Routing Policy Specification Language (RPSL)
draft-ietf-rps-rpsl-03
The information below is for an old version of the document that is already published as an RFC.
| Document | Type |
This is an older version of an Internet-Draft that was ultimately published as RFC 2280.
|
|
|---|---|---|---|
| Authors | Curtis Villamizar , Tony J. Bates , Cengiz Alaettinoglu , David Meyer , Marten Terpstra , Daniel Karrenberg , Elise P. Gerich | ||
| Last updated | 2013-03-02 (Latest revision 1997-08-02) | ||
| RFC stream | Internet Engineering Task Force (IETF) | ||
| Intended RFC status | Proposed Standard | ||
| Formats | |||
| Additional resources | Mailing list discussion | ||
| Stream | WG state | (None) | |
| Document shepherd | (None) | ||
| IESG | IESG state | Became RFC 2280 (Proposed Standard) | |
| Consensus boilerplate | Unknown | ||
| Telechat date | (None) | ||
| Responsible AD | (None) | ||
| Send notices to | (None) |
draft-ietf-rps-rpsl-03
Internet Draft Cengiz Alaettinoglu
Expires January 30, 1998 USC/ISI
draft-ietf-rps-rpsl-03.txt Tony Bates
Cisco Systems
Elise Gerich
At Home Network
Daniel Karrenberg
RIPE
David Meyer
University of Oregon
Marten Terpstra
Bay Networks
Curtis Villamizer
ANS
July 30, 1997
Routing Policy Specification Language (RPSL)
Status of this Memo
This Internet Draft is the reference document for the Routing Policy
Specification Language (RPSL). RPSL allows a network operator to be able to
specify routing policies at various levels in the Internet hierarchy; for
example at the Autonomous System (AS) level. At the same time, policies
can be specified with sufficient detail in RPSL so that low level router
configurations can be generated from them. RPSL is extensible; new routing
protocols and new protocol features can be introduced at any time.
This document is an Internet Draft, and can be found as draft-ietf-rps-rpsl-
03.txt in any standard internet drafts repository. Internet Drafts are
working documents of the Internet Engineering Task Force (IETF), its Areas,
and its Working Groups. Note that other groups may also distribute working
documents as Internet Drafts.
Internet Drafts are draft documents valid for a maximum of six months.
Internet Drafts may be updated, replaced, or obsoleted by other documents
at any time. It is not appropriate to use Internet Drafts as reference
material, or to cite them other than as a ``working draft'' or ``work in
progress.''
Please check the I-D abstract listing contained in each Internet Draft
directory to learn the current status of this or any other Internet Draft.
Internet Draft RPSL July 30, 1997
Contents
1 Introduction 4
2 RPSL Names, Reserved Words, and Representation 5
3 mntner Class 6
4 person Class 8
5 route Class 9
6 Set Classes 10
6.1 route-set Class . . . . . . . . . . . . . . . . . . . . . . . . . . 10
6.2 as-set Class . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
6.3 Predefined Set Objects . . . . . . . . . . . . . . . . . . . . . . 13
6.4 Hierarchical Set Names . . . . . . . . . . . . . . . . . . . . . . 13
7 aut-num Class 14
7.1 import Attribute: Import Policy Specification . . . . . . . . . . . 14
7.1.1Peering Specification . . . . . . . . . . . . . . . . . . . . . 15
7.1.2Action Specification . . . . . . . . . . . . . . . . . . . . . . 17
7.1.3Filter Specification . . . . . . . . . . . . . . . . . . . . . . 17
7.1.4Example Policy Expressions . . . . . . . . . . . . . . . . . . . 21
7.2 export Attribute: Export Policy Specification . . . . . . . . . . . 21
7.3 Other Routing Protocols, Multi-Protocol Routing Protocols, and
Injecting Routes Between Protocols . . . . . . . . . . . . . . . . . 22
7.4 Ambiguity Resolution . . . . . . . . . . . . . . . . . . . . . . . 23
7.5 default Attribute: Default Policy Specification . . . . . . . . . . 25
7.6 Structured Policy Specification . . . . . . . . . . . . . . . . . . 26
8 dictionary Class 30
Alaettinoglu et. al. Expires January 30, 1998 [Page 2]
Internet Draft RPSL July 30, 1997
8.1 Initial RPSL Dictionary and Example Policy Actions and Filters . . 33
9 Advanced route Class 37
9.1 Specifying Static Routes . . . . . . . . . . . . . . . . . . . . . 37
9.2 Specifying Aggregate Routes . . . . . . . . . . . . . . . . . . . . 38
10inet-rtr Class 39
11inet-tunnel Class and Specifying Tunnels 41
12Security Consideration 42
13Acknowledgements 44
A Routing Registry Sites 46
B Authors' Addresses 46
Alaettinoglu et. al. Expires January 30, 1998 [Page 3]
Internet Draft RPSL July 30, 1997
1 Introduction
This Internet Draft is the reference document for the Routing Policy
Specification Language (RPSL). RPSL allows a network operator to be able to
specify routing policies at various levels in the Internet hierarchy; for
example at the Autonomous System (AS) level. At the same time, policies
can be specified with sufficient detail in RPSL so that low level router
configurations can be generated from them. RPSL is extensible; new routing
protocols and new protocol features can be introduced at any time.
RPSL is a replacement for the current Internet de-facto standard routing
policy specification language known as RIPE-181 [6] or RFC-1786 [7].
RIPE-81 [8] was the first language deployed in the Internet for specifying
routing policies. It was later replaced by RIPE-181 [6].
Through operational use of RIPE-181 it has become apparent that certain
policies cannot be specified and a need for an enhanced and more generalized
language is needed. RPSL addresses RIPE-181's limitations. RPSL is object
oriented; that is, objects contain pieces of policy and administrative
information. These objects are registered in the Internet Routing Registry
(IRR) by the authorized organizations. The registration process is beyond
the scope of this document. Please refer to [2, 21, 4] for more details on
the IRR.
RPSL was designed so that a view of the global routing policy can be
contained in a single cooperatively maintained distributed database to
improve the integrety of Internet's routing. RPSL is not designed to
be a router configuration language. RPSL is designed so that router
configurations can be generated from the description of the policy for one
automomous system (see aut-num class) combined with the description of a
router (see inet-rtr class), mainly providing router ID, autonomous system
number of the router, interfaces and peers of the router, and combined
with a global database mappings AS sets to ASes (see as-set class), origin
ASes and route sets to route prefixes. (see route and route-set classes),
The accurate population of the RPSL database can help contribute toward
such goals as router configurations which protect against accidental (or
malicious) distribution of inaccurate routing information and contribute
toward the verification of Internet's routing and aggregation boundaries
beyond a single AS.
In the following sections, we present the classes that are used to define
various policy and administrative objects. The "mntner" class defines
entities authorized to add, delete and modify a set of objects. The
"person" class describes technical and administrative contact personnel.
Autonomous systems (ASes) are specified using the "aut-num" class. Routes
are specified using the "route" class. Sets of ASes and routes can be
defined using the "as-set" and "route-set" classes. The "dictionary"
class provides the extensibility to the language. The "inet-rtr" class
is used to specify routers. Tunnels are specified using "inet-tunnel"
class. Many of these classes were originally defined in earlier documents
Alaettinoglu et. al. Expires January 30, 1998 [Page 4]
Internet Draft RPSL July 30, 1997
[6, 18, 20, 17, 5] and have all been enhanced.
This document is self-contained. However, the reader is encouraged to read
RIPE-181 [7] and the associated documents [18, 20, 17, 5] as they provide
significant background as to the motivation and underlying principles behind
RIPE-181 and consequently, RPSL. They further cover the basic concept of
the Internet Routing Registry (IRR) [2, 21, 4], the data repository for
storing global RPSL based routing policies and a fundamental component in
the application of RPSL. For a tutorial on RPSL, the reader should read the
RPSL applications document [4].
2 RPSL Names, Reserved Words, and Representation
Each class has a set of attributes which store a piece of information about
the objects of the class. Attributes can be mandatory or optional: A
mandatory attribute has to be defined for all objects of the class; optional
attributes can be skipped. Attributes can also be single or multiple
valued. Each object is uniquely identified by a set of attributes, referred
to as the class ``key''.
The value of an attribute has a type. The following types are most widely
used. Note that RPSL is case insensitive.
<object-name>Many objects in RPSL have a name. An <object-name> is made
up of letters, digits, the character underscore ``_'', and the character
hyphen ``-''; the first character of a name must be a letter, and the
last character of a name must be a letter or a digit. The following
words are reserved by RPSL, and they can not be used as names:
any as-any rs-any peeras
and or not
atomic from to at action accept announce except refine
networks into
Names starting with certain prefixes are reserved for certain object
types. Names starting with ``as-'' are reserved for as set names.
Names starting with ``rs-'' are reserved for route set names.
<as-number>An AS number x is represented as the string ``ASx''. That is,
the AS 226 is represented as AS226.
<ipv4-address>An IPv4 address is represented as a sequence of four integers
in the range from 0 to 255 separated by the character dot ``.''. For
example, 128.9.128.5 represents a valid IPv4 address. In the rest of
this document, we may refer to IPv4 addresses as IP addresses.
Alaettinoglu et. al. Expires January 30, 1998 [Page 5]
Internet Draft RPSL July 30, 1997
<address-prefix>An address prefix is represented as an IPv4 address
followed by the character slash ``/'' followed by an integer in the
range from 0 to 32. The following are valid address prefixes:
128.9.128.5/32, 128.9.0.0/16, 0.0.0.0/0; and the following address
prefixes are invalid: 0/0, 128.9/16 since 0 or 128.9 are not strings
containing four integers.
<date>A date is represented as an eight digit integer of the form YYYYMMDD
where YYYY represents the year, MM represents the month of the year (01
through 12), and DD represents the day of the month (01 through 31).
For example, June 24, 1996 is represented as 19960624.
<email-address>is as described in RFC-822[11].
<dns-name>is as described in RFC-1034[23].
<person>is either a full name of a person or a uniquely assigned
NIC-handle. Its syntax has the following form:
<firstname> [<initials>] <lastname>
| <nic-handle>
E.g.
John E Doe
JED31
A NIC handle is an identifier used by routing, address allocation, and
other registries to unambiguously refer to people.
<free-form>is a sequence of ASCII characters.
<X-name>is a name of an object of type X. That is <mntner-name> is a name
of an mntner object.
<registry-name>is a name of an IRR registry. The routing registries are
listed in Appendix A.
A value of an attribute may also be a lists of one of these types. A list
is represented by separating the list members by commas ``,''. For example,
``AS1, AS2, AS3, AS4'' is a list of AS numbers. Note that being list valued
and being multiple valued are orthogonal. A multiple valued attribute has
more than one value each of which may or may not be a list depending on
the attribute. On the other hand a single valued attribute may have a list
value.
An RPSL object is textually represented as a list of attribute-value pairs.
Each attribute-value pair is written on a separate line. The attribute name
starts at column 0, followed by character ``:'' and followed by the value
Alaettinoglu et. al. Expires January 30, 1998 [Page 6]
Internet Draft RPSL July 30, 1997
of the attribute. The object's representation ends when a blank line is
encountered. An attribute's value can be split over multiple lines, by
starting the continuation lines with a white-space (`` '' or tab) character.
