Merit RADb
   Query the RADb:    Advanced Query    Query Help  
             
Merit RADb Tutorials

About RADB Web Update

The RADB Web Update interface allows one to easily create, modify, and delete RADB objects from their web browser. Web Update requires the use of a password to authorize updates. New users automatically create this password when registering their maintainer account. If you have forgotten your password or have not yet created a password, you will need to follow these procedures to replace or add a password.

Creating objects

The RADB Web Update form can be used to create new objects in the RADB by selecting the object type in the "Specify object type" field and then clicking on "Create". You will be presented with a web form where you can fill in the object attributes. For many users, the only objects they will likely wish to create are "route" and "aut-num" objects. The "aut-num" object contains the routing policy for your autonomous system (AS) number. There is only one "aut-num" object created per AS number. Route objects correspond to the IP address blocks (prefixes) which you wish to announce and are used primarily to specifiy the origin AS number. A basic tutorial on creating these two types of objects can be found here.

Modify or delete an existing object

To update an existing object, enter the object in the "Search String" field and click on "Search". Any existing objects will be displayed in a web form which will allow you to either update the existing object or entirely delete it. Another option is to enter your maintainer id in the "Maintainer name" field to show all objects belonging to your maintainer. You will then be able to individually update or delete these objects.

RPSL Object class types:

Below is a list of the RPSL Object classes supported by RADB Web Update. Each Object class has a number of attributes associated with it. These attributes are also documented below. This documentation presents only a brief overview of the RPSL standard. For a full reference on the standard, please refer to RFC 2622: Routing Policy Specification Language.

as-set
aut-num
filter-set
inet-rtr
key-cert
mntner
peering-set
person
role
route
route6
route-set
rtr-set

as-set

A list of AS numbers, or other as-set names. The as-set name must begin with "as-". The members attribute lists the members of the set.
Example:
  as-set: as-foo
  members: AS1, AS2, as-bar

aut-num

Expresses the routing policy and a symbolic name for a given autonomous system (AS) number. Routing policy is specified in the import, export, and default attributes of the object. The as-name attribute is used to provide a symbolic name to be associated with the AS number.
Example:
  aut-num: AS1
  as-name: ACMECORP
  import: from AS2 action pref = 1; accept { 128.9.0.0/16 }

filter-set

The filter-set object defines a set of routes that are matched by its filter. The filter-set attribute defines the name of the filter. It must start with the reserved string "fltr-".
Example:
   filter-set: fltr-foo
   filter:     { 5.0.0.0/8, 6.0.0.0/8 }

inet-rtr

Specifies information about a given router. The inet-rtr attribute is the DNS name of the router. Additional attributes include an alias (CNAME), Interface Addresses, local AS, and any peers of the router. An inet-rtr may also be part of a set of routers as specified by the rtr-set object.
Example:
   inet-rtr: Amsterdam.ripe.net
   alias:    amsterdam1.ripe.net
   local-as: AS3333
   ifaddr:   192.87.45.190 masklen 24
   ifaddr:   193.0.0.158   masklen 27
   peer:     BGP4 192.87.45.195 asno(AS3334), flap_damp()

key-cert

The key-cert object specifies a strong digital signature method for authentication of objects. At present, the sole supported key-cert method is the OpenPGP standard as defined in RFC2440 and implemented in PGP and GnuPG software. For more details, refer to: RFC 2726: PGP Authentication for RIPE Database Updates. The RADB Web Update interface does not currently support key-cert based authentication. To use the Web Update interface, you must configure password (CRYPT-PW) based authentication.

mntner

The mntner object specifies authenticaiton information required to create, delete and update RPSL objects. A provider, before he/she can create RPSL objects, first needs to create a mntner object. mntner object names in the RADB must begin with the string "MAINT-", and generally incorporate the owner's Autonomous System (AS) number. For example, MAINT-AS237.

