1. Welcome! APNIC Members Training Course Internet Resource Management Essentials 20 October 2003, Kuala Lumpur, Malaysia In conjunction with the 1 st ASEAN IPv6 Summit

2. Introduction Presenters –John H’ng –Champika Wijayatunga –Arth Paulite For any training queries

3. Assumptions & Objectives Assumptions –Are current or prospective APNIC member –Have not submitted many requests –Are not familiar / up-to-date with policies –Are not familiar with procedures Objectives –Teach members how to request resources from APNIC –Keep membership up-to-date with latest policies –Liaise with members Faces behind the e-mails

4. Schedule  APNIC’s role in the Asia Pacific (5) APNIC’s role in the Asia Pacific (5)  Internet Registry Policies (17) Internet Registry Policies (17)  Addressing Plan (40) Addressing Plan (40) TEA BREAK (10:30 – 11:00)  Requesting an IP allocation (56) Requesting an IP allocation (56)  IP Management (81) IP Management (81) LUNCH (12:30 – 13:30)  APNIC database (95) APNIC database (95)  Reverse DNS (141) Reverse DNS (141)  ASN (155) ASN (155) TEA BREAK (15:30 – 16:00)  IRR (171) IRR (171)  IPv6 (189) IPv6 (189)  Summary (216) Summary (216)

5. APNIC’s role in the Asia Pacific Asia Pacific Network Information Centre

6. Overview What is APNIC? Regional Internet Registry APNIC structure What Does APNIC do ? APNIC Membership services Why APNIC ? APNIC resources APNIC environment APNIC responsibilities Intro

7. What is APNIC? RIR for the Asia Pacific Regional Internet Registry –Regional authority for Internet Resource distribution –IPv4 & IPv6 addresses, ASNs, reverse dns delegation Industry self-regulatory body – Non-profit, neutral and independent Open membership-based structure Intro

8. APNIC Membership Intro Last Update – Oct 2003

9. APNIC is not… Not a network operator –Does not provide networking services Works closely with APRICOT forum Not a standards body –Does not develop technical standards Works within IETF in relevant areas (IPv6 etc) Not a domain name registry or registrar Will refer queries to relevant parties Intro

10. APNIC structure Industry self-regulatory structure – Participation by those who use Internet resources – Consensus-based decision making Eg. Policy changes, db requirements etc – Open and transparent Meetings and mailing lists –Open to anyone Intro

11. APNIC region Intro

12. Internet Registry structure ICANN ASO APNICARINRIPE NCCLACNIC IANA NIRLIR ISP LIR ISP Intro

13. APNIC Services & Activities Resources Services IPv4, IPv6, ASN, reverse DNS Policy development –Approved and implemented by membership APNIC whois db –whois.apnic.net –Registration of resources Information dissemination APNIC meetings Web and ftp site Mailing lists –Open for anyone! Training Courses –Subsidised for members Co-ordination & liaison –With membership, other RIRs & other Internet Orgs. Intro

14. What is the APNIC community? Open forum in the Asia Pacific –Open to any interested parties Voluntary participation Decisions made by consensus Public meetings Mailing lists –web archived A voice in regional Internet operations through participation in APNIC activities Policy dev

15. Definition – “Internet Community” Global Internet Community APNIC Internet Community IETF ISOC Individuals APNIC Members APAN SANOG ISP Associations

16. Questions ?

17. Internet Registry Policy Development

18. Overview –Policy Development –Definitions –Background –Objectives & environment Policy dev

19. Principles of policy development ‘Bottom up’, consensus based decision making –Community proposes and approves policy –No policies implemented without consensus of community Open and transparent –Anyone can attend –All decisions archived Policy dev

20. Participation in policy development Why should I bother? –Responsibility as an APNIC member To be aware of the current policies for managing address space allocated to you –Business reasons Policies affect your business operating environment and are constantly changing Ensure your ‘needs’ are met –Educational Learn and share experiences Stay abreast with ‘best practices’ in the Internet Policy dev

21. Definition – “Consensus” OED definition –“General agreement in opinion” Show of hands to judge ‘general agreement’ –Often a count is taken to assist but is not essential Those in favour, those against and abstentions Each attendee has one vote If difficult to judge, unlikely to be consensus –Final call by chair Policy dev

22. Principles of policy development process TRANSPARENT‘BOTTOM UP’ All decisions & policies documented & freely available to anyone Anyone can participate Internet community proposes & approves policy OPEN Consensus based Policy dev

23. Elements of the process Member Meeting Working Groups Birds of a Feather Special Interest Groups Open Policy Meeting & Mailing Lists SIGs: Formal groups which discuss broad areas of policy relevant to the APNIC internet community BOFs: Informal meetings to exchange ideas eg. CA BOF, Network Abuse BOF, Training Need to hold at least one to form new SIG WGs: semi formal, volunteer group tasked by a SIG to work on a particular project until completed eg. ‘Broadband’ MM: forum specific to APNIC business eg. fee structure, election of executive council & endorsement of policy decisions Policy dev

24. How does it work? Self regulation in practice New policy or amendment proposed Endorsement by MM? Report of consensus in SIG to MM Consensus? Implementation 3 months Posted to SIG ML for discussion Face to face discussions in public open forum (SIGs) YES NO Policy dev

25. How to get your voice heard Contribute on the public mailing lists –http://www.apnic.net/community/lists/index.html Attend meetings –Or send a representative –Gather input at forums like SANOG Give feedback –Training or seminar events APNIC16, Seoul, KR, 19-22 August –Listen to multicast, stay informed –http://www.apnic.net/meetings Policy dev

26. Definitions

27. RFC 1519 Classful and Classless Classful (Obsolete) –Wasteful address architecture network boundaries are fixed at 8, 16 or 24 bits (class A, B, and C) Classless –Efficient architecture network boundaries may occur at any bit (e.g. /12, /16, /19, /24 etc) CIDR Classless Inter Domain Routing architecture –Allows aggregation of routes within ISPs infrastructure Policies Best Current Practice RFC 1518 RFC 1517

28. Allocation and Assignment Allocation “A block of address space held by an IR (or downstream ISP) for subsequent allocation or assignment” Not yet used to address any networks Assignment “A block of address space used to address an operational network” May be provided to LIR customers, or used for an LIR’s infrastructure (‘self-assignment’) Policies

29. Sub- Allocation /22 /8 APNIC Allocation Allocation and Assignment /24 /20 Member Allocation Customer Assignments /25 Policies /26 /27 /26 APNIC Allocates to APNIC Member APNIC Member Customer / End User Assigns to end-user Allocates to downstream Downstream Assigns to end-user

30. Portable & non-portable Portable Assignments –Customer addresses independent from ISP Keeps addresses when changing ISP –Bad for size of routing tables –Bad for QoS: routes may be filtered, flap- dampened Non-portable Assignments –Customer uses ISP’s address space Must renumber if changing ISP –Only way to effectively scale the Internet Policies 

31. Aggregation and “portability” Aggregation (Non-portable Assignments) (Portable Assignments) No Aggregation BGP Announcement (1) BGP Announcements (4) ISP Allocation Customer Assignments ISP Policies

32. Objectives

33. APNIC Policies - objectives Conservation Ensuring efficient use and conservation of resources Aggregation Limiting growth of routable prefixes Registration Registering the Internet resources in a public db Uniqueness Global visibility Fairness and consistency Equal consideration irrespective of external factors Policies

34. Why do we need policies ? - Global IPv4 Delegations Policies

35. Growth of global routing table last updated 29 Sep 2003 http://bgp.potaroo.net/as1221/bgp-active.html Deployment Period of CIDR CIDR made it work for a while But they cannot be relied on forever Projected routing table growth without CIDR ISPs tend to filter longer prefixes Policies

36. Routing table prefix distribution Last updated 29 Nov 2002 Policies

37. APNIC policy environment “IP addresses not freehold property” –Assignments & allocations on license basis Addresses cannot be bought or sold Internet resources are public resources ‘Ownership’ is contrary to management goals “Confidentiality & security” –APNIC to observe and protect trust relationship Non-disclosure agreement signed by staff Policies

38. Questions ?

39. Internet Registry Procedures Addressing Plan

40. Addressing plan To complete documentation –First need a technical PLAN Documenting the architecture of the present and eventual goal –IP addressing is fundamental part of network design –IP addressing ‘planning’ example to follow.. Addressing Plan

41. Some icons Router (layer 3, IP datagram forwarding) Network Access Server (layer 3, IP datagram forwarding ) Ethernet switch (layer 2, packet forwarding) Addressing Plan

42. Addressing plan Identify components of network –Customer services –ISP internal infrastructure Identify phases of deployment –Starting off, 6 months, 12 months Identify equipment and topology changes –Need for redundancy –Need for increased scale Addressing Plan

43. Network plan Starting off ’ Leased line services 5-8 customers Dialup services 16 modems Interconnected resilience Upstream ISP 15 hosts NOC operations 10 hosts Internal DNS,Web Mail servers ISP Infrastructure Customer services 5 hosts Virtual web (name based) Addressing Plan

44. Network plan WAN point to point /30 5 hosts 15 hosts 10 hosts Upstream ISP 16 dialup modems 5-8 leased line customers ‘ip unnumbered’ to customers one loopback interface per assigned router /32 ‘ip unnumbered’ to upstream ISP Addressing Plan

45. Addressing plan network-plan: analogue dialup modems, vendor ‘x’ LAN -web hosting (Name-based hosting) 5-8 leased line customers (/28) network-plan: LAN -NOC and Ops management LAN -mail,DNS, web servers internal loopback router interfaces router WAN ports (x 5 lines) Initial addressing plan 16 5 128 15 10 4 2 - numbers of host addresses (interfaces) Addressing Plan