The order of attribute-value pairs is significant.
An object's description may contain comments. A comment can be anywhere in
an object's definition, it starts at the first ``#'' character on a line and
ends at the first end-of-line character. White space characters can be used
to improve readability.
3 mntner Class
The mntner class defines entities that can create, delete and update RPSL
objects. A provider, before he/she can create any RPSL object, first needs
to create a mntner object. The attributes of the mntner class are shown in
Figure 1. The mntner class was first described in [18].
Attribute Value Type
mntner <object-name> mandatory, single-valued, class key
descr <free-form> mandatory, single-valued
auth see description in text mandatory, multi-valued
upd-to <email-address> mandatory, multi-valued
mnt-nfy <email-address> optional, multi-valued
tech-c <person> mandatory, multi-valued
admin-c <person> mandatory, multi-valued
remarks <free-form> optional, multi-valued
notify <email-address> optional, multi-valued
mnt-by list of <mntner-name> mandatory, multi-valued
changed <email-address> <date> mandatory, multi-valued
source <registry-name> mandatory, single-valued
Figure 1: mntner Class Attributes
The mntner attribute is mandatory and is the class key attribute. Its value
is an RPSL name. The auth attribute specifies the scheme that will be used
to identify and authenticate update requests from this maintainer. It has
the following syntax:
auth: <scheme-id> <auth-info>
E.g.
auth: NONE
auth: CRYPT-PW dhjsdfhruewf
auth: MAIL-FROM .*@ripe\.net
Alaettinoglu et. al. Expires January 30, 1998 [Page 7]
Internet Draft RPSL July 30, 1997
The <scheme-id>'s currently defined are: NONE, MAIL-FROM, PGP and CRYPT-PW.
The <auth-info> is additional information required by a particular scheme:
in the case of MAIL-FROM, it is a regular expression matching valid email
addresses; in the case of CRYPT-PW, it is a password in UNIX crypt format;
and in the case of PGP, it is a PGP public key. If multiple auth attributes
are specified, an update request satisfying any one of them is authenticated
to be from the maintainer.
The upd-to attribute is an email address. On an unauthorized update
attempt of an object maintained by this maintainer, an email message will
be sent to this address. The mnt-nfy attribute is an email address. A
notification message will be forwarded to this email address whenever an
object maintained by this maintainer is added, changed or deleted.
The descr attribute is a short, free-form textual description of the object.
The tech-c attribute is a technical contact person. This is someone to
be contacted for technical problems such as misconfiguration. The admin-c
attribute is an administrative contact person. The remarks attribute is a
free text explanation or clarification. The notify attribute is an email
address to which notifications of changes to this object should be sent.
The mnt-by attribute is a list of mntner object names. The authorization
for changes to this object is governed by any of the maintainer objects
referenced. The changed attribute documents who last changed this object,
and when this change was made. Its syntax has the following form:
changed: <email-address> <YYYYMMDD>
E.g.
changed: johndoe@terabit-labs.nn 19900401
The <email-address> identifies the person who made the last change.
<YYYYMMDD> is the date of the change. The source attribute specifies the
registry where the object is registered.
The descr, tech-c, admin-c, remarks, notify, mnt-by, changed and source
attributes are attributes of all RPSL classes. Their syntax, semantics, and
mandatory, optional, multi-valued, or single-valued status are the same for
for all classes. We do not further discuss them in other sections.
4 person Class
A person class is used to describe information about people. Even though it
does not describe routing policy, we still describe it here briefly since
many policy objects make reference to person objects. The person class was
first described in [20].
Alaettinoglu et. al. Expires January 30, 1998 [Page 8]
Internet Draft RPSL July 30, 1997
The attributes of the person class are shown in Figure 2. The person
attribute is the full name of the person. The phone and the fax-no
attributes have the following syntax:
phone: +<country-code> <city> <subscriber> [ext. <extension>]
E.g.:
phone: +31 20 12334676
phone: +44 123 987654 ext. 4711
Attribute Value Type
person <person> mandatory, single-valued, class key
address <free-form> mandatory, multi-valued
phone see description in text mandatory, multi-valued
fax-no same as phone optional, multi-valued
e-mail <email-address> mandatory, multi-valued
nic-hdl see description in text optional, single-valued
Figure 2: person Class Attributes
5 route Class
Each interAS route (also referred to as an interdomain route) originated by
an AS is specified using a route object. The attributes of the route class
are shown in Figure 3. The route attribute is the address prefix of the
route and the origin attribute is the AS number of the AS that originates
the route into the interAS routing system. The route and origin attribute
pair is the class key.
The Figure 4 shows examples of four route objects. Note that the last two
route objects have the same address prefix, namely 128.8.0.0/16. However,
they are different route objects since they are originated by different ASes
(i.e. they have different keys).
The withdrawn attribute, if present, signifies that the originator AS no
longer originates this address prefix in the Internet. Its value is a date
indicating the date of withdrawal. In Figure 4, the last route object is
withdrawn (i.e. no longer originated by AS2) on June 24, 1996.
Alaettinoglu et. al. Expires January 30, 1998 [Page 9]
Internet Draft RPSL July 30, 1997
Attribute Value Type
route <address-prefix> mandatory, single-valued, class key
origin <as-number> mandatory, single-valued, class key
withdrawn <date> optional, single-valued
member-of list of <route-set-names> optional, single-valued
see Section 6
inject-at see Section 9 optional, multi-valued
aggr-by see Section 9 optional, single-valued
export-comps see Section 9 optional, single-valued
holes see Section 9 optional, single-valued
Figure 3: route Class Attributes
route: 128.9.0.0/16
origin: AS226
route: 128.99.0.0/16
origin: AS226
route: 128.8.0.0/16
origin: AS1
route: 128.8.0.0/16
origin: AS2
withdrawn: 19960624
Figure 4: Route Objects
6 Set Classes
To specify policies, it is often useful to define sets of objects. For
this purpose we define two classes: route-set and as-set. These classes
define a named set. The members of these sets can be specified by either
explicitly listing them in the set object's definition, or implicitly by
having route and aut-num objects refer to the set name in their definitions,
or a combination of both methods.
6.1 route-set Class
The attributes of the route-set class are shown in Figure 5. The route-set
attribute defines the name of the set. It is an RPSL name that starts with
``rs-''. The members attribute lists the members of the set. The members
Alaettinoglu et. al. Expires January 30, 1998 [Page 10]
Internet Draft RPSL July 30, 1997
attribute is a list of address prefixes or other route-set names.
Attribute Value Type
route-set <object-name> mandatory, single-valued,
class key
members list of <address-prefixes> or optional, single-valued
<route-set-names>
mbrs-by-ref list of <mntner-names> optional, single-valued
Figure 5: route-set Class Attributes
Figure 6 presents some example route-set objects. The set rs-foo contains
two address prefixes, namely 128.9.0.0/16 and 128.9.0.0/16. The set rs-bar
contains the members of the set rs-foo and the address prefix 128.7.0.0/16.
The set rs-empty contains no members.
route-set: rs-foo
members: 128.9.0.0/16, 128.9.0.0/24
route-set: rs-bar
members: 128.7.0.0/16, rs-foo
route-set: rs-empty
Figure 6: route-set Objects
An address prefix or a route-set name in a members attribute can be
optionally followed by an operator '^-', '^+', '^n', or '^n-m' where n and
m are integers. ^- operator is the exclusive more specifics operator; it
stands for the more specifics of the address prefix excluding the address
prefix itself. ^+ operator is the inclusive more specifics operator; it
stands for the more specifics of the address prefix including the address
prefix itself. ^n operator, stands for all the length n specifics of the
address prefix. ^n-m operator, stands for all the length n to length m
specifics of the address prefix. For example, the following set
route-set: rs-bar
members: 5.0.0.0/8^+, 128.9.0.0/16^-,
30.0.0.0/8^16, 30.0.0.0/8^24-32, rs-foo^+
contains all the more specifics of 5.0.0.0/8 including 5.0.0.0/8, all
the more specifics of 128.9.0.0/16 excluding 128.9.0.0/16, all the more
specifics of 30.0.0.0/8 which are of length 16 such as 30.9.0.0/16, all
the more specifics of 30.0.0.0/8 which are of length 24 to 32 such as
Alaettinoglu et. al. Expires January 30, 1998 [Page 11]
Internet Draft RPSL July 30, 1997
30.9.9.96/28, and all the more specifics of address prefixes in route set
rs-foo.
The mbrs-by-ref attribute is a list of maintainer names or the keyword ANY.
If this attribute is used, the route set also includes address prefixes
whose route objects are registered by one of these maintainers and whose
member-of attribute refers to the name of this route set. If the value of a
mbrs-by-ref attribute is ANY, any route object referring to the route set
name is a member. If the mbrs-by-ref attribute is missing, only the address
prefixes listed in the members attribute are members of the set. Note that,
if a prefix is already listed explicitly as a member of a route set, the
route object for that prefix does not need to contain a member-of attribute.
route-set: rs-foo
mbrs-by-ref: MNTR-ME, MNTR-YOU
route-set: rs-bar
members: 128.7.0.0/16
mbrs-by-ref: MNTR-YOU
route: 128.9.0.0/16
origin: AS1
member-of: rs-foo
mnt-by: MNTR-ME
route: 128.8.0.0/16
origin: AS2
member-of: rs-foo, rs-bar
mnt-by: MNTR-YOU
Figure 7: route-set objects.
Figure 7 presents example route-set objects that use the mbrs-by-ref
attribute. The set rs-foo contains two address prefixes, namely
128.8.0.0/16 and 128.9.0.0/16 since the route objects for 128.8.0.0/16 and
128.9.0.0/16 refer to the set name rs-foo in their member-of attribute. The
set rs-bar contains the address prefixes 128.7.0.0/16 and 128.8.0.0/16. The
route 128.7.0.0/16 is explicitly listed in the members attribute of rs-bar,
and the route object for 128.8.0.0/16 refer to the set name rs-bar in its
member-of attribute.
Note that, if an address prefix is listed in a members attribute of a route
set, it is a member of that route set. The route object corresponding to
this address prefix does not need to contain a member-of attribute referring
to this set name. The member-of attribute of the route class is an
additional mechanism for specifying the members indirectly.
Alaettinoglu et. al. Expires January 30, 1998 [Page 12]
Internet Draft RPSL July 30, 1997
6.2 as-set Class
The attributes of the as-set class are shown in Figure 8. The as-set
attribute defines the name of the set. It is an RPSL name that starts with
``as-''. The members attribute lists the members of the set. The members
attribute is a list of AS numbers, or other as-set names.
Attribute Value Type
as-set <object-name> mandatory, single-valued,
class key
members list of <as-numbers> or optional, single-valued
<as-set-names>
mbrs-by-ref list of <mntner-names> optional, single-valued
Figure 8: as-set Class Attributes
Figure 9 presents two as-set objects. The set as-foo contains two ASes,
namely AS1 and AS2. The set as-bar contains the members of the set as-foo
and AS3, that is it contains AS1, AS2, AS3.
as-set: as-foo as-set: as-bar
members: AS1, AS2 members: AS3, as-foo
Figure 9: as-set objects.
