Tech-invite3GPPspaceIETF RFCsSIP
in Index   Prev   Next

RFC 1786

Representation of IP Routing Policies in a Routing Registry (ripe-81++)

Pages: 83
Part 1 of 2 – Pages 1 to 40
None   None   Next

ToP   noToC   RFC1786 - Page 1
Network Working Group                                           T. Bates
Request for Comments: 1786            MCI Telecommunications Corporation
Category: Informational                                        E. Gerich
                                                             Merit, Inc.
                                                            L. Joncheray
                                                             Merit, Inc.
                                                          J-M. Jouanigot
                                                           D. Karrenberg
                                                                RIPE NCC
                                                             M. Terpstra
                                                      Bay Networks, Inc.
                                                                   J. Yu
                                                             Merit, Inc.
                                                              March 1995

                 Representation of IP Routing Policies
                         in a Routing Registry

Status of this Memo

   This memo provides information for the Internet community. This memo
   does not specify an Internet standard of any kind. Distribution of
   this memo is unlimited.


   This document was originally published as a RIPE document known as
   ripe-181 but is also being published as an Informational RFC to reach
   a larger audience than its original scope. It has received community
   wide interest and acknowledgment throughout the Internet service
   provider community and will be used as the basic starting point for
   future work on Internet Routing Registries and routing policy
   representation.  It can also be referred to as ripe-81++.  This
   document is an update to the original `ripe-81'[1] proposal for
   representing and storing routing polices within the RIPE database. It
   incorporates several extensions proposed by Merit Inc.[2] and gives
   details of a generalized IP routing policy representation to be used
   by all Internet routing registries. It acts as both tutorial and
   provides details of database objects and attributes that use and make
   up a routing registry.
ToP   noToC   RFC1786 - Page 2
                           Table of Contents

   1. Introduction ................................................    3

   2. Organization of this Document ...............................    3

   3.  General Representation of Policy Information ...............    5

   4. The Routing Registry and the RIPE Database ..................   11

   5. The Route Object ............................................   16

   6. The Autonomous System Object ................................   26

   7. AS Macros ...................................................   36

   8. The Community Object ........................................   38

   9. Representation of Routing Policies ..........................   41

   10. Future Extensions ..........................................   50

   11. References .................................................   51

   12. Security Considerations ....................................   52

   13. Authors' Addresses .........................................   53

   Appendix A - Syntax for the "aut-num" object ...................   55

   Appendix B - Syntax for the "community" object .................   68

   Appendix C - Syntax for the "as-macro" object ..................   72

   Appendix D - Syntax for the "route" object .....................   76

   Appendix E - List of reserved words ............................   80

   Appendix F - Motivations for RIPE-81++ .........................   81

   Appendix G - Transition strategy ...............................   83
ToP   noToC   RFC1786 - Page 3
1.  Introduction

   This document is a much revised version of the RIPE routing registry
   document known as ripe-81 [1].  Since its inception in February, 1993
   and the establishment of the RIPE routing registry, several additions
   and clarifications have come to light which can be better presented
   in a single updated document rather than separate addenda.

   Some of the text remains the same the as the original ripe-81
   document keeping its tutorial style mixed with details of the RIPE
   database objects relating to routing policy representation.  However
   this document does not repeat the background and historical remarks
   in ripe-81. For these please refer to the original document.  It
   should be noted that whilst this document specifically references the
   RIPE database and the RIPE routing registry one can easily read
   "Regional routing registry" in place of RIPE as this representation
   is certainly general and flexible enough to be used outside of the
   RIPE community incorporating many ideas and features from other
   routing registries in this update.

   This document was originally published as a RIPE document known as
   ripe-181 but is also being published as an Informational RFC to reach
   a larger audience than its original scope. It has received large
   interest and acknowledgment within the Internet service provider
   community and will be used as the basic starting point for future
   work on Internet Routing Registries and routing policy
   representation.  It but can also be referred to as ripe-81++.

   We would like to acknowledge many people for help with this document.
   Specifically, Peter Lothberg who was a co-author of the original
   ripe-81 document for his many ideas as well as Gilles Farrache,
   Harvard Eidnes, Dale Johnson, Kannan Varadhan and Cengiz Alaettinoglu
   who all provided valuable input.  We would also like to thank the
   RIPE routing working group for their review and comment. Finally, we
   like to thank Merit Inc. for many constructive comments and ideas and
   making the routing registry a worldwide Internet service. We would
   also like to acknowledge the funding provided by the PRIDE project
   run in conjunction with the RARE Technical Program, RIPE and the RIPE
   NCC without which this paper would not have been possible.

2.  Organization of this Document

   This document acts as both a basic tutorial for understanding routing
   policy and provides details of objects and attributes used within an
   Internet routing registry to store routing policies. Section 3
   describes general issues about IP routing policies and their
   representation in routing registries. Experienced readers may wish to
   skip this section.  Section 4 provides an overview of the RIPE
ToP   noToC   RFC1786 - Page 4
   database, its basic concepts, schema and objects which make up the
   database itself.  It highlights the way in which the RIPE database
   splits routing information from allocation information.  Sections 5,
   6, 7 and 8 detail all the objects associated with routing policy
   representation.  Section 9 gives a fairly extensive "walk through" of
   how these objects are used for expressing routing policy and the
   general principles behind their use. Section 10 provides a list of
   references used throughout this document.  Appendix A, B, C and D
   document the formal syntax for the database objects and attributes.
   Appendix F details the main changes from ripe-81 and motivations for
   these changes. Appendix G tackles the issues of transition from
   ripe-81 to ripe-81++.
ToP   noToC   RFC1786 - Page 5
3.  General Representation of Policy Information

   Networks, Network Operators and Autonomous Systems

   Throughout this document an effort is made to be consistent with
   terms so as not to confuse the reader.

   When we talk about "networks" we mean physical networks which have a
   unique classless IP network number: Layer 3 entities. We do not mean

   We call the organizations operating networks "network operators".
   For the sake of the examples we divide network operators into two
   categories: "service providers" and "customers". A "service provider"
   is a network operator who operates a network to provide Internet
   services to different organizations, its "customers".  The
   distinction between service providers and customers is not clear cut.
   A national research networking organization frequently acts as a
   service provider to Universities and other academic organizations,
   but in most cases it buys international connectivity from another
   service provider. A University networking department is a customer of
   the research networking organization but in turn may regard
   University departments as its customers.

