The Internet Registry System

1
The Internet Registry System

• CEENet Workshop
• Budapest, August 2000
• Vesna Manojlovic, RIPE NCC
• BECHA_at_ripe.net

2
Overview

• RIPE
• RIPE NCC
• Internet Governance
• Global Internet Registry System
• IP address distribution registration
• IPv6
• RIPE Database
• Reverse DNS Delegation

3
Questions always welcome!
4
Reseaux IP Européens
5
What is RIPE?

• Reseaux IP Européens (1989)
• forum for network engineers to discuss technical
  issues
• RIPE is
• service provider forum
• open for everybody
• voluntary participation, no fees
• works by consensus
• encourages face-to-face discussion
• acts like an interest group supporting Internet
  community
• but has NO legal power

6
How RIPE Works

• RIPE chair ltchair_at_ripe.netgt
• Chair Rob Blokzijl (Nikhef)
• How does it work?
• Working groups
• Mailing lists
• Meetings

7
Join RIPE Working Groups

• Local Internet Registries (LIR)
• RIPE Database (DB)
• IP version 6 (IPv6)
• European Internet Exchange Forum (EIX)
• Routing / MBONE
• Domain Name System (DNS)
• NETNEWS Co-ordination
• Anti-Spam
• Test-Traffic Project
• European Operators Forum (EOF)
• RIPE does NOT develop Internet Standards

8
Global Context
World-wide Internet Technical Development
Standards Body World-wide Operators
Forum EU Operators USA
Operators Asian
Operators
IETF
IEPG
NANOG
RIPE
APRICOT
9
Subscribe to RIPE Mailing Lists

• General announcement list
• ltripe-list_at_ripe.netgt
• Working group lists
• ltlir-wg_at_ripe.netgt
• ltdns-wg_at_ripe.netgt
• etc.
• For more information
• Send help to ltmajordomo_at_ripe.netgt
• Join the mailing lists and get informed
• http//www.ripe.net/info/maillists.html

10
RIPE Meetings

• 3 times a year
• 3.5 day long
• 300 participants
• Working group meetings
• Plenary
• Presentations
• Long breaks
• Informal chats
• Terminal room
• IPv4, IPv6 and wireless connectivity

11
Come to RIPE Meetings

• Keep up to date with Internet developments
• Meet others in the business
• Gather information, tips, ideas
• Influence directions in Internet administration
• in RIPE NCC service region and beyond
• Next meeting RIPE 37
• Amsterdam, 12-15. September 2000
• ltmeeting_at_ripe.netgt

12
RIPE Meeting Attendees in 1999
other
Total 857
13
RIPE Meeting Attendance per Organisational
Category 1999
14
RIPENetwork Coordination Centre
15
What is the RIPE NCC?

• Not-for-profit association under Dutch law
• 8 years of history
• 2000 members (mainly ISPs, but open to anyone)
• Co-ordination and support services for ISPs

16
Why a NCC ?

• RIPE participation was increasing
• Too much RIPE work done on a voluntary basis
• Activities require continuity co-ordination
• Neutrality and impartiality is important
• Contact point inside outside RIPE region

17
RIPE NCC History

• April 1992 Birth of the RIPE NCC
• TERENA legal umbrella
• September 1992 RIR Function
• 1995 Contributing Local IRs
• 1998 Independent Organisation
• not-for-profit association under Dutch law
• General Assembly of all members
• Executive Board of elected nominees
• http//www.ripe.net/annual-report/99ar.html

18
Vital Statistics

• Statistics 1992
• 3 staff members
• No Local IRs
• 182,528 hosts in European Internet
• 7,955 objects in RIPE database (June 92)
• Statistics Now
• 62 staff (21 nationalities)
• 2,018 participating Local IRs
• 11,390,000 countable hosts in the RIPE NCC
  region
• 3,041,650 objects in the database

19
gt 2 New Members per Day
20
New LIRs in 2000
21
RIPE NCC Member Services

• Registration Services
• IPv4 addresses
• IPv6 addresses
• AS numbers
• Reverse domain name delegation
• LIR Training Courses

