{"id":2082,"date":"2025-11-18T18:51:45","date_gmt":"2025-11-18T15:51:45","guid":{"rendered":"https:\/\/www.dchost.com\/blog\/arin-ip-transfer-politikalari-guncelleniyor-operasyonel-dersler\/"},"modified":"2025-11-18T18:51:45","modified_gmt":"2025-11-18T15:51:45","slug":"arin-ip-transfer-politikalari-guncelleniyor-operasyonel-dersler","status":"publish","type":"post","link":"https:\/\/www.dchost.com\/blog\/arin-ip-transfer-politikalari-guncelleniyor-operasyonel-dersler\/","title":{"rendered":"ARIN IP transfer politikalar\u0131 g\u00fcncelleniyor: Operasyonel dersler"},"content":{"rendered":"<div class=\"dchost-blog-content-wrapper\"><div id=\"toc_container\" class=\"toc_transparent no_bullets\"><p class=\"toc_title\">\u0130&ccedil;indekiler<\/p><ul class=\"toc_list\"><li><a href=\"#Pager8217i_Uyandiran_Gece_ve_ARIN_IP_Transfer_Gercegi\"><span class=\"toc_number toc_depth_1\">1<\/span> Pager&#8217;\u0131 Uyand\u0131ran Gece ve ARIN IP Transfer Ger\u00e7e\u011fi<\/a><\/li><li><a href=\"#ARIN_IP_Transfer_Politikalari_Neden_Bu_Kadar_Kritik\"><span class=\"toc_number toc_depth_1\">2<\/span> ARIN IP Transfer Politikalar\u0131 Neden Bu Kadar Kritik?<\/a><ul><li><a href=\"#IP_Adresleri_Artik_Sadece_Networkcunun_Sorunu_Degil\"><span class=\"toc_number toc_depth_2\">2.1<\/span> IP Adresleri Art\u0131k Sadece Network\u00e7\u00fcn\u00fcn Sorunu De\u011fil<\/a><\/li><li><a href=\"#ARIN8217in_Rolu_WHOIS_Kaydi_Degisir_Operasyon_Sallanir\"><span class=\"toc_number toc_depth_2\">2.2<\/span> ARIN&#8217;in Rol\u00fc: WHOIS Kayd\u0131 De\u011fi\u015fir, Operasyon Sallan\u0131r<\/a><\/li><li><a href=\"#8220Policy8221_Dedigin_Sey_Sonunda_Latency8217e_Dokunuyor\"><span class=\"toc_number toc_depth_2\">2.3<\/span> &#8220;Policy&#8221; Dedi\u011fin \u015eey Sonunda Latency&#8217;e Dokunuyor<\/a><\/li><\/ul><\/li><li><a href=\"#Yeni_ARIN_IP_Transfer_Politikalarinin_Teknik_Etkileri\"><span class=\"toc_number toc_depth_1\">3<\/span> Yeni ARIN IP Transfer Politikalar\u0131n\u0131n Teknik Etkileri<\/a><ul><li><a href=\"#Needs-Based_Justification_IPv4_Acligi_ve_Gercek_Dunyadaki_Yansimasi\"><span class=\"toc_number toc_depth_2\">3.1<\/span> Needs-Based Justification, IPv4 A\u00e7l\u0131\u011f\u0131 ve Ger\u00e7ek D\u00fcnyadaki Yans\u0131mas\u0131<\/a><\/li><li><a href=\"#RPKI_IRR_Route_Objeleri_Sadece_Kagit_Ustunde_Kalmayan_Detaylar\"><span class=\"toc_number toc_depth_2\">3.2<\/span> RPKI, IRR, Route Objeleri: Sadece Ka\u011f\u0131t \u00dcst\u00fcnde Kalmayan Detaylar<\/a><\/li><li><a href=\"#CLI_ve_IPAM_Ciktilari_Sahadaki_Karmasa\"><span class=\"toc_number toc_depth_2\">3.3<\/span> CLI ve IPAM \u00c7\u0131kt\u0131lar\u0131: Sahadaki Karma\u015fa<\/a><\/li><\/ul><\/li><li><a href=\"#Gercek_Bir_Proje_Veri_Merkezinden_Buluta_IP_Tasima_ve_ARIN\"><span class=\"toc_number toc_depth_1\">4<\/span> Ger\u00e7ek Bir Proje: Veri Merkezinden Buluta IP Ta\u015f\u0131ma ve ARIN<\/a><ul><li><a href=\"#Durum_Eski_Veri_Merkezi_Yeni_Bulut_Ortada_ARIN\"><span class=\"toc_number toc_depth_2\">4.1<\/span> Durum: Eski Veri Merkezi, Yeni Bulut, Ortada ARIN<\/a><\/li><li><a href=\"#Post-Mortem_Nerede_Cuvalladik\"><span class=\"toc_number toc_depth_2\">4.2<\/span> Post-Mortem: Nerede \u00c7uvallad\u0131k?<\/a><\/li><li><a href=\"#Bu_Projede_Nasil_Cozduk\"><span class=\"toc_number toc_depth_2\">4.3<\/span> Bu Projede Nas\u0131l \u00c7\u00f6zd\u00fck?<\/a><\/li><li><a href=\"#DevOps_Boru_Hattina_ARIN_Gercegini_Gommek\"><span class=\"toc_number toc_depth_2\">4.4<\/span> DevOps Boru Hatt\u0131na ARIN Ger\u00e7e\u011fini G\u00f6mmek<\/a><\/li><\/ul><\/li><li><a href=\"#Runbook_ARIN_IP_Transfer_Degisikliklerine_Nasil_Hazirlanirsin\"><span class=\"toc_number toc_depth_1\">5<\/span> Runbook: ARIN IP Transfer De\u011fi\u015fikliklerine Nas\u0131l Haz\u0131rlan\u0131rs\u0131n?<\/a><ul><li><a href=\"#1_Organizasyonel_Envanteri_Cikar_Hangi_IP_Kimin\"><span class=\"toc_number toc_depth_2\">5.1<\/span> 1. Organizasyonel Envanteri \u00c7\u0131kar: Hangi IP Kimin?<\/a><\/li><li><a href=\"#2_ARIN_Policy_Degisikliklerini_Teknik_Risklere_Cevir\"><span class=\"toc_number toc_depth_2\">5.2<\/span> 2. ARIN Policy De\u011fi\u015fikliklerini Teknik Risklere \u00c7evir<\/a><\/li><li><a href=\"#3_CICD8217ye_Guardrail_Ekleyin_Policy_as_Code\"><span class=\"toc_number toc_depth_2\">5.3<\/span> 3. CI\/CD&#8217;ye Guardrail Ekleyin: Policy as Code<\/a><\/li><li><a href=\"#4_Monitoring8217i_Sadece_Latency_Icin_Degil_Kayit_Tutarliligi_Icin_de_Kullanin\"><span class=\"toc_number toc_depth_2\">5.4<\/span> 4. Monitoring&#8217;i Sadece Latency \u0130\u00e7in De\u011fil, Kay\u0131t Tutarl\u0131l\u0131\u011f\u0131 \u0130\u00e7in de Kullan\u0131n<\/a><\/li><li><a href=\"#5_Hukuk_Network_DevOps_Tek_Bir_Masaya_Oturun\"><span class=\"toc_number toc_depth_2\">5.5<\/span> 