   An Autonomous System (AS) is a group of IP networks having a single
   clearly defined routing policy which is run by one or more network
   operators. Inside ASes IP packets are routed using one or more
   Interior Routing Protocols (IGPs). In most cases interior routing
   decisions are based on metrics derived from technical parameters like
   topology, link speeds and load.  The entity we refer to as an AS is
   frequently and more generally called a routing domain with the AS
   just being an implementation vehicle. We have decided to use the term
   AS exclusively because it relates more directly with the database
   objects and routing tools. By using only one term we hope to reduce
   the number of concepts and to avoid confusion. The academically
   inclined reader may forgive us.

   ASes exchange routing information with other ASes using Exterior
   Routing Protocols (EGPs).  Exterior routing decisions are frequently
   based on policy based rules rather than purely on technical
   parameters.  Tools are needed to configure complex policies and to
   communicate those policies between ASes while still ensuring proper
   operation of the Internet as a whole. Some EGPs like BGP-3 [8] and
   BGP-4 [9] provide tools to filter routing information according to
   policy rules and more. None of them provides a mechanism to publish
   or communicate the policies themselves. Yet this is critical for
   operational coordination and fault isolation among network operators
   and thus for the operation of the global Internet as a whole.  This
ToP   noToC   RFC1786 - Page 6
   document describes a "Routing Registry" providing this functionality.

   Routing Policies

   The exchange of routing information between ASes is subject to
   routing policies. Consider the case of two ASes, X and Y exchanging
   routing information:

                NET1 ......  ASX  <--->  ASY  ....... NET2

   ASX knows how to reach a network called NET1.  It does not matter
   whether NET1 is belonging to ASX or some other AS which exchanges
   routing information with ASX either directly or indirectly; we just
   assume that ASX knows how to direct packets towards NET1. Likewise
   ASY knows how to reach NET2.

   In order for traffic from NET2 to NET1 to flow between ASX and ASY,
   ASX has to announce NET1 to ASY using an external routing protocol.
   This states that ASX is willing to accept traffic directed to NET1
   from ASY. Policy thus comes into play first in the decision of ASX to
   announce NET1 to ASY.

   In addition ASY has to accept this routing information and use it.
   It is ASY's privilege to either use or disregard the information that
   ASX is willing to accept traffic for NET1. ASY might decide not to
   use this information if it does not want to send traffic to NET1 at
   all or if it considers another route more appropriate to reach NET1.

   So in order for traffic in the direction of NET1 to flow between ASX
   and ASY, ASX must announce it to ASY and ASY must accept it from ASX:
ToP   noToC   RFC1786 - Page 7
                    resulting packet flow towards NET1
                     announce NET1  |  accept NET1
                    --------------> + ------------->
                        AS X        |    AS Y
                     <------------- + <--------------
                       accept NET2  |  announce NET2
                   resulting packet flow towards NET2

   Ideally, and seldom practically, the announcement and acceptance
   policies of ASX and ASY are identical.

   In order for traffic towards NET2 to flow, announcement and
   acceptance of NET2 must be in place the other way round. For almost
   all applications connectivity in just one direction is not useful at

   Usually policies are not configured for each network separately but
   for groups of networks.  In practise these groups are almost always
   defined by the networks forming one or more ASes.

   Routing Policy limitations

   It is important to realize that with current destination based
   forwarding technology routing policies must eventually be expressed
   in these terms. It is relatively easy to formulate reasonable
   policies in very general terms which CANNOT be expressed in terms of
   announcing and accepting networks. With current technology such
   policies are almost always impossible to implement.

   The generic example of a reasonable but un-implementable routing is a
   split of already joined packet streams based on something other than
   destination address.  Once traffic for the same destination network
   passes the same router, or the same AS at our level of abstraction,
   it will take exactly the same route to the destination (disregarding
   special cases like "type of service" routing, load sharing and
ToP   noToC   RFC1786 - Page 8
   routing instabilities).

   In a concrete example AS Z might be connected to the outside world by
   two links.  AS Z wishes to reserve these links for different kinds of
   traffic, let's call them black and white traffic.  For this purpose
   the management of AS Z keeps two lists of ASes, the black and the
   white list.  Together these lists comprise all ASes in the world
   reachable from AS Z.

                       ...           AS Z .... NET 3

   It is quite possible to implement the policy for traffic originating
   in AS Z: AS Z will only accept announcements for networks in white
   ASes on the white link and will only accept announcements for
   networks in black ASes on the black link.  This causes traffic from
   networks within AS Z towards white ASes to use the white link and
   likewise traffic for black ASes to use the black link.

   Note that this way of implementing things makes it necessary to
   decide on the colour of each new AS which appears before traffic can
   be sent to it from AS Z.  A way around this would be to accept only
   white announcements via the white link and to accept all but white
   announcements on the black link.  That way traffic from new ASes
   would automatically be sent down the black link and AS Z management
   would only need to keep the list of white ASes rather than two lists.

   Now for the unimplementable part of the policy.  This concerns
   traffic towards AS Z.  Consider the following topology:

           B AS ---)                    "W"
           W AS ---)                    --->
           B AS ---)>>  AS A  ---> ...           AS Z .... NET 3
           B AS ---)                    --->
           W AS ---)                    "B"

   As seen from AS Z there are both black and white ASes "behind" AS A.
   Since ASes can make routing decisions based on destination only, AS A
   and all ASes between AS A and the two links connecting AS Z can only
   make the same decision for traffic directed at a network in AS Z, say
   NET 3.  This means that traffic from both black and white ASes
   towards NET 3 will follow the same route once it passes through AS A.
   This will either be the black or the white route depending on the
   routing policies of AS A and all ASes between it and AS Z.
ToP   noToC   RFC1786 - Page 9
   The important thing to note is that unless routing and forwarding
   decisions can be made based on both source and destination addresses,
   policies like the "black and white" example cannot be implemented in
   general because "once joined means joined forever".

   Access Policies

   Access policies contrary to routing policies are not necessarily
   defined in terms of ASes. The very simplest type of access policy is
   to block packets from a specific network S from being forwarded to
   another network D. A common example is when some inappropriate use of
   resources on network D has been made from network S and the problem
   has not been resolved yet. Other examples of access policies might be
   resources only accessible to networks belonging to a particular
   disciplinary group or community of interest.  While most of these
   policies are better implemented at the host or application level,
   network level access policies do exist and are a source of
   connectivity problems which are sometimes hard to diagnose. Therefore
   they should also be documented in the routing registry according to
   similar requirements as outlined above.