The mbrs-by-ref attribute is a list of maintainer names or the keyword ANY.
If this attribute is used, the AS set also includes ASes whose aut-num
objects are registered by one of these maintainers and whose member-of
attribute refers to the name of this AS set. If the value of a mbrs-by-ref
attribute is ANY, any AS object referring to the AS set is a member of the
set. If the mbrs-by-ref attribute is missing, only the ASes listed in the
members attribute are members of the set.
as-set: as-foo
members: AS1, AS2
mbrs-by-ref: MNTR-ME
aut-num: AS3 aut-num: AS4
member-of: as-foo member-of: as-foo
mnt-by: MNTR-ME mnt-by: MNTR-OTHER
Figure 10: as-set objects.
Figure 10 presents an example as-set object that uses the mbrs-by-ref
Alaettinoglu et. al. Expires January 30, 1998 [Page 13]
Internet Draft RPSL July 30, 1997
attribute. The set as-foo contains AS1, AS2 and AS3. AS4 is not a member
of the set as-foo even though the aut-num object references as-foo. This is
because MNTR-OTHER is not listed in the as-foo's mbrs-by-ref attribute.
6.3 Predefined Set Objects
In a context that expects a route set (e.g. members attribute of the
route-set class), an AS number ASx defines the set of routes that are
originated by ASx; and an as-set AS-X defines the set of routes that are
originated by the ASes in AS-X. A route p is said to be originated by ASx if
there is a route object for p with ASx as the value of the origin attribute.
For example, in Figure 11, the route set rs-special contains 128.9.0.0/16,
routes of AS1 and AS2, and routes of the ASes in AS set AS-FOO.
route-set: rs-special
members: 128.9.0.0/16, AS1, AS2, AS-FOO
Figure 11: Use of AS numbers and AS sets in route sets.
The keyword rs-any defines the set of all routes registered in IRR. The
keyword as-any defines the set of all ASes registered in IRR.
6.4 Hierarchical Set Names
Set names can be hierarchical. A hierarchical set name is a sequence of set
names and AS numbers separated by colons ``:''. For example, the following
names are valid: AS1:AS-CUSTOMERS, AS1:RS-EXCEPTIONS, AS1:RS-EXPORT:AS2,
RS-EXCEPTIONS:RS-BOGUS. All components of an hierarchical set name which are
not AS numbers should start with ``as-'' or ``rs-'' for as sets and route
sets respectively.
A set object with name X1:...:Xn-1:Xn can only be created by the maintainer
of the object with name X1:...:Xn-1. That is, only the maintainer of AS1
can create a set with name AS1:AS-FOO; and only the maintainer of AS1:AS-FOO
can create a set with name AS1:AS-FOO:AS-BAR.
7 aut-num Class
ASes are specified using the aut-num class. The attributes of the aut-num
class are shown in Figure 12. The value of the aut-num attribute is the
AS number of the AS described by this object. The as-name attribute is
a symbolic name (in RPSL name syntax) of the AS. The import, export and
Alaettinoglu et. al. Expires January 30, 1998 [Page 14]
Internet Draft RPSL July 30, 1997
default routing policies of the AS are specified using import, export and
default attributes respectively.
Attribute Value Type
aut-num <as-number> mandatory, single-valued, class key
as-name <object-name> mandatory, single-valued
member-of list of <as-set-names> optional, single-valued
import see Section 7.1 optional, multi valued
export see Section 7.2 optional, multi valued
default see Section 7.5 optional, multi valued
Figure 12: aut-num Class Attributes
7.1 import Attribute: Import Policy Specification
---------------------- ----------------------
| 7.7.7.1 |-------| |-------| 7.7.7.2 |
| | ======== | |
| AS1 | EX1 |-------| 7.7.7.3 AS2 |
| | | |
| 9.9.9.1 |------ ------| 9.9.9.2 |
---------------------- | | ----------------------
===========
| EX2
---------------------- |
| 9.9.9.3 |---------
| |
| AS3 |
----------------------
Figure 13: Example topology consisting of three ASes, AS1, AS2, and AS3;
two exchange points, EX1 and EX2; and six routers.
A typical interconnection of ASes is shown in Figure 13. In this example
topology, there are three ASes, AS1, AS2, and AS3; two exchange points,
EX1 and EX2; and six routers. Routers connected to the same exchange
point peer with each other, i.e. open a connection for exchanging routing
information. Each router would export a subset of the routes it has to its
peer routers. Peer routers would import a subset of these routes. A router
while importing routes would set some route attributes. For example, AS1
can assign higher preference values to the routes it imports from AS2 so
that it prefers AS2 over AS3. While exporting routes, a router may also
set some route attributes in order to affect route selection by its peers.
For example, AS2 may set the MULTI-EXIT-DISCRIMINATOR BGP attribute so that
Alaettinoglu et. al. Expires January 30, 1998 [Page 15]
Internet Draft RPSL July 30, 1997
AS1 prefers to use the router 9.9.9.2. Most interAS policies are specified
by specifying what route subsets can be imported or exported, and how the
various route attributes are set and used.
In RPSL, an import policy is divided into import policy expressions. Each
import policy expression is specified using an import attribute. The import
attribute has the following syntax (we will extend this syntax later in
Sections 7.3 and 7.6):
import: from <peering-1> [action <action-1>]
. . .
from <peering-N> [action <action-N>]
accept <filter>
The action specification is optional. The semantics of an import attribute
is as follows: the set of routes that are matched by <filter> are imported
from all the peers specified in <peerings>; while importing routes at
<peering-M>, <action-M> is executed.
E.g.
aut-num: AS1
import: from AS2 action pref = 1; accept { 128.9.0.0/16 }
This example states that the route 128.9.0.0/16 is accepted from AS2 with
preference 1. In the next few subsections, we will describe how peerings,
actions and filters are specified.
7.1.1 Peering Specification
Our example above used an AS number to specify peerings. The peerings
can be specified at different granularities. The syntax of a peering
specification is as follows:
<peer-as> [<peer-router>] [at <local-router>]
| <as-set> [at <local-router>]
where <local-router> and <peer-router> are IP addresses of routers,
<peer-as> is an AS number, and <as-set> is an AS set name. <peer-as> must
be the AS number of <peer-router>. Both <local-router> and <peer-router>
are optional. We first describe the semantics using the first form.
If both <local-router> and <peer-router> are specified, this peering
specification identifies only the peering between these two routers. If
only <local-router> is specified, this peering specification identifies
Alaettinoglu et. al. Expires January 30, 1998 [Page 16]
Internet Draft RPSL July 30, 1997
all the peerings between <local-router> and any of its peer routers in
<peer-as>. If only <peer-router> is specified, this peering specification
identifies all the peerings between any router in the local AS and
<peer-router>. If neither <local-router> nor <peer-router> is specified,
this peering specification identifies all the peerings between any router in
the local AS and any router in <peer-as>. If the <as-set> form is used, the
peering specification identifies all the peerings between <local-router> and
any of its peer routers in one of the ASes in <as-set>. If <local-router>
is not specified, the peering specification identifies all the peerings
between any router in the local AS and any of its peer routers in one of the
ASes in <as-set>.
We next give examples. Consider the topology of Figure 13 where AS1 has
two routers 7.7.7.1 and 9.9.9.1; AS2 has three routers 7.7.7.2, 7.7.7.3 and
9.9.9.2; AS3 has one router 9.9.9.3. 7.7.7.1, 7.7.7.2 and 7.7.7.3 peer with
each other; 9.9.9.1, 9.9.9.2 and 9.9.9.3 peer with each other. In example
(1) below 7.7.7.1 imports 128.9.0.0/16 from 7.7.7.2.
(1) aut-num: AS1
import: from AS2 7.7.7.2 at 7.7.7.1 accept { 128.9.0.0/16 }
(2) aut-num: AS1
import: from AS2 at 7.7.7.1 accept { 128.9.0.0/16 }
(3) aut-num: AS1
import: from AS2 accept { 128.9.0.0/16 }
(4) as-set: AS-FOO
members: AS2, AS3
aut-num: AS1
import: from AS-FOO at 9.9.9.1 accept { 128.9.0.0/16 }
(5) aut-num: AS1
import: from AS-FOO accept { 128.9.0.0/16 }
(6) aut-num: AS1
import: from AS2 at 9.9.9.1 accept { 128.9.0.0/16 }
import: from AS3 at 9.9.9.1 accept { 128.9.0.0/16 }
(7) aut-num: AS1
import: from AS2 accept { 128.9.0.0/16 }
import: from AS3 accept { 128.9.0.0/16 }
In example (2), 7.7.7.1 imports 128.9.0.0/16 from 7.7.7.2 and 7.7.7.3. In
example (3), 7.7.7.1 imports 128.9.0.0/16 from 7.7.7.2 and 7.7.7.3, and
9.9.9.1 imports 128.9.0.0/16 from 9.9.9.2. In example (4), 9.9.9.1 imports
128.9.0.0/16 from 9.9.9.2 and 9.9.9.3. In example (5), 9.9.9.1 imports
128.9.0.0/16 from 9.9.9.2 and 9.9.9.3, and 7.7.7.1 imports 128.9.0.0/16 from
Alaettinoglu et. al. Expires January 30, 1998 [Page 17]
Internet Draft RPSL July 30, 1997
7.7.7.2 and 7.7.7.3. The example (4) and (5) are equivalent to examples (6)
and (7) respectively.
7.1.2 Action Specification
Policy actions in RPSL set or modify route attributes, such as assigning a
preference to a route, adding a community to the community attribute, or
setting the MULTI-EXIT-DISCRIMINATOR attribute. Policy actions can also
instruct routers to perform special operations, such as route flap damping.
The routing policy attributes whose values can be modified in policy actions
are specified in the RPSL dictionary. Please refer to Section 8 for a list
of these attributes. Each action in RPSL is terminated by the character
';'. It is possible to form composite policy actions by listing them one
after the other. In a composite policy action, the actions are executed
left to right. For example,
aut-num: AS1
import: from AS2
action pref = 10; med = 0; community.append(10250, {3561,10});
accept { 128.9.0.0/16 }
sets pref to 10, med to 0, and then appends 10250 and {3561,10} to the
community attribute.
7.1.3 Filter Specification
A policy filter is a logical expression which when applied to a set of
routes returns a subset of these routes. We say that the policy filter
matches the subset returned. The policy filter can match routes using any
route attribute, such as the destination address prefix (or NLRI), AS-path,
or community attributes.
The following policy filters can be used to select a subset of routes:
ANY
The filter-keyword ANY matches all routes.
