Wireless Access: SSID: HHonors PW:Hilton16
|
|
- Laureen Marshall
- 6 years ago
- Views:
Transcription
1 Columbia, SC 30 October 2014
2 Wireless Access: SSID: HHonors PW:Hilton16
3 Welcome. Here today from ARIN Susan Hamlin, Director, Communications and Member Services Andy Newton, Chief Engineer John Sweeting, Advisory Council Chair Jon Worley, Principal Technical Analyst
4 Today s Agenda Welcome and Getting Started ARIN: Mission, Role, and Services IPv4 Inventory, Depletion Projections, Countdown Plan Securing Internet Infrastructure I: DNSSEC IPv4 Waiting List and Transfers LUNCH - 12:00 PM - 1:00 PM Breakout Rooms I & II IPv6 Addresses Automating Interactions with ARIN Other Items of Interest BREAK 2:20 2:30 PM Securing Internet Infrastructure II: RPKI - Andy Newton Current Number Resource Policy Discussions and How to Participate Q&A / Open Microphone Session Optional Ask ARIN - Opportunity for a one-on-one conversation with ARIN staff
5 Let s Get Started! Self introductions Name Organization
6 ARIN: Mission, Role and Services Susan Hamlin Director, Communications and Member Services
7 ARIN, a nonprofit member-based organization, supports the operation of the Internet through the management of Internet number resources throughout its service region; coordinates the development of policies by the community for the management of Internet Protocol number resources; and advances the Internet through informational outreach."
8 ARIN s Service Region ARIN s region includes many (20) Caribbean and North Atlantic islands, Canada and the United States and outlying areas.
9 Regional Internet Registries
10 Who Provisions IP Addresses & ASNs? ICANN IANA RIR ISP/LIR Top level technical coordination of the Internet (Names, Numbers, Root Servers) Manage global unallocated IP address pool Allocate number resources to RIRs Manage regional unallocated IP address pool Allocate number resources to ISPs/LIRs Assign number resources to End-users Manage local IP address pool for use by customers and for infrastructure Allocate number resources to ISPs Assign number resources to End-users
11 ARIN Structure: Not- for- profit Fee for services, not number resources 100% community funded Membership organiza?on (private and public sector, civil society) Member- elected Board of Trustees Community regulated Internet number resource policies developed by the Community Open and transparent
12 ARIN Support Organization
13 ARIN Board of Trustees Paul Andersen, Vice Chair and Treasurer Vinton G. Cerf, Chair John Curran, President and CEO Timothy Denton, Secretary Aaron Hughes Bill Sandiford Bill Woodcock 13
14 ARIN Advisory Council Dan Alexander, Vice Chair Cathy Aronson Kevin Blumberg Bill Darte Owen DeLong Andrew Dul David Farmer Scott Leibrand Tina Morris Milton Mueller Heather Schiller Robert Seastrom John Springer John Sweeting, Chair 14
15 ARIN Services Number Resources Organization Policy Development IP address allocation & assignment ASN assignment Directory services Whois -RWS WhoWas IRR Reverse DNS DNSSEC Resource Certification (RPKI) Community Software Repository Information dissemination Websites Educational materials IPv6 Wiki Social media Meetings Elections Outreach IPv6 Internet Governance Maintain discussion lists Conduct public policy meetings and public policy consultations Publish policy documents
16
17 Information on Joining in the Internet Governance Discussion Visit ARIN s webpage: Ways to Participate in Internet Governance
18 ARIN Community Input 14 March 2014 the US government announced desire to transi?on oversight of the Internet Assigned Numbers Authority (IANA) func?ons contract from the Na?onal Telecommunica?ons and Informa?on Administra?on (NTIA) to the global mul?stakeholder community. Coordina?on Group formed to facilitate the transi?on process input from the Number Resource Organiza?on, Address Suppor?ng Organiza?on, ISOC, IETF, IAB All RIRs will engage their respec?ve communi?es ARIN 34 in Bal?more on agenda and a ly consulta?on via on the issue New mailing list created: iana- transi?on@arin.net Currently ARIN is seeking volunteers to join the Consolidated RIR IANA Stewardship Proposal (CRISP) team h"p://teamarin.net/educa1on/internet- governance/iana- globaliza1on/
19 Participate in ARIN Contribute your Opinions and Ideas: Public Policy Mailing List IPv6 Wiki Attend Public Policy and Members Meetings, Public Public Policy Consultations remote participation Outreach events Submit a suggestion Participate in community consultations Write a guest blog TeamARIN.net Members Vote in annual elections
20 ARIN Mailing Lists ARIN Announce: ARIN Discussion: (members only) ARIN Public Policy: ARIN Consultation: ARIN Issued: ARIN Technical Discussions: Suggestions:
21 Q&A
22 ARIN s IPv4 Inventory, Depletion Projections, and Countdown Plan Jon Worley Principal Technical Analyst
23 ARIN s IPv4 Inventory As of 27 Oct 2014, ARIN has 0.61 /8 equivalents of IPv4 addresses remaining IPv4 inventory published on ARIN s website: Updated 8PM ET
24 Prefix Length Breakdown
25 IPv4 Annual Burn Rate /8 Equivalents Issued
26 ARIN s IPv4 Free Pool /8 Equivalents in ARIN Free Pool
27 Linear Depletion Projection /8 Equivalents in ARIN Free Pool
28 Depletion Notes Could come at any time ARIN has issued 0.41 /8 equivalents in ~2 weeks before Policy requirement to only fill requests with one block will prevent large ISPS from depleting all of the small blocks
29 IPv4 Countdown Plan
30 IPv4 Countdown Plan Phase 4 Started at 1 /8 equivalent left All IPv4 requests team-reviewed and processed on a first in, first out basis Org has 60 days from approval to complete payment and RSA IPv4 hold period drops to 2 months
31 New IPv4 Policy Reduce All Minimum Allocation/ Assignment Units to /24 Will be implemented on 17 Sept 2014 /24 minimum allocation/assignment No longer a multi-homed requirement
32 Minimum Requirements for IPv4 - ISPs ISPs qualify for a /24 by having one /24 reassigned and efficiently used Allocations > /24 based on demonstrated utilization history and renumbering (if applicable) Allocation size not based on predicted customer base (see Slow Start policy NRPM ) 3 month supply per policy
33 IPv4 ISP Data Typically Requested Static: Mapping of static IPs/subnets to customer names and street addresses Dynamic: List of all dynamic pools with prefix/range assigned, area served (location), peak util % Internal Infrastructure: Mapping of internal subnets with description and # IPs used
34 Example
35 Other IPv4 ISP Data Requested Typically ask for: Customer justification data If necessary, may ask for: Customer contact information and proof of customer payments Proof of equipment lease/purchase
36 Minimum Requirements for IPv4 End Users /24 minimum assignment size Show 25% immediate utilization rate (within 30 days) and 50% projected one-year utilization rate If requesting additional assignment, must show that each previous assignment is 80% utilized
37 IPv4 End User Data Requested Subnet mapping for previous ARIN assignments Each subnet with description and # IPs currently used Planned subnet mapping for requested block Each subnet with description, # IPs used within 30 days, # IPs used within one year
38 Example
39 The Bottom Line ARIN has v4 space today, but can t guarantee future availability Plan appropriately to ensure continued growth of your network Waiting List Specified Recipient Transfers IPv6
40 Q&A
41 Securing Internet Infrastructure: Using DNSSEC with ARIN Online Andy Newton Chief Engineer
42 Why DNSSEC? What is it? Standard DNS (forward or reverse) responses are not secure Easy to spoof Notable malicious attacks DNSSEC attaches signatures Validates responses Can not spoof
