ip-tutorial-ripe38
advertisement
Welcome to the
IP Tutorial
26 January 2001
RIPE Network Co-ordination Centre
<training@ripe.net>
http://www.ripe.net/ripe/meetings/archive/ripe-37/presentations/lir-tutorial/
Local Internet Registries
.
Training Course
.
http://www.ripe.net
1
Schedule
• Requesting Address Space
• Introduction to RIPE NCC
• Global Registry System
• Initial Administrivia of Becoming LIR
• First Request
• Completing the request form
• Communication with hostmasters
• Customer’s Request
• Elementary evaluation
• RIPE Database
• Evaluation of specific assignment cases
• Large request
• PI request
• Renumbering
• Assignment Window
• New allocation
• IPv6
Local Internet Registries
.
Training Course
.
http://www.ripe.net
2
Introduction to RIPE NCC
Local Internet Registries
.
Training Course
.
http://www.ripe.net
3
What is the RIPE NCC?
• Network Co-ordination Centre
– The RIPE NCC is a “co-ordination” and support
service for its members and RIPE community
• One of 3 Regional Internet Registries (RIR)
• Why a NCC ?
Actions agreed in RIPE community needed
– continuity and professionalism
– neutrality and impartiality
Local Internet Registries
.
Training Course
.
http://www.ripe.net
4
RIPE NCC History
• Birth - April 1992
– TERENA legal umbrella
• Became RIR in September 1992
• Contributing LIRs in 1995
• In 1998 independent
• A new structure (ripe-161)
– not-for-profit association
– General Assembly of all members
– Executive Committee of elected nominees
Local Internet Registries
.
Training Course
.
http://www.ripe.net
5
Formal Decision Making
“Consensus” Model
RIPE proposes activity plan
RIPE NCC proposes budget to accompany
activity plan (ripe-213)
General Assembly votes on both
activities and budget at yearly meeting
Local Internet Registries
.
Training Course
.
http://www.ripe.net
6
Vital Statistics
• Statistics 1992
–
–
–
–
3 staff members
No Local IR’s
182,528 hosts in European Internet
7,955 objects in RIPE database (June ‘92)
• Statistics Now
– 67 staff (22 nationalities)
2,526+ participating Local IR’s
12,088,135+ countable hosts in the RIPE NCC region
3,537,049+ objects in the database
Local Internet Registries
.
Training Course
.
http://www.ripe.net
7
RIPE NCC Member Services
• Registration Services
– IPv4 addresses
– IPv6 addresses
– AS numbers
– LIR Training Courses
•
<hostmaster@ripe.net>
• Reverse domain name delegation
– NOT registering domain names
• Test Traffic Measurements
Local Internet Registries
.
Training Course
.
http://www.ripe.net
8
RIPE NCC Public Services
RIPE whois database maintenance
Routing Registry Maintenance (RR)
• Co-ordination
– RIPE support
– Liaison with:
• LIRs / RIRs / ICANN / etc …
• Information dissemination
• Maintenance of tools
– http://www.ripe.net/ripencc/mem-services/tools/index.html
Local Internet Registries
.
Training Course
.
http://www.ripe.net
9
RIPE Database (1)
• Public Network Management Database
• Information about
objects
IP address space
reverse domains
routing policies
contact details
inetnum, inet6num
domain
route, aut-num
person, role, mntner
• Server whois.ripe.net
• UNIX command line queries
• http://www.ripe.net/ripencc/pub-services/db/
Local Internet Registries
.
Training Course
.
http://www.ripe.net
10
RIPE Database (2)
• Software Management
• server and client
– NOT relational
– RIPE NCC
– Database Working Group (RIPE community)
• Data Management
– LIRs
– other users
– RIPE NCC
• Information content not responsibility of RIPE NCC
• Protection mechanisms not default, but strongly encouraged
Local Internet Registries
.
Training Course
.
http://www.ripe.net
11
RIPE Database v 3.0
• New language (RFC-2622)
Routing Policy Specification Language
– allows for more refined policy details
– will eventually replace ripe-181
– transition to RPSL will be smooth
• RPSL mirror of RIPE DB
– rpsl.ripe.net
• Test re-implementation server
– queries: reimp.ripe.net at port 4343
– updates: <auto-rip@ripe.net>
Local Internet Registries
.
Training Course
.
http://www.ripe.net
12
Summary: RIPE & RIPE NCC
Two separate organisations,
closely interdependent
• RIPE
– open forum for discussing policies
• RIPE NCC
– legitimate, not-for-profit association
– formal membership
– neutral and impartial
Local Internet Registries
.
Training Course
.
http://www.ripe.net
13
Questions?
Local Internet Registries
.
Training Course
.
http://www.ripe.net
14
• Terminology
• Internet Registry System
Local Internet Registries
.
Training Course
.
http://www.ripe.net
15
Terminology
• Allocation
– address space given to registries which is held by
them to assign to customers
• Assignment
– address space given to end-users for use in
operational networks
/20 allocation = 4096 addresses
assignment
Local Internet Registries
assignment
.
Training Course
.
http://www.ripe.net
16
Classful Notation
network
host
8
Class A
0
16,777,216
0.0.0.0 - 127.255.255.255
16
Class B
10
65,536
128.0.0.0 - 191.255.255.255
24
Class C
110
256
192.0.0.0 - 223.255.255.255
• Obsolete because of
– depletion of B space
– too many routes from C space
• Solution
– Classless Inter Domain Routing
hierarchical address space allocation
Local Internet Registries
.
Training Course
.
http://www.ripe.net
17
Classless Notation
Addresses
...
Prefix
...
Classful
...
Net Mask
...
8
/29
255.255.255.248
16
/28
255.255.255.240
32
/27
255.255.255.224
64
/26
255.255.255.192
128
/25
255.255.255.128
256
...
/24
...
1C
...
255.255.255.0
...
4096
/20
16 C’s
255.255.240.0
8192
/19
32 C’s
255.255.224
16384
/18
64 C’s
255.255.192
32768
/17
128 C’s
255.255.128
65536
...
/16
...
Local Internet Registries
1B
255.255.0.0
...
...
.
Training Course
.
http://www.ripe.net
18
Goals of the
Internet Registry System
• Aggregation
• Conservation
• Registration
– uniqueness
Local Internet Registries
.
Training Course
.
http://www.ripe.net
19
Regional Registry Structure
IANA / ICANN
ARIN
RIPE NCC
Local IR
/ ISP
APNIC
Local IR
Enterprise
Local IR
ISP
ISP /
End user
End user
Local Internet Registries
.
Training Course
.
http://www.ripe.net
20
Service Regions
Local Internet Registries
.
Training Course
.
http://www.ripe.net
21
Initial Administrivia of
Becoming LIR
Local Internet Registries
.
Training Course
.
http://www.ripe.net
22
Becoming LIR
• Completed application form (ripe-212)
Provided Reg-ID & contact persons
– <new-lir@ripe.net>
Read relevant RIPE documents
• Signed contract (ripe-191)
– agreed to follow policies and procedures
* Paid the sign-up & yearly fee
– <billing@ripe.net>
Local Internet Registries
.
Training Course
.
http://www.ripe.net
23
Contact Persons
Stored in RIPE NCC internal file for each registry
– confidential
• Only registered contact persons can
– send requests to hostmasters
– change contact information
Use ‘role’ object
– for multiple admin-c and tech-c
• Always sign your e-mail messages
• PGP optional (soon)
Members’ mailing lists
– <local-ir@ripe.net> (lst-localir)
– <ncc-co@ripe.net> (lst-contrib)
Local Internet Registries
.
Training Course
.
http://www.ripe.net
24
Registry Identification (RegID)
• Distinguishes between contributing
registries and individuals
• Format
<country code> . <registry name>
• Include with every message
• Suggestion - modify mail header
X-NCC-RegID: nl.bluelight
Local Internet Registries
.
Training Course
.
http://www.ripe.net
25
New Registry’s First Request
• Completing the request form
• Communication with the hostmaster
Local Internet Registries
.
