Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
14/04/16
1
Internet Fundamentals
Kabul, Afghanistan
14 April 2016 Proudly Supported by:
Presenter Sheryl Hermoso (Shane)
Training Officer, APNIC
Sheryl had various roles as a Network and Systems Administrator prior to joining APNIC. Starting her career as a Technical Support Assistant while studying at the University of the Philippines. Sheryl later worked as a Network Engineer, where she managed the DILNET network backbone and wireless infrastructure.
Areas of interests:
IPv6, DNS/DNSSEC, Network Security, IRM
Contact: [email protected]
14/04/16
2
Agenda
09:00 Internet Operations Fundamentals
(IP and Routing)
10:00 IPv4 and IPv6 Addressing
11:00 Break
11:20 IP Address Management 12:00 DNS and Reverse DNS
13:00 End of session
3
Internet Operational Fundamentals
4
14/04/16
3
In the beginning…
• 1968 - DARPA – (Defense Advanced Research Projects Agency) contracts with BBN
to create ARPAnet
• 1969 – First four nodes
5
The Internet is born…
• 1970 - Five nodes: – UCLA – Stanford - UC Santa Barbara - U of Utah – BBN
• 1971 – 15 nodes, 23 hosts connected
• 1974 – TCP specification by Vint Cerf & Bob Kahn • 1983 – TCP/IP
– On January 1, the Internet with its 1000 hosts converts en masse to using TCP/IP for its messaging
6
14/04/16
4
Pre 1992
RFC 1020 1987
RFC 1261 1991
“The assignment of numbers is also handled by Jon. If you are developing a protocol or application that will require the use of a link, socket, port, protocol, or network number please contact Jon to receive a number assignment.”
RFC 790 1981
Address Architecture - History
• Initially, only 256 networks in the Internet!
• Then, network “classes” introduced: – Class A (128 networks x 16M hosts) – Class B (16,384 x 65K hosts) – Class C (2M x 254 hosts)
8
14/04/16
5
Address Architecture - Classful
A (7 bits) Host address (24 bits)
Class A: 128 networks x 16M hosts (50% of all address space)
0
B (14 bits) Host (16 bits) 10
Class B: 16K networks x 64K hosts (25%)
C (21 bits) Host (8 bits) 110
Class C: 2M networks x 254 hosts (12.5%)
0-127
128-191
192-223
9
Internet Challenges 1992
• Address space depletion – IPv4 address space is finite – Historically, many wasteful allocations
• Routing chaos – Legacy routing structure, router overload – CIDR & aggregation are now vital
• Inequitable management – Unstructured and wasteful address space distribution
10
14/04/16
6
• Network boundaries may occur at any bit
Classless & Classful addressing
16K networks x 64K hosts
128 networks x 16M hosts A
B
2M networks x 256 hosts C
Obsolete • inefficient • depletion of B space • too many routes from C space
Classful Classless Best Current
Practice
Addresses Prefix Classful Net Mask ... ... ... ... 8 /29 255.255.255.248
16 /28 255.255.255.240 32 /27 255.255.255.224 64 /26 255.255.255.192
128 /25 255.255.255.128 256 /24 1 C 255.255.255.0 ... ... ... ... 4096 /20 16 C’s 255.255.240.0 8192 /19 32 C’s 255.255.224
16384 32768 65536
/18 /17 /16
64 C’s 128 C’s
1 B
255.255.192 255.255.128 255.255.0.0
... ... ... ... *
Classful addressing
is dead!
11
Evolution of Internet Resource Management • 1993: Development of “CIDR”
– addressed both technical problems RFC 1519
RFC 1518
RFC 1517
Address depletion à Through more accurate
assignment • variable-length network
address
Routing table overload à Through address space
aggregation • “ supernetting”
12
14/04/16
7
Evolution of Internet Resource Management • Administrative problems remained
– Increasing complexity of CIDR-based allocations – Increasing awareness of conservation and aggregation – Need for fairness and consistency
• RFC 1366 (1992) – Described the “growth of the Internet and its increasing
globalization” – Additional complexity of address management – Set out the basis for a regionally distributed Internet registry system
RFC 1366
13
Evolution of Address Policy
• Establishment of RIRs – Regional open processes – Cooperative policy development – Industry self-regulatory model
• bottom up
AFRINIC APNIC ARIN LACNIC
AFRINIC community
APNIC community
ARIN community
LACNIC community
RIPENCC
RIPENCC community
14
14/04/16
8
World Internet Users Today
15
World Internet Penetration Today
16
14/04/16
9
Growth of the Global Routing Table
http://www.cidr-report.org/as2.0/
601719 prefixes As of 22 Mar 2016
2009: The GFC hits the Internet
2011: Address Exhaustion
2005: Broadband to the Masses
2001: The Great Internet Boom and Bust 1994: Introduction of CIDR
Projected growth of
routing table before CIDR CIDR
deployment
Dot-Com boom
Sustainable growth
17
Internet Protocols and Operations
18
14/04/16
10
How the Internet Works
CLIENTS Computers (PC, Mac) Mobile Devices (Phone, Tablets)
CONNECTION Physical connection (Wires, Cables) Network Devices (Switch, Routers) Wireless, fibre optics
CLIENT-SERVER MODEL
SERVER Content (Search, News) Mailserver (Gmail, Yahoo) FTP / fileserver DNS server Etc…
Network
19
How the Internet Works
Access Point
DSL INTERNET
Internet Service Provider
From: 192.168.100.10 To: 74.125.128.102
Justlikesendingasnailmail
1. Physical connectivity 2. Protocol (TCP/IP) 3. IP Addressing (IPv4 or IPv6)
20
14/04/16
11
How the Internet works
• Physical connectivity and reachability – Cable, wireless, fiber, etc… – Packet switching
• Protocols – common communication and rules – TCP/IP
• Addressing – global accessibility – IPv4, IPv6, ASN
21
What is a Protocol?
