14/04/16

1

Internet Fundamentals

Kabul, Afghanistan

14 April 2016 Proudly Supported by:

Presenter Sheryl Hermoso (Shane)

Training Officer, APNIC

Sheryl had various roles as a Network and Systems Administrator prior to joining APNIC. Starting her career as a Technical Support Assistant while studying at the University of the Philippines. Sheryl later worked as a Network Engineer, where she managed the DILNET network backbone and wireless infrastructure.

Areas of interests:

IPv6, DNS/DNSSEC, Network Security, IRM

Contact: sheryl@apnic.net

14/04/16

2

Agenda

09:00 Internet Operations Fundamentals

(IP and Routing)

10:00 IPv4 and IPv6 Addressing

11:00 Break

11:20 IP Address Management 12:00 DNS and Reverse DNS

13:00 End of session

3

Internet Operational Fundamentals

4

14/04/16

3

In the beginning…

•  1968 - DARPA –  (Defense Advanced Research Projects Agency) contracts with BBN

to create ARPAnet

•  1969 – First four nodes

5

The Internet is born…

•  1970 - Five nodes: –  UCLA – Stanford - UC Santa Barbara - U of Utah – BBN

•  1971 – 15 nodes, 23 hosts connected

•  1974 – TCP specification by Vint Cerf & Bob Kahn •  1983 – TCP/IP

–  On January 1, the Internet with its 1000 hosts converts en masse to using TCP/IP for its messaging

6

14/04/16

4

Pre 1992

RFC 1020 1987

RFC 1261 1991

“The assignment of numbers is also handled by Jon. If you are developing a protocol or application that will require the use of a link, socket, port, protocol, or network number please contact Jon to receive a number assignment.”

RFC 790 1981

Address Architecture - History

•  Initially, only 256 networks in the Internet!

•  Then, network “classes” introduced: –  Class A (128 networks x 16M hosts) –  Class B (16,384 x 65K hosts) –  Class C (2M x 254 hosts)

8

14/04/16

5

Address Architecture - Classful

A (7 bits) Host address (24 bits)

Class A: 128 networks x 16M hosts (50% of all address space)

0

B (14 bits) Host (16 bits) 10

Class B: 16K networks x 64K hosts (25%)

C (21 bits) Host (8 bits) 110

Class C: 2M networks x 254 hosts (12.5%)

0-127

128-191

192-223

9

Internet Challenges 1992

•  Address space depletion –  IPv4 address space is finite –  Historically, many wasteful allocations

•  Routing chaos –  Legacy routing structure, router overload –  CIDR & aggregation are now vital

•  Inequitable management –  Unstructured and wasteful address space distribution

10

14/04/16

6

•  Network boundaries may occur at any bit

Classless & Classful addressing

16K networks x 64K hosts

128 networks x 16M hosts A

B

2M networks x 256 hosts C

Obsolete •  inefficient •  depletion of B space •  too many routes from C space

Classful Classless Best Current

Practice

Addresses Prefix Classful Net Mask ... ... ... ... 8 /29 255.255.255.248

16 /28 255.255.255.240 32 /27 255.255.255.224 64 /26 255.255.255.192

128 /25 255.255.255.128 256 /24 1 C 255.255.255.0 ... ... ... ... 4096 /20 16 C’s 255.255.240.0 8192 /19 32 C’s 255.255.224

16384 32768 65536

/18 /17 /16

64 C’s 128 C’s

1 B

255.255.192 255.255.128 255.255.0.0

... ... ... ... *

Classful addressing

is dead!

11

Evolution of Internet Resource Management •  1993: Development of “CIDR”

–  addressed both technical problems RFC 1519

RFC 1518

RFC 1517

Address depletion à Through more accurate

assignment •  variable-length network

address

Routing table overload à Through address space

aggregation •  “ supernetting”

12

14/04/16

7

Evolution of Internet Resource Management •  Administrative problems remained

–  Increasing complexity of CIDR-based allocations –  Increasing awareness of conservation and aggregation –  Need for fairness and consistency

•  RFC 1366 (1992) –  Described the “growth of the Internet and its increasing

globalization” –  Additional complexity of address management –  Set out the basis for a regionally distributed Internet registry system

RFC 1366

13

Evolution of Address Policy

•  Establishment of RIRs –  Regional open processes –  Cooperative policy development –  Industry self-regulatory model

•  bottom up

AFRINIC APNIC ARIN LACNIC

AFRINIC community

APNIC community

ARIN community

LACNIC community

RIPENCC

RIPENCC community

14

14/04/16

8

World Internet Users Today

15

World Internet Penetration Today

16

14/04/16

9

Growth of the Global Routing Table

http://www.cidr-report.org/as2.0/

601719 prefixes As of 22 Mar 2016

2009: The GFC hits the Internet

2011: Address Exhaustion

2005: Broadband to the Masses

2001: The Great Internet Boom and Bust 1994: Introduction of CIDR

Projected growth of

routing table before CIDR CIDR

deployment

Dot-Com boom

Sustainable growth

17

Internet Protocols and Operations

18

14/04/16

10

How the Internet Works

CLIENTS Computers (PC, Mac) Mobile Devices (Phone, Tablets)

CONNECTION Physical connection (Wires, Cables) Network Devices (Switch, Routers) Wireless, fibre optics

CLIENT-SERVER MODEL

SERVER Content (Search, News) Mailserver (Gmail, Yahoo) FTP / fileserver DNS server Etc…

Network

19

How the Internet Works

Access Point

DSL INTERNET

Internet Service Provider

From: 192.168.100.10 To: 74.125.128.102

Justlikesendingasnailmail

1.  Physical connectivity 2.  Protocol (TCP/IP) 3.  IP Addressing (IPv4 or IPv6)

20

14/04/16

11

How the Internet works

•  Physical connectivity and reachability –  Cable, wireless, fiber, etc… –  Packet switching

•  Protocols – common communication and rules –  TCP/IP

•  Addressing – global accessibility –  IPv4, IPv6, ASN

21

What is a Protocol?

