Presentation is loading. Please wait.

Presentation is loading. Please wait.

Internet Routing Registry daemon version 4

Published byLennart Bastian Schumacher Modified over 6 years ago

Similar presentations

Presentation on theme: "Internet Routing Registry daemon version 4"— Presentation transcript:

1 Internet Routing Registry daemon version 4
Job Snijders NTT Communications @jobsnijders Sasha Romijn DashCare @mxsash [BOTH]

2 IRRd v3 is an organically grown, 20 year old code base, mostly in C, perl, flat text file backend
Reliability issues with irrd2/irrd3 (fix is to restart the daemon...) Absolutely critical to NTT’s daily operations - All NTT Communications’ prefix-filters come from irrd instances! Why IRRd v4 [JOB] @jobsnijders /

3 @jobsnijders / job@ntt.net sasha@dashcare.nl / @mxsash
irrd$ cloc text files unique files files ignored. github.com/AlDanial/cloc v T=2.25 s (71.9 files/s, lines/s) Language files blank comment code C Perl Bourne Shell C/C++ Header yacc make SUM: [JOB] @jobsnijders /

4 Why IRRd v4 Looking forward No possibility for innovation, extensions
IRRd v3 is ‘dumb’ middleware, literal transposition between input and output - need to move to ‘smart’ middleware For routing security road map see slides 11-18: Why IRRd v4 Looking forward [JOB] @jobsnijders /

5 Goals for IRRd v4 Single modern architecture with extension options
Codebase that is well documented, consistent, maintainable Extensive test suite QA checks comparing to current rr.ntt.net Goals for IRRd v4 [JOB] @jobsnijders /

6 Development principles
BSD 2-Clause licensed Complete rewrite Python 3.6 & PostgreSQL Planned for future expansion Using third party projects over inventing things ourselves Strict requirements on data validation and consistency “100%” coverage unit tests Extensive documentation Development principles [SASHA] @jobsnijders /

7 Basic IRRd v4 architecture
NRTM / full mirror import WHOIS query parser psql RPSL parser Database handler DB Query resolver update parser Auth/reference validator Journal keeping [SASHA] @jobsnijders /

8 lookup_key=True, optional=True, multiple=True,
class RPSLAsSet(RPSLObject): fields = OrderedDict([ ("as-set", RPSLSetNameField( primary_key=True, lookup_key=True, prefix="AS")), ("members", RPSLReferenceListField( lookup_key=True, optional=True, multiple=True, referring=["aut-num", "as-set"])), ("tech-c", RPSLReferenceField( referring=["role", "person"])), ("mnt-by", RPSLReferenceListField(lookup_key=True, multiple=True, referring=["mntner"])), ..., ..., ...]) [SASHA] @jobsnijders /

9 Metadata extraction (as-set)
rpsl_pk = AS-RIPENCC source = RIPE object_class = as-set parsed_data = { "as-set": "AS-RIPENCC", "mnt-by": ["RIPE-NCC-MNT"], "source": "RIPE", "tech-c": "DUMY-RIPE", "admin-c": "DUMY-RIPE", "members": ["AS3333", "AS2121", "AS12654"]} [SASHA] @jobsnijders /

10 Metadata extraction (route)
parsed_data = {"route": " /21", "mnt-by": ["RIPE-NCC-MNT"], "origin": "AS3333", "source": "RIPE"} ip_version = 4 ip_first = ip_last = ip_size = 2048 asn_first = 3333 asn_last = 3333 [SASHA] @jobsnijders /

11 Challenges (all solved)
Almost everyone deviates from RFCs in slightly different ways RPSL has a few strange features, and doesn’t always fit common storage methods Invalid objects occur in many databases (improved) NRTM is barely documented and inconsistently implemented Interdependent updates Challenges (all solved) [SASHA] @jobsnijders /

12 RPSL has many exciting features
inetnum: source: DEMO inetnum: # documentation prefix +- # end [SASHA] @jobsnijders /

13 … and all kinds of invalid objects
aut-num: AS65536 notify: EXAMPLE-MNT notify: our address is source: DEMO “Ignored” [SASHA] @jobsnijders /

14 Fixed That’s not an AS number route: 192.0.2.0/24 origin: 64496
source: DEMO Fixed [SASHA] @jobsnijders /

15 ASDOT never left as-set: AS-EXAMPLE members: AS64496, AS64497
source: DEMO [SASHA] @jobsnijders /

16 Note that only the ASCII character set can be used.
mntner: EXAMPLE-MNT upd-to: auth: MD5PW # Filtered mnt-by: EXAMPLE-MNT source: DEMO ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ERROR: Line 3: encountered empty line in the middle of object: [] [SASHA] @jobsnijders /

17 Note that only the ASCII character set can be used.
Fixed [SASHA]

18 Incomplete objects in NRTM (not only RADB)
%START Version: 3 radb DEL route: /21 descr: StarHub Ltd - NGNBN Network origin: AS %END RADB [SASHA] @jobsnijders /

19 (based on deployment like rr.ntt.net)
2.6 million RPSL objects One NRTM update per 40s Average object 427 bytes Largest object is 3.4MB 1.6 GB PostgreSQL data, 1.4 GB PostgreSQL indexes Log of rr.ntt.net queries to run QA tests/comparisons Statistics (based on deployment like rr.ntt.net) [SASHA] @jobsnijders /

