Internet Number Resource Management

PART 1

Introduction

• AfriNIC• Audience• Tea Breaks / Lunch

Session Objectives

• About AfriNIC• Introduce participants to the fundamentals of

Internet Number Resource Management• Dealing with AfriNIC in getting and managing

Internet number resources.

Content

Introduction to Internet Number Resources & How they are Managed Internet Number Resources Understanding policies and the policy development process About AfriNIC : Who we are, what we do How to become an AfriNIC member Membership Options, Fees structure Preparing your number resource requests NAT & IPv4 Address planning IPv4 Address Exhaustion : Facts & Figures Brief Introduction to The AfriNIC ‘whois’ service.

About AfriNIC

• RIR (Regional Internet Registry) that serves Africa. – ICANN recognized in 2005

• Not-for-profit• Membership open to entities located in the

service region.• Located in Mauritius.– Infrastructure (public services) located in South

Africa.

About AfriNIC

• What we do:– Manage the distribution of Internet Number

Resources in Africa– Facilitate development of number resource

management policies– Design and deliver training on technical issues

around number resource management– Work with and support internet development

initiatives around the continent

Internet Number Resources

• IP Addressesv4/v6

• AS Numbers16/32-bit

• Reverse DNS Delegations *.in-addr.arpa..ip6.arpa.______________________________________________

* not a number resource per-se, but a service provided by all RIRs in tandem with v4/v6 registration .

IP addresses

• An IP address is a “number” that identifies a computer or device on the internet (or a network)

• Every computer requires an IP address in order to connect to or be part of any network, or the Internet.

• There are currently two “versions” :– IPv4 (pool soon running out)– IPv6 (The “Next Generation”)

Who issues IP addresses? (1/3)

• IP addresses are managed and distributed by Regional Internet Registries (RIRs).

• A RIR is a non-profit body that manages the issuance of IP addresses and other number resources within a particular geographical region.

• There are currently 5 RIRs: AfriNIC, APNIC, LACNIC, ARIN and RIPE NCC

Who issues IP addresses? (2/3)

Registry (RIR) Region Served

AfriNIC Africa (including Mauritius, Seychelles, Madagascar)

ARIN USA & Canada

LACNIC South America & the Caribbean

APNIC Asia & Australia

RIPE NCC Europe & the Middle East

Who else issues IP addresses

• Addresses can also be obtained from your upstream/gateway provider

• Gateway providers often find it difficult to adequately understand and service the increasing IP needs of developing countries.

• Obtaining addresses from gateway providers often degrades other services (such as geo-location).

Why do I need own IP addresses?• To increase your network’s reliability by multi-

homing – having more than one connection point (upstream) to the internet.– If one connection becomes unavailable, the router

connects to another available network, hence no visible downtime.

• Eliminate dependency on upstream ISP for addressing needs and hence:– Avoid renumbering when changing ISPs– Plan, manage and scale own addressing

requirements.

Can I buy/sell IPv4 Addresses ?

• Section 8 of the RSA says:– “NO PROPERTY RIGHTS. The Applicant acknowledges

and agrees that the numbering resources are not property (real, personal or intellectual) and that The Applicant shall not acquire any property rights on any numbering resources by virtue of this Agreement or otherwise. …“

– AfriNIC could cancel the RSA (and revoke any resources) if there’s evidence of such.

– Community can address such issues through the PDP.

AfriNIC Resource Pool

• IPv4:41/8, 102/8, 105/8, 197/8, Legacy Space.

• IPv6:2c00::/12, 2001:4200::/23

• ASN:36864 – 37887, 327680 - 328703

IPv4 Addresses Issued in the Region

AfriNIC IPv4 Pool Status

• Four /8s plus (non-contiguous) legacy/ERX address blocks.

• Approx 73m IP addresses left in pool (as at April 2011)

• Average Monthly Consumption Rates:– 2011: 680,256 addresses– 2010: 710,080 addresses– 2009: 500,000 addresses

AfriNIC IPv4 Pool Status

Block Issued Utilized41/8 May 05 99.05 %

102/8 Feb 11 12.50 %105/8 Nov 10 0.00 %197/8 Oct 08 55.05 %

* Excludes Legacy/ERX address blocks.