Address-Prefix Set
This is an explicit list of address prefixes enclosed in braces '{' and
'}'. The policy filter matches the set of routes whose destination
address-prefix is in the set. For example:
Alaettinoglu et. al. Expires January 30, 1998 [Page 18]
Internet Draft RPSL July 30, 1997
{ 0.0.0.0/0 }
{ 128.9.0.0/16, 128.8.0.0/16, 128.7.128.0/17, 5.0.0.0/8 }
{ }
An address prefix can be optionally followed by an operator '^-', '^+',
'^n', or '^n-m' where n and m are integers. ^- operator is the
exclusive more specifics operator; it stands for the more specifics of
the address prefix excluding the address prefix itself. ^+ operator is
the inclusive more specifics operator; it stands for the more specifics
of the address prefix including the address prefix itself. ^n operator,
stands for all the length n specifics of the address prefix. ^n-m
operator, stands for all the length n to length m specifics of the
address prefix. For example, the set
{ 5.0.0.0/8^+, 128.9.0.0/16^-, 30.0.0.0/8^16, 30.0.0.0/8^24-
32 }
contains all the more specifics of 5.0.0.0/8 including 5.0.0.0/8, all
the more specifics of 128.9.0.0/16 excluding 128.9.0.0/16, all the more
specifics of 30.0.0.0/8 which are of length 16 such as 30.9.0.0/16, and
all the more specifics of 30.0.0.0/8 which are of length 24 to 32 such
as 30.9.9.96/28.
Route Set Name
A route set name matches the set of routes that are members of the set.
A route set name may be a name of a route-set object, an AS number, or a
name of an as-set object (AS numbers and as-set names implicitly define
route sets; please see Section 6.3). For example:
aut-num: AS1
import: from AS2 action pref = 1; accept AS2
import: from AS2 action pref = 1; accept AS-FOO
import: from AS2 action pref = 1; accept RS-FOO
The keyword PeerAS can be used instead of the AS number of the peer AS.
PeerAS is particularly useful when the peering is specified using an AS
set. For example:
as-set: AS-FOO
members: AS2 AS3
aut-num: AS1
import: from AS-FOO action pref = 1; accept PeerAS
Alaettinoglu et. al. Expires January 30, 1998 [Page 19]
Internet Draft RPSL July 30, 1997
is same as:
aut-num: AS1
import: from AS2 action pref = 1; accept AS2
import: from AS3 action pref = 1; accept AS3
A route set name can also be followed by one of the operators '^-',
'^+', '^n' or '^n-m'. These operators are distributive over the route
sets. For example, { 5.0.0.0/8, 6.0.0.0/8 }^+ equals { 5.0.0.0/8^+,
6.0.0.0/8^+ }, and AS1^- equals all the exclusive more specifics of
routes originated by AS1.
AS Path Regular Expressions
An AS-path regular expression can be used as a policy filter by
enclosing the expression in `<' and `>'. An AS-path policy filter
matches the set of routes which traverses a sequence of ASes matched
by the AS-path regular expression. A router can check this using the
AS_PATH attribute in the Border Gateway Protocol [28], or the RD_PATH
attribute in the Inter-Domain Routing Protocol[26].
AS-path Regular Expressions are POSIX compliant regular expressions over
the alphabet of AS numbers. The regular expression constructs are as
follows:
ASN where ASN is an AS number. ASN matches the AS-path that is
of length 1 and contains the corresponding AS number (e.g.
AS-path regular expression AS1 matches the AS-path ``1'').
The keyword PeerAS can be used instead of the AS number of
the peer AS.
AS-set where AS-set is an AS set name. AS-set matches the AS-paths
that is matched by one of the ASes in the AS-set.
. matches the AS-paths matched by any AS number.
[...] is an AS number set. It matches the AS-paths matched by the
AS numbers listed between the brackets. The AS numbers in
the set are separated by white space characters. If a `-'
is used between two AS numbers in this set, all AS numbers
between the two AS numbers are included in the set. If
an as-set name is listed, all AS numbers in the as-set are
included.
[^...] is a complemented AS number set. It matches any AS-path which
is not matched by the AS numbers in the set.
^ Matches the empty string at the beginning of an AS-path.
Alaettinoglu et. al. Expires January 30, 1998 [Page 20]
Internet Draft RPSL July 30, 1997
$ Matches the empty string at the end of an AS-path.
We next list the regular expression operators in the decreasing order of
evaluation. These operators are left associative, i.e. performed left
to right.
Unary postfix operators * + ?
For a regular expression A, A* matches zero or more
occurrences of A; A+ matches one or more occurrences of A;
A? matches zero or one occurrence of A.
Binary catenation operator
This is an implicit operator and exists between two
regular expressions A and B when no other explicit
operator is specified. The resulting expression A B
matches an AS-path if A matches some prefix of the AS-path
and B matches the rest of the AS-path.
Binary alternative (or) operator |
For a regular expressions A and B, A | B matches any
AS-path that is matched by A or B.
Parenthesis can be used to override the default order of evaluation.
White spaces can be used to increase readability.
The following are examples of AS-path filters:
<AS3>
<^AS1>
<AS2$>
<^AS1 AS2 AS3$>
<^AS1 .* AS2$>.
The first example matches any route whose AS-path contains AS3, the
second matches routes whose AS-path starts with AS1, the third matches
routes whose AS-path ends with AS2, the fourth matches routes whose
AS-path is exactly ``1 2 3'', and the fifth matches routes whose AS-path
starts with AS1 and ends in AS2 with any number of AS numbers in
between.
Composite Policy Filters
The following operators (in decreasing order of evaluation) can be used to
form composite policy filters:
Alaettinoglu et. al. Expires January 30, 1998 [Page 21]
Internet Draft RPSL July 30, 1997
NOT Given a policy filter x, NOT x matches the set of routes that are not
matched by x. That is it is the negation of policy filter x.
AND Given two policy filters x and y, x AND y matches the intersection of
the routes that are matched by x and that are matched by y.
OR Given two policy filters x and y, x OR y matches the union of the routes
that are matched by x and that are matched by y.
Note that an OR operator can be implicit, that is `x y' is equivalent to `x
OR y'.
E.g.
NOT {128.9.0.0/16, 128.8.0.0/16}
AS226 AS227 OR AS228
AS226 AND NOT {128.9.0.0/16}
AS226 AND {0.0.0.0/0^0-18}
The first example matches any route except 128.9.0.0/16 and 128.8.0.0/16.
The second example matches the routes of AS226, AS227 and AS228. The third
example matches the routes of AS226 except 128.9.0.0/16. The fourth example
matches the routes of AS226 whose length are shorter than 19.
Policy filters can also use the values of other attributes for comparison.
The attributes whose values can be used in policy filters are specified in
the RPSL dictionary. Please refer to Section 8 for details. An example
using the the BGP community attribute is shown below:
aut-num: AS1
export: to AS2 announce AS1 AND NOT community.contains(NO_EXPORT)
Filters using the routing policy attributes defined in the dictionary are
evaluated before evaluating the operators AND, OR and NOT.
7.1.4 Example Policy Expressions
aut-num: AS1
import: from AS2 action pref = 1;
from AS3 action pref = 2;
accept AS4
The above example states that AS4's routes are accepted from AS2 with
preference 1, and from AS3 with preference 2 (routes with lower integer
Alaettinoglu et. al. Expires January 30, 1998 [Page 22]
Internet Draft RPSL July 30, 1997
preference values are preferred over routes with higher integer preference
values).
aut-num: AS1
import: from AS2 7.7.7.2 at 7.7.7.1 action pref = 1;
from AS2 action pref = 2;
accept AS4
The above example states that AS4's routes are accepted from AS2 on peering
7.7.7.1-7.7.7.2 with preference 1, and on any other peering with AS2 with
preference 2.
7.2 export Attribute: Export Policy Specification
Similarly, an export policy expression is specified using an export
attribute. The export attribute has the following syntax:
export: to <peering-1> [action <action-1>]
. . .
to <peering-N> [action <action-N>]
announce <filter>
The action specification is optional. The semantics of an export attribute
is as follows: the set of routes that are matched by <filter> are
exported to all the peers specified in <peerings>; while exporting routes at
<peering-M>, <action-M> is executed.
E.g.
aut-num: AS1
export: to AS2 action med = 5; community .= 70;
announce AS4
In this example, AS4's routes are announced to AS2 with the med attribute's
value set to 5 and community 70 added to the community list.
Example:
aut-num: AS1
export: to AS-FOO announce ANY
Alaettinoglu et. al. Expires January 30, 1998 [Page 23]
Internet Draft RPSL July 30, 1997
In this example, AS1 announces all of its routes to the ASes in the set
AS-FOO.
7.3 Other Routing Protocols, Multi-Protocol Routing Protocols, and Injecting
Routes Between Protocols
The syntax of the import and export attributes are indeed the following:
import: [protocol <protocol-1>] [into <protocol-2>]
from <peering-1> [action <action-1>]
. . .
from <peering-N> [action <action-N>]
accept <filter>
export: [protocol <protocol-1>] [into <protocol-2>]
to <peering-1> [action <action-1>]
. . .
to <peering-N> [action <action-N>]
announce <filter>
Where the optional protocol specifications can be used for specifying
policies for other routing protocols, or for injecting routes of one
protocol into another protocol, or for multi-protocol routing policies. The
valid protocol names are defined in the dictionary. The <protocol-1>
is the name of the protocol whose routes are being exchanged. The
<protocol-2> is the name of the protocol which is receiving these routes.
Both <protocol-1> and <protocol-2> default to the Internet Exterior Gateway
Protocol, currently BGP.
In the following example, all interAS routes are injected into RIP.
aut-num: AS1
import: from AS2 accept AS2
export: protocol BGP4 into RIP
to AS1 announce ANY
In the following example, AS1 accepts AS2's routes including any more
specifics of AS2's routes, but does not inject these extra more specific
routes into OSPF.
aut-num: AS1
import: from AS2 accept AS2^+
export: protocol BGP4 into OSPF
to AS1 announce AS2
Alaettinoglu et. al. Expires January 30, 1998 [Page 24]
Internet Draft RPSL July 30, 1997
In the following example, AS1 injects its static routes (routes which are
members of the set AS1:RS-STATIC-ROUTES) to the interAS routing protocol and
appends AS1 twice to their AS paths.
aut-num: AS1
import: protocol STATIC into BGP4
from AS1 action aspath.prepend(AS1, AS1);
accept AS1:RS-STATIC-ROUTES
In the following example, AS1 imports different set of unicast routes for
multicast reverse path forwarding from AS2:
aut-num: AS1
import: from AS2 accept AS2
import: protocol IDMR
from AS2 accept AS2:RS-RPF-ROUTES
7.4 Ambiguity Resolution
It is possible that the same peering can be covered by more that one peering
specification in a policy expression. For example:
aut-num: AS1
import: from AS2 7.7.7.2 at 7.7.7.1 action pref = 2;
from AS2 7.7.7.2 at 7.7.7.1 action pref = 1;
accept AS4
This is not an error, though definitely not desirable. To break the
ambiguity, the action corresponding to the first peering specification is
used. That is the routes are accepted with preference 2. We call this rule
as the specification-order rule.
