andrei robachevsky. 12th apnic open plicy meeting, august 2001, taipei, taiwan. 1 new version of...
TRANSCRIPT
![Page 1: Andrei Robachevsky. 12th APNIC Open Plicy Meeting, August 2001, Taipei, Taiwan. 1 New Version of the RIPE Database Andrei Robachevsky](https://reader035.vdocuments.net/reader035/viewer/2022070414/5697c0001a28abf838cc2092/html5/thumbnails/1.jpg)
1Andrei Robachevsky . 12th APNIC Open Plicy Meeting, August 2001, Taipei, Taiwan . http://www.ripe.net
New Version of the RIPE Database
Andrei Robachevsky
RIPE NCC
![Page 2: Andrei Robachevsky. 12th APNIC Open Plicy Meeting, August 2001, Taipei, Taiwan. 1 New Version of the RIPE Database Andrei Robachevsky](https://reader035.vdocuments.net/reader035/viewer/2022070414/5697c0001a28abf838cc2092/html5/thumbnails/2.jpg)
2Andrei Robachevsky . 12th APNIC Open Plicy Meeting, August 2001, Taipei, Taiwan . http://www.ripe.net
Outline
• Current status of the RIPE Database
• New database software
• RIPE Database migration
![Page 3: Andrei Robachevsky. 12th APNIC Open Plicy Meeting, August 2001, Taipei, Taiwan. 1 New Version of the RIPE Database Andrei Robachevsky](https://reader035.vdocuments.net/reader035/viewer/2022070414/5697c0001a28abf838cc2092/html5/thumbnails/3.jpg)
3Andrei Robachevsky . 12th APNIC Open Plicy Meeting, August 2001, Taipei, Taiwan . http://www.ripe.net
RIPE Database Status
• Contains• IP allocations/assignments• Domain registry• Routing registry
• More than 4 Million objects• 84% person, 11% inetnum, 0.66% route
• 6,700 updates/day• Up to 1.5 Mqueries/day (15 queries/s)
• 38% IP addresses, 1% IP prefixes• Up to 15% are denied
![Page 4: Andrei Robachevsky. 12th APNIC Open Plicy Meeting, August 2001, Taipei, Taiwan. 1 New Version of the RIPE Database Andrei Robachevsky](https://reader035.vdocuments.net/reader035/viewer/2022070414/5697c0001a28abf838cc2092/html5/thumbnails/4.jpg)
4Andrei Robachevsky . 12th APNIC Open Plicy Meeting, August 2001, Taipei, Taiwan . http://www.ripe.net
aut-nm0.12%
person84.21%
role0.11%
route0.66%
domain3.38%
inetnum11.29%
as-block0.00%
mntner0.16%
Other4.49%
Distribution by object type(August 2001)
![Page 5: Andrei Robachevsky. 12th APNIC Open Plicy Meeting, August 2001, Taipei, Taiwan. 1 New Version of the RIPE Database Andrei Robachevsky](https://reader035.vdocuments.net/reader035/viewer/2022070414/5697c0001a28abf838cc2092/html5/thumbnails/5.jpg)
5Andrei Robachevsky . 12th APNIC Open Plicy Meeting, August 2001, Taipei, Taiwan . http://www.ripe.net
Queries reached 15 q/s average(35q/s max)
0
2
4
6
8
10
12
14
16
Jul-9
9
Aug
-99
Sep
-99
Oct
-99
Nov
-99
Dec
-99
Jan-
00
Feb
-00
Mar
-00
Apr
-00
May
-00
Jun-
00
Jul-0
0
Aug
-00
Sep
-00
Oct
-00
Nov
-00
Dec
-00
Jan-
01
Feb
-01
Mar
-01
Apr
-01
May
-01
Jun-
01
Jul-0
1
Month
Qu
eri
es/
s
![Page 6: Andrei Robachevsky. 12th APNIC Open Plicy Meeting, August 2001, Taipei, Taiwan. 1 New Version of the RIPE Database Andrei Robachevsky](https://reader035.vdocuments.net/reader035/viewer/2022070414/5697c0001a28abf838cc2092/html5/thumbnails/6.jpg)
6Andrei Robachevsky . 12th APNIC Open Plicy Meeting, August 2001, Taipei, Taiwan . http://www.ripe.net
% of queries by object type
IP43%
domains27%
prefixes1%
other29% domains
IP
prefixes
other
![Page 7: Andrei Robachevsky. 12th APNIC Open Plicy Meeting, August 2001, Taipei, Taiwan. 1 New Version of the RIPE Database Andrei Robachevsky](https://reader035.vdocuments.net/reader035/viewer/2022070414/5697c0001a28abf838cc2092/html5/thumbnails/7.jpg)
7Andrei Robachevsky . 12th APNIC Open Plicy Meeting, August 2001, Taipei, Taiwan . http://www.ripe.net
Updates 7 per min
0
5
10
15
20
25Ju
l-99
Aug
-99
Sep
-99
Oct
-99
Nov
-99
Dec
-99
Jan-
00
Feb
-00
Mar
-00
Apr
-00
May
-00
Jun-
00
Jul-0
0
Aug
