Network Working Group D. Meyer
Request for Comments: 2650 Cisco Systems
Category: Informational J. Schmitz
America On-Line
C. Orange
RIPE NCC
M. Prior
Connect
C. Alaettinoglu
USC/ISI
August 1999
Network Working Group D. Meyer
Request for Comments: 2650 Cisco Systems
Category: Informational J. Schmitz
America On-Line
C. Orange
RIPE NCC
M. Prior
Connect
C. Alaettinoglu
USC/ISI
August 1999
Using RPSL in Practice
RPSL在实践中的应用
Status of this Memo
本备忘录的状况
This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited.
本备忘录为互联网社区提供信息。它没有规定任何类型的互联网标准。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (C) The Internet Society (1999). All Rights Reserved.
版权所有(C)互联网协会(1999年)。版权所有。
Abstract
摘要
This document is a tutorial on using the Routing Policy Specification Language (RPSL) to describe routing policies in the Internet Routing Registry (IRR). We explain how to specify various routing policies and configurations using RPSL, how to register these policies in the IRR, and how to analyze them using the routing policy analysis tools, for example to generate vendor specific router configurations.
本文档是关于使用路由策略规范语言(RPSL)描述Internet路由注册表(IRR)中的路由策略的教程。我们将解释如何使用RPSL指定各种路由策略和配置,如何在IRR中注册这些策略,以及如何使用路由策略分析工具对它们进行分析,例如生成特定于供应商的路由器配置。
1 Introduction
1导言
This document is a tutorial on RPSL and is targeted towards an Internet/Network Service Provider (ISP/NSP) engineer who understands Internet routing, but is new to RPSL and to the IRR. Readers are referred to the RPSL reference document (RFC 2622) [1] for completeness. It is also good to have that document at hand while working through this tutorial.
本文档是关于RPSL的教程,面向了解Internet路由的Internet/网络服务提供商(ISP/NSP)工程师,但对RPSL和IRR来说是新手。读者可参考RPSL参考文件(RFC 2622)[1]了解完整性。在学习本教程时,手头有该文档也很好。
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119.
本文件中的关键词“必须”、“不得”、“要求”、“应”、“不得”、“应”、“不应”、“建议”、“可”和“可选”应按照RFC 2119中的说明进行解释。
The IRR is a repository of routing policies. Currently, the IRR repository is a set of five repositories maintained at the following sites: the CA*Net registry in Canada, the ANS, CW and RADB registries in the United States of America, and the RIPE registry in Europe. The five repositories are run independently. However, each site exchanges its data with the others regularly (at least once a day and as often as every ten minutes). CW, CA*Net and ANS are private registries which contain the routing policies of the networks and the customer networks of CW, CA*Net, and ANS respectively. RADB and RIPE are both public registries, and any ISP can publish their policies in these registries.
IRR是路由策略的存储库。目前,IRR存储库由五个存储库组成,分别位于以下站点:加拿大的CA*Net注册中心、美国的ANS、CW和RADB注册中心以及欧洲的成熟注册中心。这五个存储库是独立运行的。然而,每个站点都定期和其他站点交换数据(至少每天一次,每十分钟一次)。CW、CA*Net和ANS是私有注册中心,分别包含CW、CA*Net和ANS的网络和客户网络的路由策略。RADB和RIMED都是公共注册中心,任何ISP都可以在这些注册中心发布其策略。
The registries all maintain up-to-date copies of one another's data. At any of the sites, the five registries can be inspected as a set. One should refrain from registering his/her data in more than one of the registries, as this practice leads almost invariably to inconsistencies in the data. The user trying to interpret the data is left in a confusing (at best) situation. CW, ANS and CA*Net customers are generally required to register their policies in their provider's registry. Others may register policies either at the RIPE or RADB registry, as preferred.
各登记处都保存着彼此数据的最新副本。在任何一个地点,这五个登记处都可以作为一个整体进行检查。人们应避免在一个以上的登记处登记其数据,因为这种做法几乎总是导致数据不一致。试图解释数据的用户处于令人困惑的(充其量)状态。CW、ANS和CA*Net客户通常需要在其提供商的注册表中注册其策略。其他人可以根据需要在RIME或RADB注册中心注册保单。
RPSL is based on RIPE-181 [2, 3], a language used to register routing policies and configurations in the IRR. Operational use of RIPE-181 has shown that it is sometimes difficult (or impossible) to express a routing policy which is used in practice. RPSL has been developed to address these shortcomings and to provide a language which can be further extended as the need arises. RPSL obsoletes RIPE-181.
RPSL基于RIME-181[2,3],一种用于在IRR中注册路由策略和配置的语言。CREAME-181的实际使用表明,有时很难(或不可能)表达实际使用的路由策略。开发RPSL是为了解决这些缺点,并提供一种可根据需要进一步扩展的语言。RPSL淘汰了RIME-181。
RPSL constructs are expressed in one or more database "objects" which are registered in one of the registries described above. Each database object contains some routing policy information and some necessary administrative data. For example, an address prefix routed in the inter-domain mesh is specified in a route object, and the peering policies of an AS are specified in an aut-num object. The database objects are related to each other by reference. For example, a route object must refer to the aut-num object for the AS in which it is originated. Implicitly, these relationships define sets of objects, which can be used to specify policies effecting all members. For example, we can specify a policy for all routes of an ISP, by referring to the AS number in which the routes are registered to be originated.
RPSL构造在一个或多个数据库“对象”中表示,这些对象在上述一个注册表中注册。每个数据库对象都包含一些路由策略信息和一些必要的管理数据。例如,在域间网格中路由的地址前缀在路由对象中指定,AS的对等策略在aut num对象中指定。数据库对象通过引用相互关联。例如,路由对象必须引用其起源的AS的aut num对象。这些关系隐式地定义了对象集,可用于指定影响所有成员的策略。例如,我们可以为ISP的所有路由指定一个策略,方法是引用注册为发起路由的AS编号。
When objects are registered in the IRR, they become available for others to query using a whois service. Figure 1 illustrates the use of the whois command to obtain the route object for 128.223.0.0/16. The output of the whois command is the ASCII representation of the route object. The syntax and semantics of the route object are
当对象在IRR中注册时,其他人可以使用whois服务查询它们。图1说明了如何使用whois命令获取128.223.0.0/16的route对象。whois命令的输出是路由对象的ASCII表示形式。route对象的语法和语义如下
described in Appendix A.3. Registered policies can also be compared with others for consistency and they can be used to diagnose operational routing problems in the Internet.
如附录A.3所述。注册的策略还可以与其他策略进行一致性比较,并可用于诊断Internet中的操作路由问题。
% whois -h whois.ra.net 128.223.0.0/16
route: 128.223.0.0/16
descr: UONet
descr: University of Oregon
descr: Computing Center
descr: Eugene, OR 97403-1212
descr: USA
origin: AS3582
mnt-by: MAINT-AS3582
changed: meyer@ns.uoregon.edu 19960222
source: RADB
% whois -h whois.ra.net 128.223.0.0/16
route: 128.223.0.0/16
descr: UONet
descr: University of Oregon
descr: Computing Center
descr: Eugene, OR 97403-1212
descr: USA
origin: AS3582
mnt-by: MAINT-AS3582
changed: meyer@ns.uoregon.edu 19960222
source: RADB
Figure 1: whois command and a route object.
图1:whois命令和路由对象。
The RAToolSet [6] is a suite of tools which can be used to analyze the routing registry data. It includes tools to configure routers (RtConfig), tools to analyze paths on the Internet (prpath and prtraceroute), and tools to compare, validate and register RPSL objects (roe, aoe and prcheck).
RAToolSet[6]是一套工具,可用于分析路由注册表数据。它包括用于配置路由器(RtConfig)的工具、用于分析Internet上路径的工具(prpath和prtraceroute),以及用于比较、验证和注册RPSL对象(roe、aoe和prcheck)的工具。
In the following section, we will describe how common routing policies can be expressed in RPSL. The objects themselves are described in Appendix A. Authoritative information on the IRR objects, however, should be sought in RFC-2622, and authoritative information on general database objects (person, role, and maintainers) and on querying and updating the registry databases, should be sought in RIPE-157 [4]. Section 3.2 describes the use of RtConfig to generate vendor specific router configurations.
在下一节中,我们将描述如何在RPSL中表达常见的路由策略。对象本身在附录A中进行了描述。但是,应在RFC-2622中查找关于IRR对象的权威信息,而关于一般数据库对象(人员、角色和维护人员)以及关于查询和更新注册表数据库的权威信息,应在RFC-157中查找[4]。第3.2节介绍了使用RtConfig生成特定于供应商的路由器配置。
2 Specifying Policy in RPSL
2在RPSL中指定策略
The key purpose of RPSL is to allow you to specify your routing configuration in the public Internet Routing Registry (IRR), so that you and others can check your policies and announcements for consistency. Moreover, in the process of setting policies and configuring routers, you take the policies and configurations of others into account.
RPSL的主要目的是允许您在公共Internet路由注册表(IRR)中指定路由配置,以便您和其他人可以检查策略和公告的一致性。此外,在设置策略和配置路由器的过程中,您会考虑其他人的策略和配置。
In this section, we begin by showing how some simple peering policies can be expressed in RPSL. We will build on that to introduce various database objects that will be needed in order to register policies in the IRR, and to show how more complex policies can be expressed.
在本节中,我们首先展示如何在RPSL中表达一些简单的对等策略。我们将在此基础上介绍在IRR中注册策略所需的各种数据库对象,并展示如何表达更复杂的策略。
The peering policies of an AS are registered in an aut-num object which looks something like that in Figure 2. We will focus on the semantics of the import and export attributes in which peering policies are expressed. We will also describe some of the other key attributes in the aut-num object, but the reader should refer to RFC-2622 or to RIPE-157 for the definitive descriptions.