• Set of rules that define the communications process
• defines the structure or pattern for the data transferred – functions or processes that need to be carried out in order to
implement the data exchange – information required by processes in order for them to accomplish
this
• All data is transmitted in the same way irrespective of what the data refers to, whether it is clear or encrypted.
22
14/04/16
12
The OSI Model
Access to the network
Manipulate data (Translate, encrypt)
Manage sessions (connections)
Provide reliable delivery
Internetwork - move packets fromsource to destinationConfigure data for direct delivery by physical layer
Physical delivery - electrical specs etc
Application
Presentation
Session
Transport
Network
Data Link
Physical
23
OSI and TCP/IP Model
Application
Presentation
Session
Transport
Network
Data Link
Physical
Application
Transport
Internet
Network Access
24
14/04/16
13
Transport
Data Link
Physical
Network
Upper Layer Data
Upper Layer Data TCP Header
Data IP Header
0101110101001000010
Data MAC Header
Presentation
Application
Session
Segment
Packet
Bits
Frame
PDU
FCS
Encapsulating Data
25
Upper Layer Data
IP + TCP + Upper Layer Data
MAC Header
TCP+ Upper Layer Data IP Header
Upper Layer Data
TCP Header
0101110101001000010
Transport
Data Link
Physical
Network
Presentation Application
Session
De-encapsulating Data
26
14/04/16
14
Internet Protocol (IP)
• IP is an unreliable, connectionless delivery protocol – A best-effort delivery service – No error checking or tracking (no guarantees – Post Office) – Every packet treated independently – IP leaves higher level protocols to provide reliability services (if
needed)
• IP provides three important definitions: – basic unit of data transfer – routing function – rules about delivery
27
TCP/IP Protocol Structure
ICMP
UDP
SMTP FTP Telnet
IGMP
ARP RARP
DATA LINK
PHYSICAL
DNS ……… HTTP
TCP
IP
From Forouzan
28
14/04/16
15
Internet Routing
The Internet
Net
Net
Net
Net Net
Net Net
Net
Net
Net
Net
Global Routing Table
4.128/9 60.100/16 60.100.0/20 135.22/16 …
4.128/960.100/1660.100.0/20135.22/16…Global Routing Table4.128/960.100/1660.100.0/20135.22/16…Global Routing Table
4.128/960.100/1660.100.0/20135.22/16…Global Routing Table4.128/960.100/1660.100.0/20135.22/16…Global Routing Table
4.128/960.100/1660.100.0/20135.22/16…Global Routing Table4.128/960.100/1660.100.0/20135.22/16…Global Routing Table4.128/960.100/1660.100.0/20135.22/16…Global Routing Table4.128/960.100/1660.100.0/20135.22/16…Global Routing Table
4.128/960.100/1660.100.0/20135.22/16…Global Routing Table4.128/960.100/1660.100.0/20135.22/16…Global Routing Table4.128/960.100/1660.100.0/20135.22/16…Global Routing Table4.128/960.100/1660.100.0/20135.22/16…Global Routing Table4.128/960.100/1660.100.0/20135.22/16…Global Routing Table4.128/960.100/1660.100.0/20135.22/16…Global Routing Table
4.128/960.100/1660.100.0/20135.22/16…Global Routing Table4.128/960.100/1660.100.0/20135.22/16…Global Routing Table 4.128/960.100/1660.100.0/20135.22/16…Global Routing Table4.128/960.100/1660.100.0/20135.22/16…Global Routing Table
4.128/960.100/1660.100.0/20135.22/16…Global Routing Table4.128/960.100/1660.100.0/20135.22/16…Global Routing Table 4.128/960.100/1660.100.0/20135.22/16…Global Routing Table4.128/960.100/1660.100.0/20135.22/16…Global Routing Table
29
Internet Routing
The Internet
Traffic 202.12.29.0/24
Announce 202.12.29.0/24
Global Routing Table
4.128/9 60.100/16 60.100.0/20 135.22/16 …
Global Routing Table
4.128/9 60.100/16 60.100.0/20 135.22/16
202.12.29.0/24 …
202.12.29.0/24
30
14/04/16
16
Internet Routing
Local Routing Table
202.12.29.0/25 202.12.29.128/25
Traffic 202.12.29.142
202.12.29.0/24
31
What does a router do?
• ?
32
14/04/16
17
A day in a life of a router
• find path
• forward packet, forward packet, forward packet, forward packet...
• find alternate path
• forward packet, forward packet, forward packet, forward packet…
• repeat until powered off
33
Routing versus Forwarding
Routing = building maps and giving directions
Forwarding = moving packets between interfaces according to the “directions”
34
14/04/16
18
IP Routing – finding the path
• Path derived from information received from a routing protocol
• Several alternative paths may exist – best path stored in forwarding table
• Decisions are updated periodically or as topology changes (event driven)
• Decisions are based on: – topology, policies and metrics (hop count, filtering, delay, bandwidth,
etc.)
