lir-course-020399
Download
Report
Transcript lir-course-020399
Welcome
to the first APNIC Training Course
Address Policies and
Administration
APRICOT ’99
2 March 1999, Singapore
1
Introduction
Presenters
• Paul Wilson – Director General
– [email protected]
• Anne Lord – Manager - Member Services
– [email protected]
• Paul Gampe – Technical Services Manager
– [email protected]
Please ask questions
2
Today’s schedule
•
Introduction to APNIC & Internet Registry system
• IR policies and the policy environment
• APNIC allocation & assignment procedures
– lunch break
•
Database procedures
• ISP operational issues
• End
•
short breaks between each section
3
Course background
• Why a training course?
•
to familiarise with policies
• to understand procedures
• to understand environment
• to improve communication
• to cover specialised subject matter
4
Introduction to APNIC
Asia Pacific Network Information
Centre
5
Overview
What is APNIC?
Internet Registry structure
Open membership
Self regulatory environment
Public discussion lists
Services
6
What is APNIC?
• Regional Internet Registry for the Asia Pacific
– one of three RIRs
• Not-for-profit, membership based
• Provides allocation and registration services
• Not operations forum
• Not standards development
7
Regional Registry areas
8
Regional Registry structure
IANA
AP Regional IR
APNIC
EU Regional IR
RIPE NCC
Americas Regional IR
ARIN
9
Definitions
Local Internet Registry (LIR)
• is an organisation that primarily assigns
address space to its customers
National Internet Registry (NIR)
• primarily allocates address space to its
members, which are generally ISP’s
organised at a national level
10
Registry hierarchy
IANA
Marina del Ray, CA, USA
Local IR
APNIC RIR
ARIN RIR
RIPE NCC RIR
Brisbane Australia
Reston, VA, USA
Amsterdam, The Netherlands
National IR
LIR
LIR
Local IR
ISP
ISP
ISP
Local IR
Local IR
ISP
11
APNIC organisation
APNIC Membership
(235 members)
Executive Council (EC)
(5 members)
Director General (DG)
Member Services
Manager
Tech Writer
Technical Services
Hostmaster
Administration Services
Manager
Manager
Jnr Sysadm
M’ship Officer
12
Membership
• Membership is open
• Benefits of membership
•
use of resource registration services
• use of resource allocation services
• free attendance and voting at meetings
• free attendance at training courses
• participation in policy development
• But membership does not mean automatic or
easier allocations of resources
13
Self regulatory environment
• Consensus model
• ‘Open’ door
meetings – all welcome
• mailing list discussions
•
• Policy making
•
membership debates policy
• membership vote on policy decisions
• Policy implementation
•
Secretariat implements policy
• membership implements policy
14
APNIC Activity plan
Membership provides input to APNIC activity plan
APNIC Secretariat proposes activity plan & budget
APNIC Executive Council and membership vote on the
activity plan
APNIC Secretariat implements activity plan
15
Mailing lists
• apnic-talk
– any item of discussion relevant to APNIC and its
members is welcome on the list eg. policies
• apnic-announce
– announcements of interest to the AP community
• ipv6-registry
– items relating to IPv6 allocation and assignment policies
• confederations
– items relating to the operation of confederations
•
subscribe via [email protected]
• archives at http://ftp.apnic.net/apnic/mailing-lists
16
APNIC core services
• Resource allocation
•
IP allocations
• approval of IP assignments
• AS number assignments
• Resource registration
•
APNIC database objects
– person, inetnum, AS number, domains etc
• DNS management
•
in-addr.arpa domains
17
APNIC support services
• DNS management
•
secondary for ccTLDs
• Representation
•
regional representation at Internet meetings
• Coordination
•
ARIN, RIPE NCC, IANA
• Information dissemination
•
APNIC meetings
• web and ftp site
• Training courses (from 1999)
18
APNIC Mailboxes
• Administration services
•
Employment applications
– [email protected]
•
Pre-membership
– [email protected]
•
Invoicing
– [email protected]
•
General enquiries
– [email protected]
19
APNIC mailboxes (cont’d)
• Member services
•
Resource requests
– [email protected]
•
Web site comments
– [email protected]
• Technical Services
•
Database
– [email protected]
– [email protected]
•
In-addr.arpa
– [email protected]
20
Internet Registry allocation
and assignment
Policies
21
Overview
Definitions
Policy documentation
Goals
Policy environment
Policies
Procedures
22
Definitions
Allocation
•
address space held by IRs for subsequent
distribution
Assignment
•
address space used in operational networks
including IR’s infrastructure (“self-assignment”)
23
Definitions (cont’d)
Classless
•
network boundaries no longer fixed at
‘A’, ‘B’, or ‘C’
Prefix
•
the number of contiguous bits of the IP address
used to define a network
– eg /19 is represented in binary as
11111111.11111111.11100000.00000000
– the more 1’s the ‘longer’ the prefix
– counted from left to right
24
Policy documentation
Policies for Address Space Management
in the Asia Pacific Region
•
http://www.apnic.net/policydraft.html
RFC 2050: Internet Registry Allocation
Guidelines
•
http://ftp.apnic.net/ietf/rfc/rfc2000/rfc2050.txt
25
Goals of public address
space management
• Uniqueness
•
public hosts must be uniquely identifiable by IP
address
• Registration
•
ensures uniqueness of address space
• ensures users of resources can be found
– public registry provided
• Aggregation
•
hierarchical and topological distribution
– limits growth of routable prefixes
26
Goals of public address
space management (cont’d)
• Conservation
•
addresses to be distributed on the basis of
demonstrated need
• Fairness
•
addresses to be distributed fairly
• policies to be applied equitably to all
• Conflict of goals acknowledged
•
aggregation vs conservation
• needs of individuals to be balanced with needs of
Internet community
27
Policy environment
• Routability not guaranteed
•
ISPs determine routability
• Unpredictable growth rates
•
IPv4 deployment levels unanticipated
• routing problems
• Collective responsibility
•
to develop policies to meet goals
• to make appropriate customer agreements
• to operate in good faith
28
Policy environment (cont’d)
• APNIC responsibility
•
to represent interests of members
• to represent interests in the region
• to ensure collective responsibilities are met
• Impartiality
•
APNIC to operate without bias
