ARIN 54 Public Policy and Members Meeting, Day 1 Transcript - Thursday, 24 October 2024

This transcript may contain errors due to errors in transcription or in formatting it for posting. Therefore, the material is presented only to assist you, and is not an authoritative representation of discussion at the meeting. If additional clarification and details are required, videos from our original webcast are available on our YouTube channel.

Welcome from the ARIN Board Chair

Hollis Kara: All right. Bill, would you like to come up and help me get this party started?

Bill Sandiford: All right. You weren’t kidding about the lights. All right. Welcome, everyone. It’s nice to have everyone in the city that I consider my hometown and get a chance to enjoy the city before Taylor Nation and the Swifties take over in a couple of weeks.

Before we get started here today, we’d like to do a quick acknowledgment. As we begin our meeting here in Toronto, we’d like to acknowledge the land we’re on is the traditional territory of many nations.

For thousands of years, it has been the traditional land of the Huron-Wendat, Seneca and the Mississaugas of the Credit.

Today, Toronto is home to many diverse First Nations, Inuit and Métis communities. We recognize that Toronto is covered by Treaty 13 with the Mississaugas. Our meeting place of Toronto (from the Haudenosaunee word Tkaronto) is still home to many Indigenous People from across Turtle Island and we are grateful to have the opportunity meet on this land.

We offer this acknowledgement to honor the traditional Indigenous territories and recognize both the historical and contemporary presence and rights of Indigenous peoples.

I hope that this acknowledgment functions not as closure, resignation or acceptance of the past, but to spark a desire to learn about the true history of the territory, provoke thought, reflection and positive change.

The American Registry for Internet Numbers serves a broad community across the North American continent, including many North Atlantic and Caribbean islands.

ARIN is a nonprofit, member-based organization that supports the operation and growth of the Internet. Our mission includes supporting organizations dedicated to increasing connectivity to Indigenous communities and bridging the digital divide. Migwetch.

(Applause.)

Opening and Announcements

Hollis Kara: Do I have my mic back? Thank you, Bill.

So let’s get to it. You may have noticed I’m not on the agenda today. These opening announcements may take a little longer. I’ve got to do what I can.

First of all, I’d like to ask all of my Board members to stand up if they’re in the room. I’d like to thank our Board for all they do for the ARIN community – Dan, Nancy, John, Peter, Hank, Tina, Bill, Rob and Chris. Thank you very much, and we’re pleased to have you here helping support the meeting here in Toronto.

(Applause.)

Yes, the audience participation part. It’s a little cool in here. Keep your hands warm.

Next up, AC. Are you here? Our AC is here in force. You’ll see many of them on stage today presenting on the 12 policies that are on the docket.

Big round of applause for our AC and all they do to support policy development at ARIN.

(Applause.)

And we can’t forget our representatives to the Number Resource Organization Number Council. Are you guys here? They don’t want to stand up. They’re waving, though. Thank you, Kevin. Kevin will be – the NRO NC has been very busy over the last six months, and Kevin will be giving you guys a full update on their work in progress, particularly in the area of ICP-2, which I will let him explain when we get to his presentation tomorrow. So stay tuned.

I’d like to tell you we have record registration for this meeting. We’re very excited.

We have 204 virtual attendees registered and 237 folks registered in person. I don’t think everybody made it to the room but it’s still cool. We’re happy to have you all here.

Can I have my ARIN 54 Fellows on their feet.

Here are the ARIN 54 Fellows. Let’s give them a big round of applause.

(Applause.)

They’ve been doing a lot of work in the last month to be here and to participate in policy discussion and be active participants in the ARIN community. You can sit, it’s okay. Looking forward to seeing you guys at the microphone later today.

And next, meeting orientation. I want to thank everybody who tuned in last week and took part of meeting orientation. You’ll probably notice there’s some overlap between this presentation and that one, but thank you very much.

And a special thank you to everyone who filled out your survey gave us feedback on how we can make that orientation better in the future. Do we have a winner for our raffle drawing, Beverly?

Beverly Hicks: We in fact have a winner. The winner is Eric Yurick. And we have confirmed he’s online with us. Congratulations, Eric.

Hollis Kara: Congratulations, Eric, and welcome to the meeting.

(Applause.)

All you have to do is tune into this orientation and fill out a survey, and you too could potentially win a $100 Visa gift card.

So I want to do a little bit of housekeeping, lay of the land now that we’ve gotten through most of our thank yous and explain kind of how to best participate in this meeting.

For our virtual attendees, please note you’ve got a couple of different options on the Zoom. Chat, please use it. That’s to converse among yourselves. We have a chat host. That’s where informal conversation can happen.

If you have questions, and I hope that you do, or contributions to our discussions, you have two ways that you can get those into the queue for introduction into the conversation here in the room. You can type them in in Q&A. Benefit of Q&A means you don’t have to wait until the end of the presentation to get your question in.

You can just go ahead and have it queued up for us. Or you can raise your hand if you’d like to come live on mic in the room. Please somebody do that; it makes my day more fun.

We also have the virtual help desk open currently. If anybody is having trouble on the stream or accessing the Zoom you can use that between now and 9:30. We’ll have somebody there on the break. It’s a real person on the comms team, and they would love to have someone come by and say hi. Maybe even if you don’t have a problem, check it out.

All right. Now, I hate to go through worst-case scenarios, but we go through worst-case scenarios for our virtual attendees. If Zoom disconnects, it might be you. Try to reconnect. If it’s not you, then it’s probably us. So we’re going to ask you to head over to the live stream and keep an eye on updates. We’ll inform you there on when Zoom is going to be available. If Zoom’s down and you go over to the live stream and that’s not there, I’m having a much worse day than you are.

So then I’m going to ask you to just tune into your emails, keep an eye out. We will message you as soon as things are back stable, and you can rejoin the meeting. Fingers crossed we don’t need to exercise any of those options, but it’s good to know what to do if something goes wrong.

Now, for my folks that are here with me here in Toronto, you are welcome to hop onto the Zoom so that you can connect with the folks that are attending there and participating in that way. I do ask that if you do that that you make sure that your computer or whatever device you’re using is disconnected from audio and muted so that we don’t end up with any silliness. So please feel free to log in there and say hi to our virtual attendees.

Wi-Fi, if you haven’t found it yet – I know a lot have been here through NANOG – but if you’re having issues with connecting to the Wi-Fi, need the password, anything like that, our registration desk, the folks there will be more than happy to help you.

And please don’t forget that we will have table topics at lunch today. Three of them will be on policies that are actually going to be presented before lunch. So if you want to carry on the conversation there, members of the Advisory Council will be happy to sit and get your feedback informally in that setting.

We’re also going to have a table that’s dedicated to the role of policy authors and their participation in the Policy Development Process. That is something that is prescribed by the Policy Development Process document itself.

But we’ve got some feedback and we want to hear a little bit more about how people feel that policy authors should be engaged. So there’s that.

And please do plan to join us tonight at our social event. We’ll be at the Hockey Hall of Fame from 7:00 to 11:00. It’s not far. We’re not providing bus transportation. You’re on your own to get yourself there.

We do have maps at the registration desk if you need one. So please feel free to pick one up and hopefully we will see you there. Please wear your badge. It’s how we know you’re with us. And note that as you arrive attendees will be given two beverage tickets after that it’s cash bar. All the information about that is on the website.

In case of emergency, you may have noticed when you came down the escalator we have nice doors out to street level. Announcements will come over the PA if we have to leave the building for some reason. But my bet is they’re probably going to tell you to go out there. Help a friend if a friend needs help.

For everyone, quick reminders. Talk slower than I am. Second one, I can’t even read, we are managing, we’re going to work with the folks over on the riser and folks here on stage to make sure that our virtual attendees and in-room participants can be processed into the conversation and in an orderly fashion.

And also remember whether you’re participating virtually or here in the room, when you come to the microphone, lead off with your name and affiliation. That’s for the benefit of the transcriptionist, because we do publish a full transcript of the event after the meeting.

With that, you know we have our webcast and web stream and live transcript. All presentations have been uploaded. You can get them from our materials page or, drum roll, please, they’re available on the agenda page on the meeting site.

That’s something folks have been asking for.

No enthusiasm?

(Applause.)

Thank you. We got you cool buttons. Come on, guys, get with me. And then the live transcript is also available. So if you need to watch or that helps – I know I like watching everything with closed captions these days – I don’t know, may work for you. And those are all available on the meeting materials page.

Now, this is the ARIN 54 home page. You’ll notice that our navigation is a little bit complicated. Let me just explain the main places you may need to go.

Everyone will find the program information section helpful. That’s where you’re going to find your agenda, your meeting materials, everything else. If you’re here with us on site, the in-person tab is going to have details about all of the events here locally and other information that you may need to know.

