Engineering Report

Mark Kosters

Staffing• Operations

– 7 operations engineers + 2 managers (AT FULL STRENGTH)

• Development– 8 programmers + manager (AT FULL STRENGTH)

• New PM taken from engineering• New hire - filled vacancy going to PM

• Quality Assurance– 4 engineers, 1 contractor + manager (One vacancy)

• Project Management – 1 (AT FULL STRENGTH)• CTO – 1 (Working more on weights to be FULL

STRENGTH)

2

YTD Efforts• Focus on ACSPs• Work underway for sharing ticket information – Important for transfers

• RPKI– Mopping up work– Migration from IBM 4764 to IBM 4765 HSMs

• Migration from Oracle to PostgreSQL complete!

• Movement from EMC to NetApp underway

3

YTD Efforts Cont…• DNSSEC

– Making updates near realtime– Hardening of key management

• Fault Tolerance Improvements– More efficient system backups– Moving Production Systems from ARIN HQ to Colo– Moving backend services to real hardware when

merited• Corporate Help Desk and IT Support• ARIN Member Meeting Support• Care and Feeding of Servers & Network

– Includes new systems provisioning with Puppet and Foreman

• OT&E4

OT&E

• Operational Test & Evaluation– Place to test code– Place to test process

• Replicated Core services– Reg-RWS (provisioning API)–Whois-RWS (directory API)–Web Interface– RPKI suite

5

YTD Efforts Cont…

• Security Audit by Foreground Security

• IETF Participation– SIDR, RPKI GTA, WEIRDS (RDAP)

• ICANN Participation– SSAC– RSSAC– Technical Advisory Group

6

YTD Efforts PostgreSQL

• We had a successful conversion• Validation of 100% of all data from Oracle to

PostgreSQL– Hope to make the tool publically available for other

parties– Data integrity was paramount

• Noted in the PostgreSQL community– High Availability (HA) talk at PGConf NYC 2014– Exercised HA in the first week with a hardware failure on

the production DB node – no issues• Did have one failure

– Installed rsyslog for centralized logging– Ran into a buffering problem that occurred after a long

run– Resulted in short PostgreSQL outages on 2/15 and 2/257

ARIN Online Usage

• 81,984 accounts activated since inception through Q1 of 2014

8

200820092010201120122013

2014*

Number of Accounts Activated

5000 10000 15000 20000

* Through Q1 of 2014

Active Usage of ARIN Online

9

0 1 2 - 5 6 - 10 11 - 15

>160

10000

20000

30000

40000

Logins

# o

f U

sers

Times logged in

• Logins from inception through Q1 of 2014

Reg-RWS Transactions

10

ARIN 29 ARIN 30 ARIN 31 ARIN 32 ARIN 33

Tem-plate

658853 980068 1373933 1730163 2175889

REST 28373 319865 835914 3500958 4270946

250000750000

1250000175000022500002750000325000037500004250000

TemplateREST

Reports Via REST

Via REST

Associations 176

Reassignments

25,219

WhoWas 253,135

11

• Requests from inception through Q1 of 2014

RPKI Usage

ARIN XXX ARIN XXXI ARIN XXXII ARIN33

RPAs Signed 27 72 130 162

Certified Orgs 47 68 108

ROAs 19 60 106 162

Covered Resources 30 82 147 258

Web Delegated 0 0 0

Up/Down Delegated 0 0

12

Whois Queries Per Second

13

2007-01

2007-04

2007-07

2007-10

2008-01

2008-04

2008-07

2008-10

2009-01

2009-04

2009-07

2009-10

2010-01

2010-04

2010-07

2010-10

2011-01

2011-04

2011-07

2011-10

2012-01

2012-04

2012-07

2012-10

2013-01

2013-04

2013-07

2013-10

2014-010.00

500.00

1000.00

1500.00

2000.00

2500.00

3000.00

3500.00

4000.00

RESTful

Port 43

2014-03

Whois via IPv6

14

2009

-01

2009

-03

2009

-05

2009

-07

2009

-09

2009

-11

2010

-01

2010

-03

2010

-05

2010

-07

2010

-09

2010

-11

2011

-01

2011

-03

2011

-05

2011

-07

2011

-09

2011

-11

2012

-01

2012

-03

2012

-05

2012

-07

2012

-09

2012

-11

2013

-01

2013

-03

2013

-05

2013

-07

2013

-09

2013

-11

2014

-01

2014

-03

0.00%

1.00%

2.00%

3.00%

4.00%

5.00%

6.00%

7.00%

Percentage of traffic over IPv6

IRR Maintainers

2011 2012 2013 2014

Maintainers 1726 1850 1951 2029

1550

1650

1750

1850

1950

2050

15

IRR Route / Route6

2011 2012 2013 2014

Route 18636 19969 21204 22370

Route6 242 527 698 871

316.227766016838

3162.27766016838

31622.7766016838

RouteRoute6

16

IRR InetNum / Inet6Num

2011 2012 2013 2014

InetNum 419 481 531 556

Inet6Num 13 25 38 43

31.6227766016838

316.227766016838

InetNumInet6Num

17

Interops• RPKI

– Up/Down now available – first use will probably be between the RIR’s

– Will begin interop using Up/Down for ERX space when APNIC is ready

• RDAP (IETF WEIRDS)– Participated in public interop with APNIC, RIPE NCC,

LACNIC, Afilias, VeriSign, CNNIC at IETF 89– ARIN has open source software at

http://projects.arin.net– Public testbed at http://rdappilot.arin.net/restfulwhois/

rdap– Other RIRs are following suit

18

RDAP

• Started at ARIN• Other RIR’s found it interesting• ICANN immensely interested

– Solves internationalized character problem– Structured data (no complicated parsing needed

to get what you need)– Navigation (no need to remember all these

whois sites)– Ability to run over a validated channel (https)– Ability to provide access control (allows for

partitioning of data and more privacy controls)

19

One of our Focuses

• We are a small engineering shop– Lots of demands– Attempting to provide exceptional service

• Creating API’s to core services– Allows YOU to create tools – Allows YOU to follow your timeline

• projects.arin.net (ACSP completed years ago)– If you find your tool is cool– Way to allow others to come find and use it

20

What we are working on• Finish up more ACSPs• DNSSEC on forward zones (arin.net/arin.com)• Making DNS changes near real-time• Moving the RDAP pilot into production• Further automation on transfers• Moving core production from ARIN HQ to colo• Moving SAN from EMC to NetApp

21

22

Comments?