RIPE NCC Activity Plan and Budget 2019
- Publication date:
- 27 Dec 2018
- State:
- Published
- Author
- File(s)
- PDF (4.0 MB)
This document is best viewed as a PDF document.
The RIPE NCC Activity Plan and Budget 2019 documents the activities that we propose to undertake in 2019 along with their associated costs, provided in terms of Full Time Employees (FTEs), Operational Costs (OPEX) and Capital Expenditure (CAPEX). The document also highlights areas of strategic focus for our organisation.
This document is the clearest way that RIPE NCC members can learn about, comment on and ultimately shape the direction we will take in the coming year. We view this as an integral part of maintaining the trust of our members, by ensuring high standards of transparency and accountability.
It is important that members are aware of how to provide feedback on the Activity Plan and Budget. We publish a draft version of the document before discussions take place in the RIPE NCC Services Working Group and the RIPE NCC General Meeting (GM) in October. Members are also encouraged to ask questions and discuss the document on the RIPE NCC Membership Discussion mailing list.
The feedback received over that period is incorporated into the final Activity Plan and Budget that is approved by the RIPE NCC Executive Board.
Executive Summary
With the unprecedented membership growth that we have seen in 2018 and even higher envisaged growth for 2019 (approximately 4,000 new LIR accounts), our total membership base is expected to be more than 24,000 LIRS by the end of 2019.
In an effort to effectively achieve the on-boarding of these new members and meet the continual demands of our large membership, we are planning a budget increase of 17% in 2019. The vast majority of these expenses will be in dealing with new LIR requests and in fortifying the RIPE NCC as both a registry and a Network Coordination Centre, keeping in mind that this growth is unlikely to continue in 2020 and beyond. The other main increase items are linked to the Executive Board-supported decisions to strengthen our global K-root name server infrastructure, IT and Information Security, Training Services credentialing initiatives, planned efficiency gains that will set us up for the years to come, and the implementation of the community-approved abuse-c validation activity.
Personnel expenses are the RIPE NCC’s biggest cost driver, and a large portion of the total increase in expenditures can be explained by the growth in FTE and current labour market factors.
There is a forecast income increase of 24% in 2019 due largely to the increasing membership. We forecast that there will be approximately 4,000 new RIPE NCC member accounts activated in 2019. The RIPE NCC plans to increase its FTE count by 6% in 2019 (from 155 FTE to 165). The majority of the added FTEs will involve giving permanent contracts to temporary staff in order to meet the demands of a greatly increased membership. The RIPE NCC membership fee will remain at EUR 1,400 per LIR and there is an anticipated surplus of 9,743 kEUR to potentially be redistributed to the membership. The cost per LIR is expected to be EUR 1,367* – down from EUR 1,435 in the 2018 Budget.
There are two new activities planned for 2019. In the Training Services section, as part of efforts to make RIPE NCC training more relevant for operators and employers, 2019 will see the launch of credentialing in the RIPE NCC Academy which will involve proctored online tests designed to ensure those who take tests in the RIPE NCC Academy are properly qualified to carry out tasks that are actually required as part of their jobs. In the Registry Maintenance section, there is a new activity of Regular Abuse-c Validation.
There are several activities that have the status “Expanding”, which means the costs for these activities have increased by at least 10% over the 2018 Budget. The expansion of several areas is also linked to the addition of FTEs to handle the still-increasing membership (there were over 19,207 LIR accounts at 30 June 2018 and this is expected to grow to over 24,325 by the end of 2019).
*This figure is based on an expected membership base of 24,325.
Overview of 2019 Strategy
The strategic focus of the RIPE NCC is to deliver world-class services while engaging to connect people to maintain the resiliency and stability of the Internet.
In 2019, the focus will be on dealing with the expected member increase and putting in place the structures that will enable us to deal with approximately 4,000 new member accounts. We need to keep up with the workload this will bring but also ensure we are doing high-quality work for new and long-term members. We are investing in structural efficiencies that will allow our Registration Services and Customer Services departments to effectively manage the increased workload while being able to react quickly beyond 2019 when the expected fall-off in new members takes place. We must also be flexible in order to be able to take on new work in this area, such as when the community asks us to validate abuse-c contacts. All the work that takes place now in this area is aimed at fortifying our position as a registry for the future.
Ensuring the accuracy of the data in the RIPE Registry and ensuring the uniqueness of Internet number resources is of critical importance to RIPE NCC members and the wider Internet community. As a recognised and trusted body with a long track record of serving the community, the RIPE NCC seeks to be an authority on unique Internet number resources in order to enable our members to operate and develop the Internet. This will remain a key focus point in the coming years.
Another key area for the RIPE NCC is continuously improving the delivery of related services so that members are more than satisfied from their interactions with the RIPE NCC. In 2018, an external analysis of the processes and interactions members undergo when dealing with the RIPE NCC was completed, and work will commence in 2019 on addressing the issues that were identified. As the RIPE NCC moves beyond 20,000 members, achieving excellent service delivery in a fair and consistent manner for all members is crucial.
As part of efforts to ensure stability and robustness for the RIPE NCC and for the wider technical community, there will be a focus in 2019 on strengthening the K-root name server infrastructure. This infrastructure has been formalised over the past five years to provide a solid base for investment as the RIPE NCC looks to move K-root from being one of the lower-tier root server operators in terms of capacity to a more mid-range situation. The K-root name-server infrastructure has become the target of increased-intensity DDoS attacks recently, and the Executive Board has requested a higher-capacity and more distributed option that will ensure the robustness of K-root in the coming years.
Another area that we will focus on in 2019 is adding value for the technical community and to members who access our Training Services. By offering a credentialing service attached to the RIPE NCC Academy, we will provide training that ensures those who take our courses are able to carry out the tasks that are actually required as part of their jobs and that are required by those who hire network operations experts.
The RIPE NCC is witnessing new and more complex examples of attempted fraud, so addressing this issue will be crucial in the coming years to protect members’ resources. An area of focus for the coming year will therefore be Information Security and IT. New regulations and an expanding member base means that we need a more systematic approach and greater technical depth that will bring the right balance between security and convenience. The RIPE NCC will work on a platform to measure security at the RIPE NCC and over the coming years will establish and then maintain a system that will meet the goals of this project.
The RIPE NCC has an important role as a neutral source of information and knowledge. To this end, we are committed to providing intelligence, tools and measurements that can help our community to develop their own strategies, monitor and optimise their networks, and verify facts with their clients. The consumers for this technically factual information are all parties with an interest in the Internet, and the RIPE NCC aims to be excellently placed to be a trusted source for this information.
The RIPE NCC’s external engagement activities will continue to evolve in 2019 to better meet the needs of our membership, fulfil the goals of the RIPE NCC, and respond to a dynamic policy and regulatory environment. This will involve building on current strategies to strengthen all corners of our community and to understand the different needs and priorities of members across a diverse range of sectors so we can serve them better. At the same time, it is clear that government authorities globally are taking a more pro-active approach to regulation in the Internet space, and this has the potential to impact the RIPE NCC and our operations.
As a foundation for all this, the RIPE NCC must ensure its own stability and robustness, so there will be increased focus in the coming years on assessing how we can adapt to a rapidly changing environment and ensure that our members are fully aware of how the RIPE NCC will react to these changes in an appropriate and effective manner.
Focus on Efficiencies in 2019
Achieving greater efficiencies remains an important goal for 2019 as we continue to deal with an increasing workload, driven by the rapid growth of our membership. We aim to simplify and automate processes in Registration Services and other support functions to reduce the workload on our staff. These efforts will also prepare the organisation for an expected drop in membership numbers after we exhaust our available supply of IPv4 address space.
To deal with rapid membership growth, we are taking steps to reduce the workload attached to the operations of each LIR account. We will streamline and automate our transfer processes, enabling our staff to invest more time on complex requests and perform stronger due diligence. In addition, we will implement a wizard to ensure that requests regarding changes to legal organisations, e.g. requests for mergers and acquisitions and legal name changes, are dealt with efficiently and accurately. This will greatly reduce the email exchanges between members and the RIPE NCC. In 2019, we will streamline the New LIR application process and improve our internal tools to better accommodate members with multiple LIR accounts. This will put us in a good position to react in case of account consolidations and closures.
Within our IT infrastructure, we plan to change our configuration management system to improve infrastructure deployment, maintenance and management. The new platform will help improve logging of our services, putting us in a position to better identify trends and threats before they become an issue and therefore decrease the workload in this area. We will implement plans to achieve better storage solutions as well as consolidation of our current data centre set-up.
Our administrative processes will also see a number of efficiencies gained in 2019, including changes to the way we distribute invoices and account statements. We will simplify our billing process with the aim of reducing the amount of invoice-related questions from different parts of our service region. We expect to bring down the amount of billing related tickets that will allow us to focus on a predicted rise in questions related to transfers or to VAT changes that are the consequence of revised local or global e-services taxation rules.
In 2019, we will also see efficiencies gained as we look to greatly reduce the content we need to manage on our websites. This will involve the removal of duplicate and unnecessary content and simplify the content that is really seen as useful and needed by members. This reduction in complexity will in turn result in fewer queries and tickets to our Customer Services Team. Aside from adding these efficiencies, it will improve the experience of everyone who comes to the RIPE NCC for information and services.
Internally, we will see efficiencies gained as we streamline the administrative processes related to our personnel. We have identified numerous processes relating to the management and administration of our personnel where significant efficiencies can be gained and costs reduced. Our staff are a major asset for the RIPE NCC, and with the efficiency gains made throughout the organisation we expect to be able to intensify and focus work on key areas such as strengthened due diligence and developing better tools and services for the benefit of members.
Finally, we are currently taking a high-level look at our organisational structure aimed at further increasing efficiencies and making sure the RIPE NCC is capable of reacting quickly and effectively to membership needs and events such as IPv4 exhaustion.
Activities that are increasing or decreasing by 10% compared to the 2018 Budget
Expanding | Decreasing | New Activities |
---|---|---|
Note: activities are deemed to be expanding or decreasing in financial terms only. This does not reflect a greater or lesser degree of importance being placed on certain activities. |
Overview of RIPE NCC Costs per Activity 2019
On the following page is an overview of the Full-Time Equivalents (FTEs), Operational Expenses (OPEX) and Capital Expenses (CAPEX) per activity. All amounts are in kEUR. The overview is presented on two levels. It is possible to click on any Level 1 or Level 2 activity for more detailed information.
For a detailed description of FTE, OPEX and CAPEX, please see the Activity Overviews.
Overview of RIPE NCC Budgeted Costs for 2019
* Total expenses are 17% when depreciation and bad debts are included
Activity Overviews
For each of the main areas of activity in the following report, we’ve provided an activity overview that gives anyone reading this document a summary of what to expect in that area in 2019.
1 Status - indicates whether the area of activity is expected to expand, decrease, or remain ongoing in 2019
- ‘Expanding’ - expenses for this activity will increase by more than 10% over the Activity Plan and Budget 2018
- ‘Decreasing’ - expenses for this activity will increase by more than 10% over the Activity Plan and Budget 2018
- ‘Ongoing’ - expenses for this activity deviate less than 10% from the Activity Plan and Budget 2018
2 FTE - Full-time equivalents indicates the average amount of personnel assigned to each activity as well as supporting staff over the course of the full year
3 OPEX - Operational expenses are all direct costs that relate to the activity or project, and a portion of overhead that is related to absence (vacation, illness, education) that has been allocated to the project. The overhead allocation is calculated by dividing the percentage of FTEs involved in the activity by the overall number of FTEs. Operational expenses exclude depreciation and bad debt expenses. Sponsorship is reported as Income in the Budget and it offsets the costs of RIPE Meetings, Regional Meetings and RIPE Atlas probes.
