Here today from ARIN
|
|
- Osborne Kennedy
- 5 years ago
- Views:
Transcription
1 Little Rock, Arkansas 7 March 2017
2 Here today from ARIN Dan Alexander Jan Blacka John Curran Susan Hamlin Aaron Hughes Ed MacDonald Andy Newton Jon Worley Chair, ARIN Advisory Council Senior User Experience Specialist President and CEO Director, Communications & Member Services Vice Chair, ARIN Board of Trustees Senior Software Engineer Chief Engineer Technical Services Manager
3 Agenda 10:00 10:15 Welcome and Getting Started 10:15-10:35 ARIN: Mission, Role and Services 10:35-11:10 ARIN Technical Services 11:10-11:30 ARIN Internet Number Resource Policy 11:30 Noon DNS Security (DNSSEC) Noon - 1:00 Lunch
4 Agenda 1:00-1:30 Life After IPv4 Depletion 1:30-2:00 Resource Certification (RPKI) 2:00-2:10 Break 2:10 3:30 Everything You Ever Wanted to Know About IPv6 3:30-3:45 Q&A / Open Mic Session & Ask ARIN
5 Let s Get Started! Self introductions Name Organization and type of business The question I would most liked answered today is...
6 ARIN and the RIR System: Mission, Role and Services John Curran President and CEO
7 Regional Internet Registries
8 What do the RIRs do? Manage the distribution of IP addresses and Autonomous System numbers (ASNs) Provide reverse DNS and a public Whois database Support Internet infrastructure through technical coordination
9 The RIRs are Independent Not-for-profit Fee for services, not number resources 100% community funded Membership based Internet service providers (ISPs), telecommunication organizations and large corporations Community Regulated Community developed policies Member-elected governing boards Open and transparent
10 Distribution of IP Addresses
11 ARIN, a nonprofit member-based organization, supports the operation of the Internet through the management of Internet number resources throughout its service region; coordinates the development of policies by the community for the management of Internet Protocol number resources; and advances the Internet through informational outreach.
12 ARIN s Service Region The ARIN Region includes many Caribbean and North Atlantic islands, Canada, the United States and outlying areas.
13 The ARIN Community includes 37,000+ organizations served 20,000+ customers paying fees for services 5,425+ members 80+ professional staff And more..anyone with an interest in Internet number resource management in the ARIN region
14 Community-based Leadership ARIN is governed by individuals who are elected by our membership. Board of Trustees 6 elected, 3 year terms Advisory Council 15 elected, 3 year terms Number Resource Organization Number Council 2 elected, 3 year terms
15 Board of Trustees 7 Member Board of Trustees 6 elected by the membership plus President & CEO all voting 2 seats open each election/year Ability to appoint an additional voting member for diversity Maintains authority over the scope, mission, and establishes the strategic direction and fiscal oversight
16 Advisory Council 15 Member Advisory Council Elected by the membership 5 seats open each year/election Serves in an advisory capacity to the Board on Internet number resource policy and related matters; forwards consensus-based policy proposals to the Board for ratification
17 NRO NC/ ASO AC Number Resource Organization Number Council 15 member body/3 per RIR 2 elected and one appointed Global policy development process Selects ICANN Board seats 9 and 10 Provides advice to the ICANN Board on number resource allocation policy, in conjunction with the RIRs
18 Strategic Planning ARIN performs its mission according to a Strategic Plan. Updated annually, this plan drives the creation of organizational objectives and the internal work plan. ARIN s strategic plan and objectives:
19 2017 Organizational Objectives Maintain accountability to membership Perform audits (security, registration services) Make Board aware of community needs for services Participate in global discussions to maintain the community-based multi-stakeholder policy development model Conduct two ARIN Public Policy and Member meetings Maintain a strong outreach in the Caribbean
20 2017 Organizational Objectives Support law enforcement efforts consistent with ARIN s mission Support community discussions on global routing table management Provide Advisory Council requested automation support Continue IPv4/IPv6 transition awareness campaign Continue to review and enhance online services, including making significant user interface improvements per user feedback and customer survey
21 ARIN Manages: IP address allocations & assignments ASN assignment Transfers Reverse DNS Record Maintenance Directory services Whois, Whowas...
22 ARIN develops technologies for managing Internet number resources: ARIN Online customer web portal DNSSEC - security Resource Certification (RPKI) Community Software Project Repository Whois-RWS Whois and Registration Data Access Protocol (RDAP) directory services Operational Test and Evaluation Environment
23 Training and Education Educational Materials library Instructional Video Library In-person Training/Education ARIN on the Road, ARIN + NANOG on the Road, other fora upon request 23
24 Outreach and Community Engagement Policy Development through Public Policy Meetings and Consultations Work closely with the technical community to ensure education, empowerment, engagement Collaborate with Caribbean organizations to maximize inclusion 24
25 Global Community Engagement Foster working relationships on a global scale Be a key technical resource Support cooperation and direct involvement alongside governments and international organizations 25
26 Key Outreach Topics Get6 - teamarin.net/get6/ Focus on getting public websites IPv6-enabled Featuring Forward Thinkers who have done it already Wiki list of IPv6 webhosters, DNS providers, trainers, & consultants - getipv6.info
27 ARIN Mailing Lists ARIN Announce: ARIN Discussion: (members only) ARIN Public Policy: ARIN Consultation: ARIN Issued: ARIN Technical Discussions: Suggestions:
28 ARIN on Social Media TeamARIN.net +TeamARIN
29 You Can Participate Subscribe to an ARIN mailing list Attend a Public Policy and Members Meetings Voice your opinion - ARIN s Consultation and Suggestion Process Volunteer Committees of the Board: Fellowship Selection, Nomination, Mailing List Acceptable Use Policy and serves as a Meeting Mentor Members Vote in annual elections
30 Questions & Discussion
31 ARIN Technical Services Ed MacDonald Senior Software Engineer
32 How Many Records Do We Manage? Networks Direct Indirect ASNs Reverse DNS Delegations Organizations Org IDs Customers Points of Contact Web Users... for a grand total of?
33 Almost 8 Million! Networks: 3,069,469 Direct: 57,764 Indirect: 3,011,705 ASNs: 25,920 Reverse DNS Delegations: 606,584 Organizations: 3,183,197 Org IDs: 733,927 Customers: 2,449,270 Points of Contact: 725,975 Web Users: 121, for a grand total of 7,732,279
34 Major Technical Service Areas Core Registry Functions (ARIN Online) Resource Registration & Management Whois Reverse DNS New Services Web-based reassignment management (SWiP-EZ) DNSSEC & RPKI WhoWas RDAP RESTful Interfaces Operational Test & Evaluation Environment (OT&E) Technical Support
35 Core Registry Services ARIN Online Registering ASNs and IPv4/IPv6 blocks Including reassignments and reallocations Transferring ASNs and IPv4/IPv6 blocks Managing org & contact information Managing reverse DNS & RPKI Bulk Whois and WhoWas Reports Invoices and Bill Payment All now available via ARIN Online
36 ARIN Online - Total Users 140, , ,000 80,000 60,000 40,000 20, , ,627 92,866 78,074 64,185 49,524 29,831 12,799 2,
37 ARIN Online Usage Frequency # Users 90,000 80,000 70,000 60,000 50,000 40,000 30,000 20,000 10, ,607 23,438 One user logged in 1,319,292 times! 10,921 1,533 37
38 Web-Based Reassignment Management Manage customer reassignments (SWIPs) via ARIN Online Comprehensive reassignment report Generates a spreadsheet of all reassignments made from your space along with holes (unassigned space) Recommended for ISPs managing a small number of records
39 DNSSEC & RPKI Security for core Internet protocols Stay tuned for details...
40 WhoWas Spreadsheet with registration history for one ASN/IP address Requested by the community Common uses include Researching the history of an IPv4 block prior to entering into a transfer Investigating possible unauthorized changes Law enforcement
41 Registration Data Access Protocol (RDAP) Designed by the IETF to replace Whois Whois was designed for humans to read, not for machines to interact with Provides standardized HTTP-based RESTful JSON responses Plays well with machines Can offer referral responses If you ask ARIN for a record that s held by another RIR, we point you to it
42 RDAP In Action Client Bootstrap Server ARIN APNIC ? Ask ARIN ? Ask APNIC ? JSON 42
43 REST Services Reg-RWS Reassignments (SWiP) Reports DNS / RPKI Management Whois RDAP Whois-RWS
44 What is REST? REpresentational State Transfer Uses HTTP & URLs to create, read, update, and delete data Widespread industry adoption Amazon S3 Yahoo Google etc
45 The BIG Advantage of REST Easily understood Any modern programmer can incorporate it Can look like web pages Re-uses HTTP in a simple manner Many, many clients Other HTTP advantages This is why it is very, very popular with Google, Amazon, Yahoo, Twitter, Facebook, YouTube, Flickr,
46 What does it look like? Who can use it? Where the data is. What type of data it is. The ID of the data. It s a standard URL. Anyone can use it. Go ahead, put it into your browser. We dare you.