43 Reverse DNS at ARIN ARIN issues blocks without any working DNS Registrant must establish delegations after registration Then employ DNSSEC if desired Just as susceptible as forward DNS if you do not use DNSSEC
44 Reverse DNS at ARIN Authority to manage reverse zones follows allocations Shared Authority model Multiple sub-allocation recipient entities may have authority over a particular zone
45 Changes completed to make DNSSEC work at ARIN Permit by-delegation management Sign in-addr.arpa. and ip6.arpa. delegations that ARIN manages Create entry method for DS Records ARIN Online RESTful interface Not available via templates
46 Changes completed to make DNSSEC work at ARIN Only key holders may create and submit Delegation Signer (DS) records
47 Reverse DNS in ARIN Online First identify the network that you want to put Reverse DNS nameservers on
48 Reverse DNS in ARIN Online then enter the Reverse DNS nameservers
49 DNSSEC in ARIN Online then apply DS record to apply to the delegation
50 Reverse DNS: Querying ARIN s Whois Query for the zone directly: whois> in-addr.arpa Name: in-addr.arpa. Updated: NameServer: AUTHNS2.DNVR.QWEST.NET NameServer: AUTHNS3.STTL.QWEST.NET NameServer: AUTHNS1.MPLS.QWEST.NET Ref:
51 DNSSEC in Zone Files ; File written on Mon Feb 24 17:00: ; dnssec_signzone version P1-RedHat P1.el5_ in-addr.arpa IN NS NS3.COVAD.COM IN NS NS4.COVAD.COM NSEC 1.74.in-addr.arpa. NS RRSIG NSEC RRSIG NSEC ( in-addr.arpa. onk3gvacwj2j8+ear0pncqnzeqjm8h4w51ns D2VUi7YtR9FvYLF/j4KO+8qYZ3TAixb9c05c 8EVIhtY1grXEdOm30zJpZyaoaODpbHt8FdWY vwup9tq4ovbxvyusnxriz2mq55iimgdr3nat BLP5UClxUWkgvS/6poF+W/1H4QY= ) 1.74.in-addr.arpa IN NS NS3.COVAD.COM IN NS NS4.COVAD.COM NSEC in-addr.arpa. NS RRSIG NSEC RRSIG NSEC ( in-addr.arpa. DKYGzSDtIypDVcer5e+XuwoDW4auKy6G/OCV VTcfQGk+3iyy2CEKOZuMZXFaaDvXnaxey9R1 mjams519ghxp2qonnkow6ib6mr5cnkylkl0h lu+ic4buh6dqm4hbjczcmxketwe0a6dmf+th sa+5ov7ezx5lcudvqvp6p0lftae= )
52 DNSSEC in Zone Files in-addr.arpa IN NS DNS1.ACTUSA.NET IN NS DNS2.ACTUSA.NET IN NS DNS3.ACTUSA.NET DS ( AEEDA98EE493DFF5F3F33208ECB0FA4186BD 8056 ) DS ( 66E6D421894AFE2AF0B350BD8F4C54D2EBA5 DA72A615FE64BE8EF600C6534CEF ) RRSIG DS ( in-addr.arpa. n+apxbhuf+sbzqn4lmhzloi0c/hkasvo3q1y 6J0KjqNPzYqtxLgZjU+IL9qhtIOocgNQib9l gfrmz9inf2ber435gmsa/nnjpvvww/mbrkxf Pcc72w2iOAMu2G0prtVT08ENxtu/pBfnsOZK nhcy8uoboylole5whtk3xoux9+u= ) NSEC in-addr.arpa. NS DS RRSIG NSEC RRSIG NSEC ( in-addr.arpa. YvRowkdVDfv+PW42ySNUwW8S8jRyV6EKKRxe
53 Use REG-RWS for Bulk Changes If you have a lot of changes, copy&paste over the Web will be tedious. Use REG-RWS. Or ARINcli (which is a REG-RWS client) Reads zone files
54 DNSSEC Validating Resolvers
55 Reverse DNS Management and DNSSEC in ARIN Online Available on ARIN s website
56 Q&A
57 ARIN s IPv4 Waiting List and the IPv4 Transfer Market Jon Worley Principal Technical Analyst
58 IPv4 Waiting List
59 How It Works If ARIN can t fill a justified request, option to specify smallest acceptable size If no block available between approved and smallest acceptable size, option to go on the waiting list May receive only one allocation every three months Only one request on the list at a time
60 Filling Waiting List Requests Oldest request filled first Example /19 is oldest request /16 returned to ARIN ARIN breaks up the /16 and issues the /19 Subject to re-verification Removed from list once a block is issued
61 IPv4 Churn IPv4 addresses go back into ARIN s free pool 4 ways Return = voluntary Revoke = for cause (usually nonpayment) Reclaimed = fraud or business dissolution IANA issued per global policy for post exhaustion IPv4 allocation mechanisms by IANA 3.54 /8s recovered since 2005 /8 equivalent returned to IANA in 2012 /11(May 2014) & /12 (Sept 2014) issued by IANA
62 Global Policy for Post Exhaustion IPv4 Allocation Mechanisms by the IANA RIRS may return IPv4 space of any prefix size to IANA IANA will issue this returned space in equal allocation sizes to the 5 RIRs twice per year Policy activated when first RIR reaches /9 in its IPv4 inventory (Lacnic in May 2014)
63 Burn Rate vs. Churn Rate # /24s issued # /24s received back
64 Reality Check At the rate at which IPv4 addresses were recovered in 2013, it would take 51 years to fill all of 2013 s approved requests
65 IPv4 Transfer Market
66 Types of Transfers Mergers and Acquisitions (8.2) Transfers to Specified Recipients (8.3) Inter-RIR transfers (8.4)
67 Transfers to Specified Recipients 12 month waiting period (anti-flip provision) Recipient must qualify to receive resources under current ARIN policy Recipient may receive up to a 24 month supply
68 Specified Recipient Transfer Notes 82 transfers completed (53,124 /24s)* Transactions typically arranged through IPv4 brokers *As of Jul 31, 2014
69 Inter-RIR Transfers From ARIN RIR must have reciprocal, compatible needs-based policies Currently: APNIC Under discussion in the RIPE NCC, LACNIC, & AFRINIC regions Org releasing resources must not have received IPv4 from ARIN within the past 12 months Recipient must meet other RIR s Inter-RIR transfer policy requirements
70 Inter-RIR Transfers To ARIN RIR must have reciprocal, compatible needs-based policies Currently: APNIC Recipient must qualify to receive resources under current policy Recipient may request up to a 24 month supply
71 Inter-RIR Transfer Notes 34 transfers completed (5,040 /24s total)* ARIN & APNIC for now Expectation is primarily ARIN to APNIC given the early exhaustion of IPv4 in the APNIC region *As of Jul 31, 2014
72 Specified Transfer Listing Service (STLS) 3 ways to participate Listers: have available IPv4 addresses Needers: looking for more IPv4 addresses Facilitators: available to help listers and needers find each other Major Uses Matchmaking Obtain preapproval for a transaction arranged outside STLS
73 Misconceptions About Specified Recipient Transfers IPv4 transactions will never be allowed Fact: Transfer of unused IPv4 started June 2009 It s a ploy to take my unused addresses back Fact: ARIN does not require the return of address space ARIN recognizes all IPv4 transactions Fact: Must meet policy requirements
74 Tips and Tricks Make sure you are applying under the correct transfer policy Involve ARIN as early as possible Make sure a contemplated specified transfer meets ARIN requirements before finalizing Make sure that all registration information is current and accurate Use ARIN s STLS to pre-qualify Provide detailed information to support 24 month need
75 IPv4 Transfer Market
76 Reality Check Reports say current asking prices are around $10/IPv4 address Prices will likely rise once ARIN s depletes its IPv4 pool (supply and demand) Supply not guaranteed; need willing participants Temporary measure; does not preclude need to transition to IPv6
77 Q&A
78 Lunch Break Take your valuables as the room will not be locked.
79 This Afternoon s Agenda IPv6 Addresses Automating Interactions with ARIN Other Items of Interest BREAK 2:20 2:30 PM Securing Internet Infrastructure II: RPKI - Andy Newton Current Number Resource Policy Discussions and How to Participate Q&A / Open Microphone Session Optional Ask ARIN - Opportunity for a one-on-one conversation with ARIN staff
80 Obtaining IPv6 Address Space Jon Worley Principal Technical Analyst Registration Services Department
81 Why Adopt IPv6? Global IPv4 pool is depleted ARIN s IPv4 free pool will be gone soon IPv4 Waiting list is uncertain and sure to be loooooooooooong IPv4 Transfer Market = $$$$$ How will you continue to grow your network? What other options do you have?
