Scribd
Upload
31 views231 pages

RIPE Data Base-Slides, Training Curse

The role object represents either a group of persons or an abuse contact. It contains attributes like admin-c and tech-c to link to contact persons, and abuse-mailbox for an abuse contact. Other objects like IP blocks reference the role object in their admin-c and tech-c attributes to show the responsible contacts.

Uploaded by

lluis
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
31 views231 pages

RIPE Data Base-Slides, Training Curse

The role object represents either a group of persons or an abuse contact. It contains attributes like admin-c and tech-c to link to contact persons, and abuse-mailbox for an abuse contact. Other objects like IP blocks reference the role object in their admin-c and tech-c attributes to show the responsible contacts.

Uploaded by

lluis
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 231

RIPE Database

Training Course

January 2023
2
09:00 - 09:30 Coffee, Tea
11:00 - 11:15 Break
13:00 - 14:00 Lunch
15:30 - 15:45 Break
17:30 End

3
Introductions
• Name
• Experience with:
- Being an LIR

!
- The RIPE Database

ll o
• Goals

H e 4
Overview
• What is the RIPE Database?
• How does it work?
• How to update it?
• Delegating address space to others
• RIPE Routing Registry
• Reverse DNS
• More RIPE Database
• Play Time!
• The RESTful API
5
Prepare Yourself!
• Get your laptop up and running

• Make sure you have an Internet connection


- and a RIPE NCC Access account!

• Go to the TEST Database: https://apps-test.db.ripe.net


- Open several tabs in the browser, if you want

6
Make sure you are in the TEST Database!

7
• Take out the exercise booklet
• When you see the green square, there is an activity
for you to do!

= Activity time!

• Get ready to type a lot!


• Don’t forget to take notes in the notebook ;-)
8
The Story
• Your colleague Jean Blue
opened an LIR account

• Jean Blue already did some


things in the Database

• You were requested to take


over some tasks

• You decided to come to this


training course!

9
The RIPE Database
What is it?
Your LIR Account Was Activated
1. Read the email 1

- from the RIPE NCC Member Services department

2. Go to https://apps-test.db.ripe.net

3. Search for the person object from the email

11
What Do You See?
• What do you get as a result?
• Which lines are not easy to understand?

12
What You Are Seeing
A person object has data that can be used to contact
a real person

person

This is how you

can contact me

13
The RIPE Database
Public Internet resource and routing registry database

14
Purpose of the RIPE Database
• Registry of WHO holds IPs and ASNs
• Keep contact information
- For troubleshooting, notifying of outages, etc.

• Publishing routing policies


• Provisioning reverse DNS

15
RIPE Database Objects
IPs and ASNs Contact Information
inetnum inet6num organisation person

aut-num role

Routing
route route6

as-set

Reverse DNS Object Protection


domain mntner

16
Looking Up Object Templates
1. Go to http://apps-test.db.ripe.net

2. Search for the following:

-t person

• Alternatively, check the manual:

https://www.ripe.net/manage-ips-and-asns/db/support/
documentation/ripe-database-documentation/

17
What Do You See?
• What do you get as a result?
• What is not easy to understand?

18
Anatomy of an Object

person: Jean Blue


address: Long Street 123
address: 76543 Big City

e s e-mail: [email protected]
s
ut e
b nic-hdl: JB0123-RIPE lu
tt ri Va
A mnt-by: SECURITY-MNT
created: (date & time)
last-modified: (date & time)
source: RIPE

19
Object Templates

person: [mandatory] [single] [lookup key]


address: [mandatory] [multiple] [ ]
phone: [mandatory] [multiple] [ ]
fax-no: [optional] [multiple] [ ]
e-mail: [optional] [multiple] [lookup key]
org: [optional] [multiple] [inverse key]
nic-hdl: [mandatory] [single] [primary/lookup key]
remarks: [optional] [multiple] [ ]
notify: [optional] [multiple] [inverse key]
mnt-by: [mandatory] [multiple] [inverse key]
created: [generated] [single] []
last-modi ed: [generated] [single] []
source: [mandatory] [single] []

20
fi
Primary Key
• Every object has one Primary Key
• It makes the object unique
- Different from other objects of the same type

inetnum organisation

inet6num Primary Key person


nic-hdl:

aut-num role
nic-hdl:

21
Lookup Keys

person: Jean Blue


👁
address: Long Street 123
address: 76543 Big City
e-mail: [email protected]
nic-hdl: JB0123-RIPE
mnt-by: SECURITY-MNT
created: (date & time)
last-modified: (date & time)
source: RIPE

22
Search For Your Organisation
1. Read the email 1 again

2. Go to https://apps-test.db.ripe.net

3. Search for the organisation object

23
What Do You See?
• What does the organisation object represent?
• Notice the “admin-c:” and “tech-c:” attributes
• What are their values?

24
What You Are Seeing
An organisation object has data about a company,
institution or any other kind of organisation that has
IP addresses and AS Numbers

organisation

This is how you can


contact ORG
and who is
responsible

25
Objects Are Linked To Each Other

IP block organisation

org:
contact:
contact:

person

org:

26
admin-c
• Appears in most types of objects
• Name of administrative contact person(s)
• This is someone who will be contacted about
administrative questions such as network
registration, etc.

27
tech-c
• Appears in most types of objects
• Name of technical contact person(s)
• This is someone to be contacted for technical
problems such as routing, (mis)behavior of hosts
on the net, etc.

28
Search For Your Role Object
1. Read the email 1 again

2. Go to https://apps-test.db.ripe.net

3. Search for the role object

29
What Do You See?
• Notice the “admin-c:” and “tech-c:” attributes
• What are their values?
• Do you see any attribute that catches the eye?

30
Two Functions for the Role Object

Group of Persons Abuse Contact

role
admin-c:
tech-c:

abuse-mailbox:

31
Role Object: Abuse Contact
• The role object contains the “abuse-mailbox:”
• Objects reference the role in “abuse-c:”
• RIPE Database shows the abuse contact in
WHOIS query results

role: Abuse Reports


abuse-c: AR0555-RIPE

nic-hdl: AR0555-RIPE

abuse-mailbox: [email protected]

32
Role Object: Group of Persons
person: Jean Blue
nic-hdl: JB123-RIPE
address: Long Street 5 IP block
phone: +31 20 555 0101 admin-c: LA789-RIPE
email: [email protected] tech-c: LA789-RIPE
mnt-by: LIR-MNT
mnt-by:
IP block LIR-MNT
role: LIR Admin admin-c: LA789-RIPE
nic-hdl: LA789-RIPE tech-c: LA789-RIPE
mnt-by:
IP block LIR-MNT
admin-c: LA789-RIPE
tech-c: LA789-RIPE
mnt-by: LIR-MNT mnt-by: LIR-MNT
IP block
person: Betty White admin-c: LA789-RIPE
nic-hdl: BW531-RIPE tech-c: LA789-RIPE
address: Long Street 5 mnt-by: LIR-MNT
phone: +31 20 555 0101
email: [email protected]
mnt-by: LIR-MNT
33
Role Object: Group of Persons
person: Jean Blue
nic-hdl: JB123-RIPE
address: Long Street 5 IP block
phone: +31 20 555 0101 admin-c: LA789-RIPE
email: [email protected] tech-c: LA789-RIPE
mnt-by: LIR-MNT
mnt-by:
IP block LIR-MNT
role: LIR Admin admin-c: LA789-RIPE
nic-hdl: LA789-RIPE tech-c: LA789-RIPE
admin-c: JB123-RIPE mnt-by:
IP block LIR-MNT
tech-c: JB123-RIPE
admin-c: LA789-RIPE
tech-c: LA789-RIPE
mnt-by: LIR-MNT mnt-by: LIR-MNT
IP block
person: Betty White admin-c: LA789-RIPE
nic-hdl: BW531-RIPE tech-c: LA789-RIPE
address: Long Street 5 mnt-by: LIR-MNT
phone: +31 20 555 0101
email: [email protected]
mnt-by: LIR-MNT
33
Role Object: Group of Persons
person: Jean Blue
nic-hdl: JB123-RIPE
address: Long Street 5 IP block
phone: +31 20 555 0101 admin-c: LA789-RIPE
email: [email protected] tech-c: LA789-RIPE
mnt-by: LIR-MNT
mnt-by:
IP block LIR-MNT
role: LIR Admin admin-c: LA789-RIPE
nic-hdl: LA789-RIPE tech-c: LA789-RIPE
admin-c: JB123-RIPE mnt-by:
IP block LIR-MNT
tech-c: JB123-RIPE
admin-c: BW531-RIPE admin-c: LA789-RIPE
tech-c: BW531-RIPE tech-c: LA789-RIPE
mnt-by: LIR-MNT mnt-by: LIR-MNT
IP block
person: Betty White admin-c: LA789-RIPE
nic-hdl: BW531-RIPE tech-c: LA789-RIPE
address: Long Street 5 mnt-by: LIR-MNT
phone: +31 20 555 0101
email: [email protected]
mnt-by: LIR-MNT
33
Role Object: Group of Persons

