1 / 259

Welcome! APNIC Members Training Course

Welcome! APNIC Members Training Course. Internet Resource Management Essentials In conjunction with VNNIC 1 st OPM 21 September 2004, Hanoi, Vietnam. Introduction. Presenters John H’ng Training Manager <jhng@apnic.net> Son Tran Member Service Manager <son@apnic.net> Miwa Fujii

elias
Download Presentation

Welcome! APNIC Members Training Course

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Welcome!APNIC Members Training Course Internet Resource Management Essentials In conjunction with VNNIC 1st OPM 21 September 2004, Hanoi, Vietnam

  2. Introduction • Presenters • John H’ng • Training Manager <jhng@apnic.net> • Son Tran • Member Service Manager <son@apnic.net> • Miwa Fujii • Training Officer <miwa@apnic.net> <training@apnic.net>

  3. Assumptions Are current or prospective APNIC member Have not submitted many requests Are not familiar / up-to-date with policies Are not familiar with procedures Objectives Teach members how to request resources from APNIC Keep membership up-to-date with latest policies Liaise with members  Faces behind the e-mails Assumptions & Objectives

  4. Intro to APNIC Policies TEA BREAK (10:15 – 10:45) Whois DB intro Whois database protection and update LUNCH (12:00 – 13:00) Reverse DNS Spam & abuse TEA BREAK (15:00 – 15:30) ASN IPv6 IPv6 reverse DNS Schedule

  5. Introduction to APNIC Asia Pacific Network Information Centre

  6. Intro What is APNIC? • RIR for the Asia Pacific • Regional Internet Registry • Regional authority for Internet Resource distribution • IPv4 & IPv6 addresses, ASNs, reverse dns delegation • Industry self-regulatory body • Non-profit, neutral and independent • Open membership-based structure

  7. Policy dev What is the APNIC community? • Open forum in the Asia Pacific • Open to any interested parties • Voluntary participation • Decisions made by consensus • Public meetings • Next APNIC meeting in Kyoto Japan, Feb 2005 • Mailing lists • web archived • A voice in regional Internet operations through participation in APNIC activities

  8. The policy development process Need Discuss Consensus Implement Report to AMM ML discussion Meeting discussion Proposal (4 w before meeting) Consensus Consensus Consensus Comment period (8 weeks) Implementation (3 months) EC endorsement You can participate! More information about policy development can be found at: http://www.apnic.net/docs/policy/dev

  9. Policy dev How to make your voice heard • Contribute on the public mailing lists • http://www.apnic.net/community/lists/index.html • Attend meetings • Or send a representative • Gather input at forums • Give feedback • Training or seminar events

  10. NIRs in the APNIC region • 6 National Internet Registries (NIRs) • APJII, CNNIC, JPNIC, KRNIC, TWNIC and VNNIC • Should fully implement all applicable APNIC address management policies • Ensuring policy compliance with Internet resources management under their management • APNIC freely allow member LIRs to join NIRs in their country • NIRs freely allow member LIRs to join APNIC

  11. How to raise your voice as a NIR member? • NIRs’ members can raise their voice via NIRs • Raise your voice through your NIR staff/mailing list • NIR Workshop at APNIC OPM • Informal discussion forum amongst NIRs • Better interaction amongst NIRs • NIR SIG at APNIC OPM • Discuss about NIRs issues • Exchange information

  12. APNIC membership Source: APNIC statistic data - Last update August 2004

  13. Intro Resource Services & Registration Services Free attendance at APNIC Members Meetings Participation in the APNIC Community Voting rights at APNIC Meetings Subsidised access to APNIC Training Influence in APNIC Activities Benefits of APNIC membership • NOT: Automatic or easier resource allocation

  14. Intro APNIC is not… • Not a network operator • Does not provide networking services • Works closely with APRICOT forum • Not a standards body • Does not develop technical standards • Works within IETF in relevant areas (IPv6 etc) • Not a domain name registry or registrar • Will refer queries to relevant parties

  15. Intro APNIC region

  16. Resources Services IPv4, IPv6, ASN, reverse DNS Policy development Approved and implemented by membership APNIC whois db whois.apnic.net Registration of resources Routing Registry: irr.apnic.net Information dissemination APNIC meetings Publications Web and ftp site Newsletters, global resource reports Mailing lists Open for anyone! Training Courses Subsidised for members Co-ordination & liaison With membership, other RIRs & other Internet Orgs. APNIC services & activities