AS的对等策略注册在aut num对象中,该对象类似于图2所示。我们将重点讨论表示对等策略的导入和导出属性的语义。我们还将描述aut num对象中的一些其他关键属性,但读者应参考RFC-2622或RIME-157了解最终描述。
aut-num: AS2
as-name: CAT-NET
descr: Catatonic State University
import: from AS1 accept ANY
import: from AS3 accept <^AS3+$>
export: to AS3 announce ANY
export: to AS1 announce AS2 AS3
admin-c: AO36-RIPE
tech-c: CO19-RIPE
mnt-by: OPS4-RIPE
changed: orange@ripe.net
source: RIPE
aut-num: AS2
as-name: CAT-NET
descr: Catatonic State University
import: from AS1 accept ANY
import: from AS3 accept <^AS3+$>
export: to AS3 announce ANY
export: to AS1 announce AS2 AS3
admin-c: AO36-RIPE
tech-c: CO19-RIPE
mnt-by: OPS4-RIPE
changed: orange@ripe.net
source: RIPE
Figure 2: Autonomous System Object
图2:自治系统对象
Now consider Figure 3 (AS4 and AS5 in the figure will be discussed later). The peering policies expressed in the AS2 aut-num object in Figure 2 are typical for a small service provider providing connectivity for a customer AS3 and using AS1 for transit. That is, AS2 only accepts announcements from AS3 which:
现在考虑图3(图中的AS4和AS5将在后面讨论)。图2中AS2 aut num对象中表示的对等策略对于为客户AS3提供连接并使用AS1进行传输的小型服务提供商来说是典型的。也就是说,AS2只接受来自AS3的公告,其中:
o are originated in AS3; and
o 起源于AS3;和
o have paths composed of only AS3's (^ in <^AS3+$> means that AS3 is the first member of the path, + means that AS3 occurs one or more times in the path, and $ means that no other AS can be present in the path after AS3) (1).
o 路径仅由AS3组成(^in<^AS3+$>表示AS3是路径的第一个成员,+表示AS3在路径中出现一次或多次,$表示AS3之后的路径中不能出现其他AS)(1)。
To AS1, AS2 announces only those routes which originate in their AS or in their customer's AS.
对于AS1,AS2仅公布源于其AS或其客户AS的路线。
AS1--------AS2--------AS3
| |
| |
AS4--------AS5
AS1--------AS2--------AS3
| |
| |
AS4--------AS5
Figure 3: Some Neighboring ASes.
图3:一些相邻的ASE。
In the example above, "accept ANY" in the import attribute indicates that AS2 will accept any announcements that AS1 sends, and "announce ANY" in the export attribute indicates that any route that AS2 has in its routing table will be passed on to AS3. Assuming that AS1 announces "ANY" to AS2, AS2 is taking full routing from AS1.
在上面的示例中,import属性中的“accept ANY”表示AS2将接受AS1发送的任何通知,export属性中的“annound ANY”表示AS2在其路由表中的任何路由都将传递给AS3。假设AS1向AS2宣布“ANY”,AS2将从AS1获取完整路由。
Note that with this peering arrangement, if AS1 adds or deletes route objects, there is no need to update any of the aut-num objects to continue the full routing policy. Added (or deleted) route objects will implicitly update AS1's and AS2's policies.
请注意,使用这种对等安排,如果AS1添加或删除路由对象,则无需更新任何aut num对象以继续完整路由策略。添加(或删除)的路由对象将隐式更新AS1和AS2的策略。
While the peering policy specified in Figure 2 for AS2 is common, in practice many peering agreements are more complex. Before we consider more examples, however, let's first consider the aut-num object itself. Note that it is just a set of attribute labels and values which can be submitted to one of the registry databases. This particular object is specified as being in (or headed for) the RIPE registry (see the last line in Figure 2). The source should be specified as one of ANS, CANET, CW, RADB, or RIPE depending on the registry in which the object is maintained. The source attribute must be specified in every database object.
虽然图2中为AS2指定的对等策略很常见,但实际上许多对等协议更为复杂。在我们考虑更多的例子之前,首先让我们考虑一下AUT NUM对象本身。请注意,它只是一组属性标签和值,可以提交到其中一个注册表数据库。这个特定对象被指定为位于(或指向)成熟注册表中(参见图2中的最后一行)。源应指定为ANS、CANET、CW、RADB或CREAME中的一个,具体取决于维护对象的注册表。必须在每个数据库对象中指定源属性。
It is also worth noting that this object is "maintained by" OPS4-RIPE (the value of the mnt-by attribute), which references a "mntner" object. Because the aut-num object may be used for router configuration and other operational purposes, the readers need to be able to count on the validity of its contents. It is therefore required that a mntner be specified in the aut-num and in most other database objects, which means you must create a mntner object before you can register your peering policies. For brief information on the "mntner" object and object writeability, see Appendix A of this document. For more extensive information on how to set up and use a mntner to protect your database objects, see Section 2.3 of RIPE-157.
还值得注意的是,这个对象是“由”OPS4-crime(mntby属性的值)维护的,它引用了一个“mntner”对象。由于aut num对象可用于路由器配置和其他操作目的,因此读者需要能够依赖其内容的有效性。因此,需要在aut num和大多数其他数据库对象中指定mntner,这意味着您必须先创建mntner对象,然后才能注册对等策略。有关“mntner”对象和对象可写性的简要信息,请参阅本文档附录A。有关如何设置和使用mntner保护数据库对象的更多详细信息,请参阅RIME-157第2.3节。
It is not uncommon for an ISP to acquire connectivity from a transit provider which announces all routes to it, which it in turn passes on to its customers to allow them to access hosts on the global Internet. Meanwhile, the ISP will generally announce the routes of its customers networks to the transit ISP, making them accessible on the global Internet. This is the service that is specified in Figure 2 for AS3.
ISP从公交运营商处获得连接并不罕见,公交运营商会公布通往ISP的所有路线,然后将这些路线传递给其客户,以允许他们访问全球互联网上的主机。同时,ISP通常会向运输ISP公布其客户网络的路由,使其可以在全球互联网上访问。这是图2中为AS3指定的服务。
Consider again Figure 3. Suppose now that AS2 wants to provide the same service to AS4. Clearly, it would be easy to modify the import and export lines in the aut-num object for AS2 (Figure 2) to those shown in Figure 4.
再次考虑图3。现在假设AS2希望向AS4提供相同的服务。显然,将AS2(图2)的aut num对象中的导入和导出行修改为图4所示的行是很容易的。
import: from AS1 accept ANY
import: from AS3 accept <^AS3+$>
import: from AS4 accept <^AS4+$>
export: to AS3 announce ANY
export: to AS4 announce ANY
export: to AS1 announce AS2 AS3 AS4
import: from AS1 accept ANY
import: from AS3 accept <^AS3+$>
import: from AS4 accept <^AS4+$>
export: to AS3 announce ANY
export: to AS4 announce ANY
export: to AS1 announce AS2 AS3 AS4
Figure 4: Policy for AS3 and AS4 in the AS2 as-num object
图4:AS2 as num对象中AS3和AS4的策略
These changes are trivial to make of course, but clearly as the number of AS2 customers grows, it becomes more difficult to keep track of, and to prevent errors. Note also that if AS1 is selective about only accepting routes from the customers of AS2 from AS2, the aut-num object for AS1 would have to be adjusted to accommodate AS2's new customer.
当然,这些更改微不足道,但很明显,随着AS2客户数量的增加,跟踪和防止错误变得更加困难。还请注意,如果AS1选择仅从AS2接受来自AS2客户的路由,则必须调整AS1的aut num对象以适应AS2的新客户。
By using the RPSL "as-set" object, we can simplify this significantly. In Figure 5, we describe the customers of AS2. Having this set to work with, we can now rewrite the policies in Figure 2 as shown in Figure 6.
通过使用RPSL“as set”对象,我们可以大大简化这一过程。在图5中,我们描述了AS2的客户。有了这个集合,我们现在可以重写图2中的策略,如图6所示。
as-set: AS2:AS-CUSTOMERS
members: AS3 AS4
changed: orange@ripe.net
source: RIPE
as-set: AS2:AS-CUSTOMERS
members: AS3 AS4
changed: orange@ripe.net
source: RIPE
Figure 5: The as-set object
图5:as set对象
import: from AS1 accept ANY
import: from AS2:AS-CUSTOMERS accept <^AS2:AS-CUSTOMERS+$>
export: to AS2:AS-CUSTOMERS announce ANY
export: to AS1 announce AS2 AS2:AS-CUSTOMERS
import: from AS1 accept ANY
import: from AS2:AS-CUSTOMERS accept <^AS2:AS-CUSTOMERS+$>
export: to AS2:AS-CUSTOMERS announce ANY
export: to AS1 announce AS2 AS2:AS-CUSTOMERS
Figure 6: Policy in the AS2 aut-num object for all AS2 customers
图6:AS2 aut num对象中针对所有AS2客户的策略
Note that if the aut-num object for AS1 contains the line:
请注意,如果AS1的aut num对象包含以下行:
import: from AS2 accept <^AS2+ AS2:AS-CUSTOMERS*$>
import: from AS2 accept <^AS2+ AS2:AS-CUSTOMERS*$>
then no changes will need to be made to the aut-num objects for AS1 or AS2 as the AS2 customer base grows. The AS numbers for new customers can simply be added to the as-set AS2:AS-CUSTOMERS, and everything will work as for the existing customers. Clearly in terms of readability, scalability and maintainability, this is a far better mechanism when compared to adding policy for the customer AS's to the aut-num objects directly. The policy in this particular example states that AS1 will accept route announcements from AS2 in which the first element of the path is AS2, followed by more occurrences of
然后,随着AS2客户群的增长,无需对AS1或AS2的aut num对象进行任何更改。新客户的AS编号可以简单地添加到AS集合AS2:AS-customers中,所有内容都将与现有客户一样工作。显然,就可读性、可伸缩性和可维护性而言,与直接向aut num对象添加客户AS策略相比,这是一种更好的机制。此特定示例中的策略声明AS1将接受来自AS2的路由通知,其中路径的第一个元素是AS2,然后是更多的
AS2, and then 0 or more occurrences of any AS2 customer (e.g. any member of the as-set AS2:AS-CUSTOMERS).
