The Internet Registry System

1Vesna Manojlovic . CEENet Workshop, August 2000 . http://www.ripe.net

The Internet Registry System

CEENet Workshop

Budapest, August 2000

Vesna Manojlovic

[email protected]

Vesna Manojlovic . CEENet Workshop, August 2000 . http://www.ripe.net 2

• RIPE• RIPE NCC• Internet Governance • Global Internet Registry System

– IP address distribution & registration– IPv6– RIPE Database– Reverse DNS Delegation

Overview


Questions always welcome!


Reseaux IP Européens


What is RIPE?

• Reseaux IP Européens (1989)– forum for network engineers to discuss technical issues

• RIPE is– service provider forum

– open for everybody

– voluntary participation, no fees

– works by consensus

– encourages face-to-face discussion

– acts like an “interest group” supporting Internet community

– but has NO legal power


How RIPE Works

• RIPE chair <[email protected]>– Chair: Rob Blokzijl (Nikhef)

• How does it work?– Working groups– Mailing lists– Meetings


Join RIPE Working Groups

• Local Internet Registries (LIR)• RIPE Database (DB)• IP version 6 (IPv6)• European Internet Exchange Forum (EIX)• Routing / MBONE• Domain Name System (DNS)• NETNEWS Co-ordination• Anti-Spam• Test-Traffic Project• European Operators Forum (EOF)

RIPE does NOT develop Internet Standards


Global Context

World-wide Internet

Technical Development & Standards Body

World-wide Operators Forum

EU Operators USA Operators

Asian Operators

IETF

IEPG

RIPE

APRICOT

NANOG


Subscribe to RIPE Mailing Lists

• General announcement list– <[email protected]>

• Working group lists– <[email protected]>

– <[email protected]>

– etc.

• For more information– Send “help” to <[email protected]>

• Join the mailing lists and get informed

http://www.ripe.net/info/maillists.html


RIPE Meetings• 3 times a year• ~3.5 day long• 300+ participants

• Working group meetings• Plenary• Presentations

• Long breaks• Informal chats

• Terminal room– IPv4, IPv6 and wireless connectivity


Come to RIPE Meetings

• Keep up to date with Internet developments• Meet others in the business• Gather information, tips, ideas• Influence directions in Internet administration

– in RIPE NCC service region and beyond

• Next meeting RIPE 37– Amsterdam, 12-15. September 2000– <[email protected]>


RIPE Meeting Attendees in 1999

DE

UK

NL

EU

US

FRAT UNK DK

SEIT

IE

NOGB

PT

CZ

HU

RUCH

FI

ES

BE

Total 857

other


RIPE Meeting Attendance per Organisational Category 1999

COM 64%

EDU 14%

GOV 0%

Unkown 8%

Assoc.14%


RIPENetwork Coordination Centre


What is the RIPE NCC?

• Not-for-profit association under Dutch law

• 8 years of history

• 2000+ members (mainly ISPs, but open to

anyone)

• Co-ordination and support services for ISPs


Why a NCC ?

• RIPE participation was increasing

• Too much RIPE work done on a voluntary basis

• Activities require continuity & co-ordination

• Neutrality and impartiality is important

• Contact point inside & outside RIPE region


RIPE NCC History

• April 1992: Birth of the RIPE NCC– TERENA legal umbrella

• September 1992: RIR Function• 1995: Contributing Local IRs• 1998: Independent Organisation

– not-for-profit association under Dutch law– General Assembly of all members– Executive Board of elected nominees

http://www.ripe.net/annual-report/99ar.html


Vital Statistics• Statistics 1992

– 3 staff members– No Local IR’s– 182,528 hosts in European Internet– 7,955 objects in RIPE database (June ‘92)

• Statistics Now– 62 staff (21 nationalities) 2,018+ participating Local IR’s 11,390,000+ countable hosts in the RIPE NCC region 3,041,650+ objects in the database