   Routing vs. Allocation information

   The RIPE database contains both routing registry and address space
   allocation registry information. In the past the database schema
   combined this information. Because RIPE was tasked with running both
   an allocation and routing registry it seemed natural to initially
   combine these functions.  However, experience has shown that a clear
   separation of routing information from allocation is desirable. Often
   the maintainer of the routing information is not the same as the
   maintainer of the allocation information.  Moreover, in other parts
   of the world there are different registries for each kind of

   Whilst the actual routing policy objects will be introduced in the
   next section it is worthy of note that a transition from the current
   objects will be required. Appendix G details the basic steps of such
   a transition.

   This split in information represents a significant change in the
   representational model of the RIPE database. Appendix F expands on
   the reasons for this a little more.
ToP   noToC   RFC1786 - Page 10

   The network operators will need a series of tools for policy routing.
   Some tools are already available to perform some of the tasks. Most
   notably, the PRIDE tools [3] from the PRIDE project started in
   September 1993 as well as others produced by Merit Inc [4] and CERN

   These tools will enable them to use the routing policy stored in the
   RIPE routing registry to perform such tasks as check actual routing
   against policies defined, ensure consistency of policies set by
   different operators, and simulate the effects of policy changes.

   Work continues on producing more useful tools to service the Internet
ToP   noToC   RFC1786 - Page 11
4.  The Routing Registry and the RIPE Database

   One of the activities of RIPE is to maintain a  database  of European
   IP networks, DNS domains and their contact persons along with various
   other kinds of network management information. The database content
   is public and can be queried using the whois protocol as well as
   retrieved as a whole.  This supports NICs/NOCs all over Europe  and
   beyond  to  perform their respective tasks.

   The RIPE database combines both allocation registry and routing
   registry functions.  The RIPE allocation registry contains data about
   address space allocated to specific enterprises and/or delegated to
   local registries as well as data about the domain name space. The
   allocation registry is described in separate documents [6,7] and
   outside the scope of this document.

   Database Objects

   Each object in the database describes a single entity in the real
   world.  This  basic  principle  means that information about  that
   entity  should  only  be  represented  in   the corresponding
   database  object and not be repeated in other objects.  The whois
   service can automatically display referenced objects where

   The types of objects stored in the RIPE database are summarized in
   the table below:

   R   Object      Describes                        References

   B   person      contact persons

   A   inetnum     IP address space                 person
   A   domain      DNS domain                       person

   R   aut-num     autonomous system                person
   R   as-macro    a group of autonomous systems    person, aut-num
   R   community   community                        person
   R   route       a route being announced          aut-num, community

   R   clns        CLNS address space and routing   person

   The first column indicates whether the object is part of the
   allocation registry (A), the routing registry (R) or both (B).  The
ToP   noToC   RFC1786 - Page 12
   last column indicates the types of objects referenced by the
   particular type of object.  It can be seen that almost all objects
   reference contact persons.

   Objects are described by attributes  value  pairs,  one  per line.
   Objects  are  separated by empty lines. An attribute that consists of
   multiple lines should  have  the  attribute name  repeated on
   consecutive lines.  The information stored about network
   consists  of  three  objects,  one inetnum object and two person
   objects and looks like this:
ToP   noToC   RFC1786 - Page 13
   netname:   RIPE-NCC
   descr:     RIPE Network Coordination Centre
   descr:     Amsterdam, Netherlands
   country:   NL
   admin-c:   Daniel Karrenberg
   tech-c:    Marten Terpstra
   changed: 940110
   source:    RIPE

   person:    Daniel Karrenberg
   address:   RIPE Network Coordination Centre (NCC)
   address:   Kruislaan 409
   address:   NL-1098 SJ Amsterdam
   address:   Netherlands
   phone:     +31 20 592 5065
   fax-no:    +31 20 592 5090
   nic-hdl:   DK58
   changed: 920826
   source:    RIPE

   person:    Marten Terpstra
   address:   RIPE Network Coordination Centre (NCC)
   address:   PRIDE Project
   address:   Kruislaan 409
   address:   NL-1098 SJ Amsterdam
   address:   Netherlands
   phone:     +31 20 592 5064
   fax-no:    +31 20 592 5090
   nic-hdl:   MT2
   changed: 931230
   source:    RIPE

   Objects are stored and retrieved in this tag/value format.  The RIPE
   NCC does not provide differently formatted reports because any
   desired format can easily be produced from this generic one.
ToP   noToC   RFC1786 - Page 14
   Routing Registry Objects

   The main objects comprising the routing registry are "aut-num" and
   "route", describing an autonomous system and a route respectively. It
   should be noted that routes not described in the routing registry
   should never be routed in the Internet itself.

   The autonomous system (aut-num) object provides contact information
   for the AS and describes the routing policy of that AS.  The routing
   policy is described by enumerating all neighboring ASes with which
   routing information is exchanged.  For each neighbor the routing
   policy is described in terms of exactly what is being sent
   (announced) and allowed in (accepted).  It is important to note that
   this is exactly the part of the global policy over which an AS has
   direct control. Thus each aut-num object describes what can indeed be
   implemented and enforced locally by the AS concerned.  Combined
   together all the aut-num objects provide the global routing graph and
   permit to deduce the exact routing policy between any two ASes.

   While the aut-num objects describe how routing information is
   propagated, the route object describes a single route injected into
   the external routing mesh. The route object references the AS
   injecting (originating) the route and thereby indirectly provides
   contact information for the originating AS. This reference also
   provides the primary way of grouping routes into larger collections.
   This is necessary because describing routing policy on the level of
   single routes would be awkward to impractical given the number of
   routes in the Internet which is about 20,000 at the time of this
   writing.  Thus routing policy is most often defined for groups of
   routes by originating AS.  This method of grouping is well supported
   by current exterior routing protocols.  The route object also
   references community objects described below to provide another
   method of grouping routes.  Modification of aut-num object itself and
   the referencing by route objects is strictly protected to provide
   network operators control over the routing policy description and the
   routes originated by their ASes.

