Ip Tutorial Ripe38

Welcome to the
IP Tutorial
26 January 2001
RIPE Network Co-ordination Centre

<training@ripe.net>
http://www.ripe.net/ripe/meetings/archive/ripe-37/presentations/lir-tutorial/
1
Local Internet Registries . Training Course . http://www.ripe.net
Schedule
Requesting Address Space
Introduction to RIPE NCC
Global Registry System
Initial Administrivia of Becoming LIR
First Request
Completing the request form
Communication with hostmasters
Customers Request
Elementary evaluation
RIPE Database
Evaluation of specific assignment cases
Large request
PI request
Renumbering
Assignment Window
New allocation
IPv6
Local Internet Registries . Training Course . http://www.ripe.net 2

Introduction to RIPE NCC
3
What is the RIPE NCC?
Network Co-ordination Centre

The RIPE NCC is a co-ordination and support service for its
members and RIPE community
One of 3 Regional Internet Registries (RIR)
Why a NCC ?
Actions agreed in RIPE community needed
continuity and professionalism
neutrality and impartiality

RIPE NCC History
Birth - April 1992
TERENA legal umbrella
Became RIR in September 1992
Contributing LIRs in 1995
In 1998 independent
A new structure (ripe-161)

not-for-profit association
General Assembly of all members
Executive Committee of elected nominees

Formal Decision Making
Consensus Model
RIPE proposes activity plan
RIPE NCC proposes budget to accompany

activity plan (ripe-213)
General Assembly votes on both

activities and budget at yearly meeting

Vital Statistics
Statistics 1992
3 staff members
No Local IRs
182,528 hosts in European Internet
7,955 objects in RIPE database (June 92)
Statistics Now
67 staff (22 nationalities)
2,526+ participating Local IRs
12,088,135+ countable hosts in the RIPE NCC region
3,537,049+ objects in the database

RIPE NCC Member Services
Registration Services
IPv4 addresses
IPv6 addresses
AS numbers
LIR Training Courses
<hostmaster@ripe.net>
Reverse domain name delegation

NOT registering domain names
Test Traffic Measurements

RIPE NCC Public Services
RIPE whois database maintenance
Routing Registry Maintenance (RR)
Co-ordination
RIPE support
Liaison with:
LIRs / RIRs / ICANN / etc
Information dissemination
Maintenance of tools
http://www.ripe.net/ripencc/mem-services/tools/index.html

RIPE Database (1)
Public Network Management Database
Information about objects

IP address space inetnum, inet6num
reverse domains domain
routing policies route, aut-num
contact details person, role, mntner
Server whois.ripe.net
UNIX command line queries
http://www.ripe.net/ripencc/pub-services/db/
RIPE Database (2)
Software Management
server and client
NOT relational
RIPE NCC
Database Working Group (RIPE community)
Data Management
LIRs
other users
RIPE NCC
Information content not responsibility of RIPE NCC
Protection mechanisms not default, but strongly encouraged

RIPE Database v 3.0
New language (RFC-2622) Routing
Policy Specification Language
allows for more refined policy details
will eventually replace ripe-181
transition to RPSL will be smooth
RPSL mirror of RIPE DB
rpsl.ripe.net
Test re-implementation server
queries: reimp.ripe.net at port 4343
updates: <auto-rip@ripe.net>

Summary: RIPE & RIPE NCC
Two separate organisations,
closely interdependent
RIPE
open forum for discussing policies
RIPE NCC
legitimate, not-for-profit association
formal membership
neutral and impartial

Questions?

Terminology
Internet Registry System
15
Terminology
Allocation
address space given to registries which is held by
them to assign to customers
Assignment
address space given to end-users for use in
operational networks
/20 allocation = 4096 addresses
assignment assignment

Classful Notation
network host
8
0 16,777,216
Class A 0.0.0.0 - 127.255.255.255
16
10 65,536
Class B 128.0.0.0 - 191.255.255.255
24
Class C 110 256
192.0.0.0 - 223.255.255.255
Obsolete because of
depletion of B space
too many routes from C space
Solution
Classless Inter Domain Routing
hierarchical address space allocation
Classless Notation
Addresses Prefix Classful Net Mask
... ... ... ...
8 /29 255.255.255.248
16 /28 255.255.255.240
32 /27 255.255.255.224
64 /26 255.255.255.192
128 /25 255.255.255.128
256 /24 1C 255.255.255.0
... ... ... ...
4096 /20 16 Cs 255.255.240.0

8192 /19 32 Cs 255.255.224
16384 /18 64 Cs 255.255.192
32768 /17 128 Cs 255.255.128
65536 /16 1B 255.255.0.0
... ... ... ...
Goals of the
Internet Registry System
Aggregation
Conservation
Registration
uniqueness

Regional Registry Structure
IANA / ICANN
ARIN RIPE NCC APNIC
Local IR Local IR
/ ISP Enterprise
Local IR
ISP ISP /
End user
End user

Service Regions

Initial Administrivia of
Becoming LIR
22
Becoming LIR
Completed application form (ripe-212)

Provided Reg-ID & contact persons
<new-lir@ripe.net>
Read relevant RIPE documents

Signed contract (ripe-191)
agreed to follow policies and procedures
* Paid the sign-up & yearly fee

<billing@ripe.net>

Contact Persons
Stored in RIPE NCC internal file for each registry
confidential
Only registered contact persons can
send requests to hostmasters
change contact information
Use role object
for multiple admin-c and tech-c
Always sign your e-mail messages
PGP optional (soon)
Members mailing lists

<local-ir@ripe.net> (lst-localir)
<ncc-co@ripe.net> (lst-contrib)

Registry Identification (RegID)
Distinguishes between contributing registries

and individuals
Format
<country code> . <registry name>
Include with every message
Suggestion - modify mail header

X-NCC-RegID: nl.bluelight

New Registrys First Request
Completing the request form

Communication with the hostmaster
26
Sample First Request
Example: Blue Light Internet
LIR wants a block of IP addresses
e.g. for own network / infrastructure
do not include needs of customers yet
Steps:
Complete request form ripe-141
Send request to <hostmaster@ripe.net>
RIPE NCC evaluate and approve request
With the first assignment RIPE NCC

allocates /20 to the LIR
Request Form
ripe-141
I. General Information
Overview of Organisation
Contact Information
Current Address Space Usage
II. The Request
Request Overview
Addressing Plan
III. Database Information
IV. Optional Information

