Welcome to the Local Internet Registry Tutorial 15 September 2000 Grand Ball Room, 14:00-17:30 RIPE Network Co-ordination Centre Vesna Manojlovic , Eamonn McGuinness http://www.ripe.net/ripe/meetings/archive/ripe-37/presentations/lir-tutorial/ ftp://ftp.ripe.net/ripe/presentations/lir-tutorial-ripe37 Local Internet Registries Tutorial . RIPE.

Download Report

Transcript Welcome to the Local Internet Registry Tutorial 15 September 2000 Grand Ball Room, 14:00-17:30 RIPE Network Co-ordination Centre Vesna Manojlovic , Eamonn McGuinness http://www.ripe.net/ripe/meetings/archive/ripe-37/presentations/lir-tutorial/ ftp://ftp.ripe.net/ripe/presentations/lir-tutorial-ripe37 Local Internet Registries Tutorial . RIPE. 

Welcome to the
Local Internet Registry
Tutorial
15 September 2000
Grand Ball Room, 14:00-17:30
RIPE Network Co-ordination Centre
Vesna Manojlovic <[email protected]>,
Eamonn McGuinness <[email protected]>
http://www.ripe.net/ripe/meetings/archive/ripe-37/presentations/lir-tutorial/
ftp://ftp.ripe.net/ripe/presentations/lir-tutorial-ripe37
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
1
Schedule
• Requesting Address Space
• Introduction to RIPE NCC
• Global Registry System
• Initial Administrivia of Becoming LIR
• First Request
• Completing the request form
• Communication with hostmasters
• Customer’s Request
• Elementary evaluation
• RIPE Database
• Evaluation of specific assignment cases
• Large request
• PI request
• Renumbering
• Assignment Window
• New allocation
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
2
Introduction to RIPE NCC
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
3
What is the RIPE NCC?
• Network Co-ordination Centre
– The RIPE NCC is a “co-ordination” and support
service for its members and RIPE community
• One of 3 Regional Internet Registries (RIR)
• Why a NCC ?
Actions agreed in RIPE community needed
– continuity and professionalism
– neutrality and impartiality
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
4
Vital Statistics
• Statistics 1992
–
–
–
–
3 staff members
No Local IR’s
182,528 hosts in European Internet
7,955 objects in RIPE database (June ‘92)
• Statistics Now
– 62 staff (22 nationalities)
 2,018+ participating Local IR’s
 11,390,000+ countable hosts in the RIPE NCC region
 3,041,650+ objects in the database
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
5
RIPE NCC Activities (1)
Member Services
• Registration Services
– IPv4 addresses
– IPv6 addresses
– AS numbers
– LIR Training Courses
•
<[email protected]>
• Reverse domain name delegation
– NOT registering domain names
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
6
RIPE NCC Activities (2)
Public Services
 RIPE database maintenance
 Routing Registry Maintenance (RR)
• Co-ordination
– RIPE support
– Liaison with:
• LIRs / RIRs / ICANN / etc …
– Information dissemination
• New Projects
– Test Traffic Measurements
 Routing Information Service (RIS)
 Routing Registry Consistency (RR)
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
7
RIPE Database (1)
• Public Network Management Database
• Information about
IP address space
reverse domains
routing policies
contact details
objects
inetnum, inet6num
domain
route, aut-num
person, role
• Server whois.ripe.net
• UNIX command line queries
• http://www.ripe.net/ripencc/pub-services/db/
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
8
RIPE Database (2)
• Software Management
• server and client
– NOT relational
– RIPE NCC
– Database Working Group (RIPE community)
• Data Management
– LIRs
– other users
– RIPE NCC
• Information content not responsibility of RIPE NCC
• Protection mechanisms not default, but strongly encouraged
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
9
Summary: RIPE & RIPE NCC
Two separate organisations,
closely interdependent
• RIPE
– open forum for discussing policies
• RIPE NCC
– legitimate, not-for-profit association
– formal membership
– neutral and impartial
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
10
Questions?
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
11
• Terminology
• Global Registry System
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
12
Terminology
• Allocation
– address space given to registries which is held by
them to assign to customers
• Assignment
– address space given to end-users for use in
operational networks
/20 allocation = 4096 addresses
assignment
Local Internet Registries Tutorial
assignment
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
13
Classful Notation
network
host
8
Class A
0
16,777,216
0.0.0.0 - 127.255.255.255
16
Class B
10
65,536
128.0.0.0 - 191.255.255.255
24
Class C
110
256
192.0.0.0 - 223.255.255.255
• Obsolete because of
– depletion of B space
– too many routes from C space
• Solution
– Classless Inter Domain Routing
 hierarchical address space allocation
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
14
 Classless Notation
Addresses
...
Prefix
...
Classful
...
Net Mask
...
8
/29
255.255.255.248
16
/28
255.255.255.240
32
/27
255.255.255.224
64
/26
255.255.255.192
128
/25
255.255.255.128
256
...
/24
...
1C
...
255.255.255.0
...
4096
/20
16 C’s
255.255.240.0
8192
/19
32 C’s
255.255.224
16384
/18
64 C’s
255.255.192
32768
/17
128 C’s
255.255.128
65536
...
/16
...
.
Local Internet Registries Tutorial
1B
...
RIPE 37, Amsterdam 12-15 2000.
255.255.0.0
...
.
http://www.ripe.net
15
Goals of the
Internet Registry System
• Aggregation
• Conservation
• Registration
– uniqueness
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
16
Regional Registry Structure
IANA / ICANN
ARIN
RIPE NCC
Local IR
/ ISP
APNIC
Local IR
Enterprise
Local IR
ISP
ISP /
End user
End user
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
17
Service Regions
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
18
Questions?
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
19
Initial Administrivia of
Becoming LIR
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
20
Becoming LIR
• Completed application form (ripe-212)
 Provided Reg-ID & contact persons
– <[email protected]>
Read relevant RIPE documents
• Signed contract (ripe-191)
– agreed to follow policies and procedures
* Paid the sign-up & yearly fee
– <[email protected]>
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
21
Contact Persons
 Stored in RIPE NCC internal file for each registry
– confidential
• Only registered contact persons can
– send requests to hostmasters
– change contact information
• PGP optional (soon)
 Use ‘role’ object
– for multiple admin-c and tech-c
• Members’ mailing lists
– <[email protected]>
– <[email protected]>
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
22
Registry Identification (RegID)
• Distinguishes between contributing
registries and individuals
• Format
<country code> . <registry name>
• Include with every message
• Suggestion - modify mail header
X-NCC-RegID: nl.bluelight
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
23
Questions?
