Desired IRR Operational Model~IRR/Whois Interaction~

Kuniaki Kondo (JPNIC IRR Workshop/IIJ)Ikuo Nakagawa (Intec)

Takashi Arano (Asia Global Crossing)

JPNIC IRR Workshop

What do we doing?Researching Current IRR status.Considering ideal IRR environment.Current IRR ProblemsProposing IRR Environment

How long do we do?2 years.

Current IRR workshopThis workshop was closed at begin of this year.Currently, this workshop’s board members have been encouraging our proposal.

Focus of this presentation

To ensure credibility of IRR database

Requirements for IRR

Route/AS objects should be registered by only authorized persons.

The system should not allow any un-authorized person to register others’ routes (i.e. AS/prefixes).

All announced routes should be registered ideally.Registered information should be up to date appropriately.

Current IRR problems(1)

NO authorization mechanism existsfor initial registration of route objects,

that is,

Any maintainer can register any object without authorization.

Current IRR problems(2)

About 50% of “full routes” are not registered to public IRRs.

Observation

Whois database and IRR database have very similar information.

Difference between IRR and Whois

IRRDatabase of “Routing Information”.For operational purpose.Optional.Maintainers (ISP, in most cases) register objects.

WhoisDatabase of “Administrative Information”.For management purpose.Mandatory.IRs register objects when they allocate IP address blocks

Relation between IRR and Whois

In simple case:

Address Block

IR

ISP

Allocation

Announcement Prefix

The Internet

Exception Case 1 – Split Allocated block

Address Block

IR

ISP

Allocation

Announcement

Prefix PrefixSplit 2 or more Prefixes

Prefix

PrefixThe Internet

Exception Case 2 – Punching Hole

Address Block

IR

ISP-A

Allocation

Announcement

Prefix-A

Prefix-B

Prefix-B The Internet

ISP-BPunching Hole

Assignment

Prefix-A

Exception Case 3 – Historical Assignment

Address Block

IR

ISP-A

Announcement

The Internet

ORG.

Assignment

Prefix

Prefix

Proposal : Authorized Registration

In simple case:

Address Block

IR

ISP

Allocation

Announcement Prefix

The Internet

IRRRegistration

Authorize

•AS Holder and IP Address holder are same organization.

Exception Case 1 – Split Allocated block

Address Block

IR

ISP

Allocation

Announcement

Prefix-APrefix-BSplit 2 or more Prefixes

Prefix-B

Prefix-AThe InternetIRR

Registration　 Prefix-A and Prefix-B

Authorize

•AS Holder and IP Address holder are same organization.•IR authorizes registration of Prefix-A and Prefix-B, because ‘Address Block’ includes both of these prefixes.

Exception Case 2 – Punching Hole

Address Block

IR

ISP-A

Allocation

Announcement

Prefix-A

Prefix-B

Prefix-BThe Internet

ISP-BPunching Hole

Prefix-A

IRR

Authorize

Registration Prefix-A

Registration Prefix-B

Authorize

•AS Holder and IP Address holder are same organization.•IR authorizes registration of Prefix-A, ISP-A authorizes registration of Prefix-B.

Exception Case 3 – Historical Assignment

Address Block

IR

ISP-A

Announcement

The Internet

ORG.

Assignment

Prefix

PrefixIRR

Authorize

•AS Holder and IP Address holder are possibly different organization.⇒ Case by case. We need more discussion.

Example of IRR Operational Model

RIRs maintain IRR databases, so thatIRR database keep relation with Whois database

Considerations

Whois databases must include AS number assignment information.How to treat historical assignment casesHow does an ISP authorize a route for an IP address assigned to its customerWho is the authority of a route object?

AS holder or IP address holder?

Current IRR Operation

Where?Irr.iij.ad.jp

How many does it mirror with.24 IRR Servers including APNIC IRR Server.

Has the proposed authorization model been working?

No.We have to wait to implementation.We have to check scalability of our proposal.This activity will be done with APNIC IRR Project members.

How is APNIC IRR?

It have a lot of IRR of Objects.When IRRd execute, It cannot read all IRR Objects. Because, Serial Number is overflow.

IRR Authorization do not work on the IRRd.

Questions?