SlideShare une entreprise Scribd logo

Getting IPv6 & Securing your Routing

RIPE NCC
RIPE NCC

Presentation given by Ferenc Csorba at: IPv6 Kongress, Frankfurt, Germany, on 10-11 May 2012

Technologie
1  sur  98
Télécharger pour lire hors ligne
Getting IPv6 & Securing your Routing IPv6 Kongress May 2012, Frankfurt Sandra Brás & Ferenc Csorba, RIPE NCC
Schedule • IPv4 exhaustion • IPv6 address space • European IPv6 deployment statistics • BGP multihoming • Routing Registry and the RIPE Database • Resource Certification 2
RIPE / RIPE NCC RIPE Open community Develops addressing policies Working group mailing lists RIPE NCC Located in Amsterdam Not for profit membership organisation One of five RIRs 3
The five RIRs 4
Internet Number Resources • IP addresses - IPv4 eg. 193.0.0.203 - IPv6 eg. 2001:610:240:11::c100:1319 • Autonomous System Numbers (ASN) • Other public services - Training Services - RIPE Labs - RIPE Database - RIPE Stat - K-root name server - RIPE Atlas - Measurement tools - E-learning 5
Registration 6
Conservation 7
Aggregation 8
Who makes policies? ICANN / IANA ASO AfriNIC Reach consensusARIN RIPE NCC across communities APNIC LACNIC AfriNIC RIPE ARIN APNIC LACNIC community community community community community proposal proposal Global proposal Policy Proposal proposal proposal 9
Why would you want to participate? • Policy determines how you run your business • Over 8000 LIRs • Only a fraction are active participants in the PDP 10
How can you participate? • Working Group mailing lists - RIPE website → RIPE → Mailing Lists • Come to the RIPE Meetings - Two free tickets for new LIRs - Remote participation is also possible 11
IPv4 Address Pool Exhaustion
IANA IPv4 pool 40% 30% 20% 10% 0% 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 13
IPv4 address distribution /0 IANA /8 RIR /21 LIR /23 /25 /25 End User Allocation PA Assignment PI Assignment 14
IANA and RIRs IPv4 pool IANA Pool RIR Allocations Advertised RIR Pool Today 256 Data 192 128 64 0 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 15
Our slice of the IPv4 pie Legacy Other IANA AfriNIC LACNIC RIPE NCC ARIN APNIC 16
IPv4 exhaustion phases IPv4 still available. RIPE NCC’s allocation RIPE NCC can only RIPE NCC continues policy from last /8 distribute IPv6 distributing it applies ? now time IANA pool RIPE NCC RIPE NCC exhausted reaches pool final /8 exhausted Each of the 5 RIRs given a /8 17
Run Out Fairly (of IPv4) • Gradually reduced allocation / assignment periods • Needs for “Entire Period” of up to... - 12 months (January 2010) - 9 months (July 2010) - 6 months (January 2011) - 3 months (July 2011) • 50% has to be used up by half-period 18
RIPE NCC’s last /8 • We do things differently! • Ensures IPv4 access for all members - 16000+ /22s in a /8 - members can get one /22 (=1024 addresses) - must already hold IPv6 - must qualify for allocation • /16 set aside for unforeseen situations - if unused, will be distributed • No PI 19
Transfer of IPv4 Allocations • Policy 2007-08: Allocation Transfer Policy - Don’t buy your IPv4 on eBay! - Transfer unused allocations to another LIR - Minimum allocation size /21 - Evaluated by RIPE NCC - Update in RIPE Database http://www.ripe.net/lir-services/resource-management/listing 20
IPv4 Depletion in the RIPE NCC’s Region - https://www.ripe.net/internet-coordination/ipv4-exhaustion 21
0 75 150 225 300 2000-01 2000-07 2001-01 2001-07 2002-01 2002-07 2003-01 2003-07 2004-01 2004-07 2005-01 IPv4 Allocation Rate 2005-07 2006-01 2006-07 2007-01 2007-07 2008-01 2008-07 2009-01 2009-07 2010-01 2010-07 2011-01 2011-07 2012-01 22
IPv4 Depletion Worldwide IPv4 Pool in /8’s 6 5 4 3 2 1 0 AfriNIC RIPE NCC LACNIC ARIN APNIC 23
IPv6 Address Space
Where do all the addresses come from? IETF IANA AfriNIC ARIN RIPE NCC APNIC LACNIC 8000 LIRs End Users 25
IPv6 address distribution /3 IANA /12 RIR /32 LIR /48 /56 /48 End User PA Allocation Provider Aggregatable PI Assignment Assignment 26
IPv6 basics • IPv6 address: 128 bits - 32 bits in IPv4 • Every subnet should be a /64 • Customer assignments (sites) between: - /64 (1 subnet) - /48 (65536 subnets) • Minimum allocation size /32 - 65536 /48’s - 16777216 /56’s 27
IPv4 vs IPv6 (rounded off) IPv4 IPv6 addresses 4x109 2x1019 subnets allocations 2x106 4x109 to members in each allocation: in each allocation: subnets addresses 2048 4x109 28
Classless Inter-Domain Routing (CIDR) IPv6 Chart Prefix /48s /56s /64s Bits IPv4 CIDR Chart RIPE NCC /24 16M 4G 1T 104 /25 8M 2G 512G 103 IP Addresses Bits Prefix Subnet Mask /26 4M 1G 256G 102 /27 2M 512M 128G 101 /28 1M 256M 64G 100 1 0 /32 255.255.255.255 /29 512K 128M 32G 99 2 1 /31 255.255.255.254 /30 256K 64M 16G 98 4 2 /30 255.255.255.252 /31 128K 32M 8G 97 8 3 /29 255.255.255.248 /32 64K 16M 4G 96 16 4 /28 255.255.255.240 /33 32K 8M 2G 95 32 5 /27 255.255.255.224 /34 16K 4M 1G 94 64 6 /26 255.255.255.192 /35 8K 2M 512M 93 128 7 /25 255.255.255.128 /36 4K 1M 256M 92 256 8 /24 255.255.255.0 /37 2K 512K 128M 91 512 9 /23 255.255.254.0 /38 1K 256K 64M 90 1K 10 /22 255.255.252.0 /39 512 128K 32M 89 2K 11 /21 255.255.248.0 /40 256 64K 16M 88 4K 12 /20 255.255.240.0 /41 128 32K 8M 87 8K 13 /19 255.255.224.0 /42 64 16K 4M 86 16 K 14 /18 255.255.192.0 /43 32 8K 1M 85 32 K 15 /17 255.255.128.0 /44 16 4K 1M 84 64 K 16 /16 255.255.0.0 /45 8 2K 512K 83 128 K 17 /15 255.254.0.0 /46 4 1K 256K 82 256 K 18 /14 255.252.0.0 /47 2 512 128K 81 512 K 19 /13 255.248.0.0 /48 1 256 64K 80 1M 20 /12 255.240.0.0 /49 128 32K 79 /50 64 16K 78 2M 21 /11 255.224.0.0 /51 32 8K 77 4M 22 /10 255.192.0.0 /52 16 4K 76 8M 23 /9 255.128.0.0 /53 8 2K 75 16 M 24 /8 255.0.0.0 /54 4 1K 74 32 M 25 /7 254.0.0.0 /55 2 512 73 64 M 26 /6 252.0.0.0 /56 1 256 72 128 M 27 /5 248.0.0.0 /57 128 71 256 M 28 /4 240.0.0.0 RIPE NCC /58 64 70 512 M 29 /3 224.0.0.0 /59 32 69 1024 M 30 /2 192.0.0.0 /60 16 68 2048 M 31 /1 128.0.0.0 /61 8 67 4096 M 32 /0 0.0.0.0 /62 4 66 /63 2 65 Contact Registration Services: /64 1 64 www.ripe.net 29
Address Notation 2001:0db8:003e:ef11:0000:0000:c100:004d 2001:0db8:003e:ef11: 0000:0000:c100:004d 2001:db8:3e:ef11:0:0:c100:4d 1 1 1 0 1 1 1 1 0 0 0 1 0 0 0 1 30
Getting an IPv6 allocation • To qualify, an organisation must: - Be an LIR - Have a plan for making assignments within two years • Minimum allocation size /32 • Announcement as a single prefix recommended 31
RIPE Policy Proposal 2011-04 • Extension of the Minimum Size for IPv6 Initial Allocation - Proposes initial allocation up to a /29 - For example, for small LIRs to deploy IPv6 via 6RD (RFC 5969) DER DISCUSSION UN • Proposal currently in Review Phase - The RIPE NCC is working on impact analysis 32
What does the first IPv6 allocation cost? - for all - pending General Meeting decision or: - for approximately 97% of the LIRs - more points, but not higher category! 33
Why Create an IPv6 Addressing Plan? • Mental health during implementation(!) • Easier implementation of security policies • Efficient addressing plans are scalable • More efficient route aggregation 34
IPv6 Subnetting 35
Make an addressing plan (I) • Number of hosts is irrelevant • Multiple /48s per pop can be used - separate blocks for infrastructure and customers - document address needs for allocation criteria • /64 for all subnets - autoconfiguration works - renumbering easier - less typo errors because of simplicity 36
Make an addressing plan (II) • Use one /64 block (per site) for loopbacks - One /128 per device - One /64 contains enough /128s for 18.446.744.073.709.551.616 devices 37
More On Addressing Plans for ISPs • For private networks, look at ULA • For servers you want manual configuration • Use port numbers for addresses - pop server 2001:db8:1::110 - dns server 2001:db8:1::53 - etc... 38
Point-to-Point Connections • How much space for point-to-point connections? - RFC4291: Interface IDs are required to be /64 - RFC3627: Use of /127 between routers considered harmful - RFC6547: RFC3627 to Historic Status - RFC6164: Using /127 on Inter-Router links • Be safe: reserve a /64, assign a /127 per point-to-point connection 39
Customer assignments • Give your customers enough addresses - Up to a /48 • For more addresses, send in request form - Alternatively, make a sub-allocation • Every assignment must now be registered in the RIPE database 40
Using AGGREGATED-BY-LIR ALLOCATED-BY-RIR ASSIGNED AGGREGATED-BY-LIR ALLOCATED-BY-LIR /36 /44 assignment-size: 56 /34 AGGREGATED-BY-LIR assignment-size: 48 /40 hint :) /48 /48 /48 /48 /48 41
Group assignments in the RIPE DB inet6num:        2001:db8:1000::/36 netname:         Bluelight descr:           We want more Bluelight B.V. descr:      Colocation services country:          NL admin-c:         BN649-RIPE tech-c:          BN649-RIPE status:          AGGREGATED-BY-LIR assignment-size: 48 mnt-by:          BLUELIGHT-MNT notify:          noc@example.net changed:        noc@example.net 20110218 source:         RIPE 42
Customers And Their /48 • Customers have no idea how to handle 65536 subnets! • Provide them with information – https://www.ripe.net/lir-services/training/material/IPv6- for-LIRs-Training-Course/IPv6_addr_plan4.pdf 43
IPv6 Address Management • Your Excel sheet might not scale – There are 65.536 /48s in a /32 – There are 65.536 /64s in a /48 – There are 16.777.216 /56s in a /32 • Find a suitable IPAM solution 44
Getting IPv6 PI address space • To qualify, an organisation must: - Meet the contractual requirements for provider independent resources • Minimum assignment size /48 45
Reverse DNS 2001:db8:3e:ef11::c100:4d 46
Reverse DNS 2001 db8 2001:0db8:003e:ef11:0000:0000 :c100: 004d . . . . . . . .ip6.arpa d.4.0.0.0.0.1.c.0.0.0.0.0.0.0.0.1.1.f.e.e. 3.0.0.8.b.d.0.1.0.0.2.ip6.arpa PTR yourname.domain.tld d.4.0.0.0.0.1.c.0.0.0.0.0.0.0.0.1.1.f.e.e.3.0.0.8.b.d.0.1.0.0.2.ip6.arpa PTR yourname.domain.tld 47
IPv6 Deployment Statistics
IPv6 Allocation Rate 2
IPv6 PI Assignments 3
Members with IPv6 and IPv4 7853 members with IP resources 3846 3918 89 IPv4 only IPv6 only IPv6 and IPv4 51
IPv6 Ripeness • Rating system: - One star if the LIR has an IPv6 allocation - Additional stars if: - IPv6 Prefix is announced on router - A route6 object is in the RIPE Database - Reverse DNS is set up - A list of all 4 star LIRs: http://ripeness.ripe.net/ 52
