Mirror03.inet.tele.dk

• Some handwaving about why any of this is • When people leak a full (or even slightly full) • The problem isn’t really address hijacking or route theft (those are different problems) • the problem is that routers are often configured by crazed caffeine junkies at • too long for poor little cisco routers with • Knowing what to put in filters can be • Keeping filters up-to-date can be difficult • Announcing a new net for a customer (or a newly-allocated net from an RIR) relies on your peers and transit providers accepting it • Getting transit providers’ filters updated can • Getting peers’ filters updated sometimes never happens (or if it does, it’s hard to tell • More precisely, reading those updates is annoying. Sending them is just futile, most of individual people saying “I’ve updated your • I am unusually grumpy, though, so this may • If all you want to do is protect yourself against tsunami-style leaks from peers, then setting a maximum-prefix limit is probably • Applying AS-PATH filters is really no more • the update frequency is a little lower, • An AS-PATH filter will still allow you to receive a full leaked table if it has been cleaned through redistribution through an • What we really need is a unified method for publishing the routes we want to announce: • never having to spam your peers to tell • being able to apply strict filters to all your peers to protect yourself from their after- • A description of the technical handling of BGP updates you receive from other people, and the BGP updates you send to others • A language for describing routing policy • A repository of route policy, expressed in • the interface for updating objects is quite • the interface for retrieving objects is quite • One particular Routing Registry operated • but that’s ok; there are free alternatives • Phrase invented by Merit Networks to describe a collection of Routing Registries • Individual Routing Registries quite often • “IRR” tends to mean “the set of Routing Registries that Merit chooses to mirror” • draft-blunk-rpslng-08, “RPSLng”, July 2004 collections of objects which have something • aut-num (for things relating to ASes) • Each object has an associated maintainer • Each maintainer object has one or more • Authentication is required to update objects • In most Routing Registries there is no represents routes that are allowed to be • the RIPE registry is more advanced in this • In general, Routing Registry data is good for avoiding unintentional leaks, not intentional • See RPSL specification (also, query some registries for random ASes’ policies) for • Contains a description of the import and • way too much to describe in detail here • we will just wave our hands a little bit descr: Internet Systems Consortium, Inc.
export: to AS3557:AS-FLN announce AS3557 AND {192.5.5.0/24} remarks: Abuse / UCE reports [email protected] • The as-set object describes a set of AS • can be named hierarchically to avoid members: AS23710, AS30125, AS30122, AS23709, AS27322 members: AS27318, AS27319, AS25572, AS23707, AS27320 members: AS27313, AS27321, AS30124, AS30123 members: AS3557, AS112, AS3402, AS1280, AS9327 • Route objects are used to associate routes • AS numbers in import/export policies are shorthand for “all routes with this origin • You can also group collections of routes (including covering supernets with allowable remarks: Covering route for F.ROOT-SERVERS.NET (192.5.5.241).
remarks: Always originated from AS 3557, but part of a remarks: anycast deployment, and hence enjoys transit from remarks: many places. See http://f.root-servers.org/ • AS macro is the old (RIPE-181) name for • What people are really asking is “what expression should I put on the import line • the convention in some circles is to standardise all their import expressions to something like import: from ASxxxx AS-something • originally developed at ISI, then at RIPE, • RtConfig is a macro expansion tool that replaces tokens in its input stream with • Easiest to appreciate what it is good for by looking at examples, rather than endless • see link in references section at end of • It’s in FreeBSD’s ports collection • Suppose you were peering with AS 3557 at the PAIX in Palo Alto, and you wanted to descr: Internet Systems Consortium, Inc.
