Network Working Group C. Alaettinoglu
Request for Comments: 2622 USC/Information Sciences Institute
Obsoletes: 2280 C. Villamizar
Category: Standards Track Avici Systems
E. Gerich
At Home Network
D. Kessens
Qwest Communications
D. Meyer
University of Oregon
T. Bates
Cisco Systems
D. Karrenberg
RIPE NCC
M. Terpstra
Bay Networks
June 1999
Network Working Group C. Alaettinoglu
Request for Comments: 2622 USC/Information Sciences Institute
Obsoletes: 2280 C. Villamizar
Category: Standards Track Avici Systems
E. Gerich
At Home Network
D. Kessens
Qwest Communications
D. Meyer
University of Oregon
T. Bates
Cisco Systems
D. Karrenberg
RIPE NCC
M. Terpstra
Bay Networks
June 1999
Routing Policy Specification Language (RPSL)
路由策略规范语言(RPSL)
Status of this Memo
本备忘录的状况
This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.
本文件规定了互联网社区的互联网标准跟踪协议,并要求进行讨论和提出改进建议。有关本协议的标准化状态和状态,请参考当前版本的“互联网官方协议标准”(STD 1)。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (C) The Internet Society (1999). All Rights Reserved.
版权所有(C)互联网协会(1999年)。版权所有。
Abstract
摘要
RPSL allows a network operator to be able to specify routing policies at various levels in the Internet hierarchy; for example at the Autonomous System (AS) level. At the same time, policies can be specified with sufficient detail in RPSL so that low level router configurations can be generated from them. RPSL is extensible; new routing protocols and new protocol features can be introduced at any time.
RPSL允许网络运营商能够在Internet层次结构的各个级别指定路由策略;例如,在自治系统(AS)级别。同时,可以在RPSL中详细指定策略,以便从中生成低级路由器配置。RPSL是可扩展的;可以随时引入新的路由协议和新的协议功能。
Table of Contents
目录
1 Introduction 3
2 RPSL Names, Reserved Words, and Representation 4
3 Contact Information 7
3.1 mntner Class . . . . . . . . . . . . . . . . . . . . . . . . 7
3.2 person Class . . . . . . . . . . . . . . . . . . . . . . . . 10
3.3 role Class . . . . . . . . . . . . . . . . . . . . . . . . . 11
4 route Class 12
5 Set Classes 13
5.1 as-set Class . . . . . . . . . . . . . . . . . . . . . . . . 14
5.2 route-set Class. . . . . . . . . . . . . . . . . . . . . . . 15
5.3 Predefined Set Objects . . . . . . . . . . . . . . . . . . . 17
5.4 Filters and filter-set Class . . . . . . . . . . . . . . . . 17
5.5 rtr-set Class. . . . . . . . . . . . . . . . . . . . . . . . 22
5.6 Peerings and peering-set Class . . . . . . . . . . . . . . . 24
6 aut-num Class 27
6.1 import Attribute: Import Policy Specification . . . . . . . 27
6.1.1 Action Specification . . . . . . . . . . . . . . . . . . 28
6.2 export Attribute: Export Policy Specification . . . . . . . 29
6.3 Other Routing Protocols, Multi-Protocol Routing Protocols,
and Injecting Routes Between Protocols . . . . . . . . . . . . 29
6.4 Ambiguity Resolution . . . . . . . . . . . . . . . . . . . . 31
6.5 default Attribute: Default Policy Specification . . . . . . 33
6.6 Structured Policy Specification. . . . . . . . . . . . . . . 33
7 dictionary Class 37
7.1 Initial RPSL Dictionary and Example Policy Actions and
Filters. . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
8 Advanced route Class 45
8.1 Specifying Aggregate Routes. . . . . . . . . . . . . . . . . 45
8.1.1Interaction with policies in aut-num class. . . . . . . . 49
8.1.2Ambiguity resolution with overlapping aggregates. . . . . 50
8.2 Specifying Static Routes . . . . . . . . . . . . . . . . . . 52
9 inet-rtr Class 52
10 Extending RPSL 54
10.1 Extensions by changing the dictionary class . . . . . . . . 54
10.2 Extensions by adding new attributes to existing classes . . 55
10.3 Extensions by adding new classes . . . . . . . . . . . . . 55
10.4 Extensions by changing the syntax of existing RPSL
attributes. . . . . . . . . . . . . . . . . . . . . . . . . . 55
11 Security Considerations 56
12 Acknowledgements 56
References 56
A Routing Registry Sites 59
B Grammar Rules 59
C Changes from RFC 2280 67
D Authors' Addresses 68
Full Copyright Statement 69
1 Introduction 3
2 RPSL Names, Reserved Words, and Representation 4
3 Contact Information 7
3.1 mntner Class . . . . . . . . . . . . . . . . . . . . . . . . 7
3.2 person Class . . . . . . . . . . . . . . . . . . . . . . . . 10
3.3 role Class . . . . . . . . . . . . . . . . . . . . . . . . . 11
4 route Class 12
5 Set Classes 13
5.1 as-set Class . . . . . . . . . . . . . . . . . . . . . . . . 14
5.2 route-set Class. . . . . . . . . . . . . . . . . . . . . . . 15
5.3 Predefined Set Objects . . . . . . . . . . . . . . . . . . . 17
5.4 Filters and filter-set Class . . . . . . . . . . . . . . . . 17
5.5 rtr-set Class. . . . . . . . . . . . . . . . . . . . . . . . 22
5.6 Peerings and peering-set Class . . . . . . . . . . . . . . . 24
6 aut-num Class 27
6.1 import Attribute: Import Policy Specification . . . . . . . 27
6.1.1 Action Specification . . . . . . . . . . . . . . . . . . 28
6.2 export Attribute: Export Policy Specification . . . . . . . 29
6.3 Other Routing Protocols, Multi-Protocol Routing Protocols,
and Injecting Routes Between Protocols . . . . . . . . . . . . 29
6.4 Ambiguity Resolution . . . . . . . . . . . . . . . . . . . . 31
6.5 default Attribute: Default Policy Specification . . . . . . 33
6.6 Structured Policy Specification. . . . . . . . . . . . . . . 33
7 dictionary Class 37
7.1 Initial RPSL Dictionary and Example Policy Actions and
Filters. . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
8 Advanced route Class 45
8.1 Specifying Aggregate Routes. . . . . . . . . . . . . . . . . 45
8.1.1Interaction with policies in aut-num class. . . . . . . . 49
8.1.2Ambiguity resolution with overlapping aggregates. . . . . 50
8.2 Specifying Static Routes . . . . . . . . . . . . . . . . . . 52
9 inet-rtr Class 52
10 Extending RPSL 54
10.1 Extensions by changing the dictionary class . . . . . . . . 54
10.2 Extensions by adding new attributes to existing classes . . 55
10.3 Extensions by adding new classes . . . . . . . . . . . . . 55
10.4 Extensions by changing the syntax of existing RPSL
attributes. . . . . . . . . . . . . . . . . . . . . . . . . . 55
11 Security Considerations 56
12 Acknowledgements 56
References 56
A Routing Registry Sites 59
B Grammar Rules 59
C Changes from RFC 2280 67
D Authors' Addresses 68
Full Copyright Statement 69
1 Introduction
1导言
This memo is the reference document for the Routing Policy Specification Language (RPSL). RPSL allows a network operator to be able to specify routing policies at various levels in the Internet hierarchy; for example at the Autonomous System (AS) level. At the same time, policies can be specified with sufficient detail in RPSL so that low level router configurations can be generated from them. RPSL is extensible; new routing protocols and new protocol features can be introduced at any time.
本备忘录是路由策略规范语言(RPSL)的参考文档。RPSL允许网络运营商能够在Internet层次结构的各个级别指定路由策略;例如,在自治系统(AS)级别。同时,可以在RPSL中详细指定策略,以便从中生成低级路由器配置。RPSL是可扩展的;可以随时引入新的路由协议和新的协议功能。
RPSL is a replacement for the current Internet policy specification language known as RIPE-181 [6] or RFC-1786 [7]. RIPE-81 [8] was the first language deployed in the Internet for specifying routing policies. It was later replaced by RIPE-181 [6]. Through operational use of RIPE-181 it has become apparent that certain policies cannot be specified and a need for an enhanced and more generalized language is needed. RPSL addresses RIPE-181's limitations.
RPSL是当前Internet策略规范语言RIME-181[6]或RFC-1786[7]的替代品。RIME-81[8]是Internet上部署的第一种用于指定路由策略的语言。它后来被creed-181所取代[6]。通过实际使用CREAME-181,显然某些政策无法具体规定,需要一种增强的、更通用的语言。RPSL解决了RIME-181的局限性。
RPSL was designed so that a view of the global routing policy can be contained in a single cooperatively maintained distributed database to improve the integrity of Internet's routing. RPSL is not designed to be a router configuration language. RPSL is designed so that router configurations can be generated from the description of the policy for one autonomous system (aut-num class) combined with the description of a router (inet-rtr class), mainly providing router ID, autonomous system number of the router, interfaces and peers of the router, and combined with a global database mappings from AS sets to ASes (as-set class), and from origin ASes and route sets to route prefixes (route and route-set classes). The accurate population of the RPSL database can help contribute toward such goals as router configurations that protect against accidental (or malicious) distribution of inaccurate routing information, verification of Internet's routing, and aggregation boundaries beyond a single AS.
RPSL的设计使得全局路由策略的视图可以包含在单个协作维护的分布式数据库中,从而提高Internet路由的完整性。RPSL不是为路由器配置语言而设计的。RPSL的设计使路由器配置可以从一个自治系统(aut num类)的策略描述与路由器(inet rtr类)的描述相结合生成,主要提供路由器ID、路由器的自治系统号、路由器的接口和对等点,并与全局数据库相结合,从AS集合映射到ASes(AS集合类),从原始ASes和路由集合映射到路由前缀(路由和路由集合类)。RPSL数据库的准确填充有助于实现以下目标:防止意外(或恶意)分发不准确路由信息的路由器配置、验证Internet路由以及单个as之外的聚合边界。
RPSL is object oriented; that is, objects contain pieces of policy and administrative information. These objects are registered in the Internet Routing Registry (IRR) by the authorized organizations. The registration process is beyond the scope of this document. Please refer to [1, 17, 4] for more details on the IRR.
RPSL是面向对象的;也就是说,对象包含策略和管理信息。这些对象由授权组织在Internet路由注册表(IRR)中注册。注册过程超出了本文件的范围。有关内部收益率的更多详情,请参考[1,17,4]。
In the following sections, we present the classes that are used to define various policy and administrative objects. The "mntner" class defines entities authorized to add, delete and modify a set of objects. The "person" and "role" classes describes technical and administrative contact personnel. Autonomous systems (ASes) are specified using the "aut-num" class. Routes are specified using the
在以下部分中,我们将介绍用于定义各种策略和管理对象的类。“mntner”类定义了有权添加、删除和修改一组对象的实体。“人员”和“角色”类描述技术和管理联系人。使用“aut num”类指定自治系统(ASE)。使用
"route" class. Sets of objects can be defined using the "as-set", "route-set", "filter-set", "peering-set", and "rtr-set" classes. The "dictionary" class provides the extensibility to the language. The "inet-rtr" class is used to specify routers. Many of these classes were originally defined in earlier documents [6, 13, 16, 12, 5] and have all been enhanced.
“路线”类。可以使用“as set”、“route set”、“filter set”、“peering set”和“rtr set”类定义对象集。“dictionary”类提供了该语言的可扩展性。“inet rtr”类用于指定路由器。这些类中的许多最初是在早期文档[6,13,16,12,5]中定义的,并且都得到了增强。
This document is self-contained. However, the reader is encouraged to read RIPE-181 [7] and the associated documents [13, 16, 12, 5] as they provide significant background as to the motivation and underlying principles behind RIPE-181 and consequently, RPSL. For a tutorial on RPSL, the reader should read the RPSL applications document [4].
本文件是独立的。但是,鼓励读者阅读CREAME-181[7]和相关文件[13、16、12、5],因为它们提供了有关CREAME-181和RPSL背后动机和基本原则的重要背景。有关RPSL的教程,读者应阅读RPSL应用程序文档[4]。
2 RPSL Names, Reserved Words, and Representation
2 RPSL名称、保留字和表示法
Each class has a set of attributes which store a piece of information about the objects of the class. Attributes can be mandatory or optional: A mandatory attribute has to be defined for all objects of the class; optional attributes can be skipped. Attributes can also be single or multiple valued. Each object is uniquely identified by a set of attributes, referred to as the class "key".
每个类都有一组属性,这些属性存储关于类对象的一段信息。属性可以是强制的,也可以是可选的:必须为类的所有对象定义强制属性;可以跳过可选属性。属性也可以是单值或多值的。每个对象由一组属性唯一标识,称为类“键”。
The value of an attribute has a type. The following types are most widely used. Note that RPSL is case insensitive and only the characters from the ASCII character set can be used.
属性的值具有类型。以下类型的应用最为广泛。请注意,RPSL不区分大小写,只能使用ASCII字符集中的字符。
<object-name> Many objects in RPSL have a name. An <object-name> is made up of letters, digits, the character underscore "_", and the character hyphen "-"; the first character of a name must be a letter, and the last character of a name must be a letter or a digit. The following words are reserved by RPSL, and they can not be used as names:
<object name>RPSL中的许多对象都有一个名称。<object name>由字母、数字、下划线“_”和连字符“-”组成;名称的第一个字符必须是字母,最后一个字符必须是字母或数字。以下文字为RPSL保留,不能用作名称:
any as-any rs-any peeras and or not atomic from to at action accept announce except refine networks into inbound outbound
any as any rs any peeras and or not at at at at action接受宣布,但将网络细化为入站出站
Names starting with certain prefixes are reserved for certain object types. Names starting with "as-" are reserved for as set names. Names starting with "rs-" are reserved for route set names. Names starting with "rtrs-" are reserved for router set names. Names starting with "fltr-" are reserved for filter set names. Names starting with "prng-" are reserved for peering set names.
以某些前缀开头的名称是为某些对象类型保留的。以“as-”开头的名称保留给as集合名称。以“rs-”开头的名称保留给路由集名称。以“RTR-”开头的名称保留给路由器集名称。以“fltr-”开头的名称保留用于过滤器集名称。以“prng-”开头的名称保留给对等集名称。
<as-number> An AS number x is represented as the string "ASx". That is, the AS 226 is represented as AS226.
<as number>as编号x表示为字符串“ASx”。也就是说,AS 226表示为AS226。
<ipv4-address> An IPv4 address is represented as a sequence of four integers in the range from 0 to 255 separated by the character dot ".". For example, 128.9.128.5 represents a valid IPv4 address. In the rest of this document, we may refer to IPv4 addresses as IP addresses.
<ipv4地址>ipv4地址表示为由0到255之间的四个整数组成的序列,由字符点“.”分隔。例如,128.9.128.5表示有效的IPv4地址。在本文档的其余部分中,我们可以将IPv4地址称为IP地址。
<address-prefix> An address prefix is represented as an IPv4 address followed by the character slash "/" followed by an integer in the range from 0 to 32. The following are valid address prefixes: 128.9.128.5/32, 128.9.0.0/16, 0.0.0.0/0; and the following address prefixes are invalid: 0/0, 128.9/16 since 0 or 128.9 are not strings containing four integers.
<address prefix>地址前缀表示为IPv4地址,后跟字符斜杠“/”和0到32之间的整数。以下是有效的地址前缀:128.9.128.5/32、128.9.0.0/16、0.0.0.0/0;以下地址前缀无效:0/0、128.9/16,因为0或128.9不是包含四个整数的字符串。
<address-prefix-range> An address prefix range is an address prefix followed by an optional range operator. The range operators are:
<address prefix range>地址前缀范围是后跟可选范围运算符的地址前缀。靶场操作员包括:
^- is the exclusive more specifics operator; it stands for the more specifics of the address prefix excluding the address prefix itself. For example, 128.9.0.0/16^- contains all the more specifics of 128.9.0.0/16 excluding 128.9.0.0/16.
^-是唯一的更具体的运营商;它代表地址前缀的更多细节,不包括地址前缀本身。例如,128.9.0.0/16^-包含128.9.0.0/16的所有更多细节,不包括128.9.0.0/16。
^+ is the inclusive more specifics operator; it stands for the more specifics of the address prefix including the address prefix itself. For example, 5.0.0.0/8^+ contains all the more specifics of 5.0.0.0/8 including 5.0.0.0/8.
^+是包含更多细节的操作符;它代表地址前缀的更多细节,包括地址前缀本身。例如,5.0.0.0/8^+包含5.0.0.0/8的所有更多细节,包括5.0.0.0/8。
^n where n is an integer, stands for all the length n specifics of the address prefix. For example, 30.0.0.0/8^16 contains all the more specifics of 30.0.0.0/8 which are of length 16 such as 30.9.0.0/16.
^n其中n是整数,表示地址前缀的所有长度n细节。例如,30.0.0.0/8^16包含30.0.0.0/8的所有更多细节,其长度为16,例如30.9.0.0/16。
^n-m where n and m are integers, stands for all the length n to length m specifics of the address prefix. For example, 30.0.0.0/8^24-32 contains all the more specifics of 30.0.0.0/8 which are of length 24 to 32 such as 30.9.9.96/28.
^n-m,其中n和m是整数,表示地址前缀的所有长度n到长度m。例如,30.0.0.0/8^24-32包含30.0.0.0/8的所有更多细节,其长度为24到32,例如30.9.9.96/28。
Range operators can also be applied to address prefix sets. In this case, they distribute over the members of the set. For example, for a route-set (defined later) rs-foo, rs-foo^+ contains all the inclusive more specifics of all the prefixes in rs-foo.
范围运算符也可以应用于地址前缀集。在这种情况下,它们分布在集合的成员上。例如,对于路由集(稍后定义)rs foo,rs foo^+包含rs foo中所有前缀的所有更详细信息。
It is an error to follow a range operator with another one (e.g.
30.0.0.0/8^24-28^+ is an error). However, a range operator can be
applied to an address prefix set that has address prefix ranges in it
(e.g. {30.0.0.0/8^24-28}^27-30 is not an error). In this case, the
It is an error to follow a range operator with another one (e.g.
30.0.0.0/8^24-28^+ is an error). However, a range operator can be
applied to an address prefix set that has address prefix ranges in it
(e.g. {30.0.0.0/8^24-28}^27-30 is not an error). In this case, the
outer operator ^n-m distributes over the inner operator ^k-l and becomes the operator ^max(n,k)-m if m is greater than or equal to max(n,k), or otherwise, the prefix is deleted from the set. Note that the operator ^n is equivalent to ^n-n; prefix/l^+ is equivalent to prefix/l^l-32; prefix/l^- is equivalent to prefix/l^(l+1)-32; {prefix/l^n-m}^+ is equivalent to {prefix/l^n-32}; and {prefix/l^n-m}^- is equivalent to {prefix/l^(n+1)-32}. For example,
外部运算符^n-m分布在内部运算符^k-l上,如果m大于或等于max(n,k),则成为运算符^max(n,k)-m,否则,前缀将从集合中删除。请注意,运算符^n相当于^n-n;前缀/l^+相当于前缀/l^l-32;前缀/l^-相当于前缀/l^(l+1)-32;{prefix/l^n-m}^+等价于{prefix/l^n-32};{prefix/l^n-m}^-等价于{prefix/l^(n+1)-32}。例如
{128.9.0.0/16^+}^- == {128.9.0.0/16^-}
{128.9.0.0/16^-}^+ == {128.9.0.0/16^-}
{128.9.0.0/16^17}^24 == {128.9.0.0/16^24}
{128.9.0.0/16^20-24}^26-28 == {128.9.0.0/16^26-28}
{128.9.0.0/16^20-24}^22-28 == {128.9.0.0/16^22-28}
{128.9.0.0/16^20-24}^18-28 == {128.9.0.0/16^20-28}
{128.9.0.0/16^20-24}^18-22 == {128.9.0.0/16^20-22}
{128.9.0.0/16^20-24}^18-19 == {}
{128.9.0.0/16^+}^- == {128.9.0.0/16^-}
{128.9.0.0/16^-}^+ == {128.9.0.0/16^-}
{128.9.0.0/16^17}^24 == {128.9.0.0/16^24}
{128.9.0.0/16^20-24}^26-28 == {128.9.0.0/16^26-28}
{128.9.0.0/16^20-24}^22-28 == {128.9.0.0/16^22-28}
{128.9.0.0/16^20-24}^18-28 == {128.9.0.0/16^20-28}
{128.9.0.0/16^20-24}^18-22 == {128.9.0.0/16^20-22}
{128.9.0.0/16^20-24}^18-19 == {}
<date> A date is represented as an eight digit integer of the form YYYYMMDD where YYYY represents the year, MM represents the month of the year (01 through 12), and DD represents the day of the month (01 through 31). All dates are in UTC unless otherwise specified. For example, June 24, 1996 is represented as 19960624.
<date>日期表示为格式为YYYYMMDD的八位整数,其中YYYY表示年份,MM表示一年中的月份(01到12),DD表示一个月中的日期(01到31)。除非另有规定,否则所有日期均以UTC为单位。例如,1996年6月24日表示为19960624。
<email-address>is as described in RFC-822 [10].
<email address>如RFC-822[10]所述。
<dns-name>is as described in RFC-1034 [17].
<dns名称>如RFC-1034[17]所述。
<nic-handle> is a uniquely assigned identifier word used by routing, address allocation, and other registries to unambiguously refer to contact information. Person and role classes map NIC handles to actual person names, and contact information.
<nic handle>是一个唯一分配的标识符字,路由、地址分配和其他注册表使用它来明确地引用联系人信息。Person和role类将NIC句柄映射到实际的人名和联系人信息。
<free-form>is a sequence of ASCII characters.
<free-form>是ASCII字符序列。
<X-name> is a name of an object of type X. That is <mntner-name> is a name of a mntner object.
<X-name>是类型为X的对象的名称。即<mntner name>是mntner对象的名称。
<registry-name> is a name of an IRR registry. The routing registries are listed in Appendix A.
<registry name>是IRR注册表的名称。路由注册表在附录A中列出。
A value of an attribute may also be a list of one of these types. A list is represented by separating the list members by commas ",". For example, "AS1, AS2, AS3, AS4" is a list of AS numbers. Note that being list valued and being multiple valued are orthogonal. A multiple valued attribute has more than one value, each of which may or may not be a list. On the other hand a single valued attribute may have a list value.
属性的值也可以是这些类型之一的列表。列表由逗号“,”分隔列表成员表示。例如,“AS1、AS2、AS3、AS4”是AS编号的列表。请注意,列表值和多值是正交的。多值属性有多个值,每个值可能是列表,也可能不是列表。另一方面,单值属性可能具有列表值。
An RPSL object is textually represented as a list of attribute-value pairs. Each attribute-value pair is written on a separate line. The attribute name starts at column 0, followed by character ":" and followed by the value of the attribute. The attribute which has the same name as the object's class should be specified first. The object's representation ends when a blank line is encountered. An attribute's value can be split over multiple lines, by having a space, a tab or a plus ('+') character as the first character of the continuation lines. The character "+" for line continuation allows attribute values to contain blank lines. More spaces may optionally be used after the continuation character to increase readability. The order of attribute-value pairs is significant.
RPSL对象以文本形式表示为属性值对列表。每个属性值对都写在单独的一行上。属性名称从第0列开始,后跟字符“:”和属性值。应首先指定与对象类同名的属性。遇到空行时,对象的表示将结束。通过将空格、制表符或加号(“+”)字符作为续行的第一个字符,可以将属性值拆分为多行。行延续字符“+”允许属性值包含空行。可以选择在连续字符后使用更多空格,以增加可读性。属性值对的顺序很重要。
An object's description may contain comments. A comment can be anywhere in an object's definition, it starts at the first "#" character on a line and ends at the first end-of-line character. White space characters can be used to improve readability.
对象的描述可能包含注释。注释可以位于对象定义中的任何位置,它从一行的第一个“#”字符开始,到行的第一个结束字符结束。空白字符可用于提高可读性。
An integer can be specified using (1) the C programming language notation (e.g. 1, 12345); (2) sequence of four 1-octet integers (in the range from 0 to 255) separated by the character dot "." (e.g. 1.1.1.1, 255.255.0.0), in this case a 4-octet integer is formed by concatenating these 1-octet integers in the most significant to least significant order; (3) sequence of two 2-octet integers (in the range from 0 to 65535) separated by the character colon ":" (e.g. 3561:70, 3582:10), in this case a 4-octet integer is formed by concatenating these 2-octet integers in the most significant to least significant order.
可以使用(1)C编程语言符号(例如,112345)指定整数;(2) 四个由字符点“.”(例如1.1.1.1、255.255.0.0)分隔的1-八位整数(范围从0到255)组成的序列,在这种情况下,4-八位整数是通过将这些1-八位整数按最高有效到最低有效顺序串联而成的;(3) 由字符冒号“:”(例如3561:70、3582:10)分隔的两个2-八位整数(范围从0到65535)的序列,在这种情况下,4-八位整数是通过将这些2-八位整数按最高有效到最低有效的顺序串联而成的。
3 Contact Information
3联系方式
The mntner, person and role classes, admin-c, tech-c, mnt-by, changed, and source attributes of all classes describe contact information. The mntner class also specifies authenticaiton information required to create, delete and update other objects. These classes do not specify routing policies and each registry may have different or additional requirements on them. Here we present the common denominator for completeness which is the RIPE database implementation [16]. Please consult your routing registry for the latest specification of these classes and attributes. The "Routing Policy System Security" document [20] describes the authenticaiton and authorization model in more detail.
