How Change route object origin entry
Andrei Robachevsky andrei at ripe.net
Fri Sep 28 11:43:56 CEST 2001
Dear Kevin, kevin.bates at bt.com wrote: > > Hi > > A question > > I need to change the "Origin" entry on a /20 route object. This route is to > be advertised via a different upstream provider, from a different AS number. > > The upstream provider will not advertise the route "until RIPE have been > informed". > > I cannot change the route object entry. I get the following "Error: > Hierarchical authorisation failed, request forwarded to maintainer" and I > get the request forwarded to me. > The mnt-by on the route object is not the problem - I can update other > objects with that mnt-by object and I can change the "notify" entry on my > route object. The problem here is that "origin:" is part of the primary key for the route object. So in fact you are creating a new route object, not updating the existing one. In this case the authorisation procedure is more complex and is defined in the RFC2725 (Routing Policy System Security). To be able to create a route object the request should pass authorisation from - the aut-num which is referenced from the "origin:" attribute - the exact match route object (or one level less specific one if the exact match does not exist), or the inetnum object (exact or one level less specific) if route objects don't exist. When checking authorisation from aut-num and route (inetnum) "mnt-routes:" attribute is considered (or mnt-lower, mnt-by if mnt-routes doesn't exist). I may be more specific if you could send us the actual object you would like to create. > > Therefore the error must be because of the mnt-by entry within the > "receiving" AS number. (which I am not authorised to update) but I don't > understand how. > > Is this the correct diagnosis? and is there something else I should be > doing? > > I could ask RIPE hostmaster to make the changes but the ticketing system > could take a couple of weeks. > > I could ask the new upstream AS owner to add me to their mnt-by entry but I > am nothing to do with them. > > All suggestions gratefully received. > > kevin Regards, Andrei Robachevsky RIPE NCC
[ lir-wg Archives ]