Welcome to the Routing Registry HandsOn Course - PowerPoint PPT Presentation

1 / 123

About This Presentation

Title:

Welcome to the Routing Registry HandsOn Course

Description:

Looking-glass with History. Database with info about routes. over time ... Looking Glass (also for IPv6) RISreport. BGP Traffic Hot Spots. prefixes with high activity ... – PowerPoint PPT presentation

Number of Views:277

Avg rating:3.0/5.0

Slides: 124

Provided by: fer128

Category:

more less

Transcript and Presenter's Notes

Title: Welcome to the Routing Registry HandsOn Course

1
Welcome to the Routing RegistryHands-On Course

RIPE NCC

2
Schedule

RIPE and RIPE NCC
RIS
Documenting policy
RIPE Whois Database
RPSL Introduction
Specifying routing policies
RPSL in practice
Case study 1
AS-sets, grouping peers
Case study 2

RPSL in practice
AS-path filters, MEDs, route sets
Case study 3
Communities
Case study 4
Bogon filtering
RtConfig
Day to day usage
IRRToolSet
RRCC

3
RIPE and RIPE NCC

Réseaux IP Européens (1989)
Collaborative, open community for Internet
operators, administration and development
RIPE Network Coordination Centre (1992)
Independent not-for-profit membership
organisation
One of 5 Regional Internet Registries
Member services
Public services

4
RIPE NCC Services

Member services
Registration services
IPv4, IPv6
AS numbers
Training Courses
Test Traffic Measurements

Public Services
Giving Information
Reverse DNS
DISI
ENUM (e164.arpa)
K-root nameserver
RIPE Whois DB
RIS
RRCC

5
Summary

RIPE open community
RIPE NCC membership organisation
5 RIR regions

Questions?
6
Routing Information Service (RIS)
7
Looking-glass with History

Database with info about routes
over time
Route Collectors at several major IXes
Amsterdam, London, Paris, Geneva, Vienna, Tokio,
Stockholm, San Jose, Zurich, Milan, New York
370 peers (37 also IPv6)
Peering requests rispeering_at_ripe.net
Similar to routeviews
http//www.routeviews.org/

8
RIS Applications

Debugging
e.g. Checking why customer route was not
available
Verify local policies vs router setup gt correct
errors
Prefix distribution aggregation, correct filters
Analysis
Routing table convergence times route flaps
Comparing RR policies with actual announcements
More http//www.ripe.net/ris/analysis.html

9
Existing Tools

ASInUse / PrefixInUse
Last appearance of ASN/prefix in global routing
table
Search by AS / prefix
ASN / prefix activity during a particular time
interval
Looking Glass (also for IPv6)
RISreport
BGP Traffic Hot Spots
prefixes with high activity
RIS Martians
Raw data available on request

10
RISWhois

Quick summarised view of prefix visibility
Lists which route collectors see the prefix
Maps prefix to originating ASN
riswhois.ripe.net
route 212.3.64.0/19
origin AS8900
descr Global One Hungary Internet
upd-first 2003-11-29 2215Z 164.128.32.11_at_rrc09
upd-last 2003-12-04 1709Z 193.203.0.52_at_rrc05
seen-at rrc05,rrc09
source RISWHOIS

11
MyASn

Notification system for BGP
Monitors route propagation
Generates alerts based on user settings
GUI ( integration in LIRPortal)
User Accounts Super User, Administrator, User
Configuration Hold-down Time, Hold-down Event,
Time To Live
Alarm Events trigger alarm messages
Sign up http//www.ris.ripe.net/myasn.html

12
Summary

Looking glass with history
Global views of your prefixes
http//www.ripe.net/ris/

Questions?
13
Documenting Policy
14
Why Document Routing Policy?

Recreate your policy in case of loss of
hardware/administrators
Less downtime
Scaling
Troubleshooting

Q How do you document your routing policy?
15
Why Document in RPSL?