• Varying levels of expertise
•
technical challenge & lack of training
• staff turnover in IRs
• flexible policies to support IRs
29
Policy environment (cont’d)
• IP addresses not considered freehold
property
•
assignments & allocations on lease basis
• ‘ownership’ is contrary to goals
• Confidentiality & security
•
APNIC to operate in ways to protect trust
relationship
• non-disclosure agreement signed by staff
30
Policies
• Documentation
•
accurate, detailed and complete
• Registration
•
APNIC database updated to end user level
• responsibility to maintain in-addr.arpa
• must be kept up-to-date
• Processing of requests
•
dependent upon documentation & registration
policies
• no ‘special treatment’
31
Policies (cont’d)
• Stockpiling not permitted
•
declare all address space held
• obtain address space from one source
– routing considerations apply
• Aggregation promoted
•
renumbering encouraged
• ‘no questions asked’ policy
32
Policies (cont’d)
• ‘Slow start’ mechanism for new allocations
•
minimum practical allocation (/19)
• practice agreed by Internet and registry
communities
• Subsequent allocations
•
compliance with APNIC policies
• depend on past usage rate and network plans
– allocate sufficient for up to 1 year
• ‘Assignment window’
•
determines amount LIR can assign to customers
without ‘second-opinion’ from RIR
33
Policies (cont’d)
• Efficiency
•
past and future assignments 25% used, 50%
one/two years
• topological exceptions
• allowance made for past ‘classful’ inefficiency
• Conservation
•
must use up previous allocation
– not more than 20% of total unused
•
reservations not supported
34
Policies (cont’d)
• Registering contact persons
•
must be up to date for both allocations &
assignments
• Validity of allocations and assignments
•
according to lease duration
• according to criteria of original assignment
• Transfer of address space
•
not recognised by registries (mergers excepted)
• return unused address space to appropriate IR
35
Policies (cont’d)
• Effects of mergers, acquisitions & take-overs
•
will require contact with IR
– contact details may change
•
effect on membership aggreement
– new agreement may be required
•
consequences for allocations
– outcome depends on new network structure
• Closure of LIR
•
return unused address space
• advise customers to renumber
36
Policies (cont’d)
• ‘Best current practice’
•
will change over time as technology changes
• For example
•
static assignments discouraged
– dial up
– virtual hosts
– exception for one-way cable networks
•
address conservation considered
– ‘ip unnumbered’
– private address space (rfc1918)
– Network Address Translation (NAT)
37
Internet Registry allocation
and assignment
Procedures
38
Overview
IP address application procedures
• Step 1 - Complete the documentation
• Step 2 - Evaluation
• Step 3 - Assignment
AS number procedures
Routing policy
39
Request life cycle
Step 1
Documentation
no
completed?
More documentation
and clarification
yes
Step 2
Evaluation of
request OK?
no
yes
Step 3
update local
records
update APNIC
database
notify
customer
Allocation or assignment
40
Step 1 – Complete the
documentation
41
Step 1 – Complete
documentation
• Allocations
– APNIC Internet Service Provider ISP Address Request
Form (apnic-065)
– APNIC Confederation Internet Address Request Form
(apnic-075)
• Assignments
– APNIC Second Opinion Request Form (apnic-073)
– APNIC End User Internet Address Request Form (apnic067)
• ‘No questions asked’
– The ‘No Questions Asked’ Prefix Return Policy (apnic072)
42
Worked example
ISP Address Request Form (apnic-065)
• example only looks at
•
network-plan fields
• principles described here apply everywhere
•
anytime you make an assignment
43
ISP request form – Network
Four parts to the form - examine each
• PART I #[NETWORK TEMPLATE V:5.0]#
•
network organisational details
44
ISP request form – Network
netname:
descr:
descr:
country:
admin-c:
tech-c:
remarks:
changed:
mnt-by:
source:
•
APNIC-ISP
Asia Pacific Network Information Centre
Non profit, membership based ISP
AU
PW35-AP
AL25-AP
service provider
[email protected] 1999302
APNIC-MNT
APNIC
will be used for INETNUM object in database
45
ISP request form - Person
• PART II #[PERSON TEMPLATE V:4.0]#
•
technical and administrative contacts
46
APNIC-IR liaison
‘admin’ and ‘tech’ contacts for APNIC
• responsibility
•
legal authority (admin-c)
• technical management
• network planning, backbone design
• deployment, capacity, and upgrade planning
• expertise
•
routing, aggregation, BGP, etc
• addressing, subnetting, CIDR, etc
47
ISP request form – Person
person:
address:
address:
country:
phone:
fax-no:
e-mail:
nic-hdl:
remarks:
remarks:
mnt-by:
changed:
source:
Paul Wilson
Level 1, 33 Park Road,
Milton, QLD 4064
AU
+61 7 3367 0490
+61 7 3367 0482
[email protected]
PW35-AP
Director General, APNIC
No out of hours service
MAINT-APNIC-AP
[email protected] 19981120
APNIC
• Person object relates to admin-c & tech-c in
network object
48
ISP request form – Technical
• PART III #[ISP TECHNICAL TEMPLATE V:4.0]#
•
detailed core of request
49
ISP request form – Technical
acct-name:
connectivity:
conn-provider:
all-0s-subnets:
all-1s-subnets:
supernets:
subnets:
portable:
APNIC-AP
Service Provider
Telstra
YES
YES
YES
YES
NO
• Is equipment able to support classless technologies?
•
APNIC expectation is ‘yes’
• Is address space portable?
•
APNIC requirement is ‘no’
50
ISP request form – Technical
(cont’d)
#[ISP TECHNICAL TEMPLATE V:4.0]#
Network name
cust-network
cust-network:
cust-network:
SIRIUS-NET
ASIA-NET
PACIFIC-NET
Subnet
Mask
IP address
203.12.30.0
203.12.30.32
203.12.30.48
Max
hosts/ No.of
subnet hosts
255.255.255.224
255.255.255.240
255.255.255.240
32
16
16
10/24/29
6/8/10
5/5/9
Connects to Internet
infrastructure:
infrastructure:
infrastructure:
203.12.29.0
202.12.29.32
202.12.29.48
255.255.255.224
255.255.255.240
255.255.255.252
YES 32
YES 16
YES 4
No. of
subnets
2/3/4
1/2/2
1/1/1
Date of assignment
19980505
19980612
19980701
Detailed description
10/24/29
8/10/12
2/2/2
News, Mail & DNS
Cisco (x12)loopback
WAN p2p link POP
Cumulative relative
IP address
network-plan:
network-plan:
network-plan:
0.0.0.0
0.0.0.64
0.0.0.80
255.255.255.192
255.255.255.240
255.255.255.240
YES 64 22/26/60
YES 16 1/5/11
YES 16 7/10/11
62-port dialup router
11 PC’s customer support
NOC Machines
51
Designing addressing
architectures
• What is the problem to be solved?
