Tutorial: Internet Resource Management by Champika Wijayatunga, APNIC

Internet Resource Management Tutorial

21 February 2011 Sponsored by

Presenter

•  Champika Wijayatunga Training Manager, APNIC

[email protected]

Objec?ves – To provide an understanding of address management

– To provide a working knowledge of the procedures for reques?ng resources from APNIC and managing these

– To keep membership up-‐to-‐date with the latest policies

– Liaise with members.

3

WHAT IS APNIC? GeKng to know us

4

What is APNIC?

•  APNIC is one of 5 Regional Internet Registries (RIRs) around the world.

•  APNIC takes care of the Asia Pacific region. •  APNIC is a non-‐profit, membership based organisa?on

•  Policies are proposed and agreed upon by the APNIC community.

5

Where Are The RIR Regions?

6

Internet Registry Structure

7

What is APNIC’s role?

•  APNIC provides resource services to the Asia Pacific Region –  IPv4, IPv6, ASN – Maintains the Whois database – Provides reverse DNS delega?on for the resources allocated to the region

8

What Does APNIC Do?

•  APNIC facilitates the policy development process – Via mailing lists and bi-‐annual mee?ngs

•  Implements policy changes – When the community has discussed and agreed upon them

9

What else does APNIC do?

•  APNIC also provides informa?on about industry related ma[ers –  Check the website www.apnic.net –  Join the mailing lists –  Read the publica?ons – A[end mee?ngs and seminars

•  APNIC provides training across the region to the community on a regular basis –  Face to face –  Via eLearning

10

What are the Goals of the RIRs?

•  The Regional Internet Registries have been charged with the following goals for the number resources they are responsible for: – Conserva?on – Aggrega?on – Registra?on

11

Internet Resource Management Goals

•  Conserva?on – Efficient use of resources – Based on demonstrated need

•  Aggrega?on – Limit rou?ng table growth – Support provider-‐based rou?ng

•  Registra?on – Ensure uniqueness – Facilitate trouble shoo?ng

12

December 2010 Internet Number Resource Report

IPv4 Address Space

Growth Of The Global Rou?ng Table

h[p://bgp.potaroo.net/as1221/bgp-‐ac?ve.html

14

Growth Of The Global Rou?ng Table

h[p://bgp.potaroo.net/as1221/bgp-‐ac?ve.html

15

Projected rouDng table growth without CIDR

CIDR deployment

Dot-‐Com boom

Sustainable growth?

GETTING ADDRESSES

16

How Do I Get Addresses?

•  Decide what kind of number resources you need –  IPv4, IPv6

•  Check the criteria – On the website www.apnic.net – Contact the helpdesk [email protected]

•  Become familiar with the policies

•  Apply for membership and resources

17

Ini?al IP Address Request

•  You are required to be an APNIC member in order to ini?ate your IP Address Request.

•  However you can apply for membership and an ini?al address alloca?on at the same ?me.

•  h[p://www.apnic.net/services/become-‐a-‐member

18

Why Become A Member?

•  All APNIC members have equal access to the following benefits of membership:

– APNIC services – APNIC events & educa?on – Vote – Representa?on

19

APNIC POLICIES

20

Alloca?on And Assignment

•  Alloca?on – “A block of address space held by an IR (or downstream ISP) for subsequent alloca?on or assignment” •  Not yet used to address any networks

•  Assignment – “A block of address space used to address an opera?onal network” •  May be provided to ISP customers, or used for an ISP’s infrastructure (‘self-‐assignment’)

21

/22

Member AllocaDon

/25

Customer Assignments

/26 /27

Alloca?on And Assignment

/8

APNIC AllocaDon

Sub-‐ AllocaDon

/24

APNIC Allocates

to APNIC Member

APNIC Member

Customer / End User

Assigns to end-‐user

Allocates to downstream

Downstream Assigns

to end-‐user

/26 /27

22

Portable And Non-‐portable

•  Portable Assignments –  Customer addresses independent from ISP

•  Keeps addresses when changing ISP –  Bad for size of rou?ng tables

•  Non-‐portable Assignments –  Customer uses ISP’s address space

•  Must renumber if changing ISP

–  Only way to effec?vely scale the Internet

23

Address Management Hierarchy (IPv4)

