Andrei Robachevsky. 12th APNIC Open Plicy Meeting, August 2001, Taipei, Taiwan. 1 New Version of the RIPE Database Andrei Robachevsky

1Andrei Robachevsky . 12th APNIC Open Plicy Meeting, August 2001, Taipei, Taiwan . http://www.ripe.net

New Version of the RIPE Database

Andrei Robachevsky

RIPE NCC

<[email protected]>


Outline

• Current status of the RIPE Database

• New database software

• RIPE Database migration


RIPE Database Status

• Contains• IP allocations/assignments• Domain registry• Routing registry

• More than 4 Million objects• 84% person, 11% inetnum, 0.66% route

• 6,700 updates/day• Up to 1.5 Mqueries/day (15 queries/s)

• 38% IP addresses, 1% IP prefixes• Up to 15% are denied


aut-nm0.12%

person84.21%

role0.11%

route0.66%

domain3.38%

inetnum11.29%

as-block0.00%

mntner0.16%

Other4.49%

Distribution by object type(August 2001)


Queries reached 15 q/s average(35q/s max)

0

2

4

6

8

10

12

14

16

Jul-9

9

Aug

-99

Sep

-99

Oct

-99

Nov

-99

Dec

-99

Jan-

00

Feb

-00

Mar

-00

Apr

-00

May

-00

Jun-

00

Jul-0

0

Aug

-00

Sep

-00

Oct

-00

Nov

-00

Dec

-00

Jan-

01

Feb

-01

Mar

-01

Apr

-01

May

-01

Jun-

01

Jul-0

1

Month

Qu

eri

es/

s


% of queries by object type

IP43%

domains27%

prefixes1%

other29% domains

IP

prefixes

other


Updates 7 per min

0

5

10

15

20

25Ju

l-99

Aug

-99

Sep

-99

Oct

-99

Nov

-99

Dec

-99

Jan-

00

Feb

-00

Mar

-00

Apr

-00

May

-00

Jun-

00

Jul-0

0

Aug

-00

Sep

-00

Oct

-00

Nov

-00

Dec

-00

Jan-

01

Feb

-01

Mar

-01

Apr

-01

May

-01

Jun-

01

Jul-0

1

Month

domain

person

inetnum

all


Database Software v3

• Functionality

• Architecture

• Performance


New version of the RIPE Database

• Supports RPSL (RFC2622)• Extended syntax• New objects and attributes

• Supports RPSS (RFC2725)• New authorization rules

• Supports RAToolset• RtConfig -protocol ripe

• Code is completely rewritten


RPSL features

• Provides rich syntax for expressing routing policies• router configuration ready

• RPSL syntax extensions apply to all object types• end of line comments• line continuation• order of attributes

• New objects• as-block, as-set (as-macro), route-set (community)• peering-set, filter-set, rtr-set

• New attributes• member-of, mbrs-by-ref• mnt-routes: <mnt_name> [ rpsl list of prefixes | ANY]• referral-by: <mnt_name>


Security features

• Provides strong security mechanisms• Protection of individual objects• Protection of IP address space• Protection of ASN space• Protection of route space• Protection of set membership• Protection of hierarchical set names• Protection of domain object space

• 4 supported auth schemes• GPG public keys are supported


New software• Mainly in C, multithreaded

• CPU: 70% idle

• RDBMS as a back-end• MySQL, customized transaction support

• In-memory radix tree for IP lookups• also more and less specific lookups for reverse delegation

domains

• MIME and GPG support • correct PGP keys are also accepted

• Automatic access control• separate accounting for public and contact data


Server architectureE

-mai

l

RDBMS

Core Server

Update FE

Update FE

RDBMS

Mirror ServerNRTM clients

Queuerules

Messagequeues

Syntax checks,acks, notifications

qu

eries


Query Performance (I)Query rate,

q/s

# of concurrentclients0 .00 20 .00 40 .00 60 .00

0 .00

20 .00

40 .00

60 .00

80 .00

V2 operational

zone

V3 operational

zone

V3

V2


0 .00 20 .00 40 .00 60 .00

0 .00

1 .00

2 .00

3 .00

4 .00Query Performance (II)

Responsetime,

s

# of concurrentclients

V2 operational

zone

V3 operational

zone

V3

V2


Transition phases

• Pre-migration period• Conversion to RPSL• Prototype servers

• Transition period• 23 April: Migration Night• RIPE-181 compatibility mode

• Finalizing the migration• ftp site structure• deprecating legacy stuff


Pre-migration: RIPE181 -> RPSL• Sets

• as-macro: <macro_name> => as-set: <macro_name>• community: <comm_name> => route-set: RS-<comm_name>

• Reserved prefixes (RP)• AS-, RS-, RTRS-, FLTR-, PRNG-• mntner: <RP><mt_name> - 9 cases, all resolved by the owners• as-name: <RP><name> => ASN-<name>

• Mandatory attribute: mnt-by (except dn, pn, ro)• no mnt-by => mnt-by: RIPE-NCC-NONE-MNT• no mnt-by (aut-num’s) => mnt-by: RIPE-NCC-AN-MNT

• New attribute: referral-by• => referral-by: RIPE-DBM-MNT


Pre-migration: prototype servers

• Near real-time mirror of the RIPE Database• whois -h rpsl.ripe.net• contains live RIPE Database in RPSL format

• Test server for submissions• mail <[email protected]>• whois -h rpsl.ripe.net -p 4343

• NRTM• rpsl.ripe.net, port 4444• please contact <[email protected]>


Pre-migration: milestones

• April 5 ripe-dbase-3.0 release

• April 12 Advised mirrors’ switchover

• 4 servers switched to the RPSL mirror

• April 19 Migration if the TESTDatabase

• dress rehearsal of the migration


Transition: Compatibility mode

• RIPE-181 updates• can be sent to a separate mail robot• automatically converted to RPSL

• PGP authentication• cannot be used

• RPSL syntax rules• empty attributes are not allowed• optional -> mandatory• no aliases• no prefix notation


Transition: issues

Routing Policy System Security (RFC2725)• new authorisation rules for route creation • need to duplicate objects in the RIPE DB

• encompassing inetnum with NONE auth for mnt-routes• as-blocks for non RIPE space with NONE auth for mnt-lower

• low level of security in non RIPE space• still apply in RIPE-181 compatibility mode

• V2 undocumented features• leading white space stripping• correcting misspelled attributes• filtering out empty attributes


Transition timeline

Updates in RIPE-181to <[email protected]>

Updates in RPSLto <[email protected]>

Updates in RPE-181to <[email protected]>RIPE181

RPSL

Production

Prototype/Compatibility

TEST

Updates in RIPE-181to <[email protected]>




X=23 April Y=14 May Z=15 October


Future Plans

• Provide support for several platforms• Solaris (SPARC & Intel)• Linux (RedHat)• FreeBSD

• New features• DB and object schema/syntax, object library• extensions to RFC2725 implementation


More Information

• RIPE-181 to RPSL Migration page• http://www.ripe.net/rpsl

• Documentation• RIPE Database Reference Manual

http://www.ripe.net/ripe/docs/databaseref-manual.html• RIPE Database User Manual (coming soon)• RIPE Database Operation Manual (coming soon)

• Software• New whois client

ftp://ftp.ripe.net/tools/ripe-whois-3.0.tar.gz• Server software v3

ftp://ftp.ripe.net/ripe/dbase/software/ripe-dbase-3.0.1.tar.gz

Documents

Andrei Robachevsky. 12th APNIC Open Plicy Meeting, August 2001, Taipei, Taiwan. 1 New Version of the RIPE Database Andrei Robachevsky