View
215
Download
3
Tags:
Embed Size (px)
Citation preview
Welcome!APNIC Members Training Course
Internet Resource Management I
27 April 2004, Melbourne
Introduction
• Presenters
– Champika Wijayatunga• Senior Training Specialist
– Nurani Nimpuno• Training Development Officer
– Tim Jones• Internet Resource Analyst
Assumptions & Objectives
Assumptions– Are current or
prospective APNIC member
– Have not submitted many requests
– Are not familiar / up-to-date with policies
– Are not familiar with procedures
Objectives– Teach members
how to request resources from APNIC
– Keep membership up-to-date with latest policies
– Liaise with members Faces behind the
e-mails
Schedule
Intro to APNIC Policy development Policies Whois DB intro
TEA BREAK (10:30 – 11:00)
Addressing plan ISP request
LUNCH (12:30 – 13:30)
ISP request evaluation IP management 2nd opinion process DB protection & updates MyAPNIC
TEA BREAK (15:30 – 16:00)
ASN Reverse DNS Summary
Introduction to APNIC
Asia Pacific Network Information Centre
Overview
• What is APNIC?• Regional Internet Registry• APNIC structure
• What Does APNIC do ?• APNIC Membership services
• Why APNIC ?• APNIC resources• APNIC environment • APNIC responsibilities
Intro
What is APNIC?
• RIR for the Asia Pacific• Regional Internet Registry
– Regional authority for Internet Resource distribution
– IPv4 & IPv6 addresses, ASNs, reverse dns delegation
• Industry self-regulatory body– Non-profit, neutral and independent
• Open membership-based structure
Intro
APNIC membershipIntro
Last Update Mar 2004
AU24%
HK13%
IN11%
PH5%
SG5% BD
3%AP3%
Other33% Other
9%
NZ4%
PK4%
TH4%
TW3%
MY4%
CN3%
JP5%
APNIC is not…
• Not a network operator– Does not provide networking services
• Works closely with APRICOT forum
• Not a standards body– Does not develop technical standards
• Works within IETF in relevant areas (IPv6 etc)
• Not a domain name registry or registrar• Will refer queries to relevant parties
Intro
APNIC structure
• Industry self-regulatory structure– Participation by those who use Internet
resources– Consensus-based decision making
• Eg. Policy changes, db requirements etc
– Open and transparent
• Meetings and mailing lists– Open to anyone
Intro
APNIC regionIntro
APNIC services & activities
Resources Services• IPv4, IPv6, ASN,
reverse DNS• Policy development
– Approved and implemented by membership
• APNIC whois db– whois.apnic.net
– Registration of resources
– Routing Registry: irr.apnic.net
Information dissemination• APNIC meetings• Publications
– Web and ftp site– Newsletters, global resource
reports– Mailing lists
• Open for anyone!
• Training Courses– Subsidised for members
• Co-ordination & liaison– With membership, other RIRs &
other Internet Orgs.
Questions ?
Material available at: www.apnic.net/training/recent/
Checkpoint question
• What is APNIC’s primary role?
To distribute and manage Internet resources (IP addresses & AS
numbers) in a fair and responsible manner
Policy Development in the Asia Pacific
The APNIC Community
&
the Policy Development Process
What is the APNIC community?
• Open forum in the Asia Pacific– Open to any interested parties
• Voluntary participation• Decisions made by consensus• Public meetings• Mailing lists
– web archived
• A voice in regional Internet operations through participation in APNIC activities
Policy Development
• Industry self-regulatory processes– Open to all interested parties– Facilitated by RIR staff
• Policy implementation– RIR processes– ISPs and other affected parties
Participation in policy development
• Why should I bother?– Responsibility as an APNIC member
• To be aware of the current policies for managing address space allocated to you
– Business reasons• Policies affect your business operating
environment and are constantly changing• Ensure your ‘needs’ are met
– Educational• Learn and share experiences• Stay abreast with ‘best practices’ in the
Internet
Policy development cycle
OPEN
TRANSPARENT‘BOTTOM UP’
Anyone can participate
All decisions & policies documented & freely available to anyone
Internet community proposes and approves policy
Need
DiscussEvaluate
Implement Consensus
How to make your voice heard
• Contribute on the public mailing lists• http://www.apnic.net/community/lists/index.html
• Attend meetings– Or send a representative– Gather input at forums
• Give feedback– Training or seminar events
Come to the APNIC meeting!
APNIC 18Nadi, Fiji, 31 Aug- 3 Sep 2004
• Participate in policy development• Attend workshops, tutorials & presentations• Exchange knowledge and information with peers• Stay abreast with developments in the Internet• View multicast online • Provide your input in matters important to you
http://www.apnic.net/meetings/
• Policy making process description– http://www.apnic.net/docs/policy/dev/index.html
Questions ?
Material available at: www.apnic.net/training/recent/
Checkpoint question
• Who can propose Internet resource policy?
Anyone can propose policy change! APNIC members, members of the community, APNIC staff or anyone
interested in Internet policy!
Internet Registry Allocation and Assignment
Policies
Overview of APNIC policies
– Definitions– Background– Objectives– Environment – Allocation & Assignment Policies– Summary
Policies
Allocation and Assignment
Allocation“A block of address space held by an IR (or
downstream ISP) for subsequent allocation or assignment”
• Not yet used to address any networks
Assignment“A block of address space used to address an
operational network”• May be provided to LIR customers, or used for
an LIR’s infrastructure (‘self-assignment’)
Policies
Sub-Allocation
/22
/8
APNIC Allocation
Allocation and Assignment
/24
/20
Member Allocation
Customer Assignments/25
Policies
/26/27 /26
APNICAllocates
to APNIC Member
APNIC Member
Customer / End User
Assignsto end-user
Allocatesto downstream
Downstream Assigns
to end-user
Portable & non-portable
Portable Assignments– Customer addresses independent from ISP
• Keeps addresses when changing ISP
– Bad for size of routing tables– Bad for QoS: routes may be filtered, flap-
dampened
Non-portable Assignments– Customer uses ISP’s address space
• Must renumber if changing ISP
– Only way to effectively scale the Internet
Policies
Aggregation and “portability”
Aggregation
(Non-portable Assignments) (Portable Assignments)
No Aggregation
BGP Announcement (1) BGP Announcements (4)
ISP Allocation
Customer Assignments Customer Assignments
ISP
Policies
Aggregation and “portability”
ISP D ISP C
ISP A ISP B
Internet
ISP D ISP C
ISP A ISP B
Internet
Aggregation
(Non-portable Assignments) (Portable Assignments)
No Aggregation
(4 routes) (21 routes)
Policies
Address management objectives
Conservation• Efficient use of resources
• Based on demonstrated need
Aggregation• Limit routing table growth
• Support provider-based routing
Registration• Ensure uniqueness
• Facilitate trouble shooting
Why do we need policies ?- Global IPv4 Delegations
Central registry37%
IANA Reserve36%
RIPE NCC 4%APNIC 4%
LACNIC 1%
ARIN 6%
Experimental6%
Multicast6% (Pre-RIR)
Policies
Growth of global routing table
last updated 09 Mar 2004
http://bgp.potaroo.net/as1221/bgp-active.html
DeploymentPeriod of CIDR
CIDR made it work for a while
But they cannot berelied on forever
Projected routing table growth without CIDR
ISPs tend tofilterlonger prefixes
Policies
Routing table prefix distribution
Last updated Feb 2004
Policies
0 20000 40000 60000 80000 100000 120000 140000
Nov-01
J an-02
Mar-02
May-02
J ul-02
Sep-02
Nov-02
J an-03
Mar-03
May-03
J ul-03
Sep-03
Nov-03
J an-04
/<16
/16
/17
/18
/19
/20
/21
/22
/23
/24
>/24
APNIC policy environment
“IP addresses not freehold property”– Assignments & allocations on license basis
• Addresses cannot be bought or sold• Internet resources are public resources• ‘Ownership’ is contrary to management goals
“Confidentiality & security”– APNIC to observe and protect trust relationship
• Non-disclosure agreement signed by staff
Policies
APNIC allocation policies
• Aggregation of allocation– Provider responsible for aggregation– Customer assignments /sub-allocations must be
non-portable
• Allocations based on demonstrated need– Detailed documentation required
• All address space held to be declared
– Address space to be obtained from one source• routing considerations may apply
– Stockpiling not permitted
Policies
Initial IPv4 allocation
• Initial (portable) allocation: /20 (4096 addresses). – The allocation can be used for further assignments to
customers or your own infrastructure.
Criteria
1a. Have used a /22 from upstream provider – Demonstrated efficient address usage
OR
1b. Show immediate need for /22• Can include customer projections &
infrastructure equipment
2. Detailed plan for use of /21 within 1 year3. Renumber to new space within 1 year
/20
/8APNIC
Non-portable assignment
Portable assignment
Member allocation
Policies
Policy will change Based on the APNIC 17
consensus
Initial IPv4 allocation criteria
1. LIR have used a /23 from their upstream provider or demonstrate an immediate need for a
/23; and
2. Detailed plan for use of a /22 within a year
3. Renumber to new space within 1 year
– Meet all policy requirements• Applicants may be required to show purchase receipts
IPReq
APNIC 17 Consensus
• Min allocation size may be lowered from /20 to /21
APNIC allocation policies
• Transfer of address space– Not automatically recognised
• Return unused address space to appropriate IR
• Effects of mergers, acquisitions & take-overs– Will require contact with IR (APNIC)
• contact details may change• new agreement may be required
– May require re-examination of allocations• requirement depends on new network structure
Policies
Address assignment policies
• Assignments based on requirements • Demonstrated through detailed documentation• Assignment should maximise utilisation
– minimise wastage
• Classless assignments• showing use of VLSM
• Size of allocation– Sufficient for up to 12 months requirement
Policies
Portable assignments
• Small multihoming assignment policy– For (small) organisations who require a portable
assignment for multi-homing purposes
Criteria
1a. Applicants currently multihomed OR
1b. Demonstrate a plan to multihome within 1 month
2. Agree to renumber out of previously assigned space
– Demonstrate need to use 25% of requested space immediately and 50% within 1 year
Portable assignment
/8APNIC
/20Member allocation
Non-portable assignment
Policies
Portable assignments for IXPs
Criteria– 3 or more peers– Demonstrate “open peering policy”
• APNIC has a reserved block of space from which to make IXP assignments
Supporting historical resource transfer
• Allow transfers of historical resources to APNIC members – no technical review or approval – historical resource holder must be verified – the recipient of the transfer must be an APNIC
member– resources will then be considered "current"
• Existing historical resource holders will still be able to update their information as previously
Questions ?
Material available at: www.apnic.net/training/recent/
Checkpoint question
• Why are portable assignments discouraged?
Portable assignments cannot be aggregated and need therefore to be announced separately, adding to the growing size of the Global
Routing Table
The APNIC Database
Introduction and Usage
Overview
• What is the APNIC database?
• Why use it?
• Database query
• Database updating process
DB Intro
What is the APNIC database?
• Public network management database• Operated by IRs
• Tracks network resources• IP addresses, ASNs, Reverse Domains,
Routing policies
• Records administrative information• Contact information (persons/roles)• Authorisation
DB Intro
Object types
OBJECT PURPOSE
person contact persons
role contact groups/roles
inetnum IPv4 addresses
inet6num IPv6 addresses
aut-num Autonomous System number
domain reverse domains
route prefixes being announced
mntner (maintainer) data protection
DB Intro
http://www.apnic.net/db/
Attributes & Values
• An object is a set of attributes and values• Each attribute of an object...
