📄 rfc2650.txt
字号:
changing customer base, this mechanism will not scale well.
route-set: AS2:RS-ROUTES:AS3
members: 7.7.0.0/16^16-19
changed: orange@ripe.net
source: RIPE
Figure 7: The route-set object
Luckily RPSL supports the notion of a "route-set" which, as shown in
Figure 7, can be used to specify the set of routes that will be
accepted from a given customer. Given this set (and a similar one
for AS4), the manager of AS2 can now filter on the address space that
will be accepted from their customers by modifying the import lines
in the AS2 aut-num object as shown in Figure 8.
import: from AS1 accept ANY
import: from AS3 accept AS2:RS-ROUTES:AS3
import: from AS4 accept AS2:RS-ROUTES:AS4
export: to AS2:AS-CUSTOMERS announce ANY
export: to AS1 announce AS2 AS2:AS-CUSTOMERS
Figure 8: Policy in the AS2 aut-num object for address based
filtering on AS2 customers
Meyer, et al. Informational [Page 7]
RFC 2650 Using RPSL in Practice August 1999
Note that this is now only slightly more complex than the example in
Figure 6. Furthermore, nothing need be changed in the AS2 aut-num
object due to address space changes for a customer, and this
filtering can be supported without any changes to the AS1 aut-num
object. The additional complexity is due to the two route set names
being different, otherwise we could have combined the two import
statements into one. Please note that the set names are constructed
hierarchically. The first AS number denotes whose sets these are,
and the last AS number parameterize these sets for each peer. RPSL
allows the peer's AS number to be replaced by the keyword PeerAS.
Hence,
import: from AS3 accept AS2:RS-ROUTES:PeerAS
import: from AS4 accept AS2:RS-ROUTES:PeerAS
has the same meaning as the corresponding import statements in Figure
6. This lets us combine the two import statements into one as shown
in Figure 9.
import: from AS1 accept ANY
import: from AS2:AS-CUSTOMERS accept AS2:RS-ROUTES:PeerAS
export: to AS2:AS-CUSTOMERS announce ANY
export: to AS1 announce AS2 AS2:AS-CUSTOMERS
Figure 9: Policy in the AS2 aut-num object using PeerAS
2.3 Including Interfaces in Peering Definitions
In the above examples peerings were only given among ASes. However,
the peerings may be described in much more detail by RPSL, where
peerings can be specified between physical routers using IP addresses
in the import and export attributes. Figure 10 shows a simple
example in which AS1 and AS2 are connected to an exchange point IX.
While AS1 has only one connection to the exchange point via a router
interface with IP address 7.7.7.1, AS2 has two different connections
with IP address 7.7.7.2 and 7.7.7.3. The first AS may then define
its routing policy in more detail by specifying its boundary router.
+--------------------+ +--------------------+
| 7.7.7.1 |-----+ +-----| 7.7.7.2 |
| | | | | |
| AS1 | ======== | AS2 |
| | IX | | |
| | +-----| 7.7.7.3 |
+--------------------+ +--------------------+
Figure 10: Including interfaces in peerings definitions
Meyer, et al. Informational [Page 8]
RFC 2650 Using RPSL in Practice August 1999
aut-num: AS1
import: from AS2 at 7.7.7.1 accept <^AS2+$>
Because AS1 has only one connection to the exchange point in this
example, this specification does not differ from that in which no
boundary router is specified. However, AS1 might want to choose to
accept only those announcements from AS2 which come from the router
with IP address 7.7.7.2 and disregard those announcements from router
7.7.7.3. AS1 can specify this routing policy as follows:
aut-num: AS1
import: from AS2 7.7.7.2 at 7.7.7.1 accept <^AS2+$>
By selecting certain pairs of routers in a peering specification,
others can be denied. If no routers are included in a policy clause
then it is assumed that the policy applies to all peerings among the
ASes involved.
2.4 Describing Simple Backup Connections
The specification of peerings among ASes is not limited to one router
for each AS. In figure 10 one of the two connections of AS2 to the
exchange point IX might be used as backup in case the other
connection fails. Let us assume that AS1 wants to use the connection
to router 7.7.7.2 of AS2 during regular operations, and router
7.7.7.3 as backup. In a router configuration this may be done by
setting a local preference. The equivalent in RPSL is a
corresponding action definition in the peering description. The
action definitions are inserted directly before the accept keyword.
aut-num: AS1
import: from AS2 7.7.7.2 at 7.7.7.1 action pref=10;
from AS2 7.7.7.3 at 7.7.7.1 action pref=20;
accept <^AS2+$>
pref is opposite to local-pref in that the smaller values are
preferred over larger values. Actions may also be defined without
specifying IP addresses of routers. If no routers are included in
the policy clause then it is assumed that the actions are carried out
for all peerings among the ASes involved.
In the previous example AS1 controls where it sends its traffic and
which connection is used as backup. However, AS2 may also define a
backup connection in an export clause:
Meyer, et al. Informational [Page 9]
RFC 2650 Using RPSL in Practice August 1999
aut-num: AS2
export: to AS1 7.7.7.1 at 7.7.7.2 action med=10;
to AS1 7.7.7.1 at 7.7.7.3 action med=20;
announce <^AS2+$>
The definition given here for AS2 is the symmetric counterpart to the
routing policy of AS1. The selection of routing information is done
by setting the multi exit discriminator metric med. Actually, med
metrics will not be used in practice like this; they are more
suitable for load balancing including backups. For more details on
med metrics refer to the BGP-4 RFC [7]. To use the med to achieve
load balancing, one often sets it to the "IGP metric". This is
specified in RPSL as:
aut-num: AS2
export: to AS1 action med=igp_cost; announce <^AS2+$>
Hence, both routers will set the med to the IGP metric at that
router, causing some routes to be preferred at one of the routers and
other routes at the other router.