35
Metric field
• To determine which path to use if there are multiple paths to the remote network
• Provide the value to select the best path
• But take note of the administrative distance selection process J
Routing Protocol Metric RIPv2 Hop count EIGRP Bandwidth, delay, load, reliability,
MTU OSPF Cost (the higher the bandwidth
indicates a lower cost) IS-IS Cost
36
14/04/16
19
IP route lookup
• Based on destination IP address
• “longest match” routing – More specific prefix preferred over less specific prefix – Example: packet with destination of 10.1.1.1/32 is sent to the router
announcing 10.1/16 rather than the router announcing 10/8.
37
IP route lookup
• Based on destination IP address
10/8 announced from here
10.1/16 announced from here
Packet: Destination IP address: 10.1.1.1
10/8 → R3 10.1/16 → R4 20/8 → R5 30/8 → R6 …..
R2’s IP routing table
R1 R2
R3
R4
38
14/04/16
20
IP route lookup: Longest match routing • Based on destination IP address
R2’s IP routing table
10.1.1.1 && FF.0.0.0 vs. 10.0.0.0 && FF.0.0.0
Match! 10/8 → R3 10.1/16 → R4 20/8 → R5 30/8 → R6 …..
10/8 announced from here
10.1/16 announced from here
R1 R2
R3
R4
Packet: Destination IP address: 10.1.1.1
39
IP route lookup: Longest match routing • Based on destination IP address
10.1.1.1 && FF.FF.0.0 vs. 10.1.0.0 && FF.FF.0.0
Match as well! 10/8 → R3 10.1/16 → R4 20/8 → R5 30/8 → R6 …..
R2’s IP routing table
10/8 announced from here
10.1/16 announced from here
R1 R2
R3
R4
Packet: Destination IP address: 10.1.1.1
40
14/04/16
21
IP route lookup: Longest match routing • Based on destination IP address
10.1.1.1 && FF.0.0.0 vs. 20.0.0.0 && FF.0.0.0
Does not match!
10/8 → R3 10.1/16 → R4 20/8 → R5 30/8 → R6 …..
R2’s IP routing table
10/8 announced from here
10.1/16 announced from here
R1 R2
R3
R4
Packet: Destination IP address: 10.1.1.1
41
IP route lookup: Longest match routing • Based on destination IP address
10.1.1.1 && FF.0.0.0 vs. 30.0.0.0 && FF.0.0.0
Does not match!
10/8 → R3 10.1/16 → R4 20/8 → R5 30/8 → R6 …..
R2’s IP routing table
10/8 announced from here
10.1/16 announced from here
R1 R2
R3
R4
Packet: Destination IP address: 10.1.1.1
42
14/04/16
22
IP route lookup: Longest match routing • Based on destination IP address
10/8 → R3 10.1/16 → R4 20/8 → R5 30/8 → R6 …..
R2’s IP routing table
Longest match, 16 bit netmask
10/8 announced from here
10.1/16 announced from here
R1 R2
R3
R4
Packet: Destination IP address: 10.1.1.1
43
RIBs and FIBs
• FIB is the Forwarding Table – It contains destinations and the interfaces to get to those destinations – Used by the router to figure out where to send the packet – Careful! Some people still call this a route!
• RIB is the Routing Table – It contains a list of all the destinations and the various next hops used
to get to those destinations – and lots of other information too! – One destination can have lots of possible next-hops – only the best
next-hop goes into the FIB
44
14/04/16
23
Explicit versus Default Routing
• Default: – simple, cheap (cycles, memory, bandwidth) – low granularity (metric games)
• Explicit (default free zone) – high overhead, complex, high cost, high granularity
• Hybrid – minimise overhead – provide useful granularity – requires some filtering knowledge
45
Routing Policy
• Used to control traffic flow in and out of an ISP network
• ISP makes decisions on what routing information to accept and discard from its neighbours – Individual routes – Routes originated by specific ASes – Routes traversing specific ASes – Routes belonging to other groupings
• Groupings which you define as you see fit
46
14/04/16
24
Representation of Routing Policy
• Routing and packet flows
AS 1 AS 2 routing flow
packet flow
packet flow
accepts
announces
announces
accepts
For AS1 and AS2 networks to communicate • AS1 must announce to AS2 • AS2 must accept from AS1 • AS2 must announce to AS1 • AS1 must accept from AS2
47
Representation of Routing Policy
AS 1 AS 2
aut-num: AS1 … import: from AS2
action pref=100; accept AS2
export: to AS2 announce AS1
aut-num: AS2 … import: from AS1
action pref=100; accept AS1
export: to AS1 announce AS2
Basic concept
“action pref” - the lower the value, the more preferred the route
48
14/04/16
25
Routing flow and Traffic flow
• Traffic flow is always in the opposite direction of the flow of Routing information – Filtering outgoing routing information inhibits traffic flow inbound – Filtering inbound routing information inhibits traffic flow outbound
49
Routing Flow/Packet Flow: With multiple ASes
• For net N1 in AS1 to send traffic to net N16 in AS16: – AS16 must originate and announce N16 to AS8. – AS8 must accept N16 from AS16. – AS8 must forward announcement of N16 to AS1 or AS34. – AS1 must accept N16 from AS8 or AS34.
