search

SichangHe / internet_route_verification

RPSLyzer: Parse Routing Policy Specification Language from IRR and compare BGP routes against it
MIT License
1 stars 0 forks source link

`protocol` and `into` usage in the IRR we recorded #110

Closed SichangHe closed 9 months ago

SichangHe commented 9 months ago

All of them are misuse, because they are only allowed in the multi-protocol versions (mp-import/mp-export). I implemented the parser to ignore protocol and into for non-mp, therefore I no longer get warnings on ignoring them.

$ rg --no-ignore -C30 -U '^(mp-)?(im|ex)port:.*(\n[+\s]+.*)*\sprotocol\s.*(\n[+\s]+.*)*\sinto\s.*'
priority/afrinic.db
4070606-status:         ALLOCATED-BY-RIR
4070607-mnt-by:         AFRINIC-HM-MNT
4070608-mnt-lower:      SL85-MNT
4070609-mnt-domains:    SL85-MNT
4070610-notify:         ***@synburst.com
4070611-changed:        ***@afrinic.net 20210609
4070612-source:         AFRINIC
4070613-
4070614-route:          45.195.248.0/23
4070615-descr:          PT. Datacomm Diangraha
4070616-origin:         AS59134
4070617-mnt-by:         LARUS-SERVICE-MNT
4070618-changed:        ***@cloudinnovation.org 20210609
4070619-source:         AFRINIC
4070620-
4070621-mntner:         OOOD-MNT
4070622-descr:          Xyberdata
4070623-admin-c:        KN-AFRINIC
4070624-tech-c:         KN-AFRINIC
4070625-upd-to:         ***@xyberdata.com
4070626-auth:           BCRYPT-PW # Filtered
4070627-mnt-by:         OOOD-MNT
4070628-changed:        ***@afrinic.net 20210609
4070629-changed:        ***@afrinic.net 20210609
4070630-changed:        ***@101.systems 20230124
4070631-source:         AFRINIC
4070632-
4070633-aut-num:        AS37725
4070634-as-name:        Xyberdata
4070635-descr:          Xyberdata
4070636:export:         protocol ospf into bgp4 to AS-ANY announce AS37725
4070637:export:         protocol ospf into is-is to AS-ANY announce AS37725
4070638:import:         protocol bgp4 into ospf from AS-ANY accept ANY
4070639:import:         protocol is-is into ospf from AS-ANY accept ANY
4070640-status:         ASSIGNED
4070641-admin-c:        KN-AFRINIC
4070642-tech-c:         KN-AFRINIC
4070643-org:            ORG-OOOD1-AFRINIC
4070644-mnt-by:         AFRINIC-HM-MNT
4070645-mnt-lower:      OOOD-MNT
4070646-mnt-routes:     OOOD-MNT
4070647-notify:         ***@xyberdata.com
4070648-changed:        ***@afrinic.net 20210609
4070649-changed:        ***@101.systems 20211002
4070650-changed:        ***@afrinic.net 20220418
4070651-changed:        ***@101.systems 20220420
4070652-changed:        ***@afrinic.net 20220421
4070653-changed:        ***@101.systems 20220421
4070654-changed:        ***@afrinic.net 20230512
4070655-source:         AFRINIC
4070656-
4070657-inetnum:        156.38.223.216 - 156.38.223.223
4070658-netname:        xneelo-tscolo
4070659-descr:          xneelo-tscolo
4070660-country:        ZA
4070661-admin-c:        HIA1-AFRINIC
4070662-tech-c:         HIA1-AFRINIC
4070663-status:         ASSIGNED PA
4070664-notify:         ***@xneelo.com
4070665-mnt-by:         HA-ZA
4070666-changed:        ***@xneelo.com 20211215
4070667-source:         AFRINIC
4070668-
4070669-inetnum:        129.232.234.240 - 129.232.234.247

