Network Working Group C. Alaettinoglu
Request for Comments: 2622 USC/Information Sciences Institute
Obsoletes: 2280 C. Villamizar
Category: Standards Track Avici Systems
E. Gerich
At Home Network
D. Kessens
Qwest Communications
D. Meyer
University of Oregon
T. Bates
Cisco Systems
D. Karrenberg
RIPE NCC
M. Terpstra
Bay Networks
June 1999
Routing Policy Specification Language (RPSL)
路由策略规范语言(RPSL)
Status of this Memo
本备忘录的地位
This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.
本文件为互联网社区规定了一个互联网标准跟踪协议,并请求讨论和提出改进建议。有关本协议的标准化状况和状态,请参阅当前版本的 "互联网官方协议标准"(STD 1)。本备忘录的分发不受限制。
Copyright Notice
版权声明
Copyright (C) The Internet Society (1999). All Rights Reserved.
版权所有 (C) 互联网协会 (1999)。保留所有权利。
Abstract
摘要
RPSL allows a network operator to be able to specify routing policies at various levels in the Internet hierarchy; for example at the Autonomous System (AS) level. At the same time, policies can be specified with sufficient detail in RPSL so that low level router configurations can be generated from them. RPSL is extensible; new routing protocols and new protocol features can be introduced at any time.
RPSL 允许网络运营商在互联网层次结构中的不同级别(如自治系统(AS)级别)指定路由策略。同时,可以在 RPSL 中指定足够详细的策略,以便根据这些策略生成底层路由器配置。RPSL 具有可扩展性,可随时引入新的路由协议和新的协议功能。
Table of Contents
目录
1 Introduction 3
2 RPSL Names, Reserved Words, and Representation 4
3 Contact Information 7
3.1 mntner Class . . . . . . . . . . . . . . . . . . . . . . . . 7
3.2 person Class . . . . . . . . . . . . . . . . . . . . . . . . 10
3.3 role Class . . . . . . . . . . . . . . . . . . . . . . . . . 11
4 route Class 12
5 Set Classes 13
5.1 as-set Class . . . . . . . . . . . . . . . . . . . . . . . . 14
5.2 route-set Class. . . . . . . . . . . . . . . . . . . . . . . 15
5.3 Predefined Set Objects . . . . . . . . . . . . . . . . . . . 17
5.4 Filters and filter-set Class . . . . . . . . . . . . . . . . 17
5.5 rtr-set Class. . . . . . . . . . . . . . . . . . . . . . . . 22
5.6 Peerings and peering-set Class . . . . . . . . . . . . . . . 24
6 aut-num Class 27
6.1 import Attribute: Import Policy Specification . . . . . . . 27
6.1.1 Action Specification . . . . . . . . . . . . . . . . . . 28
6.2 export Attribute: Export Policy Specification . . . . . . . 29
6.3 Other Routing Protocols, Multi-Protocol Routing Protocols,
and Injecting Routes Between Protocols . . . . . . . . . . . . 29
6.4 Ambiguity Resolution . . . . . . . . . . . . . . . . . . . . 31
6.5 default Attribute: Default Policy Specification . . . . . . 33
6.6 Structured Policy Specification. . . . . . . . . . . . . . . 33
7 dictionary Class 37
7.1 Initial RPSL Dictionary and Example Policy Actions and
Filters. . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
8 Advanced route Class 45
8.1 Specifying Aggregate Routes. . . . . . . . . . . . . . . . . 45
8.1.1Interaction with policies in aut-num class. . . . . . . . 49
8.1.2Ambiguity resolution with overlapping aggregates. . . . . 50
8.2 Specifying Static Routes . . . . . . . . . . . . . . . . . . 52
9 inet-rtr Class 52
10 Extending RPSL 54
10.1 Extensions by changing the dictionary class . . . . . . . . 54
10.2 Extensions by adding new attributes to existing classes . . 55
10.3 Extensions by adding new classes . . . . . . . . . . . . . 55
10.4 Extensions by changing the syntax of existing RPSL
attributes. . . . . . . . . . . . . . . . . . . . . . . . . . 55
11 Security Considerations 56
12 Acknowledgements 56
References 56
A Routing Registry Sites 59
B Grammar Rules 59
C Changes from RFC 2280 67
D Authors' Addresses 68
Full Copyright Statement 69
1 Introduction
1 引言
This memo is the reference document for the Routing Policy Specification Language (RPSL). RPSL allows a network operator to be able to specify routing policies at various levels in the Internet hierarchy; for example at the Autonomous System (AS) level. At the same time, policies can be specified with sufficient detail in RPSL so that low level router configurations can be generated from them. RPSL is extensible; new routing protocols and new protocol features can be introduced at any time.
本备忘录是路由策略规范语言(RPSL)的参考文件。RPSL 允许网络运营商在互联网层次结构中的不同级别(例如自治系统 (AS) 级别)指定路由策略。同时,可以在 RPSL 中指定足够详细的策略,以便根据这些策略生成底层路由器配置。RPSL 具有可扩展性,可随时引入新的路由协议和新的协议功能。
RPSL is a replacement for the current Internet policy specification language known as RIPE-181 [6] or RFC-1786 [7]. RIPE-81 [8] was the first language deployed in the Internet for specifying routing policies. It was later replaced by RIPE-181 [6]. Through operational use of RIPE-181 it has become apparent that certain policies cannot be specified and a need for an enhanced and more generalized language is needed. RPSL addresses RIPE-181's limitations.
RPSL 是当前互联网策略规范语言 RIPE-181 [6] 或 RFC-1786 [7] 的替代语言。RIPE-81 [8] 是互联网上第一种用于指定路由策略的语言。后来被 RIPE-181 [6] 所取代。通过对 RIPE-181 的实际使用,我们发现某些策略无法指定,因此需要一种增强的、更通用的语言。RPSL 解决了 RIPE-181 的局限性。
RPSL was designed so that a view of the global routing policy can be contained in a single cooperatively maintained distributed database to improve the integrity of Internet's routing. RPSL is not designed to be a router configuration language. RPSL is designed so that router configurations can be generated from the description of the policy for one autonomous system (aut-num class) combined with the description of a router (inet-rtr class), mainly providing router ID, autonomous system number of the router, interfaces and peers of the router, and combined with a global database mappings from AS sets to ASes (as-set class), and from origin ASes and route sets to route prefixes (route and route-set classes). The accurate population of the RPSL database can help contribute toward such goals as router configurations that protect against accidental (or malicious) distribution of inaccurate routing information, verification of Internet's routing, and aggregation boundaries beyond a single AS.
设计 RPSL 的目的是为了将全球路由策略视图包含在一个合作维护的分布式数据库中,以提高互联网路由的完整性。RPSL 并非路由器配置语言。RPSL 的设计目的是使路由器配置可以从一个自治系统的策略描述(aut-num 类)结合路由器的描述(inet-rtr 类)中生成,主要提供路由器 ID、路由器的自治系统号、路由器的接口和对等物,并结合从 AS 集到 AS 的全局数据库映射(as-set 类),以及从源 AS 和路由集到路由前缀的映射(路由和路由集类)。RPSL 数据库的准确数据有助于实现以下目标:路由器配置可防止意外(或恶意)分发不准确的路由信息、验证互联网的路由以及超出单个 AS 的聚合边界。
RPSL is object oriented; that is, objects contain pieces of policy and administrative information. These objects are registered in the Internet Routing Registry (IRR) by the authorized organizations. The registration process is beyond the scope of this document. Please refer to [1, 17, 4] for more details on the IRR.
RPSL 是面向对象的,即对象包含政策和管理信息。这些对象由授权组织在互联网路由注册中心(IRR)注册。注册过程超出了本文档的范围。有关 IRR 的更多详情,请参阅 [1, 17, 4]。
In the following sections, we present the classes that are used to define various policy and administrative objects. The "mntner" class defines entities authorized to add, delete and modify a set of objects. The "person" and "role" classes describes technical and administrative contact personnel. Autonomous systems (ASes) are specified using the "aut-num" class. Routes are specified using the
在下面的章节中,我们将介绍用于定义各种策略和管理对象的类。mntner "类定义了有权添加、删除和修改一组对象的实体。人员 "和 "角色 "类描述技术和行政联络人员。使用 "aut-num "类指定自治系统(ASes)。路由使用
"route" class. Sets of objects can be defined using the "as-set", "route-set", "filter-set", "peering-set", and "rtr-set" classes. The "dictionary" class provides the extensibility to the language. The "inet-rtr" class is used to specify routers. Many of these classes were originally defined in earlier documents [6, 13, 16, 12, 5] and have all been enhanced.
"路由 "类。可以使用 "as-set"、"route-set"、"filter-set"、"peering-set "和 "rtr-set "类来定义对象集。字典 "类提供了语言的可扩展性。inet-rtr "类用于指定路由器。这些类中有许多最初是在早期文档[6, 13, 16, 12, 5]中定义的,现在都得到了增强。
This document is self-contained. However, the reader is encouraged to read RIPE-181 [7] and the associated documents [13, 16, 12, 5] as they provide significant background as to the motivation and underlying principles behind RIPE-181 and consequently, RPSL. For a tutorial on RPSL, the reader should read the RPSL applications document [4].
本文件自成体系。不过,我们鼓励读者阅读 RIPE-181 [7] 和相关文件 [13, 16, 12, 5],因为它们提供了 RIPE-181 以及 RPSL 背后动机和基本原则的重要背景。关于 RPSL 的教程,读者应阅读 RPSL 应用文档[4]。
2 RPSL Names, Reserved Words, and Representation
2 RPSL 名称、保留字和表示法
Each class has a set of attributes which store a piece of information about the objects of the class. Attributes can be mandatory or optional: A mandatory attribute has to be defined for all objects of the class; optional attributes can be skipped. Attributes can also be single or multiple valued. Each object is uniquely identified by a set of attributes, referred to as the class "key".
每个类都有一组属性,这些属性存储了有关该类对象的信息。属性可以是必须的,也可以是可选的:强制属性必须为类的所有对象定义;可选属性可以跳过。属性也可以是单值或多值的。每个对象都由一组属性唯一标识,这组属性被称为类的 "键"。
The value of an attribute has a type. The following types are most widely used. Note that RPSL is case insensitive and only the characters from the ASCII character set can be used.
属性值有一个类型。以下类型使用最为广泛。请注意,RPSL 不区分大小写,只能使用 ASCII 字符集中的字符。
<object-name> Many objects in RPSL have a name. An <object-name> is made up of letters, digits, the character underscore "_", and the character hyphen "-"; the first character of a name must be a letter, and the last character of a name must be a letter or a digit. The following words are reserved by RPSL, and they can not be used as names:
<对象名称> RPSL 中的许多对象都有一个名称。<object-name> 由字母、数字、下划线"_"和连字符"-"组成;名称的第一个字符必须是字母,最后一个字符必须是字母或数字。以下单词是 RPSL 保留的,不能用作名称:
any as-any rs-any peeras and or not atomic from to at action accept announce except refine networks into inbound outbound
any as-any rs-any peeras and or not atomic from to at action accept announce except refine networks into inbound outbound
Names starting with certain prefixes are reserved for certain object types. Names starting with "as-" are reserved for as set names. Names starting with "rs-" are reserved for route set names. Names starting with "rtrs-" are reserved for router set names. Names starting with "fltr-" are reserved for filter set names. Names starting with "prng-" are reserved for peering set names.
以某些前缀开头的名称保留给某些对象类型。以 "as-"开头的名称保留给路由集名称。以 "rs-"开头的名称保留给路由集名称。以 "rtrs-"开头的名称保留给路由器集名称。以 "fltr-"开头的名称保留用于过滤集名称。以 "prng-"开头的名称保留用于对等网络组名称。
<as-number> An AS number x is represented as the string "ASx". That is, the AS 226 is represented as AS226.
<as-number> AS 号码 x 用字符串 "ASx "表示。也就是说,AS 226 表示为 AS226。
<ipv4-address> An IPv4 address is represented as a sequence of four integers in the range from 0 to 255 separated by the character dot ".". For example, 128.9.128.5 represents a valid IPv4 address. In the rest of this document, we may refer to IPv4 addresses as IP addresses.
<ipv4-address> IPv4 地址由 0 至 255 范围内的四个整数组成,中间用点". "分隔。例如,128.9.128.5 表示一个有效的 IPv4 地址。在本文档的其余部分,我们将 IPv4 地址称为 IP 地址。
<address-prefix> An address prefix is represented as an IPv4 address followed by the character slash "/" followed by an integer in the range from 0 to 32. The following are valid address prefixes: 128.9.128.5/32, 128.9.0.0/16, 0.0.0.0/0; and the following address prefixes are invalid: 0/0, 128.9/16 since 0 or 128.9 are not strings containing four integers.
<address-prefix> 地址前缀用 IPv4 地址表示,后面是斜线"/",再后面是 0 到 32 之间的整数。以下是有效的地址前缀:128.9.128.5/32、128.9.0.0/16、0.0.0.0/0;以下地址前缀无效:0/0、128.9/16,因为 0 或 128.9 不是包含四个整数的字符串。
<address-prefix-range> An address prefix range is an address prefix followed by an optional range operator. The range operators are:
<address-prefix-range> 地址前缀范围是一个地址前缀,后面跟一个可选的范围操作符。范围操作符有
^- is the exclusive more specifics operator; it stands for the more specifics of the address prefix excluding the address prefix itself. For example, 128.9.0.0/16^- contains all the more specifics of 128.9.0.0/16 excluding 128.9.0.0/16.
^- 是排他性的更具体运算符;代表地址前缀的更具体内容,不包括地址前缀本身。例如,128.9.0.0/16^- 包含除 128.9.0.0/16 以外的 128.9.0.0/16 的所有详细信息。
^+ is the inclusive more specifics operator; it stands for the more specifics of the address prefix including the address prefix itself. For example, 5.0.0.0/8^+ contains all the more specifics of 5.0.0.0/8 including 5.0.0.0/8.
^+ 是包含更多具体内容的运算符;它代表地址前缀的更多具体内容,包括地址前缀本身。例如,5.0.0.0/8^+ 包含 5.0.0.0/8 的所有详细信息,包括 5.0.0.0/8。
^n where n is an integer, stands for all the length n specifics of the address prefix. For example, 30.0.0.0/8^16 contains all the more specifics of 30.0.0.0/8 which are of length 16 such as 30.9.0.0/16.
^n 其中 n 为整数,代表地址前缀的所有长度为 n 的具体内容。例如,30.0.0.0/8^16 包含长度为 16 的 30.0.0.0/8 的所有更多细节,如 30.9.0.0/16。
^n-m where n and m are integers, stands for all the length n to length m specifics of the address prefix. For example, 30.0.0.0/8^24-32 contains all the more specifics of 30.0.0.0/8 which are of length 24 to 32 such as 30.9.9.96/28.
^n-m 其中 n 和 m 为整数,代表地址前缀的所有长度 n 到长度 m 的具体内容。例如,30.0.0.0/8^24-32 包含 30.0.0.0/8 中长度为 24 至 32 的所有更多具体内容,如 30.9.9.96/28。
Range operators can also be applied to address prefix sets. In this case, they distribute over the members of the set. For example, for a route-set (defined later) rs-foo, rs-foo^+ contains all the inclusive more specifics of all the prefixes in rs-foo.
范围运算符也可用于地址前缀集。在这种情况下,运算符会对地址前缀集的成员进行分配。例如,对于路由集(稍后定义)rs-foo,rs-foo^+ 包含了 rs-foo 中所有前缀的更多具体内容。
It is an error to follow a range operator with another one (e.g. 30.0.0.0/8^24-28^+ is an error). However, a range operator can be applied to an address prefix set that has address prefix ranges in it (e.g. {30.0.0.0/8^24-28}^27-30 is not an error). In this case, the outer operator ^n-m distributes over the inner operator ^k-l and becomes the operator ^max(n,k)-m if m is greater than or equal to max(n,k), or otherwise, the prefix is deleted from the set. Note that the operator ^n is equivalent to ^n-n; prefix/l^+ is equivalent to prefix/l^l-32; prefix/l^- is equivalent to prefix/l^(l+1)-32; {prefix/l^n-m}^+ is equivalent to {prefix/l^n-32}; and {prefix/l^n-m}^- is equivalent to {prefix/l^(n+1)-32}. For example,
在范围运算符后接另一个范围运算符是错误的(例如,30.0.0.0/8^24-28^+ 就是一个错误)。但是,范围运算符可以应用于包含地址前缀范围的地址前缀集(例如,{30.0.0.0/8^24-28}^27-30 并非错误)。在这种情况下,如果 m 大于或等于 max(n,k),则外层运算符 ^n-m 分配给内层运算符 ^k-l,成为运算符 ^max(n,k)-m;否则,前缀将从集合中删除。请注意,运算符 ^n 等同于 ^n-n;前缀/l^+ 等同于前缀/l^l-32;前缀/l^- 等同于前缀/l^(l+1)-32;{前缀/l^n-m}^+ 等同于{前缀/l^n-32};{前缀/l^n-m}^- 等同于{前缀/l^(n+1)-32}。例如
{128.9.0.0/16^+}^- == {128.9.0.0/16^-}
{128.9.0.0/16^-}^+ == {128.9.0.0/16^-}
{128.9.0.0/16^17}^24 == {128.9.0.0/16^24}
{128.9.0.0/16^20-24}^26-28 == {128.9.0.0/16^26-28}
{128.9.0.0/16^20-24}^22-28 == {128.9.0.0/16^22-28}
{128.9.0.0/16^20-24}^18-28 == {128.9.0.0/16^20-28}
{128.9.0.0/16^20-24}^18-22 == {128.9.0.0/16^20-22}
{128.9.0.0/16^20-24}^18-19 == {}
<date> A date is represented as an eight digit integer of the form YYYYMMDD where YYYY represents the year, MM represents the month of the year (01 through 12), and DD represents the day of the month (01 through 31). All dates are in UTC unless otherwise specified. For example, June 24, 1996 is represented as 19960624.
<日期> 日期用八位整数表示,形式为 YYYYMMDD,其中 YYYY 代表年,MM 代表年中的月份(01 至 12),DD 代表月中的日(01 至 31)。除非另有说明,否则所有日期都以 UTC 为单位。例如,1996 年 6 月 24 日表示为 1990624。
<email-address>is as described in RFC-822 [10].
<email-address> 如 RFC-822 [10] 所述。
<dns-name>is as described in RFC-1034 [17].
<dns-name> 如 RFC-1034 [17] 所述。
<nic-handle> is a uniquely assigned identifier word used by routing, address allocation, and other registries to unambiguously refer to contact information. Person and role classes map NIC handles to actual person names, and contact information.
<nic-handle> 是一个唯一指定的标识符,路由、地址分配和其他注册机构使用它来明确引用联系人信息。人员和角色类将 NIC 句柄映射到实际人员姓名和联系信息。
<free-form>is a sequence of ASCII characters.
<free-form> 是一个 ASCII 字符序列。
<X-name> is a name of an object of type X. That is <mntner-name> is a name of a mntner object.
<X-name> 是 X 类型对象的名称,即 <mntner-name> 是 mntner 对象的名称。
<registry-name> is a name of an IRR registry. The routing registries are listed in Appendix A.
<registry-name> 是 IRR 注册表的名称。附录 A 列出了路由注册表。
A value of an attribute may also be a list of one of these types. A list is represented by separating the list members by commas ",". For example, "AS1, AS2, AS3, AS4" is a list of AS numbers. Note that being list valued and being multiple valued are orthogonal. A multiple valued attribute has more than one value, each of which may or may not be a list. On the other hand a single valued attribute may have a list value.
属性值也可以是上述类型之一的列表。列表用逗号", "分隔。例如,"AS1, AS2, AS3, AS4 "是一个 AS 编号列表。请注意,列表值属性和多重值属性是正交的。多值属性有多个值,每个值可能是也可能不是一个列表。另一方面,单值属性可能有一个列表值。
An RPSL object is textually represented as a list of attribute-value pairs. Each attribute-value pair is written on a separate line. The attribute name starts at column 0, followed by character ":" and followed by the value of the attribute. The attribute which has the same name as the object's class should be specified first. The object's representation ends when a blank line is encountered. An attribute's value can be split over multiple lines, by having a space, a tab or a plus ('+') character as the first character of the continuation lines. The character "+" for line continuation allows attribute values to contain blank lines. More spaces may optionally be used after the continuation character to increase readability. The order of attribute-value pairs is significant.
RPSL 对象以属性-值对列表的文本形式表示。每个属性值对都单独成行。属性名从第 0 列开始,后面是字符":",然后是属性值。应首先指定与对象类同名的属性。遇到空行时,对象表示结束。属性值可以分割成多行,方法是用空格、制表符或加号("+")字符作为续行的第一个字符。用于续行的字符 "+"允许属性值包含空行。为增加可读性,可选择在续行符后使用更多空格。属性值对的顺序很重要。
An object's description may contain comments. A comment can be anywhere in an object's definition, it starts at the first "#" character on a line and ends at the first end-of-line character. White space characters can be used to improve readability.
对象的描述可以包含注释。注释可以出现在对象定义的任何地方,从一行中第一个 "#"字符开始,到第一个行尾字符结束。可以使用空白字符来提高可读性。
An integer can be specified using (1) the C programming language notation (e.g. 1, 12345); (2) sequence of four 1-octet integers (in the range from 0 to 255) separated by the character dot "." (e.g. 1.1.1.1, 255.255.0.0), in this case a 4-octet integer is formed by concatenating these 1-octet integers in the most significant to least significant order; (3) sequence of two 2-octet integers (in the range from 0 to 65535) separated by the character colon ":" (e.g. 3561:70, 3582:10), in this case a 4-octet integer is formed by concatenating these 2-octet integers in the most significant to least significant order.
