SlideShare a Scribd company logo
1 of 67
Download to read offline
RPSL with IRRToolSet
bdNOG 1
14th May 2013, Dhaka, Bangladesh
Muhammad Moinur Rahman, bdNOG
SANOG 23 : Thiphu, BhutanbdNOG Page 2
IRR Toolset, RPSL: Introduction
Tutorial
- Do not think of bypassing the RFC
Target audience
- Knowledge of Internet Routing(specially BGP)
- Familiar with any IRR Database
- No need to know Internet Routing Registry
Layout
- Theory
- Handson Lab using IRR Power Tools, Net:IRR, rpsltools and
IRRToolSet
SANOG 23 : Thiphu, BhutanbdNOG Page 3
Historical Context
The basic concept of routing registries dates back to the
1980's and NSFNet
A high-level policy based routing database (PRDB) was
used to generate configs
NSFNet regional networks were required to submit
Network Announcement Change Requests (NACR) to
update the PRDB
NACR’s documented connected networks and their
Autonomous System numbers
SANOG 23 : Thiphu, BhutanbdNOG Page 4
Historical Context (Early European Works)
RIPE – Reseaux IP Europeens
Formed in 1989 to coordinate and promote IP
networking in Europe
Developed a registry for allocation of IP addresses and
Autonomous System numbers in Europe (first RIR)
No routing policy support initially
SANOG 23 : Thiphu, BhutanbdNOG Page 5
Historical Context (RIPE)
RIPE-81 document was published in Feb, 1993 -
extended the RIPE address registry to include basic
routing policy information
Added ability to specify an Autonomous System number
for an IP address allocation
Also allowed the expression of Autonomous System
relationships
SANOG 23 : Thiphu, BhutanbdNOG Page 6
Historical Context (RIPE-181)
RIPE-181 (RIPE-81++) document was published in Oct,
1994
Introduced concept of object classes
Separated routing policy information from IP address
allocation information with introduction of the “route”
object
Extended Autonomous System policy expression
functionality
Also adopted a mechanism for grouping Autonomous
Systems with the “as-macro”
SANOG 23 : Thiphu, BhutanbdNOG Page 7
Historical Context (RPSL)
In March 1995, the RIPE-181 standard was accepted
as an IETF informational document – RFC-1786
IETF created the Routing Policy System Working Group
to revise and standardize the language under the
auspices of the IETF
Result was known as the Routing Policy Specification
Language (RPSL)
SANOG 23 : Thiphu, BhutanbdNOG Page 8
Historical Context (RFC-2622)
RFC 2622 was released in June, 1999 and formally
defined RPSL standard
Based on the RIPE-181 standard
- Significantly extended the functionality of the aut-num object
- route object also extended
- as-macro became as-set object
- Added a number of new object types
- Included a dictionary based extension mechanism
SANOG 23 : Thiphu, BhutanbdNOG Page 9
Historical Context (RFC-2622 New Objects)
as-set
route-set
filter-set
rtr-set
peering-set
inet-rtr
mntner, role, and person objects for authentication and
contact information
SANOG 23 : Thiphu, BhutanbdNOG Page 10
Historical Context (RFC-4012 RPSLng)
 IPv6 and multicast support
 Address Family Identifier(afi i.e, ipv4 and ipv6)
 MPBGP added in protocol Dictionary
 RPSL types ipv6-address, ipv6-address-prefix and ipv6-
address-prefix- range added
 Policy Attribute mp-import, mp-export and mp-default added
 Class route6 added
 route-set class now supports both IPv4 and IPv6 mp-
members
 peering-set supports mp-peering attribute
 rtr-set class supports both IPv4 and IPv6
SANOG 23 : Thiphu, BhutanbdNOG Page 11
Routing Policy Specification Language(RPSL)
Object-based language
- route, autonomous system, router, contact and set objects
Defines the syntax, semantics and format of data in IRR
Vendor independent
Extensible
IETF Proposed Standard (RFC2622) later superseded
by RPSLng (RFC4012)
Based on RIPE-181 (RFC 1786)
SANOG 23 : Thiphu, BhutanbdNOG Page 12
RPSL Basics
Each object type (class) contains mandatory and
optional attributes
All objects must have these attributes
- mnt-by: identifies mntner object that controls the object
- changed: lists email and time of change
- source: identifies the registry name where the object is located
SANOG 23 : Thiphu, BhutanbdNOG Page 13
mntner Object
Mntner is an abbreviation of maintainer
Identifies accounts in the registry
Maintainer objects used for authentication
Specifies authentication mechanism in the “auth”
attribute
- CRYPT-PW or MD5-PW - password auth
- PGP-KEY – PGP/GPG based auth
- MAIL-FROM – email based auth
- NONE
SANOG 23 : Thiphu, BhutanbdNOG Page 14
mntner Object
mntner: [mandatory] [single] [primary/look-up key]
descr: [mandatory] [multiple]
admin-c: [mandatory] [multiple] [inverse key]
tech-c: [optional] [multiple] [inverse key]
upd-to: [mandatory] [multiple] [inverse key]
mnt-nfy: [optional] [multiple] [inverse key]
auth: [mandatory] [multiple]
remarks: [optional] [multiple]
notify: [optional] [multiple] [inverse key]
mnt-by: [mandatory] [multiple] [inverse key]
changed: [mandatory] [multiple]
source: [mandatory] [single]
SANOG 23 : Thiphu, BhutanbdNOG Page 15
mntner Object Example
mntner: MAINT-BD-1ASIAAHL
descr: 1Asia Alliance Communication Ltd
country: BD
admin-c: MMR13-AP
upd-to: hostmaster@1asia-ahl.com
mnt-by: MAINT-BD-1ASIAAHL
auth: # Filtered
referral-by: APNIC-HM
changed: moin@1asia-ahl.com 20121127
source: APNIC
SANOG 23 : Thiphu, BhutanbdNOG Page 16
route/route6 Object
Defines a CIDR prefix and origin AS
Most common type of object found in routing registries
Used by a number of ISP's to generate filters on their
customer BGP sessions
- Customers must register all routes in order for their ISP to route them
- Allows automation of adding new prefixes
SANOG 23 : Thiphu, BhutanbdNOG Page 17
route/route6 object and keys
 Every RPSL class has a primary “key”
 For most classes, it is simply the main class attribute value
 For example, the mntner class uses the mntner attribute value as the key
 However, route objects use both route and origin fields as the primary
key
 There can be multiple objects for the same prefix with different origins
 This is by design
- Multi-origin multi-homing
- When changing to a new origin AS, want routes for both until switched
 However, also many cases of multiples due to stale routes not being
cleaned
SANOG 23 : Thiphu, BhutanbdNOG Page 18
route/route6 Object Format
route: [mandatory] [single] [primary/look-up key]
descr: [mandatory] [multiple]
origin: [mandatory] [single] [primary/inverse key]
withdrawn: [optional] [single]
member-of: [optional] [single] [inverse key]
inject: [optional] [multiple]
components: [optional] [single]
aggr-bndry: [optional] [single] [inverse key]
aggr-mtd: [optional] [single]
export-comps: [optional] [single]
holes: [optional] [single]
remarks: [optional] [multiple]
cross-nfy: [optional] [multiple] [inverse key]
cross-mnt: [optional] [multiple] [inverse key]
notify: [optional] [multiple] [inverse key]
mnt-by: [mandatory] [multiple] [inverse key]
changed: [mandatory] [multiple]
source: [mandatory] [single]
SANOG 23 : Thiphu, BhutanbdNOG Page 19
route/route6 Object Example
route: 182.16.140.0/22
descr: 1Asia Communication Pte Ltd
origin: AS10102
mnt-lower: MAINT-BD-1ASIAAHL
mnt-routes: MAINT-BD-1ASIAAHL
mnt-by: MAINT-BD-1ASIAAHL
changed: moin@1asia-ahl.com 20121209
source: APNIC
SANOG 23 : Thiphu, BhutanbdNOG Page 20
aut-num Object
Defines routing policy for an AS
Uses mp-import: and mp-export: attributes to specify
policy
Can be used for highly detailed policy descriptions and
automated config generation
Can reference other registry objects such as
- as-sets
- route-sets
- filter-sets
SANOG 23 : Thiphu, BhutanbdNOG Page 21
aut-num Object Format
aut-num: [mandatory] [single] [primary/look-up key]
as-name: [mandatory] [single]
descr: [mandatory] [multiple]
member-of: [optional] [single] [inverse key]
import: [optional] [multiple] [inverse key]
export: [optional] [multiple] [inverse key]
default: [optional] [multiple] [inverse key]
admin-c: [mandatory] [multiple] [inverse key]
tech-c: [mandatory] [multiple] [inverse key]
remarks: [optional] [multiple]
cross-nfy: [optional] [multiple] [inverse key]
cross-mnt: [optional] [multiple] [inverse key]
notify: [optional] [multiple] [inverse key]
mnt-by: [mandatory] [multiple] [inverse key]
changed: [mandatory] [multiple]
source: [mandatory] [single]
SANOG 23 : Thiphu, BhutanbdNOG Page 22
aut-num Object Example
aut-num: AS10102
as-name: SG-1ASIACOM-AS-AP
descr: 1Asia Communication Pte Ltd
descr: 151 Chin Swee Road
descr: 14-01 Manhattan House
country: SG
admin-c: SHC12-AP
tech-c: MMR13-AP
mnt-by: MAINT-SG-1ASIACOM-SG
mnt-routes: MAINT-SG-1ASIACOM-SG
mnt-irt: IRT-SG-1ASIACOM-SG
changed: hm-changed@apnic.net 20100428
changed: hm-changed@apnic.net 20121116
source: APNIC
SANOG 23 : Thiphu, BhutanbdNOG Page 23
as-set Object
Provides a way of grouping AS'es
Name must begin with prefix “AS-” or in the format
- AS<NUM>:AS-CUSTOMERS
- AS<NUM>:AS-PEERS
Frequently used to list downstream/customer AS
numbers
Maybe referenced in aut-num import/export policy
expressions
Can reference other as-set's
SANOG 23 : Thiphu, BhutanbdNOG Page 24
route-set Object
Defines a set of routes prefixes
Name must begin with prefix “RS-” or in the format
ASNUM:RS-<ORGANIZATION>
Can reference other route-sets
Can also reference AS's or as-set's
- In this case, the route-set will include all route object prefixes which
have an origin which matches the AS numbers
SANOG 23 : Thiphu, BhutanbdNOG Page 25
route-set Object Format
route-set: [mandatory] [single] [primary/look-up key]
descr: [mandatory] [multiple]
members: [optional] [single]
mbrs-by-ref:[optional] [single]
remarks: [optional] [multiple]
tech-c: [mandatory] [multiple] [inverse key]
admin-c: [mandatory] [multiple] [inverse key]
notify: [optional] [multiple] [inverse key]
mnt-by: [mandatory] [multiple] [inverse key]
changed: [mandatory] [multiple]
source: [mandatory] [single]
SANOG 23 : Thiphu, BhutanbdNOG Page 26
route-set Object Example
route-set: AS10102:RS-1ASIA
descr: Routes announced across Peers
members: 103.4.108.0/22,182.16.140.0/22
tech-c: MMR13-AP
admin-c: MMR13-AP
mnt-by: MAINT-BD-1ASIAAHL
changed: moin@1asia-ahl.com 20140129
source: APNIC
SANOG 23 : Thiphu, BhutanbdNOG Page 27
filter-set Object
 Defines a set of routes that are matched by a filter expression
 Similar in concept to route-set's
 Name must begin with prefix “fltr-”
SANOG 23 : Thiphu, BhutanbdNOG Page 28
The IRR(internet Routing Registry)
 Concept of “the” Internet Routing Registry system established in 1995
 Shares information regarding production Internet Routing Registries
 Web site at http://www.irr.net
 Initially RIPE-181 format, shifted to RPSL
 Mirror Routing Registry data in a common repository for simplified
queries
 The IRR currently consists of roughly 35 operational registries
 Registries operators
- Regional Internet Registers (RIR’s), such as ARIN, RIPE, and APNIC
- ISP’s - SAVVIS, NTT, Level3
- Non-affiliated public registries – RADB and ALTDB
SANOG 23 : Thiphu, BhutanbdNOG Page 29
RADB Routing Registry
 The RADB launched in 1995 as part of NSFNet funded Routing Arbiter
project
 The Routing Arbiter project was intended to ease transition from the
NSFNet to the commercial Internet
 Registry was used to configure Route Servers located at designated
Network Access Points (NAP’s) located in Chicago, Washington, New
York, and San Francisco
 RADB transitioned from public NSFNet funding to fee-based model in
1999
 Re-branded Routing Assets Database in 2002 – http://www.radb.net
 The registry can be queried at website and via whois at whois.radb.net
 This server also mirrors the other registries in the IRR as documented at
www.irr.net
SANOG 23 : Thiphu, BhutanbdNOG Page 30
Why Register?
 Document routing policy
 In particular, register route objects to associate network prefixes with
origin AS
 A number of transit providers require their customers to register routes
and filter customer route announcements based on registry contents
 Filters unauthorized announcements to prevent route hijacking, denial of
service
SANOG 23 : Thiphu, BhutanbdNOG Page 31
Incidents
 BGP->RIP->BGP injection
 128/7 leak
 bogon 0/0, 10/8 leaks
 Daily, someone is leaking somelse’s prefix.
SANOG 23 : Thiphu, BhutanbdNOG Page 32
Common IRR query flags
 IRR's support a number flag options
 -i flag performs inverse query
- “-i origin AS10102” returns all route objects with an origin of AS10102
