Database Update Kaveh Ranjbar Database Group Manager RIPE
Database Update Kaveh Ranjbar Database Group Manager, RIPE NCC
Outline • Short introduction to the Database Group • Status of APs and outstanding deliverables • Projects completed between RIPE 61 and 62 • RIPE Labs publication highlights • Q&A RIPE NCC Database Group - 27 April 2011 2
RIPE Database Service • Public Internet Resource Information for RIPE service region • Internet Routing Registry • Repository for resource holder information • Global Resource Information in RIPE RPSL • Tools on http: //www. db. ripe. net • Prototypes on http: //labs. ripe. net/ripe-database RIPE NCC Database Group - 27 April 2011 3
The Database Group Agoston Benedetto Bogdan Denis Erik Kaveh RIPE NCC Database Group - 27 April 2011 4
RIPE Database statistics • Operational stats: http: //www. ripe. net/info/stats/db/ripedb. html RIPE NCC Database Group - 27 April 2011 5
Action Points Denis Walker Database Business Analyst, RIPE NCC
Action Points & Projects • AP 57. 2 Cleanup forward domain data • AP 59. 1: Reverse Delegation Safeguards • AP 61. 1: “pingable: ” attribute • AP 61. 2: To investigate the next appropriate level of password hash • The RIPE community approved RIPE Policy Proposal 2010 -06 • Policy 2007 -01 • Dash ‘-’ notation in reverse DOMAIN RIPE NCC Database Group - 27 April 2011 7
AP 57. 2: Cleanup forward domain data • Started with DOMAIN objects in the RIPE Database for 43 cc. TLDs • 3 are still actively using the RIPE Database – All 4 working on alternative solutions • 40 deleted – TLD object with all sub domains • Users cannot create new TLD objects • Syntax will be changed when last 3 deleted RIPE NCC Database Group - 27 April 2011 8
AP 59. 1: Reverse Delegation Safeguards The week commencing 13 December 2010 the RIPE NCC deployed a version of the RIPE Database that implements these rules and cleaned-up the existing data. It is no longer possible to create a reverse DNS DOMAIN object in the RIPE Database if either a more or less specific object already exists. RIPE NCC Database Group - 27 April 2011 9
AP 59. 1: Reverse Delegation Safeguards (cont’d) Objects that were cleaned up all had a less specific DOMAIN object in the database; therefore these objects did not have any operational effect on reverse DNS. RIPE NCC Database Group - 27 April 2011 10
AP 61. 1: “pingable: ” attribute st 21 • On the of February the RIPE NCC implemented the "pingable: " and "ping-hdl: " attributes according to the specification in RFC 5943. • They can now be used in ROUTE and ROUTE 6 objects in the RIPE Database. • RFC 5943 describes the syntax and explains how to use them: http: //tools. ietf. org/html/rfc 5943 RIPE NCC Database Group - 27 April 2011 11
AP 61. 1: “pingable: ” attribute (cont’d) • The "pingable: " addresses are already active for beacons, anchors and debogon routes announced by the RIPE NCC Routing Information Service (RIS). • For an example of how these are announced, see the ROUTE object for 84. 205. 81. 0/24. • For more information about RIS beacons and anchors, please see: http: //www. ripe. net/datatools/stats/ris-routing-beacons RIPE NCC Database Group - 27 April 2011 12
AP 61. 2: Appropriate level of password hash • This action point was for the RIPE NCC to investigate using SHA 2 for passwords. • Proposal sent to mailing list • Discussion can follow this update. RIPE NCC Database Group - 27 April 2011 13
Policy 2010 -06 • The RIPE community approved RIPE Policy Proposal 2010 -06, "Registration Requirements for IPv 6 End User Assignments". • The proposal is available at: http: //www. ripe. net/ripe/policies/proposals/2010 -06 RIPE NCC Database Group - 27 April 2011 14
Policy 2010 -06 (cont’d) • On the 15 th of February the RIPE NCC deployed a version of the RIPE Database that implements the policy in the RIPE Database and other RIPE NCC processes, where necessary. • Details of how to use the new aggregation feature of the RIPE Database can be found at: http: //www. ripe. net/data-tools/support/documentation/ documenting-ipv 6 -assignments-in-the-ripe-database • Currently 53340 INET 6 NUM objects in RIPE Database • 75 have status AGGREGATED-BY-LIR RIPE NCC Database Group - 27 April 2011 15
Policy 2007 -01 • 2007 -01 is Contractual Requirements for Provider Independent Resource Holders in the RIPE NCC Service Region • As part of the 2007 -01 policy implementation the RIPE NCC has to: – Add RIPE-NCC-END-MNT to all AUT-NUM objects – Change RIPE-NCC-HM-PI-MNT to RIPE-NCC-ENDMNT on PI assignment objects or add where necessary RIPE NCC Database Group - 27 April 2011 16
Dash notation in reverse DOMAIN • Proposal sent to mailing list • Drop current dash ‘-’ syntax and expansion from third octet (1 -100. 2. 10. in-addr. arpa) • Causes problems with DNSSEC • Allow dash in fourth octet for classless delegations (6 -25. 1. 2. 10. in-addr. arpa) • Stored in RIPE Database with dash • Expansion done by DNS provisioning RIPE NCC Database Group - 27 April 2011 17
Geolocating Kaveh Ranjbar Database Group Manager, RIPE NCC
The Problem • No mechanism to link IP addresses to a location • No internationalisation information • Establishing this is difficult and error prone: • – Finding out a postal address is hard – Translating the address to a geolocation is hard – Knowing the language at that location is not always clear User services based on location and internationalisation may be mismatched – Access to certain services could be blocked – Content could be delivered in the wrong language RIPE NCC Database Group - 27 April 2011 19
The Solution • Location and internationalisation details can be optionally linked to IP addresses – • • Resolution determined by LIR The holder of an IP address block is: – The authority on where the block is used – Knows the preferred language – Maintainer of the IP address data The RIPE NCC can provide the mechanism through the RIPE Database to establish this link RIPE NCC Database Group - 27 April 2011 20
Everybody Benefits • • End Users – Providers can serve content in the desired language – and related to the user’s location LIRs – More control over location based services supplied – • Content Providers – • Less End User complaints Easier to address their target audience RIPE Database – Holds more accurate location data RIPE NCC Database Group - 27 April 2011 21
The Way Forward • Interest expressed from Google, Max. Mind, IP 2 Location – If location data is added to your RIPE Database objects, it can be automatically included in their data sets – higher • priority input, authoritative source RIPE NCC will develop simple prototype on RIPE Labs RIPE NCC Database Group - 27 April 2011 22
Development & Innovation highlights Bogdan Dumitrescu Software Engineer
Prototypes and new services on RIPE Labs • • • GRS Sources and the RIPE Database API - RIPE-GRS, APNIC-GRS, ARIN-GRS, LACNIC-GRS, RADB-GRS - No personal data, no query limits, data may include non RPSL attributes RIPE Database REST API: Query + CRUD - New interfaces to the RIPE Database (HTTPS, XML, JSON, XLink, XPath, etc. ) - Reusable building blocks for other services and tools - http: //labs. ripe. net/Members/bfiorell/api-documentation Search forms and tools – ready for production - • Search, Lookup, Free-text Search, Abuse Finder Work in progress - Update Forms, Crypt Utils, Change Maintainer Authorisation - REST CRUD API, new services for power users RIPE NCC Database Group - 27 April 2011 24
Demo Bogdan Dumitrescu Software Engineer
Questions?
- Slides: 26