Training Course
.
http://www.ripe.net
26
Sample First Request
Example: Blue Light Internet
• LIR wants a block of IP addresses
– e.g. for own network / infrastructure
• do not include needs of customers yet
Steps:
Complete request form ripe-141
Send request to <hostmaster@ripe.net>
RIPE NCC evaluate and approve request
With the first assignment RIPE NCC allocates
/20 to the LIR
Local Internet Registries
.
Training Course
.
http://www.ripe.net
27
Request Form
ripe-141
I. General Information
Overview of Organisation
Contact Information
Current Address Space Usage
II. The Request
Request Overview
Addressing Plan
III. Database Information
IV. Optional Information
Local Internet Registries
.
Training Course
.
http://www.ripe.net
28
Completing the Request Form
(starting from Addressing Plan)
Gathering Information
• Design of the network
– how many physical segments it will consist of
– what is each segment going to be used for
• including equipment used
– how many hosts are in each segment
– expectations of growth
Local Internet Registries
.
Training Course
.
http://www.ripe.net
29
#[ Addressing Plan Template ]#
Relative
Prefix
0.0.0.0
0.0.0.128
0.0.0.160
0.0.0.176
0.0.0.192
0.0.1.0
0.0.1.128
0.0.1.160
0.0.1.176
Subnet Mask
Size Imm 1yr 2yr Description
255.255.255.128 128 100 100 100 dynamic dial-up Amsterdam
255.255.255.224 32 10 12 16 web/mail/ftp servers Amsterdam
255.255.255.240 16
8 10 13 customers’ servers Amsterdam
255.255.255.240 16 14 14 14 training room LAN Amsterdam
255.255.255.192 64 24 35 50 Amsterdam office LAN (*1)
255.255.255.128 128
0 100 100 dynamic dial-up Utrecht
255.255.255.224 32
0 12 25 web/mail/ftp servers Utrecht
255.255.255.240 16 14 14 14 Inet cafe Utrecht
255.255.255.240 16
0 0 10 training room LAN Utrecht
448 170 297 342
Totals
(*1) Office LAN = workstations, router, 2 printers and 1 fileserver
Local Internet Registries
.
Training Course
.
http://www.ripe.net
30
#[ Request Overview Template ]#
request-size: 448
addresses-immediate: 170
addresses-year-1:
297
Totals:
448 170 297 342
addresses-year-2:
342
subnets-immediate: 6
subnets-year-1:
8
subnets-year-2:
9
inet-connect: YES, already connected to “UpstreamISP”
country-net: NL
private-considered: Yes
request-refused: NO
PI-requested: NO
address-space-returned: 195.20.42.0/25, to UpstreamISP, “in 3 months”
Local Internet Registries
.
Training Course
.
http://www.ripe.net
31
#[ Current Address Space Usage
Template ]#
Prefix
Subnet Mask
Size Imm 1yr 2yr Description
195.20.42.0
195.20.42.64
195.20.42.96
195.20.42.112
255.255.255.192
255.255.255.224
255.255.255.240
255.255.255.240
64 16 30 50 Dynamic dial-up A’dam
32 10 22 29 Amsterdam office LAN
16 4 6 8 Utrecht office LAN
16 6 10 13 Mail servers
128 36 68 100 Totals
Actual addresses
Local Internet Registries
.
Training Course
.
http://www.ripe.net
32
#[Person template]#
*
*
person:
address:
address:
address:
address:
e-mail:
phone:
nic-hdl:
mnt-by:
changed:
source:
Local Internet Registries
Jan Jansen
Blue Light Internet
Oudezijds Achterburgwal 13
Amsterdam
The Netherlands
jan@bluelight.nl
+31-20-555 5555
AUTO-1
BLUELIGHT-MNT
jan@bluelight.nl 19990906
RIPE
.
Training Course
.
http://www.ripe.net
33
#[Network template]#
inetnum:
netname:
descr:
descr:
country:
admin-c:
* tech-c:
status:
* mnt-by:
changed:
source:
Local Internet Registries
x.x.x.x/23
BLUELIGHT-1
Company infrastructure
in both locations
NL
AB231-RIPE
AUTO-1
ASSIGNED PA
BLUELIGHT-MNT
jan@bluelight.nl 19990906
RIPE
.
Training Course
.
http://www.ripe.net
34
Communication with
<hostmaster@ripe.net>
Local Internet Registries
.
Training Course
.
http://www.ripe.net
35
Ticketing System
• Unique ticket number
– facilitates retrieval / archiving
– NCC#YYYYMMXXXX
e.g. NCC#2001053280
• Check status of ticket on the web
– http://www.ripe.net/cgi-bin/rttquery
• open ncc
• open reg
• closed
– age of your ticket and oldest ticket in queue
Local Internet Registries
.
Training Course
.
http://www.ripe.net
36
Hostmaster-robot
• Checks request form
– Reg-ID, contact persons
– syntax
– policy problems
• Acknowledgement & diagnostics
– LONGACK
• Error message
– correct & re-send the request
– use the same ticket number
– NOAUTO
• No errors: hostmaster wait-queue
– “ongoings” directly to hostmasters
Local Internet Registries
.
Training Course
.
http://www.ripe.net
37
Frequently Asked Questions
• List of answers
– http://www.ripe.net/ripencc/faq/index.html
• Short tips and tricks
– http://www.ripe.net/ripencc/tips/tips.html
• Ask hostmaster
– <lir-help@ripe.net>
– include your Reg-ID
• Supporting Notes for the European IP Address Space
Request Form (ripe-142)
Local Internet Registries
.
Training Course
.
http://www.ripe.net
38
Request Approved
• With the first ASSIGNMENT approved LIR automatically
gets an ALLOCATION
– /20 (4096 addresses)
RIPE NCC hostmaster enters allocation and assignment
objects into the RIPE database at this time
- /24 & /25 & /26 (448) instead of /23 (512)
• Whole allocated range can be announced immediately
• Every request has to be sent for approval to RIPE NCC
– addresses for LIRs own infrastructure
– all customers’ request
Local Internet Registries
.
Training Course
.
http://www.ripe.net
39
Questions?
Local Internet Registries
.
Training Course
.
http://www.ripe.net
40
Customer’s Request
Evaluation
Basic Database Issues
Local Internet Registries
.
Training Course
.
http://www.ripe.net
41
Assignment Process
Gathering
information
Completing
ripe-141
Documentation
completed?
Customer
no
yes
RIPE NCC evaluation
no
Documentation
completed?
approval
Assignment
update local
records
Local Internet Registries
.
notify
customer
update RIPE
database
Training Course
.
http://www.ripe.net
42
Gathering Information
• One request form per customer
• Ask the same questions RIPE NCC asks LIR
– enough information to complete ripe-141
• Add comments
Example: Goody 2 Shoes
Local Internet Registries
.
Training Course
.
http://www.ripe.net
43
Before Submitting the Request
Web form
– filling in the requests
– syntax check
– http://www.ripe.net/cgi-bin/web141/web141.pl.cgi
– ftp://ftp.ripe.net/tools/web141.pl.cgi
• Complete documentation reduces need for iteration
• All the data communicated with RIPE NCC is kept
strictly confidential
• Documentation for RIPE NCC has to be in English
Local Internet Registries
.
Training Course
.
http://www.ripe.net
44
Evaluation -- General Information
• #[Overview of organisation template]#
• information relevant to the address space request
– Name and location of the company?
– What are the company activities?
– What is the structure?
• Does it have subsidiaries and where?
• For what part of the company are the addresses requested?
• #[Requester Template]#
– LIR contact for RIPE NCC
• #[User Template]#
– customer’s contact for LIR
Local Internet Registries
.
Training Course
.
http://www.ripe.net
45
Evaluation -- Addressing Plan
• Do totals in “Addressing Plan” match numbers
in “Request Overview”?
• Are all subnets classless?
– are the subnet masks real?
• Utilisation and efficiency guidelines:
25% immediately, 50% in one year
• Can address space be conserved by using
– different subnet sizes?
