Ci-dessous, les différences entre deux révisions de la page.
Les deux révisions précédentes Révision précédente Prochaine révision | Révision précédente Dernière révision Les deux révisions suivantes | ||
technique:archives:lir-registration [2015/12/16 19:43] admin [20151215-20151216] |
technique:archives:lir-registration [2018/05/10 10:57] admin |
||
---|---|---|---|
Ligne 232: | Ligne 232: | ||
* Ça prends une demande de modification avec validation par un humain sur ce type de champ. | * Ça prends une demande de modification avec validation par un humain sur ce type de champ. | ||
* Le courrier arrive quand même, on peut éviter de brouiller le signal tant qu'on est dans la deadline de la migration | * Le courrier arrive quand même, on peut éviter de brouiller le signal tant qu'on est dans la deadline de la migration | ||
- | * Request form rempli et validé pour les 1024 IPv4 (/22) -- idem IPv6 : allocation /32 | + | * Request form rempli et validé pour les 1024 IPv4 (/22) – idem IPv6 : allocation /32 |
{{:technique:archives:ripe-ip4-pa-slash-22-screen-1.png?direct&}} | {{:technique:archives:ripe-ip4-pa-slash-22-screen-1.png?direct&}} | ||
Ligne 241: | Ligne 241: | ||
{{:technique:archives:ripe-ip4-pa-slash-22-screen-4.png?direct&}} | {{:technique:archives:ripe-ip4-pa-slash-22-screen-4.png?direct&}} | ||
- | |||
===== 20151214 ===== | ===== 20151214 ===== | ||
- | * Appel téléphonique du RIPE (au numéro laissé lors des demandes IP) : simple appel de courtoisie, "We have already validated your requests [...]", "Do you have any questions ?". | + | * Appel téléphonique du RIPE (au numéro laissé lors des demandes IP) : simple appel de courtoisie, "We have already validated your requests […]", "Do you have any questions ?". |
* Les allocations apparaissent dans le LIR Portal | * Les allocations apparaissent dans le LIR Portal | ||
- | * 185.131.40.0/22 : ALLOCATED PA | + | * 185.131.40.0/22 : ALLOCATED PA |
- | * 2a03:a0a0::/32 : ALLOCATED | + | * 2a03:a0a0::/32 : ALLOCATED |
* Il est temps de finir de s'affûter | * Il est temps de finir de s'affûter | ||
- | * Les IP allocated ne sont pas considérées utilisées, elles doivent être assignées pour être utilisées | + | * Les IP allocated ne sont pas considérées utilisées, elles doivent être assignées pour être utilisées |
- | * Il faut et suffit que le LIR crée les objets de type inetnum et route pour les premières assignation | + | * Il faut et suffit que le LIR crée les objets de type inetnum et route pour les premières assignation |
- | * Le LIR doit respecter : | + | * Le LIR doit respecter : |
- | * [[https://www.ripe.net/publications/docs/ripe-649|IPv4 Address Allocation and Assignment Policy]] | + | * [[https://www.ripe.net/publications/docs/ripe-649|IPv4 Address Allocation and Assignment Policy]] |
- | * [[https://www.ripe.net/publications/docs/ripe-655|IPv6 Address Allocation and Assignment Policy]] | + | * [[https://www.ripe.net/publications/docs/ripe-655|IPv6 Address Allocation and Assignment Policy]] |
- | * Toutes les recommandations des autres [[https://www.ripe.net/publications/docs/ripe-documents|documents RIPE]] | + | * Toutes les recommandations des autres [[https://www.ripe.net/publications/docs/ripe-documents|documents RIPE]] |
- | ===== 20151215-20151216 ===== | + | ===== 20151215-20151217 ===== |
* Création des objets pour assigner 2 premières /24 IPv4 à CHD et une première /.. IPv6 | * Création des objets pour assigner 2 premières /24 IPv4 à CHD et une première /.. IPv6 | ||
* Surprise : dans la partie LIR Portal du site du RIPE, il n'y a rien pour assigner des plages | * Surprise : dans la partie LIR Portal du site du RIPE, il n'y a rien pour assigner des plages | ||
* Il y a plusieurs API pour créer des objets dans la base (via mail, HTTP REST…) et une interface web pour humains appelée **webupdates** | * Il y a plusieurs API pour créer des objets dans la base (via mail, HTTP REST…) et une interface web pour humains appelée **webupdates** | ||
- | {{:technique:archives:ripe-lir-webupdates.png?direct}} | + | |