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
24
New Registry’s First Request
• Completing the request form
• Communication with the hostmaster
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
25
Sample First Request
Example: Blue Light Internet
• LIR wants a block of IP addresses
– e.g. for own network / infrastructure
• do not include needs of customers yet
Steps:
 Complete request form ripe-141
 Send request to <[email protected]>
 RIPE NCC evaluate and approve request
With first assignment LIR automatically receives
/20 allocation
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
26
Request Form
ripe-141
I. General Information
Overview of Organisation
Contact Information
Current Address Space Usage
II. The Request
Request Overview
Addressing Plan
III. Database Information
IV. Optional Information
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
27
Completing the Request Form
(starting from Addressing Plan)
Gathering Information
• Design of the network
– how many physical segments it will consist of
– what is each segment going to be used for
• including equipment used
– how many hosts are in each segment
– expectations of growth
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
28
#[ Addressing Plan Template ]#
Relative
Prefix
0.0.0.0
0.0.0.128
0.0.0.160
0.0.0.176
0.0.0.192
0.0.1.0
0.0.1.128
0.0.1.160
0.0.1.176
Subnet Mask
Size Imm 1yr 2yr Description
255.255.255.128 128 100 100 100 dynamic dial-up Amsterdam
255.255.255.224 32 10 12 16 web/mail/ftp servers Amsterdam
255.255.255.240 16
8 10 13 customers’ servers Amsterdam
255.255.255.240 16 14 14 14 training room LAN Amsterdam
255.255.255.192 64 24 35 50 Amsterdam office LAN (*1)
255.255.255.128 128
0 100 100 dynamic dial-up Utrecht
255.255.255.224 32
0 12 25 web/mail/ftp servers Utrecht
255.255.255.240 16 14 14 14 Inet cafe Utrecht
255.255.255.240 16
0 0 10 training room LAN Utrecht
448 170 297 342
Totals
(*1) Office LAN = workstations, router, 2 printers and 1 fileserver
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
29
#[ Request Overview Template ]#



request-size: 448
addresses-immediate: 170
addresses-year-1:
297
Totals:
448 170 297 342
addresses-year-2:
342
subnets-immediate: 6
subnets-year-1:
8
subnets-year-2:
9
inet-connect: YES, already connected to “UpstreamISP”
country-net: NL
private-considered: Yes
request-refused: NO
PI-requested: NO
address-space-returned: 195.20.42.0/25, to UpstreamISP, “in 3 months”
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
30
#[ Current Address Space Usage
Template ]#
Prefix
Subnet Mask
Size Imm 1yr 2yr Description
195.20.42.0
195.20.42.64
195.20.42.96
195.20.42.112
255.255.255.192
255.255.255.224
255.255.255.240
255.255.255.240
64 16 30 50 Dynamic dial-up A’dam
32 10 22 29 Amsterdam office LAN
16 4 6 8 Utrecht office LAN
16 6 10 13 Mail servers
128 36 68 100 Totals
Actual addresses
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
31
#[Person template]#
*
*
Jan Jansen
Blue Light Internet
Oudezijds Achterburgwal 13
Amsterdam
The Netherlands
[email protected]
+31-20-555 5555
AUTO-1
BLUELIGHT-MNT
[email protected] 19990906
RIPE
person:
address:
address:
address:
address:
e-mail:
phone:
nic-hdl:
mnt-by:
changed:
source:
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
32
#[Network template]#
inetnum:
netname:
descr:
descr:
country:
admin-c:
* tech-c:
status:
* mnt-by:
changed:
source:
Local Internet Registries Tutorial
.
x.x.x.x/23
BLUELIGHT-1
Company infrastructure
in both locations
NL
AB231-RIPE
AUTO-1
ASSIGNED PA
BLUELIGHT-MNT
[email protected] 19990906
RIPE
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
33
Communication with
<[email protected]>
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
34
Ticketing System
• Unique ticket number
– facilitates retrieval / archiving
– NCC#YYYYMMXXXX
e.g. NCC#2000053280
• Check status of ticket on the web
– http://www.ripe.net/cgi-bin/rttquery
• open ncc
• open reg
• closed
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
35
Hostmaster-robot
• Checks request form
– Reg-ID, contact persons
– syntax
– policy problems
• Acknowledgement & diagnostics
– LONGACK
• Error message
– correct & re-send the request
– use same ticket number
– NOAUTO
• No errors: hostmaster wait-queue
– “ongoings” directly to hostmasters
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
36
Request Approved
• With the first ASSIGNMENT approved LIR automatically
gets an ALLOCATION
– /20 (4096 addresses)
 Hostmaster enters allocation and assignment objects into
the RIPE database at this time
- /24 & /25 & /26 instead of /23
• Whole allocated range can be announced immediately
• Every request has to be sent for approval to RIPE NCC
– addresses for LIRs own infrastructure
– all customers’ request
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
37
Questions?
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
38
Customer’s Request
Evaluation
Basic Database Issues
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
39
Assignment Process
Gathering
information
Completing
ripe-141
Documentation
completed?
Customer
no
yes
RIPE NCC evaluation
no
Documentation
completed?
approval
 Assignment
update local
records
Local Internet Registries Tutorial
.
update RIPE
database
notify
customer
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
40
Gathering Information
• One request form per customer
• Ask the same questions RIPE NCC asks LIR
– enough information to complete ripe-141
• Add comments
Example: Goody 2 Shoes
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
41
Before Submitting the Request
• Syntax check the request on the Web
• Complete documentation reduces need for
iteration
• All the data communicated with RIPE NCC is
kept strictly confidential
• Documentation for RIPE NCC has to be in
English
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
42
Evaluation -- General Information
• #[Overview of organisation template]#
• information relevant to the address space request
– Name and location of the company?
– What are the company activities?
– What is the structure?
• Does it have subsidiaries and where?
• For what part of the company are the addresses requested?
• #[Requester Template]#
– LIR contact for RIPE NCC
• #[User Template]#
– customer’s contact for LIR
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
43
Evaluation -- Addressing Plan
• Do totals in “Addressing Plan” match numbers
in “Request Overview”?
