Benyamin P. Naibaho Asosiasi Penyelengara Jasa Internet ... · Benyamin P. Naibaho Asosiasi...
Transcript of Benyamin P. Naibaho Asosiasi Penyelengara Jasa Internet ... · Benyamin P. Naibaho Asosiasi...
Benyamin P. Naibaho
Asosiasi Penyelengara Jasa Internet Indonesia (APJII)
Chief of Indonesia Network Information Center (IDNIC)
ISP-NAP and Direct Members (Aug 2017)
Member Compositions
IPv4 Allocations (per August 2017)
Total IPv4 address Allocation and Assignment: 21,223
blok per /24 or 5,433,008 IPv4 address,
Allocation for ISP/NAP Member: 18,973 per /24
Allocation for Direct Member: 2,250 per /24
IDNIC Allocation in APNIC is extra large (total IPv4
subnet /9)
IPv4 Allocation– ISP/NAP Members
IPv4 Allocation– Direct Members
Total IPv4 Allocated & Assigned Portable
IPv6 Allocations (per August 2017)
Total IPv4 address Allocation and Assignment:
14,549,284 blok per/64.
ISP/NAP Members: 251 members
Direct Members/Non ISP: 307 members
Total AS Number 2 Byte assignment to IDNIC Members is 621 AS Number 2 Byte
Total AS Number 2 Byte assignment to IDNIC Members is 478 pool AS Number 4 bytes (102 ASN assigned for NAP/ISP, 304 ASN assigned for Direct Member IDNIC)
4
IPv4 Peer Summary
Router ID: 103.28.75.0 Local AS Number: 7597
Number of Neighbors Configured: 244
Total Prefix: 11124
IPv6 Peer Summary
Router ID: 2001:7fa:2::7597:1 Local AS Number: 7597
Number of Neighbors Configured: 94
Total Prefix: 626
4
IPv4 Peer Summary
Router ID: 218.100.27.128 Local AS Number: 7717
Number of Neighbors Configured: 557
Total Prefix: 12259
Manages and distributes blocks of IP numbers from APNIC
Verification of the requirements to get the IP Number
Establish technical guidelines for implementation IP numbers
Organizing programs of education and socialization
Reported on the implementation of APJII-IDNIC activities to APNIC, periodically or at any time
Coordinate with the finance department for member’s billing
APJII-IDNIC Routine Activities
APNIC – APJII Training Schedule 2017
IPv6 Test Results in One of Mobile Broadband Operator
• The Networks support IPv4 & IPv6 (dual-stack)
• Anticipation to User Equipment (UE) which haven’t support IPv6
• UE that already supports IPv6 is encouraged to use IPv6
• The Users free to choose IPv4 & IPv6
• IPv6 users can use both IPv6 and IPv4 applications
• IPv4 users can use IPv4 applications only
IPv6 Trial Tests in Mobile Broadband (MBB)
• Access model in transition
• There are still some applications that do not support IPv6 yet
• The UE must already support IPv6 and 464XLAT
• Network only allocates IPv6 number to UE
• IPv6 users can also use IPv4 applications
• NAT in the UE (only for applications that do not yet support IPv6): Private IPv4 to IPv6
• NAT in Firewall: IPv6 to public IPv4
Access IPv6 to IPv4
• 464XLAT consists of 2 parts: EU & Firewall
• User Equipment (UE):
• IPv4-Only-Applications use the local IPv4 subnet;
• Packages of the application are translated into IPv6 by the UE
• Firewall:
• The IPv6 packets of the application are re-translated into IPv4
• The firewall allocates public IPv4 number for the UE from the pool
464XLAT (RFC6877)
• Fact: on the network, quite often a PDP (Packet Data Protocol) activation failure with the message, "Unknown PDP address or PDP type“
• The cause: UE asked for PDP Type = IPv6 but not supported by network
• Conclusion: if more and more UE are by default requesting IPv6, the percentage of PDP activation success will decrease;
• This will urge network managers to immediately support IPv6
IPv6 & Successful PDP Activation
As much as possible to match the Implementation Plan
The Differences from Implementation Plan:
There are some components that have not supported IPv6
As a result: IPv6-Traffic can not be in-charge
Can not use commercial APN
Must use special APN and MSISDN
The UE does not yet support 464XLAT
IPv6 Trial on Mobile Broadband
Succeeded (attended by ICT Ministry Staffs and IPv6-TF)
Popular websites in ID: Google, Wikipedia, Facebook, detik.com
IPv6 test website: Google, testmyipv6.com, ipv6-test.com, test-ipv6.com
PC with modem: BlackBerry 9300
Smartphone: Lenovo
Notes:
Sometimes test-ipv6.com reports the issue of PMTUD (Path Maximum Transmission Unit Discovery)
Carrier Grade Network Address Translation (CGNAT) which is firewall,down capacity by 20% if dual-stack
The UE has not yet support 464XLAT
Applications, that do not support IPv6, are not running normally in Indonesia: Yahoo! Messenger and Skype
The dual-stack test is spontaneous
Not planned from the beginning, but executed during the test
One user forms two PDP sessions at once: IPv6 and also IPv4
It worked
Test Results
1. User Equipment Manufacturers should produce the device which requesting IPv6 by default
2. Ready-operators should immediately implement IPv6
3. Firewalls manufactures, need to immediately improve the ability to eliminate the capacity reduction, due to IPv6 NAT implementation to IPv4
4. APNIC needs to encourage the global content providers to create the applications which support IPv4 and IPv6 in Asia Pasific Regional
Suggestions
MyIDNIC – Indonesia Network Information Center’s IP Portal
MyIDNIC Portal
myIDNIC
Server DB
whois.apnic.net
Server DB
whois.idnic.id
on progress
Online portal service for IDNIC members, which is built for:
1. Manage IPv4, IPv6 and ASN Resource
2. Search by Whois object type
3. Reverse DNS Delegation (view, update, delete domain object)
4. IPv4 & IPv6 Assignment
5. Realtime Whois Object update
6. Check Billing status
7. Event List
MyIDNIC Portal
MyIDNIC Registrationhttp://myidnic.apjii.or.id/register/existing
MyIDNIC Dashboard
MyIDNIC Resource Management
Maintener Registration
Resources -> WHOIS RECORD MANGEMENT -> Maintainer
Whois Object Update
• Resources -> WHOIS RECORD MANGEMENT -> Whois Update
• inetnum, inet6num, person, role, aut-num, mntner, irt, domain, as-block
• https://www.apnic.net/manage-ip/using-whois/guide/
1. APJII members can manage resources allocated by APJII through the MyIDNIC Control Panel and Dashboard, including the management of IPv4 allocations up to / 30
2. Server acceleration can be faster because it is located around the Indonesia Internet Exchange (IIX) Network, both for MyIDNIC and Whois Servers
3. Can be implemented in conjunction with Indonesia Internet Exchange (IIX) for Routing Policy Specification Language (RPSL)
4. MyIDNIC can track the advertise position of IP Address members against the existence of IIX router location of IDNIC, not only IP Address geolocation
Why MyIDNIC?
1. Near Real Time Mirroring (NRTM) MyIDNIC uses version 3, while the MyAPNIC NRTM uses version 2. APNIC has not yet scheduled to upgrade to version 3. IDNIC has temporarily downgraded to version 2, in order to dosynchronization
2. Need support from APNIC to implement Certificate Authority (CA) and Resource Public Key Infrastructure (RPKI). Need to clarify CA Level Root of MyIDNIC, it is same with or below MyAPNIC
3. Hope that APNIC ask for supports from network infrastructure equipment principals (e.g. Cisco, Juniper, etc.), in assisting with Training Lab equipment for IDNIC Members
Development: Need Support from APNIC
Thank you