• Has a value• Has a specific syntax• Is mandatory or optional• Is single- or multi-valued
• Some attributes ...• Are primary (unique) keys• Are lookup keys for queries• Are inverse keys for queries
– Object “templates” illustrate this structure
DB Intro
Object templates
whois -t <object type>
person: [mandatory] [single] [primary/look-up key]address: [mandatory] [multiple] [ ]country: [optional] [single] [ ]phone: [mandatory] [multiple] [ ]fax-no: [optional] [multiple] [ ]e-mail: [mandatory] [multiple] [look-up key]nic-hdl: [mandatory] [single] [primary/look-up key]remarks: [optional] [multiple] [ ]notify: [optional] [multiple] [inverse key]mnt-by: [mandatory] [multiple] [inverse key]changed: [mandatory] [multiple] [ ]source: [mandatory] [single] [ ]
% whois -h whois.apnic.net -t person
To obtain template structure*, use :
DB Intro
*Recognised by the RIPE whois client/server
Person object example
– Person objects contain contact information
person:
address:
address:address:
country:phone:
fax-no:
e-mail:
nic-hdl:mnt-by:
changed:source:
Attributes Values
Ky XanderExampleNet Service Provider2 Pandora St BoxvilleWallis and Futuna IslandsWF+680-368-0844+680-367-1797kxander@[email protected] 20020731APNIC
DB Intro
What is a nic-hdl?
• Unique identifier for a person
• Represents a person object– Referenced in objects for contact details
• (inetnum, aut-num, domain…)
– format: <XXXX-AP> • Eg: KX17-AP
DB Intro
person: Ky Xanderaddress: ExampleNet Service Provideraddress: 2 Pandora St Boxvilleaddress: Wallis and Futuna Islandscountry: WFphone: +680-368-0844fax-no: +680-367-1797e-mail: [email protected]
nic-hdl: KX17-APmnt-by: MAINT-WF-EXchanged: [email protected] 20020731source: APNIC
Inetnum object example– Contain IP address allocations / assignments
inetnum:netname:descr:descr:country:admin-c:tech-c:mnt-by:mnt-lower:remarks:remarks:remarks:remarks:remarks:remarks:
changed:status: source:
202.51.64.0 - 202.51.95.255 CCNEP-NP-APCommunication & Communicate Nepal Ltd
VSAT Service Provider, Kathmandu NPAS75-APAS75-APAPNIC-HMMAINT-NP-ARUN
-+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-This object can only be updated by APNIC hostmasters.To update this object, please contact APNIC hostmasters and include your organisation's account name in the subject line.
[email protected] 20010205ALLOCATED PORTABLEAPNIC
DB Intro
Inter-related objects
inetnum:202.64.10.0 – 202.64.10.255
…admin-c: KX17-APtech-c: ZU3-AP…mnt-by: MAINT-WF-EX
…
IPv4 addresses
person:…
nic-hdl: ZU3-AP
…
Contact info
person:…
nic-hdl: KX17-AP
…
Contact info
mntner:MAINT-WF-EX
……
Data protection
DB Intro
Admin-c and tech-c
• Responsibility – ‘admin’ contacts• Legal authority • Technical management• Network planning, backbone design• Deployment, capacity, and upgrade planning
• Expertise - ‘tech’ contacts• Routing, aggregation, BGP, etc• Addressing, subnetting, CIDR, etc
DB Intro
whois.apnic.net whois.ripe.net whois.arin.net
ServerServer
Unix ClientUnix Client ‘‘X’ ClientX’ Client
Command Prompt / Web InterfaceCommand Prompt / Web Interface
Windows ClientWindows Client
HTTP/CGI
ClientClient
WHOIS Queries & responses
DB Intro
Database query - architecture
Database query - clients
• Standard whois client• Included with many Unix distributions
– RIPE extended whois client• http://ftp.apnic.net/apnic/dbase/tools/ripe-dbase-
client.tar.gz
• Query via the APNIC website• http://www.apnic.net/apnic-bin/whois2.pl
• Query clients - MS-Windows etc– Many available
DB Intro
Why use the database?
• Register use of Internet Resources• IP assignments, reverse DNS, etc
– Ascertain custodianship of a resource– Fulfill responsibilities as resource holder
• Obtain details of technical contacts for a network
• Investigate security incidents• Track source of network abuse or “spam”
DB Intro
Basic database queries
• Unix – whois –h whois.apnic.net <lookup key>
• Web interface– http://www.apnic.net/apnic-bin/whois2.pl
• Look-up keys – usually the object name– Check template for look-up keys
DB Intro
Database query – look-up keys
OBJECT TYPE ATTRIBUTES – LOOK-UP KEYS
** whois supports queries on any of these objects/keys
name, nic-hdl, e-mailname, nic-hdl, e-mailmaintainer namenetwork number, namedomain nameas numberroute valuenetwork number, name
personrolemntnerinetnumdomainaut-numrouteinet6num
DB Intro
% whois [email protected]
% whois zu3-ap% whois “zane ulrich”
DB Intro
person: Zane Ulrichaddress: ExampleNet Service Provideraddress: 2 Pandora St Boxvilleaddress: Wallis and Futuna Islandscountry: WFphone: +680-368-0844fax-no: +680-367-1797e-mail: [email protected]: ZU3-APmnt-by: MAINT-WF-EXchanged: [email protected] 20020731source: APNIC
Database query - UNIX
Database query - web
Query the APNIC Whois Database
http://www.apnic.net/apnic-bin/whois2.pl
2.Search options(flags)
1.Type in search key
3. ‘Search Whois’
DB Intro
Database query - web
DB Intro
Need help?
General search help Help tracking spam and hacking
% [whois.apnic.net node-1]% How to use this server http://www.apnic.net/db/% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html
role: OPTUS IP ADMINISTRATORS address: Optus Communications address: 101 Miller Street address: North Sydney NSW 2060 country: AU phone: +61-2-93427681 phone: +61-2-93420848 phone: +61-2-93420983 phone: +61-2-93420813 phone: +61-2-93420717 fax-no: +61-2-9342-0998 fax-no: +61-2-9342-6122 e-mail: [email protected] trouble: send spam/abuse reports to [email protected] trouble: please use http://www.apnic.net/db/spam.html trouble: to identify networks before sending reports and trouble: always include full headers/logs. admin-c: NC8-AP tech-c: NC8-APtech-c: CN39-APtech-c: GE7-APtech-c: PS176-APnic-hdl: OA3-AP notify: [email protected] mnt-by: MAINT-OPTUSCOM-APchanged: [email protected] 20021120 source: APNIC
Query the APNIC Whois Database
Result of search on nic-hdl “OA3-AP”
(‘Optus IP administrators’role object)
Database query - inetnum
• Note• Incomplete addresses padded with “.0”• Address without prefix interpreted as “/32”
% whois 203.127.128.0 - 203.127.159.255
% whois SINGNET-SG% whois 203.127.128.0/19
inetnum: 203.127.128.0 - 203.127.159.255netname: SINGNET-SG descr: Singapore Telecommunications Ltd descr: 31, Exeter Road, #02-00, Podium Blockdescr: Comcentre, 0923 country: SGadmin-c: CWL3-APtech-c: CWL3-APmnt-by: APNIC-HM status: ALLOCATED PORTABLEchanged: [email protected] 19990803 source: APNIC
DB Intro
Creating a person object
Whois Database Guide:http://www.apnic.net/services/whois_guide.html
1. Fill out person object form on web• Name, e-mail, phone, address etc• Tick ‘MNT-NEW’ for temporary protection
2. Completed template is sent to you
3. Forward template to
4. Person object created and nic-hdl is generated
DB Intro
LIR registration responsibilities
1. Create person objects for contacts• To provide contact info in other objects
2. Create mntner object• To provide protection of objects
– (To be discussed later)
3. Create inetnum objects for all customer address assignments
• (Allocation object created by APNIC)
DB Intro
The ‘public’ attribute
• To protect privacy if customer records– New attribute – “public” be added to:
• inetnum and inet6num objects• “public”: YES = public data• “public”: No = private data
– (not to be revealed by whois queries)
• Default (missing attribute) = private data
– Customer assignments registration is still mandatory
To be implemented
Sept 2004
inetnum:
Allocation (Created by APNIC)
3
Using the db – step by step
Customer Assignments(Created by LIR)
person:nic-hdl:
KX17-AP
Contact info
1
Data Protection
mntner:2
inetnum:...KX17-AP
...mnt-by:...
4inetnum:...KX17-AP
...mnt-by:...
5inetnum:...KX17-AP
...mnt-by:...
6
DB Intro
Database auto-responses
• Successful update SUCCEEDED• Objects accepted
• Warnings• Objects accepted but ambiguous• Objects corrected and accepted
• Errors FAILED• Objects NOT accepted
Don’t understand the error message?1. Help documentation
• http://www.apnic.net/docs/database-update-info.html
2. Contact • Include the error message
?
Parse
Database mailboxes
• Automatic request processing
– Automatic “robot” for all db updates
– Email template for create/update/delete
• Database service support
– E-mails answered by APNIC staff
– 1 day response time
DB 2
Helpdesk
Summary
• Use the APNIC whois database• To register information• To search information
– troubleshooting, tracking of spamming/hacking etc
• Create a person object
• Register all your assignments!• Fulfill your responsibility as a resource holder
DB Intro
- for all updates!
Questions ?
Material available at: www.apnic.net/training/recent/
Checkpoint question
• How can I query the APNIC whois Database?
By using the web interface: http://www.apnic.net/apnic-bin/whois.pl
or Unix command line: whois –h whois.apnic.net
<lookup>
Internet Registry Procedures
Addressing Plan
Addressing plan
• To complete documentation– First need a technical PLAN
• Documenting the architecture of the present and eventual goal
– IP addressing is fundamental part of network design
– IP addressing ‘planning’ example to follow..
AddressingPlan
Some icons
Router (layer 3, IP datagram forwarding)
Network Access Server(layer 3, IP datagram forwarding )
Ethernet switch (layer 2, packet forwarding)
AddressingPlan
Addressing plan
• Identify components of network– Customer services– ISP internal infrastructure
• Identify phases of deployment– Starting off, 6 months, 12 months
• Identify equipment and topology changes– Need for redundancy– Need for increased scale
AddressingPlan
Network plan
• Starting off’
Leased line services 5-8 customers
Dialup services 16 modems
Interconnected resilience
UpstreamISP
15 hosts NOC
operations
10 hosts Internal DNS,Web
Mail servers
ISP Infrastructure
Customer services5 hostsVirtual web
(name based)
AddressingPlan
Network plan
WAN point to point /30
5 hosts
15 hosts
10 hosts
UpstreamISP
16 dialup modems
5-8 leased line customers
‘ip unnumbered’to customers
one loopback interface per assigned router /32
‘ip unnumbered’to upstream ISP
AddressingPlan
Addressing plan
•
network-plan: network-plan:network-plan:
analogue dialup modems, vendor ‘x’LAN -web hosting (Name-based hosting)5-8 leased line customers (/28)
network-plan:network-plan: network-plan: network-plan:
LAN -NOC and Ops managementLAN -mail,DNS, web servers internalloopback router interfacesrouter WAN ports (x 5 lines)
Initial addressing plan
16 51281510 4 2
- numbers of host addresses (interfaces)
AddressingPlan
Network plan
16 → 60
dialupmodems (2PRI)
5-8 → 30 leased
linecustomers
5 →11 hosts name-based
8 hosts- 2ndary Servers
15 → 25 hosts-
NOC
10 → 16
hosts- Servers
60 dialupmodems (2PRI)
UpstreamISP
added new router and LAN for redundancy
added new dial up equipment
replaced originalmodem
increased number of leased line customers
increased number of hosts on all LANs
• 6 months later– scale increased– redundancy
AddressingPlan
Addressing plan
• Network plan at 6 months
6011512251662
- increases in hosts (interfaces)
New hardware
2 PRI dialup modems LAN-secondary servers
network-plan:network-plan:
0/0/
608
network-plan: network-plan:network-plan:
2 PRI dialup modems, vendor ‘y’LAN -web hosting (Name-based hosting)30 leased line customers (pool)
16/5/128/15/10/4/2/
network-plan:network-plan:network-plan: network-plan:
LAN -NOC and Ops managementLAN -mail,DNS, web servers internalloopback router interfacesrouter WAN ports (x 8 lines)
Changed description
AddressingPlan
Network plan
• 12 months total– site redundancy– greater complexity– efficiency 30 → 60 leased
linecustomers
ip unnumbered
11 hosts
8 hosts
16 → 35 host
60 → 240
dialupmodems (8PRI)
UpstreamISP A
60 → 240
dialupmodems (8PRI)
40 hosts
UpstreamISP B
added new customer router
redundancy of WAN connections
now numbered links for BGP4
two pieces of essential equipment
AddressingPlan
Addressing plan
•
network-plan: network-plan:network-plan:network-plan:
8 PRI dialup modems, vendor x8 PRI dialup modems, vendor y LAN -web hosting (Name-based hosting) 60 leased line customers (pool)
16/60/0/60/5/11/128/512/15/25/10/16/0/8/2/2/4/6
network-plan:network-plan: network-plan: network-plan:network-plan:
LAN -NOC and Ops managementLAN -mail,DNS, web servers internalLAN-secondary serversrouter WAN ports (x 8 lines)loopback router interfaces
Network plan at 12 months
24024011102040358212
-increases in hosts (interfaces)-one year total
AddressingPlan
Addressing plan
•
network-plan: network-plan:network-plan:network-plan:
8 PRI dialup modems, vendor x8 PRI dialup modems, vendor yLAN -web hosting (Name-based hosting)60 leased line customers (pool)
16/60/2400/60/2405/11/11128/512/102015/25/4010/16/35 0/8/8 2/2/2 4/6/12
network-plan:network-plan: network-plan: network-plan:network-plan:
LAN -NOC and Ops managementLAN -mail,DNS, web servers internalLAN-secondary serversrouter WAN ports (x 8 lines)loopback router interfaces
256256161024646481616
Can now determine subnet sizes
AddressingPlan
Addressing plan
– Addressing plan for network-plan– re-ordered large to small according to relative subnet size– determination of relative subnet addresses
network-plan: 0.0.0.0 1024 128/512/1020 60 leased line customers (pool)network-plan: 0.0.4.0 256 16/60/240 8 PRI dial up modems, vendor xnetwork-plan: 0.0.5.0 256 0/60/240 8 PRI dial up modems, vendor ynetwork-plan: 0.0.6.0 64 10/16/35 LAN -mail,DNS, web internalnetwork-plan: 0.0.6.64 64 15/25/40 LAN -NOC and Ops managementnetwork-plan: 0.0.6.128 16 5/11/11 LAN -web hosting (Name-based
hosting)
network-plan: 0.0.6.144 16 0/8/8 LAN -secondary serversnetwork-plan: 0.0.6.160 16 4/6/12 loopback router interfacesnetwork-plan: 0.0.6.176 16 2/2/2 router WAN ports (x8)
– cumulative total 0.0.6.208
AddressingPlan
Addressing plan
– Addressing plan for network-plan– connect to the Internet (full-time, part-time)?
