Download presentation
Presentation is loading. Please wait.
Published byCorey Gray Modified over 9 years ago
1
Louisville, Kentucky 11 September 2012
2
ARIN Speakers Einar Bohlin, Senior Policy Analyst Tim Christensen, Quality Assurance Manager Jon Worley, Senior Resource Analyst Special Guest Bill Darte, ARIN Advisory Council
3
Today’s Agenda ARIN and Internet Governance Requesting and Managing Internet Number Resources Automating Your Interactions with ARIN IPv4 Depletion and IPv6 Adoption in the ARIN Region Number Resource Policies and Procedures Networking Lunch ARIN’s Policy Development Process Current Number Resource Policy Discussions Securing DNS and Routing: DNSSEC and RPKI IPv4 Transfer Market Why Participate in the ARIN Community? Q&A / Open Mic Session
4
Let’s Get Started! Self introductions – Name – Organization Suggestions for discussion topics – ARIN topic that you are especially interested in
5
ARIN and Internet Governance Einar Bohlin Senior Policy Analyst
6
What is an RIR? An RIR is an organization that manages the allocation and registration of Internet number resources within a particular region of the world. – Internet number resources include IP addresses and autonomous system (AS) numbers.
7
Regional Internet Registries
8
Historical Timeline
10
Not-for-profit Membership Organization Community Regulated Fee for services, not number resources 100% community funded Broad-based - Private sector - Public sector - Civil society Community developed policies Member-elected executive board Open and transparent RIR Structure
11
Number ResourcesOrganizationPolicy Development IP address allocation & assignment ASN assignment Directory services Whois IRR Reverse DNS Elections Meetings Information dissemination Website Newsletters Roundtables Training Maintain email discussion lists Conduct public policy meetings Publish policy documents RIR Services
12
The NRO exists to protect the unallocated number resource pool, to promote and protect the bottom-up policy development process, and to act as a focal point for Internet community input into the RIR system. Number Resource Organization
13
Who Provisions IP Addresses & ASNs? ICANN IANA Top level technical coordination of the Internet (Names, Numbers, Root Servers) Manage global unallocated IP address pool Allocate number resources to RIRs RIR Manage regional unallocated IP address pool Allocate number resources to ISPs/LIRs Assign number resources to End-users ISP/LIR Manage local IP address pool for use by customers and for infrastructure Allocate number resources to ISPs Assign number resources to End-users
14
Number Resource Provisioning Hierarchy ICANN / IANA (Internet Assigned Numbers Authority) Manage global unallocated IP address pool ISPs End Users ISPs RIRs (AfriNIC, APNIC, ARIN, LACNIC, RIPE NCC) Manage regional unallocated IP address pool Re-AllocateRe-Assign End Users Allocate AssignAllocate
15
"Applying the principles of stewardship, ARIN, a nonprofit corporation, allocates Internet Protocol resources; develops consensus- based policies; and facilitates the advancement of the Internet through information and educational outreach."
16
About ARIN One of five Regional Internet Registries (RIRs) Established December 1997 Provides services related to the technical coordination and management of Internet number resources Is a non-profit, community-based organization governed by a member-elected executive board
17
ARIN’s Service Region ARIN’s region includes Canada, many Caribbean and North Atlantic islands, and the United States.
18
ARIN Structure
19
ARIN’s Core Services Like the other RIRs, ARIN: – Allocates and assigns Internet number resources – Maintains Whois, in-addr.arpa, and other technical services – Facilitates policy development – Provides training, education and outreach – Participates in the global Internet community
20
2012 Community Outreach Events Upcoming Events include: – Caribbean Telecommunications Union ICT Roadshow – Barbados – ARIN on the Road (Louisville, Minneapolis) – Interop New York – ICANN 45 – NANOG 56 – Canadian ISP Summit
22
Internet Governance
23
Q&A
24
Jon Worley Senior Resource Analyst Requesting & Managing Internet Number Resources
25
Overview Request and Manage Number Resources – Recently Added ARIN Online Functionality – RESTful Provisioning Recently Implemented Policies Status of IPv4 Future Services
26
Major Changes in Functionality 1)Resource Requests 2)POC Validation 3)Reverse DNS Zone Management 4)DNSSEC 5)View Invoices 6)WhoWas
27
Requesting IP addresses & ASNs Via ARIN Online only Officer attestation for IP requests now done via a signed form (instead of email) Can no longer specify resource POCs or reverse DNS delegation in request
28
Annual POC Validation Annual validation of each POC handle required (NRPM 3.6) If an ARIN Online account is linked to any POC that has been unvalidated for 60+ days, the system forces validation by preventing the account from performing normal actions.
