LIR Handbook - RIPE Network Coordination Centre
Contents
1. Public Services Regional Registry Structure As we mentioned before the RIPE Network Coordination Centre RIPE NCC is one of 5 Regional Internet Registries RIRs providing allocation and registration services to support the operation of the Internet globally 17 The other RIRS are APNIC in the Asia Pacific Region ARIN in North America excluding Mexico LACNIC in Latin America and in the Caribbean Region AfriNIC in Africa The five RIRs receive address space from the IANA Internet Assigned Numbers Authority and in turn allocate the addresses to the LIRS Below you can find a world map Showing the in to the RIR regions Regional Internet Registries Service Regions LACNIC Fig 1 1 The RIR Service Regions RIPE NCC in the Global Context You can find the Global RIR organisational structure at http www ripe net info resource admin structure html The IANA is a function of the ICANN Internet Corporation for Assigned Names and Numbers The ICANN is a non profit corporation that was formed to assume responsibility for the IP address space allocation protocol parameter assignment domain name system management and root server system management functions performed under U S Government contract by IANA and other entities ICANN has various supporting organisations each having a specific area of expertise The Address Support Organisation ASO is one of them The RIRs are2. If you change the primary key of an object you are not modifying the object but creating a second object with a different primary key See Appendix 6 for a list of Database object templates The primary key is marked for each one of them You cannot change the primary key of an object If you modify the primary key you will create a new object 2 4 3 The mntner object mntner objects protect other objects in the RIPE Database You should include the following attribute in objects to be protected by a mntner object mnt by name_of_mntner Only individuals who know the password of the mntner object can change your objects When someone tries to update create modify delete a Database object that includes a mnt by name of your maintainer line the update request email or web has to contain the correct authentication token password signature The Database server will compare the authentication supplied with in the auth attribute of the mntner object that is referenced in the object s mnt by attribute in order to determine whether or not they are authorised to make the update It is mandatory to include a mnt by attribute in every database object ALL your objects have to be protected In additional to authentication details the mntner object contains information on contact persons and notification details Therefore mntner objects can also be used to notify you of any ch
3. SOO Compose no subject E m S la Gi Send Contacts Spell Attach Security Save To j auto dbm ripe net Subject NEW Preformat 18 variable width P E slat BT ul E II II LU D 0 07 person Susan Fowler address Singel 258 Amsterdam phone 31205354444 nic hdl auto l mnt changed susfowler bluelight nl RIP password kormos A few minutes after sending the email you will receive an email confirmation back from the Database robot once your request has been processed It is a Summary of update message containing Number of objects found in the email Number of objects processed successfully Number of objects processed with errors e Object templates with errors clearly marked and explained at the appropriate attribute line The error report clearly identifies the correction that needs to be made To create an object in the RIPE Database via the e mail interface you must e obtain an object template empty form using the t flag at this URL http www ripe net whois type t lt object type gt fill it out e send it to auto dbm ripe net 2 4 5 Creating objects using the Syncupdates The Syncupdates tool allows you to create and modify objects in the Database in a similar way to the email interface but using a web interface In order to create your object you need to get the template from http www ripe net whois and follow the same procedur
4. attribute used in the queries are lookup keys for the inetnum object whois 80 8 4 0 80 8 5 255 whois FR FT WIC whois 80 8 4 7 Individual IP addresses can be queried the most specific smallest inetnum object and the most specific route object containing that address will be returned The following query would NOT give you any useful results since the descr attribute is NOT a lookup key for the inetnum object whois France Telecom Wanadoo Interactive Cable lt YOU GET NO RESULTS TIP To see how lookup keys work compare the above commands with the inetnum object and inetnum object template in Section 2 2 Database Objects How do I use flags when querying the RIPE Database The RIPE Database has several optional flags which can be used either alone or in combination when doing a query The flags can be entered with the search term in the search field or you can click on the Advanced search Form button and you can use the check boxes to select the flags that you want to use for your 25 search For more information on flags see hitp www ripe net db support whois refcard pdf Here are some ofthe most important flags that you can use when guerying the RIPE Database For the complete list have a look at the document RIPE Database Queries Quick Reference Card at http www ripe net db docs html Option Function default most email
5. htto www ripe net ripe docs ripe 509 When our reserves are exhausted we will begin to distribute IPv4 addresses from 185 8 according to section 5 6 of ripe 509 http www ripe net ripe docs ripe 509 use of last for pa allocations This policy states that each Local Internet Registry LIR will receive one 22 1024 IPv4 addresses from 185 8 upon application for IPv4 resources In order to obtain this 22 allocation the LIR must already have requested an IPv6 allocation For more information about how to deploy IPv6 please see IPv6 Act Now http ipv6actnow org As we unable to anticipate consumption rates we cannot fully predict how long our reserves will last However we would like to reassure you that our supplies will not be exhausted within the coming months Our Registration Services Department has seen an increase in the number of IPv4 requests in the last few days and is working hard to evaluate all requests We ask for your patience during this busy period 1 RIPE and the RIPE NCC Overview RIPE and the RIPE NCC are two distinct entities although dependent on each other In this section you find some background information about both RIPE and the RIPE NCC Their structure and activities are outlined as well as their relation to other organisations Learning objectives e To understand the differences between RIPE and the RIPE NCC e To recognise both RIPE and the RIPE NCC e To understand how to take p
6. look up key inverse key inverse key inverse key inverse key inverse key inverse key inverse key Attributes of the Organisation Object organisation Specifies the ID of an organisation object Organisation IDs are automatically generated by the RIPE Database Similar to the way nic hdl s are generated for person objects The user must fill out the organisation attribute as AUTO lt digit gt e g AUTO 1 during the creation of the organisation object The user can specify initials e g AUTO 3AB The RIPE Database robot will create an organisation object e g ORG AB23 RIPE in the above case The organisation ID cannot be reused If an organisation ID was used previously by an organisation object and then deleted this ID cannot be used in new organisation objects When an organisation changes name the org name can be modified accordingly There is no need to change the organisation ID org name Specifies the name of the organisation that this organisation object represents in the RIPE Database This is an ASCII only text attribute The restriction is because this attribute is a look up key The whois protocol does not allow specifying character sets in queries The user can put the name of the organisation in non ASCII character sets in the descr attribute if required org type Specifies the type of the organisation The possible values are IANA for Internet Assigned Numbers Authority
7. mrrreararereererea Section 10 3 p108 p113 mnt domains reverse delegation nnnc Section 11 p114 Person and role objects nic hdl A Section 2 4 p31 p34 Ehe DEE Section 6 1 p64 LIR contact persons e e aeaea A EEEE AE ER Section 3 1 p39 p40 IREO e UE EH EE p42 Difference between LIR contacts and tech c admin c SECUHO MOST p66 Difference between LIR contacts and LIR Portal user accounts Section 9 2 p93 How many IPs can I assign to an End User today without asking Section 7 4 p78 Organisation el E EE Section 10 9 p111 Test RIPE Test Database Section 10 7 p111 SABAS NEE Section 14 4 p135 GLOSSARY a a enama eee nr riie ja et Appendix 5 p165 e Some definitions that you can find easily in the Table of Contents on page 5 are not listed here e g the difference between RIPE and the RIPE NCC is obviously found in Section 1 RIPE and RIPE NCC e For a graphical overview of the relationship between RIPE Database objects see Appendix H This book can be found online at www ripe net trainingAir I am an LIR but am not familiar with all these RIPE Policies and Procedures just want some IP addresses What should do Optional but advisable Get an LIR Portal account See Section 9 LIR Portal in this book Come to a free LIR
8. END PGP PUBLIC KEY BLOCK admin c AX26 RIPE tech c BZ66 RIPE mnt by EXAMPLE MNT changed joe example net 20020117 source RIPE Fig 10 2 The key cert object PGP Itis possible to fill out the 3 generated attributes method owner fingerprint when creating a key cert object You will only get an error if the generated values don t match with what you have filled out 10 3 Hierarchical Authorisation mnt lower mnt routes 104 Authorisation of the creation only creating of objects directly one level below in the hierarchy of an object type for inetnum route or domain objects is done by using a maintainer in the mnt lower and mnt routes attributes The allocation inetnum objects are maintained by the RIPE NCC so you cannot update the allocation for your LIR in the RIPE Database Please use the Allocation Editor of the LIR Portal see Section 9 LIR Portal to update the allocation object with a specified mntner in the mnt lower and mnt routes attributes Authorisation of the creation of route objects is enforced by using the mnt routes attribute in the aut num object see also Section 14 7 RPS Security It is possible to distribute hierarchical authority over parts of the address space by creating inetnum objects with the either status SUB ALLOCATED but only if qualify for a sub allocation or status LIR PARTITIONED and by using mnt lower and mnt routes attributes pointing to the different mntner obj
9. PREFACE 0 1 Course Background The RIPE NCC provides training courses for its members Local Internet Registries LIR It is important that LIRs keep informed and remain up to date on the policies and procedures for IP address allocation and assignment The course is designed to provide LIRs with the support needed to carry out their business efficiently with all the issues related to their communication with the RIPE NCC and the services of the RIPE NCC Funding for the courses is provided by the membership fee paid by the members The LIR Training Course is a membership activity of the RIPE NCC 0 2 Course Objectives The main objective of the LIR Training Course is to teach the membership of their responsiblilities as LIRs in IP resources administration so that can interact with the RIPE NCC in requesting Internet resources The target audience for the LIR Training Course are new LIRs and new staff of established LIRs The course does not go into great detail on each topic It provides a solid overview and suggests pointers to more detailed information Relevant examples are used in each section Course Schedule 9 30am 4 30pm Secondary objectives include Informing LIRs of policies and procedures and the importance of their involvement in RIPE Liaison with membership giving the members a chance to meet theRIPE NCC staff The course is NOT designed to Attempt to inform LIRs about the goings on in the Internet Ex
10. RIDE ei l 12 A t 4 AO Q h jV i aD ge PY N CC LIR Handbook January 2017 RIPE NETWORK COORDINATION CENTRE Most Important Definitions at a Glance just want some IP addresses What should do ENNEN p5 IPv4 Address Space Exhaustion mmnnai Preface o e eee p12 Whal is am HIE Sectiony ii 2 pre eee p15 Aller att Section 3 2 pene eee p43 AE LEE Section 3 2 and 4 p43 p47 Assignment WW Ile ele EE p75 Eu Della Section EE p89 Valid ASSIGNMENTS aate EE Section 6 6 p71 Valid RIPE Database objects AAA Section 6 6 and 6 7 p71 p72 Communication Process for Assignments E E GE p47 GDA Ee oa se eee ei tuumata st iste aS Appendix F What netname should I use for my assignment Section 4 3 2 and 6 1 052 p67 Differences between RIPE DB Syntax and RIPE Policy Section 6 7 p73 LIR s own infrastructure cece ceeeceee EE Section Fok eens eee p84 Verification requirements for Broadband assignments Section S lee eee p59 Difference between PA and PI addresses Section i IA p129 IP management tools a onn maa cone sen ee meee eee SeCHON G 2see eee eee p68 Protecting your objects in the RIPE Database mntners Section 2 4 3 and10 2 p36 p101 mnt lower mnt routes
11. Webupdates is a web based tool to update the RIPE Database that you can find at http www ripe net webupdates OR https www ripe net webupdates Webupdates provides a web based graphical user interface with the functionality for e Adding creating objects deleting or modifying existing objects e Adding or deleting attributes in an object or changing their order in an object e Providing password based authentication for updates At the top of the Webupdates web page there is a menu with a list of actions you can choose from Help Add Edit Authorisation Select Source Query Database Copyright Updating RIPE Database Help Displays the help screen Add Allows you to add new objects in the database Edit Allows you to modify or delete existing entries in the database Authorisation Allows you to provide a password for updates Select Source Allows you to select a different database to update e g the RIPE Test Database Query Database Redirects you to the database query web interface Copyright Displays copyright information To create a person object using Webupdates click Add on the Webupdate page and then select person from the drop down menu gives you an empty template to create the object Here is an example of a filled out template RIPE About RIPE NCC Contact Search Sitemap Le MOLL Updating the RIPE Database home gt RIPE Database gt
12. IPV6 ALLOCATION AND ASSIGNMENT POLICY http www ripe net ripe docs ipv6policy html IPV6 FIRST ALLOCATION REQUEST FORM IN THE RIPE NCC SERVICE REGION http www ripe net ripe docs ipv6 initial html SUPPORTING NOTES FOR THE INITIAL IPV6 ALLOCATION REQUEST FORM IN THE RIPE NCC SERVICE REGION http www ripe net ripe docs ipv6 supp initial html IPv6 END USER SITE ASSIGNMENT REQUEST FORM http www ripe net ripe docs ipv6 assignment request html SUPPORTING NOTES FOR THE IPV6 END USER SITE ASSIGNMENT REQUEST FORM IN http www ripe net ripe docs ipv6 supp assignment html IPV6 ADDRESS SPACE MANAGEMENT http www ripe net ripe docs ipv6 sparse html NEW VALUES OF THE STATUS ATTRIBUTE FOR INET6NUM OBJECTS http www ripe net ripe docs new value status html IPV6 ADDRESS SPACE POLICY FOR INTERNET EXCHANGE POINTS http www ripe net ripe docs ipv6 policy ixp html IPV6 INTERNET EXCHANGE POINTS ASSIGNMENT REQUEST FORM http www ripe net ripe docs ipv6request exchangepoint html SUPPORTING NOTES ON THE IPV6 INTERNET EXCHANGE POINTS ASSIGNMENT REQUEST FORM http www ripe net ripe docs ripe 372 html IPV6 ADDRESSES FOR INTERNET ROOT SERVERS IN THE RIPE REGION http www ripe net ripe docs ipv6 rootservers html PROVIDER INDEPENDENT PI IPV6 ASSIGNMENTS FOR END USER ORGANISATIONS htto ripe net ripe policies proposals 2006 01 html RIPE IPv6 WORKING GROUP http www ripe net ripe wg i
13. RIR for Regional Internet Registries NIR for National Internet Registries LIR for Local Internet Registries and OTHER for all other organisations ref nfy Specifies the e mail address to be notified when a reference to the organisation object is added or removed This should be an e mail address as defined in RFC 2822 mnt ref Specifies the maintainer objects that are permitted to add references to the organisation object from other objects Only if you can pass the authentication of the maintainer in mnt ref can you reference the organisation object in another object using the org attribute 113 114 See below an example of an organisation object You can include the attribute org ORG SANT1 RIPE in all other objects that reference this organisation object In all inetnums person objects etc belonging to Santa s Workshop Inc organisation RG SANTI RIPE but only if you can pass the authentication of org name Santa s Workshop Inc the mntner in mnt ref org type LIR remarks This is a dummy organisation object DO NOT reference this object as it does not exist Only for use in examples address 1 High Street address Polarcity address Northern Nowhere phone 31 20 5354444 e mail bit buckettripe net admin c HOHO15 RIPE tech c HOHO15 RIPE ref nfy bit bucket ripe net mnt ref SANTA MNT mnt by RIPE NCC HM MNT changed ripe dbm ripe net source RIPE If you want t
14. Special verification procedures apply when assigning static IP addresses The RIPE NCC requests LIRs to document and monitor their IP usage for so called always on services This is because requests of this kind are usually large and frequent Once a 20 is in use and the LIR requests more IP addresses it is asked to show efficient usage of the address space over time It is recognised that where broadband services are provided the static assignment of IP addresses with or without the use of DHCP for always on connections may sometimes be necessary In other circumstances low user IP ratios are used The majority of home users are not online 24 7 for example Close monitoring of the IP usage over time will indicate how often users are online and confirm the ratio of user IP For more info including examples refer to http www ripe net rs ipv4 ipv4 verification html For more info please see the RIPE document IPv4 ADDRESS ALLOCATION AND ASSIGNMENT POLICIES IN THE RIPE NCC SERVICE REGION at http www ripe net ripe docs ipv4 policies html This form of verification is flexible We are not restricting LIRs on how they should verify their assignments As long as it can be shown that the address space for always on is being used efficiently LIRs can choose whatever method is easiest for them Possible forms of verification include IP usage statistics generated by tools such as MRTG or RRDtool Some LI
15. The Final goal is to improve accessibility and processing capabilities http www ripe net orojects rrcc References RIPE NCC AUTONOMOUS SYSTEM NUMBER REQUEST FORM http www ripe net ripe docs asnrequestform html SUPPORTING NOTES FOR THE RIPE NCC AUTONOMOUS SYSTEM NUMBER REQUEST FORM http www ripe net ripe docs asnsupport html AUTONOMOUS SYSTEM AS NUMBER ASSIGNMENT POLICIES AND PROCEDURES http www ripe net ripe docs asn assignment html ROUTING POLICY SPECIFICATION LANGUAGE RPSL fto ftp ripe net ric rfc2622 txt ROUTING POLICY SYSTEM SECURITY ftp ftp ripe net rfc rfc2 725 txt INTERNET ROUTING REGISTRY TOOLSET PROJECT http www isc org index pl swIRRToolSe http www ripe net projects irrtoolset ROUTING REGISTRY CONSISTENCY CHECK http www ripe net ripe docs rr consistencycheck html RFC 2650 USING RPSL IN PRACTICE ftp ftp ripe net rfc rfc2650 txt ROUTING REGISTRIES DATABASES MIRRORED BY THE RIPE DATABASE http www ripe net db mirrored html RPSL EXTENSIONS FOR 32 BIT AS NUMBERS http iti twiki oub NP Asn32 cratt uijterwaal rpsl 4byteas ext 01 txt RFC 5396 TEXTUAL REPRESENTATION OF AUTONOMOUS SYSTEM AS NUMBERS http www fags org rfes rfc5396 html RPSL EXTENSIONS FOR 32 BIT AS NUMBERS http www ietf org internet drafts draft uijterwaal rpsl 4byteas ext 01 txt ASN 32 BIT TEST SERVER http www ripe net news asn test server html ASN32 BIT D
16. There is also a good overview in the RIPE DATABASE QUERIES REFERENCE CARD Default query for the address range can be performed either by submitting IP address IP range or the netname in the whois query It will return either the exact match for the submitted address range or the smallest address range that is larger than the specified range and contains the submitted address range whois h test whois ripe net 195 35 80 0 25 whois h test whois ripe net GOODY2SHOES 1 The r flag will turn off recursive lookups Recursive lookups of referenced contact person objects is the default selection If the exact match is not found the default lookup will return the least specific object found To force the database to return an exact match the x flag can be used If no matching object is found nothing is returned This flag is useful for scripts querying the RIPE Database to make sure they only produce defined results Hierarchical lookups There are several flags which enable you to find more or less specific address blocks in the RIPE Database The m flag allows the user to look up all those objects which are one level more specific i e smaller than the range you have given in your query In the case of inetnum objects this means that you can look up all those inetnum objects which are the children of the inetnum object You can query an allocation using the m flag and get all the assignments within the
17. mand opti mand mand opti mand opti opti mand opti opti opti opti mand mand atory atory atory atory onal atory atory onal atory onal onal atory onal onal onal onal atory atory single multiple single multiple multiple multiple multiple single multiple multiple multiple multiple single single multiple single multiple multiple multiple multiple multiple multiple single multiple multiple multiple multiple single single single multiple multiple single multiple multiple multiple single multiple multiple multiple multiple multiple multiple multiple multiple single single multiple single multiple multiple multiple multiple multiple multiple multiple multiple multiple single single multiple single lookup key inverse key lookup key ookup key primary look up key ji inverse key nverse key pis lookup key inverse key lookup key lookup key inverse key inverse key primary look up key inverse key inverse key primary look up key lookup key inverse key inverse key inverse key inverse key inverse key inverse key inverse key inverse key inverse key inverse key primary look up key inverse key inverse key inverse key lookup key inverse key inverse key inverse key inverse key inverse key i
18. route set names start with prefix rs All rtr set names start with prefix rtrs All filter set names start with prefix fltr All peering set names start with prefix prng For example as foo is a valid as set name In addition these reserved prefixes should not be used to start the name of any other objects e g mntner Set names can also be hierarchical A hierarchical set name is a sequence of set names and AS numbers separated by colons At least one component of such a name must be an actual set name i e start with one of the prefixes above All the set name components of an hierarchical name has to be of the same type For example the following names are valid AS1 AS CUSTOMERS AS1 RS EXPORT AS2 RS EXCEPTIONS RS BOGUS New attributes 14 8 The members attribute lists the members of the set E g the members attribute in the as set is a list of AS numbers or other as set names The member of attribute describes explicit membership in the set objects It is also an inverse look up key It is an optional attribute in aut num route and inet rtr objects The mbrs by ref attribute is a list of maintainer names or the keyword ANY If this attribute is used the AS set also includes ASes whose aut num objects are registered by one of these maintainers and whose member of attribute refers to the name of this AS set If the value of a mbrs by ref attribute is ANY any AS object referring to the AS set is a member of the s
19. 10 4 2 The mnt routes attribute eritama tevs ia v du jaa 109 10 5 IRT Database Object os its sete tala ee ae tee 110 10 6 Updating Database Objects aise riitese invite tank akkadi auk kuma vakka a k aa 110 10 7 Replacing Assignment inetnum Objects nnnrnnnannnennnannenannnnnnnnananannnnnnaa 111 10 8 RIPE Test Database ines vai saci vatia kkk ja a kulka kaa 111 10 9 OLGAMISAHOR el E 112 Tt REVERSE DELEGATION EE 117 EN e EE 117 11 2 Reverse Address Mapping iss suisivitnisas seriessensesacecntvccesanadecetses AAA Uh kaak 117 11 3 Setting Up Reverse Delegation nennnnnnnnnonnnnnnnannnannannnnnnnnannannnnnaanananana 118 11 4 724 Reverse Zone S tu pp vid its sitta sa tuka ta aka Aak KAUSE AS ea AES 119 11 5 Setting Up the Delegation Creating the Domain Object nnnnnnnennnnnnaa 119 11 6 Range Sizes That Can Be Set Up for Reverse Delegation annennnnnnna 120 11 7 Problems with the Setup sais cece ces enim eee tetas EE et otc 120 11 8 Reverse Delegation of a 16 Allocation nnnnnnnnnannnunnnnnnnnannnnnnnnnnanannnnnnna 121 11 9 Changing Deleting a Delegation neennrnnnnnonnnananannnannnnnnannnnannnnnannnenananaae 121 11 10 Common Errors when Setting Up Reverse Delegation nnnnannennnna 121 11 11 Reverse Delegation for Assignments lt 24 nnnnannnu
20. 16 1 IPv6 address format For a complete description of LIR policies for allocation and assignment of IPv6 addresses see the IPv6 ALLOCATION AND ASSIGNMENT POLICY document IPv6 Initial Allocation Policies The general requirements for IPv6 initial allocations are Must be an LIR Must plan to make sub allocations to other organisations and or End Site assignments within two years The default size of an initial allocation is 32 The initial allocation can be larger if justified To request an initial allocation e fill out the request form online via the LIR Portal e or fill out the IPv6 FIRST ALLOCATION REQUEST FORM and send it to hostmaster ripe net Before making a request please read the SUPPORTING NOTES FOR THE IPv6 FIRST ALLOCATION REQUEST FORM After the approval of the request the RIPE NCC IP Resource Analyst will create an inet6num object for the initial allocation in the RIPE Database 16 3 IPv6 Assignments LIRs do not need to obtain approval from the RIPE NCC for assignments as long as the sum of all assignments for an End User site is not are not larger than 48 147 Assignments sizes are 48 in the general case 64 when it is Known that it is only for one subnet 128 when only one device is connected for operator s infrastructure 48 for PoPs 48 for in house operations Assignments larger more than 48 to an End User site must be approved by the RIPE NCC e fill out the request form online vi
21. 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 etc 163 Appendix 4 List of Acronyms AfriNIC APNIC APRICOT ARIN ARPANET AS ASN ASO AW ccTLD CENTR DISI DNR DNS EOF EIX GM gTLD IANA ICANN IEPG IETF INET IP IRT ISP IXP LACNIC LIR NANOG NIKHEF PGP POP PPP PRIDE RA P RADB RARE RIPE RIPE NCC RIR 164 African Regional Internet Registry Network Information Centre Asia Pacific Network Information Centre Asia Pacific Regional Internet Conference on Operational Technology American Registry for Internet Numbers Advanced Research Projects Agency Network Autonomous System Autonomous System Number Address Supporting Organisation Assignment Window country code Top Level Domain Council of European National Top level domain Registries Deployment of Internet Security Infrastructure Domain Name Registration Domain Name System European Operators Forum European Internet Exchange General Meeting generic Top Level Domain Internet Assigned Numbers Authority Internet Corporation for Assigned Names and Numbers Internet Engineering and Planning Group Internet Engineering Task Force Internet Society s annual conference Internet Protocol Incident Response Team Internet Service Provider Internet Exchange Point Lat
22. 80 8 4 0 80 8 5 255 i netname 1 FR FT WIC descr France Telecom Wanadoo Interactive Cable i country i FR admin c WICT1 RIPE i tech c 1 WICT1 RIPE status 1 ASSIGNED PA remarks for hacking spamming or security problems send mail to 1 security Ciwannado com mnt by 1 FT BRX changed hostmaster iwannado com 20010828 source RIPE LI a The attributes in the inetnum object are inetnum netname descr and so on An attribute name always starts on the first column and ends with a colon Everything after the colon is the value 2 3 Querying the RIPE Database NOTE There are three common methods to obtain information from the RIPE Database e RIPE Database web interface es Whois client Glimpse search through web interface You can also query the RIPE Database using e telnet whois ripe net 23 which gives you a shell in which you can run the whois command useful when no whois clientis available or e telnet whois ripe net 43 which provides access without a shell to the whois server useful for scripts 2 3 1 RIPE Database web interface The RIPE Database web interface is the most commonly used tool to query the RIPE Database You can find it at http www db ripe net whois If you want to look up an object in the RIPE Database using the web interface you can only use lookup keys of the object as search terms NOTE If you wish to look up
23. AND ASSIGNMENT POLICIES IN THE RIPE NCC SERVICE REGION http Awww ripe net ripe docs ipv4 policies html Section 4 Requesting PA Address Space Section 5 Evaluation of Address Space Requests Section 6 Registering Address Space in the RIPE Database Section 7 Assignment Window AW Please note that as a result of implementing the RIPE Policy Proposal 2009 03 also known as the Run out Fairly Proposal the Allocation Periods Planning Periods will get successively shorter over the course of 2010 and 2011 Allocation Period 1 Jan 2010 12 months 1 Jul 2010 9 months 1 Jan 2011 6 months 1 Jul 2011 3 months Prior to Making New Allocation LIRs will be asked to correct any inconsistencies of data held by the LIR and that of the RIPE NCC records and RIPE Database If this process requires significant time LIRs and the RIPE NCC can agree on a deadline to correct inconsistent data in order to avoid delaying the new allocation An LIR s AW may be lowered by the RIPE NCC to ensure policies and procedures are met When data inconsistencies are corrected or a deadline for corrections is set and the evaluation process is complete es The RIPE NCC will allocate a new block of addresses to the LIR e The RIPE NCC will update the RIPE database with the inetnum object reflecting the allocation e The LIR can announce the new prefix to the Internet 144 Closing down an LIR Reclaiming Internet resources The RI
24. Database can be gueried by the Whois service The Database software was written according to the reguirements and specifications set by the RIPE Database Working Group RIPE DB WG 2 2 RIPE Database Objects Records in the RIPE Database are called objects Each object is a list of attribute value pairs displayed in plain text The most common objects are person role inetnum mntner route aut num and domain A template is a empty form for an object To create an object you need to fill in a template A template is a empty form for an object as you can see by the next example inetnum mandatory single primary ook up key netname mandatory single lookup key descr mandatory multiple org optional single inverse key country mandatory multiple admin c mandatory multiple inverse key tech c mandatory multiple inverse key status mandatory single remarks optional multiple notify optional multiple inverse key mnt by mandatory multiple inverse key mnt lower optional multiple inverse key mnt routes optional multiple J inverse key mnt domains optional multiple inverse key mnt irt optional multiple inverse key changed mandatory multiple source mandatory single This is an example of a template for an inetnum object To know how you should fill it in take a look at the example that follows inetnum
25. Fairly Proposal the Assignment Periods Planning Periods will get successively shorter over the course of 2010 and 2011 174 Immediate req Intermediate req Entire Period 1 Jan 2010 immediate 6 months 12 months 1 Jul 2010 immediate 6 months 9 months 1 Jan 2011 immediate 3 months 6 months 1 Jul 2011 immediate 2 months 3 months
26. LIR s AW to 21 is automatic if the criteria are met It does not have to be requested Criteria for raising the AW of an LIR frequent PA requests to the RIPE NCC well documented requests correctly registered inetnum objects in the RIPE Database no unapproved assignments made above the LIR s current AW A high AW naturally results in more responsibility for the LIR All further raises of the LIR s AW are not automatic They rely on the RIPE NCC IP Resource Analysts to spot the increased experience of LIR staff LIRs are encouraged to approach the RIPE NCC on this matter Write to lir helpOripe net if you think your AW should be raised 7 3 When is an AW size lowered Every LIR is subject to auditing by RIPE NCC IP Resource Analysts on a regular basis in order to ensure fair distribution of address space In some cases this might result in a lowering of the AW in order to correct possible Database inconsistencies or incorrect application of RIPE NCC policies See section 17 1 Audit A request for an additional allocation can also result in lowering the AW if previous assignments are registered incorrectly in the RIPE Database 77 7 4 Assignment Process to End Users Within the AW If the total size of this reguest and all assignments made to this End User within the last 12 month period excluding assignment requested from the RIPE NCC is within the LIR s AW the LIR can make an assignment
27. LIR Address Country code Remarks Telephone fax and e mail contact information LIR general e mail addresses List of subscription addresses List of authorised contacts You can update your list of LIR contacts here Billing menu READ ONLY Bill Debtor Number VAT number only for LIRs from the European Union E mail protocol for invoices LIR billing reference Payment scheme LIR category Billing phase in case of late payments Payment history date of invoices amount due paid not paid There is a direct link to the RIPE NCC Secure Registry Payment Form READ AND EDITABLE Billing Address Billing e mail Resources IPv4 menu READ ONLY Assignment Window AW history O O O Date AW size Ticket number and overview of e mail messages message bodies not shown Allocations to LIR O O O O Date IP Prefix Inetnum object in RIPE Database can be edited in the Allocation Editor menu Ticket number and overview of e mail messages message bodies not shown PA Assignments approved by the RIPE NCC O O O O O Date Size Netname Inetnum object in the RIPE Database Ticket number and overview of e mail messages message bodies not shown PI assignments made by the RIPE NCC O O O O Date Range Inetnum object in the RIPE Database Ticket number and overview of e mail messages message bodies not shown Resources IPv6 menu READ ONLY Allocations to LIR O O O O Dat
28. Only registered LIR contact persons may send assignment requests https Mirportal ripe net See also Section 9 LIR Portal 51 4 3 Completing the Reguest Form 4 3 1 4 3 2 52 As afirst example we will look at the following scenario An LIR reguests IP addresses for the network of one of its End Users Gathering Information A separate PROVIDER AGGREGATABLE PA ASSIGNMENT REQUEST FORM must be used for each End User Exception IP addresses to be used purely for point to point connections between the LIR and the End User These count as addresses for the LIR s infrastructure and can be included in the request form for the LIR For a definition of what counts as an LIR s infrastructure see Section 7 7 AW for the LIR s Own Infrastructure Information and documentation exchanged with the RIPE NCC must be in English All the information is kept strictly confidential apart from the inetnum and person objects in the RIPE Database Read Quick TIPS FOR IP AND AS REQUESTS provided by the RIPE NCC staff at http www ripe net info hm tips If you have any questions about completing the form it is useful to look first in the collection of Frequently Asked Questions http www ripe net info fagq The Request Form The PROVIDER AGGREGATABLE PA ASSIGNMENT REQUEST FORM can be found at http www ripe net ripe docs iprequestform html The format of the form i