+ | {{:technique:archives:ripe-lir-webupdates.png?direct&}} | ||
* L'outil webupdates permet d'avoir le détail des champs, et propose d'emblée tous les champs "mandatory". La position des champs de formulaire dans l'interface web détermine l'ordre des champs dans l'objet résultant. D'un autre côté, l'ordre ne semble avoir aucune sémantique. | * L'outil webupdates permet d'avoir le détail des champs, et propose d'emblée tous les champs "mandatory". La position des champs de formulaire dans l'interface web détermine l'ordre des champs dans l'objet résultant. D'un autre côté, l'ordre ne semble avoir aucune sémantique. | ||
* Pour comparer deux enregistrements en console, vimdiff et whois sont nos amis | * Pour comparer deux enregistrements en console, vimdiff et whois sont nos amis | ||
+ | |||
<code> | <code> | ||
lpouzenc@lud-msi:~/Bureau/CHD$ vimdiff <(whois 185.131.40.0) <(whois 185.61.116.0) | lpouzenc@lud-msi:~/Bureau/CHD$ vimdiff <(whois 185.131.40.0) <(whois 185.61.116.0) | ||
2 fichiers à éditer | 2 fichiers à éditer | ||
</code> | </code> | ||
+ | |||
* Pour avoir le descriptif des champs d'un type d'enregistrement : ''whois -v'' | * Pour avoir le descriptif des champs d'un type d'enregistrement : ''whois -v'' | ||
- | <file text inetnum.txt> | + | * Regarder les objets créés par le RIPE pour CHD le LIR |
- | % This is the RIPE Database query service. | + | * organisation : ''whois ORG-CHD1-RIPE'' |
- | % The objects are in RPSL format. | + | * mntner: ''whois fr-commingeshd-1-mnt'' |
- | % | + | * person (abuse-c): ''whois AR34604-RIPE'' |
- | % The RIPE Database is subject to Terms and Conditions. | + | * inetnum: ''whois 185.131.40.0/22'' |
- | % See http://www.ripe.net/db/support/db-terms-conditions.pdf | + | * inet6num: ''whois 2a03:a0a0::/32'' |
+ | * Se poser les questions de la longueur des préfixes qu'on veut déléguer au FAI | ||
+ | * IPv4 : Couper La /22 en 4 /24 semble à peu près la seule chose intelligente à faire | ||
+ | * IPv6 : C'est moins évident. /48 pour 65k adhérents qui auraient leur /64 ? | ||
+ | * [[https://labs.ripe.net/Members/dbayer/visibility-of-prefix-lengths|https://labs.ripe.net/Members/dbayer/visibility-of-prefix-lengths]] | ||
+ | * [[http://www.gestioip.net/cgi-bin/subnet_calculator.cgi|http://www.gestioip.net/cgi-bin/subnet_calculator.cgi]] | ||
+ | * Créer tous les objets nécessaires pour le routage de CHD le FAI | ||
+ | * inetnum: ''whois 185.131.40.0/23'' | ||
+ | * inet6num: '' whois 2a03:a0a0::/48'' | ||
+ | * Le BGP sera annoncé par FullSave, les objets route seront gérés par eux (il faut ajouter un attribut mnt-route dans les inet*num pour leur permettre de les créer) | ||
+ | * route: '' 185.131.40.0/23AS39405'' | ||
+ | * route6: '' 2a03:a0a0::/48AS39405'' | ||
+ | * Remarque : via webupdates, il n'est pas possible de récréer les enregistrements de type "domain" avant que l'infra DNS soit en place. | ||
- | The inetnum class: | + | <code> |
+ | The name server ns1.chd.sx has no A or AAAA address records. | ||
+ | The name server ns2.chd.sx has no A or AAAA address records. | ||
+ | Test for zone 40.131.185.in-addr.arpa was marked as undelegated, | ||
+ | but no working fake glue was provided. | ||
+ | Fatal error in delegation for zone 40.131.185.in-addr.arpa. | ||
+ | No name servers found at child or at parent. | ||
+ | No further testing can be performed. | ||
+ | </code> | ||
- | An inetnum object contains information on allocations and | + | ===== 20170112 ===== |
- | assignments of IPv4 address space. | + | |
- | inetnum: [mandatory] [single] [primary/lookup key] | + | J'ai enfin fait les DNS (le 20161217 on a mis chd.sx et Netflix/akamaï nous à pensé à l'île d esaint martin. Refait avec commingeshautdebit.fr). |
- | netname: [mandatory] [single] [lookup key] | + | |
- | descr: [mandatory] [multiple] [ ] | + | |
- | country: [mandatory] [multiple] [ ] | + | |
- | geoloc: [optional] [single] [ ] | + | |
- | language: [optional] [multiple] [ ] | + | |
- | org: [optional] [single] [inverse key] | + | |
- | sponsoring-org: [optional] [single] [ ] | + | |