4 CAPEX - Capital Expenses are all items that are taken as an asset. These items include hardware and software, infrastructure, and office furniture.
5 Description - provides a high-level description of the area of activity
6 Benefits - lists the key benefits of carrying out activities in this area for our members as well as the wider community
7 2019 at a Glance – gives an overview of the main areas of note in the activity for the coming year
8 Measurable usage - provides statistics (measured at 30 June 2018 where possible) indicating important trends in this area of activity
RIPE NCC Activities 2019
1) Regional Internet Registry
1.1 Registry Maintenance
Status: Expanding
FTEs: 41.6
Cost: 4,666
CAPEX: -
Description
We are responsible for assigning and allocating Internet number resources (IPv4, IPv6 and AS Numbers) within our service region. A key responsibility is to maintain the accuracy and quality of the RIPE Registry, which contains information about the current holders of these resources. This includes public information available in the RIPE Database as well as other non-public registration information that we hold.
Benefits
- Improves the overall accuracy of the data in the RIPE Registry
- Supports members and the RIPE community with their operations and business needs
- Meets the strategic goals of improving registry accuracy and engaging with members to better understand their needs
2019 at a Glance
- Regular abuse-c validation, as mandated by a RIPE Policy accepted in June 2018
- Increased focus on dispute and hijack handling
- Increase in Assisted Registry Checks (ARCs)
Internet number resource records the RIPE NCC is responsible for
2016: 101,000
2017: 110,000 (+9%)
2018: 119,000 (+8%)
In 2019, we will continue to work to ensure that the RIPE Registry can accurately deal with a high level of IPv4 transfers and a heightened potential for conflicts over address space, both resulting from the growing scarcity of IPv4. There will also be an ongoing focus on protecting resource holders against hijacking of their Internet number resources. We will also continue to respond to any community-driven initiatives to increase the accuracy of registry data.
In 2019, we will continue to improve our service delivery to an increasing membership. In early 2018, an external analysis of the processes and interactions members undergo when dealing with the RIPE NCC was completed and work will commence on addressing issues that were identified.
We will continue our work in partnership with the other RIRs to improve data quality and to make this data readily available to the Internet community. The ongoing processing of inter-RIR transfers means that close ties will need to be maintained among the participating RIRs.
1.1.1 Distribution of IPv4/IPv6 Address Space and Autonomous System (AS) Numbers
Status: Ongoing
Measurable usage: Approximately 8,800 allocations and assignments from 1 July 2017 to 30 June 2018.
We provide fair, impartial and stable distribution of IP addresses and AS Numbers according to policies developed by the RIPE community. In addition to the allocation and assignment of IPv4 and IPv6 address space, we also assign AS Numbers and register these along with their initial associated routing policy. This ensures the uniqueness of AS Numbers and collects data for the RIPE Routing Registry. Since 2007, the RIPE NCC has assigned AS Numbers from both the 16-bit and 32-bit pools.
Benefits for RIPE NCC members / RIPE community:
› Promotes efficient use of IP address space and AS Numbers
› Facilitates optimal aggregation of routing information
1.1.2 Management of Internet Number Resources
Status: Ongoing
Measurable usage: We are administratively authoritative for approximately 119,000 Internet number resource records.
We manage the complete lifecycle of Internet number resources within our service region, supporting updates of the registration data and deregistering resources that have been returned. To facilitate the transfer of IPv4 address space between members, we provide the IPv4 Transfer Listing Service. From 1 July 2017 to 30 June 2018, we transferred 2,444 original IPv4 blocks, 546 ASNs and 287 IPv6 blocks within our service region. We also process inter-RIR IPv4 transfers – transferring 60 IPv4 blocks out of our service region and receiving 64 IPv4 blocks from other regions over this same period. We expect that the work involved with transfers will continue to increase in 2019.
Benefits for RIPE NCC members / RIPE community:
› Ensures the uniqueness of IP addresses, aggregation of routing information and conservation of IP address space
› Implements the necessary procedures to enable the processes defined by RIPE Policies
› Enables the accurate registration of network management and contact information
1.1.3 Assisted Registry Check (ARC) Status: Expanding
Measurable usage: 2,445 Assisted Registry Checks from 1 July 2017 to 30 June 2018.
The Assisted Registry Check (ARC) gives LIRs an opportunity to receive personalised support. We can help them to create database objects to improve contact data, remove inconsistent resource records, and we can offer clarification on RIPE Policies. The aim is to strengthen registry data while supporting the daily technical operations of the membership.
As a result of ARCs carried out in 2018, 103 admin accounts were added, contact information for 853 LIR Portal accounts was updated, and 196 billing issues were resolved. In 966 cases, resource registration was updated and 224 maintainer issues were corrected. In addition to this, 331 routing inconsistencies were fixed and 241 rDNS inconsistencies were resolved. In 135 cases, outdated information for independent resources was discovered.
This shows the importance of a direct relationship with our member base and gaining a greater understanding of its needs and motivations. Maintaining a closer and more regular business relationship is essential to ensure a strong registry.
Benefits for RIPE NCC members / RIPE community:
› Provides our members with an overview of how their networks are perceived by an independent entity
› Provides an incentive and an easy way for LIRs to keep their RIPE Database objects up to date
› Allows us to stay in more frequent contact with our members and better understand their needs
1.1.4 Maintenance of Contractual Information on End Users and Sponsoring LIRs
Status: Ongoing
Measurable usage: We oversee contracts for approximately 55,000 End User Internet number resource records.
Subject to the RIPE Policy on contractual requirements for holders of independent resources (ripe-637), we ensure that changes to contractual arrangements between sponsoring LIRs and End Users are followed up on and the appropriate administrative action is taken.
Benefits for RIPE NCC members / RIPE community:
› Ensures that IP addresses and AS Numbers are registered to the legitimate End Users or legacy resource holders
› Ensures that all resources are covered by a contractual relationship
› Maintains the accuracy of the RIPE Registry
1.1.5 Establishing Contractual Relationships with Legacy Internet Number Resource Holders
Status: Ongoing
Measurable usage: The total number of legacy IP addresses and AS Numbers within the RIPE Registry is approximately 4,400 parent IP blocks and 129,000 more specific blocks. There are also 737 legacy AS Numbers. By 30 June 2018, approximately 56% of legacy address space in the RIPE NCC service region was registered either directly or via a sponsoring LIR. From 1 July 2017 to 30 June 2018, there were 221 requests to update the RIPE Registry following legacy resource transfers.
Benefits for RIPE NCC members / RIPE community:
› Ensures that legacy resources are registered to the legitimate resource holders
› Safeguards resources from hijacking
› Creates a formal relationship between legacy holders and the RIPE NCC
1.1.6 Regular abuse-c Validation
Status: New
Measurable usage: Approximately 70,000 distinct abuse-c email addresses recorded in the RIPE Registry of which about 25% are expected to be incorrect.
The "abuse-mailbox:" is the attribute containing the contact email address in the abuse-c role object. With the approval of Policy Proposal 2017-02, "Regular abuse-c Validation", on 1 June 2018, we have been given a mandate to regularly validate "abuse-mailbox:" information and to follow up in cases where the attribute is deemed to be incorrect. At the time of writing, there are about 70,000 distinct abuse-c email addresses recorded in the RIPE Registry of which 10 to 25% are expected to be incorrect. After we have completed an initial validation of the existing "abuse-mailbox:" contacts, we will re-validate these on a yearly basis.
Benefits for RIPE NCC members / RIPE community:
› Improve the accuracy of abuse contact information in the RIPE Registry.
› Helps resource holders to maintain accurate registry data.
1.1.7 Internet Number Resource Investigations, and Dispute and Hijacking Handling
Status: Expanding
Measurable usage: We have investigated nearly 600 potential hijacks since 2012. From 1 July 2017 to 30 June 2018, we conducted 195 investigations, more than double the figure of the previous period. We received and investigated 588 abuse reports from 1 July 2017 to 30 June 2018.
We are continuing to see incidents where hijackers attempt to impersonate resource holders, either to gain control of their resources in the RIPE Database or to sell them to third parties who are unaware that they are not from the legitimate holder.
The hijackers are using varied and sophisticated methods to gain access to resources, such as test announcements to verify usage, falsified documents, re-registering domains and making copies of websites. Recently, there has also been a rise in the number of LIRs providing fraudulent information, notably from new members based outside our service region. This has included series of falsified documents from LIRs attempting to demonstrate an active network presence in Europe by manipulating invoices from known vendors providing services within the region. As IPv4 becomes more scarce, we expect such trends to continue for the foreseeable future, with not only legacy and Provider Independent resources being targeted, but also Provider Aggregatable address blocks. Legacy space remains particularly susceptible to hijacking attempts because we did not issue the resources and therefore have no authoritative documentation on the original distribution and changes in holdership over time. Unauthorised changes to RIPE Database objects under our administration are under continuous scrutiny and constructive advice is offered to those involved in disputed transfers. With the complexity and variety of cases rising, the amount of time we spend on counter-hijacking activities across the organisation continues to increase.
We also check for unauthorised changes to the RIPE Database objects for which we are administratively responsible (mainly independent Internet number resources).
Benefits for RIPE NCC members / RIPE community:
› Safeguarding the resources of legitimate resource holders
› Maintaining the accuracy of the RIPE Registry
1.2 RIPE Database
Status: Ongoing
FTEs: 7.6
Cost: 960
CAPEX: -
Description
The RIPE Database contains information about the IP addresses and AS Numbers used by networks within our service region. For these resources, the database carries information about their current holders along with contact details and related attributes. Resource holders are responsible for maintaining the information in the database, while we perform the role of data controller.
Benefits
- Enables a range of users to find the information they need for network troubleshooting or determining abuse contacts
- Ensures the stability of global Internet routing
- Makes sure the RIPE Database is robust and secure
- Provides greater integration with the LIR Portal
2019 at a Glance
- Implement new model of out-of-region object creation
- Abuse contact validation
- User interface improvements
RIPE Database queries per minute
2016: 20,000
2017: 22,000 (+10%)
2018: 27,000 (+23%)
The RIPE Database provides information that is crucial for network troubleshooting and determining abuse contacts. The database has a wide range of users, including network engineers, system administrators and researchers. The service is available for anyone that needs information about networks and Internet number resources.
The RIPE Database also includes the RIPE Routing Registry, which is part of the global Internet Routing Registry (IRR). The IRR ensures the stability and consistency of global Internet routing by sharing information between network operators. The IRR consists of several databases, including the RIPE Routing Registry, in which network operators can publish their routing policies and routing announcements.
We work to ensure that the RIPE Database remains a high-quality service with close to 100% uptime. We have staff on 24/7 support to ensure that any incidents are addressed quickly. However, almost all of the effort in this regard is spent pro-actively: by managing hardware, operating systems and software life cycles; by carefully testing any new releases in the Release Candidate environment; and by monitoring the service and planning for resilience and scalability.
We also work to understand and implement the wishes of the RIPE community with regards to the database. This involves working on features and changes requested by the RIPE Database Working Group, supporting RIPE policies emerging from other working groups, and keeping up with technical standards discussed in the IETF and among the RIRs.
Any remaining time is used for other improvements and feature implementations. These may be focused on improving our internal processes, but a lot of effort is also spent on improving the usability of the RIPE Database to create efficiencies for those who rely on the database for their operations. Priority-setting for these improvements is done on the basis of measurements of time spent on processes, as well as questions and requests from database users, and feedback from individual users received at training courses, meetings and other events.
1.2.1 Outreach and Support Status: Ongoing
We are committed to supporting users of the RIPE Database. Training courses on how to use the RIPE Database are provided to RIPE NCC members. Furthermore, we respond to user requests through customer support channels and through the feedback received from the bug reporting tool on our website. Requests range from users who have lost access to a maintainer object to users with problems setting up reverse DNS, to more general questions about the RIPE Database.