46. Network plan 60 dialup modems (2PRI) 30 leased line customers 11 hosts name- based 8 hosts- 2ndary Servers 25 hosts- NOC 16 hosts- Servers 60 dialup modems (2PRI) Upstream ISP added new router and LAN for redundancy added new dial up equipment replaced original modem increased number of leased line customers increased number of hosts on all LANs 6 months later –scale increased –redundancy Addressing Plan

47. Addressing plan Network plan at 6 months 60 11 512 25 16 6 2 - increases in hosts (interfaces) New hardware 2 PRI dialup modems LAN-secondary servers network-plan: 0/ 60 8 network-plan: 2 PRI dialup modems, vendor ‘y’ LAN -web hosting (Name-based hosting) 30 leased line customers (pool) 16/ 5/ 128/ 15/ 10/ 4/ 2/ network-plan: LAN -NOC and Ops management LAN -mail,DNS, web servers internal loopback router interfaces router WAN ports (x 8 lines) Changed description Addressing Plan

48. Network plan 12 months total –site redundancy –greater complexity –efficiency 60 leased line customers ip unnumbered 11 hosts 8 hosts 35 host 240 dialup modems (8PRI) Upstream ISP A 240 dialup modems (8PRI) 40 hosts Upstream ISP B added new customer router redundancy of WAN connections now numbered links for BGP4 two pieces of essential equipment Addressing Plan

49. Addressing plan network-plan: 8 PRI dialup modems, vendor x 8 PRI dialup modems, vendor y LAN -web hosting (Name-based hosting) 60 leased line customers (pool) 16/60/ 0/60/ 5/11/ 128/512/ 15/25/ 10/16/ 0/8/ 2/2/ 4/6 network-plan: LAN -NOC and Ops management LAN -mail,DNS, web servers internal LAN-secondary servers router WAN ports (x 8 lines) loopback router interfaces Network plan at 12 months 240 11 1020 40 35 8 2 12 -increases in hosts (interfaces) -one year total Addressing Plan

50. Addressing plan network-plan: 8 PRI dialup modems, vendor x 8 PRI dialup modems, vendor y LAN -web hosting (Name-based hosting) 60 leased line customers (pool) 16/60/240 0/60/240 5/11/11 128/512/1020 15/25/40 10/16/35 0/8/8 2/2/2 4/6/12 network-plan: LAN -NOC and Ops management LAN -mail,DNS, web servers internal LAN-secondary servers router WAN ports (x 8 lines) loopback router interfaces 256 16 1024 64 8 4 16 Can now determine subnet sizes Addressing Plan

51. Addressing plan –Addressing plan for network-plan –re-ordered large to small according to relative subnet size –determination of relative subnet addresses network-plan: 0.0.0.01024128/512/1020 60 leased line customers (pool) network-plan:0.0.4.025616/60/240 8 PRI dial up modems, vendor x network-plan:0.0.5.02560/60/240 8 PRI dial up modems, vendor y network-plan:0.0.6.06410/16/35 LAN -mail,DNS, web internal network-plan:0.0.6.646415/25/40 LAN -NOC and Ops management network-plan:0.0.6.128165/11/11 LAN -web hosting (Name-based hosting) network-plan:0.0.6.144160/8/8 LAN -secondary servers network-plan:0.0.6.160164/6/12 loopback router interfaces network-plan:0.0.6.17642/2/2 router WAN ports (x8) –cumulative total 0.0.6.208 Addressing Plan

52. Addressing plan – Addressing plan for network-plan – connect to the Internet (full-time, part-time)? network-plan: 0.0.0.0255.255.252.0 YES 1024 128/512/1020 60 leased customers network-plan:0.0.4.0255.255.255.0 PART 256 16/60/240 8 PRI dial up modems.. network-plan:0.0.5.0255.255.255.0PART 256 0/60/240 8 PRI dial up modems.. network-plan:0.0.6.0255.255.255.192YES 6410/16/35 LAN -mail,DNS, web internal network-plan:0.0.6.64255.255.255.192YES 6415/25/40 LAN -NOC & Ops mgmt network-plan:0.0.6.128255.255.255.240YES 165/11/11 LAN -web hosting (Name-based) network-plan:0.0.6.144255.255.255.240 YES 16 0/8/8 LAN -secondary servers network-plan:0.0.6.160255.255.255.240YES 16 4/6/12 loopback router interfaces network-plan:0.0.6.176255.255.255.252YES 42/2/2 router WAN ports (x 8 ) Addressing Plan

53. –Addressing plan complete –total planned for customer assignments /22 –total planned for ISP infrastructure /24 + /23 network-plan: 0.0.0.0255.255.252.0 YES 1024 128/512/1020 60 leased line customers network-plan:0.0.4.0255.255.255.0 PART 256 16/60/2408 PRI dial up modems.. network-plan:0.0.5.0255.255.255.0PART 256 0/60/2408 PRI dial up modems.. network-plan:0.0.6.0255.255.255.192YES 6410/16/35LAN -mail,DNS, web internal network-plan:0.0.6.64255.255.255.192YES 6415/25/40 LAN -NOC & Ops mgmnt network-plan:0.0.6.128255.255.255.240YES 165/11/11 LAN -web hosting (Name-based) network-plan:0.0.6.144255.255.255.240 YES 16 0/8/8LAN -secondary servers network-plan:0.0.6.160255.255.255.240YES 16 4/6/12loopback router interfaces network-plan:0.0.6.176255.255.255.252YES 42/2/2router WAN ports (x 8 lines ) –detailed, efficient and accurate Addressing plan Addressing Plan

54. Questions ?

55. Internet Registry Polices & Procedures IP Request

56. IP Growth in Asia Pacific Last Update 26 Sep 2003 IP Req

57. IP address request Hostmaster Administrivia – mailbox filtered Requires member account name –Subject: IP Address Request [CONNECT-AU] Ticketing system –Every request is assigned a ticket Please keep # in subject line of email eg. –[APNIC #14122] [CHINANET-CN] New staff at ISP –Require an ‘introduction’ to APNIC To ensure confidentiality members only IP Req

58. IP address request More documentation and clarification by Member no Member has completed documentation? Step 1 yes Evaluation of request by APNIC - OK? Step 2 yes update local records update APNIC database Notify Member Step 3 Allocation by APNIC no Life Cycle IP Req

59. IP address request - Overview Contact Details Network Information Existing Customer Network Information Existing Infrastructure Network Information Future Network Plan Additional Information IP Req

60. IP address request instructions Complete the documentation –ISP Address Request Form Web Form: –http://www.apnic.net/services/ipv4/ Plain text –http://ftp.apnic.net/apnic/docs/isp-address-request The more detailed and precise –Fewer iterations with APNIC Quicker resolution time Read the quick tips! http://www.apnic.net/faq/isp-request-tips.html APNIC- 084 IP Req

61. Initial IPv4 allocation criteria 1a.Have used a /22 from upstream provider –Demonstrated efficient previous address usage OR 1b.Show immediate need for /22 Can include customer projections & infrastructure equipment 2.Detailed plan for use of /21 within a year 3.Renumber to new space within 1 year –Meet all policy requirements Applicants may be required to show purchase receipts IP Req

62. Evaluation by APNIC All address space held should be documented –Check other RIR, NIR databases for historical allocations ‘No reservations’ policy –Reservations may never be claimed –Fragments address space –Customers may need more or less address space than is actually reserved IP Req

63. APNIC allocation policies Aggregation of allocation –Provider responsible for aggregation –Customer assignments /sub-allocations must be non-portable Allocations based on demonstrated need –Detailed documentation required All address space held to be declared –Address space to be obtained from one source routing considerations may apply –Stockpiling not permitted IP Req

64. APNIC allocation policies Transfer of address space –Not automatically recognised Return unused address space to appropriate IR Effects of mergers, acquisitions & take- overs –Will require contact with IR (APNIC) contact details may change new agreement may be required –May require re-examination of allocations requirement depends on new network structure IP Req

65. First allocation Must meet criteria (discussed in policy section) Requires clear detailed and accurate request Implementation of ‘Best Current Practice’ Efficient assignments planned Always a /20 ‘slow start’ Exceptions made for very large networks but not common IP Req

66. Subsequent allocations 80% overall utilisation Unless large assignment pending Demonstrated conservative assignments Correct customer registrations in db Need to fix inconsistencies before next allocation Allocation size to cover 1 year need Based on previous utilisation rate Contiguous allocation not guaranteed But every effort made IP Req

67. Evaluation guidelines – Cable/DSL Bootstrap criteria –Simplified, optional criteria –Assumption of /24 per CMTS Subsequent allocation CMTS devices per headend 3 month subscriber projection Average growth per month –option: MRTG to support growth rate evaluation equipment purchase receipts IP Req

68. Evaluation guidelines – Virtual web hosting Name based hosting –‘Strongly recommended’ Use ‘infrastructure’ field to describe web servers IP based hosting –Permitted on technical grounds –SSL, virtual ftp.. –Use ‘infrastructure’ field to describe web servers –Special verification for IP based –If more than /22 used for this purpose –Requestor must send list of URLs of virtual domain and corresponding IP address IP Req

69. Sub-allocations No max or min size –Max 1 year requirement Assignment Window & 2 nd Opinion applies –to both sub-allocation & assignments Sub-allocation holders don’t need to send in 2 nd opinions Sub-allocation /22 /24 /20 Member Allocation Customer Assignments /25/26 /27 /26 Customer Assignments IP Req

70. Sub-allocation guidelines Sub-allocate cautiously –Seek APNIC advice if in doubt –If customer requirements meet min allocation criteria: Customers should approach APNIC for portable allocation Efficient assignments –LIRs responsible for overall utilisation Sub-allocation holders need to make efficient assignments Database registration –Sub-allocations & assignments to be registered in the db IP Req

71. Address assignment policies Assignments based on requirements Demonstrated through detailed documentation Assignment should maximise utilisation –minimise wastage Classless assignments showing use of VLSM Size of allocation –Sufficient for up to 12 months requirement IP Req

72. General assignment guidelines Static & Dynamic –Transient connections (dial-up) dynamic recommended –Permanent connections static assignments ok (1:1 contention ratio) –(dynamic encouraged) IP unnumbered –Encouraged when possible Helps conserving IP addresses –statically routed, single-homed customer connections (no BGP) http://www.apnic.net/info/faq/ip_unnumb.html IP Req

73. Small multihoming assignment policy 1a. Applicants currently multihomed OR 1b. Demonstrate a plan to multihome within 1 month 2. Agree to renumber out of previously assigned space –Demonstrate need to use 25% of requested space immediately and 50% within 1 year –Meet all policy requirements or have the assignment revoked IP Req

74. IPv4 assignment policy for IXPs Criteria –3 or more peers –Demonstrate “open peering policy” –Not announce assignment to global routing table APNIC has a reserved block of space from which to make IXP assignments IXPs can apply for an assignment of /24 for Transit LAN IP Req

75. Portable critical infrastructure assignments What is Critical Internet Infrastructure? –Domain registry infrastructure Root DNS operators, gTLD operators ccTLD operators –Address Registry Infrastructure RIRs & NIRs IANA Why a specific policy ? Protect stability of core Internet function Assignment sizes: –IPv4: /24 –IPv6: /32 IP Req

76. Overview of 2nd opinion Applicant information Type of request Network name Future network plan Customer’s existing network Customer assignments to end-sites Sub-allocation infrastructure Additional information Confirm details Contact details, password IPv6 / IPv4, Assignment / Sub-allocation Network name, description, country Planned IP usage IPs held by customer IPs held by customer & customer’s customers IPv4 Sub-allocations IPv4/IPv6 Assignments Any additional info that may aid the evaluation Check your details IP Req

77. 2 nd opinion evaluation (policy) Efficiency –More than 50% used in any one subnet? –Can different subnet sizes be used? –More than 80% used for previous assignment? Stockpiling –Is all address space held declared on form? –Has organisation obtained address space from more than one member/ISP? Registration –Is previous assignment in APNIC database and are they correct and up to date? IP Req

78. Customer assignment Member updates internal records –Select address range to be assigned –Archive original documents sent to APNIC –Update APNIC database Clarify status of address space –APNIC requirement is ‘Non portable’ –‘Portable’ assignments are made by APNIC only with the end-user request form Organisation must have technical requirement IP Req

79. Questions ?

80. IP Address Management

81. Revision of routing protocols Interior Gateway Protocol (IGP) –Examples are OSPF, EIGRP, ISIS –Used to find optimum route to a host in ISP network –Convergence becomes important with scaling Border Gateway Protocol (BGP) –Can be interior (iBGP) and exterior (eBGP) –Used to carry traffic across your network and to/from the Internet –Can use BGP attributes for routing policy IP Mgmt

82. Principles of addressing Separate customer & infrastructure address pools –Manageability Different personnel manage infrastructure and assignments to customers –Scalability Easier renumbering - customers are difficult, infrastructure is relatively easy IP Mgmt

83. Principles of addressing Further separate infrastructure –‘Dynamic’ infrastructure for IGP Carrying network infrastructure addresses used by a routing protocol where alternate paths to host exist Eg. p2p addresses of backbone connections Eg. router loopback addresses –‘Static’ infrastructure Static routing of infrastructure (where no alternative path exists) Carry in iBGP IP Mgmt

84. Principles of addressing Further separate infrastructure –‘Static’ infrastructure examples RAS server address pools, CMTS Virtual web and content hosting LANs Anything where there is no dynamic route calculation Customer networks Carry in iBGP, do not put in IGP –No need to aggregate address space carried in iBGP –Can carry in excess of 100K prefixes IP Mgmt

85. Hierarchy of routing protocols BGP4 (iBGP) & OSPF/ISIS Other ISPs Customers Local NAP eBGP Static/eBGP BGP4 (eBGP) ISP Internal Network IP Mgmt

86. Management - simple network First allocation from APNIC –Infrastructure is known, customers are not –20% free is trigger for next request –Grow usage of blocks from edges –Assign customers sequentially 20% Customers p2pp2p Infrastructure loops IP Mgmt

87. Management - simple network If second allocation is contiguous –Reverse order of division of first block –Maximise contiguous space for infrastructure Easier for debugging –Customer networks can be discontiguous CustomersInfrastructure 20%InfrastructureCustomers 1st allocation2nd allocation IP Mgmt

88. Management - many POPs WAN link to single transit ISP Server POP1 POP2 POP3 IP Mgmt

89. POP sizes –Choose address pool for each POP according to need –Loopback addresses Keep together in one block Assists in fault-resolution –Customer addresses Assign sequentially Management - many POPs Infrastructure POP 1POP2 loopbacks Customer IP Mgmt

90. Management - many POPs /20 minimum allocation not enough for all your POPs? –Deploy addresses on infrastructure first Common mistake: –Reserving customer addresses on a per POP basis Do not constrain network plans due to lack of address space –Re-apply once address space has been used IP Mgmt

91. Management - multiple exits WAN links to different ISPs Server POP1 POP2 POP3 IP Mgmt

92. Management - multiple exits Create a ‘national’ infrastructure pool –Carry in IGP Eg. loopbacks, p2p links, infrastructure connecting routers and hosts which are multiply connected –On a per POP basis Consider separate memberships if requirement for each POP is very large from day one. National Infrastructure POP1POP2POP3 20% free IP Mgmt

93. Questions ?

94. The APNIC Database Usage, Protection and Updating

95. What is the APNIC database? Public network management database Operated by IRs Tracks network resources IP addresses, ASNs, Reverse Domains, Routing policies Records administrative information Contact information (persons/roles) Authorisation DB Intro

96. Object types OBJECT PURPOSE personcontact persons rolecontact groups/roles inetnumIPv4 addresses inet6numIPv6 addresses aut-numAutonomous System number domainreverse domains routeprefixes being announced mntner(maintainer) data protection DB Intro http://www.apnic.net/db/

97. Object templates whois -t person: [mandatory] [single] [primary/look-up key] address: [mandatory] [multiple] [ ] country: [optional] [single] [ ] phone: [mandatory] [multiple] [ ] fax-no: [optional] [multiple] [ ] e-mail: [mandatory] [multiple] [look-up key] nic-hdl: [mandatory] [single] [primary/look-up key] remarks: [optional] [multiple] [ ] notify: [optional] [multiple] [inverse key] mnt-by: [mandatory] [multiple] [inverse key] changed: [mandatory] [multiple] [ ] source: [mandatory] [single] [ ] % whois -h whois.apnic.net -t person To obtain template structure*, use : DB Intro *Recognised by the RIPE whois client/server

98. Person object example –Person objects contain contact information person: address:address: country: phone: fax-no: e-mail: nic-hdl: mnt-by: changed: source: Attributes Values Ajith Singh ExampleNet Service Provider 2 Main St, Mount court Wallis and Futuna Islands WF +680-368-0844 +680-367-1797 kxander@example.com AS17-AP MAINT-WF-EX asingh@example.com 20020731 APNIC DB Intro

99. What is a nic-hdl? Unique identifier for a person Represents a person object –Referenced in objects for contact details (inetnum, aut-num, domain…) –format: Eg: AS17-AP DB Intro person: Ajith Singh address: ExampleNet Service Provider address: 2 Main St, Mount court address: Wallis and Futuna Islands country: WF phone: +680-368-0844 fax-no: +680-367-1797 e-mail: kxander@example.com nic-hdl: AS17-AP mnt-by: MAINT-WF-EX changed: kxander@example.com 20020731 source: APNIC

100. Inetnum object example –Contain IP address allocations / assignments inetnum: netname: descr: country: admin-c: tech-c: status: mnt-by: mnt-lower: changed: source: 202.51.64.0 - 202.51.95.255 CCNEP-NP-AP Communication & Communicate Nepal Ltd VSAT Service Provider, Kathmandu NP AS75 -AP AS75-AP ALLOCATED PORTABLE APNIC-HM MAINT-NP-ARUN hostmaster@apnic.net 20010205 APNIC Attributes Values DB Intro

101. Inter-related objects inetnum: 202.64.10.0 – 202.64.10.255 … admin-c: KX17-AP tech-c: ZU3-AP … mnt-by: MAINT-WF-EX … IPv4 addresses person: … nic-hdl: ZU3-AP … Contact info person: … nic-hdl: KX17-AP … Contact info mntner: MAINT-WF-EX… Data protection DB Intro

102. Database query - clients Standard whois client Included with many Unix distributions –RIPE extended whois client http://ftp.apnic.net/apnic/dbase/tools/ripe-dbase- client.tar.gz Query via the APNIC website http://www.apnic.net/apnic-bin/whois2.pl Query clients - MS-Windows etc –Many available DB Intro

103. Database query (unix)- inetnum Note Incomplete addresses padded with “.0” Address without prefix interpreted as “/32” % whois 203.127.128.0 - 203.127.159.255 % whois SINGNET-SG % whois 203.127.128.0/19 inetnum: 203.127.128.0 - 203.127.159.255 netname: SINGNET-SG descr: Singapore Telecommunications Ltd descr: 31, Exeter Road, #02-00, Podium Block descr: Comcentre, 0923 country: SG admin-c: CWL3-AP tech-c: CWL3-AP mnt-by: APNIC-HM changed: hostmaster@apnic.net 19990803 source: APNIC DB Intro

