New Version of the RIPE Database RPSL implementation and status of RIPE DBv3 Andrei Robachevsky RIPE NCC Andrei Robachevsky . 13th APNIC Open Policy Meeting, March.

Download Report

Transcript New Version of the RIPE Database RPSL implementation and status of RIPE DBv3 Andrei Robachevsky RIPE NCC Andrei Robachevsky . 13th APNIC Open Policy Meeting, March. 

New Version of the RIPE Database
RPSL implementation and status of RIPE DBv3
Andrei Robachevsky
RIPE NCC
<[email protected]>
1
Andrei Robachevsky
.
13th APNIC Open Policy Meeting, March 2002, Bangkok
.
http://www.ripe.net
Outline
• Current status of the RIPE Database
• New database system
• Database related projects
2
Andrei Robachevsky
.
13th APNIC Open Policy Meeting, March 2002, Bangkok
.
http://www.ripe.net
RIPE Database in figures
Database Growth
Database Contents
inetnum  +38,000
person  +50,000
route  - 2,000
Update Rate
2 - 4 upd/min
60% inetnum
1,4 M objects
domain
inetnum
person
Query Rate
15 queries/s avg.
60% IP lookups
3
Andrei Robachevsky
.
13th APNIC Open Policy Meeting, March 2002, Bangkok
.
http://www.ripe.net
Database Contents
6000000
Before *.de
migration
5000000
RIPE-39
May 2001
June 2000
inetnum  +38,000
person  +50,000
route  - 2,000
4000000
mntner
After PN
removal
3000000
aut_num
route
person/role
inetnum
Sept. 2001
domain
2000000
1000000
0
28-Jun-00
22-Apr-01
12-Oct-01
4-Jan-02
4
Andrei Robachevsky
.
13th APNIC Open Policy Meeting, March 2002, Bangkok
.
http://www.ripe.net
Query by type (%)
100%
90%
80%
70%
other_denied
other_OK
inverse_denied
60%
inverse_OK
domain_denied
domainref_OK
50%
domain_OK
ipsw_denied
40%
ipsw_OK
ip_denied
ip_OK
30%
20%
60%
10%
0%
23-Apr-01
23-May-01
23-Jun-01
23-Jul-01
23-Aug-01
23-Sep-01
23-Oct-01
23-Nov-01
23-Dec-01
5
Andrei Robachevsky
.
13th APNIC Open Policy Meeting, March 2002, Bangkok
.
http://www.ripe.net
Query by type (q/s)
20
18
16
14
other_denied
other_OK
inverse_denied
12
inverse_OK
domain_denied
10
domainref_OK
domain_OK
ipsw_denied
8
ipsw_OK
ip_denied
6
ip_OK
4
2
0
23-Apr-01
23-May-01
23-Jun-01
23-Jul-01
23-Aug-01
23-Sep-01
23-Oct-01
23-Nov-01
23-Dec-01
6
Andrei Robachevsky
.
13th APNIC Open Policy Meeting, March 2002, Bangkok
.
http://www.ripe.net
Update by object type
weekly average, upd/min
16
14
12
10
route
pn removal
person
mntner
8
inetnum
domain
aut-num
6
4
2
0
30-Apr-01
28-May-01
25-Jun-01
23-Jul-01
20-Aug-01
5-Sep-01
21-Sep-01
20-Oct-01
17-Nov-01
16-Dec-01
7
Andrei Robachevsky
.
13th APNIC Open Policy Meeting, March 2002, Bangkok
.
http://www.ripe.net
Update by type (%)
100%
80%
60%
Updated
Deleted
Added
40%
20%
0%
30-Apr-01
28-May-01
25-Jun-01
23-Jul-01
20-Aug-01
14-Sep-01
13-Oct-01
10-Nov-01
9-Dec-01
8
Andrei Robachevsky
.
13th APNIC Open Policy Meeting, March 2002, Bangkok
.
http://www.ripe.net
V3 Database System
• Functionality
• Architecture
• Performance
• New features (3.1.0)
9
Andrei Robachevsky
.
13th APNIC Open Policy Meeting, March 2002, Bangkok
.
http://www.ripe.net
New version of the RIPE Database
• Supports IR and RR
• domain registry support is limited
• Supports RPSL (RFC2622)
• Extended syntax
• New objects and attributes
• Supports RPSS (RFC2725)
• New authorisation rules
• Supports IRRToolSet (RAToolSet)
• RtConfig -protocol ripe
10
Andrei Robachevsky
.
13th APNIC Open Policy Meeting, March 2002, Bangkok
.
http://www.ripe.net
Security features
• Provides strong security mechanisms
•
•
•
•
•
•
•
Protection of individual objects
Protection of IP address space
Protection of ASN space
Protection of route space
Protection of set membership
Protection of hierarchical set names
Protection of domain object space
• 4 supported authentication schemes
• GPG public keys are supported
11
Andrei Robachevsky
.
13th APNIC Open Policy Meeting, March 2002, Bangkok
.
http://www.ripe.net
V3 software
• Mainly in C, multithreaded
• CPU: 70% idle
• RDBMS as a back-end
• MySQL, customised transaction support
