IPv4 transfer presentation, SGNOG4
โขDownload as PPTX, PDFโข
0 likesโข1,795 views
This document discusses IPv4 transfers and the Resource Public Key Infrastructure (RPKI). It provides information on who can transfer IPv4 addresses between APNIC members and other RIRs, and shows statistics on IPv4 transfers from Singapore. It describes what RPKI is and how it helps secure internet routing by validating routes. It provides instructions on how to create Route Origin Authorization (ROA) objects in MyAPNIC to participate in RPKI and the benefits of maintaining ROAs. Statistics on ROA adoption in several Asian countries are also presented, along with an example of a successful ROA deployment campaign in Bangladesh.
Recommended
More Related Content
What's hot
What's hot (20)
Viewers also liked
Viewers also liked (12)
Similar to IPv4 transfer presentation, SGNOG4
Similar to IPv4 transfer presentation, SGNOG4 (20)
More from APNIC
More from APNIC (20)
Recently uploaded
Recently uploaded (20)
IPv4 transfer presentation, SGNOG4
- 1. Issue Date: Revision: Anna Mulingbayan SGNOG 4 18 Aug 2015 IPv4 transfers
- 2. Who can do the transfer? 2 โข Transfer of IPv4 between you and โ Other APNIC Members โ Members from other RIRโs eg. ARIN โข Transfer between APNIC Members - So far SG has a total of 43 transfers - Transfer logs http://ftp.apnic.net/transfers/apnic/ โข Transfer between APNIC and RIR โ Transfer from RIR Member to APNIC Member, or vice versa โ Source account to initiate transfer request โ Registry of the recipient account to evaluate transfer request โ More information on: www.apnic.net/transfer
- 3. How many transfers are we doing? 3 0 20 40 60 80 100 120 140 160 180 2010 2011 2012 2013 2014 2015 SG 0 0 2 13 20 8 APNIC total 2 35 83 98 165 88
- 4. How to do the transfer in MyAPNIC? (source account) 4
- 7. Tips 7 โข Pre-approval โ allows you to demonstrate your need for the IPv4 block in advance โ process is faster as the evaluation is done beforehand โ complete the โTransfer pre-approvalโ form via MyAPNIC โ more information at http://www.apnic.net/pre-approval โข IPv4 Transfer listing service โ list Members who have received pre-approval on APNIC website to allow others with excess IPv4 to contact you โ More information at http://www.apnic.net/pre-approval-listing โข APNIC Transfers Mailing List โ facilitate discussion on topics related to IPv4 transfer โ to subscribe please go to www.apnic.net/mailing-lists
- 9. Why use RPKI? 9 โข Prevent route hijacking โ Only the rightful custodian can originate the prefix announcement โ ISPs filter prefixes they propagate โข Minimize common routing errors โ Limits human errors โ Prioritize routes with certificates
- 10. What is RPKI? Resource Public Key Infrastructure(RPKI) โข A robust security framework for verifying the association between resource holders and their Internet resources โข Uses x.509 certificates with RFC3779 extensions โข Collaborative effort by all RIRs to help secure Internet routing by validating routes 10
- 11. How to use RPKI? 11 โข Create Route Origin Authorization (ROA) objects โข Whatโs contained in a ROA โ The AS number you have authorized โ The prefix that is being originated from it โ The most specific prefix (maximum length) that the AS may announce For example: โAS64496 originates a route for the prefix 2001:DB8::/32 with a maximum prefix length of /40)โ
- 12. Creating ROA in MyAPNIC 12 โข What you need to have before creating a ROA โ Must be an APNIC Member โ Have access to MyAPNIC with 2 factor authentication โข Takes only 5 minutes to create, and 10 minutes to be visible to the public
- 13. Creating your ROA (Using suggestions) 13
- 14. Creating your ROA (Manual) 14
- 15. Created your ROA, whatโs next? 15 โข Maintain your ROAs - Changed BGP announcement - New delegation - Transferred resources โข RPKI validator - https://trac.rpki.net/wiki/doc/RPKI - Valid - Invalid - Unknown
- 16. ROA in South East Asia 16 Economy Roa IPv4 total IPv4 Roa IPv4 % IPv6 total IPv6 roa IPv6 pctcount ID 1 17666560 65536 0.37096073 3204484864 0 0 MY 2 6490880 35840 0.55215933 7 1476404224 0 0 PH 18 5352704 185088 3.45784112 1 872419840 256 0.000029344 SG 14 5165568 78080 1.51154723 2315278848 67109376 2.898543994 * As at 5 Aug 2015
- 17. Success Story โข May 2015: APNIC Outreach in Bangladesh โ 13 organizations visited โ Onsite support to create ROA objects 17 561 valid prefixes (24%) http://rpki.surfnet.nl/bd.html
- 18. World Leaderboard (economy) 18 http://rpki.surfnet.nl/country.html As of June 10, 2015
- 19. Youโre Invited! โข APNIC 40: Jakarta, Indonesia from 3 - 10 Sept 2015 19
Editor's Notes
- So, has the transfer been happening? We have actually been completing more and more transfers over the past few years. Market transfers are happening in the APNIC region since 2010 and we completed 165 transfers just last year
- Source account submits request
- This is to allow you to justify your need before the transfer actually happens Why? Save time. Let other organizations with excess IPv4 to contact you to arrange a transfer. This will make the transfer faster when you are ready to complete the transfer as the evaluations are already completed Valid for 2 years before it expires
- Firstly, You have to be an APNIC member and received your resources from APNIC. Secondly, to access this Certificate Authorization service, you need to have access to MyAPNIC Finally, your Digital Certificate must be installed and active
- Before I conclude my presentation, I would like to invite all of you to attend APNIC next conference, APNIC 40 that will be held Jakarta, Indonesia. The registration is now open.
- If you have any feedback on my presentation please come see me. Let me know what you want to see/know in future presentations. If I havenโt seen you about creating ROAโs yet, I will be here the next few days. Please come say hello