Abstract
Not vendor specific
Global view, not router specific
Well known
Tools available
router configuration
expertise built into tools

16
Why Document in IRR?

Required by some Transit Providers
Required by some Exchange Points
Allows peers to automatically update filters
For your announcements
Consistent information between neighbours
Good housekeeping

17
Why Document in RIPE DB?

Convenience
inetnums already there
aut-num already there
maintainer already there
person objects already there
Strong security
Its free!!!
Database most likely used by your peers

18
Summary

Document routing policy
Use RPSL
Use IRR

Questions?
19
RIPE Whois Database
20
RIPE Database the IRR

Public Network Management Database
Routing Registry - a subset of the RIPE DB
contains routing information
RIPE RR is part of the Internet Routing Registry
http//www.irr.net/
Distributed databases

21
DB Object Syntax
Attribute name
Attribute value
Comment (after )
person John Smith address Singel
258 Amsterdam phone 31 20 535 1234
9-17 CET nic-hdl JS1-RIPE changed
john_at_example.net 20030306 source RIPE
Continuation (line starts with white character)
22
Querying whois DB

Object types
Resource info
Contact info
Protection
Command-line client
Web interface
https//www.ripe.net/whois
Glimpse full text search
http//www.ripe.net/db/whois-free.html

23
Updating Objects

Updating creating, modifying, deleting
Web, sync, email
Mind the primary key!
Use new for creating objects
Add changed line
Ack, error warning messages returned

24
Protection of DB objects

mnt-by attribute refers to mntner object
Checked at every update
Password
CRYPT-PW, MD5-PW,
https//www.ripe.net/cgi-bin/cgicrypt.pl.cgi
Private key/Public key
PGPKEY-ltidgt key-cert object
X.509-ltidgt key-cert object
Multiple auth / mnt-by / mntner-s are OR-ed

25
Multiple Protection Illustrated
aut-num AS3003 mnt-by ONE-MNT mnt-by TWO-MNT
mntner TWO-MNT
mntner ONE-MNT
auth MD5-PW bla34bla.
auth CRYPT-PW bla34
auth PGPKEY-AE6FBBF7

In order to update the object AS3003, need to
have
Either the (crypt) password
Or the MD5 password
Or the PGP key
If you forget pwd write to ltripe-dbm_at_ripe.netgt

26
Hierarchical Authorisation
inetnum 10.0.0.0 - 10.255.255.255 mnt-lower
MNT1 mnt-by MNT2
inetnum 10.10.0.0 - 10.10.255.255 mnt-by MNT3
aut-num AS1234 mnt-by MNT1 mnt-by
MNT4 mnt-routes MNT3
27
TEST Database

Playground Database source TEST
whois h test-whois.ripe.net
mailto lttest-dbm_at_ripe.netgt
http//www.ripe.net/db/syncupdates/syncupdate-test
-minimal.html
http//www.ripe.net/webupdates-test
Differences from RIPE DB
Can create ASN objects automatically
Does not contain same info as operational RIPE DB

28
Summary

RIPE DB
Maintainers
Hierarchical authorisation

Questions?
29
Creating Contact Info Objects

Aut-Num object requires
Person object (contact details)
Maintainer (protection)
Exercises
Task 1 - Create unprotected person object
Task 2 - Create mntner Object
Task 3 - Protect your person object
Time 30

Exercises
30
RPSL Introduction
31
Routing Policy Specification Language

Object-oriented language
Structured whois DB objects
Describes routing policy
Routes, AS numbers
Relations between BGP peers
Established standard
Routing Policy Specification Language (RFC-2622)
Routing Policy System Security (RFC-2725)
Using RPSL in Practice (RFC-2650)

32
RPSLng

Adds IPv6 and multicast to RPSL
RFC 4012
new object ROUTE6
new attributes like "mp-import" and "mp-export"
RPSLng compliant
Ripe Whois DB
some IRRToolset tools (from 4.8.1)
peval
rpslcheck
RtConfig
This course does not cover RPSLng

