The RIPE Database & The Internet Routing Registry

Similar documents
RIPE NCC Database documentation update to support RIPE DB ver

Transition to RIPE DB v3.0

The whois Database. Introduction and Usage. Anne Lord & Mirjam Kühne. AfNOG Workshop, 10 May

APNIC Internet Routing Registry. Tutorial Seoul 19 August 2003

APNIC. Database Tutorial. 3 September, Kitakyushu, Japan. 14 th APNIC Open Policy Meeting

Copyright (C) The Internet Society (1998). All Rights Reserved.

This form should be sent following the submission of Provider Aggregatable (PA) Assignment Request Form(s) found at:

Copyright (C) The Internet Society (1999). All Rights Reserved.

Support of Guarded fields within the RIPE Database. Tony Bates. Document-ID: ripe-117 Obsoletes: ripe-108

APNIC Whois Database and use of Incident Response Team (IRT) registration. Terry Manderson APNIC AusCERT 2003

Internet Routing Registry Tutorial

RIPE Database Update Reference Manual

WHOIS Database and MyAPNIC

Welcome! APNIC Internet Routing Registry Tutorial. In conjunction with SANOG IV

Local Internet Registry Training Course

APNIC Training. Internet Routing Registry (IRR)

IRT-Object in the RIPE Database, "interim" meeting

Supporting Notes for the Autonomous System (AS) Number Request Form

Database Update. Paul Palse Database Manager, RIPE NCC

The IRT Object in the RIPE Database

RIPE Database Training Course

Network Working Group. Category: Informational America On-Line C. Orange RIPE NCC M. Prior Connect C. Alaettinoglu USC/ISI August 1999

RPSL - Practical Tool for ISPs?

APNIC Internet Resource Management (IRM) Cyber Security & Network Security March, 2017 Dhaka, Bangladesh

RIPE Database. Updates and Extras. Alvaro Vives Amsterdam RIPE 77

Network Working Group

RIPE Database Workshop

Supporting Notes for the European IP Address Space Request Form

Reverse DNS Project Update

RIPE Database Documentation RIPE Database Documentation

Network Working Group. Updates: 2725, F. Parent Hexago A. Robachevsky RIPE NCC March 2005

Supporting Notes for the Provider Independent (PI) Assignment Request Form

Supporting Notes for the Provider Independent (PI) Assignment Request Form

Representation of IP Routing Policies in a Routing Registry (ripe-81++)

LEA Workshop. Champika Wijayatunga & George Kuo, APNIC Wellington, New Zealand 09, May, 2013

Internet Routing Registry

Anti-spam WG. RIPE 49 Manchester, September Rodney Tillotson, JANET-CERT

Network Working Group Request for Comments: 2726 Category: Standards Track December 1999

EUROPEAN AUTONOMOUS SYSTEM NUMBER APPLICATION FORM & SUPPORTING NOTES

To assist you with debugging problems, this whois query was received from IP Address. Your web client may be behind a web proxy.

RIPE Database. Training Course

RIPE NCC Status Report at ARIN. leo vegoda. ARIN X, Oct. 30 Nov. 1, 2002, Eugene, OR.

RIPE NCC Tools. Christian Teuschel & Mirjam Kühne

UWho and CRISP. Mark Kosters VeriSign Labs ARIN IX, April 2002

APNIC s role in stability and security. Adam Gosling Senior Policy Specialist, APNIC 4th APT Cybersecurity Forum, 3-5 December 2013

RPSLng. Routing Policy Specification Language - Next Generation

RIPE NCC Status Update

What s new at the RIPE NCC?

APNIC Internet Routing Registry

Update from the RIPE NCC. David Hilario, RIPE NCC

Registry. NTT Communications. JPNIC IP Committee / JPNIC IRR-Plan Chair. Tomoya Yoshida Topics

APNIC Internet Routing Registry. Kuala Lumpur, Malaysia, February 2004 APNIC 17 Open Policy Meeting

RIPE NCC IPv6 Update. 4th Belgian IPv6 Council Meeting 11 September Nathalie Trenaman

Representation of IP Routing Policies. in the RIPE Database

Routing Policy Specification Language next generation. 6DEPLOY. IPv6 Deployment and Support

MANRS How to behave on the internet

RIPE Database Operations Update

Suppor ting Notes for European IP Address Space Requests

An Analysis of ARIN NetHandles with OriginAS i Data and Analysis of RIR/IRR Registry Data

BGP in the Internet Best Current Practices

Recommended IOS Releases. BGP in the Internet. Which IOS? Which IOS? 12.2 IOS release images IOS release images is the old mainline train

European Internet Registry Policies and Procedures

Database Update. Denis Walker Business Analyst and Edward Shryane Senior Software Engineer. RIPE NCC Warsaw May 2014 RIPE 68

Please do not alter the value of the 'request-type' or 'form-version' fields.

