RIPE NCC Services - ITU · RIPE NCC Services Marco Hogewoning ... -Regional oﬃces in Dubai and Moscow ... •Mailing list and meets physically at RIPE Meetings 26

Montenegro - October 2014

RIPE NCC Services

Marco Hogewoning External Relations Officer - Technical Advisor [email protected]

Marco Hogewoning, October 2014

About the RIPE NCC

• Not-for-profit membership association- Based in Amsterdam- Regional offices in Dubai and Moscow

• Independent- Membership fees are the source of income

• Established in 1992• Regional Internet Registry (RIR) for Europe, the

Middle East and parts of Central Asia- Distributes and register IPv4, IPv6 and AS numbers- “Internet Number Resources” (INR)

2


Number Resource Organisation (NRO)

• There are five Regional Internet Registries- Each with their own service region- Location of your network determines the RIR

• The RIRs cooperate within the NRO on global topics

- NRO acts as ICANN’s Address Supporting Organisation

3


RIRs and Internet Exchange Points

• We are not an IXP but have a lot in common- Most European IXPs are also not-for-profit membership

organisations- Open, transparent and bottom up decision making

• Both emerged around the same time in response to the growing en evolving Internet!

• Both RIRs and IXPs are a fundamental part of the Internet’s infrastructure

4

RIPE NCC Services That Are Important for IXPs


6

Registry Services

•Supply number resources• Internet Routing Registry•RPKI certification

Research andMeasurements

•RIPE Atlas•RIPE Stat

CommunityBuilding

•RIPE Meetings•Regional meetings•Mailing lists•Connect WG•Supporting NOGs•RIPE Labs

Registry Services


RIPE Address Policy

• Policies (rules) by which IP addresses and ASN are distributed are made by the RIPE community

• Bottom up decision making based on rough consensus

• Everybody can participate and suggest changes- Address Policy Working Group mailing list- Face to face at RIPE Meetings

• RIPE NCC’s Policy Development Officer (PDO)- Supports the policy development process- Can help you to submit new policy proposals

8


IPv4 Address Allocation and Assignments

• RIPE NCC has depleted its pool of IPv4 addresses- There is a small number left to support growth and help

with IPv6 transition efforts

• Each member of the RIPE NCC can request one final allocation of 1024 IPv4 addresses (/22)

- Both new and existing members can request one- Until the remaining pool is empty

• Limited documentation required- “Promise you will use them”- Maintaining accurate records in the RIPE Database

9


IPv4 for Internet Exchange Points

• RIPE community recognised the important role of Internet Exchange Points

• Created special policy to set aside a dedicated block of 65.000 IPv4 addresses (/16)

• IXPs can request between /24 and /22 for use on the shared peering LAN

- Other uses explicitly forbidden- Newly established IXPs will get 256 addresses (/24)- If supplies last you are allowed to swap for bigger when

needed (old addresses have to be returned to the pool)

10


Getting IPv6 Addresses

• Two ways to get an IPv6 address block:- As a member you can get /32 - /29 allocation

• Straightforward request process• Bigger allocations if you can document the use

- As non-member you can obtain a Provider Independent (PI) address block• Need a RIPE NCC member to request them for you,

acting as “Sponsoring LIR”• Minimum assignment size is a /48• Not allowed to assign these addresses to customers!

11


IPv6 for Internet Exchange Points

• There is a specific policy for IXPs (ripe-451)• IXPs can request /64 or /48 (which is default)• Implementation similar to PI assignments

- Need a sponsoring LIR to request it- Or be a member of the RIPE NCC!

• As there is no shortage of IPv6 you can also use the regular policies to get the same result

12


Recommended Approach

• Become a member of the RIPE NCC• Request final /22 allocation for supporting

infrastructure:- Websites, mailserver, etc- Monitoring and reporting systems

• Request IXP IPv4 assignment for peering LAN!