5. Hukuk, Network, DevOps: Tek Bir Masaya Oturun<\/a><\/li><\/ul><\/li><li><a href=\"#Kapanis_IP_Adresleri_Sadece_Sayi_Degil_Surectir\"><span class=\"toc_number toc_depth_1\">6<\/span> Kapan\u0131\u015f: IP Adresleri Sadece Say\u0131 De\u011fil, S\u00fcre\u00e7tir<\/a><\/li><\/ul><\/div>\n<h2 id=\"section-1\"><span id=\"Pager8217i_Uyandiran_Gece_ve_ARIN_IP_Transfer_Gercegi\">Pager&#8217;\u0131 Uyand\u0131ran Gece ve ARIN IP Transfer Ger\u00e7e\u011fi<\/span><\/h2>\n<p>ARIN IP transfer politikalar\u0131 son d\u00f6nemde yeniden g\u00fcndeme gelirken, benim akl\u0131ma hep ayn\u0131 gece geliyor. Saat 02:37, telefon titriyor, Slack kanal\u0131nda k\u0131rm\u0131z\u0131 bir flood: <strong>&#8220;Prod-US-Edge: \/24 reachability issues &#8211; potential BGP leak&#8221;<\/strong>. Ekip yar\u0131 uykulu, ilk refleks: <strong>&#8220;Yine mi transit sa\u011flay\u0131c\u0131?&#8221;<\/strong>. Ama bu sefer hik\u00e2ye farkl\u0131yd\u0131. Haftalard\u0131r s\u00fcren bir <strong>IP blok transferi<\/strong> ve ARIN taraf\u0131ndaki kay\u0131t g\u00fcncellemeleri, RIPE b\u00f6lgeli bir partner ile yap\u0131lan peering ve aceleyle de\u011fi\u015ftirilen route objeleri, hepsi ayn\u0131 potada kar\u0131\u015fm\u0131\u015ft\u0131.<\/p>\n<p>Sonu\u00e7? Kimi lokasyonlardan site a\u00e7\u0131l\u0131yor, kimilerinden a\u00e7\u0131lm\u0131yor. DNS \u00e7\u00f6z\u00fcl\u00fcyor ama trafik yanl\u0131\u015f ASN&#8217;e gidiyor. Sertifika do\u011fru ama kullan\u0131c\u0131 yanl\u0131\u015f edge node&#8217;a d\u00fc\u015f\u00fcyor. Klasik <strong>&#8220;her \u015fey \u00e7al\u0131\u015f\u0131yor gibi ama kullan\u0131c\u0131 hata al\u0131yor&#8221;<\/strong> kabusu. \u0130\u015fte ARIN&#8217;in IP tahsisi ve transfer politikalar\u0131ndaki en ufak bir de\u011fi\u015fiklik bile, \u00f6zellikle global ayak izi olan ekipler i\u00e7in bu t\u00fcr geceleri tetikleyebiliyor.<\/p>\n<p>\u015eu anda siz de benzer \u015feylerle bo\u011fu\u015fuyor musunuz? ARIN&#8217;den devrald\u0131\u011f\u0131n\u0131z bir <strong>IPv4 blo\u011funu<\/strong> veri merkezinden buluta ta\u015f\u0131rken, route obje g\u00fcncellemelerinde veya RPKI kay\u0131tlar\u0131nda tak\u0131l\u0131p m\u0131 kald\u0131n\u0131z? DNS TTL&#8217;leri, BGP anonslar\u0131 ve IPAM&#8217;deki kay\u0131tlar aras\u0131nda Excel maratonu mu yap\u0131yorsunuz? Ya da hukuki birimin masas\u0131na d\u00fc\u015fen bir <strong>policy update PDF&#8217;i<\/strong> y\u00fcz\u00fcnden, <em>&#8220;bu bizi etkiliyor mu?&#8221;<\/em> sorusuna yan\u0131t arayan tek ki\u015fi siz misiniz?<\/p>\n<p>Bu yaz\u0131da sana, ARIN IP transfer politikalar\u0131ndaki g\u00fcncellemelerin operasyonel d\u00fcnyada ne anlama geldi\u011fini, ger\u00e7ek incident hik\u00e2yeleri, runbook \u00f6rnekleri ve \u00f6l\u00e7\u00fclebilir metriklerle anlataca\u011f\u0131m. \u00d6nce bu politikalar\u0131n neden bu kadar kritik oldu\u011funu konu\u015faca\u011f\u0131z. Sonra mimari ve operasyonel etkilerini, ard\u0131ndan da sahada uygulad\u0131\u011f\u0131m\u0131z bir <strong>&#8220;veri merkezi + bulut + ARIN&#8221;<\/strong> projesinin perde arkas\u0131n\u0131 payla\u015faca\u011f\u0131m. Son b\u00f6l\u00fcmde ise, ekibinle birlikte hemen yar\u0131n uygulayabilece\u011fin bir <strong>haz\u0131rl\u0131k runbook&#8217;u<\/strong> b\u0131rakaca\u011f\u0131m.<\/p>\n<h2 id=\"section-2\"><span id=\"ARIN_IP_Transfer_Politikalari_Neden_Bu_Kadar_Kritik\">ARIN IP Transfer Politikalar\u0131 Neden Bu Kadar Kritik?<\/span><\/h2>\n<h3><span id=\"IP_Adresleri_Artik_Sadece_Networkcunun_Sorunu_Degil\">IP Adresleri Art\u0131k Sadece Network\u00e7\u00fcn\u00fcn Sorunu De\u011fil<\/span><\/h3>\n<p>\u0130lk y\u0131llar\u0131mda IP adresleri neredeyse sadece network ekibinin derdiydi. Birka\u00e7 \/24, veri merkezinde bir iki VLAN, firewall&#8217;da birka\u00e7 kural\u2026 Bitti gitti. Son 10\u201315 y\u0131lda ise tablo tamamen de\u011fi\u015fti. Bug\u00fcn IP adresleri:<\/p>\n<p>\n&#8211; SLA&#8217;lerin i\u00e7ine girmi\u015f durumda (&#8220;\/24&#8217;\u00fcn\u00fcz route edilebilir olacak&#8221; diye s\u00f6zle\u015fme maddesi g\u00f6rd\u00fcm).<br \/>\n&#8211; M\u00fc\u015fteri s\u00f6zle\u015fmelerinde, hatta baz\u0131 reg\u00fclasyonlarda isim isim ge\u00e7iyor (&#8220;trafik X \u00fclke d\u0131\u015f\u0131na \u00e7\u0131kmayacak&#8221; gibi).<br \/>\n&#8211; DevOps ekiplerinin CI\/CD boru hatlar\u0131nda, Terraform state&#8217;lerinde, Kubernetes ingress tan\u0131mlar\u0131nda birebir kullan\u0131l\u0131yor.\n<\/p>\n<p>ARIN, RIPE, APNIC gibi RIR&#8217;lar\u0131n (Regional Internet Registry) <strong>transfer ve tahsis politikalar\u0131<\/strong> g\u00fcncellendik\u00e7e; sadece WHOIS \u00e7\u0131kt\u0131s\u0131 de\u011fi\u015fmiyor. Sizin route policy dok\u00fcmanlar\u0131n\u0131z, IPAM otomasyonlar\u0131n\u0131z, hatta m\u00fc\u015fteri ba\u011flant\u0131 \u015femalar\u0131n\u0131z da etkileniyor.