1 / 177

Routing Policy Specification Language

Routing Policy Specification Language. Ambrose Magee LM Ericsson Ltd. <ambrose.magee@eei.ericsson.se> Tuesday, 28th August, 2001 APNIC-12. Introduction. Tutorial not a substitute for reading the RFC documents Target Audience knowledge of Internet Routing

shino
Télécharger la présentation

Routing Policy Specification Language

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Routing Policy Specification Language Ambrose Magee LM Ericsson Ltd. <ambrose.magee@eei.ericsson.se> Tuesday, 28th August, 2001 APNIC-12

  2. Introduction • Tutorial • not a substitute for reading the RFC documents • Target Audience • knowledge of Internet Routing • familiar with APNIC Whois Database • no need to know Internet Routing Registry

  3. Contents of this tutorial • The Internet Routing Registry • Routing Policy Specification Language • RIPE Database Version 3 • Routing Policy System Security (RPSS) • security for Internet Routing Registry (IRR) • RAToolSet & RtConfig

  4. The Internet Routing Registry • Background • Structure • Why use it ? • BGP configuration from the Internet Routing Registry

  5. The Internet Routing Registry (IRR) • Established in 1995 • http://www.irr.net/ • Stability and consistency of routing • network operators share information • Both public and private databases • These databases are independent • but some exchange data • only register your data in one database

  6. Internet Routing Registry ARIN, ArcStar, FGC, Verio, Bconnex, Telstra, ... RIPE CW RADB Bell.db ANS Policy and contact information is shared.

  7. Why use the Internet Routing Registry ? • When peering • register your routes and filter your peers • Some transit providers and big ISP’s ask for this • Useful for fixing problems • contact information

  8. Why use the Internet Routing Registry ? • BGP->RIP->BGP injection • 128/7 leak • bogon 0/0, 10/8 leaks • Daily, someone is leaking somelse’s prefix.

  9. BGP Configuration from Internet Routing Registry • Routing Policy specification Language (RPSL) • abstract, high-level policies • policies for each Autonomous System (AS) • Internet Routing Registry • policies, routes and contact informatiom • benefit from the data and delegation of others • RtConfig • RAToolSet • generate router configuration files • automates details and tedious aspects

  10. Routing Policy Specification Language

  11. Routing Policy Specification Language • Background • RPSL Objects • Contact Information • Specifying Policy • Set Objects • Inet-rtr object • Advanced Features

  12. Routing Policy Specification Language • Object-based language • route, autonomous system, router, contact and set objects • Defines the syntax, semantics and format of data in IRR • Vendor independent • Extensible • IETF Proposed Standard (RFC2622) • Based on RIPE-181 (RFC 1786) • Currently, no support for IPv6

  13. Routing Policy Specification Language 2 • RIPE-181 • some policies cannot be specified • Internet Routing Registry • needed a more powerful language • RPSL • more expressive than RIPE-181 • policies can be expressed at the AS level • policies can be detailed => router configurations PRDB RIPE-81 RIPE-181 RPSL

  14. Routing Policy Specification Language • Background • RPSL Objects • Contact Information • Specifying Policy • Set Objects • inet-rtr object • Advanced Features

  15. RPSL Objects

  16. Objects in RPSL • RPSL is based on objects • Format of RPSL similar to RIPE-181 • Objects and Attributes • Attributes and Values • Object Names • Reserved Names

  17. RPSL is based on Objects • Each object describes an entity in the real world • Object classes (= object types) • 12 types of object • RPS-Sec defines one more (as-block)

  18. RIPE Database Version 3 • Includes most RPSL object classes • Excludes dictionary object class • Defines 4 other object classes

  19. RPSL Object Attribute name Attribute value person: Clare Lancers address: Corrofin phone: + 123 123 # day time e-mail: clancers@apnic.net nic-hdl: CL123-TEST remarks: This is a test object changed: clancers@apnic.net 20010730 source: TEST Comment Continuation

  20. RPSL Objects • RPSL objects are similar to RIPE-181 objects • Objects • set of attributes • Attributes • mandatory or optional • values: single, list, multiple • see the object template

  21. Template of person object

  22. RPSL Objects • Class “key” • set of attributes • usually one attribute has the same name as the object’s class • uniquely identify each object • Class “key” = primary key • must be specified first