一个整数可以用以下方式指定:(1) C 程序语言符号(如 1、12345);(2) 由四个 1 八位整数(范围在 0 至 255 之间)组成的序列,中间用字符点". "隔开(如 1.1.1.1、255.255.0.0),在这种情况下,将这些 1 八位整数按照从有意义到无意义的顺序连接起来,就形成了一个 4 八位整数;(3)由两个 2 八位整数(范围从 0 到 65535)组成的序列,中间用冒号": "隔开(例如 3561:70,3582:10),在这种情况下,将这些 2 八位整数按照从有意义到无意义的顺序连接起来,就形成了一个 4 八位整数。
3 Contact Information
3 联系信息
The mntner, person and role classes, admin-c, tech-c, mnt-by, changed, and source attributes of all classes describe contact information. The mntner class also specifies authenticaiton information required to create, delete and update other objects. These classes do not specify routing policies and each registry may have different or additional requirements on them. Here we present the common denominator for completeness which is the RIPE database implementation [16]. Please consult your routing registry for the latest specification of these classes and attributes. The "Routing Policy System Security" document [20] describes the authenticaiton and authorization model in more detail.
所有类中的 mntner、person 和 role 类、admin-c、tech-c、mnt-by、changed 和 source 属性都描述了联系人信息。mntner 类还指定了创建、删除和更新其他对象所需的验证信息。这些类没有指定路由策略,每个注册表可能对它们有不同或额外的要求。为了完整起见,我们在此介绍 RIPE 数据库实现 [16]。有关这些类别和属性的最新规范,请咨询您的路由注册机构。路由策略系统安全 "文档 [20] 更详细地描述了身份验证和授权模型。
The mntner class specifies authenticaiton information required to create, delete and update RPSL objects. A provider, before he/she can create RPSL objects, first needs to create a mntner object. The attributes of the mntner class are shown in Figure 1. The mntner class was first described in [13].
mntner 类指定了创建、删除和更新 RPSL 对象所需的验证信息。提供者在创建 RPSL 对象之前,首先需要创建一个 mntner 对象。mntner 类的属性如图 1 所示。mntner 类最早见于文献 [13]。
The mntner attribute is mandatory and is the class key. Its value is an RPSL name. The auth attribute specifies the scheme that will be used to identify and authenticate update requests from this maintainer. It has the following syntax:
mntner 属性是强制属性,也是类键。其值是一个 RPSL 名称。auth 属性指定用于识别和验证该维护者的更新请求的方案。其语法如下
auth: <scheme-id> <auth-info>
E.g. auth: NONE
例如:授权:无
Attribute Value Type
mntner <object-name> mandatory, single-valued, class key
descr <free-form> mandatory, single-valued
auth see description in text mandatory, multi-valued
upd-to <email-address> mandatory, multi-valued
mnt-nfy <email-address> optional, multi-valued
tech-c <nic-handle> mandatory, multi-valued
admin-c <nic-handle> optional, multi-valued
remarks <free-form> optional, multi-valued
notify <email-address> optional, multi-valued
mnt-by list of <mntner-name> mandatory, multi-valued
changed <email-address> <date> mandatory, multi-valued
source <registry-name> mandatory, single-valued
Figure 1: mntner Class Attributes
图 1:mntner 类属性
auth: CRYPT-PW dhjsdfhruewf
auth: MAIL-FROM .*@ripe\.net
The <scheme-id>'s currently defined are: NONE, MAIL-FROM, PGP-KEY and CRYPT-PW. The <auth-info> is additional information required by a particular scheme: in the case of MAIL-FROM, it is a regular expression matching valid email addresses; in the case of CRYPT-PW, it is a password in UNIX crypt format; and in the case of PGP-KEY, it is a pointer to key-certif object [22] containing the PGP public key of the user. If multiple auth attributes are specified, an update request satisfying any one of them is authenticated to be from the maintainer.
目前定义的 <scheme-id> 包括NONE、MAIL-FROM、PGP-KEY 和 CRYPT-PW。<auth-info> 是特定方案所需的附加信息:对于 MAIL-FROM,它是匹配有效电子邮件地址的正则表达式;对于 CRYPT-PW,它是 UNIX 加密格式的密码;对于 PGP-KEY,它是指向 key-certif 对象 [22] 的指针,其中包含用户的 PGP 公钥。如果指定了多个 auth 属性,满足其中任何一个属性的更新请求都会被认证为来自维护者。
The upd-to attribute is an email address. On an unauthorized update attempt of an object maintained by this maintainer, an email message will be sent to this address. The mnt-nfy attribute is an email address. A notification message will be forwarded to this email address whenever an object maintained by this maintainer is added, changed or deleted.
upd-to 属性是一个电子邮件地址。如果该维护者维护的对象出现未经授权的更新尝试,将向该地址发送电子邮件。mnt-nfy 属性是一个电子邮件地址。每当该维护者维护的对象被添加、更改或删除时,都会向该电子邮件地址转发一条通知消息。
The descr attribute is a short, free-form textual description of the object. The tech-c attribute is a technical contact NIC handle. This is someone to be contacted for technical problems such as misconfiguration. The admin-c attribute is an administrative contact NIC handle. The remarks attribute is a free text explanation or clarification. The notify attribute is an email address to which notifications of changes to this object should be sent. The mnt-by attribute is a list of mntner object names. The authorization for changes to this object is governed by any of the maintainer objects referenced. The changed attribute documents who last changed this object, and when this change was made. Its syntax has the following form:
descr 属性是对对象的简短、自由格式文本描述。tech-c 属性是 NIC 技术联系人句柄。如果出现配置错误等技术问题,可与此人联系。admin-c 属性是网卡管理联系人句柄。remarks 属性是自由文本解释或说明。notify 属性是一个电子邮件地址,此对象的更改通知应发送至该地址。mnt-by 属性是 mntner 对象名称列表。对该对象的更改授权由所引用的维护者对象决定。changed 属性记录了最后一次更改此对象的人和时间。其语法形式如下
changed: <email-address> <YYYYMMDD>
E.g. changed: [email protected] 19900401
例如:[email protected] 19900401
The <email-address> identifies the person who made the last change. <YYYYMMDD> is the date of the change. The source attribute specifies the registry where the object is registered. Figure 2 shows an example mntner object. In the example, UNIX crypt format password authentication is used.
<email-address> 表示上次更改的人。<YYYYMMDD> 是更改日期。源属性指定注册对象的注册表。图 2 显示了一个 mntner 对象示例。示例中使用的是 UNIX 密码格式口令验证。
mntner: RIPE-NCC-MNT descr: RIPE-NCC Maintainer admin-c: DK58 tech-c: OPS4-RIPE upd-to: [email protected] mnt-nfy: [email protected] auth: CRYPT-PW lz1A7/JnfkTtI mnt-by: RIPE-NCC-MNT changed: [email protected] 19970820 source: RIPE
Figure 2: An example mntner object.
图 2:一个 mntner 对象示例。
The descr, tech-c, admin-c, remarks, notify, mnt-by, changed and source attributes are attributes of all RPSL classes. Their syntax, semantics, and mandatory, optional, multi-valued, or single-valued status are the same for for all RPSL classes. Only exception to this is the admin-c attribute which is mandatory for the aut-num class. We do not further discuss them in other sections.
descr、tech-c、admin-c、 remarks、notify、mnt-by、anged 和 source 属性是所有 RPSL 类的属性。它们的语法、语义以及强制、可选、多值或单值状态对所有 RPSL 类都是相同的。唯一例外的是 admin-c 属性,它对 aut-num 类是强制性的。我们在其他章节中不再进一步讨论它们。
A person class is used to describe information about people. Even though it does not describe routing policy, we still describe it here briefly since many policy objects make reference to person objects. The person class was first described in [15].
人员类用于描述有关人员的信息。尽管它并不描述路由策略,但由于许多策略对象都会引用人对象,因此我们还是在此简要介绍一下。人物类最早出现在 [15] 中。
The attributes of the person class are shown in Figure 3. The person attribute is the full name of the person. The phone and the fax-no attributes have the following syntax:
人物类的属性如图 3 所示。person 属性是个人的全名。电话和传真号码属性的语法如下:
phone: +<country-code> <city> <subscriber> [ext. <extension>]
E.g.: phone: +31 20 12334676
例如:电话+31 20 12334676
Attribute Value Type
person <free-form> mandatory, single-valued
nic-hdl <nic-handle> mandatory, single-valued, class key
address <free-form> mandatory, multi-valued
phone see description in text mandatory, multi-valued
fax-no same as phone optional, multi-valued
e-mail <email-address> mandatory, multi-valued
Figure 3: person Class Attributes
图 3:人的类别属性
phone: +44 123 987654 ext. 4711
电话+44 123 987654 ext.
Figure 4 shows an example person object.
图 4 显示了一个人物对象示例。
person: Daniel Karrenberg address: RIPE Network Coordination Centre (NCC) address: Singel 258 address: NL-1016 AB Amsterdam address: Netherlands phone: +31 20 535 4444 fax-no: +31 20 535 4445 e-mail: [email protected] nic-hdl: DK58 changed: [email protected] 19970616 source: RIPE
Figure 4: An example person object.
图 4:人物对象示例。
The role class is similar to the person object. However, instead of describing a human being, it describes a role performed by one or more human beings. Examples include help desks, network monitoring centers, system administrators, etc. Role object is particularly useful since often a person performing a role may change, however the role itself remains.
角色类与人对象类似。不过,它描述的不是一个人,而是一个或多个人扮演的角色。例如,服务台、网络监控中心、系统管理员等。角色对象特别有用,因为通常情况下,执行角色的人可能会改变,但角色本身不会改变。
The attributes of the role class are shown in Figure 5. The nic-hdl attributes of the person and role classes share the same name space. The trouble attribute of role object may contain additional contact information to be used when a problem arises in any object that references this role object. Figure 6 shows an example role object.
角色类的属性如图 5 所示。人员类和角色类的 nic-hdl 属性共享同一个名称空间。角色对象的 trouble 属性可包含额外的联系信息,以便在任何引用该角色对象的对象出现问题时使用。图 6 显示了一个角色对象示例。
Attribute Value Type
role <free-form> mandatory, single-valued
nic-hdl <nic-handle> mandatory, single-valued,
class key
trouble <free-form> optional, multi-valued
address <free-form> mandatory, multi-valued
phone see description in text mandatory, multi-valued
fax-no same as phone optional, multi-valued
e-mail <email-address> mandatory, multi-valued
Figure 5: role Class Attributes
图 5:角色类属性
role: RIPE NCC Operations trouble: address: Singel 258 address: 1016 AB Amsterdam address: The Netherlands phone: +31 20 535 4444 fax-no: +31 20 545 4445 e-mail: [email protected] admin-c: CO19-RIPE tech-c: RW488-RIPE tech-c: JLSD1-RIPE nic-hdl: OPS4-RIPE notify: [email protected] changed: [email protected] 19970926 source: RIPE
Figure 6: An example role object.
图 6:角色对象示例
4 route Class
4 路线类
Each interAS route (also referred to as an interdomain route) originated by an AS is specified using a route object. The attributes of the route class are shown in Figure 7. The route attribute is the address prefix of the route and the origin attribute is the AS number of the AS that originates the route into the interAS routing system. The route and origin attribute pair is the class key.
由 AS 发起的每个 AS 间路由(也称为域间路由)都使用路由对象来指定。路由类的属性如图 7 所示。路由属性是路由的地址前缀,起源属性是将路由发源到 interAS 路由系统的 AS 的 AS 号。路由和起源属性对是类的密钥。
Figure 8 shows examples of four route objects (we do not include contact attributes such as admin-c, tech-c for brevity). Note that the last two route objects have the same address prefix, namely 128.8.0.0/16. However, they are different route objects since they are originated by different ASes (i.e. they have different keys).
图 8 显示了四个路由对象的示例(为简洁起见,我们不包括 admin-c 和 tech-c 等联系人属性)。请注意,最后两个路由对象具有相同的地址前缀,即 128.8.0.0/16。但是,它们是不同的路由对象,因为它们来自不同的 AS(即它们有不同的密钥)。
Attribute Value Type
route <address-prefix> mandatory, single-valued,
class key
origin <as-number> mandatory, single-valued,
class key
member-of list of <route-set-names> optional, multi-valued
see Section 5
inject see Section 8 optional, multi-valued
components see Section 8 optional, single-valued
aggr-bndry see Section 8 optional, single-valued
aggr-mtd see Section 8 optional, single-valued
export-comps see Section 8 optional, single-valued
holes see Section 8 optional, multi-valued
Figure 7: route Class Attributes
图 7:路由类别属性
route: 128.9.0.0/16 origin: AS226
路由:128.9.0.0/16 起源:AS226
route: 128.99.0.0/16 origin: AS226
路由:128.99.0.0/16 起源:AS226
route: 128.8.0.0/16 origin: AS1
路由:128.8.0.0/16 起源:AS1
route: 128.8.0.0/16 origin: AS2
路由:128.8.0.0/16 起源:AS2
Figure 8: Route Objects
图 8:路由对象
5 Set Classes
5 套课程
To specify policies, it is often useful to define sets of objects. For this purpose we define as-set, route-set, rtr-set, filter-set, and peering-set classes. These classes define a named set. The members of these sets can be specified either directly by listing them in the sets' definition, or indirectly by having member objects refer to the sets' names, or a combination of both methods.
要指定策略,通常需要定义对象集。为此,我们定义了 as-set、route-set、rtr-set、filter-set 和 peering-set 类。这些类定义了一个已命名的集合。这些集合的成员可以直接在集合定义中列出,也可以让成员对象间接引用集合的名称,还可以结合使用这两种方法。
A set's name is an rpsl word with the following restrictions: All as-set names start with prefix "as-". All route-set names start with prefix "rs-". All rtr-set names start with prefix "rtrs-". All filter-set names start with prefix "fltr-". All peering-set names start with prefix "prng-". For example, as-foo is a valid as-set name.
集合名称是一个 rpsl 词,有以下限制:所有 as-set 名称都以前缀 "as-"开头。所有路由集名称均以前缀 "rs-"开头。所有 rtr-set 名称都以前缀 "rtrs-"开头。所有过滤集名称均以前缀 "fltr-"开头。所有对等网络集名称均以前缀 "prng-"开头。例如,as-foo 是一个有效的 as-set 名称。
Set names can also be hierarchical. A hierarchical set name is a sequence of set names and AS numbers separated by colons ":". At least one component of such a name must be an actual set name (i.e. start with one of the prefixes above). All the set name components of an hierarchical name has to be of the same type. For example, the following names are valid: AS1:AS-CUSTOMERS, AS1:RS-EXPORT:AS2, RS-EXCEPTIONS:RS-BOGUS.
数据集名称也可以是分层的。分层集合名称是集合名称和 AS 编号的序列,以冒号": "分隔。这种名称的至少一个组成部分必须是实际的集合名称(即以上述前缀之一开头)。分层名称中的所有集合名称组件必须是同一类型。例如,以下名称是有效的:as1:as-customers、as1:rs-export:as2、rs-exceptions:rs-bogus。
The purpose of an hierarchical set name is to partition the set name space so that the maintainers of the set X1 controls the whole set name space underneath, i.e. X1:...:Xn-1. Thus, a set object with name X1:...:Xn-1:Xn can only be created by the maintainer of the object with name X1:...:Xn-1. That is, only the maintainer of AS1 can create a set with name AS1:AS-FOO; and only the maintainer of AS1:AS-FOO can create a set with name AS1:AS-FOO:AS-BAR. Please see RPS Security Document [20] for details.
分层集合名称的目的是划分集合名称空间,以便集合 X1 的维护者控制下面的整个集合名称空间,即 X1:...:Xn-1。因此,名称为 X1:...:Xn-1:Xn 的集合对象只能由名称为 X1:...:Xn-1 的对象的维护者创建。也就是说,只有 AS1 的维护者才能创建名称为 AS1:AS-FOO 的集合;也只有 AS1:AS-FOO 的维护者才能创建名称为 AS1:AS-FOO:AS-BAR 的集合。详情请参见 RPS 安全文档 [20]。
The attributes of the as-set class are shown in Figure 9. The as-set attribute defines the name of the set. It is an RPSL name that starts with "as-". The members attribute lists the members of the set. The members attribute is a list of AS numbers, or other as-set names.
as-set 类的属性如图 9 所示。as-set 属性定义了集合的名称。它是以 "as-"开头的 RPSL 名称。members 属性列出了集合的成员。members 属性是 AS 编号或其他 as-set 名称的列表。
Attribute Value Type
as-set <object-name> mandatory, single-valued,
class key
members list of <as-numbers> or optional, multi-valued
<as-set-names>
mbrs-by-ref list of <mntner-names> optional, multi-valued
Figure 9: as-set Class Attributes
图 9:as-set 类属性
Figure 10 presents two as-set objects. The set as-foo contains two ASes, namely AS1 and AS2. The set as-bar contains the members of the set as-foo and AS3, that is it contains AS1, AS2, AS3. The set as-empty contains no members.
图 10 展示了两个 as-set 对象。集合 as-foo 包含两个 AS,即 AS1 和 AS2。集合 as-bar 包含集合 as-foo 和 AS3 的成员,即包含 AS1、AS2、AS3。集合 as-empty 不包含任何成员。
as-set: as-foo as-set: as-bar as-set: as-empty
members: AS1, AS2 members: AS3, as-foo
Figure 10: as-set objects.
图 10:as-set 对象。
The mbrs-by-ref attribute is a list of maintainer names or the keyword ANY. If this attribute is used, the AS set also includes ASes whose aut-num objects are registered by one of these maintainers and whose member-of attribute refers to the name of this AS set. If the value of a mbrs-by-ref attribute is ANY, any AS object referring to the AS set is a member of the set. If the mbrs-by-ref attribute is missing, only the ASes listed in the members attribute are members of the set.
mbrs-by-ref 属性是维护者名称列表或关键字 ANY。如果使用了该属性,AS 集还包括其 aut-num 对象由这些维护者之一注册且其 member-of 属性指向该 AS 集名称的 AS。如果 mbrs-by-ref 属性的值是 ANY,则任何引用该 AS 集的 AS 对象都是该 AS 集的成员。如果 mbrs-by-ref 属性缺失,则只有 members 属性中列出的 AS 才是该集合的成员。
as-set: as-foo members: AS1, AS2 mbrs-by-ref: MNTR-ME
as-set: as-foo 成员:AS1, AS2 mbrs-by-ref: MNTR-ME
aut-num: AS3 aut-num: AS4
member-of: as-foo member-of: as-foo
mnt-by: MNTR-ME mnt-by: MNTR-OTHER
Figure 11: as-set objects.
图 11:as-set 对象。
Figure 11 presents an example as-set object that uses the mbrs-by-ref attribute. The set as-foo contains AS1, AS2 and AS3. AS4 is not a member of the set as-foo even though the aut-num object references as-foo. This is because MNTR-OTHER is not listed in the as-foo's mbrs-by-ref attribute.
图 11 展示了一个使用 mbrs-by-ref 属性的 as-set 对象示例。集合 as-foo 包含 AS1、AS2 和 AS3。尽管 aut-num 对象引用了 as-foo,但 AS4 并不是 as-foo 集合的成员。这是因为在 as-foo 的 mbrs-by-ref 属性中没有列出 MNTR-OTHER。
The attributes of the route-set class are shown in Figure 12. The route-set attribute defines the name of the set. It is an RPSL name that starts with "rs-". The members attribute lists the members of the set. The members attribute is a list of address prefixes or other route-set names. Note that, the route-set class is a set of route prefixes, not of RPSL route objects.
路由集类的属性如图 12 所示。路由集属性定义了路由集的名称。它是以 "rs-"开头的 RPSL 名称。members 属性列出了集合的成员。members 属性是地址前缀或其他路由集名称的列表。请注意,路由集类是一组路由前缀,而不是 RPSL 路由对象。
Attribute Value Type
route-set <object-name> mandatory,
single-valued,
class key
members list of <address-prefix-range> or optional, multi-valued
<route-set-name> or
<route-set-name><range-operator>
mbrs-by-ref list of <mntner-names> optional, multi-valued
Figure 12: route-set Class Attributes
图 12:路由集类别属性
Figure 13 presents some example route-set objects. The set rs-foo contains two address prefixes, namely 128.9.0.0/16 and 128.9.0.0/24. The set rs-bar contains the members of the set rs-foo and the address prefix 128.7.0.0/16.
图 13 展示了一些路由集对象示例。路由集 rs-foo 包含两个地址前缀,即 128.9.0.0/16 和 128.9.0.0/24。路由集 rs-bar 包含路由集 rs-foo 的成员和地址前缀 128.7.0.0/16。
An address prefix or a route-set name in a members attribute can be optionally followed by a range operator. For example, the following set:
成员属性中的地址前缀或路由集名称后面可以选择范围运算符。例如,以下路由集
route-set: rs-foo members: 128.9.0.0/16, 128.9.0.0/24
route-set: rs-foo 成员:128.9.0.0/16, 128.9.0.0/24
route-set: rs-bar members: 128.7.0.0/16, rs-foo
路由集:RS-BAR 成员128.7.0.0/16, rs-foo
Figure 13: route-set Objects
图 13:路由集对象
route-set: rs-bar
members: 5.0.0.0/8^+, 30.0.0.0/8^24-32, rs-foo^+
contains all the more specifics of 5.0.0.0/8 including 5.0.0.0/8, all the more specifics of 30.0.0.0/8 which are of length 24 to 32 such as 30.9.9.96/28, and all the more specifics of address prefixes in route set rs-foo.
