Welcome!APNIC Members Training Course

Internet Resource Management Essentials

20 October 2003, Kuala Lumpur, Malaysia

In conjunction with the 1st ASEAN IPv6 Summit

Introduction

• Presenters

– John H’ng• <jhng@apnic.net>

– Champika Wijayatunga• <champika@apnic.net>

– Arth Paulite• <arth@apnic.net>

For any training queries <training@apnic.net>

Assumptions & Objectives

Assumptions– Are current or

prospective APNIC member

– Have not submitted many requests

– Are not familiar / up-to-date with policies

– Are not familiar with procedures

Objectives– Teach members

how to request resources from APNIC

– Keep membership up-to-date with latest policies

– Liaise with members Faces behind the

e-mails

Schedule

APNIC’s role in the Asia Pacific (5)

Internet Registry Policies (17)

Addressing Plan (40)

TEA BREAK (10:30 – 11:00)

Requesting an IP allocation (56)

IP Management (81)

LUNCH (12:30 – 13:30)

APNIC database (95)

Reverse DNS(141)

ASN (155)

TEA BREAK (15:30 – 16:00)

IRR (171)

IPv6(189)

Summary (216)

APNIC’s role in the Asia Pacific

Asia Pacific Network Information Centre

Overview

• What is APNIC?• Regional Internet Registry• APNIC structure

• What Does APNIC do ?• APNIC Membership services

• Why APNIC ?• APNIC resources• APNIC environment • APNIC responsibilities

Intro

What is APNIC?

• RIR for the Asia Pacific• Regional Internet Registry

– Regional authority for Internet Resource distribution

– IPv4 & IPv6 addresses, ASNs, reverse dns delegation

• Industry self-regulatory body– Non-profit, neutral and independent

• Open membership-based structure

Intro

APNIC Membership

HK 13%

IN 12%

PH 6%

SG 5%

JP 5%PK4%

TH4%

Pacific 3%

Other 5%

AU 23%

LK 1%ID 1%

BD 3%TW 3%

MY 4%

NZ 4%

CN 4%

AP 4%

Intro

Last Update – Oct 2003

APNIC is not…

• Not a network operator– Does not provide networking services

• Works closely with APRICOT forum

• Not a standards body– Does not develop technical standards

• Works within IETF in relevant areas (IPv6 etc)

• Not a domain name registry or registrar• Will refer queries to relevant parties

Intro

APNIC structure

• Industry self-regulatory structure– Participation by those who use Internet

resources– Consensus-based decision making

• Eg. Policy changes, db requirements etc

– Open and transparent

• Meetings and mailing lists– Open to anyone

Intro

APNIC regionIntro

Internet Registry structure

ICANN

ASO

APNIC ARIN RIPE NCCLACNIC

IANA

NIR LIR LIR

LIR ISP ISP

ISP ISP

ISPISP

ISP ISP

ISP ISP

LIR LIR

ISP ISP

Intro

APNIC Services & Activities

Resources Services• IPv4, IPv6, ASN,

reverse DNS• Policy development

– Approved and implemented by membership

• APNIC whois db– whois.apnic.net– Registration of

resources

Information dissemination• APNIC meetings• Web and ftp site• Mailing lists

– Open for anyone!

• Training Courses– Subsidised for members

• Co-ordination & liaison– With membership, other RIRs

& other Internet Orgs.

Intro

What is the APNIC community?

• Open forum in the Asia Pacific– Open to any interested parties

• Voluntary participation• Decisions made by consensus• Public meetings• Mailing lists

– web archived

• A voice in regional Internet operations through participation in APNIC activities

Policy dev

Definition – “Internet Community”

Global Internet Community

APNIC Internet Community

IETF

ISOC

Individuals

APNIC Members

APAN SANOG

ISP Associations

Questions ?

Internet Registry Policy Development

Overview

– Policy Development– Definitions– Background– Objectives & environment

Policy dev

Principles of policy development

• ‘Bottom up’, consensus based decision making– Community proposes and approves

policy– No policies implemented without

consensus of community

• Open and transparent– Anyone can attend– All decisions archived

Policy dev

Participation in policy development

• Why should I bother?– Responsibility as an APNIC member

• To be aware of the current policies for managing address space allocated to you

– Business reasons• Policies affect your business operating

environment and are constantly changing• Ensure your ‘needs’ are met

– Educational• Learn and share experiences• Stay abreast with ‘best practices’ in the

Internet

Policy dev

Definition – “Consensus”

• OED definition– “General agreement in opinion”

• Show of hands to judge ‘general agreement’– Often a count is taken to assist but is not

essential• Those in favour, those against and abstentions• Each attendee has one vote

• If difficult to judge, unlikely to be consensus– Final call by chair

Policy dev

Principles of policy development process

TRANSPARENT‘BOTTOM UP’

• All decisions & policies documented & freely available to anyone

• Anyone can participate

• Internet community proposes & approves policy

OPEN

Consensus based

Policy dev

Elements of the process

MemberMeeting

Working Groups

Birds of a Feather

Special InterestGroups

Open Policy Meeting&

Mailing Lists

SIGs: Formal groups which discuss broad areas of policy relevant to the APNIC internet community BOFs: Informal meetings to

exchange ideas eg. CA BOF, Network Abuse BOF, Training Need to hold at least one to form new SIG

WGs: semi formal, volunteer group tasked by a SIG to work on a particular project until completed eg. ‘Broadband’

MM: forum specific to APNIC business eg. fee structure, election of executive council & endorsement of policy decisions

Policy dev

How does it work? Self regulation in practice

New policy or amendment proposed

Endorsement by MM?

Report of consensus in SIG to MM

Consensus?

Implementation 3 months

Posted to SIG ML for discussion

Face to face discussions in public open forum (SIGs)

YES

YES

NO

NO

Policy dev

How to get your voice heard

• Contribute on the public mailing lists– http://www.apnic.net/community/lists/index.html

• Attend meetings– Or send a representative– Gather input at forums like SANOG

• Give feedback– Training or seminar events

• APNIC16, Seoul, KR, 19-22 August– Listen to multicast, stay informed– http://www.apnic.net/meetings

Policy dev

Definitions

RFC1519

Classful and Classless

• Classful (Obsolete)– Wasteful address architecture

• network boundaries are fixed at 8, 16 or 24 bits (class A, B, and C)

• Classless– Efficient architecture

• network boundaries may occur at any bit (e.g. /12, /16, /19, /24 etc)

• CIDR• Classless Inter Domain Routing architecture

– Allows aggregation of routes within ISPs infrastructure

Policies

Best CurrentPractice

RFC1518

RFC1517

Allocation and Assignment

Allocation“A block of address space held by an IR (or

downstream ISP) for subsequent allocation or assignment”

• Not yet used to address any networks

Assignment“A block of address space used to address an

operational network”• May be provided to LIR customers, or used for

an LIR’s infrastructure (‘self-assignment’)

Policies

Sub-Allocation

/22

/8

APNIC Allocation

Allocation and Assignment

/24

/20

Member Allocation

Customer Assignments/25

Policies

/26/27 /26

APNICAllocates

to APNIC Member

APNIC Member

Customer / End User

Assignsto end-user

Allocatesto downstream

Downstream Assigns

to end-user

Portable & non-portable

Portable Assignments– Customer addresses independent from ISP

• Keeps addresses when changing ISP

– Bad for size of routing tables– Bad for QoS: routes may be filtered, flap-

dampened

Non-portable Assignments– Customer uses ISP’s address space

• Must renumber if changing ISP

– Only way to effectively scale the Internet

Policies

Aggregation and “portability”

Aggregation

(Non-portable Assignments) (Portable Assignments)

No Aggregation

BGP Announcement (1) BGP Announcements (4)

ISP Allocation

Customer Assignments Customer Assignments

ISP

Policies

Objectives

APNIC Policies - objectives

• Conservation• Ensuring efficient use and conservation of resources

• Aggregation• Limiting growth of routable prefixes

• Registration• Registering the Internet resources in a public db

• Uniqueness• Global visibility

• Fairness and consistency• Equal consideration irrespective of external factors

Policies

Why do we need policies ?- Global IPv4 Delegations

Other Orgs (pre-RIR)

42%

Unallocated30%

"Special purpose"

14%

RIPE NCC4%

ARIN 6%

APNIC 4%

Policies

Growth of global routing table

last updated 29 Sep 2003

http://bgp.potaroo.net/as1221/bgp-active.html

DeploymentPeriod of CIDR

CIDR made it work for a while

But they cannot berelied on forever

Projected routing table growth without CIDR

ISPs tend tofilterlonger prefixes

Policies

Routing table prefix distribution

0 20000 40000 60000 80000 100000 120000 140000

Nov-01

Dec-01

Jan-02

Feb-02

Mar-02

Apr-02

May-02

Jun-02

Jul-02

Aug-02

Sep-02

Oct-02

Nov-02<16

16

17

18

19

20

21

22

23

24

>24

Last updated 29 Nov 2002

Policies

APNIC policy environment

“IP addresses not freehold property”– Assignments & allocations on license basis

• Addresses cannot be bought or sold• Internet resources are public resources• ‘Ownership’ is contrary to management goals

“Confidentiality & security”– APNIC to observe and protect trust relationship

• Non-disclosure agreement signed by staff

Policies

Questions ?

Internet Registry Procedures

Addressing Plan

Addressing plan

• To complete documentation– First need a technical PLAN

• Documenting the architecture of the present and eventual goal

– IP addressing is fundamental part of network design

– IP addressing ‘planning’ example to follow..

