welcome! apnic members training course effective ip address management asia pacific policies and...
TRANSCRIPT
Welcome!APNIC Members Training Course
Effective IP Address Management Asia Pacific Policies and Procedures
3 September 2002, Kitakyushu, Japan
2
Introduction
• Presenters
– Miwa Fujii – Training Officer• [email protected]
– George Kuo – Internet Resource Analyst• [email protected]
– Arth Paulite – Internet Resource Analyst• [email protected]
3
Assumptions & Objectives
• Assumptions– Are current APNIC member or a prospective
member– Have not submitted many requests– Are not familiar or up to date with policies– Are not familiar with procedures
• Objectives– Provide overview of current policies– To minimise “pain” of requesting resources– To promote awareness
4
Schedule
Session 1 (9-10.30)
- General
Introduction to APNIC (5)
- What is the role of APNIC?
RIR Goals & Principles (12)
- Short background
APNIC Policies (25)
- All current APNIC policies
Policies & Procedures (33)
- Additional guidelines
Session 2 (11-12.30)
- Operational
Requesting resources (42)
- Overview, forms, tips etc.
IP Management (53)
- Planning your allocation
APNIC Database (65)
- Short intro to the whois DB
Reverse DNS (86)
- Basic concepts
● Summary (95)
Introduction to APNIC
Asia Pacific Network Information Centre
6
What is APNIC?
• Regional Internet Registry for the Asia Pacific– Regional authority for Internet Resource distribution– IPv4 & IPv6 addresses, ASNs, reverse dns delegation
• Industry self-regulatory body– Participation by those who use Internet resources– Consensus-based, open and transparent– Non-profit, neutral and independent
• Open membership-based structure
Intro
7
APNIC is not…
• Not a network operator– Does not provide networking services
• Works closely with APRICOT forum
• Not a standards body– Does not develop technical standards
• Works within IETF in relevant areas (IPv6 etc)
• Not a domain name registry or registrar• Will refer queries to relevant parties
Intro
8
Internet Registry Hierarchy
Intro
9
APNIC RegionIntro
10
APNIC Services & Activities
• Resource services & registration• IPv4, IPv6, ASNs, in-addr.arpa, whois• Authoritative registration server: whois
• Policy development and implementation• Membership reviews and approves policy
• Information dissemination• APNIC meetings• Training courses & seminars
Intro
11
• Want to know more about APNIC and the APNIC meetings?
– Come to the newcomer’s orientation this afternoon at 18.00.
Questions ?
RIR Goals & Principles
Definitions, RIR Goals, Brief History & Policy Development
13
Definitions- Allocation and Assignment
• Allocation– A block of address space held by an IR for
subsequent allocation or assignment• Not yet used to address any networks
• Assignment– A block of address space used to address
an operational network • May be provided to LIR customers, or used for
an LIR’s infrastructure (‘self-assignment’)
Policy Background
14
/8
APNIC Allocation
Allocation and Assignment
/24 /26
APNICAllocates
IP addresses
APNIC MemberAssigns
IP addresses
Customer / End User
/20
Member Allocation
Customer Assignments
/25
Policy Background
15
Portable & Non-portable
• Portable– Customer holds addresses independent from ISP– Customer keeps addresses when changing ISP– Bad for size of routing tables– Bad for QOS: routes may be filtered, flap-dampened
• Non-portable– Customer uses ISP’s address space– Customer must renumber if changing ISP– Only way to effectively scale the Internet
Policy Background
16
Classful and Classless
• Classful (Obsolete)– Wasteful address architecture
• network boundaries are fixed at 8, 16 or 24 bits (class A, B, and C)
• Classless (Best Current Practice)– Efficient architecture
• network boundaries may occur at any bit (e.g. /12, /16, /19, /24 etc)
• CIDR– Classless Inter Domain Routing architecture– Allows aggregation of routes within ISPs
infrastructure
Policy Background
17
Classful Address Architecture
00
A (8 bits) Host address (24 bits)128 networks x 16M hosts
Class A(50% of all address space)
1010
B (16 bits) Host (16 bits)16K networks x 64K hosts
Class B(25%)
110110
C (24 bits) Host (8 bits)2M networks x 256 hosts
Class C(12,5%)
Classful addressing obsolete:– inefficient– depletion of B space– too many routes from C space
