|
|
You're here: Home » Info & FAQs » About APNIC » Reports and statistics » Annual reports |
APNIC Annual Report 1998Contents[ Contents | Section 1 | Section 2 | Section 3 | Section 4 | Section 5 ] 4. Technical Services4.1 StatusAPNIC web site In July 1998, APNIC migrated its web site from servers in Tokyo to its new Brisbane network. Since then, the site has been receiving an average of 500,000 hits per month (figure 15).  Whois server The whois server was the first core service migrated from Tokyo to Brisbane. The migration presented a valuable opportunity to restructure the whois process. With the Brisbane network split by a firewall into internal and production networks, APNIC decided to deploy the master whois database on an internal server, to be backed up daily and tuned for the database update process. Further, APNIC deployed a mirror server (whois.apnic.net) on the production network, tuned for high volume queries. Splitting the update process from the query process has improved both performance and security. The mirroring process takes an average of 10 minutes to synchronise and most members have now demonstrated familiarity with this change in operations. The number of queries is increasing at an average of more than 8,000 additional queries per month and the current server (P233/128Mb) is rapidly approaching its resource limits. A two-way cluster has been designed to replace the current server (see 'Future Activities' below for configuration details of the cluster).  in-addr.arpa domain server APNIC took over management of the in-addr.arpa domain delegation from Telstra in November 1998. The automated processing of delegation requests gave rise to some security concerns, so in January 1999 APNIC commenced manual processing of all delegation requests. This places a considerable strain on Technical Services staff resources and plans are underway to implement a secure automated process by the second quarter of 1999. System infrastructure The current production and internal networks comprise Intel Pentium workstations running SCO UnixWare 7. A detailed 'Vendor and Platform Evaluation Report', was conducted in August 1998, during which APNIC approached and sought sponsorship from several hardware and Unix vendors, including Sun Microsystems, Hewlett-Packard, Compaq, and SCO. APNIC concluded that the best value-for-money, long-term solution for APNIC to pursue was an Intel/Unix architecture. Accordingly, discussions are underway with SCO and Compaq to provide software and hardware respectively for APNIC's production network. Unfortunately, delays in finalising the sponsorship agreements have meant that APNIC has operated on servers not sufficiently resourced to accommodate the increasing load; however, APNIC expects to commence deployment of these resources by the second quarter of 1999. In November 1998, APNIC decommissioned all of its remaining Tokyo-based servers. Concurrently, APNIC deployed a Compaq 1850R 450Mhz/128Mb RAID-1 in Tokyo's NSPIXP-II as APNIC's secondary domain name server. Cisco's sponsorship of APNIC's backbone network requirements and Ascend Communications's sponsorship of APNIC's WAN requirements have meant that both these areas of Technical Services operations have been well resourced. Feasibility and cost analysis for a redundant Internet connection have been underway since December 1998, with the intention of obtaining a minimum 512Kbps second connection by the third quarter of 1999.