所有类的mntner、person和role类、admin-c、tech-c、mnt by、changed和source属性描述了联系信息。mntner类还指定创建、删除和更新其他对象所需的身份验证信息。这些类不指定路由策略,每个注册表可能对它们有不同或附加的要求。这里,我们给出了完整性的公分母,即成熟的数据库实现[16]。有关这些类和属性的最新规范,请咨询路由注册表。“路由策略系统安全性”文档[20]更详细地描述了身份验证和授权模型。
The mntner class specifies authenticaiton information required to create, delete and update RPSL objects. A provider, before he/she can create RPSL objects, first needs to create a mntner object. The
mntner类指定创建、删除和更新RPSL对象所需的身份验证信息。提供者在创建RPSL对象之前,首先需要创建mntner对象。这个
attributes of the mntner class are shown in Figure 1. The mntner class was first described in [13].
mntner类的属性如图1所示。在[13]中首次描述了mntner类。
The mntner attribute is mandatory and is the class key. Its value is an RPSL name. The auth attribute specifies the scheme that will be used to identify and authenticate update requests from this maintainer. It has the following syntax:
mntner属性是必需的,是类键。其值是RPSL名称。auth属性指定用于标识和验证来自此维护者的更新请求的方案。它具有以下语法:
auth: <scheme-id> <auth-info>
auth: <scheme-id> <auth-info>
E.g. auth: NONE
例如,auth:NONE
Attribute Value Type
mntner <object-name> mandatory, single-valued, class key
descr <free-form> mandatory, single-valued
auth see description in text mandatory, multi-valued
upd-to <email-address> mandatory, multi-valued
mnt-nfy <email-address> optional, multi-valued
tech-c <nic-handle> mandatory, multi-valued
admin-c <nic-handle> optional, multi-valued
remarks <free-form> optional, multi-valued
notify <email-address> optional, multi-valued
mnt-by list of <mntner-name> mandatory, multi-valued
changed <email-address> <date> mandatory, multi-valued
source <registry-name> mandatory, single-valued
Attribute Value Type
mntner <object-name> mandatory, single-valued, class key
descr <free-form> mandatory, single-valued
auth see description in text mandatory, multi-valued
upd-to <email-address> mandatory, multi-valued
mnt-nfy <email-address> optional, multi-valued
tech-c <nic-handle> mandatory, multi-valued
admin-c <nic-handle> optional, multi-valued
remarks <free-form> optional, multi-valued
notify <email-address> optional, multi-valued
mnt-by list of <mntner-name> mandatory, multi-valued
changed <email-address> <date> mandatory, multi-valued
source <registry-name> mandatory, single-valued
Figure 1: mntner Class Attributes
图1:mntner类属性
auth: CRYPT-PW dhjsdfhruewf
auth: MAIL-FROM .*@ripe\.net
auth: CRYPT-PW dhjsdfhruewf
auth: MAIL-FROM .*@ripe\.net
The <scheme-id>'s currently defined are: NONE, MAIL-FROM, PGP-KEY and CRYPT-PW. The <auth-info> is additional information required by a particular scheme: in the case of MAIL-FROM, it is a regular expression matching valid email addresses; in the case of CRYPT-PW, it is a password in UNIX crypt format; and in the case of PGP-KEY, it is a pointer to key-certif object [22] containing the PGP public key of the user. If multiple auth attributes are specified, an update request satisfying any one of them is authenticated to be from the maintainer.
当前定义的<scheme-id>:无、邮件发件人、PGP-KEY和CRYPT-PW。<auth info>是特定方案所需的附加信息:对于MAIL-FROM,它是匹配有效电子邮件地址的正则表达式;对于CRYPT-PW,它是UNIX CRYPT格式的密码;在PGP-KEY的情况下,它是指向包含用户的PGP公钥的KEY certif对象[22]的指针。如果指定了多个auth属性,则满足其中任何一个属性的更新请求都将通过维护者的身份验证。
The upd-to attribute is an email address. On an unauthorized update attempt of an object maintained by this maintainer, an email message will be sent to this address. The mnt-nfy attribute is an email address. A notification message will be forwarded to this email
upd to属性是一个电子邮件地址。在此维护者维护的对象进行未经授权的更新尝试时,将向此地址发送一封电子邮件。mnt nfy属性是一个电子邮件地址。通知消息将转发到此电子邮件
address whenever an object maintained by this maintainer is added, changed or deleted.
添加、更改或删除此维护者维护的对象时的地址。
The descr attribute is a short, free-form textual description of the object. The tech-c attribute is a technical contact NIC handle. This is someone to be contacted for technical problems such as misconfiguration. The admin-c attribute is an administrative contact NIC handle. The remarks attribute is a free text explanation or clarification. The notify attribute is an email address to which notifications of changes to this object should be sent. The mnt-by attribute is a list of mntner object names. The authorization for changes to this object is governed by any of the maintainer objects referenced. The changed attribute documents who last changed this object, and when this change was made. Its syntax has the following form:
descr属性是对象的简短、自由形式的文本描述。tech-c属性是技术联系人NIC句柄。这是需要联系的人,以解决技术问题,如配置错误。admin-c属性是一个管理联系人NIC句柄。备注属性是自由文本解释或澄清。notify属性是一个电子邮件地址,此对象的更改通知应发送到该地址。mnt by属性是mntner对象名称的列表。对此对象的更改授权由引用的任何维护者对象管理。更改的属性记录了上次更改此对象的人员以及进行此更改的时间。其语法形式如下:
changed: <email-address> <YYYYMMDD>
changed: <email-address> <YYYYMMDD>
E.g. changed: johndoe@terabit-labs.nn 19900401
例如,改变:johndoe@terabit-labs.nn 19900401
The <email-address> identifies the person who made the last change. <YYYYMMDD> is the date of the change. The source attribute specifies the registry where the object is registered. Figure 2 shows an example mntner object. In the example, UNIX crypt format password authentication is used.
<email address>标识上次更改的人<YYYYMMDD>是更改的日期。源属性指定注册对象的注册表。图2显示了一个示例mntner对象。在本例中,使用了UNIX crypt格式的密码身份验证。
mntner: RIPE-NCC-MNT
descr: RIPE-NCC Maintainer
admin-c: DK58
tech-c: OPS4-RIPE
upd-to: ops@ripe.net
mnt-nfy: ops-fyi@ripe.net
auth: CRYPT-PW lz1A7/JnfkTtI
mnt-by: RIPE-NCC-MNT
changed: ripe-dbm@ripe.net 19970820
source: RIPE
mntner: RIPE-NCC-MNT
descr: RIPE-NCC Maintainer
admin-c: DK58
tech-c: OPS4-RIPE
upd-to: ops@ripe.net
mnt-nfy: ops-fyi@ripe.net
auth: CRYPT-PW lz1A7/JnfkTtI
mnt-by: RIPE-NCC-MNT
changed: ripe-dbm@ripe.net 19970820
source: RIPE
Figure 2: An example mntner object.
图2:一个示例mntner对象。
The descr, tech-c, admin-c, remarks, notify, mnt-by, changed and source attributes are attributes of all RPSL classes. Their syntax, semantics, and mandatory, optional, multi-valued, or single-valued status are the same for for all RPSL classes. Only exception to this is the admin-c attribute which is mandatory for the aut-num class. We do not further discuss them in other sections.
descr、tech-c、admin-c、备注、通知、mnt by、changed和source属性是所有RPSL类的属性。所有RPSL类的语法、语义以及强制、可选、多值或单值状态都相同。唯一的例外是admin-c属性,它对于aut num类是必需的。我们不会在其他章节中进一步讨论这些问题。
A person class is used to describe information about people. Even though it does not describe routing policy, we still describe it here briefly since many policy objects make reference to person objects. The person class was first described in [15].
person类用于描述有关人员的信息。尽管它没有描述路由策略,但我们仍然在这里简要地描述它,因为许多策略对象都引用person对象。person类在[15]中首次被描述。
The attributes of the person class are shown in Figure 3. The person attribute is the full name of the person. The phone and the fax-no attributes have the following syntax:
person类的属性如图3所示。person属性是该人员的全名。phone和fax no属性具有以下语法:
phone: +<country-code> <city> <subscriber> [ext. <extension>]
phone: +<country-code> <city> <subscriber> [ext. <extension>]
E.g.: phone: +31 20 12334676
例如:电话:+312034676
Attribute Value Type person <free-form> mandatory, single-valued nic-hdl <nic-handle> mandatory, single-valued, class key address <free-form> mandatory, multi-valued phone see description in text mandatory, multi-valued fax-no same as phone optional, multi-valued e-mail <email-address> mandatory, multi-valued
属性值类型person<free-form>必填,单值nic hdl<nic handle>必填,单值,类密钥地址<free-form>必填,多值电话请参见文本中的说明必填,多值传真与电话不同可选,多值电子邮件<email address>必填,多值
Figure 3: person Class Attributes
图3:person类属性
phone: +44 123 987654 ext. 4711
电话:+44123987654分机4711
Figure 4 shows an example person object.
图4显示了一个示例person对象。
person: Daniel Karrenberg
address: RIPE Network Coordination Centre (NCC)
address: Singel 258
address: NL-1016 AB Amsterdam
address: Netherlands
phone: +31 20 535 4444
fax-no: +31 20 535 4445
e-mail: Daniel.Karrenberg@ripe.net
nic-hdl: DK58
changed: Daniel.Karrenberg@ripe.net 19970616
source: RIPE
person: Daniel Karrenberg
address: RIPE Network Coordination Centre (NCC)
address: Singel 258
address: NL-1016 AB Amsterdam
address: Netherlands
phone: +31 20 535 4444
fax-no: +31 20 535 4445
e-mail: Daniel.Karrenberg@ripe.net
nic-hdl: DK58
changed: Daniel.Karrenberg@ripe.net 19970616
source: RIPE
Figure 4: An example person object.
图4:一个示例person对象。
The role class is similar to the person object. However, instead of describing a human being, it describes a role performed by one or more human beings. Examples include help desks, network monitoring centers, system administrators, etc. Role object is particularly useful since often a person performing a role may change, however the role itself remains.
角色类类似于person对象。然而,它不是描述一个人,而是描述一个或多个人扮演的角色。示例包括帮助台、网络监控中心、系统管理员等。角色对象特别有用,因为通常执行角色的人可能会改变,但角色本身仍然存在。
The attributes of the role class are shown in Figure 5. The nic-hdl attributes of the person and role classes share the same name space. The trouble attribute of role object may contain additional contact information to be used when a problem arises in any object that references this role object. Figure 6 shows an example role object.
role类的属性如图5所示。person和role类的nic hdl属性共享相同的名称空间。角色对象的“问题”属性可能包含在引用此角色对象的任何对象中出现问题时要使用的其他联系人信息。图6显示了一个示例角色对象。
Attribute Value Type role <free-form> mandatory, single-valued nic-hdl <nic-handle> mandatory, single-valued, class key trouble <free-form> optional, multi-valued address <free-form> mandatory, multi-valued phone see description in text mandatory, multi-valued fax-no same as phone optional, multi-valued e-mail <email-address> mandatory, multi-valued
属性值类型角色<free-form>必填,单值nic hdl<nic handle>必填,单值,类密钥故障<free-form>可选,多值地址<free-form>必填,多值电话请参见文本中的说明必填,多值传真与电话不相同可选,多值电子邮件<email address>必填,多值
Figure 5: role Class Attributes
图5:角色类属性
role: RIPE NCC Operations
trouble:
address: Singel 258
address: 1016 AB Amsterdam
address: The Netherlands
phone: +31 20 535 4444
fax-no: +31 20 545 4445
e-mail: ops@ripe.net
admin-c: CO19-RIPE
tech-c: RW488-RIPE
tech-c: JLSD1-RIPE
nic-hdl: OPS4-RIPE
notify: ops@ripe.net
changed: roderik@ripe.net 19970926
source: RIPE
role: RIPE NCC Operations
trouble:
address: Singel 258
address: 1016 AB Amsterdam
address: The Netherlands
phone: +31 20 535 4444
fax-no: +31 20 545 4445
e-mail: ops@ripe.net
admin-c: CO19-RIPE
tech-c: RW488-RIPE
tech-c: JLSD1-RIPE
nic-hdl: OPS4-RIPE
notify: ops@ripe.net
changed: roderik@ripe.net 19970926
source: RIPE
Figure 6: An example role object.
图6:一个示例角色对象。
4 route Class
4路线等级
Each interAS route (also referred to as an interdomain route) originated by an AS is specified using a route object. The attributes of the route class are shown in Figure 7. The route attribute is the address prefix of the route and the origin attribute is the AS number of the AS that originates the route into the interAS routing system. The route and origin attribute pair is the class key.
as发起的每个interAS路由(也称为域间路由)都使用路由对象指定。route类的属性如图7所示。route属性是路由的地址前缀,origin属性是将路由发送到interAS路由系统的AS的AS编号。路由和原点属性对是类密钥。
Figure 8 shows examples of four route objects (we do not include contact attributes such as admin-c, tech-c for brevity). Note that the last two route objects have the same address prefix, namely 128.8.0.0/16. However, they are different route objects since they are originated by different ASes (i.e. they have different keys).
图8显示了四个route对象的示例(为了简洁起见,我们不包括admin-c、tech-c等联系人属性)。请注意,最后两个路由对象具有相同的地址前缀,即128.8.0.0/16。但是,它们是不同的路由对象,因为它们由不同的ASE发起(即,它们具有不同的密钥)。
Attribute Value Type route <address-prefix> mandatory, single-valued, class key origin <as-number> mandatory, single-valued, class key member-of list of <route-set-names> optional, multi-valued see Section 5 inject see Section 8 optional, multi-valued components see Section 8 optional, single-valued aggr-bndry see Section 8 optional, single-valued aggr-mtd see Section 8 optional, single-valued export-comps see Section 8 optional, single-valued holes see Section 8 optional, multi-valued
属性值类型路由<address prefix>必填,单值,类键源<as number>必填,单值,类键<route set names>列表成员可选,多值见第5节注入见第8节可选,多值组件见第8节可选,单值aggr bndry见第8节可选,单值aggr mtd见第8节可选,单值导出COMP见第8节可选,单值孔见第8节可选,多值
Figure 7: route Class Attributes
图7:路由类属性
route: 128.9.0.0/16 origin: AS226
路线:128.9.0.0/16起点:AS226
route: 128.99.0.0/16 origin: AS226
路线:128.99.0.0/16来源:AS226
route: 128.8.0.0/16 origin: AS1
路线:128.8.0.0/16起点:AS1
route: 128.8.0.0/16 origin: AS2
路线:128.8.0.0/16起点:AS2
Figure 8: Route Objects
图8:路由对象
5 Set Classes
5套课程
To specify policies, it is often useful to define sets of objects. For this purpose we define as-set, route-set, rtr-set, filter-set, and peering-set classes. These classes define a named set. The members of these sets can be specified either directly by listing them in the sets' definition, or indirectly by having member objects refer to the sets' names, or a combination of both methods.
要指定策略,定义对象集通常很有用。为此,我们定义了set、route set、rtr set、filter set和peering set类。这些类定义了一个命名集。这些集合的成员可以直接通过在集合的定义中列出来指定,也可以通过让成员对象引用集合的名称来间接指定,或者两种方法的组合来指定。
A set's name is an rpsl word with the following restrictions: All as-set names start with prefix "as-". All route-set names start with prefix "rs-". All rtr-set names start with prefix "rtrs-". All filter-set names start with prefix "fltr-". All peering-set names start with prefix "prng-". For example, as-foo is a valid as-set name.
集合的名称是rpsl单词,具有以下限制:所有as集合名称都以前缀“as-”开头。所有路由集名称均以前缀“rs-”开头。所有rtr集合名称都以前缀“rtrs-”开头。所有过滤器集名称都以前缀“fltr-”开头。所有对等集名称都以前缀“prng-”开头。例如,as-foo是一个有效的as-set名称。
Set names can also be hierarchical. A hierarchical set name is a sequence of set names and AS numbers separated by colons ":". At least one component of such a name must be an actual set name (i.e. start with one of the prefixes above). All the set name components of an hierarchical name has to be of the same type. For example, the following names are valid: AS1:AS-CUSTOMERS, AS1:RS-EXPORT:AS2, RS-EXCEPTIONS:RS-BOGUS.
集合名称也可以是分层的。分层集合名称是集合名称的序列,以冒号“:”分隔。此类名称的至少一个组成部分必须是实际的集合名称(即,以上述前缀之一开头)。层次名称的所有集合名称组件必须为同一类型。例如,以下名称有效:AS1:AS-CUSTOMERS、AS1:RS-EXPORT:AS2、RS-EXCEPTIONS:RS-BOGUS。
The purpose of an hierarchical set name is to partition the set name space so that the maintainers of the set X1 controls the whole set name space underneath, i.e. X1:...:Xn-1. Thus, a set object with name X1:...:Xn-1:Xn can only be created by the maintainer of the object with name X1:...:Xn-1. That is, only the maintainer of AS1 can create a set with name AS1:AS-FOO; and only the maintainer of AS1:AS-FOO can create a set with name AS1:AS-FOO:AS-BAR. Please see RPS Security Document [20] for details.
分层集合名称的目的是划分集合名称空间,以便集合X1的维护者控制下面的整个集合名称空间,即X1:…:Xn-1。因此,名为X1:…:Xn-1:Xn的集合对象只能由名为X1:…:Xn-1的对象的维护者创建。也就是说,只有AS1的维护者才能创建一个名为AS1:AS-FOO的集合;只有AS1:AS-FOO的维护者才能创建一个名为AS1:AS-FOO:AS-BAR的集合。有关详细信息,请参见RPS安全文档[20]。
The attributes of the as-set class are shown in Figure 9. The as-set attribute defines the name of the set. It is an RPSL name that starts with "as-". The members attribute lists the members of the set. The members attribute is a list of AS numbers, or other as-set names.
as set类的属性如图9所示。“作为集”属性定义集的名称。它是一个以“as-”开头的RPSL名称。“成员”属性列出集合的成员。“成员”属性是AS编号或其他AS集合名称的列表。
Attribute Value Type
as-set <object-name> mandatory, single-valued,
class key
members list of <as-numbers> or optional, multi-valued
<as-set-names>
mbrs-by-ref list of <mntner-names> optional, multi-valued
Attribute Value Type
as-set <object-name> mandatory, single-valued,
class key
members list of <as-numbers> or optional, multi-valued
<as-set-names>
mbrs-by-ref list of <mntner-names> optional, multi-valued
Figure 9: as-set Class Attributes
图9:as set类属性
Figure 10 presents two as-set objects. The set as-foo contains two ASes, namely AS1 and AS2. The set as-bar contains the members of the set as-foo and AS3, that is it contains AS1, AS2, AS3. The set as-empty contains no members.
图10显示了两个as set对象。set as foo包含两个ASE,即AS1和AS2。set-as栏包含set-as-foo和AS3的成员,也就是说,它包含AS1、AS2和AS3。集为空不包含任何成员。
as-set: as-foo as-set: as-bar as-set: as-empty
members: AS1, AS2 members: AS3, as-foo
as-set: as-foo as-set: as-bar as-set: as-empty
members: AS1, AS2 members: AS3, as-foo
Figure 10: as-set objects.
图10:as set对象。
The mbrs-by-ref attribute is a list of maintainer names or the keyword ANY. If this attribute is used, the AS set also includes ASes whose aut-num objects are registered by one of these maintainers and whose member-of attribute refers to the name of this AS set. If the value of a mbrs-by-ref attribute is ANY, any AS object referring to the AS set is a member of the set. If the mbrs-by-ref attribute is missing, only the ASes listed in the members attribute are members of the set.
mbrs by ref属性是维护人员名称或关键字ANY的列表。如果使用此属性,AS集还包括其aut num对象由这些维护者之一注册的ASE,并且其属性成员引用此AS集的名称。如果mbrs by ref属性的值为ANY,则引用AS集的任何AS对象都是该集的成员。如果缺少mbrs by ref属性,则只有members属性中列出的ASE是集合的成员。
as-set: as-foo members: AS1, AS2 mbrs-by-ref: MNTR-ME
as set:as foo成员:AS1、AS2 MBR由ref:MNTR-ME提供
aut-num: AS3 aut-num: AS4
member-of: as-foo member-of: as-foo
mnt-by: MNTR-ME mnt-by: MNTR-OTHER
aut-num: AS3 aut-num: AS4
member-of: as-foo member-of: as-foo
mnt-by: MNTR-ME mnt-by: MNTR-OTHER
Figure 11: as-set objects.
图11:as set对象。
Figure 11 presents an example as-set object that uses the mbrs-by-ref attribute. The set as-foo contains AS1, AS2 and AS3. AS4 is not a member of the set as-foo even though the aut-num object references as-foo. This is because MNTR-OTHER is not listed in the as-foo's mbrs-by-ref attribute.
图11显示了一个使用mbrs by ref属性的ASSET对象示例。set as foo包含AS1、AS2和AS3。AS4不是set as foo的成员,即使aut num对象引用为foo。这是因为MNTR-OTHER未列在as foo的mbrs by ref属性中。
The attributes of the route-set class are shown in Figure 12. The route-set attribute defines the name of the set. It is an RPSL name that starts with "rs-". The members attribute lists the members of the set. The members attribute is a list of address prefixes or other route-set names. Note that, the route-set class is a set of route prefixes, not of RPSL route objects.
route set类的属性如图12所示。route set属性定义集合的名称。它是一个以“rs-”开头的RPSL名称。“成员”属性列出集合的成员。members属性是地址前缀或其他路由集名称的列表。请注意,route set类是一组路由前缀,而不是RPSL路由对象。
Attribute Value Type
route-set <object-name> mandatory,
single-valued,
class key
members list of <address-prefix-range> or optional, multi-valued
<route-set-name> or
<route-set-name><range-operator>
mbrs-by-ref list of <mntner-names> optional, multi-valued
Attribute Value Type
route-set <object-name> mandatory,
single-valued,
class key
members list of <address-prefix-range> or optional, multi-valued
<route-set-name> or
<route-set-name><range-operator>
mbrs-by-ref list of <mntner-names> optional, multi-valued
Figure 12: route-set Class Attributes
图12:路由集类属性
Figure 13 presents some example route-set objects. The set rs-foo contains two address prefixes, namely 128.9.0.0/16 and 128.9.0.0/24. The set rs-bar contains the members of the set rs-foo and the address prefix 128.7.0.0/16.
图13显示了一些示例路由集对象。set rs foo包含两个地址前缀,即128.9.0.0/16和128.9.0.0/24。集合rs栏包含集合rs foo的成员和地址前缀128.7.0.0/16。
An address prefix or a route-set name in a members attribute can be optionally followed by a range operator. For example, the following set:
“成员”属性中的地址前缀或路由集名称可以可选地后跟范围运算符。例如,以下集合:
route-set: rs-foo
members: 128.9.0.0/16, 128.9.0.0/24
route-set: rs-foo
members: 128.9.0.0/16, 128.9.0.0/24
route-set: rs-bar members: 128.7.0.0/16, rs-foo
路由集:rs bar成员:128.7.0.0/16,rs foo
Figure 13: route-set Objects
图13:路由集对象
route-set: rs-bar
members: 5.0.0.0/8^+, 30.0.0.0/8^24-32, rs-foo^+
route-set: rs-bar
members: 5.0.0.0/8^+, 30.0.0.0/8^24-32, rs-foo^+
contains all the more specifics of 5.0.0.0/8 including 5.0.0.0/8, all the more specifics of 30.0.0.0/8 which are of length 24 to 32 such as 30.9.9.96/28, and all the more specifics of address prefixes in route set rs-foo.
包含5.0.0.0/8的所有更多细节,包括5.0.0.0/8,30.0.0.0/8的所有更多细节,长度为24到32,如30.9.9.96/28,以及路由集rs foo中地址前缀的所有更多细节。
The mbrs-by-ref attribute is a list of maintainer names or the keyword ANY. If this attribute is used, the route set also includes address prefixes whose route objects are registered by one of these maintainers and whose member-of attribute refers to the name of this route set. If the value of a mbrs-by-ref attribute is ANY, any route object referring to the route set name is a member. If the mbrs-by-ref attribute is missing, only the address prefixes listed in the members attribute are members of the set.
mbrs by ref属性是维护人员名称或关键字ANY的列表。如果使用此属性,则路由集还包括地址前缀,这些地址前缀的路由对象由这些维护者之一注册,并且其属性成员引用此路由集的名称。如果mbrs by ref属性的值为ANY,则引用路由集名称的任何路由对象都是成员。如果缺少mbrs by ref属性,则只有members属性中列出的地址前缀是集合的成员。
route-set: rs-foo mbrs-by-ref: MNTR-ME, MNTR-YOU
路由集:rs foo mbrs参考:MNTR-ME,MNTR-YU
route-set: rs-bar members: 128.7.0.0/16 mbrs-by-ref: MNTR-YOU
路由集:rs bar成员:128.7.0.0/16 MBR由参考:MNTR-YU
route: 128.9.0.0/16 origin: AS1 member-of: rs-foo mnt-by: MNTR-ME
路线:128.9.0.0/16来源:AS1成员:rs foo mnt发件人:MNTR-ME
route: 128.8.0.0/16 origin: AS2 member-of: rs-foo, rs-bar mnt-by: MNTR-YOU
路线:128.8.0.0/16来源:AS2成员:rs foo,rs bar mnt作者:MNTR-YU
Figure 14: route-set objects.
图14:路由集对象。
Figure 14 presents example route-set objects that use the mbrs-by-ref attribute. The set rs-foo contains two address prefixes, namely 128.8.0.0/16 and 128.9.0.0/16 since the route objects for 128.8.0.0/16 and 128.9.0.0/16 refer to the set name rs-foo in their member-of attribute. The set rs-bar contains the address prefixes 128.7.0.0/16 and 128.8.0.0/16. The route 128.7.0.0/16 is explicitly listed in the members attribute of rs-bar, and the route object for 128.8.0.0/16 refer to the set name rs-bar in its member-of attribute.
图14显示了使用mbrs by ref属性的示例路由集对象。集合rs foo包含两个地址前缀,即128.8.0.0/16和128.9.0.0/16,因为128.8.0.0/16和128.9.0.0/16的路由对象在其属性成员中引用集合名称rs foo。set rs栏包含地址前缀128.7.0.0/16和128.8.0.0/16。路由128.7.0.0/16在rs bar的“成员”属性中显式列出,128.8.0.0/16的路由对象在其“成员”属性中引用集合名称rs bar。
Note that, if an address prefix is listed in a members attribute of a route set, it is a member of that route set. The route object corresponding to this address prefix does not need to contain a member-of attribute referring to this set name. The member-of attribute of the route class is an additional mechanism for specifying the members indirectly.
请注意,如果地址前缀列在路由集的“成员”属性中,则它是该路由集的成员。与此地址前缀对应的路由对象不需要包含引用此集合名称的属性的成员。route类的member of属性是间接指定成员的附加机制。
In a context that expects a route set (e.g. members attribute of the route-set class), an AS number ASx defines the set of routes that are originated by ASx; and an as-set AS-X defines the set of routes that are originated by the ASes in AS-X. A route p is said to be originated by ASx if there is a route object for p with ASx as the value of the origin attribute. For example, in Figure 15, the route set rs-special contains 128.9.0.0/16, routes of AS1 and AS2, and routes of the ASes in AS set AS-FOO.