Policy Background
18
64 hosts26 bits Host (6 bits)
Classless Address Architecture
19 bits Host (13 bits)
10 bits Host address (22 bits)4M hosts
/10
/19
/20
/26
20 bits Host (12 bits)4096 hosts
• Network boundaries may occur at any bit
/24
8192 hosts
4096 hostsHost (8 bits)24 bits
Policy Background
19
CIDR Aggregation
ISP202.128.0.0/16
CustomerCustomer
202.128.1.0/25202.128.1.0/25 202.128.32.0/29202.128.32.0/29
Provider Aggregation
BGP announcements 202.128.0.0/16BGP announcements 202.128.0.0/16
Customer
202.128.3.0/26202.128.3.0/26
Provider Aggregation
Policy Background
20
• Conservation• Ensuring efficient use and conservation of resources
• Aggregation• Limiting growth of routable prefixes
• Registration• Registering the Internet resources in a public db
• Uniqueness• Global visibility
• Fairness and consistency• Equal consideration irrespective of external factors
APNIC Policies - Objectives
Policy Background
21
Why do we need Policies ?- Global IPv4 Delegations
Other Orgs42%
Unallocated30%
"Special purpose"
14%
RIPE NCC4%
ARIN 6%
APNIC 4%
Policy Background
22
Why do we need Policies? - Growth of Global Routing Table
http://bgp.potaroo.net/as1221/bgp-active.html
DeploymentPeriod of CIDR
Moore’s Law and CIDRmade it work for a while
But they cannot berelied on forever
Projected routing table growth without CIDR
–(as of 19 July 2002)
Policy Background
23
Routing Table Prefix Distribution
0 20000 40000 60000 80000 100000 120000 140000
Nov-01
Dec-01
Jan-02
Feb-02
Mar-02
Apr-02
May-02
Jun-02
Jul-02<16
16
17
18
19
20
21
22
23
24
>24
Policy Background
24
APNIC Policy Development
• Based on global and regional policies– Global: RFC2050– Regional: ‘Policies for Address Space Management
in the Asia Pacific Region’• http://www.apnic.net/docs/add-manage-policy.html
• Policy development• APNIC and APNIC members• Other RIRs and wider community
• Policy implementation– APNIC and APNIC members
Policy Background
APNIC IPv4 Address Policies
Allocation & Assignment Policies
26
APNIC Policy Environment
• IP addresses not freehold property– Internet resources are public resources– ‘Ownership’ is contrary to management goals – Need to avoid the mistakes of the past– Assignments & allocations on lease basis
• Confidentiality & security– APNIC to observe and protect trust relationship– Non-disclosure agreement signed by staff
Policies
27
APNIC Allocation Policies
• Allocations as Non portable address space– Provider responsible for aggregation– Customer assignments must be non-portable
• Allocations based on demonstrated need– Detailed documentation required– All address space held to be declared– Address space to be obtained from one source
• routing considerations may apply
– Stockpiling not permitted
Policies
28
Initial IPv4 Allocation Criteria
• Have used a /22 from upstream provider – Demonstrated efficient previous address usage
OR
• Show immediate need for /22• Can include customer projections & infrastructure equipment
• Provide detailed plan for use of /21 within a year• Renumber to new space within 1 year
• Meet all policy requirements• Applicants may be required to show purchase receipts
Policies
29
Address Assignment Policies
• Assignments based on requirements – Demonstrated through detailed documentation
• Justification through description of usage, and number of hosts initially, in 6 months, and one year
– Assignment should maximise utilisation • (minimise wastage)
– Classless assignments, showing use of VLSM
• Size of allocation– Sufficient for up to 12 months requirement
Policies
30
Small Multihoming Assignment Policy
• Applicants currently multihomed OR
• Demonstrate a plan to multihome within 1 month
• Agree to renumber out of previously assigned space
– Demonstrate need to use 25% of requested space immediately and 50% within 1 year
– Meet all policy requirements or have the assignment revoked
Policies
31
IPv4 Assignment policy for IXPs
• /24 assignment for IX point’s Transit LAN– Must agree not to announce the space to the
global routing table– IXP must be able to demonstrate “open
peering policy”– Have 3 or more peers
• APNIC has a reserved block of space from which to make IXP assignments
Policies
Questions ?
