Local Internet Registries. Training Course. 1 Welcome to the IP Tutorial 26 January 2001 RIPE Network Co-ordination Centre

Local Internet Registries. Training Course. 2 Schedule Requesting Address Space Introduction to RIPE NCC Global Registry System Initial Administrivia of Becoming LIR First Request Completing the request form Communication with hostmasters Customer’s Request Elementary evaluation RIPE Database Evaluation of specific assignment cases Large request PI request Renumbering Assignment Window New allocation IPv6

Local Internet Registries. Training Course. 3 Introduction to RIPE NCC

Local Internet Registries. Training Course. 4 What is the RIPE NCC? Network Co-ordination Centre –The RIPE NCC is a “co-ordination” and support service for its members and RIPE community One of 3 Regional Internet Registries (RIR) Why a NCC ? Actions agreed in RIPE community needed –continuity and professionalism –neutrality and impartiality

Local Internet Registries. Training Course. 5 RIPE NCC History Birth - April 1992 –TERENA legal umbrella Became RIR in September 1992 Contributing LIRs in 1995 In 1998 independent A new structure (ripe-161) –not-for-profit association –General Assembly of all members –Executive Committee of elected nominees

Local Internet Registries. Training Course. 6 Formal Decision Making “Consensus” Model RIPE proposes activity plan RIPE NCC proposes budget to accompany activity plan (ripe-213) General Assembly votes on both activities and budget at yearly meeting

Local Internet Registries. Training Course. 7 Vital Statistics Statistics 1992 –3 staff members –No Local IR’s –182,528 hosts in European Internet –7,955 objects in RIPE database (June ‘92) Statistics Now –67 staff (22 nationalities)  2,526+ participating Local IR’s  12,088,135+ countable hosts in the RIPE NCC region  3,537,049+ objects in the database

Local Internet Registries. Training Course. 8 RIPE NCC Member Services Registration Services –IPv4 addresses –IPv6 addresses –AS numbers –LIR Training Courses Reverse domain name delegation –NOT registering domain names Test Traffic Measurements

Local Internet Registries. Training Course. 9 RIPE NCC Public Services  RIPE whois database maintenance  Routing Registry Maintenance (RR) Co-ordination –RIPE support –Liaison with: LIRs / RIRs / ICANN / etc … Information dissemination Maintenance of tools –

Local Internet Registries. Training Course RIPE Database (1) Public Network Management Database Information about objects IP address space inetnum, inet6num reverse domainsdomain routing policies route, aut-num contact detailsperson, role, mntner Server whois.ripe.net UNIX command line queries

Local Internet Registries. Training Course RIPE Database (2) Software Management server and client –NOT relational –RIPE NCC –Database Working Group (RIPE community) Data Management –LIRs –other users –RIPE NCC Information content not responsibility of RIPE NCC Protection mechanisms not default, but strongly encouraged

Local Internet Registries. Training Course RIPE Database v 3.0 New language (RFC-2622) Routing Policy Specification Language –allows for more refined policy details –will eventually replace ripe-181 –transition to RPSL will be smooth RPSL mirror of RIPE DB –rpsl.ripe.net Test re-implementation server –queries: reimp.ripe.net at port 4343 –updates:

Local Internet Registries. Training Course Summary: RIPE & RIPE NCC Two separate organisations, closely interdependent RIPE –open forum for discussing policies RIPE NCC –legitimate, not-for-profit association –formal membership –neutral and impartial

Local Internet Registries. Training Course Questions?

Local Internet Registries. Training Course Terminology Internet Registry System

Local Internet Registries. Training Course Terminology Allocation –address space given to registries which is held by them to assign to customers Assignment –address space given to end-users for use in operational networks assignment /20 allocation = 4096 addresses assignment

Local Internet Registries. Training Course Classful Notation 16,777,216 65,536 networkhost 8 16 Class A Class B Class C Obsolete because of – depletion of B space – too many routes from C space Solution – Classless Inter Domain Routing  hierarchical address space allocation

Local Internet Registries. Training Course Classless Notation AddressesPrefixClassfulNet Mask... 8 / / / / / /241 C /2016 C’s /1932 C’s /18 /17 /16 64 C’s 128 C’s 1 B 

Local Internet Registries. Training Course Goals of the Internet Registry System Aggregation Conservation Registration –uniqueness

Local Internet Registries. Training Course Regional Registry Structure IANA / ICANN RIPE NCCARINAPNIC Enterprise Local IR Local IR / ISP Local IR ISP ISP / End user

Local Internet Registries. Training Course Service Regions

Local Internet Registries. Training Course Initial Administrivia of Becoming LIR

Local Internet Registries. Training Course Becoming LIR Completed application form (ripe-212)  Provided Reg-ID & contact persons –  Read relevant RIPE documents Signed contract (ripe-191) –agreed to follow policies and procedures *Paid the sign-up & yearly fee –

Local Internet Registries. Training Course Contact Persons  Stored in RIPE NCC internal file for each registry –confidential Only registered contact persons can –send requests to hostmasters –change contact information  Use ‘role’ object –for multiple admin-c and tech-c Always sign your messages PGP optional (soon)  Members’ mailing lists – (lst-localir) – (lst-contrib)

Local Internet Registries. Training Course Registry Identification (RegID) Distinguishes between contributing registries and individuals Format. Include with every message Suggestion - modify mail header X-NCC-RegID: nl.bluelight

Local Internet Registries. Training Course New Registry’s First Request Completing the request form Communication with the hostmaster