IPv6 RIPEness: 8097 LIRs (5 May 2012) 1 star 2 stars 3 stars 4 stars No IPv6 1 star 14% No IPv6 51% 2 stars 6% 3 stars 11% 4 stars 18%
0 225 450 675 900 Slovenia (47 LIRs) Netherlands (418 LIRs) 1star Czech Republic (221 LIRs) Germany (821 LIRs) 2star Switzerland ( 260 LIRs) Poland (214 LIRs) 3star Austria (155 LIRs) Portugal (37 LIRs) 4star Norway (163 LIRs) IPv6 RIPEness – countries (5 May 2012) Denmark (123 LIRs) 0star 54
0% 25% 50% 75% 100% Slovenia (47 LIRs) Netherlands (418 LIRs) 1star Czech Republic (221 LIRs) Germany (821 LIRs) 2star Switzerland (260 LIRs) Poland (214 LIRs) 3star Austria (155 LIRs) Portugal (37 LIRs) 4star Norway (163 LIRs) IPv6 RIPEness – relative (5 May 2012) Denmark (123 LIRs) 0star 55
IPv6 enabled ASes in global routing All Germany Belgium France Netherlands 50% http://v6ASNs.ripe.net 42% 33% 25% 17% 8% 0% 2004 2005 2006 2007 2008 2009 2010 2011 2012 56
World IPv6 Launch • http://www.worldipv6launch.org/ 57
Useful information Websites • http://www.getipv6.info/ • http://www.ipv6actnow.org • http://datatracker.ietf.org/wg/v6ops/ • http://www.ripe.net/ripe/docs/ripe-501.html Mailing lists • http://lists.cluenet.de/mailman/listinfo/ipv6-ops • http://www.ripe.net/mailman/listinfo/ipv6-wg 58
Multihomed BGP Routing Setup
Scenario 1: LIR = PA allocation + ASN ISP 1 ISP 2 x AS3 AS7 AS4 AS5 AS6 • Can make assignments to End Users 60
Scenario 2: End User = PI + ASN ISP 1 ISP 2 x • Can NOT sub-assign further!!! - (in IPv4 can still use PI for xDSL, broadband...) 61
Scenario 3: LIR = PI + ASN ISP 1 ISP 2 x • Can NOT sub-assign further!!! - (in IPv4 can still use PI for xDSL, broadband...) 62
Scenario 4: PI End User, not multihomed ISP 1 ISP 2 x • Part of LIR’s AS number - does not want to / can not run BGP - still wants “portable” addresses 63
How to get an AS Number • Assignment requirements - Address space - Multihoming - One AS Number per network • For LIR itself • For End User - Sponsoring LIR requests it for End User - Direct Assignment User requests it for themselves 64
32-bit AS Numbers and you • New format: “AS4192351863” • Act now! • Prepare for 32-bit ASNs in your organisation: - Check if hardware is compatible; if not, contact hardware vendor - Check if upstream uses compatible hardware; if not, they should upgrade! 65
RIPE Database
RIPE Database • Public Internet resource and routing registry database 67
RIPE Database objects • Resources – inetnum, inet6num, aut-num, domain • Routing – route, route6, aut-num • Security – mntner • Contact – organisation, person, role 68
Protection mntner: LIR-MNT person: John Smith admin-c: JS123-RIPE nic-hdl: JS123-RIPE tech-c: JS123-RIPE address: sesamestreet 1 mnt-by: LIR-MNT phone: +1 555 0101 notify: noc@example.org e-mail: john@example.org mnt-nfy: list@example.org mnt-by: LIR-MNT abuse-mailbox: abuse@example.org auth: MD5-PW $1$xT9SJ 69
Protection inetnum: 85.11.186.0/25 descr: My Assignment status: ASSIGNED PA mnt-by: LIR-MNT admin-c: LA789-RIPE tech-c: LA789-RIPE mntner: LIR-MNT admin-c: LA789-RIPE person: John Smith tech-c: LA789-RIPE nic-hdl: JS123-RIPE mnt-by: LIR-MNT mnt-by: LIR-MNT notify: noc@example.org address: sesamestreet 1 mnt-nfy: list@example.org phone: +1 555 0101 abuse-mailbox: abuse@example.org e-mail: john@example.org auth: MD5-PW $1$xT9SJ aut-num: 64551 descr: My AS Number mnt-by: RIPE-NCC-END-MNT mnt-by: LIR-MNT org: ORG-BB2-RIPE admin-c: LA789-RIPE tech-c: LA789-RIPE 70
Routing Registry
What is “Internet Routing Registry” • Distributed databases with public routing policy information, mirroring each other: irr.net - APNIC, RADB, Level3, SAVVIS... • RIPE NCC operates “RIPE Routing Registry” • Big operators make use of it - AS286 (KPN), AS5400 (BT), AS1299 (Telia), AS8918 (Carrier1), AS2764 (Connect), AS3561 (Savvis), AS3356 (Level 3)... 72
Publishing routing policy in IRR • Required by some Transit Providers & IXPs - they use it for prefix-based filtering • Allows for automated generation of prefix filters - and router configuration commands, based on RR • Contributes to routing security - prefix filtering based on IRR registered routes prevents accidental leaks and route hijacking • Good housekeeping 73
RIPE RR is part of the RIPE Database • route[6] object creation is responsibility of LIR - every time you receive a new allocation, do create a route or route6 object • route and route6 objects represent routed prefix - address space being announced by an AS number 74
Route and route6 object organisation: ORG-BB2-RIPE route6: 2001:db8::/32 origin: AS2 tech-c: LA789-RIPE admin-c: JD1-RIPE mnt-by: RIPE-NCC-HM-MNT inet6num: 2001:db8::/32 aut-num: AS2 tech-c: LA789-RIPE tech-c: LA789-RIPE admin-c: JD1-RIPE admin-c: JD1-RIPE mnt-by: RIPE-NCC-HM-MNT mnt-by: RIPE-NCC-HM-MNT 75
IPv6 in the Routing Registry Route6 object: route6: 2001:DB8::/32 origin: AS65550 Aut-num object: aut-num: AS65550 mp-import: afi ipv6.unicast from AS64496 accept ANY mp-export: afi ipv6.unicast to AS64496 announce AS65550 76
Automation of router configuration • Describing routing policy in aut-num enables generation of route-maps for policy routing • Tools can read your policy towards peers - translation from RPSL to router configuration commands • Tools collect the data your peers have in RR - if their data changes, you only have to periodically run your scripts to collect updates 77
Resource Certification
Limitations of the Routing Registry • Many registries exist, operated by different parties: – Not all of them mirror each other – Do you trust the information they provide? • The IRR system is far from complete • Resulting filters are hard to maintain and can take a lot of router memory 79
The RIPE NCC involvement in RPKI • The authority who is the holder of an Internet Number Resource in our region – IPv4 and IPv6 address ranges – Autonomous System Numbers • Information is kept in the registry • Accuracy and completeness are key 80
Digital resource certificates • Issue digital certificates along with the registration of Internet Resources • Two main purposes: – Make the registry more robust – Making Internet Routing more secure • Validation is the added value 81
Using certificates • Certification is a free, opt-in service – Your choice to request a certificate – Linked to your membership – Renewed every 12 months • Certificate does not list any identity information • Digital proof you are the holder of a resource 82
The PKI system • The RIRs hold a self-signed root certificate for all the resources that they have in the registry – They are the trust anchor for the system • That root certificate is used to sign a certificate that lists your resources • You can issue child certificates for those resources to your customers – When making assignments or sub allocations 83
Certificate Authority (CA) Structure Root CA (RIPE NCC) Member CA (LIR) Customer CA 84
Which resources are certified? • Provider Aggregatable (PA) IP addresses • Provider Independent (PI) addresses marked as “Infrastructure” • Other resources will be added over time: – PI addresses for which we have a contract – ERX resources 85
Route Origination Authorisation (ROA) • Next to the prefix and the ASN which is allowed to announce it, the ROA contains: –A minimum prefix length –A maximum prefix length – An expiry date • Multiple ROAs can exist for the same prefix • ROAs can overlap 86
Publication and validation • ROAs are published in the same repositories as the certificates and their keys • You can download them and use software to verify all the cryptographic signatures are valid – Was this really the owner of the prefix? • You will end up with a list of prefixes and the ASN that is expected to originate them – And you can be sure the information comes from the holder of the resources 87
Validator
ROA Validation • You can download all the certificates, public keys and ROAs which form the RPKI • Software running on your own machine can retrieve and then verify the information – Cryptographic tools can check all the signatures • The result is a list of all valid combinations of ASN and prefix, the “validated cache” 89
Reasons for a ROA to be invalid • The start date is in the future – Actually this is flagged as an error • The end date is in the past – It is expired and the ROA will be ignored • The signing certificate or key pair has expired or has been revoked • It does not validate back to a configured trust anchor 90
The Decision Process • When you receive a BGP announcement from one of your neighbors you can compare this to the validated cache • There are three possible outcomes: – Unknown: there is no covering ROA for this prefix – Valid: a ROA matching the prefix and ASN is found – Invalid: There is a ROA but it does not match the ASN or the prefix length 91
Modifying the Validated Cache • The RIPE NCC Validator allows you to manually override the validation process • Adding an ignore filter will ignore all ROAs for a given prefix – The end result is the validation state will be “unknown” • Creating a whitelist entry for a prefix and ASN will locally create a valid ROA – The end result is the validation state becomes “valid” 92
The Decision is Yours • The Validator is a tool which can help you making informed decisions about routing • Using it properly can enhance the security and stability of the Internet • It is your network and you make the final decision 93
Public Testbeds • A few people allow access to routers that run RPKI and allow you to have a look at it • RIPE NCC has a Cisco: – Telnet to rpki-rtr.ripe.net – User: ripe, no password • Eurotransit has a Juniper: – Telnet to 193.34.50.25 or 193.34.50.26 – Username: rpki, password: testbed (http://www.ripe.net/lir-services/resource-management/certification/tools-and-resources) 94
Roadmap • Support for non-hosted is still under development by the RIPE NCC – Expected release will be third quarter 2012 • We can give you access to beta test – Mail certification@ripe.net if you are interested • More information will be published on the certification website – http://www.ripe.net/certification 95
Follow us! @TrainingRIPENCC 96
Questions? training@ripe.net
The End! Kрай Y Diwedd Fí Соңы Finis Liðugt Ende Finvezh Kiнець Konec Kraj Ënn Fund Lõpp Beigas Vége Son Kpaj An Críoch ‫הסוף‬ Endir Fine Sfârşit Fin Τέλος Einde Конeц Slut Slutt Pabaiga Amaia Loppu Tmiem Koniec Fim