47 Reg-RWS Transactions (cumulative) 7,000,000 6,000,000 5,000,000 4,000,000 3,000,000 2,000,000 1,000,000 0 Template 3,524,124 4,715,231 5,034,717 4,296,734 1,311,403 1,498,2041,749,3832,006,440 1,066, , , , , ,105 40,374 5,662,477 5,987,8366,153,205 2,225,894 2,435,265 47
48 Using ARIN s RESTful Services APIs documented on our web site Build your own tools Some commercial IP address management vendors integrate to ARIN via REST Some have shared their tools with others Repository for these tools Useful for ISPs managing lots of records
49 Where can more information on REST be found? RESTful Web Services O Reilly Media Leonard Richardson Sam Ruby
50 Operational Test & Evaluation (OT&E) Lots of people test in production Is not the best place to test Things do get stuck may impact others Operational Test & Evaluation Goodness of OT&E Place to test code/processes All services now under ote.arin.net except Need to register to participate
51 Technical Support Ask ARIN Phone Help Desk 7AM - 7PM ET M-F support via hostmaster@arin.net arin-tech-discuss mailing list Make sure to subscribe Archives contain useful information
52 52 In the works a new design!
53 Q&A
54 ARIN Internet Number Resource Policy your participation matters Dan Alexander Chair, ARIN Advisory Council
55 What Do Internet Number Resource Policies Do? ARIN applies policies to manage Internet number resources and certain directory and registry services. Policies are given effect through the application of business rules and operating procedures
56 What is the NRPM? The Number Resource Policy Manual (NRPM) is the collection of all ARIN policies, arranged by topic. Topics include: Definitions Directory Services IPv4 IPv6 AS Numbers Transfers
57 Policy Example NRPM End-users ARIN assigns blocks of IP addresses to end-users who request address space for their internal use in running their own networks, but not for subdelegation of those addresses outside their organization. End-users must meet the requirements described in these guidelines for justifying the assignment of an address block.
58 Policy Principles Internet number resource policy must: Enable fair and impartial number resource administration Be technically sound (providing for uniqueness and usability of number resources) Have support from the community
59 Where do Policies Come From? Proposals for policy change can come from anyone, and follow a basic template: Proposals go to policy@arin.net
60 Policy Development Process (PDP) Steps 1) Proposal Someone sends a policy proposal using the approved template to policy@arin.net 2) Advisory Council (AC) Chair assigns shepherds AC Shepherds manage the proposal, but work closely with the author(s) and encourage feedback To be accepted as a draft policy, a proposal must contain a clear problem statement and be within the scope of ARIN's mission. 3) Draft Policy- Work in progress, discussed on the mailing list and at Public Policy Meetings and Consultations Once Draft Policies meet the Principles of Internet Number Resource Policy, they may be recommended for adoption by the AC 4) Recommended Draft Policy More discussion and presentation at meeting(s). Does community support turning this into policy? 5) Last call 6) Board Review and Adoption 7) Staff Implementation (NRPM)
61 Petitions The community petition for or against several AC actions, including: Against the rejection of a Proposal Against the abandonment of a Draft Policy or Recommended Draft Policy For the movement of a Draft Policy to Recommended Draft Policy status Movement of a Recommended Draft Policy to Last Call status
62 Principles of the PDP Open Developed in open forums Anyone can participate Transparent All aspects documented and available on website Bottom-up Policies developed by the community Staff implements, but does not make policy
63 The Importance of Participation A single community member can propose a policy change, or spark an important discussion in support or opposition to a potential change. Many significant policies have gone through the entire PDP with only a handful of voices speaking for or against them.
64 Example: ARIN : Reduce All Minimum Allocation/Assignment Units to /24 Purpose: to reduce the minimum allocation/assignment size to /24 for all networks, whether end-user or ISP, and whether single or multi-homed. It also removed existing multi-homed policies Discussion was extensive, many voices spoke up about how a minimum of /24 would help the community pre- and postdepletion, and PPML saw an extended last call. Board ratified in August 2014 Staff implemented a month later.
65 How Many Community Members Did it Take to Bring ARIN to Fruition? Out of 1,850+ PPML subscribers Ten total contributors PPC at NANOG 61 Show of Hands Total attendees/remote participants: 49 In favor: 16 Against: 0
66 Your Voice Matters! ARIN s community is diverse, and the more participants there are, the more balanced and comprehensive ARIN policy can be!
67 Virtual Web Hosting Policy (April 2000 July 2001) April 2000 Community discussed web-hosting allocations at ARIN V (No PDP at that time) June 2000 Board Ratified Webhosting Allocations based on AC/Public Policy Mailing List New policy limits static IP based web hosting and requires virtual web hosting Web hosting providers claim the new policy hurts their business Feedback is provided to AC and PPML
68 Virtual Web Hosting Policy, Part II October 2000 AC Discusses options for changing the policy Board Suspends Virtual Webhosting Policy Board discusses how to better formalize a process to develop policy October 2000 February 2001: AC discusses way forward with changes to the newly suspended webhosting policy. March 2001: Board adopts the ARIN Internet Resource Policy Evaluation Process June 2001: AC agrees on new language for the Virtual Web Hosting Recommendation following community discussion in April July 2001: Following further mailing list discussion, the Board ratified new Virtual Web Hosting Policy.
69 Virtual Web Hosting Policy, Part III Final ratification of language on 27 July 2001 Last policy action taken before the formal PDP was developed From this point forward, all policy proposals were formally numbered and evaluated by the community following the formalized process. The issues experienced by the community, staff, AC, and Board with the virtual web hosting policy largely acted as the driver to better formalize the PDP.
70 How Can You Get Involved? Join the Public Policy Mailing List! Join at Attend Public Policy Meetings Held each April and October throughout the ARIN region April 2017 New Orleans October 2017 San Jose April 2018 Miami October 2018 Vancouver Remote participation supported, attend from anywhere! Attend Public Policy Consultations Held as needed during NANOG meetings in February and June Remote participation supported
71 Proposals at Public Policy Meetings (AC workload) Adopted Abandoned TBD
72 Draft Policies Currently Under Discussion Recommended Draft Policy ARIN : Alternative simplified criteria for justifying small IPv4 transfers Draft Policy ARIN : Removal of Indirect POC Validation Requirement Draft Policy ARIN : Streamline Merger & Acquisition Transfers
73 Takeaways v ARIN doesn't create number policy, you do. It s as easy as submitting a proposal. v Policy development includes assistance from the ARIN Advisory Council throughout the process. v Stay informed. Join the policy mailing list and/or attend meetings (in person or remotely).
74 References Policy Development Process (PDP) Draft Policies and Proposals Number Resource Policy Manual (NRPM)
75 Q&A
76 Securing Core Internet Functions DNSSEC Andy Newton Chief Engineer
77 Core Internet Functions: Routing & DNS The Internet relies on two critical resources DNS: Translates domain names to IP addresses and IP addresses to domain names Routing: Tells us how to get to an IP address These critical resources are not secure DNSSEC helps secure these critical resources
78 Securing DNS With DNSSEC
79 Show of Hands Who in the room has experience with DNS? Who has questions about DNS? Who has questions about DNSSEC?
80 How DNS Works Question: A A? root-server Resolver A? Caching forwarder (recursive) Ask net X.gtld-servers.net (+ glue) A? gtld-server Ask arin ns1.arin.net (+ glue) Add to cache A? arin-server 80
81 What is DNSSEC? A DNS extension which authenticates responses When you ask how to get to DNSSEC verifies the answer is from ARIN and not someone pretending to be us Doesn t ensure the answer is correct, just that it s coming from the right place
82 Why is DNSSEC Important? Standard DNS is not secure Trivial to spoof (provide false responses)... so an attacker can redirect people looking for to his own site... and then steal login information. DNSSEC is (surprise) secure An attacker can try to redirect traffic, but DNSSEC will show it s not a valid response
83 DNS Cache Poisoning Attacker gives the nameserver a poisoned (incorrect) response to If accepted, this nameserver will direct people to the fake site, typically for hours... and any nameservers that trust the poisoned one will also become poisoned.