peering-set

A peering-set object defines a set of peerings that are listed in its peering attributes. The peering-set attribute defines the name of the set. It is an RPSL name that starts with "prng-".
Example:
   peering-set:  prng-bar
   peering:      AS1 at 9.9.9.1

person

A person object is used to describe information about people. The person attribute is the full name of the person.
Example:
   person:      Daniel Karrenberg
   address:     RIPE Network Coordination Centre (NCC)
   address:     Singel 258
   address:     NL-1016 AB  Amsterdam
   address:     Netherlands
   phone:       +31 20 535 4444
   fax-no:      +31 20 535 4445
   e-mail:      Daniel.Karrenberg@ripe.net
   nic-hdl:     DK58
   changed:     Daniel.Karrenberg@ripe.net 19970616
   source:      RIPE

role

The role object is similar to the person object. However, instead of describing a human being, it describes a role performed by one or more human beings. Examples include help desks, network monitoring centers, system administrators, etc. Role objects are particularly useful since often a person performing a role may change, however the role itself remains.
Example:
   role:        RIPE NCC Operations
   address:     Singel 258
   address:     1016 AB Amsterdam
   address:     The Netherlands
   phone:       +31 20 535 4444
   fax-no:      +31 20 545 4445
   e-mail:      ops@ripe.net
   nic-hdl:     OPS4-RIPE
   notify:      ops@ripe.net
   changed:     roderik@ripe.net 19970926
   source:      RIPE

route

Route objects are used to specify the origin AS of an IP version 4 Address prefix. The route attribute is the address prefix of the route and the origin attribute is the Autonomous System (AS) number that originates the route into the interAS routing system. The route and origin attribute pair serve as the key to the object. The route object also includes optional attributes to specify aggregate routes and their components.
Example:
   route:  128.9.0.0/16
   origin: AS226

route6

Route6 objects are used to specify the origin AS of an IP version 6 Address prefix. Other than the class attribute, the route6 object uses the same attributes as the route object.
Example:
   route6: 2001:0DB8::/32
   origin: AS65001

route-set

The route-set object specifies a set of route prefixes. The route-set attribute defines the name of the set. It must begin with the reserved string "rs-". The members attribute lists the members of the set. The members attribute is a list of address prefixes, route-set names, or AS numbers. Note that the route-set object is a set of route prefixes, not of RPSL route objects.
Examples:
   route-set: rs-foo
   members:   128.9.0.0/16, 128.9.0.0/24

   route-set: rs-bar
   members:   128.7.0.0/16, rs-foo

rtr-set

The rtr-set object defines a set of Internet routers. The rtr-set attribute defines the name of the set. It is an RPSL name that starts with "rtrs-". The members attribute lists the members of the set. The members attribute is a list of inet-rtr names, ipv4_addresses or other rtr-set names.
Examples:
   rtr-set: rtrs-foo                   
   members: rtr1.isp.net, rtr2.isp.net 

   rtr-set: rtrs-bar
   members: rtr3.isp.net, rtrs-foo

RPSL Attributes:

descr

A short description of the object. For example, a business or organization name.

tech-c

A technical contact. In the RADB, either a person's name or a NIC handle may be specified.

admin-c

An administrative contact. In the RADB, either a person's name or a NIC handle may be specified.

remarks

General remarks. Can include an URL or RFC822 address (if preceeded by mailto:).

notify

The e-mail address to which notifications of changes to an object should be sent.

mnt-by

The identifier of a registered mntner object used for authorization and authentication of an object. When creating a mntner object, the mnt-by attribute value should match the mntner name.

changed

The changed attribute specifies an e-mail address and date to indicate the last person to update the object and the date of the update. The syntax is as follows:
   changed:  <RFC822 e-mail address>  <DATE>
Where the e-mail address is that of the person updating the object. The DATE field is expressed in YYYYMMDD format. For example, November 15, 2002 would expressed as 20021115. The RADB Web Update process automatically generates and appends a new changed attribute with each submission. In addition, a time-of-day value is included in the comment section (preceded by a '#') of the attribute.

source

Identifier of the database containing authoritative data for this object. Use 'RADB' for objects in the RADB Database.

