Hello Liu, I have some clarifying questions, see below.
> On 13 May 2025, at 17:48, liu haoran <qq593277...@outlook.com> wrote: > > As the administrator of AKIX , we have observed a recurring issue where newly > joined members frequently submit AS-SET objects without populating the > mandatory members attribute in IRR databases. From both operational and RPSL > (Routing Policy Specification Language) specification perspectives, an AS-SET > containing no members represents an invalid configuration, as it > fundamentally defeats its purpose of aggregating Autonomous Systems (AS) for > routing policy management. I confirmed that an as-set can be created in the RIPE database without any members: attribute. Approximately 2,000 of nearly 27,000 total as-sets do not have any members: attribute. If a members: attribute is supplied, the ASN or AS-SET value does not need to exist. Should we also validate either the ASN or AS-SET value? > We formally propose that IRR database maintainers implement mandatory > validation during AS-SET creation to enforce: > 1. Require at minimum one valid AS number in the members field Since only hierarchical AS-SET objects can now be created in the RIPE database, if a parent AS-SET contains a "members:" attribute, can that allow the child to have no (additional) members? > 2. Reject AS-SET submissions containing empty/null members attributes This is already the case (if a members: attribute is specified, it cannot be empty or null). > 3. Provide clear error messaging specifying the validation requirements > This technical enforcement would align with RFC 2725 (Routing Policy System > Security) recommendations while significantly improving routing registry data > quality and operational reliability for Internet Exchange ecosystems. RFC 2622 defines the as-set "members:" attribute to be type "optional, multi-valued", does RFC 2725 supercede this? https://datatracker.ietf.org/doc/html/rfc2622#section-5.1 Regards, Ed Shryane RIPE NCC ----- To unsubscribe from this mailing list or change your subscription options, please visit: https://mailman.ripe.net/mailman3/lists/db-wg.ripe.net/ As we have migrated to Mailman 3, you will need to create an account with the email matching your subscription before you can change your settings. More details at: https://www.ripe.net/membership/mail/mailman-3-migration/