- | admin-c: [mandatory] [multiple] [inverse key] | + | |
- | tech-c: [mandatory] [multiple] [inverse key] | + | |
- | status: [mandatory] [single] [ ] | + | |
- | remarks: [optional] [multiple] [ ] | + | |
- | notify: [optional] [multiple] [inverse key] | + | |
- | mnt-by: [mandatory] [multiple] [inverse key] | + | |
- | mnt-lower: [optional] [multiple] [inverse key] | + | |
- | mnt-domains: [optional] [multiple] [inverse key] | + | |
- | mnt-routes: [optional] [multiple] [inverse key] | + | |
- | mnt-irt: [optional] [multiple] [inverse key] | + | |
- | changed: [optional] [multiple] [ ] | + | |
- | created: [generated] [single] [ ] | + | |
- | last-modified: [generated] [single] [ ] | + | |
- | source: [mandatory] [single] [ ] | + | |
- | The content of the attributes of the inetnum class are defined below: | + | * '' whois 40.131.185.in-addr.arpa'' |
+ | * '' whois 41.131.185.in-addr.arpa'' | ||
+ | * '' whois 1.0.0.0.0.a.0.a.3.0.a.2.ip6.arpa'' | ||
+ | * '' whois 0.0.0.0.0.a.0.a.3.0.a.2.ip6.arpa'' | ||
+ | <code> | ||
+ | domain: 0.0.0.0.0.a.0.a.3.0.a.2.ip6.arpa | ||
+ | nserver: ns1.commingeshautdebit.fr | ||
+ | nserver: ns2.commingeshautdebit.fr | ||
+ | admin-c: CC14458-RIPE | ||
+ | tech-c: LP10373-RIPE | ||
+ | zone-c: LP10373-RIPE | ||
+ | mnt-by: fr-commingeshd-1-mnt | ||
+ | created: 2016-12-10T23:18:11Z | ||
+ | last-modified: 2017-01-12T21:12:37Z | ||
+ | source: RIPE | ||
+ | </code> | ||
- | inetnum | + | ===== 20180501 ===== |
- | Specifies a range of IPv4 that inetnum object presents. The ending | + | Ajout 185.131.42.0/24 pour CHD et demandes de ressources pour [[https://intarnet.fr/wiki/technique:whois|Intarnet]]. |
- | address should be greater than the starting one. | + | |
- | <ipv4-address> - <ipv4-address> | ||
- | netname | ||
- | |||
- | The name of a range of IP address space. | ||
- | |||
- | Made up of letters, digits, the character underscore "_", | ||
- | and the character hyphen "-"; the first character of a name | ||
- | must be a letter, and the last character of a name must be a | ||
- | letter or a digit. | ||
- | |||
- | descr | ||
- | |||
- | A short decription related to the object. | ||
- | |||
- | A sequence of ASCII characters. | ||
- | |||
- | country | ||
- | |||
- | Identifies the country. | ||
- | |||
- | Valid two-letter ISO 3166 country code. | ||
- | |||
- | geoloc | ||
- | |||
- | The location coordinates for the resource. | ||
- | |||
- | Location coordinates of the resource. Can take one of the following forms: | ||
- | |||
- | [-90,90][-180,180] | ||
- | |||
- | language | ||
- | |||
- | Identifies the language. | ||
- | |||
- | Valid two-letter ISO 639-1 language code. | ||
- | |||
- | org | ||
- | |||
- | Points to an existing organisation object representing the entity that | ||
- | holds the resource. | ||
- | |||
- | The 'ORG-' string followed by 2 to 4 characters, followed by up to 5 digits | ||
- | followed by a source specification. The first digit must not be "0". | ||
- | Source specification starts with "-" followed by source name up to | ||
- | 9-character length. | ||
- | |||
- | sponsoring-org | ||
- | |||
- | Points to an existing organisation object representing the sponsoring | ||
- | organisation responsible for the resource. | ||
- | |||
- | The 'ORG-' string followed by 2 to 4 characters, followed by up to 5 digits | ||
- | followed by a source specification. The first digit must not be "0". | ||
- | Source specification starts with "-" followed by source name up to | ||
- | 9-character length. | ||
- | |||
- | admin-c | ||
- | |||
- | References an on-site administrative contact. | ||
- | |||
- | From 2 to 4 characters optionally followed by up to 6 digits | ||
- | optionally followed by a source specification. The first digit | ||
- | must not be "0". Source specification starts with "-" followed | ||
- | by source name up to 9-character length. | ||
- | |||
- | tech-c | ||
- | |||
- | References a technical contact. | ||
- | |||
- | From 2 to 4 characters optionally followed by up to 6 digits | ||