IP block
admin-c: LA789-RIPE
tech-c: LA789-RIPE
mnt-by:
IP block LIR-MNT
role: LIR Admin admin-c: LA789-RIPE
nic-hdl: LA789-RIPE tech-c: LA789-RIPE
mnt-by:
IP block LIR-MNT
admin-c: BW531-RIPE admin-c: LA789-RIPE
tech-c: BW531-RIPE tech-c: LA789-RIPE
mnt-by: LIR-MNT mnt-by: LIR-MNT
IP block
person: Betty White admin-c: LA789-RIPE
nic-hdl: BW531-RIPE tech-c: LA789-RIPE
address: Long Street 5 mnt-by: LIR-MNT
phone: +31 20 555 0101
email: [email protected]
mnt-by: LIR-MNT
33
Questions
How Does It Work?
Looking for data in the Database
Search For Your Allocations
1. Read emails 2 and 3
- from the Registry Services department

2. Go to http://apps-test.db.ripe.net

3. Search for the inetnum and inet6num objects


- Open two tabs or windows if needed!
- Use the text in the “inetnum:” and “inet6num:” lines
- i.e. 10.XX.0.0 - 10.XX.3.255
- i.e. 2002:ffXX::/32

36
What Do You See?
• Look at the first object in the results
• What do you see?
• How many objects did you get?

37
Network Objects

IPv4 = inetnum IPv6 = inet6num


inetnum: 192.30.0.0 - 192.30.3.255 inet6num: 2001:db8::/32

netname: NL-NETWORK-20170101 netname: NL-NETWORK-20170101


country: NL country: NL
org: ORG-EE2-RIPE org: ORG-EE2-RIPE
admin-c: DV789-RIPE admin-c: DV789-RIPE
tech-c: JS123-RIPE tech-c: JS123-RIPE
status: ALLOCATED PA status: ALLOCATED-BY-RIR
mnt-by: RIPE-NCC-HM-MNT mnt-by: RIPE-NCC-HM-MNT
mnt-by: DEFAULT-LIR-MNT mnt-by: DEFAULT-LIR-MNT
source: RIPE source: RIPE

38
• Same object structure for IPv4 and IPv6
inetnum: IPv4 RANGE

Network inet6num: IPv6 PREFIX


netname: NETWORK-NAME
country: ZZ
org: ORG-ZZ123-RIPE
Contact information admin-c: AD321-RIPE
tech-c: TE123-RIPE

Type of address space status: ALLOC-ASSIGN


mnt-by: RIPE-NCC-HM-MNT
Protection of object
mnt-by: DEFAULT-LIR-MNT
source: RIPE

39
Hierarchical Distribution

IANA

RIR

LIR Sponsoring LIR

End User

Allocation PA Assignment PI Assignment

40
Object Status Hierarchy
IPv4
RIR ALLOCATED UNSPECIFIED
LIR ALLOCATED PA
End ASSIGNED PA SUB-ALLOCATED PA ASSIGNED PI
User
ASSIGNED PA

IPv6
RIR ALLOCATED-BY-RIR
LIR ALLOCATED-BY-RIR
End ASSIGNED AGGREGATED-BY-LIR ALLOCATED-BY-LIR ASSIGNED PI
User
ASSIGNED AGGREGATED-BY-LIR

41
Default Query Results
• When you query for an IP address or prefix…

Least Specific

Most Specific

42
Default Query Results
• When you query for simple text…

something
PERSON ORGANISATION

PERSON
ROLE

INET6NUM
ROLE PERSON

INETNUM

43
Filtered Query Results
• All email addresses are filtered
• Show them with -B flag in query
- Or turn on “Show full object details”

• “auth:” attribute values are always filtered


mntner: LIR-MNT
person: Jean Blue
admin-c: JB123-RIPE
nic-hdl: JB123-RIPE
address: Long Street 5 auth: MD5-PW # Filtered
phone: +31 20 555 0101 auth: SSO # Filtered
mnt-by: LIR-MNT auth: PGP-KEY-54321
source: RIPE # Filtered mnt-by: LIR-MNT
source: RIPE # Filtered

44
Results Without Related Objects
Search term: -r 193.0.24.1

45
Results Without Related Objects
Search term: -r 193.0.24.1

inetnum: 193.0.24.0 - 193.0.30.255

admin-c: BRD-RIPE

tech-c: OPS4-RIPE

45
Results Without Related Objects
Search term: -r 193.0.24.1

inetnum: 193.0.24.0 - 193.0.30.255

admin-c: BRD-RIPE route: 193.0.24.0/21

origin: AS2121
tech-c: OPS4-RIPE

45
Results With Related Objects
Search term: 193.0.24.1

46
Results With Related Objects
Search term: 193.0.24.1

inetnum: 193.0.24.0 - 193.0.30.255

admin-c: BRD-RIPE

tech-c: OPS4-RIPE

46
Results With Related Objects
Search term: 193.0.24.1

role: RIPE NCC Operations


inetnum: 193.0.24.0 - 193.0.30.255
admin-c: JDR-RIPE
admin-c: BRD-RIPE
tech-c: GL7321-RIPE
admin-c: BRD-RIPE tech-c: MENN1-RIPE
tech-c: RCO-RIPE
tech-c: CNAG-RIPE
tech-c: OPS4-RIPE
nic-hdl: OPS4-RIPE

46
Results With Related Objects
Search term: 193.0.24.1

role: RIPE NCC Operations


inetnum: 193.0.24.0 - 193.0.30.255
admin-c: JDR-RIPE
person: Brian Riddle
admin-c: BRD-RIPE
address: Stationsplein 11
tech-c: GL7321-RIPE
address: 1012 AB Amsterdam
admin-c: BRD-RIPE tech-c: MENN1-RIPE
phone: +31 20 535 4444
tech-c: e-mail: [email protected]
RCO-RIPE
nic-hdl: BRD-RIPE
tech-c: CNAG-RIPE
tech-c: OPS4-RIPE
nic-hdl: OPS4-RIPE

46
Results With Related Objects
Search term: 193.0.24.1

role: RIPE NCC Operations


inetnum: 193.0.24.0 - 193.0.30.255
admin-c: JDR-RIPE
person: Brian Riddle
admin-c: BRD-RIPE
address: Stationsplein 11
tech-c: GL7321-RIPE
address: 1012 AB Amsterdam
admin-c: BRD-RIPE tech-c: MENN1-RIPE
phone: +31 20 535 4444
tech-c: e-mail: [email protected]
RCO-RIPE
nic-hdl: BRD-RIPE
tech-c: CNAG-RIPE
tech-c: OPS4-RIPE
nic-hdl: OPS4-RIPE

route: 193.0.24.0/21

origin: AS2121

46
Making Better Queries
• Reduce the amount of objects returned
• Use options and flags to optimise the results
• Avoid getting blocked!

47
Selecting Object Types
• Choose the types of objects you want to see
• This results in fewer objects to process


• Using a flag: -T inetnum


48
Search For Your Allocations Again
1. In the previous query windows, turn off “Do not
retrieve related objects”

2. Search again for the inetnum and inet6num


objects

49
What Do You See?
• Look at all the objects in the results
• How many objects did you get now?
• Which objects are now in the results?