• For two-way packet flow, similar policies must exist for N1
AS 1
AS 8
AS 34
AS16
N16
N1
50
14/04/16
26
Routing Flow/Packet Flow: With multiple ASes
• As multiple paths between sites are implemented it is easy to see how policies can become quite complex.
AS 1
AS 8
AS 34
AS16
N16
N1
51
Routing Protocols
• Routers use “routing protocols” to exchange routing information with each other – IGP is used to refer to the process running on routers inside an ISP’s
network – EGP is used to refer to the process running between routers
bordering directly connected ISP networks
52
14/04/16
27
What is an IGP?
• Interior Gateway Protocol
• Within an Autonomous System
• Carries information about internal infrastructure prefixes
• Two widely used IGPs in service provider network: – OSPF – ISIS
53
Why Do We Need an IGP?
• ISP backbone scaling – Hierarchy – Limiting scope of failure – Only used for ISP’s infrastructure addresses, not customers or
anything else – Design goal is to minimise number of prefixes in IGP to aid scalability
and rapid convergence
54
14/04/16
28
What is an EGP?
• Exterior Gateway Protocol
• Used to convey routing information between Autonomous Systems
• De-coupled from the IGP
• Current EGP is BGP
55
Why Do We Need an EGP?
• Scaling to large network – Hierarchy – Limit scope of failure
• Define Administrative Boundary
• Policy – Control reachability of prefixes – Merge separate organisations – Connect multiple IGPs
56
14/04/16
29
Administrative Distance
• method used for selection of route priority of IP routing protocol, the lowest administrative distance is preferred – Manually entered routes are preferred from dynamically learned
routes • Static routes • Default routes
– Dynamically learned routes depend on the routing protocol metric calculation algorithm and default metrics values the smallest metric value are preferred
57
Administrative Distance Chart (Cisco)
Routed Sources Default Distance Connected interface 0 Static route out an interface 0 Static route to a next hop 1 External BGP 20 IGRP 100 OSPF 110 IS-IS 115 RIP v1, v2 120 EGP 140 Internal BGP 200 Unknown 255
58
14/04/16
30
IP Addressing Basics IPv4 and IPv6
59
Where do IP Addresses come from?
60
Standards
Allocation
Allocation
Assignment
End user
RIRs
LIR/ISP
14/04/16
31
IPv4 Addresses
• 32-bits long 232 or 4,294,967,296 possible addresses
• written in dotted-decimal format 0.0.0.0 – 255.255.255.255
• Some are used for public, and some for private networks – Public IP addresses MUST be unique
11000000 10110000 00001111 00110010
192. 168. 15. 50
61
Examples
• Change from binary notation to dotted-decimal format: 1. 10000001 00001011 00001011 11101111 2. 11000001 10000011 00011011 11111111 3. 11100111 11011011 10001011 01101111
• Are these valid IPv4 addresses? 1. 203.176.111.25 2. 297.0.67.129 3. 4.100.5.231 4. 100.00.10110.1111
62
14/04/16
32
IP Addressing issues
• Exhaustion of IPv4 addresses – Wasted address space in traditional subnetting – Limited availability of /8 subnets address
• Internet routing table growth – Size of the routing table due to higher number prefix announcement
• Tremendous growth of the Internet – Management issues – Unstructured and wasteful distribution
63
IP Addressing Solutions
• Subnet masking and summarization – Variable-length subnet mask definition – Hierarchical addressing – Classless Inter-domain Routing (CIDR) – Routes summarization (RFC 1518)
• Private address usage (RFC 1918) – Network address translation (NAT)
• Development of IPv6 address
64
14/04/16
33
IPv4 Address Space
NRO Q4 2015
65
Variable Length Subnet Mask (VLSM)
• Allows the ability to have more than one subnet mask within a network
• Allows re-subnetting – create sub-subnet network address
• Increase the routes capability – Addressing hierarchy – Summarisation
66
14/04/16
34
Subnetting Example
• Subnet 192.168.0.0/24 into smaller subnet – Subnet mask with /27 and /30 (point-to-point)
192.168.1.0/24
192.168.0.32/27
192.168.0.64/27
192.168.0.96/27
192.168.0.1/30
192.168.0.5/30
192.168.0.9/30
192.168.2.0/24
192.168.0.0/16
67
Subnetting Example • Subnet 192.168.0.0/24 into smaller subnet
– Subnet mask with /30 (point-to-point)
Description Decimal Binary
Network Address
192.168.0.0/30 x.x.x.00000000
1st valid IP 192.168.0.1/30 x.x.x.00000001
2nd valid IP 192.168.0.2/30 x.x.x.00000010
Broadcast address
192.168.0.3/30 x.x.x.00000011
68
14/04/16
35
Subnetting Example • Subnet 192.168.0.0/24 into smaller subnet
– Subnet mask with /27
Description Decimal Binary
Network Address
192.168.0.32/27 x.x.x.00000000
Valid IP range 192.168.0.33 - 192.168.0.62
x.x.x.00000001
x.x.x.00000010
Broadcast address
192.168.0.63/30 x.x.x.00011111
69
Subnetting Example • Subnet 192.168.0.0/24 into smaller subnet
– Subnet mask with /27
Description Decimal VLSM Host Host range
1st subnet 192.168.0.0/27 x.x.x.000
00000
0-31
2nd subnet 192.168.0.32/27 x.x.x.001 31-63
3rd subnet 192.168.0.64/27 x.x.x.010 64-95
4th subnet 192.168.0.96/27 x.x.x.011 96-127
n = 5 (n is the remaining subnet bits ) 2n – 2 = 30 host per subnet
70
14/04/16
36
Subnetting Example
1. You have an IP range of 192.168.5.0/24. You need 20 subnets with 5 hosts per subnet. Find the host addresses for each subnet.