   Sometimes even keeping track of groups of routes at the AS level is
   cumbersome. Consider the case of policies described at the transit
   provider level which apply transitively to all customers of the
   transit provider. Therefore another level of grouping is provided by
   the as-macro object which provides groups of ASes which can be
   referenced in routing policies just like single ASes. Membership of
   as-macro groups is also strictly controlled.

   Sometimes there is a need to group routes on different criteria than
   ASes for purposes like statistics or local access policies. This is
   provided by the community object.  A community object is much like an
ToP   noToC   RFC1786 - Page 15
   AS but without a routing policy.  It just describes a group of
   routes. This is not supported at all by exterior routing protocols
   and depending on aggregation of routes may not be generally usable to
   define routing policies.  It is suitable for local policies and non-
   routing related purposes.

   These routing related objects will be described in detail in the
   sections below.
ToP   noToC   RFC1786 - Page 16
5.  The Route Object

   As stated in the previous chapter routing and address space
   allocation information are now clearly separated.  This is performed
   with the introduction of the route object. The route object will
   contain all the information regarding a routing announcement.

   All routing related attributes are removed from the inetnum object.
   Some old attributes are obsoleted: connect, routpr-l, bdryg-l, nsf-
   in, nsf-out, gateway).  The currently useful routing attributes are
   moved to the route object: aut-sys becomes origin, ias-int will be
   encoded as part of the inet-rtr [15] object and comm-list simply
   moves.  See [6] for detail of the "inetnum" object definition.

   The information in the old inetnum object

   netname:   RIPE-NCC
   descr:     RIPE Network Coordination Centre
   descr:     Amsterdam, Netherlands
   country:   NL
   admin-c:   Daniel Karrenberg
   tech-c:    Marten Terpstra
   connect:   RIPE NSF WCW
   aut-sys:   AS3333
   comm-list: SURFNET
   ias-int:  AS1104
   ias-int:   AS2122
   ias-int: AS2600
   changed: 940110
   source:    RIPE

   will be distributed over two objects:
ToP   noToC   RFC1786 - Page 17
   netname:   RIPE-NCC
   descr:     RIPE Network Coordination Centre
   descr:     Amsterdam, Netherlands
   country:   NL
   admin-c:   Daniel Karrenberg
   tech-c:    Marten Terpstra
   changed: 940110
   source:    RIPE

   descr:       RIPE Network Coordination Centre
   origin:      AS3333
   comm-list:   SURFNET
   changed: 940427
   source:      RIPE

   The route object is used to represent a single route originated into
   the Internet routing mesh.  The actual syntax is given in Appendix D.
   However, there are several important aspects of the attributes worthy
   of note.

   The value of the route attribute will be a classless address.  It
   represents the exact route being injected into the routing mesh.  The
   representation of classless addresses is described in [10].

   The value of the origin attribute will be an AS reference of the form
   AS1234 referring to an aut-num object.  It represents the AS
   injecting this route into the routing mesh.  The "aut-num" object
   (see below) thus referenced provides all the contact information for
   this route.

   Special cases: There can only be a single originating AS in each
   route object.  However in todays Internet sometimes a route is
   injected by more than one AS. This situation is potentially dangerous
   as it can create conflicting routing policies for that route and
   requires coordination between the originating ASes.  In the routing
   registry this is represented by multiple route objects.
ToP   noToC   RFC1786 - Page 18
   This is a departure from the one route (net), one AS principle of the
   ripe-81 routing registry. The consequences for the different tools
   based in the routing registry will need to be evaluated and possibly
   additional consistency checking of the database is needed.

   The examples below will illustrate the usage of the route object
   further.  Suppose three chunks of address space of 2 different
   enterprises represented by the following inetnum objects:


   netname:   ENT-1
   descr:     Enterprise 1

   netname:   ENT-2
   descr:     Enterprise 2

   netname:   ENT-2-SPEC
   descr:     Enterprise 2

   Supposing that the Enterprises have their own AS numbers straight
   application of routing without aggregation would yield:

   descr:       Enterprise 1
   origin:      AS1

   descr:       Enterprise 2
   origin:      AS2

   descr:       Enterprise 2
   origin:      AS2
ToP   noToC   RFC1786 - Page 19
   NB: This representation can be achieved by straight translation from
   the ripe-81 representation. See Appendix G for more details.

   Homogeneous Aggregation

   The two chunks of address space of Enterprise 2 can be represented by
   one aggregate route turning two route objects into one and
   potentially saving routing table space for one route.

   descr:       Enterprise 2
   origin:      AS2

   Note that AS2 can also decide to originate all routes mentioned so
   far, two 24-bit prefixes and one 23-bit prefix. This case would be
   represented by storing all three route objects in the database. In
   this particular example the additional routes will not add any
   functionality however and only increase the amount of routes
   announced unnecessarily.

   Heterogeneous Aggregation

   Consider the following case however:

   descr:       Enterprise 2
   origin:      AS2

   descr:       Enterprise 2 / Special
   origin:      AS2
   comm-list:   SPECIAL

   Now the prefix belongs to community SPECIAL (this
   community may well not be relevant to routing) and the other prefix
   originated by AS2 does not. If AS2 aggregates these prefixes into the prefix, routing policies based on the community value
   SPECIAL cannot be implemented in general, because there is no way to
   distinguish between the special and the not-so-special parts of AS2.
ToP   noToC   RFC1786 - Page 20
   If another AS has the policy to accept only routes to members of
   community SPECIAL it cannot implement it, because accepting the route
   to would also route to and not accepting
   this route would lose connectivity to the special part
   We call aggregate routes consisting of components belonging to
   different communities or even different ASes "heterogeneous

   The major problem introduced with heterogeneous aggregates is that
   once the homogeneous more specific routes are withdrawn one cannot
   tell if a more specific part of the heterogeneous route has a
   different policy. However, it can be counter argued that knowing this
   policy is of little use since a routing policy based on the less
   specific heterogeneous aggregate only cannot be implemented. In fact,
   this displays a facet of CIDR itself in that one may actually trade
   off implementing slight policy variations over announcing a larger
   (albeit heterogeneous in terms of policy) aggregate to save routing
   table space.

   However, it is still useful to be able to document these variations
   in policy especially when this homogeneous more specific route is
   just being withdrawn. For this one can use the "withdrawn" attribute.
   The withdrawn attribute can serve to both indicate that a less
   specific aggregate is in fact heterogeneous and also allow the
   general documenting of route withdrawal.