29. Or via the LIR Portal For more information also refer to the Training webpage of the RIPE NCC http www ripe net training Routing Registry Training Course Course Objectives The main objective of the Routing Registry Training Course is to familiarise LIRs with the features of the Routing Registry and the related tools introduce relevant services of the RIPE NCC and explain basics of the Routing Policy Specification Language RPSL This is done through presentation demonstration of tools and interactive practical exercises Scope Routing Registry as a part of the RIPE Database and the Internet Routing Registry IRR Specifying routing policies using RPSL and the RtConfig IRRToolSet Routing Information Service RIS Routing Registry Consistency Check RRCC The course does NOT cover basics of routing nor any technical routing topics 155 basics of the RIPE Database operations how to receive Internet resources from the RIPE NCC how to operate an Local Internet Registry LIR Target Audience The target audience of the Routing Registry Training course is technical staff of Local Internet Registries e g network operators engineers etc This course is not intended for administrative or management staff e g Hostmasters It is assumed that all attendees will be familiar with BGP routing and with the basics of the RIPE Database operations creating modifying objects 18 3 IPv6 for LIRs Training Course Course Object
30. PI assignments will be treated as all other assignments The RIPE NCC will not assign a larger block purely for routing reasons The RIPE NCC recommends that end users use PA addresses as a small amount of addresses can be easily renumbered if necessary e As the RIPE NCC does not accept address space requests directly from end users a PI request must be made through a LIR As with PA assignments PI assignments are only valid as long as the original criteria on which the assignment was based are still valid If an assignment is made for a specific purpose and the purpose no longer exists the assignment is no longer valid Example RIPE Database Entry The PI assignment object will be created by a RIPE NCC IP Resource Analyst based on the completed template in the request form Leave the range empty when filling out the inetnum 194 1 208 0 194 1 215 255 template in the PI netname GOODY2SHOES 2 request form descr Own Private Network 4 Goody2Shoes descr Amsterdam Netherlands country NL org ORG PIE1 RIPE admin c PIBA2 RIPE tech c JAJA1 RIPE status ASSIGNED PI 132 mnt by RIPE NCC HM PI MNT mnt lower RIPE NCC HM PI MNT mnt by BLUELIGHT MNT mnt routes BLUELIGHT MNT mnt domains BLUELIGHT MNT changed hostmaster ripe net 19991111 source RIPE Do not include the date in the template in the request form This inetnum object example shows the status and mnt by attributes in a PI assignment that
31. RIPE NCC SERVICE REGION http www ripe net ripe docs rev del html 160 IPv6 Address Space IPV6 ALLOCATION AND ASSIGNMENT POLICY http www ripe net ripe docs ipv6policy html IPV6 ADDRESS SPACE MANAGEMENT http www ripe net ripe docs ipv6 sparse html IPv6 FIRST ALLOCATION REQUEST FORM http www ripe net ripe docs ipv6 initial html SUPPORTING NOTES FOR THE IPV6 FIRST ALLOCATION REQUEST FORM htto www ripe net ripe docs ipv6 supp initial html IPv6 END USER SITE ASSIGNMENT REQUEST FORM http www ripe net ripe docs ipv6 assignment request html SUPPORTING NOTES FOR THE IPV6 END USER SITE ASSIGNMENT REQUEST FORM http www ripe net ripe docs ipv6 supp assignment html NEW VALUES OF THE STATUS ATTRIBUTE FOR INET6NUM OBJECTS http www ripe net ripe docs new value status html IPV6 ADDRESSES FOR INTERNET ROOT SERVERS IN THE RIPE REGION http www ripe net ripe docs ipv6 rootservers html IPV6 ADDRESS SPACE POLICY FOR INTERNET EXCHANGE POINTS http www ripe net ripe docs ipv6 policy ixp html IPV6 INTERNET EXCHANGE POINTS ASSIGNMENT REQUEST FORM http www ripe net ripe docs ipv6request exchangepoint html A RECOMMENDATION FOR IPV6 ADDRESS TEXT REPRESENTATION http Aools ietf org htmi rfc5952 REQUIRMENTS FOR IPV6 IN ICT EQUIPMENT http www ripe net docs ripe 501 html Autonomous System Numbers AS NUMBER REQUEST FORM http www ripe net ripe docs asnre
32. Site Map LIR Portal About RIPE Contact RIPE NCC All rights reserved After clicking search you will get the template with the attributes to create a person object Paste the template in to an email and before you complete the template make sure you delete the information from the mandatory attributes The object also has optional attributes which if you do not want to use you need to delete them from the template Make sure you do not include any empty objects in your email 800 Compose no subject o TE AB mi od AV ST Send Contacts Spell Attach Security Save To a Subject Preformat E Variable Width 3 m Lal B 7 JU 3 B G person mandatory single lookup key address mandatory multiple phone mandatory multiple fax no optional multiple E e mail optional multiple lookup key org optional multiple inverse key nic hdl mandatory single primary look up key remarks optional multiple 1 notify optional multiple inverse key abuse mailbox optional multiple inverse key mnt by optional multiple inverse key changed mandatory multiple Cal source mandatory single 1 37 After removing this information fill in your template according to the example bellow and send it to the Database robot auto dbm ripe net The subject of your email should be NEW so the robot knows that it is a new request
33. Webupdates RIPE Database Updating RIPE Database About the RIPE Database Webupdates Legend Support Information i s A e Sofware and Toots Move field up Convert field to multi line Help about the field Move field down Add another line of the same field X Delete field o DB Statistics DB Related projects DB Copyright Routing Registry News Archive a E N E Learning Centre person address phone nic hdl changed source password Add New Field password Susan Fowler Singel 258 Amsterdam 31205354444 jauto 1 susfowler bluelight nl 2 E d vi after the source ww m E E le le m m M u EI le ju m m H kd S Jg le D gt x L v Field Adda field v Force New _Submit Update Switch View person you should fill out your name in this field Don t use any titles Mr Mrs Dr address the full postal address is specified using multiple address fields or a multiline address field phone needs to be in accordance to the international standards country code first and it needs to be valid so it can be used to reach you at work 33 nic hdl the nic handle is a unigue person identifier in the database How do obtain a nic hdl The nic hdl is one of the mandatory attributes of the person object Whenever a person or role object is referenced in another object they are r
34. a Registry Identifier Reg ID which is used to identify the LIR as a registry This Reg ID may be chosen by the LIR The Reg ID is for RIPE NCC internal use and for communicating with the LIR The format of the Reg ID is lt country code gt lt registry name gt e g ni bluelight Once the organisation is established as an LIR every e mail you send to hostmaster ripe net and lir help Oripe net must include a Reg ID either in the mail header or in the body of the message preferably at the top of the message Any messages not from LIR Contact Persons or without a Reg ID or will be rejected 41 Registry File Information and Contact Persons The RIPE NCC requires the following contact information from each LIR e General organisation contact information address telephone fax e mail Names of contact persons with the nic hdl from the RIPE Database see Section 2 4 for definition of nic hdl e Billing information including VAT number if billing address is in the EU Only the general contact information will be publicly accessible on the RIPE NCC web site Contact and Billing information are not published RIPE NCC has an internal reg file on each LIR LIR Contact Persons are registered in this file Only the registered LIR Contact Persons of an LIR can reguest address space Using the LIR Portal LIRs can edit the reg file including Contact Persons Make sure to sign all e mail messages s
35. addresses hidden a search all databases b only for IP ranges show only primary key address range and abuse mailbox of contacts B show all email addresses in objects F fast raw output implies Fr G group output according to type and not relevance i search alternate server i inverse look up I find first level Less specific matches L find all Less specific matches m find first level More specific matches M find all More specific matches X find only the exact match p connect to other port than the default whois port F turn off recursive lookups SE search databases with source source E requests template for object of type type y requests a verbose template for object of type type T only look for objects of type type k keeping state of persistent connections q types a list of all available object types HELP gives a copy of the current HELP amp HOWTO document 2 3 2 Whois web interface You can query the Whois client in a similar way to the RIPE Database web interface Whois client is a command line tool for UNIX and UNIX like operating systems It can be downloaded from the RIPE NCC ftp server ftp fto ripe net tools ripe whois latest tar gz The address of the RIPE Database Whois server is whois ripe net If you use the RIPE NCC client you do not have to specify the address of the Whois server when querying the RIPE Database whois search_terms If you use other clients you have to specify the a
36. all previous assignments to this End User within the last 12 months excluding the ones approved by the RIPE NCC sends request to RIPE NCC RIPE NCC evaluates and approves For more details LIR chooses addresses see Fig 4 2 LIR updates own records LIR updates RIPE Database creates inetnum object Fig 7 2 The Assignment Process to End Users Assignment above LIR s AW 80 7 6 An Example of Using the LIR s AW When Making Assignments to an End User Let us suppose the LIR nl animals received an AW of 21 from the RIPE NCC This LIR has 3 End Users Redfox Ltd Greenfish Ltd and Pinkcat Ltd The End User Redfox wants an assignment of 21 on the 27 of April of 2003 Fig 7 3 Redfox has not received any assignments in the last 12 months nl animals may assign a 21 address space from its allocation to Redfox without asking for the RIPE NCC s approval Until the 27 of April 2004 nl animals would have to ask approval for every additional assignment to Redfox On the 27 of April 2004 the 12 month period since the first assignment is over so nl animals can again assign the size of its full AW to Redfox Therefore it can make a 22 assignment to Redfox on the 22 of August 2004 without having to fill out a request form asking for approval from the RIPE NCC In Fig 7 3 the timelines are horizontal The number of IP addresses that can be assigned directly at any time without needing approval fr
37. an object in the RIPE Database using the Whois client you must use lookup keys of the object as search terms 24 A list of the lookup keys is given below OBJECT KEYS aut num AS number e g AS3333 route route range e g 86 54 16 as set as set name e g AS EBONE route set route set name e g RS HEPNET domain domain name e g over ripe net inetnum range of IP addresses e g 193 0 0 0 193 0 0 255 network name e g RIPE NCC inet6 num range of IPv6 addresses or network name person a person s name or NIC handle e mail address abuse mailbox poem name of poem mntner name of mntner object e g AMRM1 RIPE MNT abuse mailbox organistion organization org name email abuse mailbox route internet route e g 193 0 0 0 24 role the name the NIC handle the e mail address or abuse mailbox inet rtr Fully qualified domain name without trailing filter set Filter set name peering set Peering set name key cert key cert irt irt e mail abuse mailbox organisation organisation ID org name e mail In Appendix 6 there is a list of database object templates with the lookup keys marked for each object NOTE When doing a query the Whois client or the Whois web interface will only check the lookup keys of all the objects in the Database Therefore the following queries would give you the inetnum object used in section 2 2 Database Objects since the inetnum attribute and the netname
38. as the value of the delete attribute see the example above The RIPE NCC keeps logs of deletions and inquiries can be made if necessary NOTE Once the object s to be updated are retrieved they should be copied into an editor making the necessary changes and then sent in an e mail to auto dbm ripe net 110 Changing the authorisation of a maintainer object means changing sensitive user data In those cases losing forgetting the password or PGP key the manual intervention of the RIPE NCC is necessary A written hardcopy confirmation from the maintainer s admin c is reguired which serves as a form of authentication and authorisation for the change So before we can change your maintainer for you please send us a fax on company headed paper with the content generated by using the web interface at http www ripe netcgi bin fax cgi If you have any more questions please contact lt ripe dbm Oripe net gt 10 7 Replacing Assignment inetnum Objects i Splitting an approved assignment in the Database Create two or more new objects eg 400 IPs 3 25 28 i Merging two assignments inetnum and or route objects Eg 25 24 x y z 0 x y Z 1 128 Create new object using the more recent date of the two in the changed line NB Objects with the attribute remark INFRA AW may not be merged In both cases do steps ii and iii ii Keep the same netname or inform the RIPE NCC of the change quoting the o
39. assignment from the LIR s allocated space needs to be approved by the RIPE NCC See Section 7 Assignment Window For more details see the Section 4 Assigning PA Address Space Please note that as a result of implementing the RIPE Policy Proposal 2009 03 also known as the Run out Fairly Proposal the Allocation Periods Planning Periods will get successively shorter over the course of 2010 and 2011 Allocation Period 1 Jan 2010 12 months 1 Jul 2010 9 months 1 Jan 2011 6 months 1 Jul 2011 3 months References NEw MEMBERS DOCUMENTATION http www ripe net membership index html IPv4 ADDRESS ALLOCATION AND ASSIGNMENT POLICIES IN THE RIPE NCC SERVICE REGION http www ripe net ripe docs ipv4 policies html IPv4 FIRST ALLOCATION REQUEST FORM http www ripe net ripe docs first allocation html SUPPORTING NOTES FOR THE IPv4 FIRST ALLOCATION REQUEST FORM http www ripe net ripe docs first allocation support html PROVIDER AGGREGATABLE PA ASSIGNMENT REQUEST FORM http www ripe net ripe docs iprequestform html SUPPORTING NOTES FOR THE PROVIDER AGGREGATABLE PA ASSIGNMENT REQUEST FORM http www ripe net ripe docs iprequestsupport html RUN OUT FAIRLY PROPOSAL 2009 03 http ripe netripe policies proposals 2009 03 html 45 46 4 REQUESTING PA ADDRESS SPACE Even H the LIR has an allocation from the RIPE NCC it cannot directly use those IP addresses The addresses to be us
40. every 4 bits You cannot use shorthand notation for consecutive IPv6 domains 11 7 Problems with the Setup 120 A RIPE Database error report is sent in case of errors In this situation the following sites should be consulted before contacting the RIPE NCC http www ripe net reverse If the problem persists the full error report should be sent to the following mailbox human mailbox ripe dbm ripe net 11 8 11 9 Reverse Delegation of a 16 Allocation Reguirements and procedures are the same as for a 24 Sub delegations within a 16 delegation After reverse delegation of a 16 allocation the LIR should continue to check sub zone set up before further delegation and can use the Delegation Checker http www ripe net cgi bin nph dc cgi In this case it will check if the reverse sub delegation is set up correctly you will receive a reply with a diagnostics message but no NS entries will be made into the RIPE NCC parent zone file for the 8 block No domain objects will be created in the RIPE Database Changing Deleting a Delegation To change a delegation e g if you moved the zone files to different servers just retrieve the domain object s from the RIPE Database Update the domain object in the RIPE Database and the reverse delegation will be automatically updated after the name server checks have been performed See Appendix D for authentication requirements for updating modifying a reverse delegation Del
41. for the route object Contact details about persons responsible for a given network can be found in aut num object referenced in origin attribute It is the responsibility of the LIR to create route objects for the address space originating from their AS Please note that there are multiple authorisation checks required when creating a route object See the flowcharts in Appendix A and B for more details See also RPS Security for more details 14 7 RPSL The RIPE Routing Registry is a subset of the RIPE database and was built on a syntax that is described in the Representation of IP Routing Policies in a Routing Registry ripe 181 ripe 181 syntax is replaced by the Routing Policy Specification Language RPSL Additional changes in the Routing Registry due to the RIPE Database Migration to RPSL Set objects 138 To specify policies it is often useful to define sets of objects For this purpose we define as set route set rtr set filter set and peering set objects These objects define a named set The members of these sets can be specified either directly by listing them in the sets definition or indirectly by having member objects refer to the sets names or a combination of both methods The as set replaces the object called as macro and the route set the object called community in RIPE 181 A set s name is an rpsl word with the following restrictions All as set names start with prefix as All
42. from which the assignment is made inetnum 80 35 64 0 80 35 95 255 netname NL BLUELIGHT 20010723 descr BLUELIGHT INTERNET country NL LIR S org g ORG PIE RIPE ALLOCATION admin c ABC75 RIPE already in the tech c XYZ13 RIPE Database status ALLOCATED PA In order to create the mnt by RIPE NCC HM M assignment inetnum mnt lower BLUELIGHT MNT i object above the mnt routes BLUELIGHT MNT authentication check of this mnt domains BLUELIGHT MNT maintainer must also be changed jan bluelight nl passed source RIPE See Section 10 3 Hierarchical Authorisation and 10 4 1 The Difference Between the mnt lower and mnt by Attributes Usually the same mniner is referenced in the mnt by of the assignment and the mnt lower of the allocation therefore usually you only have to pass one authentication If creating the inetnum object via e mail include the following attribute at the bottom of the object password cleartext password If the mntner has a PGP authentication then sign only the object not the whole e mail with the corresponding private PGP key See Section 10 2 Protecting Database Objects If you are creating the inetnum object via Webupdates then type in the clear text password in the Authorisation menu You cannot use PGP signatures when using Webupdates Since you can only type one password in the Authorisation menu you cannot use it if
43. interface you can type in the following term France Telecom Wanadoo Interactive Cable And you will get the inetnum object that you have already seen in Section 2 2 Email addresses in objects hidden in whois query results Email addresses are not shown in the results of a whois query For each of the following object types the following attributes contain e mail addresses inetnum notify changed linet6num notify changed route notify changed route6 notify changed organisation e mail notify changed person e mail notify changed role e mail notify changed For each address range returned if there is at least one abuse mailbox attribute in any of the returned objects the attributes mentioned above will be removed from the output If there is no abuse mailbox attribute only notify and changed attributes will be filtered out If an attribute of an object is changed a comment will be added to avoid confusion Users can turn off this suppression in the following way To show the entire object including attributes with email use the B flag when querying the RIPE Database 27 2 4 Creating Objects in the RIPE Database There are four methods to create or modify objects in the RIPE Database using the Startup Tool http apps db ripe net startup OR using the Webupdates interface http www ripe net webupdates OR using the email interface auto dbm r
44. is recommended to use role objects for your technical contacts The status attribute for the assigned address space should have the value ASSIGNED PA The same netname should be used as approved by RIPE NCC IP Resource Analysts evaluating the PROVIDER AGGREGATABLE PA ASSIGNMENT REQUEST FORM The date used in the change attribute does not have to be the same as in the approval message from RIPE NCC but rather the current date i e the date when you create the inetnum object If you have to submit an assignment for approval to the RIPE NCC you may not create an inetnum object for the assignment until you receive the Approval Message inetnum objects with dates prior to their Approval Message date are invalid It is actually recommended to leave out the date completely because the Database software will add the current date LIRs should pay attention to the RPSL format of inetnum objects in the Database e inetnum value can be in dash notation X X X X y y y y e inetnum value can also be in prefix notation e g X x x x 23 e Protection is mandatory include mnt by attribute e Recommended include mnt lower and mnt routes e Line continuation blank space or sign Attribute order is preserved e Support for end of line comments No empty attributes allowed e No empty lines allowed would indicate a new object No empty spaces to the left of attributes are allowed e Submission to the DB suppor
45. members of the ASO The ASO s task is to make IP address policy recommendations to ICANN IP Address policies are developed using a bottom up structure and the existing open processes that exist in the RIRs In the RIPE NCC service region this is done in the Address Policy Working Group of RIPE 18 1 3 The Policy Development Process in the RIPE Region Principles Everyone is welcome and encouraged to take part in the workings of RIPE by attending RIPE meetings and participating on RIPE Working Groups mailing lists Mailing lists are publicly archived The minutes of Working Group sessions at RIPE meetings are publicly archived All policies are formally documented and publicly available For more information about the Policy Development Process see http ripe net ripe docs pdp html Why do we need policies Internet numbers IPv4 and IPv6 addresses AS numbers etc are a limited resource To ensure their fair distribution suitable policies are needed Policies are also meant to keep the growth of the global routing table within limits and establish how contact information for troubleshooting is made publicly available RIPE Database What is the policy development process like Open Anyone can participate AIl happens in a public forum no membership or fees reguired Clear Formally documented long established process All discussions and results publicly archived Concensused based decision making Decisions are made wit
46. net info ncc RIPE http www ripe net ripe APNIC http Avww apnic net AfriNIC http Avww afrinic net ARIN http Avww arin net LACNIC http Avww lacnic net ICANN http Avww icann org IANA http Avww iana org ASO http Avww aso icann org RIPE NCC Activity PLAN 2011 http www ripe net ripe docs ap html RIPE NCC BILLING PROCEDURE AND FEE SCHEDULE 2011 http www ripe net membership billing orocedure html RIPE NCC CHARGING SCHEME 2011 http www ripe net ripe docs charging html RIPE NCC BUDGET 2011 http www ripe net ripe docs budget html RIPE NCC ANNUAL REPORTS http wwwripe netinfo ncc ar html POLICY DEVELOPMENT PROCESS IN RIPE https www ripe net ripe docs pdp html 22 2 RIPE DATABASE BASICS 2 1 RIPE Database Introduction The RIPE Database is a public database containing information about IP address space AS numbers routing policies and reverse DNS delegations in the RIPE region The Ripe Database also contains contact information for all these resources This information makes the Database an important tool for Internet network management NOTE The data is registered into the RIPE Database by the LIRs within the RIPE region The RIPE NCC supports the operation of the Database but is not responsible for its contents The information in the RIPE Database is available to the public for agreed Internet operation purposes under copyright restrictions The data inthe RIPE
47. or new agreements are being set the information in the Routing Registry must be updated You do not need an AS number just in order to multihome You can multihome with or without having your own AS number These are the possible ways of multihoming Having PA or PI addresses and your own AS number Having PA or PI addresses and using your upstream provider s AS number 14 3 How to Get an AS Number An LIR should request AS number either for itself or on behalf of its End User by filling out the RIPE document AS Number Request Form If the LIR is requesting the ASN for an End User it should first sing an End User Assignment Agreement with the End User See Section Section 12 1 in Section12 Direct Resources and a sample contract in the References at the end of in Section12 Direct Resources If the End User wants to request an AS number directly from the RIPE NCC without an LIR s assistance then they must first become a so called Direct Assignment User For more information See Section 12 2 in Section12 Direct Resources The AS Number Request Form form has the following fields and templates e Jegal organisation name for which the AS number is requested e address space to be announced The prefixes to be announced by this AS number e pending ticket ID of any pending request for address space e peering contacts list of their e mail addresses 135 136 e aut num object template e mnitner object template to be
48. request and the assignment gathered and archived by the LIR e Have the correct assignment policies been followed The documentation will be checked for the following The completeness of provided documentation The efficiency of IP usage 25 immediate usage and 50 halfway through the Entire Period The use of classless assignments RIPE NCC Local Records e Are contact details complete and up to date Audit Steps The initial contact from the auditor is usually done by e mail When the LIR responds the auditor explains the procedure and tries to resolve any possible issues In some cases this may result ina temporary lowering of the AW to ensure a correct application and understanding of policies and procedures In the event of non co operation by the LIR further action will be taken This may include lowering an AW adding mnt lower to the LIR s allocation and as a last resort removing reverse delegation 17 2 Billing Procedure 152 LIRs pay an annual fee which is based on their size The billing category is assigned on an annual basis To determine your fee please refer to the webpage RIPE NCC CHARGING SCHEME 2011 Extra Small 1300 EUR Small 1800 EUR Medium 2550 EUR Large 4100 EUR Extra Large 5500 EUR There is a one time start up fee of 2000 EUR for new LIRs New LIRs always start in the category Extra Small In addition there is a fixed 50 Euro charge for each Independent Resource IP
49. the routing policies registered in the Internet Routing Registry IRR and produces router configuration files e CIDRAdvisor suggests safe cidr aggregates i e those that do not violate any policy constraints that an AS can advertise to each of its neighbouring ASes e peval low level policy evaluation tool that can be used to write router configuration generators e prtraceroute prints the route with policy information that packets take to a network host e prpath list all the possible paths between the autonomous system and the specified destination e aoe C Tcl Tk program that displays the aut num object for specified autonomous system e roe C Tcl Tk program that lists the routes registered by specified autonomous system e rpsicheck prcheck syntax checks the aut num object for autonomous system registered in the Internet Routing Registry Special Projects 140 The Routing Information Service RIS is a tool to collect routing information between Autonomous Systems AS and monitor its development over time Information collected is available to the RIPE community for members to improve network operations Prototype results can be seen at http www ripe net projects ris The Routing Registry Consistency Check project RRCC aims to improve data quality in the Internet Routing Registry by comparing the Routing Registry information with the RIS project results and prompting LIRs to improve data quality
50. you need to pass two mniners In that case click the Switch View button in the Add menu and simply add two lines at the bottom of the object password cleartext password password other cleartext password 67 NOTE Difference between admin c tech c and LIR contact persons The admin c and tech c are contact persons of a specific network in whose inetnum object they are referenced in the RIPE Database Their identity is public The LIR contact person is a registered contact person for an LIR Only these people can reguest resources from the RIPE NCC on behalf of their LIR They are registered in the reg file of their LIR kept by the RIPE NCC Their identity is confidential known only to the RIPE NCC and the LIR in guestion LIR contact persons can be modified via the LIR Portal 6 2 How to Manage the LIR s Allocated Address Space The LIR should aggregate within its allocation in order to reduce the number of internal routes This means that assignments to the same End User should be contiguous next to each other Also take into account geographical locations of End Users when choosing the address ranges for their assignments To achieve all this sensible internal reservations should be made within the allocation Keep some free space for some End Users to grow thus avoiding fragmentation of the allocation Do not make too large internal reservations and probably not for all of the End Users since they mig
51. 2 months that Want a 2 d gt gt _ sends request to RIPE NCC haven t been Ee opinion _ OO n approved by the ks RIPE NCC no RIPE NCC evaluates and approves LIR chooses addresses LIR updates own records LIR registers inetnum object in RIPE Database Fig 4 1 The Assignment Process Notes If your LIR s AW 0 then the right branch of this flow diagram describes the steps to get an assignment approved If your AW is larger than zero then please also read Section 7 Assignment Window before requesting any assignments If you need an assignment for your LIR s own infrastructure read the sub section 7 7 AW for LIR s Own Infrastructure 48 See previous steps in nrevious diaaram yes reguest gt AW PA Assignment Reguest Form Always include Reg ID ticket number once one Evaluation see following steps in o previous diagram Fig 4 2 The Assignment Process Communication between the LIR and the RIPE NCC Detail from the Previous Diagram Request approval for an assignment either by filling out the Request Form sl and sending it to hostmaster ripe net or filling out the Request Form online in the LIR Portal or use the PA Assignment Wizard 3 in the LIR Portal T See Section 4 3 2 See Section 4 2 See Section 9 5 49 4 2 Communication with IP Resource Analysts Registration Services Department IP Resource Analysts at the RIPE N
52. 3 is less than nl animals AW Therefore nl animals can assign the 23 address space to Pinkcat without having to ask for approval from the RIPE NCC Note that assignments that have been requested from the RIPE NCC represented by dark grey boxes eg 21 on 4 July 2003 for Pinkcat are not counted when adding up all assignments made for a certain End User within the LIR s AW Fig 7 4 illustrates the example on this page how the LIR makes the decision whether or not to send in a request to the RIPE NCC when an End User asks for an assignment LIR nl animals AW 21 for End User Greenfish LIR sends 22 PA Next 12 months AW 21 SC a Assignment Request Start from full Se Form to RIPE NCC AW again 22 Assignment 22 22 22 gt AW to Greenfish I approval from the Geer RIPE NCC needed needed 122 22 Assignment Assignment to Greenfish to Greenfish 19 April 6 May 8 June 19 April 6 May 2003 2003 2003 2004 2004 cf E een 12 months for End User SS Pinkcat LIR sends a PA d Assignment Reguest Form to RIPE NCC This reguested 21 122 lt AW assignment does not no approval needed count in the AW AW 21 9 122 23 lt AW no approval needed 22 22 21 gt AW Assignment approval from the to Pinkcat RIPE NCC needed 23 Assignment to Pinkcat 122 21 Assignment D r to Pinkcat 19 April 11 June 4 July 12 May 2003 2003 2003 ay Fig 7 4 Using the AW for End User
53. 3 mMNT changed training ripe net 20101014 source RIPE maintainer name JQ52143 MNT mntner 3052143 MNT descr Maintainer for John Qwerty J0143 RIPE admin c JQ143 RIPE upd to training ripe net auth MD5 PW 15wP WVJG2 Mz22SJucLgbgyI7dbfc33g0 mnt by JQ52143 MNT referral by J052143 MNT notify training ripe net changed training ripe net 20101014 remarks Accepted the RIPE Database Terms and Conditions source RIPE Click here if you need to create another startup user Fig 2 2 Notification Successfully created a person and a mntner object with the Startup Tool 31 If you guery the RIPE Database you can check the objects you have just created person address address address phone e mail source mnt by referral by remarks source For more information on mntners authentication and protecting objects see section 2 4 3 32 John Owerty 258 Singel 1016 AB Amsterdam 31205354444 training ripe net JQ141 RIPE JO MNT RIPE Filtered JO MNT Maintainer for John Qwerty JQ141 RIPE JQ141 RIPE MD5 PW 1 t62YYm 2 PjFPY2s8rSbr10kEpARmx1 JO MNT JO MNT Accepted the RIPE Database Terms and Conditions RIPE Filtered The mniner in the mnt by field of the person object protects that person object Encrypted version of the password you typed in the Startup Tool S 2 4 2 Creating person objects using Webupdates
54. 5 of the total address space requested is used immediately within few weeks 2 50 of the total space is used up halfway through the Entire Period Please note that as a result of implementing the RIPE Policy Proposal 2009 03 also known as the Run out Fairly Proposal the Assignment Periods Planning Periods will get successively shorter over the course of 2010 and 2011 Immediate req Intermediate req Entire Period 1 Jan 2010 immediate 6 months 12 months 1 Jul 2010 immediate 6 months 9 months 1 Jan 2011 immediate 3 months 6 months 1 Jul 2011 immediate 2 months 3 months 59 If efficient use is not shown additional information with a concrete usage forecast may be reguested It is recommended to assign only the addresses for which utilisation can be shown and to reguest additional address space at a later date The Hostmaster Robot will also check if all the columns have been filled out in CIDR notation if all subnets use classless notation Any other notation will be rejected Motivation for No Reservations Policy Internal Routing and Reservation LIRs can manage the address space allocated to them autonomously However it is recommended that LIRs do not reserve too much address space for each End User Why If an End User comes back and for example requests more or less space than the amount reserved the LIR will have gaps in its allocation Swiss cheese syndrome This wil