Our virtual participants, you have your own drop-down, where it’s the virtual event hub and virtual help desk. For those in the room who may not have a link to the Zoom, that’s where you can go to find that if you want to join there as well.

Let’s talk a moment about the agenda. I promise we will finish welcome and announcements soon and get on to content.

We’ll lead off the day with an update from NANOG, followed by a report from the Board of Trustees, our Financial Report and then we’re going to squeak in a late addition to the agenda, an update from our Risk and Cybersecurity Committee before the Policy Implementation and Experience Report.

Then we’ll take a break. I advise everybody to caffeinate because when we come back from break we’re going to hit our first policy block. Now, you will notice that the full names of the policies are not displayed on this slide. That’s because if we put the full names, you wouldn’t be able to read the slide.

But what I want to point out is that after the AC report and on docket, we have two different flavors of policy. You see them there – RDPs and DPs. RDP stands for Recommended Draft Policy. Those are ones that could be sent to the Board for ratification after last call after this meeting. This may be the last time you hear them. This is your last time to get a word in, potentially. And also there will be polling on those policies.

The ones that say DP, don’t feel bad for them. They’re just as important. They’re just a little bit early in their lifecycle. And this is where we’ll have a lot of opportunity for discussion to shape how those move forward. So looking forward to some lively conversation around those six policies.

We’ll take a break for lunch. When we come back from lunch we’ll shift gears.

Fall is also the season of ARIN elections. We will have an election introduction. Polls for – voting opens later this afternoon. And one of the requirements of our election process is to give all of our candidates an opportunity to present a speech at the ARIN meeting in order to keep that fair because not everybody can make it to the meeting. We do that via recorded speeches. We’ll be playing those for the Board of Trustees, Advisory Council, and NRO NC.

We’ll take another break and then come back for our final policy block of the day. And that will be our second policy block with six policies. As you can see we have three recommended draft and three draft policies.

And then we’ll wrap up with Open Microphone and closing announcements. I lied, we get to have lunch between elections and the first policy block and election stuff. So I don’t know what’s going on.

Now, let’s talk about standards. We always like to reinforce and impress upon folks that ARIN is very much committed to this being a safe and inviting environment for all attendees and participants. We have a standards of behavior. You will see that they’re posted here in the room. They’re linked on the website. They are available in many, many places. And I do suggest that people familiarize themselves.

Fundamentally what does that mean? Treat everybody with courtesy and respect. We do not tolerate harassment in any form. Realize that we’re all here working toward the same goal, which is reaching consensus on Internet policy. And treat each other with the civility that you would want to be treated.

And if in fact you don’t feel that that is a standard we are meeting, we have reporting mechanisms for that. Any reports will be handled with discretion and all due seriousness.

If you go to the standards of behavior page, you will find information and contact information for how to submit those reports. You could also do that via the QR Codes on the standards signs.

Just to show you how serious we are about being a welcoming environment – where is my ombuds buddy? Here he is. I’d like to welcome back our ombudsperson, Wade Hinton, to come up and explain a little bit about our efforts in this area and his role here at the meeting. How are you doing, Wade?

Wade Hinton: Good morning, everybody. All right. Thanks for that, Hollis. I don’t know if I can do a better job than what Hollis articulated, which is we are all here to create a safe and inclusive space for everyone. I’m Wade Hinton. I’m serving as your ombudsperson or ombuddy. What I am not is the party police, which is the rumor around here. But I’m here to make sure everyone feels included, they feel safe, seen and heard in a way that certainly makes sure that they have an engaged experience.

So what I hope for us today is that we have an experience that is consistent with the values of ARIN. Not only the standards of behavior but those values that ARIN holds true.

Now, if you feel like someone is not being true to those values, as Hollis said, there are multiple ways to make sure that someone can hear you. That includes me and others in this room. You can use the QR Code. There’s contact information on the site. But I’m going to give you my mobile number as well.

It is 423-481-9400. That’s 423-481-9400. Feel free to reach out to me at any time. Again, any communications are confidential. We’re going to handle it in such that way.

So with that being said, again, our hope here is to make sure that there’s a safe and inclusive experience for everyone. But that only really happens if we all want that as well. So, I need your help in making sure that happens.

If indeed there’s some challenges with that, feel free to reach out to me. But have an enjoyable experience, everyone. Thanks, Hollis.

(Applause.)

Hollis Kara: All right. I promise we’re getting to content, but first we couldn’t have this meeting without our sponsors. So let’s take a moment and recognize them.

First of all, I’d like to thank Rogers, our network sponsor. Round of applause.

(Applause.)

More audience participation, guys. We’re almost done, I promise.

Our webcast sponsor, Google.

(Applause.)

And then I’d like to note that for a long time we’ve had other sponsorship options available. This meeting we have a record number of sponsors. We’re very excited about it. And I’d like to thank our platinum sponsor, Kalorama IPv4 Brokers and Advisors, who have also provided you with pens, papers, koozies, all kinds of goodies at your seats in the room.

I’d like to thank our silver sponsor, IPv4.Global by Hilco Streambank.

(Applause.)

And they’ve got a wonderful expo out in the hall, as do Kalorama. So please stop by and visit with their representatives.

And our exhibitor sponsor, IPXO, who you will also find out in the break area.

(Applause.)

All right. And some of you may have noticed a strange absence from the room. Playing the role of the Wizard of Oz at this meeting is our CEO, John Curran. And I’d like to invite John to come on and give us a welcome.

Welcome from ARIN’s President and CEO

John Curran: Hello, everybody. Welcome to ARIN 54. I’m John Curran, president and CEO of the American Registry for Internet Numbers. You may notice that I’m not in the room with you. I’m actually remote.

I wish I could be in Toronto with you this week. I’m going to be right here, literally a switch away and they’ll put me on the big screen for the entire meeting. It’s not like I’m not going to be participating. I just am not in the room.

Unfortunately, I’m unable to travel for a short time. This is something that’s already being remedied, but I don’t want to take chances and I’m listening to doctors. So you get me virtual this week.

I just want to say I wanted to thank Hollis for a great introduction and welcome to everyone. Everyone is a good attendee at ARIN. We have folks who participate and have great discussions about policies, try to advance and make changes to the policy manual that make a difference, make it easy to administer, make it easier for people to request resources.

I think that while a lot of people are a little bored by number resource policy, it’s an invaluable function we do this week. And it’s very important to have you there.

I want to also say you’ll see a number of reports from, for example, our Board of Trustees and our treasurer. You’ll see reports from our various departments. And that’s us keeping you up to date with what we’re doing with ARIN.

This is our best opportunity to engage with you, all of our participants, our members, and for you to engage with ARIN and tell us what we can be doing better.

I may not be in the room, but like Wade, I’m imminently reachable jcurran@arin.net. Feel free to send me mail at any time or reach out to any of the staff you see if you have a suggestion on something we can do better.

I’m not going to take up much of your time unless, of course, I’m needed in which case they’ll cut me in just like this. But I’m out here participating. Anyone can participate in ARIN, on site or virtually, like I am.

So I think we’re going to have a great meeting. I want to welcome you all to Toronto. I want to thank our sponsors. And I’ll turn it back over to you, Hollis.

Hollis Kara: Great. Thank you, John.

(Applause.)

All right. Bill, you already did your welcome, I think, or did you want to come back up? Okay, Bill’s coming up. No, he lied. Sorry. Do these late-in-the-game switches.

That brings us to the first presentation.

I’d like to thank everybody for being here today. Once again, welcome to ARIN 54.

If I could have Jonathan Black – where are you, Jonathan; here you come – to give us an update on what’s going on at NANOG.

(Applause.)

NANOG Update

Jonathan Black: Thanks, Hollis. It’s great to be here with you. I’m the executive director of NANOG. And I am or was, I’m not sure how you say that, an ARIN 50 Fellow. I really loved that program. Unfortunately, it was virtual in Hollywood, so I stayed at my desk in Ottawa, but I did attend that one virtually.

So it’s good to be here with all of you.

NANOG is the North American Network Operators Group, as many of you know. And we also have sponsors and need to put our meetings on with the help of sponsors.

And ARIN is our top sponsor. Thank you so much for your ongoing and long-term support of CanWISP. I did that. Yes. Old habits of NANOG.

(Laughter.)

Thank you. ARIN, thank you so much for your support of NANOG. My previous association was CanWISP. I apologize to my NANOG friends and to ARIN.

A few things we’ll cover today, we’ll talk about some governance. We’ll talk about our program and give you a sense of some of the other initiatives we’re working on.

NANOG governance. We have a fantastic Board of Directors. Like yours, they’re volunteers. They come from all walks of the networking community. Some of them or many of them are familiar to you. Leslie Daigle is our Board Chair, and she’s been influential for many years in the Internet community.

Stevan Plote is an ex-officio member of the Board. Technically he’s not voted in; he’s the Chair of our program committee. But he’s fantastic member and contributor to the Board.

I’m also not voted in. I’m thereby, nature of being an Executive Director – for those who don’t know me, quickly my background. I started in Internet technologies back when I graduated from undergrad.

One of my co-op jobs asked me to connect them – they’re this little software company – to the Internet by setting up a UNIX shell script to exchange email with York University that was going to store and forward email. That was way, way back.

And we exchanged email twice a day because who needs email more often than twice a day? I ended up in venture capital after an MBA and at that time the firm I was with was the funding behind putting together 12 dialup ISPs across the country into an entity called iSTAR.

iStar went public, to much fanfare – and as many remember from those days of the late ’90s – to share prices that were incredibly unachievable by the company. There was no way they could have met up with the expectations of the market at that time.

Shares collapsed because as people realized, yes, it was growing incredibly fast but couldn’t go on forever. Acquired by iStar, acquired by AOL. That’s where it goes back.

I ended up at a CFO of a small regional ISP in Ottawa, Canada and then ended up at CanWISP as their Executive Director, as you figured out.

I have a fantastic team at NANOG, myself plus six. We’re all remote. We’ve never had an office. Really when we come together for our events that’s when we get to meet up with each other and spend some good time together.

Some of them are here with me today – Val and Dé are here – and if you see them, I know you’ll welcome them as well.

The NANOG program, the NANOG program is set up – it’s really an event for network engineers by network engineers. The program committee is a group of 15 or 20 NANOG members. They are Board appointed and they’re self-governing.

All submissions or proposals go through that committee. And they vet them. They remove branding and make sure that the content is sufficiently technical and accurate. You cannot buy a presentation at a NANOG event. We have sponsors, but the only way they get to present is if they pass through the program committee. We make a very determined effort to do that, as opposed to some other events that we’ve been to, where really the presentations are disguised or not-so-disguised advertising.

There’s several different types of presentations. And as well there’s an online tool that we’ve developed for submitting that content and managing the various presentations through – there are about 40 presentations, and they all go through that process.

The lifecycle of a talk starts many months before the event. We invite all of you to consider submitting some content. Lifecycle circle, it all works well together on an image. But we’re already beginning to collect submissions for the next NANOG event.

NANOG 92, it ended yesterday. We had 840 attendees in person. We had 61 virtually. It was the second biggest event since COVID. So we’re very happy with that. Happy there were a lot of local people who attended but also I think we’re recovering, I would say we’ve probably recovered fully from the COVID time as well.

We did have security track, a number of other sessions there – BGP Flowspec doesn’t suck; we’re just using it wrong. Some fun topics in there.

We had a workshop on EVPN where the attendees actually went in and set up and ran their own EVPN. We had 25. We maxed out, because it was more of a classroom-type setting, we had 25 registered and there were about 35 people outside the door trying to get in.

If you were standing outside the door, be sure to look on the next agenda and sign up ahead of time for those. We’re working on developing more workshop-like content. We think it is really part of the education that we want to bring as NANOG. And it doesn’t help that it also drives in-person attendance to the events.

If you missed NANOG 92, we have a fantastic YouTube channel. You can go there and see almost all of the content. The workshops clearly don’t work as well – hands on over YouTube doesn’t work. And the security sessions also are not there, but most of the other content is there.

So future events, we’ve got our event locations planned for the next couple of years. They’re up on our website and here as well. Please consider joining us. Every October we do work together with ARIN, a joint meeting where we take the first few days, and they take the next few days. So, make it a joint trip. It’s one flight, same hotel. Very easy to come to. Hope we can see you all there.

Future planning, we do anticipate more workshop content. It’s a really good way to train, teach and educate people, inspire them in the next generation of network engineers.

Also looking forward to growing the community. Something we did this time is an ambassador program. So we had a group of NANOG veterans who were around. They had purple lanyards and a purple ribbon. They were available to ask any questions that a newcomer or someone who has been to a few NANOGs, wasn’t sure about NANOG or the event, they could go up and talk to them.

We’re also continuing to build our sponsorship tool. I’m going to guess we have about 20 different sponsors at various levels. And managing that process and collecting information from them will be aided with our online tool.

Committee appointments window is coming up. So consider whether you’re interested in getting in on one of our committees.

We also have a diversity, equity and inclusion program, very similar to yours. Our events are larger. But it was interesting, I was talking with one of them yesterday, and we look forward to the day when we don’t need a DEI committee because everybody eventually needs to feel like they belong, and they’re included and there are no more barriers.

So we hope for that day. We’re not there yet, in all honesty. But we’re working towards that end as you are here.

We’ve started to talk about diversity, equity and inclusion. Those are definitions you’re familiar with. And the last part of that would be belonging. When everybody feels like they belong, they feel like they’re included, that’s the goal that we’re all striving towards. Again, it’s similar to the initiatives that you have going as well.

Very quick community update, we talked about the Ambassador Program. It was soft-launched. We’re working on our workshops to bring some more of those. We have some affinity groups. We have a wine connoisseur’s group. They got some good tips on where to find good wine. Those who live here will realize it’s not as simple as going to the local grocery store. There’s special locations and stores you have to find.

We had a pickleball group. It took us time to find a venue in Toronto that was open at 6:30 in the morning. But we did have about a dozen people each day go out and enjoy some pickleball.

We also had a couple of different running groups. Depending on how fast you went or how early you wanted to get up, we had two groups go each day. This morning, actually, that kind of spilled over. And a couple of us took a ferry over to the island and ran around the island in the dark.

We saw the sun beginning to rise over Lake Ontario. It was a really good event.

Part of NANOG and I know with ARIN as well, it’s not just a conference. It becomes a community. As more and more people attend multiple times, these become your friends.

The people you call when you have to figure out an issue with an IP address or an issue with a domain name or an issue with a router or a switch. And it does become a community and that’s what we are striving for as well.

About 15 percent of NANOG attendees attend two or more meetings a year. The other stat that we’ve realized is that 25 percent of our attendees at each meeting are newcomers. We’re trying to engage them to figure out, why don’t you come to two, three or four meetings? Because if we can build that community, we can educate and inspire more network engineers, which is really what we’re trying to do.

So thank you for the time. I probably have a couple of minutes for questions if any of you have any.

Hollis Kara: If anyone has any questions for Jonathan, please feel free to approach the microphone or start typing.

Tina Morris: I’m Tina Morris, ARIN Board, former NANOG Board and hiring committee. So welcome Jonathan. I wanted to say not only is Jonathan a wonderful addition to NANOG, but he’s underselling one thing, is that everybody can benefit from attending a NANOG, whether you’re deeply technical or not. And if you’re not in the network operator space, I encourage you to go back to your organizations and tell somebody that is about NANOG and encourage them to go. We travel all over, so it’s not always a really long distance. And, if not, there’s the virtual product.

So it’s nice to watch your presentation, but I’d love for the audience to take some action.

Jonathan Black: Great, thanks, Tina.

Darren Kara: I’m glad I let Tina go first.

Darren Kara, no current affiliation. I was lucky enough to get in on the EVPN hands-on tutorial.

Jonathan Black: One of the lucky 25.

Darren Kara: Yeah. I found it very valuable. Nokia did a fabulous job with that, not just bringing a presenter to present to the class, but they had three or four people in the audience to come around and help.

That should kind of be the gold standard for those sorts of presentations and more of those perhaps prioritized just over talking and so forth.

I just wanted to give a shout-out to Nokia and NANOG for allowing that. That was a great session.

Jonathan Black: Great, thank you. We’re looking at doing more of those in the future. Thanks.

Kevin Blumberg: Kevin Blumberg, Toronto Internet Exchange. Thank you for providing us a wonderful NANOG. It was great to see Canada again way up there in numbers, et cetera.

I think it’s really important to mention that the tracks are wonderful. And you mentioned the first time and you want to get people showing up more and more. What people will find is the hallway track. It’s an unofficial track.

Whether you’re big, whether you’re small, left or right, the community is unbelievably supportive. Things get talked about in the hallways that no person over a Zoom call will ever talk about. And people are unbelievably supportive.

While I appreciate virtual, those hallway tracks are worth 10X what anything else I may see online is worth. Thank you.

Jonathan Black: Thanks, Kevin. I think that in this work-from-home environment the value of rubbing shoulders with the community is even more important. Our younger engineers, our younger employees aren’t getting that coffee-station mentoring or, hey, let me come over to your desk and see what you’re working on, or did you try this, did you try that.

I wish more budget setters, dare I say that, more CFOs understood the value of that because they may be saving money on real estate, but they really could benefit from that hallway track, as you said, Kevin. It seems people come for the content and come back for the hallway track.

John Brown: Good morning. John Brown, not affiliated with any logo for this comment. I am on the NANOG Program Committee, and I would strongly encourage each of you that has been to a NANOG to make sure you go back and socialize that within, not only your organization but within the community both geographically, physically, but the logical community that you’re in.