APNIC Policies & Procedures
Policies, Procedures and
Best Current Practices
34
Virtual web hosting
• Name based hosting – ‘Strongly recommended’
• Use ‘infrastructure’ field to describe web servers
• IP based hosting– Permitted on technical grounds for SSL,
virtual ftp..– Use ‘infrastructure’ field to describe web servers
– Special verification for IP based– If more than /22 used for this purpose– Requestor must send list of URLs of virtual domain and
corresponding IP address
P&P& BCP
35
Cable, DSL services
• 1:1 contention ratio• Can be either statically or dynamically assigned• Means 1 IP address per customer
• Greater than 1:1 contention ratio• Preferred because conserves address space
• Choice of addressing is optional for members • dynamic addressing is encouraged
• Verification for DSL Services– Equipment details
• Ex: BRAS, Number of ports– Purchase requests
P&P& BCP
36
New Cable Service
• Bootstrapping criteria for new cable service• Applies to startup providers commencing new cable
– Allocation size based on assumption that requestor will assign a /24 to each CMTS in their network
• Complete ‘additional info’ with make, model & quantity • Purchase receipts for equipments may be asked
– Assignments greater than /30 need to be• Requested through second opinion process• Registered separately in the database
P&P& BCP
37
Cable / DSL
• Cable, DSL services– Special verification for 1:1 (permanently on-line)
• For anything over a /22 in total, verification through customer list for random head-ends or other alternative
• For residential networks– Do not need to register on-site tech-c, however
ISPs tech-c can be used
P&P& BCP
38
Renumbering
• One-for-one exchange to assist renumbering• needs confirmation from upstream ISP to confirm
renumbering will take place
• ‘No Questions Asked’ return prefix policy• swap 3 or more discontiguous prefixes (ISP or customers) for
single prefix, no charge
ftp://ftp.apnic.net/apnic/docs/no-questions-policy
– Form for returning addressesftp://ftp.apnic.net/apnic/docs/address-return-request
P&P& BCP
39
Subsequent Allocations
• 80% overall utilisation– Demonstrated conservative assignments – Correct database registrations for customers
• Fix inconsistencies before next allocation
• Amount depends on “usage” rate• How much, how fast, allocate for up to one year
– Contiguous allocation not guaranteed• But every effort made
P&P& BCP
40
Summary
• All address space held should be documented
• Check other RIR, NIR databases for historical allocations
• ‘No reservations’ policy• Reservations may never be claimed• Fragments address space• Customers may need more or less address
space than is actually reserved
• Aggregation• LIR announces allocation as a single aggregate
P&P& BCP
Questions ?
Requesting Internet Resources
43
Requesting IP addresses- Overview
Put togetheran
Addressing Plan
Requestnew
Allocation
ISP Request (APNIC-084)
For customer assignments(APNIC-073)
Register allcustomer
assignmentsin db
80% utilisation in
Allocation
Requestan Allocation
APNIC-084
whois.apnic.net
Second opinionrequest
Req IP
44
Addressing Plan
• Identify components of network– Customer services– ISP internal infrastructure
• Identify phases of deployment– Starting off, 6 months, 12 months
• Identify equipment and topology changes– Need for redundancy– Need for increased scale
Req IP
45
network-plan: 0.0.0.0 255.255.252.0 YES 1024 128/512/1020 60 leased line customersnetwork-plan: 0.0.4.0 255.255.255.0 PART 256 16/60/240 8 PRI dial up modems..network-plan: 0.0.5.0 255.255.255.0 PART 256 0/60/240 8 PRI dial up modems..network-plan: 0.0.6.0 255.255.255.192 YES 64 10/16/35 LAN -mail,DNS, web internal network-plan: 0.0.6.64 255.255.255.192 YES 64 15/25/40 LAN -NOC & Ops mgmtnetwork-plan: 0.0.6.128 255.255.255.240 YES 16 5/11/11 LAN -web hosting (Name-based)
network-plan: 0.0.6.144 255.255.255.240 YES 16 0/8/8 LAN -secondary serversnetwork-plan: 0.0.6.160 255.255.255.240 YES 16 4/6/12 loopback router interfacesnetwork-plan: 0.0.6.176 255.255.255.252 YES 4 2/2/2 router WAN ports (x 8 lines )
– detailed, efficient and accurate
Addressing Plan Example
Deploymentphases
Descriptionsubnet size
subnet
mask
relativeprefix
Connectto
Internet
46
Address Request Forms
• Allocation Request– ISP Address Request Form
• http://www.apnic.net/services/ipv4/
• Assignment Request (Second opinion)– Second opinion Request Form
• http://cgi.apnic.net/apnic-bin/second-opinion-request.pl
Req IP
47
• <[email protected]> mailbox• Is filtered to accept requests from members only• Requires member account name
– Subject: IP Address Request [CONNECT-AU]
• Ticketing system• Every request is assigned a ticket
– Ticket # is a confirmation that your request has been well received
• New staff at LIR• Require an ‘introduction’ to hostmasters• To ensure confidentiality
Hostmaster Administrivia
Req IP
48
Requesting IP addresses
• Create person objects and a company maintainer object before you apply.