33
Policy Expression

Aut-num
Lists neighbors (in import / export lines)
Defines filter rules for each neighbour
Defines route parameters modifications per prefix
Route object
Represents address range originating by ASN
Set objects
Grouping objects with similar policy / usage

34
aut-num Admin Details

aut-num AS9000
as-name John-Smith-Company-AS
descr Very Basic Object
import Policy Empty, for now
export Policy Empty, for now
default Policy Empty, for now
admin-c JS2-RRTEST
tech-c JS2-RRTEST
mnt-by john-smith-MNT
mnt-routes john-s-customer-mnt
changed j.smith_at_example.net 20050101
source RRTEST

35
Creating Route Objects

Route object primary key
Address range and origin ASN
Must pass multiple authentications
Originating ASN
AND the address space
AND the mntner of the route object itself

36
Creating Route Objects
inetnum 80.1.0.0 - 80.1.255.255 mnt-by
RIPE-NCC-HM-MNT mnt-routes LIR2-MNT
allocation
aut-num AS2 mnt-by LIR2-MNT
mntner LIR2-MNT auth MD5-PW bla
route 80.1.0.0/16 origin AS2 mnt-by LIR2-MNT
37
Summary

RPSL introduction
Aut-num object
Route object

Questions?
38
Creating RPSL Objects

To create a routing policy in RPSL you need
Aut-num object (place to put the policy)
Route object (prefix to announce)
Exercises
Task 1 - Create aut-num object (without policy)
Task 2 - Create route object
Time 15 mins

Exercises
39
Specifying Routing Policies Using RPSL
40
aut-num Policy Syntax
import from ltpeeringgt action ltactiongt
accept ltfiltergt export to ltpeeringgt
action ltactiongt announce ltfiltergt

ltpeeringgt ASN (or AS-set)
ltfiltergt set of prefixes (for example AS)
ltactiongt med, communities, pref

41
Controlling Outbound Traffic

import line determines outbound traffic
You decide who and how (filters)
RPSL pref different from local pref
lower pref more preferred
higher local pref more preferred
import from AS3
action pref100
accept ANY

42
Controlling Inbound Traffic

export line determines inbound traffic
You have less control
Control by make certain paths less interesting
Choose, then put filters in
AS path prepending
export to AS3
action aspath.prepend (AS1, AS1)
announce AS1

43
Filters

Prefix filters
Prefixes
Route sets lists of prefixes
AS all prefixes in DB with that origin AS
AS sets multiple ASs
AS-path filters
Regular expressions
Keywords ANY, PeerAS
Logical operators AND, OR, NOT

44
Building an Aut-num object
action aspath.prepend (AS1, AS1) announce AS1
import from AS2 action pref20 accept AS2
export to AS1 announce AS2
ANY
import from AS2 action pref200
accept ANY
45
Summary

Inbound traffic policy syntax
Outbound traffic policy syntax
Filters

Questions?
46
RPSL in Practice
47
RPSL in Practice

Case 1 - Multihoming
RPSL AS-sets, grouping peers
Case 2 - Simplifying policy
RPSL AS-path filters, MEDs, route sets
Case 3 - Multiple links, same peer
RPSL Communities
Case 4 - Communities
RPSL Bogon filtering

48
Case 1 - Multihoming
AS2001
AS1001
AS9001
Exercises
49
Scenario A

AS1001 is your upstream provider
AS2001 is a private peer
Exercise
Create RPSL policy reflecting this scenario
Put this policy in your aut-num object
Time 15 mins

50
Scenario B

AS1001 is your preferred upstream provider
AS2001 is your backup upstream provider
Exercise
Create RPSL policy reflecting this scenario
Put this policy in your aut-num object
Time 15 mins

51
Scenario C

AS1001 is your upstream provider
AS2001 is your upstream provider
Exercise
Create RPSL policy reflecting this scenario
Put this policy in your aut-num object
Time 15 mins

52
Scenario D

AS1001 is your upstream provider
AS2001 gives you transit
AND you give AS2001 transit
Exercise
Create RPSL policy reflecting this scenario
Put this policy in your aut-num object
Time 15 mins

