- ripe-db-requirements-tf - mailman.ripe.net

Notes from 26 May 2020 Meeting
by Boris Duval 05 Jun '20

05 Jun '20

Dear all, Here's the meeting notes from our last call. Best, Boris *RIPE Requirements Database Task Force Meeting Notes* 26 May 2020 Attendees: Nick Hilliard, James Kennedy, Peter Koch, Bijal Sanghani, Edward Shryane, Maria Stafyla, Boris Duval DBTF BoF 1. Review RIPE meeting presentations BoF -- General Feedback The DBTF was pleased with the feedback received during the BoF and will take it into consideration for its work. The DBTF also mentioned that they might organise a new session at a later stage to help build consensus around the final document. -- IPAM The DBTF received new information regarding IPAM usage during the BoF as several options were considered to tackle this issue. The DBTF will need to explore each of these options before coming up with guidelines regarding this topic. Maria proposed to prepare an overview of the assignment/allocation registration requirements to be made in the RIPE Database to help the DBTF take a decision. -- Geolocation The DBTF discussed what to do with geolocation and looked specifically at the “geoloc:” attribute that was created in 2011. James mentioned that he could contact Maxmind as they might use this attribute operationally. -- IRT objects The DBTF would like to know more about how CERTs are using IRT objects and if they plan to use a different source of data in the future. Boris proposed to contact Mirjam Kühne from the RIPE NCC as she is in contact with CERTs. Bijal added that she will also ask Sara as she knows some of the CERTs. -- Minutes The DBTF agreed with the current minutes draft and proposed to add more information regarding the number of BoF and polls participants. Community Plenary Bijal shared that her presentation went well but regretted to have not received a lot of feedback from the community. She mentioned that it might have been due to the fact that the session was scheduled towards the end of the RIPE meeting and that the meeting was taking place online. Routing WG Nick gave his presentation about RPSL at the Routing WG during RIPE 80 and will follow up on the Routing WG mailing list to ask the community their thoughts on RPSL. 2. Survey analysis and user-requirements matrix James analysed the results from the DBTF survey and elaborated a user-requirement matrix based on the results that would help guide the DBTF work and better define challenges. Bijal thanked James for his work and agreed that it was a useful exercise to map out users and their needs. Peter mentioned that we should also not forget to keep the RIR function in mind when writing requirements. Boris added that some of the information needed to fill-in the matrix could be find in the RIPE NCC Survey 2019. James proposed that everybody in the Task Force look at the survey as it contains relevant information regarding users’ needs and views on the RIPE Database. Bijal mentioned that it would be interesting to look at older RIPE NCC Surveys to see how the membership evolved. Boris agreed to look into it. 3. Next steps The DBTF Chairs agreed to have a separate meeting to write up a roadmap that will allow the Task Force to structure the remaining work on the requirements document. The DBFT agreed to make James co-Chair to help speed things up as he is willing to invest more time and energy into the Task Force. 4. Confirm actions and next meeting. James will contact Maxmind and ask them about their usage of the RIPE Database’s geolocation data. Maria will look into RIPE policies and prepare an overview of the assignment/allocation registration requirements to be made in the RIPE Database. Boris will update the minutes according to the DBTF’s feedback and publish them on ripe.net with the recording. Boris will contact Mirjam and Bijal will contact Sara about CERTs. Nick will follow-up with the Routing WG on RPSL. Boris will explore the RIPE NCC Survey 2019 data and highlight what’s useful to the DBTF as well as looking into older surveys. The DBTF will take a look at the RIPE NCC Survey 2019. The DBTF Chairs (Bijal, Shane and James) will come up with a roadmap to advance the Task Force’s work. The next meeting will take place at the beginning of June.