包含 5.0.0.0/8 的所有详细信息(包括 5.0.0.0/8)、长度为 24 至 32 的 30.0.0.0/8 的所有详细信息(如 30.9.9.96/28),以及路由集 rs-foo 中地址前缀的所有详细信息。
The mbrs-by-ref attribute is a list of maintainer names or the keyword ANY. If this attribute is used, the route set also includes address prefixes whose route objects are registered by one of these maintainers and whose member-of attribute refers to the name of this route set. If the value of a mbrs-by-ref attribute is ANY, any route object referring to the route set name is a member. If the mbrs-by-ref attribute is missing, only the address prefixes listed in the members attribute are members of the set.
mbrs-by-ref 属性是维护者名称列表或关键字 ANY。如果使用了该属性,路由集还会包含路由对象由这些维护者之一注册且其 member-of 属性指向该路由集名称的地址前缀。如果 mbrs-by-ref 属性的值是 ANY,则任何引用路由集名称的路由对象都是成员。如果缺少 mbrs-by-ref 属性,则只有 members 属性中列出的地址前缀才是路由集的成员。
route-set: rs-foo mbrs-by-ref: MNTR-ME, MNTR-YOU
路由集:RS-FOO MBRS-by-ref: MNTR-ME, MNTR-YOU
route-set: rs-bar members: 128.7.0.0/16 mbrs-by-ref: MNTR-YOU
路由集:RS-BAR 成员:128.7.0.0/16 mbrs-by-ref: MNTR-YOU
route: 128.9.0.0/16 origin: AS1 member-of: rs-foo mnt-by: MNTR-ME
路由:128.9.0.0/16 origin:AS1 member-of: rs-foo mnt-by: MNTR-ME
route: 128.8.0.0/16 origin: AS2 member-of: rs-foo, rs-bar mnt-by: MNTR-YOU
路由:128.8.0.0/16 origin:AS2 member-of: rs-foo, rs-bar mnt-by: MNTR-YOU
Figure 14: route-set objects.
图 14:路由集对象。
Figure 14 presents example route-set objects that use the mbrs-by-ref attribute. The set rs-foo contains two address prefixes, namely 128.8.0.0/16 and 128.9.0.0/16 since the route objects for 128.8.0.0/16 and 128.9.0.0/16 refer to the set name rs-foo in their member-of attribute. The set rs-bar contains the address prefixes 128.7.0.0/16 and 128.8.0.0/16. The route 128.7.0.0/16 is explicitly listed in the members attribute of rs-bar, and the route object for 128.8.0.0/16 refer to the set name rs-bar in its member-of attribute.
图 14 展示了使用 mbrs-by-ref 属性的路由集对象示例。路由集 rs-foo 包含两个地址前缀,即 128.8.0.0/16 和 128.9.0.0/16,因为 128.8.0.0/16 和 128.9.0.0/16 的路由对象在其 member-of 属性中引用了路由集名称 rs-foo。集 rs-bar 包含地址前缀 128.7.0.0/16 和 128.8.0.0/16。路由 128.7.0.0/16 显式列在 rs-bar 的 members 属性中,128.8.0.0/16 的路由对象在其 member-of 属性中引用了集合名称 rs-bar。
Note that, if an address prefix is listed in a members attribute of a route set, it is a member of that route set. The route object corresponding to this address prefix does not need to contain a member-of attribute referring to this set name. The member-of attribute of the route class is an additional mechanism for specifying the members indirectly.
请注意,如果路由集的 members 属性中列出了地址前缀,那么它就是该路由集的成员。与该地址前缀相对应的路由对象无需包含引用该路由集名称的 member-of 属性。路由类的 member-of 属性是一种间接指定成员的附加机制。
In a context that expects a route set (e.g. members attribute of the route-set class), an AS number ASx defines the set of routes that are originated by ASx; and an as-set AS-X defines the set of routes that are originated by the ASes in AS-X. A route p is said to be originated by ASx if there is a route object for p with ASx as the value of the origin attribute. For example, in Figure 15, the route set rs-special contains 128.9.0.0/16, routes of AS1 and AS2, and routes of the ASes in AS set AS-FOO.
在期望路由集(如路由集类的成员属性)的上下文中,AS 号 ASx 定义了由 ASx 发起的路由集;而 AS 集 AS-X 定义了由 AS-X 中的 AS 发起的路由集。如果 p 的路由对象中的 origin 属性值为 ASx,则该路由 p 称为由 ASx 发起。例如,在图 15 中,路由集 rs-special 包含 128.9.0.0/16、AS1 和 AS2 的路由以及 AS 集 AS-FOO 中各 AS 的路由。
route-set: rs-special members: 128.9.0.0/16, AS1, AS2, AS-FOO
路由集:RS-特殊成员:128.9.0.0/16、as1、as2、as-foo
Figure 15: Use of AS numbers and AS sets in route sets.
图 15:在路由集中使用 AS 号和 AS 集。
The set rs-any contains all routes registered in IRR. The set as-any contains all ASes registered in IRR.
路由集 rs-any 包含在 IRR 中注册的所有路由。集合 as-any 包含在 IRR 中注册的所有 AS。
The attributes of the filter-set class are shown in Figure 16. A filter-set object defines a set of routes that are matched by its filter. The filter-set attribute defines the name of the filter. It is an RPSL name that starts with "fltr-".
过滤集类的属性如图 16 所示。filter-set 对象定义了一组由其过滤器匹配的路由。filter-set 属性定义了过滤器的名称。它是一个以 "fltr-"开头的 RPSL 名称。
Attribute Value Type filter-set <object-name> mandatory, single-valued, class key filter <filter> mandatory, single-valued
属性值类型 filter-set <对象名> 必选,单值,类键 filter <筛选器> 必选,单值
Figure 16: filter Class Attributes
图 16:过滤器类别属性
filter-set: fltr-foo
filter: { 5.0.0.0/8, 6.0.0.0/8 }
filter-set: fltr-bar
filter: (AS1 or fltr-foo) and <AS2>
Figure 17: filter-set objects.
图 17:过滤器设置对象。
The filter attribute defines the set's policy filter. A policy filter is a logical expression which when applied to a set of routes returns a subset of these routes. We say that the policy filter matches the subset returned. The policy filter can match routes using any BGP path attribute, such as the destination address prefix (or NLRI), AS-path, or community attributes.
filter 属性定义了路由集的策略过滤器。策略过滤器是一个逻辑表达式,当应用于路由集时,会返回这些路由的一个子集。我们说策略过滤器匹配返回的子集。策略过滤器可以匹配使用任何 BGP 路径属性的路由,如目的地址前缀(或 NLRI)、AS 路径或社区属性。
The policy filters can be composite by using the operators AND, OR, and NOT. The following policy filters can be used to select a subset of routes:
策略筛选器可通过 AND、OR 和 NOT 运算符合成。以下策略筛选器可用于选择路由子集:
ANY The keyword ANY matches all routes.
ANY 关键字 ANY 可匹配所有路由。
Address-Prefix Set This is an explicit list of address prefixes enclosed in braces '{' and '}'. The policy filter matches the set of routes whose destination address-prefix is in the set. For example:
地址前缀集 这是用括号"{"和"}"括起来的地址前缀的明确列表。策略过滤器会匹配目的地地址前缀位于该集合中的路由集。例如
{ 0.0.0.0/0 }
{ 128.9.0.0/16, 128.8.0.0/16, 128.7.128.0/17, 5.0.0.0/8 }
{ }
An address prefix can be optionally followed by a range operator (i.e.
地址前缀后面可以选择范围运算符(即
{ 5.0.0.0/8^+, 128.9.0.0/16^-, 30.0.0.0/8^16, 30.0.0.0/8^24-32 }
contains all the more specifics of 5.0.0.0/8 including 5.0.0.0/8, all the more specifics of 128.9.0.0/16 excluding 128.9.0.0/16, all the more specifics of 30.0.0.0/8 which are of length 16 such as 30.9.0.0/16, and all the more specifics of 30.0.0.0/8 which are of length 24 to 32 such as 30.9.9.96/28.
包含 5.0.0.0/8 的所有详细信息(包括 5.0.0.0/8)、128.9.0.0/16 的所有详细信息(不包括 128.9.0.0/16)、长度为 16 的 30.0.0.0/8 的所有详细信息(如 30.9.0.0/16)以及长度为 24 至 32 的 30.0.0.0/8 的所有详细信息(如 30.9.9.96/28)。
Route Set Name A route set name matches the set of routes that are members of the set. A route set name may be a name of a route-set object, an AS number, or a name of an as-set object (AS numbers and as-set names implicitly define route sets; please see Section 5.3). For example:
路由集名称 路由集名称与作为路由集成员的路由集相匹配。路由集名称可以是路由集对象的名称、AS 号码或 as-set 对象的名称(AS 号码和 as-set 名称隐式定义了路由集;请参阅第 5.3 节)。例如
aut-num: AS1 import: from AS2 accept AS2 import: from AS2 accept AS-FOO import: from AS2 accept RS-FOO
aut-num:AS1 导入:从 AS2 接受 AS2 导入:从 AS2 接受 AS-FOO 导入:从 AS2 接受 RS-FOO
The keyword PeerAS can be used instead of the AS number of the peer AS. PeerAS is particularly useful when the peering is specified using an AS expression. For example:
可以使用关键字 PeerAS 代替对等 AS 的 AS 号。当使用 AS 表达式指定对等互联时,PeerAS 尤其有用。例如
as-set: AS-FOO members: AS2, AS3
AS-set:AS-FOO 成员:AS2, AS3
aut-num: AS1 import: from AS-FOO accept PeerAS
aut-num:AS1 import: from AS-FOO accept PeerAS
is same as:
等于:
aut-num: AS1 import: from AS2 accept AS2 import: from AS3 accept AS3
aut-num:AS1 import: from AS2 accept AS2 import: from AS3 accept AS3
A route set name can also be followed by one of the operators '^-', '^+', example, { 5.0.0.0/8, 6.0.0.0/8 }^+ equals { 5.0.0.0/8^+, 6.0.0.0/8^+ }, and AS1^- equals all the exclusive more specifics of routes originated by AS1.
路由集名称后面还可以跟一个运算符"^-"、"^+",例如,{ 5.0.0.0/8, 6.0.0.0/8 }^+ 等于 { 5.0.0.0/8^+, 6.0.0.0/8^+ },而 AS1^- 等于由 AS1 发起的路由的所有排他性更强的具体内容。
AS Path Regular Expressions An AS-path regular expression can be used as a policy filter by enclosing the expression in `<' and `>'. An AS-path policy filter matches the set of routes which traverses a sequence of ASes matched by the AS-path regular expression. A router can check this using the AS_PATH attribute in the Border Gateway Protocol [19], or the RD_PATH attribute in the Inter-Domain Routing Protocol [18].
AS 路径正则表达式 AS 路径正则表达式可用"<"和">"括起来作为策略过滤器。AS 路径正则表达式匹配的路由集遍历与 AS 路径正则表达式匹配的 AS 序列。路由器可使用《边界网关协议》[19] 中的 AS_PATH 属性或《域间路由协议》[18] 中的 RD_PATH 属性检查这一点。
AS-path Regular Expressions are POSIX compliant regular expressions over the alphabet of AS numbers. The regular expression constructs are as follows:
AS 路径正则表达式是符合 POSIX 标准的 AS 数字字母表正则表达式。正则表达式结构如下:
ASN where ASN is an AS number. ASN matches the AS-path that is of length 1 and contains the corresponding AS number (e.g. AS-path regular expression AS1 matches the AS-path "1").
其中 ASN 是 AS 号码。ASN 与长度为 1 并包含相应 AS 号的 AS 路径匹配(例如,AS 路径正则表达式 AS1 与 AS 路径 "1 "匹配)。
The keyword PeerAS can be used instead of the AS number of the peer AS.
可以使用关键字 PeerAS 代替对等 AS 的 AS 号。
AS-set where AS-set is an AS set name. AS-set matches the AS-paths that is matched by one of the ASes in the AS-set.
AS-set 其中 AS-set 是 AS 集名称。AS-set 与 AS 集中的一个 AS 匹配的 AS 路径相匹配。
. matches the AS-paths matched by any AS number.
匹配任何 AS 编号匹配的 AS 路径。
[...] is an AS number set. It matches the AS-paths matched by the AS numbers listed between the brackets. The AS numbers in the set are separated by white space characters. If a `-' is used between two AS numbers in this set, all AS numbers between the two AS numbers are included in the set. If an as-set name is listed, all AS numbers in the as-set are included.
[...]是 AS 号码集。它匹配括号中列出的 AS 号所匹配的 AS 路径。集合中的 AS 编号之间用空白字符隔开。如果在该集合中的两个 AS 号之间使用了"-",则这两个 AS 号之间的所有 AS 号都包含在该集合中。如果列出了 AS 集名称,则该 AS 集中的所有 AS 号都包括在内。
[^...] is a complemented AS number set. It matches any AS-path which is not matched by the AS numbers in the set.
[^...]是一个补码 AS 号码集。它匹配该集合中的 AS 号不匹配的任何 AS 路径。
^ Matches the empty string at the beginning of an AS-path.
^ 匹配 AS 路径开头的空字符串。
$ Matches the empty string at the end of an AS-path.
$ 匹配 AS 路径末尾的空字符串。
We next list the regular expression operators in the decreasing order of evaluation. These operators are left associative, i.e. performed left to right.
接下来,我们按计算顺序依次列出正则表达式运算符。这些运算符都是左关联运算符,即从左到右执行。
Unary postfix operators * + ? {m} {m,n} {m,}
For a regular expression A, A* matches zero or more occurrences of
A; A+ matches one or more occurrences of A; A? matches zero or
one occurrence of A; A{m} matches m occurrence of A; A{m,n}
matches m to n occurrence of A; A{m,} matches m or more occurrence
of A. For example, [AS1 AS2]{2} matches AS1 AS1, AS1 AS2, AS2 AS1,
and AS2 AS2.
Unary postfix operators ~* ~+ ~{m} ~{m,n} ~{m,} These operators have similar functionality as the corresponding operators listed above, but all occurrences of the regular expression has to match the same pattern. For example, [AS1 AS2]~{2} matches AS1 AS1 and AS2 AS2, but it does not match AS1 AS2 and AS2 AS1.
一元后缀运算符 ~* ~+ ~{m} ~{m,n}~{m,} 这些运算符的功能与上面列出的相应运算符类似,但正则表达式的所有出现必须匹配相同的模式。例如,[AS1 AS2]~{2} 可以匹配 AS1 AS1 和 AS2 AS2,但不能匹配 AS1 AS2 和 AS2 AS1。
Binary catenation operator This is an implicit operator and exists between two regular expressions A and B when no other explicit operator is specified. The resulting expression A B matches an AS-path if A matches some prefix of the AS-path and B matches the rest of the AS-path.
二元归类运算符 这是一个隐式运算符,当没有指定其他显式运算符时,它存在于两个正则表达式 A 和 B 之间。如果 A 与 AS 路径的某些前缀匹配,而 B 与 AS 路径的其余部分匹配,则结果表达式 A B 与 AS 路径匹配。
Binary alternative (or) operator | For a regular expressions A and B, A | B matches any AS-path that is matched by A or B.
二元替代(或)运算符 | 对于正则表达式 A 和 B,A | B 匹配任何与 A 或 B 匹配的 AS 路径。
Parenthesis can be used to override the default order of evaluation. White spaces can be used to increase readability.
括号可用于覆盖默认的评估顺序。可以使用空格来增加可读性。
The following are examples of AS-path filters:
以下是 AS 路径过滤器的示例:
<AS3> <^AS1> <AS2$> <^AS1 AS2 AS3$> <^AS1 .* AS2$>.
<as3> <^as1> <as2$> <^as1 as2 as3$> <^as1 .* as2$>.
The first example matches any route whose AS-path contains AS3, the second matches routes whose AS-path starts with AS1, the third matches routes whose AS-path ends with AS2, the fourth matches routes whose AS-path is exactly "1 2 3", and the fifth matches routes whose AS-path starts with AS1 and ends in AS2 with any number of AS numbers in between.
第一个示例匹配 AS 路径包含 AS3 的任何路由,第二个示例匹配 AS 路径以 AS1 开始的路由,第三个示例匹配 AS 路径以 AS2 结束的路由,第四个示例匹配 AS 路径正好为 "1 2 3 "的路由,第五个示例匹配 AS 路径以 AS1 开始并以 AS2 结束的路由,中间包含任意数量的 AS 号。
Composite Policy Filters The following operators (in decreasing order of evaluation) can be used to form composite policy filters:
复合策略过滤器 下列运算符(按评估顺序递减)可用于形成复合策略过滤器:
NOT Given a policy filter x, NOT x matches the set of routes that are not matched by x. That is it is the negation of policy filter x.
NOT 给定策略过滤器 x,NOT x 会匹配 x 不匹配的路由集。
AND Given two policy filters x and y, x AND y matches the intersection of the routes that are matched by x and that are matched by y.
AND 给定两个策略过滤器 x 和 y,x AND y 匹配 x 匹配的路由和 y 匹配的路由的交集。
OR Given two policy filters x and y, x OR y matches the union of the routes that are matched by x and that are matched by y.
OR 给定两个策略过滤器 x 和 y,x OR y 匹配 x 匹配的路由和 y 匹配的路由的联合。
Note that an OR operator can be implicit, that is `x y' is equivalent to `x OR y'.
请注意,OR 运算符可以是隐式的,即 `x y' 等同于 `x OR y'。
E.g.
NOT {128.9.0.0/16, 128.8.0.0/16}
AS226 AS227 OR AS228
AS226 AND NOT {128.9.0.0/16}
AS226 AND {0.0.0.0/0^0-18}
The first example matches any route except 128.9.0.0/16 and 128.8.0.0/16. The second example matches the routes of AS226, AS227 and AS228. The third example matches the routes of AS226 except 128.9.0.0/16. The fourth example matches the routes of AS226 whose length are not longer than 18.
第一个示例匹配除 128.9.0.0/16 和 128.8.0.0/16 以外的任何路由。第二个示例匹配 AS226、AS227 和 AS228 的路由。第三个示例匹配 AS226 的路由,128.9.0.0/16 除外。第四个示例匹配 AS226 长度不超过 18 的路由。
Routing Policy Attributes Policy filters can also use the values of other attributes for comparison. The attributes whose values can be used in policy filters are specified in the RPSL dictionary. Please refer to Section 7 for details. An example using the the BGP community attribute is shown below:
路由策略属性 策略筛选器还可以使用其他属性的值进行比较。可在策略筛选器中使用其值的属性在 RPSL 字典中指定。详情请参阅第 7 节。使用 BGP 社区属性的示例如下:
aut-num: AS1 export: to AS2 announce AS1 AND NOT community(NO_EXPORT)
aut-num:AS1 export: to AS2 announce AS1 AND NOT community(NO_EXPORT)
Filters using the routing policy attributes defined in the dictionary are evaluated before evaluating the operators AND, OR and NOT.
使用字典中定义的路由策略属性进行筛选后,再评估运算符 AND、OR 和 NOT。
Filter Set Name A filter set name matches the set of routes that are matched by its filter attribute. Note that the filter attribute of a filter set, can recursively refer to other filter set names. For example in Figure 17, fltr-foo matches { 5.0.0.0/8, 6.0.0.0/8 }, and fltr-bar matches AS1'S routes or { 5.0.0.0/8, 6.0.0.0/8 } if their as path contained AS2.
过滤集名称 过滤集名称与其过滤属性匹配的路由集相匹配。请注意,过滤器组的过滤器属性可以递归引用其他过滤器组名称。例如,在图 17 中,fltr-foo 匹配 { 5.0.0.0/8, 6.0.0.0/8 },而 fltr-bar 则匹配 AS1 的路由,如果它们的路径包含 AS2,则匹配 { 5.0.0.0/8, 6.0.0.0/8 }。
The attributes of the rtr-set class are shown in Figure 18. The rtr-set attribute defines the name of the set. It is an RPSL name that starts with "rtrs-". The members attribute lists the members of the set. The members attribute is a list of inet-rtr names, ipv4_addresses or other rtr-set names.
rtr-set 类的属性如图 18 所示。rtr-set 属性定义了集合的名称。它是以 "rtrs-"开头的 RPSL 名称。members 属性列出了集合的成员。members 属性是一个 inet-rtr 名称、ipv4_地址或其他 rtr-set 名称的列表。
Attribute Value Type
rtr-set <object-name> mandatory, single-valued,
class key
members list of <inet-rtr-names> or optional, multi-valued
<rtr-set-names>
or <ipv4_addresses>
mbrs-by-ref list of <mntner-names> optional, multi-valued
Figure 18: rtr-set Class Attributes
图 18:rtr-set 类属性
Figure 19 presents two rtr-set objects. The set rtrs-foo contains two routers, namely rtr1.isp.net and rtr2.isp.net. The set rtrs-bar contains the members of the set rtrs-foo and rtr3.isp.net, that is it contains rtr1.isp.net, rtr2.isp.net, rtr3.isp.net.
图 19 显示了两个 rtr-set 对象。集合 rtrs-foo 包含两个路由器,即 rtr1.isp.net 和 rtr2.isp.net。集合 rtrs-bar 包含集合 rtrs-foo 和 rtr3.isp.net 的成员,即包含 rtr1.isp.net、rtr2.isp.net 和 rtr3.isp.net。
rtr-set: rtrs-foo rtr-set: rtrs-bar
members: rtr1.isp.net, rtr2.isp.net members: rtr3.isp.net, rtrs-foo
Figure 19: rtr-set objects.
