192.157.69.0/24origin: AS1675origin: AS1675member-of: RS-ANS-IGP_ ONLYmember-of: RS-ANS-IGP_ ONLYmnt-by: MNT-ANSmnt-by: MNT-ANS
More Specific OperatorsMore Specific Operatorsroute-set: rs-martiansroute-set: rs-martiansdescr: most ASes do not import these routesdescr: most ASes do not import these routesmembers: 0.0.0.0/0^32, 127.0.0.0/8^+,members: 0.0.0.0/0^32, 127.0.0.0/8^+, 10.0.0.0/8^+, 172.16.0.0/20^+,10.0.0.0/8^+, 172.16.0.0/20^+, 192.168.0.0/16^+, 192.0.2.0/24^+,192.168.0.0/16^+, 192.0.2.0/24^+, 128.0.0.0/16^+, 191.255.0.0/16^+,128.0.0.0/16^+, 191.255.0.0/16^+, 192.0.0.0/24^+, 223.255.255.0/24^+,192.0.0.0/24^+, 223.255.255.0/24^+, 224.0.0.0/3^+, 0.0.0.0/0^26-32224.0.0.0/3^+, 0.0.0.0/0^26-32
Inclusive more specifics: ^+Inclusive more specifics: ^+ Exclusive more specifics: ^-Exclusive more specifics: ^- Length n more specifics: ^nLength n more specifics: ^n Length n-m more specifics: ^n-mLength n-m more specifics: ^n-m
ConfusinConfusing isn’t g isn’t
it ?it ?
Route-Set Name SpacesRoute-Set Name Spaces
route-set: AS4763:RS-ROUTES:AS681route-set: AS4763:RS-ROUTES:AS681descr: prefix filter for AS681descr: prefix filter for AS681members: 130.216.0.0/16,130.217.0.0/16,members: 130.216.0.0/16,130.217.0.0/16, 132.181.0.0/16,138.75.0.0/16, 132.181.0.0/16,138.75.0.0/16, 139.80.0.0/16,140.200.0.0/16, 139.80.0.0/16,140.200.0.0/16, 156.62.0.0/16,192.73.21.0/24156.62.0.0/16,192.73.21.0/24tech-c: JA39tech-c: JA39mnt-by: MAINT-TELSTRA-NZmnt-by: MAINT-TELSTRA-NZchanged: [email protected] 19991118changed: [email protected] 19991118source: RADBsource: RADB
Sorry about that !!
RPSL ClassesRPSL Classes
Person, Role, MaintainerPerson, Role, Maintainer RouteRoute Set classes: Set classes: As-setAs-set
Collect together Autonomous Systems with Collect together Autonomous Systems with shared propertiesshared properties
Can be used in policy in place of ASCan be used in policy in place of AS RPSL has hierarchical namesRPSL has hierarchical names
Autonomous SystemAutonomous System
AS-Set ClassAS-Set Class
as-set: AS-SESQUI-STUBas-set: AS-SESQUI-STUB
descr: Single Homed Sesquinet descr: Single Homed Sesquinet
Customer ASsCustomer ASs
members: AS1832, AS2712, AS302,members: AS1832, AS2712, AS302,
AS3526, AS8AS3526, AS8
tech-c: SB98tech-c: SB98
mnt-by: MAINT-AS114mnt-by: MAINT-AS114
source: RADBsource: RADB
Same flexibility as route-set class
AS SetAS Set
as-setas-set: AS2764:AS_DOMESTIC: AS2764:AS_DOMESTICdescr: connect.com.au AS setdescr: connect.com.au AS setmembers: AS4860, AS7469, AS7489, AS7543, AS7569,members: AS4860, AS7469, AS7489, AS7543, AS7569, AS7592, AS7611, AS7701, AS9262, AS9298AS7592, AS7611, AS7701, AS9262, AS9298tech-c: MP151tech-c: MP151admin-c: CC89admin-c: CC89remarks: Customers with domestic connectivityremarks: Customers with domestic connectivity onlyonlymnt-by: MAINT-AS2764mnt-by: MAINT-AS2764changed: [email protected] 19980607changed: [email protected] 19980607Source: RADBSource: RADB
Indirect AS-SetsIndirect AS-Setsas-set: as-aads-mlpaas-set: as-aads-mlpadescr: MLPA participants at the AADS NAPdescr: MLPA participants at the AADS NAPmbrs-by-ref: ANYmbrs-by-ref: ANYadmin-c: Andrew Schmidtadmin-c: Andrew Schmidttech-c: Mark Cnotatech-c: Mark Cnotanotify: mlpa-participants@ aads. netnotify: mlpa-participants@ aads. netmnt-by: MAINT-RSPEERmnt-by: MAINT-RSPEERchanged: auto-mlpa@ aads. net 19971123changed: auto-mlpa@ aads. net 19971123source: RADBsource: RADB
aut-num: AS4550aut-num: AS4550member-of: as-aads-mlpamember-of: as-aads-mlpa
aut-num: AS683aut-num: AS683member-of: as-aads-mlpamember-of: as-aads-mlpa
Even more AS-SetsEven more AS-Sets
as-set: AS-YETANOTHERNETas-set: AS-YETANOTHERNETdescr: ASs routed through YetAnotherNetdescr: ASs routed through YetAnotherNetmembers: AS5696, AS1808, AS1932, AS2900, AS3111,members: AS5696, AS1808, AS1932, AS2900, AS3111, AS3365, AS3393, AS3844, AS3901, AS4314,AS3365, AS3393, AS3844, AS3901, AS4314, ... AS-ACESRESEARCH, AS-ALPHA, AS-GST,... AS-ACESRESEARCH, AS-ALPHA, AS-GST, AS-DERU, AS-INQUOAS-DERU, AS-INQUOadmin-c: IP Admin DW970admin-c: IP Admin DW970tech-c: IP Admin DW970tech-c: IP Admin DW970notify: [email protected]: [email protected]: MAINT-AS5696mnt-by: MAINT-AS5696changed: [email protected] 20000731changed: [email protected] 20000731source: demosource: demo
To be Continued…….To be Continued…….
As per the SLA (Seminar Level As per the SLA (Seminar Level Agreement) between myself and Agreement) between myself and Chun, I HAVE to stop hereChun, I HAVE to stop here
Hey, wanna sneak peak into the next lecture ?
A Sneak PeekA Sneak Peek
How import/export policies are definedHow import/export policies are defined Autonomous System ObjectsAutonomous System Objects How to announce your customersHow to announce your customers
Major Major BackbonBackbon
e e ProviderProvider
RegionalRegional
CustomersCustomers
More slimy gossip……More slimy gossip……
Setting preferences based on cost and Setting preferences based on cost and other factorsother factors
PeeringPeering Registering Policies and moreRegistering Policies and more
AA BB
Slow linkSlow link
So tune in, boys and girls, next class, same room, same time, for
more exciting things to do with RPSL !
person: Anwar M. Haneef
address: Multimedia Networks Laboratory
address: 312 Knowles Engineering
address: Dept. of Electrical and Computer Engg.
address: University of Massachusetts, Amherst
phone: +1 413 545 4847
fax-no: +1 413 545 1993
e-mail: [email protected]
nic-hdl: AMH1
changed: [email protected] 20001030
source: UMASS
Thank Thank You !!!!You !!!!