network-plan: 0.0.0.0 255.255.252.0 YES 1024 128/512/1020 60 leased customers
network-plan: 0.0.4.0 255.255.255.0 PART 256 16/60/240 8 PRI dial up modems..
network-plan: 0.0.5.0 255.255.255.0 PART 256 0/60/240 8 PRI dial up modems..
network-plan: 0.0.6.0 255.255.255.192 YES 64 10/16/35 LAN -mail,DNS, web internal
network-plan: 0.0.6.64 255.255.255.192 YES 64 15/25/40 LAN -NOC & Ops mgmt
network-plan: 0.0.6.128 255.255.255.240 YES 16 5/11/11 LAN -web hosting (Name-based)
network-plan: 0.0.6.144 255.255.255.240 YES 16 0/8/8 LAN -secondary servers
network-plan: 0.0.6.160 255.255.255.240 YES 16 4/6/12 loopback router interfaces
network-plan: 0.0.6.176 255.255.255.252 YES 16 2/2/2 router WAN ports (x 8 )
AddressingPlan
– Addressing plan complete– total planned for customer assignments /22– total planned for ISP infrastructure /24 + /23
network-plan: 0.0.0.0 255.255.252.0 YES 1024 128/512/1020 60 leased line customersnetwork-plan: 0.0.4.0 255.255.255.0 PART 256 16/60/240 8 PRI dial up modems..network-plan: 0.0.5.0 255.255.255.0 PART 256 0/60/240 8 PRI dial up modems..network-plan: 0.0.6.0 255.255.255.192 YES 64 10/16/35 LAN -mail,DNS, web
internal network-plan: 0.0.6.64 255.255.255.192 YES 64 15/25/40 LAN -NOC & Ops mgmntnetwork-plan: 0.0.6.128 255.255.255.240 YES 16 5/11/11 LAN -web hosting (Name-based)
network-plan: 0.0.6.144 255.255.255.240 YES 16 0/8/8 LAN -secondary serversnetwork-plan: 0.0.6.160 255.255.255.240 YES 16 4/6/12 loopback router interfacesnetwork-plan: 0.0.6.176 255.255.255.252 YES 16 2/2/2 router WAN ports (x 8 lines )
– detailed, efficient and accurate
Addressing plan
AddressingPlan
Questions ?
Material available at: www.apnic.net/training/recent/
Checkpoint question
• What factors are important to consider when putting together an
addressing plan?
1. Components of network(Customer services/ISP internal infrastructure)
2.Phases of deployment(Starting off, 6 months, 12 months)
3. Equipment and topology changes
Need for redundancy, Need for increased scale
Internet Registry Procedures
ISP Request
IP Growth in Asia Pacific
Last Update Jan 2004
0
16
32
48
64
80
96
112
128
144
160
176
Jan-96 Jan-97 Jan-98 Jan-99 Jan-00 Jan-01 Jan-02 Jan-03 Oct-03
Mil
lio
ns
OtherTWTHSGPKPHNZMYKRJPINIDHKCNAUAP
IPReq
ISP address request
• Hostmaster Administrivia– <[email protected]> mailbox filtered
• Requires member account name– Subject: IP Address Request [CONNECT-AU]
• Ticketing system– Every request is assigned a ticket
• Please keep # in subject line of email eg.– [APNIC #14122] [CHINANET-CN]
• New staff at ISP– Require an ‘introduction’ to APNIC
• To ensure confidentiality
membersonly
ISPReq
ISP address request
More documentationand clarification by Member
no Member has
completed documentation?
Step 1
yes
Evaluation ofrequest by
APNIC - OK?
Step 2
yes
update localrecords
update APNICdatabase
NotifyMember
Step 3
Allocation by APNIC
no
Life Cycle
ISPReq
ISP address request - Overview
• Contact Details• Network Information• Existing Customer Network Information• Existing Infrastructure Network Information• Future Network Plan• Additional Information
ISPReq
ISP address request
ISPReq
http://www.apnic.net/services/ipv4/
APNIC – ISP Address Request
[Help] [Error messages] [Text only version]
Jeff BrightYour name: You must be registered with APNIC as a
contact person for this organisation.
Your email address:
APNIC account name:Example: SPARKYNET-ID
Create a password for this request:(8 characters)
Confirm password:
WEBNET-AU
APNIC will use these contact details for all correspondence relating to this request. Please enter the APNIC account name of the organisation that requires the address space.
*********
*********
2. contact 3. network 4. connect 5. config 6. customer 7. infra 8. plan 9. comments 10 confirm1. applicant
Applicant information
Cancel Next
Must be current
member to receive service
http://www.apnic.net/services/ipv4/
APNIC – ISP Address Request
[Help] [Error messages] [Text only version]
Jeff BrightYour name: You must be registered with APNIC as a
contact person for this organisation.
Your email address:
APNIC account name:Example: SPARKYNET-ID
Create a password for this request:(8 characters)
Confirm password:
WEBNET-AU
APNIC will use these contact details for all correspondence relating to this request. Please enter the APNIC account name of the organisation that requires the address space.
*********
*********
2. contact 3. network 4. connect 5. config 6. customer 7. infra 8. plan 9. comments 10 confirm1. applicant
Applicant information
Cancel Next
APNIC – ISP Address Request
[Help] [Error messages] [Text only version]
Jeff BrightYour name: You must be registered with APNIC as a
contact person for this organisation.
Your email address:
APNIC account name:Example: SPARKYNET-ID
Create a password for this request:(8 characters)
Confirm password:
WEBNET-AU
APNIC will use these contact details for all correspondence relating to this request. Please enter the APNIC account name of the organisation that requires the address space.
*********
*********
2. contact 3. network 4. connect 5. config 6. customer 7. infra 8. plan 9. comments 10 confirm1. applicant
Applicant information
Cancel Next
Must be current
member to receive service
ISP address request instructions
• Complete the documentation– ISP Address Request Form
• Web Form: – http://www.apnic.net/services/ipv4/
• Plain text– http://ftp.apnic.net/apnic/docs/isp-address-request
• The more detailed and precise– Fewer iterations with APNIC
• Quicker resolution time
• Read the quick tips!http://www.apnic.net/faq/isp-request-tips.html
ISPReq
APNIC-084
Contact details
ISPReq
Administrative & Technical contacts, Maintainer
APNIC – ISP Address Request
The details you enter here will be used as the network contact and security information for the address allocation.
[Help] [Error messages] [Text only version]
Contact details
JB46-AP
Save Cancel Previous Next
Administrative contacts(NIC handles): Example: KX9-AP
Technical contacts(NIC handles):Example: XA7-AP
Maintainer object:Example: MAINTAIN-AP-SPARK
JB46-AP
MAINT-AU-JEFFBRIGHT
1.1. Initial criteria 2. contact 3. network 4. connect 5. config 6. customer 7. infra 8. plan 9. comments 10 confirm1. applicant
APNIC – ISP Address Request
The details you enter here will be used as the network contact and security information for the address allocation.
[Help] [Error messages] [Text only version]
Contact details
JB46-APJB46-AP
Save Cancel Previous NextSave Cancel Previous Next
Administrative contacts(NIC handles): Example: KX9-AP
Technical contacts(NIC handles):Example: XA7-AP
Maintainer object:Example: MAINTAIN-AP-SPARK
JB46-APJB46-AP
MAINT-AU-JEFFBRIGHT
1.1. Initial criteria 2. contact 3. network 4. connect 5. config 6. customer 7. infra 8. plan 9. comments 10 confirm1. applicant
Need to create
maintainer objects
Need to create person objects
help files!
Network name
ISPReq
Description of organisation not entered…
APNIC – ISP Address Request
The details you provide here will be used to identify the proposed network in the APNIC Whois database.
[Help] [Error messages] [Text only version]
Network name
WEBNET
Save Cancel Previous NextSave Cancel Previous Next
1.1 Initial criteria 3. network 4. connect 5. config 6. customer 7. infra 8. plan 9. comments 10 confirm1. applicant
AUSTRALIAAUSTRALIA
Name of network: Example: SPARKYNET
Description of Organisation
Example: SparkyNet, Sdn Bhd, Internet Service Provider, Pinang,
Malaysia
Country: AU
2. contact
Name of network
Description of Organisation
Country
Error description
ISPReq
Error: “Description has not been entered”
APNIC – ISP Address Request
Last modified February 2001 | ©APNIC Pty. Ltd. Comments to: [email protected]
Error #Description
Description has not been entered.For more help, see the Troubleshooting Guide
Continue
Troubleshooting Guide
ISPReq
Error Message How to fix the errorError Message How to fix the error
Troubleshooting guide for the APNIC IPv4 ISP Request Form
http://www.apnic.net/info/faq/troubleshooting.html
APNIC – ISP Address Request
The details you provide here will be used to identify the proposed network in the APNIC Whois database.
[Help] [Error messages] [Text only version]
Network name
WEBNET
Save Cancel Previous NextSave Cancel Previous Next
Brisbane, AustraliaInternet Service Provider(A webhosting company)
Brisbane, AustraliaInternet Service Provider(A webhosting company)
1.1 Initial criteria 3. network 4. connect 5. config 6. customer 7. infra 8. plan 9. comments 10 confirm1. applicant
AUSTRALIAAUSTRALIA
Name of network: Example: SPARKYNET
Description of Organisation
Example: SparkyNet, Sdn Bhd, Internet Service Provider, Pinang,
Malaysia
Country: AU
2. contact
Description of organisation
ISPReq
Name of network, Description of Org., Country
Description of Organisation
APNIC – ISP Address Request
The information you provide here describes certain aspects of how the network connects to the Internet.