The development of the RIPE Database is done in close collaboration with all stakeholders. New features of the core database services are suggested, discussed and approved by the RIPE Database Working Group before they are implemented. New services that integrate with or extend the database software can also be initiated and defined in other forums such as the IETF or with feedback from training courses and direct customer contact. We are committed to providing transparency by having the software available as open source. This also enables third-party developers to contribute to the development of the database.
In 2019, we will continue to reach out to database users. The only way to provide an excellent service is by knowing the users and by involving them in the entire process.
Benefits for RIPE NCC members / RIPE community:
› Provides transparency and awareness of changes to the RIPE Database
› Ensures that our priorities for the database match the RIPE community’s
› Provides users with training and support on how to use the RIPE Database
1.2.2 New Feature Development
Status: Ongoing
Measurable achievements: Two releases from 1 July 2017 to 30 June 2018.
Improvements to the RIPE Database are made on a continuous basis. We work closely with the RIPE community to implement new features and priorities are established in cooperation with the appropriate RIPE Working Groups. We closely monitor new policies to assesses their impact on the database software and suggest implementation plans.
In 2018, we started the implementation of a new model of out-of-region ROUTE(6) authorisation as requested by the RIPE Database Working Group. This work will continue in 2019 and, by the end of this effort, the RIPE Database will be able to provide clearer information about routes and reduce the chances of out-of-region space hijacking. Throughout the year, more work will be done to comply with GDPR requirements and to provide abuse contact email address validation to improve the quality of the data in the RIPE Database. We will also work on user interface improvements that will mainly focus on the search interface.
Benefits for RIPE NCC members / RIPE community:
› Simplifies use of the RIPE Database
› Creates more efficient ways to use the RIPE Database
› Supports improving the data quality of the RIPE Database
1.3 Resource Certification (RPKI)
Status: Decreasing
FTEs: 1.0
Cost: 162
CAPEX: -
Description
RPKI is a community-driven system that allows resource holders to request a digital certificate listing the IP addresses and AS Numbers they hold. A resource certificate offers proof of holdership of a resource’s allocation or assignment by an RIR. It allows the holder of the certificate to make statements with regards to the resources listed on the certificate. The practical application offered today is the ability to use the certificates to help secure Internet routing, particularly BGP Origin Validation.
Benefits
- Offers network operators a reliable system for performing BGP Origin Validation based on the RPKI data set
- The option to run a self-hosted open source package for running a local certificate authority
- A robust, open-source validation package for using RPKI data, optionally in conjunction with supported router hardware
- A stepping stone towards full BGP security, including path validation, as developed by the SIDR working group in the IETF
2019 at a Glance
- Full replacement of new RPKI HSMs for the online services and the Trust Anchor Integration of ROUTE(6) and ROA creation
- Work on RPKI statistics
Resource certificates created
2016: 3,736
2017: 4,713 (+26.2%)
2018: 5,431 (+15.2%)
RIPE NCC announced IPv4 space covered by ROAs
2017: 14% of prefixes 28% of addresses
2018: 18% of prefixes (+33%) 30% of addresses (+8%)
The Resource Certification (RPKI) system uses open standards that were developed by the Secure Inter-Domain Routing (SIDR) Working Group in the IETF. All Regional Internet Registries are committed to operating a resource certification system, making this a global effort.
- In 2018, a new version of the RPKI Validator was implemented and the groundwork needed for replacing the hardware security module (HSM) was finalised. The full replacement of new RPKI HSMs for the online services and the Trust Anchor will be the initial focus for 2019, together with the integration of ROUTE(6) and ROA creation for a more consistent IRR. In parallel, there will be initiatives to work on RPKI statistics as a joint effort between all the RIRs for better measurements and track of adoption among the different regions.
Benefits
› Offers network operators a reliable system for performing BGP Origin Validation based on the RPKI data set
› The option to run a self-hosted open source package for running a local certificate authority
› A robust, open-source validation package for using RPKI data, optionally in conjunction with supported router hardware
› A stepping stone towards full BGP security, including path validation, as developed by the SIDR working group in the IETF
1.4 LIR Portal
Status: Ongoing
FTEs: 2.8
Cost: 680
CAPEX: -
Description
The LIR Portal is our main member interface, which allows members to manage their Internet number resources and related registration information.
Benefits
- A single place to manage Internet number resources
- Clean user interface, easy to use wizards and tight integration with the RIPE Database
- Strong security with two-factor authentication
2019 at a Glance
- Integrating LIR Portal and RIPE Database functionality
- Expanded efforts to monitor registry accuracy
Page views per month (logged in)
2016: ~150,000
2017: ~108,000 (-28%)
2018: ~88,000 (-19%)
In 2018, we continued integrating the LIR Portal and RIPE Database user interface in order to provide LIRs with a seamless experience when managing their resources.
We also started working on creating tooling to process requests for policy transfers. We will continue this effort for mergers, acquisitions, other organisational changes and new membership applications. The aim is to make the request process more user-friendly and our internal processes more efficient.
In 2019, we will maintain our focus on making it easier for members to manage their operations effectively and easily. This will become apparent with the blending of LIR Portal and RIPE Database functionality, which will bring more efficiency gains and easier management for resource holders. We will expand our efforts in 2019 to monitor and measure the accuracy.
2) Services
2.1 Training
Status: Expanding
FTEs: 12.9
Cost: 2,246
CAPEX: -
Description
We provide regular face-to-face training courses across our service region on daily operations and specialised areas, such as IPv6 and routing security. The goal of this training is to increase efficiency, raise members’ awareness of their role as part of the RIPE community and improve understanding of our procedures and tools. In addition to the face-to-face courses, we provide training courses and learning resources online, including certified training through the RIPE NCC Academy. This activity is expanding due to the addition of the new credentialing programme in the RIPE NCC Academy.
Benefits
- Helps members to understand our processes and how to request Internet number resources
- Builds knowledge of upcoming technologies, best practices, protocols and RIPE Policies
- Increases awareness of the tools and services provided by the RIPE NCC
- Members and non-members can conveniently access learning materials online
- Members have the opportunity to gain certificates demonstrating their knowledge
- Improves registry quality and helps us engage with the member base to better understand their needs
2019 at a Glance
- Launch of credentialing in RIPE NCC Academy
- Further development of online training
- Continue work on Train the Trainer programme
Webinars
2016: 42
2017: 55
2018: 33 (-40 %)
Training Courses and Workshops
2016: 90
2017: 96
2018: 97 (+1%)
For 2019, the RIPE NCC Executive Board has asked us to further develop our online learning options, enabling our members and the RIPE community to easily follow training courses and share best current practices online while allowing us to reach those members outside the regular destinations.
The focus in 2019 on Outreach and Engagement (section 3.4) is also assisted by Training Services, which provides resources for activities such as presentations at industry events and hands-on workshops at meetings. Our Train the Trainer initiative and IPv6 Roadshows are carried out by Training Services and also help to meet our goals in relation to outreach and engagement. Face-to-face training and interaction with members will remain an important part of our efforts to engage with members and find out how their needs can be met.
We coordinate with technical experts and trainers in several regions on our Train the Trainer program. This initiative prepares teams of local trainers to spread the technical knowledge required to build and operate IPv6 networks far beyond what we can achieve alone. In 2018, local trainers were trained in both the MENOG and ENOG regions.
As part of our efforts to make RIPE NCC training more relevant for operators and employers, 2019 will also see the launch of credentialing in the RIPE NCC Academy along with proctored online tests designed to ensure those who take tests in the RIPE NCC Academy are properly qualified to carry out tasks that are actually required as part of their jobs.
2.1.1 Training Courses and Workshops
Status: Expanding
Measurable usage: From 1 July 2017 to 30 June 2018, the following courses were given:
› LIR and RIPE Database Training Course: 6
› LIR Training Course: 7
› Basic IPv6 Training Course: 32
› Advanced IPv6 Training Course: 16
› BGP Operations and Security Training Course: 15
› RIPE Database Training Course: 8
› Measurements and Tools Training Course: 13
In addition to the training courses listed above, we also provide tutorials and workshops covering best current practices and popular topics such as IPv6, DNSSEC, Routing and Security to law enforcement agencies, governments and others on request. Workshops and presentations will also be given at RIPE Meetings and other industry events, which supports our Outreach and Engagement activity.
Benefits for RIPE NCC members / RIPE community:
› Helps members to understand our processes and how to request IP addresses and AS Numbers
› Assists with the IPv6 deployment process
› Builds knowledge of upcoming technologies, best practices, protocols and RIPE Policies
› Increases awareness of our tools and services
2.1.2 Online Training
We provide a wide range of online training courses and learning resources, including certified training through the RIPE NCC Academy. In 2019, we will further develop our online learning options, allowing members and the RIPE community to easily follow training courses and share best current practices online while allowing us to reach members outside regular destinations.
2.1.2.1 RIPE NCC Academy
Status: Expanding
Measurable usage: RIPE Database Expert Course: 1,820 participants; Introduction to IPv6 Course: 1,570 participants; LIR course: 720 participants
The RIPE NCC Academy is a key part of our offering of online learning resources. It provides members with an interactive portal they can use to enrol on learning modules and training courses, test and certify their knowledge, and interact with us in order to share best current practices and experiences.
In 2019, we will improve the RIPE NCC Academy by developing a more modular approach to the way its courses are organised. Our aim is to enable members to more easily tailor the resources available in the RIPE NCC Academy to their needs, allowing them to focus on and complete those modules that are most relevant to them.
Benefits for RIPE NCC members / RIPE community:
› Members and non-members can conveniently access learning materials online
› Members have the opportunity to gain certificates demonstrating their knowledge
› Members and non-members can share best current practices and experiences
› Members can interact with RIPE NCC trainers without having to travel
2.1.2.2 RIPE NCC Academy Credentialing
Status: New
In 2019, we will provide credentialing for those who successfully complete online tests in the RIPE NCC Academy. This will allow anyone who participates in our training courses to obtain valid proof of the skills they acquired. There will be a focus on ensuring that those who receive credentials are able to perform the tasks in which they have been trained, and we will work with key stakeholders from the RIPE community who will help lend relevance and credibility to the credentials.
Benefits for RIPE NCC members / RIPE community:
› Provides evidence of competencies gained from RIPE NCC training
› Adds validity to the training and e-learning certification we currently provide
› Allows members to provide evidence of having completed a training course (of having gained certification….)
› Allows RIPE NCC Academy users to obtain verified credentials
2.1.2.3 Webinars
Status: Ongoing
Measurable usage: 33 webinars were given from 1 July 2017 to 30 June 2018
We organise weekly one-hour interactive webinars, offering members the opportunity to learn from RIPE NCC trainers, watch live demonstrations and have their questions answered online. The number of participants is limited to 25 so that our trainers have enough time to address individual questions. Topics covered are:
› Introduction to the RIPE Database
› RIPE Database Advanced Topics
› IPv6 in the RIPE Database
› IPv6 Addressing Plan Webinar
› Webinar for New LIRs
› Resource Certification (RPKI)
› Advanced RIPE Atlas Usage
Benefits for RIPE NCC members / RIPE community:
› Enables interaction with RIPE NCC trainers on a variety of topics without having to travel
2.1.2.4 RIPE NCC::Educa
Status: Ongoing
In 2017, we launched RIPE NCC::Educa, a series of full-day online events with webinars that focus on a single topic. RIPE NCC::Educa features not only our trainers but also experts from the RIPE community who can give their own insight on the services and tools provided by the RIPE NCC.
The RIPE NCC Executive Board has requested development of this activity in 2019 to support members who are unable to attend face-to-face training courses.
