Professional Documents
Culture Documents
Ip Tutorial Ripe38
Ip Tutorial Ripe38
Ip Tutorial Ripe38
IP Tutorial
26 January 2001
http://www.ripe.net/ripe/meetings/archive/ripe-37/presentations/lir-tutorial/
1
Local Internet Registries . Training Course . http://www.ripe.net
Schedule
Requesting Address Space
Introduction to RIPE NCC
Global Registry System
Initial Administrivia of Becoming LIR
First Request
Completing the request form
Communication with hostmasters
Customers Request
Elementary evaluation
RIPE Database
Evaluation of specific assignment cases
Large request
PI request
Renumbering
Assignment Window
New allocation
IPv6
3
Local Internet Registries . Training Course . http://www.ripe.net
What is the RIPE NCC?
Why a NCC ?
Actions agreed in RIPE community needed
continuity and professionalism
neutrality and impartiality
Consensus Model
Statistics Now
67 staff (22 nationalities)
2,526+ participating Local IRs
12,088,135+ countable hosts in the RIPE NCC region
3,537,049+ objects in the database
Server whois.ripe.net
UNIX command line queries
http://www.ripe.net/ripencc/pub-services/db/
Local Internet Registries . Training Course . http://www.ripe.net 10
RIPE Database (2)
Software Management
server and client
NOT relational
RIPE NCC
Database Working Group (RIPE community)
Data Management
LIRs
other users
RIPE NCC
Information content not responsibility of RIPE NCC
Protection mechanisms not default, but strongly encouraged
RIPE
open forum for discussing policies
RIPE NCC
legitimate, not-for-profit association
formal membership
neutral and impartial
15
Local Internet Registries . Training Course . http://www.ripe.net
Terminology
Allocation
address space given to registries which is held by
them to assign to customers
Assignment
address space given to end-users for use in
operational networks
/20 allocation = 4096 addresses
assignment assignment
16
10 65,536
Class B 128.0.0.0 - 191.255.255.255
24
Class C 110 256
192.0.0.0 - 223.255.255.255
Obsolete because of
depletion of B space
too many routes from C space
Solution
Classless Inter Domain Routing
hierarchical address space allocation
Local Internet Registries . Training Course . http://www.ripe.net 17
Classless Notation
Addresses Prefix Classful Net Mask
... ... ... ...
8 /29 255.255.255.248
16 /28 255.255.255.240
32 /27 255.255.255.224
64 /26 255.255.255.192
128 /25 255.255.255.128
256 /24 1C 255.255.255.0
... ... ... ...
Aggregation
Conservation
Registration
uniqueness
Local IR Local IR
/ ISP Enterprise
Local IR
ISP ISP /
End user
End user
22
Local Internet Registries . Training Course . http://www.ripe.net
Becoming LIR
Format
<country code> . <registry name>
26
Local Internet Registries . Training Course . http://www.ripe.net
Sample First Request
Example: Blue Light Internet
LIR wants a block of IP addresses
e.g. for own network / infrastructure
do not include needs of customers yet
Steps:
Complete request form ripe-141
Send request to <hostmaster@ripe.net>
RIPE NCC evaluate and approve request
I. General Information
Overview of Organisation
Contact Information
Current Address Space Usage
II. The Request
Request Overview
Addressing Plan
III. Database Information
IV. Optional Information
Gathering Information
Design of the network
how many physical segments it will consist of
what is each segment going to be used for
including equipment used
how many hosts are in each segment
expectations of growth
request-size: 448
addresses-immediate: 170
addresses-year-1: 297 Totals: 448 170 297 342
addresses-year-2: 342
subnets-immediate: 6
subnets-year-1: 8
subnets-year-2: 9
inet-connect: YES, already connected to UpstreamISP
country-net: NL
private-considered: Yes
request-refused: NO
PI-requested: NO
address-space-returned: 195.20.42.0/25, to UpstreamISP, in 3 months
Actual addresses
35
Local Internet Registries . Training Course . http://www.ripe.net
Ticketing System
Ask hostmaster
<lir-help@ripe.net>
include your Reg-ID
RIPE NCC hostmaster enters allocation and assignment objects into the RIPE
database at this time
- /24 & /25 & /26 (448) instead of /23 (512)
Evaluation
Basic Database Issues
41
Local Internet Registries . Training Course . http://www.ripe.net
Assignment Process
Gathering
information
Completing
ripe-141 Customer
Documentation no
completed?
