the internet registry system how to run a local ir
Post on 29-Jan-2016
48 Views
Preview:
DESCRIPTION
TRANSCRIPT
1John Crain . NATO Workshop, June 2000 . http://www.ripe.net
The Internet Registry System
How to run a Local IR
NATO Workshop Tartu
June 2000
John Crain
John Crain . NATO Workshop, June 2000 . http://www.ripe.net 2
• RIPE• RIPE NCC• Internet Registry System
• Running a Local Internet Registry– IP address distribution & registration– Reverse Delegation– RIPE database
Overview
3John Crain . NATO Workshop, June 2000 . http://www.ripe.net
Questions always welcome!
4John Crain . NATO Workshop, June 2000 . http://www.ripe.net
Reseaux IP Européens
John Crain . NATO Workshop, June 2000 . http://www.ripe.net 5
What is RIPE?
• Reseaux IP Européens (1989)– forum for network engineers to discuss technical issues
• RIPE is– service provider forum
– open for everybody
– voluntary participation, no fees
– works by consensus
– encourages face-to-face discussion
– acts like an “interest group” supporting Internet community
– but has NO legal power
John Crain . NATO Workshop, June 2000 . http://www.ripe.net 6
How RIPE Works
• RIPE chair <chair@ripe.net>– Chair: Rob Blokzijl (Nikhef)
• How does it work?– Working groups– Mailing lists– Meetings
John Crain . NATO Workshop, June 2000 . http://www.ripe.net 7
Join RIPE Working Groups
• Local Internet Registries (LIR)• RIPE Database (DB)• IP version 6 (IPv6)• European Internet Exchange Forum (EIX)• Routing / MBONE• Domain Name System (DNS)• NETNEWS Co-ordination• Anti-Spam• Test-Traffic Project• European Operators Forum (EOF)
RIPE does NOT develop Internet Standards
John Crain . NATO Workshop, June 2000 . http://www.ripe.net 8
Subscribe to RIPE Mailing Lists
• General announcement list– <ripe-list@ripe.net>
• Working group lists– <lir-wg@ripe.net>
– <dns-wg@ripe.net>
– etc.
• For more information– Send “help” to <majordomo@ripe.net>
• Join the mailing lists and get informed
http://www.ripe.net/info/maillists.html
John Crain . NATO Workshop, June 2000 . http://www.ripe.net 9
RIPE Meetings
• 3 times a year• ~3.5 day long• 300+ participants
• Working group meetings• Plenary• Presentations• Long breaks• Informal chats
John Crain . NATO Workshop, June 2000 . http://www.ripe.net 10
Come to RIPE Meetings
• Keep up to date with Internet developments• Meet others in the business• Gather information, tips, ideas• Influence directions in Internet administration
– in RIPE NCC service region and beyond
• Next meeting RIPE 37– Amsterdam, 12-15. September 2000– <meeting@ripe.net>
John Crain . NATO Workshop, June 2000 . http://www.ripe.net 11
RIPE Meeting Attendees in 1999
DE
UK
NL
EU
US
FRAT UNK DK
SEIT
IE
NOGB
PT
CZ
HU
RUCH
FI
ES
BE
Total 857
other
John Crain . NATO Workshop, June 2000 . http://www.ripe.net 12
RIPE Meeting Attendance per Organisational Category 1999
COM 64%
EDU 14%
GOV 0%
Unkown 8%
Assoc.14%
John Crain . NATO Workshop, June 2000 . http://www.ripe.net 13
Global Context
World-wide Internet
Technical Development & Standards Body
World-wide Operators Forum
EU Operators USA Operators
Asian Operators
IETF
IEPG
RIPE
APRICOT
NANOG
14John Crain . NATO Workshop, June 2000 . http://www.ripe.net
RIPENetwork Coordination Centre
John Crain . NATO Workshop, June 2000 . http://www.ripe.net 15
What is the RIPE NCC?