2.2 RIPEstat
Status: Expanding
FTEs: 8.2
Cost: 976
CAPEX: 289
Description
RIPEstat is a web-based interface that provides information about IP addresses and AS Numbers and related information for hostnames and countries in one place. It presents registration and routing data, DNS data, geographical information, abuse contacts and more from our internal data sets as well as from external sources.
Benefits
- Provides current and historical information about IP addresses and AS Numbers, including those the user is responsible for
- Will provide members with routing-specific functions
- Additional targeted analysis options provided specifically for members
- Provides a single, consolidated interface for accessing all RIPE NCC public data
2019 at a Glance
- Create modernised user interface
- Allow faster access
- Increase collaboration with other RIRs
Queries per day
2016: 6 million
2017: 30 million (+400%)
2018: 55 million (+83%)
The country-based reports have been expanded by creating an interface that focuses on comparisons and country-specific reports as well as visualisations that serve interested parties beyond the network operations community. We plan to continue this work in 2019.
Usage of RIPEstat has increased significantly: the number of queries against the API increased five-fold within a year. Even though the scale of growth was larger than anticipated, the serving infrastructure kept up with the increased load and there seems to be no inherent bottleneck limiting growth to meet future demand.
Using feedback from RIPEstat users, we will continue to evaluate other tools and features that can be incorporated to make the service more useful to members and the RIPE community. Based on this feedback, in 2019, we plan to enhance the user experience with a modernised user interface, faster access and more accurate data. We will also collaborate with other RIRs to extend data sources and reach as well as incorporate local knowledge. This shared effort among the RIRs should also bring increased efficiencies across our data projects.
Surrounding all this is the need to keep the system scalable for current and future demand. This will be important as RIPEstat maintains its status as a reliable source of information on Internet resources for various user groups.
2.3 RIPE Atlas and RIS
Status: Decreasing
FTEs: 8.3
Cost: 1,022
CAPEX: 360
Description
RIPE Atlas is a leading Internet active measurement network that collects unique data, providing valuable live and historical information about the reliability of networks and the Internet’s reachability and connectivity. We operate globally distributed measurement networks for the purpose of collecting data on Internet infrastructure, usage and development.
Benefits
- Provides timely, hard data on topical issues such as country-wide Internet outages
- Offers topical measurements and data analysis for members
- Interfaces with network monitoring tools to add global-monitoring capabilities
- Provides datasets that can be used to analyse the operation and growth of the Internet
- RIS provides data that can be used in tools such as RIPEstat and RIPE Atlas
2019 at a Glance
- Continue strategy to have probes cover as many ASNs as possible
- Expand network to include “software probes” and virtual anchors
- Enhance existing tools and create better visualisations
Connected RIPE Atlas probes
2016: 9,232
2017: 9,860 (+6.8%)
2018: 10,370 (+5.2%)
Measurement results per day
2016: ~350 million
2017: ~420 million (+20%)
2018: ~490mln (+16.7%)
RIPE Atlas anchors
2016: 200
2017: 250
2018: 322
RIPE Atlas has proven to be a very useful measurement infrastructure used by operators and scientists to observe the Internet, track changes in networks and diagnose networking issues, among other things. We continue to receive very positive feedback on the value of RIPE Atlas from different groups, including our members, Internet service providers around the world, press agencies, and researchers and scientists.
RIPE Atlas currently allows users to run their own measurements that test reachability and round-trip times, traceroutes, DNS, NTP measurements and more – from more than ten thousand vantage points around the globe. All measurements are aggregated and provide a big-picture view of the Internet available in several formats – downloadable data, real-time streaming, various APIs and visual “traffic maps”.
Since 2014, we have only used external funding to purchase probes, and this approach will continue in 2019. We met the target of 10,000 probes in 2017 and consequently changed our distribution strategy to cover as many ASNs as possible.
In 2018, we continued to add features and extensions: further development of the APIs, more support tools, faster response times for the main site, significantly improved probe stability, easier access of bulk data, extended support for RIPE IPmap, and more.
In 2019, we plan to evaluate the feasibility of expanding the network to include "software probes", whose introduction would allow users to contribute from networks where running a hardware device is inconvenient or otherwise not desirable. Based on community input, we also plan to expand the set of "virtual anchors", cooperating with partners that can host these in otherwise hard-to-reach networks, potentially providing coverage of multiple well-known providers.
In 2019, we also plan to enhance the existing tools built around RIPE Atlas to enable more use cases related to monitoring and troubleshooting. We will work on better visualisations of the collected data, and better use of the availability of real-time results. This work includes enhancements to tools such as RIPE IPmap (infrastructure geolocation services) and end user-to-end user measurements (former eyeball and IXP "Jedi" prototypes).
Benefits for RIPE NCC members / RIPE community:
› Provides timely, hard data on topical issues such as country-wide Internet outages
› Offers topical measurements and data analysis for our members
› Interfaces with network monitoring tools and adds global-monitoring capabilities to such tools
› Provides datasets that can be used to analyse the operation and growth of the Internet
2.3.1 RIPE Atlas Anchors
Status: Ongoing
Measurable usage: 322 RIPE Atlas anchors deployed by 30 June 2018
RIPE Atlas anchors are essentially enhanced probes with far greater measurement capacity than regular RIPE Atlas probes. They basically provide two functions: they perform far more measurements than regular probes and act as stable, cooperating regional targets for measurements originating from probes throughout the RIPE Atlas network. This allows users to examine measurement traffic at both the source and the destination. RIPE Atlas anchors are hosted by interested organisations (mostly data centres and IXPs), who receive additional benefits for their contribution. RIPE Atlas anchors are also used as vantage points for DNS Monitoring.
We continue to deploy RIPE Atlas anchors in various partnering networks in order to provide a wider distribution of measurement targets. We also have a successful partnership with some of the other RIRs, who are sponsoring the deployment of anchors in their service regions.
In 2018, we ran a pilot service to evaluate the introduction of "virtual anchors", which are functionally equivalent to hardware anchors but run in host-provided VM containers instead. It's expected that these virtual anchors will be deployed on a wider scale in 2019 throughout the global Internet.
2.3.2 Routing Information Services (RIS)
Status: Ongoing
We operate globally distributed measurement networks for the purpose of collecting data on Internet infrastructure, usage and development.
We work with a range of stakeholders to unify, optimise and develop new interfaces for this data, while performing life-cycle maintenance on the collector hardware. Data collectors and back-end systems have been replaced by a new hardware and software platform that is easier to deploy and maintain. This new architecture enables us to provide near real-time route updates to our back-end infrastructure. The RIS data is and will be accessible via RIPEstat as outlined in the sections above, and it is also available in the form of MRT dump files for those parties that prefer to create their own visualisations or reporting based on the RIS data.
In 2019, the emphasis for RIS will continue to be on improving the scalability of the back-end infrastructure and making the near-real time data more widely available.
The RIS collector network will be expanded modestly with a maximum of five nodes per year in network areas not currently covered by the RIS project. We adapted to this model following feedback from the Routing Working Group at RIPE 71. Independently, we may consider adding new RIS collectors in locations that bring significant additional routing visibility to the RIS project, and where a local host is able to sponsor the required collector hardware according to our specifications.
Benefits for RIPE NCC members / RIPE community:
› Provides datasets that can be used to analyse the operation and growth of the Internet
› Provides data that can be used in tools such as RIPEstat and RIPE Atlas
2.4 Other Services
Status: Decreasing
FTEs: 2.6
Cost: 369
CAPEX: -
Description
We manage the complete lifecycle of RIPE NCC memberships and of those wishing to take advantage of our services (e.g. legacy resource holders). This includes queries from potential members, applications, administrative and contractual changes, billing enquiries and account closures. We also run the RIPE Database Proxy Service, the Near Real Time Mirroring (NRTM) service and the LISP EID Registry for the benefit of the RIPE community.
Benefits
- New customers are guided through the application process
- Support is given when administrative questions arise
- Members are kept aware of services, tools and features
- Members can receive personal support via Live Chat
2019 at a Glance
- Cater for expected increase of 4,725 members
- Expected increase in transfers and hijacking cases
- Implement improved processes
RIPE NCC LIR Accounts
2016: 13,700
2017: 16,200 (+18%)
2018: 19,400 (+20%)
2.4.1 Membership Lifecycle Management
Status: Ongoing
Measurable usage: 19,400 Local Internet Registries (LIRs); 4,064 membership applications; 3,684 accounts activated; 40,381 member enquiries
In 2019, we expect to see a further substantial increase in the number of LIRs, leading to a greater number of applications and requests for support. The growing IPv4 transfer market is expected to continue generating high numbers of requests to update the registry as members get their administration in order. Furthermore, we will continue to perform increased due diligence on membership applications and registry update requests to secure the quality of registry data.
In 2019, we will continue to review our processes to better understand and improve the customer experience and increase efficiency. Customer feedback will be actively sought, tracked and shared internally to remain aware of the expectations and opinions of our customers.
Benefits for RIPE NCC members / RIPE community:
› New customers are guided through the application process
› Support is given when administrative or financial questions arise
› Members are kept aware of services, tools and features
› Members can receive personal support via Live Chat and in other languages where possible
2.4.2 Near Real Time Mirroring (NRTM)
Status: Ongoing
Measurable usage: 28 users of the NRTM service
The Near Real Time Mirroring (NRTM) service provides members with a local copy of the RIPE Database. This local copy is kept up to date with modifications from the RIPE Database in near real time. The NRTM feeds do not contain any personal or private data.
Benefits for RIPE NCC members / RIPE community
› Provides members with a local copy of the RIPE Database
› Enables members to use RIPE Database data (e.g. routing data) in near real time to manage their networks without the need to continuously query the RIPE Database for changes
2.4.3 LISP EID Registry
Status: Ongoing
At the IETF, an Internet Draft for the allocation of LISP EID (Locator/Identifier Separation Protocol Endpoint ID) address prefixes was submitted. LISP EID is a “map-and-encapsulate” protocol.
The basic idea behind the separation is that the Internet architecture combines two functions: routing locators (where a client is attached to the network) and identifiers (who the client is) in one number space, the IP address. The IETF LISP Working Group has requested a trial period of three years for this protocol extension. During these three years, interested parties can request IPv6 address space from a specific designated experimental block. The LISP EID Registry was implemented in 2016, and we are now responsible for the management and registration of this temporary experimental address space.
3) Coordination Activities
3.1 DNS and K-root Operations
Status: Expanding
FTEs: 4.3
Cost: 1,307
CAPEX: 665
Description
We provide DNS coordination and support activities as well as reverse DNS services for the IPv4 and IPv6 address space that we manage. For reverse DNS (rDNS) associated with the address space managed by other RIRs, we provide secondary DNS services to support the reliability of reverse lookups.
Benefits
• Provides reverse DNS services for RIPE NCC members with registered IP addresses
• Ensures the stability and diversity of the DNS root name server system
• Guarantees the neutral, impartial and professional provision of key high-level DNS services
• Provides a secondary service for ccTLD operators
2019 at a Glance
• Increasing capacity of K-root to be able to absorb larger DDoS attacks
• Increased coverage of K-root in less well-served places
• Providing secondary DNS service to fewer ccTLDs
• Run hosted DNS servers as a service
• Updating procedures for ENUM delegations
K-root instances
2016: 42
2017: 53 (+26%)
2018: 61 (+15%)
The scalability of the DNS infrastructure for primary, secondary and reverse DNS services is improved based on the requirements specific to each of these services.
Our primary and secondary DNS services have traditionally been served from three locations, in Amsterdam, London and Stockholm, to provide resilience and geographical coverage. In 2016, we decided to look for a third party to provide secondary DNS services for www.ripe.net and some other RIPE NCC domains. An external service provider was selected after following an open Request for Proposal (RfP) process. In addition to the three existing locations, service of these main RIPE NCC domains has, since 2016, also been provided from several tens of additional locations worldwide, via the partnering service provider.