- “-i mnt-by MAINT-AS10102” returns all routes maintained by MAINT-AS10102
 -M flag returns more specific route objects for a prefix
- “-M 27.0.8.0/22” returns all more specific route objects in the 27.0.8.0/22 prefix
 -s flag limits number of sources queried
- May not want to query all 30+ IRR db's
- example, “-s RADB,RIPE”
 -K flag – return primary keys only
- Useful for route object queries, excludes extraneous fields not needed for
policy
- Often used by tools
SANOG 23 : Thiphu, BhutanbdNOG Page 33
Advanced IRR queries
IRRd provides the ability to perform server side set
expansions (as-set and route-set)
This is done with the “!i” query
- “!iAS-ESNETUS” returns members of ASESNETUS as-set object
Add a “,1” for a recursive expansions
- “!iAS-ESNETUS,1” will recurse any as-set members and return
individual as-members
- Reduces number of queries to server
SANOG 23 : Thiphu, BhutanbdNOG Page 34
Advanced RPSL – aut-num
The aut-num object can be used to express an
Autonomous System’s routing policy and peering
information
Powerful structured syntax allows for complex policy
expressions
Some operators drive their network configuration off of
their RPSL data
Others simply use it to document AS relationships in a
public manner
SANOG 23 : Thiphu, BhutanbdNOG Page 35
RPSL Tools
Several tools have been developed to facilitate the use
of RPSL registry data in the configuration of networks
Tools range from sophisticated and powerful to simple
and limited
Use the IRR by querying over the whois protocol
Some ISP’s use in-house developed tools which
process RPSL database files directly
SANOG 23 : Thiphu, BhutanbdNOG Page 36
Tools of trade for RPSL
IRRToolSet
NET::IRR
- Perl module supporting basic IRR queries
IRR Power Tools
- IRR based router configuration – PHP + CVS
Rpsltool – generates cisco configs - Perl
SANOG 23 : Thiphu, BhutanbdNOG Page 37
Tools of trade for RPSL
IRRToolSet
NET::IRR
- Perl module supporting basic IRR queries
IRR Power Tools
- IRR based router configuration – PHP + CVS
Rpsltool – generates cisco configs - Perl
SANOG 23 : Thiphu, BhutanbdNOG Page 38
IRRToolSet
Based on original RAToolSet used in NSF Routing
Arbiter project
Written in C++ and now maintainer by ISC
rtconfig tool uses templates to generate router configs
from IRR data
Other provided tools include
- peval – low level policy evaluation tools
- rpslcheck – verfies RPSL syntax of objects
Death of IRRToolSet??
Revamped by ISC, yet complex to configure
SANOG 23 : Thiphu, BhutanbdNOG Page 39
Net::IRR
Perl CPAN module
Provide several useful Perl functions
- get_routes_by_origin
- get_ipv6_routes_by origin
- get_as_set
- get_route_set
- route_search
SANOG 23 : Thiphu, BhutanbdNOG Page 40
IRR Power Tools
PHP based toolset
- http://sourceforge.net/projects/irrpt
Allows ISP to easily track, manage and utilize IRR data
Performs tracking with CVS
Can email notifications of updates
irrpt_pfxgen script can generate router configs in
Cisco/Foundry, Juniper, Extreme, and Force10 formats
SANOG 23 : Thiphu, BhutanbdNOG Page 41
Routing Registry Futures
RPKI(Resource Public Key Infrastructure) work will
likely have impact on routing registry usage
APNIC along with RIPE has already designed the portal
for RPKI usage
Latest subset of IRRToolSet has added support for
integrating RPKI along with RPSL
SANOG 23 : Thiphu, BhutanbdNOG Page 42
Feeling sorry for being here .. 
Don’t be ..
Configuration part will make you
thing life is really easy .. 
Lets go for a Tea Break
SANOG 23 : Thiphu, BhutanbdNOG Page 43
IRR Toolset, RPSL: Installation
 Available in most Unix/Linux like OS
 Basic Requirements for IRRToolset are as of following
- GNU Make
- GCC
- flex
- bison
- libtool
 Additional tools for autoconfiguration are as of following:
- expect
- cron
SANOG 23 : Thiphu, BhutanbdNOG Page 44
IRR Toolset, RPSL: Installation – Get Source
root@bofh:~ #wget
ftp://ftp.isc.org/isc/IRRToolSet/IRRToolSet-
5.0.1/irrtoolset-5.0.1.tar.gz
root@bofh:~ # tar –zxvf irrtoolset-5.0.1.tar.gz
root@bofh:~ # cd irrtoolset-5.0.1
SANOG 23 : Thiphu, BhutanbdNOG Page 45
IRR Toolset, RPSL: Installation – Build and Install
root@bofh:~irrtoolset-5.0.1# ./configure
root@bofh:~irrtoolset-5.0.1# make
root@bofh:~irrtoolset-5.0.1# make install
SANOG 23 : Thiphu, BhutanbdNOG Page 46
IRR Toolset, RPSL: RPSL Primer
root@bofh:~ whois –h whois.apnic.net AS131208
#####snipped######
mp-import: afi any.unicast {
from AS-ANY accept ANY AND NOT RS-MARTIANS;
} refine {
from AS-ANY action pref = 50;
accept community.contains(131208:50);
from AS-ANY action pref = 30;
accept community.contains(131208:70);
from AS-ANY action pref = 10;
accept community.contains(131208:90);
from AS-ANY action pref = 0; accept ANY;
} refine afi ipv4.unicast {
SANOG 23 : Thiphu, BhutanbdNOG Page 47
IRR Toolset, RPSL: RPSL Primer(Contd)
from AS6453 66.110.0.126 at 103.4.109.254 action pref=10;
community.append(131208:11000,131208:11010,131208:1101
1); accept ANY AND NOT RS-MARTIANS;
from AS58715 103.4.108.62 at 103.4.108.61 action
community.append(131208:41000,131208:41010,131208:41011);
accept AS-58715^24 AND <^AS58715+ AS-58715*$>;
from AS58656 103.4.108.94 at 103.4.108.93 action
community.append(131208:41000,131208:41010,131208:41011);
accept AS-BDHUB^24 AND <^AS58656+ AS-BDHUB*$>;
from AS58657 103.4.108.178 at 103.4.108.177 action
community.append(131208:41000,131208:41010,131208:41011);
accept AS58657^24 AND <^AS58657+$>;
from AS15169 27.0.9.10 at 27.0.9.9 action pref=5;
community.append(131208:31000,131208:31020,131208:31021);
accept AS15169^24 AND <^AS15169+ AS-GOOGLE*$>;
} refine afi ipv6.unicast {
SANOG 23 : Thiphu, BhutanbdNOG Page 48
IRR Toolset, RPSL: RPSL Primer(Contd)
from AS6453 2001:5a0:2300:100::55 at 2001:5a0:2300:100::56
action pref=10;
community.append(131208:11000,131208:11010,131208:11011);
accept ANY AND NOT RS-MARTIANS;
from AS15169 2404:a100:2000::11 at 2404:a100:2000::12 action
pref=5;
community.append(131208:31000,131208:31020,131208:31021);
accept AS15169 AND <^AS15169+ AS-GOOGLE*$>;
}
SANOG 23 : Thiphu, BhutanbdNOG Page 49
IRR Toolset, RPSL: rtconfig Caveats
- Hard to debug as debus message has no clue to original
error
- By default uses irrd whois server which none of the RIR’s
uses except Merit RADB
- For using with APNIC, RIPE etc RIR’s whois server we must
change the protocol to bird(Original RIPE whois daemon)
SANOG 23 : Thiphu, BhutanbdNOG Page 50
IRR Toolset, RPSL: rtconfig
- Prompt based shell application
- root@bofh:~# rtconfig –h whois.apnic.net –protocol bird
rtconfig>
Takes any of the following commands:
@rtconfig import <ASN-1> <rtr-1> <ASN-2> <rtr-2>
@rtconfig export <ASN-1> <rtr-1> <ASN-2> <rtr-2>
@rtconfig configureRouter <inet-rtr-name>
@rtconfig importGroup <ASN-1> <peering-set-name>
@rtconfig exportGroup <ASN-1> <peering-set-name>
@rtconfig static2bgp <ASN-1> <rtr-1>
@rtconfig set sources = <source-list>
@rtconfig access_list filter <filter>
@rtconfig aspath_access_list filter <filter>
@rtconfig printPrefixes <format> filter <filter>
SANOG 23 : Thiphu, BhutanbdNOG Page 51
IRR Toolset, RPSL: rtconfig(Contd)
@rtconfig printPrefixRanges <format> filter <filter>
@rtconfig printSuperPrefixRanges <format> filter <filter>
SANOG 23 : Thiphu, BhutanbdNOG Page 52
IRR Toolset, RPSL: rtconfig(Contd)
Cisco Specific
@rtconfig set cisco_map_name = <map-name>
@rtconfig set cisco_map_first_no = <no>
@rtconfig set cisco_map_increment_by = <no>
@rtconfig set cisco_prefix_acl_no = <no>
@rtconfig set cisco_aspath_acl_no = <no>
@rtconfig set cisco_pktfilter_acl_no = <no>
@rtconfig set cisco_community_acl_no = <no>
@rtconfig set cisco_access_list_no = <no>
@rtconfig set cisco_max_preference = <no>
@rtconfig networks <ASN-1>
@rtconfig inbound_pkt_filter <if-name> <ASN-1> <rtr-1> <ASN-
2> <rtr-2>
SANOG 23 : Thiphu, BhutanbdNOG Page 53
IRR Toolset, RPSL: rtconfig(Contd)
@rtconfig pkt_filter <if-name> <ASN-1> <rtr-1> <ASN-2> <rtr-
2>
@rtconfig outbound_pkt_filter <if-name> <ASN-1> <rtr-1>
<ASN-2> <rtr-2>
SANOG 23 : Thiphu, BhutanbdNOG Page 54
IRR Toolset, RPSL: rtconfig(Contd)
Junos Specific
@rtconfig set junos_policy_name = <policy-name>
@rtconfig networks <ASN-1>
SANOG 23 : Thiphu, BhutanbdNOG Page 55
IRR Toolset, RPSL: rtconfig Input File(Provision)
router bgp 131208
neighbor 103.4.108.54 remote-as 58682
neighbor 103.4.108.54 version 4
!
# Earth Communication Ltd
@RtConfig set cisco_access_list_no = 500
@RtConfig set cisco_map_name = "AS58715-IN"
@RtConfig import AS131208 103.4.108.62 AS58715 103.4.108.61
@RtConfig set cisco_access_list_no = 599
@RtConfig set cisco_map_name = "ANY"
@RtConfig export AS131208 103.4.108.62 AS58715 103.4.108.61
!
# BDHub Ltd
@RtConfig set cisco_access_list_no = 501
@RtConfig set cisco_map_name = "AS58656-IN"
@RtConfig import AS131208 103.4.108.94 AS58656 103.4.108.93
@RtConfig set cisco_access_list_no = 599
@RtConfig set cisco_map_name = "ANY"
@RtConfig export AS131208 103.4.108.94 AS58656 103.4.108.93
!
end
SANOG 23 : Thiphu, BhutanbdNOG Page 56
IRR Toolset, RPSL: rtconfig Input File(Output)
Live Demonstration. Output is attached as Provision1.txt
SANOG 23 : Thiphu, BhutanbdNOG Page 57
IRR Toolset, RPSL: Daily Changes
For automated processing we concentrate on :
- AS-SET
Changes in AS-SET requires the following configuration
changes:
- Prefix-list
- AS-PATH access list
SANOG 23 : Thiphu, BhutanbdNOG Page 58
IRR Toolset, RPSL: rtconfig Input File(Changes)
# Earth Communication Ltd
@RtConfig set cisco_access_list_no = 500
@RtConfig aspath_access_list filter <^AS58715+ AS-58715*$>
@RtConfig access_list filter AS-58715
# BDHub Ltd
@RtConfig set cisco_access_list_no = 501
@RtConfig aspath_access_list filter <^AS58656+ AS-BDHUB*$>
@RtConfig access_list filter AS-BDHUB
!
end
SANOG 23 : Thiphu, BhutanbdNOG Page 59
IRR Toolset, RPSL: rtconfig Input File(Output)
Live Demonstration. Output is attached as
changes1.txt.
SANOG 23 : Thiphu, BhutanbdNOG Page 60
IRR Toolset, RPSL: Uploading Configuration
Various ways to upload configuration:
- SNMP Write
- NETCONF XML Based
- Automated Script using expect
SANOG 23 : Thiphu, BhutanbdNOG Page 61
IRR Toolset, RPSL: SNMP Write
Cons
- Secured only while SNMPv3 is used
- Uses UDP
- Long Running Process
- Non-Standard MIB
- Tough to integrate with rtconfig
SANOG 23 : Thiphu, BhutanbdNOG Page 62
IRR Toolset, RPSL: NETCONF
Cons
- Works good with so many routers
- Overkill for a small number of routers
- Needs detailed concept of XML and how it works
- Not for the faint hearted
- Need detailed idea of Yang too
SANOG 23 : Thiphu, BhutanbdNOG Page 63
IRR Toolset, RPSL: Expect
Expect is a tool for automating interactive applications such
as telnet, ftp, passwd, fsck, rlogin, tip, etc.
Pros
- Good for automating tasks that prompts for information
- Easy to understand
- Used for automatic Testing
Cons
- Keeps login credentials inside script
- Wrong file permission can be fatal
SANOG 23 : Thiphu, BhutanbdNOG Page 64
IRR Toolset, RPSL: Script for Configuration
#!/usr/local/bin/expect
set timeout 500
set hostname "dhk-agg-rtr01.1asiacom.net"
set file [open changes1.txt r]
set username “rtconfig"
set password "yovHyWer@lijZashexyuefs7"
while {![eof $file]} {
set buffer [read $file 10240000]
}
spawn ssh -2 -l $username $hostname
expect "assword:" {
send "$passwordn"
}
SANOG 23 : Thiphu, BhutanbdNOG Page 65
IRR Toolset, RPSL: Script for Configuration
expect "DHK-AGG-RTR01#" {
send "conf tn"
expect "(config)#" {
foreach line [split $buffer "n"] {
send "$linen“ }
expect "(config)#" {
send "commitn"
expect "(config)#" {
send "exitn“ }
}
}
}
expect "DHK-AGG-RTR01#" {
send "exitn"
}
close $spawn_id
SANOG 23 : Thiphu, BhutanbdNOG Page 66
IRR Toolset, RPSL: Further Reading
 RFC-2622: Routing Policy Specification Language
 RFC-2725: Routing Policy System Security
 RFC-2650: Using RPSL in Practice
 RFC-4012: Routing Policy Specification Language next generation
(RPSLng)
 RFC-2726: PGP Authentication for RIPE Database Updates
 RFC-2769: Routing Policy System Replication
SANOG 23 : Thiphu, BhutanbdNOG Page 67
IRR Toolset, RPSL: Questions
Contact
person: Muhammad Moinur Rahman
address: The Alliance Building. (6th Floor),
address: 63 Pragati Sharani, Baridhara,
country: BD
phone: +8801977881132
e-mail: moin@1asia-ahl.com
nic-hdl: MMR13-AP
notify: moin@1asia-ahl.com
mnt-by: MAINT-BD-1ASIAAHL
changed: moin@1asia-ahl.com 20121128
source: APNIC