•  Set of rules that define the communications process

•  defines the structure or pattern for the data transferred –  functions or processes that need to be carried out in order to

implement the data exchange –  information required by processes in order for them to accomplish

this

•  All data is transmitted in the same way irrespective of what the data refers to, whether it is clear or encrypted.

22

14/04/16

12

The OSI Model

Access to the network

Manipulate data (Translate, encrypt)

Manage sessions (connections)

Provide reliable delivery

Internetwork - move packets fromsource to destinationConfigure data for direct delivery by physical layer

Physical delivery - electrical specs etc

Application

Presentation

Session

Transport

Network

Data Link

Physical

23

OSI and TCP/IP Model

Application

Presentation

Session

Transport

Network

Data Link

Physical

Application

Transport

Internet

Network Access

24

14/04/16

13

Transport

Data Link

Physical

Network

Upper Layer Data

Upper Layer Data TCP Header

Data IP Header

0101110101001000010

Data MAC Header

Presentation

Application

Session

Segment

Packet

Bits

Frame

PDU

FCS

Encapsulating Data

25

Upper Layer Data

IP + TCP + Upper Layer Data

MAC Header

TCP+ Upper Layer Data IP Header

Upper Layer Data

TCP Header

0101110101001000010

Transport

Data Link

Physical

Network

Presentation Application

Session

De-encapsulating Data

26

14/04/16

14

Internet Protocol (IP)

•  IP is an unreliable, connectionless delivery protocol –  A best-effort delivery service –  No error checking or tracking (no guarantees – Post Office) –  Every packet treated independently –  IP leaves higher level protocols to provide reliability services (if

needed)

•  IP provides three important definitions: –  basic unit of data transfer –  routing function –  rules about delivery

27

TCP/IP Protocol Structure

ICMP

UDP

SMTP FTP Telnet

IGMP

ARP RARP

DATA LINK

PHYSICAL

DNS ……… HTTP

TCP

IP

From Forouzan

28

14/04/16

15

Internet Routing

The Internet

Net

Net

Net

Net Net

Net Net

Net

Net

Net

Net

Global Routing Table

4.128/9 60.100/16 60.100.0/20 135.22/16 …

4.128/960.100/1660.100.0/20135.22/16…Global Routing Table4.128/960.100/1660.100.0/20135.22/16…Global Routing Table

4.128/960.100/1660.100.0/20135.22/16…Global Routing Table4.128/960.100/1660.100.0/20135.22/16…Global Routing Table

4.128/960.100/1660.100.0/20135.22/16…Global Routing Table4.128/960.100/1660.100.0/20135.22/16…Global Routing Table4.128/960.100/1660.100.0/20135.22/16…Global Routing Table4.128/960.100/1660.100.0/20135.22/16…Global Routing Table

4.128/960.100/1660.100.0/20135.22/16…Global Routing Table4.128/960.100/1660.100.0/20135.22/16…Global Routing Table4.128/960.100/1660.100.0/20135.22/16…Global Routing Table4.128/960.100/1660.100.0/20135.22/16…Global Routing Table4.128/960.100/1660.100.0/20135.22/16…Global Routing Table4.128/960.100/1660.100.0/20135.22/16…Global Routing Table

4.128/960.100/1660.100.0/20135.22/16…Global Routing Table4.128/960.100/1660.100.0/20135.22/16…Global Routing Table 4.128/960.100/1660.100.0/20135.22/16…Global Routing Table4.128/960.100/1660.100.0/20135.22/16…Global Routing Table

4.128/960.100/1660.100.0/20135.22/16…Global Routing Table4.128/960.100/1660.100.0/20135.22/16…Global Routing Table 4.128/960.100/1660.100.0/20135.22/16…Global Routing Table4.128/960.100/1660.100.0/20135.22/16…Global Routing Table

29

Internet Routing

The Internet

Traffic 202.12.29.0/24

Announce 202.12.29.0/24

Global Routing Table

4.128/9 60.100/16 60.100.0/20 135.22/16 …

Global Routing Table

4.128/9 60.100/16 60.100.0/20 135.22/16

202.12.29.0/24 …

202.12.29.0/24

30

14/04/16

16

Internet Routing

Local Routing Table

202.12.29.0/25 202.12.29.128/25

Traffic 202.12.29.142

202.12.29.0/24

31

What does a router do?

•  ?

32

14/04/16

17

A day in a life of a router

•  find path

•  forward packet, forward packet, forward packet, forward packet...

•  find alternate path

•  forward packet, forward packet, forward packet, forward packet…

•  repeat until powered off

33

Routing versus Forwarding

Routing = building maps and giving directions

Forwarding = moving packets between interfaces according to the “directions”

34

14/04/16

18

IP Routing – finding the path

•  Path derived from information received from a routing protocol

•  Several alternative paths may exist –  best path stored in forwarding table

•  Decisions are updated periodically or as topology changes (event driven)

•  Decisions are based on: –  topology, policies and metrics (hop count, filtering, delay, bandwidth,

etc.)

