Latest draft of routing policy paper.
- Date: Wed, 03 Feb 93 17:17:20 +0100
Please find below the latest version of the routing paper. There are still
some sections to be done. These are marked between chevrons ">>>"'s although
there is not too much to be added..
We intend to release an updated and possibly the last draft early next week
so please can I have all comments a.s.a.p.
As an update there is already a proto-protoype parser that can parse the
new proposed database formats and generate both gated and cisco access-lists
(using NLC).
We (Marten and I) intend to start a very small local pilot using these
objects next week.
--Tony.
-------------------------------------------
Representation of IP Routing Policies
in the RIPE Database
Tony Bates
Jean-Michel Jouanigot
Daniel Karrenberg
Peter Lothberg
Marten Terpstra
(Version 0.2)
1. Background
RIPE is a collaborative body of European Regional IP network
operators and service providers. European IP networking
through its natural evolvement has grown into an extremely
complex infrastructure and topology which in essence has
even today no real single `co-ordinated core'. Conse-
quently, there are many differing routing policies used
within Europe. The RIPE Routing Working Group was formed to
tackle many of the issues involved in large scale routing
collaboration as is needed within Europe. To achieve the
needed global connectivity the network operators and service
providers need a way to easily and clearly express the vari-
ous routing policies and provide a method for problem diag-
nosis and trouble shooting when problems occur.
A RIPE recommendation paper known as `ripe-60', titled "Pol-
icy based routing within RIPE" was the outcome of a large
amount of effort and discussion within the RIPE Routing
Working Group. This tackled many of the issues relevant to
the representation of IP routing polices and policy based
routing within the RIPE community. It cites many of the per-
tinent documents addressing the issues of policy based rout-
ing and also proposes a method for representing routing pol-
icy within the RIPE database. At the time of writing of
`ripe-60' it was very unclear as to what direction the Euro-
pean IP infrastructure and also routing implementations
would take and was focused very much in terms of generality.
It has become apparent that some of the
problems with `ripe-60' is its generalised approach and
perhaps somewhat abstract notation that in practice is not
February 3, 1993
� - 2 -
easy for network operators to understand. Consequently, the
authors of this document feel some clarification is needed
and also some enhancement in terms of the current update in
routing technology. A conscious effort has also been made to
be somewhat less general.
2. Requirements
This section describes the requirements of a scheme for
representing routing information in the RIPE database.
Clarity
The representation must be easily explainable to network
operators. If it is not, then it will not be used or worse
will be used incorrectly. This also includes that it must
either map well to the way network operators think about
routing policy or provide them with a convenient way to
start thinking about it.
Translatability
The representation must be translatable to and from router
configuration files. The resulting configurations must be
efficient in the sense that they are implementable with
current router resources even in complex environments. If
this requirement is not met there will be too many incon-
sistencies between the published and the implemented poli-
cies which will in turn cause hard to detect routing prob-
lems.
Checkability
It must be possible to check the consistency of the pub-
lished policies. Thus some level of redundancy is welcome if
it adds value by making it possible to reveal inconsisten-
cies.
Applicability
It must be possible to easily build diagnostic tools which
help network operators to diagnose problems by making use of
the policy information. These tools should answer questions
like:
"Which paths between network A and B are allowed by pub-
lished policies ?"
February 3, 1993
� - 3 -
"Which path will traffic between networks, network A and
network B take when a certain routing path cannot be used
for transit ?"
"Does network A somehow have connectivity to all other net-
work within RIPE ?"
Generality
The "Clarity" and "Translatability" requirements may push
the design into the direction of large aggregations of net-
works by routing and administrative domains. While this
serves those requirements well the representation must make
it possible to specify particular policies down to network
granularity. Especially it should be possible to specify
forwarding restrictions. <Hmm.... needs to be explained
better I fear>
3. General Representation of Policy Information
Networks, Network Operators and Autonomous Systems
Throughout this document an effort is made to be consistent
with terms so as not to confuse the reader.
When we talk about networks we mean physical networks which
have a unique IP network number: Layer 3 entities. We do not
mean organisations.
We call the organisations operating networks "network opera-
tors". For the sake of the examples we divide network
operators into two categories: "service providers" and "cus-
tomers". A "service provider" is a network operator who
operates a network to provide Internet services to different
organisations, its "customers". The distinction between
service providers and customers is not clear cut. A national
research networking organisation frequently acts as a ser-
vice provider to universities and other academic organisa-
tions, but in most cases it buys international connectivity
from another service provider. A University networking
department is a customer of the research networking organi-
sation but in turn may regard university departments as its
customers.
An Autonomous System (AS) is a group of IP networks having a
single clearly defined routing policy which is run by one or
more network operators. Inside ASes IP packets are routed
using one or more Interior Routing Protocols (IGP). In most
cases interior routing decisions are based on metrics
derived from technical parameters like topology, link speeds
and load (1).