> 2 New Members per Day

0

500

1,000

1,500

2,000

Nu

mb

er

of

LIR

s


109

80

5047

28 27

20 20 1916 16

11 11 9 8 6 5 5 4 4 4

0

20

40

60

80

100

120

New LIRs in 2000


RIPE NCC Member Services

• Registration Services– IPv4 addresses

– IPv6 addresses

– AS numbers

– Reverse domain name delegation

– LIR Training Courses


RIPE NCC Public Services

• Co-ordination– RIPE support– RIPE database maintenance– Routing Registry Maintenance (RR)– Liaison with:

• LIRs / RIRs / ICANN / etc …

– Information dissemination

• Special Projects– Test Traffic– Routing Information Service (RIS)– Routing Registry Consistency (RR)


Formal Decision Making

“Consensus” Model

RIPE proposes activity plan

RIPE NCC proposes budget to accompany activity plan

General Assembly votes on both

activities and budget at yearly meeting


Internet Governance


Authority in the Net??

• The Internet Corporation for Assigned Names and Numbers (ICANN) is the non-profit corporation that was formed to assume responsibility for the IP address space allocation, protocol parameter assignment, domain name system management, and root server system management functions now performed under U.S. Government contract by IANA and other entities.


Developments in Internet Governance

PSO ASO DNSO

RIPE NCC ARIN APNIC

ICANN

RIPE APNIC mtg.ARIN mtg.

At Large


Address Supporting Organization

• RIR agreed on a proposal• “Simple model”• MoU between ICANN and RIRs• Policies set through existing regional processes• Address Council established

– oversee policy development processes– select ICANN directors (open process)

http://www.aso.icann.org


Global Internet Registry System


Goals of the Internet Registry System

• Fair distribution of address space

• Conservation – prevention of stockpiling of addresses

• Aggregation– hierarchical distribution of globally unique address space

– permits aggregation of routing information

• Registration– provision of public registry

– ensures uniqueness and enables troubleshooting


Service Regions


Address Distribution

Global Authority

RIR/8

LIR (ISP/Enterprise)/20 + RIPE NCC Members

ISP / End Users/32 + Anybody with a network/host


Address Space Usage

0

20,000,000

40,000,000

60,000,000

80,000,000

100,000,000

213/8

212/8

62/8

195/8

194/8

193/8

60%

97%

40,1%

96,5%

97%

98%


Terminology

• Allocation– address space given to registries which is held by them to

assign to customers

• Assignment– address space given to end-users for use in operational

networks

assignment

/20 allocation = 4096 addresses

assignment


Classful Notation

16,777,216

65,536

network host

8

16

Class A

Class B

Class C

0.0.0.0 - 127.255.255.255

128.0.0.0 - 191.255.255.255

256

24

192.0.0.0 - 223.255.255.255

110

10

0

• Obsolete because of– depletion of B space– too many routes from C space

• Solution– Classless Inter Domain Routing– hierarchical address space allocation


Classless NotationAddresses Prefix Classful Net Mask... ... ... ...

8 /29 255.255.255.248

16 /28 255.255.255.240

32 /27 255.255.255.224

64 /26 255.255.255.192

128 /25 255.255.255.128

256 /24 1 C 255.255.255.0... ... ... ...

4096 /20 16 C’s 255.255.240.0

8192 /19 32 C’s 255.255.224

16384

32768

65536

/18

/17

/16

64 C’s

128 C’s

1 B

255.255.192

255.255.128

255.255.0.0... ... ... ...


How to get IP addresses?

• Go to your Local Internet Registry– Your provider is probably one or is connected to one

http://www.ripe.net/lir/registries/europe.html

• If you are a provider and think you may need to be an LIR? – Contact RIPE NCC <[email protected]>


Becoming a LIR

• Complete application form (ripe-212)

• Provide Reg-ID & contact persons

• Read relevant RIPE documents

• Sign service agreement (ripe-191)– agreed to follow policies and procedures

• Pay sign-up & yearly fee– <[email protected]>


Obtaining IP AddressesThrough Existing LIR


Providing Information (1)• Overview of organisation

• information relevant to the address space request

– name and location of the organisation?– organisation activities?– what is the structure?

• does it have subsidiaries and where?• how many departments?• for what part of the company are the addresses requested?

• Possible additional information- pointer to web site - deployment plan - special technologies- purchase receipts


Providing Information (2)• Design of the network

• how many physical segments it will consist of?• what is each segment going to be used for?

