Re: Operational Issues with 69.0.0.0/8...
I'd like to see RIPE, APNIC and LACNIC also set up authoritative LDAP directories for unallocated IP space at the largest aggregate level. I'd also like to see them all dump the quirky and antiquated whois
protocol
and move to LDAP as the standard way of querying their directories. The
Insisting on LDAP is likely to kill your proposal before it gets off the ground. RPSL works fine. If you want LDAP, you can certainly mirror via the IRRD mirroring protocol, and store however is most useful to you.
I disagree. LDAP is a widespread technology and RPSL/IRRD/RADB is not. The registries can hire people with LDAP experience or send people on LDAP training courses. They can get advice and support from LDAP consultants. And if the registries tell their staff to learn LDAP, then the staff will be motivated to do it well since LDAP knowledge is a marketable skill. The RIRs should be looking at LDAP as the core technology for offering their directory services. We've already tried the RADB/RPSL/IRRD/whois/rwhois route for years and it has failed. Only a few people have bothered to learn most of these technologies and many network operators don't use any of it in an automated fashion. Just recently there was a lot of discussion about the new ARIN whois format and a lot of this revolved around how to make it easier to parse for automated systems. That's like running a mailing list by typing in messages, printing them out, faxing them to UMich where they are scanned and run through OCR, and then emailed to you. Here's how an LDAP directory works. There is a SWIP template form on an ARIN web page. You type the appropriate bits of info into the appropriate boxes and press the submit button. An ARIN CGI or webapp places each field into a relational database. Once a day, they dump any database changes into their LDAP directory. Now when you or your admin scripts query the LDAP directory, each bit of data is received as a separate identifiable field. No more parsing. In fact, you can tell the LDAP server to only send the bits of data that you are interested in. Rather than trying to reinvent LDAP by ourselves it makes an awful lot more sense to leverage the efforts of the hundreds of people at Netscape, SUN, IBM and many universities who have worked over many years to make LDAP version 3 into a very usable tool. LDAP directories are already integral parts of running many large networks in universities and corporations. We should use it in the global Internet as well. -- Michael Dillon
On Tue, 10 Dec 2002 Michael.Dillon@radianz.com wrote:
I disagree. LDAP is a widespread technology and RPSL/IRRD/RADB is not. The registries can hire people with LDAP experience or send people on LDAP training courses. They can get advice and support from LDAP consultants. And if the registries tell their staff to learn LDAP, then the staff will be motivated to do it well since LDAP knowledge is a marketable skill.
Besides LDAP, there's also SOAP / XML thingie :) All of that is pretty much trivial, and horribly overengineered (admittedly, not as horribly as X.500 or whatever that kludge was called). If a method of serializing tree-like data structures and performing request-reply protocol requires consultants to support, one may safely assume that there's something seriously wrong. To my ears "LDAP expert" sounds too much like "operator if-then-else expert". In any case, there's a bunch of public-domain thingies around which do LDAP or SOAP, so just pick any. --vadim
We've already tried the RADB/RPSL/IRRD/whois/rwhois route for years and it has failed. Only a few people have bothered to learn most of these technologies and many network operators don't use any of it in an automated fashion. Just recently there was a lot of discussion about the
I bothered to learn it and use it in a very automated fashion, thank you very much. It really wasn't that hard and it works quite well. I'm curious to hear why it has taken you years to come up with only failure. -brent
Hello, How would LDAP help? LDAP is just a distributed, hierarchical, object-oriented database. If ISPs only wanted to filter the right /8s, they could do that using http://www.iana.org/assignments/ipv4-address-space Unless the worldwide LDAP service would be checked by every router and the router learns what /8s to filter from the service. But then there would be security problems here. Actually, something that would send email to all the ISPs would be more secure (people would double-check before filtering). I don't see anything about the LDAP protocol that would help filtering /8s. Harsha. On Tue, 10 Dec 2002, Brent Imhoff wrote:
We've already tried the RADB/RPSL/IRRD/whois/rwhois route for years and it has failed. Only a few people have bothered to learn most of these technologies and many network operators don't use any of it in an automated fashion. Just recently there was a lot of discussion about the
I bothered to learn it and use it in a very automated fashion, thank you very much. It really wasn't that hard and it works quite well. I'm curious to hear why it has taken you years to come up with only failure.
-brent
participants (4)
-
Brent Imhoff -
Harsha Narayan -
Michael.Dillon@radianz.com -
Vadim Antonov