Kaveh Ranjbar

Future of RIPE NCC Technical Services

Kaveh Ranjbar

12 min read

As the new Chief Information Officer at the RIPE NCC, I’d like to take this opportunity to share with you some of my ideas about the future direction of the technical services we offer to the community. This includes focusing on RIPE Atlas as the RIPE NCC’s data collection system, RIPEstat as the RIPE NCC’s consolidated point for data retrieval, service agreements and other plans for hosted services like K-root, authoritative DNS servers and RIS data collectors, and a greater focus on data analysis.


The RIPE NCC provides a diverse array of technical services, ranging from LIR-specific services, to authoritative data provisioning services like whois, to globally distributed services like K-root and RIPE Atlas, to the compilation and analysis of huge amounts of data from different sources for services like the Routing Information Service (RIS) and RIPEstat.

The big question is: How can our users access these services in the easiest way possible, so that the community can easily participate in the data collection process, make the best use of the available data and gain the most from these services?

In this article, I will share an overview of the plans we have to answer this question at a fundamental level. More detailed articles addressing individual services will also be published on RIPE Labs in the near future.

RIPE Atlas

With your help, the RIPE NCC is building a global Internet measurement network. RIPE Atlas consists of two types of measurement devices, RIPE Atlas probes and RIPE Atlas anchors, which perform active measurements and collect data from thousands of points all across the globe. The aggregated data is then provided to the community in different formats that they can use to run their own analyses on the data. In addition to the standard set of measurements that RIPE Atlas runs, users can also define and perform their own measurements using the entire RIPE Atlas network.

Until now, RIPE Atlas has operated as its own independent initiative. In the long run, we want to consolidate all of the RIPE NCC’s data collection efforts under the umbrella of RIPE Atlas. This means that, in the coming years, we will migrate RIS data collection into the RIPE Atlas infrastructure, along with all of the data we collect from other RIRs, IANA and other external parties.

It also means that members of the community who participate in data collection (whether they contribute to RIS, RIPE Atlas or any other RIPE NCC data collection) will have a single interface when communicating with the RIPE NCC. This simplification also means we can spend less time on administration and more time providing you with better data and interesting analyses.

For users accessing the data, consolidating our data collection will allow us to operate a wider network of data collection and active measurements, and to integrate different types of collected data together so that we can aggregate, analyse and present all of this different data more seamlessly.

That is the high-level plan for RIPE Atlas as the RIPE NCC’s main data collection system. As far as plans go for the existing measurement network that has been at the heart of RIPE Atlas since its inception, we have several focus points:

  • Providing more direct value to the RIPE community, which consists mainly of implementing the features requested by our users. Two good examples are third-party monitoring system hooks (for applications like Nagios and Icinga) so users can monitor the reachability of their network from all around the world, and alarms to enable users to receive notification when specific events are seen from their network, such as a strange route to their network or access issues from a specific region.
  • Expanding the network, as having more probes means more vantage points and more widespread coverage. In 2014, we aim to distribute approximately 7,000 RIPE Atlas probes worldwide. We hope to have the RIPE NCC distribute approximately 5,000 of these and secure sponsors, who contribute financial support in return for the probes they sponsor, for the other 2,000. Looking ahead, it may be advantageous to move towards even more of a sponsor-based model, in which eventually all RIPE Atlas probes would be financially supported by sponsors. This would mean that RIPE NCC members would bear only the administrative costs of running the network and none of the probe hardware costs. However, the development of RIPE Atlas will continue to be driven by feedback we receive from the community in order to best serve their needs.
  • RIPE Atlas anchors, which will become a full production service at the RIPE 67 Meeting in October. RIPE Atlas anchors act as more powerful probes as well as stable regional targets. The necessary hardware is purchased and maintained by the anchor hosts, who, in exchange, receive additional benefits. So far, RIPE Atlas anchors have been mainly installed in data centres and Internet Exchange Points. We hope to expand the RIPE Atlas anchors network to include 50 anchors by the end of 2014. More details about the pilot can be found on RIPE Labs , and a full report on the pilot will be published there soon, along with details about the full production service.
  • A clear end user agreement. We want to make sure the rights of RIPE Atlas probe and anchor hosts, the RIPE community and the RIPE NCC are all protected and everybody knows who is responsible for what. Another important addition to the agreement will be the life cycle of the probes –  the length of time that we officially support the machines.

RIPEstat

RIPEstat consolidates information about Internet number resources in a single interface, drawing on multiple internal and external data sources. It presents registration and routing data, DNS data, geographical information, abuse contacts and more for IP addresses and Autonomous System Numbers, as well as related information for hostnames and countries.

In the long run, we plan to rethink the interfaces our community uses to access data, to make all of the RIPE NCC’s publicly available data easily accessible to different types of users. We plan to move towards a centralised data retrieval point, where users can access our different data sets using a consistent set of interfaces, including streamlined data access APIs, web interfaces and command-line interfaces.

RIPEstat will act as this information aggregation point, and will gradually move to a set of more user-centric web interfaces that will accommodate different RIPE NCC services. Besides providing one-off query results, RIPEstat will become a dynamic platform that provides different kinds of analytical reports concerning big picture trends we see on the Internet. To start, based on considerable member and community feedback, we’re making some initial changes to RIPEstat’s web interface to make it easier to use and enable the provisioning of all these data sets in a way that’s consistent with the rest of the RIPE NCC’s services.

Eventually, we see RIPEstat evolving into much more than a web-based data retrieval platform, with proper APIs and other interfaces (a more complete FTP and command-line interface, etc.). We want to make it more efficient and simpler to use – a singular entry point to access the RIPE NCC’s publicly available data in a consolidated, consistent, well-organised fashion.

