Notes taken by Bruce Campbell.
Statistics and Activities
Internet Number Resource Status Report
RIR Activities Joint NRO individual
IPv4 /8 Address space status IANA reserve 2nd largest after 'Central Registry' (91 and 94)
Q: Clarify what the experimental (16 /8s) is?
A: The old 'class E' space
Q: Would that be allocatable space?
A: Problem with doing that is that its hardwired (into various software/hardware etc). Don't know what IANA's plans are for it or IETF's.
Q: We don't know what the experimental space is being used for.
IPv4 Allocations RIRs to LIRs/ISPs - Yearly comparision. People in Asia not having any trouble getting IP space
IPv4 Allocations RIRs to LIRs/ISPs - Cumulative Total
Q: How has this changed from last IEPG?
A: Its gone up, largest jump is the RIPE NCC
ASN Assignments from RIRs to LIRs/ISPs - Yearly Comparison all RIRs roughly following the same curve ARIN has the largest chunk in cumulative total
IPv6 Allocations RIRs to LIRs/ISPs - Yearly Comparision Largest is RIPE NCC, ARIN 2nd and APNIC following
Total IPv6 Allocations from RIRs to LIRs/ISPs by economy All other countries, JP/US (equal), DE, NL, UK
Number resources in Africa across RIRs Estimations: IPv4 /24 37890 IPv6 /32 4 ASNs 179
ASO: currently with APNIC, moving to RIPE NCC 2004
Outreach: Participate in WSIS
Coordination: NRO MoU
Policy: IANA to RIR v4 & v6, RIR to ISP/LIR v6 200 /48s in 2 years - arbitary number
ERX Project - Early Registrations eXchange Moving at a steady pace, no real hiccups
Staff Exchange Primarily outreach/communications related
RIR / ICANN MoU
Number Resource OrganisationFormalise the RIR coop efforts
servicesProvide single interface to RIRs
ICANN - service contracts, budget, etcProtect the bottom up policy process
IETF - addressing issues eg 6to4
Protect the Unallocated Number Resource Pool
Single Point of Failure in form of IANA (contract)Organisation:
Need a fallback place.
Exec council (1 from each RIR board)
Next meeting with LACNIC meetingNumbers Council
Would take role of current address councilSecretariat
3 from each region - 2 at-large and 1 appointed by RIR boards
APNICAPNIC 16 Policy Update:
List of proposals - ref slidesTechnical Services
Create a guidelines document to explain existing IPv6 policy more clearly.
Anycast root mirror serversNext APNIC Open Policy meeting in conjunction with APRICOT 2004 in KL
F - Hong Kong, Seoul, BeijingDatabase cleanup
New agreement with I
5 sites in planning for deployment in next 6 months
Stronger (db) auth
Improved stats and graphics
Collecting Overdue AccountsPolicy Proposals (ARIN-X)
Q: Whats the timescale for the completion of ERX?
A: Cathy: class Bs in April, 2 (/8s) with class Cs. Would be 2nd/3rd quarter 2004
5 deferredOn-demand training
8 going to last call
Registration processes flowcharsNext Meeting - Vancouver BC, CA, April 18-21 2004
ARIN database and templates
Querying ARIN's WHOIS
Just completed first full year of operation. Very positive evaluation, growing at a good rate.
v6 services before end of yearpolicy:
SIARI (see later presentation)
Client Accounting system under dev - more interactive
Customisation of ARIN's voting system with some new Add-ons
Proactive in reverse delegation lame checking with good results (see later presentation)
LACNIC 4 - April 2003LACNIC V
3 approved and now implementedLACNIC 5 - Nov 2003
dns lamePolicy development status
allocation of internet resources for experimental use
IPv6 policies revision
modifications to microallocations
nov 19-20 2003
PI task force
straw man proposal to decrease mim alloc sizeinetnum status attribute
IP address space management
IANA -> RIR
started out as RIPE NCC, will be considered in othersDocumentation renewal
Q: discussion started because allocations were being made >/24 K anycast cluster deployment done. AMS-IX/LINX/Assessing further locations.
