RIPE NCC Services ! Marco Hogewoning External Relations Officer - Technical Advisor
advertisement
RIPE NCC Services Marco Hogewoning External Relations Officer - Technical Advisor ! marcoh@ripe.net Montenegro - October 2014 About the RIPE NCC • Not-for-profit membership association - Based in Amsterdam - Regional offices in Dubai and Moscow • Independent - Membership fees are the source of income • Established in 1992 • Regional Internet Registry (RIR) for Europe, the Middle East and parts of Central Asia - Distributes and register IPv4, IPv6 and AS numbers - “Internet Number Resources” (INR) Marco Hogewoning, October 2014 2 Number Resource Organisation (NRO) • There are five Regional Internet Registries - Each with their own service region - Location of your network determines the RIR • The RIRs cooperate within the NRO on global topics - NRO acts as ICANN’s Address Supporting Organisation Marco Hogewoning, October 2014 3 RIRs and Internet Exchange Points • We are not an IXP but have a lot in common - Most European IXPs are also not-for-profit membership organisations - Open, transparent and bottom up decision making • Both emerged around the same time in response to the growing en evolving Internet ! • Both RIRs and IXPs are a fundamental part of the Internet’s infrastructure Marco Hogewoning, October 2014 4 RIPE NCC Services That Are Important for IXPs 6 Registry Services • Supply number resources • Internet Routing Registry • RPKI certification Marco Hogewoning, October 2014 Research and Measurements • RIPE Atlas • RIPE Stat Community Building • RIPE Meetings • Regional meetings • Mailing lists • Connect WG • Supporting NOGs • RIPE Labs Registry Services RIPE Address Policy • Policies (rules) by which IP addresses and ASN are distributed are made by the RIPE community • Bottom up decision making based on rough consensus • Everybody can participate and suggest changes - Address Policy Working Group mailing list - Face to face at RIPE Meetings • RIPE NCC’s Policy Development Officer (PDO) - Supports the policy development process - Can help you to submit new policy proposals Marco Hogewoning, October 2014 8 IPv4 Address Allocation and Assignments • RIPE NCC has depleted its pool of IPv4 addresses - There is a small number left to support growth and help with IPv6 transition efforts • Each member of the RIPE NCC can request one final allocation of 1024 IPv4 addresses (/22) - Both new and existing members can request one - Until the remaining pool is empty • Limited documentation required - “Promise you will use them” - Maintaining accurate records in the RIPE Database Marco Hogewoning, October 2014 9 IPv4 for Internet Exchange Points • RIPE community recognised the important role of Internet Exchange Points • Created special policy to set aside a dedicated block of 65.000 IPv4 addresses (/16) • IXPs can request between /24 and /22 for use on the shared peering LAN - Other uses explicitly forbidden - Newly established IXPs will get 256 addresses (/24) - If supplies last you are allowed to swap for bigger when needed (old addresses have to be returned to the pool) Marco Hogewoning, October 2014 10 Getting IPv6 Addresses • Two ways to get an IPv6 address block: - As a member you can get /32 - /29 allocation • Straightforward request process • Bigger allocations if you can document the use - As non-member you can obtain a Provider Independent (PI) address block • Need a RIPE NCC member to request them for you, acting as “Sponsoring LIR” • Minimum assignment size is a /48 • Not allowed to assign these addresses to customers! Marco Hogewoning, October 2014 11 IPv6 for Internet Exchange Points • There is a specific policy for IXPs (ripe-451) • IXPs can request /64 or /48 (which is default) • Implementation similar to PI assignments - Need a sponsoring LIR to request it - Or be a member of the RIPE NCC ! • As there is no shortage of IPv6 you can also use the regular policies to get the same result Marco Hogewoning, October 2014 12 Recommended Approach • Become a member of the RIPE NCC • Request final /22 allocation for supporting infrastructure: - Websites, mailserver, etc - Monitoring and reporting systems • Request IXP IPv4 assignment for peering LAN ! • Deploy IPv6 right away - Consider having a separate assignment for peering LAN Marco Hogewoning, October 2014 13 Internet Routing Registry (IRR) • RIPE Database incorporates an Internet Routing Registry, which is publicly available data • IRRs are used to publish routing policies - Publish which prefixes are originated by a network - Document peering relationships - Document which routes are announced/accepted • Can be used to generate BGP filters - Some IXPs use this data to control their route servers • Information can also be used to make peering decisions Marco Hogewoning, October 2014 14 Resource Certification (RPKI) • Relatively new standard developed by the IETF to make Internet