[Help] [Error messages] [Text only version]
Internet Connectivity
Save Cancel Previous NextSave Cancel Previous Next
1.1 Initial criteria 4. connect 5. config 6. customer 7. infra 8. plan 9. comments 10 confirm1. applicant
Internet connectivity type:
Connection Providers:
2. contact
Peering-pointService providerOther
3. network
Connect-provider-1Connect-provider-2
Internet Connectivity
ISPReq
Internet connectivity type, Connection providers
Topologicalinformation
Connection providers
APNIC – ISP Address Request
The information you provide here will help APNIC to understand certain aspects of the planned network. Depending on the options selected, APNIC may require more information to ensure compliance with the best current practice
[Help] [Error messages] [Text only version]
Planned network configuration
Save Cancel Previous Next
1.1 Initial 5. 6. 7. 8. 9. 10. 11.criteria config customer infra cable future comments confirm1. applicant
Indicate the following configurations to be supported by this network:
2. contact
Supernets
Subnets
All 0s subnet
All 1s subnet
3. network 4. connect
APNIC – ISP Address Request
The information you provide here will help APNIC to understand certain aspects of the planned network. Depending on the options selected, APNIC may require more information to ensure compliance with the best current practice
[Help] [Error messages] [Text only version]
Planned network configuration
Save Cancel Previous NextSave Cancel Previous Next
1.1 Initial 5. 6. 7. 8. 9. 10. 11.criteria config customer infra cable future comments confirm1. applicant
Indicate the following configurations to be supported by this network:
2. contact
Supernets
Subnets
All 0s subnet
All 1s subnet
3. network 4. connect
Network configuration
ISPReq
Supernets, Subnets, All 0s subnet, All 1s subnet…
Expectation is
‘classless’
Existing customer network
ISPReq
Existing customer networkExisting customer network
Name
Address
Mask
Hosts now
Hosts in 6 months
Hosts in 1 year
Subnets nowSubnets in 6
monthsSubnets in 1 year
Date assigned
How to complete this pageThere are two options for completing this section:
1. Use the form to build up your information, line by line
Use the fields on the left of the form to specify the required elements for each line.
When you have completed the fields, click "Add Information" to transfer that line to the text box in the correct format.
Repeat this process for each line required.
2. Upload a text file If you have a text file on a local drive, which
describes this information in the correct format, you may click "Upload Text File"
Follow the prompts to locate the file and attach it to this request form;
Only text files may be uploaded in this section.
Add informationUpload Text File
Browse…
CUST-NET1
203.108.131.8
255.255.255.248
4
4
6
1
1
1
20030101
CUST-NET1 203.108.131.8 255.255.255.248 4/6/6 1/1/1 20030101 Upload text file
Instructions
Add information
ISP address request evaluation
• ‘Customer network’ fields
Registration– Check all customer assignments are in the APNIC
‘whois’ database accurately
Policy– Prefix distribution of all customer assignments– ‘Classless’ assignments NOT on /24 boundaries
ISPReq
Existing network infrastructure information
Existing network infrastructure
ISPReq
Address, Mask, Connect, Max, Hosts now, 6m, 1yr, description
AddressMask
Connect
MaxHosts now
Hosts in 6mHosts in 1 yr
Detailed descrof subnet
Add information
Upload text file
New cable/DSL services
ISPReq
APNIC – ISP Address Request
Use this section to indicate whether you are establishing a new cable or DSL service.
[Help] [Error messages] [Text only version]
Allocations for cable/DSL service providers
Save Cancel Previous NextSave Cancel Previous Next
1.1 Initial 8. 9. 10. 11.criteria cable future comments confirm
1. applicant
Is the address space you are requesting now required for establishing a new cable or DSL service?
2. contact 3. network 4. connect 5. config 5. customer 7. infra
Yes
No
APNIC – ISP Address RequestNew Cable/DSL service – Bootstrap criteria
APNIC – ISP Address RequestNew Cable/DSL service – Bootstrap criteria
New cable/DSL services
ISPReq
Use the form to build your CMTS details…
Instructions
Apply the “new
cable/DSL bootstrap criteria”?
Details of CMTS
equipment
Future network plan
IP require-ment
(max, now, in 6 months
in 1 year
Future network plan
ISPReq
Address, Mask, Connect, IP requirement, description
Infra-structure & Projections
ISP request evaluation
• ‘Infrastructure’ & ‘network-plan’ fields• Policy
– Technical descriptions are detailed enough so APNIC can understand why subnet size was chosen
– Do customer projections match infrastructure plans?
– Efficient subnet assignments
• ‘Best current practice’– Name based virtual web hosting– Dynamic dial up
» More on this to follow...
ISPReq
Additional CommentsAdditional Comments
Additional comments
ISPReq
Upload Text File
Additional info - topology & deployment
• POP topology• Diagrams showing network design• Diagrams showing POP design
– does network/POP topology description correlate with addressing plan and current infrastructure?
– larger requests will require additional documentation
• Deployment plan• Give details of phases of deploying equipment
– does deployment plan match information in network-plan fields?
ISPReq
Additional info- equipment and services
• Equipment and services• Specifications, number of ports
– information that cannot fit onto fields of form
• Details of how implement services– explain acronyms or special services
• Miscellaneous• Anything not covered by the form, anything
unusual– supplementary information very useful to the
hostmaster when evaluating your request
ISPReq
APNIC – ISP Address RequestConfirm details
APNIC – ISP Address RequestConfirm details
Please check your information:
Your name:Your email address:
Account name:Admin Contact Handles:
Technical Contact Handles:Maintainer:
Netname:Description:
Country:Connectivity:
Connection Providers:Do you support:
Jeff Brightjbright@webnet.comwebnet-auJB46-APJB46-APMAINT-AU-JEFFBRIGHTWEBNETBrisbane, Australia, Internet Service Provider (a web hosting company)AUPeering-point: NoService-provider: YesOther: NoConnect-Provider-1 Connect-Provider-2Supernets YesSubnets YesAll 0s YesAll 1s Yes
Confirm details
ISPReq
Check your information!
ISP address request- Checklist
All fields are syntactically correct Supplied documentation correct
• format defined in the APNIC-084
Provided all IP addresses currently heldUpdated all customer assignments in DB
• Deleted objects that are no longer valid
http://www.apnic.net/info/faq/isp_checklist.html
ISPReq
ISP address request- parsing
ISPReq
Successful parsing of ISP Request
APNIC – ISP Address RequestAPNIC – ISP Address Request
“warnings”below 80% utilisation of available IP addresses
You have successfully parsed and analysedyour ISP Request
Save Cancel Previous NextSave Cancel Previous Next
Asia Pacific Network Information Centre
ISP address request- submission
ISPReq
APNIC – ISP Address RequestSubmit ISP Request
Your ISP Request has been submittedYour ISP Request has been submitted
Asia Pacific Network Information Centre
Questions ?
Material available at: www.apnic.net/training/recent/
Checkpoint question
• The ISP request form is used for requesting an allocation from APNIC… but what is an allocation?
A block of address space held by an IR (or downstream ISP) for subsequent allocation or
assignment
Evaluation by APNIC- Virtual web hosting
• Name based hosting – ‘Strongly recommended’
• Use ‘infrastructure’ field to describe web servers
• IP based hosting– Permitted on technical grounds
– SSL, virtual ftp..
– Use ‘infrastructure’ field to describe web servers
– Special verification for IP based– If more than /22 used for this purpose
– Requestor must send list of URLs of virtual domain and corresponding IP address
ISP Req- Eval
Cable, DSL services
• 1:1 contention ratio• Can be either statically or dynamically assigned• Means 1 IP address per customer
• Greater than 1:1 contention ratio• Preferred because conserves address space
• Choice of addressing is optional for members • dynamic addressing is encouraged
• Verification for DSL Services– Equipment details
• Ex: BRAS, Number of ports– Purchase receipts
ISP Req- Eval
Customer assignments
• Customer growth estimation– The invoice for the additional CMTS purchased
for the expansion
• Required to report customer assignments greater than /30– Through second opinion process– Register the assignment in APNIC whois
database
ISP Req- Eval
Residential networks
• For residential networks– Do not need to register on-site admin-c,
ISP’s technical contact can be used
• Cable, DSL services– Special verification for 1:1 (permanently
on-line)• For anything over a /22 in total, verification
through customer list for random head-ends or other alternative
ISP Req- Eval
Evaluation by APNIC- Summary
• All address space held should be documented
• Check other RIR, NIR databases for historical allocations
• ‘No reservations’ policy• Reservations may never be claimed• Fragments address space• Customers may need more or less address
space than is actually reserved
ISP Req- Eval
First allocation
• Must meet criteria• (discussed in policy section)
• Requires clear detailed and accurate request
• Implementation of ‘Best Current Practice’• Efficient assignments planned• Always a /20 ‘slow start’
• Exceptions made for very large networks but not common
IPReq
APNIC 17 Consensus
/21
Subsequent allocations
• 80% overall utilisation• Unless large assignment pending
• Demonstrated conservative assignments
• Correct customer registrations in db• Need to fix inconsistencies before next allocation
• Allocation size to cover 1 year need• Based on previous utilisation rate
• Contiguous allocation not guaranteed• But every effort made
ISP Req- Eval
APNIC approval
ISP Req- Eval
Dear xxxx
I am pleased to advise you that in response to your request for Internet resources, APNIC has allocated the following range of IPv4 addresses to the organisation below. ** IMPORTANT THINGS TO KNOW **
1. The address range allocated to your organisation is portableIf you change transit providers, the address range remains with your organisation. 2. Assignments and sub-allocations from this address range to customers are non-portable Customers who cease connectivity with your organisation must return any addresses your organisation has assigned or sub-allocated to them. 3. Assignment Window (AW)If the amount of address space your organisation wishes to assign or sub-allocate to a customer is greater than your assignment window then please email <[email protected]> for approval. For more information on APNIC's new policy on sub-allocating space to customers, see: http://www.apnic.net/meetings/14/results.html
4. AggregationThis new allocation should, wherever technically possible, be aggregated with any other address ranges the organisation announces to its upstream or transit ISP.
5. No guarantee of routabilityAPNIC cannot guarantee that any address space will be globally routable.
APNIC expectation:Announce
allocation as single
aggregate
Assignments & sub-
allocations are non-portable
Allocation object & contacts
person: Santosh Desaiaddress: Rolta Center II, MIDC, Andheri,address: Mumbai-400 093country: INphone: +91-22-832 7708fax-no: +91-22-836 5992e-mail: [email protected]: SD34-APmnt-by: MAINT-IN-SANTOSHDESAIchanged: [email protected] 20000526source: APNIC
person: Vinay Sawarkaraddress: Rolta Center II, MIDC, Andheri,address: Mumbai-400 093country: INphone: +91-22-832 7708fax-no: +91-22-836 5992e-mail: [email protected]: VS9-APmnt-by: MAINT-IN-SANTOSHDESAIchanged: [email protected] 20000526source: APNIC
inetnum: 202.60.128.0 - 202.60.159.255netname: ROLTANETdescr: Rolta India Limiteddescr: Rolta Center IIdescr: MIDC Maroldescr: Andheri(East)- Mumbai-400 093country: INadmin-c: VS9-APtech-c: SD34-APmnt-by: APNIC-HMmnt-lower: MAINT-IN-SANTOSHDESAIchanged: [email protected] 19990323status: ALLOCATED PORTABLEsource: APNIC
Contacts for network
ISP Req- Eval
Questions ?
Material available at: www.apnic.net/training/recent/
Checkpoint question
• How much address space do I have to have used in my allocation before I request a new allocation?
