RFC 2725 (rfc2725) - Page 2 of 41

Routing Policy System Security

Alternative Format: Original Text Document
< Previous
Next >
RFC 2725             Routing Policy System Security        December 1999


Table of Contents

   1  Overview  . . . . . . . . . . . . . . . . . . . . . . . . .  3
   2  Background  . . . . . . . . . . . . . . . . . . . . . . . .  3
   3  Implicit Policy Assumptions . . . . . . . . . . . . . . . .  5
   4  Scope of Security Coverage  . . . . . . . . . . . . . . . .  5
   5  Organization of this Document   . . . . . . . . . . . . . .  6
   6  Goals and Requirements  . . . . . . . . . . . . . . . . . .  6
   7  Data Representation . . . . . . . . . . . . . . . . . . . . 10
   8  Authentication Model  . . . . . . . . . . . . . . . . . . . 10
   9  Authorization Model . . . . . . . . . . . . . . . . . . . . 12
     9.1   Maintainer Objects . . . . . . . . . . . . . . . . . . 12
     9.2   as-block and aut-num objects . . . . . . . . . . . . . 13
     9.3   inetnum objects  . . . . . . . . . . . . . . . . . . . 13
     9.4   route objects  . . . . . . . . . . . . . . . . . . . . 14
     9.5   reclaim and no-reclaim attributes  . . . . . . . . . . 14
     9.6   Other Objects  . . . . . . . . . . . . . . . . . . . . 15
     9.7   Objects with AS Hierarchical Names . . . . . . . . . . 16
     9.8   Query Processing . . . . . . . . . . . . . . . . . . . 16
     9.9   Adding to the Database . . . . . . . . . . . . . . . . 17
     9.10  Modifying or Deleting Database Objects . . . . . . . . 19
   10  Data Format Summaries  . . . . . . . . . . . . . . . . . . 20
     10.1  Changes to the RIPE/RPSL Schema  . . . . . . . . . . . 20
   Appendicies
   A  Core and Non-Core Functionality . . . . . . . . . . . . . . 23
   B  Examples  . . . . . . . . . . . . . . . . . . . . . . . . . 23
   C  Technical Discussion  . . . . . . . . . . . . . . . . . . . 26
     C.1   Relaxing requirements for ease of registry   . . . . . 27
     C.2   The address lending issue  . . . . . . . . . . . . . . 28
     C.3   Dealing with non-conformant or questionable older
           data . . . . . . . . . . . . . . . . . . . . . . . . . 29
   D  Common Operational Cases  . . . . . . . . . . . . . . . . . 30
     D.1   simple hierarchical address allocation and route
           allocation . . . . . . . . . . . . . . . . . . . . . . 31
     D.2   aggregation and multihomed more specific routes  . . . 32
     D.3   provider independent addresses and multiple origin
           AS . . . . . . . . . . . . . . . . . . . . . . . . . . 32
     D.4   change in Internet service provider  . . . . . . . . . 32
     D.5   renumbering grace periods  . . . . . . . . . . . . . . 32
   E  Deployment Considerations . . . . . . . . . . . . . . . . . 33
   F  Route Object Authorization Pseudocode . . . . . . . . . . . 35
   Acknowledgments  . . . . . . . . . . . . . . . . . . . . . . . 37
   Intellectual Property Notice . . . . . . . . . . . . . . . . . 38
   References . . . . . . . . . . . . . . . . . . . . . . . . . . 38
   Security Considerations  . . . . . . . . . . . . . . . . . . . 40
   Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 40
   Full Copyright Statement   . . . . . . . . . . . . . . . . . . 41




Villamizar, et al.          Standards Track
< Previous
Next >