Database Update
26
Database Update Kaveh Ranjbar Database Group Manager, RIPE NCC
description
Database Update. Kaveh Ranjbar Database Group Manager, RIPE NCC. Outline. Short introduction to the Database Group Status of APs and outstanding deliverables Projects completed between RIPE 61 and 62 RIPE Labs publication highlights Q & A. RIPE Database Service. - PowerPoint PPT Presentation
Transcript of Database Update
Database UpdateKaveh RanjbarDatabase Group Manager, RIPE NCC
RIPE NCC Database Group - 27 April 2011
Outline• Short introduction to the Database Group• Status of APs and outstanding
deliverables• Projects completed between RIPE 61 and
62• RIPE Labs publication highlights• Q & A
2
RIPE NCC Database Group - 27 April 2011
RIPE Database Service• Public Internet Resource Information for
RIPE service region• Internet Routing Registry• Repository for resource holder
information• Global Resource Information in RIPE RPSL• Tools on http://www.db.ripe.net• Prototypes on
http://labs.ripe.net/ripe-database3
RIPE NCC Database Group - 27 April 2011
The Database Group
4
KavehErik
Agoston
Denis
Benedetto
Bogdan
RIPE NCC Database Group - 27 April 2011
RIPE Database statistics
• Operational stats: http://www.ripe.net/info/stats/db/ripedb.html
5
Action PointsDenis WalkerDatabase Business Analyst, RIPE NCC
RIPE NCC Database Group - 27 April 2011
Action Points & Projects• AP57.2 Cleanup forward domain data• AP59.1: Reverse Delegation Safeguards• AP61.1: “pingable:” attribute• AP61.2: To investigate the next appropriate
level of password hash • The RIPE community approved RIPE Policy
Proposal 2010-06 • Policy 2007-01• Dash ‘-’ notation in reverse DOMAIN
7
RIPE NCC Database Group - 27 April 2011
AP57.2: Cleanup forward domain data• Started with DOMAIN objects in the RIPE
Database for 43 ccTLDs• 3 are still actively using the RIPE
Database–All 4 working on alternative solutions
• 40 deleted – TLD object with all sub domains
• Users cannot create new TLD objects• Syntax will be changed when last 3
deleted 8
RIPE NCC Database Group - 27 April 2011
AP59.1: Reverse Delegation Safeguards The week commencing 13 December
2010 the RIPE NCC deployed a version of the RIPE Database that implements these rules and cleaned-up the existing data.
It is no longer possible to create a reverse DNS DOMAIN object in the RIPE Database if either a more or less specific object already exists.
9
RIPE NCC Database Group - 27 April 2011
AP59.1: Reverse Delegation Safeguards (cont’d)
Objects that were cleaned up all had a less specific DOMAIN object in the database; therefore these objects did not have any operational effect on reverse DNS.
10
RIPE NCC Database Group - 27 April 2011
AP61.1: “pingable:” attribute• On the 21st of February the RIPE NCC
implemented the "pingable:" and "ping-hdl:" attributes according to the specification in RFC 5943.
• They can now be used in ROUTE and ROUTE6 objects in the RIPE Database.
• RFC 5943 describes the syntax and explains how to use them: http://tools.ietf.org/html/rfc5943
11
RIPE NCC Database Group - 27 April 2011
AP61.1: “pingable:” attribute (cont’d)• The "pingable:" addresses are already
active for beacons, anchors and debogon routes announced by the RIPE NCC Routing Information Service (RIS).
• For an example of how these are announced, see the ROUTE object for 84.205.81.0/24.
• For more information about RIS beacons and anchors, please see: http://www.ripe.net/data-tools/stats/ris/ris-routing-beacons 1
2
RIPE NCC Database Group - 27 April 2011
AP61.2: Appropriate level of password hash
• This action point was for the RIPE NCC to investigate using SHA2 for passwords.
• Proposal sent to mailing list• Discussion can follow this update.