50
Navigating the Hierarchy
• Using flags, you can find what is under or above an
inet(6)num object
- Under = More Specific
- Above = Less Specific

• The flags: -m, -M, -l, -L


• Also in the “Hierarchy Flags” tab

51
More Specific inetnums: -m

-m 193.0.24.0/21

193.0.24.0/21

/24 /26 /25

52
More Specific inetnums: -M

-M 193.0.24.0/21

193.0.24.0/21

/24 /26 /25

/26

53
Less Specific inetnums: -l

-l 193.0.25.0/24

193.0.24.0/21

193.0.25.0/24

54
Less Specific inetnums: -L

-L 193.0.25.0/24

0/0

193.0.24.0/21

193.0.25.0/24

55
Search For Your Allocations Again
1. In the previous query windows, add “-m” to the
search text

- i.e. -m 10.XX.0.0 - 10.XX.3.255


- i.e. -m 2002:ffXX::/32

2. Search again for the inetnum and inet6num


objects

56
What Do You See?
• Look at the objects in the results
• How many objects did you get now?
• Different from what you got before?
- Notice the “status:” attribute

57
What You Are Seeing
IPv4
LIR ALLOCATED PA /22
End ASSIGNED PA /25
User

IPv6
LIR ALLOCATED-BY-RIR /32
End ASSIGNED /40
User

58
Questions
How To Update It?
Updating the RIPE Database
Part 1
Updating: What You Need
• To update the RIPE Database you must have:
- a RIPE NCC Access account
- a maintainer object
- the need to create, update or delete an object!

61
Search for LIR Maintainer Object
1. Read the email 5
- from your colleague Jean Blue

2. Go to http://apps-test.db.ripe.net
3. Search for the maintainer object
- i.e. SMXX-MNT

62
What Do You See?
• Look at the “mnt-by:” attribute
• What is the value?
• Look at the “auth:” attribute
• What is the value?

63
Maintainers: Protecting Objects
person: Jean Blue
address: My Street 9876
address: Office 123
phone: +31 20 876 5432
e-mail: [email protected]
nic-hdl: JB123-RIPE
mnt-by: LIR-MNT

mntner: LIR-MNT
admin-c: JB123-RIPE
notify: [email protected]
upd-to: [email protected]
auth: MD5-PW $1$crypto-stuff
auth: SSO [email protected]
auth: PGP-KEY-<key ID>
mnt-by: LIR-MNT

64
Maintainers: Protecting Objects
person: Jean Blue
address: My Street 9876
address: Office 123
phone: +31 20 876 5432
e-mail: [email protected]
nic-hdl: JB123-RIPE
mnt-by: LIR-MNT

mntner: LIR-MNT
admin-c: JB123-RIPE
notify: [email protected]
upd-to: [email protected]
auth: MD5-PW $1$crypto-stuff
auth: SSO [email protected]
auth: PGP-KEY-<key ID>
mnt-by: LIR-MNT

64
Maintainers: Protecting Objects
person: Jean Blue
address: My Street 9876
address: Office 123
phone: +31 20 876 5432
e-mail: [email protected]
nic-hdl: JB123-RIPE
mnt-by: LIR-MNT

mntner: LIR-MNT
admin-c: JB123-RIPE
notify: [email protected]
upd-to: [email protected]
auth: MD5-PW $1$crypto-stuff
auth: SSO [email protected]
auth: PGP-KEY-<key ID>
mnt-by: LIR-MNT

64
Maintainers: Protecting Objects
person: Jean Blue
address: My Street 9876
address: Office 123
phone: +31 20 876 5432
e-mail: [email protected]
nic-hdl: JB123-RIPE
mnt-by: LIR-MNT

mntner: LIR-MNT
admin-c: JB123-RIPE
notify: [email protected]
upd-to: [email protected]
auth: MD5-PW $1$crypto-stuff
auth: SSO [email protected]
auth: PGP-KEY-<key ID>
mnt-by: LIR-MNT

64
Maintainers: Authentication
• SSO
- default authentication mechanism
- uses RIPE NCC Access account
- to authenticate: login on RIPE NCC website

• PGP
- uses PGP key pair
- to authenticate: sign updates with private PGP key

• MD5-PW
- uses a MD5 hashed password
- to authenticate: provide clear text password

65
Maintainers: Associating an Account
• Your LIR maintainer has a MD5 password
• You want to add your Access as an “auth:” line
mntner: SMXX-MNT
admin-c: JBXX-TEST
tech-c: JBXX-TEST
upd-to: [email protected]
mnt-by: SMXX-MNT
auth: MD5-PW $1$crypto-stuff

66
Maintainers: Associating an Account
• Your LIR maintainer has a MD5 password
• You want to add your Access as an “auth:” line
mntner: SMXX-MNT
admin-c: JBXX-TEST
tech-c: JBXX-TEST
upd-to: [email protected]
mnt-by: SMXX-MNT
auth: MD5-PW $1$crypto-stuff
auth: SSO [email protected]

Your Access account is now associated!

66
Maintainers: Associating an Account
You can easily associate your Access account
- if the maintainer is using MD5-PW authentication

1.Try to update the maintainer object


- Log in to your Access account!

2.You will be asked to provide the password

3.Authorise your RIPE NCC Access account


for this maintainer

67
Multiple Maintainers

mntner: ONE-MNT
admin-c: LA789-RIPE
tech-c: LA789-RIPE person: Jean Blue
mnt-by: ONE-MNT
address: My Street 9876
auth: SSO [email protected]
phone: +31 20 876 5432
auth: PGPKEY-AE6FBTI7
e-mail: [email protected]
nic-hdl: JB123-RIPE

mntner: TWO-MNT mnt-by: ONE-MNT


mnt-by: TWO-MNT
admin-c: XY456-RIPE
tech-c: XY456-RIPE
mnt-by: TWO-MNT
auth: MD5-PW $1$crypto-stuff

68
Default Maintainer for LIRs
• Allows partial control over Allocation and ORG
• Can be selected in the LIR Account Details
• Automatically reflected in the RIPE Database
IP Address Allocation

mnt-by: RIPE-NCC-HM-MNT
mntner: DEFAULT-LIR-MNT mnt-by: DEFAULT-LIR-MNT
auth: MD5-PW $1$abC789#1
auth: SSO [email protected]
mnt-by: DEFAULT-LIR-MNT LIR Organisation

mnt-by: RIPE-NCC-HM-MNT
mnt-by: DEFAULT-LIR-MNT

69
Synch With LIR Portal
• Default LIR Maintainer can be synchronised with
LIR Portal
• Users added as SSO to the maintainer
• Previous “auth:” lines are removed
User Accounts mntner: DEFAULT-LIR-MNT
admin-c: JB123-RIPE
Jack Sparrow
[email protected] notify: [email protected]
upd-to: [email protected]
Jill Fernet auth: SSO [email protected]
[email protected] auth: SSO [email protected]
auth: SSO [email protected]
Went Down mnt-by: LIR-MNT
[email protected]

70
Personal vs Shared
LIR objects, shared maintainer IP Address Allocation
mntner: DEFAULT-LIR-MNT mnt-by: RIPE-NCC-HM-MNT
auth: MD5-PW $1$abC789#1 mnt-by: DEFAULT-LIR-MNT
auth: SSO [email protected]
auth: SSO [email protected] LIR Organisation

mnt-by: RIPE-NCC-HM-MNT
mnt-by: DEFAULT-LIR-MNT

Your person, your maintainer


mntner: PERSONAL-MNT
Person

auth: SSO [email protected] mnt-by: PERSONAL-MNT

71
Maintainer and Person

person: John Doe

address: My Street 9876


phone: +31 20 876 5432
e-mail: [email protected]
nic-hdl: JD963-RIPE
mnt-by: PERSONAL-MNT

mntner: PERSONAL-MNT

admin-c: JD963-RIPE
descr: Startup maintainer
auth: SSO [email protected]
mnt-by: PERSONAL-MNT

72
Creating Your Person/Mntner Pair
1. Read again the email 5
- from your colleague Jean Blue

2. Go to http://apps-test.db.ripe.net
3. On the left side, click on “Create an object”
4. Choose ”role and maintainer pair”
5. Switch to “person”
6. Click on [Create]

73
What Do You See?
• Which attributes do you see in the empty template?
• Which lines are not easy to understand?

• Fill in the template and click on [Submit]


• Write down the nic-hdl and the mntner

74
What You Are Seeing
• Congratulations! You just created your first objects
in the RIPE (TEST) Database!

• You now have your own person object and your


own personal maintainer

+
75
Creating a Role Object
It’s a good habit to use a role for the admin-c and
tech-c attributes of LIR objects

1.Go to http://apps-test.db.ripe.net

2.On the left side, click on “Create an object”

3.Choose ”role” and click on [Create]

76
3.Choose which maintainer will protect the new
object

4.Click on the X to remove a maintainer

Please enter the maintainers you would like to use as mnt-by

LIR-MNT x PERSONAL-MNT x

✩ = Associated with your Access account

77
3.Choose which maintainer will protect the new
object

4.Click on the X to remove a maintainer

Please enter the maintainers you would like to use as mnt-by

LIR-MNT x

✩ = Associated with your Access account

77
5.Fill in the template with data
- Use your LIR maintainer (SMXX-MNT)
- Use role: Tech Team
- Leave nic-hdl as it is: AUTO-1

78
6.Click on the [ + ] button next to “email”
- Choose “admin-c” from the drop-down list
- Click on [ Add ]
- You now have an empty “admin-c:” attribute

7.Do the same steps in 6) and add a “tech-c:”

79
8.Fill in the admin-c and tech-c with data
- admin-c: JBXX-TEST
- tech-c: YOUR PERSON OBJECT

9.Click on the [Submit] button

• If all was correctly filled in, you have a role object!