AddressingPlan

Some icons

Router (layer 3, IP datagram forwarding)

Network Access Server(layer 3, IP datagram forwarding )

Ethernet switch (layer 2, packet forwarding)

AddressingPlan

Addressing plan

• Identify components of network– Customer services– ISP internal infrastructure

• Identify phases of deployment– Starting off, 6 months, 12 months

• Identify equipment and topology changes– Need for redundancy– Need for increased scale

AddressingPlan

Network plan

• Starting off’

Leased line services 5-8 customers

Dialup services 16 modems

Interconnected resilience

UpstreamISP

15 hosts NOC

operations

10 hosts Internal DNS,Web

Mail servers

ISP Infrastructure

Customer services5 hostsVirtual web

(name based)

AddressingPlan

Network plan

WAN point to point /30

5 hosts

15 hosts

10 hosts

UpstreamISP

16 dialup modems

5-8 leased line customers

‘ip unnumbered’to customers

one loopback interface per assigned router /32

‘ip unnumbered’to upstream ISP

AddressingPlan

Addressing plan

•

network-plan: network-plan:network-plan:

analogue dialup modems, vendor ‘x’LAN -web hosting (Name-based hosting)5-8 leased line customers (/28)

network-plan:network-plan: network-plan: network-plan:

LAN -NOC and Ops managementLAN -mail,DNS, web servers internalloopback router interfacesrouter WAN ports (x 5 lines)

Initial addressing plan

16 51281510 4 2

- numbers of host addresses (interfaces)

AddressingPlan

Network plan

60 dialupmodems (2PRI)

30 leased linecustomers

11 hosts name-based

8 hosts- 2ndary Servers

25 hosts- NOC

16 hosts- Servers

60 dialupmodems (2PRI)

UpstreamISP

added new router and LAN for redundancy

added new dial up equipment

replaced originalmodem

increased number of leased line customers

increased number of hosts on all LANs

• 6 months later– scale increased– redundancy

AddressingPlan

Addressing plan

• Network plan at 6 months

6011512251662

- increases in hosts (interfaces)

New hardware

2 PRI dialup modems LAN-secondary servers

network-plan:network-plan:

0/0/

608

network-plan: network-plan:network-plan:

2 PRI dialup modems, vendor ‘y’LAN -web hosting (Name-based hosting)30 leased line customers (pool)

16/5/128/15/10/4/2/

network-plan:network-plan:network-plan: network-plan:

LAN -NOC and Ops managementLAN -mail,DNS, web servers internalloopback router interfacesrouter WAN ports (x 8 lines)

Changed description

AddressingPlan

Network plan

• 12 months total– site redundancy– greater complexity– efficiency 60 leased line

customersip unnumbered

11 hosts

8 hosts

35 host

240 dialupmodems (8PRI)

UpstreamISP A

240 dialupmodems (8PRI)

40 hosts

UpstreamISP B

added new customer router

redundancy of WAN connections

now numbered links for BGP4

two pieces of essential equipment

AddressingPlan

Addressing plan

•

network-plan: network-plan:network-plan:network-plan:

8 PRI dialup modems, vendor x8 PRI dialup modems, vendor y LAN -web hosting (Name-based hosting) 60 leased line customers (pool)

16/60/0/60/5/11/128/512/15/25/10/16/0/8/2/2/4/6

network-plan:network-plan: network-plan: network-plan:network-plan:

LAN -NOC and Ops managementLAN -mail,DNS, web servers internalLAN-secondary serversrouter WAN ports (x 8 lines)loopback router interfaces

Network plan at 12 months

24024011102040358212

-increases in hosts (interfaces)-one year total

AddressingPlan

Addressing plan

•

network-plan: network-plan:network-plan:network-plan:

8 PRI dialup modems, vendor x8 PRI dialup modems, vendor yLAN -web hosting (Name-based hosting)60 leased line customers (pool)

16/60/2400/60/2405/11/11128/512/102015/25/4010/16/35 0/8/8 2/2/2 4/6/12

network-plan:network-plan: network-plan: network-plan:network-plan:

LAN -NOC and Ops managementLAN -mail,DNS, web servers internalLAN-secondary serversrouter WAN ports (x 8 lines)loopback router interfaces

25625616102464648416

Can now determine subnet sizes

AddressingPlan

Addressing plan

– Addressing plan for network-plan– re-ordered large to small according to relative subnet size– determination of relative subnet addresses

network-plan: 0.0.0.0 1024 128/512/1020 60 leased line customers (pool)network-plan: 0.0.4.0 256 16/60/240 8 PRI dial up modems, vendor xnetwork-plan: 0.0.5.0 256 0/60/240 8 PRI dial up modems, vendor ynetwork-plan: 0.0.6.0 64 10/16/35 LAN -mail,DNS, web internalnetwork-plan: 0.0.6.64 64 15/25/40 LAN -NOC and Ops managementnetwork-plan: 0.0.6.128 16 5/11/11 LAN -web hosting (Name-based

hosting)

network-plan: 0.0.6.144 16 0/8/8 LAN -secondary serversnetwork-plan: 0.0.6.160 16 4/6/12 loopback router interfacesnetwork-plan: 0.0.6.176 4 2/2/2 router WAN ports (x8)

– cumulative total 0.0.6.208

AddressingPlan

Addressing plan

– Addressing plan for network-plan– connect to the Internet (full-time, part-time)?

network-plan: 0.0.0.0 255.255.252.0 YES 1024 128/512/1020 60 leased customers

network-plan: 0.0.4.0 255.255.255.0 PART 256 16/60/240 8 PRI dial up modems..

network-plan: 0.0.5.0 255.255.255.0 PART 256 0/60/240 8 PRI dial up modems..

network-plan: 0.0.6.0 255.255.255.192 YES 64 10/16/35 LAN -mail,DNS, web internal

network-plan: 0.0.6.64 255.255.255.192 YES 64 15/25/40 LAN -NOC & Ops mgmt

network-plan: 0.0.6.128 255.255.255.240 YES 16 5/11/11 LAN -web hosting (Name-based)

network-plan: 0.0.6.144 255.255.255.240 YES 16 0/8/8 LAN -secondary servers

network-plan: 0.0.6.160 255.255.255.240 YES 16 4/6/12 loopback router interfaces

network-plan: 0.0.6.176 255.255.255.252 YES 4 2/2/2 router WAN ports (x 8 )

AddressingPlan

– Addressing plan complete– total planned for customer assignments /22– total planned for ISP infrastructure /24 + /23

network-plan: 0.0.0.0 255.255.252.0 YES 1024 128/512/1020 60 leased line customersnetwork-plan: 0.0.4.0 255.255.255.0 PART 256 16/60/240 8 PRI dial up modems..network-plan: 0.0.5.0 255.255.255.0 PART 256 0/60/240 8 PRI dial up modems..network-plan: 0.0.6.0 255.255.255.192 YES 64 10/16/35 LAN -mail,DNS, web

internal network-plan: 0.0.6.64 255.255.255.192 YES 64 15/25/40 LAN -NOC & Ops mgmntnetwork-plan: 0.0.6.128 255.255.255.240 YES 16 5/11/11 LAN -web hosting (Name-based)

network-plan: 0.0.6.144 255.255.255.240 YES 16 0/8/8 LAN -secondary serversnetwork-plan: 0.0.6.160 255.255.255.240 YES 16 4/6/12 loopback router interfacesnetwork-plan: 0.0.6.176 255.255.255.252 YES 4 2/2/2 router WAN ports (x 8 lines )

– detailed, efficient and accurate

Addressing plan

AddressingPlan

Questions ?

Internet Registry Polices & Procedures

IP Request

IP Growth in Asia Pacific

Last Update 26 Sep 2003

0

16

32

48

64

80

96

112

128

144

160

176

Jan-96 Jan-97 Jan-98 Jan-99 Jan-00 Jan-01 Jan-02 Jan-03 Oct-03

Mil

lio

ns

OtherTWTHSGPKPHNZMYKRJPINIDHKCNAUAP

IPReq

IP address request

• Hostmaster Administrivia– <hostmaster@apnic.net> mailbox filtered

• Requires member account name– Subject: IP Address Request [CONNECT-AU]

• Ticketing system– Every request is assigned a ticket

• Please keep # in subject line of email eg.– [APNIC #14122] [CHINANET-CN]

• New staff at ISP– Require an ‘introduction’ to APNIC

• To ensure confidentiality

membersonly

IPReq

IP address request

More documentationand clarification by Member

no Member has

completed documentation?

Step 1

yes

Evaluation ofrequest by

APNIC - OK?

Step 2

yes

update localrecords

update APNICdatabase

NotifyMember

Step 3

Allocation by APNIC

no

Life Cycle

IPReq

IP address request - Overview

• Contact Details• Network Information• Existing Customer Network Information• Existing Infrastructure Network Information• Future Network Plan• Additional Information

IPReq

IP address request instructions

• Complete the documentation– ISP Address Request Form

• Web Form: – http://www.apnic.net/services/ipv4/

• Plain text– http://ftp.apnic.net/apnic/docs/isp-address-request

• The more detailed and precise– Fewer iterations with APNIC

• Quicker resolution time

• Read the quick tips!http://www.apnic.net/faq/isp-request-tips.html

APNIC-084

IPReq

Initial IPv4 allocation criteria

1a.Have used a /22 from upstream provider – Demonstrated efficient previous address usage

OR

1b.Show immediate need for /22• Can include customer projections & infrastructure

equipment

2. Detailed plan for use of /21 within a year

3. Renumber to new space within 1 year

– Meet all policy requirements• Applicants may be required to show purchase receipts

IPReq

Evaluation by APNIC

• All address space held should be documented– Check other RIR, NIR databases for

historical allocations

• ‘No reservations’ policy– Reservations may never be claimed– Fragments address space– Customers may need more or less address

space than is actually reserved

IPReq

APNIC allocation policies

• Aggregation of allocation– Provider responsible for aggregation– Customer assignments /sub-allocations must be

non-portable

• Allocations based on demonstrated need– Detailed documentation required

• All address space held to be declared

– Address space to be obtained from one source• routing considerations may apply

– Stockpiling not permitted

IPReq

APNIC allocation policies

• Transfer of address space– Not automatically recognised

• Return unused address space to appropriate IR

• Effects of mergers, acquisitions & take-overs– Will require contact with IR (APNIC)

• contact details may change• new agreement may be required

– May require re-examination of allocations• requirement depends on new network structure

IPReq

First allocation

• Must meet criteria• (discussed in policy section)

• Requires clear detailed and accurate request

• Implementation of ‘Best Current Practice’• Efficient assignments planned• Always a /20 ‘slow start’

• Exceptions made for very large networks but not common

IPReq

Subsequent allocations

• 80% overall utilisation• Unless large assignment pending

• Demonstrated conservative assignments

• Correct customer registrations in db• Need to fix inconsistencies before next allocation

• Allocation size to cover 1 year need• Based on previous utilisation rate

• Contiguous allocation not guaranteed• But every effort made

IPReq

Evaluation guidelines – Cable/DSL

• Bootstrap criteria– Simplified, optional criteria– Assumption of /24 per CMTS

• Subsequent allocation• CMTS devices per headend• 3 month subscriber projection • Average growth per month

– option: MRTG to support growth rate evaluation

• equipment purchase receipts

IPReq

Evaluation guidelines – Virtual web hosting

• Name based hosting – ‘Strongly recommended’

• Use ‘infrastructure’ field to describe web servers

• IP based hosting– Permitted on technical grounds

– SSL, virtual ftp..