55. ATABASE UPDATE http www ripe net news asn db update html 141 142 15 ADDITIONAL ALLOCATION The first allocation is made automatically by the RIPE NCC with the approved first reguest for address space the LIR submits This section explains the procedure for reguesting an additional allocation made when the addresses previously allocated are used up and the reguirements for receiving a new block of addresses Reguesting a New Allocation An LIR can reguest a new allocation once approximately 80 of all the address space currently allocated to itis used in valid assignments or subalocations e assigments inetnum objects with status ASSIGNED PA e sub allocations inetnum objects with status SUB ALLOCATED PA Make the request online via the LIR Portal Alternatively you can complete IPv4 ADDITIONAL ALLOCATION REQUEST FORM for this purpose e The request form should be sent to hostmasterOripe net Use the public asused program to ckeck the utilisation rate of your allocation http www ripe net cgi bin webasused pl cgi This is the web version of the public asused program It can be used to run a check on your LIR s allocations in the RIPE database The output lists information including the following e allocations currently held e total number of addresses in allocation e total assigned addresses in allocation e total assigned for infrastructure in allocation e tot
56. CC deal with all reguests for address space among other issues To facilitate efficient communication with LIRs several procedures have been devised how to distinguish between LIRs how to ensure confidentiality how to track and prioritise requests etc These procedures are explained in detail in this section For sending requests the main point of contact with Registration Services is e the LIR Portal e orthe mailbox hostmaster ripe net The LIR Portal allows secure access to confidential information about your LIR The LIR Portal is the LIR s communication interface with the RIPE NCC https Airportal ripe net For more information see Section 9 LIR Portal For questions other than requests there is a special mail box reserved lir help ripe net The Ticketing System 50 The RIPE NCC uses a ticketing system that facilitates retrieval and archiving of incoming and outgoing messages The ticketing system assigns a unique ticket number to each request as it is first received in either of these two mail boxes hostmaster ripe net and lir help ripe net An acknowledgement containing this ticket number is automatically sent to the requester This ticket number is quoted by the RIPE NCC in the subject line of each message referring to the request and must be referenced by the LIR in all subsequent messages related to this request The ticket number remains valid until the request has been completed Every new request gets a n
57. CEDURES https www ripe net ripe docs asn assignment html For the TEXTUAL REPRESANTATION OF AS NUMBERS see http www ietf org rfc ric5396 txt Details of how to request a 32 bit ASN are in the RIPE Document SUPPORTING NOTES FOR THE AUTONOMOUS SYSTEM NUMBER REQUEST FORM http www ripe net ripe docs asnsupport htmi ASN32 objects will appear in the RIPE Database from 1 January 2007 The introduction of 32 bit ASNs may have an effect on tools that guery the RIPE Database or those based on RPSL A test server is available There is more information at http www ripe net news asn test server html Sites using the RIPE Database software will probably have to upgrade their systems see http www ripe net news asn db update html For more information please contact us at lt asn32 ripe net gt Answers to frequently asked questions will appear in the RIPE NCC FAQ at http www ripe net info fag Internet Routing Registry IRR The Internet Routing Registry IRR is a globally distributed routing information database The IRR was established in 1995 Its purpose is to ensure stability and consistency of the Internet wide routing by sharing information between network operators The IRR consists of several databases in which network operators can publish their routing policies and their routing 137 announcements such that other network operators can make use ofthe data In addition to making In
58. Database object Maintainer mntner Object Every time a Database object with a mnt by attribute is created updated or deleted the mntner object referenced in that attribute is consulted to determine whether or not the authentication password PGP signature etc supplied with the update request is correct More specifically the auth attribute of the mntner object is consulted to check if the authentication supplied with the update matches the authentication in the auth attribute Only if the correct authentication is supplied will the object be updated inetnum 80 8 5 0 80 8 5 255 i Anae BIGNET If you want to update this descr Example Network F object you must supply the country IE authentication of admin c VB1 RIPE BLUELIGHT MNT with the tech c JY3 RIPE updated object status De mnt by BLUELIGHT MNT ER EE changed danr example ie 20010828 Le include this line in the source RIPE e mail password cleartext pw mntner BLUELIGHT MNT descr Example Network K admin c AF1 RIPE tech c XY3 RIPE auth MD5 PW 1 VbXQqwhTLWGFd encrypted password update to zis mnt notify referral by ris mnt by BLUELIGHT MNT changed ericm fantasy ie 20010315 source RIPE Fig 10 1 An inetnum object protected by a mntner object 101 If you update an object via the e mail interface the authentication has to be included in the e mail message If you use Webupdates for making updates the authentication has to be enter
59. For more information on how to become a Direct Assignment User see Section 12 Direct Resources In both cases they have to first sign a so called End User Assignment Agreement e either with the LIR or with the RIPE NCC See Section 12 Direct Resources Sample contracts can be found in the References at the end of Section 12 IPv6 PI Assignments To qualify for IPv6 PI address space an organisation must a demonstrate that it will be multihomed b meet the requirements of the policies described in the RIPE NCC document entitled Contractual Requirements for Provider Independent Resources Holders in the RIPE NCC Service Region The RIPE NCC will assign the prefix directly to the End User organisations upon a request properly submitted to the RIPE NCC either directly or through a sponsoring LIR The minimum size of the assignment is a 48 Organisations requesting a larger assignment shorter prefix must provide documentation justifying the need for additional subnets Additional assignments may also be made when the need is demonstrated and documented based on address usage or because different routing requirements exist for additional assignments When possible these further assignments will be made from an adjacent address block Assignments will be made from a separate designated block to facilitate filtering practices The PI assignment cannot be further assigned to other organisations References 149
60. IN PRACTICE ftp ftp ripe net rfc rfc2650 txt RFC 2725 ROUTING POLICY SYSTEM SECURITY ftp ftp ripe net rfc rfc2 725 txt 3 HOWTO SETUP ANLIR FIRST ALLOCATION Overview In this section we explain all the steps in the process of becoming a Local Internet Registry LIR and procedure for receiving your first allocation from the RIPE NCC and having your first address space assignment approved Only RIPE NCC members LIRs can receive Internet resources directly from the RIPE NCC 3 1 Howto Setup an LIR Have a look on our website for a detailed description of how to become an LIR htto www ripe net membership These are the 5 steps to follow in order to become an LIR 1 Fill out the Application Form online 2 RIPE NCC will send you a contract via DHL 3 Sign the contracts and send back to the RIPE NCC with the DHL airway bill provided Make sure to also include a copy of your company registration papers 4 Transfer the money for the start up fee 5 Once we have received the contracts registration papers and start up fee you will receive your log in details for the LIR Portal and you can start making requests for address space and other resources More details about billing will are provided in Section 17 2 Billing Procedure All billing queries should be sent by e mail using the following address billing Oripe net Registry Identification Reg ID Once you are registered as a new LIR you will receive
61. IR may sub allocate up to a 20 to each of their customers in every 12 months No approval is needed from RIPE NCC for making these sub allocations The minimum size of a sub allocation is 24 The maximum size of a sub allocation is 20 The LIR must register every sub allocation it makes in the RIPE Database The inetnum object created for a sub allocation must have the status attribute filled out as status SUB ALLOCATED PA LIRS have final responsibility for their sub allocations therefore they should only make sub allocations to organisations they trust The LIR does not have to reguest sub allocations from the RIPE NCC but it can only make sub allocations if it fulfils the reguirements as explained above The LIR is advised to add the Resellers mntner in the mnt lower attribute of the sub allocation in the RIPE Database This will enable the Reseller to register assignments to End Users in the Database Sub allocations are considered as address space in use by the RIPE NCC This is especially relevant when the LIR reguests an additional allocation See Section 15 Additional Allocation 89 8 2 Making Assignments from Sub allocations From their sub allocation s the Resellers may make assignments to End Users or to their own infrastructure Each assignment must be registered in the RIPE Database with status ASSIGNED PA The AW rules also apply within sub allocations e The Reseller can make
62. IRs should not be able to use reverse delegation as an excuse for assigning addresses in a classful manner The classic method for Classful reverse DNS is documented in RFC 2317 Unfortunately it has a small error in it It specified the inclusion of an invalid DNS character in a zone file This can in fact cause problems with the default installations of many name servers particularly BIND the Internet s most common name server software On the next page there is the example configuration given in the RFC SORIGIN 2 0 192 in addr arpa IN SOA my ns my domain hostmaster my domain lt lt 0 127 25 0 25 NS ns A domain 0 25 NS some other name server 1 CNAME 1 0 25 2 0 192 in addr arpa 2 CNAME 2 0 25 2 0 192 in addr arpa 3 CNAME 3 0 25 2 0 192 in addr arpa This should be changed to SORIGIN 2 0 192 in addr arpa IN SOA my ns my domain hostmaster my domain lt lt 0 127 25 0 127 NS ns A domain 0 127 NS some other name server 1 CNAME 1 0 127 2 0 192 in addr arpa 2 CNAME 2 0 127 2 0 192 in addr arpa 3 CNAME 3 0 127 2 0 192 in addr arpa In the example above the delegated domain is defined as firstaddress lastaddress rather than using the CIDR notation slash It is not necessary to use CIDR at all in this method If you want to you could delegate hosts 13 98 or any other range with this method This means that you will never have to assign a customer a single IP address more
63. NFORMATION template in the reguest form completely and accurately otherwise the reguest cannot be approved See below how to fill out the INITIAL INFORMATION template The text from the form itself is in bold font the explanatory notes are in normal font INITIAL INFORMATION f Please read the following information and answer the guestions 1 Why is PI space reguired rather that PA space why pi In order for the RIPE NCC to approve an assignment of PI address space you must explain why PI space is needed and why PA does not fulfill the needs of the user Please check that you are not reguesting extra address space for routing or administrative reasons routing reasons In view of the goal of conservation of address space it is not acceptable to reguest a larger number of IPs than is actually needed such as to facilitate routing or network administration Please confirm whether you have made the End User aware of the warning given in the RIPE document Provider Independent vs Provider Aggregatable Address Space section 3 Detailed Recommendations confirmation This explains that the End User should understand that PI space may be more difficult or expensive to have routed than PA space This is described in the passage below from the Provider Independent vs Provider Aggregatable Address Space document LIRs will give those End User requesting PI space this or similar warning Assignment of this addr
64. OCATED BY RIR mnt by RIPE NCC HM MNT mnt lower XS4ALL MNT mnt domains XS4ALL MNT changed hostmaster ripe net 20020807 source RIPE 16 4 IPv6 Subsequent Allocations The criteria for subsequent allocations are e Past address utilisation above threshold as defined by a HD ratio of 0 8 e Utilisation based on the number of assigned 48s For a definition of the HD ratio see the RIPE document Pv6 ALLOCATION AND ASSIGNMENT POLICY 148 16 5 16 4 order to reach an HD ratio of 0 8 for a 32 allocation you have to make at least 7132 assignments each of the size of a 48 10 9 usage Additional allocation will be a 32 and contiguous whenever possible After the approval of the request the RIPE NCC IP Resource Analyst will create an inet6num object for each subseguent allocation in the RIPE Database IPv6 Assignments for IXPs Note that there are separate reguest forms for IPv6 assignments to Internet Exchange Points Please refer to the RIPE documents IPv6 ADDRESS SPACE POLICY FOR INTERNET EXCHANGE POINTS and IPV6 INTERNET EXCHANGE POINTS ASSIGNMENT REQUEST FORM To make an IPv6 assignment request for an IXP e make the request online via the LIR Portal e or send the completed IXP request form to hostmasterOripe net If an End User wants to request an IPv6 Assignment for an IXP they can do it in two ways e Request it from an LIR e Become a Direct Assignment User and request it directly from the RIPE NCC
65. PE document Closure of LIR and Deregistration of Internet Number Resources htto www ripe netripe docs ripe 517 discusses the procedures for closing down an LIR and reclaiming their resources The document also discusses how certain Internet resources IP addresses ASNs etc can be reclaimed from an LIR without closing the LIR down References IPv4 Additional Allocation Reguest Form http www ripe net ripe docs add allocation html Supporting Notes for the IPv4 Additional Allocation Request Form http www ripe net ripe docs add allocation support html IPv4 Address Allocation and Asssignment Policies in the RIPE NCC Service Region Section 5 3 Policies and Guidelines for Allocations http www ripe net ripe docs ipv4 policies html 145 146 16 16 1 16 2 INTRODUCTION TO IPv6 Overview The new version of IP addresses is IPv6 with 128 bits This section describes the format of IPv6 addresses and the allocation policies More information about IPv6 addresses can be found on the RIPE NCC website at http www ripe net ipv6 The RIPE IPv6 Working Group also provides useful information A mailing list is available for participation in IPv6 discussions and the progress of specification and implementation The IPv6 Working Group web pages can be found on the RIPE NCC website at http www ripe net ripe wa ipv6 The current address format of IPv6 is 3 61 bits 64 bits 132 148 164 1128 Fig
66. R Portal About RIPE Contact RIPE NCC All rights reserved Remember your nic hdl here SF4670 RIPE as you need to use it every time you refer to your person object And if my mntner has PGP authentication If the mntner has a PGP authentication then instead of adding the password field should click on the Switch View button to display the entire object in one field You get a screen like this M CIR Portal About RIPE NCC Contact Search Sitemap Updating the RIPE Database home gt RIPE Database gt Webupcates RIPE Database A H ee Help Add Edit Authorisation Select Source Query Database Copyrighti Updating RIPE Database About the RIPE Database Susan Fowler Webupdates jaddress Singel 258 Amsterdam phone 31205354444 Support Information tee e DB Software and Tools changed susfowlertbluelight nl1 source RIPE DB Statistics DBRelated projects DB Copyright Routing Registry News Archive ME 7 f RIPE Submit Update Switch View NCC We continue to monitor this service and investigate any issues that occur E Learning Centre If you encounter any problems while using webupdates please let us know For details about our e mail update interface send an e mail to lt auto dbm ripe net gt with HELP in the subject line and nothing else About RIPE NCC Site Map LIR Portal About RIPE Contact RIPE NCC All rights reserved Now you can sign the pe
67. RIPE NCC offers the Routing Registry Training Course and the DNS for LIRs Training Course Registration In order to register for either of these two Training Courses one must be an employee of an LIR and either be an LIR contact be confirmed by an LIR contact LIR contacts are those employees of an LIR who are registered with RIPE NCC as authoritative contact persons It is expected that most of those interested in these advanced training courses will not be authorative contact persons for their LIR and will therefore be refused by the course registration robot In order to be admitted to the course a confirmation e mail needs to be sent in reply signed by one of the authorative contact persons to training ripe net Please approach the LIR contacts in your organisation personally since the identity of LIR contacts is confidential and the RIPE NCC is unable to divulge contact persons for any given LIR Please note that we accept no more than two people per LIR for any training course at any given time If more then two persons from the same LIR apply they will be placed on the waiting list and only admitted to the course in the case of possible free places More details on the training course policies are available in the RIPE NCC Local IR Training Policies document See a list of forthcoming courses at htto Avww ripe net cgi bin courselist cgi Online registration http Avww ripe net cgi bin trainingform cgi
68. Rs have set up password protected web sites only accessible from our network 193 0 0 0 193 0 1 255 through which we can access the IP statistics It should be noted that bandwidth statistics do not show the IP usage although they can be used as an additional indication of the growth of the service Without additional statistics showing IP address usage or amount of customers that use the service however bandwidth statistics do not qualify as verification The verification should show the following the IP capacity for each area the IP usage for each area minimum average maximum on a daily weekly monthly basis All acronyms and text should be in English or be accompanied by an English translation Renumbering A request for an exchange of addresses renumbering can be submitted when an End User changes provider or for a change from PI to PA addresses As a result of renumbering addresses will be returned either to the PA block of the former provider or the RIPE NCC address pool Just like with any other request a renumbering request has to be submitted for approval only if the new request is above the new LIR s AW A renumbering request is made by completing the PROVIDER AGGREGATABLE PA ASSIGNMENT REQUEST FORM e The 4 ADDRESSING PLAN template should contain information explaining how the new requested addresses will be used i e the same purpose as previously If the user will be returning ad
69. SIGNMENT POLICIES IN THE RIPE NCC SERVICE REGION htto www ripe netripe docs ipv4 policies html 133 134 14 AUTONOMOUS SYSTEM NUMBERS AND THE ROUTING REGISTRY 14 1 14 2 Overview In this section we will discuss how to reguest an AS number how to create route objects and how to use the Routing Registry How to use the relevant tools will also be discussed here You can find more information on this subject in the RIPE NCC s Routing Registry Training Course http www ripe net training rr Definitions Policy Based Routing Policy based routing comes into the picture when a provider wants to specify routing preferences Routing policies depend on agreements between peers and are normally based on political economic or security related considerations Autonomous System A group of networks that operate under the same routing policy is called an Autonomous System An example is a multihomed provider s network together with its customers networks Each Autonomous System has a uniquely assigned number AS numbers are 16 or 32 bits long binary numbers They are allocated by IANA to the Regional Registries who in turn assign them to the LIRs and End Users The AS number together with the routing policy of the Autonomous System is registered in the Routing Registry The AS administrators are responsible for keeping the information up to date Whenever there is a change of policy such as peering agreements coming to an end and
70. Section 7 Assignment Window 43 Having an allocation does not automatically mean that those addresses can be used immediately You need to make assignments from your allocation first Depending on the size of your AW these assignments may have to be reguested from the RIPE NCC 3 3 First Allocation Request and First Assignment Request s 44 The LIR will receive the first allocation and the first assignment approval at the same time The steps to receive the first allocation and first assignments are 1 Complete the PROVIDER AGGREGATABLE PA ASSIGNMENT REQUEST FORM Tor the first assignment 2 Send to hostmaster ripe net or submit request s online via the LIR Portal 3 RIPE NCC issues ticket numbers 4 Complete the IPv4 FIRST ALLOCATION REQUEST Form Include the assignment ticket number 5 Send to hostmaster ripe net or submit the request online via the LIR Portal 6 RIPE NCC will evaluate and approve the first allocation and the assignment requests 7 The minimum allocation size is 21 The LIR will receive the first allocation and the first assignment approval at the same time The RIPE NCC IP Resource Analysts enter the allocation inetnum object into the RIPE database for the LIR The whole allocation can be announced immediately The LIR can create a route object for the whole allocation Since the LIR at this point does not yet have an AW see Section 7 Assignment Window every
71. Space Exhaustion nneonnnnnnnannnnannaanenannnnanannnnaannnnanaaannannnnnnnnna 12 is AIP E AND THE AIR BING G kasu k eall 13 1 1 Introd ction to RIPE ege eene NEE Ee 13 1 2 Introduction to the RIPE NEESS 15 1 3 The Policy Development Process in the RIPE Region eennnnnnnnnnnna 19 1 4 The Policy Implementation Process nnnnnannnnnnnnnnnnnnannnnnnnnnnnnnanannnnnannnnnnnnna 21 REENEN 22 2 RIPE DATABASE BASS EE 23 2 1 RIPE Database IHtrodUGUON senistelt tiaara venima kuida a 23 2 2 RIPE Database Objects tikai EEN la t his 23 2 3 Querying the RIPE Database 5 1 51 meene a temata nekk kka n kki 24 2 3 1 RIPE Database web interface 0 eaastttnvusaasa an edinsdnasiiiunnedaek ke nina nkitue a g s EKuCeeg 24 2 3 2 WHOIS WED interface is ina etem v ind kankaani kudeala kka Aak 26 2 3 3 Glimpse seare henni Re itaalia aa iu lead lad Maamaa 27 2 3 4 Email addresses in objects hidden in whois query results aannnnnnnnna 27 2 4 Creating Objects in the RIPE Database nnnnnnnnnnnnnnnnanannannnnanaannnannnnnnnena 28 2 4 1 Creating person objects using the Startup Tool nnnunnnnnnunnnannnnnnnnnnana 28 2 4 2 Creating person objects using Webupdates n nennnnnnnnnnnennnnannnannnnnnnena 33 2 4 3 The mntn r ODICCE etaan cedsnhecdaeutsidesatsncenbG
72. Training Course www ripe net training lir 1 Get your first allocation if you do not See Section 3 in this book have one already See Section 3 2 for definitions of allocation and assignment See Fig 4 1 and Sections 4 5 6 in this book 2 Make PA assignment s for the IP addresses needed Your Assignment Window AW is probably 0 In this case you have to reguest approval from gt the RIPE NCC for every assignment Check for each assignment whether or not you have to request it from the You can find out the size of your AW via the RIPE NCC LIR Portal Register each assignment in the RIPE If your AW gt 0 then Database Distinguish whether the assignment is e above your AW e or below your AW for an End User customer e or for your own LIR s infrastructure Based on the above decide whether or not you have to send a PA Assignment Request Form To help you decide read Section 7 AW Optional but advisable 3 Set up Reverse Delegation for your allocation if you have not done so See Section 11 Reverse Delegation already Optional Request an AS number if you need one See Section 14 Autonomous System Numbers and the Routing Registry 5 Create a route object for your allocation Table of Contents JANUARY 2012 TABLE OF CONTENTS JANUARY 20121 7 PRERAGE EE 11 0 1 Course Background eege 11 O 2 Course al EE 11 0 3 Material Suerge 11 0 4 IPV4 Address
73. UCTURE ASSIGNMENT ABOVE LIR S AW For more details yes see Fig 4 2 sends Request to RIPE NCC RIPE NCC evaluates and approves LIR needs addresses for own infrastructure this request gt AW size of this j gt reguest only LIR chooses addresses LIR updates own records LIR updates RIPE Database creates inetnum object Fig 7 6 The Assignment Process to LIR s own Infrastructure Assignment above LIR s AW 87 References IPv4 ADDRESS ALLOCATION AND ASSIGNMENT POLICIES IN THE RIPE NCC SERVICE REGION SECTION 7 ASSIGNMENT WINDOW http www ripe net ripe docs ipv4 policies htmi aw 88 8 SUB ALLOCATIONS Overview Since the end of October 2003 LIRS are authorised to make sub allocations from their allocations to their Resellers The Resellers in turn can make assignments from these sub allocations All assignments from a sub allocation are PA Provider Aggregatable See SECTION 5 4 SUB ALLOCATIONS in the RIPE document IPv4 ADDRESS ALLOCATION AND ASSIGNMENT POLICIES IN THE RIPE NCC SERVICE REGION 8 2 Making Sub allocations Sub allocation Address space from the LIR s allocation set apart by the LIR for the future use of a Reseller and its End Users LIR gt gt gt Reseller The terms Allocation and Assignment are defined in Section 3 2 Terminology The term Assigment Window AW is defined and explained in Section 7 Terminology An L
74. a the LIR Portal e or fill out the Pv6 END USER SITE ASSIGNMENT REQUEST FORM and send it to hostmaster ripe net Before making a request please read the SUPPORTING NOTES FOR THE IPV6 END USER SITE ASSIGNMENT REQUEST FORM IN It is the responsibility of the LIR to create an inet6num objects for every assignment including assignments that did not have to be requested from RIPE NCC in the RIPE Database When an organisation holding an IPv6 address allocation makes IPv6 address assignments it must register these assignments in the RIPE database These registrations can either be made as individual assignments or by inserting a object with a status value of AGGREGATED BY LIR where the assignment size attribute contains the size of the individual assignments made to End Users When more than a 48 is assigned to an organisation it must be registered in the database as a separate object with status ASSIGNED IPv6 RIPE Database Object The RIPE database contains an inet6num object for IPv6 address allocations and assignments Below you can find an inet6num object that has been created in the RIPE database reflecting the IPv6 allocation made to an LIR by the RIPE NCC inet6num 2001 0888 32 netname NL XS4ALL 20020807 descr Provider Local Registry descr Xs4all Internet BV country NL Srg ORG PIE1 RIPE this is just an example admin c XS42 RIPE tech c XS42 RIPE status ALL
75. abase use GOODY2SHOES 1 as the netname do not add the date to the changed line The Database will add the date for you don t exceed 256 IPs in the range hitp Avww ripe net info faq rs main html 8 3 Inform the customer of the assignment 4 If you ever change the netname from GOODY2SHOES 1 to something else you must inform lt hostmaster ripe net gt Just reply to this message with details of the change Kind regards The message provides information about the e prefix size e netname date approved for your End User s network The assignment network can only be identified by the netname GOODY2SHOES 1 The RIPE NCC keeps internal records of each request with an approval line which includes the netname The Approval Message only specifies the size of the assignment date netname It does not specify the actual IP address range The LIR can choose any range from its allocation as long as the size is not larger than approved You can find a list of all approved assignments to your LIR in the LIR Portal under the menu Resources gt IPv4 5 2 Points to Consider for Your Internal Administration e Following receipt of the Approval Message from the RIPE NCC the LIR can choose the range it will assign to the End User from the LIR s allocation After receiving approval from the RIPE NCC the LIR must create an inetnum object for the assignment in the RIPE D
76. ace eguipment name Dial up Server manufacturer name Cyclades model number PR4000 other data capacity 32 lines each 2x4 8 servers EK ER eguipment name Hosting Server manufacturer name Dell model number various models other data 23 19 servers HE NETWORK DESCRIPTION ER ER If your description does not allow the Hostmaster to understand the request you may be asked additional questions Please add any additional information that you think may facilitate the evaluation of this request below ae dp EK 173 Amsterdam web hosting and dynamic dial up 22 domain hosting clients ftp mai1 200 http 1 1 websites on 1 server 4 access servers Utrecht web hosting and dynamic dial up 18 domain hosting clients ftp mail 150 http 1 1 websites on 1 server 4 access servers 1 4 x El connection 2 Office LAN workstations HE ER ER Pleas NETWORK DIAGRAM nter Yes AE ER request diagram at END of R Thank you Jan Jansen diagram in JP tached No EQUEST No router if you have attached a network EG or PostScript format to this e mail 2 printers and 1 fileserver What do the Immediate Reguirement Intermediate Reguirement Entire Period headings mean time wise See below in the table Please note that as a result of implementing the RIPE Policy Proposal 2009 03 also known as the Run out
77. air for the first time You can find the Startup Tool at http apps db ripe net startup 28 Here you see the Startup Tool filled out with data for a new person and a new mntner object pair Select Database RIPE Database New User Start up Form Source RIPE 21 This form enables a new user to create the first person and maintainer objects in the RIPE Database Person Object Person and maintainer objects that are not referenced by any operational data for 90 consecutive days will be subject to deletion by the Nic hdl automated Database clean up process It is therefore recommended not to create Person John Qwerty a Address 258 Singel these objects until you are 1016 AB ready to reference them Amsterdam A Mandatory Information Phone 31205354444 ki Email training ripe net j The nic hdl has a fixed format If you are not sure what to enter leave it blank and it will be generated for you For further details about nic hdis see RIPE Database User Manual Getting Started Maintainer Object Maintainer name Password esses p Password again eeeee H If you leave the maintainer name field blank it will be generated for you Accept Terms and Conditions E accept the RIPE Database Terms and Conditions Create Fig 2 1 The Startup Tool for creating your first person object and mntner object pair 29 phone the phone number needs to be written in accordance to
78. ake discussion review conclusion How much work do you have to do Writing the template proposal Then a draft document Posssibly rewording and rewriting Arguing and defending your idea However you can get support from the RIPE NCC to do all this Your contact person is the RIPE NCC Policy Development Officer email filiz Oripe net who can coordinate administrative support to help you word your proposal and help with editing The RIPE NCC will also remind you of upcoming deadlines They can also supply you with information and statistics The Policy Development Officer will also coordinate with the appropriate Working Group chairs The Working Group Chair will guide the discussions on the mailing list and at the meetings You will also get support from your colleagues who agree with your proposal You might also face opposition from colleagues and competitors who do not agree with your proposal Or from colleagues with a better the devil you know attitude Or perhaps no reaction at all How long does it take to change policy Default duration of the Policy Development Process is 20 weeks Some phases can be extended or repeated The actual implementation of the policy by the RIPE NCC is not part of the Policy Development Process For more details on the implementation see Section 1 4 The Policy Implementation Process below 1 4 The Policy Implementation Process The policy implementation process is as follows con
79. al unused addresses in allocation and other details of your IP usage If you submit your Reg ID the output of the asused program will be sent to the e mail contact listed in our internal registry file about your LIR You can also download the asused tool fto ttp ripe net ftools asused latest tar gz For more information on how to fill out the IPV4 ADDITIONAL ALLOCATION REQUEST FORM please refer to the RIPE document SUPPORTING NOTES FOR THE IPV4 ADDITIONAL ALLOCATION REQUEST FORM 143 Evaluating a New Allocation Reguest The RIPE NCC IP Resource Analysts will check the RIPE NCC internal records and the data stored in the RIPE Database All assignments of the previous allocation s must be valid See Section 6 6 Valid and Invalid Assignments for a definition of valid assignments Specifically the assignments must be within the LIR s AW or requested from the RIPE NCC The records in the RIPE Database must be correct and should not show overlapping assignments The RIPE NCC will conduct an audit of the LIR which asks for an additional allocation In the course of this audit the RIPE NCC will choose at random and then examine 3 assignments made by the LIR within its Assignment Window ie assignments for which no approval was needed from the RIPE NCC The RIPE NCC will examine whether these 3 assignments were made according to the RIPE Policies For the relevant policies see IPv4 ADDRESS ALLOCATION
80. allocation whois h test whois ripe net m 80 35 64 0 19 The M flag will give as an output all of the more specific objects that are contained in the specified range not only children objects but children of children and so on 99 The I flag shows one level less specific i e parent object objects and it does not return the exact match It returns the smallest IP range that is bigger than the supplied range and that fully contains it The L flag can be used to locate the LIR that has made the assignment s to the End User It shows the next objects up in the hierarchy i e all less specific matches In this case the LIR s allocation whois h whois ripe net L End User s IP range Inverse lookups 100 When you perform an inverse lookup you are looking for all objects in which a certain object or attribute is referenced whois i attribute value Inverse queries can be used to find all objects in which a certain person object is referenced as the technical contact tech c whois i tech c AB7 RIPE e g To find all objects in which a certain person object e g JA5 RIPE is referenced whois i pn JA5 RIPE e g To find all objects that are protected by a certain mntner object e g MY MNTNER 3 whois i mnt by MY MTNER 3 Inverse queries cannot be performed on every attribute of every object in the database Refer to Appendix 6 for a list of obje