• Write down the nic-hdl of the object
80
What You Just Did

role: Tech Team

nic-hdl: TT123-TEST

mnt-by: SMXX-MNT

81
What You Just Did
person: Jean Blue

address: My Street 9876


phone: +31 20 876 5432
e-mail: [email protected]
nic-hdl: JBXX-TEST role: Tech Team
mnt-by: SMXX-MNT
nic-hdl: TT123-TEST

admin-c: JBXX-TEST

mnt-by: SMXX-MNT

81
What You Just Did
person: Jean Blue

address: My Street 9876


phone: +31 20 876 5432
e-mail: [email protected]
nic-hdl: JBXX-TEST role: Tech Team
mnt-by: SMXX-MNT
nic-hdl: TT123-TEST

admin-c: JBXX-TEST

person: Your Name tech-c: YOUR NIC-HDL

address: Your Address mnt-by: SMXX-MNT


phone: Your phone number
e-mail: Your email address
nic-hdl: YOUR NIC-HDL
mnt-by: YOUR-PERSONAL-MNT

81
Questions
How To Update It?
Updating the RIPE Database
Part 2
Registering IPv4 and IPv6
1. Let’s go back to the email 5
- from your colleague Jean Blue

2. Go to http://apps-test.db.ripe.net
3. On the left side, click on “Create an object”
4. Choose ”inetnum” or “inet6num”
5. Click on [Create]

84
What Do You See?
• Which attributes do you see in the template?
• Notice the first line (mnt-by:)
• How many maintainers appear here?
• Which lines are not easy to understand?

85
Registering Assignments

inetnum: 10.XX.0.0 - 10.XX.3.255 inet6num: 2002:ffXX::/32


mnt-by: TEST-NCC-HM-MNT mnt-by: RIPE-NCC-HM-MNT
mnt-by: SMXX-MNT mnt-by: SMXX-MNT
status: ALLOCATED PA status: ALLOCATED-BY-RIR

inetnum: 10.XX.2.0 - 10.XX.2.255 inet6num: 2002:ffXX:1001::/48


mnt-by: SMXX-MNT mnt-by: SMXX-MNT
status: ASSIGNED PA status: ASSIGNED

86
Registering Assignments
• To create an assignment, you must have
authorisation from the allocation

• Here, “mnt-by:” has control over the allocation


object and the space under the object

IP Address Allocation
mnt-by: RIPE-NCC-HM-MNT
mnt-by: DEFAULT-LIR-MNT

ASSIGNMENT ASSIGNMENT ASSIGNMENT


mnt-by: DEFAULT-LIR-MNT mnt-by: DEFAULT-LIR-MNT mnt-by: DEFAULT-LIR-MNT
status: ASSIGNMENT status: ASSIGNMENT status: ASSIGNMENT

87
Registering Assignments
• If “mnt-lower:” is present, then it has permission to
create objects in the space under the object

- but it cannot update the allocation! (mnt-by:)

IP Address Allocation
mnt-by: RIPE-NCC-HM-MNT
mnt-by: DEFAULT-LIR-MNT
mnt-lower: ANOTHER-MNT

ASSIGNMENT ASSIGNMENT ASSIGNMENT


mnt-by: ANOTHER-MNT mnt-by: ANOTHER-MNT mnt-by: ANOTHER-MNT
status: ASSIGNMENT status: ASSIGNMENT status: ASSIGNMENT

88
Filling In The Template
• Choose which maintainer will protect the new
object

• Click on the X to remove a maintainer


Please enter the maintainers you would like to use as mnt-by

LIR-MNT x PERSONAL-MNT x

✩ = Associated with your Access account

89
Filling In The Template
• Choose which maintainer will protect the new
object

• Click on the X to remove a maintainer


Please enter the maintainers you would like to use as mnt-by

LIR-MNT x

✩ = Associated with your Access account

89
Filling In The Template
Same object structure for IPv4 and IPv6

Address space and inetnum: IPv4 RANGE


Network name inet6num: IPv6 PREFIX
netname: NETWORK-NAME

country: ZZ
Country and
admin-c: AD321-RIPE
Contact information
tech-c: TE123-RIPE

Type of address space status: ASSIGNMENT

mnt-by: DEFAULT-LIR-MNT
source: RIPE

90
Object Creation Success
If the values in the object template are correct,
then the RIPE Database will create the object

inetnum: 10.30.2.0 - 10.30.2.255 inet6num: 2002:ff30:1001::/48


netname: LAIKA-NET-01 netname: LAIKA-NET-01
country: ZZ country: ZZ
admin-c: MB54321-TEST admin-c: MB54321-TEST
tech-c: ROLE-NIC-HDL tech-c: ROLE-NIC-HDL
status: ASSIGNED PA status: ASSIGNED
mnt-by: SMXX-MNT mnt-by: SMXX-MNT

91
✔︎
✔︎
Deleting Objects
1. Let’s go back to the email 5
- from your colleague Jean Blue

2. Go to http://apps-test.db.ripe.net
3. Search for all the assignments:
- i.e. -m 10.XX.0.0 - 10.XX.3.255
- i.e. -m 2002:ffXX::/32

92
4. You should see Jean Blue’s assignments and your
newly registered assignments
5. Look for the wrong objects in the results
6. Click on [Update object]
7. Click on the [Delete this object] button
8. Provide a “reason” and click on [Confirm delete]

ASSIGNMENT

mnt-by: SMXX-MNT

93
LIR Keeps Control
• LIR Default Maintainer has control over the whole
address space

• Use “Force Delete” to remove lost objects


Allocation
mnt-by: RIPE-NCC-HM-MNT
mnt-by: DEFAULT-LIR-MNT

ASSIGNMENT ASSIGNMENT

mnt-by: ANOTHER-MNT mnt-by: SOME-OTHER-MNT

94
LIR Keeps Control
• LIR Default Maintainer has control over the whole
address space

• Use “Force Delete” to remove lost objects


Allocation
mnt-by: RIPE-NCC-HM-MNT
mnt-by: DEFAULT-LIR-MNT

ASSIGNMENT ASSIGNMENT

mnt-by: ANOTHER-MNT mnt-by: SOME-OTHER-MNT

94
When You Cannot Delete
• If an object is referenced in another object,
you must first remove the reference

This object cannot be deleted

You can only delete unreferenced objects. Please remove the references
from these objects rst:

• mntner - SM30-MNT

• inetnum - 10.30.0.0 - 10.30.3.255


• inet6num - 2002: 30::/32

• organisation - ORG-IC30-TEST

• aut-num - AS65530

Return to object

95
ff
fi
Summary
• You have now updated the RIPE Database:
- Associated your Access with the LIR maintainer
- Created your own person/maintainer pair
- Created a role object for the LIR
- Registered assignments by creating inet(6)num objects
- Deleted the wrong inet(6)num objects

96
✔︎
Questions
Delegating To Others
Giving control to someone else
Register a IPv6 Sub-Allocation
1. Go to http://apps-test.db.ripe.net

2. On the left side, click on “Create an object”

3. Choose “inet6num” and click on [Create]

99
4. Fill in the template:
- inet6num: 2002:ffXX:a000::/36

- netname: SUBALLOCATION

- country: your neighbor’s country

- Use your person object as “admin-c:”

- Use your neighbor’s person object as “tech-c:”