Recommandé

Tutorial: Using GoBGP as an IXP connecting router
Tutorial: Using GoBGP as an IXP connecting routerTutorial: Using GoBGP as an IXP connecting router
Tutorial: Using GoBGP as an IXP connecting routerShu Sugimoto
 
Internet Protocol Version 6 By Suvo 2002
Internet Protocol Version 6 By Suvo 2002Internet Protocol Version 6 By Suvo 2002
Internet Protocol Version 6 By Suvo 2002suvobgd
 
Linux kernel tracing
Linux kernel tracingLinux kernel tracing
Linux kernel tracingViller Hsiao
 
Install FD.IO VPP On Intel(r) Architecture & Test with Trex*
Install FD.IO VPP On Intel(r) Architecture & Test with Trex*Install FD.IO VPP On Intel(r) Architecture & Test with Trex*
Install FD.IO VPP On Intel(r) Architecture & Test with Trex*Michelle Holley
 
Dynamic routing
Dynamic routingDynamic routing
Dynamic routingNajmul Hossain Nayan
 
545人のインフラを支えたNOCチーム!
545人のインフラを支えたNOCチーム!545人のインフラを支えたNOCチーム!
545人のインフラを支えたNOCチーム!Masayuki Kobayashi
 
Understanding Android Benchmarks
Understanding Android BenchmarksUnderstanding Android Benchmarks
Understanding Android BenchmarksKoan-Sin Tan
 
BGP filter with mikrotik
BGP filter with mikrotikBGP filter with mikrotik
BGP filter with mikrotikAchmad Mardiansyah
 

Recommandé

Tutorial: Using GoBGP as an IXP connecting router
Tutorial: Using GoBGP as an IXP connecting routerTutorial: Using GoBGP as an IXP connecting router
Tutorial: Using GoBGP as an IXP connecting routerShu Sugimoto
 
Internet Protocol Version 6 By Suvo 2002
Internet Protocol Version 6 By Suvo 2002Internet Protocol Version 6 By Suvo 2002
Internet Protocol Version 6 By Suvo 2002suvobgd
 
Linux kernel tracing
Linux kernel tracingLinux kernel tracing
Linux kernel tracingViller Hsiao
 
Install FD.IO VPP On Intel(r) Architecture & Test with Trex*
Install FD.IO VPP On Intel(r) Architecture & Test with Trex*Install FD.IO VPP On Intel(r) Architecture & Test with Trex*
Install FD.IO VPP On Intel(r) Architecture & Test with Trex*Michelle Holley
 
Dynamic routing
Dynamic routingDynamic routing
Dynamic routingNajmul Hossain Nayan
 
545人のインフラを支えたNOCチーム!
545人のインフラを支えたNOCチーム!545人のインフラを支えたNOCチーム!
545人のインフラを支えたNOCチーム!Masayuki Kobayashi
 
Understanding Android Benchmarks
Understanding Android BenchmarksUnderstanding Android Benchmarks
Understanding Android BenchmarksKoan-Sin Tan
 
BGP filter with mikrotik
BGP filter with mikrotikBGP filter with mikrotik
BGP filter with mikrotikAchmad Mardiansyah
 
CCNP ROUTE V7 CH2
CCNP ROUTE V7 CH2CCNP ROUTE V7 CH2
CCNP ROUTE V7 CH2Chaing Ravuth
 
FastNetMon Advanced DDoS detection tool
FastNetMon Advanced DDoS detection toolFastNetMon Advanced DDoS detection tool
FastNetMon Advanced DDoS detection toolPavel Odintsov
 
JANOG43 Forefront of SRv6, Open Source Implementations
JANOG43 Forefront of SRv6, Open Source ImplementationsJANOG43 Forefront of SRv6, Open Source Implementations
JANOG43 Forefront of SRv6, Open Source ImplementationsKentaro Ebisawa
 
さくらのVPS で IPv4 over IPv6ルータの構築
さくらのVPS で IPv4 over IPv6ルータの構築さくらのVPS で IPv4 over IPv6ルータの構築
さくらのVPS で IPv4 over IPv6ルータの構築Tomocha Potter
 
バックボーン運用から見るインターネットの実情
バックボーン運用から見るインターネットの実情バックボーン運用から見るインターネットの実情
バックボーン運用から見るインターネットの実情IIJ
 
Maximizing Firewall Performance (2012 San Diego)
Maximizing Firewall Performance (2012 San Diego)Maximizing Firewall Performance (2012 San Diego)
Maximizing Firewall Performance (2012 San Diego)Cisco Security
 
DevConf 2014 Kernel Networking Walkthrough
DevConf 2014 Kernel Networking WalkthroughDevConf 2014 Kernel Networking Walkthrough
DevConf 2014 Kernel Networking WalkthroughThomas Graf
 
Static Routing
Static RoutingStatic Routing
Static RoutingKishore Kumar
 
GoBGP : yet another OSS BGPd
GoBGP : yet another OSS BGPdGoBGP : yet another OSS BGPd
GoBGP : yet another OSS BGPdPavel Odintsov
 
ネットワークの自動化・監視の取り組みについて #netopscoding #npstudy
ネットワークの自動化・監視の取り組みについて #netopscoding #npstudyネットワークの自動化・監視の取り組みについて #netopscoding #npstudy
ネットワークの自動化・監視の取り組みについて #netopscoding #npstudyYahoo!デベロッパーネットワーク
 
Comparison of SRv6 Extensions uSID, SRv6+, C-SRH
Comparison of SRv6 Extensions uSID, SRv6+, C-SRHComparison of SRv6 Extensions uSID, SRv6+, C-SRH
Comparison of SRv6 Extensions uSID, SRv6+, C-SRHKentaro Ebisawa
 
BGP Advance Technique by Steven & James
BGP Advance Technique by Steven & JamesBGP Advance Technique by Steven & James
BGP Advance Technique by Steven & JamesFebrian ‎
 
BIRD Routing Daemon
BIRD Routing DaemonBIRD Routing Daemon
BIRD Routing DaemonAPNIC
 
Study Notes BGP Exam
Study Notes BGP ExamStudy Notes BGP Exam
Study Notes BGP ExamDuane Bodle
 
How Linux Processes Your Network Packet - Elazar Leibovich
How Linux Processes Your Network Packet - Elazar LeibovichHow Linux Processes Your Network Packet - Elazar Leibovich
How Linux Processes Your Network Packet - Elazar LeibovichDevOpsDays Tel Aviv
 
エンジニアのキャリアパスを考える 川村
エンジニアのキャリアパスを考える 川村エンジニアのキャリアパスを考える 川村
エンジニアのキャリアパスを考える 川村wakamonog
 
Practical Implementation of Large BGP Community with Geotags and Traffic Engi...
Practical Implementation of Large BGP Community with Geotags and Traffic Engi...Practical Implementation of Large BGP Community with Geotags and Traffic Engi...
Practical Implementation of Large BGP Community with Geotags and Traffic Engi...APNIC
 
スイッチ・ルータのしくみ
スイッチ・ルータのしくみスイッチ・ルータのしくみ
スイッチ・ルータのしくみogatay
 
明日からはじめるネットワーク運用自動化
明日からはじめるネットワーク運用自動化明日からはじめるネットワーク運用自動化
明日からはじめるネットワーク運用自動化Taiji Tsuchiya
 
IIJmio meeting 5 MVNOとGPSについて
IIJmio meeting 5 MVNOとGPSについてIIJmio meeting 5 MVNOとGPSについて
IIJmio meeting 5 MVNOとGPSについてtechlog (Internet Initiative Japan Inc.)
 
