benefits of using ripe routing registry and related ripe
play

Benefits of Using RIPE Routing Registry and Related RIPE NCC Tools - PowerPoint PPT Presentation

Sep 24, 2022 •186 likes •593 views

Benefits of Using RIPE Routing Registry and Related RIPE NCC Tools TELFOR, 24 November 2004 Vesna Manojlovic RIPE NCC Training Services TELFOR, November 2004, Belgrade . RIPE Routing Registry . 1 http://www.ripe.net/ Overview Intro:

  1. Benefits of Using RIPE Routing Registry and Related RIPE NCC Tools TELFOR, 24 November 2004 Vesna Manojlovic RIPE NCC Training Services TELFOR, November 2004, Belgrade . RIPE Routing Registry . 1 http://www.ripe.net/

  2. Overview • Intro: RIPE and RIPE NCC • Why document routing policy • RPSL • IRRToolset • Day-to-day Usage of the RR • RIS TELFOR, November 2004, Belgrade . RIPE Routing Registry . 2 http://www.ripe.net/

  3. Intro: RIPE and RIPE NCC • Réseaux IP Européens (1989) – Collaborative, open community of Internet operators and administrators – Working groups: DB, Routing; EOF (eqv. to NANOG), etc • RIPE Network Coordination Centre (1992) – Independent not-for-profit membership organisation – One of 4 Regional Internet Registries – Member services: distributing IP addresses, ASN, reverse DNS delegation, training courses – Public services: whois DB, K-root, ENUM, RIPE support etc TELFOR, November 2004, Belgrade . RIPE Routing Registry . 3 http://www.ripe.net/

  4. Intro: RIPE whois Database & the IRR • Public Network Management Database – “whois” info about networks & contact data • Routing Registry - a subset of the RIPE DB – contains routing information, in RPSL • RIPE RR is part of the I nternet R outing R egistry: – http://www.irr.net/ – Distributed databases that mirror each other – IRR = RIPE DB + RADB + Savvis (ex C&W) + ARIN + … TELFOR, November 2004, Belgrade . RIPE Routing Registry . 4 http://www.ripe.net/

  5. Intro: Why Document Routing Policy? • Recreate your policy in case of loss of hardware / administrators – Less downtime • Scaling • Troubleshooting TELFOR, November 2004, Belgrade . RIPE Routing Registry . 5 http://www.ripe.net/

  6. Intro: Why Document in RPSL? • Abstract – Not vendor specific • Global AS view, not router specific • Established standard • Tools available – router configuration – expertise built into tools TELFOR, November 2004, Belgrade . RIPE Routing Registry . 6 http://www.ripe.net/

  7. Intro: Why Document in IRR? • Required by some Transit Providers • Required by some Exchange Points • Allows peers to automatically update filters – For your announcements – Consistent information between neighbours • Good housekeeping TELFOR, November 2004, Belgrade . RIPE Routing Registry . 7 http://www.ripe.net/

  8. Intro: Why Document in RIPE DB? • Convenience – inetnums already there – aut-num already there – maintainer already there – person objects already there • Database most likely used by your peers TELFOR, November 2004, Belgrade . RIPE Routing Registry . 8 http://www.ripe.net/

  9. 9 http://www.ripe.net/ . TELFOR, November 2004, Belgrade . RIPE Routing Registry RPSL

  10. Routing Policy Specification Language • Object-oriented language – Structured whois DB objects • Describes things interesting for the routing policy – Routes, AS numbers… – Relations between BGP peers – Management responsibility • Established standard: – Routing Policy Specification Language (RFC-2622) – Routing Policy System Security (RFC-2725) – Using RPSL in Practice (RFC-2650) TELFOR, November 2004, Belgrade . RIPE Routing Registry . 10 http://www.ripe.net/

