1 / 21

Managing IP addresses for your private clouds

Managing IP addresses for your private clouds. 2013 ASEAN CAS Summit Bangkok, Thailand 7 February 2013 George Kuo Member Services Manager. Overview. Introduction to APNIC and Regional Internet Registries Why your own IP addresses for your clouds?

lilli
Download Presentation

Managing IP addresses for your private clouds

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Managing IP addresses for your private clouds 2013 ASEAN CAS Summit Bangkok, Thailand 7 February 2013 George Kuo Member Services Manager

  2. Overview • Introduction to APNIC and Regional Internet Registries • Why your own IP addresses for your clouds? • Questions to ask your cloud service providers • IPv6 security • How to get IP addresses ? • Internet resource management policies

  3. Introduction to APNIC & Regional Internet Registries

  4. Regional Internet Registries The Internet community established the RIRs to provide fair access and consistent resource distribution and registration throughout the world.

  5. What is APNIC? • The Regional Internet Registry (RIR) for the Asia Pacific • Delegates IP addresses and AS numbers • Maintains the APNIC Whois Database • Manages reverse DNS delegations • Not-for-profit and membership based organization • 3,400+ Members • 100+ Members in Thailand • NOT a domain name registry

  6. APNIC’s Mission • Assist the Asia Pacific Internet community in effective Internet resources management and distribution • Support regional Internet infrastructure building • Seek public consideration of issues that benefit Members and the community • Coordinate and facilitate Internet resource policy development • Provide training and outreach on resource management and APNIC services

  7. Why your own IP addresses for your clouds?

  8. Why your own IP addresses for your clouds? • Service provider networks • A key component in service provision • Addresses to be assigned to infrastructure and customers • Independent networks • Addresses to be used for their own networks • Allows easier management of multiple connections to ISPs/IXPs • Removes the need to renumber when changing upstream providers

  9. Questions to ask your cloud service providers

  10. Questions to ask your cloud service providers • Private IP addressing has its limitations. Are you numbering cloud hosts in public or private addresses? • Private:How many customers share the NAT interface to the public Internet? • Public: Does the provider have enough addresses to meet your future needs? • IP address portability • If you have access to a block of public addresses, does the provider have the capability to use them in provisioning your cloud solution? • What are the costs involved? • Are you being charged for public IP addresses?

  11. Questions to ask your cloud service providers • Does the provider rely on NAT and CGN for their security? • NAT and CGN are not all of your security • You need proper configuration and ACL reflecting your function and needs, e.g. inbound SSH only for your back office network, outbound only to your specified clients • How much shared infrastructure between cloud customers and your specific needs? • Shared access path potentially shared risks • Does the cloud provider understand IPv6? • For future growth and and demand, start early, gain experience • Be aware of difference in IPv6 security

  12. IPv6 security • Mostly the same as IPv4 • ACL are basically the same • ICMPv6 substantially different, do not block most ICMPv6, it’s needed for pMTU discovery…etc • Be aware of different IP fragmentation behaviour • New class of risks • Stateless auto config (SLAAC) • Switch ND exhaustion (DDOS attack) • Get proper IPv6 aware managed switches, they should offer mitigation against both risks

  13. How to get IP addresses

  14. How to get IP addresses • Service providers and independent network operators get their IP addresses from their Internet Registry • Maximum /22 (1,024 addresses) of IPv4 • Initial /48 to /32 of IPv6 • Must meet current policy criteria • Casual users get their IP addresses from their service provider (ISP, hosting, data centre etc.)

  15. How to get IP addresses • Online request form • www.apnic.net/member • Need support ? • Contact APNIC Member Services Helpdesk • Monday to Friday, 09:00 to 21:00 (UTC +10) • www.apnic.net/helpdesk

  16. Policy criteria

  17. Policies • Service providers • IPv4 criteria • Have used a /24 from their upstream provider or demonstrate an immediate need for a /24, • Demonstrate a detailed plan for use of a /23 within a year • IPv6 criteria • Have existing IPv4, or • Plan to provide IPv6 connectivity and make 200 customer assignments in 2 years

  18. Policies • Independent networks • IPv4 criteria • Connected or plan to connect within 3 months to multiple ISPs/IXPs, or • Running an IXP (Internet Exchange Point), or • Running an Internet critical infrastructure e.g. • Root domain name system (DNS) server; • Global top level domain (gTLD) nameservers; • Country code TLD (ccTLDs) nameservers; • National/Regional Internet Registry

  19. Policies • Independent networks • IPv6 criteria • automatically eligible for a minimum IPv6 portable assignment if previously justified an IPv4 portable assignment from APNIC • Running an IXP (Internet Exchange Point), or • Running an Internet critical infrastructure e.g. • Root domain name system (DNS) server; • Global top level domain (gTLD) nameservers; • Country code TLD (ccTLDs) nameservers; • National/regional Internet Registry

  20. Questions?

  21. Thanks! George Kuo, Member Services Manager <george@apnic.net>

More Related