Consider the example:
aut-num: AS1
import: from AS2 action pref = 2;
from AS2 7.7.7.2 at 7.7.7.1 action pref = 1; dpa = 5;
accept AS4
where both peering specifications cover the peering 7.7.7.1-7.7.7.2, though
the second one covers it more specifically. The specification order rule
still applies, and only the action ``pref = 2'' is executed. In fact, the
Alaettinoglu et. al. Expires January 30, 1998 [Page 25]
Internet Draft RPSL July 30, 1997
second peering-action pair has no use since the first peering-action pair
always covers it. If the intended policy was to accept these routes with
preference 1 on this particular peering and with preference 2 in all other
peerings, the user should have specified:
aut-num: AS1
import: from AS2 7.7.7.2 at 7.7.7.1 action pref = 1; dpa = 5;
from AS2 action pref = 2;
accept AS4
It is also possible that more than one policy expression can cover the same
set of routes for the same peering. For example:
aut-num: AS1
import: from AS2 action pref = 2; accept AS4
import: from AS2 action pref = 1; accept AS4
In this case, the specification-order rule is still used. That is, AS4's
routes are accepted from AS2 with preference 2. If the filters were
overlapping but not exactly the same:
aut-num: AS1
import: from AS2 action pref = 2; accept AS4
import: from AS2 action pref = 1; accept AS4 OR AS5
the AS4's routes are accepted from AS2 with preference 2 and however AS5's
routes are also accepted, but with preference 1.
We next give the general specification order rule for the benefit of the
RPSL implementors. Consider two policy expressions:
aut-num: AS1
import: from peerings-1 action action-1 accept filter-1
import: from peerings-2 action action-2 accept filter-2
The above policy expressions are equivalent to the following three
expressions where there is no overlap:
aut-num: AS1
import: from peerings-1 action action-1 accept filter-1
import: from peerings-3 action action-2 accept filter-2 AND NOT filter-1
import: from peerings-4 action action-2 accept filter-2
Alaettinoglu et. al. Expires January 30, 1998 [Page 26]
Internet Draft RPSL July 30, 1997
where peerings-3 are those that are covered by both peerings-1 and
peerings-2, and peerings-4 are those that are covered by peerings-2 but not
by peerings-1 (``filter-2 AND NOT filter-1'' matches the routes that are
matched by filter-2 but not by filter-1).
Example:
aut-num: AS1
import: from AS2 7.7.7.2 at 7.7.7.1
action pref = 2;
accept {128.9.0.0/16}
import: from AS2
action pref = 1;
accept {128.9.0.0/16, 75.0.0.0/8}
Lets consider two peerings with AS2, 7.7.7.1-7.7.7.2 and 9.9.9.1-9.9.9.2.
Both policy expressions cover 7.7.7.1-7.7.7.2. On this peering, the route
128.9.0.0/16 is accepted with preference 2, and the route 75.0.0.0/8 is
accepted with preference 1. The peering 9.9.9.1-9.9.9.2 is only covered by
the second policy expressions. Hence, both the route 128.9.0.0/16 and the
route 75.0.0.0/8 are accepted with preference 1 on peering 9.9.9.1-9.9.9.2.
7.5 default Attribute: Default Policy Specification
Default routing policies are specified using the default attribute. The
default attribute has the following syntax:
default: to <peering> [action <action>] [networks <filter>]
The <action> and <filter> specifications are optional. The semantics
are as follows: The <peering> specification indicates the AS (and the
router if present) is being defaulted to; the <action> specification,
if present, indicates various attributes of defaulting, for example a
relative preference if multiple defaults are specified; and the <filter>
specifications, if present, is a policy filter. A router chooses a default
router from the routes in its routing table that matches this <filter>.
In the following example, AS1 defaults to AS2 for routing.
aut-num: AS1
default: to AS2
Alaettinoglu et. al. Expires January 30, 1998 [Page 27]
Internet Draft RPSL July 30, 1997
In the following example, router 7.7.7.1 in AS1 defaults to router 7.7.7.2
in AS2.
aut-num: AS1
default: to AS2 7.7.7.2 at 7.7.7.1
In the following example, AS1 defaults to AS2 and AS3, but prefers AS2 over
AS3.
aut-num: AS1
default: to AS2 action pref = 1;
default: to AS3 action pref = 2;
In the following example, AS1 defaults to AS2 and uses 128.9.0.0/16 as the
default network.
aut-num: AS1
default: to AS2 networks { 128.9.0.0/16 }
7.6 Structured Policy Specification
The import and export policies can be structured. We only reccomend
structured policies to advanced RPSL users. Please feel free to skip this
section.
The BNF for a structured policy specification is the following:
<import-factor> ::= from <peering-1> [action <action-1>]
. . .
from <peering-N> [action <action-N>]
accept <filter>;
<import-term> ::= <import-factor> |
LEFT-BRACE
<import-factor>
. . .
<import-factor>
RIGHT-BRACE
<import-expression> ::= <import-term> |
<import-term> EXCEPT <import-expression> |
<import-term> REFINE <import-expression>
Alaettinoglu et. al. Expires January 30, 1998 [Page 28]
Internet Draft RPSL July 30, 1997
import: [protocol <protocol1>] [into <protocol2>]
<import-expression>
Please note the semicolon at the end of an <import-factor>. If the policy
specification is not structured (as in all the examples in other sections),
this semicolon is optional. The syntax and semantics for an <import-factor>
is already defined in Section 7.1.
An <import-term> is either a sequence of <import-factor>'s enclosed within
matching braces (i.e. `{' and `}') or just a single <import-factor>. The
semantics of an <import-term> is the union of <import-factor>'s using the
specification order rule. An <import-expression> is either a single
<import-term> or an <import-term> followed by one of the keywords "except"
and "refine", followed by another <import-expression>. Note that our
definition allows nested expressions. Hence there can be exceptions to
exceptions, refinements to refinements, or even refinements to exceptions,
and so on.
The semantics for the except operator is as follows: The result of
an except operation is another <import-term>. The resulting policy set
contains the policies of the right hand side but their filters are modified
to only include the routes also matched by a filter on the left hand side.
The policies of the left hand side are included afterwards and their filters
are modified to exclude the routes matched by the filters of the right hand
side. Please note that the filters are modified during this process but the
actions are copied verbatim. When there are multiple levels of nesting, the
operations (both except and refine) are performed right to left.
Consider the following example:
import: from AS1 action pref = 1; accept as-foo;
except {
from AS2 action pref = 2; accept AS226;
except {
from AS3 action pref = 3; accept {128.9.0.0/16};
}
}
where the route 128.9.0.0/16 is originated by AS226, and AS226 is a member
of the as set as-foo. In this example, the route 128.9.0.0/16 is accepted
from AS3, any other route (not 128.9.0.0/16) originated by AS226 is accepted
from AS2, and any other ASes' routes in as-foo is accepted from AS1.
We can come to the same conclusion using the algebra defined above.
Consider the inner exception specification:
from AS2 action pref = 2; accept AS226;
Alaettinoglu et. al. Expires January 30, 1998 [Page 29]
Internet Draft RPSL July 30, 1997
except {
from AS3 action pref = 3; accept {128.9.0.0/16};
}
is equivalent to
{
from AS3 action pref = 3; accept AS226 AND {128.9.0.0/16};
from AS2 action pref = 2; accept AS226 AND NOT {128.9.0.0/16};
}
Hence, the original expression is equivalent to:
import: from AS1 action pref = 1; accept as-foo;
except {
from AS3 action pref = 3; accept AS226 AND {128.9.0.0/16};
from AS2 action pref = 2; accept AS226 AND NOT {128.9.0.0/16};
}
which is equivalent to
import: {
from AS3 action pref = 3;
accept as-foo AND AS226 AND {128.9.0.0/16};
from AS2 action pref = 2;
accept as-foo AND AS226 AND NOT {128.9.0.0/16};
from AS1 action pref = 1;
accept as-foo AND NOT
(AS226 AND NOT {128.9.0.0/16} OR AS226 AND {128.9.0.0/16});
}
Since AS226 is in as-foo and 128.9.0.0/16 is in AS226, it simplifies to:
import: {
from AS3 action pref = 3; accept {128.9.0.0/16};
from AS2 action pref = 2; accept AS226 AND NOT {128.9.0.0/16};
from AS1 action pref = 1; accept as-foo AND NOT AS226;
}
In the case of the refine operator, the resulting set is constructed by
taking the cartasian product of the two sides as follows: for each policy l
in the left hand side and for each policy r in the right hand side, the
Alaettinoglu et. al. Expires January 30, 1998 [Page 30]
Internet Draft RPSL July 30, 1997
peerings of the resulting policy are the peerings common to both r and l;
the filter of the resulting policy is the intersection of l's filter and r's
filter; and action of the resulting policy is l's action followed by r's
action. If there are no common peerings, or if the intersection of filters
is empty, a resulting policy is not generated.
Consider the following example:
import: { from AS-ANY action pref = 1; accept community.contains({3560,10});
from AS-ANY action pref = 2; ac-
cept community.contains({3560,20});
} refine {
from AS1 accept AS1;
from AS2 accept AS2;
from AS3 accept AS3;
}
Here, any route with community {3560,10} is assigned a preference of 1 and
any route with community {3560,20} is assigned a preference of 2 regardless
of whom they are imported from. However, only AS1's routes are imported
from AS1, and only AS2's routes are imported from AS2, and only AS3's routes
are imported form AS3, and no routes are imported from any other AS. We can
reach the same conclusion using the above algebra. That is, our example is
equivalent to:
import: {
from AS1 action pref = 1; accept community.contains({3560,10}) AND AS1;
from AS1 action pref = 2; accept community.contains({3560,20}) AND AS1;
from AS2 action pref = 1; accept community.contains({3560,10}) AND AS2;
from AS2 action pref = 2; accept community.contains({3560,20}) AND AS2;
from AS3 action pref = 1; accept community.contains({3560,10}) AND AS3;
from AS3 action pref = 2; accept community.contains({3560,20}) AND AS3;
}
Note that the common peerings between ``from AS1'' and ``from AS-ANY'' are
those peerings in ``from AS1''. Even though we do not formally define
``common peerings'', it is straight forward to deduce the definition from
the definitions of peerings (please see Section 7.1.1).
Consider the following example:
import: {
from AS-ANY action med = 0; accept {0.0.0.0/0^0-16};
} refine {
from AS1 at 7.7.7.1 action pref = 1; accept AS1;
from AS1 action pref = 2; accept AS1;
Alaettinoglu et. al. Expires January 30, 1998 [Page 31]
Internet Draft RPSL July 30, 1997
}
where only routes of length 0 to 16 are accepted and med's value is set to 0
to disable med's effect for all peerings; In addition, from AS1 only AS1's
routes are imported, and AS1's routes imported at 7.7.7.1 are preferred over
other peerings. This is equivalent to:
import: {
from AS1 at 7.7.7.1 action med=0; pref=1; accept {0.0.0.0/0^0-
16} AND AS1;
from AS1 action med=0; pref=2; accept {0.0.0.0/0^0-
16} AND AS1;
}
The above syntax and semantics also apply equally to structured export
policies with ``from'' replaced with ``to'' and ``accept'' is replaced with
``announce''.
8 dictionary Class
The dictionary class provides extensibility to RPSL. Dictionary objects
define routing policy attributes, types, and routing protocols. Routing
policy attributes, henceforth called rp-attributes, may correspond to actual
protocol attributes, such as the BGP path attributes (e.g. community, dpa,
and AS-path), or they may correspond to router features (e.g. BGP route flap
damping). As new protocols, new protocol attributes, or new router features
are introduced, the dictionary object is updated to include appropriate
rp-attribute and protocol definitions.