Non-‐Portable

APNIC AllocaDon

/8 (IPv4)

Portable

APNIC AllocaDon

/8 (IPv4)

Non-‐Portable

Portable

Non-‐Portable

24

Sub-‐alloca?ons

•  No max or min size – Max 1 year requirement

•  Assignment Window & 2nd Opinion applies –  to both sub-‐alloca?on & assignments

•  Sub-‐alloca?on holders don’t need to send in 2nd opinions

Sub-‐allocaDon

APNIC Member AllocaDon

Customer Assignments Customer Assignments

25

Address Management Hierarchy (IPv6)

Non-‐Portable Portable Non-‐Portable

Portable

Non-‐Portable

26

APNIC Alloca?on Policies

•  Aggrega?on of alloca?on – Provider responsible for aggrega?on – Customer assignments /sub-‐alloca?ons must be non-‐portable

•  Alloca?ons based on demonstrated need – Detailed documenta?on required

•  All address space held to be declared – Address space to be obtained from one source

•  rou?ng considera?ons may apply

27

Ini?al IPv4 Alloca?on

•  APNIC minimum IPv4 alloca?on size /22 – An ISP must have used a /24 from their upstream provider or demonstrate an immediate need for a /24

– An ISP must demonstrate a detailed plan for use of a /23 within a year

28

Ini?al IPv6 Alloca?on

•  To qualify for an ini?al alloca?on of IPv6 address space, an organiza?on must: – Not be an end site (must provide downstream services)

– Plan to provide IPv6 connec?vity to organiza?ons to which it will make assignments

29

“One Click” IPv6 Policy

•  Members with IPv4 holdings can click the bu[on in MyAPNIC to instantly receive their IPv6 block – No forms to fill out!

•  A Member that has an IPv4 alloca?on is eligible for a /32

•  A Member that has an IPv4 assignment is eligible for a /48

30

APNIC Alloca?on Policies

•  Transfer of address space – Not automa?cally recognised

•  Return unused address space to appropriate IR

•  Effects of mergers, acquisi?ons & take-‐overs – Will require contact with IR (APNIC)

•  contact details may change •  new agreement may be required

– May require re-‐examina?on of alloca?ons •  requirement depends on new network structure

31

Sub-‐alloca?on Guidelines

•  Sub-‐allocate cau?ously – Only allocate or assign what the customer has demonstrated a need for

– Seek APNIC advice if in doubt •  Efficient assignments

– Member is responsible for overall u?lisa?on

•  Database registra?on (WHOIS Db) – Sub-‐alloca?ons & assignments must be registered in the whois db

32

Portable Assignments for IPv4

•  For (small) organisa?ons who require a portable assignment for mul?-‐homing purposes

–  Applicants currently mul?homed OR demonstrate a plan to mul?home within 1 month

–  Agree to renumber out of previously assigned space

–  Demonstrate need to use 25% of requested space immediately and 50% within 1 year

/8 APNIC

/22 Member allocaDon

Non-‐portable assignment

33

Portable Assignments for IPv6

•  For (small) organisa?ons who require a portable assignment for mul?-‐homing purposes – The current policy allows for IPv6 portable assignment to end-‐sites

– Size: /48, or a shorter prefix if the end site can jus?fy it

– To be mul?homed within 3 months

/12 APNIC

/32 Member allocaDon

Non-‐portable assignment

34

IXP IPv4 Assignments Policy

•  Criteria – 3 or more peers

– Demonstrate “open peering policy”

•  APNIC has reserved blocks of space from which to make IXP assignments

35

IXP IPv6 Assignment Policy

•  Criteria – Demonstrate ‘open peering policy’

– 3 or more peers

•  Portable assignment size: /48 – All other needs should be met through normal processes

– /64 holders can “upgrade” to /48 •  Through NIRs/ APNIC •  Need to return /64

36

Portable Cri?cal Infrastructure Assignments

•  What is Cri?cal Internet Infrastructure? – Domain Registry Infrastructure

•  Operators of Root DNS, gTLD, and ccTLD – Address Registry Infrastructure

•  IANA, RIRs & NIRs •  Why a specific policy ?

– Protect stability of core Internet func?on •  Assignment sizes:

–  IPv4: /24 or IPv6: /32

37

WHERE DO POLICIES COME FROM?

38

Policies and their Development

•  Policies are constantly changing the meet the technical needs of the Internet

•  There is a system in place called the Policy Development Process – Anyone can par?cipate – Anyone can propose a policy – All decisions & policies documented & freely available to anyone

39

Why Par?cipate In Policy Development?

This is your opportunity to comment on policies that may directly affect the way your organisa?on obtains, manages and deploys Internet resources

40

You Can Par?cipate!

•  Send a proposal to the Secretariat •  Discuss proposals via public mailing lists

– h[p://www.apnic.net/community/par?cipate/join-‐discussions

•  A[end mee?ngs – h[p://mee?ngs.apnic.net/31

– Remote par?cipa?on available

41

Policy Development Process

42

From Regional to Global Policies

While RIRs and their respec?ve communi?es are responsible for policies specific to their regions, there are ?mes when a policy needs to be global.

43

Global Policy Coordina?on

44

APNIC31 Policy Proposals

•  prop-‐083: Alterna?ve criteria for subsequent IPv6 alloca?ons

•  prop-‐084: Frequent whois informa?on update request

•  prop-‐085: Eligibility for cri?cal infrastructure assignments from the final /8

•  prop-‐086: Global Policy for IPv4 Alloca?ons by the IANA Post Exhaus?on •  prop-‐087: IPv6 address alloca?on for deployment purposes

•  prop-‐088: Distribu?on of IPv4 addresss once the final /8 period starts

•  prop-‐089: Addi?onal criterion for final /8 alloca?ons (and assignments)

•  prop-‐090: Op?mizing IPv6 Alloca?on Strategies

APNIC31 Policy Proposals

•  prop-‐091: Limi?ng of final /8 policy to specific /9

•  prop-‐092: Distribu?on of addi?onal APNIC IPv4 address ranges aser IANA exhaus?on

•  prop-‐093: Reducing the minimum delega?on size for the final /8 policy

•  prop-‐094: Adding alterna?ve criteria to renumbering requirement in final /8 policy

•  prop-‐095: Inter-‐RIR IPv4 address transfer proposal

•  prop-‐096: Maintaining demonstrated needs requirement in transfer policy aser the final /8 phase

•  prop-‐097: Global Policy for post exhaus?on IPv4 alloca?on mechanisms by the IANA

SUPPORTING INTERNET DEVELOPMENT

47

Projects -‐ Root Server Deployment

– A number of mirrored root server sites have been placed into the Asia Pacific region

– Lowers the transit cost by using a nearby instance of a root server

– The sites are par?ally or fully funded by APNIC, but operate as "anycast" mirror copies of exis?ng Root servers, by the applicable root server operator

48

Grants For Community Support

•  The Informa?on Society Innova?on Fund is a small grants program funding innova?ve approaches to the extension of Internet infrastructure and services in the Asia Pacific region –  19 projects have been funded since Jan 2009 –  ISIF is ac?vely seeking sponsorship to support innova?on in the Asia Pacific region

49

Community Collabora?on

•  Internet Community of Online Networking Specialists (ICONS) website provides an opportunity to share informa?on on networking topics

•  The ICONS site contains: – An online forum – Documents and presenta?ons – Links to interes?ng external material

50

h[p://icons.apnic.net

Community Collabora?on -‐ TTM

•  The Test Traffic Measurement (TTM) •  Con?nuously monitors connec?vity between the host and the rest of the Internet.

•  This project is in collabora?on with RIPE NCC www.apnic.net/community/support/[m

51

Resource Quality Assurance

•  APNIC acts to minimize any problems in routability through communica?on, training, and tes?ng

•  Tes?ng for new /8 blocks – NOC mailing lists no?fica?on – Collabora?ve tes?ng conducted by APNIC R&D in conjunc?on with different organiza?ons

– APNIC conducts further tes?ng, to quan?fy the extent to which networks a[ract “pollu?on” or “unwanted” traffic


•  Community awareness – Promote responsible administrative practices through APNIC publica?ons and training materials

–  Inform organizations that maintain bogon/black lists about the changes for recently allocated addresses so they update their DB

– Keep the Whois Database accurate •  Actively remind resource holders to update their

data

•  Is a collabora?ve effort, you can: – Follow responsible network administra?on prac?ces to protect users from abuse and security a[acks, while allowing legi?mate traffic to flow and reach its intended des?na?on

– Talk to your customers, upstreams and peers – Keep informed about IANA alloca?ons – Consider whether you should stop any form of bogon filtering


MYAPNIC

55

MyAPNIC

A day-‐to-‐day tool to manage your APNIC account and resources

56

MyAPNIC Func?ons

•  Resource informa?on –  IPv4 –  IPv6 – ASN

•  Administra?on – Membership detail

– Contact persons – Billing history

57

MyAPNIC Func?ons (cont.)

•  Training – Training history – Training registra?on

•  Tools – Looking Glass – MD5

– Prefix Report

58

AUTONOMOUS SYSTEM NUMBERS

59

What Is An Autonomous System?

•  Collec?on of networks with same rou?ng policy

•  Usually under single ownership, trust or administra?ve control

60

When Do I Need An ASN?

•  An ASN is needed if you have a – Mul?-‐homed network to different providers AND

– Rou?ng policy different to external peers

* For more informa?on please refer to RFC1930: Guidelines for crea?on, selec?on and registra?on of an Autonomous System

61

Reques?ng An ASN

•  Complete the request form – Check with peers if they can handle 4 byte ASN – Exis?ng members send the request from MyAPNIC – New Members can send AS request along with membership applica?on

•  Transfers of ASNs – Require legal documenta?on (mergers etc)

62

Reques?ng An AS Number

•  If a member requests an ASN from APNIC for own network infrastructure – AS number is “portable”

•  If a member requests an ASN from APNIC for its downstream customer network – ASN is “non-‐portable” – ASN is returned if the customer changes provider

63

REVERSE DNS DELEGATIONS

64

What is ‘Reverse DNS’?

•  ‘Forward DNS’ maps names to numbers – svc00.apnic.net -‐> 202.12.28.131

•  ‘Reverse DNS’ maps numbers to names – 202.12.28.131 -‐> svc00.apnic.net

Reverse DNS -‐ why bother?

•  Service denial •  That only allow access when fully reverse delegated eg. anonymous sp

•  Diagnos?cs •  Assis?ng in trace routes etc

•  SPAM iden?fica?ons

•  Registra?on responsibili?es

whois

Principles – DNS tree

net edu com sg

whois

apnic

arpa

22 .64 .in-addr .202 .arpa

202 203 210 211.. 202 RIR

64 64 ISP

22 22 Customer

in-addr

Reverse delega?on requirements

•  /24 Delega?ons •  Address blocks should be assigned/allocated •  At least two name servers

•  /16 Delega?ons •  Same as /24 delega?ons •  APNIC delegates en?re zone to member

•  < /24 Delega?ons •  Read “classless in-‐addr.arpa delega?on” RFC

2317

APNIC & ISPs responsibili?es

•  APNIC – Manage reverse delega?ons of address block distributed by APNIC

–  Process organisa?ons requests for reverse delega?ons of network alloca?ons

•  Organisa?ons –  Be familiar with APNIC procedures –  Ensure that addresses are reverse-‐mapped – Maintain nameservers for alloca?ons

•  Minimise pollu?on of DNS

Reverse delega?on procedures •  Standard APNIC database object,

–  can be updated through myAPNIC.

•  Nameserver/domain set up verified before being submi[ed to the database.

•  Protec?on by maintainer object –  (current auths: CRYPT-‐PW, PGP).