81. anges to your objects You can create a mntner object just like any other object in the RIPE Database 36 e Read the relevant documents and decide on the authentication method e Obtain a template of a mntner object by typing t mntner at the RIPE DB web interface http www ripe net whois e Fill in the template and send it to auto dbm Oripe net OR e Read the relevant documents and decide on the authentication method e Create your mntner object using Webupdates See Section 10 2 Protecting Database Objects for more details 2 4 4 Creating objects using the email interface To create an object in the RIPE Database via the email interface you need to obtain an object template empty form at http www ripe net whois In the search field you have to type the flag t followed by the name of the object you wish to create In the following example we create a person object E NCC RIPE Database Search CUR Portal About RIPE NCC Contact Search Sitemap you are here home gt RIPE Database gt RIPE Database Search RIPE Database RIPE Database Info Update Database Advanced Search Simple Search FreeText Search Database Documentation Database Copyright RIPE Database Support NCC E Learning Centre Search for Ft person Search Reset Form Advanced Search Form Other RIRs Database Search AfriNIC APNIC ARIN LACNIC About RIPE NCC
82. are the significant differences compared to inetnum objects representing PA assignments Where Do New PI Addresses Come from At recent RIPE Meetings 2005 2008 the RIPE NCC reported a steady rise in requests from LIRs for PI address space for End User networks RIPE NCC have reclaimed and recycled space from closed LIRs but at the time of writing October 2009 we are nearing the point where the available PI space will run out In the past RIPE NCC made PI assignments from former Class C space 193 8 and 194 7 Because of the increasing demand for PI space the RIPE NCC made sure that they would be able to use some of their most recent allocation of address space to meet future requests The range 91 192 10 has been designated or PI assignments to End User networks When the Class C space is exhausted the RIPE NCC will start to make PI assignments from 91 192 10 This will be announced when it happens Although the RIPE NCC will put additional RIS beacons in place to make route announcements you may need to update any filters that you have in place References PROVIDER INDEPENDENT PI ASSIGNMENT REQUEST FORM http www ripe net ripe docs pi requestform html SUPPORTING NOTES FOR THE PROVIDER INDEPENDENT PI ASSIGNMENT REQUEST FoRM http www ripe net ripe docs pi requestsupport html ADDRESS SPACE MANAGED BY THE RI PE NCC httos www ripe netripe docs ripe ncc managed address space html IPv4 ADDRESS ALLOCATION AND AS
83. art in the decision making PDP Keywords Discussion forum community membership Regional Internet Registry policy development Contents of this section Introduction to RIPE NCC Introduction to RIPE NCC The policy development process in the RIPE region 1 1 Introduction to RIPE RIPE stands for R seaux IP Europ ens and it is a collaborative forum open to all parties interested in wide area IP networks RIPE is an open community that was set up in 1989 to ensure the administrative and technical co ordination necessary to enable the operation of a pan European IP network No membership is required to be part of the RIPE community Anyone who has any kind of interest in discussing Internet policies is welcome Activities are performed on a voluntary basis and decisions are formed by consensus This means that it is not a majority vote that wins but rather everybody has to agree on the decision RIPE is not a formal organisation nor a legal entity It has no legal power and does not develop Internet standards RIPE Working Groups The RIPE community is an important source of public input for the RIPE NCC RIPE plays an influential role in setting the annual activities and budget of the RIPE NCC Most of the work of RIPE is done in Working Groups WG The working groups meet twice a year but mostly the discussions happen on the mailing lists Each WG has one or more mailing lists All of them are open bu
84. as many assignments to its own infrastructure as needed without needing approval from the RIPE NCC as long as each individual assignment is not larger than the LIR s AW The inetnum objects created for these assignments must include the attribute remarks INFRA AW The LIR and or the Reseller should archive all documentation for these assignments as the RIPE NCC may ask for it at a later stage LIR s allocation e g 20 aS Sub allocation to Reseller e g 23 BR DE l Assignment to Assignment to Assignment to Assignment to LIR s own End User Reseller s own End User infrastructure by LIR infrastructure by Reseller Fig 8 1 Allocation Sub allocations Assignments 90 References IPv4 ADDRESS ALLOCATION AND ASSIGNMENT POLICIES IN THE RIPE NCC SERVICE REGION SECTION 5 4 SUB ALLOCATIONS http www ripe net ripe docs ipv4 policies html sub_alloc 91 92 9 LIR PORTAL Overview The RIPE NCC LIR Portal provides users with secure access to confidential information about their LIR It gives direct access to the RIPE NCC data The LIR Portal lets you update RIPE NCC s account information on your organisation reg file directly so that you don t have to go through the RIPE NCC IP Resource Analysts Once a user is authenticated to the system they will have secure access to the Portal s features LIRS can also reguest Internet Resources from the RIPE NCC online via the LIR Portal Th
85. ase add additional information that you think will facilitate the evaluation of the request This template is a free text space If the Analyst requires additional information in order to understand the request you may be asked more specific questions 6 Network Diagram It is not mandatory to include a Network Diagram however if you do not provide enough information for the IP Resource Analysts to understand the network in question and IP usage of the equipment they will ask you further questions hence delaying approval of your request Please enter Yes if you have attached a network diagram in JPEG or PostScript format to this e mail request A network diagram can be helpful in clarifying the set up of the network and illustrating why the IPs being requested are needed Note If you send the network diagram to RIPE NCC you should include on the diagram the Reg ID the ticket number of the request and the name of the IP Resource Analyst name who is dealing with your request Additional Information Any information that can facilitate the understanding of the request size should be added to the request such as 56 deployment plan e special purpose hardware software AIl this might be necessary to fully understand the network plan and how the network will be deployed If this is already clear from the reguired documentation no additional documentation is needed Signing the Reguest Form Beneath the last l
86. atabase Otherwise the assignment is not valid e Please keep local records up to date At this point records will consist of all the messages exchanged between an LIR and the IP Resource Analysts at the RIPE NCC for each particular End User Make sure to archive the approval message e Keep address assignments together with End User details Also keep all documents relevant for this request If you made an unusual decision or if you have any additional background information keep it as it can be useful for future staff or the RIPE NCC All assignments must be classless and on a bit boundary An assignment is only valid for as long as the original criteria are valid End User Notification At this stage the End User can be informed about the assignment In order for an LIR and its End User to keep consistent information the output of the database command should be sent to the End User With respect to assignments the local records of an LIR should always be consistent with the records in the RIPE Database See Section 6 Registering Address Space in the RIPE Database 63 References IPv4 ADDRESS ALLOCATION AND ASSIGNMENT POLICIES IN THE RIPE NCC SERVICE REGION http Awww ripe net ripe docs ipv4 policies html PROVIDER AGGREGATABLE PA ASSIGNMENT REQUEST FORM http www ripe net ripe docs iprequestform html SUPPORTING NOTES FOR THE PROVIDER AGGREGATABLE PA ASSIGNMENT REQUEST FORM http www ripe net ripe do
87. btain reverse delegation for an IPv4 address range e Address space to be reverse delegated must be part of an allocation or part of an ERX transfer e Set up reverse zones on names ervers e Setup reverse delegation by creating a domain object in the RIPE Database o You must pass the corresponding authentications o mnter in mnt domains of corresponding inetnum usually allocation o for more details see Appendix C o RIPE Database syntax is also checked Before the domain object is created the following are checked by the system e Authentication correct e Name servers and zones set up correctly RFC 1912 e ls address space to be delegated part of an allocation After the successful creation of the domain object in the RIPE Database e You receive notification from the RIPE Database e The NS lines are entered automatically into the parent zone file of RIPE NCC s 8 This is the actual reverse delegation within 2 hours 1 day 118 11 4 24 Reverse Zone Setup It is recommended to use the parameters found in RFC1912 At least two name servers for the zone should be set up One primary name server and one secondary e If the 24 is assigned to an End User who wants to run a primary name server the LIR should run the secondary for backup reasons e ifthe assignment is for the LIR s network it is also recommended to set up DNS on another network Please note that both name servers should not be on the same
88. cation as well Not using mnt routes attributes can be therefore very DANGEROUS Therefore you should put a mnt routes attribute in your inetnum route and aut num objects to avoid this situation mnt by MNTR 7 mnt routes MNTR 9 MNTR 9 is a mntner whose password you can Share with those who create the route object MNTR 7 is your high security mntner whose password PGP key you keep to yourself The mnt routes is only checked by the RIPE Database when a new route object is created See Appendices A and G for the exact description of the authorisation process for creating a route object in the RIPE Database 109 10 5 IRT Database Object The Incidence Response Team IRT object is a new type of object in the database Its main function is to provide contact information in case you are being spammed or hacked from a certain IP address Inetnum objects now have an additional attribute the mnt irt which references the appropriate irt object All the contact information can be found in the irt object Use the c flag when querying the database to find the irt object belonging to a given IP address Whois c lt ip address gt 10 6 Updating Database Objects The term updating refers to creation modification and deletion of Database Objects or NOTE There are three methods to update objects in the RIPE Database via the e mail interface auto dbm ripe net using the Webupdates interface htt
89. change in procedures mntners now can also be created directly in the RIPE DB so this sub menu is redundant Request Forms menu The following Request Forms are available as CGls under this menu IPv4 First Allocation Request Form Provider Aggregatable PA Assignment Request Form IPv4 Additional Allocation Request Form Provider Independent PI Request Form AS Number Request Form IPv6 First Allocation Request Form IPv6 End User Site Assignment Request Form in the RIPE NCC Service Region IPv6 Internet Exchange Points Assignment Request Form These Request Forms are multi stage CGIs When an LIR completes a form they can click a submit button and have the form turned into a request ticket straight away Partially completed request forms can be saved and completed at a later date PA Assignment Wizard see Section 9 5 PA Assignment Wizard Tickets menu READ ONLY e Open Tickets o Ticket number and overview of e mail messages message bodies not shown o Status o Category o Date opened o Date Last Closed Tools menu Links to LIR tools to manage your resources and communications with the RIPE NCC e RIPE Meeting Registration e Whois Queries e Bill Payment e Ticket information and Status e IP Count e Password Encryption for mntners e RIS Queries AS IP e Training Courses timetable and registration e Syntax Checkers IP AS X 509 PKI menu e Generate certificates with the option of aut
90. cs iprequestsupport html LIST OF ANSWERS TO FREQUENTLY ASKED QUESTIONS http www ripe net info fag LIST OF SHORT TIPS ON HOW TO COMPLETE THE REQUEST FORM EASIER AND FASTER http www ripe net info hm tips RFC 2071 NETWORK RENUMBERING OVERVIEW WHY WOULD WANT IT AND WHAT IS IT ANYWAY ftp ftp ripe net rfc rfc2071 txt RFC 2072 ROUTER RENUMBERING GUIDE ftp ftp ripe net rfc rfc2072 txt 64 6 Registering Address Space in the RIPE Database Overview On receipt of the Approval Message from the RIPE NCC the LIR must register the assignment in the RIPE Database This is the LIR s and not the End User s responsibility If the assignment is not registered or registered incorrectly in the RIPE Database itis considered invalid Invalid assignments will cause delays in getting a new allocation or an AW raise and can result in audits Address space is considered in use only if registered in the RIPE Database The RIPE Database as a Public Network Management Database serves in this way to provide contact information for troubleshooting it also enables an overview of address space used in the RIPE NCC service region Creation of objects containing contact and authentication details is described in Section 2 4 See also Section 10 2 Protecting Database Objects 6 1 Creating Network inetnum Objects The final step in the assignment process is to update the RIPE Database with person objects for all the contac
91. ct templates The inverse lookup keys on which inverse lookups can be performed are marked for each object template It is possible to use the i flag to perform inverse lookups for these attributes belonging to diverse objects i admin c lt nic_hdl name gt i tech c lt nic_hdl name gt i zone c lt nic_hdl name gt i author lt nic_hdl name gt i cross nfy lt nic_hdl name gt i pn lt nic_hdl name gt i ac tc zc ah cn i notify lt e mail gt iupd to lt e mail gt auth lt specific auth attribute value gt e g PGPKEY 00D69859 only for PGP and X 509 i mnt nfy lt e mail gt i mnt by lt maintainer name gt i mnt lower lt maintainer name gt i mbrs by ref lt maintainer name gt i mnt routes lt maintainer name gt icross mnt lt maintainer name gt i referral by lt maintainer name gt auth lt method gt lt value gt i org lt organisation ID gt i origin lt AS gt ilocal as lt AS gt imember of lt set name gt i nserver lt hostname IP address gt i sub dom lt domain name gt abuse mailbox lt person role ornanisation mnter or irt gt 10 2 Protecting Database Objects NOTE mntner objects protect other objects in the RIPE database Objects in the RIPE Database are protected by using the mnt by attribute The value of the mnt by attribute is the name of the mntner object that will protect the object It is mandatory to include a mnt by attribute in every
92. d be made clear to the end user PI versus PA Assignments So far in this Reference Booklet whenever talking about assignments we have always implied PA assignments Provider Aggregatable non portable addresses are assigned out of an LIR s allocation block The advantage of these addresses is that ISPs assign this address space in a way that routing information for many End Users can be aggregated once it leaves the provider s routing domain After an End User leaves the service provider that assigned the address space it can be assigned to another End User A disadvantage is that each time a user leaves a service provider LIR the addresses have to be returned to the PA allocation of the former provider i e the user has to renumber the network Provider Independent portable address space is assigned separately most often from Regional Internet Registries and not from an LIR s PA allocated block The apparent advantage of PI address space is that the user does not have to reconfigure their hosts and routers if they decide to leave a particular service provider But the LIR may have routing problems All PI assignments are entered in the RIPE database by a RIPE NCC IP Resource Analyst PI assignments are maintained by the RIPE NCC Hostmaster s Maintainer Requesting PI Space In this section we describe how the LIR can request PI addresses for an End User The End User also has the option of becoming a Direct Assignment User and r
93. d your CVs and all job applications here Webmaster ripe net Questions concerning the RIPE NCC web site Chair ripe net RIPE chair and co chairs Meeting ripe net Questions related to RIPE Meetings where WG chairs send their minutes updates and registration for RIPE Meetings Hostmaster Robot Human Reg ID NOAUTO IP and AS requests Ticket number NEW syntax check Signature of the LIR LONGACK contact person Lir help Human Reg ID Miscellaneous LIR Ticket number questions Signature of the LIR merging contact person updating allocation objects with contact persons or hierarchical authorisation updating reg file Ncc Discussion of RIPE services wg Mailman list Open NCC services An open forum Address Mailman list Open where RIPE address policy wg policy is made that affects address and ASN allocations Announcements Ncc Closed list Registered in the from RIPE NCC to announce Reg file LIRS Auto dbm Robot ACK RIPE Database Test dbm WARNING interfaces 000 Human DP related DB related guestions See reguirements lirportal Mailman list Feedback about LIR Portal 159 Appendix 2 List of RIPE Documents THE MOST IMPORTANT RIPE DOCUMENTS FOR DAY TO DAY OPERATIONS OF LIRS See also http Avww ripe net ripe docs internet registries html IPv4 address space IPv4 ADDRESS ALLOCATION AND ASSIGNMENT POLICIES IN THE RIPE NCC SERVICE REGION http www ripe net ripe
94. ddress of the Whois server when querying the RIPE Database whois h whois ripe net search_terms Especifically FreeBSD whois h whois ripe net Li person Sun whois h whois ripe net t person RedHat 7 whois h whois ripe net t person RedHat 6 whois Lt person whois ripe net Just like in the web interface you can use optional flags in the whois client which can be used either alone or in combination when doing a query These flags are interpreted by the server and not by the client software 26 2 3 3 2 3 4 Glimpse search Glimpse is a multi keyword search facility for all objects and fields in the RIPE Database Also called the RIPE DB Free text Search This search is text based so it is not possible to search for IP addresses or ranges This search tool treats the objects in the RIPE Database as text files and will return any objects that contain the character string you typed in A typical use of Glimpse is finding inetnum objects address ranges belonging to a specific company The Glimpse search takes more time that Whois but usually gives more results You can find Glimpse at htto www ripe net db whois free html When should I use Glimpse You can use Glimpse when you want to query an object using a value that is not a lookup key When using the Glimpse search you do not have to worry about lookup keys because you can query using any part of the object For example in the Glimpse search web
95. docs ipv4 policies html PROVIDER AGGREGATABLE PA ASSIGNMENT REQUEST FORM http www ripe net ripe docs iprequestform html SUPPORTING NOTES FOR THE PROVIDER AGGREGATABLE PA ASSIGNMENT REQUEST FORM http Avww ripe net ripe docs iprequestsupport html IPv4 FIRST ALLOCATION REQUEST FORM http www ripe net ripe docs first allocation html SUPPORTING NOTES FOR THE IPV4 FIRST ALLOCATION REQUEST FORM http Awww ripe net ripe docs first allocation support html IPv4 ADDITIONAL ALLOCATION REQUEST FORM http www ripe net ripe docs add allocation htm ADDRESS SPACE MANAGED BY THE RI PE NCC https www ripe net ripe docs ripe ncc managed address space html RUN OUT FAIRLY PROPOSAL 2009 03 http ripe netripe policies proposals 2009 03 html RIPE Database RIPE NCC DATABASE REFERENCE MANUAL http www ripe net ripe docs databaseref manual html RIPE NCC DATABASE USER MANUAL GETTING STARTED http www ripe net ripe docs ab start html RIPE DATABASE QUERIES REFERENCE CARD http www ripe net db support whois refcard pdf RIPE DATABASE TERMS AND CONDITIONS http ripe net ripe docs terms conditions html NEW VALUES OF THE STATUS ATTRIBUTE FOR INETNUM OBJECTS LIR PARTITIONED http www ripe net ripe docs lir partitioned html IRT OBJECT IN THE RIPE DATABASE http www ripe net ripe docs irt object html Reverse Delegation POLICY FOR REVERSE DELEGATION UNDER in addr arpa IN THE
96. dress space allocation and functions involving domain names Internet Corporation for Assigned Names and Numbers ICANN http www icann org The not for profit organisation responsible for among other duties distributing IP address space to the RIRs for allocation to member organisations ICANN Address Supporting Organisation ASO http www aso icann org One of the Supporting Organisations called for in the ICANN Bylaws to be formed through community consensus The purpose of the ASO is to review and develop recommendations on IP address policy and to advise the ICANN Board on these matters 166 ICANN ASO Memorandum of Understanding ASO MoU Establishing a set of principles that ICANN and the Regional Internet Registries RIRs that have signed the memorandum will use in forming and operating the ASO Internet Engineering Task Force IETF http www ietf org A community of network designers operators vendors and researchers involved in the Internet Internet Exchange Point IXP A meeting place for ISPs where local traffic can be exchanged without having to pass over costly slower international links Internet Protocol IP The method or protocol by which data is sent from one computer to another on the Internet IP Address An individual number assigned to a particular host that uniguely identifies that host much like a telephone number uniguely identifies a person family business or location ip6 ar
97. dress space to another LIR after receiving this assignment the address space returned field of the 4 ADDRESSING PLAN TEMPLATE should be completed specifying all ranges of addresses to be returned to which LIR and before what date by using the following format 61 lt X X X X XXX X gt to lt ISPx gt by lt yyyymmdd gt E g 195 20 42 0 195 20 42 127 to UpstreamiSP by 20030725 A period of 3 months should be sufficient for users to renumber their networks Renumbering Many End Users Renumbering on a 1 to 1 address basis is simple All networks renumbering on a 1 to 1 basis can be included in one PROVIDER AGGREGATABLE PA ASSIGNMENT REQUEST FORM However separate addressing plans should be listed for each End User The End User should contact the former LIR to inform them about the release of the addresses so that they can update their local records and the RIPE database accordingly Approval 62 Please wait until you receive the approval message from the RIPE NCC before entering the objects in the RIPE Database and or informing the End User customer This avoids creating invalid inetnum object s The approval message will read similar to the following Dear John RIPE NCC has approved the assignment of a 24 range of 256 addresses to the network GOODY2SHOES 1 What you must do now 1 Make an assignment from the address space allocated to nl bluelight 2 Register the assignment in the dat
98. e Prefix Inet6num object Ticket number and overview of e mail messages message bodies not shown Resources ASN menu READ ONLY Date AS Number Aut num object in Routing Registry RIPE Database ASinuse lookup for appearance of the AS Number in global routing tables Organisation name Ticket number and overview of e mail messages message bodies not shown Object Editor menu Allocation Editor sub menu READ Your LIR s allocation inetnum objects in the RIPE Database READ AND EDITABLE Following attributes of your LIR s allocation inetnum objects in the RIPE Database country 95 96 admin c tech c remarks mnt lower mnt routes mnt domains notify Note The LIR cannot modify their allocation inetnum objects directly in the RIPE Database Only the above mentioned attributes of the allocations can be modified by the LIR and only via the LIR Portal Organisation Object Editor sub menu READ Your LIR s organisation object in the RIPE Database READ AND EDITABLE Following attributes of your LIR s organisation object in the RIPE Database country admin c tech c remarks mnt lower mnt routes mnt domains notify Note The LIR cannot modify their organisation object directly in the RIPE Database Only the above mentioned attributes of the organisation object can be modified by the LIR and only via the LIR Portal Mntner Object Editor sub menu Here you can create your mntner object Due to
99. e LIR Portal is the LIR S main communication interface with the RIPE NCC RIPE NCC LIR Portal https lirportal ripe net 9 1 How to Activate your Account To activate your LIR s admin account for the RIPE NCC LIR Portal please follow the procedure at the Account Activation Request Form https irportal ripe net irportal activation activation request or click on the Need new account link from the main LIR Portal page at httos irportal ripe nev In the Account Activation Request Form fill out the following e The LIR must supply the RegID unique Registry Identifier name job title e mail address and fax number of the LIR They should also choose a password for the admin account It is also necessary to supply the number of the last invoice sent to the LIR by the RIPE NCC e Once this information has been submitted via the form the LIR will receive a fax with a Fax Confirmation Number on it and e mail with an E mail Confirmation URL e At the URL in the E mail Confirmation URL the LIR should supply the number given in the Fax Confirmation Number This activates the account Once this has been done the LIR can log in using the admin password they selected 9 2 User Accounts Viewing the Resources Each LIR will receive an admin account with the password of their choice This admin is able to create user accounts and set privileges for those accounts enabling the users to view or ed
100. e as for using the email interface In the search field you have to type the flag t followed by the name of the object you wish to create After submitting you will get the template with the attributes to create a person object In the Database homepage you can find a link to the Syncupdates tool or type in your browser http Awww ripe net db syncupdates Paste the template you copied in to the text window you find on the Syncupdates page 38 e CIR Portal t About RIPE NCC Contact Search Sitemap RIPE Database Gi you are here home gt RIPE Database RIPE Database RIPE Database About the RIPE Database Please Enter Your Update To The Form Below e Update RIPE Database i datony single Tookup key person mandatory single lookup key a See pare aranan ddress mandatory multiple e DB Document Library hone mandatory multiple DB Software and Tools ax NO optional multiple a mail optional multiple lookup key e DB Statistics rg optional multiple inverse key e DB Related projects ic hdl mandatory single primary look up key esit remarks optional multiple H pyrig otify optional multiple inverse key e Routing Registry buse mailbox optional multiple inverse key Masse Anis nt by mandatory multiple inverse key S hanged mandatory multiple ource mandatory single ME CE NCC E Learning Centre Submit Auery Make sure t
101. eatudenedceaniletddceenseuainsuuaanaddcnddiiendels 149 17 ADMINISTRATIVE ISSUES iiini rarasira emakakaela 151 ATA E 151 17 2 Billing e E 152 17 3 Closing Merging Taking over an LIR manenennnnnnennannnannnnannnannnnananannnnnnns 153 18 ADVANCE D dee TEE 155 18 1 General M fotmMAL On ein ENEE deeg 155 18 2 Routing Registry Training Course nnnennnnnnnnnnnnnnnnaannnannnnnnanannannnnnnnnnannnnnnna 155 18 3 IPV6 for LIRS Training GOUFSE 15513451 ook des EE 156 19 RIPE NCC E LEARNING CENTRE eege jrk klassikaliste 157 APPENDICE S E 159 Appendix 1 Contact E mail Addresses ennrnnannnvannnnnannnnnannnnnnnnnnnannnnnnnnnnnannnnanns 159 Appendix 2 List of RIPE Documents eeonnnonnennononnoonnnnnnnesooononnaneovennesnsnnonesenonnnaneness 160 Appendix 3 Bit Boundaries Chart ssssseussenunsnunnnnnnnunnnunnnnnnnnnnnnnunnnunnnunnnnnnnnnnnnnnnnnnnn nennen ne 163 Appendix 4 List Of AGFONYMS rit sissi evasorav stavnin p hi aa suva nemad kuat eeh enstastueerensanencaseeverens 164 Appendix 5 RIPE NCC Glossary rnennrenanesnnennneennsenneonneenanennnennnennnennnenanesnnenanesn nennen 165 Appendix 6 Object Templates in the RIPE Database annvnnnnsnnannnnnnnnnnannnnaans 169 Appendix 7 Completed Provider Aggregatable PA Assignment Request Forn 173 Appendices A Ha vidina bie seada dna ete skt kn ruoan nin aada aa 175 182
102. ecenudaieacasunbedenselaulecdadnaeaeccusununsaudcueauedsdias 36 2 4 4 Creating objects using the email interface nnnnnnnnnnnnnnnenannannnnnnnnnnnana 37 2 4 5 Creating objects using the Syncupdates 20nnrnnnnennnnnnnnnnnenannannnnnnnnnnnana 38 3 HOW TO SET UP AN LIR FIRST ALLOCATION 41 3 1 HOW TO Set upam ET EE 41 e e Ce e EE A3 3 3 First Allocation Request and First Assignment Request S 10210n202 2022200 44 4 REQUESTING PA ADDRESS SPACE uuusmut iu ussikeel 47 AL OVE GM ER rn a SO Sn So oe OSE ae OTe Pee Seen ey eee a Sm SOON 47 4 2 Steps of the Assignment Process neonnrnnnnnnennnnnaanenannnnnnnnnnnaannnnanaaannannnnnnnana 47 4 2 Communication with IP Resource Analysts 2nnrnnnnennennnnnnnnennnnannnnnnnnnnnana 50 4 3 Completing the Request Forim ccsssscccsssseeesssseeeeeeseeneeeesseneeeessseeeeesseeeeseesseeeeenesneeees 52 4 3 1 Gathering MTOM ATOM gie 52 4 3 2 Th Reguest E 52 4 4 CONGIUSION3 43 34477722377570720 00717 00 ANETT EAT TAA Eege TEATA TAAS EE TRAATI TASUTA TEMATA gaze 57 5 EVALUATION OF ADDRESS SPACE REQUESTS ieeeeeeeeeeeeernre rererere 59 ed CE VAI a Swcceiteseasnccaacden thie sunsatentedauhesianae Tt IM 59 5 2 Points to Consider for Your Internal Administration cccscseeeeeseseeeeeeeeeeeeeeeeeeees 63 6 REGISTERING ADDRESS SPACE IN THE RIPE DATARBAGE 65 6 1 Creating Netw
103. ects see Section 6 1 Creating Network Objects and Section 8 Sub Allocations 10 4 Mnt by mnt lower mnt routes Attributes in Comparison 10 4 1 The difference between the mnt lower attribute and the mnt by attribute The mntner in the mnt by attribute protects the object itself so that no unauthorised person can modify it in the RIPE Database inetnum 80 8 4 0 80 8 5 255 netname OPENNET descr Example Network A country MTt admin c AB1 RIPE This object is tech c XY3 RIPE status Bi mnt by MNT 1 changed ericm Ofantasy mt 20010828 source RIPE Fig 10 3 The first function of the mnt by attribute If you want to update this inetnum object you have to pass the authentication of mntner MNT 1 e g password or PGP Key The mntner in mnt by attribute of an inetnum object also blocks the IP range of that inetnum object so that only those who can pass the authentication of MNT 1 can create new objects in the same range in the RIPE Database 54 NINT 1 blocks this range in the Database range of OPENNET 80 8 5 255 range of SMALLNET You cannot create SMALLNET unless you can pass OPENNET s mnt by 80 8 4 255 Fig 10 4 The second function of the mnt by attribute If there is also amnt lower attribute in the inetnum object then the mntner in the mnt by attribute will no longer block the range of the object The mntner in the mnt lower will take over this 105 function What is the f
104. ed by the LIR or its End Users must be assigned first If the LIR has an Assignment Window AW it can assign a limited number of addresses without the RIPE NCC s approval See Section 7 Assignment Window 4 1 Overview In this section we shall discuss how to request approval from the RIPE NCC for a Provider Aggregatable PA or non portable assignment from your allocation For a definition of Allocation and Assignment see Section 3 2 Terminology PA assignment is the most common form of assignment PA assignments are made from the allocation of the LIR To be able to assign address space the LIR staff must be familiar with the steps of the Assignment Process between the RIPE NCC the LIR and the End User This section describes how to complete the request form correctly and how to interact with the Registration Services Department IP Resource Analysts of the RIPE NCC The assignment process itself is outlined here How the RIPE NCC IP Resource Analysts will evaluate the request is discussed in Section 5 Evaluation of Address Space Requests 4 2 Steps of the Assignment Process Steps that an LIR needs to go through to make an assignment are outlined in Fig 4 1 on the next page 47 End User makes reguest LIR evaluates reguest y yes See following diagram for details Total size of the request plus all previous assignments NO made to this End SA User within the last ee e yes 1
105. ed in the Authorisation menu before making the update Each mntner object should have a unigue name mntner objects can be created just like any objects using any of the interfaces Webupdates Syncupdates or email of the RIPE Database mntner objects also contain information on contact persons and on and notification details Therefore mntner objects can also be used to notify you of any changes to your objects See also Section 2 4 2 Creation of mntner Objects Example of a mntner object mntner BLUELIGHT MNT descr Maintainer for all Bluelight objects admin c JJ231 RIPE tech c BL112 RIPE auth MD5 PW 1 VbXQqwhTLWGFd upd to jan bluelight nl mnt nfy auto mnt bluelight nl referral by RIPE DBM MNT mnt by BLUELIGHT MNT changed hostmaster bluelight n 20010501 source RIPE This mntner object above protects every object in the RIPE NCC Database that includes the attribute mnt by BLUELIGHT MNT Therefore BLUELIGHT MNT mntner object protects itself as well since it includes a mnt by attribute line referring to itself upd to attribute references the e mail address which will be notified of all failed attempts to modify any object that is protected by the mntner object mnt nfy attribute references the e mail address which will receive notifications of all successful updates referral by attribute is mandatory in mntner objects It references the mntner object that created this object For all
106. ed with the whois t domain command 119 zone c references the NIC handle of a person responsible for the zone The ISP LIR s maintainer is added to this object to protect it from any interference In accordance with RFC 1035 names should be used in the nserver lines and not IP numbers For IPv4 ranges the reverse domain is in addr arpa e For IPv6 ranges the reverse domain is ip6 arpa ip6 int is discontinued See Section 2 4 for creating objects in the RIPE Database See Section 10 2 Protecting Database Objects for how to pass authentications in the RIPE Database 11 6 Range Sizes That Can Be Set Up for Reverse Delegation e All ranges that are part of an allocation or e All networks transferred to the RIPE Database via the Early Registration Transfer ERX Project The full list of these networks is available at http www ripe net projects erx erx ip For IPv4 the following size ranges can be reverse delegated 8 16 24 IPv4 Ranges that are between the sizes of a 24 and a 16 eg a 23 In this case you must create multiple 24 domain objects to cover the entire range If using the RIPE Database e mail interface several domains can be included in one e mail For a range of consecutive 24 zones you can use the shorthand notation for the domain attribute inetnum x y 0 0 x y 9 255 CG domain 0 9 y x in addr arpa For IPv6 the following size ranges can be reverse delegated ranges on nibble boundaries
107. ee to the RIPE NCC Direct Assignment Users however are not members LIRs of the RIPE NCC They cannot use the RIPE NCC member services they cannot use the LIR Portal to request resources from the RIPE NCC since they do not receive a Portal account e they cannot vote at the RIPE NCC General Meeting To request resources from the RIPE NCC Direct Assignment Users must send in a request by email to hostmaster ripe net The appropriate request form can be found here http ripe netripe docs index html 127 References DIRECT INTERNET RESOURCE ASSIGNMENTS TO END USERS FROM THE RIPE NCC http ripe net ripe policies proposals 2007 01 html CONTRACTUAL REQUIREMENTS FOR PROVIDER INDEPENDENT RESOURCE HOLDERS IN TH RIPE NCC SERVICE REGION http ripe net ripe draft documents ripe new draft2007 01 v4 html END USER ASSIGNMENT AGREEMENT http www ripe net ripe draft documents gm october2008 end user agreement html REQUEST FORMS http ripe net ripe docs index html RIPE NCC CHARGING SCHEME 2011 http www ripe net ripe docs charging html INDEPENDENT INTERNET NUMBER RESOURCES CONTRACTUAL RELATIONSHIP CHANGES BETWEEN SPONSORING LIR AND END USER http www ripe net ripe docs ripe 475 html 128 13 PI ADDRESS SPACE This section describes the difference between Provider Aggregatable PA and Provider Independent PI address space The advantages and disadvantages of both address assignments shoul