Simplified IPv6 Subnetting. Understanding What’s What.
Simplified IPv6 Subnetting. Understanding What’s What.Simplified IPv6 Subnetting. Understanding What’s What.
Simplified IPv6 Subnetting. Understanding What’s What.SolarWinds
 
IPv6 Addressing Plans and Subnetting
IPv6 Addressing Plans and SubnettingIPv6 Addressing Plans and Subnetting
IPv6 Addressing Plans and SubnettingRIPE NCC
 

Contenu connexe

Tendances

FastNetMon Advanced DDoS detection tool
FastNetMon Advanced DDoS detection toolFastNetMon Advanced DDoS detection tool
FastNetMon Advanced DDoS detection toolPavel Odintsov
 
JANOG43 Forefront of SRv6, Open Source Implementations
JANOG43 Forefront of SRv6, Open Source ImplementationsJANOG43 Forefront of SRv6, Open Source Implementations
JANOG43 Forefront of SRv6, Open Source ImplementationsKentaro Ebisawa
 
さくらのVPS で IPv4 over IPv6ルータの構築
さくらのVPS で IPv4 over IPv6ルータの構築さくらのVPS で IPv4 over IPv6ルータの構築
さくらのVPS で IPv4 over IPv6ルータの構築Tomocha Potter
 
バックボーン運用から見るインターネットの実情
バックボーン運用から見るインターネットの実情バックボーン運用から見るインターネットの実情
バックボーン運用から見るインターネットの実情IIJ
 
Maximizing Firewall Performance (2012 San Diego)
Maximizing Firewall Performance (2012 San Diego)Maximizing Firewall Performance (2012 San Diego)
Maximizing Firewall Performance (2012 San Diego)Cisco Security
 
DevConf 2014 Kernel Networking Walkthrough
DevConf 2014 Kernel Networking WalkthroughDevConf 2014 Kernel Networking Walkthrough
DevConf 2014 Kernel Networking WalkthroughThomas Graf
 
GoBGP : yet another OSS BGPd
GoBGP : yet another OSS BGPdGoBGP : yet another OSS BGPd
GoBGP : yet another OSS BGPdPavel Odintsov
 
ネットワークの自動化・監視の取り組みについて #netopscoding #npstudy
ネットワークの自動化・監視の取り組みについて #netopscoding #npstudyネットワークの自動化・監視の取り組みについて #netopscoding #npstudy
ネットワークの自動化・監視の取り組みについて #netopscoding #npstudyYahoo!デベロッパーネットワーク
 
Comparison of SRv6 Extensions uSID, SRv6+, C-SRH
Comparison of SRv6 Extensions uSID, SRv6+, C-SRHComparison of SRv6 Extensions uSID, SRv6+, C-SRH
Comparison of SRv6 Extensions uSID, SRv6+, C-SRHKentaro Ebisawa
 
BGP Advance Technique by Steven & James
BGP Advance Technique by Steven & JamesBGP Advance Technique by Steven & James
BGP Advance Technique by Steven & JamesFebrian ‎
 
BIRD Routing Daemon
BIRD Routing DaemonBIRD Routing Daemon
BIRD Routing DaemonAPNIC
 
Study Notes BGP Exam
Study Notes BGP ExamStudy Notes BGP Exam
Study Notes BGP ExamDuane Bodle
 
How Linux Processes Your Network Packet - Elazar Leibovich
How Linux Processes Your Network Packet - Elazar LeibovichHow Linux Processes Your Network Packet - Elazar Leibovich
How Linux Processes Your Network Packet - Elazar LeibovichDevOpsDays Tel Aviv
 
エンジニアのキャリアパスを考える 川村
エンジニアのキャリアパスを考える 川村エンジニアのキャリアパスを考える 川村
エンジニアのキャリアパスを考える 川村wakamonog
 
Practical Implementation of Large BGP Community with Geotags and Traffic Engi...
Practical Implementation of Large BGP Community with Geotags and Traffic Engi...Practical Implementation of Large BGP Community with Geotags and Traffic Engi...
Practical Implementation of Large BGP Community with Geotags and Traffic Engi...APNIC
 
スイッチ・ルータのしくみ
スイッチ・ルータのしくみスイッチ・ルータのしくみ
スイッチ・ルータのしくみogatay
 
明日からはじめるネットワーク運用自動化
明日からはじめるネットワーク運用自動化明日からはじめるネットワーク運用自動化
明日からはじめるネットワーク運用自動化Taiji Tsuchiya
 

Tendances (20)

CCNP ROUTE V7 CH2
CCNP ROUTE V7 CH2CCNP ROUTE V7 CH2
CCNP ROUTE V7 CH2
 
FastNetMon Advanced DDoS detection tool
FastNetMon Advanced DDoS detection toolFastNetMon Advanced DDoS detection tool
FastNetMon Advanced DDoS detection tool
 
JANOG43 Forefront of SRv6, Open Source Implementations
JANOG43 Forefront of SRv6, Open Source ImplementationsJANOG43 Forefront of SRv6, Open Source Implementations
JANOG43 Forefront of SRv6, Open Source Implementations
 
さくらのVPS で IPv4 over IPv6ルータの構築
さくらのVPS で IPv4 over IPv6ルータの構築さくらのVPS で IPv4 over IPv6ルータの構築
さくらのVPS で IPv4 over IPv6ルータの構築
 
バックボーン運用から見るインターネットの実情
バックボーン運用から見るインターネットの実情バックボーン運用から見るインターネットの実情
バックボーン運用から見るインターネットの実情
 
Maximizing Firewall Performance (2012 San Diego)
Maximizing Firewall Performance (2012 San Diego)Maximizing Firewall Performance (2012 San Diego)
Maximizing Firewall Performance (2012 San Diego)
 
DevConf 2014 Kernel Networking Walkthrough
DevConf 2014 Kernel Networking WalkthroughDevConf 2014 Kernel Networking Walkthrough
DevConf 2014 Kernel Networking Walkthrough
 
Static Routing
Static RoutingStatic Routing
Static Routing
 
GoBGP : yet another OSS BGPd
GoBGP : yet another OSS BGPdGoBGP : yet another OSS BGPd
GoBGP : yet another OSS BGPd
 
ネットワークの自動化・監視の取り組みについて #netopscoding #npstudy
ネットワークの自動化・監視の取り組みについて #netopscoding #npstudyネットワークの自動化・監視の取り組みについて #netopscoding #npstudy
ネットワークの自動化・監視の取り組みについて #netopscoding #npstudy
 
Comparison of SRv6 Extensions uSID, SRv6+, C-SRH
Comparison of SRv6 Extensions uSID, SRv6+, C-SRHComparison of SRv6 Extensions uSID, SRv6+, C-SRH
Comparison of SRv6 Extensions uSID, SRv6+, C-SRH
 
BGP Advance Technique by Steven & James
BGP Advance Technique by Steven & JamesBGP Advance Technique by Steven & James
BGP Advance Technique by Steven & James
 
BIRD Routing Daemon
BIRD Routing DaemonBIRD Routing Daemon
BIRD Routing Daemon
 
Study Notes BGP Exam
Study Notes BGP ExamStudy Notes BGP Exam
Study Notes BGP Exam
 
How Linux Processes Your Network Packet - Elazar Leibovich
How Linux Processes Your Network Packet - Elazar LeibovichHow Linux Processes Your Network Packet - Elazar Leibovich
How Linux Processes Your Network Packet - Elazar Leibovich
 
エンジニアのキャリアパスを考える 川村
エンジニアのキャリアパスを考える 川村エンジニアのキャリアパスを考える 川村
エンジニアのキャリアパスを考える 川村
 
Practical Implementation of Large BGP Community with Geotags and Traffic Engi...
Practical Implementation of Large BGP Community with Geotags and Traffic Engi...Practical Implementation of Large BGP Community with Geotags and Traffic Engi...
Practical Implementation of Large BGP Community with Geotags and Traffic Engi...
 
スイッチ・ルータのしくみ
スイッチ・ルータのしくみスイッチ・ルータのしくみ
スイッチ・ルータのしくみ
 
明日からはじめるネットワーク運用自動化
明日からはじめるネットワーク運用自動化明日からはじめるネットワーク運用自動化
明日からはじめるネットワーク運用自動化
 
IIJmio meeting 5 MVNOとGPSについて
IIJmio meeting 5 MVNOとGPSについてIIJmio meeting 5 MVNOとGPSについて
IIJmio meeting 5 MVNOとGPSについて
 

En vedette

Simplified IPv6 Subnetting. Understanding What’s What.
Simplified IPv6 Subnetting. Understanding What’s What.Simplified IPv6 Subnetting. Understanding What’s What.
Simplified IPv6 Subnetting. Understanding What’s What.SolarWinds
 
IPv6 Addressing Plans and Subnetting
IPv6 Addressing Plans and SubnettingIPv6 Addressing Plans and Subnetting
IPv6 Addressing Plans and SubnettingRIPE NCC
 
Obtaining IPv4 Addresses
Obtaining IPv4 AddressesObtaining IPv4 Addresses
Obtaining IPv4 AddressesRIPE NCC
 
APNIC IRM Tutorial, by Sheryl Hermoso [APRICOT 2015]
APNIC IRM Tutorial, by Sheryl Hermoso [APRICOT 2015]APNIC IRM Tutorial, by Sheryl Hermoso [APRICOT 2015]
APNIC IRM Tutorial, by Sheryl Hermoso [APRICOT 2015]APNIC
 
APNIC's Resource Certification Service
APNIC's Resource Certification ServiceAPNIC's Resource Certification Service
APNIC's Resource Certification ServiceAPNIC
 
Current RIPE Policy Developments and RIPE Policy Implementation
Current RIPE Policy Developments and RIPE Policy ImplementationCurrent RIPE Policy Developments and RIPE Policy Implementation
Current RIPE Policy Developments and RIPE Policy ImplementationRIPE NCC
 
IPV6 addressing plan exercise-2
IPV6 addressing plan exercise-2IPV6 addressing plan exercise-2
IPV6 addressing plan exercise-2stupidbopols
 
Preparing an IPv6 Addressing Planl
Preparing an IPv6 Addressing PlanlPreparing an IPv6 Addressing Planl
Preparing an IPv6 Addressing PlanlDave Thyssen
 
instructor ppt_chapter8.2.2 - i_pv6 addressing with exercises of IPv6
instructor ppt_chapter8.2.2 - i_pv6 addressing with exercises of IPv6instructor ppt_chapter8.2.2 - i_pv6 addressing with exercises of IPv6
instructor ppt_chapter8.2.2 - i_pv6 addressing with exercises of IPv6cyberjoex
 
RIPE Atlas
RIPE AtlasRIPE Atlas
RIPE AtlasRIPE NCC
 
Internet Operations and the RIRs
Internet Operations and the RIRsInternet Operations and the RIRs
Internet Operations and the RIRsARIN
 

En vedette (13)

Simplified IPv6 Subnetting. Understanding What’s What.
Simplified IPv6 Subnetting. Understanding What’s What.Simplified IPv6 Subnetting. Understanding What’s What.
Simplified IPv6 Subnetting. Understanding What’s What.
 