•  Any queries –  Contact <[email protected]>

Whois domain object

domain: 28.12.202.in-addr.arpa descr: in-addr.arpa zone for 28.12.202.in-addr.arpa admin-c: DNS3-AP tech-c: DNS3-AP zone-c: DNS3-AP nserver: ns.telstra.net nserver: rs.arin.net nserver: ns.myapnic.net nserver: svc00.apnic.net nserver: ns.apnic.net mnt-by: MAINT-APNIC-AP mnt-lower: MAINT-DNS-AP changed: [email protected] 19990810 source: APNIC

Reverse Zone

Contacts

Name Servers

Maintainers (protection)

Removing lame delega?ons

•  Objec?ve – To repair or remove persistently lame DNS delega?ons

•  DNS delega?ons are lame if: – Some or all of the registered DNS nameservers are unreachable or badly configured

•  APNIC has formal implementa?on of the lame DNS reverse delega?on procedures

IPV6 OVERVIEW

73

Mo?va?on Behind IPv6 Protocol •  New genera?on Internet need:

– Plenty of address space (PDA, Mobile Phones, Tablet PC, Car, TV etc etc )

– Solu?on of very complex hierarchical addressing need, which IPv4 is unable provide

– End to end communica?on without the need of NAT for some real ?me applica?on i.e online transac?on

– Ensure security, reliability of data and faster processing of protocol overhead

74

New Func?onal Improvement In IPv6

•  Address Space –  Increase from 32-‐bit to 128-‐bit address space

•  Management – Stateless autoconfigura?on means no more need to configure IP addresses for end systems, even via DHCP

•  Performance – Fixed header sizes (40 byte) and 64-‐bit header alignment mean be[er performance from routers and bridges/switches

75 Source: h[p://www.opus1.com/ipv6/wha?sipv6.html

Protocol Header Comparison

•  IPv4 contain 10 basic header field •  IPv6 contain 6 basic header field

•  IPv6 header has 40 octets in contrast to the 20 octets in IPv4

•  So a smaller number of header fields and the header is 64-‐bit aligned to

enable fast processing by current processors

76 Diagram Source: www.cisco.com

IPv6 addressing

•  128 bits of address space •  Hexadecimal values of eight 16 bit fields

•  X:X:X:X:X:X:X:X (X=16 bit number, ex: A2FE) •  16 bit number is converted to a 4 digit hexadecimal number

•  Example: •  FE38:DCE3:124C:C1A2:BA03:6735:EF1C:683D

– Abbreviated form of address •  4EED:0023:0000:0000:0000:036E:1250:2B00 •  →4EED:23:0:0:0:36E:1250:2B00 •  →4EED:23::36E:1250:2B00 •  (Null value can be used only once)

IPv6 Addressing Structure

0 127

ISP /32

32

128 bits

Customer Site /48

16

Subnet /64

16 64

Device /128

IPv6 u?lisa?on •  U?lisa?on determined from end site assignments –  ISP responsible for registra?on of all /48 assignments

–  Intermediate alloca?on hierarchy not considered

•  U?lisa?on of IPv6 address space is measured differently from IPv4 – Use HD ra?o to measure

•  Subsequent alloca?on may be requested when IPv6 u?lisa?on requirement is met

79

FINISHING UP

80

Need any help?

•  More personalised service –  Range of languages: Bahasa Indonesia, Bengali, Cantonese, English, Hindi, Mandarin, Thai, etc.

•  Faster response and resolu4on of queries –  IP resource applica?ons, status of requests, obtaining help in

comple?ng applica?on forms, membership enquiries, billing issues & database enquiries

Member Services Helpdesk - One point of contact for all member enquiries - Online chat services

Helpdesk hours 9:00 am -‐ 9:00 pm (AU EST, UTC + 10 hrs)

ph: +61 7 3858 3188 fax: 61 7 3858 3199

APNIC Helpdesk chat

APNIC Website

84

Summary

•  APNIC is the Regional Internet Registry for the APNIC region

•  APNIC (the Secretariat) facilitates the Policy Development process

•  Members have access to APNIC services including IP addresses, ASN numbers, MyAPNIC tools and subsidized training

•  APNIC helps members to create Reverse Delega?ons •  APNIC encourages organisa?ons to request for IPv6 addresses

•  APNIC is involved in various projects in the APNIC region

85

Ques?ons?

86

Thank You! <[email protected]>

Tutorial: Internet Resource Management by Champika Wijayatunga, APNIC

Technology

Transcript of Tutorial: Internet Resource Management by Champika Wijayatunga, APNIC