afrinic training
Post on 06-Apr-2018
224 Views
Preview:
TRANSCRIPT
-
8/2/2019 Afrinic Training
1/82
AfriNIC - 2005
AfricanNetworkInformation
centre
Welcome to the
AfriNIC LIR Training
AfriNIC
-
8/2/2019 Afrinic Training
2/82
AfricanNetworkInformation
centre
Introductions
Instructor :
Students: Full Names & Nationality. Organization/Company Position/Title Brief Responsibilities. AfriNIC Member?
Experience with AfriNIC/RIR System.
Attendance Sheet : Please Complete and Send back to Instructor.
-
8/2/2019 Afrinic Training
3/82
AfricanNetworkInformation
centre
Logistics Mobile phones Off or Silent Toilets ? Smoking Room ? Break Tea and Lunch ?
Time line :
09:00 - 13:00 Presentation
14:30 - 15:30 Hands on (Where LAB is arranged) early departures?
Online Materials: http://www.afrinic.net/training/index.htm Computer Based Training:
See URL above for download links of the computer-based training CD-ROM
Handouts Already given out.
-
8/2/2019 Afrinic Training
4/82
AfricanNetwo
rkInformation
centre
Course Objectives:
Requesting IP number resources. Membership. * IPv4 / IPv6 addresses, 2-byte and 4-byte AS Numbers
Interacting with the AfriNIC whois db. Creating, updating and deleting objects: IP number resource
registrations, contact info, reverse domains, etc
AfriNIC policies & procedures. Policy Development Process and an overview of current
policy proposals under discussion.
-
8/2/2019 Afrinic Training
5/82
AfricanNetwo
rkInformation
centre
Why AfriNICProblem:
Lack of co-ordination on IP
resource management in Africa.
Inconsistency in address
allocation policies.
Poor involvement of African
stakeholders in the IP address
allocation system.
Policy inappropriate for
Africas Internet environment.
Money is sent out of the
continent
-
8/2/2019 Afrinic Training
6/82
AfricanNetwo
rkInformation
centre
Why AfriNIC
Results:a common address allocation
policy for Africa.
a common environment for
discussions on IP resources Policy.
Application of the bottom-up
process to allow participation from
the local community.
Adoption of new policies moreclose to the continents realities.
Money stays in Africa to support
training and other projects.
-
8/2/2019 Afrinic Training
7/82
AfricanNetwo
rkInformation
centre
What is AfriNIC?
AfriNIC :
Independent not-for-profit membershiporganisation supporting its members and thecommunity
One of 5 Regional Internet Registries (RIR)
-
8/2/2019 Afrinic Training
8/82
AfricanNetwo
rkInformation
centre
NRO
IANA
Policy making process
Internet Coordination bodies:
ICANN
Supporting
Organizations
Con
stituencies&
Ad
visorybodies
Internet
Community@
Large
ASO
Afr iNIC APNIC ARIN LACNIC RIPENCC
Community*
RegionalPo l
i cies
GlobalPolicies
Community* RIPE
ASO
ICANN
-
8/2/2019 Afrinic Training
9/82
AfricanNetwo
rkInformation
centre
AfriNIC Policy Development Process
AfriNIC as a self governedentity based onmembership, hasdeveloped a PolicyDevelopment Processdriven by the community.
6 steps
Subscribe to the policydiscussion mailing list
policy-wg-request@afrinic.net
Propose changes or newpolicies on the mailinglist
PDP modificationproposal**
mailto:policy-wg-request@afrinic.netmailto:wg-request@afrinic.netmailto:wg-request@afrinic.netmailto:policy-wg-request@afrinic.net -
8/2/2019 Afrinic Training
10/82
AfricanNetwo
rkInformation
centre
Global IP allocation Hierarchy
41/8
-
8/2/2019 Afrinic Training
11/82
AfricanNetwo
rkInformation
centre
Recent/Coming Activities
5th Public policy meeting held Mauritius: Dec 2006
6th Public policy meeting held in Abuja: May 2007
Several policy proposals. IPv6 and LIR hands-on training and Workshop.