  11. RPSL: Example aut-num Object aut-num: AS2001 import: from AS3000 action pref=30; accept ANY import: from AS4000 action pref=40; accept ANY export: to AS4000 action aspath.prepend(AS2001,AS2001); announce AS2001 export: to AS3000 announce AS2001 policy as-name: RRTEST-AS2001 descr: Customer of AS3000 & AS4000 supportive admin-c: JS2-RRTEST & contact tech-c: JS2-RRTEST information changed: john.smith@example.net 20040606 source: RIPE mnt-by: john-smith-MNT authentication mnt-routes: third-MNT & notification upd-to: john.smith@example.net mnt-nfy: rr-db-notifications@example.net TELFOR, November 2004, Belgrade . RIPE Routing Registry . 11 http://www.ripe.net/

  12. RPSL: aut-num Attributes Syntax • import: – from <peering> [action <action>] accept <filter> • export: – to <peering> [action <action>] announce <filter> • <peering> = ASN ; as-set ; “ASN IP1 at IP2” • <filter> matches set of routes – ASN, as-sets, route-sets; – {0.0.0.0/0}; {1.2.3.4/19, 193.0.0.0/23} • Range operators: e.g. 192.0.2.0/24^+ – ANY ; PeerAS; AND, OR, NOT • AS-path filters: regular expressions (i.e. <…>) import: from AS4003 accept <^AS4003+AS4003:AS-customers*$> TELFOR, November 2004, Belgrade . RIPE Routing Registry . 12 http://www.ripe.net/

  13. RPSL: Simple Animated Example AS4000 AS2000 aut-num: AS2000 export: to AS4000 aut-num: AS4000 announce AS2000 import: from AS4000 import: from AS2000 accept AS2000 accept AS4000 export: to as2000 announce AS4000 TELFOR, November 2004, Belgrade . RIPE Routing Registry . 13 http://www.ripe.net/

  14. RPSL: 2 nd Animated Example Internet aut-num: AS3000 AS3000 export: to AS2001 announce ANY AS4000 import: from AS2001 accept AS2001 AS2001 aut-num: AS2001 export: to AS4000 action aspath.prepend (AS2001, AS2001); announce AS2001 aut-num: AS4000 import: from AS3000 action pref=30; import: from AS2001 accept AS2001 accept ANY import: from AS4000 action pref=10; accept AS4000 export: to AS2001 announce AS4000 ANY export: to AS3000 announce AS2001 import: from AS4000 action pref=40; accept ANY TELFOR, November 2004, Belgrade . RIPE Routing Registry . 14 http://www.ripe.net/

  15. RPLS: Localpref / prepend • Controlling the traffic flow: – for outbound traffic set the value of local-pref • “action pref=NN” in the “import” lines of aut-num object • the lower the “pref”, the more preferred the route – for inbound traffic, modify as-path length • “action aspath.prepend(ASN)” in the “export” lines • Longer the as-path, less preferred the route – Note: the direction of traffic is reverse from accepting / announcing routes TELFOR, November 2004, Belgrade . RIPE Routing Registry . 15 http://www.ripe.net/

  16. RPSL: Multiple Links / MED • By setting the value of MED on export lines, the preferred entry point into your AS can be controlled export: to AS4044 at 10.3.0.1 action med=2000; announce AS3033 # less preferred, bigger MED export: to AS4044 at 10.3.0.2 action med=1000; announce AS3033 # more preferred, smaller MED • The neighbour must agree to honour your MED values – Instead of MED, it is possible to use as-path prepend on less preferred link • Controlling outbound traffic: import: from AS4 10.4.0.7 at 10.3.0.1 action pref=10; accept AS4 import: from AS4 10.4.0.8 at 10.3.0.1 action pref=20; accept AS4 TELFOR, November 2004, Belgrade . RIPE Routing Registry . 16 http://www.ripe.net/