-00
Sep
-00
Oct
-00
Nov
-00
Dec
-00
Jan-
01
Feb
-01
Mar
-01
Apr
-01
May
-01
Jun-
01
Jul-0
1
Month
domain
person
inetnum
all
![Page 8: Andrei Robachevsky. 12th APNIC Open Plicy Meeting, August 2001, Taipei, Taiwan. 1 New Version of the RIPE Database Andrei Robachevsky](https://reader035.vdocuments.net/reader035/viewer/2022070414/5697c0001a28abf838cc2092/html5/thumbnails/8.jpg)
8Andrei Robachevsky . 12th APNIC Open Plicy Meeting, August 2001, Taipei, Taiwan . http://www.ripe.net
Database Software v3
• Functionality
• Architecture
• Performance
![Page 9: Andrei Robachevsky. 12th APNIC Open Plicy Meeting, August 2001, Taipei, Taiwan. 1 New Version of the RIPE Database Andrei Robachevsky](https://reader035.vdocuments.net/reader035/viewer/2022070414/5697c0001a28abf838cc2092/html5/thumbnails/9.jpg)
9Andrei Robachevsky . 12th APNIC Open Plicy Meeting, August 2001, Taipei, Taiwan . http://www.ripe.net
New version of the RIPE Database
• Supports RPSL (RFC2622)• Extended syntax• New objects and attributes
• Supports RPSS (RFC2725)• New authorization rules
• Supports RAToolset• RtConfig -protocol ripe
• Code is completely rewritten
![Page 10: Andrei Robachevsky. 12th APNIC Open Plicy Meeting, August 2001, Taipei, Taiwan. 1 New Version of the RIPE Database Andrei Robachevsky](https://reader035.vdocuments.net/reader035/viewer/2022070414/5697c0001a28abf838cc2092/html5/thumbnails/10.jpg)
10Andrei Robachevsky . 12th APNIC Open Plicy Meeting, August 2001, Taipei, Taiwan . http://www.ripe.net
RPSL features
• Provides rich syntax for expressing routing policies• router configuration ready
• RPSL syntax extensions apply to all object types• end of line comments• line continuation• order of attributes
• New objects• as-block, as-set (as-macro), route-set (community)• peering-set, filter-set, rtr-set
• New attributes• member-of, mbrs-by-ref• mnt-routes: <mnt_name> [ rpsl list of prefixes | ANY]• referral-by: <mnt_name>
![Page 11: Andrei Robachevsky. 12th APNIC Open Plicy Meeting, August 2001, Taipei, Taiwan. 1 New Version of the RIPE Database Andrei Robachevsky](https://reader035.vdocuments.net/reader035/viewer/2022070414/5697c0001a28abf838cc2092/html5/thumbnails/11.jpg)
11Andrei Robachevsky . 12th APNIC Open Plicy Meeting, August 2001, Taipei, Taiwan . http://www.ripe.net
Security features
• Provides strong security mechanisms• Protection of individual objects• Protection of IP address space• Protection of ASN space• Protection of route space• Protection of set membership• Protection of hierarchical set names• Protection of domain object space
• 4 supported auth schemes• GPG public keys are supported
![Page 12: Andrei Robachevsky. 12th APNIC Open Plicy Meeting, August 2001, Taipei, Taiwan. 1 New Version of the RIPE Database Andrei Robachevsky](https://reader035.vdocuments.net/reader035/viewer/2022070414/5697c0001a28abf838cc2092/html5/thumbnails/12.jpg)
12Andrei Robachevsky . 12th APNIC Open Plicy Meeting, August 2001, Taipei, Taiwan . http://www.ripe.net
New software• Mainly in C, multithreaded
• CPU: 70% idle
• RDBMS as a back-end• MySQL, customized transaction support
• In-memory radix tree for IP lookups• also more and less specific lookups for reverse delegation
domains
• MIME and GPG support • correct PGP keys are also accepted
• Automatic access control• separate accounting for public and contact data
![Page 13: Andrei Robachevsky. 12th APNIC Open Plicy Meeting, August 2001, Taipei, Taiwan. 1 New Version of the RIPE Database Andrei Robachevsky](https://reader035.vdocuments.net/reader035/viewer/2022070414/5697c0001a28abf838cc2092/html5/thumbnails/13.jpg)
13Andrei Robachevsky . 12th APNIC Open Plicy Meeting, August 2001, Taipei, Taiwan . http://www.ripe.net