  23. Template of person object

  24. RPSL Object Attribute name Attribute value person: Clare Lancers address: Corrofin phone: + 123 123 # day time e-mail: clancers@apnic.net nic-hdl: CL123-TEST remarks: This is a test object changed: clancers@apnic.net 20010730 source: TEST Comment Continuation

  25. RPSL vs RIPE-181 objects • Line continuation possible • space, tab, ‘+’ • Comments • begin with ‘#’ • can be anywhere inside an object • but cannot start at beginning of a line (column 0) • Objects ends at “\n\n” (blank line) • The order of attribute-value pairs is significant

  26. RPSL Object

  27. Attributes • Case insensitive • ASCII • Value of an attribute has a type • <object-name> • <as-number> • <ipv4-address> • <address-prefix> • etc. • Complete list of attributes in RFC 2622 & RIPE-223

  28. Object Names • Objects names can have - or _ inside • e.g. RIPE-DBM-MNT • Can have digits • Case-insensitive • First character: alphabetic • Last character: must be a letter or a digit • Reserved names • Reserved prefixes

  29. Reserved Names any as-any rs-any peeras and or not atomic from to at action accept announce except refine networks into inbound outbound

  30. Reserved Prefixes PrefixObject type as- as set rs- route set rtrs- router set fltr- filter set prng- peering set

  31. Routing Policy Specification Language • Background • RPSL Objects • Contact Information • Specifying Policy • Set Objects • inet-rtr object • Advanced Features

  32. Contact Information

  33. Contact Information • person • role • mntner

  34. Person Object person: Clare Lancers address: Corrofin phone: + 123 123 # day time e-mail: clancers@apnic.net nic-hdl: CL123-TEST remarks: This is a test object mnt-by: TEST-MNT changed: clancers@apnic.net 20010730 source: TEST Person object information Auxiliary information

  35. Person Object 2 • Information about technical or administrative contact • The value of the “person” attribute cannot be changed • The nic-handle is the primary key. • In RIPE-181, name && nic-handle was the primary key • The role object is very similar • Auxiliary information is in all object types

  36. Mntner Object Template

  37. Mntner object

  38. Mntner object 2 • New attribute: referral-by • the mntner that created this mntner • New attribute: auth-override • date after which the mntner can be modified • only the mntner in “referral-by” can do this

  39. “auth” attribute • NONE • MAIL-FROM • e.g. MAIL-FROM webmaster@apnic.net • e.g. MAIL-FROM .*apnic.net • CRYPT-PW • produced by the UNIX crypt routine • e.g. CRYPT-PW lz1A7/JnfkTI

  40. “auth” attribute 2 • PGPKEY-<PGP Key ID> • e.g. PGPKEY-1290F9D2 • RFC 2726 • key-cert object • Be careful using many authentication methods in mntner • logical OR used • avoid using authentication NONE

  41. Routing Policy Specification Language • Background • RPSL Objects • Contact Information • Specifying Policy • Set Objects • inet-rtr object • Advanced Features

  42. Specifying Routing Policy

  43. Specifying Policy • Internet Routing • aut-num object • route-set object • as-set object • AS Path Regular Expression • Composite Policy Filters • Specifying Actions

  44. Specifying Policy 2 • Community Based Policies • Ambiguity Resolution

  45. Internet Routing ISP-2 A ISP-1 ISP-3 B

  46. Inter-AS Topology Regional ISP Backbone Providers Other ASes

  47. AS Relationships • Customer-Regional Provider • Provider forwards traffice • advertises customer routes • Peer-Peer • mutual benefit • Regional Provider-Backbone Provider • similar to Customer-Regional Provider • Typical routing policies implement these

  48. Inter-AS Routing Regional ISP AS level peering export AS1 AS2 128.9.0.0/16 import AS2 originates 128.9.0.0/16 AS2 exports 128.9.0.0/16 to AS1 AS1 imports 128.9.0.0/16 from AS2

  49. BGP Routes: Path Attributes • Destination address prefixes • AS path • Originator AS • List of communities (flags) • Metrices: med, pref

  50. aut-num Object expresses routing policy Auxiliary information not shown

More Related