Transcription
Introduction to TheInternetITU/APNIC/MICT IPv6 SecurityWorkshop23rd – 27th May 2016BangkokLast updated 5th May 20151
Introduction to the InternetTopologies and Definitionsp IP Addressingp Internet Hierarchyp Gluing it all togetherp2
Topologies andDefinitionsWhat does all the jargon mean?3
Some Icons Router(layer 3, IP datagram forwarding)Ethernet switch(layer 2, packet forwarding)Network Cloud4
Routed BackbonepISPs build networkscovering regionsnnppppRegions can cover acountry, sub-continent, oreven globalEach region has points ofpresence built by the ISPRouters are theinfrastructurePhysical circuits runbetween routersEasy routing configuration,operation andtroubleshootingThe dominant topologyused in the Internet today5
MPLS BackbonesppSome ISPs & Telcos useMulti Protocol LabelSwitching (MPLS)MPLS is built on top ofrouter infrastructurennpReplaces old ATMtechnologyTunnelling over IP networkMain purpose is to provideVPN servicesnAlthough these can beimplemented with othertunnelling technologiessuch as GRE6
Points of PresencepPoP – Point of PresencennpvPoP – virtual PoPnnnpPhysical location of ISP’s equipmentSometimes called a “node”To the end user, it looks like an ISP locationIn reality a back hauled access pointUsed mainly for consumer access networksHub/SuperPoP – large central PoPnLinks to many PoPs7
PoP TopologiespCore routersnpDistribution routersnpconnections to other providersService routersnphigh port density, connecting the end users to thenetworkBorder routersnphigher port density, aggregating network edge to thenetwork coreAccess routersnphigh speed trunk connectionshosting and serversSome functions might be handled by a singlerouter8
Typical PoP DesignOther ISPsOther ISPsBorderBackbone linkto another PoPBackbone linkto another usinessCustomerAggregationServiceISP Services(DNS, Mail, News,FTP, WWW)AccessHosted ServicesConsumerAggregation9
More DefinitionspTransitnnpPeeringnnnpCarrying traffic across a networkUsually for a feeExchanging routing information and trafficUsually for no feeSometimes called settlement free peeringDefaultnWhere to send traffic when there is no explicitmatch in the routing table10
Peering and Transit exampletransitprovider ApeeringIXP-Westprovider BBackboneProvider Cpeeringprovider EpeeringBackboneProvider DIXP-Eastprovider FtransitA and B peer for free, but needtransit arrangements with C and Dto get packets to/from E and F11
Private InterconnectAutonomous System 334Provider DborderborderProvider CAutonomous System 9912
Public InterconnectA location or facility where several ISPsare present and connect to each otherover a common shared mediap Why?pnTo save money, reduce latency, improveperformanceIXP – Internet eXchange Pointp NAP – Network Access Pointp13
Public InterconnectCentralised (in one facility)p Distributed (connected via WAN links)p Switched interconnectpnnpEthernet (Layer 2)Technologies such as SRP, FDDI, ATM, FrameRelay, SMDS and even routers have been usedin the pastEach provider establishes peeringrelationship with other providers at IXPnISP border router peers with all other providerborder routers14
Public InterconnectISP 1ISP 2ISP 3ISP 4IXPISP 5ISP 6Each of these represents a border router in a different autonomous system15
ISPs participating in InternetpBringing all pieces together, ISPs:nnnnnBuild multiple PoPs in a distributed networkBuild redundant backbonesHave redundant external connectivityObtain transit from upstream providersGet free peering from local providers at IXPs16
Example ISP Backbone DesignISP PeerISP PeerIXPISP PeerISP PeerUpstream1Upstream 2Upstream 2PoP 2Upstream1PoP 1NetworkCoreBackboneLinksPoP 3PoP 417
IP AddressingWhere to get address space andwho from18
IP Addressing BasicspInternet uses two types of addressing:nnpIPv6 – the new IP protocolIPv4 – legacy IP protocolInternet uses classless routingnRouters must be CIDR capablepnnnClassless InterDomain RoutingNo routing assumptions made based on theaddress blockEngineers talk in terms of prefix lengthFor example: 158.43/16 and 2001:db8::/3219
History of IP AddressingpPre-CIDR (before 1994)nnnpThe CIDR IPv4 years (1994 to 2010)npBig networks got a class AMedium networks got a class BSmall networks got a class CSizes of IPv4 allocations/assignments made according todemonstrated need – CLASSLESSIPv6 adoption (from 2011)nnnNetwork Operators get at least one /32End Sites get /48IANA’s free pool is depleted (February 2011) – the sizeof IPv4 address allocations and assignments is now verylimited20
IP AddressingpIP Address space is a resource shared amongstall Internet usersnnnnpRegional Internet Registries delegated allocationresponsibility by the Internet Assigned NumbersAuthority (IANA)AfriNIC, APNIC, ARIN, LACNIC & RIPE NCC are the fiveRIRsRIRs allocate address space to ISPs and Local InternetRegistriesISPs/LIRs assign address space to end customers orother ISPsRIRs address distribution:nnIPv6 is plentifulIPv4 is very limited21