February 3, 1993
� - 4 -
ASes exchange routing information with other ASes using
Exterior Routing Protocols (EGP). Exterior routing decisions
are frequently based on policy based rules rather than
purely on technical parameters. Until now there are no
tools to configure complex policies and to communicate those
policies between ASes while still ensuring proper operation
of the Internet as a whole. Some EGPs like BGP-3/4 provide
tools to filter routing information according to policy
rules and more. None of them provides a mechanism to publish
or communicate the policies themselves. Yet this is critical
for operational coordination and fault isolation among net-
work operators and thus for the operation of the global
Internet as a whole.
This paper proposes to use the RIPE database as a repository
for publishing the policies of European ASes.
There are two types of policy information which need to be
represented in the database. These are "routing policies"
and "access policies".
Routing Policies
The exchange of routing information between ASes is subject
to routing policies. Consider the case of two ASes, X and Y
exchanging routing information:
NET1 ...... ASX <---> ASY ....... NET2
ASX knows how to reach a network called "NET1". It does not
matter whether NET1 is belonging ASX or some other AS which
exchanges routing information with ASX either directly or
indirectly; we just assume that ASX knows how to direct
packets towards NET1. Likewise ASY knows how to reach NET2.
In order for traffic from NET2 to NET1 to flow between ASX
and ASY connection, ASX has to announce NET1 to ASY. This
states that ASX is willing to accept traffic directed to
NET1 from ASY. Policy thus comes into play first in the
decision of ASX to announce NET1 to ASY.
_________________________
(1) The entity we refer to as an AS is frequently and
more generally called a routing domain with the AS just
being an implementation vehicle. We have decided to use
the term AS exclusively because it relates more direct-
ly with the database objects and routing tools. By us-
ing only one term we hope to reduce the number of con-
cepts and to avoid confusion. The academically inclined
reader may forgive us.
February 3, 1993
� - 5 -
In addition ASY has to accept this routing information and
use it. It is ASY's privilege to either use or disregard
the information that ASX is willing to accept traffic for
NET1. ASY might decide not to use this information if it
does not want to send traffic to NET1 at all or if it con-
siders another way more appropriate to reach NET1.
So in order for traffic in the direction of NET1 to flow
between ASX and ASY, ASX must announce it to ASY and ASY
must accept it from ASX:
resulting packet flow towards NET1
<<===================================
|
|
announce NET1 | accept NET1
--------------> + ------------->
|
AS X | AS Y
|
<------------- + <--------------
accept NET2 | announce NET2
|
|
resulting packet flow towards NET2
===================================>>
Ideally, and seldom practically, the announcement and accep-
tance policies of ASX and ASY are identical.
In order for traffic towards NET2 to flow announcement and
acceptance of NET2 must be in place the other way round. For
almost all applications connectivity in just one direction
is not useful at all.
It is important to realise that with current destination
based forwarding technology routing policies must eventually
be expressed in these terms. It is relatively easy to formu-
late reasonable policies in very general terms which CANNOT
be expressed in terms of announcing and accepting networks.
With current technology such policies are almost always
impossible to implement.
Usually separate policies are not configured for each net-
work separately but for groups of networks. In practise
these groups are almost always defined by the networks form-
ing one or more ASes.
By expressing routing policy in this way it should be noted
that this information is only of use when you have full
information for all networks within the global Internet.
Equally, the current detail is only limited to the RIPE
February 3, 1993
� - 6 -
database and for an AS exchanging routing reachability
information for an AS whose information is not in the data-
base we obviously cannot give a full representation of the
ASes routing policy.
Access Policies
Access policies contrary to routing policies are not neces-
sarily defined in terms of ASes. The very simplest type of
access policy is to block packets from a specific network S
from being forwarded to another network D. A common example
is when some unappropriate use of resources on network D has
been made from network S and the problem has not been
resolved yet. Other examples of access policies might be
resources only accessible to networks belonging to a partic-
ular disciplinary group or community of interest.. While
most of these policies are better implemented at the host or
application level, network level access policies do exist
and are a source of connectivity problems which are some-
times hard to diagnose. Therefore they should also be docu-
mented in the database according to similar requirements as
outlined above..
4. Proposed Database Objects
Autonomous System (AS)
An Autonomous System (AS) is a group of IP networks run by
one or more network operators which has a single and clearly
defined routing policy.
In routing terms an AS will normally use an interior gateway
protocol and some sort of common agreed metrics when
exchanging network information within its own AS.
An AS has a unique number associated with it which is used
in both exchange of exterior routing information (i.e. net-
work reachability information between ASes) and as an iden-
tifier of the AS itself. Exterior routing protocols such as
BGP are used to exchange routing information between ASes.
The term AS is often confused or even misused as a con-
venient way of grouping together a set of networks which
belong under the same administrative umbrella even if within
that group of networks there are various different routing
policies.
The creation of an AS should be done in a conscious and well
February 3, 1993
� - 7 -
co-ordinated manner to avoid creating ASs for the sake of
it, perhaps resulting in the worst case scenario of one AS
per IP network number. It should be noted that there is a
limited number of AS numbers available. This may mean that
by applying the general rules for the creation and alloca-
tion of as an AS below some re-engineering may be needed.
