This training introduces, highlights, and explains the key essentials of Internet resource management. It focuses on understanding the structures, processes, procedures, and policies involved in requesting, allocating, and managing Internet addresses (IPv4 and IPv6) and Autonomous System (AS) numbers.
The course also includes aspects of the APNIC Whois Database, Reverse DNS delegations, and MyAPNIC address management tool.
Course outline
* Introduction to APNIC
* Internet registry policies
* Requesting IP addresses
* IP address management
* APNIC Whois Database
* MyAPNIC
* Autonomous System Numbers
* Reverse DNS delegations
* IPv6 overview
3. Objec?ves
– To
provide
an
understanding
of
address
management
– To
provide
a
working
knowledge
of
the
procedures
for
reques?ng
resources
from
APNIC
and
managing
these
– To
keep
membership
up-‐to-‐date
with
the
latest
policies
– Liaise
with
members.
3
5. What
is
APNIC?
• APNIC
is
one
of
5
Regional
Internet
Registries
(RIRs)
around
the
world.
• APNIC
takes
care
of
the
Asia
Pacific
region.
• APNIC
is
a
non-‐profit,
membership
based
organisa?on
• Policies
are
proposed
and
agreed
upon
by
the
APNIC
community.
5
8. What
is
APNIC’s
role?
• APNIC
provides
resource
services
to
the
Asia
Pacific
Region
– IPv4,
IPv6,
ASN
– Maintains
the
Whois
database
– Provides
reverse
DNS
delega?on
for
the
resources
allocated
to
the
region
8
9. What
Does
APNIC
Do?
• APNIC
facilitates
the
policy
development
process
– Via
mailing
lists
and
bi-‐annual
mee?ngs
• Implements
policy
changes
– When
the
community
has
discussed
and
agreed
upon
them
9
10. What
else
does
APNIC
do?
• APNIC
also
provides
informa?on
about
industry
related
ma[ers
– Check
the
website
www.apnic.net
– Join
the
mailing
lists
– Read
the
publica?ons
– A[end
mee?ngs
and
seminars
• APNIC
provides
training
across
the
region
to
the
community
on
a
regular
basis
– Face
to
face
– Via
eLearning
10
11. What
are
the
Goals
of
the
RIRs?
• The
Regional
Internet
Registries
have
been
charged
with
the
following
goals
for
the
number
resources
they
are
responsible
for:
– Conserva?on
– Aggrega?on
– Registra?on
11
12. Internet
Resource
Management
Goals
• Conserva?on
– Efficient
use
of
resources
– Based
on
demonstrated
need
• Aggrega?on
– Limit
rou?ng
table
growth
– Support
provider-‐based
rou?ng
• Registra?on
– Ensure
uniqueness
– Facilitate
trouble
shoo?ng
12
17. How
Do
I
Get
Addresses?
• Decide
what
kind
of
number
resources
you
need
– IPv4,
IPv6
• Check
the
criteria
– On
the
website
www.apnic.net
– Contact
the
helpdesk
helpdesk@apnic.net
• Become
familiar
with
the
policies
• Apply
for
membership
and
resources
17
18. Ini?al
IP
Address
Request
• You
are
required
to
be
an
APNIC
member
in
order
to
ini?ate
your
IP
Address
Request.
• However
you
can
apply
for
membership
and
an
ini?al
address
alloca?on
at
the
same
?me.
• h[p://www.apnic.net/services/become-‐a-‐
member
18
19. Why
Become
A
Member?
