1 / 100

Welcome to the RIPE NCC IP Request Tutorial

Welcome to the RIPE NCC IP Request Tutorial May 13,2003 RIPE Network Coordination Centre <training@ripe.net> Logistics Time line : 9:00-10:30, break, 11:00-12:30 Material http://www.ripe.net/ripe/meetings/ripe-45/tutorials/ip-tutorial/ Reference Booklet

Audrey
Télécharger la présentation

Welcome to the RIPE NCC IP Request Tutorial

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Welcome to theRIPE NCC IP Request Tutorial May 13,2003 RIPE Network Coordination Centre <training@ripe.net>

  2. Logistics • Time line : 9:00-10:30, break, 11:00-12:30 • Material • http://www.ripe.net/ripe/meetings/ripe-45/tutorials/ip-tutorial/ • Reference Booklet • Target audience: non-LIRs, new LIR staff • Objectives • how to interact with RIPE NCC • present latest policies & procedures • LIR Training Courses: http://www.ripe.net/training/lir/ • Trainers

  3. Overview • Basic RIPE Database Issues • querying DB • creating person object • Initial Administrivia • terminology • setting-up an LIR • first allocation • Assigning Address Space • communication with hostmasters • completing the request form • Evaluation of Requests • Registering Address Space • managing your allocation • Assignment Windows • Reverse Delegation • PI Request • AS Numbers

  4. Basic RIPE Database Issues Description DB query Creating contact info objects More info: http://www.ripe.net/db/

  5. RIPE Whois Database Intro • Public Network Management Database • Software • Ripe NCC • Requirements by RIPE community • Data • LIRs, End Users, RIPE NCC • Not responsibility of RIPE NCC

  6. Object Types • Information about: objects: IP address space . . . . . . . . . . . inetnum, inet6num Reverse domains. . . . . . . . . . . . domain Routing policies . . . . . . . . . . . . . route, aut-num, etc Contact details . . . . . . . . . . . . . person, role, Data protection . . . . . . . . . . . . . mntner, irt • Documents: • RIPE NCC Database Reference Manual(ripe-252) • RIPE NCC DB User Manual: Getting Started (ripe-253)

  7. Basic Queries • Whois (client, web interface) • whois -h whois.ripe.net • http://www.ripe.net/perl/whois • Searches only look-up keys • Look-up keys - usually object name • Glimpse - full text search http://www.ripe.net/db/whois-free.html Examples

  8. Creating a Person Object • Only one object per person • Fill out a template • whois -t person • whois -v person (verbose) • Send to <auto-dbm@ripe.net> (“robot”) OR Webupdates: http://www.ripe.net/webupdates Example New!

  9. whois -t person attributes person: [mandatory] [single] [lookup key] address: [mandatory] [multiple] [ ] phone: [mandatory] [multiple] [ ] fax-no: [optional] [multiple] [ ] e-mail: [optional] [multiple] [lookup key] nic-hdl: [mandatory] [single] [primary/look-up key] remarks: [optional] [multiple] [ ] notify: [optional] [multiple] [inverse key] mnt-by: [optional] [multiple] [inverse key] changed: [mandatory] [multiple] [ ] source: [mandatory] [single] [ ] person: [mandatory] [single] [lookup key] address: [mandatory] [multiple] [ ] phone: [mandatory] [multiple] [ ] fax-no: [optional] [multiple] [ ] e-mail: [optional] [multiple] [lookup key] nic-hdl: [mandatory] [single] [primary/look-up key] remarks: [optional] [multiple] [ ] notify: [optional] [multiple] [inverse key] mnt-by: [optional] [multiple] [inverse key] changed: [mandatory] [multiple] [ ] source: [mandatory] [single] [ ] person: [mandatory] [single] [lookup key] address: [mandatory] [multiple] [ ] phone: [mandatory] [multiple] [ ] fax-no: [optional] [multiple] [ ] e-mail: [optional] [multiple] [lookup key] nic-hdl: [mandatory] [single] [primary/look-up key] remarks: [optional] [multiple] [ ] notify: [optional] [multiple] [inverse key] mnt-by: [optional] [multiple] [inverse key] changed: [mandatory] [multiple] [ ] source: [mandatory] [single] [ ] *

  10. nic-hdl • Unique identifier for person and role objects • Format: <initials>[number]-<database> • e.g. JFK11-RIPE • Use “AUTO-<number>” placeholders to generate new nic-handle person: Piet Bakker ... nic-hdl: AUTO-1 PB1234-RIPE role: Technical BlueLight Staff ... nic-hdl: AUTO-#initials AUTO-2BL BL112-RIPE

  11. Database Robot Responses<auto-dbm@ripe.net> • Successful update • Errors • object NOT accepted • If unclear, send questions to <ripe-dbm@ripe.net> • include error report and original message • ticketised New!