108. eferenced by their nic hdl and not by their name It is basically the person s ID and avoids ambiguity of persons with the same name Here is an example of a nic hdl JS484 RIPE The first two letters stand for the person s name example John Smith The number refers to the number of people registered in the Database whose first and last names start with JS In this case John Smith is the 484 person This is followed by RIPE as it is registered in the RIPE database A nic hdl can be obtained in the following way When creating a person or role object you should fill out the nic hdl field with a placeholder AUTO number initials AUTO nn xxxx e g nic hdl AUTO 1 or nic hdl AUTO 1AB The Database software will either take initials from the person s name or use initials you want to force if they are stated instead of xxxx changed your e mail address must be specified in this field The database robot will add the date of creation or modification of the object in the changed field source specifies the Registry database where the object can be found in this case RIPE mnt by here you should type the name of your maintainer password If the mntner which protects this object ie the mntner in the mnt by field has password authentication then you should fill in the clear text version of this password here If your mntner has PGP authenticaton then the password field is not needed If you do not
109. equest PI themselves directly from the RIPE NCC That is described in Section 12 2 in Section 12 Direct Resources If the LIR wants to request PI addresses on behalf of an End User then the LIR must first sign a contract with the End User see in Section 12 1 and the sample contract in the References at the end of Section 12 Direct Resources The LIR must then use the PROVIDER INDEPENDENT PI ASSIGNMENT REQUEST FORM The request procedure for PI space is almost identical to the request procedure for PA address space described in Section 4 Assigning PA Address Space and Section 5 Evaluation of Address Space Requests The two main differences are e adifferent request form with 2 additional templates is used for PI assignments INITIAL INFORMATION DATABASE TEMPLATE e the RIPE NCC IP Resource Analyst creates the inetnum object for the PI assignment in the RIPE Database Please read Sections 4 and 5 Assigning PA Address Space and Evaluation of Address Space Requests for an explanation of the request form templates and procedures that are similar for PA and PI requests There are 2 additional templates in the P ASSIGNMENT REQUEST Form 129 130 The first additional template is INITIAL INFORMATION In this template you should provide the information to explain why PI address space is requested instead of PA Address Space It is important that you answer all 3 questions in the INITIAL I
110. esponsibility to keep their aut num up to date It is also the user s responsibility to keep the routing policy and the information about referenced contact persons up to date in the Routing Registry RIPE Database An example of a completed aut num template aut num NEW as name BLUELIGHT AS descr Bluelight AS import from AS2 action pref 20 accept AS2 import from AS3 action pref 100 accept ANY import from AS2 action pref 200 accept ANY export to AS2 announce NEW export to AS3 announce NEW org ORG PIE1 RIPE admin c JJ231 RIPE tech c JAJA1 RIPE mnt by NEW MNT mnt routes NEW MNT TWO Don t include the date changed hostmaster ripe net in the template in the source RIPE request form 14 4 14 5 32 Bit AS Numbers From 1 January 2007 the RIPE NCC can assign 32 bit 4 Byte Autonomous System Numbers ASNs From 1 January 2010 the RIPE NCC will cease to make any distinction between 16 bit only AS Numbers and 32 bit only AS Numbers and will operate AS Number assignments from an undifferentiated 32 bit AS Number allocation pool Terminology 2 byte 16 bit only AS Numbers refers to AS Numbers in the range 0 65535 4 byte 32 bit only AS Numbers refers to AS Numbers in the range 65536 4294967296 4 byte AS Numbers refers to AS Numbers in the range 0 4294967296 There is more information about this policy in the RIPE Document AUTONOMOUS SYSTEM AS NUMBER ASSIGNMENT POLICIES AND PRO
111. ess space is valid as long as the criteria for the original assignment are still met However assignment of address space does NOT imply that this address space will be ROUTABLE ON ANY PART OF THE INTERNET It is expected that the users will have to pay a premium for actual routing of PI addresses as opposed to PA addresses It may eventually become impossible to get relatively small amounts of PI space routed on most of the Internet We strongly suggest you contact any prospective service provider for information about the possibility and pricing of service when using PI addresses You can also refer the End User to the IPv4 policy document which says Provider Independent Address Space PI In contrast to PA address space PI address space in not aggregatable but remains assigned to the original network as long as the criteria for the original assignment are met However PI addresses are expensive to route as no use can be made of aggregation and therefore might not be globally routable PLEASE NOTE THAT THE USE OF PA ADDRESS SPACE SHOULD ALWAYS BE RECOMMENDED LIRs must make it clear to the End User which type of address space is assigned Clear contractual arrangements that specify the validity and duration of the address assignment are strongly recommended for every address assignment The RIPE NCC needs a confirmation that the LIR has passed this warning on to their customer End User and that the End User understands and accep
112. ests like verifying whether all necessary sections are there and if all mandatory fields are completed correctly As a reply the LIR will receive an acknowledgement that the message has been received with diagnostics of the reguest If you are re sending a reguest with corrections according to the error messages received the same ticket number must be used in the subject line If you are correcting the ERRORS that the Hostmaster Robot has found please re send a new completed form and do not just correct the errors in the Hostmaster Robot s message If the request does not contain no errors the robot will forward it to the Ticket Queue A human IP Resource Analyst will then pick up the request from the Ticket Queue and might still ask you guestions However when answering a Analyst s AUESTIONS you do not have to resend a new completed form The robot will only send error reports a few times after that it will give up and pass the reguest with the error report to the IP Resource Analyst If you the reguester do not understand any error you can bypass the robot by including keyword NOAUTO in the Subject line of the e mail Keyword ROBOTHELP can be included in the subject line for more help regarding how the robot functions Robot help page htto www ripe net rs status html Robot source code fto ftp ripe net tools autohm 1 25 tar gz Use the LIR Portal to edit the list of registered LIR contact persons for your LIR
113. et RPS Security An as block object is needed to delegate a range of AS numbers to a given repository This is needed for authorisation and it is needed to avoid having to make an exhaustive search of all repositories to find a specific AS mnt routes _ The mnt routes attribute may appear in an aut num inetnum or route object This attribute references a mntner object which is used in determining authorisation for the addition of route objects After the reference to the mntner an optional list of prefix ranges as defined in RPSL inside of curly brackets or the keyword ANY may follow The default when no additional set items are specified is ANY or all more specifics The mnt routes attribute is optional and multiple mnt lower The mnt lower attribute may appear in an inetnum route as block or aut num object This attribute references a mntner object When used in an inetnum or route object the effect is the same as a mnt routes but applies only to prefixes more specific than the prefix of the object in which it is contained In an as block object mnt lower allows addition of more specific as block objects or aut num objects In an aut num object the mnt lower attribute specifies a maintainer that can be used to add objects with hierarchical names Amnt routes attribute in an aut num object allows addition of route objects with that AS number as the origin to the mntners listed A mnt routes attribute in an inetnum object allows add
114. etermined in a hierarchical fashion For example the administration of the top level domain nl is performed by a ccTLD administrative person The subdomain bluelight was delegated by them to Blue Light Internet which uses the name www to refer to one of the hosts in their network After the name www has been properly specified in the name server for bluelight nl the domain name www bluelight nl can be used to find its corresponding Internet host The IN ADDR ARPA domain tree is described in more detail in Chapters 1 and 2 of O Reilly s DNS and BIND 4 Edition 117 Reverse Delegation for IPv4 takes place exclusively on octet 8 16 and 24 boundaries The same mechanism is used in reverse and forward delegation but the authority of delegation is somewhat different In order to use the same mechanism as forward DNS a special domain in addr arpa is created An IP address has to be reversed written in reverse order and suffixed by in addr arpa E g in order to reverse map 195 35 65 1 it must become 1 65 35 195 in addr arpa IN ADDR ARPA Domain ROOT AN T edu Pa nl arpa Wi net bluelight in addr e ii OS www 195 35 65 1 213 193 195 194 35 Forward mapping 65 A 195 35 65 1 Reverse mapping 1 1 65 35 195 in addr arpa PTR www blueliaht o Fig 11 1 The in addr arpa Domain as Part of the DNS Tree 11 3 Setting Up Reverse Delegation You must go through the following steps to o
115. eting a delegation is simple Just delete the domain object in the RIPE Database The reverse delegation will be automatically deleted Within 2 hours 1 day See Section 10 6 Updating Deleting Objects in the RIPE Database See Appendix E for authentication requirements for deleting a reverse delegation Generally speaking in both cases you have to pass the authentication check of the mntner in the mnt by attribute of the domain object 11 10 Common Errors when Setting Up Reverse Delegation e No allocation or ERX transfer for the address range to be reverse delegated e IP addresses instead of names of name servers in the domain object e Trying to get reverse delegation for a range that is not on octet boundaries 24 or 16 e Incorrect DNS setup not according to RFC 1912 or http www ripe net ripe docs dns soa html For more common errors and solutions to them see the REVERSE DELEGATION FREQUENTLY ASKED QUESTIONS at http www ripe netreverse 11 11 Reverse Delegation for Assignments lt 24 The classless inaddr technique described in RFC 2317 enables the possibility of reverse delegation for prefixes longer than a 24 However the RIPE NCC does not directly reverse delegate networks smaller than 24 from Provider 121 122 Aggregatable PA blocks It is therefore the responsibility of the administrator of the 24 address space that encloses the lt 24 address space in question to co ordinate reve
116. ew ticket number An LIR should therefore never send two requests in the same message Moreover as a ticket number is associated with a specific request it should never be re used for another request Never send a message about a particular request without quoting its ticket number otherwise the system will assign ita new ticket number and thus create a duplicate request The format of the ticket number is NCC YYYYMMnnnn e g NCC 2003073280 The status of any ticket can be looked up on the LIR Portal s or the following web page htip Avww ripe net cgi bin rttquery Status can be OPEN REG OPEN NCC and CLOSED OPEN REG means that the RIPE NCC is waiting for a response from the LIR OPENNCC means that the LIR is waiting for a response from the RIPE NCC The tool also permits the LIR the use of labels in the ticket s messages Any text in the Subject of a message between the opening delimiter and the closing delimiter is displayed next to that message Having a ticket number does NOT mean that the request is going to be seen by a human If there are syntax errors the Hostmaster Robot will return the request to the sender with an error report and it will NOT be placed in the Ticket Queue The request will not be processed until the errors are fixed The Hostmaster Email Robot Apart from issuing a ticket number other automated actions will be performed by the Hostmaster Robot The robot checks the syntax of requ
117. face to encrypt a clear text password can be found at http www ripe net cgi bin crypt cqi This method may be subject to two types of attacks Password cracking This is the same kind of attack to which normal computer passwords can be subjected to There are programs available that can be used to attempt to decode the password either by checking it against dictionaries or by attempting all possible combinations Mail snooping when submitting updates via e mail As the update message contains the password in clear text there is a chance that the password will be seen if the message is intercepted in transit between the user s system and the database server machine e PGP KEY lt key ID gt This is a strong form of authentication The authentication information is a signature identity pointing to a public key certificate which is stored in a separate object key cert The maintainer is authenticated if the transaction is signed by the corresponding private key The RIPE NCC does not guarantee that a key belongs to any specific entity it is not a certificate authority Anyone can supply any public keys with any ownership information to the database and these keys can be used to protect other objects by checking that the update comes from someone who knows the corresponding secret key A key cert object is a database public key certificate that is stored on the server and may be used with a mntner object for authentication when perform
118. filled out if necessary Please sign the form state your name at the bottom of the reguest under the END of REGUESTJ line For a complete explanation on how to fill out the reguest form read the SUPPORTING NOTES FOR THE AS NUMBER REQUEST FORM The completed request form should be submitted to hostmasterOripe net You can also fill out the AS Request Form online via the LIR Portal When filling out the aut num object template in the reguest form the placeholder AS NEW can be used instead of unigue AS number in order to specify your Autonomous System for expressing routing policies The export attribute describes announcements that AS NEW makes towards peers The import attribute describes the announcements that AS NEW listens to pref 65336 BGP localpref The higher the value of localpref the lower the value of pref The lower the value of pref is the more preferred a route is Before assigning the AS number RIPE NCC IP Resource Analysts will check the following e Does the customer requesting an AS number have address space e Is the customer planning to be multi homed e Is the routing policy specified in the application form consistent e Is it possible to use private AS numbers AS gt 64511 After approval RIPE NCC IP Resource Analyst creates aut num object and informs reguestor The user will then create a route object s for the route s announced from this AS It is the user s r
119. first allocation In order to receive this AW raise to 21 the LIR should have no invalid assignments and assignment overlaps in the RIPE Database All past assignments they made should be registered in the RIPE Database This means that all new LIRs need to request approval before making each assignment until their AW has been raised There is no maximum AW The AW is applied separately to each End User per 12 months AW 0 If the AW is zero every request needs to be sent to the RIPE NCC For each request a separate request form is needed You can find out the size of your LIR s AW by logging on to the LIR Portal with a user account and going to the Resources gt IPv4 menu 75 HOW TO AVOID COMMON MISTAKES WITH ASSIGNMENT WINDOWS IMPORTANT POINTS The AWis not accumulative from one year to the next If an LIR did not make any assignments to an End User within a 12 months period they can still only make assignments up to the LIR s AW in the following 12 months period to that End User The AWis per End User The AW is the maximum amount of address space an LIR can assign to each of its End Users in any 12 month period without needing approval from RIPE NCC NOTE The AW is NOT the total amount of address space an LIR can assign to all of its End Users together in a 12 month period If an LIR has several End Users then it could assign its full AW to each End User in a 12 month peri
120. for that End User s network without sending the request to the RIPE NCC The following steps must be taken by the LIR See Fig 7 1 A range of addresses from the LIR s allocation is chosen Local records are updated The inetnum is entered into the RIPE Database An acknowledgment is received from the Database The End User is informed of which addresses they have been assigned i bs Above the AW If however the total size of this request and all assignments made to_this End User within the last 12 month period excluding assignment requested from the RIPE NCC exceeds the LIR s AW then this request should be sent to the RIPE NCC IP Resource Analysts for evaluation and approval see Section 4 Requesting PA Address Space and Section 5 Evaluation of Requests After approval from the RIPE NCC the same steps as above must be taken by the LIR See Fig 7 2 A range of addresses from the LIR s allocation is chosen Local records are updated The inetnum is entered into the RIPE Database An acknowledgment is received from the Database The End User is informed of which addresses they have been assigned IRONS Q How many IP addresses can assign today to an End User without having to ask for approval A Count back 12 months to find out i e Add up all the assignments to that End User within the last 12 months excluding assignments approved by the RIPE NCC let s say the sum x The n
121. frican community for the purpose of managing IP addressing in the continent Aggregation One of the main goals of Internet administration Aggregation refers to the distribution of public Internet addresses in a hierarchical manner permitting the summarisation or aggregation of routing information and limiting the number of routing entries advertised in the Internet Allocation Refers to the range of addresses made available to a Local Internet Registry LIR that in turn is used by the LIR to make address space assignments to End Users or to the LIR s own network American Registry for Internet Numbers ARIN http www arin net A Regional Internet Registry RIR serving North America and African countries located south of the equator Asia Pacific Networking Group APNG http www apng org An Internet organisation that aims to promote the Internet and the coordination of network inter connectivity in the Asia Pacific region Asia Pacific Network Information Centre APNIC http www apnic net A Regional Internet Registry RIR serving the Asia Pacific region Asia Pacific Regional Internet Conference on Operational Technologies APRICOT http www apricot net Providing a forum for key Internet builders in the region to learn from their peers and other leaders in the Internet community from around the world Assignment Refers to address space that a Local Internet Registry LIR distributes to an End User organi
122. ger If there is a change of the LIR s name the registration documentation from the relevant Chamber of Commerce or its country equivalent supporting the name change must be submitted to the RIPE NCC by fax For more details see MERGERS ACQUISITIONS AND CLOSURES OF ORGANISATIONS OPERATING AN LIR It is also possible to transfer IPv4 resources between LIRs For more details see ENABLING METHODS FOR REALLOCATION OF IPV4 RESOURCES References RIPE NCC CONSISTENCY AND AUDITING ACTIVITY http www ripe net ripe docs ripe 170 html AUDIT ACTIVITY http www ripe net ripencc mem services registration audit index html RIPE NCC Activity PLAN 2011 http www ripe net ripe docs ap html RIPE NCC BILLING PROCEDURE AND FEE SCHEDULE 2011 http www ripe net membership billing orocedure html CALCULATING YOUR LIR s BILLING SCORE http www ripe net nembership billing calculation html RIPE NCC CHARGING SCHEME 2011 http www ripe net ripe docs charging html http ripe net info faq membership charging scheme html RIPE NCC BUDGET 2011 http www ripe net ripe docs budget html MERGERS ACQUISITIONS AND CLOSURES OF ORGANISATIONS OPERATING AN LIR http www ripe net ripe docs mergers html ENABLING METHODS FOR REALLOCATION OF IPV4 RESOURCES htto ripe netripe policies proposals 2007 08 html 18 18 1 18 2 ADVANCED COURSES General Information As service to its members the
123. hat before you complete the template you delete the information from the mandatory attributes The object also has optional attributes which if you do not want to use you need to delete them from the template Empty attributes cannot be included in the final template After removing this information fill in your template and once completed click the submit query button CUR Portal RIPE About RIPE NCC Contact Search Sitemap RIPE Database Quick Links 5 you are here home gt RIPE Database RIPE Database About the RIPE Database Please Enter Your Update To The Form Below Update RIPE Database RIPE Database person Susan Fowler jaddress Singel 258 Amsterdam DB Document Library Iphone 31205354444 DB Software and Tools Mic hdl auto 1 Imnt by azurro mnt Ichanged susfowler Abluelight ni e DB Related projects source RIPE password kormos Support Information DB Statistics DB Copyright Routing Registry News Archive E Learning Centre Submit Query Back to the Syncupdates index page Immediately on the screen you will get a summary of update from the Database that will tell you if the object was created or not 39 From Host 193 0 3 1 Date Time Wed Feb 25 11 34 09 2009 SUMMARY OF UPDATE Number of objects found 1 Number of objects processed successfully 1 Create 1 Modify 0 Delete H No Operat
124. hin specialised Working Groups WG The working groups and their e mail addresses are listed at the beginning of this chapter Bottom Up Decisions are taken by the different regional communities by RIPE in the RIPE region Global policy is coordinated by the Regional Internet Registries eg the RIPE NCC based on the policies developed in their region Policy Development Process Facilitators wt arme Policy Making Community i T Fig 1 2 Regional and Global Policy Development Process 19 Which policies can be influenced Broadly speaking we can categorise policies under three headings Below you can see what policies can be influenced in which RIPE Working Groups Internet number resources distribution address policy wg RIPE database operations db wg Operational recommendations routing wg dns wg anti spam wg ipv6 wg Phases in the Policy Development Process If you would like a change make your own policy proposal and send it to 1 Proposal phase To propose a new policy you don t need Oto be a member of the RIPE NCC Anyone can participate The discussion about the proposal takes place in the appropriate Working Group mailing list 2 Discussion phase A draft document is prepared by the proposer and it is published on the RIPE NCC website and announced o the Working Group mailing list for review The draft document is reviewed Comments on the draft are solicited c
125. ho can pass the authentication of the mntner in mnt lower MNT 2 in Fig 10 7 can only create overlapping objects 106 So let us have a look at the example in Fig 10 3 and Fig 10 4 again this time with a mnt lower included in the inetnum object OPENNET X inetnum 80 8 4 0 80 8 5 255 netname OPENNETX descr Example Network AX country MT admin c AB1 RIPE tech c XY3 RIPE status mnt by MNT 1 This object is protected by MNT 1 changed ericm fantasy mt 20010828 source RIPE Fig 10 7 mnt by and mnt lower attributes in the inetnum object If you want to update this inetnum object you must pass the authentication of mntner MNT 1 The mntner in the mnt lower attribute of the inetnum object blocks the IP range of that inetnum object so that only those who can pass the authentication MNT 2 can create new objects in the same range in the RIPE Database MNT 2 blocks this range in the Database range of OPENNET X 80 8 5 255 range of SMALLNET X i SMALLNET X unless you can pass 80 8 4 255 OPENNET X s mnt lower 80 8 4 0 You cannot create Fig 10 8 The mnt lower attribute protecting the range Please note that if there is both a mnt by and mnt lower attribute in an inetnum object then only the mntner in the mmtner 1lower blocks the range of the inetnum object MNT 2 in Fig 10 7 and Fig 10 8 107 108 If you want to create the inetnum object SMALLNET X you must pass the authent
126. ht never need them Making too large internal reservations could result in just the opposite of what you want to achieve The allocation could become too fragmented making it difficult to fulfill the criteria for an additional allocation i e filling up the allocation to 80 with assignments IP Address Management Tools Tools for managing LIR s allocated address space 68 IP Address Management IPAM tools are increasingly important as new IPv6 networks are deployed with larger address pools different subnetting techniques and more complex 128 bit hexadecimal numbers which are not as easily human readable as IPv4 addresses IPv6 networking mobile computing and multihoming require more dynamic address management and are causing technical obsolescence of the early generations of IP address management IPAM software and spreadsheets used for address management from Wikipedia article RIPE NCC does not endorse nor guarantees the quality of any of the tools they are listed only for your information Free These tools are either Free Software free of charge and or Open Source Tools with IPv6 Support IPAT IP Allocation Tool http nethead de index php ipat NetDot https netdot uoregon edu trac HaCi http sourceforge net projects haci FreelPdb http home globalcrossing net freeipdb Infoblox IPAM Freeware http Awww infoblox com services infoblox ipam freeware cfm IPv6 Subnet Calculator http Awww
127. ibute in the inetnum objects was introduced LIR PARTITIONED PA PI This new feature allows LIRs to delegate maintenance of different parts of their allocated space to for example different parts of their organisation by introducing intermediate objects between allocation and assignment and by using separate mnt lower and mnt routes attributes in these objects 69 See Section 10 3 Hierarchical Authorisation The value of LIR PARTITIONED PA PI is allowed if one level less specific inetnum object contains a status attribute with the value of ALLOCATED PA PI or LIR PARTITIONED PA PI This does not affect the responsibility LIRs have for allocations and assignments held by them Furthermore inetnum objects with the status LIR PARTITIONED PA PI are not taken into account when calculating the utilisation level of an allocation Remember The utilisation level has to be 80 to get a new allocation Only inetnum objects with the status ASSIGNED PA or ASSIGNED PI or SUB ALLOCATED PA are taken into account for the utilisation level 6 3 Registering an Assignment via the Database E mail Interface When submitting new object templates completed templates should be sent via e mail to auto dbm ripe net with the keyword NEW in the subject line This is an automatic mailbox handled by a robot The syntax of the template will be automatically checked by the e mail robot The e mail robot then replies with a Summary of Update mes
128. ic dial up Amsterdam 1 subnet 25 0 120 120 dynamic dial up Utrecht subnet 26 24 35 50 Amsterdam office LAN 2 subnet 27 0 12 25 web mail ftp servers Utrecht subnet 27 10 12 19 web mail ftp servers Amsterdam subnet 28 14 14 14 training room LAN Amsterdam totals 24 25 28 168 313 348 TL _V Which netname will be used when registering this network in the RIPE Database netname LAIKA NET This column only in CIDR These 3 columns either in e g 25 format CIDR e g 25 or number e g 128 format Please note that as a result of implementing the RIPE Policy Proposal 2009 03 also known as the Run out Fairly Proposal The Assignment Periods Planning Periods will get successively shorter Immediate req Intermediate req Entire Period 1 Jan 2010 immediate 6 months 12 months 1 Jul 2010 immediate 6 months 9 months 1 Jan 2011 immediate 3 months 6 months 1 Jul 2011 immediate 2 months 3 months Always use the same netname for assignments to the same End User Always use the same netname to all assignments to your LIR s own infrastructure You should describe the purpose of the assignment in the description attribute of the inetnum object you will created for the assignment in the RIPE Database Not in the netname attribute 55 4 Eguipment Description template It is not mandatory to fill out this template however if you do not provide enough information for the IP Resource A
129. ication of either the mntner referenced in the mnt lower or the mntner in mnt by of OPENNET X i e MNT 2 or MNT 1 inetnum 80 8 4 0 80 8 4 255 netname SMALLNET X descr Example Network BX country MT admin c CD RIPE This object is tech c WZ1 RIPE status mnt by changed johng magic mt 20020615 source RIPE Fig 10 9 SMALLNET X If you want to modify the SMALLNET X inetnum object in Fig 10 9 you have to pass the authentication of mntner MNT 3 Note MNT 1 or MNT 2 which are in the mnt by and mnt lower attributes respectively of OPENNET X do not protect SMALLNET X mntners in mnt lower or mnt by attribute only block the creation of new objects one level below This means that once you have created the inetnum object SMALLNET X MNT 2 or MNT 1 will only block the second half of OPENNET X s range because there is an overlapping object under the first half of the range If you do not include a mnt by or a mnt lower in SMALLNET X anyone can create new objects in SMALLNET X s range 80 8 4 0 80 8 4 255 MNT 2 will block only this part St of the range in the Database if range of OPENNET X 80 8 5 255 range of SMALLNET X veelt you create SMALLNET X 80 8 4 255 Fig 10 10 The mnt by or mnt lower attributes prevent the creation of overlapping objects but only one level lower In your allocation object RIPE NCC will include a mnt lower attribute referencing your mntner Therefore only employees of
130. ications such as FTP e mail and telnet allow users to specify an Internet destination host as a domain name such as www bluelight nl as names are easier to remember than numbers However before an application can send IP packets the IP address of the destination host must be determined The Domain Name System DNS was devised to obtain the IP address for a given domain name The inverse procedure which produces the domain name from the IP address is called reverse address mapping or reverse delegation and is the focus of this section Why is Reverse Delegation Necessary In this example FTP is used to illustrate the need for reverse delegation Many FTP sites want to know which domain is requesting access If reverse delegation is correctly set up by the domain sending the packet the accessed domain may successfully trace it back to its origins Name based virtual hosts are an exception Hosts from address space which have not been reverse delegated may have problems accessing some FTP sites Not setting reverse address mapping correctly may have the following consequences a users are blocked from various services FTP mail b troubleshooting becomes more difficult since lookups cannot find the name of a particular machine and the users cannot be identified c more network traffic is generated as a result of failing lookup responses IN ADDR ARPA Domain Tree Similar to the UNIX file system the full name of an IP host is d
131. identifier and that references contact details for a specific person or team North American Network Operators Group NANOG http www nanog org ANorth American forum for the co ordination and dissemination of technical information related to backbone enterprise networking technologies and operational practices Number Resource Organization NRO http Avww nro net Serving as the coordinating mechanism of the Regional Internet Registries RIRs to act collectively on matters relating to the interests of the RIRs 167 Regional Internet Registry RIR Not for profit organisations established under the authority of the Internet Assigned Numbers Authority IANA that operate in large geopolitical regions such as continents Responsible for the coordination and representation of Internet Registries allocation and assignment of IPv4 and IPv6 address space Autonomous System Numbers and maintenance of public databases Request for Comment RFC A document series of the Internet Engineering Task Force IETF that focuses on computing concepts computer communications networking and Internet protocols R seaux IP Europ ens RIPE A collaborative forum open to all parties interested in wide area IP networks The objective of RIPE is to ensure the administrative and technical coordination necessary to enable the operation of the Internet within the RIPE region Reverse Delegation The mapping of IP addresses to domain names u
132. in American and Caribbean Network Information Centre Local Internet Registry North American Network Operating Group National Institute for Nuclear and High Energy Physics translated from Dutch Pretty Good Privacy Post Office Protocol or Point of Presence Point to Point Protocol Policy Based Routing Implementation and Development in Europe Router Arbiter Project Routing Arbiter Database R seaux Associ s pour la Recherche Europ enne R seaux IP Europ ens RIPE Network Coordination Centre Regional Internet Registry Routing Information Service Routing Policy Specification Language Routing Registry in DNS Resource Record Registration Services Trans European Research and Education Networking Association Top Level Domain Training Services Test Traffic Test Traffic Measurements Working Group Appendix 5 RIPE NCC Glossary ASO Address Council AC Manages the business functions of the Address Supporting Organisation ASO including the development of policy in accordance with the guidelines defined by the Memorandum of Understanding MoU Africa Network Operator s Group AFNOG http www afnog org A forum for the exchange of technical information Aims to promote discussion of implementation issues that require community cooperation in the African region African Network Information Center AfriNIC http www afrinic net A Regional Internet Registry RIR serving the African region proposed by the A
