RIPE Recommendation On IP Router Management
RIPE is a cooperative effort among its members with no cen-
tral funding. There is no centrally managed RIPE backbone
with operations staff running responsible for connectivity.
Thus operational problems have to be solved in a distributed
manner. For this to work network configuration information,
network status information and operational contact informa-
tion must be available to operations staff of all RIPE
members. With this information operations staff of a RIPE
member can pinpoint the causes of a problem and contact the
appropriate operations staff of another member quickly.
Without this information, locating problems would either
take people and time or be impossible.
The purpose of this recommendation is to give guidance to
the RIPE member organizations on how to manage their IP
routers in a way that provides a maximum of necessary infor-
mation to other RIPE members while maintaining full opera-
tional authority over their own routers. This recommenda-
tion should be followed for all routers on links between
RIPE member organizations. Most of the recommendations
should also be applied to internal routers.
All RIPE IP routers should be accessible using telnet from
any other RIPE router; there should not be any restrictions,
of any kind, between two routers. The non-privileged pass-
word should be well known and should be given to any RIPE
operational staff asking for it. Router operators should
consider to set up access-lists in order to avoid unallowed
connections from the router. It should however always be
possible to connect from a RIPE router to another one.
All RIPE router should be fully registered in the Domain
Name system. When possible, all interfaces are registered
under the same domain name.
RIPE Recommendation on IP Router Management (3.1)
- 2 -
Most routers can be accessed by TELNET. Most of them are
also capable of displaying a banner message before any
authorization of the calling user is performed. This banner
message should be used to verify which router has been
reached and to provide a quick means to contact the respon-
sible operational people.
|amsterdam.NL.EU.net [1.55 90/08/21] |
|Problems: firstname.lastname@example.org, phone +31 20 5924112 |
|Authorized access only !!! |
|User Access Verification |
The message should contain at least the following informa-
o fully qualified domain name of the router
o e-mail address of operational staff responsible
o telephone numbers to reach operational staff in inter-
Other useful information includes:
o version numbers of configuration information and the
date/time of last change
Routers should support as many parallel TELNET sessions as
practical but at least two. It is recommended that inactive
TELNET sessions be timed out after 10 minutes.
ICMP Echo Service
All routers should support unrestricted ICMP Echo service to
all networks they route to and from.
RIPE Recommendation on IP Router Management (3.
- 3 -
TCP Echo and Discard Service
These TCP services can be useful in determining performance
and finding subtle networking problems. They should be sup-
ported. However these services should be used with care
since they can generate network and router overload. In any
case the link and router managers concerned should be asked
for permission before any extensive testing is conducted.
SNMP Read Access
Routers should support SNMP read only access using an agreed
community for operational diagnostics. This facilitates
spotting all sorts of network errors especially those caused
by routing problems. There can be different communities for