Welcome!APNIC Members Training Course
Internet Resource Management Essentials
20 October 2003, Kuala Lumpur, Malaysia
In conjunction with the 1st ASEAN IPv6 Summit
Introduction
• Presenters
– John H’ng• <[email protected]>
– Champika Wijayatunga• <[email protected]>
– Arth Paulite• <[email protected]>
For any training queries <[email protected]>
Assumptions & Objectives
Assumptions– Are current or
prospective APNIC member
– Have not submitted many requests
– Are not familiar / up-to-date with policies
– Are not familiar with procedures
Objectives– Teach members
how to request resources from APNIC
– Keep membership up-to-date with latest policies
– Liaise with members Faces behind the
e-mails
Schedule
APNIC’s role in the Asia Pacific (5)
Internet Registry Policies (17)
Addressing Plan (40)
TEA BREAK (10:30 – 11:00)
Requesting an IP allocation (56)
IP Management (81)
LUNCH (12:30 – 13:30)
APNIC database (95)
Reverse DNS(141)
ASN (155)
TEA BREAK (15:30 – 16:00)
IRR (171)
IPv6(189)
Summary (216)
APNIC’s role in the Asia Pacific
Asia Pacific Network Information Centre
Overview
• What is APNIC?• Regional Internet Registry• APNIC structure
• What Does APNIC do ?• APNIC Membership services
• Why APNIC ?• APNIC resources• APNIC environment • APNIC responsibilities
Intro
What is APNIC?
• RIR for the Asia Pacific• Regional Internet Registry
– Regional authority for Internet Resource distribution
– IPv4 & IPv6 addresses, ASNs, reverse dns delegation
• Industry self-regulatory body– Non-profit, neutral and independent
• Open membership-based structure
Intro
APNIC Membership
HK 13%
IN 12%
PH 6%
SG 5%
JP 5%PK4%
TH4%
Pacific 3%
Other 5%
AU 23%
LK 1%ID 1%
BD 3%TW 3%
MY 4%
NZ 4%
CN 4%
AP 4%
Intro
Last Update – Oct 2003
APNIC is not…
• Not a network operator– Does not provide networking services
• Works closely with APRICOT forum
• Not a standards body– Does not develop technical standards
• Works within IETF in relevant areas (IPv6 etc)
• Not a domain name registry or registrar• Will refer queries to relevant parties
Intro
APNIC structure
• Industry self-regulatory structure– Participation by those who use Internet
resources– Consensus-based decision making
• Eg. Policy changes, db requirements etc
– Open and transparent
• Meetings and mailing lists– Open to anyone
Intro
APNIC regionIntro
Internet Registry structure
ICANN
ASO
APNIC ARIN RIPE NCCLACNIC
IANA
NIR LIR LIR
LIR ISP ISP
ISP ISP
ISPISP
ISP ISP
ISP ISP
LIR LIR
ISP ISP
Intro
APNIC Services & Activities
Resources Services• IPv4, IPv6, ASN,
reverse DNS• Policy development
– Approved and implemented by membership
• APNIC whois db– whois.apnic.net– Registration of
resources
Information dissemination• APNIC meetings• Web and ftp site• Mailing lists
– Open for anyone!
• Training Courses– Subsidised for members
• Co-ordination & liaison– With membership, other RIRs
& other Internet Orgs.
Intro
What is the APNIC community?
• Open forum in the Asia Pacific– Open to any interested parties
• Voluntary participation• Decisions made by consensus• Public meetings• Mailing lists
– web archived
• A voice in regional Internet operations through participation in APNIC activities
Policy dev
Definition – “Internet Community”
Global Internet Community
APNIC Internet Community
IETF
ISOC
Individuals
APNIC Members
APAN SANOG
ISP Associations
Questions ?
Internet Registry Policy Development
Overview
– Policy Development– Definitions– Background– Objectives & environment
Policy dev
Principles of policy development
• ‘Bottom up’, consensus based decision making– Community proposes and approves
policy– No policies implemented without
consensus of community
• Open and transparent– Anyone can attend– All decisions archived
Policy dev
Participation in policy development
• Why should I bother?– Responsibility as an APNIC member
• To be aware of the current policies for managing address space allocated to you
– Business reasons• Policies affect your business operating
environment and are constantly changing• Ensure your ‘needs’ are met
– Educational• Learn and share experiences• Stay abreast with ‘best practices’ in the
Internet
Policy dev
Definition – “Consensus”
• OED definition– “General agreement in opinion”
• Show of hands to judge ‘general agreement’– Often a count is taken to assist but is not
essential• Those in favour, those against and abstentions• Each attendee has one vote
• If difficult to judge, unlikely to be consensus– Final call by chair
Policy dev
Principles of policy development process
TRANSPARENT‘BOTTOM UP’
• All decisions & policies documented & freely available to anyone
• Anyone can participate
• Internet community proposes & approves policy
OPEN
Consensus based
Policy dev
Elements of the process
MemberMeeting
Working Groups
Birds of a Feather
Special InterestGroups
Open Policy Meeting&
Mailing Lists
SIGs: Formal groups which discuss broad areas of policy relevant to the APNIC internet community BOFs: Informal meetings to
exchange ideas eg. CA BOF, Network Abuse BOF, Training Need to hold at least one to form new SIG
WGs: semi formal, volunteer group tasked by a SIG to work on a particular project until completed eg. ‘Broadband’
MM: forum specific to APNIC business eg. fee structure, election of executive council & endorsement of policy decisions
Policy dev
How does it work? Self regulation in practice
New policy or amendment proposed
Endorsement by MM?
Report of consensus in SIG to MM
Consensus?
Implementation 3 months
Posted to SIG ML for discussion
Face to face discussions in public open forum (SIGs)
YES
YES
NO
NO
Policy dev
How to get your voice heard
• Contribute on the public mailing lists– http://www.apnic.net/community/lists/index.html
• Attend meetings– Or send a representative– Gather input at forums like SANOG
• Give feedback– Training or seminar events
• APNIC16, Seoul, KR, 19-22 August– Listen to multicast, stay informed– http://www.apnic.net/meetings
Policy dev
Definitions
RFC1519
Classful and Classless
• Classful (Obsolete)– Wasteful address architecture
• network boundaries are fixed at 8, 16 or 24 bits (class A, B, and C)
• Classless– Efficient architecture
• network boundaries may occur at any bit (e.g. /12, /16, /19, /24 etc)
• CIDR• Classless Inter Domain Routing architecture
– Allows aggregation of routes within ISPs infrastructure
Policies
Best CurrentPractice
RFC1518
RFC1517
Allocation and Assignment
Allocation“A block of address space held by an IR (or
downstream ISP) for subsequent allocation or assignment”
• Not yet used to address any networks
Assignment“A block of address space used to address an
operational network”• May be provided to LIR customers, or used for
an LIR’s infrastructure (‘self-assignment’)
Policies
Sub-Allocation
/22
/8
APNIC Allocation
Allocation and Assignment
/24
/20
Member Allocation
Customer Assignments/25
Policies
/26/27 /26
APNICAllocates
to APNIC Member
APNIC Member
Customer / End User
Assignsto end-user
Allocatesto downstream
Downstream Assigns
to end-user
Portable & non-portable
Portable Assignments– Customer addresses independent from ISP
• Keeps addresses when changing ISP
– Bad for size of routing tables– Bad for QoS: routes may be filtered, flap-
dampened
Non-portable Assignments– Customer uses ISP’s address space
• Must renumber if changing ISP
– Only way to effectively scale the Internet
Policies
Aggregation and “portability”
Aggregation
(Non-portable Assignments) (Portable Assignments)
No Aggregation
BGP Announcement (1) BGP Announcements (4)
ISP Allocation
Customer Assignments Customer Assignments
ISP
Policies
Objectives
APNIC Policies - objectives
• Conservation• Ensuring efficient use and conservation of resources
• Aggregation• Limiting growth of routable prefixes
• Registration• Registering the Internet resources in a public db
• Uniqueness• Global visibility
• Fairness and consistency• Equal consideration irrespective of external factors
Policies
Why do we need policies ?- Global IPv4 Delegations
Other Orgs (pre-RIR)
42%
Unallocated30%
"Special purpose"
14%
RIPE NCC4%
ARIN 6%
APNIC 4%
Policies
Growth of global routing table
last updated 29 Sep 2003
http://bgp.potaroo.net/as1221/bgp-active.html
DeploymentPeriod of CIDR
CIDR made it work for a while
But they cannot berelied on forever
Projected routing table growth without CIDR
ISPs tend tofilterlonger prefixes
Policies
Routing table prefix distribution
0 20000 40000 60000 80000 100000 120000 140000
Nov-01
Dec-01
Jan-02
Feb-02
Mar-02
Apr-02
May-02
Jun-02
Jul-02
Aug-02
Sep-02
Oct-02
Nov-02<16
16
17
18
19
20
21
22
23
24
>24
Last updated 29 Nov 2002
Policies
APNIC policy environment
“IP addresses not freehold property”– Assignments & allocations on license basis
• Addresses cannot be bought or sold• Internet resources are public resources• ‘Ownership’ is contrary to management goals
“Confidentiality & security”– APNIC to observe and protect trust relationship
• Non-disclosure agreement signed by staff
Policies
Questions ?
Internet Registry Procedures
Addressing Plan
Addressing plan
• To complete documentation– First need a technical PLAN
• Documenting the architecture of the present and eventual goal
– IP addressing is fundamental part of network design
– IP addressing ‘planning’ example to follow..
