Network Working Group C. Alaettinoglu
Request for Comments: 2280 USC/Information Sciences Institute
Category: Standards Track T. Bates
Cisco Systems
E. Gerich
At Home Network
D. Karrenberg
RIPE
D. Meyer
University of Oregon
M. Terpstra
Bay Networks
C. Villamizar
ANS
January 1998
Network Working Group C. Alaettinoglu
Request for Comments: 2280 USC/Information Sciences Institute
Category: Standards Track T. Bates
Cisco Systems
E. Gerich
At Home Network
D. Karrenberg
RIPE
D. Meyer
University of Oregon
M. Terpstra
Bay Networks
C. Villamizar
ANS
January 1998
Routing Policy Specification Language (RPSL)
路由策略规范语言(RPSL)
Status of this Memo
本备忘录的状况
This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.
本文件规定了互联网社区的互联网标准跟踪协议,并要求进行讨论和提出改进建议。有关本协议的标准化状态和状态,请参考当前版本的“互联网官方协议标准”(STD 1)。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (C) The Internet Society (1998). All Rights Reserved.
版权所有(C)互联网协会(1998年)。版权所有。
Table of Contents
目录
1 Introduction 2
2 RPSL Names, Reserved Words, and Representation 3
3 Contact Information 6
3.1 mntner Class . . . . . . . . . . . . . . . . . . . . . . . 6
3.2 person Class . . . . . . . . . . . . . . . . . . . . . . . 8
3.3 role Class . . . . . . . . . . . . . . . . . . . . . . . . 9
4 route Class 10
5 Set Classes 12
5.1 route-set Class . . . . . . . . . . . . . . . . . . . . . . 12
5.2 as-set Class . . . . . . . . . . . . . . . . . . . . . . . 14
5.3 Predefined Set Objects . . . . . . . . . . . . . . . . . . 15
5.4 Hierarchical Set Names . . . . . . . . . . . . . . . . . . 15
6 aut-num Class 16
6.1 import Attribute: Import Policy Specification . . . . . . 16
6.1.1 Peering Specification . . . . . . . . . . . . . . . . . 17
6.1.2 Action Specification . . . . . . . . . . . . . . . . . 19
1 Introduction 2
2 RPSL Names, Reserved Words, and Representation 3
3 Contact Information 6
3.1 mntner Class . . . . . . . . . . . . . . . . . . . . . . . 6
3.2 person Class . . . . . . . . . . . . . . . . . . . . . . . 8
3.3 role Class . . . . . . . . . . . . . . . . . . . . . . . . 9
4 route Class 10
5 Set Classes 12
5.1 route-set Class . . . . . . . . . . . . . . . . . . . . . . 12
5.2 as-set Class . . . . . . . . . . . . . . . . . . . . . . . 14
5.3 Predefined Set Objects . . . . . . . . . . . . . . . . . . 15
5.4 Hierarchical Set Names . . . . . . . . . . . . . . . . . . 15
6 aut-num Class 16
6.1 import Attribute: Import Policy Specification . . . . . . 16
6.1.1 Peering Specification . . . . . . . . . . . . . . . . . 17
6.1.2 Action Specification . . . . . . . . . . . . . . . . . 19
6.1.3 Filter Specification . . . . . . . . . . . . . . . . . 20
6.1.4 Example Policy Expressions . . . . . . . . . . . . . . 24
6.2 export Attribute: Export Policy Specification . . . . . . 24
6.3 Other Routing Protocols, Multi-Protocol Routing
Protocols, and Injecting Routes Between Protocols . . . . . 25
6.4 Ambiguity Resolution . . . . . . . . . . . . . . . . . . . 26
6.5 default Attribute: Default Policy Specification . . . . . 28
6.6 Structured Policy Specification . . . . . . . . . . . . . . 29
7 dictionary Class 33
7.1 Initial RPSL Dictionary and Example Policy Actions
and Filters . . . . . . . . . . . . . . . . . . . . . . . . . 36
8 Advanced route Class 41
8.1 Specifying Aggregate Routes . . . . . . . . . . . . . . . . 41
8.1.1 Interaction with policies in aut-num class . . . . . . 45
8.1.2 Ambiguity resolution with overlapping aggregates . . . 46
8.2 Specifying Static Routes . . . . . . . . . . . . . . . . . 47
9 inet-rtr Class 48
10 Security Considerations 49
11 Acknowledgements 50
A Routing Registry Sites 51
B Authors' Addresses 52
C Full Copyright Statement 53
6.1.3 Filter Specification . . . . . . . . . . . . . . . . . 20
6.1.4 Example Policy Expressions . . . . . . . . . . . . . . 24
6.2 export Attribute: Export Policy Specification . . . . . . 24
6.3 Other Routing Protocols, Multi-Protocol Routing
Protocols, and Injecting Routes Between Protocols . . . . . 25
6.4 Ambiguity Resolution . . . . . . . . . . . . . . . . . . . 26
6.5 default Attribute: Default Policy Specification . . . . . 28
6.6 Structured Policy Specification . . . . . . . . . . . . . . 29
7 dictionary Class 33
7.1 Initial RPSL Dictionary and Example Policy Actions
and Filters . . . . . . . . . . . . . . . . . . . . . . . . . 36
8 Advanced route Class 41
8.1 Specifying Aggregate Routes . . . . . . . . . . . . . . . . 41
8.1.1 Interaction with policies in aut-num class . . . . . . 45
8.1.2 Ambiguity resolution with overlapping aggregates . . . 46
8.2 Specifying Static Routes . . . . . . . . . . . . . . . . . 47
9 inet-rtr Class 48
10 Security Considerations 49
11 Acknowledgements 50
A Routing Registry Sites 51
B Authors' Addresses 52
C Full Copyright Statement 53
1 Introduction
1导言
This memo is the reference document for the Routing Policy Specification Language (RPSL). RPSL allows a network operator to be able to specify routing policies at various levels in the Internet hierarchy; for example at the Autonomous System (AS) level. At the same time, policies can be specified with sufficient detail in RPSL so that low level router configurations can be generated from them. RPSL is extensible; new routing protocols and new protocol features can be introduced at any time.
本备忘录是路由策略规范语言(RPSL)的参考文档。RPSL允许网络运营商能够在Internet层次结构的各个级别指定路由策略;例如,在自治系统(AS)级别。同时,可以在RPSL中详细指定策略,以便从中生成低级路由器配置。RPSL是可扩展的;可以随时引入新的路由协议和新的协议功能。
RPSL is a replacement for the current Internet policy specification language known as RIPE-181 [4] or RFC-1786 [5]. RIPE-81 [6] was the first language deployed in the Internet for specifying routing policies. It was later replaced by RIPE-181 [4]. Through operational use of RIPE-181 it has become apparent that certain policies cannot be specified and a need for an enhanced and more generalized language is needed. RPSL addresses RIPE-181's limitations.
RPSL是当前Internet策略规范语言RIME-181[4]或RFC-1786[5]的替代品。RIME-81[6]是Internet上部署的第一种用于指定路由策略的语言。它后来被creed-181所取代[4]。通过实际使用CREAME-181,显然某些政策无法具体规定,需要一种增强的、更通用的语言。RPSL解决了RIME-181的局限性。
RPSL was designed so that a view of the global routing policy can be contained in a single cooperatively maintained distributed database to improve the integrity of Internet's routing. RPSL is not designed to be a router configuration language. RPSL is designed so that router configurations can be generated from the description of the policy for one autonomous system (aut-num class) combined with the description of a router (inet-rtr class), mainly providing router ID, autonomous system number of the router, interfaces and peers of the router, and combined with a global database mappings from AS sets to ASes (as-set class), and from origin ASes and route sets to route prefixes (route and route-set classes). The accurate population of the RPSL database can help contribute toward such goals as router configurations that protect against accidental (or malicious) distribution of inaccurate routing information, verification of Internet's routing, and aggregation boundaries beyond a single AS.
RPSL的设计使得全局路由策略的视图可以包含在单个协作维护的分布式数据库中,从而提高Internet路由的完整性。RPSL不是为路由器配置语言而设计的。RPSL的设计使路由器配置可以从一个自治系统(aut num类)的策略描述与路由器(inet rtr类)的描述相结合生成,主要提供路由器ID、路由器的自治系统号、路由器的接口和对等点,并与全局数据库相结合,从AS集合映射到ASes(AS集合类),从原始ASes和路由集合映射到路由前缀(路由和路由集合类)。RPSL数据库的准确填充有助于实现以下目标:防止意外(或恶意)分发不准确路由信息的路由器配置、验证Internet路由以及单个as之外的聚合边界。
RPSL is object oriented; that is, objects contain pieces of policy and administrative information. These objects are registered in the Internet Routing Registry (IRR) by the authorized organizations. The registration process is beyond the scope of this document. Please refer to [1, 15, 2] for more details on the IRR.
RPSL是面向对象的;也就是说,对象包含策略和管理信息。这些对象由授权组织在Internet路由注册表(IRR)中注册。注册过程超出了本文件的范围。有关内部收益率的更多详情,请参考[1,15,2]。
In the following sections, we present the classes that are used to define various policy and administrative objects. The "mntner" class defines entities authorized to add, delete and modify a set of objects. The "person" and "role" classes describes technical and administrative contact personnel. Autonomous systems (ASes) are specified using the "aut-num" class. Routes are specified using the "route" class. Sets of ASes and routes can be defined using the "as-set" and "route-set" classes. The "dictionary" class provides the extensibility to the language. The "inet-rtr" class is used to specify routers. Many of these classes were originally defined in earlier documents [4, 11, 14, 10, 3] and have all been enhanced.
在以下部分中,我们将介绍用于定义各种策略和管理对象的类。“mntner”类定义了有权添加、删除和修改一组对象的实体。“人员”和“角色”类描述技术和管理联系人。使用“aut num”类指定自治系统(ASE)。使用“route”类指定路由。可以使用“as set”和“route set”类定义ASE和路由集。“dictionary”类提供了该语言的可扩展性。“inet rtr”类用于指定路由器。这些类中的许多最初是在早期的文档[4,11,14,10,3]中定义的,并且都得到了增强。
This document is self-contained. However, the reader is encouraged to read RIPE-181 [5] and the associated documents [11, 14, 10, 3] as they provide significant background as to the motivation and underlying principles behind RIPE-181 and consequently, RPSL. For a tutorial on RPSL, the reader should read the RPSL applications document [2].
本文件是独立的。但是,鼓励读者阅读CREAME-181[5]和相关文件[11,14,10,3],因为它们提供了有关CREAME-181和RPSL背后动机和基本原则的重要背景。有关RPSL的教程,读者应阅读RPSL应用程序文档[2]。
2 RPSL Names, Reserved Words, and Representation
2 RPSL名称、保留字和表示法
Each class has a set of attributes which store a piece of information about the objects of the class. Attributes can be mandatory or optional: A mandatory attribute has to be defined for all objects of
每个类都有一组属性,这些属性存储关于类对象的一段信息。属性可以是强制性的,也可以是可选的:必须为对象的所有对象定义强制性属性
the class; optional attributes can be skipped. Attributes can also be single or multiple valued. Each object is uniquely identified by a set of attributes, referred to as the class "key".
班级;可以跳过可选属性。属性也可以是单值或多值的。每个对象由一组属性唯一标识,称为类“键”。
The value of an attribute has a type. The following types are most widely used. Note that RPSL is case insensitive and only the characters from the ASCII character set can be used.
属性的值具有类型。以下类型的应用最为广泛。请注意,RPSL不区分大小写,只能使用ASCII字符集中的字符。
<object-name>Many objects in RPSL have a name. An <object-name> is made up of letters, digits, the character underscore "_", and the character hyphen "-"; the first character of a name must be a letter, and the last character of a name must be a letter or a digit. The following words are reserved by RPSL, and they can not be used as names:
<object name>RPSL中的许多对象都有一个名称。<object name>由字母、数字、下划线“_”和连字符“-”组成;名称的第一个字符必须是字母,最后一个字符必须是字母或数字。以下文字为RPSL保留,不能用作名称:
any as-any rs-any peeras and or not atomic from to at action accept announce except refine networks into inbound outbound
any as any rs any peeras and or not at at at at action接受宣布,但将网络细化为入站出站
Names starting with certain prefixes are reserved for certain object types. Names starting with "as-" are reserved for as set names. Names starting with "rs-" are reserved for route set names.
以某些前缀开头的名称是为某些对象类型保留的。以“as-”开头的名称保留给as集合名称。以“rs-”开头的名称保留给路由集名称。
<as-number>An AS number x is represented as the string "ASx". That is, the AS 226 is represented as AS226.
<as number>as编号x表示为字符串“ASx”。也就是说,AS 226表示为AS226。
<ipv4-address>An IPv4 address is represented as a sequence of four integers in the range from 0 to 255 separated by the character dot ".". For example, 128.9.128.5 represents a valid IPv4 address. In the rest of this document, we may refer to IPv4 addresses as IP addresses.
<ipv4地址>ipv4地址表示为由0到255之间的四个整数组成的序列,由字符点“.”分隔。例如,128.9.128.5表示有效的IPv4地址。在本文档的其余部分中,我们可以将IPv4地址称为IP地址。
<address-prefix>An address prefix is represented as an IPv4 address followed by the character slash "/" followed by an integer in the range from 0 to 32. The following are valid address prefixes: 128.9.128.5/32, 128.9.0.0/16, 0.0.0.0/0; and the following address prefixes are invalid: 0/0, 128.9/16 since 0 or 128.9 are not strings containing four integers.
<address prefix>地址前缀表示为IPv4地址,后跟字符斜杠“/”和0到32之间的整数。以下是有效的地址前缀:128.9.128.5/32、128.9.0.0/16、0.0.0.0/0;以下地址前缀无效:0/0、128.9/16,因为0或128.9不是包含四个整数的字符串。
<address-prefix-range>An address prefix range is an address prefix followed by one of the following range operators:
<address prefix range>地址前缀范围是后跟以下范围运算符之一的地址前缀:
^- is the exclusive more specifics operator; it stands for the more specifics of the address prefix excluding the address prefix itself. For example, 128.9.0.0/16^- contains all the more specifics of 128.9.0.0/16 excluding 128.9.0.0/16.
^-是唯一的更具体的运营商;它代表地址前缀的更多细节,不包括地址前缀本身。例如,128.9.0.0/16^-包含128.9.0.0/16的所有更多细节,不包括128.9.0.0/16。
^+ is the inclusive more specifics operator; it stands for the more specifics of the address prefix including the address prefix itself. For example, 5.0.0.0/8^+ contains all the more specifics of 5.0.0.0/8 including 5.0.0.0/8.
^+是包含更多细节的操作符;它代表地址前缀的更多细节,包括地址前缀本身。例如,5.0.0.0/8^+包含5.0.0.0/8的所有更多细节,包括5.0.0.0/8。
^n where n is an integer, stands for all the length n specifics of the address prefix. For example, 30.0.0.0/8^16 contains all the more specifics of 30.0.0.0/8 which are of length 16 such as 30.9.0.0/16.
^n其中n是整数,表示地址前缀的所有长度n细节。例如,30.0.0.0/8^16包含30.0.0.0/8的所有更多细节,其长度为16,例如30.9.0.0/16。
^n-m where n and m are integers, stands for all the length n to length m specifics of the address prefix. For example, 30.0.0.0/8^24-32 contains all the more specifics of 30.0.0.0/8 which are of length 24 to 32 such as 30.9.9.96/28.
^n-m,其中n和m是整数,表示地址前缀的所有长度n到长度m。例如,30.0.0.0/8^24-32包含30.0.0.0/8的所有更多细节,其长度为24到32,例如30.9.9.96/28。
Range operators can also be applied to address prefix sets. In this case, they distribute over the members of the set. For example, for a route-set (defined later) rs-foo, rs-foo^+ contains all the inclusive more specifics of all the prefixes in rs-foo.
范围运算符也可以应用于地址前缀集。在这种情况下,它们分布在集合的成员上。例如,对于路由集(稍后定义)rs foo,rs foo^+包含rs foo中所有前缀的所有更详细信息。
<date>A date is represented as an eight digit integer of the form YYYYMMDD where YYYY represents the year, MM represents the month of the year (01 through 12), and DD represents the day of the month (01 through 31). For example, June 24, 1996 is represented as 19960624.
<date>日期表示为格式为YYYYMMDD的八位整数,其中YYYY表示年份,MM表示一年中的月份(01到12),DD表示一个月中的日期(01到31)。例如,1996年6月24日表示为19960624。
<email-address>is as described in RFC-822[8].
<email address>如RFC-822[8]所述。
<dns-name>is as described in RFC-1034[16].
<dns名称>如RFC-1034[16]所述。
<nic-handle>is a uniquely assigned identifier[13] used by routing, address allocation, and other registries to unambiguously refer to contact information. person and role classes map NIC handles to actual person names, and contact information.
<nic handle>是一个唯一分配的标识符[13],路由、地址分配和其他注册表使用它来明确地引用联系人信息。person和role类将NIC句柄映射到实际的人名和联系人信息。
<free-form>is a sequence of ASCII characters.
<free-form>是ASCII字符序列。
<X-name>is a name of an object of type X. That is <mntner-name> is a name of a mntner object.
<X-name>是类型为X的对象的名称。即<mntner name>是mntner对象的名称。
<registry-name>is a name of an IRR registry. The routing registries are listed in Appendix A.
<registry name>是IRR注册表的名称。路由注册表在附录A中列出。
A value of an attribute may also be a list of one of these types. A list is represented by separating the list members by commas ",". For example, "AS1, AS2, AS3, AS4" is a list of AS numbers. Note that being list valued and being multiple valued are orthogonal. A multiple valued attribute has more than one value, each of which may or may not be a list. On the other hand a single valued attribute may have a list value.
属性的值也可以是这些类型之一的列表。列表由逗号“,”分隔列表成员表示。例如,“AS1、AS2、AS3、AS4”是AS编号的列表。请注意,列表值和多值是正交的。多值属性有多个值,每个值可能是列表,也可能不是列表。另一方面,单值属性可能具有列表值。
An RPSL object is textually represented as a list of attribute-value pairs. Each attribute-value pair is written on a separate line. The attribute name starts at column 0, followed by character ":" and followed by the value of the attribute. The object's representation ends when a blank line is encountered. An attribute's value can be split over multiple lines, by starting the continuation lines with a white-space (" " or tab) character. The order of attribute-value pairs is significant.
RPSL对象以文本形式表示为属性值对列表。每个属性值对都写在单独的一行上。属性名称从第0列开始,后跟字符“:”和属性值。遇到空行时,对象的表示将结束。属性的值可以拆分为多行,方法是以空格(“”或制表符)字符开始连续行。属性值对的顺序很重要。
An object's description may contain comments. A comment can be anywhere in an object's definition, it starts at the first "#" character on a line and ends at the first end-of-line character. White space characters can be used to improve readability.
对象的描述可能包含注释。注释可以位于对象定义中的任何位置,它从一行的第一个“#”字符开始,到行的第一个结束字符结束。空白字符可用于提高可读性。
3 Contact Information
3联系方式
The mntner, person and role classes, admin-c, tech-c, mnt-by, changed, and source attributes of all classes describe contact information. The mntner class also specifies what entities can create, delete and update other objects. These classes do not specify routing policies and each registry may have different or additional requirements on them. Here we present the common denominator for completeness which is the RIPE database implementation[15]. Please consult your routing registry for the latest specification of these classes and attributes.