82 Qualifying for IPv6 - ISPs Have a previous v4 allocation from ARIN OR Intend to multi-home OR Provide a technical justification which details at least 50 assignments made within 5 years
83 IPv6 ISP Data Typically Requested If requesting more than a /32, a spreadsheet/text file with # of serving sites (PoPs, datacenters) # of customers served by largest serving site Block size to be assigned to each customer (/48 typical)
84 Qualifying for IPv6 End Users Have a v4 direct assignment OR Intend to multi-home OR Show how you will use 2000 IPv6 addresses or 200 IPv6 subnets within a year OR Technical justification as to why provider-assigned IPs are unsuitable
85 IPv6 End Users Data Requested List of sites in your network Site = distinct geographic location Street address for each Campus may count as multiple sites Technical justification showing how they re configured like geographically separate sites
86 ISP Members with IPv4 and IPv6 100% 90% 80% 70% 60% 50% 40% 30% 20% 10% 0% 2010Q3 2011Q3 2012Q3 2013Q3 2014Q3 % IPv4 Only 75% 66% 62% 59% 58% % IPv4 and IPv6 25% 34% 38% 41% 42% *4,818 total members IPv4- only and IPv4+v6 ISPs
87 ARIN Resources IPv6 Info Center
88 Operational Guidance Deploy360/ bcop.nanog.org ipv6-knowledge-base-general-info
89 Q&A
90 Automating Your Interactions with ARIN Andy Newton Chief Engineer
91 Why Automate? Interact with ARIN faster Not dependent on ARIN s systems for user interface issues Build a customized system using standards-based technologies Improved accuracy Integrate multiple services
92 Why Automate (continued) We have a rich set of interfaces Focused on reliability and completeness Welcome to share your tools with the community at projects.arin.net
93 REST Service Summary ARIN s RESTful Web Services (RWS) Whois-RWS Provides public Whois data via REST Reg-RWS (or Registration-RWS) Allows ARIN customers to register and maintain data in a programmatic fashion Report Request/Retrieval Automation Permits request and download of various ARIN data (subject to AUP) RPKI using Reg-RWS
94 What is REST? Representational State Transfer As applied to web services defines a pattern of usage with HTTP to create, read, update, and delete (CRUD) data Resources are addressable in URLs Very popular protocol model Amazon S3, Yahoo & Google services,
95 The BIG Advantage of REST Easily understood Any modern programmer can incorporate it Can look like web pages Re-uses HTTP in a simple manner Many, many clients Other HTTP advantages This is why it is very, very popular with Google, Amazon, Yahoo, Twitter, Facebook, YouTube, Flickr,
96 What does it look like? Who can use it? Where the data is. What type of data it is. The ID of the data. It is a standard URL. Anyone can use it. Go ahead, put it into your browser.
97 Where can more information on REST be found? RESTful Web Services O Reilly Media Leonard Richardson Sam Ruby
98 Whois-RWS Publicly accessible, just like traditional Whois Searches and lookups on IP addresses, AS numbers, POCs, Orgs, etc Very popular As of October 2014, constitutes 65% of our query load For more information:
99 Registration RWS (Reg-RWS) Programmatic way to interact with ARIN Intended to be used for automation Not meant to be used by humans Useful for ISPs that manage a large number of SWIP records Requires an investment of time to achieve those benefits
100 Reg-RWS Requires an API Key You generate one in ARIN Online on the Web Account page Permits you to register and manage your data (ORGs, POCs, NETs, ASes) But only your data More information
101 Anatomy of a RESTful request Uses a URL (just like you would type into your browser) Uses a request type, known as a method, of GET, PUT, POST or DELETE Usually requires a payload Adheres to a published structure Depends upon the type of data Depends upon the method Method, Payload, and XML schema info is found at RESTful Provisioning Downloads
102 Example Reassign Detailed Your automated system issues a PUT command to ARIN using the following URL: The payload contains the following data: <net xmlns="h"p:// > <version>4</version> <comment></comment> <registra1ondate></registra1ondate> <orghandle>hw- 1</orgHandle> <handle></handle> <netblocks> <netblock> <type>a</type> <descrip1on>reassigned</descrip1on> <startaddress> </startaddress> <endaddress> </endaddress> <cidrlength>24</cidrlength> </netblock> </netblocks> <parentnethandle>net </parentNetHandle> <netname>helloworld</netname> <originases></originases> <poclinks></poclinks> </net>
103 Example Reassign Detailed ARIN s web server returns the following to your automated system: <net xmlns="h"p:// > <version>4</version> <comment></comment> <registra1ondate>tue Jan 25 16:17:18 EST 2011</registra1onDate> <orghandle>hw- 1</orgHandle> <handle>net </handle> <netblocks> <netblock> <type>a</type> <descrip1on>reassigned</descrip1on> <startaddress> </startaddress> <endaddress> </endaddress> <cidrlength>24</cidrlength> </netblock> </netblocks> <parentnethandle>net </parentNetHandle> <netname>netname>helloworld</netname> <originases></originases> <poclinks></poclinks> </net>
104 Reg-RWS Has More Than Templates Only programmatic way to do IPv6 Reassign Simple Only programmatic way to manage Reverse DNS Only programmatic way to access your ARIN tickets
105 Reg-RWS adoption at ARIN In Million transactions processed 375K processed via Reg-RWS (34%) 371K processed via Template (34%) Remainder via ARIN Online In Million transactions processed 3.66M processed via Reg-RWS (78%) 488K processed via Template (10%) Remainder via ARIN online
106 Testing Your Reg-RWS Client We offer an Operational Test & Evaluation environment for Reg-RWS Your real data, but isolated Helps you develop against a real system without the worry that real data could get corrupted For more information:
107 Obtaining RESTful Assistance Pay attention to Method, Payload, and XML schema documents under RESTful Provisioning Downloads Or use ARIN Online s Ask ARIN feature Or use the arin-tech-discuss mailing list Make sure to subscribe Someone on the list will help you ASAP Archives on the web site Registration Services Help Desk telephone not a good fit Debugging these problems requires a detailed look at the URL, method, and payload being used
108 Report Request/Retrieval For customer-specific data, access is restricted by user Permits you to request and retrieve reports But only your data For public services, you must first sign an AUP or TOU (Bulk Whois, Registered ASNs, WhoWas) ARIN staff may review your need to access this data Requires an API Key
109 New Feature: RPKI thru Reg-RWS Delegated very complex Hosted easy but tedious if managing a large network through the UI Solution: Interface to sign ROAs using the RESTful API Ease of Hosted Programmatic way of managing a large number of ROAs
110 Whois-RWS and the Future Whois-RWS is ARIN s RESTful interface to Whois. RIPE also has a RESTful interface for Whois but it is not compatible IETF will hopefully be ratifying RDAP by the end of this year. Will be supported by all 5 RIRs and some domain registries.
