Welcome! APNIC Members Training Course Internet Resource Management I 27 April 2004, Melbourne

Welcome!APNIC Members Training Course

Internet Resource Management I

27 April 2004, Melbourne

Introduction

• Presenters

– Champika Wijayatunga• Senior Training Specialist

– Nurani Nimpuno• Training Development Officer

– Tim Jones• Internet Resource Analyst

<[email protected]>

Assumptions & Objectives

Assumptions– Are current or

prospective APNIC member

– Have not submitted many requests

– Are not familiar / up-to-date with policies

– Are not familiar with procedures

Objectives– Teach members

how to request resources from APNIC

– Keep membership up-to-date with latest policies

– Liaise with members Faces behind the

e-mails

Schedule

Intro to APNIC Policy development Policies Whois DB intro

TEA BREAK (10:30 – 11:00)

Addressing plan ISP request

LUNCH (12:30 – 13:30)

ISP request evaluation IP management 2nd opinion process DB protection & updates MyAPNIC

TEA BREAK (15:30 – 16:00)

ASN Reverse DNS Summary

Introduction to APNIC

Asia Pacific Network Information Centre

Overview

• What is APNIC?• Regional Internet Registry• APNIC structure

• What Does APNIC do ?• APNIC Membership services

• Why APNIC ?• APNIC resources• APNIC environment • APNIC responsibilities

Intro

What is APNIC?

• RIR for the Asia Pacific• Regional Internet Registry

– Regional authority for Internet Resource distribution

– IPv4 & IPv6 addresses, ASNs, reverse dns delegation

• Industry self-regulatory body– Non-profit, neutral and independent

• Open membership-based structure

Intro

APNIC membershipIntro

Last Update Mar 2004

AU24%

HK13%

IN11%

PH5%

SG5% BD

3%AP3%

Other33% Other

9%

NZ4%

PK4%

TH4%

TW3%

MY4%

CN3%

JP5%

APNIC is not…

• Not a network operator– Does not provide networking services

• Works closely with APRICOT forum

• Not a standards body– Does not develop technical standards

• Works within IETF in relevant areas (IPv6 etc)

• Not a domain name registry or registrar• Will refer queries to relevant parties

Intro

APNIC structure

• Industry self-regulatory structure– Participation by those who use Internet

resources– Consensus-based decision making

• Eg. Policy changes, db requirements etc

– Open and transparent

• Meetings and mailing lists– Open to anyone

Intro

APNIC regionIntro

APNIC services & activities

Resources Services• IPv4, IPv6, ASN,

reverse DNS• Policy development

– Approved and implemented by membership

• APNIC whois db– whois.apnic.net

– Registration of resources

– Routing Registry: irr.apnic.net

Information dissemination• APNIC meetings• Publications

– Web and ftp site– Newsletters, global resource

reports– Mailing lists

• Open for anyone!

• Training Courses– Subsidised for members

• Co-ordination & liaison– With membership, other RIRs &

other Internet Orgs.

Questions ?

Material available at: www.apnic.net/training/recent/

Checkpoint question

• What is APNIC’s primary role?

To distribute and manage Internet resources (IP addresses & AS

numbers) in a fair and responsible manner

Policy Development in the Asia Pacific

The APNIC Community

&

the Policy Development Process

What is the APNIC community?

• Open forum in the Asia Pacific– Open to any interested parties

• Voluntary participation• Decisions made by consensus• Public meetings• Mailing lists

– web archived

• A voice in regional Internet operations through participation in APNIC activities

Policy Development

• Industry self-regulatory processes– Open to all interested parties– Facilitated by RIR staff

• Policy implementation– RIR processes– ISPs and other affected parties

Participation in policy development

• Why should I bother?– Responsibility as an APNIC member

• To be aware of the current policies for managing address space allocated to you

– Business reasons• Policies affect your business operating

environment and are constantly changing• Ensure your ‘needs’ are met

– Educational• Learn and share experiences• Stay abreast with ‘best practices’ in the

Internet

Policy development cycle

OPEN

TRANSPARENT‘BOTTOM UP’

Anyone can participate

All decisions & policies documented & freely available to anyone

Internet community proposes and approves policy

Need

DiscussEvaluate

Implement Consensus

How to make your voice heard

• Contribute on the public mailing lists• http://www.apnic.net/community/lists/index.html

• Attend meetings– Or send a representative– Gather input at forums

• Give feedback– Training or seminar events

Come to the APNIC meeting!

APNIC 18Nadi, Fiji, 31 Aug- 3 Sep 2004

• Participate in policy development• Attend workshops, tutorials & presentations• Exchange knowledge and information with peers• Stay abreast with developments in the Internet• View multicast online • Provide your input in matters important to you

http://www.apnic.net/meetings/

• Policy making process description– http://www.apnic.net/docs/policy/dev/index.html

Questions ?


http://www.apnic.net/docs/policy/dev/index.html

http://www.apnic.net/docs/policy/dev/index.html

Checkpoint question

• Who can propose Internet resource policy?

Anyone can propose policy change! APNIC members, members of the community, APNIC staff or anyone

interested in Internet policy!

Internet Registry Allocation and Assignment

Policies

Overview of APNIC policies

– Definitions– Background– Objectives– Environment – Allocation & Assignment Policies– Summary

Policies

Allocation and Assignment

Allocation“A block of address space held by an IR (or

downstream ISP) for subsequent allocation or assignment”

• Not yet used to address any networks

Assignment“A block of address space used to address an

operational network”• May be provided to LIR customers, or used for

an LIR’s infrastructure (‘self-assignment’)

Policies

Sub-Allocation

/22

/8

APNIC Allocation

Allocation and Assignment

/24

/20

Member Allocation

Customer Assignments/25

Policies

/26/27 /26

APNICAllocates

to APNIC Member

APNIC Member

Customer / End User

Assignsto end-user

Allocatesto downstream

Downstream Assigns

to end-user

Portable & non-portable

Portable Assignments– Customer addresses independent from ISP

• Keeps addresses when changing ISP

– Bad for size of routing tables– Bad for QoS: routes may be filtered, flap-

dampened

Non-portable Assignments– Customer uses ISP’s address space

• Must renumber if changing ISP

– Only way to effectively scale the Internet

Policies

Aggregation and “portability”

Aggregation

(Non-portable Assignments) (Portable Assignments)

No Aggregation

BGP Announcement (1) BGP Announcements (4)

ISP Allocation

Customer Assignments Customer Assignments

ISP

Policies

Aggregation and “portability”

ISP D ISP C

ISP A ISP B

Internet

ISP D ISP C

ISP A ISP B

Internet

Aggregation

(Non-portable Assignments) (Portable Assignments)

No Aggregation

(4 routes) (21 routes)

Policies

Address management objectives

Conservation• Efficient use of resources

• Based on demonstrated need

Aggregation• Limit routing table growth

• Support provider-based routing

Registration• Ensure uniqueness

• Facilitate trouble shooting

Why do we need policies ?- Global IPv4 Delegations

Central registry37%

IANA Reserve36%

RIPE NCC 4%APNIC 4%

LACNIC 1%

ARIN 6%

Experimental6%

Multicast6% (Pre-RIR)

Policies

Growth of global routing table

last updated 09 Mar 2004

http://bgp.potaroo.net/as1221/bgp-active.html

DeploymentPeriod of CIDR

CIDR made it work for a while

But they cannot berelied on forever

Projected routing table growth without CIDR

ISPs tend tofilterlonger prefixes

Policies

Routing table prefix distribution

Last updated Feb 2004

Policies

0 20000 40000 60000 80000 100000 120000 140000

Nov-01

J an-02

Mar-02

May-02

J ul-02

Sep-02

Nov-02

J an-03

Mar-03

May-03

J ul-03

Sep-03

Nov-03

J an-04

/<16

/16

/17

/18

/19

/20

/21

/22

/23

/24

>/24

APNIC policy environment

“IP addresses not freehold property”– Assignments & allocations on license basis

• Addresses cannot be bought or sold• Internet resources are public resources• ‘Ownership’ is contrary to management goals

“Confidentiality & security”– APNIC to observe and protect trust relationship

• Non-disclosure agreement signed by staff

Policies

APNIC allocation policies

• Aggregation of allocation– Provider responsible for aggregation– Customer assignments /sub-allocations must be

non-portable

• Allocations based on demonstrated need– Detailed documentation required

• All address space held to be declared

– Address space to be obtained from one source• routing considerations may apply

– Stockpiling not permitted

Policies

Initial IPv4 allocation

• Initial (portable) allocation: /20 (4096 addresses). – The allocation can be used for further assignments to

customers or your own infrastructure.

Criteria

1a. Have used a /22 from upstream provider – Demonstrated efficient address usage

OR

1b. Show immediate need for /22• Can include customer projections &

infrastructure equipment

2. Detailed plan for use of /21 within 1 year3. Renumber to new space within 1 year

/20

/8APNIC

Non-portable assignment

Portable assignment

Member allocation

Policies

Policy will change Based on the APNIC 17

consensus

Initial IPv4 allocation criteria

1. LIR have used a /23 from their upstream provider or demonstrate an immediate need for a

/23; and

2. Detailed plan for use of a /22 within a year

3. Renumber to new space within 1 year

– Meet all policy requirements• Applicants may be required to show purchase receipts

IPReq

APNIC 17 Consensus

• Min allocation size may be lowered from /20 to /21

APNIC allocation policies

• Transfer of address space– Not automatically recognised

• Return unused address space to appropriate IR

• Effects of mergers, acquisitions & take-overs– Will require contact with IR (APNIC)

• contact details may change• new agreement may be required

– May require re-examination of allocations• requirement depends on new network structure

Policies

Address assignment policies

• Assignments based on requirements • Demonstrated through detailed documentation• Assignment should maximise utilisation

– minimise wastage

• Classless assignments• showing use of VLSM

• Size of allocation– Sufficient for up to 12 months requirement

Policies

Portable assignments

• Small multihoming assignment policy– For (small) organisations who require a portable

assignment for multi-homing purposes

Criteria

1a. Applicants currently multihomed OR

1b. Demonstrate a plan to multihome within 1 month

2. Agree to renumber out of previously assigned space

– Demonstrate need to use 25% of requested space immediately and 50% within 1 year

Portable assignment

/8APNIC

/20Member allocation

Non-portable assignment

Policies

Portable assignments for IXPs

Criteria– 3 or more peers– Demonstrate “open peering policy”

• APNIC has a reserved block of space from which to make IXP assignments

Supporting historical resource transfer

• Allow transfers of historical resources to APNIC members – no technical review or approval – historical resource holder must be verified – the recipient of the transfer must be an APNIC

member– resources will then be considered "current"

• Existing historical resource holders will still be able to update their information as previously

Questions ?


Checkpoint question

• Why are portable assignments discouraged?

Portable assignments cannot be aggregated and need therefore to be announced separately, adding to the growing size of the Global

Routing Table

The APNIC Database

Introduction and Usage

Overview

• What is the APNIC database?

• Why use it?

• Database query

• Database updating process

DB Intro

What is the APNIC database?