Local Internet Registries. Training Course Sample First Request  Example: Blue Light Internet Example LIR wants a block of IP addresses –e.g. for own network / infrastructure do not include needs of customers yet Steps:  Complete request form ripe-141  Send request to  RIPE NCC evaluate and approve request With the first assignment RIPE NCC allocates /20 to the LIR

Local Internet Registries. Training Course Request Form ripe-141 I. General Information Overview of Organisation Contact Information Current Address Space Usage II. The Request Request Overview Addressing Plan III. Database Information IV. Optional Information

Local Internet Registries. Training Course Completing the Request Form (starting from Addressing Plan) Gathering Information Design of the network –how many physical segments it will consist of –what is each segment going to be used for including equipment used –how many hosts are in each segment –expectations of growth

Local Internet Registries. Training Course dynamic dial-up Amsterdam web/mail/ftp servers Amsterdam customers’ servers Amsterdam training room LAN Amsterdam Amsterdam office LAN (*1) dynamic dial-up Utrecht web/mail/ftp servers Utrecht Inet cafe Utrecht training room LAN Utrecht Totals (*1) Office LAN = workstations, router, 2 printers and 1 fileserver Relative Subnet Mask Size Imm 1yr 2yr Description Prefix #[ Addressing Plan Template ]#

Local Internet Registries. Training Course #[ Request Overview Template ]# request-size: 448 addresses-immediate: 170 addresses-year-1: 297 addresses-year-2: 342 subnets-immediate: 6 subnets-year-1: 8 subnets-year-2: 9 Totals: inet-connect: YES, already connected to “UpstreamISP” country-net: NL  private-considered: Yes request-refused: NO  PI-requested: NO  address-space-returned: /25, to UpstreamISP, “in 3 months”

Local Internet Registries. Training Course #[ Current Address Space Usage Template ]# Prefix Subnet Mask Size Imm 1yr 2yr Description Dynamic dial-up A’dam Amsterdam office LAN Utrecht office LAN Mail servers Totals Actual addresses

Local Internet Registries. Training Course #[Person template]# person: address: phone: nic-hdl: mnt-by: changed: source: Jan Jansen Blue Light Internet Oudezijds Achterburgwal 13 Amsterdam The Netherlands AUTO-1 BLUELIGHT-MNT RIPE * *

Local Internet Registries. Training Course #[Network template]# inetnum: netname: descr: country: admin-c: tech-c: status: mnt-by: changed: source: x.x.x.x/23 BLUELIGHT-1 Company infrastructure in both locations NL AB231-RIPE AUTO-1 ASSIGNED PA BLUELIGHT-MNT RIPE * *

Local Internet Registries. Training Course Communication with

Local Internet Registries. Training Course Ticketing System Unique ticket number –facilitates retrieval / archiving –NCC#YYYYMMXXXX e.g. NCC# Check status of ticket on the web – open ncc open reg closed –age of your ticket and oldest ticket in queue

Local Internet Registries. Training Course Hostmaster-robot Checks request form –Reg-ID, contact persons –syntax –policy problems Acknowledgement & diagnostics –LONGACK Error message –correct & re-send the request –use the same ticket number –NOAUTO No errors: hostmaster wait-queue –“ongoings” directly to hostmasters

Local Internet Registries. Training Course Frequently Asked Questions List of answers – Short tips and tricks – Ask hostmaster – –include your Reg-ID Supporting Notes for the European IP Address Space Request Form (ripe-142)ripe-142

Local Internet Registries. Training Course Request Approved With the first ASSIGNMENT approved LIR automatically gets an ALLOCATION –/20 (4096 addresses)  RIPE NCC hostmaster enters allocation and assignment objects into the RIPE database at this timeallocationassignment -/24 & /25 & /26 (448) instead of /23 (512) Whole allocated range can be announced immediately Every request has to be sent for approval to RIPE NCC –addresses for LIRs own infrastructure –all customers’ request

Local Internet Registries. Training Course Questions?

Local Internet Registries. Training Course Customer’s Request Evaluation Basic Database Issues

Local Internet Registries. Training Course RIPE NCC evaluation Assignment Process Documentation completed? Completing ripe-141 update local records update RIPE database notify customer no yes  Assignment Gathering information Documentation completed? no approval Customer

Local Internet Registries. Training Course Gathering Information One request form per customer Ask the same questions RIPE NCC asks LIR –enough information to complete ripe-141 Add comments  Example: Goody 2 Shoes Example

Local Internet Registries. Training Course Before Submitting the Request  Web formform –filling in the requests –syntax check – –ftp://ftp.ripe.net/tools/web141.pl.cgiftp://ftp.ripe.net/tools/web141.pl.cgi Complete documentation reduces need for iteration All the data communicated with RIPE NCC is kept strictly confidential Documentation for RIPE NCC has to be in English

Local Internet Registries. Training Course Evaluation -- General Information #[Overview of organisation template]# information relevant to the address space request –Name and location of the company? –What are the company activities? –What is the structure? Does it have subsidiaries and where? For what part of the company are the addresses requested? #[Requester Template]# –LIR contact for RIPE NCC #[User Template]# –customer’s contact for LIR

Local Internet Registries. Training Course Evaluation -- Addressing Plan Do totals in “Addressing Plan” match numbers in “Request Overview”? Are all subnets classless? –are the subnet masks real? Utilisation and efficiency guidelines: 25% immediately, 50% in one year Can address space be conserved by using –different subnet sizes? –avoiding padding between subnets?