– Use ‘infrastructure’ field to describe web servers

– Special verification for IP based– If more than /22 used for this purpose

– Requestor must send list of URLs of virtual domain and corresponding IP address

IPReq

Sub-allocations

• No max or min size– Max 1 year requirement

• Assignment Window & 2nd Opinion applies – to both sub-allocation & assignments

• Sub-allocation holders don’t need to send in 2nd opinions

Sub-allocation

/22

/24

/20Member Allocation

Customer Assignments

/25/26/27 /26Customer Assignments

IPReq

Sub-allocation guidelines

• Sub-allocate cautiously– Seek APNIC advice if in doubt– If customer requirements meet min allocation

criteria:• Customers should approach APNIC for portable allocation

• Efficient assignments– LIRs responsible for overall utilisation

• Sub-allocation holders need to make efficient assignments

• Database registration– Sub-allocations & assignments to be registered in

the db

IPReq

Address assignment policies

• Assignments based on requirements • Demonstrated through detailed documentation• Assignment should maximise utilisation

– minimise wastage

• Classless assignments• showing use of VLSM

• Size of allocation– Sufficient for up to 12 months requirement

IPReq

General assignment guidelines

• Static & Dynamic– Transient connections (dial-up)

• dynamic recommended

– Permanent connections • static assignments ok (1:1 contention ratio)

– (dynamic encouraged)

• IP unnumbered– Encouraged when possible

• Helps conserving IP addresses– statically routed, single-homed customer connections

(no BGP)

http://www.apnic.net/info/faq/ip_unnumb.html

IPReq

Small multihoming assignment policy

1a. Applicants currently multihomed OR

1b. Demonstrate a plan to multihome within 1 month

2. Agree to renumber out of previously assigned space

– Demonstrate need to use 25% of requested space immediately and 50% within 1 year

– Meet all policy requirements or have the assignment revoked

IPReq

IPv4 assignment policy for IXPs

Criteria– 3 or more peers– Demonstrate “open peering policy”– Not announce assignment to global

routing table

• APNIC has a reserved block of space from which to make IXP assignments

IXPs can apply for an assignment of /24 for Transit LAN

IPReq

Portable critical infrastructure assignments

• What is Critical Internet Infrastructure?– Domain registry infrastructure

• Root DNS operators, • gTLD operators• ccTLD operators

– Address Registry Infrastructure • RIRs & NIRs• IANA

• Why a specific policy ? • Protect stability of core Internet function

• Assignment sizes:– IPv4: /24 – IPv6: /32

IPReq

Overview of 2nd opinion Applicant information

Type of request

Network name

Future network plan

Customer’s existing networkCustomer assignments to end-sites

Sub-allocation infrastructure

Additional information

Confirm details

Contact details, password

IPv6 / IPv4, Assignment / Sub-allocation

Network name, description, countryPlanned IP usage

IPs held by customerIPs held by customer & customer’s customers

IPv4 Sub-allocations IPv4/IPv6 Assignments

Any additional info that may aid the evaluation

Check your details

IPReq

2nd opinion evaluation (policy)

• Efficiency– More than 50% used in any one subnet?– Can different subnet sizes be used?– More than 80% used for previous assignment?

• Stockpiling– Is all address space held declared on form?– Has organisation obtained address space from

more than one member/ISP?

• Registration– Is previous assignment in APNIC database and

are they correct and up to date?

IPReq

Customer assignment

• Member updates internal records– Select address range to be assigned– Archive original documents sent to APNIC– Update APNIC database

• Clarify status of address space – APNIC requirement is ‘Non portable’ – ‘Portable’ assignments are made by APNIC only

with the end-user request form• Organisation must have technical requirement

IPReq

Questions ?

IP Address Management

Revision of routing protocols

Interior Gateway Protocol (IGP)– Examples are OSPF, EIGRP, ISIS– Used to find optimum route to a host in ISP

network– Convergence becomes important with scaling

Border Gateway Protocol (BGP)– Can be interior (iBGP) and exterior (eBGP)– Used to carry traffic across your network and

to/from the Internet– Can use BGP attributes for routing policy

IP Mgmt

Principles of addressing

• Separate customer & infrastructure address pools

– Manageability• Different personnel manage infrastructure

and assignments to customers

– Scalability• Easier renumbering - customers are difficult,

infrastructure is relatively easy

IP Mgmt

Principles of addressing

• Further separate infrastructure– ‘Dynamic’ infrastructure for IGP

• Carrying network infrastructure addresses used by a routing protocol where alternate paths to host exist

• Eg. p2p addresses of backbone connections• Eg. router loopback addresses

– ‘Static’ infrastructure• Static routing of infrastructure (where no

alternative path exists) • Carry in iBGP

IP Mgmt

Principles of addressing

• Further separate infrastructure– ‘Static’ infrastructure examples

• RAS server address pools, CMTS• Virtual web and content hosting LANs• Anything where there is no dynamic route

calculation

• Customer networks• Carry in iBGP , do not put in IGP

– No need to aggregate address space carried in iBGP

– Can carry in excess of 100K prefixes

IP Mgmt

Hierarchy of routing protocols

BGP4 (iBGP)& OSPF/ISIS

Other ISPs

CustomersLocalNAP

eBGP Static/eBGP

BGP4 (eBGP)

FDDI

ISP Internal Network

IP Mgmt

Management - simple network

• First allocation from APNIC– Infrastructure is known, customers are

not– 20% free is trigger for next request

– Grow usage of blocks from edges– Assign customers sequentially

20%Customers p2p

Infrastructure

loo

ps

IP Mgmt

Management - simple network

• If second allocation is contiguous

– Reverse order of division of first block– Maximise contiguous space for

infrastructure• Easier for debugging

– Customer networks can be discontiguous

Customers Infrastructure 20%Infrastructure Customers

1st allocation 2nd allocation

IP Mgmt

Management - many POPs

• WAN link to single transit ISP

Server

POP1

POP2POP3

IP Mgmt

• POP sizes– Choose address pool for each POP according to need

– Loopback addresses• Keep together in one block• Assists in fault-resolution

– Customer addresses • Assign sequentially

Management - many POPs

Infrastructure

POP 1 POP2

loopbacks

Customer

IP Mgmt

Management - many POPs

• /20 minimum allocation not enough for all your POPs?– Deploy addresses on infrastructure first

• Common mistake:– Reserving customer addresses on a per POP

basis

• Do not constrain network plans due to lack of address space– Re-apply once address space has been used

IP Mgmt

Management - multiple exits

• WAN links to different ISPs

Server

POP1

POP2POP3

IP Mgmt

Management - multiple exits

• Create a ‘national’ infrastructure pool

– Carry in IGP• Eg. loopbacks, p2p links, infrastructure

connecting routers and hosts which are multiply connected

– On a per POP basis• Consider separate memberships if

requirement for each POP is very large from day one.

National Infrastructure

POP1 POP2 POP3 20% free

IP Mgmt

Questions ?

The APNIC Database

Usage, Protection and Updating

What is the APNIC database?

• Public network management database• Operated by IRs

• Tracks network resources• IP addresses, ASNs, Reverse Domains,

Routing policies

• Records administrative information• Contact information (persons/roles)• Authorisation

DB Intro

Object types

OBJECT PURPOSE

person contact persons

role contact groups/roles

inetnum IPv4 addresses

inet6num IPv6 addresses

aut-num Autonomous System number

domain reverse domains

route prefixes being announced

mntner (maintainer) data protection

DB Intro

http://www.apnic.net/db/

Object templates

whois -t <object type>

person: [mandatory] [single] [primary/look-up key]address: [mandatory] [multiple] [ ]country: [optional] [single] [ ]phone: [mandatory] [multiple] [ ]fax-no: [optional] [multiple] [ ]e-mail: [mandatory] [multiple] [look-up key]nic-hdl: [mandatory] [single] [primary/look-up key]remarks: [optional] [multiple] [ ]notify: [optional] [multiple] [inverse key]mnt-by: [mandatory] [multiple] [inverse key]changed: [mandatory] [multiple] [ ]source: [mandatory] [single] [ ]

% whois -h whois.apnic.net -t person

To obtain template structure*, use :

DB Intro

*Recognised by the RIPE whois client/server

Person object example

– Person objects contain contact information

person:

address:

address:address:

country:phone:

fax-no:

e-mail:

nic-hdl:mnt-by:

changed:source:

Attributes Values

Ajith SinghExampleNet Service Provider2 Main St, Mount courtWallis and Futuna IslandsWF+680-368-0844+680-367-1797kxander@example.comAS17-APMAINT-WF-EXasingh@example.com 20020731APNIC

DB Intro

What is a nic-hdl?

• Unique identifier for a person

• Represents a person object– Referenced in objects for contact details

• (inetnum, aut-num, domain…)

– format: <XXXX-AP> • Eg: AS17-AP

DB Intro

person: Ajith Singhaddress: ExampleNet Service Provideraddress: 2 Main St, Mount courtaddress: Wallis and Futuna Islandscountry: WFphone: +680-368-0844fax-no: +680-367-1797e-mail: kxander@example.com

nic-hdl: AS17-APmnt-by: MAINT-WF-EXchanged: kxander@example.com 20020731source: APNIC

Inetnum object example

– Contain IP address allocations / assignments

inetnum:netname:descr:descr:country:admin-c:tech-c:status:mnt-by:mnt-lower:changed:source:

202.51.64.0 - 202.51.95.255 CCNEP-NP-APCommunication & Communicate Nepal Ltd

VSAT Service Provider, Kathmandu NPAS75-APAS75-AP

ALLOCATED PORTABLEAPNIC-HMMAINT-NP-ARUN hostmaster@apnic.net 20010205APNIC

Attributes Values

DB Intro

Inter-related objects

inetnum:202.64.10.0 – 202.64.10.255

…admin-c: KX17-APtech-c: ZU3-AP…mnt-by: MAINT-WF-EX

…

IPv4 addresses

person:…

nic-hdl: ZU3-AP

…

Contact info

person:…

nic-hdl: KX17-AP

…

Contact info

mntner:MAINT-WF-EX

……

Data protection

DB Intro

Database query - clients

• Standard whois client• Included with many Unix distributions

– RIPE extended whois client• http://ftp.apnic.net/apnic/dbase/tools/ripe-dbase-

client.tar.gz

• Query via the APNIC website• http://www.apnic.net/apnic-bin/whois2.pl

• Query clients - MS-Windows etc– Many available

DB Intro

Database query (unix)- inetnum

• Note• Incomplete addresses padded with “.0”• Address without prefix interpreted as “/32”

% whois 203.127.128.0 - 203.127.159.255

% whois SINGNET-SG% whois 203.127.128.0/19

inetnum: 203.127.128.0 - 203.127.159.255netname: SINGNET-SG descr: Singapore Telecommunications Ltd descr: 31, Exeter Road, #02-00, Podium Blockdescr: Comcentre, 0923 country: SGadmin-c: CWL3-APtech-c: CWL3-APmnt-by: APNIC-HM changed: hostmaster@apnic.net 19990803 source: APNIC

DB Intro

Database query (web) - role

Query the APNIC Whois Database

http://www.apnic.net/apnic-bin/whois2.pl

2.Search options(flags)

1.Type in search key

3. ‘Search Whois’

DB Intro

Database query (web) - role

DB Intro

Need help?