– avoiding padding between subnets?
Local Internet Registries
.
Training Course
.
http://www.ripe.net
46
Evaluation -- Network Template
• inetnum value (look-up key, unique)
– specifies the size of assignment
– actual range is not necessary
• Relevant netname (look-up key, not unique)
– descriptive; uppercase letters, numbers & “-”
• RIPE NCC’s only reference to LIR’s assignment
• Contact persons
– can be multiple
reference nic-hdls (may be a role object)
– admin-c
• responsible for the network, able to make decisions
– tech-c
• technical setup of the network
Local Internet Registries
.
Training Course
.
http://www.ripe.net
47
Internal Administration
• Wait for the approval from <hostmaster@ripe.net>
prior to assignment and registration
• Decide on the range of addresses within your
address space
– classless assignment on bit boundary
Assignment for customer’s network
Assignment for LIR’s network
• Update local records for later refference
– archive original documents with assignment
Local Internet Registries
.
Training Course
.
http://www.ripe.net
48
Assignments to (Small) ISPs
• LIR cannot allocate address space to an ISP
• If the customer of LIR is an ISP, distinguish
– ISP’s infrastructure
– ISP’s customers
• Separate assignments need to be
– requested
– evaluated / approved
– registered in the RIPE Database
Avoid overlapping assignments
– i.e. “big” assignment/object for ISP & all its customers,
plus for separate customers
Local Internet Registries
.
Training Course
.
http://www.ripe.net
49
Creating Database Objects
Local Internet Registries
.
Training Course
.
http://www.ripe.net
50
Creating person Object
• Check if person object exists in RIPE DB
– whois {person’s name; email address}
– only one object per person
• Obtain and complete a template
whois -t person
– -v (verbose)
Send to <auto-dbm@ripe.net>
• Each person object has unique nic-hdl
Local Internet Registries
.
Training Course
.
http://www.ripe.net
51
whois -t person
person: [mandatory] [single] [primary/look-up key]
address: [mandatory] [multiple] [ ]
e-mail:
[optional]
[multiple] [look-up key]
phone: [mandatory] [multiple] [ ]
notify:
[optional]
[multiple] [inverse key]
mnt-by: [optional]
[multiple] [inverse-key]
nic-hdl: [mandatory] [single] [primary/look-up key]
changed: [mandatory] [multiple] [ ]
source: [mandatory] [single] [ ]
Local Internet Registries
.
Training Course
.
http://www.ripe.net
52
nic-hdl
• Mandatory attribute
• Only way to clear ambiguity in person objects
• Format: <initials><number>-<regional registry>
– e.g. AB123-APNIC, CD567-RIPE
• Combination of person name and nic-hdl is the
primary key for person object
Use “AUTO-#” placeholders
person: Piet Bakker
...
nic-hdl: PB1234-RIPE
AUTO-1
Local Internet Registries
.
person: Jan van der Bruk
...
nic-hdl: AUTO-2JVDB
AUTO-#initials
JVDB1-RIPE
Training Course
.
http://www.ripe.net
53
<auto-dbm> Responses
• Successful update
– acknowledgement
• Warnings
– object accepted but might be ambiguous
– object corrected and accepted
• Errors
– object NOT corrected and NOT accepted
– diagnostics in acknowledgement
• If not clear send questions to <ripe-dbm@ripe.net>
– include error report
Local Internet Registries
.
Training Course
.
http://www.ripe.net
54
Creating Network Object
• inetnum
– insert the address range in the ‘network template’
from the request form approved by the hostmasters
keep the same netname attribute
– in the change attribute use current date
• or leave out the date completely
• Send to <auto-dbm@ripe.net>
– with the keyword NEW in the subject line
Local Internet Registries
.
Training Course
.
http://www.ripe.net
55
Check Your Database Data
• Before you notify the customer
– whois [customer’s IP range]
– whois [customer’s netname]
• not unique search key
– whois -m [your allocated IP range]
• will show list of all LIR’s first level customer(s) network(s)
• first level more specific address ranges
– whois -L [customer’s IP range]
• will show LIR’s own allocation object
Local Internet Registries
.
Training Course
.
http://www.ripe.net
56
Example DB Query
whois -M 195.35.64.0/19
whois -m 195.35.64.0/19
195.35.64.0 195.35.95.255
195.35.64.0-
195.35.92/29 195.35.92.8/29
195.35.80/25 195.35.88/26
195.35.65.191
BLUELIGHT GOODY2SHOES
ENGOS
...
ENGO-7
ENGO-8
whois -L 195.35.92.10
Local Internet Registries
.
Training Course
.
http://www.ripe.net
57
Notify the Customer
• Make sure customer has same data as you
– cut and paste output of the whois query
• Address space is considered in use only if
registered in the RIPE Database
• Register all end-users separately
– avoid overlapping inetnum objects
Local Internet Registries
.
Training Course
.
http://www.ripe.net
58
Questions?
Local Internet Registries
.
Training Course
.
http://www.ripe.net
59
Evaluation of
Specific Assignment Cases
• ‘Large’ Request
• PI request
• Renumbering
Local Internet Registries
.
Training Course
.
http://www.ripe.net
60
‘Large’ Request
Local Internet Registries
.
Training Course
.
http://www.ripe.net
61
Submitting a Large Request
• Complete ripe-141 request form
– only include addresses you have concrete
need for (no reservations)
• Possible additional information
– pointer to web site
deployment plan
new technologies
purchase receipts
topology map (design of the network)
• can be faxed
• handled and kept confidentially
• include ticket number and Reg-ID
Local Internet Registries
.
Training Course
.
http://www.ripe.net
62
Current Address Space Usage
Evaluation
• Are there any previous assignments?
– ask customer
• Querying the RIPE Database
– whois.ripe.net
• exact match
– http://www.ripe.net/ripencc/pub-services/db/
1 full text search using glimpse
2 whois web interface
• Can request be fulfilled with previous assignment?
Local Internet Registries
.
Training Course
.
http://www.ripe.net
63
Private Address Space
• RFC-1918 (Address Allocation for Private Internets)
• Suitable for
– partial connectivity
– limited access to outside services
• can use application layer gateways (fire walls, NAT)
• Motivation
– saves public address space
– allows for more flexibility
– security
Local Internet Registries
.
Training Course
.
http://www.ripe.net
64
Sample Deployment Plan
• Needed when big expansion planned
• Matching addressing plan
Relative
Size Imm. 1yr 2yr Description
Subnet Mask
Prefix
0.0.0.0 255.255.248.0
0.0.4.0 255.255.248.0
0.0.8.0 255.255.248.0
0.0.12.0 255.255.248.0
Planned
operational
Date
01/2002
03/2002
03/2002
07/2002
2048
2048
2048
2048
0
0
0
0
Date
Equipment
ordered
Type of
Equipment
02/2001
05/2001
05/2001
--------
modems
modems
modems
modems
Local Internet Registries
.
1024 2048
1024 2048
1024 2048
1024 2048
Training Course
Number
of hosts
2048
2048
2048
2048
London POP
Berlin POP
Moscow POP
Paris POP
Location
London
Berlin
Paris
Moscow
.
http://www.ripe.net
65
(New) Technologies
• If special hardware/software is used
• include the URLs of manufacturer’s sites if available
• Special allocation and verification procedures apply
static dial up assignments
IP based virtual web hosting
}
STRONGLY DISCOURAGED
• cable modems, ADSL
• GPRS?
– recommended
investigate and implement dynamic assignment technologies
whenever possible
Local Internet Registries
.
Training Course
.
http://www.ripe.net
66
PI Request
Local Internet Registries
.
Training Course
.
http://www.ripe.net
67
PA vs. PI Assignments
• Provider Aggregatable
• customer uses addresses out of LIR’s allocation
good for routing tables
customer must renumber if changing ISP
• Provider Independent
• customer receives range of addresses from RIPE NCC
customer takes addresses when changing ISP
possible routing problems
• Make contractual agreements
– example: ripe-127
– the only way to distinguish PA and PI space
Local Internet Registries
.