However, this may be the only way to actually implement the
desired routing policy anyway. The creation and allocation
of an AS should be done with the following recommendations
in mind:
o Creation of an AS is only required when exchanging
routing information with other ASes. Some router imple-
mentations make use of a AS number as a form of tagging
to identify the routing process. However, it should be
noted that this key does not need to be unique unless
exchanging routing information with other ASes.
o An IP network number can and must only belong to one
AS. This is a direct consequence of the fact that at
each point in the Internet there can be exactly one
routing policy for traffic destined to each network. In
the case of the IP network which is used in neighbor
peering between two ASs, say at the border between two
ASs, a conscious decision must be made as to which AS
this IP network number actually resides in.
o For a simple case of customer networks connected to a
single service provider, the IP network should be under
the AS of the service provider. In terms of routing
policy the IP network has exactly the same policy as
the service provider and there is no need to make any
distinction in routing information. This idea may at
first seem slightly alien to many but it highlights a
clear to distinction in the use of the AS number as a
representation of routing policy as opposed to some
form of administrative use.
o If a network operator connects to more than one AS with
different routing policies then they need to create
their own AS. In the case of multi-homed customer net-
works connected to two service providers say for exam-
ple where a network operator is initially connected to
a single service provider and then decides for whatever
reason to connect to another service provider there are
now at least two different routing policies to a given
customer network. At this point the customer networks
will be part of a single AS and this AS would be dis-
tinct from either of the service providers ASes. This
allows the customer the ability of having a different
February 3, 1993
� - 8 -
representation of policy and preference to the dif-
ferent service providers. This is the only case where a
network operator should create it own AS number.
o When creating an AS you should always try to populate
the AS with as many IP networks as possible providing
all IP networks conform to the same routing policy.
With the above rules in mind it means that if for example,
when a network operator changes service provider it will
move from one AS to another. Once the database is being used
as hoped for routing then a clear procedure is needed for
making sure this AS transition takes place in a smooth and
transparent manner without any loss of connectivity. See
Appendix C for detail of how this should be done.
Each AS is represented in the RIPE database by both an AS
object and AS tags on the network objects representing the
networks belonging to the AS. The AS objet stores descrip-
tive, administrative and contact information about the AS as
well as the routing policies of the AS in relation to all
neighboring ASes.
The AS tags on the network objects define the set of net-
works belonging to an AS. Each network can have exactly one
AS tag. The AS tags can only be created and updated by the
"guardian" of the AS and not by those immediately responsi-
ble for the particular network. This ensures that operators,
especially service providers, remain in control of AS
membership. The example below shows how this would be
represented in terms of the network object. The tag "aut-
sys" is used. Refer to `ripe-50' for a complete description
of the network object in the RIPE database.
Example:
inetnum: 192.87.45.0
netname: RIPE-NCC
descr: RIPE Network Coordination Centre
descr: Amsterdam, Netherlands
country: NL
admin-c: Daniel Karrenberg
tech-c: Marten Terpstra
connect: RIPE NSF
aut-sys: AS1104
rev-srv: ns.ripe.net
changed: marten@localhost 930121
source: RIPE
February 3, 1993
� - 9 -
The AS object itself is used to represent a description of
administrative details and the routing policies of the AS
itself. The AS object definition will be depicted as fol-
lows.
Example:
aut-sys: AS1104
descr: NIKHEF-H Autonomous system
as-in: AS1213 100 AS1213
as-in: AS1913 100 AS1913
as-in: AS1755 150 ANY
as-out: AS1213 ANY
as-out: AS1913 ANY
as-out: AS1755 AS1104 AS1913 AS1213
tech-c: Rob Blokzijl
admin-c: Eric Wassenaar
guardian: as-guardian@localhost
source: RIPE
changed: k13@localhost 920713
changed: ripe-dbm@localhost 920910
See Appendix A for a complete definition of the "aut-sys"
syntax.
It should be noted that this representation provides two
things:
- a set of networks
- a description of administrivia and routing policies
The set of networks can be used to generate network list
based configuration information as well as configuration
information for EGPs knowing about ASes. This means an AS
can be defined and is useful even if it does not use routing
protocols which know about the AS concept!
Community
A community is a group of networks that cannot be
represented by an AS or a group of AS numbers. It is in
some circumstances useful to define a group of networks that
have something in common. This could be a special access
policy to a supercomputer centre, a group of networks used
for a specific mission, or a disciplinary group that is
scattered among several autonomous systems. Also these com-
munities could be useful to group networks for the purpose
February 3, 1993
� - 10 -
of network statistics.
Communities do not exchange routing information directly,
since they do not represent a autonomous system. More
specifically, communities do not define routing policies,
but access or usage policies.
Contrary to an AS, networks can belong to more than commun-
ity.
Communities should be defined in a strict manner, to avoid
creating as many communities as there are networks, or even
worse. Communities should be define following the following
three rules:
o Communities must have a global meaning. Communities
must have a meaning beyond the local environment Com-
munities that have no global meaning, and are used only
in a local environment must be avoided.
o Communities must not be defined to express non-local
polices. It should be avoided that a community is
created because some other organisation forces a policy
upon your organisation. Communities must only be
defined to express a policy defined by your organisa-
tion.