General search help Help tracking spam and hacking

% [whois.apnic.net node-1]% How to use this server http://www.apnic.net/db/% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html

role: OPTUS IP ADMINISTRATORS address: Optus Communications address: 101 Miller Street address: North Sydney NSW 2060 country: AU phone: +61-2-93427681 phone: +61-2-93420848 phone: +61-2-93420983 phone: +61-2-93420813 phone: +61-2-93420717 fax-no: +61-2-9342-0998 fax-no: +61-2-9342-6122 e-mail: ipadmin@optus.net.au trouble: send spam/abuse reports to abuse@optus.net.au trouble: please use http://www.apnic.net/db/spam.html trouble: to identify networks before sending reports and trouble: always include full headers/logs. admin-c: NC8-AP tech-c: NC8-APtech-c: CN39-APtech-c: GE7-APtech-c: PS176-APnic-hdl: OA3-AP notify: hostmaster@optus.net.au mnt-by: MAINT-OPTUSCOM-APchanged: ipadmin@optus.net.au 20021120 source: APNIC

Query the APNIC Whois Database

Result of search on nic-hdl “OA3-AP”

(‘Optus IP administrators’role object)

Advanced database queries

– Flags used for inetnum queries

None find exact match

- l find one level less specific matches

- L find all less specific matches

- m find first level more specific matches

- M find all More specific matches

- x find exact match (if no match, nothing)

- d enables use of flags for reverse domains

- r turn off recursive lookups

inetnum: 202.64.0.0 – 202.64.15.255

202.64.0.0/20

inetnum:

202.0.0.0 – 202.255.255.255

202.0.0.0/8

Database query - inetnum

202.64.12.128/25

inetnum:

whois -L 202.64.0.0 /20

whois 202.64.0.0 /20

whois –m 202.64.0.0 /20 inetnum:

202.64.15.192/26

inetnum:

202.64.10.0/24More specific (= smaller blocks)

Less specific (= bigger block)

inetnum: 202.64.0.0/20

inetnum:

202.0.0.0 – 202.255.255.255

202.0.0.0/8

Database query - inetnum

whois -L 202.64.0.0 /20(all less specific)

whois 202.64.0.0 /20

whois –m 202.64.0.0 /20(1 level more specific)

inetnum:202.64.10.0/24

inetnum:

202.64.10.192/26

inetnum:whois -l 202.64.0.0 /20(1 level less specific)

whois –M 202.64.0.0 /20(all more specific)

202.64.0.0/16

‘-M’ will find all assignments in a range in the database

inetnum: 202.64.10.0 - 202.64.10.255netname: SILNET-APdescr: Satyam Infoway Pvt.Ltd.,.....inetnum: 202.64.12.128 - 202.64.12.255netname: SOFTCOMNETdescr: SOFTCOM LAN (Internet)IP......inetnum: 202.64.15.192 – 202.64.15.255descr: SILNETdescr: Satyam Infoway's Chennai LAN.....

% whois -M 202.64.0.0/20

Database query - inetnum

Recursive lookups

• whois 202.12.29.0

– whois -r 202.12.29.0

– whois -T inetnum 202.12.29.0

– whois -r -T inetnum 202.12.29.0

personinetnum route

inetnum route person

personinetnum

inetnum

recursion enabled by default

recursion turned off

‘type’ of object specified

‘type’ of object specified & recursion turned off

, &

&

&

DB query

Recursion is enabled by default

% whois 203.113.0.0/19 inetnum: 203.113.0.0 - 203.113.31.255netname: TOTNET-APdescr: Telephone Organization of THAILAND(TOT)descr: Telephone and IP Network Service Providerdescr: State Enterprise Thailand Governmentcountry: THadmin-c: NM18-APtech-c: RC80-AP…….person: Nopparat Maythaveekulchaiaddress: YTEL-1234 Office address: Telephone Organization of THAILAND(TOT)

person: Rungsun Channarukuladdress: YTEL-1234 OfficePaddress: Telephone Organization of THAILAND(TOT)

…….

Database query - recursion

Turn off recursion ‘-r’ no nic-handle lookup

% whois -r 203.113.0.0/19

inetnum: 203.113.0.0 - 203.113.31.255netname: TOTNET-APdescr: Telephone Organization of THAILAND(TOT)descr: Telephone and IP Network Service Providerdescr: State Enterprise Thailand Governmentcountry: THadmin-c: NM18-APtech-c: RC80-APmnt-by: APNIC-HMmnt-lower: MAINT-TH-SS163-APchanged: hostmaster@apnic.net 19990922source: APNIC

Database query – no recursion

Inverse queries

• Inverse queries are performed on inverse keys

• See object template (whois –t)

• Returns all objects that reference the object with the key specified as a query argument

• Practical when searching for objects in which a particular value is referenced, such as your nic-hdl

• Syntax: whois -i <attribute> <value>

Inverse queries - examples

• What objects are referencing my nic-hdl?– whois -ipn KX17-AP

• In what objects am I registered as tech-c?– whois –i tech-c KX17-AP

• Return all domain objects where I am registered as admin-c, tech-c or zone-c– whois -i admin-c,tech-c,zone-c -T domain KX17-AP

• What objects are protected by my maintainer?– whois -i mnt-by MAINT-WF-EX

no space!

DB query

Database query - inverse

inetnum: 202.101.128.0 - 202.101.159.255netname: CHINANET-FJdescr: chinanet fujian province networkcountry: CNadmin-c: DK26-AP……domain: 128.103.202.in-addr.arpadescr: in-addr.arpa zone for 128.103.202.in-addr.arpaadmin-c: DK26-AP…….aut-num: AS4811as-name: CHINANET-CORE-WAN-EASTdescr: CHINANET core WAN EASTdescr: connect to AT&T,OPTUScountry: CNadmin-c: DK26-AP……person: Dongmei Kouaddress: A12,Xin-Jie-Kou-Wai Street,address: Beijing,100088country: CNphone: +86-10-62370437nic-hdl: DK26-AP

% whois -i person DK26-AP

Inverse lookup with ‘-i ‘

DB query

Database query - options

– Summary of other flags:- i inverse lookup on given attribute

- t give template for given type

- v verbose information for given type

- h specify database server site

– For more information try...• whois -h whois.apnic.net HELP

Creating a person object

Whois Database Guide:http://www.apnic.net/services/whois_guide.html

1. Fill out person object form on web• Name, e-mail, phone, address etc• Tick ‘MNT-NEW’ for temporary protection

2. Completed template is sent to you

3. Forward template to

4. Person object created and nic-hdl is generated

DB Intro

<auto-dbm@apnic.net>

LIR registration responsibilities

1. Create person objects for contacts• To provide contact info in other objects

2. Create mntner object• To provide protection of objects

– (To be discussed later)

3. Create inetnum objects for all customer address assignments

• (Allocation object created by APNIC)

DB Intro

inetnum:

Allocation (Created by APNIC)

3

Using the db – step by step

Customer Assignments(Created by LIR)

person:nic-hdl:

KX17-AP

Contact info

1

Data Protection

mntner:2

inetnum:...KX17-AP

...mnt-by:...

4inetnum:...KX17-AP

...mnt-by:...

5inetnum:...KX17-AP

...mnt-by:...

6

DB Intro

Database auto-responses

• Successful update SUCCEEDED• Objects accepted

• Warnings• Objects accepted but ambiguous• Objects corrected and accepted

• Errors FAILED• Objects NOT accepted

Don’t understand the error message?1. Help documentation

• http://www.apnic.net/docs/database-update-info.html

2. Contact • Include the error message

?

<helpdesk@apnic.net>

Parse

Database mailboxes

• Automatic request processing

– Automatic “robot” for all db updates

– Email template for create/update/delete

• Database service support

– E-mails answered by APNIC staff

– 1 day response time

DB 2

Helpdesk

<auto-dbm@apnic.net> <helpdesk@apnic.net>

Database protection- maintainer object

mntner: MAINT-WF-EXdescr: Maintainer for ExampleNet Service Providercountry: WFadmin-c: ZU3-APtech-c: KX17-APupd-to: kxander@example.commnt-nfy: kxander@example.comauth: CRYPT-PW apHJ9zF3omnt-by: MAINT-WF-EXreferral-by: MAINT-APNIC-APchanged: kxander@example.com 20020731source: APNIC

DB 2

• protects other objects in the APNIC database

Creating a maintainer object

1. Fill out webform– Provide:

• Admin-c & tech-c• password• email address etc

2. Completed form will be sent to you

3. Forward request to maint-request@apnic.net

4. Maintainer will be created manually• Manual verification by APNIC Hostmasters

5. Update your person object with mntner

http://www.apnic.net/services/whois_guide.html

Database protection

• Authorisation– “mnt-by” references a mntner object

• Can be found in all database objects• “mnt-by” should be used with every object!

• Authentication– Updates to an object must pass

authentication rule specified by its maintainer object

DB 2

Authorisation mechanism

mntner: MAINT-WF-EXdescr: Maintainer for ExampleNet Service Providercountry: WFadmin-c: ZU3-APtech-c: KX17-APupd-to: kxander@example.commnt-nfy: kxander@example.comauth: CRYPT-PW apHJ9zF3omnt-by: MAINT-WF-EXchanged: kxander@example.com 20020731source: APNIC

inetnum: 202.137.181.0 – 202.137.185.255netname: EXAMPLENET-WFdescr: ExampleNet Service Provider……….mnt-by: MAINT-WF-EX

DB 2

Maintainer specific attributes

• mnt-nfy:• Sends notification of any changes to

maintained objects to email address specified

• mnt-by:• Maintainers must also be protected!

