BRINGING YOU ANSWERS COLUMBUS, OH 2 NOVEMBER 2017
|
|
- Tabitha Higgins
- 6 years ago
- Views:
Transcription
1 BRINGING YOU ANSWERS COLUMBUS, OH 2 NOVEMBER 2017
2 Here Today From ARIN Dan Alexander, Chair, ARIN Advisory Council Eddie Diego, Senior Resource Analyst Susan Hamlin, Director Communications and Member Services Richard Jimmerson, Chief Information Officer
3 Let s Get Started! Housekeeping items Self introductions: One question you would like answered today? Wireless: Westin Meetings Password: ARIN17
4 Morning Agenda 9:30-9:45 AM Welcome and Introductions 9:45-10:15 AM ARIN Mission and Services 10:15-10:45 AM ARIN Technical Services Break 10:55-11:30 AM ARIN Internet Number Resource Policy 11:30-12:15 PM Life After IPv4 12:15-1:15 PM Lunch
5 Afternoon Agenda 1:15-2:00 PM DNSSEC and Resource Certification(RPKI) Break 2:15-3:00 PM Everything You Ever Wanted To Know About IPv6 3:00-3:15 PM WHOIS Accuracy 3:15-3:30 PM Open Microphone and Wrap-up
6 ARIN and the RIR System: Mission, Role and Services Susan Hamlin Director, Communications and Member Services
7 What do the RIRs do? Manage the distribution of IP addresses and Autonomous System numbers (ASNs) Provide reverse DNS and a public Whois database Support Internet infrastructure through technical coordination
8 Regional Internet Registries
9 ARIN s Service Region The ARIN Region includes many Caribbean and North Atlantic islands, Canada, the United States and outlying areas.
10 The RIRs are Independent Not-for-profit Fee for services, not number resources 100% community funded Membership-based Internet service providers (ISPs), telecommunication organizations and large corporations Community Regulated Community developed policies Member-elected governing boards Open and transparent
11 Distribution of IP Addresses
12 ARIN, a nonprofit member-based organization, supports the operation of the Internet through the management of Internet number resources throughout its service region; coordinates the development of policies by the community for the management of Internet Protocol number resources; and advances the Internet through informational outreach.
13 The ARIN Community includes 37,000+ organizations served 20,000+ customers paying fees for services 5,6000+ members 80+ professional staff and anyone with an interest in Internet number resource management in the ARIN region.
14 Community-based Leadership ARIN is governed by individuals who are elected by our membership. Board of Trustees: 6 elected, 3 year terms Advisory Council: 15 elected, 3 year terms Number Resource Organization Number Council 2 elected, 3 year terms; 1 member appointed by the ARIN Board
15 Board of Trustees 7 Member Board of Trustees 6 elected by the membership President and CEO also a voting member 2 seats open each election/year Ability to appoint an additional voting member for diversity Maintains authority over the scope, mission, and establishes the strategic direction and fiscal oversight
16 Advisory Council 15 Member Advisory Council Elected by the membership 5 seats open each year/election Serves in an advisory capacity to the Board on Internet number resource policy and related matters Forwards consensus-based policy proposals to the Board for ratification
17 NRO NC/ ASO AC Number Resource Organization Number Council (NRO NC) Address Supporting Organization Advisory Council (ASO AC) 15 member body/3 per RIR 2 elected and one appointed Global policy development process Selects ICANN Board seats 9 and 10 Provides advice to the ICANN Board on number resource allocation policy, in conjunction with the RIRs
18 Strategic Planning ARIN performs its mission according to a Strategic Plan. Updated annually, this plan drives the creation of organizational objectives and the internal work plan. ARIN s Strategic Plan And Objectives:
19 Our Focus Uphold the multi-stakeholder model for management of Internet number resources Educate the community about ongoing IPv6 adoption and imminent IPv4 obsolescence Maintain, develop, and enhance functionality of ARIN services as sought by the users and supported by the membership Coordinate globally to maintain a consistent and highly usable Internet Numbers Registry system
20 ARIN Manages: IP address allocations & assignments ASN assignment Transfers Reverse DNS Record Maintenance Directory services Whois, Whowas...
21 ARIN Services ARIN Online (customer web portal) Security (DNSSEC, RPKI) Community Software Project Repository Whois-RWS Whois and Registration Data Access Protocol (RDAP) directory services Operational Test & Evaluation (OT&E) Environment
22 Training and Education Educational Materials library Instructional Video Library In-person Training/Education ARIN on the Road ARIN + NANOG on the Road Other fora upon request
23 Outreach & Community Engagement Policy Development through Public Policy Meetings and Consultations Work closely with the technical community to ensure education, empowerment, engagement Collaborate with Caribbean organizations to maximize inclusion
24 Global Community Engagement Foster working relationships on a global scale Be a key technical resource Support cooperation and direct involvement alongside governments and international organizations
25 Get6 - teamarin.net/get6/ IPv6 Outreach getipv6.info Focus on getting public websites IPv6-enabled Case studies featuring implementations Featuring Forward Thinkers who have done it already Wiki list of IPv6 webhosters, DNS providers, trainers, & consultants
26 ARIN Mailing Lists ARIN Announce: ARIN Discussion: (members only) ARIN Public Policy: ARIN Consultation: ARIN Issued: ARIN Technical Discussions: Suggestions:
27 Mailing lists You Can Participate! Public Policy and Members Meetings (remote participation) Volunteer: - Fellowship Selection Committee - Nomination Committee - Meeting Mentor to ARIN Fellows Write a guest blog for TeamARIN.net Members Vote in annual elections
28 Feedback Channels Feedback Button - instant feedback from anywhere on our site Transaction Surveys Documented Feedback From Telephone Calls And Tickets Consultation And Suggestion Process (ACSP) Customer Satisfaction Survey coming soon Direct Feedback At Meetings Mailing Lists & Social Media
29 Questions & Discussion
30 ARIN Technical Services Richard Jimmerson Chief Information Officer
31 How Many Records Do We Manage? Networks Direct Indirect ASNs Reverse DNS Delegations Organizations Org IDs Customers Points of Contact Web Users... for a grand total of?
32 Networks: 3,069,469 Direct: 57,764 Indirect: 3,011,705 ASNs: 25,920 Almost 8 Million! Reverse DNS Delegations: 606,584 Organizations: 3,183,197 Org IDs: 733,927 Customers: 2,449,270 Points of Contact: 725,975 Web Users: 121, for a grand total of 7,732,279
33 Major Technical Service Areas Core Registry Functions (ARIN Online) Resource Registration & Management Whois Reverse DNS New Services Web-based reassignment management (SWiP-EZ) DNSSEC & RPKI WhoWas RDAP RESTful Interfaces Operational Test & Evaluation Environment (OT&E) Technical Support
34 Core Registry Services ARIN Online Registering ASNs and IPv4/IPv6 blocks Including reassignments and reallocations Transferring ASNs and IPv4/IPv6 blocks Managing org & contact information Managing reverse DNS & RPKI Bulk Whois and WhoWas Reports Invoices and Bill Payment All now available via ARIN Online
35 ARIN Online - Total Users 140, , , , ,000 92,866 80,000 60,000 49,524 64,185 78,074 40,000 20, ,831 12,799 2,
36 ARIN Online Usage Frequency # Users 90,000 80,000 70,000 60,000 50,000 40,000 30,000 20,000 10, ,607 Occasional (0-5 Logins) 23,438 Regular (6-25 Logins) 10,921 Active ( Logins) One user logged in 1,319,292 times! 1,533 Very Active (> 100 Logins)
37 Web-Based Reassignment Management Manage customer reassignments (SWIPs) via ARIN Online Comprehensive reassignment report Generates a spreadsheet of all reassignments made from your space along with holes (unassigned space) Recommended for ISPs managing a small number of records
38 DNSSEC & RPKI Security for core Internet protocols Stay tuned for details...
39 WhoWas Spreadsheet with registration history for one ASN/IP address Requested by the community Common uses include Researching the history of an IPv4 block prior to entering into a transfer Investigating possible unauthorized changes Law enforcement
40 Registration Data Access Protocol (RDAP) Designed by the IETF to replace Whois Whois was designed for humans to read, not for machines to interact with Provides standardized HTTP-based RESTful JSON responses Plays well with machines Can offer referral responses If you ask ARIN for a record that s held by another RIR, we point you to it
41 RDAP In Action Client Bootstrap Server ARIN APNIC ? Ask ARIN ? Ask APNIC ? JSON
42 Automating With REST Services Reg-RWS Reassignments (SWiP) Reports DNS / RPKI Management Whois RDAP Whois-RWS
43 What is REST? REpresentational State Transfer Uses HTTP & URLs to create, read, update, and delete data Widespread industry adoption Easily understood Any modern programmer can incorporate it
44 The BIG Advantage of REST Allows you to automate your interactions with ARIN Customer reassignment management Reverse DNS management Can use existing tools ARINcli 6connect Or, write your own!