routing more reliable and robust • Digital certificates issued by the RIRs can be used to validate the legitimate holder of resources • Route Origination Announcements (ROA) can be generated to indicate which ASN is allowed to announce a route and de-aggregation limits - IXPs can use this on their route servers to validate announcements - IXP customers are encouraged to do the same Marco Hogewoning, October 2014 15 Statistics and Measurements RIPE Atlas: Active Measurement Network • Network of small low power devices that can send and receive IP packets - Close to 7000 active nodes and still growing - Receive instructions from a central point • Can measure delay, traceroute and make connections to specific services or protocols - Is a service reachable? - How long does it take to connect? - How do my packets get there? Marco Hogewoning, October 2014 17 What RIPE Atlas Does Not Do • We can’t measure network throughput - Devices are not powerful enough - We try to limit bandwidth usage • Hosting a probe should not have impact • Hosting a probe should not cost money - Low energy consumption ! • These probes can’t inspect or intercept traffic - Act as standalone devices - Source code is public Marco Hogewoning, October 2014 18 RIPE Atlas Probes in the Area Marco Hogewoning, October 2014 19 User Defined Measurements (UDM) • We build and operate this measurement infrastructure for the community • Hosting a probe is awarded with credits to run your own set of measurements on the system - RIPE NCC members and RIPE Atlas sponsors get additional credits to run experiments • You can limit or select probes on criteria such as which country they are located • Targets for a measurement can be any host connected to the Internet Marco Hogewoning, October 2014 20 Use for Internet Exchange Points • There is a dual use of these statistics - Create a benchmark of the current situation - Monitor the effects of the IXP on the Internet • Additionally you can host a RIPE Atlas Anchor - Provides a fixed point to which people can measure - Can run more measurements Marco Hogewoning, October 2014 21 Example: DNS Root Server RTT Mappings Marco Hogewoning, October 2014 22 Building Communities 24 “Internet Exchange Points are 80% social, 20% technical” Marco Hogewoning, October 2014 Bringing People Together 25 • RIPE started as a gathering of European Internet network operators - In the early days it was mostly academic networks - Commercial operators and incumbent telcos joined quickly • Exchange experience and knowledge • Find areas where cooperation can lead to mutual benefits for involved parties - IXPs are a prime example of such cooperation Marco Hogewoning, October 2014 RIPE Connect Working Group 26 • Created during last RIPE Meeting, evolved from European Internet Exchange (EIX) working group • Chartered to work on all aspects of IP interconnection: - Facilitate discussions about interconnection for Internet purposes, covering Layer 1-8 - Raise awareness in the community about interconnection and the role it plays in the global Internet - Educate policymakers/regulators in how interconnection works - Act as knowledge base for interconnection-related questions • Mailing list and meets physically at RIPE Meetings Marco Hogewoning, October 2014 RIPE Meetings • Bi-annual, week long, open community meetings - Interconnecting and IXPs are an important topic • RIPE 69 will be held in London from 3-7 November - RIPE 67 was in Athens, RIPE 64 took place in Ljubljana - Meetings have remote participation (free of charge) • Connect WG scheduled to meet Wednesday 11 November, 11:00 - 12:30 UK time - Agenda will be published soon ! • See http://ripe69.ripe.net for details Marco Hogewoning, October 2014 27 RIPE NCC Regional Meetings • Staying close to our members and community - Shorter one or two day events - Requiring less travel to attend • RIPE NCC South East Europe (SEE) meetings - Meeting locations based on community input - Dubrovnik (2011), Skopje (2013), Sophia (2014) - Next meeting: SEE-4 in Belgrade on 21-22 April 2015 Marco Hogewoning, October 2014 28 Capacity Building • RIPE NCC provides training courses to members: - IPv6 deployment (basic and advanced courses) - Routing security - DNSSEC • Online webinairs on IPv6, RPKI and RIPE Database • We are happy to discuss tailor made solutions: - Measurements and tools workshop - Training for CERT and law enforcement professionals - IPv6 workshops for government representatives Marco Hogewoning, October 2014 29 Supporting Local Initiatives • RIPE NCC supports local network operator groups (NOGs) and IXP meetings in a variety of ways - Provide speakers and content - Organise training courses in conjunction - RIPE NCC Membership lunches ! • Local groups are the building blocks for a strong, open, bottom up and inclusive Internet governance Marco Hogewoning, October 2014 30 Questions? Marco Hogewoning, October 2014 31