a) _________________ b) _________________ c) _________________
71
Subnetting Example
2. Given the IP address 172.16.10.22 with netmask 255.255.255.240
a) What is the subnet IP range? b) What is the broadcast IP address? c) Find all valid IP addresses for this range
72
14/04/16
37
Addressing Hierarchy
Core 192.168.32.0/19
Network Number 192.168.0.0/16
Distribution/Core 192.168.32.0/21
Access/Distribution 192.168.48.0/21
Upstream A
IXP A
IXP B
Upstream B
POP POP
Core
Border
Distribution
Access Access
73
Prefix routing / CIDR
• Prefix routing commonly known as classless inter domain routing (CIDR) – It allows prefix routing and summarisation with the routing tables of
the Internet
• RFCs that talks about CIDR – RFC 1517 Applicability statement for the implementation of CIDR – RFC 1518 Architecture for IP address allocation with CIDR – RFC 1519 CIDR : an address assignment and aggregation strategy – RFC 1520 Exchanging routing information access provider
boundaries in a CIDR environment
74
14/04/16
38
CIDR solution advantage
• CIDR offers the advantage of reducing the routing table size of the network by summarising the ISP announcement in a single /22 advertisement
75
192.168.3.0/24
192.168.0.0/24
192.168.1.0/24 192.168.0.0/22
192.168.0.0/24
192.168.1.0/24
192.168.3.0/24
192.168.2.0/24 Internet
A
B
C
D
192.168.2.0/24
Summarisation example
76
192.168.64.0/20
192.168.128.0/20
192.168.0.0/24 192.168.0.0/16
192.168.128.0/20
192.168.0.0/23
192.168.64.0/20
192.168.1.0/24 Internet
A
B
C
D Router C summarizes its networks (2 x/24) before announcing to its neighbors (routers B and D) Router A combines the networks received from B, C, D and announce it as single /16 routing to Internet
14/04/16
39
Route summarisation • Subnet 192.168.0.0/24 and 192.168.1.0/24 combining
then to become a bigger block of address “/23”
Network Subnet Mask Binary
192.168.0.0 255.255.255.0 x.x.00000000.x
192.168.1.0 255.255.255.0 x.x.00000001.x
Summary 192.168.0.0/23 x.x.00000000.x
192.168.0.0 255.255.254.0 x.x.00000000.x
77
Route Summarisation
• Allows the presentation of a series of networks in a single summary address.
• Advantages: – Faster convergence – Reducing the size of the routing table – Simplification – Hiding Network Changes – Isolate topology changes
78
14/04/16
40
IPv6 Addressing
• An IPv6 address is 128 bits long
• So the number of addresses are 2^128 = 340282366920938463463374607431768211455
• In hex, 4 bits (also called a ‘nibble’) is represented by a hex digit
• So 128 bits is reduced down to 32 hex digits
2001:0DB8:D35D:B33F::/64
2001:DC0:A910::
1010 1001 0001 0000
nibbles
79
IPv6 Address Representation
• Hexadecimal values of eight 16 bit fields – X:X:X:X:X:X:X:X (X=16 bit number, ex: A2FE) – 16 bit number is converted to a 4 digit hexadecimal number
• Example: – FE80:DCE3:124C:C1A2:BA03:6735:EF1C:683D
• Abbreviated form of address 2001:0DB8:0000:0000:0000:036E:1250:2B00 →2001:DB8:0:0:0:36E:1250:2B00 →2001:DB8::36E:1250:2B00 ( :: can only be used once)
Groups of zeroes
Leading zeroes
Double colons
80
14/04/16
41
IPv6 Address Representation (2)
• Double colons (::) representation – RFC5952 recommends that the rightmost set of :0: be replaced
with :: for consistency • 2001:db8:0:2f::5 rather than 2001:db8::2f:0:0:0:5
• In a URL, it is enclosed in brackets (RFC3986) – http://[2001:db8:4f3a::206:ae14]:8080/index.html – Cumbersome for users, mostly for diagnostic purposes – Use fully qualified domain names (FQDN)
• Prefix Representation – Representation of prefix is just like IPv4 CIDR – In this representation, you attach the prefix length – IPv6 address is represented as:
• 2001:db8:12::/40
81
IPv6 addressing structure
1 128
ISP /32
32
128 bits
Customer Site /48
16
End Site Subnet /64
16 64
Device 128 Bit Address
Interface ID 65
Network Prefix 64
82
14/04/16
42
Local Addresses With Network Prefix
• Link Local Address – A special address used to communicate within the local link of an
interface (i.e. anyone on the link as host or router) – The address in the packet destination would never pass through a
router (local scope) – Mandatory address - automatically assigned as soon as IPv6 is
enabled – FE80::/10
83
Local Addresses With Network Prefix
• Unique Local IPv6 Unicast Address – Addresses similar to the RFC 1918 (private address) in IPv4 – Ensures uniqueness – A part of the prefix (40 bits) are generated using a pseudo-random
algorithm and it's improbable that two generated ones are equal – FC00::/7 – Example webtools to generate ULA prefix
• http://www.sixxs.net/tools/grh/ula/
RFC 4193
84
14/04/16
43
Global Addresses With Network Prefix
• IPv6 Global Unicast Address – Global Unicast Range: 0010 2000::/3
0011 3FFF:FFF:…:FFFF/3 – All five RIRs are given a /12 from the /3 to further distribute within the
RIR region APNIC 2400:0000::/12 ARIN 2600:0000::/12 AfriNIC 2C00:0000::/12 LACNIC 2800:0000::/12 Ripe NCC 2A00:0000::/12
85
IPv6 Address Space
86
14/04/16
44
IPv6 Address Space
IPv6 Prefix Allocation RFC 0000::/8 Reserved by IETF RFC 4291 2000::/3 Global Unicast RFC 4291 FC00::/7 Unique Local Address RFC 4193 FE80::/10 Link Local Unicast RFC 4291 FEC0::/10 Reserved by IETF RFC 3879 FF00::/8 Multicast RFC 4291 2002::/16 6to4 RFC3056
http://www.iana.org/assignments/ipv6-address-space/ipv6-address-space.xml
87
Interface ID
• The lowest-order 64-bit field addresses
• May be assigned in several different ways: – auto-configured from a 48-bit MAC address expanded into a 64-bit
EUI-64 – assigned via DHCP – manually configured – auto-generated pseudo-random number – possibly other methods in the future
88
14/04/16
45
Subnetting (Example)
• Provider A has been allocated an IPv6 block
2001:DB8::/32 • Provider A will delegate /48 blocks to its customers
• Find the blocks provided to the first 4 customers
89
Subnetting (Example)
2001:0DB8::/32
2001:0DB8:0000::/48
Original block:
Rewrite as a /48 block: This is your network prefix!
How many /48 blocks are there in a /32?
/32/48
=2128−32
2128−48=296
280= 216
Find only the first 4 /48 blocks…
90
14/04/16
46
Subnetting (Example)
2001:0DB8:0000::/48 In bits
0000 0000 0000 0000 2001:0DB8: ::/48
0000 0000 0000 0001 2001:0DB8: ::/48
0000 0000 0000 0010 2001:0DB8: ::/48
0000 0000 0000 0011 2001:0DB8: ::/48
Start by manipulating the LSB of your network prefix – write in BITS
2001:0DB8:0000::/48
2001:0DB8:0001::/48
2001:0DB8:0002::/48
2001:0DB8:0003::/48
Then write back into hex digits
91
Exercise 1.1: IPv6 subnetting
1. Identify the first four /36 address blocks out of 2406:6400::/32
1. _____________________ 2. _____________________ 3. _____________________ 4. _____________________
92
14/04/16
47
Exercise 1.2: IPv6 subnetting
1. Identify the first four /35 address blocks out of 2406:6400::/32
1. _____________________ 2. _____________________ 3. _____________________ 4. _____________________
93
IP Address Management
94
14/04/16
48
Internet Registry Structure
95
• Asia-Pacific Network Information Centre • One of five Regional Internet Registry (RIRs) charged with
ensuring the fair distribution and responsible management of IP addresses and related resources
• A membership-based, not-for-profit organization
• Industry self-regulatory body – Open – Consensus-based – Transparent
96
14/04/16
49
Where is the APNIC Region?
97
Resource distribution- IP addresses- AS numbers
Registration services- reverse DNS- Internet routing
registry- resource certification- whois registry
98
What does APNIC do? APNIC services Members
14/04/16
50
Policy development
Capacity building- training- workshops- conferences- fellowships- grants
Infrastructure- root servers- IXPs- engineering
assistance
99
What does APNIC do? APNIC supports the Asia Pacific region
100
Original research
Data collection and measurements
Publications
Local/regional/global events
Government outreach
Intergovernmental & technical organizations collaboration
Internet security
What does APNIC do? APNIC collaborates with the Internet community
14/04/16
51
APNIC in the Internet Ecosystem
101
Industryassociations
NGOs
Nameregistries
Access
Standardsbodies
Governments/Regulators
At-largecommunities
INTERNETUSERS
Applications
ContentENABLERS
PROVIDERSOperator
groups
Numberregistries
APNIC is one of five RIRs
ASIA PACIFIC REGION
Support
APNIC MEM
BERS
INTE
RNET
COM
MUNITY
Service
Colla
bora
tio
n
Resource distribution- IP addresses- AS numbers
Registration services- reverse DNS- Internet routing
registry- resource certification- whois registry Policy development
Capacity building- training- workshops- conferences- fellowships- grants
Infrastructure- root servers- IXPs- engineering
assistance
Original research
Data collection and measurements
Publications
Local/regional/global events
Government outreach
Intergovernmental & technical organizations collaboration
Internet security
APNIC from a Global Perspective
102
14/04/16
52
APNIC in the Asia Pacific
103
ISOC chapters
Global Policy Coordination
The NRO is a coordinating body for the five regional Internet registries (RIRs)
www.nro.net
104
14/04/16
53
Global Policy Coordination
The purpose of the Address Supporting Organization (ASO) is to review and develop recommendations on Internet Protocol (IP) address policy
and to advise the ICANN Board.