More Related Content

What's hot

3GPP F1インターフェース(TS38.470-f50)の概要
3GPP F1インターフェース(TS38.470-f50)の概要3GPP F1インターフェース(TS38.470-f50)の概要
3GPP F1インターフェース(TS38.470-f50)の概要Tetsuya Hasegawa
 
Cisco Wireless LAN Controller (WLC)
Cisco Wireless LAN Controller (WLC)Cisco Wireless LAN Controller (WLC)
Cisco Wireless LAN Controller (WLC)I Putu Hariyadi
 
Segment Routing
Segment RoutingSegment Routing
Segment RoutingAPNIC
 
Ccnp enterprise workbook v1.0 bgp zero to hero
Ccnp enterprise workbook v1.0 bgp zero to heroCcnp enterprise workbook v1.0 bgp zero to hero
Ccnp enterprise workbook v1.0 bgp zero to heroSagarR24
 
MPLS Deployment Chapter 1 - Basic
MPLS Deployment Chapter 1 - BasicMPLS Deployment Chapter 1 - Basic
MPLS Deployment Chapter 1 - BasicEricsson
 
Ether Channel High Speed Data Transmission
Ether Channel  High Speed Data TransmissionEther Channel  High Speed Data Transmission
Ether Channel High Speed Data TransmissionNetwax Lab
 
How to perform trouble shooting based on counters
How to perform trouble shooting based on countersHow to perform trouble shooting based on counters
How to perform trouble shooting based on countersAbdul Muin
 
CISCO Virtual Private LAN Service (VPLS) Technical Deployment Overview
CISCO Virtual Private LAN Service (VPLS) Technical Deployment OverviewCISCO Virtual Private LAN Service (VPLS) Technical Deployment Overview
CISCO Virtual Private LAN Service (VPLS) Technical Deployment OverviewAmeen Wayok
 
ospf routing protocol
ospf routing protocolospf routing protocol
ospf routing protocolAmeer Agel
 