2.5 Multi-Home Routing Policies using the community Attribute
RFC 1998 [9] describes the use of the BGP community attribute to
provide support for load balancing and backup connections of multi-
homed autonomous systems. In this section, we use stepwise
refinement of an example to illustrate how those policies might be
specified using RPSL.
The basic premise of RFC 1998 is to use the BGP community attribute
to allow a customer to configure the BGP "LOCAL_PREF" on a provider's
routers. This will allow the customer to influence the provider's
route selection, normally by lowering the BGP "LOCAL_PREF" to
indicate backup arrangements.
In this example, we illustrate how AS1 (the provider) might specify
their policy so that a customer (AS4) connected to two of AS1's
direct customers (AS2 and AS3) might signal to AS1 which connection
is to be preferred.
AS1's base policy is to only accept routes from customers that are
originated by the customer, or by the customer's customers. This
leads to a policy such as:
Meyer, et al. Informational [Page 10]
RFC 2650 Using RPSL in Practice August 1999
aut-num: AS1
import: from AS2
accept (AS2 OR AS4) AND <^AS2+ AS4*$>
import: from AS3
accept (AS3 OR AS4) AND <^AS3+ AS4*$>
import: from AS5
accept AS5 AND <^AS5+$>
Note that AS4 is a customer of AS2 and AS3, and AS5 does not have its
own customers.
Now suppose we want to add some policy to describe that if a customer
tags a route with community 1:1 then AS1 will act on this to reduce
the BGP "LOCAL_PREF" by 10.
aut-num: AS1
import: from AS2
action pref=10;
accept (AS2 OR AS4) AND <^AS2+ AS4*$>
AND community.contains(1:1)
import: from AS2
action pref=0;
accept (AS2 OR AS4) AND <^AS2+ AS4*$>
import: from AS3
action pref=10;
accept (AS3 OR AS4) AND <^AS3+ AS4*$>
AND community.contains(1:1)
import: from AS3
action pref=0;
accept (AS3 OR AS4) AND <^AS3+ AS4*$>
import: from AS5
action pref=10;
accept AS5 AND <^AS5+$> AND community.contains(1:1)
import: from AS5
action pref=0;
accept AS5 AND <^AS5+$>
We can see here that basically we are adding identical statements for
each peering to the policy. This is the ideal candidate for RPSL's
refine statement. This will make the policy more concise and avoid
some of the potential for errors as more peering statements are added
in the future:
Meyer, et al. Informational [Page 11]
RFC 2650 Using RPSL in Practice August 1999
aut-num: AS1
import: {
from AS-ANY
action pref=10;
accept community.contains(1:1);
from AS-ANY
action pref=0;
accept ANY;
} refine {
from AS2 accept (AS2 OR AS4) AND <^AS2+ AS4*$>;
from AS3 accept (AS3 OR AS4) AND <^AS3+ AS4*$>;
from AS5 accept AS5 AND <^AS5+$>;
}
Now, we can clearly see that any route that has been accepted from a
customer that contains the community 1:1 will have it's local
preference value reduced by 10.
The refinement has cleaned up some of the policy but we still have a
large number of individual policies representing the same basic
provider policy "from the customer, accept customer routes". These
can be simplified by using AS sets.
First, we will collect together all of AS1's customers into a single
AS set, AS1:AS-CUSTOMERS. We use a hierarchical set name that start
with AS1 to avoid possible set name clashes in IRR with other ASes:
as-set: AS1:AS-CUSTOMERS
members: AS2, AS3, AS5
We also define one set for each customer which lists the AS numbers
of any of their customers.
as-set: AS1:AS-CUSTOMERS:AS2
members: AS4
as-set: AS1:AS-CUSTOMERS:AS3
members: AS4
as-set: AS1:AS-CUSTOMERS:AS5
members: # AS5 has no customers yet, so keep blank for now
We can now use the keyword PeerAS with these AS sets to simplify the
policy further:
Meyer, et al. Informational [Page 12]
RFC 2650 Using RPSL in Practice August 1999
aut-num: AS1
import: {
from AS-ANY
action pref=10;
accept community.contains(1:1);
from AS-ANY
action pref=0;
accept ANY;
} refine {
from AS1:AS-CUSTOMERS
accept (PeerAS OR AS1:AS-CUSTOMER:PeerAS)
AND <^PeerAS+ AS1:AS-CUSTOMER:PeerAS*$>
}
The use of PeerAS with AS1:AS-CUSTOMERS is basically equivalent to
looping over the members of AS1:AS-CUSTOMERS, expanding the policy by
replacing PeerAS with a member from the set AS1:AS-CUSTOMERS.
To illustrate how this policy might be utilised by AS4, we present
the following policy fragment:
aut-num: AS4
export: to AS2
action community.append(1:1);
announce AS1
export: to AS3
announce AS1
Here, AS4 is signalling AS1 to prefer the routes from AS3.
3 Tools
In this section, we briefly introduce a number of tools which can be
used to inspect data in the database, to determine optimal routing
policies, and enter new data.
3.1 The aut-num Object Editor
All the examples shown in the previous sections may well be edited by
hand. They may be extracted one by one from the IRR using the whois
program, edited, and then handed back to the registry robots.
However, again the RAToolSet [6] provides a very nice tool which
makes working with aut-num objects much easier: the aut-num object
editor aoe.
The aut-num object editor has a graphical user interface to view and
manipulate aut-num objects registered at any IRR. New aut-num objects
may be generated using templates and submitted to the registries.
Meyer, et al. Informational [Page 13]
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -