APNIC services and Policy Development Process | IDNOG 5
1. APNIC Services and Policy
Development Process
IDNOG – Jakarta – 26 July 2018
Wita Laksono
Senior Internet Resources Analyst – APNIC
2. Summary of 2014-2016 Services Roadmap
• 2014: Instant feedback system, MyAPNIC access and
authentication, whois contact update, membership
payment process, more training courses
• 2015: Improvement on the management of:
membership account contact, whois records,
reverse dns, route object and ROA; improvement
on MyAPNIC access, new training lab and courses
• 2016: Resource transfer management, Restyling of
MyAPNIC and video guide, Technical Assistance
Service program
3. 2017 Services Roadmap
• New whois object ‘Organization’
• New contact update features
• RPKI repository sync upgrade
• ROA management features integration
• Resource certification for access for historical resources
• APNIC website improvements
• MyAPNIC access improvement
• Training service improvements
• APNIC API
• Extend pre-approval expiry
6. 2017 – 2018 Project
• 0/0 - single trust anchor
• Whois server upgrade
• Organisation objects
• Whowas frontend improvements
• RDAP server improvements
• Delta protocol deployment
• Publication protocol deployment
• BCRYPT-PW in Whois
• SSO
7. 2017 – 2018 Project
0/0 - single trust anchor
• In February 2018, APNIC completed the process of transitioning from its
previous Resource Public Key Infrastructure (RPKI) trust anchor
arrangement to a new single trust anchor configuration which was
agreed among the RIRs and announced by the NRO.
• In this new configuration, each RIR will publish an 'all resources' global
trust anchor, under which its own regional resources (IP addresses and
ASNs) will be certified.
Whois server upgrade
• From unsupported C codebase to new Java codebase
• Transparent externally, but helpful internally, from a stability and
maintenance perspective
8. 2017 – 2018 Project
Organisation objects
Searches for resource holdings by the same organization will be possible
and quick through whois search
Whowas frontend improvements
https://www.apnic.net/static/whowas-ui/
RDAP server improvements
• A standalone RDAP server that is much more performant than
previously
• Also usable by other RIPE database users, e.g. IDNIC
9. 2017 – 2018 Project
Delta protocol deployment
For RPKI. A much faster approach to synchronizing repository state, so
that local RPKI repositories stay up to date more easily
Publication protocol deployment
For RPKI. Allows self-hosted engine operators to publish objects to
APNIC, rather than having to run their own rsync server
BCRYPT-PW in Whois
A better hashing algorithm. Preliminary to updating all members to use it
10. 2017 – 2018 Project
SSO (Single Sign-on)
• Releasing to public beta within the next couple of weeks.
• MyAPNIC, Confer, blog, academy, etc. in the beginning, with other projects
following after that
Other Ongoing Project:
• Routing Information Tools to help network operators detect and troubleshoot
network reachability issues.
• Network Security Tools to help network operators assess, mitigate and fix
malware infections in their network.
More information about APNIC Services Roadmap:
https://www.apnic.net/manage-ip/apnic-services/services-roadmap/
11. Resources
https://www.apnic.net
• /ipv6 – Information about IPv6 and deployment case studies
• /security – Learn more about APNIC security related works
• /training – Training curriculum and schedule
• /policy – Latest policy documents on Internet numbers (ASN & IP address)
• /blog – Lots of useful articles for network operators
• /vizas – AS interconnections visible on the global routing table (by economy)
• /helpdesk – We’re here to help!
12. APNIC Policy Development Process
Why do we need policies?
• Fairness
Policies should apply equitably to all Members and should ensure resources are
distributed fairly and consistently.
• Registration
All delegations made from us must be registered in the APNIC Whois Database.
• Uniqueness
Every assignment and allocation of address space must be globally unique.
• Conservation
To maximize the lifetime of the available resource, address space must be distributed
according to actual need and for immediate use.
• Aggregation
Address space should be distributed in a hierarchical manner, according to the
topology of network infrastructure.
13. Policies can change the Internet
13
• Ensured each RIR fairly received a final /8
of IPv4 address space
• Ensured IPv4 addresses are still available
for new businesses and networks
• Removed barriers to innovation and
competition
• Ensured emerging economies did not
miss out on IPv4 addresses
• Enabled transfers of addresses between
organizations and regions
• Created fair rules for the distribution of
IPv6
Address policies
created by people like
you have…