MPLS in Mobile Backhaul
MPLS in Mobile BackhaulMPLS in Mobile Backhaul
MPLS in Mobile BackhaulScott Foster
 
Segment Routing Technology Deep Dive and Advanced Use Cases
Segment Routing Technology Deep Dive and Advanced Use CasesSegment Routing Technology Deep Dive and Advanced Use Cases
Segment Routing Technology Deep Dive and Advanced Use CasesCisco Canada
 
Ccnp workbook network bulls
Ccnp workbook network bullsCcnp workbook network bulls
Ccnp workbook network bullsSwapnil Kapate
 
CCNA Routing Fundamentals - EIGRP, OSPF and RIP
CCNA  Routing Fundamentals -  EIGRP, OSPF and RIPCCNA  Routing Fundamentals -  EIGRP, OSPF and RIP
CCNA Routing Fundamentals - EIGRP, OSPF and RIPsushmil123
 
SITE TO SITE IPSEC VPN TUNNEL B/W CISCO ROUTERS
SITE TO SITE IPSEC VPN TUNNEL B/W CISCO ROUTERSSITE TO SITE IPSEC VPN TUNNEL B/W CISCO ROUTERS
SITE TO SITE IPSEC VPN TUNNEL B/W CISCO ROUTERS NetProtocol Xpert
 

What's hot (20)

3GPP F1インターフェース(TS38.470-f50)の概要
3GPP F1インターフェース(TS38.470-f50)の概要3GPP F1インターフェース(TS38.470-f50)の概要
3GPP F1インターフェース(TS38.470-f50)の概要
 
Mpls Services
Mpls ServicesMpls Services
Mpls Services
 
Cisco Wireless LAN Controller (WLC)
Cisco Wireless LAN Controller (WLC)Cisco Wireless LAN Controller (WLC)
Cisco Wireless LAN Controller (WLC)
 
Segment Routing
Segment RoutingSegment Routing
Segment Routing
 
Ccnp enterprise workbook v1.0 bgp zero to hero
Ccnp enterprise workbook v1.0 bgp zero to heroCcnp enterprise workbook v1.0 bgp zero to hero
Ccnp enterprise workbook v1.0 bgp zero to hero
 
MPLS Deployment Chapter 1 - Basic
MPLS Deployment Chapter 1 - BasicMPLS Deployment Chapter 1 - Basic
MPLS Deployment Chapter 1 - Basic
 
Ether Channel High Speed Data Transmission
Ether Channel  High Speed Data TransmissionEther Channel  High Speed Data Transmission
Ether Channel High Speed Data Transmission
 
Mikrotik load balansing
Mikrotik load balansingMikrotik load balansing
Mikrotik load balansing
 
How to perform trouble shooting based on counters
How to perform trouble shooting based on countersHow to perform trouble shooting based on counters
How to perform trouble shooting based on counters
 
CISCO Virtual Private LAN Service (VPLS) Technical Deployment Overview
CISCO Virtual Private LAN Service (VPLS) Technical Deployment OverviewCISCO Virtual Private LAN Service (VPLS) Technical Deployment Overview
CISCO Virtual Private LAN Service (VPLS) Technical Deployment Overview
 
ospf routing protocol
ospf routing protocolospf routing protocol
ospf routing protocol
 
Bgp
BgpBgp
Bgp
 
MPLS in Mobile Backhaul
MPLS in Mobile BackhaulMPLS in Mobile Backhaul
MPLS in Mobile Backhaul
 
Segment Routing Technology Deep Dive and Advanced Use Cases
Segment Routing Technology Deep Dive and Advanced Use CasesSegment Routing Technology Deep Dive and Advanced Use Cases
Segment Routing Technology Deep Dive and Advanced Use Cases
 
Mpls
MplsMpls
Mpls
 
Spanning Tree Protocol Cheat Sheet
Spanning Tree Protocol Cheat SheetSpanning Tree Protocol Cheat Sheet
Spanning Tree Protocol Cheat Sheet
 
Ccnp workbook network bulls
Ccnp workbook network bullsCcnp workbook network bulls
Ccnp workbook network bulls
 
CCNA Routing Fundamentals - EIGRP, OSPF and RIP
CCNA  Routing Fundamentals -  EIGRP, OSPF and RIPCCNA  Routing Fundamentals -  EIGRP, OSPF and RIP
CCNA Routing Fundamentals - EIGRP, OSPF and RIP
 
Bgp tutorial for ISP
Bgp tutorial for ISPBgp tutorial for ISP
Bgp tutorial for ISP
 
SITE TO SITE IPSEC VPN TUNNEL B/W CISCO ROUTERS
SITE TO SITE IPSEC VPN TUNNEL B/W CISCO ROUTERSSITE TO SITE IPSEC VPN TUNNEL B/W CISCO ROUTERS
SITE TO SITE IPSEC VPN TUNNEL B/W CISCO ROUTERS
 

Viewers also liked

Internet Routing Registry Tutorial, by Nurul Islam Roman [APRICOT 2015]
Internet Routing Registry Tutorial, by Nurul Islam Roman [APRICOT 2015]Internet Routing Registry Tutorial, by Nurul Islam Roman [APRICOT 2015]
Internet Routing Registry Tutorial, by Nurul Islam Roman [APRICOT 2015]APNIC
 
Policy SIG (3) Agenda
Policy SIG (3) AgendaPolicy SIG (3) Agenda
Policy SIG (3) AgendaAPNIC
 
IPv6 Deployment in Bangladesh
IPv6 Deployment in BangladeshIPv6 Deployment in Bangladesh
IPv6 Deployment in BangladeshAPNIC
 
Bangladesh Cyber Security Status in Global Perspective
Bangladesh Cyber Security Status in Global PerspectiveBangladesh Cyber Security Status in Global Perspective
Bangladesh Cyber Security Status in Global PerspectiveFakrul Alam
 

Viewers also liked (20)

ICANN Security, Stability and Resiliency Plans & Framework
ICANN Security, Stability and Resiliency Plans & Framework ICANN Security, Stability and Resiliency Plans & Framework
ICANN Security, Stability and Resiliency Plans & Framework
 
Driver Distraction Management Using Sensor Data Cloud
Driver Distraction Management Using Sensor Data Cloud Driver Distraction Management Using Sensor Data Cloud
Driver Distraction Management Using Sensor Data Cloud
 
Internet Development Experiences and Lessons
Internet Development Experiences and Lessons Internet Development Experiences and Lessons
Internet Development Experiences and Lessons
 
Information Society Innovation Fund (ISIF) Showcase
Information Society Innovation Fund (ISIF) Showcase Information Society Innovation Fund (ISIF) Showcase
Information Society Innovation Fund (ISIF) Showcase
 
Internet Measurement Network
Internet Measurement Network Internet Measurement Network
Internet Measurement Network
 
Introductory Presentation of bdNOG
Introductory Presentation of bdNOGIntroductory Presentation of bdNOG
Introductory Presentation of bdNOG
 
Network Security Best Practice (BCP38 & 140)
Network Security Best Practice (BCP38 & 140) Network Security Best Practice (BCP38 & 140)
Network Security Best Practice (BCP38 & 140)
 
Engaging with Internet Society
Engaging with Internet SocietyEngaging with Internet Society
Engaging with Internet Society
 
Discovering and Participating at ICANN
Discovering and Participating at ICANNDiscovering and Participating at ICANN
Discovering and Participating at ICANN
 
IPv6 Deployment Status in Bangladesh
IPv6 Deployment Status in Bangladesh IPv6 Deployment Status in Bangladesh
IPv6 Deployment Status in Bangladesh
 
Application of local Internet content
Application of local Internet content Application of local Internet content
Application of local Internet content
 
Configuration Management in Ansible
Configuration Management in Ansible Configuration Management in Ansible
Configuration Management in Ansible
 
Fast Convergence in IP Network
Fast Convergence in IP Network Fast Convergence in IP Network
Fast Convergence in IP Network
 
Cyber Security law in Bangladesh
Cyber Security law in Bangladesh Cyber Security law in Bangladesh
Cyber Security law in Bangladesh
 
Distributed IP-PBX
Distributed IP-PBX Distributed IP-PBX
Distributed IP-PBX
 
History and Evolution of Bangladesh Internet
History and Evolution of Bangladesh Internet History and Evolution of Bangladesh Internet
History and Evolution of Bangladesh Internet
 
Internet Routing Registry Tutorial, by Nurul Islam Roman [APRICOT 2015]
Internet Routing Registry Tutorial, by Nurul Islam Roman [APRICOT 2015]Internet Routing Registry Tutorial, by Nurul Islam Roman [APRICOT 2015]
Internet Routing Registry Tutorial, by Nurul Islam Roman [APRICOT 2015]
 
Policy SIG (3) Agenda
Policy SIG (3) AgendaPolicy SIG (3) Agenda
Policy SIG (3) Agenda
 
IPv6 Deployment in Bangladesh
IPv6 Deployment in BangladeshIPv6 Deployment in Bangladesh
IPv6 Deployment in Bangladesh
 
Bangladesh Cyber Security Status in Global Perspective
Bangladesh Cyber Security Status in Global PerspectiveBangladesh Cyber Security Status in Global Perspective
Bangladesh Cyber Security Status in Global Perspective
 

Similar to IRR Toolset, RPSL

FIWARE Tech Summit - Stream Processing with Kurento Media Server
FIWARE Tech Summit - Stream Processing with Kurento Media ServerFIWARE Tech Summit - Stream Processing with Kurento Media Server
FIWARE Tech Summit - Stream Processing with Kurento Media ServerFIWARE
 
Securing Internet Routing: RPSL & RPKI
Securing Internet Routing: RPSL & RPKISecuring Internet Routing: RPSL & RPKI
Securing Internet Routing: RPSL & RPKIAPNIC
 
Linkmeup v076(2019-06).2
Linkmeup v076(2019-06).2Linkmeup v076(2019-06).2
Linkmeup v076(2019-06).2eucariot
 
Practical Graph Algorithms with Neo4j
Practical Graph Algorithms with Neo4jPractical Graph Algorithms with Neo4j
Practical Graph Algorithms with Neo4jjexp
 