ASOICANN Address Supporting Organization
https://aso.icann.org/
105
IRM Objectives
106
- Efficient use of resources- Based on demonstrated need
Conservation
- Limit routing table growth- Support provider-based routing
Aggregation
- Ensure uniqueness- Facilitate trouble shooting
Registration
Uniqueness, fairness and consistency
14/04/16
54
How IP Addresses are Delegated
107
Member (LIR)
LIR customer
Regi
stry
Rea
lm
Ope
rato
rs R
ealm
Customer / End User
delegates to customers
delegates to APNIC member
Member Allocation
/26 /27 /25
Customer Assignments
Sub Allocation
/26 /27
APNIC Allocation
/8
/24
APNIC
Customer Assignments
ISPAllocation
Customer Assignments
ISP
Portable and Non-Portable
• Portable Address – Provider-Independent (PI) – Assigned by RIR to end-user – Keeps addresses when changing
ISP – Increases the size of routing tables
• Non-portable Address – Provider-aggregatable (PA) – End-user gets address space from
LIR – Must renumber if changing
upstream provider – Can be aggregated for improved
routing efficiency
108
14/04/16
55
IPv6 Address Management Hierarchy
109
Describes “portability” of the address space
/12 APNIC Allocation
Portable
Portable
/48 Assignment /48 - /64 Assignment
APNIC Allocation
/48 - /64Assignment
Non-Portable Non-Portable
/40
/32 Member Allocation
Non-Portable
/12
Sub-allocation
Aggregation and Portability
110
Aggregation No Aggregation
(non-portable assignments)
(4 routes) (21 routes)
(portable assignments)
INTERNET INTERNET
ISP A ISP B ISP B
ISP C ISP D
ISP A
ISP C ISP D
14/04/16
56
Policy Development
• Creating a policy environment that supports the region’s Internet development
• Developed by the membership and broader Internet community
111
You are part of the APNIC community!
112
APNIC Internet Community
Global Internet Community
Open forum in the Asia Pacific
APNICMembers
A voice in regional Internet operations through participation in APNIC
IETF Individuals
NationalNOG
RegionalNOGAPAN
ISOC
ISPAssociations
14/04/16
57
Policy Development Process
113
All decisions & policies documented & freely available to anyone
Internet community proposes and approves policy
Open
Transparent Bottom up
Anyone can participate
B
efore
meeting
Authorproposes policyor amendment
Communitydiscusses
proposal on SIG mailing list
Policy Development Process Before the meeting
• Submit proposed policy to the APNIC Secretariat
• SIG Chair posts the proposal to mailing list
• Community discusses proposal
114
14/04/16
58
Policy Development Process
B
efore
meeting
Authorproposes policyor amendment
Communitydiscusses
proposal on SIG mailing list
Befo
re
meeting
Authorproposes policyor amendment
Communitydiscusses
proposal on SIG mailing list
During meeting
Communitydiscusses proposalface to face in SIG
SIG Chairgauges consensus
During the meeting
• Proposed policies are presented at the Open Policy Meeting (OPM)
• Community comments on the proposal
• If it reaches consensus, SIG Chair reports the decision at the APNIC Member Meeting (AMM)
115
Policy Development Process After the meeting
• Within a week, proposal is sent back to mailing list
• A comment period between 4-8 weeks is given
• If it reaches consensus, SIG Chair asks the Executive Council (EC) to endorse the proposal
• APNIC EC endorses proposal
• APNIC Secretariat implements the policy (minimum of 3 months)
During meeting
Bef
ore
meeting
Authorproposes policyor amendment
Communitydiscusses
proposal on SIG mailing list Community
discusses proposalface to face in SIG
During meetingBe
fore
meeting
Authorproposes policyor amendment
Communitydiscusses
proposal on SIGmailing list Community
discusses proposalface to face in SIG
After meeting
SIG Chairgauges consensus
Communityhas chance to raiseany final objections
during final call
SIG Chairconfirms
consensus
Executive Council(EC) endorses
policy
Secretariatimplements
policy
116
14/04/16
59
DNS and Reverse DNS
117
Domain Name System
• A lookup mechanism for translating objects into other objects – Mapping names to numbers and vice versa
• A globally distributed, loosely coherent, scalable, reliable, dynamic database
• Comprised of three components – A “name space” – Servers making that name space available – Resolvers (clients) query the servers about the name space
• A critical piece of the Internet infrastructure
118
14/04/16
60
IP Addresses vs Domain Names
The Internet
2001:0C00:8888:: My Computer www.apnic.net 2001:0400::
www.apnic.net 202.112.0.46 2001:0400::
DNS
119
DNS Features
• Global distribution – Shares the load and administration
• Loose Coherency – Geographically distributed, but still coherent
• Scalability – can add DNS servers without affecting the entire DNS
• Reliability
• Dynamicity – Modify and update data dynamically
120
14/04/16
61
DNS Features
• DNS is a client-server application
• Requests and responses are normally sent in UDP packets, port 53
• Occasionally uses TCP, port 53 – for very large requests, e.g. zone transfer from master to slave
121
Root .
.org .net .com .au
.edu.au
example.edu.au
.gov
.jp
.tv
.in x.y.z.a
www.example.edu.au
a.b.c.d
e.f.g.h
i.j.k.l
m.n.o.p w.x.y.z.
p.q.r.s
“Ask a.b.c.d” “Ask e.f.g.h”
“Ask i.j.k.l”
“Go to m.n.o.p”
local dns
www.example.edu.au? “go to m.n.o.p”
www.example.edu.au?
www.example.edu.au?
www.example.edu.au?
www.example.edu.au?