84 Case Study: Kashpureff Attack Eugene Kashpureff didn t like Internic s control of top level domains In 1996, he used DNS cache poisoning to redirect Internic traffic to his own site Kashpureff was eventually convicted of computer fraud This attack could have been prevented with DNSSEC
85 Case Study: Kaminsky Flaw 2008: Dan Kaminsky discovered a fundamental flaw in the DNS protocol 65,536 Transaction IDs in DNS makes it easy to guess the right one & spoof Updates to DNS software makes this flaw more difficult to exploit, but not impossible These attacks can be prevented with DNSSEC
86 Case Study: Bradesco Bradesco is a bank in Brazil DNS cache poisoning attack resulted in 1% of the bank s customers being redirected to a fake site Getting login credentials for 1% of a large bank s customers could be disastrous Networks not using DNSSEC are vulnerable to a similar attack
87 Other Uses 1. Protect DKIM & SPF Without DNSSEC, an attacker can make use your addresses for spam. 2. SSH Initial Host Key Exchange Protect SSH Fingerprint (SSHFP) records. 3. PGP Key Distribution Use _pka records to distribute PGP keys easily usable by GnuPG 4. DANE Coming standard from the IETF to use DNS as a global public key infrastructure.
88 DNSSEC Usage Statistics ARIN 38 Number of Orgs with DNSSEC 137 Total Number of Delegations 603,296 DNSSEC Secured Zones 632 Percentage Secured 0.1 % 88
89
90 How Can We Increase Usage? Identify Barriers to Adoption Don t know how Don t have time... but I haven t been attacked Then, knock them down Increased awareness Education/assistance An ounce of prevention is worth a pound of cure
91 Using DNSSEC with ARIN Remember: this is for reverse DNS, not forward DNS Use your DNS server software to: Generate your key pair Create DS records to upload to ARIN via ARIN Online or Reg-RWS Sign your DNS zones
92 Completing DNSSEC Configuration Ensure the required DNSKEY, RRSIG, NSEC, and DS records are published in your nameservers Consult your zone file.. ARIN provides only reverse DNSSEC Make sure to also secure your forward DNS through your domain registrar
93 How It Works DNSSEC adds new resource records into your zone file. These records are signed off-line. Two types of public/private key pairs Zone Signing Key (ZSK) is used to sign records in the zone Key Signing Key (KSK) signs the ZSK. Usually longer lived than the ZSK.
94 What a Unsigned Zone Looks Like in-addr.arpa IN SOA ns1.arin.net. dns-ops.arin.net in-addr.arpa IN NS ns1.arin.net in-addr.arpa IN NS ns2.arin.net in-addr.arpa IN NS ns2.lacnic.net in-addr.arpa IN NS sec1.apnic.net in-addr.arpa IN NS sec1.authdns.ripe.net in-addr.arpa IN PTR host arin.net in-addr.arpa IN PTR host arin.net.
95 What a Signed Zone Looks Like in-addr.arpa IN SOA ns1.arin.net. dns-ops.arin.net in-addr.arpa IN RRSIG NSEC in-addr.arpa. p33dgtslyg/qoduon6xgrfuwfrdildyqtjfl/i077alza/usj0r3furj 3FikILZOodCWez0yiKYwKaUYlGiFgZyWSlDTrbMgnLBG162tQrby8wAQ Ke1mOYRBdSOT6swRzhJx6rRRSH4C0/3YpQqmKZsplQisyTdbykhy4N3h 38M= in-addr.arpa IN DNSKEY AwEAAXCN3mUJUntP90L4F4oNxxlzKFos9FYD0wxTqxoWueBjFVAvS9vt FSAC7sV4yqKF3NbOOgk81Ep8n8BLZ3vvhnL8/y6Gf3K+d/yvK248ZWR6 +r+aasv6icmeloqhajzuam/emrlj4kj96lvjfvmewdpnnsyzen30ofpc sswvvamh in-addr.arpa IN NSEC in-addr.arpa. NS SOA RRSIG NSEC DNSKEY in-addr.arpa IN NS ns1.arin.net in-addr.arpa IN PTR host arin.net. A signed zone file will have RRSIG, NSEC, and DNSKEY records.
96 DNSSEC Adds New Record Types DNSKEY records holding the public zone signing key and key signing key RRSIG records holding the cryptographic signatures of the other DNS records NSEC records cryptographically stitching the other records together DS these point to your zone like an NS record (needed in the parent zone)
97 A view from
98
99
100
101 How Do I Know It s Working? Use a DNSSEC validating resolver. Popular options include:
102 Takeaways If you re not using DNSSEC, you re vulnerable to a DNS cache poisoning attack Plenty of readily available documentation regarding implementation details If we can help, contact us
103 Q&A
104 Lunch Break Take your valuables as the room will not be locked.
105 Agenda 1:00-1:30 Life After IPv4 Depletion 1:30-2:00 Resource Certification (RPKI) 2:00 3:15 Everything You Ever Wanted to Know About IPv6 and IPv6 Discussion 3:15-3:30 Q&A / Open Mic Session & Ask ARIN
106 Life After IPv4 Depletion Jon Worley Technical Services Manager
107 Overview IPv4 Request Activity Reserved IPv4 Space IPv4 Waiting List IPv4 Transfer Market Specified Transfer Listing Service
108 IPv4 Requests Since Depletion = IPv4 depletion
109 IPv4 Waiting List Must qualify under current ARIN policy Maximum approved size determined by ARIN Minimum acceptable size specified by requester One request per org on the list at a time Waiting List published on ARIN s web site
110 IPv4 Waiting List Block Sources IANA Redistribution (2x a year) Returned IPv4 Blocks Revoked IPv4 Blocks Generally for nonpayment Lengthy review process before reissue
111 IPv4 Waiting List Growth = IPv4 depletion
112 IPv4 Waiting List Statistics Of the 606 requests added: 170 (28%) have been filled Last request filled waited ~14 months 130 (22%) dropped off Most got IPv4 via the transfer market 302 (50%) still waiting Oldest added 23 Jul 2015
113 IPv4 Critical Infrastructure Reserve 2 /16s reserved for: Public exchange points ICANN-sanctioned Core DNS operators RIRs IANA New gtlds not eligible 12.1% used
114 Reserved IPv4 for IPv6 Deployment... stay tuned. J We ll discuss this policy in the IPv6 presentation.
115 IPv4 Transfer Policies Mergers and Acquisitions (NRPM 8.2) Traditional transfer resulting from a merger, acquisition, or reorganization supported by legal documentation Transfers to Specified Recipients (NRPM 8.3) IPv4 market transfer from one organization to another that it specifies, supported by justified need (within region) Inter-RIR transfers to Specified Recipients (NRPM 8.4) IPv4 market transfer from one organization to another that it specifies, supported by justified need (between regions)
116 Specified Recipient Transfer Allows orgs with unused IPv4 resources to transfer them to orgs in need of IPv4 resources Source Must be current registrant, no disputes Not have received addresses from ARIN for 12 months prior Recipient Demonstrate need for 24-month supply under current ARIN policy
117 Specified Recipient Transfer Growth Jul-15 Aug-15 Sep-15 Oct-15 Nov-15 Dec-15 Jan-16 Feb-16 Mar-16 Apr-16 May-16 Jun-16 Jul-16 Aug-16 Sep-16 Oct-16 Nov-16 Dec-16 Jan-17 Feb = IPv4 depletion
118 Inter-RIR Transfers RIR must have reciprocal, compatible needsbased policies Currently APNIC and RIPE NCC Transfers from ARIN Source cannot have received IPv4 from ARIN 12 months prior to transfer Must be current registrant, no disputes Recipient meets destination RIR policies Transfers to ARIN Must demonstrate need for 24-month supply under current ARIN policy
119 Inter-RIR Transfers Completed Jul-15 Aug-15 Sep-15 Oct-15 Nov-15 Dec-15 Jan-16 Feb-16 Mar-16 Apr-16 May-16 Jun-16 Jul-16 Aug-16 Sep-16 Oct-16 Nov-16 Dec-16 Jan-17 Feb = IPv4 depletion
120 No Drop In IPv4 Consumption Total /24s Free Pool Transfer Market
121 Minimal Drop in IPv4 Workload IPv4 Requests Need-Based Transfer Requests
122 Transfer Pre-Approval Optional free service to confirm your 24 month projected IPv4 need Receive IPv4 addresses via multiple need-based transfers up to the pre-approved amount over the next 24 months $300 fee to complete each transfer Now paid at the time transfer is submitted
123 Specified Transfer Listing Service (STLS) Optional fee-based service to facilitate specified recipient and inter-rir transfers Sources have IPv4 addresses verified as available Recipients have a verified need for IPv4 addresses Facilitators arrange transfers between parties Approved participants can view detailed information for all other participants Public summary available on ARIN s website Available block sizes # of source ORGs and approved block sizes List of facilitators with contact information
124 Takeaways IPv4 consumption still strong If you need IPv4: Get pre-approved & look at transfer market Get an IPv6 block & use reserved IPv6 block for IPv6 deployment policy Wait List an option if you can defer need IPv6 is the future
125 Q&A
126 Securing Core Internet Functions RPKI Andy Newton Chief Engineer
127 Core Internet Functions: Routing & DNS The Internet relies on two critical resources DNS: Translates domain names to IP addresses and IP addresses to domain names Routing: Tells us how to get to an IP address These critical resources are not secure DNSSEC and RPKI secure these critical resources