• Importance of addressing in network design
•
Documenting the architecture of the present
• Documenting the architecture of the goal
52
Developing a strategy
• Senior management goals, budgets,
expectations
• Analysis & design
•
Application topology
• Internal topology
• Infrastructure (security)
• Hardware/software selection
• Deployment planning
53
Some Icons
Router
(layer 3, IP datagram forwarding)
Network Access Server
(layer 3, IP datagram forwarding )
Ethernet switch
(layer 2, packet forwarding)
54
Addressing plan
• Addressing plan example
•
looks at infrastructure network-plan
• principles apply everywhere
• Phased and planned requirements
•
shows now, 6 months, and one year plans
55
Addressing plan (cont’d)
• components of the network
•
dial up
- analogue dialup modems (initially)
- 2 PRI dial up pools x2 (later)
- 8 PRI dial up pools x2 (even later)
•
servers & PCs
- mail, DNS, web
- secondary servers redundancy (later)
- operations management servers, helpdesk PCs
•
routers
- loopback router interfaces
- WAN ports
- customer connections
56
Network plan example
• Starting off
5 leased line
customers
ip unnumbered
Upstream
ISP
10 hosts
5 hosts
16 dialup
modems
• Key elements
15 hosts
• one loopback interface per assigned router /32
• WAN point to point /30
• LANs can have address space they require
• ‘ip unnumbered’ to upstream ISP
57
Addressing plan (cont’d)
• Initial addressing plan
– numbers of host addresses (interfaces)
network-plan:
network-plan:
network-plan:
network-plan:
network-plan:
network-plan:
network-plan:
16
5
10
15
4
2
2
analogue dialup modems
mail, DNS, web servers
ops management servers
customer support PCs
loopback router interfaces
router WAN ports
router WAN ports (5 in total)
58
Network plan example
• 6 months later
30 leased line
customers
ip unnumbered
Upstream
ISP
16 hosts
60 dialup
modems (2PRI)
11 hosts
60 dialup
modems (2PRI)
25 hosts
• Key features
• scale increased
8 hosts
59
Addressing plan (cont’d)
• Network Plan at 6 months
– host addresses added
– note additional hardware
network-plan:
network-plan:
network-plan:
network-plan:
network-plan:
network-plan:
network-plan:
network-plan:
16/60/
0/60/
5/11/
4/6/
10/16/
15/25/
0/8/
2/2/
2 PRI dial up modems
2 PRI dial up modems
mail, DNS, web servers
loopback router interfaces
ops management servers
customer support PCs
secondary servers
router WAN ports (x8)
60
Network plan
• 12 months total
Upstream
ISP A
120 leased line
customers
ip unnumbered
Upstream
ISP B
35 hosts
35 host
240 dialup
modems (8PRI)
11 hosts
240 dialup
modems (8PRI)
40 hosts
• Key features
• site redundancy
• greater complexity
• efficiency
8 hosts
61
Addressing plan (cont’d)
• Network Plan at 12 months
– numbers of host addresses (interfaces)
– now, 6 months and one year
network-plan:
network-plan:
network-plan:
network-plan:
network-plan:
network-plan:
network-plan:
network-plan:
256
256
16
16
64
64
16
4
16/60/240
0/60/240
5/11/11
4/6/12
10/16/35
15/25/40
0/8/8
2/2/2
8 PRI dial up modems
8 PRI dial up modems
mail, DNS, web servers
loopback router interfaces
ops management servers
customer support PCs
secondary DNS & Mail servers
router WAN ports (x8)
• Can now determine subnet sizes
62
Addressing plan (cont’d)
• Addressing plan for network-plan
– determination of relative subnet addresses
– re-ordered large to small according to relative subnet size
network-plan:
network-plan:
network-plan:
network-plan:
network-plan:
network-plan:
network-plan:
network-plan:
0.0.0.0
0.0.1.0
0.0.2.0
0.0.2.64
0.0.2.128
0.0.2.142
0.0.2.158
0.0.2.174
256
256
64
64
16
16
16
4
16/60/240
0/60/240
10/16/35
15/25/40
5/11/11
0/8/8
4/6/12
2/2/2
8 PRI dial up modems
8 PRI dial up modems
ops management servers
customer support PCs
mail, DNS, web servers
secondary DNS & Mail servers
loopback router interfaces
router WAN ports (x8)
– cumulative total
63
Variable length subnet table
• to determine subnet mask sizes
/24
/25
/26
/27
/28
/29
/30
/31
/32
255.255.255.0
256
1C
255.255.255.128 128
1/2 C
255.255.255.192 64
1/4 C
255.255.255.224 32
1/8 C
255.255.255.240 16
1/16 C
255.255.255.248
8
1/32 C
255.255.255.252
4
1/64 C
255.255.255.254
2 1/128 C
255.255.255.255 This is a single host route
• source
– http://ftp.apnic.net/ietf/rfc/rfc1000/rfc1878.txt
64
Addressing plan (cont’d)
• Addressing plan for network-plan
– determination of subnet masks
network-plan:
network-plan:
network-plan:
network-plan:
network-plan:
network-plan:
network-plan:
network-plan:
0.0.0.0
0.0.1.0
0.0.2.0
0.0.2.64
0.0.2.128
0.0.2.142
0.0.2.158
0.0.2.174
255.255.255.0
255.255.255.0
255.255.255.192
255.255.255.192
255.255.255.240
255.255.255.240
255.255.255.240
255.255.255.252
256
256
64
64
16
16
16
4
16/60/240
0/60/240
10/16/35
15/25/40
5/11/11
0/8/8
4/6/12
2/2/2
8 PRI dial up modems
8 PRI dial up modems
ops management servers
customer support PCs
mail, DNS, web servers
secondary DNS & Mail servers
loopback router interfaces
router WAN ports (x 8 )
65
Addressing plan (cont’d)
• Addressing plan for network-plan
– connect to the Internet (full-time, part-time)?
