[db-wg] Re: mnt-routes attribute in aut-num objects
- Previous message (by thread): [db-wg] mnt-routes attribute in aut-num objects
- Next message (by thread): [db-wg] Announcement on parent notifications
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
RIPE Database Administration
ripe-dbm at ripe.net
Tue Aug 5 14:07:54 CEST 2003
Dear Frank, As RFC2725 says on page 18: Having found the AS and either a route object or inetnum, the authorization is taken from these two objects. The applicable maintainer object is any referenced by the mnt-routes attributes. If one or more mnt-routes attributes are present in an object, the mnt- by attributes are not considered. In the absence of a mnt-routes attribute in a given object, the mnt-by attributes are used for that object. The authentication must match one of the authorizations in each of the two objects. I.e. if "mnt-routes" attribute is present, then at least one of mainatiners from "mnt-routes" should pass the authorisation. If none of them passes, the creation is refused - no further check is done with "mnt-by" attribute in case of "mnt-routes" failure. "mnt-by" attribute is used only if "mnt-routes" is not present. This applies only to route object creation. For route object modification only "mnt-by" of the object itself is used to check the authorisation. If you have any more questions, please contact <ripe-dbm at ripe.net>. Regards, Katie Petrusha ____________________________ RIPE Database Administration. Original message follows: ------------------------ Dear Colleagues, how exactly is this meaning of MNT-ROUTES in AUT-NUM objects in case of routes object creation/modification ? RFC2725 is not realy detailed here. Means the existance of an MNT-ROUTES attribute in an AUT-NUM object that ONLY this/these referenced maintainer(s) will be able to authorized route creation/modification and the referenced MNT-BY maintainer(s) will not be used? Or should not the MNT-BY maintainer(s) checked if all MNT-ROUTES maintainer(s) authorisation fails? The current RIPE software checks MNT-ROUTES maintainers only. Thanks Frank > > From: "Frank Bohnsack" <Frank.Bohnsack at deu.mci.com> > > Subject: LONGACK > > Date: Mon, 4 Aug 2003 23:42:06 +0200 > > Reply-To: Frank.Bohnsack at deu.mci.com > > Message-ID: <FAEKJBKGENGFILMMECELOEHICAAA.Frank.Bohnsack at deu.mci.com> > > ... > > DETAILED EXPLANATION: > > > ***Warning: Invalid keyword(s) found: LONGACK > ***Warning: All keywords were ignored > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > The following object(s) were found to have ERRORS: > > > --- > Create FAILED: [route] 139.8.32.0/24AS702 > ***Error: Authorisation failed > ***Info: Syntax check passed > > route: 139.8.32.0/24 > descr: DE PI route > origin: AS702 > member-of: AS702:RS-DE, > AS702:RS-DE-PI, > AS702:RS-DE-PULLUP > mnt-by: WCOM-EMEA-RICE-MNT > changed: rice at lists.mci.com 20030804 > source: RIPE > > ***Info: Authorisation for parent [route] 139.8.0.0/16AS702 > using mnt-by: > authenticated by: WCOM-EMEA-RICE-MNT > > ***Info: Authorisation for origin [aut-num] AS702 > using mnt-routes: > not authenticated by: UUNETDK-MNT, AS1270-MNT, AS1849-MNT, > AS1890-MNT, IWAY-NOC, AS702-MNT, SE-UUNET-MNT, UUNETDE-I > > ***Info: Authorisation for [route] 139.8.32.0/24AS702 > using mnt-by: > authenticated by: WCOM-EMEA-RICE-MNT > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > > For assistance or clarification please contact: > RIPE Database Administration <ripe-dbm at ripe.net> > > > >
- Previous message (by thread): [db-wg] mnt-routes attribute in aut-num objects
- Next message (by thread): [db-wg] Announcement on parent notifications
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]