所有类的mntner、person和role类、admin-c、tech-c、mnt by、changed和source属性描述了联系信息。mntner类还指定哪些实体可以创建、删除和更新其他对象。这些类不指定路由策略,每个注册表可能对它们有不同或附加的要求。这里,我们给出了完整性的公分母,即成熟的数据库实现[15]。有关这些类和属性的最新规范,请咨询路由注册表。
The mntner class defines entities that can create, delete and update RPSL objects. A provider, before he/she can create RPSL objects, first needs to create a mntner object. The attributes of the mntner class are shown in Figure 1. The mntner class was first described in [11].
mntner类定义可以创建、删除和更新RPSL对象的实体。提供者在创建RPSL对象之前,首先需要创建mntner对象。mntner类的属性如图1所示。在[11]中首次描述了mntner类。
The mntner attribute is mandatory and is the class key attribute. Its value is an RPSL name. The auth attribute specifies the scheme that will be used
mntner属性是必需的,是类键属性。其值是RPSL名称。auth属性指定将使用的方案
Attribute Value Type
mntner <object-name> mandatory, single-valued, class key
descr <free-form> mandatory, single-valued
auth see description in text mandatory, multi-valued
upd-to <email-address> mandatory, multi-valued
mnt-nfy <email-address> optional, multi-valued
tech-c <nic-handle> mandatory, multi-valued
admin-c <nic-handle> mandatory, multi-valued
remarks <free-form> optional, multi-valued
notify <email-address> optional, multi-valued
mnt-by list of <mntner-name> mandatory, multi-valued
changed <email-address> <date> mandatory, multi-valued
source <registry-name> mandatory, single-valued
Attribute Value Type
mntner <object-name> mandatory, single-valued, class key
descr <free-form> mandatory, single-valued
auth see description in text mandatory, multi-valued
upd-to <email-address> mandatory, multi-valued
mnt-nfy <email-address> optional, multi-valued
tech-c <nic-handle> mandatory, multi-valued
admin-c <nic-handle> mandatory, multi-valued
remarks <free-form> optional, multi-valued
notify <email-address> optional, multi-valued
mnt-by list of <mntner-name> mandatory, multi-valued
changed <email-address> <date> mandatory, multi-valued
source <registry-name> mandatory, single-valued
to identify and authenticate update requests from this maintainer. It has the following syntax:
识别和验证来自此维护者的更新请求。它具有以下语法:
auth: <scheme-id> <auth-info>
auth: <scheme-id> <auth-info>
E.g. auth: NONE auth: CRYPT-PW dhjsdfhruewf auth: MAIL-FROM .*@ripe\.net
例如,auth:NONE auth:CRYPT-PW dhjsdfhruewf auth:MAIL-FROM.*@crime\.net
The <scheme-id>'s currently defined are: NONE, MAIL-FROM, PGP and CRYPT-PW. The <auth-info> is additional information required by a particular scheme: in the case of MAIL-FROM, it is a regular expression matching valid email addresses; in the case of CRYPT-PW, it is a password in UNIX crypt format; and in the case of PGP, it is a PGP public key. If multiple auth attributes are specified, an update request satisfying any one of them is authenticated to be from the maintainer.
当前定义的<scheme-id>:无、邮件发件人、PGP和CRYPT-PW。<auth info>是特定方案所需的附加信息:对于MAIL-FROM,它是匹配有效电子邮件地址的正则表达式;对于CRYPT-PW,它是UNIX CRYPT格式的密码;在PGP的情况下,它是PGP公钥。如果指定了多个auth属性,则满足其中任何一个属性的更新请求都将通过维护者的身份验证。
The upd-to attribute is an email address. On an unauthorized update attempt of an object maintained by this maintainer, an email message will be sent to this address. The mnt-nfy attribute is an email address. A notification message will be forwarded to this email address whenever an object maintained by this maintainer is added, changed or deleted.
upd to属性是一个电子邮件地址。在此维护者维护的对象进行未经授权的更新尝试时,将向此地址发送一封电子邮件。mnt nfy属性是一个电子邮件地址。每当添加、更改或删除此维护者维护的对象时,通知消息将转发到此电子邮件地址。
The descr attribute is a short, free-form textual description of the object. The tech-c attribute is a technical contact NIC handle. This is someone to be contacted for technical problems such as misconfiguration. The admin-c attribute is an administrative contact NIC handle. The remarks attribute is a free text explanation or clarification. The notify attribute is an email address to which notifications of changes to this object should be sent. The mnt-by attribute is a list of mntner object names. The authorization for
descr属性是对象的简短、自由形式的文本描述。tech-c属性是技术联系人NIC句柄。这是需要联系的人,以解决技术问题,如配置错误。admin-c属性是一个管理联系人NIC句柄。备注属性是自由文本解释或澄清。notify属性是一个电子邮件地址,此对象的更改通知应发送到该地址。mnt by属性是mntner对象名称的列表。授权
changes to this object is governed by any of the maintainer objects referenced. The changed attribute documents who last changed this object, and when this change was made. Its syntax has the following form:
对该对象的更改由引用的任何维护者对象控制。更改的属性记录了上次更改此对象的人员以及进行此更改的时间。其语法形式如下:
changed: <email-address> <YYYYMMDD>
changed: <email-address> <YYYYMMDD>
E.g. changed: johndoe@terabit-labs.nn 19900401
例如,改变:johndoe@terabit-labs.nn 19900401
The <email-address> identifies the person who made the last change. <YYYYMMDD> is the date of the change. The source attribute specifies the registry where the object is registered. Figure 2 shows an example mntner object. In the example, UNIX crypt format password authentication is used.
<email address>标识上次更改的人<YYYYMMDD>是更改的日期。源属性指定注册对象的注册表。图2显示了一个示例mntner对象。在本例中,使用了UNIX crypt格式的密码身份验证。
mntner: RIPE-NCC-MNT
descr: RIPE-NCC Maintainer
admin-c: DK58
tech-c: OPS4-RIPE
upd-to: ops@ripe.net
mnt-nfy: ops-fyi@ripe.net
auth: CRYPT-PW lz1A7/JnfkTtI
mnt-by: RIPE-NCC-MNT
changed: ripe-dbm@ripe.net 19970820
source: RIPE
mntner: RIPE-NCC-MNT
descr: RIPE-NCC Maintainer
admin-c: DK58
tech-c: OPS4-RIPE
upd-to: ops@ripe.net
mnt-nfy: ops-fyi@ripe.net
auth: CRYPT-PW lz1A7/JnfkTtI
mnt-by: RIPE-NCC-MNT
changed: ripe-dbm@ripe.net 19970820
source: RIPE
Figure 2: An example mntner object.
图2:一个示例mntner对象。
The descr, tech-c, admin-c, remarks, notify, mnt-by, changed and source attributes are attributes of all RPSL classes. Their syntax, semantics, and mandatory, optional, multi-valued, or single-valued status are the same for for all RPSL classes. We do not further discuss them in other sections.
descr、tech-c、admin-c、备注、通知、mnt by、changed和source属性是所有RPSL类的属性。所有RPSL类的语法、语义以及强制、可选、多值或单值状态都相同。我们不会在其他章节中进一步讨论这些问题。
A person class is used to describe information about people. Even though it does not describe routing policy, we still describe it here briefly since many policy objects make reference to person objects. The person class was first described in [14].
person类用于描述有关人员的信息。尽管它没有描述路由策略,但我们仍然在这里简要地描述它,因为许多策略对象都引用person对象。person类在[14]中首次被描述。
The attributes of the person class are shown in Figure 3. The person attribute is the full name of the person. The phone and the fax-no attributes have the following syntax:
person类的属性如图3所示。person属性是该人员的全名。phone和fax no属性具有以下语法:
Attribute Value Type person <free-form> mandatory, single-valued nic-hdl <nic-handle> mandatory, single-valued, class key address <free-form> mandatory, multi-valued phone see description in text mandatory, multi-valued fax-no same as phone optional, multi-valued e-mail <email-address> mandatory, multi-valued
属性值类型person<free-form>必填,单值nic hdl<nic handle>必填,单值,类密钥地址<free-form>必填,多值电话请参见文本中的说明必填,多值传真与电话不同可选,多值电子邮件<email address>必填,多值
Figure 3: person Class Attributes
图3:person类属性
phone: +<country-code> <city> <subscriber> [ext. <extension>]
phone: +<country-code> <city> <subscriber> [ext. <extension>]
E.g.:
phone: +31 20 12334676
phone: +44 123 987654 ext. 4711
E.g.:
phone: +31 20 12334676
phone: +44 123 987654 ext. 4711
Figure 4 shows an example person object.
图4显示了一个示例person对象。
person: Daniel Karrenberg
address: RIPE Network Coordination Centre (NCC)
address: Singel 258
address: NL-1016 AB Amsterdam
address: Netherlands
phone: +31 20 535 4444
fax-no: +31 20 535 4445
e-mail: Daniel.Karrenberg@ripe.net
nic-hdl: DK58
changed: Daniel.Karrenberg@ripe.net 19970616
source: RIPE
person: Daniel Karrenberg
address: RIPE Network Coordination Centre (NCC)
address: Singel 258
address: NL-1016 AB Amsterdam
address: Netherlands
phone: +31 20 535 4444
fax-no: +31 20 535 4445
e-mail: Daniel.Karrenberg@ripe.net
nic-hdl: DK58
changed: Daniel.Karrenberg@ripe.net 19970616
source: RIPE
Figure 4: An example person object.
图4:一个示例person对象。
The role class is similar to the person object. However, instead of describing a human being, it describes a role performed by one or more human beings. Examples include help desks, network monitoring centers, system administrators, etc. Role object is particularly useful since often a person performing a role may change, however the role itself remains.
角色类类似于person对象。然而,它不是描述一个人,而是描述一个或多个人扮演的角色。示例包括帮助台、网络监控中心、系统管理员等。角色对象特别有用,因为通常执行角色的人可能会改变,但角色本身仍然存在。
The attributes of the role class are shown in Figure 5. The nic-hdl attributes of the person and role classes share the same name space. The
role类的属性如图5所示。person和role类的nic hdl属性共享相同的名称空间。这个
Attribute Value Type
role <free-form> mandatory, single-valued
nic-hdl <nic-handle> mandatory, single-valued, class key
trouble <free-form> optional, multi-valued
address <free-form> mandatory, multi-valued
phone see description in text mandatory, multi-valued
fax-no same as phone optional, multi-valued
e-mail <email-address> mandatory, multi-valued
Attribute Value Type
role <free-form> mandatory, single-valued
nic-hdl <nic-handle> mandatory, single-valued, class key
trouble <free-form> optional, multi-valued
address <free-form> mandatory, multi-valued
phone see description in text mandatory, multi-valued
fax-no same as phone optional, multi-valued
e-mail <email-address> mandatory, multi-valued
Figure 5: role Class Attributes
图5:角色类属性
NIC handle of a role object cannot be used in an admin-c field. The trouble attribute of role object may contain additional contact information to be used when a problem arises in any object that references this role object. Figure 6 shows an example role object.
无法在admin-c字段中使用角色对象的NIC句柄。角色对象的“问题”属性可能包含在引用此角色对象的任何对象中出现问题时要使用的其他联系人信息。图6显示了一个示例角色对象。
role: RIPE NCC Operations
address: Singel 258
address: 1016 AB Amsterdam
address: The Netherlands
phone: +31 20 535 4444
fax-no: +31 20 545 4445
e-mail: ops@ripe.net
admin-c: CO19-RIPE
tech-c: RW488-RIPE
tech-c: JLSD1-RIPE
nic-hdl: OPS4-RIPE
notify: ops@ripe.net
changed: roderik@ripe.net 19970926
source: RIPE
role: RIPE NCC Operations
address: Singel 258
address: 1016 AB Amsterdam
address: The Netherlands
phone: +31 20 535 4444
fax-no: +31 20 545 4445
e-mail: ops@ripe.net
admin-c: CO19-RIPE
tech-c: RW488-RIPE
tech-c: JLSD1-RIPE
nic-hdl: OPS4-RIPE
notify: ops@ripe.net
changed: roderik@ripe.net 19970926
source: RIPE
Figure 6: An example role object.
图6:一个示例角色对象。
4 route Class
4路线等级
Each interAS route (also referred to as an interdomain route) originated by an AS is specified using a route object. The attributes of the route class are shown in Figure 7. The route attribute is the address prefix of the route and the origin attribute is the AS number of the AS that originates the route into the interAS routing system. The route and origin attribute pair is the class key.
as发起的每个interAS路由(也称为域间路由)都使用路由对象指定。route类的属性如图7所示。route属性是路由的地址前缀,origin属性是将路由发送到interAS路由系统的AS的AS编号。路由和原点属性对是类密钥。
Figure 8 shows examples of four route objects (we do not include contact.
图8显示了四个route对象的示例(我们不包括contact)。
Attribute Value Type route <address-prefix> mandatory, single-valued, class key origin <as-number> mandatory, single-valued, class key withdrawn <date> optional, single-valued member-of list of <route-set-names> optional, single-valued see Section 5 inject see Section 8 optional, multi-valued components see Section 8 optional, single-valued aggr-bndry see Section 8 optional, single-valued aggr-mtd see Section 8 optional, single-valued export-comps see Section 8 optional, single-valued holes see Section 8 optional, single-valued
属性值类型路由<address prefix>必填,单值,类键原点<as number>必填,单值,类键撤销<date>可选,单值成员列表<route set names>可选,单值见第5节注入见第8节可选,多值组件见第8节可选,单值aggr bndry见第8节可选,单值aggr mtd见第8节可选,单值导出组件见第8节可选,单值孔见第8节可选,单值
Figure 7: route Class Attributes
图7:路由类属性
attributes such as admin-c, tech-c for brevity). Note that the last two route objects have the same address prefix, namely 128.8.0.0/16. However, they are different route objects since they are originated by different ASes (i.e. they have different keys).
属性,例如admin-c、tech-c(为了简洁)。请注意,最后两个路由对象具有相同的地址前缀,即128.8.0.0/16。但是,它们是不同的路由对象,因为它们由不同的ASE发起(即,它们具有不同的密钥)。
route: 128.9.0.0/16 origin: AS226
路线:128.9.0.0/16起点:AS226
route: 128.99.0.0/16 origin: AS226
路线:128.99.0.0/16来源:AS226
route: 128.8.0.0/16 origin: AS1
路线:128.8.0.0/16起点:AS1
route: 128.8.0.0/16 origin: AS2 withdrawn: 19960624
路线:128.8.0.0/16来源:AS2撤回:19960624
Figure 8: Route Objects
图8:路由对象
The withdrawn attribute, if present, signifies that the originator AS no longer originates this address prefix in the Internet. Its value is a date indicating the date of withdrawal. In Figure 8, the last route object is withdrawn (i.e. no longer originated by AS2) on June 24, 1996.
撤回属性(如果存在)表示发起者不再在Internet上发出此地址前缀。其值是指示提取日期的日期。在图8中,最后一个路由对象在1996年6月24日被撤回(即不再由AS2发起)。
5 Set Classes
5套课程
To specify policies, it is often useful to define sets of objects. For this purpose we define two classes: route-set and as-set. These classes define a named set. The members of these sets can be specified by either explicitly listing them in the set object's definition, or implicitly by having route and aut-num objects refer to the set names, or a combination of both methods.
要指定策略,定义对象集通常很有用。为此,我们定义了两个类:route set和as set。这些类定义了一个命名集。这些集合的成员可以通过在集合对象的定义中显式列出它们来指定,或者通过让route和aut num对象引用集合名称来隐式指定,或者通过这两种方法的组合来指定。
The attributes of the route-set class are shown in Figure 9. The route-set attribute defines the name of the set. It is an RPSL name that starts with "rs-". The members attribute lists the members of the set. The members attribute is a list of address prefixes or other route-set names. Note that, the route-set class is a set of route prefixes, not of RPSL route objects.
route set类的属性如图9所示。route set属性定义集合的名称。它是一个以“rs-”开头的RPSL名称。“成员”属性列出集合的成员。members属性是地址前缀或其他路由集名称的列表。请注意,route set类是一组路由前缀,而不是RPSL路由对象。
Attribute Value Type
route-set <object-name> mandatory, single-valued,
class key
members list of <address-prefixes> or optional, single-valued
<route-set-names>
mbrs-by-ref list of <mntner-names> optional, single-valued
Attribute Value Type
route-set <object-name> mandatory, single-valued,
class key
members list of <address-prefixes> or optional, single-valued
<route-set-names>
mbrs-by-ref list of <mntner-names> optional, single-valued
Figure 9: route-set Class Attributes
图9:路由集类属性
Figure 10 presents some example route-set objects. The set rs-foo contains two address prefixes, namely 128.9.0.0/16 and 128.9.0.0/16. The set rs-bar contains the members of the set rs-foo and the address prefix 128.7.0.0/16. The set rs-empty contains no members.
图10显示了一些示例路由集对象。set rs foo包含两个地址前缀,即128.9.0.0/16和128.9.0.0/16。集合rs栏包含集合rs foo的成员和地址前缀128.7.0.0/16。集rs empty不包含任何成员。
route-set: rs-foo
members: 128.9.0.0/16, 128.9.0.0/24
route-set: rs-foo
members: 128.9.0.0/16, 128.9.0.0/24
route-set: rs-bar members: 128.7.0.0/16, rs-foo
路由集:rs bar成员:128.7.0.0/16,rs foo
route-set: rs-empty
路由集:rs空
Figure 10: route-set Objects
图10:路由集对象
An address prefix or a route-set name in a members attribute can be optionally followed by a range operator. For example, the following set
“成员”属性中的地址前缀或路由集名称可以可选地后跟范围运算符。例如,以下集合
route-set: rs-bar
members: 5.0.0.0/8^+, 30.0.0.0/8^24-32, rs-foo^+
route-set: rs-bar
members: 5.0.0.0/8^+, 30.0.0.0/8^24-32, rs-foo^+
contains all the more specifics of 5.0.0.0/8 including 5.0.0.0/8, all the more specifics of 30.0.0.0/8 which are of length 24 to 32 such as 30.9.9.96/28, and all the more specifics of address prefixes in route set rs-foo.
包含5.0.0.0/8的所有更多细节,包括5.0.0.0/8,30.0.0.0/8的所有更多细节,长度为24到32,如30.9.9.96/28,以及路由集rs foo中地址前缀的所有更多细节。
The mbrs-by-ref attribute is a list of maintainer names or the keyword ANY. If this attribute is used, the route set also includes address prefixes whose route objects are registered by one of these maintainers and whose member-of attribute refers to the name of this route set. If the value of a mbrs-by-ref attribute is ANY, any route object referring to the route set name is a member. If the mbrs-by-ref attribute is missing, only the address prefixes listed in the members attribute are members of the set.
mbrs by ref属性是维护人员名称或关键字ANY的列表。如果使用此属性,则路由集还包括地址前缀,这些地址前缀的路由对象由这些维护者之一注册,并且其属性成员引用此路由集的名称。如果mbrs by ref属性的值为ANY,则引用路由集名称的任何路由对象都是成员。如果缺少mbrs by ref属性,则只有members属性中列出的地址前缀是集合的成员。
route-set: rs-foo mbrs-by-ref: MNTR-ME, MNTR-YOU
路由集:rs foo mbrs参考:MNTR-ME,MNTR-YU
route-set: rs-bar members: 128.7.0.0/16 mbrs-by-ref: MNTR-YOU
路由集:rs bar成员:128.7.0.0/16 MBR由参考:MNTR-YU
route: 128.9.0.0/16 origin: AS1 member-of: rs-foo mnt-by: MNTR-ME
路线:128.9.0.0/16来源:AS1成员:rs foo mnt发件人:MNTR-ME
route: 128.8.0.0/16 origin: AS2 member-of: rs-foo, rs-bar mnt-by: MNTR-YOU
路线:128.8.0.0/16来源:AS2成员:rs foo,rs bar mnt作者:MNTR-YU
Figure 11: route-set objects.
图11:路由集对象。
Figure 11 presents example route-set objects that use the mbrs-by-ref attribute. The set rs-foo contains two address prefixes, namely 128.8.0.0/16 and 128.9.0.0/16 since the route objects for 128.8.0.0/16 and 128.9.0.0/16 refer to the set name rs-foo in their member-of attribute. The set rs-bar contains the address prefixes 128.7.0.0/16 and 128.8.0.0/16. The route 128.7.0.0/16 is explicitly listed in the members attribute of rs-bar, and the route object for 128.8.0.0/16 refer to the set name rs-bar in its member-of attribute.
图11显示了使用mbrs by ref属性的示例路由集对象。集合rs foo包含两个地址前缀,即128.8.0.0/16和128.9.0.0/16,因为128.8.0.0/16和128.9.0.0/16的路由对象在其属性成员中引用集合名称rs foo。set rs栏包含地址前缀128.7.0.0/16和128.8.0.0/16。路由128.7.0.0/16在rs bar的“成员”属性中显式列出,128.8.0.0/16的路由对象在其“成员”属性中引用集合名称rs bar。
Note that, if an address prefix is listed in a members attribute of a route set, it is a member of that route set. The route object
请注意,如果地址前缀列在路由集的“成员”属性中,则它是该路由集的成员。路由对象
corresponding to this address prefix does not need to contain a member-of attribute referring to this set name. The member-of attribute of the route class is an additional mechanism for specifying the members indirectly.