yes
RIPE NCC evaluation
no Documentation
completed?
approval
Add comments
#[Requester Template]#
LIR contact for RIPE NCC
#[User Template]#
customers contact for LIR
Local Internet Registries . Training Course . http://www.ripe.net 45
Evaluation -- Addressing Plan
Do totals in Addressing Plan match numbers in Request
Overview?
50
Local Internet Registries . Training Course . http://www.ripe.net
Creating person Object
Send to <auto-dbm@ripe.net>
with the keyword NEW in the subject line
195.35.64.0 -
195.35.95.255
whois -L 195.35.92.10
Large Request
PI request
Renumbering
60
Local Internet Registries . Training Course . http://www.ripe.net
Large Request
61
Local Internet Registries . Training Course . http://www.ripe.net
Submitting a Large Request
Complete ripe-141 request form
only include addresses you have concrete need for
(no reservations)
Possible additional information
pointer to web site
deployment plan
new technologies
purchase receipts
topology map (design of the network)
can be faxed
handled and kept confidentially
include ticket number and Reg-ID
Suitable for
partial connectivity
limited access to outside services
can use application layer gateways (fire walls, NAT)
Motivation
saves public address space
allows for more flexibility
security
Local Internet Registries . Training Course . http://www.ripe.net 64
Sample Deployment Plan
Needed when big expansion planned
Matching addressing plan
Relative Subnet Mask Size Imm. 1yr 2yr Description
Prefix
0.0.0.0 255.255.248.0 2048 0 1024 2048 London POP
0.0.4.0 255.255.248.0 2048 0 1024 2048 Berlin POP
0.0.8.0 255.255.248.0 2048 0 1024 2048 Moscow POP
0.0.12.0 255.255.248.0 2048 0 1024 2048 Paris POP
Planned Date Type of Number Location
operational Equipment Equipment of hosts
Date ordered
67
Local Internet Registries . Training Course . http://www.ripe.net
PA vs. PI Assignments
Provider Aggregatable
customer uses addresses out of LIRs allocation
good for routing tables
customer must renumber if changing ISP
Provider Independent
customer receives range of addresses from RIPE NCC
customer takes addresses when changing ISP
possible routing problems
Make contractual agreements
example: ripe-127
the only way to distinguish PA and PI space
After approval
RIPE NCC assigns a block from own range
RIPE NCC puts assignment in database
with RIPE-NCC-HM-PI-MNT
Local Internet Registries . Training Course . http://www.ripe.net 70
Example PI DB Entry
inetnum: 194.1.208.0 - 194.1.209.255
netname: GOODY2SHOES-2
descr: Own Private Network 4 Goody2Shoes
descr: Amsterdam, Netherlands
country: NL
admin-c: PIBA2-RIPE
tech-c: JAJA1-RIPE
status: ASSIGNED PI
mnt-by: RIPE-NCC-HM-PI-MNT
mnt-by: BLUELIGHT-MNT
changed: hostmaster@ripe.net 19991111
source: RIPE
is easy!
72
Local Internet Registries . Training Course . http://www.ripe.net
When to Send Renumbering
Request?
When to Send Renumbering Request?
Customer(s) changing providers
already using address space
returning PA addresses to OldISP
renumbering to the PA range of NewISP
Changing from PI (or UNSPECIFIED) to PA
Only if amount is above LIRs AW
Procedure made easier as to encourage
if many customers 1-1 renumbering, all in one request form
Time frame guidelines - 3 months
75
Local Internet Registries . Training Course . http://www.ripe.net
Assignment Window Policy
Assignment Window
maximum amount of address space LIR can assign
without prior approval of the NCC
initially AW equals zero
gradually raised
Why necessary?
