27°28′23″S 153°00′51″E / 27.47315°S 153.0141°E / -27.47315; 153.0141
39-1004: APNIC (the Asia Pacific Network Information Centre ) is the regional Internet address registry ( RIR ) for the Asia–Pacific region. It is one of the world's five RIRs and is part of the Number Resource Organization ( NRO ). APNIC provides numbers resource allocation and registration services that support the global operation of the internet. It is a nonprofit , membership-based organization whose members include Internet service providers , telecommunication providers, data centers, universities, banks, national Internet registries , and similar organizations that have their own networks. APNIC's main functions are: APNIC manages Internet number resources according to policies developed through an open process of consultation and consensus called
78-498: A ROA is created for a certain combination of origin AS and prefix, this will have an effect on the RPKI validity of one or more route announcements. They can be: Note that invalid BGP updates may also be due to incorrectly configured ROAs. There are open source tools available to run the certificate authority and manage the resource certificate and child objects such as ROAs. In addition,
117-538: A certificate authority, an LIR can either publish all cryptographic material themselves, or they can rely on a third party for publication. When an LIR chooses to use the hosted system provided by the RIR, in principle publication is done in the RIR repository. Relying party software will fetch, cache, and validate repository data using rsync or the RPKI Repository Delta Protocol (RFC 8182). It
156-603: A period of sustained growth, policy development, and the creation of documentation and internal systems. Since then, APNIC has continued to grow from its humble beginnings to a membership of more than 7,700 in 56 economies throughout the region and a secretariat of around 88 staff members located in the head office in Brisbane, Australia. APNIC represents the Asia Pacific region, comprising 56 economies: APNIC covered Madagascar , Mauritius and Seychelles until AFRINIC
195-514: A proper fee structure introduced, the establishment of a membership, and the holding of the first APRICOT meeting. By the time 1997 rolled around, it was becoming increasingly clear that APNIC's local environment in Japan was restricting its growth – for example, the staff was limited to 4–5 members. Therefore, the consulting firm KPMG was contracted to find an ideal location in the Asia Pacific region for APNIC's new headquarters. For reasons such as
234-590: A registry for each of five regions of the world. The regional Internet registries are informally liaised through the unincorporated Number Resource Organization (NRO), which is a coordinating body to act on matters of global importance. As of 2005, there are currently five regional registries: Regional Internet registries are components of the Internet Number Registry System, which is described in IETF RFC 7020, where IETF stands for
273-590: A resource certificate listing the Internet number resources they hold. This offers them validatable proof of holdership, though the certificate does not contain identity information. Using the resource certificate, LIRs can create cryptographic attestations about the route announcements they authorise to be made with the prefixes and ASNs they hold. These attestations are described below. A Route Origin Authorization (ROA) states which autonomous system (AS)
312-473: A supported router using the RPKI to Router Protocol (RFC 6810), Cisco Systems offers native support on many platforms for fetching the RPKI data set and using it in the router configuration. Juniper offers support on all platforms that run version 12.2 or newer. Quagga obtains this functionality through BGP Secure Routing Extensions (BGP-SRx) or a RPKI implementation fully RFC-compliant based on RTRlib. The RTRlib provides an open source C implementation of
351-537: A threat analysis which was documented in RFC 4593. These standards cover BGP origin validation, while path validation is provided by BGPsec , which has been standardized separately in RFC 8205. Several implementations for prefix origin validation already exist. RPKI uses X.509 PKI certificates (RFC 5280) with extensions for IP addresses and AS identifiers (RFC 3779). It allows the members of regional Internet registries , known as local Internet registries (LIRs), to obtain
390-493: A whois search to indicate that APNIC is the source of the abuse. Instead, these references to APNIC simply mean that the address space in question was delegated by APNIC to an organization within the Asia Pacific region. APNIC has no authority to prevent these kinds of network abuse. APNIC also has no technical ability to 'suspend' an Internet service, no mandate to withdraw address registrations, no investigative powers, nor any authority to take action as an enforcement agency. APNIC
429-434: Is a specialized public key infrastructure (PKI) framework to support improved security for the Internet 's BGP routing infrastructure. RPKI provides a way to connect Internet number resource information (such as Autonomous System numbers and IP addresses ) to a trust anchor . The certificate structure mirrors the way in which Internet number resources are distributed. That is, resources are initially distributed by
SECTION 10
#1732797446211468-431: Is an organization that has been allocated a block of IP addresses by a RIR, and that assigns most parts of this block to its own customers. Most LIRs are Internet service providers , enterprises, or academic institutions. Membership in a regional Internet registry is required to become a LIR. Resource Public Key Infrastructure Resource Public Key Infrastructure ( RPKI ), also known as Resource Certification ,
507-476: Is authorised to originate certain IP prefixes . In addition, it can determine the maximum length of the prefix that the AS is authorised to advertise. The maximum prefix length is an optional field. When not defined, the AS is only authorised to advertise exactly the prefix specified. Any more specific announcement of the prefix will be considered invalid. This is a way to enforce aggregation and prevent hijacking through
546-536: Is held with the Asia Pacific Regional Internet Conference on Operational Technologies (APRICOT) and the second one is a stand-alone conference. Both events have a series of workshop sessions on topics such as routing, IPv6, and network security, and plenary and conference tracks on operational topics of current interest. APNIC Labs provide research, measurement, and technical reports on the use of Internet number resources within
585-437: Is important for a relying party to regularly synchronize with all the publication points to maintain a complete and timely view of repository data. Incomplete or stale data can lead to erroneous routing decisions. After validation of ROAs, the attestations can be compared to BGP routing and aid network operators in their decision-making process. This can be done manually, but the validated prefix origin data can also be sent to
624-462: Is in the same position as any other IP address or DNS registry worldwide. APNIC manages reverse DNS delegations for both IPv4 and IPv6. APNIC only delegates the authority of reverse zones to the DNS name servers provided through domain objects. APNIC provides a Resource Certification service, which is a robust security framework used to verify the association between specific IP address blocks of ASNs and
663-708: The IANA to the regional Internet registries (RIRs), who in turn distribute them to local Internet registries (LIRs), who then distribute the resources to their customers. RPKI can be used by the legitimate holders of the resources to control the operation of Internet routing protocols to prevent route hijacking and other attacks. In particular, RPKI is used to secure the Border Gateway Protocol (BGP) through BGP Route Origin Validation (ROV), as well as Neighbor Discovery Protocol (ND) for IPv6 through
702-894: The Internet Engineering Task Force (IETF) , the Internet Engineering and Planning Group (IEPG), the Internet Society (ISOC), and others. The previous registry for Australia , known as AUNIC , is now disbanded, and its responsibilities undertaken by APNIC. APNIC was established in 1992, by the Asia Pacific Coordinating Committee for Intercontinental Research Networks (APCCIRN) and the Asia Pacific Engineering and Planning Group (APEPG). These two groups were later amalgamated and renamed
741-643: The Secure Neighbor Discovery protocol (SEND). The RPKI architecture is documented in RFC 6480. The RPKI specification is documented in a spread out series of RFCs: RFC 6481, RFC 6482, RFC 6483, RFC 6484, RFC 6485, RFC 6486, RFC 6487, RFC 6488, RFC 6489, RFC 6490, RFC 6491, RFC 6492, and RFC 6493. SEND is documented in RFC 6494 and RFC 6495. These RFCs are a product of the IETF 's SIDR ("Secure Inter-Domain Routing") working group, and are based on
780-510: The APNIC community achieve APNIC's objectives. The Secretariat (APNIC's staff) carries out the day-to-day work. The Secretariat is structured in five divisions: Services, Technical, Business, Communications, and Learning & Development. These divisions encompass all APNIC activities, including that of acting as a central source of information for Members. APNIC delegates IP addresses (IPv4 and IPv6) and (ASNs) according to policies developed by