AddressingPlan
Some icons
Router (layer 3, IP datagram forwarding)
Network Access Server(layer 3, IP datagram forwarding )
Ethernet switch (layer 2, packet forwarding)
AddressingPlan
Addressing plan
• Identify components of network– Customer services– ISP internal infrastructure
• Identify phases of deployment– Starting off, 6 months, 12 months
• Identify equipment and topology changes– Need for redundancy– Need for increased scale
AddressingPlan
Network plan
• Starting off’
Leased line services 5-8 customers
Dialup services 16 modems
Interconnected resilience
UpstreamISP
15 hosts NOC
operations
10 hosts Internal DNS,Web
Mail servers
ISP Infrastructure
Customer services5 hostsVirtual web
(name based)
AddressingPlan
Network plan
WAN point to point /30
5 hosts
15 hosts
10 hosts
UpstreamISP
16 dialup modems
5-8 leased line customers
‘ip unnumbered’to customers
one loopback interface per assigned router /32
‘ip unnumbered’to upstream ISP
AddressingPlan
Addressing plan
•
network-plan: network-plan:network-plan:
analogue dialup modems, vendor ‘x’LAN -web hosting (Name-based hosting)5-8 leased line customers (/28)
network-plan:network-plan: network-plan: network-plan:
LAN -NOC and Ops managementLAN -mail,DNS, web servers internalloopback router interfacesrouter WAN ports (x 5 lines)
Initial addressing plan
16 51281510 4 2
- numbers of host addresses (interfaces)
AddressingPlan
Network plan
60 dialupmodems (2PRI)
30 leased linecustomers
11 hosts name-based
8 hosts- 2ndary Servers
25 hosts- NOC
16 hosts- Servers
60 dialupmodems (2PRI)
UpstreamISP
added new router and LAN for redundancy
added new dial up equipment
replaced originalmodem
increased number of leased line customers
increased number of hosts on all LANs
• 6 months later– scale increased– redundancy
AddressingPlan
Addressing plan
• Network plan at 6 months
6011512251662
- increases in hosts (interfaces)
New hardware
2 PRI dialup modems LAN-secondary servers
network-plan:network-plan:
0/0/
608
network-plan: network-plan:network-plan:
2 PRI dialup modems, vendor ‘y’LAN -web hosting (Name-based hosting)30 leased line customers (pool)
16/5/128/15/10/4/2/
network-plan:network-plan:network-plan: network-plan:
LAN -NOC and Ops managementLAN -mail,DNS, web servers internalloopback router interfacesrouter WAN ports (x 8 lines)
Changed description
AddressingPlan
Network plan
• 12 months total– site redundancy– greater complexity– efficiency 60 leased line
customersip unnumbered
11 hosts
8 hosts
35 host
240 dialupmodems (8PRI)
UpstreamISP A
240 dialupmodems (8PRI)
40 hosts
UpstreamISP B
added new customer router
redundancy of WAN connections
now numbered links for BGP4
two pieces of essential equipment
AddressingPlan
Addressing plan
•
network-plan: network-plan:network-plan:network-plan:
8 PRI dialup modems, vendor x8 PRI dialup modems, vendor y LAN -web hosting (Name-based hosting) 60 leased line customers (pool)
16/60/0/60/5/11/128/512/15/25/10/16/0/8/2/2/4/6
network-plan:network-plan: network-plan: network-plan:network-plan:
LAN -NOC and Ops managementLAN -mail,DNS, web servers internalLAN-secondary serversrouter WAN ports (x 8 lines)loopback router interfaces
Network plan at 12 months
24024011102040358212
-increases in hosts (interfaces)-one year total
AddressingPlan
Addressing plan
•
network-plan: network-plan:network-plan:network-plan:
8 PRI dialup modems, vendor x8 PRI dialup modems, vendor yLAN -web hosting (Name-based hosting)60 leased line customers (pool)
16/60/2400/60/2405/11/11128/512/102015/25/4010/16/35 0/8/8 2/2/2 4/6/12
network-plan:network-plan: network-plan: network-plan:network-plan:
LAN -NOC and Ops managementLAN -mail,DNS, web servers internalLAN-secondary serversrouter WAN ports (x 8 lines)loopback router interfaces
25625616102464648416
Can now determine subnet sizes
AddressingPlan
Addressing plan
– Addressing plan for network-plan– re-ordered large to small according to relative subnet size– determination of relative subnet addresses
network-plan: 0.0.0.0 1024 128/512/1020 60 leased line customers (pool)network-plan: 0.0.4.0 256 16/60/240 8 PRI dial up modems, vendor xnetwork-plan: 0.0.5.0 256 0/60/240 8 PRI dial up modems, vendor ynetwork-plan: 0.0.6.0 64 10/16/35 LAN -mail,DNS, web internalnetwork-plan: 0.0.6.64 64 15/25/40 LAN -NOC and Ops managementnetwork-plan: 0.0.6.128 16 5/11/11 LAN -web hosting (Name-based
hosting)
network-plan: 0.0.6.144 16 0/8/8 LAN -secondary serversnetwork-plan: 0.0.6.160 16 4/6/12 loopback router interfacesnetwork-plan: 0.0.6.176 4 2/2/2 router WAN ports (x8)
– cumulative total 0.0.6.208
AddressingPlan
Addressing plan
– Addressing plan for network-plan– connect to the Internet (full-time, part-time)?
network-plan: 0.0.0.0 255.255.252.0 YES 1024 128/512/1020 60 leased customers
network-plan: 0.0.4.0 255.255.255.0 PART 256 16/60/240 8 PRI dial up modems..
network-plan: 0.0.5.0 255.255.255.0 PART 256 0/60/240 8 PRI dial up modems..
network-plan: 0.0.6.0 255.255.255.192 YES 64 10/16/35 LAN -mail,DNS, web internal
network-plan: 0.0.6.64 255.255.255.192 YES 64 15/25/40 LAN -NOC & Ops mgmt
network-plan: 0.0.6.128 255.255.255.240 YES 16 5/11/11 LAN -web hosting (Name-based)
network-plan: 0.0.6.144 255.255.255.240 YES 16 0/8/8 LAN -secondary servers
network-plan: 0.0.6.160 255.255.255.240 YES 16 4/6/12 loopback router interfaces
network-plan: 0.0.6.176 255.255.255.252 YES 4 2/2/2 router WAN ports (x 8 )
AddressingPlan
– Addressing plan complete– total planned for customer assignments /22– total planned for ISP infrastructure /24 + /23
network-plan: 0.0.0.0 255.255.252.0 YES 1024 128/512/1020 60 leased line customersnetwork-plan: 0.0.4.0 255.255.255.0 PART 256 16/60/240 8 PRI dial up modems..network-plan: 0.0.5.0 255.255.255.0 PART 256 0/60/240 8 PRI dial up modems..network-plan: 0.0.6.0 255.255.255.192 YES 64 10/16/35 LAN -mail,DNS, web
internal network-plan: 0.0.6.64 255.255.255.192 YES 64 15/25/40 LAN -NOC & Ops mgmntnetwork-plan: 0.0.6.128 255.255.255.240 YES 16 5/11/11 LAN -web hosting (Name-based)
network-plan: 0.0.6.144 255.255.255.240 YES 16 0/8/8 LAN -secondary serversnetwork-plan: 0.0.6.160 255.255.255.240 YES 16 4/6/12 loopback router interfacesnetwork-plan: 0.0.6.176 255.255.255.252 YES 4 2/2/2 router WAN ports (x 8 lines )
– detailed, efficient and accurate
Addressing plan
AddressingPlan
Questions ?
Internet Registry Polices & Procedures
IP Request
IP Growth in Asia Pacific
Last Update 26 Sep 2003
0
16
32
48
64
80
96
112
128
144
160
176
Jan-96 Jan-97 Jan-98 Jan-99 Jan-00 Jan-01 Jan-02 Jan-03 Oct-03
Mil
lio
ns
OtherTWTHSGPKPHNZMYKRJPINIDHKCNAUAP
IPReq
IP address request
• Hostmaster Administrivia– <[email protected]> mailbox filtered
• Requires member account name– Subject: IP Address Request [CONNECT-AU]
• Ticketing system– Every request is assigned a ticket
• Please keep # in subject line of email eg.– [APNIC #14122] [CHINANET-CN]
• New staff at ISP– Require an ‘introduction’ to APNIC
• To ensure confidentiality
membersonly
IPReq
IP address request
More documentationand clarification by Member
no Member has
completed documentation?
Step 1
yes
Evaluation ofrequest by
APNIC - OK?
Step 2
yes
update localrecords
update APNICdatabase
NotifyMember
Step 3
Allocation by APNIC
no
Life Cycle
IPReq
IP address request - Overview
• Contact Details• Network Information• Existing Customer Network Information• Existing Infrastructure Network Information• Future Network Plan• Additional Information
IPReq
IP address request instructions
• Complete the documentation– ISP Address Request Form
• Web Form: – http://www.apnic.net/services/ipv4/
• Plain text– http://ftp.apnic.net/apnic/docs/isp-address-request
• The more detailed and precise– Fewer iterations with APNIC
• Quicker resolution time
• Read the quick tips!http://www.apnic.net/faq/isp-request-tips.html
APNIC-084
IPReq
Initial IPv4 allocation criteria
1a.Have used a /22 from upstream provider – Demonstrated efficient previous address usage
OR
1b.Show immediate need for /22• Can include customer projections & infrastructure
equipment
2. Detailed plan for use of /21 within a year
3. Renumber to new space within 1 year
– Meet all policy requirements• Applicants may be required to show purchase receipts
IPReq
Evaluation by APNIC
• All address space held should be documented– Check other RIR, NIR databases for
historical allocations
• ‘No reservations’ policy– Reservations may never be claimed– Fragments address space– Customers may need more or less address
space than is actually reserved
IPReq
APNIC allocation policies
• Aggregation of allocation– Provider responsible for aggregation– Customer assignments /sub-allocations must be
non-portable
• Allocations based on demonstrated need– Detailed documentation required
• All address space held to be declared
– Address space to be obtained from one source• routing considerations may apply
– Stockpiling not permitted
IPReq
APNIC allocation policies
• Transfer of address space– Not automatically recognised
• Return unused address space to appropriate IR
• Effects of mergers, acquisitions & take-overs– Will require contact with IR (APNIC)
• contact details may change• new agreement may be required
– May require re-examination of allocations• requirement depends on new network structure
IPReq
First allocation
• Must meet criteria• (discussed in policy section)
• Requires clear detailed and accurate request
• Implementation of ‘Best Current Practice’• Efficient assignments planned• Always a /20 ‘slow start’
• Exceptions made for very large networks but not common
IPReq
Subsequent allocations
• 80% overall utilisation• Unless large assignment pending
• Demonstrated conservative assignments
• Correct customer registrations in db• Need to fix inconsistencies before next allocation
• Allocation size to cover 1 year need• Based on previous utilisation rate
• Contiguous allocation not guaranteed• But every effort made
IPReq
Evaluation guidelines – Cable/DSL
• Bootstrap criteria– Simplified, optional criteria– Assumption of /24 per CMTS
• Subsequent allocation• CMTS devices per headend• 3 month subscriber projection • Average growth per month
– option: MRTG to support growth rate evaluation
• equipment purchase receipts
IPReq
Evaluation guidelines – Virtual web hosting
• Name based hosting – ‘Strongly recommended’
• Use ‘infrastructure’ field to describe web servers
• IP based hosting– Permitted on technical grounds
– SSL, virtual ftp..
