|
|
 |
RIPE NCC Annual Report 2003 |
 |
RIPE NCC
Document ID: ripe-323
Date: 7 May 2004
|
1.0 Foreword
Formed in April 1992 by the RIPE community, the RIPE
NCC was initially set up to operate as a neutral and impartial organisation
capable of supporting the technical co-ordination needs of organisations
involved in IP networking. Once it became clear that there was a
pressing need for a delegated Regional Internet Registry, the RIPE
NCC was the ideal organisation to take on this essential task.
To describe the RIPE NCC as purely a Regional Internet
Registry, therefore, does not do justice to the unique contribution
that the RIPE NCC has made to the global Internet community since
its inception. Over the last ten years the RIPE NCC has been successful
in providing the allocation of Internet number resources to its members,
as well as technical co-ordination and information services to the
Internet community at large. This has been possible due to the nature
of the organisation and its ability to adapt and introduce services
to meet the changing needs of its members and other stakeholders.
The RIPE NCC was able to respond effectively to the need for a second
root server in Europe by deploying the K-root server at the London
Internet Exchange (LINX) in 1997. The RIPE NCC has now successfully
deployed anycast instances of the K-root server across Europe, as
a service to the Internet community at large and to help ensure the
resilience and reliability of the DNS system. Additionally, the RIPE
NCC monitors the quality of the overall root name service and makes
the results publicly accessible in real-time through the RIPE NCC
DNS Monitoring site.
I am pleased to report that steady membership growth
and successful cost control measures in 2003 saw the RIPE NCC more
than make up for the operational loss of the previous year. A number
of developments were deployed to improve the efficiency of the RIPE
NCC and the services it offers its members. Notably, after more than
five years of operations as an independent association, the RIPE
NCC Executive Board felt it was time to review the articles of association
to ensure they remain up-to-date. The new articles of association,
approved by RIPE NCC members at the General Meeting in 2003, provide
greater operational flexibility, allowing the RIPE NCC to respond
more resiliently to industry changes and feedback from its members.
This will further allow the RIPE NCC to achieve its objectives while
remaining operationally stable.
The RIPE NCC maintains relations with an ever-growing
community of stakeholders, industry bodies and representatives from
government. This is crucial as the Internet today moves further into
all pockets of society. The RIPE NCC actively reaches out to these
groups to explain the proven, long-standing industry self-regulatory
structures of the Regional Internet Registries (RIRs) and to secure
their support for the existing registry process.
The RIPE NCC, in collaboration with a range of industry
partners including the other RIRs, the Internet Society, the International
Chamber of Commerce and the Internet Corporation for Assigned Names
and Numbers (ICANN), has been extensively involved in the public,
global debate surrounding the World Summit on the Information Society
(WSIS). The outcome of the WSIS could impact seriously on the bottom-up,
industry self-regulatory processes that have underpinned the Internet
since its inception. It is therefore essential that the RIPE NCC
and the other RIRs actively participate in these discussions and
work together to represent the needs of their members and the Internet
community as a whole.
In this regard, the formation of the Number Resource
Organization (NRO) in 2003 was a major development. The NRO has been
established to further facilitate RIR co-ordination, to provide third
parties with a convenient single point of contact for the RIR system
and to act as a body capable of safeguarding the unallocated number
resource pool.
Finally, I would like to thank the RIPE NCC membership
and the RIPE community for its continued support of the organisation.
I look forward to working with all of you to continue to foster and
support the long-established, bottom-up, industry self-regulatory
processes as well as the innovation that has made the Internet the
powerful, global tool that it is today.
Kees Neggers
Executive Board Chair
|
|
2.0 Summary
and Outlook
Quality of Service
As a result of the feedback received from the 2002
RIPE NCC Membership and Stakeholders Survey, the RIPE NCC has continued
to develop mechanisms to provide members with secure, efficient and
simplified access to the RIPE NCC's services.
A major development in this regard was the LIR Portal,
a customised web interface released in January 2003 to help reduce
response time and give Local Internet Registries (LIRs) increased
and simplified access to the RIPE NCC. With over 2000 LIRs registered,
the LIR Portal has become an invaluable gateway for members to interact
with the RIPE NCC.
To further streamline the request process, updated
request forms for IP addresses and AS Numbers (ASNs) were released
in August 2003. These new forms were the first significant update
to the request forms used by the RIPE NCC since May 1996.
The RIPE NCC will build on the success of these initiatives
to reduce response times and to offer more services through the LIR
Portal. The Talk NCC project, which aims to provide telephone support
for existing and prospective members, will be launched as an initiative
to aid in reducing the completion time of requests.
Membership Support
The activities of the RIPE NCC were also dominated
by focused efforts in 2003 to proactively encourage feedback from
members and to encourage their participation in RIPE Meetings and
in the RIPE community.
To increase the awareness and involvement of the
RIPE NCC membership and the RIPE community in RIPE Meetings, there
was increased support provided for those unable to attend. This included
audiocasting and webcasting of selected sessions, allowing remote
participants to follow the discussions and presentations at the sessions.
The RIPE NCC continued to distribute the RIPE NCC Member Update to
keep members up-to-date with the latest issues and developments relevant
to the RIPE NCC members in advance of the next RIPE Meeting.
Feedback from the RIPE NCC membership, particularly
the 2002 RIPE NCC Membership and Stakeholders Survey, revealed that
members expected the RIPE NCC to dedicate more attention to interacting
with them at a local level. The main requests were for a stronger
local presence of the RIPE NCC and for targeted support in various
pockets of its service region.
As a result, the first RIPE NCC Regional Meeting
was held in Dubai in December 2003. Regional meetings are a chance
to establish direct contact and enhance the dialogue between the
RIPE NCC and its members. These meetings provide participants with
a forum to discuss Internet Protocol networking issues specific to
their region. Two more regional meetings are planned for 2004.
Co-ordinating Efforts with the Regional Internet
Registries
The RIPE NCC, along with the other RIRs, continued
to offer support for the emerging RIR, AfriNIC. Two AfriNIC staff
members spent six months at the RIPE NCC offices in Amsterdam to
learn about the activities of the various departments and to gain
experience in an established RIR.
In October 2003, the Number Resource Organization
(NRO) was formed by the signing of a Memorandum of Understanding
(MoU) between the four RIRs. The NRO was established to further facilitate
RIR co-ordination, to provide third parties with a convenient single
point of contact for the RIR system and to act as a body capable
of safeguarding the unallocated number resource pool.