Local Internet Registries. Training Course Evaluation -- Network Template inetnum value (look-up key, unique) –specifies the size of assignment –actual range is not necessary Relevant netname (look-up key, not unique) –descriptive; uppercase letters, numbers & “-” RIPE NCC’s only reference to LIR’s assignment Contact persons –can be multiple  reference nic-hdls (may be a role object) –admin-c responsible for the network, able to make decisions –tech-c technical setup of the network

Local Internet Registries. Training Course Wait for the approval from prior to assignment and registration Decide on the range of addresses within your address space –classless assignment on bit boundary Update local records for later refference –archive original documents with assignment Assignment for customer’s network Assignment for LIR’s network Internal Administration

Local Internet Registries. Training Course Assignments to (Small) ISPs LIR cannot allocate address space to an ISP If the customer of LIR is an ISP, distinguish –ISP’s infrastructure –ISP’s customers Separate assignments need to be –requested –evaluated / approved –registered in the RIPE Database  Avoid overlapping assignments –i.e. “big” assignment/object for ISP & all its customers, plus for separate customers

Local Internet Registries. Training Course Creating Database Objects

Local Internet Registries. Training Course Creating person Object Check if person object exists in RIPE DB –whois {person’s name; address} –only one object per person Obtain and complete a template  whois -t person –-v (verbose)  Send to Each person object has unique nic-hdl

Local Internet Registries. Training Course whois -t person person: [mandatory] [single] [primary/look-up key] address: [mandatory] [multiple] [ ] [optional] [multiple] [look-up key] phone: [mandatory] [multiple] [ ] notify: [optional] [multiple] [inverse key] mnt-by: [optional] [multiple] [inverse-key] nic-hdl: [mandatory] [single] [primary/look-up key] changed: [mandatory] [multiple] [ ] source: [mandatory] [single] [ ]

Local Internet Registries. Training Course person: Jan van der Bruk... nic-hdl: AUTO-#initials AUTO-2JVDB nic-hdl person: Piet Bakker... nic-hdl: AUTO-1 PB1234-RIPE Mandatory attribute Only way to clear ambiguity in person objects Format: - –e.g. AB123-APNIC, CD567-RIPE Combination of person name and nic-hdl is the primary key for person object  Use “AUTO-#” placeholders JVDB1-RIPE

Local Internet Registries. Training Course Responses Successful update –acknowledgement Warnings –object accepted but might be ambiguous –object corrected and accepted Errors –object NOT corrected and NOT accepted –diagnostics in acknowledgement If not clear send questions to –include error report

Local Internet Registries. Training Course Creating Network Object inetnum –insert the address range in the ‘network template’ from the request form approved by the hostmasters  keep the same netname attribute –in the change attribute use current date or leave out the date completely Send to –with the keyword NEW in the subject line

Local Internet Registries. Training Course Check Your Database Data Before you notify the customer –whois [customer’s IP range] –whois [customer’s netname] not unique search key –whois -m [your allocated IP range] will show list of all LIR’s first level customer(s) network(s) first level more specific address ranges –whois -L [customer’s IP range] will show LIR’s own allocation object

Local Internet Registries. Training Course Example DB Query / /25 BLUELIGHT GOODY2SHOES whois -M /19 whois -m /19 whois -L ENGOS /29 ENGO /29 ENGO-8

Local Internet Registries. Training Course Notify the Customer Make sure customer has same data as you –cut and paste output of the whois query Address space is considered in use only if registered in the RIPE Database Register all end-users separately –avoid overlapping inetnum objects

Local Internet Registries. Training Course Questions?

Local Internet Registries. Training Course Evaluation of Specific Assignment Cases ‘Large’ Request PI request Renumbering

Local Internet Registries. Training Course ‘Large’ Request

Local Internet Registries. Training Course Submitting a Large Request Complete ripe-141 request form –only include addresses you have concrete need for (no reservations) Possible additional information –pointer to web site  deployment plan  new technologies  purchase receipts  topology map (design of the network) can be faxed handled and kept confidentially include ticket number and Reg-ID

Local Internet Registries. Training Course Current Address Space Usage Evaluation Are there any previous assignments? –ask customer Querying the RIPE Database –whois.ripe.net exact match – 1full text search using glimpse 2whois web interface Can request be fulfilled with previous assignment?

Local Internet Registries. Training Course Private Address Space RFC-1918 (Address Allocation for Private Internets) Suitable for –partial connectivity –limited access to outside services can use application layer gateways (fire walls, NAT) Motivation –saves public address space –allows for more flexibility –security

Local Internet Registries. Training Course Sample Deployment Plan Needed when big expansion planned Matching addressing plan Relative Subnet Mask Size Imm. 1yr 2yr Description Prefix London POP Berlin POP Moscow POP Paris POP Planned operational Date Equipment ordered Type of Equipment Number of hosts Location 01/ / / / / modems 2048 London Berlin Paris Moscow

Local Internet Registries. Training Course (New) Technologies If special hardware/software is used include the URLs of manufacturer’s sites if available Special allocation and verification procedures apply  static dial up assignments  IP based virtual web hosting cable modems, ADSL GPRS? –recommended investigate and implement dynamic assignment technologies whenever possible } STRONGLY DISCOURAGED

Local Internet Registries. Training Course PI Request

Local Internet Registries. Training Course PA vs. PI Assignments Provider Aggregatable customer uses addresses out of LIR’s allocation good for routing tables  customer must renumber if changing ISP Provider Independent customer receives range of addresses from RIPE NCC customer takes addresses when changing ISP  possible routing problems Make contractual agreements –example: ripe-127 –the only way to distinguish PA and PI space

Local Internet Registries. Training Course Requesting PI Space LIR sends request on behalf of PI customer Complete ripe-141 as usual Differences: #[Request Overview Template]# PI-requested: YES #[Network Template]# status: ASSIGNED PI Explain why the customer wants PI –aware of the consequences?