P4_tutorial.pdf
P4_tutorial.pdfP4_tutorial.pdf
P4_tutorial.pdfPramodhN3
 
FIWARE Global Summit - Real-time Media Stream Processing Using Kurento
FIWARE Global Summit - Real-time Media Stream Processing Using KurentoFIWARE Global Summit - Real-time Media Stream Processing Using Kurento
FIWARE Global Summit - Real-time Media Stream Processing Using KurentoFIWARE
 
Postgres в основе вашего дата-центра, Bruce Momjian (EnterpriseDB)
Postgres в основе вашего дата-центра, Bruce Momjian (EnterpriseDB)Postgres в основе вашего дата-центра, Bruce Momjian (EnterpriseDB)
Postgres в основе вашего дата-центра, Bruce Momjian (EnterpriseDB)Ontico
 
IRR Tutorial and RPKI Demo
IRR Tutorial and RPKI DemoIRR Tutorial and RPKI Demo
IRR Tutorial and RPKI DemoAPNIC
 
Tech Talk - Konrad Gawda : P4 programming language
Tech Talk - Konrad Gawda : P4 programming languageTech Talk - Konrad Gawda : P4 programming language
Tech Talk - Konrad Gawda : P4 programming languageCodiLime
 
Using Data Queues in Modern Applications
Using Data Queues in Modern ApplicationsUsing Data Queues in Modern Applications
Using Data Queues in Modern ApplicationsCarsten Flensburg
 
Event-driven Network Automation and Orchestration
Event-driven Network Automation and OrchestrationEvent-driven Network Automation and Orchestration
Event-driven Network Automation and OrchestrationAPNIC
 
Navigating the YANGscape of network automation
Navigating the YANGscape of network automationNavigating the YANGscape of network automation
Navigating the YANGscape of network automationRoman Dodin
 
Monitoraggio del Traffico di Rete Usando Python ed ntop
Monitoraggio del Traffico di Rete Usando Python ed ntopMonitoraggio del Traffico di Rete Usando Python ed ntop
Monitoraggio del Traffico di Rete Usando Python ed ntopPyCon Italia
 
Python web conference 2022 apache pulsar development 101 with python (f li-...
Python web conference 2022   apache pulsar development 101 with python (f li-...Python web conference 2022   apache pulsar development 101 with python (f li-...
Python web conference 2022 apache pulsar development 101 with python (f li-...Timothy Spann
 
PHP applications/environments monitoring: APM & Pinba
PHP applications/environments monitoring: APM & PinbaPHP applications/environments monitoring: APM & Pinba
PHP applications/environments monitoring: APM & PinbaPatrick Allaert
 

Similar to IRR Toolset, RPSL (20)

IRR toolset with rpsl
IRR toolset with rpslIRR toolset with rpsl
IRR toolset with rpsl
 
RPSL and rpsltool
RPSL and rpsltoolRPSL and rpsltool
RPSL and rpsltool
 
Using Netconf/Yang with OpenDalight
Using Netconf/Yang with OpenDalightUsing Netconf/Yang with OpenDalight
Using Netconf/Yang with OpenDalight
 
FIWARE Tech Summit - Stream Processing with Kurento Media Server
FIWARE Tech Summit - Stream Processing with Kurento Media ServerFIWARE Tech Summit - Stream Processing with Kurento Media Server
FIWARE Tech Summit - Stream Processing with Kurento Media Server
 
Mulesoft lisbon_meetup_asyncapis
Mulesoft lisbon_meetup_asyncapisMulesoft lisbon_meetup_asyncapis
Mulesoft lisbon_meetup_asyncapis
 
Securing Internet Routing: RPSL & RPKI
Securing Internet Routing: RPSL & RPKISecuring Internet Routing: RPSL & RPKI
Securing Internet Routing: RPSL & RPKI
 
Linkmeup v076(2019-06).2
Linkmeup v076(2019-06).2Linkmeup v076(2019-06).2
Linkmeup v076(2019-06).2
 
Practical Graph Algorithms with Neo4j
Practical Graph Algorithms with Neo4jPractical Graph Algorithms with Neo4j
Practical Graph Algorithms with Neo4j
 
P4_tutorial.pdf
P4_tutorial.pdfP4_tutorial.pdf
P4_tutorial.pdf
 
FIWARE Global Summit - Real-time Media Stream Processing Using Kurento
FIWARE Global Summit - Real-time Media Stream Processing Using KurentoFIWARE Global Summit - Real-time Media Stream Processing Using Kurento
FIWARE Global Summit - Real-time Media Stream Processing Using Kurento
 
Postgres в основе вашего дата-центра, Bruce Momjian (EnterpriseDB)
Postgres в основе вашего дата-центра, Bruce Momjian (EnterpriseDB)Postgres в основе вашего дата-центра, Bruce Momjian (EnterpriseDB)
Postgres в основе вашего дата-центра, Bruce Momjian (EnterpriseDB)
 
IRR Tutorial and RPKI Demo
IRR Tutorial and RPKI DemoIRR Tutorial and RPKI Demo
IRR Tutorial and RPKI Demo
 
grpc-Malmo.pdf
grpc-Malmo.pdfgrpc-Malmo.pdf
grpc-Malmo.pdf
 
Tech Talk - Konrad Gawda : P4 programming language
Tech Talk - Konrad Gawda : P4 programming languageTech Talk - Konrad Gawda : P4 programming language
Tech Talk - Konrad Gawda : P4 programming language
 
Using Data Queues in Modern Applications
Using Data Queues in Modern ApplicationsUsing Data Queues in Modern Applications
Using Data Queues in Modern Applications
 
Event-driven Network Automation and Orchestration
Event-driven Network Automation and OrchestrationEvent-driven Network Automation and Orchestration
Event-driven Network Automation and Orchestration
 
Navigating the YANGscape of network automation
Navigating the YANGscape of network automationNavigating the YANGscape of network automation
Navigating the YANGscape of network automation
 
Monitoraggio del Traffico di Rete Usando Python ed ntop
Monitoraggio del Traffico di Rete Usando Python ed ntopMonitoraggio del Traffico di Rete Usando Python ed ntop
Monitoraggio del Traffico di Rete Usando Python ed ntop
 
Python web conference 2022 apache pulsar development 101 with python (f li-...
Python web conference 2022   apache pulsar development 101 with python (f li-...Python web conference 2022   apache pulsar development 101 with python (f li-...
Python web conference 2022 apache pulsar development 101 with python (f li-...
 
PHP applications/environments monitoring: APM & Pinba
PHP applications/environments monitoring: APM & PinbaPHP applications/environments monitoring: APM & Pinba
PHP applications/environments monitoring: APM & Pinba
 

More from Bangladesh Network Operators Group

Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and CephAccelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and CephBangladesh Network Operators Group
 
Contents Localization Initiatives to get better User Experience
Contents Localization Initiatives to get better User ExperienceContents Localization Initiatives to get better User Experience
Contents Localization Initiatives to get better User ExperienceBangladesh Network Operators Group
 
Re-define network visibility for capacity planning & forecasting with Grafana
Re-define network visibility for capacity planning & forecasting with GrafanaRe-define network visibility for capacity planning & forecasting with Grafana
Re-define network visibility for capacity planning & forecasting with GrafanaBangladesh Network Operators Group
 

More from Bangladesh Network Operators Group (20)

Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and CephAccelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
 
Recent IRR changes by Yoshinobu Matsuzaki, IIJ
Recent IRR changes by Yoshinobu Matsuzaki, IIJRecent IRR changes by Yoshinobu Matsuzaki, IIJ
Recent IRR changes by Yoshinobu Matsuzaki, IIJ
 
Fact Sheets : Network Status in Bangladesh
Fact Sheets : Network Status in BangladeshFact Sheets : Network Status in Bangladesh
Fact Sheets : Network Status in Bangladesh
 
AI Driven Wi-Fi for the Bottom of the Pyramid
AI Driven Wi-Fi for the Bottom of the PyramidAI Driven Wi-Fi for the Bottom of the Pyramid
AI Driven Wi-Fi for the Bottom of the Pyramid
 
IPv6 Security Overview by QS Tahmeed, APNIC RCT
IPv6 Security Overview by QS Tahmeed, APNIC RCTIPv6 Security Overview by QS Tahmeed, APNIC RCT
IPv6 Security Overview by QS Tahmeed, APNIC RCT
 
Network eWaste : Community role to manage end of life Product
Network eWaste : Community role to manage end of life ProductNetwork eWaste : Community role to manage end of life Product
Network eWaste : Community role to manage end of life Product
 
A plenarily integrated SIEM solution and it’s Deployment
A plenarily integrated SIEM solution and it’s DeploymentA plenarily integrated SIEM solution and it’s Deployment
A plenarily integrated SIEM solution and it’s Deployment
 
IPv6 Deployment in South Asia 2022
IPv6 Deployment in South Asia  2022IPv6 Deployment in South Asia  2022
IPv6 Deployment in South Asia 2022
 
Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)
 
RPKI Deployment Status in Bangladesh
RPKI Deployment Status in BangladeshRPKI Deployment Status in Bangladesh
RPKI Deployment Status in Bangladesh
 
An Overview about open UDP Services
An Overview about open UDP ServicesAn Overview about open UDP Services
An Overview about open UDP Services
 
12 Years in DNS Security As a Defender
12 Years in DNS Security As a Defender12 Years in DNS Security As a Defender
12 Years in DNS Security As a Defender
 
Contents Localization Initiatives to get better User Experience
Contents Localization Initiatives to get better User ExperienceContents Localization Initiatives to get better User Experience
Contents Localization Initiatives to get better User Experience
 
BdNOG-20220625-MT-v6.0.pptx
BdNOG-20220625-MT-v6.0.pptxBdNOG-20220625-MT-v6.0.pptx
BdNOG-20220625-MT-v6.0.pptx
 
Route Leak Prevension with BGP Community
Route Leak Prevension with BGP CommunityRoute Leak Prevension with BGP Community
Route Leak Prevension with BGP Community
 
Tale of a New Bangladeshi NIX
Tale of a New Bangladeshi NIXTale of a New Bangladeshi NIX
Tale of a New Bangladeshi NIX
 
MANRS for Network Operators
MANRS for Network OperatorsMANRS for Network Operators
MANRS for Network Operators
 