The members of the NRO Executive Council are the
CEOs of the four RIRs: Paul Wilson (APNIC), Ray Plzak (ARIN), Raúl
Echeberría (LACNIC) and myself representing the RIPE NCC.
Together with the other RIRs, the RIPE NCC will continue
to develop the NRO to facilitate the common approach needed for many
aspects of RIR work. This includes the co-ordination of global addressing
policies, the administration of upper level reverse DNS domains and
negotiations with external entities. The RIRs will continue discussions
with ICANN about the Address Supporting Organization (ASO) and the
feasibility of the NRO taking on this task.
The RIPE NCC, along with the other RIRs, will continue
to participate in the World Summit on Information Society (WSIS)
arena, paying particular attention to increasing the role of the
RIRs in the inter-summit process. The RIRs will continue to co-ordinate
efforts by actively participating in discussions and outreach activities
in order to win continued support for the long-established, industry
self-regulatory process that is the basis of the current IP resource
allocation and administration system.
Serving the Internet Community
As the organisation responsible for operating the
K-root server, the RIPE NCC will continue to deploy anycast instances
throughout the RIPE NCC service region. Up to ten more instances
of K-root will be deployed in 2004 in order to further improve the
distribution of this crucial service in various Internet regions
and increase its resilience against Distributed Denial of Service
(DDoS) attacks. As K-root is one of the 13 root servers, this also
means improvement for the Root Server System as a whole. As requested
by the RIPE community, the RIPE NCC will continue to monitor the
quality of the root name service and make the results publicly accessible
through the RIPE NCC DNS Monitoring site.
Furthermore, the RIPE NCC will use its position as
a neutral, credible and authoritative information source to foster
open forum discussions and to supply timely and accurate network
and Internet-related information to the Internet community. This
is becoming an increasingly important aspect of the RIPE NCC's work,
especially in regard to countering speculative claims about the future
of Internet resources and their availability.
I would like to thank the RIPE NCC members for their
ongoing support of the RIPE NCC and call for their continued participation
in the long-established processes that have been developed by the
Internet community over the years. Meeting the changing needs of
the Internet and the community responsible for operating its infrastructure
remains a key responsibility, and one which the RIPE NCC is in a
unique position to fulfil.
Axel Pawlik
Managing Director
|
|
3.0 What
is the RIPE NCC?
The RIPE Network Coordination Centre (RIPE NCC) is
an independent, not-for-profit membership organisation that supports
a membership base of around 3,500 members in more than 90 countries
across Europe, the Middle East, Central Asia and African countries
located north of the equator.
Role
The RIPE NCC supports the infrastructure of the Internet
through technical co-ordination in its service region and beyond.
The most prominent activity of the RIPE NCC is to act as the Regional
Internet Registry (RIR) in its service region, providing global Internet
resources and related services (IPv4, IPv6 and AS Number resources).
The RIPE NCC also provides services for the benefit
of the Internet community at large, including the development and
maintenance of the RIPE Whois Database and administrative support
for the RIPE community. Other activities include outreach activities
with governments and industry-related organisations, management of
one of the 13 root name servers (k-root),
deployment of a neutral measuring network that provides publicly
accessible and authoritative statistics on the operation of the Internet
and deployment of a routing registry.
All activities and projects are described in the
annual RIPE NCC Activity Plan. This is part of the "RIPE NCC Activities,
Expenditures and Charging Scheme 2003" document, which can be found
at:
http://www.ripe.net/ripe/docs/ap2003.html
The mission of the RIPE NCC is to perform activities
for the benefit of the membership, primarily activities that the
members need to organise as a group, although they may compete with
each other in other areas. While an activity may result in services
being provided to an individual member, performing the activity as
a whole must benefit the RIPE NCC membership as a group.
Membership is open to anyone using the RIPE NCC services.
The activities and services of the RIPE NCC are defined, performed,
discussed and evaluated in an open manner. In all of its activities,
the RIPE NCC observes strict neutrality and impartiality with regard
to individual members. The RIPE NCC membership consists mainly of
Internet Service Providers (ISPs), telecommunication organisations
and large corporations.
More information about the activities of the RIPE
NCC is provided in the RIPE NCC Information Sheet, available at:
http://www.ripe.net/ripencc/about/infosheet.pdf
A detailed map of the RIPE NCC service region can
be found at:
http://www.ripe.net/region-maps/
Structure
The organisational structure of the RIPE NCC consists
of:
- Members who provide input on the RIPE NCC Activity
Plan and Budget and who vote on the RIPE NCC Charging Scheme at
the RIPE NCC General Meeting; they also give general input on the
activities and services of the RIPE NCC through participation on
public mailing lists and at open RIPE Meetings.
-
The Executive Board as appointed
by the RIPE NCC membership.
- The RIPE NCC staff.
The RIPE NCC Executive Board.
From left to right: János Zsakó, Kees Neggers, Frode
Greisen, Manfredo Miserocchi, and Nigel Titley.
|
|
4.0 Membership
Report
In 2003, 548 members applied for RIPE NCC membership
as compared to 530 members in 2002. Due to mergers, closures and
non-payment
of members, the net growth was only 219 members. This is an increase
of 6.7% compared to 2002.
Membership growth was steady during the year with
an average of between 40 and 50 new members per month.
There has been continuous membership growth in Russia
and a decline in new members in Germany. Germany still has the largest
number of members in the RIPE NCC service region with 483 members.
|
|
5.0 Services
and Projects
5.1 Registration Services
One of the RIPE NCC's activities as a Regional Internet
Registry is to provide registration services to its members. The
overall goal is to fairly distribute Internet resources needed for
the stable and reliable operation of the Internet globally.
Among the most important services supplied by the
RIPE NCC are the allocation and assignment of IP address space, ASNs
and the management of reverse domain name space. Other areas of activity
include training LIRs and the production of documentation to support
registration services activities. In addition, the RIPE NCC works
with LIRs to improve the quality and accuracy of registration data.
The goals are to ensure that registrations comply with the RIPE community's
policies and that the contact information is accurate and up-to-date.