An rp-attribute is an abstract class; that is their data representation is
not available. Instead, they are accessed through access methods. For
example, the rp-attribute for the BGP AS-path attribute is called aspath;
and it has an access method called prepend which stuffs extra AS numbers to
the AS-path attributes. Access methods can take arguments. Arguments are
strongly typed. For example, the method prepend above takes AS numbers as
argument.
Once an rp-attribute is defined in the dictionary, it can be used to
describe policy filters and actions. Policy analysis tools are required
to fetch the dictionary object and recognize newly defined rp-attributes,
types, and protocols. The analysis tools may approximate policy analyses
on rp-attributes that they do not understand: a filter method may always
match, and an action method may always perform no-operation. Analysis tools
may even download code to perform appropriate operations using mechanisms
outside the scope of RPSL.
Alaettinoglu et. al. Expires January 30, 1998 [Page 32]
Internet Draft RPSL July 30, 1997
We next describe the syntax and semantics of the dictionary class. This
description is not essential for understanding dictionary objects (but it is
essential for creating one). Please feel free to skip to the RPSL Initial
Dictionary subsection (Section 8.1).
The attributes of the dictionary class are shown in Figure 14. The
dictionary attribute is the name of the dictionary object, obeying the RPSL
naming rules. There can be many dictionary objects, however there is always
one well-known dictionary object ``RPSL''. All tools use this dictionary by
default.
Attribute Value Type
dictionary <object-name> mandatory, single-valued, class key
rp-attribute see description in text optional, multi valued
typedef see description in text optional, multi valued
protocol see description in text optional, multi valued
encapsulation see Section 11 optional, multi valued
Figure 14: dictionary Class Attributes
The rp-attribute attribute has the following syntax:
rp-attribute: <name>
<method-1>(<type-1-1>, ..., <type-1-N1> [, "..."])
...
<method-M>(<type-M-1>, ..., <type-M-NM> [, "..."])
where <name> is the name of the rp-attribute; and <method-i> is the name of
an access method for the rp-attribute, taking Ni arguments where the j-th
argument is of type <type-i-j>. A method name is either an RPSL name or one
of the operators defined in Figure 15. The operator methods can take only
one argument.
operator= operator==
operator<<= operator<
operator>>= operator>
operator+= operator>=
operator-= operator<=
operator*= operator!=
operator/= operator()
operator.= operator[]
Figure 15: Operators
Alaettinoglu et. al. Expires January 30, 1998 [Page 33]
Internet Draft RPSL July 30, 1997
An rp-attribute can have many methods defined for it. Some of the methods
may even have the same name, in which case their arguments are of different
types. If the argument list is followed by ``...'', the method takes a
variable number of arguments. In this case, the actual arguments after the
Nth argument are of type <type-N>.
Arguments are strongly typed. A type of an argument can be one of the
predefined types or one of the dictionary defined types. The predefined
type names are listed in Figure 16. The integer and the real types can be
followed by a lower and an upper bound to specify the set of valid values
of the argument. The range specification is optional. We use the ANSI C
language conventions for representing integer, real and string values. The
enum type is followed by a list of RPSL names which are the valid values of
the type. The boolean type can take the values true or false. as_number,
ip_address, address_prefix and dns_name types are as in Section 2. filter
type is a policy filter as in Section 7.
integer[lower, upper] as_number
real[lower, upper] ipv4_address
enum[name, name, ...] address_prefix
string dns_name
boolean filter
rpsl_word as_set_name
free_text route_set_name
email
Figure 16: Predefined Types
The typedef attribute specifies a dictionary defined type. Its syntax is as
follows:
typedef: <name> <type-1> ... <type-N>
where <name> is the name of the type being defined and <type-M> is another
type name, either predefined or dictionary defined. The type defined by a
typedef is either of the types 1 through N (analogous to unions in C[19]).
A dictionary defined type can also be a list type, specified as:
list [<min_elems>:<max_elems>] of <type>
where the list elements are of <type> and the list contains at least
<min_elems> and at most <max_elems> elements. The size specification is
optional. In this case, there is no restriction in the number of list
Alaettinoglu et. al. Expires January 30, 1998 [Page 34]
Internet Draft RPSL July 30, 1997
elements. A value of a list type is represented as a sequence of elements
separated by the character ``,'' and enclosed by the characters ``{'' and
``}''.
A protocol attribute of the dictionary class defines a protocol and a set
of peering options for that protocol (which are used in inet-rtr class in
Section 10). Its syntax is as follows:
protocol: <name>
MANDATORY | OPTIONAL <option-1>(<type-1-1>, ..., <type-1-N1> [, "..."])
...
MANDATORY | OPTIONAL <option-M>(<type-M-1>, ..., <type-M-NM> [, "..."])
where <name> is the name of the protocol; MANDATORY and OPTIONAL are
keywords; and <option-i> is a peering option for this protocol, taking Ni
many arguments. The syntax and semantics of the arguments are as in the
rp-attribute. If the keyword MANDATORY is used the option is mandatory and
needs to be specified for each peering of this protocol. If the keyword
OPTIONAL is used the option can be skipped.
The encapsulation attribute defines a valid encapsulation name for
inet-tunnel objects. Please refer to Section 11 for details.
8.1 Initial RPSL Dictionary and Example Policy Actions and Filters
dictionary: RPSL
rp-attribute: # preference, smaller values represent higher preferences
pref
operator=(integer[0, 65535])
rp-attribute: # BGP multi_exit_discriminator attribute
med
operator=(integer[0, 65535])
# to set med to the IGP metric: med = igp_cost;
operator=(enum[igp_cost])
rp-attribute: # BGP destination preference attribute (dpa)
dpa
operator=(integer[0, 65535])
rp-attribute: # BGP aspath attribute
aspath
# prepends AS numbers from last to first order
prepend(as_number, ...)
typedef: # a community value in RPSL is either
# - a 4 byte integer
# - internet, no_export, no_advertise (see RFC-1997)
# - two 2-byte integers to be concatanated eg. {3561,70}
Alaettinoglu et. al. Expires January 30, 1998 [Page 35]
Internet Draft RPSL July 30, 1997
community_elm
integer[1, 4294967200],
enum[internet, no_export, no_advertise]
list[2:2] of integer[0, 65535]
typedef: # list of community values { 40, no_export, {3561,70}}
community_list
list of community_elm
rp-attribute: # BGP community attribute
community
# set to a list of communities
operator=(community_list)
# order independent equality comparison
operator==(community_list)
# append community values
operator.=(community_elm)
append(community_elm, ...)
# delete community values
delete(community_elm, ...)
# a filter: true if one of community values is contained
contains(community_elm, ...)
# shortcut to contains: community(no_export, {3561,70})
operator()(community_elm, ...)
rp-attribute: # next hop router in a static route
next-hop
operator=(ipv4_address) # a router address
operator=(enum[self]) # router's own address
rp-attribute: # cost of a static route
cost
operator=(integer[0, 65535])
rp-attribute: # IP time-to-live, useful for tunnels
ttlscope
operator=(integer[0, 65535])
rp-attribute: # A DVMRP metric, useful for tunnels
dvmrp-metric
operator=(integer[0, 65535])
rp-attribute: # for admin scoped multicast
boundary
operator=(list of address_prefix)
encapsulation: IPinIP
encapsulation: IPMOBILITY
encapsulation: DVMRP
encapsulation: GRE
encapsulation: IPv6
protocol: BGP4
# as number of the peer router
MANDATORY asno(as_number)
# enable flap damping
OPTIONAL flap_damp()
protocol: OSPF
protocol: RIP
protocol: IGRP
Alaettinoglu et. al. Expires January 30, 1998 [Page 36]
Internet Draft RPSL July 30, 1997
protocol: IS-IS
protocol: STATIC
protocol: RIPng
protocol: DVMRP
protocol: PIM-DM
protocol: PIM-SM
protocol: CBT
protocol: MOSPF
Figure 17: RPSL Dictionary
The Figure 17 shows the initial RPSL dictionary. It has eight
rp-attributes: pref to assign local preference to the routes accepted;
med to assign a value to the MULTI_EXIT_DISCRIMINATOR BGP attribute; dpa to
assign a value to the DPA BGP attribute; aspath to prepend a value to the
AS_PATH BGP attribute; community to assign a value to or to check the value
of the community BGP attribute; next-hop to assign next hop routers to
static routes; and cost to assign a cost to static routes. The dictionary
defines two types: community_elm and community_list. community_elm type
is either a 4-byte unsigned integer, or one of the keywords no_export or
no_advertise (defined in [9]), or a list of two 2-byte unsigned integers
in which case the two integers are concatenated to form a 4-byte integer.
(The last form is often used in the Internet to partition the community
space. A provider uses its AS number as the first two bytes, and assigns a
semantics of its choice to the last two bytes.) The rp-attributes ttlscope,
dvmrp-metric, boundary are for specifying tunnel characteristics and are
described in Section 11.
The initial dictionary (Figure 17) defines only options for the Border
Gateway Protocol: asno and flap_damp. The mandatory asno option is the AS
number of the peer router. The optional flap_damp option instructs the
router to damp route flaps when importing routes from the peer router.
The initial dictionary (Figure 17) defines the following encapsulation
types: IPinIP [29], IPMOBILITY [24], DVMRP [25], GRE [15], and IPv6
[10].
Policy Actions and Filters Using RP-Attributes
The syntax of a policy action or a filter using an rp-attribute x is as
follows:
x.method(arguments)
x ``op'' argument
Alaettinoglu et. al. Expires January 30, 1998 [Page 37]
Internet Draft RPSL July 30, 1997
where method is a method and ``op'' is an operator method of the
rp-attribute x. If an operator method is used in specifying a composite
policy filter, it evaluates earlier than the composite policy filter
operators (i.e. AND, OR, NOT, and implicit or operator).
The pref rp-attribute can be assigned a positive integer as follows:
pref = 10;
The med rp-attribute can be assigned either a positive integer or the word
``igp_cost'' as follows:
med = 0;
med = igp_cost;
The dpa rp-attribute can be assigned a positive integer as follows:
dpa = 100;
The BGP community attribute is list-valued, that is it is a list of
4-byte integers each representing a ``community''. The following examples
demonstrate how to add communities to this rp-attribute:
community .= 100;
community .= NO_EXPORT;
community .= {3561,10};
In the last case, a 4-byte integer is constructed where the more significant
two bytes equal 3561 and the less significant two bytes equal 10. The
following examples demonstrate how to delete communities from the community
rp-attribute:
community.delete(100, NO_EXPORT, {3561,10});
Filters that use the community rp-attribute can be defined as demonstrated
by the following examples:
community.contains(100, NO_EXPORT, {3561,10});
Alaettinoglu et. al. Expires January 30, 1998 [Page 38]
Internet Draft RPSL July 30, 1997
The community rp-attribute can be set to a list of communities as follows:
community = {100, NO_EXPORT, {3561,10}, 200};
community = {};
In this first case, the community rp-attribute contains the communities
100, NO_EXPORT, {3561,10}, and 200. In the latter case, the community
rp-attribute is cleared. The community rp-attribute can be compared against
a list of communities as follows:
community == {100, NO_EXPORT, {3561,10}, 200};
To influence the route selection, the BGP as_path rp-attribute can be made
longer by prepending AS numbers to it as follows:
aspath.prepend(AS1);
aspath.prepend(AS1, AS1, AS1);
The following examples are invalid:
med = -50; # -50 is not in the range
med = igp; # igp is not one of the enum values
med.assign(10); # method assign is not defined
community.append({AS3561,20}); # the first argument should be 3561
Figure 18 shows a more advanced example using the rp-attribute community.