Completing the Request Form
(starting from Addressing Plan)
Gathering Information
Design of the network
how many physical segments it will consist of
what is each segment going to be used for
including equipment used
how many hosts are in each segment
expectations of growth

#[ Addressing Plan Template ]#
Relative Subnet Mask Size Imm 1yr 2yr Description
Prefix
0.0.0.0 255.255.255.128 128 100 dynamic dial-up Amsterdam
0.0.0.128 255.255.255.224 32 12 web/mail/ftp servers Amsterdam
0.0.0.160 255.255.255.240 16 100 10 100 customers servers Amsterdam
0.0.0.176 255.255.255.240 16 10 14 16 training room LAN Amsterdam
0.0.0.192 255.255.255.192 64 8 35 13 Amsterdam office LAN (*1)
0.0.1.0 255.255.255.128 128 14 100 14 dynamic dial-up Utrecht
0.0.1.128 255.255.255.224 32 24 12 50 web/mail/ftp servers Utrecht
0.0.1.160 255.255.255.240 16 0 14 100 Inet cafe Utrecht
0.0.1.176 255.255.255.240 16 0 0 25 training room LAN Utrecht
14 14
448 170
0 297 342
10 Totals
(*1) Office LAN = workstations, router, 2 printers and 1 fileserver

#[ Request Overview Template ]#
request-size: 448
addresses-immediate: 170
addresses-year-1: 297 Totals: 448 170 297 342
addresses-year-2: 342
subnets-immediate: 6
subnets-year-1: 8
subnets-year-2: 9
inet-connect: YES, already connected to UpstreamISP
country-net: NL
private-considered: Yes
request-refused: NO
PI-requested: NO
address-space-returned: 195.20.42.0/25, to UpstreamISP, in 3 months

#[ Current Address Space Usage
Template ]#
Prefix Subnet Mask Size Imm 1yr 2yr Description
195.20.42.0 255.255.255.192 64 16 30 50 Dynamic dial-up Adam

195.20.42.64 255.255.255.224 32 10 22 29 Amsterdam office LAN
195.20.42.96 255.255.255.240 16 4 6 8 Utrecht office LAN
195.20.42.112 255.255.255.240 16 6 10 13 Mail servers
128 36 68 100 Totals
Actual addresses

#[Person template]#
person: Jan Jansen
address: Blue Light Internet
address: Oudezijds Achterburgwal 13
address: Amsterdam
address: The Netherlands
e-mail: jan@bluelight.nl
phone: +31-20-555 5555
* nic-hdl: AUTO-1
mnt-by: BLUELIGHT-MNT
* jan@bluelight.nl 19990906
changed:
source: RIPE

#[Network template]#
inetnum: x.x.x.x/23
netname: BLUELIGHT-1
descr: Company infrastructure
descr: in both locations
country: NL
admin-c: AB231-RIPE
* tech-c: AUTO-1
status: ASSIGNED PA
* mnt-by: BLUELIGHT-MNT
changed: jan@bluelight.nl 19990906
source: RIPE

Communication with
35
Ticketing System
Unique ticket number

facilitates retrieval / archiving
NCC#YYYYMMXXXX
e.g. NCC#2001053280
Check status of ticket on the web

http://www.ripe.net/cgi-bin/rttquery
open ncc
open reg
closed
age of your ticket and oldest ticket in queue

Hostmaster-robot
Checks request form
Reg-ID, contact persons
syntax
policy problems
Acknowledgement & diagnostics
LONGACK
Error message
correct & re-send the request
use the same ticket number
NOAUTO
No errors: hostmaster wait-queue
ongoings directly to hostmasters

Frequently Asked Questions
List of answers
http://www.ripe.net/ripencc/faq/index.html
Short tips and tricks

http://www.ripe.net/ripencc/tips/tips.html
Ask hostmaster
<lir-help@ripe.net>
include your Reg-ID
Supporting Notes for the European IP Address Space Request Form (

ripe-142)

Request Approved
With the first ASSIGNMENT approved LIR automatically gets an ALLOCATION
/20 (4096 addresses)
RIPE NCC hostmaster enters allocation and assignment objects into the RIPE
database at this time
- /24 & /25 & /26 (448) instead of /23 (512)
Whole allocated range can be announced immediately
Every request has to be sent for approval to RIPE NCC

addresses for LIRs own infrastructure
all customers request

Questions?

Customers Request
Evaluation
Basic Database Issues
41
Assignment Process
Gathering
information
Completing
ripe-141 Customer
Documentation no
completed?
yes
RIPE NCC evaluation
no Documentation
completed?
approval
update local update RIPE notify

Assignment records database customer

Gathering Information
One request form per customer
Ask the same questions RIPE NCC asks LIR

enough information to complete ripe-141
Add comments
Example: Goody 2 Shoes

Before Submitting the Request
Web form
filling in the requests
syntax check
http://www.ripe.net/cgi-bin/web141/web141.pl.cgi
ftp://ftp.ripe.net/tools/web141.pl.cgi
Complete documentation reduces need for iteration
All the data communicated with RIPE NCC is kept strictly

confidential
Documentation for RIPE NCC has to be in English

Evaluation -- General Information
#[Overview of organisation template]#
information relevant to the address space request
Name and location of the company?
What are the company activities?
What is the structure?
Does it have subsidiaries and where?
For what part of the company are the addresses requested?
#[Requester Template]#
LIR contact for RIPE NCC
#[User Template]#
customers contact for LIR
Evaluation -- Addressing Plan
Do totals in Addressing Plan match numbers in Request
Overview?
Are all subnets classless?

are the subnet masks real?
Utilisation and efficiency guidelines:

25% immediately, 50% in one year
Can address space be conserved by using

different subnet sizes?
avoiding padding between subnets?

