1 ARIN: Mission, Role and Services John Curran ARIN President and CEO.
ARIN Engineering Department Report
-
Upload
teamarin -
Category
Technology
-
view
355 -
download
2
Transcript of ARIN Engineering Department Report
Engineering ReportMark Kosters
Staffing• Operations
– 7 operations engineers + 2 managers (AT FULL STRENGTH)
• Development– 8 programmers + manager (AT FULL STRENGTH)
• New PM taken from engineering• New hire - filled vacancy going to PM
• Quality Assurance– 4 engineers, 1 contractor + manager (One vacancy)
• Project Management – 1 (AT FULL STRENGTH)• CTO – 1 (Working more on weights to be FULL
STRENGTH)
2
YTD Efforts• Focus on ACSPs• Work underway for sharing ticket information – Important for transfers
• RPKI– Mopping up work– Migration from IBM 4764 to IBM 4765 HSMs
• Migration from Oracle to PostgreSQL complete!
• Movement from EMC to NetApp underway
3
YTD Efforts Cont…• DNSSEC
– Making updates near realtime– Hardening of key management
• Fault Tolerance Improvements– More efficient system backups– Moving Production Systems from ARIN HQ to Colo– Moving backend services to real hardware when
merited• Corporate Help Desk and IT Support• ARIN Member Meeting Support• Care and Feeding of Servers & Network
– Includes new systems provisioning with Puppet and Foreman
• OT&E4
OT&E• Operational Test & Evaluation– Place to test code– Place to test process
• Replicated Core services– Reg-RWS (provisioning API)–Whois-RWS (directory API)–Web Interface– RPKI suite
5
YTD Efforts Cont…• Security Audit by Foreground
Security• IETF Participation– SIDR, RPKI GTA, WEIRDS (RDAP)
• ICANN Participation– SSAC– RSSAC– Technical Advisory Group
6
YTD Efforts PostgreSQL• We had a successful conversion• Validation of 100% of all data from Oracle to
PostgreSQL– Hope to make the tool publically available for other
parties– Data integrity was paramount
• Noted in the PostgreSQL community– High Availability (HA) talk at PGConf NYC 2014– Exercised HA in the first week with a hardware failure on
the production DB node – no issues• Did have one failure
– Installed rsyslog for centralized logging– Ran into a buffering problem that occurred after a long
run– Resulted in short PostgreSQL outages on 2/15 and 2/257
ARIN Online Usage• 81,984 accounts activated since
inception through Q1 of 2014
8
200820092010201120122013
2014*
Number of Accounts Activated
5000 10000 15000 20000
* Through Q1 of 2014
Active Usage of ARIN Online
9
0 1 2 - 5 6 - 10 11 - 15
>160
10000
20000
30000
40000Logins
# of
Us
ers
Times logged in
• Logins from inception through Q1 of 2014
Reg-RWS Transactions
10
ARIN 29 ARIN 30 ARIN 31 ARIN 32 ARIN 330
50000010000001500000200000025000003000000350000040000004500000
TemplateREST
Reports Via REST
Via REST
Associations 176Reassignments 25,219
WhoWas 253,135
11
• Requests from inception through Q1 of 2014
RPKI UsageARIN XXX ARIN XXXI ARIN XXXII ARIN33
RPAs Signed 27 72 130 162Certified Orgs 47 68 108
ROAs 19 60 106 162Covered Resources 30 82 147 258
Web Delegated 0 0 0
Up/Down Delegated 0 0
12
Whois Queries Per Second
13
2007-01
2007-04
2007-07
2007-10
2008-01
2008-04
2008-07
2008-10
2009-01
2009-04
2009-07
2009-10
2010-01
2010-04
2010-07
2010-10
2011-01
2011-04
2011-07
2011-10
2012-01
2012-04
2012-07
2012-10
2013-01
2013-04
2013-07
2013-10
2014-010.00
500.00
1000.00
1500.00
2000.00
2500.00
3000.00
3500.00
4000.00
RESTful
Port 43
2014-03
Whois via IPv6
14
2009-0
1
2009-0
3
2009-0
5
2009-0
7
2009-0
9
2009-1
1
2010-0
1
2010-0
3
2010-0
5
2010-0
7
2010-0
9
2010-1
1
2011-0
1
2011-0
3
2011-0
5
2011-0
7
2011-0
9
2011-1
1
2012-0
1
2012-0
3
2012-0
5
2012-0
7
2012-0
9
2012-1
1
2013-0
1
2013-0
3
2013-0
5
2013-0
7
2013-0
9
2013-1
1
2014-0
1
2014-0
30.00%
1.00%
2.00%
3.00%
4.00%
5.00%
6.00%
7.00%
Percentage of traffic over IPv6
IRR Maintainers
2011 2012 2013 20141500
1600
1700
1800
1900
2000
2100
15
IRR Route / Route6
2011 2012 2013 2014100
1000
10000
100000
RouteRoute6
16
IRR InetNum / Inet6Num
2011 2012 2013 201410
100
1000
InetNumInet6Num
17
Interops• RPKI
– Up/Down now available – first use will probably be between the RIR’s
– Will begin interop using Up/Down for ERX space when APNIC is ready
• RDAP (IETF WEIRDS)– Participated in public interop with APNIC, RIPE NCC,
LACNIC, Afilias, VeriSign, CNNIC at IETF 89– ARIN has open source software at http://projects.arin.net– Public testbed at http://rdappilot.arin.net/restfulwhois/
rdap– Other RIRs are following suit
18
RDAP• Started at ARIN• Other RIR’s found it interesting• ICANN immensely interested
– Solves internationalized character problem– Structured data (no complicated parsing needed
to get what you need)– Navigation (no need to remember all these whois
sites)– Ability to run over a validated channel (https)– Ability to provide access control (allows for
partitioning of data and more privacy controls)
19
One of our Focuses• We are a small engineering shop– Lots of demands– Attempting to provide exceptional service
• Creating API’s to core services– Allows YOU to create tools – Allows YOU to follow your timeline
• projects.arin.net (ACSP completed years ago)– If you find your tool is cool– Way to allow others to come find and use it
20
What we are working on• Finish up more ACSPs• DNSSEC on forward zones (arin.net/arin.com)• Making DNS changes near real-time• Moving the RDAP pilot into production• Further automation on transfers• Moving core production from ARIN HQ to colo• Moving SAN from EMC to NetApp
21
22
Comments?