   So there has to be a way for AS2 to document this even if it does not
   originate the route to any more.  This can be done with
   the "withdrawn" attribute of the route object.  The aggregate route
   to is now be registered as:

   descr:       Enterprise 2
   origin:      AS2

   With the two homogeneous routes marked as withdrawn from the Internet
   routing mesh but still preserving their original routing information.
ToP   noToC   RFC1786 - Page 21
   descr:       Enterprise 2
   origin:      AS2
   withdrawn:   940701

   descr:       Enterprise 2 / Special
   origin:      AS2
   comm-list:   SPECIAL
   withdrawn:   940701

   It should be noted that the date value used in the withdrawn
   attribute can only be in the past.

   Proxy Aggregation

   The next step of aggregation are aggregates consisting of more than
   one AS. This generally means one AS is aggregating on behalf of
   another. It is called proxy aggregation. Proxy aggregation should be
   done with great care and always be coordinated with other providers
   announcing the same route.

   Consider the following:

   descr:       All routes known by AS1 in a single package
   origin:      AS1

   descr:       Foo
   origin:      AS1
   withdrawn:   940310
ToP   noToC   RFC1786 - Page 22
   descr:       Bar
   origin:      AS2
   withdrawn:   940310

   descr:       Bar-2
   origin:      AS2
   withdrawn:   940310
   comm-list:   SPECIAL

   If AS1 announced no other routes to a single homed neighboring AS,
   that neighbor can in general either take that route or leave it but
   not differentiate between AS1 and AS2.

   Note: If the neighbor was previously configured to accept routes
   originating in AS2 but not in AS1 they lose connectivity to AS2 as
   well.  This means that proxy aggregation has to be done carefully and
   in a well coordinated fashion. The information in the withdrawn route
   object can help to achieve that.

   Aggregates with Holes

   If we assume that the world of our example still consists of only
   three chunks of address space the aggregate above contains what are
   called holes, parts of an aggregate that are not reachable via the
   originator of the route.  From the routing information itself one
   cannot tell whether these are holes and what part of the route falls
   inside one.  The only way to tell is to send a packet there and see
   whether it gets to the destination, or an ICMP message is received
   back, or there is silence.  On the other hand announcing aggregates
   with holes is quite legitimate.  Consider a 16-bit aggregate with
   only one 24-bit prefix unreachable.  The savings in routing table
   size by far outweigh the hole problem.

   For operational reasons however it is very useful to register these
   holes in the routing registry. Consider the case where a remote
   network operator experiences connectivity problems to addresses
ToP   noToC   RFC1786 - Page 23
   inside an aggregate route.  If the packets are getting to the AS
   announcing the aggregate and there are no more specific routes, the
   normal cause of action is to get in touch with the originating AS of
   the aggregate route and ask them to fix the problem. If the address
   falls into a hole this is futile. Therefore problem diagnosis can be
   sped up and unnecessary calls prevented by registering the holes in
   the routing registry. We do this by using the "hole" attribute. In
   our example the representation would be:

   descr:       All routes known by AS1
   origin:      AS1

   Note: there would also be two routes with the withdrawn attribute as
   displayed above (i.e. and  It is not
   mandatory to document all holes. It is recommended all holes routed
   by another service provider are documented.

   Multiple Proxy Aggregation

   Finally suppose that AS2 decides to announce the same aggregate, as
   in the previous example, they would add the following route object to
   the registry:

   descr:       All routes known by AS2
   origin:      AS2

   Both AS1 and AS2 will be notified that there already is a route to
   the same prefix in the registry.
ToP   noToC   RFC1786 - Page 24
   This multiple proxy aggregation is very dangerous to do if the sub-
   aggregates of the route are not the same. It is still dangerous when
   the sub-aggregates are consistent but connectivity to the sub-
   aggregates varies widely between the originators.

   Route object update procedures

   Adding a route object will have to be authorised by the maintainer of
   the originating AS. The actual implementation of this is outside the
   scope of this document.  This guarantees that an AS guardian has full
   control over the registration of the routes it announces [11].

   What is an Inter-AS network ?

   An inter-AS network (Inter-AS IP networks are those networks are
   currently called FIXes, IXFs, DMZs, NAPs, GIX and many other
   acronyms) exists for the purpose of passing traffic and routing
   information between different autonomous systems.  The most simple
   example of an inter-AS network is a point-to-point link, connecting
   exactly two ASes.  Each end of such a link is connected to an
   interface of router belonging to each of the autonomous systems.
   More complex examples are broadcast type networks with multiple
   interfaces connecting multiple ASes with the possibility of more than
   one connection per AS.  Consider the following example of three
   routers 1, 2 and 3 with interfaces a through f  connected by two
   inter-AS networks X and Y:

                              X              Y
                     a1b     ---    c2d     ---    e3f

   Suppose that network X is registered in the routing registry as  part
   of AS1 and net Y as part of AS3. If traffic passes from left to right
   prtraceroute will report the following  sequence  of  interfaces  and

           a in AS1
           c in AS1
           e in AS3

   The traceroute algorithm enumerates only the receiving interfaces on
   the way to the destination.  In the example this leads to the passage
ToP   noToC   RFC1786 - Page 25
   of AS2 going unnoticed.  This is confusing to the user and will also
   generate exceptions when the path found is checked against the
   routing registry.

   For operational monitoring tools such as prtraceroute it is necessary
   to know which interface on an inter-AS network belongs to which AS.
   If AS information is not known about interfaces on an inter-AS
   network, tools like prtraceroute cannot determine correctly which
   ASes are being traversed.

   All interfaces on inter-AS networks will are described in a separate
   object know as the `inet-rtr' object [15].
ToP   noToC   RFC1786 - Page 26
6.  The Autonomous System Object

   Autonomous Systems

   An Autonomous System (AS) is a group of IP networks operated by one
   or more network operators which has a single and clearly defined
   external routing policy.

   An AS has a unique number associated with it which is used both in
   exchange of exterior routing information and as an identifier of the
   AS itself.  Exterior routing protocols such as BGP and EGP are used
   to exchange routing information between ASes.

   In routing terms an AS will normally use one or more interior gateway
   protocols (IGPs) in conjunction with some sort of common agreed
   metrics when exchanging network information within its own AS.