104. Database query (web) - role Query the APNIC Whois Database http://www.apnic.net/apnic-bin/whois2.pl 2.Search options (flags) 1.Type in search key 3. ‘Search Whois’ DB Intro

105. Database query (web) - role DB Intro Need help? General search help Help tracking spam and hacking % [whois.apnic.net node-1] % How to use this server http://www.apnic.net/db/ % Whois data copyright termshttp://www.apnic.net/db/dbcopyright.html role: OPTUS IP ADMINISTRATORS address: Optus Communications address: 101 Miller Street address: North Sydney NSW 2060 country: AU phone: +61-2-93427681 phone: +61-2-93420848 phone: +61-2-93420983 phone: +61-2-93420813 phone: +61-2-93420717 fax-no: +61-2-9342-0998 fax-no: +61-2-9342-6122 e-mail: ipadmin@optus.net.au trouble: send spam/abuse reports to abuse@optus.net.au trouble: please use http://www.apnic.net/db/spam.html trouble: to identify networks before sending reports and trouble: always include full headers/logs. admin-c: NC8-AP tech-c:NC8-AP tech-c:CN39-AP tech-c:GE7-AP tech-c:PS176-AP nic-hdl: OA3-AP notify: hostmaster@optus.net.au mnt-by: MAINT-OPTUSCOM-AP changed: ipadmin@optus.net.au 20021120 source: APNIC Query the APNIC Whois Database Result of search on nic-hdl “OA3-AP” (‘Optus IP administrators’ role object)

106. Advanced database queries –Flags used for inetnum queries None find exact match - l find one level less specific matches - L find all less specific matches - m find first level more specific matches - M find all More specific matches - x find exact match (if no match, nothing) - d enables use of flags for reverse domains - r turn off recursive lookups

107. inetnum: 202.64.0.0 – 202.64.15.255 202.64.0.0/20 inetnum: 202.0.0.0 – 202.255.255.255 202.0.0.0/8 Database query - inetnum 202.64.12.128/25 inetnum: whois -L 202.64.0.0 /20 whois 202.64.0.0 /20 whois –m 202.64.0.0 /20 inetnum: 202.64.15.192/26 inetnum: 202.64.10.0/24 More specific  (= smaller blocks) Less specific  (= bigger block)

108. inetnum: 202.64.0.0/20 inetnum: 202.0.0.0 – 202.255.255.255 202.0.0.0/8 Database query - inetnum whois -L 202.64.0.0 /20 (all less specific) whois 202.64.0.0 /20 whois –m 202.64.0.0 /20 (1 level more specific) inetnum: 202.64.10.0/24 inetnum: 202.64.10.192/26 inetnum: whois -l 202.64.0.0 /20 (1 level less specific) whois –M 202.64.0.0 /20 (all more specific) 202.64.0.0/16

109. ‘-M’ will find all assignments in a range in the database inetnum:202.64.10.0 - 202.64.10.255 netname:SILNET-AP descr: Satyam Infoway Pvt.Ltd.,..... inetnum: 202.64.12.128 - 202.64.12.255 netname: SOFTCOMNET descr: SOFTCOM LAN (Internet)IP...... inetnum:202.64.15.192 – 202.64.15.255 descr: SILNET descr: Satyam Infoway's Chennai LAN..... % whois -M 202.64.0.0/20 Database query - inetnum

110. Recursive lookups whois 202.12.29.0  –whois -r 202.12.29.0  –whois -T inetnum 202.12.29.0  –whois -r -T inetnum 202.12.29.0  person inetnum route inetnum route person inetnum recursion enabled by default recursion turned off ‘type’ of object specified ‘type’ of object specified & recursion turned off, & & & DB query

111. Recursion is enabled by default % whois 203.113.0.0/19 inetnum: 203.113.0.0 - 203.113.31.255 netname: TOTNET-AP descr: Telephone Organization of THAILAND(TOT) descr: Telephone and IP Network Service Provider descr: State Enterprise Thailand Government country: TH admin-c: NM18-AP tech-c: RC80-AP ……. person: Nopparat Maythaveekulchai address: YTEL-1234 Office address: Telephone Organization of THAILAND(TOT) person: Rungsun Channarukul address: YTEL-1234 OfficeP address: Telephone Organization of THAILAND(TOT) ……. Database query - recursion

112. Turn off recursion ‘-r’ no nic-handle lookup % whois -r 203.113.0.0/19 inetnum: 203.113.0.0 - 203.113.31.255 netname: TOTNET-AP descr: Telephone Organization of THAILAND(TOT) descr: Telephone and IP Network Service Provider descr: State Enterprise Thailand Government country: TH admin-c: NM18-AP tech-c: RC80-AP mnt-by: APNIC-HM mnt-lower: MAINT-TH-SS163-AP changed: hostmaster@apnic.net 19990922 source: APNIC Database query – no recursion

113. Inverse queries Inverse queries are performed on inverse keys See object template (whois –t) Returns all objects that reference the object with the key specified as a query argument Practical when searching for objects in which a particular value is referenced, such as your nic-hdl Syntax: whois -i

114. Inverse queries - examples What objects are referencing my nic-hdl? –whois -ipn KX17-AP In what objects am I registered as tech-c? –whois –i tech-c KX17-AP Return all domain objects where I am registered as admin-c, tech-c or zone-c –whois -i admin-c,tech-c,zone-c -T domain KX17-AP What objects are protected by my maintainer? –whois -i mnt-by MAINT-WF-EX no space! DB query

115. Database query - inverse inetnum: 202.101.128.0 - 202.101.159.255 netname: CHINANET-FJ descr: chinanet fujian province network country: CN admin-c: DK26-AP …… domain: 128.103.202.in-addr.arpa descr: in-addr.arpa zone for 128.103.202.in-addr.arpa admin-c: DK26-AP ……. aut-num: AS4811 as-name: CHINANET-CORE-WAN-EAST descr: CHINANET core WAN EAST descr: connect to AT&T,OPTUS country: CN admin-c: DK26-AP …… person: Dongmei Kou address: A12,Xin-Jie-Kou-Wai Street, address: Beijing,100088 country: CN phone: +86-10-62370437 nic-hdl: DK26-AP % whois -i person DK26-AP Inverse lookup with ‘-i ‘ DB query

116. Database query - options –Summary of other flags: - iinverse lookup on given attribute - tgive template for given type - vverbose information for given type - hspecify database server site –For more information try... whois -h whois.apnic.net HELP

117. Creating a person object Whois Database Guide: http://www.apnic.net/services/whois_guide.html 1.Fill out person object form on web Name, e-mail, phone, address etc Tick ‘MNT-NEW’ for temporary protection 2. Completed template is sent to you 3. Forward template to 4. Person object created and nic-hdl is generated DB Intro

118. LIR registration responsibilities 1.Create person objects for contacts To provide contact info in other objects 2.Create mntner object To provide protection of objects –(To be discussed later) 3.Create inetnum objects for all customer address assignments (Allocation object created by APNIC) DB Intro

119. inetnum : Allocation (Created by APNIC) 3 Using the db – step by step Customer Assignments (Created by LIR) person: nic-hdl: KX17-AP Contact info 1 Data Protection mntner: 2 inetnum:... KX17-AP... mnt-by:... 4 inetnum:... KX17-AP... mnt-by:... 5 inetnum:... KX17-AP... mnt-by:... 6 DB Intro

120. Database auto-responses Successful update SUCCEEDED Objects accepted Warnings Objects accepted but ambiguous Objects corrected and accepted Errors FAILED Objects NOT accepted Don’t understand the error message? 1.Help documentation http://www.apnic.net/docs/database-update-info.html 2. Contact Include the error message ?

121. Parse Database mailboxes Automatic request processing –Automatic “robot” for all db updates –Email template for create/update/delete Database service support –E-mails answered by APNIC staff –1 day response time DB 2

122. Database protection - maintainer object mntner:MAINT-WF-EX descr: Maintainer for ExampleNet Service Provider country: WF admin-c: ZU3-AP tech-c: KX17-AP upd-to: kxander@example.com mnt-nfy: kxander@example.com auth: CRYPT-PW apHJ9zF3o mnt-by: MAINT-WF-EX referral-by: MAINT-APNIC-AP changed: kxander@example.com 20020731 source: APNIC DB 2 protects other objects in the APNIC database

123. Creating a maintainer object 1.Fill out webform –Provide: Admin-c & tech-c password email address etc 2.Completed form will be sent to you 3.Forward request to maint-request@apnic.net 4.Maintainer will be created manually Manual verification by APNIC Hostmasters 5.Update your person object with mntner http://www.apnic.net/services/whois_guide.html

124. Database protection Authorisation –“mnt-by” references a mntner object Can be found in all database objects “mnt-by” should be used with every object! Authentication –Updates to an object must pass authentication rule specified by its maintainer object DB 2

125. Authorisation mechanism mntner:MAINT-WF-EX descr: Maintainer for ExampleNet Service Provider country: WF admin-c: ZU3-AP tech-c: KX17-AP upd-to: kxander@example.com mnt-nfy: kxander@example.com auth: CRYPT-PW apHJ9zF3o mnt-by: MAINT-WF-EX changed: kxander@example.com 20020731 source: APNIC inetnum:202.137.181.0 – 202.137.185.255 netname: EXAMPLENET-WF descr: ExampleNet Service Provider ………. mnt-by: MAINT-WF-EX DB 2

126. Maintainer specific attributes mnt-nfy: Sends notification of any changes to maintained objects to email address specified mnt-by: Maintainers must also be protected! (Normally by themselves) auth: Authentication method for this maintainer DB 2

127. Authentication methods ‘auth’ attribute – Strongly discouraged! –Crypt-PW Crypt (Unix) password encryption Use web page to create your maintainer –PGP – GNUPG Strong authentication Requires PGP keys –MD5 Soon available DB 2