network-plan:
network-plan:
network-plan:
network-plan:
network-plan:
network-plan:
network-plan:
network-plan:
0.0.0.0
0.0.1.0
0.0.2.0
0.0.2.64
0.0.2.128
0.0.2.142
0.0.2.158
0.0.2.174
255.255.255.0
255.255.255.0
255.255.255.192
255.255.255.192
255.255.255.240
255.255.255.240
255.255.255.240
255.255.255.252
PART
PART
YES
YES
YES
YES
YES
YES
256
256
64
64
16
16
16
4
16/60/240 8 PRI dial up modems
0/60/240 8 PRI dial up modems
10/16/35 ops management servers
15/25/40 customer support PCs
5/11/11
mail, DNS, web servers
0/8/8
secondary DNS & Mail svr
4/6/12
loopback router interfaces
2/2/2
router WAN ports (x8)
66
Addressing plan (cont’d)
• Addressing plan for network-plan
– total addresses required
– assigned recommended /22 including customer projection
network-plan:
network-plan:
network-plan:
network-plan:
network-plan:
network-plan:
network-plan:
network-plan:
0.0.0.0
0.0.1.0
0.0.2.0
0.0.2.64
0.0.2.128
0.0.2.142
0.0.2.158
0.0.2.174
255.255.255.0
255.255.255.0
255.255.255.192
255.255.255.192
255.255.255.240
255.255.255.240
255.255.255.240
255.255.255.252
PART
PART
YES
YES
YES
YES
YES
YES
256
256
64
64
16
16
16
4
16/60/240
0/60/240
10/16/35
15/25/40
5/11/11
0/8/8
4/6/12
2/2/2
8 PRI dial up modems
8 PRI dial up modems
ops management servers
customer support PCs
mail, DNS, web servers
secondary DNS & Mail
loopback router interfaces
router WAN ports (x8)
67
Additional information
Final part of request form
• Additional Information
•
network topology maps
• deployment plans
• Often useful to include
68
Additional information
• Deployment plan
•
to support large network growth
– describe type of equipment, planned operational date,
location, communication circuits, and bandwith
• Network topology map
– shows network structure
– can also show POP design
• Hardware details
– equipment specification, number of ports, etc
• Service details
– details of how implement services (eg, web hosting)
– dial up services
69
Step 2 – Evaluation
70
Evaluation
• Example presented
•
shows evaluation by APNIC
• illustrates detail that should be collected at all
levels
– ie. LIR with customer, LIR for NIR, LIR for APNIC
• General principles
– detailed, accurate & complete
– syntactically correct
– understandable & legible
- otherwise delays in service will be incurred
71
Evaluation (cont’d)
• Consistency with policy goals
•
uniqueness
• registration
• aggregation
• conservation
• fairness
72
Evaluation (cont’d)
Summary
• ISP address request form consists of
•
Network template
• Person template
• ISP technical template
– addressing plans
•
Additional information
73
Evaluation (cont’d)
• Technical information
•
contributing APNIC member?
• variable length subnet masks used?
• address space non-portable?
•
private address space considered ?
74
Evaluation (cont’d)
• Addressing plans - general
•
is all address space declared?
– use ‘whois’ to research previous allocations
•
is 80% used up?
• are subnet masks real?
• are assignments classless?
– non-CIDR boundary assignments can be repeated on form
•
is it efficient?
– can addresses be conserved with different subnet mask?
•
what are the usage rates
– how much was used in what time frame?
75
Evaluation (cont’d)
• Customer-network fields
•
what is the prefix distribution?
• are customer assignments recorded accurately in
database?
• are the cust-network name & the network name
the same?
76
Evaluation (cont’d)
• Infrastructure fields
•
are efficient technologies used?
– research archived history
•
has 80% of address space been used?
– sum of infrastructure and cust-network fields is equal to
the total of used address space
77
Evaluation (cont’d)
• Network-plan fields
– is plan detailed enough?
– is plan efficient?
– are dynamic technologies planned?
– do customer projections match infrastructure plans?
• Additional information supplied
– does deployment plan match information in network-plan fields?
– does network topology description correlate with addressing
plan?
- larger requests require additional documentation
• Other considerations
– is the customer renumbering?
– what are the timeframes?
78
Step 3 - Assignments &
allocations
79
Considerations
Assignment
‘Assignment window’ 0
Allocation
‘Slow start’ /19
•determines maximum amount of
address space a LIR can assign
without approval from APNIC
•determines an initial allocation
size that is consistent and fairly
applied to all
•increases when procedures &
criteria are understood
•increases when usage rate
increases
80
Considerations
• Motivation
•
support the LIR during start up
• familiarise the LIR with APNIC procedures
• standardise criteria for request evaluation
• treat everyone the fairly
81
Assignment Window
Assignment
window
LIR Assignment
limit (host addresses)
AW=0
AW=/25
AW=/24
AW=/23
AW=/22
AW=/21
AW=/20
AW=/19
Limit is zero
requests <= 128
requests <= 256
requests <= 512
requests <= 1024
etc
Increasing
responsibilty
of LIR
Maximum is<=/19
•Most impact during start-up phase
• start at minimum
•Not raised automatically
82
Assignment window
Step 1 - Complete the documentation
Step 2 - Evaluation OK
Step 3 - Assignment
Request > AW
Yes
No
LIR makes assignment,
updates DB & local records
LIR adds comments
& recommendations
Send to APNIC
[email protected]
No
Yes
APNIC approves request
83
Assignment and allocations
• LIR can only make assignments not
allocations
• Update local records
•
archive original documents
• Clarify status of address space
•
‘Provider Aggregatable’ or ‘Provider Independent’
– more explanation next slide…
84
PA and PI assignments
• Provider Aggregatable (PA)
– customer uses addresses out of registry’s allocation
– good for minimising size of routing tables
– but customer has to renumber if changing ISP
• Provider Independent (PI)
– customer gets separate range of addresses
– customer keeps addresses when changing ISP
– customer may experience routing problems
– bad for routing tables
• APNIC requires ‘Provider Aggregatable’
85
Database information
• Update the database
•
send person & inetnum objects to database
• wait for database acknowledgement
inetnum:
netname:
descr:
descr:
country:
admin-c:
tech-c:
remarks:
changed:
mnt-by:
source:
202.2.0.0 - 202.2.0.255
APNIC-CUST
Asia Pacific Network Information Centre
Non profit, membership based Organisation
AU
PW35-AP
AL25-AP
Not for profit
[email protected] 19990302
APNIC-MNT
APNIC
86
One last thing..
