[ppml] Bogons etc...

Michael.Dillon at radianz.com Michael.Dillon at radianz.com
Thu Jan 22 07:02:56 EST 2004

> There are no tools that change router config based on LDAP data, 
>and to my knowledge firewalls do not have such tools for LDAP feed 
>nor mail server software, etc.

LDAP is used heavily by mail server software, in fact this
is one of its core uses. It is also used to some extent for
firewalls, e.g. http://oldfaq.phoneboy.com/fom-serve/cache/208.html
You have to remember that LDAP is just a lightweight protocol
used to access a distributed database. You can put anything you
want into the database including things like CIDR blocks and
OSPF weights. 

>There is RPSL definition for whois datathat is next layer up above whois 
>protocol. RPSL is used for routing database (as published by ARIN for 
>example) and is easily parseable and there are tools to convert this to 
>used for router configurations and firewall configurations. Publishing 
>information by RPSL is a good idea that ARIN should consider doing 
>of continuing to use its own non-standard WHOIS format (note: RIPE, 
>LACNIC are all using RPSL for whois data). 

RPSL is definitely a step in the right direction and I'd be
happy if ARIN would use this. On the other hand, RPSL is less
standard and less supported than LDAP and it is easy to map
an RPSL schema as Bernard Aboba has shown in this draft
Thinking strategically I believe it is better for ARIN to
use Common Of The Shelf (COTS) technology wherever possible
and minimize the non-standard stuff including RPSL. If ARIN
could implement a thin RPSL layer on top of an LDAP backend, then
it would have a flexible solution that could drive multiple
front-ends including port 43 whois, DNS, BGP route server, etc.
And people who want to leverage their in-house LDAP expertise
could get their datafeed straight in LDAP.

>> Anyone can set up a box with BIND or Zebra or OpenLDAP to receive
>> a data feed and integrate it with their internal systems. 
>Please do it. And release such software as open source and have at least 
>two confirmed users (besides your own).

Unfortunately I can't do this in my current job and it 
doesn't make a lot of sense to set up a client for a
service that does not exist.

-- Michael Dillon

More information about the ARIN-PPML mailing list