133. ine of the Request form the requester must put his her signature END OF REQUEST John Smith Requests without a signature or Reg ID will be rejected 4 4 Conclusion This section described the necessary documentation for a planned network before address space can be assigned and how to communicate in the most efficient way with RIPE NCC IP Resource Analysts The next steps in the Assignment Process are described in Section 5 Evaluation of Address Space Requests and Section 6 Registering Address Space in the RIPE Database References IPv4 ADDRESS ALLOCATION AND ASSIGNMENT POLICIES IN THE RIPE NCC SERVICE REGION http www ripe net ripe docs ipv4 policies html PROVIDER AGGREGATABLE PA ASSIGNMENT REQUEST FORM http www ripe net ripe docs iprequestform html SUPPORTING NOTES FOR THE PROVIDER AGGREGATABLE PA ASSIGNMENT REQUEST FORM http www ripe net ripe docs ipreguestsupport html RUN OUT FAIRLY PROPOSAL 2009 03 http ripe netripe policies proposals 2009 03 html 57 58 5 EVALUATION OF ADDRESS SPACE REQUESTS In this chapter we shall discuss how the IP Resource Analysts will evaluate your PA assignment request Overview RIPE NCC IP Resource Analysts evaluate each request separately using criteria outlined in the RIPE document IPv4 ADDRESS ALLOCATION AND ASSIGNMENT POLICIES IN THE RIPE NCC SERVICE REGION Where submitted information is insufficient or unclear Analysts may ask addit
134. ing updates Currently PGP and GPG keys are supported DSS Diffie Hellman and RSA algorithms In order to create a mntner with auth PGP KEY lt key ID gt you must follow these steps 1 Create a mntner object with any form of authentication not PGP 2 Create a PGP key pair at http www gnupg org you will get your key ID here 3 create a key cert object the key cert object will contain your public PGP key in the certif attributes and the key ID in the key cert attribute 4 modify the mntner to include auth PGP KEY lt key ID gt Whenever you update objects protected by a mntner with a PGP authentication include the PGP 103 signature in the e mail body or as a MIME attachment For more information see httio www ripe net db support security pgp html For more information about the free PGP like product called Gnu Private Guard GPG please see http gnupg org key cert Object Generated attributes EE EE leave empty when creating object method PGP owner oe User lt joe example net gt fingerpr 9D 82 4B B8 38 56 AE 12 BD 88 73 F7 EF D3 7A 92 certif BEGIN PGP PUBLIC KEY BLOCK certif Version 2 6 3ia certif certif mQA9AzZizeQAAAEBgJsq2Y foInVOW1LLxalmR14G1UZEdOWgrUH9iXjZ certif a uqWiLnvN5 9S 4rgDQAFEbQeSm9 11 FRoZSBVc2VyIDxqb2VAZXhhbxXB certif iQBFAwUQNmLN5ee83n1LiuANAQFOFQGAmow1 UY tF xnWBdMNDKBiOSy certif YvpKr05Aycn8Rb55E10nZL5KhNMYU gd certif nfno certif
135. ion 0 Number of objects processed with errors 0 Create 0 Modify 0 Delete 0 Syntax Errors 0 DETAILED EXPLANATION The following object s were processed SUCCESSFULLY Create SUCCEEDED person SF4673 RIPE Susan Fowler Warning Date 20090225 added to changed attribute susfowlertbluelight nl Info Authorisation for person auto 1 using mnt by authenticated by azurro mnt For assistance or clarification please contact RIPE Database Administration lt ripe dbm ripe net gt There might be some warning message which will not prevent the object from being created but it may require your attention If there is an error message your object was not created First you must correct the error that is specified in the message and then submit the corrected template References 40 RIPE DATABASE http www ripe net whois RIPE DATABASE DOCUMENT LIBRARY http ripe net db docs html RIPE NCC DATABASE USER MANUAL GETTING STARTED http www ripe net ripe docs db start html RIPE DATABASE QUERIES REFERENCE CARD http www ripe net db supportwhois refcard pdf RIPE NCC DATABASE REFERENCE MANUAL http www ripe net ripe docs databaseref manual html RIPE DATABASE TERMS AND CONDITIONS http ripe net ripe docs terms conditions html RIPE DATABASE FAQ http www ripe netinfo fag db main html RFC 2622 ROUTING POLICY SPECIFICATION LANGUAGE RPSL ftp ftp ripe net rfc rfc2622 txt RFC 2650 USING RPSL
136. ion focusing on cooperation wg Oripe net cooperation between the private and public sectors on Internet matters More information about RIPE Working Groups can be found at http www ripe netripe wg All working groups have mailing lists where important discussions take place Subscription to mailing lists is possible at the following webpage http www ripe net mailman RIPE also has a general announcement e mail list lt ripe list ripe net gt The mailing lists are open but moderated for spam More information about mailing lists and mailing list archives can be found at httpos www ripe net maillists RIPE Meetings The RIPE meetings are held twice a year within the RIPE region and their main purpose is to discuss technical and policy issues affecting Intemet administration The RIPE meetings are open to the public In each meeting discussions are split in to Working Groups These discussions range from technical matters such as DNS routing and database to policy issues affecting Internet administration such as IP assignment and allocation policies Network operators also meet at RIPE Meetings to discuss technical co ordination matters RIPE Meetings provide an opportunity for the community to meet face to face and exchange information and experiences relating to IP networking No membership is needed so everybody can attend a RIPE meeting and become part of the community Policies regarding IP networking are created withi
137. ional questions In the following we will discuss how the most important sections templates of the PROVIDER AGGREGATABLE PA ASSIGNMENT REQUEST FORM will be evaluated by the Analysts 5 1 Evaluation First of all the IP Resource Analyst will check if the request is coming from the registered LIR contact person registered in the LIR s reg file If not the request will be marked as not coming from the contact person and the Analyst will ask the registered contact person for confirmation General Information The Hostmaster Robot will check if the x ncc regid field is filled out correctly Address Space User The human IP Resource Analysts will check if the organisation name is filled out correctly From the name filled out in this field it should be clear whether the addresses are requested for the LIR s own infrastructure or for an End User of the LIR Does the organisation already have address space that can meet the needs for this request Enter Yes or No Space available How to fill out this field is discussed in Section 4 3 Completing the Request Form Addressing Plan e The Purpose column should provide a clear idea of how the addresses will be used in each subnet e By looking at the numbers filled out in the Immediate Requirements Intermediate Requirements and Entire Period columns the Analyst can see how many addresses will be used and if this usage is efficient 1 2
138. ipe net OR using Syncupdates http www ripe net db syncupdates In this section we explore how to create objects using the person object as an example You must create person and mntner objects before reguesting Internet resources IP addresses AS Numbers etc from the RIPE NCC These objects must also be created before you or the RIPE NCC IP Resource Analyst creates objects for those resources in the RIPE Database The person and role objects provide contact information for Internet resources They will be referenced in inetnum objects aut num objects and other objects When you create a person object you should consider which of the following four scenarios applies to your situation 1 1 want to create a person object for the first time and don t have a mntner yet e See section 2 4 1 2 1 want to create a person object for the first time but already have a mntner e See section 2 4 2 3 1 want to create an additional person object and already have a mntner e See Section 2 4 2 4 1 want to create an additional mntner object e See Section 2 4 3 2 4 1 Creating person objects using the Startup Tool The first objects you should create in the Database are the person and mntner objects Person objects have to be protected by mntner object so you cannot just create a person object on its own if you don t already have a mntner object The Startup Tool enables you to create a person mntner object p
139. ipv6book ca allocation html Brian McGehee IPv6 Address Utility http doc tavian com ipv6util index htm IPv4 only These tools do not support IPv6 yet but is in the list of planned features IPplan http iptrack sourceforge net TIPP http tipp tobez org amp http github com tobez tipp ONA OpenNetAdmin htip opennetadmin com Commercial IP Address Management IPAM Tools with IPv6 support In alphabetic order Alcatel Lucent VitalQIP DNS DHCP IP Management Software 8 Appliance Bluecat Networks Proteus Enterprise IPAM Appliance BT Diamond IP IPControl TM Sapphyre Appliances BT Diamond IPControl TM Software Crypton UK EasyIP TM Incognito Address Commander TM Infoblox IPAM Express Solution Internet Associates IPal Men 8 Mice Suite IPAM management module Nixu NameSurfer Suite Other related commerical products that also support IPv6 EMC lonix IPv6 Availability Manager NetCracker Operational Support Systems or OSS tool OPNET IT Guru R Network Planner These lists are for information purposes only and are not necessarily complete The RIPE NCC is a neutral and impartial organisation and cannot recommend which tools to use The RIPE NCC cannot guarantee the suitability of any of the tools listed Tools maintained by RIPE NCC htto www ripe net tools At the RIPE 41 meeting Amsterdam January 2002 a new value for the status attr
140. it resources listed in section 9 3 Scope of the LIR Portal NOTE The admin account cannot view or edit any of the resources via the LIR Portal Only user accounts can do that The user accounts of the LIR Portal are not identical to the LIR contact persons Log in as a user and create LIR contact persons in the General Menu 93 LIR Portal users who are contacts for more than one LIR can now be easily added to other LIR Portal accounts and can move between accounts without having to log out and log back in again using a different RegID 9 3 Scope ofthe LIR Portal 94 Features of the RIPE NCC LIR Portal include General menu read and edit LIR contact and address information Billing menu read and edit billing information LIR Contacts menu read and edit LIR contact persons information Resources IPv4 menu read only Resources IPv6 menu read only Resources ASN menu read only Objects Editor menu read and edit your allocation mntner organisation objects in the RIPE Database Reguest Forms menu reguesting Internet resources on line Tickets menu read status of open tickets Tools menu links to most important LIR tools Change Password menu change your user s password for the LIR Portal X 509 PKI menu create a certificate to use as access authentication for the LIR Portal General menu READ ONLY RegID Organisation name Type of LIR READ AND EDITABLE Community served by
141. ition of route objects with exact matching or more specific prefixes A mnt routes attribute in a route object allows addition of route objects with exact matching or more specific prefixes Amnt routes attribute does not allow changes to the aut num inetnum or route object where it appears A mnt routes may optionally be constrained to only apply to a subset of more specific routes Where mnt routes or mnt lower are applicable any mntner referenced in the mnt by still apply The set of applicable mntners for whatever check is being made is the union of the mnt 139 14 9 routes or mnt lower and the mnt by For example when authorising a route object software would look at mnt routes if it does not exist look at mnt lower if that does not exist look at mnt by referral by This attribute is required in the mntner object It must never be altered after the addition of the mntner This attribute refers to the mntner that created this mntner It may be multiple if more than one signature appeared on the transaction creating the object Tools IRRToolSet is a suite of policy analysis tools to operate with routing policies in RPSL RFC 2622 format registered in the Internet Routing Registry IRR The main goal is to make routing information more convenient and useful for network engineers providing tools for automated router configuration routing policies analysis and maintenance Functionality e RtConfig analyses
142. ives The main objective of the IPv6 Training Course is to provide LIRS with information about the need for IPv6 and give information on how to plan deployment It covers current policies related to IPv6 and how to obtain IPv6 address space Please note The IPv6 course focuses on raising awareness of the need for IPv6 and current best practices for deploying IPv6 The course does NOT teach the technical details of IPv6 NOT describe how to configure routers servers or other devices for IPv6 NOT describe how to operate a Local Internet Registry LIR Target Audience The IPv6 Training Course is intended for staff of LIRs that are thinking about deploying IPv6 have been told they need to deploy IPv6 need to convince their boss that IPv6 needs to be deployed looked at an IPv6 address and thought it was too complicated It is assumed all attendees are familiar with common IP terminology and have practical knowledge of running an IP network References RIPE NCC TRAINING REGISTRATION GUIDELINES 156 htto www ripe netripe docs lir training html 19 RIPE NCC E LEARNING CENTRE The RIPE NCC E Learning Centre is a service is available to both members and non members of the RIPE NCC and enables users to learn in their own space at their own pace https www ripe net ir services training e learning Modules available currently are e RIPE Database o an introduction to creating and updating basic Database objects
143. ize of nl animals AW For this third request nl animals has to fill out a PA ASSIGNMENT REQUEST Form for Greenfish and send it to hostmaster ripe net for approval or the rest of the year from the 6 of May 2003 until the 18 of April 2004 nl animals will have to equest approval for every subsequent assignment to Greenfish Between the 19 of April 2004 and the 6 of May 2004 the first assignment is now older than 12 months so it does not count anymore in the AW usage After the 6 of May 2004 the second assignment is also older than 12 months so it does not count either nl animals can now again assign a total of 21 its AW to Greenfish without needing approval from the RIPE NCC If another End User company Pinkcat who hasn t requested addresss space in the last 12 months requests a 22 assignment in this period from nl animals e g on the 11 of June 2003 then nl animals can assign a 22 address space to Pinkcat without having to request approval from the RIPE NCC i e assignments to Greenfish don t use up the AW available to Pinkcat or any other End User If Pinkcats wants a 21 assignment on the 4 of July 2003 then together with the previous request of 22 22 21 is above the size of nl animals AW nl animals has to ask for approval from the RIPE NCC for this 21 assignment If Pinkcats wants a 23 assignment on the 12 of May 2004 then together with the previous request of 22 22 2
144. l make it difficultfor the LIR to fill up 80 of the allocation with assignments in order to get an additional allocation from the RIPE NCC Private Address Space The RFC 1918 ADDRESS ALLOCATION FOR PRIVATE INTERNETS describes private address space and explains the ranges that have been set aside for Private Networks Private address space is recommended for large networks that will not connect to the Internet or where only a few hosts need to be connected This type of address space saves public address space and offers flexibility Private address space should always be considered It is often a viable option specifically for large enterprise networks where not all hosts need direct Internet connectivity Deployment Plan A deployment plan may be needed when a big expansion or a large network from scratch is planned The plan should include e alist of events which will lead to the use of the requested addresses e the dates that the events will occur e description of equipment planned to be installed The deployment plan should be consistent with other information in the request addressing plan topology map RIPE NCC Requires Verification for Always On Services 60 The RIPE Address Policy Working Group encourages its members to investigate and implement dynamic IP address assignment technologies whenever possible Static IP address assignments are strongly discouraged e g for broadband or for virtual web hosting
145. ld and share information ideas and solutions to problems that your organisation may also be facing e IP Tutorials A shortened version of the RIPE NCC LIR Training course is usually given at RIPE Meetings Attendance is NOT restricted to LIRs Everyone is welcome e New LIRs get two free tickets to attend a RIPE Meeting during their first year The tickets cover the meeting fee The attendees are responsible for making their travel and accommodation arrangements themselves More information about RIPE Meetings is available at http www ripe net ripe meetings 1 2 Introduction to the RIPE NCC What is the RIPE NCC RIPE Network Coordination Centre The RIPE NCC is an independent not for profit organisation supporting its members Local Internet Registries LIRs and the RIPE community The RIPE NCC is one of the 5 Regional Internet Registries in the world The core activity of the RIPE NCC is to act as the Regional Internet Registry RIR in its service region Europe Middle East and Central Asia providing global Internet resources and related services The RIPE NCC requires a membership The RIPE NCC provides administrative support to the RIPE community by organising the RIPE ia 3 1 for how t meetings and implementing all the policies that the community decides SE S RIPE In opposite to the way the RIPE community Works the RIPE NCC reguires an official NCC member membership This membership is made up of Local I
146. may result in an audit procedure See Section 7 Assignment Window for more details on AW In order for an assignment to be considered valid by the RIPE NCC it must fulfill the following criteria We distinguish four cases WHEN ARE ASSIGNMENTS VALID If an assignment is for an End User and it s 1 above LIR s AW It must be approved by the RIPE NCC and registered in the RIPE Database e as one or more inetnum objects e correct date after approval date e total size and netname same as approved 2 within LIR s AW It must be registered in the RIPE Database e with the netname pointing to the End User If assignment is for LIR s own infrastructure and it s 3 above LIR s AW It must be approved by the RIPE NCC and registered in the RIPE Database e as one or more inetnum objects e correct date after approval date e total size and netname same as approved 4 within LIR s AW It must be registered in the RIPE Database e with a separate line included in the inetnum object remarks INFRA AW Wi you do not include the date in the changed attribute of inetnum object template the Database robot will include the correct date 6 7 RIPE Database Syntax vs RIPE Address Policy Although strictly speaking they mean different things the terms a Valid assignment and a valid inetnum object for an assignment are used interchangeably The ine
147. mntner objects in the RIPE Database the value is RIPE DBM MNT Authorisation Schemes The authorisation model supports multiple authentication schemes The auth attribute specifies which scheme will be used authenticate update requests for objects protected by the maintainer 102 See also http www ripe net db support security for more information on data protection and authentication schemes NONE MAIL FROM CRYPT PW These authentication methods are deprecated and cannot be used anymore e Password MD5 PW This scheme uses an MD5 hash using the FreeBSD crypt md5 algorithm The main benefit over CRYPT PW is that pass phrases longer than 8 characters may be used The clear text password is chosen by the user this is then encrypted using the methods listed below and stored in the Database in its encrypted form gt EMAIL When sending in update requests via e mail to auto dbm ripe net the clear text password has to be provided in the message body by specifying password cleartext password at the beginning of a line and preceding any update requests to be authenticated the encryption is repeated and the results are compared The password will remain effective for all requests following in the same e mail message until another password is specified gt WEBUPDATES If the object is updated via the Webupdates interface the cleartext password has to be entered in the Authorisation menu first Crypt CGI Inter
148. mple of how this template should be filled out All the other templates in the PROVIDER INDEPENDENT PI ASSIGNMENT REQUEST FORM are identical to the templates in the PROVIDER AGGREGATABLE PA ASSIGNMENT REQUEST FORM See sections 4 and 5 Assigning PA Address Space and Evaluation of Address Space Requests on how to fill out these other templates 131 e End Users should be informed about the implications of PI address space referencing the RIPE document PROVIDER INDEPENDENT VERSUS PROVIDER AGGREGATABLE ADDRESS SPACE e End User contracts should clearly state the kind of address space PA or PI The LIR should make contractual arrangements with the End User in order to clarify the status of the address space Otherwise the End User might not understand the implications of his or her decision See e An explanation of why a request is being made for the use of PI address space is necessary for RIPE NCC IP Resource Analysts evaluating requests The completed Provider Independent PI Assignment request form should be sent to hostmaster ripe net Alternatively you can request PI Addresses online via the LIR Portal Assigning PI Space After evaluation of the PI address space request by a RIPE NCC IP Resource Analyst the RIPE NCC assigns the address block and enters the range in the RIPE database The RIPE NCC Hostmaster mntner is referenced in this object see example below Please note e Requested
149. multiple single single single single multiple multiple multiple multiple multiple multiple multiple multiple single single multiple single multiple multiple multiple multiple multiple multiple multiple multiple multiple multiple multiple single multiple single primary lookup key inverse Eb inverse inverse inverse inverse inverse inverse key ookup key ookup key key key key key key key primary look up key inverse key primary inverse key inverse inverse inverse inverse inverse inverse inverse key key key key key key key primary look up key inverse inverse inverse inverse inverse inverse inverse inverse inverse inverse key key key key key key key key key key AUT NUM aut num as name descr org member of import export default remarks admin c tech c cross mnt cross nfy notify mnt lower mnt routes mnt by changed source KEY CERT key cert method owner fingerpr certif remarks notify mnt by changed source mandatory mandatory mandatory optional optional optional optional optional optional mandatory mandatory optional optional optional optional optional mandatory mandatory mandatory mandatory generated generated generated mandatory optional op
150. n is NONE for this mntner NOTE To query the RIPE TEST Database you must specify the hostname of the TEST DB server even when using the RIPE Database web interface whois N test whois ripe net lt Search String gt You can also use the web interface http www ripe net perl test whois The whois flags that work in the RIPE Database also work in the TEST Database 10 9 Organisation Object 112 As of April 2004 the organisation object is a new object class in the RIPE Whois Database Its aim is to provide information identifying an organisation such as a company charity or university which is the holder of a network resource with data stored inthe RIPE Database See the template of the organisation object below organisation org name org type descr remarks address phone fax no e mail abuse mailbox org admin c tech c ref nfy mnt ref notify mnt by changed source mandatory mandatory mandatory optional optional mandatory optional optional mandatory optional optional optional optional optional mandatory optional mandatory mandatory mandatory single single single multiple multiple multiple multiple multiple multiple multiple multiple multiple multiple multiple multiple multiple multiple multiple single primary look up key look up key look up key
151. n the RIPE collaborative forum The RIPE NCC does not set policies but ensures the consistent application of policies within its service region There is also a RIPE NCC Services Centre set up at RIPE Meetings with RIPE NCC IP Resource Analysts and RIPE NCC employees from other departments available to attendees You can drop by at any time during the meeting and can also make appointments with the Analysts 14 The purpose of the RIPE NCC Services Centre is to make it possible for LIRs to discuss an on going reguests policies and procedures or any other issues related to the Registration Services activities with an Analyst Analysts can look at particular reguests if necessary RIPE Meetings provide participants with a chance to influence Internet administration in the RIPE NCC service region What are the benefits of attending a RIPE meeting e Decisions are made in an open forum where everyone attending can voice an opinion The RIPE community is extremely influential If you contribute during a RIPE Meeting your opinion will have an influence on the policies Your organisation and the Internet industry is directly affected by these policies e Excellent opportunity for learning Many topics are discussed Therefore you are able to keep up to date with new developments within the Internet industry e Opportunity to meet potential customers collaborators or business partners You can meet with people from all over the wor
152. nal units formed by the RIR communities where discussions take place ranging from technical matters such as Domain Name System DNS routing and databases to policy issues affecting Internet administration such as IP assignments and allocation policies Whois Database Ageneral term for a database that uses Whois protocol for gueries e g the RIPE Database 168 Appendix 6 Object Templates in the RIPE Database PERSON person address org phone fax no e mail abuse mailbox nic hdl remarks notify mnt by changed source ROLE role address org phone fax no e mail abuse mailbox admin c tech c nic ohdl remarks notify mnt by changed source mand mand opti mand opti opti opti mand opti opti mand mand mand mand mand opti opti opti mand opti mand mand mand opti opti mand mand mand atory atory onal atory onal onal onal atory onal onal atory atory atory atory atory onal onal onal atory onal atory atory atory onal onal atory atory atory INETNUM NETWORK inetnum netname descr country org admin c tech c rev srv status remarks notify mnt by mnt lower mnt routes mnt irt mnt domains changed source MNTNER mntner descr org admin c tech c abuse mailbox upd to mnt nfy auth remarks notify mnt by auth override referral by changed source mand mand mand
153. nalysts to understand the network in question and IP usage of the equipment they will ask you further guestions hence delaying the approval of your reguest In this template please describe the eguipment to be used in your network Indicate the function of the eguipment and provide information regarding the way it will use IP address space eguipment name Indicate the type of eguipment reguiring public IP addresses Router Switch ATM Workstation etc manufacturer name Indicate the vendor name of the equipment model number other data Please give any additional information that would clarify how this equipment or model uses IPs This might be the number of cards ports or network interfaces that the equipment has If the software used by the equipment requires multiple IPs you can also describe that here You should repeat the EQUIPMENT DESCRIPTION template as many times as necessary to describe the equipment relating to the IPs being requested in the ADDRESSING PLAN Please mention here how many units will be used 5 Network Description template It is not mandatory to fill out this template however if you do not provide enough information for the IP Resource Analysts to understand the network in question and IP usage of the equipment they will ask you further questions hence delaying the approval of your request If your description in the ADDRESSING PLAN does not allow the Analyst to understand the request ple
154. nd other machines requiring one or more network interfaces Please note that as a result of implementing the RIPE Policy Proposal 2009 03 also known as the Run out Fairly Proposal the Assignment Periods Planning Periods will get successively shorter over the course of 2010 and 2011 Immediate req Intermediate req Entire Period 1 Jan 2010 immediate 6 months 12 months 1 Jul 2010 immediate 6 months 9 months 1 Jan 2011 immediate 3 months 6 months 1 Jul 2011 immediate 2 months 3 months The estimates you fill out in the Addressing Plan Template of the request form can be revised at a later point so there is no need to make unrealistically large predictions just in order to be on the safe side In the Size in CIDR column give the CIDR slash notation prefix corresponding to the total number of IPs needed for that subnet Thus if the network or subnet needs a total of 128 IPs indicate this as 25 See also Appendix F for the entire CIDR table You should not fill in the exact range of IP address you want to assign from your allocation nor the amount of addresses in number format Please remember that the IP Resource Analysts have to understand the design of the network based on the information you provide in the Addressing Plan and the NETWORK DESCRIPTION template totals Please fill in here the total of each column The amount in the total in the Size in CIDR column should be the total am
155. nder the domain in addr arpa and ip6 arpa Address and Routing Parameter Area RIPE Database A public Whois database that contains information about allocations and assignments of IP address space Internet routing and related objects in the RIPE region RIPE Network Coordination Centre RIPE NCC http www ripe net A Regional Internet Registry RIR serving Europe the Middle East and African countries located north of the equator RIPE NCC LIR Portal https lirportal ripe net The secure web interface that provides RIPE NCC members the ability to reguest and view Internet resources allocated to them by the RIPE NCC Routability A block of addresses being identified as a separate entity in the routing tables and is therefore reachable in the Internet Routing Policy A setof agreements on the traffic routed through multiple Internet Service Provider ISP networks determined by those ISPs Routing Registry A public database of routing policy details routes and their aggregates local topology between Autonomous Systems and network components such as routers South Asian Network Operators Group SANOG http www sanog org A regional forum to discuss operational issues and technologies of interest to data operators in the South Asian Region Universal Mobile Telecommunications System UMTS A 3G mobile technology delivering broadband information at speeds up to 2Mbit s WG Working Group Organisatio
156. needs to gather information about the design of the network Plans for future developments must be taken into consideration The following questions are relevant How many physical segments does the network consist of 53 54 What will each segment be used for What eguipment will be used How many hosts are in each segment What are the expectations of growth within theassignment period Entire Period The answers to the guestions above correspond to the appropriate fields for each physical subnet in the Addressing Plan table Inthe Purpose column give a short but meaningful description of how the IPs being reguested for each subnet that will be used Vague descriptions should be avoided If the whole description doesn t fit in the space provided a separate description can be attached or included in the NETWORK DESCRIPTION template Fill out the Immediate Requirement Intermediate Requirement Entire Period columns fields with the number of IPs that are needed immediately and the estimated usage after half of the request period and for the entire assignment period See table below for what these periods stand for You can also fill out these fields in CIDR notation They should be cumulative showing the total number of addresses used in each period They should show the actual amount of addresses needed based on concrete technical plans Include interfaces used for hosts routers gateways terminal concentrators a
157. nnnanannnnnnnnna 78 7 6 An Example of Using the LIR s AW When Making Assignments to an End User 81 7 7 AW for LIR S Own Infrastructure estate Ee ESA 84 e SEENEN ee ee ee 89 8 2 Making Subaallgeatteng ee 89 8 2 Making Assignments from Sub allocations 20nnnnnnnnnnnnannannnnnannannnnnnnannnnna 90 Se LAAT AE e ee 93 9 1 How to Activate your Account rnnnesenenonnnanannanannnsnnnnannannnnensnnnannnnnnnnennnnan maana 93 9 2 User Accounts Viewing the Resources nnennnnnnnnnnunnnnnnannnnnnnnnnananannnnnnnnnt 93 9 3 Scope of the LIR Portal rnc tiie sleet eee nie ee ee 94 9 4 X 509 PKI Improved Secure Communication System for RIPE NCC Members 97 9 5 Feedback and Improvement i ukuasiaestmi aniaanns munsd v unksme anne dann irdikussidatu tada knd a 98 10 ADVANCED DATABASE ISSUES siss imnimit midnitt ivi niiti geen dnl ra vaide 99 10 1 Flags Advanced Gueries ennnrnnnannnnnnnennnnnnnnenannnaaannnannnannnnnnnnannnnannnannnnnnaane 99 10 2 Protecting Database Objects 2nnnnnnennnnnnnannnnnnnanannnannannnnnnnnannnnnnnnaennnnnnaa 101 10 3 Hierarchical Authorisation mnt lower mnt routes rnnnnnennnnnnnnna 104 10 4 Mnt by mnt lower mnt routes Attributes in Comparison e nnnanannnnnnas 105 10 4 1 The difference between the mnt lower attribute and the mnt by attribute 105
158. nnnannanannnnnnnnananannnnnnna 121 12 DIRECT RESOURCES x ttrust aki saga asuti ku ku aavu ak elik ua ua tei 127 12 1 End User requesting resources indirectly via a sponsoring LIR 127 12 2 End User requesting resources directly from the RIPE NCC cccsssseeesssseeeeees 127 13 PL ADDRESS EE 129 14 AUTONOMOUS SYSTEM NUMBERS AND THE ROUTING REGISTRY 135 We EE 135 14 2 Definitions ugeet deet SEENEN 135 14 3 How to Get an AS Number Seed CNN 135 14 4 32 Bit AS Un ue 137 14 5 Internet Routing Registry IRR e nnnnnnnnannennnnnnnannnannnnennnnnnnnnananannnnnnnnnna 137 14 6 The Route Eet eebe Ren Br CS Pu SEEN eege 138 AT PRPS Le eee eo sacri fees acta ates Sekt ed eee li ch ie cS cs ca ee ede 138 t EE 139 149 eelere dee 140 1 ADDITIONAL AELLOGATION34453 Ee iegeienekeEkenE de ege an lvl aa EE aaia TEREE 143 16 2 INTRODUCTION TOCIP V6 EE 147 16 1 e EE 147 16 2 IPv6 Initial Allocation Policies nnnnnnnannnnnnannnannnnnnnnnnnnnnnnnnnannannnnnnnnnna 147 16 3 IPV6 ASSIgAMeMIS eiscneaenesstceerciscsantets ocevendheenatual dacwadeasvezenestueecdvabsntwcscodeadshveuanuasetdestaderien 147 16 4 IPV6 Subsequent Allocations 20nnnnnnennnnnnnnnanenannnannnannnnnnnnananannnnnnnnannnnnnna 148 16 5 IPv6 Assignments for DEES kka mina jaa 149 16 4 IPV6 PL ASSIQUIMGING satis cedcivuiasstictasceteceusinscaaaadens davisadec
159. nternet Registries LIRS which distribute IP addresses in the RIPE region Membership is open to everyone This membership reguires the payment of a yearly fee See Section 3 1 How to Setup an LIR for how to become a RIPE NCC member We summarise the differences between RIPE and the RIPE NCC in the table that follows 15 RIPE NCC RIPE Was started in 1992 Started in 1989 Has employees No employees People join the RIPE community on a voluntary basis Produces a yearly budget and an action plan Doesn t have yearly budget or action plan Is located in Amsterdam Doesn t have a physical location People communicate via mailing lists and meet twice a year at the RIPE meetings Implements policies and decisions made by the community Develops policies and decides how the Internet resources Ipv4 IPv6 and ASN will be distributed Is a not for profit organisation Is an open discussion forum Provides services for members and non members Its members are called LIR s Doesn t have official membership It is a legal entity It is not a legal entity RIPE NCC Services What can I get out of the RIPE NCC The RIPE NCC provides Member Services for LIRs and Public Services for the public at large The core services of the RIPE NCC include the distribution and registration of Internet IP address space Interdomain routing identifiers BGP Autonomous Sy