Community examples
There are some clear examples of communities:
PROVIDER -
all customers of a given service provider even though
they can have various different routing polices and
hence belong to different ASes. This would extremely
useful for statistics collection.
HEPnet -
the High Energy Physics Network currently shares
infrastructure with other organisations, and the insti-
tutes it consists of are scattered all over Europe,
often being part of a non HEPnet autonomous system. To
allow statistics or access policies, a community HEP-
net, consisting of all networks that are part of HEP-
net, nicely groups all these networks.
NSFNET -
the National Science Foundation Networks imposes an
February 3, 1993
� - 11 -
acceptable use policy on networks that wish to make use
of it. A community NSFNET could imply the set of net-
works that comply to this policy.
MULTI -
a large multinational corporation that does not have
its own internal infrastructure, but connects to the
various parts of its organisations by using local ser-
vice providers that connect them all together, may
decide to define a community to restrict access to
their networks, only by networks that are part of this
community. This way a corporate network could be
defined on shared infrastructure. Also, this community
could be used by any of the service providers to do
statistics for the whole of the corporation to for
instance to do topology or bandwidth planning.
Each community is represented in the RIPE database by both a
community object and community tags on the network objects
representing the networks belonging to the community. The
community objet stores descriptive, administrative and con-
tact information about the community.
The community tags on the network objects define the set of
networks belonging to a community. Each network can have
multiple one community tags. The community tags can only be
created and updated by the "guardian" of the community and
not by those directly responsible for the particular net-
work. This ensures that communities remain in control of
community membership.
Here's an example of how this might be represented in terms
of the community tags within the network object. Here we
have an example where the network 192.16.199.0 has a single
routing policy (i.e. that of AS 1104), but is part of
several different communities of interest. We use the tag
"comm-list" to represent the list of communities associated
with this network. Nikhef-H uses the service provider SURF-
net (a service provider containing customers with more than
one routing policy), is also part of the High Energy Physics
community as well as having the ability to access the Cray
at CERN (2).
_________________________
(2) The community `CERN-CRAYUSERS' is somewhat notional
but is intended as an example of a possible use of an
access policy constraint.
February 3, 1993
� - 12 -
Example:
inetnum: 192.16.199.0
netname: HEFNET
descr: Local Ethernet
descr: NIKHEF section H
descr: Science Park Watergraafsmeer
descr: Amsterdam
descr: The Netherlands
country: NL
admin-c: Eric Wassenaar
tech-c: Rob Blokzijl
aut-sys: 1104
comm-list: HEPNET CERN-CRAYUSERS SURFNET
nsf-in: 1=590
gateway: nih
changed: ripe-dbm@localhost 920604
source: RIPE
In the above examples some communities have been defined.
The community object itself will take the following format:
Example:
community: JANET
descr: UK Joint Academic Network
authority: The Joint Network Team
guardian: comm-guardian@localhost
admin-c: James Hutton
tech-c: Bob Day
changed:ripe-dbm@localhost 920604
source: RIPE
For a complete explanation of the syntax please refer to
Appendix B.
5. Representation of Routing Policies
Routing policies of an AS are represented in the autonomous
system object. Initially we show some examples without the
full syntax in place so the reader is familiar with the con-
cept of how routing information is represented, used and
derived. Refer to section X for the full syntax of the "as"
object.
The topology of routing exchanges is represented by listing
February 3, 1993
� - 13 -
how routing information is exchanged with each neighboring
AS. This is done separately for both incoming and outgoing
routing information. In order to provide backup and back
door paths a priority is associated with incoming informa-
tion.
Example 1:
AS1------AS2
as: AS1
<administrivia go here>
as-out: AS2 = AS1 # announce all networks in AS1 to AS2
as-in: AS2 = 100 AS2 # accept all AS2 networks from AS2
as: AS2
<administrivia go here>
as-out: AS1 = AS2 # announce all networks in AS2 to AS1
as-in: AS1 = 100 AS1 # accept all AS1 networks from AS1
This specifies a simple routing exchange of two presumably
isolated ASes. Even if either of them has routing informa-
tion about networks in ASes other than AS1 and AS2, none of
that will be announced to the other.
The number 100 in the inbound specifications is a relative
priority. Which is used for backup and back door routes.
The absolute value is of no significance. The relation
between different values within the same AS object is. A
lower value means higher priority. This is consciously simi-
lar to DNS MX RRs.