•
All
APNIC
members
have
equal
access
to
the
following
benefits
of
membership:
– APNIC
services
– APNIC
events
&
educa?on
– Vote
– Representa?on
19
21. Alloca?on
And
Assignment
• Alloca?on
– “A
block
of
address
space
held
by
an
IR
(or
downstream
ISP)
for
subsequent
alloca?on
or
assignment”
• Not
yet
used
to
address
any
networks
• Assignment
– “A
block
of
address
space
used
to
address
an
opera?onal
network”
• May
be
provided
to
ISP
customers,
or
used
for
an
ISP’s
infrastructure
(‘self-‐assignment’)
21
22. Alloca?on
And
Assignment
APNIC
Allocates
to
APNIC
Member
/8
APNIC
AllocaDon
APNIC
Member
/22
Allocates
Assigns
to
downstream
to
end-‐user
Member
AllocaDon
/24
Downstream
Sub-‐
Assigns
AllocaDon
to
end-‐user
Customer
/
End
User
/27
/26
/25
/26
/27
Customer
Assignments
22
23. Portable
And
Non-‐portable
• Portable
Assignments
– Customer
addresses
independent
from
ISP
• Keeps
addresses
when
changing
ISP
– Bad
for
size
of
rou?ng
tables
• Non-‐portable
Assignments
– Customer
uses
ISP’s
address
space
• Must
renumber
if
changing
ISP
– Only
way
to
effec?vely
scale
the
Internet
23
25. Sub-‐alloca?ons
APNIC
Member
AllocaDon
Sub-‐allocaDon
Customer
Assignments
Customer
Assignments
• No
max
or
min
size
– Max
1
year
requirement
• Assignment
Window
&
2nd
Opinion
applies
– to
both
sub-‐alloca?on
&
assignments
• Sub-‐alloca?on
holders
don’t
need
to
send
in
2nd
opinions
25
27. APNIC
Alloca?on
Policies
• Aggrega?on
of
alloca?on
– Provider
responsible
for
aggrega?on
– Customer
assignments
/sub-‐alloca?ons
must
be
non-‐portable
• Alloca?ons
based
on
demonstrated
need
– Detailed
documenta?on
required
• All
address
space
held
to
be
declared
– Address
space
to
be
obtained
from
one
source
• rou?ng
considera?ons
may
apply
27
28. Ini?al
IPv4
Alloca?on
• APNIC
minimum
IPv4
alloca?on
size
/22
– An
ISP
must
have
used
a
/24
from
their
upstream
provider
or
demonstrate
an
immediate
need
for
a
/24
– An
ISP
must
demonstrate
a
detailed
plan
for
use
of
a
/23
within
a
year
28
29. Ini?al
IPv6
Alloca?on
• To
qualify
for
an
ini?al
alloca?on
of
IPv6
address
space,
an
organiza?on
must:
– Not
be
an
end
site
(must
provide
downstream
services)
– Plan
to
provide
IPv6
connec?vity
to
organiza?ons
to
which
it
will
make
assignments
29
30. “One
Click”
IPv6
Policy
• Members
with
IPv4
holdings
can
click
the
bu[on
in
MyAPNIC
to
instantly
receive
their
IPv6
block
– No
forms
to
fill
out!
• A
Member
that
has
an
IPv4
alloca?on
is
eligible
for
a
/32
• A
Member
that
has
an
IPv4
assignment
is
eligible
for
a
/48
30
31. APNIC
Alloca?on
Policies
• Transfer
of
address
space
– Not
automa?cally
recognised
• Return
unused
address
space
to
appropriate
IR
• Effects
of
mergers,
acquisi?ons
&
take-‐overs
– Will
require
contact
with
IR
(APNIC)
• contact
details
may
change
• new
agreement
may
be
required
– May
require
re-‐examina?on
of
alloca?ons
• requirement
depends
on
new
network
structure
31
32. Sub-‐alloca?on
Guidelines
• Sub-‐allocate
cau?ously
– Only
allocate
or
assign
what
the
customer
has
demonstrated
a
need
for
– Seek
APNIC
advice
if
in
doubt
• Efficient
assignments
– Member
is
responsible
for
overall
u?lisa?on
• Database
registra?on
(WHOIS
Db)
– Sub-‐alloca?ons
&
assignments
must
be
registered
in
the
whois
db
32
33. Portable
Assignments
for
IPv4
• For
(small)
organisa?ons
who
require
a
portable
assignment
for
mul?-‐homing
purposes
– Applicants
currently
mul?homed
OR
demonstrate
a
plan
to
mul?home
within
1
month
APNIC
/8
– Agree
to
renumber
out
of
previously
assigned
space
– Demonstrate
need
to
use
/22
25%
of
requested
space
Member
immediately
and
50%
allocaDon
within
1
year
Non-‐portable
assignment
33
34. Portable
Assignments
for
IPv6
• For
(small)
organisa?ons
who
require
a
portable
assignment
for
mul?-‐homing
purposes
– The
current
policy
allows
for
IPv6
portable
assignment
to
end-‐sites
APNIC
/12
– Size:
/48,
or
a
shorter
prefix
if
the
end
site
can
/32
jus?fy
it
Member
allocaDon
– To
be
mul?homed
within
Non-‐portable
3
months
assignment
34
35. IXP
IPv4
Assignments
Policy
• Criteria
– 3
or
more
peers
– Demonstrate
“open
peering
policy”
• APNIC
has
reserved
blocks
of
space
from
which
to
make
IXP
assignments
35
36. IXP
IPv6
Assignment
Policy
• Criteria
– Demonstrate
‘open
peering
policy’
– 3
or
more
peers
• Portable
assignment
size:
/48
– All
other
needs
should
be
met
through
normal
processes
– /64
holders
can
“upgrade”
to
/48
• Through
NIRs/
APNIC
• Need
to
return
/64
36
37. Portable
Cri?cal
Infrastructure
Assignments
• What
is
Cri?cal
Internet
Infrastructure?