100
5. Add a “mnt-lower:” attribute
- Use your neighbor’s maintainer as value

6. Choose the status ALLOCATED-BY-LIR

7. Click on [Submit]

101
Sub-Allocations
• Block for a downstream customer
• Branch office or department

Large ISP

Head Office

Downstream
ISP

Branch Office 1 Branch Office 2


Customers
102
Delegating Control
• “mnt-lower:” attribute gives permission to create
more specific objects
Allocation
mnt-by: RIPE-NCC-HM-MNT
mnt-by: DEFAULT-LIR-MNT

Sub-Allocation
mnt-by: DEFAULT-LIR-MNT
mnt-lower: BRANCH-MNT

Assignment

mnt-by: BRANCH-MNT

103
Registering Sub-Allocations
Use the appropriate “status:”
IPv4 = SUB-ALLOCATED PA
IPv6 = ALLOCATED-BY-LIR

inetnum: 10.0.1.0 - 10.0.2.255 inet6num: 2002:ff00:a000::/36


inet6num: 2002:ff30:a000::/36
netname: Branch-office-1 netname: Branch-office-1
country: NL country: NL
admin-c: LA789-RIPE admin-c: LA789-RIPE
tech-c: LA789-RIPE tech-c: LA789-RIPE
status: SUB-ALLOCATED PA status: ALLOCATED-BY-LIR
mnt-by: LIR-MNT mnt-by: LIR-MNT
mnt-lower: BRANCH-MNT mnt-lower: BRANCH-MNT

104
Create an Assignment
1. Go to http://apps-test.db.ripe.net

2. On the left side, click on “Create an object”

3. Choose ”inet6num” and click on [Create]

4. Fill in the template:


- inet6num: 2002:ffzz:a000::/48
- zz = number of your neighbor
- status: ASSIGNED

5. You know how to do the rest! ;-)

105
What You Just Did

Allocation: 2002:ff30::/32
mnt-by: TEST-NCC-HM-MNT
mnt-by: SM30-MNT

106
What You Just Did

Allocation: 2002:ff30::/32
mnt-by: TEST-NCC-HM-MNT
mnt-by: SM30-MNT

106
What You Just Did

Allocation: 2002:ff30::/32
mnt-by: TEST-NCC-HM-MNT
mnt-by: SM30-MNT

Sub-Allocation: 2002:ff30:a000::/36
mnt-by: SM30-MNT
mnt-lower: SM15-MNT

106
What You Just Did

Allocation: 2002:ff30::/32
mnt-by: TEST-NCC-HM-MNT
mnt-by: SM30-MNT

Sub-Allocation: 2002:ff30:a000::/36
mnt-by: SM30-MNT
mnt-lower: SM15-MNT

106
What You Just Did

Allocation: 2002:ff30::/32
mnt-by: TEST-NCC-HM-MNT
mnt-by: SM30-MNT

Sub-Allocation: 2002:ff30:a000::/36
mnt-by: SM30-MNT
mnt-lower: SM15-MNT

Assignment

mnt-by: SM15-MNT

106
Separate Abuse Contact
• Sub-allocations can have a separate “abuse-c:”
Allocation: 2001:db8::/32
abuse-c: AC1-RIPE
mnt-by: RIPE-NCC-HM-MNT [email protected]
mnt-by: LIR-MNT

Sub-Allocation: 2001:db8:a000::/36
mnt-by: LIR-MNT Sub-Allocation: 2001:db8:5000::/36

abuse-c: AC2-RIPE mnt-by: LIR-MNT


abuse-c: AC3-RIPE

[email protected]
[email protected]

107
Questions
RIPE Routing Registry
aut-num, route and route6 objects
Search For Your aut-num Object
1. Read the email 6

2. Go to http://apps-test.db.ripe.net

3. Search for AS655XX

110
What Do You See?
• What does this object represent?
• Which attributes call your attention?

111
Autonomous System Number Objects
• Known as aut-num objects
• Register who holds an AS Number and the routing
policy for that AS

aut-num: AS12345

as-name: YOUR-AS-NAME
org: ORG-EE2-RIPE
import: from AS1010 accept ANY
export: to AS1010 announce AS12345
import: from AS987 accept ANY
export: to AS987 announce AS12345
admin-c: DV789-RIPE
tech-c: JS123-RIPE
status: ASSIGNED
mnt-by: RIPE-NCC-END-MNT
mnt-by: DEFAULT-LIR-MNT
source: RIPE

112
Routing Policy
INTERNET

TRANSIT

AS2

PEER YOU aut-num: AS1


import: from AS2 accept ANY
AS4 AS1 export: to AS2 announce AS1 AS3
import: from AS3 accept AS3
export: to AS3 announce ANY
import: from AS4 accept AS4
export: to AS4 announce AS1 AS3
AS3
CUSTOMER
113
Building An aut-num Object

aut-num: AS2 aut-num: AS1 aut-num: AS3

114
Building An aut-num Object

INTERNET

AS1

aut-num: AS2 aut-num: AS1 aut-num: AS3

114
Building An aut-num Object

INTERNET

AS2 AS1

aut-num: AS2 aut-num: AS1 aut-num: AS3

114
Building An aut-num Object

INTERNET

AS2 AS1

aut-num: AS2 aut-num: AS1 aut-num: AS3


import: from AS1 accept AS1 export: to AS2 announce AS1

114
Building An aut-num Object

INTERNET

AS2 AS1

aut-num: AS2 aut-num: AS1 aut-num: AS3


import: from AS1 accept AS1 export: to AS2 announce AS1

export: to AS1 announce AS2 import: from AS2 accept AS2

114
Building An aut-num Object

INTERNET

AS2 AS1 AS3

aut-num: AS2 aut-num: AS1 aut-num: AS3


import: from AS1 accept AS1 export: to AS2 announce AS1

export: to AS1 announce AS2 import: from AS2 accept AS2

114
Building An aut-num Object

INTERNET

AS2 AS1 AS3

aut-num: AS2 aut-num: AS1 aut-num: AS3


import: from AS1 accept AS1 export: to AS2 announce AS1

export: to AS1 announce AS2 import: from AS2 accept AS2

import: from AS3 accept ANY export: to AS1 announce ANY

114
Building An aut-num Object

INTERNET

AS2 AS1 AS3

aut-num: AS2 aut-num: AS1 aut-num: AS3


import: from AS1 accept AS1 export: to AS2 announce AS1

export: to AS1 announce AS2 import: from AS2 accept AS2

import: from AS3 accept ANY export: to AS1 announce ANY

export: to AS3 announce AS1 import: from AS1 accept AS1

114
Search For route(6) Objects
1. Read the email 6

2. Go to http://apps-test.db.ripe.net

3. Search for the route(6) objects


- Use the “-T” flag to show the route(6) objects
- i.e. -T route 10.xx.0.0/22
- i.e. -T route6 2002:ffxx::/32

115
What Do You See?
• Did you get any objects in the results?

• No? Then there are no route(6) objects yet!

116
What Are route(6) Objects?
• route(6) objects register which IPv4/IPv6 prefix
will be announced by which AS number

• Used for creating BGP filters


RIPE Database
Router configuration route: IPv4 prefix
BGP Filters
origin: AS Number
From AS Number accept:
• IPv4 prefix route6: IPv6 prefix
• IPv6 prefix
origin: AS Number

117
How To Create route(6) Objects
• You need permission from:
1. inetnum or inet6num
2. route or route6

Allocation route(6)
mnt-by: RIPE-NCC-HM-MNT origin: AS12345
1 mnt-by: DEFAULT-LIR-MNT 2
mnt-routes: ANOTHER-MNT mnt-by: ANOTHER-MNT

* mnt-routes delegates the creation of route(6) objects

118
Registering IPv4 Routes

inetnum: 10.30.0.0 - 10.30.3.255

mnt-by: TEST-NCC-HM-MNT

mnt-by: SM30-MNT

route: 10.30.0.0/22

origin: AS65530

mnt-by: SM30-MNT

119
Registering IPv6 Routes

inet6num: 2002:ff30::/32

mnt-by: TEST-NCC-HM-MNT

mnt-by: SM30-MNT

route6: 2002:ff30::/32

origin: AS65530

mnt-by: SM30-MNT

120
AS-Sets

route: 10.30.0.0/22

origin: AS65530

as-set: AS3333:AS-EXAMPLE

members: AS65530
route: 192.168.0.0/22
members: AS65535
origin: AS65535
members: AS65552

route: 169.254.0.0/16

origin: AS65552

121
AS-Sets

route: 10.30.0.0/22

origin: AS65530

as-set: AS3333:AS-EXAMPLE

as-set: AS65550:AS-CUST1
members: AS65530
members: AS65560
members: AS65550:AS-CUST1

route: 192.168.0.0/21 route: 192.0.0.0/24

origin: AS65560 origin: AS65560

122
Create route(6) Objects
1. Go to http://apps-test.db.ripe.net

2. On the left side, click on “Create an object”

3. Choose “route” or “route6” and click on [Create]

4. Fill in the template:


- route: 10.XX.0.0/22
- route6: 2002:ffXX::/32
- origin: AS655XX

123
Questions
Reverse DNS
Setting up reverse delegation
Looking For Domain Objects
1. Read the email 7
2. Go to http://apps-test.db.ripe.net
3. Search for your IPv4 allocation
4. Use the flags “-r -m -d” in the query
- “-d” flag includes domain objects in results
- i.e. -r -m -d 10.XX.0.0/22

You can try this with your own real allocation!