• Read the “Tips” document at:• http://www.apnic.net/info/faq/isp-request-tips.html
• Use correct account name for your request • Always use same ticket # for same request
– Please keep # in subject line of email eg.– [APNIC #14122] [CHINANET-CN]
Req IP
49
Requesting IP addresses
• Provide a detailed description of your network topology– More information provided = less iteration
• Make sure the request has correct format & syntax
• http://www.apnic.net/services/help/isp_txt/• http://ftp.apnic.net/apnic/docs/second-opinion-request
• Provide list of all current addresses held• Additional comments field
– Topology map, deployment plan etc• Any additional info that supports the request
• Plan to adopt best current practice
Req IP
50
Requesting New Allocation- Checklist
Utilisation in allocation is 80%All customer assignments are registered
in the whois database• With accurate and up-to-data information
Sufficient documentation to support address requirement
Membership fee is paid
Req IP
51
Member Services Helpdesk
• One point of contact for all member enquiries– Extended operating hours
• 9:00 am to 7:00 pm (Australian EST, UTC + 10 hrs)
• More personalised service• Range of languages
• Cantonese, Filipino, Mandarin, Thai, Vietnamese etc.
• Faster response and resolution of queries• IP resource applications, status of requests, obtaining help
in completing application forms, membership enquiries, billing issues & database enquiries etc.
Req IP
Questions ?
IP Address Management
54
Revision of routing protocols
• Interior Gateway Protocol (IGP)• OSPF, EIGRP, ISIS• Used to find optimum route to a host in ISP network• Convergence becomes important with scaling
• Border Gateway Protocol (BGP)• Can be interior (iBGP) and exterior (eBGP)• Used to carry traffic across your network and
to/from the Internet• Can use BGP attributes for routing policy
IP Mgmt
55
Principles of Addressing
• Separate customer & infrastructure address pools– Manageability
• Different personnel manage infrastructure and assignments to customers
– Scalability• Easier renumbering - customers are difficult,
infrastructure is relatively easy
IP Mgmt
56
Principles of Addressing
• Further separate infrastructure– ‘Dynamic’ infrastructure for IGP
• Network infrastructure addresses used by a routing protocol - alternate paths to host exist
• Eg. p2p addresses of backbone connections• Eg. router loopback addresses
– ‘Static’ infrastructure• Static routing of infrastructure (no alternative
path exists) • Carry in iBGP
IP Mgmt
57
Principles of Addressing
• Further separate infrastructure– ‘Static’ infrastructure examples
• RAS server address pools, CMTS• Virtual web and content hosting LANs• Anything where there is no dynamic route calculation
• Customer networks• Carry in iBGP , do not put in IGP
– No need to aggregate address space carried in iBGP• Can carry in excess of 100K prefixes
IP Mgmt
58
Hierarchy of Routing Protocols
BGP4 (iBGP)& OSPF/ISIS
Other ISPs
CustomersLocalNAP
eBGP Static/eBGP
BGP4 (eBGP)
FDDI
ISP Internal Network
IP Mgmt
59
Management - Simple Network
• First allocation from APNIC– Infrastructure is known, customers are
not– 20% free is trigger for next request
– Grow usage of blocks from edges– Assign customers sequentially
20%Customers p2p
Infrastructure
loo
ps
IP Mgmt
60
Management - Simple Network
• If second allocation is contiguous
– Reverse order of division of first block– Maximise contiguous space for
infrastructure• Easier for debugging
– Customer networks can be discontiguous
Customers Infrastructure 20%Infrastructure Customers
1st allocation 2nd allocation
IP Mgmt
61
Management - Many POPs
• WAN link to single transit ISP
Server
POP1
POP2POP3
IP Mgmt
62
• POP sizes– Choose address pool for each POP according to need
– Loopback addresses• Keep together in one block• Assists in fault-resolution
– Customer addresses • Assign sequentially
Management - Many POPs
Infrastructure
POP 1 POP2
loopbacks
Customer
IP Mgmt
63
Management - Many POPs
• /20 allocation not enough for all POPs?– Deploy addresses on infrastructure first
• Common mistake– Reserving customer addresses on a per
POP basis
• Do not constrain network plans due to lack of address space– Re-apply once address space has been
used
IP Mgmt
Questions ?