– Use ‘infrastructure’ field to describe web servers
– Special verification for IP based– If more than /22 used for this purpose
– Requestor must send list of URLs of virtual domain and corresponding IP address
IPReq
Sub-allocations
• No max or min size– Max 1 year requirement
• Assignment Window & 2nd Opinion applies – to both sub-allocation & assignments
• Sub-allocation holders don’t need to send in 2nd opinions
Sub-allocation
/22
/24
/20Member Allocation
Customer Assignments
/25/26/27 /26Customer Assignments
IPReq
Sub-allocation guidelines
• Sub-allocate cautiously– Seek APNIC advice if in doubt– If customer requirements meet min allocation
criteria:• Customers should approach APNIC for portable allocation
• Efficient assignments– LIRs responsible for overall utilisation
• Sub-allocation holders need to make efficient assignments
• Database registration– Sub-allocations & assignments to be registered in
the db
IPReq
Address assignment policies
• Assignments based on requirements • Demonstrated through detailed documentation• Assignment should maximise utilisation
– minimise wastage
• Classless assignments• showing use of VLSM
• Size of allocation– Sufficient for up to 12 months requirement
IPReq
General assignment guidelines
• Static & Dynamic– Transient connections (dial-up)
• dynamic recommended
– Permanent connections • static assignments ok (1:1 contention ratio)
– (dynamic encouraged)
• IP unnumbered– Encouraged when possible
• Helps conserving IP addresses– statically routed, single-homed customer connections
(no BGP)
http://www.apnic.net/info/faq/ip_unnumb.html
IPReq
Small multihoming assignment policy
1a. Applicants currently multihomed OR
1b. Demonstrate a plan to multihome within 1 month
2. Agree to renumber out of previously assigned space
– Demonstrate need to use 25% of requested space immediately and 50% within 1 year
– Meet all policy requirements or have the assignment revoked
IPReq
IPv4 assignment policy for IXPs
Criteria– 3 or more peers– Demonstrate “open peering policy”– Not announce assignment to global
routing table
• APNIC has a reserved block of space from which to make IXP assignments
IXPs can apply for an assignment of /24 for Transit LAN
IPReq
Portable critical infrastructure assignments
• What is Critical Internet Infrastructure?– Domain registry infrastructure
• Root DNS operators, • gTLD operators• ccTLD operators
– Address Registry Infrastructure • RIRs & NIRs• IANA
• Why a specific policy ? • Protect stability of core Internet function
• Assignment sizes:– IPv4: /24 – IPv6: /32
IPReq
Overview of 2nd opinion Applicant information
Type of request
Network name
Future network plan
Customer’s existing networkCustomer assignments to end-sites
Sub-allocation infrastructure
Additional information
Confirm details
Contact details, password
IPv6 / IPv4, Assignment / Sub-allocation
Network name, description, countryPlanned IP usage
IPs held by customerIPs held by customer & customer’s customers
IPv4 Sub-allocations IPv4/IPv6 Assignments
Any additional info that may aid the evaluation
Check your details
IPReq
2nd opinion evaluation (policy)
• Efficiency– More than 50% used in any one subnet?– Can different subnet sizes be used?– More than 80% used for previous assignment?
• Stockpiling– Is all address space held declared on form?– Has organisation obtained address space from
more than one member/ISP?
• Registration– Is previous assignment in APNIC database and
are they correct and up to date?
IPReq
Customer assignment
• Member updates internal records– Select address range to be assigned– Archive original documents sent to APNIC– Update APNIC database
• Clarify status of address space – APNIC requirement is ‘Non portable’ – ‘Portable’ assignments are made by APNIC only
with the end-user request form• Organisation must have technical requirement
IPReq
Questions ?
IP Address Management
Revision of routing protocols
Interior Gateway Protocol (IGP)– Examples are OSPF, EIGRP, ISIS– Used to find optimum route to a host in ISP
network– Convergence becomes important with scaling
Border Gateway Protocol (BGP)– Can be interior (iBGP) and exterior (eBGP)– Used to carry traffic across your network and
to/from the Internet– Can use BGP attributes for routing policy
IP Mgmt
Principles of addressing
• Separate customer & infrastructure address pools
– Manageability• Different personnel manage infrastructure
and assignments to customers
– Scalability• Easier renumbering - customers are difficult,
infrastructure is relatively easy
IP Mgmt
Principles of addressing
• Further separate infrastructure– ‘Dynamic’ infrastructure for IGP
• Carrying network infrastructure addresses used by a routing protocol where alternate paths to host exist
• Eg. p2p addresses of backbone connections• Eg. router loopback addresses
– ‘Static’ infrastructure• Static routing of infrastructure (where no
alternative path exists) • Carry in iBGP
IP Mgmt
Principles of addressing
• Further separate infrastructure– ‘Static’ infrastructure examples
• RAS server address pools, CMTS• Virtual web and content hosting LANs• Anything where there is no dynamic route
calculation
• Customer networks• Carry in iBGP , do not put in IGP
– No need to aggregate address space carried in iBGP
– Can carry in excess of 100K prefixes
IP Mgmt
Hierarchy of routing protocols
BGP4 (iBGP)& OSPF/ISIS
Other ISPs
CustomersLocalNAP
eBGP Static/eBGP
BGP4 (eBGP)
FDDI
ISP Internal Network
IP Mgmt
Management - simple network
• First allocation from APNIC– Infrastructure is known, customers are
not– 20% free is trigger for next request
– Grow usage of blocks from edges– Assign customers sequentially
20%Customers p2p
Infrastructure
loo
ps
IP Mgmt
Management - simple network
• If second allocation is contiguous
– Reverse order of division of first block– Maximise contiguous space for
infrastructure• Easier for debugging
– Customer networks can be discontiguous
Customers Infrastructure 20%Infrastructure Customers
1st allocation 2nd allocation
IP Mgmt
Management - many POPs
• WAN link to single transit ISP
Server
POP1
POP2POP3
IP Mgmt
• POP sizes– Choose address pool for each POP according to need
– Loopback addresses• Keep together in one block• Assists in fault-resolution
– Customer addresses • Assign sequentially
Management - many POPs
Infrastructure
POP 1 POP2
loopbacks
Customer
IP Mgmt
Management - many POPs
• /20 minimum allocation not enough for all your POPs?– Deploy addresses on infrastructure first
• Common mistake:– Reserving customer addresses on a per POP
basis
• Do not constrain network plans due to lack of address space– Re-apply once address space has been used
IP Mgmt
Management - multiple exits
• WAN links to different ISPs
Server
POP1
POP2POP3
IP Mgmt
Management - multiple exits
• Create a ‘national’ infrastructure pool
– Carry in IGP• Eg. loopbacks, p2p links, infrastructure
connecting routers and hosts which are multiply connected
– On a per POP basis• Consider separate memberships if
requirement for each POP is very large from day one.
National Infrastructure
POP1 POP2 POP3 20% free
IP Mgmt
Questions ?
The APNIC Database
Usage, Protection and Updating
What is the APNIC database?
• Public network management database• Operated by IRs
• Tracks network resources• IP addresses, ASNs, Reverse Domains,
Routing policies
• Records administrative information• Contact information (persons/roles)• Authorisation
DB Intro
Object types
OBJECT PURPOSE
person contact persons
role contact groups/roles
inetnum IPv4 addresses
inet6num IPv6 addresses
aut-num Autonomous System number
domain reverse domains
route prefixes being announced
mntner (maintainer) data protection
DB Intro
http://www.apnic.net/db/
Object templates
whois -t <object type>
person: [mandatory] [single] [primary/look-up key]address: [mandatory] [multiple] [ ]country: [optional] [single] [ ]phone: [mandatory] [multiple] [ ]fax-no: [optional] [multiple] [ ]e-mail: [mandatory] [multiple] [look-up key]nic-hdl: [mandatory] [single] [primary/look-up key]remarks: [optional] [multiple] [ ]notify: [optional] [multiple] [inverse key]mnt-by: [mandatory] [multiple] [inverse key]changed: [mandatory] [multiple] [ ]source: [mandatory] [single] [ ]
% whois -h whois.apnic.net -t person
To obtain template structure*, use :
DB Intro
*Recognised by the RIPE whois client/server
Person object example
– Person objects contain contact information
person:
address:
address:address:
country:phone:
fax-no:
e-mail:
nic-hdl:mnt-by:
changed:source:
Attributes Values
Ajith SinghExampleNet Service Provider2 Main St, Mount courtWallis and Futuna IslandsWF+680-368-0844+680-367-1797kxander@[email protected] 20020731APNIC
DB Intro
What is a nic-hdl?
• Unique identifier for a person
• Represents a person object– Referenced in objects for contact details
• (inetnum, aut-num, domain…)
– format: <XXXX-AP> • Eg: AS17-AP
DB Intro
person: Ajith Singhaddress: ExampleNet Service Provideraddress: 2 Main St, Mount courtaddress: Wallis and Futuna Islandscountry: WFphone: +680-368-0844fax-no: +680-367-1797e-mail: [email protected]
nic-hdl: AS17-APmnt-by: MAINT-WF-EXchanged: [email protected] 20020731source: APNIC
Inetnum object example
– Contain IP address allocations / assignments
inetnum:netname:descr:descr:country:admin-c:tech-c:status:mnt-by:mnt-lower:changed:source:
202.51.64.0 - 202.51.95.255 CCNEP-NP-APCommunication & Communicate Nepal Ltd
VSAT Service Provider, Kathmandu NPAS75-APAS75-AP
ALLOCATED PORTABLEAPNIC-HMMAINT-NP-ARUN [email protected] 20010205APNIC
Attributes Values
DB Intro
Inter-related objects
inetnum:202.64.10.0 – 202.64.10.255
…admin-c: KX17-APtech-c: ZU3-AP…mnt-by: MAINT-WF-EX
…
IPv4 addresses
person:…
nic-hdl: ZU3-AP
…
Contact info
person:…
nic-hdl: KX17-AP
…
Contact info
mntner:MAINT-WF-EX
……
Data protection
DB Intro
Database query - clients
• Standard whois client• Included with many Unix distributions
– RIPE extended whois client• http://ftp.apnic.net/apnic/dbase/tools/ripe-dbase-
client.tar.gz
• Query via the APNIC website• http://www.apnic.net/apnic-bin/whois2.pl
• Query clients - MS-Windows etc– Many available
DB Intro
Database query (unix)- inetnum
• Note• Incomplete addresses padded with “.0”• Address without prefix interpreted as “/32”
% whois 203.127.128.0 - 203.127.159.255
% whois SINGNET-SG% whois 203.127.128.0/19
inetnum: 203.127.128.0 - 203.127.159.255netname: SINGNET-SG descr: Singapore Telecommunications Ltd descr: 31, Exeter Road, #02-00, Podium Blockdescr: Comcentre, 0923 country: SGadmin-c: CWL3-APtech-c: CWL3-APmnt-by: APNIC-HM changed: [email protected] 19990803 source: APNIC
DB Intro
Database query (web) - role
Query the APNIC Whois Database
http://www.apnic.net/apnic-bin/whois2.pl
2.Search options(flags)
1.Type in search key
3. ‘Search Whois’
DB Intro
Database query (web) - role
DB Intro
Need help?