53
Summary
Solutions in AS9001
Questions?
54
RPSL in Practice

AS-sets, grouping peers

55
Grouping peers

for multiple peers with same policy as-sets
as-sets can be used for
filters (from AS3 accept AS-BGP-PEERS)
grouping peers (to AS-CUSTOMERS announce ANY)
Special filter keyword PeerAS
makes simple import lines possible

56
as-set Objects

as-set objects for groups of aut-num-s
name starts with as- (as-customers)
or indicating origin (as1as-customers)
members ASN(s), or as-set(s)
direct
mbrs-by-ref mntner or ANY
indirect, any AS qualifying can put member-of
to include itself in the as-set

57
PeerAS
as-set AS4AS-CUSTOMERS members AS7, AS5, AS8
aut-num AS4 import from AS4AS-CUSTOMERS
accept PeerAS export to AS4AS-CUSTOMERS
announce ANY

PeerAS means
from AS7 accept AS7
from AS5 accept AS5
from AS8 accept AS8

58
Summary

As-sets
mbrs-by-ref, members
PeerAS

Questions?
59
Case 2 Simplifying Policy
AS1002
AS2002
AS9002
AS3002
AS4002
AS5002
AS7002
AS6002
Exercises
60
Scenario A

You have private peerings with
AS3002, AS4002, AS5002, AS6002, AS7002
Exercise
Create an AS-set for your peers
Create RPSL policy for this AS-set
Put this policy in your aut-num object
Time 15 mins

61
Scenario B

You have customers that prefer you as upstream
provider
AS3012, AS4012, AS5012, AS6012, AS7012
Exercise
Create an AS-set for your peers
Create RPSL policy for this AS-set
Put this policy in your aut-num object
Time 15 mins

62
Scenario C

You have multiple upstream providers
AS1002, AS2002
Exercise
Create an AS-set for your peers
Create RPSL policy for this AS-set
Put this policy in your aut-num object
Time 15 mins

63
Scenario D

You have customers that use you as backup
provider
AS3022, AS4022, AS5022, AS6022, AS7022
Exercise
Create an AS-set for your peers
Create RPSL policy for this AS-set
Put this policy in your aut-num object
Time 15 mins

64
Summary

Solutions in AS9002

Questions?
65
RPSL in Practice

AS-path filters, MEDs, Route-sets

66
Using AS Path Filters

To create AS-path filters, use regular
expressions in the filter rules in aut-num
Examples
import from AS4 accept ltAS4gt
paths starting with AS4
import from AS4 accept ltAS4gt
prefixes are originated in AS4 and
have paths composed of only AS4's

67
Regular Expression Elements
lt gt the beginning and the end of the regular
expression definition AS1 AS1 as-foo any AS
in as-foo X 0 or more occurrences of X X 1
or more occurrences of X X? 0 or 1 occurrence
of X beginning of path end of
path XY X or Y XY X followed by Y
68
Action MED

Multiple Exit Discriminator
differentiates between connections to same peer
doesnt go beyond immediate neighbour
local pref has precedence over MED
neighbour must honour your MED
so must not set pref

export to AS4 10.0.0.4 at
10.0.0.1 action med1000 announce AS1
69
route-set Objects

route-set objects for groups of prefixes
name starts with rs- rs-france
or indicating origin as1rs-france
members prefixes or route-sets
direct
mbrs-by-ref mntner or ANY
indirect, any route qualifying can put
member-of to include itself in the route-set

70
Summary

AS path filters
MED
Route-set

Questions?
71
Case 3 Multiple Links, Same Peer
AS1003
192.168.3.129
10.3.3.2
F
ES
10.3.3.3
AS9003
192.168.3.130
Exercises
72
Scenario A

You peer with AS1003 in Spain and France
AS1003 has route-sets differentiated per country
as1003rs-france
as1003rs-spain
Exercise
Create RPSL import policy for these peerings
Using the IP addresses of the routers
Using your peers route-sets
Honouring your peers MEDs
Put this policy in your aut-num object
Time 15 mins