• Not-for-profit association under Dutch law
• 8 years of history
• 2000+ members (mainly ISPs, but open to
anyone)
• Co-ordination and support services for ISPs
John Crain . NATO Workshop, June 2000 . http://www.ripe.net 16
Why a NCC ?
• RIPE participation was increasing
• Too much RIPE work done on a voluntary basis
• Activities require continuity & co-ordination
• Neutrality and impartiality is important
• Contact point inside & outside RIPE region
John Crain . NATO Workshop, June 2000 . http://www.ripe.net 17
RIPE NCC History
• April 1992: Birth of the RIPE NCC– TERENA legal umbrella
• September 1992: RIR Function• 1995: Contributing Local IRs• 1998: Independent Organisation
– not-for-profit association under Dutch law– General Assembly of all members– Executive Board of elected nominees
http://www.ripe.net/annual-report/99ar.html
John Crain . NATO Workshop, June 2000 . http://www.ripe.net 18
Vital Statistics
• Statistics 1992– 3 staff members– No Local IR’s– 182,528 hosts in European Internet– 7,955 objects in RIPE database (June ‘92)
• Statistics Now– 60 staff (21 nationalities)– 2,000+ participating Local IR’s– 11,000,000+ hosts in the “European” Internet– 5,000,000+ objects in the database
John Crain . NATO Workshop, June 2000 . http://www.ripe.net 19
RIPE NCC Membership
0200400
600800
1,0001,2001,400
1,6001,8002,000
1993 1994 1995 1996 1997 1998 1999 May15,
2000
John Crain . NATO Workshop, June 2000 . http://www.ripe.net 20
New LIRs per Region 1999
Africa: 8
Europe : 551
(Including Turkey, Georgia and Kyrgyz Republic)
Middle-East: 31 (including Israel and Iran)
John Crain . NATO Workshop, June 2000 . http://www.ripe.net 21
109
80
5047
28 27
20 20 1916 16
11 11 9 8 6 5 5 4 4 4
0
20
40
60
80
100
120
New LIRs in 2000
John Crain . NATO Workshop, June 2000 . http://www.ripe.net 22
RIPE NCC Activities (1)
• Registration Services– IPv4 addresses
– IPv6 addresses
– AS numbers
– Reverse domain name delegation
– LIR Training Courses
Member Services
John Crain . NATO Workshop, June 2000 . http://www.ripe.net 23
RIPE NCC Activities (2)
• Co-ordination– RIPE support– RIPE database maintenance– Routing Registry Maintenance (RR)– Liaison with:
• LIRs / RIRs / ICANN / etc …
– Information dissemination
• New Projects– Test Traffic– Routing Information Service (RIS)– Routing Registry Consistency (RR)
Public Services
John Crain . NATO Workshop, June 2000 . http://www.ripe.net 24
Formal Decision Making
“Consensus” Model
RIPE proposes activity plan
RIPE NCC proposes budget to accompany activity plan
General Assembly votes on both
activities and budget at yearly meeting
25John Crain . NATO Workshop, June 2000 . http://www.ripe.net
Global Internet Registry System
John Crain . NATO Workshop, June 2000 . http://www.ripe.net 26
Authority in the Net??
• The Internet Corporation for Assigned Names and Numbers (ICANN) is the non-profit corporation that was formed to assume responsibility for the IP address space allocation, protocol parameter assignment, domain name system management, and root server system management functions now performed under U.S. Government contract by IANA and other entities.