IPv4 policy documentLIR Portal
new forms and supporting notes
RIPE NCC GM 2003
Adjacent to RIPE 46RIPE NCC Regional Meeting - middle east
2004 activity plan, budget and charging scheme - approved
Dubai 7-9 December 20032004 Activities
Improving Quality of service
shorter fulfilment timeStronger membership support
widen and improve communication channelsinformation access and quality
telephone contact (in/out)
support members ain specific areas
AFRINICCall for hosting proposals in Feb 2003 - 5 received. Via consensus, AFRINIC functions will distributed across 4 locations:Questions on all RIR reports:
Mauritius - HQ and inc of AfrinicKampala Jun 2003 (AFNOG IV)
SA - technical ops
Ghana - training coordination
Egypt - mirroring and disaster recovery
AfriNIC - Johannesburg Sep 17 2003
Reviewing terms of reference for hosting countriesActivity reports
Outreach and input from local
Formal support from >20 ISPs in Africa
transition plan (complicated as 3 registries to 1)
new web site under contruction
launch of information letter "afrinic news"
Appointment of Adiel Akplogan as Project Manager
Africa address allocations from same /8 (196/8) by RIPE NCC, ARIN and APNIC: makes for easier migration
Q: Clarification of IPv6 policies?
A: You need to meet the qualification. Service Provider with expectation of 200 customers in 2 years, thats easy. End-user - nothing in any policy now for IPv6 directly from any RIRs. Go find an ISP that provides service; growth should mean that soon there will be coverage locally. Its just something that will take a while
Q: Working on a draft to denounce practice of embedding (magic) IP addresses in routers. Is there any listing of 'tainted' prefixes within the RIRs (when returned and re-issued)
A: RIRs do not keep track of the use that prefixes were put to. When it gets returned, it gets put in a pool and thats the last place we allocate from, so any issues with a particular prefix should have gone away after a few years.
A: The logical place to have a blacklist of used prefixes is perhaps IANA, not RIRs. On RFCs, 2101 (?) says its a really bad idea to embed IP addresses, but it hasn't really been followed.
A: Maybe a whois query should state this (previous purpose, its blacklisted, etc)
A: Perhaps a document (method) to pull the information down, informational RFCs, searchable
A: In order for the RIRs to do something, have to be told by their respective communities
Sistema Interactivo de Analisis de Recursos de Internet Internet Resources Analysis Interactive System
Tool to perform analysis of information in an interactive way - based on OLAP and multi-dimensional models
Java or HTML - local or remote execution - updated daily http://lacnic.net/en/siari.html (demonstration of entering interface)
Client server platform (diagram)
Cubes - repositories between users and db
Dimensions - variables to be analysed
dateMeasures - quantitative criteria to measure the variables
allocation number(demonstration of java interface)
amount of IPs
(number of) class Cs
amount of clients
(an interesting abstraction model - different levels)
questions? - [email protected]
Q: is the code available?
A: only the system is
accept delegation only on correct configured servers
Check - correct delegations weekly
- lame delegations every 2 daysreport in WHOIS output
report to contacts twice a month for lame delegations lasting
more than a week
executes a non-recursive SOA query to delegated servers
non auth answersConcept of multizone lameness - If an entity has a /20 delegated to it, and one /24 is lame, then the whole /20 is considered lame (as far as the Registry is concerned, as the Registry db only has the /20)
unknown domain name
sample of whois output
Statistics of lameness
3/12/2002 - 45.2% lame
26/6/2003 - 34.9% lame
6/11/2003 - 26.7% lame (now a breakout of specific problems)
Graph of amount of lame delegations going down over last few years, taking into account overall number of delegations going up.
Q: whats the increase in the graph?
A: multizone lame tagging - one or more (large) servers went lame
Q: The multizone thing is a registry thing, not directly DNS.
A: more coordination of the measurement terms needed
Community policy enforcing the removal of lame delegations
Check NS records correctness and glue absence (avoids excessive requeries)
Possibly adopt or work to define a 'standard' for lame delegation
Q: Are the RIRs talking about definitions?
A: Yes, but we haven't taken it much beyond RIPE45 in May (Barcelona)
A: A lot of it is specific to the way each RIR operates its database
1 min tcpdump sample every 15 min 24/7
Map to ccTLD of registry object
known limitations to accuracy of source attributionMeasure src,dst ccTLD, volumes, types
samples not retained4 points of samples - brisbane, japan, hongkong
IPv4 and IPv6 relative volume trends
v4 is relatively flatlined
v6 is relatively small, but growing.