35

Metric field

•  To determine which path to use if there are multiple paths to the remote network

•  Provide the value to select the best path

•  But take note of the administrative distance selection process J

Routing Protocol Metric RIPv2 Hop count EIGRP Bandwidth, delay, load, reliability,

MTU OSPF Cost (the higher the bandwidth

indicates a lower cost) IS-IS Cost

36

14/04/16

19

IP route lookup

•  Based on destination IP address

•  “longest match” routing –  More specific prefix preferred over less specific prefix –  Example: packet with destination of 10.1.1.1/32 is sent to the router

announcing 10.1/16 rather than the router announcing 10/8.

37

IP route lookup

•  Based on destination IP address

10/8 announced from here

10.1/16 announced from here

Packet: Destination IP address: 10.1.1.1

10/8 → R3 10.1/16 → R4 20/8 → R5 30/8 → R6 …..

R2’s IP routing table

R1 R2

R3

R4

38

14/04/16

20

IP route lookup: Longest match routing •  Based on destination IP address

R2’s IP routing table

10.1.1.1 && FF.0.0.0 vs. 10.0.0.0 && FF.0.0.0

Match! 10/8 → R3 10.1/16 → R4 20/8 → R5 30/8 → R6 …..

10/8 announced from here

10.1/16 announced from here

R1 R2

R3

R4

Packet: Destination IP address: 10.1.1.1

39

IP route lookup: Longest match routing •  Based on destination IP address

10.1.1.1 && FF.FF.0.0 vs. 10.1.0.0 && FF.FF.0.0

Match as well! 10/8 → R3 10.1/16 → R4 20/8 → R5 30/8 → R6 …..

R2’s IP routing table

10/8 announced from here

10.1/16 announced from here

R1 R2

R3

R4

Packet: Destination IP address: 10.1.1.1

40

14/04/16

21

IP route lookup: Longest match routing •  Based on destination IP address

10.1.1.1 && FF.0.0.0 vs. 20.0.0.0 && FF.0.0.0

Does not match!

10/8 → R3 10.1/16 → R4 20/8 → R5 30/8 → R6 …..

R2’s IP routing table

10/8 announced from here

10.1/16 announced from here

R1 R2

R3

R4

Packet: Destination IP address: 10.1.1.1

41

IP route lookup: Longest match routing •  Based on destination IP address

10.1.1.1 && FF.0.0.0 vs. 30.0.0.0 && FF.0.0.0

Does not match!

10/8 → R3 10.1/16 → R4 20/8 → R5 30/8 → R6 …..

R2’s IP routing table

10/8 announced from here

10.1/16 announced from here

R1 R2

R3

R4

Packet: Destination IP address: 10.1.1.1

42

14/04/16

22

IP route lookup: Longest match routing •  Based on destination IP address

10/8 → R3 10.1/16 → R4 20/8 → R5 30/8 → R6 …..

R2’s IP routing table

Longest match, 16 bit netmask

10/8 announced from here

10.1/16 announced from here

R1 R2

R3

R4

Packet: Destination IP address: 10.1.1.1

43

RIBs and FIBs

•  FIB is the Forwarding Table –  It contains destinations and the interfaces to get to those destinations –  Used by the router to figure out where to send the packet –  Careful! Some people still call this a route!

•  RIB is the Routing Table –  It contains a list of all the destinations and the various next hops used

to get to those destinations – and lots of other information too! –  One destination can have lots of possible next-hops – only the best

next-hop goes into the FIB

44

14/04/16

23

Explicit versus Default Routing

•  Default: –  simple, cheap (cycles, memory, bandwidth) –  low granularity (metric games)

•  Explicit (default free zone) –  high overhead, complex, high cost, high granularity

•  Hybrid –  minimise overhead –  provide useful granularity –  requires some filtering knowledge

45

Routing Policy

•  Used to control traffic flow in and out of an ISP network

•  ISP makes decisions on what routing information to accept and discard from its neighbours –  Individual routes –  Routes originated by specific ASes –  Routes traversing specific ASes –  Routes belonging to other groupings

•  Groupings which you define as you see fit

46

14/04/16

24

Representation of Routing Policy

•  Routing and packet flows

AS 1 AS 2 routing flow

packet flow

packet flow

accepts

announces

announces

accepts

For AS1 and AS2 networks to communicate •  AS1 must announce to AS2 •  AS2 must accept from AS1 •  AS2 must announce to AS1 •  AS1 must accept from AS2

47

Representation of Routing Policy

AS 1 AS 2

aut-num: AS1 … import: from AS2

action pref=100; accept AS2

export: to AS2 announce AS1

aut-num: AS2 … import: from AS1

action pref=100; accept AS1

export: to AS1 announce AS2

Basic concept

“action pref” - the lower the value, the more preferred the route

48

14/04/16

25

Routing flow and Traffic flow

•  Traffic flow is always in the opposite direction of the flow of Routing information –  Filtering outgoing routing information inhibits traffic flow inbound –  Filtering inbound routing information inhibits traffic flow outbound

49

Routing Flow/Packet Flow: With multiple ASes

•  For net N1 in AS1 to send traffic to net N16 in AS16: –  AS16 must originate and announce N16 to AS8. –  AS8 must accept N16 from AS16. –  AS8 must forward announcement of N16 to AS1 or AS34. –  AS1 must accept N16 from AS8 or AS34.