  12. Questions? • <ripe-dbm@ripe.net> problems with the DB robot (auto-) • <db-help@ripe.net> basic questions (mailing list) Diag C

  13. Initial Administrivia Terminology How to set-up an LIR First allocation and assignments

  14. Terminology • Allocation • address space set apart, for LIR’s future use (LIR+ customers) • status: ALLOCATED PA • Assignment • address space in use in networks (End User or LIR’s infrastructure) • status: ASSIGNED PA • AW* • maximum nr of addresses an LIR can assign without RIPE NCC’s approval /20 allocation = 4096 addresses assignment assignment

  15. Classless Addressing • Classful: 3 fixed network sizes: A, B, C • Problem: waste of addresses, routing • Solution: Classless Inter Domain routing (CIDR)  flexible allocation / assignment sizes! hierarchical distribution  • Always make classless assignments! • “/23 & /25” or /27 etc…. not always /24 !!!

  16. ARIN RIPE NCC APNIC LIR IP Address Distribution IANA / ICANN /8 /8 LACNIC …, /16, …, /20 Enter-prise LIR LIR ISP …, /19, …, /24, …, /29 End User End User End User Internet Registry Goals: AGGREGATION routing! CONSERVATION no stockpiling! REGISTRATION uniqueness / troubleshooting

  17. How to Set-up an LIR • Complete application form & send to <new-lir@ripe.net> • provide Reg-ID & contact persons • Do you qualify for the address space? • if not, still can receive other member services • Confirm to have read relevant RIPE documents • ripe-234 etc • Sign contract - “Service agreement” • Pay the sign-up & yearly fee • billing@ripe.net New LIRs get 2 free vouchers for RIPE Meetings New! New!

  18. First Allocation New! • To qualify for the first allocation, LIR • must already be using at least a /22 • or must show immediate need of at least /22 • Steps: • complete “IP Address Request Form(s)” for (multiple) assignment(s) (ripe-219) • send to <hostmaster@ripe.net> • RIPE NCC evaluates and approves request(s) • complete IPv4 First Allocation Request Form (ripe-235) • send to <hostmaster@ripe.net> • Default minimum allocation size /20 (4096 addresses) • LIR must renumber address space in use, if it’s =< /22 New!

  19. After the First Allocation Approval • inetnum objects in the RIPE Database: • RIPE NCC hostmaster creates allocation • LIR staff creates assignment(s) • Whole allocation can be announced immediately • LIR can create route object for the whole allocation • AW=0 -- every subsequent assignment must be approved by the RIPE NCC

  20. Examples of inetnum Objects Mandatory protection by the RIPE-NCC inetnum: 80.35.64.0 - 80.35.79.255 netname: NL-BLUELIGHT-20000909 descr: Provider Local Registry ... status: ALLOCATED PA mnt-by: RIPE-NCC-HM-MNT mnt-lower: BLUELIGHT-MNT mnt-routes: BLUELIGHT-MNT ... Mandatory hierarchical authorisation using LIR-MNTNER (hostmaster will create one) inetnum: 80.35.64.0 - 80.35.67.255 netname: BLUELIGHT descr: Infrastructure ... status: ASSIGNED PA mnt-by: BLUELIGHT-MNT mnt-lower: BLUELIGHT-MNT mnt-routes: BLUELIGHT-MNT ... Mandatory protection by the LIR-MNTNER Recommended hierarchical authorisation

  21. Questions?

  22. Assigning Address Space • Assignment Process • Terminology • Communication with the hostmaster • Request form

  23. LIR Evaluates Request Assignment Process, AW=0 End User yes (*) request > AW? no yes Approach RIPE NCC need 2nd opinion? no RIPE NCC evaluates & approves LIR Chooses Addresses LIR Updates Local Records LIR Updates RIPE Database

  24. Communication Process IP Request Form Address: <hostmaster@ripe.net> LIR Always include: - Reg-ID - your name - (ticket nr) Re-send using the same ticket number robot errors? yes no Ticket Queue } LIR human hm Re-send using the same ticket number * Evaluation questions? yes no approval