45 What does REST look like? Where the data is. What type of data it is. The ID of the data. It s a standard URL. Anyone can use it. Go ahead, put it into your browser. We dare you.
46 Reg-RWS Transactions (cumulative restful/templates) 7,000,000 6,000,000 5,000,000 4,000, M 1.0M 4.3M 1.3M 4.7M 1.5M 5.0M 1.7M 5.6M 2.0M 6.0M 6.2M 2.2M 2.4M 6.5M 2.5M 3,000,000 2,000,000 1,000, k 40k 596k 320k 846k 841k 0
47 For more information RESTful Web Services O Reilly Media Leonard Richardson Sam Ruby
48 Operational Test & Evaluation (OT&E) Lots of people test in production Is not the best place to test Things do get stuck may impact others Operational Test & Evaluation Goodness of OT&E Place to test code/processes All services now under ote.arin.net except Need to register to participate
49 Ask ARIN Technical Support Phone Help Desk 7AM 7PM ET M-F support via arin-tech-discuss mailing list Make sure to subscribe Archives contain useful information
50 In the works a new design!
51 Q&A
52 ARIN Internet Number Resource Policy your participation matters Dan Alexander ARIN Advisory Council Chair
53 ARIN s Policy Development Process Video
54 What Do Internet Number Resource Policies Do? ARIN applies policies to the management of Internet number resources and certain directory and registry services. Policies are given effect through the application of business rules and operating procedures
55 What is the NRPM? The Number Resource Policy Manual (NRPM) is the collection of all ARIN policies, arranged by topic. Topics include: Definitions Directory Services IPv4 IPv6 AS Numbers Transfers View the NRPM at:
56 Policy Example NRPM End-users ARIN assigns blocks of IP addresses to end-users who request address space for their internal use in running their own networks, but not for sub-delegation of those addresses outside their organization. End-users must meet the requirements described in these guidelines for justifying the assignment of an address block.
57 Policy Principles Internet number resource policy must: Enable fair and impartial number resource administration Be technically sound (providing for uniqueness and usability of number resources) Have support from the community
58 Where do Policies Come From? Proposals for policy change can come from anyone, and follow a basic template: Proposals go to policy@arin.net
59 Policy Development Process (PDP) 1) Proposal Someone sends a Proposal to policy@arin.net using the approved template 2) The Advisory Council (AC) Chair assigns AC shepherds Shepherds manage the Proposal, working closely with the author(s) and encourage feedback To be accepted as a Draft Policy, a proposal must contain a clear problem statement and be within the scope of ARIN's mission 3) Draft Policy- Work in progress, discussed on the mailing list and at Public Policy Meetings and Consultations Once a Draft Policy meets the Principles of Internet Number Resource Policy, the AC may recommended it for adoption
60 Policy Development Process (PDP) continued 4) Recommended Draft Policy More discussion and presentation at meeting(s). Does the community support turning this into policy? 5) Last Call 6) Board Review and Adoption 7) Staff Implementation (NRPM)
61 Petitions The community may petition for or against several AC actions, including: Against the rejection of a Proposal Against the abandonment of a Draft Policy or Recommended Draft Policy For the movement of a Proposal to Draft Policy status For the movement of a Draft Policy to Recommended Draft Policy status Movement of a Recommended Draft Policy to Last Call status
62 Principles of the PDP Open Developed in open forums Anyone can participate Transparent All aspects documented and available on website Bottom-up Policies developed by the community Staff implements, but does not make policy
63 The Importance of Participation A single community member can propose a policy change, or spark an important discussion in support or opposition to a potential change. Many significant policies have gone through the entire PDP with only a handful of voices speaking for or against them.
64 Example: ARIN Purpose: reduce the minimum allocation/assignment size to /24 for all networks, whether end-user or ISP, and whether single or multi-homed. Discussion was extensive; many voices spoke up about how a minimum of /24 would help the community pre- and post- depletion, and PPML saw an extended last call. How Many Community Members Did it Take to Bring ARIN to Fruition?
65 Twenty-six! Out of 1,850+ PPML subscribers: Ten total contributors PPC at NANOG 61 Show of Hands Total attendees/remote participants: 49 In favor: 16 Against: 0 Board ratified in August 2014 Staff implemented one month later
66 Recently Adopted Policies ARIN : Alternative simplified criteria for justifying small IPv4 transfers Allows orgs to double holdings up to a /16 with 80% prior utilization. ARIN : Streamline Merger & Acquisition Transfers Removes additional needs test for combined resources of acquiring/acquired orgs
67 Draft Policies Under Discussion ARIN : Update to NPRM 3.6: Annual Whois POC Validation ARIN : Remove Reciprocity Requirement for Inter-RIR Transfers ARIN : Improve Reciprocity Requirement for Inter-RIR Transfers ARIN : Amend the Definition of Community Network
68 Proposals Under Discussion ARIN-prop-244: Clarification of initial block size for IPv4 ISP transfers ARIN-prop-245: Repeal of Immediate Need for IPv4 Address Space (NRPM Section ) ARIN-prop-246: Reallocation and Reassignment Language Cleanup ARIN-prop-247: Require New POC Validation Upon Reassignment
69 Takeaways ARIN doesn't create number policy, you do, and it s as easy as submitting a Proposal. Policy development includes assistance from the Advisory Council throughout the process. Stay informed. Join the policy list and/or attend meetings (in person or remotely).
70 References Policy Development Process (PDP) Draft Policies and Proposals Number Resource Policy Manual (NRPM)
71 Q&A
72 Life After IPv4 Depletion Eddie Diego Senior Resource Analyst
73 Overview IPv4 Request Activity Reserved IPv4 Space IPv4 Waiting List IPv4 Transfer Market Specified Transfer Listing Service (STLS)
74 IPv4 Requests Since Depletion Jul-15 Aug-15 Sep-15 Oct-15 Nov-15 Dec-15 Jan-16 Feb-16 Mar-16 Apr-16 May-16 Jun-16 Jul-16 Aug-16 Sep-16 Oct-16 Nov-16 Dec-16 Jan-17 Feb-17 Mar-17 Apr-17 May-17 Jun-17 Jul-17 Aug-17
75 IPv4 Waiting List Requesters have the waiting list option Initial /21 (ISP) or /24 (EU) with no justification Larger blocks based on 24 month need Requester may specify a smaller acceptable size One request per org on the list at a time Oldest requests filled first Requests met by transfer are removed
76 IPv4 Waiting List Block Sources IANA Redistribution (2x a year) Down from /11 May 2014 to /19 March 2017 Returned IPv4 Blocks Revoked IPv4 Blocks Generally for nonpayment Lengthy review process before reissue
77 Reissue Review Process RSD analyzes returned/revoked blocks Unrouted blocks get priority over routed blocks Need verification the return/revoke was done properly FSD confirms fees unpaid & notices sent Meeting held to confirm reissue Legal review 4 management team signatures required blocks reviewed in each meeting 328 blocks currently in the review process
78 IPv4 Waiting List Growth
79 IPv4 Waiting List Statistics Of the 799 requests added: 342 (43%) have been filled Last request filled waited ~13 months 187 (23%) dropped off Most got IPv4 via the transfer market 270 (38%) still waiting Oldest added 9 Aug 2015
80 Waiting Time Of the 342 completed requests: Average 15 months wait Longest wait: 24 months Of the 187 closed requests: Average 7 months before close Longest wait: 21 months (filled via transfer)
81 IPv4 Critical Infrastructure Reserve 2 /16s reserved for: Public exchange points ICANN-sanctioned Core DNS operators RIRs IANA New gtlds not eligible 13.1% used