Address delegation hierarchyIANAAfriNICAPNICARINLACNIC(Africa)(Asia & Pacific)(N America)ISPsISPsISPsISPsISPsEnd UsersEnd UsersEnd UsersEnd UsersEnd Users(C&S America)RIPE NCC(EU,ME,C Asia)22
Non-portable Address Spacep“Provider Aggregatable” or “PA Space”nnnnpCustomer uses RIR member’s address spacewhile connected to InternetCustomer has to renumber to change ISPAids control of size of Internet routing tableNeed to fragment provider block whenmultihomingPA space is allocated to the RIR membernAll assignments made by the RIR member toend sites are announced as an aggregate tothe rest of the Internet23
Portable Address Spacep“Provider Independent” or “PI Space”nnnnnCustomer gets or has address spaceindependent of ISPCustomer keeps addresses when changing ISPIs very bad for size of Internet routing tableIs very bad for scalability of the routing system PI space is rarely distributed by the RIRs24
Internet HierarchyThe pecking order25
Global Internet: High Level ViewGlobal ProvidersRegionalProvider 1RegionalProvider 2ContentProvider 1ContentProvider 2AccessR4 1ProviderAccessProvider 2IXPCustomer Networks26
Detailed View of the Global InternetpGlobal Transit ProvidersnnpRegional Transit ProvidersnnnpConnect to each otherProvide connectivity to Content ProvidersProvide connectivity to Access ProvidersContent ProvidersnnpConnect to each otherProvide connectivity to Regional Transit ProvidersCross-connect to Access ProvidersPeer at IXPs (free traffic to Access Providers)Access ProvidersnnConnect to each other across IXPs (free peering)Provide access to the end user27
IPv4 Internet by BGP PeeringsCredit to Blair Harrisonhttp://jedi.school.nz/sg2015/and Dean Pemberton28
IPv6 Internet by BGP PeeringsCredit to Blair Harrisonhttp://jedi.school.nz/sg2015-v6/and Dean Pemberton29
Categorising ISPsTier 1 ISP Regional ISP Access ISP Tier 1 ISPTier 1 ISPTier 1 ISPRegional ISPRegional ISPRegional ISPIXPIXPAccess ISPAccess ISPAccess ISPAccess ISPAccess ISP30
Categorising ISPspTier-1 ISP – definition:nnA provider which peers with other Tier-1s and does NOTpay for transitCaveat:ppRegional providers often have the reach ofTier-1s but still have to rely on maybe one or twoTier-1s to access the whole InternetnpMany marketing departments call their ISP a Tier-1 – eventhough that ISP may still pay for transit to some parts ofthe InternetThey often provide access too, via in country domesticaccess networksAccess providers work exclusively in their locale31
Inter-provider relationshipspPeering between equivalent sizes ofservice providers (e.g. Regional toRegional)nnpPeering across exchange pointsnpShared cost private interconnection, equaltraffic flowsNo cost peeringIf convenient, of mutual benefit, technicallyfeasibleFee based peeringnUnequal traffic flows, “market position”32
Default Free ZoneThe default free zone is madeup of Internet routers whichhave explicit routinginformation about the rest ofthe Internet, and therefore donot need to use a default routeNB: is not related to where anISP is in the hierarchy33
Gluing it together34
Gluing it togetherpWho runs the Internet?nnpHow does it keep working?npNo one(Definitely not ICANN, nor the RIRs, nor the US, )Inter-provider business relationships and the need forcustomer reachability ensures that the Internet by andlarge functions for the common goodAny facilities to help keep it working?nnNot really. But Engineers keep working together!35
Engineers keep talking to eachother.pNorth AmericannnpLatin AmericannnpNANOG (North American Network Operators Group)NANOG meetings and mailing listwww.nanog.orgForo de RedesNAPLALACNOG – supported by LACNICMiddle EastnnMENOG (Middle East Network Operators Group)www.menog.net36
Engineers keep talking to eachother.pAsia & PacificnAPRICOT annual conferencepnAPOPS & APNIC-TALK mailing ilman.apnic.net/mailman/listinfo/apnic-talkPacNOG (Pacific tinfo/pacnogSANOG (South Asia NOG)pE-mail to sanog-request@sanog.org37
Engineers keep talking to eachother.pEuropennpAfricanppAfNOG meetings and mailing listCaribbeannpRIPE meetings, working groups and mailing listse.g. Routing WG: www.ripe.net/mailman/listinfo/routing-wgCaribNOG meetings and mailing listAnd many in-country ISP associations and NOGsIETF meetings and mailing listsnwww.ietf.org38
SummaryTopologies and Definitionsp IP AddressingpnpInternet HierarchynnpPA versus PI address spaceLocal, Regional, Global Transit ProvidersIXPsGluing it all togethernEngineers cooperate, common businessinterests39
Introduction to TheInternetITU/APNIC/MICT IPv6 SecurityWorkshop23rd – 27th May 2016BangkokLast updated 5th May 201540
Non-portable Address Space p "Provider Aggregatable" or "PA Space" n Customer uses RIR member's address space while connected to Internet n Customer has to renumber to change ISP n Aids control of size of Internet routing table n Need to fragment provider block when multihoming p PA space is allocated to the RIR member n All assignments made by the RIR member to