AS2,然后任何AS2客户(例如as集合AS2的任何成员:as-CUSTOMERS)出现0次或更多次。
Alternatively, one may wish to limit the routes one accepts from a peer, especially if the peer is a customer. This is recommended for several reasons, such as preventing the improper use of unassigned address space, and of course malicious use of another organization's address space.
或者,可能希望限制从对等方接受的路由,特别是如果对等方是客户。建议这样做有几个原因,例如防止不正确使用未分配的地址空间,当然还有恶意使用其他组织的地址空间。
Such filtering can be expressed in various ways in RPSL. Suppose the address space 7.7.0.0/16 has been allocated to the ISP managing AS3 for assignment to its customers. AS3 may want to announce part or all of this block on the global Internet. Suppose AS2 wants to be certain that it only accepts announcements from AS3 for address space that has been properly allocated to AS3. AS2 might then modify the AS3 import line in Figure 2 to read:
这种过滤可以在RPSL中以各种方式表示。假设地址空间7.7.0.0/16已分配给管理AS3的ISP,以分配给其客户。AS3可能希望在全球互联网上公布部分或全部该区块。假设AS2想要确定它只接受来自AS3的关于地址空间的通知,地址空间已经被正确地分配给AS3。AS2随后可能会将图2中的AS3导入行修改为:
import: from AS3 accept { 7.7.0.0/16^16-19 }
import: from AS3 accept { 7.7.0.0/16^16-19 }
which states that route announcements for this address block will be accepted from AS3 if they are of length upto /19. This of course will have to be modified if and when AS3 gets more address space. Moreover, it is again clear that for an ISP with a growing or changing customer base, this mechanism will not scale well.
其中规定,如果此地址块的路由公告长度不超过/19,则将从AS3接受。当然,如果AS3获得更多的地址空间,则必须对其进行修改。此外,很明显,对于客户群不断增长或不断变化的ISP来说,这种机制无法很好地扩展。
route-set: AS2:RS-ROUTES:AS3
members: 7.7.0.0/16^16-19
changed: orange@ripe.net
source: RIPE
route-set: AS2:RS-ROUTES:AS3
members: 7.7.0.0/16^16-19
changed: orange@ripe.net
source: RIPE
Figure 7: The route-set object
图7:route set对象
Luckily RPSL supports the notion of a "route-set" which, as shown in Figure 7, can be used to specify the set of routes that will be accepted from a given customer. Given this set (and a similar one for AS4), the manager of AS2 can now filter on the address space that will be accepted from their customers by modifying the import lines in the AS2 aut-num object as shown in Figure 8.
幸运的是,RPSL支持“路由集”的概念,如图7所示,可用于指定将从给定客户处接受的路由集。给定此集合(以及AS4的类似集合),AS2的管理器现在可以通过修改AS2 aut num对象中的导入行来过滤将从客户处接受的地址空间,如图8所示。
import: from AS1 accept ANY
import: from AS3 accept AS2:RS-ROUTES:AS3
import: from AS4 accept AS2:RS-ROUTES:AS4
export: to AS2:AS-CUSTOMERS announce ANY
export: to AS1 announce AS2 AS2:AS-CUSTOMERS
import: from AS1 accept ANY
import: from AS3 accept AS2:RS-ROUTES:AS3
import: from AS4 accept AS2:RS-ROUTES:AS4
export: to AS2:AS-CUSTOMERS announce ANY
export: to AS1 announce AS2 AS2:AS-CUSTOMERS
Figure 8: Policy in the AS2 aut-num object for address based filtering on AS2 customers
图8:AS2 aut num对象中用于基于AS2客户的地址筛选的策略
Note that this is now only slightly more complex than the example in Figure 6. Furthermore, nothing need be changed in the AS2 aut-num object due to address space changes for a customer, and this filtering can be supported without any changes to the AS1 aut-num object. The additional complexity is due to the two route set names being different, otherwise we could have combined the two import statements into one. Please note that the set names are constructed hierarchically. The first AS number denotes whose sets these are, and the last AS number parameterize these sets for each peer. RPSL allows the peer's AS number to be replaced by the keyword PeerAS.
请注意,这现在只比图6中的示例稍微复杂一些。此外,由于客户的地址空间更改,AS2 aut num对象中不需要更改任何内容,并且可以在不更改AS1 aut num对象的情况下支持此筛选。额外的复杂性是由于两个路由集名称不同,否则我们可以将两个import语句组合成一个。请注意,集合名称是按层次结构构造的。第一个AS编号表示这些是谁的集合,最后一个AS编号为每个对等点参数化这些集合。RPSL允许将对等方的AS编号替换为关键字PeerAS。
Hence,
因此
import: from AS3 accept AS2:RS-ROUTES:PeerAS
import: from AS4 accept AS2:RS-ROUTES:PeerAS
import: from AS3 accept AS2:RS-ROUTES:PeerAS
import: from AS4 accept AS2:RS-ROUTES:PeerAS
has the same meaning as the corresponding import statements in Figure 6. This lets us combine the two import statements into one as shown in Figure 9.
与图6中相应的导入语句具有相同的含义。这使我们能够将两个import语句合并为一个,如图9所示。
import: from AS1 accept ANY
import: from AS2:AS-CUSTOMERS accept AS2:RS-ROUTES:PeerAS
export: to AS2:AS-CUSTOMERS announce ANY
export: to AS1 announce AS2 AS2:AS-CUSTOMERS
import: from AS1 accept ANY
import: from AS2:AS-CUSTOMERS accept AS2:RS-ROUTES:PeerAS
export: to AS2:AS-CUSTOMERS announce ANY
export: to AS1 announce AS2 AS2:AS-CUSTOMERS
Figure 9: Policy in the AS2 aut-num object using PeerAS
图9:使用PeerAS的AS2 aut num对象中的策略
In the above examples peerings were only given among ASes. However, the peerings may be described in much more detail by RPSL, where peerings can be specified between physical routers using IP addresses in the import and export attributes. Figure 10 shows a simple example in which AS1 and AS2 are connected to an exchange point IX. While AS1 has only one connection to the exchange point via a router interface with IP address 7.7.7.1, AS2 has two different connections with IP address 7.7.7.2 and 7.7.7.3. The first AS may then define its routing policy in more detail by specifying its boundary router.
在上述示例中,仅在ASE之间给出了对等。然而,RPSL可以更详细地描述对等,其中可以使用导入和导出属性中的IP地址在物理路由器之间指定对等。图10显示了一个简单的示例,其中AS1和AS2连接到交换点IX。虽然AS1只有一个通过IP地址为7.7.7.1的路由器接口连接到交换点,但AS2有两个IP地址为7.7.7.2和7.7.7.3的不同连接。第一个AS可以通过指定其边界路由器来更详细地定义其路由策略。
+--------------------+ +--------------------+
| 7.7.7.1 |-----+ +-----| 7.7.7.2 |
| | | | | |
| AS1 | ======== | AS2 |
| | IX | | |
| | +-----| 7.7.7.3 |
+--------------------+ +--------------------+
+--------------------+ +--------------------+
| 7.7.7.1 |-----+ +-----| 7.7.7.2 |
| | | | | |
| AS1 | ======== | AS2 |
| | IX | | |
| | +-----| 7.7.7.3 |
+--------------------+ +--------------------+
Figure 10: Including interfaces in peerings definitions
图10:在对等定义中包括接口
aut-num: AS1
import: from AS2 at 7.7.7.1 accept <^AS2+$>
aut-num: AS1
import: from AS2 at 7.7.7.1 accept <^AS2+$>
Because AS1 has only one connection to the exchange point in this example, this specification does not differ from that in which no boundary router is specified. However, AS1 might want to choose to accept only those announcements from AS2 which come from the router with IP address 7.7.7.2 and disregard those announcements from router 7.7.7.3. AS1 can specify this routing policy as follows:
因为在本例中AS1只有一个到交换点的连接,所以本规范与未指定边界路由器的规范没有区别。但是,AS1可能希望只接受来自IP地址为7.7.7.2的路由器的来自AS2的公告,而忽略来自路由器7.7.7.3的公告。AS1可以按如下方式指定此路由策略:
aut-num: AS1
import: from AS2 7.7.7.2 at 7.7.7.1 accept <^AS2+$>
aut-num: AS1
import: from AS2 7.7.7.2 at 7.7.7.1 accept <^AS2+$>
By selecting certain pairs of routers in a peering specification, others can be denied. If no routers are included in a policy clause then it is assumed that the policy applies to all peerings among the ASes involved.
通过在对等规范中选择某些路由器对,其他路由器可以被拒绝。如果策略子句中不包括路由器,则假定该策略适用于所涉及的ASE之间的所有对等。
The specification of peerings among ASes is not limited to one router for each AS. In figure 10 one of the two connections of AS2 to the exchange point IX might be used as backup in case the other connection fails. Let us assume that AS1 wants to use the connection to router 7.7.7.2 of AS2 during regular operations, and router 7.7.7.3 as backup. In a router configuration this may be done by setting a local preference. The equivalent in RPSL is a corresponding action definition in the peering description. The action definitions are inserted directly before the accept keyword.