Next meeting is scheduled for September 2007
Durban, South Africa. LIR Training (IPv6 TBC).
-
8/2/2019 Afrinic Training
12/82
AfricanNetwo
rkInformation
centre
AfriNIC services
Member Services Registration:
IPv4 addresses
IPv6 addresses
AS numbers
Reverse delegation
Courses:
LIR courses IPv6 Training
Public Services
AFRINIC DB maintenance
Coordination & liaison
Meetings
Information
Tools and Utilities.
-
8/2/2019 Afrinic Training
13/82
AfricanNetwo
rkInformation
centre
Contacts
Head QuartersAfriNIC Ltd.
3rd Floor, Cyber Tower
Cyber City, Ebene, Mauritius
Phone: +230 466 6616
Fax: +230 466 6758
Hostmaster hostmaster@afrinic.net
Billing billing@afrinic.net
DB-help afrinic- bm@afrinic.net
Training training@afrinic.net
-
8/2/2019 Afrinic Training
14/82
AfricanNetwo
rkInformation
centre
Questions?
-
8/2/2019 Afrinic Training
15/82
AfricanNetwo
rkInformation
centre
Introduction
* RIR specific terminology* The whois database
-
8/2/2019 Afrinic Training
16/82
AfricanNetwo
rkInformation
centre
IP Address Space
Address space is not property Leased Automatically renewed, if criteria still
fulfilled
Recovered by AfriNIC if criteria not
fulfilled: e.g: Non Payment of membership fees
Not used anymore
Policy Violation, Court Orders, etc
-
8/2/2019 Afrinic Training
17/82
AfricanNetwo
rkInformation
centre
Allocation address space issued by AfriNIC to a LIR. The LIR canfurther issue IP addresses to end-sites/customers from anallocation.
Sub-Allocation address space from LIRs allocation set apart by LIR for issuing
to downstream ISPs / resellers. Assignment
made from allocation or sub-allocation. address space in use in networks.
allocation
assignmentsub-allocation
assignment
assignments
-
8/2/2019 Afrinic Training
18/82
AfricanNetwo
rkInformation
centre
Classless Addressing
Classful: 3 fixed network sizes: A, B, C Problem: waste of addresses
Solution: Classless Inter Domain Routing (CIDR)- flexible allocation / assignment sizes!
- hierarchical distribution
Always make classless assignments
/23 & /25 or /27 etc. not always /24
-
8/2/2019 Afrinic Training
19/82
AfriNIC - 2005
AfricanNetwo
rkInformation
centre
The Whois Database Intro.
Description
DB queries
Creating contact objects
-
8/2/2019 Afrinic Training
20/82
AfricanNetwo
rkInformation
centre
AfriNIC WHOIS Database Intro
A Public Network Management Database
Software Maintained and updated by AfriNIC, Originally developed by RIPE NCC.
Data LIRs, End Users, AfriNIC
Test WHOIS Database for practice:online at test-whois.afrinic.net port 43
-
8/2/2019 Afrinic Training
21/82
AfricanNetwo
rkInformation
centre
Object Types
IP address space . . . . . . . .inetnum, inet6num
Reverse delegation. . . . . . .domain
Routing . . . . . . . . . . . . . . . aut-num
Organisation . . . . . . . . . . . organisation
Contact details . . . . . . . . . .person, role
Data protection . . . . . . . . . mntner, keycert
Documents AFRINIC DB User Manual: Getting Started
AFRINIC Database Reference Manual
-
8/2/2019 Afrinic Training
22/82
AfricanNetwo
rkInformationcentre
Basic Queries
Use a Whois Client:Use a Whois Client:
** No known command-line whois client for Microsoft
Windows. All command line whois clients are usually on
Unix/Unix-Like Systems and Linux.
whois -h whois.afrinic.net
http://www.afrinic.net/cgi-bin/whois
Download a CLI whois client from sourceforge,freshmeat, etc.Download a CLI whois client from sourceforge,freshmeat, etc.