The APNIC Database
Introduction and Usage
66
What is the APNIC Database?
• Public network management database– Operated by IRs
• Tracks network resources• IP addresses, ASNs, Reverse Domains,
Routing policies
• Records administrative information• Contact information (persons/roles)• Authorisation
DB
67
Object Types
OBJECT PURPOSE
person contact persons
role contact groups/roles
inetnum IPv4 addresses
inet6num IPv6 addresses
aut-num Autonomous System number
as-macro group of autonomous systems
domain reverse domains
route prefixes being announced
mntner (maintainer) database authorisation
DB
68
Object Templates
whois -t <object type>• Recognised by the RIPE whois client/server
person: [mandatory] [single] [primary/look-up key]address: [mandatory] [multiple] [ ]country: [optional] [single] [ ]phone: [mandatory] [multiple] [ ]fax-no: [optional] [multiple] [ ]e-mail: [optional] [multiple] [look-up key]nic-hdl: [mandatory] [single] [primary/look-up key]remarks: [optional] [multiple] [ ]notify: [optional] [multiple] [inverse key]mnt-by: [optional] [multiple] [inverse key]changed: [mandatory] [multiple] [ ]source: [mandatory] [single] [ ]
% whois -h whois.apnic.net -t person
To obtain template structure, use :
DB
69
Person object - example
– Person objects contain contact informationperson:
address:
address:address:
country:phone:
fax-no:
e-mail:
nic-hdl:mnt-by:
changed:source:
Attributes Values
Ky XanderExampleNet Service Provider2 Pandora St BoxvilleWallis and Futuna IslandsWF+680-368-0844+680-367-1797kxander@[email protected] 20020731APNIC
DB
70
Inetnum object - example
– Inetnum objects contain IP address allocations / assignments
inetnum:netname:descr:descr:country:admin-c:tech-c:mnt-by:mnt-lower:changed:source:
202.51.64.0 - 202.51.95.255 CCNEP-NP-APCommunication & Communicate Nepal Ltd
VSAT Service Provider, Kathmandu NPAS75-APAS75-APAPNIC-HMMAINT-NP-ARUN [email protected] 20010205APNIC
Attributes Values
DB
71
Object Types
inetnum:202.64.10.0 – 202.64.10.255
…admin-c: KX17-APtech-c: ZU-AP…mnt-by: MAINT-WF-EX
…
IPv4 addresses
person:…
nic-hdl: ZU3-AP
…
Contact info
person:…
nic-hdl: KX17-AP
…
Contact info
mntner:MAINT-WF-EX
……
Data protection
DB
72
Why Use the Database?
• Register use of Internet Resources• IP assignments, reverse DNS, etc
– Ascertain custodianship of a resource– Fulfill responsibilities as resource holder
• Obtain details of technical contacts for a network
• Investigate security incidents• Track source of network abuse or “spam” email
DB
73
LIR Registration Responsibilities
1. Create person objects for contacts• To provide contact info in other objects
2. Create mntner object• To provide protection of objects
3. Create inetnum objects for all customer address assignments
• (Allocation object created by APNIC)
http://www.apnic.net/services/whois_guide.html
DB
74
Inetnum:
Allocation (Created by APNIC)
3
Using the DB – step by step
Customer Assignments(Created by LIR)
person:nic-hdl:
KX17-AP
Contact info
1
Data Protection
mntner:2
Inetnum:...KX17-AP
...mnt-by:...
