Description of Inter-AS Networks in the RIPE Routing Registry
Friends, here is the proposal on how to solve the prtraceroute problem as discussed in the last routing-WG meeting. Could we have comments until May 17th please! I'll circulate new versions as substantive comments are incorporated. The goal is to have the database capable of storing this a.s.a.p. and have some data in there quickly as prtraceroute is released. Note that this is not only useful for prtraceroute but much more generally. It could also be the start of the local inter-AS connection information dicussed in the last routing-wg meeting too. As such this addendum could be extended. Proposals ? Cheers Daniel Description of Inter-AS Networks in the RIPE Routing Registry Tony Bates Daniel Karrenberg Addendum to Representation of IP Routing Policies in the RIPE Database (ripe-81) What is an Inter-AS Network ? Inter-AS IP networks are those networks which connect multi- ple autonomous systems (1). An inter-AS network exists for the purpose of passing traffic and routing information between different autonomous systems. The most simple exam- ple of an inter-AS network is a point-to-point link, con- necting exactly two ASes. Each end of such a link is con- nected to an interface of router living in each of the auto- nomous systems. More complex examples are broadcast type networks with multiple interfaces connecting multiple ASes with the possibility of more than one connection per AS. Which additional information is needed? Consider the following example of three routers 1, 2 and 3 with interfaces a through f connected by two inter-AS net- works X and Y: X Y a1b --- c2d --- e3f _________________________ (1) Inter-AS networks are currently called FIXes, IXFs, DMZs, NAPs, GIX and other names. - 2 - Suppose that network X is registered in the routing registry as part of AS1 and net Y as part of AS3. If traffic passes from left to right prtraceroute will report the following sequence of interfaces and ASes: a in AS1 c in AS1 e in AS3 The traceroute algorithm enumerates only the receiving interfaces on the way to the destination. In the example this leads to the passage of AS2 going unnoticed. This is confusing to the user and will also generate exceptions when the path found is checked against the routing registry. For operational monitoring tools such as prtraceroute it is necessary to know which interface on an inter-AS network belongs to which AS. If AS information is not known about interfaces on an inter-AS network, tools like prtraceroute cannot determine correctly which ASes are being traversed. Proposed Format All interfaces on inter-AS networks will be described in a new ias-int attribute of the corresponding network object in the RIPE database. The ias-int attribute has the following syntax: ias-int: <interface-address> <autonomous-system> The <interface-address> must be an address within the corresponding intenum and <autonomous-system> must be of the form AS<number> refering to an aut-num object in the data- base. - 3 - For example: inetnum: 193.193.193.0 netname: INTER-AS-EXAMPLE descr: This is a hypothetical inter-as network. descr: It might be called a NAP, FIX, GIX, IXF, DMZ, descr: Mehrfachdienstanbieterkommunikationseinrichtung or ... country: DE admin-c: Werner Mueller tech-c: Paul Schmitz tech-c: Hans Meier changed: ripe-dbm@ripe.net 920714 aut-sys: AS4711 ias-int: 193.193.193.1 AS123 ias-int: 193.193.193.3 AS4711 ias-int: 193.193.193.9 AS789 source: RIPE Note that the interface 193.193.193.3 is described although it is in the same AS as the network. This is recommended practice. The update procedure for the ias-int attribute will be the normal update procedure for network objects. The attribute does not need to be guarded because it does not influence routing policy of operational traffic. In which AS does an Inter-AS Network belong? Only one AS announces an inter-AS network externally. The other ASes connected to the inter-AS network will probably carry this network in their internal routing for redundancy but will not announce it to other ASes. In exceptional cases more than one AS may need to originate external routing information about the inter-AS network, This kind of routing setup cannot be described within the framework of ripe-81 and is generally discouraged. Tools using a ripe-81 type registry could take heuristic hints from the ias-int attributes when they encounter such situa- tions.
Daniel, Sorry for the delay in the response. This is a very useful adendum. Only one comment...
Only one AS announces an inter-AS network externally. The other ASes connected to the inter-AS network will probably carry this network in their internal routing for redundancy but will not announce it to other ASes.
In exceptional cases more than one AS may need to originate external routing information about the inter-AS network, This kind of routing setup cannot be described within the framework of ripe-81 and is generally discouraged. Tools using a ripe-81 type registry could take heuristic hints from the ias-int attributes when they encounter such situa- tions.