82 Reserved IPv4 for IPv6 Deployment... stay tuned. J We ll discuss this policy in the IPv6 presentation.
83 IPv4 Transfer Policies Mergers and Acquisitions (NRPM 8.2) Traditional transfer resulting from a merger, acquisition, or reorganization supported by legal documentation Transfers to Specified Recipients (NRPM 8.3) IPv4 market transfer from one organization to another that it specifies, supported by justified need (within region) Inter-RIR transfers to Specified Recipients (NRPM 8.4) IPv4 market transfer from one organization to another that it specifies, supported by justified need (between regions)
84 Specified Recipient Transfer Allows orgs with unused IPv4 resources to transfer them to orgs in need of IPv4 resources Source Must be current registrant, no disputes Not have received addresses from ARIN for 12 months prior Recipient Demonstrate need for 24-month supply under current ARIN policy
85 Specified Recipient Transfer Growth Jul-15 Aug-15 Sep-15 Oct-15 Nov-15 Dec-15 Jan-16 Feb-16 Mar-16 Apr-16 May-16 Jun-16 Jul-16 Aug-16 Sep-16 Oct-16 Nov-16 Dec-16 Jan-17 Feb-17 Mar-17 Apr-17 May-17 Jun-17 Jul-17 Aug-17
86 Inter-RIR Transfers RIR must have reciprocal, compatible needs-based policies Currently APNIC and RIPE NCC Transfers from ARIN Source cannot have received IPv4 from ARIN 12 months prior to transfer Must be current registrant, no disputes Recipient meets destination RIR policies Transfers to ARIN Must demonstrate need for 24-month supply under current ARIN policy
87 Inter-RIR Transfers Completed Jul-15 Aug-15 Sep-15 Oct-15 Nov-15 Dec-15 Jan-16 Feb-16 Mar-16 Apr-16 May-16 Jun-16 Jul-16 Aug-16 Sep-16 Oct-16 Nov-16 Dec-16 Jan-17 Feb-17 Mar-17 Apr-17 May-17 Jun-17 Jul-17 Aug-17
88 No Drop In IPv4 Consumption Total /24s Free Pool Transfer Market
89 Minimal Drop in IPv4 Workload IPv4 Requests Need-Based Transfer Requests
90 Transfer Pre-Approval Optional free service to confirm your 24 month projected IPv4 need Receive IPv4 addresses via multiple need-based transfers up to the pre-approved amount over the next 24 months $300 fee to complete each transfer Now paid at the time transfer is submitted
91 Specified Transfer Listing Service (STLS) Optional fee-based service to facilitate specified recipient and inter-rir transfers Sources have IPv4 addresses verified as available Recipients have a verified need for IPv4 addresses Facilitators arrange transfers between parties Approved participants can view detailed information for all other participants Public summary available on ARIN s website Available block sizes # of source ORGs and approved block sizes List of facilitators with contact information
92 Takeaways IPv4 consumption still strong If you need IPv4: Get pre-approved & look at transfer market Get an IPv6 block & use reserved IPv4 block for IPv6 deployment policy Wait List an option if you can defer need IPv6 is the future
93 Q&A
94 LUNCH Starting back at 1:15 PM
95 Securing Core Internet Functions DNSSEC and Resource Certification Richard Jimmerson Chief Information Officer
96 What is DNSSEC? A DNS extension which authenticates responses When you ask how to get to DNSSEC verifies the answer is from ARIN and not someone pretending to be us Doesn t ensure the answer is correct, just that it s coming from the right place
97 Why is DNSSEC Important? Standard DNS is not secure Trivial to spoof (provide false responses)... so an attacker can redirect people looking for to his own site... and then steal login information. DNSSEC is (surprise) secure An attacker can try to redirect traffic, but DNSSEC will show it s not a valid response
98 DNS Cache Poisoning Attacker gives the nameserver a poisoned (incorrect) response to If accepted, this nameserver will direct people to the fake site, typically for hours... and any nameservers that trust the poisoned one will also become poisoned.
99 Case Study: Kashpureff Attack Eugene Kashpureff didn t like Internic s control of top level domains In 1996, he used DNS cache poisoning to redirect Internic traffic to his own site Kashpureff was eventually convicted of computer fraud This attack could have been prevented with DNSSEC
100 Case Study: Kaminsky Flaw 2008: Dan Kaminsky discovered a fundamental flaw in the DNS protocol 65,536 Transaction IDs in DNS makes it easy to guess the right one & spoof Updates to DNS software makes this flaw more difficult to exploit, but not impossible These attacks can be prevented with DNSSEC
101 Case Study: Bradesco Bradesco is a bank in Brazil DNS cache poisoning attack resulted in 1% of the bank s customers being redirected to a fake site Getting login credentials for 1% of a large bank s customers could be disastrous Networks not using DNSSEC are vulnerable to a similar attack
102 Other Uses 1. Protect DKIM & SPF Without DNSSEC, an attacker can make use your addresses for spam. 2. SSH Initial Host Key Exchange Protect SSH Fingerprint (SSHFP) records. 3. PGP Key Distribution Use _pka records to distribute PGP keys easily usable by GnuPG 4. DANE Coming standard from the IETF to use DNS as a global public key infrastructure.
103 DNSSEC Usage Statistics ARIN 39 Number of Orgs with DNSSEC 139 Total Number of Delegations 620,412 DNSSEC Secured Zones 671 Percentage Secured 0.11 %
104 Using DNSSEC with ARIN Remember: this is for reverse DNS, not forward DNS Use your DNS server software to: Generate your key pair Create DS records to upload to ARIN via ARIN Online or Reg-RWS Sign your DNS zones
105 DNSSEC Configuration Ensure the required DNSKEY, RRSIG, NSEC, and DS records are published in your nameservers Consult your zone file.. ARIN provides only reverse DNSSEC Make sure to also secure your forward DNS through your domain registrar
106 How It Works DNSSEC adds new resource records into your zone file. These records are signed off-line. Two types of public/private key pairs Zone Signing Key (ZSK) is used to sign records in the zone Key Signing Key (KSK) signs the ZSK. Usually longer lived than the ZSK.
107 Signed & Unsigned Zones in-addr.arpa IN SOA ns1.arin.net. dns-ops.arin.net in-addr.arpa IN NS ns1.arin.net in-addr.arpa IN NS ns2.arin.net in-addr.arpa IN NS ns2.lacnic.net in-addr.arpa IN NS sec1.apnic.net in-addr.arpa IN NS sec1.authdns.ripe.net in-addr.arpa IN PTR host arin.net in-addr.arpa IN PTR host arin.net in-addr.arpa IN SOA ns1.arin.net. dns-ops.arin.net in-addr.arpa IN RRSIG NSEC in-addr.arpa. p33dgtslyg/qoduon6xgrfuwfrdildyqtjfl/i077alza/usj0r3furj 3FikILZOodCWez0yiKYwKaUYlGiFgZyWSlDTrbMgnLBG162tQrby8wAQ Ke1mOYRBdSOT6swRzhJx6rRRSH4C0/3YpQqmKZsplQisyTdbykhy4N3h 38M= in-addr.arpa IN DNSKEY AwEAAXCN3mUJUntP90L4F4oNxxlzKFos9FYD0wxTqxoWueBjFVAvS9vt FSAC7sV4yqKF3NbOOgk81Ep8n8BLZ3vvhnL8/y6Gf3K+d/yvK248ZWR6 +r+aasv6icmeloqhajzuam/emrlj4kj96lvjfvmewdpnnsyzen30ofpc sswvvamh in-addr.arpa IN NSEC in-addr.arpa. NS SOA RRSIG NSEC DNSKEY in-addr.arpa IN NS ns1.arin.net in-addr.arpa IN PTR host arin.net. A signed zone file will have RRSIG, NSEC, and DNSKEY records.