在需要路由集的上下文中(例如,路由集类的members属性),AS编号ASx定义由ASx发起的路由集;as set as-X定义了as-X中ASE发起的路由集。如果p有一个路由对象,且ASx作为origin属性的值,则称路由p是由ASx发起的。例如,在图15中,路由集rs special包含128.9.0.0/16、AS1和AS2的路由以及AS set AS-FOO中ASE的路由。
route-set: rs-special members: 128.9.0.0/16, AS1, AS2, AS-FOO
路由集:rs特殊成员:128.9.0.0/16、AS1、AS2、AS-FOO
Figure 15: Use of AS numbers and AS sets in route sets.
图15:在路由集合中使用AS编号和AS集合。
The set rs-any contains all routes registered in IRR. The set as-any contains all ASes registered in IRR.
集合rs any包含在IRR中注册的所有路由。集合as any包含在IRR中注册的所有ASE。
The attributes of the filter-set class are shown in Figure 16. A filter-set object defines a set of routes that are matched by its filter. The filter-set attribute defines the name of the filter. It is an RPSL name that starts with "fltr-".
filter set类的属性如图16所示。过滤器集对象定义一组由其过滤器匹配的路由。过滤器集属性定义过滤器的名称。它是一个以“fltr-”开头的RPSL名称。
Attribute Value Type filter-set <object-name> mandatory, single-valued, class key filter <filter> mandatory, single-valued
属性值类型筛选器集<对象名称>必需,单值,类键筛选器<筛选器>必需,单值
Figure 16: filter Class Attributes
图16:过滤器类属性
filter-set: fltr-foo
filter: { 5.0.0.0/8, 6.0.0.0/8 }
filter-set: fltr-foo
filter: { 5.0.0.0/8, 6.0.0.0/8 }
filter-set: fltr-bar
filter: (AS1 or fltr-foo) and <AS2>
filter-set: fltr-bar
filter: (AS1 or fltr-foo) and <AS2>
Figure 17: filter-set objects.
图17:过滤器集对象。
The filter attribute defines the set's policy filter. A policy filter is a logical expression which when applied to a set of routes returns a subset of these routes. We say that the policy filter matches the subset returned. The policy filter can match routes using any BGP path attribute, such as the destination address prefix (or NLRI), AS-path, or community attributes.
filter属性定义集合的策略筛选器。策略筛选器是一个逻辑表达式,当应用于一组路由时,它将返回这些路由的子集。我们说策略过滤器匹配返回的子集。策略筛选器可以使用任何BGP路径属性(如目标地址前缀(或NLRI))作为路径或社区属性来匹配路由。
The policy filters can be composite by using the operators AND, OR, and NOT. The following policy filters can be used to select a subset of routes:
策略筛选器可以通过使用运算符AND、OR和NOT进行组合。以下策略筛选器可用于选择路由的子集:
ANY The keyword ANY matches all routes.
关键字ANY中的ANY匹配所有路由。
Address-Prefix Set This is an explicit list of address prefixes enclosed in braces '{' and '}'. The policy filter matches the set of routes whose destination address-prefix is in the set. For example:
地址前缀集这是大括号“{”和“}”中包含的地址前缀的显式列表。策略筛选器匹配目标地址前缀位于该集合中的路由集合。例如:
{ 0.0.0.0/0 }
{ 128.9.0.0/16, 128.8.0.0/16, 128.7.128.0/17, 5.0.0.0/8 }
{ }
{ 0.0.0.0/0 }
{ 128.9.0.0/16, 128.8.0.0/16, 128.7.128.0/17, 5.0.0.0/8 }
{ }
An address prefix can be optionally followed by a range operator (i.e.
地址前缀可以选择后跟范围运算符(即。
{ 5.0.0.0/8^+, 128.9.0.0/16^-, 30.0.0.0/8^16, 30.0.0.0/8^24-32 }
{ 5.0.0.0/8^+, 128.9.0.0/16^-, 30.0.0.0/8^16, 30.0.0.0/8^24-32 }
contains all the more specifics of 5.0.0.0/8 including 5.0.0.0/8, all the more specifics of 128.9.0.0/16 excluding 128.9.0.0/16, all the more specifics of 30.0.0.0/8 which are of length 16 such as 30.9.0.0/16, and all the more specifics of 30.0.0.0/8 which are of length 24 to 32 such as 30.9.9.96/28.
包含5.0.0.0/8的所有更多细节,包括5.0.0.0/8,128.9.0.0/16的所有更多细节,不包括128.9.0.0/16,30.0.0.0/8的所有更多细节,长度为16,如30.9.0.0/16,以及30.0.0.0/8的所有更多细节,长度为24到32,如30.9.9.96/28。
Route Set Name A route set name matches the set of routes that are members of the set. A route set name may be a name of a route-set object, an AS number, or a name of an as-set object (AS numbers and as-set names implicitly define route sets; please see Section 5.3). For example:
路由集名称路由集名称与作为该集成员的路由集匹配。路由集名称可以是路由集对象的名称、AS编号或AS集对象的名称(AS编号和AS集名称隐式定义路由集;请参见第5.3节)。例如:
aut-num: AS1 import: from AS2 accept AS2 import: from AS2 accept AS-FOO import: from AS2 accept RS-FOO
aut num:AS1导入:从AS2接受AS2导入:从AS2接受AS-FOO导入:从AS2接受RS-FOO
The keyword PeerAS can be used instead of the AS number of the peer AS. PeerAS is particularly useful when the peering is specified using an AS expression. For example:
可以使用关键字PeerAS代替对等AS的AS编号。当使用AS表达式指定对等时,PeerAS特别有用。例如:
as-set: AS-FOO members: AS2, AS3
as集合:as-FOO成员:AS2、AS3
aut-num: AS1 import: from AS-FOO accept PeerAS
aut num:AS1导入:从AS-FOO接受PeerAS
is same as:
同:
aut-num: AS1 import: from AS2 accept AS2 import: from AS3 accept AS3
aut num:AS1导入:从AS2接受AS2导入:从AS3接受AS3
A route set name can also be followed by one of the operators '^-', '^+', example, { 5.0.0.0/8, 6.0.0.0/8 }^+ equals { 5.0.0.0/8^+, 6.0.0.0/8^+ }, and AS1^- equals all the exclusive more specifics of routes originated by AS1.
路由集名称后面还可以跟有一个操作符“^-”、“^+”,例如,{5.0.0.0/8、6.0.0.0/8}^+等于{5.0.0.0/8^+、6.0.0/8^+,以及AS1^-等于AS1发起的路由的所有排他更详细信息。
AS Path Regular Expressions An AS-path regular expression can be used as a policy filter by enclosing the expression in `<' and `>'. An AS-path policy filter matches the set of routes which traverses a sequence of ASes matched by the AS-path regular expression. A router can check this using the AS_PATH attribute in the Border Gateway Protocol [19], or the RD_PATH attribute in the Inter-Domain Routing Protocol [18].
AS-Path正则表达式AS-Path正则表达式可以用作策略筛选器,方法是将表达式封装在“<”和“>”中。AS path策略筛选器匹配通过AS path正则表达式匹配的ASE序列的路由集。路由器可以使用边界网关协议[19]中的AS_PATH属性或域间路由协议[18]中的RD_PATH属性来检查这一点。
AS-path Regular Expressions are POSIX compliant regular expressions over the alphabet of AS numbers. The regular expression constructs are as follows:
AS路径正则表达式是AS数字字母表上的POSIX兼容正则表达式。正则表达式构造如下所示:
ASN where ASN is an AS number. ASN matches the AS-path that is of length 1 and contains the corresponding AS number (e.g. AS-path regular expression AS1 matches the AS-path "1").
ASN,其中ASN是AS编号。ASN匹配长度为1且包含相应AS编号的AS路径(例如,AS路径正则表达式AS1匹配AS路径“1”)。
The keyword PeerAS can be used instead of the AS number of the peer AS.
可以使用关键字PeerAS代替对等AS的AS编号。
AS-set where AS-set is an AS set name. AS-set matches the AS-paths that is matched by one of the ASes in the AS-set.
AS set,其中AS set是AS set名称。AS集合匹配AS集合中某个ASE匹配的AS路径。
. matches the AS-paths matched by any AS number.
. 匹配由任意AS编号匹配的AS路径。
[...] is an AS number set. It matches the AS-paths matched by the AS numbers listed between the brackets. The AS numbers in the set are separated by white space characters. If a `-' is used between two AS numbers in this set, all AS numbers between the two AS numbers are included in the set. If an as-set name is listed, all AS numbers in the as-set are included.
[…]是一个AS编号集。它匹配由括号之间列出的AS编号匹配的AS路径。集合中的AS编号由空格字符分隔。如果在该集合中两个AS编号之间使用“-”,则两个AS编号之间的所有AS编号都包含在该集合中。如果列出了as集合名称,则as集合中的所有as编号都将包括在内。
[^...] is a complemented AS number set. It matches any AS-path which is not matched by the AS numbers in the set.
[^…]是一个补码作为数字集。它匹配集合中AS编号不匹配的任何AS路径。
^ Matches the empty string at the beginning of an AS-path.
^匹配AS路径开头的空字符串。
$ Matches the empty string at the end of an AS-path.
$ 匹配AS路径末尾的空字符串。
We next list the regular expression operators in the decreasing order of evaluation. These operators are left associative, i.e. performed left to right.
接下来,我们将按求值的降序列出正则表达式运算符。这些运算符是左关联的,即从左到右执行。
Unary postfix operators * + ? {m} {m,n} {m,}
For a regular expression A, A* matches zero or more occurrences of
A; A+ matches one or more occurrences of A; A? matches zero or
one occurrence of A; A{m} matches m occurrence of A; A{m,n}
matches m to n occurrence of A; A{m,} matches m or more occurrence
of A. For example, [AS1 AS2]{2} matches AS1 AS1, AS1 AS2, AS2 AS1,
and AS2 AS2.
Unary postfix operators * + ? {m} {m,n} {m,}
For a regular expression A, A* matches zero or more occurrences of
A; A+ matches one or more occurrences of A; A? matches zero or
one occurrence of A; A{m} matches m occurrence of A; A{m,n}
matches m to n occurrence of A; A{m,} matches m or more occurrence
of A. For example, [AS1 AS2]{2} matches AS1 AS1, AS1 AS2, AS2 AS1,
and AS2 AS2.
Unary postfix operators ~* ~+ ~{m} ~{m,n} ~{m,} These operators have similar functionality as the corresponding operators listed above, but all occurrences of the regular expression has to match the same pattern. For example, [AS1 AS2]~{2} matches AS1 AS1 and AS2 AS2, but it does not match AS1 AS2 and AS2 AS1.
一元后缀运算符~*~+~{m}{m,n}{m,}这些运算符与上面列出的相应运算符具有类似的功能,但正则表达式的所有出现都必须匹配相同的模式。例如,[AS1 AS2]~{2}匹配AS1 AS1和AS2 AS2,但不匹配AS1 AS2和AS2 AS1。
Binary catenation operator This is an implicit operator and exists between two regular expressions A and B when no other explicit operator is specified. The resulting expression A B matches an AS-path if A matches some prefix of the AS-path and B matches the rest of the AS-path.
二元连环运算符这是一个隐式运算符,当未指定其他显式运算符时,它存在于两个正则表达式A和B之间。如果A与AS路径的某个前缀匹配,而B与AS路径的其余部分匹配,则生成的表达式ab与AS路径匹配。
Binary alternative (or) operator | For a regular expressions A and B, A | B matches any AS-path that is matched by A or B.
二进制可选(或)运算符|对于正则表达式a和B,a | B匹配由a或B匹配的任何AS路径。
Parenthesis can be used to override the default order of evaluation. White spaces can be used to increase readability.
括号可用于替代默认的求值顺序。空白可以用来增加可读性。
The following are examples of AS-path filters:
以下是AS路径过滤器的示例:
<AS3> <^AS1> <AS2$> <^AS1 AS2 AS3$> <^AS1 .* AS2$>.
<AS3><AS1><AS2$><AS1 AS2 AS3$><AS1.*AS2$>。
The first example matches any route whose AS-path contains AS3, the second matches routes whose AS-path starts with AS1, the third matches routes whose AS-path ends with AS2, the fourth matches routes whose AS-path is exactly "1 2 3", and the fifth matches routes whose AS-path starts with AS1 and ends in AS2 with any number of AS numbers in between.
第一个示例匹配AS路径包含AS3的任何路由,第二个匹配AS路径以AS1开头的路由,第三个匹配AS路径以AS2结尾的路由,第四个匹配AS路径正好为“1 2 3”的路由,第五个匹配路径的AS路径以AS1开始,以AS2结束,中间有任意数量的AS编号。
Composite Policy Filters The following operators (in decreasing order of evaluation) can be used to form composite policy filters:
复合策略筛选器可以使用以下运算符(按求值的降序)形成复合策略筛选器:
NOT Given a policy filter x, NOT x matches the set of routes that are not matched by x. That is it is the negation of policy filter x.
未给定策略筛选器x,则NOT x与x不匹配的路由集相匹配。也就是说,它是对策略过滤器x的否定。
AND Given two policy filters x and y, x AND y matches the intersection of the routes that are matched by x and that are matched by y.
给定两个策略过滤器x和y,x和y匹配由x匹配和由y匹配的路线的交点。
OR Given two policy filters x and y, x OR y matches the union of the routes that are matched by x and that are matched by y.
或者给定两个策略筛选器x和y,x或y匹配由x匹配且由y匹配的路由的并集。
Note that an OR operator can be implicit, that is `x y' is equivalent to `x OR y'.
请注意,OR运算符可以是隐式的,即'xy'等同于'x或y'。
E.g.
NOT {128.9.0.0/16, 128.8.0.0/16}
AS226 AS227 OR AS228
AS226 AND NOT {128.9.0.0/16}
AS226 AND {0.0.0.0/0^0-18}
E.g.
NOT {128.9.0.0/16, 128.8.0.0/16}
AS226 AS227 OR AS228
AS226 AND NOT {128.9.0.0/16}
AS226 AND {0.0.0.0/0^0-18}
The first example matches any route except 128.9.0.0/16 and 128.8.0.0/16. The second example matches the routes of AS226, AS227 and AS228. The third example matches the routes of AS226 except 128.9.0.0/16. The fourth example matches the routes of AS226 whose length are not longer than 18.
第一个示例匹配除128.9.0.0/16和128.8.0.0/16之外的任何路由。第二个示例匹配AS226、AS227和AS228的路由。第三个示例与AS226的路由匹配,128.9.0.0/16除外。第四个示例匹配长度不超过18的AS226路由。
Routing Policy Attributes Policy filters can also use the values of other attributes for comparison. The attributes whose values can be used in policy filters are specified in the RPSL dictionary. Please refer to Section 7 for details. An example using the the BGP community attribute is shown below:
路由策略属性策略筛选器还可以使用其他属性的值进行比较。其值可用于策略筛选器的属性在RPSL字典中指定。详情请参阅第7节。使用BGP社区属性的示例如下所示:
aut-num: AS1 export: to AS2 announce AS1 AND NOT community(NO_EXPORT)
aut num:AS1导出:到AS2宣布AS1而不是社区(无导出)
Filters using the routing policy attributes defined in the dictionary are evaluated before evaluating the operators AND, OR and NOT.
使用字典中定义的路由策略属性的筛选器将在计算运算符AND、OR和NOT之前进行计算。
Filter Set Name A filter set name matches the set of routes that are matched by its filter attribute. Note that the filter attribute of a filter set, can recursively refer to other filter set names. For example in Figure 17, fltr-foo matches { 5.0.0.0/8, 6.0.0.0/8 }, and fltr-bar matches AS1'S routes or { 5.0.0.0/8, 6.0.0.0/8 } if their as path contained AS2.
筛选器集名称筛选器集名称与由其筛选器属性匹配的路由集匹配。请注意,过滤器集的过滤器属性可以递归地引用其他过滤器集名称。例如,在图17中,fltr foo匹配{5.0.0.0/8,6.0.0.0/8},fltr bar匹配AS1的路由或{5.0.0.0/8,6.0.0.0/8},如果它们的as路径包含AS2。
The attributes of the rtr-set class are shown in Figure 18. The rtr-set attribute defines the name of the set. It is an RPSL name that starts with "rtrs-". The members attribute lists the members of the set. The members attribute is a list of inet-rtr names, ipv4_addresses or other rtr-set names.
rtr集合类的属性如图18所示。rtr集合属性定义集合的名称。它是一个以“rtrs-”开头的RPSL名称。“成员”属性列出集合的成员。members属性是inet rtr名称、ipv4_地址或其他rtr集名称的列表。
Attribute Value Type
rtr-set <object-name> mandatory, single-valued,
class key
members list of <inet-rtr-names> or optional, multi-valued
<rtr-set-names>
or <ipv4_addresses>
mbrs-by-ref list of <mntner-names> optional, multi-valued
Attribute Value Type
rtr-set <object-name> mandatory, single-valued,
class key
members list of <inet-rtr-names> or optional, multi-valued
<rtr-set-names>
or <ipv4_addresses>
mbrs-by-ref list of <mntner-names> optional, multi-valued
Figure 18: rtr-set Class Attributes
图18:rtr集合类属性
Figure 19 presents two rtr-set objects. The set rtrs-foo contains two routers, namely rtr1.isp.net and rtr2.isp.net. The set rtrs-bar contains the members of the set rtrs-foo and rtr3.isp.net, that is it contains rtr1.isp.net, rtr2.isp.net, rtr3.isp.net.
图19显示了两个rtr集合对象。集合rtrs foo包含两个路由器,即rtr1.isp.net和rtr2.isp.net。集合rtrs栏包含集合rtrs foo和rtr3.isp.net的成员,即它包含rtr1.isp.net、rtr2.isp.net、rtr3.isp.net。
rtr-set: rtrs-foo rtr-set: rtrs-bar
members: rtr1.isp.net, rtr2.isp.net members: rtr3.isp.net, rtrs-foo
rtr-set: rtrs-foo rtr-set: rtrs-bar
members: rtr1.isp.net, rtr2.isp.net members: rtr3.isp.net, rtrs-foo
Figure 19: rtr-set objects.
图19:rtr集合对象。
The mbrs-by-ref attribute is a list of maintainer names or the keyword ANY. If this attribute is used, the router set also includes routers whose inet-rtr objects are registered by one of these maintainers and whose member-of attribute refers to the name of this router set. If the value of a mbrs-by-ref attribute is ANY, any inet-rtr object referring to the router set is a member of the set. If the mbrs-by-ref attribute is missing, only the routers listed in the members attribute are members of the set.
mbrs by ref属性是维护人员名称或关键字ANY的列表。如果使用此属性,则路由器集还包括其inet rtr对象由这些维护者之一注册且其属性成员引用此路由器集名称的路由器。如果mbrs by ref属性的值为ANY,则引用路由器集的任何inet rtr对象都是该集的成员。如果缺少mbrs by ref属性,则只有members属性中列出的路由器是集合的成员。
rtr-set: rtrs-foo members: rtr1.isp.net, rtr2.isp.net mbrs-by-ref: MNTR-ME
rtr集合:rtrs foo成员:rtr1.isp.net,rtr2.isp.net MBR由参考:MNTR-ME
inet-rtr: rtr3.isp.net local-as: as1 ifaddr: 1.1.1.1 masklen 30 member-of: rtrs-foo mnt-by: MNTR-ME
inet rtr:rtr3.isp.net本地as:as1 ifaddr:1.1.1 masklen 30成员:rtrs foo mnt by:MNTR-ME
Figure 20: rtr-set objects.
图20:rtr集合对象。
Figure 20 presents an example rtr-set object that uses the mbrs-by-ref attribute. The set rtrs-foo contains rtr1.isp.net, rtr2.isp.net and rtr3.isp.net.
图20显示了一个使用mbrs by ref属性的示例rtr集合对象。集合rtrs foo包含rtr1.isp.net、rtr2.isp.net和rtr3.isp.net。
The attributes of the peering-set class are shown in Figure 21. A peering-set object defines a set of peerings that are listed in its peering attributes. The peering-set attribute defines the name of the set. It is an RPSL name that starts with "prng-".
对等集类的属性如图21所示。对等集对象定义在其对等属性中列出的一组对等。对等集属性定义集的名称。它是一个以“prng-”开头的RPSL名称。
Attribute Value Type peering-set <object-name> mandatory, single-valued, class key peering <peering> mandatory, multi-valued
属性值类型对等集<object name>强制,单值,类键对等<peering>强制,多值
Figure 21: filter Class Attributes
图21:过滤器类属性
The peering attribute defines a peering that can be used for importing or
对等属性定义可用于导入或删除的对等
---------------------- ----------------------
| 7.7.7.1 |-------| |-------| 7.7.7.2 |
| | ======== | |
| AS1 | EX1 |-------| 7.7.7.3 AS2 |
| | | |
| 9.9.9.1 |------ ------| 9.9.9.2 |
---------------------- | | ----------------------
===========
| EX2
---------------------- |
| 9.9.9.3 |---------
| |
| AS3 |
----------------------
---------------------- ----------------------
| 7.7.7.1 |-------| |-------| 7.7.7.2 |
| | ======== | |
| AS1 | EX1 |-------| 7.7.7.3 AS2 |
| | | |
| 9.9.9.1 |------ ------| 9.9.9.2 |
---------------------- | | ----------------------
===========
| EX2
---------------------- |
| 9.9.9.3 |---------
| |
| AS3 |
----------------------
Figure 22: Example topology consisting of three ASes, AS1, AS2, and AS3; two exchange points, EX1 and EX2; and six routers.
图22:由AS1、AS2和AS3三个ASE组成的拓扑示例;两个交换点,EX1和EX2;和六个路由器。
exporting routes. In describing peerings, we are going to use the topology of Figure 22. In this topology, there are three ASes, AS1, AS2, and AS3; two exchange points, EX1 and EX2; and six routers. Routers connected to the same exchange point peer with each other and exchange routing information. That is, 7.7.7.1, 7.7.7.2 and 7.7.7.3 peer with each other; 9.9.9.1, 9.9.9.2 and 9.9.9.3 peer with each other.
出口路线。在描述对等时,我们将使用图22的拓扑结构。在这个拓扑中,有三个ASE,AS1、AS2和AS3;两个交换点,EX1和EX2;和六个路由器。连接到同一交换点的路由器彼此对等并交换路由信息。即7.7.7.1、7.7.7.2和7.7.7.3相互对等;9.9.9.1、9.9.9.2和9.9.9.3相互对等。
The syntax of a peering specification is:
对等规范的语法为:
<as-expression> [<router-expression-1>] [at <router-expression-2>]
| <peering-set-name>
<as-expression> [<router-expression-1>] [at <router-expression-2>]
| <peering-set-name>
where <as-expression> is an expression over AS numbers and AS sets using operators AND, OR, and EXCEPT, and <router-expression-1> and <router-expression-2> are expressions over router IP addresses, inet-rtr names, and rtr-set names using operators AND, OR, and EXCEPT. The binary "EXCEPT" operator is the set subtraction operator and has the same precedence as the operator AND (it is semantically equivalent to "AND NOT" combination). That is "(AS1 OR AS2) EXCEPT AS2" equals "AS1".
其中,<as expression>是使用运算符and、OR和EXCEPT的as数字和as集上的表达式,<router-expression-1>和<router-expression-2>是使用运算符and、OR和EXCEPT的路由器IP地址、inet rtr名称和rtr集名称上的表达式。二进制“EXCEPT”运算符是集合减法运算符,其优先级与运算符and相同(在语义上等同于“and NOT”组合)。即“(AS1或AS2)除AS2”等于“AS1”。
This form identifies all the peerings between any local router in <router-expression-2> to any of their peer routers in <router-expression-1> in the ASes in <as-expression>. If <router-expression-2> is not specified, it defaults to all routers of the local AS that peer with ASes in <as-expression>. If <router-expression-1> is not specified, it defaults to all routers of the peer ASes in <as-expression> that peer with the local AS.
此表单标识<router-expression-2>中任何本地路由器与<as expression>中ASes中<router-expression-1>中任何对等路由器之间的所有对等。如果未指定<router-expression-2>,则默认为本地的所有路由器都是<AS expression>中具有ASE的对等路由器。如果未指定<router-expression-1>,则默认为<as expression>中具有本地as的对等ASE的所有路由器。
If a <peering-set-name> is used, the peerings are listed in the corresponding peering-set object. Note that the peering-set objects can be recursive.
如果使用<peering set name>,对等将列在相应的对等集对象中。请注意,对等集对象可以是递归的。
Many special forms of this general peering specification is possible. The following examples illustrate the most common cases, using the import attribute of the aut-num class. In the following example 7.7.7.1 imports 128.9.0.0/16 from 7.7.7.2.
这种通用对等规范的许多特殊形式是可能的。以下示例使用aut num类的import属性说明了最常见的情况。在以下示例中,7.7.7.1从7.7.7.2导入128.9.0.0/16。
(1) aut-num: AS1
import: from AS2 7.7.7.2 at 7.7.7.1 accept { 128.9.0.0/16 }
(1) aut-num: AS1
import: from AS2 7.7.7.2 at 7.7.7.1 accept { 128.9.0.0/16 }
In the following example 7.7.7.1 imports 128.9.0.0/16 from 7.7.7.2 and 7.7.7.3.
在以下示例中,7.7.7.1从7.7.7.2和7.7.7.3导入128.9.0.0/16。
(2) aut-num: AS1
import: from AS2 at 7.7.7.1 accept { 128.9.0.0/16 }
(2) aut-num: AS1
import: from AS2 at 7.7.7.1 accept { 128.9.0.0/16 }
In the following example 7.7.7.1 imports 128.9.0.0/16 from 7.7.7.2 and 7.7.7.3, and 9.9.9.1 imports 128.9.0.0/16 from 9.9.9.2.
在以下示例中,7.7.7.1从7.7.7.2和7.7.7.3导入128.9.0.0/16,9.9.9.1从9.9.9.2导入128.9.0.0/16。
(3) aut-num: AS1
import: from AS2 accept { 128.9.0.0/16 }
(3) aut-num: AS1
import: from AS2 accept { 128.9.0.0/16 }
In the following example 9.9.9.1 imports 128.9.0.0/16 from 9.9.9.2 and 9.9.9.3.
