Beruflich Dokumente
Kultur Dokumente
RIPE NCC
Schedule
09:00 - 09:30
Coee, Tea
11:00 - 11:15
Break
13:00 - 14:00
Lunch
15:30 - 15:45
Break
17:30
End
Introductions
Name
Number
on
the
list
Experience
with
the
RIPE
NCC
Goals
Overview
Being an LIR
Getting Resources
Distributing Resources
Managing Resources
Not-for-profit organisations
IANA
LACNIC
Latin America
ARIN
North America
RIPE NCC
Eurasia
Middle East
AFRINIC
Africa
APNIC
Asia Pacific
Goals: Registration
Why?
How?
Results:
Goals: Aggregation
Why?
How?
Introduction of Classless Inter Domain Routing (CIDR)
Result:
10
600000
360000
then filtered
240000
10
20
11
20
12
20
13
20
14
20
15
20
09
20
08
20
07
20
06
20
05
20
04
20
03
20
02
20
01
20
00
20
99
19
98
19
97
19
96
19
95
19
19
94
93
19
92
19
91
19
90
19
89
Projected growth
of routing table
before CIDR
19
120000
Longer prefixes
being announced
10
Goals: Conservation
Why?
Introduction of CIDR
How?
Results:
11
IANA
/0
RIR
/8
/21
/23
Allocation
12
LIR
/25
End User
/24
PA Assignment
PI Assignment
IANA
/0
RIR
/8
/22
/23
Allocation
13
LIR
/25
End User
/24
PA Assignment
PI Assignment
14
IANA
/3
RIR
/12
/32
/56
Allocation
LIR
/48
End User
/48
PA Assignment
PI Assignment
RIPE NCC
15
16
RIPE Community
17
Open
Transparent
Meetings transcribed
Developed bottom-up
The RIPE NCC implements them
18
19
ICANN / IANA
ASO
AFRINIC
RIPE NCC
ARIN
APNIC
LACNIC
AFRINIC
community
RIPE
community
ARIN
community
APNIC
community
LACNIC
community
Creates proposals
Discusses proposals
Seeks consensus
Accept proposals
20
21
22
Financial Report
23
RIPE Database
Routing policy
25
Resources
inetnum, inet6num, aut-num
Routing
route, route6
DNS
Reverse
domain
Security
mntner
Contact
organisation, person, role
26
Web interface
Command
line
27
Query limits
person/role objects
28
Querying the
RIPE Database
Demonstration
The maintainer
mntner:
LIR-MNT
admin-c:
tech-c:
mnt-by:
notify:
upd-to:
JS123-RIPE!
JS123-RIPE!
LIR-MNT!
js@example.org!
js@example.org!
!
auth:!
changed:
source:
MD5-PW $1$g3xT9SJ
js@example.org !
RIPE
30
Password
Hashed password
tiger72
$1$g3xT9SJ
Authentication
Password (MD5-PW)
!
31
Protection
32
mntner:
LIR-MNT
person:
John Smith
admin-c:
tech-c:
mnt-by:
notify:
upd-to:
JS123-RIPE!
JS123-RIPE!
LIR-MNT!
js@example.org!
js@example.org!
address:
address:
e-mail:
phone:
nic-hdl:
My Street 9876!
Office 123!
js@example.org!
+31 20 876 5432!
JS123-RIPE!
auth:!
auth:!
MD5-PW $1$g3xT9SJ
$1$g3xT9SJ
mnt-by:!
mnt-by:!
LIR-MNT
tiger72
mntner:
LIR-MNT
admin-c:
tech-c:
mnt-by:
JS123-RIPE!
JS123-RIPE!