  17. RPSL: BGP Communities • Elegant solution for implementing policies • RFC-1998: An application of the BGP Community Attribute in Multi-home Routing • ISPs publish values of communities in the RR – E.g. to tell BT to prepend their ASN when announcing your routes to their peers: export: to 5400 action community = {5400:2073}; announce MY_ASN – E.g. to receive KPN NL routes on NL peering: import: from AS268 <ip-NL> action pref=10; accept AS286 AND community.contains (286:3031) TELFOR, November 2004, Belgrade . RIPE Routing Registry . 17 http://www.ripe.net/

  18. RPSL: Security / Bogon Filtering • Problems: – Bogon address space used as source for spamming, DDoS, probes… – Leaking “martians” & bogons due to mis-configuration – Leaking other people’s ranges => black-holing them • Add “AND NOT fltr-bogons” to all your import and export attribute filter rules • Secure BGP Template – www.cymru.com/Documents/secure-bgp-template.html TELFOR, November 2004, Belgrade . RIPE Routing Registry . 18 http://www.ripe.net/

  19. Outdated “bogon” Filters • Inverse problem: – Bogon filters in place, but not kept up-to-date – Consequence: when new /8 block is allocated to RIR / LIR, it is unreachable from networks with stale filters • Solution: – Use fltr-bogons instead your own manually updated list – Or: follow the lists where RIRs announce new /8 blocks • E.g. https://www.ripe.net/ripe/docs/smallest-alloc-sizes.html • E.g. www.ripe.net/ripe/draft-documents/deboganising-draft.html – Or: use bogon route server • (AS65333, community 65333:888)(e.g. cymru.com) => Keep your bogon filters up-to-date! TELFOR, November 2004, Belgrade . RIPE Routing Registry . 19 http://www.ripe.net/

  20. RPSL: as-set Object Syntax • as-set objects for groups of aut-num-s • previously known as AS-MACRO – as-set : name starts with “AS-”; • hierarchical, using “asn:” (e.g. AS4000:AS-CUSTOMERS) – (direct) members : ASNs, or as-set-s – (indirect) mbrs-by-ref : <mntner-name> | ANY • Aut-num should have “member-of” to include itself in the as-set • In your aut-num point to as-set-s – export/import: to/from ASN announce/accept as-set – export/import: to/from as-set announce/accept <filter> • expression PeerAS loops through the list of members TELFOR, November 2004, Belgrade . RIPE Routing Registry . 20 http://www.ripe.net/

Recommend

Using Routing Registry and Related Tools for Configuring Routers Vesna Manojlovic Advanced

Using Routing Registry and Related Tools for Configuring Routers Vesna Manojlovic Advanced

Using Routing Registry and Related Tools for Configuring Routers Vesna Manojlovic Advanced Courses Trainer, RIPE NCC APRICOT, February 2005, Kyoto APRICOT, February 2005, Kyoto . RIPE Routing Registry . 1 http://www.ripe.net/ Introduction:

168 views • 12 slides
Participating in RIPE Policy Development RIR Bottom-up Model Rules POLICIES RIPE NCC LIRs

Participating in RIPE Policy Development RIR Bottom-up Model Rules POLICIES RIPE NCC LIRs

Participating in RIPE Policy Development RIR Bottom-up Model Rules POLICIES RIPE NCC LIRs PDP WGs RIPE Community Mailing Lists / RIPE Meetings 2 Working Groups Address Policy IPv6 Routing RIPE NCC Services Database

90 views • 6 slides
Welcome to the Routing wg at RIPE 72 Joo Damas Rob Evans Agenda A. Welcome 00:05 Thanks

Welcome to the Routing wg at RIPE 72 Joo Damas Rob Evans Agenda A. Welcome 00:05 Thanks

Welcome to the Routing wg at RIPE 72 Joo Damas Rob Evans Agenda A. Welcome 00:05 Thanks to the scribe, jabber scribe and stenographer. Reminder of microphone etiquette. Minutes from RIPE 71. B. Appointment of new co-chair. 00:05 C.