与此地址前缀对应的不需要包含引用此集合名称的属性的成员。route类的member of属性是间接指定成员的附加机制。
The attributes of the as-set class are shown in Figure 12. The as-set attribute defines the name of the set. It is an RPSL name that starts with "as-". The members attribute lists the members of the set. The members attribute is a list of AS numbers, or other as-set names.
as set类的属性如图12所示。“作为集”属性定义集的名称。它是一个以“as-”开头的RPSL名称。“成员”属性列出集合的成员。“成员”属性是AS编号或其他AS集合名称的列表。
Attribute Value Type
as-set <object-name> mandatory, single-valued,
class key
members list of <as-numbers> or optional, single-valued
<as-set-names>
mbrs-by-ref list of <mntner-names> optional, single-valued
Attribute Value Type
as-set <object-name> mandatory, single-valued,
class key
members list of <as-numbers> or optional, single-valued
<as-set-names>
mbrs-by-ref list of <mntner-names> optional, single-valued
Figure 12: as-set Class Attributes
图12:as set类属性
Figure 13 presents two as-set objects. The set as-foo contains two ASes, namely AS1 and AS2. The set as-bar contains the members of the set as-foo and AS3, that is it contains AS1, AS2, AS3.
图13显示了两个as set对象。set as foo包含两个ASE,即AS1和AS2。set-as栏包含set-as-foo和AS3的成员,也就是说,它包含AS1、AS2和AS3。
as-set: as-foo as-set: as-bar
members: AS1, AS2 members: AS3, as-foo
as-set: as-foo as-set: as-bar
members: AS1, AS2 members: AS3, as-foo
Figure 13: as-set objects.
图13:as set对象。
The mbrs-by-ref attribute is a list of maintainer names or the keyword ANY. If this attribute is used, the AS set also includes ASes whose aut-num objects are registered by one of these maintainers and whose member-of attribute refers to the name of this AS set. If the value of a mbrs-by-ref attribute is ANY, any AS object referring to the AS set is a member of the set. If the mbrs-by-ref attribute is missing, only the ASes listed in the members attribute are members of the set.
mbrs by ref属性是维护人员名称或关键字ANY的列表。如果使用此属性,AS集还包括其aut num对象由这些维护者之一注册的ASE,并且其属性成员引用此AS集的名称。如果mbrs by ref属性的值为ANY,则引用AS集的任何AS对象都是该集的成员。如果缺少mbrs by ref属性,则只有members属性中列出的ASE是集合的成员。
Figure 14 presents an example as-set object that uses the mbrs-by-ref attribute. The set as-foo contains AS1, AS2 and AS3. AS4 is not a member of the set as-foo even though the aut-num object references as-foo. This is because MNTR-OTHER is not listed in the as-foo's mbrs-by-ref attribute.
图14显示了一个使用mbrs by ref属性的ASSET对象示例。set as foo包含AS1、AS2和AS3。AS4不是set as foo的成员,即使aut num对象引用为foo。这是因为MNTR-OTHER未列在as foo的mbrs by ref属性中。
as-set: as-foo members: AS1, AS2 mbrs-by-ref: MNTR-ME
as set:as foo成员:AS1、AS2 MBR由ref:MNTR-ME提供
aut-num: AS3 aut-num: AS4
member-of: as-foo member-of: as-foo
mnt-by: MNTR-ME mnt-by: MNTR-OTHER
aut-num: AS3 aut-num: AS4
member-of: as-foo member-of: as-foo
mnt-by: MNTR-ME mnt-by: MNTR-OTHER
Figure 14: as-set objects.
图14:设置对象。
In a context that expects a route set (e.g. members attribute of the route-set class), an AS number ASx defines the set of routes that are originated by ASx; and an as-set AS-X defines the set of routes that are originated by the ASes in AS-X. A route p is said to be originated by ASx if there is a route object for p with ASx as the value of the origin attribute. For example, in Figure 15, the route set rs-special contains 128.9.0.0/16, routes of AS1 and AS2, and routes of the ASes in AS set AS-FOO.
在需要路由集的上下文中(例如,路由集类的members属性),AS编号ASx定义由ASx发起的路由集;as set as-X定义了as-X中ASE发起的路由集。如果p有一个路由对象,且ASx作为origin属性的值,则称路由p是由ASx发起的。例如,在图15中,路由集rs special包含128.9.0.0/16、AS1和AS2的路由以及AS set AS-FOO中ASE的路由。
route-set: rs-special members: 128.9.0.0/16, AS1, AS2, AS-FOO
路由集:rs特殊成员:128.9.0.0/16、AS1、AS2、AS-FOO
Figure 15: Use of AS numbers and AS sets in route sets.
图15:在路由集合中使用AS编号和AS集合。
The set rs-any contains all routes registered in IRR. The set as-any contains all ASes registered in IRR.
集合rs any包含在IRR中注册的所有路由。集合as any包含在IRR中注册的所有ASE。
Set names can be hierarchical. A hierarchical set name is a sequence of set names and AS numbers separated by colons ":". For example, the following names are valid: AS1:AS-CUSTOMERS, AS1:RS-EXCEPTIONS, AS1:RS-EXPORT:AS2, RS-EXCEPTIONS:RS-BOGUS. All components of an hierarchical set name which are not AS numbers should start with "as-" or "rs-" for as sets and route sets respectively.
集合名称可以是分层的。分层集合名称是集合名称的序列,以冒号“:”分隔。例如,以下名称有效:AS1:AS-CUSTOMERS、AS1:RS-EXCEPTIONS、AS1:RS-EXPORT:AS2、RS-EXCEPTIONS:RS-BOGUS。对于AS集合和路由集合,非AS编号的分层集合名称的所有组件应分别以“AS-”或“rs-”开头。
A set object with name X1:...:Xn-1:Xn can only be created by the maintainer of the object with name X1:...:Xn-1. That is, only the maintainer of AS1 can create a set with name AS1:AS-FOO; and only the maintainer of AS1:AS-FOO can create a set with name AS1:AS-FOO:AS-BAR.
名为X1:…:Xn-1:Xn的集合对象只能由名为X1:…:Xn-1的对象的维护者创建。也就是说,只有AS1的维护者才能创建一个名为AS1:AS-FOO的集合;只有AS1:AS-FOO的维护者才能创建一个名为AS1:AS-FOO:AS-BAR的集合。
The purpose of an hierarchical set name is to partition the set name space so that the controllers of the set name X1 controls the whole set name space under X1, i.e. X1:...:Xn-1. This is important since anyone can create a set named AS-MCI-CUSTOMERS but only the people created AS3561 can create AS3561:AS-CUSTOMERS. In the former, it is not clear if the set AS-MCI-CUSTOMERS has any relationship with MCI. In the latter, we can guarantee that AS3561:AS-CUSTOMERS and AS3561 are created by the same entity.
分层集合名称的目的是划分集合名称空间,以便集合名称X1的控制器控制X1下的整个集合名称空间,即X1:…:Xn-1。这一点很重要,因为任何人都可以创建名为AS-MCI-CUSTOMERS的集合,但只有创建AS3561的人才能创建AS3561:AS-CUSTOMERS。在前者中,不清楚set AS-MCI-CUSTOMERS是否与MCI有任何关系。在后者中,我们可以保证AS3561:AS-CUSTOMERS和AS3561由同一实体创建。
6 aut-num Class
6 aut num类
ASes are specified using the aut-num class. The attributes of the aut-num class are shown in Figure 16. The value of the aut-num attribute is the AS number of the AS described by this object. The as-name attribute is a symbolic name (in RPSL name syntax) of the AS. The import, export and default routing policies of the AS are specified using import, export and default attributes respectively.
ASE是使用aut num类指定的。aut num类的属性如图16所示。aut num属性的值是此对象所描述的对象的AS编号。as name属性是as的符号名(在RPSL名称语法中)。AS的导入、导出和默认路由策略分别使用导入、导出和默认属性指定。
Attribute Value Type aut-num <as-number> mandatory, single-valued, class key as-name <object-name> mandatory, single-valued member-of list of <as-set-names> optional, single-valued import see Section 6.1 optional, multi valued export see Section 6.2 optional, multi valued default see Section 6.5 optional, multi valued
属性值类型aut num<as number>强制、单值、类键as name<object name>强制、<as集合名称>列表的单值成员可选、单值导入见第6.1节可选、多值导出见第6.2节可选、多值默认见第6.5节可选、多值
Figure 16: aut-num Class Attributes
图16:aut num类属性
Figure 17 shows a typical interconnection of ASes that we will be using in our examples throughout this section. In this example topology, there are three ASes, AS1, AS2, and AS3; two exchange points, EX1 and EX2; and six routers. Routers connected to the same exchange point peer with each other, i.e. open a connection for exchanging routing information. Each router would export a subset of the routes it has to its peer routers. Peer routers would import a subset of these routes. A router while importing routes would set some route attributes. For example, AS1 can assign higher preference values to the routes it imports from AS2 so that it prefers AS2 over AS3. While exporting routes, a router may also set some route attributes in order to affect route selection by its peers. For example, AS2 may set the MULTI-EXIT-DISCRIMINATOR BGP attribute so that AS1 prefers to use the router 9.9.9.2. Most interAS policies are specified by specifying what route subsets can be imported or exported, and how the various BGP route attributes are set and used.
图17显示了我们将在本节示例中使用的ASE的典型互连。在这个示例拓扑中,有三个ASE,AS1、AS2和AS3;两个交换点,EX1和EX2;和六个路由器。连接到同一交换点的路由器彼此对等,即打开连接以交换路由信息。每个路由器将其拥有的路由的子集导出到其对等路由器。对等路由器将导入这些路由的子集。路由器在导入路由时会设置一些路由属性。例如,AS1可以为它从AS2导入的路由分配更高的首选项值,以便它更喜欢AS2而不是AS3。导出路由时,路由器还可以设置一些路由属性,以影响其对等方的路由选择。例如,AS2可以设置多出口鉴别器BGP属性,以便AS1更喜欢使用路由器9.9.9.2。大多数interAS策略是通过指定可以导入或导出的路由子集以及各种BGP路由属性的设置和使用方式来指定的。
---------------------- ----------------------
| 7.7.7.1 |-------| |-------| 7.7.7.2 |
| | ======== | |
| AS1 | EX1 |-------| 7.7.7.3 AS2 |
| | | |
| 9.9.9.1 |------ ------| 9.9.9.2 |
---------------------- | | ----------------------
===========
| EX2
---------------------- |
| 9.9.9.3 |---------
| |
| AS3 |
----------------------
---------------------- ----------------------
| 7.7.7.1 |-------| |-------| 7.7.7.2 |
| | ======== | |
| AS1 | EX1 |-------| 7.7.7.3 AS2 |
| | | |
| 9.9.9.1 |------ ------| 9.9.9.2 |
---------------------- | | ----------------------
===========
| EX2
---------------------- |
| 9.9.9.3 |---------
| |
| AS3 |
----------------------
Figure 17: Example topology consisting of three ASes, AS1, AS2, and AS3; two exchange points, EX1 and EX2; and six routers.
图17:由AS1、AS2和AS3三个ASE组成的拓扑示例;两个交换点,EX1和EX2;和六个路由器。
In RPSL, an import policy is divided into import policy expressions. Each import policy expression is specified using an import attribute. The import attribute has the following syntax (we will extend this syntax later in Sections 6.3 and 6.6):
在RPSL中,导入策略分为导入策略表达式。每个导入策略表达式都使用导入属性指定。导入属性具有以下语法(我们将在后面的第6.3节和第6.6节中扩展此语法):
import: from <peering-1> [action <action-1>]
. . .
from <peering-N> [action <action-N>]
accept <filter>
import: from <peering-1> [action <action-1>]
. . .
from <peering-N> [action <action-N>]
accept <filter>
The action specification is optional. The semantics of an import attribute is as follows: the set of routes that are matched by <filter> are imported from all the peers in <peerings>; while importing routes at <peering-M>, <action-M> is executed.
操作规范是可选的。导入属性的语义如下:由<filter>匹配的路由集从<peerings>中的所有对等方导入;在<peering-M>导入路由时,执行<action-M>。
E.g.
aut-num: AS1
import: from AS2 action pref = 1; accept { 128.9.0.0/16 }
E.g.
aut-num: AS1
import: from AS2 action pref = 1; accept { 128.9.0.0/16 }
This example states that the route 128.9.0.0/16 is accepted from AS2 with preference 1. In the next few subsections, we will describe how peerings, actions and filters are specified.
该示例说明从AS2接受路由128.9.0.0/16,首选项为1。在接下来的几个小节中,我们将描述如何指定对等、操作和过滤器。
Our example above used an AS number to specify peerings. The peerings can be specified at different granularities. The syntax of a peering specification has two forms. The first one is as follows:
我们上面的示例使用AS编号来指定对等。可在不同粒度下指定剥离。对等规范的语法有两种形式。第一个是:
<peer-as> [<peer-router>] [at <local-router>]
<peer-as> [<peer-router>] [at <local-router>]
where <local-router> and <peer-router> are IP addresses of routers, <peer-as> is an AS number. <peer-as> must be the AS number of <peer-router>. Both <local-router> and <peer-router> are optional. If both <local-router> and <peer-router> are specified, this peering specification identifies only the peering between these two routers. If only <local-router> is specified, this peering specification identifies all the peerings between <local-router> and any of its peer routers in <peer-as>. If only <peer-router> is specified, this peering specification identifies all the peerings between any router in the local AS and <peer-router>. If neither <local-router> nor <peer-router> is specified, this peering specification identifies all the peerings between any router in the local AS and any router in <peer-as>.
其中<local router>和<peer router>是路由器的IP地址,<peer as>是as号<对等as>必须是<对等路由器>的as编号。<本地路由器>和<对等路由器>都是可选的。如果同时指定了<本地路由器>和<对等路由器>,则此对等规范仅标识这两个路由器之间的对等。如果仅指定了<local router>,则此对等规范将标识<local router>与其在<peer as>中的任何对等路由器之间的所有对等。如果仅指定了<peer router>,则此对等规范将标识本地AS和<peer router>中任何路由器之间的所有对等。如果既未指定<local router>也未指定<peer router>,则此对等规范将标识本地AS中的任何路由器与<peer AS>中的任何路由器之间的所有对等。
We next give examples. Consider the topology of Figure 17 where 7.7.7.1, 7.7.7.2 and 7.7.7.3 peer with each other; 9.9.9.1, 9.9.9.2 and 9.9.9.3 peer with each other. In the following example 7.7.7.1 imports 128.9.0.0/16 from 7.7.7.2.
下面我们举几个例子。考虑图17的拓扑结构,其中7.7.7.1、7.7.7.2和7.7.7.3彼此对等;9.9.9.1、9.9.9.2和9.9.9.3相互对等。在以下示例中,7.7.7.1从7.7.7.2导入128.9.0.0/16。
(1) aut-num: AS1
import: from AS2 7.7.7.2 at 7.7.7.1 accept { 128.9.0.0/16 }
(1) aut-num: AS1
import: from AS2 7.7.7.2 at 7.7.7.1 accept { 128.9.0.0/16 }
In the following example 7.7.7.1 imports 128.9.0.0/16 from 7.7.7.2 and 7.7.7.3.
在以下示例中,7.7.7.1从7.7.7.2和7.7.7.3导入128.9.0.0/16。
(2) aut-num: AS1
import: from AS2 at 7.7.7.1 accept { 128.9.0.0/16 }
(2) aut-num: AS1
import: from AS2 at 7.7.7.1 accept { 128.9.0.0/16 }
In the following example 7.7.7.1 imports 128.9.0.0/16 from 7.7.7.2 and 7.7.7.3, and 9.9.9.1 imports 128.9.0.0/16 from 9.9.9.2.
在以下示例中,7.7.7.1从7.7.7.2和7.7.7.3导入128.9.0.0/16,9.9.9.1从9.9.9.2导入128.9.0.0/16。
(3) aut-num: AS1
import: from AS2 accept { 128.9.0.0/16 }
(3) aut-num: AS1
import: from AS2 accept { 128.9.0.0/16 }
The second form of <peering> specification has the following syntax:
<peering>规范的第二种形式具有以下语法:
<as-expression> [at <router-expression>]
<as-expression> [at <router-expression>]
where <as-expression> is an expression over AS numbers and sets using operators AND, OR, and NOT, and <router-expression> is an expression over router IP addresses and DNS names using operators AND, OR, and NOT. The DNS name can only be used if there is an inet-rtr object for that name that binds the name to IP addresses. This form identifies all the peerings between any local router in <router-expression> to
其中,<as expression>是使用运算符and、OR和NOT的as数字和集合上的表达式,<router expression>是使用运算符and、OR和NOT的路由器IP地址和DNS名称上的表达式。只有当DNS名称的inet rtr对象将该名称绑定到IP地址时,才能使用该DNS名称。此表单标识<router expression>中任何本地路由器之间的所有对等
any of their peer routers in the ASes in <as-expression>. If <router-expression> is not specified, it defaults to all routers of the local AS.
<as expression>中ASes中的任何对等路由器。如果未指定<router expression>,则默认为本地AS的所有路由器。
In the following example 9.9.9.1 imports 128.9.0.0/16 from 9.9.9.2 and 9.9.9.3.
在以下示例中,9.9.9.1从9.9.9.2和9.9.9.3导入128.9.0.0/16。
(4) as-set: AS-FOO
members: AS2, AS3
aut-num: AS1
import: from AS-FOO at 9.9.9.1 accept { 128.9.0.0/16 }
(4) as-set: AS-FOO
members: AS2, AS3
aut-num: AS1
import: from AS-FOO at 9.9.9.1 accept { 128.9.0.0/16 }
In the following example 9.9.9.1 imports 128.9.0.0/16 from 9.9.9.2 and 9.9.9.3, and 7.7.7.1 imports 128.9.0.0/16 from 7.7.7.2 and 7.7.7.3.
在以下示例中,9.9.9.1从9.9.9.2和9.9.9.3导入128.9.0.0/16,7.7.7.1从7.7.7.2和7.7.7.3导入128.9.0.0/16。
(5) aut-num: AS1
import: from AS-FOO accept { 128.9.0.0/16 }
(5) aut-num: AS1
import: from AS-FOO accept { 128.9.0.0/16 }
In the following example AS1 imports 128.9.0.0/16 from AS3 at router 9.9.9.1
在以下示例中,AS1在路由器9.9.9.1处从AS3导入128.9.0.0/16
(6) aut-num: AS1 import: from AS-FOO and not AS2 at not 7.7.7.1 accept { 128.9.0.0/16 }
(6) aut num:AS1导入:从AS-FOO和not 7.7.7.1的not AS2接受{128.9.0.0/16}
This is because "AS-FOO and not AS2" equals AS3 and "not 7.7.7.1" equals 9.9.9.1.
这是因为“AS-FOO而非AS2”等于AS3,“非7.7.7.1”等于9.9.9.1。
Policy actions in RPSL either set or modify route attributes, such as assigning a preference to a route, adding a BGP community to the BGP community path attribute, or setting the MULTI-EXIT-DISCRIMINATOR attribute. Policy actions can also instruct routers to perform special operations, such as route flap damping.
RPSL中的策略操作可以设置或修改路由属性,例如为路由分配首选项、将BGP社区添加到BGP社区路径属性或设置多出口鉴别器属性。策略操作还可以指示路由器执行特殊操作,例如路由翻转阻尼。
The routing policy attributes whose values can be modified in policy actions are specified in the RPSL dictionary. Please refer to Section 7 for a list of these attributes. Each action in RPSL is terminated by the character ';'. It is possible to form composite policy actions by listing them one after the other. In a composite policy action, the actions are executed left to right. For example,
可以在策略操作中修改其值的路由策略属性在RPSL字典中指定。有关这些属性的列表,请参阅第7节。RPSL中的每个操作都以字符“;”结尾。可以通过逐个列出组合策略操作来形成组合策略操作。在复合策略操作中,操作从左到右执行。例如
aut-num: AS1
import: from AS2
action pref = 10; med = 0; community.append(10250, {3561,10});
accept { 128.9.0.0/16 }
aut-num: AS1
import: from AS2
action pref = 10; med = 0; community.append(10250, {3561,10});
accept { 128.9.0.0/16 }
sets pref to 10, med to 0, and then appends 10250 and {3561,10} to the community path attribute.
将pref设置为10,med设置为0,然后将10250和{3561,10}附加到社区路径属性。
A policy filter is a logical expression which when applied to a set of routes returns a subset of these routes. We say that the policy filter matches the subset returned. The policy filter can match routes using any path attribute, such as the destination address prefix (or NLRI), AS-path, or community attributes.
策略筛选器是一个逻辑表达式,当应用于一组路由时,它将返回这些路由的子集。我们说策略过滤器匹配返回的子集。策略筛选器可以使用任何路径属性(如目标地址前缀(或NLRI))作为路径或社区属性来匹配路由。
The policy filters can be composite by using the operators AND, OR, and NOT. The following policy filters can be used to select a subset of routes:
策略筛选器可以通过使用运算符AND、OR和NOT进行组合。以下策略筛选器可用于选择路由的子集:
ANY The filter-keyword ANY matches all routes.