support to LIRs during start up
familiarisation with RIPE NCC procedures
align criteria for request evaluation
maintain contact between LIRs and RIPE NCC
Send
EVERY customers request
and
EVERY request for assignment to your own
infrastructure / network
to the RIPE NCC for evaluation
Experience
with RIPE Database
different policies
evaluating and processing requests
To enforce payment
no
Gathering Documentation ask for more
completed? Documentation
information
yes
LIR Evaluate
Evaluation request
no no
request > AW? need 2nd opinion?
yes yes
84
Local Internet Registries . Training Course . http://www.ripe.net
Allocation Procedures
Slow Start
first allocation /20
LIR announces the whole prefix
size of future allocations depends on current usage rate
presumably enough for next two years
not always contiguous
92
Local Internet Registries . Training Course . http://www.ripe.net
Why IPv6?
Next generation protocol
scalability -- 128 bits addresses
security
dynamic hosts numbering
QoS
Reverse Delegation
AS Numbers
Advanced database issues
100
Local Internet Registries . Training Course . http://www.ripe.net
What is Forward and Reverse
DNS Delegation ?
Forward Delegation
enables naming of IP hosts on the Internet
hierarchical authority for domain registration
organisational structure
Reverse Delegation
enables association of IP addresses with domain names
hierarchical authority for reverse zone
depends on who distributed the address space
reverse delegation takes place on octet boundaries
edu nl
arpa net
com bluelight
in-addr amsterdam
www 195.35.65.130
217 212 213 193 195 194 62
35 Forward mapping
(A 195.35.65.130)
65
domain: 80.35.195.in-addr.arpa
descr: Reverse delegation for Bluelight Customers
admin-c: JJ231-RIPE
tech-c: JAJA1-RIPE
zone-c: WF2121-RIPE
nserver: ns.bluelight.nl
nserver: ns2.bluelight.nl
mnt-by: BLUELIGHT-MNT
* changed: jan@bluelight.nl 19991110
source: RIPE
Tool will
check assignment validity
check if zone is correctly setup
(try to) enter object to RIPE DB
RIPE NCC reverse delegate authority for the entire /24 to LIR
procedure and requirements the same as for /24
0-31 IN NS ns.goody2shoes.nl.
0-31 IN NS ns2.bluelight.nl.
32-71 IN NS ns.cyberfalafel.nl.
32-71 IN NS ns2.bluelight.nl.
0 IN CNAME 0.0-31
1 IN CNAME 1.0-31
... ...
31 IN CNAME 31.0-31
32 IN CNAME 32.32-71
33 IN CNAME 33.32-71
... ...
71 IN CNAME 71.32-71
73 IN PTR www.qwerty.nl.
Local Internet Registries . Training Course . http://www.ripe.net 111
CNAME Example
Zonefiles at Customers Nameservers
$ORIGIN 0-31.80.35.195.in-addr.arpa.
@ IN NS ns.goody2shoes.nl.
@ IN NS ns2.bluelight.nl.
1 IN PTR www.goody2shoes.nl.
2 IN PTR mail.goody2shoes.nl.
... ...
31 IN PTR kantoor.goody2shoes.nl.
$ORIGIN 32-71.80.35.195.in-addr.arpa.
@ IN NS ns.cyberfalafel.nl.
@ IN NS ns2.bluelight.nl.
33 IN PTR www.cyberfalafel.nl.
... ...