During 2017 and 2018, we ran an experiment to test applicability of the “hosted server” model also to the DNS services provided from our authoritative DNS services platform, which supports reverse DNS operations as well as ripe.net and ccTLD services. The intention was to work with local sponsoring hosts, similar to how we already work with sponsoring local hosts for K-root anycast services. Based on the results of these experiments, we will run hosted servers as a service in 2019. We will control the servers, but the hardware and colocation will be provided by a local host. In essence, this clones the existing K-root model for DNS services.
K-root and other DNS service nodes will continue to be well maintained and supported. As a consequence, necessary lifecycle upgrades and replacements are planned for 2019 and there will be a staggered implementation.
Security-related aspects, as well as global measurement and reporting on our DNS services (for example by providing RSSAC002 data to the public) are becoming increasingly important and will continue to be areas of focus in 2019.
This activity is expanding due to the reasons explained in the more detailed sections below.
3.1.1. Reverse DNS and Reverse DNS Support
Status: Expanding
Measurable usage: three reverse provisioning instances; approximately six billion reverse DNS queries daily
We delegate reverse DNS zones for the address ranges we manage. To support this service, we provide reliable, authoritative name servers.
We consider DNSSEC support a given for any DNS service provider and sign all our zones. We also provide tools for users to secure delegations received from us and we are continuing to improve these. In addition, we share experience by publishing operational white papers, documentation and software toolkits.
Benefits for RIPE NCC members / RIPE community:
› Supports the proper address-to-name mapping for addresses allocated to the RIPE NCC
› Provides reliable and secure reverse DNS services
› Supports the operation and maintenance of DNSSEC
3.1.2 Secondary DNS Service
Status: Ongoing
Measurable usage: 32 TLDs hosted as secondary for ccTLD operators
We offer a free secondary name service to the other RIRs, and additionally to 32 country code top-level domain (ccTLD) operators who are in the start-up phase of their operations. We no longer provide this service to well-established ccTLDs.
The community has provided guidelines on the eligibility of ccTLDs to receive this service, as documented in ripe-663. In 2016, we started to apply this criteria to new requests for service and to re-evaluate the eligibility of ccTLDs currently receiving the secondary service. This review process concluded during 2017. By July 2018, the number of ccTLDs receiving this service was reduced to 32. In 2019, we will continue to apply this criteria to any new applicants that wish to make use of our secondary DNS service.
Benefits for RIPE NCC members / RIPE community:
› Supports the stability of the global DNS by offering a professional service to the other RIRs and to developing ccTLD operators that require it
3.1.3 DNS Service in the e164.arpa Domain (ENUM)
Status: Ongoing
Measurable usage: 51 delegations in the ENUM (e164.arpa) zone
The Internet Architecture Board has an agreement with the RIPE NCC under which we provide technical operation of the e164.arpa domain. This domain implements support in the DNS for the ENUM protocol, which allows the mapping of telephone numbers to domain names to facilitate services such as Voice over IP. In 2019, we will work on updating the procedures for ENUM delegations.
Benefits for RIPE NCC members / RIPE community:
› Supports the operations of one of the systems required for the deployment of the ENUM protocol, promoting increased integration between the Internet and services provided through the traditional telephony infrastructure
› Supports security of the e.164.arpa domain by deploying and maintaining DNSSEC and allowing secure delegations from ENUM operators
3.1.4 K-root Operations
Status: Expanding
Measurable usage: 61 K-root instances at 30 June 2018; approximately seven billion queries daily
Root name servers are a crucial part of the Internet DNS infrastructure. We operate the K-root service through a set of globally distributed anycast clusters. We have operated the K-root server since 1997, when the first server was installed at the London Internet Exchange (LINX). We have since deployed five global nodes of the K-root name server and, with help of the community, added several tens of K-root hosted nodes. Since 2003, we have been using anycast to provide the K-root name service.
Since 2016, we have been implementing an expansion plan for K-root that was proposed to the community in 2015. Following this approach, we have been able to substantially expand and improve the global coverage and reachability of K-root, supported and sponsored by organisations that opted to have a K-root hosted node in their own network. The cost of these nodes is covered by the hosts rather than the RIPE NCC.
By 30 June 2018, we had a total of 61 K-root nodes spread over a wide range of locations. We increased coverage in less well-served places such as Panama City, Dushanbe, Manama, Sofia and Nuuk. This expansion plan will continue in 2019 and we expect to see around ten more hosted nodes added to the K-root anycast service.
For 2019, the RIPE NCC Executive Board has approved budget that will allow us to build a new K-root site with 100G capacity. This means that we will move from a lower-tier root to become one of the mid-range roots in terms of capacity. The root system has recently been subjected to larger and more frequent attacks, and this increase in capacity will allow K-root to absorb these larger DDoS attacks.
Benefits for RIPE NCC members / RIPE community:
› Provides a resilient, efficient, secure and high-quality service
› Can help with the isolation of an “external” Denial of Service (DoS) attack and localises the impact of a “local” DoS attack
› Efficiently maintains the network of K-root anycast instances by monitoring network and instance problems, performing trend analysis and determining if, and where, other anycast nodes should be deployed.
3.2 Data Analysis and Scientific Support
Status: Expanding
FTEs: 4.7
Cost: 572
CAPEX: -
Description
We have a long-standing tradition of providing the operator community with data analysis about the state of the Internet and providing new and innovative tools that help the community understand various aspects of routing, DNS, reachability and other topics.
Benefits
- Regular reporting and analysis of various RIPE NCC-related statistics such as Internet number resource usage
- Accurate and methodological analysis of Internet events, with a particular emphasis on using data collected by our measurement systems
- Publication of interesting findings about the working of the Internet, relevant to network operators
- Prototypes of new and innovative tools that have the potential to become future RIPE NCC services
2019 at a Glance
- Development of collaborative research program
- Continuing contributions to scientific analyses and publications
- Development of prototype tools that can add operational value to the membership and community
In 2019, we will continue to work on scientific publications and analyses. As an ongoing activity, we will also continue to develop prototype tools that, if they show enough operational value to our membership and the community at large, can be evolved into future RIPE NCC services. We will also aim to work with well-known publishing outlets to keep the technical community up to date with developments and changes in the global Internet infrastructure, such as the effects of natural disasters. In this way, we can provide intelligence in a variety of arenas to act as an early-warning system for members and the community. Improving our intelligence-gathering mechanisms will also allow us to gain better understanding of the global Internet and adapt quickly to changes and new conditions.
We also have a history of engaging in collaborative research and analysis, the results of which have benefitted the Internet technical and research communities with innovative findings.
In 2019, we will continue with a structured approach to developing our collaborative research program with external parties. A dedicated budget will help attract interns and researchers from around the world to spend several weeks at the RIPE NCC, where they will work closely with staff researchers. Applications will be open, and the research results of these collaborations will be made publicly available.
3.3 RIPE Labs
Status: Ongoing
FTEs: 1.9
Cost: 319
CAPEX: -
Description
RIPE Labs is a platform for network operators, developers and industry experts to publish, test and discuss innovative Internet-related tools, ideas, analysis and statistics that can benefit members and the RIPE community. These ideas are being developed both within the RIPE NCC and the community at large. RIPE Labs also provides the location for reporting on RIPE NCC Hackathons and the resource centre to support network operating groups in the service region.
Benefits
- Informs the community about new ideas and prototypes we are working on
- Provides a platform for community members to present and discuss their research
- Provides a channel for community feedback
- Provides a statistics dashboard showing a large range of operational statistics
2019 at a Glance
- Continued efforts to source good content and research from the technical community
- Promoting and publishing the work and research that emerges from RIPE NCC Hackathons
- Further developing efforts to be a resource centre for Network Operator Groups (NOGs)
Articles published
2016: 97
2017: 155 (+60%)
2018: 196 (+26%)
In 2019, we will continue to reach out to the wider community and to attract content from external sources such as researchers, network operators and experts in other fields who can give insight to the RIPE community. In the year to 30 June 2018, about 115,000 unique visitors came to RIPE Labs.
RIPE Labs also serves a valuable function in promoting and publishing the work and research that emerges from RIPE NCC Hackathons. These hackathons have proven to be very successful in fostering engagement with talented people who produce innovations that the whole community can benefit from. In 2018, we organised two hackathons, one on community tools and one on the topic of Quantum Internet. All results are published on RIPE Labs. In recent years, we have been able to offer expertise to others in the community who want to organise hackathons and we continue to provide documentation and advice. We will again organise two RIPE NCC Hackathons in 2019.
RIPE Labs also became a resource centre for network operator groups (NOGs) in our service region. We attach great importance to the development of local networking communities and we are happy to be able to support new and established NOGs by providing sponsorship, expertise and a platform on RIPE Labs to share information and learn from each other’s experiences. In 2019, work will continue to further develop this area of RIPE Labs, helping to meet the strategic goals of increasing engagement with our members and getting to better know them and their needs.
3.4 Outreach and Engagement
Status: Expanding
FTEs: 20.4
Cost: 4,396
CAPEX: -
Description
We engage with a wide range of external parties, including our members, the technical community, governments, law enforcement and other communities to achieve our strategic goals.
Benefits
- Ensures we can better understand and respond to the needs of all stakeholders
- Contributes to the strength and legitimacy of the bottom-up community driven policy-making, as practiced in the RIPE community
- Promotes openness and transparency in the development of public policy relating to the Internet, as well as raising any specific concerns for the RIPE NCC membership or the RIPE community
- Ensures the RIPE NCC is at the forefront of global Internet administration
2019 at a Glance
- Tailor engagement with members from specific countries and sectors
- Contributing to regional and national Internet governance
- Establish strategic partnerships with parties for the benefit of the membership and community
- Ensure that we continue to play an authoritative role in guiding Internet administration
Outreach and engagement will continue to be one of our strategic focus points in 2019. Activities in this area are fundamental to our need to better understand our member base and to defend and support the global Internet registry system and its bottom-up policymaking processes.
3.4.1 Member Outreach
Status: Expanding
Measurable usage: 15 member lunches between 1 July 2017 and 30 June 2018 each held in different countries from across the RIPE NCC service region
Engaging our membership is critical to ensuring that we can better understand the organisations that make up our member base, communicate effectively with them, collect feedback and input, and develop our services and activities in response to that input. In 2019, we will further develop our ability to tailor our engagement for members from specific industry sectors and better understand their specific needs and concerns.
The geographic size and diversity of our service region, which covers 76 countries, and strong continued growth in the number of members, pose ongoing challenges to this engagement and inform many of our member outreach strategies.
Outreach to our membership on a local level remains a key focus point. This has led to us organising Member Lunches across our service region (15 over the past year), and we will continue this activity in 2019. These events can be targeted at members in a certain city or country, or at members from a specific industry sector, such as banking and finance. They allow our staff to engage with members who may not be able to attend a RIPE Meeting or RIPE NCC Regional Meeting and to learn more about local issues shaping the Internet landscape, and can often be arranged adjacent to existing events. Members on a national level are also increasingly eager to partner with the RIPE NCC and work on the development of the Internet within their countries.
At the same time, these member engagement activities are enriched by data and analysis developed by the RIPE NCC in relation to specific communities and published on RIPE Labs. The regular publication of studies looking at technical data, levels of participation in RIPE and RIPE NCC activities, and local or regional comparisons provide the membership with timely and relevant information, while building our reputation as a trusted source of data.
In 2019, we will conduct a survey of our membership and other stakeholders to assess their needs and opinions about the RIPE NCC. The 2016 survey received over 4,000 responses that were a key component in gaining a better understanding of member and stakeholder needs and which helped form our strategy for the three-year period 2017-2019.