We gray beards have an obligation to help bring the younger generation along and we need to actively be doing that.

It’s not a passive spectator sport. For the Program Committee, we are now accepting or will be accepting call for papers shortly. So please do look at submitting. You would be surprised the wide range of topics that we are interested in hearing, seeing and giving presented up there.

So please reach into your networks. Take a case study. Take something out of your network where you are trying to figure out how to interop between vendor X and vendor Y, and why their OSPF wasn’t working and how you debugged it and put it together. Crazy things like that, put it together and please submit it to the Program Committee so that we can evaluate it and hopefully get you up on stage.

But first and foremost, we have to socialize the value of NANOG, just as much as we have to socialize the value of ARIN and why people need to physically come and show up. So please get out there and do that. Post to social media: This is a great conference. I learned X. I’m sure you all learned something from this event or earlier in the week. That’s all I’ve got to say.

Jonathan Black: Thanks, John. We understand the value of those, I’ll use the word “even the soft skills training,” and some of our content has been on soft skills.

We even had one submitted for this NANOG that compared human relationships to networks, so human networks to computer networks. I think it’s actually going to make it into the next one where kind of help network engineers who aren’t always the most comfortable in all social settings to try and think about different ways of interacting with their own human network.

So we work on that as well a little bit, but I would love some more of that content.

Hollis Kara: Wonderful. Do we have any questions from virtual attendees? Nope, no questions. All right. With that, thank you, Jonathan.

Jonathan Black: Thank you, all.

(Applause.)

Hollis Kara: All right. Next up I’d like to invite our Chair, Bill Sandiford, back to the stage to give an update on the work of the Board of Trustees since our last meeting.

Board of Trustees Report

Bill Sandiford: Awesome, thanks. To close off the last one there, ARIN and NANOG have a long-standing, synergistic relationship and history that works well. And I’ve had the pleasure of knowing Jonathan for close to 15 years now.

Jonathan, wherever you went there, I can’t think of a better person to be the Executive Director of NANOG. And the entire community is lucky to have you. Welcome to that role. By all accounts I’ve heard in the hallway that it’s going great so far. So welcome.

All right. ARIN Board of Trustees Report.

I’m going to try to make it relatively brief for everyone today so we can get on to other things. For those of you that don’t know me, I’m Bill Sandiford. I’m the Chair of the Board of Trustees.

We conduct our work with the help of my wonderful colleagues who work so hard, all of whom or most of whom are in the room today. A couple remotes. We spend a lot of time and energy doing the things that we’re required. Here’s an update of some of those things.

I won’t go over every bullet point, but I’ll touch on a few of the key ones from a financial perspective. This year we had to do a refresh of the equipment line of credit. As you all know, equipment is important in organizations that have highly technical functions. And we are undertaking to make sure that our technical debt is retired. And that required money to do so.

There was an amended fee schedule, as so many people were happy for. And that was approved this year. We’ve approved the funding of ARIN’s data center to move out of our Chantilly office and into a colocation facility. We, as a company, want to be out of the data center in our office business. And we’ll let that be handled by those who are experts at it.

Obviously, we had some of the other things that are required financially as per statutes and regulations, like getting the 990s done and stuff like that. And, of course, we approved the funding of our Grant Program and the recommended grants, which has done a lot of good things for the community so far and I’m sure we’ll hear an update on from somebody else later on in the program.

Some of these things are just standard things that we always do. At every meeting we adopt obviously our minutes of previous Board of Trustees meetings. Those minutes are also posted on the website as a function of transparency, so the membership and the community as a whole can have a good idea of what we’re doing.

The Advisory Council has their own standing rules of how they conduct themselves. Every once in a while, they come to us and ask for their standing rules to be amended. And we approved a recently amended Advisory Council set of standing rules.

It is election time, something we’ll be dedicating most of our afternoon to today. And we’ve approved ARIN’s election processes and the calendar for this year along with the Nomination Committee, which was part of that.

We’ve accepted a 2024 Strategic Risk Review that was worked on long and hard by staff and the Board. And we’ve updated our Governance Committee Charter, all of which can be found online on our website.

Policy. The stuff that we all love so much and the reason why we came. There’s been a handful of recent policy ratifications. I won’t go into each one in detail. You guys are the community. You guys did all of these. We just ratified it after ensuring that the Policy Development Process had been properly followed. And that, I believe, is it for my Board of Trustees Report. Happy to take any questions.

Hollis Kara: Okay. Microphones are open. Virtual attendees, please start typing or raise your hand if you have a question for Bill. Otherwise, if anyone in the room has a question, please approach the microphone.

Giving it a moment. I think you’re free to go, Mr. Sandiford.

Bill Sandiford: Thank you.

(Applause.)

Hollis Kara: Thank you, Bill. Moving right along to everyone’s favorite presentation. Here we go. Here she comes, Nancy Carter, our trusty Treasurer with our Financial Report. I left it. You can say it, Bill. Go for it.

Bill Sandiford: Before we get started, I just wanted to acknowledge that yesterday was Nancy’s birthday. Let’s have a round of applause for Nancy and her birthday.

Hollis Kara: Happy birthday, Nancy.

Bill Sandiford: Happy birthday, Nancy.

(Applause.)

Financial Report

Nancy Carter: Thank you, Bill. It was my birthday. If you saw me yesterday, I had a tiara on. It’s a tradition that I think everybody should adopt. You spend the day wearing a tiara and people either think you’re a little bit eccentric or they know it’s your birthday and they wish you happy birthday.

Bill Sandiford: And sometimes both.

Nancy Carter: And sometimes – No.

(Laughter.)

Good morning. It’s great to see all of you here in Toronto. Welcome to Canada, my home country. I hope you’re all enjoying the Canadian fall colors, which are amazing this time of year, you’re enjoying Tim Hortons, which is across the street. And hopefully you all had a chance to have some poutine last night, which is also a great Canadian tradition.

I thought we’d have balmy temperatures, but it seems to have plummeted, the temperature outside and inside, actually. It’s freezing in here. I don’t know about the rest of you.

Anyway, so this is the moment you’ve all been waiting for since we last met, the ARIN Treasurer’s Report. It’s again at the beginning of the Public Policy and Member Meeting, and I think it’s a great way to start the ARIN meeting. I hope you agree.

I personally love that there’s so much enthusiasm for a finance presentation. Nowhere else could this happen.

Hollis Kara: Yay, finance.

Nancy Carter: You know I could not serve as treasurer without the help and support of my colleagues on the Board of Trustees and without the dedication of the ARIN staff. Thank you, all.

In particular, the Financial Services Department, all of whom demonstrate a continued commitment to evolving financial services at ARIN and to create meaningful reports.

Thank you, Brian, to you and your entire team. I have no idea where Brian is, but he’s in the room somewhere. All I see is lights. There he is. You make my job as treasurer easy and fun.

Alyssa, where is Alyssa? She’s somewhere. Thanks to you for keeping the Finance Committee and me on track and aligned with our annual work plan and activities.

So today I’m going to update you on the activities of the Finance Committee since last April. I’m going to review 2024 results including financial position, highlights of our investment portfolio, our operating results, and then we’ll look at liquidity and financial assets.

And finally, I’m going to talk to you about operating reserves and ARIN’s long-term financial plan, something that Bill sort of touched on in one of his slides.

As you can see, the CFO and I continued to keep the Finance Committee super busy. We’ve met seven times since I last reported to you in April in Barbados. And we’ve provided oversight of the financial results of ARIN, we’ve monitored our investment results in conjunction with our investment advisors, we’ve reviewed policies and budgets, and met with the auditors and tax advisors to complete the Form 990 for 2023. And most recently we’ve been working on the 2025 budget.

This year ARIN undertook an RFP for audit and tax services. After extensive evaluation of the responses, the Finance Committee approved the selection of CLA, CliftonLarsonAllen, as our new audit and tax services provider. We continue to rely on the work and professionalism of our investment advisors, Fiducient, and remain pleased with their performance.

As some of you know, this is my favorite time of the year. Why? It’s budget time. Who doesn’t love budget time?

Management presented the 2025 budget to the Finance Committee last month. And we recommended its approval to the Board at our meeting yesterday.

I’m now going to talk to you about financial position. This slide, which is a bit of an eye chart, shows ARIN’s financial position as of the end of August 2024.

If we compare the August balances to the 2023 year-end balance, you can see the largest change to assets are in the cash and investment accounts.

The increase in cash is caused by favorable budget variances, while the increase in investments is caused by good market performance and the earnings on the investments during the year.

If we look at liabilities, the largest change is an increase in deferred revenues. And this increase is caused by an increase in billed amounts over the last 12 months.

The decrease in the operating lease liability was expected as we made scheduled payments on our lease agreements. And finally, the increase in net assets is the result of our investment earnings.

