Escolar Documentos
Profissional Documentos
Cultura Documentos
2
IRR - O que é?
3
IRR – O que é? (ou o que não é?)
4
IRR – Onde se destacou?
5
IRR - RIRs
6
IRR – principais objetos
7
IRR – principais objetos (exemplos)
8
IRR – principais objetos (exemplos)
as-set: AS-GOOGLE
as-set:
descr: AS-GOOGLE
Google, Inc.
descr:
members: Google, AS26910,
AS15169, Inc. AS36561, AS6432
members:
members: AS15169, AS26910,AS11344,
AS36492, AS43515, AS36561,AS40873
AS6432
members:
members: AS36492, AS43515, AS11344, AS40873
AS22577, AS-GOOGLE-IT, AS36040
members:
mnt-by: AS22577, AS-GOOGLE-IT,
MAINT-AS15169 AS36040
mnt-by:
changed: MAINT-AS15169 20110411
noc@google.com
changed:
source: noc@google.com 20110411
RADB
source: RADB
route-set: AS28138:RS-CTBC
route-set: SCW
descr: AS28138:RS-CTBC
Telecom
descr:
members: SCW Telecom
187.49.0.0/20
members:
mp-members: 187.49.0.0/20
2804:D4::/32
mp-members:
mnt-by: 2804:D4::/32
MAINT-AS28138
mnt-by:
changed: MAINT-AS28138
herbert@scw.net.br 20101004
changed:
source: herbert@scw.net.br 20101004
SCW
source: SCW
9
IRR – O que “não deve” ser registrado
10
IRR – Histórico (através das RFCs)
11
IRR – Histórico (através das RFCs)
12
IRR – e o Brasil?
13
IRR - Mitos
14
IRR – Mitos (sequestros)
16
IRR – Mitos (não tenho IRR, vou sair do ar?)
17
IRR – Mitos (não há controle sobre os registros)
18
IRR – Mitos (não há controle sobre os registros)
IRRDBs
RIPE Whois-Server[22]
Merit IRRd[23]
19
IRR – Mitos (não há controle sobre os registros)
RIPE
Exemplo: route/route6
aut-num
agregados
inetnum/inet6num
mntner
20
IRR - Mitos (mirrors)
21
IRR – NRTM (seriais)
22
IRR – Mitos (visibilidade dos registros)
23
IRR – Mitos (visibilidade dos registros)
24
IRR – Filtros estáticos (prefix-list’s)
25
IRR – Estatísticas
*
46% (matches exatos) e 62% (mais específicos).
26
IRR – e no Brasil?
27
IRR - tem utilidade nos dias de hoje?
IRRToolSet[29]
conjunto de ferramentas destinadas à manipulação de
políticas de roteamento
BGPQ3[31]
versão simplificada do rtconfig
29
IRR - IRRToolSet
conjunto de ferramentas
que manipulam políticas
de roteamento.
30
IRR – IRRToolSet – principais ferramentas
RtConfig - auto-configuração
de roteadores, baseado na
políticas de roteamento e
demais registros RR.
31
IRR – IRRToolSet – ferramentas descontinuadas
32
IRR – IRRToolSet
rpslcheck
$ whois -h whois.scw.net.br -s RADB -x -T route 8.8.8/24 | sed 1d > 8.8.8.0-24
$ whois -h whois.scw.net.br -s RADB -x -T route 8.8.8/24 | sed 1d > 8.8.8.0-24
$ cat 8.8.8.0-24
$ cat 8.8.8.0-24
route: 8.8.8.0/24
route:
descr: 8.8.8.0/24
Google
descr:
origin: Google
AS15169
origin:
notify: AS15169
noc@google.com
notify:
mnt-by: noc@google.com
MAINT-AS15169
mnt-by:
changed: MAINT-AS15169 20110401
noc@google.com
changed:
source: noc@google.com 20110401
RADB
source: RADB
$ cat 8.8.8.0-24 | rpslcheck
$ cat 8.8.8.0-24
Congratulations no |errors
rpslcheck
were found
Congratulations no errors were found
$ cat 8.8.8.0-24 | sed 2,2d | rpslcheck
$ cat 8.8.8.0-24
route: | sed 2,2d | rpslcheck
8.8.8.0/24
route:
origin: 8.8.8.0/24
AS15169
origin:
notify: AS15169
noc@google.com
notify:
mnt-by: noc@google.com
MAINT-AS15169
mnt-by:
changed: MAINT-AS15169 20110401
noc@google.com
changed:
source: noc@google.com 20110401
RADB
source: RADB
***Error: mandatory attribute descr is not specified.
***Error: mandatory attribute descr is not specified.
33
IRR – IRRToolSet
peval
$ peval AS28138
$ peval AS28138 187.49.0.0/21, 187.49.8.0/21})
({187.49.0.0/20,
({187.49.0.0/20, 187.49.0.0/21, 187.49.8.0/21})
$ peval 'afi ipv4,ipv6 AS28138'
$ peval 'afi ipv4,ipv6
({187.49.0.0/20, AS28138'187.49.8.0/21}) OR
187.49.0.0/21,
({187.49.0.0/20,
({2804:D4::/32, 187.49.0.0/21,
2804:D4::/33, 187.49.8.0/21}) OR
2804:D4:8000::/33})
({2804:D4::/32, 2804:D4::/33, 2804:D4:8000::/33})
$ peval -no-as AS-GOOGLE
$ peval -no-as
((AS15169 AS36384AS-GOOGLE
AS36385 AS43515 AS45566 AS40873
((AS15169 AS36384
AS36040 AS36492 AS36385
AS11344 AS43515
AS36561 AS45566
AS6432 AS40873
AS22577 AS26910 ))
AS36040 AS36492 AS11344 AS36561 AS6432 AS22577 AS26910 ))
$ peval -no-as AS-PTTMetro-ATM6-SP
$ peval -no-as
((AS53166 AS15169AS-PTTMetro-ATM6-SP
AS28666 AS28280 AS28669 AS53126
((AS53166 AS15169
AS22548 AS28289 AS28666
AS262684 AS28280
AS14026 AS28669
AS28165 AS53126
AS16397 AS28360
AS22548 AS28289 AS262684 AS14026 AS28165 AS16397 AS28360
AS22381 AS22431 AS53157 AS14571 AS28192 AS262659 AS28186
AS22381AS28138
AS22356 AS22431AS28182
AS53157AS53070
AS14571AS16735
AS28192AS11706
AS262659 AS28186
AS28571
AS22356AS28216
AS28140 AS28138AS1916
AS28182 AS53070
AS28573 AS16735
AS28338 AS11706
AS28339 AS28571
AS262731
AS28140AS28346
AS28147 AS28216AS28001
AS1916 AS26592
AS28573 AS28262
AS28338 AS26599
AS28339 AS262750
AS262731
AS28147AS31529
AS21911 AS28346AS28299
AS28001AS53147
AS26592AS20144
AS28262))AS26599 AS262750
AS21911 AS31529 AS28299 AS53147 AS20144 ))
$ peval AS28138:RS-PTTMetro-SP
$ peval AS28138:RS-PTTMetro-SP
({187.49.0.0/21, 187.49.8.0/21})
({187.49.0.0/21, 187.49.8.0/21})
$ peval AS28138:RS-CTBC
$ peval AS28138:RS-CTBC
({187.49.0.0/20})
({187.49.0.0/20})
$ peval -protocol ripe 'afi ipv6 AS28138:RS-PTTMetro-SP'
$ peval -protocol
({2804:D4::/33, ripe 'afi ipv6 AS28138:RS-PTTMetro-SP'
2804:D4:8000::/33})
({2804:D4::/33, 2804:D4:8000::/33})
34
IRR – IRRToolSet
rtconfig
$ rtconfig -cisco_use_prefix_lists -cisco_no_compress_acls
$ rtconfig
rtconfig> -cisco_use_prefix_lists
@RtConfig access_list filter-cisco_no_compress_acls
afi ipv4,ipv6 AS28138
! rtconfig> @RtConfig access_list filter afi ipv4,ipv6 AS28138
!
no ip prefix-list pl100
ipnoprefix-list
ip prefix-list
pl100pl100
permit 187.49.0.0/20 le 21
ip prefix-list pl100deny
ip prefix-list pl100 permit 187.49.0.0/20
0.0.0.0/0 le 32 le 21
! ip prefix-list pl100 deny 0.0.0.0/0 le 32
no! ipv6 prefix-list ipv6-pl100
no ipv6
ipv6 prefix-list
prefix-list ipv6-pl100
ipv6-pl100 permit 2804:D4::/32 le 33
ipv6prefix-list
ipv6 prefix-listipv6-pl100
ipv6-pl100deny
permit
::/02804:D4::/32
le 128 le 33
ipv6 prefix-list ipv6-pl100 deny ::/0 le 128
$ rtconfig -cisco_use_prefix_lists -cisco_no_compress_acls -protocol ripe
$ rtconfig
rtconfig> -cisco_use_prefix_lists
@RtConfig -cisco_no_compress_acls
set cisco_aspath_acl_no = 10 -protocol ripe
rtconfig> @RtConfig set cisco_aspath_acl_no = 10
rtconfig> @RtConfig aspath_access_list filter <^AS-PTTMetro-ATM6-RS>
! rtconfig> @RtConfig aspath_access_list filter <^AS-PTTMetro-ATM6-RS>
no! ip as-path access-list 10
ipnoas-path
ip as-path access-list
access-list 10
10 permit ^_(1916|2716|11706|14026|19200|26622|28299|53165|53168)_
ip as-path access-list 10 permit ^_(1916|2716|11706|14026|19200|26622|28299|53165|53168)_
rtconfig> @RtConfig access_list filter afi ipv6 AS28138:RS-PTTMetro-SP
! rtconfig> @RtConfig access_list filter afi ipv6 AS28138:RS-PTTMetro-SP
no! ipv6 prefix-list ipv6-pl100
no ipv6
ipv6 prefix-list
prefix-list ipv6-pl100
ipv6-pl100 permit 2804:D4::/32 ge 33 le 33
ipv6 prefix-list ipv6-pl100
ipv6 prefix-list ipv6-pl100 denypermit
::/02804:D4::/32
le 128 ge 33 le 33
ipv6 prefix-list ipv6-pl100 deny ::/0 le 128
35
IRR – IRRToolSet
rtconfig
$ rtconfig -cisco_use_prefix_lists -cisco_no_compress_acls -protocol ripe
$ rtconfig
rtconfig> -cisco_use_prefix_lists
@RtConfig v6networks AS28138 -cisco_no_compress_acls -protocol ripe
! rtconfig> @RtConfig v6networks AS28138
!