80%
Internet Registry Procedures
IP Address Management
Revision of routing protocols
Interior Gateway Protocol (IGP)– Examples are OSPF, EIGRP, ISIS– Used to find optimum route to a host in ISP
network– Convergence becomes important with scaling
Border Gateway Protocol (BGP)– Can be interior (iBGP) and exterior (eBGP)– Used to carry traffic across your network and
to/from the Internet– Can use BGP attributes for routing policy
IP Mgmt
Principles of addressing
• Separate customer & infrastructure address pools
– Manageability• Different personnel manage infrastructure
and assignments to customers
– Scalability• Easier renumbering - customers are difficult,
infrastructure is relatively easy
IP Mgmt
Principles of addressing
• Further separate infrastructure– ‘Static’ infrastructure examples
• RAS server address pools, CMTS• Virtual web and content hosting LANs• Anything where there is no dynamic route
calculation
• Customer networks• Carry in iBGP , do not put in IGP
– No need to aggregate address space carried in iBGP
– Can carry in excess of 100K prefixes
IP Mgmt
Hierarchy of routing protocols
BGP4 (iBGP)& OSPF/ISIS
Other ISPs
CustomersLocalNAP
eBGP Static/eBGP
BGP4 (eBGP)
FDDI
ISP Internal Network
IP Mgmt
Management - simple network
• First allocation from APNIC– Infrastructure is known, customers are
not– 20% free is trigger for next request
– Grow usage of blocks from edges– Assign customers sequentially
20%Customers p2p
Infrastructure
loo
ps
IP Mgmt
Management - simple network
• If second allocation is contiguous
– Reverse order of division of first block– Maximise contiguous space for
infrastructure• Easier for debugging
– Customer networks can be discontiguous
Customers Infrastructure 20%Infrastructure Customers
1st allocation 2nd allocation
IP Mgmt
Management - many POPs
• WAN link to single transit ISP
Server
POP1
POP2POP3
IP Mgmt
• POP sizes– Choose address pool for each POP according to need
– Loopback addresses• Keep together in one block• Assists in fault-resolution
– Customer addresses • Assign sequentially
Management - many POPs
Infrastructure
POP 1 POP2
loopbacks
Customer
IP Mgmt
Management - many POPs
• /20 minimum allocation not enough for all your POPs?– Deploy addresses on infrastructure first
• Common mistake:– Reserving customer addresses on a per POP
basis
• Do not constrain network plans due to lack of address space– Re-apply once address space has been used
IP Mgmt
Questions ?
Material available at: www.apnic.net/training/recent/
Checkpoint question
• Why doesn’t it make sense to carry the customer addresses in my IGP?
By carrying the customer assignments in iBGP, there is no need to aggregate them. (iBGP can easily handle these
routes.) The IGP should be kept small to optimise network performance and
convergence time
Assignment and sub-allocation procedures
Assignment Window &
2nd Opinion process
Second opinion request
• Assignment Window
• Second Opinion Request Form
• Evaluation
What is an Assignment Window?
“The amount of address space a member may assign without a ‘second opinion’”
• All members have an AW– Starts at zero, increases as member gains experience in
address management
• Second opinion process– Customer assignments require a ‘second-opinion’ when
proposed assignment size is larger than members AW
2nd Opinion
Assignment Window
• Size of assignment window– Evaluated after about 5 2nd-opinion requests– Increased as member gains experience and
demonstrates understanding of policies• Prefix length normally reduced by 1 bit at a time• Assignment window may be reduced, in rare cases
• Why an assignment window?– Monitoring ongoing progress and adherence to
policies– Mechanism for member education
2nd Opinion
Why Assignment Window?
• Motivation– Support the LIR during start up– Standardise criteria for request evaluation– Familiarise the LIR with APNIC policies– Ensure accurate data is being kept– Treat everyone fairly
FAQ • http://www.apnic.net/faq/awfaq.html
2nd Opinion
Request < AW?Request < AW?
APNIC APNIC approvesapproves request?request?
Member updates local Member updates local records & DB & records & DB &
makes assignmentmakes assignment
YesYes
Member adds comments Member adds comments & recommendations & sends to& recommendations & sends to
[email protected]@apnic.net
NoNo
Step 1 - Member and customer complete 2nd Opinion Request formStep 1 - Member and customer complete 2nd Opinion Request form
Step 3 - Assignment Window procedureStep 3 - Assignment Window procedure
Step 2 - Member evaluates customers requirements Step 2 - Member evaluates customers requirements iterationiteration
NoNo YesYes
Assignment window process
2nd Opinion
Second opinion request form
Used to seek approval for:– IPv4 assignments & sub-allocations– Multiple/additional IPv6 /48s to a single
customer
Before you start:– Separate form for each request– Help buttons available– Form can be saved by use of password
2nd Opinion
Overview of 2nd opinion formApplicant information
Type of request
Network name
Future network plan
Customer’s existing networkCustomer assignments to end-sites
Sub-allocation infrastructure
Additional information
Confirm details
Contact details, password
IPv6 / IPv4, Assignment / Sub-allocation
Network name, description, countryPlanned IP usage
IPs held by customerIPs held by customer & customer’s customers
IPv4 Sub-allocations IPv4/IPv6 Assignments
Any additional info that may aid the evaluation
Check your details
2nd Opinion
Your name:
Your email address:
APNIC account name: Examples: Non-member: SPARKYNET-NON-IDMember example: SPARKYNET-ID
Your relationship to organisation applying for membership:
Please choose one
Create a password for this request:
Confirm password: (min. 8 characters)
APNIC second opinion requestApplicant information
http://www.apnic.net/apnic-bin/second-opinion-form.pl
Cancel Next
Applicant information
2nd Opinion
http://www.apnic.net/apnic-bin/second-opinion-request.pl
Help buttons
Password allowssaving work
Type of second opinion request
2nd Opinion
APNIC second opinion requestType of second opinion request
Which IP version do you wish to request?
Which type of second opinion are you requesting?
Address prefix requested: /26
IPv4IPv6
Assignment (IPv4 or IPv6)
Select this if you are distributing IP addresses for the end user’s infrastructure
Sub-allocation (IPv4 only)
Select this if you are distributing IP addresses to an organisation that will further distribute the address space to their end users.
IPv4 example: /26IPv6 example: /47
Save Cancel Previous Next
Network name
2nd Opinion
APNIC second opinion requestNetwork nameThe details you provide here will be used to identify the proposed network in the APNIC Whois Database
Name of network:
Description of organisation:
Country: Select a country
Select a Country
Example: SparkyNet, Sdn Bhd, Indonesia
Example: SPARKYNET
Save Cancel Previous Next
APNIC second opinion requestFuture network plan
Size ofplanned subnet:
Deploy now:
Deploy within6 months:
Deploy within1 year:
Detailed description of
subnet:
Example: 0.0.0.0/28
Example: /29
Example: /29
Example: /28
Example: web hosting facility
Future network plan
Upload text file
Add information
Instructions0.0.0.0/28
/29
/29
/28
web hosting facility
0.0.0.0/28 /29 /29 /28 web hosting facility
2nd Opinion
Customer’s existing network- IPv4 assignment request
Actual start address assigned:
Total prefix sizeof subnet:
Description of subnet:
Example: 202.5.10.0
Example: /29
Example: 1 router and 4 workstations
APNIC second opinion requestCustomer’s existing network
202.5.10.0 /29 1 router and 4 workstations
2nd Opinion
202.5.10.0
/29
1 router and 4 workstations
All previousassignments
- Check whois db
Upload text file
Add information
Customer’s assignments to end-sites
• Sub Allocation Request
Actual start address assigned:
Total prefix sizeof subnet:
Description of subnet:
Example: 202.12.28.0
Example: /29
Example: FOO-AP
Customer’s assignments to end-sitesAPNIC second opinion request
Customer’s (downstream provider’s) customers
Add information
Sub-allocation infrastructure
• Sub-Allocation Request
Sub-allocation infrastructureAPNIC second opinion request
Actual start address
assigned:
Total prefix assigned to the infrastructure:
Description of subnet:
Example: 202.12.28.0
Example: /27
Example: server farm
Customer’s (downstream provider’s)
infrastructure
Add information
Additional information
2nd Opinion
APNIC second opinion requestAdditional information
network topology diagrams detailed explanations of the address space usage and subnetting plans
Network designNetwork topologyDeployment plan
Equipment Services
Renumbering Explanations
etc
Upload File
Confirm details & submit
APNIC second opinion requestConfirm details
Submit
APNIC second opinion requestSubmit request
Your request has been submitted
Please check your information:
Your name:Your email address:
Account name:Your relationship to organisation
requesting second opinion:Address type:Request type:
Prefix second opinion requested for:Netname:
Description:Country code:Network plan:
Customer's existing network:
Ky [email protected] / Manager
IPv4Assignment/27SparkyNet, Sdn Bhd, IndonesiaID0.0.0.0/28 /29 /29 /28 web hosting facility 0.0.0.0/28 /29 /29 /28 web hosting facility 202.5.10.0 /29 1 router and 4 workstations
• Check your request
• Click Submit
• Confirmation is also sent via email
• Request submitted!
2nd Opinion
2nd opinion evaluation (policy)
• Efficiency– More than 50% used in any one subnet?– Can different subnet sizes be used?– More than 80% used for previous assignment?
• Stockpiling– Is all address space held declared on form?– Has organisation obtained address space from
more than one member/ISP?
• Registration– Is previous assignment in APNIC database and
are they correct and up to date?
2nd Opinion
2nd opinion evaluation
• APNIC & Member evaluation – Should be the same
• If NO, APNIC will ask member to obtain more information
– iterative process
• If YES, APNIC approves 2nd opinion request
2nd Opinion
2nd opinion request approval
Dear XXXXXXX,
APNIC has approved your "second opinion" request to make the following assignment:
[netname]
[address/prefix]
* Please ensure that you update the APNIC whois database to register this assignment before informing your customer or requesting reverse DNS delegation. Do this using the form at:
http://www.apnic.net/apnic-bin/inetnum.pl
Important:
Unregistered assignments are considered as "unused"
2nd Opinion
Customer assignment
• Member updates internal records– Select address range to be assigned– Archive original documents sent to APNIC– Update APNIC database
• Clarify status of address space – APNIC requirement is ‘Non portable’ – ‘Portable’ assignments are made by APNIC only
with the end-user request form• Organisation must have technical requirement
2nd Opinion
Questions ?
Material available at: www.apnic.net/training/recent/
Checkpoint question
• Do all customer assignments need to be registered in the APNIC
whois Database…?
Yes. (This can now be easily managed
through myAPNIC.)
The APNIC Database
Protection and Updating
DB 2
Database protection- maintainer object
mntner: MAINT-WF-EXdescr: Maintainer for ExampleNet Service Providercountry: WFadmin-c: ZU3-APtech-c: KX17-APupd-to: [email protected]: [email protected]: CRYPT-PW apHJ9zF3omnt-by: MAINT-WF-EXreferral-by: MAINT-APNIC-APchanged: [email protected] 20020731source: APNIC
DB 2
• protects other objects in the APNIC database
Creating a maintainer object
1. Fill out webform– Provide:
• Admin-c & tech-c• password• email address etc
2. Completed form will be sent to you
3. Forward request to [email protected]
4. Maintainer will be created manually• Manual verification by APNIC Hostmasters
5. Update your person object with mntner
http://www.apnic.net/services/whois_guide.html
Database protection
• Authorisation– “mnt-by” references a mntner object
• Can be found in all database objects• “mnt-by” should be used with every object!
• Authentication– Updates to an object must pass
authentication rule specified by its maintainer object
DB 2
Authorisation mechanism
mntner: MAINT-WF-EXdescr: Maintainer for ExampleNet Service Providercountry: WFadmin-c: ZU3-APtech-c: KX17-APupd-to: [email protected]: [email protected]: CRYPT-PW apHJ9zF3omnt-by: MAINT-WF-EXchanged: [email protected] 20020731source: APNIC
inetnum: 202.137.181.0 – 202.137.185.255netname: EXAMPLENET-WFdescr: ExampleNet Service Provider……….mnt-by: MAINT-WF-EX
DB 2
Maintainer specific attributes
• mnt-nfy:• Sends notification of any changes to
maintained objects to email address specified
• mnt-by:• Maintainers must also be protected!
(Normally by themselves)
• auth:• Authentication method for this maintainer
DB 2
Authentication methods
• ‘auth’ attribute – Crypt-PW
• Crypt (Unix) password encryption• Use web page to create your maintainer
– PGP – GNUPG• Strong authentication• Requires PGP keys
– MD5• Strong authentication• Simple to use
DB 2
Mnt-by & mnt-lower
• ‘mnt-by’ attribute• Can be used to protect any object• Changes to protected object must satisfy authentication rules of
‘mntner’ object.