In 2003, the RIPE NCC processed a total of 23,535
requests for resources and related assistance (as compared with a
total of 21,913 requests in 2002). This represents a 7% increase
from 2002. In 2003, the RIPE NCC allocated 1.75 /8s (as compared
to the 1.27 /8s allocated in 2002). The initial response time for
resource requests and membership applications continued to improve
in 2003. The response time for an Internet resource request remained
stable at under one working day. The Registration Services Department
is also working to reduce the time to completion of requests as well
as the initial response time.
IPv4
The RIPE NCC continued to allocate address space
from the 82/8 IPv4 block received from the Internet Assigned Numbers
Authority (IANA) in November 2002, as well as from previously allocated
/8s. It allocated more than 29 million IPv4 addresses. This is equivalent
to about one /8 in seven months. The RIPE NCC also received a new
IPv4 address range from the IANA in November 2003 - [83.0.0.0 - 84.255.255.255].
IPv6
The RIPE NCC received its fourth and fifth /23
IPv6 allocation from the IANA in February 2003 and July 2003 respectively.
There has been rapid growth in the number of IPv6
allocations made after the policy approved at RIPE 42 was implemented
in July 2002.
The ranges allocated to the RIPE NCC at the end
of 2003 were:
-
2001:0600::/23
-
2001:0800::/23
-
2001:0A00::/23
-
2001:1400::/23
-
2001:1600::/23
In 2003, 139 /32 allocations were made to RIPE
NCC members, an increase of 56% over the previous year. In
total, 278 IPv6 allocations have been made by the RIPE NCC since
it started allocating IPv6 address space in 1999. From the 63 /35
allocations made under the provisional IPv6 policy agreed in 1999,
52 had been expanded to /32, the current minimum allocation size,
by the end of 2003. 64 /48s have been assigned for Internet Exchange
Points (IXPs) since the interim policy was agreed in 2001.
http://www.ripe.net/ripe/docs/ipv6-policy-ixp.html
Two root name server operators (I and K) have
requested IPv6 address space. The RIPE community has a policy
allowing root name servers to receive a block of the minimum
allocation size (currently a /32).
http://www.ripe.net/ripe/docs/ipv6-rootservers.html
Reverse Delegation
As part of member services, the RIPE NCC provides
reverse domain delegations for allocated IPv4 and IPv6 address
space.
In addition to the automated handling of reverse
delegation requests, human handling was required for about 50%
of requests received. These individuals also deal with user questions
concerning reverse delegation. In 2003, the RIPE NCC delegated
342 /16 domains and 38,946 /24 domains.
During 2003, the RIPE NCC continued to make IPv6
reverse delegations available within both ip6.int and ip6.arpa.
At the end of 2003, 130 /32 delegations had been made within
ip6.arpa. This is a 260% increase from the previous year. The
RIPE NCC made "ns-v6.ripe.net" available as a secondary
name server for these domains. Delegation of /32 domains for
LIRs whose /35 IPv6 allocations had not been expanded to /32
remained available. For more information on reverse delegation,
see section 5.4 of this report.
Autonomous System Numbers
An Autonomous System is a connected group of
one or more IP prefixes run by one or more network operators
that has a single and clearly defined routing policy.
In the past year, the RIPE NCC assigned 1275
AS Numbers for LIRs. On average, 106 AS Numbers were assigned
per month. This is an increase of 17% over last year. The
RIPE NCC received a new block of 1024 AS Numbers from the IANA
in September 2003. Assignment from this range did not begin until
November 2003.
Early Registration Transfer (ERX)
Many organisations based in the RIPE NCC service
region obtained address space from InterNIC and the other registries
that pre-dated ARIN's formation in 1997.
In December 2002, the RIPE NCC began transferring
early registrations in the former Class B space from the ARIN
Database to the RIPE Database. The transfer process continued
throughout 2003. A total of 42 /8s need to be processed. Two
/8s are processed at a time and, by the end of 2003, a total
of 29 /8s had been completed.
There are more than 3000 registrations to be
transferred from three /8s in the former Class C space.
Training
During 2003, the RIPE NCC provided 71 training
courses in 25 countries in the RIPE NCC service region. About
1500 LIR staff were trained in 2003.
The objective of the LIR Training Courses is
to train the membership how to request Internet resources and
how to use the RIPE Database.
The training material is updated monthly to ensure
that members are aware of any recent policy changes decided by
the RIPE community.
The RIPE NCC introduced a new course in 2003.
The Routing Registry (RR) Training Course, aimed at experienced
network operators, explains the features of the Routing Registry
and the related tools, introduces relevant services of the RIPE
NCC and explains the basics of the Routing Policy Specification
Language (RPSL). The course is given through presentations, demonstration
of tools and interactive practical exercises.
The DNS Security (DNSSec) Training Course, introduced
in 2002, is aimed at experienced DNS operators and explains how
to implement DNSSec in an operational environment.
Additionally, IP Request Tutorials were given
at RIPE and AfriNIC Meetings as well as at the RIPE NCC Regional
Meeting in Dubai. The tutorials contain basic material selected
from the current LIR Training Course material and are open to
all meeting participants.
The RIPE NCC continuously tries to find ways
to improve its training service and to reach as many members
and representatives from the RIPE community as possible. The
RIPE NCC is currently investigating the use of new training
methods and media types that will allow the training team to
provide a better service and to train more people more cost effectively.
Further information about the RIPE NCC LIR Training
Courses can be found at:
http://www.ripe.net/training/
|
|
|
Tools and Support for LIR Operations
LIR Portal
The RIPE NCC LIR Portal was released in January
2003 to help reduce response time and improve communication with
RIPE NCC members. The portal provides LIRs with increased and simplified
access to the RIPE NCC via a customised web interface.
At the end of 2003, there were 2,183 active LIR
accounts and 4,296 user accounts. This is an average of almost
two user accounts per LIR.
Since version 1.0 was released, the following features
have been added:
Version 2.0 of the LIR Portal was released in
December 2003. New features of the portal will continue to be
added based on input from the membership.
Improved Secure Communication System for RIPE
NCC Members
Many services that the RIPE NCC provides for
its members have requirements of authentication, non-repudiation,
data integrity, data confidentiality and access control. An approach
based on X.509 PKI technology and standards was chosen to make
interaction with the services provided by the RIPE NCC to its
members more convenient and secure.
The phases of the implementation are:
The LIR Portal work was completed, and the community
process achieved consensus on the RIPE Database design. A more
detailed plan for the remaining phases will be presented to the
community and implemented based on their feedback.