•  For two-way packet flow, similar policies must exist for N1

AS 1

AS 8

AS 34

AS16

N16

N1

50

14/04/16

26

Routing Flow/Packet Flow: With multiple ASes

•  As multiple paths between sites are implemented it is easy to see how policies can become quite complex.

AS 1

AS 8

AS 34

AS16

N16

N1

51

Routing Protocols

•  Routers use “routing protocols” to exchange routing information with each other –  IGP is used to refer to the process running on routers inside an ISP’s

network –  EGP is used to refer to the process running between routers

bordering directly connected ISP networks

52

14/04/16

27

What is an IGP?

•  Interior Gateway Protocol

•  Within an Autonomous System

•  Carries information about internal infrastructure prefixes

•  Two widely used IGPs in service provider network: –  OSPF –  ISIS

53

Why Do We Need an IGP?

•  ISP backbone scaling –  Hierarchy –  Limiting scope of failure –  Only used for ISP’s infrastructure addresses, not customers or

anything else –  Design goal is to minimise number of prefixes in IGP to aid scalability

and rapid convergence

54

14/04/16

28

What is an EGP?

•  Exterior Gateway Protocol

•  Used to convey routing information between Autonomous Systems

•  De-coupled from the IGP

•  Current EGP is BGP

55

Why Do We Need an EGP?

•  Scaling to large network –  Hierarchy –  Limit scope of failure

•  Define Administrative Boundary

•  Policy –  Control reachability of prefixes –  Merge separate organisations –  Connect multiple IGPs

56

14/04/16

29

Administrative Distance

•  method used for selection of route priority of IP routing protocol, the lowest administrative distance is preferred –  Manually entered routes are preferred from dynamically learned

routes •  Static routes •  Default routes

–  Dynamically learned routes depend on the routing protocol metric calculation algorithm and default metrics values the smallest metric value are preferred

57

Administrative Distance Chart (Cisco)

Routed Sources Default Distance Connected interface 0 Static route out an interface 0 Static route to a next hop 1 External BGP 20 IGRP 100 OSPF 110 IS-IS 115 RIP v1, v2 120 EGP 140 Internal BGP 200 Unknown 255

58

14/04/16

30

IP Addressing Basics IPv4 and IPv6

59

Where do IP Addresses come from?

60

Standards

Allocation

Allocation

Assignment

End user

RIRs

LIR/ISP

14/04/16

31

IPv4 Addresses

•  32-bits long 232 or 4,294,967,296 possible addresses

•  written in dotted-decimal format 0.0.0.0 – 255.255.255.255

•  Some are used for public, and some for private networks –  Public IP addresses MUST be unique

11000000 10110000 00001111 00110010

192. 168. 15. 50

61

Examples

•  Change from binary notation to dotted-decimal format: 1.  10000001 00001011 00001011 11101111 2.  11000001 10000011 00011011 11111111 3.  11100111 11011011 10001011 01101111

•  Are these valid IPv4 addresses? 1.  203.176.111.25 2.  297.0.67.129 3.  4.100.5.231 4.  100.00.10110.1111

62

14/04/16

32

IP Addressing issues

•  Exhaustion of IPv4 addresses –  Wasted address space in traditional subnetting –  Limited availability of /8 subnets address

•  Internet routing table growth –  Size of the routing table due to higher number prefix announcement

•  Tremendous growth of the Internet –  Management issues –  Unstructured and wasteful distribution

63

IP Addressing Solutions

•  Subnet masking and summarization –  Variable-length subnet mask definition –  Hierarchical addressing –  Classless Inter-domain Routing (CIDR) –  Routes summarization (RFC 1518)

•  Private address usage (RFC 1918) –  Network address translation (NAT)

•  Development of IPv6 address

64

14/04/16

33

IPv4 Address Space

NRO Q4 2015

65

Variable Length Subnet Mask (VLSM)

•  Allows the ability to have more than one subnet mask within a network

•  Allows re-subnetting –  create sub-subnet network address

•  Increase the routes capability –  Addressing hierarchy –  Summarisation

66

14/04/16

34

Subnetting Example

•  Subnet 192.168.0.0/24 into smaller subnet –  Subnet mask with /27 and /30 (point-to-point)

192.168.1.0/24

192.168.0.32/27

192.168.0.64/27

192.168.0.96/27

192.168.0.1/30

192.168.0.5/30

192.168.0.9/30

192.168.2.0/24

192.168.0.0/16

67

Subnetting Example •  Subnet 192.168.0.0/24 into smaller subnet

–  Subnet mask with /30 (point-to-point)

Description Decimal Binary

Network Address

192.168.0.0/30 x.x.x.00000000

1st valid IP 192.168.0.1/30 x.x.x.00000001

2nd valid IP 192.168.0.2/30 x.x.x.00000010

Broadcast address

192.168.0.3/30 x.x.x.00000011

68

14/04/16

35

Subnetting Example •  Subnet 192.168.0.0/24 into smaller subnet

–  Subnet mask with /27

Description Decimal Binary

Network Address

192.168.0.32/27 x.x.x.00000000

Valid IP range 192.168.0.33 - 192.168.0.62

x.x.x.00000001

x.x.x.00000010

Broadcast address

192.168.0.63/30 x.x.x.00011111

69

Subnetting Example •  Subnet 192.168.0.0/24 into smaller subnet

–  Subnet mask with /27

Description Decimal VLSM Host Host range

1st subnet 192.168.0.0/27 x.x.x.000

00000

0-31

2nd subnet 192.168.0.32/27 x.x.x.001 31-63

3rd subnet 192.168.0.64/27 x.x.x.010 64-95

4th subnet 192.168.0.96/27 x.x.x.011 96-127

n = 5 (n is the remaining subnet bits ) 2n – 2 = 30 host per subnet

70

14/04/16

36

Subnetting Example

1.  You have an IP range of 192.168.5.0/24. You need 20 subnets with 5 hosts per subnet. Find the host addresses for each subnet.