70 IN PTR cafe3.cyberfalafel.nl.
114
Local Internet Registries . Training Course . http://www.ripe.net
Policy Based Routing
end-user end-user
Internet AS2
AS2
ISP
AS3
Regional Transit Provider
Backbone
Provider
BlueLight Goody2Shoes
NEW
Internet
Local Internet Registries . Training Course . http://www.ripe.net 115
Autonomous System
Definition:
a group of IP networks run by one or more network
operators which has a unique and clearly defined routing
policy
Send to <hostmaster@ripe.net>
web syntax check: http://www.ripe.net/cgi-bin/web147cgi
aut-num: AS3
as-out: to NEW announce ANY AS3
as-in: from NEW 10 accept NEW AS2
NEW
aut-num: AS3
as-out: to NEW announce ANY AS3
as-in: from NEW 10 accept NEW AS2
NEW
DB administration
using role object
updating
deleting
Protection
Test Database
124
Local Internet Registries . Training Course . http://www.ripe.net
role Object
% whois -h whois.ripe.net -t role
role: [mandatory] [single] [primary/look-up key]
address: [mandatory] [multiple] []
phone: [optional] [multiple] []
fax-no: [optional] [multiple] []
e-mail: [mandatory] [multiple] [look-up key]
trouble: [optional] [multiple] []
admin-c: [mandatory] [multiple] [inverse key]
tech-c: [mandatory] [multiple] [inverse key]
nic-hdl: [mandatory] [single] [primary/look-up key]
remarks: [optional] [multiple] []
notify: [optional] [multiple] [inverse key]
mnt-by: [optional] [multiple] [inverse key]
changed: [mandatory] [multiple] []
source: [mandatory] [single] []
Deleting an object
add delete line to the exact copy of current object
value: email address, reason and date
submit to the database
CD2-RIPE
JAJA1-RIPE JAJA1-RIPE CD2-RIPE
...
Inetnum:
CD2-RIPE
JAJA1-RIPE
195.35.64.130
JJ231-RIPE
BL112-RIPE
133
Local Internet Registries . Training Course . http://www.ripe.net
Notification / Authorisation
notify attribute (optional)
sends notification of change to the email address specified
mntner: BLUELIGHT-MNT
descr: Maintainer for all Bluelight objects
admin-c: JJ231-RIPE
tech-c: BL112-RIPE
auth: CRYPT-PW q5nd!~sfhk0#
upd-to: jan@bluelight.nl
mnt-nfy: auto-mnt@bluelight.nl
mnt-by: BLUELIGHT-MNT
changed: hostmaster@bluelight.nl 19991112
source: RIPE
4. auth: PGP-KEY-<argument>
key-cert object
see: ripe-190 & ripe-189
RIPE NCC can provide you with a licence for free
142
Local Internet Registries . Training Course . http://www.ripe.net
Reverse Delegation of Multiple /24
for range of consecutive zones
possible also for sub-range
represented in single inetnum object
Shorthand notation for domain attribute
inetnum: w.z.x.0 - w.z.y.255 212.73.10.0-212.73.15.255
domain: x-y.z.w.in-addr.arpa 10-15.73.212.in-addr.arpa
host
dig
149
Local Internet Registries . Training Course . http://www.ripe.net
Internet Routing Registry (IRR)
Goals of the IRR
consistency and stability of routing
enable development of tools to use information
Local IR responsibilities
maintain policy information in RR
Regional IR responsibilities
assigning Autonomous System Numbers
consistency checking of data
maintenance of RR support tools
IRR
APNIC
RIPE RR
... RADB
C&W
ARIN
http://www.radb.net/docs/list.html
aut-num
route
as-macro
community
dom-prefix
inet-rtr
aut-num: AS42
cross-mnt: BLUELIGHT-MNT
[]
mntner: BLUELIGHT-MNT
mnt-nfy: auto-mnt@bluelight.net
[]
as-macro: AS-ARCON
descr: ARCON TML customers AS list
as-list: AS8955 AS6809 AS12500 AS-MACRO-B
tech-c: BZ318-RIPE
admin-c: VV82
mnt-by: ARCON-MNT
changed: roman@itar-tass.com 19990914
source: RIPE
aut-num: AS8563
descr: DirectNet Autonomous System
descr: JSC DirectNet Telecommunications
as-in: from AS8955 100 accept AS-ARCON
...
whois -v as-macro
Looking glasses
http://www.ripe.net/ cgi-bin/looking-glass
http://www.traceroute.org/
Audit
Billing
Closing
164
Local Internet Registries . Training Course . http://www.ripe.net
Audit Motivation
Audit Activity is a service
requested by the community
ensure equal treatment
LIR can ask for an audit
Help LIRs to
keep RIPE Database tidy
keep up-to-date with new policies
Audit procedure
LIR answers list of questions
RIPE NCC check database
precious feedback
constant improvement
Thank you
www.ripe.net/ripencc/mem-services/training/lir-questionnaire.html
Thank you
ncc@ripe.net
Local Internet Registries . Training Course . http://www.ripe.net 172