ASE之间的对等规范不限于每个AS一个路由器。在图10中,AS2到交换点IX的两个连接中的一个可以用作备份,以防另一个连接失败。假设AS1希望在常规操作期间使用到AS2路由器7.7.7.2的连接,并将路由器7.7.7.3用作备份。在路由器配置中,这可以通过设置本地首选项来完成。RPSL中的等效项是对等描述中相应的动作定义。操作定义直接插入到accept关键字之前。
aut-num: AS1
import: from AS2 7.7.7.2 at 7.7.7.1 action pref=10;
from AS2 7.7.7.3 at 7.7.7.1 action pref=20;
accept <^AS2+$>
aut-num: AS1
import: from AS2 7.7.7.2 at 7.7.7.1 action pref=10;
from AS2 7.7.7.3 at 7.7.7.1 action pref=20;
accept <^AS2+$>
pref is opposite to local-pref in that the smaller values are preferred over larger values. Actions may also be defined without specifying IP addresses of routers. If no routers are included in the policy clause then it is assumed that the actions are carried out for all peerings among the ASes involved.
pref与local pref相反,因为较小的值优先于较大的值。也可以在不指定路由器IP地址的情况下定义操作。如果策略条款中未包含路由器,则假定对所涉及的ASE之间的所有对等执行操作。
In the previous example AS1 controls where it sends its traffic and which connection is used as backup. However, AS2 may also define a backup connection in an export clause:
在上一个示例中,AS1控制它将流量发送到何处以及将哪个连接用作备份。但是,AS2也可以在export子句中定义备份连接:
aut-num: AS2
export: to AS1 7.7.7.1 at 7.7.7.2 action med=10;
to AS1 7.7.7.1 at 7.7.7.3 action med=20;
announce <^AS2+$>
aut-num: AS2
export: to AS1 7.7.7.1 at 7.7.7.2 action med=10;
to AS1 7.7.7.1 at 7.7.7.3 action med=20;
announce <^AS2+$>
The definition given here for AS2 is the symmetric counterpart to the routing policy of AS1. The selection of routing information is done by setting the multi exit discriminator metric med. Actually, med metrics will not be used in practice like this; they are more suitable for load balancing including backups. For more details on med metrics refer to the BGP-4 RFC [7]. To use the med to achieve load balancing, one often sets it to the "IGP metric". This is specified in RPSL as:
这里给出的AS2的定义与AS1的路由策略是对称的。路由信息的选择通过设置多出口鉴别器度量med来完成。事实上,med指标不会在这样的实践中使用;它们更适合于负载平衡,包括备份。有关med指标的更多详细信息,请参阅BGP-4 RFC[7]。要使用med实现负载平衡,通常需要将其设置为“IGP度量”。这在RPSL中指定为:
aut-num: AS2
export: to AS1 action med=igp_cost; announce <^AS2+$>
aut-num: AS2
export: to AS1 action med=igp_cost; announce <^AS2+$>
Hence, both routers will set the med to the IGP metric at that router, causing some routes to be preferred at one of the routers and other routes at the other router.
因此,两个路由器都会将med设置为该路由器的IGP度量,从而使某些路由在其中一个路由器上成为首选,而其他路由在另一个路由器上成为首选。
RFC 1998 [9] describes the use of the BGP community attribute to provide support for load balancing and backup connections of multi-homed autonomous systems. In this section, we use stepwise refinement of an example to illustrate how those policies might be specified using RPSL.
RFC 1998[9]描述了使用BGP community属性来支持多宿自治系统的负载平衡和备份连接。在本节中,我们使用一个示例的逐步细化来说明如何使用RPSL指定这些策略。
The basic premise of RFC 1998 is to use the BGP community attribute to allow a customer to configure the BGP "LOCAL_PREF" on a provider's routers. This will allow the customer to influence the provider's route selection, normally by lowering the BGP "LOCAL_PREF" to indicate backup arrangements.
RFC 1998的基本前提是使用BGP community属性允许客户在提供商的路由器上配置BGP“LOCAL_PREF”。这将允许客户影响提供商的路由选择,通常通过降低BGP“LOCAL_PREF”来指示备份安排。
In this example, we illustrate how AS1 (the provider) might specify their policy so that a customer (AS4) connected to two of AS1's direct customers (AS2 and AS3) might signal to AS1 which connection is to be preferred.
在本例中,我们说明了AS1(提供商)如何指定其策略,以便连接到AS1的两个直接客户(AS2和AS3)的客户(AS4)可以向AS1发送信号,告知首选哪种连接。
AS1's base policy is to only accept routes from customers that are originated by the customer, or by the customer's customers. This leads to a policy such as:
AS1的基本策略是只接受来自客户或客户的客户发起的路线。这导致了一项政策,如:
aut-num: AS1
import: from AS2
accept (AS2 OR AS4) AND <^AS2+ AS4*$>
import: from AS3
accept (AS3 OR AS4) AND <^AS3+ AS4*$>
import: from AS5
accept AS5 AND <^AS5+$>
aut-num: AS1
import: from AS2
accept (AS2 OR AS4) AND <^AS2+ AS4*$>
import: from AS3
accept (AS3 OR AS4) AND <^AS3+ AS4*$>
import: from AS5
accept AS5 AND <^AS5+$>
Note that AS4 is a customer of AS2 and AS3, and AS5 does not have its own customers.
请注意,AS4是AS2和AS3的客户,而AS5没有自己的客户。
Now suppose we want to add some policy to describe that if a customer tags a route with community 1:1 then AS1 will act on this to reduce the BGP "LOCAL_PREF" by 10.
现在假设我们想添加一些策略来描述,如果客户将路线标记为社区1:1,那么AS1将对此采取行动,将BGP“LOCAL_PREF”减少10。
aut-num: AS1
import: from AS2
action pref=10;
accept (AS2 OR AS4) AND <^AS2+ AS4*$>
AND community.contains(1:1)
import: from AS2
action pref=0;
accept (AS2 OR AS4) AND <^AS2+ AS4*$>
import: from AS3
action pref=10;
accept (AS3 OR AS4) AND <^AS3+ AS4*$>
AND community.contains(1:1)
import: from AS3
action pref=0;
accept (AS3 OR AS4) AND <^AS3+ AS4*$>
import: from AS5
action pref=10;
accept AS5 AND <^AS5+$> AND community.contains(1:1)
import: from AS5
action pref=0;
accept AS5 AND <^AS5+$>
aut-num: AS1
import: from AS2
action pref=10;
accept (AS2 OR AS4) AND <^AS2+ AS4*$>
AND community.contains(1:1)
import: from AS2
action pref=0;
accept (AS2 OR AS4) AND <^AS2+ AS4*$>
import: from AS3
action pref=10;
accept (AS3 OR AS4) AND <^AS3+ AS4*$>
AND community.contains(1:1)
import: from AS3
action pref=0;
accept (AS3 OR AS4) AND <^AS3+ AS4*$>
import: from AS5
action pref=10;
accept AS5 AND <^AS5+$> AND community.contains(1:1)
import: from AS5
action pref=0;
accept AS5 AND <^AS5+$>
We can see here that basically we are adding identical statements for each peering to the policy. This is the ideal candidate for RPSL's refine statement. This will make the policy more concise and avoid some of the potential for errors as more peering statements are added in the future:
我们可以在这里看到,基本上我们为策略的每个对等添加了相同的语句。这是RPSL的refine语句的理想候选者。这将使策略更加简洁,并避免将来添加更多对等语句时可能出现的一些错误:
aut-num: AS1
import: {
from AS-ANY
action pref=10;
accept community.contains(1:1);
from AS-ANY
action pref=0;
accept ANY;
} refine {
from AS2 accept (AS2 OR AS4) AND <^AS2+ AS4*$>;
from AS3 accept (AS3 OR AS4) AND <^AS3+ AS4*$>;
from AS5 accept AS5 AND <^AS5+$>;
}
aut-num: AS1
import: {
from AS-ANY
action pref=10;
accept community.contains(1:1);
from AS-ANY
action pref=0;
accept ANY;
} refine {
from AS2 accept (AS2 OR AS4) AND <^AS2+ AS4*$>;
from AS3 accept (AS3 OR AS4) AND <^AS3+ AS4*$>;
from AS5 accept AS5 AND <^AS5+$>;
}
Now, we can clearly see that any route that has been accepted from a customer that contains the community 1:1 will have it's local preference value reduced by 10.
现在,我们可以清楚地看到,任何从包含社区1:1的客户处接受的路线,其本地偏好值将减少10。
The refinement has cleaned up some of the policy but we still have a large number of individual policies representing the same basic provider policy "from the customer, accept customer routes". These can be simplified by using AS sets.
改进已经清理了一些策略,但我们仍然有大量单独的策略表示相同的基本提供者策略“来自客户,接受客户路由”。这些可以通过使用AS集合来简化。
First, we will collect together all of AS1's customers into a single AS set, AS1:AS-CUSTOMERS. We use a hierarchical set name that start with AS1 to avoid possible set name clashes in IRR with other ASes:
首先,我们将把AS1的所有客户收集到一个单独的AS集合中,AS1:AS-customers。我们使用以AS1开头的分层集合名称,以避免IRR中可能出现的集合名称与其他ASE冲突:
as-set: AS1:AS-CUSTOMERS members: AS2, AS3, AS5
设置:AS1:as-客户成员:AS2、AS3、AS5
We also define one set for each customer which lists the AS numbers of any of their customers.
