Presentation is loading. Please wait.

Presentation is loading. Please wait.

NATO Advanced Networking Workshop. Ljubljana, 19 September 2001. 1 RIPE whois Database RIPE Network Coordination Centre.

Published byRandolph Fisher Modified over 8 years ago

Similar presentations

Presentation on theme: "NATO Advanced Networking Workshop. Ljubljana, 19 September 2001. 1 RIPE whois Database RIPE Network Coordination Centre."— Presentation transcript:

1 NATO Advanced Networking Workshop. Ljubljana, 19 September 2001. http://www.ripe.net 1 RIPE whois Database RIPE Network Coordination Centre

2 NATO Advanced Networking Workshop. Ljubljana, 19 September 2001. http://www.ripe.net 2 Schedule intro basic DB queries creating person/role object creating network object advanced DB queries protecting objects updating objects exercises / examples

3 NATO Advanced Networking Workshop. Ljubljana, 19 September 2001. http://www.ripe.net 3 RIPE Database Intro Public Network Management Database Software Management RIPE NCC requirements by RIPE community (db-wg@ripe.net) download from ftp://ftp.ripe.net/ Data Management LIRs, other users RIPE NCC Information content not responsibility of RIPE NCC Exchange of knowledge – Transition to RPSL

4 NATO Advanced Networking Workshop. Ljubljana, 19 September 2001. http://www.ripe.net 4 Object Types Information about: objects: IP address space inetnum, inet6num reverse domainsdomain routing policies route, aut-num, etc contact detailsperson, role, mntner Server whois.ripe.net UNIX client (command line queries) http://www.ripe.net/db/ The most important documents –Representation of IP Routing Policies in a Routing Registry (ripe-181) –RIPE NCC Database Reference Manual (ripe-223) New!

5 NATO Advanced Networking Workshop. Ljubljana, 19 September 2001. http://www.ripe.net 5 Basic Queries Whois (client, web interface) –searches only look-up keys –returns exact match Look-up keys - usually the object name –person, role: name, email, nic-hdl –inetnum: address (or range), netname Glimpse - full text search e.g. searching for address space based on the postal address or the name of the organisation Examples

6 NATO Advanced Networking Workshop. Ljubljana, 19 September 2001. http://www.ripe.net 6 Creating person Object Check if person object exists in RIPE DB –only one object per person Obtain and complete a template  whois -t person whois -v person (verbose)  Send to Each person and role object has a unique nic-hdl

7 NATO Advanced Networking Workshop. Ljubljana, 19 September 2001. http://www.ripe.net 7 whois -t person person: [mandatory] [single] [lookup key] address: [mandatory] [multiple] [ ] phone: [mandatory] [multiple] [ ] fax-no: [optional] [multiple] [ ] e-mail: [optional] [multiple] [lookup key] nic-hdl: [mandatory] [single] [primary/look-up key] remarks: [optional] [multiple] [ ] notify: [optional] [multiple] [inverse key] mnt-by: [optional] [multiple] [inverse key] changed: [mandatory] [multiple] [ ] source: [mandatory] [single] [ ]

8 NATO Advanced Networking Workshop. Ljubljana, 19 September 2001. http://www.ripe.net 8 whois -t role role: [mandatory] [single] [lookup key] address: [mandatory] [multiple] [ ] phone: [optional] [multiple] [ ] fax-no: [optional] [multiple] [ ] e-mail: [mandatory] [multiple] [lookup key] trouble: [optional] [multiple] [ ] admin-c: [mandatory] [multiple] [inverse key] tech-c: [mandatory] [multiple] [inverse key] nic-hdl: [mandatory] [single] [primary/look-up key] remarks: [optional] [multiple] [ ] notify: [optional] [multiple] [inverse key] mnt-by: [optional] [multiple] [inverse key] changed: [mandatory] [multiple] [ ] source: [mandatory] [single] [ ]

9 NATO Advanced Networking Workshop. Ljubljana, 19 September 2001. http://www.ripe.net 9 role: Technical BlueLight Staff... nic-hdl: AUTO-#initials AUTO-2BL nic-hdl person: Piet Bakker... nic-hdl: AUTO-1 PB1234-RIPE Unique identifier for person and role objects –primary key for person and role objects Format: [number]- –e.g. CD567-RIPE, JFK11-RIPE Used in all attributes where contact info is needed  Use “AUTO-#” placeholders BL112-RIPE