Re-define network visibility for capacity planning & forecasting with Grafana
Re-define network visibility for capacity planning & forecasting with GrafanaRe-define network visibility for capacity planning & forecasting with Grafana
Re-define network visibility for capacity planning & forecasting with Grafana
 
RPKI ROA updates
RPKI ROA updatesRPKI ROA updates
RPKI ROA updates
 
Blockchain Demystified
Blockchain DemystifiedBlockchain Demystified
Blockchain Demystified
 

Recently uploaded

A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)Christopher H Felton
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一Fs
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一z xss
 
SCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is prediSCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is predieusebiomeyer
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书zdzoqco
 
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxDyna Gilbert
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhimiss dipika
 
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书rnrncn29
 
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Excelmac1
 
Q4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptxQ4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptxeditsforyah
 
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书rnrncn29
 
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa494f574xmv
 
PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationPHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationLinaWolf1
 
Git and Github workshop GDSC MLRITM
Git and Github  workshop GDSC MLRITMGit and Github  workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMgdsc13
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Paul Calvano
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一Fs
 
Elevate Your Business with Our IT Expertise in New Orleans
Elevate Your Business with Our IT Expertise in New OrleansElevate Your Business with Our IT Expertise in New Orleans
Elevate Your Business with Our IT Expertise in New Orleanscorenetworkseo
 
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Sonam Pathan
 
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作ys8omjxb
 

Recently uploaded (20)

A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
 
SCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is prediSCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is predi
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
 
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptx
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhi
 
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
 
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...
 
Q4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptxQ4-1-Illustrating-Hypothesis-Testing.pptx
Q4-1-Illustrating-Hypothesis-Testing.pptx
 
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
 
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa
 
PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationPHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 Documentation
 
Git and Github workshop GDSC MLRITM
Git and Github  workshop GDSC MLRITMGit and Github  workshop GDSC MLRITM
Git and Github workshop GDSC MLRITM
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
 
Elevate Your Business with Our IT Expertise in New Orleans
Elevate Your Business with Our IT Expertise in New OrleansElevate Your Business with Our IT Expertise in New Orleans
Elevate Your Business with Our IT Expertise in New Orleans
 
