Database UpdateKaveh RanjbarDatabase Group Manager, RIPE NCC

RIPE NCC Database Group - 27 April 2011

Outline

• Short introduction to the Database Group• Status of APs and outstanding

deliverables• Projects completed between RIPE 61 and

62• RIPE Labs publication highlights• Q & A

2

RIPE NCC Database Group - 27 April 2011

RIPE Database Service

• Public Internet Resource Information for RIPE service region

• Internet Routing Registry• Repository for resource holder

information• Global Resource Information in RIPE RPSL• Tools on http://www.db.ripe.net• Prototypes on

http://labs.ripe.net/ripe-database3

RIPE NCC Database Group - 27 April 2011

The Database Group

4

KavehErik

Agoston

Denis

Benedetto

Bogdan

RIPE NCC Database Group - 27 April 2011

RIPE Database statistics

• Operational stats: http://www.ripe.net/info/stats/db/ripedb.html

5

Action PointsDenis WalkerDatabase Business Analyst, RIPE NCC

RIPE NCC Database Group - 27 April 2011

Action Points & Projects

• AP57.2 Cleanup forward domain data• AP59.1: Reverse Delegation Safeguards• AP61.1: “pingable:” attribute• AP61.2: To investigate the next appropriate

level of password hash • The RIPE community approved RIPE Policy

Proposal 2010-06 • Policy 2007-01• Dash ‘-’ notation in reverse DOMAIN

7

RIPE NCC Database Group - 27 April 2011

AP57.2: Cleanup forward domain data

• Started with DOMAIN objects in the RIPE Database for 43 ccTLDs

• 3 are still actively using the RIPE Database–All 4 working on alternative solutions

• 40 deleted – TLD object with all sub domains

• Users cannot create new TLD objects• Syntax will be changed when last 3

deleted 8

RIPE NCC Database Group - 27 April 2011

AP59.1: Reverse Delegation Safeguards

The week commencing 13 December 2010 the RIPE NCC deployed a version of the RIPE Database that implements these rules and cleaned-up the existing data.

It is no longer possible to create a reverse DNS DOMAIN object in the RIPE Database if either a more or less specific object already exists.

9

RIPE NCC Database Group - 27 April 2011

AP59.1: Reverse Delegation Safeguards (cont’d)

Objects that were cleaned up all had a less specific DOMAIN object in the database; therefore these objects did not have any operational effect on reverse DNS.

10

RIPE NCC Database Group - 27 April 2011

AP61.1: “pingable:” attribute

• On the 21st of February the RIPE NCC implemented the "pingable:" and "ping-hdl:" attributes according to the specification in RFC 5943.

• They can now be used in ROUTE and ROUTE6 objects in the RIPE Database.

• RFC 5943 describes the syntax and explains how to use them: http://tools.ietf.org/html/rfc5943

11

RIPE NCC Database Group - 27 April 2011

AP61.1: “pingable:” attribute (cont’d)

• The "pingable:" addresses are already active for beacons, anchors and debogon routes announced by the RIPE NCC Routing Information Service (RIS).

• For an example of how these are announced, see the ROUTE object for 84.205.81.0/24.

• For more information about RIS beacons and anchors, please see: http://www.ripe.net/data-tools/stats/ris/ris-routing-beacons

12

RIPE NCC Database Group - 27 April 2011

AP61.2: Appropriate level of password hash

• This action point was for the RIPE NCC to investigate using SHA2 for passwords.

• Proposal sent to mailing list• Discussion can follow this update.

13

RIPE NCC Database Group - 27 April 2011

Policy 2010-06

• The RIPE community approved RIPE Policy Proposal 2010-06, "Registration Requirements for IPv6 End User Assignments".

• The proposal is available at:

http://www.ripe.net/ripe/policies/proposals/2010-

06

14

RIPE NCC Database Group - 27 April 2011

Policy 2010-06 (cont’d)

• On the 15th of February the RIPE NCC deployed a version of the RIPE Database that implements the policy in the RIPE Database and other RIPE NCC processes, where necessary.

• Details of how to use the new aggregation feature of the RIPE Database can be found at: http://www.ripe.net/data-tools/support/documentation/

documenting-ipv6-assignments-in-the-ripe-database

• Currently 53340 INET6NUM objects in RIPE Database

• 75 have status AGGREGATED-BY-LIR

15

RIPE NCC Database Group - 27 April 2011

Policy 2007-01

• 2007-01 is Contractual Requirements for Provider Independent Resource Holders in the RIPE NCC Service Region

• As part of the 2007-01 policy implementation the RIPE NCC has to:– Add RIPE-NCC-END-MNT to all AUT-NUM objects

– Change RIPE-NCC-HM-PI-MNT to RIPE-NCC-END-MNT on PI assignment objects or add where necessary

16

RIPE NCC Database Group - 27 April 2011

Dash notation in reverse DOMAIN

• Proposal sent to mailing list• Drop current dash ‘-’ syntax and

expansion from third octet (1-100.2.10.in-addr.arpa)

• Causes problems with DNSSEC• Allow dash in fourth octet for classless

delegations (6-25.1.2.10.in-addr.arpa)• Stored in RIPE Database with dash• Expansion done by DNS provisioning

17

GeolocatingKaveh RanjbarDatabase Group Manager, RIPE NCC

RIPE NCC Database Group - 27 April 2011

The Problem

• No mechanism to link IP addresses to a location

• No internationalisation information

• Establishing this is difficult and error prone:– Finding out a postal address is hard

– Translating the address to a geolocation is hard

– Knowing the language at that location is not always clear

• User services based on location and internationalisation may be mismatched

– Access to certain services could be blocked

– Content could be delivered in the wrong language19

RIPE NCC Database Group - 27 April 2011

The Solution

• Location and internationalisation details can be optionally linked to IP addresses– Resolution determined by LIR

• The holder of an IP address block is:– The authority on where the block is used

– Knows the preferred language

– Maintainer of the IP address data

• The RIPE NCC can provide the mechanism through the RIPE Database

to establish this link20

RIPE NCC Database Group - 27 April 2011

Everybody Benefits

• End Users– Providers can serve content in the desired language

– and related to the user’s location

• LIRs– More control over location based services supplied

– Less End User complaints

• Content Providers– Easier to address their target audience

• RIPE Database– Holds more accurate location data

21

RIPE NCC Database Group - 27 April 2011

The Way Forward

• Interest expressed from Google, MaxMind, IP2Location– If location data is added to your RIPE Database objects, it can be automatically included in their data sets

– higher priority input, authoritative source

• RIPE NCC will develop simple prototype on RIPE Labs

22

Development & Innovation highlightsBogdan DumitrescuSoftware Engineer

RIPE NCC Database Group - 27 April 2011

Prototypes and new services on RIPE Labs

• GRS Sources and the RIPE Database API- RIPE-GRS, APNIC-GRS, ARIN-GRS, LACNIC-GRS, RADB-GRS

- No personal data, no query limits, data may include non RPSL attributes

• RIPE Database REST API: Query + CRUD- New interfaces to the RIPE Database (HTTPS, XML, JSON, XLink, XPath,

etc.)

- Reusable building blocks for other services and tools

- http://labs.ripe.net/Members/bfiorell/api-documentation

• Search forms and tools – ready for production- Search, Lookup, Free-text Search, Abuse Finder

• Work in progress- Update Forms, Crypt Utils, Change Maintainer Authorisation

- REST CRUD API, new services for power users 24

DemoBogdan DumitrescuSoftware Engineer

Questions?