图 19:rtr-set 对象。
The mbrs-by-ref attribute is a list of maintainer names or the keyword ANY. If this attribute is used, the router set also includes routers whose inet-rtr objects are registered by one of these maintainers and whose member-of attribute refers to the name of this router set. If the value of a mbrs-by-ref attribute is ANY, any inet-rtr object referring to the router set is a member of the set. If the mbrs-by-ref attribute is missing, only the routers listed in the members attribute are members of the set.
mbrs-by-ref 属性是维护者名称列表或关键字 ANY。如果使用了该属性,路由器集还包括 inet-rtr 对象由这些维护者之一注册且 member-of 属性指向路由器集名称的路由器。如果 mbrs-by-ref 属性的值是 ANY,则任何引用路由器集的 inet-rtr 对象都是路由器集的成员。如果 mbrs-by-ref 属性缺失,则只有 members 属性中列出的路由器才是路由器集的成员。
rtr-set: rtrs-foo members: rtr1.isp.net, rtr2.isp.net mbrs-by-ref: MNTR-ME
rtr-set: rtrs-foo 成员:rtr1.isp.net、rtr2.isp.net mbrs-by-ref: MNTR-ME
inet-rtr: rtr3.isp.net local-as: as1 ifaddr: 1.1.1.1 masklen 30 member-of: rtrs-foo mnt-by: MNTR-ME
inet-rtr:rtr3.isp.net local-as: as1 ifaddr: 1.1.1.1 masklen 30 member-of: rtrs-foo mnt-by: MNTR-ME
Figure 20: rtr-set objects.
图 20:rtr-set 对象。
Figure 20 presents an example rtr-set object that uses the mbrs-by-ref attribute. The set rtrs-foo contains rtr1.isp.net, rtr2.isp.net and rtr3.isp.net.
图 20 展示了一个使用 mbrs-by-ref 属性的 rtr-set 对象示例。集合 rtrs-foo 包含 rtr1.isp.net、rtr2.isp.net 和 rtr3.isp.net。
The attributes of the peering-set class are shown in Figure 21. A peering-set object defines a set of peerings that are listed in its peering attributes. The peering-set attribute defines the name of the set. It is an RPSL name that starts with "prng-".
对等互联集类的属性如图 21 所示。对等互联集对象定义了一组对等互联,这些对等互联列在其对等互联属性中。对等互联集属性定义了对等互联集的名称。它是以 "prng-"开头的 RPSL 名称。
Attribute Value Type peering-set <object-name> mandatory, single-valued, class key peering <peering> mandatory, multi-valued
属性值类型 peering-set <对象名> 必选,单值,类键 peering <对等互联> 必选,多值
Figure 21: filter Class Attributes
图 21:过滤器类别属性
The peering attribute defines a peering that can be used for importing or
对等互联属性定义了一个对等互联,可用于导入或
---------------------- ----------------------
| 7.7.7.1 |-------| |-------| 7.7.7.2 |
| | ======== | |
| AS1 | EX1 |-------| 7.7.7.3 AS2 |
| | | |
| 9.9.9.1 |------ ------| 9.9.9.2 |
---------------------- | | ----------------------
===========
| EX2
---------------------- |
| 9.9.9.3 |---------
| |
| AS3 |
----------------------
Figure 22: Example topology consisting of three ASes, AS1, AS2, and AS3; two exchange points, EX1 and EX2; and six routers.
图 22:由三个 AS(AS1、AS2 和 AS3)、两个交换点(EX1 和 EX2)和六个路由器组成的拓扑示例。
exporting routes. In describing peerings, we are going to use the topology of Figure 22. In this topology, there are three ASes, AS1, AS2, and AS3; two exchange points, EX1 and EX2; and six routers. Routers connected to the same exchange point peer with each other and exchange routing information. That is, 7.7.7.1, 7.7.7.2 and 7.7.7.3 peer with each other; 9.9.9.1, 9.9.9.2 and 9.9.9.3 peer with each other.
导出路由。在描述对等互联时,我们将使用图 22 的拓扑结构。在这个拓扑结构中,有三个 AS,即 AS1、AS2 和 AS3;两个交换点,即 EX1 和 EX2;以及六个路由器。连接到同一交换点的路由器相互对等并交换路由信息。也就是说,7.7.7.1、7.7.7.2 和 7.7.7.3 相互对等;9.9.9.1、9.9.9.2 和 9.9.9.3 相互对等。
The syntax of a peering specification is:
对等互联规范的语法是
<as-expression> [<router-expression-1>] [at <router-expression-2>]
| <peering-set-name>
where <as-expression> is an expression over AS numbers and AS sets using operators AND, OR, and EXCEPT, and <router-expression-1> and <router-expression-2> are expressions over router IP addresses, inet-rtr names, and rtr-set names using operators AND, OR, and EXCEPT. The binary "EXCEPT" operator is the set subtraction operator and has the same precedence as the operator AND (it is semantically equivalent to "AND NOT" combination). That is "(AS1 OR AS2) EXCEPT AS2" equals "AS1".
其中,<as-expression> 是使用运算符 AND、OR 和 EXCEPT 对 AS 号和 AS 集的表达式,<router-expression-1> 和 <router-expression-2> 是使用运算符 AND、OR 和 EXCEPT 对路由器 IP 地址、inet-rtr 名称和 rtr-set 名称的表达式。二进制 "EXCEPT "操作符是集合减法操作符,与操作符 AND 具有相同的优先级(在语义上等同于 "AND NOT "组合)。也就是说,"(AS1 OR AS2)EXCEPT AS2 "等于 "AS1"。
This form identifies all the peerings between any local router in <router-expression-2> to any of their peer routers in <router-expression-1> in the ASes in <as-expression>. If <router-expression-2> is not specified, it defaults to all routers of the local AS that peer with ASes in <as-expression>. If <router-expression-1> is not specified, it defaults to all routers of the peer ASes in <as-expression> that peer with the local AS.
这种形式可识别 <router-expression-2> 中的任何本地路由器与 <as-expression> 中 AS 的 <router-expression-1> 中的任何对等路由器之间的所有对等关系。如果未指定 <router-expression-2>,则默认为与 <as-expression> 中的 AS 对等的本地 AS 的所有路由器。如果未指定 <router-expression-1>,则默认为 <as-expression> 中与本地 AS 对等的对等 AS 的所有路由器。
If a <peering-set-name> is used, the peerings are listed in the corresponding peering-set object. Note that the peering-set objects can be recursive.
如果使用了 <对等网络集名称>,对等网络就会在相应的对等网络集对象中列出。请注意,对等互联集对象可以是递归的。
Many special forms of this general peering specification is possible. The following examples illustrate the most common cases, using the import attribute of the aut-num class. In the following example 7.7.7.1 imports 128.9.0.0/16 from 7.7.7.2.
这种一般的对等互联规范有许多特殊形式。下面的示例使用 aut-num 类的导入属性说明了最常见的情况。在下面的示例中,7.7.7.1 从 7.7.7.2 导入 128.9.0.0/16。
(1) aut-num: AS1
import: from AS2 7.7.7.2 at 7.7.7.1 accept { 128.9.0.0/16 }
In the following example 7.7.7.1 imports 128.9.0.0/16 from 7.7.7.2 and 7.7.7.3.
在下面的示例中,7.7.7.1 从 7.7.7.2 和 7.7.7.3 导入 128.9.0.0/16。
(2) aut-num: AS1
import: from AS2 at 7.7.7.1 accept { 128.9.0.0/16 }
In the following example 7.7.7.1 imports 128.9.0.0/16 from 7.7.7.2 and 7.7.7.3, and 9.9.9.1 imports 128.9.0.0/16 from 9.9.9.2.
在下面的示例中,7.7.7.1 从 7.7.7.2 和 7.7.7.3 导入 128.9.0.0/16,9.9.9.1 从 9.9.9.2 导入 128.9.0.0/16。
(3) aut-num: AS1
import: from AS2 accept { 128.9.0.0/16 }
In the following example 9.9.9.1 imports 128.9.0.0/16 from 9.9.9.2 and 9.9.9.3.
在下面的示例中,9.9.9.1 从 9.9.9.2 和 9.9.9.3 导入 128.9.0.0/16。
(4) as-set: AS-FOO members: AS2, AS3
(4) AS-set:AS-FOO 成员:AS2, AS3
aut-num: AS1
import: from AS-FOO at 9.9.9.1 accept { 128.9.0.0/16 }
In the following example 9.9.9.1 imports 128.9.0.0/16 from 9.9.9.2 and 9.9.9.3, and 7.7.7.1 imports 128.9.0.0/16 from 7.7.7.2 and 7.7.7.3.
在下面的示例中,9.9.9.1 从 9.9.9.2 和 9.9.9.3 导入 128.9.0.0/16,7.7.7.1 从 7.7.7.2 和 7.7.7.3 导入 128.9.0.0/16。
(5) aut-num: AS1
import: from AS-FOO accept { 128.9.0.0/16 }
In the following example AS1 imports 128.9.0.0/16 from AS3 at router 9.9.9.1
在下面的示例中,AS1 通过路由器 9.9.9.1 从 AS3 导入 128.9.0.0/16
(6) aut-num: AS1 import: from AS-FOO and not AS2 at not 7.7.7.1 accept { 128.9.0.0/16 }
(6) aut-num:AS1 import: from AS-FOO and not AS2 at not 7.7.7.1 accept { 128.9.0.0/16 }
This is because "AS-FOO and not AS2" equals AS3 and "not 7.7.7.1" equals 9.9.9.1.
这是因为 "AS-FOO 而非 AS2 "等于 AS3,而 "非 7.7.7.1 "等于 9.9.9.1。
In the following example 9.9.9.1 imports 128.9.0.0/16 from 9.9.9.2 and 9.9.9.3.
在下面的示例中,9.9.9.1 从 9.9.9.2 和 9.9.9.3 导入 128.9.0.0/16。
(7) peering-set: prng-bar peering: AS1 at 9.9.9.1
(7) peering-set: prng-bar peering:AS1 at 9.9.9.1
peering-set: prng-foo peering: prng-bar peering: AS2 at 9.9.9.1
peering-set: prng-foo peering: prng-bar peering:AS2 at 9.9.9.1
aut-num: AS1
import: from prng-foo accept { 128.9.0.0/16 }
6 aut-num Class
6 aut-num 等级
Routing policies are specified using the aut-num class. The attributes of the aut-num class are shown in Figure 23. The value of the aut-num attribute is the AS number of the AS described by this object. The as-name attribute is a symbolic name (in RPSL name syntax) of the AS. The import, export and default routing policies of the AS are specified using import, export and default attributes respectively.
路由策略使用 aut-num 类指定。aut-num 类的属性如图 23 所示。aut-num 属性的值是该对象所描述的 AS 的 AS 号。as-name 属性是 AS 的符号名称(RPSL 名称语法)。AS 的导入、导出和默认路由策略分别使用导入、导出和默认属性指定。
Attribute Value Type aut-num <as-number> mandatory, single-valued, class key as-name <object-name> mandatory, single-valued member-of list of <as-set-names> optional, multi-valued import see Section 6.1 optional, multi valued export see Section 6.2 optional, multi valued default see Section 6.5 optional, multi valued
属性值类型 aut-num <as-number> 必选,单值,类键 as-name <object-name> 必选,单值 member-of list of <as-set-names> 可选,多值导入,见第 6.1 节 可选,多值导出,见第 6.2 节 可选,多值缺省,见第 6.5 节 可选,多值
Figure 23: aut-num Class Attributes
图 23:aut-num 类属性
In RPSL, an import policy is divided into import policy expressions. Each import policy expression is specified using an import attribute. The import attribute has the following syntax (we will extend this syntax later in Sections 6.3 and 6.6):
在 RPSL 中,导入策略分为导入策略表达式。每个导入策略表达式都使用一个导入属性来指定。导入属性的语法如下(我们将在后面的第 6.3 和 6.6 节中扩展该语法):
import: from <peering-1> [action <action-1>]
. . .
from <peering-N> [action <action-N>]
accept <filter>
The action specification is optional. The semantics of an import attribute is as follows: the set of routes that are matched by <filter> are imported from all the peers in <peerings>; while importing routes at <peering-M>, <action-M> is executed.
操作说明是可选的。导入属性的语义如下:从 <peerings> 中的所有对等体导入 <filter> 匹配的路由集;在 <peering-M> 中导入路由时,会执行 <action-M> 操作。
E.g.
aut-num: AS1
import: from AS2 action pref = 1; accept { 128.9.0.0/16 }
This example states that the route 128.9.0.0/16 is accepted from AS2 with preference 1. We already presented how peerings (see Section 5.6) and filters (see Section 5.4) are specified. We next present how to specify actions.
该示例说明接受来自 AS2 的路由 128.9.0.0/16,优先级为 1。我们已经介绍了如何指定对等(参见第 5.6 节)和过滤器(参见第 5.4 节)。接下来我们介绍如何指定操作。
Policy actions in RPSL either set or modify route attributes, such as assigning a preference to a route, adding a BGP community to the BGP community path attribute, or setting the MULTI-EXIT-DISCRIMINATOR attribute. Policy actions can also instruct routers to perform special operations, such as route flap damping.
RPSL 中的策略操作可以设置或修改路由属性,如为路由指定优先级、为 BGP 社区路径属性添加 BGP 社区或设置 MULTI-EXIT-DISCRIMINATOR 属性。策略操作还可指示路由器执行特殊操作,如路由翻页抑制。
The routing policy attributes whose values can be modified in policy actions are specified in the RPSL dictionary. Please refer to Section 7 for a list of these attributes. Each action in RPSL is terminated by the semicolon character (';'). It is possible to form composite policy actions by listing them one after the other. In a composite policy action, the actions are executed left to right. For example,
RPSL 字典中指定了可在策略操作中修改其值的路由策略属性。有关这些属性的列表,请参阅第 7 节。RPSL 中的每个操作都以分号(';')结束。通过一个接一个地列出这些操作,可以形成复合策略操作。在复合策略操作中,操作从左到右依次执行。例如
aut-num: AS1
import: from AS2
action pref = 10; med = 0; community.append(10250, 3561:10);
accept { 128.9.0.0/16 }
sets pref to 10, med to 0, and then appends 10250 and 3561:10 to the BGP community path attribute. The pref attribute is the inverse of the local-pref attribute (i.e. local-pref == 65535 - pref). A route with a local-pref attribute is always preferred over a route without one.
将 pref 设置为 10,med 设置为 0,然后将 10250 和 3561:10 附加到 BGP 社区路径属性中。pref 属性是 local-pref 属性的倒数(即 local-pref == 65535 - pref)。有 local-pref 属性的路由总是比没有 local-pref 属性的路由优先。
aut-num: AS1
import: from AS2 action pref = 1;
from AS3 action pref = 2;
accept AS4
The above example states that AS4's routes are accepted from AS2 with preference 1, and from AS3 with preference 2 (routes with lower integer preference values are preferred over routes with higher integer preference values).
上例说明,AS4 的路由接受来自 AS2 的路由,优先级为 1,接受来自 AS3 的路由,优先级为 2(整数优先级值较低的路由优先于整数优先级值较高的路由)。
aut-num: AS1
import: from AS2 7.7.7.2 at 7.7.7.1 action pref = 1;
from AS2 action pref = 2;
accept AS4
The above example states that AS4's routes are accepted from AS2 on peering 7.7.7.1-7.7.7.2 with preference 1, and on any other peering with AS2 with preference 2.
上例说明,AS4 的路由在 7.7.7.1-7.7.7.2 对等互联上接受来自 AS2 的路由,优先级为 1,在与 AS2 的任何其他对等互联上接受来自 AS2 的路由,优先级为 2。
Similarly, an export policy expression is specified using an export attribute. The export attribute has the following syntax:
同样,导出策略表达式也是使用导出属性指定的。导出属性的语法如下:
export: to <peering-1> [action <action-1>]
. . .
to <peering-N> [action <action-N>]
announce <filter>
The action specification is optional. The semantics of an export attribute is as follows: the set of routes that are matched by <filter> are exported to all the peers specified in <peerings>; while exporting routes at <peering-M>, <action-M> is executed.
操作说明是可选的。导出属性的语义如下:由 <filter> 匹配的路由集被导出到 <peerings> 中指定的所有对等体;在 <peering-M> 中导出路由时,会执行 <action-M>。
E.g.
aut-num: AS1
export: to AS2 action med = 5; community .= { 70 };
announce AS4
In this example, AS4's routes are announced to AS2 with the med attribute's value set to 5 and community 70 added to the community list.
在本例中,AS4 的路由向 AS2 公告,med 属性值设置为 5,社区 70 添加到社区列表中。
Example:
例如
aut-num: AS1 export: to AS-FOO announce ANY
aut-num:AS1 export: to AS-FOO announce ANY
In this example, AS1 announces all of its routes to the ASes in the set AS-FOO.
在本例中,AS1 向 AS-FOO 集合中的 AS 公布了其所有路由。
The more complete syntax of the import and export attributes are as follows:
导入和导出属性的更完整语法如下:
import: [protocol <protocol-1>] [into <protocol-2>]
from <peering-1> [action <action-1>]
. . .
from <peering-N> [action <action-N>]
accept <filter>
export: [protocol <protocol-1>] [into <protocol-2>]
to <peering-1> [action <action-1>]
. . .
to <peering-N> [action <action-N>]
announce <filter>
Where the optional protocol specifications can be used for specifying policies for other routing protocols, or for injecting routes of one protocol into another protocol, or for multi-protocol routing policies. The valid protocol names are defined in the dictionary. The <protocol-1> is the name of the protocol whose routes are being exchanged. The <protocol-2> is the name of the protocol which is receiving these routes. Both <protocol-1> and <protocol-2> default to the Internet Exterior Gateway Protocol, currently BGP.
可选协议规范可用于指定其他路由协议的策略,或将一种协议的路由注入另一种协议,或用于多协议路由策略。字典中定义了有效的协议名称。<protocol-1> 是正在交换路由的协议名称。<protocol-2> 是接收这些路由的协议名称。<protocol-1> 和 <protocol-2> 默认都是 Internet 外部网关协议,目前是 BGP。
In the following example, all interAS routes are injected into RIP.
在下面的示例中,所有 interAS 路由都被注入 RIP。
aut-num: AS1 import: from AS2 accept AS2 export: protocol BGP4 into RIP to AS1 announce ANY
aut-num:AS1 import: from AS2 accept AS2 export: protocol BGP4 into RIP to AS1 announce ANY
In the following example, AS1 accepts AS2's routes including any more specifics of AS2's routes, but does not inject these extra more specific routes into OSPF.
在下面的示例中,AS1 接受 AS2 的路由,包括 AS2 路由的任何更具体内容,但不会将这些额外的更具体路由注入 OSPF。
aut-num: AS1 import: from AS2 accept AS2^+ export: protocol BGP4 into OSPF to AS1 announce AS2
aut-num:AS1 import: from AS2 accept AS2^+ export: protocol BGP4 into OSPF to AS1 announce AS2
In the following example, AS1 injects its static routes (routes which are members of the set AS1:RS-STATIC-ROUTES) to the interAS routing protocol and appends AS1 twice to their AS paths.
在下面的示例中,AS1 将其静态路由(属于 AS1:RS-STATIC-ROUTES 集的路由)注入 interAS 路由协议,并在其 AS 路径上附加两次 AS1。
aut-num: AS1 import: protocol STATIC into BGP4 from AS1 action aspath.prepend(AS1, AS1); accept AS1:RS-STATIC-ROUTES
aut-num:AS1 import: protocol STATIC into BGP4 from AS1 action aspath.prepend(AS1, AS1); accept AS1:RS-STATIC-ROUTES
In the following example, AS1 imports different set of unicast routes for multicast reverse path forwarding from AS2:
在下面的示例中,AS1 从 AS2 导入不同的单播路由集进行组播反向路径转发:
aut-num: AS1 import: from AS2 accept AS2 import: protocol IDMR from AS2 accept AS2:RS-RPF-ROUTES
aut-num:AS1 import: from AS2 accept AS2 import: protocol IDMR from AS2 accept AS2:RS-RPF-ROUTES
It is possible that the same peering can be covered by more that one peering specification in a policy expression. For example:
在策略表达式中,同一对等互联有可能包含多个对等互联规范。例如
aut-num: AS1
import: from AS2 7.7.7.2 at 7.7.7.1 action pref = 2;
from AS2 7.7.7.2 at 7.7.7.1 action pref = 1;
accept AS4
This is not an error, though definitely not desirable. To break the ambiguity, the action corresponding to the first peering specification is used. That is the routes are accepted with preference 2. We call this rule as the specification-order rule.
这不是错误,但绝对不可取。为了消除歧义,应使用与第一个对等互联规范相对应的操作。也就是说,接受路由的优先级为 2。我们称这条规则为规范顺序规则。
Consider the example:
请看这个例子:
aut-num: AS1
import: from AS2 action pref = 2;
from AS2 7.7.7.2 at 7.7.7.1 action pref = 1; dpa = 5;
accept AS4
where both peering specifications cover the peering 7.7.7.1-7.7.7.2, though the second one covers it more specifically. The specification order rule still applies, and only the action "pref = 2" is executed. In fact, the second peering-action pair has no use since the first peering-action pair always covers it. If the intended policy was to accept these routes with preference 1 on this particular peering and with preference 2 in all other peerings, the user should have specified:
其中两个对等互联规范都涵盖对等互联 7.7.7.1-7.7.7.2,但第二个规范涵盖得更具体。规范顺序规则仍然适用,只有操作 "pref = 2 "会被执行。事实上,第二个对等互联行为对没有任何用处,因为第一个对等互联行为对总是涵盖它。如果预期策略是在此特定对等互联中以优先级 1 接受这些路由,而在所有其他对等互联中以优先级 2 接受这些路由,那么用户应该指定:
aut-num: AS1
import: from AS2 7.7.7.2 at 7.7.7.1 action pref = 1; dpa = 5;
from AS2 action pref = 2;
accept AS4
It is also possible that more than one policy expression can cover the same set of routes for the same peering. For example:
在同一对等互联中,也可能有多个策略表达式涵盖同一组路由。例如
aut-num: AS1
import: from AS2 action pref = 2; accept AS4
import: from AS2 action pref = 1; accept AS4
In this case, the specification-order rule is still used. That is, AS4's routes are accepted from AS2 with preference 2. If the filters were overlapping but not exactly the same:
在这种情况下,仍使用规范顺序规则。也就是说,AS4 的路由从 AS2 接收,优先级为 2。如果过滤器重叠但不完全相同:
aut-num: AS1
import: from AS2 action pref = 2; accept AS4
import: from AS2 action pref = 1; accept AS4 OR AS5
the AS4's routes are accepted from AS2 with preference 2 and however AS5's routes are also accepted, but with preference 1.