我们还为每个客户定义了一个集合,其中列出了任何客户的AS编号。
as-set: AS1:AS-CUSTOMERS:AS2
members: AS4
as-set: AS1:AS-CUSTOMERS:AS2
members: AS4
as-set: AS1:AS-CUSTOMERS:AS3
members: AS4
as-set: AS1:AS-CUSTOMERS:AS3
members: AS4
as-set: AS1:AS-CUSTOMERS:AS5
members: # AS5 has no customers yet, so keep blank for now
as-set: AS1:AS-CUSTOMERS:AS5
members: # AS5 has no customers yet, so keep blank for now
We can now use the keyword PeerAS with these AS sets to simplify the policy further:
现在,我们可以将关键字PeerAS与这些AS集合一起使用,以进一步简化策略:
aut-num: AS1
import: {
from AS-ANY
action pref=10;
accept community.contains(1:1);
from AS-ANY
action pref=0;
accept ANY;
} refine {
from AS1:AS-CUSTOMERS
accept (PeerAS OR AS1:AS-CUSTOMER:PeerAS)
AND <^PeerAS+ AS1:AS-CUSTOMER:PeerAS*$>
}
aut-num: AS1
import: {
from AS-ANY
action pref=10;
accept community.contains(1:1);
from AS-ANY
action pref=0;
accept ANY;
} refine {
from AS1:AS-CUSTOMERS
accept (PeerAS OR AS1:AS-CUSTOMER:PeerAS)
AND <^PeerAS+ AS1:AS-CUSTOMER:PeerAS*$>
}
The use of PeerAS with AS1:AS-CUSTOMERS is basically equivalent to looping over the members of AS1:AS-CUSTOMERS, expanding the policy by replacing PeerAS with a member from the set AS1:AS-CUSTOMERS.
将PeerAS与AS1:AS-CUSTOMERS一起使用基本上等同于在AS1:AS-CUSTOMERS的成员之间循环,通过将PeerAS替换为AS1:AS-CUSTOMERS集中的成员来扩展策略。
To illustrate how this policy might be utilised by AS4, we present the following policy fragment:
为了说明AS4如何使用该政策,我们提供了以下政策片段:
aut-num: AS4 export: to AS2 action community.append(1:1); announce AS1 export: to AS3 announce AS1
aut num:AS4导出:到AS2操作社区。追加(1:1);宣布AS1导出:到AS3宣布AS1
Here, AS4 is signalling AS1 to prefer the routes from AS3.
这里,AS4向AS1发送信号,以选择来自AS3的路由。
3 Tools
3工具
In this section, we briefly introduce a number of tools which can be used to inspect data in the database, to determine optimal routing policies, and enter new data.
在本节中,我们将简要介绍一些可用于检查数据库中的数据、确定最佳路由策略和输入新数据的工具。
All the examples shown in the previous sections may well be edited by hand. They may be extracted one by one from the IRR using the whois program, edited, and then handed back to the registry robots. However, again the RAToolSet [6] provides a very nice tool which makes working with aut-num objects much easier: the aut-num object editor aoe.
前几节中显示的所有示例都可以手工编辑。它们可以使用whois程序从IRR中逐个提取、编辑,然后交回注册机构。然而,RAToolSet[6]再次提供了一个非常好的工具,使使用aut num对象变得更加容易:aut num对象编辑器aoe。
The aut-num object editor has a graphical user interface to view and manipulate aut-num objects registered at any IRR. New aut-num objects may be generated using templates and submitted to the registries.
aut num对象编辑器具有图形用户界面,用于查看和操作在任何IRR注册的aut num对象。新的aut num对象可以使用模板生成并提交到注册表。
Moreover, the routing policy from the databases may be compared to real life peerings. Therefore, aoe is highly recommended as an interface to the IRR for aut-num objects. Further information on aoe is available together with the RAToolSet [6].
此外,来自数据库的路由策略可以与现实生活中的对等进行比较。因此,强烈建议将aoe作为aut num对象的IRR接口。有关aoe的更多信息,请参见RAToolSet[6]。
RtConfig is a tool developed by the Routing Arbiter project [8] to generate vendor specific router configurations from the policy data held in the various IRRs. RtConfig currently supports Cisco, gated and RSd configuration formats. It has been publicly available since late 1994, and is currently being used by many sites for router configuration. The next section describes a methodology for generating vendor specific router configurations using RtConfig (2).
RtConfig是路由仲裁者项目[8]开发的一个工具,用于从各种IRR中保存的策略数据生成特定于供应商的路由器配置。RtConfig目前支持Cisco、门控和RSd配置格式。自1994年底以来,它已公开提供,目前被许多站点用于路由器配置。下一节介绍使用RtConfig(2)生成特定于供应商的路由器配置的方法。
The general paradigm for using RtConfig involves registering policy in an IRR, building a RtConfig source file, then running running RtConfig against the source file and the IRR database to create vendor specific router configuration for the specified policy. The source file will contain vendor specific commands as well as RtConfig commands. To make a source file, pick up one of your router configuration files and replace the vendor specific policy configuration commands with the RtConfig commands.
使用RtConfig的一般范例包括在IRR中注册策略、构建RtConfig源文件,然后针对源文件和IRR数据库运行RtConfig,以为指定策略创建特定于供应商的路由器配置。源文件将包含特定于供应商的命令以及RtConfig命令。要生成源文件,请选择一个路由器配置文件,并将特定于供应商的策略配置命令替换为RtConfig命令。
Commands beginning with @RtConfig instruct RtConfig to perform special operations. An example source file is shown in Figure 11. In this example, commands such as "@RtConfig import AS3582 198.32.162.1 AS3701 198.32.162.2" instruct RtConfig to generate vendor specific import policies where the router 198.32.162.1 in AS3582 is importing routes from router 198.32.162.2 in AS3701. The other @RtConfig commands instruct the RtConfig to use certain names and numbers in the output that it generates (please refer to RtConfig manual [8] for additional information).
以@RtConfig开头的命令指示RtConfig执行特殊操作。图11显示了一个示例源文件。在此示例中,诸如“@RtConfig import AS3582 198.32.162.1 AS3701 198.32.162.2”等命令指示RtConfig生成特定于供应商的导入策略,其中AS3582中的路由器198.32.162.1正在从AS3701中的路由器198.32.162.2导入路由。其他@RtConfig命令指示RtConfig在其生成的输出中使用某些名称和数字(有关更多信息,请参阅RtConfig手册[8])。
Once a source file is created, the file is processed by RtConfig (the default IRR is the RADB, and the default vendor is Cisco; however, command line options can be used to override these values). The result of running RtConfig on the source file in Figure 11 is shown in Figure 19 in Appendix B.
创建源文件后,RtConfig将处理该文件(默认IRR为RADB,默认供应商为Cisco;但是,可以使用命令行选项覆盖这些值)。在图11中的源文件上运行RtConfig的结果如附录B中的图19所示。
router bgp 3582
network 128.223.0.0
!
! Start with access-list 100
!
@RtConfig set cisco_access_list_no = 100
!
! NERO
neighbor 198.32.162.2 remote-as 3701
@RtConfig set cisco_map_name = "AS3701-EXPORT"
@RtConfig export AS3582 198.32.162.1 AS3701 198.32.162.2
@RtConfig set cisco_map_name = "AS3701-IMPORT"
@RtConfig import AS3582 198.32.162.1 AS3701 198.32.162.2
!
! WNA/VERIO
neighbor 198.32.162.6 remote-as 2914
@RtConfig set cisco_map_name = "AS2914-EXPORT"
@RtConfig export AS3582 198.32.162.1 AS2914 198.32.162.6
@RtConfig set cisco_map_name = "AS2914-IMPORT"
@RtConfig import AS3582 198.32.162.1 AS2914 198.32.162.6
router bgp 3582
network 128.223.0.0
!
! Start with access-list 100
!
@RtConfig set cisco_access_list_no = 100
!
! NERO
neighbor 198.32.162.2 remote-as 3701
@RtConfig set cisco_map_name = "AS3701-EXPORT"
@RtConfig export AS3582 198.32.162.1 AS3701 198.32.162.2
@RtConfig set cisco_map_name = "AS3701-IMPORT"
@RtConfig import AS3582 198.32.162.1 AS3701 198.32.162.2
!
! WNA/VERIO
neighbor 198.32.162.6 remote-as 2914
@RtConfig set cisco_map_name = "AS2914-EXPORT"
@RtConfig export AS3582 198.32.162.1 AS2914 198.32.162.6
@RtConfig set cisco_map_name = "AS2914-IMPORT"
@RtConfig import AS3582 198.32.162.1 AS2914 198.32.162.6
Figure 11: RtConfig Template File
图11:RtConfig模板文件
A RPSL Database Objects
一个RPSL数据库对象
In this appendix, we introduce the RPSL objects required to implement many typical Internet routing policies. RFC-2622 and RIPE-157 provide the authoritative description for these objects and for the RPSL syntax, but this appendix will often be sufficient in practice.
在本附录中,我们将介绍实现许多典型Internet路由策略所需的RPSL对象。RFC-2622和RIME-157为这些对象和RPSL语法提供了权威性描述,但本附录在实践中通常足够了。
The frequently needed objects are:
经常需要的对象是:
o maintainer objects (mntner)
o 维护者对象(mntner)
o autonomous system number objects (aut-num)
o 自治系统编号对象(aut num)
o route objects (route)
o 管线对象(管线)
o set objects (as-set, route-set)
o 设置对象(设置为、管线集)
and they are described in the following sections. To make your routing policies and configuration public, these objects should be registered in exactly one of the IRR registries.
以下各节将对其进行描述。要使您的路由策略和配置公开,这些对象应该恰好在一个IRR注册表中注册。
In general, you can register your information by sending the appropriate objects to an email address for the registry you use. The email should consist of the objects you want to have registered or modified, separated by empty lines, and preceded by some kind of authentication details (see below). The registry robot processes your mail and enters new objects into the database, deletes old ones (upon request), or makes the requested modifications.
通常,您可以通过将适当的对象发送到您使用的注册表的电子邮件地址来注册信息。电子邮件应该由您想要注册或修改的对象组成,以空行分隔,前面有某种身份验证详细信息(见下文)。registry robot处理您的邮件并将新对象输入数据库,删除旧对象(根据请求),或进行请求的修改。
You will receive a response indicating the status of your submission. As the emails are handled automatically, the response is generally very fast. However, it should be remembered that a significant number of updates are also sometimes submitted to the database (by other robots), so the response time cannot be guaranteed. The email addresses for submitting objects to the existing registries are listed in Figure 12.
