RPSL is the only standards-based routing policy notation. Tools have been writ-ten to generate specific router configuration statements from it. This discus-sion of notation is not intended as a complete tutorial on the languages involved. Rather, it is intended to give a sense of their capabilities.
Information flow in RPSL is defined with respect to peering specifications.
Most often, peering specifications are of the granularity of AS to AS. They can, however, be refined to information flow at specific router interfaces, or broad-ened to define policy to multiple ASs. The most general form of the peering specification allows the possibility of exchanging information between routing protocols, although BGP is the default.
The full power of import and export expressions involves the capability of interacting among different routing protocols, not just BGP. Following is an example of import peering expression from the RPSL specification.
import: [protocol <protocol-1>] [into <protocol-2>]
from <peering-1>
[<router-expression-1>]
[at <router-expression-2>] |
<peering-set-name> ] [action <action-1>]
. . .
from <peering-N> [action <action-N>]
accept <filter>
Most often, the <peering>will be an AS number, but it can be as coarsely grained as an AS-SET or as fine-grained as a link between two specific router interfaces. Formally, an <as-expression>is:
<as-expression> [<router-expression-1>]
[at <router-expression-2>]
| <peering-set-name>
<router-expression-1>defaults to all routers of all the peer AS, while < router-expression-2>defaults to all routers of the local AS. Adding filters to the peer-ing specification defines which routes are accepted from the peer or advertised to it, such as accept {192.0.2.0/24}.
Actions specify additional things to do while importing (for instance, setting local preference) or exporting [for example, setting the multi-exit discriminator 114 Chapter 4
(MED) or prepending to the AS path]. See “Influencers of Route Selection” later in this chapter.
RFC 2622 gives the following example:
aut-num: AS1
import: from AS2 accept AS2 export: protocol BGP4 into RIP
to AS1 announce ANY
In the following example, AS1 injects its static routes (routes that are mem-bers of the set AS1:RS-STATIC-ROUTES) to the inter-AS routing protocol and appends AS1 twice to their AS paths.
aut-num: AS1
import: protocol STATIC into BGP4
from AS1 action aspath.prepend(AS1, AS1);
accept AS1:RS-STATIC-ROUTES
AS Expressions
AS expressions define one or more ASs as the object of the export or import clause. Single ASs, of course, can be specified by their number. You can also define symbolic names for ASs, or sets of ASs. For individual policy expres-sions, you can combine unitary and set AS information with the Boolean oper-ators AND, OR, and EXCEPT.
Translating Service Definitions to Technical Requirements: Policies 115
DEFINING RPSL SETS
It’s easy to define sets in RPSL. A basic AS-SET, for example, is defined as:
as-set: AS-FOO members: AS2, AS3 as-set: AS-BAR members: AS4, AS5
You can define sets recursively:
as-set: AS-FOOBAR members: AS-FOO, AS-BAR
AS-SETs are not the only kind of set you can define, and you can use recursion for each type.
ROUTE-SETS include multiple prefixes. A fairly complex example is the peering set:
peering-set: prng-bar peering: AS1 at 9.9.9.1 peering-set: prng-foo peering: prng-bar peering: AS2 at 9.9.9.1 aut-num: AS1
import: from prng-foo accept { 128.9.0.0/16 }
Routes
Routes are a little more subtle than they first might appear. They will always contain a destination prefix, but also always contain the originating AS. Having at least these two components means that
128.9.0.0/16 origin: AS226
and
route: 128.99.0.0/16 origin: AS226
are two different routes. Table 4.1 shows additional elements that may be present in a route object. As well as being differentiated by their originating AS, 116 Chapter 4
Table 4.1 Route Object
ATTRIBUTE VALUE TYPE
route <address-prefix> Mandatory, single-valued, class key
origin <as-number> Mandatory, single-valued,
class key
member-of list of <route-set-names> Optional, multivalued inject See "Route Aggregation" Optional, multivalued
in Chapter 5
components See "Route Aggregation" Optional, single-valued in Chapter 5
aggr-bndry See "Route Aggregation" Optional, single-valued in Chapter 5
aggr-mtd See "Route Aggregation" Optional, single-valued in Chapter 5
export-comps See "Route Aggregation" Optional, single-valued in Chapter 5
holes See "Route Aggregation" Optional, multivalued in Chapter 5
THE EXCEPT OPERATOR
EXCEPT is the operator for set subtraction, and is equivalent to AND NOT. ((AS1 OR AS2) EXCEPT AS2), for example, equals AS1.
routes can be treated differently at the finer granularity of routers in the local or an adjacent AS. Router expressions are used to specify such detail.
Ranges of Routes in RPSL
RPSL also has operators for specifying ranges of routes (Table 4.2). See Chapter 10 for examples of how these operators are used in real router implementations.
Route Sets, Communities, and Setting Attributes
Just as you created AS-SETs, you can create ROUTE-SETs. There are several dimensions to grouping routes. As mentioned earlier, you can specify routes as ranges.
RPSL route sets, like AS-SETs, either contain explicit route specifications or may recursively refer to other route sets. An important point, however, is that the ROUTE-SET is an abstraction. As such, it is not transmitted by routing pro-tocols. Actually transmitted by BGP, however, is the community attribute.See Chapter 9 for details of the syntax and semantics of the actual protocol attribute, but, at this point, consider that there is a very strong relationship between the abstraction of a route set and the label of a group of routes transmitted as a
Translating Service Definitions to Technical Requirements: Policies 117
Table 4.2 IP Route Range Operators
RPSL OPERATOR RPSL NAME MEANING
Exact match Permit only 172.16.0.0/16, nothing longer or shorter.
^- Exclusive more More specifics of an address, excluding specifics the address itself.
172.16.0.0/16^- contains all more specifics, but not 172.16.0.0/16 itself.
^+ Inclusive more More specifics of an address, specifics including the address itself.
172.16.0.0/16^+contains all more specifics, as well as 172.16.0.0/16 itself.
^n All length n All length nspecifics.
172.16.0.0/16^24 allows only /24 specifics of 172.16.0.0/24.
^n-m All length nto All length ntomspecifics.
length m
community. RPSL allows communities to be set in announcements, which is our first example of the ability to set attributes in RPSL.