Training Course
.
http://www.ripe.net
68
Requesting PI Space
• LIR sends request on behalf of PI customer
• Complete ripe-141 as usual
• Differences:
#[Request Overview Template]#
PI-requested: YES
#[Network Template]#
status: ASSIGNED PI
• Explain why the customer wants PI
– aware of the consequences?
Local Internet Registries
.
Training Course
.
http://www.ripe.net
69
Evaluation of PI Request
• Conservative estimates
– will NOT get more addresses (then needed) to prevent
routing problems
• Classless
• Assignment is only valid as long as original
criteria remain valid (ripe-185)
• After approval
– RIPE NCC assigns a block from own range
– RIPE NCC puts assignment in database
with RIPE-NCC-HM-PI-MNT
Local Internet Registries
.
Training Course
.
http://www.ripe.net
70
Example PI DB Entry
inetnum:
netname:
descr:
descr:
country:
admin-c:
tech-c:
status:
mnt-by:
mnt-by:
changed:
source:
194.1.208.0 - 194.1.209.255
GOODY2SHOES-2
Own Private Network 4 Goody2Shoes
Amsterdam, Netherlands
NL
PIBA2-RIPE
JAJA1-RIPE
ASSIGNED PI
RIPE-NCC-HM-PI-MNT
BLUELIGHT-MNT
hostmaster@ripe.net 19991111
RIPE
Local Internet Registries
.
Training Course
.
http://www.ripe.net
71
Renumbering
… is easy!
Local Internet Registries
.
Training Course
.
http://www.ripe.net
72
When to Send Renumbering
Request?
• When to Send Renumbering Request?
– Customer(s) changing providers
• already using address space
• returning PA addresses to OldISP
• renumbering to the PA range of NewISP
– Changing from PI (or UNSPECIFIED) to PA
– Only if amount is above LIR’s AW
• Procedure made easier as to encourage
– if many customers ‘1-1’ renumbering, all in one request form
• Time frame guidelines - 3 months
• More info: http://www.isi.edu/div7/pier/
Local Internet Registries
.
Training Course
.
http://www.ripe.net
73
Questions?
Local Internet Registries
.
Training Course
.
http://www.ripe.net
74
Assignment Window
Policies and Procedures
Local Internet Registries
.
Training Course
.
http://www.ripe.net
75
Assignment Window Policy
• Assignment Window
– maximum amount of address space LIR can
assign without prior approval of the NCC
initially AW equals zero
gradually raised
• Why necessary?
–
–
–
–
support to LIRs during start up
familiarisation with RIPE NCC procedures
align criteria for request evaluation
maintain contact between LIRs and RIPE NCC
Local Internet Registries
.
Training Course
.
http://www.ripe.net
76
Initially: AW=0
• Send
EVERY customer’s request
and
EVERY request for assignment to your own
infrastructure / network
to the RIPE NCC for evaluation
• Separate request forms needed
• Do not send too many at the same time
Local Internet Registries
.
Training Course
.
http://www.ripe.net
77
When is AW Size Raised
• Understood procedures
• Complete NCC documentation
• Experience
– with RIPE Database
– different policies
– evaluating and processing requests
Not always automatically raised
approach us
Local Internet Registries
.
Training Course
.
http://www.ripe.net
78
When is AW Size Lowered
• New staff need training
After negative auditing report
To enforce payment
To find out the AW size
– asm-window line
– write to <lir-help@ripe.net>
Local Internet Registries
.
Training Course
.
http://www.ripe.net
79
Assignment Window Size
Assignment
Window
AW =0
AW =/28
AW =/27
AW =/26
Local IR Assignment limit
(host addresses)
All new Registries
requests 16 addr
requests 32 addr
requests 64 addr
...
...
AW =/22
AW =/21
requests 1024 addr
requests 2048 addr
…
Increasing
Responsibility
of Local IR
...
AW size corresponds to average size of requests
AW is per 12 months per customer
Local Internet Registries
.
Training Course
.
http://www.ripe.net
80
Assignment Process
Between Local IR’s and their customers
Gathering
information
Documentation
completed?
yes
Evaluation
LIR Evaluate
request
no
ask for more
Documentation
no
no
request > AW?
need 2nd opinion?
yes
ye
s
Approach RIPE NCC
Local Internet Registries
.
Training Course
Finish the assignment
.
http://www.ripe.net
81
Assignment Process
( Finish the assignment )
( Approach RIPE NCC )
Pick
addresses
Complete the
request form
Add Registry ID
Update local
records
Add comments &
recommendations
Update RIPE
database
Send to RIPE NCC
Wait for
acknowledgement
<hostmaster@ripe.net>
RIPE NCC
evaluates &
approves
Notify
customer
( Finish the assignment )
Local Internet Registries
.
Training Course
.
http://www.ripe.net
82
Questions?
Local Internet Registries
.
Training Course
.
http://www.ripe.net
83
New allocation
Local Internet Registries
.
Training Course
.
http://www.ripe.net
84
Allocation Procedures
• ‘Slow Start’
– first allocation /20
• LIR announces the whole prefix
– size of future allocations depends on current usage rate
• presumably enough for next two years
• not always contiguous
• Motivation for ‘slow start’
– fair distribution of address space
– keeps pace with customer base growth
– slows down exhaustion of IPv4 address space
Local Internet Registries
.
Training Course
.
http://www.ripe.net
85
Motivation for
‘No Reservations’ Policy
• Def.: Address space set aside for future use
• Reservations may never be claimed
– customers may need more (or less) address space
than is reserved
• Administrative convenience not catered for
• Fragments address space =>
– requesting new allocation appropriate when
previous allocated space used ~ 80% !
Local Internet Registries
.
Training Course
.
http://www.ripe.net
86
Requesting New Allocation
• Send e-mail to <hostmaster@ripe.net>
• NOT ripe-141 form
• NEWBLOCK in the subject line for higher priority
– summary of addresses assigned / free
– list assignments of the last allocation
Suggested format:
Allocation: 195.35.64.0/19
assigned: 7372
free: 820
Range
195.35.64.0 - 195.35.65.191
195.35.80.0 - 195.35.80.127
195.35.80.128 - 195.35.80.159
195.35.88.0 - 195.35.88.31
...
Local Internet Registries
.
Training Course
Netname
BLUELIGHT-1
GOODY2SHOES-1
CYB-FAL
ENGOS-1
.
http://www.ripe.net
87
Evaluation of
New Allocation Request
• Are LIR’s records consistent with
• RIPE NCC’s local records
• RIPE database
– RIPE NCC wants to see 3 random requests
• Are all assignments valid?
• within AW
• correct netname attribute & the date
• Quality of RIPE DB records
• up-to-date person & role objects
• no overlapping inetnum objects
• Tool available: asused-public
Local Internet Registries
.
Training Course
.
http://www.ripe.net
88
Prior to Making New Allocation
• If inconsistencies are found
– LIR will be asked to correct data first
– AW is reviewed
• When data is corrected
or deadline for correction is set
– RIPE NCC
• allocates new block to LIR
updates the DB
• LIR announces new prefix
Local Internet Registries
.
Training Course
.
http://www.ripe.net
89
Allocation inetnum Object
inetnum:
netname:
descr:
country:
admin-c:
tech-c:
status:
mnt-by:
mnt-lower:
changed:
changed:
changed:
source:
195.35.64.0 - 195.35.127.255
NL-BLUELIGHT-19990909
Provider Local Registry
NL
JJ231-RIPE
JAJA1-RIPE
ALLOCATED PA
RIPE-NCC-HM-MNT
BLUELIGHT-MNT
hostmaster@ripe.net 19990909
hostmaster@ripe.net 19991111
hostmaster@ripe.net 20000303
RIPE
Local Internet Registries
.
Training Course
.
http://www.ripe.net
90
Questions?
Local Internet Registries
.
Training Course
.
http://www.ripe.net
91
IPv6
Local Internet Registries
.