您将收到一个响应,指示提交的状态。由于电子邮件是自动处理的,因此响应通常非常快。但是,应该记住,大量更新有时也会(由其他机器人)提交到数据库,因此无法保证响应时间。图12列出了向现有注册中心提交对象的电子邮件地址。
ANS auto-dbm@ans.net CANET auto-dbm@canet.net CW auto-rr@cw.net RADB auto-dbm@ra.net RIPE auto-dbm@ripe.net
自动导航系统-dbm@ans.net卡内特汽车公司-dbm@canet.netCW自动-rr@cw.netRADB汽车-dbm@ra.net成熟的汽车-dbm@ripe.net
Figure 12: Email addresses to register policy objects in IRR.
图12:在IRR中注册策略对象的电子邮件地址。
Because it is required that a maintainer be specified in many of the database objects, a mntner is usually the first to be created. To have it properly authenticated, a mntner object is added manually by registry staff. Thereafter, all database submissions, deletions and modifications should be done through the registry robot.
因为需要在许多数据库对象中指定维护者,所以通常首先创建mntner。为了对其进行正确的身份验证,注册表人员会手动添加一个mntner对象。此后,所有数据库提交、删除和修改都应通过注册表机器人完成。
Each of the registries can provide additional information and support for users. For the public registries this support is available from the email addresses listed in Figure 13.
每个登记处都可以为用户提供额外的信息和支持。对于公共注册中心,可以从图13中列出的电子邮件地址获得此支持。
RADB db-admin@ra.net RIPE ripe-dbm@ripe.net
雷达分贝-admin@ra.net熟透-dbm@ripe.net
Figure 13: Support email addresses.
图13:支持电子邮件地址。
If you are using one of the private registries, your service provider should be able to address your questions.
如果您正在使用其中一个私有注册中心,您的服务提供商应该能够解决您的问题。
The maintainer object is used to introduce some kind of authorization for registrations. It lists various contact persons and describes security mechanisms that will be applied when updating objects in the IRR. Registering a mntner object is the first step in creating policies for an AS. An example is shown in Figure 14. The maintainer is called MAINT-AS3701. The contact person here is the same for administrative (admin-c) and technical (tech-c) issues and is referenced by the NIC-handle DMM65. NIC-handles are unique identifiers for persons in registries. Refer to registry documentation for further details on person objects and usage of NIC-handles.
maintainer对象用于引入某种注册授权。它列出了各种联系人,并描述了在更新IRR中的对象时将应用的安全机制。注册mntner对象是为AS创建策略的第一步。图14显示了一个示例。维护人员称为MAINT-AS3701。此处的联系人与管理(admin-c)和技术(tech-c)问题的联系人相同,由NIC句柄DMM65引用。NIC句柄是注册表中人员的唯一标识符。有关person对象和NIC句柄用法的更多详细信息,请参阅注册表文档。
The example shows two authentication mechanisms: CRYPT-PW and MAIL-FROM. CRYPT-PW takes as its argument a password that is encrypted with Unix crypt (3) routine. When sending updates, the maintainer adds the field password: <cleartext password> to the beginning of any requests that are to be authenticated. MAIL-FROM takes an argument that is a regular expression which covers a set of mail addresses. Only users with any of these mail addresses are authorized to work with objects secured by the corresponding maintainer (3).
该示例显示了两种身份验证机制:CRYPT-PW和MAIL-FROM。CRYPT-PW将使用Unix CRYPT(3)例程加密的密码作为其参数。发送更新时,维护人员将字段密码:<cleartext password>添加到任何要进行身份验证的请求的开头。MAIL-FROM接受一个参数,该参数是一个包含一组邮件地址的正则表达式。只有拥有这些邮件地址的用户才有权使用由相应的维护人员(3)保护的对象。
The security mechanisms of the mntner object will only be applied on those objects referencing a specific mntner object. The reference is done by adding the attribute mnt-by to an object using the name of the mntner object as its value. In Figure 14, the maintainer MAINT-AS3701 is maintained by itself.
mntner对象的安全机制将仅应用于引用特定mntner对象的那些对象。通过使用mntner对象的名称作为其值,将属性mnt by添加到对象来完成引用。在图14中,维护人员MAINT-AS3701自行维护。
mntner: MAINT-AS3701
descr: Network for Research and Engineering in Oregon
remark: Internal Backbone
admin-c: DMM65
tech-c: DMM65
upd-to: noc@nero.net
auth: CRYPT-PW 949WK1mirBy6c
auth: MAIL-FROM .*@nero.net
notify: noc@nero.net
mnt-by: MAINT-AS3701
changed: meyer@antc.uoregon.edu 970318
source: RADB
mntner: MAINT-AS3701
descr: Network for Research and Engineering in Oregon
remark: Internal Backbone
admin-c: DMM65
tech-c: DMM65
upd-to: noc@nero.net
auth: CRYPT-PW 949WK1mirBy6c
auth: MAIL-FROM .*@nero.net
notify: noc@nero.net
mnt-by: MAINT-AS3701
changed: meyer@antc.uoregon.edu 970318
source: RADB
Figure 14: Maintainer Object
图14:维护者对象
The autonomous system object describes the import and export policies of an AS. Each organization registers an autonomous system object (aut-num) in the IRR for its AS. Figure 15 shows the aut-num for AS3582 (UONET).
自治系统对象描述AS的导入和导出策略。每个组织在IRR中为其AS注册一个自治系统对象(aut num)。图15显示了AS3582(UONET)的aut编号。
The autonomous system object lists contacts (admin-c, tech-c) and is maintained by (mnt-by) MAINT-AS3701 which is the maintainer displayed in Figure 14.
自治系统对象列出了联系人(admin-c、tech-c),并由(mnt by)MAINT-AS3701维护,MAINT-AS3701是图14所示的维护者。
The most important attributes of the aut-num object are import and export. The import clause of an aut-num specifies import policies, while the export clause specifies export policies. The corresponding clauses allow a very detailed description of the routing policy of the AS specified. The details are given in section 2.
aut num对象最重要的属性是导入和导出。aut num的import子句指定导入策略,而export子句指定导出策略。相应的条款允许非常详细地描述指定的路由策略。详情见第2节。
With these clauses, an aut-num object shows its relationship to other autonomous systems by describing its peerings. In addition, it also defines a routing entity comprising a group of IP networks which are handled according to the rules defined in the aut-num object. Therefore, it is closely linked to route objects.
使用这些子句,aut num对象通过描述其对等对象来显示其与其他自治系统的关系。此外,它还定义了一个路由实体,该实体包括一组IP网络,这些网络根据aut num对象中定义的规则进行处理。因此,它与管线对象紧密相连。
In this example, AS3582 imports all routes from AS3701 by using the keyword ANY. AS3582 imports only internal routes from AS4222, AS5650, and AS1798. The import policy for for AS2914 is slightly more complex. Since AS2914 provides transit to various other ASes, AS3582 accepts routes with ASPATHs that begin with AS2194 followed by members of AS-WNA, which is an as set (see section A.4.1 below) describing those customers that transit AS2914.
在本例中,AS3582使用关键字ANY从AS3701导入所有路由。AS3582仅从AS4222、AS5650和AS1798导入内部路由。AS2914的进口政策稍微复杂一些。由于AS2914提供了到各种其他ASE的中转,AS3582接受以AS2194开始的ASPATH路线,然后是AS-WNA的成员,这是一个AS集合(见下文A.4.1节),描述了那些中转AS2914的客户。
Since AS3582 is a multi-homed stub AS (i.e., it does not provide transit), its export policy consists simply of "announce AS3582" clauses; that is, announce internal routes of AS3582. These routes are those in route objects where the origin attribute is AS3582.
由于AS3582是一个多宿存根AS(即,它不提供过境),其出口政策仅包括“宣布AS3582”条款;也就是说,宣布AS3582的内部路线。这些管线是“原点”属性为AS3582的管线对象中的管线。
aut-num: AS3582
as-name: UONET
descr: University of Oregon, Eugene OR
import: from AS3701 accept ANY
import: from AS4222 accept <^AS4222+$>
import: from AS5650 accept <^AS5650+$>
import: from AS2914 accept <^AS2914+ (AS-WNA)*$>
import: from AS1798 accept <^AS1798+$>
export: to AS3701 announce AS3582
export: to AS4222 announce AS3582
export: to AS5650 announce AS3582
export: to AS2914 announce AS3582
export: to AS1798 announce AS3582
admin-c: DMM65
tech-c: DMM65
notify: nethelp@ns.uoregon.edu
mnt-by: MAINT-AS3582
changed: meyer@antc.uoregon.edu 970316
source: RADB
aut-num: AS3582
as-name: UONET
descr: University of Oregon, Eugene OR
import: from AS3701 accept ANY
import: from AS4222 accept <^AS4222+$>
import: from AS5650 accept <^AS5650+$>
import: from AS2914 accept <^AS2914+ (AS-WNA)*$>
import: from AS1798 accept <^AS1798+$>
export: to AS3701 announce AS3582
export: to AS4222 announce AS3582
export: to AS5650 announce AS3582
export: to AS2914 announce AS3582
export: to AS1798 announce AS3582
admin-c: DMM65
tech-c: DMM65
notify: nethelp@ns.uoregon.edu
mnt-by: MAINT-AS3582
changed: meyer@antc.uoregon.edu 970316
source: RADB
Figure 15: Autonomous System Object
图15:自治系统对象
The aut-num object forms the basis of a scalable and maintainable router
aut num对象构成可扩展和可维护路由器的基础
route: 128.223.0.0/16
origin: AS3582
descr: UONet
descr: University of Oregon
descr: Computing Center
descr: Eugene, OR 97403-1212
descr: USA
mnt-by: MAINT-AS3582
changed: meyer@ns.uoregon.edu 960222
source: RADB
route: 128.223.0.0/16
origin: AS3582
descr: UONet
descr: University of Oregon
descr: Computing Center
descr: Eugene, OR 97403-1212
descr: USA
mnt-by: MAINT-AS3582
changed: meyer@ns.uoregon.edu 960222
source: RADB
Figure 16: Example of a route object
图16:路由对象的示例
configuration system. For example, if AS3582 originates a new route, it need only create a route object for that route with origin AS3582. AS3582 can now build configuration using this route object without changing its aut-num object.