58 views • 5 slides
Welcome to the Routing wg at RIPE 74 Joo Damas, Paolo Moroni Agenda A. Welcome. 5

Welcome to the Routing wg at RIPE 74 Joo Damas, Paolo Moroni Agenda A. Welcome. 5

Welcome to the Routing wg at RIPE 74 Joo Damas, Paolo Moroni Agenda A. Welcome. 5 Thanks to the scribe, jabber scribe and stenographer. Microphone etiquette. Minutes from RIPE 73. B. IRR Filtering at IXP Route Servers. 30 Erik

264 views • 4 slides
RIPE Atlas ICANN meeting 2014, Singapore ! ccTLD Tech Day RIPE and RIPE NCC ! ! ! ! ! ! !

RIPE Atlas ICANN meeting 2014, Singapore ! ccTLD Tech Day RIPE and RIPE NCC ! ! ! ! ! ! !

RIPE Atlas ICANN meeting 2014, Singapore ! ccTLD Tech Day RIPE and RIPE NCC ! ! ! ! ! ! ! ! ! ! ! ! RIPE Network Coordination Centre Rseaux IP Europens Started in 1992 Started in 1989 Not-for-profit

372 views • 24 slides
RIPE Atlas ! Robert Kisteleki ! RIPE NCC Science Group ! robert@ripe.net ! Introduction &quot; RIPE

RIPE Atlas ! Robert Kisteleki ! RIPE NCC Science Group ! robert@ripe.net ! Introduction &quot; RIPE

RIPE Atlas ! Robert Kisteleki ! RIPE NCC Science Group ! robert@ripe.net ! Introduction &quot; RIPE Atlas: &quot; There are many Atlases, this is RIPE Atlas RIPE Atlas &quot; A prototype system for a next generation Internet measurement

629 views • 30 slides
RIPE Atlas Tools for Operators and IXPs Michela Galante RIPE NCC 24 May 2017 | LACNIC 27 | Foz

RIPE Atlas Tools for Operators and IXPs Michela Galante RIPE NCC 24 May 2017 | LACNIC 27 | Foz

RIPE Atlas Tools for Operators and IXPs Michela Galante RIPE NCC 24 May 2017 | LACNIC 27 | Foz do Iguau Overview Introduction to RIPE Atlas Use cases IXP Country Jedi New: TraceMON How to take part in RIPE Atlas RIPE

732 views • 47 slides
RIPE Atlas Highlights (and more) Robert Kisteleki RIPE NCC Science Division At a Glance RIPE

RIPE Atlas Highlights (and more) Robert Kisteleki RIPE NCC Science Division At a Glance RIPE

RIPE Atlas Highlights (and more) Robert Kisteleki RIPE NCC Science Division At a Glance RIPE Atlas Highlights 2 Better UIs and APIs Probe tagging New measurement types Data streaming Anchors Other Bits: locality checks,

337 views • 21 slides
RIPE Address Policy Working Group May 13, 2020 RIPE 80, In Cyberspace WG Chairs: Gert D oring

RIPE Address Policy Working Group May 13, 2020 RIPE 80, In Cyberspace WG Chairs: Gert D oring

RIPE 80 APWG RIPE 80, virtually yours 1 RIPE Address Policy Working Group May 13, 2020 RIPE 80, In Cyberspace WG Chairs: Gert D oring &amp; Erik Bais please remember: this session is webcast RIPE 80 APWG

506 views • 11 slides
Some Internet Measuremen t Thoughts Richard Barnes BBN Technologies RIPE MAT Co - Chair

Some Internet Measuremen t Thoughts Richard Barnes BBN Technologies RIPE MAT Co - Chair

Some Internet Measuremen t Thoughts Richard Barnes BBN Technologies RIPE MAT Co - Chair RIPE MAT WG RIPE is the RIR for Europe; RIPE NCC is their secretariat RIPE has working groups on particular topics MAT ==