General search help Help tracking spam and hacking
% [whois.apnic.net node-1]% How to use this server http://www.apnic.net/db/% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html
role: OPTUS IP ADMINISTRATORS address: Optus Communications address: 101 Miller Street address: North Sydney NSW 2060 country: AU phone: +61-2-93427681 phone: +61-2-93420848 phone: +61-2-93420983 phone: +61-2-93420813 phone: +61-2-93420717 fax-no: +61-2-9342-0998 fax-no: +61-2-9342-6122 e-mail: [email protected] trouble: send spam/abuse reports to [email protected] trouble: please use http://www.apnic.net/db/spam.html trouble: to identify networks before sending reports and trouble: always include full headers/logs. admin-c: NC8-AP tech-c: NC8-APtech-c: CN39-APtech-c: GE7-APtech-c: PS176-APnic-hdl: OA3-AP notify: [email protected] mnt-by: MAINT-OPTUSCOM-APchanged: [email protected] 20021120 source: APNIC
Query the APNIC Whois Database
Result of search on nic-hdl “OA3-AP”
(‘Optus IP administrators’role object)
Advanced database queries
– Flags used for inetnum queries
None find exact match
- l find one level less specific matches
- L find all less specific matches
- m find first level more specific matches
- M find all More specific matches
- x find exact match (if no match, nothing)
- d enables use of flags for reverse domains
- r turn off recursive lookups
inetnum: 202.64.0.0 – 202.64.15.255
202.64.0.0/20
inetnum:
202.0.0.0 – 202.255.255.255
202.0.0.0/8
Database query - inetnum
202.64.12.128/25
inetnum:
whois -L 202.64.0.0 /20
whois 202.64.0.0 /20
whois –m 202.64.0.0 /20 inetnum:
202.64.15.192/26
inetnum:
202.64.10.0/24More specific (= smaller blocks)
Less specific (= bigger block)
inetnum: 202.64.0.0/20
inetnum:
202.0.0.0 – 202.255.255.255
202.0.0.0/8
Database query - inetnum
whois -L 202.64.0.0 /20(all less specific)
whois 202.64.0.0 /20
whois –m 202.64.0.0 /20(1 level more specific)
inetnum:202.64.10.0/24
inetnum:
202.64.10.192/26
inetnum:whois -l 202.64.0.0 /20(1 level less specific)
whois –M 202.64.0.0 /20(all more specific)
202.64.0.0/16
‘-M’ will find all assignments in a range in the database
inetnum: 202.64.10.0 - 202.64.10.255netname: SILNET-APdescr: Satyam Infoway Pvt.Ltd.,.....inetnum: 202.64.12.128 - 202.64.12.255netname: SOFTCOMNETdescr: SOFTCOM LAN (Internet)IP......inetnum: 202.64.15.192 – 202.64.15.255descr: SILNETdescr: Satyam Infoway's Chennai LAN.....
% whois -M 202.64.0.0/20
Database query - inetnum
Recursive lookups
• whois 202.12.29.0
– whois -r 202.12.29.0
– whois -T inetnum 202.12.29.0
– whois -r -T inetnum 202.12.29.0
personinetnum route
inetnum route person
personinetnum
inetnum
recursion enabled by default
recursion turned off
‘type’ of object specified
‘type’ of object specified & recursion turned off
, &
&
&
DB query
Recursion is enabled by default
% whois 203.113.0.0/19 inetnum: 203.113.0.0 - 203.113.31.255netname: TOTNET-APdescr: Telephone Organization of THAILAND(TOT)descr: Telephone and IP Network Service Providerdescr: State Enterprise Thailand Governmentcountry: THadmin-c: NM18-APtech-c: RC80-AP…….person: Nopparat Maythaveekulchaiaddress: YTEL-1234 Office address: Telephone Organization of THAILAND(TOT)
person: Rungsun Channarukuladdress: YTEL-1234 OfficePaddress: Telephone Organization of THAILAND(TOT)
…….
Database query - recursion
Turn off recursion ‘-r’ no nic-handle lookup
% whois -r 203.113.0.0/19
inetnum: 203.113.0.0 - 203.113.31.255netname: TOTNET-APdescr: Telephone Organization of THAILAND(TOT)descr: Telephone and IP Network Service Providerdescr: State Enterprise Thailand Governmentcountry: THadmin-c: NM18-APtech-c: RC80-APmnt-by: APNIC-HMmnt-lower: MAINT-TH-SS163-APchanged: [email protected] 19990922source: APNIC
Database query – no recursion
Inverse queries
• Inverse queries are performed on inverse keys
• See object template (whois –t)
• Returns all objects that reference the object with the key specified as a query argument
• Practical when searching for objects in which a particular value is referenced, such as your nic-hdl
• Syntax: whois -i <attribute> <value>
Inverse queries - examples
• What objects are referencing my nic-hdl?– whois -ipn KX17-AP
• In what objects am I registered as tech-c?– whois –i tech-c KX17-AP
• Return all domain objects where I am registered as admin-c, tech-c or zone-c– whois -i admin-c,tech-c,zone-c -T domain KX17-AP
• What objects are protected by my maintainer?– whois -i mnt-by MAINT-WF-EX
no space!
DB query
Database query - inverse
inetnum: 202.101.128.0 - 202.101.159.255netname: CHINANET-FJdescr: chinanet fujian province networkcountry: CNadmin-c: DK26-AP……domain: 128.103.202.in-addr.arpadescr: in-addr.arpa zone for 128.103.202.in-addr.arpaadmin-c: DK26-AP…….aut-num: AS4811as-name: CHINANET-CORE-WAN-EASTdescr: CHINANET core WAN EASTdescr: connect to AT&T,OPTUScountry: CNadmin-c: DK26-AP……person: Dongmei Kouaddress: A12,Xin-Jie-Kou-Wai Street,address: Beijing,100088country: CNphone: +86-10-62370437nic-hdl: DK26-AP
% whois -i person DK26-AP
Inverse lookup with ‘-i ‘
DB query
Database query - options
– Summary of other flags:- i inverse lookup on given attribute
- t give template for given type
- v verbose information for given type
- h specify database server site
– For more information try...• whois -h whois.apnic.net HELP
Creating a person object
Whois Database Guide:http://www.apnic.net/services/whois_guide.html
1. Fill out person object form on web• Name, e-mail, phone, address etc• Tick ‘MNT-NEW’ for temporary protection
2. Completed template is sent to you
3. Forward template to
4. Person object created and nic-hdl is generated
DB Intro
LIR registration responsibilities
1. Create person objects for contacts• To provide contact info in other objects
2. Create mntner object• To provide protection of objects
– (To be discussed later)
3. Create inetnum objects for all customer address assignments
• (Allocation object created by APNIC)
DB Intro
inetnum:
Allocation (Created by APNIC)
3
Using the db – step by step
Customer Assignments(Created by LIR)
person:nic-hdl:
KX17-AP
Contact info
1
Data Protection
mntner:2
inetnum:...KX17-AP
...mnt-by:...
4inetnum:...KX17-AP
...mnt-by:...
5inetnum:...KX17-AP
...mnt-by:...
6
DB Intro
Database auto-responses
• Successful update SUCCEEDED• Objects accepted
• Warnings• Objects accepted but ambiguous• Objects corrected and accepted
• Errors FAILED• Objects NOT accepted
Don’t understand the error message?1. Help documentation
• http://www.apnic.net/docs/database-update-info.html
2. Contact • Include the error message
?
Parse
Database mailboxes
• Automatic request processing
– Automatic “robot” for all db updates
– Email template for create/update/delete
• Database service support
– E-mails answered by APNIC staff
– 1 day response time
DB 2
Helpdesk
Database protection- maintainer object
mntner: MAINT-WF-EXdescr: Maintainer for ExampleNet Service Providercountry: WFadmin-c: ZU3-APtech-c: KX17-APupd-to: [email protected]: [email protected]: CRYPT-PW apHJ9zF3omnt-by: MAINT-WF-EXreferral-by: MAINT-APNIC-APchanged: [email protected] 20020731source: APNIC
DB 2
• protects other objects in the APNIC database
Creating a maintainer object
1. Fill out webform– Provide:
• Admin-c & tech-c• password• email address etc
2. Completed form will be sent to you
3. Forward request to [email protected]
4. Maintainer will be created manually• Manual verification by APNIC Hostmasters
5. Update your person object with mntner
http://www.apnic.net/services/whois_guide.html
Database protection
• Authorisation– “mnt-by” references a mntner object
• Can be found in all database objects• “mnt-by” should be used with every object!
• Authentication– Updates to an object must pass
authentication rule specified by its maintainer object
DB 2
Authorisation mechanism
mntner: MAINT-WF-EXdescr: Maintainer for ExampleNet Service Providercountry: WFadmin-c: ZU3-APtech-c: KX17-APupd-to: [email protected]: [email protected]: CRYPT-PW apHJ9zF3omnt-by: MAINT-WF-EXchanged: [email protected] 20020731source: APNIC
inetnum: 202.137.181.0 – 202.137.185.255netname: EXAMPLENET-WFdescr: ExampleNet Service Provider……….mnt-by: MAINT-WF-EX
DB 2
Maintainer specific attributes
• mnt-nfy:• Sends notification of any changes to
maintained objects to email address specified
• mnt-by:• Maintainers must also be protected!