– including equipment used

• how many hosts are in each segment?• expectations of growth• topology map

– Utilisation and efficiency guidelines • 25% immediately, 50% in one year• operational needs; no reservations

– Can address space be conserved by using:• different subnet sizes?• avoiding padding between subnets?

– Any address space already in use?• returning and renumbering? (encouraged)


dynamic dial-up Amsterdam web/mail/ftp servers Amsterdamcustomers’ servers Amsterdamtraining room LAN AmsterdamAmsterdam office LAN (*1)dynamic dial-up Utrecht web/mail/ftp servers UtrechtInet cafe Utrechttraining room LAN Utrecht

128 32 16 16 64 128 32 16 16

448

255.255.255.128 255.255.255.224 255.255.255.240 255.255.255.240 255.255.255.192 255.255.255.128 255.255.255.224 255.255.255.240 255.255.255.240

0.0.0.0 0.0.0.128 0.0.0.160 0.0.0.1760.0.0.1920.0.1.0 0.0.1.128 0.0.1.160 0.0.1.176

100 10 8 14 24 0 0 14 0

170 297 342 Totals

(*1) Office LAN = workstations, router, 2 printers and 1 fileserver

Relative Subnet Mask Size Imm 1yr 2yr DescriptionPrefix

Addressing Plan

100 12 10 14 35100 12 14 0

100 16 13 14 50 100 25 14 10


Request Overview

request-size: 448 addresses-immediate: 170 addresses-year-1: 297 addresses-year-2: 342 subnets-immediate: 6 subnets-year-1: 8 subnets-year-2: 9

Totals: 448 170 297 342

inet-connect: YES, already connected to “UpstreamISP” country-net: NL private-considered: Yes request-refused: NO PI-requested: NO address-space-returned: 195.20.42.0/25, to UpstreamISP, “in 3 months”


Private Address Space• RFC-1918 (Address Allocation for Private Internets)

• Suitable for– partial connectivity– limited access to outside services

• can use application layer gateways (fire walls, NAT)

• Motivation– saves public address space– allows for more flexibility– security


IPv6


Why IPv6?• Next generation protocol

– scalability -- 128 bits addresses – security– dynamic hosts numbering

• Interoperable with IPv4• simple and smooth transition

– hardware vendors– applications

• Testbed for deployment of IPv6– www.6bone.net


IPv6 Introduction • Current format boundaries |-3|--13-|--13-|-6-|--13-|--16--|------64 bits-----|

+--+-----+-----+---+-----+------+------------------+

|FP|-TLA-|-sub-|Res|-NLA-|--SLA-|---Interface ID---|

|--|-ID--|-TLA-|---|--ID-|--ID--|------------------|

|----public topology ----|-site-|-----Interface----| +--+-----+-----+---+-----+------+------------------+

/23 /29 /35 /48 /64

• Classfull; another level of hierarchy

• Hexadecimal representation of addresses• IANA allocations

– APNIC 2001:0200::/23 (12 subTLAs)– ARIN 2001:0400::/23 ( 4 subTLAs)– RIPE NCC 2001:0600::/23 (19 subTLAs)


IPv6 Allocations

• Draft allocation guidelines– provisional & bootstrap criteria– currently under revision by community – [email protected] & [email protected]

• Initial allocation to LIRs– /35 subTLA

• 13 bits of NLA space + 16 bits of SLA space

– whole /29 subTLA reserved

http://www.ripe.net/ripencc/mem-services/registration/ipv6/ipv6.html


The RIPE DatabaseIts usage and its usefulness


RIPE Database (1)

• Public Network Management Database

• Information about objectsIP address space inetnum, inet6num

reverse domains domain

routing policies route, aut-num

contact details person, role, maintainer


RIPE Database (2)

• Software Management• server and client

– NOT relational

– RIPE NCC– Database Working Group (RIPE community)

• Data Management– LIRs – other users– RIPE NCC

• Information content not responsibility of RIPE NCC• Strong protection mechanisms not default


Querying RIPE Database• RIPE whois server

– whois -h whois.ripe.net (UNIX command line queries)– telnet whois.ripe.net

• RIPE whois client– ftp://ftp.ripe.net/ripe/dbase/software/ripe-dbase-2.2.1.tar.gz