  25. Registry Identification (Reg-ID) • Distinguishes between LIRs • eg: nl.bluelight • Include in every message to RIPE NCC • Suggestion - modify mail header: • X-NCC-RegID: nl.bluelight

  26. LIR Contact Persons • RIPE NCC internal “reg” file for each registry • confidential • only contact persons can • send requests • change contact info • To updatecontact info:  “LIR Portal” • createperson objects in RIPE DB • “reg” file not updated from RIPE DB! • Members’ mailing lists <local-ir@ripe.net> (lst-localir) ; <ncc-co@ripe.net> (lst-contrib)

  27. LIR Portal New! • Secured web access to private RIPE NCC registry data • https://lirportal.ripe.net/ • Viewing and editing LIR info and resources: • (contact, billing + online payment, IP allocations and assignments, AS, status of tickets) • Activate account • Create user accounts with different privileges • These user accounts are not ‘LIR contact persons’ ! • create “LIR contact persons” in General Menu (from user account) • feedback ? mailing list: <lirportal-feedback@ripe.net> Example

  28. Ticketing System • Unique ticket nr per request • NCC#YYYYMMnnnn • Include it in every message about the request • do not create duplicate tickets! • Check status on web: open-ncc,open-reg, closed • http://www.ripe.net/cgi-bin/rttquery orLIR Portal Example

  29. Hostmaster-robot • Replies with: • Acknowledgement, • Warnings, • Error msg. • Errors: • request NOT in ‘Ticket Queue’ • Keywords in ‘Subject’: • LONGACK • NOAUTO

  30. When to Send a Request • If request size bigger than AW • Separate request forms for: • each End User network • LIR’s own infrastructure • can be in a single request: • LIR’s own network • blocks of IPs for server housing and web hosting • blocks of IPs for connection to End Users

  31. How to Get it Right the First Time • Before sending: • FAQ: • http://www.ripe.net/ripencc/faq/ • Short tips and tricks • http://www.ripe.net/ripencc/tips/tips.html • IPv4 Address Assignment and Allocation Policies (ripe-234) • RIPE-219:http://www.ripe.net/docs/iprequestform.html(ex ripe-141) • Web form (example) • fill in request • syntax check

  32. General Information • Example of the completed form • For the small ISP Laika, customer of the LIR Bluelight #[Overview of Organisation Template]# • which needs the IP addresses • name and location? • activities? • structure? • subsidiaries and where? • addresses for which part of the company? • #[Requester template]# • LIR contact for RIPE NCC • #[User template]# • Customer’s contact for LIR

  33. Real needs Concrete plans 120 10 8 14 24 0 0 14 0 120 19 13 14 50 120 25 14 10 ? ? ? Cumulative, total numbers #[ Addressing Plan Template ]# dynamic dial-up Amsterdam (*1) web/mail/ftp servers Amsterdam customers’ servers Amsterdam training room LAN Amsterdam Amsterdam office LAN (*2) dynamic dial-up Utrecht web/mail/ftp servers Utrecht Inet cafe Utrecht training room LAN Utrecht 0.0.0.0 0.0.0.128 0.0.0.160 0.0.0.176 0.0.0.192 255.255.255.128 255.255.255.224 255.255.255.240 255.255.255.240 255.255.255.192 255.255.255.128 255.255.255.224 255.255.255.240 255.255.255.240 128 32 16 16 64 128 32 16 16 448 Relative Subnet Mask Size Imm 1yr 2yr Description Prefix 120 12 10 14 35 120 12 14 0 0.0.0.0 255.255.255.128 128 120 120 120 dynamic dial-up Amsterdam (*1) 0.0.0.128 255.255.255.128 128 0 120 120 dynamic dial-up Utrecht 0.0.1.0 255.255.255.192 64 24 35 50 Amsterdam office LAN (*2) 0.0.1.64 255.255.255.224 32 0 12 25 web/mail/ftp servers Utrecht 0.0.1.96 255.255.255.224 32 10 12 19 web/mail/ftp servers A’dam 0.0.1.128 255.255.255.240 16 14 14 14 training room LAN Amsterdam 400 168 313 348 Totals 0.0.1.0 0.0.1.128 0.0.1.160 0.0.1.176 170 297 342 Totals (*1) 4 x E1 connection (*2) Office LAN = workstations, router, 2 printers and 1 fileserver