10 NATO Advanced Networking Workshop. Ljubljana, 19 September 2001. http://www.ripe.net 10 Database Robot Responses Successful update –acknowledgement Warnings –object accepted but might be ambiguous –object corrected and accepted Errors –object NOT corrected and NOT accepted –diagnostics in acknowledgement If not clear send questions to –include error report and the original message

11 NATO Advanced Networking Workshop. Ljubljana, 19 September 2001. http://www.ripe.net 11 Creating Network Objects AW=0 or AW<request_size –take the “network template” from the approved request otherwise –whois -t inetnum Send to –with (only) the keyword NEW in the subject line to avoid over-writing the existing objects (address range is the primary key for inetnum)

12 NATO Advanced Networking Workshop. Ljubljana, 19 September 2001. http://www.ripe.net 12 whois -t inetnum inetnum: [mandatory] [single] [primary/look-up key] netname: [mandatory] [single] [lookup key] descr: [mandatory] [multiple][ ] country: [mandatory] [multiple][ ] admin-c: [mandatory] [multiple][inverse key] tech-c: [mandatory] [multiple][inverse key] rev-srv: [optional] [multiple][inverse key] status: [mandatory] [single] [ ] remarks: [optional] [multiple][ ] notify: [optional] [multiple][inverse key] mnt-by: [mandatory] [multiple][inverse key] mnt-lower: [optional] [multiple][inverse key] mnt-routes: [optional] [multiple][inverse key] changed: [mandatory] [multiple][ ] source: [mandatory] [single] [ ]

13 NATO Advanced Networking Workshop. Ljubljana, 19 September 2001. http://www.ripe.net 13 Pay Attention to... Insert the address range –in the ‘network template’ from the approved request form Keep the same netname attribute as approved Create person or role objects in advance –admin-c: on site; client’s MD –tech-c: LIR or consultant Status: ASSIGNED PA In the changed attribute leave out the date –DB will add the current date  Protection is mandatory –recommended: include mnt-lower and mnt-routes

14 NATO Advanced Networking Workshop. Ljubljana, 19 September 2001. http://www.ripe.net 14 Changes with RPSL Objects format - stricter syntax checks!!! –line continuation (white space or “+” sign) –attribute order is relevant and preserved –support for end of line comments (after “#”) –no empty attributes allowed inetnum value can not be in prefix notation! correct: a.b.c.d - w.x.y.z Submission to the DB supports: –MIME –PGP (GnuPG) New in RPSL!

15 NATO Advanced Networking Workshop. Ljubljana, 19 September 2001. http://www.ripe.net 15 Querying Address Ranges –whois [customer’s IP range, customer’s netname] netname not unique search key –whois -m [LIR allocated IP range] list of biggest sub-ranges (first level more specific) –whois -M [LIR allocated IP range] all sub-ranges –whois -L [customer’s IP range] exact match & bigger encompassing ranges –LIR’s own allocation object & RIPE NCC’s /8 –whois -l [customer’s IP range] not the exact match, but the smallest bigger object –whois -x [IP range] if no matching object is found nothing is returned New in RPSL! New in RPSL!

16 NATO Advanced Networking Workshop. Ljubljana, 19 September 2001. http://www.ripe.net 16 Example DB Queries 195.35.64.0- 195.35.65.191 195.35.88/26 195.35.64.0 - 195.35.95.255 195.35.80/25 BLUELIGHT GOODY2SHOES whois -M 195.35.64.0/19 whois -m 195.35.64.0/19 whois -L 195.35.92.10 ENGOS... 195.35.92/29 ENGO-7 195.35.92.8/29 ENGO-8

17 NATO Advanced Networking Workshop. Ljubljana, 19 September 2001. http://www.ripe.net 17 Inverse Lookups in RIPE DB whois -i {attribute} {value} Inverse keys –notify, mnt-by, mnt-lower, admin-c, tech-c, zone-c, whois –i tech-c JJ125-RIPE –whois -i admin-c,tech-c,zone-c -T domain JJ125-RIPE –whois -ipn JJ125-RIPE whois -i mnt-by BLUELIGHT-MNT whois -i notify jan@bluelight.nl New in RPSL!