在以下示例中,9.9.9.1从9.9.9.2和9.9.9.3导入128.9.0.0/16。
(4) as-set: AS-FOO members: AS2, AS3
(4) as集合:as-FOO成员:AS2、AS3
aut-num: AS1
import: from AS-FOO at 9.9.9.1 accept { 128.9.0.0/16 }
aut-num: AS1
import: from AS-FOO at 9.9.9.1 accept { 128.9.0.0/16 }
In the following example 9.9.9.1 imports 128.9.0.0/16 from 9.9.9.2 and 9.9.9.3, and 7.7.7.1 imports 128.9.0.0/16 from 7.7.7.2 and 7.7.7.3.
在以下示例中,9.9.9.1从9.9.9.2和9.9.9.3导入128.9.0.0/16,7.7.7.1从7.7.7.2和7.7.7.3导入128.9.0.0/16。
(5) aut-num: AS1
import: from AS-FOO accept { 128.9.0.0/16 }
(5) aut-num: AS1
import: from AS-FOO accept { 128.9.0.0/16 }
In the following example AS1 imports 128.9.0.0/16 from AS3 at router 9.9.9.1
在以下示例中,AS1在路由器9.9.9.1处从AS3导入128.9.0.0/16
(6) aut-num: AS1
import: from AS-FOO and not AS2 at not 7.7.7.1
accept { 128.9.0.0/16 }
(6) aut-num: AS1
import: from AS-FOO and not AS2 at not 7.7.7.1
accept { 128.9.0.0/16 }
This is because "AS-FOO and not AS2" equals AS3 and "not 7.7.7.1" equals 9.9.9.1.
这是因为“AS-FOO而非AS2”等于AS3,“非7.7.7.1”等于9.9.9.1。
In the following example 9.9.9.1 imports 128.9.0.0/16 from 9.9.9.2 and 9.9.9.3.
在以下示例中,9.9.9.1从9.9.9.2和9.9.9.3导入128.9.0.0/16。
(7) peering-set: prng-bar peering: AS1 at 9.9.9.1
(7) 对等设置:prng条对等:AS1在9.9.9.1
peering-set: prng-foo peering: prng-bar peering: AS2 at 9.9.9.1
对等设置:prng foo对等:prng bar对等:AS2在9.9.9.1
aut-num: AS1
import: from prng-foo accept { 128.9.0.0/16 }
aut-num: AS1
import: from prng-foo accept { 128.9.0.0/16 }
6 aut-num Class
6 aut num类
Routing policies are specified using the aut-num class. The attributes of the aut-num class are shown in Figure 23. The value of the aut-num attribute is the AS number of the AS described by this object. The as-name attribute is a symbolic name (in RPSL name syntax) of the AS. The import, export and default routing policies of the AS are specified using import, export and default attributes respectively.
路由策略使用aut num类指定。aut num类的属性如图23所示。aut num属性的值是此对象所描述的对象的AS编号。as name属性是as的符号名(在RPSL名称语法中)。AS的导入、导出和默认路由策略分别使用导入、导出和默认属性指定。
Attribute Value Type aut-num <as-number> mandatory, single-valued, class key as-name <object-name> mandatory, single-valued member-of list of <as-set-names> optional, multi-valued import see Section 6.1 optional, multi valued export see Section 6.2 optional, multi valued default see Section 6.5 optional, multi valued
属性值类型aut num<as number>强制、单值、类键as name<object name>强制、<as集合名称>列表的单值成员可选、多值导入见第6.1节可选、多值导出见第6.2节可选、多值默认见第6.5节可选、多值
Figure 23: aut-num Class Attributes
图23:aut num类属性
In RPSL, an import policy is divided into import policy expressions. Each import policy expression is specified using an import attribute. The import attribute has the following syntax (we will extend this syntax later in Sections 6.3 and 6.6):
在RPSL中,导入策略分为导入策略表达式。每个导入策略表达式都使用导入属性指定。导入属性具有以下语法(我们将在后面的第6.3节和第6.6节中扩展此语法):
import: from <peering-1> [action <action-1>]
. . .
from <peering-N> [action <action-N>]
accept <filter>
import: from <peering-1> [action <action-1>]
. . .
from <peering-N> [action <action-N>]
accept <filter>
The action specification is optional. The semantics of an import attribute is as follows: the set of routes that are matched by <filter> are imported from all the peers in <peerings>; while importing routes at <peering-M>, <action-M> is executed.
操作规范是可选的。导入属性的语义如下:由<filter>匹配的路由集从<peerings>中的所有对等方导入;在<peering-M>导入路由时,执行<action-M>。
E.g.
aut-num: AS1
import: from AS2 action pref = 1; accept { 128.9.0.0/16 }
E.g.
aut-num: AS1
import: from AS2 action pref = 1; accept { 128.9.0.0/16 }
This example states that the route 128.9.0.0/16 is accepted from AS2 with preference 1. We already presented how peerings (see Section 5.6) and filters (see Section 5.4) are specified. We next present how to specify actions.
该示例说明从AS2接受路由128.9.0.0/16,首选项为1。我们已经介绍了如何指定对等(见第5.6节)和过滤器(见第5.4节)。接下来,我们将介绍如何指定操作。
Policy actions in RPSL either set or modify route attributes, such as assigning a preference to a route, adding a BGP community to the BGP community path attribute, or setting the MULTI-EXIT-DISCRIMINATOR attribute. Policy actions can also instruct routers to perform special operations, such as route flap damping.
RPSL中的策略操作可以设置或修改路由属性,例如为路由分配首选项、将BGP社区添加到BGP社区路径属性或设置多出口鉴别器属性。策略操作还可以指示路由器执行特殊操作,例如路由翻转阻尼。
The routing policy attributes whose values can be modified in policy actions are specified in the RPSL dictionary. Please refer to Section 7 for a list of these attributes. Each action in RPSL is terminated by the semicolon character (';'). It is possible to form composite policy actions by listing them one after the other. In a composite policy action, the actions are executed left to right. For example,
可以在策略操作中修改其值的路由策略属性在RPSL字典中指定。有关这些属性的列表,请参阅第7节。RPSL中的每个操作都以分号(“;”)结尾。可以通过逐个列出组合策略操作来形成组合策略操作。在复合策略操作中,操作从左到右执行。例如
aut-num: AS1
import: from AS2
action pref = 10; med = 0; community.append(10250, 3561:10);
accept { 128.9.0.0/16 }
aut-num: AS1
import: from AS2
action pref = 10; med = 0; community.append(10250, 3561:10);
accept { 128.9.0.0/16 }
sets pref to 10, med to 0, and then appends 10250 and 3561:10 to the BGP community path attribute. The pref attribute is the inverse of the local-pref attribute (i.e. local-pref == 65535 - pref). A route with a local-pref attribute is always preferred over a route without one.
将pref设置为10,med设置为0,然后将10250和3561:10追加到BGP社区路径属性。pref属性与local pref属性相反(即local pref==65535-pref)。具有本地pref属性的路由始终优于没有本地pref属性的路由。
aut-num: AS1
import: from AS2 action pref = 1;
from AS3 action pref = 2;
accept AS4
aut-num: AS1
import: from AS2 action pref = 1;
from AS3 action pref = 2;
accept AS4
The above example states that AS4's routes are accepted from AS2 with preference 1, and from AS3 with preference 2 (routes with lower integer preference values are preferred over routes with higher integer preference values).
上面的示例说明,AS4的路由可从具有首选项1的AS2和具有首选项2的AS3接受(具有较低整数首选项值的路由优先于具有较高整数首选项值的路由)。
aut-num: AS1
import: from AS2 7.7.7.2 at 7.7.7.1 action pref = 1;
from AS2 action pref = 2;
accept AS4
aut-num: AS1
import: from AS2 7.7.7.2 at 7.7.7.1 action pref = 1;
from AS2 action pref = 2;
accept AS4
The above example states that AS4's routes are accepted from AS2 on peering 7.7.7.1-7.7.7.2 with preference 1, and on any other peering with AS2 with preference 2.
上面的示例说明,AS4的路由在优先权为1的对等7.7.7.1-7.7.2和优先权为2的任何其他对等上从AS2接受。
Similarly, an export policy expression is specified using an export attribute. The export attribute has the following syntax:
类似地,使用导出属性指定导出策略表达式。“导出”属性具有以下语法:
export: to <peering-1> [action <action-1>]
. . .
to <peering-N> [action <action-N>]
announce <filter>
export: to <peering-1> [action <action-1>]
. . .
to <peering-N> [action <action-N>]
announce <filter>
The action specification is optional. The semantics of an export attribute is as follows: the set of routes that are matched by <filter> are exported to all the peers specified in <peerings>; while exporting routes at <peering-M>, <action-M> is executed.
操作规范是可选的。导出属性的语义如下:由<filter>匹配的路由集导出到<peerings>中指定的所有对等方;在<peering-M>导出路由时,执行<action-M>。
E.g.
aut-num: AS1
export: to AS2 action med = 5; community .= { 70 };
announce AS4
E.g.
aut-num: AS1
export: to AS2 action med = 5; community .= { 70 };
announce AS4
In this example, AS4's routes are announced to AS2 with the med attribute's value set to 5 and community 70 added to the community list.
在本例中,AS4的路由被宣布给AS2,med属性的值设置为5,社区70添加到社区列表中。
Example:
例子:
aut-num: AS1 export: to AS-FOO announce ANY
aut num:AS1导出:到AS-FOO宣布任何
In this example, AS1 announces all of its routes to the ASes in the set AS-FOO.
在本例中,AS1在set AS-FOO中宣布其到ASE的所有路由。
6.3 Other Routing Protocols, Multi-Protocol Routing Protocols, and Injecting Routes Between Protocols
6.3 其他路由协议、多协议路由协议和协议之间的注入路由
The more complete syntax of the import and export attributes are as follows:
导入和导出属性的更完整语法如下所示:
import: [protocol <protocol-1>] [into <protocol-2>]
from <peering-1> [action <action-1>]
. . .
from <peering-N> [action <action-N>]
accept <filter>
export: [protocol <protocol-1>] [into <protocol-2>]
to <peering-1> [action <action-1>]
. . .
to <peering-N> [action <action-N>]
announce <filter>
import: [protocol <protocol-1>] [into <protocol-2>]
from <peering-1> [action <action-1>]
. . .
from <peering-N> [action <action-N>]
accept <filter>
export: [protocol <protocol-1>] [into <protocol-2>]
to <peering-1> [action <action-1>]
. . .
to <peering-N> [action <action-N>]
announce <filter>
Where the optional protocol specifications can be used for specifying policies for other routing protocols, or for injecting routes of one protocol into another protocol, or for multi-protocol routing policies. The valid protocol names are defined in the dictionary. The <protocol-1> is the name of the protocol whose routes are being exchanged. The <protocol-2> is the name of the protocol which is receiving these routes. Both <protocol-1> and <protocol-2> default to the Internet Exterior Gateway Protocol, currently BGP.
其中,可选协议规范可用于指定其他路由协议的策略,或用于将一个协议的路由注入另一个协议,或用于多协议路由策略。有效的协议名称在字典中定义。<protocol-1>是其路由正在交换的协议的名称。<protocol-2>是接收这些路由的协议的名称。<protocol-1>和<protocol-2>都默认为Internet外部网关协议,目前为BGP。
In the following example, all interAS routes are injected into RIP.
在以下示例中,所有interAS管线都被注入RIP。
aut-num: AS1 import: from AS2 accept AS2 export: protocol BGP4 into RIP to AS1 announce ANY
aut num:AS1导入:从AS2接受AS2导出:协议BGP4到RIP到AS1宣布任何
In the following example, AS1 accepts AS2's routes including any more specifics of AS2's routes, but does not inject these extra more specific routes into OSPF.
在下面的示例中,AS1接受AS2的路由,包括AS2路由的任何更多细节,但不将这些额外的更具体的路由注入OSPF。
aut-num: AS1 import: from AS2 accept AS2^+ export: protocol BGP4 into OSPF to AS1 announce AS2
aut num:AS1导入:从AS2接受AS2^+导出:协议BGP4到OSPF到AS1宣布AS2
In the following example, AS1 injects its static routes (routes which are members of the set AS1:RS-STATIC-ROUTES) to the interAS routing protocol and appends AS1 twice to their AS paths.
在以下示例中,AS1将其静态路由(属于集合AS1:RS-static-ROTES的成员的路由)注入interAS路由协议,并将AS1两次附加到其AS路径。
aut-num: AS1 import: protocol STATIC into BGP4 from AS1 action aspath.prepend(AS1, AS1); accept AS1:RS-STATIC-ROUTES
aut num:AS1导入:从AS1操作aspath.prepend(AS1,AS1)将协议静态导入BGP4;接受AS1:RS-STATIC-ROUTES
In the following example, AS1 imports different set of unicast routes for multicast reverse path forwarding from AS2:
在以下示例中,AS1从AS2导入用于多播反向路径转发的不同单播路由集:
aut-num: AS1 import: from AS2 accept AS2 import: protocol IDMR from AS2 accept AS2:RS-RPF-ROUTES
aut num:AS1导入:来自AS2接受AS2导入:协议IDMR来自AS2接受AS2:RS-RPF-ROUTES
It is possible that the same peering can be covered by more that one peering specification in a policy expression. For example:
同一对等可能被策略表达式中的多个对等规范覆盖。例如:
aut-num: AS1
import: from AS2 7.7.7.2 at 7.7.7.1 action pref = 2;
from AS2 7.7.7.2 at 7.7.7.1 action pref = 1;
accept AS4
aut-num: AS1
import: from AS2 7.7.7.2 at 7.7.7.1 action pref = 2;
from AS2 7.7.7.2 at 7.7.7.1 action pref = 1;
accept AS4
This is not an error, though definitely not desirable. To break the ambiguity, the action corresponding to the first peering specification is used. That is the routes are accepted with preference 2. We call this rule as the specification-order rule.
这不是一个错误,尽管绝对不可取。为了消除歧义,使用与第一个对等规范对应的动作。也就是说,首选项2接受路线。我们将此规则称为规范顺序规则。
Consider the example:
考虑这个例子:
aut-num: AS1
import: from AS2 action pref = 2;
from AS2 7.7.7.2 at 7.7.7.1 action pref = 1; dpa = 5;
accept AS4
aut-num: AS1
import: from AS2 action pref = 2;
from AS2 7.7.7.2 at 7.7.7.1 action pref = 1; dpa = 5;
accept AS4
where both peering specifications cover the peering 7.7.7.1-7.7.7.2, though the second one covers it more specifically. The specification order rule still applies, and only the action "pref = 2" is executed. In fact, the second peering-action pair has no use since the first peering-action pair always covers it. If the intended policy was to accept these routes with preference 1 on this particular peering and with preference 2 in all other peerings, the user should have specified:
其中两个对等规范均涵盖对等7.7.7.1-7.7.7.2,但第二个规范更具体地涵盖了它。规范顺序规则仍然适用,仅执行操作“pref=2”。事实上,第二个对等操作对没有任何用处,因为第一个对等操作对总是覆盖它。如果预期的策略是在该特定对等上以首选项1接受这些路由,在所有其他对等上以首选项2接受这些路由,则用户应指定:
aut-num: AS1
import: from AS2 7.7.7.2 at 7.7.7.1 action pref = 1; dpa = 5;
from AS2 action pref = 2;
accept AS4
aut-num: AS1
import: from AS2 7.7.7.2 at 7.7.7.1 action pref = 1; dpa = 5;
from AS2 action pref = 2;
accept AS4
It is also possible that more than one policy expression can cover the same set of routes for the same peering. For example:
也可能有多个策略表达式可以覆盖同一对等的同一组路由。例如:
aut-num: AS1
import: from AS2 action pref = 2; accept AS4
import: from AS2 action pref = 1; accept AS4
aut-num: AS1
import: from AS2 action pref = 2; accept AS4
import: from AS2 action pref = 1; accept AS4
In this case, the specification-order rule is still used. That is, AS4's routes are accepted from AS2 with preference 2. If the filters were overlapping but not exactly the same:
在这种情况下,仍然使用规范顺序规则。也就是说,AS4的路由从AS2接受,优先权为2。如果过滤器重叠但不完全相同:
aut-num: AS1
import: from AS2 action pref = 2; accept AS4
import: from AS2 action pref = 1; accept AS4 OR AS5
aut-num: AS1
import: from AS2 action pref = 2; accept AS4
import: from AS2 action pref = 1; accept AS4 OR AS5
the AS4's routes are accepted from AS2 with preference 2 and however AS5's routes are also accepted, but with preference 1.
AS4的路线可从AS2优先选择2接受,但AS5的路线也可接受,但优先选择1。
We next give the general specification order rule for the benefit of the RPSL implementors. Consider two policy expressions:
接下来,为了RPSL实现者的利益,我们给出了通用规范顺序规则。考虑两种策略表达式:
aut-num: AS1 import: from peerings-1 action action-1 accept filter-1 import: from peerings-2 action action-2 accept filter-2
aut num:AS1导入:来自对等项-1操作操作-1接受筛选器-1导入:来自对等项-2操作操作-2接受筛选器-2
The above policy expressions are equivalent to the following three expressions where there is no ambiguity:
上述政策表述等同于以下三种表述,其中不存在歧义:
aut-num: AS1 import: from peerings-1 action action-1 accept filter-1 import: from peerings-3 action action-2 accept filter-2 AND NOT filter-1 import: from peerings-4 action action-2 accept filter-2
aut num:AS1导入:来自对等-1操作操作-1接受过滤器-1导入:来自对等-3操作操作-2接受过滤器-2和非过滤器-1导入:来自对等-4操作操作-2接受过滤器-2
where peerings-3 are those that are covered by both peerings-1 and peerings-2, and peerings-4 are those that are covered by peerings-2 but not by peerings-1 ("filter-2 AND NOT filter-1" matches the routes that are matched by filter-2 but not by filter-1).
其中,peering-3是由peering-1和peering-2覆盖的路由,peering-4是由peering-2覆盖但不由peering-1覆盖的路由(“filter-2和not filter-1”匹配由filter-2匹配但不由filter-1匹配的路由)。
Example:
例子:
aut-num: AS1
import: from AS2 7.7.7.2 at 7.7.7.1
action pref = 2;
accept {128.9.0.0/16}
import: from AS2
action pref = 1;
accept {128.9.0.0/16, 75.0.0.0/8}
aut-num: AS1
import: from AS2 7.7.7.2 at 7.7.7.1
action pref = 2;
accept {128.9.0.0/16}
import: from AS2
action pref = 1;
accept {128.9.0.0/16, 75.0.0.0/8}
Lets consider two peerings with AS2, 7.7.7.1-7.7.7.2 and 9.9.9.1- 9.9.9.2. Both policy expressions cover 7.7.7.1-7.7.7.2. On this peering, the route 128.9.0.0/16 is accepted with preference 2, and the route 75.0.0.0/8 is accepted with preference 1. The peering 9.9.9.1-9.9.9.2 is only covered by the second policy expressions. Hence, both the route 128.9.0.0/16 and the route 75.0.0.0/8 are accepted with preference 1 on peering 9.9.9.1-9.9.9.2.
让我们考虑AS2,7.7.7.1-7.7.7.2和97.91-1-97.92.两种政策表述均涵盖7.7.7.1-7.7.7.2。在该对等中,使用首选项2接受路由128.9.0.0/16,使用首选项1接受路由75.0.0.0/8。对等9.9.9.1-9.9.9.2仅包含在第二个策略表达式中。因此,路由128.9.0.0/16和路由75.0.0.0/8在对等9.9.9.1-9.9.9.2上都被优先1接受。
Note that the same ambiguity resolution rules also apply to export and default policy expressions.
请注意,相同的歧义解决规则也适用于导出和默认策略表达式。
Default routing policies are specified using the default attribute. The default attribute has the following syntax:
默认路由策略是使用默认属性指定的。默认属性具有以下语法:
default: to <peering> [action <action>] [networks <filter>]
default: to <peering> [action <action>] [networks <filter>]
The <action> and <filter> specifications are optional. The semantics are as follows: The <peering> specification indicates the AS (and the router if present) is being defaulted to; the <action> specification, if present, indicates various attributes of defaulting, for example a relative preference if multiple defaults are specified; and the <filter> specifications, if present, is a policy filter. A router only uses the default policy if it received the routes matched by <filter> from this peer.
<action>和<filter>规格是可选的。语义如下:<peering>规范表示as(以及路由器,如果存在的话)被默认为;<action>规范(如果存在)表示默认的各种属性,例如,如果指定了多个默认值,则表示相对首选项;而<filter>规范(如果存在)是一个策略过滤器。路由器仅在从该对等方接收到与<filter>匹配的路由时才使用默认策略。
In the following example, AS1 defaults to AS2 for routing.
在下面的示例中,AS1默认为AS2进行路由。
aut-num: AS1 default: to AS2
aut num:AS1默认值:至AS2
In the following example, router 7.7.7.1 in AS1 defaults to router 7.7.7.2 in AS2.
在以下示例中,AS1中的路由器7.7.7.1默认为AS2中的路由器7.7.7.2。
aut-num: AS1 default: to AS2 7.7.7.2 at 7.7.7.1
aut num:AS1默认值:至AS2 7.7.7.2中的7.7.7.1
In the following example, AS1 defaults to AS2 and AS3, but prefers AS2 over AS3.
在下面的示例中,AS1默认为AS2和AS3,但更喜欢AS2而不是AS3。
aut-num: AS1
default: to AS2 action pref = 1;
default: to AS3 action pref = 2;
aut-num: AS1
default: to AS2 action pref = 1;
default: to AS3 action pref = 2;
In the following example, AS1 defaults to AS2 and uses 128.9.0.0/16 as the default network.
在下面的示例中,AS1默认为AS2,并使用128.9.0.0/16作为默认网络。
aut-num: AS1
default: to AS2 networks { 128.9.0.0/16 }
aut-num: AS1
default: to AS2 networks { 128.9.0.0/16 }
The import and export policies can be structured. We only reccomend structured policies to advanced RPSL users. Please feel free to skip this section.
导入和导出策略可以结构化。我们只向高级RPSL用户推荐结构化策略。请跳过本节。
The syntax for a structured policy specification is the following:
结构化策略规范的语法如下所示:
<import-factor> ::= from <peering-1> [action <action-1>]
. . .
from <peering-N> [action <action-N>]
accept <filter>;
<import-factor> ::= from <peering-1> [action <action-1>]
. . .
from <peering-N> [action <action-N>]
accept <filter>;
<import-term> ::= <import-factor> |
LEFT-BRACE
<import-factor>
. . .
<import-factor>
RIGHT-BRACE
<import-term> ::= <import-factor> |
LEFT-BRACE
<import-factor>
. . .
<import-factor>
RIGHT-BRACE
<import-expression> ::= <import-term> |
<import-term> EXCEPT <import-expression> |
<import-term> REFINE <import-expression>
<import-expression> ::= <import-term> |
<import-term> EXCEPT <import-expression> |
<import-term> REFINE <import-expression>
import: [protocol <protocol1>] [into <protocol2>]
<import-expression>
import: [protocol <protocol1>] [into <protocol2>]
<import-expression>
Please note the semicolon at the end of an <import-factor>. If the policy specification is not structured (as in all the examples in other sections), this semicolon is optional. The syntax and semantics for an <import-factor> is already defined in Section 6.1.
请注意<import factor>末尾的分号。如果策略规范没有结构化(与其他部分中的所有示例一样),则此分号是可选的。<import factor>的语法和语义已在第6.1节中定义。
An <import-term> is either a sequence of <import-factor>'s enclosed within matching braces (i.e. `{' and `}') or just a single <import-factor>. The semantics of an <import-term> is the union of <import-factor>'s using the specification order rule. An <import-expression> is either a single <import-term> or an <import-term> followed by one of the keywords "except" and "refine", followed by another <import-expression>. Note that our definition allows nested expressions. Hence there can be exceptions to exceptions, refinements to refinements, or even refinements to exceptions, and so on.
<import term>是包含在匹配大括号(即“{”和“}”)内的一系列<import factor>,或者只是一个<import factor>。<import term>的语义是使用规范顺序规则的<import factor>的并集。<import expression>可以是单个<import term>或<import term>,后跟一个关键字“except”和“refine”,然后是另一个<import expression>。注意,我们的定义允许嵌套表达式。因此,可以有例外的例外情况、对细化的细化,甚至对例外的细化,等等。
The semantics for the except operator is as follows: The result of an except operation is another <import-term>. The resulting policy set contains the policies of the right hand side but their filters are modified to only include the routes also matched by the left hand side. The policies of the left hand side are included afterwards and their filters are modified to exclude the routes matched by the right hand side. Please note that the filters are modified during this process but the actions are copied verbatim. When there are multiple levels of nesting, the operations (both except and refine) are performed right to left.
except操作符的语义如下:except操作的结果是另一个<import term>。生成的策略集包含右侧的策略,但其筛选器已修改为仅包含左侧也匹配的路由。之后将包括左侧的策略,并修改其过滤器以排除右侧匹配的路由。请注意,在此过程中会修改筛选器,但会逐字复制操作。当存在多个嵌套级别时,将从右向左执行操作(除和优化)。
Consider the following example:
考虑下面的例子:
import: from AS1 action pref = 1; accept as-foo;
except {
from AS2 action pref = 2; accept AS226;
except {
from AS3 action pref = 3; accept {128.9.0.0/16};
}
}
import: from AS1 action pref = 1; accept as-foo;
except {
from AS2 action pref = 2; accept AS226;
except {
from AS3 action pref = 3; accept {128.9.0.0/16};
}
}
where the route 128.9.0.0/16 is originated by AS226, and AS226 is a member of the as set as-foo. In this example, the route 128.9.0.0/16 is accepted from AS3, any other route (not 128.9.0.0/16) originated by AS226 is accepted from AS2, and any other ASes' routes in as-foo is accepted from AS1.