– Domain
Registry
Infrastructure
• Operators
of
Root
DNS,
gTLD,
and
ccTLD
– Address
Registry
Infrastructure
• IANA,
RIRs
&
NIRs
• Why
a
specific
policy
?
– Protect
stability
of
core
Internet
func?on
• Assignment
sizes:
– IPv4:
/24
or
IPv6:
/32
37
39. Policies
and
their
Development
• Policies
are
constantly
changing
the
meet
the
technical
needs
of
the
Internet
• There
is
a
system
in
place
called
the
Policy
Development
Process
– Anyone
can
par?cipate
– Anyone
can
propose
a
policy
– All
decisions
&
policies
documented
&
freely
available
to
anyone
39
40. Why
Par?cipate
In
Policy
Development?
This
is
your
opportunity
to
comment
on
policies
that
may
directly
affect
the
way
your
organisa?on
obtains,
manages
and
deploys
Internet
resources
40
41. You
Can
Par?cipate!
• Send
a
proposal
to
the
Secretariat
• Discuss
proposals
via
public
mailing
lists
– h[p://www.apnic.net/community/par?cipate/
join-‐discussions
• A[end
mee?ngs
– h[p://mee?ngs.apnic.net/31
– Remote
par?cipa?on
available
41
43. From
Regional
to
Global
Policies
While
RIRs
and
their
respec?ve
communi?es
are
responsible
for
policies
specific
to
their
regions,
there
are
?mes
when
a
policy
needs
to
be
global.
43
45. APNIC31
Policy
Proposals
• prop-‐083:
Alterna?ve
criteria
for
subsequent
IPv6
alloca?ons
• prop-‐084:
Frequent
whois
informa?on
update
request
• prop-‐085:
Eligibility
for
cri?cal
infrastructure
assignments
from
the
final
/8
• prop-‐086:
Global
Policy
for
IPv4
Alloca?ons
by
the
IANA
Post
Exhaus?on
• prop-‐087:
IPv6
address
alloca?on
for
deployment
purposes
• prop-‐088:
Distribu?on
of
IPv4
addresss
once
the
final
/8
period
starts
• prop-‐089:
Addi?onal
criterion
for
final
/8
alloca?ons
(and
assignments)
• prop-‐090:
Op?mizing
IPv6
Alloca?on
Strategies
46. APNIC31
Policy
Proposals
• prop-‐091:
Limi?ng
of
final
/8
policy
to
specific
/9
• prop-‐092:
Distribu?on
of
addi?onal
APNIC
IPv4
address
ranges
aser
IANA
exhaus?on
• prop-‐093:
Reducing
the
minimum
delega?on
size
for
the
final
/8
policy
• prop-‐094:
Adding
alterna?ve
criteria
to
renumbering
requirement
in
final
/
8
policy
• prop-‐095:
Inter-‐RIR
IPv4
address
transfer
proposal
• prop-‐096:
Maintaining
demonstrated
needs
requirement
in
transfer
policy
aser
the
final
/8
phase
•
prop-‐097:
Global
Policy
for
post
exhaus?on
IPv4
alloca?on
mechanisms
by
the
IANA
48. Projects
-‐
Root
Server
Deployment
– A
number
of
mirrored
root
server
sites
have
been
placed
into
the
Asia
Pacific
region
– Lowers
the
transit
cost
by
using
a
nearby
instance
of
a
root
server
– The
sites
are
par?ally
or
fully
funded
by
APNIC,
but
operate
as
"anycast"
mirror
copies
of
exis?ng
Root
servers,
by
the
applicable
root
server
operator
48
49. Grants
For
Community
Support
• The
Informa?on
Society
Innova?on
Fund
is
a
small
grants
program
funding
innova?ve
approaches
to
the
extension
of
Internet
infrastructure
and
services
in
the
Asia
Pacific
region
–
19
projects
have
been
funded
since
Jan
2009
–
ISIF
is
ac?vely
seeking
sponsorship
to
support
innova?on
in
the
Asia
Pacific
region
49
50. Community
Collabora?on
• Internet
Community
of
Online
Networking
Specialists
(ICONS)
website
provides
an
opportunity
to
share
informa?on
on
networking
topics
• The
ICONS
site
contains:
– An
online
forum
h[p://icons.apnic.net
– Documents
and
presenta?ons
– Links
to
interes?ng
external
material
50
51. Community
Collabora?on
-‐
TTM
• The
Test
Traffic
Measurement
(TTM)
• Con?nuously
monitors
connec?vity
between
the
host
and
the
rest
of
the
Internet.