<\/p>\n<h3><span id=\"ARIN8217in_Rolu_WHOIS_Kaydi_Degisir_Operasyon_Sallanir\">ARIN&#8217;in Rol\u00fc: WHOIS Kayd\u0131 De\u011fi\u015fir, Operasyon Sallan\u0131r<\/span><\/h3>\n<p>ARIN taraf\u0131nda IP transfer politikalar\u0131; \u00f6zellikle \u015fu alanlara dokunuyor:<\/p>\n<p>\n&#8211; <strong>Kaynak do\u011frulama<\/strong>: Hangi \u015firket hangi IP blo\u011funun yasal sahibi?<br \/>\n&#8211; <strong>Transfer \u015fartlar\u0131<\/strong>: Hangi ko\u015fullarda, hangi ihtiya\u00e7 ispatlar\u0131yla blok devri yap\u0131labilir?<br \/>\n&#8211; <strong>Inter-RIR transferleri<\/strong>: ARIN&#8217;den RIPE veya APNIC b\u00f6lgesine (ya da tersi) ge\u00e7i\u015fte ne istenir?<br \/>\n&#8211; <strong>IPv4 \/ IPv6 ili\u015fkisi<\/strong>: IPv4 transferi yaparken, IPv6 taraf\u0131nda ne te\u015fvik ediliyor veya bekleniyor?\n<\/p>\n<p>Buradaki k\u00fc\u00e7\u00fck bir kural de\u011fi\u015fikli\u011fi, mesela <strong>&#8220;organizasyonlar aras\u0131 transferde ihtiya\u00e7 ispat s\u00fcresi&#8221;<\/strong> veya <strong>&#8220;\u015firket birle\u015fmelerinde dok\u00fcmantasyon gereksinimi&#8221;<\/strong> gibi maddeler; sizin proje planlar\u0131n\u0131z\u0131 kayd\u0131rabilir. Hukuk birimiyle imzalanm\u0131\u015f bir M&amp;A (birle\u015fme &amp; sat\u0131n alma) anla\u015fmas\u0131nda IP bloklar\u0131n\u0131n ge\u00e7i\u015f tarihi sabitken, ARIN taraf\u0131ndaki onay s\u00fcreci iki hafta uzarsa; prod trafik ge\u00e7i\u015f plan\u0131n\u0131z da kayar. Sonra ne olur? Bir Cuma gecesi migration plan\u0131 iptal, pazartesi sabah\u0131 herkes size bakar.<\/p>\n<h3><span id=\"8220Policy8221_Dedigin_Sey_Sonunda_Latency8217e_Dokunuyor\">&#8220;Policy&#8221; Dedi\u011fin \u015eey Sonunda Latency&#8217;e Dokunuyor<\/span><\/h3>\n<p>Bu politikalar\u0131n operasyonel metriklere etkisini g\u00f6rmezden gelmek kolay. Ama ger\u00e7ekte; ARIN seviyesinde al\u0131nan kararlar, sizin \u015fu metriklerinize kadar iniyor:<\/p>\n<p>\n&#8211; <strong>Mean Time To Recovery (MTTR)<\/strong>: BGP incident&#8217;lar\u0131nda route objeleriniz ve RPKI kay\u0131tlar\u0131n\u0131z g\u00fcncel de\u011filse, MTTR dakikalardan saatlere kayabilir.<br \/>\n&#8211; <strong>Change Failure Rate<\/strong>: IP ta\u015f\u0131ma, ASN de\u011fi\u015fikli\u011fi ve prefix g\u00fcncellemeleri s\u0131ras\u0131nda; do\u011fru policy&#8217;ye g\u00f6re planlama yapmad\u0131\u011f\u0131n\u0131zda roll-back oran\u0131n\u0131z artar.<br \/>\n&#8211; <strong>Availability (SLA)<\/strong>: Transfer s\u00fcrecinde \u00e7ift anons, yanl\u0131\u015f ROA, eksik IRR kayd\u0131 gibi hatalar; %99.95 uptime s\u00f6z\u00fcn\u00fcz\u00fc bo\u015fa \u00e7\u0131karabilir.\n<\/p>\n<p>Benim sahada g\u00f6rd\u00fc\u011f\u00fcm en kritik nokta \u015fu: <strong>Politika de\u011fi\u015fiklikleri her zaman teknik ekiplerin radar\u0131na zaman\u0131nda girmiyor.<\/strong> Genelde ilk e-posta hukuka veya y\u00f6netici ekibe d\u00fc\u015f\u00fcyor, onlar da &#8220;bir ara bakar\u0131z&#8221; diye etiketliyor. Sonra bir g\u00fcn bir bak\u0131yorsunuz; ARIN&#8217;e g\u00f6re sahibi de\u011fi\u015fmi\u015f bir blok, sizin prod edge router&#8217;\u0131n\u0131zda h\u00e2l\u00e2 eski ASN ad\u0131na anons ediliyor.<\/p>\n<h2 id=\"section-3\"><span id=\"Yeni_ARIN_IP_Transfer_Politikalarinin_Teknik_Etkileri\">Yeni ARIN IP Transfer Politikalar\u0131n\u0131n Teknik Etkileri<\/span><\/h2>\n<h3><span id=\"Needs-Based_Justification_IPv4_Acligi_ve_Gercek_Dunyadaki_Yansimasi\">Needs-Based Justification, IPv4 A\u00e7l\u0131\u011f\u0131 ve Ger\u00e7ek D\u00fcnyadaki Yans\u0131mas\u0131<\/span><\/h3>\n<p>Uzun y\u0131llard\u0131r ARIN taraf\u0131nda temel prensiplerden biri, <strong>&#8220;ihtiya\u00e7 bazl\u0131 tahsis&#8221;<\/strong> (needs-based justification) oldu. Yani bir IP blo\u011funu isterken ya da transfer ederken, ger\u00e7ekten bu IP&#8217;lere ihtiyac\u0131n\u0131z oldu\u011funu ispatlaman\u0131z bekleniyor. IPv4 tamamen bitme noktas\u0131na geldik\u00e7e, bu konu daha da s\u0131k\u0131 takip edilir hale geldi.<\/p>\n<p>Son d\u00f6nemde yap\u0131lan ve taslaklarda tart\u0131\u015f\u0131lan politika g\u00fcncellemelerinde, \u00f6zellikle \u015fu ba\u015fl\u0131klar \u00f6ne \u00e7\u0131k\u0131yor:<\/p>\n<p>\n&#8211; Baz\u0131 transfer t\u00fcrlerinde <strong>daha net ihtiya\u00e7 ispat kriterleri<\/strong> konulmas\u0131.<br \/>\n&#8211; Organizasyon birle\u015fmeleri, b\u00f6l\u00fcnmeleri ve marka de\u011fi\u015fikliklerinde <strong>daha detayl\u0131 dok\u00fcmantasyon<\/strong> istenmesi.<br \/>\n&#8211; Inter-RIR transferlerinde, ARIN ile di\u011fer RIR&#8217;lar aras\u0131nda <strong>uyumla\u015ft\u0131r\u0131lm\u0131\u015f kurallar<\/strong> i\u00e7in ad\u0131mlar at\u0131lmas\u0131.\n<\/p>\n<p>Bu, pratikte sizin i\u00e7in ne demek? \u00d6rne\u011fin, bir bulut sa\u011flay\u0131c\u0131dan ba\u015fka bir sa\u011flay\u0131c\u0131ya migration planl\u0131yorsan\u0131z ve kendi IP bloklar\u0131n\u0131z\u0131 da ta\u015f\u0131yacaksan\u0131z, ARIN taraf\u0131ndaki transfer onay\u0131 gecikti\u011fi i\u00e7in haftalarca <strong>two-homed, \u00e7ift anonslu<\/strong> bir yap\u0131 tutmak zorunda kalabilirsiniz. Bu da hem maliyeti art\u0131r\u0131r, hem de konfig\u00fcrasyon karma\u015f\u0131kl\u0131\u011f\u0131n\u0131.<\/p>\n<h3><span id=\"RPKI_IRR_Route_Objeleri_Sadece_Kagit_Ustunde_Kalmayan_Detaylar\">RPKI, IRR, Route Objeleri: Sadece Ka\u011f\u0131t \u00dcst\u00fcnde Kalmayan Detaylar<\/span><\/h3>\n<p>ARIN politikalar\u0131ndaki en k\u00fc\u00e7\u00fck de\u011fi\u015fiklik bile, a\u015fa\u011f\u0131daki alanlarda yeniden g\u00f6zden ge\u00e7irme gerektiriyor:<\/p>\n<p>\n&#8211; <strong>RPKI ROA kay\u0131tlar\u0131<\/strong>: Hangi ASN hangi prefix&#8217;i anons edebilir?<br \/>\n&#8211; <strong>IRR (Internet Routing Registry) objeleri<\/strong>: Route, route6, as-set tan\u0131mlar\u0131n\u0131z g\u00fcncel mi?<br \/>\n&#8211; <strong>WHOIS kay\u0131tlar\u0131<\/strong>: Organizasyon isimleri, ileti\u015fim bilgileri ve abuse contact&#8217;lar do\u011fru mu?\n<\/p>\n<p>Bir projede, ARIN&#8217;den devrald\u0131\u011f\u0131m\u0131z bir \/20 blo\u011fu yeni bir t\u00fczel ki\u015fili\u011fe ta\u015f\u0131rken; hukuk taraf\u0131 \u015firket ismini de\u011fi\u015ftirip tescilini halletmi\u015fti ama <strong>WHOIS ve RPKI g\u00fcncellemeleri<\/strong> iki hafta gecikti. Sonu\u00e7 olarak, baz\u0131 upstream sa\u011flay\u0131c\u0131lar yeni ASN&#8217;den gelen anonslara g\u00fcvenmedi ve <strong>&#8220;prefix not allowed&#8221;<\/strong> diyerek filtreledi. Monitoring&#8217;de \u015f\u00f6yle loglar g\u00f6r\u00fcyorduk:<\/p>\n<pre class=\"language-bash line-numbers\"><code class=\"language-bash\">[Edge-US1] %BGP-4-BGP_LOG: 203.0.113.0\/20 prefix denied: invalid ROA\n[Edge-EU2] %BGP-4-BGP_LOG: RPKI: route validation failed for 203.0.113.0\/20\n<\/code><\/pre>\n<p>Bu tam bir <strong>&#8220;network her \u015feyi do\u011fru yapt\u0131 ama kay\u0131tlar yanl\u0131\u015f&#8221;<\/strong> \u00f6rne\u011fiydi. ARIN taraf\u0131ndaki transfer tamamlanm\u0131\u015f, s\u00f6zle\u015fmeler imzalanm\u0131\u015f ama otomasyonumuz WHOIS ve RPKI taraf\u0131n\u0131 <strong>&#8220;post-migration step&#8221;<\/strong> olarak b\u0131rakm\u0131\u015ft\u0131. \u0130\u015fte politika de\u011fi\u015fiklikleri geldi\u011finde, bu t\u00fcr ba\u011f\u0131ml\u0131l\u0131klar\u0131 netle\u015ftiren runbook&#8217;lar\u0131n\u0131z yoksa, incident&#8217;lar\u0131n\u0131z \u00e7ok daha s\u0131k ve karma\u015f\u0131k hale geliyor.<\/p>\n<h3><span id=\"CLI_ve_IPAM_Ciktilari_Sahadaki_Karmasa\">CLI ve IPAM \u00c7\u0131kt\u0131lar\u0131: Sahadaki Karma\u015fa<\/span><\/h3>\n<p>Bir gece yapt\u0131\u011f\u0131m\u0131z root-cause analizde, ayn\u0131 IP blo\u011fu i\u00e7in \u00fc\u00e7 farkl\u0131 ger\u00e7eklik g\u00f6rd\u00fck:<\/p>\n<pre class=\"language-bash line-numbers\"><code class=\"language-bash\"># ARIN WHOIS kayd\u0131 (hen\u00fcz g\u00fcncellenmemi\u015f)\n$ whois 203.0.113.0\nNetRange:       203.0.113.0 - 203.0.113.255\nOrgName:        OldCorp Inc\n...\n\n# BGP table (yeni ASN'den anons)\n$ birdc show route 203.0.113.0\/24\n203.0.113.0\/24 via 192.0.2.1 on transit1 [bgp-transit1] * (100) [AS65050]\n\n# \u0130\u00e7 IPAM sistemi (terraform managed)\n\u00bb 203.0.113.0\/24 assigned_to = 'NewCorp-Prod-Edge-US'\n<\/code><\/pre>\n<p>\u00dc\u00e7 farkl\u0131 sistem, \u00fc\u00e7 farkl\u0131 &#8220;do\u011fru&#8221;ya i\u015faret ediyordu. ARIN&#8217;in transfer politikalar\u0131ndaki g\u00fcncelleme, asl\u0131nda hukuken sahipli\u011fi netle\u015ftirmi\u015fti; ama bizim toolchain bunu yans\u0131tamam\u0131\u015ft\u0131. Buradan ald\u0131\u011f\u0131m\u0131z en b\u00fcy\u00fck ders: <strong>IP adresi sahipli\u011fi ve anons eden ASN bilgisinin, IPAM ile RPKI\/IRR aras\u0131nda otomatik senkronize edilmesi<\/strong> gerekiyor.<\/p>\n<h2 id=\"section-4\"><span id=\"Gercek_Bir_Proje_Veri_Merkezinden_Buluta_IP_Tasima_ve_ARIN\">Ger\u00e7ek Bir Proje: Veri Merkezinden Buluta IP Ta\u015f\u0131ma ve ARIN<\/span><\/h2>\n<h3><span id=\"Durum_Eski_Veri_Merkezi_Yeni_Bulut_Ortada_ARIN\">Durum: Eski Veri Merkezi, Yeni Bulut, Ortada ARIN<\/span><\/h3>\n<p>Birka\u00e7 y\u0131l \u00f6nce, Kuzey Amerika&#8217;da b\u00fcy\u00fck bir m\u00fc\u015fteri i\u00e7in \u00e7al\u0131\u015f\u0131yorduk. Ellerinde ARIN tahsisli birka\u00e7 \/21 ve \/22 blok vard\u0131. Plan \u015fuydu:<\/p>\n<p>\n&#8211; Eski on-prem veri merkezini kapatacaklard\u0131.