108 New Record Types DNSKEY records holding the public zone signing key and key signing key RRSIG records holding the cryptographic signatures of the other DNS records NSEC records cryptographically stitching the other records together DS these point to your zone like an NS record (needed in the parent zone)
109 How Do I Know It s Working? Use a DNSSEC validating resolver. Popular options include:
110 Takeaways If you re not using DNSSEC, you re vulnerable to a DNS cache poisoning attack Plenty of readily available documentation regarding implementation details If we can help, contact us
111 Q&A
112 Securing Core Internet Functions RPKI
113 Routing A Primer
114 Routing Architecture The Internet uses a two level routing hierarchy: Interior Routing Protocols, used by each network to determine how to reach all destinations that line within the network Interior Routing protocols maintain the current topology of the network
115 Routing Architecture The Internet uses a two level routing hierarchy: Exterior Routing Protocol, used to link each component network together into a single whole Exterior protocols assume that each network is fully interconnected internally
116 Exterior Routing: BGP BGP is a large set of bilateral (1:1) routing sessions A tells B all the destinations (prefixes) that A is capable of reaching B tells A all the destinations that B is capable of reaching / / /18 A B /24
117 What is RPKI? Resource Public Key Infrastructure Cryptographically certifies network resources AS Numbers IP Addresses Also certifies route announcements Route Origin Authorizations (ROAs) allow you to authorize your block to be routed
118 Why is RPKI Important? Allows routers (or other processes) to validate routes as authorized Provides stronger validation than existing technologies, such as: Routing registries LOAs Seems legit 118
119 Case Study: YouTube Pakistan Telecom was ordered to block YouTube Naturally, they originated their own route for YouTube s IP address block YouTube s traffic was temporarily diverted to Pakistan Could have been prevented with widespread adoption of RPKI
120 Case Study: Turk Telekom Turkish President ordered censorship of Twitter Turk Telekom s DNS servers were configured to return false IP addresses So people started using Google s DNS ( ) Turk Telekom hijacked Google s IP addresses in BGP Could have been prevented with RPKI
121 Case Study: Bitcoin Late 2013 & early 2014, Dell Secure Works noticed /24 announcements being hijacked Amazon, OVH, Digital Ocean, LeaseWeb, Alibaba networks routed to a small network in Canada Data between Bitcoin miners and Bitcoin data pools intercepted An estimated haul of $83,000 Could have been prevented with RPKI
122 RPKI Basics All of ARIN s RPKI data is publicly available in a repository RFC 3779 certificates show who has each resource ROAs show which AS numbers are authorized to announce blocks CRLs show revoked records Manifests list all data from each organization
123 Hierarchy of Resource Certificates ICANN /0 0::/0 ARIN / /8 LACNIC AFRINIC RIPE NCC APNIC Regional ISP /16 Other Small ISP /24 Some Small ISP /20 123
124 Route Origin Authorizations (ROAs) ICANN /0 0::/0 ARIN / /8 LACNIC AFRINIC RIPE NCC APNIC Regional ISP /16 Other Small ISP / /16 AS /24 AS2000 Some Small ISP / /20 AS
125 Current Practices ICANN /0 0::/0 ARIN / /8 LACNIC AFRINIC RIPE NCC APNIC Regional ISP /16 Some Small ISP / / / AS AS53659 Other Small ISP / /24 AS
126 Using ARIN s RPKI Repository (Theory) 1. Pull down these files using a manifest-validating mechanism 2. Validate the ROAs contained in the repository 3. Communicate with the router to mark routes: Valid Invalid unknown Ultimately, the ISP uses local policy on how to 126 route to use this information.
127 Using ARIN s RPKI Repository (Practice) 1.Get the RIPE NCC RPKI Validator 127
128 Using ARIN s RPKI Repository (Practice, continued) 2.Get the ARIN TAL 3.Plug it in to your routing policy engine: Directly to the router via RTR protocol Using custom scripts and the REST API As RPSL route objects 128
129 Putting Your Routes in the RPKI 1.Determine if you want to allow ARIN to host your Certificate Authority (CA), or if you want ARIN to delegate to your Certificate Authority. 2.Sign up with ARIN Online. 3.Create Resource Certificates and ROAs.
130 Hosted vs. Delegated RPKI Hosted ARIN has done all of the heavy lifting for you Think point click ship Available via web site or RESTful interface Delegated using Up/Down Protocol A whole lot more work Might make sense for very large networks 130
131 Hosted RPKI - ARIN Online Pros Easy-to-use web interface ARIN-managed (buying/deploying HSMs, etc. is expensive and time consuming) Cons Downstream customers can t use RPKI Large networks would probably need to use the RESTful interface to avoid tedious management 131 We hold your private key
132 Delegated RPKI with Up/Down Pros Allows you to keep your private key Follows the IETF up/down protocol Allows downstream customers to use RPKI Cons Extremely hard to set up Requires operating your own RPKI environment High cost of time and effort 132
133 Delegated with Up/Down You have to do all the ROA creation Need to set up a Certificate Authority Have a highly available repository Create a CPS 133
134 RPKI Usage Oct 2012 Apr 2013 Oct 2013 Apr 2014 Oct 2014 Apr 2015 Oct 2015 Apr 2016 Oct 2016 Apr 2017 Certified Orgs ROAs Covered Resources Up/Down Delegated
135 RPKI vs The Routing Table: Globally
136 RPKI vs The Routing Table: RIPE
137 RPKI vs The Routing Table: APNIC
138 RPKI vs The Routing Table: AFRINIC
139 RPKI vs The Routing Table: LACNIC
140 RPKI vs The Routing Table: ARIN
141 Takeaways If you re not using RPKI, you re vulnerable to route hijacking Plenty of readily available documentation regarding implementation details If we can help, contact us
142 Q&A
143 Everything You Always Wanted To Know About IPv6 Eddie Diego Senior Resource Analyst
144 The Road To IPv6 Deployment Why Move To IPv6 Now? Obtaining IPv6 From ARIN Dedicated IPv4 Block For IPv6 Deployment IPv6 Address Plans IPv6 Deployment Case Studies IPv6 Resources... and a few words about the current state of IPv6 adoption.
145 Why Move To IPv6 Now? Being IPv4-only has costs Transfer market, latency, CGN boxes, NAT Generally no additional cost for ISPs & fees recently lowered for end users IPv6 gives you access to a reserved IPv4 block One IPv4 /24 per six month period 1 4 5
146 Requesting IPv6 - ISPs Have a previous v4 allocation from ARIN or predecessor registry OR Intend to IPv6 multi-home OR Provide a technical justification which details at least 50 assignments made within 5 years 146
147 IPv6 ISP Block Size /48 typically assigned to customers Might be smaller, e.g. /56, for residential /32 default generally sufficient Enough to number 65k+ customers Larger blocks based on: # of serving sites (PoPs, datacenters) # of customers at largest serving site Block size to be assigned 147
148 Requesting IPv6 End Users Have a v4 assignment from ARIN OR Intend to IPv6 multi-home OR 2000 IPv6 addresses/200 IPv6 subnets used OR Have 13+ active sites within 12 months OR Technical justification showing ISP-assigned IPs are unsuitable 148
149 IPv6 End User Block Size Number of Sites Block Size 1 / / / ,072 /36 3,073-49,152 /32 37
150 Reserved IPv4 for IPv6 Deployment /10 reserved under policy in April /24s issued to date (99.6% remains available) Must be used to facilitate IPv6 deployment Dual stacking key servers, NAT-PT/NAT464, etc. Must have an IPv6 block One per organization every six months /24 maximum size
151 Subnetting: IPv4 vs IPv6 The IPv4 mindset: think in terms of IP addresses If a site has 50 devices, I give it a /26 The IPv4 mindset does not work for IPv6 Last 64 bits used for device autoconfiguration... and we have a ton of IPv6 addresses. The correct IPv6 mindset: think in terms of subnets, not addresses
152 IPv6 Subnetting NANOG BCOP Each individual network segment gets a /64 A /64 can hold a near-infinite number of devices Subnet on nibble boundaries for DNS /48, /44, /40, etc Addressing plans should be hierarchical, with each level using subnets of the same size Each site gets a /48 Customers generally get a /48 PoPs/aggregation points sized based on largest
153 IPv4 Address Plan: End User /23 Enterprise Network /19 /24 /24 SJO Hub 14 offices /27 for each 448 IPs CHI Hub 15 offices /28 for each 240 IPs DAL Hub 7 offices /28 for each 112 IPs ASH Hub 156 sites /27 for each 4,992 IPs
154 IPv6 Address Plan: End User /40 Enterprise Network /40 /40 /40 (256 /48s) SJO Hub 14 offices /48 for each CHI Hub 15 offices /48 for each DAL Hub 7 offices /48 for each COL Hub 156 sites /48 for each
155 IPv4 Address Plan: ISP /21 FTTH ISP Network /24 /23 /22 Cincinnati Hub 952 home users (1 IP each) 5 biz customers (/29-/24) = 1,952 IPs Toledo Hub 214 home users (1 IP each) = 214 IPs Cleveland Hub 497 home users (1 IP each) = 497 IPs Columbus Hub 497 home users (1 IP each) 4 biz customers (/29-/24) = 997 IPs
156 IPv6 Address Plan: ISP Cincinnati Hub 1,027 total users (home + business) = 1,027 /48s /36 (4,096 /48s) /36 Toledo Hub 214 total users (home + business) = 214 /48s FTTH ISP Network /36 /36 Cleveland Hub 497 total users (home + business) = 497 /48s Columbus Hub 506 total users (home + business = 506 /48s
157 Anatomy Of An IPv6 Address 2001:0DB8:3007:000A:B9D3:284A:83E2:90DB /32 from ARIN Hub /36 0 = Cincinnati 1 = Toledo 2 = Cleveland 3 = Columbus 4 = Future Hub... etc Site / = Toledo Site = Toledo Site = Toledo Site 7 Subnet / = Subnet = Subnet A = Subnet 10 Device /128 Autoconfigured with MAC Address
158 IPv6 Deployment Information ISOC s Deploy360 program has 16 detailed case studies covering: ISPs Hosting providers Enterprise businesses Universities Governments ARIN s IPv6 Wiki DNS, tools, translation services, etc
159 IPv6 Info Center
160 How Far Are We In IPv6 Adoption? Depends where you look... How many networks have an IPv6 block? How many networks are routing IPv6? How much traffic is using IPv6?
