📄 rfc2622.txt
字号:
origin: AS2
Figure 8: Route Objects
Alaettinoglu, et al. Standards Track [Page 12]
RFC 2622 RPSL June 1999
5 Set Classes
To specify policies, it is often useful to define sets of objects.
For this purpose we define as-set, route-set, rtr-set, filter-set,
and peering-set classes. These classes define a named set. The
members of these sets can be specified either directly by listing
them in the sets' definition, or indirectly by having member objects
refer to the sets' names, or a combination of both methods.
A set's name is an rpsl word with the following restrictions: All
as-set names start with prefix "as-". All route-set names start with
prefix "rs-". All rtr-set names start with prefix "rtrs-". All
filter-set names start with prefix "fltr-". All peering-set names
start with prefix "prng-". For example, as-foo is a valid as-set
name.
Set names can also be hierarchical. A hierarchical set name is a
sequence of set names and AS numbers separated by colons ":". At
least one component of such a name must be an actual set name (i.e.
start with one of the prefixes above). All the set name components
of an hierarchical name has to be of the same type. For example, the
following names are valid: AS1:AS-CUSTOMERS, AS1:RS-EXPORT:AS2, RS-
EXCEPTIONS:RS-BOGUS.
The purpose of an hierarchical set name is to partition the set name
space so that the maintainers of the set X1 controls the whole set
name space underneath, i.e. X1:...:Xn-1. Thus, a set object with
name X1:...:Xn-1:Xn can only be created by the maintainer of the
object with name X1:...:Xn-1. That is, only the maintainer of AS1
can create a set with name AS1:AS-FOO; and only the maintainer of
AS1:AS-FOO can create a set with name AS1:AS-FOO:AS-BAR. Please see
RPS Security Document [20] for details.
Alaettinoglu, et al. Standards Track [Page 13]
RFC 2622 RPSL June 1999
5.1 as-set Class
The attributes of the as-set class are shown in Figure 9. The as-set
attribute defines the name of the set. It is an RPSL name that
starts with "as-". The members attribute lists the members of the
set. The members attribute is a list of AS numbers, or other as-set
names.
Attribute Value Type
as-set <object-name> mandatory, single-valued,
class key
members list of <as-numbers> or optional, multi-valued
<as-set-names>
mbrs-by-ref list of <mntner-names> optional, multi-valued
Figure 9: as-set Class Attributes
Figure 10 presents two as-set objects. The set as-foo contains two
ASes, namely AS1 and AS2. The set as-bar contains the members of the
set as-foo and AS3, that is it contains AS1, AS2, AS3. The set as-
empty contains no members.
as-set: as-foo as-set: as-bar as-set: as-empty
members: AS1, AS2 members: AS3, as-foo
Figure 10: as-set objects.
The mbrs-by-ref attribute is a list of maintainer names or the
keyword ANY. If this attribute is used, the AS set also includes
ASes whose aut-num objects are registered by one of these maintainers
and whose member-of attribute refers to the name of this AS set. If
the value of a mbrs-by-ref attribute is ANY, any AS object referring
to the AS set is a member of the set. If the mbrs-by-ref attribute
is missing, only the ASes listed in the members attribute are members
of the set.
as-set: as-foo
members: AS1, AS2
mbrs-by-ref: MNTR-ME
aut-num: AS3 aut-num: AS4
member-of: as-foo member-of: as-foo
mnt-by: MNTR-ME mnt-by: MNTR-OTHER
Figure 11: as-set objects.
Alaettinoglu, et al. Standards Track [Page 14]
RFC 2622 RPSL June 1999
Figure 11 presents an example as-set object that uses the mbrs-by-ref
attribute. The set as-foo contains AS1, AS2 and AS3. AS4 is not a
member of the set as-foo even though the aut-num object references
as-foo. This is because MNTR-OTHER is not listed in the as-foo's
mbrs-by-ref attribute.
5.2 route-set Class
The attributes of the route-set class are shown in Figure 12. The
route-set attribute defines the name of the set. It is an RPSL name
that starts with "rs-". The members attribute lists the members of
the set. The members attribute is a list of address prefixes or
other route-set names. Note that, the route-set class is a set of
route prefixes, not of RPSL route objects.
Attribute Value Type
route-set <object-name> mandatory,
single-valued,
class key
members list of <address-prefix-range> or optional, multi-valued
<route-set-name> or
<route-set-name><range-operator>
mbrs-by-ref list of <mntner-names> optional, multi-valued
Figure 12: route-set Class Attributes
Figure 13 presents some example route-set objects. The set rs-foo
contains two address prefixes, namely 128.9.0.0/16 and 128.9.0.0/24.
The set rs-bar contains the members of the set rs-foo and the address
prefix 128.7.0.0/16.
An address prefix or a route-set name in a members attribute can be
optionally followed by a range operator. For example, the following
set:
route-set: rs-foo
members: 128.9.0.0/16, 128.9.0.0/24
route-set: rs-bar
members: 128.7.0.0/16, rs-foo
Figure 13: route-set Objects
Alaettinoglu, et al. Standards Track [Page 15]
RFC 2622 RPSL June 1999
route-set: rs-bar
members: 5.0.0.0/8^+, 30.0.0.0/8^24-32, rs-foo^+
contains all the more specifics of 5.0.0.0/8 including 5.0.0.0/8, all
the more specifics of 30.0.0.0/8 which are of length 24 to 32 such as
30.9.9.96/28, and all the more specifics of address prefixes in route
set rs-foo.