LIR and RIPE Database. Training Course

Database Update. Kaveh Ranjbar Database Department Manager, RIPE NCC

Specifying an Internet Router in the Routing Registry. Tony Bates. Document ID: ripe-122 ABSTRACT

BGP BGP. Fredrik Söderquist Michael Silvin

Welcome! 31 August 2004, Nadi, Fiji APNIC 18 Open Policy Meeting. Introduction Presenters. Objectives. APNIC Members Training Course

APNIC Training. Internet Resource Management. 17 November 2009 Nadi, Fiji. Sixth PacNOG Meeting, Conference and Educational Workshop

ISP-NAP & Direct Members (Feb 2018)

RPKI and Routing Security

IRR Analysis Service

RIPE NCC Status Update

page 1 Plain Old DNS WACREN, DNS/DNSSEC Regional Workshop Ouagadougou, October 2016

Route Management Guide to manage your routes and (RPKI) ROA

Internet Engineering Task Force (IETF) Request for Comments: 7485 Category: Informational ISSN: S. Sheng ICANN A. Servin LACNIC March 2015

Securing RPSL Objects with RPKI Signatures

An introduction to BGP security

Suppor ting Notes for the European IP Address Space Request Form

APRICOT 2001 Tutorial Promoting Routability. Promoting a healthy Internet Efficient and Effective Routing Configuration BGP for ISPs

ncc European Internet Registry: Daniel Karrenberg Marten Terpstra Document ID: ripe-104 Obsoletes: ripe-72 ABSTRACT

IPv6: The Future of the Internet? July 27th, 1999 Auug

Routing Security. Training Course

IPv6 Address Allocation Policies and Management

APNIC Internet Resource Management (IRM) Tutorial. Revision: 2.1

Lameness in Reverse DNS

RIPE 55 DB Status Update Jos I. Boumans RIPE NCC. Jos Boumans RIPE 55

APNIC Routing Workshop

Supporting Notes for the IPv6 End User Site Assignment Request Form

Local Internet Registry. Training Course

DISI Update. Olaf Kolkman, Henk Uijterwaal & Daniel Karrenberg. Olaf M. Kolkman. RIPE 46, Amsterdam, September

BGP Best Current Practices. ISP/IXP Workshops

BGP Best Current Practices. Recommended IOS Releases. Which IOS? Which IOS? 12.4 IOS release images IOS release images

Golden Prefixes IRR Lockdown Job Snijders

European Internet Registry

Network Working Group Request for Comments: Category: Informational Network Startup Resource Center August 2000

BGP Best Current Practices. ISP/IXP Workshops

APNIC & Internet Address Policy in the Asia Pacific

RIPE NCC DNS Update. Wolfgang Nagele DNS Services Manager

Transcription:

The RIPE Database & The Internet Routing Registry A. M. R. Magee RIPE NCC 1

Outline Purpose of the RIPE database Description of Database Objects Querying the Database Creating, Updating and Deleting Objects Authorization and Authentication 2

Outline 2 Hierarchical Object Protection Mirroring the RIPE Database Non-production databases at the RIPE NCC 3

Purpose of the RIPE Database To support NIC s/noc s in Europe and surrounding areas to perform their tasks Available to the public for agreed Internet operational purposes. 4

Four Registries IP address Domains (including in-addr.arpa) Routing Contact information 5

The IP Registry Information about IP address space Allocations and assignments Inetnum object 6

Inetnum Object inetnum: 193.0.0.0-193.0.0.255 netname: RIPE-NCC descr: RIPE-Network Coordination Centre country: Amsterdam, Netherlands admin-c: JLC2-RIPE tech-c: OPS4-RIPE rev-srv: ns.ripe.net rev-srv: ns.eu.net status: ASSIGNED PA mnt-by: RIPE-NCC-MNT changed: orange@ripe.net 19960815 changed: mir@ripe.net 19970506 changed: ripe-dbm@ripe.net 19970819 source: RIPE different formats possible for inetnum value 7