Evaluation -- Network Template
inetnum value (look-up key, unique)
specifies the size of assignment
actual range is not necessary
Relevant netname (look-up key, not unique)
descriptive; uppercase letters, numbers & -
RIPE NCCs only reference to LIRs assignment
Contact persons
can be multiple
reference nic-hdls (may be a role object)
admin-c
responsible for the network, able to make decisions
tech-c
technical setup of the network

Internal Administration
Wait for the approval from <hostmaster@ripe.net> prior to
assignment and registration
Decide on the range of addresses within your address
space
classless assignment on bit boundary
Assignment for customers network
Assignment for LIRs network

Update local records for later refference
archive original documents with assignment

Assignments to (Small) ISPs
LIR cannot allocate address space to an ISP
If the customer of LIR is an ISP, distinguish
ISPs infrastructure
ISPs customers
Separate assignments need to be
requested
evaluated / approved
registered in the RIPE Database
Avoid overlapping assignments
i.e. big assignment/object for ISP & all its customers, plus
for separate customers

Creating Database Objects
50
Creating person Object
Check if person object exists in RIPE DB

whois {persons name; email address}
only one object per person
Obtain and complete a template
whois -t person
-v (verbose)
Send to <auto-dbm@ripe.net>
Each person object has unique nic-hdl

whois -t person
person: [mandatory] [single] [primary/look-up key]
address: [mandatory] [multiple] [ ]

e-mail: [optional] [multiple] [look-up key]
phone: [mandatory] [multiple] [ ]
notify: [optional] [multiple] [inverse key]
mnt-by: [optional] [multiple] [inverse-key]
nic-hdl: [mandatory] [single] [primary/look-up key]
changed: [mandatory] [multiple] [ ]

source: [mandatory] [single] [ ]

nic-hdl
Mandatory attribute
Only way to clear ambiguity in person objects
Format: <initials><number>-<regional registry>
e.g. AB123-APNIC, CD567-RIPE
Combination of person name and nic-hdl is the primary key for person
object
Use AUTO-# placeholders
person: Piet Bakker person: Jan van der Bruk

... ...
AUTO-2JVDB
JVDB1-RIPE
nic-hdl: PB1234-RIPE
AUTO-1 nic-hdl: AUTO-#initials
<auto-dbm> Responses
Successful update
acknowledgement
Warnings
object accepted but might be ambiguous
object corrected and accepted
Errors
object NOT corrected and NOT accepted
diagnostics in acknowledgement
If not clear send questions to <ripe-dbm@ripe.net>
include error report

Creating Network Object
inetnum
insert the address range in the network template
from the request form approved by the hostmasters
keep the same netname attribute
in the change attribute use current date
or leave out the date completely
Send to <auto-dbm@ripe.net>
with the keyword NEW in the subject line

Check Your Database Data
Before you notify the customer
whois [customers IP range]
whois [customers netname]
not unique search key
whois -m [your allocated IP range]

will show list of all LIRs first level customer(s) network(s)
first level more specific address ranges
whois -L [customers IP range]

will show LIRs own allocation object

Example DB Query
whois -M 195.35.64.0/19
whois -m 195.35.64.0/19
195.35.64.0 -
195.35.95.255
195.35.64.0- 195.35.92/29 195.35.92.8/29

195.35.80/25 195.35.88/26
...
195.35.65.191
ENGOS ENGO-7 ENGO-8
BLUELIGHT GOODY2SHOES
whois -L 195.35.92.10

Notify the Customer
Make sure customer has same data as you

cut and paste output of the whois query
Address space is considered in use only if

registered in the RIPE Database
Register all end-users separately

avoid overlapping inetnum objects

Questions?

Evaluation of
Specific Assignment Cases
Large Request
PI request
Renumbering
60
Large Request
61
Submitting a Large Request
Complete ripe-141 request form
only include addresses you have concrete need for
(no reservations)
Possible additional information
pointer to web site
deployment plan
new technologies
purchase receipts
topology map (design of the network)
can be faxed
handled and kept confidentially
include ticket number and Reg-ID

Current Address Space Usage
Evaluation
Are there any previous assignments?
ask customer
Querying the RIPE Database
whois.ripe.net
exact match
http://www.ripe.net/ripencc/pub-services/db/
1 full text search using glimpse
2 whois web interface
Can request be fulfilled with previous assignment?

Private Address Space
RFC-1918 (Address Allocation for Private Internets)
Suitable for
partial connectivity
limited access to outside services
can use application layer gateways (fire walls, NAT)
Motivation
saves public address space
allows for more flexibility
security
Sample Deployment Plan
Needed when big expansion planned
Matching addressing plan
Relative Subnet Mask Size Imm. 1yr 2yr Description
Prefix
0.0.0.0 255.255.248.0 2048 0 1024 2048 London POP
0.0.4.0 255.255.248.0 2048 0 1024 2048 Berlin POP
0.0.8.0 255.255.248.0 2048 0 1024 2048 Moscow POP
0.0.12.0 255.255.248.0 2048 0 1024 2048 Paris POP
Planned Date Type of Number Location
operational Equipment Equipment of hosts
Date ordered
01/2002 02/2001 modems 2048 London

03/2002 05/2001 modems 2048 Berlin
03/2002 05/2001 modems 2048 Paris
07/2002 -------- modems 2048 Moscow

(New) Technologies
If special hardware/software is used
include the URLs of manufacturers sites if available
Special allocation and verification procedures apply

static dial up assignments
IP based virtual web hosting
} STRONGLY DISCOURAGED
cable modems, ADSL

GPRS?
recommended
investigate and implement dynamic assignment technologies
whenever possible

PI Request
67
PA vs. PI Assignments
Provider Aggregatable
customer uses addresses out of LIRs allocation
good for routing tables
customer must renumber if changing ISP
Provider Independent
customer receives range of addresses from RIPE NCC
customer takes addresses when changing ISP
possible routing problems
Make contractual agreements
example: ripe-127
the only way to distinguish PA and PI space

Requesting PI Space
LIR sends request on behalf of PI customer
Complete ripe-141 as usual
Differences:
#[Request Overview Template]#
PI-requested: YES
#[Network Template]#
status: ASSIGNED PI
Explain why the customer wants PI

aware of the consequences?