address-family ipv6
address-family
network ipv6
2804:D4:: mask FFFF:FFFF::
network 2804:D4::
network 2804:D4:: maskmaskFFFF:FFFF:8000::
FFFF:FFFF::
network2804:D4:8000::
network 2804:D4:: maskmask
FFFF:FFFF:8000::
FFFF:FFFF:8000::
network 2804:D4:8000:: mask FFFF:FFFF:8000::
exit
exit
rtconfig> @RtConfig export AS28138 2001:1291:1501:3::B AS16735 2001:1291:1501:3::A
! rtconfig> @RtConfig export AS28138 2001:1291:1501:3::B AS16735 2001:1291:1501:3::A
no! ipv6 prefix-list ipv6-pl100
no ipv6
ipv6 prefix-list
prefix-list ipv6-pl100
ipv6-pl100 permit 2804:D4::/32
ipv6 prefix-list ipv6-pl100
ipv6 prefix-list ipv6-pl100 denypermit
::/02804:D4::/32
le 128
! ipv6 prefix-list ipv6-pl100 deny ::/0 le 128
no! route-map MyMap_16735_1
! no route-map MyMap_16735_1
!
route-map MyMap_16735_1 permit 1
route-map
match ipv6 MyMap_16735_1 permit ipv6-pl100
address prefix-list 1
match ipv6 address prefix-list ipv6-pl100
exit
! exit
!
router bgp 28138
! router bgp 28138
!
neighbor 2001:1291:1501:3::A remote-as 16735
neighbor 2001:1291:1501:3::A
address-family ipv4 remote-as 16735
address-family ipv4
no neighbor 2001:1291:1501:3::A activate
no neighbor 2001:1291:1501:3::A
address-family ipv6 unicast activate
address-family ipv6 unicast
neighbor 2001:1291:1501:3::A activate
neighbor2001:1291:1501:3::A
neighbor 2001:1291:1501:3::Aroute-map
activate MyMap_16735_1 out
neighbor 2001:1291:1501:3::A route-map MyMap_16735_1 out
exit
! exit
!
exit
exit
36
IRR – BGPQ3
Exemplos
$ bgpq3 -l SCW AS28138
no$ ip
bgpq3 -l SCW AS28138
prefix-list SCW
no ip prefix-list SCW
ip prefix-list SCW permit 187.49.0.0/20
ip prefix-list SCW permit187.49.0.0/21
ip prefix-list SCW permit 187.49.0.0/20
ip prefix-list SCW permit 187.49.0.0/21
ip prefix-list SCW permit 187.49.8.0/21
ip prefix-list SCW permit 187.49.8.0/21
$ bgpq3 -Al SCW AS-SCW
no$ ip
bgpq3 -Al SCW AS-SCW
prefix-list SCW
ipnoprefix-list
ip prefix-list SCW
SCW permit 187.49.0.0/20 le 21
ip prefix-list SCW permit 187.49.0.0/20 le 21
$ bgpq3 -Al SCW AS28138:RS-CTBC
no$ ip
bgpq3 -Al SCW AS28138:RS-CTBC
prefix-list SCW
no ip prefix-list SCW
ip prefix-list SCW permit 187.49.0.0/20
ip prefix-list SCW permit 187.49.0.0/20
$ bgpq3 -Al SCW AS28138:RS-PTTMetro-SP
no$ ip
bgpq3 -Al SCW AS28138:RS-PTTMetro-SP
prefix-list SCW
no ip prefix-list SCW
ip prefix-list SCW permit 187.49.0.0/20 ge 21 le 21
ip prefix-list SCW permit 187.49.0.0/20 ge 21 le 21
$ bgpq3 -6l SCW AS28138
no$ ipv6
bgpq3prefix-list
-6l SCW AS28138
SCW
no ipv6
ipv6 prefix-list
prefix-list SCW
SCW permit 2804:d4::/32
ipv6 prefix-list SCW permit2804:d4::/33
ipv6 prefix-list SCW permit 2804:d4::/32
ipv6 prefix-list SCW permit 2804:d4::/33
ipv6 prefix-list SCW permit 2804:d4:8000::/33
ipv6 prefix-list SCW permit 2804:d4:8000::/33
$ bgpq3 -A6l SCW AS28138
no$ ipv6
bgpq3prefix-list
-A6l SCW AS28138
SCW
no ipv6 prefix-list
ipv6 prefix-list SCW