过滤器关键字ANY中的ANY匹配所有路由。
Address-Prefix Set This is an explicit list of address prefixes enclosed in braces '{' and '}'. The policy filter matches the set of routes whose destination address-prefix is in the set. For example:
地址前缀集这是大括号“{”和“}”中包含的地址前缀的显式列表。策略筛选器匹配目标地址前缀位于该集合中的路由集合。例如:
{ 0.0.0.0/0 }
{ 128.9.0.0/16, 128.8.0.0/16, 128.7.128.0/17, 5.0.0.0/8 }
{ }
{ 0.0.0.0/0 }
{ 128.9.0.0/16, 128.8.0.0/16, 128.7.128.0/17, 5.0.0.0/8 }
{ }
An address prefix can be optionally followed by a range operator
(i.e. '^-', '^+', '^n', or '^n-m'). For example, the set
An address prefix can be optionally followed by a range operator
(i.e. '^-', '^+', '^n', or '^n-m'). For example, the set
{ 5.0.0.0/8^+, 128.9.0.0/16^-, 30.0.0.0/8^16, 30.0.0.0/8^24-32 }
{ 5.0.0.0/8^+, 128.9.0.0/16^-, 30.0.0.0/8^16, 30.0.0.0/8^24-32 }
contains all the more specifics of 5.0.0.0/8 including 5.0.0.0/8, all the more specifics of 128.9.0.0/16 excluding 128.9.0.0/16, all the more specifics of 30.0.0.0/8 which are of length 16 such as 30.9.0.0/16, and all the more specifics of 30.0.0.0/8 which are of length 24 to 32 such as 30.9.9.96/28.
包含5.0.0.0/8的所有更多细节,包括5.0.0.0/8,128.9.0.0/16的所有更多细节,不包括128.9.0.0/16,30.0.0.0/8的所有更多细节,长度为16,如30.9.0.0/16,以及30.0.0.0/8的所有更多细节,长度为24到32,如30.9.9.96/28。
Route Set Name A route set name matches the set of routes that are members of the set. A route set name may be a name of a route-set object, an AS number, or a name of an as-set object (AS numbers and as-set names implicitly define route sets; please see Section 5.3). For example:
路由集名称路由集名称与作为该集成员的路由集匹配。路由集名称可以是路由集对象的名称、AS编号或AS集对象的名称(AS编号和AS集名称隐式定义路由集;请参见第5.3节)。例如:
aut-num: AS1
import: from AS2 action pref = 1; accept AS2
import: from AS2 action pref = 1; accept AS-FOO
import: from AS2 action pref = 1; accept RS-FOO
aut-num: AS1
import: from AS2 action pref = 1; accept AS2
import: from AS2 action pref = 1; accept AS-FOO
import: from AS2 action pref = 1; accept RS-FOO
The keyword PeerAS can be used instead of the AS number of the peer AS. PeerAS is particularly useful when the peering is specified using an AS expression. For example:
可以使用关键字PeerAS代替对等AS的AS编号。当使用AS表达式指定对等时,PeerAS特别有用。例如:
as-set: AS-FOO members: AS2, AS3
as集合:as-FOO成员:AS2、AS3
aut-num: AS1
import: from AS-FOO action pref = 1; accept PeerAS
aut-num: AS1
import: from AS-FOO action pref = 1; accept PeerAS
is same as:
同:
aut-num: AS1
import: from AS2 action pref = 1; accept AS2
import: from AS3 action pref = 1; accept AS3
aut-num: AS1
import: from AS2 action pref = 1; accept AS2
import: from AS3 action pref = 1; accept AS3
A route set name can also be followed by one of the operators '^-', '^+', '^n' or '^n-m'. These operators are distributive over the route sets. For example, { 5.0.0.0/8, 6.0.0.0/8 }^+ equals { 5.0.0.0/8^+, 6.0.0.0/8^+ }, and AS1^- equals all the exclusive more specifics of routes originated by AS1.
路由集名称后面还可以跟一个运算符“^-”、“^+”、“^n”或“^n-m”。这些算子在路由集上是分布的。例如,{5.0.0.0/8,6.0.0.0/8}^+等于{5.0.0.0/8^+、6.0.0.0/8^+}和AS1^-等于AS1发起的路由的所有专有更详细信息。
AS Path Regular Expressions An AS-path regular expression can be used as a policy filter by enclosing the expression in `<' and `>'. An AS-path policy filter matches the set of routes which traverses a sequence of ASes matched by the AS-path regular expression. A router can check this using the AS_PATH attribute in the Border Gateway Protocol [18], or the RD_PATH attribute in the Inter-Domain Routing Protocol[17].
AS-Path正则表达式AS-Path正则表达式可以用作策略筛选器,方法是将表达式封装在“<”和“>”中。AS path策略筛选器匹配通过AS path正则表达式匹配的ASE序列的路由集。路由器可以使用边界网关协议[18]中的AS_PATH属性或域间路由协议[17]中的RD_PATH属性来检查这一点。
AS-path Regular Expressions are POSIX compliant regular expressions over the alphabet of AS numbers. The regular expression constructs are as follows:
AS路径正则表达式是AS数字字母表上的POSIX兼容正则表达式。正则表达式构造如下所示:
ASN where ASN is an AS number. ASN matches the AS-path that is of length 1 and contains the corresponding AS number (e.g. AS-path regular expression AS1 matches the AS-path "1").
ASN,其中ASN是AS编号。ASN匹配长度为1且包含相应AS编号的AS路径(例如,AS路径正则表达式AS1匹配AS路径“1”)。
The keyword PeerAS can be used instead of the AS number of the peer AS.
可以使用关键字PeerAS代替对等AS的AS编号。
AS-set where AS-set is an AS set name. AS-set matches the AS-paths that is matched by one of the ASes in the AS-set.
AS set,其中AS set是AS set名称。AS集合匹配AS集合中某个ASE匹配的AS路径。
. matches the AS-paths matched by any AS number.
. 匹配由任意AS编号匹配的AS路径。
[...] is an AS number set. It matches the AS-paths matched by the AS numbers listed between the brackets. The AS numbers in the set are separated by white space characters. If a `-' is used between two AS numbers in this set, all AS numbers between the two AS numbers are included in the set. If an as-set name is listed, all AS numbers in the as-set are included.
[…]是一个AS编号集。它匹配由括号之间列出的AS编号匹配的AS路径。集合中的AS编号由空格字符分隔。如果在该集合中两个AS编号之间使用“-”,则两个AS编号之间的所有AS编号都包含在该集合中。如果列出了as集合名称,则as集合中的所有as编号都将包括在内。
[^...] is a complemented AS number set. It matches any AS-path which is not matched by the AS numbers in the set.
[^…]是一个补码作为数字集。它匹配集合中AS编号不匹配的任何AS路径。
^ Matches the empty string at the beginning of an AS-path.
^匹配AS路径开头的空字符串。
$ Matches the empty string at the end of an AS-path.
$ 匹配AS路径末尾的空字符串。
We next list the regular expression operators in the decreasing order of evaluation. These operators are left associative, i.e. performed left to right.
接下来,我们将按求值的降序列出正则表达式运算符。这些运算符是左关联的,即从左到右执行。
Unary postfix operators * + ? {m} {m,n} {m,} For a regular expression A, A* matches zero or more occurrences of A; A+ matches one or more occurrences of A; A? matches zero or one occurrence of A; A{m} matches m occurrence of A; A{m,n} matches m to n occurrence of A; A{m,} matches m or more occurrence of A. For example, [AS1 AS2]{2} matches AS1 AS1, AS1 AS2, AS2 AS1, and AS2 AS2.
一元后缀运算符*+?{m} {m,n}{m,}对于正则表达式a,a*匹配a的零次或多次出现;A+匹配一个或多个事件;A.匹配零个或一个事件;A{m}匹配A的m个出现点;A{m,n}匹配A的m到n次出现;{m,}匹配A的m个或多个匹配项。例如,[AS1 AS2]{2}匹配AS1 AS1、AS1 AS2、AS2 AS1和AS2 AS2。
Unary postfix operators ~* ~+ ~{m} ~{m,n} ~{m,} These operators have similar functionality as the corresponding operators listed above, but all occurrences of the regular expression has to match the same pattern. For example, [AS1 AS2]~{2} matches AS1 AS1 and AS2 AS2, but it does not match AS1 AS2 and AS2 AS1.
一元后缀运算符~*~+~{m}{m,n}{m,}这些运算符与上面列出的相应运算符具有类似的功能,但正则表达式的所有出现都必须匹配相同的模式。例如,[AS1 AS2]~{2}匹配AS1 AS1和AS2 AS2,但不匹配AS1 AS2和AS2 AS1。
Binary catenation operator This is an implicit operator and exists between two regular expressions A and B when no other explicit operator is specified. The resulting expression A B matches an AS-path if A matches some prefix of the AS-path and B matches the rest of the AS-path.
二元连环运算符这是一个隐式运算符,当未指定其他显式运算符时,它存在于两个正则表达式A和B之间。如果A与AS路径的某个前缀匹配,而B与AS路径的其余部分匹配,则生成的表达式ab与AS路径匹配。
Binary alternative (or) operator | For a regular expressions A and B, A | B matches any AS-path that is matched by A or B.
二进制可选(或)运算符|对于正则表达式a和B,a | B匹配由a或B匹配的任何AS路径。
Parenthesis can be used to override the default order of evaluation. White spaces can be used to increase readability.
括号可用于替代默认的求值顺序。空白可以用来增加可读性。
The following are examples of AS-path filters:
以下是AS路径过滤器的示例:
<AS3> <^AS1> <AS2$> <^AS1 AS2 AS3$> <^AS1 .* AS2$>.
<AS3><AS1><AS2$><AS1 AS2 AS3$><AS1.*AS2$>。
The first example matches any route whose AS-path contains AS3, the second matches routes whose AS-path starts with AS1, the third matches routes whose AS-path ends with AS2, the fourth matches routes whose AS-path is exactly "1 2 3", and the fifth matches routes whose AS-path starts with AS1 and ends in AS2 with any number of AS numbers in between.
第一个示例匹配AS路径包含AS3的任何路由,第二个匹配AS路径以AS1开头的路由,第三个匹配AS路径以AS2结尾的路由,第四个匹配AS路径正好为“1 2 3”的路由,第五个匹配路径的AS路径以AS1开始,以AS2结束,中间有任意数量的AS编号。
Composite Policy Filters The following operators (in decreasing order of evaluation) can be used to form composite policy filters:
复合策略筛选器可以使用以下运算符(按求值的降序)形成复合策略筛选器:
NOT Given a policy filter x, NOT x matches the set of routes that are not matched by x. That is it is the negation of policy filter x.
未给定策略筛选器x,则NOT x与x不匹配的路由集相匹配。也就是说,它是对策略过滤器x的否定。
AND Given two policy filters x and y, x AND y matches the intersection of the routes that are matched by x and that are matched by y.
给定两个策略过滤器x和y,x和y匹配由x匹配和由y匹配的路线的交点。
OR Given two policy filters x and y, x OR y matches the union of the routes that are matched by x and that are matched by y.
或者给定两个策略筛选器x和y,x或y匹配由x匹配且由y匹配的路由的并集。
Note that an OR operator can be implicit, that is `x y' is equivalent to `x OR y'.
请注意,OR运算符可以是隐式的,即'xy'等同于'x或y'。
E.g.
例如。
NOT {128.9.0.0/16, 128.8.0.0/16}
AS226 AS227 OR AS228
AS226 AND NOT {128.9.0.0/16}
AS226 AND {0.0.0.0/0^0-18}
NOT {128.9.0.0/16, 128.8.0.0/16}
AS226 AS227 OR AS228
AS226 AND NOT {128.9.0.0/16}
AS226 AND {0.0.0.0/0^0-18}
The first example matches any route except 128.9.0.0/16 and 128.8.0.0/16. The second example matches the routes of AS226, AS227 and AS228. The third example matches the routes of AS226 except 128.9.0.0/16. The fourth example matches the routes of AS226 whose length are not longer than 18.
第一个示例匹配除128.9.0.0/16和128.8.0.0/16之外的任何路由。第二个示例匹配AS226、AS227和AS228的路由。第三个示例与AS226的路由匹配,128.9.0.0/16除外。第四个示例匹配长度不超过18的AS226路由。
Routing Policy Attributes Policy filters can also use the values of other attributes for comparison. The attributes whose values can be used in policy filters are specified in the RPSL dictionary. Please refer to Section 7 for details. An example using the the BGP community attribute is shown below:
路由策略属性策略筛选器还可以使用其他属性的值进行比较。其值可用于策略筛选器的属性在RPSL字典中指定。详情请参阅第7节。使用BGP社区属性的示例如下所示:
aut-num: AS1 export: to AS2 announce AS1 AND NOT community.contains(NO_EXPORT)
aut num:AS1导出:到AS2宣布AS1而不是社区。包含(无导出)
Filters using the routing policy attributes defined in the dictionary are evaluated before evaluating the operators AND, OR and NOT.
使用字典中定义的路由策略属性的筛选器将在计算运算符AND、OR和NOT之前进行计算。
aut-num: AS1
import: from AS2 action pref = 1;
from AS3 action pref = 2;
accept AS4
aut-num: AS1
import: from AS2 action pref = 1;
from AS3 action pref = 2;
accept AS4
The above example states that AS4's routes are accepted from AS2 with preference 1, and from AS3 with preference 2 (routes with lower integer preference values are preferred over routes with higher integer preference values).
上面的示例说明,AS4的路由可从具有首选项1的AS2和具有首选项2的AS3接受(具有较低整数首选项值的路由优先于具有较高整数首选项值的路由)。
aut-num: AS1
import: from AS2 7.7.7.2 at 7.7.7.1 action pref = 1;
from AS2 action pref = 2;
accept AS4
aut-num: AS1
import: from AS2 7.7.7.2 at 7.7.7.1 action pref = 1;
from AS2 action pref = 2;
accept AS4
The above example states that AS4's routes are accepted from AS2 on peering 7.7.7.1-7.7.7.2 with preference 1, and on any other peering with AS2 with preference 2.
上面的示例说明,AS4的路由在优先权为1的对等7.7.7.1-7.7.2和优先权为2的任何其他对等上从AS2接受。
Similarly, an export policy expression is specified using an export attribute. The export attribute has the following syntax:
类似地,使用导出属性指定导出策略表达式。“导出”属性具有以下语法:
export: to <peering-1> [action <action-1>]
. . .
to <peering-N> [action <action-N>]
announce <filter>
export: to <peering-1> [action <action-1>]
. . .
to <peering-N> [action <action-N>]
announce <filter>
The action specification is optional. The semantics of an export attribute is as follows: the set of routes that are matched by <filter> are exported to all the peers specified in <peerings>; while exporting routes at <peering-M>, <action-M> is executed.
操作规范是可选的。导出属性的语义如下:由<filter>匹配的路由集导出到<peerings>中指定的所有对等方;在<peering-M>导出路由时,执行<action-M>。
E.g.
aut-num: AS1
export: to AS2 action med = 5; community .= 70;
announce AS4
E.g.
aut-num: AS1
export: to AS2 action med = 5; community .= 70;
announce AS4
In this example, AS4's routes are announced to AS2 with the med attribute's value set to 5 and community 70 added to the community list.
在本例中,AS4的路由被宣布给AS2,med属性的值设置为5,社区70添加到社区列表中。
Example:
例子:
aut-num: AS1 export: to AS-FOO announce ANY
aut num:AS1导出:到AS-FOO宣布任何
In this example, AS1 announces all of its routes to the ASes in the set AS-FOO.
在本例中,AS1在set AS-FOO中宣布其到ASE的所有路由。
6.3 Other Routing Protocols, Multi-Protocol Routing Protocols, and Injecting Routes Between Protocols
6.3 其他路由协议、多协议路由协议和协议之间的注入路由
The more complete syntax of the import and export attributes are as follows:
导入和导出属性的更完整语法如下所示:
import: [protocol <protocol-1>] [into <protocol-2>]
from <peering-1> [action <action-1>]
. . .
from <peering-N> [action <action-N>]
accept <filter>
export: [protocol <protocol-1>] [into <protocol-2>]
to <peering-1> [action <action-1>]
. . .
to <peering-N> [action <action-N>]
announce <filter>
import: [protocol <protocol-1>] [into <protocol-2>]
from <peering-1> [action <action-1>]
. . .
from <peering-N> [action <action-N>]
accept <filter>
export: [protocol <protocol-1>] [into <protocol-2>]
to <peering-1> [action <action-1>]
. . .
to <peering-N> [action <action-N>]
announce <filter>
Where the optional protocol specifications can be used for specifying policies for other routing protocols, or for injecting routes of one protocol into another protocol, or for multi-protocol routing policies. The valid protocol names are defined in the dictionary. The <protocol-1> is the name of the protocol whose routes are being exchanged. The <protocol-2> is the name of the protocol which is receiving these routes. Both <protocol-1> and <protocol-2> default to the Internet Exterior Gateway Protocol, currently BGP.
其中,可选协议规范可用于指定其他路由协议的策略,或用于将一个协议的路由注入另一个协议,或用于多协议路由策略。有效的协议名称在字典中定义。<protocol-1>是其路由正在交换的协议的名称。<protocol-2>是接收这些路由的协议的名称。<protocol-1>和<protocol-2>都默认为Internet外部网关协议,目前为BGP。
In the following example, all interAS routes are injected into RIP.
在以下示例中,所有interAS管线都被注入RIP。
aut-num: AS1 import: from AS2 accept AS2 export: protocol BGP4 into RIP to AS1 announce ANY
aut num:AS1导入:从AS2接受AS2导出:协议BGP4到RIP到AS1宣布任何
In the following example, AS1 accepts AS2's routes including any more specifics of AS2's routes, but does not inject these extra more specific routes into OSPF.
在下面的示例中,AS1接受AS2的路由,包括AS2路由的任何更多细节,但不将这些额外的更具体的路由注入OSPF。
aut-num: AS1 import: from AS2 accept AS2^+ export: protocol BGP4 into OSPF to AS1 announce AS2
aut num:AS1导入:从AS2接受AS2^+导出:协议BGP4到OSPF到AS1宣布AS2
In the following example, AS1 injects its static routes (routes which are members of the set AS1:RS-STATIC-ROUTES) to the interAS routing protocol and appends AS1 twice to their AS paths.
在以下示例中,AS1将其静态路由(属于集合AS1:RS-static-ROTES的成员的路由)注入interAS路由协议,并将AS1两次附加到其AS路径。
aut-num: AS1 import: protocol STATIC into BGP4 from AS1 action aspath.prepend(AS1, AS1); accept AS1:RS-STATIC-ROUTES
aut num:AS1导入:从AS1操作aspath.prepend(AS1,AS1)将协议静态导入BGP4;接受AS1:RS-STATIC-ROUTES
In the following example, AS1 imports different set of unicast routes for multicast reverse path forwarding from AS2:
在以下示例中,AS1从AS2导入用于多播反向路径转发的不同单播路由集:
aut-num: AS1 import: from AS2 accept AS2 import: protocol IDMR from AS2 accept AS2:RS-RPF-ROUTES
aut num:AS1导入:来自AS2接受AS2导入:协议IDMR来自AS2接受AS2:RS-RPF-ROUTES
It is possible that the same peering can be covered by more that one peering specification in a policy expression. For example:
同一对等可能被策略表达式中的多个对等规范覆盖。例如:
aut-num: AS1
import: from AS2 7.7.7.2 at 7.7.7.1 action pref = 2;
from AS2 7.7.7.2 at 7.7.7.1 action pref = 1;
accept AS4
aut-num: AS1
import: from AS2 7.7.7.2 at 7.7.7.1 action pref = 2;
from AS2 7.7.7.2 at 7.7.7.1 action pref = 1;
accept AS4
This is not an error, though definitely not desirable. To break the ambiguity, the action corresponding to the first peering specification is used. That is the routes are accepted with preference 2. We call this rule as the specification-order rule.