K-root and Authoritative DNS Servers

The RIPE NCC runs the K-root server as one of the 12 organisations in charge of running root name servers on the Internet. The current K-root setup is stable and handles about 20,000 queries per second. We are proud of providing this service on behalf of the RIPE community, and we want to expand the anycast network to provide faster DNS lookups for the Internet community, especially those users in our region.

Our first priority is to make sure our hosting contracts, as well as hardware maintenance processes, are streamlined and synchronised, and to improve the automation on the software maintenance side of these machines, which are spread all across the world. This should take us until mid-2014, and after that we will have clear processes in place for adding servers wherever we see interested parties who have the resources to host a K-root server.

The authoritative DNS cluster that we run serves as the authoritative name server for reverse lookups of the RIPE NCC’s allocated and assigned address space. At the moment, we have two physically operated clusters and a third is being added that should be operational in a few weeks. With about 120,000 queries per second, this is one of the critical services the RIPE NCC provides.

We also act as the secondary name server for about 77 country code top-level domains. We are going to review the list of countries that are currently being offered this service, and clarify the criteria we use in determining which ones should be eligible. We will be asking the RIPE community for their feedback throughout this process, and aim to make the contracts and requirements for this service as clear, open and transparent as possible.

Data Analysis

The RIPE NCC publishes technical analyses on different occasions, including the uptake of newly adopted protocols like IPv6 or DNSSEC, or in the case of natural or political events that affect Internet infrastructure or traffic.

These have been received very well by the Internet community and resulted in collaborative work with other researchers in the field.

In the long run, we want to make sure we can react in a timely fashion when these events occur, and focus our analyses on useful, real-time data for network operators to help explain trends they might see in their network. We also want to focus our data analyses on the community’s needs and, when possible, contribute to ongoing policy discussions in order to provide scientific input for the community decision making process.

On the community side, we also want to more visibly represent the RIPE community and its wishes in technical forums, including the IETF , and to act as a two-way communication channel between those forums and the RIPE community. We will discuss with the RIPE community how they would like to see these channels being built. As an example, we might suggest introducing an IETF session at the RIPE Meetings to report back to our community on interesting IETF topics and gather feedback for the RIPE Working Groups. With such a mechanism in place, we can make sure the wishes of our community are included in the broader decision making process.

Other Services

The four main activities outlined above will become the main umbrella for the RIPE NCC’s public services. All data collection, data retrieval, technical services and data analysis for the public will be defined under these four main areas. Of course, this may leave some of you wondering: What will happen to our other current services?

Routing Information Service (RIS) : Data collection will eventually migrate to RIPE Atlas with a new type of probe, RIPE Atlas RIS probes, which will be owned and operated by the RIPE NCC. The current hardware, where it is still under service contract, will remain the same. Going forward, we will choose appropriate machines that can do the job. Raw data will be provided as it was and the web-based data retrieval interfaces (including the RIS Dashboard) will migrate to RIPEstat. There are many new features when using RIPEstat as the replacement for the RIS Dashboard and most of the current functionality has been re-implemented. There are also some differences, and some rarely used features will no longer be available. Full details will be published in a RIPE Labs article with ample time for our users to adjust before switching off the legacy RIS interfaces.

Test Traffic Measurement (TTM) : As the progenitor of RIPE Atlas, this legacy service will be completely shutdown by the end of 2013. Almost all of the functionality of TTM will be implemented in RIPE Atlas, but one difference is the absence of one-way latency measurements. These are not supported in RIPE Atlas, but were not used by most TTM users and required special, expensive hardware and antennae. An article with the full details will be published on RIPE Labs later this year, well in advance of the service shutdown.

DNS Monitoring Services (DNSMON) : Everything DNSMON does will be provided by a combination of data collection via RIPE Atlas and data retrieval via RIPEstat. The old service will be shutdown, as has been previously announced and outlined in the RIPE NCC Activity Plan and Budget 2013. By the end of 2013, some of the measurements will be performed by RIPE Atlas probes and RIPE Atlas anchors. As the RIPE Atlas anchor network grows, most of the measurements will be initiated from those machines. There will be an article with all of the details on RIPE Labs in the coming months.

Conclusion

These changes will allow us to operate more efficiently by focusing on a smaller number of data collection and retrieval systems and strategically improving them, rather than adding ad hoc features and fixing bugs on multiple, disconnected systems at once. We are confident our future direction will allow us to streamline our service offerings, making it very clear and easy for participants and end users to benefit from our publicly offered services.

We want to ensure we address the needs of our community, and I look forward to hearing from you about any questions, suggestions or comments you might have about the planned future direction of our services. I invite you to contribute your feedback by leaving a comment on RIPE Labs or by contacting me directly at kranjbar [at] ripe [dot] net.

We will keep both the membership and community informed about all of our plans and developments on a regular basis via updates and discussions on RIPE Labs, emails on pertinent RIPE Working Group mailing lists, and RIPE NCC organised meetings, where we look forward to hearing your feedback in person.

You may also like

View more

About the author

Kaveh Ranjbar Based in Amsterdam

As former Chief Information Officer for the RIPE NCC, I was mainly involved with the planning, operation and development of the RIPE NCC's global information services as well as research and development. This included the RIPE NCC's authoritative DNS services as well as K-root infrastructure, data collection and measurement networks such as RIPE Atlas and RIS, data provisioning systems such as RIPEstat, and the RIPE NCC's data analysis efforts. Before the RIPE NCC, I worked for more than 12 years in the Internet services and ISP sectors, mostly in senior technical management positions. I was the engineering founder of one of the largest Iranian ISPs and helped several IT startups with their software and business process implementations. I have a M.Sc. in Software Engineering from the University of Oxford, UK and Lean Engineering/Agile Management training at MIT.

Comments 3