161 Percentage of Members with IPv6 100% 80% 60% 40% 20% 34.10% 52.83% 52.87% 87.55% 75.11% 0% AfriNIC APNIC ARIN LACNIC RIPE NCC 161
162 Customers with IPv4 & IPv6 RSP End Users ,467 1,780 2,420 6, IPv4 Only IPv4 & IPv6 IPv6 Only
163 IPv6 Adoption by ISP Size 100% 90% 80% 70% 60% 50% 40% 30% 20% 10% 0% 3X-Small (143) 2X-Small (778) X-Small (1,656) Small (1,252) Medium (651) Large (242) X-Large (187) 2X-Large (37) 3X-Large (24) 4X-Large (7) ISPs with IPv6 ISPs without IPv6
164 IPv6 Requests Since Depletion
165 Routing Table Growth IPv4 First 14 Years IPv6 First 14 Years
166 Google s IPv6 Traffic Growing 166
167 Facebook & Akamai
168 Discussion: IPv6 & You Do you have an IPv6 block from ARIN? If so, how was the process? Have you deployed IPv6? If not, do you plan to? Are there blockers? If so, how is it working? Any experience to share? What can ARIN do to help you with IPv6 deployment?
169 Q&A
170 WHOIS Accuracy Richard Jimmerson Chief Information Officer
171 What is Accurate Whois Data? Comprehensive All required data is registered and complete Correct Data has been verified by staff as being accurate Current Data has been confirmed to be up to date or recently updated
172 Why Is It Important? Internet operability and stability Contact other network operators to resolve issues Public safety Law enforcement can identify the responsible party for a subpoena Protection from number resource hijacking Hijackers often target stale or inaccurate data
173 Current Verification Process Policy Annual POC validation & requirement to publish reassignment Information Business Practice All new orgs must be active/in good standing Verify active/in good standing every 12 months Service/resource requests accepted only from registered contacts Registration Services Agreement (RSA) Must comply with all policies Must provide and maintain accurate registration information in Whois
174 POC Validation Stats 743,839 total POCs in ARIN s database 177,742 are validated* 243,192 are unvalidated 322,905 are orphaned** *Validated POC has either responded to ARIN s annual POC validation or updated their POC record within the past 12 months **Orphaned POC not associated with any number resources
175 Direct/Indirect POC Validation Stats 50,881 * total direct POCs 28,555 validated (56%) 22,326 unvalidated (44%) 692,958 ** total indirect POCs 149,187 validated (22%) 220,866 unvalidated (32%) * ** 322,905 orphaned (46%) Recieved resources from ARIN or Predecessor Customer reassignments received from an upstream ISP
176 ARIN Issued vs Legacy Stats 27,645 total ARIN-issued v4 nets 25,648 (93%) have at least one validated POC 1,997 (7%) have no validated POC 24,974 total legacy nets 11,773 (47%) have at least one validated POC 13,201 (53%) have no validated POC
177 IPv4 Depletion & Data Accuracy ISPs required to publish customer assignments in Whois Required in order to get more IP addresses Since IPv4 is unavailable and IPv6 initial allocations are very large, ISPs may not continue to provide accurate customer data New approaches may be needed to ensure data accuracy Have staff confirm accuracy more frequently Contact orgs with no valid contact More outreach on the importance of accurate data
178 Takeaways Accurate Whois data is vital to the Internet Inaccurate data delays fixing operational/abuse issues We have a lot of inaccurate records today IPv4 depletion could make the problem worse We need community feedback Priorities are set based on what you tell us is important
179 Q&A
180 Open Mic Session
181 Today s Takeaways: You make ARIN s Internet number resource policy Apply for IPv6 addresses and get started Consider implementing DNSSEC & RPKI Reach out to us with questions and suggestions - engage
182
183 Fill out & submit the survey for your chance to win a $100 Amazon Gift Card!
BRINGING YOU ANSWERS DENVER, CO 13 JUNE 2017
BRINGING YOU ANSWERS DENVER, CO 13 JUNE 2017 Here Today From ARIN Dan Alexander Chair, ARIN Advisory Council Susan Hamlin Director, Communications & Member Services Richard Jimmerson Chief Information
More informationLife After IPv4 Depletion
1 Life After IPv4 Depletion Jon Worley Analyst Securing Core Internet Functions Resource Certification, RPKI Mark Kosters Chief Technology Officer 2 Core Internet Functions: Routing & DNS The Internet
More informationBRINGING YOU ANSWERS SASKATOON, SK 14 SEPTEMBER 2017
BRINGING YOU ANSWERS SASKATOON, SK 14 SEPTEMBER 2017 Here Today From ARIN Eddie Diego, Senior Resource Analyst Susan Hamlin, Director Communications and Member Services Alyssa Moore, ARIN Advisory Council
More informationAn ARIN Update. Susan Hamlin Director of Communications and Member Services
An ARIN Update Susan Hamlin Director of Communications and Member Services ARIN, a nonprofit member-based organization, supports the operation of the Internet through the management of Internet number
More informationSecuring Core Internet Functions Resource Certification, RPKI. Mark Kosters ARIN CTO
Securing Core Internet Functions Resource Certification, RPKI Mark Kosters ARIN CTO Core Internet Functions: Routing & DNS The Internet relies on two critical resources DNS: Translates domain names to
More informationHere today from ARIN
Little Rock, Arkansas 7 March 2017 Here today from ARIN Dan Alexander Jan Blacka John Curran Susan Hamlin Aaron Hughes Ed MacDonald Andy Newton Jon Worley Chair, ARIN Advisory Council Senior User Experience
More informationBRINGING YOU ANSWERS SAN DIEGO, CA 23 JANUARY 2018
BRINGING YOU ANSWERS SAN DIEGO, CA 23 JANUARY 2018 Here Today From ARIN Owen DeLong, ARIN Advisory Council Susan Hamlin, Director Communications and Member Services Richard Jimmerson, Chief Information
More informationARIN Update. Mark Kosters CTO
ARIN Update Mark Kosters CTO Agenda What does ARIN do? A short ARIN status report How you can get IP space from us? 2 3 ARIN, a nonprofit member-based organization, supports the operation of the Internet
More informationARIN Update. Summer 2011 ESCC/Internet2 Joint Techs Mark Kosters Chief Technology Officer
ARIN Update Summer 2011 ESCC/Internet2 Joint Techs Mark Kosters Chief Technology Officer Agenda A Brief Overview of ARIN IPv4 and IPv6 Stats Call to Action Technology Initiatives 2 of 23 About ARIN Regional
More informationLife After IPv4 Depletion. Leslie Nobile
Life After IPv4 Depletion Leslie Nobile Recent Observations Still strong demand for IPv4 Seeing increased activity in IPv4 transfers/transfer market, pre-approvals, and Specified Transfer Listing Service
More informationWelcome to Your First ARIN Meeting
Welcome to Your First ARIN Meeting Handouts for you Basic information Acronym list ARIN fact sheets ARIN at a Glance Policy Development Process ARIN Participation Internet Ecosystem Self- Introductions
More informationStatus and Solutions for Whois Data Accuracy. Leslie Nobile, ARIN Tina Morris, ARIN Advisory Council
Status and Solutions for Whois Data Accuracy Leslie Nobile, ARIN Tina Morris, ARIN Advisory Council About ARIN One of 5 Regional Internet Registries (RIRs) Nonprofit corporation based in Chantilly, VA
More informationSecuring Routing: RPKI Overview. Mark Kosters Chief Technology Officer
Securing Routing: RPKI Overview Mark Kosters Chief Technology Officer Why are DNSSEC and RPKI important? Two of the most critical resources DNS Routing Hard to tell when resource is compromised Focus of
More informationIPv6 Deployment: Business Case and Development Opportunities. University College of the Caribbean Internet Day. 12 July 2012 Tim Christensen, ARIN
IPv6 Deployment: Business Case and Development Opportunities University College of the Caribbean Internet Day 12 July 2012 Tim Christensen, ARIN Internet Governance Definition of Internet governance*:
More informationSecurity Overlays on Core Internet Protocols DNSSEC and RPKI. Mark Kosters ARIN CTO
Security Overlays on Core Internet Protocols DNSSEC and RPKI Mark Kosters ARIN CTO Why are DNSSEC and RPKI Important Two critical resources DNS Routing Hard to tell if compromised From the user point of
More informationThe Insider s Guide To Transfers. John Sweeting - Senior Director, Registration Services Cathy Clements Transfer Services Manager
The Insider s Guide To Transfers John Sweeting - Senior Director, Registration Services Cathy Clements Transfer Services Manager Overview Transfer Basics M&A Transfer Procedure & Tips Specified Recipient
More informationSecurity Overlays on Core Internet Protocols DNSSEC and RPKI. Mark Kosters ARIN CTO
Security Overlays on Core Internet Protocols DNSSEC and RPKI Mark Kosters ARIN CTO Why are DNSSEC and RPKI Important Two critical resources DNS Routing Hard to tell if compromised From the user point of
More informationMadison, Wisconsin 9 September14
1 Madison, Wisconsin 9 September14 2 Security Overlays on Core Internet Protocols DNSSEC and RPKI Mark Kosters ARIN Engineering 3 Why are DNSSEC and RPKI Important Two critical resources DNS Routing Hard
More informationFirst Timers Orientation
ARIN at a Glance First Timers Orientation Brief introductions ARIN and the Regional Internet Registry (RIR) system - John Curran ARIN Tools and Services - Mark Kosters Life After IPv4 - Richard Jimmerson
More informationAPNIC s role in stability and security. Adam Gosling Senior Policy Specialist, APNIC 4th APT Cybersecurity Forum, 3-5 December 2013
APNIC s role in stability and security Adam Gosling Senior Policy Specialist, APNIC 4th APT Cybersecurity Forum, 3-5 December 2013 Overview Introducing APNIC Working with LEAs The APNIC Whois Database
More informationStatus of IPv4 Deple1on and Transfers. ASO Address Council 25 June 2014
Status of IPv4 Deple1on and Transfers ASO Address Council 25 June 2014 Agenda Status of IPv4 depletion Status of IPv4 transfers Status of IPv6 Discussion and Q&A 2 IANA Deple)on 3 What is IANA depletion?