128 Routing A Primer
129 Show of Hands Who in the room has experience with routing? Who in the room wants information on routing security?
130 Routing Architecture The Internet uses a two level routing hierarchy: Interior Routing Protocols, used by each network to determine how to reach all destinations that line within the network Interior Routing protocols maintain the current topology of the network 130
131 Routing Architecture The Internet uses a two level routing hierarchy: Exterior Routing Protocol, used to link each component network together into a single whole Exterior protocols assume that each network is fully interconnected internally 131
132 Exterior Routing: BGP BGP is a large set of bilateral (1:1) routing sessions A tells B all the destinations (prefixes) that A is capable of reaching B tells A all the destinations that B is capable of reaching / / /18 A B /24 132
133 Securing Routing With RPKI
134 What is RPKI? Resource Public Key Infrastructure Cryptographically certifies network resources AS Numbers IP Addresses Also certifies route announcements Route Origin Authorizations (ROAs) allow you to authorize your block to be routed 134
135 Why is RPKI Important? Allows routers (or other processes) to validate routes as authorized Provides stronger validation than existing technologies, such as: Routing registries LOAs Seems legit 135
136 Case Study: YouTube Pakistan Telecom was ordered to block YouTube Naturally, they originated their own route for YouTube s IP address block YouTube s traffic was temporarily diverted to Pakistan This incident could have been prevented with widespread adoption of RPKI
137 Case Study: Turk Telekom Turkish President ordered censorship of Twitter Turk Telekom s DNS servers were configured to return false IP addresses So people started using Google s DNS ( ) Turk Telekom hijacked Google s IP addresses in BGP Could have been prevented with RPKI
138 Case Study: Bitcoin Late 2013 & early 2014, Dell Secure Works noticed /24 announcements being hijacked Amazon, OVH, Digital Ocean, LeaseWeb, Alibaba networks routed to a small network in Canada Data between Bitcoin miners and Bitcoin data pools intercepted An estimated haul of $83,000 Could have been prevented with RPKI
139 RPKI Basics All of ARIN s RPKI data is publicly available in a repository RFC 3779 certificates show who has each resource ROAs show which AS numbers are authorized to announce blocks CRLs show revoked records Manifests list all data from each organization 139
140 Hierarchy of Resource Certificates ICANN /0 0::/0 ARIN / /8 LACNIC AFRINIC RIPE NCC APNIC Regional ISP /16 Other Small ISP /24 Some Small ISP /20 140
141 Route Origin Authorizations ICANN /0 0::/0 ARIN / /8 LACNIC AFRINIC RIPE NCC APNIC Regional ISP /16 Other Small ISP / /16 AS /24 AS2000 Some Small ISP / /20 AS
142 Current Practices ICANN /0 0::/0 ARIN / /8 LACNIC AFRINIC RIPE NCC APNIC Regional ISP /16 Some Small ISP /20 Other Small ISP / /16 AS / /20 AS2000 AS
143 Using ARIN s RPKI Repository (Theory) 1. Pull down these files using a manifest-validating mechanism 2. Validate the ROAs contained in the repository 3. Communicate with the router to mark routes: Valid Invalid unknown Ultimately, the ISP uses local policy on how to route to use this information. 143
144 Using ARIN s RPKI Repository (Practice) 1. Get the RIPE NCC RPKI Validator 144
145 Using ARIN s RPKI Repository (Practice, continued) 2. Get the ARIN TAL 3. Plug it in to your routing policy engine: Directly to the router via RTR protocol Using custom scripts and the REST API As RPSL route objects 145
146 Putting Your Routes in the RPKI 1. Determine if you want to allow ARIN to host your Certificate Authority (CA), or if you want ARIN to delegate to your Certificate Authority. 2. Sign up with ARIN Online. 3. Create Resource Certificates and ROAs.
147 Hosted vs. Delegated RPKI Hosted ARIN has done all of the heavy lifting for you Think point click ship Available via web site or RESTful interface Delegated using Up/Down Protocol A whole lot more work Might make sense for very large networks 147
148 Hosted RPKI - ARIN Online Pros Easy-to-use web interface ARIN-managed (buying/deploying HSMs, etc. is expensive and time consuming) Cons Downstream customers can t use RPKI Large networks would probably need to use the RESTful interface to avoid tedious management We hold your private key 148
149 Delegated RPKI with Up/Down Pros Allows you to keep your private key Follows the IETF up/down protocol Allows downstream customers to use RPKI Cons Extremely hard to set up Requires operating your own RPKI environment High cost of time and effort 149
150 Delegated with Up/Down You have to do all the ROA creation Need to set up a Certificate Authority Have a highly available repository Create a CPS 150
151 RPKI Usage Oct 2012 Apr 2013 Oct 2013 Apr 2014 Oct 2014 Apr 2015 Oct 2015 Apr 2016 Oct 2016 Certified Orgs ROAs Covered Resources Up/Down Delegated
152 RPKI vs The Routing Table: Globally
153 RPKI vs The Routing Table: RIPE
154 RPKI vs The Routing Table: APNIC
155 RPKI vs The Routing Table: AFRINIC
156 RPKI vs The Routing Table: LACNIC
157 RPKI vs The Routing Table: ARIN
158 Takeaways If you re not using RPKI, you re vulnerable to route hijacking Plenty of readily available documentation regarding implementation details If we can help, contact us
159 Q&A
160 Everything You Always Wanted To Know About IPv6 Jon Worley Technical Services Manager
161 The Road To IPv6 Deployment Why Move To IPv6 Now? Obtaining IPv6 From ARIN Dedicated IPv4 Block For IPv6 Deployment IPv6 Address Plans IPv6 Deployment Case Studies IPv6 Resources... and a few words about the current state of IPv6 adoption.