• Public network management database• Operated by IRs

• Tracks network resources• IP addresses, ASNs, Reverse Domains,

Routing policies

• Records administrative information• Contact information (persons/roles)• Authorisation

DB Intro

Object types

OBJECT PURPOSE

person contact persons

role contact groups/roles

inetnum IPv4 addresses

inet6num IPv6 addresses

aut-num Autonomous System number

domain reverse domains

route prefixes being announced

mntner (maintainer) data protection

DB Intro

http://www.apnic.net/db/

Attributes & Values

• An object is a set of attributes and values• Each attribute of an object...

• Has a value• Has a specific syntax• Is mandatory or optional• Is single- or multi-valued

• Some attributes ...• Are primary (unique) keys• Are lookup keys for queries• Are inverse keys for queries

– Object “templates” illustrate this structure

DB Intro

Object templates

whois -t <object type>

person: [mandatory] [single] [primary/look-up key]address: [mandatory] [multiple] [ ]country: [optional] [single] [ ]phone: [mandatory] [multiple] [ ]fax-no: [optional] [multiple] [ ]e-mail: [mandatory] [multiple] [look-up key]nic-hdl: [mandatory] [single] [primary/look-up key]remarks: [optional] [multiple] [ ]notify: [optional] [multiple] [inverse key]mnt-by: [mandatory] [multiple] [inverse key]changed: [mandatory] [multiple] [ ]source: [mandatory] [single] [ ]

% whois -h whois.apnic.net -t person

To obtain template structure*, use :

DB Intro

*Recognised by the RIPE whois client/server

Person object example

– Person objects contain contact information

person:

address:

address:address:

country:phone:

fax-no:

e-mail:

nic-hdl:mnt-by:

changed:source:

Attributes Values

Ky XanderExampleNet Service Provider2 Pandora St BoxvilleWallis and Futuna IslandsWF+680-368-0844+680-367-1797kxander@[email protected] 20020731APNIC

DB Intro

What is a nic-hdl?

• Unique identifier for a person

• Represents a person object– Referenced in objects for contact details

• (inetnum, aut-num, domain…)

– format: <XXXX-AP> • Eg: KX17-AP

DB Intro

person: Ky Xanderaddress: ExampleNet Service Provideraddress: 2 Pandora St Boxvilleaddress: Wallis and Futuna Islandscountry: WFphone: +680-368-0844fax-no: +680-367-1797e-mail: [email protected]

nic-hdl: KX17-APmnt-by: MAINT-WF-EXchanged: [email protected] 20020731source: APNIC

Inetnum object example– Contain IP address allocations / assignments

inetnum:netname:descr:descr:country:admin-c:tech-c:mnt-by:mnt-lower:remarks:remarks:remarks:remarks:remarks:remarks:

changed:status: source:

202.51.64.0 - 202.51.95.255 CCNEP-NP-APCommunication & Communicate Nepal Ltd

VSAT Service Provider, Kathmandu NPAS75-APAS75-APAPNIC-HMMAINT-NP-ARUN

-+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-This object can only be updated by APNIC hostmasters.To update this object, please contact APNIC hostmasters and include your organisation's account name in the subject line.

[email protected] 20010205ALLOCATED PORTABLEAPNIC

DB Intro

Inter-related objects

inetnum:202.64.10.0 – 202.64.10.255

…admin-c: KX17-APtech-c: ZU3-AP…mnt-by: MAINT-WF-EX

…

IPv4 addresses

person:…

nic-hdl: ZU3-AP

…

Contact info

person:…

nic-hdl: KX17-AP

…

Contact info

mntner:MAINT-WF-EX

……

Data protection

DB Intro

Admin-c and tech-c

• Responsibility – ‘admin’ contacts• Legal authority • Technical management• Network planning, backbone design• Deployment, capacity, and upgrade planning

• Expertise - ‘tech’ contacts• Routing, aggregation, BGP, etc• Addressing, subnetting, CIDR, etc

DB Intro

whois.apnic.net whois.ripe.net whois.arin.net

ServerServer

Unix ClientUnix Client ‘‘X’ ClientX’ Client

Command Prompt / Web InterfaceCommand Prompt / Web Interface

Windows ClientWindows Client

HTTP/CGI

ClientClient

WHOIS Queries & responses

DB Intro

Database query - architecture

Database query - clients

• Standard whois client• Included with many Unix distributions

– RIPE extended whois client• http://ftp.apnic.net/apnic/dbase/tools/ripe-dbase-

client.tar.gz

• Query via the APNIC website• http://www.apnic.net/apnic-bin/whois2.pl

• Query clients - MS-Windows etc– Many available

DB Intro

Why use the database?

• Register use of Internet Resources• IP assignments, reverse DNS, etc

– Ascertain custodianship of a resource– Fulfill responsibilities as resource holder

• Obtain details of technical contacts for a network

• Investigate security incidents• Track source of network abuse or “spam”

email

DB Intro

Basic database queries

• Unix – whois –h whois.apnic.net <lookup key>

• Web interface– http://www.apnic.net/apnic-bin/whois2.pl

• Look-up keys – usually the object name– Check template for look-up keys

DB Intro

http://www.apnic.net/apnic-bin/whois2.pl

Database query – look-up keys

OBJECT TYPE ATTRIBUTES – LOOK-UP KEYS

** whois supports queries on any of these objects/keys

name, nic-hdl, e-mailname, nic-hdl, e-mailmaintainer namenetwork number, namedomain nameas numberroute valuenetwork number, name

personrolemntnerinetnumdomainaut-numrouteinet6num

DB Intro

% whois [email protected]

% whois zu3-ap% whois “zane ulrich”

DB Intro

person: Zane Ulrichaddress: ExampleNet Service Provideraddress: 2 Pandora St Boxvilleaddress: Wallis and Futuna Islandscountry: WFphone: +680-368-0844fax-no: +680-367-1797e-mail: [email protected]: ZU3-APmnt-by: MAINT-WF-EXchanged: [email protected] 20020731source: APNIC

Database query - UNIX

Database query - web

Query the APNIC Whois Database

http://www.apnic.net/apnic-bin/whois2.pl

2.Search options(flags)

1.Type in search key

3. ‘Search Whois’

DB Intro

Database query - web

DB Intro

Need help?

General search help Help tracking spam and hacking

% [whois.apnic.net node-1]% How to use this server http://www.apnic.net/db/% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html

role: OPTUS IP ADMINISTRATORS address: Optus Communications address: 101 Miller Street address: North Sydney NSW 2060 country: AU phone: +61-2-93427681 phone: +61-2-93420848 phone: +61-2-93420983 phone: +61-2-93420813 phone: +61-2-93420717 fax-no: +61-2-9342-0998 fax-no: +61-2-9342-6122 e-mail: [email protected] trouble: send spam/abuse reports to [email protected] trouble: please use http://www.apnic.net/db/spam.html trouble: to identify networks before sending reports and trouble: always include full headers/logs. admin-c: NC8-AP tech-c: NC8-APtech-c: CN39-APtech-c: GE7-APtech-c: PS176-APnic-hdl: OA3-AP notify: [email protected] mnt-by: MAINT-OPTUSCOM-APchanged: [email protected] 20021120 source: APNIC

Query the APNIC Whois Database

Result of search on nic-hdl “OA3-AP”

(‘Optus IP administrators’role object)

Database query - inetnum

• Note• Incomplete addresses padded with “.0”• Address without prefix interpreted as “/32”

% whois 203.127.128.0 - 203.127.159.255

% whois SINGNET-SG% whois 203.127.128.0/19

inetnum: 203.127.128.0 - 203.127.159.255netname: SINGNET-SG descr: Singapore Telecommunications Ltd descr: 31, Exeter Road, #02-00, Podium Blockdescr: Comcentre, 0923 country: SGadmin-c: CWL3-APtech-c: CWL3-APmnt-by: APNIC-HM status: ALLOCATED PORTABLEchanged: [email protected] 19990803 source: APNIC

DB Intro

Creating a person object

Whois Database Guide:http://www.apnic.net/services/whois_guide.html

1. Fill out person object form on web• Name, e-mail, phone, address etc• Tick ‘MNT-NEW’ for temporary protection

2. Completed template is sent to you

3. Forward template to

4. Person object created and nic-hdl is generated

DB Intro

<[email protected]>

LIR registration responsibilities

1. Create person objects for contacts• To provide contact info in other objects

2. Create mntner object• To provide protection of objects

– (To be discussed later)

3. Create inetnum objects for all customer address assignments

• (Allocation object created by APNIC)

DB Intro

The ‘public’ attribute

• To protect privacy if customer records– New attribute – “public” be added to:

• inetnum and inet6num objects• “public”: YES = public data• “public”: No = private data

– (not to be revealed by whois queries)

• Default (missing attribute) = private data

– Customer assignments registration is still mandatory

To be implemented

Sept 2004

inetnum:

Allocation (Created by APNIC)

3

Using the db – step by step

Customer Assignments(Created by LIR)

person:nic-hdl:

KX17-AP

Contact info

1

Data Protection

mntner:2

inetnum:...KX17-AP

...mnt-by:...

4inetnum:...KX17-AP

...mnt-by:...

5inetnum:...KX17-AP

...mnt-by:...

6

DB Intro

Database auto-responses

• Successful update SUCCEEDED• Objects accepted

• Warnings• Objects accepted but ambiguous• Objects corrected and accepted

• Errors FAILED• Objects NOT accepted

Don’t understand the error message?1. Help documentation

• http://www.apnic.net/docs/database-update-info.html

2. Contact • Include the error message

?

<[email protected]>

http://www.apnic.net/docs/database-update-info.html

Parse

Database mailboxes

• Automatic request processing

– Automatic “robot” for all db updates

– Email template for create/update/delete

• Database service support

– E-mails answered by APNIC staff

– 1 day response time

DB 2

Helpdesk

<[email protected]> <[email protected]>

Summary

• Use the APNIC whois database• To register information• To search information

– troubleshooting, tracking of spamming/hacking etc

• Create a person object

• Register all your assignments!• Fulfill your responsibility as a resource holder

DB Intro

<[email protected]>

- for all updates!

Questions ?


Checkpoint question

• How can I query the APNIC whois Database?

By using the web interface: http://www.apnic.net/apnic-bin/whois.pl

or Unix command line: whois –h whois.apnic.net

<lookup>

Internet Registry Procedures

Addressing Plan

Addressing plan

• To complete documentation– First need a technical PLAN

• Documenting the architecture of the present and eventual goal

– IP addressing is fundamental part of network design

– IP addressing ‘planning’ example to follow..