<br \/>\n&#8211; Trafi\u011fin b\u00fcy\u00fck k\u0131sm\u0131 iki farkl\u0131 public cloud&#8217;a ta\u015f\u0131nacakt\u0131.<br \/>\n&#8211; Kendi IP bloklar\u0131n\u0131 hem CDN, hem de direct connect ba\u011flant\u0131lar\u0131nda kullanmak istiyorlard\u0131.\n<\/p>\n<p>\u0130\u015fin zorlay\u0131c\u0131 yan\u0131, \u015firketin ikiye b\u00f6l\u00fcnmesi ve bir k\u0131sm\u0131n\u0131n sat\u0131lmas\u0131yd\u0131. Yani ARIN taraf\u0131nda <strong>organizasyon b\u00f6l\u00fcnmesi + IP bloklar\u0131n\u0131n yeni entitilere transferi<\/strong> s\u00f6z konusuydu. Tam bu s\u0131rada, ARIN taraf\u0131nda transfer politika dok\u00fcman\u0131nda yap\u0131lan g\u00fcncellemeler, \u00f6zellikle <strong>dok\u00fcmantasyon ve ihtiya\u00e7 ispat\u0131<\/strong> k\u0131s\u0131mlar\u0131n\u0131 daha net hale getirmi\u015fti.<\/p>\n<p>\u0130lk yapt\u0131\u011f\u0131m\u0131z hata, bu de\u011fi\u015fiklikleri <strong>&#8220;network policy&#8221;<\/strong> gibi g\u00f6r\u00fcp, proje plan\u0131na ciddi bir risk fakt\u00f6r\u00fc olarak koymamakt\u0131. Sonu\u00e7: Cutover tarihine 10 g\u00fcn kala, ARIN taraf\u0131nda h\u00e2l\u00e2 iki \u00f6nemli transfer beklemedeydi.<\/p>\n<h3><span id=\"Post-Mortem_Nerede_Cuvalladik\">Post-Mortem: Nerede \u00c7uvallad\u0131k?<\/span><\/h3>\n<p>Olay bittikten sonra yapt\u0131\u011f\u0131m\u0131z retrospektifte, beyaz tahtada \u015fu ba\u015fl\u0131klar vard\u0131:<\/p>\n<p>\n&#8211; ARIN ticket&#8217;lar\u0131 ile proje task&#8217;lar\u0131 aras\u0131nda <strong>ba\u011flant\u0131 yoktu<\/strong>.<br \/>\n&#8211; Hukuk ekibi ve network ekibi aras\u0131nda <strong>tek bir ortak &#8220;IP transfer owner&#8221;<\/strong> tan\u0131mlanmam\u0131\u015ft\u0131.<br \/>\n&#8211; Transfer s\u00fcrecinin IPAM, Terraform ve BGP konfig\u00fcrasyonlar\u0131na etkisi <strong>net modellenmemi\u015fti<\/strong>.\n<\/p>\n<p>Bir timeline \u00e7\u0131kard\u0131k ve \u015fu an\u0131 kritik olarak i\u015faretledik:<\/p>\n<pre class=\"language-bash line-numbers\"><code class=\"language-bash\">Day -30: ARIN'e ilk transfer ba\u015fvurular\u0131 yap\u0131ld\u0131.\nDay -14: ARIN ek dok\u00fcman istedi. (hukuk ekibinin inbox'\u0131nda kayboldu)\nDay -7: Change freeze \u00f6ncesi son hafta, ARIN cevab\u0131 h\u00e2l\u00e2 bekleniyor.\nDay -3: Cutover plan\u0131 revize edildi, baz\u0131 servisler eski ASN'de b\u0131rak\u0131ld\u0131.\nCutover Night: EU kullan\u0131c\u0131lar\u0131n\u0131n bir k\u0131sm\u0131 eski DC'ye, bir k\u0131sm\u0131 yeni edge'e gitti.\n<\/code><\/pre>\n<p>Bu olayda uptime metriklerimiz korkutucu de\u011fildi; toplamda yakla\u015f\u0131k <strong>27 dakikal\u0131k k\u0131smi eri\u015filebilirlik sorunu<\/strong> ya\u015fand\u0131. Ama <strong>teknik bor\u00e7<\/strong> olarak \u00fczerimizde kalan y\u00fck \u00e7ok daha b\u00fcy\u00fckt\u00fc: \u0130ki hafta boyunca \u00e7ift anons, karma\u015f\u0131k firewall kurallar\u0131 ve DNS y\u00f6nlendirmeleriyle ya\u015fad\u0131k.<\/p>\n<h3><span id=\"Bu_Projede_Nasil_Cozduk\">Bu Projede Nas\u0131l \u00c7\u00f6zd\u00fck?<\/span><\/h3>\n<p>\u0130kinci fazda, kalan bloklar i\u00e7in \u00e7ok daha disiplinli bir yakla\u015f\u0131m benimsedik. Att\u0131\u011f\u0131m\u0131z ad\u0131mlar kabaca \u015f\u00f6yleydi:<\/p>\n<p>\n&#8211; \u00d6nce t\u00fcm IP bloklar\u0131n\u0131, ARIN WHOIS, IRR ve RPKI kay\u0131tlar\u0131yla <strong>yan yana k\u0131yaslayan bir script<\/strong> yazd\u0131k.<br \/>\n&#8211; IPAM (biz NetBox kullan\u0131yorduk) i\u00e7ine, her prefix i\u00e7in <strong>&#8220;arin_org_id&#8221;, &#8220;rir_status&#8221; ve &#8220;roa_state&#8221;<\/strong> alanlar\u0131 ekledik.<br \/>\n&#8211; Terraform mod\u00fcllerine, prefix objesi olu\u015ftururken bu alanlar\u0131 da zorunlu yapt\u0131k.\n<\/p>\n<p>Script&#8217;ten bir \u00f6rnek \u00e7\u0131kt\u0131 \u015f\u00f6yleydi:<\/p>\n<pre class=\"language-bash line-numbers\"><code class=\"language-bash\">$ .\/check_prefix_compliance.py --prefix 203.0.113.0\/24\nPrefix: 203.0.113.0\/24\nARIN Org:     NEWCORP-US\nIPAM Org:     NEWCORP-US\nRPKI State:   valid\nIRR Route:    present (AS65050)\nStatus:       OK\n\n$ .\/check_prefix_compliance.py --prefix 198.51.100.0\/24\nPrefix: 198.51.100.0\/24\nARIN Org:     OLDCORP-LEGACY\nIPAM Org:     NEWCORP-EU\nRPKI State:   not_found\nIRR Route:    missing\nStatus:       MISMATCH (action required)\n<\/code><\/pre>\n<p>Bu basit check bile, cutover \u00f6ncesi <strong>&#8220;k\u0131rm\u0131z\u0131 liste&#8221;<\/strong>yi netle\u015ftirmemizi sa\u011flad\u0131. ARIN taraf\u0131nda g\u00fcncellenmemi\u015f bloklar i\u00e7in proje plan\u0131n\u0131 ba\u015ftan revize ettik; baz\u0131 servisleri bilin\u00e7li olarak <strong>&#8220;phase 2&#8221;<\/strong>ye erteledik.<\/p>\n<h3><span id=\"DevOps_Boru_Hattina_ARIN_Gercegini_Gommek\">DevOps Boru Hatt\u0131na ARIN Ger\u00e7e\u011fini G\u00f6mmek<\/span><\/h3>\n<p>En b\u00fcy\u00fck kazan\u0131m\u0131m\u0131z, IP hayat d\u00f6ng\u00fcs\u00fcn\u00fc CI\/CD&#8217;nin do\u011fal bir par\u00e7as\u0131 haline getirmek oldu. \u015e\u00f6yle bir <strong>IP lifecycle pipeline<\/strong> tasarlad\u0131k:<\/p>\n<pre class=\"language-bash line-numbers\"><code class=\"language-bash\">IP Request (Jira) -&gt;\n  Approval (Network + Legal) -&gt;\n    ARIN\/Registry Tasks (if needed) -&gt;\n      IPAM Update (NetBox API) -&gt;\n        Terraform Plan\/Apply -&gt;\n          RPKI\/IRR Automation -&gt;\n            Monitoring Checks\n<\/code><\/pre>\n<p>Terraform taraf\u0131nda da, her prefix i\u00e7in bir <strong>&#8220;compliance&#8221;<\/strong> blo\u011fu tan\u0131mlad\u0131k:<\/p>\n<pre class=\"language-bash line-numbers\"><code class=\"language-bash\">resource &quot;netbox_prefix&quot; &quot;prod_edge_us&quot; {\n  prefix      = &quot;203.0.113.0\/24&quot;\n  status      = &quot;active&quot;\n  description = &quot;Prod Edge US&quot;\n\n  custom_fields = {\n    arin_org_id = &quot;NEWCORP-US&quot;\n    rir_status  = &quot;assigned&quot;\n  }\n}\n\nresource &quot;rpki_roa&quot; &quot;prod_edge_us&quot; {\n  prefix     = &quot;203.0.113.0\/24&quot;\n  max_length = 24\n  asn        = 65050\n}\n<\/code><\/pre>\n<p>B\u00f6ylece, ARIN taraf\u0131ndaki politik de\u011fi\u015fiklikler geldi\u011finde; \u00f6rne\u011fin belirli bir blok i\u00e7in transfer tamamlanmadan ROA olu\u015fturulmas\u0131 gerekiyorsa, bu \u015fartlar\u0131 Terraform taraf\u0131nda <strong>policy as code<\/strong> olarak tan\u0131mlayabildik. Pipeline&#8217;da <strong>&#8220;transfer_in_progress&#8221;<\/strong> alan\u0131na bakarak, belirli resource&#8217;lar\u0131 olu\u015fturmay\u0131 engelledik.<\/p>\n<h2 id=\"section-5\"><span id=\"Runbook_ARIN_IP_Transfer_Degisikliklerine_Nasil_Hazirlanirsin\">Runbook: ARIN IP Transfer De\u011fi\u015fikliklerine Nas\u0131l Haz\u0131rlan\u0131rs\u0131n?<\/span><\/h2>\n<h3><span id=\"1_Organizasyonel_Envanteri_Cikar_Hangi_IP_Kimin\">1. Organizasyonel Envanteri \u00c7\u0131kar: Hangi IP Kimin?<\/span><\/h3>\n<p>\u0130lk yap\u0131lacak \u015fey, elinizdeki IP bloklar\u0131n\u0131n ger\u00e7ek bir envanterini \u00e7\u0131karmak. Bunu Excel ile de yapabilirsiniz ama ben her zaman <strong>script + IPAM<\/strong> kombinasyonunu \u00f6neriyorum. Basit bir ba\u015flang\u0131\u00e7 i\u00e7in, ARIN WHOIS&#8217;den ve kendi router&#8217;lar\u0131n\u0131zdan veri \u00e7ekip k\u0131yaslayan bir script yeterli:<\/p>\n<pre class=\"language-bash line-numbers\"><code class=\"language-bash\">$ .\/inventory_prefixes.sh --source arin --source bgp --output inventory.csv\n<\/code><\/pre>\n<p>Runbook ad\u0131m\u0131 olarak \u015funu yaz\u0131n:<\/p>\n<ul>\n<li>T\u00fcm ARIN tahsisli prefix&#8217;leri \u00e7ek.<\/li>\n<li>Her prefix i\u00e7in anons eden ASN&#8217;i BGP tablosundan tespit et.<\/li>\n<li>IPAM&#8217;deki organizasyon bilgisiyle k\u0131yasla.<\/li>\n<li>Tutars\u0131zl\u0131klar\u0131 etiketle (MISMATCH, ORPHAN, LEGACY vb.).<\/li>\n<\/ul>\n<p>Bu liste olmadan, politika de\u011fi\u015fikliklerinin sizi nereden vuraca\u011f\u0131n\u0131 bilemezsiniz.<\/p>\n<h3><span id=\"2_ARIN_Policy_Degisikliklerini_Teknik_Risklere_Cevir\">2. ARIN Policy De\u011fi\u015fikliklerini Teknik Risklere \u00c7evir<\/span><\/h3>\n<p>ARIN yeni bir transfer politikas\u0131 yay\u0131nlad\u0131\u011f\u0131nda veya mevcut olan\u0131 g\u00fcncelledi\u011finde, tipik olarak bir <strong>PDF veya web sayfas\u0131<\/strong> olarak \u00f6n\u00fcn\u00fcze d\u00fc\u015fer. Bunu teknik riske \u00e7evirmek i\u00e7in ekiple k\u00fc\u00e7\u00fck bir <strong>mini-retro<\/strong> yap\u0131n. Beyaz tahtaya \u00fc\u00e7 s\u00fctun \u00e7izin:<\/p>\n<p>\n&#8211; <strong>Policy Maddesi<\/strong><br \/>\n&#8211; <strong>Teknik Etki<\/strong><br \/>\n&#8211; <strong>\u0130lgili Sistem\/Runbook<\/strong>\n<\/p>\n<p>\u00d6rne\u011fin, \u015f\u00f6yle bir madde olsun (\u00f6rnekliyorum): <em>&#8220;Organizasyon birle\u015fmelerinde, IP blok transferi i\u00e7in ek \u015firket kay\u0131t belgeleri gereklidir.&#8221;<\/em> Bunu \u015f\u00f6yle de\u015fifre edebilirsiniz:<\/p>\n<p>\n&#8211; Teknik etki: M&amp;A sonras\u0131 IP cutover tarihleri, minimum +2 hafta buffer ile planlanmal\u0131.<br \/>\n&#8211; \u0130lgili sistem: Jira change template&#8217;ine &#8220;ARIN transfer onay\u0131 al\u0131nd\u0131&#8221; checkbox&#8217;\u0131 eklenmeli.\n<\/p>\n<h3><span id=\"3_CICD8217ye_Guardrail_Ekleyin_Policy_as_Code\">3. CI\/CD&#8217;ye Guardrail Ekleyin: Policy as Code<\/span><\/h3>\n<p>Benim en sevdi\u011fim k\u0131s\u0131m buras\u0131. IP transfer politikalar\u0131n\u0131 birebir otomasyona \u00e7eviremezsiniz ama belirli koruma \u015feritleri (guardrail) tan\u0131mlayabilirsiniz. \u00d6rne\u011fin:<\/p>\n<ul>\n<li>Prod ortam\u0131nda kullan\u0131lacak her yeni prefix i\u00e7in, IPAM&#8217;de <strong>&#8220;rir_status = assigned&#8221;<\/strong> zorunlu olsun.