AS4 的路由从 AS2 接收,优先级为 2,然而 AS5 的路由也被接收,但优先级为 1。
We next give the general specification order rule for the benefit of the RPSL implementors. Consider two policy expressions:
接下来,我们将给出一般的规范顺序规则,供 RPSL 实现者参考。考虑两个策略表达式:
aut-num: AS1 import: from peerings-1 action action-1 accept filter-1 import: from peerings-2 action action-2 accept filter-2
aut-num:AS1 import: from peerings-1 action action-1 accept filter-1 import: from peerings-2 action action-2 accept filter-2
The above policy expressions are equivalent to the following three expressions where there is no ambiguity:
在没有歧义的情况下,上述政策表达式等同于以下三种表达式:
aut-num: AS1 import: from peerings-1 action action-1 accept filter-1 import: from peerings-3 action action-2 accept filter-2 AND NOT filter-1 import: from peerings-4 action action-2 accept filter-2
aut-num:AS1 import: from peerings-1 action action-1 accept filter-1 import: from peerings-3 action action-2 accept filter-2 AND NOT filter-1 import: from peerings-4 action action-2 accept filter-2
where peerings-3 are those that are covered by both peerings-1 and peerings-2, and peerings-4 are those that are covered by peerings-2 but not by peerings-1 ("filter-2 AND NOT filter-1" matches the routes that are matched by filter-2 but not by filter-1).
其中 peerings-3 是 peerings-1 和 peerings-2 都覆盖的路由,peerings-4 是 peerings-2 覆盖但 peerings-1 不覆盖的路由("filter-2 AND NOT filter-1 "匹配 filter-2 匹配但 filter-1 不匹配的路由)。
Example:
例如
aut-num: AS1
import: from AS2 7.7.7.2 at 7.7.7.1
action pref = 2;
accept {128.9.0.0/16}
import: from AS2
action pref = 1;
accept {128.9.0.0/16, 75.0.0.0/8}
Lets consider two peerings with AS2, 7.7.7.1-7.7.7.2 and 9.9.9.1- 9.9.9.2. Both policy expressions cover 7.7.7.1-7.7.7.2. On this peering, the route 128.9.0.0/16 is accepted with preference 2, and the route 75.0.0.0/8 is accepted with preference 1. The peering 9.9.9.1-9.9.9.2 is only covered by the second policy expressions. Hence, both the route 128.9.0.0/16 and the route 75.0.0.0/8 are accepted with preference 1 on peering 9.9.9.1-9.9.9.2.
让我们考虑与 AS2 的两个对等互联:7.7.7.1-7.7.7.2 和 9.9.9.1-9.9.9.2。两个策略表达式都覆盖 7.7.7.1-7.7.7.2。在此对等互联上,路由 128.9.0.0/16 以优先级 2 被接受,路由 75.0.0.0/8 以优先级 1 被接受。对等互联 9.9.9.1-9.9.9.2 只包含在第二个策略表达式中。因此,在对等互联 9.9.9.1-9.9.9.2 上,路由 128.9.0.0/16 和路由 75.0.0.0/8 都以优先级 1 被接受。
Note that the same ambiguity resolution rules also apply to export and default policy expressions.
请注意,同样的歧义解决规则也适用于导出和默认策略表达式。
Default routing policies are specified using the default attribute. The default attribute has the following syntax:
默认路由策略使用 default 属性指定。默认属性的语法如下:
default: to <peering> [action <action>] [networks <filter>]
The <action> and <filter> specifications are optional. The semantics are as follows: The <peering> specification indicates the AS (and the router if present) is being defaulted to; the <action> specification, if present, indicates various attributes of defaulting, for example a relative preference if multiple defaults are specified; and the <filter> specifications, if present, is a policy filter. A router only uses the default policy if it received the routes matched by <filter> from this peer.
<action> 和 <filter> 规范是可选的。其语义如下:<peering> 规范表示被默认的 AS(以及路由器(如果存在));<action> 规范(如果存在)表示默认的各种属性,例如,如果指定了多个默认,则表示相对优先;<filter> 规范(如果存在)是一个策略过滤器。路由器只有从该对等设备接收到 <filter> 匹配的路由时,才会使用默认策略。
In the following example, AS1 defaults to AS2 for routing.
在下面的示例中,AS1 默认使用 AS2 进行路由选择。
aut-num: AS1 default: to AS2
aut-num:AS1 默认: 至 AS2
In the following example, router 7.7.7.1 in AS1 defaults to router 7.7.7.2 in AS2.
在下面的示例中,AS1 中的路由器 7.7.7.1 默认为 AS2 中的路由器 7.7.7.2。
aut-num: AS1 default: to AS2 7.7.7.2 at 7.7.7.1
aut-num:AS1 默认值: 至 AS2 7.7.7.2 at 7.7.7.1
In the following example, AS1 defaults to AS2 and AS3, but prefers AS2 over AS3.
在下面的示例中,AS1 默认使用 AS2 和 AS3,但相比 AS3,更喜欢 AS2。
aut-num: AS1
default: to AS2 action pref = 1;
default: to AS3 action pref = 2;
In the following example, AS1 defaults to AS2 and uses 128.9.0.0/16 as the default network.
在下面的示例中,AS1 默认为 AS2,并使用 128.9.0.0/16 作为默认网络。
aut-num: AS1
default: to AS2 networks { 128.9.0.0/16 }
The import and export policies can be structured. We only reccomend structured policies to advanced RPSL users. Please feel free to skip this section.
导入和导出策略可以结构化。我们只建议高级 RPSL 用户使用结构化策略。请跳过本节。
The syntax for a structured policy specification is the following:
结构化政策规范的语法如下:
<import-factor> ::= from <peering-1> [action <action-1>]
. . .
from <peering-N> [action <action-N>]
accept <filter>;
<import-term> ::= <import-factor> |
LEFT-BRACE
<import-factor>
. . .
<import-factor>
RIGHT-BRACE
<import-expression> ::= <import-term> |
<import-term> EXCEPT <import-expression> |
<import-term> REFINE <import-expression>
import: [protocol <protocol1>] [into <protocol2>]
<import-expression>
Please note the semicolon at the end of an <import-factor>. If the policy specification is not structured (as in all the examples in other sections), this semicolon is optional. The syntax and semantics for an <import-factor> is already defined in Section 6.1.
请注意 <import-factor>结尾的分号。如果策略规范不是结构化的(如其他章节中的所有示例),则分号是可选的。<import-factor> 的语法和语义已在第 6.1 节中定义。
An <import-term> is either a sequence of <import-factor>'s enclosed within matching braces (i.e. `{' and `}') or just a single <import-factor>. The semantics of an <import-term> is the union of <import-factor>'s using the specification order rule. An <import-expression> is either a single <import-term> or an <import-term> followed by one of the keywords "except" and "refine", followed by another <import-expression>. Note that our definition allows nested expressions. Hence there can be exceptions to exceptions, refinements to refinements, or even refinements to exceptions, and so on.
一个 <import-term>(导入项)既可以是由匹配的大括号(即"{"和"}")括起来的 <import-factor>(导入因子)序列,也可以是单个 <import-factor>(导入因子)。<import term> 的语义是使用规范顺序规则的 <import-factor> 的联合。<import-expression> 既可以是单个 <import-term>,也可以是一个 <import-term>,后面跟一个关键字 "except"(除外)和 "refine"(细化),再后面跟另一个 <import-expression>。请注意,我们的定义允许嵌套表达式。因此,可以有对例外的例外,对细化的细化,甚至对例外的细化,等等。
The semantics for the except operator is as follows: The result of an except operation is another <import-term>. The resulting policy set contains the policies of the right hand side but their filters are modified to only include the routes also matched by the left hand side. The policies of the left hand side are included afterwards and their filters are modified to exclude the routes matched by the right hand side. Please note that the filters are modified during this process but the actions are copied verbatim. When there are multiple levels of nesting, the operations (both except and refine) are performed right to left.
except 操作符的语义如下:except 操作的结果是另一个 <import-term>。由此产生的策略集包含右侧的策略,但其筛选器被修改为只包含左侧也匹配的路由。之后,左侧的策略会被包含进来,其过滤器会被修改为不包含右侧匹配的路由。请注意,在此过程中,过滤器会被修改,但操作会被逐字复制。当存在多层嵌套时,操作(排除和细化)将从右至左执行。
Consider the following example:
请看下面的例子:
import: from AS1 action pref = 1; accept as-foo;
except {
from AS2 action pref = 2; accept AS226;
except {
from AS3 action pref = 3; accept {128.9.0.0/16};
}
}
where the route 128.9.0.0/16 is originated by AS226, and AS226 is a member of the as set as-foo. In this example, the route 128.9.0.0/16 is accepted from AS3, any other route (not 128.9.0.0/16) originated by AS226 is accepted from AS2, and any other ASes' routes in as-foo is accepted from AS1.
其中,路由 128.9.0.0/16 由 AS226 发起,AS226 是 AS 集 as-foo 的成员。在本例中,AS3 接受路由 128.9.0.0/16,AS226 发起的任何其他路由(非 128.9.0.0/16)由 AS2 接受,as-foo 中任何其他 AS 的路由由 AS1 接受。
We can come to the same conclusion using the algebra defined above. Consider the inner exception specification:
通过上面定义的代数,我们可以得出同样的结论。考虑内部异常规范:
from AS2 action pref = 2; accept AS226;
except {
from AS3 action pref = 3; accept {128.9.0.0/16};
}
is equivalent to
相当于
{
from AS3 action pref = 3; accept AS226 AND {128.9.0.0/16};
from AS2 action pref = 2; accept AS226 AND NOT {128.9.0.0/16};
}
Hence, the original expression is equivalent to:
因此,原始表达式等价于
import: from AS1 action pref = 1; accept as-foo;
except {
from AS3 action pref = 3; accept AS226 AND {128.9.0.0/16};
from AS2 action pref = 2; accept AS226 AND NOT {128.9.0.0/16};
}
which is equivalent to
相当于
import: {
导入:{
from AS3 action pref = 3;
accept as-foo AND AS226 AND {128.9.0.0/16};
from AS2 action pref = 2;
accept as-foo AND AS226 AND NOT {128.9.0.0/16};
from AS1 action pref = 1;
accept as-foo AND NOT
(AS226 AND NOT {128.9.0.0/16} OR AS226 AND {128.9.0.0/16});
}
Since AS226 is in as-foo and 128.9.0.0/16 is in AS226, it simplifies to:
由于 AS226 位于 as-foo 中,而 128.9.0.0/16 位于 AS226 中,因此可简化为
import: {
from AS3 action pref = 3; accept {128.9.0.0/16};
from AS2 action pref = 2; accept AS226 AND NOT {128.9.0.0/16};
from AS1 action pref = 1; accept as-foo AND NOT AS226;
}
In the case of the refine operator, the resulting set is constructed by taking the cartasian product of the two sides as follows: for each policy l in the left hand side and for each policy r in the right hand side, the peerings of the resulting policy are the peerings common to both r and l; the filter of the resulting policy is the intersection of l's filter and r's filter; and action of the resulting policy is l's action followed by r's action. If there are no common peerings, or if the intersection of filters is empty, a resulting policy is not generated.
在细化操作符的情况下,结果集是通过两边的卡塔乘积构建的,具体如下:对于左侧的每个策略 l 和右侧的每个策略 r,结果策略的对等关系是 r 和 l 共同的对等关系;结果策略的过滤器是 l 的过滤器和 r 的过滤器的交集;结果策略的操作是 l 的操作,然后是 r 的操作。如果没有共同的对等关系,或者过滤器的交集为空,则不会生成结果策略。
Consider the following example:
请看下面的例子:
import: { from AS-ANY action pref = 1; accept community(3560:10);
from AS-ANY action pref = 2; accept community(3560:20);
} refine {
from AS1 accept AS1;
from AS2 accept AS2;
from AS3 accept AS3;
}
Here, any route with community 3560:10 is assigned a preference of 1 and any route with community 3560:20 is assigned a preference of 2 regardless of whom they are imported from. However, only AS1's routes are imported from AS1, and only AS2's routes are imported from AS2, and only AS3's routes are imported form AS3, and no routes are imported from any other AS. We can reach the same conclusion using the above algebra. That is, our example is equivalent to:
在这里,任何带有社区 3560:10 的路由的优先级都是 1,任何带有社区 3560:20 的路由的优先级都是 2,而不管它们是从谁那里导入的。但是,只有 AS1 的路由是从 AS1 导入的,只有 AS2 的路由是从 AS2 导入的,只有 AS3 的路由是从 AS3 导入的,没有路由是从任何其他 AS 导入的。通过上述代数,我们可以得出相同的结论。也就是说,我们的例子等同于
import: {
from AS1 action pref = 1; accept community(3560:10) AND AS1;
from AS1 action pref = 2; accept community(3560:20) AND AS1;
from AS2 action pref = 1; accept community(3560:10) AND AS2;
from AS2 action pref = 2; accept community(3560:20) AND AS2;
from AS3 action pref = 1; accept community(3560:10) AND AS3;
from AS3 action pref = 2; accept community(3560:20) AND AS3;
}
Note that the common peerings between "from AS1" and "from AS-ANY" are those peerings in "from AS1". Even though we do not formally define "common peerings", it is straight forward to deduce the definition from the definitions of peerings (please see Section 5.6).
请注意,"from AS1 "和 "from AS-ANY "之间的共同对等互联是 "from AS1 "中的那些对等互联。尽管我们没有正式定义 "共同对等互联",但从对等互联的定义(请参阅第 5.6 节)可以直接推导出该定义。
Consider the following example:
请看下面的例子:
import: {
from AS-ANY action med = 0; accept {0.0.0.0/0^0-18};
} refine {
from AS1 at 7.7.7.1 action pref = 1; accept AS1;
from AS1 action pref = 2; accept AS1;
}
where only routes of length 0 to 18 are accepted and med's value is set to 0 to disable med's effect for all peerings; In addition, from AS1 only AS1's routes are imported, and AS1's routes imported at 7.7.7.1 are preferred over other peerings. This is equivalent to:
其中只接受长度为 0 至 18 的路由,med 的值设置为 0 以禁用 med 对所有对等网络的影响;此外,从 AS1 只导入 AS1 的路由,并且 AS1 在 7.7.7.1 导入的路由比其他对等网络优先。这相当于
import: {
from AS1 at 7.7.7.1 action med=0; pref=1; accept {0.0.0.0/0^0-
18} AND AS1;
from AS1 action med=0; pref=2; accept {0.0.0.0/0^0-
18} AND AS1;
}
The above syntax and semantics also apply equally to structured export policies with "from" replaced with "to" and "accept" is replaced with "announce".
上述语法和语义也同样适用于结构化导出策略,"从 "改为 "到","接受 "改为 "宣布"。
7 dictionary Class
7 词典类
The dictionary class provides extensibility to RPSL. Dictionary objects define routing policy attributes, types, and routing protocols. Routing policy attributes, henceforth called rp-attributes, may correspond to actual protocol attributes, such as the BGP path attributes (e.g. community, dpa, and AS-path), or they may correspond to router features (e.g. BGP route flap damping). As new protocols, new protocol attributes, or new router features are introduced, the dictionary object is updated to include appropriate rp-attribute and protocol definitions.
字典类为 RPSL 提供了可扩展性。字典对象定义了路由策略属性、类型和路由协议。路由策略属性(下文称为 rp-attributes)可能对应于实际协议属性,如 BGP 路径属性(如 community、dpa 和 AS-path),也可能对应于路由器功能(如 BGP 路由翻转抑制)。随着新协议、新协议属性或新路由器功能的引入,字典对象也会随之更新,以包含适当的 rp-attribute 和协议定义。
An rp-attribute is an abstract class; that is a data representation is not available. Instead, they are accessed through access methods. For example, the rp-attribute for the BGP AS-path attribute is called aspath; and it has an access method called prepend which stuffs extra AS numbers to the AS-path attributes. Access methods can take arguments. Arguments are strongly typed. For example, the method prepend above takes AS numbers as arguments.
rp 属性是一个抽象类,没有数据表示。相反,它们是通过访问方法来访问的。例如,BGP AS-path 属性的 rp-attribute 被称为 aspath;它有一个名为 prepend 的访问方法,用于在 AS-path 属性中添加额外的 AS 号码。访问方法可以接受参数。参数是强类型的。例如,上述 prepend 方法的参数是 AS 号码。
Once an rp-attribute is defined in the dictionary, it can be used to describe policy filters and actions. Policy analysis tools are required to fetch the dictionary object and recognize newly defined rp-attributes, types, and protocols. The analysis tools may approximate policy analyses on rp-attributes that they do not understand: a filter method may always match, and an action method may always perform no-operation. Analysis tools may even download code to perform appropriate operations using mechanisms outside the scope of RPSL.
一旦在字典中定义了 rp 属性,就可以用它来描述策略过滤器和操作。政策分析工具需要获取字典对象,并识别新定义的 rp 属性、类型和协议。分析工具可能会对其不理解的 rp 属性进行近似策略分析:过滤方法可能总是匹配,而操作方法可能总是不执行操作。分析工具甚至可以下载代码,使用 RPSL 范围之外的机制执行适当的操作。
We next describe the syntax and semantics of the dictionary class. This description is not essential for understanding dictionary objects (but it is essential for creating one). Please feel free to skip to the RPSL Initial Dictionary subsection (Section 7.1).
接下来,我们将描述字典类的语法和语义。这段描述对于理解字典对象并不重要(但对于创建字典对象却很重要)。请随意跳到 RPSL 初始字典小节(第 7.1 节)。
The attributes of the dictionary class are shown in Figure 24. The dictionary attribute is the name of the dictionary object, obeying the RPSL naming rules. There can be many dictionary objects, however there is always one well-known dictionary object "RPSL". All tools use this dictionary by default.
字典类的属性如图 24 所示。字典属性是字典对象的名称,符合 RPSL 命名规则。字典对象可以有很多,但总有一个众所周知的字典对象 "RPSL"。所有工具都默认使用该字典。
Attribute Value Type dictionary <object-name> mandatory, single-valued, class key rp-attribute see description in text optional, multi valued typedef see description in text optional, multi valued protocol see description in text optional, multi valued
属性值 类型 字典 <对象名称> 强制性,单值,类键 rp-attribute 见文本中的描述 可选,多值 typedef 见文本中的描述 可选,多值 协议 见文本中的描述 可选,多值
Figure 24: dictionary Class Attributes
图 24:字典类属性
The rp-attribute attribute has the following syntax:
rp-attribute 属性的语法如下:
rp-attribute: <name>
<method-1>(<type-1-1>, ..., <type-1-N1> [, "..."])
...
<method-M>(<type-M-1>, ..., <type-M-NM> [, "..."])
where <name> is the name of the rp-attribute; and <method-i> is the name of an access method for the rp-attribute, taking Ni arguments where the j-th argument is of type <type-i-j>. A method name is either an RPSL name or one of the operators defined in Figure 25. The operator methods with the exception of operator() and operator[] can take only one argument.
其中 <name> 是 rp-attribute 的名称;<method-i> 是 rp-attribute 的访问方法名称,包含 Ni 个参数,其中第 j 个参数的类型为 <type-i-j>。方法名称可以是 RPSL 名称,也可以是图 25 中定义的运算符之一。除 operator() 和 operator[] 外,操作符方法只能接受一个参数。
operator= operator==
operator<<= operator<
operator>>= operator>
operator+= operator>=
operator-= operator<=
operator*= operator!=
operator/= operator()
operator.= operator[]
Figure 25: Operators
图 25:操作员
An rp-attribute can have many methods defined for it. Some of the methods may even have the same name, in which case their arguments are of different types. If the argument list is followed by "...", the method takes a variable number of arguments. In this case, the actual arguments after the Nth argument are of type <type-N>.
一个 rp 属性可以定义许多方法。其中一些方法甚至可能具有相同的名称,但它们的参数类型却各不相同。如果参数列表后跟有"...",则表示该方法使用的参数数量是可变的。在这种情况下,第 N 个参数之后的实际参数都是 <type-N> 类型。
Arguments are strongly typed. A <type> in RPSL is either a predefined type, a union type, a list type, or a dictionary defined type. The predefined types are listed in Figure 26.
参数是强类型的。RPSL 中的 <type> 可以是预定义类型、联合类型、列表类型或字典定义类型。图 26 列出了预定义类型。
integer[lower, upper] ipv4_address
real[lower, upper] address_prefix
enum[name, name, ...] address_prefix_range
string dns_name
boolean filter
rpsl_word as_set_name
free_text route_set_name
email rtr_set_name
as_number filter_set_name
peering_set_name
Figure 26: Predefined Types
图 26:预定义类型
The integer and the real predefined types can be followed by a lower and an upper bound to specify the set of valid values of the argument. The range specification is optional. We use the ANSI C language conventions for representing integer, real and string values. The enum type is followed by a list of RPSL names which are the valid values of the type. The boolean type can take the values true or false. as_number, ipv4_address, address_prefix and dns_name types are as in Section 2. filter type is a policy filter as in Section 6. The value of filter type is suggested to be enclosed in parenthesis.