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
 
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
 
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
 

IRR Toolset, RPSL

  • 1. RPSL with IRRToolSet bdNOG 1 14th May 2013, Dhaka, Bangladesh Muhammad Moinur Rahman, bdNOG
  • 2. SANOG 23 : Thiphu, BhutanbdNOG Page 2 IRR Toolset, RPSL: Introduction Tutorial - Do not think of bypassing the RFC Target audience - Knowledge of Internet Routing(specially BGP) - Familiar with any IRR Database - No need to know Internet Routing Registry Layout - Theory - Handson Lab using IRR Power Tools, Net:IRR, rpsltools and IRRToolSet
  • 3. SANOG 23 : Thiphu, BhutanbdNOG Page 3 Historical Context The basic concept of routing registries dates back to the 1980's and NSFNet A high-level policy based routing database (PRDB) was used to generate configs NSFNet regional networks were required to submit Network Announcement Change Requests (NACR) to update the PRDB NACR’s documented connected networks and their Autonomous System numbers
  • 4. SANOG 23 : Thiphu, BhutanbdNOG Page 4 Historical Context (Early European Works) RIPE – Reseaux IP Europeens Formed in 1989 to coordinate and promote IP networking in Europe Developed a registry for allocation of IP addresses and Autonomous System numbers in Europe (first RIR) No routing policy support initially
  • 5. SANOG 23 : Thiphu, BhutanbdNOG Page 5 Historical Context (RIPE) RIPE-81 document was published in Feb, 1993 - extended the RIPE address registry to include basic routing policy information Added ability to specify an Autonomous System number for an IP address allocation Also allowed the expression of Autonomous System relationships
  • 6. SANOG 23 : Thiphu, BhutanbdNOG Page 6 Historical Context (RIPE-181) RIPE-181 (RIPE-81++) document was published in Oct, 1994 Introduced concept of object classes Separated routing policy information from IP address allocation information with introduction of the “route” object Extended Autonomous System policy expression functionality Also adopted a mechanism for grouping Autonomous Systems with the “as-macro”
  • 7. SANOG 23 : Thiphu, BhutanbdNOG Page 7 Historical Context (RPSL) In March 1995, the RIPE-181 standard was accepted as an IETF informational document – RFC-1786 IETF created the Routing Policy System Working Group to revise and standardize the language under the auspices of the IETF Result was known as the Routing Policy Specification Language (RPSL)
  • 8. SANOG 23 : Thiphu, BhutanbdNOG Page 8 Historical Context (RFC-2622) RFC 2622 was released in June, 1999 and formally defined RPSL standard Based on the RIPE-181 standard - Significantly extended the functionality of the aut-num object - route object also extended - as-macro became as-set object - Added a number of new object types - Included a dictionary based extension mechanism
  • 9. SANOG 23 : Thiphu, BhutanbdNOG Page 9 Historical Context (RFC-2622 New Objects) as-set route-set filter-set rtr-set peering-set inet-rtr mntner, role, and person objects for authentication and contact information
  • 10. SANOG 23 : Thiphu, BhutanbdNOG Page 10 Historical Context (RFC-4012 RPSLng)  IPv6 and multicast support  Address Family Identifier(afi i.e, ipv4 and ipv6)  MPBGP added in protocol Dictionary  RPSL types ipv6-address, ipv6-address-prefix and ipv6- address-prefix- range added  Policy Attribute mp-import, mp-export and mp-default added  Class route6 added  route-set class now supports both IPv4 and IPv6 mp- members  peering-set supports mp-peering attribute  rtr-set class supports both IPv4 and IPv6
  • 11. SANOG 23 : Thiphu, BhutanbdNOG Page 11 Routing Policy Specification Language(RPSL) Object-based language - route, autonomous system, router, contact and set objects Defines the syntax, semantics and format of data in IRR Vendor independent Extensible IETF Proposed Standard (RFC2622) later superseded by RPSLng (RFC4012) Based on RIPE-181 (RFC 1786)
  • 12. SANOG 23 : Thiphu, BhutanbdNOG Page 12 RPSL Basics Each object type (class) contains mandatory and optional attributes All objects must have these attributes - mnt-by: identifies mntner object that controls the object - changed: lists email and time of change - source: identifies the registry name where the object is located
  • 13. SANOG 23 : Thiphu, BhutanbdNOG Page 13 mntner Object Mntner is an abbreviation of maintainer Identifies accounts in the registry Maintainer objects used for authentication Specifies authentication mechanism in the “auth” attribute - CRYPT-PW or MD5-PW - password auth - PGP-KEY – PGP/GPG based auth - MAIL-FROM – email based auth - NONE
  • 14. SANOG 23 : Thiphu, BhutanbdNOG Page 14 mntner Object mntner: [mandatory] [single] [primary/look-up key] descr: [mandatory] [multiple] admin-c: [mandatory] [multiple] [inverse key] tech-c: [optional] [multiple] [inverse key] upd-to: [mandatory] [multiple] [inverse key] mnt-nfy: [optional] [multiple] [inverse key] auth: [mandatory] [multiple] remarks: [optional] [multiple] notify: [optional] [multiple] [inverse key] mnt-by: [mandatory] [multiple] [inverse key] changed: [mandatory] [multiple] source: [mandatory] [single]
  • 15. SANOG 23 : Thiphu, BhutanbdNOG Page 15 mntner Object Example mntner: MAINT-BD-1ASIAAHL descr: 1Asia Alliance Communication Ltd country: BD admin-c: MMR13-AP upd-to: hostmaster@1asia-ahl.com mnt-by: MAINT-BD-1ASIAAHL auth: # Filtered referral-by: APNIC-HM changed: moin@1asia-ahl.com 20121127 source: APNIC
  • 16. SANOG 23 : Thiphu, BhutanbdNOG Page 16 route/route6 Object Defines a CIDR prefix and origin AS Most common type of object found in routing registries Used by a number of ISP's to generate filters on their customer BGP sessions - Customers must register all routes in order for their ISP to route them - Allows automation of adding new prefixes
  • 17. SANOG 23 : Thiphu, BhutanbdNOG Page 17 route/route6 object and keys  Every RPSL class has a primary “key”  For most classes, it is simply the main class attribute value  For example, the mntner class uses the mntner attribute value as the key  However, route objects use both route and origin fields as the primary key  There can be multiple objects for the same prefix with different origins  This is by design - Multi-origin multi-homing - When changing to a new origin AS, want routes for both until switched  However, also many cases of multiples due to stale routes not being cleaned
  • 18. SANOG 23 : Thiphu, BhutanbdNOG Page 18 route/route6 Object Format route: [mandatory] [single] [primary/look-up key] descr: [mandatory] [multiple] origin: [mandatory] [single] [primary/inverse key] withdrawn: [optional] [single] member-of: [optional] [single] [inverse key] inject: [optional] [multiple] components: [optional] [single] aggr-bndry: [optional] [single] [inverse key] aggr-mtd: [optional] [single] export-comps: [optional] [single] holes: [optional] [single] remarks: [optional] [multiple] cross-nfy: [optional] [multiple] [inverse key] cross-mnt: [optional] [multiple] [inverse key] notify: [optional] [multiple] [inverse key] mnt-by: [mandatory] [multiple] [inverse key] changed: [mandatory] [multiple] source: [mandatory] [single]
  • 19. SANOG 23 : Thiphu, BhutanbdNOG Page 19 route/route6 Object Example route: 182.16.140.0/22 descr: 1Asia Communication Pte Ltd origin: AS10102 mnt-lower: MAINT-BD-1ASIAAHL mnt-routes: MAINT-BD-1ASIAAHL mnt-by: MAINT-BD-1ASIAAHL changed: moin@1asia-ahl.com 20121209 source: APNIC
  • 20. SANOG 23 : Thiphu, BhutanbdNOG Page 20 aut-num Object Defines routing policy for an AS Uses mp-import: and mp-export: attributes to specify policy Can be used for highly detailed policy descriptions and automated config generation Can reference other registry objects such as - as-sets - route-sets - filter-sets
  • 21. SANOG 23 : Thiphu, BhutanbdNOG Page 21 aut-num Object Format aut-num: [mandatory] [single] [primary/look-up key] as-name: [mandatory] [single] descr: [mandatory] [multiple] member-of: [optional] [single] [inverse key] import: [optional] [multiple] [inverse key] export: [optional] [multiple] [inverse key] default: [optional] [multiple] [inverse key] admin-c: [mandatory] [multiple] [inverse key] tech-c: [mandatory] [multiple] [inverse key] remarks: [optional] [multiple] cross-nfy: [optional] [multiple] [inverse key] cross-mnt: [optional] [multiple] [inverse key] notify: [optional] [multiple] [inverse key] mnt-by: [mandatory] [multiple] [inverse key] changed: [mandatory] [multiple] source: [mandatory] [single]
  • 22. SANOG 23 : Thiphu, BhutanbdNOG Page 22 aut-num Object Example aut-num: AS10102 as-name: SG-1ASIACOM-AS-AP descr: 1Asia Communication Pte Ltd descr: 151 Chin Swee Road descr: 14-01 Manhattan House country: SG admin-c: SHC12-AP tech-c: MMR13-AP mnt-by: MAINT-SG-1ASIACOM-SG mnt-routes: MAINT-SG-1ASIACOM-SG mnt-irt: IRT-SG-1ASIACOM-SG changed: hm-changed@apnic.net 20100428 changed: hm-changed@apnic.net 20121116 source: APNIC
  • 23. SANOG 23 : Thiphu, BhutanbdNOG Page 23 as-set Object Provides a way of grouping AS'es Name must begin with prefix “AS-” or in the format - AS<NUM>:AS-CUSTOMERS - AS<NUM>:AS-PEERS Frequently used to list downstream/customer AS numbers Maybe referenced in aut-num import/export policy expressions Can reference other as-set's
  • 24. SANOG 23 : Thiphu, BhutanbdNOG Page 24 route-set Object Defines a set of routes prefixes Name must begin with prefix “RS-” or in the format ASNUM:RS-<ORGANIZATION> Can reference other route-sets Can also reference AS's or as-set's - In this case, the route-set will include all route object prefixes which have an origin which matches the AS numbers
  • 25. SANOG 23 : Thiphu, BhutanbdNOG Page 25 route-set Object Format route-set: [mandatory] [single] [primary/look-up key] descr: [mandatory] [multiple] members: [optional] [single] mbrs-by-ref:[optional] [single] remarks: [optional] [multiple] tech-c: [mandatory] [multiple] [inverse key] admin-c: [mandatory] [multiple] [inverse key] notify: [optional] [multiple] [inverse key] mnt-by: [mandatory] [multiple] [inverse key] changed: [mandatory] [multiple] source: [mandatory] [single]
  • 26. SANOG 23 : Thiphu, BhutanbdNOG Page 26 route-set Object Example route-set: AS10102:RS-1ASIA descr: Routes announced across Peers members: 103.4.108.0/22,182.16.140.0/22 tech-c: MMR13-AP admin-c: MMR13-AP mnt-by: MAINT-BD-1ASIAAHL changed: moin@1asia-ahl.com 20140129 source: APNIC
  • 27. SANOG 23 : Thiphu, BhutanbdNOG Page 27 filter-set Object  Defines a set of routes that are matched by a filter expression  Similar in concept to route-set's  Name must begin with prefix “fltr-”
  • 28. SANOG 23 : Thiphu, BhutanbdNOG Page 28 The IRR(internet Routing Registry)  Concept of “the” Internet Routing Registry system established in 1995  Shares information regarding production Internet Routing Registries  Web site at http://www.irr.net  Initially RIPE-181 format, shifted to RPSL  Mirror Routing Registry data in a common repository for simplified queries  The IRR currently consists of roughly 35 operational registries  Registries operators - Regional Internet Registers (RIR’s), such as ARIN, RIPE, and APNIC - ISP’s - SAVVIS, NTT, Level3 - Non-affiliated public registries – RADB and ALTDB
  • 29. SANOG 23 : Thiphu, BhutanbdNOG Page 29 RADB Routing Registry  The RADB launched in 1995 as part of NSFNet funded Routing Arbiter project  The Routing Arbiter project was intended to ease transition from the NSFNet to the commercial Internet  Registry was used to configure Route Servers located at designated Network Access Points (NAP’s) located in Chicago, Washington, New York, and San Francisco  RADB transitioned from public NSFNet funding to fee-based model in 1999  Re-branded Routing Assets Database in 2002 – http://www.radb.net  The registry can be queried at website and via whois at whois.radb.net  This server also mirrors the other registries in the IRR as documented at www.irr.net
  • 30. SANOG 23 : Thiphu, BhutanbdNOG Page 30 Why Register?  Document routing policy  In particular, register route objects to associate network prefixes with origin AS  A number of transit providers require their customers to register routes and filter customer route announcements based on registry contents  Filters unauthorized announcements to prevent route hijacking, denial of service
  • 31. SANOG 23 : Thiphu, BhutanbdNOG Page 31 Incidents  BGP->RIP->BGP injection  128/7 leak  bogon 0/0, 10/8 leaks  Daily, someone is leaking somelse’s prefix.