SCW permit 2804:d4::/32 le 33
ipv6 prefix-list SCW permit 2804:d4::/32 le 33
37
IRR – Whois
Exemplos
# imprime todos os objetos registrados, irrd(rawhoisd)
$ #whois
imprime todos os objetos \!oMAINT-AS28138
-h whois.scw.net.br registrados, irrd(rawhoisd)
$ whois -h whois.scw.net.br \!oMAINT-AS28138
# imprime todos os objetos registrados, ripe(bird)
$ #whois
imprime todos os objetos -i
-h whois.scw.net.br registrados, ripe(bird)
mnt-by MAINT-AS28138
$ whois -h whois.scw.net.br -i mnt-by MAINT-AS28138
# templates
$ #whois
templates
-h whois.scw.net.br -t mntner
$ whois -h whois.scw.net.br -t mntner
# origem, irrd(rawhoisd), !rprefixo,(M|L) para mais específico e agregado
$ #whois
origem, irrd(rawhoisd), !rprefixo,(M|L)
-h whois.scw.net.br \!r200.160/20,o para mais específico e agregado
$ whois -h
AS22548 AS8167whois.scw.net.br \!r200.160/20,o
AS22548 AS8167
# origem, ripe(bird), acrescentar -(M|L) para mais específico e agregado
$ #whois
origem, ripe(bird), acrescentar
-h whois.scw.net.br -(M|L)
-i origin para mais específico e agregado
187.49/20
$ whois -h whois.scw.net.br -i origin 187.49/20
# emular o peval, expandir as-set, irrd(rawhoisd)
$ #whois
emular
-h owhois.scw.net.br
peval, expandir \!iAS-PTTMetro-ATM6-RS
as-set, irrd(rawhoisd)
$ whoisAS14026
AS11706 -h whois.scw.net.br
AS1916 AS19200\!iAS-PTTMetro-ATM6-RS
AS25933 AS262903 AS26622
AS11706
AS2716 AS14026
AS28299 AS1916AS53165
AS52968 AS19200AS53168
AS25933AS53184
AS262903 AS26622
AS2716 AS28299 AS52968 AS53165 AS53168 AS53184
# por tipo, ripe(bird) e irrd(rawhoisd)
$ #whois
por tipo, ripe(bird) e irrd(rawhoisd)
-h whois.scw.net.br -T aut-num AS28138
$ whois -h whois.scw.net.br -T aut-num AS28138
$ whois -h whois.scw.net.br \!maut-num,AS28138
$ whois -h whois.scw.net.br \!maut-num,AS28138
# emular o peval, prefixos, irrd(rawhoisd)
$ #whois
emular
-h owhois.scw.net.br
peval, prefixos,\!gAS28138
irrd(rawhoisd)
$ whois -h whois.scw.net.br \!gAS28138
187.49.0.0/20 187.49.8.0/21 187.49.0.0/21
187.49.0.0/20 187.49.8.0/21 187.49.0.0/21
$ whois -h whois.scw.net.br \!6AS28138
$ whois -h whois.scw.net.br
2804:d4::/32 2804:d4:8000::/33\!6AS28138
2804:d4::/33
2804:d4::/32 2804:d4:8000::/33 2804:d4::/33
38
SCW Internet Routing Registry – http://irr.scw.net.br
39
SCW Internet Routing Registry
40
SCW Internet Routing Registry
Política
42
SCW Internet Routing Registry
Como registrar?
Wizard
não é necessário saber como funciona o IRR ou a RPSL
ferramenta 100% automatizada
43
SCW internet Routing Registry
Wizard – Autorização
44
SCW Internet Routing Registry
objetos criados
45
SCW Internet Routing Registry
objetos criados
46
SCW Internet Routing Registry
objetos criados
47
SCW Internet Routing Registry
Ferramentas de apoio
48
SCW Internet Routing Registry – Futuro
IRR Report.
49
Referências Bibliográficas
50
Dúvidas
Contato:
herbert@scw.net.br
herbert@faleiros.eti.br
51