IPv6 Addressing Plans and Subnetting
IPv6 Addressing Plans and SubnettingIPv6 Addressing Plans and Subnetting
IPv6 Addressing Plans and Subnetting
 
Obtaining IPv4 Addresses
Obtaining IPv4 AddressesObtaining IPv4 Addresses
Obtaining IPv4 Addresses
 
09 (IDNOG01) Introduction about APNIC by Wita Laksono
09 (IDNOG01) Introduction about APNIC by Wita Laksono09 (IDNOG01) Introduction about APNIC by Wita Laksono
09 (IDNOG01) Introduction about APNIC by Wita Laksono
 
APNIC IRM Tutorial, by Sheryl Hermoso [APRICOT 2015]
APNIC IRM Tutorial, by Sheryl Hermoso [APRICOT 2015]APNIC IRM Tutorial, by Sheryl Hermoso [APRICOT 2015]
APNIC IRM Tutorial, by Sheryl Hermoso [APRICOT 2015]
 
APNIC's Resource Certification Service
APNIC's Resource Certification ServiceAPNIC's Resource Certification Service
APNIC's Resource Certification Service
 
Current RIPE Policy Developments and RIPE Policy Implementation
Current RIPE Policy Developments and RIPE Policy ImplementationCurrent RIPE Policy Developments and RIPE Policy Implementation
Current RIPE Policy Developments and RIPE Policy Implementation
 
IPV6 addressing plan exercise-2
IPV6 addressing plan exercise-2IPV6 addressing plan exercise-2
IPV6 addressing plan exercise-2
 
Preparing an IPv6 Addressing Planl
Preparing an IPv6 Addressing PlanlPreparing an IPv6 Addressing Planl
Preparing an IPv6 Addressing Planl
 
instructor ppt_chapter8.2.2 - i_pv6 addressing with exercises of IPv6
instructor ppt_chapter8.2.2 - i_pv6 addressing with exercises of IPv6instructor ppt_chapter8.2.2 - i_pv6 addressing with exercises of IPv6
instructor ppt_chapter8.2.2 - i_pv6 addressing with exercises of IPv6
 
RIPE Atlas
RIPE AtlasRIPE Atlas
RIPE Atlas
 
Internet Operations and the RIRs
Internet Operations and the RIRsInternet Operations and the RIRs
Internet Operations and the RIRs
 
Ip address and subnetting
Ip address and subnettingIp address and subnetting
Ip address and subnetting
 

Similaire à Getting IPv6 & Securing your Routing

IPv4 depletion & IPv6 deployment in the RIPE NCC service region
IPv4 depletion & IPv6 deployment in the RIPE NCC service regionIPv4 depletion & IPv6 deployment in the RIPE NCC service region
IPv4 depletion & IPv6 deployment in the RIPE NCC service regionRIPE NCC
 
IPv4 Depletion & IPv6 Deployment
IPv4 Depletion & IPv6 DeploymentIPv4 Depletion & IPv6 Deployment
IPv4 Depletion & IPv6 DeploymentRIPE NCC
 
Update: IP addresses AS numbers and related things...
Update: IP addresses AS numbers and related things...Update: IP addresses AS numbers and related things...
Update: IP addresses AS numbers and related things...RIPE NCC
 
IPv6 Act Now!
IPv6 Act Now!IPv6 Act Now!
IPv6 Act Now!RIPE NCC
 
IPv4 and IPv6 - addressing Internet infrastructure
IPv4 and IPv6 - addressing Internet infrastructureIPv4 and IPv6 - addressing Internet infrastructure
IPv4 and IPv6 - addressing Internet infrastructureRIPE NCC
 
IPv6 Tutorial RIPE 60
IPv6 Tutorial RIPE 60IPv6 Tutorial RIPE 60
IPv6 Tutorial RIPE 60RIPE Meetings
 
Your Slice of the IPv6 Cake
Your Slice of the IPv6 CakeYour Slice of the IPv6 Cake
Your Slice of the IPv6 CakeRIPE NCC
 
Leo Vegoda - IPv6: a universe if addresses
Leo Vegoda - IPv6: a universe if addressesLeo Vegoda - IPv6: a universe if addresses
Leo Vegoda - IPv6: a universe if addressesIPv6 Conference
 
Facilitating IPv6 Deployment
Facilitating IPv6 DeploymentFacilitating IPv6 Deployment
Facilitating IPv6 DeploymentRIPE NCC
 
IPv6 News from the RIPE NCC
IPv6 News from the RIPE NCCIPv6 News from the RIPE NCC
IPv6 News from the RIPE NCCRIPE NCC
 
Nathalie - Stavanger
Nathalie - StavangerNathalie - Stavanger
Nathalie - StavangerIPv6no
 
Moving Towards IPv6
Moving Towards IPv6Moving Towards IPv6
Moving Towards IPv6RIPE NCC
 
IPv6 in Depth <<Kinda>>
IPv6 in Depth <<Kinda>>IPv6 in Depth <<Kinda>>
IPv6 in Depth <<Kinda>>RIPE NCC
 
IPv6 Deployment: Why and Why not?
IPv6 Deployment: Why and Why not?IPv6 Deployment: Why and Why not?
IPv6 Deployment: Why and Why not?apnic_slides
 
IPv6 Deployment and Distribution in the RIPE NCC Service Region
IPv6 Deployment and Distribution in the RIPE NCC Service RegionIPv6 Deployment and Distribution in the RIPE NCC Service Region
IPv6 Deployment and Distribution in the RIPE NCC Service RegionRIPE NCC
 
RIPE NCC Status Update
RIPE NCC Status UpdateRIPE NCC Status Update
RIPE NCC Status UpdateRIPE NCC
 
IPv4 Depletion and IPv6 Adoption Today
IPv4 Depletion and IPv6 Adoption TodayIPv4 Depletion and IPv6 Adoption Today
IPv4 Depletion and IPv6 Adoption TodayARIN
 
RIPE Labs Operator Tools, Ideas, Analysis
RIPE Labs Operator Tools, Ideas, AnalysisRIPE Labs Operator Tools, Ideas, Analysis
RIPE Labs Operator Tools, Ideas, AnalysisRIPE NCC
 
RIPE NCC Update
RIPE NCC UpdateRIPE NCC Update
RIPE NCC UpdateRIPE NCC
 

Similaire à Getting IPv6 & Securing your Routing (20)

Kjell Leknes
Kjell LeknesKjell Leknes
Kjell Leknes
 
IPv4 depletion & IPv6 deployment in the RIPE NCC service region
IPv4 depletion & IPv6 deployment in the RIPE NCC service regionIPv4 depletion & IPv6 deployment in the RIPE NCC service region
IPv4 depletion & IPv6 deployment in the RIPE NCC service region
 
IPv4 Depletion & IPv6 Deployment
IPv4 Depletion & IPv6 DeploymentIPv4 Depletion & IPv6 Deployment
IPv4 Depletion & IPv6 Deployment
 
Update: IP addresses AS numbers and related things...
Update: IP addresses AS numbers and related things...Update: IP addresses AS numbers and related things...
Update: IP addresses AS numbers and related things...
 
IPv6 Act Now!
IPv6 Act Now!IPv6 Act Now!
IPv6 Act Now!
 
IPv4 and IPv6 - addressing Internet infrastructure
IPv4 and IPv6 - addressing Internet infrastructureIPv4 and IPv6 - addressing Internet infrastructure
IPv4 and IPv6 - addressing Internet infrastructure
 
IPv6 Tutorial RIPE 60
IPv6 Tutorial RIPE 60IPv6 Tutorial RIPE 60
IPv6 Tutorial RIPE 60
 
Your Slice of the IPv6 Cake
Your Slice of the IPv6 CakeYour Slice of the IPv6 Cake
Your Slice of the IPv6 Cake
 
Leo Vegoda - IPv6: a universe if addresses
Leo Vegoda - IPv6: a universe if addressesLeo Vegoda - IPv6: a universe if addresses
Leo Vegoda - IPv6: a universe if addresses
 
Facilitating IPv6 Deployment
Facilitating IPv6 DeploymentFacilitating IPv6 Deployment
Facilitating IPv6 Deployment
 
IPv6 News from the RIPE NCC
IPv6 News from the RIPE NCCIPv6 News from the RIPE NCC
IPv6 News from the RIPE NCC
 
Nathalie - Stavanger
Nathalie - StavangerNathalie - Stavanger
Nathalie - Stavanger
 
Moving Towards IPv6
Moving Towards IPv6Moving Towards IPv6
Moving Towards IPv6
 
IPv6 in Depth <<Kinda>>
IPv6 in Depth <<Kinda>>IPv6 in Depth <<Kinda>>
IPv6 in Depth <<Kinda>>
 
IPv6 Deployment: Why and Why not?
IPv6 Deployment: Why and Why not?IPv6 Deployment: Why and Why not?
IPv6 Deployment: Why and Why not?
 
IPv6 Deployment and Distribution in the RIPE NCC Service Region
IPv6 Deployment and Distribution in the RIPE NCC Service RegionIPv6 Deployment and Distribution in the RIPE NCC Service Region
IPv6 Deployment and Distribution in the RIPE NCC Service Region
 
RIPE NCC Status Update
RIPE NCC Status UpdateRIPE NCC Status Update
RIPE NCC Status Update
 
IPv4 Depletion and IPv6 Adoption Today
IPv4 Depletion and IPv6 Adoption TodayIPv4 Depletion and IPv6 Adoption Today
IPv4 Depletion and IPv6 Adoption Today
 
RIPE Labs Operator Tools, Ideas, Analysis
RIPE Labs Operator Tools, Ideas, AnalysisRIPE Labs Operator Tools, Ideas, Analysis
RIPE Labs Operator Tools, Ideas, Analysis
 
RIPE NCC Update
RIPE NCC UpdateRIPE NCC Update
RIPE NCC Update
 

Plus de RIPE NCC

Navigating IP Addresses: Insights from your Regional Internet Registry
Navigating IP Addresses: Insights from your Regional Internet RegistryNavigating IP Addresses: Insights from your Regional Internet Registry
Navigating IP Addresses: Insights from your Regional Internet RegistryRIPE NCC
 
Traces of Power: Internet Governance and Climate Action
Traces of Power: Internet Governance and Climate ActionTraces of Power: Internet Governance and Climate Action
Traces of Power: Internet Governance and Climate ActionRIPE NCC
 
Governing Environmental Sustainability in Tech
Governing Environmental Sustainability in TechGoverning Environmental Sustainability in Tech
Governing Environmental Sustainability in TechRIPE NCC
 