Server architectureE
-mai
l
RDBMS
Core Server
Update FE
Update FE
RDBMS
Mirror ServerNRTM clients
Queuerules
Messagequeues
Syntax checks,acks, notifications
qu
eries
![Page 14: Andrei Robachevsky. 12th APNIC Open Plicy Meeting, August 2001, Taipei, Taiwan. 1 New Version of the RIPE Database Andrei Robachevsky](https://reader035.vdocuments.net/reader035/viewer/2022070414/5697c0001a28abf838cc2092/html5/thumbnails/14.jpg)
14Andrei Robachevsky . 12th APNIC Open Plicy Meeting, August 2001, Taipei, Taiwan . http://www.ripe.net
Query Performance (I)Query rate,
q/s
# of concurrentclients0 .00 20 .00 40 .00 60 .00
0 .00
20 .00
40 .00
60 .00
80 .00
V2 operational
zone
V3 operational
zone
V3
V2
![Page 15: Andrei Robachevsky. 12th APNIC Open Plicy Meeting, August 2001, Taipei, Taiwan. 1 New Version of the RIPE Database Andrei Robachevsky](https://reader035.vdocuments.net/reader035/viewer/2022070414/5697c0001a28abf838cc2092/html5/thumbnails/15.jpg)
15Andrei Robachevsky . 12th APNIC Open Plicy Meeting, August 2001, Taipei, Taiwan . http://www.ripe.net
0 .00 20 .00 40 .00 60 .00
0 .00
1 .00
2 .00
3 .00
4 .00Query Performance (II)
Responsetime,
s
# of concurrentclients
V2 operational
zone
V3 operational
zone
V3
V2
![Page 16: Andrei Robachevsky. 12th APNIC Open Plicy Meeting, August 2001, Taipei, Taiwan. 1 New Version of the RIPE Database Andrei Robachevsky](https://reader035.vdocuments.net/reader035/viewer/2022070414/5697c0001a28abf838cc2092/html5/thumbnails/16.jpg)
16Andrei Robachevsky . 12th APNIC Open Plicy Meeting, August 2001, Taipei, Taiwan . http://www.ripe.net
Transition phases
• Pre-migration period• Conversion to RPSL• Prototype servers
• Transition period• 23 April: Migration Night• RIPE-181 compatibility mode
• Finalizing the migration• ftp site structure• deprecating legacy stuff
![Page 17: Andrei Robachevsky. 12th APNIC Open Plicy Meeting, August 2001, Taipei, Taiwan. 1 New Version of the RIPE Database Andrei Robachevsky](https://reader035.vdocuments.net/reader035/viewer/2022070414/5697c0001a28abf838cc2092/html5/thumbnails/17.jpg)
17Andrei Robachevsky . 12th APNIC Open Plicy Meeting, August 2001, Taipei, Taiwan . http://www.ripe.net
Pre-migration: RIPE181 -> RPSL• Sets
• as-macro: <macro_name> => as-set: <macro_name>• community: <comm_name> => route-set: RS-<comm_name>
• Reserved prefixes (RP)• AS-, RS-, RTRS-, FLTR-, PRNG-• mntner: <RP><mt_name> - 9 cases, all resolved by the owners• as-name: <RP><name> => ASN-<name>
• Mandatory attribute: mnt-by (except dn, pn, ro)• no mnt-by => mnt-by: RIPE-NCC-NONE-MNT• no mnt-by (aut-num’s) => mnt-by: RIPE-NCC-AN-MNT
• New attribute: referral-by• => referral-by: RIPE-DBM-MNT
![Page 18: Andrei Robachevsky. 12th APNIC Open Plicy Meeting, August 2001, Taipei, Taiwan. 1 New Version of the RIPE Database Andrei Robachevsky](https://reader035.vdocuments.net/reader035/viewer/2022070414/5697c0001a28abf838cc2092/html5/thumbnails/18.jpg)
18Andrei Robachevsky . 12th APNIC Open Plicy Meeting, August 2001, Taipei, Taiwan . http://www.ripe.net
Pre-migration: prototype servers
• Near real-time mirror of the RIPE Database• whois -h rpsl.ripe.net• contains live RIPE Database in RPSL format
• Test server for submissions• mail <[email protected]>• whois -h rpsl.ripe.net -p 4343
• NRTM• rpsl.ripe.net, port 4444• please contact <[email protected]>
![Page 19: Andrei Robachevsky. 12th APNIC Open Plicy Meeting, August 2001, Taipei, Taiwan. 1 New Version of the RIPE Database Andrei Robachevsky](https://reader035.vdocuments.net/reader035/viewer/2022070414/5697c0001a28abf838cc2092/html5/thumbnails/19.jpg)
19Andrei Robachevsky . 12th APNIC Open Plicy Meeting, August 2001, Taipei, Taiwan . http://www.ripe.net
Pre-migration: milestones
• April 5 ripe-dbase-3.0 release
