ARIN’S OPERATIONAL TEST AND EVALUATION ENVIRONMENT (OT&E)
OT&E is an environment containing a copy of production-like data that allows developers to experiment with ARIN interactions without affecting production data. ARIN’s OT&E does not support email-based interactions, but allows for experimentation with three main ARIN services:
Note: OT&E exists solely for experimental usage and research, and is not linked to ARIN’s production system.
To request access to OT&E, log into your ARIN Online account and use Ask ARIN to request access to the environment using “Other” as the message topic. Once vetted, ARIN will grant OT&E environment access and send additional usage instructions. ARIN encourages all OT&E users to arin-tech-discuss mailing list for information sharing and outage information.
The following URLs should be used when interacting with ARIN’s OT&E services in place of their production counterparts.
- whois.ote.arin.net – an OT&E Whois-RWS service
- www.ote.arin.net – an OT&E ARIN Online service
- reg.ote.arin.net – an OT&E Reg-RWS service
- rpki.ote.arin.net – an OT&E RPKI service
- updown.ote.arin.net – an OT&E Up/Down RPKI service
OT&E services require Application Programming Interface (API) keys. To create an API Key:
- Log into ARIN Online
- Select WEB ACCOUNT on the left
- Find the API Key Management area
- Select Create API Key
Note: OT&E data is refreshed on the first Monday of each month to mirror production. If you created an API key in production since the last refresh, you must create a separate one within OT&E to use until the next refresh occurs.
Whois-RWS functionality within OT&E is a mirror of production. Remember to use http://whois.ote.arin.net in place of http://whois.arin.net. For more information on Whois-RWS usage, visit ARIN’s Whois-RWS page.
Reg-RWS functionality within OT&E is a mirror of production. Remember to use https://www.ote.arin.net or https://reg.ote.arin.net as RESTful calls to https://www.arin.net or https://reg.arin.net will affect production data. For more information on Reg-RWS usage, visit ARIN’s RESTful Interfaces page.
ARIN resource holders may request certificates and manage Route Origin Authorizations (ROAs) within OT&E, using the same methods as production. OT&E also contains a repository of certificates and ROAs, and handles key rollovers and revocations. For more information on RPKI usage, visit ARIN’s RPKI Home Page. For ROA Request signing instructions, visit the RPKI FAQ page.
Note: OT&E ROA Requests should be signed using a SEPARATE ROA Request Generation Key Pair than the one you use in production.
In order to validate using ARIN’s OT&E data, you will have to use the following Trust Anchor Locator (TAL). Note that this TAL differs from the production TAL:
The OT&E TALmust then be plugged into an RPKI validator to allow for the fetching and validation of ARIN OT&E repository objects. ARIN recommends the following validators:
- RIPE NCC: RPKI Validator
- The Internet Systems Consortium (ISC): rcynic Validator
- Raytheon BBN: RPSTIR Project