Questions

Address Management Principles

• The Internet has evolved into a basic need (just like water, telephony, energy).

• IP addresses are a public resource, critical for the operation of the Internet.

• No entity can claim “ownership” of these resources.

• ICANN has delegated regional management to the RIRs.

Address Management Principles The Hierarchy

Address Management Principles

• AfriNIC acts as the custodian of the IP address/number resource pools.

• The public (the community) create the guidelines and processes (called policies) that AfriNIC must employ to distribute the addresses.

• The policy development process is itself created and continually reviewed by the community.

Address Management Principles

• The policy development process is 6-part:– A new proposal (or change to existing policy) is

proposed by anyone from anywhere.– It’s posted on the (AfriNIC-hosted) policy discussion

mailing list (rpd@afrinic.net) and discussed for at least 30 days.

– It’s presented at an AfriNIC face-to-face meeting.– If there’s consensus at the f2f meeting, the proposal is

posted to the mailing list again for a 15-day “last-call” period, for any comments arising after the presentation & discussions during the f2f meeting.

Address Management Principles

– If there are no serious objections during the “last-call” period, the proposal is sent to the AfriNIC Board of Directors for approval & ratification.

– AfriNIC implements the requirements in the proposal and it becomes an active policy.• Implementation of a policy does not necessarily make it

permanent. A proposal to modify existing policy can be drafted.

Address Management Principles:The PDP

Address Management Objectives

• Conservation (chiefly applies to IPv4):– Efficient resource usage– Demonstrated need

• Aggregation– Limit routing table growth– Support provider-based routing

• Registration– Uniqueness– Network troubleshooting

Questions

How to Request IP Addresses

Types of Membership

There are 2 types of membership: LIR : (Local Internet Registry) – usually ISPs. Can

assign from allocated resources to other parties (e.g., customers)

EU : (End User) – plan to use requested resources only internally, never to issue to a third party.

How to Request IP Addresses (1/2)

• The procedure is 4-part:– Apply for membership (from the AfriNIC website)– Request for IP address space. The request is

evaluated once received.– Pay the membership fee upon request approval– Membership is approved and IP addresses are

issued by AfriNIC.

How to Request IP Addresses (2/2)

How to Request IP Addresses

Applying for Membership

Member Organizations must be:o Incorporated in Africao Having IP network infrastructure in Africa

Individual (non-company) memberships not allowed.

How to Request IP Addresses

Applying for Membership

Documents to support the application include the following:– Certificate of Incorporation– Proof of Address/Location• Tenancy Agreement• Utility bills (Energy, Telephone).

How to Request IP Addresses

Applying for Membership

https://my.afrinic.netClick on “Register”Fill in the online form and submit

How to Request IP Addresses

Allocation (PA – Provider Aggregatable)An allocation is a block of IP addresses that has been allocated to an LIR for subsequent distribution.

Assignment (PI – Provider Independent)An assignment is a block of IP addresses delegated to an organisation for specific use within the Internet infrastructure they operate.

How to Request IP Addresses

The Registration Services Agreement (RSA)

The RSA is the contract between the member and AfriNIC.

It’s automatically generated from filling the online application form.

An original signed copy must be sent by courier to Mauritius.

IP Address Eligibility CriteriaIPv4 IPv6

ISPs (LIRs):

Be (or request to be) an AfriNIC Member Be (or request to be) an AfriNIC Member

• Either show proof of existing utilization of address space from an upstream ISP, or justify an immediate need of address space.• A combination of the two factors is also possible and acceptable.

Plan to provide IPv6 connectivity to a reasonable number of end-sites / customers in the AfriNIC service region.