AddressingPlan

Some icons

Router (layer 3, IP datagram forwarding)

Network Access Server(layer 3, IP datagram forwarding )

Ethernet switch (layer 2, packet forwarding)

AddressingPlan

Addressing plan

• Identify components of network– Customer services– ISP internal infrastructure

• Identify phases of deployment– Starting off, 6 months, 12 months

• Identify equipment and topology changes– Need for redundancy– Need for increased scale

AddressingPlan

Network plan

• Starting off’

Leased line services 5-8 customers

Dialup services 16 modems

Interconnected resilience

UpstreamISP

15 hosts NOC

operations

10 hosts Internal DNS,Web

Mail servers

ISP Infrastructure

Customer services5 hostsVirtual web

(name based)

AddressingPlan

Network plan

WAN point to point /30

5 hosts

15 hosts

10 hosts

UpstreamISP

16 dialup modems

5-8 leased line customers

‘ip unnumbered’to customers

one loopback interface per assigned router /32

‘ip unnumbered’to upstream ISP

AddressingPlan

Addressing plan

•

network-plan: network-plan:network-plan:

analogue dialup modems, vendor ‘x’LAN -web hosting (Name-based hosting)5-8 leased line customers (/28)

network-plan:network-plan: network-plan: network-plan:

LAN -NOC and Ops managementLAN -mail,DNS, web servers internalloopback router interfacesrouter WAN ports (x 5 lines)

Initial addressing plan

16 51281510 4 2

- numbers of host addresses (interfaces)

AddressingPlan

Network plan

16 → 60

dialupmodems (2PRI)

5-8 → 30 leased

linecustomers

5 →11 hosts name-based

8 hosts- 2ndary Servers

15 → 25 hosts-

NOC

10 → 16

hosts- Servers

60 dialupmodems (2PRI)

UpstreamISP

added new router and LAN for redundancy

added new dial up equipment

replaced originalmodem

increased number of leased line customers

increased number of hosts on all LANs

• 6 months later– scale increased– redundancy

AddressingPlan

Addressing plan

• Network plan at 6 months

6011512251662

- increases in hosts (interfaces)

New hardware

2 PRI dialup modems LAN-secondary servers

network-plan:network-plan:

0/0/

608

network-plan: network-plan:network-plan:

2 PRI dialup modems, vendor ‘y’LAN -web hosting (Name-based hosting)30 leased line customers (pool)

16/5/128/15/10/4/2/

network-plan:network-plan:network-plan: network-plan:

LAN -NOC and Ops managementLAN -mail,DNS, web servers internalloopback router interfacesrouter WAN ports (x 8 lines)

Changed description

AddressingPlan

Network plan

• 12 months total– site redundancy– greater complexity– efficiency 30 → 60 leased

linecustomers

ip unnumbered

11 hosts

8 hosts

16 → 35 host

60 → 240

dialupmodems (8PRI)

UpstreamISP A

60 → 240

dialupmodems (8PRI)

40 hosts

UpstreamISP B

added new customer router

redundancy of WAN connections

now numbered links for BGP4

two pieces of essential equipment

AddressingPlan

Addressing plan

•

network-plan: network-plan:network-plan:network-plan:

8 PRI dialup modems, vendor x8 PRI dialup modems, vendor y LAN -web hosting (Name-based hosting) 60 leased line customers (pool)

16/60/0/60/5/11/128/512/15/25/10/16/0/8/2/2/4/6

network-plan:network-plan: network-plan: network-plan:network-plan:

LAN -NOC and Ops managementLAN -mail,DNS, web servers internalLAN-secondary serversrouter WAN ports (x 8 lines)loopback router interfaces

Network plan at 12 months

24024011102040358212

-increases in hosts (interfaces)-one year total

AddressingPlan

Addressing plan

•

network-plan: network-plan:network-plan:network-plan:

8 PRI dialup modems, vendor x8 PRI dialup modems, vendor yLAN -web hosting (Name-based hosting)60 leased line customers (pool)

16/60/2400/60/2405/11/11128/512/102015/25/4010/16/35 0/8/8 2/2/2 4/6/12

network-plan:network-plan: network-plan: network-plan:network-plan:

LAN -NOC and Ops managementLAN -mail,DNS, web servers internalLAN-secondary serversrouter WAN ports (x 8 lines)loopback router interfaces

256256161024646481616

Can now determine subnet sizes

AddressingPlan

Addressing plan

– Addressing plan for network-plan– re-ordered large to small according to relative subnet size– determination of relative subnet addresses

network-plan: 0.0.0.0 1024 128/512/1020 60 leased line customers (pool)network-plan: 0.0.4.0 256 16/60/240 8 PRI dial up modems, vendor xnetwork-plan: 0.0.5.0 256 0/60/240 8 PRI dial up modems, vendor ynetwork-plan: 0.0.6.0 64 10/16/35 LAN -mail,DNS, web internalnetwork-plan: 0.0.6.64 64 15/25/40 LAN -NOC and Ops managementnetwork-plan: 0.0.6.128 16 5/11/11 LAN -web hosting (Name-based

hosting)

network-plan: 0.0.6.144 16 0/8/8 LAN -secondary serversnetwork-plan: 0.0.6.160 16 4/6/12 loopback router interfacesnetwork-plan: 0.0.6.176 16 2/2/2 router WAN ports (x8)

– cumulative total 0.0.6.208

AddressingPlan

Addressing plan

– Addressing plan for network-plan– connect to the Internet (full-time, part-time)?

network-plan: 0.0.0.0 255.255.252.0 YES 1024 128/512/1020 60 leased customers

network-plan: 0.0.4.0 255.255.255.0 PART 256 16/60/240 8 PRI dial up modems..

network-plan: 0.0.5.0 255.255.255.0 PART 256 0/60/240 8 PRI dial up modems..

network-plan: 0.0.6.0 255.255.255.192 YES 64 10/16/35 LAN -mail,DNS, web internal

network-plan: 0.0.6.64 255.255.255.192 YES 64 15/25/40 LAN -NOC & Ops mgmt

network-plan: 0.0.6.128 255.255.255.240 YES 16 5/11/11 LAN -web hosting (Name-based)

network-plan: 0.0.6.144 255.255.255.240 YES 16 0/8/8 LAN -secondary servers

network-plan: 0.0.6.160 255.255.255.240 YES 16 4/6/12 loopback router interfaces

network-plan: 0.0.6.176 255.255.255.252 YES 16 2/2/2 router WAN ports (x 8 )

AddressingPlan

– Addressing plan complete– total planned for customer assignments /22– total planned for ISP infrastructure /24 + /23

network-plan: 0.0.0.0 255.255.252.0 YES 1024 128/512/1020 60 leased line customersnetwork-plan: 0.0.4.0 255.255.255.0 PART 256 16/60/240 8 PRI dial up modems..network-plan: 0.0.5.0 255.255.255.0 PART 256 0/60/240 8 PRI dial up modems..network-plan: 0.0.6.0 255.255.255.192 YES 64 10/16/35 LAN -mail,DNS, web

internal network-plan: 0.0.6.64 255.255.255.192 YES 64 15/25/40 LAN -NOC & Ops mgmntnetwork-plan: 0.0.6.128 255.255.255.240 YES 16 5/11/11 LAN -web hosting (Name-based)

network-plan: 0.0.6.144 255.255.255.240 YES 16 0/8/8 LAN -secondary serversnetwork-plan: 0.0.6.160 255.255.255.240 YES 16 4/6/12 loopback router interfacesnetwork-plan: 0.0.6.176 255.255.255.252 YES 16 2/2/2 router WAN ports (x 8 lines )

– detailed, efficient and accurate

Addressing plan

AddressingPlan

Questions ?


Checkpoint question

• What factors are important to consider when putting together an

addressing plan?

1. Components of network(Customer services/ISP internal infrastructure)

2.Phases of deployment(Starting off, 6 months, 12 months)

3. Equipment and topology changes

Need for redundancy, Need for increased scale


ISP Request

IP Growth in Asia Pacific

Last Update Jan 2004

0

16

32

48

64

80

96

112

128

144

160

176

Jan-96 Jan-97 Jan-98 Jan-99 Jan-00 Jan-01 Jan-02 Jan-03 Oct-03

Mil

lio

ns

OtherTWTHSGPKPHNZMYKRJPINIDHKCNAUAP

IPReq

ISP address request

• Hostmaster Administrivia– <[email protected]> mailbox filtered

• Requires member account name– Subject: IP Address Request [CONNECT-AU]

• Ticketing system– Every request is assigned a ticket

• Please keep # in subject line of email eg.– [APNIC #14122] [CHINANET-CN]

• New staff at ISP– Require an ‘introduction’ to APNIC

• To ensure confidentiality

membersonly

ISPReq

ISP address request

More documentationand clarification by Member

no Member has

completed documentation?

Step 1

yes

Evaluation ofrequest by

APNIC - OK?

Step 2

yes

update localrecords

update APNICdatabase

NotifyMember

Step 3

Allocation by APNIC

no

Life Cycle

ISPReq

ISP address request - Overview

• Contact Details• Network Information• Existing Customer Network Information• Existing Infrastructure Network Information• Future Network Plan• Additional Information

ISPReq

ISP address request

ISPReq

http://www.apnic.net/services/ipv4/

APNIC – ISP Address Request

[Help] [Error messages] [Text only version]

Jeff BrightYour name: You must be registered with APNIC as a

contact person for this organisation.

Your email address:

APNIC account name:Example: SPARKYNET-ID

Create a password for this request:(8 characters)

Confirm password:

[email protected]

WEBNET-AU

APNIC will use these contact details for all correspondence relating to this request. Please enter the APNIC account name of the organisation that requires the address space.

*********

*********

2. contact 3. network 4. connect 5. config 6. customer 7. infra 8. plan 9. comments 10 confirm1. applicant

Applicant information

Cancel Next

Must be current

member to receive service






Your email address:



Confirm password:

[email protected]

WEBNET-AU


*********

*********



Cancel Next





Your email address:



Confirm password:

[email protected]

WEBNET-AU


*********

*********



Cancel Next

Must be current

member to receive service

ISP address request instructions

• Complete the documentation– ISP Address Request Form

• Web Form: – http://www.apnic.net/services/ipv4/

• Plain text– http://ftp.apnic.net/apnic/docs/isp-address-request

• The more detailed and precise– Fewer iterations with APNIC

• Quicker resolution time

• Read the quick tips!http://www.apnic.net/faq/isp-request-tips.html

ISPReq

APNIC-084

Contact details

ISPReq

Administrative & Technical contacts, Maintainer


The details you enter here will be used as the network contact and security information for the address allocation.


Contact details

JB46-AP

Save Cancel Previous Next

Administrative contacts(NIC handles): Example: KX9-AP

Technical contacts(NIC handles):Example: XA7-AP

Maintainer object:Example: MAINTAIN-AP-SPARK

JB46-AP

MAINT-AU-JEFFBRIGHT

1.1. Initial criteria 2. contact 3. network 4. connect 5. config 6. customer 7. infra 8. plan 9. comments 10 confirm1. applicant


The details you enter here will be used as the network contact and security information for the address allocation.


Contact details

JB46-APJB46-AP

Save Cancel Previous NextSave Cancel Previous Next

Administrative contacts(NIC handles): Example: KX9-AP

Technical contacts(NIC handles):Example: XA7-AP

Maintainer object:Example: MAINTAIN-AP-SPARK

JB46-APJB46-AP

MAINT-AU-JEFFBRIGHT

1.1. Initial criteria 2. contact 3. network 4. connect 5. config 6. customer 7. infra 8. plan 9. comments 10 confirm1. applicant

Need to create

maintainer objects

Need to create person objects

help files!

Network name

ISPReq

Description of organisation not entered…


The details you provide here will be used to identify the proposed network in the APNIC Whois database.