20 Phase 1: replace existing IRRD with same features
Project ~75-80% complete ~4000 lines of code ~3000 lines of 214 tests (Mostly) completed: RPSL parsing and validation Object storage, indexing, search and journal keeping. IRRD/RIPE whois queries Mirroring other sources Logo coming soon Current IRRDv4 status Phase 1: replace existing IRRD with same features [SASHA] @jobsnijders /

21 Plans for phase 2 Use of RPKI to negate conflicting IRR information
(ala RIPE Policy Proposal) Business rules to clean up / reject objects Bogon prefixes & ASNs, special prefixes Integration with or validation against authoritative RIR databases Plans for phase 2 [JOB] @jobsnijders /

22 Plans for phase 2 HTTPS API NRTMv4
Better query language, perhaps GraphQL? …. (your input here) …. Plans for phase 2 [JOB] @jobsnijders /

23 Thank you! https://github.com/irrdnet/irrd4
Job Snijders NTT Communications @jobsnijders Sasha Romijn DashCare @mxsash

Download ppt "Internet Routing Registry daemon version 4"

Similar presentations

Database SIG Summary Report Chair – Xing Li APNIC Annual Member Meeting Bangkok, March 7 2002.

Database SIG Summary Report Chair – Xing Li APNIC Annual Member Meeting Bangkok, March
Protecting Resource Records in APNIC Whois Database Database SIG APNIC-16, Seoul August 2003 Sanjaya

Protecting Resource Records in APNIC Whois Database Database SIG APNIC-16, Seoul August 2003 Sanjaya
Refeng Wu CQ5 WCM System Administrator

Refeng Wu CQ5 WCM System Administrator
APNIC Internet Routing Registry Routing SIG APNIC-15, Taipei 26 February 2003.

APNIC Internet Routing Registry Routing SIG APNIC-15, Taipei 26 February 2003.
Database Update Kaveh Ranjbar Database Department Manager, RIPE NCC.

Database Update Kaveh Ranjbar Database Department Manager, RIPE NCC.
Database Update Johan Åhlén Assistant Manager and Denis Walker Business Analyst.

Database Update Johan Åhlén Assistant Manager and Denis Walker Business Analyst.
Database Update Kaveh Ranjbar Database Department Manager, RIPE NCC.

Database Update Kaveh Ranjbar Database Department Manager, RIPE NCC.
Database Update Kaveh Ranjbar Database Group Manager, RIPE NCC.

Database Update Kaveh Ranjbar Database Group Manager, RIPE NCC.
APNIC Internet Routing Registry An introduction to the IRR TWNIC Meeting, 3 December 2003 Nurani Nimpuno, APNIC.

APNIC Internet Routing Registry An introduction to the IRR TWNIC Meeting, 3 December 2003 Nurani Nimpuno, APNIC.
1 A survey of Internet Topology Discovery. 2 Outline Motivations Internet topology IP Interface Level Router Level AS Level PoP Level.

1 A survey of Internet Topology Discovery. 2 Outline Motivations Internet topology IP Interface Level Router Level AS Level PoP Level.
Creating a Well-Formed Valid Document. 2 Objectives Introducing XHTML Creating a Well-Formed Document Creating a Valid Document Creating an XHTML Document.

Creating a Well-Formed Valid Document. 2 Objectives Introducing XHTML Creating a Well-Formed Document Creating a Valid Document Creating an XHTML Document.
Resource Certification What it means for LIRs Alain P. AINA Special Project Manager.

Resource Certification What it means for LIRs Alain P. AINA Special Project Manager.
The RPLS ‘via’ attributes IETF89, London RPLS-VIA - IETF89 - Job Snijders Hibernia Networks.

The RPLS ‘via’ attributes IETF89, London RPLS-VIA - IETF89 - Job Snijders Hibernia Networks.
Andrei Robachevsky, Shane Kerr. APNIC/APRICOT2001, February 2001, Kuala Lumpur, Malaysia. 1 Routing Registry Consistency Check Presented.

Andrei Robachevsky, Shane Kerr. APNIC/APRICOT2001, February 2001, Kuala Lumpur, Malaysia. 1 Routing Registry Consistency Check Presented.
Router Configuration Management Tools

Router Configuration Management Tools
© Copyright 2000 M. Rodriguez-Martinez, All Rights Reserved Automatic Deployment of Application-Specific Metadata and Code in MOCHA Manuel Rodriguez-Martinez.

© Copyright 2000 M. Rodriguez-Martinez, All Rights Reserved Automatic Deployment of Application-Specific Metadata and Code in MOCHA Manuel Rodriguez-Martinez.
Conceptual Architecture of PostgreSQL PopSQL Andrew Heard, Daniel Basilio, Eril Berkok, Julia Canella, Mark Fischer, Misiu Godfrey.

Conceptual Architecture of PostgreSQL PopSQL Andrew Heard, Daniel Basilio, Eril Berkok, Julia Canella, Mark Fischer, Misiu Godfrey.
Overview of Mini-Edit and other Tools Access DB Oracle DB You Need to Send Entries From Your Std To the Registry You Need to Get Back Updated Entries From.

Overview of Mini-Edit and other Tools Access DB Oracle DB You Need to Send Entries From Your Std To the Registry You Need to Get Back Updated Entries From.
Linux Operations and Administration

Linux Operations and Administration
Scaling IXPs Scalable Infrastructure Workshop. Objectives  To explain scaling options within the IXP  To introduce the Internet Routing Registry at.

Scaling IXPs Scalable Infrastructure Workshop. Objectives  To explain scaling options within the IXP  To introduce the Internet Routing Registry at.

Similar presentations

Ads by Google