Local Internet Registries. Training Course Evaluation of PI Request Conservative estimates –will NOT get more addresses (then needed) to prevent routing problems Classless Assignment is only valid as long as original criteria remain valid (ripe-185) After approval –RIPE NCC assigns a block from own range –RIPE NCC puts assignment in database  with RIPE-NCC-HM-PI-MNT

Local Internet Registries. Training Course Example PI DB Entry inetnum: netname:GOODY2SHOES-2 descr:Own Private Network 4 Goody2Shoes descr:Amsterdam, Netherlands country:NL admin-c:PIBA2-RIPE tech-c:JAJA1-RIPE status:ASSIGNED PI mnt-by:RIPE-NCC-HM-PI-MNT mnt-by:BLUELIGHT-MNT source:RIPE

Local Internet Registries. Training Course Renumbering … is easy!

Local Internet Registries. Training Course When to Send Renumbering Request? –Customer(s) changing providers already using address space returning PA addresses to OldISP renumbering to the PA range of NewISP –Changing from PI (or UNSPECIFIED) to PA –Only if amount is above LIR’s AW Procedure made easier as to encourage –if many customers ‘1-1’ renumbering, all in one request form Time frame guidelines - 3 months More info:

Local Internet Registries. Training Course Questions?

Local Internet Registries. Training Course Assignment Window Policies and Procedures

Local Internet Registries. Training Course Assignment Window Policy Assignment Window –maximum amount of address space LIR can assign without prior approval of the NCC  initially AW equals zero  gradually raised Why necessary? –support to LIRs during start up –familiarisation with RIPE NCC procedures –align criteria for request evaluation –maintain contact between LIRs and RIPE NCC

Local Internet Registries. Training Course Initially: AW=0 Send EVERY customer’s request and EVERY request for assignment to your own infrastructure / network to the RIPE NCC for evaluation Separate request forms needed Do not send too many at the same time

Local Internet Registries. Training Course When is AW Size Raised Understood procedures Complete NCC documentation Experience –with RIPE Database –different policies –evaluating and processing requests Not always automatically raised  approach us

Local Internet Registries. Training Course When is AW Size Lowered New staff need training  After negative auditing report  To enforce payment  To find out the AW size –asm-window line –write to

Local Internet Registries. Training Course Assignment Window Size AssignmentLocal IR Assignment limit Window(host addresses) AW =0All new Registries AW =/28requests  16 addr AW =/27requests  32 addr AW =/26requests  64 addr... AW =/22requests  1024 addr AW =/21requests  2048 addr …... AW size corresponds to average size of requests AW is per 12 months per customer Increasing Responsibility of Local IR

Local Internet Registries. Training Course Assignment Process Between Local IR’s and their customers Documentation completed? ask for more Documentation LIR Evaluate request no yes Gathering information Approach RIPE NCC Evaluation request > AW? need 2nd opinion? yes no Finish the assignment no ye s

Local Internet Registries. Training Course Update RIPE database Assignment Process Add Registry ID Add comments & recommendations Send to RIPE NCC Complete the request form Update local records Notify customer Pick addresses Wait for acknowledgement RIPE NCC evaluates & approves ( Finish the assignment ) ( Approach RIPE NCC ) ( Finish the assignment )

Local Internet Registries. Training Course Questions?

Local Internet Registries. Training Course New allocation

Local Internet Registries. Training Course Allocation Procedures ‘Slow Start’ –first allocation /20 LIR announces the whole prefix –size of future allocations depends on current usage rate presumably enough for next two years not always contiguous Motivation for ‘slow start’ –fair distribution of address space –keeps pace with customer base growth –slows down exhaustion of IPv4 address space

Local Internet Registries. Training Course Motivation for ‘No Reservations’ Policy Def.: Address space set aside for future use Reservations may never be claimed –customers may need more (or less) address space than is reserved Administrative convenience not catered for Fragments address space => –requesting new allocation appropriate when previous allocated space used ~ 80% !

Local Internet Registries. Training Course Requesting New Allocation Send to NOT ripe-141 form NEWBLOCK in the subject line for higher priority –summary of addresses assigned / free –list assignments of the last allocation Suggested format: Allocation: /19 assigned: 7372 free: 820 Range Netname BLUELIGHT GOODY2SHOES CYB-FAL ENGOS-1...

Local Internet Registries. Training Course Evaluation of New Allocation Request Are LIR’s records consistent with RIPE NCC’s local records RIPE database –RIPE NCC wants to see 3 random requests Are all assignments valid? within AW correct netname attribute & the date Quality of RIPE DB records up-to-date person & role objects no overlapping inetnum objects Tool available: asused-public

Local Internet Registries. Training Course Prior to Making New Allocation If inconsistencies are found –LIR will be asked to correct data first –AW is reviewed When data is corrected or deadline for correction is set –RIPE NCC allocates new block to LIR  updates the DB LIR announces new prefix

Local Internet Registries. Training Course Allocation inetnum Object inetnum: netname: NL-BLUELIGHT descr: Provider Local Registry country: NL admin-c: JJ231-RIPE tech-c: JAJA1-RIPE status: ALLOCATED PA mnt-by: RIPE-NCC-HM-MNT mnt-lower: BLUELIGHT-MNT changed: changed: changed: source: RIPE

Local Internet Registries. Training Course Questions?