819-566: The APNIC community. All IP and AS number delegation is subject to certain criteria, based on demonstrated need. The APNIC Whois Database details of IP addresses and AS numbers originally allocated by APNIC. It shows the organizations that hold the resources, where the allocations were made, and contact details for the networks. Users can search the whois for information pertaining to these resources, for network troubleshooting, or helping to track network abuse. The organizations that hold those resources are responsible for updating their information in
SECTION 20
#1732797446211858-528: The Asia Pacific Networking Group (APNG). It was established as a pilot project to administer address space as defined by RFC-1366, as well as encompassing a wider brief: "To facilitate communication, business, and culture using Internet technologies". In 1993, APNG discovered they were unable to provide a formal umbrella or legal structure for APNIC, and so the pilot project was concluded, but APNIC continued to exist independently under
897-764: The Caribbean), RIPE NCC (Europe), and AFRINIC (Africa). With the other RIRs, APNIC is a member of the Number Resource Organization (NRO), which exists to protect the unallocated number resource pool, to promote and protect the bottom-up policy development process, and to be the focal point for input into the RIR system. These include the Internet Assigned Numbers Authority (IANA), the Internet Corporation for Assigned Names and Numbers (ICANN) ,
936-687: The Internet Engineering Task Force. The Internet Assigned Numbers Authority (IANA) delegates Internet resources to the RIRs who, in turn, follow their regional policies to delegate resources to their customers, which include Internet service providers and end-user organizations. Collectively, the RIRs participate in the Number Resource Organization (NRO), formed as a body to represent their collective interests, undertake joint activities, and coordinate their activities globally. The NRO has entered into an agreement with ICANN for
975-583: The Internet, for example, IPv6 deployment. The APNIC Foundation is a charity established to raise funds independently from APNIC Member contributions to support and expand Internet development efforts in the Asia Pacific. APNIC works closely with many other Internet organizations, including: Major Internet Service Providers (ISPs), National Internet Registries (NIRs) and Network Information Centres (NICs). ARIN (North America), LACNIC (Latin America and
1014-558: The Policy Development Process (PDP). APNIC's policies are developed by the membership and the broader Internet community. The forums for policy development are the face-to-face Open Policy Meetings, which are held twice each year, and the public mailing list discussions of the Special Internet Groups. APNIC's open PDP also invites stakeholders interested in Internet number resources from around
1053-501: The RIRs have a hosted RPKI platform available in their member portals. This allows LIRs to choose to rely on a hosted system, or run their own software. The system does not use a single repository publication point to publish RPKI objects. Instead, the RPKI repository system consists of multiple distributed and delegated repository publication points. Each repository publication point is associated with one or more RPKI certificates' publication points. In practice this means that when running
1092-556: The RTR protocol and prefix origin verification. The library is useful for developers of routing software but also for network operators. Developers can integrate the RTRlib into the BGP daemon to extend their implementation towards RPKI. Network operators may use the RTRlib to develop monitoring tools (e.g., to check the proper operation of caches or to evaluate their performance). RFC 6494 updates
1131-827: The announcement of a more specific prefix. When present, this specifies the length of the most specific IP prefix that the AS is authorised to advertise. For example, if the IP address prefix is 10.0.0.0 / 16 and the maximum length is 22, the AS is authorised to advertise any prefix under 10.0.0.0 / 16 , as long as it is no more specific than / 22 . So, in this example, the AS would be authorised to advertise 10.0.0.0 / 16 , 10.0.128.0 / 20 or 10.0.252.0 / 22 , but not 10.0.255.0 / 24 . An Autonomous System Provider Authorization (ASPA) states which networks are permitted to appear as direct upstream adjacencies of an autonomous system in BGP AS_PATHs. When