4Inetnum:...KX17-AP
...mnt-by:...
5Inetnum:...KX17-AP
...mnt-by:...
6
75
Basic Database Queries
1. Unix • whois –h whois.apnic.net <lookup key>
2. Web interface• http://www.apnic.net/apnic-bin/whois2.pl
• Look-up keys • usually the object name
– Check the object template for look-up keys• whois –t <object type>
DB
76
Database Query - UNIX
% whois [email protected]
% whois zu3-ap% whois “zane ulrich”
DB
person: Zane Ulrichaddress: ExampleNet Service Provideraddress: 2 Pandora St Boxvilleaddress: Wallis and Futuna Islandscountry: WFphone: +680-368-0844fax-no: +680-367-1797e-mail: [email protected]: ZU3-APmnt-by: MAINT-WF-EXAMPLENETchanged: [email protected] 20020731source: APNIC
77
Database Query - Inetnum
• Notes• Incomplete addresses padded with “.0”• Address without prefix interpreted as “/32”
% whois 203.127.128.0 - 203.127.159.255
% whois SINGNET-SG% whois 203.127.128.0/19
inetnum: 203.127.128.0 - 203.127.159.255netname: SINGNET-SG descr: Singapore Telecommunications Ltd descr: 31, Exeter Road, #02-00, Podium Blockdescr: Comcentre, 0923 country: SGadmin-c: CWL3-APtech-c: CWL3-APmnt-by: APNIC-HM changed: [email protected] 19990803 source: APNIC
DB
78
Advanced Database Queries
– Flags used for inetnum queries
None find exact match
- L find all less specific matches
- m find first level more specific matches
DB
79
inetnum: 202.64.0.0 – 202.64.15.255
202.64.0.0/20
inetnum:
202.0.0.0 – 202.255.255.255
202.0.0.0/8
Database Query - inetnum
202.64.12.128/25
inetnum:
whois -L 202.64.0.0 /20
whois 202.64.0.0 /20
whois –m 202.64.0.0 /20 inetnum:
202.64.15.192/26
inetnum:
202.64.10.0/24More specific (= smaller blocks)
Less specific (= bigger block)
DB
80
Database Update Process
• Create a new object • Change an object• Delete an object
Method 1: Web interface– http://www.apnic.net/services/whois_guide.html
Method 2: Directly by e-mail
DB 2
81
Database Update Process
• Web interface1. Fill out form on web
2. Template is created and sent to you by e-mail
3. Forward to <[email protected]>
• E-mail1. Get template / existing object
2. Send completed template to <[email protected]>
DB 2
Common error: to
reply to the e-mail
82
Updating an existing object
1. Update fields to be changed
2. Add your maintainer password
3. Update the changed attribute
4. Email updated object to: • <[email protected]>
• Note– Primary keys cannot be modified
DB 2
83
Database Update Process
• Deleting an object– Copy object as-is in database into email– Add your maintainer password– Leave the changed attribute– Referenced objects cannot be deleted (02/99)
inetnum: 202.182.224.0 - 202.182.225.255netname: SONY-HK...mnt-by: MAINT-CNS-APchanged: [email protected] 19990617source: APNICpassword: x34zkydelete: no longer required [email protected]
DB 2
84
Parse
Database Mailboxes
Automatic request processing
– Automatic “robot” for all db updates
– Email template for create/update/delete
Database service support
– E-mails answered by APNIC staff
– APNIC response time approx 2 days
DB 2
Helpdesk
Questions ?
Reverse DNS Delegation
Registry Procedures
Rev. DNS
87
What is ‘Reverse DNS’?
