oops, no text
mak@merit.edu Thu, 09 July 1992 16:19 UTC
Received: from ietf.nri.reston.va.us by IETF.NRI.Reston.VA.US id aa05002; 9 Jul 92 12:19 EDT
Received: from NRI.NRI.Reston.Va.US by IETF.NRI.Reston.VA.US id aa04997; 9 Jul 92 12:19 EDT
Received: from haig.cs.ucl.ac.uk by NRI.Reston.VA.US id aa20130; 9 Jul 92 12:20 EDT
Received: from bells.cs.ucl.ac.uk by haig.cs.ucl.ac.uk with local SMTP id <g.02796-0@haig.cs.ucl.ac.uk>; Thu, 9 Jul 1992 17:01:27 +0100
Received: from merit.edu by bells.cs.ucl.ac.uk with Internet SMTP id <g.19196-0@bells.cs.ucl.ac.uk>; Thu, 9 Jul 1992 17:00:58 +0100
Return-Path: <mak@merit.edu>
Received: from home.merit.edu by merit.edu (5.65/1123-1.0) id AA05823; Thu, 9 Jul 92 12:00:25 -0400
Received: by home.merit.edu (4.1/client-0.9) id AA11945; Thu, 9 Jul 92 11:11:19 EDT
Date: Thu, 09 Jul 1992 11:11:19 -0400
From: mak@merit.edu
Message-Id: <9207091511.AA11945@home.merit.edu>
To: osi-ds@cs.ucl.ac.uk
Subject: oops, no text
You probably actually want to see the text too. Sorry about that. Mark OSI Directory Services Mark Knopper Working Group Merit Network INTERNET--DRAFT July 1992 Representing Networking Infrastructure Information in X.500 Status of this Memo This internet draft suggests a method for representing information pertaining to network infrastructure in the X.500 directory. An object model for representing generalized network objects is proposed and followed. Examples of real-world network objects that may be stored in the directory are IP Network, Autonomous System, Circuit and Node. A goal is to use the directory to associate organizations and contact people with these network objects. Searches can be made by naming the object, or by organization. This draft document will be submitted to the RFC editor as an informational document. Distribution of this memo is unlimited. Please send comments to the authors or to the discussion group osi-ds@cs.ucl.ac.uk. Acknowledgements Part of this text was lifted without permission from a design document by the friendly folks at SRI, Ruth Lang and Ken Harrenstein, our co-conspirators on the FOX project. SRI supports a prototype X.500 implementation of the WHOIS database. Ruth and Chris Weider helped write the initial draft, and Tim Howes and Mark Smith of the University of Michigan Unix Group reviewed several drafts. Sue Hares of Merit provided guidance on object and attribute definitions. INTERNET--DRAFT X.500 Network Infrastructure July 1992 1.0 Introduction and Goals Information related to the Internet Network Infrastructure is stored and created by a number of different organizations, such as the Network Information Center (NIC), the Internet Assigned Numbers Authority (IANA), and the NSFNET Network Operations Center (NOC). The information is in general "mastered" (stored and maintained) by these organizations on a centralized basis, i.e. there is a single place to look for a definitive list of entries for these categories. This has worked well in the past but given the tremendous growth of the Internet and its number of users and networks, it is essential that a distributed scheme be used. The X.500 Directory standard seems to be an ideal technology for implementing this distributed method of managing network infrastructure information. X.500 allows distributed ownership of different parts of the global Directory Information Tree, and with replication can provide this information to users rapidly. Some access control and security capabilities exist in the current standards and additional capabilities are being developed by IETF working groups and implementors. Using the X.500 heirarchical structure, this information can be organized in a fashion that is intuitive and easily searchable by users. This document focuses on IP Networks as the protypical network object, but the methods suggested by this model can be generalized to other kinds of network objects (such as autonomous systems, which are described herein, circuits, interfaces and routers). The following goals are accomplished by the model defined in this document: 1. Define network objects 2. Allow searching of objects by organization 3. Allow searching by network number 4. Support delegation of addressing authorities 5. Include "special purpose" attributes for use by network service providers INTERNET--DRAFT X.500 Network Infrastructure July 1992 2.0 Object Model 2.1 Object: network A top level object, "network", will be defined as follows: network OBJECT CLASS SUBCLASS OF top MUST CONTAIN {commonName} MAY CONTAIN { parentOrganization, administrativeContact, technicalContact } parentOrganization ATTRIBUTE WITH ATTRIBUTE SYNTAX distinguishedNameSyntax administrativeContact ATTRIBUTE WITH ATTRIBUTE SYNTAX distinguishedNameSyntax technicalContact ATTRIBUTE WITH ATTRIBUTE SYNTAX distinguishedNameSyntax It is assumed that networks of any kind can be listed in the directory with these common attributes. The parentOrganization attribute can be used as a pointer to the entry of an organization listed in the directory. The administrative and technical contacts identify "person" or "organizational role" entries in the directory. 2.2 Object: iPnetwork An IP network is a special case of the generic "network", and inherits its attributes as well as having a set of attributes of its own. iPnetwork OBJECT CLASS SUBCLASS OF network MAY CONTAIN { aSpath, configurationDate, configurationHistory, registrationDate, sponsoringAgency, countryName, activationDate, usagePolicy, networkName, in-AddrServer, onlineDate, Source seeAlso } Note that the first three optional attributes (aSpath, configurationDate, and configurationHistory) are intended to be specific to a particular network service provider. It may be possible that an entry for a particular IP network can be found in multiple places in the directory, with different provider-specific information in these attributes. See section 3.3 for an example. The other attributes contain information that is managed by the address authority which assigned the IP network number. There is only one such authority for any given IP number so this information should not be found in duplicate entries for an IP number. The AS path includes reachability information for the NSFNET backbone, including route metric and AS number. This is used as an exapmle of a service provider-specific use of an attribute. There can be multiple AS paths for alternate routes. This attribute is currently specified as a character string, but this syntax may need to be changed upon further study. aSPath ATTRIBUTE WITH ATTRIBUTE SYNTAX caseIgnoreStringSyntax IP networks are named by their IP number represented as a string, eg. "cn=35.0.0.0". The NIC also requires that each network have a name for internal use. networkName ATTRIBUTE WITH ATTRIBUTE SYNTAX caseIgnoreStringSyntax The NIC currently requires specification of a sponsoring government agency and a usage policy for each IP network. The syntax for usage policy is currently string but may need to be changed after further study. sponsoringAgency ATTRIBUTE WITH ATTRIBUTE SYNTAX distinguishedNameSyntax usagePolicy ATTRIBUTE WITH ATTRIBUTE SYNTAX caseIgnoreStringSyntax The in-addr server is assumed to be a computer named in the directory. in-AddrServer ATTRIBUTE WITH ATTRIBUTE SYNTAX distinguishedNameSyntax Configuration and online dates are with respect to NSFNET or other network service provider. configurationDate ATTRIBUTE WITH ATTRIBUTE SYNTAX uTCTimeSyntax onlineDate ATTRIBUTE WITH ATTRIBUTE SYNTAX uTCTimeSyntax Configuration history is currently a text string but could be changed to allow multiple entries with date and configuration information. This is for further study. configurationHistory ATTRIBUTE WITH ATTRIBUTE SYNTAX caseIgnoreStringSyntax "Source" names the organization that is responsible for the information in this entry. This is a transitional attribute, that is until all address authorities have started using the X.500 system, this field can be used simply as a pointer to the authoritative organization while the entry is stored in the centralized subtree. source ATTRIBUTE WITH ATTRIBUTE SYNTAX distinguishedNameSyntax 2.3 Object: autonomousSystem An Autonomous System is a collection of networks grouped into a common routing domain with a single owning authority. Typically this might be a mid-level network. The directory will associate contact and authority information with AS name and number, as well as giving routing information related to the AS. autonomousSystem OBJECT CLASS SUBCLASS OF network MAY CONTAIN { constituentNetwork, routingMetric, asName, sponsoringAgency } The AS contains multiple consitituent networks, so this attribute would normally appear multiple times in the entries. constituentNetwork ATTRIBUTE WITH ATTRIBUTE SYNTAX distinguishedNameSyntax The routing metric as well as the above constituent network attributes are currently in character string format, but this could be made more structured in future. It may also be necessary to provide a metric/network pairing relationship. routingMetric ATTRIBUTE WITH ATTRIBUTE SYNTAX caseIgnoreStringSyntax The AS name is an arbitrarily named string supplied by the owner. In the directory AS's are named by their number. The name usually gives a clue about the owning organization. asName ATTRIBUTE WITH ATTRIBUTE SYNTAX caseIgnoreStringSyntax Sponsoring agency is a field collected by the NIC and currently included in the WHOIS database. sponsoringAgency ATTRIBUTE WITH ATTRIBUTE SYNTAX distinguishedNameSyntax 3.0 Directory Information Tree Organization A requirement for structuring the network-related information is to allow distribution of address authority using heirarchical delegation. The DIT structure should reflect the delegated authority and make it easier for the new authority to manage its entries. The following three models and uses are accomodated by this structure, and are illustrated in a potential order of a transition from the current Internet address assignment model. 3.1 Organization Assuming Current, Centralized Address Authority Model for Internet Registry In this model a single organization is the address authority for all IP network numbers. In the tree for this organization can be found a large single flat subtree containing all IP network numbers. Within each IP network number entry can be found all attributes associated with address authority information. See Figure 1 (nii.fig1.ps). In order to support searching by organization, it is suggested that organizations which own IP networks can support alias entries refering to the master entries within the main directory. This is illustrated in Figure 1. [Note: Figures are available by FTP from merit.edu in pub/x.500/nii.fig*.] 3.2 Delegated Address Authority Model In this model there can be up to three entries in the DIT for a particular IP network. The master list of all IP nets would still exist but some entries would simply be aliases refering to the master information existing within the domain of a delegated address authority. The actual owning organization of the IP net would still have an alias pointing to either the main NIC's entry for the network or to the service provider's entry. Figure 2 (nii.fig2.ps) shows that a "not delegated" entry is wholly contained within the "o=Internet" master directory for IP Networks, but delegated entries are listed there as aliases. "Advanced Altered Performance Inc." is an example network service provider who might be a delegated address authority for a block of addresses. 3.3 Special Purpose Attributes Supported by a Service Provider It may be the case that a particular service provider (who may or may not be the delegated address authority for a network) would hold yet another entry for the network. This entry would contain information specific to that service provider but would not contain any of the attributes designated for use by the address authority (unless it was also that authority). In the following example (Figures 3, nii.fig3.ps), the NIC has not delegated the address authority but a service provider has created an entry for the network. 4.0 Author's Address Mark Knopper, mak@merit.edu Merit Network, Inc. 1071 Beal Avenue Ann Arbor, MI 48109 5.0 References S.E. Kille. X.500 and domains. Research Note RN/89/47, Department of Computer Science, University College Lon- don, May 1989. Also Internet Draft: DRAFT-UCL-KILLE- X500DOMAINS-00.PS S.E. Kille. The COSINE and Internet X.500 Naming Architecture. Internet Draft: DRAFT-IETF-OSIDS-COSINEX500-02.TXT S.E. Kille. Representing Real World Objects in the Directory, OSI-DS 25 Cerf, V. RFC 1174
- oops, no text mak