• In-memory radix tree for IP lookups
• also more and less specific lookups for reverse delegation
domains
• MIME and GPG support
• correct PGP keys are also accepted
• Automatic access control
• separate accounting for public and contact data
12
Andrei Robachevsky
.
13th APNIC Open Policy Meeting, March 2002, Bangkok
.
http://www.ripe.net
Server architecture (I)
Message
queues
Syntax checks,
acks, notifications
queries
Queue
rules
RDBMS
Update FE
Core Server
E-mail
Update FE
NRTM clients
Mirror Server
RDBMS
13
Andrei Robachevsky
.
13th APNIC Open Policy Meeting, March 2002, Bangkok
.
http://www.ripe.net
Server architecture (II)
Internet
whois.ripe.net
mysqld
whois_rip
RIPE
query: -a AS3333
ARIN
APNIC
query: SK15964-RIPE
RADB
inetnum
query: 193.0.1.17
CW
route
14
Andrei Robachevsky
.
13th APNIC Open Policy Meeting, March 2002, Bangkok
.
http://www.ripe.net
Query Performance (I)
Query rate,
q/s
80.00
70
V3
operational
zone
60.00
V3
V2
operational
zone
40.00
V2
18
20.00
0.00
0.00
Andrei Robachevsky
.
20.00
40.00
60.00
13th APNIC Open Policy Meeting, March 2002, Bangkok
# of concurrent
clients
.
http://www.ripe.net
15
Query Performance (II)
4.00
Response
time,
s
V3
operational
zone
3.00
V3
2.00
V2
1.4
V2
operational
zone
1.00
0.2
0.00
0.00
Andrei Robachevsky
.
20.00
40.00
60.00
13th APNIC Open Policy Meeting, March 2002, Bangkok
# of concurrent
clients
.
http://www.ripe.net
16
V3.1.0 New Features
• RPSL object library
• used by the core and front-end subsystems
• replaces inherited RAToolset code
• consolidates object and attribute definitions
• irt object representing CSIRT
• “mnt-irt:” attribute to reference a CSIRT from inet[6]num
• -c flag to search for the CSIRT in charge
• New status value for inetnum objects
• facilitates LIR’s IP address management
17
Andrei Robachevsky
.
13th APNIC Open Policy Meeting, March 2002, Bangkok
.
http://www.ripe.net
Future Plans
• Authorisation checks across multiple databases
• minimises need to replicate other RR data in the RIPE DB
• currently use workaround for such cases
• Real-time (Synchronous) updates
• simplifies client side scripts
• basis for user-friendly update interface
• Automatic database cleanup
• based on internal data rather than object data/metadata
• notifications rather than lookups
18
Andrei Robachevsky
.
13th APNIC Open Policy Meeting, March 2002, Bangkok
.
http://www.ripe.net
Future Plans(II)
• Prototyping RPSL extensions (ipv6, multicast)
• both whois and IRRToolSet will be affected
• Further improvement of server software
• error reporting, performance,
• configuration flexibility
• Documentation
• Update of DB Reference Manual
• DB User Manual
• DB Operation Manual
19
Andrei Robachevsky
.
13th APNIC Open Policy Meeting, March 2002, Bangkok
.
http://www.ripe.net
Other Database Projects
• Database Statistics & Consistency Project
• extended statistics and reports by subscription
• prototype available at http://www.ripe.net/db/dbconstat/
• RRCC project
• Activity resumed, RIPE201 published
• Prototype at
http://www.ripe.net/ripencc/pub-services/db/rrcc/index.html
• IRRToolSet support
• documentation and bug fixes
• your input is very welcome at [email protected].
20
Andrei Robachevsky
.
13th APNIC Open Policy Meeting, March 2002, Bangkok
.
http://www.ripe.net
More Information
• RIPE-181 to RPSL Migration page
• http://www.ripe.net/rpsl
• Documentation
• RIPE Database Reference Manual
http://www.ripe.net/ripe/docs/databaseref-manual.html
• RIPE Database User Manual (coming soon)
• RIPE Database Operation Manual (coming soon)
• Software
• New whois client
ftp://ftp.ripe.net/tools/ripe-whois-3.0.tar.gz
• Server software v3
ftp://ftp.ripe.net/ripe/dbase/software/ripe-dbase-latest.tar.gz
21
Andrei Robachevsky
.
13th APNIC Open Policy Meeting, March 2002, Bangkok
.
http://www.ripe.net
Questions?
22
Andrei Robachevsky
.
13th APNIC Open Policy Meeting, March 2002, Bangkok
.
http://www.ripe.net