APNIC 32 Aug 2011 Busan JPNIC s RQA and

What JPNIC does for the integrity of routing n Our basic position - Actual routing decisions are for the operators to make - JPNIC’s role is to help in maintain integrity of routing for address prefixes under our management n What we do - Before allocation - Problems after allocation - Our routing registry - JPIRR 1 Copyright © 2011 Japan Network Information Center

What we do before allocation n Check routing status for allocation blocks for our LIRs - Check route announcement (RIPE RIS) and IRR registration (RADB) - APNIC checks routability on /8 basis, so our check is on more specific level n Make requests to remove registered object(s) in RADB if we find anything pre-registered - Still go ahead with allocations as long as no route announcement is found n No check in IPv 6 for now, as pre-used prefixes are rare 2 Copyright © 2011 Japan Network Information Center

Trend in IPv 4 allocation prefix n Route Announcement - No case with route announcement recently n Inadequate RADB registration(s) - Some inadequate registrations but few in number • FY 2010 - 226 total prefixes, 6 registrations removed, 3 registrations remain even after request • FY 2011 - 75 total prefixes, 0 registration remove, 11 registrations remain even after request - Inadequate registrations somehow concentrate on certain ranges e. g. , 27/8, 101/8, 203/8 - 133/8 (the last /8 block) is very clean so far 3 Copyright © 2011 Japan Network Information Center

Routing problems after allocation n Few cases reported with routing problems for allocated prefix n Case 1 - Problem with reachability to US military base - Issue did not resolve despite LIR, JPNIC, APNIC contacting the upstream and the network in question n Case 2 - A major US ISP was announcing the prefix, and would not respond to request from LIR, JPNIC - Consulted JANOG ML and had the announcement withdrawn by contacting through operators in Japan n Case 3 - Prefix had reachability problem with ETAS and a number of websites - Issue did not resolve despite LIR contacting the upstream and the network in question - LIR and JPNIC requested IANA to re-announce to remove debogon filters on NANOG mailing list 4 Copyright © 2011 Japan Network Information Center

What we do for problems after allocation n Suggest LIR to contact the upstream, network blocking the route, and/or raise the issue on NOG mailing list(s) - JPNIC also makes contacts if it helps to contact from a registry n Request APNIC/IANA to make announcements to appropriate NOGs outside Japan/APNIC region - Needs global coordination for filtering outside the region n Remaining Issue - Not all of the problems are based on routing - sometimes filtering is done on software level 5 Copyright © 2011 Japan Network Information Center

Can we do this better in IPv 6? n Is there a way to create good collaborative framework to handle such issues? n What can we do about filtering on application level? n Is there a way for operators through out the RIR regions to discuss and roughly agree on possibly a happier way to handle non-allocated routes than the how we do today? 6 Copyright © 2011 Japan Network Information Center

Our Routing registry - JPIRR n For anyone who have directly received number resources from JPNIC - Mirroring with IRR of APNIC, RIPE NCC, RADB n Automated garbage collection on un-updated objects over an interval (max 24 months) n Experiment on collaboration with hijack detection system 7 Copyright © 2011 Japan Network Information Center

Status of JPIRR registrations 8 Copyright © 2011 Japan Network Information Center

Experiment on collaboration Hijack detection system n Collaboration with Telecom ISAC Japan’s hijack detection system since May 2008 - 137 ISPs join the experiment (nearly 70% of JPIRR maintainers) n Notify ISPs joining the experiment in cases where route hijacking is suspected - Compare route origin with registered data in JPIRR and notify when difference is detected - Simply add a field “X-Keiro” (Keiro = Route in Japanese) and register e-mail address for notification in Route object 9 Copyright © 2011 Japan Network Information Center

10 Copyright © 2011 Japan Network Information Center

Good relationship cycle Higher Qo. S for its users Higher awareness on routing security JPIRRR users Hijack detection system JPIRR 1. 2. 11 Increase in JPIRR registrants Increased accuracy of registered data Copyright © 2011 Japan Network Information Center

Discussions with operators n Had panel discussions at our OPMs on “Good relationship between routing and Internet Registry” - Constant collaboration and information sharing would benefit both JPNIC and operators! • Translate operational documents or routing related discussions outside JP • Perhaps should consider giving inputs to policies outside APNIC region for anything that affects routing? • Keep JP ISPs involved in RPKI while also maintaining Qo. S and stability of JPIRR • Keep track of the impact of routing table growth after the transfer policy implementation and IPv 4 run out n Education and feedbacks from JP operators on routing integrity - Organize tutorial on routing security, get involved in IRS, IX meetings - Plan to hear opinions from our LIRs on RPKI 12 Copyright © 2011 Japan Network Information Center