其中,路由128.9.0.0/16由AS226发起,而AS226是as set as foo的成员。在本例中,从AS3接受路由128.9.0.0/16,从AS2接受由AS226发起的任何其他路由(不是128.9.0.0/16),从AS1接受as foo中的任何其他ASE路由。
We can come to the same conclusion using the algebra defined above. Consider the inner exception specification:
使用上面定义的代数,我们可以得出相同的结论。考虑内部异常规范:
from AS2 action pref = 2; accept AS226;
except {
from AS3 action pref = 3; accept {128.9.0.0/16};
}
from AS2 action pref = 2; accept AS226;
except {
from AS3 action pref = 3; accept {128.9.0.0/16};
}
is equivalent to
相当于
{
from AS3 action pref = 3; accept AS226 AND {128.9.0.0/16};
from AS2 action pref = 2; accept AS226 AND NOT {128.9.0.0/16};
}
{
from AS3 action pref = 3; accept AS226 AND {128.9.0.0/16};
from AS2 action pref = 2; accept AS226 AND NOT {128.9.0.0/16};
}
Hence, the original expression is equivalent to:
因此,原始表达式相当于:
import: from AS1 action pref = 1; accept as-foo;
except {
from AS3 action pref = 3; accept AS226 AND {128.9.0.0/16};
from AS2 action pref = 2; accept AS226 AND NOT {128.9.0.0/16};
}
import: from AS1 action pref = 1; accept as-foo;
except {
from AS3 action pref = 3; accept AS226 AND {128.9.0.0/16};
from AS2 action pref = 2; accept AS226 AND NOT {128.9.0.0/16};
}
which is equivalent to
这相当于
import: {
进口:{
from AS3 action pref = 3;
accept as-foo AND AS226 AND {128.9.0.0/16};
from AS2 action pref = 2;
accept as-foo AND AS226 AND NOT {128.9.0.0/16};
from AS1 action pref = 1;
accept as-foo AND NOT
(AS226 AND NOT {128.9.0.0/16} OR AS226 AND {128.9.0.0/16});
}
from AS3 action pref = 3;
accept as-foo AND AS226 AND {128.9.0.0/16};
from AS2 action pref = 2;
accept as-foo AND AS226 AND NOT {128.9.0.0/16};
from AS1 action pref = 1;
accept as-foo AND NOT
(AS226 AND NOT {128.9.0.0/16} OR AS226 AND {128.9.0.0/16});
}
Since AS226 is in as-foo and 128.9.0.0/16 is in AS226, it simplifies to:
由于AS226在as foo中,而128.9.0.0/16在AS226中,因此它简化为:
import: {
from AS3 action pref = 3; accept {128.9.0.0/16};
from AS2 action pref = 2; accept AS226 AND NOT {128.9.0.0/16};
from AS1 action pref = 1; accept as-foo AND NOT AS226;
}
import: {
from AS3 action pref = 3; accept {128.9.0.0/16};
from AS2 action pref = 2; accept AS226 AND NOT {128.9.0.0/16};
from AS1 action pref = 1; accept as-foo AND NOT AS226;
}
In the case of the refine operator, the resulting set is constructed by taking the cartasian product of the two sides as follows: for each policy l in the left hand side and for each policy r in the right hand side, the peerings of the resulting policy are the peerings common to both r and l; the filter of the resulting policy is the intersection of l's filter and r's filter; and action of the resulting policy is l's action followed by r's action. If there are no common peerings, or if the intersection of filters is empty, a resulting policy is not generated.
在细化操作符的情况下,通过取两侧的cartasian乘积来构造结果集,如下所示:对于左侧的每个策略l和右侧的每个策略r,结果策略的对等是r和l共同的对等;结果策略的过滤器是l的过滤器和r的过滤器的交集;由此产生的策略的作用是l的作用,然后是r的作用。如果没有公共对等,或者筛选器的交集为空,则不会生成结果策略。
Consider the following example:
考虑下面的例子:
import: { from AS-ANY action pref = 1; accept community(3560:10);
from AS-ANY action pref = 2; accept community(3560:20);
} refine {
from AS1 accept AS1;
from AS2 accept AS2;
from AS3 accept AS3;
}
import: { from AS-ANY action pref = 1; accept community(3560:10);
from AS-ANY action pref = 2; accept community(3560:20);
} refine {
from AS1 accept AS1;
from AS2 accept AS2;
from AS3 accept AS3;
}
Here, any route with community 3560:10 is assigned a preference of 1 and any route with community 3560:20 is assigned a preference of 2 regardless of whom they are imported from. However, only AS1's routes are imported from AS1, and only AS2's routes are imported from AS2, and only AS3's routes are imported form AS3, and no routes are imported from any other AS. We can reach the same conclusion using the above algebra. That is, our example is equivalent to:
这里,任何具有社区3560:10的路线都被指定为首选项1,任何具有社区3560:20的路线都被指定为首选项2,而不管它们是从谁导入的。但是,只有AS1的路由从AS1导入,只有AS2的路由从AS2导入,只有AS3的路由从AS3导入,没有路由从任何其他AS导入。利用上述代数,我们可以得出相同的结论。也就是说,我们的示例相当于:
import: {
from AS1 action pref = 1; accept community(3560:10) AND AS1;
from AS1 action pref = 2; accept community(3560:20) AND AS1;
from AS2 action pref = 1; accept community(3560:10) AND AS2;
from AS2 action pref = 2; accept community(3560:20) AND AS2;
from AS3 action pref = 1; accept community(3560:10) AND AS3;
from AS3 action pref = 2; accept community(3560:20) AND AS3;
}
import: {
from AS1 action pref = 1; accept community(3560:10) AND AS1;
from AS1 action pref = 2; accept community(3560:20) AND AS1;
from AS2 action pref = 1; accept community(3560:10) AND AS2;
from AS2 action pref = 2; accept community(3560:20) AND AS2;
from AS3 action pref = 1; accept community(3560:10) AND AS3;
from AS3 action pref = 2; accept community(3560:20) AND AS3;
}
Note that the common peerings between "from AS1" and "from AS-ANY" are those peerings in "from AS1". Even though we do not formally define "common peerings", it is straight forward to deduce the definition from the definitions of peerings (please see Section 5.6).
请注意,“来自AS1”和“来自AS-ANY”之间的常见对等是“来自AS1”中的对等。尽管我们没有正式定义“公共对等”,但直接从对等的定义中推导出定义(请参见第5.6节)。
Consider the following example:
考虑下面的例子:
import: {
from AS-ANY action med = 0; accept {0.0.0.0/0^0-18};
} refine {
from AS1 at 7.7.7.1 action pref = 1; accept AS1;
from AS1 action pref = 2; accept AS1;
}
import: {
from AS-ANY action med = 0; accept {0.0.0.0/0^0-18};
} refine {
from AS1 at 7.7.7.1 action pref = 1; accept AS1;
from AS1 action pref = 2; accept AS1;
}
where only routes of length 0 to 18 are accepted and med's value is set to 0 to disable med's effect for all peerings; In addition, from AS1 only AS1's routes are imported, and AS1's routes imported at 7.7.7.1 are preferred over other peerings. This is equivalent to:
其中只接受长度为0到18的路由,并且med的值设置为0,以禁用所有对等的med效果;此外,从AS1只导入AS1的路由,在7.7.7.1中导入的AS1路由优先于其他对等路由。这相当于:
import: {
from AS1 at 7.7.7.1 action med=0; pref=1; accept {0.0.0.0/0^0-
18} AND AS1;
from AS1 action med=0; pref=2; accept {0.0.0.0/0^0-
18} AND AS1;
}
import: {
from AS1 at 7.7.7.1 action med=0; pref=1; accept {0.0.0.0/0^0-
18} AND AS1;
from AS1 action med=0; pref=2; accept {0.0.0.0/0^0-
18} AND AS1;
}
The above syntax and semantics also apply equally to structured export policies with "from" replaced with "to" and "accept" is replaced with "announce".
上述语法和语义同样适用于结构化出口政策,其中“from”替换为“to”,而“accept”替换为“annound”。
7 dictionary Class
7字典课
The dictionary class provides extensibility to RPSL. Dictionary objects define routing policy attributes, types, and routing protocols. Routing policy attributes, henceforth called rp-attributes, may correspond to actual protocol attributes, such as the BGP path attributes (e.g. community, dpa, and AS-path), or they may correspond to router features (e.g. BGP route flap damping). As new protocols, new protocol attributes, or new router features are
dictionary类提供了RPSL的扩展性。字典对象定义路由策略属性、类型和路由协议。路由策略属性(此后称为rp属性)可对应于实际协议属性,例如BGP路径属性(例如,社区、dpa和as路径),或者它们可对应于路由器特征(例如,BGP路由)。随着新协议、新协议属性或新路由器功能的出现
introduced, the dictionary object is updated to include appropriate rp-attribute and protocol definitions.
首先,更新dictionary对象以包括适当的rp属性和协议定义。
An rp-attribute is an abstract class; that is a data representation is not available. Instead, they are accessed through access methods. For example, the rp-attribute for the BGP AS-path attribute is called aspath; and it has an access method called prepend which stuffs extra AS numbers to the AS-path attributes. Access methods can take arguments. Arguments are strongly typed. For example, the method prepend above takes AS numbers as arguments.
rp属性是一个抽象类;这是一种不可用的数据表示形式。相反,它们是通过访问方法访问的。例如,BGP AS path属性的rp属性称为aspath;它有一个名为prepend的访问方法,它将额外的AS编号填充到AS路径属性中。访问方法可以接受参数。参数是强类型的。例如,上面的方法prepend将AS数字作为参数。
Once an rp-attribute is defined in the dictionary, it can be used to describe policy filters and actions. Policy analysis tools are required to fetch the dictionary object and recognize newly defined rp-attributes, types, and protocols. The analysis tools may approximate policy analyses on rp-attributes that they do not understand: a filter method may always match, and an action method may always perform no-operation. Analysis tools may even download code to perform appropriate operations using mechanisms outside the scope of RPSL.
一旦在字典中定义了rp属性,它就可以用来描述策略过滤器和操作。需要策略分析工具来获取dictionary对象并识别新定义的rp属性、类型和协议。分析工具可能会对他们不了解的rp属性进行近似策略分析:筛选方法可能始终匹配,而操作方法可能始终不执行任何操作。分析工具甚至可以下载代码,使用RPSL范围之外的机制执行适当的操作。
We next describe the syntax and semantics of the dictionary class. This description is not essential for understanding dictionary objects (but it is essential for creating one). Please feel free to skip to the RPSL Initial Dictionary subsection (Section 7.1).
接下来我们将描述dictionary类的语法和语义。此描述对于理解字典对象不是必需的(但对于创建字典对象是必需的)。请随时跳到RPSL初始字典小节(第7.1节)。
The attributes of the dictionary class are shown in Figure 24. The dictionary attribute is the name of the dictionary object, obeying the RPSL naming rules. There can be many dictionary objects, however there is always one well-known dictionary object "RPSL". All tools use this dictionary by default.
dictionary类的属性如图24所示。dictionary属性是dictionary对象的名称,遵循RPSL命名规则。可以有许多字典对象,但是始终有一个著名的字典对象“RPSL”。默认情况下,所有工具都使用此词典。
Attribute Value Type dictionary <object-name> mandatory, single-valued, class key rp-attribute see description in text optional, multi valued typedef see description in text optional, multi valued protocol see description in text optional, multi valued
属性值类型字典<对象名称>必填,单值,类键rp属性请参见文本中的说明可选,多值类型定义请参见文本中的说明可选,多值协议请参见文本中的说明可选,多值
Figure 24: dictionary Class Attributes
图24:字典类属性
The rp-attribute attribute has the following syntax:
rp属性具有以下语法:
rp-attribute: <name>
<method-1>(<type-1-1>, ..., <type-1-N1> [, "..."])
...
<method-M>(<type-M-1>, ..., <type-M-NM> [, "..."])
rp-attribute: <name>
<method-1>(<type-1-1>, ..., <type-1-N1> [, "..."])
...
<method-M>(<type-M-1>, ..., <type-M-NM> [, "..."])
where <name> is the name of the rp-attribute; and <method-i> is the name of an access method for the rp-attribute, taking Ni arguments where the j-th argument is of type <type-i-j>. A method name is either an RPSL name or one of the operators defined in Figure 25. The operator methods with the exception of operator() and operator[] can take only one argument.
其中<name>是rp属性的名称;<method-i>是rp属性的访问方法的名称,使用Ni参数,其中第j个参数的类型为<type-i-j>。方法名称可以是RPSL名称,也可以是图25中定义的运算符之一。运算符方法(运算符()和运算符[]除外)只能接受一个参数。
operator= operator==
operator<<= operator<
operator>>= operator>
operator+= operator>=
operator-= operator<=
operator*= operator!=
operator/= operator()
operator.= operator[]
operator= operator==
operator<<= operator<
operator>>= operator>
operator+= operator>=
operator-= operator<=
operator*= operator!=
operator/= operator()
operator.= operator[]
Figure 25: Operators
图25:运营商
An rp-attribute can have many methods defined for it. Some of the methods may even have the same name, in which case their arguments are of different types. If the argument list is followed by "...", the method takes a variable number of arguments. In this case, the actual arguments after the Nth argument are of type <type-N>.
rp属性可以定义许多方法。有些方法甚至可能具有相同的名称,在这种情况下,它们的参数具有不同的类型。如果参数列表后面跟着“…”,则该方法将采用数量可变的参数。在本例中,第N个参数后的实际参数的类型为<type-N>。
Arguments are strongly typed. A <type> in RPSL is either a predefined type, a union type, a list type, or a dictionary defined type. The predefined types are listed in Figure 26.
参数是强类型的。RPSL中的<type>是预定义类型、联合类型、列表类型或字典定义的类型。预定义类型如图26所示。
integer[lower, upper] ipv4_address real[lower, upper] address_prefix enum[name, name, ...] address_prefix_range string dns_name boolean filter rpsl_word as_set_name free_text route_set_name email rtr_set_name as_number filter_set_name peering_set_name
整数[lower,upper]ipv4_address real[lower,upper]address_prefix enum[name,name,…]address_prefix_range string dns_name布尔筛选器rpsl_word as_set_name free_text route_set_name电子邮件rtr_set_name as_number筛选器_set_name peering_set_name
Figure 26: Predefined Types
图26:预定义类型
The integer and the real predefined types can be followed by a lower and an upper bound to specify the set of valid values of the argument. The range specification is optional. We use the ANSI C language conventions for representing integer, real and string values. The enum type is followed by a list of RPSL names which are
整数和实预定义类型后面可以跟一个下限和一个上限,以指定参数的有效值集。范围规格是可选的。我们使用ANSI C语言约定来表示整数、实数和字符串值。枚举类型后面是RPSL名称列表,这些名称是
the valid values of the type. The boolean type can take the values true or false. as_number, ipv4_address, address_prefix and dns_name types are as in Section 2. filter type is a policy filter as in Section 6. The value of filter type is suggested to be enclosed in parenthesis.
类型的有效值。布尔类型可以接受true或false值。as_编号、ipv4_地址、地址_前缀和dns_名称类型如第2节所示。筛选器类型是策略筛选器,如第6节所示。建议将过滤器类型的值括在括号中。
The syntax of a union type is as follows:
联合类型的语法如下所示:
union <type-1>, ... , <type-N>
union <type-1>, ... , <type-N>
where <type-i> is an RPSL type. The union type is either of the types <type-1> through <type-N> (analogous to unions in C[14]).
其中<type-i>是RPSL类型。联管类型为<type-1>至<type-N>类型之一(类似于C[14]中的联管)。
The syntax of a list type is as follows:
列表类型的语法如下所示:
list [<min_elems>:<max_elems>] of <type>
list [<min_elems>:<max_elems>] of <type>
In this case, the list elements are of <type> and the list contains at least <min_elems> and at most <max_elems> elements. The size specification is optional. If it is not specified, there is no restriction in the number of list elements. A value of a list type is represented as a sequence of elements separated by the character "," and enclosed by the characters "{" and "}".
在这种情况下,列表元素为<type>,并且列表至少包含<min\u elems>,最多包含<max\u elems>元素。尺寸规格是可选的。如果未指定,则列表元素的数量没有限制。列表类型的值表示为由字符“,”分隔并由字符“{”和“}”包围的元素序列。
The typedef attribute in the dictionary defines named types as follows:
字典中的typedef属性定义命名类型,如下所示:
typedef: <name> <type>
typedef: <name> <type>
where <name> is a name for type <type>. typedef attribute is paticularly useful when the type defined is not a predefined type (e.g. list of unions, list of lists, etc.).
其中<name>是类型<type>的名称。当定义的类型不是预定义类型(例如,联合列表、列表列表等)时,typedef属性特别有用。
A protocol attribute of the dictionary class defines a protocol and a set of peering parameters for that protocol (which are used in inet-rtr class in Section 9). Its syntax is as follows:
dictionary类的protocol属性定义了一个协议和该协议的一组对等参数(在第9节的inet rtr类中使用)。其语法如下:
protocol: <name>
MANDATORY | OPTIONAL <parameter-1>(<type-1-1>,...,
<type-1-N1> [,"..."])
...
MANDATORY | OPTIONAL <parameter-M>(<type-M-1>,...,
<type-M-NM> [,"..."])
protocol: <name>
MANDATORY | OPTIONAL <parameter-1>(<type-1-1>,...,
<type-1-N1> [,"..."])
...
MANDATORY | OPTIONAL <parameter-M>(<type-M-1>,...,
<type-M-NM> [,"..."])
where <name> is the name of the protocol; MANDATORY and OPTIONAL are
keywords; and <parameter-i> is a peering parameter for this protocol,
taking Ni many arguments. The syntax and semantics of the arguments
are as in the rp-attribute. If the keyword MANDATORY is used, the
where <name> is the name of the protocol; MANDATORY and OPTIONAL are
keywords; and <parameter-i> is a peering parameter for this protocol,
taking Ni many arguments. The syntax and semantics of the arguments
are as in the rp-attribute. If the keyword MANDATORY is used, the
parameter is mandatory and needs to be specified for each peering of this protocol. If the keyword OPTIONAL is used, the parameter can be skipped.
参数是必需的,需要为此协议的每个对等指定。如果使用关键字OPTIONAL,则可以跳过该参数。
dictionary: RPSL
rp-attribute: # preference, smaller values represent higher preferences
pref
operator=(integer[0, 65535])
rp-attribute: # BGP multi_exit_discriminator attribute
med
# to set med to 10: med = 10;
# to set med to the IGP metric: med = igp_cost;
operator=(union integer[0, 65535], enum[igp_cost])
rp-attribute: # BGP destination preference attribute (dpa)
dpa
operator=(integer[0, 65535])
rp-attribute: # BGP aspath attribute
aspath
# prepends AS numbers from last to first order
prepend(as_number, ...)
typedef: # a community value in RPSL is either
# - a 4 byte integer (ok to use 3561:70 notation)
# - internet, no_export, no_advertise (see RFC-1997)
community_elm union
integer[1, 4294967295],
enum[internet, no_export, no_advertise],
typedef: # list of community values { 40, no_export, 3561:70 }
community_list list of community_elm
rp-attribute: # BGP community attribute
community
# set to a list of communities
operator=(community_list)
# append community values
operator.=(community_list)
append(community_elm, ...)
# delete community values
delete(community_elm, ...)
# a filter: true if one of community values is contained
contains(community_elm, ...)
# shortcut to contains: community(no_export, 3561:70)
operator()(community_elm, ...)
# order independent equality comparison
operator==(community_list)
rp-attribute: # next hop router in a static route
next-hop
# to set to 7.7.7.7: next-hop = 7.7.7.7;
dictionary: RPSL
rp-attribute: # preference, smaller values represent higher preferences
pref
operator=(integer[0, 65535])
rp-attribute: # BGP multi_exit_discriminator attribute
med
# to set med to 10: med = 10;
# to set med to the IGP metric: med = igp_cost;
operator=(union integer[0, 65535], enum[igp_cost])
rp-attribute: # BGP destination preference attribute (dpa)
dpa
operator=(integer[0, 65535])
rp-attribute: # BGP aspath attribute
aspath
# prepends AS numbers from last to first order
prepend(as_number, ...)
typedef: # a community value in RPSL is either
# - a 4 byte integer (ok to use 3561:70 notation)
# - internet, no_export, no_advertise (see RFC-1997)
community_elm union
integer[1, 4294967295],
enum[internet, no_export, no_advertise],
typedef: # list of community values { 40, no_export, 3561:70 }
community_list list of community_elm
rp-attribute: # BGP community attribute
community
# set to a list of communities
operator=(community_list)
# append community values
operator.=(community_list)
append(community_elm, ...)
# delete community values
delete(community_elm, ...)
# a filter: true if one of community values is contained
contains(community_elm, ...)
# shortcut to contains: community(no_export, 3561:70)
operator()(community_elm, ...)
# order independent equality comparison
operator==(community_list)
rp-attribute: # next hop router in a static route
next-hop
# to set to 7.7.7.7: next-hop = 7.7.7.7;
# to set to router's own address: next-hop = self; operator=(union ipv4_address, enum[self]) rp-attribute: # cost of a static route cost operator=(integer[0, 65535]) protocol: BGP4 # as number of the peer router MANDATORY asno(as_number) # enable flap damping OPTIONAL flap_damp() OPTIONAL flap_damp(integer[0,65535], # penalty per flap integer[0,65535], # penalty value for supression integer[0,65535], # penalty value for reuse integer[0,65535], # halflife in secs when up integer[0,65535], # halflife in secs when down integer[0,65535]) # maximum penalty protocol: OSPF protocol: RIP protocol: IGRP protocol: IS-IS protocol: STATIC protocol: RIPng protocol: DVMRP protocol: PIM-DM protocol: PIM-SM protocol: CBT protocol: MOSPF
#设置为路由器自己的地址:下一跳=self;运算符=(联合ipv4_地址,枚举[self])rp属性:#静态路由成本运算符的成本=(整数[0,65535])协议:BGP4#作为对等路由器的编号强制asno(as#number)#启用襟翼阻尼可选襟翼阻尼()可选襟翼阻尼(整数[065535],#每襟翼整数的惩罚[065535],#抑制整数的惩罚值[065535]、#重用整数的惩罚值[065535]、#向上整数时的半衰期(秒)[065535]、#向下整数时的半衰期(秒)[065535])#最大惩罚协议:OSPF协议:RIP协议:IGRP协议:IS-IS协议:静态协议:RIPng协议:DVMRP协议:PIM-DM协议:PIM-SM协议:CBT协议:MOSPF
Figure 27: RPSL Dictionary
图27:RPSL字典
Figure 27 shows the initial RPSL dictionary. It has seven rp-
attributes: pref to assign local preference to the routes accepted;
med to assign a value to the MULTI_EXIT_DISCRIMINATOR BGP attribute;
dpa to assign a value to the DPA BGP attribute; aspath to prepend a
value to the AS_PATH BGP attribute; community to assign a value to or
to check the value of the community BGP attribute; next-hop to assign
next hop routers to static routes; and cost to assign a cost to
static routes. The dictionary defines two types: community_elm and
community_list. community_elm type is either a 4-byte unsigned
integer, or one of the keywords internet, no_export or no_advertise
(defined in [9]). An integer can be specified using two 2-byte
Figure 27 shows the initial RPSL dictionary. It has seven rp-
attributes: pref to assign local preference to the routes accepted;
med to assign a value to the MULTI_EXIT_DISCRIMINATOR BGP attribute;
dpa to assign a value to the DPA BGP attribute; aspath to prepend a
value to the AS_PATH BGP attribute; community to assign a value to or
to check the value of the community BGP attribute; next-hop to assign
next hop routers to static routes; and cost to assign a cost to
static routes. The dictionary defines two types: community_elm and
community_list. community_elm type is either a 4-byte unsigned
integer, or one of the keywords internet, no_export or no_advertise
(defined in [9]). An integer can be specified using two 2-byte
integers seperated by ":" to partition the community number space so that a provider can use its AS number as the first two bytes, and assigns a semantics of its choice to the last two bytes.
以“:”分隔的整数,用于划分社区编号空间,以便提供程序可以将其AS编号用作前两个字节,并将其选择的语义分配给最后两个字节。
The initial dictionary (Figure 27) defines only options for the Border Gateway Protocol: asno and flap_damp. The mandatory asno option is the AS number of the peer router. The optional flap_damp option instructs the router to damp route flaps [21] when importing routes from the peer router.
初始字典(图27)仅定义边界网关协议的选项:asno和flap_damp。强制asno选项是对等路由器的AS编号。可选的flap_damp选项指示路由器在从对等路由器导入路由时阻尼路由flap[21]。
It can be specified with or without parameters. If parameters are missing, they default to:
可以使用参数指定,也可以不使用参数指定。如果缺少参数,则默认为:
flap_damp(1000, 2000, 750, 900, 900, 20000)
襟翼阻尼(1000200075090020000)
That is, a penalty of 1000 is assigned at each route flap, the route is suppressed when penalty reaches 2000. The penalty is reduced in half after 15 minutes (900 seconds) of stability regardless of whether the route is up or down. A supressed route is reused when the penalty falls below 750. The maximum penalty a route can be assigned is 20,000 (i.e. the maximum suppress time after a route becomes stable is about 75 minutes). These parameters are consistent with the default flap damping parameters in several routers.
也就是说,在每个路线襟翼处分配1000的惩罚,当惩罚达到2000时,路线被抑制。在15分钟(900秒)的稳定后,无论路线是向上还是向下,处罚将减半。当惩罚降至750以下时,将重新使用禁止的路由。一条路线可分配的最大惩罚为20000(即路线稳定后的最大抑制时间约为75分钟)。这些参数与几个路由器中的默认襟翼阻尼参数一致。
Policy Actions and Filters Using RP-Attributes
使用RP属性的策略操作和筛选器
The syntax of a policy action or a filter using an rp-attribute x is as follows:
使用rp属性x的策略操作或筛选器的语法如下所示:
x.method(arguments) x "op" argument
x、 方法(参数)x“op”参数
where method is a method and "op" is an operator method of the rp-attribute x. If an operator method is used in specifying a composite policy filter, it evaluates earlier than the composite policy filter operators (i.e. AND, OR, NOT, and implicit or operator).