RIPE Community Policy Developments in 2003
The RIPE NCC adheres to Internet address distribution
policies developed by community consensus in the RIPE Address
Policy Working Group. The RIPE LIR Working Group was divided
into two groups in 2003: the RIPE Address Policy Working Group
and the RIPE NCC Services Working Group. Through open discussions
at RIPE Meetings and on public mailing lists, consensus for the
following policy changes was reached:
- During 2003, the RIPE community updated and
shortened the IPv4 policy documentation. This can be found at:
The RIPE NCC will continue its efforts to keep
policy documentation clear and concise. Policy changes will be
reported in an efficient and easily accessible format. The RIPE
Document Store now contains a listing of recent changes to RIPE
Documents as a service to the RIPE community. The RIPE Document
Store is available at:
http://www.ripe.net/ripe/docs/updates.html
|
|
|
5.2 Membership Liaison
In order to strengthen membership interaction,
the RIPE NCC developed the role of the Membership Liaison Officer
(MLO) in 2003. The MLO is responsible for managing liaison activities
and regional support to all members throughout the RIPE NCC service
region. The primary function of these activities is to make it
easier to continuously evaluate and address the changing needs
of RIPE NCC members.
This includes establishing close contact with the
RIPE NCC Services Working Group and following a more focused approach
to industry-related meetings and events. The MLO also co-ordinates
regional support activities that enable the RIPE NCC to establish
and maintain direct contact with members across its entire service
region.
RIPE NCC Regional Meetings
As a result of the Membership Survey in 2002 and
other feedback from the membership, it became apparent that the
RIPE NCC was expected to dedicate more attention to interacting
with members at a local level. The main requests were for a more
local presence of the RIPE NCC and for targeted support in various
pockets of its service region.
Regional meetings are a chance to establish direct
contact and enhance the dialogue between the RIPE NCC and its members.
These meetings provide participants with a forum to discuss IP
networking issues specific to their region.
The first RIPE NCC Regional Meeting was held for
the Middle East area in Dubai, from 7 - 9 December 2003. More information
about this RIPE NCC Regional Meeting can be found at:
http://www.ripe.net/ripencc/regional-meetings/dubai-2003/
|
Saleem Al-Balooshi (Etisalat) and
Axel Pawlik (RIPE NCC) at the RIPE NCC Regional
Meeting (Dubai, December 2003)
|
5.3 Database Services
One of the main public services provided by the RIPE
NCC is the operation and maintenance of the RIPE Whois Database.
The database contains information about IP address space and AS Number
allocations; DNS reverse delegations; routing policies; and contact
information. It is used by the RIPE NCC and LIRs to record information
about number resources and by ISPs to publish routing policies. End
Users, most of who are not RIPE NCC members, use this information
for various purposes, such as network troubleshooting.
The RIPE Whois Database can be queried by a WHOIS
client using the server whois.ripe.net, or by a web browser at:
http://www.ripe.net/perl/whois
Facts & Figures
The contents of the database showed a continued steady
growth in records representing IPv4 allocations and the associated
contact information and DNS reverse delegations. There was a reduction
in the total number of records with contact information, as these
are now deleted automatically when they are not referenced by other
records for an extended period of time. A number of ccTLD registries
also removed information about their domains from the database, lowering
the total number of domain records. The total number of records
rose from about 1.7 million to 1.9 million.
There was an increase in query rate, exceeding 30
queries/second average on a weekly average basis, coming from over
50,000 unique IP addresses each day. These queries return on average
almost five million objects per day, more than twice the content
of the whole database. The majority of these queries are requests
for address space information. However, as in previous years, there
has been a significant increase in queries for information about
domains in ccTLD databases.
New and Modified Database Features
IPv6 Proxy
IPv6 access to the RIPE Whois Database was made available
in 2003 by means of a proxy service. Additionally, an IPv6-enabled
client was made available for users. Full information, including
design notes and the rationale for using a proxy, can be found at:
http://www.ripe.net/ripencc/pub-services/db/whois-ipv6.html
Unreferenced Personal Information Clean-up Mechanism
Periodic automatic deletion of person objects that
are not referenced as a contact was activated to reduce the amount
of private data and free the resources consumed by them. Details
about this may be found at:
http://www.ripe.net/ripe/mail-archives/db-wg/2003/msg00499.html
Improvements in the RIPE Database Software
The software used to update the database was restructured.
The main goals were to improve the acknowledgement messages that
users receive from the RIPE Whois Database and provide clearer error
reporting and authorisation information. A secondary goal was to
make the software easier to maintain and modify, in order to reduce
the time spent fixing bugs and adding new features. More details
are available at:
http://www.ripe.net/db/dbupdate/
A public source code release was made that includes
these changes:
http://www.ripe.net/ripe/mail-archives/db-wg/2003/msg00570.html
Improved Security Mechanisms for Hierarchical Data
Changes
As part of an ongoing effort to improve the security
of information in the database, the protection scheme for some hierarchical
data was changed. This involved updating a number of records
for IPv4 allocations to LIRs. Details about the change are
available at:
http://www.ripe.net/ripe/mail-archives/db-wg/2003/msg00729.html
Maintainers of records now receive notification when
a new more-specific record is created, as proposed at:
http://www.ripe.net/ripe/mail-archives/db-wg/2003/msg00479.html
Maintainers can now authorise the deletion of any
object that they can authorise the creation of. This is intended
to help the case where an LIR or other user loses control over a
portion of the resources they maintain. More details are available
at:
http://www.ripe.net/ripe/mail-archives/db-wg/2003/msg00481.html
RPSLng
RPSLng is an effort to extend RPSL language, enabling
the language to document routing policies for the IPv6 and multicast
address families currently used in the Internet. RPSLng is an Internet
draft being revised following the IETF process. The RIPE NCC has
implemented the language in the whois server, as well as updating
the IRRToolSet to support RPSLng:
http://www.ripe.net/db/rpslng/
User Support
High quality support for database users is an important
activity of the RIPE NCC. Part of this activity is the database e-mail
help desk:
<ripe-dbm@ripe.net>.