(Normally by themselves)
• auth:• Authentication method for this maintainer
DB 2
Authentication methods
• ‘auth’ attribute – <none>
• Strongly discouraged!
– Crypt-PW• Crypt (Unix) password encryption• Use web page to create your maintainer
– PGP – GNUPG• Strong authentication• Requires PGP keys
– MD5• Soon available
DB 2
Mnt-by & mnt-lower
• ‘mnt-by’ attribute• Can be used to protect any object• Changes to protected object must satisfy authentication rules of
‘mntner’ object.
• ‘mnt-lower’ attribute • Also references mntner object• Hierarchical authorisation for inetnum & domain objects• The creation of child objects must satisfy this mntner• Protects against unauthorised updates to an allocated range -
highly recommended!
DB 2
Inetnum: 203.146.96.0 - 203.146.127.255 netname: LOXINFO-TH descr: Loxley Information Company Ltd. Descr: 304 Suapah Rd, Promprab,Bangkok country: TH admin-c: KS32-APtech-c: CT2-APmnt-by: APNIC-HM mnt-lower: LOXINFO-ISchanged: [email protected] 19990714 source: APNIC
Authentication/Authorisation
– APNIC allocation to member• Created and maintained by APNIC
1. Only APNIC can change this object2. Only Loxinfo can create assignments within this allocation
12
DB 2
Inetnum: 203.146.113.64 - 203.146.113.127 netname: SCC-TH descr: Sukhothai Commercial College Country: TH admin-c: SI10-APtech-c: VP5-APmnt-by: LOXINFO-ISchanged: [email protected] 19990930
source: APNIC
Authentication/Authorisation
– Member assignment to customer• Created and maintained by APNIC member
Only LOXINFO-IS can change this object
DB 2
Role object
• Represents a group of contact persons for an organisation– Eases administration– Can be referenced in other objects instead of
the person objects for individuals
• Also has a nic-hdl• Eg. HM20-AP
http://www.apnic.net/db/role.html
Role object - example
– Contains contact info for several contacts
role: address:country:phone:phone:fax-no:fax-no:e-mail:admin-c:tech-c:tech-c:nic-hdl:mnt-by:source:
OPTUS IP ADMINISTRATORS 101 Miller Street North SydneyAU+61-2-93427681+61-2-93420813+61-2-9342-0998+61-2-9342-6122noc@optus.net.auNC8-APNC8-APSC120-APOA3-APMAINT-OPTUSCOM-AP APNIC
ValuesAttributes
Creating a role object
• Email– Whois –t role
• Gives role object template
– Complete all fields• With the nic-hdls of all contacts in your
organisation
– Send to
Replacing contacts in the db- using person objects
inetnum:202.0.10.0…
KX17-AP
person:…
KX17-AP
inetnum:202.0.15.192…
KX17-AP
inetnum:202.0.12.127…
KX17-AP
person:…
ZU3-AP
K. Xander is leaving my organisation. Z. Ulrich is replacing him.
ZU3-AP
ZU3-AP
ZU3-AP1. Create a person object for new contact (Z. Ulrich).
2. Find all objects containing old contact (K. Xander).
3. Update all objects, replacing old contact (KX17-AP) with new contact (ZU3-AP).
4. Delete old contact’s (KX17-AP) person object.
Replacing contacts in the db– using a role object
inetnum:202.0.10.0…EIPA91-AP
person:…KX17-AP
inetnum:202.0.15.192…EIPA91-AP
inetnum:202.0.12.127…EIPA91-AP
K. Xander is leaving my organisation. Z. Ulrich is replacing him.
I am using a role object containing all contact persons, which is referenced in all my objects.
1. Create a person object for new contact (Z. Ulrich).
2. Replace old contact (KX17-AP) with new contact (ZU3-AP) in role object
3. Delete old contact’s person object.
role:
…
EIPA-91-AP
KX17-APAB1-APCD2-AP
ZU3-AP
person:…ZU3-AP
No need to update any other objects!
Database update process
– Email requests to <[email protected]>– Each request contains an object template
Update Request
Template
Parse
Warnings/Errors returned
Error
Auth. DataBase
Whois Server
DB 2
Deleting an object
– Copy object as-is in database into email– Add your maintainer password– Leave the changed attribute
inetnum: 202.182.224.0 - 202.182.225.255netname: SONY-HK...mnt-by: MAINT-CNS-APchanged: [email protected] 19990617source: APNICpassword: x34zkydelete: no longer required [email protected]
Note: Referenced objects cannot be deleted (02/99)
DB 2
Forgotten the password ?
We do not recommend using personal names for maintainer objects
Requires legal documentation
DB 2
Unfortunately we cannot change the password for the maintainer until we have received a fax with your company’s letterhead confirming the request to modify the password.
In the fax, please include the following:
0. Attention: APNIC Database Administration Department
1. The APNIC Account name of your company and your personal nic handle. If you do not have an APNIC account, then please state ‘NON-MEM’.
2. The current maintainer object which is to be modified, as obtained from ‘whois –h whois.apnic.net MAINTAINER-OBJECT’
3. The new password/authorisation for the maintainer.
4. The signature of a contact for the maintainer.
Confirmation by fax
required on company
letter head
Questions ?
Reverse DNS Delegation
Registry Procedures
Rev. DNS
Overview
• Reverse DNS Delegation
• APNIC & Member responsibilities
• Reverse network delegations (/16)
• Reverse network delegations (/24)
• Subnet delegations
• Delegation procedures
Rev. DNS
What is ‘Reverse DNS’?
• ‘Forward DNS’ maps names to numbers– svc00.apnic.net -> 202.12.28.131
• ‘Reverse DNS’ maps numbers to names– 202.12.28.131 -> svc00.apnic.net
Rev. DNS
In-addr.arpa
• Hierarchy of IP addresses– Uses ‘in-addr.arpa’ domain
• INverse ADDRess
• IP addresses:– Less specific to More specific
• 210.56.14.1
• Domain names: – More specific to Less specific
• delhi.vsnl.net.in
– Reversed in in-addr.arpa hierarchy• 14.56.210.in-addr.arpa
Rev. DNS
whois
Root DNSRoot DNS
Reverse DNS delegation
net edu com au
whois
apnic
202 203 210 211..202
2222
in-addr
arpa
6464
22.64 .in-addr.202 .arpa
Rev. DNS
- Mapping numbers to names - ‘reverse DNS’
Reverse DNS - why bother?
• Service denial• That only allow access when fully reverse
delegated eg. anonymous ftp
• Diagnostics• Assisting in trace routes etc
• Registration• Responsibility as a member and Local IR
Rev. DNS
APNIC & Member responsibilities
• APNIC– Manage reverse delegations of address block
distributed by APNIC – Process members requests for reverse
delegations of network allocations
• Members– Be familiar with APNIC procedures– Ensure that addresses are reverse-mapped– Maintain nameservers for allocations
• Minimise pollution of DNS
Reverse delegation requirements
• /24 Delegations• Address blocks should be assigned/allocated• At least two name servers
• /16 Delegations• Same as /24 delegations• APNIC delegates entire zone to member• Recommend APNIC secondary zone
• < /24 Delegations• Read “classless in-addr.arpa delegation”
RFC2317
Delegation procedures
• Upon allocation, member is asked if they want /24 place holder domain objects with member maintainer– Gives member direct control
• Standard APNIC database object, – can be updated through online form or via email.
• Nameserver/domain set up verified before being submitted to the database.
• Protection by maintainer object– (current auths: NONE, CRYPT-PW, PGP).
• Zone file updated 2-hourly
Rev. DNS
Delegation procedures – request form
• Complete the documentation• http://www.apnic.net/db/domain.html
• On-line form interface– Real time feedback– Gives errors, warnings in zone configuration
• serial number of zone consistent across nameservers• nameservers listed in zone consistent
– Uses database ‘domain’ object• examples of form to follow..
Rev. DNS
Evaluation
• Parser checks for– ‘whois’ database
• IP address range is assigned or allocated• Must be in APNIC database
– Maintainer object• Mandatory field of domain object
– Nic-handles• zone-c, tech-c, admin-c
– Name servers
Rev. DNS
Use of maintainer object
• Domain objects protected by maintainers• hierarchical protection using “mnt-lower”
• Bootstrap period– ‘MAINT-AP-DNS-DEFAULT’ for all objects
imported by APNIC from existing zone files• Changing delegations requires valid maintainer• Maintainer creation & authorisation is manual
– Turnaround time 2 days
– /24 place holder objects created upon allocation gives members direct control
• No need to contact APNIC when changing nservers
Rev. DNS
Delegation process summary
on-line feedback givenno
Step 1
yes
Step 2
Step 3update APNIC
database
notify upd-tocontact for
maintainer object
zone files reloadedEvery 2 hrs, 24hrs a day on everyday
Delegation by APNIC
request forwarded to APNIC for manual
processingno
yes
request parsed OK?
authorisation OK?
Rev. DNS
Reverse DNS Troubleshooting Guide:http://www.apnic.net/services/help/rd/troubleshooting.html
Questions?
• Are all your zones, and your customer zones registered?
Autonomous System Numbers
Procedures
Overview
• What is an AS?
• Guidelines and procedures
• Application form (documentation)
• Policy expression
ASN
What is an Autonomous System?
– Collection of networks with same routing policy
– Usually under single ownership, trust and administrative control
AS 100
ASN
When do I need an ASN?
• When do I need an AS?– Multi-homed network to different
providers and– Routing policy different to external peers
• Recommended reading!– RFC1930: Guidelines for creation,
selection and registration of an Autonomous System
ASN
RFC1930
When don’t I need an ASN?
