Document your Routing Policy in your Aut-num
The aut-num object serves a dual purpose in the database. It contains the registration details of an Autonomous System Number (ASN) resource assigned by AFRINIC and as part of the Internet Routing Registry, it allows routing policies to be published.
Routing policy can be specified in the aut-num object using “import:
”, “mp-import:
”, “export:
”, “mp-export:
”, “default:
” and “mp-default:
” attributes.
It is good to know that initially there were only "import:", "export:", and "default:" attributes to implicitly specify IPv4 unicast policies. The attributes prefixed with the string “mp-” were later introduced in RPSL to be able to specify routing policy for different Address Families(i.e. IPv4 and IPv6).
We will be using the attributes prefixed with “mp-” which incorporate the “afi” (address-family) specification.
Thus, you will be able to specify if the policy applies to IPv4 or IPv6. If no “afi” is specified the policy is presumed to apply to both address families.
The description and syntax for the attributes are as follows;
mp-import
- To specify the inbound routing policy for IPv4 and/or IPv6
mp-import: [protocol <protocol-1>] [into <protocol-2>] afi <afi-list> from <peering-1> [action <action-1>] accept (<filter>|<filter> except <importexpression>| <filter> refine <importexpression>)
mp-export
- To specify the outbound routing policy for IPv4 and/or IPv6
mp-export: [protocol <protocol-1>] [into <protocol-1>] afi <afi-list> to <peering-1> [action <action-1>] to <peering-N> [action <action-N>] announce <filter>
mp-default:
To specify the peer network the AS will use as a default when the AS has no more-specific information on where to send the traffic
mp-default: to <peering> [action <action>] [networks <filter>]
For more information see RFC 4012, section 2.5.
Example:
In our scenario, we will simulate a small network(AS327800) who is describing what routes they will send to their peers i.e. an outbound policy. Thus, the “mp-export” will be used. For more examples see RFC 4012.
The process for documenting the routing policy in the aut-num
STEP 1 - Retrieve your aut-num object
Use the AFRINIC whois web interface or the whois CLI client to retrieve the object. Using the CLI client;
~$ whois -h whois.afrinic.net -rB AS327800 > aut-num.txt
The command will retrieve the object from the AFRINIC whois and output it in a text file named aut-num.txt
STEP 2 - Add the attribute(s) to specify the routing policy
Open the aut-num.txt file and make the changes;
aut-num: AS327800
as-name: example-AS
descr: Example Transit Provider aut-num
mp-export: afi any.unicast to AS-ANY announce AS327800:AS-ALL
status: ASSIGNED
org: ORG-ETP1-AFRINIC
admin-c: EX20-afrinic
tech-c: EX20-afrinic
notify: This email address is being protected from spambots. You need JavaScript enabled to view it.
mnt-routes: EXAMPLE-2-MNT
mnt-by: AFRINIC-HM-MNT
changed: This email address is being protected from spambots. You need JavaScript enabled to view it. 20180709
changed: This email address is being protected from spambots. You need JavaScript enabled to view it.
source: AFRINIC
Let’s explain what is meant by this line “mp-export: afi any.unicast to AS-ANY announce AS327800:AS-ALL” by breaking it down piece by piece:
“mp-export
” Describes the network’s multi-protocol export policy, and tends to be the most unique depending on exactly how detailed you want to be describing what routes you send to your peers.
“afi any.unicast
” “afi” stands for address family identifier. In this example, we used any.unicast but there are other possible values. You may check section 2.2 of RFC 4012. “afi any.unicast” means you have the same policy for both IPv4 and IPv6.
“to AS-ANY
” Means that this policy is for any of your peering links, which will be generally true until your peering policy gets sophisticated enough that you start having different policies per peer.
“announce AS327800:AS-ALL” Means that to the described set of peers (in this case all of them on both IPv4 and IPv6) we will be announcing the list of autonomous system numbers AS327800:AS-ALL, which is an as-set object(for more details on how to create an as-set, refer to ).
If you’re a network who will absolutely definitely never offer transit to any other ASN, chances are that you will never need an as-set. If you know that you won’t have any downstream transit customers or different ASNs inside your network handling anycast or something, you just need to go back and replace the as-set object in your export statements with your aut-num tag itself (i.e. mp-export: afi any.unicast to AS-ANY announce AS327800).
STEP 3 & 4 - Add the maintainer password and submit the object
Copy & paste the contents of the text file in an email formatted in plain text and add the password of the “mnt-routes”, in this example the password is 123456
The content of the email would be:
aut-num: AS327800
as-name: example-AS
descr: Example Transit Provider aut-num
mp-export: afi any.unicast to AS-ANY announce AS327800:AS-ALL
status: ASSIGNED
org: ORG-ETP1-AFRINIC
admin-c: EX20-afrinic
tech-c: EX20-afrinic
notify: This email address is being protected from spambots. You need JavaScript enabled to view it.
mnt-routes: EXAMPLE-2-MNT
mnt-by: AFRINIC-HM-MNT
changed: This email address is being protected from spambots. You need JavaScript enabled to view it. 20180709
changed: This email address is being protected from spambots. You need JavaScript enabled to view it.
source: AFRINIC
password: 123456
With a blank subject line send the email to This email address is being protected from spambots. You need JavaScript enabled to view it.. You should receive the following email after the aut-num has been updated:
SUMMARY OF UPDATE:
Number of objects found: 1
Number of objects processed successfully: 1
Create: 0
Modify: 1
Delete: 0
No Operation: 0
Number of objects processed with errors: 0
Create: 0
Modify: 0
Delete: 0
DETAILED EXPLANATION:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The following object(s) were processed SUCCESSFULLY:
---
Modify SUCCEEDED: [aut-num] AS327800
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~