111 Q&A
112 Other Items of Interest
113 Securing Internet Infrastructure: Route Origin Security using RPKI at ARIN Andy Newton Chief Engineer
114 What is RPKI? Resource Public Key Infrastructure Attaches digital certificates to network resources AS Numbers IP Addresses Allows ISPs to associate the two Route Origin Authorizations (ROAs) Can follow the address allocation chain to the top
115 What does RPKI accomplish? Allows routers or other processes to validate route origins Simplifies validation authority information Trust Anchor Locator Distributes trusted information Through repositories
116 Resource Cert Validation Resource Allocation Hierarchy ICANN AFRINIC RIPE NCC APNIC ARIN LACNIC Issued Certificates Route Origination Authority LIR1 ISP4 permits AS65000 to originate a route for the prefix /24 ISP2 Attachment: <isp4-ee-cert> ISP ISP ISP ISP4 ISP ISP ISP Signed, ISP4 <isp4-ee-key-priv>
117 Resource Cert Validation Resource Allocation Hierarchy ICANN AFRINIC RIPE NCC APNIC ARIN LACNIC Issued Certificates Route Origination Authority LIR1 ISP4 permits AS65000 to originate a route for the prefix /24 ISP2 Attachment: <isp4-ee-cert> ISP ISP ISP ISP4 ISP ISP ISP Signed, 1. Did the matching private key ISP4 <isp4-ee-key-priv> sign this text?
118 Resource Cert Validation Resource Allocation Hierarchy ICANN AFRINIC RIPE NCC APNIC ARIN LACNIC Issued Certificates Route Origination Authority LIR1 ISP4 permits AS65000 to originate a route for the prefix /24 ISP2 Attachment: <isp4-ee-cert> ISP ISP ISP ISP4 ISP ISP ISP Signed, ISP4 <isp4-ee-key-priv> 2. Is this certificate valid?
119 Resource Cert Validation Resource Allocation Hierarchy ICANN AFRINIC RIPE NCC APNIC ARIN LACNIC Issued Certificates Route Origination Authority LIR1 ISP4 permits AS65000 to originate a route for the prefix /24 ISP2 Attachment: <isp4-ee-cert> ISP ISP ISP ISP4 ISP ISP ISP Signed, 3. Is there a valid certificate path from a ISP4 <isp4-ee-key-priv> Trust Anchor to this certificate?
120 What does RPKI Create? It creates a repository RFC 3779 (RPKI) Certificates ROAs CRLs Manifest records
121 Repository View./ba/03a5be-ddf a1f9-1ad3f2c39ee6/1:! total 40! -rw-r--r Jun ICcaIRKhGHJ-TgUZv8GRKqkidR4.roa! -rw-r--r Jun ckxlcu94ums-qd4dookak0m2us0.cer! -rw-r--r Jun dsmerm6ujglwmmqtl2esy4xyuaa.crl! -rw-r--r Jun dsmerm6ujglwmmqtl2esy4xyuaa.mnf! -rw-r--r Jun nb0gdftwffkk4vwgln-12pdfte8.roa! A Repository Directory containing an RFC3779 Certificate, two ROAs, a CRL, and a manifest
122 Repository Use Pull down these files using a manifestvalidating mechanism Validate the ROAs contained in the repository Communicate with the router marking routes valid, invalid, unknown Up to ISP to use local policy on how to route
123 Possible Flow RPKI Web interface -> Repository Repository aggregator -> Validator Validated entries -> Route Checking Route checking results -> local routing decisions (based on local policy)
124 How you can use ARIN s RPKI System? Hosted Hosted using ARIN s RESTful service Delegated using Up/Down Protocol
125 Hosted RPKI Pros Easier to use ARIN managed Cons No current support for downstream customers to manage their own space (yet) Tedious through the UI if you have a large network We hold your private key
126 Hosted RPKI with RESTful Interace Pros Easier to use ARIN managed Programatic interface for large networks Cons No current support for downstream customers to manage their own space (yet) We hold your private key
127 Delegated RPKI with Up/Down Pros You keep your own private key Follows the IETF up/down protocol Cons Extremely hard to setup Need to operate your own RPKI environment
128 Hosted RPKI in ARIN Online
129 Hosted RPKI in ARIN Online
130 Hosted RPKI in ARIN Online
131 Hosted RPKI in ARIN Online
132 Hosted RPKI in ARIN Online SAMPLE- ORG
133 Hosted RPKI in ARIN Online SAMPLE- ORG
134 Hosted RPKI in ARIN Online
135 Your ROA request is automatically processed and the ROA is placed in ARIN s repository, accompanied by its certificate and a manifest. Users of the repository can now validate the ROA using RPKI validators.
136 Delegated with Up/Down
137 Delegated with Up/Down
138 Delegated with Up/Down
139 Delegated with Up/Down You have to do all the ROA creation Need to setup a CA Have a highly available repository Create a CPS
140 Updates within RPKI outside of ARIN The four other RIRs are in production with Hosted CA services ARIN and APNIC have delegated working for the public Major routing vendor support being tested Announcement of public domain routing code support
141 ARIN Status Hosted CA deployed 15 Sept 2012 Web Delegated CA deployed 16 Feb 2013 (now deprecated) Delegated using Up/Down protocol deployed 7 Sept 2013 RESTful interface deployed 1 Feb 2014
142 RPKI Usage Oct 2012 Apr 2013 Oct 2013 Apr 2014 RPAs Signed Certified Orgs ROAs Covered Resources Web Delegated Up/Down Delegated
143 Why is this important? Provides more credibility to identify resource holders Leads to better routing security
144 Q&A
145 ARIN s Policy Development Process Current Number Resource Policy Discussions and How to Participate John Sweeting Chair, ARIN Advisory Council
146 Policy Development Process (PDP) Flowchart Proposal Template Archive Petitions
147 Policy Development Principles Open Developed in open forum Public Policy Mailing List Public Policy Meetings / Consultations Anyone can participate Transparent All aspects documented and available on website Policy process, meetings, and policies Bottom-up Policies developed by the community Staff implements, but does not make policy
148 Who Plays a Role in the Policy Process? Community Submits proposals Participates in discussions and petitions Advisory Council (elected volunteers) Facilitates the policy process Develops policy that: enables fair and impartial resource administration is technically sound is supported by the Community Determines consensus based on community input
149 Roles ARIN Board of Trustees (elected volunteers) Provides corporate fiduciary oversight Ensures the policy process has been followed Adopts policies ARIN Staff Provides feedback to community Staff and legal assessments Policy experience reports Implements adopted policies
150 Basic Steps 1. Proposal from community member 2. AC works with author ensure it is clear and in scope 3. AC promotes proposal to Draft Policy for community discussion/feedback (PPML and possibly PPC/PPM) 4. AC recommends fully developed Draft Policy (fair, sound and supported by community) for adoption 5. Recommended Draft Policy must be presented at a face-to-face meeting (PPC/PPM) 6. If AC still recommends adoption, then Last Call, review of last call, and send to Board 7. Board reviews 8. Staff implements
151 Petitions Petitions available for: Delay by the AC Proposal to Draft Policy (after 60 days) Draft to Recommended Draft (after 90) Last Call (after 60) Board (after 60) Abandonment Rejection (proposals out of scope) Petitions begin with 5 day duration, needing support from 10 people from 10 different organizations (later stages require more people) Despite low bar, attempted petitions are rare
152 Number Resource Policy Manual ARIN s Policy Document Version (17 September 2014) 35th version Contains Change Logs HTML/PDF/txt
153 Policies in the NRPM ARIN Principles IPv4 Address Space IPv6 Address Space Autonomous System Numbers (ASNs) Directory Services (Whois) Reverse DNS (in-addr) Transfers Experimental Assignments Resource Review Policy
154 Current Draft Policies/Proposals Recommended Draft Policies ARIN : Resolve Conflict Between RSA and 8.2 Utilization Requirements Last call October
155 Current Draft Policies/Proposals Draft Policies 1. ARIN : Out of Region Use 2. ARIN : Remove 7.1 [Maintaining IN-ADDRs] 3. ARIN : Removing Needs Test from Small IPv4 Transfers 4. ARIN : Change Utilization Requirements from lastallocation to total-aggregate 5. ARIN : New MDN Allocation Based on Past Utilization Draft Policy Recently abandoned: ARIN : Allow Inter-RIR ASN Transfers ARIN : Section 4.10 Austerity Policy Update ARIN : Simplifying Minimum Allocations and Assignments ARIN : Transfer Policy Slow Start and Simplified Needs Verification
156 Recently Adopted Policy 1. ARIN : NRPM 4 (IPv4) Policy Cleanup 2. ARIN : Subsequent Allocations for New Multiple Discrete Networks 3. ARIN : Remove 7.2 Lame Delegations 4. ARIN : Anti-hijack Policy 5. ARIN : Reduce All Minimum Allocation/Assignment Units to /24
157 How Can You Get Involved? There are two ways to voice your opinion: Public Policy Mailing List Public Policy Consultations/Meetings In person or remotely ARIN meetings and PPCs at NANOG
158 Public Policy Mailing List (PPML) Open to anyone Easy to subscribe to Contains: ideas, proposals, draft policies, last calls, announcements of adoption and implementation, petitions, and more Archived RSS feed available
159 ARIN Meetings Two ARIN meetings a year Attend and participate in person or remotely Check the ARIN Participate/Meetings site a few weeks prior to meeting Look at the Proposals/Draft Policies on Agenda (what and when?) Get a copy of the Discussion Guide (summaries and text) Attend/log in and state your opinion Additional Public Policy Consultations Currently being held during NANOG meetings Potential for additional ones in different venues in the future
160 Advisory Council Meetings Teleconference meetings held monthly (currently the third Thursday of the month) AC meeting results Watch PPML for AC s decisions (once a month) Read AC meeting minutes Draft Policies good or bad ideas, for or against? Last Calls For or against?
