APNIC Senior Resource Analyst Elly Tawhai gives an update on the ‘Reclaiming unused IPv4’ project at PacNOG 24 in Apia, Samoa from 24 to 28 June 2019, to keep the Pacific updated on the plan to provide a new listing service that APNIC Members can use to publish available IPv4 addresses
7. Recent IPv4 Delegation Policy change
• prop-127: Change maximum delegation size of 103/8 IPv4
address pool to a /23
– Each member can only get up to 512 addresses (/23)
– Allows new members to get a little bit of IPv4 before it completely
runs out
• prop-129: Abolish Waiting list for unmet IPv4 requests
– Recovered address space treated under the same policy as last /8
(103/8)
– Encourage the implementation of IPv6
7
9. IPv4 address transfer
• Transfer is allowed through:
– Merger & Acquisition
– Needs based market transfer
• Way to source additional IPv4 addresses
– Implement new process and mechanism of IPv4 listing service for
members who want to list their unused Ipv4 address space
9
10. Motivation for IPv4 listing service
• Motivation
– Response to the 2018 APNIC survey
– Additional supply of IPv4 addresses
– Effective stewardship of IPv4 address space
10
13. What next?
• We welcome feedback from the community
• Future change is planned by end of the year
13
14. • Object in the APNIC whois containing contact information of
network administrators responsible for receiving network
abuse reports
• As a result of prop-079 at APNIC 29, APNIC implemented
mandatory IRT references on 8 November 2010
• Aimed to provide a more accurate and efficient way for
abuse reports to reach the correct contact
14
Incident Response Team (IRT) object in Whois
15. prop-125 Validation of “abuse-mailbox”
and other IRT emails
• Two consecutive
emails sent to IRT
contacts every six
months
• No results – limited
access to MyAPNIC
– Lack of compliance
will result in follow-
up procedures
according to
existing policy
16. Prop-125 validation process
• Two consecutive emails sent to IRTs associated with
resources, every 6 months
– First email will contain validation URL (with confirmation to policy and
procedures)
– Second email will contain unique code
• Validate in a way that proves you are a human. Captcha
code to avoid automatic processing
16
18. Prop-125 validation process (cont’d)
• If no action after 15 days, MyAPNIC will display reminder
alert warning
• If no action after 30 days, MyAPNIC access will be limited
• IRTs will be marked invalid in APNIC whois by adding to
'remarks' attribute
• Lack of compliance will result in follow-up according to
existing policy and procedures
18
19. Prop-125 marking IRTs as valid
19
irt: IRT-APNIC-AP
address: Brisbane, Australia
e-mail: helpdesk@apnic.net
abuse-mailbox: helpdesk@apnic.net
admin-c: HM20-AP
tech-c: NO4-AP
auth: # Filtered
remarks: helpdesk@apnic.net was validated on 2019-06-03
mnt-by: APNIC-HM
last-modified: 2019-02-14T05:37:22Z
source: APNIC
Validated
IRT object
20. Prop-125 escalation process
• Separate process for reporting incorrect or lack of response
to cases of network abuse
• A new escalation mailbox to be monitored by APNIC
• Once escalation is received, APNIC will investigate and
trigger manual validation request
20
23. Prop-125 implementation timeline
23
• Phase one – estimated completion June 2019
– Includes validation of IRTs associated with parent resource records
– New escalation mailbox
• Phase two – estimated completion December 2019
– Include non-portable assignments
– Resolve any issues encountered during phase one
24. RPKI
24
apnic.net/rpki
Measure 31/12/2018 31/5/19 ∆
Members with certs 21.9% 23.8% 8%
Members with ROAs 11.3% 15% 24%
IPv4 under ROAs 6.1% 7.3% 16%
IPv6 under ROAs 5.6% 8.6% 35%
‘Validation Reconsidered’
• Reduce sensitivity to isolated or transient
errors
• Adopted as RFC 8360
‘Anysign’ Function
• RTA = Resource Tagged Attestation
- In deployment as hosted service in
MyAPNIC
• Proof-of-concept to enable RPKI signing of
any document or object, for example, LOA
for service provisioning
• OID request submitted to IANA
Where is the APNIC Region?