• Factors that don’t count– Transition and ‘future proofing’ – Multi-homing to the same upstream
• RFC2270: A dedicated AS for sites
homed to a single provider
– Service differentiation• RFC1997: BGP Communities attribute
RFC2270
RFC1997
ASN
Requesting an ASN
• Complete the request form– web form available:
• http://www.apnic.net/db/aut-num.html
• Request form is parsed - real time– Must include routing policy
• multiple import and export lines
– Is checked for syntactical accuracy• based on RPSL (rfc2622)
– Peers verified by querying routing table– [NO-PARSE] will not send request to parser
ASN
RFC2622
Requesting an ASN - Customers
1. Requested directly from APNIC• AS number is “portable”
2. Requested via member• ASN is “non-portable”• ASN returned if customer changes provider
• Transfers of ASNs– Need legal documentation (mergers etc)– Should be returned if no longer required
ASN
New policyas of Nov-02
Representation of routing policy
• Routing and packet flows
AS 1 AS 2routing flow
packet flow
packet flow
accepts
announces
announces
accepts
ASN
For AS1 and AS2 networks to communicate• AS1 must announce to AS2• AS2 must accept from AS1• AS2 must announce to AS1• AS1 must accept from AS2
Representation of routing policy
AS 1 AS 2
aut-num: AS1…import: from AS2
action pref=100;accept AS2
export: to AS2 announce AS1
aut-num: AS2…import: from AS1
action pref=100;accept AS1
export: to AS1 announce AS2
Basic concept
“action pref” - the lower the value, the preferred the route
ASN
Representation of routing policy
AS 123 AS4 AS5
AS5
AS10More complex example
• AS4 gives transit to AS5, AS10• AS4 gives local routes to AS123
ASN
Representation of routing policy
AS 123AS 123 AS4AS4 AS5AS5AS5
AS10AS10
import: from AS123 action pref=100; accept AS123
aut-num: AS4
import: from AS5 action pref=100; accept AS5
import: from AS10 action pref=100; accept AS10
export: to AS123 announce AS4
export: to AS5 announce AS4 AS10
export: to AS10 announce AS4 AS5 Not a path
ASN
Representation of routing policy
AS123AS123 AS4AS4
More complex example
• AS4 and AS6 private link1• AS4 and AS123 main transit link2 • backup all traffic over link1 and link3 in event of link2 failure
AS6AS6privatelink1
link3
transit traffic over link2
ASN
Representation of routing policy
AS123AS123 AS4AS4
AS6AS6private link1
link3
AS representation
transit traffic over link2
import: from AS123 action pref=100; accept ANY
aut-num: AS4
import: from AS6 action pref=50; accept AS6
import: from AS6 action pref=200; accept ANY
export: to AS6 announce AS4
export: to AS123 announce AS4
full routing received
ASN
higher cost for backup route
aut-num: AS4777as-name: APNIC-NSPIXP2-ASdescr: Asia Pacific Network Information Centredescr: AS for NSPIXP2, remote facilities siteimport: from AS2500 action pref=100; accept ANYimport: rom AS2524 action pref=100; accept ANYimport: from AS2514 action pref=100; accept ANYexport: to AS2500 announce AS4777export: to AS2524 announce AS4777export: to AS2514 announce AS4777default: to AS2500 action pref=100; networks ANYadmin-c: PW35-APtech-c: NO4-APremarks: Filtering prefixes longer than /24mnt-by: MAINT-APNIC-APchanged: [email protected] 19981028source: APNIC
Aut-num object example
POLICYRPSL
ASN
Routing Policy Specification Language
• RPSL– Derived from RIPE-181– Introduced with v3 Database
• 20 August 2002
– “New” object specification language• more expressive syntax• advanced aut-num and routing policy options
– Especially useful in an Internet Routing Registry
ASN
RFC2622
Questions ?
APNIC Internet Routing Registry
What is an IRR?
• Global Internet Routing Registry database– http://www.irr.net/
• Uses RPSL
– Established in 1995
• Stability and consistency of routing– network operators share information
• Both public and private databases– These databases are independent
• but some exchange data• only register your data in one database
Internet Routing Registries
RIPE
RADB CW
APNIC Connect
ARIN, ArcStar, FGC, Verio, Bconnex,
Optus, Telstra, ...
IRR = APNIC RR + RIPE DB + RADB + C&W + ARIN + …
Why use an IRR?
• Route filtering• Peering networks• A provider and its customer
• Network troubleshooting• Easier to locate routing problems outside your network
• Router configuration• By using IRRToolSet
– ftp.ripe.net/tools/IRRToolSet
• Global view of routing• A global view of routing policy improves the integrity of
Internet’s routing as a whole.
APNIC Database & the IRR
• APNIC whois Database– Two databases in one
• Public Network Management Database– “whois” info about networks & contact persons
• IP addresses, AS numbers etc
• Routing Registry – contains routing information
• routing policy, routes, filters, peers etc.
– APNIC RR is part of the global IRR
Integration of Whois and IRR
• Integrated APNIC Whois Database & Internet Routing Registry
APNIC Whois
IRR
IP, ASNs,reverse domains,
contacts,maintainers
etc routes, routingpolicy, filters,
peers etcinetnum, aut-num, domain, person, role, maintainer
route, aut-num, as-set, int-rtr, peering-set etc.Internet resources &
routing information
RPSL
• Routing Policy Specification Language– Object oriented language
• Based on RIPE-181– Structured whois objects
• Higher level of abstraction than access lists
• Describes things interesting to routing policy:– Routes, AS Numbers …– Relationships between BGP peers– Management responsibility
• Relevant RFCs– Routing Policy Specification Language– Routing Policy System Security – Using RPSL in Practice
RFC2622
RFC2725
RFC2650
IRR objects
• route – Specifies interAS routes
• aut-num – Represents an AS. Used
to describe external routing policy
• inet-rtr – Represents a router
• peering-set – Defines a set of peerings
• route-set – Defines a set of routes
• as-set – Defines a set of aut-num
objects
• rtr-set – Defines a set of routers
• filter-set – Defines a set of routes that
are matched by its filter
www.apnic.net/db/ref/db-objects.html
Inter-related IRR objects
inetnum: 202.0.16 - 202.0.31.255 … tech-c: KX17-AP mnt-by: MAINT-EX
aut-num: AS1 …tech-c: KX17-APmnt-by: MAINT-EX
…
route: origin:…mnt-by: MAINT-EX
person: …nic-hdl: KX17-AP…
mntner: MAINT-EX…
202.0.16/20AS1 202.0.16 - 202.0.31.255
AS1
Inter-related IRR objects
aut-num: AS2…
inetnum:202.0.16.0-202.0.31.255…
aut-num: AS10…
route: 202.0.16/20… origin: AS2…
as-set: AS1:AS-customersmembers: AS10, AS11
route-set: AS2:RS-routesmembers: 218.2/20, 202.0.16/20
route: 218.2/20 …origin: AS2 …
aut-num: AS2…
inetnum:218.2.0.0 - 218.2.15.255…
aut-num: AS11…
, AS2
‘Set-’ objects and their members
aut-num: AS10…
as-set: AS1:AS-CUSTSmembers: AS10, AS11
aut-num: AS11…
as-set: AS1:AS-PEERSmbrs-by-ref: MAINT-EX
aut-num: AS20member-of: AS1:AS-PEERSmnt-by: MAINT-EX
aut-num: AS21member-of: AS1:AS-PEERSmnt-by: MAINT-EX
members- members specified in the ‘set-’ object
mbrs-by-ref- ‘set’ specified in the member objects
• Two ways of referencing members
1. ‘mbrs-by-ref’ specifies the maintainer of the members.
2. Members reference the ‘set-’ object in the ‘member-of’ attribute
3. Members are maintained by the maintainer specified in the ‘set-’
1. ‘members’ specifies members of the set
2. Members added in the ‘set-’ object3. No need to modify the member
object when adding members
12
1
2
33
Hierarchical authorisation
• mnt-routes– authenticates creation of route objects
• creation of route objects must pass authentication of mntner referenced in the mnt-routes attribute
– Format:•mnt-routes: <mntner>
In: , and objects
routeaut-numinetnum
Authorisation mechanism
inetnum: 202.137.181.0 – 202.137.185.255netname: SPARKYNET-WFdescr: SparkyNet Service Provider…mnt-by: MAINT-APNIC-APmnt-lower: MAINT-SPARKYNETmnt-routes: MAINT-SPARKYNET-WF
This object can only be modified by APNIC
Creation of more specific objects (assignments) within this range has to pass the authentication of MAINT-SPARKYNET
Creation of route objects matching/within this range has to pass the authentication of MAINT-SPARKYNET-WF
Creating route objects
• Multiple authentication checks:– Originating ASN
• mntner in the mnt-routes is checked• If no mnt-routes, mnt-lower is checked• If no mnt-lower, mnt-by is checked
– AND the address space• Exact match & less specific route
– mnt-routes etc
• Exact match & less specific inetnum– mnt-routes etc
– AND the route object mntner itself• The mntner in the mnt-by attribute
aut-num
inetnum
route
(encompassing)
route
Creating route objects1
route: 202.137.240/20origin: AS1
route
mntner: MAINT-WF-EXNETauth: CRYPT-PW klsdfji9234
maintainer
inetnum: 202.137.240.0 – 202.137.255.255mnt-routes: MAINT-WF-EXNET
IP address range
aut-num: AS1mnt-routes: MAINT-WF-EXNET
AS number
1. Create route object and submit to APNIC RR database
4. Db checks aut-num obj corresponding to the ASN in route obj
2. Db checks inetnum obj matching/encompassing IP range in route obj
3. Route obj creation must pass auth of mntner specified in inetnum mnt-routes attribute.
5. Route obj creation must pass auth of mntner specified in aut-num mnt-routes attribute.
4
53
2
APNIC RR service scope
• Support– APNIC Helpdesk support
• Training• IRR workshop under development
• Mirroring– APNIC mirrors IRRs within Asia Pacific
and major IRRs outside of the region.
Summary
• APNIC RR integrated in APNIC Whois DB• whois.apnic.net• <[email protected]>
• IRR benefits– Facilitates network troubleshooting– Generation of router configuration– Provides global view of routing
• APNIC RR benefits– Single maintainer (& person obj) for all objects– APNIC asserts resources for a registered route– Part of the APNIC member service!
Questions ?