• Glimpse full text search– http://www.ripe.net/cgi-bin/ripedbsearch

• Web interface– http://www.ripe.net/cgi-bin/whois

• Database documentation– http://www.ripe.net/db/

http://www.ripe.net/docs/ripe-157.html &

http://www.ripe.net/docs/ripe-189.html


Search keys (Look-up Keys)

– person name, nic-hdl, e-mail– role name, nic-hdl, e-mail – maintainer maintainer name– inetnum network number, network name– domain domain name– aut-num AS number– as-macro AS-macro name– route route value

• Network number and route value are classless• Network name is a search key, but not unique


‘person’ Object

person: Mirjam Kuehne

address: RIPE NCC

address: Singel 258

address: NL - 1016 AB Amsterdam

address: Netherlands

phone: +31 20 535 4444

fax-no: +31 20 535 4445

e-mail: [email protected]

nic-hdl: MK16-RIPE

notify: [email protected]

mnt-by: RIPE-NCC-MNT

changed: [email protected] 19950411


source: RIPE


‘role’ Object% whois -h whois.ripe.net -t role

role: [mandatory] [single] [primary/look-up key] address: [mandatory] [multiple] [ ] phone: [optional] [multiple] [ ] fax-no: [optional] [multiple] [ ] e-mail: [mandatory] [multiple] [look-up key] trouble: [optional] [multiple] [ ] admin-c: [mandatory] [multiple] [inverse key] tech-c: [mandatory] [multiple] [inverse key] nic-hdl: [mandatory] [single] [primary/look-up key] remarks: [optional] [multiple] [ ] notify: [optional] [multiple] [inverse key] mnt-by: [optional] [multiple] [inverse key] changed: [mandatory] [multiple] [ ] source: [mandatory] [single] [ ]


‘role’ Object

role: RIPE NCC Hostmaster address: RIPE Network Coordination Centre address: Singel 258 address: NL - 1016 AB Amsterdam, Netherlands phone: +31 20 535 4444 e-mail: [email protected] trouble: Work days 0900-1800 CET: phone XXX trouble: Outside Business Hours: phone YYY admin-c: JLC2-RIPE tech-c: MK16-RIPE notify: [email protected] mnt-by: RIPE-NCC-MNT nic-hdl: RNH124-RIPE changed: [email protected] 19971002 source: RIPE


Network Object

inetnum: 193.0.0.0 - 193.0.0.255

netname: RIPE-NCC

descr: RIPE Network Co-ordination Centre

descr: Amsterdam, Netherlands

country: NL

admin-c: JLC2-RIPE

tech-c: MK16-RIPE

status: ASSIGNED PA

mnt-by: RIPE-NCC-MNT


source: RIPE

• “/” notation possible for inetnum value


Queries Reach 7/sec Average

0

5,000,000

10,000,000

15,000,000

20,000,000D

ec-

96

Fe

b-9

7

Ap

r-9

7

Jun-

97

Aug

-97

Oct

-97

De

c-9

7

Fe

b-9

8

Ap

r-9

8

Jun-

98

Aug

-98

Oct

-98

De

c-9

8

Fe

b-9

9

Ap

r-9

9

Jun-

99

Aug

-99

Oct

-99

De

c-9

9

Fe

b-0

0

Ap

r-0

0

7/sec


Number of DB Objects

0

1,000,000

2,000,000

3,000,000

4,000,000

5,000,000

6,000,000Jan

-97

Ap

r-97

Ju

l-97

Oct-

97

Jan

-98

Ap

r-98

Ju

l-98

Oct-

98

Jan

-99

Ap

r-99

Ju

n-9

9

Sep

-99

Dec-9

9

Mar-

00

Ju

n-0

0

• 2,5 million .de domain objects taken out on 28th June• 50,000 .be domain objects taken out on 24th July


Example Querywhois 193.0.0.0

inetnum: 193.0.0.0 - 193.0.0.255 netname: RIPE-NCC admin-c: DK58 tech-c: OPS4-RIPE

route: 193.0.0.0/24 descr: RIPE-NCC

role: RIPE NCC Operations address: Singel 258 nic-hdl: OPS4-RIPE

person: Daniel Karrenberg address: RIPE Network Coordination Centre (NCC) nic-hdl: DK58