• This
project
is
in
collabora?on
with
RIPE
NCC
www.apnic.net/community/support/[m
51
52. Resource
Quality
Assurance
• APNIC
acts
to
minimize
any
problems
in
routability
through
communica?on,
training,
and
tes?ng
• Tes?ng
for
new
/8
blocks
– NOC
mailing
lists
no?fica?on
– Collabora?ve
tes?ng
conducted
by
APNIC
R&D
in
conjunc?on
with
different
organiza?ons
– APNIC
conducts
further
tes?ng,
to
quan?fy
the
extent
to
which
networks
a[ract
“pollu?on”
or
“unwanted”
traffic
53. Resource
Quality
Assurance
• Community
awareness
– Promote responsible administrative practices
through
APNIC
publica?ons
and
training
materials
– Inform organizations that maintain bogon/
black lists about the changes for recently
allocated addresses so they update their DB
– Keep the Whois Database accurate
• Actively remind resource holders to update their
data
54. Resource
Quality
Assurance
• Is
a
collabora?ve
effort,
you
can:
– Follow
responsible
network
administra?on
prac?ces
to
protect
users
from
abuse
and
security
a[acks,
while
allowing
legi?mate
traffic
to
flow
and
reach
its
intended
des?na?on
– Talk
to
your
customers,
upstreams
and
peers
– Keep
informed
about
IANA
alloca?ons
– Consider
whether
you
should
stop
any
form
of
bogon
filtering
60. What
Is
An
Autonomous
System?
• Collec?on
of
networks
with
same
rou?ng
policy
• Usually
under
single
ownership,
trust
or
administra?ve
control
60
61. When
Do
I
Need
An
ASN?
• An
ASN
is
needed
if
you
have
a
– Mul?-‐homed
network
to
different
providers
AND
– Rou?ng
policy
different
to
external
peers
*
For
more
informa?on
please
refer
to
RFC1930:
Guidelines
for
crea?on,
selec?on
and
registra?on
of
an
Autonomous
System
61
62. Reques?ng
An
ASN
• Complete
the
request
form
– Check
with
peers
if
they
can
handle
4
byte
ASN
– Exis?ng
members
send
the
request
from
MyAPNIC
– New
Members
can
send
AS
request
along
with
membership
applica?on
• Transfers
of
ASNs
– Require
legal
documenta?on
(mergers
etc)
62
63. Reques?ng
An
AS
Number
• If
a
member
requests
an
ASN
from
APNIC
for
own
network
infrastructure
– AS
number
is
“portable”
• If
a
member
requests
an
ASN
from
APNIC
for
its
downstream
customer
network
– ASN
is
“non-‐portable”
– ASN
is
returned
if
the
customer
changes
provider
63
65. What
is
‘Reverse
DNS’?
• ‘Forward
DNS’
maps
names
to
numbers
– svc00.apnic.net
-‐>
202.12.28.131
• ‘Reverse
DNS’
maps
numbers
to
names
– 202.12.28.131
-‐>
svc00.apnic.net
66. Reverse
DNS
-‐
why
bother?
• Service
denial
• That
only
allow
access
when
fully
reverse
delegated
eg.
anonymous
sp
• Diagnos?cs
• Assis?ng
in
trace
routes
etc
• SPAM
iden?fica?ons
• Registra?on
responsibili?es
67. Principles
–
DNS
tree
net edu com arpa sg
apnic in-addr
whois
whois RIR 202
202 203 210 211..
ISP 64
64
22 .64 .202 .in-addr .arpa
Customer 22
22
68. Reverse
delega?on
requirements
• /24
Delega?ons
• Address
blocks
should
be
assigned/allocated
• At
least
two
name
servers
• /16
Delega?ons
• Same
as
/24
delega?ons
• APNIC
delegates
en?re
zone
to
member
• <
/24
Delega?ons
• Read
“classless
in-‐addr.arpa
delega?on”
RFC
2317
69. APNIC
&
ISPs
responsibili?es
• APNIC
– Manage
reverse
delega?ons
of
address
block
distributed
by
APNIC
– Process
organisa?ons
requests
for
reverse
delega?ons
of
network
alloca?ons
• Organisa?ons
– Be
familiar
with
APNIC
procedures
– Ensure
that
addresses
are
reverse-‐mapped
– Maintain
nameservers
for
alloca?ons
• Minimise
pollu?on
of
DNS
70. Reverse
delega?on
procedures
• Standard
APNIC
database
object,
– can
be
updated
through
myAPNIC.