在整数和实数预定义类型后可以加上下限和上限,以指定参数的有效值集。范围指定是可选的。我们使用 ANSI C 语言的约定来表示整数、实数和字符串值。枚举类型后跟一个 RPSL 名称列表,这些名称是该类型的有效值。as_number、ipv4_address、address_prefix 和 dns_name 类型如第 2 节所述。过滤器类型的值建议用括号括起来。
The syntax of a union type is as follows:
联合类型的语法如下:
union <type-1>, ... , <type-N>
where <type-i> is an RPSL type. The union type is either of the types <type-1> through <type-N> (analogous to unions in C[14]).
其中 <type-i> 是 RPSL 类型。联合类型是 <type-1> 到 <type-N> 中的任一种类型(类似于 C[14] 中的联合类型)。
The syntax of a list type is as follows:
列表类型的语法如下
list [<min_elems>:<max_elems>] of <type>
In this case, the list elements are of <type> and the list contains at least <min_elems> and at most <max_elems> elements. The size specification is optional. If it is not specified, there is no restriction in the number of list elements. A value of a list type is represented as a sequence of elements separated by the character "," and enclosed by the characters "{" and "}".
在这种情况下,列表元素为 <type>,列表至少包含 <min_elems> 元素,最多包含 <max_elems> 元素。大小说明是可选的。如果不指定,则不限制列表元素的数量。列表类型的值表示为由字符", "分隔并由字符"{"和"}"括起来的元素序列。
The typedef attribute in the dictionary defines named types as follows:
字典中的 typedef 属性对命名类型的定义如下:
typedef: <name> <type>
where <name> is a name for type <type>. typedef attribute is paticularly useful when the type defined is not a predefined type (e.g. list of unions, list of lists, etc.).
其中 <name> 是类型 <type> 的名称。当定义的类型不是预定义类型(如联合列表、列表的列表等)时,typedef 属性尤其有用。
A protocol attribute of the dictionary class defines a protocol and a set of peering parameters for that protocol (which are used in inet-rtr class in Section 9). Its syntax is as follows:
字典类的协议属性定义了一个协议和该协议的一组对等互联参数(第 9 节中的et-rtr 类使用了这些参数)。其语法如下
protocol: <name>
MANDATORY | OPTIONAL <parameter-1>(<type-1-1>,...,
<type-1-N1> [,"..."])
...
MANDATORY | OPTIONAL <parameter-M>(<type-M-1>,...,
<type-M-NM> [,"..."])
where <name> is the name of the protocol; MANDATORY and OPTIONAL are keywords; and <parameter-i> is a peering parameter for this protocol, taking Ni many arguments. The syntax and semantics of the arguments are as in the rp-attribute. If the keyword MANDATORY is used, the parameter is mandatory and needs to be specified for each peering of this protocol. If the keyword OPTIONAL is used, the parameter can be skipped.
其中,<name> 是协议名称;MANDATORY 和 OPTIONAL 是关键字;<parameter-i> 是该协议的对等参数,包含 Ni 多个参数。参数的语法和语义与 rp-attribute 相同。如果使用关键字 MANDATORY,则表示该参数是强制性的,需要为该协议的每次对等互联指定。如果使用了关键字 OPTIONAL,则可以跳过该参数。
dictionary: RPSL
rp-attribute: # preference, smaller values represent higher preferences
pref
operator=(integer[0, 65535])
rp-attribute: # BGP multi_exit_discriminator attribute
med
# to set med to 10: med = 10;
# to set med to the IGP metric: med = igp_cost;
operator=(union integer[0, 65535], enum[igp_cost])
rp-attribute: # BGP destination preference attribute (dpa)
dpa
operator=(integer[0, 65535])
rp-attribute: # BGP aspath attribute
aspath
# prepends AS numbers from last to first order
prepend(as_number, ...)
typedef: # a community value in RPSL is either
# - a 4 byte integer (ok to use 3561:70 notation)
# - internet, no_export, no_advertise (see RFC-1997)
community_elm union
integer[1, 4294967295],
enum[internet, no_export, no_advertise],
typedef: # list of community values { 40, no_export, 3561:70 }
community_list list of community_elm
rp-attribute: # BGP community attribute
community
# set to a list of communities
operator=(community_list)
# append community values
operator.=(community_list)
append(community_elm, ...)
# delete community values
delete(community_elm, ...)
# a filter: true if one of community values is contained
contains(community_elm, ...)
# shortcut to contains: community(no_export, 3561:70)
operator()(community_elm, ...)
# order independent equality comparison
operator==(community_list)
rp-attribute: # next hop router in a static route
next-hop
# to set to 7.7.7.7: next-hop = 7.7.7.7;
# to set to router's own address: next-hop = self; operator=(union ipv4_address, enum[self]) rp-attribute: # cost of a static route cost operator=(integer[0, 65535]) protocol: BGP4 # as number of the peer router MANDATORY asno(as_number) # enable flap damping OPTIONAL flap_damp() OPTIONAL flap_damp(integer[0,65535], # penalty per flap integer[0,65535], # penalty value for supression integer[0,65535], # penalty value for reuse integer[0,65535], # halflife in secs when up integer[0,65535], # halflife in secs when down integer[0,65535]) # maximum penalty protocol: OSPF protocol: RIP protocol: IGRP protocol: IS-IS protocol: STATIC protocol: RIPng protocol: DVMRP protocol: PIM-DM protocol: PIM-SM protocol: CBT protocol: MOSPF
# 设置为路由器自己的地址: next-hop = self; operator=(union ipv4_address, enum[self]) rp-attribute:# 静态路由的成本 cost operator=(integer[0, 65535]) 协议:OPTIONAL flap_damp() OPTIONAL flap_damp(integer[0,65535], # 每次翻页的惩罚值 integer[0,65535]、# 压缩时的惩罚值 integer[0,65535], # 重用时的惩罚值 integer[0,65535], # 上行时的半衰期(秒) integer[0,65535], # 下行时的半衰期(秒) integer[0,65535])# 最大惩罚协议:OSPF 协议:RIP 协议IGRP 协议IS-IS 协议STATIC protocol:RIPng 协议DVMRP 协议PIM-DM 协议PIM-SM 协议CBT 协议MOSPF
Figure 27: RPSL Dictionary
图 27:RPSL 字典
Figure 27 shows the initial RPSL dictionary. It has seven rp-attributes: pref to assign local preference to the routes accepted; med to assign a value to the MULTI_EXIT_DISCRIMINATOR BGP attribute; dpa to assign a value to the DPA BGP attribute; aspath to prepend a value to the AS_PATH BGP attribute; community to assign a value to or to check the value of the community BGP attribute; next-hop to assign next hop routers to static routes; and cost to assign a cost to static routes. The dictionary defines two types: community_elm and community_list. community_elm type is either a 4-byte unsigned integer, or one of the keywords internet, no_export or no_advertise (defined in [9]). An integer can be specified using two 2-byte integers seperated by ":" to partition the community number space so that a provider can use its AS number as the first two bytes, and assigns a semantics of its choice to the last two bytes.
图 27 显示了初始 RPSL 字典。它有七个 RP 属性:pref 用于为接受的路由分配本地优先权;med 用于为 MULTI_EXIT_DISCRIMINATOR BGP 属性赋值;dpa 用于为 DPA BGP 属性赋值;aspath 用于为 AS_PATH BGP 属性预置值;community 用于为 community BGP 属性赋值或检查其值;next-hop 用于为静态路由分配下一跳路由器;cost 用于为静态路由分配代价。community_elm 类型是一个 4 字节无符号整数,或者是关键字 internet、no_export 或 no_advertise(定义见 [9])之一。可以使用两个以": "分隔的 2 字节整数来指定一个整数,以划分社区编号空间,这样,提供者就可以使用其 AS 编号作为前两个字节,并为后两个字节指定自己选择的语义。
The initial dictionary (Figure 27) defines only options for the Border Gateway Protocol: asno and flap_damp. The mandatory asno option is the AS number of the peer router. The optional flap_damp option instructs the router to damp route flaps [21] when importing routes from the peer router.
初始字典(图 27)只定义了边界网关协议的选项:asno 和 flap_damp。必选的 asno 选项是对等路由器的 AS 号。可选的 flap_damp 选项指示路由器在从对等路由器导入路由时抑制路由翻页[21]。
It can be specified with or without parameters. If parameters are missing, they default to:
可以指定带参数或不带参数。如果缺少参数,则默认为
flap_damp(1000, 2000, 750, 900, 900, 20000)
襟翼_潮湿(1000,2000,750,900,900,20000)
That is, a penalty of 1000 is assigned at each route flap, the route is suppressed when penalty reaches 2000. The penalty is reduced in half after 15 minutes (900 seconds) of stability regardless of whether the route is up or down. A supressed route is reused when the penalty falls below 750. The maximum penalty a route can be assigned is 20,000 (i.e. the maximum suppress time after a route becomes stable is about 75 minutes). These parameters are consistent with the default flap damping parameters in several routers.
也就是说,在每次路由翻页时,都会分配 1000 的惩罚,当惩罚达到 2000 时,路由就会被抑制。15 分钟(900 秒)稳定后,无论路由是向上还是向下,惩罚都会减半。当惩罚低于 750 时,被抑制的路由将被重新使用。路由可被分配的最大惩罚为 20,000(即路由稳定后的最长抑制时间约为 75 分钟)。这些参数与一些路由器的默认扇区阻尼参数一致。
Policy Actions and Filters Using RP-Attributes
使用 RP 属性的策略操作和过滤器
The syntax of a policy action or a filter using an rp-attribute x is as follows:
使用 rp-attribute x 的策略操作或过滤器的语法如下:
x.method(arguments) x "op" argument
x.method(arguments) x "op" 参数
where method is a method and "op" is an operator method of the rp-attribute x. If an operator method is used in specifying a composite policy filter, it evaluates earlier than the composite policy filter operators (i.e. AND, OR, NOT, and implicit or operator).
其中 method 是方法,"op "是 rp 属性 x 的运算符方法。如果在指定复合策略筛选器时使用了运算符方法,那么它的评估时间将早于复合策略筛选器运算符(即 AND、OR、NOT 和隐式或运算符)。
The pref rp-attribute can be assigned a positive integer as follows:
pref rp-attribute 的正整数分配如下:
pref = 10;
pref = 10;
The med rp-attribute can be assigned either a positive integer or the word "igp_cost" as follows:
med rp-attribute 既可以是正整数,也可以是 "igp_cost"(成本):
med = 0;
med = igp_cost;
The dpa rp-attribute can be assigned a positive integer as follows:
dpa = 100;
The BGP community attribute is list-valued, that is it is a list of 4-byte integers each representing a "community". The following examples demonstrate how to add communities to this rp-attribute:
BGP Community 属性是列表值,即一个 4 字节整数列表,每个整数代表一个 "社区"。以下示例演示了如何将社区添加到此 rp-attribute 中:
community .= { 100 };
community .= { NO_EXPORT };
community .= { 3561:10 };
In the last case, a 4-byte integer is constructed where the more significant two bytes equal 3561 and the less significant two bytes equal 10. The following examples demonstrate how to delete communities from the community rp-attribute:
在最后一种情况下,将生成一个 4 字节整数,其中较重要的两个字节等于 3561,较不重要的两个字节等于 10。以下示例演示了如何从社区 rp-attribute 中删除社区:
community.delete(100, NO_EXPORT, 3561:10);
Filters that use the community rp-attribute can be defined as demonstrated by the following examples:
如以下示例所示,可以定义使用社区 rp-attribute 的过滤器:
community.contains(100, NO_EXPORT, 3561:10);
community(100, NO_EXPORT, 3561:10); # shortcut
The community rp-attribute can be set to a list of communities as follows:
社区 rp-attribute 可以设置为如下社区列表:
community = {100, NO_EXPORT, 3561:10, 200};
community = {};
In this first case, the community rp-attribute contains the communities 100, NO_EXPORT, 3561:10, and 200. In the latter case, the community rp-attribute is cleared. The community rp-attribute can be compared against a list of communities as follows:
在第一种情况下,社区 rp-attribute 包含社区 100、NO_EXPORT、3561:10 和 200。在后一种情况下,社区 rp-attribute 将被清除。社区 rp-attribute 与社区列表的比较如下:
community == {100, NO_EXPORT, 3561:10, 200}; # exact match
To influence the route selection, the BGP as_path rp-attribute can be made longer by prepending AS numbers to it as follows:
为影响路由选择,可在 BGP as_path rp-attribute 中添加 AS 号码,使其更长,如下所示:
aspath.prepend(AS1);
aspath.prepend(AS1, AS1, AS1);
The following examples are invalid:
以下示例无效:
med = -50; # -50 is not in the range med = igp; # igp is not one of the enum values med.assign(10); # method assign is not defined community.append(AS3561:20); # the first argument should be 3561 Figure 28 shows a more advanced example using the rp-attribute community. In this example, AS3561 bases its route selection preference on the community attribute. Other ASes may indirectly affect AS3561's route selection by including the appropriate communities in their route announcements.
med = -50; # -50 不在范围内 med = igp; # igp 不是枚举值之一 med.assign(10); # 没有定义 assign 方法 community.append(AS3561:20); # 第一个参数应为 3561 图 28 显示了一个使用 rp-attribute community 的更高级示例。在此示例中,AS3561 根据 community 属性选择路由。其他 AS 可通过在其路由公告中包含适当的社区来间接影响 AS3561 的路由选择。
aut-num: AS1
export: to AS2 action community.={3561:90};
to AS3 action community.={3561:80};
announce AS1
as-set: AS3561:AS-PEERS members: AS2, AS3
AS-set:AS3561:AS-PEERS 成员:AS2, AS3
aut-num: AS3561
import: from AS3561:AS-PEERS
action pref = 10;
accept community(3561:90)
import: from AS3561:AS-PEERS
action pref = 20;
accept community(3561:80)
import: from AS3561:AS-PEERS
action pref = 20;
accept community(3561:70)
import: from AS3561:AS-PEERS
action pref = 0;
accept ANY
Figure 28: Policy example using the community rp-attribute.
图 28:使用社区 rp 属性的策略示例。
8 Advanced route Class
8 高级路线班
The components, aggr-bndry, aggr-mtd, export-comps, inject, and holes attributes are used for specifying aggregate routes [11]. A route object specifies an aggregate route if any of these attributes, with the exception of inject, is specified. The origin attribute for an aggregate route is the AS performing the aggregation, i.e. the aggregator AS. In this section, we used the term "aggregate" to refer to the route generated, the term "component" to refer to the routes used to generate the path attributes of the aggregate, and the term "more specifics" to refer to any route which is a more specific of the aggregate regardless of whether it was used to form the path attributes.
组件、aggr-bndry、aggr-mtd、export-comps、inject 和 holes 属性用于指定聚合路由[11]。如果指定了这些属性中的任何一个(注入除外),路由对象就指定了聚合路由。聚合路由的起源属性是执行聚合的 AS,即聚合器 AS。在本节中,我们使用术语 "聚合 "来指生成的路由,使用术语 "组件 "来指用于生成聚合路由路径属性的路由,使用术语 "更具体 "来指聚合路由中更具体的路由,无论其是否用于形成路径属性。
The components attribute defines what component routes are used to form the aggregate. Its syntax is as follows:
组件属性定义了用于形成聚合的组件路由。其语法如下
components: [ATOMIC] [[<filter>] [protocol <protocol> <filter> ...]]
where <protocol> is a routing protocol name such as BGP4, OSPF or RIP (valid names are defined in the dictionary) and <filter> is a policy expression. The routes that match one of these filters and are learned from the corresponding protocol are used to form the aggregate. If <protocol> is omitted, it defaults to any protocol. <filter> implicitly contains an "AND" term with the more specifics of the aggregate so that only the component routes are selected. If the keyword ATOMIC is used, the aggregation is done atomically [11]. If a <filter> is not specified it defaults to more specifics. If the components attribute is missing, all more specifics without the ATOMIC keyword is used.
其中 <protocol> 是路由协议名称,如 BGP4、OSPF 或 RIP(字典中定义了有效名称),<filter> 是策略表达式。符合其中一个过滤器并从相应协议获取的路由将用于形成聚合。如果省略 <protocol>,则默认为任何协议。<filter> 含有一个 "AND"(与)项,包含聚合的更多细节,因此只选择路由的组成部分。如果使用了关键字 ATOMIC,聚合将以原子方式进行 [11]。如果没有指定 <筛选器>,则默认为更具体。如果缺少组件属性,则使用不含 ATOMIC 关键字的所有更多具体内容。
route: 128.8.0.0/15
origin: AS1
components: <^AS2>
route: 128.8.0.0/15
origin: AS1
components: protocol BGP4 {128.8.0.0/16^+}
protocol OSPF {128.9.0.0/16^+}
Figure 29: Two aggregate route objects.
图 29:两个聚合路由对象
Figure 29 shows two route objects. In the first example, more specifics of 128.8.0.0/15 with AS paths starting with AS2 are aggregated. In the second example, some routes learned from BGP and some routes learned form OSPF are aggregated.
图 29 显示了两个路由对象。在第一个示例中,汇总了 128.8.0.0/15 的更多具体内容,其 AS 路径以 AS2 开始。在第二个示例中,汇总了从 BGP 学到的一些路由和从 OSPF 学到的一些路由。
The aggr-bndry attribute is an AS expression over AS numbers and sets (see Section 5.6). The result defines the set of ASes which form the aggregation boundary. If the aggr-bndry attribute is missing, the origin AS is the sole aggregation boundary. Outside the aggregation boundary, only the aggregate is exported and more specifics are suppressed. However, within the boundary, the more specifics are also exchanged.
aggr-bndry 属性是对 AS 编号和集合的 AS 表达式(见第 5.6 节)。结果定义了构成聚合边界的 AS 集。如果缺少 aggr-bndry 属性,则起源 AS 是唯一的聚合边界。在聚合边界外,只输出聚合,更多的具体信息被抑制。但是,在边界内,也会交换更多具体信息。
The aggr-mtd attribute specifies how the aggregate is generated. Its syntax is as follows:
aggr-mtd 属性指定聚合的生成方式。其语法如下
aggr-mtd: inbound | outbound [<as-expression>]
aggr-mtd: inbound | outbound [<as-expression>] (入站 | 出站 [<as-expression>])
where <as-expression> is an expression over AS numbers and sets (see Section 5.6). If <as-expression> is missing, it defaults to AS-ANY. If outbound aggregation is specified, the more specifics of the aggregate will be present within the AS and the aggregate will be formed at all inter-AS boundaries with ASes in <as-expression> before export, except for ASes that are within the aggregating boundary (i.e. aggr-bndry is enforced regardless of <as-expression>). If inbound aggregation is specified, the aggregate is formed at all inter-AS boundaries prior to importing routes into the aggregator AS. Note that <as-expression> can not be specified with inbound aggregation. If aggr-mtd attribute is missing, it defaults to "outbound AS-ANY".
其中 <as-expression> 是 AS 编号和集合的表达式(见第 5.6 节)。如果缺少 <as-expression>,则默认为 AS-ANY。如果指定了出站聚合,聚合的更多细节将出现在 AS 内,聚合将在导出前与 <as-expression> 中的 AS 在所有 AS 间边界形成,但聚合边界内的 AS 除外(即无论 <as-expression> 如何,都会执行 aggr-bndry)。如果指定了入站聚合,则在将路由导入聚合 AS 之前,会在所有 AS 间边界形成聚合。请注意,<as-expression> 不能与入站聚合一起指定。如果缺少 aggr-mtd 属性,则默认为 "出站 AS-ANY"。
route: 128.8.0.0/15 route: 128.8.0.0/15
origin: AS1 origin: AS2
components: {128.8.0.0/15^-} components: {128.8.0.0/15^-}
aggr-bndry: AS1 OR AS2 aggr-bndry: AS1 OR AS2
aggr-mtd: outbound AS-ANY aggr-mtd: outbound AS-ANY
Figure 30: Outbound multi-AS aggregation example.
图 30:出站多AS 聚合示例。
Figure 30 shows an example of an outbound aggregation. In this example, AS1 and AS2 are coordinating aggregation and announcing only the less specific 128.8.0.0/15 to outside world, but exchanging more specifics between each other. This form of aggregation is useful when some of the components are within AS1 and some are within AS2.
图 30 显示了一个向外聚合的示例。在此示例中,AS1 和 AS2 协调聚合,只向外界公布不太具体的 128.8.0.0/15,但彼此交换更多具体信息。当部分组件位于 AS1 内,部分位于 AS2 内时,这种聚合形式就很有用。
When a set of routes are aggregated, the intent is to export only the aggregate route and suppress exporting of the more specifics outside the aggregation boundary. However, to satisfy certain policy and topology constraints (e.g. a multi-homed component), it is often required to export some of the components. The export-comps attribute equals an RPSL filter that matches the more specifics that need to be exported outside the aggregation boundary. If this attribute is missing, more specifics are not exported outside the aggregation boundary. Note that, the export-comps filter contains an implicit "AND" term with the more specifics of the aggregate.
聚合一组路由时,目的是只导出聚合路由,而抑制导出聚合边界外的更多具体路由。但是,为了满足某些策略和拓扑限制(如多主机组件),通常需要导出部分组件。export-comps 属性等同于 RPSL 过滤器,它能匹配需要导出到聚合边界外的更多细节。如果缺少该属性,就不会向聚合边界外导出更多细节。请注意,export-comps 过滤器包含一个隐含的 "AND "项,与聚合的更多细节相匹配。
Figure 31 shows an example of an outbound aggregation. In this example, the more specific 128.8.8.0/24 is exported outside AS1 in addition to the aggregate. This is useful, when 128.8.8.0/24 is multi-homed site to AS1 with some other AS.
图 31 显示了一个向外聚合的示例。在此示例中,除了聚合外,更具体的 128.8.8.0/24 也被输出到 AS1 外部。这在 128.8.8.0/24 与其他 AS 多重连接到 AS1 时非常有用。
route: 128.8.0.0/15
origin: AS1
components: {128.8.0.0/15^-}
aggr-mtd: outbound AS-ANY
export-comps: {128.8.8.0/24}
Figure 31: Outbound aggregation with export exception.