Does this mean that if ANS or Merit announces the FixW FDDI, Barrnet and NASA can't add a pair of routers only peering with each other on the ring? Alternet and PSI at College Park are are another example, but I'm not sure who would "own" that network. (no side discussions on this please - redirect to alt.bizarre.politics.gix or /dev/null :). I think that things like this have been done (and are being done) due to a rather low limit on the number of peers some routers can support (not the ENSS of course :). You may want to allow each AS to announce it's own routers for the DMZ/FIX/NAP/GIX. BTW - We use the term "shared network", but out of context it makes little sense so your term "inter-AS network" seems like a good choice. Curtis
Curtis Villamizar <curtis@ans.net> writes:
Does this mean that if ANS or Merit announces the FixW FDDI, Barrnet and NASA can't add a pair of routers only peering with each other on the ring?
No! Any peering across the inter-AS network ispossible. It means that the ripe-81 model can only describe one AS announcng the inter-AS network *itself* to twhe world. ripe-81 allows only one originating AS (in bgp terms) per net.
Alternet and PSI at College Park are are another example, but I'm not sure who would "own" that network. (no side discussions on this please - redirect to alt.bizarre.politics.gix or /dev/null :).
Ownership is not an issue of the routing registry. Daniel
Does this mean that if ANS or Merit announces the FixW FDDI, Barrnet and NASA can't add a pair of routers only peering with each other on the ring?
No! Any peering across the inter-AS network ispossible. It means that the ripe-81 model can only describe one AS announcng the inter-AS network *itself* to twhe world. ripe-81 allows only one originating AS (in bgp terms) per net.
Daniel, I knew that the peering relationship was possible, but Barrnet and NASA then have to ask ANS to change the database entry (to insure that ptraceroute will still work) even if the two routers did not peer with and ANS router. I was suggesting that we might want to have each AS announce it's own routers or have a way for them to explicitly delagate that authority to someone else. Otherwise you could get caught up in squabbles between competing network providers over "proper" ownership of this authority. Curtis
Curtis Villamizar <curtis@ans.net> writes: * * > > Does this mean that if ANS or Merit announces the FixW FDDI, Barrnet * > > and NASA can't add a pair of routers only peering with each other on * > > the ring? * > * > No! * > Any peering across the inter-AS network ispossible. * > It means that the ripe-81 model can only describe one AS announcng * > the inter-AS network *itself* to twhe world. ripe-81 allows only * > one originating AS (in bgp terms) per net. Actually to pick up on this. I would say ripe-81 one originating net per AS (not in BGP terms) However.... * * Daniel, * * I knew that the peering relationship was possible, but Barrnet and * NASA then have to ask ANS to change the database entry (to insure that * ptraceroute will still work) even if the two routers did not peer with * and ANS router. I was suggesting that we might want to have each AS * announce it's own routers or have a way for them to explicitly * delagate that authority to someone else. Otherwise you could get * caught up in squabbles between competing network providers over * "proper" ownership of this authority. This is the basic issue with the DMZ style of Interconnect. Generally it is not a problem and for those where it is then the major problem will be a slightly less complete "prtraceroute" diagnostic which is the problem we are trying to solve with this addendum. However, it may be possible to address the guarded condition of the DMZ net slightly different. We'll think about that. * * Curtis -T
Curtis Villamizar <curtis@ans.net> writes:
I knew that the peering relationship was possible, but Barrnet and NASA then have to ask ANS to change the database entry (to insure that ptraceroute will still work) even if the two routers did not peer with and ANS router.
De facto that is not the case at the moment as anyone can change a network entry in the RIPE database. (There *are* real-good audit trails!) This however is not good style to do without at least notifying (CCing) the admin contact for the network entry. Extremely good form is to ask the admin contact to send in the change himself. The only guarded attributes at this point are AS membership and community membership.
I was suggesting that we might want to have each AS announce it's own routers or have a way for them to explicitly delagate that authority to someone else. Otherwise you could get caught up in squabbles between competing network providers over "proper" ownership of this authority.
I think this is a non-problem. If a bunch of providers can agree to connect at a DMZ they usually also agree on who manages the DMZ or at least its database entry. Daniel
Daniel Karrenberg <Daniel.Karrenberg@ripe.net> writes:
Description of Inter-AS Networks in the RIPE Routing Registry
Since we have recveived only positive comments on this proposal, we will make it a RIPE document and implement the ias-int: attribute. Daniel
participants (3)
-
Curtis Villamizar
-
Daniel Karrenberg
-
Tony Bates