Gerardo-Viviers-RPKI-presentation-DKNOG14.pdf
Gerardo-Viviers-RPKI-presentation-DKNOG14.pdfGerardo-Viviers-RPKI-presentation-DKNOG14.pdf
Gerardo-Viviers-RPKI-presentation-DKNOG14.pdfRIPE NCC
 
LIA HESTINA - Minimising impact before incidents occur with RIPE Atlas and RIS
LIA HESTINA - Minimising impact before incidents occur with RIPE Atlas and RISLIA HESTINA - Minimising impact before incidents occur with RIPE Atlas and RIS
LIA HESTINA - Minimising impact before incidents occur with RIPE Atlas and RISRIPE NCC
 
Intro to RIPE and RIPE NCC: RIPE Atlas workshop
Intro to RIPE and RIPE NCC: RIPE Atlas workshopIntro to RIPE and RIPE NCC: RIPE Atlas workshop
Intro to RIPE and RIPE NCC: RIPE Atlas workshopRIPE NCC
 
IGF UA - Dialog with I_ organisations - Alena Muavska RIPE NCC.pdf
IGF UA - Dialog with I_ organisations - Alena Muavska RIPE NCC.pdfIGF UA - Dialog with I_ organisations - Alena Muavska RIPE NCC.pdf
IGF UA - Dialog with I_ organisations - Alena Muavska RIPE NCC.pdfRIPE NCC
 
Opportunities for Youth in IG - Alena Muravska RIPE NCC.pdf
Opportunities for Youth in IG - Alena Muravska RIPE NCC.pdfOpportunities for Youth in IG - Alena Muravska RIPE NCC.pdf
Opportunities for Youth in IG - Alena Muravska RIPE NCC.pdfRIPE NCC
 
RIPE NCC Internet Measurement Tools
RIPE NCC Internet Measurement ToolsRIPE NCC Internet Measurement Tools
RIPE NCC Internet Measurement ToolsRIPE NCC
 
IPv6 in Central Europe and the Baltics
IPv6 in Central Europe and the BalticsIPv6 in Central Europe and the Baltics
IPv6 in Central Europe and the BalticsRIPE NCC
 
RPKI For Routing Security
RPKI For Routing SecurityRPKI For Routing Security
RPKI For Routing SecurityRIPE NCC
 
SEEDIG 8 - Alena Muravska RIPE NCC.pdf
SEEDIG 8 - Alena Muravska RIPE NCC.pdfSEEDIG 8 - Alena Muravska RIPE NCC.pdf
SEEDIG 8 - Alena Muravska RIPE NCC.pdfRIPE NCC
 
Know Your Network: Why Every Network Operator Should Host RIPE Atlas
Know Your Network: Why Every Network Operator Should Host RIPE AtlasKnow Your Network: Why Every Network Operator Should Host RIPE Atlas
Know Your Network: Why Every Network Operator Should Host RIPE AtlasRIPE NCC
 
Minimising Impact When Incidents Occur With RIPE Atlas
Minimising Impact When Incidents Occur With RIPE AtlasMinimising Impact When Incidents Occur With RIPE Atlas
Minimising Impact When Incidents Occur With RIPE AtlasRIPE NCC
 
RIPE NCC Internet Measurement Services
RIPE NCC Internet Measurement ServicesRIPE NCC Internet Measurement Services
RIPE NCC Internet Measurement ServicesRIPE NCC
 
Spotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE AtlasSpotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE AtlasRIPE NCC
 
Spotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE AtlasSpotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE AtlasRIPE NCC
 
Spotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE AtlasSpotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE AtlasRIPE NCC
 
111 views of Swiss Internet Infrastructure
111 views of Swiss Internet Infrastructure111 views of Swiss Internet Infrastructure
111 views of Swiss Internet InfrastructureRIPE NCC
 
The RIPE NCC’s View of IPv6 in Sweden
The RIPE NCC’s View of IPv6 in SwedenThe RIPE NCC’s View of IPv6 in Sweden
The RIPE NCC’s View of IPv6 in SwedenRIPE NCC
 

Plus de RIPE NCC (20)

Navigating IP Addresses: Insights from your Regional Internet Registry
Navigating IP Addresses: Insights from your Regional Internet RegistryNavigating IP Addresses: Insights from your Regional Internet Registry
Navigating IP Addresses: Insights from your Regional Internet Registry
 
Traces of Power: Internet Governance and Climate Action
Traces of Power: Internet Governance and Climate ActionTraces of Power: Internet Governance and Climate Action
Traces of Power: Internet Governance and Climate Action
 
Governing Environmental Sustainability in Tech
Governing Environmental Sustainability in TechGoverning Environmental Sustainability in Tech
Governing Environmental Sustainability in Tech
 
Gerardo-Viviers-RPKI-presentation-DKNOG14.pdf
Gerardo-Viviers-RPKI-presentation-DKNOG14.pdfGerardo-Viviers-RPKI-presentation-DKNOG14.pdf
Gerardo-Viviers-RPKI-presentation-DKNOG14.pdf
 
LIA HESTINA - Minimising impact before incidents occur with RIPE Atlas and RIS
LIA HESTINA - Minimising impact before incidents occur with RIPE Atlas and RISLIA HESTINA - Minimising impact before incidents occur with RIPE Atlas and RIS
LIA HESTINA - Minimising impact before incidents occur with RIPE Atlas and RIS
 
Intro to RIPE and RIPE NCC: RIPE Atlas workshop
Intro to RIPE and RIPE NCC: RIPE Atlas workshopIntro to RIPE and RIPE NCC: RIPE Atlas workshop
Intro to RIPE and RIPE NCC: RIPE Atlas workshop
 
IGF UA - Dialog with I_ organisations - Alena Muavska RIPE NCC.pdf
IGF UA - Dialog with I_ organisations - Alena Muavska RIPE NCC.pdfIGF UA - Dialog with I_ organisations - Alena Muavska RIPE NCC.pdf
IGF UA - Dialog with I_ organisations - Alena Muavska RIPE NCC.pdf
 
Opportunities for Youth in IG - Alena Muravska RIPE NCC.pdf
Opportunities for Youth in IG - Alena Muravska RIPE NCC.pdfOpportunities for Youth in IG - Alena Muravska RIPE NCC.pdf
Opportunities for Youth in IG - Alena Muravska RIPE NCC.pdf
 
RIPE NCC Internet Measurement Tools
RIPE NCC Internet Measurement ToolsRIPE NCC Internet Measurement Tools
RIPE NCC Internet Measurement Tools
 
IPv6 in Central Europe and the Baltics
IPv6 in Central Europe and the BalticsIPv6 in Central Europe and the Baltics
IPv6 in Central Europe and the Baltics
 
RPKI For Routing Security
RPKI For Routing SecurityRPKI For Routing Security
RPKI For Routing Security
 
SEEDIG 8 - Alena Muravska RIPE NCC.pdf
SEEDIG 8 - Alena Muravska RIPE NCC.pdfSEEDIG 8 - Alena Muravska RIPE NCC.pdf
SEEDIG 8 - Alena Muravska RIPE NCC.pdf
 
Know Your Network: Why Every Network Operator Should Host RIPE Atlas
Know Your Network: Why Every Network Operator Should Host RIPE AtlasKnow Your Network: Why Every Network Operator Should Host RIPE Atlas
Know Your Network: Why Every Network Operator Should Host RIPE Atlas
 
Minimising Impact When Incidents Occur With RIPE Atlas
Minimising Impact When Incidents Occur With RIPE AtlasMinimising Impact When Incidents Occur With RIPE Atlas
Minimising Impact When Incidents Occur With RIPE Atlas
 
RIPE NCC Internet Measurement Services
RIPE NCC Internet Measurement ServicesRIPE NCC Internet Measurement Services
RIPE NCC Internet Measurement Services
 
Spotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE AtlasSpotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE Atlas
 
Spotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE AtlasSpotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE Atlas
 
Spotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE AtlasSpotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE Atlas
 
111 views of Swiss Internet Infrastructure
111 views of Swiss Internet Infrastructure111 views of Swiss Internet Infrastructure
111 views of Swiss Internet Infrastructure
 
The RIPE NCC’s View of IPv6 in Sweden
The RIPE NCC’s View of IPv6 in SwedenThe RIPE NCC’s View of IPv6 in Sweden
The RIPE NCC’s View of IPv6 in Sweden
 

Dernier

A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 

Dernier (20)