126
What Do You See?
• Do you see any domain objects in the results?

• No? Then Reverse Delegation is not set up yet!

127
DNS Tree Structure
• At the top is the root (.)
• Then the ccTLDs and gTLDs
• Each domain/sub-domain is stored in a DNS zone

128
What is Reverse DNS ?
Mapping of IP addresses to host names

193.2.6.139 2001:67c:2e8:22::c100:68b

www.ripe.net

129
Purpose of Reverse DNS
Reverse DNS is used for:
- Identifying Spam
- Network Diagnostics
- Controlling Access to a Network
DNS Server

You shall not pass! .4 ?


.3
From: example.com 1 .2
N S
e D
v e rs t
Re s .ne
g u
w.bo
w w

Mail Server X Your Mail Server


IP Address 1.2.3.4

130
How does Reverse DNS Work?
139.6.0.193.in-addr.arpa ?
<< . >>
(root)
ask .in-addr.arpa DNS

139.6.0.193.in-addr.arpa ?
.in-addr.arpa

ask .193 DNS

139.6.0.193.in-addr.arpa ? RIPE NCC


.193 zone
ask .0.193 DNS

Which host is pointing to


193.0.6.139?

etc…

139.6.0.193.in-addr.arpa ? 139.6.0.193.in-addr.arpa ?
Name
Servers

www.ripe.net www.ripe.net
RECURSIVE
CLIENT RESOLVER
131
Reverse Delegation Basics

IPv4 IPv6

in-addr.arpa zone ip6.arpa zone

/24 or /16 blocks Multiple of 4 bits

/28, /32, /36, /40,


/44, /48

132
Setting up Reverse Delegation
Configure your DNS servers
- at least two name servers in different subnets
- create a zone file on each for each chunk

Check your zones: http://dnscheck.ripe.net

133
Domain Objects
• Create records on RIPE NCC DNS servers
• They point to name servers that will be authoritative
for the zone

domain

For this zone,


go to these nserver1
RIPE NCC DNS servers:
Name nserver1
Servers
nserver2
nserver2

134
Creating Domain Objects
Which maintainers are on the address space?

Address Space
mnt-by: SOME-BIG-MNT
mnt-lower: ANOTHER-MNT
mnt-domains: DNS-ZONE-MNT

mnt-domains allows to delegate creation of domain


objects to another maintainer

135
Reverse DNS for IPv4

192.33.28.0

/24 28.33.192.in-addr.arpa

/16 33.192.in-addr.arpa

/8 192.in-addr.arpa

136
IPv4 and Domain Objects
IPv4 prefix: 192.33.28.0/24
Domain object:
domain: 28.33.192.in-addr.arpa
descr: rDNS for my IPv4 network
admin-c: NOC12-RIPE
tech-c: NOC12-RIPE
zone-c: NOC12-RIPE
nserver: pri.example.net
nserver: sns.company.org
ds-rdata: 45062 8 2 275d9acbf3d3fec11b6d6…
mnt-by: EXAMPLE-LIR—MNT
created: 2015-01-21T13:52:29Z
last-modified: 2016-02-07T15:09:46Z
source: RIPE
137
Reverse DNS for IPv6

2001:0 d b 8 : 0 0 3 e :ef11:0000:0000:c100:004d

/48 e.3.0.0.8.b.d.0.1.0.0.2.ip6.arpa

/44 3.0.0.8.b.d.0.1.0.0.2.ip6.arpa

/40 0.0.8.b.d.0.1.0.0.2.ip6.arpa

/36 0.8.b.d.0.1.0.0.2.ip6.arpa

/32 8.b.d.0.1.0.0.2.ip6.arpa

/28 b.d.0.1.0.0.2.ip6.arpa

138
IPv6 and Domain Objects
IPv6 prefix: 2001:db8::/32
Domain object:
domain: 8.b.d.0.1.0.0.2.ip6.arpa
descr: rDNS for my IPv6 network
admin-c: NOC12-RIPE
tech-c: NOC12-RIPE
zone-c: NOC12-RIPE
nserver: pri.example.net
nserver: sns.company.org
ds-rdata: 45062 8 2 275d9acbf3d3fec11b6d6…
mnt-by: EXAMPLE-LIR—MNT
created: 2015-01-21T13:52:29Z
last-modified: 2016-02-07T15:09:46Z
source: RIPE
139
Create Domain Objects Wizard

140
Create Domain Objects Wizard

140
Create Domain Objects Wizard

140
Create Domain Objects Wizard

140
Create Domain Objects Wizard

140
Create Domain Objects Wizard

140
Create Domain Objects Wizard

domain: 16.155.10.in-addr.arpa
domain:
mnt-by: 17.155.10.in-addr.arpa
EXAMPLE-MNT
nserver: 18.155.10.in-addr.arpa
domain:
mnt-by: tinnie.arin.net
EXAMPLE-MNT
nserver:19.155.10.in-addr.arpa
nserver:
domain: sec3.apnic.net
tinnie.arin.net
mnt-by: EXAMPLE-MNT
nserver:
nserver: sec3.apnic.net
tinnie.arin.net
mnt-by: EXAMPLE-MNT
nserver:
nserver: sec3.apnic.net
tinnie.arin.net
nserver: sec3.apnic.net

140
Exercise
How many domain objects?
Calculate How Many Objects
You have the following address space:
- 192.12.32.0/22
- 2a00:38::/29

How many domain objects do you have to create?


- Use the largest block size possible

What are the first and last domain objects for each?

142
And For The Customer?
What are the two domain objects for Marc Bromski’s
address space?

IPv4: 10.xx.2.0 – 10.xx.2.255

IPv6: 2002:ffxx:1001::/48

143
How to query for IPv6?
Which query would you use to find the /32 domain object
for the IPv6 allocation 2001:db8::/32?

a) -Md 2001:db8::/32

b) -md 2001:db8::/32

c) -xd 2001:db8::/32

144
Questions
More RIPE Database
Inverse Lookups, Free Text Search,
Notifications, RIPE Database WG
Looking For References
You want to replace the reference to Jean Blue’s
person object in all the LIR objects with your new LIR
role object

1. Go to http://apps-test.db.ripe.net

2. Search for “-i person JBXX-TEST”

147
What Do You See?
• Which objects are in the query results?
• Where do you see JBXX-TEST?

148
Inverse Lookups
Finding all objects in which an object is referenced

149
Inverse Lookups
Finding all objects in which an object is referenced

PERSON

149
Inverse Lookups
Finding all objects in which an object is referenced

PERSON ALLOCATION

ASSIGNMENT

ORGANISATION

MAINTAINER

149
Inverse Lookup: admin-c
inet6num: 2001:db8::/32
org: ORG-BB2-RIPE
admin-c: BW280-RIPE
tech-c: JB1-RIPE
mnt-by: RIPE-NCC-HM-MNT -i admin-c JB1-RIPE
mnt-by: DEFAULT-LIR-MNT

aut-num: AS64551 person: Jean Blue

org: ORG-BB2-RIPE address: Big Street 45


admin-c: JB1-RIPE phone: +31 20 345 6854
tech-c: TT789-RIPE e-mail: [email protected]
mnt-by: RIPE-NCC-END-MNT nic-hdl: JB1-RIPE
mnt-by: DEFAULT-LIR-MNT mnt-by: BLUE-MNT

mntner: DEFAULT-LIR-MNT
admin-c: JB1-RIPE
tech-c: TT789-RIPE
mnt-by: DEFAULT-LIR-MNT