Example 2:
Now suppose that AS2 is connected to one more AS besides AS1
and let's call that AS3:
AS1------AS2------AS3
February 3, 1993
� - 14 -
In this case there are two reasonable routing policies:
a) AS2 just wants to exchange traffic with both AS1 and
AS3 itself without passing traffic between AS1 and AS3.
b) AS2 is willing to pass traffic between AS3 and AS1,
thus acting as a transit AS
Example 2a:
In the first case AS1's representation in the database will
remain unchanged as will be the part of AS2's representation
describing the routing exchange with AS1. A description of
the additional routing exchange with AS3 will be added to
AS2's representation:
as: AS1
<administrivia go here>
as-out: AS2 = AS1 # announce all networks in AS1 to AS2
as-in: AS2 = 100 AS2 # accept all AS2 networks from AS2
as: AS2
<administrivia go here>
as-out: AS1 = AS2 # announce only networks in AS2 to AS1
as-in: AS1 = 100 AS1 # accept all AS1 networks from AS1
as-out: AS3 = AS2 # announce only networks in AS2 to AS3
as-in: AS3 = 100 AS3 # accept all AS3 networks from AS3
as: AS3
<administrivia go here>
as-out: AS2 = AS3 # announce all networks in AS3 to AS2
as-in: AS2 = 100 AS2 # accept all AS2 networks from AS2
Note that in this example AS2 keeps full control over its
resources. Even if AS3 and AS1 were to allow each other's
routes in from AS2, the routing information would not flow
because AS2 is not announcing it. (*)
Example 2b:
If contrary to the previous case, AS1 and AS3 are supposed
to have connectivity to each other via AS2, all AS objects
_________________________
(*) of course AS1 and AS3 could just send traffic to
each other to AS2 even without AS2 announcing the net-
works, hoping that AS2 will forward it correctly. Such
questionable practises however are beyond the scope of
this document.
February 3, 1993
� - 15 -
have to change:
as: AS1
<administrivia go here>
as-out: AS2 = AS1 # announce all networks in AS1 to AS2
as-in: AS2 = 100 AS2 AS3 # accept AS2 and AS3 networks from AS2
as: AS2
<administrivia go here>
as-out: AS1 = AS2 AS3 # announce all networks in AS2 and AS3 to AS1
as-in: AS1 = 100 AS1 # accept all AS1 networks from AS1
as-out: AS3 = AS2 AS1
as-in: AS3 = 100 AS3
as: AS3
<administrivia go here>
as-out: AS2 = AS3 # announce all networks in AS3 to AS2
as-in: AS2 = 100 AS1 AS2 # accept AS2 and AS1 networks from AS2
Note that the amount of routing information exchanged with a
neighbor AS is defined in terms of networks belonging to
ASes. In BGP terms this is the AS where the routing infor-
mation originates and the originating AS information carried
in BGP could be used to implement the desired policy. How-
ever using BGP or the BGP AS-path information is not
required to implement the policies thus specified. Confi-
gurations based on network lists can easily be generated
from the database. The BGP derived information can then be
used as an additional checking tool as desired.
The specifications know some special sets and can be
expressed as boolean expressions:
ANY - means any routing information known. For output this
means that all networks an AS knows about are
announced. For input it means that anything is accepted
from the neighbor AS.
DEFAULT -
<explanation of DEFAULT goes here, tell us what's dif-
ferent from ANY!>
February 3, 1993
� - 16 -
Example 3:
AS4 is a stub customer AS which only talks to service pro-
vider AS123.
|
|
-----AS123------AS4
|
|
as: AS4 # representation of AS4 in the database
<administrivia>
as-out: AS123 = AS4 # announce only networks in AS4 to AS123
as-in: AS123 = 100 ANY # accept any announcement from AS123
as: AS123 # representation of the service provider AS123
<administrivia>
as-in: AS4 = 100 AS4 # accept routes for customer AS4's networks
as-out: AS4 = ANY # provide all routes to customer AS4
<further neighbors>
Example 4:
AS4 now connects to a different operator, AS5. AS5 uses
AS123 for outside connectivity but has itself no direct con-
nection to AS123. AS5 traffic to and from AS123 thus has to
pass AS4. AS4 agrees to act as a transit AS for this
traffic.
|
|
-----AS123------AS4-------AS5
|
|
February 3, 1993
� - 17 -
as: AS4 # representation of AS4 in the database
<administrivia>
as-out: AS123 = AS4 AS5 # own and AS5 networks to AS123
as-in: AS123 = 100 ANY # accept any announcement from AS123
as-out: AS5 = ANY # send all announcements through to AS5
as-in: AS5 = 50 AS5 # accept only AS5 announcements from them
as: AS5
<administrivia>
as-out: AS4 = AS5
as-in: AS4 = 100 ANY
as: AS123 # representation of the service provider AS123
<administrivia>
as-in: AS4 = 100 AS4 AS5 # accept AS4's own and AS5 from AS4
as-out: AS4 = ANY # all to customer AS4 and via it to AS5
<further neighbors>
Now AS4 has two sources of external routing information. AS5
which provides only information about its own networks and
AS123 which provides information about the external world.
Note that accepts information about AS5 from both AS123 and
AS5 although AS5 information cannot come from AS123 since
AS5 is connected only via AS4 itself. The higher priority of
50 for the announcement from AS5 itself compared to 100 from
AS123 ensures that AS5 is still believed even in case AS123
will unexpectedly announce AS5.