18 NATO Advanced Networking Workshop. Ljubljana, 19 September 2001. http://www.ripe.net 18 Non-Recursive Lookups: “-r” whois 193.35.64.82=> inetnum,route,person(s) –whois -r 193.35.64.82 => inetnum, route –whois -T inetnum 193.35.64.82 => inetnum,persons –whois -r -T inetnum 193.35.64.82 => inetnum –whois -T route 193.35.64.82 => route Summary -- DB flags: –-i, -r, -T, -m, -M, -l, -L, -x

19 NATO Advanced Networking Workshop. Ljubljana, 19 September 2001. http://www.ripe.net 19 Questions? (link back to the Assignment Process)

20 NATO Advanced Networking Workshop. Ljubljana, 19 September 2001. http://www.ripe.net 20 Advanced Database Issues Protection DB administration – updating objects – deleting objects Test whois Database

21 NATO Advanced Networking Workshop. Ljubljana, 19 September 2001. http://www.ripe.net 21 Notification / Authorisation notify attribute (optional) –sends notification of change to the email address specified  mnt-by attribute & mntner object – mnt-by mandatory (except dn, pn, ro)  Hierarchical authorisation for inetnum, domain, route, aut-num objects –mnt-lower attribute –mnt-routes attribute New in RPSL! New in RPSL!

22 NATO Advanced Networking Workshop. Ljubljana, 19 September 2001. http://www.ripe.net 22 Creating Maintainer Object Mandatory protection of objects except for person, role and domain –updates of objects that contain mnt-by attribute must pass the authentication rules in the mntner object Decide on the authentication method –ripe-223 ripe-157, ripe-189 documents obsolete Manual registration necessary –send the mntner object to –requester needs to be contact person from the LIR  See also: Protection of RIPE DB objects New!

23 NATO Advanced Networking Workshop. Ljubljana, 19 September 2001. http://www.ripe.net 23 Authorisation Mechanism inetnum: 195.35.64.0 - 195.35.65.191 netname: BLUELIGHT-1 descr: Blue Light Internet ………….. mnt-by:BLUELIGHT-MNT mntner: BLUELIGHT-MNT descr: Maintainer for all Bluelight objects admin-c: JJ231-RIPE tech-c: BL112-RIPE auth: CRYPT-PW q5nd!~sfhk0# upd-to: jan@bluelight.nl mnt-nfy: auto-mnt@bluelight.nl referral-by: RIPE-DBM-MNT mnt-by: BLUELIGHT-MNT changed: hostmaster@bluelight.nl 19991112 source: RIPE

24 NATO Advanced Networking Workshop. Ljubljana, 19 September 2001. http://www.ripe.net 24 Maintainer Object Attributes  auth (mandatory, multiple) upd-to (mandatory) –notification for failed updates mnt-nfy (optional, encouraged) –works like notify but for all objects that refer to this mntner mnt-by (mandatory) –can reference the object itself referral-by (mandatory) –references mntner object that created this object Manual registration of object necessary Send object to New in RPSL!

25 NATO Advanced Networking Workshop. Ljubljana, 19 September 2001. http://www.ripe.net 25 Authentication Methods 1. auth: NONE could be used with mnt-nfy attribute 2. auth: MAIL-FROM {e-mail, reg-exp} –e.g. MAIL-FROM.*@bluelight\.nl protection from typos 3. auth: CRYPT-PW {encrypted password} include password attribute in your updates –value is clear text password 4. auth: PGPKEY- key-cert object –see: ripe-223 http://www.gnupg.org/

26 NATO Advanced Networking Workshop. Ljubljana, 19 September 2001. http://www.ripe.net 26 inetnum: 195.35.64.0 - 195.35.79.255 netname: NL-BLUELIGHT-20000909 …... status: ALLOCATED PA mnt-by: RIPE-NCC-HM-MNT mnt-lower: BLUELIGHT-MNT mnt-routes: BLUELIGHT-MNT changed: hostmaster@ripe.net 20000909 changed: hostmaster@ripe.net 20001111 source: TEST Ask to add mnt-lower and mnt-routes attributes into your allocation inetnum objects Hierarchical Authorisation 

27 NATO Advanced Networking Workshop. Ljubljana, 19 September 2001. http://www.ripe.net 27 Hierarchical Authorisation (cont’d) mnt-lower and mnt-routes attributes –authenticate only creation of more specific objects –only one level below mandatory in allocation inetnum objects mandatory in PI assignment inetnum objects recommended in PA inetnum objects, and route objects mnt-routes in aut-num object e.g. AS42 –authenticates creation of route objects with origin: AS42 New in RPSL!

