This document discusses IPv4 transfers and the Resource Public Key Infrastructure (RPKI). It provides information on who can transfer IPv4 addresses between APNIC members and other RIRs, and shows statistics on IPv4 transfers from Singapore. It describes what RPKI is and how it helps secure internet routing by validating routes. It provides instructions on how to create Route Origin Authorization (ROA) objects in MyAPNIC to participate in RPKI and the benefits of maintaining ROAs. Statistics on ROA adoption in several Asian countries are also presented, along with an example of a successful ROA deployment campaign in Bangladesh.
2. Who can do the transfer?
2
โข Transfer of IPv4 between you and
โ Other APNIC Members
โ Members from other RIRโs eg. ARIN
โข Transfer between APNIC Members
- So far SG has a total of 43 transfers
- Transfer logs http://ftp.apnic.net/transfers/apnic/
โข Transfer between APNIC and RIR
โ Transfer from RIR Member to APNIC Member, or vice versa
โ Source account to initiate transfer request
โ Registry of the recipient account to evaluate transfer request
โ More information on: www.apnic.net/transfer
3. How many transfers
are we doing?
3
0
20
40
60
80
100
120
140
160
180
2010 2011 2012 2013 2014 2015
SG 0 0 2 13 20 8
APNIC total 2 35 83 98 165 88
4. How to do the transfer in MyAPNIC?
(source account)
4
7. Tips
7
โข Pre-approval
โ allows you to demonstrate your need for the IPv4 block in advance
โ process is faster as the evaluation is done beforehand
โ complete the โTransfer pre-approvalโ form via MyAPNIC
โ more information at http://www.apnic.net/pre-approval
โข IPv4 Transfer listing service
โ list Members who have received pre-approval on APNIC website to
allow others with excess IPv4 to contact you
โ More information at http://www.apnic.net/pre-approval-listing
โข APNIC Transfers Mailing List
โ facilitate discussion on topics related to IPv4 transfer
โ to subscribe please go to www.apnic.net/mailing-lists
9. Why use RPKI?
9
โข Prevent route hijacking
โ Only the rightful custodian can originate the prefix announcement
โ ISPs filter prefixes they propagate
โข Minimize common routing errors
โ Limits human errors
โ Prioritize routes with certificates
10. What is RPKI?
Resource Public Key Infrastructure(RPKI)
โข A robust security framework for verifying the association
between resource holders and their Internet resources
โข Uses x.509 certificates with RFC3779 extensions
โข Collaborative effort by all RIRs to help secure Internet
routing by validating routes
10
11. How to use RPKI?
11
โข Create Route Origin Authorization (ROA) objects
โข Whatโs contained in a ROA
โ The AS number you have authorized
โ The prefix that is being originated from it
โ The most specific prefix (maximum length) that the AS may
announce
For example: โAS64496 originates a route for the
prefix 2001:DB8::/32 with a maximum prefix length
of /40)โ
12. Creating ROA in MyAPNIC
12
โข What you need to have before creating a ROA
โ Must be an APNIC Member
โ Have access to MyAPNIC with 2 factor authentication
โข Takes only 5 minutes to create, and 10 minutes to be
visible to the public
So, has the transfer been happening? We have actually been completing more and more transfers over the past few years.
Market transfers are happening in the APNIC region since 2010 and we completed 165 transfers just last year
Source account submits request
This is to allow you to justify your need before the transfer actually happens
Why? Save time. Let other organizations with excess IPv4 to contact you to arrange a transfer.
This will make the transfer faster when you are ready to complete the transfer as the evaluations are already completed
Valid for 2 years before it expires
Firstly, You have to be an APNIC member and received your resources from APNIC.
Secondly, to access this Certificate Authorization service, you need to have access to MyAPNIC
Finally, your Digital Certificate must be installed and active
Before I conclude my presentation, I would like to invite all of you to attend APNIC next conference, APNIC 40 that will be held Jakarta, Indonesia.
The registration is now open.
If you have any feedback on my presentation please come see me. Let me know what you want to see/know in future presentations. If I havenโt seen you about creating ROAโs yet, I will be here the next few days. Please come say hello