1 0

Notes from 5 May 2020 Meeting
by Boris Duval 12 May '20

12 May '20

Hi all, Here's the meeting notes from our last call. Best, Boris *RIPE Requirements Database Task Force Meeting Notes* 5 May 2020 Attendees: Nick Hilliard, Shane Kerr, James Kennedy, Peter Koch, Bijal Sanghani, Maria Stafyla, Boris Duval Agenda: 1. Run through action points 2. BoF Planning Bijal prepared a presentation for the BoF, the rest of the Task Force provided feedback on the presentation and approved it. The DBTF worked on the different polls that will be displayed during the BoF about IPAM, RPSL, Geolocation and IRT and fine-tuned the questions. The DBTF agreed on publishing the recording and minutes of the BoF on ripe.net <http://ripe.net/> for community members that are unable to attend the session. 3. Review draft document text The DBTF discussed whether or not to send the current draft text about the RIPE Database purpose and its usage to the community before the BoF. After weighing the different pros and cons, the DBTF agreed to send the rough draft as plain text to the relevant mailing lists as it will allow BoF participants to provide feedback. 4. Next call The next DBTF call will take place shortly after RIPE 80.

1 0

RIPE Database Requirements Task Force BoF
by Bijal Sanghani 06 May '20

06 May '20

Dear colleagues, The RIPE Database Requirements Task Force (DBTF) will organise its BoF on Wednesday, 6 May from 14h00-15h00 CEST via Zoom. During this BoF, the DBTF will present its latest work and invite participants to discuss what functionality the RIPE Database should provide in the future. The presentation will include quick polls and will be followed by a moderated Q&A. You can register for the BoF at (no Zoom account required): https://ripe.zoom.us/meeting/register/tJMkd-yhrz4uHNDuOIBm8hGvcj8DSDK1Ybog <https://ripe.zoom.us/meeting/register/tJMkd-yhrz4uHNDuOIBm8hGvcj8DSDK1Ybog> We look forward to discussing the future of the RIPE Database with you! Kind regards, Bijal Sanghani on behalf of the DBTF

2 1

Notes from 28 April 2020 Meeting
by Boris Duval 04 May '20

04 May '20

Dear all, Here's the meeting notes from our last call. Best, Boris *RIPE Requirements Database Task Force Meeting Notes* 28 April 2020 Attendees: Nick Hilliard, Shane Kerr, James Kennedy, Peter Koch, Bijal Sanghani, Edward Shryane, Maria Stafyla, Boris Duval Agenda: 1. Run through action points 2. Review draft document text Everybody to finalise the draft this week. Boris to review the draft and check it for consistency. The DBTF aims to publish the document before the BoF. 3. BoF Planning The DBTF agreed on coming up with a list of topics to discuss with the community at the BoF and start working on building up short polls. IPAM was mentioned as a discussion topic as the DBTF survey highlighted that an unusual high number of people was using the RIPE Database for their own IP management. Another topic mentioned was the historical purpose of the RIPE Database and how it aligns with the current needs of the community. Bijal will announce the BoF on the relevant community mailing lists and Boris will promote it on RIPE NCC social media channels. 4. Next call The next DBTF call will take place on Tuesday, 5 May.

1 0

More Specific Resources per LIR organisation
by Edward Shryane 28 Apr '20

28 Apr '20

Dear all, The DB team counted more-specific resources under IPv4 and IPv6 allocations registered in the RIPE database for all LIR organisations. We found that some LIRs have registered significantly more resources than others. Of 14,164 LIR organisations with more specific resources, 13,956 organisations have registered less than 1,000 of them. I've attached a count of more-specific resources (by LIR, using an anonymised label) for the remaining 206 LIRs. Let me know if you need any more information. Regards Ed

1 0

Notes from 17 April 2020 Meeting
by Boris Duval 24 Apr '20

24 Apr '20

Dear all, Here's the meeting notes from our last call. Best, Boris *RIPE Requirements Database Task Force Meeting Notes* 17 April 2020 Attendees: Nick Hilliard, Shane Kerr, James Kennedy, Peter Koch, Sara Marcolla, Bijal Sanghani, Edward Shryane, Boris Duval Agenda: 1. Review action points Ed sent IRT statistics and the DBTF will now analyse them. Boris looked into interactivity options to use during the BoF and proposed to use Zoom polls. The DBTF agreed. 2. Preparation for remote RIPE meeting The DBTF decided not to present at the DB-WG during RIPE 80 as they will give an update during the Community Plenary. - BoF The DBTF decided to host their BoF on Wednesday, 6 May via Zoom. They will ask the PC if they agree to have the BoF outside of the RIPE 80 schedule. The DBTF discussed which topics will be the most interesting to raise with the community at the BoF and mentioned IPAM, accuracy and personal information. The DBTF also agreed to try to publish a first draft of the requirements document before the BoF, so that they can have time to discuss it with the community . 3. Next steps and actions Each member of the DBTF will finalise its work on the first draft of the requirements document by next call. Bijal and Boris will contact the PC to organise the BoF in the week before RIPE 80. 4. AOB There was no further business. 5. Next call The next DBTF call will take place on Tuesday, 28 April.