The Domain Registry The domain object Includes Reverse Delegations The Domain Registry is a convenient reference It is not the registry that is maintained by the cctld s (country code Top Level Domain) Administrators. 8

Domain Object domain: over.ripe.net descr: RIPE Network Coordination Centre descr: Singel 258 descr: NL-1016 AB Amsterdam descr: The Netherlands admin-c: AMRM1-RIPE tech-c: RD132-RIPE zone-c: RD132-RIPE remarks: example object only notify: amrm@ripe.net changed: ripe-dbm@ripe.net 19970115 source: TEST 9

The Routing Registry Autonomous Systems Internet Routes Supports checking of inconsistenices Refers to contact person information 10

The Routing Registry 2 Aut-Num (represents Autonomous System) Route AS-Macro Community Inet-Rtr (internet router) 11

Route Object route: 193.0.0/24 descr: RIPE-NCC origin: AS3333 mnt-by: RIPE-NCC-MNT changed: olaf@ripe.net 19981208 source: RIPE represents a route in the Internet contains all membership information this route is originated in AS3333 only one origin possible 12

The Aut-Num Object Describes the import and export policies of an Autonomous System (AS). An AS has a single and clearly defined routing policy. Not an administrative object Scalable 13

The AS Object An example (RIPE-181 format): aut-num: AS3333 descr: RIPE NCC as-in: from AS286 120 accept ANY as-in: from AS1104 120 accept AS1104 as-out: to AS286 announce AS3333 as-out: to AS1104 announce AS3333 cross-nfy: OPS4-RIPE cross-mnt: RIPE-NCC-MNT admin-c: OK65 tech-c: OPS4-RIPE mnt-by: RIPE-NCC-MNT changed: olaf@ripe.net 19981208 source: RIPE Policy 14

Overlapping routes The sender is always notified of overlaps. Cross-notification attributes can be added The set of sources that are searched for these conflicts is defined in the configuration file. 15

Cross-notification When the prefix of a new route object overlaps with that in any other route object in the RR, when the prefix of a deleted route object overlapped with that in any other route object in the RR, notification is sent to contact referenced in cross-nfy and/or cross-mnt attribute of overlapped object(s). 16

cross-nfy attribute Points to a NIC-handle (cf. admin-c, tech-c) can point to the NIC-handle of a role object The e-mail address of this NIC-handle will get the notification. 17

cross-mnt attribute Points to a mntner (cf. mnt-by, mnt-lwr ). The notification is sent to the mailbox in the mnt-nfy attribute of the mntner in cross-mnt No authentication checks are done, only for notification. 18

cross-nfy attribute in Route Object route: 193.0.0/24 origin: cross-nfy: AS3333 OPS4-RIPE route: 193.0.0.0/32 (new) role: nic-hdl: email: RIPE NCC OPERATIONS OPS4-RIPE ops@ripe.net <ops@ripe.net> gets a notification. 19

cross-mnt attribute in Route Object route: 193.0.0/24 origin: AS3333 cross-mnt: RIPE-NCC-MNT route: mntner: descr: mnt-nfy: 193.0.0.0/32 (new) RIPE-NCC-MNT RIPE-NCC Maintainer ops@ripe.net <ops@ripe.net> gets a notification.. 20

cross-nfy attribute in Aut-num Object route: 193.0.0/24 origin: AS3333 route: 193.0.0.0/25 (new) origin: AS1234 aut-num: cross-nfy: role: nic-hdl: email: AS3333 OPS4-RIPE RIPE NCC OPERATIONS OPS4-RIPE ops@ripe.net <ops@ripe.net> gets a notification. 21

cross-mnt attribute in Aut-num Object route: 193.0.0/24 origin: AS3333 route: 193.0.0.0/25 (new) origin: AS1234 aut-num: cross-mnt: AS3333 RIPE-NCC-MNT mntner: RIPE-NCC-MNT mnt-nfy: ops-fyi@ripe.net <ops-fyi@ripe.net> gets a notification.. 22

The Aut-Num Object in RPSL These attributes remain in all RPSL object types: descr, admin-c, tech-c, remarks, notify, changed, source These atttributes are used in RPSL aut-num object: as-name, import, export, default and member of. More later 23

Route object in RPSL Extra attributes in the route object member-of inject components aggr-bndry aggr-mtd export-comps 24

The AS-Macro Object as-macro: AS-ACONET descr: ACONET AS Macro descr: ASes served by SUNET as-list: AS-UDNVIE AS1853 AS1205 AS2131 admin-c: WK42 tech-c: EJ63 tech-c: CP8-RIPE mnt-by: AS1853-MNT changed: Panigl@cc.univie.ac.at 950516 source: RIPE Contains no policy information, only provides additional information for communities networks can belong to. 25

AS-Macro Object in RPSL Not used in RPSL Replaced by as-set as-set is more flexible than AS-Macro 26

CommunityObject community: descr: authority: (HTC-IP) guardian: HEPNET High Energy Physics Network HEPnet technical committee IP farrache@ccpnxt5.in2p3.fr admin-c: Gilles Farrache tech-c: Gilles Farrache changed: farrache@ccpnxt5.in2p3.fr 19940222 source: RIPE 27

Community Object in RPSL Not in RPSL Replaced by rs-set 28

Person Contact information Registry Role Mntner Minor changes with RPSL 29

Person Object person: Mirjam Kuehne address: RIPE NCC address: Singel 258 address: NL - 1016 AB Amsterdam address: Netherlands phone: +31 20 535 4444 fax-no: +31 20 535 4445 e-mail: mir@ripe.net nic-hdl: MK16-RIPE notify: mir@ripe.net changed: mir@ripe.net 19950411 changed: mir@ripe.net 19970616 source: RIPE 30

Role Object role: RIPE DBM address: RIPE NCC, Singel 258 address: NL - 1016 AB Amsterdam, Netherlands phone: +31 20 535 4444 fax-no: +31 20 535 4445 e-mail: ripe-dbm@ripe.net trouble: Information: http://www.ripe.net/db/index.html trouble: Documentation: http://www.ripe.net/docs/ripe-157.html trouble: Questions and bug reports mailto: ripe-dbm@ripe.net admin-c: AMRM1-RIPE tech-c: AMRM1-RIPE nic-hdl: RD132-RIPE changed: ripe-dbm@ripe.net 19970115 source: RIPE 31

Role Object More stable than person objects trouble attribute Nic-handle attribute of role and person objects share the same name space A role object can be used as admin-c 32

Maintainer Object mntner: RIPE-NCC-MNT descr: RIPE-NCC Maintainer admin-c: JLC2-RIPE tech-c: MK16-RIPE upd-to: ripe-dbm@ripe.net mnt-nfy: ripe-dbm@ripe.net auth: MAIL-FROM.*ripe\.net mnt-by: RIPE-NCC-MNT changed: geertj@ripe.net 19941013 changed: GeertJan.deGroot@ripe.net 19941125 source: RIPE manual registration of object necessary send object to <ripe-dbm@ripe.net> 33

Querying the Database The RIPE whois client available by anonymous ftp ftp://ftp.ripe.net/tools/ripe-whois-tools-2.4.tar.gz Make sure that you have the newest version Web Interface 34

The RIPE whois client Search keys Options 35

Querying the Database Search keys (Look-up Keys) person name, nic-hdl, e-mail role name, nic-hdl, e-mail maintainer maintainer name inetnum network number, network name domain domain name aut-num AS number as-macro AS-macro name community community name route route value 36

Example query whois 193.0.0.0 inetnum: 193.0.0.0-193.0.0.255 netname: RIPE-NCC admin-c: DK58 tech-c: OPS4-RIPE route: 193.0.0.0/24 descr: RIPE-NCC role: address: Singel 258 RIPE NCC Operations person: address: Daniel Karrenberg RIPE Network Coordination Centre (NCC) 37

RIPE Whois Options I c inverse lookup for specified attributes see the changed field attribute L find all Less specific matches m find first level more specific matches M find all More specific matches r turn off recursive lookups T type only look for objects of type (inetnum, route, etc..) R force to show local copy of the domain object even if it contains referral 38

RIPE Whois Options 2 a also search all databases mirrored by RIPE h hostname search alternate server t show template for object of type type v verbose information for object of type type see whois help for other options (will get you a howto on searching the database) 39

Whois -a and -h Options whois -h query a specific host whois -h whois.ripe.net whois -h whois.arin.net whois -a includes the following sources RADB CANET MCI ANS APNIC RIPE The NCC mirrors RADB, CANET, MCI, ANS, APNIC 40