Example 5:
In a different example AS4 has a private connection to AS6
which in turn is connected to the service provider AS123:
|
|
-----AS123------AS4
| |
| |
| |
AS6 ---------+
There are a number of policies worth examining in this case:
a) AS4 and AS6 wish to exchange traffic between themselves
exclusively via the private link between themselves;
February 3, 1993
� - 18 -
such traffic should never pass through the backbone
(AS123). The link should never be used for transit
traffic, i.e. traffic not both originating in and des-
tined for AS4 and AS6.
b) AS4 and AS6 wish to exchange traffic between themselves
via the private link between themselves. Should the
link fail, traffic between AS4 and AS6 should be routed
via AS123. The link should never be used for transit
traffic.
c) AS4 and AS6 wish to exchange traffic between themselves
via the private link between themselves. Should the
link fail, traffic between AS4 and AS6 should be routed
via AS123. Should the connection between AS4 and AS123
fail, traffic from AS4 to destinations behind AS123 can
pass through the private link and AS6's connection to
AS123.
d) AS4 and AS6 wish to exchange traffic between themselves
via the private link between themselves. Should the
link fail, traffic between AS4 and AS6 should be routed
via AS123. Should the backbone connection of either
AS4 or AS6 fail, the traffic of the disconnected AS
should flow via the other AS's backbone connection.
Example 5a:
as: AS4
as-in: AS123 = 100 NOT AS6 # accept anything besides AS6
as-out: AS123 = AS4 # announce only ourselves to AS123
as-in: AS6 = 50 AS6 # accept AS6 only from AS6
as-out: AS6 = AS4 # announce only own nets to AS6
as: AS123
as-in: AS4 = 100 AS4
as-out: AS4 = ANY
as-in: AS6 = 100 AS6
as-out: AS6 = ANY
<further neighbors>
as: AS6
as-in: AS123 = 100 NOT AS4
as-out: AS123 = AS6
as-in: AS4 = 50 AS4
as-out: AS4 = AS6
February 3, 1993
� - 19 -
Note that here the configuration is slightly inconsistent.
AS123 will announce AS6 to AS4 and AS4 to AS6. These
announcements will be filtered out on the receiving end.
This will implement the desired policy. Consistency check-
ing tools might flag these cases however.
Example 5b:
as: AS4
as-in: AS123 = 100 ANY # expect anything from AS123
as-out: AS123 = AS4 # announce only ourselves to AS123
as-in: AS6 = 50 AS6 # accept AS6 only from AS6
as-out: AS6 = AS4 # announce only own nets to AS6
as: AS123
as-in: AS4 = 100 AS4
as-out: AS4 = ANY
as-in: AS6 = 100 AS6
as-out: AS6 = ANY
<further neighbors>
as: AS6
as-in: AS123 = 100 ANY
as-out: AS123 = AS6
as-in: AS4 = 50 AS4
as-out: AS4 = AS6
The thing to note here is that in the ideal operational case
-all links working- AS4 will receive announcements for AS6
from both AS123 and AS6 itself. In this case the announce-
ment from AS6 will be preferred because of its better
(numerically lower) preference and thus the private link
will be used as desired. AS6 is configured as a mirror
image.
Example 5c:
The new feature here is that should the connection between
AS4 and AS123 fail, traffic from AS4 to destinations behind
AS123 can pass through the private link and AS6's connection
to AS123.
February 3, 1993
� - 20 -
as: AS4
as-in: AS123 = 100 ANY # expect anything from AS123
as-out: AS123 = AS4 # announce only ourselves to AS123
as-in: AS6 = 50 AS6 # accept AS6 only from AS6
as-in: AS6 = 110 ANY # accept anything from AS6 (worse than AS123)
as-out: AS6 = AS4 # announce only own nets to AS6
as: AS123
as-in: AS4 = 1 AS4
as-out: AS4 = ANY
as-in: AS6 = 1 AS6
as-in: AS6 = 2 AS4 # now also accept AS4 from AS6 in case backup
as-out: AS6 = ANY
<further neighbors>
as: AS6
as-in: AS123 = 100 ANY
as-out: AS123 = AS6 AS4 # for backup also pass AS4 to AS123
as-in: AS4 = 50 AS4
as-out: AS4 = ANY # for backup export all we know to AS4
Note that it is important to make sure to propagate routing
information for both directions in backup situations like
this. Connectivity in just one direction is not useful at
all for almost all applications.
Note also that in case the AS6-AS123 connection breaks, AS6
will only be able to talk to AS4. The symmetrical case (5d)
is left as an exercise to the reader.
6. RIPE Database Update Procedure
This section describes a procedure for updating the routing
attributes in the RIPE database as mentioned in this sec-
tion. These routing tags are essential for the routing of
networks that are known in the RIPE database. Therefore
updates of these attributes must be:
- Properly authorised
- Guarded against typing errors
- Efficient for both maintainers of the attributes and
the maintainers of the whole database
February 3, 1993
� - 21 -
The procedure
For each of the AS and Community tags, a list of all net-
works having this attribute is kept separately from the gen-
eral database itself. These lists will be the *only* source
of routing information used in the database. Normal data-
base updates *never* change these attributes. If an update
includes such an attribute and a discrepancy between the
values in the update and those in the database is found, a
diagnostic message will be sent to the originator of the
update. The attributes as defined in the files are incor-
porated in the database at each normal update run. To
ensure proper control and authorisation, we propose to main-
tain the lists on a the central NCC database server, where
each of the guardians of a tag keeps track of his or her own
list. The lists are maintained through individual logins
for each of the guardians. The guardians can themselves
decide in what manner they want to update their list. The
NCC will offer interactive logins, ftp logins or any other
means that might be deemed useful.