– ‘Forward DNS’ maps names to numbers• svc00.apnic.net -> 202.12.28.131
– ‘Reverse DNS’ maps numbers to names• 202.12.28.131 -> svc00.apnic.net
Rev. DNS
88
Hierarchy of IP addresses
• Uses ‘in-addr.arpa’ domain• INverse ADDRess
• IP addresses – written – Less specific to More specific
• 210.56.14.1
• Domain names – written – More specific to Less specific
• delhi.vsnl.net.in
• Reversed in in-addr.arpa hierarchy• 14.56.210.in-addr.arpa
Rev. DNS
89
whois
Root DNSRoot DNS
In-addr.arpa
• Mapping numbers to names - ‘reverse DNS’
net edu com in
whois
apnic
202 203 210 211..202
2222
in-addr
arpa
6464
22.64 .in-addr.202 .arpa
Rev. DNS
90
Reverse DNS - why bother?
• Service denial– That only allow access when fully
reverse delegated eg. anonymous ftp
• Diagnostics– Assisting in trace routes etc
• Registration– Responsibility as a member
Rev. DNS
91
Member Responsibilities
• Ensure that addresses are reverse-mapped– Be familiar with APNIC procedures
• Maintain nameservers for allocations
• Minimise “pollution” of DNS– syntax or configuration errors
Rev. DNS
92
Delegation Procedures
• Complete form at:– http://www.apnic.net/db/domain.html– Online form verifies name servers– Form gives errors, warnings in zone configuration
• Uses database ‘domain’ object• can be updated through webform or via email.
• Protection by maintainer object
• Zone file update 2-hourly
Rev. DNS
93
References
• Reverse DNS Guide• http://www.apnic.net/services/dns_guide.html
• Reverse DNS Form• http://www.apnic.net/db/domain.html
• What are Reverse Delegations?• http://www.apnic.net/db/revdel.html
• Classless Reverse DNS• http://www.ietf.org/rfc/rfc2317.txt
Questions ?
Summary
What we have covered today
96
Summary - Responsibilities
• As an APNIC member and custodian of address space – Be aware of your responsibilities
– Register customer assignments in APNIC database
• Keep this data up-to-date & accurate
– Educate your customers– Document your network in detail
• Keep local records
– Register reverse DNS delegations
97
Summary
• “Do the right thing”
– Think about routing table size & scalability of Internet
– Encourage renumbering
– Announce aggregate prefixes
– Think global not local
Thank you !!
Your feedback is appreciated
Supplementary Reading
100
Introduction
• Regional Registry web sites– APNIC
• http://www.apnic.net
– ARIN • http://www.arin.net
– RIPE NCC • http://www.ripe.net
• APNIC past meetings• http://www.apnic.net/meetings
101
Introduction
• Details of members– http://www.apnic.net/members.html
• Membership – Membership procedure
http://www.apnic.net/membersteps.html– Membership application form
http://www.apnic.net/apnic-bin/membership-application.pl
– Membership fees http://www.apnic.net/docs/corpdocs/FeeSchedule.htm
• Mailing lists– http://www.apnic.net/net_comm/lists/
102
The RIR System
• “Development of the Regional Internet Registry System”– Internet Protocol Journal
• Short history of the Internet
– http://www.cisco.com/warp/public/759/ipj_4-4/ipj_4-4_regional.html
103
APNIC Policies• Classless techniques• CIDR
• http://ftp.apnic.net/ietf/rfc/rfc1000/rfc1517-19.txt• Network Addressing when using CIDR
ftp://ftp.uninett.no/pub/misc/eidnes-cidr.ps.Z• Variable Length Subnet Table
http://ftp.apnic.net/ietf/rfc/rfc1000/rfc1878.txt
• Private Address Space– Address Allocation for Private Internets
• http://ftp.apnic.net/ietf/rfc/rfc1000/rfc1918.txt
– Counter argument: Unique addresses are good• http://ftp.apnic.net/ietf/rfc/rfc1000/rfc1817.txt
104
Policies & Policy Environment
• Policy Documentation – Policies for address space management in
the Asia Pacific region• http://www.apnic.net/docs/policy/add-manage-
policy.html
– RFC2050: Internet Registry IP allocation Guidelines
• http://ftp.apnic.net/ietf/rfc/rfc2000/rfc2050.txt