Internal services The request ticketing system under evaluation in early 1998 failed to meet the requirements of Member Services and was abandoned in June. However, Technical Services evaluated several public domain ticketing systems during this period, finally choosing the REQNG ticketing system, which was deployed in July 1998. Technical Services undertook further internal development to add functionality to the base system and, while the system now meets Member and Technical Services tracking requirements, further work is ongoing to integrate other components of APNIC's operations. Member Services internal tool set lacks some functionality and requires considerable integration with other departments to optimise the flow of the resource allocation process. Technical Services has designed a schema for integrating Member and Billing Services, as well as other tool set specifications. A full-time internal developer will be appointed in the second quarter of 1999 to progress this development. 4.2. Future activitiesWhois server Work on a revised APNIC database administration system was undertaken under contract in 1997 and early 1998 and a prototype database has been produced. This prototype provides internal management functions for some of APNIC's membership and allocation processes, as well as Web-based entry of allocations and assignments made by APNIC members. Currently, the prototype is limited in terms of membership management functions, security, scalability, and extensibility. Technical Services will conduct a thorough evaluation of this prototype by June 1999 and, subject to the results of that evaluation and feedback from members, will continue through to either deployment of that prototype or development of an alternative during the second half of 1999. Work is also underway to evaluate the re-implementation of RIPE's Whois server and ISI's Whois server, to investigate the possibility of deploying one of these databases as a joint development effort. To serve the administration needs of the APNIC Database, and of the Routing Registry (see the Routing Registry section below), APNIC plans to employ a database administrator in the Technical Services department in 1999. Certification authority (CA) APNIC has identified a need to provide facilities that ensure security of member interactions with APNIC and its online systems. Such a system would issue certificates to members to be used for security purposes. APNIC intends that the certificates will be valid for the term of each membership (to expire and be reissued on membership renewal) and will be used for secure encryption of email communications with APNIC, and secure access to the APNIC web site and database. As a future extension of this scheme, APNIC may develop a system to issue certificates to confirm that an allocation of a specific Internet resource (such as a range of IP address space or an AS number) has been made to a particular member and to confirm the term of that allocation. Technical Services will follow discussions and developments of the various certificate protocols and evaluate those that best suit the requirements of APNIC's membership. Technical Services intends to make a prototype certification facility available to APNIC members by mid-1999. By the end of 1999, it is hoped that member certificates will be in active operational use. APNIC estimates that a full-time developer (possibly under short-term contract) will be required during 1999 to implement the CA and associated facilities. Routing Registry The Asia Pacific Internet community does not yet have a dedicated Internet Routing Registry of the type currently available in America and Europe. As the authority responsible for ASN and IP address allocations for this region, APNIC proposes to establish an Internet Routing Database to meet this requirement. The APNIC Internet Routing Registry will allow its members to register and query routing policy and related objects. Routing Policy Specification Language (RPSL) is the IETF proposed standard language for specifying Internet routing policy. Consistent with other RIRs, APNIC will deploy an RPSL-capable Routing Registry to facilitate the transition from RIPE-181 to RPSL. Technical Services will deploy the database as a prototype in the second quarter of 1999. To serve the administration needs of the APNIC database, including the Routing Registry, APNIC plans to employ a database administrator in the Technical Services department. Development of the registry is expected to occupy a full-time developer (possibly under short-term contract) for three months in 1999. in-addr.arpa Domain server The introduction of the 'mnt-lower' and other attributes to the RIPE database raises the possibility of using the domain object as a master record for generating in-addr.arpa zone files. Given that all APNIC members should already be familiar with managing objects within the APNIC database, APNIC is considering using the database to manage in-addr.arpa delegation requests. Technical Services has been developing software since January 1999, with a view to automating the zone file management by late April 1999.
System infrastructure Negotiations are underway with Compaq/SCO to provide sponsorship of hardware and software for APNIC's production network. For the primary Whois and in-addr.arpa server, Technical Services will deploy a two-way Single System Image cluster of Compaq 1850R 450Mhz 256Mb 20Gb RAID-5 running Non-Stop Clusters for UnixWare in April 1999. In addition to this, several other systems including the internal file server, firewall, and monitoring station will also be upgraded in the second quarter of 1999, using a standard Compaq 1850R configuration. Standardising to the Compaq/SCO platform raises the possibility of APNIC migrating resources into the cluster if server demand increases beyond forecasted levels. This configuration is expected to meet APNIC's server requirements for the next twelve months. Internal services Historically, APNIC's internal departments have developed independently, using different systems. APNIC has identified the provision of a centralised repository of Internet resource and membership information as a key component in streamlining its operations. Technical Services has completed a Database and Object schema encompassing access to these core resources. A full-time internal developer will be employed in the second quarter of 1999 to complete implementation of the core APIs by the third quarter of 1999. The internal developer will then focus on enhancing Member Services' tool set using these core resource access methods. Year 2000 Compliance APNIC has released a Year 2000 Compliance Statement. The workplan for ensuring Y2K compliance is as follows:
|