(Normally by themselves)

• auth:• Authentication method for this maintainer

DB 2

Authentication methods

• ‘auth’ attribute – <none>

• Strongly discouraged!

– Crypt-PW• Crypt (Unix) password encryption• Use web page to create your maintainer

– PGP – GNUPG• Strong authentication• Requires PGP keys

– MD5• Soon available

DB 2

Mnt-by & mnt-lower

• ‘mnt-by’ attribute• Can be used to protect any object• Changes to protected object must satisfy authentication rules of

‘mntner’ object.

• ‘mnt-lower’ attribute • Also references mntner object• Hierarchical authorisation for inetnum & domain objects• The creation of child objects must satisfy this mntner• Protects against unauthorised updates to an allocated range -

highly recommended!

DB 2

Inetnum: 203.146.96.0 - 203.146.127.255 netname: LOXINFO-TH descr: Loxley Information Company Ltd. Descr: 304 Suapah Rd, Promprab,Bangkok country: TH admin-c: KS32-APtech-c: CT2-APmnt-by: APNIC-HM mnt-lower: LOXINFO-ISchanged: hostmaster@apnic.net 19990714 source: APNIC

Authentication/Authorisation

– APNIC allocation to member• Created and maintained by APNIC

1. Only APNIC can change this object2. Only Loxinfo can create assignments within this allocation

12

DB 2

Inetnum: 203.146.113.64 - 203.146.113.127 netname: SCC-TH descr: Sukhothai Commercial College Country: TH admin-c: SI10-APtech-c: VP5-APmnt-by: LOXINFO-ISchanged: voraluck@loxinfo.co.th 19990930

source: APNIC

Authentication/Authorisation

– Member assignment to customer• Created and maintained by APNIC member

Only LOXINFO-IS can change this object

DB 2

Role object

• Represents a group of contact persons for an organisation– Eases administration– Can be referenced in other objects instead of

the person objects for individuals

• Also has a nic-hdl• Eg. HM20-AP

http://www.apnic.net/db/role.html

Role object - example

– Contains contact info for several contacts

role: address:country:phone:phone:fax-no:fax-no:e-mail:admin-c:tech-c:tech-c:nic-hdl:mnt-by:source:

OPTUS IP ADMINISTRATORS 101 Miller Street North SydneyAU+61-2-93427681+61-2-93420813+61-2-9342-0998+61-2-9342-6122noc@optus.net.auNC8-APNC8-APSC120-APOA3-APMAINT-OPTUSCOM-AP APNIC

ValuesAttributes

Creating a role object

• Email– Whois –t role

• Gives role object template

– Complete all fields• With the nic-hdls of all contacts in your

organisation

– Send to

<auto-dbm@apnic.net>

Replacing contacts in the db- using person objects

inetnum:202.0.10.0…

KX17-AP

person:…

KX17-AP

inetnum:202.0.15.192…

KX17-AP

inetnum:202.0.12.127…

KX17-AP

person:…

ZU3-AP

K. Xander is leaving my organisation. Z. Ulrich is replacing him.

ZU3-AP

ZU3-AP

ZU3-AP1. Create a person object for new contact (Z. Ulrich).

2. Find all objects containing old contact (K. Xander).

3. Update all objects, replacing old contact (KX17-AP) with new contact (ZU3-AP).

4. Delete old contact’s (KX17-AP) person object.

Replacing contacts in the db– using a role object

inetnum:202.0.10.0…EIPA91-AP

person:…KX17-AP

inetnum:202.0.15.192…EIPA91-AP

inetnum:202.0.12.127…EIPA91-AP

K. Xander is leaving my organisation. Z. Ulrich is replacing him.

I am using a role object containing all contact persons, which is referenced in all my objects.

1. Create a person object for new contact (Z. Ulrich).

2. Replace old contact (KX17-AP) with new contact (ZU3-AP) in role object

3. Delete old contact’s person object.

role:

…

EIPA-91-AP

KX17-APAB1-APCD2-AP

ZU3-AP

person:…ZU3-AP

No need to update any other objects!

Database update process

– Email requests to <auto-dbm@apnic.net>– Each request contains an object template

Update Request

Template

<auto-dbm@apnic.net>

Parse

Warnings/Errors returned

Error

Auth. DataBase

Whois Server

DB 2

Deleting an object

– Copy object as-is in database into email– Add your maintainer password– Leave the changed attribute

inetnum: 202.182.224.0 - 202.182.225.255netname: SONY-HK...mnt-by: MAINT-CNS-APchanged: ph@macroview.com 19990617source: APNICpassword: x34zkydelete: no longer required me@company.com

Note: Referenced objects cannot be deleted (02/99)

DB 2

Forgotten the password ?

We do not recommend using personal names for maintainer objects

Requires legal documentation

DB 2

Unfortunately we cannot change the password for the maintainer until we have received a fax with your company’s letterhead confirming the request to modify the password.

In the fax, please include the following:

0. Attention: APNIC Database Administration Department

1. The APNIC Account name of your company and your personal nic handle. If you do not have an APNIC account, then please state ‘NON-MEM’.

2. The current maintainer object which is to be modified, as obtained from ‘whois –h whois.apnic.net MAINTAINER-OBJECT’

3. The new password/authorisation for the maintainer.

4. The signature of a contact for the maintainer.

Confirmation by fax

required on company

letter head

Questions ?

Reverse DNS Delegation

Registry Procedures

Rev. DNS

Overview

• Reverse DNS Delegation

• APNIC & Member responsibilities

• Reverse network delegations (/16)

• Reverse network delegations (/24)

• Subnet delegations

• Delegation procedures

Rev. DNS

What is ‘Reverse DNS’?

• ‘Forward DNS’ maps names to numbers– svc00.apnic.net -> 202.12.28.131

• ‘Reverse DNS’ maps numbers to names– 202.12.28.131 -> svc00.apnic.net

Rev. DNS

In-addr.arpa

• Hierarchy of IP addresses– Uses ‘in-addr.arpa’ domain

• INverse ADDRess

• IP addresses:– Less specific to More specific

• 210.56.14.1

• Domain names: – More specific to Less specific

• delhi.vsnl.net.in

– Reversed in in-addr.arpa hierarchy• 14.56.210.in-addr.arpa

Rev. DNS

whois

Root DNSRoot DNS

Reverse DNS delegation

net edu com au

whois

apnic

202 203 210 211..202

2222

in-addr

arpa

6464

22.64 .in-addr.202 .arpa

Rev. DNS

- Mapping numbers to names - ‘reverse DNS’

Reverse DNS - why bother?

• Service denial• That only allow access when fully reverse

delegated eg. anonymous ftp

• Diagnostics• Assisting in trace routes etc

• Registration• Responsibility as a member and Local IR

Rev. DNS

APNIC & Member responsibilities

• APNIC– Manage reverse delegations of address block

distributed by APNIC – Process members requests for reverse

delegations of network allocations

• Members– Be familiar with APNIC procedures– Ensure that addresses are reverse-mapped– Maintain nameservers for allocations

• Minimise pollution of DNS

Reverse delegation requirements

• /24 Delegations• Address blocks should be assigned/allocated• At least two name servers

• /16 Delegations• Same as /24 delegations• APNIC delegates entire zone to member• Recommend APNIC secondary zone

• < /24 Delegations• Read “classless in-addr.arpa delegation”

RFC2317

Delegation procedures

• Upon allocation, member is asked if they want /24 place holder domain objects with member maintainer– Gives member direct control

• Standard APNIC database object, – can be updated through online form or via email.

• Nameserver/domain set up verified before being submitted to the database.

• Protection by maintainer object– (current auths: NONE, CRYPT-PW, PGP).

• Zone file updated 2-hourly

Rev. DNS

Delegation procedures – request form

• Complete the documentation• http://www.apnic.net/db/domain.html

• On-line form interface– Real time feedback– Gives errors, warnings in zone configuration

• serial number of zone consistent across nameservers• nameservers listed in zone consistent

– Uses database ‘domain’ object• examples of form to follow..

Rev. DNS

Evaluation

• Parser checks for– ‘whois’ database

• IP address range is assigned or allocated• Must be in APNIC database

– Maintainer object• Mandatory field of domain object

– Nic-handles• zone-c, tech-c, admin-c

– Name servers

Rev. DNS

Use of maintainer object

• Domain objects protected by maintainers• hierarchical protection using “mnt-lower”

• Bootstrap period– ‘MAINT-AP-DNS-DEFAULT’ for all objects

imported by APNIC from existing zone files• Changing delegations requires valid maintainer• Maintainer creation & authorisation is manual

– Turnaround time 2 days

– /24 place holder objects created upon allocation gives members direct control

• No need to contact APNIC when changing nservers

Rev. DNS

Delegation process summary

on-line feedback givenno

Step 1

yes

Step 2

Step 3update APNIC

database

notify upd-tocontact for

maintainer object

zone files reloadedEvery 2 hrs, 24hrs a day on everyday

Delegation by APNIC

request forwarded to APNIC for manual

processingno

yes

request parsed OK?

authorisation OK?

Rev. DNS

Reverse DNS Troubleshooting Guide:http://www.apnic.net/services/help/rd/troubleshooting.html

Questions?

• Are all your zones, and your customer zones registered?

Autonomous System Numbers

Procedures

Overview

• What is an AS?

• Guidelines and procedures

• Application form (documentation)

• Policy expression

ASN

What is an Autonomous System?

– Collection of networks with same routing policy

– Usually under single ownership, trust and administrative control

AS 100

ASN

When do I need an ASN?

• When do I need an AS?– Multi-homed network to different

providers and– Routing policy different to external peers

• Recommended reading!– RFC1930: Guidelines for creation,

selection and registration of an Autonomous System

ASN

RFC1930

When don’t I need an ASN?