其中,method是一个方法,“op”是rp属性x的操作符方法。如果在指定复合策略筛选器时使用运算符方法,则其计算结果早于复合策略筛选器运算符(即AND、OR、NOT和implicit OR运算符)。
The pref rp-attribute can be assigned a positive integer as follows:
pref rp属性可以指定一个正整数,如下所示:
pref = 10;
pref=10;
The med rp-attribute can be assigned either a positive integer or the word "igp_cost" as follows:
med rp属性可以指定为正整数或“igp_成本”一词,如下所示:
med = 0;
med = igp_cost;
med = 0;
med = igp_cost;
The dpa rp-attribute can be assigned a positive integer as follows:
dpa rp属性可以指定一个正整数,如下所示:
dpa = 100;
dpa=100;
The BGP community attribute is list-valued, that is it is a list of 4-byte integers each representing a "community". The following examples demonstrate how to add communities to this rp-attribute:
BGP community属性是列表值的,也就是说,它是一个4字节整数的列表,每个整数表示一个“社区”。以下示例演示如何将社区添加到此rp属性:
community .= { 100 };
community .= { NO_EXPORT };
community .= { 3561:10 };
community .= { 100 };
community .= { NO_EXPORT };
community .= { 3561:10 };
In the last case, a 4-byte integer is constructed where the more significant two bytes equal 3561 and the less significant two bytes equal 10. The following examples demonstrate how to delete communities from the community rp-attribute:
在最后一种情况下,构造一个4字节整数,其中较高有效的两个字节等于3561,较低有效的两个字节等于10。以下示例演示如何从“社区rp”属性中删除社区:
community.delete(100, NO_EXPORT, 3561:10);
community.delete(100, NO_EXPORT, 3561:10);
Filters that use the community rp-attribute can be defined as demonstrated by the following examples:
使用community rp属性的过滤器可以通过以下示例进行定义:
community.contains(100, NO_EXPORT, 3561:10);
community(100, NO_EXPORT, 3561:10); # shortcut
community.contains(100, NO_EXPORT, 3561:10);
community(100, NO_EXPORT, 3561:10); # shortcut
The community rp-attribute can be set to a list of communities as follows:
“社区rp”属性可以设置为社区列表,如下所示:
community = {100, NO_EXPORT, 3561:10, 200};
community = {};
community = {100, NO_EXPORT, 3561:10, 200};
community = {};
In this first case, the community rp-attribute contains the communities 100, NO_EXPORT, 3561:10, and 200. In the latter case, the community rp-attribute is cleared. The community rp-attribute can be compared against a list of communities as follows:
在第一种情况下,community rp属性包含communities 100、NO_EXPORT、3561:10和200。在后一种情况下,将清除“社区rp”属性。社区rp属性可与社区列表进行比较,如下所示:
community == {100, NO_EXPORT, 3561:10, 200}; # exact match
community == {100, NO_EXPORT, 3561:10, 200}; # exact match
To influence the route selection, the BGP as_path rp-attribute can be made longer by prepending AS numbers to it as follows:
为了影响路由选择,BGP as_path rp属性可以通过在其前面加上数字使其变长,如下所示:
aspath.prepend(AS1);
aspath.prepend(AS1, AS1, AS1);
aspath.prepend(AS1);
aspath.prepend(AS1, AS1, AS1);
The following examples are invalid:
以下示例无效:
med = -50; # -50 is not in the range
med = igp; # igp is not one of the enum values
med.assign(10); # method assign is not defined
community.append(AS3561:20); # the first argument should be 3561
med = -50; # -50 is not in the range
med = igp; # igp is not one of the enum values
med.assign(10); # method assign is not defined
community.append(AS3561:20); # the first argument should be 3561
Figure 28 shows a more advanced example using the rp-attribute community. In this example, AS3561 bases its route selection preference on the community attribute. Other ASes may indirectly affect AS3561's route selection by including the appropriate communities in their route announcements.
图28显示了使用rp属性社区的更高级示例。在本例中,AS3561将其路由选择首选项基于社区属性。其他ASE可能通过在其路线公告中包含适当的社区间接影响AS3561的路线选择。
aut-num: AS1
export: to AS2 action community.={3561:90};
to AS3 action community.={3561:80};
announce AS1
aut-num: AS1
export: to AS2 action community.={3561:90};
to AS3 action community.={3561:80};
announce AS1
as-set: AS3561:AS-PEERS members: AS2, AS3
设置:AS3561:as-PEERS成员:AS2、AS3
aut-num: AS3561
import: from AS3561:AS-PEERS
action pref = 10;
accept community(3561:90)
import: from AS3561:AS-PEERS
action pref = 20;
accept community(3561:80)
import: from AS3561:AS-PEERS
action pref = 20;
accept community(3561:70)
import: from AS3561:AS-PEERS
action pref = 0;
accept ANY
aut-num: AS3561
import: from AS3561:AS-PEERS
action pref = 10;
accept community(3561:90)
import: from AS3561:AS-PEERS
action pref = 20;
accept community(3561:80)
import: from AS3561:AS-PEERS
action pref = 20;
accept community(3561:70)
import: from AS3561:AS-PEERS
action pref = 0;
accept ANY
Figure 28: Policy example using the community rp-attribute.
图28:使用community rp属性的策略示例。
8 Advanced route Class
8高级路线班
The components, aggr-bndry, aggr-mtd, export-comps, inject, and holes attributes are used for specifying aggregate routes [11]. A route object specifies an aggregate route if any of these attributes, with the exception of inject, is specified. The origin attribute for an aggregate route is the AS performing the aggregation, i.e. the aggregator AS. In this section, we used the term "aggregate" to refer to the route generated, the term "component" to refer to the routes used to generate the path attributes of the aggregate, and the term "more specifics" to refer to any route which is a more specific of the aggregate regardless of whether it was used to form the path attributes.
组件、aggr bndry、aggr mtd、导出组件、注入和孔属性用于指定聚合路由[11]。如果指定了这些属性中的任何一个(inject除外),则route对象将指定聚合路由。聚合路由的原始属性是执行聚合的AS,即聚合器AS。在本节中,我们使用术语“聚合”来指代生成的路由,“组件”来指代用于生成聚合路径属性的路由,而术语“更具体”则指代更具体的聚合路径,无论其是否用于形成路径属性。
The components attribute defines what component routes are used to form the aggregate. Its syntax is as follows:
components属性定义用于形成聚合的组件路由。其语法如下:
components: [ATOMIC] [[<filter>] [protocol <protocol> <filter> ...]]
components: [ATOMIC] [[<filter>] [protocol <protocol> <filter> ...]]
where <protocol> is a routing protocol name such as BGP4, OSPF or RIP (valid names are defined in the dictionary) and <filter> is a policy expression. The routes that match one of these filters and are learned from the corresponding protocol are used to form the aggregate. If <protocol> is omitted, it defaults to any protocol. <filter> implicitly contains an "AND" term with the more specifics of the aggregate so that only the component routes are selected. If the keyword ATOMIC is used, the aggregation is done atomically [11]. If a <filter> is not specified it defaults to more specifics. If the components attribute is missing, all more specifics without the ATOMIC keyword is used.
其中,<protocol>是路由协议名称,如BGP4、OSPF或RIP(有效名称在字典中定义),而<filter>是策略表达式。匹配其中一个过滤器并从相应协议学习的路由用于形成聚合。如果省略<protocol>,则默认为任何协议<filter>隐式包含一个“AND”术语,该术语包含聚合的更多细节,因此仅选择组件路由。如果使用关键字ATOMIC,则聚合将以原子方式进行[11]。如果未指定<filter>,则默认为更详细。如果缺少components属性,则使用不带原子关键字的所有详细信息。
route: 128.8.0.0/15
origin: AS1
components: <^AS2>
route: 128.8.0.0/15
origin: AS1
components: <^AS2>
route: 128.8.0.0/15
origin: AS1
components: protocol BGP4 {128.8.0.0/16^+}
protocol OSPF {128.9.0.0/16^+}
route: 128.8.0.0/15
origin: AS1
components: protocol BGP4 {128.8.0.0/16^+}
protocol OSPF {128.9.0.0/16^+}
Figure 29: Two aggregate route objects.
图29:两个聚合路由对象。
Figure 29 shows two route objects. In the first example, more specifics of 128.8.0.0/15 with AS paths starting with AS2 are aggregated. In the second example, some routes learned from BGP and some routes learned form OSPF are aggregated.
图29显示了两个路由对象。在第一个示例中,汇总了128.8.0.0/15中以AS2开头的AS路径的更多细节。在第二个示例中,从BGP学习的一些路由和从OSPF学习的一些路由被聚合。
The aggr-bndry attribute is an AS expression over AS numbers and sets (see Section 5.6). The result defines the set of ASes which form the aggregation boundary. If the aggr-bndry attribute is missing, the origin AS is the sole aggregation boundary. Outside the aggregation boundary, only the aggregate is exported and more specifics are suppressed. However, within the boundary, the more specifics are also exchanged.
aggr bndry属性是AS数字和集合上的AS表达式(参见第5.6节)。结果定义了构成聚合边界的ASE集。如果缺少aggr bndry属性,则原点AS是唯一的聚合边界。在聚合边界之外,仅导出聚合,并抑制更多细节。然而,在边界内,也交换了更多的细节。
The aggr-mtd attribute specifies how the aggregate is generated. Its syntax is as follows:
aggr mtd属性指定如何生成聚合。其语法如下:
aggr-mtd: inbound | outbound [<as-expression>]
aggr mtd:入站|出站[<as expression>]
where <as-expression> is an expression over AS numbers and sets (see Section 5.6). If <as-expression> is missing, it defaults to AS-ANY. If outbound aggregation is specified, the more specifics of the aggregate will be present within the AS and the aggregate will be formed at all inter-AS boundaries with ASes in <as-expression> before export, except for ASes that are within the aggregating boundary (i.e. aggr-bndry is enforced regardless of <as-expression>). If inbound aggregation is specified, the aggregate is formed at all inter-AS boundaries prior to importing routes into the aggregator AS. Note that <as-expression> can not be specified with inbound aggregation. If aggr-mtd attribute is missing, it defaults to "outbound AS-ANY".
其中,<as表达式>是as数字和集合的表达式(见第5.6节)。如果缺少<as expression>,则默认为as-ANY。如果指定了出站聚合,则聚合的更多细节将出现在AS中,并且在导出之前,聚合将在所有AS间边界与<AS expression>中的ASE形成,但聚合边界内的ASE除外(即,无论<AS expression>如何,aggr bndry都是强制的)。如果指定了入站聚合,则在将路由导入聚合器AS之前,将在所有AS间边界处形成聚合。请注意,<as expression>不能与入站聚合一起指定。如果缺少aggr mtd属性,则默认为“outbound AS-ANY”。
route: 128.8.0.0/15 route: 128.8.0.0/15
origin: AS1 origin: AS2
components: {128.8.0.0/15^-} components: {128.8.0.0/15^-}
aggr-bndry: AS1 OR AS2 aggr-bndry: AS1 OR AS2
aggr-mtd: outbound AS-ANY aggr-mtd: outbound AS-ANY
route: 128.8.0.0/15 route: 128.8.0.0/15
origin: AS1 origin: AS2
components: {128.8.0.0/15^-} components: {128.8.0.0/15^-}
aggr-bndry: AS1 OR AS2 aggr-bndry: AS1 OR AS2
aggr-mtd: outbound AS-ANY aggr-mtd: outbound AS-ANY
Figure 30: Outbound multi-AS aggregation example.
图30:出站多重聚合示例。
Figure 30 shows an example of an outbound aggregation. In this example, AS1 and AS2 are coordinating aggregation and announcing only the less specific 128.8.0.0/15 to outside world, but exchanging more specifics between each other. This form of aggregation is useful when some of the components are within AS1 and some are within AS2.
图30显示了出站聚合的示例。在本例中,AS1和AS2正在协调聚合,并向外部世界仅宣布不太具体的128.8.0.0/15,但彼此之间交换更多细节。当一些组件在AS1中,一些组件在AS2中时,这种聚合形式很有用。
When a set of routes are aggregated, the intent is to export only the aggregate route and suppress exporting of the more specifics outside the aggregation boundary. However, to satisfy certain policy and topology constraints (e.g. a multi-homed component), it is often required to export some of the components. The export-comps attribute equals an RPSL filter that matches the more specifics that need to be exported outside the aggregation boundary. If this attribute is missing, more specifics are not exported outside the aggregation boundary. Note that, the export-comps filter contains an implicit "AND" term with the more specifics of the aggregate.
聚合一组路由时,目的是仅导出聚合路由,并禁止导出聚合边界之外的更多细节。但是,为了满足某些策略和拓扑约束(例如多宿主组件),通常需要导出某些组件。export comps属性等于一个RPSL筛选器,该筛选器与需要导出到聚合边界之外的更多细节相匹配。如果缺少此属性,则不会将更多细节导出到聚合边界之外。请注意,export comps筛选器包含一个隐含的“AND”术语,其中包含更详细的聚合。
Figure 31 shows an example of an outbound aggregation. In this example, the more specific 128.8.8.0/24 is exported outside AS1 in addition to the aggregate. This is useful, when 128.8.8.0/24 is multi-homed site to AS1 with some other AS.
图31显示了出站聚合的示例。在本例中,除了聚合之外,还将更具体的128.8.8.0/24导出到AS1之外。当128.8.8.0/24是AS1与其他AS的多宿主站点时,这非常有用。
route: 128.8.0.0/15
origin: AS1
components: {128.8.0.0/15^-}
aggr-mtd: outbound AS-ANY
export-comps: {128.8.8.0/24}
route: 128.8.0.0/15
origin: AS1
components: {128.8.0.0/15^-}
aggr-mtd: outbound AS-ANY
export-comps: {128.8.8.0/24}
Figure 31: Outbound aggregation with export exception.
图31:带导出异常的出站聚合。
The inject attribute specifies which routers perform the aggregation and when they perform it. Its syntax is as follow:
inject属性指定哪些路由器执行聚合以及何时执行聚合。其语法如下:
inject: [at <router-expression>] ...
[action <action>]
[upon <condition>]
inject: [at <router-expression>] ...
[action <action>]
[upon <condition>]
where <action> is an action specification (see Section 6.1.1), <condition> is a boolean expression described below, and <router-expression> is as described in Section 5.6.
其中,<action>是一个动作规范(见第6.1.1节),<condition>是一个如下所述的布尔表达式,<router expression>如第5.6节所述。
All routers in <router-expression> and in the aggregator AS perform the aggregation. If a <router-expression> is not specified, all routers inside the aggregator AS perform the aggregation. The <action> specification may set path attributes of the aggregate, such as assign a preferences to the aggregate.
<router expression>和聚合器AS中的所有路由器都执行聚合。如果未指定<router expression>,则聚合器AS中的所有路由器都将执行聚合。<action>规范可以设置聚合的路径属性,例如为聚合分配首选项。
The upon clause is a boolean condition. The aggregate is generated if and only if this condition is true. <condition> is a boolean expression using the logical operators AND and OR (i.e. operator NOT is not allowed) over:
ON子句是一个布尔条件。当且仅当此条件为真时,才会生成聚合<condition>是一个布尔表达式,使用逻辑运算符AND AND OR(即不允许使用运算符NOT):
HAVE-COMPONENTS { list of prefixes }
EXCLUDE { list of prefixes }
STATIC
HAVE-COMPONENTS { list of prefixes }
EXCLUDE { list of prefixes }
STATIC
The list of prefixes in HAVE-COMPONENTS can only be more specifics of the aggregate. It evaluates to true when all the prefixes listed are present in the routing table of the aggregating router. The list can also include prefix ranges (i.e. using operators ^-, ^+, ^n, and ^n-m). In this case, at least one prefix from each prefix range needs to be present in the routing table for the condition to be true. The list of prefixes in EXCLUDE can be arbitrary. It evaluates to true when none of the prefixes listed is present in the routing table. The list can also include prefix ranges, and no prefix in that range should be present in the routing table. The keyword static always evaluates to true. If no upon clause is specified the aggregate is generated if an only if there is a component in the routing table (i.e. a more specific that matches the filter in the components
HAS-COMPONENTS中的前缀列表只能是聚合的更多细节。当聚合路由器的路由表中存在列出的所有前缀时,它的计算结果为true。该列表还可以包括前缀范围(即使用运算符^-、^+、^n和^n-m)。在这种情况下,路由表中需要至少存在每个前缀范围中的一个前缀,以使条件为真。排除中的前缀列表可以是任意的。当路由表中不存在列出的前缀时,其计算结果为true。该列表还可以包括前缀范围,路由表中不应存在该范围内的前缀。关键字static的计算结果始终为true。如果未指定ON子句,则仅当路由表中存在组件(即,与组件中的筛选器匹配的更具体组件)时,才会生成聚合
attribute).
属性)。
route: 128.8.0.0/15
origin: AS1
components: {128.8.0.0/15^-}
aggr-mtd: outbound AS-ANY
inject: at 1.1.1.1 action dpa = 100;
inject: at 1.1.1.2 action dpa = 110;
route: 128.8.0.0/15
origin: AS1
components: {128.8.0.0/15^-}
aggr-mtd: outbound AS-ANY
inject: at 1.1.1.1 action dpa = 100;
inject: at 1.1.1.2 action dpa = 110;
route: 128.8.0.0/15
origin: AS1
components: {128.8.0.0/15^-}
aggr-mtd: outbound AS-ANY
inject: upon HAVE-COMPONENTS {128.8.0.0/16, 128.9.0.0/16}
holes: 128.8.8.0/24
route: 128.8.0.0/15
origin: AS1
components: {128.8.0.0/15^-}
aggr-mtd: outbound AS-ANY
inject: upon HAVE-COMPONENTS {128.8.0.0/16, 128.9.0.0/16}
holes: 128.8.8.0/24
Figure 32: Examples of inject.
图32:inject的示例。
Figure 32 shows two examples. In the first case, the aggregate is injected at two routers each one setting the dpa path attribute differently. In the second case, the aggregate is generated only if both 128.8.0.0/16 and 128.9.0.0/16 are present in the routing table, as opposed to the first case where the presence of just one of them is sufficient for injection.
图32显示了两个示例。在第一种情况下,在两个路由器上注入聚合,每个路由器设置不同的dpa路径属性。在第二种情况下,仅当路由表中同时存在128.8.0.0/16和128.9.0.0/16时才生成聚合,而在第一种情况下,仅存在其中一个就足以进行注入。
The holes attribute lists the component address prefixes which are not reachable through the aggregate route (perhaps that part of the address space is unallocated). The holes attribute is useful for diagnosis purposes. In Figure 32, the second example has a hole, namely 128.8.8.0/24. This may be due to a customer changing providers and taking this part of the address space with it.
“孔”属性列出了无法通过聚合路由访问的组件地址前缀(可能是地址空间的该部分未分配)。“孔”属性对于诊断非常有用。在图32中,第二个示例有一个孔,即128.8.8.0/24。这可能是由于客户更换了提供商并占用了这部分地址空间。
An aggregate formed is announced to other ASes only if the export policies of the AS allows exporting the aggregate. When the aggregate is formed, the more specifics are suppressed from being exported except to the ASes in aggr-bndry and except the components in export-comps. For such exceptions to happen, the export policies of the AS should explicitly allow exporting of these exceptions.
只有当AS的出口政策允许出口骨料时,才会向其他AS公布形成的骨料。形成骨料后,除aggr bndry中的ASE和导出组件外,禁止导出更多细节。对于此类例外情况,AS的出口政策应明确允许出口这些例外情况。
If an aggregate is not formed (due to the upon clause), then the more specifics of the aggregate can be exported to other ASes, but only if the export policies of the AS allows it. In other words, before a route (aggregate or more specific) is exported it is filtered twice, once based on the route objects, and once based on the export policies of the AS.
如果未形成聚合(由于ON条款),则聚合的更多细节可以导出到其他ASE,但前提是AS的导出策略允许。换句话说,在导出路由(聚合或更具体)之前,将对其进行两次过滤,一次基于路由对象,一次基于AS的导出策略。
route: 128.8.0.0/16 origin: AS1
路线:128.8.0.0/16起点:AS1
route: 128.9.0.0/16 origin: AS1
路线:128.9.0.0/16起点:AS1
route: 128.8.0.0/15
origin: AS1
aggr-bndry: AS1 or AS2 or AS3
aggr-mtd: outbound AS3 or AS4 or AS5
components: {128.8.0.0/16, 128.9.0.0/16}
inject: upon HAVE-COMPONENTS {128.9.0.0/16, 128.8.0.0/16}
route: 128.8.0.0/15
origin: AS1
aggr-bndry: AS1 or AS2 or AS3
aggr-mtd: outbound AS3 or AS4 or AS5
components: {128.8.0.0/16, 128.9.0.0/16}
inject: upon HAVE-COMPONENTS {128.9.0.0/16, 128.8.0.0/16}
aut-num: AS1
export: to AS2 announce AS1
export: to AS3 announce AS1 and not {128.9.0.0/16}
export: to AS4 announce AS1
export: to AS5 announce AS1
export: to AS6 announce AS1
aut-num: AS1
export: to AS2 announce AS1
export: to AS3 announce AS1 and not {128.9.0.0/16}
export: to AS4 announce AS1
export: to AS5 announce AS1
export: to AS6 announce AS1
Figure 33: Interaction with policies in aut-num class.
图33:aut num类中与策略的交互。
In Figure 33 shows an interaction example. By examining the route objects, the more specifics 128.8.0.0/16 and 128.9.0.0/16 should be exchanged between AS1, AS2 and AS3 (i.e. the aggregation boundary). Outbound aggregation is done to AS4 and AS5 and not to AS3, since AS3 is in the aggregation boundary. The aut-num object allows exporting both components to AS2, but only the component 128.8.0.0/16 to AS3. The aggregate can only be formed if both components are available. In this case, only the aggregate is announced to AS4 and AS5. However, if one of the components is not available the aggregate will not be formed, and any available component or more specific will be exported to AS4 and AS5. Regardless of aggregation is performed or not, only the more specifics will be exported to AS6 (it is not listed in the aggr-mtd attribute).
图33显示了一个交互示例。通过检查路由对象,应在AS1、AS2和AS3(即聚合边界)之间交换更详细的128.8.0.0/16和128.9.0.0/16。出站聚合是针对AS4和AS5进行的,而不是针对AS3,因为AS3位于聚合边界中。aut num对象允许将两个组件导出到AS2,但仅将组件128.8.0.0/16导出到AS3。只有当两个组件都可用时,才能形成骨料。在这种情况下,仅向AS4和AS5公布合计数。但是,如果其中一个组件不可用,则不会形成骨料,任何可用组件或更具体的组件将导出到AS4和AS5。无论是否执行聚合,只有更多的细节将导出到AS6(它未在aggr mtd属性中列出)。
When doing an inbound aggregation, configuration generators may eliminating the aggregation statements on routers where import policy of the AS prohibits importing of any more specifics.
在执行入站聚合时,配置生成器可能会在AS的导入策略禁止导入任何更多细节的路由器上消除聚合语句。
When several aggregate routes are specified and they overlap, i.e. one is less specific of the other, they must be evaluated more specific to less specific order. When an outbound aggregation is performed for a peer, the aggregate and the components listed in the export-comps attribute for that peer are available for generating the
当指定了多条聚合路线且它们重叠时,即一条路线与另一条路线的特定性较低,则必须对其进行评估,使其更适合于不太特定的顺序。当为对等方执行出站聚合时,该对等方的“导出comps”属性中列出的聚合和组件可用于生成
next less specific aggregate. The components that are not specified in the export-comps attribute are not available. A route is exportable to an AS if it is the least specific aggregate exportable to that AS or it is listed in the export-comps attribute of an exportable route. Note that this is a recursive definition.
其次是不太具体的聚合。“导出组件”属性中未指定的组件不可用。路由可导出到,就好像它是可导出到该AS的最小特定聚合,或者它列在可导出路由的导出comps属性中一样。请注意,这是一个递归定义。
route: 128.8.0.0/15
origin: AS1
aggr-bndry: AS1 or AS2
aggr-mtd: outbound
inject: upon HAVE-COMPONENTS {128.8.0.0/16, 128.9.0.0/16}
route: 128.8.0.0/15
origin: AS1
aggr-bndry: AS1 or AS2
aggr-mtd: outbound
inject: upon HAVE-COMPONENTS {128.8.0.0/16, 128.9.0.0/16}
route: 128.10.0.0/15
origin: AS1
aggr-bndry: AS1 or AS3
aggr-mtd: outbound
inject: upon HAVE-COMPONENTS {128.10.0.0/16, 128.11.0.0/16}
export-comps: {128.11.0.0/16}
route: 128.10.0.0/15
origin: AS1
aggr-bndry: AS1 or AS3
aggr-mtd: outbound
inject: upon HAVE-COMPONENTS {128.10.0.0/16, 128.11.0.0/16}
export-comps: {128.11.0.0/16}
route: 128.8.0.0/14
origin: AS1
aggr-bndry: AS1 or AS2 or AS3
aggr-mtd: outbound
inject: upon HAVE-COMPONENTS {128.8.0.0/15, 128.10.0.0/15}
export-comps: {128.10.0.0/15}
route: 128.8.0.0/14
origin: AS1
aggr-bndry: AS1 or AS2 or AS3
aggr-mtd: outbound
inject: upon HAVE-COMPONENTS {128.8.0.0/15, 128.10.0.0/15}
export-comps: {128.10.0.0/15}
Figure 34: Overlapping aggregations.
图34:重叠聚合。
In Figure 34, AS1 together with AS2 aggregates 128.8.0.0/16 and 128.9.0.0/16 into 128.8.0.0/15. Together with AS3, AS1 aggregates 128.10.0.0/16 and 128.11.0.0/16 into 128.10.0.0/15. But altogether they aggregate these four routes into 128.8.0.0/14. Assuming all four components are available, a router in AS1 for an outside AS, say AS4, will first generate 128.8.0.0/15 and 128.10.0.0/15. This will make 128.8.0.0/15, 128.10.0.0/15 and its exception 128.11.0.0/16 available for generating 128.8.0.0/14. The router will then generate 128.8.0.0/14 from these three routes. Hence for AS4, 128.8.0.0/14 and its exception 128.10.0.0/15 and its exception 128.11.0.0/16 will be exportable.
在图34中,AS1和AS2将128.8.0.0/16和128.9.0.0/16聚合为128.8.0.0/15。AS1与AS3一起将128.10.0.0/16和128.11.0.0/16聚合为128.10.0.0/15。但他们将这四条路线合计为128.8.0.0/14。假设所有四个组件都可用,AS1中用于外部AS(如AS4)的路由器将首先生成128.8.0.0/15和128.10.0.0/15。这将使128.8.0.0/15、128.10.0.0/15及其异常128.11.0.0/16可用于生成128.8.0.0/14。路由器将从这三条路由生成128.8.0.0/14。因此,对于AS4,128.8.0.0/14及其异常128.10.0.0/15及其异常128.11.0.0/16将可导出。
For AS2, a router in AS1 will only generate 128.10.0.0/15. Hence, 128.10.0.0/15 and its exception 128.11.0.0/16 will be exportable. Note that 128.8.0.0/16 and 128.9.0.0/16 are also exportable since they did not participate in an aggregate exportable to AS2.
对于AS2,AS1中的路由器将只生成128.10.0.0/15。因此,128.10.0.0/15及其异常128.11.0.0/16将可导出。请注意,128.8.0.0/16和128.9.0.0/16也可导出,因为它们未参与可导出到AS2的聚合。
Similarly, for AS3, a router in AS1 will only generate 128.8.0.0/15. In this case 128.8.0.0/15, 128.10.0.0/16, 128.11.0.0/16 are exportable.