Network name

WEBNET


1.1 Initial criteria 3. network 4. connect 5. config 6. customer 7. infra 8. plan 9. comments 10 confirm1. applicant

AUSTRALIAAUSTRALIA

Name of network: Example: SPARKYNET

Description of Organisation

Example: SparkyNet, Sdn Bhd, Internet Service Provider, Pinang,

Malaysia

Country: AU

2. contact

Name of network


Country

Error description

ISPReq

Error: “Description has not been entered”


Last modified February 2001 | ©APNIC Pty. Ltd. Comments to: [email protected]

Error #Description

Description has not been entered.For more help, see the Troubleshooting Guide

Continue

Troubleshooting Guide

ISPReq

Error Message How to fix the errorError Message How to fix the error

Troubleshooting guide for the APNIC IPv4 ISP Request Form

http://www.apnic.net/info/faq/troubleshooting.html


The details you provide here will be used to identify the proposed network in the APNIC Whois database.


Network name

WEBNET


Brisbane, AustraliaInternet Service Provider(A webhosting company)

Brisbane, AustraliaInternet Service Provider(A webhosting company)

1.1 Initial criteria 3. network 4. connect 5. config 6. customer 7. infra 8. plan 9. comments 10 confirm1. applicant

AUSTRALIAAUSTRALIA

Name of network: Example: SPARKYNET


Example: SparkyNet, Sdn Bhd, Internet Service Provider, Pinang,

Malaysia

Country: AU

2. contact

Description of organisation

ISPReq

Name of network, Description of Org., Country



The information you provide here describes certain aspects of how the network connects to the Internet.


Internet Connectivity


1.1 Initial criteria 4. connect 5. config 6. customer 7. infra 8. plan 9. comments 10 confirm1. applicant

Internet connectivity type:

Connection Providers:

2. contact

Peering-pointService providerOther

3. network

Connect-provider-1Connect-provider-2

Internet Connectivity

ISPReq

Internet connectivity type, Connection providers

Topologicalinformation

Connection providers


The information you provide here will help APNIC to understand certain aspects of the planned network. Depending on the options selected, APNIC may require more information to ensure compliance with the best current practice


Planned network configuration


1.1 Initial 5. 6. 7. 8. 9. 10. 11.criteria config customer infra cable future comments confirm1. applicant

Indicate the following configurations to be supported by this network:

2. contact

Supernets

Subnets

All 0s subnet

All 1s subnet

3. network 4. connect


The information you provide here will help APNIC to understand certain aspects of the planned network. Depending on the options selected, APNIC may require more information to ensure compliance with the best current practice


Planned network configuration


1.1 Initial 5. 6. 7. 8. 9. 10. 11.criteria config customer infra cable future comments confirm1. applicant

Indicate the following configurations to be supported by this network:

2. contact

Supernets

Subnets

All 0s subnet

All 1s subnet

3. network 4. connect

Network configuration

ISPReq

Supernets, Subnets, All 0s subnet, All 1s subnet…

Expectation is

‘classless’

Existing customer network

ISPReq

Existing customer networkExisting customer network

Name

Address

Mask

Hosts now

Hosts in 6 months

Hosts in 1 year

Subnets nowSubnets in 6

monthsSubnets in 1 year

Date assigned

How to complete this pageThere are two options for completing this section:

1. Use the form to build up your information, line by line

Use the fields on the left of the form to specify the required elements for each line.

When you have completed the fields, click "Add Information" to transfer that line to the text box in the correct format.

Repeat this process for each line required.

2. Upload a text file If you have a text file on a local drive, which

describes this information in the correct format, you may click "Upload Text File"

Follow the prompts to locate the file and attach it to this request form;

Only text files may be uploaded in this section.

Add informationUpload Text File

Browse…

CUST-NET1

203.108.131.8

255.255.255.248

4

4

6

1

1

1

20030101

CUST-NET1 203.108.131.8 255.255.255.248 4/6/6 1/1/1 20030101 Upload text file

Instructions

Add information

ISP address request evaluation

• ‘Customer network’ fields

Registration– Check all customer assignments are in the APNIC

‘whois’ database accurately

Policy– Prefix distribution of all customer assignments– ‘Classless’ assignments NOT on /24 boundaries

ISPReq

Existing network infrastructure information

Existing network infrastructure

ISPReq

Address, Mask, Connect, Max, Hosts now, 6m, 1yr, description

AddressMask

Connect

MaxHosts now

Hosts in 6mHosts in 1 yr

Detailed descrof subnet

Add information

Upload text file

New cable/DSL services

ISPReq


Use this section to indicate whether you are establishing a new cable or DSL service.


Allocations for cable/DSL service providers


1.1 Initial 8. 9. 10. 11.criteria cable future comments confirm

1. applicant

Is the address space you are requesting now required for establishing a new cable or DSL service?

2. contact 3. network 4. connect 5. config 5. customer 7. infra

Yes

No

APNIC – ISP Address RequestNew Cable/DSL service – Bootstrap criteria

APNIC – ISP Address RequestNew Cable/DSL service – Bootstrap criteria

New cable/DSL services

ISPReq

Use the form to build your CMTS details…

Instructions

Apply the “new

cable/DSL bootstrap criteria”?

Details of CMTS

equipment

Future network plan

IP require-ment

(max, now, in 6 months

in 1 year

Future network plan

ISPReq

Address, Mask, Connect, IP requirement, description

Infra-structure & Projections

ISP request evaluation

• ‘Infrastructure’ & ‘network-plan’ fields• Policy

– Technical descriptions are detailed enough so APNIC can understand why subnet size was chosen

– Do customer projections match infrastructure plans?

– Efficient subnet assignments

• ‘Best current practice’– Name based virtual web hosting– Dynamic dial up

» More on this to follow...

ISPReq

Additional CommentsAdditional Comments

Additional comments

ISPReq

Upload Text File

Additional info - topology & deployment

• POP topology• Diagrams showing network design• Diagrams showing POP design

– does network/POP topology description correlate with addressing plan and current infrastructure?

– larger requests will require additional documentation

• Deployment plan• Give details of phases of deploying equipment

– does deployment plan match information in network-plan fields?

ISPReq

Additional info- equipment and services

• Equipment and services• Specifications, number of ports

– information that cannot fit onto fields of form

• Details of how implement services– explain acronyms or special services

• Miscellaneous• Anything not covered by the form, anything

unusual– supplementary information very useful to the

hostmaster when evaluating your request

ISPReq

APNIC – ISP Address RequestConfirm details

APNIC – ISP Address RequestConfirm details

Please check your information:

Your name:Your email address:

Account name:Admin Contact Handles:

Technical Contact Handles:Maintainer:

Netname:Description:

Country:Connectivity:

Connection Providers:Do you support:

Jeff Brightjbright@webnet.comwebnet-auJB46-APJB46-APMAINT-AU-JEFFBRIGHTWEBNETBrisbane, Australia, Internet Service Provider (a web hosting company)AUPeering-point: NoService-provider: YesOther: NoConnect-Provider-1 Connect-Provider-2Supernets YesSubnets YesAll 0s YesAll 1s Yes

Confirm details

ISPReq

Check your information!

ISP address request- Checklist

All fields are syntactically correct Supplied documentation correct

• format defined in the APNIC-084

Provided all IP addresses currently heldUpdated all customer assignments in DB

• Deleted objects that are no longer valid

http://www.apnic.net/info/faq/isp_checklist.html

ISPReq

ISP address request- parsing

ISPReq

Successful parsing of ISP Request

APNIC – ISP Address RequestAPNIC – ISP Address Request

“warnings”below 80% utilisation of available IP addresses

You have successfully parsed and analysedyour ISP Request



ISP address request- submission

ISPReq

APNIC – ISP Address RequestSubmit ISP Request

Your ISP Request has been submittedYour ISP Request has been submitted


Questions ?


Checkpoint question

• The ISP request form is used for requesting an allocation from APNIC… but what is an allocation?

A block of address space held by an IR (or downstream ISP) for subsequent allocation or

assignment

Evaluation by APNIC- Virtual web hosting

• Name based hosting – ‘Strongly recommended’

• Use ‘infrastructure’ field to describe web servers

• IP based hosting– Permitted on technical grounds

– SSL, virtual ftp..

– Use ‘infrastructure’ field to describe web servers

– Special verification for IP based– If more than /22 used for this purpose

– Requestor must send list of URLs of virtual domain and corresponding IP address

ISP Req- Eval

Cable, DSL services

• 1:1 contention ratio• Can be either statically or dynamically assigned• Means 1 IP address per customer

• Greater than 1:1 contention ratio• Preferred because conserves address space

• Choice of addressing is optional for members • dynamic addressing is encouraged

• Verification for DSL Services– Equipment details

• Ex: BRAS, Number of ports– Purchase receipts

ISP Req- Eval

Customer assignments

• Customer growth estimation– The invoice for the additional CMTS purchased

for the expansion

• Required to report customer assignments greater than /30– Through second opinion process– Register the assignment in APNIC whois

database

ISP Req- Eval

Residential networks

• For residential networks– Do not need to register on-site admin-c,

ISP’s technical contact can be used

• Cable, DSL services– Special verification for 1:1 (permanently

on-line)• For anything over a /22 in total, verification

through customer list for random head-ends or other alternative

ISP Req- Eval

Evaluation by APNIC- Summary

• All address space held should be documented

• Check other RIR, NIR databases for historical allocations

• ‘No reservations’ policy• Reservations may never be claimed• Fragments address space• Customers may need more or less address

space than is actually reserved

ISP Req- Eval

First allocation

• Must meet criteria• (discussed in policy section)

• Requires clear detailed and accurate request

• Implementation of ‘Best Current Practice’• Efficient assignments planned• Always a /20 ‘slow start’

• Exceptions made for very large networks but not common

IPReq

APNIC 17 Consensus

/21

Subsequent allocations

• 80% overall utilisation• Unless large assignment pending

• Demonstrated conservative assignments

• Correct customer registrations in db• Need to fix inconsistencies before next allocation

• Allocation size to cover 1 year need• Based on previous utilisation rate

• Contiguous allocation not guaranteed• But every effort made

ISP Req- Eval

APNIC approval

ISP Req- Eval

Dear xxxx

I am pleased to advise you that in response to your request for Internet resources, APNIC has allocated the following range of IPv4 addresses to the organisation below. ** IMPORTANT THINGS TO KNOW **

1. The address range allocated to your organisation is portableIf you change transit providers, the address range remains with your organisation. 2. Assignments and sub-allocations from this address range to customers are non-portable Customers who cease connectivity with your organisation must return any addresses your organisation has assigned or sub-allocated to them. 3. Assignment Window (AW)If the amount of address space your organisation wishes to assign or sub-allocate to a customer is greater than your assignment window then please email <[email protected]> for approval. For more information on APNIC's new policy on sub-allocating space to customers, see: http://www.apnic.net/meetings/14/results.html

4. AggregationThis new allocation should, wherever technically possible, be aggregated with any other address ranges the organisation announces to its upstream or transit ISP.