a)  _________________ b)  _________________ c)  _________________

71

Subnetting Example

2.  Given the IP address 172.16.10.22 with netmask 255.255.255.240

a)  What is the subnet IP range? b)  What is the broadcast IP address? c)  Find all valid IP addresses for this range

72

14/04/16

37

Addressing Hierarchy

Core 192.168.32.0/19

Network Number 192.168.0.0/16

Distribution/Core 192.168.32.0/21

Access/Distribution 192.168.48.0/21

Upstream A

IXP A

IXP B

Upstream B

POP POP

Core

Border

Distribution

Access Access

73

Prefix routing / CIDR

•  Prefix routing commonly known as classless inter domain routing (CIDR) –  It allows prefix routing and summarisation with the routing tables of

the Internet

•  RFCs that talks about CIDR –  RFC 1517 Applicability statement for the implementation of CIDR –  RFC 1518 Architecture for IP address allocation with CIDR –  RFC 1519 CIDR : an address assignment and aggregation strategy –  RFC 1520 Exchanging routing information access provider

boundaries in a CIDR environment

74

14/04/16

38

CIDR solution advantage

•  CIDR offers the advantage of reducing the routing table size of the network by summarising the ISP announcement in a single /22 advertisement

75

192.168.3.0/24

192.168.0.0/24

192.168.1.0/24 192.168.0.0/22

192.168.0.0/24

192.168.1.0/24

192.168.3.0/24

192.168.2.0/24 Internet

A

B

C

D

192.168.2.0/24

Summarisation example

76

192.168.64.0/20

192.168.128.0/20

192.168.0.0/24 192.168.0.0/16

192.168.128.0/20

192.168.0.0/23

192.168.64.0/20

192.168.1.0/24 Internet

A

B

C

D Router C summarizes its networks (2 x/24) before announcing to its neighbors (routers B and D) Router A combines the networks received from B, C, D and announce it as single /16 routing to Internet

14/04/16

39

Route summarisation •  Subnet 192.168.0.0/24 and 192.168.1.0/24 combining

then to become a bigger block of address “/23”

Network Subnet Mask Binary

192.168.0.0 255.255.255.0 x.x.00000000.x

192.168.1.0 255.255.255.0 x.x.00000001.x

Summary 192.168.0.0/23 x.x.00000000.x

192.168.0.0 255.255.254.0 x.x.00000000.x

77

Route Summarisation

•  Allows the presentation of a series of networks in a single summary address.

•  Advantages: –  Faster convergence –  Reducing the size of the routing table –  Simplification –  Hiding Network Changes –  Isolate topology changes

78

14/04/16

40

IPv6 Addressing

•  An IPv6 address is 128 bits long

•  So the number of addresses are 2^128 = 340282366920938463463374607431768211455

•  In hex, 4 bits (also called a ‘nibble’) is represented by a hex digit

•  So 128 bits is reduced down to 32 hex digits

2001:0DB8:D35D:B33F::/64

2001:DC0:A910::

1010 1001 0001 0000

nibbles

79

IPv6 Address Representation

•  Hexadecimal values of eight 16 bit fields –  X:X:X:X:X:X:X:X (X=16 bit number, ex: A2FE) –  16 bit number is converted to a 4 digit hexadecimal number

•  Example: –  FE80:DCE3:124C:C1A2:BA03:6735:EF1C:683D

•  Abbreviated form of address 2001:0DB8:0000:0000:0000:036E:1250:2B00 →2001:DB8:0:0:0:36E:1250:2B00 →2001:DB8::36E:1250:2B00 ( :: can only be used once)

Groups of zeroes

Leading zeroes

Double colons

80

14/04/16

41

IPv6 Address Representation (2)

•  Double colons (::) representation –  RFC5952 recommends that the rightmost set of :0: be replaced

with :: for consistency •  2001:db8:0:2f::5 rather than 2001:db8::2f:0:0:0:5

•  In a URL, it is enclosed in brackets (RFC3986) –  http://[2001:db8:4f3a::206:ae14]:8080/index.html –  Cumbersome for users, mostly for diagnostic purposes –  Use fully qualified domain names (FQDN)

•  Prefix Representation –  Representation of prefix is just like IPv4 CIDR –  In this representation, you attach the prefix length –  IPv6 address is represented as:

•  2001:db8:12::/40

81

IPv6 addressing structure

1 128

ISP /32

32

128 bits

Customer Site /48

16

End Site Subnet /64

16 64

Device 128 Bit Address

Interface ID 65

Network Prefix 64

82

14/04/16

42

Local Addresses With Network Prefix

•  Link Local Address –  A special address used to communicate within the local link of an

interface (i.e. anyone on the link as host or router) –  The address in the packet destination would never pass through a

router (local scope) –  Mandatory address - automatically assigned as soon as IPv6 is

enabled –  FE80::/10

83

Local Addresses With Network Prefix

•  Unique Local IPv6 Unicast Address –  Addresses similar to the RFC 1918 (private address) in IPv4 –  Ensures uniqueness –  A part of the prefix (40 bits) are generated using a pseudo-random

algorithm and it's improbable that two generated ones are equal –  FC00::/7 –  Example webtools to generate ULA prefix