Training Course
.
http://www.ripe.net
92
Why IPv6?
• Next generation protocol
–
–
–
–
scalability -- 128 bits addresses
security
dynamic hosts numbering
QoS
• Interoperable with IPv4
• simple and smooth transition
– hardware vendors
– applications
Local Internet Registries
.
Training Course
.
http://www.ripe.net
93
IPv6 Introduction
• Current format boundaries
|-3|--13-|--13-|-6-|--13-|--16--|------64 bits-----|
+--+-----+-----+---+-----+------+------------------+
|FP|-TLA-|-sub-|Res|-NLA-|--SLA-|---Interface ID---|
|--|-ID--|-TLA-|---|--ID-|--ID--|------------------|
|----public topology ----|-site-|-----Interface----|
+--+-----+-----+---+-----+------+------------------+
/23 /29 /35
/48
/64
• Classfull; another level of hierarchy
– (sub)TLA
– NLA
– SLA
• Hexadecimal representation of addresses
Local Internet Registries
.
Training Course
.
http://www.ripe.net
94
IPv6 Allocation Policies
• "Provisional IPv6 Assignment and Allocation Policy Document”
(ripe-196)
– discussion on ipv6-wg@ripe.net and lir-wg@ripe.net
• Bootstrap Phase Criteria
Peering with 3 Ases
AND
Plan to provide IPv6 services within 12 months
40 IPv4 customers
AND either
OR
6bone experience
Local Internet Registries
.
Training Course
.
http://www.ripe.net
95
IPv6 Allocations
• Request form (ripe-195)
• ”Slow start”
– first allocation to a TLA Registry will be a /35 block
• representing 13 bits of NLA space
– additional 6 bits reserved by RIR for the allocated
sub-TLA for subsequent allocations
• Reverse Delegation of an IPv6 Sub-TLA
– http://www.ripe.net/reverse/
• IANA allocations
– APNIC
– ARIN
– RIPE NCC
Local Internet Registries
2001:0200::/23
2001:0400::/23
2001:0600::/23
.
Training Course
(23 subTLAs)
(12 subTLAs)
(25 subTLAs)
.
http://www.ripe.net
96
Database Object
inet6num:
netname:
descr:
descr:
country:
admin-c:
admin-c:
tech-c:
status:
mnt-by:
mnt-lower:
changed:
source:
Local Internet Registries
2001:0600::/23
EU-ZZ-2001-0600
RIPE NCC
European Regional Registry
EU
MK16-RIPE
DK58
OPS4-RIPE
SUBTLA
RIPE-NCC-HM-MNT
RIPE-NCC-HM-MNT
hostmaster@ripe.net 19990810
RIPE
.
Training Course
.
http://www.ripe.net
97
Questions?
Local Internet Registries
.
Training Course
.
http://www.ripe.net
98
The End …
unless...
• Reverse Delegation
• AS Numbers
• Advanced database issues
• Advanced reverse delegation
• Routing Registry
• Administrivia
–audit activity, billing, closing LIR
Local Internet Registries
.
Training Course
.
http://www.ripe.net
99
Reverse Delegation Procedures
Local Internet Registries
.
Training Course
.
http://www.ripe.net
100
What is Forward and Reverse
DNS Delegation ?
• Forward Delegation
– enables naming of IP hosts on the Internet
– hierarchical authority for domain registration
• organisational structure
• Reverse Delegation
– enables association of IP addresses with domain names
– hierarchical authority for reverse zone
• depends on who distributed the address space
– reverse delegation takes place on octet boundaries
Local Internet Registries
.
Training Course
.
http://www.ripe.net
101
IN-ADDR.ARPA Domain
.
(ROOT)
nl
edu
arpa
com
net
bluelight
amsterdam
in-addr
www 195.35.65.130
217 212
213
193
195
194
62
35
Forward mapping
(A 195.35.65.130)
65
Reverse mapping
130 = 130.65.35.195.in-addr.arpa
(PTR www.amsterdam.bluelight.nl)
Local Internet Registries
.
Training Course
.
http://www.ripe.net
102
Why Do You Need
Reverse DNS Delegation ?
• All host-IP mappings in the DNS (A record)
should have a corresponding IP-host mapping
(PTR record)
• Failure to have this will likely
– block users from various services (ftp, mail)
– make troubleshooting more difficult
– produce more useless network traffic in general
Local Internet Registries
.
Training Course
.
http://www.ripe.net
103
Overview of the
Request Procedure
• LIRs have to request reverse delegation
• /24 zones are delegated
– to LIR / end-user
– as the address space gets assigned
• Steps
valid assignment of address space
/24 reverse zone setup
on LIR or end-users nameserver(s), or both
send domain object to <auto-inaddr@ripe.net>
• include Reg-ID
Local Internet Registries
.
Training Course
.
http://www.ripe.net
104
“Valid” Assignment
• According to ripe-185 policies
Within “Assignment Window”
- or approved from RIPE NCC Hostmaster
• inetnum object registered in RIPE Database
– netname attribute is NCC's only reference if
assignment approved
• do NOT change netname without notifying
<hostmaster@ripe.net>
this is mentioned when we approve your IP requests
– registered after the approval date
Local Internet Registries
.
Training Course
.
http://www.ripe.net
105
/24 Reverse Zone Setup
Recommendations
• At least two nameservers required
– one nameserver setup as primary
– at least one other as secondary
• SOA values reasonably RFC1912 compliant
• Nameservers not on same physical subnet
– preferably with another provider
• Serial numbers YYYYMMDDnn format
Local Internet Registries
.
Training Course
.
http://www.ripe.net
106
Example domain Object
whois -t domain
*
domain: 80.35.195.in-addr.arpa
descr:
Reverse delegation for Bluelight Customers
admin-c: JJ231-RIPE
tech-c: JAJA1-RIPE
zone-c: WF2121-RIPE
nserver: ns.bluelight.nl
nserver: ns2.bluelight.nl
mnt-by: BLUELIGHT-MNT
changed: jan@bluelight.nl 19991110
source: RIPE
Local Internet Registries
.
Training Course
.
http://www.ripe.net
107
Request the Delegation
• Send domain template to <auto-inaddr@ripe.net>
– an automatic mailbox
• Tool will
– check assignment validity
– check if zone is correctly setup
– (try to) enter object to RIPE DB
Local Internet Registries
.
Training Course
.
http://www.ripe.net
108
Problems with inaddr Robot?
• Error report will be sent to requester
– correct errors and re-send
• For questions see FAQ
• If error reports continue
– contact <inaddr@ripe.net>
– please include the full error report
Local Internet Registries
.
Training Course
.
http://www.ripe.net
109
< /24 Delegations
Reverse delegation is also possible for a /24 shared by
more customers
=> NOT reason for classfull assignments
• RIPE NCC reverse delegate authority for the entire
/24 to LIR
– procedure and requirements the same as for /24
• If customer wants to run own primary nameserver
– LIR delegates parts as address space gets assigned
– use CNAME to create an extra point of delegation
(RFC-2317)
Local Internet Registries
.
Training Course
.
http://www.ripe.net
110
CNAME Example
Zonefile at Provider Primary Nameserver
$ORIGIN 80.35.195.in-addr.arpa.
0-31
0-31
32-71
32-71
IN
IN
IN
IN
NS
NS
NS
NS
0
1
...
31
IN
IN
CNAME
CNAME
IN
CNAME
32
33
...
71
IN
IN
CNAME
CNAME
IN
CNAME
73
IN
PTR
Local Internet Registries
ns.goody2shoes.nl.
ns2.bluelight.nl.
ns.cyberfalafel.nl.
ns2.bluelight.nl.
0.0-31
1.0-31
...
31.0-31
32.32-71
33.32-71
...
71.32-71
www.qwerty.nl.
.
Training Course
.
http://www.ripe.net
111
CNAME Example
Zonefiles at Customers’ Nameservers
$ORIGIN 0-31.80.35.195.in-addr.arpa.