• Are all subnets classless?
– are the subnet masks real?
• Utilisation and efficiency guidelines:
25% immediately, 50% in one year
• Can address space be conserved by using
– different subnet sizes?
– avoiding padding between subnets?
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
44
Evaluation -- Network Template
• inetnum value
– specifies the size of assignment
– actual range is not necessary
• Relevant netname
– descriptive; uppercase letters, numbers & “-”
• RIPE NCC’s only reference to LIR’s assignment
• Contact persons
– can be multiple
 reference nic-hdls (may be a role object)
– admin-c
• responsible for the network, able to make decisions
– tech-c
• technical setup of the network
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
45
Internal Administration
• Wait for approval from <[email protected]>
prior to assignment and registration
• Decide on the range of within your address
space
– classless assignment on bit boundary
Assignment for customer’s network
Assignment for LIR’s network
• Update local records
– archive original documents with assignment
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
46
Creating Database Objects
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
47
Creating person Object
• Check if person object exists in RIPE DB
– whois {person’s name; email address}
– only one object per person
• Obtain and complete a template
 whois -t person
– -v (verbose)
 Send to <[email protected]>
• Each person object has unique nic-hdl
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
48
whois -t person
person: [mandatory] [single] [primary/look-up key]
address: [mandatory] [multiple] [ ]
e-mail:
[optional]
[multiple] [look-up key]
phone: [mandatory] [multiple] [ ]
notify:
[optional]
[multiple] [inverse key]
nic-hdl: [mandatory] [single] [primary/look-up key]
changed: [mandatory] [multiple] [ ]
source: [mandatory] [single] [ ]
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
49
nic-hdl
• Mandatory attribute
• Only way to clear ambiguity in person objects
• Format: <initials><number>-<regional registry>
– e.g. AB123-APNIC, CD567-RIPE
• Combination of person name and nic-hdl is the
primary key for person object
 Use “AUTO-#” placeholders
person: Piet Bakker
...
nic-hdl: PB1234-RIPE
AUTO-1
Local Internet Registries Tutorial
.
person: Jan van der Bruk
...
nic-hdl: JVDB1-RIPE
AUTO-#initials
AUTO-1JVDB
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
50
<[email protected]>
Responses
• Successful update
– acknowledgement
• Warnings
– object accepted but might be ambiguous
– object corrected and accepted
• Errors
– object NOT corrected and NOT accepted
– diagnostics in acknowledgement
• If not clear send questions to<[email protected]>
• Include error report
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
51
Creating Network Object
• inetnum
– insert the address range in the ‘network template’
approved by hostmasters
– keep the same netname attribute
– in change attribute use current date
• or leave out the date completely
• Send to <[email protected]>
– with the keyword NEW in the subject line
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
52
Check Your Database Data
• Before you notify the customer
– whois [customer’s IP range]
– whois [customer’s netname]
– whois -m [your allocated IP range]
• will show your first level customer(s) network(s)
– whois -L [customer’s IP range]
• will show your own data
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
53
Example DB Query
whois -M 195.35.64.0/19
whois -m 195.35.64.0/19
195.35.64.0 195.35.95.255
195.35.64.0-
195.35.92/29 195.35.92.8/29
195.35.80/25 195.35.88/26
195.35.65.191
ENGO-8
Goody2Shoes
eNGOs ... ENGO-7
Blue Light
whois -L 195.35.92.10
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
54
Notify the Customer
• Make sure customer has same data as you
– cut and paste output of the whois query
• Address space is considered in use only if
registered in the RIPE Database
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
55
Questions?
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
56
Evaluation of
Specific Assignment Cases
• ‘Large’ Request
• PI request
• Renumbering
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
57
‘Large’ Request
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
58
Submitting a Large Request
• Complete ripe-141 request form
– only include addresses you have concrete
need for (no reservations)
• Possible additional information
– pointer to web site
 deployment plan
 new technologies
 purchase receipts
topology map (design of the network)
• can be faxed
• handled and kept confidentially
• include ticket number and Reg-ID
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
59
Current Address Space Usage
Evaluation
• Are there any previous assignments?
– ask customer
• Querying the RIPE Database
– whois.ripe.net
• exact match
– http://www.ripe.net/ripencc/pub-services/db/
• full text search using glimpse
• whois web interface
• Can request be fulfilled with previous assignment?
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
60
Private Address Space
• RFC-1918 (Address Allocation for Private Internets)
• Suitable for
– partial connectivity
– limited access to outside services
• can use application layer gateways (fire walls, NAT)
• Motivation
– saves public address space
– allows for more flexibility
– security
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
61
Sample Deployment Plan
• Needed when big expansion planned
• Matching addressing plan
Relative
Subnet Mask
Prefix
0.0.0.0 255.255.252.0
0.0.4.0 255.255.252.0
0.0.8.0 255.255.252.0
0.0.12.0 255.255.252.0
Planned
operational
Date
09/2000
11/2000
11/2000
03/2001
Size Imm. 1yr 2yr Description
2048
2048
2048
2048
0
0
0
0
Date
Equipment
ordered
Type of
Equipment
05/2000
07/2000
07/2000
--------
modems
modems
modems
modems
Local Internet Registries Tutorial
.
1024 2048
1024 2048
1024 2048
1024 2048
Number
of hosts
2048
2048
2048
2048
RIPE 37, Amsterdam 12-15 2000.
London POP
Berlin POP
Moscow POP
Paris POP
Location
London
Berlin
Paris
Moscow
.
http://www.ripe.net
62
(New) Technologies
• If special hardware/software is used
• include the URLs of manufacturer’s sites if available
• Special allocation and verification procedures apply
• cable modems, ADSL
• GPRS?
static dial up assignments
IP based virtual web hosting
}
STRONGLY DISCOURAGED
– recommended
 investigate and implement dynamic assignment technologies
whenever possible
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
63
PI Request
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
64
PA vs. PI Assignments
• Provider Aggregatable
• customer uses addresses out of your allocation
good for routing tables
customer must renumber if changing ISP
• Provider Independent
• customer receives range of addresses from RIPE NCC
customer takes addresses when changing ISP
possible routing problems
• Make contractual agreements
– ripe-127
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
65
Requesting PI Space
• LIR sends request on behalf of PI customer
• Complete ripe-141 as usual
• Differences:
#[Request Overview Template]#
PI-requested: YES
#[Network Template]#
status: ASSIGNED PI
• Explain why the customer wants PI
– aware of the consequences?
