internet number resource management. part 1 introduction afrinic audience tea breaks / lunch
TRANSCRIPT
Internet Number Resource Management
PART 1
Introduction
• AfriNIC• Audience• Tea Breaks / Lunch
Session Objectives
• About AfriNIC• Introduce participants to the fundamentals of
Internet Number Resource Management• Dealing with AfriNIC in getting and managing
Internet number resources.
Content
Introduction to Internet Number Resources & How they are Managed Internet Number Resources Understanding policies and the policy development process About AfriNIC : Who we are, what we do How to become an AfriNIC member Membership Options, Fees structure Preparing your number resource requests NAT & IPv4 Address planning IPv4 Address Exhaustion : Facts & Figures Brief Introduction to The AfriNIC ‘whois’ service.
About AfriNIC
• RIR (Regional Internet Registry) that serves Africa. – ICANN recognized in 2005
• Not-for-profit• Membership open to entities located in the
service region.• Located in Mauritius.– Infrastructure (public services) located in South
Africa.
About AfriNIC
• What we do:– Manage the distribution of Internet Number
Resources in Africa– Facilitate development of number resource
management policies– Design and deliver training on technical issues
around number resource management– Work with and support internet development
initiatives around the continent
Internet Number Resources
• IP Addressesv4/v6
• AS Numbers16/32-bit
• Reverse DNS Delegations *.in-addr.arpa..ip6.arpa.______________________________________________
* not a number resource per-se, but a service provided by all RIRs in tandem with v4/v6 registration .
IP addresses
• An IP address is a “number” that identifies a computer or device on the internet (or a network)
• Every computer requires an IP address in order to connect to or be part of any network, or the Internet.
• There are currently two “versions” :– IPv4 (pool soon running out)– IPv6 (The “Next Generation”)
Who issues IP addresses? (1/3)
• IP addresses are managed and distributed by Regional Internet Registries (RIRs).
• A RIR is a non-profit body that manages the issuance of IP addresses and other number resources within a particular geographical region.
• There are currently 5 RIRs: AfriNIC, APNIC, LACNIC, ARIN and RIPE NCC
Who issues IP addresses? (2/3)
Registry (RIR) Region Served
AfriNIC Africa (including Mauritius, Seychelles, Madagascar)
ARIN USA & Canada
LACNIC South America & the Caribbean
APNIC Asia & Australia
RIPE NCC Europe & the Middle East
Who else issues IP addresses
• Addresses can also be obtained from your upstream/gateway provider
• Gateway providers often find it difficult to adequately understand and service the increasing IP needs of developing countries.
• Obtaining addresses from gateway providers often degrades other services (such as geo-location).
Why do I need own IP addresses?• To increase your network’s reliability by multi-
homing – having more than one connection point (upstream) to the internet.– If one connection becomes unavailable, the router
connects to another available network, hence no visible downtime.
• Eliminate dependency on upstream ISP for addressing needs and hence:– Avoid renumbering when changing ISPs– Plan, manage and scale own addressing
requirements.
Can I buy/sell IPv4 Addresses ?
• Section 8 of the RSA says:– “NO PROPERTY RIGHTS. The Applicant acknowledges
and agrees that the numbering resources are not property (real, personal or intellectual) and that The Applicant shall not acquire any property rights on any numbering resources by virtue of this Agreement or otherwise. …“
– AfriNIC could cancel the RSA (and revoke any resources) if there’s evidence of such.
– Community can address such issues through the PDP.
AfriNIC Resource Pool
• IPv4:41/8, 102/8, 105/8, 197/8, Legacy Space.
• IPv6:2c00::/12, 2001:4200::/23
• ASN:36864 – 37887, 327680 - 328703
IPv4 Addresses Issued in the Region
AfriNIC IPv4 Pool Status
• Four /8s plus (non-contiguous) legacy/ERX address blocks.