A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 

Getting IPv6 & Securing your Routing

  • 1. Getting IPv6 & Securing your Routing IPv6 Kongress May 2012, Frankfurt Sandra Brás & Ferenc Csorba, RIPE NCC
  • 2. Schedule • IPv4 exhaustion • IPv6 address space • European IPv6 deployment statistics • BGP multihoming • Routing Registry and the RIPE Database • Resource Certification 2
  • 3. RIPE / RIPE NCC RIPE Open community Develops addressing policies Working group mailing lists RIPE NCC Located in Amsterdam Not for profit membership organisation One of five RIRs 3
  • 5. Internet Number Resources • IP addresses - IPv4 eg. 193.0.0.203 - IPv6 eg. 2001:610:240:11::c100:1319 • Autonomous System Numbers (ASN) • Other public services - Training Services - RIPE Labs - RIPE Database - RIPE Stat - K-root name server - RIPE Atlas - Measurement tools - E-learning 5
  • 9. Who makes policies? ICANN / IANA ASO AfriNIC Reach consensusARIN RIPE NCC across communities APNIC LACNIC AfriNIC RIPE ARIN APNIC LACNIC community community community community community proposal proposal Global proposal Policy Proposal proposal proposal 9
  • 10. Why would you want to participate? • Policy determines how you run your business • Over 8000 LIRs • Only a fraction are active participants in the PDP 10
  • 11. How can you participate? • Working Group mailing lists - RIPE website → RIPE → Mailing Lists • Come to the RIPE Meetings - Two free tickets for new LIRs - Remote participation is also possible 11
  • 13. IANA IPv4 pool 40% 30% 20% 10% 0% 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 13
  • 14. IPv4 address distribution /0 IANA /8 RIR /21 LIR /23 /25 /25 End User Allocation PA Assignment PI Assignment 14
  • 15. IANA and RIRs IPv4 pool IANA Pool RIR Allocations Advertised RIR Pool Today 256 Data 192 128 64 0 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 15
  • 16. Our slice of the IPv4 pie Legacy Other IANA AfriNIC LACNIC RIPE NCC ARIN APNIC 16
  • 17. IPv4 exhaustion phases IPv4 still available. RIPE NCC’s allocation RIPE NCC can only RIPE NCC continues policy from last /8 distribute IPv6 distributing it applies ? now time IANA pool RIPE NCC RIPE NCC exhausted reaches pool final /8 exhausted Each of the 5 RIRs given a /8 17
  • 18. Run Out Fairly (of IPv4) • Gradually reduced allocation / assignment periods • Needs for “Entire Period” of up to... - 12 months (January 2010) - 9 months (July 2010) - 6 months (January 2011) - 3 months (July 2011) • 50% has to be used up by half-period 18
  • 19. RIPE NCC’s last /8 • We do things differently! • Ensures IPv4 access for all members - 16000+ /22s in a /8 - members can get one /22 (=1024 addresses) - must already hold IPv6 - must qualify for allocation • /16 set aside for unforeseen situations - if unused, will be distributed • No PI 19
  • 20. Transfer of IPv4 Allocations • Policy 2007-08: Allocation Transfer Policy - Don’t buy your IPv4 on eBay! - Transfer unused allocations to another LIR - Minimum allocation size /21 - Evaluated by RIPE NCC - Update in RIPE Database http://www.ripe.net/lir-services/resource-management/listing 20
  • 21. IPv4 Depletion in the RIPE NCC’s Region - https://www.ripe.net/internet-coordination/ipv4-exhaustion 21
  • 22. 0 75 150 225 300 2000-01 2000-07 2001-01 2001-07 2002-01 2002-07 2003-01 2003-07 2004-01 2004-07 2005-01 IPv4 Allocation Rate 2005-07 2006-01 2006-07 2007-01 2007-07 2008-01 2008-07 2009-01 2009-07 2010-01 2010-07 2011-01 2011-07 2012-01 22
  • 23. IPv4 Depletion Worldwide IPv4 Pool in /8’s 6 5 4 3 2 1 0 AfriNIC RIPE NCC LACNIC ARIN APNIC 23
  • 25. Where do all the addresses come from? IETF IANA AfriNIC ARIN RIPE NCC APNIC LACNIC 8000 LIRs End Users 25
  • 26. IPv6 address distribution /3 IANA /12 RIR /32 LIR /48 /56 /48 End User PA Allocation Provider Aggregatable PI Assignment Assignment 26
  • 27. IPv6 basics • IPv6 address: 128 bits - 32 bits in IPv4 • Every subnet should be a /64 • Customer assignments (sites) between: - /64 (1 subnet) - /48 (65536 subnets) • Minimum allocation size /32 - 65536 /48’s - 16777216 /56’s 27
  • 28. IPv4 vs IPv6 (rounded off) IPv4 IPv6 addresses 4x109 2x1019 subnets allocations 2x106 4x109 to members in each allocation: in each allocation: subnets addresses 2048 4x109 28
  • 29. Classless Inter-Domain Routing (CIDR) IPv6 Chart Prefix /48s /56s /64s Bits IPv4 CIDR Chart RIPE NCC /24 16M 4G 1T 104 /25 8M 2G 512G 103 IP Addresses Bits Prefix Subnet Mask /26 4M 1G 256G 102 /27 2M 512M 128G 101 /28 1M 256M 64G 100 1 0 /32 255.255.255.255 /29 512K 128M 32G 99 2 1 /31 255.255.255.254 /30 256K 64M 16G 98 4 2 /30 255.255.255.252 /31 128K 32M 8G 97 8 3 /29 255.255.255.248 /32 64K 16M 4G 96 16 4 /28 255.255.255.240 /33 32K 8M 2G 95 32 5 /27 255.255.255.224 /34 16K 4M 1G 94 64 6 /26 255.255.255.192 /35 8K 2M 512M 93 128 7 /25 255.255.255.128 /36 4K 1M 256M 92 256 8 /24 255.255.255.0 /37 2K 512K 128M 91 512 9 /23 255.255.254.0 /38 1K 256K 64M 90 1K 10 /22 255.255.252.0 /39 512 128K 32M 89 2K 11 /21 255.255.248.0 /40 256 64K 16M 88 4K 12 /20 255.255.240.0 /41 128 32K 8M 87 8K 13 /19 255.255.224.0 /42 64 16K 4M 86 16 K 14 /18 255.255.192.0 /43 32 8K 1M 85 32 K 15 /17 255.255.128.0 /44 16 4K 1M 84 64 K 16 /16 255.255.0.0 /45 8 2K 512K 83 128 K 17 /15 255.254.0.0 /46 4 1K 256K 82 256 K 18 /14 255.252.0.0 /47 2 512 128K 81 512 K 19 /13 255.248.0.0 /48 1 256 64K 80 1M 20 /12 255.240.0.0 /49 128 32K 79 /50 64 16K 78 2M 21 /11 255.224.0.0 /51 32 8K 77 4M 22 /10 255.192.0.0 /52 16 4K 76 8M 23 /9 255.128.0.0 /53 8 2K 75 16 M 24 /8 255.0.0.0 /54 4 1K 74 32 M 25 /7 254.0.0.0 /55 2 512 73 64 M 26 /6 252.0.0.0 /56 1 256 72 128 M 27 /5 248.0.0.0 /57 128 71 256 M 28 /4 240.0.0.0 RIPE NCC /58 64 70 512 M 29 /3 224.0.0.0 /59 32 69 1024 M 30 /2 192.0.0.0 /60 16 68 2048 M 31 /1 128.0.0.0 /61 8 67 4096 M 32 /0 0.0.0.0 /62 4 66 /63 2 65 Contact Registration Services: /64 1 64 www.ripe.net 29
  • 31. Getting an IPv6 allocation • To qualify, an organisation must: - Be an LIR - Have a plan for making assignments within two years • Minimum allocation size /32 • Announcement as a single prefix recommended 31
  • 32. RIPE Policy Proposal 2011-04 • Extension of the Minimum Size for IPv6 Initial Allocation - Proposes initial allocation up to a /29 - For example, for small LIRs to deploy IPv6 via 6RD (RFC 5969) DER DISCUSSION UN • Proposal currently in Review Phase - The RIPE NCC is working on impact analysis 32
  • 33. What does the first IPv6 allocation cost? - for all - pending General Meeting decision or: - for approximately 97% of the LIRs - more points, but not higher category! 33
  • 34. Why Create an IPv6 Addressing Plan? • Mental health during implementation(!) • Easier implementation of security policies • Efficient addressing plans are scalable • More efficient route aggregation 34
  • 36. Make an addressing plan (I) • Number of hosts is irrelevant • Multiple /48s per pop can be used - separate blocks for infrastructure and customers - document address needs for allocation criteria • /64 for all subnets - autoconfiguration works - renumbering easier - less typo errors because of simplicity 36
  • 37. Make an addressing plan (II) • Use one /64 block (per site) for loopbacks - One /128 per device - One /64 contains enough /128s for 18.446.744.073.709.551.616 devices 37
  • 38. More On Addressing Plans for ISPs • For private networks, look at ULA • For servers you want manual configuration • Use port numbers for addresses - pop server 2001:db8:1::110 - dns server 2001:db8:1::53 - etc... 38
  • 39. Point-to-Point Connections • How much space for point-to-point connections? - RFC4291: Interface IDs are required to be /64 - RFC3627: Use of /127 between routers considered harmful - RFC6547: RFC3627 to Historic Status - RFC6164: Using /127 on Inter-Router links • Be safe: reserve a /64, assign a /127 per point-to-point connection 39
  • 40. Customer assignments • Give your customers enough addresses - Up to a /48 • For more addresses, send in request form - Alternatively, make a sub-allocation • Every assignment must now be registered in the RIPE database 40
  • 41. Using AGGREGATED-BY-LIR ALLOCATED-BY-RIR ASSIGNED AGGREGATED-BY-LIR ALLOCATED-BY-LIR /36 /44 assignment-size: 56 /34 AGGREGATED-BY-LIR assignment-size: 48 /40 hint :) /48 /48 /48 /48 /48 41
  • 42. Group assignments in the RIPE DB inet6num:        2001:db8:1000::/36 netname:         Bluelight descr:           We want more Bluelight B.V. descr:      Colocation services country:          NL admin-c:         BN649-RIPE tech-c:          BN649-RIPE status:          AGGREGATED-BY-LIR assignment-size: 48 mnt-by:          BLUELIGHT-MNT notify:          noc@example.net changed:        noc@example.net 20110218 source:         RIPE 42
  • 43. Customers And Their /48 • Customers have no idea how to handle 65536 subnets! • Provide them with information – https://www.ripe.net/lir-services/training/material/IPv6- for-LIRs-Training-Course/IPv6_addr_plan4.pdf 43
  • 44. IPv6 Address Management • Your Excel sheet might not scale – There are 65.536 /48s in a /32 – There are 65.536 /64s in a /48 – There are 16.777.216 /56s in a /32 • Find a suitable IPAM solution 44
  • 45. Getting IPv6 PI address space • To qualify, an organisation must: - Meet the contractual requirements for provider independent resources • Minimum assignment size /48 45
  • 47. Reverse DNS 2001 db8 2001:0db8:003e:ef11:0000:0000 :c100: 004d . . . . . . . .ip6.arpa d.4.0.0.0.0.1.c.0.0.0.0.0.0.0.0.1.1.f.e.e. 3.0.0.8.b.d.0.1.0.0.2.ip6.arpa PTR yourname.domain.tld d.4.0.0.0.0.1.c.0.0.0.0.0.0.0.0.1.1.f.e.e.3.0.0.8.b.d.0.1.0.0.2.ip6.arpa PTR yourname.domain.tld 47
  • 51. Members with IPv6 and IPv4 7853 members with IP resources 3846 3918 89 IPv4 only IPv6 only IPv6 and IPv4 51
  • 52. IPv6 Ripeness • Rating system: - One star if the LIR has an IPv6 allocation - Additional stars if: - IPv6 Prefix is announced on router - A route6 object is in the RIPE Database - Reverse DNS is set up - A list of all 4 star LIRs: http://ripeness.ripe.net/ 52
  • 53. IPv6 RIPEness: 8097 LIRs (5 May 2012) 1 star 2 stars 3 stars 4 stars No IPv6 1 star 14% No IPv6 51% 2 stars 6% 3 stars 11% 4 stars 18%