File Format
We propose to keep the file format as simple as possible.
The name of the file should indicate the name of the attri-
butes. This means that there cannot be two attributes with
the same name. The format within the file we propose as the
"inetnum:" entry for each of the networks, separated by an
empty line. If a guardian feels that he would want more
fields to identify a network that will get his attribute, he
is free to do so. An attribute will only be added to a net-
work if all fields defined in the list match a network in
the database.
Advantages
The update procedure as proposed above has the following
advantages:
- Authorisation of adding/deleting is guaranteed.
- No need for mailing back and forth of authorisation
messages.
- Simple procedure for both database maintainers and
guardians.
- Guardians keep full control of their attribute.
- Could be implemented at the NCC without too much delay.
February 3, 1993
� - 22 -
7. Summary
In summary this paper basically introduces two new RIPE
database objects, the autonomous system -- "aut-sys" and the
community -- "community" object. It attempts to clarify
terms in such a way as to make them easier and more usable
for network operators. It provides a mechanism to easily and
clearly express routing policy and provide a mechanism to
create, maintain and administer network based filter lists
for routing policy.
It introduces the concept of autonomous systems and provides
the tools for routing protocols that can make use of AS
information.
>> >> Still needs more summary text >>
8. Glossary
It is felt useful to include a basic glossary of some of the
terms used within this paper to act as both a reference and
as possible clarification tool.
>> >> To be done >>
9. Author's Addresses
Tony Bates
RIPE Network Coordination Centre
Kruislaan 409
NL-109SJ Amsterdam
+31 20 592 5065
Tony.Bates@localhost
Daniel Karrenberg
RIPE Network Coordination Centre
Kruislaan 409
NL-109SJ Amsterdam
+31 20 592 5065
D.Karrenberg@localhost
Jean-Michel Jouanigot
CERN, European Laboratory for Particle Physics
CN division
CH-1211 Geneva 23 Switzerland
+ 41 22 767 4417
jimi@localhost
Peter Lothberg
STUPI
February 3, 1993
� - 23 -
Box 9129
102 72 Stockholm
+46 8 6699720
roll@localhost
Marten Terpstra
RIPE Network Coordination Centre
Kruislaan 409
NL-109SJ Amsterdam
+31 20 592 5065
M.Terpstra@localhost
February 3, 1993
� - 24 -
Appendix A -- Syntax for the "aut-num" object.
Here is a summary of the tags associated with aut-num object
itself:
aut-num: [mandatory]
descr: [mandatory] [multiple]
as-in: [optional] [multiple]
as-out: [optional] [multiple]
tech-c: [mandatory] [multiple]
admin-c: [mandatory] [multiple]
guardian: [mandatory]
remarks: [optional] [multiple]
changed: [mandatory] [multiple]
source: [mandatory] [RIPE]
Each item has the following syntax:
aut-num:
Autonomous system number.
This must be a uniquely allocated autonomous system number
from a AS registry (i.e. the RIPE NCC or the Inter NIC).
Format: AS<positive integer between 1 and 65336>
Example:
aut-num: AS1104
Status: mandatory
descr:
A short description of the Autonomous system.
Format: free text, one line per entry, multiple lines in sequence
Example:
descr: NIKHEF section H
descr: Science Park Watergraafsmeer
descr: Amsterdam
Stautus: mandatory
as-in:
A description of accepted routing information between other AS peers.
Format: <aut-num> <preference> <routing policy expression>,
on multiple lines.
<aut-num> refers to your AS neighbor.
<preference> is a positive integer used to express a relative
preference of routes learned. The lower the preference the more
February 3, 1993
� - 25 -
preferred the route.
<routing policy expression> can take the following formats.
1. A list of of one or more ASes.
Example:
as-in: AS1103 100 AS1103
as-in: AS786 105 AS1103
as-in: AS786 10 AS786
as-in: AS1755 110 AS1103 AS786
2. A set of KEYWORDS.
The following keywords are currently defined.
ANY - this means anything the neighbor AS knows.
DEFAULT - a common agreed default network.
RIPE-DB - any network currently in the RIPE database.
LOCAL - any network in the RIPE database which is part of the
community LOCAL (i.e. no connectivity outside it own
organisation).
3. A logical expression of the above of either 1 or 2 above
The current logical operators are defined as:
AND
OR
NOT
Rules are grouped togethered using parenthesis i.e "(" or ")".
Example:
as-in: AS1755 100 RIPE-DB AND NOT (LOCAL AS1234 AS513)
as-in: AS1755 150 DEFAULT
Stautus: optional
as-out:
A description of generated routing information sent to other AS peers.
Format: <aut-num> <routing policy expression>, multiple lines.
<aut-num> refers to your AS neighbor.