128. Mnt-by & mnt-lower ‘mnt-by’ attribute Can be used to protect any object Changes to protected object must satisfy authentication rules of ‘mntner’ object. ‘mnt-lower’ attribute Also references mntner object Hierarchical authorisation for inetnum & domain objects The creation of child objects must satisfy this mntner Protects against unauthorised updates to an allocated range - highly recommended! DB 2

129. Inetnum: 203.146.96.0 - 203.146.127.255 netname: LOXINFO-TH descr: Loxley Information Company Ltd. Descr: 304 Suapah Rd, Promprab,Bangkok country: TH admin-c: KS32-AP tech-c: CT2-AP mnt-by: APNIC-HM mnt-lower: LOXINFO-IS changed: hostmaster@apnic.net 19990714 source: APNIC Authentication/Authorisation –APNIC allocation to member Created and maintained by APNIC 1. Only APNIC can change this object 2. Only Loxinfo can create assignments within this allocation 1 2 DB 2

130. Inetnum: 203.146.113.64 - 203.146.113.127 netname: SCC-TH descr: Sukhothai Commercial College Country: TH admin-c: SI10-AP tech-c: VP5-AP mnt-by: LOXINFO-IS changed: voraluck@loxinfo.co.th 19990930 source: APNIC Authentication/Authorisation –Member assignment to customer Created and maintained by APNIC member Only LOXINFO-IS can change this object DB 2

131. Role object Represents a group of contact persons for an organisation –Eases administration –Can be referenced in other objects instead of the person objects for individuals Also has a nic-hdl Eg. HM20-AP http://www.apnic.net/db/role.html

132. Role object - example – Contains contact info for several contacts role: address: country: phone: fax-no: e-mail: admin-c: tech-c: nic-hdl: mnt-by: source: OPTUS IP ADMINISTRATORS 101 Miller Street North Sydney AU +61-2-93427681 +61-2-93420813 +61-2-9342-0998 +61-2-9342-6122 noc@optus.net.au NC8-AP SC120-AP OA3-AP MAINT-OPTUSCOM-AP APNIC Values Attributes

133. Creating a role object Email –Whois –t role Gives role object template –Complete all fields With the nic-hdls of all contacts in your organisation –Send to

134. Replacing contacts in the db - using person objects inetnum: 202.0.10.0 … KX17-AP person: … KX17-AP inetnum: 202.0.15.192 … KX17-AP inetnum: 202.0.12.127 … KX17-AP person: … ZU3-AP K. Xander is leaving my organisation. Z. Ulrich is replacing him. ZU3-AP 1. Create a person object for new contact (Z. Ulrich). 2. Find all objects containing old contact (K. Xander). 3. Update all objects, replacing old contact (KX17-AP) with new contact (ZU3-AP). 4. Delete old contact’s (KX17-AP) person object.

135. Replacing contacts in the db – using a role object inetnum: 202.0.10.0 … EIPA91-AP person: … KX17-AP inetnum: 202.0.15.192 … EIPA91-AP inetnum: 202.0.12.127 … EIPA91-AP K. Xander is leaving my organisation. Z. Ulrich is replacing him. I am using a role object containing all contact persons, which is referenced in all my objects. 1. Create a person object for new contact (Z. Ulrich). 2. Replace old contact (KX17-AP) with new contact (ZU3-AP) in role object 3. Delete old contact’s person object. role: … EIPA-91-AP KX17-AP AB1-AP CD2-AP ZU3-AP person: … ZU3-AP No need to update any other objects!

136. Database update process –Email requests to –Each request contains an object template Update Request Template Parse Warnings/Errors returned Error Auth. Data Base Whois Server DB 2

137. Deleting an object –Copy object as-is in database into email –Add your maintainer password –Leave the changed attribute inetnum: 202.182.224.0 - 202.182.225.255 netname: SONY-HK... mnt-by: MAINT-CNS-AP changed: ph@macroview.com 19990617 source: APNIC password: x34zky delete: no longer required me@company.com Note: Referenced objects cannot be deleted (02/99) DB 2

138. Forgotten the password ? We do not recommend using personal names for maintainer objects Requires legal documentation DB 2 Unfortunately we cannot change the password for the maintainer until we have received a fax with your company’s letterhead confirming the request to modify the password. In the fax, please include the following: 0. Attention: APNIC Database Administration Department 1.The APNIC Account name of your company and your personal nic handle. If you do not have an APNIC account, then please state ‘NON-MEM’. 2.The current maintainer object which is to be modified, as obtained from ‘whois –h whois.apnic.net MAINTAINER- OBJECT’ 3.The new password/authorisation for the maintainer. 4.The signature of a contact for the maintainer. Confirmatio n by fax required on company letter head

139. Questions ?

140. Reverse DNS Delegation Registry Procedures Rev. DNS

141. Overview Reverse DNS Delegation APNIC & Member responsibilities Reverse network delegations (/16) Reverse network delegations (/24) Subnet delegations Delegation procedures Rev. DNS

142. What is ‘Reverse DNS’? ‘Forward DNS’ maps names to numbers –svc00.apnic.net -> 202.12.28.131 ‘Reverse DNS’ maps numbers to names –202.12.28.131 -> svc00.apnic.net Rev. DNS

143. In-addr.arpa Hierarchy of IP addresses –Uses ‘in-addr.arpa’ domain INverse ADDRess IP addresses: –Less specific to More specific 210.56.14.1 Domain names: –More specific to Less specific delhi.vsnl.net.in –Reversed in in-addr.arpa hierarchy 14.56.210.in-addr.arpa Rev. DNS

144. whois Root DNS Reverse DNS delegation net edu com au whois apnic 202 203 210 211.. 202 22 in-addr arpa 64 22.64.in-addr.202.arpa Rev. DNS - Mapping numbers to names - ‘reverse DNS’

145. Reverse DNS - why bother? Service denial That only allow access when fully reverse delegated eg. anonymous ftp Diagnostics Assisting in trace routes etc Registration Responsibility as a member and Local IR Rev. DNS

146. APNIC & Member responsibilities APNIC –Manage reverse delegations of address block distributed by APNIC –Process members requests for reverse delegations of network allocations Members –Be familiar with APNIC procedures –Ensure that addresses are reverse-mapped –Maintain nameservers for allocations Minimise pollution of DNS

147. Reverse delegation requirements /24 Delegations Address blocks should be assigned/allocated At least two name servers /16 Delegations Same as /24 delegations APNIC delegates entire zone to member Recommend APNIC secondary zone < /24 Delegations Read “classless in-addr.arpa delegation” RFC 2317

148. Delegation procedures Upon allocation, member is asked if they want /24 place holder domain objects with member maintainer –Gives member direct control Standard APNIC database object, –can be updated through online form or via email. Nameserver/domain set up verified before being submitted to the database. Protection by maintainer object –(current auths: NONE, CRYPT-PW, PGP). Zone file updated 2-hourly Rev. DNS

149. Delegation procedures – request form Complete the documentation http://www.apnic.net/db/domain.html On-line form interface –Real time feedback –Gives errors, warnings in zone configuration serial number of zone consistent across nameservers nameservers listed in zone consistent –Uses database ‘domain’ object examples of form to follow.. Rev. DNS

150. Evaluation Parser checks for –‘whois’ database IP address range is assigned or allocated Must be in APNIC database –Maintainer object Mandatory field of domain object –Nic-handles zone-c, tech-c, admin-c –Name servers Rev. DNS

151. Use of maintainer object Domain objects protected by maintainers hierarchical protection using “mnt-lower” Bootstrap period –‘MAINT-AP-DNS-DEFAULT’ for all objects imported by APNIC from existing zone files Changing delegations requires valid maintainer Maintainer creation & authorisation is manual – Turnaround time 2 days –/24 place holder objects created upon allocation gives members direct control No need to contact APNIC when changing nservers Rev. DNS

152. Delegation process summary on-line feedback given no Step 1 yes Step 2 Step 3 update APNIC database notify upd-to contact for maintainer object zone files reloaded Every 2 hrs, 24hrs a day on everyday Delegation by APNIC request forwarded to APNIC for manual processing no yes request parsed OK? authorisation OK? Rev. DNS Reverse DNS Troubleshooting Guide: http://www.apnic.net/services/help/rd/troubleshooting.html

153. Questions? Are all your zones, and your customer zones registered?

154. Autonomous System Numbers Procedures

155. Overview What is an AS? Guidelines and procedures Application form (documentation) Policy expression ASN

156. What is an Autonomous System? –Collection of networks with same routing policy –Usually under single ownership, trust and administrative control AS 100 ASN

157. When do I need an ASN? When do I need an AS? –Multi-homed network to different providers and –Routing policy different to external peers Recommended reading! –RFC1930: Guidelines for creation, selection and registration of an Autonomous System ASN RFC 1930

158. When don’t I need an ASN? Factors that don’t count –Transition and ‘future proofing’ –Multi-homing to the same upstream RFC2270: A dedicated AS for sites homed to a single provider –Service differentiation RFC1997: BGP Communities attribute RFC 2270 RFC 1997 ASN

159. Requesting an ASN Complete the request form –web form available: http://www.apnic.net/db/aut-num.html Request form is parsed - real time –Must include routing policy multiple import and export lines –Is checked for syntactical accuracy based on RPSL (rfc2622) –Peers verified by querying routing table –[NO-PARSE] will not send request to parser ASN RFC 2622

160. Requesting an ASN - Customers 1.Requested directly from APNIC AS number is “portable” 2.Requested via member ASN is “non-portable” ASN returned if customer changes provider Transfers of ASNs –Need legal documentation (mergers etc) –Should be returned if no longer required ASN New policy as of Nov-02