Evaluation of PI Request
Conservative estimates
will NOT get more addresses (then needed) to prevent
routing problems
Classless
Assignment is only valid as long as original criteria
remain valid (ripe-185)
After approval
RIPE NCC assigns a block from own range
RIPE NCC puts assignment in database
with RIPE-NCC-HM-PI-MNT
Example PI DB Entry
inetnum: 194.1.208.0 - 194.1.209.255
netname: GOODY2SHOES-2
descr: Own Private Network 4 Goody2Shoes
descr: Amsterdam, Netherlands
country: NL
admin-c: PIBA2-RIPE
tech-c: JAJA1-RIPE
status: ASSIGNED PI
mnt-by: RIPE-NCC-HM-PI-MNT
changed: hostmaster@ripe.net 19991111
source: RIPE

Renumbering
is easy!
72
When to Send Renumbering
Request?
When to Send Renumbering Request?
Customer(s) changing providers
already using address space
returning PA addresses to OldISP
renumbering to the PA range of NewISP
Changing from PI (or UNSPECIFIED) to PA
Only if amount is above LIRs AW
Procedure made easier as to encourage
if many customers 1-1 renumbering, all in one request form
Time frame guidelines - 3 months
More info: http://www.isi.edu/div7/pier/

Questions?

Assignment Window
Policies and Procedures
75
Assignment Window Policy
Assignment Window
maximum amount of address space LIR can assign
without prior approval of the NCC
initially AW equals zero
gradually raised
Why necessary?
support to LIRs during start up
familiarisation with RIPE NCC procedures
align criteria for request evaluation
maintain contact between LIRs and RIPE NCC

Initially: AW=0
Send
EVERY customers request
and
EVERY request for assignment to your own
infrastructure / network
to the RIPE NCC for evaluation
Separate request forms needed

Do not send too many at the same time

When is AW Size Raised
Understood procedures
Complete NCC documentation
Experience
with RIPE Database
different policies
evaluating and processing requests
Not always automatically raised

approach us
When is AW Size Lowered
New staff need training
After negative auditing report
To enforce payment
To find out the AW size

asm-window line
write to <lir-help@ripe.net>

Assignment Window Size
Assignment Local IR Assignment limit
Window (host addresses)
AW =0 All new Registries
AW =/28 requests 16 addr
... ... Increasing
AW =/22 requests 1024 addr Responsibility
... of Local IR
AW size corresponds to average size of requests
AW is per 12 months per customer

Assignment Process
Between Local IRs and their customers
no
Gathering Documentation ask for more
completed? Documentation
information
yes
LIR Evaluate
Evaluation request
no no
request > AW? need 2nd opinion?
yes yes
Approach RIPE NCC Finish the assignment

Assignment Process
( Approach RIPE NCC ) ( Finish the assignment )
Complete the Pick

request form addresses
Add Registry ID Update local

records
Add comments &

Update RIPE
recommendations
database
Send to RIPE NCC

<hostmaster@ripe.net> Wait for
acknowledgement
RIPE NCC
evaluates & Notify
approves
custome
( Finish the assignment ) r

Questions?

New allocation
84
Allocation Procedures
Slow Start
first allocation /20
LIR announces the whole prefix
size of future allocations depends on current usage rate
presumably enough for next two years
not always contiguous
Motivation for slow start

fair distribution of address space
keeps pace with customer base growth
slows down exhaustion of IPv4 address space

Motivation for
No Reservations Policy
Def.: Address space set aside for future use
Reservations may never be claimed
customers may need more (or less) address space
than is reserved
Administrative convenience not catered for
Fragments address space =>

requesting new allocation appropriate when
previous allocated space used ~ 80% !

Requesting New Allocation
Send e-mail to <hostmaster@ripe.net>
NOT ripe-141 form
NEWBLOCK in the subject line for higher priority
summary of addresses assigned / free
list assignments of the last allocation
Suggested format:
Allocation: 195.35.64.0/19
assigned: 7372
free: 820
Range Netname
195.35.64.0 - 195.35.65.191 BLUELIGHT-1
195.35.80.0 - 195.35.80.127 GOODY2SHOES-1
195.35.80.128 - 195.35.80.159 CYB-FAL
195.35.88.0 - 195.35.88.31 ENGOS-1
...

Evaluation of
New Allocation Request
Are LIRs records consistent with
RIPE NCCs local records
RIPE database
RIPE NCC wants to see 3 random requests
Are all assignments valid?
within AW
correct netname attribute & the date
Quality of RIPE DB records
up-to-date person & role objects
no overlapping inetnum objects
Tool available: asused-public
Prior to Making New Allocation
If inconsistencies are found
LIR will be asked to correct data first
AW is reviewed
When data is corrected

or deadline for correction is set
RIPE NCC
allocates new block to LIR
updates the DB
LIR announces new prefix

Allocation inetnum Object
inetnum: 195.35.64.0 - 195.35.127.255
netname: NL-BLUELIGHT-19990909
descr: Provider Local Registry
country: NL
admin-c: JJ231-RIPE
tech-c: JAJA1-RIPE
status: ALLOCATED PA
mnt-by: RIPE-NCC-HM-MNT
mnt-lower: BLUELIGHT-MNT
source: RIPE

Questions?

IPv6
92
Why IPv6?
Next generation protocol
scalability -- 128 bits addresses
security
dynamic hosts numbering
QoS
Interoperable with IPv4

simple and smooth transition
hardware vendors
applications

IPv6 Introduction
Current format boundaries
|-3|--13-|--13-|-6-|--13-|--16--|------64 bits-----|
+--+-----+-----+---+-----+------+------------------+
|FP|-TLA-|-sub-|Res|-NLA-|--SLA-|---Interface ID---|
|--|-ID--|-TLA-|---|--ID-|--ID--|------------------|
|----public topology ----|-site-|-----Interface----|
+--+-----+-----+---+-----+------+------------------+
/23 /29 /35 /48 /64
Classfull; another level of hierarchy

(sub)TLA
NLA
SLA
Hexadecimal representation of addresses

IPv6 Allocation Policies
"Provisional IPv6 Assignment and Allocation Policy Document (ripe-196)
discussion on ipv6-wg@ripe.net and lir-wg@ripe.net
Bootstrap Phase Criteria
Peering with 3 Ases
AND
Plan to provide IPv6 services within 12 months
40 IPv4 customers
AND either OR
6bone experience

IPv6 Allocations
Request form (ripe-195)

Slow start
first allocation to a TLA Registry will be a /35 block
representing 13 bits of NLA space
additional 6 bits reserved by RIR for the allocated sub-TLA for
subsequent allocations
Reverse Delegation of an IPv6 Sub-TLA
http://www.ripe.net/reverse/
IANA allocations
APNIC 2001:0200::/23 (23 subTLAs)
ARIN 2001:0400::/23 (12 subTLAs)
RIPE NCC 2001:0600::/23 (25 subTLAs)

Database Object
inet6num: 2001:0600::/23
netname: EU-ZZ-2001-0600
descr: RIPE NCC
descr: European Regional Registry
country: EU
admin-c: MK16-RIPE
admin-c: DK58
tech-c: OPS4-RIPE
status: SUBTLA
mnt-lower: RIPE-NCC-HM-MNT
source: RIPE

Questions?