151 views • 12 slides
RIPE Address Policy Working Group May 10, 2017 RIPE 74, Budapest WG Chairs: Gert D oring

RIPE Address Policy Working Group May 10, 2017 RIPE 74, Budapest WG Chairs: Gert D oring

RIPE 74 APWG RIPE 74, Budapest 1 RIPE Address Policy Working Group May 10, 2017 RIPE 74, Budapest WG Chairs: Gert D oring &amp; Sander Steffann please remember: this session is webcast RIPE 74 APWG Agenda

194 views • 18 slides
World IPv6 Launch and RIPE Atlas traceroute6 Visualisation Bert Wijnen bwijnen@ripe.net

World IPv6 Launch and RIPE Atlas traceroute6 Visualisation Bert Wijnen bwijnen@ripe.net

World IPv6 Launch and RIPE Atlas traceroute6 Visualisation Bert Wijnen bwijnen@ripe.net (presenter) Emile Aben emile.aben@ripe.net Rene Wilhelm wilhelm@ripe.net Robert Kisteleki robert@ripe.net TREX Workshop 2012 14 September 2012 RIPE NCC

384 views • 19 slides
RIPE Address Policy Working Group October 17, 2018 RIPE 77, Amsterdam WG Chairs: Gert D oring

RIPE Address Policy Working Group October 17, 2018 RIPE 77, Amsterdam WG Chairs: Gert D oring

RIPE 77 APWG RIPE 77, Amsterdam 1 RIPE Address Policy Working Group October 17, 2018 RIPE 77, Amsterdam WG Chairs: Gert D oring &amp; Erik Bais please remember: this session is webcast RIPE 77 APWG Agenda

520 views • 18 slides
RIPE Address Policy Working Group October 24, 2017 RIPE 75, Dubai WG Chairs: Gert D oring

RIPE Address Policy Working Group October 24, 2017 RIPE 75, Dubai WG Chairs: Gert D oring

RIPE 75 APWG RIPE 75, Dubai 1 RIPE Address Policy Working Group October 24, 2017 RIPE 75, Dubai WG Chairs: Gert D oring &amp; Sander Steffann please remember: this session is webcast RIPE 75 APWG Agenda

391 views • 17 slides
at the RIPE NCC Emile Aben emile.aben@ripe.net RIPE NCC Emile Aben Afrinic11, 2009-11, Dakar,

at the RIPE NCC Emile Aben emile.aben@ripe.net RIPE NCC Emile Aben Afrinic11, 2009-11, Dakar,

RIPE Network Coordination Centre Internet Measurement and Analysis at the RIPE NCC Emile Aben emile.aben@ripe.net RIPE NCC Emile Aben Afrinic11, 2009-11, Dakar, Senegal http://www.ripe.net 1 RIPE Network Coordination Centre Measurement

886 views • 12 slides
Open-sourcing RIPE Atlas Vesna Manojlovic (Presented by Philip Homburg) 30 January 2016 |

Open-sourcing RIPE Atlas Vesna Manojlovic (Presented by Philip Homburg) 30 January 2016 |

Open-sourcing RIPE Atlas Vesna Manojlovic (Presented by Philip Homburg) 30 January 2016 | FOSDEM Overview Introduction to RIPE &amp; the RIPE NCC What is RIPE Atlas? Open-sourced RIPE Atlas tools How to take part in the RIPE

492 views • 28 slides
Measuring DNSSEC using RIPE Atlas Kaveh Ranjbar RIPE NCC RIPE Atlas Coverage RIPE Atlas 2

Measuring DNSSEC using RIPE Atlas Kaveh Ranjbar RIPE NCC RIPE Atlas Coverage RIPE Atlas 2

Measuring DNSSEC using RIPE Atlas Kaveh Ranjbar RIPE NCC RIPE Atlas Coverage RIPE Atlas 2 DNSSEC Workshop, ICANN 51 - October 2014 RIPE Atlas Coverage RIPE Atlas 3 DNSSEC Workshop, ICANN 51 - October 2014 Measurement Devices RIPE Atlas