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
66
Evaluation of PI Request
• Conservative estimates
– will NOT get more addresses (then needed) to prevent
routing problems
• Classless
• Assignment is only valid as long as original
criteria remain valid (ripe-185)
• After approval
– RIPE NCC assigns a block from own range
– RIPE NCC puts assignment in database
 with RIPE-NCC-HM-PI-MNT
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
67
Example PI DB Entry
inetnum:
netname:
descr:
descr:
country:
admin-c:
tech-c:
status:
mnt-by:
mnt-by:
changed:
source:
194.1.208.0 - 194.1.215.255
GOODY2SHOES-2
Own Private Network 4 Goody2Shoes
Amsterdam, Netherlands
NL
PIBA2-RIPE
JAJA1-RIPE
ASSIGNED PI
RIPE-NCC-HM-PI-MNT
BLUELIGHT-MNT
[email protected] 19991111
RIPE
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
68
Renumbering
… is easy!
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
69
When to Send Renumbering
Request?
• Customer(s) changing providers
– already using address space
– returning PA addresses to OldISP
– renumbering to the PA range of NewISP
• Changing from PI (or UNSPECIFIED) to PA
• Only if amount is above LIR’s AW
• Procedure made easier to encourage renumbering
• More info: http://www.isi.edu/div7/pier/
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
70
Renumbering Request
• Complete ripe-141 request form
• Double check current addresses in DB
– whois -L <customer’s IP range> => UpstreamISP inetnum
– whois -m <UpstreamISP range>
• Show how addresses were used
• Show how new addresses will be used
• Time frame guidelines - 3 months
address-space-returned:
195.100.35/24 to UpstreamISP1 in 20000901
194.200.70/24 to UpstreamISP2 in 20001001
...
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
71
Renumbering Many Customers
• If all ‘1-1’ renumberings
– include all in one request form
• making procedure easier
– separate inetnum and addressing plan for each
• “50% utilisation” guideline
• If not ‘1-1’
(customer will need more addresses)
– send one request per customer
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
72
After the Return Date
• If you are the “new” ISP for this customer
– encourage your customer to renumber their whole
network to your address space
• If you are the “old” ISP of this customer
– make sure you remove data from RIPE Database
• Hostmasters send regular reminders
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
73
Questions?
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
74
Assignment Window
Policies and Procedures
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
75
Assignment Window Policy
• Assignment Window
– maximum amount of address space LIR can
assign without prior approval of the NCC
 initially AW equals zero
 gradually raised
• Why necessary?
–
–
–
–
support to LIRs during start up
familiarisation with RIPE NCC procedures
align criteria for request evaluation
maintain contact between LIRs and RIPE NCC
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
76
Initially: AW=0
• Send
EVERY customer’s request
and
EVERY request for assignment to your own
infrastructure / network
to the RIPE NCC for evaluation
• Separate request forms needed
• Do not send too many at the same time
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
77
When is AW Size Raised
• Understood procedures
• Complete NCC documentation
• Experience
– with RIPE Database
– different policies
– evaluating and processing requests

Not always automatically
 approach us
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
78
When is AW Size Lowered
• New staff need training
 After negative auditing report
 To enforce payment
To find out the AW size
– asm-window line
– write to <[email protected]>
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
79
Assignment Window Size
Assignment
Window
AW =0
AW =/28
AW =/27
AW =/26
Local IR Assignment limit
(host addresses)
All new Registries
requests 16 addr
requests  32 addr
requests  64 addr
...
...
AW =/22
AW =/21
requests  1024 addr
requests  2048 addr
…


Increasing
Responsibility
of Local IR
...
AW size corresponds to average size of requests
AW is per 12 months per customer
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
80
Assignment Process
Between Local IR’s and their customers
Gathering
information
Documentation
completed?
yes
Evaluation
LIR Evaluate
request
no
ask for more
Documentation
no
no
request > AW?
need 2nd opinion?
yes
Approach RIPE NCC
Local Internet Registries Tutorial
.
ye
s
Finish the assignment
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
81
Assignment Process
( Finish the assignment )
( Approach RIPE NCC )
Pick
addresses
Complete the
request form
Add Registry ID
Update local
records
Add comments &
recommendations
Update RIPE
database
Send to RIPE NCC
Wait for
acknowledgement
<[email protected]>
RIPE NCC
evaluates &
approves
Notify
customer
( Finish the assignment )
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
82
Questions?
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
83
New allocation
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
84
Allocation Procedures
• ‘Slow Start’
– first allocation /20
• LIR announces the whole prefix
– size of future allocations depends on current usage rate
• presumably enough for next two years
• not always contiguous
• Motivation for ‘slow start’
– fair distribution of address space
– keeps pace with customer base growth
– slows down exhaustion of IPv4 address space
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
85
Motivation for
‘No Reservations’ Policy
• Def.: Address space set aside for future use
• Reservations may never be claimed
– customers may need more (or less) address space
than is reserved
• Administrative convenience not catered for
• Fragments address space =>
– requesting new allocation appropriate when
previous allocated space used ~ 80% !
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
86
Requesting New Allocation
• Send request to <[email protected]>
• NOT ripe-141 form
• NEWBLOCK in subject line
– summary of addresses assigned / free
– list assignments of the last allocation
Suggested format:
Allocation: 195.35.64.0/19
assigned: 7372
free: 820
Range
195.35.64.0 - 195.35.65.191
195.35.80.0 - 195.35.80.127
195.35.80.128 - 195.35.80.159
195.35.88.0 - 195.35.88.31
...
Local Internet Registries Tutorial
.
Netname
BLUELIGHT-1
GODY2SHOES-1
CYB-FAL
ENGOS-1
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
87
Evaluation of
New Allocation Request
• Are LIR’s records consistent with
• RIPE NCC’s local records
• RIPE database
– RIPE NCC wants to see 3 random requests
• Are all assignments valid?