161 References Policy Development Process Draft Policies and Proposals Number Resource Policy Manual
162 Q&A
163 Q&A / Open Mic Session
164 Apply now for ARIN 35 April 2015 in San Francisco
165 Fill out & submit the survey for your chance to win a $100 Amazon Gift Card!
166 Ask ARIN ARIN staff available for your questions one-on-one
167 167 Historical Timeline
168 168 Historical Timeline
Security Overlays on Core Internet Protocols DNSSEC and RPKI. Mark Kosters ARIN CTO
Security Overlays on Core Internet Protocols DNSSEC and RPKI Mark Kosters ARIN CTO Why are DNSSEC and RPKI Important Two critical resources DNS Routing Hard to tell if compromised From the user point of
More informationMadison, Wisconsin 9 September14
1 Madison, Wisconsin 9 September14 2 Security Overlays on Core Internet Protocols DNSSEC and RPKI Mark Kosters ARIN Engineering 3 Why are DNSSEC and RPKI Important Two critical resources DNS Routing Hard
More informationSecurity Overlays on Core Internet Protocols DNSSEC and RPKI. Mark Kosters ARIN CTO
Security Overlays on Core Internet Protocols DNSSEC and RPKI Mark Kosters ARIN CTO Why are DNSSEC and RPKI Important Two critical resources DNS Routing Hard to tell if compromised From the user point of
More informationSecuring Routing: RPKI Overview. Mark Kosters Chief Technology Officer
Securing Routing: RPKI Overview Mark Kosters Chief Technology Officer Why are DNSSEC and RPKI important? Two of the most critical resources DNS Routing Hard to tell when resource is compromised Focus of
More informationSan Diego, California 25 February 2014
1 San Diego, California 25 February 2014 2 Automating Your Interactions with ARIN Mark Kosters Chief Technology Officer 3 Why Automate? Interact with ARIN faster Not dependent on ARIN s systems for user
More informationARIN Update. Mark Kosters CTO
ARIN Update Mark Kosters CTO Agenda What does ARIN do? A short ARIN status report How you can get IP space from us? 2 3 ARIN, a nonprofit member-based organization, supports the operation of the Internet
More informationSecuring Internet Infrastructure: Route Origin Security using RPKI at ARIN. Mark Kosters CTO
Securing Internet Infrastructure: Route Origin Security using RPKI at ARIN Mark Kosters CTO What is RPKI? Resource Public Key Infrastructure Attaches digital certificates to network resources AS Numbers
More informationWelcome to Your First ARIN Meeting
Welcome to Your First ARIN Meeting Handouts for you Basic information Acronym list ARIN fact sheets ARIN at a Glance Policy Development Process ARIN Participation Internet Ecosystem Self- Introductions
More informationMadison, WI 9 September 2014
1 Madison, WI 9 September 2014 2 Part 1 IPv4 Depletion Leslie Nobile Director, Registration Services 3 ARIN s IPv4 Inventory As of 2 Sept 2014, ARIN has 0.76 /8 equivalents of IPv4 addresses remaining
More informationWireless Access. SSID: Password:
Fairfield, NJ 10 September 2015 Wireless Access SSID: Password: Welcome. Here today from ARIN Dan Alexander, ARIN Advisory Council Einar Bohlin, Senior Policy Analyst Eddie Diego, Senior Resource Analyst
More informationAn ARIN Update. Susan Hamlin Director of Communications and Member Services
An ARIN Update Susan Hamlin Director of Communications and Member Services ARIN, a nonprofit member-based organization, supports the operation of the Internet through the management of Internet number
More informationWelcome. Here today from ARIN
Pittsburgh, PA 2 June 2016 Welcome. Here today from ARIN Einar Bohlin, Public Policy Analyst Richard Jimmerson, CIO & Acting Director of Registration Services Andy Newton, Chief Engineer Chris Tacit, ARIN
More informationARIN Update. Summer 2011 ESCC/Internet2 Joint Techs Mark Kosters Chief Technology Officer
ARIN Update Summer 2011 ESCC/Internet2 Joint Techs Mark Kosters Chief Technology Officer Agenda A Brief Overview of ARIN IPv4 and IPv6 Stats Call to Action Technology Initiatives 2 of 23 About ARIN Regional
More informationFirst Timers Orientation
ARIN at a Glance First Timers Orientation Brief introductions ARIN and the Regional Internet Registry (RIR) system - John Curran ARIN Tools and Services - Mark Kosters Life After IPv4 - Richard Jimmerson
More informationIPv6 Deployment: Business Case and Development Opportunities. University College of the Caribbean Internet Day. 12 July 2012 Tim Christensen, ARIN
IPv6 Deployment: Business Case and Development Opportunities University College of the Caribbean Internet Day 12 July 2012 Tim Christensen, ARIN Internet Governance Definition of Internet governance*:
More informationLife After IPv4 Depletion
1 Life After IPv4 Depletion Jon Worley Analyst Securing Core Internet Functions Resource Certification, RPKI Mark Kosters Chief Technology Officer 2 Core Internet Functions: Routing & DNS The Internet
More informationIPv6 & Internet Governance Developments. CANTO Nate Davis, Chief Operating Officer
IPv6 & Internet Governance Developments CANTO Nate Davis, Chief Operating Officer 13 August 2014 2 History of the Internet Protocol Internet Protocol version 4 (IPv4) Developed for the original Internet
More informationLife After IPv4 Depletion
1 Life After IPv4 Depletion Jon Worley Analyst Life After IPv4 Depletion Leslie Nobile Senior Director Global Registry Knowledge 2 Overview ARIN s IPv4 inventory Trends and Observations Ways to obtain
More informationWireless Access: SSID: ARIN PW: ARIN
Ottawa, Ontario 19 May 2015 Wireless Access: SSID: ARIN PW: ARIN Welcome. Here today from ARIN Paul Andersen, ARIN Board of Trustees, Vice Chair and Treasurer Susan Hamlin, Director, Communications and
More informationStatus of IPv4 Deple1on and Transfers. ASO Address Council 25 June 2014
Status of IPv4 Deple1on and Transfers ASO Address Council 25 June 2014 Agenda Status of IPv4 depletion Status of IPv4 transfers Status of IPv6 Discussion and Q&A 2 IANA Deple)on 3 What is IANA depletion?