More informationSan Diego, California 25 February 2014
1 San Diego, California 25 February 2014 2 Automating Your Interactions with ARIN Mark Kosters Chief Technology Officer 3 Why Automate? Interact with ARIN faster Not dependent on ARIN s systems for user
More informationInternet Corporation for Assigned Names & Numbers - Internet Assigned Numbers Authority Update
Internet Corporation for Assigned Names & Numbers - Internet Assigned Numbers Authority Update PacNOG 3, Rarotonga Save Vocea Regional Liaison - Australasia/Pacific 17 June 2007 ICANN Mission To coordinate,
More informationIP addressing policies: what does this mean? Adam Gosling Senior Policy Specialist, APNIC APT PRF for the Pacific: August 2013
IP addressing policies: what does this mean? Adam Gosling Senior Policy Specialist, APNIC APT PRF for the Pacific: August 2013 Overview APNIC in the Internet ecosystem Policy development IPv4 IPv6 Public
More informationIP Address Management The RIR System & IP policy
IP Address Management The RIR System & IP policy Nurani Nimpuno APNIC Overview Early address management Evolution of address management Address management today Address policy development IP allocation
More informationLife After IPv4 Depletion
1 Life After IPv4 Depletion Jon Worley Analyst Life After IPv4 Depletion Leslie Nobile Senior Director Global Registry Knowledge 2 Overview ARIN s IPv4 inventory Trends and Observations Ways to obtain
More informationAPNIC & Internet Address Policy in the Asia Pacific
APNIC & Internet Address Policy in the Asia Pacific NZ Internet Industry Forum Auckland, 29 November 2001 Anne Lord, APNIC Overview Introduction to APNIC Policy Development Address Management APNIC Update
More informationARIN Support for DNSSEC and RPKI. ION San Diego 11 December 2012 Pete Toscano, ARIN
ARIN Support for DNSSEC and ION San Diego 11 December 2012 Pete Toscano, ARIN 2 DNS and BGP They have been around for a long time. DNS: 1982 BGP: 1989 They are not very secure. Methods for securing them
More informationSecuring Internet Infrastructure: Route Origin Security using RPKI at ARIN. Mark Kosters CTO
Securing Internet Infrastructure: Route Origin Security using RPKI at ARIN Mark Kosters CTO What is RPKI? Resource Public Key Infrastructure Attaches digital certificates to network resources AS Numbers
More informationThe Regional Internet Registries
The Regional Internet Registries Managing Internet Number Resources www.afrinic.net www.apnic.net www.arin.net www.lacnic.net www.ripe.net www.nro.net Global Coordination A Fair and Stable Platform Whether
More informationWelcome. Here today from ARIN
Pittsburgh, PA 2 June 2016 Welcome. Here today from ARIN Einar Bohlin, Public Policy Analyst Richard Jimmerson, CIO & Acting Director of Registration Services Andy Newton, Chief Engineer Chris Tacit, ARIN
More informationIPv6 & Internet Governance Developments. CANTO Nate Davis, Chief Operating Officer
IPv6 & Internet Governance Developments CANTO Nate Davis, Chief Operating Officer 13 August 2014 2 History of the Internet Protocol Internet Protocol version 4 (IPv4) Developed for the original Internet
More informationIPv4 depletion & IPv6 deployment in the RIPE NCC service region. Kjell Leknes - June 2010
IPv4 depletion & IPv6 deployment in the RIPE NCC service region Kjell Leknes - June 2010 Outline About RIPE and RIPE NCC IPv4 depletion IPv6 deployment Engaging the community - RIPE NCC and the RIPE community
More informationISOC presents: World IPv6 Day
ISOC presents: World IPv6 Day Today Google, Facebook, Yahoo!, Akamai and Limelight Networks will be amongst some of the major organisations offering their content over IPv6 for a 24-hour test flight. The
More informationAPNIC Update. German Valdez External Relations Program Director, APNIC ARIN XXX 26-October-2012
APNIC Update German Valdez External Relations Program Director, APNIC ARIN XXX 26-October-2012 Overview Stats IPv4 transfers Training APNIC Labs Policies ISIF Public Affairs APNIC Member Survey APNIC Coming
More informationAPNIC support for Internet development
APNIC support for Internet development APT/PITA Regional Meeting on ICT for the Pacific 25-27 August 2004, Nadi, Fiji Paul Wilson pwilson@apnic.net 1 What is APNIC? Regional Internet Registry (RIR) for
More informationA Policy Story - IPv4 Transfer. TWNIC OPM 26, Taipei 14 December 2016 George Kuo, Services Director
A Policy Story - Transfer TWNIC OPM 26, Taipei 14 December 2016 George Kuo, Services Director 1 About APNIC Membership-based, not-for-profit, Regional Internet Registry (RIR) Delegates and registers IP
More informationPrepared by Regional Internet Registries APNIC, ARIN, LACNIC and RIPE NCC
Prepared by Regional Internet Registries APNIC, ARIN, LACNIC and RIPE NCC Overview History & Evolution Structure IP Address Management Internet Number Resource Management Policy Development Internet Number
More informationSupporting Internet Growth and Evolution: The Transition to IPv6
2010/TEL41/DSG/WKSP2/004 Agenda Item: Panel Discussion 1 Supporting Internet Growth and Evolution: The Transition to IPv6 Submitted by: APNIC Workshop for IPv6: Transforming the Internet Chinese Taipei
More informationAPNIC Update. AfriNIC June Sanjaya Services Director, APNIC
1 APNIC Update AfriNIC-14 4-10 June 2011 Sanjaya Services Director, APNIC 2 Overview Registry Update Policy Update 2011 Member and Stakeholder Survey New Building & Business Continuity Plan Upcoming Meetings
More informationInternet Addressing and the RIR system (part 2)
Internet Addressing and the RIR system (part 2) 12 February 2004 Phnom Penh, Cambodia Paul Wilson, APNIC Overview Part 2 Allocation statistics Asia Pacific Internet Resource statistics Global Internet
More informationResource Public Key Infrastructure
Resource Public Key Infrastructure A pilot for the Internet2 Community to secure the global route table Andrew Gallo The Basics The Internet is a self organizing network of networks. How do you find your
More informationLEA Workshop. Champika Wijayatunga & George Kuo, APNIC Wellington, New Zealand 09, May, 2013
LEA Workshop Champika Wijayatunga & George Kuo, APNIC Wellington, New Zealand 09, May, 2013 Agenda Introduction to APNIC Know about APNIC Internet Policy Development How the Internet Policies are developed
More informationARIN Policies How to Qualify for Number Resources. Leslie Nobile
ARIN Policies How to Qualify for Number Resources Leslie Nobile Director, Registration Services ARIN Policies IPv4 IPv6 ASN Terms Allocate to issue number resources to ISPs (LIRs) for internal networks
More informationPKI-An Operational Perspective. NANOG 38 ARIN XVIII October 10, 2006
PKI-An Operational Perspective NANOG 38 ARIN XVIII October 10, 2006 Briefing Contents PKI Usage Benefits Constituency Acceptance Specific Discussion of Requirements Certificate Policy Certificate Policy
More informationAPNIC 26 policy update Shifting landscape
APNIC 26 policy update Shifting landscape IPv6 Global Summit, 2 nd September 2008 Taipei, Taiwan Miwa Fujii IPv6 Program Manager APNIC 1 Overview Recap of the Internet policy community RIR and NRO APNIC
More informationObtaining and Managing IP Addresses. Xavier Le Bris IP Resource Analyst - Trainer