• Factors that don’t count– Transition and ‘future proofing’ – Multi-homing to the same upstream

• RFC2270: A dedicated AS for sites

homed to a single provider

– Service differentiation• RFC1997: BGP Communities attribute

RFC2270

RFC1997

ASN

Requesting an ASN

• Complete the request form– web form available:

• http://www.apnic.net/db/aut-num.html

• Request form is parsed - real time– Must include routing policy

• multiple import and export lines

– Is checked for syntactical accuracy• based on RPSL (rfc2622)

– Peers verified by querying routing table– [NO-PARSE] will not send request to parser

ASN

RFC2622

Requesting an ASN - Customers

1. Requested directly from APNIC• AS number is “portable”

2. Requested via member• ASN is “non-portable”• ASN returned if customer changes provider

• Transfers of ASNs– Need legal documentation (mergers etc)– Should be returned if no longer required

ASN

New policyas of Nov-02

Representation of routing policy

• Routing and packet flows

AS 1 AS 2routing flow

packet flow

packet flow

accepts

announces

announces

accepts

ASN

For AS1 and AS2 networks to communicate• AS1 must announce to AS2• AS2 must accept from AS1• AS2 must announce to AS1• AS1 must accept from AS2

Representation of routing policy

AS 1 AS 2

aut-num: AS1…import: from AS2

action pref=100;accept AS2

export: to AS2 announce AS1

aut-num: AS2…import: from AS1

action pref=100;accept AS1

export: to AS1 announce AS2

Basic concept

“action pref” - the lower the value, the preferred the route

ASN

Representation of routing policy

AS 123 AS4 AS5

AS5

AS10More complex example

• AS4 gives transit to AS5, AS10• AS4 gives local routes to AS123

ASN

Representation of routing policy

AS 123AS 123 AS4AS4 AS5AS5AS5

AS10AS10

import: from AS123 action pref=100; accept AS123

aut-num: AS4

import: from AS5 action pref=100; accept AS5

import: from AS10 action pref=100; accept AS10

export: to AS123 announce AS4

export: to AS5 announce AS4 AS10

export: to AS10 announce AS4 AS5 Not a path

ASN

Representation of routing policy

AS123AS123 AS4AS4

More complex example

• AS4 and AS6 private link1• AS4 and AS123 main transit link2 • backup all traffic over link1 and link3 in event of link2 failure

AS6AS6privatelink1

link3

transit traffic over link2

ASN

Representation of routing policy

AS123AS123 AS4AS4

AS6AS6private link1

link3

AS representation

transit traffic over link2

import: from AS123 action pref=100; accept ANY

aut-num: AS4

import: from AS6 action pref=50; accept AS6

import: from AS6 action pref=200; accept ANY

export: to AS6 announce AS4

export: to AS123 announce AS4

full routing received

ASN

higher cost for backup route

aut-num: AS4777as-name: APNIC-NSPIXP2-ASdescr: Asia Pacific Network Information Centredescr: AS for NSPIXP2, remote facilities siteimport: from AS2500 action pref=100; accept ANYimport: rom AS2524 action pref=100; accept ANYimport: from AS2514 action pref=100; accept ANYexport: to AS2500 announce AS4777export: to AS2524 announce AS4777export: to AS2514 announce AS4777default: to AS2500 action pref=100; networks ANYadmin-c: PW35-APtech-c: NO4-APremarks: Filtering prefixes longer than /24mnt-by: MAINT-APNIC-APchanged: paulg@apnic.net 19981028source: APNIC

Aut-num object example

POLICYRPSL

ASN

Routing Policy Specification Language

• RPSL– Derived from RIPE-181– Introduced with v3 Database

• 20 August 2002

– “New” object specification language• more expressive syntax• advanced aut-num and routing policy options

– Especially useful in an Internet Routing Registry

ASN

RFC2622

Questions ?

APNIC Internet Routing Registry

What is an IRR?

• Global Internet Routing Registry database– http://www.irr.net/

• Uses RPSL

– Established in 1995

• Stability and consistency of routing– network operators share information

• Both public and private databases– These databases are independent

• but some exchange data• only register your data in one database

Internet Routing Registries

RIPE

RADB CW

APNIC Connect

ARIN, ArcStar, FGC, Verio, Bconnex,

Optus, Telstra, ...

IRR = APNIC RR + RIPE DB + RADB + C&W + ARIN + …

Why use an IRR?

• Route filtering• Peering networks• A provider and its customer

• Network troubleshooting• Easier to locate routing problems outside your network

• Router configuration• By using IRRToolSet

– ftp.ripe.net/tools/IRRToolSet

• Global view of routing• A global view of routing policy improves the integrity of

Internet’s routing as a whole.

APNIC Database & the IRR

• APNIC whois Database– Two databases in one

• Public Network Management Database– “whois” info about networks & contact persons

• IP addresses, AS numbers etc

• Routing Registry – contains routing information

• routing policy, routes, filters, peers etc.

– APNIC RR is part of the global IRR

Integration of Whois and IRR

• Integrated APNIC Whois Database & Internet Routing Registry

APNIC Whois

IRR

IP, ASNs,reverse domains,

contacts,maintainers

etc routes, routingpolicy, filters,

peers etcinetnum, aut-num, domain, person, role, maintainer

route, aut-num, as-set, int-rtr, peering-set etc.Internet resources &

routing information

RPSL

• Routing Policy Specification Language– Object oriented language

• Based on RIPE-181– Structured whois objects

• Higher level of abstraction than access lists

• Describes things interesting to routing policy:– Routes, AS Numbers …– Relationships between BGP peers– Management responsibility

• Relevant RFCs– Routing Policy Specification Language– Routing Policy System Security – Using RPSL in Practice

RFC2622

RFC2725

RFC2650

IRR objects

• route – Specifies interAS routes

• aut-num – Represents an AS. Used

to describe external routing policy

• inet-rtr – Represents a router

• peering-set – Defines a set of peerings

• route-set – Defines a set of routes

• as-set – Defines a set of aut-num

objects

• rtr-set – Defines a set of routers

• filter-set – Defines a set of routes that

are matched by its filter

www.apnic.net/db/ref/db-objects.html

Inter-related IRR objects

inetnum: 202.0.16 - 202.0.31.255 … tech-c: KX17-AP mnt-by: MAINT-EX

aut-num: AS1 …tech-c: KX17-APmnt-by: MAINT-EX

…

route: origin:…mnt-by: MAINT-EX

person: …nic-hdl: KX17-AP…

mntner: MAINT-EX…

202.0.16/20AS1 202.0.16 - 202.0.31.255

AS1

Inter-related IRR objects

aut-num: AS2…

inetnum:202.0.16.0-202.0.31.255…

aut-num: AS10…

route: 202.0.16/20… origin: AS2…

as-set: AS1:AS-customersmembers: AS10, AS11

route-set: AS2:RS-routesmembers: 218.2/20, 202.0.16/20

route: 218.2/20 …origin: AS2 …

aut-num: AS2…

inetnum:218.2.0.0 - 218.2.15.255…

aut-num: AS11…

, AS2

‘Set-’ objects and their members

aut-num: AS10…

as-set: AS1:AS-CUSTSmembers: AS10, AS11

aut-num: AS11…

as-set: AS1:AS-PEERSmbrs-by-ref: MAINT-EX

aut-num: AS20member-of: AS1:AS-PEERSmnt-by: MAINT-EX

aut-num: AS21member-of: AS1:AS-PEERSmnt-by: MAINT-EX

members- members specified in the ‘set-’ object

mbrs-by-ref- ‘set’ specified in the member objects

• Two ways of referencing members

1. ‘mbrs-by-ref’ specifies the maintainer of the members.

2. Members reference the ‘set-’ object in the ‘member-of’ attribute

3. Members are maintained by the maintainer specified in the ‘set-’

1. ‘members’ specifies members of the set

2. Members added in the ‘set-’ object3. No need to modify the member

object when adding members

12

1

2

33

Hierarchical authorisation

• mnt-routes– authenticates creation of route objects

• creation of route objects must pass authentication of mntner referenced in the mnt-routes attribute

– Format:•mnt-routes: <mntner>

In: , and objects

routeaut-numinetnum

Authorisation mechanism

inetnum: 202.137.181.0 – 202.137.185.255netname: SPARKYNET-WFdescr: SparkyNet Service Provider…mnt-by: MAINT-APNIC-APmnt-lower: MAINT-SPARKYNETmnt-routes: MAINT-SPARKYNET-WF

This object can only be modified by APNIC

Creation of more specific objects (assignments) within this range has to pass the authentication of MAINT-SPARKYNET

Creation of route objects matching/within this range has to pass the authentication of MAINT-SPARKYNET-WF

Creating route objects

• Multiple authentication checks:– Originating ASN

• mntner in the mnt-routes is checked• If no mnt-routes, mnt-lower is checked• If no mnt-lower, mnt-by is checked

– AND the address space• Exact match & less specific route

– mnt-routes etc

• Exact match & less specific inetnum– mnt-routes etc

– AND the route object mntner itself• The mntner in the mnt-by attribute

aut-num

inetnum

route

(encompassing)

route

Creating route objects1

route: 202.137.240/20origin: AS1

route

mntner: MAINT-WF-EXNETauth: CRYPT-PW klsdfji9234

maintainer

inetnum: 202.137.240.0 – 202.137.255.255mnt-routes: MAINT-WF-EXNET

IP address range

aut-num: AS1mnt-routes: MAINT-WF-EXNET

AS number

1. Create route object and submit to APNIC RR database

4. Db checks aut-num obj corresponding to the ASN in route obj

2. Db checks inetnum obj matching/encompassing IP range in route obj

3. Route obj creation must pass auth of mntner specified in inetnum mnt-routes attribute.

5. Route obj creation must pass auth of mntner specified in aut-num mnt-routes attribute.

4

53

2

APNIC RR service scope

• Support– APNIC Helpdesk support

• Training• IRR workshop under development

• Mirroring– APNIC mirrors IRRs within Asia Pacific

and major IRRs outside of the region.

<helpdesk@apnic.net>

Summary

• APNIC RR integrated in APNIC Whois DB• whois.apnic.net• <auto-dbm@apnic.net>

• IRR benefits– Facilitates network troubleshooting– Generation of router configuration– Provides global view of routing

• APNIC RR benefits– Single maintainer (& person obj) for all objects– APNIC asserts resources for a registered route– Part of the APNIC member service!

Questions ?