Ticket Numbers
• hostmaster mailbox is tracked
•
subject line contains ticket number
• automatically assigned with every new request
• format: [APNIC, hash sign & number]
•
eg. Re: [APNIC #3634] ...
• facilitates easier retrieval and referral
87
Autonomous System Numbers
Procedures
88
Overview
• Autonomous system numbers
•
AS number assignments
• guidelines and procedures
• application form (documentation)
• Policy expression
•
syntax
• examples of policy description
89
Autonomous systems
• Definition of an AS
•
collection of networks with the same routing
policy, usually under single ownership, trust &
administrative control
• Recommended reading
– RFC1930: Guidelines for creation, selection and
registration of an Autonomous System
– RFC1997: BGP Communities attribute
– RC2270: Using dedicated AS for sites homed to a single
provider
90
ASN guidelines
• When do I need an AS?
•
multi-homed network to different providers
• routing policy different to external peers
• Factors that don’t count
•
transition
• ‘future proofing’
• history
• multi-homing to the same upstream
• service differentiation
91
Requesting an ASN
• complete the request form (apnic-066)
•
http://ftp.apnic.net/apnic/docs/asn-request
• must include routing policy
•
is checked for accuracy
• verified by query routing table
• http://nitrous.digex.net
• http://nms.kren.ne.kr/kren-xp/kren-lg.html
•
send to [email protected]
92
The AS object
• An example
aut-num:
as-name:
descr:
descr:
as-in:
as-in:
as-in:
as-out:
as-out:
as-out:
default:
admin-c:
tech-c:
remarks:
mnt-by:
changed:
source:
AS4777
APNIC-NSPIXP2-AS
Asia Pacific Network Information Centre
AS for NSPIXP2, remote facilities site
from AS2500 100 accept ANY
from AS2524 100 accept ANY
from AS2514 100 accept ANY
to AS2500 announce AS4777
to AS2524 announce AS4777
to AS2514 announce AS4777
AS2500
PW35-AP
NO4-AP
Filtering prefixes longer than /24
MAINT-APNIC-AP
[email protected] 19981028
APNIC
POLICY
93
Representation of AS policy
Basic concept
AS 1
aut-num: AS1
<administrivia go here>
as-in:
from AS2 accept AS2
as-out: to AS2 announce AS1
AS 2
Aut-num: AS2
<administrivia go here>
as-in:
from AS1 accept AS1
as-out: to AS1 announce AS2
94
Representation of routing
policy
Transit for AS5 by AS4
AS5
AS4
AS 123
cost per AS shows preference. Lower
value = preferred
aut-num:
as-in:
as-in:
as-out:
as-out:
AS4
from AS123 100 accept AS123
from AS5
100 accept AS5
to AS123 announce AS4 AS5
to AS5
announce ANY
Not a path
Can use to indicate full routing
95
Representation of an AS
AS123
link2
AS4
link3
link1
AS6
More complex example
• AS4 and AS6 private link1
• AS4 and AS123 main transit link2
• backup all traffic over link1 in event of link2 failure
96
Representation of an AS
AS123
link2
AS4
link3
link1
AS6
AS representation
aut-num:
as-in:
as-in:
as-in:
as-out:
as-out:
AS4
from AS123
from AS6
from AS6
to AS6
to AS123
100 accept ANY
50 accept AS6
200 accept ANY
announce AS4
announce AS4
full routing received
higher cost for backup route
97
The APNIC Whois Database
98
Overview
What is the APNIC database?
Why use it?
How to update it
How to query it
Summary
99
What is the APNIC
database?
• Network Management Database
‘whois’ database
• collection of objects with attributes which contain
information on:
•
– IP address allocations
– IP address assignments
– AS number assignments
– routing policies
– in-addr.arpa domains
– contact information
100
Why use the APNIC
database?
• Registration of Internet resources
• Assists with operational support
• Contact information
• Problem diagnosis
• Examples to follow...
101
Why use the APNIC
database?
• Tracing origin of network abuse (spam)
• Troubleshooting performance problems
• Investigating security breaches
102
Definitions – objects &
attributes
• An object is a collection of attributes
• An attribute is a key, value pair
– nic-hdl:
PG6-AP
• Each attribute has a specific syntax
• Some are mandatory, some are optional
• Some keys are ‘lookup’ keys for queries
• Some are ‘inverse’ keys for queries
103
Obtaining an object format
• List of attributes for an object available via
whois
•
the ’-t’ flag lists attribute requirements for object
•
whois -h whois.apnic.net -t person
person:
address:
country:
phone:
fax-no:
e-mail:
nic-hdl:
remarks:
notify:
mnt-by:
changed:
source:
[mandatory]
[mandatory]
[optional]
[mandatory]
[optional]
[optional]
[mandatory]
[optional]
[optional]
[optional]
[mandatory]
[mandatory]
[single]
[multiple]
[single]
[multiple]
[multiple]
[multiple]
[single]
[multiple]
[multiple]
[multiple]
[multiple]
[single]
[primary/look-up key]
[]
[]
[]
[]
[look-up key]
[primary/look-up key]
[]
[inverse key]
[inverse key]
[]
[]
104
Database objects
•
as-macro:
group of autonomous systems
•
aut-num:
autonomous system
•
route:
announced routes
•
inetnum:
address assignments & networks
•
inet6num:
experimental object for IPv6 addresses
•
domain:
reverse domains
•
mntner:
(maintainer) authorisation of objects
•
person:
contact persons
•
role:
contact groups/roles
105
Person Object
person:
address:
address:
country:
phone:
fax-no:
e-mail:
nic-hdl:
mnt-by:
changed:
source:
Paul Gampe
Level 1 - 33 Park Road
Milton, QLD, 4064
AU
+61-7-3367-0490
+61-7-3367-0482
[email protected]
PG6-AP
MAINT-APNIC-AP
[email protected] 19990206
APNIC
106
Role Object
role:
address:
address:
phone:
fax-no:
e-mail:
admin-c:
tech-c:
nic-hdl:
mnt-by:
changed:
source:
APNIC DNS Administration
33 Park Road
Milton QLD 4064
+61 7 3367 0490
+61 7 3367 0482
[email protected]
PW35-AP
NO4-AP
DNS3-AP
MAINT-APNIC-AP
[email protected] 19990203
APNIC
107
Network Object
inetnum:
netname:
descr:
descr:
descr:
descr:
country:
admin-c:
tech-c:
mnt-by:
changed:
source:
203.37.255.96 - 203.37.255.127
APNIC-AP-1
Asia Pacific Network Information Center,
Level 1 - 33 Park Road.
