Registration Services Update ENOG 6
Gerardo Viviers Registration Services RIPE NCC 9,577 RIPE NCC Members From 76 Countries
2 Strong Membership Growth
!()#$$!!
!()$$$!!
!'$$!!
!&$$!!
!%$$!!
!#$$!!
!"!! *+,"$-! *./"$-! *+,"$'! *./"$'! *+,"$0! *./"$0! *+,"($! *./"($! *+,"((! *./"((! *+,"(#! *./"(#! *+,"(1! *./"(1!
3 RIPE NCC Membership 2013
Total Membership by Country New Membership by Country
!"#$ !"#$
!"#$ !!#$
Ukraine: 1,7% ")#$ Ukraine: 2,3% '(#$ !%#$ !!#$
$ %#$ (#$ $ $ (#$ '#$
)*$ +,--./$ *+$ ,-./012$ 3.014-$ 0123/45$ 67/85$ 5-67-.8019:$ ;6082$ <=8019$ 92/4:1$ ;7<12$ >?::@0$ [email protected]$ D67-.$
4 Number of LIRs in Region
,-./012314" !!" #$" #*%" #+" !%" &'" 5.61/78" %" #(" )" #)" 9.:/;21" <1-1=>8?14" <@/;@-8?14" A:6B:C1" D78821" E132=28?14" E7/=F.428?14"
#')%" G=/124." G-0.=28?14"
5 Number of LIRs in Region (Outside Russia)
#+" !!" #$" ,-./012314" !%" 5.61/78" 9.:/;21" <1-1=>8?14" <@/;@-8?14" &'" A:6B:C1" #*%" D132=28?14" #(" D7/=E.428?14" F=/124." #)" F-0.=28?14" %" )"
6 IP Address Allocations
CD>EF8<<6G+H6/)" CD>IF8<<6G+H6/)" !!"
&!!!"
%#!!"
%!!!"
$#!!"
$!!!"
#!!"
!"
'())*+" ,-.+*/0" 506.7*+" ?0<+.()" ;6<=6>+" A+:*-*)4+/" 1+2+-3)4+/" 820.9+*:+/" [email protected]@2)4+/" ,290-*)4+/" A(.-B0/*)4+/"
7 IP Address Allocations (Outside Russia)
CD='E7;;5F+G5-2" CD=HE7;;5F+G5-2"
#!!"
'#!"
'!!"
!"
&!!"
%#!"
%!!"
$#!"
$!!"
#!"
!"
()*+,-." 4.5*6,+" >.;+*?2" :5;<5=+" A+9,),23+-" /+0+)123+-" 70.*8+,9+-" /@*6@023+-" (08.),23+-" A?*)B.-,23+-"
8 PI Assignments
DE:'FEDFB**+=0C105*" DE:GFEDFB**+=0C105*"
'!!!"
!!"
&!!!"
%#!!"
%!!!"
$#!!"
$!!!"
#!!"
!"
()**+," -./,+01" <17/=+," ?18,/)*" 67897:," @,A+.+*5,0" 2,3,.4*5,0" -3;1.+*5,0" 2>/=>3*5,0" B31/;,+A,0" @)/.C10+*5,0"
9 Autonomous System Number Assignments
E:F:G"HI)+" @JEK@++,>1D216+"
(!!!"
'!!!"
&!!!"
%!!!"
$!!!"
#!!!"
!"
)*++,-" ./0-,12" 728-0*+" =2:0>,-" 9:8;:<-" C-A,/,+6-1" 3-4-/5+6-1" .4?2/,+6-1" @420?-,A-1" 3B0>B4+6-1" C*0/D21,+6-1"
10 Last /8 IPv4 Allocation Policy
• The RIPE NCC reached the last /8 on 14 September 2012
• LIRs can receive one final /22 (1,024 IPv4 addresses), even if they can justify a larger allocation
– LIRs must already have an IPv6 allocation from an upstream LIR or the RIPE NCC
– 2082 /22s issued so far
• Additionally: 15 IXP assignments, two in Russia
11 Allocations From the Last /8
>&?@" 3.3)>&?@"
%#!"
%!!"
$#!"
$!!"
#!"
!" &'()$%" *+,)$%" -./)$%" 0'+)$%" 123)$4" 5'6)$4" 728)$4" 9(8)$4" 72:)$4" 1;3)$4" 1;<)$4" 9;=)$4"
12 IPv4 Allocation Trend
'&!!"
'%!!"
'$!!"
'#!!"
'!!!"
&!!"
%!!"
$!!"
#!!"
!" #!!(""""""" #!'!""""""" #!''""""""" #!'#""""""" #!')""""""" *"+,-$"./012"3445678591" *"+,-$"3::/85974"3445678591"
13 Need More IPv4 Address Space?
• Three different types of intra-RIR transfers: 1) Mergers and acquisitions 2) Transfers of allocations using the policy 3) Legacy space transfers
Ingrid Wijte 14 1) Mergers and Acquisitions
• If an organisation (or part of it) is sold, the Internet number resources in use for the network can be transferred
• Documentation required:
– Merger/purchase agreement
– Company registration papers for both parties
– New “Independent Assignment Request and Maintenance Agreement” (only for Provider Independent resources)
• Based on procedural document ripe-579
Ingrid Wijte 15 2) Transfers of Allocations Using the Policy
• Policy requirements:
– Transfers between LIRs only
– The IP addresses transferred must not be in use
– Receiving LIR must justify the need for the block
– Permanent or temporary
• Documentation required:
– Signed RIPE NCC Transfer Agreement
– Company registration papers for both parties
– RIPE NCC additional allocation (pre)approval for receiver
• Based on ripe-582, section 5.5
Ingrid Wijte 16 3) Legacy Space Transfers
• IPv4 address space that was distributed prior to the formation of the Regional Internet Registry (RIR) system
• The RIPE NCC is able to support transfers of legacy space when this is covered by a “Legacy Space Agreement”
• The RIPE NCC is not involved in cases where the resources are not covered by an agreement
Ingrid Wijte 17 IPv4 Transfer Listing Service
• Enables LIRs looking to transfer allocations to find receiving parties
• LIRs can also request resources
• Member-only service through the LIR Portal
• The RIPE NCC has no interest in financial transactions
• Transfers must follow transfer policy in ripe-582, section 5.5
• Currently 340,992 IPs offered vs 16,492,533 requested
Ingrid Wijte 18 IPv4 Allocation Transfers
19 Mergers Completed
(!"