160. nverse key 169 IRT ar es remarks address org phone fax no e mail abuse mailbox signature encryption admin c tech c auth irt nfy notify mnt by changed source ROUTE route descr org origins holes member of inject aggr mtd aggr bndry export comps components remarks cross mnt cross nfy notify mnt lower mnt routes mnt by changed source DOMAIN domain descr org admin c tech c zone c nserver ds rdata sub dom dom net remarks notify mnt by mnt lower refer changed source 170 mandatory optional mandatory optional optional optional mandatory optional optional optional mandatory mandatory mandatory optional optional mandatory mandatory mandatory mandatory mandatory ptional andatory ptional ptional ptional ptional ptional ptional ptional ptional ptional ptional optional optional optional mandatory mandatory mandatory oo0o00 00000080 mandatory mandatory optional mandatory mandatory mandatory optional optional optional optional optional optional mandatory optional optional mandatory mandatory single multiple multiple single multiple multiple multiple multiple multiple multiple multiple multiple multiple multiple multiple multiple multiple single single multiple single single multiple multiple
161. o www ripe net webupdates x 509 enabled https www ripe net perl webupdates x509 pl using Syncupdates http www ripe net db syncupdates In this section we shall explain how to update objects using the e mail interface See Section 2 4 1 Creating Objects in the RIPE Database using Webupdates for the explanation of how to update or create objects using Webupdates The bullet points below apply to all three methods of updating objects To modify or delete an object that is already registered in the RIPE Database the object must first be retrieved from the database Things to keep in mind when modifying database objects e keep the same primary key SE e add the changed line to the new version of object e g changed jan bluelight nl e keep the old changed lines in to show history e include authentication PGP signature only when using e mail interface or password w you change the primary key of an object you are not modifying the object but creating a second object with a different primary key See Appendix 6 for a list of Database object templates The primary key is marked for each one of them To delete an object use the exact copy of the database object do not forget to use the B flag when querying the object and add the delete attribute at the end of the object e g delete hostmaster bluelight nl duplicate object The RIPE NCC recommends that the reason for deleting the object is used
162. o reference the organisation object above in other objects you must include the following attribute org ORG SANT1 RIPE When adding such an org object attribute to an object the following authorisation check must be passed from one of the mntners in the mnt ref attributes of the organisation object from one of the mntners in the mnt by attributes of the object being updated This org attribute may be included in any object type It is mandatory in inetnum and inet6num objects with ALLOCATED PA or ALLOCATED BY RIR values It is also mandatory in all newly assigned inetnum objects with the status ASSIGNED PI and in all inet6 num objects assigned directly by the RIPE NCC with status ASSIGNED It is mandatory in newly assigned aut num objects It is optional in all other objects To find all objects which include the attribute org ORG SANT1 RIPE do an inverse whois query i org ORG SANT1 RIPE The RIPE NCC will create an organisation object for each LIR These organisation objects can be edited by the LIR through the LIR Portal See Section 9 For more information about the organisation object and how to use it see www ripe net db support organisation html References RIPE NCC DATABASE REFERENCE MANUAL http www ripe net ripe docs databaseref manual html RIPE NCC DATABASE USER MANUAL GETTING STARTED http www ripe net ripe docs db start html RIPE DATABASE QUERIES REFERENCE CARD http ww
163. o using PGP keys and X509 cerificates in mntner objects e Internet Administration o a short history of Regional Internet Registries RIRs and of the Number Resource Organization o Number Resource Organisation e Policy Development o The RIPE Policy development process In the future the RIPE NCC will be adding several modules such as DNS for LIRs Advanced Database Issues and the billing charging scheme To take any of the courses on the E Learning Centre you will first need to register an account If you have any questions or feedback about the RIPE NCC E Learning Centre please e mail e learning ripe net References RIPE NCC E LEARNING CENTRE https www ripe neMir services training e learning 157 158 APPENDICES Appendix 1 Contact E mail Addresses role mail accounts Description Ncc ripe net Catch all mailbox for questions that are not handled by any specific role mailbox The people handling this mailbox will redirect your message to the appropriate person or department BillingOripe net Handles all billing related questions from Local Internet Registries ripe net Handles all questions related to the setting up of new Local Internet Registries g ri penet Questions related to Local IR training courses and matters with regards to registration venues vacancy of slots for LIR courses Peerings ripe net The contact point for inter AS peerings at the RIPE NCC Openings ripe net Please sen
164. od The AW is per 12 months For each End User the 12 month period starts when the LIR registers the End User s first assignment in the RIPE Database Assignments that were requested sent in for approval by the LIR from the RIPE NCC are not counted in the AW Example If the LIR s AW 22 The LIR can assign a 24 to an End User in May without having to request it from the RIPE NCC 24 lt AW The LIR can send in a request for a 22 for the same End User in June not counted in AW The LIR can assign another 24 to the same End User in July without having to request it from the RIPE NCC 24 24 lt AW The assignments can be made in one big chunk or several smaller chunks Example If the LIR s AW 22 It can assign a 22 to an End User on the 13 November without having to send a request to RIPE NCC After that until the following year s 13 November the LIR must send in all further requests for that End User to the RIPE NCC for evaluation OR It can assign a 24 to an End User on the 13 November without having to send a Then it assign another 24 to the same End User three weeks later request to the RIPE NCC Then it can assign a 23 to the same End User in December After that until the 13 November of the following year the LIR must send in all further requests for that End User to the RIPE NCC for evaluation 76 7 2 How to request an AW raise The initial raise of the
165. ollected and incorporated into a revised draft 3 Review phase 4 Concluding phase Working Group chair seeks consensus How can participate You can take part in the ongoing discussions Follow the ongoing policy discussions Subscribe to the discussions mailing lists WG mailing lists Come to the RIPE Meetings You can also follow the RIPE Meetings remotely webcast on the RIPE website IRC or jabber Make proposals Make new policy proposals Suggest changes to existing policies Anyone may propose changes to policies or propose new policies Administrative support eg in formulating the proposal is available from the RIPE NCC upon request Before you make proposals you should study the Policy Development Proposal described in this chapter to 20 understand what phases your proposal will go through You should also review the ongoing policy discussions on the WG mailing lists to avoid repeating proposals You can of course contribute with your comments to these discussions as well Try to find out whether your idea is applicable to others as well Does it make sense to propose the policy changes Decide whether you want to propose a new policy propose a change to an existing policy or do you just want some troubleshooting advice What will happen next to your idea It will go through the four phases described above under the heading Phases in the Policy Development Process int
166. om the RIPE NCC is represented by the height of the shaded area LIR nl animals AW 21 for End User Redfox AW 21 122 123 Next 12 months e no approva no approva needed Start from pee needed AW again 22 Assignmen 21 Assignment to Redfox t to Redfox 27 April November 27 April 22 August 2003 2003 2004 2004 12 months Fig 7 3 Using the AW for End Users i 81 82 Now let s look at the two other End Users of the LIR nl animals Fig 7 4 In Fig 7 4 the timelines are horizontal The number of IP addresses that can be assigned directly without the RIPE NCC s approval at any time is represented by the height of the shaded area The End User Greenfish requests an assignment of 22 on the 19 of April of 2003 Greenfish has not requested addresses from nl animals in the last 12 months nl animals can assign 22 address space out of its allocation to Greenfish without having to ask for the RIPE NCC s approval If Greenfish requests another 22 assignment from nl animals on the 6 of May 2003 then together with the previous request 22 22 21 which is the size of nl animals AW Again nl animals can make the assignment to Greenfish without having to ask for the RIPE NCC s approval If Greenfish requests another 22 assignment from nl animals on the 8 of June 2003 then together with the two previous requests 22 22 22 is above the s
167. omatically creating a key cert object in the RIPE Database e Replace certificates e Revoke certificates e Add authentication to mntners e Root Authority You can also Consult the PKI FAQ from this menu For more information about X 509 PKI please refer below to Section 9 4 X 509 PKI Improved Secure Communication System for RIPE NCC Members You can click on the i icons in the LIR Portal to have each of these terms explained further NOTE Resources that have not been requested from the RIPE NCC are not listed in the LIR Portal e g assignments within the LIR s AW or AS Numbers assigned to the organisation before it became an LIR News RIPE NCC and Internet registries related announcements Events RIPE and RIR meetings and RIPE NCC Training Courses Glossary Definition of terms in the LIR Portal Contact RIPE NCC contact information mailboxes 9 4 X 509 PKI Improved Secure Communication System for RIPE NCC Members X 509 PKI stands for X 509 Public Key Infrastructure For each LIR a PKI certificate with administrative powers will be issued The LIR Portal Administrator admin account can request such a certificate after authenticating using username and password 97 on the LIR Portal With that certificate an LIR can issue and revoke certificates to its own users with varying permissions per users As well as using an LIR username identifier and password it is possible to log in to the LIR P
168. ork inetnum Objects rrnnnnnnnnnnannnannnnnnnnnnnnnnannnanaanennnnnnnnnana 65 6 2 How to Manage the LIR s Allocated Address Space nnnnnnnennnnnannnnnnnnnnana 68 6 3 Registering an Assignment via the Database E mail Interface 02 200210 70 6 4 Registering an Assignment via Webupdates nnnnnnennnnnnnnnannnnnaannnnnnnnna 70 6 57 More information s ccedewtestiead ccxices Eggs 71 6 6 Valid and Invalid Assignments neeesesonnnnnnnnaaannnnnannanaanannennennnnnnannnneeenanan manna 71 6 7 RIPE Database Syntax vs RIPE Address Policy nnnnennnnnnnannenunanannananannnana 72 6 8 Assignments to Small ISPS cccssscccasssssececcdeeceastesacctesssssssenescensccservscatenccecwessavacasecuceenesetse 72 7 ASSIGNMENT WINDOW AW EEN 75 7 1 Assignment Window POl iCy sssssuununnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn nnmnnn 75 7 2 How to request an AW raise ii siiiaatttsvataatsdami tnsdususi hunnid ast dah di naseiktnv daa dadada 77 7 3 When is an AW size lowered nrnnnneeesnnonnnnnannaaannnnnannanaannnneesnnnnnnnnnnnnneenanan maana 77 7 4 Assignment Process to End Users neeeeeoonnnnnannanaasnnnannnnaanannsnsnnnannnannnneennnannnnna 78 7 5 Responsibilities of LIRS within their AW 0nnernnennnannnnannennnnnnnn
169. ortal using client side PKI certificates X 509 can be used for secure communication with following RIPE NCC Services Registration Services Billing For more information please see the draft document IMPROVED SECURE COMMUNICATION SYSTEM FOR RIPE NCC MEMBERS at the following URL http www ripe netripe draft documents archive pki 20030429 html 9 5 Feedback and Improvement 98 Please send feedback and suggestions about the LIR Portalto lirportal feedbackOripe net There is also a mailing list lirportal Oripe net to which you can register at http www ripe net mailman YOU SHOULD NOW e activate the admin account for your LIR e create user s e check out all the features e use the LIR Portal for changing contact info or viewing resources e use the LIR Portal for requesting Internet Resources online e request a X 509 PKI certificate with administrative powers e issue certificates to users 10 ADVANCED DATABASE ISSUES Overview The most important topics in this chapter are e Advanced Queries using flags Protection of objects and hierarchical authorisation e RIPE Test Database For an introduction to the RIPE Database creating objects and querying see Section 2 Basic RIPE Database Issues 10 1 Flags Advanced Queries All the flags which can be used for the database are described in the document RIPE DATABASE REFERENCE MANUAL Chapter 2 Queries in the RIPE Database
170. other DNS zone It would look like this 32 33 34 35 36 3 1 38 39 40 41 42 71 SOA 200007 86400 7200 360000 172800 NS NS NS PT PT PT PT PT PT PE PT PT PT PT 2 Om Om Om Om o PT Ke 11 12 Useful Tools ns cyberfalafel nl hostmaster cyberfalafel nl 0701 serial version refresh period retry refresh this often 0 expiration period neg cache ns cyberfalafel nl ns2 bluelight nl ns thirdpartycolocatednameserver net network cyberfalafel nl ns cyberfalafel nl nntp cyberfalafel nl office cyberfalafel nl warez cyberfalafel nl napsterproxy cyberfalafel nl illegalcontent cyberfalafel nl virusandwormdevelopment cyberfalafel nl gateway cyberfalafel nl natpooll cyberfalafel nl mailgate cyberfalafel nl broadcast cyberfalafel nl The three tools nslookup host dig provide much the same functionality They differ in how they present information and how much information is provided by default e nslookup as part of BIND ftp ftp isc org isc bind src cur nslookup most widespread distributed with BIND used in the DNS and BIND book This tool is being phased out in the latest version of BIND 124 host ftp ftp ripe net tools dns host tar Z host is used by the RIPE NCC for the hostcount as it provides useful statistics features dig ftp ftp isi edu pub dig 2 0 tar Z dig is similar to host but tends to be used by mo
171. other geographic location Domain Name System DNS A distributed database of information used to translate domain names into IP numbers DNS Security DNSSec A setof extensions that provides Domain Name System DNS data integrity and authentication through the use of cryptographic digital signatures End User An entity receiving assignments of IP addresses exclusively for use in operational networks not for reassignment to other organisations ENUM RFC 3761 The Internet Engineering Task Force IETF protocol It is the mapping of an E 164 telephone number to Internet services European Operators Forum EOF A forum where new technology developments of interest to Internet Protocol network operators are presented and discussed The EOF is held in conjunction with RIPE Meetings General Packet Radio Service GPRS A service that allows information to be sent and received across a mobile telephone network generic Top Level Domain gTLD An internationally allocated portion of namespace in addr arpa An abbreviation for inverse addresses in the Address and Routing Parameter Area used for tracing source servers Internet Architecture Board IAB http Awww iab org A technical advisory group of the Internet Society ISOC Internet Assigned Numbers Authority IANA http www iana org The organisation working under the auspices of the Internet Architecture Board IAB responsible for the management of IP ad
172. ount of address space being reguested in this reguest in CIDR slash notation format You can use several CIDR blocks if necessary e g 24 26 27 The total fields of the Immediate Intermediate Reguirement Entire Reguirement columns can be in number format or in CIDR format Which netname will be used when registering this network in the RIPE Database Netname Fill in the netname that will be used for the inetnum object in the RIPE Database Note that the netname RIPE NCC approves for this assignment must be the netname that is used in the corresponding database object If it is not the object will show as invalid to the RIPE NCC If you change the netname after our approval you will need to contact hostmaster ripe net so that the RIPE NCC records can be changed as well The netname should be a concise descriptive name for the network and should somehow reflect the name of the ADDRESS SPACE USER Valid characters are letters numbers and dash Example ADDRESSING PLAN number of subnets 6 address space returned 195 20 42 0 195 20 42 127 to UpstreamISP by 20030725 As of 1 January 2010 assignments are for a period of up to 12 months As of 1 July 2010 assignments are for a period of up to 9 months As of 1 January 2011 assignments are for period of up to 6 months As of 1 July 2011 assignments are for a period of up to 3 months Size in CIDR Immediate Intermediate Entire Period Purpose subnet 25 120 120 120 dynam
173. pa The eguivalent reverse tree for IPv6 delegations See in addr arpa Internet Protocol version 4 IPv4 A method of identifying IP numbers as 32 bit addresses that consist of four octets each octet is expressed as a number between 0 and 255 Internet Protocol version 6 IPv6 A method of identifying IP numbers as 128 bit addresses in eight 16 bit pieces using hexadecimal values Internet Routing Registry IRR Acollection of worldwide routing policy databases that use the Routing Policy Specification Language RPSL Internet Service Provider ISP A person organisation or company that provides access to the Internet as well as web hosting domain name service and other proprietary Internet services Internet Society ISOC http www isoc org Anon profit organisation responsible for developing and approving new Internet standards and protocols Latin American and Caribbean Internet Addresses Registry LACNIC http www lacnic net A Regional Internet Registry RIR serving the Latin America and Caribbean region Local Internet Registry LIR Amember of a Regional Internet Registry RIR that distributes IP addresses and Autonomous System Numbers to End Users and for its own infrastructure Multihomed An adjective used to describe a host that is connected to two or more networks or has two or more network addresses NIC handle nic hdl A person or role object within a database that is a unique person
174. physical subnet since both will be unreachable in the event of network failure It is recommended that the serial numbers be written in YYYYMMDDnn format See the RIPE document RECOMMMENDATION FOR DNS SOA VALUES http www ripe net ripe docs dns soa html 11 5 Setting Up the Delegation Creating the Domain Object domain 65 35 80 in addr arpa descr Reverse delegation for Bluelight 2nd 24 in c JJ231 RIPE Cie Use host names NOT IP addresses tech c JAJA1 RIPE The authentication of this maintainer must zone c WF2121 RIPE nserver ns bluelight ni also be passed to create domain obj nserver ns2 bluelight ni mnt by BLUELIGHT MNT changed jan bluelight nl source RIPE Do not include the date The robot will do that inetnum 80 35 64 0 80 35 95 255 netname NL BLUELIGHT 20010723 descr BLUELIGHT INTERNET country NL org ORG PIE1 RIPE admin c ABC75 RIPE tech c XYZ13 RIPE status ALLOCATED PA mnt by RIPE NCC HM MNT crower Ge The authentication of this mnt routes BLUELICHT MNT maintainer must be passed in mnt domains BLUELIGHT MNT order to create the domain country NL object above and thus receive changed jan bluelight nl reverse delegation source RIPE Above atthe top is a RIPE Database domain object for a 24 reverse zone Its creation will trigger the reverse delegation for 80 35 65 24 The template can be obtain
175. plain the technical aspects of operations Present advanced issues not relevant to a new LIR or new staff member of an existing LIR Provide fundamentals of general networking strategies internal networking practices DNS or Routing Provide an interactive session nor hands on exercises 0 3 Material Structure This LIR Handbook was prepared to accompany the slides used during the LIR Training Course The LIR Handbook has the following structure e Most important definitions at a glance e Graphical Overview How to Get IP Addresses Table of Contents e Main Body e References at the end of each section e Appendices 1 7 and A G The most important definitions and explanations are in grey boxes throughout the LIR Handbook Diagrams are used extensively throughout the LIR Handbook More about training courses including links to all the materials used http www ripe net training lir 11 0 4 IPV4 Address Space Exhaustion The IANA IPv4 free pool was exhausted on 3 February 2011 Each of the Regional Internet Registries RIRs has now received one of the final five 8s The RIPE NCC has been allocated 185 8 The RIPE NCC is holding reserves totaling approximately four 8s around 75 million individual IPv4 addresses not including 185 8 We will continue to distribute IPv4 addresses from our reserves according to the current policy ripe 509 IPv4 Address Allocation and Assignment Policies for the RIPE NCC Service Region
176. pv6 A RECOMMENDATION FOR IPv6 ADDRESS TEXT REPRESENTATION http tools ietf org html rfc5952 REQUIRMENTS FOR IPV6 IN ICT EQUIPMENT http www ripe net docs ripe 501 html 150 17 ADMINISTRATIVE ISSUES 17 1 Audit To ensure equal and fair application of the assignment criteria and to help LIRs to operate within the criteria the RIPE NCC performs regular auditing and consistency checking These activities are carried out consistently with the goals of conservation and registration of address space and the aggregation of routing information They are furthermore used as guide for the improvement of current procedures Audit Motivation The Audit Activity is a service for LIRs It was requested by the community that the RIPE NCC should significantly increase its efforts to actively check the quality and validity of registry data and fair distribution of address space One of the aims is to ensure equal treatment that all LIRs are applying the global assignment guidelines agreed upon by IANA and the RIPE community to all the End Users equally An LIR may also ask to be audited With the help of the Audit Team the LIR can e Remove database inconsistencies much faster e Make the process of gathering the required documentation for requests much easier and more efficient e Familiarise themselves with new policies at a rapid pace More details can be found in the document RIPE NCC CONSISTENCY AND AUDITING ACTIVITY The Audit P
177. questform html SUPPORTING NOTES FOR THE AUTONOMOUS SYSTEM NUMBER REQUEST FORM http www ripe net ripe docs asnsupport html AUTONOMOUS SYSTEM AS NUMBER ASSIGNMENT POLICIES AND PROCEDURES http www ripe net ripe docs asn assignment html RPSL EXTENSIONS FOR 32 BIT AS NUMBERS htto iiitwiki pub NP Asn32 draft uijterwaal rpsl 4byteas ext 01 txt RFC 5396 TEXTUAL REPRESENTATION OF AUTONOMOUS SYSTEM AS NUMBERS http www fags org rfcs tfc3396 html 161 RPSL EXTENSIONS FOR 32 BIT AS NUMBERS http www ietf org internet drafts draft uijterwaal rpsl 4byteas ext 01 txt ASN 32 BIT TEST SERVER http www ripe net news asn test server html ASN32 BIT DATABASE UPDATE http www ripe net news asn db update html Administrative NEW MEMBERS DOCUMENTATION htto www ripe net membership new members MERGERS ACQUISITIONS TAKEOVERS AND CLOSURES ORGANISATIONS OPERATING AN LIR http www ripe net ripe docs mergers html RIPE NCC Activity PLAN 2011 http www ripe net ripe docs ap html RIPE NCC BILLING PROCEDURE AND FEE SCHEDULE 2011 http www ripe net membership billing orocedure html RIPE NCC CHARGING SCHEME 2011 http www ripe net ripe docs charging html CALCULATING YOUR LIR s BILLING SCORE http www ripe net membership billing calculation html RIPE NCC BuDGET 2011 http www ripe net ripe docs budget html RIPE NCC ANNUAL REPORTS http www ripe net info ncc a
178. r html POLICY DEVELOPMENT PROCESS IN RIPE https www ripe net ripe docs pdp html 162 Appendix 3 Bit Boundaries Chart 116 0 255 117 0 127 128 255 TAGAS 18 0 63 64 127 128 191 192 255 19 0 31 32 63 64 95 96 127 128 159 160 191 192 223 224 255 20 0 15 16 31 32 47 48 63 64 79 80 95 96 111 112 127 128 143 144 159 160 175 176 191 192 207 208 223 224 239 240 255 21 0 7 8 15 16 23 24 31 32 39 40 47 48 55 56 63 64 71 72 79 80 87 88 95 96 103 104 111 112 119 120 127 128 135 136 143 144 151 152 159 160 167 168 175 176 183 184 191 192 199 200 207 208 215 216 223 224 231 232 239 240 247 248 255 122 0 3 4 7 8 11 12 15 16 19 20 23 24 27 28 31 32 35 36 39 40 43 44 47 48 51 52 55 56 59 60 63 64 67 68 71 72 75 76 79 80 83 84 87 88 91 92 95 96 99 100 103 104 107 108 111 112 115 116 119 120 123 124 127 128 131 132 135 136 139 140 143 144 147 148 151 152 155 156 159 160 163 164 167 168 171 172 175 176 179 180 183 184 187 188 191 192 195 196 199 200 203 204 207 208 211 212 215 216 219 220 223 224 227 228 231 232 235 236 239 240 243 244 247 248 251 252 255 123 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 etc 124 01234567891011 12131415 16 17 18 19 20 21 22 23 24
179. re experienced individuals as it provides exactly the information it receives back almost the same output is received from dig as from host d More detailed information about tools to manage DNS can be found at http www dns net dnsrd tools html References RipE NCC REVERSE DELEGATION WEBPAGES http www ripe net reverse POLICY FOR REVERSE DELEGATION OF IPV4 AND IPV6 ADDRESS SPACE IN THE RIPE NCC SERVICE REGION http www ripe net ripe docs rev del html OBTAINING REVERSE DELEGATION FROM THE RIPE NCC http www ripe net reverse IPv4 ADDRESS ALLOCATION AND ASSIGNMENT POLICIES IN THE RIPE NCC SERVICE REGION http www ripe net ripe docs ipv4 policies html Common DNS OPERATIONAL AND CONFIGURATION ERRORS ftp ftp ripe net rfc rfc1912 txt CLASSLESS IN ADDR ARPA DELEGATION ftp ftp ripe net ric rfc23 17 txt RECOMMENDATIONS FOR DNS SOA VALUES http www ripe net ripe docs ripe 203 html ZONE DELEGATION CHECKER http www ripe net cgi bin nph dc cgi 125 126 12 DIRECT RESOURCES Direct resources are resources that are assigned directly by the RIPE NCC to an End User End Users are not members of the RIPE NCC they are not LIRS Such Direct Resources can be e Autonomous System AS Numbers e Provider Independent PI Addresses e IPv4 or IPv6 Internet Exchange Point IXP Assignments e Anycasting Assignments IPv4 or IPv6 The above Direct Resources can be reguested in two ways
180. riginal ticket number iii Delete the original object to avoid overlapping objects 10 8 RIPE Test Database A TEST Database exists for users to learn how to use the RIPE Database software The TEST Database uses the same software as the RIPE Database e Nochanges are made in the actual RIPE Database by changing an object in the TEST Database e The data in the TEST database is not a copy of the data in the RIPE Database Therefore the data is not authoritative data You can create or update objects in the RIPE TEST Database either 1 via the e mail interface tesi dbm ripe net or 2 using Webupdates by selecting RIPE TEST DB in the Select Source menu Creating and updating objects in the TEST database via the e mail interface Send your object to test dbm Oripe net An acknowledgement message is sent from this e mail address 111 Special Features of the TEST Database Finding objects in the TEST Database Note source attribute value is TEST instead of RIPE nic hd1 the nic hdl you will receive for person objects will have the suffix TEST instead of RIPE referral by attribute value for mntner objects is TEST DBM MNT instead of RIPE DBM MNT Creating Allocations in the Test Database When creating inetnum objects in the TEST DB with the status attribute ALLOCATED PA the mnt by attribute has to reference the following mntner mnt by TEST ALLOCATED MNT NOTE authenticatio
181. rocess The Audit Process may be initiated by several factors e Infrequent contact with the RIPE NCC Due to the nature of the business or the AW of certain LIRs they need very little co ordination from the RIPE NCC These LIRs are audited from time to time to ensure good working relations and to confirm that they are aware of the latest policies and procedures e Random selection e Referral by a RIPE NCC IP Resource Analyst If during the course of normal Registration Services work a RIPE NCC IP Resource Analyst has difficulty obtaining satisfactory answers from an LIR the task can be passed on to the Auditing Team e External complaints concerning non compliance with policies and procedures The Audit Team investigates any external complaints trying to ascertain the validity of the complaints before approaching the LIR in question Audit Procedure In the audit activity the following information will be looked at Database Consistency e Is the information stored in the RIPE Database correct and valid Are the database entries separate up to date and pointing to all individual End User 151 assignments e Is the Database information stored in a correct manner Are nic handles used Are admin c and tech c referring to current contact persons Isthe status attribute correct Assignment Criteria e Have all requests above the LIR s AW been sent to the RIPE NCC for approval e Is proper documentation regarding the
182. rse delegation Usually the LIR They will set up reverse delegation of the enclosing 24 and then further delegate to their customers as required You can use the CNAME trick to create the next point in the hierarchy an example is shown on the next pages The procedure and requirements are the same as for 24 Exception The RIPE NCC will directly reverse delegate to zones smaller than 24 which are Provider Independent PI and do not originate from an LIR s PA allocation If this applies or questions arise please contact ripe dbm ripe net Sub delegations within a 24 delegation After reverse delegation for a 24 allocation the LIR should continue to check sub zone set up before further delegation and use the robot TEST flag The LIR can send in domain objects for the sub delegations to auto dbm ripe net with the keyword TEST in the subject line In this case Marvin will check if the reverse sub delegation is set up correctly and reply with a diagnostics message but will not make any entries into the RIPE NCC parent zone file for the 8 block or create domain objects in the RIPE Database Problems with RFC 2317 and Classless Reverse Delegation Although routing protocols now allow networks to be split in a Classless way the reverse delegation of those networks must still be Classful at first glance because of the structure of the DNS However it is possible to delegate networks smaller than a 24 This means that L
183. rson object with the PGP key of the mntner and then click on Submit Update to create the person object There is another way to supply the authorization Instead of adding an extra password field and filling in the mntner s password you can also do the following Selecting Authorisation from the menu enables you to enter a clear text password that can be used on all of your updates during the time specified You can enter the password to be used and for how long it will be remembered by the application When you click on Register the password you entered will be stored on your computer as an encrypted cookie You can also provide a password for each update by adding an extra password field to the object and entering your clear text password to the input field provided as shown in the examples above NOTE Before updating or deleting an object in the RIPE Database using Webupdates you must use the Authorisation menu to enter the password of the 35 maintainer that is protecting it And if want to edit my object You can use also use Webupdates to edit already existing objects Things to keep in mind when modifying database objects e keep the same primary key e add the changed line to the new version of object e g changed jan bluelight nl e keep the old changed lines in to show history never remove 1 changed line e include authentication PGP signature only when using e mail interface
184. s ii 83 7 7 AW for LIR s Own Infrastructure 84 Up till now in this chapter we discussed how the LIR s AW is used to make assignments to its End Users The AW is used differently when the LIR is making assignments to is own infrastructure What do we mean by the LIR s own infrastructure LIR s internal network Connection to End Users but subnets managed by End Users do not count as LIR s infrastructure see FAQ at htto www ripe net info fag rs main html 3 e Server hosting H administered by LIR The LIR can make as many assignments to its own infrastructure as needed without having to request prior approval from the RIPE NCC as long as each individual assignment is not larger than the LIR s AW Each assignment made to the LIR s own infrastructure using this policy must have a separate line in the inetnum object the RIPE Database remarks INFRA AW It is important that a separate remarks attribute is used for this No other comment may be included in this line It is possible to have other remarks attributes in the same object Assignments with the remarks INFRA AW attribute cannot be merged in the RIPE Database Assignments to the LIR s own infrastructure that are larger than the LIR s AW still have to be requested from RIPE NCC DO NOT include the attribute remarks INFRA AW in the inetnum objects for any assignments approved b
185. s explained in the RIPE document SUPPORTING NOTES FOR THE PROVIDER AGGREGATABLE PA ASSIGNMENT REQUEST FORM See Appendix 7 for an example of a completed Request Form The PROVIDER AGGREGATABLE PA ASSIGNMENT REQUEST FORM is divided into 6 parts General Information Template Address Space User Template Addressing Plan Template Equipment Description Template Network Description Template Network Diagram Template GE Een We shall discuss in the following how to fill out these six templates in the reguest form All field names in the reguest form followed by a colon should not be changed Otherwise the robot will not be able to process your reguest 1 General Information template Here you only need to fill out the RegID of your LIR Please do not alter the pre filled request type and form version fields 2 Address Space User template Fill out information about the organisation that will use the requested addresses If you are requesting the addresses for an End User then fill out this template with information about that End User and not your LIR If the request is for the LIR s infrastructure then fill in this template with information about the LIR organisation name is the name of the organisation that will use these addresses organisation location can be where the main office of the company is located You can also mention the locations where the IPs will be u
186. s for your LIR via the LIR Portal See Section 9 LIR Portal We strongly recommend that at least one representative of your LIR follow these two lists as well address policy wg Oripe net This is the main mailing list to discuss and develop RIPE policies nec services wg Oripe net This is the mailing list where the RIPE NCC services are discussed 3 2 Terminology Allocations and assignments are the two most important terms when talking about using address space Allocation Address space set apart by RIPE NCC for an LIR s future use for their End Users and their own infrastructure RIPE NCC gt gt gt LIR Assignment Address space taken by an LIR from their allocation and given to an End User or to the LIR s own infrastructure LIR gt gt gt End User or LIR gt gt gt to itself LIRs may only assign addresses from their allocation with the approval of the RIPE NCC or if they have an Assignment Window AW Having an allocation does not automatically mean that those addresses can be used immediately LIR s allocation eg 19 Assignment to LIR s own gt Assignment infrastructure to End User Fig 3 1 Allocation and Assignments All allocations and assignments in the RIPE NCC Service region must be registered in the RIPE Database LIRs may only assign addresses from their allocation with the approval of the RIPE NCC or if they have an Assignment Window AW See