105
Address Request Procedures
• Addressing Guidelines– Designing Addressing Architectures for Routing
& Switching Howard C. Berkowitz
• Address Request Forms– ISP Address Request Form
http://www.apnic.net/services/ipv4/– Second-opinion Request Form
http://cgi.apnic.net/apnic-bin/second-opinion-request.pl
– No Questions Asked http://ftp.apnic.net/apnic/docs/no-questions-policy
106
APNIC Database
• APNIC Database Documentation– http://ftp.apnic.net/apnic/docs/database-update-
info– http://ftp.apnic.net/apnic/docs/maintainer-request– http://www.apnic.net/apnic-bin/maintainer.pl– http://www.apnic.net/services/whois_guide.html
• RIPE Database Documentation
• Database ‘whois’ Client– http://ftp.apnic.net/apnic/dbase/tools/ripe-dbase-
client.tar.gz– http://www.apnic.net/apnic-bin/whois2.pl
107
In-addr.arpa
• Request Forms– http://www.apnic.net/db/revdel.html– http://www.apnic.net/db/domain.html
• Classless Delegations– http://ftp.apnic.net/ietf/rfc/rfc2000/rfc2317.txt
• Common DNS data file configuration errors– http://ftp.apnic.net/ietf/rfc/rfc1000/rfc1537.txt
• Domain name structure and delegation– http://ftp.apnic.net/ietf/rfc/rfc1000/rfc1591.txt
• Domain administrators operations guide– http://ftp.apnic.net/ietf/rfc/rfc1000/rfc1033.txt
108
In-addr.arpa
• Taking care of your domain– ftp://ftp.ripe.net/ripe/docs/ripe-114.txt
• Tools for DNS debugging– http://ftp.apnic.net/ietf/rfc/rfc2000/rfc2317.txt
• Common Errors– NS not reachable, NS not set up– Domain not fully qualified (dot missing)– Entries in zone which do not belong there– More/less Nses listed than applied for– Nses cache different information– Source of a zone (as listed inSOA) not in NS RR
109
In-addr.arpa
• Common Errors cont’d– CNAME Problem
• Old versions of BIND cannot do recursive lookups
– NS name contains unusual characters• Underscore not permitted
– In addition for /16 delegations:• APNIC should be listed as secondary
110
Other Supplementary Reading
• Operational Content Books– ISP Survival Guide - Geoff Huston
• BGP Table– http://www.telstra.net/ops/bgptable.html– http://www.merit.edu/ipma/reports– http://www.merit.edu/ipma/routing_table/mae-
east/prefixlen.990212.html– http://www.employees.org/~tbates/
cidr.hist.plot.html
• Routing Instability– http://zounds.merit.net/cgi-bin/do.pl
111
Other Supplementary Reading
• Routing & Mulithoming– Internet Routing Architectures - Bassam
Halabi – BGP Communities Attribute
• http://ftp.apnic.net/ietf/rfc/rfc1000/rfc1997.txt• http://ftp.apnic.net/ietf/rfc/rfc1000/rfc1998.txt
– Multihoming• Using a Dedicated AS for Sites homed to a
Single Provider http://ftp.apnic.net/ietf/rfc/rfc2000/rfc2270.txt
112
Other Supplementary Reading
• Filtering– Egress Filtering
http://www.cisco.com/public/cons/isp– Network Ingress Filtering: Defeating Denial of
Service Attacks which employ IP Source Address Spoofing http://ftp.apnic.net/ietf/rfc/rfc2000/rfc2267.txt
• Dampening– case studies at
http://www.cisco.com/warp/public/459/16.html
• Traceroute Server– http://nitrous.digex.net
113
Other Supplementary Reading
• Renumbering– Network Renumbering Overview: Why
Would I Want It and What Is It Anyway?• http://ftp.apnic.net/ietf/rfc/rfc2000/rfc2071.txt
– Procedures for Enterprise Renumbering• http://www.isi.edu/div7/pier/papers.html
• NAT– The IP Network Address Translator
• http://ftp.apnic.net/ietf/rfc/rfc1000/rfc1631.txt
114
APNIC Mailing Lists
• apnic-talk– Open discussion relevant to APNIC community and
members • e.g. policies, procedures etc
• apnic-announce– Announcements of interest to the AP community
• ipv6-registry– IPv6 allocation and assignment policies
• http://www.apnic.net/net_comm/lists/• subscribe via <[email protected]>• archives at http://ftp.apnic.net/apnic/mailing-lists