LIR-MNT
33
inetnum:
85.11.184.0/21
descr:
My Assignment!
admin-c:
LA789-RIPE!
tech-c:
LA789-RIPE!
status:
ASSIGNED PA!
mnt-by:
LIR-MNT
person:
John Smith
address:
phone:
e-mail:
js@example.org!
nic-hdl:
JS123-RIPE!
mnt-by:
LIR-MNT
aut-num:
aut-num:
AS65432
AS64551
descr:
My AS Number!
admin-c:
LA789-RIPE!
tech-c:
LA789-RIPE!
mnt-by:
RIPE-NCC-END-MNT!
mnt-by:
LIR-MNT
Multiple protection
mntner:
ONE-MNT
admin-c:
LA789-RIPE!
tech-c:
LA789-RIPE!
mnt-by:
ONE-MNT!
auth:
MD5-PW $1$gT4W!
auth:
PGPKEY-AE6FBTI7
mntner:
TWO-MNT
admin-c:
XY456-RIPE!
tech-c:
XY456-RIPE!
mnt-by:
TWO-MNT!
auth:
MD5-PW $76$ytE7!
auth:
SSO john@email.net
34
person:
John Smith
address:
phone:
e-mail:
js@example.org!
nic-hdl:
JS123-RIPE!
mnt-by:
ONE-MNT!
mnt-by:
TWO-MNT
35
inetnum:
person:
John Smith
nic-hdl:
address:
phone:
e-mail:
mnt-by:
JS123-RIPE
Sesame Street 1
+1 555 0101
john@example.org
LIR-MNT
person:
Sue Baker
nic-hdl:
address:
phone:
e-mail:
mnt-by:
SB436-RIPE
Sesame Street 1
+1 555 0202
sue@example.org
LIR-MNT
85.11.184.0/25
tech-c:
SB436-RIPE
JS123-RIPE
admin-c:
SB436-RIPE
JS123-RIPE
status:
PA
inetnum: ASSIGNED
85.11.184.128/25
mnt-by:
LIR-MNT
JS123-RIPE
tech-c:
SB436-RIPE
JS123-RIPE
admin-c:
SB436-RIPE
status:
PA
inetnum: ASSIGNED
85.11.186.0/27
mnt-by:
LIR-MNT
JS123-RIPE
tech-c:
SB436-RIPE
JS123-RIPE
admin-c:
SB436-RIPE
status:
PA
inetnum: ASSIGNED
85.11.186.32/25
mnt-by:
LIR-MNT
JS123-RIPE
tech-c:
SB436-RIPE
JS123-RIPE
admin-c:
SB436-RIPE
status:
PA
inetnum: ASSIGNED
85.11.186.64/26
mnt-by:
LIR-MNT
tech-c:
SB436-RIPE
JS123-RIPE
admin-c:
SB436-RIPE
JS123-RIPE
status:
ASSIGNED
ASSIGNEDPA
PA
mnt-by:
LIR-MNT
LIR-MNT
Role object
person:
John Smith
nic-hdl:
address:
phone:
e-mail:
mnt-by:
JS123-RIPE
Sesame Street 1
+1 555 0101
john@example.org
LIR-MNT
person:
Sue Baker
nic-hdl:
address:
phone:
e-mail:
mnt-by:
SB436-RIPE
Sesame Street 1
+1 555 0202
sue@example.org
LIR-MNT
36
role:
nic-hdl:
tech-c:
admin-c:
tech-c:
admin-c:
mnt-by:
LIR Admin
LA789-RIPE
JS123-RIPE
JS123-RIPE
SB436-RIPE
SB436-RIPE
LIR-MNT
John Smith
nic-hdl:
address:
phone:
e-mail:
mnt-by:
JS123-RIPE
Sesame Street 1
+1 555 0101
john@example.org
LIR-MNT
role:
LIR Admin
nic-hdl:
LA789-RIPE
!tech-c:
!admin-c:
!tech-c:
!admin-c:
JS123-RIPE
JS123-RIPE
SB436-RIPE
SB436-RIPE
LIR-MNT
mnt-by:
37
inetnum:
85.11.184.0/25
tech-c:
admin-c:
LA789-RIPE
LA789-RIPE
inetnum:
85.11.184.128/25
tech-c:
admin-c:
LA789-RIPE
LA789-RIPE
inetnum:
85.11.185.0/24
tech-c:
admin-c:
LA789-RIPE
LA789-RIPE
inetnum:
85.11.186.0/27
tech-c:
admin-c:
LA789-RIPE
LA789-RIPE
person:
Sue Baker
inetnum:
85.11.186.32/27
nic-hdl:
address:
phone:
e-mail:
mnt-by:
SB436-RIPE
Sesame Street 1
+1 555 0202
sue@example.org
