Registration Services Update ENOG 6

Gerardo Viviers Registration Services RIPE NCC 9,577 RIPE NCC Members From 76 Countries

2 Strong Membership Growth

!()#$$!!

!()$$$!!

!'$$!!

!&$$!!

!%$$!!

!#$$!!

!"!! *+,"$-! *./"$-! *+,"$'! *./"$'! *+,"$0! *./"$0! *+,"($! *./"($! *+,"((! *./"((! *+,"(#! *./"(#! *+,"(1! *./"(1!

3 RIPE NCC Membership 2013

Total Membership by Country New Membership by Country

!"#$ !"#$

!"#$ !!#$

Ukraine: 1,7% ")#$ Ukraine: 2,3% '(#$ !%#$ !!#$

&#$ %#$ (#$ &#$ &#$ (#$ '#$

)*$ +,--./$ *+$ ,-./012$ 3.014-$ 0123/45$ 67/85$ 5-67-.8019:$ ;6082$ <=8019$ 92/4:1$ ;7<12$ >?::@0$ [email protected]$ D67-.$

4 Number of LIRs in Region

,-./012314" !!" #$" #*%" #+" !%" &'" 5.61/78" %" #(" )" #)" 9.:/;21" <1-1=>8?14" <@/;@-8?14" A:6B:C1" D78821" E132=28?14" E7/=F.428?14"

#')%" G=/124." G-0.=28?14"

5 Number of LIRs in Region (Outside Russia)

#+" !!" #$" ,-./012314" !%" 5.61/78" 9.:/;21" <1-1=>8?14" <@/;@-8?14" &'" A:6B:C1" #*%" D132=28?14" #(" D7/=E.428?14" F=/124." #)" F-0.=28?14" %" )"

6 IP Address Allocations

CD>EF8<<6G+H6/)" CD>IF8<<6G+H6/)" &#!!"

&!!!"

%#!!"

%!!!"

$#!!"

$!!!"

#!!"

!"

'())*+" ,-.+*/0" 506.7*+" ?0<+.()" ;6<=6>+" A+:*-*)4+/" 1+2+-3)4+/" 820.9+*:+/" [email protected]@2)4+/" ,290-*)4+/" A(.-B0/*)4+/"

7 IP Address Allocations (Outside Russia)

CD='E7;;5F+G5-2" CD=HE7;;5F+G5-2"

#!!"

'#!"

'!!"

&#!"

&!!"

%#!"

%!!"

$#!"

$!!"

#!"

!"

()*+,-." 4.5*6,+" >.;+*?2" :5;<5=+" A+9,),23+-" /+0+)123+-" 70.*8+,9+-" /@*6@023+-" (08.),23+-" A?*)B.-,23+-"

8 PI Assignments

DE:'FEDFB**+=0C105*" DE:GFEDFB**+=0C105*"

'!!!"

&#!!"

&!!!"

%#!!"

%!!!"

$#!!"

$!!!"

#!!"

!"

()**+," -./,+01" <17/=+," ?18,/)*" 67897:," @,A+.+*5,0" 2,3,.4*5,0" -3;1.+*5,0" 2>/=>3*5,0" B31/;,+A,0" @)/.C10+*5,0"

9 Autonomous System Number Assignments

E:F:G"HI)+" @JEK@++,>1D216+"

(!!!"

'!!!"

&!!!"

%!!!"

$!!!"

#!!!"

!"

)*++,-" ./0-,12" 728-0*+" =2:0>,-" 9:8;:<-" C-A,/,+6-1" 3-4-/5+6-1" .4?2/,+6-1" @420?-,A-1" 3B0>B4+6-1" C*0/D21,+6-1"

10 Last /8 IPv4 Allocation Policy

• The RIPE NCC reached the last /8 on 14 September 2012

• LIRs can receive one final /22 (1,024 IPv4 addresses), even if they can justify a larger allocation

– LIRs must already have an IPv6 allocation from an upstream LIR or the RIPE NCC

– 2082 /22s issued so far

• Additionally: 15 IXP assignments, two in Russia

11 Allocations From the Last /8

>&?@" 3.3)>&?@"

%#!"

%!!"

$#!"

$!!"

#!"

!" &'()$%" *+,)$%" -./)$%" 0'+)$%" 123)$4" 5'6)$4" 728)$4" 9(8)$4" 72:)$4" 1;3)$4" 1;<)$4" 9;=)$4"

12 IPv4 Allocation Trend

'&!!"

'%!!"

'$!!"

'#!!"

'!!!"

&!!"

%!!"

$!!"

#!!"

!" #!!(""""""" #!'!""""""" #!''""""""" #!'#""""""" #!')""""""" *"+,-$"./012"3445678591" *"+,-$"3::/85974"3445678591"

13 Need More IPv4 Address Space?

• Three different types of intra-RIR transfers: 1) Mergers and acquisitions 2) Transfers of allocations using the policy 3) Legacy space transfers

Ingrid Wijte 14 1) Mergers and Acquisitions

• If an organisation (or part of it) is sold, the Internet number resources in use for the network can be transferred

• Documentation required:

– Merger/purchase agreement

– Company registration papers for both parties

– New “Independent Assignment Request and Maintenance Agreement” (only for Provider Independent resources)

• Based on procedural document ripe-579

Ingrid Wijte 15 2) Transfers of Allocations Using the Policy

• Policy requirements:

– Transfers between LIRs only

– The IP addresses transferred must not be in use

– Receiving LIR must justify the need for the block

– Permanent or temporary

• Documentation required:

– Signed RIPE NCC Transfer Agreement

– Company registration papers for both parties

– RIPE NCC additional allocation (pre)approval for receiver

• Based on ripe-582, section 5.5

Ingrid Wijte 16 3) Legacy Space Transfers

• IPv4 address space that was distributed prior to the formation of the Regional Internet Registry (RIR) system

• The RIPE NCC is able to support transfers of legacy space when this is covered by a “Legacy Space Agreement”

• The RIPE NCC is not involved in cases where the resources are not covered by an agreement

Ingrid Wijte 17 IPv4 Transfer Listing Service

• Enables LIRs looking to transfer allocations to find receiving parties

• LIRs can also request resources

• Member-only service through the LIR Portal

• The RIPE NCC has no interest in financial transactions

• Transfers must follow transfer policy in ripe-582, section 5.5

• Currently 340,992 IPs offered vs 16,492,533 requested

Ingrid Wijte 18 IPv4 Allocation Transfers

19 Mergers Completed

(!"