22
RIPE NCC Public Services

• Co-ordination
• RIPE support
• RIPE database maintenance
• Routing Registry Maintenance (RR)
• Liaison with
• LIRs / RIRs / ICANN / etc
• Information dissemination
• Special Projects
• Test Traffic
• Routing Information Service (RIS)
• Routing Registry Consistency (RR)

23
Formal Decision Making

• Consensus Model
• RIPE proposes activity plan
• RIPE NCC proposes budget to accompany
  activity plan
• General Assembly votes on both
• activities and budget at yearly meeting

24
Internet Governance
25
Authority in the Net??

• The Internet Corporation for Assigned Names and
  Numbers (ICANN) is the non-profit corporation
  that was formed to assume responsibility for the
  IP address space allocation, protocol parameter
  assignment, domain name system management, and
  root server system management functions now
  performed under U.S. Government contract by IANA
  and other entities.

26
Developments in Internet Governance

ICANN
PSO
ASO
DNSO
At Large
RIPE NCC
ARIN
APNIC
RIPE
APNIC mtg.
ARIN mtg.
27
Address Supporting Organization

• RIR agreed on a proposal
• Simple model
• MoU between ICANN and RIRs
• Policies set through existing regional processes
• Address Council established
• oversee policy development processes
• select ICANN directors (open process)
• http//www.aso.icann.org

28
Global Internet Registry System
29
Goals of the Internet Registry System

• Fair distribution of address space
• Conservation
• prevention of stockpiling of addresses
• Aggregation
• hierarchical distribution of globally unique
  address space
• permits aggregation of routing information
• Registration
• provision of public registry
• ensures uniqueness and enables troubleshooting

30
Service Regions
31
Address Distribution
RIR
/8
ISP / End Users
/32
Anybody with a network/host
32
Address Space Usage
60 97 40,1 96,5 97 98
33
Terminology

• Allocation
• address space given to registries which is held
  by them to assign to customers
• Assignment
• address space given to end-users for use in
  operational networks

/20 allocation 4096 addresses
assignment
assignment
34
Classful Notation
network
host
8
16,777,216
0
Class A
0.0.0.0 - 127.255.255.255
16
10
65,536
Class B
128.0.0.0 - 191.255.255.255
Class C

• Obsolete because of
• depletion of B space
• too many routes from C space
• Solution
• Classless Inter Domain Routing
• hierarchical address space allocation

35
Classless Notation
Addresses
Prefix
Classful
Net Mask
...
...
...
...
/29
8
255.255.255.248
16
/28
255.255.255.240
32
/27
255.255.255.224
64
/26
255.255.255.192
128
/25
255.255.255.128
256
/24
1 C
255.255.255.0
...
...
...
...
4096
/20
16 Cs
255.255.240.0
8192
/19
32 Cs
255.255.224
16384
/18
64 Cs
255.255.192
32768
/17
128 Cs
255.255.128
65536
/16
1 B
255.255.0.0
...
...
...
...
36
How to get IP addresses?

• Go to your Local Internet Registry
• Your provider is probably one or is connected to
  one
• http//www.ripe.net/lir/registries/europe.html
• If you are a provider and think you may need to
  be an LIR?
• Contact RIPE NCC ltnew-lir_at_ripe.netgt

37
Becoming a LIR

• Complete application form (ripe-212)
• Provide Reg-ID contact persons
• Read relevant RIPE documents
• Sign service agreement (ripe-191)
• agreed to follow policies and procedures
• Pay sign-up yearly fee
• ltbilling_at_ripe.netgt

38
Obtaining IP AddressesThrough Existing LIR
39
Providing Information (1)

• Overview of organisation
• information relevant to the address space request
• name and location of the organisation?
• organisation activities?
• what is the structure?
• does it have subsidiaries and where?
• how many departments?
• for what part of the company are the addresses
  requested?
• Possible additional information
• pointer to web site
• deployment plan
• special technologies
• purchase receipts