<routing policy expression> is explained in the as-in
definition above.
Example:
as-out: AS1104 AS978
as-out: AS1755 ANY
as-out: AS786 RIPE-DB AND NOT (AS978 LOCAL)
tech-c:
Name of technical contact person.
February 3, 1993
� - 26 -
This is someone to be contacted for technical problems
such as misconfiguration, technical problems.
Format: <firstname> <initials> <lastname>, multiple lines.
Example:
tech-c: John E. Doe
Status: mandatory
admin-c:
Name of administrative contact person. This probably be the name of
the guardian but may not be.
Format: <firstname> <initials> <lastname>, multiple lines.
Example:
admin-c: Joe T. Bloggs
Status: mandatory
guardian:
Malibox of the guardian of the Autonomous system.
Format: <email-address>, single line.
Example:
guardian: as1104-guardian@localhost
Status: mandatory
source: RIPE
Source of the information.
This is used to separate information from different sources
kept by the same database software.
Format: RIPE
Status: mandatory
changed:
Who and when changed this last.
Format: <email-address> YYMMDD
Example:
changed: johndoe@localhost 900401
Status: mandatory
remark:
Remarks/comments
Format: text string, multiple lines
Example:
February 3, 1993
� - 27 -
remark: Multihomed AS talking to AS 1755 and AS786
remark: Will soon connect to AS 1104 also.
Status: optional
February 3, 1993
� - 28 -
Appendix B -- Syntax details for the "community" object.
Here is a summary of the tags associated with "community"
object itself:
community: [mandatory]
descr: [mandatory] [multiple]
authority: [mandatory]
guardian: [mandatory]
tech-c: [mandatory] [multiple]
admin-c: [mandatory] [multiple]
remarks: [optional] [multiple]
changed: [mandatory] [multiple]
source: [mandatory] [RIPE]
Each item has the following syntax:
community:
Name of community. Should be as representative of the cummunity as
possible rather than being something obscure.
Format: Text string which cannot start with "AS-" or any of the <routing
policy expression> KEYWORDS. See Appendix A.
Example:
community: WCW
descr:
A short description of the community represented.
Format: free text, one line per entry, multiple lines in sequence
Example:
descr: Science Park Watergraafsmeer
descr: Amsterdam
Stautus: mandatory
authority:
The formal authority for this community. This could be an
organisation, institute, etc.
Format: text
Example:
authority: WCW LAN committee
Stautus: mandatory
guardian:
February 3, 1993
� - 29 -
Malibox of the guardian of the community.
Format: <email-address>, single line.
Example:
guardian: wcw-guardian@localhost
Status: mandatory
tech-c:
Name of technical contact person.
This is someone to be contacted for technical problems
such as misconfiguration, technical problems.
Format: <firstname> <initials> <lastname>, multiple lines.
Example:
tech-c: John E. Doe
Status: mandatory
admin-c:
Name of administrative contact person. This probably be the name of
the guardian but may not be.
Format: <firstname> <initials> <lastname>, multiple lines.
Example:
admin-c: Joe T. Bloggs
Status: mandatory
source: RIPE
Source of the information.
This is used to separate information from different sources
kept by the same database software.
Format: RIPE
Status: mandatory
changed:
Who and when changed this last.
Format: <email-address> YYMMDD
Example:
changed: johndoe@localhost 900401
Status: mandatory
remark:
Remarks/comments
Format: text string, multiple lines
Example:
February 3, 1993
� - 30 -
remark: This a group of institutes at WCW.
remark: Consisting of CWI, SARA and NIKHEF.
Status: optional
February 3, 1993
� - 31 -
Appendix C -- Some additional thoughts.
This section is essentially marked as "for further study".
However, the details are felt relevant enough to be covered
in an appendix for those who are interested.
AS Macros
For an AS that doesn't use default routing it may be diffi-
cult for it to keep track of each and every new AS that is
represented in the database. A convenient way around this
create an `AS Macro' which essentially is a convenient way
to groups or aggregate ASes. This would be done so that each
and every AS guardian does not have to add an new AS to it's
as-in or as-out tags for it's AS object.
However, it should be noted that creates an implicit trust
on the guardian of the AS-Macro.
The proposed idea would be to allow an AS-Macro as part of
the <routing policy expression> for the "as-in" and "as-out"
tags. The object could then be used as a list or group of
ASes. So for example we could create an AS object as fol-
lows:
Example:
aut-sys: AS786
as-in: AS1755 100 AS-EBONE AND NOT AS1104
as-out AS1755 AS786
The proposed syntax for an AS macro would be as follows:
as-macro: [mandatory]
descr: [mandatory]
as-list: [mandatory] [multiple]
guardian: [mandatory]
tech-c: [mandatory] [multiple]
admin-c: [mandatory] [multiple]
remarks: [optional] [multiple]
changed: [mandatory] [multiple]
source: [mandatory] [RIPE]
>>> >>> Actual details still to be completed >>>
February 3, 1993
� - 32 -
Transitioning from one AS to another.
>>> >>> To be done >>>
February 3, 1993
|
you are here: 