   The term AS is often confused or even misused as a convenient way of
   grouping together a set of networks which belong under the same
   administrative umbrella even if within that group of networks there
   are various different routing policies.  We provide the "community"
   concept for such use.  ASes can strictly have only one single
   external routing policy.

   The creation of an AS should be done in a conscious and well
   coordinated manner to avoid creating ASes for the sake of it, perhaps
   resulting in the worst case scenario of one AS per routing
   announcement.  It should be noted that there is a limited number of
   AS numbers available. Also creating an AS may well increase the
   number of AS paths modern EGPs will have to keep track of. This
   aggravates what is known as "the routing table growth problem".  This
   may mean that by applying the general rules for the creation and
   allocation of an AS below, some re-engineering may well be needed.
   However, this may be the only way to actually implement the desired
   routing policy anyway.  The creation and allocation of an AS should
   be done with the following recommendations in mind:

    +   Creation of an AS is only required when exchanging routing
        information with other ASes.  Some router implementations make
        use of an AS number as a form of tagging to identify the routing
        process.  However, it should be noted that this tag does not
        need to be unique unless routing information is indeed exchanged
        with other ASes.
ToP   noToC   RFC1786 - Page 27
    +   For a simple case of customer networks connected to a single
        service provider, the IP network should normally be a member of
        the service providers AS. In terms of routing policy the IP
        network has exactly the same policy as the service provider and
        there is no need to make any distinction in routing information.
        This idea may at first seem slightly alien to some, but it
        highlights the clear distinction in the use of the AS number as
        a representation of routing policy as opposed to some form of
        administrative use.

    +   If a network operator connects to more than one AS with
        different routing policies then they need to create their own
        AS.  In the case of multi-homed customer networks connected to
        two service providers there are at least two different routing
        policies to a given customer network.  At this point the
        customer networks will be part of a single AS and this AS would
        be distinct from either of the service providers ASes.  This
        allows the customer the ability of having a different
        representation of policy and preference to the different service
        providers.  This is the ONLY case where a network operator
        should create its own AS number.

    +   As a general rule one should always try to populate the AS with
        as many routes as possible, providing all routes conform to the
        same routing policy.

   Each AS is represented in the RIPE database by both an aut-num object
   and the route objects representing the routes originated by the AS.
   The aut-num object stores descriptive, administrative and contact
   information about the AS as well as the routing policies of the AS in
   relation to all neighboring ASes.

   The origin attributes of the route  objects define the set of routes
   originated by the AS. Each route object can have exactly one origin
   attribute.  Route objects can only be created and updated by the
   maintainer of the AS and not by those immediately responsible for the
   particular routes referenced therein.  This ensures that operators,
   especially service providers, remain in control of AS routing

   The AS object itself is used to represent a description of
   administrative details and the routing policies of the AS itself. The
   AS object definition is depicted as follows.
ToP   noToC   RFC1786 - Page 28

   aut-num:  AS1104
   descr:    NIKHEF-H Autonomous system
   as-in:    from AS1213 100 accept AS1213
   as-in:    from AS1913 100 accept AS1913
   as-in:    from AS1755 150 accept ANY
   as-out:   to AS1213 announce ANY
   as-out:   to AS1913 announce ANY
   as-out:   to AS1755 announce AS1104 AS1913 AS1213
   tech-c:   Rob Blokzijl
   admin-c:  Eric Wassenaar
   changed: 920910
   source:   RIPE

   See Appendix A for a complete syntax definition of the "aut-num"

   It should be noted that this representation provides two things:

       + a set of routes.

       + a description of administrative details and routing policies.

   The set of routes can be used to generate network list based
   configuration information as well as configuration information for
   exterior routing protocols knowing about ASes. This means an AS can
   be defined and is useful even if it does not use routing protocols
   which know about the AS concept.
ToP   noToC   RFC1786 - Page 29
   Description of routing policies between ASs with multiple connections
   - "interas-in/interas-out"

   The following section is only relevant for ASes which use different
   policies on multiple links to the same neighboring AS. Readers not
   doing this may want to skip this section.

   Description of multiple connections between ASs defines how two ASs
   have chosen to set different policies for the use of each or some of
   the connections between the ASs.  This description is necessary only
   if the ASs are connected in more than one way and the routing policy
   and differs at these two connections.


                   LINK1 +----------+
                |          |
   AS1------AS2==           ==AS3-----AS4
                |          | +----------+

        Note: LINK here denotes the peer connection points between
        ASs.  It is not necessarily just a serial link.  It could
        be ethernet or any other type of connection as well.  It
        can also be a peer session where the address is the same at
        one end and different at the other end.

   It may be that AS2 wants to use LINK2 only for traffic towards AS4.
   LINK1 is used for traffic to AS3 and as backup to AS4, should LINK2
   fail.  To implement this policy, one would use the attribute
   "interas-in" and "interas-out."  This attribute permits ASs to
   describe their local decisions based on its preference such as
   multi-exit-discriminators (MEDs) as used in some inter-domain routing
   protocols (BGP4, IDRP) and to communicate those routing decisions.
   This information would be useful in resolving problems when some
   traffic paths changed from traversing AS3's gateway in Timbuktu
   rather than the gateway in Mogadishu.  The exact syntax is given in
   Appendix A.  However, if we follow this example through in terms of
   AS2 we would represent this policy as follows:
ToP   noToC   RFC1786 - Page 30

   aut-num: AS2
   as-in: from AS3 10 accept AS3 AS4
   as-out: to AS3 announce AS1 AS2
   interas-in:from AS3 (pref=5) accept AS3
   interas-in:from AS3 (pref=9) accept AS4
   interas-in:from AS3 (pref=7) accept AS4

   Here we see additional policy information between two ASs in terms of
   the IP addresses of the connection.  The parentheses and keyword are
   syntactic placeholders to add the readability of the attributes.  If
   pref=MED is specified the preference indicated by the remote AS via
   the multi-exit- discriminator metric such as BGP is used.  Of course
   this type on inter-AS policy should always be bilaterally agreed upon
   to avoid asymmetry and in practice there may need  to be
   corresponding interas-out attributes in the policy representation of

   The interas-out attribute is similar to interas-in as as-out is to
   as-in.  The one major difference being that interas-out allows you to
   associate an outgoing metric with each route. It is important to note
   that this metric is just passed to the peer AS and it is at the peer
   AS's discretion to use or ignore it.  A special value of IGP
   specifies that the metric passed to the receiving AS will be derived
   from the IGP of the sending AS. In this way the peer AS can choose
   the optimal link for its traffic as determined by the sending AS.