187. sage stating e Number of objects found in the e mail e Number of objects processed successfully e Number of objects processed with errors e Object templates with errors clearly marked and explained at the appropriate attribute line The error reports are straightforward and identify the correction that has to be made Note Errors in the Summary of Update mean that the object was not registered in the Database and the template must be corrected and re sent to auto dbm ripe net If error reports continue and users are unable to locate the problem the original e mail and the Summary of Update error report should be sent by e mail to ripe dbm ripe net This mailbox is maintained by a human A reply will be sent explaining the error and help and support is provided See also Section 2 4 3 Creating Objects in the RIPE Database via the E mail interface 6 4 Registering an Assignment via Webupdates See Section 2 4 1 Creating Objects in the RIPE Database Using Webupdates 70 6 5 More information See Section 10 Advanced Database Issues Specifically the sub section 10 1 Flags Advanced Queries LIRs should consult the RIPE Database Documentation for more detailed information about creating objects in the RIPE Database 6 6 Valid and Invalid Assignments Invalid assignments and invalid Database objects delay the following procedures AW raise Additional Allocation or
188. sation that will use the addresses to operate their specific network s Assignment Window AW Refers to the maximum number of addresses that can be assigned by a Local Internet Registry LIR to an End User organisation or for their own infrastructure without prior approval by the RIR Hostmasters Autonomous System AS A group of IP networks operated by one or more network operators that has a single and clearly defined external routing policy Autonomous System Number ASN A globally unique number associated with an Autonomous System AS that is used both in exchange of exterior routing information and as an identifier of the AS itself Birds of a Feather BoF Group discussions on topics of specialised interest 165 Border Gateway Protocol BGP An Internet protocol commonly used within and between Internet Service Providers ISPs that enables groups of routers Autonomous Systems to share routing information so that efficient loop free routes can be established Classful The architecture used on the Internet until 1993 that allowed an IP address to be segmented in a variety of ways to provide three classes of network addresses Classless Interdomain Routing CIDR A scheme which allocates blocks of Internet addresses in a way that allows summarisation into a smaller number of routing table entries country code Top Level Domain ccTLD A Top Level Domain TLD corresponding to a country territory or
189. sed Please include city and coutry website if available If the End User has a website with information that could be helpful to understanding why public address space is needed you can include that URL here Does the organisation already have address space that can meet the needs for this request Enter Yes or No space available You should only send a request for address space that will be needed in the foreseeable future and for which the organisation does not currently have enough space available to cover If the organisation requesting the assignment does currently have address space that is not in use and could be used for this new assignment please reply with Yes and give an explanation of why this new request is needed 3 Addressing Plan template number of subnets this is the total number of subnets listed in the 4 ADDRESSING PLAN template address space returned If the user will be returning address space to another LIR after receiving this assignment specify here the ranges that will be returned to which LIR and when Note that the normally accepted time for renumbering is 3 months Use this syntax for this field lt x x x x X x x x gt to lt name gt by lt yyyymmdd gt E g 195 20 42 0 195 20 42 127 to UpstreamISP by 20030725 After that you will fill out the most important part of the request form the Addressing Plan table itself Before a request is submitted to the RIPE NCC the LIR
190. sensus model 1 The RIPE community provides input who RIPE meeting mailing lists open to everyone 2 The RIPE NCC proposes a yearly Activity Plan and budget based on the input who RIPE NCC staff 3 Atthe annual RIPE NCC General Meeting GM the membership votes on the RIPE NCC Charging Scheme who Members LIRS The RIPE community sets and agrees to the policies that the RIPE NCC implements 21 1 5 Summary Although extremely interdependent RIPE and the RIPE NCC are different organisations RIPE is an open forum with no formal membership and is an invaluable forum for policy discussions directly relating to IP networking All the policies related to IP address space are set by RIPE You can participate in RIPE and help set the policies The RIPE NCC is an independent not for profit membership organisation supporting its members and the RIPE community The RIPE NCC is one of the 5 Regional Internet Registries RIRs Don t forget to Subscribe to the address policy wg ncc services wg and db wg mailing lists http www ripe net mailman e Participate in the discussions in working groups mailing lists to help shape IP address policies Attend the RIPE meetings if possible or follow them on webcast to help shape IP address policies e Know where to find the RIPE documents and request forms http wwv ripe net ripe docs index html References RIPE NCC http www ripe
191. stem Numbers ASNs The management of reverse DNS in addr arpa and ip6 arpa Maintenance of RIPE Database The activities of the RIPE NCC fall under member and public services and include the following IPv4 and IPv6 allocations and assignments AS numbers Second opinions on assignments and provides support and guidance to the LIRs Registration services Contact e mail address hostmaster ripe net LIR training course Training services Routing Registry training course DNS for LIR s training course The RIPE NCC does not register domain names For information about registering domain names in the RIPE NCC service region Reverse Domain Name under ccTLDs see Council of European Delegation National Top level domain Registries CENTR http www centr org Contact e mail address for questions and assistance ripe dbm ripe net Member Services RIPE support RIPE Database maintainance Routing registry maintainance Liaison support for the RIPE community Co ordination Services Co ordination with partner organisations such as RIRs ICANN IANA IETF ISOC etc Information dissemination Routing registry Consistency Check RRCC Deployment of Internet Security Infrastructures DISI e g DNSSEC Projects Test Traffic Measurements TTM Routing Information Service RIS Other Test TrafficK root nameserver ENUM e164 arpa domain
192. t moderated for spam If you are interested in participating you can subscribe to the mailing lists at http Avww ripe net mailman RIPE also has a general announcement e mail list lt ripe list Oripe net gt 13 Working Groups Address Policy The open forum where RIPE policies are address policy wg Oripe net made that affect Internet resources IPv4 IPv6 and ASN Anti Abuse Fights the problem of network abuse anti abuse wg Oripe net Database Deals with all issues related to the RIPE db wg Oripe net Database DNS Domain Name System guestions and dns wg Oripe net issues EIX Issues and problems related to the eix wg Oripe net European Internet Exchange ENUM Internet resource mapping using E 164 enum wg Oripe net telephone numbers as identifiers IPv6 Following the progress of ipv6 wg Oripe net specification and implementation of IPv6 RIPE NCC Services Discussion about new and existing ncc services wg Oripe net RIPE NCC services and evaluating the RIPE NCC s yearly Activity Plan Routing Issues dealing with routing routing wg Oripe net architecture for the Internet in the RIPE NCC service region Measurement Analysis and Tools Forum where the RIPE NCC and the mat wg Oripe net community can collaborate in the areas of data tools and analysis of the Internet and its infrastructure with a loose focus on monitoring diagnosis analysis and forecasting Cooperation Forum for discuss
193. t people in the inetnum object and to create the inetnum object itself for the assignment NOTE There are three possible methods to create or modify objects in the RIPE Database via the e mail interface auto dbmOripe net using the Webupdates interface htip www ripe net webupdates or using Syncupdates http www ripe net db syncupdates 1 See Section 2 4 3 Creating Objects in the RIPE Database Via the E mail Interface 2 See Section 2 4 1 Creating Objects in the RIPE Database Using Webupdates If you create the inetnum object for the assignment via the e mail interface the template can be obtained using the t flag in the command line of the database query whois h whois ripe net t inetnum To create an inetnum object the range of IP addresses that has been assigned to an End User must be filled in the inetnum attribute field 65 66 The tech c and admin c attributes of the inetnum object should have as values nic hd1s of person or role objects The admin c administrative contact person for the assignment should be an employee of the organisation that will use the IP addresses This person has the overall responsibility for the network The tech c technical contact person for the assignment should have technical knowledge of the network They can be employees of the organisation that will use the IP addresses or employees of the LIR or a technical consultant It
194. table PA Assignment Reguest Form o Provider Aggregatable PA Assignment Request Form GENERAL INFORMATION request type pa ipv4 form version 1 1 x ncc regid nl bluelight ADDRESS SPACE USER oe EK Who will use the address space being reguested organisation name Laika organisation location Amsterdam NL website if available www laika dog nl EK ER Does the organisation already have address space that can meet the needs for this reguest Enter Yes or No space available No ER ADDRESSING PLAN number of subnets 6 address space returned 195 20 42 0 195 20 42 127 to UpstreamISP by 20071225 EK Size gt in CIDR Immediate Intermediate Entire Period Purpose subnet 25 120 120 120 dynamic dial up Ams dam 1 subnet 25 0 120 120 dynamic dial up Utrecht subnet 26 24 35 50 Amsterdam office LAN 2 subnet 27 0 12 25 web mail ftp servers Utrecht subnet 27 10 1 2 19 web mail ftp servers A dam subnet 28 14 14 14 training room LAN Amsterdam totals 24 25 28 168 313 348 EK ER Which netname will be used when registering this network in the RIPE Database etname LAIKA NET ER 13 HE EQUIPMENT DESCRIPTION ER ER Please describe th guipment that will be used in the network Indicate the function of the eguipment and provide information regarding the way it uses IP address sp
195. tating your full name and not only your job title and always include your Reg ID Each LIR contact person must have a person object registered in the RIPE Database Contact persons registered in RIPE NCC internal files reg files are not automatically updated when LIR staff make changes in the RIPE Database It is possible to use a role object to specify a group of people contact persons and then add this role object s nic hdl as Contact for the LIR in the reg file via the General menu of the LIR Portal Contact information should be updated by the LIR via the RIPE NCC s LIR Portal see Section 9 LIR Portal If you are unable to activate your account for the LIR Portal or if you have any questions about the LIR Portal please contact lir helpOripe net Membership announcement list 42 The RIPE NCC requires all members to be subscribed to the announcement lists nec announce ripe net This list is used for sending out announcements aimed at the management within an LIR e g billing charge changes The list is also used for sending out important announcements about informational issues such as RIPE documents Training Courses RIPE Meetings important policies etc Each LIR should provide the RIPE NCC with an e mail address for the announcement list It is assumed that at least one representative of each LIR follows the information sent to the list You can unsubscribe or change the subscribed addres
196. ternet topology visible the IRR is used by network operators to look up peering agreements determine optimal policies and more recently to configure their routers Each Regional Internet Registry has its own network information database part of which is used for routing information APNIC however not being a full Routing Registry only publishes AS numbers without policy details RADB and RIPE are both public databases registries where any ISP can publish their policies C amp W a private database contains the routing policies of the networks and customer networks of C amp W Most of these databases also mirror each other This means registering is only necessary in one database To retrieve info from all the mirrored databases you can guery RIPE DB using the a flag A List of all the routing registries databases mirrored by the RIPE database can be found at http Avww ripe net db mirrored html The benefits of the IRR are only realised when registered routing policies are kept up to date and reflect routing announcements in the real world 14 6 The Route Object The route object represents a route in the Internet A route in the Internet is information about how to reach a network and a promise to accept data A route is represented as a prefix which is the network part of the address that points to the network in question and the originating AS number Both prefix and the originating AS number are the primary key
197. than they absolutely require Here is a final example of a complete zone file with the reverse DNS for various small CIDR blocks delegated to customers nameservers SOA ns0 bluelight nl hostmaster bluelight nl 2000071701 serial version 86400 refresh period 7200 retry refresh this often 3600000 expiration period 172800 neg cache 7 First put in NS records for the domain itself NS ns0 bluelight nl NS ns3 colocation com Then put in NS records to delegate the made up domain to your 7 Customer s nameservers Do not use the as documented in RFC 2317 This will break stuff Use the first and last host delegated as this is obvious and will make support calls much easier First customer Goody2Shoes has been assigned 27 hosts 0 31 0 31 NS ns0 goody2shoes nl 0 81 NS ns2 bluelight nl 0 CNAME 0 0 31 1 CNAME 1 gt 0 31 3d CNAME 31 0 31 Second customer has been assigned hosts 32 71 He has a 27 123 rr rr 32 32 32 33 TA rr 73 and a 29 Although these must be routed as two routes they can be delegated as one domain 71 NS 71 NS CNAME CNAME CNAME And now the customer who does PTR www onionblurp nl EOF ns cyberfalafel nl ns2 bluelight nl 32 32 71 33 32 71 11 32 71 not want to run any nameservers Obviously the customer needs to have a matching zone on his system It is not really very different from any
198. the LIR does not gualify for sub allocations or does not want to make sub allocations e The ISP cannot make sub assignments to the End Users e The LIR has to make separate assignments to o the ISP s infrastructure o to the ISP s customers e Separate assignments must be o requested if above AW o registered in the RIPE Database 73 74 7 ASSIGNMENT WINDOW AW Overview The Assignment Window AW of an LIR is the maximum amount of addresses that the LIR can assign from its allocation without needing approval from the RIPE NCC The AW is used differently when making assignments to an End User as opposed to the LIR s own infrastructure To End User The AW determines the maximum amount of address space an LIR can assign in 12 months to each End User without needing approval from the RIPE NCC To LIR s own infrastructure The LIR can make as many assignments to its own infrastructure as needed without needing approval from the RIPE NCC as long as each individual assignment is not larger than the LIR s AW See Section 7 7 Sub allocations to Resellers The LIR s AW is also used to calculate the maximum address space a Reseller which holds a sub allocation from the LIR can assign to each End User in any 12 months period See Section 8 7 1 Assignment Window Policy A new LIR will always start with AW 0 Their AW will automatically be set to a 21 2048 addresses six months after receiving their
199. the international standards country code first nic hdl The nic hdl is a unique person object identifier that references contact details for a unique person It avoids ambiguities as there is only one and unique nic hdl for each person even for people with the same name The nic hdl field has a strict format If you are not sure what to enter leave it blank This will be generated for you mntner name The mntner name will also be generated if left blank For more information on mntners see section 2 4 3 password Choose a secure password and remember it The password protects and authenticates the person object so that unathorised people cannot update it or delete it You will have to supply the password every time you want to update this person object in the future Funny tool will use this password as the password of the mntner object it creates This mntner object will protect the person object Click on submit and you have just created a person object and a mntner object You will see them in following window see next page 30 O Succeeded Where to go from here We have created two RIPE Database objects for you please make a note of the primary keys shown in bold letters for these two objects for future reference person nic hdl JQ143 RIPE person John Qwerty address 258 Singel address 1016 AB address Amsterdam phone 31205354444 e mail training ripe net nic hdl JQ143 RIPE mnt by JQ5214
200. tion html 17 3 Closing Merging Taking over an LIR There are several possible scenarios where an LIR is closed or taken over by another LIR 1 An LIR closes completely 2 One LIR takes over another LIR and the other closes 3 A LIR takes over another LIR and both remain open 4 A Non LIR takes over an LIR The above mentioned situations are fairly rare and are therefore handled on a case by case basis It is therefore very important to contact the RIPE NCC for details about exact procedures This should be done via e mail to lir help ripe net Issues that need to be resolved are among others the following Billing issues e Administrative issues e Contact persons e Address and phone number changes e Address space issues e Invalid objects in the RIPE DB e Return of the renumbered networks e AW considerations e Authority of allocations and reverse zones e New old mntner objects e Small Database changes 153 154 New contracts may have to be signed between the RIPE NCC and the parties involved New contact persons may need to be confirmed There is no need to change the RegID if the ownership or name of an LIR changes If an LIR wants to change their Reg ID they must pay a start up fee just like for establishing a new LIR To cover administrative costs LIRs must pay a one time take over fee of 1250 EUR if they take over the address space allocations of another LIR as a result of a mer
201. tional mandatory mandatory mandatory ORGANISATION organisation org name org type descr remarks address phone fax no e mail abuse mailbox org admin c tech c ref nfy mnt ref notify mnt by changed source mandatory mandatory mandatory optional optional mandatory optional optional mandatory optional optional optional optional optional mandatory optional mandatory mandatory mandatory single single multiple single multiple multiple multiple multiple multiple multiple multiple multiple multiple multiple multiple multiple multiple multiple single single single multiple single multiple multiple multiple multiple multiple single single single single multipl multipl multipl multipl multipl multipl multipl multipl multipl multipl multipl multipl multipl multipl single multipl primary look up key inverse key inverse key inverse key inverse key inverse key inverse key inverse key inverse key inverse key primary look up key inverse key nverse key B primary look up key look up key look up key lookup key inverse key inverse key inverse key inverse key inverse key inverse key inverse key 171 172 Appendix 7 Completed Provider Aggrega
202. tnum object can only be valid if the corresponding assignment is valid and vice versa Please bear in mind that the syntax of the RIPE Database is much less restrictive than the RIPE Address policy When you are creating an object in the RIPE Database the Database robot does not check if the object is valid according to the RIPE Address Policy The Database robot only checks if the format of the Database object is correct and if the necessary mntner authentication checks have been passed Successful creation of an inetnum object in the RIPE Database is no guarantee that the object is valid according to the RIPE Address Policy Working Group policy INVALID INETNUMS Here are a few examples of INVALID inetnum objects that one would be able to create in the Database e Date in changed attribute before approval date never add the date in the changed attribute to avoid this e Size above the LIR s AW but not approved by the RIPE NCC AW is not checked by Database robot e Overlapping objects e Assignments to several different End Users in one inetnum object e Different netname than approved by the RIPE NCC It is your responsibility as an LIR that not to create invalid objects in the RIPE Database 6 8 Assignments to Small ISPs 72 What if one of your customers is not an End User but an ISP Reseller who has End Users as customers Make sub allocations See Section 8 Sub allocations Otherwise if
203. to the End Users e directly from the RIPE NCC e indirectly via a sponsoring LIR 12 1 End User requesting resources indirectly via a sponsoring LIR If the End User chooses to request any of the listed Direct Resources via a sponsoring LIR then the End User must find an LIR who will request the resources their behalf from the RIPE NCC e the End User will have to sign an End User Assignment Agreement with the LIR e the LIR will request the resources on the End User s behalf from the RIPE NCC This method is the most common more usual than the one described in Section12 2 below It is the method that is described in detail in Sections 13 PI Address Space 14 3 How to get an AS Number 16 5 IPv6 Assignments to IXPs 12 2 End User requesting resources directly from the RIPE NCC If the End User chooses to request any of the Direct Resources from the RIPE NCC directly e they have to apply to become a Direct Assignment User e they have to sign an End User Assignment Agreement with the RIPE NCC e they have to request the resources via email Not The LIR Portal You can apply via this webpage to become a Direct Assignment User htto ripe net membership index htmi Choose Direct Assignment User option not the member option A Direct Assignment User will receive a so called RegID from the RIPE NCC to identify their organisation in all communications with the RIPE NCC They will pay a yearly f
204. ts MIME PGP GnuPG It is possible to use certain tools for converting address space representation from one format to another slash notation decimal dotted quad etc A Perl module is available on RIPE NCC ftp site ftp ftp ripe net tools Net IP 1 0 tar gz All end user networks need to be registered separately to avoid overlapping inetnum objects Overlapping two or more levels of the inetnum objects with the status ASSIGNED PA By default the RIPE Database will not prevent creation of overlapping inetnum objects however overlapping inetnum objects are considered invalid by the Registration Services IP Resource Analysts of the RIPE NCC Registering an assignment Example of an inetnum object for an assignment in the RIPE Database Based on the request shown in Section 4 Requesting PA Address Space and Appendix 7 inetnum 80 35 80 0 80 35 81 143 netname LAIKA NET descr Laika Internet country NL To create this inetnum aka admin c AB231 RI BE object the authentication one Chea tech c JJ125 RIPE check of this maintainer D F D status E DA must be passed mnt by BLUELIGHT MNT mnt lower BLUELIGHT MNT changed jan bluelight tnt Do not include the date source REEE The database robot will include the date When creating an inetnum object for an assignment you have to pass the hierarchical protection mnt lower ofthe parent inetnum object e g the allocation
205. ts these conditions You are reguired to confirm that the points mentioned above have been read and understood and that the organisation reguesting PI space is fully aware of the disadvantages of PI address space confirm here End of INITIAL INFORMATION template The second type additional template s found only in the PROVIDER INDEPENDENT PI ASSIGNMENT REQUEST FORM are DATABASE TEMPLATE S See below for how to fill out this template The text from the request form itself is in bold font the explanatory notes are in normal font DATABASE TEMPLATE S Please include database templates here so that the Hostmaster can register the assignment in the RIPE Database Where it is necessary to create a maintainer mntner object please include that template too Hostmasters will not create person objects for you inetnum leave empty netname specify a netname here descr specify company name of the organisation country specify the country org specify org ID here admin c insert the nic handle of the administrative contact tech c insert the nic handle of the administrative contact status ASSIGNED PI notify specify e mail address here mnt by specify mntner name here mnt by RIPE NCC HM PI MNT mnt lower RIPE NCC HM PI MNT mnt routes specify mntner name here mnt domains specify mntner name here changed hostmaster ripe net source RIPE On the next page you can see an exa
206. umber of additional IP addresses needed to reach your LIR s AW is the size of the assignment you can give them today without having to ask for approval AW x 7 5 Responsibilities of LIRs within their AW 78 LIRs have to evaluate all requests within their AW size which includes implementing all the polices in the policy document making classless conservative assignments implementing dynamic solutions when possible promoting DHCP http1 1 dynamic dial up etc Further responsibilities include Documenting assignments since the RIPE NCC may ask for it at a later stage e Register all the assigned networks in RIPE DB with the appropriate netname e Reminding the End User s previous ISP to delete the outdated Database objects after renumbering THE ASSIGNMENT PROCESS TO END USERS ASSIGNMENT WITHIN _LIR S AW End User makes request LIR evaluates request Total size of this request plus all By e S A previous assignments reguest gt AW to this End User within the last 12 Ge months excluding the ones approved by the RIPE NCC H LIR chooses addresses LIR updates own records LIR updates RIPE Database creates inetnum object Fig 7 1 The Assignment Process to End Users Assignment within LIR s AW 79 THE ASSIGNMENT PROCESS TO END USERS ASSIGNMENT ABOVE LIR S AW End User makes request LIR evaluates request yes request gt AW Total size of this gt reguest plus
207. unction of mnt lower The mntner in the mnt lower attribute doesn t protect the object itself so anyone can change this object below because it has no mnt by attribute inetnum 81 9 5 0 81 9 6 255 netname WEIRDNET descr Example Network Z P country CS This object admin c BBB13 RIPE is not tech c NCN83 RIPE protected status ses changed nenadc Cchudo cs 20030918 source RIPE Fig 10 5 inetnum object with mnt lower but no mnt by attribute The mntner in mnt lower attribute of an inetnum object only blocks the IP range of that inetnum object so that only those who can pass the authentication of MNT 9 can create new objects in the same range in the RIPE Database MNT 9 blocks this range in the Database range of WEIRDNET 80 9 6 255 range of TINYNET 81 9 5 255 81 9 5 0 You cannot create TINYNET unless you can pass WEIRDNET s mnt lower Fig 10 6 The only function of the mnt lower attribute It would be pointless using only a mnt lower attribute without a mnt by attribute in an inetnum object as the object would not be protected anybody could delete it thereby removing the check that mnt lower attribute provided Because of this mnt lower should only be used in combination with mnt by in an inetnum object e Those who can pass the authentication of the mntner in mnt by MNT 1 in Fig 10 7 can update and even delete the inetnum object They can also create overlapping objects e Those w
208. v6 and IPv4 PI AS number Internet Exchange Point IXP and anycasting assignment For more details see the Charging Scheme FAQ page http ripe net info faq membership charging scheme html There are several methods of payment yearly half yearly and quarterly Invoices are sent by ordinary mail and e mail Delayed payment will result in reminders being sent e The first reminder is sent 30 days after the invoice No other action is taken at this stage e The second reminder is issued after an additional 30 days Interest on the outstanding invoice is added at the current rate of interest and a late payment charge of 100 EUR is added too The LIR enters phase 2 At this stage RIPE NCC will not approve any address space requests including allocations e The third reminder follows in another 30 days If there is still no payment the LIR enters phase 3 No more services can be obtained from RIPE NCC service level NONE Reverse DNS delegations corresponding to the allocation of the LIR are also temporary removed e Following this after yet another 30 days 120 days after the invoice RIPE starts the procedure of closing down the LIR and taking back the address space or transferring it to to another LIR This is phase 4 Any queries regarding payment and invoices should be addressed to the following mailbox billing ripe net Calculate your LIR s Billing score http www ripe net membership billing calcula
209. w ripe net db support whois refcard pdf NEW VALUES OF THE STATUS ATTRIBUTE FOR INETNUM OBJECTS LIR PARTITIONED http www ripe net ripe docs ir partitioned html IRT OBJECT IN THE RIPE DATABASE http www ripe net ripe docs irt object html SYNCUPDATES http www ripe net db syncupdates ORGANISATION OBJECT IN THE RIPE DATABASE www ripe net db support organisation html PROTECTING YOUR DATA IN THE RIPE DATABASE MNTNERS AUTHENTICATION SCHEMES http www ripe net db support security PGP AUTHENTICATION IN THE RIPE DATABASE http www ripe net db support security ogp html PKI X 509 AUTHENTICATION IN THE RIPE DATABASE http www ripe net db support security x509 html 115 116 11 REVERSE DELEGATION 11 1 Overview In this section we will discuss how to set up reverse delegation from the RIPE NCC for the LIR or the LIR s End Users Specifically how to e set up reverse delegation for a 24 range e setup reverse delegation for multiple 24 ranges for ranges between the sizes of 23 and 16 e set up reverse delegation for a 16 range e make a reverse delegation for an address space smaller than 24 In this section we also discuss how to change and delete an existing delegation describe common errors and list useful tools It is assumed that the reader is familiar with DNS For more information see also http www ripe net reverse 11 2 Reverse Address Mapping What is Forward and Reverse Delegation Appl
210. wish to fill out an optional field delete the whole line including the attribute left of the colon After you finish filling out the template click on the Submit update button and you create the person object 34 CUR Portal RIPE About RIPE NCC Contact Search Sitemap Updating the RIPE Database home gt RIPE Database gt Webupdates We continue to monitor this service and investigate any issues that occur RIPE Database If you encounter any problems while using webupdates please let us know About the RIPE Database Webupdates For details about our e mail update interface send an e mail to lt auto dbm ripe net gt with HELP in the subject line and nothing else Support Information e DB Software and Tools Help Add Edit Authorisation Select Source Query Database Copyright Updating RIPE Database a From Host 193 0 3 1 DB Related projects Date Time Wed Feb 25 10 31 30 2009 DB Copyright it of of of of ES Routing Registry Creations Modifications Deletions No Operations ees News Archive Bees 1 0 0 0 Failure o 0 d d pe a e Create SUCCEEDED person SF4670 RIPE Susan Fowler f RIPE Warning Date 20090225 added to changed attribute susfowler bluelight nl NCC For assistance or clarification please contact E Learning Centre RIPE Database Administration lt ripe dbm ripe net gt About RIPE NCC Site Map LI
211. y the RIPE NCC or else they will become invalid Therefore all assignments to the LIR s infrastructure are either e Smaller or equal to the size of their AW and include the attribute remarks INFRA AW in the inetnum object in the RIPE Database An LIR can make as many of these as needed without having to request them e Larger than the LIR s AW They DO NOT include the remarks INFRA AW attribute in the inetnum object These assignments have to be requested The LIR therefore is much less restricted by the AW Policy when making assignments to its own infrastructure than when it is making assignments to one of its End Users This does not mean however that the LIR can make assignments to its own infrastructure without proper justification The RIPE NCC may request proper documentation and an overview of the address space used for the LIR s own infrastructure If the LIR fails to show decent documentation the RIPE NCC may lower the LIR s AW 85 THE ASSIGNMENT PROCESS FOR LIR S OWN INFRASTRUCTURE ASSIGNMENT WITHIN LIR S AW LIR needs addresses for own infrastructure size of this this request gt AW7 request only H no Aa LIR chooses addresses LIR updates own records LIR updates RIPE database creates inetnum object with remarks INFRA AW Fig 7 5 The Assignment Process to LIR s own Infrastructure Assignment within LIR s AW 86 THE ASSIGNMENT PROCESS FOR LIR S OWN INFRASTR
212. your company who can pass authentication of your mntner can create assignment objects inside your allocation range 10 4 2 The mnt routes attribute mnt routes authorises the creation of new route objects without allowing the updating of other objects already in the RIPE Database When creating a new route object the relevant inetnum objects route objects and aut num objects in the RIPE Database are checked for authorisation Authorisation is provided by the mntner in the mnt routes attribute of these objects What do we mean by the relevant objects inetnum or route objects in the RIPE Database that have the same range or a bigger encompassing range as the new route object that you want to create The relevant aut num object is the one that will be referenced in the origin attribute of the new route object If the relevant objects in the database do not have a mnt routes attribute authorisation for creating a new route object is provided by other mntners referenced in the mnt by or mnt lower attribute of these objects Not having mnt routes in your inetnum objects route objects and aut num objects would mean that you would have to give the password of your mntner MNTR 7 in the example below to anybody whom you want to permit to create a route object referring to your address range or ASN With this password they could then not only create route objects but update your objects or create assignment objects within your allo
Download Pdf Manuals
Related Search