161. Representation of routing policy Routing and packet flows AS 1AS 2 routing flow packet flow accepts announces accepts ASN For AS1 and AS2 networks to communicate AS1 must announce to AS2 AS2 must accept from AS1 AS2 must announce to AS1 AS1 must accept from AS2

162. Representation of routing policy AS 1AS 2 aut-num: AS1 … import:from AS2 action pref=100; accept AS2 export:to AS2 announce AS1 aut-num: AS2 … import: from AS1 action pref=100; accept AS1 export: to AS1 announce AS2 Basic concept “action pref” - the lower the value, the preferred the route ASN

163. Representation of routing policy AS 123 AS4 AS5 AS10 More complex example AS4 gives transit to AS5, AS10 AS4 gives local routes to AS123 ASN

164. Representation of routing policy AS 123 AS4 AS5 AS5 AS10 import: from AS123 action pref=100; accept AS123 aut-num: AS4 import: from AS5 action pref=100; accept AS5 import: from AS10 action pref=100; accept AS10 export: to AS123 announce AS4 export: to AS5 announce AS4 AS10 export: to AS10 announce AS4 AS5 Not a path ASN

165. Representation of routing policy AS123 AS4 More complex example AS4 and AS6 private link1 AS4 and AS123 main transit link2 backup all traffic over link1 and link3 in event of link2 failure AS6 private link1 link3 transit traffic over link2 ASN

166. Representation of routing policy AS123 AS4 AS6 private link1 link3 AS representation transit traffic over link2 import:from AS123 action pref=100; accept ANY aut-num: AS4 import:from AS6 action pref=50; accept AS6 import:from AS6 action pref=200; accept ANY export:to AS6 announce AS4 export:to AS123 announce AS4 full routing received ASN higher cost for backup route

167. aut-num:AS4777 as-name: APNIC-NSPIXP2-AS descr:Asia Pacific Network Information Centre descr: AS for NSPIXP2, remote facilities site import:from AS2500 action pref=100; accept ANY import:rom AS2524 action pref=100; accept ANY import:from AS2514 action pref=100; accept ANY export: to AS2500 announce AS4777 export:to AS2524 announce AS4777 export:to AS2514 announce AS4777 default:to AS2500 action pref=100; networks ANY admin-c:PW35-AP tech-c: NO4-AP remarks: Filtering prefixes longer than /24 mnt-by: MAINT-APNIC-AP changed: paulg@apnic.net 19981028 source:APNIC Aut-num object example POLICY RPSL ASN

168. Routing Policy Specification Language RPSL –Derived from RIPE-181 –Introduced with v3 Database 20 August 2002 –“New” object specification language more expressive syntax advanced aut-num and routing policy options –Especially useful in an Internet Routing Registry ASN RFC 2622

169. Questions ?

170. APNIC Internet Routing Registry

171. What is an IRR? Global Internet Routing Registry database –http://www.irr.net/http://www.irr.net/ Uses RPSL –Established in 1995 Stability and consistency of routing –network operators share information Both public and private databases –These databases are independent but some exchange data only register your data in one database

172. Internet Routing Registries RIPE RADB CW APNIC Connect ARIN, ArcStar, FGC, Verio, Bconnex, Optus, Telstra,... IRR = APNIC RR + RIPE DB + RADB + C&W + ARIN + …

173. Why use an IRR? Route filtering Peering networks A provider and its customer Network troubleshooting Easier to locate routing problems outside your network Router configuration By using IRRToolSet –ftp.ripe.net/tools/IRRToolSet Global view of routing A global view of routing policy improves the integrity of Internet’s routing as a whole.

174. APNIC Database & the IRR APNIC whois Database –Two databases in one Public Network Management Database –“whois” info about networks & contact persons IP addresses, AS numbers etc Routing Registry –contains routing information routing policy, routes, filters, peers etc. –APNIC RR is part of the global IRR

175. Integration of Whois and IRR Integrated APNIC Whois Database & Internet Routing Registry APNIC Whois IRR IP, ASNs, reverse domains, contacts, maintainers etc routes, routing policy, filters, peers etc inetnum, aut-num, domain, person, role, maintainer route, aut-num, as-set, int-rtr, peering-set etc. Internet resources & routing information

176. RPSL Routing Policy Specification Language –Object oriented language Based on RIPE-181 –Structured whois objects Higher level of abstraction than access lists Describes things interesting to routing policy: –Routes, AS Numbers … –Relationships between BGP peers –Management responsibility Relevant RFCs –Routing Policy Specification Language –Routing Policy System Security –Using RPSL in Practice RFC 2622 RFC 2725 RFC 2650

177. IRR objects route –Specifies interAS routes aut-num –Represents an AS. Used to describe external routing policy inet-rtr –Represents a router peering-set –Defines a set of peerings route-set –Defines a set of routes as-set –Defines a set of aut-num objects rtr-set –Defines a set of routers filter-set –Defines a set of routes that are matched by its filter www.apnic.net/db/ref/db-objects.html

178. Inter-related IRR objects inetnum: 202.0.16 - 202.0.31.255 … tech-c: KX17-AP mnt-by: MAINT-EX aut-num: AS1 … tech-c: KX17-AP mnt-by: MAINT-EX … route: origin: … mnt-by: MAINT-EX person: … nic-hdl: KX17-AP … mntner: MAINT-EX … 202.0.16/20 AS1 202.0.16 - 202.0.31.255 AS1

179. Inter-related IRR objects aut-num: AS2 … inetnum: 202.0.16.0-202.0.31.255 … aut-num: AS10 … route: 202.0.16/20 … origin: AS2 … as-set: AS1:AS-customers members: AS10, AS11 route-set: AS2:RS-routes members: 218.2/20, 202.0.16/20 route: 218.2/20 … origin: AS2 … aut-num: AS2 … inetnum: 218.2.0.0 - 218.2.15.255 … aut-num: AS11 …, AS2

180. ‘Set-’ objects and their members aut-num: AS10 … as-set: AS1:AS-CUSTS members: AS10, AS11 aut-num: AS11 … as-set: AS1:AS-PEERS mbrs-by-ref: MAINT-EX aut-num: AS20 member-of: AS1:AS-PEERS mnt-by: MAINT-EX aut-num: AS21 member-of: AS1:AS-PEERS mnt-by: MAINT-EX members - members specified in the ‘set-’ object mbrs-by-ref - ‘set’ specified in the member objects Two ways of referencing members 1.‘mbrs-by-ref’ specifies the maintainer of the members. 2.Members reference the ‘set-’ object in the ‘member-of’ attribute 3.Members are maintained by the maintainer specified in the ‘set-’ 1.‘members’ specifies members of the set 2.Members added in the ‘set-’ object 3.No need to modify the member object when adding members 1 2 1 2 3 3

181. Hierarchical authorisation mnt-routes –authenticates creation of route objects creation of route objects must pass authentication of mntner referenced in the mnt-routes attribute –Format: mnt-routes: In:, and objects route aut-numinetnum

182. Authorisation mechanism inetnum: 202.137.181.0 – 202.137.185.255 netname: SPARKYNET-WF descr: SparkyNet Service Provider … mnt-by: MAINT-APNIC-AP mnt-lower: MAINT-SPARKYNET mnt-routes: MAINT-SPARKYNET-WF This object can only be modified by APNIC Creation of more specific objects (assignments) within this range has to pass the authentication of MAINT-SPARKYNET Creation of route objects matching/within this range has to pass the authentication of MAINT-SPARKYNET-WF

183. Creating route objects Multiple authentication checks: –Originating ASN mntner in the mnt-routes is checked If no mnt-routes, mnt-lower is checked If no mnt-lower, mnt-by is checked –AND the address space Exact match & less specific route –mnt-routes etc Exact match & less specific inetnum –mnt-routes etc –AND the route object mntner itself The mntner in the mnt-by attribute aut-num inetnum route (encompassing) route

184. Creating route objects 1 route: 202.137.240/20 origin: AS1 route mntner: MAINT-WF-EXNET auth: CRYPT-PW klsdfji9234 maintainer inetnum: 202.137.240.0 – 202.137.255.255 mnt-routes: MAINT-WF-EXNET IP address range aut-num: AS1 mnt-routes: MAINT-WF-EXNET AS number 1. Create route object and submit to APNIC RR database 4. Db checks aut-num obj corresponding to the ASN in route obj 2. Db checks inetnum obj matching/encompassing IP range in route obj 3. Route obj creation must pass auth of mntner specified in inetnum mnt-routes attribute. 5. Route obj creation must pass auth of mntner specified in aut-num mnt-routes attribute. 4 5 3 2

185. APNIC RR service scope Support –APNIC Helpdesk support Training IRR workshop under development Mirroring –APNIC mirrors IRRs within Asia Pacific and major IRRs outside of the region.

186. Summary APNIC RR integrated in APNIC Whois DB whois.apnic.net IRR benefits –Facilitates network troubleshooting –Generation of router configuration –Provides global view of routing APNIC RR benefits –Single maintainer (& person obj) for all objects –APNIC asserts resources for a registered route –Part of the APNIC member service!