Milton QLD 4064
Australia
AU
PW35-AP
NO4-AP
MAINT-APNIC-AP
[email protected] 19981007
APNIC
108
The update process
Email objects to <[email protected]>
Database User
[email protected]
Parser
Whois Database
Authentication
Warnings/Errors returned
109
Who should update the
database?
• APNIC database is a public repository for
APNIC database users
• Data is owned and maintained by those
users
• APNIC runs the server
• Allocations are dependent on accurate data
110
Sending updates
• [email protected]
Parser
•
automatic mailbox
• send all database updates to this mailbox
• can use LONGACK in the subject line
• can use HELP in the subject line
• [email protected]
•
human mailbox
• questions on the database process
111
If the object is wrong
• Syntax checking
•
Warnings
– object corrected then accepted
– notification of action taken in acknowledgment
•
Errors
– object NOT corrected and NOT accepted
– explanatory text returned automatically via email
– if problems continue contact <[email protected]>
112
Authorisation
Authentication
• ‘mnt-by’ attribute and ‘mntner’ object
•
mnt-by attribute should be included in every
object
• objects that contain mnt-by must pass
authentication
• ‘notify’ attribute
•
sends notification to email address specified
• ‘mnt-lower’ attribute
•
hierarchical authorisation for inetnum and domain
objects
113
Successful update
• If syntax and authorisation OK then database
updated
• Mirroring process – may take up to 10
minutes before object is visible
• Types of transactions
insert – create a new object
• update – change attributes of an object
• delete – remove an object
•
114
Nic-hdl’s
• Acronym to uniquely identify person
• Mandatory requirement
•
must be a nic-hdl present in person object
• format: <initials>#-regional registry
– eg: MK16-AP, JLC2-AP
• Obtaining a nic-hdl:
•
nic-hdl: AUTO-1
• nic-hdl: AUTO-2 [INITIALS]
• Note: nic-hdl can be added to existing person
object
115
Nic-hdl (examples)
Results
person:
………
nic-hdl:
John F. Doe
person:
………
nic-hdl:
Anne Smith
AUTO-1JFD
AUTO-2
inetnum: 202.12.28
………
admin-c: AUTO-1JFD
tech-c: AUTO-2
person:
………
nic-hdl:
John F. Doe
person:
………
nic-hdl:
Anne Smith
JFD304-AP
AS519-AP
inetnum: 202.12.28
………
admin-c: JFD304-AP
tech-c:
AS519-AP
116
Inserting a new object
• Email maintainer to <[email protected]>
• OR use APNIC Web form for maintainers
– http://www.apnic.net/apnic-bin/maintainer.pl
mntner:
descr:
admin-c:
tech-c:
upd-to:
auth:
remarks:
notify:
mnt-by:
changed:
source:
MAINT-APNIC-AP
Asia Pacific Network Information Centre
HM20-AP
NO4-AP
[email protected]
CRYPT-PW apf52H7ktBFyw
Maintainer object for APNIC allocations and objects
[email protected]
MAINT-APNIC-AP
[email protected] 19981028
APNIC
117
Updating an existing object
• Mail aut-num object to [email protected]
• Add password for maintainer authentication
aut-num:
as-name:
descr:
as-in:
…
as-out:
admin-c:
tech-c:
mnt-by:
changed:
source:
password:
AS4777
APNIC-NSPIXP2-AS
AS for NSPIXP2, Remote facilities site.
from AS2500 100 accept ANY
to AS2524 announce AS4777
HM20-AP
NO4-AP
MAINT-APNIC-AP
[email protected] 19981028
APNIC
password_goes_here
• Primary key cannot be modified
118
Deleting an object
• Send domain object to [email protected]
• add attribute delete
domain:
descr:
admin-c:
tech-c:
zone-c:
...
mnt-by:
mnt-lower:
changed:
source:
delete:
28.12.202.in-addr.arpa
APNIC in-addr.arpa delegation for nspixpii
HM20-AP
BC666-AP
DNS3-AP
MAINT-DNS-AP
MAINT-DNS-AP
[email protected] 19990203
APNIC
[email protected] no longer required
119
Querying the APNIC
database
• RIPE extended whois client available
•
http://ftp.apnic.net/apnic/dbase/tools/ripe-dbaseclient.tar.gz
• Query via the website
•
http://www.apnic.net/apnic-bin/whois.pl
120
Search keys
•
person
• role
• maintainer
• inetnum
• domain
• aut-num
• as-macro
• route
name, nic-hdl, e-mail
name, nic-hdl, e-mail
maintainer name
network number, name
domain name
as number
as-macro name
route value
121
Example query
• whois 203.37.255.96
inetnum:
netname:
admin-c:
tech-c:
203.37.255.96 - 203.37.255.127
APNIC-AP-1
PW35-AP
NO4-AP
person:
e-mail:
nic-hdl:
Paul Wilson
[email protected]
PW35-AP
person:
nic-hdl:
APNIC Network Operations
NO4-AP
122
Whois -h and -a
• whois -h
•
query a specific host
– whois -h whois.apnic.net
– whois -h whois.arin.net
• whois -a
•
includes the following sources:
– APNIC
– JPNIC
– TWNIC
– KRNIC
– CCAIR
123
Whois -i
• Whois -i
•
inverse lookup for special arguments
– whois -i person PG6-AP
inetnum:
netname:
descr:
descr:
descr:
country:
admin-c:
tech-c:
remarks:
changed:
source:
202.139.192.0 - 202.139.207.255
TWICS
TWICS Co. Ltd.
Tokyo Internet Service Provider
Tokyo
JP
PG6-AP
PG6-AP
service provider
[email protected] 980310
APNIC
• finds all occurences of PG6-AP
person:
Paul Gampe
address: Level 1 - 33 Park Road
address: Milton, QLD, 4064
country:
AU
phone:
+61-7-3367-0490
fax-no:
+61-7-3367-0482
e-mail:
[email protected]
nic-hdl:
PG6-AP
mnt-by:
MAINT-APNIC-AP
changed: [email protected] 19990206
source:
APNIC
124
Example Query
All less
specifics (-L)
0/0
202/8
Exact /
202.1/16
1st less specific
1st level
more
Specific (-m)
All more
specifics (-M)
Example query : 202.1.0.0/16
125
APNIC Whois flags
•i
•L
•m
•M
•r
•T
inverse lookup for specified attributes
find all Less specific matches
find first level more specific matches
find all More specific matches
turn off recursive lookups
type only look for objects of type
(inetnum, route, etc.)