162 Why Move To IPv6 Now? Being IPv4-only has costs Transfer market, latency, CGN boxes, NAT Generally no additional cost for ISPs & fees recently lowered for end users IPv6 gives you access to a reserved IPv4 block One IPv4 /24 per six month period 16 2
163 Requesting IPv6 - ISPs Have a previous v4 allocation from ARIN or predecessor registry OR Intend to IPv6 multi-home OR Provide a technical justification which details at least 50 assignments made within 5 years
164 IPv6 ISP Block Size /48 typically assigned to customers Might be smaller, e.g. /56, for residential /32 default generally sufficient Enough to number 65k+ customers Larger blocks based on: # of serving sites (PoPs, datacenters) # of customers at largest serving site Block size to be assigned
165 Requesting IPv6 End Users Have a v4 assignment from ARIN or predecessor registry OR Intend to IPv6 multi-home OR Use 2000 IPv6 addresses or 200 IPv6 subnets within a year OR Have a contiguous network that has a minimum of 13 active sites within 12 months OR Technical justification as to why provider-assigned IPs are unsuitable 165
166 IPv6 End User Block Size Number of Sites Block Size 1 / / / ,072 /36 3,073-49,152 /
167 Reserved IPv4 for IPv6 Deployment /10 reserved under policy in April /24s issued to date (99.6% remains available) Must be used to facilitate IPv6 deployment Dual stacking key servers, NAT-PT/NAT464, etc. Must have an IPv6 block One per organization every six months /24 maximum size
168 Subnetting: IPv4 vs IPv6 The IPv4 mindset: think in terms of IP addresses If a site has 50 devices, I give it a /26 The IPv4 mindset does not work for IPv6 Last 64 bits used for device autoconfiguration... and we have a ton of IPv6 addresses. The correct IPv6 mindset: think in terms of subnets, not addresses
169 IPv6 Subnetting NANOG BCOP Each individual network segment gets a /64 A /64 can hold a near-infinite number of devices Subnet on nibble boundaries for DNS /48, /44, /40, etc. Addressing plans should be hierarchical, with each level using subnets of the same size Each site gets a /48 Customers generally get a /48 PoPs/aggregation points sized based on largest
170 IPv4 Address Plan: End User Enterprise Network /23 /24 /2 4 /19 SJO Hub 14 offices /27 for each 448 IPs CHI Hub 15 offices /28 for each 240 IPs DAL Hub 7 offices /28 for each 112 IPs ASH Hub 156 sites /27 for each 4,992 IPs
171 IPv6 Address Plan: End User Enterprise Network /40 /40 /4 0 /40 (256 /48s) SJO Hub 14 offices /48 for each 448 IPs CHI Hub 15 offices /48 for each 240 IPs DAL Hub 7 offices /48 for each 112 IPs ASH Hub 156 sites /48 for each 4,992 IPs
172 IPv4 Address Plan: ISP FTTH ISP Network Little Rock Hub 952 home users (1 IP each) 5 biz customers (/29- /24) = 1,952 IPs /21 /24 Texarkana Hub 214 home users (1 IP each) = 214 IPs /2 3 Jonesboro Hub 497 home users (1 IP each) = 497 IPs /2 2 Ft. Smith Hub 497 home users (1 IP each) 4 biz customers (/29-/24) = 997 IPs
173 IPv6 Address Plan: ISP FTTH ISP Network /36 (4,096 /48s) /36 /36 /36 Little Rock Hub 1,027 total users (home + business) = 1,027 /48s Texarkana Hub 214 total users (home + business) = 214 /48s Jonesboro Hub 497 total users (home + business) = 497 /48s Ft. Smith Hub 506 total users (home + business = 506 /48s
174 Anatomy Of An IPv6 Address 2001:0DB8:3007:000A:B9D3:284A:83E2:90DB /32 from ARIN Hub /36 0 = Little Rock 1 = Texarkana 2 = Jonesboro 3 = Ft. Smith 4 = Future Hub... etc Site / = Ft Smith Site = Ft Smith Site = Ft Smith Site 7 Site 7 Subnet / = Subnet = Subnet A = Subnet 10 Device /128 Autoconfigured with MAC Address
175 IPv6 Deployment Information ISOC s Deploy360 program has 16 detailed case studies covering: ISPs Hosting providers Enterprise businesses Universities Governments ARIN s IPv6 Wiki DNS, tools, translation services, etc
176 IPv6 Info Center
177 How Far Are We In IPv6 Adoption? Depends where you look... How many networks have an IPv6 block? How many networks are routing IPv6? How much traffic is using IPv6?
178 17 Percentage of Members with IPv6 100% 80% 87.55% 75.11% 60% 52.83% 52.87% 40% 34.10% 20% 0% AfriNIC APNIC ARIN LACNIC RIPE NCC
179 ISP Members with IPv4 & IPv6 179
180 100% 80% 60% 40% 20% 0% IPv6 Adoption by ISP Size ISPs with IPv6 ISPs without IPv6
181 IPv6 Requests Since Depletion Jul-15 Aug-15 Sep-15 Oct-15 Nov-15 Dec-15 Jan-16 Feb-16 Mar-16 Apr-16 May-16 Jun-16 Jul-16 Aug-16 Sep-16 Oct-16 Nov-16 Dec = IPv4 depletion 181
182 Routing Table Growth IPv4 First 14 Years IPv6 First 12 Years
183 Google s IPv6 Traffic Growing 183
184 Facebook & Akamai
185 Discussion: IPv6 & You Do you have an IPv6 block from ARIN? If so, how was the process? Have you deployed IPv6? If not, do you plan to? Are there blockers? If so, how is it working? Any experience to share? What can ARIN do to help you with IPv6 deployment?
186 Q&A
187 Today s Take Aways: You make ARIN s Internet number resource policy Apply for IPv6 addresses and get started Consider implementing: DNSSEC, Resource Certification (RPKI) Reach out to us with questions and suggestions - engage
188
Life After IPv4 Depletion
1 Life After IPv4 Depletion Jon Worley Analyst Securing Core Internet Functions Resource Certification, RPKI Mark Kosters Chief Technology Officer 2 Core Internet Functions: Routing & DNS The Internet
More informationBRINGING YOU ANSWERS DENVER, CO 13 JUNE 2017
BRINGING YOU ANSWERS DENVER, CO 13 JUNE 2017 Here Today From ARIN Dan Alexander Chair, ARIN Advisory Council Susan Hamlin Director, Communications & Member Services Richard Jimmerson Chief Information
More informationSecuring Core Internet Functions Resource Certification, RPKI. Mark Kosters ARIN CTO
Securing Core Internet Functions Resource Certification, RPKI Mark Kosters ARIN CTO Core Internet Functions: Routing & DNS The Internet relies on two critical resources DNS: Translates domain names to
More informationBRINGING YOU ANSWERS SASKATOON, SK 14 SEPTEMBER 2017
BRINGING YOU ANSWERS SASKATOON, SK 14 SEPTEMBER 2017 Here Today From ARIN Eddie Diego, Senior Resource Analyst Susan Hamlin, Director Communications and Member Services Alyssa Moore, ARIN Advisory Council
More informationAn ARIN Update. Susan Hamlin Director of Communications and Member Services
An ARIN Update Susan Hamlin Director of Communications and Member Services ARIN, a nonprofit member-based organization, supports the operation of the Internet through the management of Internet number
More informationBRINGING YOU ANSWERS COLUMBUS, OH 2 NOVEMBER 2017
BRINGING YOU ANSWERS COLUMBUS, OH 2 NOVEMBER 2017 Here Today From ARIN Dan Alexander, Chair, ARIN Advisory Council Eddie Diego, Senior Resource Analyst Susan Hamlin, Director Communications and Member
More informationBRINGING YOU ANSWERS SAN DIEGO, CA 23 JANUARY 2018
BRINGING YOU ANSWERS SAN DIEGO, CA 23 JANUARY 2018 Here Today From ARIN Owen DeLong, ARIN Advisory Council Susan Hamlin, Director Communications and Member Services Richard Jimmerson, Chief Information
More informationARIN Update. Mark Kosters CTO
ARIN Update Mark Kosters CTO Agenda What does ARIN do? A short ARIN status report How you can get IP space from us? 2 3 ARIN, a nonprofit member-based organization, supports the operation of the Internet
More informationARIN Update. Summer 2011 ESCC/Internet2 Joint Techs Mark Kosters Chief Technology Officer
ARIN Update Summer 2011 ESCC/Internet2 Joint Techs Mark Kosters Chief Technology Officer Agenda A Brief Overview of ARIN IPv4 and IPv6 Stats Call to Action Technology Initiatives 2 of 23 About ARIN Regional
More informationLife After IPv4 Depletion. Leslie Nobile
Life After IPv4 Depletion Leslie Nobile Recent Observations Still strong demand for IPv4 Seeing increased activity in IPv4 transfers/transfer market, pre-approvals, and Specified Transfer Listing Service
More informationWelcome to Your First ARIN Meeting
Welcome to Your First ARIN Meeting Handouts for you Basic information Acronym list ARIN fact sheets ARIN at a Glance Policy Development Process ARIN Participation Internet Ecosystem Self- Introductions
More informationIPv6 Deployment: Business Case and Development Opportunities. University College of the Caribbean Internet Day. 12 July 2012 Tim Christensen, ARIN
IPv6 Deployment: Business Case and Development Opportunities University College of the Caribbean Internet Day 12 July 2012 Tim Christensen, ARIN Internet Governance Definition of Internet governance*:
More informationSecuring Routing: RPKI Overview. Mark Kosters Chief Technology Officer
Securing Routing: RPKI Overview Mark Kosters Chief Technology Officer Why are DNSSEC and RPKI important? Two of the most critical resources DNS Routing Hard to tell when resource is compromised Focus of
More informationSecurity Overlays on Core Internet Protocols DNSSEC and RPKI. Mark Kosters ARIN CTO
Security Overlays on Core Internet Protocols DNSSEC and RPKI Mark Kosters ARIN CTO Why are DNSSEC and RPKI Important Two critical resources DNS Routing Hard to tell if compromised From the user point of
More informationFirst Timers Orientation
ARIN at a Glance First Timers Orientation Brief introductions ARIN and the Regional Internet Registry (RIR) system - John Curran ARIN Tools and Services - Mark Kosters Life After IPv4 - Richard Jimmerson
More informationSecurity Overlays on Core Internet Protocols DNSSEC and RPKI. Mark Kosters ARIN CTO
Security Overlays on Core Internet Protocols DNSSEC and RPKI Mark Kosters ARIN CTO Why are DNSSEC and RPKI Important Two critical resources DNS Routing Hard to tell if compromised From the user point of
More informationMadison, Wisconsin 9 September14
1 Madison, Wisconsin 9 September14 2 Security Overlays on Core Internet Protocols DNSSEC and RPKI Mark Kosters ARIN Engineering 3 Why are DNSSEC and RPKI Important Two critical resources DNS Routing Hard
More informationLife After IPv4 Depletion
1 Life After IPv4 Depletion Jon Worley Analyst Life After IPv4 Depletion Leslie Nobile Senior Director Global Registry Knowledge 2 Overview ARIN s IPv4 inventory Trends and Observations Ways to obtain
More informationAPNIC s role in stability and security. Adam Gosling Senior Policy Specialist, APNIC 4th APT Cybersecurity Forum, 3-5 December 2013
APNIC s role in stability and security Adam Gosling Senior Policy Specialist, APNIC 4th APT Cybersecurity Forum, 3-5 December 2013 Overview Introducing APNIC Working with LEAs The APNIC Whois Database
More informationStatus of IPv4 Deple1on and Transfers. ASO Address Council 25 June 2014
Status of IPv4 Deple1on and Transfers ASO Address Council 25 June 2014 Agenda Status of IPv4 depletion Status of IPv4 transfers Status of IPv6 Discussion and Q&A 2 IANA Deple)on 3 What is IANA depletion?