More informationIPv4 Depletion and IPv6 Adoption Today. Richard Jimmerson
IPv4 Depletion and IPv6 Adoption Today Richard Jimmerson 2 History of the Internet Protocol Internet Protocol version 4 (IPv4) Developed for the original Internet (ARPANET) in 1978 4 billion addresses
More informationISOC presents: World IPv6 Day
ISOC presents: World IPv6 Day Today Google, Facebook, Yahoo!, Akamai and Limelight Networks will be amongst some of the major organisations offering their content over IPv6 for a 24-hour test flight. The
More informationSecuring Core Internet Functions Resource Certification, RPKI. Mark Kosters ARIN CTO
Securing Core Internet Functions Resource Certification, RPKI Mark Kosters ARIN CTO Core Internet Functions: Routing & DNS The Internet relies on two critical resources DNS: Translates domain names to
More informationAPNIC s role in stability and security. Adam Gosling Senior Policy Specialist, APNIC 4th APT Cybersecurity Forum, 3-5 December 2013
APNIC s role in stability and security Adam Gosling Senior Policy Specialist, APNIC 4th APT Cybersecurity Forum, 3-5 December 2013 Overview Introducing APNIC Working with LEAs The APNIC Whois Database
More informationAPNIC & Internet Address Policy in the Asia Pacific
APNIC & Internet Address Policy in the Asia Pacific NZ Internet Industry Forum Auckland, 29 November 2001 Anne Lord, APNIC Overview Introduction to APNIC Policy Development Address Management APNIC Update
More informationIP Address Management The RIR System & IP policy
IP Address Management The RIR System & IP policy Nurani Nimpuno APNIC Overview Early address management Evolution of address management Address management today Address policy development IP allocation
More informationHere today from ARIN
Little Rock, Arkansas 7 March 2017 Here today from ARIN Dan Alexander Jan Blacka John Curran Susan Hamlin Aaron Hughes Ed MacDonald Andy Newton Jon Worley Chair, ARIN Advisory Council Senior User Experience
More informationIPv4 depletion & IPv6 deployment in the RIPE NCC service region. Kjell Leknes - June 2010
IPv4 depletion & IPv6 deployment in the RIPE NCC service region Kjell Leknes - June 2010 Outline About RIPE and RIPE NCC IPv4 depletion IPv6 deployment Engaging the community - RIPE NCC and the RIPE community
More informationBRINGING YOU ANSWERS DENVER, CO 13 JUNE 2017
BRINGING YOU ANSWERS DENVER, CO 13 JUNE 2017 Here Today From ARIN Dan Alexander Chair, ARIN Advisory Council Susan Hamlin Director, Communications & Member Services Richard Jimmerson Chief Information
More informationThe Regional Internet Registries
The Regional Internet Registries Managing Internet Number Resources www.afrinic.net www.apnic.net www.arin.net www.lacnic.net www.ripe.net www.nro.net Global Coordination A Fair and Stable Platform Whether
More informationThe Insider s Guide To Transfers. John Sweeting - Senior Director, Registration Services Cathy Clements Transfer Services Manager
The Insider s Guide To Transfers John Sweeting - Senior Director, Registration Services Cathy Clements Transfer Services Manager Overview Transfer Basics M&A Transfer Procedure & Tips Specified Recipient
More informationLife After IPv4 Depletion. Leslie Nobile
Life After IPv4 Depletion Leslie Nobile Recent Observations Still strong demand for IPv4 Seeing increased activity in IPv4 transfers/transfer market, pre-approvals, and Specified Transfer Listing Service
More informationBRINGING YOU ANSWERS SASKATOON, SK 14 SEPTEMBER 2017
BRINGING YOU ANSWERS SASKATOON, SK 14 SEPTEMBER 2017 Here Today From ARIN Eddie Diego, Senior Resource Analyst Susan Hamlin, Director Communications and Member Services Alyssa Moore, ARIN Advisory Council
More informationPrepared by Regional Internet Registries APNIC, ARIN, LACNIC and RIPE NCC
Prepared by Regional Internet Registries APNIC, ARIN, LACNIC and RIPE NCC Overview History & Evolution Structure IP Address Management Internet Number Resource Management Policy Development Internet Number
More informationInternet Corporation for Assigned Names & Numbers - Internet Assigned Numbers Authority Update
Internet Corporation for Assigned Names & Numbers - Internet Assigned Numbers Authority Update PacNOG 3, Rarotonga Save Vocea Regional Liaison - Australasia/Pacific 17 June 2007 ICANN Mission To coordinate,
More informationIPv4 Exhaustion at ARIN
IPv4 Exhaustion at ARIN 17 April 2013 INET Denver John Curran President and CEO, ARIN 2 History of the Internet Protocol Internet Protocol version 4 (IPv4) Developed for the original Internet (ARPANET)
More informationRIR Update. A Joint Presentation Prepared By APNIC, ARIN, RIPE NCC. 17 March 2002 IEPG - Minneapolis
RIR Update A Joint Presentation Prepared By APNIC, ARIN, RIPE NCC Overview Joint Efforts RIR Specific Statistics Questions RIR Co-ordination IPv6 policy development Joint tutorial & presentation at AfNOG
More informationBRINGING YOU ANSWERS COLUMBUS, OH 2 NOVEMBER 2017
BRINGING YOU ANSWERS COLUMBUS, OH 2 NOVEMBER 2017 Here Today From ARIN Dan Alexander, Chair, ARIN Advisory Council Eddie Diego, Senior Resource Analyst Susan Hamlin, Director Communications and Member
More informationLunch with John Curran. President and CEO, ARIN
Lunch with John Curran President and CEO, ARIN 3 April 2013 History of the Internet Protocol Internet Protocol version 4 (IPv4) Developed for the original Internet (ARPANET) in 1978 4 billion addresses
More informationBRINGING YOU ANSWERS SAN DIEGO, CA 23 JANUARY 2018
BRINGING YOU ANSWERS SAN DIEGO, CA 23 JANUARY 2018 Here Today From ARIN Owen DeLong, ARIN Advisory Council Susan Hamlin, Director Communications and Member Services Richard Jimmerson, Chief Information
More informationStatus and Solutions for Whois Data Accuracy. Leslie Nobile, ARIN Tina Morris, ARIN Advisory Council
Status and Solutions for Whois Data Accuracy Leslie Nobile, ARIN Tina Morris, ARIN Advisory Council About ARIN One of 5 Regional Internet Registries (RIRs) Nonprofit corporation based in Chantilly, VA
More informationRIPE NCC Introduction. Jochem de Ruig Chief Financial Officer
RIPE NCC Introduction Chief Financial Officer RIPE NCC Contents Basics what are Internet Number Resources (INR)? The INR world The registration Legal aspects of INR RIPE NCC and Law Enforcement Basics
More informationAPNIC Update. AfriNIC June Sanjaya Services Director, APNIC
1 APNIC Update AfriNIC-14 4-10 June 2011 Sanjaya Services Director, APNIC 2 Overview Registry Update Policy Update 2011 Member and Stakeholder Survey New Building & Business Continuity Plan Upcoming Meetings
More informationRIPE Policy Development & IPv4 / IPv6
RIPE Policy Development & IPv4 / IPv6 Workshop on the IPv6 development in Saudi Arabia 8 February 2009 Axel Pawlik axel@ripe.net Overview RIPE PDP (Policy Development Process) Current Policy Issues IPv4
More informationIP addressing policies: what does this mean? Adam Gosling Senior Policy Specialist, APNIC APT PRF for the Pacific: August 2013
IP addressing policies: what does this mean? Adam Gosling Senior Policy Specialist, APNIC APT PRF for the Pacific: August 2013 Overview APNIC in the Internet ecosystem Policy development IPv4 IPv6 Public
More informationARIN Support for DNSSEC and RPKI. ION San Diego 11 December 2012 Pete Toscano, ARIN
ARIN Support for DNSSEC and ION San Diego 11 December 2012 Pete Toscano, ARIN 2 DNS and BGP They have been around for a long time. DNS: 1982 BGP: 1989 They are not very secure. Methods for securing them
More informationPublic Policy Consultation
66 Public Policy Consultation An open public discussion of Internet number resource policy held by ARIN facilitating in-person and remote participation. Held at ARIN's Public Policy Meetings and at other
More informationCurrent Policy Topics
Current Policy Topics with World Wide View 1 Overview RIPE Policy Update World Wide View - IPv4, IPv6, Transfers Promotional slides 2 RIPE Policy Update - Accepted Run Out Fairly (2009-03) - Accepted in
More informationNewcomers Session! By! Newcomers Team! 01/12/2015!