'!"

&!"

%!"

$!"

#!"

!" )*+#" )*+$" )*+%" )*+&" )*+#" )*+$" )*+%" )*+&" )*+#" )*+$" )*+%" )*+&" )*+#" )*+$" )*+%" )*+&" $!#!" $!##" $!#$" $!#%"

20 Recent Policy Changes

• “Transparency in Address Block Transfers”

– Accepted proposal 2012-05

– The RIPE NCC now publishes a record of all transfers conducted according to the policy: http://www.ripe.net/lir-services/resource-management/ipv4- transfers/table-of-transfers

• “Revert “Run Out Fairly””

– Accepted proposal 2012-06

– Reverts the changes made by “Run Out Fairly”

– Allocation/assignment period returns to 12 months (from three)

– 50% assignment in use after 12 months

21 Current (Transfer) Policy Proposals (1)

• “Policy for Inter-RIR Transfers of IPv4 Address Space”

– Policy proposal 2012-02

– Describes how transfers of IPv4 address space between LIRs of different Regional Internet Registries will occur:

– Section 5.5 applies

– Need for policy compliance between RIRs:

– Originating party complies with policy of originating RIR

– Destination party complies with policy of destination RIR

– RIRs must have “compatible” as well as reciprocal policies

– Status: Review Phase – awaiting Working Group Chair decision

Ingrid Wijte 22 Current (Transfer) Policy Proposals (2)

• “No Restrictions on End User Assignments in Intra-RIR Transfers”

– Policy proposal 2013-05

– Removes requirement that a transferred allocation must not contain any block that is assigned to an End User

– IP addresses in use can be re-allocated

– End Users that later become an LIR can move their address blocks to their own account

– Status: Discussion Phase – awaiting documentation

Ingrid Wijte 23 Current Policy Proposals (3)

• “No Need – Post-Depletion Reality Adjustment and Cleanup”

– Policy proposal 2013-03

– Removes needs-based requirement for IPv4 delegations

– Status: Review Phase

• “RIPE NCC Services to Legacy Internet Resource Holders”

– Policy proposal 2012-07

– Status: Review Phase

24 Current Policy Proposals (4)

• “PA/PI Unification IPv6 Address Space”

– Policy proposal 2013-06

– Aims to unify the three RIPE documents ripe-589, ripe-451 and ripe-233 and to provide one document for all IPv6 address space.

– Removes the difference between PI and PA; Sub-allocation and Assignment

25 Join the Discussions

Address Policy Working Group: http://www.ripe.net/mailman/listinfo/address-policy-wg

Ingrid Wijte 26 PI Resources: Contractual Policy – Update

• Currently in Phase 3: Contacting End Users directly

• Several challenges

– Lack of familiarity with RIPE Policy and the RIPE NCC

– Identifying the legitimate resource holder

– Ensuring continuity of active networks

27 PI Resources: Contractual Policy – Update

!"#$%&#'()*"+,-$#'.'/-0&1#2'

)!*$ *'$ ((!$ #('$

+,,-./01$2.34$ 567-8$ 90:;-601$

!"##$ %&'$

28 Independent Resources: Maintenance

29 Assisted Registry Check (ARC) (1)

• New name for the RIPE NCC’s existing audit activities that have been improved with feedback from members and the RIPE community

• Maintain the periodic contact between LIRs and the RIPE NCC

• Reduce workload for LIRs

• The RIPE NCC provides a report highlighting our observations and recommendations

• Overview of registered information (e.g. contact details)

30 Assisted Registry Check (ARC) (2)

• Overview of Internet Number Resource consistency (e.g. overlapping assignments)

• Overview of rDNS and route-objects consistency (e.g. checking lame reverse delegations and routing registry vs BGP announcements)

• Assist LIRs with improving data accuracy

• An opportunity for LIRs to ask about RIPE Policies, registering objects in the RIPE Database and using RIPE NCC tools

31 Address Hijacking

• Due to an End User report, we discovered a number of resources that have been hijacked

• Hijackers seem to be targeting unannounced resources

• Hijackers abused long established processes

• A sophisticated approach: forged legal documents and signatures, copied websites and re-registered expired domains

32 Taking Steps in Response

• Updating our processes as appropriate

• Reverting unauthorised changes

• Reporting illegal activities to the authorities

• Where member involvement can be proven: closure of LIR account and de-registration of resources

• In case of a dispute:

– Affected party can escalate the process to RIPE NCC management for a final decision

– If not resolved, can object to decision via Arbiters Panel if members (non-members must go through sponsoring LIR)

33 Getting the Balance Right

• Mindful of the balance between ensuring that we are talking to the legitimate holder vs being overly bureaucratic or inflexible

• Many legitimate cases (e.g. legacy resources) where proof of holdership can be difficult to establish

• End Users might find the RIPE NCC becoming more strict in its verification requirements as a result

34 What You Can Do

• Protect your resources against hijacking by making sure your RIPE Database objects and contact information are up to date

• If you need help, or think your resources may have been hijacked, contact: [email protected]

35 Questions?