This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/db-wg@ripe.net/
[db-wg] Re: mnt-routes attribute in aut-num objects
- Previous message (by thread): [db-wg] mnt-routes attribute in aut-num objects
- Next message (by thread): [db-wg] Announcement on parent notifications
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
RIPE Database Administration
ripe-dbm at ripe.net
Tue Aug 5 14:07:54 CEST 2003
Dear Frank, As RFC2725 says on page 18: Having found the AS and either a route object or inetnum, the authorization is taken from these two objects. The applicable maintainer object is any referenced by the mnt-routes attributes. If one or more mnt-routes attributes are present in an object, the mnt- by attributes are not considered. In the absence of a mnt-routes attribute in a given object, the mnt-by attributes are used for that object. The authentication must match one of the authorizations in each of the two objects. I.e. if "mnt-routes" attribute is present, then at least one of mainatiners from "mnt-routes" should pass the authorisation. If none of them passes, the creation is refused - no further check is done with "mnt-by" attribute in case of "mnt-routes" failure. "mnt-by" attribute is used only if "mnt-routes" is not present. This applies only to route object creation. For route object modification only "mnt-by" of the object itself is used to check the authorisation. If you have any more questions, please contact <ripe-dbm at ripe.net>. Regards, Katie Petrusha ____________________________ RIPE Database Administration. Original message follows: ------------------------ Dear Colleagues, how exactly is this meaning of MNT-ROUTES in AUT-NUM objects in case of routes object creation/modification ? RFC2725 is not realy detailed here. Means the existance of an MNT-ROUTES attribute in an AUT-NUM object that ONLY this/these referenced maintainer(s) will be able to authorized route creation/modification and the referenced MNT-BY maintainer(s) will not be used? Or should not the MNT-BY maintainer(s) checked if all MNT-ROUTES maintainer(s) authorisation fails? The current RIPE software checks MNT-ROUTES maintainers only. Thanks Frank > > From: "Frank Bohnsack" <Frank.Bohnsack at deu.mci.com> > > Subject: LONGACK > > Date: Mon, 4 Aug 2003 23:42:06 +0200 > > Reply-To: Frank.Bohnsack at deu.mci.com > > Message-ID: <FAEKJBKGENGFILMMECELOEHICAAA.Frank.Bohnsack at deu.mci.com> > > ... > > DETAILED EXPLANATION: > > > ***Warning: Invalid keyword(s) found: LONGACK > ***Warning: All keywords were ignored > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > The following object(s) were found to have ERRORS: > > > --- > Create FAILED: [route] 139.8.32.0/24AS702 > ***Error: Authorisation failed > ***Info: Syntax check passed > > route: 139.8.32.0/24 > descr: DE PI route > origin: AS702 > member-of: AS702:RS-DE, > AS702:RS-DE-PI, > AS702:RS-DE-PULLUP > mnt-by: WCOM-EMEA-RICE-MNT > changed: rice at lists.mci.com 20030804 > source: RIPE > > ***Info: Authorisation for parent [route] 139.8.0.0/16AS702 > using mnt-by: > authenticated by: WCOM-EMEA-RICE-MNT > > ***Info: Authorisation for origin [aut-num] AS702 > using mnt-routes: > not authenticated by: UUNETDK-MNT, AS1270-MNT, AS1849-MNT, > AS1890-MNT, IWAY-NOC, AS702-MNT, SE-UUNET-MNT, UUNETDE-I > > ***Info: Authorisation for [route] 139.8.32.0/24AS702 > using mnt-by: > authenticated by: WCOM-EMEA-RICE-MNT > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > > For assistance or clarification please contact: > RIPE Database Administration <ripe-dbm at ripe.net> > > > >
- Previous message (by thread): [db-wg] mnt-routes attribute in aut-num objects
- Next message (by thread): [db-wg] Announcement on parent notifications
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]