1 0

Notes from 6 April 2020 Meeting
by Boris Duval 15 Apr '20

15 Apr '20

Dear all, Here's the meeting notes from our last call. Best, Boris *RIPE Requirements Database Task Force Meeting Notes* 6 April 2020 Attendees: Nick Hilliard, Shane Kerr, James Kennedy, Peter Koch, Bijal Sanghani, Edward Shryane, Maria Stafyla, Boris Duval Agenda: 1. Review action points Shane drafted a text breaking down the meaning of geolocation in the RIPE Database and is waiting for feedback from the DBTF. Boris sent a new version of the open-ended survey results including a cross-analysis. 2. Preparation for remote RIPE meeting - Community Plenary The DBTF will prepare an update for the Community Plenary. - BoF BoFs are going ahead at the virtual RIPE Meeting and the DBTF will have a time slot. The DBTF needs to investigate how to best collect feedback before and during the BoF as everything will be online. The DBTF discussed asking for feedback to the community before the BoF to save time. 3. Next steps and actions Nick will contact the Routing WG chairs about RPSL. Shane will send an email to the ripe-list to discuss IPAM usage within the community related to the recent DBTF survey results. Ed will explore more statistics on how IRT objects are used. Bijal will draft slides for the Community Plenary and schedule calls for next meetings to discuss next steps and how to prepare for RIPE 80. Boris will look into which tools/platforms can be used to foster engagement before and during the BoF. Each member of the DBTF will continue its work on a different RIPE Database purpose/requirement. 4. AOB - Denis Walker questions to the DBTF The DBTF acknowledged Denis’ questions sent via the DB-WG mailing list and will reply to him as soon as possible. - COVID19 and upcoming meetings As COVID-19 disrupted everybody’s schedule, the DBTF agreed to have more frequent calls in the coming weeks to better prepare for RIPE 80 and advance its work. 5. Next call The next DBTF call will take place in two weeks.

1 0

IRT Query Statistics
by Edward Shryane 08 Apr '20

08 Apr '20

Hi all, Here are some statistics on IRT queries for January. How much usage do these IRT objects get? Some background reading on IRT objects: https://www.ripe.net/manage-ips-and-asns/db/irt https://www.ripe.net/manage-ips-and-asns/db/support/documentation/ripe-data… The IRT object is meant to be used by Incident Response Teams directly, and "abuse-c:" is meant for general abuse complaints. IRT objects are *not* returned by default in Whois queries. Users must either specify the -c / --irt flag on an IP lookup, or specify the IRT-* primary key. There are about 400 IRT objects in the Whois database. To reference an IRT object from an IP range, you must add an "mnt-irt" attribute (and authenticate with the IRT object). I found 12,694 references to IRT objects from inetnums, and 901 references from inet6nums. A total of 174 distinct IRT objects are referenced (leaving 226 unreferenced). Out of 2 billion Whois queries in January, I found 204,318 queries with the irt flag (or ~7k/day), and 546 queries (or about 18/day) for an IRT object using the primary key. Let me know if you have any questions or would like more details. Regards Ed Shryane RIPE NCC

1 1

Domain Query Statistics
by Edward Shryane 04 Mar '20

04 Mar '20

Hi all, Here are some statistics on domain queries from the month of January. How much usage does the reverse delegation (domain) database get? Some background reading on reverse delegation: https://www.ripe.net/manage-ips-and-asns/dns/reverse-dns https://www.ripe.net/manage-ips-and-asns/db/support/documentation/ripe-data… Domain objects are not returned by default in IP lookups. Users must either use the -d / --reverse-domain flag on an IP lookup, or specify the .in-addr.arpa / ip6.arpa / e164.arpa primary key. Out of 2 billion whois queries in January, I found 422,061 queries with the reverse domain flag (or ~14k/day). I found 758,583 queries for domain objects by primary key (or ~24k/day). Let me know if you have any questions or would like more details. Regards Ed Shryane RIPE NCC