  • 32. SANOG 23 : Thiphu, BhutanbdNOG Page 32 Common IRR query flags  IRR's support a number flag options  -i flag performs inverse query - “-i origin AS10102” returns all route objects with an origin of AS10102 - “-i mnt-by MAINT-AS10102” returns all routes maintained by MAINT-AS10102  -M flag returns more specific route objects for a prefix - “-M 27.0.8.0/22” returns all more specific route objects in the 27.0.8.0/22 prefix  -s flag limits number of sources queried - May not want to query all 30+ IRR db's - example, “-s RADB,RIPE”  -K flag – return primary keys only - Useful for route object queries, excludes extraneous fields not needed for policy - Often used by tools
  • 33. SANOG 23 : Thiphu, BhutanbdNOG Page 33 Advanced IRR queries IRRd provides the ability to perform server side set expansions (as-set and route-set) This is done with the “!i” query - “!iAS-ESNETUS” returns members of ASESNETUS as-set object Add a “,1” for a recursive expansions - “!iAS-ESNETUS,1” will recurse any as-set members and return individual as-members - Reduces number of queries to server
  • 34. SANOG 23 : Thiphu, BhutanbdNOG Page 34 Advanced RPSL – aut-num The aut-num object can be used to express an Autonomous System’s routing policy and peering information Powerful structured syntax allows for complex policy expressions Some operators drive their network configuration off of their RPSL data Others simply use it to document AS relationships in a public manner
  • 35. SANOG 23 : Thiphu, BhutanbdNOG Page 35 RPSL Tools Several tools have been developed to facilitate the use of RPSL registry data in the configuration of networks Tools range from sophisticated and powerful to simple and limited Use the IRR by querying over the whois protocol Some ISP’s use in-house developed tools which process RPSL database files directly
  • 36. SANOG 23 : Thiphu, BhutanbdNOG Page 36 Tools of trade for RPSL IRRToolSet NET::IRR - Perl module supporting basic IRR queries IRR Power Tools - IRR based router configuration – PHP + CVS Rpsltool – generates cisco configs - Perl
  • 37. SANOG 23 : Thiphu, BhutanbdNOG Page 37 Tools of trade for RPSL IRRToolSet NET::IRR - Perl module supporting basic IRR queries IRR Power Tools - IRR based router configuration – PHP + CVS Rpsltool – generates cisco configs - Perl
  • 38. SANOG 23 : Thiphu, BhutanbdNOG Page 38 IRRToolSet Based on original RAToolSet used in NSF Routing Arbiter project Written in C++ and now maintainer by ISC rtconfig tool uses templates to generate router configs from IRR data Other provided tools include - peval – low level policy evaluation tools - rpslcheck – verfies RPSL syntax of objects Death of IRRToolSet?? Revamped by ISC, yet complex to configure
  • 39. SANOG 23 : Thiphu, BhutanbdNOG Page 39 Net::IRR Perl CPAN module Provide several useful Perl functions - get_routes_by_origin - get_ipv6_routes_by origin - get_as_set - get_route_set - route_search
  • 40. SANOG 23 : Thiphu, BhutanbdNOG Page 40 IRR Power Tools PHP based toolset - http://sourceforge.net/projects/irrpt Allows ISP to easily track, manage and utilize IRR data Performs tracking with CVS Can email notifications of updates irrpt_pfxgen script can generate router configs in Cisco/Foundry, Juniper, Extreme, and Force10 formats
  • 41. SANOG 23 : Thiphu, BhutanbdNOG Page 41 Routing Registry Futures RPKI(Resource Public Key Infrastructure) work will likely have impact on routing registry usage APNIC along with RIPE has already designed the portal for RPKI usage Latest subset of IRRToolSet has added support for integrating RPKI along with RPSL
  • 42. SANOG 23 : Thiphu, BhutanbdNOG Page 42 Feeling sorry for being here ..  Don’t be .. Configuration part will make you thing life is really easy ..  Lets go for a Tea Break
  • 43. SANOG 23 : Thiphu, BhutanbdNOG Page 43 IRR Toolset, RPSL: Installation  Available in most Unix/Linux like OS  Basic Requirements for IRRToolset are as of following - GNU Make - GCC - flex - bison - libtool  Additional tools for autoconfiguration are as of following: - expect - cron
  • 44. SANOG 23 : Thiphu, BhutanbdNOG Page 44 IRR Toolset, RPSL: Installation – Get Source root@bofh:~ #wget ftp://ftp.isc.org/isc/IRRToolSet/IRRToolSet- 5.0.1/irrtoolset-5.0.1.tar.gz root@bofh:~ # tar –zxvf irrtoolset-5.0.1.tar.gz root@bofh:~ # cd irrtoolset-5.0.1
  • 45. SANOG 23 : Thiphu, BhutanbdNOG Page 45 IRR Toolset, RPSL: Installation – Build and Install root@bofh:~irrtoolset-5.0.1# ./configure root@bofh:~irrtoolset-5.0.1# make root@bofh:~irrtoolset-5.0.1# make install
  • 46. SANOG 23 : Thiphu, BhutanbdNOG Page 46 IRR Toolset, RPSL: RPSL Primer root@bofh:~ whois –h whois.apnic.net AS131208 #####snipped###### mp-import: afi any.unicast { from AS-ANY accept ANY AND NOT RS-MARTIANS; } refine { from AS-ANY action pref = 50; accept community.contains(131208:50); from AS-ANY action pref = 30; accept community.contains(131208:70); from AS-ANY action pref = 10; accept community.contains(131208:90); from AS-ANY action pref = 0; accept ANY; } refine afi ipv4.unicast {
  • 47. SANOG 23 : Thiphu, BhutanbdNOG Page 47 IRR Toolset, RPSL: RPSL Primer(Contd) from AS6453 66.110.0.126 at 103.4.109.254 action pref=10; community.append(131208:11000,131208:11010,131208:1101 1); accept ANY AND NOT RS-MARTIANS; from AS58715 103.4.108.62 at 103.4.108.61 action community.append(131208:41000,131208:41010,131208:41011); accept AS-58715^24 AND <^AS58715+ AS-58715*$>; from AS58656 103.4.108.94 at 103.4.108.93 action community.append(131208:41000,131208:41010,131208:41011); accept AS-BDHUB^24 AND <^AS58656+ AS-BDHUB*$>; from AS58657 103.4.108.178 at 103.4.108.177 action community.append(131208:41000,131208:41010,131208:41011); accept AS58657^24 AND <^AS58657+$>; from AS15169 27.0.9.10 at 27.0.9.9 action pref=5; community.append(131208:31000,131208:31020,131208:31021); accept AS15169^24 AND <^AS15169+ AS-GOOGLE*$>; } refine afi ipv6.unicast {
  • 48. SANOG 23 : Thiphu, BhutanbdNOG Page 48 IRR Toolset, RPSL: RPSL Primer(Contd) from AS6453 2001:5a0:2300:100::55 at 2001:5a0:2300:100::56 action pref=10; community.append(131208:11000,131208:11010,131208:11011); accept ANY AND NOT RS-MARTIANS; from AS15169 2404:a100:2000::11 at 2404:a100:2000::12 action pref=5; community.append(131208:31000,131208:31020,131208:31021); accept AS15169 AND <^AS15169+ AS-GOOGLE*$>; }
  • 49. SANOG 23 : Thiphu, BhutanbdNOG Page 49 IRR Toolset, RPSL: rtconfig Caveats - Hard to debug as debus message has no clue to original error - By default uses irrd whois server which none of the RIR’s uses except Merit RADB - For using with APNIC, RIPE etc RIR’s whois server we must change the protocol to bird(Original RIPE whois daemon)
  • 50. SANOG 23 : Thiphu, BhutanbdNOG Page 50 IRR Toolset, RPSL: rtconfig - Prompt based shell application - root@bofh:~# rtconfig –h whois.apnic.net –protocol bird rtconfig> Takes any of the following commands: @rtconfig import <ASN-1> <rtr-1> <ASN-2> <rtr-2> @rtconfig export <ASN-1> <rtr-1> <ASN-2> <rtr-2> @rtconfig configureRouter <inet-rtr-name> @rtconfig importGroup <ASN-1> <peering-set-name> @rtconfig exportGroup <ASN-1> <peering-set-name> @rtconfig static2bgp <ASN-1> <rtr-1> @rtconfig set sources = <source-list> @rtconfig access_list filter <filter> @rtconfig aspath_access_list filter <filter> @rtconfig printPrefixes <format> filter <filter>
  • 51. SANOG 23 : Thiphu, BhutanbdNOG Page 51 IRR Toolset, RPSL: rtconfig(Contd) @rtconfig printPrefixRanges <format> filter <filter> @rtconfig printSuperPrefixRanges <format> filter <filter>
  • 52. SANOG 23 : Thiphu, BhutanbdNOG Page 52 IRR Toolset, RPSL: rtconfig(Contd) Cisco Specific @rtconfig set cisco_map_name = <map-name> @rtconfig set cisco_map_first_no = <no> @rtconfig set cisco_map_increment_by = <no> @rtconfig set cisco_prefix_acl_no = <no> @rtconfig set cisco_aspath_acl_no = <no> @rtconfig set cisco_pktfilter_acl_no = <no> @rtconfig set cisco_community_acl_no = <no> @rtconfig set cisco_access_list_no = <no> @rtconfig set cisco_max_preference = <no> @rtconfig networks <ASN-1> @rtconfig inbound_pkt_filter <if-name> <ASN-1> <rtr-1> <ASN- 2> <rtr-2>
  • 53. SANOG 23 : Thiphu, BhutanbdNOG Page 53 IRR Toolset, RPSL: rtconfig(Contd) @rtconfig pkt_filter <if-name> <ASN-1> <rtr-1> <ASN-2> <rtr- 2> @rtconfig outbound_pkt_filter <if-name> <ASN-1> <rtr-1> <ASN-2> <rtr-2>
  • 54. SANOG 23 : Thiphu, BhutanbdNOG Page 54 IRR Toolset, RPSL: rtconfig(Contd) Junos Specific @rtconfig set junos_policy_name = <policy-name> @rtconfig networks <ASN-1>
  • 55. SANOG 23 : Thiphu, BhutanbdNOG Page 55 IRR Toolset, RPSL: rtconfig Input File(Provision) router bgp 131208 neighbor 103.4.108.54 remote-as 58682 neighbor 103.4.108.54 version 4 ! # Earth Communication Ltd @RtConfig set cisco_access_list_no = 500 @RtConfig set cisco_map_name = "AS58715-IN" @RtConfig import AS131208 103.4.108.62 AS58715 103.4.108.61 @RtConfig set cisco_access_list_no = 599 @RtConfig set cisco_map_name = "ANY" @RtConfig export AS131208 103.4.108.62 AS58715 103.4.108.61 ! # BDHub Ltd @RtConfig set cisco_access_list_no = 501 @RtConfig set cisco_map_name = "AS58656-IN" @RtConfig import AS131208 103.4.108.94 AS58656 103.4.108.93 @RtConfig set cisco_access_list_no = 599 @RtConfig set cisco_map_name = "ANY" @RtConfig export AS131208 103.4.108.94 AS58656 103.4.108.93 ! end
  • 56. SANOG 23 : Thiphu, BhutanbdNOG Page 56 IRR Toolset, RPSL: rtconfig Input File(Output) Live Demonstration. Output is attached as Provision1.txt
  • 57. SANOG 23 : Thiphu, BhutanbdNOG Page 57 IRR Toolset, RPSL: Daily Changes For automated processing we concentrate on : - AS-SET Changes in AS-SET requires the following configuration changes: - Prefix-list - AS-PATH access list
  • 58. SANOG 23 : Thiphu, BhutanbdNOG Page 58 IRR Toolset, RPSL: rtconfig Input File(Changes) # Earth Communication Ltd @RtConfig set cisco_access_list_no = 500 @RtConfig aspath_access_list filter <^AS58715+ AS-58715*$> @RtConfig access_list filter AS-58715 # BDHub Ltd @RtConfig set cisco_access_list_no = 501 @RtConfig aspath_access_list filter <^AS58656+ AS-BDHUB*$> @RtConfig access_list filter AS-BDHUB ! end
  • 59. SANOG 23 : Thiphu, BhutanbdNOG Page 59 IRR Toolset, RPSL: rtconfig Input File(Output) Live Demonstration. Output is attached as changes1.txt.
  • 60. SANOG 23 : Thiphu, BhutanbdNOG Page 60 IRR Toolset, RPSL: Uploading Configuration Various ways to upload configuration: - SNMP Write - NETCONF XML Based - Automated Script using expect
  • 61. SANOG 23 : Thiphu, BhutanbdNOG Page 61 IRR Toolset, RPSL: SNMP Write Cons - Secured only while SNMPv3 is used - Uses UDP - Long Running Process - Non-Standard MIB - Tough to integrate with rtconfig
  • 62. SANOG 23 : Thiphu, BhutanbdNOG Page 62 IRR Toolset, RPSL: NETCONF Cons - Works good with so many routers - Overkill for a small number of routers - Needs detailed concept of XML and how it works - Not for the faint hearted - Need detailed idea of Yang too
  • 63. SANOG 23 : Thiphu, BhutanbdNOG Page 63 IRR Toolset, RPSL: Expect Expect is a tool for automating interactive applications such as telnet, ftp, passwd, fsck, rlogin, tip, etc. Pros - Good for automating tasks that prompts for information - Easy to understand - Used for automatic Testing Cons - Keeps login credentials inside script - Wrong file permission can be fatal
  • 64. SANOG 23 : Thiphu, BhutanbdNOG Page 64 IRR Toolset, RPSL: Script for Configuration #!/usr/local/bin/expect set timeout 500 set hostname "dhk-agg-rtr01.1asiacom.net" set file [open changes1.txt r] set username “rtconfig" set password "yovHyWer@lijZashexyuefs7" while {![eof $file]} { set buffer [read $file 10240000] } spawn ssh -2 -l $username $hostname expect "assword:" { send "$passwordn" }
  • 65. SANOG 23 : Thiphu, BhutanbdNOG Page 65 IRR Toolset, RPSL: Script for Configuration expect "DHK-AGG-RTR01#" { send "conf tn" expect "(config)#" { foreach line [split $buffer "n"] { send "$linen“ } expect "(config)#" { send "commitn" expect "(config)#" { send "exitn“ } } } } expect "DHK-AGG-RTR01#" { send "exitn" } close $spawn_id
  • 66. SANOG 23 : Thiphu, BhutanbdNOG Page 66 IRR Toolset, RPSL: Further Reading  RFC-2622: Routing Policy Specification Language  RFC-2725: Routing Policy System Security  RFC-2650: Using RPSL in Practice  RFC-4012: Routing Policy Specification Language next generation (RPSLng)  RFC-2726: PGP Authentication for RIPE Database Updates  RFC-2769: Routing Policy System Replication
  • 67. SANOG 23 : Thiphu, BhutanbdNOG Page 67 IRR Toolset, RPSL: Questions Contact person: Muhammad Moinur Rahman address: The Alliance Building. (6th Floor), address: 63 Pragati Sharani, Baridhara, country: BD phone: +8801977881132 e-mail: moin@1asia-ahl.com nic-hdl: MMR13-AP notify: moin@1asia-ahl.com mnt-by: MAINT-BD-1ASIAAHL changed: moin@1asia-ahl.com 20121128 source: APNIC