The End
unless...
Reverse Delegation
AS Numbers
Advanced database issues
Advanced reverse delegation

Routing Registry
Administrivia
audit activity, billing, closing LIR

Reverse Delegation Procedures
100
What is Forward and Reverse
DNS Delegation ?
Forward Delegation
enables naming of IP hosts on the Internet
hierarchical authority for domain registration
organisational structure
Reverse Delegation
enables association of IP addresses with domain names
hierarchical authority for reverse zone
depends on who distributed the address space
reverse delegation takes place on octet boundaries

IN-ADDR.ARPA Domain
. (ROOT)
edu nl
arpa net
com bluelight
in-addr amsterdam
www 195.35.65.130
217 212 213 193 195 194 62
35 Forward mapping
(A 195.35.65.130)
65
Reverse mapping 130 = 130.65.35.195.in-addr.arpa

(PTR www.amsterdam.bluelight.nl)

Why Do You Need
Reverse DNS Delegation ?
All host-IP mappings in the DNS (A record)

should have a corresponding IP-host mapping
(PTR record)
Failure to have this will likely

block users from various services (ftp, mail)
make troubleshooting more difficult
produce more useless network traffic in general

Overview of the
Request Procedure
LIRs have to request reverse delegation
/24 zones are delegated
to LIR / end-user
as the address space gets assigned
Steps
valid assignment of address space
/24 reverse zone setup
on LIR or end-users nameserver(s), or both
send domain object to <auto-inaddr@ripe.net>
include Reg-ID

Valid Assignment
According to ripe-185 policies
Within Assignment Window
- or approved from RIPE NCC Hostmaster
inetnum object registered in RIPE Database
netname attribute is NCC's only reference if
assignment approved
do NOT change netname without notifying
this is mentioned when we approve your IP requests
registered after the approval date

/24 Reverse Zone Setup
Recommendations
At least two nameservers required
one nameserver setup as primary
at least one other as secondary
SOA values reasonably RFC1912 compliant

Nameservers not on same physical subnet
preferably with another provider
Serial numbers YYYYMMDDnn format

Example domain Object
whois -t domain
domain: 80.35.195.in-addr.arpa
descr: Reverse delegation for Bluelight Customers
admin-c: JJ231-RIPE
tech-c: JAJA1-RIPE
zone-c: WF2121-RIPE
nserver: ns.bluelight.nl
nserver: ns2.bluelight.nl
* changed: jan@bluelight.nl 19991110
source: RIPE

Request the Delegation
Send domain template to <auto-inaddr@ripe.net>

an automatic mailbox
Tool will
check assignment validity
check if zone is correctly setup
(try to) enter object to RIPE DB

Problems with inaddr Robot?
Error report will be sent to requester

correct errors and re-send
For questions see FAQ
If error reports continue

contact <inaddr@ripe.net>
please include the full error report

< /24 Delegations
Reverse delegation is also possible for a /24 shared by more customers
=> NOT reason for classfull assignments
RIPE NCC reverse delegate authority for the entire /24 to LIR
procedure and requirements the same as for /24
If customer wants to run own primary nameserver

LIR delegates parts as address space gets assigned
use CNAME to create an extra point of delegation
(RFC-2317)

CNAME Example
Zonefile at Provider Primary Nameserver
$ORIGIN 80.35.195.in-addr.arpa.
0-31 IN NS ns.goody2shoes.nl.
0-31 IN NS ns2.bluelight.nl.
32-71 IN NS ns.cyberfalafel.nl.
32-71 IN NS ns2.bluelight.nl.
0 IN CNAME 0.0-31
1 IN CNAME 1.0-31
... ...
31 IN CNAME 31.0-31
32 IN CNAME 32.32-71
33 IN CNAME 33.32-71
... ...
71 IN CNAME 71.32-71
73 IN PTR www.qwerty.nl.
CNAME Example
Zonefiles at Customers Nameservers
$ORIGIN 0-31.80.35.195.in-addr.arpa.
@ IN NS ns.goody2shoes.nl.
@ IN NS ns2.bluelight.nl.
1 IN PTR www.goody2shoes.nl.
2 IN PTR mail.goody2shoes.nl.
... ...
31 IN PTR kantoor.goody2shoes.nl.
$ORIGIN 32-71.80.35.195.in-addr.arpa.
@ IN NS ns.cyberfalafel.nl.
@ IN NS ns2.bluelight.nl.
33 IN PTR www.cyberfalafel.nl.
... ...
70 IN PTR cafe3.cyberfalafel.nl.

Questions?

Autonomous System Numbers
114
Policy Based Routing
end-user end-user
Internet AS2
AS2
ISP
AS3
Regional Transit Provider
Backbone
Provider
BlueLight Goody2Shoes
NEW
Internet
Autonomous System
Definition:
a group of IP networks run by one or more network
operators which has a unique and clearly defined routing
policy
RIR is allocated a range of AS numbers by IANA

16 bit number
RIR assigns unique AS number
for LIR or for the customer
* AS number, routing policy and originating routes are
registered in the Routing Registry

How To Get an AS Number ?
Complete request form: ripe-147
aut-num object template
contact person(s)
mntner object template
address space to be announced with this AS#
Send to <hostmaster@ripe.net>
web syntax check: http://www.ripe.net/cgi-bin/web147cgi
Being multihomed and routing policy are mandatory

RIPE-181 Language
RIPE-181 used to describe routing policies
Developed in PRIDE project
accepted in IRR and translated into RFC-1786
Example syntax:
aut-num: NEW
as-out: to AS3 announce NEW
as-in: from AS2 200 accept AS2
Cost defines the preference
the lower the cost, the more preferred route
cost relative per aut-num object