IPv6
Overview, Policies & Procedures
Overview
• Rationale
• Addressing
• Features of IPv6
• IPv6 Policies & Procedures
• Statistics
Rationale
• Address depletion concerns– Squeeze on available addresses space
• End to end connectivity no longer visible
• Widespread use of NAT
• Scalability– Increase of backbone routing table size
• Hierarchical routing (CIDR)
IPv6
IPv6 addressing
• 128 bits of address space• Hexadecimal values of eight 16 bit fields
• X:X:X:X:X:X:X:X (X=16 bit number, eg: A2FE)• 16 bit number is converted to a 4 digit hexadecimal
number
• Example:• FE38:DCE3:124C:C1A2:BA03:6735:EF1C:683D• 4EED:23:0:0:0:36E:125:2B• 32CB:10A2:0000:0000:0000:0000:3EFC:3C2A can be
represented as 32CB:10A2::3EFC:3C2A
IPv6
IPv6 address management hierarchy
IANA
RIR RIR
LIR/ISP
Customer Site Customer Site
IPv6
Downstream ISPLIR/ISP
IPv6 addressing structure
0 127
LIR/32
32
128 bits
Customer Site /48
16
Subnet /64
16 64
Device /128
IPv6 deployment current experiments
IPv6-washing machine IPv6-refrigerator IPv6-microwave
Mobile viewer Access point
PC
IPv6 network
Home hub
Home hub
Home router
Light
Air conditioner
Ethernet
Wireless
IPv6 address policy goals
• Efficient address usage• Avoid wasteful practices
• Aggregation• Hierarchical distribution• Aggregation of routing information• Limiting no of routing entries advertised into
the Internet
• Minimise overhead• Associated with obtaining address space
• Registration, Uniqueness, Fairness & consistency
IPv6
IPv6 initial allocation criteria
• Be an LIR– Not be an end site
• Plan for at least 200 /48 assignments to other organisations within 2 years
• Plan to provide IPv6 connectivity to organisations and to end sites
– Initial allocation size: /32
IPv6
IPv6 sub-allocation policy
• LIR to ISP allocation – Policy determined by LIR
• DB registration – All /48 and shorter prefix allocations and
assignments must be registered
IPv6 assignments
• Default assignment /48 for all end sites• POP also defined as end site
– Providing 16 bits of space for subnets
• Other assignment sizes– /64 only one subnet – /128 only one device connecting
• Larger assignments - Multiple /48s – Should be reviewed by RIR/NIR
• Follow second opinion procedure
48 bits
128 bits64 bits64 bits48 bits
IPv6 utilisation
• Utilisation determined from end site assignments– LIR responsible for registration of all /48
assignments– Intermediate allocation hierarchy not
considered
• Utilisation of IPv6 address space is measured differently from IPv4
IPv6 utilisation requirement
• IPv6 utilisation measured according to HD-Ratio (RFC 3194):
• IPv6 utilisation requirement is HD=0.80– Measured according to assignments only
• E.g. ISP has assigned 10000 (/48s) addresses of /32
Utilisation HD = log (Assigned address space)
log (Available address space)
log (Assigned address space)
log (Available address space)=
log (10,000)
log (65,536)= 0.83
IPv6 utilisation requirement (Cont.)
• HD Ratio utilisation requirement of 0.80
IPv6
Prefix
Site Address
Bits
Total site address in /48s
Threshold
(HD ratio 0.8)
Utilisation %
42 6 64 28
36 12 4096 776
35 13 8192 1351
32 16 65536 7132
29 19 524288 37641
24 24 16777216 602249
16 32 4294967296 50859008
8 40 1099511627776 4294967296
3 45 35184372088832 68719476736
10.9%
43.5%
18.9%16.5%
7.2%
3.6%
1.2%0.4%
0.2%
• RFC 3194
• “In a hierarchical address plan, as the size of the allocation increases, the density of assignments will decrease.”
Subsequent allocation
• Must meet HD = 0.8 utilisation requirement of previous allocation
• (7132 /48s assignments in a /32)
• Other criteria to be met– Correct registrations (all /48s registered)– Correct assignment practices etc
• Subsequent allocation size is at least double– Resulting IPv6 prefix is 1 bit shorter– Should be sufficient for 2 years requirement
Other conditions
• License model of allocation
– Allocations are not considered permanent, but always subject to review and reclamation
• Existing /35 Allocations
– A number of /35s have been assigned under interim IPv6 policy
– Holders of /35s eligible to request /32
IXP IPv6 assignment policy
• Criteria– Demonstrate ‘open peering policy’– 3 or more peers – Should not announce prefix to the Internet
• Portable assignment size: /48 – All other needs should be met through normal
processes– /64 holders can “upgrade” to /48
• Through NIRs/ APNIC• Need to return /64
IPv6
IPv6 - current experiments
IPv6-washing machine IPv6-refrigerator IPv6-microwave
Mobile viewer Access point
PC
IPv6 network
Home hub
Home hub
Home router
Light
Air conditioner
Ethernet
Wireless
IPv6 allocation request form
• Requestor template
• Network template
• IPv6 usage template
• Additional information– Information published online– network diagram & deployment dates– Additional justification if requesting more
than initial allocation size– Additional information
IPv6 address allocation procedures
• IPv6 Allocations to RIRs from IANA– APNIC 2001:0200::/23
2001:0C00::/232001:0E00::/23
– ARIN 2001:0400::/23– LACNIC 2001:1200::/23– RIPE NCC 2001:0600::/23
2001:0800::/232001:0A00::/23
• IPv6 Address Request form– http://ftp.apnic.net/apnic/docs/ipv6-alloc-request
IPv6
IPv6 RIRs distribution
Last updated Oct 2003
APNIC113
ARIN71
LACNIC8
RIPE-NCC237
IPv6
IPv6 Allocations - Global
Single Allocation16%
JP26%
US14%
DE8%
FI3%
SE3%
FR2%
IT2%
NL2%
AT1%
IE1%
KR8%
UK5%
MX4%
EU3%
AU2%
IPv6 allocations in AP
IPv6
Last updated Oct 2003
JP 58
ID2
PH1
KR 17
SG 4HK 2
IN1MY
3
PG1
TH3
AU 5
CN 5
TW 11
IPv6 routing table
0
50
100
150
200
250
/24 /28 /32 /33 /35 /36 /40 /42 /44 /45 /48 /60 /64 /120 /128
IPv6 routing table announcement
Source: http://bgp.potaroo.net/v6/as1221/index.html
Last updated May 2003
Questions ?
References
• IPv6 Resource Guide• http://www.apnic.net/services/ipv6_guide.html
• IPv6 Policy Document• http://www.apnic.net/policies.html
• IPv6 Address request form• http://ftp.apnic.net/apnic/docs/ipv6-alloc-request
• Useful reading:– “The case for IPv6”: http://www.6bone.net/misc/case-for-ipv6.html
FAQ• http://www.apnic.net/info/faq/IPv6-FAQ.html
IPv6
Questions ?
Summary
What we have covered today
Summary
• APNIC’s role in the Asia Pacific• Internet Registry Policies• IPv4 Allocation & Assignment Procedures
• IP Address Management• APNIC Database Procedures • Reverse DNS Procedures• ASN Assignment Procedures• Internet Routing Registry• IPv6 Overview and Policies
Summary - Responsibilities
• As an APNIC member and custodian of address space – Be aware of your responsibilities
– Register customer assignments in APNIC database
• Keep this data up-to-date & accurate
– Educate your customers– Document your network in detail
• Keep local records
– Register reverse DNS delegations
• More personalised service– Range of languages:
• Faster response and resolution of queries– IP resource applications, status of requests, membership enquiries,
billing issues & database enquiries
Helpdesk
Member Services Helpdesk- One point of contact for all member enquiries
[email protected]/helpdesk
Helpdesk hours 9:00 am - 7:00 pm (AU EST, UTC + 10 hrs)
ph: +61 7 3858 3188 fax: +61 7 3858 3199
• Filipino (Tagalog)• Mandarin• Vietnamese
• English• Japanese• Thai
• Cantonese• Hindi• Telugu
Summary
• “Do the right thing”
– Think about routing table size & scalability of Internet
– Encourage renumbering
– Announce aggregate prefixes
– Think global not local
Thank you !!