I turn your attention to the ARIN investments. This slide shows – or shares the good news about the increase in investments during 2024. The combined value of our operating investment fund and the long-term investment fund is $38.4 million at the end of August. This is an increase of almost $2.3 million since the end of 2023.

Our long-term investment fund has performed quite well in 2024. A 7.2 percent increase in the long-term investment fund is aligned to the 2024 general investment market performance, especially when you consider ARIN’s low-risk investment position.

The chart on the right gives you an idea of how ARIN’s diversified portfolio compares against some of the major market indices.

So this is a quick look at the allocation of the long-term investment fund assets. ARIN continues to employ a conservative, low-risk investment approach, as I mentioned.

In March of 2021, we transitioned away from a stock-heavy portfolio to reduce the portfolio’s overall risk position. The allocation of funds as of January 2024 are highlighted on this chart, but you can see that almost 60 percent of the portfolio is in fixed income investments.

There were no surprises in the activity of the operating investment fund. All the money in this fund is invested in a government money market product. And although the interest rate earned is lower in 2024 than it was in 2023, it is still delivering interest yields of almost 4 percent.

We’ll move on to ARIN’s operating results. So I’m happy to share that ARIN is performing ahead of budget through August. And while revenues are performing just slightly less than budget, expenses are below budget by 4 percent. These variance positions combine to produce an almost break-even position at the end of August.

We’ll look at revenues and expenses separately. So here we see total revenues to the end of August 2024 compared to 2023 and to the budget for this year.

For the most part, 2024 revenues are behaving as expected. ARIN has earned slightly more than $19.1 million in 2024 compared to a budget of $19.4 million.

Annual registration fees grew as expected with Autonomous System Number, or ASN, Fee Harmonization. And although we expected initial registration fees to decrease due to the ASN Fee Harmonization, the decrease was a little more than expected.

Finally, while revenues from network transfers are flat from a year-over-year perspective, the 2024 revenues are falling behind our budget expectations.

We’ll take a look at the Registration Services Plan customers, and we can see year-over-year billable growth is 917 or 5.7 percent. And consistent with prior years the growth is driven by increases in the three smallest billable categories.

Because the annual renewal fees represent most of ARIN’s revenues, this chart shows a comparison of annual revenue run rates for these fees as of August 2024 versus August 2023.

Activity since August of 2023 has resulted in a 2.5 percent increase in annual Registration Services Plan billings.

So we’ll continue talking about the statement of activities, but now we’ll look at operating expenses. Operating expenses have increased in 2024 as expected. But the year-to-date increase has been less than budgeted. Year-over-year growth in salaries and benefit expenses is driven by an increase in ARIN head count but is still under budget. Travel and meeting expenses have increased, as expected. The increase is driven by an increase in international meetings, including ARIN 53 in the Caribbean.

Outreach and industry support expense has increased as budgeted due to the higher Number Resource Organization, or NRO, costs. Total operating costs are $19.2 million through August. And like revenues, ARIN’s operating expenses are tracking relatively close to budget but are more than 2023 operating expenses.

Because salaries and benefits are the main drivers of changes in ARIN’s operating expenses, here’s a chart showing the recent changes to the ARIN employee head count, as mentioned on the previous slide. All budgeted positions are now filled. And ARIN has committed to holding head count flat going forward.

So we’re going to look now at liquidity and financial assets. The ARIN financial liquidity position is represented by available cash and investments and the combined amount of ARIN’s cash and investments has grown to $41.2 million as of the end of August 2024. ARIN remains in a very healthy financial position and has a favorable liquidity position.

Now I’m going to talk to you about the operating reserve. In 2024, the Finance Committee, supported by the CFO, took on a project to help determine the right target operating reserve for ARIN. I mentioned this project in my April report.

As it turns out, we discovered that the answer to that question is unique to every organization.

Our operating reserve project started by separating the idea of operating reserve and investment balances. Once we did that, we set out to determine the appropriate target for ARIN’s operating reserve by evaluating several risk factors. We used a decision matrix to support our work with significant input from management. After much analysis and discussion, the Board approved an operating reserve target of nine months of operating expenses. And Bill mentioned that in his presentation.

Now we’re going to look at the long-term financial plan. It’s been a challenge over the last few years to balance the annual funding and spending budgets. And sometimes we were successful and other times less so. However, the Board has committed to solving this challenge.

We plan to manage through a few years of negative net budget positions as we drive towards a 2030 balanced budget. This requires ARIN to increase Registration Services Plan prices for 2025 by 5 percent. For the following years, any price increase will depend on budgeted spending but will never be more than 5 percent. And ARIN is committed to tight management of spending, as I noted in the previous slide.

This long-term financial strategy gets ARIN to a balanced budget by 2030. But as we get there, the plan allows ARIN to continue to deliver services at current levels with predictable annual price increases and maintains total investment balances at amounts that meet our target reserve level.

That brings me to the end of my presentation. And thanks so much for listening. I’m happy to answer any questions you might have.

Hollis Kara: All right, folks. Microphones are open. Virtual attendees, please feel free to submit your questions through Q&A. And if you’re in the room, please feel free to approach the microphone.

Nancy Carter: Mr. Blumberg.

Kevin Blumberg: It wouldn’t be “fun-nance” without a question.

Nancy Carter: No, you’re correct.

Kevin Blumberg: Kevin Blumberg, The Wire.

I didn’t see bad debt or write-offs, basically, in this. I was curious, I’m assuming that the volume of registrations that come back to the wait list are because they didn’t pay their bills, so it’s bad debt and it gets written off. Is that correct?

Nancy Carter: I’m calling a friend.

Brian Kirk: Hi, Brian Kirk, ARIN CFO. Yes, we do incur bad debt or losses each year. It’s been anywhere from $100,000 to $120,000 each year.

Kevin Blumberg: And the majority of that is coming from registrations that then go back into the free pool wait list.

Brian Kirk: That’s correct.

Kevin Blumberg: Nancy, one suggestion, rather than writing off debt to then give it away for free, it may be worth looking at seeing what the cost of the write-offs are and applying that to wait list registrations so that they’re actually – you’re not throwing away money basically; you are then incurring whatever the costs were that you’ve written off towards this pool for people. It’s not just a free pool because you’ve actually written off debt to give away these resources.

Nancy Carter: Thanks Kevin. Great suggestion. Thank you.

Jonathan Stewart: Jonathan Stewart, from the Manitoba Internet Exchange. I’m not super sophisticated on these things, so I wanted to ask a maybe dumb or obvious question to some of you financial experts. What’s the purpose of the Investment Fund? And would these funds be used in some kind of emergency situation, they could be drawn on to pay for something that arose that wasn’t predicted, some disaster or something?

Nancy Carter: It’s not a silly question.

It’s a pretty bright question. So yes, be used for if there was some sort of emergency situation. Some of the investment funds will be used for investment into infrastructure. If we have a special project, we just approved some funds from that to go towards the data center move that was talked about – Bill talked about that.

So it’s used for things like that. And it’s meant to be a safety valve.

Jonathan Stewart: Thanks.

Nancy Carter: Did you want to weigh in, Brian?

Brian Kirk: You answered the way I would answer. There’s just a lot of uncertainties in the future. And legal, potential legal liabilities are up there at the top of the list of the things that we might be needing those funds in the future.

Hollis Kara: Thank you so much. Do we have any other questions for Nancy? Nope. Seeing none, thank you very much, Nancy.

Nancy Carter: Thanks, everybody.

(Applause.)

Hollis Kara: A big thanks to our team up on the riser for getting me an intro slide for our next speaker. Rob Seastrom from the Board of Trustees is going to talk a little bit about the work of the Risk and Cybersecurity Committee.

Risk and Cybersecurity Committee Update

Robert Seastrom: Nancy sets an interesting precedent. My birthday is in a week and a day. I had not considered wearing a tiara for my birthday. I believe my hairstyle is incompatible. But if anybody has strong opinions about this, for ARIN volunteers and staff – I’d like to point out this is an operational issue, that this is out of scope for the – why is this thing not working? It’s out of scope for the Public Policy process. So the ACSP is the right place to put in any kind of suggestion along these lines.

So I got a little ahead of myself here. Hollis sent me this template. And the sample text of the template for the agenda was, “Look at this agenda.” I thought, wow, that’s just perfect. I love that. I’ll add a couple of exclamation points, and we’ll call it good.

I’m here to talk to you about the Risk and Cybersecurity Committee. To Tthe best of my recollection, and I did look at past agendas, I don’t think we have issued an update before. So this is sort of our introduction to the community.

(Applause.)

So who are we? Well, we’re a standing committee of the Board. We were established two and a half years ago. Our task is to assist the Board, the whole Board, in performing its fiduciary duty of risk mitigation. We’ll talk a little bit more about that later.