• v verbose information for object of type
‘type’
• whois -h whois.apnic.net HELP
126
Conversion to RPSL
• RIRs to support RPSL
• Basic conversion very simple
• Transition plan
– http:www.ietf.org/internet-drafts/draft-ietf-rps-transition-02.txt
Phase1
Phase2
Phase3
Phase4
Ripe-181
Read/Write
Read/Write
Write
RPSL
Read
Read/Write
Read/Write
127
Conversion tool
• http://www.isi.edu/ra/rps/transition/
Welcome to the RPSL Transition Page
This page presents the latest information on the transition from RIPE-181 to the
new Routing Policy Specification Language. The information will be updated
frequently; visit often to stay up-to-date.
Query a mirrored copy of the Internet Routing Registry
Query a mirrored copy of the IRR that has been converted to RPSL
Convert RIPE-181 objects to RPSL / Perform RPSL syntax checks
Access ISI's RPSL-capable database server
Download the RIPE-to-RPSL converter tool
Transition Plan
RPSL Transition Presentation to NANOG, October 1997
128
ISP Operational Issues
129
Overview
• Current operational problems
•
growing number of routes
• many prefixes announced
• the ‘swamp’
• routing instabililty
• What can ISPs do?
•
aggregate & filter
• dampen flapping routes
• renumber
• NAT
130
Current operational
problems
• Growing number of routes
•
unaggregated Internet would exceed 200,000
routes
Source: http://www.employees.org/~tbates/cidr.hist.plot.html
131
Current operational
problems (cont’d)
• Large number of long prefixes announced
•
Date
990213
990212
990211
990210
990209
19
2771
2767
2769
2758
2741
mostly /24s
20
1515
1516
1514
1508
1482
21
1919
1912
1929
1918
1875
22
2721
2717
2723
2711
2651
23
3634
3628
3632
3633
3541
24
23638
23586
23236
23639
23514
25
12
12
12
12
13
26 27 28 29 30 31 32
23 3 12 5 7 0 4
22 3 12 5 7 0 4
24 3 11 5 7 0 4
19 2 9 5 5 0 5
20 3 11 2 5 0 5
Source: http://www.merit.edu/ipma/routing_table/mae-east/prefixlen.990213.html
132
Current operational
problems (cont’d)
• The ‘swamp’
•
areas of poor aggregation
• 192/8 space uses 6248 networks
Block
Networks Block
Networks Block
Networks Block
Networks
192/8
6248
198/8
4031
204/8
2708
210/8
402
193/8
2389
199/8
3504
205/8
2577
211/8
0
194/8
2855
200/8
1330
206/8
2858
212/8
672
195/8
1415
201/8
0
207/8
2401
213/8
1
196/8
517
202/8
2269
208/8
1570
214/7
5
197/8
1
203/8
3609
209/8
1151
216/8
905
133
Current operational
problems (cont’d)
• Swamp persists
•
lazy or technically unaware ISPs
• perceived market impact
• technical solutions keep ahead of problem so far
(faster routers, bigger memory and CIDR)
• PI address space
– The ‘No Questions Asked’ Prefix Return Policy
(apnic-072)
134
Current operational
problems (cont’d)
• Routing instability
•
large volume of announcements and withdrawals
•
route ‘flapping’ requires significant CPU
Source: http://zounds.merit.net/cgi-bin/do.pl
135
Effects
• Unstable Internet
•
customer perceives poor quality of service from
ISP
• ISP network suffers performance hits
• Difficult diagnosis of problems
•
difficult for support engineers to determine
problems accurately
• helpdesk flooded with support calls
• Strong motivation to protect your network
and customers as much as possible
136
What can ISPs do?
• Overview
•
Aggregate
• Filter
• Dampen flapping routings
• Renumber
• NAT
137
Aggregate & filter
• Aggregate
•
announce network allocation as shortest possible
prefix to external BGP peers
• do not announce the individual networks within
that aggregated block
• keep specifics internal to the network
• Filter
•
reduces size of routing table
• smaller networks more likely to flap
138
Filter
don’t announce or accept ‘Martian networks’
• don’t announce or accept RFC1918 networks
• filter prefixes longer than /24
•
access-list 110 deny ip 10.0.0.0 0.255.255.255 255.0.0.0
0.0.0.255
access-list 110 deny ip 127.0.0.0 0.0.0.255
255.255.255.0 0.0.0.255
access-list 100 deny ip 169.254.0.0 0.0.255.255 255.255.0.0 0.0.0255.255
access-list 110 deny ip 172.16.0.0 0.15.255.255 255.240.0.0 0.15.255.255
access-list 110 deny ip 192.0.2.0 0.0.0.255
255.255.255.0 0.0.0.255
access-list 110 deny ip 192.168.0.0 0.0.255.255 255.255.0.0 0.0.255.255
access-list 110 deny ip 224.0.0.0 31.255.255.255 224.0.0.0 31.255.255.255
default
access-list 110 deny ip host 0.0.0.0 any
access-list 110 deny ip any 255.255.255.128 0.0.0.127
• source:
–http://www.cisco.com/public/cons/isp
139
Dampening
• Impact of route flaps minimised
‘bgp dampening’ command in Cisco IOS
• recommendation of RIPE routing-wg
•
– http://www.ripe.net/docs/ripe-178.html
•
case studies at
– http://www.cisco.com/warp/public/459/16.html
• Operations staff need special training
•
unreachability could be due to dampening, not
disconnection
140
Renumbering
• Same motivation for aggregation
•
holes prevent aggregation
• if using ‘swamp space’ routing may not be
optimal
– longer prefixes filtered
– effects of route-flapping on reachability
• Renumber when changing provider
•
helps reducing address space fragmentation
• improves routability
141
Renumbering (cont’d)
• Plan to minimise impact
•
eg: lower DNS ttl
• use DHCP (dynamic host configuration protocol)
• use secondary IP addresses on routers
– during transition phase
• Reference sources
•
PIER - Procedures for Internet Enterprise
Renumbering
– http://www.isi.edu/div7/pier/papers.html
142
NAT
• Network Address Translation
•
used by firewall or gateways
– http://ftp.apnic.net/ietf/rfc/rfc1000/rfc1631
•
