Challenges in Deploying a Network with an Autonomous System and IPv4/IPv6 Addresses

22/11/2024

By Erika Vega, Senior Consultant at SOCIUM and Engineering Manager at MC&H Networks, and Andrés Cortés Fuentes, Head of the ICT Department of the Municipality of Carrillo.

Introduction

The Municipality of Carrillo, located in the province of Guanacaste, Costa Rica, has decided to upgrade its technological infrastructure to improve the provision of online services and procedures. This process included the implementation of its own Autonomous System (ASN) and the allocation of its own numerical resources for both IPv4 and IPv6. The decision was driven by the need to ensure redundancy in Internet connectivity through the management of BGP sessions with multiple Internet Service Providers, as well as the autonomous administration of IP resources. This approach aims to enhance the continuity of critical services provided by the Municipality. As part of the project, an IPv4 address block (/24) and an IPv6 address block (/32) were obtained, thus ensuring dual stack operation with multiple transit providers.

Additionally, the Municipality undertook actions to achieve certification in the Mutually Agreed Norms for Routing Security (MANRS) program, promoted by the Internet Society, as part of its commitment to the security and stability of global routing.

Additional reading:

Analysis of BGP Prepending in the LAC Region in 2024

Shortage of IPv4 addresses and Alternatives

One of the primary challenges faced was securing IPv4 addresses. Upon requesting the block from LACNIC, it was confirmed that IPv4 resources were no longer available due to regional exhaustion, a limitation that has been in effect since August 19, 2020. In view of this scenario and considering the long waiting list and the recovery periods for quarantined IPv4 blocks, the Municipality opted to lease IPv4 addresses from AFRINIC through a broker. This solution provided the Municipality with the necessary direction for the implementation of its project, although it brings with it certain associated challenges.

Geolocation Issues

After leasing the IPv4 address block from AFRINIC, the Municipality of Carrillo faced a new challenge: geolocation problems. Most of the geolocation databases associated the IPv4 block to the African region, which generated inconveniences when trying to use services that that rely on the user’s geographic location. This resulted in blocks and restrictions, as certain services only allow access from IP addresses identified as belonging to Costa Rica. These issues were particularly common on websites managed by government entities in the country.

Geolocation databases are used to correlate an IP address with the geographic location of the device connected to the Internet.  These databases can be either commercial (offering lite or community versions) or freely accessible. To update the location of the leased IPv4 block, the Municipality had to manually submit requests to various geolocation providers. This was necessary because “AFRINIC does not provide geolocation services and has no formal or operational relationship with any geolocation provider.”

(Reference: https://afrinic.net/support/whois/faq/incorrect-geolocation-ip-details)

Strategies to Mitigate Geolocation Issues

To address geolocation-related blocking while the databases were being updated, the following strategies were implemented:

1. Creation of Objects in the AFRINIC Database: The inetnum and route objects were created in AFRINIC’s database, associating the leased IPv4 block with the Municipality of Carrillo in Costa Rica.
2. Requests to Geolocation Providers: Requests were sent to the main geolocation providers to reclassify the IPv4 block to Costa Rica. This process involved both automated mechanisms and manual submissions through forms.
3. Ongoing Verification: Continuous monitoring of geolocation database updates was conducted using platforms such as  https://www.iplocation.net/ip-lookup to ensure that changes were properly reflected.

Additional Challenges in Address Management

During the management of leased IPv4 addresses from AFRINIC, the Municipality of Carrillo encountered additional challenges related to RPKI and IRR administration:

• ROAs Management (RPKI): The creation and modification of ROAs had to be requested manually via email to the broker, since there is no automated system to manage them as in My LACNIC. This adds complexity and delays in protecting BGP announcements, increasing reliance on third parties to ensure the validity of prefixes.
• IRR Registration: Registration in the Internet Routing Registry (IRR) is not automated, which means that it is necessary to manually create “route” and “route6” objects in the AFRINIC IRR or in some other registry. This lack of automation increases the risk of errors and requires additional administrative resources to properly manage route announcements.
• Limitations of Inability to Subnet IPv4 Prefix: Having a /24 IPv4 block without the ability to subnet it for load balancing across multiple Internet Service Providers (ISPs) limits the network’s flexibility and resilience. Without the ability to divide the block, dynamic route distribution among multiple ISPs becomes impossible, which prevents routing optimization and improves redundancy. In the event of a failure with one of the providers, all traffic would be affected, as there would be no option to redirect it through alternative routes.

Final Recommendations

For organizations facing similar challenges, the following recommendations are suggested:

• Plan Ahead for IPv4 Address Acquisition: Given the scarcity of resources, exploring alternatives such as leasing IPv4 addresses from other regional registries may be a viable solution, though it involves additional challenges.
• Keep Geolocation Databases Updated: It is critical to constantly monitor and send update requests to geolocation providers to avoid unwarranted blockages.
• Consider MANRS Certification: Aligning network operations with best practices for routing security help enhance the global stability and security of the Internet ecosystem.

The experience of the Municipality of Carrillo highlights the inherent challenges of deploying infrastructure with self-addressed infrastructure, particularly in the context of IPv4 exhaustion and the need to ensure accurate geolocation of resources. These challenges demand careful planning and robust technical expertise. As noted in this article, the focus was not on the Municipality’s IPv6 deployment, as implementing IPv6 presents minimal challenges. In fact, it is a reliable solution that promotes the stability and scalability of Internet services. IPv6 allows for more efficient address allocation and ensures that services can remain functional and scalable in an environment where IPv4 resources are increasingly scarce. Adopting IPv6 is undoubtedly the path to a more resilient and sustainable Internet.