AS Example #1 Internet
aut-num: AS3
as-out: to NEW announce ANY AS3
as-in: from NEW 10 accept NEW AS2
NEW
aut-num: NEW aut-num: AS2

as-out: to AS2 announce NEW as-in: from NEW 20 accept NEW
as-in: from AS2 10 accept AS2 as-out: to NEW announce AS2
as-in: from AS3 100 accept ANY

AS Example #2
Internet
aut-num: AS3
as-out: to NEW announce ANY AS3
as-in: from NEW 10 accept NEW AS2
NEW
aut-num: NEW aut-num: AS2

as-out: to AS2 announce NEW as-in: from NEW 20 accept NEW
as-in: from AS2 10 accept AS2 as-out: to NEW announce AS2
ANY
Registration in RIPE Database
Evaluation
RIPE NCC hostmaster

- creates aut-num object (and maintainer)
- informs requester
User is responsible for keeping up to date

routing policy
referenced contact info (person/role, mntner)
RIPE NCC hostmaster regularly checks consistency of data

in Routing Registry
http://abcoude.ripe.net/ris/asinuse.cgi

Object
aut-num Template
aut-num: NEWAS42
descr: Bluelight AS#
as-in: from AS2 10 accept AS2
as-out: to AS2 announce NEWAS42
default: AS2 5 AS42
admin-c: JJ231-RIPE
tech-c: JAJA1-RIPE
mnt-by: NEW-MNT
* BLUELIGHT-MNT
source: RIPE

Questions?

Advanced Database Issues
DB administration
using role object
updating
deleting
Protection
Test Database
124
role Object
% whois -h whois.ripe.net -t role
role: [mandatory] [single] [primary/look-up key]
address: [mandatory] [multiple] []
phone: [optional] [multiple] []
fax-no: [optional] [multiple] []
e-mail: [mandatory] [multiple] [look-up key]
trouble: [optional] [multiple] []
admin-c: [mandatory] [multiple] [inverse key]
tech-c: [mandatory] [multiple] [inverse key]
nic-hdl: [mandatory] [single] [primary/look-up key]
remarks: [optional] [multiple] []
mnt-by: [optional] [multiple] [inverse key]
changed: [mandatory] [multiple] []
source: [mandatory] [single] []

Role Object for Contact Persons
role: BlueLight Contact Role
description: Hostmaster for Blue Light BV
admin-c: JAJA1-RIPE
tech-c: AB321-RIPE
tech-c: WF2121-RIPE
email: hostmaster@bluelight.nl
trouble: 24/7 phone number: +31-60-123-4567
nic-hdl: BL112-RIPE
notify: jan@bluelight.nl
notify: auto-hm@bluelight.nl
mntner: BLUELIGHT-MNT
changed: hostmaster@bluelight.nl 20000202
source: RIPE

Inverse Lookups in RIPE DB
whois -i {attribute} {value}
whois -i admin-c,tech-c,zone-c JAJA1-RIPE

whois -i admin-c,tech-c,zone-c -T domain JAJA1-RIPE
whois -i zone-c JAJA1-RIPE
whois -i mnt-by BLUELIGHT-MNT
whois -i notify jan@bluelight.nl

Recursive Lookups
whois 193.35.64.82 => inetnum,route,person(s)
whois -r 193.35.64.82 => inetnum, route
whois -T inetnum 193.35.64.82 => inetnum,persons
whois -r -T inetnum 193.35.64.82 => inetnum
whois -T route 193.35.64.82 => route
whois 62.80.0.0 => inetnum, role, person

whois CREW-RIPE => role, persons
whois -r CREW-RIPE => role

DB Update Procedure
Changing an object
make needed changes
keep the same primary key
add the changed line to the new version of object
value: email address and date
keep the old changed lines in
* do not forget authentication (password, PGP key)
Deleting an object
add delete line to the exact copy of current object
value: email address, reason and date
submit to the database

Case Study --
Contact Person Left
1. whois -i tech-c JAJA1-RIPE
2. Create new person object (for Carl Dickens, new guy)
3. Change the tech-c reference in all inetnum objects
4. Delete old person object
Inetnum: person: person:

195.35.64.80
CD2-RIPE
JAJA1-RIPE JAJA1-RIPE CD2-RIPE
...
Inetnum:
CD2-RIPE
JAJA1-RIPE

Replacing tech-c Using role Object
1. Create person object for each tech-c
2. Create role object for all tech-c:s
3. Change the tech-c reference in all inetnum
objects to reference role object
4. Keep role object up-to-date with staff changes
person: role: person:

195.35.64.80
BL112-RIPE JJ231-RIPE JJ231-RIPE CD2-RIPE

JJ231-RIPE CD2-RIPE
... BL112-RIPE
195.35.64.130
JJ231-RIPE
BL112-RIPE

Deleting an Object (example)
person: Piet Bakker
address: Goody 2 Shoes
address: Warmoesstraat 1 Exact copy
address: Amsterdam of the DB object
phone: +31-20-666 6666
e-mail: piet@goody2shoes.nl
nic-hdl: PIBA2-RIPE
changed: jan@bluelight.nl 19991010
source: RIPE
delete: hostmaster@bluelight.nl duplicate object 20000202

Protecting DB Objects
133
Notification / Authorisation
notify attribute (optional)
sends notification of change to the email address specified
mnt-by attribute & mntner object

objects that contain mnt-by must pass the authentication
rules in the mntner object
Hierarchical authorisation for inetnum & domain

objects
mnt-lower attribute

How To Protect DB Data
Read documents (ripe-157, ripe-189)
choose authentication method
Create mntner object
Existing objects must be updated

include mnt-by attribute referencing mntner object
When creating new objects
include mnt-by attribute referencing mntner object

Authorisation Mechanism
inetnum: 195.35.64.0 - 195.35.65.191
netname: BLUELIGHT-1
descr: Blue Light Internet
..
descr: Maintainer for all Bluelight objects
admin-c: JJ231-RIPE
tech-c: BL112-RIPE
auth: CRYPT-PW q5nd!~sfhk0#
upd-to: jan@bluelight.nl
mnt-nfy: auto-mnt@bluelight.nl
changed: hostmaster@bluelight.nl 19991112
source: RIPE

Maintainer Object Attributes
auth attribute (mandatory, multiple)
upd-to attribute (mandatory)
notification for failed updates
mnt-by attribute (mandatory)
can reference the object itself
mnt-nfy attribute (optional, encouraged)
works like notify but for all objects that refer to this
maintainer object
Manual registration of object necessary