upd-to

The upd-to attribute is specific to the mntner class object. It specifies the e-mail address to notify in the case of an unsuccessful update attempt to an object maintained by the given mntner object.

mnt-nfy

The mnt-nfy attribute is specific to the mntner class object. It specifies the e-mail address to notify in the case of a successful update to an object maintained by the given mntner object.

auth

This attribute specifies the authentication mechanism used to update objects controlled by a maintainer. It is a mandatory attribute defined in the mntner object. For the RADB Web Update capability, one must setup a CRYPT-PW auth attribute. CRYPT-PW is a form of password authentication. The password is stored in the Unix 'crypt' hashed format. There is a calculator built into the Web Update to generate a CRYPT-PW hash from a maintainer's password and insert the appropriate auth attribute into the mntner object. The mntner will use their password to authenticate subsequent object submissions.

as-name

A descriptive name associated with an AS. The name must consist of uppercase letters, dashes ("-") and digits, and no spaces. It must start with a letter. Note that the as-name cannot begin with the letters "AS-" as this is a reserved word (for as-set objects). The as-name attribute is specific to the aut-num object.

import

The import attribute is used to express routing import policy. The attribute has the following syntax:
   import: from <peering-1> [action <action-1>]
            . . .
            from <peering-N> [action <action-N>]
            accept <filter>
The action specification is optional. The semantics of an import attribute is as follows: the set of routes that are matched by <filter> are imported from all the peers specified in <peerings>; while importing routes at <peering-M>, <action-M> is executed.

export

The export attribute is used to express routing export policy. The attribute has the following syntax:
   export: from <peering-1> [action <action-1>]
            . . .
            from <peering-N> [action <action-N>]
            announce <filter>
The action specification is optional. The semantics of an export attribute is as follows: the set of routes that are matched by <filter> are export to all the peers specified in <peerings>; while exporting routes at <peering-M>, <action-M> is executed.

default

Default routing policies are specified using the default attribute. The default attribute has the following syntax:
    default: to <peering> [action <action>] [networks <filter>]
The <action> and <filter> specifications are optional. The semantics are as follows: The <peering> specification indicates the AS (and the router if present) is being defaulted to; the <action> specification, if present, indicates various attributes of defaulting, for example a relative preference if multiple defaults are specified; and the <filter> specifications, if present, is a policy filter. A router only uses the default policy if it received the routes matched by <filter> from this peer.

alias

The alias attribute is an optional attribute for the inet-rtr object. If present, it specifies a canonical DNS name for the router.

local-as

The local-as attribute is a mandatory attribute for the inet-rtr object. It specifies the AS number of the owner/operator of the router.

ifaddr

An interface address on a router. This attribute is defined within the inet-rtr object. It has the following syntax:
  ifaddr: <ipv4-address> masklen <integer> [action <action>]
The IP address and the mask length are mandatory for each interface. Optionally an action can be specified to set other parameters of this interface.

peer

The peer attribute, if present, specifies a protocol peering with another router. It is an optional attribute of the inet-rtr object. The syntax is as follows:
  peer:  <protocol> <ipv4-address>      <options>
       | <protocol> <inet-rtr-name>     <options>
       | <protocol> <rtr-set-name>      <options>
       | <protocol> <peering-set-name>  <options>

origin

The Autonomous System (AS) number announcing a route. The AS number must be preceded by the letters "AS". For example,
  origin:  AS237

components

The components attribute is an optional attribute in the "route" class object and defines component routes used to form an aggregate route.

aggr-bndry

The aggr-bndry attribute is an AS expression over AS numbers and sets. The result defines the set of ASes which form an aggregation boundary. If the aggr-bndry attribute is missing, the origin AS is the sole aggregation boundary. Outside the aggregation boundary, only the aggregate is exported and more specifics are suppressed. However, within the boundary, the more specifics are also exchanged.