@
@
IN
IN
1
2
...
31
NS
NS
ns.goody2shoes.nl.
ns2.bluelight.nl.
IN
IN
PTR
PTR
IN
PTR
www.goody2shoes.nl.
mail.goody2shoes.nl.
...
kantoor.goody2shoes.nl.
$ORIGIN 32-71.80.35.195.in-addr.arpa.
@
@
IN
IN
33
...
70
NS
NS
ns.cyberfalafel.nl.
ns2.bluelight.nl.
IN
PTR
IN
PTR
Local Internet Registries
.
www.cyberfalafel.nl.
...
cafe3.cyberfalafel.nl.
Training Course
.
http://www.ripe.net
112
Questions?
Local Internet Registries
.
Training Course
.
http://www.ripe.net
113
Autonomous System Numbers
Local Internet Registries
.
Training Course
.
http://www.ripe.net
114
Policy Based Routing
end-user
end-user
AS2
Internet
AS2
ISP
AS3
Backbone
Provider
Regional Transit Provider
BlueLight
Goody2Shoes
NEW
Internet
Local Internet Registries
.
Training Course
.
http://www.ripe.net
115
Autonomous System
• Definition:
a group of IP networks run by one or more network
operators which has a unique and clearly defined
routing policy
• RIR is allocated a range of AS numbers by IANA
– 16 bit number
• RIR assigns unique AS number
– for LIR or for the customer
* AS number, routing policy and originating routes
are registered in the Routing Registry
Local Internet Registries
.
Training Course
.
http://www.ripe.net
116
How To Get an AS Number ?
• Complete request form: ripe-147
– aut-num object template
• contact person(s)
mntner object template
– address space to be announced with this AS#
• Send to <hostmaster@ripe.net>
– web syntax check: http://www.ripe.net/cgi-bin/web147cgi
• Being multihomed and routing policy are
mandatory
Local Internet Registries
.
Training Course
.
http://www.ripe.net
117
RIPE-181 Language
• RIPE-181 used to describe routing policies
• Developed in PRIDE project
– accepted in IRR and translated into RFC-1786
• Example syntax:
aut-num: NEW
as-out: to AS3 announce NEW
as-in:
from AS2 200 accept AS2
• Cost defines the preference
– the lower the cost, the more preferred route
– cost relative per aut-num object
Local Internet Registries
.
Training Course
.
http://www.ripe.net
118
AS Example #1
Internet
aut-num: AS3
as-out: to NEW announce ANY
as-in: from NEW 10 accept NEW
AS3
AS2
NEW
aut-num: NEW
aut-num: AS2
as-out: to AS2 announce NEW
as-in: from AS2 10 accept AS2
as-in: from AS3 100 accept ANY
as-out: to AS3 announce NEW
as-in: from NEW 20 accept NEW
as-out: to NEW announce AS2
Local Internet Registries
.
Training Course
.
http://www.ripe.net
119
AS Example #2
Internet
aut-num: AS3
as-out: to NEW announce ANY
as-in: from NEW 10 accept NEW
AS3
AS2
NEW
aut-num: NEW
aut-num: AS2
as-out: to AS2 announce NEW
as-in: from AS2 10 accept AS2
as-in: from AS3 100 accept ANY
as-out: to AS3 announce NEW
as-in: from AS2 200 accept ANY
as-in: from NEW 20 accept NEW
as-out: to NEW announce AS2
ANY
Local Internet Registries
.
Training Course
.
http://www.ripe.net
120
Registration in RIPE Database
• Evaluation
• RIPE NCC hostmaster
- creates aut-num object (and maintainer)
- informs requester
• User is responsible for keeping up to date
– routing policy
– referenced contact info (person/role, mntner)
• RIPE NCC hostmaster regularly checks
consistency of data in Routing Registry
– http://abcoude.ripe.net/ris/asinuse.cgi
Local Internet Registries
.
Training Course
.
http://www.ripe.net
121
aut-num Template
Object
*
aut-num: NEW
AS42
descr:
Bluelight AS#
as-in: from AS2 10 accept AS2
as-in: from AS2 200 accept ANY
as-in: from AS3 100 accept ANY
AS42
as-out: to AS3 announce NEW
as-out: to AS2 announce NEW
AS42
default: AS2 5
admin-c: JJ231-RIPE
tech-c: JAJA1-RIPE
mnt-by: NEW-MNT
BLUELIGHT-MNT
changed: hostmaster@ripe.net 19991010
source: RIPE
Local Internet Registries
.
Training Course
.
http://www.ripe.net
122
Questions?
Local Internet Registries
.
Training Course
.
http://www.ripe.net
123
Advanced Database Issues
• DB administration
– using role object
– updating
– deleting
• Protection
• Test Database
Local Internet Registries
.
Training Course
.
http://www.ripe.net
124
‘role’ Object
% whois -h whois.ripe.net -t role
role:
address:
phone:
fax-no:
e-mail:
trouble:
admin-c:
tech-c:
nic-hdl:
remarks:
notify:
mnt-by:
changed:
source:
[mandatory]
[mandatory]
[optional]
[optional]
[mandatory]
[optional]
[mandatory]
[mandatory]
[mandatory]
[optional]
[optional]
[optional]
[mandatory]
[mandatory]
Local Internet Registries
.
[single]
[multiple]
[multiple]
[multiple]
[multiple]
[multiple]
[multiple]
[multiple]
[single]
[multiple]
[multiple]
[multiple]
[multiple]
[single]
Training Course
[primary/look-up key]
[]
[]
[]
[look-up key]
[]
[inverse key]
[inverse key]
[primary/look-up key]
[]
[inverse key]
[inverse key]
[]
[]
.
http://www.ripe.net
125
Role Object for Contact Persons
role:
description:
admin-c:
tech-c:
tech-c:
email:
trouble:
nic-hdl:
notify:
notify:
mntner:
changed:
source:
BlueLight Contact Role
Hostmaster for Blue Light BV
JAJA1-RIPE
AB321-RIPE
WF2121-RIPE
hostmaster@bluelight.nl
24/7 phone number: +31-60-123-4567
BL112-RIPE
jan@bluelight.nl
auto-hm@bluelight.nl
BLUELIGHT-MNT
hostmaster@bluelight.nl 20000202
RIPE
Local Internet Registries
.
Training Course
.
http://www.ripe.net
126
Inverse Lookups in RIPE DB
• whois -i {attribute} {value}
• whois -i admin-c,tech-c,zone-c JAJA1-RIPE
– whois -i admin-c,tech-c,zone-c -T domain JAJA1-RIPE
– whois -i zone-c JAJA1-RIPE
• whois -i mnt-by BLUELIGHT-MNT
• whois -i notify jan@bluelight.nl
Local Internet Registries
.
Training Course
.
http://www.ripe.net
127
Recursive Lookups
• whois 193.35.64.82 => inetnum,route,person(s)
–
–
–
–
whois -r 193.35.64.82
=> inetnum, route
whois -T inetnum 193.35.64.82 => inetnum,persons
whois -r -T inetnum 193.35.64.82 => inetnum
whois -T route 193.35.64.82
=> route
• whois 62.80.0.0 => inetnum, role, person
– whois CREW-RIPE => role, persons
– whois -r CREW-RIPE => role
Local Internet Registries
.
Training Course
.
http://www.ripe.net
128
DB Update Procedure
• Changing an object
– make needed changes
– keep the same primary key
– add the changed line to the new version of object
• value: email address and date
• keep the old changed lines in
* do not forget authentication (password, PGP key)
Deleting an object
– add delete line to the exact copy of current object
– value: email address, reason and date
– submit to the database
Local Internet Registries
.
Training Course
.
http://www.ripe.net
129
Case Study -Contact Person Left
1. whois -i tech-c JAJA1-RIPE
2. Create new person object (for Carl Dickens, new guy)
3. Change the tech-c reference in all inetnum objects
4. Delete old person object
Inetnum:
person:
person:
JAJA1-RIPE
CD2-RIPE
195.35.64.80
JAJA1-RIPE
CD2-RIPE
...
