Operational Test and Evaluation (OT&E) Environment
OT&E is an environment that contains data that is similar to the data that exists in ARIN’s production environment. The OT&E environment allows developers to experiment with ARIN interactions without affecting production data. OT&E allows for experimentation with the following main ARIN services:
- Whois RESTful Web Service (Whois-RWS)
- Registration RESTful Web Service (Reg-RWS)
- Internet Routing Registry RESTful API
- Resource Public Key Infrastructure (RPKI)
- Registration Data Access Protocol (RDAP)
Note: OT&E exists solely for experimental usage and research and is not linked to ARIN’s production system. User data (including API keys) is copied from the production database to OT&E monthly. Note that email interactions are not supported in OT&E.
Benefits of using OT&E:
- Testing can be done without affecting production data.
- RPKI is restricted to those organizations that have signed a Registration Services Agreement (RSA) with ARIN. However, OT&E can be used by those organizations without signing an RSA to experiment with these new services.
- When using RPKI, test Route Authorization Requests (ROAs) can be created and validated without impacting production RPKI data.
Drawbacks of using OT&E:
- Data is refreshed each month, so any data created in OT&E (e.g., resource certifications and ROAs) is deleted after the refresh and must be recreated.
- The Ask ARIN feature is not monitored in OT&E; questions or requests must be submitted in the production environment. (For example, you must log in to ARIN Online and create a ticket using Ask ARIN there.)
Before using OT&E, you need the following:
- ARIN Online user account: This account must have been created before the first of the month in which you are using OT&E. (User accounts [including API keys] are copied from ARIN Online’s production environment to the OT&E environment on the first Monday of every month.)
- Authority over resources in ARIN Online: Your user account in ARIN Online must be linked to a POC that has been associated with an Org with resources.
- API key: You must have an API key for your user account. Note: If you want to use a different API key for OT&E than the API key you use in the production system, you can change your API key in OT&E by choosing Settings - Profile and Security Information from the “Welcome, yourname” drop-down menu in OT&E. Under Security Info, choose Actions > Manage API Keys. Because user data (including account and API key information) is copied from the production database to OT&E at the beginning of each month, you will have to change your API key again after each monthly database refresh.
ARIN encourages all OT&E users to subscribe and participate on the ARIN Technical Discussions mailing list for information sharing and outage information.
Every month, you will need to reconfigure any changes that you made to your resources in OT&E, because OT&E data is replaced with new data during the refresh that occurs on the first Monday of the month.
The following URLs should be used when interacting with ARIN’s OT&E services in place of their production counterparts:
www.ote.arin.net: ARIN Online
reg.ote.arin.net: Reg-RWS and the IRR RESTful API
updown.ote.arin.net: Up/Down RPKI
More information is available in the following sections.
Using Whois-RWS in OT&E
whois.ote.arin.net is used to access Whois-RWS in OT&E; this functionality within OT&E is a mirror of production. Remember to use
http://whois.ote.arin.net in place of
http://whois.arin.net. For more information on the Whois-RWS API, visit Whois-RWS API Documentation).
Using ARIN Online in OT&E
www.ote.arin.net is used to reach the OT&E ARIN Online service. It provides a mirror of production data and allows you to perform the same functions as in production, but in a test environment. Note that because this environment is not monitored by the Registration Services Department, ticketed requests, including the Ask ARIN help desk ticket, will not receive a response.
Using Reg-RWS and the IRR RESTful API in OT&E
reg.ote.arin.net URL provides Reg-RWS and IRR RESTful API functionality within OT&E. This system is a mirror of production. Remember to use
https://reg.ote.arin.net as RESTful calls to
https://reg.arin.net will affect production data. For more information on Reg-RWS usage, visit Automating Record Management with Reg-RWS. For more information on the IRR RESTful API, visit IRR RESTful API.
Using RPKI in ARIN’s OT&E Environment
OT&E allows you to test RPKI in a non-production environment.
Signing up for RPKI in OT&E
To use RPKI in OT&E:
If you don’t have any resources covered under RPKI in production, you’ll first need to request access to RPKI. To request access to RPKI, log in to ARIN Online in the OT&E environment and follow the steps to configure RPKI.
Specifically for customers who are already enrolled in Delegated (not Hosted) RPKI and who would like to perform some testing in OT&E, you will need to perform some additional steps after each monthly refresh. Please re-exchange the
identity.xml in the OT&E public front-end and force your software to perform an issue request. Krill users may find it easiest to set up their Krill client again from scratch.
Working with ARIN Staff for OT&E
The OT&E environment is not actively monitored by ARIN Staff. When you’ve requested a certificate, need resources re-enrolled in the OT&E environment, or are already signed up for delegated RPKI and need your account deleted/re-added to use OT&E, you will need to submit an Ask ARIN ticket in the production environment for ARIN Staff to process your request in OT&E. Follow these steps to complete your resource certificate request:
- Log in to ARIN Online in the production environment (www.arin.net).
- Use Ask ARIN to create a ticket. Be sure to use the following:
- Topic: Other
- Subject: OT&E approval requested
- Question: Provide the OT&E ticket number or function that ARIN staff needs to process for you.
After you receive notification that your resources have been certified, you can create ROAs in the OT&E environment.
Note: We do a refresh of the production database within OT&E on a monthly basis. All changes that were made prior to the OT&E environment refresh will be lost. Therefore, unless you have resources covered under RPKI in production, you will have to repeat the steps described in this section (starting with the request for access to RPKI). If you are already signed up for delegated RPKI, you will need to submit an Ask ARIN ticket each month after the refresh to request that your account be deleted and re-added before you can test in OT&E.
RPKI Repository Updates
In OT&E, the RPKI repository is updated every few minutes.
OT&E Trust Anchor Locator (TAL)
In order to validate your ROAs using ARIN’s OT&E data, you must use the ARIN OT&E TAL.
The OT&E TAL is used with an RPKI validator to allow for the fetching and validation of ARIN OT&E repository objects. ARIN provides a list of validators that we have tested and support.