187. Questions ?

188. IPv6 Overview, Policies & Procedures

189. Overview Rationale Addressing Features of IPv6 IPv6 Policies & Procedures Statistics

190. Rationale Address depletion concerns –Squeeze on available addresses space End to end connectivity no longer visible Widespread use of NAT Scalability –Increase of backbone routing table size Hierarchical routing (CIDR) IPv6

191. IPv6 addressing 128 bits of address space Hexadecimal values of eight 16 bit fields X:X:X:X:X:X:X:X (X=16 bit number, eg: A2FE) 16 bit number is converted to a 4 digit hexadecimal number Example: FE38:DCE3:124C:C1A2:BA03:6735:EF1C:683D 4EED:23:0:0:0:36E:125:2B 32CB:10A2:0000:0000:0000:0000:3EFC:3C2A can be represented as 32CB:10A2::3EFC:3C2A IPv6

192. IPv6 address management hierarchy IANA RIR LIR/ISP Customer Site IPv6 Downstream ISP LIR/ISP

193. IPv6 addressing structure 0 127 LIR /32 32 128 bits Customer Site /48 16 Subnet /64 1664 Device /128

194. IPv6 deployment current experiments IPv6-washing machine IPv6-refrigerator IPv6-microwave Mobile viewer Access point PC IPv6 network Home hub Home router Light Air conditioner Ethernet Wireless

195. IPv6 address policy goals Efficient address usage Avoid wasteful practices Aggregation Hierarchical distribution Aggregation of routing information Limiting no of routing entries advertised into the Internet Minimise overhead Associated with obtaining address space Registration, Uniqueness, Fairness & consistency IPv6

196. IPv6 initial allocation criteria Be an LIR –Not be an end site Plan for at least 200 /48 assignments to other organisations within 2 years Plan to provide IPv6 connectivity to organisations and to end sites –Initial allocation size: /32 IPv6

197. IPv6 sub-allocation policy LIR to ISP allocation –Policy determined by LIR DB registration –All /48 and shorter prefix allocations and assignments must be registered

198. IPv6 assignments Default assignment /48 for all end sites POP also defined as end site –Providing 16 bits of space for subnets Other assignment sizes –/64 only one subnet –/128 only one device connecting Larger assignments - Multiple /48s –Should be reviewed by RIR/NIR Follow second opinion procedure 48 bits 128 bits64 bits 48 bits

199. IPv6 utilisation Utilisation determined from end site assignments –LIR responsible for registration of all /48 assignments –Intermediate allocation hierarchy not considered Utilisation of IPv6 address space is measured differently from IPv4

200. IPv6 utilisation requirement IPv6 utilisation measured according to HD-Ratio (RFC 3194): IPv6 utilisation requirement is HD=0.80 –Measured according to assignments only E.g. ISP has assigned 10000 (/48s) addresses of /32 Utilisation HD = log (Assigned address space) log (Available address space) log (Assigned address space) log (Available address space) = log (10,000) log (65,536) = 0.83

201. IPv6 utilisation requirement (Cont.) HD Ratio utilisation requirement of 0.80 IPv6 Prefix Site Address Bits Total site address in /48s Threshold (HD ratio 0.8) Utilisation % 4266428 36124096776 351381921351 3216655367132 291952428837641 24 16777216602249 1632429496729650859008 84010995116277764294967296 3453518437208883268719476736 10.9% 43.5% 18.9% 16.5% 7.2% 3.6% 1.2% 0.4% 0.2% RFC 3194 “In a hierarchical address plan, as the size of the allocation increases, the density of assignments will decrease.”

202. Subsequent allocation Must meet HD = 0.8 utilisation requirement of previous allocation (7132 /48s assignments in a /32) Other criteria to be met –Correct registrations (all /48s registered) –Correct assignment practices etc Subsequent allocation size is at least double –Resulting IPv6 prefix is 1 bit shorter –Should be sufficient for 2 years requirement

203. Other conditions License model of allocation –Allocations are not considered permanent, but always subject to review and reclamation Existing /35 Allocations –A number of /35s have been assigned under interim IPv6 policy –Holders of /35s eligible to request /32

204. IXP IPv6 assignment policy Criteria –Demonstrate ‘open peering policy’ –3 or more peers –Should not announce prefix to the Internet Portable assignment size: /48 –All other needs should be met through normal processes –/64 holders can “upgrade” to /48 Through NIRs/ APNIC Need to return /64 IPv6

205. IPv6 - current experiments IPv6-washing machine IPv6-refrigerator IPv6-microwave Mobile viewer Access point PC IPv6 network Home hub Home router Light Air conditioner Ethernet Wireless

206. IPv6 allocation request form Requestor template Network template IPv6 usage template Additional information –Information published online –network diagram & deployment dates –Additional justification if requesting more than initial allocation size –Additional information

207. IPv6 address allocation procedures IPv6 Allocations to RIRs from IANA –APNIC2001:0200::/23 2001:0C00::/23 2001:0E00::/23 –ARIN 2001:0400::/23 –LACNIC2001:1200::/23 –RIPE NCC 2001:0600::/23 2001:0800::/23 2001:0A00::/23 IPv6 Address Request form –http://ftp.apnic.net/apnic/docs/ipv6-alloc-requesthttp://ftp.apnic.net/apnic/docs/ipv6-alloc-request IPv6

208. IPv6 RIRs distribution Last updated Oct 2003 IPv6

209. IPv6 Allocations - Global

210. IPv6 allocations in AP IPv6 Last updated Oct 2003

211. IPv6 routing table Source: http://bgp.potaroo.net/v6/as1221/index.html Last updated May 2003

212. Questions ?

213. References IPv6 Resource Guide http://www.apnic.net/services/ipv6_guide.html IPv6 Policy Document http://www.apnic.net/policies.html IPv6 Address request form http://ftp.apnic.net/apnic/docs/ipv6-alloc-request Useful reading: –“The case for IPv6”: http://www.6bone.net/misc/case-for-ipv6.html FAQ http://www.apnic.net/info/faq/IPv6-FAQ.html IPv6

214. Questions ?

215. Summary What we have covered today

216. Summary APNIC’s role in the Asia Pacific Internet Registry Policies IPv4 Allocation & Assignment Procedures IP Address Management APNIC Database Procedures Reverse DNS Procedures ASN Assignment Procedures Internet Routing Registry IPv6 Overview and Policies

217. Summary - Responsibilities As an APNIC member and custodian of address space –Be aware of your responsibilities –Register customer assignments in APNIC database Keep this data up-to-date & accurate –Educate your customers –Document your network in detail Keep local records –Register reverse DNS delegations

218. More personalised service –Range of languages: Faster response and resolution of queries –IP resource applications, status of requests, membership enquiries, billing issues & database enquiries Member Services Helpdesk - One point of contact for all member enquiries helpdesk@apnic.net www.apnic.net/helpdesk Helpdesk hours 9:00 am - 7:00 pm (AU EST, UTC + 10 hrs) ph: +61 7 3858 3188fax: +61 7 3858 3199 Filipino (Tagalog) Mandarin Vietnamese English Japanese Thai Cantonese Hindi Telugu

219. Summary “Do the right thing” –Think about routing table size & scalability of Internet –Encourage renumbering –Announce aggregate prefixes –Think global not local

220. Thank you !! Your feedback is appreciated

221. Supplementary Reading

222. Introduction Regional Registry web sites APNIC: http://www.apnic.net ARIN: http://www.arin.net LACNIC: http://www.lacnic.net RIPE NCC: http://www.ripe.net APNIC past meetings http://www.apnic.net/meetings

223. Introduction APNIC members http://www.apnic.net/members.html Membership Membership procedure http://www.apnic.net/membersteps.html Membership application form http://www.apnic.net/apnic-bin/membership-application.pl Membership fees http://www.apnic.net/docs/corpdocs/FeeSchedule.htm

224. Introduction to APNIC & IP Policy Classless techniques CIDR http://ftp.apnic.net/ietf/rfc/rfc1000/rfc1517-19.txt Network Addressing when using CIDR ftp://ftp.uninett.no/pub/misc/eidnes-cidr.ps.Z Variable Length Subnet Table http://ftp.apnic.net/ietf/rfc/rfc1000/rfc1878.txt http://ftp.apnic.net/ietf/rfc/rfc1000/rfc1878.txt Private Address Space Address Allocation for Private Internets http://ftp.apnic.net/ietf/rfc/rfc1000/rfc1918.txt Counter argument: “Unique addresses are good” http://ftp.apnic.net/ietf/rfc/rfc1000/rfc1814.txt

225. Bit boundary chart +------------------------------------------------------+ | addrs bits pref class mask | +------------------------------------------------------+ | 1 0 /32 255.255.255.255 | | 2 1 /31 255.255.255.254 | | 4 2 /30 255.255.255.252 | | 8 3 /29 255.255.255.248 | | 16 4 /28 255.255.255.240 | | 32 5 /27 255.255.255.224 | | 64 6 /26 255.255.255.192 | | 128 7 /25 255.255.255.128 | | 256 8 /24 1C 255.255.255 | | 512 9 /23 2C 255.255.254 | | 1,024 10 /22 4C 255.255.252 | | 2,048 11 /21 8C 255.255.248 | | 4,096 12 /20 16C 255.255.240 | | 8,192 13 /19 32C 255.255.224 | | 16,384 14 /18 64C 255.255.192 | | 32,768 15 /17 128C 255.255.128 | | 65,536 16 /16 1B 255.255 | | 131,072 17 /15 2B 255.254 | | 262,144 18 /14 4B 255.252 | | 524,288 19 /13 8B 255.248 | | 1,048,576 20 /12 16B 255.240 | | 2,097,152 21 /11 32B 255.224 | | 4,194,204 22 /10 64B 255.192 | | 8,388,608 23 /9 128B 255.128 | | 16,777,216 24 /8 1A 255 | | 33,554,432 25 /7 2A 254 | | 67,108,864 26 /6 4A 252 | | 134,217,728 27 /5 8A 248 | | 268,435,456 28 /4 16A 240 | | 536,870,912 29 /3 32A 224 | |1,073,741,824 30 /2 64A 192 | +------------------------------------------------------+

226. APNIC Mailing Lists apnic-talk –Open discussions relevant to APNIC community & members apnic-announce –Announcements of interest to the AP community sig-policy –IPv4 and IPv6 allocation and assignment policies global-v6 –Global IPv6 policy mailing list subscribe via archives: http://ftp.apnic.net/apnic/mailing-lists http://www.apnic.net/net_comm/lists/