There may be some commercial windows whois clients.There may be some commercial windows whois clients.
-
8/2/2019 Afrinic Training
23/82
AfricanNetwo
rkInformationcentre
Creating a Person Object
Query the whois server for an object template:
whois h whois.afrinic.net -t person
And for a verbose output:
whois h whois.afrinic.net -v person
Complete in plain text and email to:
-
8/2/2019 Afrinic Training
24/82
AfricanNetwo
rkInformationcentre
person: [mandatory] [single] [lookup key]
address: [mandatory] [multiple] [ ]
org: [optional] [single] [inverse key]
phone: [mandatory] [multiple] [ ]
fax-no: [optional] [multiple] [ ]
e-mail: [optional] [multiple] [lookup key]
nic-hdl: [mandatory] [single] [primary/look-up key]
remarks: [optional] [multiple] [ ]
notify: [optional] [multiple] [inverse key]
mnt-by: [optional] [multiple] [inverse key]
changed: [mandatory] [multiple] [ ]
source: [mandatory] [single] [ ]
whois h whois.afrinic.net -t personattributes values
-
8/2/2019 Afrinic Training
25/82
AfricanNetwo
rkInformationcentre
nic-hdl
Unique identifier forperson and role objects
Format: [number]-
e.g. PB1-AFRINIC
Use AUTO-1 when creating new objects to auto-generate a handle.
person: Pius Bognic-hdl: PB123-AFRINIC
person: Pius Bognic-hdl: auto-1
role: NOC Teamnic-hdl: auto-1
role: NOC Teamnic-hdl: NT1-AFRINIC
-
8/2/2019 Afrinic Training
26/82
AfricanNetwo
rkInformationcentre
Database Responses
Successful update:object accepted (or no object found)
Errors:object NOT accepted read error report correct and re-send
Send questions to
include complete error report and original email to DB
-
8/2/2019 Afrinic Training
27/82
AfricanNetwo
rkInformationcentre
Role Objects
Can contain several person objects for a defined role. For Example:
role: ISP-X NOC Contacts
.admin-c: ABC1-AFRINIC
admin-c: DEF1-AFRINIC
tech-c: GHI1-AFRINIC
nic-hdl: INC1-AFRINIC
Advisable to use role instead of person objects Easier to update multiple objects when contacts change
Only role object to be modified (admin-c/tech-c).
-
8/2/2019 Afrinic Training
28/82
AfricanNetwo
rkInformationcentre
Querying Address Ranges
Standard IPv4 look-ups IP address
IP range
two IP addresses (-) IP address and prefix size (/ )
netname
Exact match by default smallest less specific if no exact match whois h whois.afrinic.net x [IP range]
If no matching object, nothing is returned
-
8/2/2019 Afrinic Training
29/82
AfricanNetwo
rkInformationcentre
Hierarchical Queries
80.35.64.0-
80.35.65.19180.35.88/26
80.35.64.0 - 80.35.95.255
80.35.80/25
MARIBU TAIWO
whois -h whois.afrinic.net -M 80.35.64.0/19
whois -h whois.afrinic.net-m 80.35.64.0/19 (first sub-level only)
whois -h whois.afrinic.net-L 80.35.92.10
whois -h whois.afrinic.net-l 80.35.92.10
CHATHA ...
80.35.92/29
CHATHA-2
80.35.92.8/29
CHATHA-8
-
8/2/2019 Afrinic Training
30/82
AfricanNetwo
rkInformationcentre
Inverse Lookups: -i
To find all objects that contain references to other objects
Whois -h whois.afrinic.net -i {attribute} {value}
Inverse keys
mnt-by, mnt-lower, admin-c, etc
whois -h whois.afrinic.net i tech-c TM125-AFRINIC
whois -h whois.afrinic.net -i admin-c,tech-c,zone-c TM125- AFRINIC or
whois -h whois.afrinic.net -ipn TM125-AFRINIC whois -h whois.afrinic.net -i mnt-by KARIBU-MNT
Whois -h whois.afrinic.net -i org ORG-PIE1-AFRINIC
-
8/2/2019 Afrinic Training
31/82
AfricanNetwo
rkInformationcentre
Non-recursive Lookups: -r
whois -h whois.afrinic.net 80.35.64.82 => inetnum,person(s)
whois -h whois.afrinic.net-r80.35.64.82
=> inetnum whois -h whois.afrinic.net -Tinetnum 80.35.64.82
=> inetnum,person(s)
whois -h whois.afrinic.net -r -Tinetnum 80.35.64.82 => inetnum
To prevent being blocked for too many person objectqueries, as DB has limits!
-
8/2/2019 Afrinic Training
32/82
AfricanNetwo
rkInformationcentre
Using mntner Objects
mntner: protects objects in DB (via mnt-by)
Creating a mntner:
fill out template (whois -h whois.afrinic.net-t mntner)
send to
Forgot/lost authentication? (Password, PGPkey) send fax to AfriNIC to modify authentication
Fax explaining situation on company letter paper
signed: admin-c of mntner or any other authority.
Inverse: whois -h whois.afrinic.net -i mnt-by XYZ-MNT finds all objectthat are maintained by (mnt-by:) that mntner
-
8/2/2019 Afrinic Training
33/82
AfricanNetwo
rkInformationcentre
Authentication Methods
1. auth: CRYPT-PW
2. auth: MD5-PW
3. auth: PGPKEY-
Can use multiple authentication methods & multiplemntners .
There is a web-based tool on the AfriNIC website forgeneratingmd5-pw andcrypt-pw encryptedpasswords for use in maintainer objects ('auth'attribute)
-
8/2/2019 Afrinic Training
34/82
AfricanNetwo
rkInformationcentre
Auth: Attribute CRYPT-PW (easiest to crack) & MD5-PW : (more secure)
Encrypted password can be created via web interface https://www.afrinic.net/tools/whois_crypt.htm
to update objects, include:password:
PGP : safer, but much more complex
1: create mntnerwith otherauth: line
2: create a key-pair http://www.gnupg.org/3:create key-cert object (includes public key)
4: modify the mntnerto include
auth: PGPKEY- to update objects, include: PGP signature.
P t ti DB Obj t
-
8/2/2019 Afrinic Training
35/82
AfricanNetwo
rkInformationcentre
unprotectedperson object
Protecting DB Objects
password: cleartext_password
encrypted password
if update successful
mnt-by: MATATU-MNT
person: Mario Murillo
...
nic-hdl: MAMU...
if update fails
Includeauthentication ofmntner in e-mailif updating object
via e-mail
person objectprotected by mntner
MATATU-MNT
mntner: MATATU-MNT
descr: maintainer for all matatu objectsadmin-c: MAMU
tech-c: MAMU
auth: MD5-PW $1$5Uapud4ydfMWhgo/upd-to: afrinic_db_oops@matatu.aomnt-nfy: afrinic_changes@gmail.com
mnt-by: MATATU-MNT
changed: hostmaster@bodaboda.bj 20050401
source: AFRINIC
auth: CRYPT-PW q5nd!~Sfhk0#a
-h whois.afrinic.net
-
8/2/2019 Afrinic Training
36/82
AfricanNetwo
rkInformationcentre
Hierarchical Authorisation
mnt-by(mandatory in DB) protects the object in which it appears and can... authenticate creation / deletion of more specificinetnum, route, domain objects
mnt-lower(optional in inetnum template) mandatory in: allocation inetnum objects recommended in sub-allocation inetnum objects authenticates creation of more specific inetnum, domain objects
mnt-domains(optional in inetnum template) optional for:allocation and PI inetnumobjects recommended ininetnum objects authenticates creation ofdomain objects
-
8/2/2019 Afrinic Training
37/82
AfricanNetwo
rkInformationcentre
More Hierachical Authorisationinetnum: 193.27/16
status: ALLOCATED PA
mnt-by: AFRINIC-HM-MNT
mnt-lower: A-MNT
inetnum:193.27.128/22
status: SUB-ALLOCATED PA
mnt-by: A-MNT
mnt-lower: B-MNT
inetnum:193.27.130/24
status: ASSIGNED PA
mnt-by: B-MNT
allocation
sub-allocation
assignment
-
8/2/2019 Afrinic Training
38/82
AfricanNetworkInformationcentre DB Update Procedure
Modifying an object: get exact copy, make changes to it keep same primary key add new changed line in chronological order
changed: didier@drogba.ci
Deleting an object: add delete line to exact copy (with some explanation)
delete: thierry@henry.fr overlapping inetnum Subject: DELETE does not delete object!
In both cases: Include authentication (e.g. password)
-
8/2/2019 Afrinic Training
39/82
AfricanNetworkInformationcentre
whois -h test-whois.afrinic.net
Non-production whois database
Interface same as real whois DB syntax check + error reports
test-dbm@afrinic.net nic-hdl:AUTO1-TEST source: TEST referral-by: TEST-DBM-MNT mnt-by: TEST-DB-MNT (only for allocations)
For testing: authorisation schemes, scripts, etc
-
8/2/2019 Afrinic Training
40/82
AfricanNetworkInformationcentre
Questions?
-
8/2/2019 Afrinic Training
41/82
AfriNIC - 2005
AfricanNetworkInformationcentre
First IPv4 Allocation
-
8/2/2019 Afrinic Training
42/82
AfricanNetworkInformationcentre
Membership First!
Fax/Email +Courier/Post the following documents toAfriNIC: RSA (Registration Services Agreement)
Membership Form All on www.afrinic.net.
E-Mail new-member@afrinic.net for follow-up.
E-Mail Address Space Request Template tohostmaster@afrinic.net.
Online Membership Application coming soon!
http://www.afrinic.net/http://www.afrinic.net/ -
8/2/2019 Afrinic Training
43/82
AfricanNetworkInformationcentre
First Allocations
IPv4 First Allocation Request Form Which includes:
LIR First PA Assignment Request Form
Must show efficient utilization of IP addresses inaddressing plan template
Minimum allocation size: /22 Slow start mechanism for first allocations
-
8/2/2019 Afrinic Training
44/82
AfricanNetworkInformationcentre
First allocation template
1st allocation template please see:
www.afrinic.net/documents.htm
* Requesting via online forms will be available
soon.
-
8/2/2019 Afrinic Training
45/82
AfricanNetworkInformationcentre
Additional IPv4 Allocation
-
8/2/2019 Afrinic Training
46/82
AfricanNetworkInformationcentre
Evaluation of Allocation Request
Previous allocation used up ~ 80%? status: ASSIGNED PA or SUB-ALLOCATED PA
do LIRs records match RS records/DB? AfriNIC asks for documentation on 3 or more
assignments
All renumbered networks returned? Quality of AFRINIC DB records Broadband usage verifiable?
-
8/2/2019 Afrinic Training
47/82
AfricanNetworkInformationcentre
Making New Allocations
If inconsistencies foundLIR corrects data before receiving new
allocation
When data corrected:AfriNIC allocates new block to LIRupdates the DB.
-
8/2/2019 Afrinic Training
48/82
AfricanNetworkInformationcentre
Allocation inetnum Object
inetnum: 80.35.64.0 - 80.35.127.255
netname: EG-NILEONLINE-20050401
org: ORG-NILE32-AFRINIC
country: EG
admin-c: NILE-AFRINICtech-c: NILE-AFRINIC
status: ALLOCATED PA
notify: sphinx@nile.eg
mnt-by: AFRINIC-HM-MNTmnt-lower: NILE-MNT
changed: hostmaster@afrinic.net 20040503
source: AFRINIC
-
8/2/2019 Afrinic Training
49/82
AfricanNetworkInformationcentre
End-User /PI Requests
-
8/2/2019 Afrinic Training
50/82
AfricanNetworkInformationcentre
PA vs. PI Assignments
ProviderAggregatable End User addresses out of LIRs allocation must be returned when changing providers Can be made with involving AfriNIC
ProviderIndependent End User addresses directly from AfriNIC can be kept when changing providers
Routability of PI addresses not RIR's responsibility Some ISPs may have a policy against routing IP addresses not issued/assigned by the
ISP.
-
8/2/2019 Afrinic Training
51/82
AfricanNetworkInformationcentre
Requesting PI Space
Organization must first become a member
organisation object created if successful.
IPv4 End-User Assignment Request Form (PI)
Every PI assignment has to be requested
separately
There will be an evaluation and processing fee
for each new End-user assignment. **
-
8/2/2019 Afrinic Training
52/82
AfricanNetworkInformatio
ncentre
After the PI Assignment Approval
AfriNIC will assign a PI block
create assignment object in DB
PI holder must not assign further
Upstream usually assists PI holder with
reverse DNS and route object
-
8/2/2019 Afrinic Training
53/82
AfricanNetworkInformatio
ncentre
Example PI DB Object
inetnum: 194.1.208.0 - 194.1.209.255 netname: ClaudeSports
descr: Claude Sports retail network
descr: Kinshasa, DRC
org: ORG-CS4-AFRINIC
country: CD
admin-c: KANU
tech-c: DIOUF
status: ASSIGNED PI
mnt-by: AFRINIC-HM-MNT
mnt-lower: MAKE-MNT
mnt-domains: MAKELELE-MNTchanged: hostmaster@afrinic.net 20050421
source: AFRINIC
-
8/2/2019 Afrinic Training
54/82
AfricanNetworkInformatio
ncentre
PA Assignments
IPs issued by LIR to customers/end-sites IPs issued by LIR to own infrastructure:
Dial-In pool ADSL pool NOC, Staff LAN, etc
Must be recorded in the whois database Recommended: 4 or more IPs
A pool of dynamically assigned IPs can be
recorded as one range of IPs. 80% utilization needed before requesting
more IPs from AfriNIC.
-
8/2/2019 Afrinic Training
55/82
AfricanNetworkInformatio
ncentre
Assignment inetnum object
inetnum: 196.0.80.0 - 196.0.80.127
netname: JAMBO-NET
descr: KaribuWeb customer
country: KE
org: ORG-JA123-AFRINIC
admin-c: AB231-AFRINIC
tech-c: JJ125-AFRINIC
status: ASSIGNED PA
mnt-by: Karibuweb-MNT
mnt-lower: Karibuweb-MNTmnt-domains: Jambo-MNT
changed: peter@karibu.ke 20050411
source: AFRINIC
-
8/2/2019 Afrinic Training
56/82
AfricanNetworkInformatio
ncentre Sub-allocations
Sub-allocation: From LIR to ISP Sub-allocation window: What the LIR can sub-
allocate without AfriNICs approval. (Unless2nd opinion is needed).
If a sub-allocation > Sub-Alloc. Window, IPv4 sub-allocation Request Form
Minimum sub-allocation size: /24
-
8/2/2019 Afrinic Training
57/82
AfricanNetworkInformatio
ncentre
Using Sub-allocations
LIR must register sub-allocation in DB LIR has final responsibility for whole sub-allocation
(mntners)
inetnum object: status:SUB-ALLOCATED PA
use ISPs mntner inmnt-lower/domains,
and LIRs mntner in mnt-by
Assignments from sub-allocations From ISP to itself or to End Users/Customers
-
8/2/2019 Afrinic Training
58/82
AfricanNetworkInformatio
ncentre
Why Register IPs in the DB?
contact info in case of trouble overview of usage (*when requesting for more)
Address space considered in use only if registered in
DB.
* or else delays in: additional allocation,* Identified as Bogon address and blocked by ISPs (in
case of allocations)
Responsibility of the LIR to register assignments.
Responsibility of the RIR to register allocations and PIassignments.
-
8/2/2019 Afrinic Training
59/82
AfricanNetworkInformatio
ncentre
Questions?
-
8/2/2019 Afrinic Training
60/82
AfriNIC - 2005
AfricanNetworkInformatio
ncentre
Reverse Delegation Procedure
-
8/2/2019 Afrinic Training
61/82
AfricanNetworkInformatio
ncentre
What is Reverse Delegation?
The DNS provides forward (name-to-number) andreverse (number-to-name) resolutions. Reverse delegation allows applications to map a
domain name from an IP address. Achieved by use of special domain names:
IPv4: in-addr.arpa. IPv6: ip6.arpa
IANA centrally administers and delegatescorresponding reverse zones for all /8s allocated toAfriNIC.
-
8/2/2019 Afrinic Training
62/82
AfricanNetworkInformatio
ncentre
Why Do You Need Reverse?
All host to IP mappings in the DNS (A record)should have a corresponding IP-host mapping(PTR record)
Otherwise users blocked from various services (ftp, mail, IRC,
etc)
-
8/2/2019 Afrinic Training
63/82
AfricanNetworkInformatio
ncentre
Decide what range you want reversed
(whole allocation or specific assignments?)
Decide who will be responsible
Yourself (LIR)? End User/Customer?
Request Procedure
Who Can Request and What?
-
8/2/2019 Afrinic Training
64/82
AfricanNetworkInformatio
ncentre
First - Set up the zones (on your name servers) !!
Then create domain objects in the AfriNIC whoisdb. The domain object contains info about your
zone and the associated name servers.
Possible domain boundaries: /24, /16. (Multiples of course possible*)
(IPv6: /32, /36)
How to set up Reverse Delegation
-
8/2/2019 Afrinic Training
65/82
AfricanNetworkInformatio
ncentre Example domain Object
Template: whois h whois.afrinic.net -t domain
Domain: 32.3.196.in-addr.arpa
descr: Reverse delegation for
descr: Karibus Customer Jambo
descr: Internet Services Ltd.
admin-c: JJ231-AFRINICtech-c: SULU-AFRINIC
zone-c: WF2121-AFRINIC
nserver: ns.karibu.ke
nserver: ns2.mtn.za
mnt-by: KARIBU-MNTchanged: badru@jambo.ug 20050417
source: AFRINIC
-
8/2/2019 Afrinic Training
66/82
AfricanNetworkInformatio
ncentre
Checking DB syntax
Checking authentication (passwords) (mnt-domains/mnt-lower in inetnum)
Checking if nameserver setup is correct Delegation checker Web UI on AfriNIC Tools
Website.
The appropriate NS lines will be entered into the
parent zone file after about 5 hrs) Domain object in DB successful reverse
Use nslookup or dig or whatever tools to verify setup.
Steps Performed by the System
-
8/2/2019 Afrinic Training
67/82
AfricanNetworkInformatio
ncentre
Delegation Sizes
Multiple /24delegations: several domain objects can be sent in one e-mail
Shorthand notation for consecutive zones
/16 delegation
-
8/2/2019 Afrinic Training
68/82
AfricanNetw
orkInformatio
ncentre
Problems with Reverse ?
Database and DNS diagnostics sent tothe requestercorrect errors and re-send to:
auto-dbm@afrinic.net
If problems continue
include full errorreport
-
8/2/2019 Afrinic Training
69/82
AfricanNetw
orkInformatio
ncentre
Questions?
-
8/2/2019 Afrinic Training
70/82
AfriNIC - 2005
AfricanNetw
orkInformatio
ncentre
Autonomous System Numbers
-
8/2/2019 Afrinic Training
71/82
AfricanNetw
orkInformatio
ncentre
Autonomous System
Definition:
A unique number that defines an Autonomous System
on the Internet. An Autonomous System is a collection of IP networks under
control of a single entity typically, ISPs (or other orgs) thatadhere to a single and clearly defined routing policy.
IANA allocates AS numbers to RIRs
RIR assigns AS number to LIRs or to End Users.
2-byte, eg AS34567 4-byte, eg AS5.234 (nomenclature agreed by IESG)
-
8/2/2019 Afrinic Training
72/82
AfricanNetw
orkInformatio
ncentre How to Get an AS Number ?