APNIC serves the entire Asia-Pacific region, with a total of 56 economies in the region. This includes Asia, Australia, New Zealand, Melanesia, Polynesia, and Micronesia regions.
Asia Pacific Region
Afghanistan, Kiribati, PalauAmerican, Samoa, Korea, Dem. People's Republic, Papua New Guinea, Australia, Korea, Republic of Philippines, Bangladesh, Laos People’s Dem. Republic, Pitcairn, Bhutan, Macau, Reunion, British Indian Ocean Territory, Madagascar, Samoa, Brunei Darussalam, Malaysia, Seychelles, Cambodia, Maldives, Singapore, China, Marshall Islands, Solomon Islands, Christmas Island, Mauritius, Sri Lanka, Cocos (Keeling) Islands, Mayotte, Taiwan, Comoros, Micronesia Fed. States of Thailand, Cook Islands, Mongolia, Tokelau, East Timor, Myanmar, Tonga, Fiji, Nauru, Tuvalu, French Polynesia, Nepal, Vanuatu, French Southern Territories, New Caledonia, VietNam, Guam, New Zealand, Wallis and Futuna Islands, Hong Kong Niue, India, Norfolk Island, Indonesia, Northern Mariana Islands, Japan, Pakistan
Reference:
http://www.apnic.net/about-APNIC/organization/apnics-region
IPv4 addresses are a finite 32-bit numeric asset
2³² addresses = about 4.2 billion addresses
Colours are the different sub-regions
Had a fairly large drop last year
Growth now in on the IPv6 front
20.19% left in 103/8
New companies can obtain some IPv4 address space in the APNIC service region without the need to trade for address space and can make the preparation for the subsequent IPv6 migration
/23 is important because new ISPs can use /24 for internal infrastructure and /24 customer assignments and NAT for IPv6 transition
All the members in the waiting list already have a minimum of /22 address space from last /8 (103/8) address block.
Recovered address space left aside to new members only
A waiting list will be created once APNIC runs out of resources in last /8 and same last /8 allocation policy will be applied to the waiting list.
IPv4 transfers are continuing to grow in a fairly liner fashion
Chart shows transfers between RIR regions and within the APNIC region
Judging by the transfers happening in other RIRs we can expect transfers to keep increasing for a little while
33% in the survey indicated they would like this
Within MyAPNIC to be added under Resources -> Resource Transfer / Return option
•Two consecutive emails sent to IRTs associated with resources, every 6 months
–First email will contain validation URL (with confirmation to policy and procedures)
–Second email will contain unique code
•Validate in a way that proves you are a human. Captcha code to avoid automatic processing
•If no action after 15 days, MyAPNIC will display reminder alert warning
•If no action after 30 days, MyAPNIC access will be limited
•IRTs will be marked invalid in APNIC whois by adding to 'remarks' attribute
•Lack of compliance will result in follow-up according to existing policy and procedures
•Phase one – estimated completion June 2019
–Includes validation of IRTs associated with parent resource records
–New escalation mailbox
•Phase two – estimated completion December 2019
–Include non-portable assignments
–Resolve any issues encountered during phase one
- RPKI is important and has been a focus
Last we were involved with publishing an RFC 8360 (Validation reconsidered) which involves reducing the sensitivity to transient areas in some parts of validation areas of the hirerachy
Also something we call Anysign or RTA presented as a mechanish to use a RPKI certificate to sign an object called a Letter of Authority for provisioning
Have been promoting take-up of of certificates and ROAs 8% increase of members with certs and 24% with ROAs both in IPv4 and IPv6
There will be a ROA signing BOF in conjunction with this evening’s social