Friends, I have the distinct impression that we are lagging in our efforts to make effective use of the RIPE database for EBONE routing. The current state of affairs is - The framework is described in: ripe-60, "Policy based routing within RIPE", May 1992 - The database software has been extended to handle the objects described in ripe-60 - CERN and some others have started to use them internally makeing use of the CERN developed "nlc" tool - A draft paper on how to apply ripe-60 to EBONE routing has been circulated lately: "Use of the "RIPE policy based Routing within EBONE" by Jean-Michel Jouanigot, September 1992 What needs to be done is to agree on how the route filtering functions necessary for EBONE operations are going to be done. At the NCC we have wondered a little why there seems to be little progress if any. It seems to be that everyone is waiting until someone else reports first experiences how to use the new database objects and tells the others how to use this. Also there seems to be widespread fear about unnecessary complexity. As a consequence little progress is made. In the light of this we have decided to propose a simple first step to get two things going: - ability to filter outgoing announcements RBS->EBS with the goal of keeping EBONE routes unpolluted - update procedures for routing attributes in RIPE database The proposal below deals with those two things. Additional functionality can be added later once these two basic things work. In order to move this forward the EOT should talk about this and make constructive comments where necessary. If there is rough consensus to proceed in this way, then the NCC and the EBONE operations people can work together to get this operational within a few weeks. Please excuse the late date of sending this over. We are currently very pressed for time at the NCC and the real extent of the problem became apparent only recently. We are also unfortunately unable to attend the Montpellier meetings. E{A,O}T can be assured that we will make all reasonable efforts to make the RIPE database useful for EBONE routing purposes. Daniel First Steps to Use the RIPE Database for Policy Based Routing within EBONE -------------------------------------------------------------------------- By far the easiest way to start implementing route filtering as specified in the RIPE document ripe-60 is by using the routing privilege tag. In order to achieve this each of the connected regions of EBONE has to define routing privileges, one routing privilege for each of the different policies inside the region. Of course ideally there would be only one such policy but the world is seldom ideal. Once the routing privileges have been defined they need to be registered in the RIPE database using the routing privilege object. Having defined and registered the necessary routing privileges, the region must then make sure that all the network numbers that need to be announced to EBONE get the appropriate routing privilege tag added to the routpr-list attribute in the database. With the Network List Compiler (nlc) filter lists containing all the networks that have a certain set of routing privileges are then created. These can then be applied on the EBS side, to filter incoming routing updates from the RBS, or on the RBS side to filter outgoing updates to the EBS. The NCC offers to produce such list for any RBS operator requesting it. Of course nlc can also be run locally using local copies of the RIPE database. This model however does not specify backup policies, it just specifies primary routing. If a certain region provides a backup connection to EBONE for another region, this first region must tell the EBONE operators to accept both the list of networks with his own routing privileges, and the list of the backed-up region. AS path lengths or weights should be used to ensure that the best routes are chosen first. A method of storing this information in the RIPE database will be introduced at a later stage. Using the routing privilege in this fashion is similar to using for instance the autonomous system tag in the database for the same purpose. However, the routing privilege allows more detail inside an autonomous system. One should expect that every policy inside a region should have its own AS number, but unfortunately this is not the case in many places. Therefore, the use of the routing privilege gives the needed granularity in defining policies. This model also can easily be extended to the Global Internet Exchange by creating a filter list for the superset of all routing privileges that are announced to EBONE. Database Update Procedures for the Routing Tags ----------------------------------------------- Note These preocedures have been presented to the RIPE database working group a few weeks ago and all comments received have been incorporated. Introduction This describes a procedure for updating the routing attributes to the RIPE database as defined in ripe-60. These routing tags are essential for routing of networks that are known in the RIPE database. Therefore updates of these attributes must be: - properly authorized - guarded against typing errors - efficient for both maintainers of the attributes and the maintainers of the whole database The Principle The principle of the procedure is that the information concerning the routing related attributes is maintained separately from the database proper. Update procedures for the database itself do not change the routing related information. The routing information can only be changed by the "guardians" of specific routing privilegesd and boundary gateways. When information is retrieved from the database however the routing related information presented together with the other information. The Procedure For each of the routing privileges and boundary gateways tags, a list of all networks having this attribute is kept seperately from the database proper. These lists will be the *only* source of routing information used in the database. Normal database updates do *never* change the routing related attributes. If an update include such an attribute it causes a consistency check with the stored information but no update occurs. If a discrepancy between the values in the update request and those in the database is found, a diagnostic will be send to the originator of the request. The routing related attributes as defined in the lists are merged into the database at each normal update run. To ensure authorisation, we propose to maintain the lists on a the central NCC database server, where each of the guardians of a tag keeps track of his or her own list. The lists are maintained through individual logins for each of the guardians. The guardians can themselves decide in what manner they want to update their list. The NCC will offer interactive logins, ftp logins or any other means that might be found useful. File Format We propose to keep the file format as simple as possible. The name of the file should indicate the name of the attributes. This means that there cannot be two attributes with the same name. The format within the file we propose as the "inetnum:" entry for each of the networks, seperated by an empty line. If a guardian feels that he would want more attributes to identify a network for reasons of consistency checking, he is free to do so. A routing related attribute will only be added to a network if all attributes defined in the list match a network in the database. Advantages The update procedure as proposed above has the following advantages: - Authorisation of adding/deleting is guarenteed - No need for mailing back and forth of authorisation messages - Simple procedure for both database maintainers and guardians - Guardian keeps full control of his attribute - Could be implemented at the NCC without too much delay
daniel, i feel that it is EBSes task to protect themself from poluted or nonregistered routes. RBSs should be considered non safe boxes by EBONE. that is at least our commercial IP backbone is run. -- juha
participants (1)
-
Daniel Karrenberg
-
Juha Heinanen