• within AW
• correct netname attribute & the date
• Quality of RIPE DB records
• up-to-date person & role objects
• no overlapping inetnum objects
• Tool available: asused-public
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
88
Prior to Making New Allocation
• If inconsistencies are found
– LIR will be asked to correct data first
– AW is reviewed
• When data is corrected
or deadline for correction is set
– RIPE NCC
• allocates new block to LIR
 updates the DB
• LIR announces new prefix
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
89
Allocation inetnum Object
inetnum:
netname:
descr:
country:
admin-c:
tech-c:
status:
mnt-by:
mnt-lower:
changed:
changed:
source:
Local Internet Registries Tutorial
195.35.64.0 - 195.35.127.255
NL-BLUELIGHT-19990909
Provider Local Registry
NL
JJ231-RIPE
JAJA1-RIPE
ALLOCATED PA
RIPE-NCC-HM-MNT
BLUELIGHT-MNT
[email protected] 19990909
[email protected] 20000303
RIPE
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
90
Questions?
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
91
The End ...
… unless there is still some time for…
• Reverse Delegation
• AS Numbers
• Advanced database issues
– protecting your data
• Advanced reverse delegation
• Routing Registry
• Administrivia
–audit activity, billing, closing LIR
• IPv6
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
92
Reverse Delegation Procedures
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
93
What is Forward and Reverse
DNS Delegation ?
• Forward Delegation
– enables naming of IP hosts on the Internet
– hierarchical authority for domain registration
• organisational structure
• Reverse Delegation
– enables association of IP addresses with domain names
– hierarchical authority for reverse zone
• depends on who distributed the address space
– reverse delegation takes place on octet boundaries
(classful)
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
94
IN-ADDR.ARPA Domain
.
(ROOT)
nl
edu
arpa
com
net
bluelight
amsterdam
in-addr
www 195.35.65.130
217 212
213
193
195
194
62
35
Forward mapping
(A 195.35.65.1)
65
Reverse mapping
130 = 130.65.35.195.in-addr.arpa
(PTR www.bluelight.nl)
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
95
Why Do You Need
Reverse DNS Delegation ?
• All host-IP mappings in the DNS (A record)
should have a corresponding IP-host mapping
(PTR record)
• Failure to have this will likely
– block users from various services (ftp, mail)
– make troubleshooting more difficult
– produce more useless network traffic in general
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
96
Overview of the
Request Procedure
• LIRs have to request reverse delegation
• /24 zones are delegated
– to LIR / end-user
– as the address space gets assigned
• Steps
 valid assignment of address space
 /24 reverse zone setup
 on LIR or end-users nameserver(s), or both
 send domain object to <[email protected]>
• include Reg-ID
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
97
“Valid” Assignment
• According to ripe-185 policies
 Within “Assignment Window”
- or approved from RIPE NCC Hostmaster
• inetnum object registered in RIPE Database
– netname attribute is NCC's only reference if
assignment approved
• do NOT change netname without notifying
<[email protected]>
 this is mentioned when we approve your IP requests
– registered after the approval date
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
98
/24 Reverse Zone Setup
Recommendations
• At least two nameservers required
– one nameserver setup as primary
– at least one other as secondary
• SOA values reasonably RFC1912 compliant
• Nameservers not on same physical subnet
– preferably with another provider
• Serial numbers YYYYMMDDnnn format
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
99
Example domain Object
*
domain: 80.35.195.in-addr.arpa
descr:
Reverse delegation for Bluelight Customers
admin-c: JJ231-RIPE
tech-c: JAJA1-RIPE
zone-c: WF2121-RIPE
nserver: ns.bluelight.nl
nserver: ns2.bluelight.nl
mnt-by: BLUELIGHT-MNT
changed: [email protected] 19991110
source: RIPE
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
100
Request the Delegation
• Send domain template to <[email protected]>
– an automatic mailbox
• Tool will
– check assignment validity
– check if zone is correctly setup
– (try to) enter object to RIPE DB
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
101
Problems with inaddr Robot?
• Error report will be sent to requester
– correct errors and re-send
• For questions see FAQ
• If error reports continue
– contact <[email protected]>
– please include the full error report
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
102
< /24 Delegations
Reverse delegation is also possible for a /24 shared by
more customers
=> NOT reason for classfull assignments
• RIPE NCC reverse delegate authority for the entire
/24 to LIR
– procedure and requirements the same as for /24
• If customer wants to run own primary nameserver
– LIR delegates parts as address space gets assigned
– use CNAME to create an extra point of delegation
(RFC-2317)
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
103
CNAME Example
Zonefile at Provider Primary Nameserver
$ORIGIN 80.35.195.in-addr.arpa.
0-31
0-31
32-71
32-71
IN
IN
IN
IN
NS
NS
NS
NS
ns.goody2shoes.nl.
ns2.bluelight.nl.
ns.cyberfalafel.nl.
ns2.bluelight.nl.
0
1
...
31
IN
IN
CNAME
CNAME
IN
CNAME
32
33
...
71
IN
IN
CNAME
CNAME
IN
CNAME
72
IN
PTR
Local Internet Registries Tutorial
0.0-31
1.0-31
...
31.0-31
32.32-71
33.32-71
...
71.32-71
www.qwerty.nl.
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
104
Questions?
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
105
Autonomous System Numbers
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
106
Policy Based Routing
end-user
end-user
AS2
Internet
AS2
ISP
AS3
Backbone
Provider
Regional Transit Provider
BlueLight
Goody2Shoes
NEW
Internet
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
107
Autonomous System
• Definition:
a group of IP networks run by one or more network
operators which has a unique and clearly defined
routing policy
• RIR is allocated a range of AS numbers by IANA
– 16 bit number
• RIR assigns unique AS number
– for LIR or for the customer
* AS number, routing policy and originating routes
are registered in the Routing Registry
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
108
How To Get an AS Number ?
• Complete request form: ripe-147
– aut-num object template
• contact person(s)
 mntner object template
– address space to be announced with this AS#
• Send to <[email protected]>
– web syntax check: http://www.ripe.net/cgi-bin/web147cgi
• Being multihomed and routing policy are
mandatory!