  17. Questions ? Material available at: www.apnic.net/training/recent/

  18. Internet Registry Allocation and Assignment Policies

  19. Policies Overview of APNIC policies • Definitions • Background • Objectives • Environment • Allocation & Assignment Policies • Summary

  20. Policy Allocation and Assignment Allocation “A block of address space held by an IR (or downstream ISP) for subsequent allocation or assignment” • Not yet used to address any networks Assignment “A block of address space used to address an operational network” • May be provided to LIR customers, or used for an LIR’s infrastructure (‘self-assignment’)

  21. Policy /8 APNIC Allocation /20 /22 Member Allocation Sub-Allocation /27 /26 /26 /25 /24 Allocation and Assignment APNICAllocatesto APNIC Member APNIC Member Assignsto end-user Allocatesto downstream DownstreamAssignsto end-user Customer / End User Customer Assignments

  22. Policy Portable & non-portable Portable Assignments • Customer addresses independent from ISP • Keeps addresses when changing ISP • Bad for size of routing tables • Bad for QoS: routes may be filtered, flap-dampened Non-portable Assignments • Customer uses ISP’s address space • Must renumber if changing ISP • Only way to effectively scale the Internet  

  23. Policy ISP Allocation ISP Customer Assignments Customer Assignments Aggregation and “portability” Aggregation No Aggregation BGP Announcement (1) BGP Announcements (4) (Non-portable Assignments) (Portable Assignments)

  24. Policy Address management objectives • Aggregation • Limit routing table growth • Support provider-based routing • Conservation • Efficient use of resources • Based on demonstrated need • Registration • Ensure uniqueness • Facilitate trouble shooting Uniqueness, fairness and consistency

  25. Policy Why do we need policies? - Global IPv4 Delegations (pre-RIR) (Still available for allocation)

  26. Policy Projected routing table growth without CIDR Rapid growth due to Large number of longer prefixes announced But the routing table still grows CIDRmade it work for a while ISPs tend to filter longer prefixes DeploymentPeriod of CIDR Growth of global routing table http://bgp.potaroo.net/as1221/bgp-active.html • last updated 07 July 2004

  27. Policy Routing table prefix distribution Last updated Jul 2004

  28. Policy APNIC policy environment “IP addresses not freehold property” • Assignments & allocations on license basis • Addresses cannot be bought or sold • Internet resources are public resources • ‘Ownership’ is contrary to management goals “Confidentiality & security” • APNIC to observe and protect trust relationship • Non-disclosure agreement signed by staff

  29. Policy II Private address space & NAT • Private address space • Not necessary to request from the RIRs • Strongly recommended when no Internet connectivity • 10/8, 172.16/12, 192.168/16 • Network Address Translation (NAT) • Use entirely up to individual organisation • Considerations: • breaks end-to-end model, increases complexity, makes troubleshooting more difficult, introduces single point of failure RFC 1918 RFC 1631 RFC 2993 RFC 1814

  30. Policy II Sub-allocations • No max or min size • Max 1 year requirement • Assignment Window & 2nd Opinion applies • to both sub-allocation & assignments • Sub-allocation holders don’t need to send in 2nd opinions /21 Member Allocation /22 Sub-allocation /27 /24 /26 /26 /25 Customer Assignments Customer Assignments

  31. Policy II Portable critical infrastructure assignments • What is Critical Internet Infrastructure? • Domain registry infrastructure • Root DNS operators • gTLD operators • ccTLD operators • Address Registry Infrastructure • RIRs & NIRs • IANA • Why a specific policy ? • Protect stability of core Internet function • Assignment sizes: • IPv4: /24 • IPv6: /32

  32. Policy II Allocations vs. Announcements • “A comparison of RIR IPv4 Allocation Records with Global Routing Announcements” • Study by Geoff Huston • 4506 Allocations (Jan 03 – Feb 04) • 3641 Allocations announced (865 not announced) • 10904 routing advertisements  Each allocation generates an average of 3.0 routing advertisements

  33. Policy II Less specific announcements • 3641 RIR allocations are advertised (resulting in 10904 routing advertisements), of these • 2938 Advertisements precisely match the RIR Allocation • 80% are doing the right thing!  • 7966 Advertisements are more specifics of 1206 allocations • 20% of the RIR allocations generate more specifics • at an average of 6.6 more specific advertisements per allocation 80% 20%

  34. Policy II Analysis and conclusions • Major contribution to growing routing table is the amount of advertisement fragmentation in allocations • A broader data set shows an improvement in levels of fragmentation since Aug 2000 • Which is good news! • Common to advertise more specific /24s within an allocation • Many of these more specifics appear to be local • Use the BGP community ‘no-export’! • Advertisements of more (local) fragmented specifics could be masked using the ‘no-export’ BGP community tag