Send object to <ripe-dbm@ripe.net>
Authentication Methods
1. auth: NONE
could be used with mnt-nfy attribute
2. auth: MAIL-FROM {e-mail, reg-exp}
e.g. MAIL-FROM .*@bluelight\.nl
protection from typos
3. auth: CRYPT-PW {encrypted password}
include password attribute in your updates
4. auth: PGP-KEY-<argument>
key-cert object
see: ripe-190 & ripe-189
RIPE NCC can provide you with a licence for free

Hierarchical Authorisation
inetnum: 195.35.64.0 - 195.35.95.255
netname: NL-BLUELIGHT-19990909
...
status: ALLOCATED PA
mnt-lower: BLUELIGHT-MNT
source: TEST
Ask <lir-help@ripe.net> for mnt-lower attribute

mnt-lower protects
only against creation
only one level below
Include also in assignment inetnum objects

Test Database
Non-production whois Database
Similar interface as real RIPE whois Database
whois & email
whois -h test-whois.ripe.net ; <test-dbm@ripe.net>
syntax checking
error reports
Enable to submit your own maintainer
Ideal for testing
various authorisation schemes
self-made scripts that update RIPE DB
Source: TEST
Questions?

Advanced Reverse Delegation
142
Reverse Delegation of Multiple /24
for range of consecutive zones
possible also for sub-range
represented in single inetnum object
Shorthand notation for domain attribute
inetnum: w.z.x.0 - w.z.y.255 212.73.10.0-212.73.15.255
domain: x-y.z.w.in-addr.arpa 10-15.73.212.in-addr.arpa
Submit as one domain object

Processed separately
Separate response

Reverse Delegation
of /16 Allocation
If a LIR has a /16 allocation, the RIPE NCC can delegate the
entire reverse zone to the LIR
Requirements and procedures the same as /24, except

/16 domain object
three nameservers needed
ns.ripe.net a mandatory secondary
After delegation LIR
should continue to check sub-zone setup before further delegation
recommended use of the inaddr robot TEST keyword or web check

Changing Delegation
Change the nserver lines in domain object
submit domain object to <auto-inaddr@ripe.net>
To change contact details in domain object

submit updated object to <auto-dbm@ripe.net>
Deleting a delegation is automatic

include delete attribute to the exact copy of the object
send to <auto-inaddr@ripe.net>

Common Errors
DB / request inconsistency
(netname attribute, update date)
IP addresses instead of names of nameservers
in domain object
Trying to get reverse delegation for /19
allocation
has to be on octet boundaries
send request for each /24 as it becomes used
DNS setup (RFC-1912)

Useful DNS Tools
nslookup (part of BIND)
host
dig
More detailed info

http://www.dns.net/dnsrd/tools.html

Questions?

Routing Registry
149
Internet Routing Registry (IRR)
Goals of the IRR
consistency and stability of routing
enable development of tools to use information
Local IR responsibilities
maintain policy information in RR
Regional IR responsibilities
assigning Autonomous System Numbers
consistency checking of data
maintenance of RR support tools

Internet Routing Registry
Globally distributed DB with routing policy information
provides a map of global routing policy
shows routing policy between any two ASes
allows simulation of routing policy effects
enables router configuration
provides contact information
RIPE Routing Registry

subset of information in RIPE database
syntax description in ripe-181

Global Internet Routing Registry
IRR
APNIC
RIPE RR
... RADB
C&W
ARIN
http://www.radb.net/docs/list.html

Routing Registry Objects
aut-num
route
as-macro
community
dom-prefix
inet-rtr

The Route Object
route: 195.35.64/19
descr: BLUELIGHT-NET
origin: AS42
changed: hostmaster@bluelight.com 19991010
source: RIPE
Represents a route in the Internet

Should be registered by LIR in the RR
This route originates in AS42
Only one origin recommended

cross-mnt Attribute in
aut-num Object
route: 195.35.64/19
origin: AS42
[]
route: 195.35.74/25 (new)

origin: AS9999
[]
aut-num: AS42
cross-mnt: BLUELIGHT-MNT
[]
mnt-nfy: auto-mnt@bluelight.net
[]
<auto-mnt@bluelight.net> gets a notification

as-macro
as-macro: AS-ARCON
descr: ARCON TML customers AS list
as-list: AS8955 AS6809 AS12500 AS-MACRO-B
tech-c: BZ318-RIPE
admin-c: VV82
mnt-by: ARCON-MNT
changed: roman@itar-tass.com 19990914
source: RIPE

as-macro Usage
aut-num: AS8955
descr: ARCON Autonomous System
...
as-out: to AS8563 announce AS-ARCON
as-out: to AS2854 announce AS-ARCON
...
aut-num: AS8563
descr: DirectNet Autonomous System
descr: JSC DirectNet Telecommunications
as-in: from AS8955 100 accept AS-ARCON
...

whois Flags in RR
whois -T route 195.35.64/19
whois -i origin AS42

whois -i mnt-by BLUELIGHT-MNT
whois -i cross-mnt BLUELIGHT-MNT
whois -v as-macro
whois -a <IP address or range>

whois -h whois.arin.net <IP address or range>
RR Tools
RAToolSet
sources: http://www.isi.edu/ra/*
AS Object Editor (aoe)
Aggregation optimisation (CIDR Advisor)
Configuration (rtconfig)
Visualisation Tool (ASExplorer)
IRRj http://www.merit.net/ ipma/javairr/irr.html

java interface to IRR
prtraceroute
Looking glasses
http://www.ripe.net/ cgi-bin/looking-glass
http://www.traceroute.org/