More informationSan Diego, California 25 February 2014
1 San Diego, California 25 February 2014 2 Automating Your Interactions with ARIN Mark Kosters Chief Technology Officer 3 Why Automate? Interact with ARIN faster Not dependent on ARIN s systems for user
More informationIP addressing policies: what does this mean? Adam Gosling Senior Policy Specialist, APNIC APT PRF for the Pacific: August 2013
IP addressing policies: what does this mean? Adam Gosling Senior Policy Specialist, APNIC APT PRF for the Pacific: August 2013 Overview APNIC in the Internet ecosystem Policy development IPv4 IPv6 Public
More informationIP Address Management The RIR System & IP policy
IP Address Management The RIR System & IP policy Nurani Nimpuno APNIC Overview Early address management Evolution of address management Address management today Address policy development IP allocation
More informationARIN Support for DNSSEC and RPKI. ION San Diego 11 December 2012 Pete Toscano, ARIN
ARIN Support for DNSSEC and ION San Diego 11 December 2012 Pete Toscano, ARIN 2 DNS and BGP They have been around for a long time. DNS: 1982 BGP: 1989 They are not very secure. Methods for securing them
More informationIPv4 depletion & IPv6 deployment in the RIPE NCC service region. Kjell Leknes - June 2010
IPv4 depletion & IPv6 deployment in the RIPE NCC service region Kjell Leknes - June 2010 Outline About RIPE and RIPE NCC IPv4 depletion IPv6 deployment Engaging the community - RIPE NCC and the RIPE community
More informationThe Regional Internet Registries
The Regional Internet Registries Managing Internet Number Resources www.afrinic.net www.apnic.net www.arin.net www.lacnic.net www.ripe.net www.nro.net Global Coordination A Fair and Stable Platform Whether
More informationIPv6 & Internet Governance Developments. CANTO Nate Davis, Chief Operating Officer
IPv6 & Internet Governance Developments CANTO Nate Davis, Chief Operating Officer 13 August 2014 2 History of the Internet Protocol Internet Protocol version 4 (IPv4) Developed for the original Internet
More informationThe Insider s Guide To Transfers. John Sweeting - Senior Director, Registration Services Cathy Clements Transfer Services Manager
The Insider s Guide To Transfers John Sweeting - Senior Director, Registration Services Cathy Clements Transfer Services Manager Overview Transfer Basics M&A Transfer Procedure & Tips Specified Recipient
More informationSecuring Internet Infrastructure: Route Origin Security using RPKI at ARIN. Mark Kosters CTO
Securing Internet Infrastructure: Route Origin Security using RPKI at ARIN Mark Kosters CTO What is RPKI? Resource Public Key Infrastructure Attaches digital certificates to network resources AS Numbers
More informationAPNIC & Internet Address Policy in the Asia Pacific
APNIC & Internet Address Policy in the Asia Pacific NZ Internet Industry Forum Auckland, 29 November 2001 Anne Lord, APNIC Overview Introduction to APNIC Policy Development Address Management APNIC Update
More informationInternet Corporation for Assigned Names & Numbers - Internet Assigned Numbers Authority Update
Internet Corporation for Assigned Names & Numbers - Internet Assigned Numbers Authority Update PacNOG 3, Rarotonga Save Vocea Regional Liaison - Australasia/Pacific 17 June 2007 ICANN Mission To coordinate,
More informationPKI-An Operational Perspective. NANOG 38 ARIN XVIII October 10, 2006
PKI-An Operational Perspective NANOG 38 ARIN XVIII October 10, 2006 Briefing Contents PKI Usage Benefits Constituency Acceptance Specific Discussion of Requirements Certificate Policy Certificate Policy
More informationAPNIC Update. AfriNIC June Sanjaya Services Director, APNIC
1 APNIC Update AfriNIC-14 4-10 June 2011 Sanjaya Services Director, APNIC 2 Overview Registry Update Policy Update 2011 Member and Stakeholder Survey New Building & Business Continuity Plan Upcoming Meetings
More informationWelcome. Here today from ARIN
Pittsburgh, PA 2 June 2016 Welcome. Here today from ARIN Einar Bohlin, Public Policy Analyst Richard Jimmerson, CIO & Acting Director of Registration Services Andy Newton, Chief Engineer Chris Tacit, ARIN
More informationARIN Policies How to Qualify for Number Resources. Leslie Nobile
ARIN Policies How to Qualify for Number Resources Leslie Nobile Director, Registration Services ARIN Policies IPv4 IPv6 ASN Terms Allocate to issue number resources to ISPs (LIRs) for internal networks
More informationSupporting Internet Growth and Evolution: The Transition to IPv6
2010/TEL41/DSG/WKSP2/004 Agenda Item: Panel Discussion 1 Supporting Internet Growth and Evolution: The Transition to IPv6 Submitted by: APNIC Workshop for IPv6: Transforming the Internet Chinese Taipei
More informationInternet Addressing and the RIR system (part 2)
Internet Addressing and the RIR system (part 2) 12 February 2004 Phnom Penh, Cambodia Paul Wilson, APNIC Overview Part 2 Allocation statistics Asia Pacific Internet Resource statistics Global Internet
More informationPrepared by Regional Internet Registries APNIC, ARIN, LACNIC and RIPE NCC
Prepared by Regional Internet Registries APNIC, ARIN, LACNIC and RIPE NCC Overview History & Evolution Structure IP Address Management Internet Number Resource Management Policy Development Internet Number
More informationA Policy Story - IPv4 Transfer. TWNIC OPM 26, Taipei 14 December 2016 George Kuo, Services Director
A Policy Story - Transfer TWNIC OPM 26, Taipei 14 December 2016 George Kuo, Services Director 1 About APNIC Membership-based, not-for-profit, Regional Internet Registry (RIR) Delegates and registers IP
More informationISOC presents: World IPv6 Day
ISOC presents: World IPv6 Day Today Google, Facebook, Yahoo!, Akamai and Limelight Networks will be amongst some of the major organisations offering their content over IPv6 for a 24-hour test flight. The
More informationCIDR. The Life Belt of the Internet 2005/03/11. (C) Herbert Haas
CIDR The Life Belt of the Internet (C) Herbert Haas 2005/03/11 Early IP Addressings Before 1981 only class A addresses were used Original Internet addresses comprised 32 bits (8 bit net-id = 256 networks)
More informationStatus and Solutions for Whois Data Accuracy. Leslie Nobile, ARIN Tina Morris, ARIN Advisory Council
Status and Solutions for Whois Data Accuracy Leslie Nobile, ARIN Tina Morris, ARIN Advisory Council About ARIN One of 5 Regional Internet Registries (RIRs) Nonprofit corporation based in Chantilly, VA
More informationIPv6 Allocation Policy and Procedure. Global IPv6 Summit in China 2007 April 13, 2007 Gerard Ross and Guangliang Pan
IPv6 Allocation Policy and Procedure Global IPv6 Summit in China 2007 April 13, 2007 Gerard Ross and Guangliang Pan 1 Overview Introduction to APNIC Policy development process IPv6 policy and procedures
More informationResource Public Key Infrastructure
Resource Public Key Infrastructure A pilot for the Internet2 Community to secure the global route table Andrew Gallo The Basics The Internet is a self organizing network of networks. How do you find your
More informationNIR February JPNIC Updates. Hiroki Kawabata Japan Network Information Center (JPNIC) Copyright 2016 Japan Network Information Center
NIR SIG@APNIC41 February 2016 JPNIC Updates Hiroki Kawabata Japan Network Information Center (JPNIC) Contents Statistics IPv4 IPv6 ASN transfer Activities IPv6 Policy and Internet Governance RPKI Reverse
More informationAPNIC support for Internet development
APNIC support for Internet development APT/PITA Regional Meeting on ICT for the Pacific 25-27 August 2004, Nadi, Fiji Paul Wilson pwilson@apnic.net 1 What is APNIC? Regional Internet Registry (RIR) for
More informationAPNIC Update. German Valdez External Relations Program Director, APNIC ARIN XXX 26-October-2012
APNIC Update German Valdez External Relations Program Director, APNIC ARIN XXX 26-October-2012 Overview Stats IPv4 transfers Training APNIC Labs Policies ISIF Public Affairs APNIC Member Survey APNIC Coming
More informationFacilitating IPv6 Deployment. Mirjam Kühne, RIPE NCC
