NRO UpdateICANN 64
Kobe Japan
Alan Barrett NRO EC Chair
13 March 2019
To be the flagship and global leader for collaborative Internet number resource
management as a central element of an open, stable and secure Internet
IPv4 Transfers
(exclusive M&A)
2
Number of transfers per year
Intra-RIR IPv4 Transfers
2009 2010 2011 2012 2013 2014 2015 2016 2017 20180
200
400
600
800
1000
1200
1400
1600
1800
2000
AFRINIC APNIC ARIN LACNIC RIPE NCC
3Internet number resource status report
Number of addresses transferred by year
Intra-RIR IPv4 TransfersInternet number resource status report 4
2009 2010 2011 2012 2013 2014 2015 2016 2017 20180
5
10
15
20
25
30
35
40
45
Milli
ons
AFRINIC APNIC ARIN LACNIC RIPE NCC
Total number of IPv4 transfers between RIRs
Inter-RIR IPv4 Transfers5
30
35
16622
249
APNIC RIPE NCC
ARIN
AFRINIC LACNIC
26
Internet number resource status report
Total number of IPv4 addresses transferred between RIRs
Inter-RIR IPv4 Transfers6
1.9M
299.8K
8.8M118.8K
16.6M
APNIC RIPE NCC
ARIN
AFRINIC LACNIC
1.4M
Internet number resource status report
IPv6
7
How much has been allocated to the RIRs?
All IPv6 Address Space8
RIR IPv6 PrefixAFRINICAPNICARINLACNICRIPE NCC
2c00::/122400::/122600::/122800::/122a00::/12
IETF Reserve /1, /2+
Global Unicast
Unique Local Unicast /7
Multicast /8
IANA Reserve 506 /12s
IANA Reserve /12-
RIRs 5 /12s (October 2006)
6to4 /16
Allocated to RIRs before Oct 2006 /17, /18+
IETF Reserve /23
Internet number resource status report
/3
/0
/12
Link-Scoped Unicast /10
How many prefixes has each RIR allocated (to LIRs) per year?
IPv6 Allocations Issued by RIRs9
0
500
1000
1500
2000
2500
3000
2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018
Internet number resource status report
Total size of IPv6 space (in /32s) that each RIR has allocated (to LIRs)
Total Allocated IPv6 Space10
9,249
75,090
45,902
12,379
120,101
0
20,000
40,000
60,000
80,000
100,000
120,000
140,000
AFRINIC APNIC ARIN LACNIC RIPE NCC
Internet number resource status report
How many prefixes has each RIR assigned (to end users) per year?
IPv6 Assignments Issued by RIRs11
0
100
200
300
400
500
600
2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018
Internet number resource status report
Total size of IPv6 space (in /48s) that each RIR has assigned (to end users)
Total Assigned IPv6 Space12
932
1,117,444
3,033,753
9,179,630
199,8900
1,000,000
2,000,000
3,000,000
4,000,000
5,000,000
6,000,000
7,000,000
8,000,000
9,000,000
10,000,000
AFRINIC APNIC ARIN LACNIC RIPE NCC
Internet number resource status report
Percentage of Members with IPv6 in each RIR13
45.0%
59.6%49.2%
93.3%
68.2%
0.4%
1.8% 9.6%
0.4%
0.7%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
AFRINIC APNIC ARIN LACNIC RIPE NCC
Members with IPv4 and IPv6Members with IPv6 only
Internet number resource status report
Resource Public Key Infrastructure (RPKI) Introduction and Current Deployment
14
Background
This initiative was developed within the IETF’s SIDR Working Group with the aim to help secure global routing. The NRO acts as a coordination point for the five ‘ (RIRs) Engineering teams to collaborate on this important cross-RIR project.
What Is a Resource Certificate?
An RIR creates a resource certificate, which is a verifiable digital statement that an Internet number resource (a block of IPv4 or IPv6 addresses, or an Autonomous System Number –ASN) has been registered by that RIR. In technical terms, it is an X.509 certificate with “Extensions for IP Addresses and AS Identifiers”, as described in RFC3779.
How Will This Secure Routing?
Once a certificate is created, the holder can use it to create a Route Origin Authorization (ROA). This is a digital document stating that, as the holders of a given range of IP addresses, you allow those addresses to be routed by specific Autonomous Systems (AS). By using an automated system to check actual routes against those described in the repository of ROAs maintained by the RIR, network operators can work with a new level of certainty that the traffic they are receiving is coming from a legitimately registered network.
Resource Public Key Infrastructure (RPKI) Introduction15Internet number resource status report
RPKI RIR ACTIVATION16Internet number resource status report
REGION ACTIVE ENTITY COUNTAFRINIC 119APNIC 1502ARIN 536LACNIC 1147RIPE NCC 6938Totals 10242
Number of organisations that have resources with RPKI certificates.
As of 12 March 2019
RPKI RIR ADOPTION17Internet number resource status report
Percentage of address space that is covered by RPKI certificates.
As of 12 March 2019
REGION IPv4 ADOPTION IPv6 ADOPTIONAFRINIC 2.79% 1.21%APNIC 6.82% 7.28%ARIN 5.05% 1.43%LACNIC 18.20% 4.17%RIPE NCC 35.19% 25.76%
Where can I find out more about RPKI?
While RPKI is a cross-RIR project, each RIR provides specific information for resource holders in its region. Find out more:
AFRINIC
https://afrinic.net/en/services/bpki
APNIC
https://www.apnic.net/community/security/resource-certification/
ARIN
https://www.arin.net/resources/rpki/
LACNIC
http://www.lacnic.net/1018/2/lacnic/resource-certification-system-rpki
RIPE NCC
https://www.ripe.net/manage-ips-and-asns/resource-management/certification
RPKI Information18Internet number resource status report
• NRO Statisticswww.nro.net/statistics
• IANA Number Resourceshttps://www.iana.org/numbers
• RPKIhttps://www.nro.net/technical-coordination/security/certification/
References19Internet number resource status report
Thank You
20