• ‘mnt-lower’ attribute • Also references mntner object• Hierarchical authorisation for inetnum & domain objects• The creation of child objects must satisfy this mntner• Protects against unauthorised updates to an allocated range -
highly recommended!
DB 2
Inetnum: 203.146.96.0 - 203.146.127.255 netname: LOXINFO-TH descr: Loxley Information Company Ltd. Descr: 304 Suapah Rd, Promprab,Bangkok country: TH admin-c: KS32-APtech-c: CT2-APmnt-by: APNIC-HM mnt-lower: MAINT-TH-LOXINFOchanged: [email protected] 19990714Status: ALLOCATED PORTABLE source: APNIC
Authentication/Authorisation
– APNIC allocation to member• Created and maintained by APNIC
1. Only APNIC can change this object2. Only Loxinfo can create assignments within this allocation
12
DB 2
Inetnum: 203.146.113.64 - 203.146.113.127 netname: SCC-TH descr: Sukhothai Commercial College Country: TH admin-c: SI10-APtech-c: VP5-APmnt-by: MAINT-TH-LOXINFOchanged: [email protected] 19990930Status: ASSIGNED NON-PORTABLE source: APNIC
Authentication/Authorisation
– Member assignment to customer• Created and maintained by APNIC member
Only LOXINFO-IS can change this object
DB 2
Database update process
– Email requests to <[email protected]>– Each request contains an object template
Update Request
Template
Parse
Warnings/Errors returned
Error
Auth. DataBase
Whois Server
DB 2
Database update process
• Update transactions– Create a new object – Change an object– Delete an object
• Updates are submitted by email• E-mail to:
• Email message contains template representing new or updated object
Template
DB 2
Template
Database update - web
• Creates a template through the web form
• Template will be sent to you by email• This should be forwarded to:
– Common error • to reply to the email
– (Adds extra character in front of each line)
http://www.apnic.net/services/whois_guide.html
DB 2
Updating an existing object
• Change relevant fields
• Add your maintainer password
• Update the changed attribute
• Email updated object to:
• Note– Primary keys cannot be modified
DB 2
Deleting an object
– Copy object as-is in database into email– Add your maintainer password– Leave the changed attribute
inetnum: 202.182.224.0 - 202.182.225.255netname: SONY-HK...mnt-by: MAINT-CNS-APchanged: [email protected] 19990617source: APNICpassword: x34zkydelete: no longer required [email protected]
Note: Referenced objects cannot be deleted (02/99)
DB 2
Forgotten the password ?
We do not recommend using personal names for maintainer objects
• Send an e-mail to [email protected] If you are a ‘contact person’ of APNIC • If NOT, requires legal documentation
DB 2
Unfortunately we cannot change the password for the maintainer until we have received a fax with your company’s letterhead confirming the request to modify the password. In the fax, please include the following:
0. Attention: APNIC Database Administration Department
1. The APNIC Account name of your company and your personal nic handle. If you do not have an APNIC account, then please state ‘NON-MEM’.
2. The current maintainer object which is to be modified, as obtained from ‘whois –h whois.apnic.net MAINTAINER-OBJECT’
3. The new password/authorisation for the maintainer.
4. The signature of a contact for the maintainer.
Confirmation by fax
required on company
letter head
Questions ?
Material available at: www.apnic.net/training/recent/
Checkpoint question
• What is the difference between mnt-by and mnt-lower?
- mnt-by protects the object itself.- mnt-lower prevents the unauthorised creation of child objects.
MyAPNIC
Autonomous System Numbers
Procedures
Overview
• What is an AS?
• Guidelines and procedures
• Application form (documentation)
• Policy expression
ASN
What is an Autonomous System?
– Collection of networks with same routing policy
– Usually under single ownership, trust and administrative control
AS 100
ASN
When do I need an ASN?
• When do I need an AS?– Multi-homed network to different
providers and– Routing policy different to external peers
• Recommended reading!– RFC1930: Guidelines for creation,
selection and registration of an Autonomous System
ASN
RFC1930
When don’t I need an ASN?
• Factors that don’t count– Transition and ‘future proofing’ – Multi-homing to the same upstream
• RFC2270: A dedicated AS for sites
homed to a single provider
– Service differentiation• RFC1997: BGP Communities attribute
RFC2270
RFC1997
ASN
Requesting an ASN
• Complete the request form– web form available:
• http://www.apnic.net/db/aut-num.html
• Request form is parsed - real time– Must include routing policy
• multiple import and export lines
– Is checked for syntactical accuracy• based on RPSL (rfc2622)
– Peers verified by querying routing table– [NO-PARSE] will not send request to parser
ASN
RFC2622
Requesting an ASN - Customers
1. Requested directly from APNIC• AS number is “portable”
2. Requested via member• ASN is “non-portable”• ASN returned if customer changes provider
• Transfers of ASNs– Need legal documentation (mergers etc)– Should be returned if no longer required
ASN
What is this form to be used for?This form assists in the creation and maintenance of aut-num objects. The aut-num describes the details of the registered owner of an Autonomous System and their routing policy for that AS. See RFC 2622 for details.
Help completing this form
See the Guide to the APNIC AS Number Request Form.
(* indicates mandatory field.)
Aut-num Object
* Name: eg: Ky XanderThe name of the person completing this form* Name: eg: Ky XanderThe name of the person completing this form
* Account-name: eg: ACME-PHYour APNIC account name* Account-name: eg: ACME-PHYour APNIC account name
* Org-relationship: eg: Consultant (or employee or…)Your APNIC account name* Org-relationship: eg: Consultant (or employee or…)Your APNIC account name
Create Aut-num Object
ASN request form
http://www.apnic.net/apnic-bin/creform.pl
Guide to the ASN request form
ASN
Request form – routing policy
ASN
* Descr:A short description of this object and the eg: Global Transit Inc. Transit ASname of the organisation associated with it. Content Service Provider Tokyo
* Country:Name of the country of the admin-c eg: J P
Import:Routing information your AS will accept from eg: from AS9386 Action pref=100neighbouring Autonomous Systems
from AS1 Action pref=100;accept ANYfrom AS2 Action pref=100;accept ANY
More information regarding RPSL syntax can be found in RFC 2622
Export:generated routing information your AS will eg: to AS9444 Announce THIS-ASsend to peer Autonomous Systems
to AS1 Action pref=100;announce ANYto AS2 Action pref=100;announce ANY
More information regarding RPSL syntax can be found in RFC 2622
Default:If applicable, a description of how default eg: to AS9386 Action pref=10routing policy is applied.
from AS1 Action pref=100;accept ANYfrom AS2 Action pref=100;accept ANY
More information regarding RPSL syntax can be found in RFC 2622
* Descr:A short description of this object and the eg: Global Transit Inc. Transit ASname of the organisation associated with it. Content Service Provider Tokyo
* Descr:A short description of this object and the eg: Global Transit Inc. Transit ASname of the organisation associated with it. Content Service Provider Tokyo
* Country:Name of the country of the admin-c eg: J P* Country:Name of the country of the admin-c eg: J P
Import:Routing information your AS will accept from eg: from AS9386 Action pref=100neighbouring Autonomous Systems
from AS1 Action pref=100;accept ANYfrom AS2 Action pref=100;accept ANY
Import:Routing information your AS will accept from eg: from AS9386 Action pref=100neighbouring Autonomous Systems
from AS1 Action pref=100;accept ANYfrom AS2 Action pref=100;accept ANY
from AS1 Action pref=100;accept ANYfrom AS2 Action pref=100;accept ANY
from AS1 Action pref=100;accept ANYfrom AS2 Action pref=100;accept ANY
More information regarding RPSL syntax can be found in RFC 2622
Export:generated routing information your AS will eg: to AS9444 Announce THIS-ASsend to peer Autonomous Systems
to AS1 Action pref=100;announce ANYto AS2 Action pref=100;announce ANY
Export:generated routing information your AS will eg: to AS9444 Announce THIS-ASsend to peer Autonomous Systems
to AS1 Action pref=100;announce ANYto AS2 Action pref=100;announce ANY
to AS1 Action pref=100;announce ANYto AS2 Action pref=100;announce ANY
to AS1 Action pref=100;announce ANYto AS2 Action pref=100;announce ANY
More information regarding RPSL syntax can be found in RFC 2622
Default:If applicable, a description of how default eg: to AS9386 Action pref=10routing policy is applied.
from AS1 Action pref=100;accept ANYfrom AS2 Action pref=100;accept ANY
Default:If applicable, a description of how default eg: to AS9386 Action pref=10routing policy is applied.
from AS1 Action pref=100;accept ANYfrom AS2 Action pref=100;accept ANY
from AS1 Action pref=100;accept ANYfrom AS2 Action pref=100;accept ANY
from AS1 Action pref=100;accept ANYfrom AS2 Action pref=100;accept ANY
More information regarding RPSL syntax can be found in RFC 2622
aut-num: AS4777as-name: APNIC-NSPIXP2-ASdescr: Asia Pacific Network Information Centredescr: AS for NSPIXP2, remote facilities siteimport: from AS2500 action pref=100; accept ANYimport: rom AS2524 action pref=100; accept ANYimport: from AS2514 action pref=100; accept ANYexport: to AS2500 announce AS4777export: to AS2524 announce AS4777export: to AS2514 announce AS4777default: to AS2500 action pref=100; networks ANYadmin-c: PW35-APtech-c: NO4-APremarks: Filtering prefixes longer than /24mnt-by: MAINT-APNIC-APchanged: [email protected] 19981028source: APNIC
Aut-num object example
POLICYRPSL
ASN
Representation of routing policy
• Routing and packet flows
AS 1 AS 2routing flow
packet flow
packet flow
accepts
announces
announces
accepts
ASN
For AS1 and AS2 networks to communicate• AS1 must announce to AS2• AS2 must accept from AS1• AS2 must announce to AS1• AS1 must accept from AS2
Representation of routing policy
AS 1 AS 2
aut-num: AS1…import: from AS2
action pref=100;accept AS2
export: to AS2 announce AS1
aut-num: AS2…import: from AS1
action pref=100;accept AS1
export: to AS1 announce AS2
Basic concept
“action pref” - the lower the value, the preferred the route
ASN
Representation of routing policy
AS 123 AS4 AS5
AS5
AS10More complex example
• AS4 gives transit to AS5, AS10• AS4 gives local routes to AS123
ASN
Representation of routing policy
AS 123AS 123 AS4AS4 AS5AS5AS5
AS10AS10
import: from AS123 action pref=100; accept AS123
aut-num: AS4
import: from AS5 action pref=100; accept AS5
import: from AS10 action pref=100; accept AS10
export: to AS123 announce AS4
export: to AS5 announce AS4 AS10
export: to AS10 announce AS4 AS5 Not a path
ASN
Representation of routing policy
AS123AS123 AS4AS4
More complex example
• AS4 and AS6 private link1• AS4 and AS123 main transit link2 • backup all traffic over link1 and link3 in event of link2 failure
AS6AS6privatelink1
link3
transit traffic over link2
ASN
Representation of routing policy
AS123AS123 AS4AS4
AS6AS6private link1
link3
AS representation
transit traffic over link2
import: from AS123 action pref=100; accept ANY
aut-num: AS4
import: from AS6 action pref=50; accept AS6
import: from AS6 action pref=200; accept ANY
export: to AS6 announce AS4
export: to AS123 announce AS4
full routing received
ASN
higher cost for backup route
Routing Policy Specification Language
• RPSL– Derived from RIPE-181– Introduced with v3 Database
• 20 August 2002
– “New” object specification language• more expressive syntax• advanced aut-num and routing policy options
– Especially useful in an Internet Routing Registry
ASN
RFC2622
Questions ?
Material available at: www.apnic.net/training/recent/
Checkpoint question
• When do I need an AS number?
An AS number is used when multihoming to two different
providers and when you have a unique routing policy
Reverse DNS Delegation
Registry Procedures
Rev. DNS
Overview
• Reverse DNS Delegation
• APNIC & Member responsibilities
• Reverse network delegations (/16)
• Reverse network delegations (/24)
• Subnet delegations
• Delegation procedures
Rev. DNS
What is ‘Reverse DNS’?