13
RIPE NCC Database Group - 27 April 2011
Policy 2010-06
• The RIPE community approved RIPE Policy Proposal 2010-06, "Registration Requirements for IPv6 End User Assignments".
• The proposal is available at:http://www.ripe.net/ripe/policies/proposals/2010-06
14
RIPE NCC Database Group - 27 April 2011
Policy 2010-06 (cont’d)• On the 15th of February the RIPE NCC deployed a
version of the RIPE Database that implements the policy in the RIPE Database and other RIPE NCC processes, where necessary.
• Details of how to use the new aggregation feature of the RIPE Database can be found at: http://www.ripe.net/data-tools/support/documentation/
documenting-ipv6-assignments-in-the-ripe-database
• Currently 53340 INET6NUM objects in RIPE
Database• 75 have status AGGREGATED-BY-LIR
15
RIPE NCC Database Group - 27 April 2011
Policy 2007-01
• 2007-01 is Contractual Requirements for Provider Independent Resource Holders in the RIPE NCC Service Region
• As part of the 2007-01 policy implementation the RIPE NCC has to:– Add RIPE-NCC-END-MNT to all AUT-NUM objects – Change RIPE-NCC-HM-PI-MNT to RIPE-NCC-END-MNT on PI assignment objects or add where necessary
16
RIPE NCC Database Group - 27 April 2011
Dash notation in reverse DOMAIN• Proposal sent to mailing list• Drop current dash ‘-’ syntax and
expansion from third octet (1-100.2.10.in-addr.arpa)
• Causes problems with DNSSEC• Allow dash in fourth octet for classless
delegations (6-25.1.2.10.in-addr.arpa)• Stored in RIPE Database with dash• Expansion done by DNS provisioning
17
GeolocatingKaveh RanjbarDatabase Group Manager, RIPE NCC
RIPE NCC Database Group - 27 April 2011
The Problem• No mechanism to link IP addresses to a location• No internationalisation information• Establishing this is difficult and error prone:
– Finding out a postal address is hard– Translating the address to a geolocation is hard– Knowing the language at that location is not always clear
• User services based on location and internationalisation may be mismatched
– Access to certain services could be blocked– Content could be delivered in the wrong language
19
RIPE NCC Database Group - 27 April 2011
The Solution• Location and internationalisation details can
be optionally linked to IP addresses– Resolution determined by LIR
• The holder of an IP address block is:– The authority on where the block is used– Knows the preferred language– Maintainer of the IP address data
• The RIPE NCC can provide the mechanism through the RIPE Database
to establish this link20
RIPE NCC Database Group - 27 April 2011
Everybody Benefits• End Users
– Providers can serve content in the desired language– and related to the user’s location
• LIRs– More control over location based services supplied
– Less End User complaints• Content Providers
– Easier to address their target audience• RIPE Database
– Holds more accurate location data21
RIPE NCC Database Group - 27 April 2011
The Way Forward• Interest expressed from Google,
MaxMind, IP2Location– If location data is added to your RIPE Database objects, it can be automatically included in their data sets
– higher priority input, authoritative source• RIPE NCC will develop simple prototype
on RIPE Labs
22
Development & Innovation highlightsBogdan DumitrescuSoftware Engineer
RIPE NCC Database Group - 27 April 2011
Prototypes and new services on RIPE Labs• GRS Sources and the RIPE Database API
- RIPE-GRS, APNIC-GRS, ARIN-GRS, LACNIC-GRS, RADB-GRS- No personal data, no query limits, data may include non RPSL
attributes• RIPE Database REST API: Query + CRUD
- New interfaces to the RIPE Database (HTTPS, XML, JSON, XLink, XPath, etc.)
- Reusable building blocks for other services and tools- http://labs.ripe.net/Members/bfiorell/api-documentation
• Search forms and tools – ready for production- Search, Lookup, Free-text Search, Abuse Finder
• Work in progress- Update Forms, Crypt Utils, Change Maintainer Authorisation- REST CRUD API, new services for power users 2
4
DemoBogdan DumitrescuSoftware Engineer
Questions?