aggr-mtd

The aggr-mtd attribute specifies how an aggregate route is generated. It's syntax is as follows:
 aggr-mtd: inbound
         | outbound [<as-expression>]
where <as-expression> is an expression over AS numbers and sets If <as-expression> is missing, it defaults to AS-ANY. If outbound aggregation is specified, the more specifics of the aggregate will be present within the AS and the aggregate will be formed at all inter-AS boundaries with ASes in <as-expression> before export, except for ASes that are within the aggregating boundary (i.e. aggr-bndry is enforced regardless of <as-expression>). If inbound aggregation is specified, the aggregate is formed at all inter-AS boundaries prior to importing routes into the aggregator AS. Note that <as-expression> can not be specified with inbound aggregation. If aggr-mtd attribute is missing, it defaults to "outbound AS-ANY".

export-comps

The export-comps attribute is an RPSL filter that matches the more specifics that need to be exported outside an aggregation boundary. If this attribute is missing, more specifics are not exported outside the aggregation boundary.

holes

The holes attribute is an optional attribute in the "route" class object and lists the component address prefixes which are not reachable through an aggregate route.

inject

The inject attribute specifies which routers perform aggregation and when they perform it. Its syntax is as follow:
 inject: [at <router-expression>] ...
          [action <action>]
          [upon <condition>]
For details, refer to RFC 2622: Routing Policy Specification Language.

filter

The filter attribute defines policy filters as part of the filter-set object. A policy filter is a logical expression which when applied to a set of routes returns a subset of these routes. We say that the policy filter matches the subset returned. The policy filter can match routes using any BGP path attribute, such as the destination address prefix (or NLRI), AS-path, or community attributes. The policy filters can be composite by using the operators AND, OR, and NOT. For details, refer to RFC 2622: Routing Policy Specification Language.

address

The address attribute is defined for person and role objects. It lists the postal address of the given entity.

phone

The phone attribute is defined for person and role objects. It provides a contact phone number for the given entity.

fax-no

The fax-no attribute is defined for person and role objects. It provides a fax number for the given entity.

e-mail

The e-mail attribute is defined for person and role objects. It provides an e-mail address contact for the given entity.

nic-hdl

The nic-hdl attribute is defined for person and role objects. This is a primary key field for the objects and uniquely defines the entify with a symbolic name.

trouble

The trouble attribute is defined for the role object. It is an e-mail contact address for problem/abuse reports.

member-of

The member-of attribute is valid in route, aut-num, and inet-rtr objects. It is used to express membership in route-set, as-set, and rtr-set sets, respectively.

members

The members attribute is valid in route-set, as-set, and rtr-set objects. The attribute lists the members of the given set object.

mbrs-by-ref

The mbrs-by-ref attribute is valid in route-set, as-set, and rtr-set objects. It is a list of maintainer names or the keyword ANY. If this attribute is used, the set also includes objects that are registered by one of these maintainers and whose member-of attribute refers to the name of this set. If the value of a mbrs-by-ref attribute is ANY, any object referring to the set is a member of the set. If the mbrs-by-ref attribute is missing, only the values listed in the members attribute are members of the set.

method

The method attribute is defined for the key-cert object. This is a generated attribute containing the name of the digital signature method. For the PGP method, this will be the string "PGP".

owner

The owner attribute is defined for the key-cert object. This is a generated attribute containing a description of the owner of the key. For a PGP key, the owners are the user id's associated with the key.

fingerpr

The fingerpr attribute is defined for the key-cert object. This is a generated attribute representing the fingerprint of the key associated with the present certificate. It's contents are hex encoded bytes.

certif

The certif attribute is defined for the key-cert object. The certif attribute contains the key certificate in ASCII armoured format. With PGP, this will include the BEGIN/END PGP PUBLIC KEY BLOCK delimiting lines.



Back to Tutorials


 






Register Now | Features | Support | FAQ | Contact Us | Log In | Home


Merit RADb is operated by Merit Network Inc.
1000 Oakbrook Drive Suite 200, Ann Arbor, MI 48104-6794
734-527-5776