Post on 20-Aug-2020
transcript
Engineering Report Mark Kosters
Big changes with Engineering
• Lots of requests for development/operations support
• The Board heard you • Engineering growing by 12.5 FTEs – 5 operations – 3 developers – 4 SI – ½ PM
2
Staffing
• Operations – Seven engineers + two managers (0) – Five slots open
• Development – Ten engineers + manager (+2) – One slot open
• Software Integration – Nine engineers + manager (+4) – One slot open
• Project Management – One PM – One part-time slot open
• CTO – One
3
Accomplishments since ARIN 34 • Pre-approval support added in ARIN Online • Transfers
– 8.3 Released – 8.2 and 8.4 are underway
• Various improvements to STLS in ARIN Online
• Upgraded PGP to support RFC 3156 – All POC validation messages are PGP-signed from hostmaster
• Improved membership support added in ARIN Online • Moved ARIN Online and mail from ARIN HQ to colo • Migration of NetApp from EMC SAN completed
4
Accomplishments Cont…
• Fault tolerance improvements – Redundancy/failover for internal network
• Corporate help desk and IT support • ARIN member meeting support • Care and feeding of servers & network • OT&E
5
OT&E • Operational Test & Evaluation
– Place to test code – Place to test process – All services now under ote.arin.net – Was used in the RPKI demo on Sunday – Need to register to participate: ~161networks have access
today – https://www.arin.net/resources/ote.html
• Core services in OT&E – Reg-RWS (provisioning API) – Whois-RWS (directory API) – Web interface – RPKI suite (up/down and hosted) – Soon - RDAP
6
YTD Efforts Cont…
• IETF Participation – SIDR (RPKI), WEIRDS (RDAP)
• ICANN Participation – SSAC – RSSAC – Technical Advisory Group
7
Operational Concerns
• Much quieter period than last report • ISP Availability – Connectivity outages with ARIN HQ • Improved visibility on planned outages with Cox
Management • Adding 2nd vendor – fiber now “close” to facility
– Issues with west coast PFS site • RFP issued for a new vendor • Good set of responses so far
8
Operational Highlights
• 100% uptime on our public-facing sites over the past 6 years
• Services include – Whois – Whois-RWS – DNS – Mailing lists – FTP
• Will do the same with RPKI
9
ARIN Online Usage
• 96,512 accounts activated since inception through Q1 of 2015
10
2008 2009 2010 2011 2012 2013 2014
2015*
Number of Accounts Activated
5000 10000 15000 20000
* Through Q1 of 2015
Active Usage of ARIN Online
11
0
10000
20000
30000
40000
50000
0 1 2 - 5 6 - 10 11 - 15 >16
Logins
# o
f Use
rs
Times logged in
• Logins from inception through Q1 of 2015
Reg-RWS Transactions (cumulative)
12
ARIN 29 ARIN 30 ARIN 31 ARIN 32 ARIN 33 ARIN 34 ARIN 35
Template 408,383 595,858 846,943 1,066,037 1,311,403 1,498,204 1,749,383
REST 40,374 320,197 841,105 3,524,124 4,296,734 4,715,231 5,034,717
0
1,000,000
2,000,000
3,000,000
4,000,000
5,000,000
6,000,000
Template
REST
DNSSEC
ARIN 35
DNSSEC Secured Zones 512
Number of Orgs with DNSSEC 107
Total Number of Delegations 569,917
13
RPKI Usage
ARIN XXX
ARIN XXXI
ARIN XXXII ARIN33 ARIN34 ARIN 35
RPAs Signed 27 72 130 162 208 289
Certified Orgs 47 68 108 153 187
ROAs 19 60 106 162 239 308
Covered Resources 30 82 147 258 332 430
Up/Down Delegated 0 0 0 1
14
Whois Queries Per Second
15
0
500
1000
1500
2000
2500
3000
3500
4000
2001-‐07
2001-‐11
2002-‐03
2002-‐07
2002-‐11
2003-‐03
2003-‐07
2003-‐11
2004-‐03
2004-‐07
2004-‐11
2005-‐03
2005-‐07
2005-‐11
2006-‐03
2006-‐07
2006-‐11
2007-‐03
2007-‐07
2007-‐11
2008-‐03
2008-‐07
2008-‐11
2009-‐03
2009-‐07
2009-‐11
2010-‐03
2010-‐07
2010-‐11
2011-‐03
2011-‐07
2011-‐11
2012-‐03
2012-‐07
2012-‐11
2013-‐03
2013-‐07
2013-‐11
2014-‐03
2014-‐07
2014-‐11
2015-‐03
RESTful
Port 43
Whois via IPv6
16
Percentage of traffic over IPv6
0.00%
2.00%
4.00%
6.00%
8.00%
10.00%
12.00%
14.00% 2009-‐01
2009-‐04
2009-‐07
2009-‐10
2010-‐01
2010-‐04
2010-‐07
2010-‐10
2011-‐01
2011-‐04
2011-‐07
2011-‐10
2012-‐01
2012-‐04
2012-‐07
2012-‐10
2013-‐01
2013-‐04
2013-‐07
2013-‐10
2014-‐01
2014-‐04
2014-‐07
2014-‐10
2015-‐01
V6 Percentage
IRR Maintainers
2011 2012 2013 2014 2015 Maintainers 1726 1850 1951 2102 2203
0
500
1000
1500
2000
2500
17
IRR Route / Route6
2011 2012 2013 2014 2015 Route 18636 19969 21204 23535 24879 Route6 242 527 698 1072 1246
1
10
100
1000
10000
100000
Route
Route6
18
IRR InetNum / Inet6Num
2011 2012 2013 2014 2015 InetNum 419 481 531 621 661 Inet6Num 13 25 38 51 63
1
10
100
1000
InetNum
Inet6Num
19
Systems at the forefront
• RPKI – Up/Down available – two takers so far – one removed
themself – One side effect of Up/Down so far
• Validator reporting needs to be fixed • If a delegated repository goes down, it looks like the whole RIR
goes bad
• RDAP (IETF WEIRDS) – Became a set of RFCs during IETF 92 – Code written and being tested – will be deployed in Q3
at the latest – ARIN has open source software at
http://projects.arin.net – Other RIRs and Domain registries are also deploying
RDAP
20
Systems (cont..)
• Creating APIs to core services – Allows YOU to create tools – Allows YOU to follow your timeline
• projects.arin.net (ACSP completed years ago) – If you find your tool is cool … publish it on our site – Way to allow others to come find and use it – We had two takers so far since ARIN 33 with new
tools • Whois-stats - Daily Whois Statistics Parser for JSON. • ArinWhois.net - A .NET client for ARIN's Whois-RWS.
21
What we are working on through 2015 Q3 • Further automation on transfers • Add Links to Whois Query Responses (ACSP 2011.29) • Change Whois Output for Certain /8 Records (ACSP 2013.4) • Two-Factor Authentication (ACSP 2013.8) • Moving RDAP pilot into production • Start “SWIP Easy” – a web-based tool to send in reassignment
information • Work on various other ACSPs • Multiple transit links per Public Facing Site (PFS) with DDoS
mitigation • New load balancers for https support • New west coast PFS site • Security audit • Technical backlog (example: moving from Java6 to Java8)
22
23
Comments?