Operational Test and Evaluation (OT&E) Environment

OT&E is an environment that contains data that is similar to the data that exists in ARIN’s production environment. The OT&E environment allows developers to experiment with ARIN interactions without affecting production data. OT&E allows for experimentation with the following main ARIN services:

Note: OT&E exists solely for experimental usage and research and is not linked to ARIN’s production system. User data (including API keys) is copied from the production database to OT&E monthly. Note that email interactions are not supported in OT&E.

Benefits of using OT&E:

  • Testing can be done without affecting production data.
  • RPKI is restricted to those organizations that have signed a Registration Services Agreement (RSA) with ARIN. However, OT&E can be used by those organizations without signing an RSA to experiment with these new services.
  • When using RPKI, test Route Authorization Requests (ROAs) can be created and validated without impacting production RPKI data.

Drawbacks of using OT&E:

  • Data is refreshed each month, so any data created in OT&E (e.g., resource certifications and ROAs) is deleted after the refresh and must be recreated.
  • The Ask ARIN feature is not monitored in OT&E; questions or requests must be submitted in the production environment. (For example, you must log in to ARIN Online and create a ticket using Ask ARIN there.)

Prerequisites

Before using OT&E, you need the following:

  • ARIN Online user account: This account must have been created before the first of the month in which you are using OT&E. (User accounts [including API keys] are copied from ARIN Online’s production environment to the OT&E environment on the first Monday of every month.)
  • Authority over resources in ARIN Online: Your user account in ARIN Online must be linked to a POC that has been associated with an Org with resources.
  • API key: You must have an API key for your user account. Note: If you want to use a different API key for OT&E than the API key you use in the production system, you can change your API key in OT&E by choosing Settings - Profile and Security Information from the “Welcome, yourname” drop-down menu in OT&E. Under Security Info, choose Actions > Manage API Keys. Because user data (including account and API key information) is copied from the production database to OT&E at the beginning of each month, you will have to change your API key again after each monthly database refresh.

Mailing List

ARIN encourages all OT&E users to subscribe and participate on the ARIN Technical Discussions mailing list for information sharing and outage information.

Data Refresh

Every month, you will need to reconfigure any changes that you made to your resources in OT&E, because OT&E data is replaced with new data during the refresh that occurs on the first Monday of the month.

OT&E Hosts

The following URLs should be used when interacting with ARIN’s OT&E services in place of their production counterparts:

  • whois.ote.arin.net: Whois-RWS
  • www.ote.arin.net: ARIN Online
  • reg.ote.arin.net: Reg-RWS and the IRR RESTful API
  • rpki.ote.arin.net: RPKI
  • updown.ote.arin.net: Up/Down RPKI
  • rdap.ote.arin.net: RDAP

More information is available in the following sections.

Using Whois-RWS in OT&E

whois.ote.arin.net is used to access Whois-RWS in OT&E; this functionality within OT&E is a monthly snapshot of production, refreshed the first Monday of each month. Remember to use http://whois.ote.arin.net with your RESTful calls to make changes in the OT&E. For more information on the Whois-RWS API, visit Whois-RWS API Documentation).

Using ARIN Online in OT&E

The address www.ote.arin.net is used to reach the OT&E ARIN Online service. It provides a snapshot of production data and allows you to perform the same functions, but in a test environment. Note that because this environment is not monitored by the Registration Services Department, ticketed requests, including the Ask ARIN help desk ticket, will not receive a response.

Using Reg-RWS and the IRR RESTful API in OT&E

The reg.ote.arin.net URL provides Reg-RWS and IRR RESTful API functionality within OT&E. This system is a snapshot of production. Remember to use https://reg.ote.arin.net with your RESTful calls to make changes in the OT&E. For more information on Reg-RWS usage, visit Automating Record Management with Reg-RWS. For more information on the IRR RESTful API, visit IRR RESTful API.

Using RPKI in ARIN’s OT&E Environment

OT&E allows you to test RPKI in a non-production environment.

Signing up for RPKI in OT&E

To use RPKI in OT&E:

If you don’t have any resources covered under RPKI in production, you’ll first need to request access to RPKI. To request access to RPKI, log in to ARIN Online in the OT&E environment and follow the steps to configure RPKI.

Note:

Specifically for customers who are already enrolled in Delegated (not Hosted) RPKI and who would like to perform testing in OT&E, additional steps will need to be taken after each monthly refresh. Please re-exchange the identity.xml in the OT&E public front-end and force your software to perform an issue request.

Working with ARIN Staff for OT&E

The OT&E environment is not actively monitored by ARIN Staff. When you’ve requested a certificate, need resources re-enrolled in the OT&E environment, or are already signed up for delegated RPKI and need your account deleted/re-added to use OT&E, you will need to submit an Ask ARIN ticket in both the OT&E environment the production environment for ARIN Staff to process your request in OT&E. Follow these steps to complete your resource certificate request:

  1. Use Ask ARIN in the OT&E environment to create a ticket.
  2. Log in to ARIN Online in the production environment (www.arin.net).
  3. Use Ask ARIN to create a ticket. Be sure to use the following:
  • Topic: Other
  • Subject: OT&E approval requested
  • Question: Provide the OT&E ticket number or function that ARIN staff needs to process for you.

After you receive notification that your resources have been certified, you can create ROAs in the OT&E environment.

Note: We do a backwash of the production database to OT&E on a monthly basis. All changes that were made to the OT&E will be replaced with a snapshot of the current production configuration at that time.

If you wish to test a different RPKI deployment type in OT&E, you will need to submit an Ask ARIN ticket to request that your RPKI configuration be deleted for your organization. Then, follow the steps to sign up for RPKI and select the RPKI deployment type you wish to test.

RPKI Repository Updates

In OT&E, the RPKI repository is updated every few minutes.

OT&E Trust Anchor Locator (TAL)

In order to validate your ROAs using ARIN’s OT&E data, you must use the ARIN OT&E TAL.

Validators

The OT&E TAL is used with an RPKI validator to allow for the fetching and validation of ARIN OT&E repository objects. ARIN provides a list of validators that we have tested and support.