Tutorial: Internet Resource Management by Champika Wijayatunga, APNIC
-
Upload
febrian-setiadi -
Category
Technology
-
view
1.232 -
download
3
description
Transcript of Tutorial: Internet Resource Management by Champika Wijayatunga, APNIC
Internet Resource Management Tutorial
21 February 2011 Sponsored by
Objec?ves – To provide an understanding of address management
– To provide a working knowledge of the procedures for reques?ng resources from APNIC and managing these
– To keep membership up-‐to-‐date with the latest policies
– Liaise with members.
3
WHAT IS APNIC? GeKng to know us
4
What is APNIC?
• APNIC is one of 5 Regional Internet Registries (RIRs) around the world.
• APNIC takes care of the Asia Pacific region. • APNIC is a non-‐profit, membership based organisa?on
• Policies are proposed and agreed upon by the APNIC community.
5
Where Are The RIR Regions?
6
Internet Registry Structure
7
What is APNIC’s role?
• APNIC provides resource services to the Asia Pacific Region – IPv4, IPv6, ASN – Maintains the Whois database – Provides reverse DNS delega?on for the resources allocated to the region
8
What Does APNIC Do?
• APNIC facilitates the policy development process – Via mailing lists and bi-‐annual mee?ngs
• Implements policy changes – When the community has discussed and agreed upon them
9
What else does APNIC do?
• APNIC also provides informa?on about industry related ma[ers – Check the website www.apnic.net – Join the mailing lists – Read the publica?ons – A[end mee?ngs and seminars
• APNIC provides training across the region to the community on a regular basis – Face to face – Via eLearning
10
What are the Goals of the RIRs?
• The Regional Internet Registries have been charged with the following goals for the number resources they are responsible for: – Conserva?on – Aggrega?on – Registra?on
11
Internet Resource Management Goals
• Conserva?on – Efficient use of resources – Based on demonstrated need
• Aggrega?on – Limit rou?ng table growth – Support provider-‐based rou?ng
• Registra?on – Ensure uniqueness – Facilitate trouble shoo?ng
12
December 2010 Internet Number Resource Report
IPv4 Address Space
Growth Of The Global Rou?ng Table
h[p://bgp.potaroo.net/as1221/bgp-‐ac?ve.html
14
Growth Of The Global Rou?ng Table
h[p://bgp.potaroo.net/as1221/bgp-‐ac?ve.html
15
Projected rouDng table growth without CIDR
CIDR deployment
Dot-‐Com boom
Sustainable growth?
GETTING ADDRESSES
16
How Do I Get Addresses?
• Decide what kind of number resources you need – IPv4, IPv6
• Check the criteria – On the website www.apnic.net – Contact the helpdesk [email protected]
• Become familiar with the policies
• Apply for membership and resources
17
Ini?al IP Address Request
• You are required to be an APNIC member in order to ini?ate your IP Address Request.
• However you can apply for membership and an ini?al address alloca?on at the same ?me.
• h[p://www.apnic.net/services/become-‐a-‐member
18
Why Become A Member?
• All APNIC members have equal access to the following benefits of membership:
– APNIC services – APNIC events & educa?on – Vote – Representa?on
19
APNIC POLICIES
20
Alloca?on And Assignment
• Alloca?on – “A block of address space held by an IR (or downstream ISP) for subsequent alloca?on or assignment” • Not yet used to address any networks
• Assignment – “A block of address space used to address an opera?onal network” • May be provided to ISP customers, or used for an ISP’s infrastructure (‘self-‐assignment’)
21
/22
Member AllocaDon
/25
Customer Assignments
/26 /27
Alloca?on And Assignment
/8
APNIC AllocaDon
Sub-‐ AllocaDon
/24
APNIC Allocates
to APNIC Member
APNIC Member
Customer / End User
Assigns to end-‐user
Allocates to downstream
Downstream Assigns
to end-‐user
/26 /27
22
Portable And Non-‐portable
• Portable Assignments – Customer addresses independent from ISP
• Keeps addresses when changing ISP – Bad for size of rou?ng tables
• Non-‐portable Assignments – Customer uses ISP’s address space
• Must renumber if changing ISP
– Only way to effec?vely scale the Internet
23
Address Management Hierarchy (IPv4)
Non-‐Portable
APNIC AllocaDon
/8 (IPv4)
Portable
APNIC AllocaDon
/8 (IPv4)
Non-‐Portable
Portable
Non-‐Portable
24
Sub-‐alloca?ons
• No max or min size – Max 1 year requirement
• Assignment Window & 2nd Opinion applies – to both sub-‐alloca?on & assignments
• Sub-‐alloca?on holders don’t need to send in 2nd opinions
Sub-‐allocaDon
APNIC Member AllocaDon
Customer Assignments Customer Assignments
25
Address Management Hierarchy (IPv6)
Non-‐Portable Portable Non-‐Portable
Portable
Non-‐Portable
26
APNIC Alloca?on Policies
• Aggrega?on of alloca?on – Provider responsible for aggrega?on – Customer assignments /sub-‐alloca?ons must be non-‐portable
• Alloca?ons based on demonstrated need – Detailed documenta?on required
• All address space held to be declared – Address space to be obtained from one source
• rou?ng considera?ons may apply
27
Ini?al IPv4 Alloca?on
• APNIC minimum IPv4 alloca?on size /22 – An ISP must have used a /24 from their upstream provider or demonstrate an immediate need for a /24
– An ISP must demonstrate a detailed plan for use of a /23 within a year
28
Ini?al IPv6 Alloca?on
• To qualify for an ini?al alloca?on of IPv6 address space, an organiza?on must: – Not be an end site (must provide downstream services)
– Plan to provide IPv6 connec?vity to organiza?ons to which it will make assignments
29
“One Click” IPv6 Policy
• Members with IPv4 holdings can click the bu[on in MyAPNIC to instantly receive their IPv6 block – No forms to fill out!
• A Member that has an IPv4 alloca?on is eligible for a /32
• A Member that has an IPv4 assignment is eligible for a /48
30
APNIC Alloca?on Policies
• Transfer of address space – Not automa?cally recognised
• Return unused address space to appropriate IR
• Effects of mergers, acquisi?ons & take-‐overs – Will require contact with IR (APNIC)
• contact details may change • new agreement may be required
– May require re-‐examina?on of alloca?ons • requirement depends on new network structure
31
Sub-‐alloca?on Guidelines
• Sub-‐allocate cau?ously – Only allocate or assign what the customer has demonstrated a need for
– Seek APNIC advice if in doubt • Efficient assignments
– Member is responsible for overall u?lisa?on
• Database registra?on (WHOIS Db) – Sub-‐alloca?ons & assignments must be registered in the whois db
32
Portable Assignments for IPv4
• For (small) organisa?ons who require a portable assignment for mul?-‐homing purposes
– Applicants currently mul?homed OR demonstrate a plan to mul?home within 1 month
– Agree to renumber out of previously assigned space
– Demonstrate need to use 25% of requested space immediately and 50% within 1 year
/8 APNIC
/22 Member allocaDon
Non-‐portable assignment
33
Portable Assignments for IPv6
• For (small) organisa?ons who require a portable assignment for mul?-‐homing purposes – The current policy allows for IPv6 portable assignment to end-‐sites
– Size: /48, or a shorter prefix if the end site can jus?fy it
– To be mul?homed within 3 months
/12 APNIC
/32 Member allocaDon
Non-‐portable assignment
34
IXP IPv4 Assignments Policy
• Criteria – 3 or more peers
– Demonstrate “open peering policy”
• APNIC has reserved blocks of space from which to make IXP assignments
35
IXP IPv6 Assignment Policy
• Criteria – Demonstrate ‘open peering policy’
– 3 or more peers
• Portable assignment size: /48 – All other needs should be met through normal processes
– /64 holders can “upgrade” to /48 • Through NIRs/ APNIC • Need to return /64
36
Portable Cri?cal Infrastructure Assignments
• What is Cri?cal Internet Infrastructure? – Domain Registry Infrastructure
• Operators of Root DNS, gTLD, and ccTLD – Address Registry Infrastructure
• IANA, RIRs & NIRs • Why a specific policy ?
– Protect stability of core Internet func?on • Assignment sizes:
– IPv4: /24 or IPv6: /32
37
WHERE DO POLICIES COME FROM?
38
Policies and their Development
• Policies are constantly changing the meet the technical needs of the Internet
• There is a system in place called the Policy Development Process – Anyone can par?cipate – Anyone can propose a policy – All decisions & policies documented & freely available to anyone
39
Why Par?cipate In Policy Development?
This is your opportunity to comment on policies that may directly affect the way your organisa?on obtains, manages and deploys Internet resources
40
You Can Par?cipate!
• Send a proposal to the Secretariat • Discuss proposals via public mailing lists
– h[p://www.apnic.net/community/par?cipate/join-‐discussions
• A[end mee?ngs – h[p://mee?ngs.apnic.net/31
– Remote par?cipa?on available
41
Policy Development Process
42
From Regional to Global Policies
While RIRs and their respec?ve communi?es are responsible for policies specific to their regions, there are ?mes when a policy needs to be global.
43
Global Policy Coordina?on
44
APNIC31 Policy Proposals
• prop-‐083: Alterna?ve criteria for subsequent IPv6 alloca?ons
• prop-‐084: Frequent whois informa?on update request
• prop-‐085: Eligibility for cri?cal infrastructure assignments from the final /8
• prop-‐086: Global Policy for IPv4 Alloca?ons by the IANA Post Exhaus?on • prop-‐087: IPv6 address alloca?on for deployment purposes
• prop-‐088: Distribu?on of IPv4 addresss once the final /8 period starts
• prop-‐089: Addi?onal criterion for final /8 alloca?ons (and assignments)
• prop-‐090: Op?mizing IPv6 Alloca?on Strategies
APNIC31 Policy Proposals
• prop-‐091: Limi?ng of final /8 policy to specific /9
• prop-‐092: Distribu?on of addi?onal APNIC IPv4 address ranges aser IANA exhaus?on
• prop-‐093: Reducing the minimum delega?on size for the final /8 policy
• prop-‐094: Adding alterna?ve criteria to renumbering requirement in final /8 policy
• prop-‐095: Inter-‐RIR IPv4 address transfer proposal
• prop-‐096: Maintaining demonstrated needs requirement in transfer policy aser the final /8 phase
• prop-‐097: Global Policy for post exhaus?on IPv4 alloca?on mechanisms by the IANA
SUPPORTING INTERNET DEVELOPMENT
47
Projects -‐ Root Server Deployment
– A number of mirrored root server sites have been placed into the Asia Pacific region
– Lowers the transit cost by using a nearby instance of a root server
– The sites are par?ally or fully funded by APNIC, but operate as "anycast" mirror copies of exis?ng Root servers, by the applicable root server operator
48
Grants For Community Support
• The Informa?on Society Innova?on Fund is a small grants program funding innova?ve approaches to the extension of Internet infrastructure and services in the Asia Pacific region – 19 projects have been funded since Jan 2009 – ISIF is ac?vely seeking sponsorship to support innova?on in the Asia Pacific region
49
Community Collabora?on
• Internet Community of Online Networking Specialists (ICONS) website provides an opportunity to share informa?on on networking topics
• The ICONS site contains: – An online forum – Documents and presenta?ons – Links to interes?ng external material
50
h[p://icons.apnic.net
Community Collabora?on -‐ TTM
• The Test Traffic Measurement (TTM) • Con?nuously monitors connec?vity between the host and the rest of the Internet.
• This project is in collabora?on with RIPE NCC www.apnic.net/community/support/[m
51
Resource Quality Assurance
• APNIC acts to minimize any problems in routability through communica?on, training, and tes?ng
• Tes?ng for new /8 blocks – NOC mailing lists no?fica?on – Collabora?ve tes?ng conducted by APNIC R&D in conjunc?on with different organiza?ons
– APNIC conducts further tes?ng, to quan?fy the extent to which networks a[ract “pollu?on” or “unwanted” traffic
Resource Quality Assurance
• Community awareness – Promote responsible administrative practices through APNIC publica?ons and training materials
– Inform organizations that maintain bogon/black lists about the changes for recently allocated addresses so they update their DB
– Keep the Whois Database accurate • Actively remind resource holders to update their
data
• Is a collabora?ve effort, you can: – Follow responsible network administra?on prac?ces to protect users from abuse and security a[acks, while allowing legi?mate traffic to flow and reach its intended des?na?on
– Talk to your customers, upstreams and peers – Keep informed about IANA alloca?ons – Consider whether you should stop any form of bogon filtering
Resource Quality Assurance
MYAPNIC
55
MyAPNIC
A day-‐to-‐day tool to manage your APNIC account and resources
56
MyAPNIC Func?ons
• Resource informa?on – IPv4 – IPv6 – ASN
• Administra?on – Membership detail
– Contact persons – Billing history
57
MyAPNIC Func?ons (cont.)
• Training – Training history – Training registra?on
• Tools – Looking Glass – MD5
– Prefix Report
58
AUTONOMOUS SYSTEM NUMBERS
59
What Is An Autonomous System?
• Collec?on of networks with same rou?ng policy
• Usually under single ownership, trust or administra?ve control
60
When Do I Need An ASN?
• An ASN is needed if you have a – Mul?-‐homed network to different providers AND
– Rou?ng policy different to external peers
* For more informa?on please refer to RFC1930: Guidelines for crea?on, selec?on and registra?on of an Autonomous System
61
Reques?ng An ASN
• Complete the request form – Check with peers if they can handle 4 byte ASN – Exis?ng members send the request from MyAPNIC – New Members can send AS request along with membership applica?on
• Transfers of ASNs – Require legal documenta?on (mergers etc)
62
Reques?ng An AS Number
• If a member requests an ASN from APNIC for own network infrastructure – AS number is “portable”
• If a member requests an ASN from APNIC for its downstream customer network – ASN is “non-‐portable” – ASN is returned if the customer changes provider
63
REVERSE DNS DELEGATIONS
64
What is ‘Reverse DNS’?
• ‘Forward DNS’ maps names to numbers – svc00.apnic.net -‐> 202.12.28.131
• ‘Reverse DNS’ maps numbers to names – 202.12.28.131 -‐> svc00.apnic.net
Reverse DNS -‐ why bother?
• Service denial • That only allow access when fully reverse delegated eg. anonymous sp
• Diagnos?cs • Assis?ng in trace routes etc
• SPAM iden?fica?ons
• Registra?on responsibili?es
whois
Principles – DNS tree
net edu com sg
whois
apnic
arpa
22 .64 .in-addr .202 .arpa
202 203 210 211.. 202 RIR
64 64 ISP
22 22 Customer
in-addr
Reverse delega?on requirements
• /24 Delega?ons • Address blocks should be assigned/allocated • At least two name servers
• /16 Delega?ons • Same as /24 delega?ons • APNIC delegates en?re zone to member
• < /24 Delega?ons • Read “classless in-‐addr.arpa delega?on” RFC
2317
APNIC & ISPs responsibili?es
• APNIC – Manage reverse delega?ons of address block distributed by APNIC
– Process organisa?ons requests for reverse delega?ons of network alloca?ons
• Organisa?ons – Be familiar with APNIC procedures – Ensure that addresses are reverse-‐mapped – Maintain nameservers for alloca?ons
• Minimise pollu?on of DNS
Reverse delega?on procedures • Standard APNIC database object,
– can be updated through myAPNIC.
• Nameserver/domain set up verified before being submi[ed to the database.
• Protec?on by maintainer object – (current auths: CRYPT-‐PW, PGP).
• Any queries – Contact <[email protected]>
Whois domain object
domain: 28.12.202.in-addr.arpa descr: in-addr.arpa zone for 28.12.202.in-addr.arpa admin-c: DNS3-AP tech-c: DNS3-AP zone-c: DNS3-AP nserver: ns.telstra.net nserver: rs.arin.net nserver: ns.myapnic.net nserver: svc00.apnic.net nserver: ns.apnic.net mnt-by: MAINT-APNIC-AP mnt-lower: MAINT-DNS-AP changed: [email protected] 19990810 source: APNIC
Reverse Zone
Contacts
Name Servers
Maintainers (protection)
Removing lame delega?ons
• Objec?ve – To repair or remove persistently lame DNS delega?ons
• DNS delega?ons are lame if: – Some or all of the registered DNS nameservers are unreachable or badly configured
• APNIC has formal implementa?on of the lame DNS reverse delega?on procedures
IPV6 OVERVIEW
73
Mo?va?on Behind IPv6 Protocol • New genera?on Internet need:
– Plenty of address space (PDA, Mobile Phones, Tablet PC, Car, TV etc etc )
– Solu?on of very complex hierarchical addressing need, which IPv4 is unable provide
– End to end communica?on without the need of NAT for some real ?me applica?on i.e online transac?on
– Ensure security, reliability of data and faster processing of protocol overhead
74
New Func?onal Improvement In IPv6
• Address Space – Increase from 32-‐bit to 128-‐bit address space
• Management – Stateless autoconfigura?on means no more need to configure IP addresses for end systems, even via DHCP
• Performance – Fixed header sizes (40 byte) and 64-‐bit header alignment mean be[er performance from routers and bridges/switches
75 Source: h[p://www.opus1.com/ipv6/wha?sipv6.html
Protocol Header Comparison
• IPv4 contain 10 basic header field • IPv6 contain 6 basic header field
• IPv6 header has 40 octets in contrast to the 20 octets in IPv4
• So a smaller number of header fields and the header is 64-‐bit aligned to
enable fast processing by current processors
76 Diagram Source: www.cisco.com
IPv6 addressing
• 128 bits of address space • Hexadecimal values of eight 16 bit fields
• X:X:X:X:X:X:X:X (X=16 bit number, ex: A2FE) • 16 bit number is converted to a 4 digit hexadecimal number
• Example: • FE38:DCE3:124C:C1A2:BA03:6735:EF1C:683D
– Abbreviated form of address • 4EED:0023:0000:0000:0000:036E:1250:2B00 • →4EED:23:0:0:0:36E:1250:2B00 • →4EED:23::36E:1250:2B00 • (Null value can be used only once)
IPv6 Addressing Structure
0 127
ISP /32
32
128 bits
Customer Site /48
16
Subnet /64
16 64
Device /128
IPv6 u?lisa?on • U?lisa?on determined from end site assignments – ISP responsible for registra?on of all /48 assignments
– Intermediate alloca?on hierarchy not considered
• U?lisa?on of IPv6 address space is measured differently from IPv4 – Use HD ra?o to measure
• Subsequent alloca?on may be requested when IPv6 u?lisa?on requirement is met
79
FINISHING UP
80
Need any help?
• More personalised service – Range of languages: Bahasa Indonesia, Bengali, Cantonese, English, Hindi, Mandarin, Thai, etc.
• Faster response and resolu4on of queries – IP resource applica?ons, status of requests, obtaining help in
comple?ng applica?on forms, membership enquiries, billing issues & database enquiries
Member Services Helpdesk - One point of contact for all member enquiries - Online chat services
Helpdesk hours 9:00 am -‐ 9:00 pm (AU EST, UTC + 10 hrs)
ph: +61 7 3858 3188 fax: 61 7 3858 3199
APNIC Helpdesk chat
APNIC Website
84
Summary
• APNIC is the Regional Internet Registry for the APNIC region
• APNIC (the Secretariat) facilitates the Policy Development process
• Members have access to APNIC services including IP addresses, ASN numbers, MyAPNIC tools and subsidized training
• APNIC helps members to create Reverse Delega?ons • APNIC encourages organisa?ons to request for IPv6 addresses
• APNIC is involved in various projects in the APNIC region
85
Ques?ons?
86
Thank You! <[email protected]>