Hi Joachim,
Joachim Schmitz writes :
yesterday I tried to apply the hierarchical authorisation scheme on route objects. However, I did not succeed. As an example, have a look at this:
This was indeed not implemented as Ambrose pointed out earlier. The reason was not technical (you will even find the hooks already in the current code). No agreement was reached on the definition for the hierarchy of route objects at the Berlin RIPE meeting. Several opinions existed and there was not enough time left to discuss the topic until agreement was reached.
From what I recall:
The AS object that matches the origin AS of a route object could be the parent object of the route object, but then people are still able to put route objects in with another origin AS which might not be desired by the owner of the non-portable CIDR address space. Furthermore, a second hierarchy exists: the IP prefix tree. You might want to try to formulate a proposal that is not too complicated and also addresses the concerns of most people ... David K. ---