Facilitating IPv6 Deployment Mirjam Kühne, RIPE NCC Agenda Introduction - RIPE, the RIPE NCC and the Policy Development Process RIPE Labs - IPv6 Statistics and Measurements Capacity Building
More information10 March Informal Expert Group for the ITU World Telecommunication Policy Forum
10 March 2009 Informal Expert Group for the ITU World Telecommunication Policy Forum The Internet Society has been actively engaged in the preparation of the next World Telecommunication Policy Forum (WTPF)
More informationRIPE Policy Development & IPv4 / IPv6
RIPE Policy Development & IPv4 / IPv6 Workshop on the IPv6 development in Saudi Arabia 8 February 2009 Axel Pawlik axel@ripe.net Overview RIPE PDP (Policy Development Process) Current Policy Issues IPv4
More informationIPv4 Depletion and IPv6 Adoption Today. Richard Jimmerson
IPv4 Depletion and IPv6 Adoption Today Richard Jimmerson 2 History of the Internet Protocol Internet Protocol version 4 (IPv4) Developed for the original Internet (ARPANET) in 1978 4 billion addresses
More informationASO Activities and Policy Update. Louie Lee Chair, ASO Address Council ICANN 45 Toronto, Canada 15 October 2012
ASO Activities and Policy Update Louie Lee Chair, ASO Address Council ICANN 45 Toronto, Canada 15 October 2012 Agenda ASO / NRO: Number activities this week Update on other ASO / NRO activities Policy
More informationRoot KSK Roll Delay Update
Root KSK Roll Delay Update PacNOG 21 Patrick Jones, Sr. Director, Global Stakeholder Engagement 4 December 2017 1 Background When you validate DNSSEC signed DNS records, you need a Trust Anchor. A Trust
More informationIPv6 Deployment in Africa
IPv6 Deployment in Africa Adiel A. Akplogan CEO, AfriNIC INET Africa-2009 Spearheading Internet technology and policy development in the African Region The content IPv4 exhaustion Current situation IPv6
More informationLEA Workshop. Champika Wijayatunga & George Kuo, APNIC Wellington, New Zealand 09, May, 2013
LEA Workshop Champika Wijayatunga & George Kuo, APNIC Wellington, New Zealand 09, May, 2013 Agenda Introduction to APNIC Know about APNIC Internet Policy Development How the Internet Policies are developed
More informationAddress Registries. David Conrad. Internet Software Consortium.
Address Registries David Conrad drc@isc.org Internet Software Consortium Overview The Regional Registries An Example: APNIC Registry Policies and Procedures Registry Funding In the Beginning Address allocation
More informationObtaining and Managing IP Addresses. Xavier Le Bris IP Resource Analyst - Trainer
Obtaining and Managing IP Addresses Xavier Le Bris IP Resource Analyst - Trainer In This Talk 2 Getting IPv4 and IPv6 IPv4 Transfers Protecting Your Resources The RIPE Policy Development Process (PDP)
More informationIPv6 Allocation Policy and Procedure. Global IPv6 Summit in China 2007 April 13, 2007 Gerard Ross and Guangliang Pan
IPv6 Allocation Policy and Procedure Global IPv6 Summit in China 2007 April 13, 2007 Gerard Ross and Guangliang Pan 1 Overview Introduction to APNIC Policy development process IPv6 policy and procedures
More informationRIR Update. A Joint Presentation Prepared By APNIC, ARIN, RIPE NCC. 17 March 2002 IEPG - Minneapolis
RIR Update A Joint Presentation Prepared By APNIC, ARIN, RIPE NCC Overview Joint Efforts RIR Specific Statistics Questions RIR Co-ordination IPv6 policy development Joint tutorial & presentation at AfNOG
More informationAPNIC Update. RIPE 59 October 2009
APNIC Update RIPE 59 October 2009 Overview APNIC Services Update APNIC 28 policy outcomes APNIC Members and Stakeholder Survey Next APNIC Meetings Resource Delegations (1 Oct 09) No of /8 delegated No
More informationInternet Governance and Coordination
Internet Governance and Coordination Filiz Yilmaz SNE Colloquium, University of Amsterdam October 2013 koalafil@gmail.com Overview Who am I, why am I here? Brief History of Internet Internet Eco System:
More informationAPNIC 26 policy update Shifting landscape
APNIC 26 policy update Shifting landscape IPv6 Global Summit, 2 nd September 2008 Taipei, Taiwan Miwa Fujii IPv6 Program Manager APNIC 1 Overview Recap of the Internet policy community RIR and NRO APNIC
More informationHow to participate in RIR Policy Development Processes. Louie Lee ASO Address Council ICANN 35 Buenos Aires, Argen8na 24 June 2015
How to participate in RIR Policy Development Processes Louie Lee ASO Address Council ICANN 35 Buenos Aires, Argen8na 24 June 2015 How to participate in RIR Policy Development Processes ASO and ICANN Number
More informationShifting Sands. PLNOG March Andrzej Wolski Training Department
Shifting Sands PLNOG March 2014 Andrzej Wolski Training Department RIPE NCC 2 Began operating in 1992 Not-for-profit membership organisation 10,000 members (Local Internet Registries) Neutral, Impartial,
More informationSecure Routing with RPKI. APNIC44 Security Workshop
Secure Routing with RPKI APNIC44 Security Workshop Misdirection / Hijacking Incidents YouTube Incident Occurred 24 Feb 2008 (for about 2 hours) Pakistan Telecom announced YT block Google (AS15169) services
More informationAPNIC Update. Paul Wilson. ARIN October 2013
APNIC Update Paul Wilson ARIN 32 10 October 2013 Overview Serving APNIC Members Supporting Internet development in the Asia Pacific region Collaborating with the Internet community Corporate support APNIC
More informationLunch with John Curran. President and CEO, ARIN
Lunch with John Curran President and CEO, ARIN 3 April 2013 History of the Internet Protocol Internet Protocol version 4 (IPv4) Developed for the original Internet (ARPANET) in 1978 4 billion addresses
More informationInternet Governance & Current Internet Eco-system. Filiz Yilmaz SNE Colloquium, University of Amsterdam September 2016
Internet Governance & Current Internet Eco-system Filiz Yilmaz SNE Colloquium, University of Amsterdam September 2016 koalafil@gmail.com Overview Who am, I why am I here? Brief History of Internet Internet
More informationIPv4 Exhaustion at ARIN
IPv4 Exhaustion at ARIN 17 April 2013 INET Denver John Curran President and CEO, ARIN 2 History of the Internet Protocol Internet Protocol version 4 (IPv4) Developed for the original Internet (ARPANET)
More informationAFRINIC Consolidated Policy Manual
AFRINIC Consolidated Policy Manual CPM Revision History Date Version Comments 01 Oct 2014 Initial Draft First draft of the CPM 23 Jul 2016 1.0 Revised to include implemented policies since initial draft
More informationMisdirection / Hijacking Incidents
Security Tutorial @ TWNOG SECURE ROUTING WITH RPKI 1 Misdirection / Hijacking Incidents YouTube Incident Occurred 24 Feb 2008 (for about 2 hours) Pakistan Telecom announced YT block Google (AS15169) services
More informationDecentralized Internet Resource Trust Infrastructure
Decentralized Internet Resource Trust Infrastructure Bingyang Liu, Fei Yang, Marcelo Bagnulo, Zhiwei Yan, and Qiong Sun Huawei UC3M CNNIC China Telecom 1 Critical Internet Trust Infrastructures are Centralized
More informationAPNIC History and Overview
APNIC History and Overview AfriNIC Meeting Cape Town, May 2000 APNIC History and Overview Formation and development Current status Resource status Meetings and coordination Questions APNIC History 1992
More informationAPNIC Update. Elly Tawhai Senior Internet Resource Analyst/Liaison Officer, APNIC PacNOG
APNIC Update Elly Tawhai Senior Internet Resource Analyst/Liaison Officer, APNIC PacNOG 14 02-12-2013 Overview Serving APNIC Members Supporting Internet development in the Asia Pacific region Collaborating
More informationAfrinic Consolidated Policy Manual
Afrinic Consolidated Policy Manual Last Updated: 26 July 2016 Version: 1.0 Contents 1.0 Introduction 2.0 General Definitions 3.0 The Policy Development Process (PDP) 3.1 Scope of the PDP 3.2 Policy Development
More informationIPv6: The Future of the Internet? July 27th, 1999 Auug
IPv6: The Future of the Internet? July 27th, 1999 Auug Overview Introduction to APNIC Introduction to IPv6 Obtaining IPv6 Address Space References and RFCs What is APNIC? Regional Internet Registry (RIR)
More informationNewcomers Session! By! Newcomers Team! 01/12/2015!