- | optionally followed by a source specification. The first digit | ||
- | must not be "0". Source specification starts with "-" followed | ||
- | by source name up to 9-character length. | ||
- | |||
- | status | ||
- | |||
- | Specifies the status of the resource. | ||
- | |||
- | Status can have one of these values: | ||
- | |||
- | o ALLOCATED PA | ||
- | o ALLOCATED PI | ||
- | o ALLOCATED UNSPECIFIED | ||
- | o LIR-PARTITIONED PA | ||
- | o LIR-PARTITIONED PI | ||
- | o SUB-ALLOCATED PA | ||
- | o ASSIGNED PA | ||
- | o ASSIGNED PI | ||
- | o ASSIGNED ANYCAST | ||
- | o EARLY-REGISTRATION | ||
- | o NOT-SET | ||
- | o LEGACY | ||
- | |||
- | remarks | ||
- | |||
- | Contains remarks. | ||
- | |||
- | A sequence of ASCII characters. | ||
- | |||
- | notify | ||
- | |||
- | Specifies the e-mail address to which notifications of changes to an | ||
- | object should be sent. This attribute is filtered from the default | ||
- | whois output. | ||
- | |||
- | An e-mail address as defined in RFC 2822. | ||
- | |||
- | mnt-by | ||
- | |||
- | Specifies the identifier of a registered mntner object used for | ||
- | authorisation of operations performed with the object that contains | ||
- | this attribute. | ||
- | |||
- | Made up of letters, digits, the character underscore "_", | ||
- | and the character hyphen "-"; the first character of a name | ||
- | must be a letter, and the last character of a name must be a | ||
- | letter or a digit. The following words are reserved by | ||
- | RPSL, and they can not be used as names: | ||
- | |||
- | any as-any rs-any peeras and or not atomic from to at | ||
- | action accept announce except refine networks into inbound | ||
- | outbound | ||
- | |||
- | Names starting with certain prefixes are reserved for | ||
- | certain object types. Names starting with "as-" are | ||
- | reserved for as set names. Names starting with "rs-" are | ||
- | reserved for route set names. Names starting with "rtrs-" | ||
- | are reserved for router set names. Names starting with | ||
- | "fltr-" are reserved for filter set names. Names starting | ||
- | with "prng-" are reserved for peering set names. Names | ||
- | starting with "irt-" are reserved for irt names. | ||
- | |||
- | mnt-lower | ||
- | |||
- | Specifies the identifier of a registered mntner object used for | ||
- | hierarchical authorisation. Protects creation of objects directly (one | ||
- | level) below in the hierarchy of an object type. The authentication | ||
- | method of this maintainer object will then be used upon creation of | ||
- | any object directly below the object that contains the "mnt-lower:" | ||
- | attribute. | ||
- | |||
- | Made up of letters, digits, the character underscore "_", | ||
- | and the character hyphen "-"; the first character of a name | ||
- | must be a letter, and the last character of a name must be a | ||
- | letter or a digit. The following words are reserved by | ||
- | RPSL, and they can not be used as names: | ||
- | |||
- | any as-any rs-any peeras and or not atomic from to at | ||
- | action accept announce except refine networks into inbound | ||
- | outbound | ||
- | |||
- | Names starting with certain prefixes are reserved for | ||
- | certain object types. Names starting with "as-" are | ||
- | reserved for as set names. Names starting with "rs-" are | ||
- | reserved for route set names. Names starting with "rtrs-" | ||
- | are reserved for router set names. Names starting with | ||
- | "fltr-" are reserved for filter set names. Names starting | ||
- | with "prng-" are reserved for peering set names. Names | ||
- | starting with "irt-" are reserved for irt names. | ||
- | |||
- | mnt-domains | ||
- | |||
- | Specifies the identifier of a registered mntner object used for | ||
- | reverse domain authorisation. Protects domain objects. The | ||
- | authentication method of this maintainer object will be used for any | ||
- | encompassing reverse domain object. | ||
- | |||
- | Made up of letters, digits, the character underscore "_", | ||