• Nameserver/domain
set
up
verified
before
being
submi[ed
to
the
database.
• Protec?on
by
maintainer
object
– (current
auths:
CRYPT-‐PW,
PGP).
• Any
queries
– Contact
<helpdesk@apnic.net>
72. Removing
lame
delega?ons
• Objec?ve
– To
repair
or
remove
persistently
lame
DNS
delega?ons
• DNS
delega?ons
are
lame
if:
– Some
or
all
of
the
registered
DNS
nameservers
are
unreachable
or
badly
configured
• APNIC
has
formal
implementa?on
of
the
lame
DNS
reverse
delega?on
procedures
74. Mo?va?on
Behind
IPv6
Protocol
• New
genera?on
Internet
need:
– Plenty
of
address
space
(PDA,
Mobile
Phones,
Tablet
PC,
Car,
TV
etc
etc
)
– Solu?on
of
very
complex
hierarchical
addressing
need,
which
IPv4
is
unable
provide
– End
to
end
communica?on
without
the
need
of
NAT
for
some
real
?me
applica?on
i.e
online
transac?on
– Ensure
security,
reliability
of
data
and
faster
processing
of
protocol
overhead
74
75. New
Func?onal
Improvement
In
IPv6
• Address
Space
– Increase
from
32-‐bit
to
128-‐bit
address
space
• Management
– Stateless
autoconfigura?on
means
no
more
need
to
configure
IP
addresses
for
end
systems,
even
via
DHCP
• Performance
– Fixed
header
sizes
(40
byte)
and
64-‐bit
header
alignment
mean
be[er
performance
from
routers
and
bridges/switches
75
Source:
h[p://www.opus1.com/ipv6/wha?sipv6.html
76. Protocol
Header
Comparison
• IPv4
contain
10
basic
header
field
• IPv6
contain
6
basic
header
field
• IPv6
header
has
40
octets
in
contrast
to
the
20
octets
in
IPv4
• So
a
smaller
number
of
header
fields
and
the
header
is
64-‐bit
aligned
to
enable
fast
processing
by
current
processors
76
Diagram
Source:
www.cisco.com
77. IPv6
addressing
• 128
bits
of
address
space
• Hexadecimal
values
of
eight
16
bit
fields
• X:X:X:X:X:X:X:X
(X=16
bit
number,
ex:
A2FE)
• 16
bit
number
is
converted
to
a
4
digit
hexadecimal
number
• Example:
• FE38:DCE3:124C:C1A2:BA03:6735:EF1C:683D
– Abbreviated
form
of
address
• 4EED:0023:0000:0000:0000:036E:1250:2B00
• →4EED:23:0:0:0:36E:1250:2B00
• →4EED:23::36E:1250:2B00
• (Null
value
can
be
used
only
once)
79. IPv6
u?lisa?on
• U?lisa?on
determined
from
end
site
assignments
– ISP
responsible
for
registra?on
of
all
/48
assignments
– Intermediate
alloca?on
hierarchy
not
considered
• U?lisa?on
of
IPv6
address
space
is
measured
differently
from
IPv4
– Use
HD
ra?o
to
measure
• Subsequent
alloca?on
may
be
requested
when
IPv6
u?lisa?on
requirement
is
met
79
82. Member Services Helpdesk
- One point of contact for all member enquiries
- Online chat services
Helpdesk
hours
9:00
am
-‐
9:00
pm
(AU
EST,
UTC
+
10
hrs)
ph:
+61
7
3858
3188
fax:
61
7
3858
3199
• More
personalised
service
– Range
of
languages:
Bahasa
Indonesia,
Bengali,
Cantonese,
English,
Hindi,
Mandarin,
Thai,
etc.
• Faster
response
and
resolu4on
of
queries
– IP
resource
applica?ons,
status
of
requests,
obtaining
help
in
comple?ng
applica?on
forms,
membership
enquiries,
billing
issues
&
database
enquiries
85. Summary
• APNIC
is
the
Regional
Internet
Registry
for
the
APNIC
region
• APNIC
(the
Secretariat)
facilitates
the
Policy
Development
process
• Members
have
access
to
APNIC
services
including
IP
addresses,
ASN
numbers,
MyAPNIC
tools
and
subsidized
training
• APNIC
helps
members
to
create
Reverse
Delega?ons
• APNIC
encourages
organisa?ons
to
request
for
IPv6
addresses
• APNIC
is
involved
in
various
projects
in
the
APNIC
region
85