图 31:有输出异常的出站聚合。
The inject attribute specifies which routers perform the aggregation and when they perform it. Its syntax is as follow:
inject 属性指定由哪些路由器执行聚合以及何时执行。其语法如下
inject: [at <router-expression>] ...
[action <action>]
[upon <condition>]
where <action> is an action specification (see Section 6.1.1), <condition> is a boolean expression described below, and <router-expression> is as described in Section 5.6.
其中,<action> 是动作规范(见第 6.1.1 节),<condition> 是下面描述的布尔表达式,<router-expression> 如第 5.6 节所述。
All routers in <router-expression> and in the aggregator AS perform the aggregation. If a <router-expression> is not specified, all routers inside the aggregator AS perform the aggregation. The <action> specification may set path attributes of the aggregate, such as assign a preferences to the aggregate.
<router-expression> 和聚合器 AS 中的所有路由器都会执行聚合。如果没有指定 <router-expression>,聚合器 AS 中的所有路由器都会执行聚合。<action> 规范可设置聚合的路径属性,如为聚合指定首选项。
The upon clause is a boolean condition. The aggregate is generated if and only if this condition is true. <condition> is a boolean expression using the logical operators AND and OR (i.e. operator NOT is not allowed) over:
upon 子句是一个布尔条件。当且仅当该条件为真时,才会生成聚合。<condition> 是一个布尔表达式,使用逻辑运算符 AND 和 OR(即不允许使用运算符 NOT):
HAVE-COMPONENTS { list of prefixes }
EXCLUDE { list of prefixes }
STATIC
The list of prefixes in HAVE-COMPONENTS can only be more specifics of the aggregate. It evaluates to true when all the prefixes listed are present in the routing table of the aggregating router. The list can also include prefix ranges (i.e. using operators ^-, ^+, ^n, and ^n-m). In this case, at least one prefix from each prefix range needs to be present in the routing table for the condition to be true. The list of prefixes in EXCLUDE can be arbitrary. It evaluates to true when none of the prefixes listed is present in the routing table. The list can also include prefix ranges, and no prefix in that range should be present in the routing table. The keyword static always evaluates to true. If no upon clause is specified the aggregate is generated if an only if there is a component in the routing table (i.e. a more specific that matches the filter in the components attribute).
HAVE-COMPONENTS 中的前缀列表只能是聚合的更多具体内容。当列出的所有前缀都出现在聚合路由器的路由表中时,它的评估结果为 true。列表还可以包括前缀范围(即使用操作符 ^-、^+、^n 和 ^n-m)。在这种情况下,每个前缀范围中至少要有一个前缀出现在路由表中,条件才会成立。EXCLUDE 中的前缀列表可以是任意的。当路由表中没有列出任何前缀时,它的评估结果为 true。该列表还可以包含前缀范围,且该范围内的前缀都不应出现在路由表中。关键字 static 的值始终为 true。如果没有指定 upon 子句,则只有在路由表中有组件(即与组件属性中的过滤器相匹配的更具体的组件)时,才会生成聚合。
route: 128.8.0.0/15
origin: AS1
components: {128.8.0.0/15^-}
aggr-mtd: outbound AS-ANY
inject: at 1.1.1.1 action dpa = 100;
inject: at 1.1.1.2 action dpa = 110;
route: 128.8.0.0/15
origin: AS1
components: {128.8.0.0/15^-}
aggr-mtd: outbound AS-ANY
inject: upon HAVE-COMPONENTS {128.8.0.0/16, 128.9.0.0/16}
holes: 128.8.8.0/24
Figure 32: Examples of inject.
图 32:注入示例
Figure 32 shows two examples. In the first case, the aggregate is injected at two routers each one setting the dpa path attribute differently. In the second case, the aggregate is generated only if both 128.8.0.0/16 and 128.9.0.0/16 are present in the routing table, as opposed to the first case where the presence of just one of them is sufficient for injection.
图 32 显示了两个示例。在第一种情况下,聚合在两个路由器上注入,每个路由器以不同方式设置 dpa 路径属性。在第二种情况下,只有当 128.8.0.0/16 和 128.9.0.0/16 同时出现在路由表中时,才会生成聚合,而第一种情况下只需出现其中一个即可注入。
The holes attribute lists the component address prefixes which are not reachable through the aggregate route (perhaps that part of the address space is unallocated). The holes attribute is useful for diagnosis purposes. In Figure 32, the second example has a hole, namely 128.8.8.0/24. This may be due to a customer changing providers and taking this part of the address space with it.
漏洞属性列出了无法通过聚合路由到达的组件地址前缀(可能是该部分地址空间未分配)。漏洞属性可用于诊断。在图 32 中,第二个示例有一个漏洞,即 128.8.8.0/24。这可能是由于客户更换了供应商,并带走了这部分地址空间。
An aggregate formed is announced to other ASes only if the export policies of the AS allows exporting the aggregate. When the aggregate is formed, the more specifics are suppressed from being exported except to the ASes in aggr-bndry and except the components in export-comps. For such exceptions to happen, the export policies of the AS should explicitly allow exporting of these exceptions.
只有在 AS 的出口策略允许出口聚合时,才会向其他 AS 宣布已形成的聚合。聚合体形成后,除了向 aggr-bndry 中的 AS 和 export-comps 中的组件出口外,更具体的内容将被禁止出口。要出现这种例外情况,AS 的出口策略应明确允许出口这些例外情况。
If an aggregate is not formed (due to the upon clause), then the more specifics of the aggregate can be exported to other ASes, but only if the export policies of the AS allows it. In other words, before a route (aggregate or more specific) is exported it is filtered twice, once based on the route objects, and once based on the export policies of the AS.
如果聚合路由没有形成(由于 upon 条款),那么聚合路由的具体内容可以导出到其他 AS,但前提是该 AS 的导出策略允许这样做。换句话说,在路由(集合或更具体的路由)被导出之前,它要经过两次过滤,一次是基于路由对象,另一次是基于 AS 的导出策略。
route: 128.8.0.0/16 origin: AS1
路由:128.8.0.0/16 起源:AS1
route: 128.9.0.0/16 origin: AS1
路由:128.9.0.0/16 起源:AS1
route: 128.8.0.0/15
origin: AS1
aggr-bndry: AS1 or AS2 or AS3
aggr-mtd: outbound AS3 or AS4 or AS5
components: {128.8.0.0/16, 128.9.0.0/16}
inject: upon HAVE-COMPONENTS {128.9.0.0/16, 128.8.0.0/16}
aut-num: AS1
export: to AS2 announce AS1
export: to AS3 announce AS1 and not {128.9.0.0/16}
export: to AS4 announce AS1
export: to AS5 announce AS1
export: to AS6 announce AS1
Figure 33: Interaction with policies in aut-num class.
图 33:与 aut-num 类别中的策略交互。
In Figure 33 shows an interaction example. By examining the route objects, the more specifics 128.8.0.0/16 and 128.9.0.0/16 should be exchanged between AS1, AS2 and AS3 (i.e. the aggregation boundary). Outbound aggregation is done to AS4 and AS5 and not to AS3, since AS3 is in the aggregation boundary. The aut-num object allows exporting both components to AS2, but only the component 128.8.0.0/16 to AS3. The aggregate can only be formed if both components are available. In this case, only the aggregate is announced to AS4 and AS5. However, if one of the components is not available the aggregate will not be formed, and any available component or more specific will be exported to AS4 and AS5. Regardless of aggregation is performed or not, only the more specifics will be exported to AS6 (it is not listed in the aggr-mtd attribute).
图 33 显示了一个交互示例。通过检查路由对象,更具体的 128.8.0.0/16 和 128.9.0.0/16 应在 AS1、AS2 和 AS3(即聚合边界)之间交换。出站聚合是向 AS4 和 AS5 进行的,而不是向 AS3 进行的,因为 AS3 位于聚合边界。aut-num 对象允许向 AS2 输出两个组件,但只允许向 AS3 输出 128.8.0.0/16 组件。只有当两个组件都可用时,才能形成聚合。在这种情况下,只能向 AS4 和 AS5 宣布聚合。但是,如果其中一个组件不可用,则不会形成聚合,任何可用的组件或更具体的组件都将导出到 AS4 和 AS5。无论是否执行聚合,只有更具体的部分才会输出到 AS6(它不列在 aggr-mtd 属性中)。
When doing an inbound aggregation, configuration generators may eliminating the aggregation statements on routers where import policy of the AS prohibits importing of any more specifics.
在进行入站聚合时,如果 AS 的导入策略禁止导入更多具体信息,配置生成器可能会消除路由器上的聚合语句。
When several aggregate routes are specified and they overlap, i.e. one is less specific of the other, they must be evaluated more specific to less specific order. When an outbound aggregation is performed for a peer, the aggregate and the components listed in the export-comps attribute for that peer are available for generating the next less specific aggregate. The components that are not specified in the export-comps attribute are not available. A route is exportable to an AS if it is the least specific aggregate exportable to that AS or it is listed in the export-comps attribute of an exportable route. Note that this is a recursive definition.
如果指定了多个聚合路由,且这些路由相互重叠,即其中一个路由的特定性低于另一个路由,则必须按照从特定性较高到特定性较低的顺序对它们进行评估。当为一个对等点执行出站聚合时,该对等点的 export-comps 属性中列出的聚合和组件可用于生成下一个较不特定的聚合。export-comps 属性中未指明的组件不可用。如果路由是可导出到某个 AS 的最不特定集合,或者它列在可导出路由的 export-comps 属性中,则该路由可导出到该 AS。请注意,这是一个递归定义。
route: 128.8.0.0/15
origin: AS1
aggr-bndry: AS1 or AS2
aggr-mtd: outbound
inject: upon HAVE-COMPONENTS {128.8.0.0/16, 128.9.0.0/16}
route: 128.10.0.0/15
origin: AS1
aggr-bndry: AS1 or AS3
aggr-mtd: outbound
inject: upon HAVE-COMPONENTS {128.10.0.0/16, 128.11.0.0/16}
export-comps: {128.11.0.0/16}
route: 128.8.0.0/14
origin: AS1
aggr-bndry: AS1 or AS2 or AS3
aggr-mtd: outbound
inject: upon HAVE-COMPONENTS {128.8.0.0/15, 128.10.0.0/15}
export-comps: {128.10.0.0/15}
Figure 34: Overlapping aggregations.
图 34:重叠聚合。
In Figure 34, AS1 together with AS2 aggregates 128.8.0.0/16 and 128.9.0.0/16 into 128.8.0.0/15. Together with AS3, AS1 aggregates 128.10.0.0/16 and 128.11.0.0/16 into 128.10.0.0/15. But altogether they aggregate these four routes into 128.8.0.0/14. Assuming all four components are available, a router in AS1 for an outside AS, say AS4, will first generate 128.8.0.0/15 and 128.10.0.0/15. This will make 128.8.0.0/15, 128.10.0.0/15 and its exception 128.11.0.0/16 available for generating 128.8.0.0/14. The router will then generate 128.8.0.0/14 from these three routes. Hence for AS4, 128.8.0.0/14 and its exception 128.10.0.0/15 and its exception 128.11.0.0/16 will be exportable.
在图 34 中,AS1 与 AS2 一起将 128.8.0.0/16 和 128.9.0.0/16 聚合为 128.8.0.0/15。AS1 与 AS3 一起将 128.10.0.0/16 和 128.11.0.0/16 聚合为 128.10.0.0/15。但它们将这四条路由汇总为 128.8.0.0/14。假定所有四个部分都可用,AS1 中的路由器将首先生成 128.8.0.0/15 和 128.10.0.0/15,然后再生成一个外部 AS,如 AS4。这将使 128.8.0.0/15、128.10.0.0/15 及其例外 128.11.0.0/16 可用来生成 128.8.0.0/14。路由器将从这三条路由生成 128.8.0.0/14。因此,对于 AS4,128.8.0.0/14 及其例外 128.10.0.0/15 和例外 128.11.0.0/16 将可导出。
For AS2, a router in AS1 will only generate 128.10.0.0/15. Hence, 128.10.0.0/15 and its exception 128.11.0.0/16 will be exportable. Note that 128.8.0.0/16 and 128.9.0.0/16 are also exportable since they did not participate in an aggregate exportable to AS2.
对于 AS2,AS1 中的路由器只会生成 128.10.0.0/15。因此,128.10.0.0/15 及其例外 128.11.0.0/16 可以导出。请注意,128.8.0.0/16 和 128.9.0.0/16 也是可导出的,因为它们没有参与可导出到 AS2 的聚合。
Similarly, for AS3, a router in AS1 will only generate 128.8.0.0/15. In this case 128.8.0.0/15, 128.10.0.0/16, 128.11.0.0/16 are exportable.
同样,对于 AS3,AS1 中的路由器只会生成 128.8.0.0/15。在这种情况下,128.8.0.0/15、128.10.0.0/16、128.11.0.0/16 是可导出的。
The inject attribute can be used to specify static routes by using "upon static" as the condition:
以 "on static "为条件,注入属性可用于指定静态路由:
inject: [at <router-expression>] ...
[action <action>]
upon static
In this case, the routers in <router-expression> executes the <action> and injects the route to the interAS routing system statically. <action> may set certain route attributes such as a next-hop router or a cost.
在这种情况下,<router-expression> 中的路由器会执行 <action>,并将路由静态注入 interAS 路由系统。<action> 可以设置某些路由属性,如下一跳路由器或成本。
In the following example, the router 7.7.7.1 injects the route 128.7.0.0/16. The next-hop routers (in this example, there are two next-hop routers) for this route are 7.7.7.2 and 7.7.7.3 and the route has a cost of 10 over 7.7.7.2 and 20 over 7.7.7.3.
在下面的示例中,路由器 7.7.7.1 注入了路由 128.7.0.0/16。该路由的下一跳路由器(本例中有两个下一跳路由器)是 7.7.7.2 和 7.7.7.3,路由在 7.7.7.2 上的成本为 10,在 7.7.7.3 上的成本为 20。
route: 128.7.0.0/16
origin: AS1
inject: at 7.7.7.1 action next-hop = 7.7.7.2; cost = 10; upon static
inject: at 7.7.7.1 action next-hop = 7.7.7.3; cost = 20; upon static
9 inet-rtr Class
9 inet-rtr 级
Routers are specified using the inet-rtr class. The attributes of the inet-rtr class are shown in Figure 35. The inet-rtr attribute is a valid DNS name of the router described. Each alias attribute, if present, is a canonical DNS name for the router. The local-as attribute specifies the AS number of the AS which owns/operates this router.
路由器使用 inet-rtr 类指定。inet-rtr 类别的属性如图 35 所示。inet-rtr 属性是所描述路由器的有效 DNS 名称。每个别名属性(如果存在)是路由器的 DNS 正则名称。local-as 属性指定拥有/运行该路由器的 AS 的 AS 号。
Attribute Value Type inet-rtr <dns-name> mandatory, single-valued, class key alias <dns-name> optional, multi-valued local-as <as-number> mandatory, single-valued ifaddr see description in text mandatory, multi-valued peer see description in text optional, multi-valued member-of list of <rtr-set-names> optional, multi-valued
属性值类型 inet-rtr <dns-name> 必选,单值,类键别名 <dns-name> 可选,多值 local-as <as-number> 必选,单值 ifaddr 请参阅文本中的描述 必选,多值 peer 请参阅文本中的描述 可选,多值 member-of list of <rtr-set-names> 可选,多值
Figure 35: inet-rtr Class Attributes
图 35:inet-rtr 类属性
The value of an ifaddr attribute has the following syntax:
ifaddr 属性的值有以下语法:
<ipv4-address> masklen <integer> [action <action>]
The IP address and the mask length are mandatory for each interface. Optionally an action can be specified to set other parameters of this interface.
IP 地址和掩码长度是每个接口的必填项。可选择指定一个操作来设置该接口的其他参数。
Figure 36 presents an example inet-rtr object. The name of the router is "amsterdam.ripe.net". "amsterdam1.ripe.net" is a canonical name for the router. The router is connected to 4 networks. Its IP addresses and mask lengths in those networks are specified in the ifaddr attributes.
图 36 展示了一个 inet-rtr 对象示例。路由器的名称是 "amsterdam.ripe.net"。"amsterdam1.ripe.net "是路由器的规范名称。路由器连接到 4 个网络。它在这些网络中的 IP 地址和掩码长度在 ifaddr 属性中指定。
inet-rtr: Amsterdam.ripe.net
alias: amsterdam1.ripe.net
local-as: AS3333
ifaddr: 192.87.45.190 masklen 24
ifaddr: 192.87.4.28 masklen 24
ifaddr: 193.0.0.222 masklen 27
ifaddr: 193.0.0.158 masklen 27
peer: BGP4 192.87.45.195 asno(AS3334), flap_damp()
Figure 36: inet-rtr Objects
图 36:inet-rtr 对象
Each peer attribute, if present, specifies a protocol peering with another router. The value of a peer attribute has the following syntax:
每个对等属性(如果存在)指定与另一个路由器的协议对等。对等属性值的语法如下:
<protocol> <ipv4-address> <options>
| <protocol> <inet-rtr-name> <options>
| <protocol> <rtr-set-name> <options>
| <protocol> <peering-set-name> <options>
where <protocol> is a protocol name, <ipv4-address> is the IP address of the peer router, and <options> is a comma separated list of peering options for <protocol>. Instead of the peer's IP address, its inet-rtr-name can be used. Possible protocol names and attributes are defined in the dictionary (please see Section 7). In the above example, the router has a BGP peering with the router 192.87.45.195 in AS3334 and turns the flap damping on when importing routes from this router.
其中 <protocol> 是协议名称,<ipv4-address> 是对等路由器的 IP 地址,<options> 是以逗号分隔的 <protocol> 对等选项列表。可以使用对等路由器的 inet-rtr 名称代替对等路由器的 IP 地址。字典中定义了可能的协议名称和属性(请参阅第 7 节)。在上例中,路由器与 AS3334 中的路由器 192.87.45.195 建立了 BGP 对等互联,并在从该路由器导入路由时开启了翻页阻尼。
Instead of a single peer, a group of peers can be specified by using the <rtr-set-name> and <peering-set-name> forms. If <peering-set-name> form is being used only the peerings in the corresponding peering set that are with this router are included. Figure 37 shows an example inet-rtr object with peering groups.
使用 <rtr-set-name> 和 <peering-set-name> 表格可以指定一组对等互联,而不是单个对等互联。如果使用 <peering-set-name> 表单,则只包括与此路由器对应的对等互联集中的对等互联。图 37 显示了一个带有对等组的 inet-rtr 对象示例。
rtr-set: rtrs-ibgp-peers members: 1.1.1.1, 2.2.2.2, 3.3.3.3
rtr-set: rtrs-ibgp-peers 成员:1.1.1.1, 2.2.2.2, 3.3.3.3
peering-set: prng-ebgp-peers peering: AS3334 192.87.45.195 peering: AS3335 192.87.45.196
peering-set: prng-ebgp-peers peering:AS3334 192.87.45.195 peering:AS3335 192.87.45.196
inet-rtr: Amsterdam.ripe.net
alias: amsterdam1.ripe.net
local-as: AS3333
ifaddr: 192.87.45.190 masklen 24
ifaddr: 192.87.4.28 masklen 24
ifaddr: 193.0.0.222 masklen 27
ifaddr: 193.0.0.158 masklen 27
peer: BGP4 rtrs-ibgp-peers asno(AS3333), flap_damp()
peer: BGP4 prng-ebgp-peers asno(PeerAS), flap_damp()
Figure 37: inet-rtr Object with peering groups
图 37:带有对等互联组的 inet-rtr 对象
10 Extending RPSL
10 扩展 RPSL
Our experience with earlier routing policy languages and data formats (PRDB [2], RIPE-81 [8], and RIPE-181 [7]) taught us that RPSL had to be extensible. As a result, extensibility was a primary design goal for RPSL. New routing protocols or new features to existing routing protocols can be easily handled using RPSL's dictionary class. New classes or new attributes to the existing classes can also be added.
早期路由策略语言和数据格式(PRDB [2]、RIPE-81 [8] 和 RIPE-181 [7])的经验告诉我们,RPSL 必须具有可扩展性。因此,可扩展性是 RPSL 的首要设计目标。新的路由协议或现有路由协议的新功能可以通过 RPSL 的字典类轻松处理。还可以为现有的类添加新的类或新的属性。
This section provides guidelines for extending RPSL. These guidelines are designed with an eye toward maintaining backward compatibility with existing tools and databases. We next list the available options for extending RPSL from the most preferred to the least preferred order.
本节提供了扩展 RPSL 的指导原则。这些指导原则的设计着眼于保持与现有工具和数据库的向后兼容性。接下来,我们按照从优到劣的顺序列出了扩展 RPSL 的可用选项。
The dictionary class is the primary mechanism provided to extend RPSL. Dictionary objects define routing policy attributes, types, and routing protocols.
字典类是扩展 RPSL 的主要机制。字典对象定义路由策略属性、类型和路由协议。
We recommend updating the RPSL dictionary to include appropriate rp-attribute and protocol definitions as new path attributes or router features are introduced. For example, in an earlier version of the RPSL document, it was only possible to specify that a router performs route flap damping on a peer, but it was not possible to specify the parameters of route flap damping. Later the parameters were added by changing the dictionary.