29
Reverse DNS All reverse zones managed individually now All zone management takes place inside ARIN Online or via REST calls (no templates!)
30
Reverse DNS in ARIN Online
32
Querying ARIN’s Whois Query for the zone directly: whois> 81.147.204.in-addr.arpa Name: 81.147.204.in-addr.arpa. Updated: 2006-05-15 NameServer: AUTHNS2.DNVR.QWEST.NET NameServer: AUTHNS3.STTL.QWEST.NET NameServer: AUTHNS1.MPLS.QWEST.NET Ref: http://whois.arin.net/rest/rdns/81.147.204.in-addr.arpa.
33
Reverse DNS ARIN issues blocks without any working DNS – Must establish delegations after registration
34
Reverse DNS Authority to manage reverse zones follows SWIP – “Shared Authority” model
35
Reverse DNS - Shared Authority Joe’s Bar and Grill has reassigned a /24 to HELLO WORLD. Both can manage the /24 zone.
36
DNSSEC Same interface as reverse DNS DS records generated by user Zone must have nameservers before you can add DS records
37
1)Paste DS Record 2)Parse DS Record 3)Apply
38
View Invoices Can now view paid and open invoices via ARIN Online Goes back 2 years Available to Admin, Tech, and Billing POC
39
WhoWas Made publicly available in March 2012 Historical Information for registration of IP addresses and AS numbers Provided as a series of TSV files in.zip Requires agreement to WhoWas ToU
40
Template Changes Resource request templates deprecated Transfers and SWIPs still done with templates API key required to authorize processing – Generated via ARIN Online – http://www.arin.net/features/api_keys.ht ml http://www.arin.net/features/api_keys.ht ml
41
Routing Registry Upgrade New software deployed 9/29/2011 Support for MD5-PW and PGP authentication Mail-from works a little differently – If you encounter problems, contact us directly for a manual upgrade
42
Q&A
43
Tim Christensen Quality Assurance Manager Automating Your Interactions with ARIN
44
REST – The New Services Three RESTful Web Services – Whois-RWS Exposes our public Whois data via REST – Reg-RWS (or Registration-RWS) Registration and maintenance of your data in a programmatic fashion – Bulk Whois Download of Bulk Whois is now done RESTfully
45
What is REST? Representational State Transfer As applied to web services – defines a pattern of usage with HTTP to create, read, update, and delete (CRUD) data – “Resources” are addressable in URLs Very popular protocol model – Amazon S3, Yahoo & Google services, …
46
The BIG Advantage of REST Easily understood – Any modern programmer can incorporate it – Can look like web pages Re-uses HTTP in a simple manner – Many, many clients – Other HTTP advantages This is why it is very, very popular with Google, Amazon, Yahoo, Twitter, Facebook, YouTube, Flickr, …
47
What does it look like? And who can use it? Where the data is. What type of data it is. The ID of the data. It is a standard URL. Go ahead, put it into your browser.
48
Where can more information on REST be found? RESTful Web Services – O’Reilly Media – Leonard Richardson – Sam Ruby
49
Whois-RWS Publicly accessible, just like traditional Whois Searches and lookups on IP addresses, AS numbers, POCs, Orgs, etc… Very popular – As of March 2012, constitutes 60% of our query load For more information: – http://www.arin.net/resources/whoisrws/inde x.html
50
Registration RESTful Web Service (Reg-RWS) Programmatic way to interact with ARIN – Intended to be used for automation – Not meant to be used by humans Useful for ISPs that manage a large number of SWIP records Requires an investment of time to achieve those benefits
51
Reg-RWS Requires an API Key – You generate one in ARIN Online Register and manage your data – But only your data More information – http://www.arin.net/resources/restful- interfaces.html http://www.arin.net/resources/restful- interfaces.html – We are working on enhanced documentation – to be released soon
52
Example – Reassign Detailed Your automated system issues a PUT call to ARIN using the following URL: http://www.arin.net/rest/net/NET-10-129-0-0-1/reassign?apikey=API-1234-5678-9ABC-DEFG The call contains the following data: 4 HW-1 A Reassigned 10.129.0.0 10.129.0.255 24 NET-10-129-0-0-1 HELLOWORLD
53
Example – Reassign Detailed ARIN’s web server returns the following to your automated system: 4 Tue Jan 25 16:17:18 EST 2011 HW-1 NET-10-129-0-0-2 A Reassigned 10.129.0.0 10.129.0.255 24 NET-10-129-0-0-1 netName>HELLOWORLD Reg date and net handle added
54
Reg-RWS Has More Than Templates Only programmatic way to do IPv6 Reassign Simple Only programmatic way to manage Reverse DNS Only programmatic way to access your ARIN tickets
55
Testing Your Reg-RWS Client We offer an Operational Test & Evaluation environment for Reg-RWS Your real data, but isolated – Helps you develop against a real system without the worry that real data could get corrupted. For more information: – http://www.arin.net/announcements/201 1/20110215.html http://www.arin.net/announcements/201 1/20110215.html
56
Obtaining RESTful Assistance ARIN Online’s Ask ARIN feature arin-tech-discuss mailing list – Make sure to subscribe – Someone on the list will help you ASAP – Archives on the web site Registration Services Help Desk telephone not a good fit – Debugging these problems requires a detailed look at the method, URL, and payload being used
57
Bulk Whois You must first sign an AUP – ARIN staff will review your need to access bulk Whois data Also requires an API Key More information – http://www.arin.net/resources/request/bu lkwhois.html http://www.arin.net/resources/request/bu lkwhois.html
58
Q&A
59
Jon Worley Senior Resource Analyst IPv4 Depletion and IPv6 Adoption in the ARIN Region
60
Inventory Report IANA IPv4 free pool now exhausted – ARIN received its last /8 from IANA in mid- February At that time, ARIN had ~5.49 /8 equivalents in its available pool Daily inventory published on ARIN’s web site – Now includes CIDR breakdown
61
ARIN’s IPv4 Inventory As of 6 September 2012, ARIN has 3.03 /8s of IPv4 addresses remaining 61 IPv4 inventory published on ARIN’s website: www.arin.net www.arin.net Updated daily @ 8PM ET
62
ARIN 2012 Requests for IPv4 Address Space (by category)
63
2012 IPv4 Delegations Issued by ARIN (listed in /24s)
64
IPv4 ISP Annual Burn Rate
65
ARIN’s IPv4 Free Pool
66
Corrected IPv4 Free Pool
67
Linear Depletion Projection
68
Run On The Bank Projection
69
ARIN’s IPv4 Countdown Plan Phased implementation Phase 2: 3 /8 Equivalents Left – /16 and larger requests team-reviewed in a first in, first out fashion – 60 days to complete payment/RSA for IPv4 requests – IPv4 hold period moves from 6 to 3 months
70
ARIN’s IPv4 Countdown Plan Phase 3: 2 /8 Equivalents Left – Examine process changes implemented in phase 2 and adjust as necessary Phase 4: 1 /8 Equivalent Left – All IPv4 requests team-reviewed and processed on a first in, first out basis – IPv4 hold period drops to 1 month
71
IPv4 Waiting List Starts when ARIN can’t fill a justified request Option to specify smallest acceptable size If no block available between approved and smallest acceptable size, option to go on the waiting list May receive only one allocation every three months
72
IPv4 Churn IPv4 addresses go back into ARIN’s free pool 3 ways – Return = voluntary – Revoke = for cause (usually nonpayment) – Reclaimed = fraud or business dissolution 3.54 /8s received back since 2005 – /8 equivalent returned to IANA in 2012
73
Burn Rate vs. Churn Rate
74
ARIN 2012 IPv6 Address Allocations & Requests
75
IPv4 vs IPv6 Subscribers Total of 4,190 ISP Subscriber Members *as of 6 Sept 2012
76
ISP Members with IPv4 and IPv6
77
The Solution to IPv4 Depletion IPv6 must be adopted for continued internet growth Now is the time to deploy IPv6
78
Interest in IPv6 ARIN IPv6 Address Requests
79
IPv6 on the Rise ARIN IPv6 Allocations and Assignments
80
Everyone needs an IPv6 Plan Each organization must decide on a unique IPv6 deployment plan right for them – Timeline will vary – Investment level will vary
81
Your IPv6 Check List IPv6 address space IPv6 connectivity (native or tunneled) Operating systems, software, and network management tool upgrades Router, firewall, and other hardware upgrades IT staff and customer service training
82
Take steps toward IPv6 Visit the ARIN IPv6 Info Center www.arin.net/knowledge/ipv6_info_center.html
83
Resources www.ARIN.net www.GetIPv6.info www.TeamARIN.net http://www.InternetSociety.org/ Deploy360/ http://www.NANOG.org/archives/
84
Q&A
85
Jon Worley Senior Resource Analyst Number Resource Policies and Procedures
86
3 Month Supply For ISPs Prior to IANA IPv4 exhaustion, experienced ISPs could get a 12 month supply Dropped to 3 month supply immediately upon IANA exhaustion
87
IPv6 End-user Changes Before: Block size based on HD-Ratio – Complex (used logarithms) After: Block size based solely on number of sites within a network Number of SitesBlock Size Justified 1/48 2-12/44 13-192/40 193-3,072/36 3,073-49,152/32
88
IPv6 End User Block Sizes * Since new policy implemented on 3/16/2011
89
Better IPv6 Allocation for ISPs Block size based on three things: – number of serving sites – number of customers at largest serving site – prefix length to be assigned to customers Nibble-aligned Can request a second initial allocation Not required to deploy in this manner
90
IPv6 ISP Block Sizes * Since new policy implemented 9/27/2011
91
Standardize IP Reassignment Registration Requirements Abuse contact required Residential ISPs with dynamic pools: – must submit SWIP information for each market area – must show 80% assigned with a 50-80% utilization rate across markets IPv6 /64 and larger static reassignments must be visible via SWIP/RWhois
92
IPv6 Subsequent Allocations for Transitional Technologies Additional allocation for IPv4 -> IPv6 transitional technology (usually 6rd) /24 maximum allocation – Allows a typical ISP to map a /56 to each of their existing IPv4 addresses in a 6rd deployment 8 allocations issued – 2 /24s, 2 /28s, 4 /32s
93
M&A Transfer Changes Must develop a plan to show justified use via growth, returning resources, or transferring unused IPv4 addresses to another org
94
Q&A
95
Today’s Agenda ARIN and Internet Governance Requesting and Managing Internet Number Resources Automating Your Interactions with ARIN IPv4 Depletion and IPv6 Adoption in the ARIN Region Number Resource Policies and Procedures Networking Lunch ARIN’s Policy Development Process Current Number Resource Policy Discussions Securing DNS and Routing: DNSSEC and RPKI IPv4 Transfer Market Why Participate in the ARIN Community? Q&A / Open Mic Session
96
Einar Bohlin Senior Policy Analyst ARIN’s Policy Development Process
97
Policy Development Process (PDP) Flowchart Proposal Template Archive Movie http://www.arin.net/policy/pdp.html
98
Policy Development Principles Open – Developed in open forum Public Policy Mailing List Public Policy Meetings – Anyone can participate Transparent – All aspects documented and available on website Policy process, meetings, and policies Bottom-up – Policies developed by the community – Staff implements, but does not make policy
99
Who Plays a Role in the Policy Process? Community – Submit proposals – Participate in discussions and petitions Advisory Council (elected volunteers) – Facilitate the policy process – Develop policy that is “clear, technically sound and useful” – Determine consensus based on community input
100
Roles… ARIN Board of Trustees (elected volunteers) – Provide corporate fiduciary oversight – Ensure the policy process has been followed – Ratify policies ARIN Staff – Provide feedback to community Staff and legal assessments for all proposals Policy experience reports – Implement ratified policies
101
Basic Steps 1.Community member submits a proposal 2.Community discusses the proposal on the “List” 3.AC creates a draft policy or abandons the proposal 4.Community discusses the draft policy on the “List” and at the meeting 5.AC conducts its consensus review 6.Community performs last call 7.Board adopts 8.Staff implements
102
Petitions Anyone dissatisfied with a decision by the AC can petition in order to keep a proposal moving forward – Occurs between proposal and draft policy stage – 5 day petition period – Needs 10 different people from 10 different organizations to publicly support the petition
103
Number Resource Policy Manual NRPM is ARIN’s policy document – Version 2012.3 (31 July 2012) – 27th version Contains Change Logs HTML/PDF/txt http://www.arin.net/policy/nrpm.html
104
Policies in the NRPM IPv4 Address Space IPv6 Address Space Autonomous System Numbers (ASNs) Directory Services (Whois) Reverse DNS (in-addr) Transfers Experimental Assignments Resource Review Policy
105
References Policy Development Process http://www.arin.net/policy/pdp.html http://www.arin.net/policy/pdp.html Draft Policies and Proposals http://www.arin.net/policy/proposals/index.html http://www.arin.net/policy/proposals/index.html Number Resource Policy Manual http://www.arin.net/policy/nrpm.html http://www.arin.net/policy/nrpm.html
106
Q&A
107
Current Number Resource Policy Discussions Einar Bohlin Senior Policy Analyst
108
Current Draft Policies and Proposals 5 Active Draft Policies – On the list for adoption discussion; to be presented at upcoming Public Policy Meeting 1 Policy Proposal – Newer items; under development
109
Draft Policies ARIN-2012-5: Removal of Renumbering Requirement for Small Multihomers IPv4: Removes a renumbering requirement that affects small, multihomed end users. ARIN-2012-7: Reassignments for Third Party Internet Access (TPIA) over Cable IPv4: Makes it easier for certain ISPs to get subsequent IPv4 allocations. ARIN-2012-6: Revising Section 4.4 C/I Reserved Pool Size IPv4: Increases the reserve for critical infrastructure from a /16 to a /15. Text available at: https://www.arin.net/policy/proposals/
110
Draft Policies… ARIN-2012-2: IPv6 Subsequent Allocations Utilization Requirement IPv6: Makes it easier for ISPs to get subsequent allocations. ARIN-2012-8: Aligning 8.2 and 8.3 Transfer Policy Transfer Policy: Adds some of the 8.3 criteria to 8.2 transfers. Text available at: https://www.arin.net/policy/proposals/
111
Proposals ARIN-prop-180 ISP Private Reassignment – Directory Services: Creates an “unlisted number” state which ISPs may apply to some of their customer IP network address records. Text available at: https://www.arin.net/policy/proposals/
112
How Can You Get Involved? There are two methods to voice your opinion: – Public Policy Mailing List – Public Policy Meeting (in person or remotely)
113
ARIN Meetings Two meetings a year Check the ARIN Public Policy Meeting site 4- 6 weeks prior to meeting – Proposals/Draft Policies on Agenda – Discussion Guide (summaries and text) – Attend in Person/ Remote Participation AC meeting last day – Watch list for AC’s decisions – Last Calls – For or against?
114
Public Policy Mailing List (PPML) Open to anyone Easy to subscribe to Contains: ideas, proposals, draft policies, last calls, announcements of adoption and implementation, and petitions Archived RSS feed https://www.arin.net/participate/mailing_lists/index.html
115
References Draft Policies & Proposals – https://www.arin.net/policy/proposals/index.html https://www.arin.net/policy/proposals/index.html ARIN Public Policy Mailing List – https://www.arin.net/participate/mailing_lists/index.html https://www.arin.net/participate/mailing_lists/index.html
116
Q&A
117
Securing DNS and Routing: DNSSEC and RPKI Tim Christensen Quality Assurance Manager
118
Agenda DNSSEC – a brief update RPKI – the major focus – What is it? – What it will look like within ARIN Online?
119
Why are DNSSEC and RPKI important? Two critical resources – DNS – Routing Hard to tell when resource is compromised Focus of ARIN-region government funding
120
What is DNSSEC? DNS responses are not secure – Easy to spoof – Notable malicious attacks DNSSEC attaches signatures – Validates responses – Can not spoof
121
Changes required to make DNSSEC work Signing in-addr.arpa., ip6.arpa., and delegations that ARIN manages Provisioning of DS Records – ARIN Online – RESTful interface (deployed July 2011)
122
Using DNSSEC in ARIN Online Available on ARIN’s website http://www.arin.net/knowledge/dnssec/
123
RPKI Pilot Available since June 2009 – ARIN-branded version of RIPE NCC software http://rpki-pilot.arin.net > 50 organizations participating Shutting down with the deployment of Productional RPKI system on 15 Sept 2012
124
What is RPKI? Attaches certificates to network resources – AS Numbers – IP Addresses Allows ISPs to associate the two – Route Origin Authorizations (ROAs) – Follow the address allocation chain to the top
125