• ‘Forward DNS’ maps names to numbers– svc00.apnic.net -> 202.12.28.131
• ‘Reverse DNS’ maps numbers to names– 202.12.28.131 -> svc00.apnic.net
Rev. DNS
In-addr.arpa
• Hierarchy of IP addresses– Uses ‘in-addr.arpa’ domain
• INverse ADDRess
• IP addresses:– Less specific to More specific
• 210.56.14.1
• Domain names: – More specific to Less specific
• delhi.vsnl.net.in
– Reversed in in-addr.arpa hierarchy• 14.56.210.in-addr.arpa
Rev. DNS
whois
Root DNSRoot DNS
Reverse DNS delegation
net edu com au
whois
apnic
202 203 210 211..202
2222
in-addr
arpa
6464
22.64 .in-addr.202 .arpa
Rev. DNS
- Mapping numbers to names - ‘reverse DNS’
Reverse DNS - why bother?
• Service denial• That only allow access when fully reverse
delegated eg. anonymous ftp
• Diagnostics• Assisting in trace routes etc
• Registration• Responsibility as a member and Local IR
Rev. DNS
APNIC & Member responsibilities
• APNIC– Manage reverse delegations of address block
distributed by APNIC – Process members requests for reverse
delegations of network allocations
• Members– Be familiar with APNIC procedures– Ensure that addresses are reverse-mapped– Maintain nameservers for allocations
• Minimise pollution of DNS
Rev. DNS
Reverse delegation requirements
• /24 Delegations• Address blocks should be assigned/allocated• At least two name servers
• /16 Delegations• Same as /24 delegations• APNIC delegates entire zone to member• Recommend APNIC secondary zone
• < /24 Delegations• Read “classless in-addr.arpa delegation”
RFC2317
Rev. DNS
Delegation procedures
• Upon allocation, member is asked if they want /24 place holder domain objects with member maintainer– Gives member direct control
• Standard APNIC database object, – can be updated through online form or via email.
• Nameserver/domain set up verified before being submitted to the database.
• Protection by maintainer object– (current auths: NONE, CRYPT-PW, PGP).
• Zone file updated 2-hourly
Rev. DNS
Example ‘domain’ object
domain: 124.54.202.in-addr.arpa
descr: co-located server at mumbai
country: IN
admin-c: VT43-AP
tech-c: IA15-AP
zone-c: IA15-AP
nserver: dns.vsnl.net.in
nserver: giasbm01.vsnl.net.in
mnt-by: MAINT-IN-VSNL
changed: [email protected] 20010612
source: APNIC
Rev. DNS
Delegation procedures – request form
• Complete the documentation• http://www.apnic.net/db/domain.html
• On-line form interface– Real time feedback– Gives errors, warnings in zone configuration
• serial number of zone consistent across nameservers• nameservers listed in zone consistent
– Uses database ‘domain’ object• examples of form to follow..
Rev. DNS
Reverse DNS request form
Create Domain Object
What is this form to be used for?This form assists in the creation and maintenance of domain objects. The domain class:
(* indicates mandatory field)
An admin-c must be someone physically located at the site of the network.
*Domain:
Country:
*Descr:
*Admin-cList the NIC handles for the administrative contacts(admin-c). Other text eg: DNS4-AP
please change this field – This isadded byhttp://www.apnic.net/db/domain.htmlThe reverse delegation xone for the
Domain Object
Create Domain Object
What is this form to be used for?This form assists in the creation and maintenance of domain objects. The domain class:
(* indicates mandatory field)
An admin-c must be someone physically located at the site of the network.
*Domain:
Country:
*Descr:
*Admin-cList the NIC handles for the administrative contacts(admin-c). Other text eg: DNS4-AP
please change this field – This isadded byhttp://www.apnic.net/db/domain.htmlThe reverse delegation xone for the
Domain ObjectWhat is this form to be used for?This form assists in the creation and maintenance of domain objects. The domain class:
(* indicates mandatory field)
An admin-c must be someone physically located at the site of the network.
*Domain:
Country:
*Descr:
*Admin-cList the NIC handles for the administrative contacts(admin-c). Other text eg: DNS4-AP
please change this field – This isadded byhttp://www.apnic.net/db/domain.htmlThe reverse delegation xone for the
please change this field – This isadded byhttp://www.apnic.net/db/domain.htmlThe reverse delegation xone for the
please change this field – This isadded byhttp://www.apnic.net/db/domain.htmlThe reverse delegation xone for the
Domain Object
Request form
*Nserver
Notify:
*Mnt-by:
*PasswordYou must supply a password for one of the maintainers listed in this field
Mnt-lower:
MAINT-WF-EX
This email address will be notifiedby the APNIC database when thisobject changes.
Remarks:
dns.vsnl.net.ingiasbm01.vsnl.net.in
This stops ad-hoc additions beneath this zone
*Nserver
Notify:
*Mnt-by:
*PasswordYou must supply a password for one of the maintainers listed in this field
Mnt-lower:
MAINT-WF-EX
This email address will be notifiedby the APNIC database when thisobject changes.
Remarks:
dns.vsnl.net.ingiasbm01.vsnl.net.in
This stops ad-hoc additions beneath this zone
*Nserver
Notify:
*Mnt-by:
*PasswordYou must supply a password for one of the maintainers listed in this field
Mnt-lower:
MAINT-WF-EXMAINT-WF-EXMAINT-WF-EX
This email address will be notifiedby the APNIC database when thisobject changes.
This email address will be notifiedby the APNIC database when thisobject changes.
This email address will be notifiedby the APNIC database when thisobject changes.
Remarks:
dns.vsnl.net.ingiasbm01.vsnl.net.indns.vsnl.net.ingiasbm01.vsnl.net.indns.vsnl.net.ingiasbm01.vsnl.net.in
This stops ad-hoc additions beneath this zoneThis stops ad-hoc additions beneath this zoneThis stops ad-hoc additions beneath this zone
Evaluation
• Parser checks for– ‘whois’ database
• IP address range is assigned or allocated• Must be in APNIC database
– Maintainer object• Mandatory field of domain object
– Nic-handles• zone-c, tech-c, admin-c
Rev. DNS
Evaluation
• Nameserver checks– Minimum 2 nameservers required – Check serial versions of zone files are
the same– Check NS records in zones are the
same as listed on form– Nameserver can resolve itself, forward
and reverse
Rev. DNS
Online errors (also via email)
Rev. DNS
Please wait while your request is processed.Parsing and validating your submission …
Errors encounteredYour update request was unable to be completed due to the following errors. Please correct them and try again. If the error is temporary in nature, correct the error and ‘Reload’ this page (possibly this frame).
• *ERROR*. SOA on “ns.apnic.net” does not match SOA on “svc00.apnic.net”. All nserversmust respond with the same SOA.
• *ERROR*. NS RR for ns.telstra.net found on svc00.apnic.net but not in supplied template.
• *ERROR*. NS RR for ns.telstra.net found on svc00.apnic.net but not in supplied template.
• *ERROR*. NS RR for ns.telstra.net found on ns.apnic.net but not in supplied template.
• *ERROR*. NS RR for ns.telstra.net found on ns.apnic.net but not in supplied template.
• *ERROR*. cross-check of listed NS RR failed.
Please wait while your request is processed.Parsing and validating your submission …
Errors encounteredYour update request was unable to be completed due to the following errors. Please correct them and try again. If the error is temporary in nature, correct the error and ‘Reload’ this page (possibly this frame).
• *ERROR*. SOA on “ns.apnic.net” does not match SOA on “svc00.apnic.net”. All nserversmust respond with the same SOA.
• *ERROR*. NS RR for ns.telstra.net found on svc00.apnic.net but not in supplied template.
• *ERROR*. NS RR for ns.telstra.net found on svc00.apnic.net but not in supplied template.
• *ERROR*. NS RR for ns.telstra.net found on ns.apnic.net but not in supplied template.
• *ERROR*. NS RR for ns.telstra.net found on ns.apnic.net but not in supplied template.
• *ERROR*. cross-check of listed NS RR failed.
Verifying your authorisation ….Your maintainer uses the ‘CRYPT-PW’ or ‘NONE’ authorisation schema. Attempting to submit your request directly to the database.
Update resultsConnection closed.
% Rights restricted by copyright. See http://www.apnic.net/db/dbcopyright.htmlUpdate FAILED: [domain] 174.202.in-addr-arpa
domain: 174.202.in-addr.arpadescr: in-addr.arpa zone for 202.174/16admin-c: DNS3-APtech-c: DNS3-APzone-c: DNS3-APnserver: ns.apnic.netnserver: svc00.apnic.netmnt-by: MAINT-AP-DNS-DEFAULTchanged: [email protected] 20000215source: APNIC*ERROR*: authorisation failed, request forwarded to maintainer
Processing completed
Verifying your authorisation ….Your maintainer uses the ‘CRYPT-PW’ or ‘NONE’ authorisation schema. Attempting to submit your request directly to the database.
Update resultsConnection closed.
% Rights restricted by copyright. See http://www.apnic.net/db/dbcopyright.htmlUpdate FAILED: [domain] 174.202.in-addr-arpa
domain: 174.202.in-addr.arpadescr: in-addr.arpa zone for 202.174/16admin-c: DNS3-APtech-c: DNS3-APzone-c: DNS3-APnserver: ns.apnic.netnserver: svc00.apnic.netmnt-by: MAINT-AP-DNS-DEFAULTchanged: [email protected] 20000215source: APNIC*ERROR*: authorisation failed, request forwarded to maintainer
Processing completed
Request submission error
Rev. DNS
Update failed
Authorisation failed
Please wait while your request is processed.
Parsing and validating your submission …
Warnings generated•Verifying your authorisation …. Your maintainer uses the ‘CRYPT-PW’ or ‘NONE’ authorisation schema. Attempting to submit your request directly to the database.
Update results
Connection closed.% Rights restricted by copyright. See http://www.apnic.net/db/dbcopyright.htmlUpdate OK: [domain] 174.202.in-addr.arpa
Processing completed.
Please wait while your request is processed.
Parsing and validating your submission …
Warnings generated•Verifying your authorisation …. Your maintainer uses the ‘CRYPT-PW’ or ‘NONE’ authorisation schema. Attempting to submit your request directly to the database.
Update results
Connection closed.% Rights restricted by copyright. See http://www.apnic.net/db/dbcopyright.htmlUpdate OK: [domain] 174.202.in-addr.arpa
Processing completed.
Successful update
Rev. DNS
Update ok!
Use of maintainer object
• Domain objects protected by maintainers• hierarchical protection using “mnt-lower”
• Bootstrap period– ‘MAINT-AP-DNS-DEFAULT’ for all objects
imported by APNIC from existing zone files• Changing delegations requires valid maintainer• Maintainer creation & authorisation is manual
– Turnaround time 2 days
– /24 place holder objects created upon allocation gives members direct control
• No need to contact APNIC when changing nservers
Rev. DNS
Delegation process summary
on-line feedback givenno
Step 1
yes
Step 2
Step 3update APNIC
database
notify upd-tocontact for
maintainer object
zone files reloadedEvery 2 hrs, 24hrs a day on everyday
Delegation by APNIC
request forwarded to APNIC for manual
processingno
yes
request parsed OK?
authorisation OK?
Rev. DNS
Reverse DNS Troubleshooting Guide:http://www.apnic.net/services/help/rd/troubleshooting.html
Questions?
• Are all your zones, and your customer zones registered?
Material available at: www.apnic.net/training/recent/
Checkpoint question
• What is reverse DNS?
It is the mapping of numbers (IP addresses) to names (domain
names)
Summary
What we have covered today
Summary
• Introduction to APNIC• Policy development • Internet Registry Policies• IPv4 Allocation & Assignment Procedures
• IP Address Management• APNIC Database Procedures • ASN Assignment Procedures• Reverse DNS Procedures
Summary - Responsibilities
• As an APNIC member and custodian of address space – Be aware of your responsibilities
– Register customer assignments in APNIC database
• Keep this data up-to-date & accurate
– Educate your customers– Document your network in detail
• Keep local records
– Register reverse DNS delegations
• More personalised service– Range of languages:
Cantonese, Filipino, Mandarin, Hindi, Vietnamese etc.