这不是一个错误,尽管绝对不可取。为了消除歧义,使用与第一个对等规范对应的动作。也就是说,首选项2接受路线。我们将此规则称为规范顺序规则。
Consider the example:
考虑这个例子:
aut-num: AS1
import: from AS2 action pref = 2;
from AS2 7.7.7.2 at 7.7.7.1 action pref = 1; dpa = 5;
accept AS4
aut-num: AS1
import: from AS2 action pref = 2;
from AS2 7.7.7.2 at 7.7.7.1 action pref = 1; dpa = 5;
accept AS4
where both peering specifications cover the peering 7.7.7.1-7.7.7.2, though the second one covers it more specifically. The specification order rule still applies, and only the action "pref = 2" is executed. In fact, the second peering-action pair has no use since the first peering-action pair always covers it. If the intended policy was to accept these routes with preference 1 on this particular peering and with preference 2 in all other peerings, the user should have specified:
其中两个对等规范均涵盖对等7.7.7.1-7.7.7.2,但第二个规范更具体地涵盖了它。规范顺序规则仍然适用,仅执行操作“pref=2”。事实上,第二个对等操作对没有任何用处,因为第一个对等操作对总是覆盖它。如果预期的策略是在该特定对等上以首选项1接受这些路由,在所有其他对等上以首选项2接受这些路由,则用户应指定:
aut-num: AS1
import: from AS2 7.7.7.2 at 7.7.7.1 action pref = 1; dpa = 5;
from AS2 action pref = 2;
accept AS4
aut-num: AS1
import: from AS2 7.7.7.2 at 7.7.7.1 action pref = 1; dpa = 5;
from AS2 action pref = 2;
accept AS4
It is also possible that more than one policy expression can cover the same set of routes for the same peering. For example:
也可能有多个策略表达式可以覆盖同一对等的同一组路由。例如:
aut-num: AS1
import: from AS2 action pref = 2; accept AS4
import: from AS2 action pref = 1; accept AS4
aut-num: AS1
import: from AS2 action pref = 2; accept AS4
import: from AS2 action pref = 1; accept AS4
In this case, the specification-order rule is still used. That is, AS4's routes are accepted from AS2 with preference 2. If the filters were overlapping but not exactly the same:
在这种情况下,仍然使用规范顺序规则。也就是说,AS4的路由从AS2接受,优先权为2。如果过滤器重叠但不完全相同:
aut-num: AS1
import: from AS2 action pref = 2; accept AS4
import: from AS2 action pref = 1; accept AS4 OR AS5
aut-num: AS1
import: from AS2 action pref = 2; accept AS4
import: from AS2 action pref = 1; accept AS4 OR AS5
the AS4's routes are accepted from AS2 with preference 2 and however AS5's routes are also accepted, but with preference 1.
AS4的路线可从AS2优先选择2接受,但AS5的路线也可接受,但优先选择1。
We next give the general specification order rule for the benefit of the RPSL implementors. Consider two policy expressions:
接下来,为了RPSL实现者的利益,我们给出了通用规范顺序规则。考虑两种策略表达式:
aut-num: AS1 import: from peerings-1 action action-1 accept filter-1 import: from peerings-2 action action-2 accept filter-2
aut num:AS1导入:来自对等项-1操作操作-1接受筛选器-1导入:来自对等项-2操作操作-2接受筛选器-2
The above policy expressions are equivalent to the following three expressions where there is no ambiguity:
上述政策表述等同于以下三种表述,其中不存在歧义:
aut-num: AS1 import: from peerings-1 action action-1 accept filter-1 import: from peerings-3 action action-2 accept filter-2 AND NOT filter-1 import: from peerings-4 action action-2 accept filter-2
aut num:AS1导入:来自对等-1操作操作-1接受过滤器-1导入:来自对等-3操作操作-2接受过滤器-2和非过滤器-1导入:来自对等-4操作操作-2接受过滤器-2
where peerings-3 are those that are covered by both peerings-1 and peerings-2, and peerings-4 are those that are covered by peerings-2 but not by peerings-1 ("filter-2 AND NOT filter-1" matches the routes that are matched by filter-2 but not by filter-1).
其中,peering-3是由peering-1和peering-2覆盖的路由,peering-4是由peering-2覆盖但不由peering-1覆盖的路由(“filter-2和not filter-1”匹配由filter-2匹配但不由filter-1匹配的路由)。
Example:
例子:
aut-num: AS1
import: from AS2 7.7.7.2 at 7.7.7.1
action pref = 2;
accept {128.9.0.0/16}
import: from AS2
action pref = 1;
accept {128.9.0.0/16, 75.0.0.0/8}
aut-num: AS1
import: from AS2 7.7.7.2 at 7.7.7.1
action pref = 2;
accept {128.9.0.0/16}
import: from AS2
action pref = 1;
accept {128.9.0.0/16, 75.0.0.0/8}
Lets consider two peerings with AS2, 7.7.7.1-7.7.7.2 and 9.9.9.1- 9.9.9.2. Both policy expressions cover 7.7.7.1-7.7.7.2. On this peering, the route 128.9.0.0/16 is accepted with preference 2, and the route 75.0.0.0/8 is accepted with preference 1. The peering 9.9.9.1-9.9.9.2 is only covered by the second policy expressions. Hence, both the route 128.9.0.0/16 and the route 75.0.0.0/8 are accepted with preference 1 on peering 9.9.9.1-9.9.9.2.
让我们考虑AS2,7.7.7.1-7.7.7.2和97.91-1-97.92.两种政策表述均涵盖7.7.7.1-7.7.7.2。在该对等中,使用首选项2接受路由128.9.0.0/16,使用首选项1接受路由75.0.0.0/8。对等9.9.9.1-9.9.9.2仅包含在第二个策略表达式中。因此,路由128.9.0.0/16和路由75.0.0.0/8在对等9.9.9.1-9.9.9.2上都被优先1接受。
Note that the same ambiguity resolution rules also apply to export and default policy expressions.
请注意,相同的歧义解决规则也适用于导出和默认策略表达式。
Default routing policies are specified using the default attribute. The default attribute has the following syntax:
默认路由策略是使用默认属性指定的。默认属性具有以下语法:
default: to <peering> [action <action>] [networks <filter>]
default: to <peering> [action <action>] [networks <filter>]
The <action> and <filter> specifications are optional. The semantics are as follows: The <peering> specification indicates the AS (and the router if present) is being defaulted to; the <action> specification, if present, indicates various attributes of defaulting, for example a relative preference if multiple defaults are specified; and the <filter> specifications, if present, is a policy filter. A router chooses a default router from the routes in its routing table that matches this <filter>.
<action>和<filter>规格是可选的。语义如下:<peering>规范表示as(以及路由器,如果存在的话)被默认为;<action>规范(如果存在)表示默认的各种属性,例如,如果指定了多个默认值,则表示相对首选项;而<filter>规范(如果存在)是一个策略过滤器。路由器从其路由表中与此<filter>匹配的路由中选择默认路由器。
In the following example, AS1 defaults to AS2 for routing.
在下面的示例中,AS1默认为AS2进行路由。
aut-num: AS1 default: to AS2
aut num:AS1默认值:至AS2
In the following example, router 7.7.7.1 in AS1 defaults to router 7.7.7.2 in AS2.
在以下示例中,AS1中的路由器7.7.7.1默认为AS2中的路由器7.7.7.2。
aut-num: AS1 default: to AS2 7.7.7.2 at 7.7.7.1
aut num:AS1默认值:至AS2 7.7.7.2中的7.7.7.1
In the following example, AS1 defaults to AS2 and AS3, but prefers AS2 over AS3.
在下面的示例中,AS1默认为AS2和AS3,但更喜欢AS2而不是AS3。
aut-num: AS1
default: to AS2 action pref = 1;
default: to AS3 action pref = 2;
aut-num: AS1
default: to AS2 action pref = 1;
default: to AS3 action pref = 2;
In the following example, AS1 defaults to AS2 and uses 128.9.0.0/16 as the default network.
在下面的示例中,AS1默认为AS2,并使用128.9.0.0/16作为默认网络。
aut-num: AS1
default: to AS2 networks { 128.9.0.0/16 }
aut-num: AS1
default: to AS2 networks { 128.9.0.0/16 }
The import and export policies can be structured. We only reccomend structured policies to advanced RPSL users. Please feel free to skip this section.
导入和导出策略可以结构化。我们只向高级RPSL用户推荐结构化策略。请跳过本节。
The syntax for a structured policy specification is the following:
结构化策略规范的语法如下所示:
<import-factor> ::= from <peering-1> [action <action-1>]
. . .
from <peering-N> [action <action-N>]
accept <filter>;
<import-factor> ::= from <peering-1> [action <action-1>]
. . .
from <peering-N> [action <action-N>]
accept <filter>;
<import-term> ::= <import-factor> |
LEFT-BRACE
<import-factor>
. . .
<import-factor>
RIGHT-BRACE
<import-term> ::= <import-factor> |
LEFT-BRACE
<import-factor>
. . .
<import-factor>
RIGHT-BRACE
<import-expression> ::= <import-term> |
<import-term> EXCEPT <import-expression> |
<import-term> REFINE <import-expression>
<import-expression> ::= <import-term> |
<import-term> EXCEPT <import-expression> |
<import-term> REFINE <import-expression>
import: [protocol <protocol1>] [into <protocol2>]
<import-expression>
import: [protocol <protocol1>] [into <protocol2>]
<import-expression>
Please note the semicolon at the end of an <import-factor>. If the policy specification is not structured (as in all the examples in other sections), this semicolon is optional. The syntax and semantics for an <import-factor> is already defined in Section 6.1.
请注意<import factor>末尾的分号。如果策略规范没有结构化(与其他部分中的所有示例一样),则此分号是可选的。<import factor>的语法和语义已在第6.1节中定义。
An <import-term> is either a sequence of <import-factor>'s enclosed within matching braces (i.e. `{' and `}') or just a single <import-factor>. The semantics of an <import-term> is the union of <import-factor>'s using the specification order rule. An <import-expression> is either a single <import-term> or an <import-term> followed by one of the keywords "except" and "refine", followed by another <import-expression>. Note that our definition allows nested expressions. Hence there can be exceptions to exceptions, refinements to refinements, or even refinements to exceptions, and so on.
<import term>是包含在匹配大括号(即“{”和“}”)内的一系列<import factor>,或者只是一个<import factor>。<import term>的语义是使用规范顺序规则的<import factor>的并集。<import expression>可以是单个<import term>或<import term>,后跟一个关键字“except”和“refine”,然后是另一个<import expression>。注意,我们的定义允许嵌套表达式。因此,可以有例外的例外情况、对细化的细化,甚至对例外的细化,等等。
The semantics for the except operator is as follows: The result of an except operation is another <import-term>. The resulting policy set contains the policies of the right hand side but their filters are modified to only include the routes also matched by the left hand side. The policies of the left hand side are included afterwards and their filters are modified to exclude the routes matched by the right hand side. Please note that the filters are modified during this process but the actions are copied verbatim. When there are multiple levels of nesting, the operations (both except and refine) are performed right to left.
except操作符的语义如下:except操作的结果是另一个<import term>。生成的策略集包含右侧的策略,但其筛选器已修改为仅包含左侧也匹配的路由。之后将包括左侧的策略,并修改其过滤器以排除右侧匹配的路由。请注意,在此过程中会修改筛选器,但会逐字复制操作。当存在多个嵌套级别时,将从右向左执行操作(除和优化)。
Consider the following example:
考虑下面的例子:
import: from AS1 action pref = 1; accept as-foo;
except {
from AS2 action pref = 2; accept AS226;
except {
from AS3 action pref = 3; accept {128.9.0.0/16};
}
}
import: from AS1 action pref = 1; accept as-foo;
except {
from AS2 action pref = 2; accept AS226;
except {
from AS3 action pref = 3; accept {128.9.0.0/16};
}
}
where the route 128.9.0.0/16 is originated by AS226, and AS226 is a member of the as set as-foo. In this example, the route 128.9.0.0/16 is accepted from AS3, any other route (not 128.9.0.0/16) originated by AS226 is accepted from AS2, and any other ASes' routes in as-foo is accepted from AS1.
其中,路由128.9.0.0/16由AS226发起,而AS226是as set as foo的成员。在本例中,从AS3接受路由128.9.0.0/16,从AS2接受由AS226发起的任何其他路由(不是128.9.0.0/16),从AS1接受as foo中的任何其他ASE路由。
We can come to the same conclusion using the algebra defined above. Consider the inner exception specification:
使用上面定义的代数,我们可以得出相同的结论。考虑内部异常规范:
from AS2 action pref = 2; accept AS226;
except {
from AS3 action pref = 3; accept {128.9.0.0/16};
}
from AS2 action pref = 2; accept AS226;
except {
from AS3 action pref = 3; accept {128.9.0.0/16};
}
is equivalent to
相当于
{
from AS3 action pref = 3; accept AS226 AND {128.9.0.0/16};
from AS2 action pref = 2; accept AS226 AND NOT {128.9.0.0/16};
}
{
from AS3 action pref = 3; accept AS226 AND {128.9.0.0/16};
from AS2 action pref = 2; accept AS226 AND NOT {128.9.0.0/16};
}
Hence, the original expression is equivalent to:
因此,原始表达式相当于:
import: from AS1 action pref = 1; accept as-foo;
except {
from AS3 action pref = 3;
accept AS226 AND {128.9.0.0/16};
from AS2 action pref = 2;
accept AS226 AND NOT {128.9.0.0/16};
}
import: from AS1 action pref = 1; accept as-foo;
except {
from AS3 action pref = 3;
accept AS226 AND {128.9.0.0/16};
from AS2 action pref = 2;
accept AS226 AND NOT {128.9.0.0/16};
}
which is equivalent to
这相当于
import: {
from AS3 action pref = 3;
accept as-foo AND AS226 AND {128.9.0.0/16};
from AS2 action pref = 2;
accept as-foo AND AS226 AND NOT {128.9.0.0/16};
from AS1 action pref = 1;
accept as-foo AND NOT
(AS226 AND NOT {128.9.0.0/16} OR
AS226 AND {128.9.0.0/16});
}
import: {
from AS3 action pref = 3;
accept as-foo AND AS226 AND {128.9.0.0/16};
from AS2 action pref = 2;
accept as-foo AND AS226 AND NOT {128.9.0.0/16};
from AS1 action pref = 1;
accept as-foo AND NOT
(AS226 AND NOT {128.9.0.0/16} OR
AS226 AND {128.9.0.0/16});
}
Since AS226 is in as-foo and 128.9.0.0/16 is in AS226, it simplifies to:
由于AS226在as foo中,而128.9.0.0/16在AS226中,因此它简化为:
import: {
from AS3 action pref = 3; accept {128.9.0.0/16};
from AS2 action pref = 2;
accept AS226 AND NOT {128.9.0.0/16};
from AS1 action pref = 1; accept as-foo AND NOT AS226;
}
import: {
from AS3 action pref = 3; accept {128.9.0.0/16};
from AS2 action pref = 2;
accept AS226 AND NOT {128.9.0.0/16};
from AS1 action pref = 1; accept as-foo AND NOT AS226;
}
In the case of the refine operator, the resulting set is constructed by taking the cartasian product of the two sides as follows: for each policy l in the left hand side and for each policy r in the right hand side, the peerings of the resulting policy are the peerings
对于refine操作符,结果集通过如下方式获取两侧的cartasian乘积来构造:对于左侧的每个策略l和右侧的每个策略r,结果策略的对等是对等
common to both r and l; the filter of the resulting policy is the intersection of l's filter and r's filter; and action of the resulting policy is l's action followed by r's action. If there are no common peerings, or if the intersection of filters is empty, a resulting policy is not generated.
r和l都通用;结果策略的过滤器是l的过滤器和r的过滤器的交集;由此产生的策略的作用是l的作用,然后是r的作用。如果没有公共对等,或者筛选器的交集为空,则不会生成结果策略。
Consider the following example:
考虑下面的例子:
import: { from AS-ANY action pref = 1;
accept community.contains({3560,10});
from AS-ANY action pref = 2;
accept community.contains({3560,20});
} refine {
from AS1 accept AS1;
from AS2 accept AS2;
from AS3 accept AS3;
}
import: { from AS-ANY action pref = 1;
accept community.contains({3560,10});
from AS-ANY action pref = 2;
accept community.contains({3560,20});
} refine {
from AS1 accept AS1;
from AS2 accept AS2;
from AS3 accept AS3;
}
Here, any route with community {3560,10} is assigned a preference of 1 and any route with community {3560,20} is assigned a preference of 2 regardless of whom they are imported from. However, only AS1's routes are imported from AS1, and only AS2's routes are imported from AS2, and only AS3's routes are imported form AS3, and no routes are imported from any other AS. We can reach the same conclusion using the above algebra. That is, our example is equivalent to:
这里,任何具有社区{3560,10}的路由都被指定为首选项1,任何具有社区{3560,20}的路由都被指定为首选项2,而不管它们是从谁导入的。但是,只有AS1的路由从AS1导入,只有AS2的路由从AS2导入,只有AS3的路由从AS3导入,没有路由从任何其他AS导入。利用上述代数,我们可以得出相同的结论。也就是说,我们的示例相当于:
import: {
from AS1 action pref = 1;
accept community.contains({3560,10}) AND AS1;
from AS1 action pref = 2;
accept community.contains({3560,20}) AND AS1;
from AS2 action pref = 1;
accept community.contains({3560,10}) AND AS2;
from AS2 action pref = 2;
accept community.contains({3560,20}) AND AS2;
from AS3 action pref = 1;
accept community.contains({3560,10}) AND AS3;
from AS3 action pref = 2;
accept community.contains({3560,20}) AND AS3;
}
import: {
from AS1 action pref = 1;
accept community.contains({3560,10}) AND AS1;
from AS1 action pref = 2;
accept community.contains({3560,20}) AND AS1;
from AS2 action pref = 1;
accept community.contains({3560,10}) AND AS2;
from AS2 action pref = 2;
accept community.contains({3560,20}) AND AS2;
from AS3 action pref = 1;
accept community.contains({3560,10}) AND AS3;
from AS3 action pref = 2;
accept community.contains({3560,20}) AND AS3;
}
Note that the common peerings between "from AS1" and "from AS-ANY" are those peerings in "from AS1". Even though we do not formally define "common peerings", it is straight forward to deduce the definition from the definitions of peerings (please see Section 6.1.1).
请注意,“来自AS1”和“来自AS-ANY”之间的常见对等是“来自AS1”中的对等。尽管我们没有正式定义“公共对等”,但直接从对等的定义中推断出定义(请参见第6.1.1节)。
Consider the following example:
考虑下面的例子:
import: {
from AS-ANY action med = 0; accept {0.0.0.0/0^0-18};
} refine {
from AS1 at 7.7.7.1 action pref = 1; accept AS1;
from AS1 action pref = 2; accept AS1;
}
import: {
from AS-ANY action med = 0; accept {0.0.0.0/0^0-18};
} refine {
from AS1 at 7.7.7.1 action pref = 1; accept AS1;
from AS1 action pref = 2; accept AS1;
}
where only routes of length 0 to 18 are accepted and med's value is set to 0 to disable med's effect for all peerings; In addition, from AS1 only AS1's routes are imported, and AS1's routes imported at 7.7.7.1 are preferred over other peerings. This is equivalent to:
其中只接受长度为0到18的路由,并且med的值设置为0,以禁用所有对等的med效果;此外,从AS1只导入AS1的路由,在7.7.7.1中导入的AS1路由优先于其他对等路由。这相当于:
import: {
from AS1 at 7.7.7.1 action med=0; pref=1;
accept {0.0.0.0/0^0-18} AND AS1;
from AS1 action med=0; pref=2; accept {0.0.0.0/0^0-18} AND AS1;
import: {
from AS1 at 7.7.7.1 action med=0; pref=1;
accept {0.0.0.0/0^0-18} AND AS1;
from AS1 action med=0; pref=2; accept {0.0.0.0/0^0-18} AND AS1;
The above syntax and semantics also apply equally to structured export policies with "from" replaced with "to" and "accept" is replaced with "announce".
上述语法和语义同样适用于结构化出口政策,其中“from”替换为“to”,而“accept”替换为“annound”。
7 dictionary Class
7字典课
The dictionary class provides extensibility to RPSL. Dictionary objects define routing policy attributes, types, and routing protocols. Routing policy attributes, henceforth called rp-attributes, may correspond to actual protocol attributes, such as the BGP path attributes (e.g. community, dpa, and AS-path), or they may correspond to router features (e.g. BGP route flap damping). As new protocols, new protocol attributes, or new router features are introduced, the dictionary object is updated to include appropriate rp-attribute and protocol definitions.
dictionary类提供了RPSL的扩展性。字典对象定义路由策略属性、类型和路由协议。路由策略属性(此后称为rp属性)可对应于实际协议属性,例如BGP路径属性(例如,社区、dpa和as路径),或者它们可对应于路由器特征(例如,BGP路由)。随着新协议、新协议属性或新路由器功能的引入,字典对象将更新,以包括适当的rp属性和协议定义。
An rp-attribute is an abstract class; that is a data representation is not available. Instead, they are accessed through access methods. For example, the rp-attribute for the BGP AS-path attribute is called aspath; and it has an access method called prepend which stuffs extra AS numbers to the AS-path attributes. Access methods can take arguments. Arguments are strongly typed. For example, the method prepend above takes AS numbers as argument.
rp属性是一个抽象类;这是一种不可用的数据表示形式。相反,它们是通过访问方法访问的。例如,BGP AS path属性的rp属性称为aspath;它有一个名为prepend的访问方法,它将额外的AS编号填充到AS路径属性中。访问方法可以接受参数。参数是强类型的。例如,上面的方法prepend将AS数字作为参数。
Once an rp-attribute is defined in the dictionary, it can be used to describe policy filters and actions. Policy analysis tools are required to fetch the dictionary object and recognize newly defined rp-attributes, types, and protocols. The analysis tools may approximate policy analyses on rp-attributes that they do not
一旦在字典中定义了rp属性,它就可以用来描述策略过滤器和操作。需要策略分析工具来获取dictionary对象并识别新定义的rp属性、类型和协议。分析工具可能会对rp属性进行近似的政策分析,但它们不会
understand: a filter method may always match, and an action method may always perform no-operation. Analysis tools may even download code to perform appropriate operations using mechanisms outside the scope of RPSL.