227. The RIR System “Development of the Regional Internet Registry System” Internet Protocol Journal Short history of the Internet http://www.cisco.com/warp/public/759/ipj_4-4/ipj_4-4_regional.html

228. Policies & Policy Environment Policy Documentation Policies for address space management in the Asia Pacific region http://www.apnic.net/docs/policy/add-manage-policy.html RFC2050: Internet Registry IP allocation Guidelines http://ftp.apnic.net/ietf/rfc/rfc2000/rfc2050.txt

229. Address Request Procedures Addressing Guidelines “Designing Addressing Architectures for Routing & Switching”, Howard C. Berkowitz Address Request Forms ISP Address Request Form http://www.apnic.net/services/ipv4/ Second-opinion Request Form http://www.apnic.net/services/second-opinion/ No Questions Asked http://ftp.apnic.net/apnic/docs/no-questions-policy

230. APNIC Database APNIC Database Documentation Updating information in the APNIC Database http://ftp.apnic.net/apnic/docs/database-update-info Maintainer & Person Object Request Form http://ftp.apnic.net/apnic/docs/mntner-person-request APNIC Maintainer Object Request http://www.apnic.net/apnic-bin/maintainer.pl APNIC Whois Database objects resource guide http://www.apnic.net/services/whois_guide.html

231. APNIC Database RIPE Database Documentation RIPE Database Reference Manual http://www.ripe.net/docs/databaseref-manual.html Database ‘whois’ Client http://ftp.apnic.net/apnic/dbase/tools/ripe-dbase-client.tar.gz Database web query http://www.apnic.net/apnic-bin/whois2.pl

232. Person object template person: [mandatory] [single] [lookup key] address: [mandatory] [multiple] [ ] country: [optional] [single] [ ] phone: [mandatory] [multiple] [ ] fax-no: [optional] [multiple] [ ] e-mail: [mandatory] [multiple] [lookup key] nic-hdl: [mandatory] [single] [primary/look-up key] remarks: [optional] [multiple] [ ] notify: [optional] [multiple] [inverse key] mnt-by: [mandatory] [multiple] [inverse key] changed: [mandatory] [multiple] [ ] source: [mandatory] [single] [ ]

233. Role object template role: [mandatory] [single] [lookup key] address: [mandatory] [multiple] [ ] country: [optional] [single] [ ] phone: [mandatory] [multiple] [ ] fax-no: [optional] [multiple] [ ] e-mail: [mandatory] [multiple] [lookup key] trouble: [optional] [multiple] [ ] admin-c: [mandatory] [multiple] [inverse key] tech-c: [mandatory] [multiple] [inverse key] nic-hdl: [mandatory] [single] [primary/look-up key] remarks: [optional] [multiple] [ ] notify: [optional] [multiple] [inverse key] mnt-by: [mandatory] [multiple] [inverse key] changed: [mandatory] [multiple] [ ] source: [mandatory] [single] [ ]

234. Maintainer Object Template mntner: [mandatory] [single] [primary/look-up key] descr: [mandatory] [multiple] [ ] country: [optional] [single] [ ] admin-c: [mandatory] [multiple] [inverse key] tech-c: [optional] [multiple] [inverse key] upd-to: [mandatory] [multiple] [inverse key] mnt-nfy: [optional] [multiple] [inverse key] auth: [mandatory] [multiple] [ ] remarks: [optional] [multiple] [ ] notify: [optional] [multiple] [inverse key] mnt-by: [mandatory] [multiple] [inverse key] referral-by: [mandatory] [single] [inverse key] changed: [mandatory] [multiple] [ ] source: [mandatory] [single] [ ]

235. Inetnum object template inetnum: [mandatory] [single] [primary/look-up key] netname: [mandatory] [single] [lookup key] descr: [mandatory] [multiple] [ ] country: [mandatory] [multiple] [ ] admin-c: [mandatory] [multiple] [inverse key] tech-c: [mandatory] [multiple] [inverse key] rev-srv: [optional] [multiple] [inverse key] status: [mandatory] [single] [ ] remarks: [optional] [multiple] [ ] notify: [optional] [multiple] [inverse key] mnt-by: [mandatory] [multiple] [inverse key] mnt-lower: [optional] [multiple] [inverse key] mnt-routes:[optional] [multiple] [inverse key] mnt-irt: [optional] [multiple] [inverse key] changed: [mandatory] [multiple] [ ] source: [mandatory] [single] [ ]

236. Aut-num Object Template aut-num: [mandatory] [single] [primary/look-up key] as-name: [mandatory] [single] [ ] descr: [mandatory] [multiple] [ ] country: [optional] [single] [ ] member-of: [optional] [multiple] [ ] import: [optional] [multiple] [ ] export: [optional] [multiple] [ ] default: [optional] [multiple] [ ] remarks: [optional] [multiple] [ ] admin-c: [mandatory] [multiple] [inverse key] tech-c: [mandatory] [multiple] [inverse key] cross-mnt: [optional] [multiple] [inverse key] cross-nfy: [optional] [multiple] [inverse key] notify: [optional] [multiple] [inverse key] mnt-lower: [optional] [multiple] [inverse key] mnt-routes: [optional] [multiple] [inverse key] mnt-by: [mandatory] [multiple] [inverse key] changed: [mandatory] [multiple] [ ] source: [mandatory] [single] [ ]

237. Domain object template domain: [mandatory] [single] [primary/look-up key] descr: [mandatory] [multiple] [ ] country: [optional] [single] [ ] admin-c: [mandatory] [multiple] [inverse key] tech-c: [mandatory] [multiple] [inverse key] zone-c: [mandatory] [multiple] [inverse key] nserver: [mandatory] [multiple] [inverse key] sub-dom: [optional] [multiple] [inverse key] dom-net: [optional] [multiple] [ ] remarks: [optional] [multiple] [ ] notify: [optional] [multiple] [inverse key] mnt-by: [mandatory] [multiple] [inverse key] mnt-lower: [optional] [multiple] [inverse key] refer: [optional] [single] [ ] changed: [mandatory] [multiple] [ ] source: [mandatory] [single] [ ]

238. Reverse DNS Request Forms Guide to reverse zones http://www.apnic.net/db/revdel.html Registering your Rev Delegations with APNIC http://www.apnic.net/db/domain.html Relevant RFCs Classless Delegations http://ftp.apnic.net/ietf/rfc/rfc2000/rfc2317.txt Common DNS configuration errors http://ftp.apnic.net/ietf/rfc/rfc1000/rfc1537.txt

239. Reverse DNS Documentation Domain name structure and delegation http://ftp.apnic.net/ietf/rfc/rfc1000/rfc1591.txt Domain administrators operations guide http://ftp.apnic.net/ietf/rfc/rfc1000/rfc1033.txt Taking care of your domain ftp://ftp.ripe.net/ripe/docs/ripe-114.txt Tools for DNS debugging http://ftp.apnic.net/ietf/rfc/rfc2000/rfc2317.txt

240. AS Assignment Procedures Policy Guidelines for the creation, selection, and registration of an AS http://ftp.apnic.net/ietf/rfc/rfc1000/rfc1930.txt RFCs Routing Policy Specification Language (RPSL) http://ftp.apnic.net/ietf/rfc/rfc2000/rfc2280.txt A dedicated AS for sites homed to a single provider http://ftp.apnic.net/ietf/rfc/rfc2000/rfc2270.txt RFC1997: BGP Communities attribute http://ftp.apnic.net/ietf/rfc/rfc2000/rfc2270.txt

241. IPv6 Policy Documents IPv6 Address Policy http://ftp.apnic.net/apnic/docs/ipv6-address-policy IPv6 Address request form http://ftp.apnic.net/apnic/docs/ipv6-alloc-request Useful reading The case for IPv6 http://www.6bone.net/misc/case-for-ipv6.html FAQ http://www.apnic.net/info/faq/IPv6-FAQ.html

242. IPv6: HD Ratio 0.8 IPv6 prefixSite addr bits Total site addrs in /48sThresholdUtil% 426642843.5% 3612409677618.9% 35138192135116.5% 321665536713210.9% 2919524288376417.2% 24 167772166022493.6% 16324294967296508590081.2% 840109951162777642949672960.4% 34535184372088832687194767360.2% RFC3194 “The Host-Density Ratio for Address Assignment Efficiency”

243. Other supplementary reading Operational Content Books ISP Survival Guide, Geoff Huston Cisco ISP Essentials, Philip Smith BGP Table http://www.telstra.net/ops/bgptable.html http://www.merit.edu/ipma/reports http://www.merit.edu/ipma/routing_table/mae- east/prefixlen.990212.html http://www.employees.org/~tbates/cidr.hist.plot.html Routing Instability http://zounds.merit.net/cgi-bin/do.pl

244. Other supplementary reading Routing & Mulithoming Internet Routing Architectures - Bassam Halabi BGP Communities Attribute http://ftp.apnic.net/ietf/rfc/rfc1000/rfc1997.txt http://ftp.apnic.net/ietf/rfc/rfc1000/rfc1998.txt Filtering Egress Filtering http://www.cisco.com/public/cons/isp Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing http://ftp.apnic.net/ietf/rfc/rfc2000/rfc2267.txt

245. Other Supplementary Reading Dampening case studies at http://www.cisco.com/warp/public/459/16.html Traceroute Server http://nitrous.digex.net Network Renumbering Overview: Why Would I Want It and What Is It Anyway? http://ftp.apnic.net/ietf/rfc/rfc2000/rfc2071.txt Procedures for Enterprise Renumbering http://www.isi.edu/div7/pier/papers.html NAT –The IP Network Address Translator http://ftp.apnic.net/ietf/rfc/rfc1000/rfc1631.txt