Newcomers Session By Newcomers Team 01/12/2015 INTRODUCTION AGENDA AGENDA AFRINIC- 23 AT A GLANCE INTERNET ECOSYSTEM INTERNET ECOSYSTEM The term used to describe the organisations and communities that
More informationA Policy Story - IPv4 Transfer. TWNIC OPM 26, Taipei 14 December 2016 George Kuo, Services Director
A Policy Story - Transfer TWNIC OPM 26, Taipei 14 December 2016 George Kuo, Services Director 1 About APNIC Membership-based, not-for-profit, Regional Internet Registry (RIR) Delegates and registers IP
More informationARIN Number Resource Policy Manual. Version October 15, 2004
ARIN Number Resource Policy Manual Version 2004.1 -October 15, 2004 Abstract This is ARIN's Number Resource Policy Manual (NRPM). It is available at: http://www.arin.net/policy/. Contents 1. Introduction
More informationARIN Number Resource Policy Manual
ARIN Number Resource Policy Manual Version 2008.2-27 March 2008 Abstract This is ARIN s Number Resource Policy Manual (NRPM). It is available at: http://www.arin.net/policy/. This version supersedes all
More informationAfrinic Consolidated Policy Manual
Afrinic Consolidated Policy Manual Last Updated: 26 July 2016 Version: 1.0 Contents 1.0 Introduction 2.0 General Definitions 3.0 The Policy Development Process (PDP) 3.1 Scope of the PDP 3.2 Policy Development
More informationIPv6 Allocation Policy and Procedure. Global IPv6 Summit in China 2007 April 13, 2007 Gerard Ross and Guangliang Pan
IPv6 Allocation Policy and Procedure Global IPv6 Summit in China 2007 April 13, 2007 Gerard Ross and Guangliang Pan 1 Overview Introduction to APNIC Policy development process IPv6 policy and procedures
More informationAddress Registries. David Conrad. Internet Software Consortium.
Address Registries David Conrad drc@isc.org Internet Software Consortium Overview The Regional Registries An Example: APNIC Registry Policies and Procedures Registry Funding In the Beginning Address allocation
More informationIPv6 Address Allocation and Assignment Policy
IPv6 Address Allocation and Assignment Policy How to read this draft document: This document relates to a project to improve the readability of RIPE policy documents. If approved, it will replace ripe-512,
More informationIPv4 End of Life Proposals in the RIRs
IPv4 End of Life Proposals in the RIRs David Farmer farmer@umn.edu I2-ESCC Joint Techs College Station, TX February 3, 2009 Disclaimer These are my thoughts and opinions They do NOT necessary represent
More informationSupporting Internet Growth and Evolution: The Transition to IPv6
2010/TEL41/DSG/WKSP2/004 Agenda Item: Panel Discussion 1 Supporting Internet Growth and Evolution: The Transition to IPv6 Submitted by: APNIC Workshop for IPv6: Transforming the Internet Chinese Taipei
More informationAFRINIC Consolidated Policy Manual
AFRINIC Consolidated Policy Manual CPM Revision History Date Version Comments 01 Oct 2014 Initial Draft First draft of the CPM 23 Jul 2016 1.0 Revised to include implemented policies since initial draft
More informationARIN IPv4 Update. J. Curran
ARIN IPv4 Update J. Curran IPv4 Depletion Situation Report Each RIR received its last /8 IPv4 address block from IANA on 3 February 2011. While each RIR currently has IPv4 addresses to allocate, it is
More informationAPNIC Update. RIPE 59 October 2009
APNIC Update RIPE 59 October 2009 Overview APNIC Services Update APNIC 28 policy outcomes APNIC Members and Stakeholder Survey Next APNIC Meetings Resource Delegations (1 Oct 09) No of /8 delegated No
More informationIPv6, Act Now! Daniel Karrenberg, RIPE NCC Chief Scientist
IPv6, Act Now! Daniel Karrenberg, RIPE NCC Chief Scientist Who is talking: Daniel Karrenberg 1980s: helped build Internet in Europe EUnet, Ebone, IXes,... RIPE 1990s: helped build RIPE NCC 1st CEO: 1992-2000
More informationLEA Workshop. Champika Wijayatunga & George Kuo, APNIC Wellington, New Zealand 09, May, 2013
LEA Workshop Champika Wijayatunga & George Kuo, APNIC Wellington, New Zealand 09, May, 2013 Agenda Introduction to APNIC Know about APNIC Internet Policy Development How the Internet Policies are developed
More informationImplementing the Global Policy for Post Exhaustion IPv4 Allocation Mechanisms by the IANA
Implementing the Global Policy for Post Exhaustion IPv4 Allocation Mechanisms by the IANA Implementing the Global Policy for Post Exhaustion IPv4 Allocation Mechanisms by the IANA/Public/Final/LLV i Table
More informationEngineering Status Report. Mark Kosters
Engineering Status Report Mark Kosters Engineering Theme 2011 success was aided by contractors Lots of work yet to do (but a great deal now done) An age for new engineers Operations 7 people (one position
More informationNumber Resource Policy Manual
Number Resource Policy Manual Version 2017.1 21 February 2017 Abstract This is ARIN s Number Resource Policy Manual (NRPM). It is available at: https://www.arin.net/policy/. This version supersedes all
More informationUpdate on Resource Certification. Geoff Huston, APNIC Mark Kosters, ARIN IEPG, March 2008
Update on Resource Certification Geoff Huston, APNIC Mark Kosters, ARIN IEPG, March 2008 Address and Routing Security What we have had for many years is a relatively insecure interdomain routing system
More informationManaging Internet Resources
Managing Internet Resources 4th Internet Governance Forum German Valdez Communications Area Manager APNIC Sharm El Sheikh, Egypt 15 October 2009 1 Internet Resources how are the managed? Where do IP addresses
More information10 March Informal Expert Group for the ITU World Telecommunication Policy Forum
10 March 2009 Informal Expert Group for the ITU World Telecommunication Policy Forum The Internet Society has been actively engaged in the preparation of the next World Telecommunication Policy Forum (WTPF)
More informationIPv6 Allocation Policy and Procedure. Global IPv6 Summit in China 2007 April 13, 2007 Gerard Ross and Guangliang Pan
IPv6 Allocation Policy and Procedure Global IPv6 Summit in China 2007 April 13, 2007 Gerard Ross and Guangliang Pan 1 Overview Introduction to APNIC Policy development process IPv6 policy and procedures
More informationARIN Policies How to Qualify for Number Resources. Leslie Nobile
ARIN Policies How to Qualify for Number Resources Leslie Nobile Director, Registration Services ARIN Policies IPv4 IPv6 ASN Terms Allocate to issue number resources to ISPs (LIRs) for internal networks
More informationIPv6 Addressing Status and Policy Report. Paul Wilson Director General, APNIC
IPv6 Addressing Status and Policy Report Paul Wilson Director General, APNIC Overview Introduction to APNIC Role and responsibilities IPv6 deployment status Allocations, Registration and Routing Asia Pacific
More informationThis document contains the Draft and Recommended Draft Policies on the agenda for this Public Policy and Members Meeting.