3.4.2 Stakeholder Engagement
Beyond our membership, we have a diverse range of stakeholders with whom we engage. All of these engagements are driven by a combination of two concerns:
› The interests of the RIPE NCC as an organisation with specific responsibilities under the law and to our membership
› The RIPE community’s interest in safeguarding the health and sustainability of the Internet itself
The technological, business and regulatory landscape in which all Internet stakeholders operate will continue to evolve in 2019. Our engagement activities will reflect this, with a focus on:
› Internet technical community groups (including Network Operator Groups (NOGs) and Internet Exchange Point (IXP) communities)
› Internet industry and professional groups (including groups focused on specific industry segments, such as the Internet of Things)
› Academia and the research community
› Public sector (including governments, regulators, law enforcement agencies (LEAs) and international organisations)
› Partner organisations (ICANN, IANA, IETF, ISOC, RIRs); see section 3.8
Engaging with technical and other communities
We are committed to supporting the development and activities of the technical community across our service region, particularly at the local and regional level. Effective community structures and participation at this level are vital in developing the local industries, but are also crucial to the bottom-up model of policy development, providing all stakeholders with the means to contribute and have their voices heard.
Our support for and engagement with the technical community includes:
› Support (through financial contributions and active participation) for Network Operator Groups (NOGs), Internet Exchange Points (IXPs) and local technical community events
› Working with local communities to organise RIPE NCC Regional Meetings, including sessions attached to MENOG and ENOG, the SEE Meeting, and events in Central Asia and the Middle East
› Contributing to regional and national Internet governance events
› Educational initiatives, including regionally targeted events (training events for IPv6 and other topics) and online webinars and educational content
› Participation in and co-hosting of local events
Engaging with industry
Outreach to industry partners is vital to ensuring that we are aware of new technologies, new business models or other developments that could impact our operations or those of our members. Issues on which we are engaging industry partners include the Internet of Things (IoT) and the growth of mobile Internet use, with related outreach activities including:
› Organisation of issue-focused meetings and events, bringing together our membership, RIPE community and other stakeholders to consider the relevance to the RIPE NCC and RIPE
› Participation in industry groups such as the Alliance for IoT Innovation (AIOTI), and coordination with industry bodies such as the European ISP Association, the Arab ISP Association, GSMA (the global mobile industry association), the SAMENA Telecommunications Council, and other relevant groups
Engaging with the academic community
The RIPE Academic Cooperation Initiative (RACI) will continue as a significant activity, providing opportunities for greater academic involvement in RIPE community events, including RIPE, MENOG, ENOG and SEE Meetings. The program has proven to be popular and useful for both the RIPE community and for Internet researchers, and contributes to the long-term development of RIPE by bringing interesting and relevant research into the community’s conversations.
In addition, we are engaging with universities across the service region to raise awareness of the Internet registry system, bottom-up policymaking practices and the fundamentals of Internet networking technology with students from technical, business and legal fields. To this end, in 2018, we launched a pilot project with the American University of Beirut, which will involve them incorporating several of our e-learning modules into their computer science department’s curriculum for the autumn of 2018. Students at the university will obtain credits for completing these modules as part of their degree.
Engaging with the public sector
We engage with government, regulators and law enforcement to ensure that we understand the impact of legislation and regulation on our organisation, that public policy makers are well informed on issues relating to the registry system and the RIPE community, and that we can inform our membership and community of relevant developments in regulation or public policy. Activities include:
› RIPE NCC Roundtable Meetings for Governments and Regulators across the service region. In 2017, the first of these meetings were held outside of Western Europe (one in the Middle East and one in the CIS region). We will continue to organise annual events targeting the governments in each of these regions going forward.
› Engagement with law enforcement representatives via direct capacity-building efforts with specific agencies (including webinars and in-person training events) and targeted participation in relevant forums and events.
› Participation in international discussions of Internet-related public policy development in forums including:
- The International Telecommunication Union (ITU) and its regional coordination groups (CEPT Com-ITU in Europe, RCC in the CIS region, and the Arab Group in the Middle East)
- The Internet Governance Forum (IGF)
- Regional and national Internet governance events
- The Organisation for Economic Cooperation and Development (OECD)
- The United Nations World Summit on the Information Society (WSIS)
› Cooperative educational and capacity building initiatives with public sector organisations and industry partners.
We continue to closely follow relevant regulatory and legislative developments across the service region, particularly as they affect the services that we provide. To this end, we will continue working with partners to follow discussions in the European Union institutions and in the Dutch government.
In past years, we have established strategic partnerships with various parties, including some in the public sector, for the benefit of our members and the RIPE community. These partnerships provide positive outcomes for the RIPE NCC and ensure greater transparency regarding our institutional relationships. These agreements are documented on www.ripe.net and any new agreements that we enter into will be announced as they are signed.
3.5 IPv6 Support
Status: Decreasing
FTEs: 1.2
Cost: 117
CAPEX: -
Description
We focus a great deal of our outreach efforts on IPv6 awareness-raising across the full range of RIPE NCC stakeholder groups.
Benefits
- Builds awareness among all Internet stakeholders of the need to deploy IPv6
- Ensures that the interests of our membership and the technical community are represented in all relevant forums
- Promotes capacity building, particularly in developing areas, and facilitates knowledge sharing with global experts
2019 at a Glance
- Enhance online IPv6 education offering
- Provide more success stories that other people can replicate
- Develop Train-the-Trainer programme in ENOG and MENOG regions
IPv6 support includes work to encourage IPv6 take-up and deployment among the technical community and RIPE NCC membership as the available pool of IPv4 address space continues to deplete. There are also ongoing efforts to inform and educate governments, regulators and LEAs about IPv6 deployment, engagement with national forums and task forces, and meetings with LEAs around the world.
While there will remain a strong focus on the technical and operational aspects of deploying IPv6, RIPE NCC management has decided that efforts will continue to be made to raise awareness of IPv6 among decision- makers. This will be supported by the IPv6 Programme Manager, who will dedicate efforts to IPv6 awareness-raising activities.
In 2019, we will continue with the Train-the-Trainer programme and we will enhance our online IPv6 education offering. There will be more resources to learn about IPv6 and, particularly, we will publish more real use cases that can be used to create guides for those who want to replicate the successful IPv6 deployments of other people in the community.
3.5.1 Training and Education
3.5.1.1 IPv6 Roadshows in the MENOG and ENOG Regions
Status: Ongoing
The IPv6 Roadshows are three-day events providing hands-on training for network engineers in the MENOG and ENOG regions who are involved in the operation of private and public sector networks.
In 2019, we will continue to work with local partners in these regions, including governments, to develop the Train-the-Trainer programme. The programme aims to provide training and certification to external trainers in certain areas of our service region. The goal is to make sure that countries with fewer learning opportunities can receive the right amount of training in their local language. In the MENOG and ENOG regions, there will be an ongoing effort to broaden the pool of Russian, Farsi and Arabic-speaking trainers and increase the amount of capacity building resources in the region. The goal is to create a broad pool of Russian, Farsi and Arabic-speaking trainers who can assist in delivering roadshows and also carry out their own IPv6 events with RIPE NCC support.
Benefits for RIPE NCC members / RIPE community:
› Provides education and capacity building in a context that recognises the specific needs of those in the MENOG and ENOG regions
› Builds relationships with public sector bodies and actors in the relevant regions
› Enables local trainers to acquire the knowledge and skills to educate their communities
3.5.2 Online IPv6 Resources, Measurements and Analysis
Status: Ongoing
We support IPv6 adoption by providing resources, measurements and analysis to our membership and the wider RIPE community. This activity includes maintenance of the IPv6ActNow section of the website, the provision of IPv6-related statistics and the IPv6 RIPEness rating system, which measures and ranks the IPv6 preparedness of individual RIPE NCC members based on a number of specific indicators.
Recognising the advances being made in the deployment of IPv6 in several markets in our service region, we will continue working on including case studies and background information about successful IPv6 deployments on RIPE Labs. In collaboration with local and regional communities, we will encourage and facilitate community members to share their operational experience with IPv6.
Monitoring and measuring the level of IPv6 deployment among members and Internet end users in general remains an important focal point. These measurements will provide an important basis to monitor progress as well as help the community to measure the quality of IPv6-based communications. With significant advances in the deployment of IPv6 in several networks and markets, RIPE NCC management has decided to put additional focus on providing statistics that can help the public sector to evaluate and identify successful programmes to incentivise IPv6 deployment.
Benefits for RIPE NCC members / RIPE community
› Provides comprehensive, impartial information to assist in deploying IPv6
› Provides analysis on the rate of IPv6 deployment
› Encourages our members to become IPv6-ready and rewards them for doing so
› Provides a unique indicator of IPv6 readiness across our service region (and at more specific levels, including by country, sector, LIR size)
3.6 RIPE Meetings
Status: Expanding
FTEs: 6.2
Cost: 2,070
CAPEX: 31
Description
We organise two five-day RIPE Meetings each year at various locations throughout our service region, trying to vary these geographically. RIPE Meetings bring together Internet service providers (ISPs), network operators and other interested parties from all over the world. We provide all administrative, logistical and technical support.
Benefits
- Supports the open, bottom-up, industry self- regulatory structure
- Stimulates participation of the RIPE community in the IP policy-making process and the technical coordination of IP networking
- Facilitates networking opportunities with key players in the Internet industry
- Contributes to the stable operation of the RIPE NCC by allowing for guidance and advice from the RIPE Working Groups
- Contributes to meeting all four strategic goals set by the RIPE NCC Executive Board
2019 at a Glance
- Catering for higher demand to attend RIPE Meetings
- Developing ways to improve networking opportunities for meeting attendees
- Continued support for RIPE Fellowship
Attendees per meeting
2016: 650+
2017: 600+
2018: 650+
RIPE Meetings allow our members and the wider community the opportunity to meet RIPE NCC staff in person. Our staff are there to provide consultation on a range of topics, deliver tutorials and presentations, and answer questions about our services. This kind of engagement is crucial in helping us to understand the needs of our members and build productive relationships with members of the RIPE community.
In 2018, we took steps to make RIPE Meetings more inclusive and to provide attendees with better networking opportunities. The RIPE Networking App, developed in-house and made available in 2017 for attendees at RIPE Meetings and other events we organise, is highly used by attendees to arrange meetings with each other and RIPE NCC staff. In 2019, we will continue to improve this tool and introduce requested features, as its use is expected to increase. We will also continue our work with the RIPE Diversity Task Force to make RIPE Meetings more inclusive, and will continue to offer on-site childcare for attendees (following a successful pilot in 2018) and support events such as the Women in Tech lunch. The costs for 2019 are expected to be higher due to the location costs for the planned RIPE Meetings.
We expect that both RIPE Meetings in 2019 will receive over 600 attendees. This is due to a steady rise in our membership (resulting in more free tickets to new LIRs). For those who are unable to RIPE Meetings in person, state of the art webcasting services and live transcription will be made publicly available. The costs of RIPE Meetings are partially offset by sponsorship received from third parties.
3.6.1 RIPE Fellowship
Status: Ongoing
The RIPE Fellowship will further be developed in 2019. The program provides assistance for interested individuals from across the service region to attend RIPE Meetings, participate in policy discussions, and network with industry peers and others. Funds are used to cover travel, accommodation and meeting registration costs, with successful applicants identified by the RIPE NCC Executive Board.
3.7 RIPE Policy and Community Support
Status: Ongoing
FTEs: 1.5
Cost: 183
CAPEX: -
Description
We provide support to any and all stakeholders who wish to participate in formulating RIPE Policy or who wish to be part of the RIPE community. We support the RIPE Policy Development Process (PDP) and offers assistance to the RIPE Working Groups and Working Group Chairs as required so that they are able to develop policy in a consensus-based, bottom-up manner.