• April 12 Advised mirrors’ switchover
• 4 servers switched to the RPSL mirror
• April 19 Migration if the TESTDatabase
• dress rehearsal of the migration
![Page 20: Andrei Robachevsky. 12th APNIC Open Plicy Meeting, August 2001, Taipei, Taiwan. 1 New Version of the RIPE Database Andrei Robachevsky](https://reader035.vdocuments.net/reader035/viewer/2022070414/5697c0001a28abf838cc2092/html5/thumbnails/20.jpg)
20Andrei Robachevsky . 12th APNIC Open Plicy Meeting, August 2001, Taipei, Taiwan . http://www.ripe.net
Transition: Compatibility mode
• RIPE-181 updates• can be sent to a separate mail robot• automatically converted to RPSL
• PGP authentication• cannot be used
• RPSL syntax rules• empty attributes are not allowed• optional -> mandatory• no aliases• no prefix notation
![Page 21: Andrei Robachevsky. 12th APNIC Open Plicy Meeting, August 2001, Taipei, Taiwan. 1 New Version of the RIPE Database Andrei Robachevsky](https://reader035.vdocuments.net/reader035/viewer/2022070414/5697c0001a28abf838cc2092/html5/thumbnails/21.jpg)
21Andrei Robachevsky . 12th APNIC Open Plicy Meeting, August 2001, Taipei, Taiwan . http://www.ripe.net
Transition: issues
Routing Policy System Security (RFC2725)• new authorisation rules for route creation • need to duplicate objects in the RIPE DB
• encompassing inetnum with NONE auth for mnt-routes• as-blocks for non RIPE space with NONE auth for mnt-lower
• low level of security in non RIPE space• still apply in RIPE-181 compatibility mode
• V2 undocumented features• leading white space stripping• correcting misspelled attributes• filtering out empty attributes
![Page 22: Andrei Robachevsky. 12th APNIC Open Plicy Meeting, August 2001, Taipei, Taiwan. 1 New Version of the RIPE Database Andrei Robachevsky](https://reader035.vdocuments.net/reader035/viewer/2022070414/5697c0001a28abf838cc2092/html5/thumbnails/22.jpg)
22Andrei Robachevsky . 12th APNIC Open Plicy Meeting, August 2001, Taipei, Taiwan . http://www.ripe.net
Transition timeline
Updates in RIPE-181to <[email protected]>
Updates in RPSLto <[email protected]>
Updates in RPE-181to <[email protected]>RIPE181
RPSL
Production
Prototype/Compatibility
TEST
Updates in RIPE-181to <[email protected]>
Updates in RPSLto <[email protected]>
Updates in RPSLto <[email protected]>
Updates in RPSLto <[email protected]>
X=23 April Y=14 May Z=15 October
![Page 23: Andrei Robachevsky. 12th APNIC Open Plicy Meeting, August 2001, Taipei, Taiwan. 1 New Version of the RIPE Database Andrei Robachevsky](https://reader035.vdocuments.net/reader035/viewer/2022070414/5697c0001a28abf838cc2092/html5/thumbnails/23.jpg)
23Andrei Robachevsky . 12th APNIC Open Plicy Meeting, August 2001, Taipei, Taiwan . http://www.ripe.net
Future Plans
• Provide support for several platforms• Solaris (SPARC & Intel)• Linux (RedHat)• FreeBSD
• New features• DB and object schema/syntax, object library• extensions to RFC2725 implementation
![Page 24: Andrei Robachevsky. 12th APNIC Open Plicy Meeting, August 2001, Taipei, Taiwan. 1 New Version of the RIPE Database Andrei Robachevsky](https://reader035.vdocuments.net/reader035/viewer/2022070414/5697c0001a28abf838cc2092/html5/thumbnails/24.jpg)
24Andrei Robachevsky . 12th APNIC Open Plicy Meeting, August 2001, Taipei, Taiwan . http://www.ripe.net
More Information
• RIPE-181 to RPSL Migration page• http://www.ripe.net/rpsl
• Documentation• RIPE Database Reference Manual
http://www.ripe.net/ripe/docs/databaseref-manual.html• RIPE Database User Manual (coming soon)• RIPE Database Operation Manual (coming soon)
• Software• New whois client
ftp://ftp.ripe.net/tools/ripe-whois-3.0.tar.gz• Server software v3
ftp://ftp.ripe.net/ripe/dbase/software/ripe-dbase-3.0.1.tar.gz