  34. Totals: 400 168 313 348 #[ Request Overview Template ]# request-size: 400 addresses-immediate: 168 addresses-year-1: 313 addresses-year-2: 348 subnets-immediate: 4 subnets-year-1: 6 subnets-year-2: 6 inet-connect: YES, already connected to “UpstreamISP” country-net: NL  private-considered: Yes request-refused: NO  PI-requested: NO  address-space-returned: 195.20.42.0/25, to UpstreamISP, “in 3 months”

  35. #[ Current Address Space Usage Template ]# Prefix subnet mask size imm 1yr 2yr description 195.20.42.0 255.255.255.192 64 16 0 0 dynamic dial-up a’dam 195.20.42.64 255.255.255.224 32 10 0 0 amsterdam office lan 195.20.42.96 255.255.255.240 16 4 0 0 utrecht office lan 195.20.42.112 255.255.255.240 16 6 0 0 mail servers 128 36 0 0 totals • Actual addresses • Describe all segments in use • also from other LIRs

  36. * * #[ Network Template ]# Note: no value needed! LAIKA LAIKA’s infrastructure NL AB231-RIPE JJ213-RIPE ASSIGNED PA BLUELIGHT-MNT BLUELIGHT-MNT BLUELIGHT-MNT jan@bluelight.nl RIPE inetnum: netname: descr: country: admin-c: tech-c: status: mnt-by: mnt-lower: mnt-routes: changed: source: Note: DB SW will add date!

  37. Questions?

  38. Evaluation of Request

  39. Evaluation -- Current Usage • All previous assignments listed ? • From other LIRs? • Query the RIPE DB • use “Glimpse” • Returning address?

  40. Evaluation -- Addressing Plan • Subnet description • All subnets classless? • network can be several CIDR blocks • Utilisation: 25% immediately, 50% in one year • Time frame: • other forecast periods can be used

  41. Evaluation Policies • Policy document: ripe-234 • dynamic dial-up! not static • name-based virtual web hosting! not IP-based • exceptions (SSL, ftp&mail servers..) • special verification methods for more than /20: also for xDSL, cable, GPRS… • DHCP recommended

  42. Motivation for ‘No Reservations’ Policy • Def.: Address space set aside for future use • Internal reservations • space between two assignments within allocation. • Requested reservations • zeros in “Addressing Plan” • RIPE NCC refuses ‘requested reservations’ • 2-year network growth planning sufficient

  43. Renumbering Request • Customer changing providers • returning PA space to old LIR • replacing PI space with PA • Mention explicitly: ‘renumbering request’ • in “Current Usage” or “Overview of Org.” • “Request Overview Template” address-space-returned: 195.42.0.0/25 to ISP-A 20020923 • “return” lines in reg file

  44. Possible Additional Information • Pointer to web site • company • unusual hw / sw • Deployment plan • receipts • Network topology map • Fax or mail info (+3120-5354445) • handled confidentially • include ticket nr, reg-id, hostmaster’s name

  45. Planned operational Date Date Equipment ordered Type of Equipment Number of hosts Location modems modems modems modems 2040 2040 2040 2040 London Berlin Paris Moscow 02/2003 05/2003 06/2003 09/2003 08/2002 11/2002 11/2002 -------- Sample Deployment Plan • When big expansion is planned • Must match addressing plan Relative subnet mask size Imm. 1yr 2yrdescription Prefix 0.0.0.0 255.255.248.0 2048 0 1020 2040 London pop 0.0.8.0 255.255.248.0 2048 0 1020 2040 Berlin pop 0.0.16.0 255.255.248.0 2048 0 1020 2040 Moscow pop 0.0.24.0 255.255.248.0 2048 0 1020 2040 Paris pop

  46. Approval • Approval message sent to LIR • size • (e.g. 400 IPs = /24, /25 & /28) • netname • date • ticket closed • LIRs archives approval message • plus all original documents

  47. Questions?

  48. Registering Address Spacein the RIPE Database How to create network object Managing LIR’s allocation

  49. Why Register? • Last and important step in the assignment process • contact info • overview • uniqueness • Address space in use only if it’s in RIPE DB • or else delays in : new allocation, reverse del, AW raise, audit… • Responsibility of the LIR

  50. Creating Network (inetnum) Objects • “Network template”: • from the approved request • fill in the address range • or: whois -t inetnum • ‘inetnum’ value in ‘dash’ notation! • e.g. 80.35.64.32 - 80.35.64.63 (include 2 ‘spaces’!) • Send to <auto-dbm@ripe.net> • with the (only) keyword NEW in ‘subject’ • to avoid over-writing existing objects • OR:“Webupdates” • Has to pass hierarchical authentication

More Related