IPv6

Overview, Policies & Procedures

Overview

• Rationale

• Addressing

• Features of IPv6

• IPv6 Policies & Procedures

• Statistics

Rationale

• Address depletion concerns– Squeeze on available addresses space

• End to end connectivity no longer visible

• Widespread use of NAT

• Scalability– Increase of backbone routing table size

• Hierarchical routing (CIDR)

IPv6

IPv6 addressing

• 128 bits of address space• Hexadecimal values of eight 16 bit fields

• X:X:X:X:X:X:X:X (X=16 bit number, eg: A2FE)• 16 bit number is converted to a 4 digit hexadecimal

number

• Example:• FE38:DCE3:124C:C1A2:BA03:6735:EF1C:683D• 4EED:23:0:0:0:36E:125:2B• 32CB:10A2:0000:0000:0000:0000:3EFC:3C2A can be

represented as 32CB:10A2::3EFC:3C2A

IPv6

IPv6 address management hierarchy

IANA

RIR RIR

LIR/ISP

Customer Site Customer Site

IPv6

Downstream ISPLIR/ISP

IPv6 addressing structure

0 127

LIR/32

32

128 bits

Customer Site /48

16

Subnet /64

16 64

Device /128

IPv6 deployment current experiments

IPv6-washing machine IPv6-refrigerator IPv6-microwave

Mobile viewer Access point

PC

IPv6 network

Home hub

Home hub

Home router

Light

Air conditioner

Ethernet

Wireless

IPv6 address policy goals

• Efficient address usage• Avoid wasteful practices

• Aggregation• Hierarchical distribution• Aggregation of routing information• Limiting no of routing entries advertised into

the Internet

• Minimise overhead• Associated with obtaining address space

• Registration, Uniqueness, Fairness & consistency

IPv6

IPv6 initial allocation criteria

• Be an LIR– Not be an end site

• Plan for at least 200 /48 assignments to other organisations within 2 years

• Plan to provide IPv6 connectivity to organisations and to end sites

– Initial allocation size: /32

IPv6

IPv6 sub-allocation policy

• LIR to ISP allocation – Policy determined by LIR

• DB registration – All /48 and shorter prefix allocations and

assignments must be registered

IPv6 assignments

• Default assignment /48 for all end sites• POP also defined as end site

– Providing 16 bits of space for subnets

• Other assignment sizes– /64 only one subnet – /128 only one device connecting

• Larger assignments - Multiple /48s – Should be reviewed by RIR/NIR

• Follow second opinion procedure

48 bits

128 bits64 bits64 bits48 bits

IPv6 utilisation

• Utilisation determined from end site assignments– LIR responsible for registration of all /48

assignments– Intermediate allocation hierarchy not

considered

• Utilisation of IPv6 address space is measured differently from IPv4

IPv6 utilisation requirement

• IPv6 utilisation measured according to HD-Ratio (RFC 3194):

• IPv6 utilisation requirement is HD=0.80– Measured according to assignments only

• E.g. ISP has assigned 10000 (/48s) addresses of /32

Utilisation HD = log (Assigned address space)

log (Available address space)

log (Assigned address space)

log (Available address space)=

log (10,000)

log (65,536)= 0.83

IPv6 utilisation requirement (Cont.)

• HD Ratio utilisation requirement of 0.80

IPv6

Prefix

Site Address

Bits

Total site address in /48s

Threshold

(HD ratio 0.8)

Utilisation %

42 6 64 28

36 12 4096 776

35 13 8192 1351

32 16 65536 7132

29 19 524288 37641

24 24 16777216 602249

16 32 4294967296 50859008

8 40 1099511627776 4294967296

3 45 35184372088832 68719476736

10.9%

43.5%

18.9%16.5%

7.2%

3.6%

1.2%0.4%

0.2%

• RFC 3194

• “In a hierarchical address plan, as the size of the allocation increases, the density of assignments will decrease.”

Subsequent allocation

• Must meet HD = 0.8 utilisation requirement of previous allocation

• (7132 /48s assignments in a /32)

• Other criteria to be met– Correct registrations (all /48s registered)– Correct assignment practices etc

• Subsequent allocation size is at least double– Resulting IPv6 prefix is 1 bit shorter– Should be sufficient for 2 years requirement

Other conditions

• License model of allocation

– Allocations are not considered permanent, but always subject to review and reclamation

• Existing /35 Allocations

– A number of /35s have been assigned under interim IPv6 policy

– Holders of /35s eligible to request /32

IXP IPv6 assignment policy

• Criteria– Demonstrate ‘open peering policy’– 3 or more peers – Should not announce prefix to the Internet

• Portable assignment size: /48 – All other needs should be met through normal

processes– /64 holders can “upgrade” to /48

• Through NIRs/ APNIC• Need to return /64

IPv6

IPv6 - current experiments

IPv6-washing machine IPv6-refrigerator IPv6-microwave

Mobile viewer Access point

PC

IPv6 network

Home hub

Home hub

Home router

Light

Air conditioner

Ethernet

Wireless

IPv6 allocation request form

• Requestor template

• Network template

• IPv6 usage template

• Additional information– Information published online– network diagram & deployment dates– Additional justification if requesting more

than initial allocation size– Additional information

IPv6 address allocation procedures

• IPv6 Allocations to RIRs from IANA– APNIC 2001:0200::/23

2001:0C00::/232001:0E00::/23

– ARIN 2001:0400::/23– LACNIC 2001:1200::/23– RIPE NCC 2001:0600::/23

2001:0800::/232001:0A00::/23

• IPv6 Address Request form– http://ftp.apnic.net/apnic/docs/ipv6-alloc-request

IPv6

IPv6 RIRs distribution

Last updated Oct 2003

APNIC113

ARIN71

LACNIC8

RIPE-NCC237

IPv6

IPv6 Allocations - Global

Single Allocation16%

JP26%

US14%

DE8%

FI3%

SE3%

FR2%

IT2%

NL2%

AT1%

IE1%

KR8%

UK5%

MX4%

EU3%

AU2%

IPv6 allocations in AP

IPv6

Last updated Oct 2003

JP 58

ID2

PH1

KR 17

SG 4HK 2

IN1MY

3

PG1

TH3

AU 5

CN 5

TW 11

IPv6 routing table

0

50

100

150

200

250

/24 /28 /32 /33 /35 /36 /40 /42 /44 /45 /48 /60 /64 /120 /128

IPv6 routing table announcement

Source: http://bgp.potaroo.net/v6/as1221/index.html

Last updated May 2003

Questions ?

References

• IPv6 Resource Guide• http://www.apnic.net/services/ipv6_guide.html

• IPv6 Policy Document• http://www.apnic.net/policies.html

• IPv6 Address request form• http://ftp.apnic.net/apnic/docs/ipv6-alloc-request

• Useful reading:– “The case for IPv6”: http://www.6bone.net/misc/case-for-ipv6.html

FAQ• http://www.apnic.net/info/faq/IPv6-FAQ.html

IPv6

Questions ?

Summary

What we have covered today

Summary

• APNIC’s role in the Asia Pacific• Internet Registry Policies• IPv4 Allocation & Assignment Procedures

• IP Address Management• APNIC Database Procedures • Reverse DNS Procedures• ASN Assignment Procedures• Internet Routing Registry• IPv6 Overview and Policies

Summary - Responsibilities

• As an APNIC member and custodian of address space – Be aware of your responsibilities

– Register customer assignments in APNIC database

• Keep this data up-to-date & accurate

– Educate your customers– Document your network in detail

• Keep local records

– Register reverse DNS delegations

• More personalised service– Range of languages:

• Faster response and resolution of queries– IP resource applications, status of requests, membership enquiries,

billing issues & database enquiries

Helpdesk

Member Services Helpdesk- One point of contact for all member enquiries

helpdesk@apnic.netwww.apnic.net/helpdesk

Helpdesk hours 9:00 am - 7:00 pm (AU EST, UTC + 10 hrs)

ph: +61 7 3858 3188 fax: +61 7 3858 3199

• Filipino (Tagalog)• Mandarin• Vietnamese

• English• Japanese• Thai

• Cantonese• Hindi• Telugu

Summary

• “Do the right thing”

– Think about routing table size & scalability of Internet

– Encourage renumbering

– Announce aggregate prefixes

– Think global not local

Thank you !!

Your feedback is appreciated

Supplementary

Reading

Introduction

Regional Registry web sites• APNIC:

http://www.apnic.net

• ARIN: http://www.arin.net

• LACNIC: http://www.lacnic.net

• RIPE NCC: http://www.ripe.net

APNIC past meetingshttp://www.apnic.net/meetings

Introduction

APNIC membershttp://www.apnic.net/members.html

Membership • Membership procedure

http://www.apnic.net/membersteps.html

• Membership application form http://www.apnic.net/apnic-bin/membership-application.pl

• Membership fees http://www.apnic.net/docs/corpdocs/FeeSchedule.htm

Introduction to APNIC & IP Policy

Classless techniques• CIDR

http://ftp.apnic.net/ietf/rfc/rfc1000/rfc1517-19.txt

• Network Addressing when using CIDR ftp://ftp.uninett.no/pub/misc/eidnes-cidr.ps.Z

• Variable Length Subnet Table http://ftp.apnic.net/ietf/rfc/rfc1000/rfc1878.txt

Private Address Space• Address Allocation for Private Internets

http://ftp.apnic.net/ietf/rfc/rfc1000/rfc1918.txt

• Counter argument: “Unique addresses are good” http://ftp.apnic.net/ietf/rfc/rfc1000/rfc1814.txt

Bit boundary chart +------------------------------------------------------+ | addrs bits pref class mask | +------------------------------------------------------+ | 1 0 /32 255.255.255.255 | | 2 1 /31 255.255.255.254 | | 4 2 /30 255.255.255.252 | | 8 3 /29 255.255.255.248 | | 16 4 /28 255.255.255.240 | | 32 5 /27 255.255.255.224 | | 64 6 /26 255.255.255.192 | | 128 7 /25 255.255.255.128 | | 256 8 /24 1C 255.255.255 | | 512 9 /23 2C 255.255.254 | | 1,024 10 /22 4C 255.255.252 | | 2,048 11 /21 8C 255.255.248 | | 4,096 12 /20 16C 255.255.240 | | 8,192 13 /19 32C 255.255.224 | | 16,384 14 /18 64C 255.255.192 | | 32,768 15 /17 128C 255.255.128 | | 65,536 16 /16 1B 255.255 | | 131,072 17 /15 2B 255.254 | | 262,144 18 /14 4B 255.252 | | 524,288 19 /13 8B 255.248 | | 1,048,576 20 /12 16B 255.240 | | 2,097,152 21 /11 32B 255.224 | | 4,194,204 22 /10 64B 255.192 | | 8,388,608 23 /9 128B 255.128 | | 16,777,216 24 /8 1A 255 | | 33,554,432 25 /7 2A 254 | | 67,108,864 26 /6 4A 252 | | 134,217,728 27 /5 8A 248 | | 268,435,456 28 /4 16A 240 | | 536,870,912 29 /3 32A 224 | |1,073,741,824 30 /2 64A 192 | +------------------------------------------------------+