类似地,对于AS3,AS1中的路由器将只生成128.8.0.0/15。在这种情况下,128.8.0.0/15、128.10.0.0/16、128.11.0.0/16是可导出的。
The inject attribute can be used to specify static routes by using "upon static" as the condition:
inject属性可用于通过使用“在静态时”作为条件来指定静态路由:
inject: [at <router-expression>] ...
[action <action>]
upon static
inject: [at <router-expression>] ...
[action <action>]
upon static
In this case, the routers in <router-expression> executes the <action> and injects the route to the interAS routing system statically. <action> may set certain route attributes such as a next-hop router or a cost.
在这种情况下,<router expression>中的路由器执行<action>并静态地将路由注入interAS路由系统<操作>可以设置某些路由属性,例如下一跳路由器或成本。
In the following example, the router 7.7.7.1 injects the route 128.7.0.0/16. The next-hop routers (in this example, there are two next-hop routers) for this route are 7.7.7.2 and 7.7.7.3 and the route has a cost of 10 over 7.7.7.2 and 20 over 7.7.7.3.
在下面的示例中,路由器7.7.7.1注入路由128.7.0.0/16。该路由的下一跳路由器(在本例中,有两个下一跳路由器)为7.7.7.2和7.7.7.3,该路由的成本为7.7.7.2的10倍和7.7.7.3的20倍。
route: 128.7.0.0/16
origin: AS1
inject: at 7.7.7.1 action next-hop = 7.7.7.2; cost = 10; upon static
inject: at 7.7.7.1 action next-hop = 7.7.7.3; cost = 20; upon static
route: 128.7.0.0/16
origin: AS1
inject: at 7.7.7.1 action next-hop = 7.7.7.2; cost = 10; upon static
inject: at 7.7.7.1 action next-hop = 7.7.7.3; cost = 20; upon static
9 inet-rtr Class
9 inet rtr类
Routers are specified using the inet-rtr class. The attributes of the inet-rtr class are shown in Figure 35. The inet-rtr attribute is a valid DNS name of the router described. Each alias attribute, if present, is a canonical DNS name for the router. The local-as attribute specifies the AS number of the AS which owns/operates this router.
路由器是使用inet rtr类指定的。inet rtr类的属性如图35所示。inet rtr属性是所述路由器的有效DNS名称。每个别名属性(如果存在)都是路由器的规范DNS名称。local as属性指定拥有/操作此路由器的as的as编号。
Attribute Value Type inet-rtr <dns-name> mandatory, single-valued, class key alias <dns-name> optional, multi-valued local-as <as-number> mandatory, single-valued ifaddr see description in text mandatory, multi-valued peer see description in text optional, multi-valued member-of list of <rtr-set-names> optional, multi-valued
属性值类型inet rtr<dns name>必填,单值,类密钥别名<dns name>可选,多值本地as<as number>必填,单值ifaddr请参阅文本中的说明必填,多值对等请参阅文本中的说明可选,<rtr set name>可选列表的多值成员,多值
Figure 35: inet-rtr Class Attributes
图35:inet rtr类属性
The value of an ifaddr attribute has the following syntax:
ifaddr属性的值具有以下语法:
<ipv4-address> masklen <integer> [action <action>]
<ipv4-address> masklen <integer> [action <action>]
The IP address and the mask length are mandatory for each interface. Optionally an action can be specified to set other parameters of this interface.
IP地址和掩码长度对于每个接口都是必需的。可以选择指定一个操作来设置此接口的其他参数。
Figure 36 presents an example inet-rtr object. The name of the router is "amsterdam.ripe.net". "amsterdam1.ripe.net" is a canonical name for the router. The router is connected to 4 networks. Its IP addresses and mask lengths in those networks are specified in the ifaddr attributes.
图36显示了一个inet rtr对象示例。路由器的名称是“amsterdam.ripe.net”。“amsterdam1.ripe.net”是路由器的标准名称。路由器连接到4个网络。这些网络中的IP地址和掩码长度在ifaddr属性中指定。
inet-rtr: Amsterdam.ripe.net
alias: amsterdam1.ripe.net
local-as: AS3333
ifaddr: 192.87.45.190 masklen 24
ifaddr: 192.87.4.28 masklen 24
ifaddr: 193.0.0.222 masklen 27
ifaddr: 193.0.0.158 masklen 27
peer: BGP4 192.87.45.195 asno(AS3334), flap_damp()
inet-rtr: Amsterdam.ripe.net
alias: amsterdam1.ripe.net
local-as: AS3333
ifaddr: 192.87.45.190 masklen 24
ifaddr: 192.87.4.28 masklen 24
ifaddr: 193.0.0.222 masklen 27
ifaddr: 193.0.0.158 masklen 27
peer: BGP4 192.87.45.195 asno(AS3334), flap_damp()
Figure 36: inet-rtr Objects
图36:inet rtr对象
Each peer attribute, if present, specifies a protocol peering with another router. The value of a peer attribute has the following syntax:
每个对等属性(如果存在)指定与另一路由器的协议对等。对等属性的值具有以下语法:
<protocol> <ipv4-address> <options>
| <protocol> <inet-rtr-name> <options>
| <protocol> <rtr-set-name> <options>
| <protocol> <peering-set-name> <options>
<protocol> <ipv4-address> <options>
| <protocol> <inet-rtr-name> <options>
| <protocol> <rtr-set-name> <options>
| <protocol> <peering-set-name> <options>
where <protocol> is a protocol name, <ipv4-address> is the IP address of the peer router, and <options> is a comma separated list of peering options for <protocol>. Instead of the peer's IP address, its inet-rtr-name can be used. Possible protocol names and attributes are defined in the dictionary (please see Section 7). In the above example, the router has a BGP peering with the router 192.87.45.195 in AS3334 and turns the flap damping on when importing routes from this router.
其中,<protocol>是协议名,<ipv4 address>是对等路由器的IP地址,<options>是以逗号分隔的<protocol>对等选项列表。可以使用对等方的inet rtr名称,而不是对等方的IP地址。字典中定义了可能的协议名称和属性(请参见第7节)。在上面的示例中,路由器与AS3334中的路由器192.87.45.195进行BGP对等,并在从该路由器导入路由时打开襟翼阻尼。
Instead of a single peer, a group of peers can be specified by using
the <rtr-set-name> and <peering-set-name> forms. If <peering-set-
name> form is being used only the peerings in the corresponding
peering set that are with this router are included. Figure 37 shows
Instead of a single peer, a group of peers can be specified by using
the <rtr-set-name> and <peering-set-name> forms. If <peering-set-
name> form is being used only the peerings in the corresponding
peering set that are with this router are included. Figure 37 shows
an example inet-rtr object with peering groups.
具有对等组的inet rtr对象示例。
rtr-set: rtrs-ibgp-peers members: 1.1.1.1, 2.2.2.2, 3.3.3.3
rtr集合:rtrs ibgp对等成员:1.1.1.1、2.2.2、3.3.3.3
peering-set: prng-ebgp-peers peering: AS3334 192.87.45.195 peering: AS3335 192.87.45.196
对等集:prng ebgp对等对等:AS3334 192.87.45.195对等:AS3335 192.87.45.196
inet-rtr: Amsterdam.ripe.net
alias: amsterdam1.ripe.net
local-as: AS3333
ifaddr: 192.87.45.190 masklen 24
ifaddr: 192.87.4.28 masklen 24
ifaddr: 193.0.0.222 masklen 27
ifaddr: 193.0.0.158 masklen 27
peer: BGP4 rtrs-ibgp-peers asno(AS3333), flap_damp()
peer: BGP4 prng-ebgp-peers asno(PeerAS), flap_damp()
inet-rtr: Amsterdam.ripe.net
alias: amsterdam1.ripe.net
local-as: AS3333
ifaddr: 192.87.45.190 masklen 24
ifaddr: 192.87.4.28 masklen 24
ifaddr: 193.0.0.222 masklen 27
ifaddr: 193.0.0.158 masklen 27
peer: BGP4 rtrs-ibgp-peers asno(AS3333), flap_damp()
peer: BGP4 prng-ebgp-peers asno(PeerAS), flap_damp()
Figure 37: inet-rtr Object with peering groups
图37:带对等组的inet rtr对象
10 Extending RPSL
10扩展RPSL
Our experience with earlier routing policy languages and data formats (PRDB [2], RIPE-81 [8], and RIPE-181 [7]) taught us that RPSL had to be extensible. As a result, extensibility was a primary design goal for RPSL. New routing protocols or new features to existing routing protocols can be easily handled using RPSL's dictionary class. New classes or new attributes to the existing classes can also be added.
我们在早期路由策略语言和数据格式(PRDB[2]、CRIME-81[8]和CRIME-181[7])方面的经验告诉我们,RPSL必须是可扩展的。因此,可扩展性是RPSL的主要设计目标。使用RPSL的dictionary类可以轻松地处理新的路由协议或现有路由协议的新功能。还可以向现有类添加新类或新属性。
This section provides guidelines for extending RPSL. These guidelines are designed with an eye toward maintaining backward compatibility with existing tools and databases. We next list the available options for extending RPSL from the most preferred to the least preferred order.
本节提供扩展RPSL的指南。这些指导方针旨在保持与现有工具和数据库的向后兼容性。接下来,我们将列出将RPSL从最优先顺序扩展到最不优先顺序的可用选项。
The dictionary class is the primary mechanism provided to extend RPSL. Dictionary objects define routing policy attributes, types, and routing protocols.
dictionary类是扩展RPSL的主要机制。字典对象定义路由策略属性、类型和路由协议。
We recommend updating the RPSL dictionary to include appropriate rp-attribute and protocol definitions as new path attributes or router features are introduced. For example, in an earlier version of the RPSL document, it was only possible to specify that a router performs route flap damping on a peer, but it was not possible to specify the
我们建议在引入新的路径属性或路由器功能时,更新RPSL字典,以包括适当的rp属性和协议定义。例如,在RPSL文档的早期版本中,只能指定路由器在对等机上执行路由调整,但无法指定
parameters of route flap damping. Later the parameters were added by changing the dictionary.
路线襟翼阻尼参数。后来通过更改字典添加了参数。
When changing the dictionary, full compatibility should be maintained. For example, in our flap damping case, we made the parameter specification optional in case this level of detail was not desired by some ISPs. This also achieved compatibility. Any object registered without the parameters will continue to be valid. Any tool based on RPSL is expected to do a default action on routing policy attributes that they do not understand (e.g. issue a warning and otherwise ignore). Hence, old tools upon encountering a flap damping specification with parameters will ignore the parameters.
更改词典时,应保持完全兼容性。例如,在我们的襟翼阻尼案例中,我们将参数规格设置为可选,以防某些ISP不需要这种详细程度。这也实现了兼容性。任何未注册参数的对象将继续有效。任何基于RPSL的工具都应该对它们不理解的路由策略属性执行默认操作(例如,发出警告或忽略)。因此,旧工具在遇到带参数的襟翼阻尼规格时将忽略参数。
New attributes can be added to any class. To ensure full compatibility, new attributes should not contradict the semantics of the objects they are attached to. Any tool that uses the IRR should be designed so that it ignores attributes that it doesn't understand. Most existing tools adhere to this design principle.
可以向任何类添加新属性。为确保完全兼容,新属性不应与它们所附加到的对象的语义相冲突。任何使用IRR的工具都应该设计为忽略它不理解的属性。大多数现有工具都遵循此设计原则。
We recommend adding new attributes to existing classes when a new aspect of a class is discovered. For example, RPSL route class extends its RIPE-181 predecessor by including several new attributes that enable aggregate and static route specification.
我们建议在发现类的新方面时向现有类添加新属性。例如,RPSL路由类扩展了它的RIME-181前身,它包含了几个新属性,这些属性支持聚合和静态路由规范。
New classes can be added to RPSL to store new types of policy data. Providing full compatibility is straight forward as long as existing classes are still understood. Since a tool should only query the IRR for the classes that it understand, full compatibility should not be a problem in this case.
可以将新类添加到RPSL以存储新类型的策略数据。只要仍然理解现有类,就可以直接提供完全兼容性。因为工具应该只查询IRR中它所理解的类,所以在这种情况下完全兼容应该不是问题。
Before adding a new class, one should question if the information contained in the objects of the new class could have better belonged to some other class. For example, if the geographic location of a router needs to be stored in IRR, it may be tempting to add a new class called, say router-location class. However, the information better belongs to the inet-rtr class, perhaps in a new attribute called location.
在添加一个新类之前,人们应该质疑新类的对象中包含的信息是否更适合属于其他类。例如,如果路由器的地理位置需要存储在IRR中,那么可能会添加一个名为router location class的新类。但是,信息更好地属于inet rtr类,可能位于名为location的新属性中。
If all of the methods described above fail to provide the desired extension, it may be necessary to change the syntax of RPSL. Any change in RPSL syntax must provide backwards compatibility, and should be considered only as a last resort since full compatibility
如果上述所有方法都无法提供所需的扩展,则可能需要更改RPSL的语法。RPSL语法中的任何更改都必须提供向后兼容性,并且只能作为完全兼容后的最后手段
may not be achievable. However, we require that the old syntax to be still valid.
可能无法实现。但是,我们要求旧语法仍然有效。
11 Security Considerations
11安全考虑
This document describes RPSL, a language for expressing routing policies. The language defines a maintainer (mntner class) object which is the entity which controls or "maintains" the objects stored in a database expressed by RPSL. Requests from maintainers can be authenticated with various techniques as defined by the "auth" attribute of the maintainer object.
本文档介绍RPSL,一种用于表示路由策略的语言。该语言定义了一个maintainer(mntner类)对象,该对象是控制或“维护”由RPSL表示的数据库中存储的对象的实体。来自维护者的请求可以通过维护者对象的“auth”属性定义的各种技术进行身份验证。
The exact protocols used by IRR's to communicate RPSL objects is beyond the scope of this document, but it is envisioned that several techniques may be used, ranging from interactive query/update protocols to store and forward protocols similar to or based on electronic mail (or even voice telephone calls). Regardless of which protocols are used in a given situation, it is expected that appropriate security techniques such as IPSEC, TLS or PGP/MIME will be utilized.
IRR用于通信RPSL对象的确切协议超出了本文档的范围,但可以设想使用几种技术,从交互式查询/更新协议到存储和转发类似于或基于电子邮件(甚至语音电话)的协议。无论在给定情况下使用哪种协议,都应使用适当的安全技术,如IPSEC、TLS或PGP/MIME。
12 Acknowledgements
12致谢
We would like to thank Jessica Yu, Randy Bush, Alan Barrett, Bill Manning, Sue Hares, Ramesh Govindan, Kannan Varadhan, Satish Kumar, Craig Labovitz, Rusty Eddy, David J. LeRoy, David Whipple, Jon Postel, Deborah Estrin, Elliot Schwartz, Joachim Schmitz, Mark Prior, Tony Przygienda, David Woodgate, Rob Coltun, Sanjay Wadhwa, Ardas Cilingiroglu, and the participants of the IETF RPS Working Group for various comments and suggestions.
我们要感谢Jessica Yu、Randy Bush、Alan Barrett、Bill Manning、Sue Hares、Ramesh Govindan、Kannan Varadhan、Satish Kumar、Craig Labovitz、Rusty Eddy、David J.LeRoy、David Whipple、Jon Postel、Deborah Estrin、Elliot Schwartz、Joachim Schmitz、Mark Prior、Tony Przygienda、David Woodgate、Rob Coltun、Sanjay Wadhwa、Ardas Cilingiroglu、,以及IETF RPS工作组的参与者,征求各种意见和建议。
References
工具书类
[1] Internet routing registry. procedures. http://www.ra.net/RADB.tools.docs/, http://www.ripe.net/db/doc.html.
[1] Internet路由注册表。程序。http://www.ra.net/RADB.tools.docs/, http://www.ripe.net/db/doc.html.
[2] Nsfnet policy routing database (prdb). Maintained by MERIT Network Inc., Ann Arbor, Michigan. Contents available from nic.merit.edu.:/nsfnet/announced.networks/nets.tag.now by anonymous ftp.
[2] Nsfnet策略路由数据库(prdb)。由密歇根州安阿伯市的美德网络公司维护。内容可通过匿名ftp从nic.merit.edu.:/nsfnet/announded.networks/nets.tag.now获得。
[3] Alaettinouglu, C., Bates, T., Gerich, E., Karrenberg, D., Meyer, D., Terpstra, M. and C. Villamizer, "Routing Policy Specification Language (RPSL)", RFC 2280, January 1998.
[3] Alaettinouglu,C.,Bates,T.,Gerich,E.,Karrenberg,D.,Meyer,D.,Terpstra,M.和C.Villamizer,“路由策略规范语言(RPSL)”,RFC 2280,1998年1月。
[4] C. Alaettinouglu, D. Meyer, and J. Schmitz. Application of routing policy specification language (rpsl) on the internet. Work in Progress.
[4] C.Alaettinouglu、D.Meyer和J.Schmitz。路由策略规范语言(rpsl)在internet上的应用。正在进行的工作。
[5] T. Bates. Specifying an `internet router' in the routing registry. Technical Report RIPE-122, RIPE, RIPE NCC, Amsterdam, Netherlands, October 1994.
[5] 贝茨。在路由注册表中指定“internet路由器”。技术报告CREATE-122,CREATE,CREATE NCC,荷兰阿姆斯特丹,1994年10月。
[6] T. Bates, E. Gerich, L. Joncheray, J-M. Jouanigot, D. Karrenberg, M. Terpstra, and J. Yu. Representation of ip routing policies in a routing registry. Technical Report ripe-181, RIPE, RIPE NCC, Amsterdam, Netherlands, October 1994.
[6] T.贝茨、E.格里奇、L.琼切雷、J-M.朱安尼格特、D.卡伦伯格、M.特普斯特拉和J.余。在路由注册表中表示ip路由策略。技术报告CRIPE-181,CRIPE,CRIPE NCC,荷兰阿姆斯特丹,1994年10月。
[7] Bates, T., Gerich, E., Joncheray, L., Jouanigot, J-M., Karrenberg, D., Terpstra, M. and J. Yu, " Representation of IP Routing Policies in a Routing Registry", RFC 1786, March 1995.
[7] Bates,T.,Gerich,E.,Joncheray,L.,Jouanigot,J-M.,Karrenberg,D.,Terpstra,M.和J.Yu,“路由注册表中IP路由策略的表示”,RFC 17861995年3月。
[8] T. Bates, J-M. Jouanigot, D. Karrenberg, P. Lothberg, and M. Terpstra. Representation of ip routing policies in the ripe database. Technical Report ripe-81, RIPE, RIPE NCC, Amsterdam, Netherlands, February 1993.
[8] T.Bates、J-M.Jouanigot、D.Karrenberg、P.Lothberg和M.Terpstra。在成熟数据库中表示ip路由策略。技术报告CREATE-81,CREATE,CREATE NCC,阿姆斯特丹,荷兰,1993年2月。
[9] Chandra, R., Traina, P. and T. Li, "BGP Communities Attribute", RFC 1997, August 1996.
[9] Chandra,R.,Traina,P.和T.Li,“BGP社区属性”,RFC 1997,1996年8月。
[10] Crocker, D., "Standard for ARPA Internet Text Messages", STD 11, RFC 822, August 1982.
[10] Crocker,D.“ARPA互联网文本信息标准”,STD 11,RFC 822,1982年8月。
[11] Fuller, V., Li, T., Yu, J. and K. Varadhan, "Classless Inter-Domain Routing (CIDR): an Address Assignment and Aggregation Strategy", RFC 1519, September 1993.
[11] Fuller,V.,Li,T.,Yu,J.和K.Varadhan,“无类域间路由(CIDR):地址分配和聚合策略”,RFC 1519,1993年9月。
[12] D. Karrenberg and T. Bates. Description of inter-as networks in the ripe routing registry. Technical Report RIPE-104, RIPE, RIPE NCC, Amsterdam, Netherlands, December 1993.
[12] 卡伦伯格和贝茨。在成熟的路由注册表中描述内部as网络。技术报告CREATE-104,CREATE,CREATE NCC,荷兰阿姆斯特丹,1993年12月。
[13] D. Karrenberg and M. Terpstra. Authorisation and notification of changes in the ripe database. Technical Report ripe-120, RIPE, RIPE NCC, Amsterdam, Netherlands, October 1994.
[13] 卡伦伯格和特普斯特拉。授权和通知成熟数据库中的变更。技术报告CREATE-120,CREATE,CREATE NCC,荷兰阿姆斯特丹,1994年10月。
[14] B. W. Kernighan and D. M. Ritchie. The C Programming Language. Prentice-Hall, 1978.
[14] B.W.Kernighan和D.M.Ritchie。C编程语言。普伦蒂斯大厅,1978年。
[15] A. Lord and M. Terpstra. Ripe database template for networks and persons. Technical Report ripe-119, RIPE, RIPE NCC, Amsterdam, Netherlands, October 1994.
[15] 洛德和特普斯特拉。网络和个人的成熟数据库模板。技术报告CREATE-119,CREATE,CREATE NCC,荷兰阿姆斯特丹,1994年10月。
[16] A. M. R. Magee. Ripe ncc database documentation. Technical Report RIPE-157, RIPE, RIPE NCC, Amsterdam, Netherlands, May 1997.
[16] A.M.R.Magee。成熟的ncc数据库文档。技术报告CREATE-157,CREATE,CREATE NCC,荷兰阿姆斯特丹,1997年5月。
[17] Mockapetris, P., "Domain names - concepts and facilities", STD 13, RFC 1034, November 1987.
[17] Mockapetris,P.,“域名-概念和设施”,STD 13,RFC 1034,1987年11月。
[18] Y. Rekhter. Inter-domain routing protocol (idrp). Journal of Internetworking Research and Experience, 4:61--80, 1993.
[18] 雷克特。域间路由协议(idrp)。互联网研究与经验杂志,4:61-801993。
[19] Rekhter Y. and T. Li, "A Border Gateway Protocol 4 (BGP-4)", RFC 1771, March 1995.
[19] Rekhter Y.和T.Li,“边境网关协议4(BGP-4)”,RFC 1771,1995年3月。
[20] C. Villamizar, C. Alaettinouglu, D. Meyer, S. Murphy, and C. Orange. Routing policy system security", Work in Progress.
[20] C.维拉米扎、C.阿莱蒂努格鲁、D.迈耶、S.墨菲和C.奥兰治。路由策略系统安全”,正在进行中。
[21] Villamizar, C., Chandra, R. and R. Govindan, "BGP Route Flap Damping", RFC 2439, November 1998.
[21] Villamizar,C.,Chandra,R.和R.Govindan,“BGP路线襟翼阻尼”,RFC 2439,1998年11月。
[22] J. Zsako, "PGP authentication for ripe database updates", Work in Progress.
[22] J.Zsako,“成熟数据库更新的PGP认证”,正在进行中。
A Routing Registry Sites
路由注册表站点
The set of routing registries as of November 1996 are RIPE, RADB, CANet, MCI and ANS. You may contact one of these registries to find out the current list of registries.
截至1996年11月,路由注册系统已成熟,包括RADB、CANet、MCI和ANS。您可以联系其中一个注册系统以了解当前的注册系统列表。
B Grammar Rules
语法规则
In this section we provide formal grammar rules for RPSL. Basic data types are defined in Section 2. We do not provide formal grammar rules for attributes whose values are of basic types or list of basic types. The rules are written using the input language of GNU Bison parser. Hence, they can be cut and pasted to that program.