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
109
RIPE-181 Language
• RIPE-181 used to describe routing policies
• Developed in PRIDE project
– accepted in IRR and translated into RFC-1786
• Example syntax:
aut-num: NEW
as-out: to AS3 announce NEW
as-in:
from AS2 200 accept AS2
• Cost defines the preference
– the lower the cost, the more preferred route
– cost relative per aut-num object
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
110
AS Example #1
Internet
aut-num: AS3
as-out: to NEW announce ANY
as-in: from NEW 10 accept NEW
AS3
AS2
NEW
aut-num: NEW
aut-num: AS2
as-out: to AS2 announce NEW
as-in: from AS2 10 accept AS2
as-in: from AS3 100 accept ANY
as-out: to AS3 announce NEW
as-in: from NEW 20 accept NEW
as-out: to NEW announce AS2
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
111
AS Example #2
Internet
aut-num: AS3
as-out: to NEW announce ANY
as-in: from NEW 10 accept NEW
AS3
AS2
NEW
aut-num: NEW
aut-num: AS2
as-out: to AS2 announce NEW
as-in: from AS2 10 accept AS2
as-in: from AS3 100 accept ANY
as-out: to AS3 announce NEW
as-in: from AS2 200 accept ANY
as-in: from NEW 20 accept NEW
as-out: to NEW announce AS2
ANY
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
112
Registration in RIPE Database
• Evaluation
• RIPE NCC hostmaster
- creates aut-num object (and maintainer)
- informs requester
• User is responsible for keeping up to date
– routing policy
– referenced contact info (person/role, mntner)
• RIPE NCC hostmaster regularly checks
consistency of data in Routing Registry
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
113
aut-num Object
*
aut-num: AS42
NEW
descr:
Bluelight AS#
as-in:
from AS2 10 accept AS2
as-in:
from AS2 200 accept ANY
as-in:
from AS3 100 accept ANY
AS42
as-out: to AS3 announce NEW
AS42
as-out: to AS2 announce NEW
default: AS2 5
admin-c: JJ231-RIPE
tech-c: JAJA1-RIPE
mnt-by: NEW-MNT
BLUELIGHT-MNT
changed: [email protected] 19991010
source: RIPE
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
114
Questions?
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
115
Advanced Database Issues
• DB administration
– using role object
– updating
– deleting
• Protection
• Test Database
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
116
‘role’ Object
% whois -h whois.ripe.net -t role
role:
address:
phone:
fax-no:
e-mail:
trouble:
admin-c:
tech-c:
nic-hdl:
remarks:
notify:
mnt-by:
changed:
source:
[mandatory]
[mandatory]
[optional]
[optional]
[mandatory]
[optional]
[mandatory]
[mandatory]
[mandatory]
[optional]
[optional]
[optional]
[mandatory]
[mandatory]
Local Internet Registries Tutorial
.
[single]
[multiple]
[multiple]
[multiple]
[multiple]
[multiple]
[multiple]
[multiple]
[single]
[multiple]
[multiple]
[multiple]
[multiple]
[single]
[primary/look-up key]
[]
[]
[]
[look-up key]
[]
[inverse key]
[inverse key]
[primary/look-up key]
[]
[inverse key]
[inverse key]
[]
[]
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
117
Role Object for Contact Persons
role:
description:
admin-c:
tech-c:
tech-c:
email:
trouble:
nic-hdl:
notify:
notify:
mntner:
changed:
source:
BlueLight Contact Role
Hostmaster for Blue Light BV
JAJA1-RIPE
AB321-RIPE
WF2121-RIPE
[email protected]
24/7 phone number: +31-60-123-4567
BL112-RIPE
[email protected]
[email protected]
BLUELIGHT-MNT
[email protected] 20000202
RIPE
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
118
Inverse Lookups in RIPE DB
• whois -i admin-c,tech-c,zone-c JAJA1-RIPE
– whois -i admin-c,tech-c,zone-c -T domain JAJA1-RIPE
– whois -i zone-c JAJA1-RIPE
– whois -r -i admin-c,tech-c -T role JAJA1-RIPE
• whois -i notify [email protected]
• whois -i notify [email protected]
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
119
Recursive Lookups
• whois 193.35.64.82 => inetnum,route,person(s)
–
–
–
–
whois -r 193.35.64.82
=> inetnum, route
whois -T inetnum 193.35.64.82 => inetnum,persons
whois -r -T inetnum 193.35.64.82 => inetnum
whois -T route 193.35.64.82
=> route
• whois 62.80.0.0 => inetnum, role, person
– whois CREW-RIPE => role, persons
– whois -r CREW-RIPE => role
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
120
DB Update Procedure
• Changing an object
– make needed changes
– keep the same primary key
– add the changed line to the new version of object
• value: email address and date
* do not forget authentication (password, PGP key)
 Deleting an object
– add delete line to the exact copy of current object
– value: email address, reason and date
– submit to the database
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
121
Case Study -- Replacing Tech-c
1. whois -i tech-c JAJA1-RIPE
2. Create new person object (for Carl Dickens, new guy)
3. Change the tech-c reference in all inetnum objects
4. Delete old person object
Inetnum:
person:
person:
JAJA1-RIPE
CD2-RIPE
195.35.64.80
JAJA1-RIPE
CD2-RIPE
...
Inetnum:
195.35.64.130
CD2-RIPE
JAJA1-RIPE
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
122
Replacing tech-c Using role Object
1. Create person object for each tech-c
2. Create role object for all tech-c:s
3. Change the tech-c reference in all inetnum
objects to reference role object
4. Keep role object up-to-date with staff changes
role:
person:
person:
195.35.64.80
BL112-RIPE
JJ231-RIPE
JJ231-RIPE
...
JJ231-RIPE
CD2-RIPE
BL112-RIPE
CD2-RIPE
195.35.64.130
BL112-RIPE
JJ231-RIPE
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
123
Deleting an Object (example)
person:
Piet Bakker
address: Goody 2 Shoes
address: Warmoesstraat 1
address: Amsterdam
phone:
+31-20-666 6666
e-mail:
[email protected]
nic-hdl:
PIBA2-RIPE
changed: [email protected] 19991010
source:
RIPE
delete: [email protected] duplicate object 20000202
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
124
Protecting DB Objects
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
125
Notification / Authorisation
• notify attribute (optional)
– sends notification of change to the email address
specified
 mnt-by attribute & mntner object
– objects that contain mnt-by must pass the
authentication rules in the mntner object
 Hierarchical authorisation for inetnum & domain
objects
– mnt-lower attribute
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
126
How To Protect DB Data
• Read documents (ripe-157, ripe-189)
 choose authentication method
 Create mntner object
• Existing objects must be changed
– include mnt-by attribute referencing mntner object
• When creating new objects
– include mnt-by attribute referencing mntner object
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
127
Authorisation Mechanism
inetnum:
netname:
descr:
195.35.64.0 - 195.35.65.191
BLUELIGHT-1
Blue Light Internet
…………..