Benefits
- Encourages participation in the RIPE Policy Development Process
- Helps to anticipate problems related to the PDP or policy proposals by analysing their potential impact for the community
- Provides transparency and consistency of the procedures
- Translates RIPE Policy into RIPE NCC procedures
- Documents and maintains a clear overview of new and changed procedures
New policy proposals by year
2016: 5 (-58%)
2017: 5 (+0%)
2018: 4 (-20%)
2019 at a Glance
- Emphasis on increasing engagement with PDP
- Efforts to include participants from non-traditional sectors
We provide information and statistics to various working group mailing lists and creates impact analyses that highlight the expected outcome of RIPE Policy proposals to facilitate community discussion. We also implement procedures as part of the RIPE Policy Development Process.
In recent years, important stakeholders within the Internet community, both technical and non-technical, have shown greater interest in the RIR system. We play an active role in promoting the bottom-up policy development process to support:
› The engagement of community members with the PDP
› The engagement of all stakeholders in the Internet community that look to RIPE as a model of effective policy-making
› Understanding our role in the coordination of Internet policy
› The existing collaborations with other important Internet institutions such as ICANN, the ASO AC and the NRO
The RIPE NCC maintains a number of high-volume external mailing lists. Traffic is closely monitored and efforts are made to support subscribers with problems and to control spam so the mailing lists can be easily and efficiently moderated without losing any End User functionality.
Starting in 2014, we have placed greater emphasis on growing community engagement with the PDP by facilitating accessibility, communication and greater information dissemination within the RIPE community. This has included improvements of announcements and our website, regional outreach activities and providing multilingual PDP updates. As a result, an increasing variety of people have participated in policy-related mailing list discussions in the past years.
In 2019, we will continue to encourage further engagement with the PDP for technical and non-technical members of the RIPE community. A shift has been observed on potential policy topics. Beside the ongoing consolidation of resource policies, policy changes that improve the quality of registration data are expected to increase. While continuing to provide high-level support to everyone interested in the PDP, special attention will be given in 2019 to trying to include potential new participants from non-traditional parts of the RIPE community.
3.8 ICANN/IANA/IETF/ISOC/RIRs
Status: Decreasing
FTEs: 2.7
Cost: 1,065
CAPEX: -
Description
We are strongly committed to maintaining close relationships with our industry partners, including the four other Regional Internet Registries (RIRs), ICANN, the Internet Engineering Task Force (IETF) and the Internet Society (ISOC).
Benefits
- Ensures that we are widely recognised as accountable and legitimate in our role as a Regional Internet Registry
- Promotes the open, bottom-up, industry self- regulatory structure common to the RIR communities and other Internet technical coordination bodies
- Facilitates coordinated implementation of global policies developed by the Policy Development Processes (PDPs) of the five RIRs, and contributes to the global legitimacy of bottom-up, community-driven policy-making processes
- Facilitates the general technical and outreach coordination necessary to support the stable operation and governance of the Internet
2019 at a Glance
- Building cooperative engagement efforts alongside industry partners
There is a focus in recent years from all Internet stakeholders on the accountability and legitimacy of those organisations with an administrative role in the global governance of the Internet. This includes the RIRs, as part of the global Internet registry system, and we will continue to work closely with all participants in this discussion in a variety of venues. The work we carry out in this arena is an extremely important part of meeting the strategic goal of ensuring the resilience and stability of the RIR system.
We have also confirmed its strong support for the IETF and its role in the development and implementation of technical standards and coordination among those who support the global operation of the Internet. In 2016, we committed to annual contributions to support the long-term sustainability of the IETF through to 2026.
We will continue to work with Internet industry organisations to ensure strong, coordinated communication on issues where there is a common technical community position, such as the promotion of IPv6, IXPs, and supporting the bottom-up policymaking process. With technical community partners, we will look to build on our cooperative engagement efforts, particularly those directed towards local and regional communities and non-technical stakeholders or new stakeholders.
3.9 Good of the Internet
Status: Ongoing
FTEs: 0.7
Cost: 463
CAPEX: -
Description
In 2016, the RIPE NCC Executive Board approved the addition of a Good of the Internet activity to the RIPE NCC Activity Plan and Budget, with a budget of EUR 553,000. This activity is intended to provide a means for the RIPE NCC and its members to support worthwhile causes that contribute to the overall development and stability of the Internet.
Benefits
- Contributes to the good of the Internet in our service region
- Supports worthwhile initiatives that help with the development and stability of the Internet
- Recognises people who have contributed to the advancement of the Internet locally, regionally or globally
- Gives financial support to industry partners who are instrumental to the global Internet infrastructure
2019 at a Glance
- Further funding for RIPE NCC Community Projects Fund
- Continued support for the IETF
3.9.1 RIPE NCC Community Projects Fund
Status: Ongoing
The RIPE NCC Community Projects Fund supports specific projects of value to the operation and resilience of the Internet, with a focus on tools and services that benefit the technical community in our service region. Applications are evaluated by a committee of RIPE community and Executive Board members, along with one staff observer.
In 2019, we will report to the community on the distribution of the second round of funding (announced in 2018), including updates on the progress of the chosen projects. A third call for funding applications will also be held, with winners announced in the third quarter of the year.
3.9.2 Rob Blokzijl Foundation
Status: Ongoing
The Rob Blokzijl Foundation was officially incorporated in February 2017 in honour of the RIPE Chair Emeritus, who passed away in 2015. The foundation recognises people from our service region who have made a lasting contribution to the development of the Internet. The first award was handed out in 2018 to Wilfried Wöber for his continued community involvement. Considering the high quality of the candidates in 2018, it was decided to hand out the next award in 2019, rather than wait the two years initially planned.
A nomination committee was chosen by the RIPE community to select the award recipients. The foundation is completely independent from the RIPE NCC, although we have agreed to provide funding in 2019.
3.9.3 Supporting IETF Sustainability
Status: Ongoing
In 2019, we will continue our annual contribution of EUR 100,000 towards the sustainability of the IETF, a cause that was endorsed by our members following presentations from the IETF at RIPE 71 and RIPE 72 and subsequent discussion on the RIPE NCC Members Discuss mailing list. This financial contribution supports the IETF in its role in the development and implementation of technical standards and coordination for the global operation of the Internet.
4) Internal
4.1 IT and Information Security
Status: Expanding
FTEs: 12.9
Cost: 3,325
CAPEX: 670
Description
The IT activity at the RIPE NCC provides the back end, infrastructure and network support for all the internal and external services and activities we provide.
Benefits
- Provides the state-of-the-art, redundant IT platform
- Provides 24/7 support for services
- Ensures efficient IT support for staff to facilitate delivery of RIPE NCC services
- Enables members and RIPE community to flag technical emergencies outside of our regular office hours
2019 at a Glance
- Increasing the technical depth of the IT Department
- Begin implementing a comprehensive information security measurement framework
This activity includes the operation of the internal infrastructure and system administration and engineering support for all related infrastructure (such as co-location facilities, network, archiving and storage and email delivery), user support for staff, and IT support and enhancement for all external services we provide. 24/7 IT support is provided for all of our critical services.
Our IT infrastructure currently includes two main co-locations, in addition to one external “warm node” in Stockholm, Sweden to operate all RIPE NCC services. This warm node operates completely independent from our infrastructure in the Netherlands. We also maintain the technical operations of the Number Resource Organization (NRO) and the Address Supporting Organization (ASO).
IT also includes the technical set-up for the twice-yearly RIPE Meetings at locations throughout our service region, as well as support during RIPE NCC Regional Meetings.
We monitor our critical services 24/7. This monitoring includes RIPE NCC websites, the RIPE Database, K-Root, DNS and reverse DNS, the LIR Portal and Resource Certification (RPKI). A technical emergency hotline is in place to ensure issues relating to our critical services can be dealt with appropriately.
In 2019, key areas will be maintaining a high availability network, server and virtual server environment with a focus on efficiency and simplicity to facilitate service improvements. Since 2005, the IT headcount has dropped by two, mainly due to efficiencies brought about by automation and other process improvements. However, we are operating under pressure in this area, so we will increase the headcount to maintain ongoing high standards and increase the technical depth for our many services to a growing membership. There will also be an investment in Information Security, as outlined in the section below.
We are also carrying out plans to change our configuration management system to improve infrastructure deployment, maintenance and management. The new platform will help improve logging of our services, putting us in a position to better identify trends and threats before they become an issue and therefore increasing efficiency in this area. In addition to this, through 2019, we will also be developing plans to consolidate our current data centre set-up.
4.1.1 Information Security
Status: Expanding
In 2019, we will continue to strengthen our information security capabilities to keep up with the current threat and legal landscape.
In 2018, the RIPE NCC will conclude a major data classification project to ensure that the RIPE NCC processes sensitive data in a sufficiently secure manner, in compliance with new European legislation. It will also support our efforts to mature our risk management process. New regulations and an expanding member base mean that we need a more systematic approach to IT and Information Security at the RIPE NCC. In 2019, we will implement a framework to measure the effectiveness of the implemented information security controls and set goals to achieve the correct balance between security and convenience. The implementation of this measurement framework and related information security improvement activities will take two to three years
Other activities will focus on gathering cyber threat intelligence and improving our capabilities to identify, correlate and prevent potential information security incidents.
We will continue outreach efforts with the security community, such as TF-CSIRT (of which the RIPE NCC is a member) and M3AAWG. Further engagement and involvement with the security community will help us to get a better understanding of what we can do to help members and stakeholders in this area.
Benefits for RIPE NCC members / RIPE community:
› Ensures the availability, confidentiality and integrity of our services and data
› Minimises the impact of security incidents on our services and subsequently minimises the possible impact on our members
› Co-ordination provision between parts of the security community and RIPE NCC members and the RIPE community
› Information security controls help to ensure the RIPE NCC meets its compliance obligations.
4.2 Facilities – Rent and Utilities
Status: Expanding
FTEs: 0.5
Cost: 1,193
CAPEX: 100
Description
Facilities include all of the rent, utilities, security, repair and maintenance costs for the RIPE NCC’s building and equipment.
Benefits
- Creates a secure, healthy and productive environment for employees
- Provides up-to-date and well-maintained working facilities
2019 at a Glance
- Maintain current work environment
We are continuously improving our facilities in order to provide a work environment that maximises the productivity of our employees. The current set up of offices will be continued in 2019; the RIPE NCC head office location in Amsterdam, a subsidiary office in Dubai and a small office space in Moscow. Furthermore, there will be an external storage space in Amsterdam. This activity is expanding because of utility cost increases and because insurance costs for the building and facilities have been allocated here.
4.3 Management and HR
Status: Expanding
FTEs: 9.7
Cost: 3,416
CAPEX: -
Description
The Management and HR activity at the RIPE NCC encompasses the Senior Management functions, including the Managing Director and the Chief Scientist. The Senior Management Team works closely with the RIPE NCC Executive Board to develop the strategy and vision of the organisation. HR is responsible for the recruitment and effective integration of well-qualified employees from throughout our service region.
Benefits
- Maximises the efficiency of the RIPE NCC’s internal structure and improves output by ensuring an engaged workforce
- Provides strategy and vision for the RIPE NCC
- Maintains a well-trained workforce
2019 at a Glance
- Maintaining development of the management team at the RIPE NCC
- Adapting our organisational structure to better suit the working needs of staff and maintain the quality of services they provide
The Senior Management Team guides staff and actively steers the RIPE NCC in order to provide excellent services and coordination activities for the RIPE NCC membership and the wider Internet community. The team is supported by the Management Assistants.
