This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/db-wg@ripe.net/
hierarchical route objects, part 1
- Previous message (by thread): RIPE-26, DB-WG, Proposed Agenda, 2nd Draft
- Next message (by thread): hierarchical route objects, part 1
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Joachim Schmitz
Schmitz at RUS.Uni-Stuttgart.DE
Wed Jan 8 20:11:14 CET 1997
Dear colleagues,
regarding hierarchical authorization of route objects in the RIPE database:
from what I have heard there is a general feeling that it is needed and the
basic scheme to implement it should follow the lines:
* The root of the authorization tree is an AS-object (aut-num object). If
it contains a "mnt-lower" attribute it controls all route-objects which
have this AS as origin.
* Then for route-objects the same rules apply as for inetnum-objects with
respect to IP subranges: If a route-object contains a "mnt-lower" attri-
bute it controls all more specific route-objects immediately below.
* The authorization is checked against
- more or less specific route-objects, or existence of the route-object
itself with same origin (differing origin rejected)
- if no route-objects exist: which authorization is specified for the
autnum-object referred to by the origin attribute (rejected if this
authorisation is not met)
- if not even an autnum-object exists no action is taken
However: there is still a problem that route-objects are somehow logically
linked to allocated address space. The question how to deal with this is
still open - I continue on this in a separate mail.
Yet, the three rules for route-objects described above are a kind of common
denominator(*) and moreover a very reasonable approach (these rules are also
independent of the address space allocation relation to route-objects).
If there are no further denials I suggest to implement it that way.
Regards
Joachim
(*) Yes, I know: When aiming for the common denominator, be prepared for the
occasional division by zero.
_____________________________________________________________________________
Dr. Joachim Schmitz schmitz at noc.dfn.de
DFN Network Operation Center
Rechenzentrum der Universitaet Stuttgart ++ 711 685 5553 voice
Allmandring 30 ++ 711 678 8363 FAX
D-70550 Stuttgart FRG (Germany)
_____________________________________________________________________________
- Previous message (by thread): RIPE-26, DB-WG, Proposed Agenda, 2nd Draft
- Next message (by thread): hierarchical route objects, part 1
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]