•  http://www.sixxs.net/tools/grh/ula/

RFC 4193

84

14/04/16

43

Global Addresses With Network Prefix

•  IPv6 Global Unicast Address –  Global Unicast Range: 0010 2000::/3

0011 3FFF:FFF:…:FFFF/3 –  All five RIRs are given a /12 from the /3 to further distribute within the

RIR region APNIC 2400:0000::/12 ARIN 2600:0000::/12 AfriNIC 2C00:0000::/12 LACNIC 2800:0000::/12 Ripe NCC 2A00:0000::/12

85

IPv6 Address Space

86

14/04/16

44

IPv6 Address Space

IPv6 Prefix Allocation RFC 0000::/8 Reserved by IETF RFC 4291 2000::/3 Global Unicast RFC 4291 FC00::/7 Unique Local Address RFC 4193 FE80::/10 Link Local Unicast RFC 4291 FEC0::/10 Reserved by IETF RFC 3879 FF00::/8 Multicast RFC 4291 2002::/16 6to4 RFC3056

http://www.iana.org/assignments/ipv6-address-space/ipv6-address-space.xml

87

Interface ID

•  The lowest-order 64-bit field addresses

•  May be assigned in several different ways: –  auto-configured from a 48-bit MAC address expanded into a 64-bit

EUI-64 –  assigned via DHCP –  manually configured –  auto-generated pseudo-random number –  possibly other methods in the future

88

14/04/16

45

Subnetting (Example)

•  Provider A has been allocated an IPv6 block

2001:DB8::/32 •  Provider A will delegate /48 blocks to its customers

•  Find the blocks provided to the first 4 customers

89

Subnetting (Example)

2001:0DB8::/32

2001:0DB8:0000::/48

Original block:

Rewrite as a /48 block: This is your network prefix!

How many /48 blocks are there in a /32?

/32/48

=2128−32

2128−48=296

280= 216

Find only the first 4 /48 blocks…

90

14/04/16

46

Subnetting (Example)

2001:0DB8:0000::/48 In bits

0000 0000 0000 0000 2001:0DB8: ::/48

0000 0000 0000 0001 2001:0DB8: ::/48

0000 0000 0000 0010 2001:0DB8: ::/48

0000 0000 0000 0011 2001:0DB8: ::/48

Start by manipulating the LSB of your network prefix – write in BITS

2001:0DB8:0000::/48

2001:0DB8:0001::/48

2001:0DB8:0002::/48

2001:0DB8:0003::/48

Then write back into hex digits

91

Exercise 1.1: IPv6 subnetting

1.  Identify the first four /36 address blocks out of 2406:6400::/32

1.  _____________________ 2.  _____________________ 3.  _____________________ 4.  _____________________

92

14/04/16

47

Exercise 1.2: IPv6 subnetting

1.  Identify the first four /35 address blocks out of 2406:6400::/32

1.  _____________________ 2.  _____________________ 3.  _____________________ 4.  _____________________

93

IP Address Management

94

14/04/16

48

Internet Registry Structure

95

•  Asia-Pacific Network Information Centre •  One of five Regional Internet Registry (RIRs) charged with

ensuring the fair distribution and responsible management of IP addresses and related resources

•  A membership-based, not-for-profit organization

•  Industry self-regulatory body –  Open –  Consensus-based –  Transparent

96

14/04/16

49

Where is the APNIC Region?

97

Resource distribution- IP addresses- AS numbers

Registration services- reverse DNS- Internet routing

registry- resource certification- whois registry

98

What does APNIC do? APNIC services Members

14/04/16

50

Policy development

Capacity building- training- workshops- conferences- fellowships- grants

Infrastructure- root servers- IXPs- engineering

assistance

99

What does APNIC do? APNIC supports the Asia Pacific region

100

Original research

Data collection and measurements

Publications

Local/regional/global events

Government outreach

Intergovernmental & technical organizations collaboration

Internet security

What does APNIC do? APNIC collaborates with the Internet community

14/04/16

51

APNIC in the Internet Ecosystem

101

Industryassociations

NGOs

Nameregistries

Access

Standardsbodies

Governments/Regulators

At-largecommunities

INTERNETUSERS

Applications

ContentENABLERS

PROVIDERSOperator

groups

Numberregistries

APNIC is one of five RIRs

ASIA PACIFIC REGION

Support

APNIC MEM

BERS

INTE

RNET

COM

MUNITY

Service

Colla

bora

tio

n

Resource distribution- IP addresses- AS numbers

Registration services- reverse DNS- Internet routing

registry- resource certification- whois registry Policy development

Capacity building- training- workshops- conferences- fellowships- grants

Infrastructure- root servers- IXPs- engineering

assistance

Original research

Data collection and measurements

Publications

Local/regional/global events

Government outreach

Intergovernmental & technical organizations collaboration

Internet security

APNIC from a Global Perspective

102

14/04/16

52

APNIC in the Asia Pacific

103

ISOC chapters

Global Policy Coordination

The NRO is a coordinating body for the five regional Internet registries (RIRs)

www.nro.net

104

14/04/16

53

Global Policy Coordination

The purpose of the Address Supporting Organization (ASO) is to review and develop recommendations on Internet Protocol (IP) address policy

and to advise the ICANN Board.