Q: what are the interesting points in the time? (IPv6 specific)
A: some of the fuzziness is due to really low query rate Most of the peaks tend to be coincide with major conferences, or Bill Manning walking the tree.
Q: Does v6 mean queries on v6 transport?
Q Bruce: Do you have mapping of which tree (v4 or v6) comes in on which transport?
A: Not measuring that yet.
v6 queries has a slight upward trend, but has a long way to go.
DNS view of 'attacks in the net?'
Downshift in number of queries when shifted delegation model from step to flat. Spike up when the worms got released in July/August.
Curious peak of Mexico in June 2003 - possible an attack incident somewhere.
Definition of Hijacking
Individuals targeting mainly legacy IP address blocks to make
unauth changes to reg records in WHOIS
Then gives illusion that the individual now has some authority
over the resource records.
Affected includes IPs and ASNs
Misleads net ops
compromises (consistency and trustworthyness of) whois db
creates liability issues
slower response times
increased costs - staffing, legal fees
Current status (apr-oct 2003)
110 incidents opened (reported to or discovered by ARIN)
11 no evidence
84 reverted - reverted, reclaimed or returned
15 under investigation
4 direct allocations
This is mostly legacy space, so this problem will occur with other RIRs as ERX continues.
Typical hijacking MO - flowchart
Identify target (not routed, stale POCs, no POCs)
Identify associated domain information
Yes - register domain nameMay incorporate
No - register similar domain name
Make incremental changes (POC, ORG, Netmod)
They don't take steps which requires (extensive) documentation; easier to deal with them legally if they do.
What is ARIN doing?
Identified patterns used by hijackers to uncover unauth db changes
Monitor 'hijacked' mail list
( Not used as official channel of reporting, ARIN may investigate things seen there, but formally expects people to explicitly report to ARIN. )Research every reported or discovered hijacking
Document and track every case
Working with law enforcement agencies
Developed/modified processes and procedures
Developed new database 'status' attribute that can lock down records
RIR coordinationQ: Do you have a policy of handing out information (regarding investigations)? A: We have NDAs, and follow them. Must have a valid legal reason for seeing info.
What is ARIN not doing?
Reporting all incidents to law enforcement agencies
Disclosing investigation details to the general public (NDAs)
Require additional verification info
tax IDPursue legal options
raised seal corporation documents
Revise the registration services agreement
add AUP clauseDisplay WHOIS historical 'change log'
strengthen transfer clause
(this is a good idea)Stronger validation software
bi-annual whois data validationmore stringent authentication, authorisation and accountability
Possible actions - legacy records
seperate registration database (Registry of Legacy Resources (RLR)
contains all legacy records
no updates permitted without joining an RIR, or validated updates within the RLR to NS and POC records, on a fee-for-service basisLegacy space holders encouraged to move their records into the RIR system over time
Pre-RIR contractual relationship
criteria to determine user legitimacy
What can you do?
ensure ORG and Resource records are (kept) updated
your recordsUse stronger authentication methods
TTM service shows (a.o) routes at the IP level
inside an AS usually not that interesting
except for a few very big ISPs
load balancing, backup-router, renumbering
different AS path usually very interesting
Added AS information
Used IRR to do the mapping
How accurate is the mapping?
Which IRR? About 60 of them
Used RIPE NCC, plus ARIN, ARPNIC, CW, RADB, Verio
1 day of TTM data
3618 unique IP addresses
IRR finds an AS for 2856 IPs (79%)
Looking at Routing Table, one finds an AS for 3584 (99%)
54 (IPs) not in IRR
17 outdated IRR information (AS no longer there!)
11 in aggregates (less specific in IRR)
9 multiple objects in IRR
5 not in routing tables (IX's)Solution: Build a better tool for IP2ASN mapping
Q: Can you define 'unique IP addresses' ?
A: 50 measuring points, uniqued that way.