priority/radb.db
68589-notify:     segeitnetwork@sempraglobal.com
68590-mnt-by:     MAINT-AS30120
68591-changed:    ecables@sempraglobal.com 20040819
68592-source:     RADB
68593-
68594-route:      142.131.25.0/24
68595-descr:      NETBLK-TAC-128
68596-origin:     AS852
68597-remarks:    Proxy route entry added on behalf of
68598-remarks:    Telus Advanced Communications
68599-remarks:    originating in AS852
68600-mnt-by:     MAINT-AS852
68601-changed:    routing@telus.com 20041117
68602-source:     RADB
68603-
68604-route:      142.131.45.0/24
68605-descr:      NETBLK-TAC-128
68606-origin:     AS852
68607-remarks:    Proxy route entry added on behalf of
68608-remarks:    Telus Advanced Communications
68609-remarks:    originating in AS852
68610-mnt-by:     MAINT-AS852
68611-changed:    routing@telus.com 20041117
68612-source:     RADB
68613-
68614-aut-num:    AS4738
68615-as-name:    SAARDNET-AS
68616-descr:      South Australian Academic Research and Development NETwork
68617-admin-c:    MP151
68618-tech-c:     ANOC-AP
68619:import:     protocol STATIC into BGP4
68620-             from AS4738
68621-             action pref=0; community = { 7575:1000, 7575:2003, 7570:8232 };
68622-             accept PeerAS
68623:import:     protocol STATIC into BGP4
68624-             from AS4738
68625-             action pref=0; community = { 4738:1, 7575:1000, 7575:2003 };
68626-             accept PeerAS^0-30
68627-import:     {
68628-             from AS-ANY
68629-             accept NOT { 0.0.0.0/0^25-32 };
68630-             } refine {
68631-             from AS7476
68632-             action pref=0;
68633-             accept <^PeerAS+$>;
68634-             from AS7569
68635-             action pref=0;
68636-             accept <^PeerAS+ [AS7573 AS7645 AS10148]~*$>;
68637-             from AS7570
68638-             action pref=10; aspath.prepend(AS7570);
68639-             accept <^PeerAS+ AS7575+ [AS101 AS293 AS668 AS6360 AS6509 AS8075 AS11537]> OR <^PeerAS+ AS7575+ AS703+>;
68640-             from AS7570
68641-             action pref=0; aspath.prepend(AS7570);
68642-             accept <^PeerAS+ AS24101*$>;
68643-             from AS7571
68644-             action pref=0;
68645-             accept <^PeerAS+$>;
68646-             from AS7572
68647-             action pref=0; aspath.prepend(AS7572);
68648-             accept { 192.42.62.0/24 };
68649-             from AS7572
68650-             action pref=0;
68651-             accept <^PeerAS+ [AS4822 AS6262]~*$>;
68652-             from AS7574
68653-             action pref=0; community.append(7575:1000, 7575:2015, 7570:8232);
--
13518092-              accept AS2764:AS-CUSTOMERS:AS37933 AND <^AS37933+ AS2764:AS-TRANSIT:AS37933+ AS2764:AS-CUSTOMERS:AS37933~*$>;
13518093-              from AS9738
13518094-              accept AS2764:AS-CUSTOMERS:AS9738 AND <^AS9738+ AS2764:AS-TRANSIT:AS9738+ AS2764:AS-CUSTOMERS:AS9738~*$>;
13518095-              from AS23669
13518096-              accept AS2764:AS-CUSTOMERS:AS23669 AND <^AS23669+ AS2764:AS-TRANSIT:AS23669+ AS2764:AS-CUSTOMERS:AS23669~*$>;
13518097-              from AS7718
13518098-              accept AS2764:AS-CUSTOMERS:AS7718 AND <^AS7718+ AS2764:AS-TRANSIT:AS7718+ AS2764:AS-CUSTOMERS:AS7718~*$>;
13518099-              from AS9650
13518100-              accept AS2764:AS-CUSTOMERS:AS9650 AND <^AS9650+ AS2764:AS-TRANSIT:AS9650+ AS2764:AS-CUSTOMERS:AS9650~*$>;
13518101-              from AS9476
13518102-              accept AS2764:AS-CUSTOMERS:AS9476 AND <^AS9476+ AS2764:AS-TRANSIT:AS9476+ AS2764:AS-CUSTOMERS:AS9476~*$>;
13518103-              from AS45481
13518104-              accept AS2764:AS-CUSTOMERS:AS45481 AND <^AS45481+ AS2764:AS-TRANSIT:AS45481+ AS2764:AS-CUSTOMERS:AS45481~*$>;
13518105-              from AS45261
13518106-              accept AS2764:AS-CUSTOMERS:AS45261 AND <^AS45261+ AS2764:AS-TRANSIT:AS45261+ AS2764:AS-CUSTOMERS:AS45261~*$>;
13518107-              from AS9822
13518108-              accept AS2764:AS-CUSTOMERS:AS9822 AND <^AS9822+ AS2764:AS-TRANSIT:AS9822+ AS2764:AS-CUSTOMERS:AS9822~*$>;
13518109-              from AS17477