Obtaining and Managing IP Addresses Xavier Le Bris IP Resource Analyst - Trainer In This Talk 2 Getting IPv4 and IPv6 IPv4 Transfers Protecting Your Resources The RIPE Policy Development Process (PDP)
More informationNIR February JPNIC Updates. Hiroki Kawabata Japan Network Information Center (JPNIC) Copyright 2016 Japan Network Information Center
NIR SIG@APNIC41 February 2016 JPNIC Updates Hiroki Kawabata Japan Network Information Center (JPNIC) Contents Statistics IPv4 IPv6 ASN transfer Activities IPv6 Policy and Internet Governance RPKI Reverse
More informationCIDR. The Life Belt of the Internet 2005/03/11. (C) Herbert Haas
CIDR The Life Belt of the Internet (C) Herbert Haas 2005/03/11 Early IP Addressings Before 1981 only class A addresses were used Original Internet addresses comprised 32 bits (8 bit net-id = 256 networks)
More informationIPv6 Allocation Policy and Procedure. Global IPv6 Summit in China 2007 April 13, 2007 Gerard Ross and Guangliang Pan
IPv6 Allocation Policy and Procedure Global IPv6 Summit in China 2007 April 13, 2007 Gerard Ross and Guangliang Pan 1 Overview Introduction to APNIC Policy development process IPv6 policy and procedures
More informationIPv4 Depletion and IPv6 Adoption Today. Richard Jimmerson
IPv4 Depletion and IPv6 Adoption Today Richard Jimmerson 2 History of the Internet Protocol Internet Protocol version 4 (IPv4) Developed for the original Internet (ARPANET) in 1978 4 billion addresses
More informationInternet Governance and Coordination
Internet Governance and Coordination Filiz Yilmaz SNE Colloquium, University of Amsterdam October 2013 koalafil@gmail.com Overview Who am I, why am I here? Brief History of Internet Internet Eco System:
More informationAPNIC History and Overview
APNIC History and Overview AfriNIC Meeting Cape Town, May 2000 APNIC History and Overview Formation and development Current status Resource status Meetings and coordination Questions APNIC History 1992
More informationAPNIC Update. RIPE 59 October 2009
APNIC Update RIPE 59 October 2009 Overview APNIC Services Update APNIC 28 policy outcomes APNIC Members and Stakeholder Survey Next APNIC Meetings Resource Delegations (1 Oct 09) No of /8 delegated No
More informationQuick Guide to Requesting Resources from ARIN
Quick Guide to Requesting Resources from ARIN 1. Review Qualifying for Resources below to verify you qualify for the requested resources. 2. Read the applicable policies in ARIN s Number Resource Policy
More informationFacilitating IPv6 Deployment. Mirjam Kühne, RIPE NCC
Facilitating IPv6 Deployment Mirjam Kühne, RIPE NCC Agenda Introduction - RIPE, the RIPE NCC and the Policy Development Process RIPE Labs - IPv6 Statistics and Measurements Capacity Building
More informationNewcomers Session! By! Newcomers Team! 01/12/2015!
Newcomers Session By Newcomers Team 01/12/2015 INTRODUCTION AGENDA AGENDA AFRINIC- 23 AT A GLANCE INTERNET ECOSYSTEM INTERNET ECOSYSTEM The term used to describe the organisations and communities that
More informationASO Activities and Policy Update. Louie Lee Chair, ASO Address Council ICANN 45 Toronto, Canada 15 October 2012
ASO Activities and Policy Update Louie Lee Chair, ASO Address Council ICANN 45 Toronto, Canada 15 October 2012 Agenda ASO / NRO: Number activities this week Update on other ASO / NRO activities Policy
More informationAFRINIC Consolidated Policy Manual
AFRINIC Consolidated Policy Manual CPM Revision History Date Version Comments 01 Oct 2014 Initial Draft First draft of the CPM 23 Jul 2016 1.0 Revised to include implemented policies since initial draft
More informationIPv6 Allocation Policy and Procedure. Global IPv6 Summit in China 2007 April 13, 2007 Gerard Ross and Guangliang Pan
IPv6 Allocation Policy and Procedure Global IPv6 Summit in China 2007 April 13, 2007 Gerard Ross and Guangliang Pan 1 Overview Introduction to APNIC Policy development process IPv6 policy and procedures
More informationAPNIC Update. Paul Wilson. ARIN October 2013
APNIC Update Paul Wilson ARIN 32 10 October 2013 Overview Serving APNIC Members Supporting Internet development in the Asia Pacific region Collaborating with the Internet community Corporate support APNIC
More informationRIR Update. A Joint Presentation Prepared By APNIC, ARIN, RIPE NCC. 17 March 2002 IEPG - Minneapolis
RIR Update A Joint Presentation Prepared By APNIC, ARIN, RIPE NCC Overview Joint Efforts RIR Specific Statistics Questions RIR Co-ordination IPv6 policy development Joint tutorial & presentation at AfNOG
More informationThis document contains the Draft and Recommended Draft Policies on the agenda for this Public Policy and Members Meeting.
Discussion Guide 1 Welcome to ARIN 42! Policies in the ARIN region are developed by the Internet community using the open and transparent ARIN Policy Development Process (PDP). The Internet community develops
More informationAPNIC Update. Srinivas (Sunny) Chendi Senior Community Relations Specialist, APNIC Member Briefing, Dhaka 25 May 2013
APNIC Update Srinivas (Sunny) Chendi Senior Community Relations Specialist, APNIC Member Briefing, Dhaka 25 May 2013 Overview Membership support Resources delegation IPv4 transfer support APNIC Training
More informationAPNIC Update. 20 May Paul Wilson. Revision:
APNIC Update 20 May 2015 Paul Wilson Issue Date: 15 Apr 2015 Revision: APNIC s Vision A global, open, stable, and secure Internet that serves the entire Asia Pacific community 2 APNIC in 2014 Serving Supporting
More informationAfrinic Consolidated Policy Manual
Afrinic Consolidated Policy Manual Last Updated: 26 July 2016 Version: 1.0 Contents 1.0 Introduction 2.0 General Definitions 3.0 The Policy Development Process (PDP) 3.1 Scope of the PDP 3.2 Policy Development
More informationHow to participate in RIR Policy Development Processes. Louie Lee ASO Address Council ICANN 35 Buenos Aires, Argen8na 24 June 2015
How to participate in RIR Policy Development Processes Louie Lee ASO Address Council ICANN 35 Buenos Aires, Argen8na 24 June 2015 How to participate in RIR Policy Development Processes ASO and ICANN Number
More informationRoot KSK Roll Delay Update
Root KSK Roll Delay Update PacNOG 21 Patrick Jones, Sr. Director, Global Stakeholder Engagement 4 December 2017 1 Background When you validate DNSSEC signed DNS records, you need a Trust Anchor. A Trust
More informationAPNIC Update. Elly Tawhai Senior Internet Resource Analyst/Liaison Officer, APNIC PacNOG
APNIC Update Elly Tawhai Senior Internet Resource Analyst/Liaison Officer, APNIC PacNOG 14 02-12-2013 Overview Serving APNIC Members Supporting Internet development in the Asia Pacific region Collaborating
More informationPeeringDB Update. Arnold Nipper Peering Asia 1.0, Kyoto, Japan 1
PeeringDB Update Arnold Nipper arnold@peeringdb.com 2017-11-01 Peering Asia 1.0, Kyoto, Japan 1 Agenda 1. Organization and Election Update 2. Strategic Goals and Organizational Objectives 3. Feature Planning
More informationAPNIC allocation and policy update. JPNIC OPM July 17, Tokyo, Japan Guangliang Pan
APNIC allocation and policy update JPNIC OPM July 17, 2007 - Tokyo, Japan Guangliang Pan 1 Overview Internet registry structure Number resource allocation statistics APNIC recent policy implementations
More informationInternet Resource Policy - Why should I care?
