Download presentation
Presentation is loading. Please wait.
Published byCuthbert Maxwell Modified over 9 years ago
1
Copyright © 2011 Japan Network Information Center JPNIC ’ s RQA and Routing Related Activities JPNIC IP Department Izumi Okutani APNIC32 Aug 2011, Busan
2
Copyright © 2011 Japan Network Information Center 1 What JPNIC does for the integrity of routing Our basic position -Actual routing decisions are for the operators to make -JPNIC ’ s role is to help in maintain integrity of routing for address prefixes under our management What we do -Before allocation -Problems after allocation -Our routing registry - JPIRR
3
Copyright © 2011 Japan Network Information Center 2 What we do before allocation Check routing status for allocation blocks for our LIRs -Check route announcement (RIPE RIS) and IRR registration (RADB) -APNIC checks routability on /8 basis, so our check is on more specific level Make requests to remove registered object(s) in RADB if we find anything pre-registered -Still go ahead with allocations as long as no route announcement is found No check in IPv6 for now, as pre-used prefixes are rare
4
Copyright © 2011 Japan Network Information Center 3 Trend in IPv4 allocation prefix Route Announcement -No case with route announcement recently Inadequate RADB registration(s) -Some inadequate registrations but few in number FY2010 - 226 total prefixes, 6 registrations removed, 3 registrations remain even after request FY2011 - 75 total prefixes, 0 registration remove, 11 registrations remain even after request -Inadequate registrations somehow concentrate on certain ranges e.g., 27/8, 101/8, 203/8 -133/8 (the last /8 block) is very clean so far
5
Copyright © 2011 Japan Network Information Center 4 Routing problems after allocation Few cases reported with routing problems for allocated prefix Case 1 -Problem with reachability to US military base -Issue did not resolve despite LIR,JPNIC, APNIC contacting the upstream and the network in question Case2 -A major US ISP was announcing the prefix, and would not respond to request from LIR,JPNIC -Consulted JANOG ML and had the announcement withdrawn by contacting through operators in Japan Case3 -Prefix had reachability problem with ETAS and a number of websites -Issue did not resolve despite LIR contacting the upstream and the network in question -LIR and JPNIC requested IANA to re-announce to remove debogon filters on NANOG mailing list
6
Copyright © 2011 Japan Network Information Center 5 What we do for problems after allocation Suggest LIR to contact the upstream, network blocking the route, and/or raise the issue on NOG mailing list(s) -JPNIC also makes contacts if it helps to contact from a registry Request APNIC/IANA to make announcements to appropriate NOGs outside Japan/APNIC region - Needs global coordination for filtering outside the region Remaining Issue -Not all of the problems are based on routing - sometimes filtering is done on software level
7
Copyright © 2011 Japan Network Information Center 6 Can we do this better in IPv6? Is there a way to create good collaborative framework to handle such issues? What can we do about filtering on application level? Is there a way for operators through out the RIR regions to discuss and roughly agree on possibly a happier way to handle non-allocated routes than the how we do today?
8
Copyright © 2011 Japan Network Information Center 7 Our Routing registry - JPIRR For anyone who have directly received number resources from JPNIC -Mirroring with IRR of APNIC, RIPE NCC, RADB Automated garbage collection on un-updated objects over an interval (max 24 months) Experiment on collaboration with hijack detection system
9
Copyright © 2011 Japan Network Information Center 8 Status of JPIRR registrations
10
Copyright © 2011 Japan Network Information Center 9 Experiment on collaboration Hijack detection system Collaboration with Telecom ISAC Japan ’ s hijack detection system since May 2008 -137 ISPs join the experiment (nearly 70% of JPIRR maintainers) Notify ISPs joining the experiment in cases where route hijacking is suspected -Compare route origin with registered data in JPIRR and notify when difference is detected -Simply add a field “ X-Keiro ” (Keiro = Route in Japanese) and register e-mail address for notification in Route object
11
Copyright © 2011 Japan Network Information Center 10
12
Copyright © 2011 Japan Network Information Center 11 Good relationship cycle JPIRR R users JPIRR R users Hijack detectio n system JPIRR Higher awareness on routing security 1.Increase in JPIRR registrants 2.Increased accuracy of registered data Higher QoS for its users
13
Copyright © 2011 Japan Network Information Center 12 Discussions with operators Had panel discussions at our OPMs on “ Good relationship between routing and Internet Registry ” -Constant collaboration and information sharing would benefit both JPNIC and operators! Translate operational documents or routing related discussions outside JP Perhaps should consider giving inputs to policies outside APNIC region for anything that affects routing? Keep JP ISPs involved in RPKI while also maintaining QoS and stability of JPIRR Keep track of the impact of routing table growth after the transfer policy implementation and IPv4 run out Education and feedbacks from JP operators on routing integrity -Organize tutorial on routing security, get involved in IRS, IX meetings -Plan to hear opinions from our LIRs on RPKI
14
Copyright © 2011 Japan Network Information Center 13 Questions Any suggestions for collaboration between operations and Internet Registry ?
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.