13518110-              accept AS2764:AS-CUSTOMERS:AS17477 AND <^AS17477+ AS2764:AS-TRANSIT:AS17477+ AS2764:AS-CUSTOMERS:AS17477~*$>;
13518111-              from AS38561
13518112-              accept AS2764:AS-CUSTOMERS:AS38561 AND <^AS38561+ AS2764:AS-TRANSIT:AS38561+ AS2764:AS-CUSTOMERS:AS38561~*$>;
13518113-              from AS7545
13518114-              accept AS2764:AS-CUSTOMERS:AS7545 AND <^AS7545+ AS2764:AS-TRANSIT:AS7545+ AS2764:AS-CUSTOMERS:AS7545~*$>;
13518115-              from AS38611
13518116-              accept AS2764:AS-CUSTOMERS:AS38611 AND <^AS38611+ AS2764:AS-TRANSIT:AS38611+ AS2764:AS-CUSTOMERS:AS38611~*$>;
13518117-              from AS24130
13518118-              accept AS2764:AS-CUSTOMERS:AS24130 AND <^AS24130+ AS2764:AS-TRANSIT:AS24130+ AS2764:AS-CUSTOMERS:AS24130~*$>;
13518119-              from AS17766
13518120-              accept AS2764:AS-CUSTOMERS:AS17766 AND <^AS17766+ AS2764:AS-TRANSIT:AS17766+ AS2764:AS-CUSTOMERS:AS17766~*$>;
13518121-              }
13518122:import:     protocol STATIC into BGP4 {
13518123-              from AS2764
13518124-              action community.append(2764:65408,2764:65472);
13518125-              accept AS2764;
13518126-              } refine {
13518127-              from AS-ANY
13518128-              action community.append(2764:14);
13518129-              accept AS2764:RS-AANX;
13518130-              from AS-ANY
13518131-              accept ANY;
13518132-              } refine {
13518133-              from AS-ANY
13518134-              action community.append(2764:7);
13518135-              accept AS2764:RS-DOMESTIC;
13518136-              from AS-ANY
13518137-              accept NOT AS2764:RS-DOMESTIC;
13518138-              }
13518139:import:     protocol STATIC into BGP4
13518140-              from AS2764
13518141-              action community.append(2764:65407,2764:65472);
13518142-              accept AS2764:RS-PROVIDER^0-30
13518143:import:     protocol STATIC into BGP4
13518144-              from AS2764
13518145-              action community.append(2764:65407,2764:65472,no_export);
13518146-              accept AS2764:RS-PROVIDER^-
13518147:import:     protocol STATIC into BGP4
13518148-              from AS2764
13518149-              action community.append(2764:65407,2764:65472,no_export);
13518150-              accept AS2764:RS-ORIG-LOOSEMASK^-
13518151-export:     {
13518152-              to AS-ANY
13518153-              announce ANY AND NOT { 0.0.0.0/0^32 };
13518154-              } refine {
13518155-              to AS714
13518156-              announce NOT ANY;
13518157-              to AS1239
13518158-              announce community.contains(2764:65408,2764:65409,2764:65410);
13518159-              to AS2170 210.8.15.105
13518160-              announce community.contains(2764:65408);
13518161-              to AS2170 210.8.7.165
13518162-              announce NOT ANY;
13518163-              to AS2170 210.8.238.1
13518164-              announce NOT ANY;
13518165-              to AS2823
13518166-              announce community.contains(2764:65408,2764:65409,2764:65410);
13518167-              to AS4739 210.8.226.169
13518168-              announce community.contains(2764:65408,2764:65409,2764:65410,2764:65411);
13518169-              to AS4739 203.63.126.5
13518170-              announce community.contains(2764:65408,2764:65409,2764:65410,2764:65411,2764:65412);
13518171-              to AS4744
13518172-              announce community.contains(2764:65408,2764:65409,2764:65410);
13518173-              to AS4802
13518174-              announce NOT ANY;
13518175-              to AS4854
13518176-              announce community.contains(2764:65408,2764:65409,2764:65410);
13518177-              to AS4858
SichangHe commented 9 months ago

Counts only:

$ rg --no-ignore -c -U '^(mp-)?(im|ex)port:.*(\n[+\s]+.*)*\sprotocol\s.*(\n[+\s]+.*)*\sinto\s.*'
priority/afrinic.db:4
priority/radb.db:6
cunha commented 9 months ago

Do we still handle the rest of the rule or do we ignore the whole rule?

SichangHe commented 9 months ago

Do we still handle the rest of the rule or do we ignore the whole rule?

Of course we handle other parts.