Inetnum:
195.35.64.130
CD2-RIPE
JAJA1-RIPE
Local Internet Registries
.
Training Course
.
http://www.ripe.net
130
Replacing tech-c Using role Object
1. Create person object for each tech-c
2. Create role object for all tech-c:s
3. Change the tech-c reference in all inetnum
objects to reference role object
4. Keep role object up-to-date with staff changes
person:
role:
person:
195.35.64.80
BL112-RIPE
JJ231-RIPE
JJ231-RIPE
...
JJ231-RIPE
CD2-RIPE
BL112-RIPE
CD2-RIPE
195.35.64.130
BL112-RIPE
JJ231-RIPE
Local Internet Registries
.
Training Course
.
http://www.ripe.net
131
Deleting an Object (example)
person:
Piet Bakker
address: Goody 2 Shoes
address: Warmoesstraat 1
Exact copy
address: Amsterdam
of the DB object
phone:
+31-20-666 6666
e-mail:
piet@goody2shoes.nl
nic-hdl:
PIBA2-RIPE
changed: jan@bluelight.nl 19991010
source:
RIPE
delete: hostmaster@bluelight.nl duplicate object 20000202
Local Internet Registries
.
Training Course
.
http://www.ripe.net
132
Protecting DB Objects
Local Internet Registries
.
Training Course
.
http://www.ripe.net
133
Notification / Authorisation
• notify attribute (optional)
– sends notification of change to the email address
specified
mnt-by attribute & mntner object
– objects that contain mnt-by must pass the
authentication rules in the mntner object
Hierarchical authorisation for inetnum & domain
objects
– mnt-lower attribute
Local Internet Registries
.
Training Course
.
http://www.ripe.net
134
How To Protect DB Data
• Read documents (ripe-157, ripe-189)
choose authentication method
Create mntner object
• Existing objects must be updated
– include mnt-by attribute referencing mntner object
• When creating new objects
– include mnt-by attribute referencing mntner object
Local Internet Registries
.
Training Course
.
http://www.ripe.net
135
Authorisation Mechanism
inetnum:
netname:
descr:
195.35.64.0 - 195.35.65.191
BLUELIGHT-1
Blue Light Internet
…………..
mnt-by: BLUELIGHT-MNT
mntner:
descr:
admin-c:
tech-c:
auth:
upd-to:
mnt-nfy:
mnt-by:
changed:
source:
BLUELIGHT-MNT
Maintainer for all Bluelight objects
JJ231-RIPE
BL112-RIPE
CRYPT-PW q5nd!~sfhk0#
jan@bluelight.nl
auto-mnt@bluelight.nl
BLUELIGHT-MNT
hostmaster@bluelight.nl 19991112
RIPE
Local Internet Registries
.
Training Course
.
http://www.ripe.net
136
Maintainer Object Attributes
auth attribute (mandatory, multiple)
• upd-to attribute (mandatory)
– notification for failed updates
• mnt-by attribute (mandatory)
– can reference the object itself
• mnt-nfy attribute (optional, encouraged)
– works like notify but for all objects that refer to this
maintainer object
• Manual registration of object necessary
• Send object to <ripe-dbm@ripe.net>
Local Internet Registries
.
Training Course
.
http://www.ripe.net
137
Authentication Methods
1. auth: NONE
• could be used with mnt-nfy attribute
2. auth: MAIL-FROM {e-mail, reg-exp}
– e.g. MAIL-FROM .*@bluelight\.nl
• protection from typos
3. auth: CRYPT-PW {encrypted password}
• include password attribute in your updates
4. auth: PGP-KEY-<argument>
key-cert object
see: ripe-190 & ripe-189
RIPE NCC can provide you with a licence for free
Local Internet Registries
.
Training Course
.
http://www.ripe.net
138
Hierarchical Authorisation
inetnum:
195.35.64.0 - 195.35.95.255
netname: NL-BLUELIGHT-19990909
…
...
status:
ALLOCATED PA
mnt-by:
RIPE-NCC-HM-MNT
mnt-lower: BLUELIGHT-MNT
changed: hostmaster@ripe.net 19990909
changed: hostmaster@ripe.net 19991111
TEST
source:
• Ask <lir-help@ripe.net> for mnt-lower attribute
• mnt-lower protects
– only against creation
– only one level below
• Include also in assignment inetnum objects
Local Internet Registries
.
Training Course
.
http://www.ripe.net
139
Test Database
• Non-production whois Database
• Similar interface as “real” RIPE whois Database
– whois & email
• whois -h test-whois.ripe.net ; <test-dbm@ripe.net>
– syntax checking
– error reports
• Enable to submit your own maintainer
• Ideal for testing
– various authorisation schemes
– self-made scripts that update RIPE DB
• Source: TEST
Local Internet Registries
.
Training Course
.
http://www.ripe.net
140
Questions?
Local Internet Registries
.
Training Course
.
http://www.ripe.net
141
Advanced Reverse Delegation
Local Internet Registries
.
Training Course
.
http://www.ripe.net
142
Reverse Delegation of Multiple /24
– for range of consecutive zones
• possible also for sub-range
– represented in single inetnum object
• Shorthand notation for domain attribute
inetnum: w.z.x.0 - w.z.y.255 212.73.10.0-212.73.15.255
domain: x-y.z.w.in-addr.arpa 10-15.73.212.in-addr.arpa
• Submit as one domain object
• Processed separately
• Separate response
Local Internet Registries
.
Training Course
.
http://www.ripe.net
143
Reverse Delegation
of /16 Allocation
• If a LIR has a /16 allocation, the RIPE NCC can
delegate the entire reverse zone to the LIR
• Requirements and procedures the same as /24,
except
– /16 domain object
– three nameservers needed
– ns.ripe.net a mandatory secondary
• After delegation LIR
– should continue to check sub-zone setup before
further delegation
– recommended use of the inaddr robot TEST keyword
or web check
Local Internet Registries
.
Training Course
.
http://www.ripe.net
144
Changing Delegation
• Change the nserver lines in domain object
– submit domain object to <auto-inaddr@ripe.net>
• To change contact details in domain object
– submit updated object to <auto-dbm@ripe.net>
• Deleting a delegation is automatic
– include delete attribute to the exact copy of the object
– send to <auto-inaddr@ripe.net>
Local Internet Registries
.
Training Course
.
http://www.ripe.net
145
Common Errors
• DB / request inconsistency
(netname attribute, update date)
• IP addresses instead of names of nameservers
in domain object
• Trying to get reverse delegation for /19
allocation
– has to be on octet boundaries
– send request for each /24 as it becomes used
• DNS setup (RFC-1912)
Local Internet Registries
.
Training Course
.
http://www.ripe.net
146
Useful DNS Tools
• nslookup (part of BIND)
• host
• dig
• More detailed info
– http://www.dns.net/dnsrd/tools.html
Local Internet Registries
.
Training Course
.
http://www.ripe.net
147
Questions?
Local Internet Registries
.
Training Course
.
http://www.ripe.net
148
Routing Registry
Local Internet Registries
.
Training Course
.
http://www.ripe.net
149
Internet Routing Registry (IRR)
• Goals of the IRR
– consistency and stability of routing
– enable development of tools to use information
• Local IR responsibilities
– maintain policy information in RR
• Regional IR responsibilities
– assigning Autonomous System Numbers
– consistency checking of data
– maintenance of RR support tools
Local Internet Registries
.
Training Course
.
http://www.ripe.net
150
Internet Routing Registry
• Globally distributed DB with routing policy information
–
–
–
–
–
provides a map of global routing policy
shows routing policy between any two ASes
allows simulation of routing policy effects
enables router configuration
provides contact information
• RIPE Routing Registry
– subset of information in RIPE database
– syntax description in ripe-181
Local Internet Registries
.
Training Course
.
http://www.ripe.net
151
Global Internet Routing Registry
IRR
APNIC
RIPE RR
RADB
...