role: Tech Team


nic-hdl: TT789-RIPE
admin-c: JB1-RIPE
tech-c: KH404-RIPE
mnt-by: DEFAULT-LIR-MNT 150
Inverse Lookup: person
inet6num:
person: 2001:db8::/32
John Smith
org: ORG-BB2-RIPE
admin-c: BW280-RIPE
tech-c: JB1-RIPE
mnt-by: RIPE-NCC-HM-MNT -i person JB1-RIPE
mnt-by: DEFAULT-LIR-MNT

aut-num: AS64551 person: Jean Blue

org: ORG-BB2-RIPE address: Big Street 45


admin-c: JB1-RIPE phone: +31 20 345 6854
tech-c: TT789-RIPE e-mail: [email protected]
mnt-by: RIPE-NCC-END-MNT nic-hdl: JB1-RIPE
mnt-by: DEFAULT-LIR-MNT mnt-by: BLUE-MNT

mntner: DEFAULT-LIR-MNT
admin-c: JB1-RIPE
tech-c: TT789-RIPE
mnt-by: DEFAULT-LIR-MNT

role: Tech Team


nic-hdl: TT789-RIPE
admin-c: JB1-RIPE
tech-c: KH404-RIPE
mnt-by: DEFAULT-LIR-MNT 151
Inverse Lookup: organisation
inet6num:
person: 2001:db8::/32
John Smith
descr: My IPv6 allocation
org: ORG-BB2-RIPE
admin-c: BW280-RIPE
tech-c: JB1-RIPE

inetnum: 188.23.16.0/21 -i org ORG-BB2-RIPE


descr: My IPv4 allocation
org: ORG-BB2-RIPE
organisation: ORG-BB2-RIPE
admin-c: BW280-RIPE org-name: Internet Company
tech-c: JB1-RIPE admin-c: BW280-RIPE
tech-c: JB1-RIPE
inetnum: 37.4.128.0/22 abuse-c: ac56-RIPE
descr: My Other IPv4 alloc. mnt-by: DEFAULT-LIR-MNT
org: ORG-BB2-RIPE
admin-c: BW280-RIPE
tech-c: JB1-RIPE

aut-num: AS64551
descr: My Other IPv4 alloc.
org: ORG-BB2-RIPE
admin-c: BW280-RIPE
tech-c: JB1-RIPE
152
Inverse Lookup : mnt-by
inet6num: 2001:db8::/32
org: ORG-BB2-RIPE
admin-c: BW280-RIPE
tech-c: JB1-RIPE
mnt-by: RIPE-NCC-HM-MNT
mnt-lower: ANOTHER-MNT

aut-num: AS64551
org: ORG-BB2-RIPE
admin-c:
tech-c:
JB1-RIPE
TT789-RIPE -i mnt-by ANOTHER-MNT
mnt-by: RIPE-NCC-END-MNT
mnt-by: ANOTHER-MNT mntner: ANOTHER-MNT

person: Jean Blue admin-c: JB1-RIPE


auth: MD5-PW
nic-hdl: JB1-RIPE auth: SSO
phone: +31 20 543 9640 upd-to: [email protected]
mnt-by: ANOTHER-MNT mnt-by: ANOTHER-MNT

role: Other Group


nic-hdl: OG10-RIPE
admin-c: JB1-RIPE
tech-c: SZ72-RIPE
mnt-by: ANOTHER-MNT 153
Search For A Word
You want to look for every object that has the word
“uplink” in any of the attributes

1. Go to https://apps.db.ripe.net/search/full-text.html

2. Click on the left menu on “Full Text Search”

3. Search for “uplink”

154
What Do You See?
• Do you get any objects in the results?
• How many objects do you get?
• Can you see the whole object?

155
Full Text Search

156
Full Text Search - Advanced

157
Think About This…
• The RIPE Database is a public
database

• Anybody can search in the


database

• Who can make updates?

• How can you know if somebody


updates your objects?

158
Notifications: “notify:”
The RIPE Database has several ways to trigger
notifications about updates

• “notify:” attribute
- Can be used on any object
- An email is sent when the object is updated

Person IP Address Block LIR Organisation

notify: [email protected] notify: [email protected] notify: [email protected]

159
Notifications: Maintainers
Maintainers have special attributes
mntner: LIR-MNT

upd-to: [email protected]

mnt-nfy: [email protected]

• “upd-to:”
- For failed attempts to update objects

• “mnt-nfy:”
- For succesful attempts to update objects

160
RIPE Database Working Group
• Influence the development of the RIPE Database
software and operations

• Participate in the Database WG discussions!


• https://www.ripe.net/participate/ripe/wg/db

DB

161
More RIPE Database Resources
• The RIPE Database page on ripe.net
- https://apps.db.ripe.net/docs/

• Other RIPE Database query methods


- https://apps.db.ripe.net/docs/11.How-to-Query-the-RIPE-
Database/

162
Questions
Play Time!
Practice What You Learned
Choose Your Own Adventure
• From the Play Time! list of tasks, choose what you
would like to practice

• Review the course slides and your own notes


• Ask the trainers or other participants to assist,
if you need help

165
Beyond The Database
The RESTful API
Problem Statement
• Your company has a provisioning
software that assigns address
blocks to customers from a pool

• The RIPE policies require you to


register these blocks with contact
data in the RIPE Database

• Can you save time by letting the


software create the required objects
in the RIPE Database?

167
RIPE Database RESTful API
• Allows REST-compliant systems to access
the RIPE Database

• Data is exchanged in XML or JSON format

• Standard query limits apply


Database Data

Query
(http)

CLIENT RESTful API RIPE Database


Engine

168
URI for each Database Object

URI Format:
https://rest.db.ripe.net/{source}/{objecttype}/{key}

RIPE Database POST: create


RESTful API
Supported GET: lookup
Methods
PUT: update

DELETE: delete

HTTP/1.1 Accept: application/xml .xml


Content
Negotiation
Accept: application/json .json

169
URI Format:
https://rest.db.ripe.net/{source}/{objecttype}/{key}

ripe: RIPE database


{source}
test: TEST database

person, role, organisation


{objecttype} inet(6)num, aut-num
route(6), domain, mntner, etc.

Primary key of the object


{key}
unfiltered, unformatted

170
HTTP Status Codes

The service is unable to understand and process


Bad Request (400)
the request.

Forbidden (403) Query limit exceeded.

No results were found (on a search request), or


Not Found (404)
object specified in URI does not exist.

Integrity constraint was violated (e.g. when


Conflict (409)
creating, object already exists).

Internal Server Error The server encountered an unexpected condition


(500) which prevented it from fulfilling the request.

171
Method: GET

http(s)://rest.db.ripe.net/{source}/{objectType}/{key}

GET
RIPE Database

DB Clients

200 Object found


400 Bad request
404 No valid object

172
Examples

curl 'http://rest.db.ripe.net/ripe/mntner/RIPE-DBM-MNT'

curl -H 'Accept: application/json' 'http://rest.db.ripe.net/ripe/mntner/RIPE-DBM-MNT'

curl 'http://rest-test.db.ripe.net/test/person/AA1-TEST?unfiltered'

curl ‘http://rest.db.ripe.net/ripe/inetnum/193.0.0.0%20-%20193.0.7.255.json'

173
Method: PUT

https://rest.db.ripe.net/{source}/{objectType}/{key}?password={password}…

PUT
RIPE Database

DB Clients

200 Successful update


400 Bad request: incorrect object type or key
401 Incorrect password
404 Object not found

174
Examples

curl -X PUT -H 'Content-Type: application/xml' --data @form.txt 'https://


rest.db.ripe.net/ripe/person/PP1-RIPE?password=...'

curl -X PUT -H 'Content-Type: application/json' -H 'Accept:application/json' --data


@form.txt ‘https://rest.db.ripe.net/ripe/person/PP1-RIPE?password=...'

curl -X PUT --data @form.txt ‘https://rest.db.ripe.net/ripe/person/TP1-RIPE?dry-


run&password=...'

175
Method: POST

https://rest.db.ripe.net/{source}/{objectType}?password={password}…

POST
RIPE Database

DB Clients

200 Success (object created)


400 Bad request
401 Incorrect password
409 Object already exists

176
Examples

curl -X POST -H 'Content-Type: application/xml' --data @form.txt 'https://rest.db.ripe.net/


ripe/person?password=...'

curl -X POST -H 'Content-Type: application/json' -H 'Accept: application/json' --data


@form.txt ‘https://rest.db.ripe.net/ripe/person?password=...'

curl -X POST --data @form.txt ‘https://rest.db.ripe.net/ripe/person?dry-run&password=...'