配置系统。例如,如果AS3582创建一个新路由,它只需要为该路由创建一个源为AS3582的路由对象。AS3582现在可以使用此路由对象构建配置,而无需更改其aut num对象。
Similarly, if for example, AS3701 originates a new route, it need only create a route object for that route with origin AS3701. Both AS3701 and AS3582 can now build configuration using this route object without modifying its aut-num object.
类似地,例如,如果AS3701创建了一个新路由,它只需要为该路由创建一个源为AS3701的路由对象。AS3701和AS3582现在都可以使用此路由对象构建配置,而无需修改其aut num对象。
In contrast to aut-num objects which describe propagation of routing information for an autonomous system as a whole, route objects define single routes from an AS. An example is given in Figure 16.
与aut num对象不同,aut num对象将自治系统的路由信息的传播描述为一个整体,route对象定义了来自as的单个路由。图16给出了一个示例。
This route object is maintained by MAINT-AS3582 and references AS3582 by the origin attribute. By this reference it is grouped together with other routes of the same origin AS, becoming member of the routing entity denoted by AS3582. The routing policies can then be defined in the aut-num objects for this group of routes.
此路由对象由MAINT-AS3582维护,并通过“原点”属性引用AS3582。通过该引用,它与与与相同来源的其他路由一起分组,成为由AS3582表示的路由实体的成员。然后可以在这组路由的aut num对象中定义路由策略。
Consequently, the route objects give the routes from this AS which are distributed to peer ASes according to the rules of the routing policy. Therefore, for any route in the routing tables of the backbone routers a route object must exist in one of the registries in IRR. route objects must be registered in the IRR only for the routes seen outside your AS. Normally, this set of external routes is different from the routes internally visible within your AS. One of the major reasons is that external peers need no information at all about your internal routing specifics. Therefore, external routes are in general aggregated combinations of internal routes, having shorter IP prefixes where applicable according to the CIDR rules. Please see the CIDR FAQ [5] for a tutorial introduction to CIDR. It is strongly recommended that you aggregate your routes as much as possible, thereby minimizing the number of routes you inject into the global routing table and at the same time reducing the corresponding number of route objects in the IRR.
因此,route对象根据路由策略的规则将来自该AS的路由分配给对等ASE。因此,对于主干路由器的路由表中的任何路由,路由对象必须存在于IRR中的一个注册表中。路由对象必须仅在IRR中注册为在AS之外看到的路由。通常,这组外部路由与AS内部可见的路由不同。其中一个主要原因是外部对等方根本不需要关于内部路由细节的信息。因此,外部路由通常是内部路由的聚合组合,根据CIDR规则,在适用的情况下具有较短的IP前缀。请参阅CIDR常见问题[5],了解CIDR的教程介绍。强烈建议您尽可能聚合路由,从而最大限度地减少注入全局路由表的路由数,同时减少IRR中相应的路由对象数。
While you may easily query single route objects using the whois program, and submit objects via mail to the registry robots, this becomes kind of awkward for larger sets. The RAToolSet [6] offers several tools to make handling of route objects easier. If you want to read policy data from the IRR and process it by other programs, you might be interested in using peval which is a low level policy evaluation tool. As an example, the command
虽然您可以使用whois程序轻松地查询单路由对象,并通过邮件将对象提交给注册表机器人,但这对于较大的集合来说有点尴尬。RAToolSet[6]提供了多种工具,使管线对象的处理更容易。如果您想从IRR中读取政策数据并由其他程序处理,您可能有兴趣使用peval,这是一种低级政策评估工具。例如,命令
peval -h whois.ra.net AS3582
peval-h whois.ra.net AS3582
will give you all route objects from AS3582 registered with RADB.
将为您提供从AS3582注册到RADB的所有布线对象。
A much more sophisticated tool from the RAToolSet to handle route objects interactively is the route object editor roe. It has a graphical user interface to view and manipulate route objects registered at any IRR. New route objects may be generated from templates and submitted to the registries. Moreover, the route objects from the databases may be compared to real life routes. Therefore, roe is highly recommended as an interface to the IRR for route objects. Further information on peval and roe is available together with the RAToolSet [6].
RAToolSet中用于交互处理管线对象的更为复杂的工具是管线对象编辑器。它有一个图形用户界面,可以查看和操作在任何IRR注册的路由对象。可以从模板生成新的路由对象,并将其提交到注册表。此外,可以将来自数据库的路由对象与现实中的路由进行比较。因此,强烈建议将roe作为路由对象的IRR接口。有关peval和roe的更多信息,请参见RAToolSet[6]。
With routing policies it is often necessary to reference groups of autonomous systems or routes which have identical properties regarding a specific policy. To make working with such groups easier RPSL allows to combine them in set objects. There are two basic types of predefined set objects, as-set, and route-set. The RPSL set objects are described below.
对于路由策略,通常需要引用自治系统组或具有与特定策略相同属性的路由。为了使使用这些组更容易,RPSL允许将它们组合到集合对象中。预定义的集合对象有两种基本类型,即集合和管线集。RPSL集合对象描述如下。
Autonomous system set objects (as-set) are used to group autonomous system objects into named sets. An as-set has an RPSL name that starts with "AS-". In the example in Figure 17, an as-set called AS-NERO-PARTNERS and containing AS3701, AS4201, AS3582, AS4222, AS1798 is defined. The as-set is the RPSL replacement for the RIPE-181 as-macro. It has been extended to include ASes in the set indirectly by referencing as set names in the aut-num objects.
自治系统集对象(as set)用于将自治系统对象分组到命名集。as集合的RPSL名称以“as-”开头。在图17中的示例中,定义了一个名为as-NERO-PARTNERS的as集合,该集合包含AS3701、AS4201、AS3582、AS4222和AS1798。as set是RPSL对RIME-181 as宏的替代。它已扩展为通过引用aut num对象中的集合名称间接将ASE包括在集合中。
AS-SETs are particularly useful when specifying policies for groups such as customers, providers, or for transit. You are encouraged to register sets for these groups because it is most likely that you will treat them alike, i.e. you will have a very similar routing policy for all your customers which have an autonomous system of their own. You may as well discover that this is also true for the providers you are peering with, and it is most convenient to have the ASes combined in one as-set for which you offer transit. For example, if a transit provider specifies its import policy using its customer's as-set (i.e., its import clause for the customer contains the customer's as-set), then that customer can modify the set of ASes that its transit provider accepts from it. Again, this can be accomplished without requiring the customer or the transit provider to modify its aut-num object.
当为组(如客户、提供商或运输)指定策略时,AS集合特别有用。我们鼓励您为这些组注册集合,因为您很可能会对它们一视同仁,也就是说,对于拥有自己的自治系统的所有客户,您将有一个非常相似的路由策略。您可能会发现,对于您正在进行对等的提供商来说,这也是正确的,最方便的方法是将ASE组合到一个您提供传输的as集合中。例如,如果运输提供商使用其客户的as集合指定其导入策略(即,其针对客户的导入子句包含客户的as集合),则该客户可以修改其运输提供商从其接受的ASE集合。同样,这可以在不要求客户或运输提供商修改其aut num对象的情况下完成。
as-set: AS3582:AS-PARTNERS members: AS3701, AS4201, AS3582, AS4222, AS1798
设置:AS3582:as-PARTNERS成员:AS3701、AS4201、AS3582、AS4222、AS1798
Figure 17: as-set Object
图17:as set对象
The ASes of the set are simply compiled in a comma delimited list following the members attribute of the as-set. This list may also contain other AS-SET names.
集合的ASE只需在as集合的members属性后面的逗号分隔列表中编译。此列表还可能包含其他AS-SET名称。
A route-set is a way to name a group of routes. The syntax is similar to the as-set. A route-set has an RPSL name that starts with "RS-". The members attribute lists the members of the set. The value of a members attribute is a list of address prefixes, or route-set names. The members of the route-set are the address prefixes or the names of other route sets specified.
路由集是一种命名一组路由的方法。语法类似于as set。路由集的RPSL名称以“RS-”开头。“成员”属性列出集合的成员。members属性的值是地址前缀或路由集名称的列表。路由集的成员是指定的地址前缀或其他路由集的名称。
Figure 18 presents some example route-set objects. The set rs-uo contains two address prefixes, namely 128.223.0.0/16 and 198.32.162.0/24. The set rs-bar contains the members of the set rs-uo and the address prefix 128.7.0.0/16. The set rs-martians illustrate the use of range operators. 0.0.0.0/0^32 are the length 32 more specifics of 0.0.0.0/0, i.e. the host routes; 224.0.0.0/3^+ are the more specifics of 224.0.0.0/3, i.e. the routes falling into the multicast address space. For more complete list of range operators please refer to RFC-2622.
图18显示了一些示例路由集对象。集合rs uo包含两个地址前缀,即128.223.0.0/16和198.32.162.0/24。集合rs栏包含集合rs uo的成员和地址前缀128.7.0.0/16。集rs火星人说明了范围运算符的使用。0.0.0.0/0^32是长度32,是0.0.0.0/0的更多细节,即宿主路由;224.0.0.0/3^+是224.0.0.0/3的更多细节,即落入多播地址空间的路由。有关范围操作员的更完整列表,请参考RFC-2622。
route-set: rs-uo
members: 128.223.0.0/16, 198.32.162.0/24
route-set: rs-uo
members: 128.223.0.0/16, 198.32.162.0/24
route-set: rs-bar members: 128.7.0.0/16, rs-uo
路线集:rs栏成员:128.7.0.0/16,rs uo
route-set: rs-martians remarks: routes not accepted from any peer members: 0.0.0.0/0, # default route 0.0.0.0/0^32, # host routes 224.0.0.0/3^+, # multicast routes 127.0.0.0/8^9-32, . . .