What is RPKI? Allows routers to validate Origins Start of validated routing Need minimal bootstrap info – Trust Anchors – Lots of focus on Trust Anchors
126
What does RPKI Create? It creates a repository – RFC 3779 (RPKI) Certificates – ROAs – CRLs – Manifest records – Supports “ghostbusters” records
127
Repository View./ba/03a5be-ddf6-4340-a1f9-1ad3f2c39ee6/1: total 40 -rw-r--r-- 1 143 143 1543 Jun 26 2009 ICcaIRKhGHJ-TgUZv8GRKqkidR4.roa -rw-r--r-- 1 143 143 1403 Jun 26 2009 cKxLCU94umS-qD4DOOkAK0M2US0.cer -rw-r--r-- 1 143 143 485 Jun 26 2009 dSmerM6uJGLWMMQTl2esy4xyUAA.crl -rw-r--r-- 1 143 143 1882 Jun 26 2009 dSmerM6uJGLWMMQTl2esy4xyUAA.mnf -rw-r--r-- 1 143 143 1542 Jun 26 2009 nB0gDFtWffKk4VWgln-12pdFtE8.roa A Repository Directory containing an RFC3779 Certificate, two ROAs, a CRL, and a manifest
128
Repository Use Pull down these files using “rcynic” Validate the ROAs contained in the repository Communicate with the router marking routes “valid”, “invalid”, “unknown” Up to ISP to use local policy on how to route
129
Possible Flow RPKI Web interface -> Repository Repository aggregator -> Validator Validated entries -> Route Checking Route checking results -> local routing decisions (based on local policy)
130
AFRINICRIPE NCCAPNICARINLACNIC LIR1 ISP2 ISP ISP4ISP Issued Certificates Resource Allocation Hierarchy Route Origination Authority “ISP4 permits AS65000 to originate a route for the prefix 192.2.200.0/24” Attachment: Signed, ISP4 Route Origination Authority “ISP4 permits AS65000 to originate a route for the prefix 192.2.200.0/24” Attachment: Signed, ISP4 ICANN Resource Cert Validation
131
AFRINICRIPE NCCAPNIC ARIN LACNIC LIR1 ISP2 ISP ISP4 ISP Resource Allocation Hierarchy Route Origination Authority “ISP4 permits AS65000 to originate a route for the prefix 192.2.200.0/24” Attachment: Signed, ISP4 Route Origination Authority “ISP4 permits AS65000 to originate a route for the prefix 192.2.200.0/24” Attachment: Signed, ISP4 1. Did the matching private key sign this text? ICANN Resource Cert Validation Issued Certificates
132
AFRINICRIPE NCCAPNIC ARIN LACNIC LIR1 ISP2 ISP Route Origination Authority “ISP4 permits AS65000 to originate a route for the prefix 192.2.200.0/24” Attachment: Signed, ISP4 Route Origination Authority “ISP4 permits AS65000 to originate a route for the prefix 192.2.200.0/24” Attachment: Signed, ISP4 ISP ISP4 2. Is this certificate valid? ISP Issued Certificates Resource Allocation Hierarchy ICANN Resource Cert Validation
133
AFRINICRIPE NCCAPNIC ARIN LACNIC LIR1 ISP2 ISP Route Origination Authority “ISP4 permits AS65000 to originate a route for the prefix 192.2.200.0/24” Attachment: Signed, ISP4 Route Origination Authority “ISP4 permits AS65000 to originate a route for the prefix 192.2.200.0/24” Attachment: Signed, ISP4 ISP ISP4 ISP Issued Certificates Resource Allocation Hierarchy ICANN 3. Is there a valid certificate path from a Trust Anchor to this certificate? Resource Cert Validation
134
Why is RPKI taking awhile? Intense review of liabilities by legal team and Board of Trustees created additional requirements at ARIN XXVI Two new big requirements – Non-repudiation in ROA generation for hosted CAs – Thwart “Evil Insider” (rogue employee) from making changes
135
General Architecture of RPKI Registration Interface ARIN Online Database Persistence RPKI Engine HSM Tight coupling between resource certificate / ROA entities and registration dataset at the database layer. Once certs/ROAs are created, they must be maintained if the registered dependents are changed.
136
Development before ARIN XXVI ARIN Online Database Persistence RPKI Engine HSM With a few finishing touches, ready to go Jan 1, 2011 with Hosted Model, Delegated Model to follow end of Q1. Highly influenced by RIPE NCC entities. RIPE NCC RPKI Engine with a few tweaks. Sun SCA 6000 Everything is Java, JBoss, Hibernate.
137
Changes Underway Since ARIN XXVI ARIN Online Database Persistence RPKI Engine HSM Minor changes. Message driven engine which delegates to the HSM. Custom programming on IBM 4764’s to enable all DER encoding and crypto. In-browser ROA request signing via AJAX. HSM coding is in C as extensions to IBM CCA. Libtasn1 used for DER encoding.
138
Why did RPKI take awhile?