Local Internet Registries. Training Course IPv6

Local Internet Registries. Training Course Why IPv6? Next generation protocol –scalability bits addresses –security –dynamic hosts numbering –QoS Interoperable with IPv4 simple and smooth transition –hardware vendors –applications

Local Internet Registries. Training Course IPv6 Introduction Current format boundaries |-3|--13-|--13-|-6-|--13-|--16--| bits-----| |FP|-TLA-|-sub-|Res|-NLA-|--SLA-|---Interface ID---| |--|-ID--|-TLA-|---|--ID-|--ID--| | |----public topology ----|-site-|-----Interface----| /23 /29 /35 /48 /64 Classfull; another level of hierarchy –(sub)TLA –NLA –SLA Hexadecimal representation of addresses

Local Internet Registries. Training Course IPv6 Allocation Policies "Provisional IPv6 Assignment and Allocation Policy Document” (ripe-196) –discussion on and Bootstrap Phase Criteria Peering with 3  Ases AND Plan to provide IPv6 services within 12 months  40 IPv4 customers AND either OR 6bone experience

Local Internet Registries. Training Course IPv6 Allocations Request form (ripe-195) ”Slow start” –first allocation to a TLA Registry will be a /35 block representing 13 bits of NLA space –additional 6 bits reserved by RIR for the allocated sub-TLA for subsequent allocations Reverse Delegation of an IPv6 Sub-TLA – IANA allocations –APNIC 2001:0200::/23(23 subTLAs) –ARIN 2001:0400::/23(12 subTLAs) –RIPE NCC 2001:0600::/23(25 subTLAs)

Local Internet Registries. Training Course Database Object inet6num:2001:0600::/23 netname: EU-ZZ descr: RIPE NCC descr: European Regional Registry country: EU admin-c: MK16-RIPE admin-c: DK58 tech-c: OPS4-RIPE status: SUBTLA mnt-by: RIPE-NCC-HM-MNT mnt-lower: RIPE-NCC-HM-MNT changed: source: RIPE

Local Internet Registries. Training Course Questions?

Local Internet Registries. Training Course The End … unless... Reverse Delegation AS Numbers Advanced database issues Advanced reverse delegation Routing Registry Administrivia –audit activity, billing, closing LIR

Local Internet Registries. Training Course Reverse Delegation Procedures

Local Internet Registries. Training Course What is Forward and Reverse DNS Delegation ? Forward Delegation –enables naming of IP hosts on the Internet –hierarchical authority for domain registration organisational structure Reverse Delegation –enables association of IP addresses with domain names –hierarchical authority for reverse zone depends on who distributed the address space –reverse delegation takes place on octet boundaries

Local Internet Registries. Training Course IN-ADDR.ARPA Domain. (ROOT) edu arpa com net nl in-addr = in-addr.arpa bluelight www Forward mapping Reverse mapping (A ) (PTR amsterdam

Local Internet Registries. Training Course Why Do You Need Reverse DNS Delegation ? All host-IP mappings in the DNS (A record) should have a corresponding IP-host mapping (PTR record) Failure to have this will likely –block users from various services (ftp, mail) –make troubleshooting more difficult –produce more useless network traffic in general

Local Internet Registries. Training Course Overview of the Request Procedure LIRs have to request reverse delegation /24 zones are delegated –to LIR / end-user –as the address space gets assigned Steps  valid assignment of address space  /24 reverse zone setup  on LIR or end-users nameserver(s), or both  send domain object to include Reg-ID

Local Internet Registries. Training Course “Valid” Assignment According to ripe-185 policies  Within “Assignment Window” -or approved from RIPE NCC Hostmaster inetnum object registered in RIPE Database –netname attribute is NCC's only reference if assignment approved do NOT change netname without notifying  this is mentioned when we approve your IP requests –registered after the approval date

Local Internet Registries. Training Course /24 Reverse Zone Setup Recommendations At least two nameservers required –one nameserver setup as primary –at least one other as secondary SOA values reasonably RFC1912 compliant Nameservers not on same physical subnet –preferably with another provider Serial numbers YYYYMMDDnn format

Local Internet Registries. Training Course Example domain Object whois -t domain domain: in-addr.arpa descr: Reverse delegation for Bluelight Customers admin-c: JJ231-RIPE tech-c: JAJA1-RIPE zone-c: WF2121-RIPE nserver: ns.bluelight.nl nserver: ns2.bluelight.nl mnt-by: BLUELIGHT-MNT changed: source: RIPE *

Local Internet Registries. Training Course Request the Delegation Send domain template to –an automatic mailbox Tool will –check assignment validity –check if zone is correctly setup –(try to) enter object to RIPE DB

Local Internet Registries. Training Course Problems with inaddr Robot? Error report will be sent to requester –correct errors and re-send For questions see FAQ If error reports continue –contact –please include the full error report

Local Internet Registries. Training Course < /24 Delegations Reverse delegation is also possible for a /24 shared by more customers => NOT reason for classfull assignments RIPE NCC reverse delegate authority for the entire /24 to LIR –procedure and requirements the same as for /24 If customer wants to run own primary nameserver –LIR delegates parts as address space gets assigned –use CNAME to create an extra point of delegation (RFC-2317)

Local Internet Registries. Training Course $ORIGIN in-addr.arpa IN NS ns.goody2shoes.nl IN NS ns2.bluelight.nl IN NS ns.cyberfalafel.nl IN NS ns2.bluelight.nl. 0 IN CNAME IN CNAME IN CNAME IN CNAME IN CNAME IN CNAME IN PTR  CNAME Example Zonefile at Provider Primary Nameserver

Local Internet Registries. Training Course  CNAME Example Zonefiles at Customers’ Nameservers $ORIGIN IN NS IN NS ns2.bluelight.nl. 1INPTRwww.goody2shoes.nl. 2INPTRmail.goody2shoes.nl INPTRkantoor.goody2shoes.nl. $ORIGIN IN NS IN NS ns2.bluelight.nl. 33INPTRwww.cyberfalafel.nl INPTRcafe3.cyberfalafel.nl.