  • 54. 0 225 450 675 900 Slovenia (47 LIRs) Netherlands (418 LIRs) 1star Czech Republic (221 LIRs) Germany (821 LIRs) 2star Switzerland ( 260 LIRs) Poland (214 LIRs) 3star Austria (155 LIRs) Portugal (37 LIRs) 4star Norway (163 LIRs) IPv6 RIPEness – countries (5 May 2012) Denmark (123 LIRs) 0star 54
  • 55. 0% 25% 50% 75% 100% Slovenia (47 LIRs) Netherlands (418 LIRs) 1star Czech Republic (221 LIRs) Germany (821 LIRs) 2star Switzerland (260 LIRs) Poland (214 LIRs) 3star Austria (155 LIRs) Portugal (37 LIRs) 4star Norway (163 LIRs) IPv6 RIPEness – relative (5 May 2012) Denmark (123 LIRs) 0star 55
  • 56. IPv6 enabled ASes in global routing All Germany Belgium France Netherlands 50% http://v6ASNs.ripe.net 42% 33% 25% 17% 8% 0% 2004 2005 2006 2007 2008 2009 2010 2011 2012 56
  • 57. World IPv6 Launch • http://www.worldipv6launch.org/ 57
  • 58. Useful information Websites • http://www.getipv6.info/ • http://www.ipv6actnow.org • http://datatracker.ietf.org/wg/v6ops/ • http://www.ripe.net/ripe/docs/ripe-501.html Mailing lists • http://lists.cluenet.de/mailman/listinfo/ipv6-ops • http://www.ripe.net/mailman/listinfo/ipv6-wg 58
  • 60. Scenario 1: LIR = PA allocation + ASN ISP 1 ISP 2 x AS3 AS7 AS4 AS5 AS6 • Can make assignments to End Users 60
  • 61. Scenario 2: End User = PI + ASN ISP 1 ISP 2 x • Can NOT sub-assign further!!! - (in IPv4 can still use PI for xDSL, broadband...) 61
  • 62. Scenario 3: LIR = PI + ASN ISP 1 ISP 2 x • Can NOT sub-assign further!!! - (in IPv4 can still use PI for xDSL, broadband...) 62
  • 63. Scenario 4: PI End User, not multihomed ISP 1 ISP 2 x • Part of LIR’s AS number - does not want to / can not run BGP - still wants “portable” addresses 63
  • 64. How to get an AS Number • Assignment requirements - Address space - Multihoming - One AS Number per network • For LIR itself • For End User - Sponsoring LIR requests it for End User - Direct Assignment User requests it for themselves 64
  • 65. 32-bit AS Numbers and you • New format: “AS4192351863” • Act now! • Prepare for 32-bit ASNs in your organisation: - Check if hardware is compatible; if not, contact hardware vendor - Check if upstream uses compatible hardware; if not, they should upgrade! 65
  • 67. RIPE Database • Public Internet resource and routing registry database 67
  • 68. RIPE Database objects • Resources – inetnum, inet6num, aut-num, domain • Routing – route, route6, aut-num • Security – mntner • Contact – organisation, person, role 68
  • 69. Protection mntner: LIR-MNT person: John Smith admin-c: JS123-RIPE nic-hdl: JS123-RIPE tech-c: JS123-RIPE address: sesamestreet 1 mnt-by: LIR-MNT phone: +1 555 0101 notify: noc@example.org e-mail: john@example.org mnt-nfy: list@example.org mnt-by: LIR-MNT abuse-mailbox: abuse@example.org auth: MD5-PW $1$xT9SJ 69
  • 70. Protection inetnum: 85.11.186.0/25 descr: My Assignment status: ASSIGNED PA mnt-by: LIR-MNT admin-c: LA789-RIPE tech-c: LA789-RIPE mntner: LIR-MNT admin-c: LA789-RIPE person: John Smith tech-c: LA789-RIPE nic-hdl: JS123-RIPE mnt-by: LIR-MNT mnt-by: LIR-MNT notify: noc@example.org address: sesamestreet 1 mnt-nfy: list@example.org phone: +1 555 0101 abuse-mailbox: abuse@example.org e-mail: john@example.org auth: MD5-PW $1$xT9SJ aut-num: 64551 descr: My AS Number mnt-by: RIPE-NCC-END-MNT mnt-by: LIR-MNT org: ORG-BB2-RIPE admin-c: LA789-RIPE tech-c: LA789-RIPE 70
  • 72. What is “Internet Routing Registry” • Distributed databases with public routing policy information, mirroring each other: irr.net - APNIC, RADB, Level3, SAVVIS... • RIPE NCC operates “RIPE Routing Registry” • Big operators make use of it - AS286 (KPN), AS5400 (BT), AS1299 (Telia), AS8918 (Carrier1), AS2764 (Connect), AS3561 (Savvis), AS3356 (Level 3)... 72
  • 73. Publishing routing policy in IRR • Required by some Transit Providers & IXPs - they use it for prefix-based filtering • Allows for automated generation of prefix filters - and router configuration commands, based on RR • Contributes to routing security - prefix filtering based on IRR registered routes prevents accidental leaks and route hijacking • Good housekeeping 73
  • 74. RIPE RR is part of the RIPE Database • route[6] object creation is responsibility of LIR - every time you receive a new allocation, do create a route or route6 object • route and route6 objects represent routed prefix - address space being announced by an AS number 74
  • 75. Route and route6 object organisation: ORG-BB2-RIPE route6: 2001:db8::/32 origin: AS2 tech-c: LA789-RIPE admin-c: JD1-RIPE mnt-by: RIPE-NCC-HM-MNT inet6num: 2001:db8::/32 aut-num: AS2 tech-c: LA789-RIPE tech-c: LA789-RIPE admin-c: JD1-RIPE admin-c: JD1-RIPE mnt-by: RIPE-NCC-HM-MNT mnt-by: RIPE-NCC-HM-MNT 75
  • 76. IPv6 in the Routing Registry Route6 object: route6: 2001:DB8::/32 origin: AS65550 Aut-num object: aut-num: AS65550 mp-import: afi ipv6.unicast from AS64496 accept ANY mp-export: afi ipv6.unicast to AS64496 announce AS65550 76
  • 77. Automation of router configuration • Describing routing policy in aut-num enables generation of route-maps for policy routing • Tools can read your policy towards peers - translation from RPSL to router configuration commands • Tools collect the data your peers have in RR - if their data changes, you only have to periodically run your scripts to collect updates 77
  • 79. Limitations of the Routing Registry • Many registries exist, operated by different parties: – Not all of them mirror each other – Do you trust the information they provide? • The IRR system is far from complete • Resulting filters are hard to maintain and can take a lot of router memory 79
  • 80. The RIPE NCC involvement in RPKI • The authority who is the holder of an Internet Number Resource in our region – IPv4 and IPv6 address ranges – Autonomous System Numbers • Information is kept in the registry • Accuracy and completeness are key 80
  • 81. Digital resource certificates • Issue digital certificates along with the registration of Internet Resources • Two main purposes: – Make the registry more robust – Making Internet Routing more secure • Validation is the added value 81
  • 82. Using certificates • Certification is a free, opt-in service – Your choice to request a certificate – Linked to your membership – Renewed every 12 months • Certificate does not list any identity information • Digital proof you are the holder of a resource 82
  • 83. The PKI system • The RIRs hold a self-signed root certificate for all the resources that they have in the registry – They are the trust anchor for the system • That root certificate is used to sign a certificate that lists your resources • You can issue child certificates for those resources to your customers – When making assignments or sub allocations 83
  • 84. Certificate Authority (CA) Structure Root CA (RIPE NCC) Member CA (LIR) Customer CA 84
  • 85. Which resources are certified? • Provider Aggregatable (PA) IP addresses • Provider Independent (PI) addresses marked as “Infrastructure” • Other resources will be added over time: – PI addresses for which we have a contract – ERX resources 85
  • 86. Route Origination Authorisation (ROA) • Next to the prefix and the ASN which is allowed to announce it, the ROA contains: –A minimum prefix length –A maximum prefix length – An expiry date • Multiple ROAs can exist for the same prefix • ROAs can overlap 86
  • 87. Publication and validation • ROAs are published in the same repositories as the certificates and their keys • You can download them and use software to verify all the cryptographic signatures are valid – Was this really the owner of the prefix? • You will end up with a list of prefixes and the ASN that is expected to originate them – And you can be sure the information comes from the holder of the resources 87
  • 89. ROA Validation • You can download all the certificates, public keys and ROAs which form the RPKI • Software running on your own machine can retrieve and then verify the information – Cryptographic tools can check all the signatures • The result is a list of all valid combinations of ASN and prefix, the “validated cache” 89
  • 90. Reasons for a ROA to be invalid • The start date is in the future – Actually this is flagged as an error • The end date is in the past – It is expired and the ROA will be ignored • The signing certificate or key pair has expired or has been revoked • It does not validate back to a configured trust anchor 90
  • 91. The Decision Process • When you receive a BGP announcement from one of your neighbors you can compare this to the validated cache • There are three possible outcomes: – Unknown: there is no covering ROA for this prefix – Valid: a ROA matching the prefix and ASN is found – Invalid: There is a ROA but it does not match the ASN or the prefix length 91
  • 92. Modifying the Validated Cache • The RIPE NCC Validator allows you to manually override the validation process • Adding an ignore filter will ignore all ROAs for a given prefix – The end result is the validation state will be “unknown” • Creating a whitelist entry for a prefix and ASN will locally create a valid ROA – The end result is the validation state becomes “valid” 92
  • 93. The Decision is Yours • The Validator is a tool which can help you making informed decisions about routing • Using it properly can enhance the security and stability of the Internet • It is your network and you make the final decision 93
  • 94. Public Testbeds • A few people allow access to routers that run RPKI and allow you to have a look at it • RIPE NCC has a Cisco: – Telnet to rpki-rtr.ripe.net – User: ripe, no password • Eurotransit has a Juniper: – Telnet to 193.34.50.25 or 193.34.50.26 – Username: rpki, password: testbed (http://www.ripe.net/lir-services/resource-management/certification/tools-and-resources) 94
  • 95. Roadmap • Support for non-hosted is still under development by the RIPE NCC – Expected release will be third quarter 2012 • We can give you access to beta test – Mail certification@ripe.net if you are interested • More information will be published on the certification website – http://www.ripe.net/certification 95
  • 96. Follow us! @TrainingRIPENCC 96
  • 98. The End! Kрай Y Diwedd Fí Соңы Finis Liðugt Ende Finvezh Kiнець Konec Kraj Ënn Fund Lõpp Beigas Vége Son Kpaj An Críoch ‫הסוף‬ Endir Fine Sfârşit Fin Τέλος Einde Конeц Slut Slutt Pabaiga Amaia Loppu Tmiem Koniec Fim