Your feedback is appreciated
Supplementary
Reading
Introduction
Regional Registry web sites• APNIC:
http://www.apnic.net
• ARIN: http://www.arin.net
• LACNIC: http://www.lacnic.net
• RIPE NCC: http://www.ripe.net
APNIC past meetingshttp://www.apnic.net/meetings
Introduction
APNIC membershttp://www.apnic.net/members.html
Membership • Membership procedure
http://www.apnic.net/membersteps.html
• Membership application form http://www.apnic.net/apnic-bin/membership-application.pl
• Membership fees http://www.apnic.net/docs/corpdocs/FeeSchedule.htm
Introduction to APNIC & IP Policy
Classless techniques• CIDR
http://ftp.apnic.net/ietf/rfc/rfc1000/rfc1517-19.txt
• Network Addressing when using CIDR ftp://ftp.uninett.no/pub/misc/eidnes-cidr.ps.Z
• Variable Length Subnet Table http://ftp.apnic.net/ietf/rfc/rfc1000/rfc1878.txt
Private Address Space• Address Allocation for Private Internets
http://ftp.apnic.net/ietf/rfc/rfc1000/rfc1918.txt
• Counter argument: “Unique addresses are good” http://ftp.apnic.net/ietf/rfc/rfc1000/rfc1814.txt
Bit boundary chart +------------------------------------------------------+ | addrs bits pref class mask | +------------------------------------------------------+ | 1 0 /32 255.255.255.255 | | 2 1 /31 255.255.255.254 | | 4 2 /30 255.255.255.252 | | 8 3 /29 255.255.255.248 | | 16 4 /28 255.255.255.240 | | 32 5 /27 255.255.255.224 | | 64 6 /26 255.255.255.192 | | 128 7 /25 255.255.255.128 | | 256 8 /24 1C 255.255.255 | | 512 9 /23 2C 255.255.254 | | 1,024 10 /22 4C 255.255.252 | | 2,048 11 /21 8C 255.255.248 | | 4,096 12 /20 16C 255.255.240 | | 8,192 13 /19 32C 255.255.224 | | 16,384 14 /18 64C 255.255.192 | | 32,768 15 /17 128C 255.255.128 | | 65,536 16 /16 1B 255.255 | | 131,072 17 /15 2B 255.254 | | 262,144 18 /14 4B 255.252 | | 524,288 19 /13 8B 255.248 | | 1,048,576 20 /12 16B 255.240 | | 2,097,152 21 /11 32B 255.224 | | 4,194,204 22 /10 64B 255.192 | | 8,388,608 23 /9 128B 255.128 | | 16,777,216 24 /8 1A 255 | | 33,554,432 25 /7 2A 254 | | 67,108,864 26 /6 4A 252 | | 134,217,728 27 /5 8A 248 | | 268,435,456 28 /4 16A 240 | | 536,870,912 29 /3 32A 224 | |1,073,741,824 30 /2 64A 192 | +------------------------------------------------------+
APNIC Mailing Lists
• apnic-talk– Open discussions relevant to APNIC community & members
• apnic-announce– Announcements of interest to the AP community
• sig-policy– IPv4 and IPv6 allocation and assignment policies
• global-v6– Global IPv6 policy mailing list
• subscribe via <[email protected]>• archives:
http://ftp.apnic.net/apnic/mailing-lists
http://www.apnic.net/net_comm/lists/
The RIR System
• “Development of the Regional Internet Registry System” Internet Protocol Journal
• Short history of the Internet
http://www.cisco.com/warp/public/759/ipj_4-4/ipj_4-4_regional.html
Policies & Policy Environment
Policy Documentation • Policies for address space management in the Asia Pacific
regionhttp://www.apnic.net/docs/policy/add-manage-policy.html
• RFC2050: Internet Registry IP allocation Guidelineshttp://ftp.apnic.net/ietf/rfc/rfc2000/rfc2050.txt
Address Request Procedures
Addressing Guidelines• “Designing Addressing Architectures for Routing &
Switching”, Howard C. Berkowitz
Address Request Forms• ISP Address Request Form
http://www.apnic.net/services/ipv4/
• Second-opinion Request Formhttp://www.apnic.net/services/second-opinion/
• No Questions Asked http://ftp.apnic.net/apnic/docs/no-questions-policy
APNIC Database
APNIC Database Documentation• Updating information in the APNIC Database
http://ftp.apnic.net/apnic/docs/database-update-info
• Maintainer & Person Object Request Form http://ftp.apnic.net/apnic/docs/mntner-person-request
• APNIC Maintainer Object Request http://www.apnic.net/apnic-bin/maintainer.pl
• APNIC Whois Database objects resource guide http://www.apnic.net/services/whois_guide.html
APNIC Database
RIPE Database Documentation• RIPE Database Reference Manual
http://www.ripe.net/docs/databaseref-manual.html
Database ‘whois’ Clienthttp://ftp.apnic.net/apnic/dbase/tools/ripe-dbase-client.tar.gz
Database web queryhttp://www.apnic.net/apnic-bin/whois2.pl
Person object template
person: [mandatory] [single] [lookup key]address: [mandatory] [multiple] [ ]country: [optional] [single] [ ]phone: [mandatory] [multiple] [ ]fax-no: [optional] [multiple] [ ]e-mail: [mandatory] [multiple] [lookup key]nic-hdl: [mandatory] [single] [primary/look-up key]remarks: [optional] [multiple] [ ]notify: [optional] [multiple] [inverse key]mnt-by: [mandatory] [multiple] [inverse key]changed: [mandatory] [multiple] [ ]source: [mandatory] [single] [ ]
Role object template
role: [mandatory] [single] [lookup key]address: [mandatory] [multiple] [ ]country: [optional] [single] [ ]phone: [mandatory] [multiple] [ ]fax-no: [optional] [multiple] [ ]e-mail: [mandatory] [multiple] [lookup key]trouble: [optional] [multiple] [ ]admin-c: [mandatory] [multiple] [inverse key]tech-c: [mandatory] [multiple] [inverse key]nic-hdl: [mandatory] [single] [primary/look-up
key]remarks: [optional] [multiple] [ ]notify: [optional] [multiple] [inverse key]mnt-by: [mandatory] [multiple] [inverse key]changed: [mandatory] [multiple] [ ]source: [mandatory] [single] [ ]
Maintainer Object Template
mntner: [mandatory] [single] [primary/look-up key]descr: [mandatory] [multiple] [ ]country: [optional] [single] [ ]admin-c: [mandatory] [multiple] [inverse key]tech-c: [optional] [multiple] [inverse key]upd-to: [mandatory] [multiple] [inverse key]mnt-nfy: [optional] [multiple] [inverse key]auth: [mandatory] [multiple] [ ]remarks: [optional] [multiple] [ ]notify: [optional] [multiple] [inverse key]mnt-by: [mandatory] [multiple] [inverse key]referral-by: [mandatory] [single] [inverse key]changed: [mandatory] [multiple] [ ]source: [mandatory] [single] [ ]
Inetnum object template
inetnum: [mandatory] [single] [primary/look-up key]netname: [mandatory] [single] [lookup key]descr: [mandatory] [multiple] [ ]country: [mandatory] [multiple] [ ]admin-c: [mandatory] [multiple] [inverse key]tech-c: [mandatory] [multiple] [inverse key]rev-srv: [optional] [multiple] [inverse key]status: [mandatory] [single] [ ]remarks: [optional] [multiple] [ ]notify: [optional] [multiple] [inverse key]mnt-by: [mandatory] [multiple] [inverse key]mnt-lower: [optional] [multiple] [inverse key]mnt-routes:[optional] [multiple] [inverse key]mnt-irt: [optional] [multiple] [inverse key]changed: [mandatory] [multiple] [ ]source: [mandatory] [single] [ ]
Aut-num Object Template
aut-num: [mandatory] [single] [primary/look-up key]
as-name: [mandatory] [single] [ ]descr: [mandatory] [multiple] [ ]country: [optional] [single] [ ]member-of: [optional] [multiple] [ ]import: [optional] [multiple] [ ]export: [optional] [multiple] [ ]default: [optional] [multiple] [ ]remarks: [optional] [multiple] [ ]admin-c: [mandatory] [multiple] [inverse key]tech-c: [mandatory] [multiple] [inverse key]cross-mnt: [optional] [multiple] [inverse key]cross-nfy: [optional] [multiple] [inverse key]notify: [optional] [multiple] [inverse key]mnt-lower: [optional] [multiple] [inverse key]mnt-routes: [optional] [multiple] [inverse key]mnt-by: [mandatory] [multiple] [inverse key]changed: [mandatory] [multiple] [ ]source: [mandatory] [single] [ ]
Domain object template
domain: [mandatory] [single] [primary/look-up key]
descr: [mandatory] [multiple] [ ]country: [optional] [single] [ ]admin-c: [mandatory] [multiple] [inverse key]tech-c: [mandatory] [multiple] [inverse key]zone-c: [mandatory] [multiple] [inverse key]nserver: [mandatory] [multiple] [inverse key]sub-dom: [optional] [multiple] [inverse key]dom-net: [optional] [multiple] [ ]remarks: [optional] [multiple] [ ]notify: [optional] [multiple] [inverse key]mnt-by: [mandatory] [multiple] [inverse key]mnt-lower: [optional] [multiple] [inverse key]refer: [optional] [single] [ ]changed: [mandatory] [multiple] [ ]source: [mandatory] [single] [ ]
Reverse DNS
Request Forms• Guide to reverse zones
http://www.apnic.net/db/revdel.html
• Registering your Rev Delegations with APNIC http://www.apnic.net/db/domain.html
Relevant RFCs• Classless Delegations
http://ftp.apnic.net/ietf/rfc/rfc2000/rfc2317.txt
• Common DNS configuration errorshttp://ftp.apnic.net/ietf/rfc/rfc1000/rfc1537.txt
Reverse DNS
Documentation• Domain name structure and delegation
http://ftp.apnic.net/ietf/rfc/rfc1000/rfc1591.txt
• Domain administrators operations guidehttp://ftp.apnic.net/ietf/rfc/rfc1000/rfc1033.txt
• Taking care of your domainftp://ftp.ripe.net/ripe/docs/ripe-114.txt
• Tools for DNS debugginghttp://ftp.apnic.net/ietf/rfc/rfc2000/rfc2317.txt
AS Assignment Procedures
Policy• Guidelines for the creation, selection, and
registration of an AS http://ftp.apnic.net/ietf/rfc/rfc1000/rfc1930.txt
RFCs• Routing Policy Specification Language (RPSL)
http://ftp.apnic.net/ietf/rfc/rfc2000/rfc2280.txt
• A dedicated AS for sites homed to a single providerhttp://ftp.apnic.net/ietf/rfc/rfc2000/rfc2270.txt
• RFC1997: BGP Communities attributehttp://ftp.apnic.net/ietf/rfc/rfc2000/rfc2270.txt
IPv6
Policy Documents• IPv6 Address Policy
http://ftp.apnic.net/apnic/docs/ipv6-address-policy
• IPv6 Address request formhttp://ftp.apnic.net/apnic/docs/ipv6-alloc-request
Useful reading• The case for IPv6
http://www.6bone.net/misc/case-for-ipv6.html
FAQhttp://www.apnic.net/info/faq/IPv6-FAQ.html
IPv6: HD Ratio 0.8
IPv6 prefix Site addr bits
Total site addrs in /48s Threshold Util%
42 6 64 28 43.5%36 12 4096 776 18.9%35 13 8192 1351 16.5%32 16 65536 7132 10.9%29 19 524288 37641 7.2%24 24 16777216 602249 3.6%16 32 4294967296 50859008 1.2%
8 40 1099511627776 4294967296 0.4%3 45 35184372088832 68719476736 0.2%
RFC3194 “The Host-Density Ratio for Address Assignment Efficiency”
Other supplementary reading
Operational Content Books• ISP Survival Guide, Geoff Huston• Cisco ISP Essentials, Philip Smith
BGP Tablehttp://www.telstra.net/ops/bgptable.html
http://www.merit.edu/ipma/reports
http://www.merit.edu/ipma/routing_table/mae-east/prefixlen.990212.html
http://www.employees.org/~tbates/cidr.hist.plot.html
Routing Instabilityhttp://zounds.merit.net/cgi-bin/do.pl
Other supplementary reading
Routing & Mulithoming• Internet Routing Architectures - Bassam Halabi • BGP Communities Attribute
http://ftp.apnic.net/ietf/rfc/rfc1000/rfc1997.txt
http://ftp.apnic.net/ietf/rfc/rfc1000/rfc1998.txt
Filtering• Egress Filtering
http://www.cisco.com/public/cons/isp
• Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing
http://ftp.apnic.net/ietf/rfc/rfc2000/rfc2267.txt
Other Supplementary Reading
• Dampening case studies at http://www.cisco.com/warp/public/459/16.html
• Traceroute Serverhttp://nitrous.digex.net
• Network Renumbering Overview: Why Would I Want It and What Is It Anyway?
http://ftp.apnic.net/ietf/rfc/rfc2000/rfc2071.txt
• Procedures for Enterprise Renumberinghttp://www.isi.edu/div7/pier/papers.html
• NAT– The IP Network Address Translator
http://ftp.apnic.net/ietf/rfc/rfc1000/rfc1631.txt
Top Related