Internet Resource Policy - Why should I care? Nurani Nimpuno, APNIC 3 February 2005 NZNOG 2005 1 Quick survey How many of you are involved with Internet address policy? How many get excited when you hear
More informationDraft Applicant Guidebook, v3
Draft Applicant Guidebook, v3 Module 5 Please note that this is a discussion draft only. Potential applicants should not rely on any of the proposed details of the new gtld program as the program remains
More informationPublic Policy Consultation
66 Public Policy Consultation An open public discussion of Internet number resource policy held by ARIN facilitating in-person and remote participation. Held at ARIN's Public Policy Meetings and at other
More informationMadison, WI 9 September 2014
1 Madison, WI 9 September 2014 2 Part 1 IPv4 Depletion Leslie Nobile Director, Registration Services 3 ARIN s IPv4 Inventory As of 2 Sept 2014, ARIN has 0.76 /8 equivalents of IPv4 addresses remaining
More informationSupporting Internet Growth and Evolution: The Transition to IPv6
Supporting Internet Growth and Evolution: The Transition to IPv6 Bali IPv6 Summit, Bali 9 June 2010 Sanjaya Services Director, APNIC 1 Overview Recap About APNIC Reality check: where are we now? Transition
More informationAddress Registries. David Conrad. Internet Software Consortium.
Address Registries David Conrad drc@isc.org Internet Software Consortium Overview The Regional Registries An Example: APNIC Registry Policies and Procedures Registry Funding In the Beginning Address allocation
More informationJoint Response from the Regional Internet Registries
Issue 2: Consultation on international public policy issues concerning IPv4 addresses. The Council Working Group on International Internet- Related Public Policy Issues invites all stakeholders to provide
More informationDecentralized Internet Resource Trust Infrastructure
Decentralized Internet Resource Trust Infrastructure Bingyang Liu, Fei Yang, Marcelo Bagnulo, Zhiwei Yan, and Qiong Sun Huawei UC3M CNNIC China Telecom 1 Critical Internet Trust Infrastructures are Centralized
More informationInternet Governance & Current Internet Eco-system. Filiz Yilmaz SNE Colloquium, University of Amsterdam September 2016
Internet Governance & Current Internet Eco-system Filiz Yilmaz SNE Colloquium, University of Amsterdam September 2016 koalafil@gmail.com Overview Who am, I why am I here? Brief History of Internet Internet
More informationNews from RIPE and RIPE NCC
News from RIPE and RIPE NCC FRNOG, Paris 11 December 2009 Vesna Manojlovic RIPE / RIPE NCC RIPE Operators community Develops addressing policies Working group mailing lists 2010 meetings: Prague 3-7 May
More informationRIPE Policy Development & IPv4 / IPv6
RIPE Policy Development & IPv4 / IPv6 Workshop on the IPv6 development in Saudi Arabia 8 February 2009 Axel Pawlik axel@ripe.net Overview RIPE PDP (Policy Development Process) Current Policy Issues IPv4
More informationThe IDN Variant TLD Program: Updated Program Plan 23 August 2012
The IDN Variant TLD Program: Updated Program Plan 23 August 2012 Table of Contents Project Background... 2 The IDN Variant TLD Program... 2 Revised Program Plan, Projects and Timeline:... 3 Communication
More informationEngineering Status Report. Mark Kosters
Engineering Status Report Mark Kosters Engineering Theme 2011 success was aided by contractors Lots of work yet to do (but a great deal now done) An age for new engineers Operations 7 people (one position
More informationInstitutionalizing the IANA Functions To Deliver A Stable and Accessible Global Internet for Mission Critical Business Traffic and Transactions
Institutionalizing the IANA Functions To Deliver A Stable and Accessible Global Internet for Mission Critical Business Traffic and Transactions Scott Bradner iana - 1 Harvard University / IETF / ISOC /
More informationShifting Sands. PLNOG March Andrzej Wolski Training Department
Shifting Sands PLNOG March 2014 Andrzej Wolski Training Department RIPE NCC 2 Began operating in 1992 Not-for-profit membership organisation 10,000 members (Local Internet Registries) Neutral, Impartial,
More information10 March Informal Expert Group for the ITU World Telecommunication Policy Forum
10 March 2009 Informal Expert Group for the ITU World Telecommunication Policy Forum The Internet Society has been actively engaged in the preparation of the next World Telecommunication Policy Forum (WTPF)
More informationISP 1 AS 1 Prefix P peer ISP 2 AS 2 Route leak (P) propagates Prefix P update Route update P Route leak (P) to upstream 2 AS 3 Customer BGP Update messages Route update A ISP A Prefix A ISP B B leaks
More informationRegional Internet Registries. Statistics & Activities
Regional Internet Registries Statistics & Activities IEPG @ IETF 58 Minneapolis Prepared By APNIC, ARIN, LACNIC, RIPE NCC 9 November 2003 IEPG @ IETF 58 Minneapolis Overview Internet Number Resource Status
More informationRegional Internet Registries. Statistics & Activities
Regional Internet Registries Statistics & Activities IEPG @ IETF 58 Minneapolis Prepared By APNIC, ARIN, LACNIC, RIPE NCC Overview Internet Number Resource Status Report RIR Activities Joint Number Resource
More informationImplementing the Global Policy for Post Exhaustion IPv4 Allocation Mechanisms by the IANA
Implementing the Global Policy for Post Exhaustion IPv4 Allocation Mechanisms by the IANA Implementing the Global Policy for Post Exhaustion IPv4 Allocation Mechanisms by the IANA/Public/Final/LLV i Table
More informationFacilitating Secure Internet Infrastructure
Facilitating Secure Internet Infrastructure RIPE NCC http://www.ripe.net About the RIPE NCC RIPE Network Coordination Centre Bottom-up, self-regulated, membership association, notfor-profit Regional Internet
More informationUpdate from the RIPE NCC. David Hilario, RIPE NCC
Update from the RIPE NCC David Hilario, RIPE NCC The Internet Registry System 2 Regional Internet Registries (RIR) Distribution and registration of Internet number resources: IP addresses, AS Numbers Not-for-profit
More informationWireless Access: SSID: HHonors PW:Hilton16
Columbia, SC 30 October 2014 Wireless Access: SSID: HHonors PW:Hilton16 Welcome. Here today from ARIN Susan Hamlin, Director, Communications and Member Services Andy Newton, Chief Engineer John Sweeting,
More informationInternet Numbers Introduction to the RIR System
Internet Numbers Introduction to the RIR System Chafic Chaya MEAC-IG Summer School, AUB - Lebanon August 2016 1 Who Runs the Internet? The short answer is NO ONE!!! Chafic Chaya MEAC-IG Summer School August
More informationRIPE Global Policy for IPv4 Allocations by
RIPE 2010 5 Global Policy for IPv4 Allocations by the IANA Post Exhaustion RIPE 61 Roma, Italy 17 NOV 2010 A.D. Jason Schiller Housekeeping Definitions ICANN (IANA) Legacy address space RFC 2050 Needs
More informationIPv6: The Future of the Internet? July 27th, 1999 Auug
IPv6: The Future of the Internet? July 27th, 1999 Auug Overview Introduction to APNIC Introduction to IPv6 Obtaining IPv6 Address Space References and RFCs What is APNIC? Regional Internet Registry (RIR)
More informationIP Addressing and ICT Development in the Pacific Islands. Anne Lord and Save Vocea, APNIC ICT Workshop, Fiji, November, 2002
IP Addressing and ICT Development in the Pacific Islands Anne Lord and Save Vocea, APNIC ICT Workshop, Fiji, 11-13 November, 2002 A Glimpse of the Future. What is ICT Development? E-commerce and E-education
More informationICANN & Global Partnerships
ICANN & Global Partnerships Baher Esmat Manager, Regional Relations Middle East cctld Training, Amman 26-29 Nov, 2007 1 What is ICANN? The Internet Corporation for Assigned Names and Numbers (ICANN) is
More informationARIN Number Resource Policy Manual. Version October 15, 2004
ARIN Number Resource Policy Manual Version 2004.1 -October 15, 2004 Abstract This is ARIN's Number Resource Policy Manual (NRPM). It is available at: http://www.arin.net/policy/. Contents 1. Introduction
More information