Download - Database Update

Database UpdateKaveh RanjbarDatabase Group Manager, RIPE NCC

RIPE NCC Database Group - 27 April 2011

Outline• Short introduction to the Database Group• Status of APs and outstanding

deliverables• Projects completed between RIPE 61 and

62• RIPE Labs publication highlights• Q & A

2


RIPE Database Service• Public Internet Resource Information for

RIPE service region• Internet Routing Registry• Repository for resource holder

information• Global Resource Information in RIPE RPSL• Tools on http://www.db.ripe.net• Prototypes on

http://labs.ripe.net/ripe-database3

http://www.db.ripe.net/

http://labs.ripe.net/ripe-database


The Database Group

4

KavehErik

Agoston

Denis

Benedetto

Bogdan


RIPE Database statistics

• Operational stats: http://www.ripe.net/info/stats/db/ripedb.html

5

http://www.ripe.net/info/stats/db/ripedb.html

http://www.ripe.net/info/stats/db/ripedb.html

Action PointsDenis WalkerDatabase Business Analyst, RIPE NCC


Action Points & Projects• AP57.2 Cleanup forward domain data• AP59.1: Reverse Delegation Safeguards• AP61.1: “pingable:” attribute• AP61.2: To investigate the next appropriate

level of password hash • The RIPE community approved RIPE Policy

Proposal 2010-06 • Policy 2007-01• Dash ‘-’ notation in reverse DOMAIN

7


AP57.2: Cleanup forward domain data• Started with DOMAIN objects in the RIPE

Database for 43 ccTLDs• 3 are still actively using the RIPE

Database–All 4 working on alternative solutions

• 40 deleted – TLD object with all sub domains

• Users cannot create new TLD objects• Syntax will be changed when last 3

deleted 8


AP59.1: Reverse Delegation Safeguards The week commencing 13 December

2010 the RIPE NCC deployed a version of the RIPE Database that implements these rules and cleaned-up the existing data.

It is no longer possible to create a reverse DNS DOMAIN object in the RIPE Database if either a more or less specific object already exists.

9


AP59.1: Reverse Delegation Safeguards (cont’d)

Objects that were cleaned up all had a less specific DOMAIN object in the database; therefore these objects did not have any operational effect on reverse DNS.

10


AP61.1: “pingable:” attribute• On the 21st of February the RIPE NCC

implemented the "pingable:" and "ping-hdl:" attributes according to the specification in RFC 5943.

• They can now be used in ROUTE and ROUTE6 objects in the RIPE Database.

• RFC 5943 describes the syntax and explains how to use them: http://tools.ietf.org/html/rfc5943

11

http://tools.ietf.org/html/rfc5943


AP61.1: “pingable:” attribute (cont’d)• The "pingable:" addresses are already

active for beacons, anchors and debogon routes announced by the RIPE NCC Routing Information Service (RIS).

• For an example of how these are announced, see the ROUTE object for 84.205.81.0/24.

• For more information about RIS beacons and anchors, please see: http://www.ripe.net/data-tools/stats/ris/ris-routing-beacons 1

2

http://www.ripe.net/data-tools/stats/ris/ris-routing-beacons

http://www.ripe.net/data-tools/stats/ris/ris-routing-beacons


AP61.2: Appropriate level of password hash

• This action point was for the RIPE NCC to investigate using SHA2 for passwords.

• Proposal sent to mailing list• Discussion can follow this update.

13


Policy 2010-06

• The RIPE community approved RIPE Policy Proposal 2010-06, "Registration Requirements for IPv6 End User Assignments".

• The proposal is available at:http://www.ripe.net/ripe/policies/proposals/2010-06

14


Policy 2010-06 (cont’d)• On the 15th of February the RIPE NCC deployed a

version of the RIPE Database that implements the policy in the RIPE Database and other RIPE NCC processes, where necessary.

• Details of how to use the new aggregation feature of the RIPE Database can be found at: http://www.ripe.net/data-tools/support/documentation/

documenting-ipv6-assignments-in-the-ripe-database

• Currently 53340 INET6NUM objects in RIPE

Database• 75 have status AGGREGATED-BY-LIR

15

http://www.ripe.net/data-tools/support/documentation/documenting-ipv6-assignments-in-the-ripe-database





Policy 2007-01

• 2007-01 is Contractual Requirements for Provider Independent Resource Holders in the RIPE NCC Service Region

• As part of the 2007-01 policy implementation the RIPE NCC has to:– Add RIPE-NCC-END-MNT to all AUT-NUM objects – Change RIPE-NCC-HM-PI-MNT to RIPE-NCC-END-MNT on PI assignment objects or add where necessary

16


Dash notation in reverse DOMAIN• Proposal sent to mailing list• Drop current dash ‘-’ syntax and

expansion from third octet (1-100.2.10.in-addr.arpa)

• Causes problems with DNSSEC• Allow dash in fourth octet for classless

delegations (6-25.1.2.10.in-addr.arpa)• Stored in RIPE Database with dash• Expansion done by DNS provisioning

17

GeolocatingKaveh RanjbarDatabase Group Manager, RIPE NCC


The Problem• No mechanism to link IP addresses to a location• No internationalisation information• Establishing this is difficult and error prone:

– Finding out a postal address is hard– Translating the address to a geolocation is hard– Knowing the language at that location is not always clear

• User services based on location and internationalisation may be mismatched

– Access to certain services could be blocked– Content could be delivered in the wrong language

19


The Solution• Location and internationalisation details can

be optionally linked to IP addresses– Resolution determined by LIR

• The holder of an IP address block is:– The authority on where the block is used– Knows the preferred language– Maintainer of the IP address data

• The RIPE NCC can provide the mechanism through the RIPE Database

to establish this link20


Everybody Benefits• End Users

– Providers can serve content in the desired language– and related to the user’s location

• LIRs– More control over location based services supplied

– Less End User complaints• Content Providers

– Easier to address their target audience• RIPE Database

– Holds more accurate location data21


The Way Forward• Interest expressed from Google,

MaxMind, IP2Location– If location data is added to your RIPE Database objects, it can be automatically included in their data sets

– higher priority input, authoritative source• RIPE NCC will develop simple prototype

on RIPE Labs

22

Development & Innovation highlightsBogdan DumitrescuSoftware Engineer


Prototypes and new services on RIPE Labs• GRS Sources and the RIPE Database API

- RIPE-GRS, APNIC-GRS, ARIN-GRS, LACNIC-GRS, RADB-GRS- No personal data, no query limits, data may include non RPSL

attributes• RIPE Database REST API: Query + CRUD

- New interfaces to the RIPE Database (HTTPS, XML, JSON, XLink, XPath, etc.)

- Reusable building blocks for other services and tools- http://labs.ripe.net/Members/bfiorell/api-documentation

• Search forms and tools – ready for production- Search, Lookup, Free-text Search, Abuse Finder

• Work in progress- Update Forms, Crypt Utils, Change Maintainer Authorisation- REST CRUD API, new services for power users 2

4

DemoBogdan DumitrescuSoftware Engineer

Questions?