'!"
&!"
%!"
$!"
#!"
!" )*+#" )*+$" )*+%" )*+&" )*+#" )*+$" )*+%" )*+&" )*+#" )*+$" )*+%" )*+&" )*+#" )*+$" )*+%" )*+&" $!#!" $!##" $!#$" $!#%"
20 Recent Policy Changes
• “Transparency in Address Block Transfers”
– Accepted proposal 2012-05
– The RIPE NCC now publishes a record of all transfers conducted according to the policy: http://www.ripe.net/lir-services/resource-management/ipv4- transfers/table-of-transfers
• “Revert “Run Out Fairly””
– Accepted proposal 2012-06
– Reverts the changes made by “Run Out Fairly”
– Allocation/assignment period returns to 12 months (from three)
– 50% assignment in use after 12 months
21 Current (Transfer) Policy Proposals (1)
• “Policy for Inter-RIR Transfers of IPv4 Address Space”
– Policy proposal 2012-02
– Describes how transfers of IPv4 address space between LIRs of different Regional Internet Registries will occur:
– Section 5.5 applies
– Need for policy compliance between RIRs:
– Originating party complies with policy of originating RIR
– Destination party complies with policy of destination RIR
– RIRs must have “compatible” as well as reciprocal policies
– Status: Review Phase – awaiting Working Group Chair decision
Ingrid Wijte 22 Current (Transfer) Policy Proposals (2)
• “No Restrictions on End User Assignments in Intra-RIR Transfers”
– Policy proposal 2013-05
– Removes requirement that a transferred allocation must not contain any block that is assigned to an End User
– IP addresses in use can be re-allocated
– End Users that later become an LIR can move their address blocks to their own account
– Status: Discussion Phase – awaiting documentation
Ingrid Wijte 23 Current Policy Proposals (3)
• “No Need – Post-Depletion Reality Adjustment and Cleanup”
– Policy proposal 2013-03
– Removes needs-based requirement for IPv4 delegations
– Status: Review Phase
• “RIPE NCC Services to Legacy Internet Resource Holders”
– Policy proposal 2012-07
– Status: Review Phase
24 Current Policy Proposals (4)
• “PA/PI Unification IPv6 Address Space”
– Policy proposal 2013-06
– Aims to unify the three RIPE documents ripe-589, ripe-451 and ripe-233 and to provide one document for all IPv6 address space.
– Removes the difference between PI and PA; Sub-allocation and Assignment
25 Join the Discussions
Address Policy Working Group: http://www.ripe.net/mailman/listinfo/address-policy-wg
Ingrid Wijte 26 PI Resources: Contractual Policy – Update
• Currently in Phase 3: Contacting End Users directly
• Several challenges
– Lack of familiarity with RIPE Policy and the RIPE NCC
– Identifying the legitimate resource holder
– Ensuring continuity of active networks
27 PI Resources: Contractual Policy – Update
!"#$%'()*"+,-$#'.'/-0&1#2'
)!*$ *'$ ((!$ #('$
+,,-./01$2.34$ 567-8$ 90:;-601$
!"##$ %&'$
28 Independent Resources: Maintenance
29 Assisted Registry Check (ARC) (1)
• New name for the RIPE NCC’s existing audit activities that have been improved with feedback from members and the RIPE community
• Maintain the periodic contact between LIRs and the RIPE NCC
• Reduce workload for LIRs
• The RIPE NCC provides a report highlighting our observations and recommendations
• Overview of registered information (e.g. contact details)
30 Assisted Registry Check (ARC) (2)
• Overview of Internet Number Resource consistency (e.g. overlapping assignments)
• Overview of rDNS and route-objects consistency (e.g. checking lame reverse delegations and routing registry vs BGP announcements)
• Assist LIRs with improving data accuracy
• An opportunity for LIRs to ask about RIPE Policies, registering objects in the RIPE Database and using RIPE NCC tools
31 Address Hijacking
• Due to an End User report, we discovered a number of resources that have been hijacked
• Hijackers seem to be targeting unannounced resources
• Hijackers abused long established processes
• A sophisticated approach: forged legal documents and signatures, copied websites and re-registered expired domains
32 Taking Steps in Response
• Updating our processes as appropriate
• Reverting unauthorised changes
• Reporting illegal activities to the authorities
• Where member involvement can be proven: closure of LIR account and de-registration of resources
• In case of a dispute:
– Affected party can escalate the process to RIPE NCC management for a final decision
– If not resolved, can object to decision via Arbiters Panel if members (non-members must go through sponsoring LIR)
33 Getting the Balance Right
• Mindful of the balance between ensuring that we are talking to the legitimate holder vs being overly bureaucratic or inflexible
• Many legitimate cases (e.g. legacy resources) where proof of holdership can be difficult to establish
• End Users might find the RIPE NCC becoming more strict in its verification requirements as a result
34 What You Can Do
• Protect your resources against hijacking by making sure your RIPE Database objects and contact information are up to date
• If you need help, or think your resources may have been hijacked, contact: [email protected]
35 Questions?