28 NATO Advanced Networking Workshop. Ljubljana, 19 September 2001. http://www.ripe.net 28 DB Update Procedure Send to: Modifying an object –obtain object from RIPE DB –make needed changes –keep the same primary key –add the changed line to the new version of object changed: jan@bluelight.nl 20010505 keep the old changed lines in to show history –include authentication (password, PGP signature) Deleting an object –add delete line to the exact copy of current object delete: jan@bluelight.nl overlapping inetnum 20010606 –include authentication (password, PGP signature)

29 NATO Advanced Networking Workshop. Ljubljana, 19 September 2001. http://www.ripe.net 29 When to Update Your Objects Fixing overlapping assignments Merging two inetnum (domain, route) objects  Splitting one assignment into smaller ones Changing the netname Protecting unprotected objects –including mnt-by attribute Updating peering agreements in aut-num  Updating references to new contact persons/roles –admin-c, tech-c, zone-c Updating contact info –phone/address change in person/role/mntner

30 NATO Advanced Networking Workshop. Ljubljana, 19 September 2001. http://www.ripe.net 30 Inetnum: person: 195.35.64.80 JAJA1-RIPE Case Study 1 -- Contact Person Left 1. whois -i tech-c JAJA1-RIPE 2. Create new person object ( for Carl Dickens, new guy ) 3. Change the tech-c reference in all inetnum objects 4. Delete old person object Inetnum: 195.35.64.130 JAJA1-RIPE... CD2-RIPE person:

31 NATO Advanced Networking Workshop. Ljubljana, 19 September 2001. http://www.ripe.net 31 195.35.64.130 CD2-RIPE 195.35.64.80 CD2-RIPE Case Study 2 -- Replacing tech-c Using role Object 1. Create person object for each tech-c 2. Create role object for all tech-c:s 3. Change the tech-c reference in all inetnum objects to reference role object 4. Keep role object up-to-date with staff changes CD2-RIPE BL112-RIPE... BL112-RIPE CD2-RIPE JJ231-RIPE role: person: JJ231-RIPE person:

32 NATO Advanced Networking Workshop. Ljubljana, 19 September 2001. http://www.ripe.net 32 Case Study 3 -- Replacing Assignment Objects Splitting any approved assignment e.g. moving first assignment registered as one block, at the beginning of allocated range –delete the original object –create two or more new objects –keep the same netname or let RIPE NCC know of the change using the same ticket number

33 NATO Advanced Networking Workshop. Ljubljana, 19 September 2001. http://www.ripe.net 33 Test whois Database Non-production whois Database Similar interface as “real” RIPE whois Database –whois & email whois -h test-whois.ripe.net ; –syntax checking –error reports Possible to automatically create mntner Ideal for testing –various authorisation schemes –self-made scripts that update RIPE whois DB Source: TEST

34 NATO Advanced Networking Workshop. Ljubljana, 19 September 2001. http://www.ripe.net 34 Questions? Questions, bug reports:

Download ppt "NATO Advanced Networking Workshop. Ljubljana, 19 September 2001. 1 RIPE whois Database RIPE Network Coordination Centre."

Similar presentations

RP Designs Semi-Custom e-Commerce Package. Overview RP Designs semi- custom e-commerce package is a complete website solution. Visitors can browse a catalog.

RP Designs Semi-Custom e-Commerce Package. Overview RP Designs semi- custom e-commerce package is a complete website solution. Visitors can browse a catalog.
Copyright (c) 2002 Japan Network Information Center Introduction of JPNICs New Registry System Izumi Okutani IP Address Section Japan Network Information.