- | and the character hyphen "-"; the first character of a name | ||
- | must be a letter, and the last character of a name must be a | ||
- | letter or a digit. The following words are reserved by | ||
- | RPSL, and they can not be used as names: | ||
- | |||
- | any as-any rs-any peeras and or not atomic from to at | ||
- | action accept announce except refine networks into inbound | ||
- | outbound | ||
- | |||
- | Names starting with certain prefixes are reserved for | ||
- | certain object types. Names starting with "as-" are | ||
- | reserved for as set names. Names starting with "rs-" are | ||
- | reserved for route set names. Names starting with "rtrs-" | ||
- | are reserved for router set names. Names starting with | ||
- | "fltr-" are reserved for filter set names. Names starting | ||
- | with "prng-" are reserved for peering set names. Names | ||
- | starting with "irt-" are reserved for irt names. | ||
- | |||
- | mnt-routes | ||
- | |||
- | This attribute references a maintainer object which is used in | ||
- | determining authorisation for the creation of route objects. | ||
- | After the reference to the maintainer, an optional list of | ||
- | prefix ranges inside of curly braces or the keyword "ANY" may | ||
- | follow. The default, when no additional set items are | ||
- | specified, is "ANY" or all more specifics. Please refer to | ||
- | RFC-2622 for more information. | ||
- | |||
- | <mnt-name> [ { list of <address-prefix-range> } | ANY ] | ||
- | |||
- | mnt-irt | ||
- | |||
- | May appear in an inetnum or inet6num object. It points to an irt | ||
- | object representing a Computer Security Incident Response Team (CSIRT) | ||
- | that handles security incidents for the address space specified by the | ||
- | inetnum or inet6num object. | ||
- | |||
- | An irt name is made up of letters, digits, the character | ||
- | underscore "_", and the character hyphen "-"; it must start | ||
- | with "irt-", and the last character of a name must be a | ||
- | letter or a digit. | ||
- | |||
- | changed | ||
- | |||
- | Specifies who submitted the update, and when the object was updated. | ||
- | This attribute is filtered from the default whois output. | ||
- | This attribute is deprecated and will be removed in a next release. | ||
- | |||
- | An e-mail address as defined in RFC 2822, followed by a date | ||
- | in the format YYYYMMDD. | ||
- | |||
- | created | ||
- | |||
- | This attributes reflects when the object was created in | ||
- | ISO8601 format (yyyy-MM-dd'T'HH:mm:ssZ). | ||
- | |||
- | Attribute generated by server. | ||
- | |||
- | last-modified | ||
- | |||
- | This attributes reflects when the object was last changed in | ||
- | ISO8601 format (yyyy-MM-dd'T'HH:mm:ssZ). | ||
- | |||
- | Attribute generated by server. | ||
- | |||
- | source | ||
- | |||
- | Specifies the registry where the object is registered. Should be | ||
- | "RIPE" for the RIPE Database. | ||
- | |||
- | Made up of letters, digits, the character underscore "_", | ||
- | and the character hyphen "-"; the first character of a | ||
- | registry name must be a letter, and the last character of a | ||
- | registry name must be a letter or a digit. | ||
- | |||
- | |||
- | % This query was served by the RIPE Database Query Service version 1.83.1 (DB-4) | ||
- | </file> | ||
- | * Regarder les objets créés par le RIPE pour CHD le LIR | ||
- | * organisation : ''whois ORG-CHD1-RIPE'' | ||
- | * mntner: ''whois fr-commingeshd-1-mnt'' | ||
- | * person (abuse-c): ''whois AR34604-RIPE'' | ||
- | * inetnum: ''whois 185.131.40.0/22'' | ||
- | * inet6num: ''whois 2a03:a0a0::/32'' | ||
- | * Créer tous les objets nécessaires pour CHD le FAI | ||
- | * inetnum: ''whois 185.131.40.0/24'' | ||
- | * inetnum: ''whois 185.131.41.0/24'' | ||
- | * inet6num: ''whois 2a03:a0a0::/XX'' | ||
- | * TODO : routes | ||
- | * domain: ''whois 40.131.185.in-addr.arpa'' | ||
- | * domain: ''whois 41.131.185.in-addr.arpa'' | ||
- | * TODO : ''whois 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.a.0.a.3.0.a.2.ip6.arpa.in-addr.arpa'' |