LIR-MNT
tech-c:
admin-c:
status:
mnt-by:
LA789-RIPE
LA789-RIPE
ASSIGNED PA
LIR-MNT
38
inet6num:
2001:db8::/32
aut-num:
AS65432
tech-c:
admin-c:
mnt-by:
LA789-RIPE
JD1-RIPE
RIPE-NCC-HM-MNT
tech-c:
admin-c:
mnt-by:
LA789-RIPE
JD1-RIPE
RIPE-NCC-END-MNT
mnt-routes:
LIR-MNT
mnt-by:
LIR-MNT
route6:
2001:db8::/32
tech-c:
admin-c:
origin:
LA789-RIPE
JD1-RIPE
AS65432
mnt-by:
LIR-MNT
Reverse delegation
inetnum:
185.9.0.0/22
tech-c:
admin-c:
mnt-by:
LA789-RIPE
JD1-RIPE
RIPE-NCC-HM-MNT
39
mnt-domains: LIR-MNT
domain:
0.9.185.in-addr.arpa
mnt-by:
LIR-MNT
domain:
1.9.185.in-addr.arpa
mnt-by:
END-USRmnt-by:
LIR-MNT
domain:
2.9.185.in-addr.arpa
MNT
mnt-by:
END-USRmnt-by:
LIR-MNT
domain:
3.9.185.in-addr.arpa
MNT
mnt-by:
END-USRmnt-by:
LIR-MNT
MNT
mnt-by:
nserver:
nserver:
END-USR-MNT
ns1.example.com
ns2.example.com
Updating the
RIPE Database
Demonstration
Questions?
41
Being an LIR
Section 3
LIRs responsibilities
43
44
http://access.ripe.net
LIR Portal
45
http://lirportal.ripe.net
46
LIR Portal
RIPE NCC!
Access
And more
LIR Portal
Demonstration
Closing LIRs
48
Time
15 minutes
Goal
Scenario
50
Getting resources
Section 4
Terminology
Allocation
Assignment
52
53
RIPE NCC
LIR
End User
Allocation
PA Assignment
PI Assignment
Sub-allocations
54
LIR
DOWNSTREAM
ISP / LIR
End User
PA Allocation
PA Sub-allocation
PA Assignment
55
56
or sub-allocation
57
PI
assignments
between
end
users
58
59
60
Brokers
61
62
63
IPv6 PI Assignments
64
inet6num:
2001:db8::/48
inet6num:
2001:db8:1234::/48
descr:!
status: !
mnt-by:
mnt-lower:
mnt-by:
mnt-routes:
mnt-domains:
!
!
LIR PI Assignment !
ASSIGNED PI!
RIPE-NCC-END-MNT!
RIPE-NCC-END-MNT!
ENDUSER-MNT!
ENDUSER-MNT!
ENDUSER-MNT
IPv4 PI Assignments
Can
be
transferred
to
another
end
user
No sub-assigning allowed
Yearly charges for PI Assignments
65
Assignment requirements
Address space
Multihoming
For
End
User
66
- or -
Become
an
LIR
Return
the
resources
67
Questions?
68
Distributing resources
Section 5
70
NOC VLAN
Customers
IPv4 subnets
71
gateway
network
broadcast
255
network
broadcast
gateway
IPv6 subnets
72
/60 = 16 subnets
In IPv6
the amount of hosts
in a subnet is
irrelevant!
Making assignments
Exercise
Time
30 minutes
Goal
Task
74
IPv4 resources
http://www.ripe.net/ripe/docs/ipv4-policies.html
75
76
10.0.3.0 - 10.0.3.255
Customer 847!
EU!
inetnum: 10.0.2.0 - 10.0.2.255
LA789-RIPE!
LA789-RIPE!
descr:!
Customer 593!
ASSIGNED!
country:
EU!
inetnum: 10.0.1.0 - 10.0.1.255
LIR-MNT
admin-c:
LA789-RIPE!
tech-c:
LA789-RIPE!
descr:!
Customer 246!
status: !
ASSIGNED! EU!
country:
inetnum: 10.0.0.0 - 10.0.0.255
mnt-by:
LIR-MNT
admin-c:
LA789-RIPE!
tech-c:
LA789-RIPE!
descr:!
Customer 321!
status: !