ASOICANN Address Supporting Organization

https://aso.icann.org/

105

IRM Objectives

106

- Efficient use of resources- Based on demonstrated need

Conservation

- Limit routing table growth- Support provider-based routing

Aggregation

- Ensure uniqueness- Facilitate trouble shooting

Registration

Uniqueness, fairness and consistency

14/04/16

54

How IP Addresses are Delegated

107

Member (LIR)

LIR customer

Regi

stry

Rea

lm

Ope

rato

rs R

ealm

Customer / End User

delegates to customers

delegates to APNIC member

Member Allocation

/26 /27 /25

Customer Assignments

Sub Allocation

/26 /27

APNIC Allocation

/8

/24

APNIC

Customer Assignments

ISPAllocation

Customer Assignments

ISP

Portable and Non-Portable

•  Portable Address –  Provider-Independent (PI) –  Assigned by RIR to end-user –  Keeps addresses when changing

ISP –  Increases the size of routing tables

•  Non-portable Address –  Provider-aggregatable (PA) –  End-user gets address space from

LIR –  Must renumber if changing

upstream provider –  Can be aggregated for improved

routing efficiency

108

14/04/16

55

IPv6 Address Management Hierarchy

109

Describes “portability” of the address space

/12 APNIC Allocation

Portable

Portable

/48 Assignment /48 - /64 Assignment

APNIC Allocation

/48 - /64Assignment

Non-Portable Non-Portable

/40

/32 Member Allocation

Non-Portable

/12

Sub-allocation

Aggregation and Portability

110

Aggregation No Aggregation

(non-portable assignments)

(4 routes) (21 routes)

(portable assignments)

INTERNET INTERNET

ISP A ISP B ISP B

ISP C ISP D

ISP A

ISP C ISP D

14/04/16

56

Policy Development

•  Creating a policy environment that supports the region’s Internet development

•  Developed by the membership and broader Internet community

111

You are part of the APNIC community!

112

APNIC Internet Community

Global Internet Community

Open forum in the Asia Pacific

APNICMembers

A voice in regional Internet operations through participation in APNIC

IETF Individuals

NationalNOG

RegionalNOGAPAN

ISOC

ISPAssociations

14/04/16

57

Policy Development Process

113

All decisions & policies documented & freely available to anyone

Internet community proposes and approves policy

Open

Transparent Bottom up

Anyone can participate

B

efore

meeting

Authorproposes policyor amendment

Communitydiscusses

proposal on SIG mailing list

Policy Development Process Before the meeting

•  Submit proposed policy to the APNIC Secretariat

•  SIG Chair posts the proposal to mailing list

•  Community discusses proposal

114

14/04/16

58

Policy Development Process

B

efore

meeting

Authorproposes policyor amendment

Communitydiscusses

proposal on SIG mailing list

Befo

re

meeting

Authorproposes policyor amendment

Communitydiscusses

proposal on SIG mailing list

During meeting

Communitydiscusses proposalface to face in SIG

SIG Chairgauges consensus

During the meeting

•  Proposed policies are presented at the Open Policy Meeting (OPM)

•  Community comments on the proposal

•  If it reaches consensus, SIG Chair reports the decision at the APNIC Member Meeting (AMM)

115

Policy Development Process After the meeting

•  Within a week, proposal is sent back to mailing list

•  A comment period between 4-8 weeks is given

•  If it reaches consensus, SIG Chair asks the Executive Council (EC) to endorse the proposal

•  APNIC EC endorses proposal

•  APNIC Secretariat implements the policy (minimum of 3 months)

During meeting

Bef

ore

meeting

Authorproposes policyor amendment

Communitydiscusses

proposal on SIG mailing list Community

discusses proposalface to face in SIG

During meetingBe

fore

meeting

Authorproposes policyor amendment

Communitydiscusses

proposal on SIGmailing list Community

discusses proposalface to face in SIG

After meeting

SIG Chairgauges consensus

Communityhas chance to raiseany final objections

during final call

SIG Chairconfirms

consensus

Executive Council(EC) endorses

policy

Secretariatimplements

policy

116

14/04/16

59

DNS and Reverse DNS

117

Domain Name System

•  A lookup mechanism for translating objects into other objects –  Mapping names to numbers and vice versa

•  A globally distributed, loosely coherent, scalable, reliable, dynamic database

•  Comprised of three components –  A “name space” –  Servers making that name space available –  Resolvers (clients) query the servers about the name space

•  A critical piece of the Internet infrastructure

118

14/04/16

60

IP Addresses vs Domain Names

The Internet

2001:0C00:8888:: My Computer www.apnic.net 2001:0400::

www.apnic.net 202.112.0.46 2001:0400::

DNS

119

DNS Features

•  Global distribution –  Shares the load and administration

•  Loose Coherency –  Geographically distributed, but still coherent

•  Scalability –  can add DNS servers without affecting the entire DNS

•  Reliability

•  Dynamicity –  Modify and update data dynamically

120

14/04/16

61

DNS Features

•  DNS is a client-server application

•  Requests and responses are normally sent in UDP packets, port 53

•  Occasionally uses TCP, port 53 –  for very large requests, e.g. zone transfer from master to slave

121

Root .

.org .net .com .au

.edu.au

example.edu.au

.gov

.jp

.tv

.in x.y.z.a

www.example.edu.au

a.b.c.d

e.f.g.h

i.j.k.l

m.n.o.p w.x.y.z.

p.q.r.s

“Ask a.b.c.d” “Ask e.f.g.h”

“Ask i.j.k.l”

“Go to m.n.o.p”

local dns

www.example.edu.au? “go to m.n.o.p”

www.example.edu.au?

www.example.edu.au?

www.example.edu.au?

www.example.edu.au?

