260 likes | 444 Views
Database Update. Kaveh Ranjbar Database Group Manager, RIPE NCC. Outline. Short introduction to the Database Group Status of APs and outstanding deliverables Projects completed between RIPE 61 and 62 RIPE Labs publication highlights Q & A. RIPE Database Service.
E N D
Database Update • KavehRanjbar • Database Group Manager, RIPE NCC
Outline • Short introduction to the Database Group • Status of APs and outstanding deliverables • Projects completed between RIPE 61 and 62 • RIPE Labs publication highlights • Q & A
RIPE Database Service • Public Internet Resource Information for RIPE service region • Internet Routing Registry • Repository for resource holder information • Global Resource Information in RIPE RPSL • Tools on http://www.db.ripe.net • Prototypes on http://labs.ripe.net/ripe-database
The Database Group Benedetto Bogdan Denis Kaveh Agoston Erik
RIPE Database statistics • Operational stats: http://www.ripe.net/info/stats/db/ripedb.html
Action Points • Denis Walker • Database Business Analyst, RIPE NCC
Action Points & Projects • AP57.2 Cleanup forward domain data • AP59.1: Reverse Delegation Safeguards • AP61.1: “pingable:” attribute • AP61.2: To investigate the next appropriate level of password hash • The RIPE community approved RIPE Policy Proposal 2010-06 • Policy 2007-01 • Dash ‘-’ notation in reverse DOMAIN
AP57.2: Cleanup forward domain data • Started with DOMAIN objects in the RIPE Database for 43 ccTLDs • 3 are still actively using the RIPE Database • All 4 working on alternative solutions • 40 deleted – TLD object with all sub domains • Users cannot create new TLD objects • Syntax will be changed when last 3 deleted
AP59.1: Reverse Delegation Safeguards The week commencing 13 December 2010 the RIPE NCC deployed a version of the RIPE Database that implements these rules and cleaned-up the existing data. It is no longer possible to create a reverse DNS DOMAIN object in the RIPE Database if either a more or less specific object already exists.
AP59.1: Reverse Delegation Safeguards (cont’d) Objects that were cleaned up all had a less specific DOMAIN object in the database; therefore these objects did not have any operational effect on reverse DNS.
AP61.1: “pingable:” attribute • On the 21st of February the RIPE NCC implemented the "pingable:" and "ping-hdl:" attributes according to the specification in RFC 5943. • They can now be used in ROUTE and ROUTE6 objects in the RIPE Database. • RFC 5943 describes the syntax and explains how to use them: http://tools.ietf.org/html/rfc5943
AP61.1: “pingable:” attribute (cont’d) • The "pingable:" addresses are already active for beacons, anchors and debogon routes announced by the RIPE NCC Routing Information Service (RIS). • For an example of how these are announced, see the ROUTE object for 84.205.81.0/24. • For more information about RIS beacons and anchors, please see: http://www.ripe.net/data-tools/stats/ris/ris-routing-beacons
AP61.2: Appropriate level of password hash • This action point was for the RIPE NCC to investigate using SHA2 for passwords. • Proposal sent to mailing list • Discussion can follow this update.
Policy 2010-06 • The RIPE community approved RIPE Policy Proposal 2010-06, "Registration Requirements for IPv6 End User Assignments". • The proposal is available at: http://www.ripe.net/ripe/policies/proposals/2010-06
Policy 2010-06 (cont’d) • On the 15th of February the RIPE NCC deployed a version of the RIPE Database that implements the policy in the RIPE Database and other RIPE NCC processes, where necessary. • Details of how to use the new aggregation feature of the RIPE Database can be found at: http://www.ripe.net/data-tools/support/documentation/ documenting-ipv6-assignments-in-the-ripe-database • Currently 53340 INET6NUM objects in RIPE Database • 75 have status AGGREGATED-BY-LIR
Policy 2007-01 • 2007-01 is Contractual Requirements for Provider Independent Resource Holders in the RIPE NCC Service Region • As part of the 2007-01 policyimplementation the RIPE NCC has to: • Add RIPE-NCC-END-MNT to all AUT-NUM objects • Change RIPE-NCC-HM-PI-MNT to RIPE-NCC-END-MNT on PI assignment objects or add where necessary
Dash notation in reverse DOMAIN • Proposal sent to mailing list • Drop current dash ‘-’ syntax and expansion from third octet (1-100.2.10.in-addr.arpa) • Causes problems with DNSSEC • Allow dash in fourth octet for classless delegations (6-25.1.2.10.in-addr.arpa) • Stored in RIPE Database with dash • Expansion done by DNS provisioning
Geolocating • KavehRanjbar • Database Group Manager, RIPE NCC
The Problem • No mechanism to link IP addresses to a location • No internationalisation information • Establishing this is difficult and error prone: • Finding out a postal address is hard • Translating the address to a geolocation is hard • Knowing the language at that location is not always clear • User services based on location and internationalisation may be mismatched • Access to certain services could be blocked • Content could be delivered in the wrong language
The Solution • Location and internationalisation details can be optionally linked to IP addresses • Resolution determined by LIR • The holder of an IP address block is: • The authority on where the block is used • Knows the preferred language • Maintainer of the IP address data • The RIPE NCC can provide the mechanism through the RIPE Database to establish this link
Everybody Benefits • End Users • Providers can serve content in the desired language • and related to the user’s location • LIRs • More control over location based services supplied • Less End User complaints • Content Providers • Easier to address their target audience • RIPE Database • Holds more accurate location data
The Way Forward • Interest expressed from Google, MaxMind, IP2Location • If location data is added to your RIPE Database objects, it can be automatically included in their data sets • higher priority input, authoritative source • RIPE NCC will develop simple prototype on RIPE Labs
Development & Innovation highlights • BogdanDumitrescu • Software Engineer
Prototypes and new services on RIPE Labs • GRS Sources and the RIPE Database API • RIPE-GRS, APNIC-GRS, ARIN-GRS, LACNIC-GRS, RADB-GRS • No personal data, no query limits, data may include non RPSL attributes • RIPE Database REST API: Query + CRUD • New interfaces to the RIPE Database (HTTPS, XML, JSON, XLink, XPath, etc.) • Reusable building blocks for other services and tools • http://labs.ripe.net/Members/bfiorell/api-documentation • Search forms and tools – ready for production • Search, Lookup, Free-text Search, Abuse Finder • Work in progress • Update Forms, Crypt Utils, Change Maintainer Authorisation • REST CRUD API, new services for power users
Demo • BogdanDumitrescu Software Engineer