Spam filtering was added to the mailbox to increase
the amount of time available for handling user tickets. In addition,
a dedicated fax line was added to eliminate delays in having faxes
passed from the general RIPE NCC fax line. About 20% of this function
is performed by Registration Services staff, thus improving the understanding
of registration-related database issues.
|
 |
5.4 DNS
Services
Reverse Delegation
As part of member services, the RIPE NCC provides
reverse domain delegations for the allocated IPv4 and IPv6 address
space. This remains the primary DNS activity carried out by the RIPE
NCC.
A review of the RIPE NCC reverse DNS service provisioning
system resulted in a project to revise parts of the back-end systems
and to provide LIRs with a way to maintain their reverse domains
in line with other interfaces they use to interact with the RIPE
NCC. For the original proposal of this project see:
http://www.ripe.net/reverse/proposal.html
Discussion on this proposal has taken place on the
RIPE NCC Services mailing list and was summarised in:
http://www.ripe.net/ripe/mail-archives/ncc-services-wg/2003/msg00361.html
As well as setting up the reverse DNS zones, the
RIPE NCC also monitors the quality of the reverse name servers that
it delegates and publishes statistical reports.
More information about reverse delegation is available
at:
http://www.ripe.net/reverse/
Secondary DNS
The provision of secondary DNS services forms an
important part of the service to ensure the reliability and robustness
of the general DNS infrastructure.
At the end of 2003, the RIPE NCC was providing a
stable secondary DNS name service to around 210 country code Top-Level
Domains (ccTLD) related zones and several other second-level zones.
The RIPE NCC provides the secondary DNS service to any ccTLD organisation
that requests it, according to the policy. The RIPE NCC offers this
service free of charge.
In 2002, the RIPE NCC agreed to host ns.eu.net on
a temporary basis due to the bankruptcy of KPNQwest, the company
that was operating this much relied on service. After a year and
a half of maintaining the machine, the RIPE NCC phased out the temporary
service in November 2003.
K-Root
The RIPE NCC operates k.root-servers.net, one of
the 13 root name servers in the world. These root name servers are
a crucial part of the Internet DNS infrastructure.
In February 2003 K-root started to use NSD as its
DNS server software in an effort to address growing concerns about
the lack of diversity of DNS implementations used by important DNS
servers.
During 2003 the RIPE NCC started to deploy additional
instances of K-root by anycasting as first described in ripe-268.
The main objective of this effort is to increase the resistance of
the service against Denial of Service (DoS) attacks. In addition
it improves the local service quality during normal operations.
A detailed plan along with a call for expressions
of interest to host a mirror instance of K-root was presented in
September 2003.
The first additional node of K-root was enabled at
the Amsterdam Internet Exchange (AMS-IX) in August 2003. The RIPE
NCC applied a common standard set-up for both the LINX and AMS-IX
instances. The RIPE NCC will continue to expand the K-Root anycast
service in 2004. More information can be found at:
http://k.root-servers.org
Hostcount
Every month since the beginning of 1992, the RIPE
region Hostcount is performed to indicate the growth in the service
region. At the end of 2003, the amount of hosts registered in the
RIPE NCC service region was almost 21,100,000. This represents an
increase of approximately 4,420,000 (26.5%) in 2003. More information
about the RIPE region Hostcount is available at:
http://www.ripe.net/hostcount/
|
|
5.5 Test
Traffic Measurements
The Test Traffic Measurements Service (TTM) is designed
to reliably and impartially measure end-to-end performance characteristics
of the inter-provider Internet. This is achieved by installing test-boxes
at participating sites. These test-boxes send measurement traffic
to each other. From this traffic, packet-losses, delays and other
parameters are determined according to the metrics developed by the
IETF IP Performance Working Group (IPPM-WG).
During 2003, a total of 24 test-boxes were sold.
Three factors appear to have contributed to the number of text-boxes
sold: the release of the IPv6 version (see below), the release of
the beta version of the DNS Monitoring site (see 5.8), and the plan
to lower the TTM service fees in 2004.
There has been a continuous improvement of the TTM
service during the year. As the number of native IPv6 networks continues
to grow, so does the interest in performance measurements for IPv6.
The TTM code was therefore extended to support IPv6, making TTM the
first product on the market to offer an active measurement suite
for IPv6. This version of the software was released early 2003 and
installed at all interested sites. At the end of the year, 21 test-boxes
were doing measurements on both IPv4 and IPv6 networks.
During the year, the RIPE NCC studied the possibility
of routinely measuring capacity and available bandwidth between test-boxes
using non-intrusive tools. While considerable progress was made,
the conclusion was that none of the tools currently available were
suitable for production measurements. These conclusions were presented
in a paper and at the December 2003 IRTF-sponsored workshop on Bandwidth
Estimation at CAIDA, along with suggestions to the developers on
tools to improve production measurements. These studies will continue
in 2004.
Early in 2003, the Internet was attacked by the so-called
Sapphire/Slammer Worm. The spread of this worm showed up clearly
in the TTM data. Delays along some 40% of the paths increased almost
immediately after the spread of the worm started, dropping back to
normal as soon as filters were installed at many sites a few hours
later. A report on this incident was published a week after the event
and received very positive feedback.
During 2003, the RIPE NCC collaborated with several
university and corporate research groups on the analysis of the TTM
data. Other research projects were carried out independently of the
RIPE NCC using data collected by the TTM. An overview of published
papers can be found at:
http://www.ripe.net/ttm/Documents/Various/various.html
It has become clear that making the raw data available
is a useful service for research purposes and for the ISP community.
During 2003 the business model of the TTM service
was evaluated. As a result, in 2004 the TTM service will become part
of the RIPE NCC Information Services effort. The first change will
be to make the data available to a wider audience, including the
ISP community, researchers, vendors, journalists and the general
public. Access restrictions to the data will be dropped and the presentation
of the data will be reviewed. As a consequence, the annual service
fee will be reduced effective from 1/1/2004. New measurements such
as bandwidth, IPv6 specific parameters and DNS Monitoring (DNSMon)
will be added.
More information about the RIPE NCC Test Traffic
Measurement Service can be found at:
http://www.ripe.net/ttm
|
|
5.6 Routing
Information Service The Routing Information Service (RIS) collects inter-provider
routing information at various points in the Internet infrastructure
in near real-time.The information is time-stamped and stored in a
database. 