Querying the DNS – It’s all about IP!
122
14/04/16
62
The DNS Tree Hierarchy Root .
net jp org com arpa au
whois
edu
bnu
iana
www www
…
www wasabi
ws1 ws2
edu com net
abc
www
apnic gu
www
FQDN = Fully Qualified Domain Name
123
Domains
• Domains are “namespaces”
• Everything below .com is in the com domain
• Everything below apnic.net is in the apnic.net domain and in the net domain
124
14/04/16
63
NET Domain
APNIC.NET Domain
AU Domain
www.def.edu.au?
Root .
net org com arpa au
whois
iana
www www wasabi
ws1 ws2
edu com net
abc
www
apnic
def
www
Domains
125
Delegation
• Administrators can create subdomains to group hosts – According to geography, organizational affiliation or any other
criterion
• An administrator of a domain can delegate responsibility for managing a subdomain to someone else – But this isn’t required
• The parent domain retains links to the delegated subdomain – The parent domain “remembers” to whom the subdomain is
delegated
126
14/04/16
64
Zones and Delegations
• Zones are “administrative spaces”
• Zone administrators are responsible for a portion of a domain’s name space
• Authority is delegated from parent to child
127
NET Domain
APNIC.NET Domain
NET Zone
TRAINING.APNIC.NET Zone APNIC.NET Zone doesn’t include TRAINING.APNIC.NET since it has been “delegated”
APNIC.NET Zone
Root .
net org com arpa
whois
iana
www www training
ns1 ns2
apnic
Zones
128
14/04/16
65
Name Servers
• Name servers answer ‘DNS’ questions
• Several types of name servers – Authoritative servers
• master (primary) • slave (secondary)
– Caching or recursive servers • also caching forwarders
• Mixture of functions
Primary
Secondary
129
Root Servers
• The top of the DNS hierarchy
• There are 13 root name servers operated around the world – [a-m].root-servers.net
• There are more than 13 physical root name servers – Each rootserver has an instance deployed via anycast
130
14/04/16
66
Root Servers
131
http://root-servers.org/
Root Server Deployment at APNIC
• Started in 2002, APNIC is committed to establish new root server sites in the AP region
• APNIC assists in the deployment providing technical support.
• Deployments of F, K and I-root servers in – Singapore, Hong Kong, China, Korea, Thailand, Malaysia, Indonesia,
Philippines, Fiji, Pakistan, Bangladesh, Taiwan, Cambodia, Bhutan, and Mongolia
132
14/04/16
67
What is Reverse DNS?
• Forward DNS maps names to numbers
server.apnic.net è203.0.113.1
• Reverse DNS maps numbers to names 203.0.113.1 è server.apnic.net
133
Uses of Reverse DNS
• Service denial – That only allow access when fully reverse delegated eg. anonymous
ftp
• Diagnostics – Assisting in network troubleshooting (ex: traceroute)
• Spam identifications – Reverse lookup to confirm the source of the email – Failed lookup adds to an email’s spam score
134
14/04/16
68
Reverse DNS Tree
135
Mapping numbers to names - ‘reverse DNS’
22.64.202.in-addr.arpa.
apnic
whois www wwwtraining
ws1 ws2
202
64
22
203 204 210
iana in-addr
ROOT
net org com arpa
Reverse DNS Tree – with IPv6
136
apnic
202
64
22
203
ip6
IPv6 addresses
iana in-addr
ROOT
net org com arpa int
RFC3152
14/04/16
69
Managing Reverse DNS
• APNIC manages reverse delegation for both IPv4 and IPv6
• Before you register your domain objects, you need to ensure that your reverse zones have been configured and loaded in your name servers
• APNIC does not host your name servers or configure your reverse zone files
• APNIC only delegates the authority of your reverse zones to the name servers you provide through your domain objects
137
www.apnic.net/dns
Reverse Delegation for IPv4 • Reverse delegation for IPv4 is based on octet boundaries
• /24 Delegations – Address blocks should be delegated – At least one name server
• /16 Delegations – Same as /24 delegations – APNIC delegates entire zone to member
• < /24 Delegations – Read “classless in-addr.arpa delegation” – Not supported
138
RFC2317
14/04/16
70
Reverse Delegation for IPv6
• Reverse delegation for IPv4 is based on nibble boundaries
• /32 delegation – One domain object
• /48 delegation – One domain object
• /35 delegation – Divide into two /36 (closest 4-bit boundary) – Two separate domain objects
139
APNIC & LIR Responsibilities
• APNIC – Manage reverse delegations of address block distributed by APNIC – Process organisations requests for reverse delegations of network
allocations
• Organisations / LIR – Be familiar with APNIC procedures – Ensure that addresses are reverse-mapped – Maintain nameserver(s) for allocations – Keep accurate records in the database – Keep reverse DNS current with the Whois DB
140
14/04/16
71
Reverse Delegation Procedures
• Domain objects can be updated through MyAPNIC
• Nameserver/domain must be configured before domain objects are created
141
http://apnic.net/create-domain
142
14/04/16
72
www.facebook.com/APNIC
www.twitter.com/apnic
www.youtube.com/apnicmultimedia
www.flickr.com/apnic
www.weibo.com/APNICrir
143
144 144
Thank You!END OF SESSION