ASSIGNED! EU!
country:
mnt-by:
LIR-MNT
admin-c:
LA789-RIPE!
tech-c:
status: !
mnt-by:
LA789-RIPE!
ASSIGNED PA!
LIR-MNT
IPv6 assignments
77
78
2001:db8:dddd::/48
descr:!
country:
admin-c:
tech-c:
status: !
mnt-by:
Customer 847!
EU!
inet6num: 2001:db8:cccc::/48
LA789-RIPE!
LA789-RIPE!
descr:!
Customer 593!
ASSIGNED!
country:
EU!
inet6num: 2001:db8:bbbb::/48
LIR-MNT
admin-c:
LA789-RIPE!
tech-c:
LA789-RIPE!
descr:!
Customer 246!
status: !
ASSIGNED! EU!
country:
inet6num: 2001:db8:aaaa::/48
mnt-by:
LIR-MNT
admin-c:
LA789-RIPE!
tech-c:
LA789-RIPE!
descr:!
Customer 321!
status: !
ASSIGNED! EU!
country:
mnt-by:
LIR-MNT
admin-c:
LA789-RIPE!
tech-c:
status: !
mnt-by:
LA789-RIPE!
ASSIGNED!
LIR-MNT
2001:db8::/36
descr:!
admin-c:
tech-c:
status: !
assignment-size:
mnt-by:
DSL customers!
LA789-RIPE!
LA789-RIPE!
AGGREGATED-BY-LIR!
48!
LIR-MNT
inet6num:
79
2001:db8:103::/48
descr:! 2001:db8:102::/48
Customer 321!
inet6num:
country:
EU!
descr:!
Customer
321!
inet6num:
2001:db8:101::/48
admin-c:
LA789-RIPE!
country:
tech-c: EU! LA789-RIPE!
descr:!admin-c:
Customer
321!
inet6num:
2001:db8:100::/48
LA789-RIPE!
status: !
ASSIGNED!
country:
EU!
tech-c:
LA789-RIPE!
mnt-by:
LIR-MNT
descr:!
Customer
321!
admin-c:
LA789-RIPE!
status: !
ASSIGNED!
country:
EU!
tech-c:mnt-by: LA789-RIPE!
LIR-MNT
admin-c:
LA789-RIPE!
status: !
ASSIGNED!
tech-c:
mnt-by: LA789-RIPE!
LIR-MNT
status: !
ASSIGNED!
mnt-by:
LIR-MNT
Infrastructure
!
80
End User
!
Their equipment,
their location
Point of Presence
Point-to-Point
Broadband address pools
Point of Presence
Point-to-Point
Broadband address pools
!
Grey Area
!
!
Co-location
Server housing
Web hosting
Application Services
81
End User
!
Their equipment,
their location
Registering the
assignments
Exercise
Time
15 minutes
Goal
Task
Choose the range(s) from your allocation
83
Managing Resources
Section 6
Use AGGREGATED-BY-LIR
85
IPv6 Analyser
86
87
IP Analyser
88
ARC
89
ARC Goals
90
ARC Procedure
91
An IPRA will be
assigned to the task
Checks many aspects
of the registry
Sets up a call to talk
about the registry
Helps the LIR take
action, if needed
92
Using certificates
93
Questions?
94
96
Keep
your
LIR
contacts
in
the
LIR
Portal
up
to
date
Know
the
policies
and
procedures
Registration Services
lir-help@ripe.net
97
Go to https://apps.db.ripe.net/change-auth/
Automated process
Manual process
98
99
RIPEstat
100
http://stat.ripe.net
User
Defined
Measurements
available
for
LIRs
http://atlas.ripe.net
101
RIPE Labs
102
Anyone can:
Present research
Exchange ideas
http://labs.ripe.net
Questions?
103
104
Feedback!
https://www.ripe.net/training/lir/feedback
105
Follow us!
@TrainingRIPENCC
106
The End!
Y Diwedd
Ende
Konec
Beigas
Lpp
Fine
Einde
Liugt
Finvezh
nn
Kraj
Vge
Endir
Finis
Ki
Fund
Son
An Croch
Sfrit
Fin
Slut
Pabaiga
Fim
Amaia
Loppu
Kpaj
Tmiem
Slutt
Koniec