mnt-by: BLUELIGHT-MNT
mntner:
descr:
admin-c:
tech-c:
auth:
upd-to:
mnt-nfy:
mnt-by:
changed:
source:
BLUELIGHT-MNT
Maintainer for all Bluelight objects
JJ231-RIPE
BL112-RIPE
CRYPT-PW q5nd!~sfhk0#
[email protected]
[email protected]
BLUELIGHT-MNT
[email protected] 19991112
RIPE
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
128
Maintainer Object Attributes
 auth attribute (mandatory, multiple)
• upd-to attribute (mandatory)
– notification for failed updates
• mnt-by attribute (mandatory)
– can reference the object itself
• mnt-nfy attribute (optional)
– works like notify but for all objects that refer to this
maintainer object
• Manual registration of object necessary
• Send object to <[email protected]>
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
129
Authentication Methods
1. auth: NONE
• could be used with mnt-nfy attribute
2. auth: MAIL-FROM {e-mail, reg-exp}
– e.g. MAIL-FROM .*@bluelight\.nl
• protection from typos
3. auth: CRYPT-PW {encrypted password}
• include password attribute in your updates
4. auth: PGP-KEY-<argument>
key-cert object
see: ripe-190 & ripe-189
RIPE NCC can provide you with a licence for free
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
130
Hierarchical Authorisation
inetnum:
195.35.64.0 - 195.35.95.255
netname: NL-BLUELIGHT-19990909
…
...
status:
ALLOCATED PA
mnt-by:
RIPE-NCC-HM-MNT
mnt-lower: BLUELIGHT-MNT
changed: [email protected] 19990909
changed: [email protected] 19991112
TEST
 source:
• Ask <[email protected]> for mnt-lower attribute
• mnt-lower protects
– only against creation
– only one level below
• Include also in assignment inetnum objects
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
131
Test Database
• Non-production DB
• Similar interface as “real” Database
– whois & email
• whois -h test-whois.ripe.net ; [email protected]
– syntax checking
– error reports
• Enable to submit your own maintainer
• Ideal for testing
– various authorisation schemes
– self-made scripts that update RIPE DB
• Source: TEST
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
132
Advanced Reverse Delegation
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
133
Reverse Delegation of Multiple /24
– for range of consecutive zones
– represented in single inetnum object
• Shorthand notation for domain attribute
inetnum: w.z.x.0 - w.z.y.255 212.73.10.0-212.73.15.255
domain: x-y.z.w.in-addr.arpa 10-15.73.212.in-addr.arpa
• Submit as one domain object
• Processed separately
• Separate response
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
134
Reverse Delegation
of /16 Allocation
• If a LIR has a /16 allocation, the RIPE NCC can
delegate the entire reverse zone to the LIR
• Requirements and procedures the same as /24,
except
– /16 domain object
– three nameservers needed
– ns.ripe.net a mandatory secondary
• After delegation LIR
– should continue to check sub-zone setup before
further delegation
– recommended use of the inaddr robot TEST keyword
or web check
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
135
Changing Delegation
• Change the nserver lines in domain object
– submit domain object to <[email protected]>
• To change contact details in domain object
– submit updated object to <[email protected]>
• Deleting a delegation is automatic
– include delete attribute to the exact copy of the object
– send to <[email protected]>
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
136
Common Errors
• DB / request inconsistency
(netname attribute, update date)
• IP addresses instead of names of nameservers
in domain object
• Trying to get reverse delegation for /19
allocation
– has to be on octet boundaries
– send request for each /24 as it becomes used
• DNS setup (RFC-1912)
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
137
Changes With New Robot
•
•
•
•
•
•
•
•
•
Requests accepted only with Reg-ID
No RIPE DB updates necessary
No zone transfer necessary
Deletion requests handled (almost) automatically
Request for each zone processed separately
Successfully passed checks cached
Shorthand notation for ranges of objects
Delegation checks possible via web interface
LONGACK and CHANGE keywords no more
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
138
Useful DNS Tools
• nslookup (part of BIND)
• host
• dig
• More detailed info
– http://www.dns.net/dnsrd/tools.html
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
139
Questions?
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
140
Routing Registry
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
141
Internet Routing Registry (IRR)
• Goals of the IRR
– consistency and stability of routing
– enable development of tools to use information
• Local IR responsibilities
– register policy information in RR
– maintain RR information
• Regional IR responsibilities
– assigning Autonomous System Numbers
– consistency checking of data
– maintenance of RR support tools
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
142
Internet Routing Registry
• Globally distributed DB with routing policy information
–
–
–
–
–
provides a map of global routing policy
shows routing policy between any two ASes
allows simulation of routing policy effects
enables router configuration
provides contact information
• RIPE Routing Registry
– subset of information in RIPE database
– syntax description in ripe-181
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
143
Global Internet Routing Registry
IRR
APNIC
RIPE RR
RADB
...
C&W
ARIN
http://www.radb.net/docs/list.html
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
144
Routing Registry Objects
• aut-num
 route
 as-macro
• community
• dom-prefix
• inet-rtr
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
145
The Route Object
route:
descr:
origin:
mnt-by:
changed:
source:
195.35.64/19
BLUELIGHT-NET
AS42
BLUELIGHT-MNT
[email protected] 19991010
RIPE
• Represents a “route” in the Internet
• This route originates in AS42
• Only one origin recommended
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
146
“cross-mnt” Attribute in
“aut-num” Object
route: 195.35.64/19
origin: AS42
[…]
route: 195.35.74/25
origin: AS9999
(new)
[…]
aut-num: AS42
cross-mnt: BLUELIGHT-MNT
[…]
mntner: BLUELIGHT-MNT
mnt-nfy: [email protected]
[…]
<[email protected]> gets a notification
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
147
as-macro
as-macro: AS-ARCON
descr:
ARCON TML customers AS list
as-list:
AS8955 AS6809 AS12500 AS-MACRO-B
tech-c:
BZ318-RIPE
admin-c: VV82
mnt-by:
ARCON-MNT
changed: [email protected] 19990914
source:
RIPE
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
148
as-macro Usage
aut-num:
descr:
...
as-out:
as-out:
...