• Approx 73m IP addresses left in pool (as at April 2011)
• Average Monthly Consumption Rates:– 2011: 680,256 addresses– 2010: 710,080 addresses– 2009: 500,000 addresses
AfriNIC IPv4 Pool Status
Block Issued Utilized41/8 May 05 99.05 %
102/8 Feb 11 12.50 %105/8 Nov 10 0.00 %197/8 Oct 08 55.05 %
* Excludes Legacy/ERX address blocks.
Questions
Address Management Principles
• The Internet has evolved into a basic need (just like water, telephony, energy).
• IP addresses are a public resource, critical for the operation of the Internet.
• No entity can claim “ownership” of these resources.
• ICANN has delegated regional management to the RIRs.
Address Management Principles The Hierarchy
Address Management Principles
• AfriNIC acts as the custodian of the IP address/number resource pools.
• The public (the community) create the guidelines and processes (called policies) that AfriNIC must employ to distribute the addresses.
• The policy development process is itself created and continually reviewed by the community.
Address Management Principles
• The policy development process is 6-part:– A new proposal (or change to existing policy) is
proposed by anyone from anywhere.– It’s posted on the (AfriNIC-hosted) policy discussion
mailing list ([email protected]) and discussed for at least 30 days.
– It’s presented at an AfriNIC face-to-face meeting.– If there’s consensus at the f2f meeting, the proposal is
posted to the mailing list again for a 15-day “last-call” period, for any comments arising after the presentation & discussions during the f2f meeting.
Address Management Principles
– If there are no serious objections during the “last-call” period, the proposal is sent to the AfriNIC Board of Directors for approval & ratification.
– AfriNIC implements the requirements in the proposal and it becomes an active policy.• Implementation of a policy does not necessarily make it
permanent. A proposal to modify existing policy can be drafted.
Address Management Principles:The PDP
Address Management Objectives
• Conservation (chiefly applies to IPv4):– Efficient resource usage– Demonstrated need
• Aggregation– Limit routing table growth– Support provider-based routing
• Registration– Uniqueness– Network troubleshooting
Questions
How to Request IP Addresses
Types of Membership
There are 2 types of membership: LIR : (Local Internet Registry) – usually ISPs. Can
assign from allocated resources to other parties (e.g., customers)
EU : (End User) – plan to use requested resources only internally, never to issue to a third party.
How to Request IP Addresses (1/2)
• The procedure is 4-part:– Apply for membership (from the AfriNIC website)– Request for IP address space. The request is
evaluated once received.– Pay the membership fee upon request approval– Membership is approved and IP addresses are
issued by AfriNIC.
How to Request IP Addresses (2/2)
How to Request IP Addresses
Applying for Membership
Member Organizations must be:o Incorporated in Africao Having IP network infrastructure in Africa
Individual (non-company) memberships not allowed.
How to Request IP Addresses
Applying for Membership
Documents to support the application include the following:– Certificate of Incorporation– Proof of Address/Location• Tenancy Agreement• Utility bills (Energy, Telephone).
How to Request IP Addresses
Applying for Membership
https://my.afrinic.netClick on “Register”Fill in the online form and submit
How to Request IP Addresses
Allocation (PA – Provider Aggregatable)An allocation is a block of IP addresses that has been allocated to an LIR for subsequent distribution.
Assignment (PI – Provider Independent)An assignment is a block of IP addresses delegated to an organisation for specific use within the Internet infrastructure they operate.
How to Request IP Addresses
The Registration Services Agreement (RSA)
The RSA is the contract between the member and AfriNIC.
It’s automatically generated from filling the online application form.
An original signed copy must be sent by courier to Mauritius.
IP Address Eligibility CriteriaIPv4 IPv6
ISPs (LIRs):
Be (or request to be) an AfriNIC Member Be (or request to be) an AfriNIC Member
• Either show proof of existing utilization of address space from an upstream ISP, or justify an immediate need of address space.• A combination of the two factors is also possible and acceptable.
Plan to provide IPv6 connectivity to a reasonable number of end-sites / customers in the AfriNIC service region.
