About RIPE | Contact  | Search | Sitemap    
Homepage RIPE  
RIPE Community Mail Archives
search  
     
Next Sectionyou are here: RIPE -> RIPE Maillists > Archives
RIPE Navigation Ends
About RIPE Maillists
Maillists Archive
Global Lists
Non Active Lists
RIPE NCC Navigation Ends
Next Section
<<< Chronological >>> Author Index    Subject Index <<< Threads >>>

hierarchical route objects, part 1

  • From: (Joachim Schmitz)
  • Date: Wed, 8 Jan 97 20:11:14 +0100
  • Cc: 
 Dear colleagues,

 regarding hierarchical authorization of route objects in the RIPE database:
 from what I have heard there is a general feeling that it is needed and the
 basic scheme to implement it should follow the lines:

 * The root of the authorization tree is an AS-object (aut-num object). If
   it contains a "mnt-lower" attribute it controls all route-objects which
   have this AS as origin.

 * Then for route-objects the same rules apply as for inetnum-objects with
   respect to IP subranges: If a route-object contains a "mnt-lower" attri-
   bute it controls all more specific route-objects immediately below.

 * The authorization is checked against
   - more or less specific route-objects, or existence of the route-object
     itself with same origin (differing origin rejected)
   - if no route-objects exist: which authorization is specified for the
     autnum-object referred to by the origin attribute (rejected if this
     authorisation is not met)
   - if not even an autnum-object exists no action is taken

 However: there is still a problem that route-objects are somehow logically
 linked to allocated address space. The question how to deal with this is
 still open - I continue on this in a separate mail.

 Yet, the three rules for route-objects described above are a kind of common
 denominator(*) and moreover a very reasonable approach (these rules are also
 independent of the address space allocation relation to route-objects).
 If there are no further denials I suggest to implement it that way.

 Regards
    Joachim

 (*) Yes, I know: When aiming for the common denominator, be prepared for the
     occasional division by zero.
_____________________________________________________________________________

 Dr. Joachim Schmitz                                   schmitz@localhost
 DFN Network Operation Center
 Rechenzentrum der Universitaet Stuttgart              ++ 711 685 5553 voice
 Allmandring 30                                        ++ 711 678 8363  FAX
 D-70550 Stuttgart                                     FRG (Germany)
_____________________________________________________________________________
  • Post To The List:
<<< Chronological >>> Author    Subject <<< Threads >>>
 

Next Section
     About RIPE | Site Map | LIR Portal | About the RIPE NCC | Contact | © RIPE Community. All rights reserved.
RIPE.NET Homepage LIR Portal RIPE Community