73
Scenario B

You peer with AS1003 in Spain and France
AS1003 has route-sets differentiated per country
as1003rs-france
as1003rs-spain
Exercise
Create RPSL import policy for these peerings
Using the IP addresses of the routers
Using your peers route-sets
Not honouring your peers MEDs
Put this policy in your aut-num object
Time 15 mins

74
Scenario C

You peer with AS1003 in Spain and France
You have route-sets differentiated per country
rs-course-france
rs-course-spain
Exercise
Create RPSL export policy for these peerings
Using the IP addresses of the routers
Using your route-sets
Setting different MEDs for local and global
prefixes
Put this policy in your aut-num object
Time 15 mins

75
Summary

Solutions in AS9003

Questions?
76
RPSL in Practice

Communities

77
Communities

RFC-1997
BGP Communities Attribute
RFC-1998
An application of the BGP Community Attribute in
Multi-home Routing
Communities are optional tags
can go through many peers
Can be used for advanced filtering
Not a routing parameter!
(like as-path length, pref, MED, origin,
weight....)

78
Communities You

Enable customers to control their own policy
publish accepted communities
and what you do with them!
Filter incoming route announcements to match
Adds flexibility for your customer
Eases your workload
Doesnt interfere with other solutions

79
Example communities

Communities are set by ISP
random numbers
National prefixes 50
Customer prefixes 175
Premium customer prefixes 1111
Prefixes from a US peer 11
Will give high pref 19

80
Action Communities

To set a community

import from AS6 action community 1111
accept AS6

To append a community

import from AS2 action community.append(175)
accept AS2
import from AS8 action community . 11
accept ANY
81
Communities for filtering
import from AS2 accept AS2 AND community.co
ntains (21)
import from AS-ANY accept community(50)
import from AS-CUSTOMERS accept PeerAS
AND community.contains (19)
82
Communities for filtering

export to AS3
announce AS1AS-CUST AND
community 1111

export to AS1AS-PEERS announce
community.contains (175)
83
Summary

Communities
Using communities on import
Using communities on export

Questions?
84
Case 4 Communities
AS1004
AS2004
AS9004
AS3004
AS4004
AS5004
AS7004
AS6004
Exercises
85
Scenario A

You want to give your customers the option to
indicate to you that you are their preferred
upstream
You want to do this with communities
Exercise
Create RPSL import and export policy for these
peerings
Using communities to filter
Put this policy in your aut-num object
Time 15 mins

86
Scenario B

You want to give your customers the option to
indicate to you that you are their backup
upstream
You want to do this with communities
Exercise
Create RPSL import and export policy for these
peerings
Using communities to filter
Put this policy in your aut-num object
Time 15 mins

87
Scenario C

Upstreams AS1004 tags their routes with a
community so that you can distinguish between
routes from their EU and US upstreams
They also allow you to tag your routes with a
community that they will use to prepend 2 times
to either their EU or US upstreams
Exercise
Create RPSL import and export policy for peer
AS1004
prefer EU traffic
Put this policy in your aut-num object
Time 15 mins

88
Scenario D

Upstreams AS2004 tags their routes with a
community so that you can distinguish between
routes from their EU and US upstreams
They also allow you to tag your routes with a
community that they will use to prepend 2 times
to either their EU or US upstreams
Exercise
Create RPSL import and export policy for peer
AS2004
prefer US traffic
Put this policy in your aut-num object
Time 15 mins

89
Summary

Solutions in AS9004

Questions?
90
RPSL in Practice

Bogon Filtering

91
Security

Problems
Bogon address space used as source for spamming,
DDoS, probes
Leaking martians bogons due to
mis-configuration
Definitions
Martians reserved ranges (rfc-1918)
http//www.isi.edu/bmanning/dsua.html
Bogons un-allocated (reserved) address ranges
Secure BGP Template
www.cymru.com/Documents/secure-bgp-template.html

