Download presentation
Presentation is loading. Please wait.
Published byCharity Jowett Modified over 10 years ago
1
Managing IP addresses for your private clouds 2013 ASEAN CAS Summit Bangkok, Thailand 7 February 2013 George Kuo Member Services Manager
2
Overview Introduction to APNIC and Regional Internet Registries Why your own IP addresses for your clouds? Questions to ask your cloud service providers IPv6 security How to get IP addresses ? Internet resource management policies 2
3
Introduction to APNIC & Regional Internet Registries 3
4
Regional Internet Registries 4 The Internet community established the RIRs to provide fair access and consistent resource distribution and registration throughout the world.
5
What is APNIC? The Regional Internet Registry (RIR) for the Asia Pacific –Delegates IP addresses and AS numbers –Maintains the APNIC Whois Database –Manages reverse DNS delegations Not-for-profit and membership based organization –3,400+ Members –100+ Members in Thailand –NOT a domain name registry 5
6
APNIC’s Mission Assist the Asia Pacific Internet community in effective Internet resources management and distribution Support regional Internet infrastructure building Seek public consideration of issues that benefit Members and the community Coordinate and facilitate Internet resource policy development Provide training and outreach on resource management and APNIC services 6
7
Why your own IP addresses for your clouds? 7
8
Service provider networks –A key component in service provision –Addresses to be assigned to infrastructure and customers Independent networks –Addresses to be used for their own networks –Allows easier management of multiple connections to ISPs/IXPs –Removes the need to renumber when changing upstream providers
9
Questions to ask your cloud service providers 9
10
Private IP addressing has its limitations. Are you numbering cloud hosts in public or private addresses? –Private: How many customers share the NAT interface to the public Internet? –Public: Does the provider have enough addresses to meet your future needs? IP address portability –If you have access to a block of public addresses, does the provider have the capability to use them in provisioning your cloud solution? What are the costs involved? –Are you being charged for public IP addresses? 10
11
Questions to ask your cloud service providers Does the provider rely on NAT and CGN for their security? –NAT and CGN are not all of your security –You need proper configuration and ACL reflecting your function and needs, e.g. inbound SSH only for your back office network, outbound only to your specified clients How much shared infrastructure between cloud customers and your specific needs? –Shared access path potentially shared risks Does the cloud provider understand IPv6? –For future growth and and demand, start early, gain experience –Be aware of difference in IPv6 security 11
12
IPv6 security Mostly the same as IPv4 –ACL are basically the same –ICMPv6 substantially different, do not block most ICMPv6, it’s needed for pMTU discovery…etc –Be aware of different IP fragmentation behaviour New class of risks –Stateless auto config (SLAAC) –Switch ND exhaustion (DDOS attack) –Get proper IPv6 aware managed switches, they should offer mitigation against both risks 12
13
How to get IP addresses 13
14
How to get IP addresses Service providers and independent network operators get their IP addresses from their Internet Registry –Maximum /22 (1,024 addresses) of IPv4 –Initial /48 to /32 of IPv6 –Must meet current policy criteria Casual users get their IP addresses from their service provider (ISP, hosting, data centre etc.)
15
How to get IP addresses Online request form –www.apnic.net/memberwww.apnic.net/member Need support ? –Contact APNIC Member Services Helpdesk –Monday to Friday, 09:00 to 21:00 (UTC +10) –www.apnic.net/helpdesk
16
Policy criteria 16
17
Policies Service providers –IPv4 criteria Have used a /24 from their upstream provider or demonstrate an immediate need for a /24, Demonstrate a detailed plan for use of a /23 within a year –IPv6 criteria Have existing IPv4, or Plan to provide IPv6 connectivity and make 200 customer assignments in 2 years
18
Policies Independent networks –IPv4 criteria Connected or plan to connect within 3 months to multiple ISPs/IXPs, or Running an IXP (Internet Exchange Point), or Running an Internet critical infrastructure e.g. –Root domain name system (DNS) server; –Global top level domain (gTLD) nameservers; –Country code TLD (ccTLDs) nameservers; –National/Regional Internet Registry
19
Policies Independent networks –IPv6 criteria automatically eligible for a minimum IPv6 portable assignment if previously justified an IPv4 portable assignment from APNIC Running an IXP (Internet Exchange Point), or Running an Internet critical infrastructure e.g. –Root domain name system (DNS) server; –Global top level domain (gTLD) nameservers; –Country code TLD (ccTLDs) nameservers; –National/regional Internet Registry
20
Questions? 20
21
Thanks! George Kuo, Member Services Manager 21
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.