Can anyone shed some light on this?
Boyan Krosnov bkrosnov at lirex.bg
Wed Dec 5 11:36:37 CET 2001
http://www.ripe.net/ripe/docs/databaseref-manual.html 3.6.5 Protection of route object space The route object creation must satisfy several authentication criteria. It must match the authentication specified in the aut-num and the authentication specified in either a route object or, if no applicable route object is found, then an inetnum. Finally the creation must be authorised by the maintainer of the route object itself referenced by the "mnt-by:" attribute of the object. When checking for prefix authorisation, an exact route object prefix match is checked for first. If there is no exact match, then a longest prefix match that is less specific than the prefix is searched for. If the route prefix search fails, then a search is performed for an inetnum object that exactly matches the prefix or for the most specific inetnum object that is less specific than the route object submission. The aut-num object used for authentication checks is referenced by the "origin:" attribute of the route object. A route object must pass authorisation from both the referenced aut-num object and the route or inetnum object. Authorisation shall be tested using the maintainer(s) referenced in the "mnt-routes:" attribute(s) first. If that check fails, the "mnt-lower:" attributes are checked. If that check fails, the "mnt-by:" attributes are used for the authorisation check. ---------- aut-num: AS702 as-name: AS702 descr: UUNET - Commercial IP service provider in Europe .... mnt-routes: UUNETDK-MNT mnt-routes: AS1270-MNT mnt-routes: AS1849-MNT mnt-routes: AS1890-MNT mnt-routes: IWAY-NOC mnt-by: UUNET-MNT --------- I bet you didn't pass this authorization check. does this shed a light? :) BR, CCNP Boyan Krosnov Network Administrator Lirex Net phone: +359-2-91815 > -----Original Message----- > From: Stephen Burley [mailto:stephenb at uk.uu.net] > Sent: Wednesday, December 05, 2001 12:30 PM > To: lir-wg at ripe.net > Cc: db-wg at ripe.net > Subject: Can anyone shed some light on this? > > > route: 212.249.0.0/16 > descr: UUNET CH > origin: AS702 > mnt-by: AS702-MNT > password: ********* > changed: jsc at ch.uu.net 20011204 > source: RIPE > > I send the above object to the DB and get the following error: > > New FAILED: [route] 212.249.0.0/16 > route: 212.249.0.0/16 > descr: UUNET CH > origin: AS702 > mnt-by: AS702-MNT > changed: stephenb at uk.uu.net 20011204 > source: RIPE > ***Error: Hierarchical authorisation failed, request forwarded to > maintainer. > > Objects in RIPE-181 format are no longer accepted. > Please see http://www.ripe.net/rpsl for more information. > > RIPE Database Maintenance Department > > Which is strange as the mainainer is us AS702-mnt. Any help > on this matter > whould be appreciated as this is not the only one. > > Regards > Stephen Burley > UUNET EMEA Hostmaster > SB855-RIPE > > > >
[ lir-wg Archives ]