Risk is anything that imperils the successful execution of our mission. There’s a whole bunch of kinds of risk. It’s not just cyber risk. I listed a few of them there. That’s a non-exhaustive list.

So it turns out that we are worse multitaskers than we all think we are, spending all day on Slack while we’re writing a paper while we’re on a Zoom call. A University of Oregon study said only four things at once. We have a whole lot more than four risks.

So like any project management exercise, we write stuff down. And there’s a formal way to do this. And five years ago, my personal story, is I stopped building infrastructure. I started asking inconvenient questions about other people’s infrastructure.

I’ve been in risk governance at Capital One, a bank, for five years asking inconvenient questions about people’s cyber infrastructure.

Before I did that, risk registers were kind of off my radar. I was a technical person. I was not a businessperson. So I thought I’d share a little bit about risk registers here and how they work.

Okay. So we write down a risk. You do an audit card or actually in a system of record. But we score the risk in terms of likelihood and impact. And once we do that, we get a single number, which is a vector for how bad the risk is.

It’s a really sloppy number. It’s very subjective. And yet it’s certainly better than just throwing them in a big pile and running around in circles saying, oh, dear.

So that allows us to sort it by computed risk where we curate it. The CEO, the CISO and other staff members assist us in it. We review it with the entire Board of Trustees to inform our fiduciary duty choices and we develop remediation plans as specified.

So you’re probably all wondering why you don’t see this in the Board of Trustees minutes. Well, we’re in Canada, so I’m going to call this in-camera. All sensitive matters don’t end up in the minutes because the minutes are a public record. And speak of the devil and he will appear. Well, if we talk about the contents of the Risk Register in public and there’s no real way to share it with the members without essentially making it public, that materially affects our risk exposure.

Why should you care as a member? Well, the duty of the Board of Trustees is to manage, not eliminate debt – not eliminate risk. Everything we do carries risk with it. And if we drive risk down to an acceptable level and then keep on going to try to drive it to zero risk, that’s wasting resources. That’s wasting time and treasure that we could be working on other risks to drive them down to acceptable levels from their inherent levels.

So that’s our duty as Board members. And the Risk Register ensures that things that you bring to us as members that may not be on our radar but are nevertheless important – if they’re super important, we deal with them immediately because they get a very high risk score.

But if they are less impactful and need to go on our backlog, the Risk Register ensures they don’t go into a black hole and get forgotten about.

We also collaboratively set goals for things like tabletop exercises and our security and data governance certifications.

All of those updates are from Christian. He’ll give those later. I don’t want to steal his thunder.

Committee members for 2024 are Hank, Chris Tacit and me. Thank you very much. We’ll take any questions.

Hollis Kara: All right, folks. Microphones are open. If you have any questions about this presentation, feel free to approach the microphone or start typing if you’re joining us online. I’m going to give it a moment.

Robert Seastrom: One thing I did not mention is that the Risk Register predates the formation of the Risk and Cybersecurity Committee. It’s merely our remit to be concentrated on maintaining it.

Hollis Kara: Wonderful.

Xavier Clark: Hi, Xavier Clark, Harris Computer. What is the difference between a one and a five on that risk scale? How do you pick which one’s which, where on the scale it goes?

Robert Seastrom: It is informed by my background and history and what I bring to the table. And we discuss it and reasonable people disagree. There’s a lot of back and forth between, I think that’s a three; no it’s totally a five and here’s why. Maybe we make it a four. Gee, I wish we were on a 10 scale because this really feels like a three and a half to me. It is super, super subjective.

Xavier Clark: Cool. Thank you.

Hollis Kara: All right. Any other questions for R.S.? Looking around. We’ve got one over here, thank you.

Alicia Trotman: Hi, Alicia, ARIN AC. Do you ensure that the persons on the committee, when it rotates for elections, aren’t like two members removed from the committee all at once?

Robert Seastrom: I don’t think we consciously do that, but there’s certainly a desire to have, the Chair has to have been there for a year or whatever our rule is. We don’t have everybody stacked up so we’re in the same renewal cycle.

Hollis Kara: R.S., take a look, look that way. The Wizard of Oz has appeared.

Robert Seastrom: Sir.

(Laughter.)

John Curran: Yes, I wanted to answer two questions. One is with respect to how we rate things. Recognize it’s two axes rated 1 to 4. So there is the probability of a risk occurring and then there’s the severity of if it does occur. So you’ve got two scales of 1 to 5.

And that’s important because there’s some risks that may be high probability but low impact, and there’s some risks that are low probability but severe or very high impact. And we look at both of those axes and we look at the product of those two numbers in terms of prioritizing the top risks to the organization.

The other thing I wanted to say is the question came up on committee turnover. The Board has a governance committee that actually spends a bit of time thinking about Board succession and leadership succession within the Board in terms of committees and who is running committees and what experience would be good if you’re going to chair a committee.

In the past we had six elected Board members. And so committee changeovers happened pretty frequently. We’re now up to nine elected Board members with the bylaws change from a few years ago. So it’s much less likely.

And in the case where we do have a committee chair change-over, the good news is the governance committee has been working to make sure we have chairs-in-waiting, leadership-in-waiting on the committees. So it’s nowhere near the issue it used to be. Thanks.

Hollis Kara: Thanks, John.

Robert Seastrom: Thanks for filling people in on the one committee I haven’t served on.

Hollis Kara: Any more questions in the room? I see one on the far side.

John Brown: Good morning, R.S. John Brown again. Question. I understand that the specifics of the risk list and so forth are in-camera, executive session, et cetera. Is there any kind of public document or anything that can be brought to the community or members that sort of gives us a scale, these are the top five kind of areas that we’re concerned, maybe not the details, but where we have some sort of scaling or grading of how the organization is from a risk perspective. I think the grand wizard has a comment.

Robert Seastrom: I would defer to John to answer that and just say that it would be really hard to make generalizations without being quite specific and everyone being able to figure out what we were talking about. But perhaps John could give something more nuanced.

John Curran: So the thing you need to consider is that for select risks, we actually publish information that explains how we’re addressing them.

So, for example, we all know that AFRINIC went through a governance challenge. We’re hopefully seeing the light at the end of that tunnel now. But there was a period of time where we had a situation where AFRINIC did not have a governing Board. We’re presently there until we have an election down there.

So the NRO published information saying we’re aware of that risk. We are standing by to help. We’re supportive of the community of AFRINIC having some process to get an election done. So when there’s key risks that rise to the level of a top risk to the organization, we’ll generally tell you we see that as a potential risk and here’s what we’re doing about it.

Another example is cybersecurity. Obviously the possibility of a cyber breach at ARIN is a fairly horrifying condition. So we have a Chief Information Officer, Christian, who is actually there. We have our SOC 2 audits that we do. And we publish reports online that describe those audits.

So for the top risks, hopefully we’re giving you – because they’ve risen to such a level of probability and impact product – we’re giving you information about them so if you’re thinking about the risks you might think we’re worried about, we can say yes we are and here’s how we’re dealing with it.

There’s a few risks on that list that you can’t really talk about because if you mention, oh, there’s a risk of – what’s the risk of the CEO not being there? Well, okay, I’m not there. But obviously I’m still here virtually.

That’s a risk that we can talk about. But there are risks to the organization that if we did communicate them and they’re on the top five, that would entice people to exploit them.

So you can imagine what some of those risks are. A lot of them are situations that ARIN has to manage simply because of the function that we do. I would love to give you more but I’ll tell you I’ll give you absolutely everything you want. Those who run for the Board of Trustees and make it to the risk committee get a full readout of these risks.

(Laughter.)

Hollis Kara: I see we have one more question and then we’ll be closing the microphones.

Chris Woodfield: Chris Woodfield, ARIN AC. I came with a question based on your latest comments, John, that may turn into a statement. But I’m working under the assumption that the nature of the risks that make this matrix are far more expansive than security incidents.

Robert Seastrom: Absolutely.

Chris Woodfield: It’s very easy to hear “risk” and just think cybersecurity, but obviously the domain is far wider. How much of your time do you think, just general terms, security incidents versus – security risks versus other types of risks to the organization.

Robert Seastrom: There are plenty of other types of risks. And, in fact, Nancy just gave a slide deck in 15 minutes on one of them. Financial market instability is on the Risk Register. And our remediation, the way we address that, the way we reduce it to acceptable levels, is that we have these compensating and mitigating – I hate to call them controls because they don’t feel like controls – but we have a Treasurer and we have the BDO folks and we have the financial advisors and we thoughtfully plan how stuff is invested. And that handles that. It is quite expansive, though.

Chris Woodfield: Thank you.

Hollis Kara: Thank you.

John Curran: Let me give another example, just by [unintelligible]. The value of the ARIN registry and rights to entries in the registry has increased dramatically over the last 10 to 15 years.