John Crain . NATO Workshop, June 2000 . http://www.ripe.net 27
ICANN
Structure of ICANNThe Internet Corporation for Assigned Names and Numbers
Protocols DNS Addresses
http://www.icann.org
IETF, ITU, WWWC,ETSI
www.dnso.org APNICARINRIPE NCC
3 SupportingOrganizations
John Crain . NATO Workshop, June 2000 . http://www.ripe.net 28
Address Supporting Organization
• RIR agreed on a proposal• “Simple model”• MoU between ICANN and RIRs• Policies set through existing regional processes• Address Council established
– oversee policy development processes– select ICANN directors (open process)
http://www.aso.icann.org
John Crain . NATO Workshop, June 2000 . http://www.ripe.net 29
RIR Service Regions
RIPE NCCARIN APNIC
John Crain . NATO Workshop, June 2000 . http://www.ripe.net 30
Goals of the Internet Registry System
• Fair distribution of address space
• Conservation – prevention of stockpiling of addresses
• Aggregation– hierarchical distribution of globally unique address space
– permits aggregation of routing information
• Registration– provision of public registry
– ensures uniqueness and enables troubleshooting
John Crain . NATO Workshop, June 2000 . http://www.ripe.net 31
Address Distribution
Global Authority
RIR/8
LIR/20 + RIPE NCC Members
End Users/32 + Anybody with a network/host
32John Crain . NATO Workshop, June 2000 . http://www.ripe.net
Running a Local Internet Registry
John Crain . NATO Workshop, June 2000 . http://www.ripe.net 33
How to get IP addresses?
• Go to your Local Internet Registry.– Your provider is probably one or is connected to one
http://www.ripe.net/lir/registries/europe.html
• If you are a provider and think you may need to be an LIR? Contact NCC <new-lir@ripe.net>
John Crain . NATO Workshop, June 2000 . http://www.ripe.net 34
Becoming a LIR
• Complete application form (ripe-160)
• Provide Reg-ID & contact persons– <new-lir@ripe.net>
• Read relevant RIPE documents
• Sign service agreement (ripe-191)– agreed to follow policies and procedures
• Pay sign-up & yearly fee– <billing@ripe.net>
John Crain . NATO Workshop, June 2000 . http://www.ripe.net 35
Address Space Usage
0
20,000,000
40,000,000
60,000,000
80,000,000
100,000,000
213/8
212/8
62/8
195/8
194/8
193/8
98%
97%
96,5%
40,1%
97%
60%
John Crain . NATO Workshop, June 2000 . http://www.ripe.net 36
IPv6
• Draft allocation guidelines– currently under revision by community
• Address allocation started – 17 sub-TLAs allocated by RIPE NCC
http://www.ripe.net/ripencc/mem-services/registration/ipv6/ipv6.html
37John Crain . NATO Workshop, June 2000 . http://www.ripe.net
DNS Activities
John Crain . NATO Workshop, June 2000 . http://www.ripe.net 38
RIPE NCC Hostcount per Quarter
0
2,000,000
4,000,000
6,000,000
8,000,000
10,000,000
12,000,000
Q1/9
4
Q3/9
4
Q1/9
5
Q3/9
5
Q1/9
6
Q3/9
6
Q1/9
7
Q3/9
7
Q1/9
8
Q3/9
8
Q1/9
9
Q3/9
9
Q1/2
000
John Crain . NATO Workshop, June 2000 . http://www.ripe.net 39
DNS Management• Goals
– ensure proper operation of name servers– minimise “pollution” of DNS
• Services– manage reverse delegations of networks in 193/8, 194/8, 195/8,
212/8, 213/8 and 62/8 in-addr.arpa domain– support local IR’s with feedback– secondary name servers for ccTLDs
• RIPE NCC DOES NOT register domain names
John Crain . NATO Workshop, June 2000 . http://www.ripe.net 40
Why Do You Need Reverse Delegation ?
• All host-IP mappings in the DNS (A record) should have a corresponding IP-host mapping (PTR record)
• Failure to have this will likely– block users from various services (ftp, mail)– make troubleshooting more difficult – produce more useless network traffic in general
John Crain . NATO Workshop, June 2000 . http://www.ripe.net 41
Request Reverse Delegation
• Send domain object to <auto-inaddr@ripe.net>
– an automatic mailbox
• Tool will– check if zone is correctly setup– check assignment validity– (try to) enter object to RIPE DB
• Questions, Comments to <inaddr@ripe.net>
John Crain . NATO Workshop, June 2000 . http://www.ripe.net 42
Reverse DNS Quality Report
• 80% of delegating zones good• Quality improving• ~500 new zones /week• 52.3% of eligible /24 zones are delegated
http://www.ripe.net/inaddr/statistics
43John Crain . NATO Workshop, June 2000 . http://www.ripe.net
The RIPE DatabaseIts usage and its usefulness
John Crain . NATO Workshop, June 2000 . http://www.ripe.net 44
RIPE Database
• Network Management Database
• Data Management– Local IR’s, other ISPs and RIPE NCC
• Software Management
– RIPE NCC with Database Working Group– Re-implementation in progress
John Crain . NATO Workshop, June 2000 . http://www.ripe.net 45
RIPE Database
• RIPE whois serverwhois.ripe.net
• RIPE whois clientftp://ftp.ripe.net/ripe/dbase/software/ripe-dbase-2.2.1.tar.gz
• Glimpse full text searchhttp://www.ripe.net/db/index.html
• Database documentation
http://www.ripe.net/docs/ripe-157.html
http://www.ripe.net/docs/ripe-189.html
John Crain . NATO Workshop, June 2000 . http://www.ripe.net 46
Some Database Objects
– person: contact persons– role: contact groups/roles– inetnum: address assignments & networks– mntner: authorisation of objects– domain: forward and reverse domains– route: announced routes– aut-num: autonomous system– as-macro: group of autonomous systems– community: group of routes– inet6num: experimental object for IPv6 addresses
John Crain . NATO Workshop, June 2000 . http://www.ripe.net 47
Almost 5 Million Objects
0
1,000,000
2,000,000
3,000,000
4,000,000
5,000,000
6,000,000
Jan-
97
Mar
-97
May
-97
Jul-9
7
Sep-9
7
Nov-9
7
Jan-
98
Mar
-98
May
-98
Jul-9
8
Sep-9
8
Nov-9
8
Jan-
99
Mar
-99
Apr-9
9
Jun-
99
Aug-9
9
Oct-99
Dec-9
9
Feb-0
0
Apr-0
0
4,885,891
Rate: 300, 0
00 p.m.
John Crain . NATO Workshop, June 2000 . http://www.ripe.net 48
‘person’ Object
person: Mirjam Kuehne
address: RIPE NCC
address: Singel 258
address: NL - 1016 AB Amsterdam
address: Netherlands
phone: +31 20 535 4444
fax-no: +31 20 535 4445
e-mail: mir@ripe.net
nic-hdl: MK16-RIPE
notify: mir@ripe.net
changed: mir@ripe.net 19950411
changed: mir@ripe.net 19970616
source: RIPE
John Crain . NATO Workshop, June 2000 . http://www.ripe.net 49
‘role’ Object
role: RIPE NCC Hostmaster address: RIPE Network Coordination Centre address: Singel 258 address: NL - 1016 AB Amsterdam, Netherlands phone: +31 20 535 4444 e-mail: hostmaster@ripe.net trouble: Work days 0900-1800 CET: phone XXX trouble: Outside Business Hours: phone YYY admin-c: JLC2-RIPE tech-c: MK16-RIPE notify: hostmaster@ripe.net nic-hdl: RNH124-RIPE changed: hostmaster@ripe.net 19971002 source: RIPE
John Crain . NATO Workshop, June 2000 . http://www.ripe.net 50
Network Object
inetnum: 193.0.0.0 - 193.0.0.255
netname: RIPE-NCC
descr: RIPE Network Co-ordination Centre
descr: Amsterdam, Netherlands
country: NL
admin-c: JLC2-RIPE
tech-c: MK16-RIPE
status: ASSIGNED PA
mnt-by: RIPE-NCC-MNT
changed: GeertJan.deGroot@ripe.net 19970310
source: RIPE
• “/” notation possible for inetnum value
John Crain . NATO Workshop, June 2000 . http://www.ripe.net 51
Querying the Database
• Search keys (Look-up Keys)– person name, nic-hdl, e-mail– role name, nic-hdl, e-mail – maintainer maintainer name– inetnum network number, network name– domain domain name– aut-num AS number– as-macro AS-macro name– community community name– route route value
• Network number and route value are classless• Network name is a search key, but not unique
John Crain . NATO Workshop, June 2000 . http://www.ripe.net 52
Queries Reach 7/sec Average
0
5,000,000
10,000,000
15,000,000
20,000,000D
ec-
96
Fe
b-9
7
Ap
r-9
7
Jun-
97
Aug
-97
Oct
-97
De
c-9
7
Fe
b-9
8
Ap
r-9
8
Jun-
98
Aug
-98
Oct
-98
De
c-9
8
Fe
b-9
9
Ap
r-9
9
Jun-
99
Aug
-99
Oct
-99
De
c-9
9
Fe
b-0
0
Ap
r-0
0
7/sec
John Crain . NATO Workshop, June 2000 . http://www.ripe.net 53
Example query
whois 193.0.0.0
inetnum: 193.0.0.0 - 193.0.0.255 netname: RIPE-NCC admin-c: DK58 tech-c: OPS4-RIPE
route: 193.0.0.0/24 descr: RIPE-NCC
role: RIPE NCC Operations address: Singel 258 nic-hdl: OPS4-RIPE
person: Daniel Karrenberg address: RIPE Network Coordination Centre (NCC) nic-hdl: DK58
John Crain . NATO Workshop, June 2000 . http://www.ripe.net 54
whois -h and -a
• whois -h query a specific host– whois -h whois.ripe.net – whois -h whois.arin.net
• whois -a includes the following sources– RADB– CANET– MCI– ANS– APNIC– ARIN – RIPE
John Crain . NATO Workshop, June 2000 . http://www.ripe.net 55
whois -t (person)
person: [mandatory] [single] [primary/look-up key] address: [mandatory] [multiple] [ ] phone: [mandatory] [multiple] [ ] fax-no: [optional] [multiple] [ ] e-mail: [optional] [multiple] [look-up key] nic-hdl: [mandatory] [single] [primary/look-up key] remarks: [optional] [multiple] [ ] notify: [optional] [multiple] [inverse key] mnt-by: [optional] [multiple] [inverse key] changed: [mandatory] [multiple] [ ]
source: [mandatory] [single] [ ]
John Crain . NATO Workshop, June 2000 . http://www.ripe.net 56
whois -i
• Inverse lookup for special arguments
• Examples:
– whois -i tech-c,admin-c,zone-c MK16-RIPE– whois -i notify mir@ripe.net– whois -i origin AS1234– whois -i mnt-by AS1234-MNT
John Crain . NATO Workshop, June 2000 . http://www.ripe.net 57
Example Query
0/0
193/8
193.1/16
All morespecifics (-M)
All less specifics (-L)
Exact / 1st less specific(default)
1st levelmorespecific (-m)
Example query : 193.1.0.0/16
John Crain . NATO Workshop, June 2000 . http://www.ripe.net 58
RIPE whois Flags
• i inverse lookup for specified attributes• L find all Less specific matches• m find first level more specific matches• M find all More specific matches• r turn off recursive lookups• T type only look for objects of type (inetnum,
route, etc..)
John Crain . NATO Workshop, June 2000 . http://www.ripe.net 59
More RIPE whois Flags
• a search all databases• h hostname search alternate server• s search databases with source “source”• t show template for object of type “type”• v verbose information for object of type “type”
• and don’t forget whois help
(how to query the database)
John Crain . NATO Workshop, June 2000 . http://www.ripe.net 60
DB Update Procedure
• Changing an object– add the changed line to the new version of object
• value: email address and date
– keep the same primary key* do not forget authentication (password, PGP key)
• Deleting an object– add delete line to the exact copy of current object– value: email address, reason and date– submit to <auto-dbm@ripe.net>
John Crain . NATO Workshop, June 2000 . http://www.ripe.net 61
DB Update Procedure• Unique Keys (Primary Keys)
– person name + nic-hdl
– role name + nic-hdl
– maintainer maintainer name
– inetnum network number
– domain domain name
– aut-num AS number
– as-macro AS-macro name
– community community name
– route route value + origin
• Uniquely identifies object
• Updating an existing object will overwrite the old entry hence need unique key
John Crain . NATO Workshop, June 2000 . http://www.ripe.net 62
E-mail Interface
• <auto-dbm@ripe.net>– automatic mailbox
– send all updates to this mailbox
– can use HELP in subject line
• <ripe-dbm@ripe.net>– send questions and comments to this mailbox
• Test Database– test-whois.ripe.net
– <test-dbm@ripe.net>
John Crain . NATO Workshop, June 2000 . http://www.ripe.net 63
Syntax Checking
• Successful update
• Warnings– object corrected and accepted
– notification of action taken in acknowledgement
• Errors– object NOT corrected and NOT accepted
– diagnostics in acknowledgement
– if not understandable send e-mail to • <ripe-dbm@ripe.net>
– please include object and error reports
John Crain . NATO Workshop, June 2000 . http://www.ripe.net 64
Example Error Message
Update FAILED: [person] Mirjam Kuehne
person: Mirjam Kuehne
address: RIPE NCC
address: Singel 258, NL-1016 AB, Amsterdam
address: The Netherlands
phone: +31 20 535 4444
fax-no: +31 20 535 4445
e-mail: mir@ripe.net
changed: mir@ripe.net 19980828
source: RIPE
WARNING: date in "changed" (980828) changed to 19980828
*ERROR*: mandatory field "nic-hdl" missing
John Crain . NATO Workshop, June 2000 . http://www.ripe.net 65
Deleting an Object
• Add delete attribute to copy of current object person: Mirjam Kuehne address: RIPE NCC address: Singel 258 address: NL - 1016 AB Amsterdam address: Netherlands phone: +31 20 535 4444 fax-no: +31 20 535 4445 e-mail: mir@ripe.net nic-hdl: MK16-RIPE changed: mir@ripe.net 19980911 source: RIPE delete: training@ripe.net late for training
• Submit to database
John Crain . NATO Workshop, June 2000 . http://www.ripe.net 66
Nic-hdl’s (Example)
person: John F. Doe
………
nic-hdl: AUTO-1JFD
person: Anne Smith
………
nic-hdl: AUTO-2
inetnum: ………
………
admin-c: AUTO-1JFD
tech-c: AUTO-2
JFD304-RIPE
JFD304-RIPE
AS519-RIPE
AS519-RIPE
John Crain . NATO Workshop, June 2000 . http://www.ripe.net 67
Questions?
John Crain . NATO Workshop, June 2000 . http://www.ripe.net 68
OrganizationsAFRINICAfrican Network Information Centre
http://www.afrinic.orgAPNIC Asian Pacific Network Information Centre
http://www.apnic.netARIN American Registry for Internet Numbers
http://www.arin.netCEENet Central and Eastern European Networking Association
http://www.ceenet.orgCENTR Council of European National Top level domain Registries
http://www.centr.orgCIX Commercial Internet Exchange
http://www.cix.orgETSI European Telecommunications Standards Institute
http://www.etsi.orgEuroISPA European Internet Service Providers Association
http://www.euroispa.orgIANA Internet Assigned Numbers Authority
http://www.iana.org
John Crain . NATO Workshop, June 2000 . http://www.ripe.net 69
Organizations
ICANN Internet Corporation for Assigned Numbers and Nameshttp://www.icann.net
IETF Internet Engineering Task Forcehttp://www.ietf.org
ITU International Telecommunications Unionhttp://www.itu.int
NANOG North American Network Operators Grouphttp://www.nanog.org
RIPE Reseaux IP European Network http://www.ripe.net
RIPE NCC RIPE Network Coordination Centrehttp://www.ripe.net
W3C World Wide Web Consortiumhttp://www.w3.org
top related