mnt-routes attribute in aut-num objects
Dear Colleagues, how exactly is this meaning of MNT-ROUTES in AUT-NUM objects in case of routes object creation/modification ? RFC2725 is not realy detailed here. Means the existance of an MNT-ROUTES attribute in an AUT-NUM object that ONLY this/these referenced maintainer(s) will be able to authorized route creation/modification and the referenced MNT-BY maintainer(s) will not be used? Or should not the MNT-BY maintainer(s) checked if all MNT-ROUTES maintainer(s) authorisation fails? The current RIPE software checks MNT-ROUTES maintainers only. Thanks Frank
From: "Frank Bohnsack" <Frank.Bohnsack@deu.mci.com> Subject: LONGACK Date: Mon, 4 Aug 2003 23:42:06 +0200 Reply-To: Frank.Bohnsack@deu.mci.com Message-ID: <FAEKJBKGENGFILMMECELOEHICAAA.Frank.Bohnsack@deu.mci.com>
...
DETAILED EXPLANATION:
***Warning: Invalid keyword(s) found: LONGACK ***Warning: All keywords were ignored
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The following object(s) were found to have ERRORS:
--- Create FAILED: [route] 139.8.32.0/24AS702 ***Error: Authorisation failed ***Info: Syntax check passed
route: 139.8.32.0/24 descr: DE PI route origin: AS702 member-of: AS702:RS-DE, AS702:RS-DE-PI, AS702:RS-DE-PULLUP mnt-by: WCOM-EMEA-RICE-MNT changed: rice@lists.mci.com 20030804 source: RIPE
***Info: Authorisation for parent [route] 139.8.0.0/16AS702 using mnt-by: authenticated by: WCOM-EMEA-RICE-MNT
***Info: Authorisation for origin [aut-num] AS702 using mnt-routes: not authenticated by: UUNETDK-MNT, AS1270-MNT, AS1849-MNT, AS1890-MNT, IWAY-NOC, AS702-MNT, SE-UUNET-MNT, UUNETDE-I
***Info: Authorisation for [route] 139.8.32.0/24AS702 using mnt-by: authenticated by: WCOM-EMEA-RICE-MNT
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
For assistance or clarification please contact: RIPE Database Administration <ripe-dbm@ripe.net>
At 11:10 05/08/2003, Frank Bohnsack wrote:
how exactly is this meaning of MNT-ROUTES in AUT-NUM objects in case of routes object creation/modification ?
You may want to check (and bookmark!) :- http://www.ripe.net/ripencc/faq/database/route-creation-checks.html Particularly :- http://www.ripe.net/ripencc/faq/database/route-creation-aut-num-check.html If there is a maintainer listed in mnt-routes and the auth for that fails, then the object change is rejected. The maintainer listed in mnt-by isn't checked unless there neither a mnt-routes not mnt-lower listed at all in the aut-num object. Hope this helps, Emma -- Emma Apted Peering Co-ordinator, Engineering & Standards PSINet Europe
participants (2)
-
Emma Apted
-
Frank Bohnsack