我们建议在引入新的路径属性或路由器功能时更新 RPSL 字典,以包含适当的 rp 属性和协议定义。例如,在早期版本的 RPSL 文档中,只能指定路由器在对等设备上执行路由翻页阻尼,但无法指定路由翻页阻尼的参数。后来通过修改字典添加了参数。
When changing the dictionary, full compatibility should be maintained. For example, in our flap damping case, we made the parameter specification optional in case this level of detail was not desired by some ISPs. This also achieved compatibility. Any object registered without the parameters will continue to be valid. Any tool based on RPSL is expected to do a default action on routing policy attributes that they do not understand (e.g. issue a warning and otherwise ignore). Hence, old tools upon encountering a flap damping specification with parameters will ignore the parameters.
在更改字典时,应保持完全兼容。例如,在我们的襟翼阻尼案例中,我们将参数说明作为可选项,以防某些互联网服务提供商不需要这种详细程度。这也实现了兼容性。任何未注册参数的对象都将继续有效。任何基于 RPSL 的工具都会对其不理解的路由策略属性执行默认操作(如发出警告或忽略)。因此,旧工具在遇到带参数的翻页阻尼规范时将忽略这些参数。
New attributes can be added to any class. To ensure full compatibility, new attributes should not contradict the semantics of the objects they are attached to. Any tool that uses the IRR should be designed so that it ignores attributes that it doesn't understand. Most existing tools adhere to this design principle.
任何类都可以添加新属性。为确保完全兼容,新属性不应与所附加对象的语义相矛盾。任何使用 IRR 的工具在设计时都应忽略其无法理解的属性。现有的大多数工具都遵循了这一设计原则。
We recommend adding new attributes to existing classes when a new aspect of a class is discovered. For example, RPSL route class extends its RIPE-181 predecessor by including several new attributes that enable aggregate and static route specification.
我们建议在发现一个类的新特性时,为现有类添加新属性。例如,RPSL 路由类扩展了 RIPE-181 的前身,增加了几个新属性,使聚合和静态路由规范成为可能。
New classes can be added to RPSL to store new types of policy data. Providing full compatibility is straight forward as long as existing classes are still understood. Since a tool should only query the IRR for the classes that it understand, full compatibility should not be a problem in this case.
可以在 RPSL 中添加新的类,以存储新类型的策略数据。只要现有的类仍能被理解,提供完全兼容性是很简单的。由于工具只需查询它能理解的类的 IRR,因此在这种情况下,完全兼容应该不成问题。
Before adding a new class, one should question if the information contained in the objects of the new class could have better belonged to some other class. For example, if the geographic location of a router needs to be stored in IRR, it may be tempting to add a new class called, say router-location class. However, the information better belongs to the inet-rtr class, perhaps in a new attribute called location.
在添加一个新类之前,我们应该考虑新类对象中包含的信息是否可以更好地归属于其他类。例如,如果路由器的地理位置需要存储在 IRR 中,那么添加一个新类(如路由器位置类)可能会很有吸引力。不过,这些信息最好还是属于 inet-rtr 类,或许可以放在一个名为 location 的新属性中。
If all of the methods described above fail to provide the desired extension, it may be necessary to change the syntax of RPSL. Any change in RPSL syntax must provide backwards compatibility, and should be considered only as a last resort since full compatibility may not be achievable. However, we require that the old syntax to be still valid.
如果上述所有方法都无法提供所需的扩展,可能就有必要更改 RPSL 的语法。RPSL 语法的任何更改都必须提供向后兼容性,而且只能作为最后的手段,因为完全兼容可能无法实现。不过,我们要求旧语法仍然有效。
11 Security Considerations
11 安全考虑因素
This document describes RPSL, a language for expressing routing policies. The language defines a maintainer (mntner class) object which is the entity which controls or "maintains" the objects stored in a database expressed by RPSL. Requests from maintainers can be authenticated with various techniques as defined by the "auth" attribute of the maintainer object.
本文档介绍了用于表达路由策略的语言 RPSL。该语言定义了一个维护者(mntner 类)对象,它是控制或 "维护 "由 RPSL 表达的数据库中存储的对象的实体。维护者的请求可以通过维护者对象的 "auth "属性所定义的各种技术进行验证。
The exact protocols used by IRR's to communicate RPSL objects is beyond the scope of this document, but it is envisioned that several techniques may be used, ranging from interactive query/update protocols to store and forward protocols similar to or based on electronic mail (or even voice telephone calls). Regardless of which protocols are used in a given situation, it is expected that appropriate security techniques such as IPSEC, TLS or PGP/MIME will be utilized.
IRR 用于通信 RPSL 对象的确切协议超出了本文档的范围,但预计可能会使用多种技术,从交互式查询/更新协议到类似于或基于电子邮件(甚至语音电话)的存储和转发协议。无论在特定情况下使用哪种协议,预计都将使用适当的安全技术,如 IPSEC、TLS 或 PGP/MIME。
12 Acknowledgements
12 鸣谢
We would like to thank Jessica Yu, Randy Bush, Alan Barrett, Bill Manning, Sue Hares, Ramesh Govindan, Kannan Varadhan, Satish Kumar, Craig Labovitz, Rusty Eddy, David J. LeRoy, David Whipple, Jon Postel, Deborah Estrin, Elliot Schwartz, Joachim Schmitz, Mark Prior, Tony Przygienda, David Woodgate, Rob Coltun, Sanjay Wadhwa, Ardas Cilingiroglu, and the participants of the IETF RPS Working Group for various comments and suggestions.
我们要感谢 Jessica Yu、Randy Bush、Alan Barrett、Bill Manning、Sue Hares、Ramesh Govindan、Kannan Varadhan、Satish Kumar、Craig Labovitz、Rusty Eddy、David J.LeRoy、David Whipple、Jon Postel、Deborah Estrin、Elliot Schwartz、Joachim Schmitz、Mark Prior、Tony Przygienda、David Woodgate、Rob Coltun、Sanjay Wadhwa、Ardas Cilingiroglu,以及 IETF RPS 工作组的与会者,感谢他们提出的各种意见和建议。
References
参考文献
[1] Internet routing registry. procedures. http://www.ra.net/RADB.tools.docs/, http://www.ripe.net/db/doc.html.
[1] 互联网路由注册。程序。http://www.ra.net/RADB.tools.docs/, http://www.ripe.net/db/doc.html。
[2] Nsfnet policy routing database (prdb). Maintained by MERIT Network Inc., Ann Arbor, Michigan. Contents available from nic.merit.edu.:/nsfnet/announced.networks/nets.tag.now by anonymous ftp.
[2] Nsfnet 策略路由数据库 (prdb)。由密歇根州安阿伯市 MERIT 网络公司维护。内容可通过匿名 FTP 从 nic.merit.edu.:/nsfnet/announced.networks/nets.tag.now 获取。
[3] Alaettinouglu, C., Bates, T., Gerich, E., Karrenberg, D., Meyer, D., Terpstra, M. and C. Villamizer, "Routing Policy Specification Language (RPSL)", RFC 2280, January 1998.
[3] Alaettinouglu, C., Bates, T., Gerich, E., Karrenberg, D., Meyer, D., Terpstra, M. and C. Villamizer, "Routing Policy Specification Language (RPSL)", RFC 2280, January 1998.
[4] C. Alaettinouglu, D. Meyer, and J. Schmitz. Application of routing policy specification language (rpsl) on the internet. Work in Progress.
[4] C.Alaettinouglu、D. Meyer 和 J. Schmitz。路由策略规范语言(rpsl)在互联网上的应用。进行中的工作。
[5] T. Bates. Specifying an `internet router' in the routing registry. Technical Report RIPE-122, RIPE, RIPE NCC, Amsterdam, Netherlands, October 1994.
[5] T.贝茨。在路由注册表中指定 "互联网路由器"。技术报告 RIPE-122,RIPE,RIPE NCC,荷兰阿姆斯特丹,1994 年 10 月。
[6] T. Bates, E. Gerich, L. Joncheray, J-M. Jouanigot, D. Karrenberg, M. Terpstra, and J. Yu. Representation of ip routing policies in a routing registry. Technical Report ripe-181, RIPE, RIPE NCC, Amsterdam, Netherlands, October 1994.
[6] T.Bates, E. Gerich, L. Joncheray, J-M. Jouanigot, D. Karrenberg, M. Terpstra, and J. Yu.Jouanigot, D. Karrenberg, M. Terpstra, and J. Yu.路由注册表中的 IP 路由策略表示。技术报告 ripe-181,RIPE,RIPE NCC,荷兰阿姆斯特丹,1994 年 10 月。
[7] Bates, T., Gerich, E., Joncheray, L., Jouanigot, J-M., Karrenberg, D., Terpstra, M. and J. Yu, " Representation of IP Routing Policies in a Routing Registry", RFC 1786, March 1995.
[7] Bates, T., Gerich, E., Joncheray, L., Jouanigot, J-M., Karrenberg, D., Terpstra, M. and J. Yu, " Representation of IP Routing Policies in a Routing Registry", RFC 1786, March 1995.
[8] T. Bates, J-M. Jouanigot, D. Karrenberg, P. Lothberg, and M. Terpstra. Representation of ip routing policies in the ripe database. Technical Report ripe-81, RIPE, RIPE NCC, Amsterdam, Netherlands, February 1993.
[8] T.Bates, J-M.Jouanigot, D. Karrenberg, P. Lothberg, and M. Terpstra.ripe 数据库中 IP 路由策略的表示。技术报告 ripe-81,RIPE,RIPE NCC,荷兰阿姆斯特丹,1993 年 2 月。
[9] Chandra, R., Traina, P. and T. Li, "BGP Communities Attribute", RFC 1997, August 1996.
[9] Chandra, R., Traina, P. and T. Li, "BGP Communities Attribute", RFC 1997, August 1996.
[10] Crocker, D., "Standard for ARPA Internet Text Messages", STD 11, RFC 822, August 1982.
[10] Crocker, D., "Standard for ARPA Internet Text Messages", STD 11, RFC 822, August 1982.
[11] Fuller, V., Li, T., Yu, J. and K. Varadhan, "Classless Inter-Domain Routing (CIDR): an Address Assignment and Aggregation Strategy", RFC 1519, September 1993.
[11] Fuller, V., Li, T., Yu, J. and K. Varadhan, "Classless Inter-Domain Routing (CIDR): an Address Assignment and Aggregation Strategy", RFC 1519, September 1993.
[12] D. Karrenberg and T. Bates. Description of inter-as networks in the ripe routing registry. Technical Report RIPE-104, RIPE, RIPE NCC, Amsterdam, Netherlands, December 1993.
[12] D.Karrenberg and T. Bates.成熟路由注册中的as间网络描述。技术报告 RIPE-104,RIPE,RIPE NCC,荷兰阿姆斯特丹,1993 年 12 月。
[13] D. Karrenberg and M. Terpstra. Authorisation and notification of changes in the ripe database. Technical Report ripe-120, RIPE, RIPE NCC, Amsterdam, Netherlands, October 1994.
[13] D.Karrenberg and M. Terpstra.ripe 数据库中更改的授权和通知。技术报告 ripe-120,RIPE,RIPE NCC,荷兰阿姆斯特丹,1994 年 10 月。
[14] B. W. Kernighan and D. M. Ritchie. The C Programming Language. Prentice-Hall, 1978.
[14] B.W. Kernighan 和 D. M. Ritchie.The C Programming Language.Prentice-Hall, 1978.
[15] A. Lord and M. Terpstra. Ripe database template for networks and persons. Technical Report ripe-119, RIPE, RIPE NCC, Amsterdam, Netherlands, October 1994.
[15] A.Lord and M. Terpstra.用于网络和人员的 Ripe 数据库模板。技术报告 ripe-119,RIPE,RIPE NCC,荷兰阿姆斯特丹,1994 年 10 月。
[16] A. M. R. Magee. Ripe ncc database documentation. Technical Report RIPE-157, RIPE, RIPE NCC, Amsterdam, Netherlands, May 1997.
[16] A.M. R. Magee.Ripe NCC 数据库文档。技术报告 RIPE-157,RIPE,RIPE NCC,荷兰阿姆斯特丹,1997 年 5 月。
[17] Mockapetris, P., "Domain names - concepts and facilities", STD 13, RFC 1034, November 1987.
[17] Mockapetris, P., "Domain names - concepts and facilities", STD 13, RFC 1034, November 1987.
[18] Y. Rekhter. Inter-domain routing protocol (idrp). Journal of Internetworking Research and Experience, 4:61--80, 1993.
[18] Y.Rekhter.域间路由协议(idrp)。互联网研究与经验期刊》,4:61--80,1993.
[19] Rekhter Y. and T. Li, "A Border Gateway Protocol 4 (BGP-4)", RFC 1771, March 1995.
[19] Rekhter Y. 和 T. Li,"边界网关协议 4 (BGP-4)",RFC 1771,1995 年 3 月。
[20] C. Villamizar, C. Alaettinouglu, D. Meyer, S. Murphy, and C. Orange. Routing policy system security", Work in Progress.
[20] C.Villamizar, C. Alaettinouglu, D. Meyer, S. Murphy, and C. Orange.路由策略系统安全",工作进展。
[21] Villamizar, C., Chandra, R. and R. Govindan, "BGP Route Flap Damping", RFC 2439, November 1998.
[21] Villamizar, C., Chandra, R. 和 R. Govindan,"BGP 路由瓣阻尼",RFC 2439,1998 年 11 月。
[22] J. Zsako, "PGP authentication for ripe database updates", Work in Progress.
[22] J.Zsako, "PGP authentication for ripe database updates", Work in Progress.
A Routing Registry Sites
A 路由登记站
The set of routing registries as of November 1996 are RIPE, RADB, CANet, MCI and ANS. You may contact one of these registries to find out the current list of registries.
截至 1996 年 11 月,路由注册机构包括 RIPE、RADB、CANet、MCI 和 ANS。您可以联系这些注册机构之一,了解当前的注册机构列表。
B Grammar Rules
B 语法规则
In this section we provide formal grammar rules for RPSL. Basic data types are defined in Section 2. We do not provide formal grammar rules for attributes whose values are of basic types or list of basic types. The rules are written using the input language of GNU Bison parser. Hence, they can be cut and pasted to that program.
本节将提供 RPSL 的正式语法规则。第 2 节定义了基本数据类型。我们不提供值为基本类型或基本类型列表的属性的正式语法规则。这些规则是使用 GNU Bison 解析器的输入语言编写的。因此,这些规则可以剪切并粘贴到该程序中。
//**** Generic Attributes **********************************************
changed_attribute: ATTR_CHANGED TKN_EMAIL TKN_INT
属性已更改:attr_changed tkn_email tkn_int
//**** aut-num class ***************************************************
//// as_expression /////////////////////////////////////////////////////
//// as_expression /////////////////////////////////////////////////////
opt_as_expression: | as_expression
opt_as_expression:| as_expression
as_expression: as_expression OP_OR as_expression_term | as_expression_term
as_expression: as_expression OP_OR as_expression_term | as_expression_term
as_expression_term: as_expression_term OP_AND as_expression_factor | as_expression_term KEYW_EXCEPT as_expression_factor | as_expression_factor
as_expression_term: as_expression_term OP_AND as_expression_factor | as_expression_term KEYW_EXCEPT as_expression_factor | as_expression_factor
as_expression_factor: '(' as_expression ')' | as_expression_operand
as_expression_factor: '(' as_expression ')' | as_expression_operand| as_expression_operand
as_expression_operand: TKN_ASNO | TKN_ASNAME
as_expression_operand:tkn_asno | tkn_asname
//// router_expression /////////////////////////////////////////////////
//// router_expression /////////////////////////////////////////////////
opt_router_expression: | router_expression
opt_router_expression:| router_expression
opt_router_expression_with_at: | KEYW_AT router_expression
opt_router_expression_with_at:| KEYW_AT router_expression
router_expression: router_expression OP_OR router_expression_term
| router_expression_term
router_expression_term: router_expression_term OP_AND
router_expression_factor
| router_expression_term KEYW_EXCEPT router_expression_factor
| router_expression_factor
router_expression_factor: '(' router_expression ')' | router_expression_operand
router_expression_factor: '(' router_expression ')' | router_expression_operand| router_expression_operand
router_expression_operand: TKN_IPV4 | TKN_DNS | TKN_RTRSNAME
router_expression_operand:tkn_ipv4 | tkn_dns | tkn_rtrsname
//// peering ///////////////////////////////////////////////////////////
//// 对等 ///////////////////////////////////////////////////////////
peering: as_expression opt_router_expression opt_router_expression_with_at | TKN_PRNGNAME
peering: as_expression opt_router_expression opt_router_expression_with_at | TKN_PRNGNAME
//// action ////////////////////////////////////////////////////////////
//// 行动 ////////////////////////////////////////////////////////////
opt_action: | KEYW_ACTION action
opt_action:| KEYW_ACTION action
action: single_action
| action single_action
single_action: TKN_RP_ATTR '.' TKN_WORD '(' generic_list ')' ';'
| TKN_RP_ATTR TKN_OPERATOR list_item ';'
| TKN_RP_ATTR '(' generic_list ')' ';'
| TKN_RP_ATTR '[' generic_list ']' ';'
| ';'
//// filter ////////////////////////////////////////////////////////////
//// 过滤器 ////////////////////////////////////////////////////////////
filter: filter OP_OR filter_term | filter filter_term %prec OP_OR | filter_term
filter: filter OP_OR filter_term | filter filter_term %prec OP_OR | filter_term
filter_term : filter_term OP_AND filter_factor | filter_factor
filter_term : filter_term OP_AND filter_factor | filter_factor
filter_factor : OP_NOT filter_factor | '(' filter ')' | filter_operand
filter_factor : OP_NOT filter_factor | '(' 过滤器 ')'。| 过滤器操作符
filter_operand: KEYW_ANY
| '<' filter_aspath '>'
| filter_rp_attribute
| TKN_FLTRNAME
| filter_prefix
filter_prefix: filter_prefix_operand OP_MS
| filter_prefix_operand
filter_prefix_operand: TKN_ASNO
| KEYW_PEERAS
| TKN_ASNAME
| TKN_RSNAME
| '{' opt_filter_prefix_list '}'
opt_filter_prefix_list: | filter_prefix_list
opt_filter_prefix_list:| filter_prefix_list
filter_prefix_list: filter_prefix_list_prefix | filter_prefix_list ',' filter_prefix_list_prefix
filter_prefix_list: filter_prefix_list_prefix | filter_prefix_list ',' filter_prefix_list_prefix
filter_prefix_list_prefix: TKN_PRFXV4 | TKN_PRFXV4RNG
filter_prefix_list_prefix:TKN_PRFXV4 | TKN_PRFXV4RNG
filter_aspath: filter_aspath '|' filter_aspath_term | filter_aspath_term
filter_aspath: filter_aspath '|' filter_aspath_term | filter_aspath_term
filter_aspath_term: filter_aspath_term filter_aspath_closure | filter_aspath_closure
filter_aspath_term: filter_aspath_term filter_aspath_closure | filter_aspath_closure
filter_aspath_closure: filter_aspath_closure '*'
| filter_aspath_closure '?'
| filter_aspath_closure '+'
| filter_aspath_factor
filter_aspath_factor: '^'
| '$'
| '(' filter_aspath ')'
| filter_aspath_no
filter_aspath_no: TKN_ASNO
| KEYW_PEERAS
| TKN_ASNAME
| '.'
| '[' filter_aspath_range ']'
| '[' '^' filter_aspath_range ']'
filter_aspath_range:
| filter_aspath_range TKN_ASNO
| filter_aspath_range KEYW_PEERAS
| filter_aspath_range '.'
| filter_aspath_range TKN_ASNO '-' TKN_ASNO
| filter_aspath_range TKN_ASNAME
filter_rp_attribute: TKN_RP_ATTR '.' TKN_WORD '(' generic_list ')'
| TKN_RP_ATTR TKN_OPERATOR list_item
| TKN_RP_ATTR '(' generic_list ')'
| TKN_RP_ATTR '[' generic_list ']'
//// peering action pair ///////////////////////////////////////////////
//// 对等互联行动对 ///////////////////////////////////////////////
import_peering_action_list: KEYW_FROM peering opt_action | import_peering_action_list KEYW_FROM peering opt_action
import_peering_action_list:KEYW_FROM peering opt_action | import_peering_action_list KEYW_FROM peering opt_action
export_peering_action_list: KEYW_TO peering opt_action | export_peering_action_list KEYW_TO peering opt_action
export_peering_action_list:KEYW_TO peering opt_action | export_peering_action_list KEYW_TO peering opt_action
//// import/export factor //////////////////////////////////////////////
//// 进出口系数 //////////////////////////////////////////////
import_factor: import_peering_action_list KEYW_ACCEPT filter
import_factor: import_peering_action_list KEYW_ACCEPT 过滤器
import_factor_list: import_factor ';' | import_factor_list import_factor ';'
import_factor_list: import_factor ';' | import_factor_list import_factor ';'
export_factor: export_peering_action_list KEYW_ANNOUNCE filter
export_factor: export_peering_action_list KEYW_ANNOUNCE 过滤器
export_factor_list: export_factor ';' | export_factor_list export_factor ';'
export_factor_list: export_factor ';' | export_factor_list export_factor ';'
//// import/export term ////////////////////////////////////////////////
//// 进出口术语 ////////////////////////////////////////////////
import_term: import_factor ';'
| '{' import_factor_list '}'
export_term: export_factor ';'
| '{' export_factor_list '}'
//// import/export expression //////////////////////////////////////////
//// 导入/导出表达式 //////////////////////////////////////////
import_expression: import_term | import_term KEYW_REFINE import_expression | import_term KEYW_EXCEPT import_expression
import_expression: import_term | import_term KEYW_REFINE import_expression | import_term KEYW_EXCEPT import_expression
export_expression: export_term | export_term KEYW_REFINE export_expression | export_term KEYW_EXCEPT export_expression
export_expression: export_term | export_term KEYW_REFINE export_expression | export_term KEYW_EXCEPT export_expression
//// protocol ///////////////////////////////////////////////////////////
//// 协议 ///////////////////////////////////////////////////////////