177
Method: DELETE

https://rest.db.ripe.net/{source}/{objectType}/{key}?password={password}…&reason={reason}

DELETE
RIPE Database

DB Clients

200 Successful delete


400 Bad request: invalid object type or key
401 Incorrect password
404 Object not found

178
Examples

curl -X DELETE 'https://rest.db.ripe.net/ripe/person/pp1-ripe?password=123'

curl -X PUT --data @form.txt ‘https://rest.db.ripe.net/ripe/person/TP1-RIPE?


dry-run&password=...'

179
Additional Services

Search RIPE database whois search service

List available sources


Metadata
Object type template

Geolocation and language attributes


Geolocation
for IPv4/IPv6 Address

Abuse Contact Lookup abuse contact for Internet Resouce

180
Examples

curl -H 'Accept: application/json' 'http://rest-test.db.ripe.net/search?


source=test&query-string=tp19-test'

curl http://rest.db.ripe.net/metadata/templates/person.xml

curl http://rest.db.ripe.net/abuse-contact/AS3333

181
References
• GitHub WHOIS REST API:
https://github.com/RIPE-NCC/whois/wiki/WHOIS-REST-API

• GitHub WHOIS REST API WhoisResources:


https://github.com/RIPE-NCC/whois/wiki/WHOIS-REST-API-
WhoisResources

182
Doing it for real!
Demo
Create an inet6num object

Location: rest-test.db.ripe.net
TEST Database
Source: test

Object Type Type: inet6num (ASSIGNED)

Key Key: 2001:ff29:1234::/48

Format XML

184
Query and Fail

curl 'http://rest-test.db.ripe.net/test/inet6num/2001:ff29:1234::/48'

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>


<whois-resources xmlns:xlink="http://www.w3.org/1999/xlink">
<link xlink:type="locator" xlink:href="http://rest-
test.db.ripe.net/test/inet6num/2001:ff29:1234::/48"/>
<errormessages>
<errormessage severity="Error" text="ERROR:101: no entries
found&#xA;&#xA;No entries found in source %s.&#xA;">
<args value="TEST"/>
</errormessage>
</errormessages>
<terms-and-conditions xlink:type="locator" xlink:href="http://
www.ripe.net/db/support/db-terms-conditions.pdf"/>
</whois-resources>

185
XML Template

<?xml version="1.0" encoding="UTF-8" standalone="no" ?>


<whois-resources>
<objects>
<object type="inet6num">
<source id="ripe"/>
<attributes>
<attribute name="inet6num" value="2001:ff29:1234::/48"/>
<attribute name="netname" value="MyNewNET"/>
<attribute name="country" value="NL"/>
<attribute name="admin-c" value="TP29-TEST"/>
<attribute name="tech-c" value="TP29-TEST"/>
<attribute name="status" value="ASSIGNED"/>
<attribute name="mnt-by" value="CM29-MNT"/>
<attribute name="source" value="TEST"/>
</attributes>
</object>
</objects>
</whois-resources>

186
Create inet6num Object

curl -X POST -H 'Content-Type: application/xml' --data @form-create.txt


'https://rest-test.db.ripe.net/test/inet6num?password=secret29'
<?xml version="1.0" encoding="UTF-8"?>
<whois-resources xmlns:xlink="http://www.w3.org/1999/xlink">
<link xlink:type="locator" xlink:href="http://rest-test.db.ripe.net/test/inet6num"/>
<objects>
<object type="inet6num">
<link xlink:type="locator" xlink:href="http://rest-test.db.ripe.net/test/inet6num/2001:ff29:1234::/48"/>
<source id="test"/>
<primary-key>
<attribute name="inet6num" value="2001:ff29:1234::/48"/>
</primary-key>
<attributes>
<attribute name="inet6num" value="2001:ff29:1234::/48"/>
<attribute name="netname" value="MyNewNET"/>
<attribute name="country" value="NL"/>
<attribute name="admin-c" value="TP29-TEST" referenced-type="person">
<link xlink:type="locator" xlink:href="http://rest-test.db.ripe.net/test/person/TP29-TEST"/>
</attribute>
<attribute name="tech-c" value="TP29-TEST" referenced-type="person">
<link xlink:type="locator" xlink:href="http://rest-test.db.ripe.net/test/person/TP29-TEST"/>
</attribute>
<attribute name="status" value="ASSIGNED"/>
<attribute name="mnt-by" value="CM29-MNT" referenced-type="mntner">
<link xlink:type="locator" xlink:href="http://rest-test.db.ripe.net/test/mntner/CM29-MNT"/>
</attribute>
<attribute name="created" value="2019-02-08T11:16:16Z"/>
<attribute name="last-modified" value="2019-02-08T11:16:16Z"/>
<attribute name="source" value="TEST"/>
</attributes>
</object>
</objects>
<terms-and-conditions xlink:type="locator" xlink:href="http://www.ripe.net/db/support/db-terms-conditions.pdf"/>
</whois-resources>
187
Query and Succeed!

curl 'http://rest-test.db.ripe.net/test/inet6num/2001:ff29:1234::/48'

<?xml version="1.0" encoding="UTF-8"?>


<whois-resources xmlns:xlink="http://www.w3.org/1999/xlink">
<objects>
<object type="inet6num">
<link xlink:type="locator" xlink:href="http://rest-test.db.ripe.net/test/inet6num/2001:ff29:1234::/48"/>
<source id="test"/>
<primary-key>
<attribute name="inet6num" value="2001:ff29:1234::/48"/>
</primary-key>
<attributes>
<attribute name="inet6num" value="2001:ff29:1234::/48"/>
<attribute name="netname" value="MyNewNET"/>
<attribute name="country" value="NL"/>
<attribute name="admin-c" value="TP29-TEST" referenced-type="person">
<link xlink:type="locator" xlink:href="http://rest-test.db.ripe.net/test/person/TP29-TEST"/>
</attribute>
<attribute name="tech-c" value="TP29-TEST" referenced-type="person">
<link xlink:type="locator" xlink:href="http://rest-test.db.ripe.net/test/person/TP29-TEST"/>
</attribute>
<attribute name="status" value="ASSIGNED"/>
<attribute name="mnt-by" value="CM29-MNT" referenced-type="mntner">
<link xlink:type="locator" xlink:href="http://rest-test.db.ripe.net/test/mntner/CM29-MNT"/>
</attribute>
<attribute name="created" value="2019-02-08T11:16:16Z"/>
<attribute name="last-modified" value="2019-02-08T11:16:16Z"/>
<attribute name="source" value="TEST"/>
</attributes>
</object>
</objects>
<terms-and-conditions xlink:type="locator" xlink:href="http://www.ripe.net/db/support/db-terms-conditions.pdf"/>
</whois-resources>

188
Questions
We want your feedback!
What did you think about this session?

Take our survey at:

https://www.ripe.net/feedback/db

X
190
RIPE NCC
Academy

Learn something new today!

academy.ripe.net

X
Presentation Title

https://getcerti ed.ripe.net/
Presentation Subtitle

Type Of Session
fi
Title Text
The End! Kрай Y Diwedd

Соңы Finis
Liðugt
Ende Finvezh Kiнець
Konec Kraj Ënn Fund

Lõpp Beigas Vége Son Kpaj


An Críoch
‫הסוף‬ Endir
Fine Sfârşit Fin Τέλος
Einde
Конeц Slut Slutt
Pabaiga
Amaia Loppu Tmiem Koniec
Fim
193
Copyright Statement
[…]
The RIPE NCC Materials may be used for private purposes,
for public non-commercial purpose, for research, for
educational or demonstration purposes, or if the
materials in question speci cally state that use of the
material is permissible, and provided the RIPE NCC Materials
are not modi ed and are properly identi ed as RIPE NCC
documents. Unless authorised by the RIPE NCC in writing,
any use of the RIPE NCC Materials for advertising or
marketing purposes is strictly forbidden and may be
prosecuted. The RIPE NCC should be noti ed of any such
activities or suspicions thereof.
[…]

Link to the copyright statement:


https://www.ripe.net/about-us/legal/copyright-statement X
fi
fi
fi
fi

You might also like