5. No guarantee of routabilityAPNIC cannot guarantee that any address space will be globally routable.

APNIC expectation:Announce

allocation as single

aggregate

Assignments & sub-

allocations are non-portable

Allocation object & contacts

person: Santosh Desaiaddress: Rolta Center II, MIDC, Andheri,address: Mumbai-400 093country: INphone: +91-22-832 7708fax-no: +91-22-836 5992e-mail: [email protected]: SD34-APmnt-by: MAINT-IN-SANTOSHDESAIchanged: [email protected] 20000526source: APNIC

person: Vinay Sawarkaraddress: Rolta Center II, MIDC, Andheri,address: Mumbai-400 093country: INphone: +91-22-832 7708fax-no: +91-22-836 5992e-mail: [email protected]: VS9-APmnt-by: MAINT-IN-SANTOSHDESAIchanged: [email protected] 20000526source: APNIC

inetnum: 202.60.128.0 - 202.60.159.255netname: ROLTANETdescr: Rolta India Limiteddescr: Rolta Center IIdescr: MIDC Maroldescr: Andheri(East)- Mumbai-400 093country: INadmin-c: VS9-APtech-c: SD34-APmnt-by: APNIC-HMmnt-lower: MAINT-IN-SANTOSHDESAIchanged: [email protected] 19990323status: ALLOCATED PORTABLEsource: APNIC

Contacts for network

ISP Req- Eval

Questions ?


Checkpoint question

• How much address space do I have to have used in my allocation before I request a new allocation?

80%


IP Address Management

Revision of routing protocols

Interior Gateway Protocol (IGP)– Examples are OSPF, EIGRP, ISIS– Used to find optimum route to a host in ISP

network– Convergence becomes important with scaling

Border Gateway Protocol (BGP)– Can be interior (iBGP) and exterior (eBGP)– Used to carry traffic across your network and

to/from the Internet– Can use BGP attributes for routing policy

IP Mgmt

Principles of addressing

• Separate customer & infrastructure address pools

– Manageability• Different personnel manage infrastructure

and assignments to customers

– Scalability• Easier renumbering - customers are difficult,

infrastructure is relatively easy

IP Mgmt

Principles of addressing

• Further separate infrastructure– ‘Static’ infrastructure examples

• RAS server address pools, CMTS• Virtual web and content hosting LANs• Anything where there is no dynamic route

calculation

• Customer networks• Carry in iBGP , do not put in IGP

– No need to aggregate address space carried in iBGP

– Can carry in excess of 100K prefixes

IP Mgmt

Hierarchy of routing protocols

BGP4 (iBGP)& OSPF/ISIS

Other ISPs

CustomersLocalNAP

eBGP Static/eBGP

BGP4 (eBGP)

FDDI

ISP Internal Network

IP Mgmt

Management - simple network

• First allocation from APNIC– Infrastructure is known, customers are

not– 20% free is trigger for next request

– Grow usage of blocks from edges– Assign customers sequentially

20%Customers p2p

Infrastructure

loo

ps

IP Mgmt

Management - simple network

• If second allocation is contiguous

– Reverse order of division of first block– Maximise contiguous space for

infrastructure• Easier for debugging

– Customer networks can be discontiguous

Customers Infrastructure 20%Infrastructure Customers

1st allocation 2nd allocation

IP Mgmt

Management - many POPs

• WAN link to single transit ISP

Server

POP1

POP2POP3

IP Mgmt

• POP sizes– Choose address pool for each POP according to need

– Loopback addresses• Keep together in one block• Assists in fault-resolution

– Customer addresses • Assign sequentially


Infrastructure

POP 1 POP2

loopbacks

Customer

IP Mgmt


• /20 minimum allocation not enough for all your POPs?– Deploy addresses on infrastructure first

• Common mistake:– Reserving customer addresses on a per POP

basis

• Do not constrain network plans due to lack of address space– Re-apply once address space has been used

IP Mgmt

Questions ?


Checkpoint question

• Why doesn’t it make sense to carry the customer addresses in my IGP?

By carrying the customer assignments in iBGP, there is no need to aggregate them. (iBGP can easily handle these

routes.) The IGP should be kept small to optimise network performance and

convergence time

Assignment and sub-allocation procedures

Assignment Window &

2nd Opinion process

Second opinion request

• Assignment Window

• Second Opinion Request Form

• Evaluation

What is an Assignment Window?

“The amount of address space a member may assign without a ‘second opinion’”

• All members have an AW– Starts at zero, increases as member gains experience in

address management

• Second opinion process– Customer assignments require a ‘second-opinion’ when

proposed assignment size is larger than members AW

2nd Opinion

Assignment Window

• Size of assignment window– Evaluated after about 5 2nd-opinion requests– Increased as member gains experience and

demonstrates understanding of policies• Prefix length normally reduced by 1 bit at a time• Assignment window may be reduced, in rare cases

• Why an assignment window?– Monitoring ongoing progress and adherence to

policies– Mechanism for member education

2nd Opinion

Why Assignment Window?

• Motivation– Support the LIR during start up– Standardise criteria for request evaluation– Familiarise the LIR with APNIC policies– Ensure accurate data is being kept– Treat everyone fairly

FAQ • http://www.apnic.net/faq/awfaq.html

2nd Opinion

Request < AW?Request < AW?

APNIC APNIC approvesapproves request?request?

Member updates local Member updates local records & DB & records & DB &

makes assignmentmakes assignment

YesYes

Member adds comments Member adds comments & recommendations & sends to& recommendations & sends to

[email protected]@apnic.net

NoNo

Step 1 - Member and customer complete 2nd Opinion Request formStep 1 - Member and customer complete 2nd Opinion Request form

Step 3 - Assignment Window procedureStep 3 - Assignment Window procedure

Step 2 - Member evaluates customers requirements Step 2 - Member evaluates customers requirements iterationiteration

NoNo YesYes

Assignment window process

2nd Opinion

Second opinion request form

Used to seek approval for:– IPv4 assignments & sub-allocations– Multiple/additional IPv6 /48s to a single

customer

Before you start:– Separate form for each request– Help buttons available– Form can be saved by use of password

2nd Opinion

Overview of 2nd opinion formApplicant information

Type of request

Network name

Future network plan

Customer’s existing networkCustomer assignments to end-sites

Sub-allocation infrastructure

Additional information

Confirm details

Contact details, password

IPv6 / IPv4, Assignment / Sub-allocation

Network name, description, countryPlanned IP usage

IPs held by customerIPs held by customer & customer’s customers

IPv4 Sub-allocations IPv4/IPv6 Assignments

Any additional info that may aid the evaluation

Check your details

2nd Opinion

Your name:

Your email address:

APNIC account name: Examples: Non-member: SPARKYNET-NON-IDMember example: SPARKYNET-ID

Your relationship to organisation applying for membership:

Please choose one

Create a password for this request:

Confirm password: (min. 8 characters)

APNIC second opinion requestApplicant information

http://www.apnic.net/apnic-bin/second-opinion-form.pl

Cancel Next


2nd Opinion

http://www.apnic.net/apnic-bin/second-opinion-request.pl

Help buttons

Password allowssaving work

Type of second opinion request

2nd Opinion

APNIC second opinion requestType of second opinion request

Which IP version do you wish to request?

Which type of second opinion are you requesting?

Address prefix requested: /26

IPv4IPv6

Assignment (IPv4 or IPv6)

Select this if you are distributing IP addresses for the end user’s infrastructure

Sub-allocation (IPv4 only)

Select this if you are distributing IP addresses to an organisation that will further distribute the address space to their end users.

IPv4 example: /26IPv6 example: /47


Network name

2nd Opinion

APNIC second opinion requestNetwork nameThe details you provide here will be used to identify the proposed network in the APNIC Whois Database

Name of network:

Description of organisation:

Country: Select a country

Select a Country

Example: SparkyNet, Sdn Bhd, Indonesia

Example: SPARKYNET


APNIC second opinion requestFuture network plan

Size ofplanned subnet:

Deploy now:

Deploy within6 months:

Deploy within1 year:

Detailed description of

subnet:

Example: 0.0.0.0/28

Example: /29

Example: /29

Example: /28

Example: web hosting facility

Future network plan

Upload text file

Add information

Instructions0.0.0.0/28

/29

/29

/28

web hosting facility

0.0.0.0/28 /29 /29 /28 web hosting facility

2nd Opinion

Customer’s existing network- IPv4 assignment request

Actual start address assigned:

Total prefix sizeof subnet:

Description of subnet:

Example: 202.5.10.0

Example: /29

Example: 1 router and 4 workstations

APNIC second opinion requestCustomer’s existing network

202.5.10.0 /29 1 router and 4 workstations

2nd Opinion

202.5.10.0

/29

1 router and 4 workstations

All previousassignments

- Check whois db

Upload text file

Add information

Customer’s assignments to end-sites

• Sub Allocation Request

Actual start address assigned:

Total prefix sizeof subnet:


Example: 202.12.28.0

Example: /29

Example: FOO-AP

Customer’s assignments to end-sitesAPNIC second opinion request

Customer’s (downstream provider’s) customers

Add information

Sub-allocation infrastructure

• Sub-Allocation Request

Sub-allocation infrastructureAPNIC second opinion request

Actual start address

assigned:

Total prefix assigned to the infrastructure:


Example: 202.12.28.0

Example: /27

Example: server farm

Customer’s (downstream provider’s)

infrastructure

Add information

Additional information

2nd Opinion

APNIC second opinion requestAdditional information

network topology diagrams detailed explanations of the address space usage and subnetting plans

Network designNetwork topologyDeployment plan

Equipment Services

Renumbering Explanations

etc

Upload File

Confirm details & submit

APNIC second opinion requestConfirm details

Submit

APNIC second opinion requestSubmit request

Your request has been submitted

Please check your information:

Your name:Your email address:

Account name:Your relationship to organisation

requesting second opinion:Address type:Request type:

Prefix second opinion requested for:Netname:

Description:Country code:Network plan:

Customer's existing network:

Ky [email protected] / Manager

IPv4Assignment/27SparkyNet, Sdn Bhd, IndonesiaID0.0.0.0/28 /29 /29 /28 web hosting facility 0.0.0.0/28 /29 /29 /28 web hosting facility 202.5.10.0 /29 1 router and 4 workstations

• Check your request

• Click Submit

• Confirmation is also sent via email

• Request submitted!

2nd Opinion

2nd opinion evaluation (policy)

• Efficiency– More than 50% used in any one subnet?– Can different subnet sizes be used?– More than 80% used for previous assignment?

• Stockpiling– Is all address space held declared on form?– Has organisation obtained address space from

more than one member/ISP?

• Registration– Is previous assignment in APNIC database and

are they correct and up to date?

2nd Opinion

2nd opinion evaluation

• APNIC & Member evaluation – Should be the same

• If NO, APNIC will ask member to obtain more information

– iterative process

• If YES, APNIC approves 2nd opinion request

2nd Opinion

2nd opinion request approval

Dear XXXXXXX,

APNIC has approved your "second opinion" request to make the following assignment:

[netname]

[address/prefix]

* Please ensure that you update the APNIC whois database to register this assignment before informing your customer or requesting reverse DNS delegation. Do this using the form at:

http://www.apnic.net/apnic-bin/inetnum.pl

Important:

Unregistered assignments are considered as "unused"

2nd Opinion

Customer assignment

• Member updates internal records– Select address range to be assigned– Archive original documents sent to APNIC– Update APNIC database

• Clarify status of address space – APNIC requirement is ‘Non portable’ – ‘Portable’ assignments are made by APNIC only

with the end-user request form• Organisation must have technical requirement

2nd Opinion

Questions ?


Checkpoint question

• Do all customer assignments need to be registered in the APNIC

whois Database…?

Yes. (This can now be easily managed

through myAPNIC.)