40
Providing Information (2)

• Design of the network
• how many physical segments it will consist of?
• what is each segment going to be used for?
• including equipment used
• how many hosts are in each segment?
• expectations of growth
• topology map
• Utilisation and efficiency guidelines
• 25 immediately, 50 in one year
• operational needs no reservations
• Can address space be conserved by using
• different subnet sizes?
• avoiding padding between subnets?
• Any address space already in use?
• returning and renumbering? (encouraged)

41
Addressing Plan
dynamic dial-up Amsterdam web/mail/ftp servers
Amsterdam customers servers Amsterdam training
room LAN Amsterdam Amsterdam office LAN
(1) dynamic dial-up Utrecht web/mail/ftp
servers Utrecht Inet cafe Utrecht training room
LAN Utrecht
255.255.255.128 255.255.255.224
255.255.255.240 255.255.255.240
255.255.255.192 255.255.255.128
255.255.255.224 255.255.255.240
255.255.255.240
0.0.0.0 0.0.0.128 0.0.0.160
0.0.0.176 0.0.0.192 0.0.1.0 0.0.1.128
0.0.1.160 0.0.1.176
128 32 16 16 64 128 32 16
16 448
Relative Subnet Mask Size Imm 1yr
2yr Description Prefix
100 10 8 14 24 0
0 14 0
100 12 10 14 35 100 12 14 0
100 16 13 14 50
100 25 14 10
170 297 342 Totals
(1) Office LAN workstations, router, 2
printers and 1 fileserver
42
Request Overview
request-size 448 addresses-immediate
170 addresses-year-1 297
addresses-year-2 342 subnets-immediate 6
subnets-year-1 8 subnets-year-2 9
inet-connect YES, already connected to
UpstreamISP country-net NL
private-considered Yes
request-refused NO PI-requested NO
address-space-returned 195.20.42.0/25, to
UpstreamISP, in 3 months
43
Private Address Space

• RFC-1918 (Address Allocation for Private
  Internets)
• Suitable for
• partial connectivity
• limited access to outside services
• can use application layer gateways (fire walls,
  NAT)
• Motivation
• saves public address space
• allows for more flexibility
• security

44
IPv6
45
Why IPv6?

• Next generation protocol
• scalability -- 128 bits addresses
• security
• dynamic hosts numbering
• Interoperable with IPv4
• simple and smooth transition
• hardware vendors
• applications
• Testbed for deployment of IPv6
• www.6bone.net

46
IPv6 Introduction

• Current format boundaries
• -3--13---13--6---13---16--------64
  bits-----
• -----------------------------------------
  ---
• FP-TLA--sub-Res-NLA---SLA----Interface
  ID---
• ---ID---TLA------ID---ID------------------
  --
• ----public topology -----site------Interface--
  --
• ------------------------------------------
  --
• /23 /29 /35 /48 /64
• Classfull another level of hierarchy
• Hexadecimal representation of addresses
• IANA allocations
• APNIC 20010200/23 (12 subTLAs)
• ARIN 20010400/23 ( 4 subTLAs)
• RIPE NCC 20010600/23 (19 subTLAs)

47
IPv6 Allocations

• Draft allocation guidelines
• provisional bootstrap criteria
• currently under revision by community
• ipv6-wg_at_ripe.net lir-wg_at_ripe.net
• Initial allocation to LIRs
• /35 subTLA
• 13 bits of NLA space 16 bits of SLA space
• whole /29 subTLA reserved
• http//www.ripe.net/ripencc/mem-services/registrat
  ion/ipv6/ipv6.html

48
The RIPE DatabaseIts usage and its usefulness
49
RIPE Database (1)

• Public Network Management Database
• Information about objects
• IP address space inetnum, inet6num
• reverse domains domain
• routing policies route, aut-num
• contact details person, role, maintainer

50
RIPE Database (2)

• Software Management
• server and client
• NOT relational
• RIPE NCC
• Database Working Group (RIPE community)
• Data Management
• LIRs
• other users
• RIPE NCC
• Information content not responsibility of RIPE
  NCC
• Strong protection mechanisms not default