In 2003, the RIPE NCC focused on installing more
Remote Route Collectors (RRCs), developing the myASn service and
other products, turning the RIS into a regular and reliable service
for those researching BGP and routing issues. Remote Route Collectors are being used to collect
data for the RIS. In 2003, two new collectors were installed, at
the TIX (Zurich, CH) and MIX (Milan, IT), bringing the total number
of RRCs to 11. Negotiations to install an RRC in New York and the
Middle East are in progress. These new RRCs will improve the coverage
of the Internet offered by the RIS. The software on all RRCs was
upgraded to include support for IPv6 as well. IPv6 has been switched
on at four locations, with more to follow in 2004. The number of peering sessions increased from 214
in 2002, to 333 in 2003. This includes 32 IPv6 peering sessions.
During the same period, usage of the RIS web site increased by about
60%, from approximately 10,000 visitors/month downloading 200,000
pages, to 16,000 visitors/month downloading 360,000 pages. The main new product based on the RIS data developed
during the year was the myASn service. Currently, an RIS user has
to enter queries to the database manually and compare the result
against the expected output from his configuration. myASn automates
this task: the user enters his routing configuration only once, and
myASn constantly compares this against the actual situation seen
on the net, warning the user about any differences. A prototype of
the myASn application was shown at RIPE 46. The prototype will be
developed into a full product and integrated with the LIR Portal
in 2004. For more on myASn, see: http://www.ris.ripe.net/myasn During 2003, the RIPE NCC developed a tool to map
IP addresses to AS Numbers. Studies have shown that tools mapping
IP addresses to AS Numbers based on the Routing Registries are only
correct in some 80% of cases. Using the actual RIB files, one
can improve this to 99%. The tool (riswhois.ripe.net) is available
as a whois server and a drop-in replacement for IRR-based tools. The RIPE NCC also collaborated with several university
and corporate research groups on the analysis of the RIS data. Other
research projects were carried out independently of the RIPE NCC
using the raw BGP data collected by the RIS. An overview of published
papers can be found at: http://www.ripe.net/ris/analysis.html More information about the RIS can be found at: http://www.ripe.net/ris
|
|
5.7 Deployment
of Internet Security Infrastructure The Deployment of Internet Security Infrastructure
project (DISI) continued to focus on the security of the Domain Name
System and the deployment of Domain Name System Security (DNSSec). During 2003, the focus was on protocol development
and operational issues of DNSSec. The work that started in 2002 on
a specification to distinguish between key-signing keys and zone-signing
keys was finished and has been published as IETF document "DNSKEY
RR Secure Entry Point Flag" For the latest version see: http://www.ietf.org/html.charters/dnsext-charter.html In collaboration with NLnet Labs, documenting the
operational issues specific to DNSSec has begun. This work has become
IETF DNSOP draft document "DNSSEC Operational Pratices". For the
latest version see: http://www.ietf.org/html.charters/dnsop-charter.html The RIPE NCC has been actively involved in participating
and organising technical workshops to test proposed DNSSec protocol
changes. The RIPE NCC continued to work on tools to ease DNSSec
operations; the Net::DNS::SEC Perl library is available from CPAN;
a key-management system has been developed and tested internally. The RIPE NCC continued to offer the DNSSec Training
Course. This course is aimed at experienced DNS operators and explains
how to implement DNSSec in an operational environment. More information and documentation produced as part
of the DISI effort can be found at: http://www.ripe.net/disi/
5.8 DNS
Monitoring
The DNS Monitoring project was triggered by various
publications claiming that all root name servers had become unreachable
during one of the worm incidents in early 2003. Detailed reading
showed that these studies suffered from two major flaws:
- Measurements originated from one site only
- ICMP instead of DNS traffic was used
This means that rate-limiting filters or problems
near the measurement location can give misleading impressions on
the availability of the root name servers. To provide a meaningful
and comprehensive view, an alternative monitoring tool was needed.
During 2003, the RIPE NCC developed a beta version
of a DNS monitoring tool. DNS Monitoring uses TTM test-boxes to
provide an objective and up-to-date service overview of DNS root
and participating Top-Level Domain (TLD) name servers. The measurements
are presented at various levels of granularity showing the reachability
of root servers and allowing users to distinguish between server-side
and client-side problems. The DNS Monitoring site is available
at:
http://dnsmon.ripe.net
5.9 ENUM
The RIPE NCC acts as a Tier 0 registry for the
e164.arpa domain on behalf of the Internet Architecture Board (IAB).
ENUM is the Internet Engineering Task Force (IETF)
standard as described in RFC 2916 to map telephone numbers according
to the International Telecommunication Union (ITU) standard E.164
into the DNS. The purpose is to foster the convergence between
the Internet and the telephony world by enabling each system to
address the other.
The RFC 2916 document and the E.164 standard can
be found at:
ftp://ftp.rfc-editor.org/in-notes/rfc2916.txt
http://www.itu.int/rec/recommendation.asp?type=folders&lang=e&parent=T-REC-E.164
The RIPE NCC's duties, according to the IAB instruction,
are to provide DNS name service for the e164.arpa domain. The instructions
can be found at:
http://www.ripe.net/enum/instructions.html
The RIPE NCC also delegates E.164 country codes
to requesting entities (i.e. the Tier 1 registries) after approval
by ITU Telecommunication Standardization Sector - Telecommunication
Standardization Bureau (ITU-T TSB). The e164.arpa domain is the
root of the ENUM namespace in the global DNS. ITU-T TSB handles
delegation requests following the ITU-T - Study Group 2 (ITU-T
SG2) Interim Procedures. More information can be found at:
http://www.itu.int/ITU-T/inr/enum/procedures.html
In 2003, the RIPE NCC processed 13 requests for
delegation of 11 E.164 country codes. There are now 23 delegations
under the e164.arpa domain: 21 country codes and two non-geographical
codes.
More details can be found at:
http://www.ripe.net/enum/
|
|
6.0 RIPE
RIPE (Réseaux IP Européens) is a collaborative forum
open to all parties interested in wide area IP networks. The objective
of RIPE is to ensure the administrative and technical co-ordination
necessary to enable the operation of the Internet. There are no membership
requirements for participation in RIPE; activities are performed
on a voluntary basis and decisions are formed by consensus.
The work of the RIPE community is carried out within
a variety of working groups. Each of these RIPE Working Groups has
one or more mailing lists where relevant topics are discussed. The
RIPE community is the most important source of public input for the
RIPE NCC and also plays a significant role in the development of
the annual RIPE NCC Activity Plan.