export: to AS3557:AS-FLN announce AS3557 AND {192.5.5.0/24} remarks: Abuse / UCE reports [email protected] [jabley@felix]% RtConfigRtConfig> @RtConfig access_list filter AS3557:AS-ISC!no access-list 100access-list 100 permit ip 128.177.0.0 0.0.0.0 255.255.0.0 0.0.0.0access-list 100 permit ip 128.177.247.0 0.0.0.0 255.255.255.0 0.0.0.0access-list 100 permit ip 149.20.0.0 0.0.0.0 255.255.0.0 0.0.0.0access-list 100 permit ip 168.61.0.0 0.0.0.0 255.255.0.0 0.0.0.0access-list 100 permit ip 192.5.4.0 0.0.1.0 255.255.254.0 0.0.1.0access-list 100 permit ip 192.83.249.0 0.0.0.0 255.255.255.0 0.0.0.0[. lines omitted to fit in slide. ]access-list 100 permit ip 209.133.38.0 0.0.0.0 255.255.255.0 0.0.0.0access-list 100 permit ip 209.133.117.0 0.0.0.0 255.255.255.0 0.0.0.0access-list 100 permit ip 209.249.2.0 0.0.0.0 255.255.255.0 0.0.0.0access-list 100 deny ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255RtConfig> [jabley@felix]% RtConfig -cisco_use_prefix_listsRtConfig> @RtConfig access_list filter AS3557:AS-ISC!no ip prefix-list pl100ip prefix-list pl100 permit 128.177.0.0/16ip prefix-list pl100 permit 128.177.247.0/24ip prefix-list pl100 permit 149.20.0.0/16ip prefix-list pl100 permit 168.61.0.0/16ip prefix-list pl100 permit 192.5.4.0/23 le 24ip prefix-list pl100 permit 192.83.249.0/24[. lines omitted to fit in slide. ]ip prefix-list pl100 permit 209.133.38.0/24ip prefix-list pl100 permit 209.133.117.0/24ip prefix-list pl100 permit 209.249.2.0/24ip prefix-list pl100 deny 0.0.0.0/0 le 32RtConfig> [jabley@felix]% RtConfig -config junosRtConfig> @RtConfig access_list filter AS3557:AS-ISC policy-statement prefix-list-100 { term prefixes { from { route-filter 128.177.0.0/16 exact accept; route-filter 128.177.247.0/24 exact accept; route-filter 149.20.0.0/16 exact accept; route-filter 168.61.0.0/16 exact accept; route-filter 192.5.4.0/23 upto /24 accept; route-filter 192.83.249.0/24 exact accept;[. lines omitted to fit in slide. ] route-filter 209.133.38.0/24 exact accept; route-filter 209.133.117.0/24 exact accept; route-filter 209.249.2.0/24 exact accept; } } term catch-rest { then reject; } } • RtConfig has many, many options to help tailor it to individual router configuration • names of prefix lists, access lists, route • Can represent quite complicated policies RtConfig being run from the command line, • originally conceived as a tool which could • You can use other peoples’ registries • Choice of registry for publishing your own • If your peers are publishing their routing policy in a Routing Registry, you need to • you can run your own registry and mirror • you can insist that people use one registry in particular (works well if you are Big and • The principal value of retrieving policy data from a Routing Registry is to be able to scripts update your live network is a good • Use RPSL data to generate filter lists and • Generate filter lists automatically and generate e-mail (or other beeping) when the config in the routers differs from the config • You can express details of your routing policy in RPSL that are not normally visible • use of community string attributes, local • You don’t have to, however: you only need to publish the bits that are useful to peers • http://www.ripe.net/ripe/docs/databaseref- • http://www.ripe.net/ripencc/pub-services/db/ • ftp://ftp.ripe.net/ripe/dbase/software/

Source: http://mirror03.inet.tele.dk/pub/isc/pubs/pres/TorIX/2004/08/torix-rpsl.pdf

grzesina.de

Tr age den "V olumenzuw achs" gegen die Temper aturänder ung in einem Koor dinatensystem auf. For mulier e daraus das Er gebnis dieser Ver suchsreihe. Er gebnis: _________________________________Sc hr eibe w für w ahr und f für falsch in die vorletz te Spalte. Lies die A ussagen genau!Die potenzielle Ener gie und die kinetische Ener gie eines Teilchens sind sein Beitrag zur inner e

Microsoft word - 409a56d4-0764-188691.doc

Chapter 20: Table of Contents SECTION I. PAIN IN PERSPECTIVE Chapter 1 - Pain and Its Magnitude 3 Chapter 2 - Historical Perspective of Pain Management 7 ! C. Norman Shealy, M.D., Ph.D., D.Sc. and SECTION II. ELEMENTS OF MULTIDISCIPLINARY PAIN MANAGEMENT Chapter 3 - The Classification of Pain 19 ! Ole Thienhaus, M.D., M.B.A., F.A.P.A. and B.Eliot Chapter 5 - M

Copyright © 2018 Medical Abstracts