• Faster response and resolution of queries• IP resource applications, status of requests, obtaining help
in completing application forms, membership enquiries, billing issues & database enquiries
Member Services Helpdesk- One point of contact for all member enquiries
Helpdesk hours 9:00 am - 7:00 pm (AU EST, UTC + 10 hrs)
ph: +61 7 3858 3188 fax: 61 7 3858 3199
Summary
• “Do the right thing”
– Think about routing table size & scalability of Internet
– Encourage renumbering
– Announce aggregate prefixes
– Think global not local
Thank you !!
Your feedback is appreciated
Material available at:http://www.apnic.net/training/recent/
Supplementary
Reading
Training material
•Today’s training material will be made available at:
http://www.apnic.net/training/recent/
Introduction
Regional Registry web sites• APNIC:
http://www.apnic.net
• ARIN: http://www.arin.net
• LACNIC: http://www.lacnic.net
• RIPE NCC: http://www.ripe.net
APNIC past meetingshttp://www.apnic.net/meetings
Introduction
APNIC membershttp://www.apnic.net/members.html
Membership • Membership procedure
http://www.apnic.net/membersteps.html
• Membership application form http://www.apnic.net/apnic-bin/membership-application.pl
• Membership fees http://www.apnic.net/docs/corpdocs/FeeSchedule.htm
Introduction to APNIC & IP Policy
Classless techniques• CIDR
http://ftp.apnic.net/ietf/rfc/rfc1000/rfc1517-19.txt
• Network Addressing when using CIDR ftp://ftp.uninett.no/pub/misc/eidnes-cidr.ps.Z
• Variable Length Subnet Table http://ftp.apnic.net/ietf/rfc/rfc1000/rfc1878.txt
Private Address Space• Address Allocation for Private Internets
http://ftp.apnic.net/ietf/rfc/rfc1000/rfc1918.txt
• Counter argument: “Unique addresses are good” http://ftp.apnic.net/ietf/rfc/rfc1000/rfc1814.txt
Bit boundary chart +------------------------------------------------------+ | addrs bits pref class mask | +------------------------------------------------------+ | 1 0 /32 255.255.255.255 | | 2 1 /31 255.255.255.254 | | 4 2 /30 255.255.255.252 | | 8 3 /29 255.255.255.248 | | 16 4 /28 255.255.255.240 | | 32 5 /27 255.255.255.224 | | 64 6 /26 255.255.255.192 | | 128 7 /25 255.255.255.128 | | 256 8 /24 1C 255.255.255 | | 512 9 /23 2C 255.255.254 | | 1,024 10 /22 4C 255.255.252 | | 2,048 11 /21 8C 255.255.248 | | 4,096 12 /20 16C 255.255.240 | | 8,192 13 /19 32C 255.255.224 | | 16,384 14 /18 64C 255.255.192 | | 32,768 15 /17 128C 255.255.128 | | 65,536 16 /16 1B 255.255 | | 131,072 17 /15 2B 255.254 | | 262,144 18 /14 4B 255.252 | | 524,288 19 /13 8B 255.248 | | 1,048,576 20 /12 16B 255.240 | | 2,097,152 21 /11 32B 255.224 | | 4,194,204 22 /10 64B 255.192 | | 8,388,608 23 /9 128B 255.128 | | 16,777,216 24 /8 1A 255 | | 33,554,432 25 /7 2A 254 | | 67,108,864 26 /6 4A 252 | | 134,217,728 27 /5 8A 248 | | 268,435,456 28 /4 16A 240 | | 536,870,912 29 /3 32A 224 | |1,073,741,824 30 /2 64A 192 | +------------------------------------------------------+
APNIC Mailing Lists
• apnic-talk– Open discussions relevant to APNIC community & members
• apnic-announce– Announcements of interest to the AP community
• sig-policy– IPv4 and IPv6 allocation and assignment policies
• global-v6– Global IPv6 policy mailing list
• subscribe via <[email protected]>• archives:
http://ftp.apnic.net/apnic/mailing-lists
http://www.apnic.net/net_comm/lists/
The RIR System
“Development of the Regional Internet Registry System”
Internet Protocol JournalVol. 4, Number 4
Short history of the Internet
http://www.cisco.com/warp/public/759/ipj_4-4/ipj_4-4_regional.html
Policies & Policy Environment
Policy Documentation • Policies for address space management in the Asia Pacific
regionhttp://www.apnic.net/docs/policy/add-manage-policy.html
• RFC2050: Internet Registry IP allocation Guidelineshttp://ftp.apnic.net/ietf/rfc/rfc2000/rfc2050.txt
Address Request Procedures
Addressing Guidelines• “Designing Addressing Architectures for Routing &
Switching”, Howard C. Berkowitz
Address Request Forms• ISP Address Request Form
http://www.apnic.net/services/ipv4/
• Second-opinion Request Formhttp://www.apnic.net/services/second-opinion/
• No Questions Asked http://ftp.apnic.net/apnic/docs/no-questions-policy
APNIC Database
APNIC Database Documentation• Updating information in the APNIC Database
http://ftp.apnic.net/apnic/docs/database-update-info
• Maintainer & Person Object Request Form http://ftp.apnic.net/apnic/docs/mntner-person-request
• APNIC Maintainer Object Request http://www.apnic.net/apnic-bin/maintainer.pl
• APNIC Whois Database objects resource guide http://www.apnic.net/services/whois_guide.html
APNIC Database
RIPE Database Documentation• RIPE Database Reference Manual
http://www.ripe.net/docs/databaseref-manual.html
Database ‘whois’ Clienthttp://ftp.apnic.net/apnic/dbase/tools/ripe-dbase-client.tar.gz
Database web queryhttp://www.apnic.net/apnic-bin/whois2.pl
Reverse DNS
Request Forms• Guide to reverse zones
http://www.apnic.net/db/revdel.html
• Registering your Rev Delegations with APNIC http://www.apnic.net/db/domain.html
Relevant RFCs• Classless Delegations
http://ftp.apnic.net/ietf/rfc/rfc2000/rfc2317.txt
• Common DNS configuration errorshttp://ftp.apnic.net/ietf/rfc/rfc1000/rfc1537.txt
AS Assignment Procedures
Policy• Guidelines for the creation, selection, and
registration of an AS http://ftp.apnic.net/ietf/rfc/rfc1000/rfc1930.txt
RFCs• Routing Policy Specification Language (RPSL)
http://ftp.apnic.net/ietf/rfc/rfc2000/rfc2280.txt
• A dedicated AS for sites homed to a single providerhttp://ftp.apnic.net/ietf/rfc/rfc2000/rfc2270.txt
• RFC1997: BGP Communities attributehttp://ftp.apnic.net/ietf/rfc/rfc2000/rfc2270.txt
Other supplementary reading
Operational Content Books• ISP Survival Guide, Geoff Huston• Cisco ISP Essentials, Philip Smith
BGP Tablehttp://www.telstra.net/ops/bgptable.html
http://www.merit.edu/ipma/reports
http://www.merit.edu/ipma/routing_table/mae-east/prefixlen.990212.html
http://www.employees.org/~tbates/cidr.hist.plot.html
Routing Instabilityhttp://zounds.merit.net/cgi-bin/do.pl
Other supplementary reading
Routing & Mulithoming• Internet Routing Architectures - Bassam Halabi • BGP Communities Attribute
http://ftp.apnic.net/ietf/rfc/rfc1000/rfc1997.txt
http://ftp.apnic.net/ietf/rfc/rfc1000/rfc1998.txt
Filtering• Egress Filtering
http://www.cisco.com/public/cons/isp
• Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing
http://ftp.apnic.net/ietf/rfc/rfc2000/rfc2267.txt
Person object template
person: [mandatory] [single] [lookup key]address: [mandatory] [multiple] [ ]country: [optional] [single] [ ]phone: [mandatory] [multiple] [ ]fax-no: [optional] [multiple] [ ]e-mail: [mandatory] [multiple] [lookup key]nic-hdl: [mandatory] [single] [primary/look-up key]remarks: [optional] [multiple] [ ]notify: [optional] [multiple] [inverse key]mnt-by: [mandatory] [multiple] [inverse key]changed: [mandatory] [multiple] [ ]source: [mandatory] [single] [ ]
Role object template
role: [mandatory] [single] [lookup key]address: [mandatory] [multiple] [ ]country: [optional] [single] [ ]phone: [mandatory] [multiple] [ ]fax-no: [optional] [multiple] [ ]e-mail: [mandatory] [multiple] [lookup key]trouble: [optional] [multiple] [ ]admin-c: [mandatory] [multiple] [inverse key]tech-c: [mandatory] [multiple] [inverse key]nic-hdl: [mandatory] [single] [primary/look-up
key]remarks: [optional] [multiple] [ ]notify: [optional] [multiple] [inverse key]mnt-by: [mandatory] [multiple] [inverse key]changed: [mandatory] [multiple] [ ]source: [mandatory] [single] [ ]
Maintainer Object Template
mntner: [mandatory] [single] [primary/look-up key]descr: [mandatory] [multiple] [ ]country: [optional] [single] [ ]admin-c: [mandatory] [multiple] [inverse key]tech-c: [optional] [multiple] [inverse key]upd-to: [mandatory] [multiple] [inverse key]mnt-nfy: [optional] [multiple] [inverse key]auth: [mandatory] [multiple] [ ]remarks: [optional] [multiple] [ ]notify: [optional] [multiple] [inverse key]mnt-by: [mandatory] [multiple] [inverse key]referral-by: [mandatory] [single] [inverse key]changed: [mandatory] [multiple] [ ]source: [mandatory] [single] [ ]
Inetnum object template
inetnum: [mandatory] [single] [primary/look-up key]netname: [mandatory] [single] [lookup key]descr: [mandatory] [multiple] [ ]country: [mandatory] [multiple] [ ]admin-c: [mandatory] [multiple] [inverse key]tech-c: [mandatory] [multiple] [inverse key]rev-srv: [optional] [multiple] [inverse key]status: [mandatory] [single] [ ]remarks: [optional] [multiple] [ ]notify: [optional] [multiple] [inverse key]mnt-by: [mandatory] [multiple] [inverse key]mnt-lower: [optional] [multiple] [inverse key]mnt-routes:[optional] [multiple] [inverse key]mnt-irt: [optional] [multiple] [inverse key]changed: [mandatory] [multiple] [ ]source: [mandatory] [single] [ ]
Aut-num Object Template
aut-num: [mandatory] [single] [primary/look-up key]
as-name: [mandatory] [single] [ ]descr: [mandatory] [multiple] [ ]country: [optional] [single] [ ]member-of: [optional] [multiple] [ ]import: [optional] [multiple] [ ]export: [optional] [multiple] [ ]default: [optional] [multiple] [ ]remarks: [optional] [multiple] [ ]admin-c: [mandatory] [multiple] [inverse key]tech-c: [mandatory] [multiple] [inverse key]cross-mnt: [optional] [multiple] [inverse key]cross-nfy: [optional] [multiple] [inverse key]notify: [optional] [multiple] [inverse key]mnt-lower: [optional] [multiple] [inverse key]mnt-routes: [optional] [multiple] [inverse key]mnt-by: [mandatory] [multiple] [inverse key]changed: [mandatory] [multiple] [ ]source: [mandatory] [single] [ ]
Domain object template
domain: [mandatory] [single] [primary/look-up key]
descr: [mandatory] [multiple] [ ]country: [optional] [single] [ ]admin-c: [mandatory] [multiple] [inverse key]tech-c: [mandatory] [multiple] [inverse key]zone-c: [mandatory] [multiple] [inverse key]nserver: [mandatory] [multiple] [inverse key]sub-dom: [optional] [multiple] [inverse key]dom-net: [optional] [multiple] [ ]remarks: [optional] [multiple] [ ]notify: [optional] [multiple] [inverse key]mnt-by: [mandatory] [multiple] [inverse key]mnt-lower: [optional] [multiple] [inverse key]refer: [optional] [single] [ ]changed: [mandatory] [multiple] [ ]source: [mandatory] [single] [ ]