路由集:rs火星人备注:不接受来自任何对等成员的路由:0.0.0.0/0,#默认路由0.0.0.0/0^32,#主机路由224.0.0.0/3^+,#多播路由127.0.0.0/8^9-32。
Figure 18: route-set Objects
图18:路由集对象
B Output of RtConfig: An Example
B RtConfig的输出:一个示例
In Figure 19, you see the result of running RtConfig on the source file in Figure 11.
在图19中,您可以看到在图11中的源文件上运行RtConfig的结果。
router bgp 3582 network 128.223.0.0 ! ! NERO neighbor 198.32.162.2 remote-as 3701
路由器bgp 3582网络128.223.0.0!尼禄邻居198.32.162.2远程as 3701
no access-list 100
access-list 100 permit ip 128.223.0.0 0.0.0.0 255.255.0.0 0.0.0.0
access-list 100 deny ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
!
no route-map AS3701-EXPORT
route-map AS3701-EXPORT permit 1
match ip address 100
!
router bgp 3582
neighbor 198.32.162.2 route-map AS3701-EXPORT out
!
no route-map AS3701-IMPORT
route-map AS3701-IMPORT permit 1
set local-preference 1000
!
router bgp 3582
neighbor 198.32.162.2 route-map AS3701-IMPORT in
!
! WNA/VERIO
neighbor 198.32.162.6 remote-as 2914
!
no route-map AS2914-EXPORT
route-map AS2914-EXPORT permit 1
match ip address 100
!
router bgp 3582
neighbor 198.32.162.6 route-map AS2914-EXPORT out
no ip as-path access-list 100
ip as-path access-list 100 permit ^_2914(((_[0-9]+))*_ \
(13|22|97|132|175|668|1914|2905|2914|3361|3381|3791|3937| \
4178|4354|4571|4674|4683|5091|5303|5798|5855|5856|5881|6083 \
|6188|6971|7790|7951|8028))?$
!
no route-map AS2914-IMPORT
route-map AS2914-IMPORT permit 1
match as-path 100
set local-preference 998
no access-list 100
access-list 100 permit ip 128.223.0.0 0.0.0.0 255.255.0.0 0.0.0.0
access-list 100 deny ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
!
no route-map AS3701-EXPORT
route-map AS3701-EXPORT permit 1
match ip address 100
!
router bgp 3582
neighbor 198.32.162.2 route-map AS3701-EXPORT out
!
no route-map AS3701-IMPORT
route-map AS3701-IMPORT permit 1
set local-preference 1000
!
router bgp 3582
neighbor 198.32.162.2 route-map AS3701-IMPORT in
!
! WNA/VERIO
neighbor 198.32.162.6 remote-as 2914
!
no route-map AS2914-EXPORT
route-map AS2914-EXPORT permit 1
match ip address 100
!
router bgp 3582
neighbor 198.32.162.6 route-map AS2914-EXPORT out
no ip as-path access-list 100
ip as-path access-list 100 permit ^_2914(((_[0-9]+))*_ \
(13|22|97|132|175|668|1914|2905|2914|3361|3381|3791|3937| \
4178|4354|4571|4674|4683|5091|5303|5798|5855|5856|5881|6083 \
|6188|6971|7790|7951|8028))?$
!
no route-map AS2914-IMPORT
route-map AS2914-IMPORT permit 1
match as-path 100
set local-preference 998
! router bgp 3582 neighbor 198.32.162.6 route-map AS2914-IMPORT in
! 路由器bgp 3582邻居198.32.162.6路由图AS2914-IMPORT in
Figure 19: Output of RtConfig
图19:RtConfig的输出
Security Considerations
安全考虑
This document is a tutorial to RPSL, it does not define protocols or standards that need to be secured.
本文档是RPSL的教程,它没有定义需要保护的协议或标准。
Endnotes
尾注
(1) AS-PATH regular expressions are POSIX compliant regular expressions.
(1) AS-PATH正则表达式是与POSIX兼容的正则表达式。
(2) Discussion of RtConfig internals is beyond the scope of this document.
(2) 关于RtConfig内部的讨论超出了本文档的范围。
(3) Clearly, neither of these mechanisms is sufficient to provide strong authentication or authorization. Other public key (e.g., PGP) authentication mechanisms are available from some of the IRRs.
(3) 显然,这两种机制都不足以提供强身份验证或授权。其他公钥(如PGP)认证机制可从一些IRR获得。
References
工具书类
[1] Alaettinoglu, C., Villamizar, C., Gerich, E., Kessens, D., Meyer, D., Bates, T., Karrenberg, D. and M. Terpstra, "Routing Policy Specification Language (RPSL)", RFC 2622, June 1999.
[1] Alaettinoglu,C.,Villamizar,C.,Gerich,E.,Kessens,D.,Meyer,D.,Bates,T.,Karrenberg,D.和M.Terpstra,“路由策略规范语言(RPSL)”,RFC 2622,1999年6月。
[2] Bates, T., Jouanigot, J-M., Karrenberg, D., Lothberg, P. and M. Terpstra, "Representation of IP Routing Policies in the RIPE database", Technical Report ripe-81, RIPE, RIPE NCC, Amsterdam, Netherlands, February 1993.
[2] Bates,T.,Jouanigot,J-M.,Karrenberg,D.,Lothberg,P.和M.Terpstra,“成熟数据库中IP路由策略的表示”,技术报告CRIPE-81,CRIPE,CRIPE NCC,阿姆斯特丹,荷兰,1993年2月。
[3] T. Bates, E. Gerich, J. Joncharay, J-M. Jouanigot, D. Karrenberg, M. Terpstra, and J. Yu. Representation of IP Routing Policies in a Routing Registry, Technical Report ripe-181, RIPE, RIPE NCC, Amsterdam, Netherlands, October 1994.
[3] T.贝茨、E.格里奇、J.琼查雷、J-M.朱安尼格特、D.卡伦伯格、M.特普斯特拉和J.余。IP路由策略在路由注册表中的表示,技术报告RIME-181,RIME,RIME NCC,荷兰阿姆斯特丹,1994年10月。
[4] A. M. R. Magee. RIPE NCC Database Documentation. Technical Report RIPE-157, RIPE NCC, Amsterdam, Netherlands, May 1997.
[4] A.M.R.Magee。成熟的NCC数据库文档。技术报告CREAME-157,CREAME NCC,荷兰阿姆斯特丹,1997年5月。
[5] Hank Nussbacher. The CIDR FAQ. Tel Aviv University and IBM
Israel. http://www.ibm.net.il/~hank/cidr.html
[5] Hank Nussbacher. The CIDR FAQ. Tel Aviv University and IBM
Israel. http://www.ibm.net.il/~hank/cidr.html
[6] The RAToolSet. http://www.ra.net/ra/RAToolSet/
[6] The RAToolSet. http://www.ra.net/ra/RAToolSet/
[7] Rekhter Y. and T. Li, "A Border Gateway Protocol 4 (BGP-4)", RFC 1654, July 1994.
[7] Rekhter Y.和T.Li,“边境网关协议4(BGP-4)”,RFC 1654,1994年7月。
[8] RtConfig as part of the RAToolSet.
http://www.ra.net/ra/RAToolSet/RtConfig.html
[8] RtConfig as part of the RAToolSet.
http://www.ra.net/ra/RAToolSet/RtConfig.html
[9] Chen, E. and T. Bates, "An Application of the BGP Community Attribute in Multi-Home Routing", RFC 1998, August 1996.
[9] Chen,E.和T.Bates,“BGP社区属性在多家路由中的应用”,RFC 1998,1996年8月。
Authors' Addresses
作者地址
David Meyer Cisco Systems
大卫梅耶思科系统公司
EMail: dmm@cisco.com
EMail: dmm@cisco.com
Joachim Schmitz America On-Line
Joachim Schmitz美国在线
EMail: SchmitzJo@aol.com
EMail: SchmitzJo@aol.com
Carol Orange RIPE NCC
卡罗尔橙熟透NCC
EMail: orange@spiritone.com
EMail: orange@spiritone.com
Mark Prior connect.com.au pty ltd
Mark Prior connect.com.au私人有限公司
EMail: mrp@connect.com.au
EMail: mrp@connect.com.au
Cengiz Alaettinoglu USC/Information Sciences Institute
Cengiz Alaettinoglu USC/信息科学研究所
EMail: cengiz@isi.edu
EMail: cengiz@isi.edu
Full Copyright Statement
完整版权声明
Copyright (C) The Internet Society (1999). All Rights Reserved.
版权所有(C)互联网协会(1999年)。版权所有。
This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English.
本文件及其译本可复制并提供给他人,对其进行评论或解释或协助其实施的衍生作品可全部或部分编制、复制、出版和分发,不受任何限制,前提是上述版权声明和本段包含在所有此类副本和衍生作品中。但是,不得以任何方式修改本文件本身,例如删除版权通知或对互联网协会或其他互联网组织的引用,除非出于制定互联网标准的需要,在这种情况下,必须遵循互联网标准过程中定义的版权程序,或根据需要将其翻译成英语以外的其他语言。
The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns.
上述授予的有限许可是永久性的,互联网协会或其继承人或受让人不会撤销。
This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
本文件和其中包含的信息是按“原样”提供的,互联网协会和互联网工程任务组否认所有明示或暗示的保证,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。
Acknowledgement
确认
Funding for the RFC Editor function is currently provided by the Internet Society.
RFC编辑功能的资金目前由互联网协会提供。