Autonomous System (AS) NumberRequest Template:
address prefix to be announced with thisrequested ASN or ticket # of pending IP addressrequest (if applicable)
peering contacts (2 or more: **policyrequirement that stipulates a need to be
multihomed before requesting an ASN).
-
8/2/2019 Afrinic Training
73/82
AfricanNetw
orkInformatio
ncentre
aut-num: NEW
as-name: WEAH
descr: Georges AS#org: ORG-WEAH77-AFRINICremarks: import: from AS2 action pref=20; accept AS2
remarks: import: from AS3 action pref=100; accept ANY
remarks: import: from AS2 action pref=200; accept ANY
remarks: export: to AS2 announce NEW
remarks: export: to AS3 announce NEW
admin-c: ETOO-AfriNIC
tech-c: HADJI-AfriNIC
mnt-by: AFRINIC-HM-MNT
changed: hostmaster@afrinic.net
source: AFRINIC
aut-num object:
AS30999
AS30999
AS30999
20050229
-
8/2/2019 Afrinic Training
74/82
AfricanNetw
orkInformatio
ncentre
Internet Routing Registry
Globally distributed DB with routing data AfriNIC Db does NOT have a IRR component
Create route object in RIPE NCC Db
use mnt-by: RIPE-NCC-RPSL-MNT ** (unsafe!) password=RPSL
Create a maintainer object in the RIPE DB foruse along with the RIPE NCCs genericmaintainer! Else, someone else can delete or modify your
data!
-
8/2/2019 Afrinic Training
75/82
AfriNIC - 2005
AfricanNetw
orkInformatio
ncentre
IPv6
-
8/2/2019 Afrinic Training
76/82
AfricanNetw
orkInformatio
ncentre
Get IPv6 Addresses From:
Use of the 2002: prefix to use on an IPv4-only network/uplink: "6to4" transition mechanism
V6 addresses derived fromexisting v4 addresses.
Another LIR IPv6 has more levels
of hierarchy
RIR
Tunnel broker
-
8/2/2019 Afrinic Training
77/82
AfricanNetw
orkInformatio
ncentre
Common IPv6 Policy Principles
Address space not property leased automatically renewed, if criteria still
fulfilled Minimum Allocation
easier prefix-based filtering
Different priority of goals aggregation rather than conservation minimise administration
-
8/2/2019 Afrinic Training
78/82
AfricanNetw
orkInformatio
ncentre
First IPv6 Allocation
Criteria must be LIR / must not be an End Site
plan to provide connectivity to aggregatedcustomers
Size: /32 (bigger if justified)
IPv4 infrastructure and users considered IPv6 First Allocation Template
Subsequent allocation: HD ratio > 0.8 ***
(eg. 10.9% usage for /32)
*** This is being proposed to 0.94
-
8/2/2019 Afrinic Training
79/82
AfricanNetw
orkInformatio
ncentre
IPv6 Assignments
Assignment size - /48 for all (no approval needed)
smaller size: /64 just one subnet /128 just one device
Assignment to operator's infrastructure
/48 per PoP or in-house operations
Multiple /48s for very large End Users
Register every /48 assigned into the whois db
Reverse delegation: ip6.arpa.
-
8/2/2019 Afrinic Training
80/82
AfricanNetw
orkInformatio
ncentre
inet6num Object
inet6num: 2001:0888::/32netname: SA-XS4ALL-20050317
descr: Xs4all Internet
org: ORG-XS4A1-AFRINIC
country: ZA
admin-c: XS-AFRINICtech-c: XS-AFRINIC
status: ALLOCATED-BY-RIR
mnt-by: AFRINIC-HM-MNT
mnt-lower: XS4ALL-MNT
mnt-domains: XS4ALL-MNTchanged: hostmaster@afrinic.net 20050317
source: AFRINIC
-
8/2/2019 Afrinic Training
81/82
AfricanNetw
orkInformatio
ncentre
Questions?
-
8/2/2019 Afrinic Training
82/82
AfricanNetw
orkInformatio
ncentre
Comments? Suggestions? Feedback?
top related