In this example, AS3561 bases its route selection preference on the
community attribute. Other ASes may indirectly affect AS3561's route
selection by including the appropriate communities in their route
announcements.
9 Advanced route Class
9.1 Specifying Static Routes
The attribute inject-at can be used to specify static routes. Its syntax is
as follows:
Alaettinoglu et. al. Expires January 30, 1998 [Page 39]
Internet Draft RPSL July 30, 1997
aut-num: AS1
export: to AS2 action community.={3561,90};
to AS3 action community.={3561,80};
announce AS1
as-set: AS3561:AS-PEERS
members: AS2, AS3
aut-num: AS3561
import: from AS3561:AS-PEERS
action pref = 10;
accept community.contains({3561,90})
import: from AS3561:AS-PEERS
action pref = 20;
accept community.contains({3561,80})
import: from AS3561:AS-PEERS
action pref = 20;
accept community.contains({3561,70})
import: from AS3561:AS-PEERS
action pref = 0;
accept ANY
Figure 18: Policy example using the community rp-attribute.
inject-at: <router> [action <action>]
where <router> is an IP address of a router and <action> is as in the
aut-num class. <router> executes the <action> and injects the route to the
interAS routing system. <action> may set certain route attributes such as a
next-hop router or a cost.
In the following example, the router 7.7.7.1 injects the route 128.7.0.0/16.
The next-hop routers (in this example, there are two next-hop routers) for
this route are 7.7.7.2 and 7.7.7.3 and the route has a cost of 10 over
7.7.7.2 and 20 over 7.7.7.3.
route: 128.7.0.0/16
origin: AS1
inject-at: 7.7.7.1 action next-hop = 7.7.7.2; cost = 10;
inject-at: 7.7.7.1 action next-hop = 7.7.7.3; cost = 20;
Alaettinoglu et. al. Expires January 30, 1998 [Page 40]
Internet Draft RPSL July 30, 1997
9.2 Specifying Aggregate Routes
The attributes aggr-by, inject-at, export-comps, and holes are used for
specifying aggregate routes [13].
The aggr-by attribute defines what component routes are used to form the
aggregate. Its syntax is as follows:
aggr-by: [atomic] <filter>
A router in the origin AS forms the aggregate route if there is at least one
route in its routing table that matches <filter>. If the keyword ATOMIC
is specified, the aggregation is done atomically, otherwise the BGP path
attributes of the matching routes are used to form the BGP path attributes
of the aggregate route. For example, if atomic aggregation is done, the
aggregate route would have an AS-path that starts from the aggregating
AS [13]. Otherwise, the aggregate route would have an AS-path containing
AS-sets formed from the AS-paths of the matching routes.
Figure 19 shows some example aggregate route objects. The aggregate
128.9.0.0/16 is generated if there is a route that matches the filter
``128.9.0.0/16^- AND <^AS226>'' (this filter matches more specifics of
128.9.0.0/16 that are received form AS226). The BGP path attributes of
the matching routes are used to form the BGP path attributes of the
route 128.9.0.0/16. Similarly, the aggregate 128.8.0.0/16 is generated if
there is a route that matches the filter ``128.8.0.0/16^- AND <^AS226>''.
However, its path attributes are generated using the atomic aggregation
rules [13]. The aggregate 128.7.0.0/16 is always and atomically generated
since the policy filter ``ANY'' matches any route in the routing table.
The inject-at attribute lists the routers in the originating AS that inject
this route to the interAS routing system. That is, these routers are
configured to perform the aggregation. If the inject-at attribute is
missing, all routers in the originating AS perform the aggregation. The
route 128.7.0.0/16 in Figure 19 is injected by routers 7.7.7.1 and 9.9.9.1
in AS1.
When a set of routes are aggregated, the intent is to export only the
aggregate route and suppress the exporting of the component routes to the
outside world. However, to satisfy certain policy and topology constraints
(e.g. a multi-homed component), it is often required to export some of
the components. The export-comps attribute equals an RPSL filter that
matches the routes that need to be exported to the neighboring ASes. If
this attribute is missing, no component route needs to be exported to the
neighboring ASes. The export-comps attribute can only be specified if
an aggr-by attribute is specified for the route object. The component
128.7.9.0/24 of route 128.7.0.0/16 in Figure 19 needs to be exported to
other ASes.
Alaettinoglu et. al. Expires January 30, 1998 [Page 41]
Internet Draft RPSL July 30, 1997
route: 128.9.0.0/16
origin: AS1
aggr-by: {128.9.0.0/16^-} AND <^AS226>
route: 128.8.0.0/16
origin: AS1
aggr-by: ATOMIC {128.8.0.0/16^-} AND <^AS226>
route: 128.7.0.0/16
origin: AS1
aggr-by: ATOMIC ANY
inject-at: 7.7.7.1
inject-at: 9.9.9.1
export-comps: {128.7.9.0/24}
Figure 19: Aggregate route objects.
The holes attribute lists the component address prefixes which are not
reachable through the aggregate route (perhaps that part of the address
space is unallocated). Figure 20 shows a route object whose two components,
namely 128.9.0.0/16 and 128.7.0.0/16, are not reachable via the aggregate.
That is, if a data packet destined to a host in 128.9.0.0/16 is sent to AS1,
AS1 can not deliver it to its final destination (i.e. it is black-holed).
route: 128.0.0.0/12
origin: AS1
aggr-by: {128.0.0.0/12^-}
holes: 128.7.0.0/16, 128.9.0.0/16
Figure 20: The route 128.0.0.0/12 does not lead to destinations in
128.9.0.0/16.
10 inet-rtr Class
Routers are specified using the inet-rtr class. The attributes of the
inet-rtr class are shown in Figure 21. The inet-rtr attribute is a valid
DNS name of the router described. Each alias attribute, if present, is a
canonical DNS name for the router. The local-as attribute specifies the AS
number of the AS which owns/operates this router.
The value of an ifaddr attribute has the following syntax:
<ipv4-address> masklen <integer>
Alaettinoglu et. al. Expires January 30, 1998 [Page 42]
Internet Draft RPSL July 30, 1997
Attribute Value Type
inet-rtr <dns-name> mandatory, single-valued, class key
alias <dns-name> optional, multi-valued
local-as <as-number> mandatory, single-valued
ifaddr see description in text mandatory, multi-valued
peer see description in text optional, multi-valued
Figure 21: inet-rtr Class Attributes
[tunnel <inet-tunnel-name>]
[action <action>]
The IP address and the mask length are mandatory for each interface. If
the interface is a tunnel, and if there is an inet-tunnel object describing
the tunnel, the tunnel's name can also be specified. (An example inet-rtr
object with tunnels is presented in Section 11.) Optionally an action can
be specified to set other parameters of this interface.
Figure 22 presents an example inet-rtr object. The name of the router is
``amsterdam.ripe.net''. ``amsterdam1.ripe.net'' is a canonical name for the
router. The router is connected to 4 networks. Its IP addresses and mask
lengths in those networks are specified in the ifaddr attributes.
inet-rtr: Amsterdam.ripe.net
alias: amsterdam1.ripe.net
local-as: AS3333
ifaddr: 192.87.45.190 masklen 24
ifaddr: 192.87.4.28 masklen 24
ifaddr: 193.0.0.222 masklen 27
ifaddr: 193.0.0.158 masklen 27
peer: BGP4 192.87.45.195 asno(AS3334), flap_damp()
Figure 22: inet-rtr Objects
Each peer attribute, if present, specifies a protocol peering with another
router. The value of a peer attribute has the following syntax:
<protocol> <ipv4-address> <options>
where <protocol> is a protocol name, <ipv4-address> is the IP address of the
peer router, and <options> is a comma separated list of peering options
for <protocol>. Possible protocol names and attributes are defined in the
Alaettinoglu et. al. Expires January 30, 1998 [Page 43]
Internet Draft RPSL July 30, 1997
dictionary (please see Section 8). In the above example, the router has
a BGP peering with the router 192.87.45.195 in AS3334 and turns the flap
damping on when importing routes from this router.
11 inet-tunnel Class and Specifying Tunnels
Tunneling is a fundamental networking technology that is used in a variety
circumstances. A common use of tunneling is to incrementally deploy a new
network layer protocol. The approach is to encapsulate ("tunnel") the new
protocol through the existing network layer protocol, usually IP. Examples
of this approach include include the multicast backbone [3], where multicast
packets are encapsulated in IP packets using protocol 4 (IP in IP), and IPv6
backbone [1], where IPv6 packets are encapsulated in IP packets using IP
protocol 41 [14].
Another use of tunneling is to force congruence between the existing (IP
unicast) topology and some new topology. Due the special requirements of IP
multicast routing, the MBONE is also an example of this use of tunneling.
This section describes general tunneling specification in RPSL. Both
point-to-point and point-to-multipoint tunnels of encapsulation types,
including DVMRP, GRE, and IPv6, are supported. In addition to the
encapsulation, a protocol to run inside the tunnel can also be specified.
Tunnels are specified using the inet-tunnel class. The attributes of the
inet-tunnel class are shown in Figure 23. The inet-tunnel attribute is a
valid RPSL name for the tunnel described. The tunnel-source attribute is
the IP address of the source end point of the tunnel. The inet-tunnel and
the tunnel-source attributes form the class key. That is, a point-to-point
tunnel is specified using two tunnel object, one for each end point of the
tunnel. The tunnel-sink attribute is the IP address of other end points of
the tunnel. If the tunnel is a multi-point tunnel, multiple tunnel-sink
attributes can be used to list each end point. The tunnel-encap attribute
is an encapsulation name. Valid encapsulation names are defined in the
dictionary and include IPinIP [29], IPMOBILITY [24], DVMRP [25], GRE [15],
and IPv6 [10]. The tunnel-protocol attribute is a protocol name to run
"inside" the tunnel. Valid protocol names are defined in the dictionary
and include BGP, RIPng, DVMRP. See [27] for an application that uses BGP
tunneled in GRE. The tunnel-mcast-tree attribute is used to describe the
multicast tree construction mechanism used on the tunnel. Examples include
PIM-DM and PIM-SM.