<\/li>\n<li>RPKI ROA kayd\u0131 olmayan hi\u00e7bir prefix, edge router&#8217;larda anons edilmesin (veya en az\u0131ndan bir uyar\u0131 \u00fcretilsin).<\/li>\n<li>ARIN taraf\u0131nda transfer s\u00fcrecinde oldu\u011fu i\u015faretlenen prefix&#8217;ler i\u00e7in, Terraform taraf\u0131nda sadece &#8220;staging&#8221; tag&#8217;li ortamda kullan\u0131m\u0131na izin verilsin.<\/li>\n<\/ul>\n<p>Bunu basit bir pre-commit hook veya pipeline a\u015famas\u0131 olarak ekleyebilirsiniz:<\/p>\n<pre class=\"language-bash line-numbers\"><code class=\"language-bash\">stage('IP Compliance Check') {\n  steps {\n    sh '.\/scripts\/check_ip_compliance.sh --env prod'\n  }\n}\n<\/code><\/pre>\n<p>Bu a\u015fama, \u00f6rne\u011fin a\u015fa\u011f\u0131daki gibi bir output verdi\u011finde pipeline&#8217;\u0131 k\u0131rmal\u0131:<\/p>\n<pre class=\"language-bash line-numbers\"><code class=\"language-bash\">[ERROR] Prefix 198.51.100.0\/24 has rir_status = 'transfer_pending'.\n[ERROR] Prod environment cannot use prefixes in transfer_pending state.\n<\/code><\/pre>\n<h3><span id=\"4_Monitoring8217i_Sadece_Latency_Icin_Degil_Kayit_Tutarliligi_Icin_de_Kullanin\">4. Monitoring&#8217;i Sadece Latency \u0130\u00e7in De\u011fil, Kay\u0131t Tutarl\u0131l\u0131\u011f\u0131 \u0130\u00e7in de Kullan\u0131n<\/span><\/h3>\n<p>Bir\u00e7ok ekip, monitoring&#8217;i sadece latency, error rate ve throughput i\u00e7in kullan\u0131yor. ARIN politikalar\u0131ndaki de\u011fi\u015fikliklere uyumda ise <strong>&#8220;config &amp; kay\u0131t tutarl\u0131l\u0131\u011f\u0131&#8221;<\/strong>n\u0131 izlemek de kritik. Biz birka\u00e7 projede \u015funlar\u0131 yapt\u0131k:<\/p>\n<p>\n&#8211; Her prefix i\u00e7in, belirli aral\u0131klarla <strong>RPKI do\u011frulama durumu<\/strong>nu toplayan bir exporter yazd\u0131k.<br \/>\n&#8211; WHOIS ve IRR kay\u0131tlar\u0131ndaki de\u011fi\u015fiklikleri diff&#8217;leyip, Prometheus&#8217;a <strong>&#8220;prefix_mismatch&#8221;<\/strong> metri\u011fi olarak ittik.<br \/>\n&#8211; Grafana&#8217;da, IP bloklar\u0131n\u0131n <strong>&#8220;green\/yellow\/red&#8221;<\/strong> durumunu g\u00f6steren bir dashboard olu\u015fturduk.\n<\/p>\n<p>\u00d6rne\u011fin, Prometheus metri\u011fi \u015f\u00f6yle g\u00f6r\u00fcn\u00fcyordu:<\/p>\n<pre class=\"language-bash line-numbers\"><code class=\"language-bash\">ip_prefix_compliance{prefix=&quot;203.0.113.0\/24&quot;, field=&quot;rpkistate&quot;} 1\nip_prefix_compliance{prefix=&quot;198.51.100.0\/24&quot;, field=&quot;rpkistate&quot;} 0\n<\/code><\/pre>\n<p>Burada 1 = uyumlu, 0 = uyumsuz olarak i\u015fliyorduk. ARIN taraf\u0131ndaki her b\u00fcy\u00fck politika g\u00fcncellemesinden sonra, bu dashboard&#8217;a bakarak hangi bloklar\u0131n riskli oldu\u011funu birka\u00e7 dakikada g\u00f6rebiliyorduk.<\/p>\n<h3><span id=\"5_Hukuk_Network_DevOps_Tek_Bir_Masaya_Oturun\">5. Hukuk, Network, DevOps: Tek Bir Masaya Oturun<\/span><\/h3>\n<p>Teknik olarak en iyi pipeline&#8217;\u0131 da kursan\u0131z, ARIN ile yaz\u0131\u015fan ki\u015fi ile BGP router&#8217;lar\u0131n\u0131 y\u00f6neten ki\u015fi farkl\u0131 d\u00fcnyalarda ya\u015f\u0131yorsa, gecenin bir yar\u0131s\u0131 yine siz uyan\u0131rs\u0131n\u0131z. Bu y\u00fczden, ben her politika de\u011fi\u015fikli\u011finde \u015fu basit rit\u00fceli \u00f6neriyorum:<\/p>\n<ul>\n<li>30 dakikal\u0131k bir <strong>&#8220;policy review&#8221;<\/strong> toplant\u0131s\u0131 yap\u0131n.<\/li>\n<li>Kat\u0131l\u0131mc\u0131lar: Hukuk, Network, DevOps, gerekirse Security.<\/li>\n<li>Ajanda: Son de\u011fi\u015fiklik ne, hangi IP bloklar\u0131n\u0131 etkileyebilir, hangi projelerin takvimini kayd\u0131r\u0131r?<\/li>\n<li>\u00c7\u0131kt\u0131: Jira&#8217;da en az 2\u20133 action item, sahipleri belli.<\/li>\n<\/ul>\n<p>Bu k\u00fc\u00e7\u00fck yat\u0131r\u0131m, gecenin \u00fc\u00e7\u00fcnde at\u0131lacak onlarca Slack mesaj\u0131ndan \u00e7ok daha ucuz.<\/p>\n<h2 id=\"section-6\"><span id=\"Kapanis_IP_Adresleri_Sadece_Sayi_Degil_Surectir\">Kapan\u0131\u015f: IP Adresleri Sadece Say\u0131 De\u011fil, S\u00fcre\u00e7tir<\/span><\/h2>\n<p>Yaz\u0131n\u0131n ba\u015f\u0131nda anlatt\u0131\u011f\u0131m gibi, bir gece ans\u0131z\u0131n pager&#8217;\u0131n\u0131z\u0131 uyand\u0131ran \u015fey \u00e7o\u011fu zaman tek bir hatal\u0131 komut de\u011fildir. Genelde arkada, haftalarca hatta aylarca biriken <strong>k\u00fc\u00e7\u00fck ihmal zincirleri<\/strong> vard\u0131r: G\u00fcncellenmemi\u015f bir ARIN kayd\u0131, bekleyen bir transfer talebi, RPKI taraf\u0131nda unutulmu\u015f bir ROA, IPAM&#8217;de &#8220;ge\u00e7ici&#8221; diye i\u015faretlenmi\u015f ama prod&#8217;a s\u0131zm\u0131\u015f bir prefix\u2026<\/p>\n<p>ARIN IP transfer politikalar\u0131 g\u00fcncellendik\u00e7e, riskleriniz de statik kalm\u0131yor. Ama bu k\u00f6t\u00fc bir haber de\u011fil; do\u011fru ele ald\u0131\u011f\u0131n\u0131zda, bu de\u011fi\u015fiklikler asl\u0131nda <strong>IP y\u00f6netim s\u00fcre\u00e7lerinizi olgunla\u015ft\u0131rman\u0131z i\u00e7in bir f\u0131rsat<\/strong>. \u00c7\u00fcnk\u00fc her yeni kural, sizden daha iyi kay\u0131t tutman\u0131z\u0131, daha net sahiplik tan\u0131mlaman\u0131z\u0131, daha otomatize bir IP lifecycle s\u00fcreci kurman\u0131z\u0131 istiyor.