Whois -t Option person: [mandatory] [single] [primary/look-up key] address: [mandatory] [multiple] [ ] phone: [mandatory] [multiple] [ ] fax-no: [optional] [multiple] [ ] e-mail: [optional] [multiple] [look-up key] nic-hdl: [mandatory] [single] [primary/look-up key] remarks: [optional] [multiple] [ ] notify: [optional] [multiple] [inverse key] mnt-by: [optional] [multiple] [inverse key] changed: [mandatory] [multiple] [ ] source: [mandatory] [single] [ ] - Used when creating objects 41

Web Interface RIPE Database homepage: http://www.ripe.net/ripencc/pub-services/db/ Whois on the Web: http://www.ripe.net/cgi-bin/whois GLIMPSE raw text search: -http://www.ripe.net/cgi-bin/ripedbsearch 42

Managing Objects Creating, Updating and Deleting Objects 43

Creating Objects Make a copy of the template of the object use whois -t <object-type> Write in your details Mandatory attributes must have a value Optional attributes may be undefined, but they are removed by the robot :-) Generated attributes 44

Creating Objects 2 nic-hdl attribute ( person and role objects): AUT0-1 AUTO-1<Your Initials> Send the object to <auto-dbm@ripe.net> 45

Updating Objects Make a copy of the existing object Edit the copy of the existing object Add a changed line Send to <auto-dbm@ripe.net> If you send an identical object, NOOP Good idea to keep the changed lines 46

Deleting an object add delete attribute to exact copy of current object person: Mirjam Kuehne address: RIPE NCC address: Singel 258 address: NL - 1016 AB Amsterdam address: Netherlands phone: +31 20 535 4444 fax-no: +31 20 535 4445 e-mail: mir@ripe.net nic-hdl: MK16-RIPE changed: mir@ripe.net 950411 source: RIPE delete: training@ripe.net late for training 47

E-mail Interface <auto-dbm@ripe.net> automatic mailbox send all updates to this mailbox can use LONGACK in subject line can use HELP in subject line <ripe-dbm@ripe.net> send questions and comments to this mailbox 48

DB Update Procedure Syntax checking Warnings object corrected and accepted notification of action taken in acknowledgement Errors object NOT corrected and NOT accepted diagnostics in acknowledgement if you do not understand, send e-mail <ripe-dbm@ripe.net> 49

Notification/Authorisation notify attribute sends notification to email address specified mnt-by attribute & mntner object mnt-by attribute can be included in every object mnt-by value references mntner object that describes the maintainer & contains authentication details objects that contain mnt-by must pass the authentication rules in the mntner object mnt-lower attribute & mntner object controls the creation of objects one level below in the hierarchy of an object type 50

Maintainer Object mntner: RIPE-NCC-MNT descr: RIPE-NCC Maintainer admin-c: JLC2-RIPE tech-c: MK16-RIPE upd-to: ripe-dbm@ripe.net mnt-nfy: ripe-dbm@ripe.net auth: MAIL-FROM.*ripe\.net mnt-by: RIPE-NCC-MNT changed: geertj@ripe.net 19941013 changed: GeertJan.deGroot@ripe.net 19941125 source: RIPE manual registration of object necessary send object to <ripe-dbm@ripe.net> 51

Maintainer Object auth attribute (mandatory) NONE MAIL-FROM {e-mail address, regular expression} CRYPT-PW encrypted password PGPKEY-<key-id> upd-to attribute (mandatory) notification for failed updates mailbox for requested changes 52

Maintainer Object 2 mnt-by attribute (mandatory) can reference the object itself Not always a good idea mnt-nfy attribute (optional) works like notify but for all objects that refer to this maintainer object 53

Hierarchical Authorisation You can ask for mnt-lower to be added to allocation object. Send message to <hostmaster@ripe.net> inetnum: 193.1.0.0-193.1.31.255 netname: descr: country: admin-c: tech-c: status: mnt-by: mnt-lower: REGISTRY-ALLOCATION Allocation to Registry EU JLC2-RIPE MK16-RIPE ALLOCATED PA RIPE-NCC-MNT REGISTRY-MNT changed: hostmaster@ripe.net 19960310 source: RIPE 54

Mirroring the RIPE Database Real-time mirroring Controlled by an access list Person and Role object data: Acceptable Use Policy Software available from ftp site ftp://ftp.ripe.net/ripe/dbase/software/ripe-db-2.3.2 tar.gz 55

TEST database <test-dbm@ripe.net> test-whois.ripe.net Non-Production Databases RPSL server: <auto-rpsl@ripe.net> rpslii.ripe.net Beta-server: beta-whois.ripe.net <auto-beta@ripe.net> 56

Questions? 57

Answers! 58

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback