New Values of the "status:" Attribute for Inetnum Objects
(LIR-PARTITIONED)

   Nurani Nimpuno
   Andrei Robachevsky

   Document ID: ripe-239
   Date: 14 June 2002
     _________________________________________________________________

Abstract
        
   This document describes the new value of the "status:" attribute
   for inetnum objects and its impact on database operation.
   _________________________________________________________________

Contents

   1.0 Motivation
   2.0 Database Objects Affected
   3.0 Usage
   4.0 Functionality
   5.0 IP Address Policy Implications

1.0 Motivation

   For various reasons large Local Internet Registries (LIRs) often
   need to distribute their allocated address space between various
   parts of their organisation (for example, some organisations have
   separate national operations in several countries obtaining address
   space through a single LIR). In these situations it is desirable to
   document this redistribution in the RIPE Database. In the past
   there was no way to do this without throwing up errors in the RIPE
   NCC auditing procedures or by removing flexibility by having each
   local operation treated as a RIPE NCC allocation. More information
   about the "RIPE NCC Consistency and Auditing Activity" is available
   from the RIPE Document Store at:

   http://www.ripe.net/ripe/docs/audit.html

   To facilitate administration of an LIR allocation, a new set of
   status values - <LIR-PARTITIONED PA> and <LIR-PARTITIONED PI> - was
   introduced. This allows an LIR to register one or more inetnum
   objects with one of the new "status:" values (further
   LIR-PARTITIONED inetnum) that are more specific to the allocation
   but less specific to the assignment. By doing this, an LIR may
   register different contact persons within the LIR organisation for
   different blocks of their allocated space. It is also possible to
   restrict changes in the RIPE Database within the LIR's allocated
   space differently in different blocks of this space.

2.0 Database Objects Affected

   Only inetnum objects may have the <LIR-PARTITIONED> "status:"
   values.

3.0 Usage
   
   The <LIR-PARTITIONED> feature allows an LIR to document
   distribution and delegate management of allocated space within
   their organisation.  This is done by creating one or more
   <LIR-PARTITIONED> inetnum objects under the inetnum object
   representing an LIR allocation. These objects may reference
   different contact information and have different values of
   "mnt-lower:" and "mnt-routes:" attributes. The "mnt-routes:"
   attribute delegates authorisation for the creation of more specific
   inetnum and route objects in the RIPE Database to different
   entities in different address blocks within the LIR's allocated
   space. For example, if we consider the following inetnum hierarchy:
   

inetnum:    192.168.0.0 - 192.168.255.255
   
status:     ALLOCATED PI
   
mnt-by:     RIPE-NCC-HM-MNT
   
mnt-lower:  LIR-MNT
   
mnt-routes: LIR-MNT
   
inetnum:    192.168.0.0 - 192.168.15.255
   
status:     LIR-PARTITIONED PI
   
mnt-by:     LIR-MNT
   
mnt-lower:  DEPT1-MNT 

mnt-routes: DEPT1-RT-MNT

   Then DEPT1-MNT has the authority of creating more specific inetnum
   and route objects within the 192.168.0.0 - 192.168.15.255 range.
   DEPT1-RT-MNT has the authority to create 192.168.0.0/20 route and
   more specific ones. Please be aware that absence of a "mnt-lower:"
   attribute will allow anyone to create more specific inetnum objects
   within the address space.
   
   For more information regarding authorisation rules in the RIPE
   Database, please refer to the RIPE document "RIPE Database
   Reference Manual" available from the RIPE Document Store at:
   
   http://www.ripe.net/ripe/docs/databaseref-manual.html   

4.0 Functionality
              
   When creating or modifying an inetnum object, the database will
   check the value of the "status:" attribute according to the
   following rules:

     * The value of <ALLOCATED PA> or <ALLOCATED PI"> is allowed if
       the object is maintained by the RIPE-NCC-HM-MNT mntner.

     * The value of <LIR-PARTITIONED PA> is allowed if one level less
       specific inetnum object contains a "status:" attribute with the
       value of <ALLOCATED PA>, <LIR-PARTITIONED PA> or <ALLOCATED
       UNSPECIFIED>.

     * The value of <LIR-PARTITIONED PI> is allowed if one level less
       specific inetnum object contains a "status:" attribute with the
       value of <ALLOCATED PI>, <LIR-PARTITIONED PI> or <ALLOCATED
       UNSPECIFIED>.
   
5.0 IP address policy implications
   
   The use of the <LIR-PARTITIONED> status value creates no
   implications to IP address policy. The utilisation in any
   allocation is always measured by the assignments within the
   allocation that are registered in the RIPE Database. Furthermore,
   LIRs are always responsible for the usage of address space
   allocated to them. For details on Internet Registry policies and
   procedures, please refer to the "IPv4 Address Allocation and
   Assignment Policies in the RIPE NCC Service Region" document
   available from the RIPE Document Store at:
              
   http://www.ripe.net/ripe/docs/ipv4-policies.html