Using RIPE DB Flags

– whois -r 193.0.0.0 => inetnum, route– whois -T inetnum 193.0.0.0 =>

inetnum,person,role– whois -r -T inetnum 193.0.0.0 => inetnum– whois OPS4-RIPE => role, persons– whois -r OPS4-RIPE => role

• whois -v as-macro• whois -a <IP address or range>


Inverse Lookups in RIPE DB• whois -i admin-c,tech-c,zone-c JJ123-RIPE

– whois -i admin-c,tech-c,zone-c -T domain JJ123-RIPE– whois -i zone-c JJ123-RIPE– whois -r -i admin-c,tech-c -T role BL112-RIPE

• whois -i notify [email protected]

• whois -i origin AS42

• whois -i mnt-by BLUELIGHT-MNT


Hierarchical DB Query

195.35.64.0-

195.35.65.191195.35.88/26

195.35.64.0 -

195.35.95.255

195.35.80/25

Blue Light Goody2Shoes

whois -M 195.35.64.0/19

whois -m 195.35.64.0/19

whois -L 195.35.92.10

eNGOs ...195.35.92/29

ENGO-7

195.35.92.8/29

ENGO-8


RIPE whois Flags• i inverse lookup for specified attributes

• L find all Less specific matches

• m find first level more specific matches

• M find all More specific matches

• r turn off recursive lookups

• T type only look for objects of type (inetnum, route, etc.)

• a search all databases

• h hostname search alternate server

• s search databases with source “source”

• t show template for object of type “type”

• v verbose information for object of type “type”

• whois help (how to query the database)


DB Update Procedure

• Changing an object– add the changed line to the new version of object

• value: email address and date

– keep the same primary key* do not forget authentication (password, PGP key)

• Deleting an object– add delete line to the exact copy of current object– value: email address, reason and date– submit to <[email protected]>


DB Update Procedure• Unique Keys (Primary Keys)

– person name + nic-hdl

– role name + nic-hdl

– maintainer maintainer name

– inetnum network number

– domain domain name

– aut-num AS number

– as-macro AS-macro name

– community community name

– route route value + origin

• Uniquely identifies object

• Updating an existing object will overwrite the old entry hence need unique key


Creating person Object

• Check if person object exists in RIPE DB– whois {person’s name; email address}

– only one object per person

• Obtain and complete a template whois -t person

– whois -v person

• Each person object has unique nic-hdl– Only way to clear ambiguity in person objects

– Format: <initials><number>-<database>• e.g. CD567-RIPE


E-mail Interface

• <[email protected]>– automatic mailbox– send all updates to this mailbox– can use HELP in subject line

• <[email protected]>– send questions and comments to this mailbox

– please include error reports


Syntax Checking

• Successful update

• Warnings– object corrected and accepted

– notification of action taken in acknowledgement

• Errors– object NOT corrected and NOT accepted

– diagnostics in acknowledgement


Example Error Message

Update FAILED: [person] Mirjam Kuehne

person: Mirjam Kuehne

address: RIPE NCC

address: Singel 258, NL-1016 AB, Amsterdam

address: The Netherlands

phone: +31 20 535 4444

fax-no: +31 20 535 4445

e-mail: [email protected]


source: RIPE

WARNING: date in "changed" (980828) changed to 19980828

*ERROR*: mandatory field "nic-hdl" missing


Deleting an Object

• Add delete attribute to copy of current object person: Mirjam Kuehne address: RIPE NCC address: Singel 258 address: NL - 1016 AB Amsterdam address: Netherlands phone: +31 20 535 4444 fax-no: +31 20 535 4445 e-mail: [email protected] nic-hdl: MK16-RIPE changed: [email protected] 19980911 source: RIPE delete: [email protected] late for training