在本节中,我们将提供RPSL的正式语法规则。第2节定义了基本数据类型。对于值为基本类型或基本类型列表的属性,我们不提供形式语法规则。这些规则是使用GNU Bison解析器的输入语言编写的。因此,可以将它们剪切并粘贴到该程序中。
//**** Generic Attributes **********************************************
//**** Generic Attributes **********************************************
changed_attribute: ATTR_CHANGED TKN_EMAIL TKN_INT
已更改属性:属性已更改电子邮件
//**** aut-num class ***************************************************
//**** aut-num class ***************************************************
//// as_expression /////////////////////////////////////////////////////
//// as_expression /////////////////////////////////////////////////////
opt_as_expression: | as_expression
opt_as_表达式:| as_表达式
as_expression: as_expression OP_OR as_expression_term | as_expression_term
as_表达式:as_表达式OP_或as_表达式| as_表达式|
as_expression_term: as_expression_term OP_AND as_expression_factor | as_expression_term KEYW_EXCEPT as_expression_factor | as_expression_factor
as_表达式_项:as_表达式_项OP_和as_表达式_因子| as_表达式_项KEYW_,as_表达式_因子| as_表达式_因子除外
as_expression_factor: '(' as_expression ')' | as_expression_operand
as_表达式_因子:‘(‘as_表达式’)’as_表达式_操作数
as_expression_operand: TKN_ASNO | TKN_ASNAME
as_表达式_操作数:TKN_ASNO | TKN_ASNAME
//// router_expression /////////////////////////////////////////////////
//// router_expression /////////////////////////////////////////////////
opt_router_expression: | router_expression
opt_router_表达式:| router_表达式
opt_router_expression_with_at: | KEYW_AT router_expression
opt_router_expression_with_at:| KEYW_at router_expression
router_expression: router_expression OP_OR router_expression_term | router_expression_term
路由器表达式:路由器表达式OP或路由器表达式术语路由器表达式术语
router_expression_term: router_expression_term OP_AND router_expression_factor | router_expression_term KEYW_EXCEPT router_expression_factor | router_expression_factor
路由器表达式?术语:路由器表达式?术语OP?和路由器表达式?因子?路由器表达式?术语KEYW?除路由器表达式?因子?路由器表达式?因子外
router_expression_factor: '(' router_expression ')' | router_expression_operand
路由器表达式因子:‘(‘路由器表达式’)’路由器表达式操作数
router_expression_operand: TKN_IPV4 | TKN_DNS | TKN_RTRSNAME
路由器表达式操作数:TKN_IPV4 | TKN_DNS | TKN_RTRSNAME
//// peering ///////////////////////////////////////////////////////////
//// peering ///////////////////////////////////////////////////////////
peering: as_expression opt_router_expression opt_router_expression_with_at | TKN_PRNGNAME
对等:as_表达式opt_路由器_表达式opt_路由器_表达式_带| TKN_PRNGNAME
//// action ////////////////////////////////////////////////////////////
//// action ////////////////////////////////////////////////////////////
opt_action: | KEYW_ACTION action
opt_action:| KEYW_action action
action: single_action
| action single_action
single_action: TKN_RP_ATTR '.' TKN_WORD '(' generic_list ')' ';'
| TKN_RP_ATTR TKN_OPERATOR list_item ';'
| TKN_RP_ATTR '(' generic_list ')' ';'
| TKN_RP_ATTR '[' generic_list ']' ';'
| ';'
action: single_action
| action single_action
single_action: TKN_RP_ATTR '.' TKN_WORD '(' generic_list ')' ';'
| TKN_RP_ATTR TKN_OPERATOR list_item ';'
| TKN_RP_ATTR '(' generic_list ')' ';'
| TKN_RP_ATTR '[' generic_list ']' ';'
| ';'
//// filter ////////////////////////////////////////////////////////////
//// filter ////////////////////////////////////////////////////////////
filter: filter OP_OR filter_term | filter filter_term %prec OP_OR | filter_term
过滤器:过滤器操作或过滤器术语|过滤器术语%prec操作或|过滤器术语
filter_term : filter_term OP_AND filter_factor | filter_factor
过滤项:过滤项OP和过滤因子过滤因子
filter_factor : OP_NOT filter_factor | '(' filter ')' | filter_operand
过滤因子:OP_非过滤因子('filter')过滤操作数
filter_operand: KEYW_ANY
| '<' filter_aspath '>'
| filter_rp_attribute
| TKN_FLTRNAME
| filter_prefix
filter_operand: KEYW_ANY
| '<' filter_aspath '>'
| filter_rp_attribute
| TKN_FLTRNAME
| filter_prefix
filter_prefix: filter_prefix_operand OP_MS | filter_prefix_operand
过滤器前缀:过滤器前缀操作数操作数过滤器前缀操作数操作数
filter_prefix_operand: TKN_ASNO
| KEYW_PEERAS
| TKN_ASNAME
| TKN_RSNAME
| '{' opt_filter_prefix_list '}'
filter_prefix_operand: TKN_ASNO
| KEYW_PEERAS
| TKN_ASNAME
| TKN_RSNAME
| '{' opt_filter_prefix_list '}'
opt_filter_prefix_list: | filter_prefix_list
选择过滤器前缀列表:|过滤器前缀列表
filter_prefix_list: filter_prefix_list_prefix | filter_prefix_list ',' filter_prefix_list_prefix
过滤前缀列表:过滤前缀列表前缀过滤前缀列表
filter_prefix_list_prefix: TKN_PRFXV4 | TKN_PRFXV4RNG
过滤器前缀列表前缀:TKN\U PRFXV4 | TKN\U PRFXV4RNG
filter_aspath: filter_aspath '|' filter_aspath_term | filter_aspath_term
过滤路径:过滤路径'|'过滤路径|术语|过滤路径|术语
filter_aspath_term: filter_aspath_term filter_aspath_closure | filter_aspath_closure
过滤路径术语:过滤路径术语过滤路径闭包过滤路径闭包
filter_aspath_closure: filter_aspath_closure '*'
| filter_aspath_closure '?'
| filter_aspath_closure '+'
| filter_aspath_factor
filter_aspath_closure: filter_aspath_closure '*'
| filter_aspath_closure '?'
| filter_aspath_closure '+'
| filter_aspath_factor
filter_aspath_factor: '^'
| '$'
| '(' filter_aspath ')'
| filter_aspath_no
filter_aspath_factor: '^'
| '$'
| '(' filter_aspath ')'
| filter_aspath_no
filter_aspath_no: TKN_ASNO
| KEYW_PEERAS
| TKN_ASNAME
| '.'
| '[' filter_aspath_range ']'
| '[' '^' filter_aspath_range ']'
filter_aspath_no: TKN_ASNO
| KEYW_PEERAS
| TKN_ASNAME
| '.'
| '[' filter_aspath_range ']'
| '[' '^' filter_aspath_range ']'
filter_aspath_range:
| filter_aspath_range TKN_ASNO
| filter_aspath_range KEYW_PEERAS
| filter_aspath_range '.'
| filter_aspath_range TKN_ASNO '-' TKN_ASNO
| filter_aspath_range TKN_ASNAME
filter_aspath_range:
| filter_aspath_range TKN_ASNO
| filter_aspath_range KEYW_PEERAS
| filter_aspath_range '.'
| filter_aspath_range TKN_ASNO '-' TKN_ASNO
| filter_aspath_range TKN_ASNAME
filter_rp_attribute: TKN_RP_ATTR '.' TKN_WORD '(' generic_list ')'
| TKN_RP_ATTR TKN_OPERATOR list_item
| TKN_RP_ATTR '(' generic_list ')'
| TKN_RP_ATTR '[' generic_list ']'
filter_rp_attribute: TKN_RP_ATTR '.' TKN_WORD '(' generic_list ')'
| TKN_RP_ATTR TKN_OPERATOR list_item
| TKN_RP_ATTR '(' generic_list ')'
| TKN_RP_ATTR '[' generic_list ']'
//// peering action pair ///////////////////////////////////////////////
//// peering action pair ///////////////////////////////////////////////
import_peering_action_list: KEYW_FROM peering opt_action | import_peering_action_list KEYW_FROM peering opt_action
导入对等操作列表:来自对等选项操作的键w\u导入对等操作列表来自对等选项操作的键w\u
export_peering_action_list: KEYW_TO peering opt_action | export_peering_action_list KEYW_TO peering opt_action
导出对等操作列表:按键至对等选项操作导出对等操作列表按键至对等选项操作
//// import/export factor //////////////////////////////////////////////
//// import/export factor //////////////////////////////////////////////
import_factor: import_peering_action_list KEYW_ACCEPT filter
导入系数:导入对等操作列表键接受过滤器
import_factor_list: import_factor ';' | import_factor_list import_factor ';'
导入系数列表:导入系数“;”|导入系数列表导入系数“;”
export_factor: export_peering_action_list KEYW_ANNOUNCE filter
导出系数:导出对等操作列表关键字发布过滤器
export_factor_list: export_factor ';' | export_factor_list export_factor ';'
导出系数列表:导出系数“;”|导出系数列表导出系数“;”
//// import/export term ////////////////////////////////////////////////
//// import/export term ////////////////////////////////////////////////
import_term: import_factor ';'
| '{' import_factor_list '}'
import_term: import_factor ';'
| '{' import_factor_list '}'
export_term: export_factor ';'
| '{' export_factor_list '}'
export_term: export_factor ';'
| '{' export_factor_list '}'
//// import/export expression //////////////////////////////////////////
//// import/export expression //////////////////////////////////////////
import_expression: import_term | import_term KEYW_REFINE import_expression | import_term KEYW_EXCEPT import_expression
导入\表达式:导入\术语|导入\术语关键字|优化导入\表达式|导入\术语关键字|导入\表达式除外
export_expression: export_term | export_term KEYW_REFINE export_expression | export_term KEYW_EXCEPT export_expression
导出表达式:导出术语|导出术语关键字|细化导出表达式|导出术语关键字|导出表达式除外
//// protocol ///////////////////////////////////////////////////////////
//// protocol ///////////////////////////////////////////////////////////
opt_protocol_from: | KEYW_PROTOCOL tkn_word
opt_protocol_from:| KEYW_protocol tkn_word
opt_protocol_into: | KEYW_INTO tkn_word
opt|U protocol__in:| KEYW_进入tkn_字
//**** import/export attributes ****************************************
//**** import/export attributes ****************************************
import_attribute: ATTR_IMPORT | ATTR_IMPORT opt_protocol_from opt_protocol_into import_factor
import_属性:ATTR_import | ATTR_import opt_protocol_从opt_protocol_导入到import_因子
export_attribute: ATTR_EXPORT | ATTR_EXPORT opt_protocol_from opt_protocol_into export_factor
export_属性:ATTR_export | ATTR_export opt_protocol_从opt_protocol_导出到export_因子
opt_default_filter: | KEYW_NETWORKS filter
opt_default_过滤器:| KEYW_网络过滤器
default_attribute: ATTR_DEFAULT KEYW_TO peering
default_属性:ATTR_default KEYW_TO peering
filter_attribute: ATTR_FILTER filter
过滤器属性:属性过滤器过滤器过滤器
peering_attribute: ATTR_PEERING peering
对等属性:属性对等对等
//**** inet-rtr class **************************************************
//**** inet-rtr class **************************************************
ifaddr_attribute: ATTR_IFADDR TKN_IPV4 KEYW_MASKLEN TKN_INT opt_action
ifaddr\u属性:ATTR\u ifaddr TKN\u IPV4密钥w\u MASKLEN TKN\u INT opt\u操作
//// peer attribute ////////////////////////////////////////////////////
//// peer attribute ////////////////////////////////////////////////////
opt_peer_options: | peer_options
opt_peer_选项:| peer_选项
peer_options: peer_option | peer_options ',' peer_option
对等选项:对等选项、对等选项、对等选项
peer_option: tkn_word '(' generic_list ')'
对等选项:tkn_单词'(“通用列表”)'
peer_id: TKN_IPV4
| TKN_DNS
| TKN_RTRSNAME
| TKN_PRNGNAME
peer_id: TKN_IPV4
| TKN_DNS
| TKN_RTRSNAME
| TKN_PRNGNAME
peer_attribute: ATTR_PEER tkn_word peer_id opt_peer_options
peer_属性:ATTR_peer tkn_word peer_id opt_peer_选项
//**** route class *****************************************************
//**** route class *****************************************************
aggr_bndry_attribute: ATTR_AGGR_BNDRY as_expression
aggr_bndry_属性:ATTR_aggr_bndry as_表达式
aggr_mtd_attribute: ATTR_AGGR_MTD KEYW_INBOUND | ATTR_AGGR_MTD KEYW_OUTBOUND opt_as_expression
aggr_mtd_属性:ATTR_aggr_mtd KEYW_INBOUND | ATTR_aggr_mtd KEYW_OUTBOUND opt_as_表达式
//// inject attribute //////////////////////////////////////////////////
//// inject attribute //////////////////////////////////////////////////
opt_inject_expression: | KEYW_UPON inject_expression
opt_inject_表达式:|在inject_表达式上键入
inject_expression: inject_expression OP_OR inject_expression_term | inject_expression_term
注入表达式:注入表达式OP_或注入表达式|注入表达式|术语
inject_expression_term: inject_expression_term OP_AND inject_expression_factor | inject_expression_factor
注入表达式项:注入表达式项OP和注入表达式项因子注入表达式项因子
inject_expression_factor: '(' inject_expression ')' | inject_expression_operand
注入表达式因子:'('注入表达式')';注入表达式操作数
inject_expression_operand: KEYW_STATIC
| KEYW_HAVE_COMPONENTS '{' opt_filter_prefix_list '}'
| KEYW_EXCLUDE '{' opt_filter_prefix_list '}'
inject_expression_operand: KEYW_STATIC
| KEYW_HAVE_COMPONENTS '{' opt_filter_prefix_list '}'
| KEYW_EXCLUDE '{' opt_filter_prefix_list '}'
inject_attribute: ATTR_INJECT opt_router_expression_with_at opt_action opt_inject_expression
inject_属性:ATTR_inject opt_router_expression_与opt_at opt_action opt_inject_expression
//// components attribute //////////////////////////////////////////////
//// components attribute //////////////////////////////////////////////
opt_atomic: | KEYW_ATOMIC
opt_原子:| KEYW_原子
components_list: | filter | components_list KEYW_PROTOCOL tkn_word filter
组件列表:|过滤器|组件列表键W|U协议tkn|字过滤器
components_attribute: ATTR_COMPONENTS opt_atomic components_list
组件属性:属性组件选项原子组件列表
//**** route-set *******************************************************
//**** route-set *******************************************************
opt_rs_members_list: /* empty list */
| rs_members_list
opt_rs_members_list: /* empty list */
| rs_members_list
rs_members_list: rs_member | rs_members_list ',' rs_member
rs|U成员名单:rs|U成员| rs|U成员名单',“rs|U成员”
rs_member: TKN_ASNO
| TKN_ASNO OP_MS
| TKN_ASNAME
| TKN_ASNAME OP_MS
| TKN_RSNAME
| TKN_RSNAME OP_MS
| TKN_PRFXV4
rs_member: TKN_ASNO
| TKN_ASNO OP_MS
| TKN_ASNAME
| TKN_ASNAME OP_MS
| TKN_RSNAME
| TKN_RSNAME OP_MS
| TKN_PRFXV4
| TKN_PRFXV4RNG
|TKN_PRFXV4RNG
rs_members_attribute: ATTR_RS_MEMBERS opt_rs_members_list
rs_成员属性:属性rs_成员选项rs_成员列表
//**** dictionary ******************************************************
//**** dictionary ******************************************************
rpattr_attribute: ATTR_RP_ATTR TKN_WORD methods | ATTR_RP_ATTR TKN_RP_ATTR methods
rpattr_属性:ATTR_RP_ATTR TKN_单词方法| ATTR_RP_ATTR TKN_RP_ATTR方法
methods: method | methods method
方法:方法|方法
method: TKN_WORD '(' ')'
| TKN_WORD '(' typedef_type_list ')'
| TKN_WORD '(' typedef_type_list ',' TKN_3DOTS ')'
| KEYW_OPERATOR TKN_OPERATOR '(' typedef_type_list ')'
| KEYW_OPERATOR TKN_OPERATOR '(' typedef_type_list ',' TKN_3DOTS ')'
method: TKN_WORD '(' ')'
| TKN_WORD '(' typedef_type_list ')'
| TKN_WORD '(' typedef_type_list ',' TKN_3DOTS ')'
| KEYW_OPERATOR TKN_OPERATOR '(' typedef_type_list ')'
| KEYW_OPERATOR TKN_OPERATOR '(' typedef_type_list ',' TKN_3DOTS ')'
//// typedef attribute ////////////////////////////////////////////////
//// typedef attribute ////////////////////////////////////////////////
typedef_attribute: ATTR_TYPEDEF TKN_WORD typedef_type
typedef_属性:ATTR_typedef TKN_单词typedef_type
typedef_type_list: typedef_type | typedef_type_list ',' typedef_type
类型定义类型列表:类型定义类型
typedef_type: KEYW_UNION typedef_type_list
| KEYW_RANGE KEYW_OF typedef_type
| TKN_WORD
| TKN_WORD '[' TKN_INT ',' TKN_INT ']'
| TKN_WORD '[' TKN_REAL ',' TKN_REAL ']'
| TKN_WORD '[' enum_list ']'
| KEYW_LIST '[' TKN_INT ':' TKN_INT ']' KEYW_OF typedef_type
| KEYW_LIST KEYW_OF typedef_type
typedef_type: KEYW_UNION typedef_type_list
| KEYW_RANGE KEYW_OF typedef_type
| TKN_WORD
| TKN_WORD '[' TKN_INT ',' TKN_INT ']'
| TKN_WORD '[' TKN_REAL ',' TKN_REAL ']'
| TKN_WORD '[' enum_list ']'
| KEYW_LIST '[' TKN_INT ':' TKN_INT ']' KEYW_OF typedef_type
| KEYW_LIST KEYW_OF typedef_type
enum_list: tkn_word | enum_list ',' tkn_word
枚举列表:tkn_单词|枚举列表“,”tkn_单词
//// protocol attribute ////////////////////////////////////////////////
//// protocol attribute ////////////////////////////////////////////////
protocol_attribute: ATTR_PROTOCOL tkn_word protocol_options
协议\属性:属性\协议tkn\字协议\选项
protocol_options: | protocol_options protocol_option
协议选项:|协议选项协议选项
protocol_option: KEYW_MANDATORY method | KEYW_OPTIONAL method
协议选项:KEYW_强制方法| KEYW_可选方法
//**** Token Definitions ***********************************************
//**** Token Definitions ***********************************************
//// flex macros used in token definitions /////////////////////////////
INT [[:digit:]]+
SINT [+-]?{INT}
REAL [+-]?{INT}?\.{INT}({WS}*E{WS}*[+-]?{INT})?
NAME [[:alpha:]]([[:alnum:]_-]*[[:alnum:]])?
ASNO AS{INT}
ASNAME AS-[[:alnum:]_-]*[[:alnum:]]
RSNAME RS-[[:alnum:]_-]*[[:alnum:]]
RTRSNAME RTRS-[[:alnum:]_-]*[[:alnum:]]
PRNGNAME PRNG-[[:alnum:]_-]*[[:alnum:]]
FLTRNAME FLTR-[[:alnum:]_-]*[[:alnum:]]
IPV4 [0-9]+(\.[0-9]+){3,3}
PRFXV4 {IPV4}\/[0-9]+
PRFXV4RNG {PRFXV4}("^+"|"^-"|"^"{INT}|"^"{INT}-{INT})
ENAMECHAR [^()<>,;:\\\"\.[\] \t\r]
ENAME ({ENAMECHAR}+(\.{ENAMECHAR}+)*\.?)|(\"[^\"@\\\r\n]+\")
DNAME [[:alnum:]_-]+
//// Token Definitions ////////////////////////////////////////////////
TKN_INT {SINT}
TKN_INT {INT}:{INT} if each {INT} is two octets
TKN_INT {INT}.{INT}.{INT}.{INT} if each {INT} is one octet
TKN_REAL {REAL}
TKN_STRING Same as in programming language C
TKN_IPV4 {IPV4}
TKN_PRFXV4 {PRFXV4}
TKN_PRFXV4RNG {PRFXV4RNG}
TKN_ASNO {ASNO}
TKN_ASNAME (({ASNO}|peeras|{ASNAME}):)*{ASNAME}\
(:({ASNO}|peeras|{ASNAME}))*
TKN_RSNAME (({ASNO}|peeras|{RSNAME}):)*{RSNAME}\
(:({ASNO}|peeras|{RSNAME}))*
TKN_RTRSNAME (({ASNO}|peeras|{RTRSNAME}):)*{RTRSNAME}\
(:({ASNO}|peeras|{RTRSNAME}))*
TKN_PRNGNAME (({ASNO}|peeras|{PRNGNAME}):)*{PRNGNAME}\
(:({ASNO}|peeras|{PRNGNAME}))*
TKN_FLTRNAME (({ASNO}|peeras|{FLTRNAME}):)*{FLTRNAME}\
(:({ASNO}|peeras|{FLTRNAME}))*
TKN_BOOLEAN true|false
TKN_RP_ATTR {NAME} if defined in dictionary
TKN_WORD {NAME}
TKN_DNS {DNAME}("."{DNAME})+
TKN_EMAIL {ENAME}@({DNAME}("."{DNAME})+|{IPV4})
//// flex macros used in token definitions /////////////////////////////
INT [[:digit:]]+
SINT [+-]?{INT}
REAL [+-]?{INT}?\.{INT}({WS}*E{WS}*[+-]?{INT})?
NAME [[:alpha:]]([[:alnum:]_-]*[[:alnum:]])?
ASNO AS{INT}
ASNAME AS-[[:alnum:]_-]*[[:alnum:]]
RSNAME RS-[[:alnum:]_-]*[[:alnum:]]
RTRSNAME RTRS-[[:alnum:]_-]*[[:alnum:]]
PRNGNAME PRNG-[[:alnum:]_-]*[[:alnum:]]
FLTRNAME FLTR-[[:alnum:]_-]*[[:alnum:]]
IPV4 [0-9]+(\.[0-9]+){3,3}
PRFXV4 {IPV4}\/[0-9]+
PRFXV4RNG {PRFXV4}("^+"|"^-"|"^"{INT}|"^"{INT}-{INT})
ENAMECHAR [^()<>,;:\\\"\.[\] \t\r]
ENAME ({ENAMECHAR}+(\.{ENAMECHAR}+)*\.?)|(\"[^\"@\\\r\n]+\")
DNAME [[:alnum:]_-]+
//// Token Definitions ////////////////////////////////////////////////
TKN_INT {SINT}
TKN_INT {INT}:{INT} if each {INT} is two octets
TKN_INT {INT}.{INT}.{INT}.{INT} if each {INT} is one octet
TKN_REAL {REAL}
TKN_STRING Same as in programming language C
TKN_IPV4 {IPV4}
TKN_PRFXV4 {PRFXV4}
TKN_PRFXV4RNG {PRFXV4RNG}
TKN_ASNO {ASNO}
TKN_ASNAME (({ASNO}|peeras|{ASNAME}):)*{ASNAME}\
(:({ASNO}|peeras|{ASNAME}))*
TKN_RSNAME (({ASNO}|peeras|{RSNAME}):)*{RSNAME}\
(:({ASNO}|peeras|{RSNAME}))*
TKN_RTRSNAME (({ASNO}|peeras|{RTRSNAME}):)*{RTRSNAME}\
(:({ASNO}|peeras|{RTRSNAME}))*
TKN_PRNGNAME (({ASNO}|peeras|{PRNGNAME}):)*{PRNGNAME}\
(:({ASNO}|peeras|{PRNGNAME}))*
TKN_FLTRNAME (({ASNO}|peeras|{FLTRNAME}):)*{FLTRNAME}\
(:({ASNO}|peeras|{FLTRNAME}))*
TKN_BOOLEAN true|false
TKN_RP_ATTR {NAME} if defined in dictionary
TKN_WORD {NAME}
TKN_DNS {DNAME}("."{DNAME})+
TKN_EMAIL {ENAME}@({DNAME}("."{DNAME})+|{IPV4})
C Changes from RFC 2280
C对RFC 2280的更改
RFC 2280 [3] contains an earlier version of RPSL. This section summarizes the changes since then. They are as follows:
RFC 2280[3]包含RPSL的早期版本。本节总结了自那时以来的变化。详情如下:
o It is now possible to write integers as sequence of four 1-octet integers (e.g. 1.1.1.1) or as sequence of two 2-octet integers (e.g. 3561:70). Please see Section 2.
o 现在可以将整数写入四个1-octet整数的序列(例如1.1.1.1)或两个2-octet整数的序列(例如3561:70)。请参见第2节。
o The definition of address prefix range is extended so that an address prefix is also an address prefix range. Please see Section 2.
o 扩展了地址前缀范围的定义,使地址前缀也是地址前缀范围。请参见第2节。
o The semantics for a range operator applied to a set containing address prefix ranges is defined (e.g. {30.0.0.0/8^24-28}^27-30). Please see Section 2.
o 定义了应用于包含地址前缀范围的集合的范围运算符的语义(例如{30.0.0.0/8^24-28}^27-30)。请参见第2节。
o All dates are now in UTC. Please see Section 2.
o 现在所有日期都是UTC。请参见第2节。
o Plus ('+') character is added to space and tab characters to split an attribute's value to multiple lines (i.e. by starting the following lines with a space, a tab or a plus ('+') character). Please see Section 2.
o 加号(“+”)字符添加到空格和制表符中,以将属性的值拆分为多行(即,以空格、制表符或加号(“+”)字符开始以下行)。请参见第2节。
o The withdrawn attribute of route class is removed from the language.
o route类的撤回属性将从语言中删除。
o filter-set class is introduced. Please see Section 5.4.
o 介绍了过滤器集类。请参见第5.4节。
o rtr-set class is introduced. Please see Section 5.5.
o 介绍了rtr集合类。请参见第5.5节。
o peering-set class is introduced. Please see Section 5.6.
o 介绍了对等集类。请参见第5.6节。
o Filters can now refer to filter-set names. Please see Section 5.4.
o 过滤器现在可以引用过滤器集名称。请参见第5.4节。
o Peerings can now refer to peering-set, rtr-set names. Both local and peer routers can be specified using router expressions. Please see Section 5.6.
o 对等现在可以引用对等集、rtr集名称。可以使用路由器表达式指定本地路由器和对等路由器。请参见第5.6节。
o The peer attribute of the inet-rtr class can refer to peering-set, rtr-set names. Please see Section 9.
o inet rtr类的对等属性可以引用对等集、rtr集名称。请参见第9节。
o The syntax and semantics of union, and list types and typedef attribute have changed. Please see Section 7.
o union、列表类型和typedef属性的语法和语义已更改。请参见第7节。
o In the initial dictionary, the typedef attribute defining the community_elm, rp-attribute defining the community attribute has changed. Please see Section 7.
o 在初始字典中,定义社区属性的typedef属性、定义社区属性的rp属性已更改。请参见第7节。
o Guideliness for extending RPSL is added. Please see Section 10.
o 增加了扩展RPSL的指导性。请参见第10节。
o Formal grammar rules are added. Please see Appendix B.
o 增加了形式语法规则。请参见附录B。
D Authors' Addresses
D.作者地址
Cengiz Alaettinoglu USC/Information Sciences Institute
Cengiz Alaettinoglu USC/信息科学研究所
EMail: cengiz@isi.edu
EMail: cengiz@isi.edu
Curtis Villamizar Avici Systems
Curtis Villamizar Avici系统公司
EMail: curtis@avici.com
EMail: curtis@avici.com
Elise Gerich At Home Network
Elise Gerich家庭网络
EMail: epg@home.net
EMail: epg@home.net
David Kessens Qwest Communications
大卫·凯森斯Qwest通信公司
EMail: David.Kessens@qwest.net
EMail: David.Kessens@qwest.net
David Meyer University of Oregon
戴维迈耶俄勒冈大学
EMail: meyer@antc.uoregon.edu
EMail: meyer@antc.uoregon.edu
Tony Bates Cisco Systems, Inc.
托尼·贝茨思科系统公司。
EMail: tbates@cisco.com
EMail: tbates@cisco.com
Daniel Karrenberg RIPE NCC
丹尼尔·卡伦伯格
EMail: dfk@ripe.net
EMail: dfk@ripe.net
Marten Terpstra c/o Bay Networks, Inc.
Marten Terpstra c/o海湾网络公司。
EMail: marten@BayNetworks.com
EMail: marten@BayNetworks.com
Full Copyright Statement
完整版权声明
Copyright (C) The Internet Society (1999). All Rights Reserved.
版权所有(C)互联网协会(1999年)。版权所有。
This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implmentation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English.
本文件及其译本可复制并提供给他人,对其进行评论或解释或协助其实施的衍生作品可全部或部分编制、复制、出版和分发,不受任何限制,前提是上述版权声明和本段包含在所有此类副本和衍生作品中。但是,不得以任何方式修改本文件本身,例如删除版权通知或对互联网协会或其他互联网组织的引用,除非出于制定互联网标准的需要,在这种情况下,必须遵循互联网标准过程中定义的版权程序,或根据需要将其翻译成英语以外的其他语言。
The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns.
上述授予的有限许可是永久性的,互联网协会或其继承人或受让人不会撤销。
This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
本文件和其中包含的信息是按“原样”提供的,互联网协会和互联网工程任务组否认所有明示或暗示的保证,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。
Acknowledgement
确认
Funding for the RFC Editor function is currently provided by the Internet Society.
RFC编辑功能的资金目前由互联网协会提供。