Local Internet Registries. Training Course Questions?

Local Internet Registries. Training Course Autonomous System Numbers

Local Internet Registries. Training Course AS3 AS2 AS3 Policy Based Routing Internet NEW end-user end-user ISP Regional Transit Provider Backbone Provider BlueLight Goody2Shoes

Local Internet Registries. Training Course Autonomous System Definition: a group of IP networks run by one or more network operators which has a unique and clearly defined routing policy RIR is allocated a range of AS numbers by IANA –16 bit number RIR assigns unique AS number –for LIR or for the customer * AS number, routing policy and originating routes are registered in the Routing Registry

Local Internet Registries. Training Course How To Get an AS Number ? Complete request form: ripe-147 –aut-num object template contact person(s)  mntner object template –address space to be announced with this AS# Send to –web syntax check: Being multihomed and routing policy are mandatory

Local Internet Registries. Training Course RIPE-181 Language RIPE-181 used to describe routing policies Developed in PRIDE project –accepted in IRR and translated into RFC-1786 Example syntax: aut-num: NEW as-out: to AS3 announce NEW as-in: from AS2 200 accept AS2 Cost defines the preference –the lower the cost, the more preferred route –cost relative per aut-num object

Local Internet Registries. Training Course AS Example #1 NEW aut-num: NEW as-out: to AS2 announce NEW Internet aut-num: AS3 AS3 AS2 aut-num: AS2 as-out: to NEW announce ANY as-in: from NEW 20 accept NEW as-in: from AS3 100 accept ANY as-in: from AS2 10 accept AS2 as-out: to NEW announce AS2 as-in: from NEW 10 accept NEW as-out: to AS3 announce NEW

Local Internet Registries. Training Course NEW aut-num: NEW as-out: to AS2 announce NEW Internet aut-num: AS3 AS3 AS2 aut-num: AS2 as-out: to NEW announce ANY as-in: from NEW 20 accept NEW as-in: from AS3 100 accept ANY as-in: from AS2 10 accept AS2 as-out: to NEW announce AS2ANY as-in: from AS2 200 accept ANY AS Example #2 as-in: from NEW 10 accept NEW as-out: to AS3 announce NEW

Local Internet Registries. Training Course Registration in RIPE Database Evaluation RIPE NCC hostmaster - creates aut-num object (and maintainer) - informs requester User is responsible for keeping up to date –routing policy –referenced contact info (person/role, mntner) RIPE NCC hostmaster regularly checks consistency of data in Routing Registry –

Local Internet Registries. Training Course aut-num: NEW descr: Bluelight AS# as-in: from AS2 10 accept AS2 as-in: from AS2 200 accept ANY as-in: from AS3 100 accept ANY as-out:to AS3 announce NEW as-out: to AS2 announce NEW default:AS2 5 admin-c: JJ231-RIPE tech-c: JAJA1-RIPE mnt-by: NEW-MNT changed: source: RIPE aut-num Template AS42 BLUELIGHT-MNT * Object

Local Internet Registries. Training Course Questions?

Local Internet Registries. Training Course Advanced Database Issues DB administration – using role object – updating – deleting Protection Test Database

Local Internet Registries. Training Course ‘role’ Object % whois -h whois.ripe.net -t role role: [mandatory] [single] [primary/look-up key] address: [mandatory] [multiple] [ ] phone: [optional] [multiple] [ ] fax-no: [optional] [multiple] [ ] [mandatory] [multiple] [look-up key] trouble: [optional] [multiple] [ ] admin-c: [mandatory] [multiple] [inverse key] tech-c: [mandatory] [multiple] [inverse key] nic-hdl: [mandatory] [single] [primary/look-up key] remarks: [optional] [multiple] [ ] notify: [optional] [multiple] [inverse key] mnt-by: [optional] [multiple] [inverse key] changed: [mandatory] [multiple] [ ] source: [mandatory] [single] [ ]

Local Internet Registries. Training Course Role Object for Contact Persons role: BlueLight Contact Role description:Hostmaster for Blue Light BV admin-c: JAJA1-RIPE tech-c: AB321-RIPE tech-c: WF2121-RIPE trouble: 24/7 phone number: nic-hdl:BL112-RIPE notify: notify: mntner:BLUELIGHT-MNT source: RIPE

Local Internet Registries. Training Course Inverse Lookups in RIPE DB whois -i {attribute} {value} whois -i admin-c,tech-c,zone-c JAJA1-RIPE –whois -i admin-c,tech-c,zone-c -T domain JAJA1-RIPE –whois -i zone-c JAJA1-RIPE whois -i mnt-by BLUELIGHT-MNT whois -i notify

Local Internet Registries. Training Course Recursive Lookups whois => inetnum,route,person(s) –whois -r => inetnum, route –whois -T inetnum => inetnum,persons –whois -r -T inetnum => inetnum –whois -T route => route whois => inetnum, role, person –whois CREW-RIPE => role, persons –whois -r CREW-RIPE => role

Local Internet Registries. Training Course DB Update Procedure Changing an object –make needed changes –keep the same primary key –add the changed line to the new version of object value: address and date keep the old changed lines in *do not forget authentication (password, PGP key)  Deleting an object –add delete line to the exact copy of current object –value: address, reason and date –submit to the database

Local Internet Registries. Training Course Inetnum: person: JAJA1-RIPE Case Study -- Contact Person Left 1. whois -i tech-c JAJA1-RIPE 2. Create new person object ( for Carl Dickens, new guy ) 3. Change the tech-c reference in all inetnum objects 4. Delete old person object Inetnum: JAJA1-RIPE... CD2-RIPE person:

Local Internet Registries. Training Course JJ231-RIPE JJ231-RIPE Replacing tech-c Using role Object 1. Create person object for each tech-c 2. Create role object for all tech-c:s 3. Change the tech-c reference in all inetnum objects to reference role object 4. Keep role object up-to-date with staff changes JJ231-RIPE BL112-RIPE... BL112-RIPE CD2-RIPE JJ231-RIPE role: person: CD2-RIPE person:

Local Internet Registries. Training Course Deleting an Object (example) person: Piet Bakker address: Goody 2 Shoes address: Warmoesstraat 1 address: Amsterdam phone: nic-hdl: PIBA2-RIPE changed: source: RIPE delete: duplicate object Exact copy of the DB object

Local Internet Registries. Training Course Protecting DB Objects

Local Internet Registries. Training Course Notification / Authorisation notify attribute (optional) –sends notification of change to the address specified  mnt-by attribute & mntner object –objects that contain mnt-by must pass the authentication rules in the mntner object  Hierarchical authorisation for inetnum & domain objects –mnt-lower attribute

Local Internet Registries. Training Course How To Protect DB Data Read documents (ripe-157, ripe-189)  choose authentication method  Create mntner object Existing objects must be updated –include mnt-by attribute referencing mntner object When creating new objects –include mnt-by attribute referencing mntner object

Local Internet Registries. Training Course Authorisation Mechanism inetnum: netname: BLUELIGHT-1 descr: Blue Light Internet ………….. mnt-by:BLUELIGHT-MNT mntner: BLUELIGHT-MNT descr: Maintainer for all Bluelight objects admin-c: JJ231-RIPE tech-c: BL112-RIPE auth: CRYPT-PW q5nd!~sfhk0# upd-to: mnt-nfy: mnt-by: BLUELIGHT-MNT changed: source: RIPE

Local Internet Registries. Training Course Maintainer Object Attributes  auth attribute (mandatory, multiple) upd-to attribute (mandatory) –notification for failed updates mnt-by attribute (mandatory) –can reference the object itself mnt-nfy attribute (optional, encouraged) –works like notify but for all objects that refer to this maintainer object Manual registration of object necessary Send object to

Local Internet Registries. Training Course Authentication Methods 1. auth: NONE could be used with mnt-nfy attribute 2. auth: MAIL-FROM { , reg-exp} –e.g. protection from typos 3. auth: CRYPT-PW {encrypted password} include password attribute in your updates 4. auth: PGP-KEY- key-cert object see: ripe-190 & ripe-189 RIPE NCC can provide you with a licence for free

Local Internet Registries. Training Course Hierarchical Authorisation inetnum: netname: NL-BLUELIGHT …... status: ALLOCATED PA mnt-by: RIPE-NCC-HM-MNT mnt-lower: BLUELIGHT-MNT changed: changed: source: TEST Ask for mnt-lower attribute mnt-lower protects –only against creation –only one level below Include also in assignment inetnum objects 

Local Internet Registries. Training Course Test Database Non-production whois Database Similar interface as “real” RIPE whois Database –whois & whois -h test-whois.ripe.net ; –syntax checking –error reports Enable to submit your own maintainer Ideal for testing –various authorisation schemes –self-made scripts that update RIPE DB Source: TEST

Local Internet Registries. Training Course Questions?

Local Internet Registries. Training Course Advanced Reverse Delegation

Local Internet Registries. Training Course Reverse Delegation of Multiple /24 –for range of consecutive zones possible also for sub-range –represented in single inetnum object Shorthand notation for domain attribute inetnum: w.z.x.0 - w.z.y domain: x-y.z.w.in-addr.arpa in-addr.arpa Submit as one domain object Processed separately Separate response

Local Internet Registries. Training Course Reverse Delegation of /16 Allocation If a LIR has a /16 allocation, the RIPE NCC can delegate the entire reverse zone to the LIR Requirements and procedures the same as /24, except –/16 domain object –three nameservers needed –ns.ripe.net a mandatory secondary After delegation LIR –should continue to check sub-zone setup before further delegation –recommended use of the inaddr robot TEST keyword or web check

Local Internet Registries. Training Course Changing Delegation Change the nserver lines in domain object –submit domain object to To change contact details in domain object –submit updated object to Deleting a delegation is automatic –include delete attribute to the exact copy of the object –send to

Local Internet Registries. Training Course Common Errors DB / request inconsistency (netname attribute, update date) IP addresses instead of names of nameservers in domain object Trying to get reverse delegation for /19 allocation –has to be on octet boundaries –send request for each /24 as it becomes used DNS setup (RFC-1912)

Local Internet Registries. Training Course nslookup (part of BIND) host dig More detailed info – Useful DNS Tools

Local Internet Registries. Training Course Questions?