The APNIC Database

Protection and Updating

DB 2

Database protection- maintainer object

mntner: MAINT-WF-EXdescr: Maintainer for ExampleNet Service Providercountry: WFadmin-c: ZU3-APtech-c: KX17-APupd-to: [email protected]: [email protected]: CRYPT-PW apHJ9zF3omnt-by: MAINT-WF-EXreferral-by: MAINT-APNIC-APchanged: [email protected] 20020731source: APNIC

DB 2

• protects other objects in the APNIC database

Creating a maintainer object

1. Fill out webform– Provide:

• Admin-c & tech-c• password• email address etc

2. Completed form will be sent to you

3. Forward request to [email protected]

4. Maintainer will be created manually• Manual verification by APNIC Hostmasters

5. Update your person object with mntner

http://www.apnic.net/services/whois_guide.html

Database protection

• Authorisation– “mnt-by” references a mntner object

• Can be found in all database objects• “mnt-by” should be used with every object!

• Authentication– Updates to an object must pass

authentication rule specified by its maintainer object

DB 2

Authorisation mechanism

mntner: MAINT-WF-EXdescr: Maintainer for ExampleNet Service Providercountry: WFadmin-c: ZU3-APtech-c: KX17-APupd-to: [email protected]: [email protected]: CRYPT-PW apHJ9zF3omnt-by: MAINT-WF-EXchanged: [email protected] 20020731source: APNIC

inetnum: 202.137.181.0 – 202.137.185.255netname: EXAMPLENET-WFdescr: ExampleNet Service Provider……….mnt-by: MAINT-WF-EX

DB 2

Maintainer specific attributes

• mnt-nfy:• Sends notification of any changes to

maintained objects to email address specified

• mnt-by:• Maintainers must also be protected!

(Normally by themselves)

• auth:• Authentication method for this maintainer

DB 2

Authentication methods

• ‘auth’ attribute – Crypt-PW

• Crypt (Unix) password encryption• Use web page to create your maintainer

– PGP – GNUPG• Strong authentication• Requires PGP keys

– MD5• Strong authentication• Simple to use

DB 2

Mnt-by & mnt-lower

• ‘mnt-by’ attribute• Can be used to protect any object• Changes to protected object must satisfy authentication rules of

‘mntner’ object.

• ‘mnt-lower’ attribute • Also references mntner object• Hierarchical authorisation for inetnum & domain objects• The creation of child objects must satisfy this mntner• Protects against unauthorised updates to an allocated range -

highly recommended!

DB 2

Inetnum: 203.146.96.0 - 203.146.127.255 netname: LOXINFO-TH descr: Loxley Information Company Ltd. Descr: 304 Suapah Rd, Promprab,Bangkok country: TH admin-c: KS32-APtech-c: CT2-APmnt-by: APNIC-HM mnt-lower: MAINT-TH-LOXINFOchanged: [email protected] 19990714Status: ALLOCATED PORTABLE source: APNIC

Authentication/Authorisation

– APNIC allocation to member• Created and maintained by APNIC

1. Only APNIC can change this object2. Only Loxinfo can create assignments within this allocation

12

DB 2

Inetnum: 203.146.113.64 - 203.146.113.127 netname: SCC-TH descr: Sukhothai Commercial College Country: TH admin-c: SI10-APtech-c: VP5-APmnt-by: MAINT-TH-LOXINFOchanged: [email protected] 19990930Status: ASSIGNED NON-PORTABLE source: APNIC

Authentication/Authorisation

– Member assignment to customer• Created and maintained by APNIC member

Only LOXINFO-IS can change this object

DB 2

Database update process

– Email requests to <[email protected]>– Each request contains an object template

Update Request

Template

<[email protected]>

Parse

Warnings/Errors returned

Error

Auth. DataBase

Whois Server

DB 2

Database update process

• Update transactions– Create a new object – Change an object– Delete an object

• Updates are submitted by email• E-mail to:

• Email message contains template representing new or updated object

Template

DB 2

<[email protected]>

Template

Database update - web

• Creates a template through the web form

• Template will be sent to you by email• This should be forwarded to:

– Common error • to reply to the email

– (Adds extra character in front of each line)

http://www.apnic.net/services/whois_guide.html

DB 2

<[email protected]>

Updating an existing object

• Change relevant fields

• Add your maintainer password

• Update the changed attribute

• Email updated object to:

• Note– Primary keys cannot be modified

DB 2

<[email protected]>

Deleting an object

– Copy object as-is in database into email– Add your maintainer password– Leave the changed attribute

inetnum: 202.182.224.0 - 202.182.225.255netname: SONY-HK...mnt-by: MAINT-CNS-APchanged: [email protected] 19990617source: APNICpassword: x34zkydelete: no longer required [email protected]

Note: Referenced objects cannot be deleted (02/99)

DB 2

Forgotten the password ?

We do not recommend using personal names for maintainer objects

• Send an e-mail to [email protected] If you are a ‘contact person’ of APNIC • If NOT, requires legal documentation

DB 2

Unfortunately we cannot change the password for the maintainer until we have received a fax with your company’s letterhead confirming the request to modify the password. In the fax, please include the following:

0. Attention: APNIC Database Administration Department

1. The APNIC Account name of your company and your personal nic handle. If you do not have an APNIC account, then please state ‘NON-MEM’.

2. The current maintainer object which is to be modified, as obtained from ‘whois –h whois.apnic.net MAINTAINER-OBJECT’

3. The new password/authorisation for the maintainer.

4. The signature of a contact for the maintainer.

Confirmation by fax

required on company

letter head

Questions ?


Checkpoint question

• What is the difference between mnt-by and mnt-lower?

- mnt-by protects the object itself.- mnt-lower prevents the unauthorised creation of child objects.

MyAPNIC

Autonomous System Numbers

Procedures

Overview

• What is an AS?

• Guidelines and procedures

• Application form (documentation)

• Policy expression

ASN

What is an Autonomous System?

– Collection of networks with same routing policy

– Usually under single ownership, trust and administrative control

AS 100

ASN

When do I need an ASN?

• When do I need an AS?– Multi-homed network to different

providers and– Routing policy different to external peers

• Recommended reading!– RFC1930: Guidelines for creation,

selection and registration of an Autonomous System

ASN

RFC1930

When don’t I need an ASN?

• Factors that don’t count– Transition and ‘future proofing’ – Multi-homing to the same upstream

• RFC2270: A dedicated AS for sites

homed to a single provider

– Service differentiation• RFC1997: BGP Communities attribute

RFC2270

RFC1997

ASN

Requesting an ASN

• Complete the request form– web form available:

• http://www.apnic.net/db/aut-num.html

• Request form is parsed - real time– Must include routing policy

• multiple import and export lines

– Is checked for syntactical accuracy• based on RPSL (rfc2622)

– Peers verified by querying routing table– [NO-PARSE] will not send request to parser

ASN

RFC2622

Requesting an ASN - Customers

1. Requested directly from APNIC• AS number is “portable”

2. Requested via member• ASN is “non-portable”• ASN returned if customer changes provider

• Transfers of ASNs– Need legal documentation (mergers etc)– Should be returned if no longer required

ASN

What is this form to be used for?This form assists in the creation and maintenance of aut-num objects. The aut-num describes the details of the registered owner of an Autonomous System and their routing policy for that AS. See RFC 2622 for details.

Help completing this form

See the Guide to the APNIC AS Number Request Form.

(* indicates mandatory field.)

Aut-num Object

* Name: eg: Ky XanderThe name of the person completing this form* Name: eg: Ky XanderThe name of the person completing this form

* Account-name: eg: ACME-PHYour APNIC account name* Account-name: eg: ACME-PHYour APNIC account name

* Org-relationship: eg: Consultant (or employee or…)Your APNIC account name* Org-relationship: eg: Consultant (or employee or…)Your APNIC account name

Create Aut-num Object

ASN request form

http://www.apnic.net/apnic-bin/creform.pl

Guide to the ASN request form

ASN

Request form – routing policy

ASN

* Descr:A short description of this object and the eg: Global Transit Inc. Transit ASname of the organisation associated with it. Content Service Provider Tokyo

* Country:Name of the country of the admin-c eg: J P

Import:Routing information your AS will accept from eg: from AS9386 Action pref=100neighbouring Autonomous Systems

from AS1 Action pref=100;accept ANYfrom AS2 Action pref=100;accept ANY

More information regarding RPSL syntax can be found in RFC 2622

Export:generated routing information your AS will eg: to AS9444 Announce THIS-ASsend to peer Autonomous Systems

to AS1 Action pref=100;announce ANYto AS2 Action pref=100;announce ANY


Default:If applicable, a description of how default eg: to AS9386 Action pref=10routing policy is applied.





* Country:Name of the country of the admin-c eg: J P* Country:Name of the country of the admin-c eg: J P






















aut-num: AS4777as-name: APNIC-NSPIXP2-ASdescr: Asia Pacific Network Information Centredescr: AS for NSPIXP2, remote facilities siteimport: from AS2500 action pref=100; accept ANYimport: rom AS2524 action pref=100; accept ANYimport: from AS2514 action pref=100; accept ANYexport: to AS2500 announce AS4777export: to AS2524 announce AS4777export: to AS2514 announce AS4777default: to AS2500 action pref=100; networks ANYadmin-c: PW35-APtech-c: NO4-APremarks: Filtering prefixes longer than /24mnt-by: MAINT-APNIC-APchanged: [email protected] 19981028source: APNIC

Aut-num object example

POLICYRPSL

ASN

Representation of routing policy

• Routing and packet flows

AS 1 AS 2routing flow

packet flow

packet flow

accepts

announces

announces

accepts

ASN

For AS1 and AS2 networks to communicate• AS1 must announce to AS2• AS2 must accept from AS1• AS2 must announce to AS1• AS1 must accept from AS2


AS 1 AS 2

aut-num: AS1…import: from AS2

action pref=100;accept AS2

export: to AS2 announce AS1

aut-num: AS2…import: from AS1

action pref=100;accept AS1


Basic concept

“action pref” - the lower the value, the preferred the route

ASN


AS 123 AS4 AS5

AS5

AS10More complex example

• AS4 gives transit to AS5, AS10• AS4 gives local routes to AS123

ASN


AS 123AS 123 AS4AS4 AS5AS5AS5

AS10AS10

import: from AS123 action pref=100; accept AS123

aut-num: AS4




export: to AS5 announce AS4 AS10

export: to AS10 announce AS4 AS5 Not a path

ASN


AS123AS123 AS4AS4

More complex example

• AS4 and AS6 private link1• AS4 and AS123 main transit link2 • backup all traffic over link1 and link3 in event of link2 failure

AS6AS6privatelink1

link3

transit traffic over link2

ASN


AS123AS123 AS4AS4

AS6AS6private link1

link3

AS representation

transit traffic over link2

import: from AS123 action pref=100; accept ANY

aut-num: AS4


import: from AS6 action pref=200; accept ANY



full routing received

ASN

higher cost for backup route

Routing Policy Specification Language

• RPSL– Derived from RIPE-181– Introduced with v3 Database

• 20 August 2002

– “New” object specification language• more expressive syntax• advanced aut-num and routing policy options

– Especially useful in an Internet Routing Registry

ASN

RFC2622

Questions ?


Checkpoint question

• When do I need an AS number?