The mbrs-by-ref attribute is a list of maintainer names or the
keyword ANY. If this attribute is used, the route set also includes
address prefixes whose route objects are registered by one of these
maintainers and whose member-of attribute refers to the name of this
route set. If the value of a mbrs-by-ref attribute is ANY, any route
object referring to the route set name is a member. If the mbrs-by-
ref attribute is missing, only the address prefixes listed in the
members attribute are members of the set.
route-set: rs-foo
mbrs-by-ref: MNTR-ME, MNTR-YOU
route-set: rs-bar
members: 128.7.0.0/16
mbrs-by-ref: MNTR-YOU
route: 128.9.0.0/16
origin: AS1
member-of: rs-foo
mnt-by: MNTR-ME
route: 128.8.0.0/16
origin: AS2
member-of: rs-foo, rs-bar
mnt-by: MNTR-YOU
Figure 14: route-set objects.
Figure 14 presents example route-set objects that use the mbrs-by-ref
attribute. The set rs-foo contains two address prefixes, namely
128.8.0.0/16 and 128.9.0.0/16 since the route objects for
128.8.0.0/16 and 128.9.0.0/16 refer to the set name rs-foo in their
member-of attribute. The set rs-bar contains the address prefixes
128.7.0.0/16 and 128.8.0.0/16. The route 128.7.0.0/16 is explicitly
listed in the members attribute of rs-bar, and the route object for
128.8.0.0/16 refer to the set name rs-bar in its member-of attribute.
Alaettinoglu, et al. Standards Track [Page 16]
RFC 2622 RPSL June 1999
Note that, if an address prefix is listed in a members attribute of a
route set, it is a member of that route set. The route object
corresponding to this address prefix does not need to contain a
member-of attribute referring to this set name. The member-of
attribute of the route class is an additional mechanism for
specifying the members indirectly.
5.3 Predefined Set Objects
In a context that expects a route set (e.g. members attribute of the
route-set class), an AS number ASx defines the set of routes that are
originated by ASx; and an as-set AS-X defines the set of routes that
are originated by the ASes in AS-X. A route p is said to be
originated by ASx if there is a route object for p with ASx as the
value of the origin attribute. For example, in Figure 15, the route
set rs-special contains 128.9.0.0/16, routes of AS1 and AS2, and
routes of the ASes in AS set AS-FOO.
route-set: rs-special
members: 128.9.0.0/16, AS1, AS2, AS-FOO
Figure 15: Use of AS numbers and AS sets in route sets.
The set rs-any contains all routes registered in IRR. The set as-any
contains all ASes registered in IRR.
5.4 Filters and filter-set Class
The attributes of the filter-set class are shown in Figure 16. A
filter-set object defines a set of routes that are matched by its
filter. The filter-set attribute defines the name of the filter. It
is an RPSL name that starts with "fltr-".
Attribute Value Type
filter-set <object-name> mandatory, single-valued, class key
filter <filter> mandatory, single-valued
Figure 16: filter Class Attributes
filter-set: fltr-foo
filter: { 5.0.0.0/8, 6.0.0.0/8 }
filter-set: fltr-bar
filter: (AS1 or fltr-foo) and <AS2>
Figure 17: filter-set objects.
Alaettinoglu, et al. Standards Track [Page 17]
RFC 2622 RPSL June 1999
The filter attribute defines the set's policy filter. A policy
filter is a logical expression which when applied to a set of routes
returns a subset of these routes. We say that the policy filter
matches the subset returned. The policy filter can match routes
using any BGP path attribute, such as the destination address prefix
(or NLRI), AS-path, or community attributes.
The policy filters can be composite by using the operators AND, OR,
and NOT. The following policy filters can be used to select a subset
of routes:
ANY
The keyword ANY matches all routes.
Address-Prefix Set This is an explicit list of address prefixes
enclosed in braces '{' and '}'. The policy filter matches the set
of routes whose destination address-prefix is in the set. For
example:
{ 0.0.0.0/0 }
{ 128.9.0.0/16, 128.8.0.0/16, 128.7.128.0/17, 5.0.0.0/8 }
{ }
An address prefix can be optionally followed by a range operator
(i.e.
{ 5.0.0.0/8^+, 128.9.0.0/16^-, 30.0.0.0/8^16, 30.0.0.0/8^24-32 }
contains all the more specifics of 5.0.0.0/8 including 5.0.0.0/8, all
the more specifics of 128.9.0.0/16 excluding 128.9.0.0/16, all the
more specifics of 30.0.0.0/8 which are of length 16 such as
30.9.0.0/16, and all the more specifics of 30.0.0.0/8 which are of
length 24 to 32 such as 30.9.9.96/28.
Route Set Name A route set name matches the set of routes that are
members of the set. A route set name may be a name of a route-set
object, an AS number, or a name of an as-set object (AS numbers and
as-set names implicitly define route sets; please see Section 5.3).
For example:
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -