the internet registry system how to run a local ir

1John Crain . NATO Workshop, June 2000 . http://www.ripe.net

The Internet Registry System

How to run a Local IR

NATO Workshop Tartu

June 2000

John Crain

John Crain . NATO Workshop, June 2000 . http://www.ripe.net 2

• RIPE• RIPE NCC• Internet Registry System

• Running a Local Internet Registry– IP address distribution & registration– Reverse Delegation– RIPE database

Overview


Questions always welcome!


Reseaux IP Européens


What is RIPE?

• Reseaux IP Européens (1989)– forum for network engineers to discuss technical issues

• RIPE is– service provider forum

– open for everybody

– voluntary participation, no fees

– works by consensus

– encourages face-to-face discussion

– acts like an “interest group” supporting Internet community

– but has NO legal power


How RIPE Works

• RIPE chair <[email protected]>– Chair: Rob Blokzijl (Nikhef)

• How does it work?– Working groups– Mailing lists– Meetings


Join RIPE Working Groups

• Local Internet Registries (LIR)• RIPE Database (DB)• IP version 6 (IPv6)• European Internet Exchange Forum (EIX)• Routing / MBONE• Domain Name System (DNS)• NETNEWS Co-ordination• Anti-Spam• Test-Traffic Project• European Operators Forum (EOF)

RIPE does NOT develop Internet Standards


Subscribe to RIPE Mailing Lists

• General announcement list– <[email protected]>

• Working group lists– <[email protected]>

– <[email protected]>

– etc.

• For more information– Send “help” to <[email protected]>

• Join the mailing lists and get informed

http://www.ripe.net/info/maillists.html


RIPE Meetings

• 3 times a year• ~3.5 day long• 300+ participants

• Working group meetings• Plenary• Presentations• Long breaks• Informal chats


Come to RIPE Meetings

• Keep up to date with Internet developments• Meet others in the business• Gather information, tips, ideas• Influence directions in Internet administration

– in RIPE NCC service region and beyond

• Next meeting RIPE 37– Amsterdam, 12-15. September 2000– <[email protected]>


RIPE Meeting Attendees in 1999

DE

UK

NL

EU

US

FRAT UNK DK

SEIT

IE

NOGB

PT

CZ

HU

RUCH

FI

ES

BE

Total 857

other


RIPE Meeting Attendance per Organisational Category 1999

COM 64%

EDU 14%

GOV 0%

Unkown 8%

Assoc.14%


Global Context

World-wide Internet

Technical Development & Standards Body

World-wide Operators Forum

EU Operators USA Operators

Asian Operators

IETF

IEPG

RIPE

APRICOT

NANOG


RIPENetwork Coordination Centre


What is the RIPE NCC?

• Not-for-profit association under Dutch law

• 8 years of history

• 2000+ members (mainly ISPs, but open to

anyone)

• Co-ordination and support services for ISPs


Why a NCC ?

• RIPE participation was increasing

• Too much RIPE work done on a voluntary basis

• Activities require continuity & co-ordination

• Neutrality and impartiality is important

• Contact point inside & outside RIPE region


RIPE NCC History

• April 1992: Birth of the RIPE NCC– TERENA legal umbrella

• September 1992: RIR Function• 1995: Contributing Local IRs• 1998: Independent Organisation

– not-for-profit association under Dutch law– General Assembly of all members– Executive Board of elected nominees

http://www.ripe.net/annual-report/99ar.html


Vital Statistics

• Statistics 1992– 3 staff members– No Local IR’s– 182,528 hosts in European Internet– 7,955 objects in RIPE database (June ‘92)

• Statistics Now– 60 staff (21 nationalities)– 2,000+ participating Local IR’s– 11,000,000+ hosts in the “European” Internet– 5,000,000+ objects in the database


RIPE NCC Membership

0200400

600800

1,0001,2001,400

1,6001,8002,000

1993 1994 1995 1996 1997 1998 1999 May15,

2000


New LIRs per Region 1999

Africa: 8

Europe : 551

(Including Turkey, Georgia and Kyrgyz Republic)

Middle-East: 31 (including Israel and Iran)


109

80

5047

28 27

20 20 1916 16

11 11 9 8 6 5 5 4 4 4

0

20

40

60

80

100

120

New LIRs in 2000


RIPE NCC Activities (1)

• Registration Services– IPv4 addresses

– IPv6 addresses

– AS numbers

– Reverse domain name delegation

– LIR Training Courses

Member Services


RIPE NCC Activities (2)

• Co-ordination– RIPE support– RIPE database maintenance– Routing Registry Maintenance (RR)– Liaison with:

• LIRs / RIRs / ICANN / etc …

– Information dissemination

• New Projects– Test Traffic– Routing Information Service (RIS)– Routing Registry Consistency (RR)

Public Services


Formal Decision Making

“Consensus” Model

RIPE proposes activity plan

RIPE NCC proposes budget to accompany activity plan

General Assembly votes on both

activities and budget at yearly meeting


Global Internet Registry System


Authority in the Net??

• The Internet Corporation for Assigned Names and Numbers (ICANN) is the non-profit corporation that was formed to assume responsibility for the IP address space allocation, protocol parameter assignment, domain name system management, and root server system management functions now performed under U.S. Government contract by IANA and other entities.


ICANN

Structure of ICANNThe Internet Corporation for Assigned Names and Numbers

Protocols DNS Addresses

http://www.icann.org

IETF, ITU, WWWC,ETSI

www.dnso.org APNICARINRIPE NCC

3 SupportingOrganizations


Address Supporting Organization

• RIR agreed on a proposal• “Simple model”• MoU between ICANN and RIRs• Policies set through existing regional processes• Address Council established

– oversee policy development processes– select ICANN directors (open process)

http://www.aso.icann.org


RIR Service Regions

RIPE NCCARIN APNIC


Goals of the Internet Registry System

• Fair distribution of address space

• Conservation – prevention of stockpiling of addresses

• Aggregation– hierarchical distribution of globally unique address space

– permits aggregation of routing information

• Registration– provision of public registry

– ensures uniqueness and enables troubleshooting


Address Distribution

Global Authority

RIR/8

LIR/20 + RIPE NCC Members

End Users/32 + Anybody with a network/host


Running a Local Internet Registry


How to get IP addresses?

• Go to your Local Internet Registry.– Your provider is probably one or is connected to one

http://www.ripe.net/lir/registries/europe.html

• If you are a provider and think you may need to be an LIR? Contact NCC <[email protected]>


Becoming a LIR

• Complete application form (ripe-160)

• Provide Reg-ID & contact persons– <[email protected]>

• Read relevant RIPE documents

• Sign service agreement (ripe-191)– agreed to follow policies and procedures

• Pay sign-up & yearly fee– <[email protected]>


Address Space Usage

0

20,000,000

40,000,000

60,000,000

80,000,000

100,000,000

213/8

212/8

62/8

195/8

194/8

193/8

98%

97%

96,5%

40,1%

97%

60%


IPv6

• Draft allocation guidelines– currently under revision by community

• Address allocation started – 17 sub-TLAs allocated by RIPE NCC

http://www.ripe.net/ripencc/mem-services/registration/ipv6/ipv6.html


DNS Activities


RIPE NCC Hostcount per Quarter

0

2,000,000

4,000,000

6,000,000

8,000,000

10,000,000

12,000,000

Q1/9

4

Q3/9

4

Q1/9

5

Q3/9

5

Q1/9

6

Q3/9

6

Q1/9

7

Q3/9

7

Q1/9

8

Q3/9

8

Q1/9

9

Q3/9

9

Q1/2

000


DNS Management• Goals

– ensure proper operation of name servers– minimise “pollution” of DNS

• Services– manage reverse delegations of networks in 193/8, 194/8, 195/8,

212/8, 213/8 and 62/8 in-addr.arpa domain– support local IR’s with feedback– secondary name servers for ccTLDs

• RIPE NCC DOES NOT register domain names


Why Do You Need Reverse Delegation ?

• All host-IP mappings in the DNS (A record) should have a corresponding IP-host mapping (PTR record)

• Failure to have this will likely– block users from various services (ftp, mail)– make troubleshooting more difficult – produce more useless network traffic in general


Request Reverse Delegation

• Send domain object to <[email protected]>

– an automatic mailbox

• Tool will– check if zone is correctly setup– check assignment validity– (try to) enter object to RIPE DB

• Questions, Comments to <[email protected]>


Reverse DNS Quality Report

• 80% of delegating zones good• Quality improving• ~500 new zones /week• 52.3% of eligible /24 zones are delegated

http://www.ripe.net/inaddr/statistics


The RIPE DatabaseIts usage and its usefulness


RIPE Database

• Network Management Database

• Data Management– Local IR’s, other ISPs and RIPE NCC

• Software Management

– RIPE NCC with Database Working Group– Re-implementation in progress


RIPE Database

• RIPE whois serverwhois.ripe.net

• RIPE whois clientftp://ftp.ripe.net/ripe/dbase/software/ripe-dbase-2.2.1.tar.gz

• Glimpse full text searchhttp://www.ripe.net/db/index.html

• Database documentation

http://www.ripe.net/docs/ripe-157.html

http://www.ripe.net/docs/ripe-189.html


Some Database Objects

– person: contact persons– role: contact groups/roles– inetnum: address assignments & networks– mntner: authorisation of objects– domain: forward and reverse domains– route: announced routes– aut-num: autonomous system– as-macro: group of autonomous systems– community: group of routes– inet6num: experimental object for IPv6 addresses


Almost 5 Million Objects

0

1,000,000

2,000,000

3,000,000

4,000,000

5,000,000

6,000,000

Jan-

97

Mar

-97

May

-97

Jul-9

7

Sep-9

7

Nov-9

7

Jan-

98

Mar

-98

May

-98

Jul-9

8

Sep-9

8

Nov-9

8

Jan-

99

Mar

-99

Apr-9

9

Jun-

99

Aug-9

9

Oct-99

Dec-9

9

Feb-0

0

Apr-0

0

4,885,891

Rate: 300, 0

00 p.m.


‘person’ Object

person: Mirjam Kuehne

address: RIPE NCC

address: Singel 258

address: NL - 1016 AB Amsterdam

address: Netherlands

phone: +31 20 535 4444

fax-no: +31 20 535 4445

e-mail: [email protected]

nic-hdl: MK16-RIPE

notify: [email protected]

changed: [email protected] 19950411


source: RIPE


‘role’ Object

role: RIPE NCC Hostmaster address: RIPE Network Coordination Centre address: Singel 258 address: NL - 1016 AB Amsterdam, Netherlands phone: +31 20 535 4444 e-mail: [email protected] trouble: Work days 0900-1800 CET: phone XXX trouble: Outside Business Hours: phone YYY admin-c: JLC2-RIPE tech-c: MK16-RIPE notify: [email protected] nic-hdl: RNH124-RIPE changed: [email protected] 19971002 source: RIPE


Network Object

inetnum: 193.0.0.0 - 193.0.0.255

netname: RIPE-NCC

descr: RIPE Network Co-ordination Centre

descr: Amsterdam, Netherlands

country: NL

admin-c: JLC2-RIPE

tech-c: MK16-RIPE

status: ASSIGNED PA

mnt-by: RIPE-NCC-MNT


source: RIPE

• “/” notation possible for inetnum value


Querying the Database

• Search keys (Look-up Keys)– person name, nic-hdl, e-mail– role name, nic-hdl, e-mail – maintainer maintainer name– inetnum network number, network name– domain domain name– aut-num AS number– as-macro AS-macro name– community community name– route route value

• Network number and route value are classless• Network name is a search key, but not unique


Queries Reach 7/sec Average

0

5,000,000

10,000,000

15,000,000

20,000,000D

ec-

96

Fe

b-9

7

Ap

r-9

7

Jun-

97

Aug

-97

Oct

-97

De

c-9

7

Fe

b-9

8

Ap

r-9

8

Jun-

98

Aug

-98

Oct

-98

De

c-9

8

Fe

b-9

9

Ap

r-9

9

Jun-

99

Aug

-99

Oct

-99

De

c-9

9

Fe

b-0

0

Ap

r-0

0

7/sec


Example query

whois 193.0.0.0

inetnum: 193.0.0.0 - 193.0.0.255 netname: RIPE-NCC admin-c: DK58 tech-c: OPS4-RIPE

route: 193.0.0.0/24 descr: RIPE-NCC

role: RIPE NCC Operations address: Singel 258 nic-hdl: OPS4-RIPE

person: Daniel Karrenberg address: RIPE Network Coordination Centre (NCC) nic-hdl: DK58


whois -h and -a

• whois -h query a specific host– whois -h whois.ripe.net – whois -h whois.arin.net

• whois -a includes the following sources– RADB– CANET– MCI– ANS– APNIC– ARIN – RIPE


whois -t (person)

person: [mandatory] [single] [primary/look-up key] address: [mandatory] [multiple] [ ] phone: [mandatory] [multiple] [ ] fax-no: [optional] [multiple] [ ] e-mail: [optional] [multiple] [look-up key] nic-hdl: [mandatory] [single] [primary/look-up key] remarks: [optional] [multiple] [ ] notify: [optional] [multiple] [inverse key] mnt-by: [optional] [multiple] [inverse key] changed: [mandatory] [multiple] [ ]

source: [mandatory] [single] [ ]


whois -i

• Inverse lookup for special arguments

• Examples:

– whois -i tech-c,admin-c,zone-c MK16-RIPE– whois -i notify [email protected]– whois -i origin AS1234– whois -i mnt-by AS1234-MNT


Example Query

0/0

193/8

193.1/16

All morespecifics (-M)

All less specifics (-L)

Exact / 1st less specific(default)

1st levelmorespecific (-m)

Example query : 193.1.0.0/16


RIPE whois Flags

• i inverse lookup for specified attributes• L find all Less specific matches• m find first level more specific matches• M find all More specific matches• r turn off recursive lookups• T type only look for objects of type (inetnum,

route, etc..)


More RIPE whois Flags

• a search all databases• h hostname search alternate server• s search databases with source “source”• t show template for object of type “type”• v verbose information for object of type “type”

• and don’t forget whois help

(how to query the database)


DB Update Procedure

• Changing an object– add the changed line to the new version of object

• value: email address and date

– keep the same primary key* do not forget authentication (password, PGP key)

• Deleting an object– add delete line to the exact copy of current object– value: email address, reason and date– submit to <[email protected]>


DB Update Procedure• Unique Keys (Primary Keys)

– person name + nic-hdl

– role name + nic-hdl

– maintainer maintainer name

– inetnum network number

– domain domain name

– aut-num AS number

– as-macro AS-macro name

– community community name

– route route value + origin

• Uniquely identifies object

• Updating an existing object will overwrite the old entry hence need unique key


E-mail Interface

• <[email protected]>– automatic mailbox

– send all updates to this mailbox

– can use HELP in subject line

• <[email protected]>– send questions and comments to this mailbox

• Test Database– test-whois.ripe.net

– <[email protected]>


Syntax Checking

• Successful update

• Warnings– object corrected and accepted

– notification of action taken in acknowledgement

• Errors– object NOT corrected and NOT accepted

– diagnostics in acknowledgement

– if not understandable send e-mail to • <[email protected]>

– please include object and error reports


Example Error Message

Update FAILED: [person] Mirjam Kuehne

person: Mirjam Kuehne

address: RIPE NCC

address: Singel 258, NL-1016 AB, Amsterdam

address: The Netherlands

phone: +31 20 535 4444

fax-no: +31 20 535 4445

e-mail: [email protected]


source: RIPE

WARNING: date in "changed" (980828) changed to 19980828

*ERROR*: mandatory field "nic-hdl" missing


Deleting an Object

• Add delete attribute to copy of current object person: Mirjam Kuehne address: RIPE NCC address: Singel 258 address: NL - 1016 AB Amsterdam address: Netherlands phone: +31 20 535 4444 fax-no: +31 20 535 4445 e-mail: [email protected] nic-hdl: MK16-RIPE changed: [email protected] 19980911 source: RIPE delete: [email protected] late for training

• Submit to database


Nic-hdl’s (Example)

person: John F. Doe

………

nic-hdl: AUTO-1JFD

person: Anne Smith

………

nic-hdl: AUTO-2

inetnum: ………

………

admin-c: AUTO-1JFD

tech-c: AUTO-2

JFD304-RIPE

JFD304-RIPE

AS519-RIPE

AS519-RIPE


Questions?


OrganizationsAFRINICAfrican Network Information Centre

http://www.afrinic.orgAPNIC Asian Pacific Network Information Centre

http://www.apnic.netARIN American Registry for Internet Numbers

http://www.arin.netCEENet Central and Eastern European Networking Association

http://www.ceenet.orgCENTR Council of European National Top level domain Registries

http://www.centr.orgCIX Commercial Internet Exchange

http://www.cix.orgETSI European Telecommunications Standards Institute

http://www.etsi.orgEuroISPA European Internet Service Providers Association

http://www.euroispa.orgIANA Internet Assigned Numbers Authority

http://www.iana.org


Organizations

ICANN Internet Corporation for Assigned Numbers and Nameshttp://www.icann.net

IETF Internet Engineering Task Forcehttp://www.ietf.org

ITU International Telecommunications Unionhttp://www.itu.int

NANOG North American Network Operators Grouphttp://www.nanog.org

RIPE Reseaux IP European Network http://www.ripe.net

RIPE NCC RIPE Network Coordination Centrehttp://www.ripe.net

W3C World Wide Web Consortiumhttp://www.w3.org

the internet registry system how to run a local ir

Documents