Discussion Guide 1 Welcome to ARIN 42! Policies in the ARIN region are developed by the Internet community using the open and transparent ARIN Policy Development Process (PDP). The Internet community develops
More informationInternet Addressing and the RIR system (part 2)
Internet Addressing and the RIR system (part 2) 12 February 2004 Phnom Penh, Cambodia Paul Wilson, APNIC Overview Part 2 Allocation statistics Asia Pacific Internet Resource statistics Global Internet
More informationProblem. BGP is a rumour mill.
Problem BGP is a rumour mill. We want to give it a bit more authorita We think we have a model AusNOG-03 2009 IP ADDRESS AND ASN CERTIFICATION TO IMPROVE ROUTING SECURITY George Michaelson APNIC R&D ggm@apnic.net
More informationISP 1 AS 1 Prefix P peer ISP 2 AS 2 Route leak (P) propagates Prefix P update Route update P Route leak (P) to upstream 2 AS 3 Customer BGP Update messages Route update A ISP A Prefix A ISP B B leaks
More informationInternet Numbers Introduction to the RIR System
Internet Numbers Introduction to the RIR System Chafic Chaya MEAC-IG Summer School, AUB - Lebanon August 2016 1 Who Runs the Internet? The short answer is NO ONE!!! Chafic Chaya MEAC-IG Summer School August
More informationRIPE Global Policy for IPv4 Allocations by
RIPE 2010 5 Global Policy for IPv4 Allocations by the IANA Post Exhaustion RIPE 61 Roma, Italy 17 NOV 2010 A.D. Jason Schiller Housekeeping Definitions ICANN (IANA) Legacy address space RFC 2050 Needs
More informationRPKI Trust Anchor. Geoff Huston APNIC
RPKI Trust Anchor Geoff Huston APNIC Public Keys How can you trust a digital signature?? What if you have never met the signer and have no knowledge of them or their keys? One approach is transitive trust
More informationQuick Guide to Requesting Resources from ARIN
Quick Guide to Requesting Resources from ARIN 1. Review Qualifying for Resources below to verify you qualify for the requested resources. 2. Read the applicable policies in ARIN s Number Resource Policy
More informationInternet Governance & Current Internet Eco-system. Filiz Yilmaz SNE Colloquium, University of Amsterdam September 2016
Internet Governance & Current Internet Eco-system Filiz Yilmaz SNE Colloquium, University of Amsterdam September 2016 koalafil@gmail.com Overview Who am, I why am I here? Brief History of Internet Internet
More informationIPv4 Run-Out, Trading, and the RPKI
IPv4 Run-Out, Trading, and the RPKI MENOG 3 / Salmiya 2008.04.15 Randy Bush http://rip.psg.com/~randy/080415.menog-v4-trad-rpki.pdf 2008.04.15 MENOG v4 Trade RPKI 2 Internet Initiative
More informationInternet Resource Certification and Inter- Domain Routing Security! Eric Osterweil!
Internet Resource Certification and Inter- Domain Routing Security! Eric Osterweil! Who is allowed to do what?! BGP (the Internet s inter-domain routing protocol) runs by rumor Participants assert reachability
More informationAPNIC Update. Paul Wilson. ARIN October 2013
APNIC Update Paul Wilson ARIN 32 10 October 2013 Overview Serving APNIC Members Supporting Internet development in the Asia Pacific region Collaborating with the Internet community Corporate support APNIC
More informationAPNIC elearning: Internet Registry Policies. Revision:
APNIC elearning: Internet Registry Policies Issue Date: 01/04/2015 Revision: Overview Allocation and Assignment Portable and Non-Portable Addresses IRM Objectives and Goals APNIC Policy Environment APNIC
More informationHow to participate in RIR Policy Development Processes. Louie Lee ASO Address Council ICANN 35 Buenos Aires, Argen8na 24 June 2015
How to participate in RIR Policy Development Processes Louie Lee ASO Address Council ICANN 35 Buenos Aires, Argen8na 24 June 2015 How to participate in RIR Policy Development Processes ASO and ICANN Number
More informationResource Public Key Infrastructure
Resource Public Key Infrastructure A pilot for the Internet2 Community to secure the global route table Andrew Gallo The Basics The Internet is a self organizing network of networks. How do you find your
More informationAPNIC Policies and the PDP. APNIC Regional Meeting Manila, Philippines
APNIC Policies and the PDP APNIC Regional Meeting Manila, Philippines 1 Agenda What are APNIC Policies? What is the PDP? APNIC Resource Policies Policy environment for Internet number resource distribution
More informationPKI-An Operational Perspective. NANOG 38 ARIN XVIII October 10, 2006
PKI-An Operational Perspective NANOG 38 ARIN XVIII October 10, 2006 Briefing Contents PKI Usage Benefits Constituency Acceptance Specific Discussion of Requirements Certificate Policy Certificate Policy
More informationDraft Applicant Guidebook, v3
Draft Applicant Guidebook, v3 Module 5 Please note that this is a discussion draft only. Potential applicants should not rely on any of the proposed details of the new gtld program as the program remains
More informationFacilitating Secure Internet Infrastructure
Facilitating Secure Internet Infrastructure RIPE NCC http://www.ripe.net About the RIPE NCC RIPE Network Coordination Centre Bottom-up, self-regulated, membership association, notfor-profit Regional Internet
More informationIPv6 Deployment and Distribution in the RIPE NCC Service Region. Marco Schmidt IP Resource Analyst Monday, 23 April 2012
IPv6 Deployment and Distribution in the RIPE NCC Service Region Marco Schmidt IP Resource Analyst Monday, 23 April 2012 Topics: RIPE NCC IPv4 - review and last /8 IPv6 - current status How to get IPv6
More informationInternet Protocol Addresses What are they like and how are the managed?
Internet Protocol Addresses What are they like and how are the managed? Paul Wilson APNIC On the Internet, nobody knows you re a dog by Peter Steiner, from The New Yorker, (Vol.69 (LXIX) no. 20) On the
More informationRegional Internet Registries. Statistics & Activities
Regional Internet Registries Statistics & Activities IEPG @ IETF 58 Minneapolis Prepared By APNIC, ARIN, LACNIC, RIPE NCC 9 November 2003 IEPG @ IETF 58 Minneapolis Overview Internet Number Resource Status
More informationSupporting Internet Growth and Evolution: The Transition to IPv6
Supporting Internet Growth and Evolution: The Transition to IPv6 Bali IPv6 Summit, Bali 9 June 2010 Sanjaya Services Director, APNIC 1 Overview Recap About APNIC Reality check: where are we now? Transition
More informationRegional Internet Registries. Statistics & Activities
Regional Internet Registries Statistics & Activities IEPG @ IETF 58 Minneapolis Prepared By APNIC, ARIN, LACNIC, RIPE NCC Overview Internet Number Resource Status Report RIR Activities Joint Number Resource
More informationUpdate from the RIPE NCC. David Hilario, RIPE NCC
Update from the RIPE NCC David Hilario, RIPE NCC The Internet Registry System 2 Regional Internet Registries (RIR) Distribution and registration of Internet number resources: IP addresses, AS Numbers Not-for-profit
More informationFacilitating IPv6 Deployment. Mirjam Kühne, RIPE NCC
Facilitating IPv6 Deployment Mirjam Kühne, RIPE NCC Agenda Introduction - RIPE, the RIPE NCC and the Policy Development Process RIPE Labs - IPv6 Statistics and Measurements Capacity Building
More informationInternet Number Resources
Internet Number Resources 1 Internet Number Resources Key Internet resources IPv6 addresses Autonomous System number IPv4 addresses Internet Fully Qualified Domain Name Internet Number Resources The IP
More informationEngineering Report. Mark Kosters
Engineering Report Mark Kosters Staffing Operations 7 operations engineers + 2 managers (AT FULL STRENGTH) Development 8 programmers + manager (AT FULL STRENGTH) New PM taken from engineering New hire
More information