Policies regarding IP administration are created
within RIPE, in particular the Address Policy Working Group. The
RIPE NCC itself does not set policies but ensures the consistent
application of policies within its service region.
More information about RIPE Working Groups is available
at:
http://www.ripe.net/ripe/wg/
RIPE Meeting Support
Although two distinct entities, RIPE and the RIPE
NCC are interdependent in their operations.
The RIPE NCC is committed to supporting the bottom-up,
industry self-regulatory structure developed by the RIPE community.
As an integral part of this structure the RIPE NCC provides administrative
support for RIPE and facilitates the organisation of RIPE Meetings.
RIPE Meetings
RIPE Meetings currently take place three times a
year. The RIPE Working Groups gather to openly discuss the current
challenges and to develop solutions at each of these meetings. The
main purpose of these open meetings is to discuss technical and policy
issues affecting Internet administration and operations specific
to IP networking. Network operators also meet at RIPE Meetings to
discuss technical co-ordination matters.
To increase the awareness and involvement of the
RIPE NCC membership and the RIPE community in RIPE Meetings, there
has been an increase in the support provided for those that cannot
attend. This included enhancements to the webcasting of selected
sessions that allow RIPE NCC members and the Internet community not
at the meeting to follow important discussions.
As decided by the RIPE community, the LIR Working
Group was split into two working groups. Issues involved with address
policy-making in the RIPE region are now discussed in the Address
Policy Working Group. Discussions about RIPE NCC activities and services
take place in the RIPE NCC Services Working Group.
More information about RIPE Meetings can be found
at:
http://www.ripe.net/ripe/meetings/
|
Rob Blokzijl
RIPE Chair
|
7.0 RIPE NCC in the Internet
Industry
In 2003, the RIPE NCC continued to support and
represent the interests of its membership and the RIPE community
to Internet industry groups and government. The main goal of these
outreach activities remains the promotion of the open, bottom-up,
industry self-regulatory structure common to all RIR communities
in managing Internet address resources.
The RIPE NCC represents the interest of its members
and the RIPE community by actively participating in various forums
and meetings. In 2003, the RIPE NCC responded to topical issues
brought forward by the industry that included the migration to
IPv6, the introduction of ENUM services, and the World Summit on
Information Society (WSIS).
An essential part of these activities remained
outreach to government representatives and members of the European
Parliament. Governments have an important role in public policy
formation of Internet infrastructure and it is vital that all RIR
communities ensure that government representatives are provided
with up-to-date, credible information. Policy makers - both in
the public and private sectors - need a sound understanding of
how the Internet has developed and what has made this development
so successful. Clear understanding of the unique way in which the
Internet's technologies and resources are developed and co-ordinated
will ensure the future stability, growth and global reach of the
Internet.
In 2003, the RIPE NCC has been active in meetings
of the European Internet Foundation, EC Forums and WSIS. The purpose
here is to represent the interests of RIPE NCC members and the
RIR community as a whole and to allow members of the European Parliment
and other European Commission representatives to fully understand
the bottom-up, industry self-regulatory structure and long-standing
processes that have secured the Internet infrastructure over the
years.
In addition, the RIPE NCC has been proactively
addressing articles in the press that have made speculative predictions
about Internet address space. The importance here is to emphasise
that the RIRs have authoritative, publicly available statistics
that give a much more accurate picture of the current state of
Internet resources. Responding to poorly informed rumours and allaying
fear, uncertainty and doubt has been an important aspect of the
RIPE NCC's external activities in 2003. In addition, the RIPE NCC
has continued to keep its members up-to-date with the most recent
developments through the Member Update, published four weeks before
each RIPE Meeting.
More information about the Member Update is available
at:
http://www.ripe.net/newsletter/
As a result of the Membership Survey in 2002 and
other feedback from the membership, it became apparent that the
RIPE NCC was expected to provide a more local presence and offer
more targeted support in various pockets of the RIPE NCC service
region.
Regional meetings are a chance to establish direct
contact and enhance the support the RIPE NCC provides its members
at a local level. These meetings provide a forum for discussing
IP networking issues relevant to a specific region.
The RIPE NCC continued to offer support for the
emerging RIR, AfriNIC. During 2003, RIPE NCC representatives attended
the AfriNIC start-up discussions in Johannesburg, South Africa.
Two AfriNIC staff members spent six months at the RIPE NCC offices
in Amsterdam to learn about the activities of the various departments
and to gain experience in an established RIR.
The RIPE NCC, in conjunction with the other RIRs,
has continued discussions with ICANN on the ICANN evolution process
and interaction between ICANN and the RIRs.
The Number Resource Organization (NRO) was created
in October 2003 by the signing of a Memorandum of Understanding
(MoU) between the four RIRs. The NRO will help to foster the common
approach needed for many aspects of RIR work including the creation
of global addressing policies, the administration of upper level
reverse DNS domains and negotiations with external entities. The
NRO serves to further facilitate RIR co-ordination, to provide
third parties with a convenient single point of contact for the
RIR system and to act as a body capable of safeguarding the unallocated
number resource pool.
ASO Address Council (AC) elections were held at
the RIPE 46 Meeting in Amsterdam, the Netherlands. The three AC
members from the RIPE NCC service region in 2003 were:
- Sabine Jaume-Rajaonia (RENATER, France)
- Hans Petter Holen (Tiscali AS, Norway)
- Wilfried Woeber (Vienna University, Austria)
The RIPE NCC continued to develop close working
relations with traditional partners in the industry and secure
new relations with organisations driving new technologies. A main
goal of these efforts has been to promote the industry self-regulatory
structures that have been developed over many years by the RIPE
community and the RIPE NCC membership.
This approach has also proven essential in embracing
non-traditional players and facilitating industry convergence.
The long-standing processes that exist in the RIPE region proved
to be flexible and open enough to incorporate new developments
in 2003 and to secure continued support of the decentralised, open,
bottom-up industry self-regulatory structure common to all RIR
communities in managing Internet address resources.
|
|
Notes to the RIPE NCC Statement of Income and
Expenditure 2003
General
All amounts are expressed in kEUR. Foreign currencies
are converted at the daily exchange rate at the date of transaction
or valuation.
Historic costs have been used throughout unless
otherwise stated.
The year 2003 resulted in a surplus of 3,077 kEUR.