2 2

Notes from 18 February 2020 Meeting
by Boris Duval 02 Mar '20

02 Mar '20

Dear all, Here's the meeting notes from our last face-to-face meeting. Best, Boris +++ *RIPE Requirements Database Task Force Meeting Notes* 18 February 2020 Attendees: Peter Koch, Shane Kerr, Nick Hilliard, Bijal Sanghani, Sara Marcolla, James Kennedy, Maria Stafyla, Edward Shryane, Boris Duval 1. Opening / Welcome 2. Review action points from past meeting 3. Review Survey results -- Question 3 - "What do you use the RIPE Database for?” --- IPAM Bijal pointed out that a high number of respondents are using the RIPE Database for IPAM. She asked the DBTF if they should consider IPAM as a requirement. Sara asked why not regulating IPAM usage, as it seems to be widespread used and tolerated. Peter mentioned that it is important to be aware of the difference between how the RIPE Database is used and what it was built for. James added that if IPAM was to be considered as a requirement, it should be separated from the public database. Nick said that this will not be feasible to have IPAM as a requirement but that best practices could be useful. Shane proposed to send an email to the ripe-list to collect community feedback about IPAM and the survey results. Bijal suggested to bring up this topic at the DBTF Bof at RIPE 80. --- RPSL Nick asked the DBTF their thoughts about RPSL. He added that it is seldom used and cumbersome but provide data that cannot be find anywhere else. Ed mentioned that there was already a discussion going on in the Database Working Group (DBWG) about replacing RPSL by something better. Shane mentioned that the DBTF could recommend dropping RPSL if something better and more practical could provide the same data. Nick proposed to give a presentation on RPSL at the next RIPE meeting to continue the discussion with the community. --- Geolocation Peter pointed out that the term ‘geolocation’ can be interpreted in many different ways. Nick mentioned that the DBWG already looked into defining what geolocation means in the context of the RIPE Database. Sara added that Law Enforcement Agencies (LEA) interpreted geolocation as knowing the legal address of a resource holder. Shane asked the DBTF if they knew enough to come-up with a requirement regarding geolocation. Shane suggested to draft another email to get feedback from the community on this point. --- Postal and Legal address Ed mentioned that the postal address is available in the public database and that it can be easily edited in the RIPE Database. Sara added that the LEAs had to contact the Dutch police via subpoena to obtain the legal address and that it was an often lengthy process. Ed mentioned that the country code of the resource holder’s legal address will be soon added to the RIPE Database. Sara replied that it was a step forward but not enough to help LEA to do their work correctly. Bijal asked what the main reason was to keep the legal address private. Sara added that they came up with a policy proposal to make this address public but that it was rejected by the community. Peter asked if the RIR was the best platform to deal with this sort of issues. Shane answered that he did not see any other relevant platforms to tackle this problem. -- Question 4 "How do you query the database?” Sara asked why so few people were using RDAP. Ed answered that it was indeed surprising and that he could look into it. He also mentioned that NRTM will be soon open to everyone. Shane asked what requirement could be drawn from the query stats. Sara mentioned that the interest for webupdates was positive. Peter replied that the results were interesting but not extremely relevant to the work of the DBTF. 4. Review open-ended results Peter proposed to correlate the open-ended responses to the close responses to get a better overview of the results. Boris said that he will edit the current document to add the correlation and send the document to the DBTF. Shane asked the DBTF if some of these open-ended results would be useful to consider when listing the requirements. -- Data Accuracy Regarding results mentioning the lack of accuracy of the RIPE Database, Shane mentioned that it would be helpful for users to identify which fields need to be updated. Ed clarified that it was already the case for certain fields. Sara asked if Abuse-C fields were colour-coded. Ed said that they were not at the moment, but that his team could investigate it. Nick mentioned that a vast majority of the RIPE Database data is user maintained. He added that one could always try to improve processes but that it will be impossible to completely eliminate human mistakes. Maria mentioned that the RIPE NCC’s Assisted Registry Checks were helping members to update their data. Shane asked if the DBTF should make recommendations on how to improve accuracy. Peter replied that it is not the DBTF’s role to provide concrete solutions, but that