An AS number is used when multihoming to two different

providers and when you have a unique routing policy

Reverse DNS Delegation

Registry Procedures

Rev. DNS

Overview

• Reverse DNS Delegation

• APNIC & Member responsibilities

• Reverse network delegations (/16)

• Reverse network delegations (/24)

• Subnet delegations

• Delegation procedures

Rev. DNS

What is ‘Reverse DNS’?

• ‘Forward DNS’ maps names to numbers– svc00.apnic.net -> 202.12.28.131

• ‘Reverse DNS’ maps numbers to names– 202.12.28.131 -> svc00.apnic.net

Rev. DNS

In-addr.arpa

• Hierarchy of IP addresses– Uses ‘in-addr.arpa’ domain

• INverse ADDRess

• IP addresses:– Less specific to More specific

• 210.56.14.1

• Domain names: – More specific to Less specific

• delhi.vsnl.net.in

– Reversed in in-addr.arpa hierarchy• 14.56.210.in-addr.arpa

Rev. DNS

whois

Root DNSRoot DNS

Reverse DNS delegation

net edu com au

whois

apnic

202 203 210 211..202

2222

in-addr

arpa

6464

22.64 .in-addr.202 .arpa

Rev. DNS

- Mapping numbers to names - ‘reverse DNS’

Reverse DNS - why bother?

• Service denial• That only allow access when fully reverse

delegated eg. anonymous ftp

• Diagnostics• Assisting in trace routes etc

• Registration• Responsibility as a member and Local IR

Rev. DNS

APNIC & Member responsibilities

• APNIC– Manage reverse delegations of address block

distributed by APNIC – Process members requests for reverse

delegations of network allocations

• Members– Be familiar with APNIC procedures– Ensure that addresses are reverse-mapped– Maintain nameservers for allocations

• Minimise pollution of DNS

Rev. DNS

Reverse delegation requirements

• /24 Delegations• Address blocks should be assigned/allocated• At least two name servers

• /16 Delegations• Same as /24 delegations• APNIC delegates entire zone to member• Recommend APNIC secondary zone

• < /24 Delegations• Read “classless in-addr.arpa delegation”

RFC2317

Rev. DNS

Delegation procedures

• Upon allocation, member is asked if they want /24 place holder domain objects with member maintainer– Gives member direct control

• Standard APNIC database object, – can be updated through online form or via email.

• Nameserver/domain set up verified before being submitted to the database.

• Protection by maintainer object– (current auths: NONE, CRYPT-PW, PGP).

• Zone file updated 2-hourly

Rev. DNS

Example ‘domain’ object

domain: 124.54.202.in-addr.arpa

descr: co-located server at mumbai

country: IN

admin-c: VT43-AP

tech-c: IA15-AP

zone-c: IA15-AP

nserver: dns.vsnl.net.in

nserver: giasbm01.vsnl.net.in

mnt-by: MAINT-IN-VSNL

changed: [email protected] 20010612

source: APNIC

Rev. DNS

Delegation procedures – request form

• Complete the documentation• http://www.apnic.net/db/domain.html

• On-line form interface– Real time feedback– Gives errors, warnings in zone configuration

• serial number of zone consistent across nameservers• nameservers listed in zone consistent

– Uses database ‘domain’ object• examples of form to follow..

Rev. DNS

Reverse DNS request form

Create Domain Object

What is this form to be used for?This form assists in the creation and maintenance of domain objects. The domain class:

(* indicates mandatory field)

An admin-c must be someone physically located at the site of the network.

*Domain:

Country:

*Descr:

*Admin-cList the NIC handles for the administrative contacts(admin-c). Other text eg: DNS4-AP

please change this field – This isadded byhttp://www.apnic.net/db/domain.htmlThe reverse delegation xone for the

Domain Object

Create Domain Object

What is this form to be used for?This form assists in the creation and maintenance of domain objects. The domain class:



*Domain:

Country:

*Descr:



Domain ObjectWhat is this form to be used for?This form assists in the creation and maintenance of domain objects. The domain class:



*Domain:

Country:

*Descr:





Domain Object

Request form

*Nserver

Notify:

*Mnt-by:

*PasswordYou must supply a password for one of the maintainers listed in this field

Mnt-lower:

MAINT-WF-EX

This email address will be notifiedby the APNIC database when thisobject changes.

Remarks:

dns.vsnl.net.ingiasbm01.vsnl.net.in

This stops ad-hoc additions beneath this zone

*Nserver

Notify:

*Mnt-by:


Mnt-lower:

MAINT-WF-EX


Remarks:

dns.vsnl.net.ingiasbm01.vsnl.net.in

This stops ad-hoc additions beneath this zone

*Nserver

Notify:

*Mnt-by:


Mnt-lower:

MAINT-WF-EXMAINT-WF-EXMAINT-WF-EX




Remarks:

dns.vsnl.net.ingiasbm01.vsnl.net.indns.vsnl.net.ingiasbm01.vsnl.net.indns.vsnl.net.ingiasbm01.vsnl.net.in

This stops ad-hoc additions beneath this zoneThis stops ad-hoc additions beneath this zoneThis stops ad-hoc additions beneath this zone

Evaluation

• Parser checks for– ‘whois’ database

• IP address range is assigned or allocated• Must be in APNIC database

– Maintainer object• Mandatory field of domain object

– Nic-handles• zone-c, tech-c, admin-c

Rev. DNS

Evaluation

• Nameserver checks– Minimum 2 nameservers required – Check serial versions of zone files are

the same– Check NS records in zones are the

same as listed on form– Nameserver can resolve itself, forward

and reverse

Rev. DNS

Online errors (also via email)

Rev. DNS

Please wait while your request is processed.Parsing and validating your submission …

Errors encounteredYour update request was unable to be completed due to the following errors. Please correct them and try again. If the error is temporary in nature, correct the error and ‘Reload’ this page (possibly this frame).

• *ERROR*. SOA on “ns.apnic.net” does not match SOA on “svc00.apnic.net”. All nserversmust respond with the same SOA.

• *ERROR*. NS RR for ns.telstra.net found on svc00.apnic.net but not in supplied template.


• *ERROR*. NS RR for ns.telstra.net found on ns.apnic.net but not in supplied template.


• *ERROR*. cross-check of listed NS RR failed.

Please wait while your request is processed.Parsing and validating your submission …

Errors encounteredYour update request was unable to be completed due to the following errors. Please correct them and try again. If the error is temporary in nature, correct the error and ‘Reload’ this page (possibly this frame).

• *ERROR*. SOA on “ns.apnic.net” does not match SOA on “svc00.apnic.net”. All nserversmust respond with the same SOA.





• *ERROR*. cross-check of listed NS RR failed.

Verifying your authorisation ….Your maintainer uses the ‘CRYPT-PW’ or ‘NONE’ authorisation schema. Attempting to submit your request directly to the database.

Update resultsConnection closed.

% Rights restricted by copyright. See http://www.apnic.net/db/dbcopyright.htmlUpdate FAILED: [domain] 174.202.in-addr-arpa

domain: 174.202.in-addr.arpadescr: in-addr.arpa zone for 202.174/16admin-c: DNS3-APtech-c: DNS3-APzone-c: DNS3-APnserver: ns.apnic.netnserver: svc00.apnic.netmnt-by: MAINT-AP-DNS-DEFAULTchanged: [email protected] 20000215source: APNIC*ERROR*: authorisation failed, request forwarded to maintainer

Processing completed

Verifying your authorisation ….Your maintainer uses the ‘CRYPT-PW’ or ‘NONE’ authorisation schema. Attempting to submit your request directly to the database.

Update resultsConnection closed.

% Rights restricted by copyright. See http://www.apnic.net/db/dbcopyright.htmlUpdate FAILED: [domain] 174.202.in-addr-arpa

domain: 174.202.in-addr.arpadescr: in-addr.arpa zone for 202.174/16admin-c: DNS3-APtech-c: DNS3-APzone-c: DNS3-APnserver: ns.apnic.netnserver: svc00.apnic.netmnt-by: MAINT-AP-DNS-DEFAULTchanged: [email protected] 20000215source: APNIC*ERROR*: authorisation failed, request forwarded to maintainer

Processing completed

Request submission error

Rev. DNS

Update failed

Authorisation failed

Please wait while your request is processed.

Parsing and validating your submission …

Warnings generated•Verifying your authorisation …. Your maintainer uses the ‘CRYPT-PW’ or ‘NONE’ authorisation schema. Attempting to submit your request directly to the database.

Update results

Connection closed.% Rights restricted by copyright. See http://www.apnic.net/db/dbcopyright.htmlUpdate OK: [domain] 174.202.in-addr.arpa

Processing completed.

Please wait while your request is processed.

Parsing and validating your submission …

Warnings generated•Verifying your authorisation …. Your maintainer uses the ‘CRYPT-PW’ or ‘NONE’ authorisation schema. Attempting to submit your request directly to the database.

Update results

Connection closed.% Rights restricted by copyright. See http://www.apnic.net/db/dbcopyright.htmlUpdate OK: [domain] 174.202.in-addr.arpa

Processing completed.

Successful update

Rev. DNS

Update ok!

Use of maintainer object

• Domain objects protected by maintainers• hierarchical protection using “mnt-lower”

• Bootstrap period– ‘MAINT-AP-DNS-DEFAULT’ for all objects

imported by APNIC from existing zone files• Changing delegations requires valid maintainer• Maintainer creation & authorisation is manual

– Turnaround time 2 days

– /24 place holder objects created upon allocation gives members direct control

• No need to contact APNIC when changing nservers

Rev. DNS

Delegation process summary

on-line feedback givenno

Step 1

yes

Step 2

Step 3update APNIC

database

notify upd-tocontact for

maintainer object

zone files reloadedEvery 2 hrs, 24hrs a day on everyday

Delegation by APNIC

request forwarded to APNIC for manual

processingno

yes

request parsed OK?

authorisation OK?

Rev. DNS

Reverse DNS Troubleshooting Guide:http://www.apnic.net/services/help/rd/troubleshooting.html

Questions?

• Are all your zones, and your customer zones registered?


Checkpoint question

• What is reverse DNS?

It is the mapping of numbers (IP addresses) to names (domain

names)

Summary

What we have covered today

Summary

• Introduction to APNIC• Policy development • Internet Registry Policies• IPv4 Allocation & Assignment Procedures

• IP Address Management• APNIC Database Procedures • ASN Assignment Procedures• Reverse DNS Procedures

Summary - Responsibilities

• As an APNIC member and custodian of address space – Be aware of your responsibilities

– Register customer assignments in APNIC database

• Keep this data up-to-date & accurate

– Educate your customers– Document your network in detail

• Keep local records

– Register reverse DNS delegations

• More personalised service– Range of languages:

Cantonese, Filipino, Mandarin, Hindi, Vietnamese etc.

• Faster response and resolution of queries• IP resource applications, status of requests, obtaining help

in completing application forms, membership enquiries, billing issues & database enquiries

Member Services Helpdesk- One point of contact for all member enquiries

Helpdesk hours 9:00 am - 7:00 pm (AU EST, UTC + 10 hrs)

ph: +61 7 3858 3188 fax: 61 7 3858 3199

Summary

• “Do the right thing”

– Think about routing table size & scalability of Internet

– Encourage renumbering

– Announce aggregate prefixes

– Think global not local

Thank you !!