144
Updates within RPKI outside of ARIN The four other RIRs are in production with Hosted CA services Major routing vendor support being tested Announcement of public domain routing code support
145
ARIN Status Hosted CA deployment scheduled for 15 Sept 2012 Delegated CA work underway now and anticipated completion in 2013Q1
146
Why is this important? Provides more credibility to identify resource holders Helps in the transfer market to identify real resource holders Bootstraps routing security
147
Q&A
148
IPv4 Transfer Market Jon Worley Senior Resource Analyst
149
Transfers to Specified Recipients Org releasing resources must not have received IPv4 from ARIN in the past 12 months and may not request additional IPv4 for 12 months Recipient must qualify to receive resources under ARIN policy Recipient may receive up to a 24 month supply
150
IPv4 Specified Recipient Transfers 34 transfers completed (20,047 /24s) Transactions typically arranged through IPv4 brokers
151
Inter-RIR Transfers From ARIN RIR must have reciprocal, compatible needs-based Inter-RIR transfer policy – Currently: APNIC Org releasing resources must not have received IPv4 from ARIN within the past 12 months Recipient must meet other RIR’s Inter- RIR transfer policy requirements
152
Inter-RIR Transfers To ARIN RIR must have reciprocal, compatible needs-based Inter-RIR transfer policy – Currently: APNIC Recipient must qualify to receive resources under current policy Recipient may request up to a 24 month supply
153
Inter-RIR Transfer Notes None requested thus far ARIN & APNIC for now Expectation is primarily ARIN to APNIC given the early exhaustion of IPv4 in the APNIC region
154
STLS 3 ways to participate – Listers: have available IPv4 addresses – Needers: looking for more IPv4 addresses – Facilitators: available to help listers and needers find each other Major Uses – Matchmaking – Obtain preapproval for a transaction arranged outside STLS
155
Misconceptions IPv4 transactions will never be allowed – Transfer of unused IPv4 started June 2009 It’s a trap! – This isn’t a sting operation ARIN recognizes all IPv4 transactions – Must meet policy requirements
156
Tips and Tricks Involve ARIN as early as possible – Make sure a contemplated transfer meets ARIN requirements before finalizing Use ARIN’s STLS to pre-qualify ISPs must still show efficient use of all previous allocations and 80% of their most recent allocation
157
More Tips and Tricks 12 month waiting period – Prevents “flipping” of IPv4 – Can’t release unused addresses if you have received IPv4 from ARIN or via specified transfer in the past 12 months – Can’t get more IPv4 addresses from ARIN or via specified transfer for 12 months after releasing unused IPv4
158
Other Notes ISPs can receive 24 month supply via transfer vs 3 month supply from ARIN ARIN still has IPv4 addresses and will have a post-depletion waiting list IPv6 transition still required
159
Q&A
160
Why Participate in the ARIN Community? Einar Bohlin Senior Policy Analyst
161
Learn More and Get Involved Your participation Important, critical, needed, appreciated… Get Involved in ARIN Public Policy Mailing List ARIN Suggestion and Consultation Process Member Elections Public Policy and Members Meetings http://www.arin.net/participate/
162
ARIN Mailing Lists ARIN Consultation - arin-consult@arin.netarin-consult@arin.net Open to the general public. Used in conjunction with the ARIN Consultation and Suggestion Process (ACSP) to gather comments, this list is only open when there is a call for comments ARIN Issued - arin-issued@arin.netarin-issued@arin.net Read-only list open to the general public. Used by ARIN staff to provide a daily report of IPv4 and IPv6 addresses returned and IPv4 and IPv6 addresses issued directly by ARIN or address blocks returned to ARIN's free pool. ARIN Technical Discussions - arin-tech-discuss@arin.netarin-tech-discuss@arin.net Open to the general public. Provided for those interested in providing technical feedback to ARIN on experiences in the use or evaluation of current ARIN services and features in development. http://www.arin.net/participate/mailing_lists/index.html ARIN Announce: arin-announce@arin.net ARIN Discussion: arin-discuss@arin.net ARIN Public Policy: arin-ppml@arin.net ARIN Consultation: arin-consult@arin.net ARIN Issued: arin-issued@arin.net ARIN Technical Discussions: arin-tech-discuss@arin.net Suggestions: arin-suggestions@arin.net
163