Plan to announce the requested prefix on the internet within 12 months of acquiring it (also applies to EU below)
End-Users:
Be (or request to be) an AfriNIC Member Be (or request to be) an AfriNIC Member
Either show proof of existing utilization of at least a /25 from an upstream ISP or justify an immediate need of at least 50% of total requested space.
Hold IPv4 End-User space or possess the eligibility criteria to obtain the space.
How to Request IP Addresses
Important: Have the following handy:
To verify your need for IP addresses:Contract(s) with your gateway/upstream ISP(s)Proof of purchase and/or installation of
equipment.Licenses (where needed) from your telecoms
regulator.
How to Request IP Addresses
Other things you should know:Plan your addressing requirements for only
the next 12 months.Ask for both your core network, and what
your customers will need.Do not plan to hoard.Do not ‘NAT’ unless necessary (.. for purpose
of ‘conserving’ addresses?).
What about IPv6
• Any member holding IPv4 space, by nature of current IPv6 policy, can get IPv6.
• Just request for it, you’ll get it – ISPs (LIRs): /32– End Users: /48
• No additional charges to the annual recurring membership fees!
What about IPv6
• ISP/LIR /32 allocations are issued out of a reserved /29. A contiguous prefix will be issued subsequently.
• End-User /48 assignments are issued out of a reserved /44.
• At the time of requesting, any prefix size will be issued if justified.
What about IPv6
Policy requires that the received prefix be announced within 12 months of receiving it.
Prefix Organization Issued Advertized
2001:43f8:2a0::/48 University of Botswana May ‘11 Yes
2001:43f8:2b0::/48 Botswana Post. May ‘11 No
2c0f:ff00::/32 Botswana Telecoms. Nov ‘10 No
IPv6 delegations / annum
IPv6 Distribution by Country
Questions
Reverse DNS Delegation
• Reverse DNS: The process of resolving an IP address to a domain name (the opposite of forward DNS).
• One of the core services provided by RIRs• Root of rDNS db:– IPv4: .in-addr.arpa.– IPv6: .ip6.arpa.
• Resolution process is by PTR DNS records.
Reverse DNS Delegation
Common uses of RDNS:• Most ISPs will block mail from relays without
valid PTR record.• Most mail servers will also reject mail from
relays without valid PTR record.• Network troubleshooting tools: Tend to use
PTR records when logging hosts (to make it more human-readable). Traceroute, ping, syslog, etc
Reverse DNS Delegation
• Setup the name-servers that will serve the reverse zones.– AfriNIC does not operate commercial DNS services
or offer secondary services.
• Tell AfriNIC about the zones + configured name-servers.– Through MyAfriNIC (web-portal for members).– By creating “domain” whois database objects.
Questions
The whois db
• “whois”:– a ‘query/response’ protocol.– defined in RFC3012 : “Whois Protocol
Specification”.– Used to query and interact with databases that
store information about an internet resource.– Implementations vary but the principle is the
same.
The whois db
– All AfriNIC-issued resources are publicly availed in the AfriNIC whois database.• IP addresses, AS Numbers, Reverse DNS information• Contact information for each of the above:
– Physical Address– Telephone Contacts– Email addresses
– Do not provide information for listing if it is not meant to be public (such as the CEO’s email address, etc).
Uses of the whois db
• Very useful tool for LEAs in fighting cybercrime. – 1st point of contact for looking up IP addresses &
associated contact info.
• IP address geo-location tools.– Google (browser country identification)– iTunes? (content for different economies)ETC
The whois db
• How to query/search the AfriNIC whois db:– From any browser: http://whois.afrinic.net– Using software “whois clients”:• OSX/Linux: Use the ‘whois’ command from the shell.
Install it if it’s not installed. (From http://whois.sourceforge.net )• Windows: Many tools exist but are not free. The best
free option is the browser (above).
Help & Support• Requesting IP addresses, and status of all ongoing
requests:[email protected]+230 403 5100+230 466 6616Skype: skype2afrinic
• Membership applications [email protected]
• Any other inquiries:[email protected]
QUESTIONS