Your feedback is appreciated

Material available at:http://www.apnic.net/training/recent/

Supplementary

Reading

Training material

•Today’s training material will be made available at:

http://www.apnic.net/training/recent/

Introduction

Regional Registry web sites• APNIC:

http://www.apnic.net

• ARIN: http://www.arin.net

• LACNIC: http://www.lacnic.net

• RIPE NCC: http://www.ripe.net

APNIC past meetingshttp://www.apnic.net/meetings

Introduction

APNIC membershttp://www.apnic.net/members.html

Membership • Membership procedure

http://www.apnic.net/membersteps.html

• Membership application form http://www.apnic.net/apnic-bin/membership-application.pl

• Membership fees http://www.apnic.net/docs/corpdocs/FeeSchedule.htm

Introduction to APNIC & IP Policy

Classless techniques• CIDR

http://ftp.apnic.net/ietf/rfc/rfc1000/rfc1517-19.txt

• Network Addressing when using CIDR ftp://ftp.uninett.no/pub/misc/eidnes-cidr.ps.Z

• Variable Length Subnet Table http://ftp.apnic.net/ietf/rfc/rfc1000/rfc1878.txt

Private Address Space• Address Allocation for Private Internets

http://ftp.apnic.net/ietf/rfc/rfc1000/rfc1918.txt

• Counter argument: “Unique addresses are good” http://ftp.apnic.net/ietf/rfc/rfc1000/rfc1814.txt

Bit boundary chart +------------------------------------------------------+ | addrs bits pref class mask | +------------------------------------------------------+ | 1 0 /32 255.255.255.255 | | 2 1 /31 255.255.255.254 | | 4 2 /30 255.255.255.252 | | 8 3 /29 255.255.255.248 | | 16 4 /28 255.255.255.240 | | 32 5 /27 255.255.255.224 | | 64 6 /26 255.255.255.192 | | 128 7 /25 255.255.255.128 | | 256 8 /24 1C 255.255.255 | | 512 9 /23 2C 255.255.254 | | 1,024 10 /22 4C 255.255.252 | | 2,048 11 /21 8C 255.255.248 | | 4,096 12 /20 16C 255.255.240 | | 8,192 13 /19 32C 255.255.224 | | 16,384 14 /18 64C 255.255.192 | | 32,768 15 /17 128C 255.255.128 | | 65,536 16 /16 1B 255.255 | | 131,072 17 /15 2B 255.254 | | 262,144 18 /14 4B 255.252 | | 524,288 19 /13 8B 255.248 | | 1,048,576 20 /12 16B 255.240 | | 2,097,152 21 /11 32B 255.224 | | 4,194,204 22 /10 64B 255.192 | | 8,388,608 23 /9 128B 255.128 | | 16,777,216 24 /8 1A 255 | | 33,554,432 25 /7 2A 254 | | 67,108,864 26 /6 4A 252 | | 134,217,728 27 /5 8A 248 | | 268,435,456 28 /4 16A 240 | | 536,870,912 29 /3 32A 224 | |1,073,741,824 30 /2 64A 192 | +------------------------------------------------------+

APNIC Mailing Lists

• apnic-talk– Open discussions relevant to APNIC community & members

• apnic-announce– Announcements of interest to the AP community

• sig-policy– IPv4 and IPv6 allocation and assignment policies

• global-v6– Global IPv6 policy mailing list

• subscribe via <[email protected]>• archives:

http://ftp.apnic.net/apnic/mailing-lists

http://www.apnic.net/net_comm/lists/

The RIR System

“Development of the Regional Internet Registry System”

Internet Protocol JournalVol. 4, Number 4

Short history of the Internet

http://www.cisco.com/warp/public/759/ipj_4-4/ipj_4-4_regional.html

Policies & Policy Environment

Policy Documentation • Policies for address space management in the Asia Pacific

regionhttp://www.apnic.net/docs/policy/add-manage-policy.html

• RFC2050: Internet Registry IP allocation Guidelineshttp://ftp.apnic.net/ietf/rfc/rfc2000/rfc2050.txt

Address Request Procedures

Addressing Guidelines• “Designing Addressing Architectures for Routing &

Switching”, Howard C. Berkowitz

Address Request Forms• ISP Address Request Form


• Second-opinion Request Formhttp://www.apnic.net/services/second-opinion/

• No Questions Asked http://ftp.apnic.net/apnic/docs/no-questions-policy

APNIC Database

APNIC Database Documentation• Updating information in the APNIC Database

http://ftp.apnic.net/apnic/docs/database-update-info

• Maintainer & Person Object Request Form http://ftp.apnic.net/apnic/docs/mntner-person-request

• APNIC Maintainer Object Request http://www.apnic.net/apnic-bin/maintainer.pl

• APNIC Whois Database objects resource guide http://www.apnic.net/services/whois_guide.html

APNIC Database

RIPE Database Documentation• RIPE Database Reference Manual

http://www.ripe.net/docs/databaseref-manual.html

Database ‘whois’ Clienthttp://ftp.apnic.net/apnic/dbase/tools/ripe-dbase-client.tar.gz

Database web queryhttp://www.apnic.net/apnic-bin/whois2.pl

Reverse DNS

Request Forms• Guide to reverse zones

http://www.apnic.net/db/revdel.html

• Registering your Rev Delegations with APNIC http://www.apnic.net/db/domain.html

Relevant RFCs• Classless Delegations


• Common DNS configuration errorshttp://ftp.apnic.net/ietf/rfc/rfc1000/rfc1537.txt

AS Assignment Procedures

Policy• Guidelines for the creation, selection, and

registration of an AS http://ftp.apnic.net/ietf/rfc/rfc1000/rfc1930.txt

RFCs• Routing Policy Specification Language (RPSL)


• A dedicated AS for sites homed to a single providerhttp://ftp.apnic.net/ietf/rfc/rfc2000/rfc2270.txt

• RFC1997: BGP Communities attributehttp://ftp.apnic.net/ietf/rfc/rfc2000/rfc2270.txt

Other supplementary reading

Operational Content Books• ISP Survival Guide, Geoff Huston• Cisco ISP Essentials, Philip Smith

BGP Tablehttp://www.telstra.net/ops/bgptable.html

http://www.merit.edu/ipma/reports

http://www.merit.edu/ipma/routing_table/mae-east/prefixlen.990212.html

http://www.employees.org/~tbates/cidr.hist.plot.html

Routing Instabilityhttp://zounds.merit.net/cgi-bin/do.pl

Other supplementary reading

Routing & Mulithoming• Internet Routing Architectures - Bassam Halabi • BGP Communities Attribute



Filtering• Egress Filtering

http://www.cisco.com/public/cons/isp

• Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing


Person object template

person: [mandatory] [single] [lookup key]address: [mandatory] [multiple] [ ]country: [optional] [single] [ ]phone: [mandatory] [multiple] [ ]fax-no: [optional] [multiple] [ ]e-mail: [mandatory] [multiple] [lookup key]nic-hdl: [mandatory] [single] [primary/look-up key]remarks: [optional] [multiple] [ ]notify: [optional] [multiple] [inverse key]mnt-by: [mandatory] [multiple] [inverse key]changed: [mandatory] [multiple] [ ]source: [mandatory] [single] [ ]

Role object template

role: [mandatory] [single] [lookup key]address: [mandatory] [multiple] [ ]country: [optional] [single] [ ]phone: [mandatory] [multiple] [ ]fax-no: [optional] [multiple] [ ]e-mail: [mandatory] [multiple] [lookup key]trouble: [optional] [multiple] [ ]admin-c: [mandatory] [multiple] [inverse key]tech-c: [mandatory] [multiple] [inverse key]nic-hdl: [mandatory] [single] [primary/look-up

key]remarks: [optional] [multiple] [ ]notify: [optional] [multiple] [inverse key]mnt-by: [mandatory] [multiple] [inverse key]changed: [mandatory] [multiple] [ ]source: [mandatory] [single] [ ]

Maintainer Object Template

mntner: [mandatory] [single] [primary/look-up key]descr: [mandatory] [multiple] [ ]country: [optional] [single] [ ]admin-c: [mandatory] [multiple] [inverse key]tech-c: [optional] [multiple] [inverse key]upd-to: [mandatory] [multiple] [inverse key]mnt-nfy: [optional] [multiple] [inverse key]auth: [mandatory] [multiple] [ ]remarks: [optional] [multiple] [ ]notify: [optional] [multiple] [inverse key]mnt-by: [mandatory] [multiple] [inverse key]referral-by: [mandatory] [single] [inverse key]changed: [mandatory] [multiple] [ ]source: [mandatory] [single] [ ]

Inetnum object template

inetnum: [mandatory] [single] [primary/look-up key]netname: [mandatory] [single] [lookup key]descr: [mandatory] [multiple] [ ]country: [mandatory] [multiple] [ ]admin-c: [mandatory] [multiple] [inverse key]tech-c: [mandatory] [multiple] [inverse key]rev-srv: [optional] [multiple] [inverse key]status: [mandatory] [single] [ ]remarks: [optional] [multiple] [ ]notify: [optional] [multiple] [inverse key]mnt-by: [mandatory] [multiple] [inverse key]mnt-lower: [optional] [multiple] [inverse key]mnt-routes:[optional] [multiple] [inverse key]mnt-irt: [optional] [multiple] [inverse key]changed: [mandatory] [multiple] [ ]source: [mandatory] [single] [ ]

Aut-num Object Template

aut-num: [mandatory] [single] [primary/look-up key]

as-name: [mandatory] [single] [ ]descr: [mandatory] [multiple] [ ]country: [optional] [single] [ ]member-of: [optional] [multiple] [ ]import: [optional] [multiple] [ ]export: [optional] [multiple] [ ]default: [optional] [multiple] [ ]remarks: [optional] [multiple] [ ]admin-c: [mandatory] [multiple] [inverse key]tech-c: [mandatory] [multiple] [inverse key]cross-mnt: [optional] [multiple] [inverse key]cross-nfy: [optional] [multiple] [inverse key]notify: [optional] [multiple] [inverse key]mnt-lower: [optional] [multiple] [inverse key]mnt-routes: [optional] [multiple] [inverse key]mnt-by: [mandatory] [multiple] [inverse key]changed: [mandatory] [multiple] [ ]source: [mandatory] [single] [ ]

Domain object template

domain: [mandatory] [single] [primary/look-up key]

descr: [mandatory] [multiple] [ ]country: [optional] [single] [ ]admin-c: [mandatory] [multiple] [inverse key]tech-c: [mandatory] [multiple] [inverse key]zone-c: [mandatory] [multiple] [inverse key]nserver: [mandatory] [multiple] [inverse key]sub-dom: [optional] [multiple] [inverse key]dom-net: [optional] [multiple] [ ]remarks: [optional] [multiple] [ ]notify: [optional] [multiple] [inverse key]mnt-by: [mandatory] [multiple] [inverse key]mnt-lower: [optional] [multiple] [inverse key]refer: [optional] [single] [ ]changed: [mandatory] [multiple] [ ]source: [mandatory] [single] [ ]

Documents

Welcome! APNIC Members Training Course Internet Resource Management I 27 April 2004, Melbourne