The RIPE NCC continuously reviews its organisational structure to ensure it remains as efficient as possible. Management support is also provided to facilitate decision making through engagement with relevant third parties. In 2019, we will be taking steps to adapt the structure of our organisation to better serve the working needs of our staff as they continue to deliver the highest possible quality of service to our evolving membership. Our priority is to ensure that staff remain as motivated and effective in their roles as possible, a goal best achieved by cultivating a working environment that optimises levels of engagement, skill, and wellbeing in the workplace. This area of activity will therefore see an increase due to a combination of HR consultancy and social security insurances.
4.4 Finance and Administration
Status: Expanding
FTEs: 9.1
Cost: 1,498
CAPEX: -
Description
We maintain high-quality administrative processes and constantly look for ways to increase efficiency. Our accounting, administration and reporting adheres to the General Dutch Accounting Standards and aims to provide a true and fair view of our financial situation, even though it is not required to do so by law. Furthermore, following from this enhanced reporting, we continue to improve our processes to ensure effective cost control and to be able to provide useful management information.
Benefits
- Increases efficiency in payment and administration for members and for us
- Ensures a professionally managed organisation with efficient administrative processes and cost-effective processes
- Meets the financial needs of organisations in different parts of our service region
- Meets the audit standards set by the Dutch fiscal system
2019 at a Glance
- Ongoing integrated risk management
- Enhanced data accuracy
- More automated reporting and budgeting processes
- Billing improvements
In 2019, we will further improve the billing processes, our administration and other financial services. Focus will also be given to simplifying internal processes wherever possible to increase efficiency. The expansion of this activity is due mainly to ongoing integrated risk management and assigned budget for enhanced data accuracy.
We stay in close contact with local tax authorities, auditors and local authorities to comply with legislation, corporate governance code and best current practices. We will continue with the execution of the Treasury Statute to achieve a minimised-risk treasury management.
4.5 Legal
Status: Expanding
FTEs: 1.9
Cost: 296
CAPEX: -
Description
Our legal team upholds a firm and extensive legal framework that sets out the standards and procedures for our internal and external operations. This framework is essential for ensuring that we remain accountable for all our activities, that our exposure to liability remains limited, and that we continue to support the RIPE community. A key aim is to make sure that our members continue to have the greatest possible confidence in the self-regulatory system under which we operate and in existing Internet governance structures more generally. We also work to ensure that our legal framework and our procedures are in line with any applicable national and international legislation.
Benefits
- Helps create confidence in the accountability of the Internet governance system, ensuring that this system and its rules are taken seriously
- Ensures that the RIPE NCC is deemed a trustworthy authority and a reliable partner to our membership and the wider community
2019 at a Glance
- Ongoing focus on ensuring accountability
- Follow legislative developments and make sure the RIPE NCC complies with new legal obligations.
- Support discussion around ASO structure review
- Address increased complexity of legal requests received due to IPv4 address scarcity
In 2019, the RIPE NCC will continue to follow legislative developments and coordinate externally for the support of the self-governance model. Additionally, the RIPE NCC will keep enhancing its accountability by reviewing its governance model and the procedures in place. We will also work to support the discussions around the re-structuring of the ASO and will help build the relevant legal framework when needed. Finally, the scarcity of IPv4 addresses increases the complexity of legal requests the RIPE NCC receives because there is an increasing number of mergers and transfers as well as an increasing number of disputes and abuse complaints.
4.6 Organisational Activities: Executive Board, Arbitration Panel and General Meetings
Status: Decreasing
FTEs: 2.2
Cost: 299
CAPEX: -
Description
We support twice-yearly RIPE NCC General Meetings (GMs). At these GMs, members vote annually on the RIPE NCC Financial Report and on the Charging Scheme for the following year. Members can also exercise their rights to vote in Executive Board elections and on resolutions, such as amendments to the RIPE NCC Articles of Association. We also support a neutral and objective arbitration panel that exists to resolve any disputes relating to our services and evaluate any resource requests made by the RIPE NCC for our own infrastructure or services.
Benefits
- Allows RIPE NCC members’ interests to be represented by Executive Board
- Gives members the opportunity to give feedback directly to the Executive Board on the RIPE NCC’s Activity Plan and Budget
- Allows members to approve the RIPE NCC Charging Scheme and Financial Report
- Gives a level of transparency on the management and the strategies of the RIPE NCC that gives members and other interested parties sufficient information to give feedback on any of activity/decision/change
2019 at a Glance
- Ongoing focus on organisational optimisation
In order to help ensure an informed membership at the General Meeting, we prepare various sets of documents including an Activity Plan and Budget, a Charging Scheme, an Annual Report and a Financial Report. We provide remote participation facilities and electronic voting capabilities for those members who are unable to attend the GM in person but who wish to follow proceedings and vote in elections and on resolutions. Members attending the GM in person can also choose to vote electronically.
As set out in the Articles of Association, the arbiters on the RIPE NCC Arbitration Panel are appointed by the RIPE NCC’s Executive Board and approved by our membership. The RIPE NCC has an arbitration panel to rule on disputes between us and our members, and between members. Once a year, the Arbitration panel meets to discuss procedures, cases and the panel itself.
The RIPE NCC Executive Board conducts multiple meetings every year. These meetings deal with strategic and financial issues pertinent to the organisation as well as our relationship with industry partners. At these meetings, the RIPE NCC Executive Board incorporates feedback from the membership and the RIPE NCC Management into their discussion and final decision on the RIPE NCC’s Activity Plan and Budget for the following year. The Executive Board also plays a crucial role in the RIPE NCC’s outreach and member liaison activities. After every Executive Board meeting, the minutes of the meeting are published for the membership along with key outcomes.
The Executive Board and the RIPE NCC Management are actively looking to engage with the membership regarding its activities and strive for the utmost transparency with regards to the management, services and strategies of our organisation.
5) Unforeseen Activities
There may be activities that are entirely unforeseen at the time of writing the RIPE NCC Activity Plan and Budget 2018 or have started recently and are not at the stage where they can be estimated to have a material financial impact. A quick, well-focused reaction to the changing environment and new requirements of the RIPE NCC members and other stakeholders is always a goal of the RIPE NCC. In line with good corporate governance, any unforeseen activities that that arise are developed in close consultation with the RIPE NCC Executive Board, and when there is any material financial impact the Executive Board must approve the resulting action to be taken.
Budget Figures 2019
RIPE NCC Budgeted Statement of Income and Expenditure 2019 in kEUR
Budget | LE | Budget | Difference | ||
---|---|---|---|---|---|
2019 | 2018* | 2018 | B19 vs. LE 18 | B19 vs. B18 | |
Income | |||||
Fees Existing Members | 29,400 | 24,557 | 24,640 | 4,843 | 4,760 |
Independent Resource Fees | 1,086 | 1,061 | 1,065 | 25 | 21 |
Service Fees New Member | 3,467 | 3,172 | 2,383 | 295 | 1,084 |
Re-opening Fees | 200 | 230 | 200 | (30) | - |
Members Fees | 34,153 | 29,020 | 28,288 | 5,133 | 5,865 |
New Member Sign-up Fees | 8,000 | 7,854 | 5,500 | 146 | 2,500 |
RIPE Meetings | 235 | 278 | 235 | (43) | - |
Sponsorship Income | 255 | 458 | 315 | (203) | (60) |
Other Income | 50 | 55 | 50 | (5) | - |
Total Income | 42,693 | 37,665 | 34,388 | 5,028 | 8,305 |
Expenditure | |||||
Salary Wage Components | 11,701 | 10,319 | 10,747 | 1,382 | 954 |
Secondary Benefits | 2,967 | 2,573 | 2,582 | 394 | 385 |
Miscellaneous Personnel | 3,057 | 2,319 | 2,581 | 738 | 476 |
Subtotal Personnel | 17,725 | 15,211 | 15,910 | 2,514 | 1,815 |
Housing | 927 | 858 | 878 | 69 | 49 |
Office Costs | 3,115 | 2,575 | 2,526 | 540 | 589 |
Marketing/External Relations | 809 | 614 | 701 | 195 | 108 |
Contributions | 816 | 887 | 908 | (71) | (92) |
IT Infrastructure | 3,030 | 1,780 | 2,004 | 1,250 | 1,026 |
Travel | 1,588 | 1,542 | 1,447 | 46 | 141 |
Consultancy | 3,253 | 2,224 | 2,261 | 1,029 | 992 |
Bank Charges | 337 | 276 | 253 | 61 | 84 |
Bad Debts | 250 | 252 | 250 | (2) | - |
Depreciation | 1,400 | 1,159 | 1,350 | 241 | 50 |
Total Expenses | 33,250 | 27,378 | 28,488 | 5,872 | 4,762 |
Financial Result | 300 | 162 | 350 | 138 | (50) |
Surplus before Redistribution | 9,743 | 10,449 | 6,250 | (706) | 3,493 |
Capital Expenditure | 2,115 | 900 | 1,235 | 1,215 | 880 |
Number of FTEs | 165 | 151 | 155 | 14 | 10 |
* LE 2018 based on the estimated figures per 30 September 2018.
Note on the Budget 2019 figures:
All figures are drawn up in compliance with the general accounting standards in the Netherlands (Dutch GAAP).
Development of the RIPE NCC Reserves
The table below shows the RIPE NCC’s capital development. The RIPE NCC Capital consists of the Clearing House and any addition to the Clearing House, either from capital gains or from an accumulation of the surplus. The RIPE NCC General Meeting in October 2018 approved the redistribution of the excess contribution paid in 2018 by redistributing the RIPE NCC 2018 surplus to the membership in 2019.
Development of RIPE NCC Reserves with a redistribution in 2019 (in kEUR)
Year | Surplus | Addition to the Capital |
Capital at 31 December |
Expenses Per Year |
% of Expenses |
---|---|---|---|---|---|
2013 | 1,732 | - | 21,912 | 19,330 | 113% |
2014 | 3,414 | - | 25,326 | 21,224 | 119% |
2015 | (262) | - | 25,064 | 21,978 | 114% |
2016 | 325 | - | 25,389 | 23,528 | 108% |
2017 | (173) | - | 25,216 | 25,848 | 98% |
LE 2018 | - | - | 25,216 | 27,378 | 92% |
B 2019 | - | - | 25,216 | 33,250 | 76% |
Appendix 5: Changes to the Draft Activity and Budget 2019
Amendments to the Activity Plan
- Minor editorial changes have been made to the text.
-
In the draft version of the Activity Plan and Budget 2019, which we distributed to our members at the RIPE NCC General Meeting October 2018, Section 3.9.2 provided details on the Rob Blokzijl Foundation. We have deleted this section due to the fact that any further activity in this area will be covered by funding allocated in last year’s budget. There will be no funds allocated to this activity in 2019.
Amendments to the Budget
There is a total additional income of 371 kEUR in service fees based on actual membership levels.
There is a total additional budget of 526 kEUR for the following Operational Expenditures:
- A recalculation of 106 kEUR on Personnel Costs based on latest salary levels including benefits and three additional staff members.
- Decrease of 42 kEUR in Office Costs following the latest contractual fees for the organisation costs of RIPE Meetings.
- Increase of 157 kEUR from IT Infrastructure following increased number of credentialing exams as well as additional software licences to support GDPR compliance.
- 34 kEUR savings on travel within the RIPE NCC service region following the decision to hold the RIPE Meeting (RIPE 79) in October 2019 in the Netherlands.
- 395 kEUR increase for consultancy to enhance information security processes and to adapt our organisational structure to better suit the needs of staff and maintain the quality of services they provide.
- Recalculation of depreciation results in a decrease of 56 kEUR aligning with actual investments made in 2018.
Finally, the amended anticipated surplus that can be redistributed to members following the RIPE NCC General Meeting October 2018 vote is EUR 9.7 million.