   If we look at the corresponding interas-out for AS3 we would see the


aut-num: AS3
as-in: from AS2 10 accept AS1 A2
as-out: to AS2 announce AS3 AS4
interas-out:to AS2 (metric-out=5) announce AS3
interas-out:to AS2 (metric-out=9) announce AS4
interas-out:to AS2 (metric-out=7) announce AS4
ToP   noToC   RFC1786 - Page 31
   Descriptions of interas policies do  not  replace  the  global
   policy described  in as-in, as-out and other policy attributes which
   should be specified too.  If the global policy mentions  more  routes
   than the combined local policies then local preferences for these
   routes are assumed to be equal for all links.

   Any route specified in interas-in/out and not specified in as-in/out
   is assumed not accepted/announced between the ASes concerned.
   Diagnostic tools should flag this inconsistency as an error.  It
   should be noted that if an interas-in or interas-out policy is
   specified then it is mandatory to specify the corresponding global
   policy in the as-in or as-out line. Please note there is no relevance
   in the cost associated with as-in and the preferences used in

   The interaction of interas-in/interas-out with as-in/as-out

   Although formally defined above, the rules associated with policy
   described in terms of interas-in and interas-out with respect to as-
   in and as-out are worthy of clarification for implementation.

   When using interas-in or interas-out policy descriptions, one must
   always make sure the set of policies described between two ASes is
   always equal to or a sub-set of the policy described in the global
   as-in or as-out policy. When a sub-set is described remember the
   remaining routes are implicitly shared across all connections. It is
   an error for the interas policies to describe a superset of the
   global policies, i.e. to announce or accept more routes than the
   global policies.

   When defining complex interas based policies it is advisable to
   ensure that any possible ambiguities are not present by explicitly
   defining your policy with respect to the global as-in and as-out

   If we look at a simple example, taking just in-bound announcements to
   simplify things. If we have the following global policy:

   aut-num: AS1
   as-in: from AS2 10 accept AS100 OR {}

   Suppose there are three peerings between AS1 and AS2, known as L1-R1,
   L2-R2 and L3-R3 respectively. The actual policy of these connections
   is to accept AS100 equally on these three links and just route on L3-R3. The simple way to mention this exception is to
   just specify an interas policy for L3-R3:
ToP   noToC   RFC1786 - Page 32
   interas-in: from AS2 L3 R3 (pref=100) accept {}

   The implicit rule that all routes not mentioned in interas policies
   are accepted on all links with equal preference ensures the desired

   The same policy can be written explicitly as:

   interas-in: from AS2 L1 R1 (pref=100) accept AS100
   interas-in: from AS2 L2 R2 (pref=100) accept AS100
   interas-in: from AS2 L3 R3 (pref=100) accept AS100 OR {}

   Whilst this may at first sight seem obvious, the problem arises when
   not all connections are mentioned. For example, if we specified only
   an interas-in line for L3-R3 as below:

   aut-num: AS1
   as-in: from AS2 10 accept AS100 OR {}
   interas-in: from AS2 L3 R3 (pref=100) accept AS100 OR {}

   then the policy for the other links according to the rules above
   would mean they were equal to the global policy minus the sum of the
   local policies (i.e. ((AS100 OR {}) / (AS100 OR
   {})) = empty) which in this case would mean nothing is
   accepted on connections L1-R1 and L2-R2 which is incorrect.

   Another example: If we only registered  the  policy  for  link  L2-

   interas-in: from AS2 L2 R2 (pref=100) accept AS100

   The implicit policy for both L1-R1 and L3-R3 would be as follows:

   interas-in: from AS2 L1 R1 (pref=100) accept {}
   interas-in: from AS2 L3 R3 (pref=100) accept {}

   This is derived as the set of global policies minus the set of
   interas-in policies (in this case just accept AS100 as it was the
   L2-R2 interas-in policy we registered) with equal cost for the
   remaining connection. This again is clearly not what was intended.
ToP   noToC   RFC1786 - Page 33
   We strongly recommend that you always mention all policies for all
   interas connections explicitly, to avoid these possible errors. One
   should always ensure the set of the interas policies is equal to the
   global policy. Clearly if interas policies differ in complex ways it
   is worth considering splitting the AS in question into separate ASes.
   However, this is beyond the direct scope of this document.

   It should also be noted there is no direct relationship between the
   cost used in as-in and the preference used in interas-in.
ToP   noToC   RFC1786 - Page 34
   How to describe the exclusion policy of a certain AS - "as-exclude"

   Some ASes have a routing policy based on the exclusion of certain
   routes if for whatever reason a certain AS is used as transit.
   Whilst, this is in general not good practice as it makes implicit
   assumptions on topology with asymmetry a possible outcome if not
   coordinated, this case needs to be accommodated within the routing
   policy representation.

   The way this is achieved is by making use of the "as-exclude"
   attribute. The precise syntax of this attribute can be found in
   Appendix A along with the rest of the defined syntax for the "aut-
   num" object. However, some explanation of the use of this attribute
   is useful. If we have the following example topology.


    |          |          |
    |          |          |

   With a simple corresponding policy like so:


   aut-num: AS1
   as-in:  from AS2 100 accept ANY
   as-out: to AS2 announce AS1
   as-exclude: exclude AS4 to ANY

   We see an interesting policy. What this says in simple terms is AS1
   doesn't want to reach anything if it transits AS4. This can be a
   perfectly valid policy. However, it should be realized that if for
   whatever reason AS2 decides to route to AS3 via AS4 then immediately
   AS1 has no connectivity to AS3 or if AS1 is running default to AS2
   packets from AS1 will still flow via AS4. The important point about
   this is that whilst AS1 can advise its neighbors of its policy it has
   no direct control on how it can enforce this policy to neighbors
ToP   noToC   RFC1786 - Page 35
   Another interesting scenario to highlight the unexpected result of
   using such an "as-exclude" policy. If we assume in the above example
   AS2 preferred AS4 to reach AS3 and AS1 did not use default routing
   then as stated AS1 would have no connectivity to AS3. Now lets
   suppose that for example the link between AS2 and AS4 went down for
   some reason. Like so:



   Suddenly AS1 now has connectivity to AS3. This unexpected behavior
   should be considered when created policies based on the "as-exclude"

   The second problem with this type of policy is the potential of
   asymmetry. In the original example we saw the correct policy from
   AS1's point of view but if ASes with connectivity through AS4 do not
   use a similar policy you have asymmetric traffic and policy.  If an
   AS uses such a policy they must be aware of the consequences of its
   use. Namely that the specified routes which transit the AS (i.e.
   routing announcements with this AS in the AS path information) in
   question will be excluded.  If not coordinated this can easily cause
   asymmetry or even worse loss of connectivity to unknown ASes behind
   (or in front for that matter) the transit AS in question.  With this
   in mind this attribute can only be viewed as a form of advisory to
   other service providers. However, this does not preclude its use with
   policy based tools if the attribute exists.

