1 / 35

What Educational & Research Networks Need To Know About ARIN

This article provides important information for educational and research networks about ARIN's services, IPv4 transfer market, IPv6 addressing plans, and more.

pearlm
Download Presentation

What Educational & Research Networks Need To Know About ARIN

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. What Educational & Research Networks Need To Know About ARIN Jon Worley, Technical Services Lead I-Light 8 May 2019

  2. Topics of Discussion • ARIN 101 • IPv4 Transfer Market • IPv4 Waiting List • Getting IPv6 • IPv6 Addressing Plans • RPKI/DNSSEC

  3. ARIN 101 • Established in 1997 as a nonstock corporation in Virginia, USA • Nonprofit – 100% community funded, fee for services, not number resources • Membership Organization – open, broad-based from private & public sectors and civil society • Community Regulated – Open and transparent, policies developed by community, member-elected executive board

  4. Mission Statement ARIN, a nonprofit, member-based organization, supports the operation of the Internet through the management of Internet number resources throughout its service region; coordinates the development of policies by the community for the management of Internet Protocol number resources; and advances the Internet through informational outreach.

  5. ARIN Service Region Region includes Canada, 25+ Caribbean and North Atlantic economies, & the United States and minor outlying areas

  6. ARIN’s Educational/Research Representation • 1 member of ARIN’s Board of Trustees • Nancy Carter, Treasurer (CFO of CANARIE Inc.) • 1 member of ARIN’s Advisory Council • David Farmer, University of Minnesota • Consider running for office to increase representation!

  7. What Does ARIN Do? • IP address allocations & assignments • ASN assignments • Transfers • Reverse DNS • Record Maintenance • Directory services – Whois, Whowas, RDAP… • ARIN Online (customer web portal) • Security (DNSSEC, RPKI) • Community Software Project Repository • Operation Test & Evaluation (OT&E) Environment

  8. IPv4 Transfer Policies

  9. In-Region Market Transfers • Source account submits the source transfer request via ARIN Online and provides: • resources to be transferred • recipient organization name • Recipient account submits a recipient transfer via ARIN Online

  10. In-Region Market Transfers • Source and recipient tickets linked • $300 fee paid by source (waived if resources are under RSP) • Due diligence check to verify source is authorized to release the resources • If recipient is not pre-approved, verification of 24 month need done

  11. In-Region Market Transfers • Upon approval, the recipient signs a Registration Services Agreement and pays any past due fees • ARIN Financial Services confirms receipt of RSA and any past due fees • Transfer is completed and both source and recipient are notified

  12. Inter-RIR Transfers From ARIN • Source submits an inter-RIR source request via ARIN Online • ARIN verifies the source is authorized to transfer the resources • Upon approval, invoice for $300 transfer fee sent to the source organization (waived if under RSP) • Request sent to recipient RIR

  13. Inter-RIR Transfers From ARIN • When ARIN receives approval from the recipient RIR, ARIN confirms the transfer date with the recipient RIR and waits for confirmation of completion • Upon receiving confirmation from the recipient RIR, ARIN completes the transfer and updates Whois • Notify the Recipient RIR and the ARIN source organization once the transfer process has been completed

  14. Transfers Are Increasing # Completed Transfers 1,104

  15. Transfer Facilitators • ARIN allows registration of transfer facilitators (aka brokers) • ARIN does not provide any information other than contact info • Consider checking with other orgs if you want information about the broker • https://www.arin.net/resources/registry/transfers/stls/registered_facilitators/

  16. Most Specified Transfer Blocks Are Small

  17. IPv4 Waiting List

  18. IPv4 Waiting List Growth

  19. Waiting List Statistics

  20. Requesting IPv6 - ISPs OR OR

  21. IPv6 ISP Block Size

  22. Requesting IPv6 – End Users OR OR OR OR

  23. IPv6 End User Block Size

  24. Subnetting: IPv4 vs IPv6 • The IPv4 mindset: think in terms of IP addresses • “If a site has 50 devices, I give it a /26” • The IPv6 mindset does not work for IPv6 • Last 64 bits used for device autoconfiguration • …and we have a ton of IPv6 addresses • The correct IPv6 mindset: think in terms of subnets, not addresses

  25. IPv6 Subnetting – NANOG BCOP • Each individual network segment gets a /64 • A /64 can hold a near-infinite number of devices • Subnet on nibble boundaries for DNS • /48, /44, /40, etc. • Addressing plans should be hierarchical, with each level using subnets of the same size • Each site gets a /48 • Customers generally get a /48 • PoPs/aggregation points sized based on largest

  26. IPv4 Address Plan: End User Enterprise Network /23 /19 /24 /24 ASH Hub 156 sites /27 for each 4,992 IPs CHI Hub 15 sites /28 for each 240 IPs DAL Hub 8 sites /28 for each 128 IPs SJC Hub 14 sites /27 for each 448 IPs

  27. IPv6 Address Plan: End User Enterprise Network /40 /40 (256 /48s) /40 /40 SJC Hub 14 sites /48 for each site CHI Hub 15 sites /48 for each site ASH Hub 156 sites /48 for each site DAL Hub 8 sites /48 for each site

  28. IPv4 Address Plan: ISP FTTH ISP Network /22 /21 /23 /24 Regina Hub 497 home users (1 IP each) 4 biz customers (/29-/24) = 997 IPs Moose Jaw Hub 497 home users (1 IP each) = 497 IPs Prince Albert Hub 214 home users (1 IP each) = 214 IPs Saskatoon Hub 952 home users (1 IP each) 5 biz customers (/29-/24) = 1,952 IPs

  29. IPv6 Address Plan: ISP FTTH ISP Network /36 (4,096 /48s) /36 /36 /36 Saskatoon Hub 1,027 total users (home + business) = 1,027 /48s Prince Albert Hub 214 total users (home + business) = 214 /48s Moose Jaw Hub 497 total users (home + business) = 497 /48s Regina Hub 506 total users (home + business = 506 /48s

  30. Anatomy of an IPv6 Address 2001:0DB8:3007:000A:B9D3:284A:83E2:90DB /32 from ARIN Hub /36 0 = Saskatoon 1 = Pr. Albert 2 = Moose Jaw 3 = Regina 4 = Future Hub ... etc Site /48 001 = Regina Site 1 002 = Regina Site 2 .... 007 = Regina Site 7 Subnet /64 0001 = Subnet 1 0002 = Subnet 2 .... 000A = Subnet 10 Device /128 Autoconfigured with MAC Address

  31. Resource Public Key Infrastructure (RPKI) • Functionally similar to an Internet Routing Registry (IRR) • IRRs contain route objects which associate a given IP block with an origin AS • RPKI equivalent: route origin authorization (ROA) • Adds cryptographic authentication to ensure the data hasn’t been tampered with

  32. Using RPKI • Hosted RPKI recommended • Generate a ROA request key pair • Submit your public key to ARIN • Generate ROAs via the website

  33. DNSSEC • Increases DNS security • Cryptographically verifies the response from the DNS server hasn’t been tampered with • More useful for forward DNS, but why not add reverse while you’re at it? • DS records you provide to ARIN point to DNSKEY records in your nameserver

  34. Using DNSSEC • Make sure you have access to your organization’s records via ARIN’s website • Use your DNS software to generate the required records • Upload the DS records to ARIN via our website

  35. Questions?

More Related