Querying the DNS – It’s all about IP!

122

14/04/16

62

The DNS Tree Hierarchy Root .

net jp org com arpa au

whois

edu

bnu

iana

www www

…

www wasabi

ws1 ws2

edu com net

abc

www

apnic gu

www

FQDN = Fully Qualified Domain Name

123

Domains

•  Domains are “namespaces”

•  Everything below .com is in the com domain

•  Everything below apnic.net is in the apnic.net domain and in the net domain

124

14/04/16

63

NET Domain

APNIC.NET Domain

AU Domain

www.def.edu.au?

Root .

net org com arpa au

whois

iana

www www wasabi

ws1 ws2

edu com net

abc

www

apnic

def

www

Domains

125

Delegation

•  Administrators can create subdomains to group hosts –  According to geography, organizational affiliation or any other

criterion

•  An administrator of a domain can delegate responsibility for managing a subdomain to someone else –  But this isn’t required

•  The parent domain retains links to the delegated subdomain –  The parent domain “remembers” to whom the subdomain is

delegated

126

14/04/16

64

Zones and Delegations

•  Zones are “administrative spaces”

•  Zone administrators are responsible for a portion of a domain’s name space

•  Authority is delegated from parent to child

127

NET Domain

APNIC.NET Domain

NET Zone

TRAINING.APNIC.NET Zone APNIC.NET Zone doesn’t include TRAINING.APNIC.NET since it has been “delegated”

APNIC.NET Zone

Root .

net org com arpa

whois

iana

www www training

ns1 ns2

apnic

Zones

128

14/04/16

65

Name Servers

•  Name servers answer ‘DNS’ questions

•  Several types of name servers –  Authoritative servers

•  master (primary) •  slave (secondary)

–  Caching or recursive servers •  also caching forwarders

•  Mixture of functions

Primary

Secondary

129

Root Servers

•  The top of the DNS hierarchy

•  There are 13 root name servers operated around the world –  [a-m].root-servers.net

•  There are more than 13 physical root name servers –  Each rootserver has an instance deployed via anycast

130

14/04/16

66

Root Servers

131

http://root-servers.org/

Root Server Deployment at APNIC

•  Started in 2002, APNIC is committed to establish new root server sites in the AP region

•  APNIC assists in the deployment providing technical support.

•  Deployments of F, K and I-root servers in –  Singapore, Hong Kong, China, Korea, Thailand, Malaysia, Indonesia,

Philippines, Fiji, Pakistan, Bangladesh, Taiwan, Cambodia, Bhutan, and Mongolia

132

14/04/16

67

What is Reverse DNS?

•  Forward DNS maps names to numbers

server.apnic.net è203.0.113.1

•  Reverse DNS maps numbers to names 203.0.113.1 è server.apnic.net

133

Uses of Reverse DNS

•  Service denial –  That only allow access when fully reverse delegated eg. anonymous

ftp

•  Diagnostics –  Assisting in network troubleshooting (ex: traceroute)

•  Spam identifications –  Reverse lookup to confirm the source of the email –  Failed lookup adds to an email’s spam score

134

14/04/16

68

Reverse DNS Tree

135

Mapping numbers to names - ‘reverse DNS’

22.64.202.in-addr.arpa.

apnic

whois www wwwtraining

ws1 ws2

202

64

22

203 204 210

iana in-addr

ROOT

net org com arpa

Reverse DNS Tree – with IPv6

136

apnic

202

64

22

203

ip6

IPv6 addresses

iana in-addr

ROOT

net org com arpa int

RFC3152

14/04/16

69

Managing Reverse DNS

•  APNIC manages reverse delegation for both IPv4 and IPv6

•  Before you register your domain objects, you need to ensure that your reverse zones have been configured and loaded in your name servers

•  APNIC does not host your name servers or configure your reverse zone files

•  APNIC only delegates the authority of your reverse zones to the name servers you provide through your domain objects

137

www.apnic.net/dns

Reverse Delegation for IPv4 •  Reverse delegation for IPv4 is based on octet boundaries

•  /24 Delegations –  Address blocks should be delegated –  At least one name server

•  /16 Delegations –  Same as /24 delegations –  APNIC delegates entire zone to member

•  < /24 Delegations –  Read “classless in-addr.arpa delegation” –  Not supported

138

RFC2317

14/04/16

70

Reverse Delegation for IPv6

•  Reverse delegation for IPv4 is based on nibble boundaries

•  /32 delegation –  One domain object

•  /48 delegation –  One domain object

•  /35 delegation –  Divide into two /36 (closest 4-bit boundary) –  Two separate domain objects

139

APNIC & LIR Responsibilities

•  APNIC –  Manage reverse delegations of address block distributed by APNIC –  Process organisations requests for reverse delegations of network

allocations

•  Organisations / LIR –  Be familiar with APNIC procedures –  Ensure that addresses are reverse-mapped –  Maintain nameserver(s) for allocations –  Keep accurate records in the database –  Keep reverse DNS current with the Whois DB

140

14/04/16

71

Reverse Delegation Procedures

•  Domain objects can be updated through MyAPNIC

•  Nameserver/domain must be configured before domain objects are created

141

http://apnic.net/create-domain

142

14/04/16

72

www.facebook.com/APNIC

www.twitter.com/apnic

www.youtube.com/apnicmultimedia

www.flickr.com/apnic

www.weibo.com/APNICrir

143

144 144

Thank You!END OF SESSION