ARIN Consultation & Suggestion Process 2012 Closed Suggestion Archive as of 29 August 2012 2012.3 Add language to STLS TOS/AUP Closed 07 May 2012 Add language to STLS TOS/AUP 2012.4 Street Addreess Requirement Closed 21 May 2012 Street Addreess Requirement 2012.6 Add Suggestion Text to ACSP Announcements Implemented 30 April 2012 2012.7 Free Pool Netblock Distribution Statistics Implemented 07 June 2012 Add Suggestion Text to ACSP AnnouncementsFree Pool Netblock Distribution Statistics 2012.8 Officer Attestation Acknowledgements Implemented 30 May 2012 Officer Attestation Acknowledgements 2012.10 Publish NRPM in plain text Implemented 01 June 2012 Publish NRPM in plain text 2012.13 Customer identity not required on /29 and smaller reassignments Closed 30 July 2012 Customer identity not required on /29 and smaller reassignments 2012.14 Website Deactivation Request Closed 06 August 2012Website Deactivation Request Prioritization at ARIN meetings. https://www.arin.net/participate/acsp/index.html
164
Get Involved in Internet Governance 164
166
Current Environment Internet Governance
167
International Telecommunication Union (ITU)
168
ITU Sectors Radiocommunication (ITU-R) – Coordinates radiocommunication services, radio-frequency spectrum, and satellite orbits Telecommunication Standardization (ITU-T) – Produces standards for operation of ICT networks *ARIN a member Telecommunication Development (ITU-D) – Focuses on capacity building to increase access to infrastructure and ICT services worldwide *ARIN a member
169
Current Environment Internet Governance
170
ITU Conducts WCIT
171
What Will Happen at WCIT? Only member states can submit proposals and make decisions on edits & additions to ITRs Result a government- negotiated global treaty
172
Treaty Expansions Overall structure & economics of Internet Number resource management process – Including IP address allocation Internet Exchange Points (IXPs) – Add terms hub, hubbing, transit center Internet networks – Modify Quality of Service (QoS) language Internet interconnectivity – Peering agreements
173
Treaty Expansions Procedural directives in a high-level treaty document New definition of telecommunications to include Internet traffic Required compliance with ITU – Mandatory Recommendations
174
Treaty Expansions Restricted community involvement Hindered Internet evolution – Definition of misuse and fraud Content Regulation – Definition of SPAM
175
How Can You Get Involved? Get informed – ITRs: http://www.itu.int/oth/T3F01000001 http://www.itu.int/oth/T3F01000001 – ARIN’s website: https://www.arin.net/participate/governance/index.html https://www.arin.net/participate/governance/index.html Contribute to ITU public consultation – http://www.itu.int/en/wcit-12/Pages/public.aspx http://www.itu.int/en/wcit-12/Pages/public.aspx Discuss with your government Advocate – Public debate, online forums, etc.
176
Current Environment Internet Governance
177
Internet Governance Forum Discussion of Internet public policy issues Many stakeholders – Equal opportunity & voice for developing and developed countries Provides info and insight for public & private sector policy makers – No negotiated outcomes 7 th Annual IGF – Baku, Azerbaijan, 6-9 Nov 2012 – Internet Governance for Sustainable Human, Economic and Social Development
178
You Can Participate in the IGF Open to all Access all IGF materials at: – http://www.intgovforum.org http://www.intgovforum.org 2012 IGF – List of current workshops: http://www.intgovforum.org/cms/w2012/proposals http://www.intgovforum.org/cms/w2012/proposals – Webcast for remote participation
179
For More Information on Joining in the Internet Governance Discussion Visit ARIN’s webpage: Ways to Participate in Internet Governance https://www.arin.net/participate/governance/participate.html
180
The Discussion Continues… Internet governance discussions won’t end in 2012! Already, the World Telecommunication/ICT Policy Forum (WTPF) is scheduled for 2013 Keeping up with the debate is important for all Internet stakeholders
182
Next ARIN Meetings Discuss policies Attend tutorials Enjoy social events Network with colleagues Participate remotely Your registration fee for ARIN XXX will be waived for attending today www.arin.net/participate/meetings Apply for the fellowship to attend an ARIN meeting for free! Spring 2013 – stay tuned
183
ARIN on Social Media www.TeamARIN.net www.facebook.com/TeamARIN www.twitter.com/TeamARIN www.gplus.to/TeamARIN www.linkedin.com/groups?gid=834217 www.youtube.com/TeamARIN
184
Q&A / Open Mic Session
185
Fill out & submit the survey for your chance to win a $200 Amazon Gift Card!
186
Ask ARIN ARIN staff available until 4:00 PM Ask us your questions one-on-one
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.