Newcomers Session By Newcomers Team 01/12/2015 INTRODUCTION AGENDA AGENDA AFRINIC- 23 AT A GLANCE INTERNET ECOSYSTEM INTERNET ECOSYSTEM The term used to describe the organisations and communities that
More informationRDAP: A Primer on the Registration Data Access Protocol
RDAP: A Primer on the Registration Data Access Protocol Andy Newton, Chief Engineer, ARIN Registration Operations Workshop IETF 93 Prague, CZ 19 July 2015 Background WHOIS (Port 43) Old, very old Lot s
More informationQuick Guide to Requesting Resources from ARIN
Quick Guide to Requesting Resources from ARIN 1. Review Qualifying for Resources below to verify you qualify for the requested resources. 2. Read the applicable policies in ARIN s Number Resource Policy
More informationAPNIC Update. Srinivas (Sunny) Chendi Senior Community Relations Specialist, APNIC Member Briefing, Dhaka 25 May 2013
APNIC Update Srinivas (Sunny) Chendi Senior Community Relations Specialist, APNIC Member Briefing, Dhaka 25 May 2013 Overview Membership support Resources delegation IPv4 transfer support APNIC Training
More informationInstitutionalizing the IANA Functions To Deliver A Stable and Accessible Global Internet for Mission Critical Business Traffic and Transactions
Institutionalizing the IANA Functions To Deliver A Stable and Accessible Global Internet for Mission Critical Business Traffic and Transactions Scott Bradner iana - 1 Harvard University / IETF / ISOC /
More informationIPv4 and Two-byte ASNs running out How to craft the Internet beyond?
Gud aftenun IPv4 and Two-byte ASNs running out How to craft the Internet beyond? PacNOG 4 Port Villa 29 June 6 July 2008 1 Acknowledgements Geoff Huston Chief Scientist APNIC Intec NetCore, Inc. http://www.potaroo.net
More informationPublic Policy Consultation
66 Public Policy Consultation An open public discussion of Internet number resource policy held by ARIN facilitating in-person and remote participation. Held at ARIN's Public Policy Meetings and at other
More informationInternet Protocol Addresses What are they like and how are the managed?
Internet Protocol Addresses What are they like and how are the managed? Paul Wilson APNIC On the Internet, nobody knows you re a dog by Peter Steiner, from The New Yorker, (Vol.69 (LXIX) no. 20) On the
More informationWhat s new at the RIPE NCC?
What s new at the RIPE NCC? PLNOG, Kraków, 28 September 2011 Ferenc Csorba Trainer, RIPE NCC ferenc@ripe.net Topics - overview The Registry System IPv4 depletion IPv6 policy update and statistics RIPEstat,
More informationThis document contains the Draft and Recommended Draft Policies on the agenda for this Public Policy and Members Meeting.
Discussion Guide 1 Welcome to ARIN 42! Policies in the ARIN region are developed by the Internet community using the open and transparent ARIN Policy Development Process (PDP). The Internet community develops
More information6 March 2012
6 March 2012 richard.lamb@icann.org www.majorbank.se=? 1.2.3.4 Get page Login page Username / Password Account Data DNS Resolver ISP www.majorbank.se = 1.2.3.4 DNS Server webserver www @ 1.2.3.4 Majorbank
More informationThe IDN Variant TLD Program: Updated Program Plan 23 August 2012
The IDN Variant TLD Program: Updated Program Plan 23 August 2012 Table of Contents Project Background... 2 The IDN Variant TLD Program... 2 Revised Program Plan, Projects and Timeline:... 3 Communication
More informationJoint Response from the Regional Internet Registries
Issue 2: Consultation on international public policy issues concerning IPv4 addresses. The Council Working Group on International Internet- Related Public Policy Issues invites all stakeholders to provide
More informationIPv6 Deployment and Distribution in the RIPE NCC Service Region. Marco Schmidt IP Resource Analyst Monday, 23 April 2012
IPv6 Deployment and Distribution in the RIPE NCC Service Region Marco Schmidt IP Resource Analyst Monday, 23 April 2012 Topics: RIPE NCC IPv4 - review and last /8 IPv6 - current status How to get IPv6
More informationSupporting Internet Growth and Evolution: The Transition to IPv6
Supporting Internet Growth and Evolution: The Transition to IPv6 Bali IPv6 Summit, Bali 9 June 2010 Sanjaya Services Director, APNIC 1 Overview Recap About APNIC Reality check: where are we now? Transition
More informationInternet Numbers Introduction to the RIR System
Internet Numbers Introduction to the RIR System Chafic Chaya MEAC-IG Summer School, AUB - Lebanon August 2016 1 Who Runs the Internet? The short answer is NO ONE!!! Chafic Chaya MEAC-IG Summer School August
More informationAPNIC Update. 20 May Paul Wilson. Revision:
APNIC Update 20 May 2015 Paul Wilson Issue Date: 15 Apr 2015 Revision: APNIC s Vision A global, open, stable, and secure Internet that serves the entire Asia Pacific community 2 APNIC in 2014 Serving Supporting
More informationICANN & Global Partnerships
ICANN & Global Partnerships Baher Esmat Manager, Regional Relations Middle East cctld Training, Amman 26-29 Nov, 2007 1 What is ICANN? The Internet Corporation for Assigned Names and Numbers (ICANN) is
More informationFacilitating Secure Internet Infrastructure
Facilitating Secure Internet Infrastructure RIPE NCC http://www.ripe.net About the RIPE NCC RIPE Network Coordination Centre Bottom-up, self-regulated, membership association, notfor-profit Regional Internet
More informationRIPE NCC Academic Day. November 2016 Saudi Arabia
RIPE NCC Academic Day November 2016 Saudi Arabia Who Runs the Internet? The Short Answer is No ONE!!! 2 What is the Internet? 3 What is the Internet? 4 What is the Internet? The Internet has roughly 55,000
More informationAPNIC Update TWNIC OPM 1 JUL George Kuo Manager, Member Services, APNIC
APNIC Update TWNIC OPM 1 JUL 2010 George Kuo Manager, Member Services, APNIC Overview Services Update APNIC 29 Policy Outcomes APNIC Activities Technical Developments IPv6 Program Training Other News Upcoming
More informationIPv4 End of Life Proposals in the RIRs
IPv4 End of Life Proposals in the RIRs David Farmer farmer@umn.edu I2-ESCC Joint Techs College Station, TX February 3, 2009 Disclaimer These are my thoughts and opinions They do NOT necessary represent
More informationICANN Policy Update & KSK Rollover
ICANN Policy Update & KSK Rollover Savenaca Vocea VP, Stakeholder Engagement - Oceania Commonwealth Broadband Pacific Forum 2017, Apia, Samoa 25-27 July 2017 1 Overview Coordinating with our partners,
More informationIPv6 Address Allocation and Assignment Policy
IPv6 Address Allocation and Assignment Policy How to read this draft document: This document relates to a project to improve the readability of RIPE policy documents. If approved, it will replace ripe-512,
More information