51
Querying RIPE Database

• RIPE whois server
• whois -h whois.ripe.net (UNIX command line
  queries)
• telnet whois.ripe.net
• RIPE whois client
• ftp//ftp.ripe.net/ripe/dbase/software/ripe-dbase-
  2.2.1.tar.gz
• Glimpse full text search
• http//www.ripe.net/cgi-bin/ripedbsearch
• Web interface
• http//www.ripe.net/cgi-bin/whois
• Database documentation
• http//www.ripe.net/db/
• http//www.ripe.net/docs/ripe-157.html
• http//www.ripe.net/docs/ripe-189.html

52
Search keys (Look-up Keys)

• person name, nic-hdl, e-mail
• role name, nic-hdl, e-mail
• maintainer maintainer name
• inetnum network number, network name
• domain domain name
• aut-num AS number
• as-macro AS-macro name
• route route value
• Network number and route value are classless
• Network name is a search key, but not unique

53
person Object

• person Mirjam Kuehne
• address RIPE NCC
• address Singel 258
• address NL - 1016 AB Amsterdam
• address Netherlands
• phone 31 20 535 4444
• fax-no 31 20 535 4445
• e-mail mir_at_ripe.net
• nic-hdl MK16-RIPE
• notify mir_at_ripe.net
• mnt-by RIPE-NCC-MNT
• changed mir_at_ripe.net 19950411
• changed mir_at_ripe.net 19970616
• source RIPE

54
role Object

• whois -h whois.ripe.net -t role
• role mandatory single
  primary/look-up key
• address mandatory multiple
  
• phone optional multiple
  
• fax-no optional multiple
  
• e-mail mandatory multiple
  look-up key
• trouble optional multiple
  
• admin-c mandatory multiple
  inverse key
• tech-c mandatory multiple
  inverse key
• nic-hdl mandatory single
  primary/look-up key
• remarks optional multiple
  
• notify optional multiple
  inverse key
• mnt-by optional multiple
  inverse key
• changed mandatory multiple
  
• source mandatory single

55
role Object

• role RIPE NCC Hostmaster
• address RIPE Network Coordination Centre
• address Singel 258
• address NL - 1016 AB Amsterdam, Netherlands
• phone 31 20 535 4444
• e-mail hostmaster_at_ripe.net
• trouble Work days 0900-1800 CET phone XXX
• trouble Outside Business Hours phone YYY
• admin-c JLC2-RIPE
• tech-c MK16-RIPE
• notify hostmaster_at_ripe.net
• mnt-by RIPE-NCC-MNT
• nic-hdl RNH124-RIPE
• changed hostmaster_at_ripe.net 19971002
• source RIPE

56
Network Object

• inetnum 193.0.0.0 - 193.0.0.255
• netname RIPE-NCC
• descr RIPE Network Co-ordination Centre
• descr Amsterdam, Netherlands
• country NL
• admin-c JLC2-RIPE
• tech-c MK16-RIPE
• status ASSIGNED PA
• mnt-by RIPE-NCC-MNT
• changed GeertJan.deGroot_at_ripe.net 19970310
• source RIPE
• / notation possible for inetnum value

57
Queries Reach 7/sec Average
7/sec
58
Number of DB Objects

• 2,5 million .de domain objects taken out on 28th
  June
• 50,000 .be domain objects taken out on 24th July

59
Example Query

• whois 193.0.0.0
• inetnum 193.0.0.0 - 193.0.0.255
• netname RIPE-NCC
• admin-c DK58
• tech-c OPS4-RIPE
• route 193.0.0.0/24
• descr RIPE-NCC
• role RIPE NCC Operations
• address Singel 258
• nic-hdl OPS4-RIPE
• person Daniel Karrenberg
• address RIPE Network Coordination Centre (NCC)
• nic-hdl DK58

60
Using RIPE DB Flags

• whois -r 193.0.0.0 gt
  inetnum, route
• whois -T inetnum 193.0.0.0 gt inetnum,person,role
  
• whois -r -T inetnum 193.0.0.0 gt inetnum
• whois OPS4-RIPE gt role, persons
• whois -r OPS4-RIPE gt role
• whois -v as-macro
• whois -a ltIP address or rangegt