Use routing tables
RIS has views from all over the world
this tool can be useful for other tools and services
Add a public interface to tool
A new interface to RIS data
answers in RPSL
provides a quick summarised view of prefixes seen in an entire set of RIS collected RIB dumps
use existing tools
all in memory, no external queries, fast
Example-0 - see slide
Example-1 - see slide - shows less specific (aggregate) route
Example-1b - see slide - only the aggregate was registered in an IRR
Example-2 - see slide - show IPv6
What is it good for:
A quick view in the distributed route collector data
how is my address space announced worldwide?
Assigning origin AS numbers to IP addresses
traceroute with AS infor, AS level traces
up to now, tools consulted IRRs, and possibly invalid data
LimitationsA (recent) snapshot of the RRC routing tables
No sense of history
Existing RIS tools invaluable for more detailed data, but they take longer to complete (exhaustive backend db searches)M/ul>
How to query:
Default output - any whois client
RIPE whois client
Q Elise: Are any other RIRs considering adopting this type of tool?
A: I hope so, but this was released on Friday, so don't know yet
Emphasis on Geoff's point of view, not an RIR point of view.
Reworking of July model (see prev IEPG)
Modelling the process step function of RIR/IANA reserves End of reserves predicted around 2025.
Its noisy data, lots of spikes applied smoothing
applied models to the data - linear and polynominal
But which model to use to get the best predictions?
Downward trend in rate of growth
Q: Is it economy or policy basis?
A: My personal (George) view is its economic, not RIR policy basis.
4-5/8 blocks in 99-00, now 2-4/8 blocks per year
Log of (smoothed) data
More recent data shows a declining rate in growth of the log of the data. (ie, the rate of growth is decreasing)
George Comment - available data is small, and all projection models (linear, poly, exponential) currently fit.
Observations see slide
Modelling the process see slide
Exponential shows next 2 decades - 2018 - 2020 Linear shows next 3 decades - 2030 - 2037 other model shows slightly longer - 2030 - 2040
Questions: Externals: what are the underlying growth drivers? What forms of disruption? effects of the disruption?
Q: Agree with Geoff in economics - some global issues missing, take china, its currently on an upward slope in history. (more about economies - not many have enough address space for 20% of population). Potential for some economies to explode in growth and change projections significantly.
A: Yup. Noise in some media about a 2year horizon for addresses. The longer time (of any model) needs to be in the public eye.
Q: That story came up through the BBC - reporter asked what would cause depletions, the 2 years is a worst worst case, eg all telephones etc.
Q: Its a 20+ year prediction based on 2-3 years of data. No-one knows whats behind NATs etc. New applications, new (exploding) countries, very difficult to model
A: Would slightly disagree with some things not being taken account of. Eg, APNIC had a /10 request for a 3g network, should be in Geoff's data.
Q: Things may change in that (and other) space. They (3g) might figure out how to get past it quickly. Could also be a driver of IPv6 (if they can't get IPv4 quickly enough). If these things start happening, the model will be skewed.
Q Kurtis: More what you are seeing is that the state of the economy is preventing growth to the extent that effects of RIR policy could be seen.
A: Yes, also reflected in change in memberships (mergers and acquisitions), so change in allocation rate.
Q Ray: Same in ARIN meeting, a lot more companies that effectively get address space by acquisitions than direct from RIR.
Q: Pricing models of ISPs affect (end-user) uptake
Q Kurtis: 3g networks might copy 2g networks and NAT everything.
A: Yes, NAT pressure isn't about addresses, its about control.
A: the whole presentation isn't good for IPv6, if the drive is economic.
Q Brian: There is a clear argument that there is a demand for IPv4 availability, suppressed by NAT. Its not about address space at the moment, its about (end-to-end) connectivity. We don't know what the demand (and growth) rate would be without NAT.
Q: ( Applications can be NAT'd, continuing the possible suppression of demand )
Q: Data is from poor economic performance globally, could change remarkably as economy improves. (Awareness of?) v4 availabilty could delay IPv6 rollout.
A: And could be a crux point in the future.
Q: Important to give clear message that IPv4 can continue until much longer under current economic conditions, but need to move to IPv6 (?)
A: Study to do potential size of the (suppressed?) demand pool. Measurements are good.
Q: No-one is criticising Geoff's projections based on data - its the reasons driving the data that are being looked at.