Engineering ReportMark Kosters

Staffing• Operations

– 7 operations engineers + 2 managers (AT FULL STRENGTH)

• Development– 8 programmers + manager (AT FULL STRENGTH)

• New PM taken from engineering• New hire - filled vacancy going to PM

• Quality Assurance– 4 engineers, 1 contractor + manager (One vacancy)

• Project Management – 1 (AT FULL STRENGTH)• CTO – 1 (Working more on weights to be FULL

STRENGTH)

2

YTD Efforts• Focus on ACSPs• Work underway for sharing ticket information – Important for transfers

• RPKI– Mopping up work– Migration from IBM 4764 to IBM 4765 HSMs

• Migration from Oracle to PostgreSQL complete!

• Movement from EMC to NetApp underway

3

YTD Efforts Cont…• DNSSEC

– Making updates near realtime– Hardening of key management

• Fault Tolerance Improvements– More efficient system backups– Moving Production Systems from ARIN HQ to Colo– Moving backend services to real hardware when

merited• Corporate Help Desk and IT Support• ARIN Member Meeting Support• Care and Feeding of Servers & Network

– Includes new systems provisioning with Puppet and Foreman

• OT&E4

OT&E• Operational Test & Evaluation– Place to test code– Place to test process

• Replicated Core services– Reg-RWS (provisioning API)–Whois-RWS (directory API)–Web Interface– RPKI suite

5

YTD Efforts Cont…• Security Audit by Foreground

Security• IETF Participation– SIDR, RPKI GTA, WEIRDS (RDAP)

• ICANN Participation– SSAC– RSSAC– Technical Advisory Group

6

YTD Efforts PostgreSQL• We had a successful conversion• Validation of 100% of all data from Oracle to

PostgreSQL– Hope to make the tool publically available for other

parties– Data integrity was paramount

• Noted in the PostgreSQL community– High Availability (HA) talk at PGConf NYC 2014– Exercised HA in the first week with a hardware failure on

the production DB node – no issues• Did have one failure

– Installed rsyslog for centralized logging– Ran into a buffering problem that occurred after a long

run– Resulted in short PostgreSQL outages on 2/15 and 2/257

ARIN Online Usage• 81,984 accounts activated since

inception through Q1 of 2014

8

200820092010201120122013

2014*

Number of Accounts Activated

5000 10000 15000 20000

* Through Q1 of 2014

Active Usage of ARIN Online

9

0 1 2 - 5 6 - 10 11 - 15

>160

10000

20000

30000

40000Logins

# of

Us

ers

Times logged in

• Logins from inception through Q1 of 2014

Reg-RWS Transactions

10

ARIN 29 ARIN 30 ARIN 31 ARIN 32 ARIN 330

50000010000001500000200000025000003000000350000040000004500000

TemplateREST

Reports Via REST

Via REST

Associations 176Reassignments 25,219

WhoWas 253,135

11

• Requests from inception through Q1 of 2014

RPKI UsageARIN XXX ARIN XXXI ARIN XXXII ARIN33

RPAs Signed 27 72 130 162Certified Orgs 47 68 108

ROAs 19 60 106 162Covered Resources 30 82 147 258

Web Delegated 0 0 0

Up/Down Delegated 0 0

12

Whois Queries Per Second

13

2007-01

2007-04

2007-07

2007-10

2008-01

2008-04

2008-07

2008-10

2009-01

2009-04

2009-07

2009-10

2010-01

2010-04

2010-07

2010-10

2011-01

2011-04

2011-07

2011-10

2012-01

2012-04

2012-07

2012-10

2013-01

2013-04

2013-07

2013-10

2014-010.00

500.00

1000.00

1500.00

2000.00

2500.00

3000.00

3500.00

4000.00

RESTful

Port 43

2014-03

Whois via IPv6

14

2009-0

1

2009-0

3

2009-0

5

2009-0

7

2009-0

9

2009-1

1

2010-0

1

2010-0

3

2010-0

5

2010-0

7

2010-0

9

2010-1

1

2011-0

1

2011-0

3

2011-0

5

2011-0

7

2011-0

9

2011-1

1

2012-0

1

2012-0

3

2012-0

5

2012-0

7

2012-0

9

2012-1

1

2013-0

1

2013-0

3

2013-0

5

2013-0

7

2013-0

9

2013-1

1

2014-0

1

2014-0

30.00%

1.00%

2.00%

3.00%

4.00%

5.00%

6.00%

7.00%

Percentage of traffic over IPv6

IRR Maintainers

2011 2012 2013 20141500

1600

1700

1800

1900

2000

2100

15

IRR Route / Route6

2011 2012 2013 2014100

1000

10000

100000

RouteRoute6

16

IRR InetNum / Inet6Num

2011 2012 2013 201410

100

1000

InetNumInet6Num

17

Interops• RPKI

– Up/Down now available – first use will probably be between the RIR’s

– Will begin interop using Up/Down for ERX space when APNIC is ready

• RDAP (IETF WEIRDS)– Participated in public interop with APNIC, RIPE NCC,

LACNIC, Afilias, VeriSign, CNNIC at IETF 89– ARIN has open source software at http://projects.arin.net– Public testbed at http://rdappilot.arin.net/restfulwhois/

rdap– Other RIRs are following suit

18

RDAP• Started at ARIN• Other RIR’s found it interesting• ICANN immensely interested

– Solves internationalized character problem– Structured data (no complicated parsing needed

to get what you need)– Navigation (no need to remember all these whois

sites)– Ability to run over a validated channel (https)– Ability to provide access control (allows for

partitioning of data and more privacy controls)

19

One of our Focuses• We are a small engineering shop– Lots of demands– Attempting to provide exceptional service

• Creating API’s to core services– Allows YOU to create tools – Allows YOU to follow your timeline

• projects.arin.net (ACSP completed years ago)– If you find your tool is cool– Way to allow others to come find and use it

20

What we are working on• Finish up more ACSPs• DNSSEC on forward zones (arin.net/arin.com)• Making DNS changes near real-time• Moving the RDAP pilot into production• Further automation on transfers• Moving core production from ARIN HQ to colo• Moving SAN from EMC to NetApp

21

22

Comments?