61
Inverse Lookups in RIPE DB

• whois -i admin-c,tech-c,zone-c JJ123-RIPE
• whois -i admin-c,tech-c,zone-c -T domain
  JJ123-RIPE
• whois -i zone-c JJ123-RIPE
• whois -r -i admin-c,tech-c -T role BL112-RIPE
• whois -i notify hm-dbm-msgs_at_ripe.net
• whois -i origin AS42
• whois -i mnt-by BLUELIGHT-MNT

62
Hierarchical DB Query
whois -M 195.35.64.0/19 whois -m 195.35.64.0/19
195.35.64.0 - 195.35.95.255
195.35.64.0- 195.35.65.191
195.35.92.8/29 ENGO-8
195.35.92/29 ENGO-7
195.35.88/26
195.35.80/25
...
Goody2Shoes
eNGOs
Blue Light
whois -L 195.35.92.10
63
RIPE whois Flags

• i inverse lookup for specified attributes
• L find all Less specific matches
• m find first level more specific matches
• M find all More specific matches
• r turn off recursive lookups
• T type only look for objects of type (inetnum,
  route, etc.)
• a search all databases
• h hostname search alternate server
• s search databases with source source
• t show template for object of type type
• v verbose information for object of type type
• whois help (how to query the database)

64
DB Update Procedure

• Changing an object
• add the changed line to the new version of object
• value email address and date
• keep the same primary key
• do not forget authentication (password, PGP key)
• Deleting an object
• add delete line to the exact copy of current
  object
• value email address, reason and date
• submit to ltauto-dbm_at_ripe.netgt

65
DB Update Procedure

• Unique Keys (Primary Keys)
• person name nic-hdl
• role name nic-hdl
• maintainer maintainer name
• inetnum network number
• domain domain name
• aut-num AS number
• as-macro AS-macro name
• community community name
• route route value origin
• Uniquely identifies object
• Updating an existing object will overwrite the
  old entry hence need unique key

66
Creating person Object

• Check if person object exists in RIPE DB
• whois persons name email address
• only one object per person
• Obtain and complete a template
• whois -t person
• whois -v person
• Each person object has unique nic-hdl
• Only way to clear ambiguity in person objects
• Format ltinitialsgtltnumbergt-ltdatabasegt
• e.g. CD567-RIPE

67
E-mail Interface

• ltauto-dbm_at_ripe.netgt
• automatic mailbox
• send all updates to this mailbox
• can use HELP in subject line
• ltripe-dbm_at_ripe.netgt
• send questions and comments to this mailbox
• please include error reports

68
Syntax Checking

• Successful update
• Warnings
• object corrected and accepted
• notification of action taken in acknowledgement
• Errors
• object NOT corrected and NOT accepted
• diagnostics in acknowledgement

69
Example Error Message

• Update FAILED person Mirjam Kuehne
• person Mirjam Kuehne
• address RIPE NCC
• address Singel 258, NL-1016 AB, Amsterdam
• address The Netherlands
• phone 31 20 535 4444
• fax-no 31 20 535 4445
• e-mail mir_at_ripe.net
• changed mir_at_ripe.net 19980828
• source RIPE
• WARNING date in "changed" (980828) changed to
  19980828
• ERROR mandatory field "nic-hdl" missing

70
Deleting an Object

• Add delete attribute to copy of current object
• person Mirjam Kuehne
• address RIPE NCC
• address Singel 258
• address NL - 1016 AB Amsterdam
• address Netherlands
• phone 31 20 535 4444
• fax-no 31 20 535 4445
• e-mail mir_at_ripe.net
• nic-hdl MK16-RIPE
• changed mir_at_ripe.net 19980911
• source RIPE
• delete training_at_ripe.net late for training
• Submit to ltauto-dbm_at_ripe.netgt

71
Nic-hdls (Example)

• person John F. Doe
• nic-hdl AUTO-1JFD
• person Anne Smith
• nic-hdl AUTO-2
• inetnum
• admin-c AUTO-1JFD
• tech-c AUTO-2