• Submit to <[email protected]>


Nic-hdl’s (Example)

person: John F. Doe

………

nic-hdl: AUTO-1JFD

person: Anne Smith

………

nic-hdl: AUTO-2

inetnum: ………

………

admin-c: AUTO-1JFD

tech-c: AUTO-2

JFD304-RIPE

JFD304-RIPE

AS519-RIPE

AS519-RIPE


Test Database

• Non-production DB• Similar interface as “real” Database

– whois & email• whois -h test-whois.ripe.net ; [email protected]

– syntax checking – error reports

• Enable to submit your own maintainer• Ideal for testing

– various authorisation schemes– self-made scripts that update RIPE DB

• Source: TEST


DNS Activities


DNS Management• Goals

– ensure proper operation of name servers– minimise “pollution” of DNS

• Services– manage reverse delegations of networks in 193/8, 194/8, 195/8,

212/8, 213/8, 217/8 and 62/8 in-addr.arpa domain– support LIR’s with feedback– secondary name servers for ccTLDs

• RIPE NCC DOES NOT register domain names


RIPE NCC Hostcount per Quarter


Why Do You Need Reverse Delegation ?

• All host-IP mappings in the DNS (A record) should have a corresponding IP-host mapping (PTR record)

• Failure to have this will likely– block users from various services (ftp, mail)– make troubleshooting more difficult – produce more useless network traffic in general


IN-ADDR.ARPA Domain . (ROOT)

edu

arpacom

net

nl

in-addr

193 195 194

35

65

1 = 1.65.35.195.in-addr.arpa

bluelight

www 195.35.65.1

Forward mapping

Reverse mapping

(A 195.35.65.1)

(PTR www.bluelight.nl)

213 212 62217


Request Reverse Delegation

• Send domain object to <[email protected]>– an automatic mailbox

• Robot (named Marvin) will– check the Reg-ID

• only LIRs can request reverse delegation

– check if zone is correctly setup– check assignment validity– (try to) enter object to RIPE DB

• Questions, Comments to <[email protected]>


< /24 Delegations

Reverse delegation is also possible for a /24 shared by more customers

=> NOT reason for classfull assignments

• RIPE NCC reverse delegate authority for the entire /24 to LIR

• If customer wants to run own primary nameserver– LIR delegates parts as address space gets assigned– use CNAME to create an extra point of delegation

(RFC-2317)


$ORIGIN 80.35.195.in-addr.arpa.

0-31 IN NS ns.goody2shoes.nl.0-31 IN NS ns2.bluelight.nl.32-71 IN NS ns.cyberfalafel.nl.32-71 IN NS ns2.bluelight.nl.

0 IN CNAME 0.0-311 IN CNAME 1.0-31... ...31 IN CNAME 31.0-31

32 IN CNAME 32.32-7133 IN CNAME 33.32-71... ...71 IN CNAME 71.32-71

72 IN PTR www.qwerty.nl.

CNAME Example Zonefile at Provider Primary Nameserver


Reverse DNS Quality Report

• 80% of delegating zones good• Quality improving• ~500 new zones /week• 52.3% of eligible /24 zones are delegated

http://www.ripe.net/inaddr/statistics


Questions?


Organizations

AFRINIC African Network Information Centrehttp://www.afrinic.org

APNIC Asian Pacific Network Information Centrehttp://www.apnic.net

ARIN American Registry for Internet Numbershttp://www.arin.net

CEENet Central and Eastern European Networking Associationhttp://www.ceenet.org

CENTR Council of European National Top level domain Registrieshttp://www.centr.org

CIX Commercial Internet Exchangehttp://www.cix.org

ETSI European Telecommunications Standards Institutehttp://www.etsi.org

EuroISPA European Internet Service Providers Associationhttp://www.euroispa.org

IANA Internet Assigned Numbers Authorityhttp://www.iana.org


Organizations

ICANN Internet Corporation for Assigned Numbers and Nameshttp://www.icann.net

IETF Internet Engineering Task Forcehttp://www.ietf.org

ITU International Telecommunications Unionhttp://www.itu.int

NANOG North American Network Operators Grouphttp://www.nanog.org

RIPE Reseaux IP European Network http://www.ripe.net

RIPE NCC RIPE Network Coordination Centrehttp://www.ripe.net

W3C World Wide Web Consortiumhttp://www.w3.org

Documents

The Internet Registry System