   By having the ability to specify a route keyword based on any of the
   four notations given in the syntax it allows the receiving AS to
   specify what routes it wishes to exclude through a given transit AS
   to a network granularity.
ToP   noToC   RFC1786 - Page 36
7.  AS Macros

   It may be difficult to keep track of each and every new AS that is
   represented in the routing registry.  A convenient way around this is
   to define an `AS Macro' which essentially is a convenient way to
   group ASes. This is done so that each and every AS guardian does not
   have to add a new AS to it's routing policy as described by the as-in
   and as-out attributes of it's AS object.

   However, it should be noted that this creates an implicit trust on
   the guardian of the AS-Macro.

   An AS-Macro can be used in <routing policy expressions> for the "as-
   in" and "as-out" attributes in the aut-num object. The AS-Macro
   object is then used to derive the list or group of ASes.

   A simple example would be something like:


   aut-num: AS786
   as-in:   from AS1755 100 accept AS-EBONE AND NOT AS1104
   as-out   to AS1755 announce AS786

   Where the as-macro object for AS-EBONE is as follows:

   as-macro:  AS-EBONE
   descr:     ASes routed by EBONE
   as-list:   AS2121 AS1104 AS2600 AS2122
   as-list:   AS1103 AS1755 AS2043

   So the policy would be evaluated to:

   aut-num: AS786
   as-in:   from AS1755 100 accept (AS2121 OR AS1104 OR AS2600 OR AS2122
   as-in:   from AS1755 100 accept AS1103 OR AS1755 OR
   as-in:   from AS1755 100 accept AS2043) AND NOT AS1104
ToP   noToC   RFC1786 - Page 37
   It should be noted that the above examples incorporates the rule for
   line wrapping as defined in Appendix A for policy lines.  See
   Appendix C for a definition on the AS-Macro syntax.
ToP   noToC   RFC1786 - Page 38
8.  The Community Object

   A community is a group of routes that cannot be represented by an AS
   or a group of ASes.  It is in some circumstances useful to define a
   group of routes that have something in common.  This could be a
   special access policy to a supercomputer centre, a group of routes
   used for a specific mission, or a disciplinary group that is
   scattered among several autonomous systems.  Also these communities
   could be useful to group routes for the purpose of network

   Communities do not exchange routing information, since they do not
   represent an autonomous system.  More specifically, communities do
   not define routing policies, but access or usage policies. However,
   they can be used as in conjunction with an ASes routing policy to
   define a set of routes the AS sets routing policy for.

   Communities should be defined in a strict manner, to avoid creating
   as many communities as there are routes, or even worse.  Communities
   should be defined following the two rules below;

    +   Communities must have a global meaning.  Communities that have
        no global meaning, are used only in a local environment and
        should be avoided.

    +   Communities  must not be defined to express non-local policies.
        It should be avoided that a community is created because some
        other organization forces a policy upon your organization.
        Communities must only be defined to express a policy defined by
        your organization.

   Community examples

   There are some clear examples of communities:

        all customers of a given backbone service provider even though
        they can have various different routing policies and hence
        belong to different ASes. This would be extremely useful for
        statistics collection.
ToP   noToC   RFC1786 - Page 39
        the High Energy Physics community partly shares infrastructure
        with other organizations, and the institutes it consists of are
        scattered all over Europe, often being part of a non HEPNET
        autonomous system. To allow statistics, access or part of a
        routing policy , a community HEPNET, consisting of all routes
        that are part of HEPNET, conveniently groups all these routes.

        the National Science Foundation Network imposes an acceptable
        use policy on routes that wish to make use of it. A community
        NSFNET could imply the set of routes that comply with this

   MULTI -
        a large multinational corporation that does not have its own
        internal infrastructure, but connects to the various parts of
        its organizations by using local service providers that connect
        them all together, may decide to define a community to restrict
        access to their networks, only by networks that are part of this
        community. This way a corporate network could be defined on
        shared infrastructure. Also, this community could be used by any
        of the service providers to do statistics for the whole of the
        corporation, for instance to do topology or bandwidth planning.

   Similar to Autonomous systems, each community is represented in the
   RIPE database by both a community object and community tags on the
   route objects representing the routes belonging to the community.
   The community object stores descriptive, administrative and contact
   information about the community.

   The community tags on the route objects define the set of routes
   belonging to a community.  A route can have multiple community tags.
   The community tags can only be created and updated by the "guardian"
   of the community and not by those directly responsible for the
   particular network.  This ensures that community guardians remain in
   control of community membership.

   Here's an example of how this might be represented in terms of the
   community tags within the network object.  We have an example where
   the route has a single routing policy (i.e.  that of
   AS 1104), but is part of several different communities of interest.
   We use the tag "comm-list" to represent the list of communities
   associated with this route.  NIKHEF-H uses the service provider
   SURFNET (a service provider with customers with more than one routing
ToP   noToC   RFC1786 - Page 40
   policy), is also part of the High Energy Physics community as well as
   having the ability to access the Supercomputer at CERN (the community
   `CERN-SUPER', is somewhat national, but is intended as an example of
   a possible use of an access policy constraint).


   descr:     Local Ethernet
   descr:     NIKHEF section H
   origin:    AS1104
   changed: 920604
   source:    RIPE

   In the above examples some communities have been defined. The
   community object itself will take the following format:


   community:  SURFNET
   descr:      Dutch academic research network
   authority:  SURFnet B.V.
   admin-c:    Erik-Jan Bos
   tech-c:     Erik-Jan Bos
   changed: 920604
   source:     RIPE

   For a complete explanation of the syntax please refer to Appendix B.

(next page on part 2)

Next Section