You can imagine someone deciding that they want the rights to an entry transferred to them and they’re willing to stop at nothing. They’re willing to pick up an employee in the parking lot and take them in a white van to an unmarked road somewhere and persuade them to log in and change it or else.

That’s a risk that I look at and I’m, like, that wouldn’t happen, but, oh, my God, if it did, that’s unfair to put our employees in that situation or their families and loved ones, for example. So there’s a risk that I don’t mind talking about, but I’m actually very happy to talk about now because we’re in the middle of separating roles and privileges such that that employee actually doesn’t do you any good. One employee won’t do it.

There’s multiple employees involved, multiple individuals to make those types of changes in a way that you can get away with it. There’s no reason to try it because we have multiple personnel and separation of roles that we’re teasing out even further within ARIN, specifically to mitigate a risk that I want people to know we’re very attentive to and please leave our employees alone. Don’t endanger them because they can’t help you.

I wouldn’t have thought that would be a risk five years ago. Now, given the value of rights to a single entry, it’s not inconceivable. We protect against that risk for the organization but also to protect the staff that work here.

Hollis Kara: Thank you, John. I’ve got one last question and then we’re really really done.

Darren Kara: Thank you, Darren Kara, no current affiliation. Rob, you said if we see something, say something. Is there a confidential or secure way to report that back to ARIN, rather than broadcasting it to info or hostmaster?

Robert Seastrom: That’s a good question. And the answer right now is no. But I think it would be wonderful to have something like that, something along the lines of the ACSP process.

Darren Kara: I appreciate that. I think it’s a good thing to have. I just wanted to bring that up as an observation.

Hollis Kara: Sounds like an ACSP. All right, great. Thank you, Rob.

(Applause.)

All right. Yes, if you do have suggestions for ARIN, do remember we have our ARIN Consultation and Suggestion Process. That form is available right on the website. You can send those in and those do go directly to me and a few other folks in leadership. And we review them and deal with them directly and figure out the best way forward.

With that plug for that out of the way, I’d like to invite up John Sweeting, our Chief Experience Officer. Got it right this time. Just means old, apparently.

(Laughter.)

To give the Policy Implementation and Experience Report. And it’s okay that I said that. Wait, it’s okay because he said it first. I’d like that on the record.

Policy Implementation and Experience Report

John Sweeting: Good morning, everyone. I’m John Sweeting, as Hollis said. I think most people know me here.

I’m going to give you a quick update on Policy Implementation and Experience Report. And the way this report gets put together is from the folks in RSD, Lisa Liedel, our director of RSD; Hollis and Joe Westover; Brad Gorman; and all of the staff that are in that part of the company talk about, hey, we implemented these policies. Here’s what we’re seeing. Here’s the issues we have. And here’s policy that we’re having to deal with and there’s problems with actually implementing it.

So, I’m going to really quick —— the policies that we’re going to review here are the IPv4 Waiting List and reserved pool request from multiple Org IDs, also reassignments, reallocations from 4.10 reserved space and 4.17 reserved pool replenishment. A lot of reserved pool stuff and a lot of IPv4 stuff.

We don’t really have a lot of issues with IPv6 policies at this time, so usually it’s very seldom that an IPv6 policy shows up in this report.

Okay, so part of the multiple Org ID issue that we see all pertains to the IPv4 Waiting List 4.1.8 in the Number Resource Policy Manual, the critical infrastructure, special pool, special reserve pool 4.4, and also the IPv6 Transition special reserve pool covered under 4.10.

So, the problem, so we allow there to be multiple Org IDs permitted within ARIN. So a company needs to have different Org IDs. They have different locations throughout the ARIN region and they want to have different Org IDs for each of those – cable companies are one of the ones; I worked at Time Warner Cable. And all of our regions had their own Org IDs.

As you can see here, geolocation, they do it for geolocation. But when evaluating eligibility for IPv4 Waiting List and the reserve pool request, we look at multiple Org IDs as a single organization. So you can’t have 15 Org IDs that you apply and create and then come in and ask to be put on the wait list 15 times.

Policy is not real explicit on that but that’s the way we’ve interpreted the community wanting us to implement it and that’s the way we’ve implemented it. It does put us in some weird situations.

So some of the issues we observe with that is that organizations go and they register shell companies. There’s an address in Wyoming. There’s an address in Arizona, Kentucky, Delaware. There’s these addresses that, everybody has the same address because it’s a shell company gin mill. You pay them 50 bucks and they give you a company and they give you maybe an 800 number, maybe a website.

And then once they’ve registered that, they come to ARIN. They do the Org Create. Everything flows through. They get an Org, and they get an AS number. They get IPv6. They get 4.10 /24 and they get on the wait list. And then a few months down the road we all of a sudden realize, hey, this is the same people. Like, these 10 Orgs are all the same, sometimes the same person.

So that’s the big problem we have. We’re going to be putting some procedures in place to combat that and part of it is a little preview. We’re going to do a “get to know your customer” program for when people create Orgs and get ready to sign the RSA and create their POCs and links and everything. We’re going to actually do a lot more to verify who they are than we do today.

Today we do some third-party verification, maybe Google, maybe look at their website. We do the secretary of state vetting for them. But, of course, they all vet in the secretary of state. We go to the Wyoming Secretary of State webpage, and yep, it’s a good company.

So with that, what we end up having to do once we identify this behavior is we have to inform them that, hey, these five Org IDs all seem to be under your control or the same control, and we’re going to have to do a Section 12. For those who don’t know what a Section 12, it’s Section 12 of the Number Resource Policy Manual. And it gives ARIN the right to do a complete audit of all resources that an organization or group of organizations has received from ARIN.

Once we do that, we usually do that by bringing them on a Zoom call with bring your passport, your government-issued photo ID, whatever, we need to know who you are. And they have to explain what the difference is between the Orgs and if they’re really an operating organization or – we dive pretty deep with them.

Usually the results are that they admit, yes, we’re leasing this space and, oh, we didn’t know that wasn’t allowed and, yes, you can take it back. So we do reclaim space when we find, especially on the reserve pools and wait list, and we find that the policies have been violated in accordance with the RSA we have the right to reclaim that space and we do reclaim it.

Usually there’s not very big noise from the people that we reclaim it from. We’ve got some policy restrictions that I just want to point out they may not be as effective as the community thinks.

The five-year waiting period for the wait list, being able to transfer that and put it into the market, that can be bypassed by – the way they do it here, they get on, they get some wait list space and all of a sudden these five organizations all become one under the 8.2 merger and acquisition transfers.

And other than that, we’re actually – when that first started, it’s almost five years, like wait list space is going to – a lot of wait list space that went out in the first year after the change is going to become available for transferring.

So we’ll see what happens on that. We will look at that, and we will report on that. Leasing is very difficult to detect and enforce. Basically there’s not a lot of footprint that shows somebody’s leasing space because anybody can do reassignments or reallocations and we just assume that they’re customers of the people that are doing the reassignments to them.

And it’s very trivial for each Org ID to meet policy requirements to create an Org, link the Org, sign the RSA and get the space off of those, from those special pools.

So questions for the community are: Are the current policies and practices aligned with what the community wants or expects? So the context to that is the question aims to assess whether the existing policies around the IPv4 address allocation, waiting lists, and reserved pools are meeting the needs of our community. We want to hear from you. We want to know. The AC is very eager to hear your thoughts and talk about policy with you if you feel, if the community feels there needs to be changes to that. Also we want to know if there are additional policy measures needed to prevent or deter this behavior.

So on to the next: Reassignments reallocations from 4.10 reserve space. Right now the way we treat 4.10 space is we tell people, you can’t reassign or reallocate this space. This /24 is for you, for your network, to use for transitioning to IPv4.

Well we’ve had brought up – and there is a policy that just did come in because of ARIN refusing to allow somebody to say, oh, I have assigned all these /27s out of this 24 to my customers for them to do IPv6. So I need another /24. We have no idea if they assigned the /27s for IPv6 transition or if they’re just using them for their customers.

And that’s really the way we’ve always interpreted the 4.10 policy; it’s for the use of the organization that gets it straight from ARIN. But we need to hear from the community on what their thoughts are and how they would like us to manage that space.

Okay. The issues that we see is that the requesters receive a 4.10 and reassign or reallocate it to another organization. What sparked this, we had a lot – I don’t know, there’s a big leasing platform that came to us and said, hey, is this space able to be leased? There was probably like 80-some /24s that they had, that people were leasing off of their platform.

And, of course, we said, well, no, it’s not. They don’t allow that to happen anymore. They took great actions to make sure that none of that space shows up on their platform. But there’s other platforms out there that aren’t as cooperative with us. And there is a lot of space out there that’s being leased.

It’s funny because once somebody gets – once we talk to somebody and we tell them, we inform them of what 4.10 is and they’re not supposed to lease it, they continue to stay in touch with us and they let us know all their friends and buddies that are actually leasing 4.10 space. There’s some Discord channels where it happens. I think it’s on Reddit. You can go on Reddit and find 4.10 space for leasing.