they could highlight areas of improvement. Sarah pointed out that resource’s hijackers are taking advantage of vulnerabilities created by inaccurate data. Peter commented that regulating how resources are used by resource holders does not fit the Registry’s current mandate. Sara proposed to create a best practices document on how to update RIPE Database data. Shane mentioned that as long as the data is accurate, ISPs can find the malicious IP addresses and block them. He added that there is nothing else than the RIPE NCC can do to prevent hijacking. Maria added that if a resource holder is violating RIPE policies the RIPE NCC can act. This is done on a case-to case basis depending on the circumstances. Nick concluded that data accuracy is probably part of a bigger conversation and proposed to continue the discussion at another time. Bijal added that the DBTF might need to define what accuracy means as it might be useful when they will dive into RIPE Database objects. -- Person objects Ed mentioned that the RIPE Database Team started to clean-up locked person objects as they are many of them, and they are most likely not up to date. Peter pointed out that it might become worse with IPv6, and that the community should think about how deep the assignments should be reflected in the RIPE Database. James agreed and mentioned that it would make the whole IPAM issue worse. Shane suggested that stricter rules regarding data accuracy for IPv6 might be worth considering. --Role objects Bijal asked how much roles objects were created. Ed replied that only a tiny amount of Role objects was created in the RIPE Database. Bijal and Sara mentioned that this was odd as it should be the other way around. 5. Review data from action points Ed shared broad RIPE Database statistics with the Database including different objects data (e.g., Abuse C validation data). He then asked the DBTF to have a look at these preliminary statistics and choose the most relevant data sets to explore. The DBTF agreed and will provide him with this insight as soon as possible. They also discussed and questioned the usefulness of certain object types. -- IRT (Incident Response Team) Objects James asked if IRT Object types were used. Ed replied that there were only 400 IRT objects in total, which is really low. Shane added that as the objects are pointing to a CERT (Computer Emergency Response Team), 400 could be the number of CERTs existing in the RIPE Community. Ed suggested to look into the query statistics to assess the usefulness of those objects. Sara mentioned that due to recent regulations, the CERT environment rapidly evolved the past few years. Bijal proposed to directly ask some CERTs about their use and knowledge of the IRT object type. Sara suggested to talk to ENISA as they can directly contact CERTs. 6. Next steps -- BoF at RIPE 80 Bijal mentioned that the DBTF needed to plan for RIPE 80. Nick proposed to present at the RIPE Database Working Group. He also mentioned that it will be good to make sure that the DBTF receives enough feedback during the BoF. Sara proposed to use Slido at the BoF. Slido is an interactive poll tool that would help increasing participation and get more feedback from the audience. Peter commented that the DBTF should be cautious to not lose focus when introducing new tools. -- RIPE Database Purposes The DBTF agreed to take a deeper look at the RIPE Database purposes to help draft the requirements and understand how it relates to the RIR’s mission. This is the preliminary list of purposes defined by the DBTF: RIPE Database Purposes • Provide accurate registration information of Internet number resources • Facilitating communication about usage of the resources • Publishing routing policies by network operators (RIPE IRR) • Provisioning of Reverse Domain Name System (rDNS) • RPKI - not part of the RIPE Database but compliments and references the RIPE Database Other Usage • Research into network operations and topology • ENUM • Geolocation • IPAM • Enabling transfer of IP resources 7. Action points · Nick will contact the Routing WG chairs about RPSL and possibly give a presentation about this topic at RIPE 80. · Shane will send an email to the ripe-list to further discuss IPAM usage within the community. · Shane will draft a document highlighting the main complexities regarding geolocation use in the RIPE Database. · Boris will edit the open-ended responses summary and add the correlation with question 1,2,3. · Ed will look into how often IRT objects are found in query statistics and help the DBTF explore new data samples from the RIPE Database. · Sara in collaboration with ENISA to ask CERTs questions about the data contained in the IRT object. · Each member of the DBTF will work on a different RIPE Database purpose/requirement. 8. Next meeting The DBTF decided to have a teleconference call in March followed by another face-to-face in April.

1 0