• Deploy IPv6 right away- Consider having a separate assignment for peering LAN

13


Internet Routing Registry (IRR)

• RIPE Database incorporates an Internet Routing Registry, which is publicly available data

• IRRs are used to publish routing policies- Publish which prefixes are originated by a network- Document peering relationships- Document which routes are announced/accepted

• Can be used to generate BGP filters- Some IXPs use this data to control their route servers

• Information can also be used to make peering decisions

14


Resource Certification (RPKI)

• Relatively new standard developed by the IETF to make Internet routing more reliable and robust

• Digital certificates issued by the RIRs can be used to validate the legitimate holder of resources

• Route Origination Announcements (ROA) can be generated to indicate which ASN is allowed to announce a route and de-aggregation limits

- IXPs can use this on their route servers to validate announcements

- IXP customers are encouraged to do the same

15

Statistics and Measurements


RIPE Atlas: Active Measurement Network

• Network of small low power devices that can send and receive IP packets

- Close to 7000 active nodes and still growing- Receive instructions from a central point

• Can measure delay, traceroute and make connections to specific services or protocols

- Is a service reachable?- How long does it take to connect?- How do my packets get there?

17


What RIPE Atlas Does Not Do

• We can’t measure network throughput- Devices are not powerful enough- We try to limit bandwidth usage

• Hosting a probe should not have impact• Hosting a probe should not cost money

- Low energy consumption!

• These probes can’t inspect or intercept traffic- Act as standalone devices- Source code is public

18


RIPE Atlas Probes in the Area 19


User Defined Measurements (UDM)

• We build and operate this measurement infrastructure for the community

• Hosting a probe is awarded with credits to runyour own set of measurements on the system

- RIPE NCC members and RIPE Atlas sponsors get additional credits to run experiments

• You can limit or select probes on criteria such as which country they are located

• Targets for a measurement can be any host connected to the Internet

20


Use for Internet Exchange Points

• There is a dual use of these statistics- Create a benchmark of the current situation- Monitor the effects of the IXP on the Internet

• Additionally you can host a RIPE Atlas Anchor- Provides a fixed point to which people can measure- Can run more measurements

21


Example: DNS Root Server RTT Mappings 22

Building Communities


24

“Internet Exchange Points are 80% social, 20% technical”


Bringing People Together

• RIPE started as a gathering of European Internet network operators

- In the early days it was mostly academic networks- Commercial operators and incumbent telcos joined quickly

• Exchange experience and knowledge• Find areas where cooperation can lead to mutual

benefits for involved parties- IXPs are a prime example of such cooperation

25


RIPE Connect Working Group

• Created during last RIPE Meeting, evolved from European Internet Exchange (EIX) working group

• Chartered to work on all aspects of IP interconnection:- Facilitate discussions about interconnection for Internet

purposes, covering Layer 1-8- Raise awareness in the community about interconnection and

the role it plays in the global Internet- Educate policymakers/regulators in how interconnection

works- Act as knowledge base for interconnection-related questions

• Mailing list and meets physically at RIPE Meetings

26


RIPE Meetings

• Bi-annual, week long, open community meetings- Interconnecting and IXPs are an important topic

• RIPE 69 will be held in London from 3-7 November- RIPE 67 was in Athens, RIPE 64 took place in Ljubljana- Meetings have remote participation (free of charge)

• Connect WG scheduled to meet Wednesday 11 November, 11:00 - 12:30 UK time

- Agenda will be published soon!

• See http://ripe69.ripe.net for details

27


RIPE NCC Regional Meetings

• Staying close to our members and community- Shorter one or two day events- Requiring less travel to attend

• RIPE NCC South East Europe (SEE) meetings- Meeting locations based on community input- Dubrovnik (2011), Skopje (2013), Sophia (2014)- Next meeting: SEE-4 in Belgrade on 21-22 April 2015

28


Capacity Building

• RIPE NCC provides training courses to members:- IPv6 deployment (basic and advanced courses)- Routing security- DNSSEC

• Online webinairs on IPv6, RPKI and RIPE Database• We are happy to discuss tailor made solutions:

- Measurements and tools workshop- Training for CERT and law enforcement professionals- IPv6 workshops for government representatives

29


Supporting Local Initiatives

• RIPE NCC supports local network operator groups (NOGs) and IXP meetings in a variety of ways

- Provide speakers and content- Organise training courses in conjunction- RIPE NCC Membership lunches!

• Local groups are the building blocks for a strong, open, bottom up and inclusive Internet governance

30

Questions?


31

Documents

RIPE NCC Services - ITU · RIPE NCC Services Marco Hogewoning ... -Regional oﬃces in Dubai and Moscow ... •Mailing list and meets physically at RIPE Meetings 26