Special Projects
(Part of RIPE NCC Public Services)
Routing Information Service
collect routing information
between Autonomous Systems (AS)
development over time
information available to the RIPE community
improve network operations
prototype:
http://abcoude.ripe.net/ris/risalpha.cgi
Routing Registry Consistency Project
improve data quality in the Internet routing registry
improve data accessibility and processing capabilities
Next Generation - RPSL
New language (RFC-2622) Routing
Policy Specification Language
allows for more refined policy details
will eventually replace ripe-181
transition to RPSL will be smooth
RPSL mirror of RIPE DB
rpsl.ripe.net
Test re-implementation server
queries: reimp.ripe.net at port 4343
updates: <auto-rip@ripe.net>

autnum in RPSL
aut-num: [mandatory] [single] [primary/look-up key]
as-name: [mandatory] [single]
descr: [mandatory] [multiple]
as-in: [optional] [multiple] [ ]
as-out: [optional] [multiple] [ ]
interas-in: [optional] [multiple] [ ]
interas-out: [optional] [multiple] [ ]
as-exclude: [optional] [multiple] [ ]
member-of: [optional] [multiple] [inverse key] *** New in RPSL ***
import: [optional] [multiple] *** as-in in RIPE 181 ***
export: [optional] [multiple] *** as-out in RIPE 181 ***
default: [optional] [multiple]
remarks: [optional] [multiple]
admin-c: [mandatory] [multiple] [inverse key]
tech-c: [mandatory] [multiple] [inverse key]
cross-mnt: [optional] [multiple] [inverse key]
cross-nfy: [optional] [multiple] [inverse key]
mnt-lower: [optional] [multiple] [inverse key] *** RPS auth ***
mnt-routes: [optional] [multiple] [inverse key] *** RPS auth ***
mnt-by: [mandatory] [multiple] [inverse key]
changed: [mandatory] [multiple]
source: [mandatory] [single]
automatically translated , new, preserved, deprecated

Questions?

Administrivia
Audit
Billing
Closing
164
Audit Motivation
Audit Activity is a service
requested by the community
ensure equal treatment
LIR can ask for an audit
Help LIRs to
keep RIPE Database tidy
keep up-to-date with new policies

Audit Activity
Described in ripe-170
Initiated for
infrequent contact with the RIPE NCC
random selection
referral by Hostmaster
(anonymous) LIR complaint
Audit procedure
LIR answers list of questions
RIPE NCC check database

Audit Steps
When LIR responds
discuss the issue(s) & try to resolve them
review AW size
If LIR does not co-operate

send reminders & phone
still no reaction
further actions taken

Billing Procedure
LIRs pay yearly fee (S, M, L)
ripe-213
If payment is late - email reminders
1st phase - 4 weeks after the invoice
no action taken
2nd phase - 2 weeks afterwards
lower AW to 0
mnt-lower on allocation
3rd phase - 2 weeks afterwards
service level NONE
if still no payment
Discuss payment / invoices
<billing@ripe.net>

Closing / Takeover
of the LIR
1) LIR closes completely
2) LIR takes over another LIR and one closes
3) LIR takes over another LIR and both remain open
4) Non-registry takes over a LIR
...
Contact <lir-help@ripe.net> for details

address space issues
billing issues
new service agreement
No need to change current Reg-ID
neither after company changes the name
additional start-up fee is being charged
Questions?

Questionnaire
Please complete the questionnaire
precious feedback
constant improvement
Thank you
www.ripe.net/ripencc/mem-services/training/lir-questionnaire.html

RIPE NCC
Recycling Procedures
Please return the reusable badges.
Thank you
ncc@ripe.net

Ip Tutorial Ripe38

Hochgeladen von

Dokumentinformationen

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Ip Tutorial Ripe38

Hochgeladen von

Copyright:

Verfügbare Formate

Welcome to the

RIPE Network Co-ordination Centre

Local Internet Registries . Training Course . http://www.ripe.net 2

Network Co-ordination Centre

Local Internet Registries . Training Course . http://www.ripe.net 4

A new structure (ripe-161)

Local Internet Registries . Training Course . http://www.ripe.net 5

RIPE proposes activity plan

RIPE NCC proposes budget to accompany

General Assembly votes on both

Local Internet Registries . Training Course . http://www.ripe.net 6

Local Internet Registries . Training Course . http://www.ripe.net 7

Reverse domain name delegation

Local Internet Registries . Training Course . http://www.ripe.net 8

Local Internet Registries . Training Course . http://www.ripe.net 9

Information about objects

Local Internet Registries . Training Course . http://www.ripe.net 11

Local Internet Registries . Training Course . http://www.ripe.net 12

Local Internet Registries . Training Course . http://www.ripe.net 13

Local Internet Registries . Training Course . http://www.ripe.net 14

Local Internet Registries . Training Course . http://www.ripe.net 16

4096 /20 16 Cs 255.255.240.0

Local Internet Registries . Training Course . http://www.ripe.net 19

ARIN RIPE NCC APNIC

Local Internet Registries . Training Course . http://www.ripe.net 20

Local Internet Registries . Training Course . http://www.ripe.net 21

Completed application form (ripe-212)

Read relevant RIPE documents

* Paid the sign-up & yearly fee

Local Internet Registries . Training Course . http://www.ripe.net 23

Members mailing lists

Local Internet Registries . Training Course . http://www.ripe.net 24

Distinguishes between contributing registries

Include with every message

Suggestion - modify mail header

Local Internet Registries . Training Course . http://www.ripe.net 25

Completing the request form

With the first assignment RIPE NCC

Local Internet Registries . Training Course . http://www.ripe.net 28

Local Internet Registries . Training Course . http://www.ripe.net 29

(*1) Office LAN = workstations, router, 2 printers and 1 fileserver

Local Internet Registries . Training Course . http://www.ripe.net 30

Local Internet Registries . Training Course . http://www.ripe.net 31

Prefix Subnet Mask Size Imm 1yr 2yr Description

195.20.42.0 255.255.255.192 64 16 30 50 Dynamic dial-up Adam

128 36 68 100 Totals

Local Internet Registries . Training Course . http://www.ripe.net 32

Local Internet Registries . Training Course . http://www.ripe.net 33

Local Internet Registries . Training Course . http://www.ripe.net 34

Unique ticket number

Check status of ticket on the web

Local Internet Registries . Training Course . http://www.ripe.net 36

Local Internet Registries . Training Course . http://www.ripe.net 37

Short tips and tricks

Supporting Notes for the European IP Address Space Request Form (

Local Internet Registries . Training Course . http://www.ripe.net 38

Whole allocated range can be announced immediately

Every request has to be sent for approval to RIPE NCC

Local Internet Registries . Training Course . http://www.ripe.net 39

Local Internet Registries . Training Course . http://www.ripe.net 40

update local update RIPE notify

Local Internet Registries . Training Course . http://www.ripe.net 42

One request form per customer

Ask the same questions RIPE NCC asks LIR