| Internet-Draft | Generalized RPSL External Reference | October 2024 |
| Bush | Expires 21 April 2025 | [Page] |
RPSL, which is not a formal standard, has recently added a geofeed: attribute to the innet[6]num: class to reference data external to RPSL. There is now a proposal add another attribute, prefixlen:. This document describes a more general and extensible mechanism for external references.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 21 April 2025.¶
Copyright (c) 2024 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
The Routing Policy Specification Language (RPSL), which has operationally evolved since standardization in [RFC2622], has recently added a geofeed: attribute [RFC9632] to the inetnum: [INETNUM] and inet6num: [INET6NUM] classes to reference data external to RPSL. There is now a proposal add another attribute, prefixlen: [I-D.gasser-opsawg-prefix-lengths] referencing exterbal data.¶
This document describes a more general and extensible mechanism for external references to augment the RPSL inetnum: class [INETNUM] to refer to external data. In all places inetnum:, [INETNUM], is used, inet6num:, [INET6NUM], should also be assumed.¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.¶
RPSL, [RFC2622], as used by the Regional Internet Registries (RIRs), has been augmented with the inetnum: [INETNUM] and the inet6num: [INET6NUM] classes; each of which describes an IP address range and its attributes.¶
Ongoing work has added and/or proposes to add multiple attributes to RPSL to reference objects external to RPSL.¶
[RFC9632] descrbes how to reference geofeed files ([RFC8805]) from an RPSL inetnum: class. It is widely deployed.¶
[I-D.gasser-opsawg-prefix-lengths] proposes to refrence prefixlen files from an RPSL inetnum: class.¶
This way lies chaos. Where there are two, there will be more. This will cause continuing problems for work such as [I-D.ietf-regext-rdap-geofeed].¶
This document describes a generalized mechanism for external references. RPSL would be augmented to define a new RPSL extref: attribute in the inetnum: class. For example, given the two sub-types described above:¶
inetnum: 192.0.2.0/24 # example
extref: Geofeed https://example.com/geofeed
extref: Prefixlen https://example.com/prefixlen
¶
Any particular inetnum: class MAY have at most one extref: of a particular sub-type.¶
inetnum: classes form a hierarchy, see [INETNUM] Section 4.2.4.1, Hierarchy of INETNUM Objects. extref references SHOULD be at the lowest applicable inetnum: class. When fetching, the most specific inetnum: class with an extref reference of a particular sub-type MUST be used.¶
When extref: references are provided by multiple inetnum: classes which have identical address ranges, then the extref: reference on the inetnum: with the most recent last-modified: attribute SHOULD be preferred.¶
To create the needed inetnum: classes, an operator wishing to register extref: attributes needs to coordinate with their RIR/NIR and/or any provider LIR which has assigned prefixes to them. RIRs/NIRs provide means for assignees to create and maintain inetnum: classes. They also provide means of [sub-]assigning IP address resources and allowing the assignee to create whois data, including inetnum: classes, and thereby using extref: attributes.¶
For a particular sub-type, the RFC defining it SHOULD specify the transport over which the reference SHOULD or MUST be fetched.¶
Multiple inetnum: classes MAY refer to the same external resource.¶
It would be generally prudent for a consumer of extref data to also use other sources to cross-validate the data. All of the Security Considerations of the RFC defining a sub-type apply here as well.¶
Many RPSL repositories have weak if any authentication. This would allow spoofing of inetnum: classes pointing to malicious extref files.¶
If an inetnum: for a wide prefix (e.g. a /16) points to an external file, a customer or attacker could publish an equal or narrower (e.g. a /24) inetnum: in a whois registry which has weak authorization.¶
The RPSL providers have had to throttle fetching from their servers due to too-frequent queries. Usually they throttle by the querying IP address or block. Similar defenses will likely need to be deployed by extref file servers.¶
The IANA is requested to create an "rpsl-extref-subtype: registry as follows:¶
SubType Reference
------- ----------------
Geofeed RFC9632
¶
Registration of new SubTypes is by RFC per [RFC8126] Section 4.¶
Thanks to the authors of [RFC8805], [RFC9092], and [RFC9632] from whom ideas and text have been liberally expropriated.¶