JFD304-RIPE
AS519-RIPE
JFD304-RIPE
AS519-RIPE
72
Test Database

• Non-production DB
• Similar interface as real Database
• whois email
• whois -h test-whois.ripe.net test-dbm_at_ripe.net
• syntax checking
• error reports
• Enable to submit your own maintainer
• Ideal for testing
• various authorisation schemes
• self-made scripts that update RIPE DB
• Source TEST

73
DNS Activities
74
DNS Management

• Goals
• ensure proper operation of name servers
• minimise pollution of DNS
• Services
• manage reverse delegations of networks in 193/8,
  194/8, 195/8, 212/8, 213/8, 217/8 and 62/8
  in-addr.arpa domain
• support LIRs with feedback
• secondary name servers for ccTLDs
• RIPE NCC DOES NOT register domain names

75
RIPE NCC Hostcount per Quarter
76
Why Do You Need Reverse Delegation ?

• All host-IP mappings in the DNS (A record) should
  have a corresponding IP-host mapping (PTR record)
• Failure to have this will likely
• block users from various services (ftp, mail)
• make troubleshooting more difficult
• produce more useless network traffic in general

77
IN-ADDR.ARPA Domain
. (ROOT)
nl
edu
arpa
net
com
bluelight
in-addr
www
195.35.65.1
195
193
194
213
212
217
62
35
Forward mapping
(A 195.35.65.1)
65
1 1.65.35.195.in-addr.arpa
Reverse mapping
(PTR www.bluelight.nl)
78
Request Reverse Delegation

• Send domain object to ltauto-inaddr_at_ripe.netgt
• an automatic mailbox
• Robot (named Marvin) will
• check the Reg-ID
• only LIRs can request reverse delegation
• check if zone is correctly setup
• check assignment validity
• (try to) enter object to RIPE DB
• Questions, Comments to ltinaddr_at_ripe.netgt

79
lt /24 Delegations

• Reverse delegation is also possible for a /24
  shared by more customers
• gt NOT reason for classfull assignments
• RIPE NCC reverse delegate authority for the
  entire /24 to LIR
• If customer wants to run own primary nameserver
• LIR delegates parts as address space gets
  assigned
• use CNAME to create an extra point of delegation
• (RFC-2317)

80
CNAME Example Zonefile at Provider Primary
Nameserver

• ORIGIN 80.35.195.in-addr.arpa.
• 0-31 IN NS ns.goody2shoes.nl.
• 0-31 IN NS ns2.bluelight.nl.
• 32-71 IN NS ns.cyberfalafel.nl.
• 32-71 IN NS ns2.bluelight.nl.
• 0 IN CNAME 0.0-31
• 1 IN CNAME 1.0-31
• ... ...
• 31 IN CNAME 31.0-31
• 32 IN CNAME 32.32-71
• 33 IN CNAME 33.32-71
• ... ...
• 71 IN CNAME 71.32-71
• 72 IN PTR www.qwerty.nl.

81
Reverse DNS Quality Report

• 80 of delegating zones good
• Quality improving
• 500 new zones /week
• 52.3 of eligible /24 zones are delegated
• http//www.ripe.net/inaddr/statistics

82
Questions?
83
Organizations
AFRINIC African Network Information
Centre http//www.afrinic.org APNIC Asian
Pacific Network Information Centre http//www.ap
nic.net ARIN American Registry for Internet
Numbers http//www.arin.net CEENet Central
and Eastern European Networking
Association http//www.ceenet.org CENTR Council
of European National Top level domain
Registries http//www.centr.org CIX Commercial
Internet Exchange http//www.cix.org ETSI Europ
ean Telecommunications Standards
Institute http//www.etsi.org EuroISPA European
Internet Service Providers Association http//ww
w.euroispa.org IANA Internet Assigned Numbers
Authority http//www.iana.org
84
Organizations
ICANN Internet Corporation for Assigned Numbers
and Names http//www.icann.net IETF Internet
Engineering Task Force http//www.ietf.org ITU
International Telecommunications
Union http//www.itu.int NANOG North American
Network Operators Group http//www.nanog.org RIP
E Reseaux IP European Network http//www.ripe.
net RIPE NCC RIPE Network Coordination
Centre http//www.ripe.net W3C World Wide Web
Consortium http//www.w3.org