avoids the need for renumbering
• helps conserve address space
• BUT – concern about ‘concept’
•
end to end security may be affected
• Ongoing discussion at IETF and elsewhere
•
mailing list <[email protected]>
143
Multihoming
• Enterprise multihoming
•
increases size of routing tables
• needs careful thought about set up and
requirements
– load balancing, redundancy
– multihoming to same ISP could use private ASn
• References
•
RFC2270: Using a dedicated AS for sites homed
to a single provider
• RFC1997: BGP Communities Attribute
144
Summary
• Can improve QoS and the ‘health’ of the
Internet
•
renumber out of PI address space
• aggregate your network allocations
• filter carefully
• dampen to protect your network from ‘flaps’
• encourage renumbering
• use NAT where appropriate
• Encourage other ISPs to do the same
•
build consensus through peer pressure
145
References
Including Recommended
Reading
146
Session 1 - Introduction
• Regional Registry web sites
•
APNIC
– http://www.apnic.net
•
ARIN
– http://www.arin.net
•
RIPE NCC
– http://www.ripe.net
• APNIC past meetings
– http://ftp.apnic.net/apnic/meetings
147
Session 1 - Introduction
• Details of members
– http://www.apnic.net/members.html
• Membership
– Membership procedure
http://www.apnic.net/membersteps.html
– Membership application form
http://www.apnic.net/apnic-bin/membershipapplication.pl
– Membership fees http://www.apnic.net/feesinfo.html
• Mailing lists
– http://ftp.apnic.net/apnic/mailing-lists
148
Session 2 - Policies & the
policy environment
• Policy documentation
•
Policies for address space management in the
Asia Pacific region
– http://www.apnic.net/policydraft.html
•
RFC2050: Internet Registry IP allocation
Guidelines
– http://ftp.apnic.net/ietf/rfc/rfc2000/rfc2050.txt
149
Session 2 - Policies & the
policy environment
• Classless techniques
•
CIDR
– http://ftp.apnic.net/ietf/rfc/rfc1000/rfc1517-19.txt
– Network Addressing when using CIDR
ftp://ftp.uninett.no/pub/misc/eidnes-cidr.ps.Z
– Variable Length Subnet Table
http://ftp.apnic.net/ietf/rfc/rfc1000/rfc1878.txt
• Private Address Space
•
Address Allocation for Private Internets
– http://ftp.apnic.net/ietf/rfc/rfc1000/rfc1918.txt
•
counter argument: Unique addresses are good
– http://ftp.apnic.net/ietf/rfc/rfc1000/rfc1817.txt
150
Session 3 - APNIC
procedures
• Addressing guidelines
– Designing Addressing Architectures for Routing &
Switching Howard C. Berkowitz
• Address Request forms
– ISP Address Request Form
http://ftp.apnic.net/apnic/docs/isp-address-request
– Second-opinion Request Form
http://ftp.apnic.net/apnic/docs/second-opinion-request
– No Questions Asked
http://ftp.apnic.net/apnic/docs/no-questions-policym
151
Session 3 - APNIC
procedures
• Autonomous Systems
– Guidelines for the creation, selection, and registration of an
AS http://ftp.apnic.net/ietf/rfc/rfc1000/rfc1930.txt
• Representation of IP Routing Policies in a
Routing Registry
– http://ftp.apnic.net/ietf/rfc/rfc1000/rfc1786.txt
• Routing Policy Specification Language (RPSL)
– http://ftp.apnic.net/ietf/rfc/rfc2000/rfc2280.txt
– http://www.ietf.org/internet-drafts/draft-ietf-rps-transition-02.txt
– http://www.isi.edu/ra/rps/transition
– http://www.ietf.org/internet-drafts/draft-ietf-rps-appl-rpsl-04.txt
152
Session 4 - Database
procedures
• APNIC database documentation
– http://ftp.apnic.net/apnic/docs/database-update-info
– http://ftp.apnic.net/apnic/docs/maintainer-request
– http://www.apnic.net/apnic-bin/maintainer.pl
• RIPE database documentation
– ftp://ftp.ripe.net/ripe/docs/ripe-157.txt
• Database ‘whois’ client
– http://ftp.apnic.net/apnic/dbase/tools/ripe-dbaseclient.tar.gz
– http://www.apnic.net/apnic-bin/whois.pl
153
Session 4 - Database
procedures
• in-addr.arpa
– request forms http://www.apnic.net/apnic-008.html
– classless delegations
http://ftp.apnic.net/ietf/rfc/rfc2000/rfc2317.txt
154
Session 5 - Operational
issues
• Operational content books
•
ISP Survival Guide - Geoff Huston
• BGP Table
– http://www.telstra.net/ops/bgptable.html
– http://www.merit.edu/ipma/reports
– http://www.merit.edu/ipma/routing_table/maeeast/prefixlen.990212.html
– http://www.employees.org/~tbates/cidr.hist.plot.html
• Routing instability
– http://zounds.merit.net/cgi-bin/do.pl
155
Session 5 - Operational
issues
• Routing & mulithoming
•
Internet Routing Architectures - Bassam Halabi
• BGP Communities Attribute
– http://ftp.apnic.net/ietf/rfc/rfc1000/rfc1997.txt
– http://ftp.apnic.net/ietf/rfc/rfc1000/rfc1998.txt
•
Multihoming
– Using a Dedicated AS for Sites homed to a Single
Provider http://ftp.apnic.net/ietf/rfc/rfc2000/rfc2270.txt
156
Session 5 - ISP Operational
issues
• Filtering
– Egress Filtering http://www.cisco.com/public/cons/isp
– Network Ingress Filtering: Defeating Denial of Service
Attacks which employ IP Source Address Spoofing
http://ftp.apnic.net/ietf/rfc/rfc2000/rfc2267.txt
• Dampening
– RIPE working group recommended parameters
http://www.ripe.net/docs/ripe-178.html
– case studies at
http://www.cisco.com/warp/public/459/16.html
• Traceroute Server
– http://nitrous.digex.net
157
Session 5 - ISP Operational
issues
• Renumbering
– Network Renumbering Overview: Why Would I Want It
and What Is It Anyway?
http://ftp.apnic.net/ietf/rfc/rfc2000/rfc2071.txt
– Procedures for Enterprise Renumbering
http://www.isi.edu/div7/pier/papers.html
• NAT
– The IP Network Address Translator
http://ftp.apnic.net/ietf/rfc/rfc1000/rfc1631.txt
158