AS8955
ARCON Autonomous System
aut-num:
descr:
descr:
as-in:
...
AS8563
DirectNet Autonomous System
JSC DirectNet Telecommunications
from AS8955 100 accept AS-ARCON
to AS8563 announce AS-ARCON
to AS2854 announce AS-ARCON
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
149
whois Flags in RR
• whois -T route 195.35.64/19
• whois -i origin AS42
• whois -i mnt-by BLUELIGHT-MNT
• whois -i cross-mnt BLUELIGHT-MNT
• whois -v as-macro
• whois -a <IP address or range>
• whois -h whois.arin.net <IP address or range>
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
150
RR Tools
• RAToolSet
• sources: http://www.isi.edu/ra/*
–
–
–
–
AS Object Editor (aoe)
Aggregation optimisation (CIDR Advisor)
Configuration (rtconfig)
Visualisation Tool (ASExplorer)
– IRRj http://www.merit.net/ipma/javairr/irr.html
• java interface to IRR
– prtraceroute
• Looking glasses
– http://www.ripe.net/cgi-bin/looking-glass
– http://www.traceroute.org/
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
151
Special Projects
(Part of RIPE NCC Public Services)
• Routing Information Service
– collect routing information
• between Autonomous Systems (AS)
• development over time
– information available to the RIPE community
– improve network operations
• Routing Registry Consistency Project
– improve data quality in the Internet routing registry
– improve data accessibility and processing capabilities
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
152
Next Generation - RPSL
• New language is being developed: Routing
Policy Specification Language
– allows for more refined policy details
– will eventually replace ripe-181
– transition to RPSL will be smooth
• Test
– rpslii.ripe.net
• Re-implementation
– reimp.ripe.net at port 43
– <[email protected]>
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
153
Questions?
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
154
Administrivia
• Audit
• Billing
• Closing
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
155
Audit Motivation
• Audit Activity is a service
– requested by the community
– ensure equal treatment
– LIR can ask for an audit
• Help LIRs to
– keep RIPE Database tidy
– keep up-to-date with new policies
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
156
Audit Activity
• Described in ripe-170
• Initiated for
–
–
–
–
infrequent contact with the RIPE NCC
random selection
referral by Hostmaster
(anonymous) LIR complaint
• Audit procedure
– LIR answers list of questions
– RIPE NCC check database
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
157
Audit Steps
• When LIR responds
– discuss the issue(s) & try to resolve them
– review AW size
• If LIR does not co-operate
– send reminders & phone
– still no reaction
• further actions taken
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
158
Billing Procedure
• LIRs pay yearly fee (based on size)
– ripe-198
• If payment is late - email reminders
– 1st phase - 4 weeks after the invoice
• no action taken
– 2nd phase - 2 weeks afterwards
• lower AW to 0
• mnt-lower on allocation
– 3rd phase - 2 weeks afterwards
• service level NONE
– if still no payment …
• Discuss payment / invoices
– <[email protected]>
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
159
Closing / Takeover
of the Registry
1) Registry closes completely
2) Registry takes over another registry and one closes
3) Registry takes over another registry and both remain open
4) Non-registry takes over a registry
...
• Contact <[email protected]> for details
• address space issues
• billing issues
• new service agreement
• No need to change current Reg-ID
• neither after company changes the name
• additional ‘start-up’ fee is being charged
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
160
Questions?
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
161
IPv6
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
162
Why IPv6?
• Next generation protocol
– scalability -- 128 bits addresses
– security
– dynamic hosts numbering
• Interoperable with IPv4
• simple and smooth transition
– hardware vendors
– applications
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
163
IPv6 Introduction
• Current format boundaries
|-3|--13-|--13-|-6-|--13-|--16--|------64 bits-----|
+--+-----+-----+---+-----+------+------------------+
|FP|-TLA-|-sub-|Res|-NLA-|--SLA-|---Interface ID---|
|--|-ID--|-TLA-|---|--ID-|--ID--|------------------|
|----public topology ----|-site-|-----Interface----|
+--+-----+-----+---+-----+------+------------------+
/23 /29 /35
/48
/64
• Classfull; another level of hierarchy
– (sub)TLA
– NLA
– SLA
• Hexadecimal representation of addresses
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
164
IPv6 Allocation Policies
• "Provisional IPv6 Assignment and Allocation Policy Document”
(ripe-196)
– discussion on [email protected] and [email protected]
• Bootstrap Phase Criteria
Peering with 3  Ases
AND
Plan to provide IPv6 services within 12 months
 40 IPv4 customers
AND either
OR
6bone experience
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
165
IPv6 Allocations
• Request form (ripe-195)
• ”Slow start”
– first allocation to a TLA Registry will be a /35 block
• representing 13 bits of NLA space
– additional 6 bits reserved by RIR for the allocated
sub-TLA for subsequent allocations
• Reverse Delegation of an IPv6 Sub-TLA
– http://www.ripe.net/reverse/
• IANA allocations
– APNIC
– ARIN
– RIPE NCC
Local Internet Registries Tutorial
2001:0200::/23
2001:0400::/23
2001:0600::/23
.
RIPE 37, Amsterdam 12-15 2000.
(12 subTLAs)
( 4 subTLAs)
(19 subTLAs)
.
http://www.ripe.net
166
Database Object
inet6num:
netname:
descr:
descr:
country:
admin-c:
admin-c:
tech-c:
status:
mnt-by:
mnt-lower:
changed:
source:
Local Internet Registries Tutorial
2001:0600::/23
EU-ZZ-2001-0600
RIPE NCC
European Regional Registry
EU
MK16-RIPE
DK58
OPS4-RIPE
SUBTLA
RIPE-NCC-HM-MNT
RIPE-NCC-HM-MNT
[email protected] 19990810
RIPE
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
167
Questions?
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
168
Questionnaire
Please, complete the questionnaire
• precious feedback
• constant improvement
Thank you
www.ripe.net/ripencc/mem-services/training/lir-questionnaire.html
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
169
RIPE NCC
Recycling Procedures
Please return the reusable badges.
Thank you
[email protected]
Local Internet Registries Tutorial
.
RIPE 37, Amsterdam 12-15 2000.
.
http://www.ripe.net
170