<\/p>\n<p>Ekiplerime hep \u015funu s\u00f6yl\u00fcyorum: <em>&#8220;IP adresi, log sat\u0131r\u0131nda g\u00f6rd\u00fc\u011f\u00fcn say\u0131dan ibaret de\u011fil; arkas\u0131nda s\u00f6zle\u015fme, reg\u00fclasyon, politika, m\u00fc\u015fteri beklentisi ve tabii ki senin pager&#8217;\u0131n var.&#8221;<\/em> ARIN&#8217;den gelen bir politika g\u00fcncellemesini sadece hukukun konusu olarak g\u00f6r\u00fcrsen, yar\u0131n prod ortam\u0131nda BGP tablosuyla kavga etme ihtimalin artar. Ama bug\u00fcn bir runbook yaz\u0131p, CI\/CD&#8217;ye birka\u00e7 guardrail ekleyip, IPAM&#8217;i tek ger\u00e7ek kaynak haline getirirsen; o geceyi b\u00fcy\u00fck ihtimalle uyuyarak ge\u00e7irirsin.<\/p>\n<p>Buradan \u00e7\u0131kartabilece\u011fin operasyonel aksiyon maddelerini h\u0131zl\u0131ca toparlayay\u0131m:<\/p>\n<ul>\n<li>Elindeki t\u00fcm ARIN tahsisli bloklar i\u00e7in <strong>tek bir envanter<\/strong> olu\u015ftur.<\/li>\n<li>IPAM&#8217;i (NetBox, phpIPAM, ne kullan\u0131yorsan) <strong>WHOIS, RPKI ve IRR ile uyumlu hale getir<\/strong>.<\/li>\n<li>Terraform\/CI pipeline&#8217;\u0131na basit <strong>IP compliance<\/strong> kontrolleri ekle.<\/li>\n<li>Hukuk, Network ve DevOps aras\u0131nda <strong>&#8220;IP transfer owner&#8221;<\/strong> rol\u00fcn\u00fc netle\u015ftir.<\/li>\n<li>Her b\u00fcy\u00fck ARIN politika g\u00fcncellemesinden sonra, en az\u0131ndan 30 dakikal\u0131k bir teknik de\u011ferlendirme yap.<\/li>\n<\/ul>\n<p>Unutma, ARIN taraf\u0131nda g\u00fcncellenen her sat\u0131r, senin operasyon d\u00fcnyanda bir de\u011fi\u015fkeni oynat\u0131yor. Bu de\u011fi\u015fkeni rastgele de\u011fil, tasarlanm\u0131\u015f bir sistemin par\u00e7as\u0131 haline getirirsen; IP transferleri senin i\u00e7in kriz de\u011fil, s\u0131radan bir change ticket&#8217;\u0131 olur. Ve i\u015fte o zaman, gece gelen pager&#8217;lar\u0131n say\u0131s\u0131 ger\u00e7ekten azalmaya ba\u015flar.<\/p>\n<p>E\u011fer ekibinle bu s\u00fcreci kurgularken tak\u0131ld\u0131\u011f\u0131n\u0131z noktalar olursa, bunu bir <strong>retrospektif f\u0131rsat\u0131<\/strong> olarak g\u00f6r; neleri manuel yapt\u0131\u011f\u0131n\u0131za bak\u0131n, nerelerde log tutmad\u0131\u011f\u0131n\u0131z\u0131, nerelerde &#8220;s\u00f6z u\u00e7ar, IP kal\u0131r&#8221; dedi\u011finizi yakalay\u0131n. Sonra hepsini k\u00fc\u00e7\u00fck, \u00f6l\u00e7\u00fclebilir iyile\u015ftirmelere \u00e7evirin. Birka\u00e7 \u00e7evirimde, ARIN politika de\u011fi\u015fiklikleri sizin i\u00e7in stres kayna\u011f\u0131 de\u011fil, <strong>altyap\u0131 olgunluk g\u00f6stergesi<\/strong> haline gelecek.<\/p>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>\u0130&ccedil;indekiler1 Pager&#8217;\u0131 Uyand\u0131ran Gece ve ARIN IP Transfer Ger\u00e7e\u011fi2 ARIN IP Transfer Politikalar\u0131 Neden Bu Kadar Kritik?2.1 IP Adresleri Art\u0131k Sadece Network\u00e7\u00fcn\u00fcn Sorunu De\u011fil2.2 ARIN&#8217;in Rol\u00fc: WHOIS Kayd\u0131 De\u011fi\u015fir, Operasyon Sallan\u0131r2.3 &#8220;Policy&#8221; Dedi\u011fin \u015eey Sonunda Latency&#8217;e Dokunuyor3 Yeni ARIN IP Transfer Politikalar\u0131n\u0131n Teknik Etkileri3.1 Needs-Based Justification, IPv4 A\u00e7l\u0131\u011f\u0131 ve Ger\u00e7ek D\u00fcnyadaki Yans\u0131mas\u01313.2 RPKI, IRR, Route [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":2083,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[32,27,33,30,25],"tags":[],"class_list":["post-2082","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-alan-adi","category-bulut-bilisim","category-nasil-yapilir","category-nedir","category-sunucu"],"_links":{"self":[{"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/posts\/2082","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/comments?post=2082"}],"version-history":[{"count":0,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/posts\/2082\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/media\/2083"}],"wp:attachment":[{"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/media?parent=2082"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/categories?post=2082"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/tags?post=2082"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}