理解:筛选器方法可能始终匹配,而操作方法可能始终不执行任何操作。分析工具甚至可以下载代码,使用RPSL范围之外的机制执行适当的操作。
We next describe the syntax and semantics of the dictionary class. This description is not essential for understanding dictionary objects (but it is essential for creating one). Please feel free to skip to the RPSL Initial Dictionary subsection (Section 7.1).
接下来我们将描述dictionary类的语法和语义。此描述对于理解字典对象不是必需的(但对于创建字典对象是必需的)。请随时跳到RPSL初始字典小节(第7.1节)。
The attributes of the dictionary class are shown in Figure 18. The dictionary attribute is the name of the dictionary object, obeying the RPSL naming rules. There can be many dictionary objects, however there is always one well-known dictionary object "RPSL". All tools use this dictionary by default.
dictionary类的属性如图18所示。dictionary属性是dictionary对象的名称,遵循RPSL命名规则。可以有许多字典对象,但是始终有一个著名的字典对象“RPSL”。默认情况下,所有工具都使用此词典。
The rp-attribute attribute has the following syntax:
rp属性具有以下语法:
Attribute Value Type dictionary <object-name> mandatory, single-valued, class key rp-attribute see description in text optional, multi valued typedef see description in text optional, multi valued protocol see description in text optional, multi valued
属性值类型字典<对象名称>必填,单值,类键rp属性请参见文本中的说明可选,多值类型定义请参见文本中的说明可选,多值协议请参见文本中的说明可选,多值
Figure 18: dictionary Class Attributes
图18:字典类属性
rp-attribute: <name>
<method-1>(<type-1-1>, ..., <type-1-N1> [, "..."])
...
<method-M>(<type-M-1>, ..., <type-M-NM> [, "..."])
rp-attribute: <name>
<method-1>(<type-1-1>, ..., <type-1-N1> [, "..."])
...
<method-M>(<type-M-1>, ..., <type-M-NM> [, "..."])
where <name> is the name of the rp-attribute; and <method-i> is the name of an access method for the rp-attribute, taking Ni arguments where the j-th argument is of type <type-i-j>. A method name is either an RPSL name or one of the operators defined in Figure 19. The operator methods with the exception of operator() and operator[] can take only one argument.
其中<name>是rp属性的名称;<method-i>是rp属性的访问方法的名称,使用Ni参数,其中第j个参数的类型为<type-i-j>。方法名称可以是RPSL名称,也可以是图19中定义的运算符之一。运算符方法(运算符()和运算符[]除外)只能接受一个参数。
operator= operator==
operator<<= operator<
operator>>= operator>
operator+= operator>=
operator-= operator<=
operator*= operator!=
operator/= operator()
operator.= operator[]
operator= operator==
operator<<= operator<
operator>>= operator>
operator+= operator>=
operator-= operator<=
operator*= operator!=
operator/= operator()
operator.= operator[]
Figure 19: Operators
图19:运营商
An rp-attribute can have many methods defined for it. Some of the methods may even have the same name, in which case their arguments are of different types. If the argument list is followed by "...", the method takes a variable number of arguments. In this case, the actual arguments after the Nth argument are of type <type-N>.
rp属性可以定义许多方法。有些方法甚至可能具有相同的名称,在这种情况下,它们的参数具有不同的类型。如果参数列表后面跟着“…”,则该方法将采用数量可变的参数。在本例中,第N个参数后的实际参数的类型为<type-N>。
Arguments are strongly typed. A type of an argument can be one of the predefined types or one of the dictionary defined types. The predefined type names are listed in Figure 20. The integer and the real types can be followed by a lower and an upper bound to specify the set of valid values of the argument. The range specification is optional. We use the ANSI C language conventions for representing integer, real and string values. The enum type is followed by a list of RPSL names which are the valid values of the type. The boolean type can take the values true or false. as_number, ipv4_address, address_prefix and dns_name types are as in Section 2. filter type is a policy filter as in Section 6.
参数是强类型的。参数的类型可以是预定义类型之一,也可以是字典定义的类型之一。预定义的类型名称如图20所示。整数和实数类型后面可以跟一个下限和一个上限,以指定参数的有效值集。范围规格是可选的。我们使用ANSI C语言约定来表示整数、实数和字符串值。枚举类型后面是RPSL名称列表,这些名称是该类型的有效值。布尔类型可以接受true或false值。as_编号、ipv4_地址、地址_前缀和dns_名称类型如第2节所示。筛选器类型是策略筛选器,如第6节所示。
integer[lower, upper] as_number real[lower, upper] ipv4_address enum[name, name, ...] address_prefix string address_prefix_range boolean dns_name rpsl_word filter free_text as_set_name email route_set_name
整数[lower,upper]作为\u数字实数[lower,upper]ipv4地址枚举[name,name,…]地址\u前缀字符串地址\u前缀\u范围布尔dns\u名称rpsl\u单词筛选器自由\u文本作为\u集\u名称电子邮件路由\u集\u名称
Figure 20: Predefined Types
图20:预定义类型
The typedef attribute specifies a dictionary defined type. Its syntax is as follows:
typedef属性指定字典定义的类型。其语法如下:
typedef: <name> union <type-1>, ... , <type-N>
| <name> list [<min_elems>:<max_elems>] of <type>
typedef: <name> union <type-1>, ... , <type-N>
| <name> list [<min_elems>:<max_elems>] of <type>
where <name> is the name of the type being defined and <type-M> is another type name, either predefined or dictionary defined. In the first form, the type defined is either of the types <type-1> through <type-N> (analogous to unions in C[12]). In the second form, the type defined is a list type where the list elements are of <type> and the list contains at least <min_elems> and at most <max_elems> elements. The size specification is optional. In this case, there is no restriction in the number of list elements. A value of a list type is represented as a sequence of elements separated by the character "," and enclosed by the characters "{" and "}".
其中,<name>是所定义类型的名称,<type-M>是另一个预定义或字典定义的类型名称。在第一种形式中,定义的类型是<type-1>到<type-N>中的任何一种类型(类似于C[12]中的并集)。在第二种形式中,定义的类型是列表类型,其中列表元素为<type>,并且列表至少包含<min\u elems>元素,最多包含<max\u elems>元素。尺寸规格是可选的。在这种情况下,列表元素的数量没有限制。列表类型的值表示为由字符“,”分隔并由字符“{”和“}”包围的元素序列。
A protocol attribute of the dictionary class defines a protocol and a set of peering options for that protocol (which are used in inet-rtr class in Section 9). Its syntax is as follows:
dictionary类的protocol属性定义了一个协议和该协议的一组对等选项(在第9节的inet rtr类中使用)。其语法如下:
protocol: <name>
MANDATORY | OPTIONAL <option-1>(<type-1-1>, ...,
<type-1-N1> [, "..."])
...
MANDATORY | OPTIONAL <option-M>(<type-M-1>, ...,
<type-M-NM> [, "..."])
protocol: <name>
MANDATORY | OPTIONAL <option-1>(<type-1-1>, ...,
<type-1-N1> [, "..."])
...
MANDATORY | OPTIONAL <option-M>(<type-M-1>, ...,
<type-M-NM> [, "..."])
where <name> is the name of the protocol; MANDATORY and OPTIONAL are keywords; and <option-i> is a peering option for this protocol, taking Ni many arguments. The syntax and semantics of the arguments are as in the rp-attribute. If the keyword MANDATORY is used the option is mandatory and needs to be specified for each peering of this protocol. If the keyword OPTIONAL is used the option can be skipped.
其中<name>是协议的名称;必填和可选为关键字;而<option-i>是该协议的对等选项,包含许多参数。参数的语法和语义与rp属性中的相同。如果使用关键字MANDATORY,则该选项是强制性的,需要为此协议的每个对等指定。如果使用关键字OPTIONAL,则可以跳过该选项。
dictionary: RPSL rp-attribute: # preference, smaller values represent higher preferences pref operator=(integer[0, 65535]) rp-attribute: # BGP multi_exit_discriminator attribute med operator=(integer[0, 65535]) # to set med to the IGP metric: med = igp_cost; operator=(enum[igp_cost]) rp-attribute: # BGP destination preference attribute (dpa) dpa operator=(integer[0, 65535]) rp-attribute: # BGP aspath attribute aspath # prepends AS numbers from last to first order prepend(as_number, ...)
字典:RPSL rp属性:#首选项,较小的值表示更高的首选项pref运算符=(整数[0,65535])rp属性:#BGP multi_exit_鉴别器属性med运算符=(整数[0,65535])将med设置为IGP度量:med=IGP_成本;运算符=(枚举[igp_cost])rp属性:#BGP目的地首选项属性(dpa)dpa运算符=(整数[0,65535])rp属性:#BGP aspath属性aspath#从最后一个到第一个顺序的前缀作为数字(作为编号,…)
typedef: # a community value in RPSL is either
# - a 4 byte integer
# - internet, no_export, no_advertise (see RFC-1997)
# - two 2-byte integers to be concatanated eg. {3561,70}
community_elm union
integer[1, 4294967200],
enum[internet, no_export, no_advertise],
list[2:2] of integer[0, 65535]
typedef: # list of community values { 40, no_export, {3561,70}}
community_list
list of community_elm
rp-attribute: # BGP community attribute
community
# set to a list of communities
operator=(community_list)
# order independent equality comparison
operator==(community_list)
# append community values
operator.=(community_elm)
append(community_elm, ...)
# delete community values
delete(community_elm, ...)
# a filter: true if one of community values is contained
contains(community_elm, ...)
# shortcut to contains: community(no_export, {3561,70})
operator()(community_elm, ...)
rp-attribute: # next hop router in a static route
next-hop
operator=(ipv4_address) # a router address
operator=(enum[self]) # router's own address
rp-attribute: # cost of a static route
cost
operator=(integer[0, 65535])
protocol: BGP4
# as number of the peer router
MANDATORY asno(as_number)
# enable flap damping
OPTIONAL flap_damp()
OPTIONAL flap_damp(integer[0,65535],# penalty per flap
integer[0,65535],
# penalty value for supression
integer[0,65535],# penalty value for reuse
integer[0,65535],# halflife in secs when up
integer[0,65535],
# halflife in secs when down
integer[0,65535])# maximum penalty
typedef: # a community value in RPSL is either
# - a 4 byte integer
# - internet, no_export, no_advertise (see RFC-1997)
# - two 2-byte integers to be concatanated eg. {3561,70}
community_elm union
integer[1, 4294967200],
enum[internet, no_export, no_advertise],
list[2:2] of integer[0, 65535]
typedef: # list of community values { 40, no_export, {3561,70}}
community_list
list of community_elm
rp-attribute: # BGP community attribute
community
# set to a list of communities
operator=(community_list)
# order independent equality comparison
operator==(community_list)
# append community values
operator.=(community_elm)
append(community_elm, ...)
# delete community values
delete(community_elm, ...)
# a filter: true if one of community values is contained
contains(community_elm, ...)
# shortcut to contains: community(no_export, {3561,70})
operator()(community_elm, ...)
rp-attribute: # next hop router in a static route
next-hop
operator=(ipv4_address) # a router address
operator=(enum[self]) # router's own address
rp-attribute: # cost of a static route
cost
operator=(integer[0, 65535])
protocol: BGP4
# as number of the peer router
MANDATORY asno(as_number)
# enable flap damping
OPTIONAL flap_damp()
OPTIONAL flap_damp(integer[0,65535],# penalty per flap
integer[0,65535],
# penalty value for supression
integer[0,65535],# penalty value for reuse
integer[0,65535],# halflife in secs when up
integer[0,65535],
# halflife in secs when down
integer[0,65535])# maximum penalty
protocol: OSPF protocol: RIP protocol: IGRP protocol: IS-IS protocol: STATIC protocol: RIPng protocol: DVMRP protocol: PIM-DM protocol: PIM-SM protocol: CBT protocol: MOSPF
协议:OSPF协议:RIP协议:IGRP协议:IS-IS协议:静态协议:RIPng协议:DVMRP协议:PIM-DM协议:PIM-SM协议:CBT协议:MOSPF
Figure 21: RPSL Dictionary
图21:RPSL字典
Figure 21 shows the initial RPSL dictionary. It has seven rp-
attributes: pref to assign local preference to the routes accepted;
med to assign a value to the MULTI_EXIT_DISCRIMINATOR BGP attribute;
dpa to assign a value to the DPA BGP attribute; aspath to prepend a
value to the AS_PATH BGP attribute; community to assign a value to or
to check the value of the community BGP attribute; next-hop to assign
next hop routers to static routes; and cost to assign a cost to
static routes. The dictionary defines two types: community_elm and
community_list. community_elm type is either a 4-byte unsigned
integer, or one of the keywords no_export or no_advertise (defined in
[7]), or a list of two 2-byte unsigned integers in which case the two
integers are concatenated to form a 4-byte integer. (The last form
is often used in the Internet to partition the community number
space. A provider uses its AS number as the first two bytes, and
assigns a semantics of its choice to the last two bytes.)
Figure 21 shows the initial RPSL dictionary. It has seven rp-
attributes: pref to assign local preference to the routes accepted;
med to assign a value to the MULTI_EXIT_DISCRIMINATOR BGP attribute;
dpa to assign a value to the DPA BGP attribute; aspath to prepend a
value to the AS_PATH BGP attribute; community to assign a value to or
to check the value of the community BGP attribute; next-hop to assign
next hop routers to static routes; and cost to assign a cost to
static routes. The dictionary defines two types: community_elm and
community_list. community_elm type is either a 4-byte unsigned
integer, or one of the keywords no_export or no_advertise (defined in
[7]), or a list of two 2-byte unsigned integers in which case the two
integers are concatenated to form a 4-byte integer. (The last form
is often used in the Internet to partition the community number
space. A provider uses its AS number as the first two bytes, and
assigns a semantics of its choice to the last two bytes.)
The initial dictionary (Figure 21) defines only options for the Border Gateway Protocol: asno and flap_damp. The mandatory asno option is the AS number of the peer router. The optional flap_damp option instructs the router to damp route flaps[19] when importing routes from the peer router.
初始字典(图21)只定义了边界网关协议的选项:asno和flap\U damp。强制asno选项是对等路由器的AS编号。可选的flap_damp选项指示路由器在从对等路由器导入路由时阻尼路由flap[19]。
It can be specified with or without parameters. If parameters are missing, they default to:
可以使用参数指定,也可以不使用参数指定。如果缺少参数,则默认为:
flap_damp(1000, 2000, 750, 900, 900, 20000)
襟翼阻尼(1000200075090020000)
That is, a penalty of 1000 is assigned at each route flap, the route is suppressed when penalty reaches 2000. The penalty is reduced in half after 15 minutes (900 seconds) of stability regardless of whether the route is up or down. A supressed route is reused when the penalty falls below 750. The maximum penalty a route can be
也就是说,在每个路线襟翼处分配1000的惩罚,当惩罚达到2000时,路线被抑制。在15分钟(900秒)的稳定后,无论路线是向上还是向下,处罚将减半。当惩罚降至750以下时,将重新使用禁止的路由。路线可能受到的最大处罚
assigned is 20,000 (i.e. the maximum suppress time after a route becomes stable is about 75 minutes). These parameters are consistent with the default flap damping parameters in several routers.
分配的时间为20000(即路线稳定后的最大抑制时间约为75分钟)。这些参数与几个路由器中的默认襟翼阻尼参数一致。
Policy Actions and Filters Using RP-Attributes
使用RP属性的策略操作和筛选器
The syntax of a policy action or a filter using an rp-attribute x is as follows:
使用rp属性x的策略操作或筛选器的语法如下所示:
x.method(arguments) x "op" argument
x、 方法(参数)x“op”参数
where method is a method and "op" is an operator method of the rp-attribute x. If an operator method is used in specifying a composite policy filter, it evaluates earlier than the composite policy filter operators (i.e. AND, OR, NOT, and implicit or operator).
其中,method是一个方法,“op”是rp属性x的操作符方法。如果在指定复合策略筛选器时使用运算符方法,则其计算结果早于复合策略筛选器运算符(即AND、OR、NOT和implicit OR运算符)。
The pref rp-attribute can be assigned a positive integer as follows:
pref rp属性可以指定一个正整数,如下所示:
pref = 10;
pref=10;
The med rp-attribute can be assigned either a positive integer or the word "igp_cost" as follows:
med rp属性可以指定为正整数或“igp_成本”一词,如下所示:
med = 0;
med = igp_cost;
med = 0;
med = igp_cost;
The dpa rp-attribute can be assigned a positive integer as follows:
dpa rp属性可以指定一个正整数,如下所示:
dpa = 100;
dpa=100;
The BGP community attribute is list-valued, that is it is a list of 4-byte integers each representing a "community". The following examples demonstrate how to add communities to this rp-attribute:
BGP community属性是列表值的,也就是说,它是一个4字节整数的列表,每个整数表示一个“社区”。以下示例演示如何将社区添加到此rp属性:
community .= 100;
community .= NO_EXPORT;
community .= {3561,10};
community .= 100;
community .= NO_EXPORT;
community .= {3561,10};
In the last case, a 4-byte integer is constructed where the more significant two bytes equal 3561 and the less significant two bytes equal 10. The following examples demonstrate how to delete communities from the community rp-attribute:
在最后一种情况下,构造一个4字节整数,其中较高有效的两个字节等于3561,较低有效的两个字节等于10。以下示例演示如何从“社区rp”属性中删除社区:
community.delete(100, NO_EXPORT, {3561,10});
community.delete(100, NO_EXPORT, {3561,10});
Filters that use the community rp-attribute can be defined as demonstrated by the following examples:
使用community rp属性的过滤器可以通过以下示例进行定义:
community.contains(100, NO_EXPORT, {3561,10});
community(100, NO_EXPORT, {3561,10}); # shortcut
community.contains(100, NO_EXPORT, {3561,10});
community(100, NO_EXPORT, {3561,10}); # shortcut
The community rp-attribute can be set to a list of communities as follows:
“社区rp”属性可以设置为社区列表,如下所示:
community = {100, NO_EXPORT, {3561,10}, 200};
community = {};
community = {100, NO_EXPORT, {3561,10}, 200};
community = {};
In this first case, the community rp-attribute contains the communities 100, NO_EXPORT, {3561,10}, and 200. In the latter case, the community rp-attribute is cleared. The community rp-attribute can be compared against a list of communities as follows:
在第一种情况下,community rp属性包含community 100、NO_EXPORT、{3561,10}和200。在后一种情况下,将清除“社区rp”属性。社区rp属性可与社区列表进行比较,如下所示:
community == {100, NO_EXPORT, {3561,10}, 200}; # exact match
community == {100, NO_EXPORT, {3561,10}, 200}; # exact match
To influence the route selection, the BGP as_path rp-attribute can be made longer by prepending AS numbers to it as follows:
为了影响路由选择,BGP as_path rp属性可以通过在其前面加上数字使其变长,如下所示:
aspath.prepend(AS1);
aspath.prepend(AS1, AS1, AS1);
aspath.prepend(AS1);
aspath.prepend(AS1, AS1, AS1);
The following examples are invalid:
以下示例无效:
med = -50; # -50 is not in the range
med = igp; # igp is not one of the enum values
med.assign(10); # method assign is not defined
community.append({AS3561,20}); # the first argument should be 3561
med = -50; # -50 is not in the range
med = igp; # igp is not one of the enum values
med.assign(10); # method assign is not defined
community.append({AS3561,20}); # the first argument should be 3561
Figure 22 shows a more advanced example using the rp-attribute community. In this example, AS3561 bases its route selection preference on the community attribute. Other ASes may indirectly affect AS3561's route selection by including the appropriate communities in their route announcements.