C&W
ARIN
http://www.radb.net/docs/list.html
Local Internet Registries
.
Training Course
.
http://www.ripe.net
152
Routing Registry Objects
• aut-num
route
as-macro
• community
• dom-prefix
• inet-rtr
Local Internet Registries
.
Training Course
.
http://www.ripe.net
153
The Route Object
route:
descr:
origin:
mnt-by:
changed:
source:
•
•
•
•
195.35.64/19
BLUELIGHT-NET
AS42
BLUELIGHT-MNT
hostmaster@bluelight.com 19991010
RIPE
Represents a “route” in the Internet
Should be registered by LIR in the RR
This route originates in AS42
Only one origin recommended
Local Internet Registries
.
Training Course
.
http://www.ripe.net
154
“cross-mnt” Attribute in
“aut-num” Object
route: 195.35.64/19
origin: AS42
[…]
route: 195.35.74/25
origin: AS9999
(new)
[…]
aut-num: AS42
cross-mnt: BLUELIGHT-MNT
[…]
mntner: BLUELIGHT-MNT
mnt-nfy: auto-mnt@bluelight.net
[…]
<auto-mnt@bluelight.net> gets a notification
Local Internet Registries
.
Training Course
.
http://www.ripe.net
155
as-macro
as-macro: AS-ARCON
descr:
ARCON TML customers AS list
as-list:
AS8955 AS6809 AS12500 AS-MACRO-B
tech-c:
BZ318-RIPE
admin-c: VV82
mnt-by:
ARCON-MNT
changed: roman@itar-tass.com 19990914
source:
RIPE
Local Internet Registries
.
Training Course
.
http://www.ripe.net
156
as-macro Usage
aut-num:
descr:
...
as-out:
as-out:
...
AS8955
ARCON Autonomous System
aut-num:
descr:
descr:
as-in:
...
AS8563
DirectNet Autonomous System
JSC DirectNet Telecommunications
from AS8955 100 accept AS-ARCON
to AS8563 announce AS-ARCON
to AS2854 announce AS-ARCON
Local Internet Registries
.
Training Course
.
http://www.ripe.net
157
whois Flags in RR
• whois -T route 195.35.64/19
• whois -i origin AS42
• whois -i mnt-by BLUELIGHT-MNT
• whois -i cross-mnt BLUELIGHT-MNT
• whois -v as-macro
• whois -a <IP address or range>
• whois -h whois.arin.net <IP address or range>
Local Internet Registries
.
Training Course
.
http://www.ripe.net
158
RR Tools
• RAToolSet
• sources: http://www.isi.edu/ra/*
–
–
–
–
AS Object Editor (aoe)
Aggregation optimisation (CIDR Advisor)
Configuration (rtconfig)
Visualisation Tool (ASExplorer)
– IRRj http://www.merit.net/ipma/javairr/irr.html
• java interface to IRR
– prtraceroute
• Looking glasses
– http://www.ripe.net/cgi-bin/looking-glass
– http://www.traceroute.org/
Local Internet Registries
.
Training Course
.
http://www.ripe.net
159
Special Projects
(Part of RIPE NCC Public Services)
• Routing Information Service
– collect routing information
• between Autonomous Systems (AS)
• development over time
– information available to the RIPE community
– improve network operations
– prototype:
• http://abcoude.ripe.net/ris/risalpha.cgi
• Routing Registry Consistency Project
– improve data quality in the Internet routing registry
– improve data accessibility and processing capabilities
Local Internet Registries
.
Training Course
.
http://www.ripe.net
160
Next Generation - RPSL
• New language (RFC-2622)
Routing Policy Specification Language
– allows for more refined policy details
– will eventually replace ripe-181
– transition to RPSL will be smooth
• RPSL mirror of RIPE DB
– rpsl.ripe.net
• Test re-implementation server
– queries: reimp.ripe.net at port 4343
– updates: <auto-rip@ripe.net>
Local Internet Registries
.
Training Course
.
http://www.ripe.net
161
autnum in RPSL
aut-num:
as-name:
descr:
as-in:
as-out:
interas-in:
interas-out:
as-exclude:
member-of:
import:
export:
default:
remarks:
admin-c:
tech-c:
cross-mnt:
cross-nfy:
notify:
mnt-lower:
mnt-routes:
mnt-by:
changed:
source:
[mandatory]
[mandatory]
[mandatory]
[optional]
[optional]
[optional]
[optional]
[optional]
[optional]
[optional]
[optional]
[optional]
[optional]
[mandatory]
[mandatory]
[optional]
[optional]
[optional]
[optional]
[optional]
[mandatory]
[mandatory]
[mandatory]
[single]
[single]
[multiple]
[multiple]
[multiple]
[multiple]
[multiple]
[multiple]
[multiple]
[multiple]
[multiple]
[multiple]
[multiple]
[multiple]
[multiple]
[multiple]
[multiple]
[multiple]
[multiple]
[multiple]
[multiple]
[multiple]
[single]
[primary/look-up key]
[ ]
[ ]
[ ]
[ ]
[ ]
[inverse key] *** New in RPSL ***
*** as-in in RIPE 181 ***
*** as-out in RIPE 181 ***
[inverse
[inverse
[inverse
[inverse
[inverse
[inverse
[inverse
[inverse
key]
key]
key]
key]
key]
key]
key]
key]
*** RPS auth ***
*** RPS auth ***
automatically translated , new, preserved, deprecated
Local Internet Registries
.
Training Course
.
http://www.ripe.net
162
Questions?
Local Internet Registries
.
Training Course
.
http://www.ripe.net
163
Administrivia
• Audit
• Billing
• Closing
Local Internet Registries
.
Training Course
.
http://www.ripe.net
164
Audit Motivation
• Audit Activity is a service
– requested by the community
– ensure equal treatment
– LIR can ask for an audit
• Help LIRs to
– keep RIPE Database tidy
– keep up-to-date with new policies
Local Internet Registries
.
Training Course
.
http://www.ripe.net
165
Audit Activity
• Described in ripe-170
• Initiated for
–
–
–
–
infrequent contact with the RIPE NCC
random selection
referral by Hostmaster
(anonymous) LIR complaint
• Audit procedure
– LIR answers list of questions
– RIPE NCC check database
Local Internet Registries
.
Training Course
.
http://www.ripe.net
166
Audit Steps
• When LIR responds
– discuss the issue(s) & try to resolve them
– review AW size
• If LIR does not co-operate
– send reminders & phone
– still no reaction
• further actions taken
Local Internet Registries
.
Training Course
.
http://www.ripe.net
167
Billing Procedure
• LIRs pay yearly fee (S, M, L)
– ripe-213
• If payment is late - email reminders
– 1st phase - 4 weeks after the invoice
• no action taken
– 2nd phase - 2 weeks afterwards
• lower AW to 0
• mnt-lower on allocation
– 3rd phase - 2 weeks afterwards
• service level NONE
– if still no payment …
• Discuss payment / invoices
– <billing@ripe.net>
Local Internet Registries
.
Training Course
.
http://www.ripe.net
168
Closing / Takeover
of the LIR
1) LIR closes completely
2) LIR takes over another LIR and one closes
3) LIR takes over another LIR and both remain open
4) Non-registry takes over a LIR
...
• Contact <lir-help@ripe.net> for details
• address space issues
• billing issues
• new service agreement
• No need to change current Reg-ID
• neither after company changes the name
• additional ‘start-up’ fee is being charged
Local Internet Registries
.
Training Course
.
http://www.ripe.net
169
Questions?
Local Internet Registries
.
Training Course
.
http://www.ripe.net
170
Questionnaire
Please complete the questionnaire
• precious feedback
• constant improvement
Thank you
www.ripe.net/ripencc/mem-services/training/lir-questionnaire.html
Local Internet Registries
.
Training Course
.
http://www.ripe.net
171
RIPE NCC
Recycling Procedures
Please return the reusable badges.
Thank you
ncc@ripe.net
Local Internet Registries
.
Training Course
.
http://www.ripe.net
172