  35. Policy APNIC allocation policies • Aggregation of allocation • Provider responsible for aggregation • Customer assignments /sub-allocations must be non-portable • Allocations based on demonstrated need • Detailed documentation required • All address space held to be declared • Address space to be obtained from one source • routing considerations may apply • Stockpiling not permitted

  36. Policy APNIC allocation policies • Transfer of address space • Not automatically recognised • Return unused address space to appropriate IR • Effects of mergers, acquisitions & take-overs • Will require contact with IR (APNIC) • contact details may change • new agreement may be required • May require re-examination of allocations • requirement depends on new network structure

  37. Policy /8 APNIC Non-portable assignment Portable assignment Initial IPv4 allocation New policy • Initial (portable) allocation size and criteria have been lowered: • Allocation size: /21 (2048 addresses)*. • The allocation can be used for further assignments to customers or your own infrastructure. Criteria 1a. Have used a /23 from upstream provider • Demonstrated efficient address usage OR 1b. Show immediate need for /23 • Can include customer projections & infrastructure equipment 2. Detailed plan for use of /22 within 1 year 3. Renumber to new space within 1 year /21 Member allocation *New policy will be implemented 14 Aug 2004

  38. Policy Address assignment policies • Assignments based on requirements • Demonstrated through detailed documentation • Assignment should maximise utilisation • minimise wastage • Classless assignments • showing use of VLSM • Size of allocation • Sufficient for up to 12 months requirement

  39. Policy /8 APNIC /21 Member allocation Non-portable assignment Portable assignments • Small multihoming assignment policy • For (small) organisations who require a portable assignment for multi-homing purposes Criteria 1a. Applicants currently multihomed OR 1b. Demonstrate a plan to multihome within 1 month 2. Agree to renumber out of previously assigned space • Demonstrate need to use 25% of requested space immediately and 50% within 1 year Portable assignment

  40. Portable assignments for IXPs Criteria • 3 or more peers • Demonstrate “open peering policy” • Exception of routing restrictions • restriction upon routability of the assigned block is lifted • can announce this address space to the internet • APNIC has a reserved block of space from which to make IXP assignments

  41. Supporting historical resource transfer • Allow transfers of historical resources to APNIC members • no technical review or approval • historical resource holder must be verified • the recipient of the transfer must be an APNIC member • resources will then be considered "current" • Existing historical resource holders will still be able to update their information as previously

  42. Supporting historical resource transfer • Objective • Bring historical resource registrations into the current policy framework • Implementation • validation and registration of the existing holder • verification of their intention to transfer a resource • verification of the recipient's consent to receive a transfer • registration of the transferred resource

  43. Removing lame delegations • Objective • To repair or remove persistently lame DNS delegations • DNS delegations are lame if: • Some or all of the registered DNS nameservers are unreachable or badly configured

  44. Problems caused by lame delegations • Delays in service binding for clients using affected address ranges • Refusal of service due to failures during DNS processing • Increased DNS traffic • Lame DNS reverse delegations affect • The users of the network in question • Unrelated third parties

  45. Recovery of address space • To recover unused historical IPv4 addresses in the AP region • Unused address space – increasingly the target for hijacking or squatting • Maybe used for illegal or antisocial purposes • i.e. Hacking and spamming • Reclaim such address space for protection • To be Implemented 14 Dec 2004

  46. Protecting historical resource records • Protecting historical resource records in the APNIC Whois Database • To protect historical inetnum and aut-num objects • To prevent unverified transfer of resources. • Existing custodians that wish to maintain records should sign a formal agreement with APNIC and pay service fees (capped at US$100) • To be implemented 14 Dec 2004

  47. APNIC 18 update • Expansion of IPv6 initial allocation • To allow existing IPv6 initial allocation address holders to expand their address space • Without satisfying subsequent allocation criteria • Consensus at APNIC 18 • Current status: Starting 8 weeks comment period

  48. APNIC 18 update • IANA policy for allocation of IPv6 blocks to RIRs • Minimum and initial allocation unit from IANA to RIRs: /12 • To support needs for at least a 36 month period • To allow each RIR to apply its own allocation and reservation strategies • Consensus at APNIC 18 • Current status: Starting 8 weeks comment period

  49. Policy update • Policies are constantly reviewed and revised • Keep up with most recent development • http://www.apnic.net/docs/policy/proposals/

  50. Questions ? Material available at: www.apnic.net/training/recent/

More Related