This surplus was a result of the increase in income in 2003 and
the control of expenses. This surplus has completely replenished
the deficit of 2002. Moreover it adds to the RIPE NCC reserves
and pushes the reserves to the highest level in the history of
the RIPE NCC. These reserves guarantee the financial stability
and the continuity of RIPE NCC operations.
Revenues
Revenues rose by more than 60% due to increased
fees and a higher than expected new membership growth. Both of
these factors had a similar effect on the revenues of about 2,400
kEUR each. The total number of members increased to a level of
3,488 (as compared to 3,269 in 2002). The total new members applying
for membership was 548 in 2003. Due to non-paying members, closed
members and "never" starters the net growth for 2003
was 219 members which represents a 6% net increase from 2002. In
2003, 220 kEUR of the sign-up fee has been accounted for in the
revenue while in previous years the sign-up fee was accounted in
the revenue for the future year. A growth in RIPE Meeting attendees
led to an increased income for RIPE Meetings. Other income contains
TTM membership fees and delayed payments for previous years of
written off accounts.
Expenditures
Total expenditure in 2003 was 3% less than total
expenditure in 2002. The main reason for the decrease in expenditure
was a decrease in purchases, and the resulting decrease in operating
expenses and depreciation costs of fixed assets. Personnel expenses
were below budget and just 2% above 2002. This is due to a reduction
in staff during the year 2003. In January 2003 the RIPE NCC held
around 100 FTEs while, by the end of the year, this number decreased
to 93 FTEs. The total number of FTEs in 2003 was 97.4 FTEs versus
99.0 FTEs in 2002. In 2003 expenses for LIR courses were 228 kEUR
and expenses for RIPE Meetings were 509 kEUR.
Miscellaneous expenses consist of bad debts and
Personnel Fund expenses. Bad debts were up from 2002 as we had
approximately 250 non-paying members with higher average fees.
No deposit to the Personnel Fund had to be made as the staff level
for the Personnel Fund expenses was on the same level as 2002.
Financial expenses were down as a result of lower bank charges,
due to the fact that, within the EU, the internal transfer fees
have decreased since mid-2003. The interest income remained on
the same level as the interest rate declined slightly but the funds
set out were higher than 2002.
Notes to the RIPE NCC Balance Sheet as per 31
December 2003
General information
All amounts are expressed in kEUR. Foreign currencies
are converted at the daily exchange rate at the date of transaction
or valuation. Historic costs have been used throughout unless otherwise
stated.
Assets
are valued at historical costs and are depreciated on a straight-line
basis, starting in the month after acquisition. Computers, including
activated software, are written off in two years. Infrastructure
is written off in three years
and office
furniture and equipment in five years. All items under EUR 1,000
are expensed.
Current
Assets
Accounts
receivable decreased in comparison with 31 December 2002 due
to the fact that the payment behaviour of the LIR membership
has improved. Therefore on 31 December 2003 approximately 70%
of payments had already been collected versus approximately 60%
on 31 December 2002. Another declining factor was the decrease
in membership fees for 2004. In 2003 suspense accounts are stated
under accounts receivable while in 2002 suspense accounts were
stated under miscellaneous payable. As a result, the balance
total for 2002 has been decreased by 35 kEUR. Suspense accounts
are payments received from debtors of which the origin of the
payment is not yet clear. In 2003 miscellaneous debtors are stated
under accounts receivable therefore the miscellaneous receivables
and accounts receivable figures for 2002 have been amended by
69 kEUR.
Capital
Until
1998, surpluses were accumulated in the RIPE NCC reserves. In
1998, the RIPE NCC agreed with the Dutch tax authorities on a
tax ruling that allows surpluses to be put into a Clearing House.
All yearly surpluses since 1998 have been allocated to the Clearing
House. Currently the RIPE NCC is in discussion with the Dutch
tax authorities to review the current procedure to administer
the loss incurred in 2002 and to simplify the Clearing House
administration in general.
Current
Liabilities
Unearned
Revenues
The
unearned revenues consist of invoices sent in the financial reporting
year but pertaining to the following accounting year. The decrease
in LIR membership fees for the year 2004 has resulted in a moderate
decrease of the unearned revenue balance.
Due
to the decrease in the number of staff in 2003 the RIPE NCC has
a claim outstanding with the Dutch social security office.
As
a result of the positive development of the exchange rate between
the Euro and the US Dollar, the total accrued for ICANN decreased
on 31 December 2003 versus 2002. The accrued holiday allowance
decreased as a result of the decrease in the number of staff.
Items
Not Shown in Balance Sheet
The
RIPE NCC rents office space in two buildings and has four separate
rental agreements for these. Four bank guarantees have been issued
for an amount of 135 kEUR to cover the rent of the office space
in Amsterdam.
Prepayments
include rent, equipment, pension, health and deposits for RIPE
Meeting venues. Other receivables consist of interest receivable,
fees to be received, payments in transit and long-term receivables.
|
|
Auditor's Report
To the General Meeting and Executive Board of the RIPE NCC Association
Singel
258
1016 AB Amsterdam
Introduction
We have audited the financial statements of Réseaux
IP Européens Network Coordination Centre (RIPE NCC), Amsterdam,
for the year 2003.
These financial statements are the responsibility
of the management of the association. Our responsibility is to
express an opinion on these financial statements based on our audit.
Scope
We conducted our audit in accordance with auditing
standards generally accepted in the Netherlands. Those standards
require that we plan and perform the audit to obtain reasonable
assurance about whether the financial statements are free of material
misstatement. An audit includes examining, on a test basis, evidence
supporting the amounts and disclosures in the financial statements.
An audit also includes assessing the accounting principles used
and significant estimates made by management, as well as evaluating
the overall presentation of the financial statements. We believe
that our audit provides a reasonable basis for our opinion.
Opinion
In our opinion, the financial statements give a
true and fair view of the financial position of the association
as at 31 December 2003 and of the result for the year then ended
in accordance with accounting principles accepted in the Netherlands.
Amsterdam, 16 March 2004
M.H.P. van Winsen
Registeraccountant
|
|
|
RIPE Network Coordination Centre
P.O. Box 10096
1001
EB Amsterdam
The Netherlands
Phone: +31 20 535 4444
Fax: +31 20 535 4445 © RIPE
NCC
All rights reserved.
Cover Design: De Case
Layout: The RIPE NCC
Photography: Chris van Houts
|
|
|
|
|
| |
|