Plan to announce the requested prefix on the internet within 12 months of acquiring it (also applies to EU below)

End-Users:

Be (or request to be) an AfriNIC Member Be (or request to be) an AfriNIC Member

Either show proof of existing utilization of at least a /25 from an upstream ISP or justify an immediate need of at least 50% of total requested space.

Hold IPv4 End-User space or possess the eligibility criteria to obtain the space.

How to Request IP Addresses

Important: Have the following handy:

To verify your need for IP addresses:Contract(s) with your gateway/upstream ISP(s)Proof of purchase and/or installation of

equipment.Licenses (where needed) from your telecoms

regulator.

How to Request IP Addresses

Other things you should know:Plan your addressing requirements for only

the next 12 months.Ask for both your core network, and what

your customers will need.Do not plan to hoard.Do not ‘NAT’ unless necessary (.. for purpose

of ‘conserving’ addresses?).

What about IPv6

• Any member holding IPv4 space, by nature of current IPv6 policy, can get IPv6.

• Just request for it, you’ll get it – ISPs (LIRs): /32– End Users: /48

• No additional charges to the annual recurring membership fees!

What about IPv6

• ISP/LIR /32 allocations are issued out of a reserved /29. A contiguous prefix will be issued subsequently.

• End-User /48 assignments are issued out of a reserved /44.

• At the time of requesting, any prefix size will be issued if justified.

What about IPv6

Policy requires that the received prefix be announced within 12 months of receiving it.

Prefix Organization Issued Advertized

2001:43f8:2a0::/48 University of Botswana May ‘11 Yes

2001:43f8:2b0::/48 Botswana Post. May ‘11 No

2c0f:ff00::/32 Botswana Telecoms. Nov ‘10 No

IPv6 delegations / annum

IPv6 Distribution by Country

Questions

Reverse DNS Delegation

• Reverse DNS: The process of resolving an IP address to a domain name (the opposite of forward DNS).

• One of the core services provided by RIRs• Root of rDNS db:– IPv4: .in-addr.arpa.– IPv6: .ip6.arpa.

• Resolution process is by PTR DNS records.

Reverse DNS Delegation

Common uses of RDNS:• Most ISPs will block mail from relays without

valid PTR record.• Most mail servers will also reject mail from

relays without valid PTR record.• Network troubleshooting tools: Tend to use

PTR records when logging hosts (to make it more human-readable). Traceroute, ping, syslog, etc

Reverse DNS Delegation

• Setup the name-servers that will serve the reverse zones.– AfriNIC does not operate commercial DNS services

or offer secondary services.

• Tell AfriNIC about the zones + configured name-servers.– Through MyAfriNIC (web-portal for members).– By creating “domain” whois database objects.

Questions

The whois db

• “whois”:– a ‘query/response’ protocol.– defined in RFC3012 : “Whois Protocol

Specification”.– Used to query and interact with databases that

store information about an internet resource.– Implementations vary but the principle is the

same.

The whois db

– All AfriNIC-issued resources are publicly availed in the AfriNIC whois database.• IP addresses, AS Numbers, Reverse DNS information• Contact information for each of the above:

– Physical Address– Telephone Contacts– Email addresses

– Do not provide information for listing if it is not meant to be public (such as the CEO’s email address, etc).

Uses of the whois db

• Very useful tool for LEAs in fighting cybercrime. – 1st point of contact for looking up IP addresses &

associated contact info.

• IP address geo-location tools.– Google (browser country identification)– iTunes? (content for different economies)ETC

The whois db

• How to query/search the AfriNIC whois db:– From any browser: http://whois.afrinic.net– Using software “whois clients”:• OSX/Linux: Use the ‘whois’ command from the shell.

Install it if it’s not installed. (From http://whois.sourceforge.net )• Windows: Many tools exist but are not free. The best

free option is the browser (above).

Help & Support• Requesting IP addresses, and status of all ongoing

requests:hostmaster@afrinic.net+230 403 5100+230 466 6616Skype: skype2afrinic

• Membership applications new-member@afrinic.net

• Any other inquiries:contact@afrinic.net

QUESTIONS