92
Applying bogon Filters

Q Do you filter out bogons? How?
RPSL add AND NOT fltr-bogons to all your
import and export attribute filter rules
aut-num AS1
import from AS1AS-CUSTOMERS accept
PeerAS AND NOT fltr-bogons
import from AS1AS-UPSTREAMS accept
ANY AND NOT fltr-bogons
export to AS1AS-CUSTOMERS announce
ANY AND NOT fltr-bogons
export to AS1AS-UPSTREAMS announce
AS1 AS1AS-CUSTOMERS AND NOT fltr-bogons

93
Example filter-set fltr-bogons

filter-set fltr-bogons
descr All bogon IPv4 prefixes.
filter fltr-unallocated OR fltr-martian
tech-c RTH32-ARIN
admin-c RTH32-ARIN
mnt-by MAINT-BOGON-FILTERS
changed radb_at_cymru.com 20040420
source RIPE
filter-set fltr-unallocated
filter 1.0.0.0/8, 2.0.0.0/8,

94
Outdated Bogon Filters

Bogon filters in place, but not kept up-to-date
Consequence new networks unreachable
Solutions
Use fltr-bogons
Check for RIR announcements of new /8 blocks
Use a bogon route server

95
Summary

Keep your bogon filters up-to-date!
Use filter-set objects
Add AND NOT fltr-bogons

Questions?
96
RtConfig
97
Router Configuration

RtConfig reads policy from the IRR
Generates parts of the router configuration file
Creates access list, route-map and AS path
filters
Vendor specific
You need to use other scripts (built around it)!
One of the tools in the IRRToolSet

98
RtConfig RR Integration
RPSL DB Objects (routing policy)
Commands in the Template/Input File
RtConfig
Flags, Env_Var
(Partial) Router Configuration
99
Environment Variables

IRR_HOST
Whois server to connect to
IRR_PORT
Whois server port number
IRR_SOURCES
List of DBs to search
Used by all IRRToolset tools
Command line options take precedence
some are needed!

100
Command Line Options

config ltconfig-formatgt
cisco, junos, bcc, gated, rsd
-protocol ltprotocolgt
irrd(rawhoisd), ripe(bird), and ripe_perl
default does not work with the RIPE Whois DB!
-T whois_query whois_response input all
Trace useful for debugging
-ignore_errors
useful when sending output to router

101
Martian Filtering

-supress_martian
only for cisco config
will deny the following routes
host 0.0.0.0 any
127.0.0.0 0.255.255.255 255.0.0.0
0.255.255.255
10.0.0.0 0.255.255.255 255.0.0.0
0.255.255.255
172.16.0.0 0.15.255.255 255.240.0.0
0.15.255.255
192.168.0.0 0.0.255.255 255.255.0.0
0.0.255.255
192.0.2.0 0.0.0.255 255.255.255.0
0.0.0.255
128.0.0.0 0.0.255.255 255.255.0.0
0.0.255.255
191.255.0.0 0.0.255.255 255.255.0.0
0.0.255.255
192.0.0.0 0.0.0.255 255.255.255.0
0.0.0.255
223.255.255.0 0.0.0.255 255.255.255.0
0.0.0.255
224.0.0.0 31.255.255.255 224.0.0.0
31.255.255.255
any 255.255.255.128 0.0.0.127

102
Command Line Options

There are many more!
check man page
Easiest option make an alias
On server
rt'RtConfig -h localhost -p 43 -s RRTEST
-protocol ripe -cisco_use_prefix_lists

103
RtConfig commands

All commands start with _at_RtConfig
man page lists all commands
_at_RtConfig access_list filter AS2
no ip prefix-list pl100
ip prefix-list pl100 permit 10.20.0.0/20
ip prefix-list pl100 deny 0.0.0.0/0 le 32
_at_RtConfig set cisco_map_name "ASd-EXPORT-d
First d replaced by peers ASN
Second d incremented
_at_RtConfig set junos_policy_name
"ASd-EXPORT-d
Juniper version of same

104
Template Files

Template files make scripting easy
Use separate template for each router
Template file contents
import/export commands
comments
extra settings
map names/max pref/etc...