图22显示了使用rp属性社区的更高级示例。在本例中,AS3561将其路由选择首选项基于社区属性。其他ASE可能通过在其路线公告中包含适当的社区间接影响AS3561的路线选择。
aut-num: AS1
export: to AS2 action community.={3561,90};
to AS3 action community.={3561,80};
announce AS1
aut-num: AS1
export: to AS2 action community.={3561,90};
to AS3 action community.={3561,80};
announce AS1
as-set: AS3561:AS-PEERS members: AS2, AS3
设置:AS3561:as-PEERS成员:AS2、AS3
aut-num: AS3561
import: from AS3561:AS-PEERS
action pref = 10;
accept community.contains({3561,90})
aut-num: AS3561
import: from AS3561:AS-PEERS
action pref = 10;
accept community.contains({3561,90})
import: from AS3561:AS-PEERS
action pref = 20;
accept community.contains({3561,80})
import: from AS3561:AS-PEERS
action pref = 20;
accept community.contains({3561,70})
import: from AS3561:AS-PEERS
action pref = 0;
accept ANY
import: from AS3561:AS-PEERS
action pref = 20;
accept community.contains({3561,80})
import: from AS3561:AS-PEERS
action pref = 20;
accept community.contains({3561,70})
import: from AS3561:AS-PEERS
action pref = 0;
accept ANY
Figure 22: Policy example using the community rp-attribute.
图22:使用community rp属性的策略示例。
8 Advanced route Class
8高级路线班
The components, aggr-bndry, aggr-mtd, export-comps, inject, and holes attributes are used for specifying aggregate routes [9]. A route object specifies an aggregate route if any of these attributes, with the exception of inject, is specified. The origin attribute for an aggregate route is the AS performing the aggregation, i.e. the aggregator AS. In this section, we used the term "aggregate" to refer to the route generated, the term "component" to refer to the routes used to generate the path attributes of the aggregate, and the term "more specifics" to refer to any route which is a more specific of the aggregate regardless of whether it was used to form the path attributes.
组件、aggr bndry、aggr mtd、导出组件、注入和孔属性用于指定聚合路由[9]。如果指定了这些属性中的任何一个(inject除外),则route对象将指定聚合路由。聚合路由的原始属性是执行聚合的AS,即聚合器AS。在本节中,我们使用术语“聚合”来指代生成的路由,“组件”来指代用于生成聚合路径属性的路由,而术语“更具体”则指代更具体的聚合路径,无论其是否用于形成路径属性。
The components attribute defines what component routes are used to form the aggregate. Its syntax is as follows:
components属性定义用于形成聚合的组件路由。其语法如下:
components: [ATOMIC] [[protocol <protocol>] <filter>
[protocol <protocol> <filter> ...]]
components: [ATOMIC] [[protocol <protocol>] <filter>
[protocol <protocol> <filter> ...]]
where <protocol> is a routing protocol name such as BGP, OSPF or RIP (valid names are defined in the dictionary) and <filter> is a policy expression. The routes that match one of these filters and are learned from the corresponding protocol are used to form the aggregate. If <protocol> is omitted, it defaults to any protocol. <filter> implicitly contains an "AND" term with the more specifics of the aggregate so that only the component routes are selected. If the keyword ATOMIC is used, the aggregation is done atomically [9]. If a <filter> is not specified it defaults to more specifics. If the components attribute is missing, all more specifics without the ATOMIC keyword is used.
其中,<protocol>是路由协议名称,如BGP、OSPF或RIP(有效名称在字典中定义),而<filter>是策略表达式。匹配其中一个过滤器并从相应协议学习的路由用于形成聚合。如果省略<protocol>,则默认为任何协议<filter>隐式包含一个“AND”术语,该术语包含聚合的更多细节,因此仅选择组件路由。如果使用关键字ATOMIC,则聚合将以原子方式进行[9]。如果未指定<filter>,则默认为更详细。如果缺少components属性,则使用不带原子关键字的所有详细信息。
route: 128.8.0.0/15
origin: AS1
components: <^AS2>
route: 128.8.0.0/15
origin: AS1
components: <^AS2>
route: 128.8.0.0/15
origin: AS1
components: protocol BGP {128.8.0.0/16^+}
protocol OSPF {128.9.0.0/16^+}
route: 128.8.0.0/15
origin: AS1
components: protocol BGP {128.8.0.0/16^+}
protocol OSPF {128.9.0.0/16^+}
Figure 23: Two aggregate route objects.
图23:两个聚合路由对象。
Figure 23 shows two route objects. In the first example, more specifics of 128.8.0.0/15 with AS paths starting with AS2 are aggregated. In the second example, some routes learned from BGP and some routes learned form OSPF are aggregated.
图23显示了两个路由对象。在第一个示例中,汇总了128.8.0.0/15中以AS2开头的AS路径的更多细节。在第二个示例中,从BGP学习的一些路由和从OSPF学习的一些路由被聚合。
The aggr-bndry attribute is an expression over AS numbers and sets using operators AND, OR, and NOT. The result defines the set of ASes which form the aggregation boundary. If the aggr-bndry attribute is missing, the origin AS is the sole aggregation boundary. Outside the aggregation boundary, only the aggregate is exported and more specifics are suppressed. However, within the boundary, the more specifics are also exchanged.
aggr bndry属性是使用and、OR和NOT运算符表示为数字和集合的表达式。结果定义了构成聚合边界的ASE集。如果缺少aggr bndry属性,则原点AS是唯一的聚合边界。在聚合边界之外,仅导出聚合,并抑制更多细节。然而,在边界内,也交换了更多的细节。
The aggr-mtd attribute specifies how the aggregate is generated. Its syntax is as follow:
aggr mtd属性指定如何生成聚合。其语法如下:
aggr-mtd: inbound | outbound [<as-expression>]
aggr mtd:入站|出站[<as expression>]
where <as-expression> is an expression over AS numbers and sets using operators AND, OR, and NOT. If <as-expression> is missing, it defaults to AS-ANY. If outbound aggregation is specified, the more specifics of the aggregate will be present within the AS and the aggregate will be formed at all inter-AS boundaries with ASes in <as-expression> before export, except for ASes that are within the aggregating boundary (i.e. aggr-bndry is enforced regardless of <as-expression>). If inbound aggregation is specified, the aggregate is formed at all inter-AS boundaries prior to importing routes into the aggregator AS. Note that <as-expression> can not be specified with inbound aggregation. If aggr-mtd attribute is missing, it defaults to "outbound AS-ANY".
其中,<as expression>是使用运算符and、OR和NOT表示as数字和集合的表达式。如果缺少<as expression>,则默认为as-ANY。如果指定了出站聚合,则聚合的更多细节将出现在AS中,并且在导出之前,聚合将在所有AS间边界与<AS expression>中的ASE形成,但聚合边界内的ASE除外(即,无论<AS expression>如何,aggr bndry都是强制的)。如果指定了入站聚合,则在将路由导入聚合器AS之前,将在所有AS间边界处形成聚合。请注意,<as expression>不能与入站聚合一起指定。如果缺少aggr mtd属性,则默认为“outbound AS-ANY”。
route: 128.8.0.0/15 route: 128.8.0.0/15
origin: AS1 origin: AS2
components: {128.8.0.0/15^-} components: {128.8.0.0/15^-}
aggr-bndry: AS1 OR AS2 aggr-bndry: AS1 OR AS2
aggr-mtd: outbound AS-ANY aggr-mtd: outbound AS-ANY
route: 128.8.0.0/15 route: 128.8.0.0/15
origin: AS1 origin: AS2
components: {128.8.0.0/15^-} components: {128.8.0.0/15^-}
aggr-bndry: AS1 OR AS2 aggr-bndry: AS1 OR AS2
aggr-mtd: outbound AS-ANY aggr-mtd: outbound AS-ANY
Figure 24: Outbound multi-AS aggregation example.
图24:出站多重聚合示例。
Figure 24 shows an example of an outbound aggregation. In this example, AS1 and AS2 are coordinating aggregation and announcing only the less specific 128.8.0.0/15 to outside world, but exchanging more specifics between each other. This form of aggregation is useful when some of the components are within AS1 and some are within AS2.
图24显示了出站聚合的示例。在本例中,AS1和AS2正在协调聚合,并向外部世界仅宣布不太具体的128.8.0.0/15,但彼此之间交换更多细节。当一些组件在AS1中,一些组件在AS2中时,这种聚合形式很有用。
When a set of routes are aggregated, the intent is to export only the aggregate route and suppress exporting of the more specifics outside the aggregation boundary. However, to satisfy certain policy and topology constraints (e.g. a multi-homed component), it is often required to export some of the components. The export-comps attribute equals an RPSL filter that matches the more specifics that need to be exported outside the aggregation boundary. If this attribute is missing, more specifics are not exported outside the aggregation boundary. Note that, the export-comps filter contains an implicit "AND" term with the more specifics of the aggregate.
聚合一组路由时,目的是仅导出聚合路由,并禁止导出聚合边界之外的更多细节。但是,为了满足某些策略和拓扑约束(例如多宿主组件),通常需要导出某些组件。export comps属性等于一个RPSL筛选器,该筛选器与需要导出到聚合边界之外的更多细节相匹配。如果缺少此属性,则不会将更多细节导出到聚合边界之外。请注意,export comps筛选器包含一个隐含的“AND”术语,其中包含更详细的聚合。
Figure 25 shows an example of an outbound aggregation. In this example, the more specific 128.8.8.0/24 is exported outside AS1 in addition to the aggregate. This is useful, when 128.8.8.0/24 is multi-homed site to AS1 with some other AS.
图25显示了出站聚合的示例。在本例中,除了聚合之外,还将更具体的128.8.8.0/24导出到AS1之外。当128.8.8.0/24是AS1与其他AS的多宿主站点时,这非常有用。
route: 128.8.0.0/15
origin: AS1
components: {128.8.0.0/15^-}
aggr-mtd: outbound AS-ANY
export-comps: {128.8.8.0/24}
route: 128.8.0.0/15
origin: AS1
components: {128.8.0.0/15^-}
aggr-mtd: outbound AS-ANY
export-comps: {128.8.8.0/24}
Figure 25: Outbound aggregation with export exception.
图25:带导出异常的出站聚合。
The inject attribute specifies which routers perform the aggregation and when they perform it. Its syntax is as follow:
inject属性指定哪些路由器执行聚合以及何时执行聚合。其语法如下:
inject: [at <router-expression>] ...
[action <action>]
[upon <condition>]
inject: [at <router-expression>] ...
[action <action>]
[upon <condition>]
where <action> is an action specification (see Section 6.1.2), <condition> is a boolean expression described below, and<router-expression> is an expression over router IP addresses and DNS names using operators AND, OR, and NOT. The DNS name can only be used if there is an inet-rtr object for that name that binds the name to IP addresses.
其中,<action>是一个操作规范(见第6.1.2节),<condition>是一个如下所述的布尔表达式,<router expression>是一个使用运算符and、OR和NOT的路由器IP地址和DNS名称上的表达式。只有当DNS名称的inet rtr对象将该名称绑定到IP地址时,才能使用该DNS名称。
All routers in <router-expression> and in the aggregator AS perform the aggregation. If a <router-expression> is not specified, all routers inside the aggregator AS perform the aggregation. The <action> specification may set path attributes of the aggregate, such as assign a preferences to the aggregate.
<router expression>和聚合器AS中的所有路由器都执行聚合。如果未指定<router expression>,则聚合器AS中的所有路由器都将执行聚合。<action>规范可以设置聚合的路径属性,例如为聚合分配首选项。
The upon clause is a boolean condition. The aggregate is generated if and only if this condition is true. <condition> is a boolean expression using the logical operators AND and OR (i.e. operator NOT is not allowed) over:
ON子句是一个布尔条件。当且仅当此条件为真时,才会生成聚合<condition>是一个布尔表达式,使用逻辑运算符AND AND OR(即不允许使用运算符NOT):
HAVE-COMPONENTS { list of prefixes }
EXCLUDE { list of prefixes }
STATIC
HAVE-COMPONENTS { list of prefixes }
EXCLUDE { list of prefixes }
STATIC
The list of prefixes in HAVE-COMPONENTS can only be more specifics of the aggregate. It evaluates to true when all the prefixes listed are present in the routing table of the aggregating router. The list can also include prefix ranges (i.e. using operators ^-, ^+, ^n, and ^n-m). In this case, at least one prefix from each prefix range needs to be present in the routing table for the condition to be true. The list of prefixes in EXCLUDE can be arbitrary. It evaluates to true when none of the prefixes listed is present in the routing table. The list can also include prefix ranges, and no prefix in that range should be present in the routing table. The keyword static always evaluates to true. If no upon clause is specified the aggregate is generated if an only if there is a component in the routing table (i.e. a more specific that matches the filter in the components attribute).
HAS-COMPONENTS中的前缀列表只能是聚合的更多细节。当聚合路由器的路由表中存在列出的所有前缀时,它的计算结果为true。该列表还可以包括前缀范围(即使用运算符^-、^+、^n和^n-m)。在这种情况下,路由表中需要至少存在每个前缀范围中的一个前缀,以使条件为真。排除中的前缀列表可以是任意的。当路由表中不存在列出的前缀时,其计算结果为true。该列表还可以包括前缀范围,路由表中不应存在该范围内的前缀。关键字static的计算结果始终为true。如果未指定ON子句,则仅当路由表中存在组件(即,与组件属性中的筛选器匹配的更具体组件)时,才会生成聚合。
route: 128.8.0.0/15
origin: AS1
components: {128.8.0.0/15^-}
aggr-mtd: outbound AS-ANY
inject: at 1.1.1.1 action dpa = 100;
inject: at 1.1.1.2 action dpa = 110;
route: 128.8.0.0/15
origin: AS1
components: {128.8.0.0/15^-}
aggr-mtd: outbound AS-ANY
inject: at 1.1.1.1 action dpa = 100;
inject: at 1.1.1.2 action dpa = 110;
route: 128.8.0.0/15
origin: AS1
components: {128.8.0.0/15^-}
aggr-mtd: outbound AS-ANY
route: 128.8.0.0/15
origin: AS1
components: {128.8.0.0/15^-}
aggr-mtd: outbound AS-ANY
inject: upon HAVE-COMPONENTS {128.8.0.0/16, 128.9.0.0/16}
holes: 128.8.8.0/24
inject: upon HAVE-COMPONENTS {128.8.0.0/16, 128.9.0.0/16}
holes: 128.8.8.0/24
Figure 26: Examples of inject.
图26:注入的示例。
Figure 26 shows two examples. In the first case, the aggregate is injected at two routers each one setting the dpa path attribute differently. In the second case, the aggregate is generated only if both 128.8.0.0/16 and 128.9.0.0/16 are present in the routing table, as opposed to the first case where the presence of just one of them is sufficient for injection.
图26显示了两个示例。在第一种情况下,在两个路由器上注入聚合,每个路由器设置不同的dpa路径属性。在第二种情况下,仅当路由表中同时存在128.8.0.0/16和128.9.0.0/16时才生成聚合,而在第一种情况下,仅存在其中一个就足以进行注入。
The holes attribute lists the component address prefixes which are not reachable through the aggregate route (perhaps that part of the address space is unallocated). The holes attribute is useful for diagnosis purposes. In Figure 26, the second example has a hole, namely 128.8.8.0/24. This may be due to a customer changing providers and taking this part of the address space with it.
“孔”属性列出了无法通过聚合路由访问的组件地址前缀(可能是地址空间的该部分未分配)。“孔”属性对于诊断非常有用。在图26中,第二个示例有一个孔,即128.8.8.0/24。这可能是由于客户更换了提供商并占用了这部分地址空间。
An aggregate formed is announced to other ASes only if the export policies of the AS allows exporting the aggregate. When the aggregate is formed, the more specifics are suppressed from being exported except to the ASes in aggr-bndry and except the components in export-comps. For such exceptions to happen, the export policies of the AS should explicitly allow exporting of these exceptions.
只有当AS的出口政策允许出口骨料时,才会向其他AS公布形成的骨料。形成骨料后,除aggr bndry中的ASE和导出组件外,禁止导出更多细节。对于此类例外情况,AS的出口政策应明确允许出口这些例外情况。
If an aggregate is not formed (due to the upon clause), then the more specifics of the aggregate can be exported to other ASes, but only if the export policies of the AS allows it. In other words, before a route (aggregate or more specific) is exported it is filtered twice, once based on the route objects, and once based on the export policies of the AS.
如果未形成聚合(由于ON条款),则聚合的更多细节可以导出到其他ASE,但前提是AS的导出策略允许。换句话说,在导出路由(聚合或更具体)之前,将对其进行两次过滤,一次基于路由对象,一次基于AS的导出策略。
route: 128.8.0.0/16 origin: AS1
路线:128.8.0.0/16起点:AS1
route: 128.9.0.0/16 origin: AS1
路线:128.9.0.0/16起点:AS1
route: 128.8.0.0/15
origin: AS1
aggr-bndry: AS1 or AS2 or AS3
aggr-mtd: outbound AS3 or AS4 or AS5
components: {128.8.0.0/16, 128.9.0.0/16}
inject: upon HAVE-COMPONENTS {128.9.0.0/16, 128.8.0.0/16}
route: 128.8.0.0/15
origin: AS1
aggr-bndry: AS1 or AS2 or AS3
aggr-mtd: outbound AS3 or AS4 or AS5
components: {128.8.0.0/16, 128.9.0.0/16}
inject: upon HAVE-COMPONENTS {128.9.0.0/16, 128.8.0.0/16}
aut-num: AS1
export: to AS2 announce AS1
export: to AS3 announce AS1 and not {128.9.0.0/16}
export: to AS4 announce AS1
export: to AS5 announce AS1
export: to AS6 announce AS1
aut-num: AS1
export: to AS2 announce AS1
export: to AS3 announce AS1 and not {128.9.0.0/16}
export: to AS4 announce AS1
export: to AS5 announce AS1
export: to AS6 announce AS1
Figure 27: Interaction with policies in aut-num class.
图27:aut num类中与策略的交互。
In Figure 27 shows an interaction example. By examining the route objects, the more specifics 128.8.0.0/16 and 128.9.0.0/16 should be exchanged between AS1, AS2 and AS3 (i.e. the aggregation boundary). Outbound aggregation is done to AS4 and AS5 and not to AS3, since AS3 is in the aggregation boundary. The aut-num object allows exporting both components to AS2, but only the component 128.8.0.0/16 to AS3. The aggregate can only be formed if both components are available. In this case, only the aggregate is announced to AS4 and AS5. However, if one of the components is not available the aggregate will not be formed, and any available component or more specific will be exported to AS4 and AS5. Regardless of aggregation is performed or not, only the more specifics will be exported to AS6 (it is not listed in the aggr-mtd attribute).
图27显示了一个交互示例。通过检查路由对象,应在AS1、AS2和AS3(即聚合边界)之间交换更详细的128.8.0.0/16和128.9.0.0/16。出站聚合是针对AS4和AS5进行的,而不是针对AS3,因为AS3位于聚合边界中。aut num对象允许将两个组件导出到AS2,但仅将组件128.8.0.0/16导出到AS3。只有当两个组件都可用时,才能形成骨料。在这种情况下,仅向AS4和AS5公布合计数。但是,如果其中一个组件不可用,则不会形成骨料,任何可用组件或更具体的组件将导出到AS4和AS5。无论是否执行聚合,只有更多的细节将导出到AS6(它未在aggr mtd属性中列出)。
When doing an inbound aggregation, configuration generators may eliminating the aggregation statements on routers where import policy of the AS prohibits importing of any more specifics.
在执行入站聚合时,配置生成器可能会在AS的导入策略禁止导入任何更多细节的路由器上消除聚合语句。
When several aggregate routes are specified and they overlap, i.e. one is less specific of the other, they must be evaluated more specific to less specific order. When an aggregation is performed, the aggregate and the components listed in the export-comps attribute are available for generating the next less specific aggregate. The components that are not specified in the export-comps attribute are not available. A route is exportable to an AS if it is the least specific aggregate exportable to that AS or it is listed in the export-comps attribute of an exportable route. Note that this is a recursive definition.