1170-623: The authority of IANA as an 'interim project'. At this stage, APNIC still lacked legal rights, a membership, and a fee structure. In February 1995, the inaugural APNIC meeting was held in Bangkok , marking the beginning of the formalisation of APNIC. This was a two-day meeting, run by volunteers, and was free to attend. Voluntary donations were sought according to the size of the organization, ranging from US$ 1,500 for 'small', through to US$ 10,000 for 'large'. Three member types were defined by APNIC-001: ISP (local IR), Enterprise, and National. 1996 saw
1209-402: The data originator. APNIC conducts a number of training courses in a wide variety of locations around the region. These courses are designed to educate participants to proficiently configure, manage and administer their Internet services and infrastructure and to embrace current best practices. APNIC holds two conferences a year in various locations around the Asia Pacific region. The first one
APNIC - Misplaced Pages Continue
1248-604: The database. Internet number resources must be properly and accurately registered to fulfil the goals of addressing policy as outlined by the Public Technical Identifiers (PTI), who are responsible for the operation of the Internet Assigned Numbers Authority (IANA) functions. This accurate registration of resource usage is a critical role APNIC plays in the operation of the Internet. The database can be searched by using
1287-798: The establishment of the Address Supporting Organisation (ASO), which undertakes coordination of global IP addressing policies within the ICANN framework. The Number Resource Organization ( NRO ) is an unincorporated organization uniting the five RIRs. It came into existence on October 24, 2003, when the four existing RIRs entered into a memorandum of understanding (MoU) in order to undertake joint activities, including joint technical projects and policy coordination. The youngest RIR, AFRINIC , joined in April 2005. The NRO's main objectives are to: A local Internet registry ( LIR )
1326-529: The holders of those Internet number resources. APNIC introduced Resource Certification to improve inter-domain security in the region and enhance the value of the data in the APNIC Whois Database with verification of the resource holder's right-of-use. Resource Public Key Infrastructure (RPKI) is the validation structure for Resource Certification that enables public network users to verify the authenticity of data that has been digitally signed by
1365-520: The meeting via online voting. Each APNIC Executive Council (EC) member serves as an individual, not as a representative of any other party or Member. Therefore, they must act at all times in the best interests of APNIC. The APNIC EC meets face-to-face at four regularly scheduled meetings per year. The APNIC Secretariat operates to serve its Members and the Asia Pacific Internet community stakeholders. Its activities are designed to help
1404-452: The stable infrastructure, the low cost of living and operation, and tax advantages for membership organizations, Brisbane, Australia was chosen as the new location, and relocation was completed between April and August 1998, while maintaining continuous operation throughout. By 1999, the relocation was complete, the Asian economic crisis ended, and so began a period of consolidation for APNIC –
1443-737: The web interface on the APNIC site, or by directing your whois client to whois.apnic.net (for example, whois -h whois.apnic.net 203.37.255.97). APNIC provides an alternative to the whois called the Registration Data Access protocol (RDAP), which was designed to address issues in the whois service, the most important of which are: standardization of queries and responses; internalization considerations to cater for languages other than English in data objects; and redirection capabilities to allow seamless referrals to other registrations. For network abuse such as spam or ( hacking ), people mistakenly interpret references to apnic.net when doing
1482-618: The world (but mostly the Asia Pacific) to participate. These include representatives from governments, regulators, educators, media, the technical community, civil society, and other not-for-profit organizations. APNIC's PDP is: Elections are held at each APNIC Annual General Meeting (AGM), which is conducted during the APNIC Member Meeting (AMM) in February. Voting takes place both on-site at these meetings and prior to
1521-408: Was formed. Regional Internet registry A regional Internet registry ( RIR ) is an organization that manages the allocation and registration of Internet number resources within a region of the world. Internet number resources include IP addresses and autonomous system (AS) numbers. The regional Internet registry system evolved, eventually dividing the responsibility for management to
#210789