Local Internet Registries. Training Course Routing Registry

Local Internet Registries. Training Course Internet Routing Registry (IRR) Goals of the IRR –consistency and stability of routing –enable development of tools to use information Local IR responsibilities –maintain policy information in RR Regional IR responsibilities –assigning Autonomous System Numbers –consistency checking of data –maintenance of RR support tools

Local Internet Registries. Training Course Internet Routing Registry Globally distributed DB with routing policy information –provides a map of global routing policy –shows routing policy between any two ASes –allows simulation of routing policy effects –enables router configuration –provides contact information RIPE Routing Registry –subset of information in RIPE database –syntax description in ripe-181

Local Internet Registries. Training Course Global Internet Routing Registry RIPE RR APNIC RADB... IRR ARIN C&W

Local Internet Registries. Training Course Routing Registry Objects aut-num  route  as-macro community dom-prefix inet-rtr

Local Internet Registries. Training Course The Route Object route: /19 descr: BLUELIGHT-NET origin: AS42 mnt-by: BLUELIGHT-MNT changed: source: RIPE Represents a “route” in the Internet Should be registered by LIR in the RR This route originates in AS42 Only one origin recommended

Local Internet Registries. Training Course “cross-mnt” Attribute in “aut-num” Object route: /19 origin:AS42 […] route: /25(new) origin:AS9999 […] aut-num: AS42 cross-mnt: BLUELIGHT-MNT […] mntner: BLUELIGHT-MNT mnt-nfy: […] gets a notification

Local Internet Registries. Training Course as-macro: AS-ARCON descr: ARCON TML customers AS list as-list: AS8955 AS6809 AS12500 AS-MACRO-B tech-c: BZ318-RIPE admin-c: VV82 mnt-by: ARCON-MNT changed: source: RIPE as-macro

Local Internet Registries. Training Course aut-num: AS8955 descr: ARCON Autonomous System... as-out: to AS8563 announce AS-ARCON as-out: to AS2854 announce AS-ARCON... aut-num: AS8563 descr: DirectNet Autonomous System descr: JSC DirectNet Telecommunications as-in: from AS accept AS-ARCON... as-macro Usage

Local Internet Registries. Training Course whois Flags in RR whois -T route /19 whois -i origin AS42 whois -i mnt-by BLUELIGHT-MNT whois -i cross-mnt BLUELIGHT-MNT whois -v as-macro whois -a whois -h whois.arin.net

Local Internet Registries. Training Course RR Tools RAToolSet sources: –AS Object Editor (aoe) –Aggregation optimisation (CIDR Advisor) –Configuration (rtconfig) –Visualisation Tool (ASExplorer) –IRRj java interface to IRR –prtraceroute Looking glasses – –

Local Internet Registries. Training Course Special Projects ( Part of RIPE NCC Public Services ) Routing Information Service –collect routing information between Autonomous Systems (AS) development over time –information available to the RIPE community –improve network operations –prototype: Routing Registry Consistency Project –improve data quality in the Internet routing registry –improve data accessibility and processing capabilities

Local Internet Registries. Training Course Next Generation - RPSL New language (RFC-2622) Routing Policy Specification Language –allows for more refined policy details –will eventually replace ripe-181 –transition to RPSL will be smooth RPSL mirror of RIPE DB –rpsl.ripe.net Test re-implementation server –queries: reimp.ripe.net at port 4343 –updates:

Local Internet Registries. Training Course autnum in RPSL aut-num: [mandatory] [single] [primary/look-up key] as-name: [mandatory] [single] descr: [mandatory] [multiple] as-in: [optional] [multiple] [ ] as-out: [optional] [multiple] [ ] interas-in: [optional] [multiple] [ ] interas-out: [optional] [multiple] [ ] as-exclude: [optional] [multiple] [ ] member-of: [optional] [multiple] [inverse key] *** New in RPSL *** import: [optional] [multiple] *** as-in in RIPE 181 *** export: [optional] [multiple] *** as-out in RIPE 181 *** default: [optional] [multiple] remarks: [optional] [multiple] admin-c: [mandatory] [multiple] [inverse key] tech-c: [mandatory] [multiple] [inverse key] cross-mnt: [optional] [multiple] [inverse key] cross-nfy: [optional] [multiple] [inverse key] notify: [optional] [multiple] [inverse key] mnt-lower: [optional] [multiple] [inverse key] *** RPS auth *** mnt-routes: [optional] [multiple] [inverse key] *** RPS auth *** mnt-by: [mandatory] [multiple] [inverse key] changed: [mandatory] [multiple] source: [mandatory] [single] automatically translated, new, preserved, deprecated

Local Internet Registries. Training Course Questions?

Local Internet Registries. Training Course Administrivia Audit Billing Closing

Local Internet Registries. Training Course Audit Motivation Audit Activity is a service –requested by the community –ensure equal treatment –LIR can ask for an audit Help LIRs to –keep RIPE Database tidy –keep up-to-date with new policies

Local Internet Registries. Training Course Audit Activity Described in ripe-170 Initiated for –infrequent contact with the RIPE NCC –random selection –referral by Hostmaster –(anonymous) LIR complaint Audit procedure –LIR answers list of questions –RIPE NCC check database

Local Internet Registries. Training Course Audit Steps When LIR responds –discuss the issue(s) & try to resolve them –review AW size If LIR does not co-operate –send reminders & phone –still no reaction further actions taken

Local Internet Registries. Training Course Billing Procedure LIRs pay yearly fee (S, M, L) –ripe-213 If payment is late - reminders –1st phase - 4 weeks after the invoice no action taken –2nd phase - 2 weeks afterwards lower AW to 0 mnt-lower on allocation –3rd phase - 2 weeks afterwards service level NONE –if still no payment … Discuss payment / invoices –

Local Internet Registries. Training Course Closing / Takeover of the LIR 1) LIR closes completely 2) LIR takes over another LIR and one closes 3) LIR takes over another LIR and both remain open 4) Non-registry takes over a LIR... Contact for details address space issues billing issues new service agreement No need to change current Reg-ID neither after company changes the name additional ‘start-up’ fee is being charged

Local Internet Registries. Training Course Questions?

Local Internet Registries. Training Course Questionnaire  Please complete the questionnaire precious feedback constant improvement Thank you

Local Internet Registries. Training Course RIPE NCC Recycling Procedures Please return the reusable badges. Thank you