+Raíces
Project goals
The main goal of the +Raices project is the installation of anycast root server copies in various countries of the LACNIC region. By installing these servers at strategic locations throughout the region such as IXPs (Internet Exchange Points) and NAPs (Network Access Points), the project seeks to achieve greater resiliency for one of the Internet's most critical resources, the DNS. It provides redundancy and reduces vulnerability, allowing a better response in case of potential DDoS attacks or infrastructure failures that could render certain root servers inoperative.
LACNIC's Role
LACNIC's role is to coordinate with host organizations and those providing the root servers, as well as to promote these new root servers. In certain cases, LACNIC may sponsor the installation of a root server copy.
About the Project
This initiative is part of LACNIC's ongoing role as a promoter of regional Internet development. The +Raices project helps strengthen global Internet infrastructure and stability. In other words, it broadens the scope and improves the strength and response times of the DNS system (an essential part of Internet infrastructure) at both regional and global level. For this reason, LACNIC has signed the following agreements:
- Agreement with ISC Internet Systems Consortium, signed on 1st April 2004 in Montevideo for the installation of anycast copies of the F root server (operated by ISC)
- Agreement with ICANN - Internet Corporation for Assigned Names and Numbers, signed on 14 March 2012 in Costa Rica for the installation of anycast copies of the L root server (operated by ICANN)
- Agreement with Netnod for the deployment of I root servers in the LAC region
- Agreement with RIPE NCC (23 July 2015) for promoting the deployment of K root server copies
Structure
The Domain Name System (DNS) is based on a hierarchical tree-like structure in which millions of servers worldwide have part of the information needed to make the system work.
At the root of this system there is not one but thirteen servers performing this function, each of which is identified with the letters A to M. These thirteen servers share the same hierarchy, and none is subordinated to another. Ten are in the United States, two in Europe and one in Japan.
Anycast
Anycast has long been used to announce the same prefix from several different locations. The routing system can then identify which location is closest to each user. A few years ago, this technique began to be used to create root server "clones," thus overcoming the technical limitations that do not allow implementing new logical root servers.
Users only see the root server closest to them, not the original server or other copies. This increases the system's efficiency while providing greater security and stability. If for some reason an anycast copy of a root server fails, users will automatically start seeing other copies or other root servers.
How to participate in +RAICES
If you would like to host an anycast root server copy, please contact LACNIC at raices@lacnic.net. In order to better process your request, we recommend providing a brief description of your organization and how it connects to the Internet.
Installed copies
Copy | City, Country | Organization | Role of LACNIC | Operational Since |
---|---|---|---|---|
L | Caracas, Venezuela | REACCIUN | Coordination | February 2012 |
L | Montevideo, Uruguay | SECIU | Coordination | March 2012 |
L | Quito, Ecuador | AEPROVI/NAP Ecuador | Funding and coordination | March 2012 |
L | San Salvador, El Salvador | IX/SVNet | Coordination | August 2006 |
L | Quito, Ecuador | AEPROVI | Coordination | August 2012 |
L | Bogotá, Colombia | CCIT/NAP Colombia | Funding and coordination | October 2012 |
L | Asunción, Paraguay | COPACO | Coordination | June 2013 |
L | Caracas, Venezuela | REACCIUN/CENIT | Coordination | February 2015 |
L | Santiago, Chile | Telefónica | Coordination | May 2015 |
L | Santiago, Chile | Telefónica | Coordination | May 2015 |
L | Cochabamba, Bolivia | COMTECO | Funding and coordination | September 2016 |
L | Quito, Ecuador | AEPROVI/NAP Ecuador | Funding and coordination | February 2020 |