APNIC Mailing Lists

• apnic-talk– Open discussions relevant to APNIC community & members

• apnic-announce– Announcements of interest to the AP community

• sig-policy– IPv4 and IPv6 allocation and assignment policies

• global-v6– Global IPv6 policy mailing list

• subscribe via <majordomo@apnic.net>• archives:

http://ftp.apnic.net/apnic/mailing-lists

http://www.apnic.net/net_comm/lists/

The RIR System

• “Development of the Regional Internet Registry System” Internet Protocol Journal

• Short history of the Internet

http://www.cisco.com/warp/public/759/ipj_4-4/ipj_4-4_regional.html

Policies & Policy Environment

Policy Documentation • Policies for address space management in the Asia Pacific

regionhttp://www.apnic.net/docs/policy/add-manage-policy.html

• RFC2050: Internet Registry IP allocation Guidelineshttp://ftp.apnic.net/ietf/rfc/rfc2000/rfc2050.txt

Address Request Procedures

Addressing Guidelines• “Designing Addressing Architectures for Routing &

Switching”, Howard C. Berkowitz

Address Request Forms• ISP Address Request Form

http://www.apnic.net/services/ipv4/

• Second-opinion Request Formhttp://www.apnic.net/services/second-opinion/

• No Questions Asked http://ftp.apnic.net/apnic/docs/no-questions-policy

APNIC Database

APNIC Database Documentation• Updating information in the APNIC Database

http://ftp.apnic.net/apnic/docs/database-update-info

• Maintainer & Person Object Request Form http://ftp.apnic.net/apnic/docs/mntner-person-request

• APNIC Maintainer Object Request http://www.apnic.net/apnic-bin/maintainer.pl

• APNIC Whois Database objects resource guide http://www.apnic.net/services/whois_guide.html

APNIC Database

RIPE Database Documentation• RIPE Database Reference Manual

http://www.ripe.net/docs/databaseref-manual.html

Database ‘whois’ Clienthttp://ftp.apnic.net/apnic/dbase/tools/ripe-dbase-client.tar.gz

Database web queryhttp://www.apnic.net/apnic-bin/whois2.pl

Person object template

person: [mandatory] [single] [lookup key]address: [mandatory] [multiple] [ ]country: [optional] [single] [ ]phone: [mandatory] [multiple] [ ]fax-no: [optional] [multiple] [ ]e-mail: [mandatory] [multiple] [lookup key]nic-hdl: [mandatory] [single] [primary/look-up key]remarks: [optional] [multiple] [ ]notify: [optional] [multiple] [inverse key]mnt-by: [mandatory] [multiple] [inverse key]changed: [mandatory] [multiple] [ ]source: [mandatory] [single] [ ]

Role object template

role: [mandatory] [single] [lookup key]address: [mandatory] [multiple] [ ]country: [optional] [single] [ ]phone: [mandatory] [multiple] [ ]fax-no: [optional] [multiple] [ ]e-mail: [mandatory] [multiple] [lookup key]trouble: [optional] [multiple] [ ]admin-c: [mandatory] [multiple] [inverse key]tech-c: [mandatory] [multiple] [inverse key]nic-hdl: [mandatory] [single] [primary/look-up

key]remarks: [optional] [multiple] [ ]notify: [optional] [multiple] [inverse key]mnt-by: [mandatory] [multiple] [inverse key]changed: [mandatory] [multiple] [ ]source: [mandatory] [single] [ ]

Maintainer Object Template

mntner: [mandatory] [single] [primary/look-up key]descr: [mandatory] [multiple] [ ]country: [optional] [single] [ ]admin-c: [mandatory] [multiple] [inverse key]tech-c: [optional] [multiple] [inverse key]upd-to: [mandatory] [multiple] [inverse key]mnt-nfy: [optional] [multiple] [inverse key]auth: [mandatory] [multiple] [ ]remarks: [optional] [multiple] [ ]notify: [optional] [multiple] [inverse key]mnt-by: [mandatory] [multiple] [inverse key]referral-by: [mandatory] [single] [inverse key]changed: [mandatory] [multiple] [ ]source: [mandatory] [single] [ ]

Inetnum object template

inetnum: [mandatory] [single] [primary/look-up key]netname: [mandatory] [single] [lookup key]descr: [mandatory] [multiple] [ ]country: [mandatory] [multiple] [ ]admin-c: [mandatory] [multiple] [inverse key]tech-c: [mandatory] [multiple] [inverse key]rev-srv: [optional] [multiple] [inverse key]status: [mandatory] [single] [ ]remarks: [optional] [multiple] [ ]notify: [optional] [multiple] [inverse key]mnt-by: [mandatory] [multiple] [inverse key]mnt-lower: [optional] [multiple] [inverse key]mnt-routes:[optional] [multiple] [inverse key]mnt-irt: [optional] [multiple] [inverse key]changed: [mandatory] [multiple] [ ]source: [mandatory] [single] [ ]

Aut-num Object Template

aut-num: [mandatory] [single] [primary/look-up key]

as-name: [mandatory] [single] [ ]descr: [mandatory] [multiple] [ ]country: [optional] [single] [ ]member-of: [optional] [multiple] [ ]import: [optional] [multiple] [ ]export: [optional] [multiple] [ ]default: [optional] [multiple] [ ]remarks: [optional] [multiple] [ ]admin-c: [mandatory] [multiple] [inverse key]tech-c: [mandatory] [multiple] [inverse key]cross-mnt: [optional] [multiple] [inverse key]cross-nfy: [optional] [multiple] [inverse key]notify: [optional] [multiple] [inverse key]mnt-lower: [optional] [multiple] [inverse key]mnt-routes: [optional] [multiple] [inverse key]mnt-by: [mandatory] [multiple] [inverse key]changed: [mandatory] [multiple] [ ]source: [mandatory] [single] [ ]

Domain object template

domain: [mandatory] [single] [primary/look-up key]

descr: [mandatory] [multiple] [ ]country: [optional] [single] [ ]admin-c: [mandatory] [multiple] [inverse key]tech-c: [mandatory] [multiple] [inverse key]zone-c: [mandatory] [multiple] [inverse key]nserver: [mandatory] [multiple] [inverse key]sub-dom: [optional] [multiple] [inverse key]dom-net: [optional] [multiple] [ ]remarks: [optional] [multiple] [ ]notify: [optional] [multiple] [inverse key]mnt-by: [mandatory] [multiple] [inverse key]mnt-lower: [optional] [multiple] [inverse key]refer: [optional] [single] [ ]changed: [mandatory] [multiple] [ ]source: [mandatory] [single] [ ]

Reverse DNS

Request Forms• Guide to reverse zones

http://www.apnic.net/db/revdel.html

• Registering your Rev Delegations with APNIC http://www.apnic.net/db/domain.html

Relevant RFCs• Classless Delegations

http://ftp.apnic.net/ietf/rfc/rfc2000/rfc2317.txt

• Common DNS configuration errorshttp://ftp.apnic.net/ietf/rfc/rfc1000/rfc1537.txt

Reverse DNS

Documentation• Domain name structure and delegation

http://ftp.apnic.net/ietf/rfc/rfc1000/rfc1591.txt

• Domain administrators operations guidehttp://ftp.apnic.net/ietf/rfc/rfc1000/rfc1033.txt

• Taking care of your domainftp://ftp.ripe.net/ripe/docs/ripe-114.txt

• Tools for DNS debugginghttp://ftp.apnic.net/ietf/rfc/rfc2000/rfc2317.txt

AS Assignment Procedures

Policy• Guidelines for the creation, selection, and

registration of an AS http://ftp.apnic.net/ietf/rfc/rfc1000/rfc1930.txt

RFCs• Routing Policy Specification Language (RPSL)

http://ftp.apnic.net/ietf/rfc/rfc2000/rfc2280.txt

• A dedicated AS for sites homed to a single providerhttp://ftp.apnic.net/ietf/rfc/rfc2000/rfc2270.txt

• RFC1997: BGP Communities attributehttp://ftp.apnic.net/ietf/rfc/rfc2000/rfc2270.txt

IPv6

Policy Documents• IPv6 Address Policy

http://ftp.apnic.net/apnic/docs/ipv6-address-policy

• IPv6 Address request formhttp://ftp.apnic.net/apnic/docs/ipv6-alloc-request

Useful reading• The case for IPv6

http://www.6bone.net/misc/case-for-ipv6.html

FAQhttp://www.apnic.net/info/faq/IPv6-FAQ.html

IPv6: HD Ratio 0.8

IPv6 prefix Site addr bits

Total site addrs in /48s Threshold Util%

42 6 64 28 43.5%36 12 4096 776 18.9%35 13 8192 1351 16.5%32 16 65536 7132 10.9%29 19 524288 37641 7.2%24 24 16777216 602249 3.6%16 32 4294967296 50859008 1.2%

8 40 1099511627776 4294967296 0.4%3 45 35184372088832 68719476736 0.2%

RFC3194 “The Host-Density Ratio for Address Assignment Efficiency”

Other supplementary reading

Operational Content Books• ISP Survival Guide, Geoff Huston• Cisco ISP Essentials, Philip Smith

BGP Tablehttp://www.telstra.net/ops/bgptable.html

http://www.merit.edu/ipma/reports

http://www.merit.edu/ipma/routing_table/mae-east/prefixlen.990212.html

http://www.employees.org/~tbates/cidr.hist.plot.html

Routing Instabilityhttp://zounds.merit.net/cgi-bin/do.pl

Other supplementary reading

Routing & Mulithoming• Internet Routing Architectures - Bassam Halabi • BGP Communities Attribute

http://ftp.apnic.net/ietf/rfc/rfc1000/rfc1997.txt

http://ftp.apnic.net/ietf/rfc/rfc1000/rfc1998.txt

Filtering• Egress Filtering

http://www.cisco.com/public/cons/isp

• Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing

http://ftp.apnic.net/ietf/rfc/rfc2000/rfc2267.txt

Other Supplementary Reading

• Dampening case studies at http://www.cisco.com/warp/public/459/16.html

• Traceroute Serverhttp://nitrous.digex.net

• Network Renumbering Overview: Why Would I Want It and What Is It Anyway?

http://ftp.apnic.net/ietf/rfc/rfc2000/rfc2071.txt

• Procedures for Enterprise Renumberinghttp://www.isi.edu/div7/pier/papers.html

• NAT– The IP Network Address Translator

http://ftp.apnic.net/ietf/rfc/rfc1000/rfc1631.txt