We'll need IPv4 and IPv6 public space at the new DC. Need to determine whether we need new allocations (from APNIC?) and/or use existing space, and assign the numbers for use. Wikipedia Zero needs to announce the space to partners well in advance of service turn-up, so the sooner we can nail this down the better.
Our preference is to get new Asian address space from APNIC for this site. We'll evaluate a menu of backup plans if we're unable to meet their requirements.
| Status | Subtype | Assigned | Task | ||
|---|---|---|---|---|---|
| Resolved | BBlack | T156026 Enable Service in Asia Cache DC | |||
| Resolved | BBlack | T156027 Configuration for Asia Cache DC hosts | |||
| Resolved | ayounsi | T156031 Turn up network links for Asia Cache DC | |||
| Resolved | ayounsi | T162684 Network hardware configuration for Asia Cache DC | |||
| Resolved | faidon | T156256 Allocate address space for Singapore (APNIC) |
After passing through Finance and Legal approval via Cobblestone, I submitted the APNIC form today. This is now being tracked by APNIC as #3102214 and in progress.
Thank you for your application for Internet resources and to become an
APNIC Member.Your APNIC account name is:
WIKIMEDIA-APThe following process will now begin:
- APNIC will verify your membership details.
- APNIC will evaluate your IP address and/or AS Number request to determine whether or not it meets APNIC policy criteria.
- When APNIC approves your application and receives the full payment, you will receive the Internet resources.
After a few back and forths and a lot of supporting documentation, we've passed the verification step of the process and we moved on to the next step as of today:
At this stage, we are satisfied with the information provided for your membership application.
Our Registration Services team will contact you shortly to follow up your internet resources application via ticket:
#3102213: [WIKIMEDIA-AP] New member - resource application
@BBlack Is there an update for ETA for updating the zero whitelisting IPs? I will need several months of lead time before this goes live to get ~50 partners worldwide to update their systems to match.
We still have no real ETA on the IP addresses. We're attempting to acquire the address space from APNIC. They're (reasonably) requiring proof of our needs, which includes the physical address of the datacenter in Singapore (we're still evaluating multiple RFP responses), invoices for our equipment (which isn't ordered for the same lack of a shipping address), lists of our network peers in Singapore (which is, again, blocked on contracting with a datacenter vendor so we know which peers are available and what physical building we're peering at).
My best guess is that our most-optimistic date for meeting APNIC's criteria and getting address space from them would be sometime in the first half of May. My most-pessimistic guess would be it happens by the end of June (or by then we give up on the APNIC process and go for some Plan B option for space to advertise in the APNIC region...).
Even if we had the addresses today, though, we're already less than several months away, depending on your definition of "several". If there are no unexpected delays with the many moving parts in this plan (and there could well be delays), we should theoretically be ready to start testing and then bringing up service in Singapore sometime in July, other than this potential issue with Zero partner notifications.
Can we get a firmer idea how long the notification->update process will take?
No updates yet, we're still finalizing DC vendor selection (one of several steps before APNIC will possibly give us new address space). Any firmer timeline on how long after acquisition of the address space the partner update process will take?
My only reference was the conversion of all the zero partners (around 75) from URL-based whitelisting to IP whitelisting when we adopted HTTPS-only, and that took about 5-6 months. Probably the biggest challenge was getting ahold of some partners where the PoC had moved on, or much or all of the current team didn't know about the project.
Given that updating the IPs to a new set of ranges is a simpler task than changing from URL whitelisting, I'm expecting this will be about a 2-3 month task to complete once started.
Status update: back in April, APNIC had requested documentation supporting that we have or about to have a presence in the Asia-Pacific region. We didn't have any besides our internal ones to support that, so the request has been stalled ever since.
As of last week though, we have a contract and cross-signed order form with a datacenter, so I emailed them last week to unstall, and today I took the order form, blacked out the financials and sent it out to APNIC.
We now have an APNIC account, and we were assigned today this IP space:
There is an on-going thread with APNIC about some WHOIS oddities that happened that will require quite a bit of cleanup, so let's keep this task open for now. After that, we'll need to create route objects, subnet the space and create reverse DNS for the space -- but perhaps that's better suited for another task.
We can do revdns and basic puppet address space commits here or in T156027 as appropriate I think (maybe most of the puppet-level stuff over there). One thing it would be nice to sort out early is the public LVS subnets to forward to zero. If we follow the examples of other DCs, they'd be:
Any reason to delay declaring these now?
Yup, that's fine, as is creating the zones in the DNS and puppet repository (but not do the reverse delegation).
Change 385366 had a related patch set uploaded (by Faidon Liambotis; owner: Faidon Liambotis):
[operations/dns@master] Add reverse DNS zones for APNIC space
Change 385366 merged by Faidon Liambotis:
[operations/dns@master] Add reverse DNS zones for APNIC space
OK, so APNIC fixed the "57 duplicate objects" situation, so I proceeded with the rest and specifically:
Things pending:
Change 385402 had a related patch set uploaded (by BBlack; owner: BBlack):
[operations/dns@master] eqsin revdns: strawman subnet plan
Change 385402 merged by Ayounsi:
[operations/dns@master] eqsin revdns: strawman subnet plan
Change 389739 had a related patch set uploaded (by BBlack; owner: BBlack):
[operations/dns@master] eqsin DNS for hosts, services, geodns
Change 389739 merged by BBlack:
[operations/dns@master] eqsin DNS for hosts, services, geodns
Status updates?
Last email on this says contract executed back on Oct 24th, I think we're good here?
- @mark creating his account
?
- Subnet the space, figure out zero ranges etc. (this task?)
- Puppet commits to define the space in all the right places (probably in the other task, as @BBlack said)
These are done above as much as they need doing in this ticket. The rest can go in the other task.
Change 389995 had a related patch set uploaded (by BBlack; owner: BBlack):
[operations/dns@master] eqsin v6: s/0df2/df2/ (more-canonical and shorter)
Change 389995 merged by BBlack:
[operations/dns@master] eqsin v6: s/0df2/df2/ (more-canonical and shorter)
RPKI is all done as far as I know. @mark said he'll create his account later, if at all. I think we can resolve.