The tunnel-in and tunnel-out attributes have the following format:
tunnel-in: from <ipv4-address> [action <action>] accept <filter>
tunnel-out: to <ipv4-address> [action <action>] announce <filter>
Alaettinoglu et. al. Expires January 30, 1998 [Page 44]
Internet Draft RPSL July 30, 1997
Attribute Value Type
inet-tunnel <rpsl-name> mandatory, single-valued, class key
tunnel-source <ipv4-address> mandatory, single valued, class key
tunnel-sink <ipv4-address> mandatory, multi-valued, class key
tunnel-encap <encapsulation-name> mandatory, single-valued
tunnel-protocol <protocol-name> mandatory, single valued
tunnel-mcast-tree <protocol-name> optional, single valued
tunnel-in see description in text mandatory, multi-valued
tunnel-out see description in text mandatory, multi-valued
Figure 23: inet-tunnel Class Attributes
where <action> and <filter> are as in the aut-num class. The possible
actions are defined in the dictionary and include
ttlscope The minimum IP time-to-live required for a packet to be forwarded
to the specified endpoint (in the case of multipoint tunnels, there may
be per endpoint scopes).
boundary A boundary attribute describes an administratively defined class
of packets that will not be forwarded through the tunnel [22].
dvmrp-metric A DVMRP metric.
These attributes are particularly relevant to multicast routing. Attributes
for other tunnels can later be defined in the dictionary. The <filter>
specifications describe filters that are appropriate for the tunnel's
routing protocol. In the case of DVMRP, the filter specification can be the
list of network prefixes accepted or advertised.
Figure 24 has two examples of tunnel objects. In the first example, the
router eugene-isp.nero.net has two tunnels: a DVMRP tunnel to dec3800-
2-fddi-0.SanFrancisco.mci.net and a GRE tunnel to eugene-isp.nero.net.
The DVMRP tunnel object is called MBONE-TUNNEL-EUG. eugene-isp.nero.net
will accept any routes and forward packets to the DVMRP tunnel if the
packet's time-to-live is greater than or equal to 64. In addition,
eugene-isp.nero.net will not pass any packets that match the administrative
scope boundary filter (in this case, 239.254.0.0/16). The GRE tunnel is
named GRE-TUNNEL-EUG.
12 Security Consideration
This document describes RPSL, a language for expressing routing policies.
As such, it does not itself have (or need) a security architecture.
Alaettinoglu et. al. Expires January 30, 1998 [Page 45]
Internet Draft RPSL July 30, 1997
inet-rtr: eugene-isp.nero.net
loacalas: AS4600
ifaddr: 166.48.14.6 masklen 30 tunnel MBONE-TUNNEL-EUG
ifaddr: 166.48.14.6 masklen 30 tunnel GRE-TUNNEL-EUG
admin-c: DMM65
tech-c: DMM65
notify: nethelp@ns.uoregon.edu
mnt-by: MAINT-AS3582
changed: meyer@ns.uoregon.edu 961122
source: RADB
inet-tunnel: MBONE-TUNNEL-EUG
tunnel-source: 166.48.14.6 # eugene-isp.nero.net
tunnel-sink: 204.70.158.61 # dec3800-2-fddi-0.SanFrancisco.mci.net
tunnel-encap: DVMRP
tunnel-protocol: DVMRP
tunnel-in: from 204.70.158.61 accept ANY
tunnel-out: to 204.70.158.61
action
ttlscope=64;
boundary={239.254.0.0/16};
dvmrp-metric=1;
announce AS-NERO-TRANSIT
...
inet-tunnel: GRE-TUNNEL-EUG
tunnel-source: 166.48.14.6
tunnel-sink: 206.42.19.240
tunnel-protocol: DVMRP
tunnel-mcast-tree: PIM-DM
tunnel-encap: GRE
tunnel-in: from 206.42.19.240 accept ANY
tunnel-out: to 206.42.19.240
action
ttlscope=64;
announce ANY
...
Figure 24: inet-tunnel Objects
However, any registry that implements this language should provide a
mechanism for:
1. Data Integrity and Origin Authentication. Both data origin and
integrity can be provided by associating cryptographically generated
digital signatures with each object in a IRR. There may be a single
private key that signs for all objects associated with a given
Alaettinoglu et. al. Expires January 30, 1998 [Page 46]
Internet Draft RPSL July 30, 1997
MAINTAINER object, or there may be finer grained control. As is common,
it is expected that an implementation will keep the MAINTAINER private
key off-line and it will be used to re-sign all objects for a given
MAINTAINER.
2. Public Key Distribution. It is expected that any IRR implemeting RPSL
will use the Group Key Management Protocol (GKMP) [16]. The IETF IP
Security Working Group is actively working on GKMP extensions to the
standards-track ISAKMP key management protocol being developed in the
same working group.
3. Transaction Security. When a user is querying a registry for policy
objects, to eliminate snooping and to eliminate third parties injecting
objects, the server and the client may optionally use authentication and
encryption techniques [12].
13 Acknowledgements
We would like to thank Jessica Yu, Randy Bush, Alan Barrett, David
Kessens, Bill Manning, Sue Hares, Ramesh Govindan, Kannan Varadhan, Satish
Kumar, Craig Labovitz, Rusty Eddy, David J. LeRoy, David Whipple, Jon
Postel, Deborah Estrin, Elliot Schwartz, Joachim Schmitz, Mark Prior, Tony
Przygienda, David Woodgate, and the participants of the IETF RPS Working
Group for various comments and suggestions.
References
[1] 6BONE. See http://www-6bone.lbl.gov/6bone/.
[2] Internet
Routing Registry. Procedures. http://www.ra.net/RADB.tools.docs/,
http://www.ripe.net/db/doc.html.
[3] MBONE. See http://www.best.com/ prince/techinfo/misc.html.
[4] C. Alaettinouglu, D. Meyer, and J. Schmitz. Application of Routing
Policy Specification Language (RPSL) on the Internet. Internet Draft
draft-ietf-rps-appl-rpsl-00.ps, March 1997. Work in progress.
[5] T. Bates. Specifying an `Internet Router' in the Routing Registry.
Technical Report RIPE-122, RIPE, RIPE NCC, Amsterdam, Netherlands,
October 1994.
[6] T. Bates, E. Gerich, L. Joncheray, J-M. Jouanigot, D. Karrenberg,
M. Terpstra, and J. Yu. Representation of IP Routing Policies
in a Routing Registry. Technical Report ripe-181, RIPE, RIPE NCC,
Alaettinoglu et. al. Expires January 30, 1998 [Page 47]
Internet Draft RPSL July 30, 1997
Amsterdam, Netherlands, October 1994.
[7] T. Bates, E. Gerich, L. Joncheray, J-M. Jouanigot, D. Karrenberg,
M. Terpstra, and J. Yu. Representation of IP Routing Policies in
a Routing Registry. Technical Report RFC-1786, Network Information
Center, March 1995.
[8] T. Bates, J-M. Jouanigot, D. Karrenberg, P. Lothberg, and M. Terpstra.
Representation of IP Routing Policies in the RIPE Database. Technical
Report ripe-81, RIPE, RIPE NCC, Amsterdam, Netherlands, February 1993.
[9] R. Chandra, P. Traina, and T. Li. BGP Communities Attribute. Request
for Comment RFC-1997, Network Information Center, August 1996.
[10] A. Conta and S. Deering. Generic Packet Tunneling in IPv6. Technical
Report draft-ietf-ipngwg-ipv6-tunnel-04.txt, October 1996.
[11] D. Crocker. Standard for the format of ARPA Internet text messages.
Request for Comment RFC-822, Network Information Center, August 1982.
[12] D. Eastlake and C. Kaufman. Domain Name System Security Extensions.
Technical Report RFC2065, January 1997.
[13] V. Fuller, T. Li, J. Yu, and K. Varadhan. Classless Inter-Domain
Routing (CIDR): an Address Assignment and Aggregation Strategy, 1993.
[14] R. Gilligan and E. Nordmark. Transition Mechanisms for IPv6 Hosts and
Routers. Technical Report RFC1933, April 1996.
[15] S. Hanks, T. Li, D. Farinacci, and P. Traina. Generic Routing
Encapsulation (GRE). Technical Report RFC1701, October 1994.
[16] H. Harney. Group Key Management Protocol (GKMP). Technical Report
draft-harney-gkmp-arch-01.txt, draft-harney-gkmp-spec-01.txt, August
1996. Informational RFC publication is pending.
[17] D. Karrenberg and T. Bates. Description of Inter-AS Networks in the
RIPE Routing Registry. Technical Report RIPE-104, RIPE, RIPE NCC,
Amsterdam, Netherlands, December 1993.
[18] D. Karrenberg and M. Terpstra. Authorisation and Notification of
Changes in the RIPE Database. Technical Report ripe-120, RIPE, RIPE
NCC, Amsterdam, Netherlands, October 1994.
[19] B. W. Kernighan and D. M. Ritchie. The C Programming Language.
Prentice-Hall, 1978.
[20] A. Lord and M. Terpstra. RIPE Database Template for Networks
and Persons. Technical Report ripe-119, RIPE, RIPE NCC, Amsterdam,
Netherlands, October 1994.
Alaettinoglu et. al. Expires January 30, 1998 [Page 48]
Internet Draft RPSL July 30, 1997
[21] A. M. R. Magee. RIPE NCC Database Documentation. Technical Report
RIPE-157, RIPE, RIPE NCC, Amsterdam, Netherlands, May 1997.
[22] D. Meyer. Administratively Scoped IP Multicast. Technical Report
draft-ietf-mboned-admin-ip-space-01.txt, December 1996.
[23] P. V. Mockapetris. Domain names - concepts and facilities. Request for
Comment RFC-1034, Network Information Center, November 1987.
[24] C. Perkins. Minimal Encapsulation within IP. Technical Report RFC2004,
October 1996.
[25] T. Pusateri. Distance Vector Multicast Routing Protocol. Technical
Report draft-ietf-idmr-dvmrp-v3-03, September 1996.
[26] Y. Rekhter. Inter-Domain Routing Protocol (IDRP). Journal of
Internetworking Research and Experience, 4:61--80, 1993.
[27] Y. Rekhter. Auto route injection with tunnelling, October 1996. NANOG,
See http://www.academ.com/nanog/oct1996/multihome.html.
[28] Y. Rekhter and T. Li. A Border Gateway Protocol 4 (BGP-4). Request for
Comment RFC-1771, Network Information Center, March 1995.
[29] W. Simpson. IP in IP Tunneling. Technical Report RFC1853, October
1995.
A Routing Registry Sites
The set of routing registries as of November 1996 are RIPE, RADB, CANet, MCI
and ANS. You may contact one of these registries to find out the current
list of registries.
B Authors' Addresses
Cengiz Alaettinoglu
USC Information Sciences Institute
4676 Admiralty Way, Suite 1001
Marina del Rey, CA 90292
email: cengiz@isi.edu
Tony Bates
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
email: tbates@cisco.com
Alaettinoglu et. al. Expires January 30, 1998 [Page 49]
Internet Draft RPSL July 30, 1997
Elise Gerich
At Home Network
385 Ravendale Drive
Mountain View, CA 94043
email: epg@home.net
Daniel Karrenberg
RIPE Network Coordination Centre (NCC)
Kruislaan 409
NL-1098 SJ Amsterdam
Netherlands
email: dfk@ripe.net
David Meyer
University of Oregon
Eugene, OR 97403
email: meyer@antc.uoregon.edu
Marten Terpstra
c/o Bay Networks, Inc.
2 Federal St
Billerica MA 01821
email: marten@BayNetworks.com
Curtis Villamizar
ANS
email: curtis@ans.net
Alaettinoglu et. al. Expires January 30, 1998 [Page 50]