Copyright (c) 2002 Japan Network Information Center Introduction of JPNICs New Registry System Izumi Okutani IP Address Section Japan Network Information.
Update about the “SHOULDs Analysing Project” in RIPE Policy Documents “Should” we use the RFC 2119 Defined Language in RIPE Policy Documents? Jan Žorž,

Update about the “SHOULDs Analysing Project” in RIPE Policy Documents “Should” we use the RFC 2119 Defined Language in RIPE Policy Documents? Jan Žorž,
Database Update Johan Åhlén Assistant Manager and Denis Walker Business Analyst.

Database Update Johan Åhlén Assistant Manager and Denis Walker Business Analyst.
Save Vocea/ Sanjaya - APNIC PacINET2002 28 November 2002, Fiji APNIC Whois Tutorial.

Save Vocea/ Sanjaya - APNIC PacINET November 2002, Fiji APNIC Whois Tutorial.
Database Update Kaveh Ranjbar Database Department Manager, RIPE NCC.

Database Update Kaveh Ranjbar Database Department Manager, RIPE NCC.
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
1 prop-018-v001 Protecting historical records in the APNIC Whois Database Project Update DB SIG APNIC18 2 September 2004 Nadi, Fiji Sanjaya, Project Manager,

1 prop-018-v001 Protecting historical records in the APNIC Whois Database Project Update DB SIG APNIC18 2 September 2004 Nadi, Fiji Sanjaya, Project Manager,
Database Update Kaveh Ranjbar Database Group Manager, RIPE NCC.

Database Update Kaveh Ranjbar Database Group Manager, RIPE NCC.
APNIC Internet Routing Registry An introduction to the IRR TWNIC Meeting, 3 December 2003 Nurani Nimpuno, APNIC.

APNIC Internet Routing Registry An introduction to the IRR TWNIC Meeting, 3 December 2003 Nurani Nimpuno, APNIC.
1 of 7 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.

1 of 7 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.
Andrei Robachevsky, Shane Kerr. APNIC/APRICOT2001, February 2001, Kuala Lumpur, Malaysia. 1 Routing Registry Consistency Check Presented.

Andrei Robachevsky, Shane Kerr. APNIC/APRICOT2001, February 2001, Kuala Lumpur, Malaysia. 1 Routing Registry Consistency Check Presented.
Introduction to the Secure SMTP Server service. Secure SMTP server is a secure, reliable SMTP mail relay server for your outgoing mail. Secure SMTP service.

Introduction to the Secure SMTP Server service. Secure SMTP server is a secure, reliable SMTP mail relay server for your outgoing mail. Secure SMTP service.
Reverse DNS. Overview Principles Creating reverse zones Setting up nameservers Reverse delegation procedures.

Reverse DNS. Overview Principles Creating reverse zones Setting up nameservers Reverse delegation procedures.
How to Get The Most Out of Outlook 2003 Michele Schwartzman Division of Customer Support 301-594-6248 Summer 2006.

How to Get The Most Out of Outlook 2003 Michele Schwartzman Division of Customer Support Summer 2006.
Login Screen This is the Sign In page for the Dashboard Enter Id and Password to sign In New User Registration.

Login Screen This is the Sign In page for the Dashboard Enter Id and Password to sign In New User Registration.
Local Internet Registries. Training Course. 1 Welcome to the IP Tutorial 26 January 2001 RIPE Network Co-ordination Centre

Local Internet Registries. Training Course. 1 Welcome to the IP Tutorial 26 January 2001 RIPE Network Co-ordination Centre
Local Internet Registries. Training Course. 1 Welcome to the Local Internet Registry Course RIPE Network Co-ordination Centre NEW version.

Local Internet Registries. Training Course. 1 Welcome to the Local Internet Registry Course RIPE Network Co-ordination Centre NEW version.
Anne Lord & Mirjam Kühne. AfNOG Workshop, 10 May 2001. The whois Database Introduction and Usage.

Anne Lord & Mirjam Kühne. AfNOG Workshop, 10 May The whois Database Introduction and Usage.
Providing A Subset of Whois Data Via DNS Shuang Zhu Xing Li CERNET Center.

Providing A Subset of Whois Data Via DNS Shuang Zhu Xing Li CERNET Center.

Similar presentations

Ads by Google