当指定了多条聚合路线且它们重叠时,即一条路线与另一条路线的特定性较低,则必须对其进行评估,使其更适合于不太特定的顺序。执行聚合时,“导出组件”属性中列出的聚合和组件可用于生成下一个不太特定的聚合。“导出组件”属性中未指定的组件不可用。路由可导出到,就好像它是可导出到该AS的最小特定聚合,或者它列在可导出路由的导出comps属性中一样。请注意,这是一个递归定义。
route: 128.8.0.0/15
origin: AS1
aggr-bndry: AS1 or AS2
aggr-mtd: outbound
inject: upon HAVE-COMPONENTS {128.8.0.0/16, 128.9.0.0/16}
route: 128.8.0.0/15
origin: AS1
aggr-bndry: AS1 or AS2
aggr-mtd: outbound
inject: upon HAVE-COMPONENTS {128.8.0.0/16, 128.9.0.0/16}
route: 128.10.0.0/15
origin: AS1
aggr-bndry: AS1 or AS3
aggr-mtd: outbound
inject: upon HAVE-COMPONENTS {128.10.0.0/16, 128.11.0.0/16}
export-comps: {128.11.0.0/16}
route: 128.10.0.0/15
origin: AS1
aggr-bndry: AS1 or AS3
aggr-mtd: outbound
inject: upon HAVE-COMPONENTS {128.10.0.0/16, 128.11.0.0/16}
export-comps: {128.11.0.0/16}
route: 128.8.0.0/14
origin: AS1
aggr-bndry: AS1 or AS2 or AS3
aggr-mtd: outbound
inject: upon HAVE-COMPONENTS {128.8.0.0/15, 128.10.0.0/15}
export-comps: {128.10.0.0/15}
route: 128.8.0.0/14
origin: AS1
aggr-bndry: AS1 or AS2 or AS3
aggr-mtd: outbound
inject: upon HAVE-COMPONENTS {128.8.0.0/15, 128.10.0.0/15}
export-comps: {128.10.0.0/15}
Figure 28: Overlapping aggregations.
图28:重叠聚合。
In Figure 28, AS1 together with AS2 aggregates 128.8.0.0/16 and 128.9.0.0/16 into 128.8.0.0/15. Together with AS3, AS1 aggregates 128.10.0.0/16 and 128.11.0.0/16 into 128.10.0.0/15. But altogether they aggregate these four routes into 128.8.0.0/14. Assuming all four components are available, a router in AS1 for an outside AS, say AS4, will first generate 128.8.0.0/15 and 128.10.0.0/15. This will make 128.8.0.0/15, 128.10.0.0/15 and its exception 128.11.0.0/16 available for generating 128.8.0.0/14. The router will then generate 128.8.0.0/14 from these three routes. Hence for AS4, 128.8.0.0/14 and its exception 128.10.0.0/15 and its exception 128.11.0.0/16 will be exportable.
在图28中,AS1和AS2将128.8.0.0/16和128.9.0.0/16聚合为128.8.0.0/15。AS1与AS3一起将128.10.0.0/16和128.11.0.0/16聚合为128.10.0.0/15。但他们将这四条路线合计为128.8.0.0/14。假设所有四个组件都可用,AS1中用于外部AS(如AS4)的路由器将首先生成128.8.0.0/15和128.10.0.0/15。这将使128.8.0.0/15、128.10.0.0/15及其异常128.11.0.0/16可用于生成128.8.0.0/14。路由器将从这三条路由生成128.8.0.0/14。因此,对于AS4,128.8.0.0/14及其异常128.10.0.0/15及其异常128.11.0.0/16将可导出。
For AS2, a router in AS1 will only generate 128.10.0.0/15. Hence, 128.10.0.0/15 and its exception 128.11.0.0/16 will be exportable. Note that 128.8.0.0/16 and 128.9.0.0/16 are also exportable since they did not participate in an aggregate exportable to AS2.
对于AS2,AS1中的路由器将只生成128.10.0.0/15。因此,128.10.0.0/15及其异常128.11.0.0/16将可导出。请注意,128.8.0.0/16和128.9.0.0/16也可导出,因为它们未参与可导出到AS2的聚合。
Similarly, for AS3, a router in AS1 will only generate 128.8.0.0/15. In this case 128.8.0.0/15, 128.10.0.0/16, 128.11.0.0/16 are exportable.
类似地,对于AS3,AS1中的路由器将只生成128.8.0.0/15。在这种情况下,128.8.0.0/15、128.10.0.0/16、128.11.0.0/16是可导出的。
The inject attribute can be used to specify static routes by using "upon static" as the condition:
inject属性可用于通过使用“在静态时”作为条件来指定静态路由:
inject: [at <router>] ...
[action <action>]
upon static
inject: [at <router>] ...
[action <action>]
upon static
In this case, the <router> executes the <action> and injects the route to the interAS routing system statically. <action> may set certain route attributes such as a next-hop router or a cost.
在这种情况下,<router>执行<action>并静态地将路由注入interAS路由系统<操作>可以设置某些路由属性,例如下一跳路由器或成本。
In the following example, the router 7.7.7.1 injects the route 128.7.0.0/16. The next-hop routers (in this example, there are two next-hop routers) for this route are 7.7.7.2 and 7.7.7.3 and the route has a cost of 10 over 7.7.7.2 and 20 over 7.7.7.3.
在下面的示例中,路由器7.7.7.1注入路由128.7.0.0/16。该路由的下一跳路由器(在本例中,有两个下一跳路由器)为7.7.7.2和7.7.7.3,该路由的成本为7.7.7.2的10倍和7.7.7.3的20倍。
route: 128.7.0.0/16
origin: AS1
inject: at 7.7.7.1 action next-hop = 7.7.7.2; cost = 10; upon static
inject: at 7.7.7.1 action next-hop = 7.7.7.3; cost = 20; upon static
route: 128.7.0.0/16
origin: AS1
inject: at 7.7.7.1 action next-hop = 7.7.7.2; cost = 10; upon static
inject: at 7.7.7.1 action next-hop = 7.7.7.3; cost = 20; upon static
9 inet-rtr Class
9 inet rtr类
Routers are specified using the inet-rtr class. The attributes of the inet-rtr class are shown in Figure 29. The inet-rtr attribute is a valid DNS name of the router described. Each alias attribute, if present, is a canonical DNS name for the router. The local-as attribute specifies the AS number of the AS which owns/operates this router.
路由器是使用inet rtr类指定的。inet rtr类的属性如图29所示。inet rtr属性是所述路由器的有效DNS名称。每个别名属性(如果存在)都是路由器的规范DNS名称。local as属性指定拥有/操作此路由器的as的as编号。
Attribute Value Type inet-rtr <dns-name> mandatory, single-valued, class key alias <dns-name> optional, multi-valued local-as <as-number> mandatory, single-valued ifaddr see description in text mandatory, multi-valued peer see description in text optional, multi-valued
属性值类型inet rtr<dns name>必填,单值,类密钥别名<dns name>可选,多值本地as<as number>必填,单值ifaddr请参阅文本中的说明必填,多值对等请参阅文本中的说明可选,多值
Figure 29: inet-rtr Class Attributes
图29:inet rtr类属性
The value of an ifaddr attribute has the following syntax:
ifaddr属性的值具有以下语法:
<ipv4-address> masklen <integer> [action <action>]
<ipv4-address> masklen <integer> [action <action>]
The IP address and the mask length are mandatory for each interface. Optionally an action can be specified to set other parameters of this interface.
IP地址和掩码长度对于每个接口都是必需的。可以选择指定一个操作来设置此接口的其他参数。
Figure 30 presents an example inet-rtr object. The name of the router is "amsterdam.ripe.net". "amsterdam1.ripe.net" is a canonical name for the router. The router is connected to 4 networks. Its IP addresses and mask lengths in those networks are specified in the ifaddr attributes.
图30显示了一个inet rtr对象示例。路由器的名称是“amsterdam.ripe.net”。“amsterdam1.ripe.net”是路由器的标准名称。路由器连接到4个网络。这些网络中的IP地址和掩码长度在ifaddr属性中指定。
inet-rtr: Amsterdam.ripe.net
alias: amsterdam1.ripe.net
local-as: AS3333
ifaddr: 192.87.45.190 masklen 24
ifaddr: 192.87.4.28 masklen 24
ifaddr: 193.0.0.222 masklen 27
ifaddr: 193.0.0.158 masklen 27
peer: BGP4 192.87.45.195 asno(AS3334), flap_damp()
inet-rtr: Amsterdam.ripe.net
alias: amsterdam1.ripe.net
local-as: AS3333
ifaddr: 192.87.45.190 masklen 24
ifaddr: 192.87.4.28 masklen 24
ifaddr: 193.0.0.222 masklen 27
ifaddr: 193.0.0.158 masklen 27
peer: BGP4 192.87.45.195 asno(AS3334), flap_damp()
Figure 30: inet-rtr Objects
图30:inet rtr对象
Each peer attribute, if present, specifies a protocol peering with another router. The value of a peer attribute has the following syntax:
每个对等属性(如果存在)指定与另一路由器的协议对等。对等属性的值具有以下语法:
<protocol> <ipv4-address> <options>
<protocol> <ipv4-address> <options>
where <protocol> is a protocol name, <ipv4-address> is the IP address of the peer router, and <options> is a comma separated list of peering options for <protocol>. Possible protocol names and attributes are defined in the dictionary (please see Section 7). In the above example, the router has a BGP peering with the router 192.87.45.195 in AS3334 and turns the flap damping on when importing routes from this router.
其中,<protocol>是协议名,<ipv4 address>是对等路由器的IP地址,<options>是以逗号分隔的<protocol>对等选项列表。字典中定义了可能的协议名称和属性(请参见第7节)。在上面的示例中,路由器与AS3334中的路由器192.87.45.195进行BGP对等,并在从该路由器导入路由时打开襟翼阻尼。
10 Security Considerations
10安全考虑
This document describes RPSL, a language for expressing routing policies. The language defines a maintainer (mntner class) object which is the entity which controls or "maintains" the objects stored in a database expressed by RPSL. Requests from maintainers can be authenticated with various techniques as defined by the "auth" attribute of the maintainer object.
本文档介绍RPSL,一种用于表示路由策略的语言。该语言定义了一个maintainer(mntner类)对象,该对象是控制或“维护”由RPSL表示的数据库中存储的对象的实体。来自维护者的请求可以通过维护者对象的“auth”属性定义的各种技术进行身份验证。
The exact protocols used by IRR's to communicate RPSL objects is beyond the scope of this document, but it is envisioned that several techniques may be used, ranging from interactive query/update protocols to store and forward protocols similar to or based on electronic mail (or even voice telephone calls). Regardless of which protocols are used in a given situation, it is expected that appropriate security techniques such as IPSEC, TLS or PGP/MIME will be utilized.
IRR用于通信RPSL对象的确切协议超出了本文档的范围,但可以设想使用几种技术,从交互式查询/更新协议到存储和转发类似于或基于电子邮件(甚至语音电话)的协议。无论在给定情况下使用哪种协议,都应使用适当的安全技术,如IPSEC、TLS或PGP/MIME。
11 Acknowledgements
11致谢
We would like to thank Jessica Yu, Randy Bush, Alan Barrett, David Kessens, Bill Manning, Sue Hares, Ramesh Govindan, Kannan Varadhan, Satish Kumar, Craig Labovitz, Rusty Eddy, David J. LeRoy, David Whipple, Jon Postel, Deborah Estrin, Elliot Schwartz, Joachim Schmitz, Mark Prior, Tony Przygienda, David Woodgate, and the participants of the IETF RPS Working Group for various comments and suggestions.
我们要感谢Jessica Yu、Randy Bush、Alan Barrett、David Kessens、Bill Manning、Sue Hares、Ramesh Govindan、Kannan Varadhan、Satish Kumar、Craig Labovitz、Rusty Eddy、David J.LeRoy、David Whipple、Jon Postel、Deborah Estrin、Elliot Schwartz、Joachim Schmitz、Mark Prior、Tony Przygienda、David Woodgate、,以及IETF RPS工作组的参与者,征求各种意见和建议。
References
工具书类
[1] Internet Routing Registry. Procedures. http://www.ra.net/RADB.tools.docs/, http://www.ripe.net/db/doc.html.
[1] Internet路由注册表。程序。http://www.ra.net/RADB.tools.docs/, http://www.ripe.net/db/doc.html.
[2] Alaettinouglu, C., Meyer, D., and J. Schmitz, "Application of Routing Policy Specification Language (RPSL) on the Internet", Work in Progress.
[2] Alaettinouglu,C.,Meyer,D.,和J.Schmitz,“互联网上路由策略规范语言(RPSL)的应用”,正在进行中。
[3] T. Bates. Specifying an `Internet Router' in the Routing Registry. Technical Report RIPE-122, RIPE, RIPE NCC, Amsterdam, Netherlands, October 1994.
[3] 贝茨。在路由注册表中指定“Internet路由器”。技术报告CREATE-122,CREATE,CREATE NCC,荷兰阿姆斯特丹,1994年10月。
[4] T. Bates, E. Gerich, L. Joncheray, J-M. Jouanigot, D. Karrenberg, M. Terpstra, and J. Yu. Representation of IP Routing Policies in a Routing Registry. Technical Report ripe-181, RIPE, RIPE NCC, Amsterdam, Netherlands, October 1994.
[4] T.贝茨、E.格里奇、L.琼切雷、J-M.朱安尼格特、D.卡伦伯格、M.特普斯特拉和J.余。在路由注册表中表示IP路由策略。技术报告CRIPE-181,CRIPE,CRIPE NCC,荷兰阿姆斯特丹,1994年10月。
[5] Bates, T., Gerich, E., Joncheray, L., Jouanigot, J.M., Karrenberg, D., Terpstra, M., and J. Yu, "Representation of IP Routing Policies in a Routing Registry," RFC 1786, March 1995.
[5] Bates,T.,Gerich,E.,Joncheray,L.,Jouanigot,J.M.,Karrenberg,D.,Terpstra,M.,和J.Yu,“路由注册表中IP路由策略的表示”,RFC 17861995年3月。
[6] T. Bates, J-M. Jouanigot, D. Karrenberg, P. Lothberg, and M. Terpstra. Representation of IP Routing Policies in the RIPE Database. Technical Report ripe-81, RIPE, RIPE NCC, Amsterdam, Netherlands, February 1993.
[6] T.Bates、J-M.Jouanigot、D.Karrenberg、P.Lothberg和M.Terpstra。在成熟数据库中表示IP路由策略。技术报告CREATE-81,CREATE,CREATE NCC,阿姆斯特丹,荷兰,1993年2月。
[7] Chandra, R., Traina, P., and T. Li, "BGP Communities Attribute," RFC 1997, August 1996.
[7] Chandra,R.,Traina,P.,和T.Li,“BGP社区属性”,RFC 1997,1996年8月。
[8] Crocker, D., "Standard for the format of ARPA Internet text messages, STD 11, RFC 822, August 1982.
[8] Crocker,D.,“ARPA互联网文本信息格式标准,STD 11,RFC 822,1982年8月。
[9] V. Fuller, T. Li, J. Yu, and K. Varadhan. Classless Inter-Domain Routing (CIDR): an Address Assignment and Aggregation Strategy, 1993.
[9] V.Fuller、T.Li、J.Yu和K.Varadhan。无类别域间路由(CIDR):地址分配和聚合策略,1993。
[10] D. Karrenberg and T. Bates. Description of Inter-AS Networks in the RIPE Routing Registry. Technical Report RIPE-104, RIPE, RIPE NCC, Amsterdam, Netherlands, December 1993.
[10] 卡伦伯格和贝茨。在成熟的路由注册表中描述内部AS网络。技术报告CREATE-104,CREATE,CREATE NCC,荷兰阿姆斯特丹,1993年12月。
[11] D. Karrenberg and M. Terpstra. Authorisation and Notification of Changes in the RIPE Database. Technical Report ripe-120, RIPE, RIPE NCC, Amsterdam, Netherlands, October 1994.
[11] 卡伦伯格和特普斯特拉。授权和通知成熟数据库中的变更。技术报告CREATE-120,CREATE,CREATE NCC,荷兰阿姆斯特丹,1994年10月。
[12] B. W. Kernighan and D. M. Ritchie. The C Programming Language. Prentice-Hall, 1978.
[12] B.W.Kernighan和D.M.Ritchie。C编程语言。普伦蒂斯大厅,1978年。
[13] Kessens, D., Woeber, W., and D. Conrad, "RIDE referencing", Work in Progress.
[13] Kessens,D.,Woeber,W.,和D.Conrad,“骑乘参考”,正在进行中。
[14] A. Lord and M. Terpstra. RIPE Database Template for Networks and Persons. Technical Report ripe-119, RIPE, RIPE NCC, Amsterdam, Netherlands, October 1994.
[14] 洛德和特普斯特拉。网络和个人的成熟数据库模板。技术报告CREATE-119,CREATE,CREATE NCC,荷兰阿姆斯特丹,1994年10月。
[15] A. M. R. Magee. RIPE NCC Database Documentation. Technical Report RIPE-157, RIPE, RIPE NCC, Amsterdam, Netherlands, May 1997.
[15] A.M.R.Magee。成熟的NCC数据库文档。技术报告CREATE-157,CREATE,CREATE NCC,荷兰阿姆斯特丹,1997年5月。
[16] Mockapetris, P., "Domain names - concepts and facilities," STD 13, RFC 1034, November 1987.
[16] Mockapetris,P.,“域名-概念和设施”,STD 13,RFC 1034,1987年11月。
[17] Y. Rekhter. Inter-Domain Routing Protocol (IDRP). Journal of Internetworking Research and Experience, 4:61--80, 1993.
[17] 雷克特。域间路由协议(IDRP)。互联网研究与经验杂志,4:61-801993。
[18] Rekhter, Y., and T. Li, "A Border Gateway Protocol 4 (BGP-4)," RFC 1771, March 1995.
[18] Rekhter,Y.和T.Li,“边境网关协议4(BGP-4)”,RFC 1771,1995年3月。
[19] Villamizar, C., Chandra, R., and R. Govindan, "BGP Route Flap Damping", Work in Progress.
[19] Villamizar,C.,Chandra,R.,和R.Govindan,“BGP路线襟翼阻尼”,工程正在进行中。
A Routing Registry Sites
路由注册表站点
The set of routing registries as of November 1996 are RIPE, RADB, CANet, MCI and ANS. You may contact one of these registries to find out the current list of registries.
截至1996年11月,路由注册系统已成熟,包括RADB、CANet、MCI和ANS。您可以联系其中一个注册系统以了解当前的注册系统列表。
B Authors' Addresses
B作者地址
Cengiz Alaettinoglu USC Information Sciences Institute 4676 Admiralty Way, Suite 1001 Marina del Rey, CA 90292 EMail: cengiz@isi.edu
Cengiz Alaettinoglu USC信息科学研究所4676金钟路1001室加利福尼亚州玛丽娜·德雷90292电子邮件:cengiz@isi.edu
Tony Bates Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 EMail: tbates@cisco.com
Tony Bates Cisco Systems,Inc.加利福尼亚州圣何塞市西塔斯曼大道170号,邮编95134电子邮件:tbates@cisco.com
Elise Gerich At Home Network 385 Ravendale Drive Mountain View, CA 94043 EMail: epg@home.net
Elise Gerich家庭网络385 Ravendale Drive Mountain View,加利福尼亚州94043电子邮件:epg@home.net
Daniel Karrenberg RIPE Network Coordination Centre (NCC) Kruislaan 409 NL-1098 SJ Amsterdam Netherlands EMail: dfk@ripe.net
Daniel Karrenberg成熟网络协调中心(NCC)Kruislaan 409 NL-1098 SJ阿姆斯特丹荷兰电子邮件:dfk@ripe.net
David Meyer University of Oregon Eugene, OR 97403 EMail: meyer@antc.uoregon.edu
戴维迈耶俄勒冈大学尤金,或97403电子邮件:meyer@antc.uoregon.edu
Marten Terpstra c/o Bay Networks, Inc. 2 Federal St Billerica MA 01821 EMail: marten@BayNetworks.com
Marten Terpstra c/o Bay Networks,Inc.2 Federal St Billerica MA 01821电子邮件:marten@BayNetworks.com
Curtis Villamizar ANS EMail: curtis@ans.net
Curtis Villamizar的电子邮件:curtis@ans.net
C Full Copyright Statement
版权声明全文
Copyright (C) The Internet Society (1998). All Rights Reserved.
版权所有(C)互联网协会(1998年)。版权所有。
This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English.
本文件及其译本可复制并提供给他人,对其进行评论或解释或协助其实施的衍生作品可全部或部分编制、复制、出版和分发,不受任何限制,前提是上述版权声明和本段包含在所有此类副本和衍生作品中。但是,不得以任何方式修改本文件本身,例如删除版权通知或对互联网协会或其他互联网组织的引用,除非出于制定互联网标准的需要,在这种情况下,必须遵循互联网标准过程中定义的版权程序,或根据需要将其翻译成英语以外的其他语言。
The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns.
上述授予的有限许可是永久性的,互联网协会或其继承人或受让人不会撤销。
This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
本文件和其中包含的信息是按“原样”提供的,互联网协会和互联网工程任务组否认所有明示或暗示的保证,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。