F | Santiago, Chile | NIC.CL | Coordination and funding | December 2005 |
F | Buenos Aires, Argentina | CABASE | Coordination and funding | August 2006 |
F | Caracas, Venezuela | CNTI | Coordination and funding | October 2006 |
F | Panama City, Panama | NIC.PA/ UTP | Coordination and funding | July 2007 |
F | Quito, Ecuador | AEPROVI | Coordination and funding | August 2007 |
F | Sint Marteen | OC-IX | Coordination and funding | July 2009 |
F | Port-au-Prince, Haiti | AHTIC | Coordination and funding | May 2010 |
F | Montevideo, Uruguay | ANTEL | Coordination | August 2015 |
K | Montevideo, Uruguay | LACNIC | Funding and coordination | January 2016 |
K | Buenos Aires, Argentina | ARIU | Funding and coordination | May 2017 |
K | Panama, Panama | CWP - Cable & Wireless Panama | Funding and coordination | May 2018 |
I | Montevideo, Uruguay | LACNIC | Funding and coordination | June 2016 |
I | Asunción, Paraguay | IXP.Py / NIC.Py | Funding and coordination | February 2018 |
I | Mexico | Transtelco | Coordination | July 2018 |
I | Guayaquil, Ecuador | CEDIA | Coordination | September 2019 |
I | Santo Domingo, Ecuador | IXP Ecuador | Funding and coordination | January 2020 |
I | Concepcion, Chile | PIT Chile | Funding and coordination | April 2020 |
I | Cochabamca, Bolivia | Comteco | Funding and coordination | September 2020 |
I | Monterrey, Mexico | Transtelco | Coordination | October 2020 |
I | Buenos Aires, Argentina | ARIU | Coordination | November 2020 |
I | Suriname | Telesur | Funding and coordination | December 2020 |
I | Guatemala | IXP-GT | Funding and coordination | March 2021 |
I | Lima, Peru | PIT Peru | Funding and coordination | April 2021 |
I | Panamá, Panamá | InteRed | Coordination | September 2022 |
Requirements
Dell PowerEdge servers with iDRAC interface v7 or above for remote administration. The server requires three network interfaces:
- iDRAC interface
- Gigabit Ethernet interface for system management
- Gigabit Ethernet interface for production (anycast traffic)
IPv4 and IPv6 connectivity are both required. The host organization must provide:
- A global IPv4 address (routable) for iDRAC; IPv6 is not required
- For interface management, either an IPv6 address with NAT64/DNS64, or an IPv4 and an IPv6 address are required
- The production interface also requires an IPv4 address (and eventually an IPv6 address), which may be private, to connect with the host institution's BGP neighbor
This BGP session will be used to announce the anycast prefixes, which for the K root server as follows:
- 193.0.14.0/24
- 2001:7FD::/48
- ASN 25152
Supermicro PR-6018R-WRF servers with IPMI 2.0 interface are suggested for remote management:http://www.supermicro.com/products/system/1U/6018/SYS-6018R-WTR.cfm
The server requires three network interfaces:
- IPMI interface
- Gigabit Ethernet interface for system management
- Gigabit Ethernet interface for production
IP addressing:
- One public IPv4 address for the IPMI interface
- One public IPv4 address for the management interface
- One public /28 IPv4 prefix and preferably a /64 IPv6 prefix routed through the management interface
- One IPv4 address (which may be private) for the operational interface to connect with the neighbor NBGP
Anycast prefixes announced together with the as-path are as follows:
- 192.36.148.0/24 ^8674_29216$
- 194.146.106.0/24 ^8674$
- 194.146.107.0/24 ^8674$
- 194.146.108.0/24 ^8674$
- 2001:67c:1010::/48 ^8674_29216$
- 2001:67c:1011::/48 ^8674_29216$
- 2001:7fe::/33 ^8674_29216$
For the deployment of a L instance under the L-Single program, the purchase of L-Root appliance is required.
For additional information please visit http://www.dns.icann.org/lroot/ and http://www.dns.icann.org/lroot/faq/
Announced anycast prefixes:
- 199.7.82.0/23
- 199.7.83.0/24
- 2001:500:3::/48
- 2001:500:9e::/47
- 2001:500:9f::/48
- AS20144
There are no specifications regarding the type of servers to be used. ISC operates an open peering policy with the locations where they deploy F root server copies: https://www.isc.org/f-root/network-peering/. More information: https://www.isc.org/f-root/
Announced anycast prefixes:
- 192.5.4.0/23
- 192.5.4.0/24
- 192.5.5.0/24
- 2001:500:2E::/47
- 2001:500:2E::/48
- ASN3557