105
Example Template File

! setting up the Max_Preference to 100
_at_RtConfig set cisco_max_preference 100
send community
!
! Peering with OTHERCOMPANY (AS2)
_at_RtConfig set cisco_map_name "ASd-IMPORT-d"
_at_RtConfig import AS1 10.0.0.1 AS2 10.0.0.2
!
_at_RtConfig set cisco_map_name "ASd-EXPORT-d"
_at_RtConfig export AS1 10.0.0.1 AS2 10.0.0.2

106
Summary

Command line options
RtConfig commands
Template file

Questions?
107
Using RtConfig

To use RtConfig conveniently you need
Template files
Scripts
Exercises
Task 1 - Create RtConfig template file
Task 2 - Run RtConfig with this template file
easiest to use rt alias
Time 15 mins

Exercises
108
Day-to-day Usage
109
Preliminary Work

Create person and maintainer objects
Create route objects in the database
Create various as-set objects, to group different
categories of neighbours
Describe policy in your aut-num object
Create RtConfig template file(s)
Run RtConfig / scripts periodically

110
Adding a New Neighbour

Your neighbour needs to
Obtain and register an ASN
Create route objects for the new AS
You need to
Add the new AS to one of your as-set objects
Create RtConfig template for the peering
Run your scripts

111
Testing Policy Change

Copy your aut-num object into a txt file
Modify the file to reflect the desired change
Run RtConfig with the flag -f filename
E.g. rt f changed_asn.txt lt rt-template gt
new_config
Other values will be read from the RR
Compare new router config output with the old
check if the result describes desired behaviour

112
Summary

Preliminary work
Adding a neighbour
Testing policy changes

Questions?
113
IRRToolSet
114
Intro

Started as RAToolSet
Changed to IRRToolset
first maintained by RIPE NCC
Now maintained by ISC
http//www.isc.org/index.pl?/sw/IRRToolSet/
Download ftp//ftp.isc.org/isc/IRRToolSet/
Installation needs lex, yacc and C compiler

115
AOE Aut-num Object Editor

Eases Aut-num editing
Takes input from
Your Aut-num object
Your peer's Aut-num object
BGP
Templates
Sends mail with updated Aut-num object
Does not sign

116
ROE Route Object Editor

Lists the routes dependencies
can add / delete specified routes
Displays and compares routes registered
by an AS in the IRR
in a BGP routing table
NotRtd (not routed) and NotReg (not registered)
Creates the route object for you, based on
BGP dump (local to your ASN)
Buggy ?

117
The Other Tools

prtraceroute prints the route packets take
with the policy information
peval lightweight policy evaluation tool
prpath shows possible paths between ASes
as registered in RR
CIDRAdvisor suggests safe aggregates
rpslcheck checks RPSL syntax

118
Summary

Maintained by ISC
Community controlled
Source and binaries available

Questions?
119
Routing Registry Consistency Check
120
RRCC

The goal making RR more accurate
Comparing real routing data (via RIS) with the
RR
Spotting inconsistencies suggest corrections
Data output
Web interface for interactive lookups
Reports per mntner (requests to
ltauto-rrcc_at_ripe.netgt)
Published on the web, reported to the routing-wg
Scripts available
http//www.ripe.net/rrcc/ , ltrrcc_at_ripe.netgt

121
Summary

Routing Registry Consistency Check
Check your routes
Check your peerings

Questions?
122
Homework

Subscribe to mailing lists
db-wg, routing-wg, irrtools
Use RRCC to find possible errors
Create route objects for your allocations
Update your aut-num with the latest policy
Add mnt-routes to your allocation
use the LIR Portal!

123
The End!
Finis
?????
K???
Sfârsit
Ki????
Konec
Ende
Kraj
The End
Son!
Fine
Lõpp
Kpaj
Vége
Fund
Fin
Einde
?????
Baigti
The End
Slutt
???????
Fim
Koniec
Loppu

Write a Comment

User Comments (0)