468 views • 18 slides
Using the RIPE Atlas API for Measuring IPv6 Reachability Vesna Manojlovic Community Builder for

Using the RIPE Atlas API for Measuring IPv6 Reachability Vesna Manojlovic Community Builder for

Using the RIPE Atlas API for Measuring IPv6 Reachability Vesna Manojlovic Community Builder for Measurement Tools BECHA@ripe.net / @Ms_Multicolor BalCCoN 2014 | Novi Sad 1 Overview 2 Short intro to RIPE, RIPE NCC What is IPv6 &amp;

906 views • 74 slides
Information Services at the RIPE NCC Henk Uijterwaal RIPE NCC CAIDA, June 3, 2004 1 Henk

Information Services at the RIPE NCC Henk Uijterwaal RIPE NCC CAIDA, June 3, 2004 1 Henk

Information Services at the RIPE NCC Henk Uijterwaal RIPE NCC CAIDA, June 3, 2004 1 Henk Uijterwaal &lt;henk@ripe.net&gt; . . CAIDA, June 3, 2004 http://www.ripe.net/test-traffic Introduction Data sets Future plans 2 Henk

276 views • 15 slides
BIRD Internet Routing Daemon Ond rej Zaj cek CZ.NIC z.s.p.o. RIPE 66 BIRD overview

BIRD Internet Routing Daemon Ond rej Zaj cek CZ.NIC z.s.p.o. RIPE 66 BIRD overview

BIRD Internet Routing Daemon Ond rej Zaj cek CZ.NIC z.s.p.o. RIPE 66 BIRD overview BIRD Internet Routing Daemon Routing protocols BGP, OSPF and RIP IPv4 and IPv6 support Linux and BSD kernel support Free and open

241 views • 13 slides
New Local Internet Registry Webinar Learning and Development Overview The Internet Registry

New Local Internet Registry Webinar Learning and Development Overview The Internet Registry

New Local Internet Registry Webinar Learning and Development Overview The Internet Registry (IR) System RIPE and the RIPE NCC Tools Getting Resources 2 The Internet Registry System Section 1 The Internet Registry System 4

453 views • 42 slides
Data storage at the RIPE NCC Robert Kisteleki RIPE NCC R&amp;D CAIDA AIMS-5 Data collection

Data storage at the RIPE NCC Robert Kisteleki RIPE NCC R&amp;D CAIDA AIMS-5 Data collection

Data storage at the RIPE NCC Robert Kisteleki RIPE NCC R&amp;D CAIDA AIMS-5 Data collection exercises We run multiple measurement systems: Test Traffic Measurements (TTM) To be decommissioned soon DNSMON DNS root and TLD monitoring

419 views • 11 slides
Atomised Routing Patrick Verkaik, Andre Broido, kc claffy CAIDA / NLnet Labs / RIPE NCC

Atomised Routing Patrick Verkaik, Andre Broido, kc claffy CAIDA / NLnet Labs / RIPE NCC

Atomised Routing Patrick Verkaik, Andre Broido, kc claffy CAIDA / NLnet Labs / RIPE NCC http://www.caida.org/projects/routing/atoms/ work in progress Motivation Observation: many prefixes share AS path in all

278 views • 14 slides
S PAM T RACER T RACKING F LY -B Y S PAMMERS RIPE 67 P IERRE -A

S PAM T RACER T RACKING F LY -B Y S PAMMERS RIPE 67 P IERRE -A

S PAM T RACER T RACKING F LY -B Y S PAMMERS RIPE 67 P IERRE -A NTOINE V ERVIER S YMANTEC R ESEARCH L ABS Pierre-Antoine_Vervier@symantec.com RIPE 67 - Athens -

231 views • 21 slides

More recommend