copyright © 2011 japan network information center jpnic ’ s rqa and routing related activities...

Copyright © 2011 Japan Network Information Center

JPNIC’s RQA and Routing Related Activities

JPNIC 　 IP Department 　　Izumi Okutani

APNIC32Aug 2011, Busan


2

What JPNIC does for the integrity of routing

Our basic position- Actual routing decisions are for the operators to mak

e- JPNIC’s role is to help in maintain integrity of routing

for address prefixes under our management

What we do- Before allocation- Problems after allocation- Our routing registry - JPIRR


3

What we do before allocation

Check routing status for allocation blocks for our LIRs - Check route announcement (RIPE RIS) and IRR registration (RA

DB)- APNIC checks routability on /8 basis, so our check is on more

specific level

Make requests to remove registered object(s) in RADB if we find anything pre-registered- Still go ahead with allocations as long as no route announcem

ent is found

No check in IPv6 for now, as pre-used prefixes are rare


4

Trend in IPv4 allocation prefix

Route Announcement- No case with route announcement recently

Inadequate RADB registration(s) - Some inadequate registrations but few in number

• FY2010 - 226 total prefixes, 6 registrations removed, 3 registrations remain even after request• FY2011 - 75 total prefixes, 0 registration remove, 11 registrations remain even after request

- Inadequate registrations somehow concentrate on certain ranges e.g., 27/8, 101/8, 203/8

- 133/8 (the last /8 block) is very clean so far


5

Routing problems after allocation

Few cases reported with routing problems for allocated prefix

Case 1- Problem with reachability to US military base- Issue did not resolve despite LIR,JPNIC, APNIC contacting the upstrea

m and the network in question Case2

- A major US ISP was announcing the prefix, and would not respond to request from LIR,JPNIC

- Consulted JANOG ML and had the announcement withdrawn by contacting through operators in Japan

Case3- Prefix had reachability problem with ETAS and a number of websites- Issue did not resolve despite LIR contacting the upstream and the net

work in question- LIR and JPNIC requested IANA to re-announce to remove debogon filte

rs on NANOG mailing list


6

What we do for problems after allocation Suggest LIR to contact the upstream, network blocking

the route, and/or raise the issue on NOG mailing list(s)- JPNIC also makes contacts if it helps to contact from a registry

Request APNIC/IANA to make announcements to appropriate NOGs outside Japan/APNIC region- Needs global coordination for filtering outside the region

Remaining Issue- Not all of the problems are based on routing - sometimes filteri

ng is done on software level


7

Can we do this better in IPv6?

Is there a way to create good collaborative framework to handle such issues?

What can we do about filtering on application level?

Is there a way for operators through out the RIR regions to discuss and roughly agree on possibly a happier way to handle non-allocated routes than the how we do today?


8

Our Routing registry - JPIRR

For anyone who have directly received number resources from JPNIC- Mirroring with IRR of APNIC, RIPE NCC, RADB

Automated garbage collection on un-updated objects over an interval (max 24 months)

Experiment on collaboration with hijack detection system


9

Status of JPIRR registrations

0

50

100

150

200

250

300

350

2003

/ 08

2003

/ 11

2004

/ 02

2004

/ 05

2004

/ 08

2004

/ 11

2005

/ 02

2005

/ 05

2005

/ 08

2005

/ 11

2006

/ 02

2006

/ 05

2006

/ 08

2006

/ 11

2007

/ 02

2007

/ 05

2007

/ 08

2007

/ 11

2008

/ 02

2008

/ 05

2008

/ 08

2008

/ 11

2009

/ 02

2009

/ 05

2009

/ 08

2009

/ 11

2010

/ 02

2010

/ 05

2010

/ 08

2010

/ 11

2011

/ 02

2011

/ 05

0

1000

2000

3000

4000

5000

6000

Maintainer Object Aut- num Object As- set Object Route Object


10

Experiment on collaboration Hijack detection system

Collaboration with Telecom ISAC Japan’s hijack detection system since May 2008- 137 ISPs join the experiment (nearly 70% of JPIRR

maintainers)

Notify ISPs joining the experiment in cases where route hijacking is suspected- Compare route origin with registered data in JPIRR a

nd notify when difference is detected- Simply add a field “X-Keiro” (Keiro = Route in Japane

se) and register e-mail address for notification in Route object


11

ＪＰＮＩＣＪＰＩＲＲ

route: 202.12.30.0/24 descr: J PNICNET J apan Network Information Center

Kokusai Kogyo Kanda Bldg. 6F 2-3-4 Uchi-Kanda Chiyoda-ku, Tokyo 101-0047 J APAN X-Keiro:[email protected]

origin: AS2515 admin-c: SN3603J P tech-c: YK11438J P tech-c: MO5920J P

notify: [email protected]: MAINT-AS2515 changed: [email protected] 20060721 source: J PIRR

JPIRR

Ｔｅｌｅｃｏｍ－ＩＳＡＣＪａｐａｎHijack detection system

JPIRR

Hijack DetectionSystem

Mirror

ＪＰＩＲＲRegistrant

How the collaboration works

Notify suspected Hijack

Register

RegisteringRouting

information

Hijack Notification

System

ＪＰＩＲＲnotifies its registrants


12

Good relationship cycle

JPIRRRusers

JPIRRRusers

Hijack detectio

n system

Hijack detectio

n system

JPIRRJPIRR

Higher awareness on routing security

1. Increase in JPIRR registrants

2. Increased accuracy of registered data

Higher QoS for its users


13

Discussions with operators

Had panel discussions at our OPMs on “Good relationship between routing and Internet Registry”- Constant collaboration and information sharing would benefit b

oth JPNIC and operators!• Translate operational documents or routing related discussions ou

tside JP• Perhaps should consider giving inputs to policies outside APNIC re

gion for anything that affects routing? • Keep JP ISPs involved in RPKI while also maintaining QoS and sta

bility of JPIRR• Keep track of the impact of routing table growth after the transfer

policy implementation and IPv4 run out

Education and feedbacks from JP operators on routing integrity- Organize tutorial on routing security, get involved in IRS, IX mee

tings- Plan to hear opinions from our LIRs on RPKI


14

Questions

Any suggestions for collaboration between operations and Internet Registry ?

copyright © 2011 japan network information center jpnic ’ s rqa and routing related activities...

Documents

routing securityincrease

hijacktomoya yoshida

ontomoya yoshida

information sharing

impact of routing table

japan xkeiro

sn3603jp techc

yk11438jp techc