It’s all over out there. It takes a lot of staff time. A lot of my time. And we really wanted to share that with the community, let you know what’s happening, see what kind of policy you might want to put around that to keep that.

We also have – I’ve talked about this before – the request for additional 4.10 /24s under the multiple discrete networks where somebody says I have a data center in LA and New York, Miami and Dallas, I’ve got a server in each one and I need a /24 so I can use that for IPv6 translation at each one of those sites.

We’ve been not allowing that. We don’t consider a server in a data center a multiple discrete network. It doesn’t fit the definition of really having that criticality of having that separate from not being able to talk to your other servers. So we have not been allowing that.

Okay. So the questions for the community – should reassignments or reallocations of 4.10 space to downstream customers/organizations be permitted? I believe there’s a policy talking about that, so that can be answered through that policy.

And if permitted, should ARIN staff treat reassigned/reallocated 4.10 space as utilized when evaluating compliance with a policy requirement. For that, that’s for, if you get a /24 for that purpose, six months later you can come back and get another /24, but you have to have 80 percent of it used.

What we had was somebody came back and said, I assigned all this space to my customers for them to use for IPv6 translation. I need another /24. I alluded to that earlier. That’s what that is specifically talking about.

Okay. Then we have Section 4.1.7: Reserved Pool Replenishment, which basically describes the process for replenishing the reserved IP address pool, so the 4.4 space and 4.10 space. And it actually mentions if there’s any future reserve pools.

And 4.4 space, again, is – there was a /15 reserved; it actually started as a /16 and got expanded to a /15 after a couple of years – for critical infrastructure providers such as Internet exchange points, Core DNS service providers, RIRs and IANA.

And then the 4.10 space, of course, I’ve been talking about. It’s the space that’s dedicated to be used for IPv6 translation – transition.

So the replenishment precedence that’s in there today is when the priority for replenishing is when, based on which pool has the lowest percentage of a projected three-year supply remaining. I think we have some numbers here. Okay.

So currently here’s the current status: IPv4 reserve pool for the 4.4 space. It’s hard to read. So there’s 240 remaining and 272 have been allocated.

On the 4.10 space, there’s like 13,938 remaining and 2,446 have been given out since these policies were implemented, which has been, I believe, about 10 years for each one of them.

So the reserve pool requires ARIN to use available IPv4 resources – basically it would be the resources that we normally use for the Waiting List, if one of these pools went down below that three-year supply, we would end up having to take the space that comes back to ARIN for lack of payment and we’d have to put them in these pools and just bypass, doing a wait list distribution, until we ended up getting these pools back to where they belong, where the policy says they should be.

So as of 7 September, there was 713 requests on the Waiting List. There was a total of 1,727 /24s be required to fulfill the current requests that are on the list. Over the last two years, each quarterly distribution has been around 95 /24s on average.

Okay. I think I just talked about everything that’s on this slide here. So we’re going to go past this. I do that a lot. I’ll talk three or four slides ahead. But trying to be good.

Actually the goal here this week is to see how many times we can get the great Oz to come up on the screen. But I’m failing.

Here’s the trends. The three-year supply requirement for the /24s. 4.4 currently at about 95 and 4.10 is currently at about 1,067.

So as you can see, we’re a little bit off from having to do any of those replenishing.

Here’s what the projections would be – so we need 95. So somewhere around 2028 to 2029 we would have to start replenishing the 4.4 pool, and actually in the 4.10 space, like somewhere around 2050, we would have to start replenishing that pool. So that kind of brings up the question, like, what’s the size of this pool or the size of these pools the right size and everything up to the community to work with the AC and figure that out. But I thought we would like to share that.

So are there tweaks that need to be made to the replenishment policies to update the evolving scarcity and also should Sections 4.4 and 4.10 be treated differently in terms of replenishment, given the significant difference in the pool sizes and usage.

The last question on this, is should the replenishment of the 4.4 and 4.10 pools continue to take priority over fulfilling requests on the – which it hasn’t yet. And as I showed, it wouldn’t until like until 2028. But if there was a run on the 4.4 or 4.10 space, which means there would have to be legitimate justifications for that.

If that pent-up demand was out there, we would be giving out more than we are from those pools. We feel pretty good with the run rate on that.

So that’s the question: Should the wait list fulfillment take precedence? You’ve got time to work on this as a community and with the AC.

All right. I think that’s it.

Hollis Kara: All right. Oh, my gosh, they’re running for the microphones. Guys, please note we’re encroaching on break time, which is totally fine. But do note we will be coming back at 11 no matter how long you want to talk about this. It’s up to you.

I actually want to go first to our virtual queue because we had someone who got their question in fast while John was presenting. So let’s start over there.

Beverly Hicks: Yes, I have Sindhu Bandlapalli from Colovore. Are there processes in place to govern Org ID management and reallocation of address space that are independent of existing policies?

John Sweeting: Could you repeat that one time, please?

Beverly Hicks: Are there processes in place to govern Org ID management and reallocation of address space that are independent of existing policies?

John Sweeting: No. We follow policy.

Hollis Kara: All right. We’re going to come over here because Leif got up –

John Sweeting: There are, like, wrapped around the RSA and how we get the agreements signed and all that stuff, there’s operational processes. But the policies are the policies of the community that are in the NRPM that we follow.

Leif Sawyer: Good morning, Leif Sawyer, GCI Communications, ARIN AC. For those of you who weren’t here at NANOG, this comment goes directly towards the 4.10 allocation.

Geoff Huston gave a wonderful presentation on IPv6 and how we are migrating towards it and what that future looks like and where that timeline hits. And that timeline seems to hit with the 4.10 runout. So I don’t particularly think we have an issue in that pool. That’s just my comment.

John Sweeting: Thank you, Leif.

Hollis Kara: Thank you. Want to come across to the other side of the aisle.

Kevin Blumberg: Kevin Blumberg, The Wire. The first thing is, John, I appreciate that staff are treating this space as what it is, which is a special space. Organization is not Org ID. You’re treating it right. Lock it down. Use it for its very specific purpose.

Historically, ARIN has been extremely generous in terms of how it reads policy. I think that you’re doing an excellent job of reading this policy exactly correctly, which is to not come up with new and innovative ways. Reallocation, reassignments, all of those things, intentionally, were not put in there for very specific reasons, and we need to use this space the way it was intended.

Secondly, to the community, please do not write 30 policies trying to fix what a Policy Experience Report said. Let’s be very thoughtful, and if there is an actual issue, great, we’ll do it in policy. But I think what you said was, hey, we’re doing this, we’re being tight. That doesn’t mean it needs to be fixed to make it open. These are special use pools.

My only concern is the amount of money, unfortunately, that is being wasted in what appears to be semi-fraudulent use of the space.

So that is my greater concern, is that they’re going and wasting your money, which then goes to the finance and we’re all paying more for that.

Thank you.

John Sweeting: Thank you, Kevin. I think maybe it goes back to the first question from the [incomprehensible]. There are processes that we are – we are initiating a program where, when you are coming into ARIN to do an Org ID, you are going to have an interview on Zoom so we know who you are, what your intentions are and why you need to join ARIN and become an ARIN customer.

So there are things we are doing. We feel it will be easier to invest the time there than find it, like, six months later and have to go through all the Section 12s and everything we do today.

So thank you for that, Kevin.

Hollis Kara: All right. Come back across the aisle.

John Brown: John Brown again. Regarding multiple Org IDs. Is it possible for ARIN to simply leverage what the federal government has now required in mandating for new organizations and existing organizations, specifically the Corporate Transparency Act of 2021 that says new organizations must file a beneficial owner’s report substantiating all the beneficial owners of an entity within 90 days of its creation or there is substantial penalties, financial penalties, from the Department of Treasury?

And for existing Orgs, they need to file that within one year. So my thought is, as you’re requiring documents for the creation of an Org, you also ask them to produce this document that they normally would have to file to the federal government anyway as a way of substantiating and documenting who they are and then you can do cross-referencing there.

Maybe that doesn’t solve the problem for all of ARIN’s region, because we do have our great, lovely people and folks up here in Canada, they may have an equivalent, but that may be a way of giving you some teeth in, here you go, these are the people that are the beneficial owners of this LLC or this corp. And are they purging themselves not only to the federal government, which may be a criminal act and give you some teeth for enforcement, et cetera, that way.

John Sweeting: Thank you, John. I’ll get that to our legal team. Jennifer, hopefully is taking note of that and can look it up and see if that’s a tool that could help us.

I will say one thing. When we do start requesting Zoom meetings and recording it and for them to bring their photo ID. A lot of people disappear.

They don’t show up.

Hollis Kara: Let’s go over to the other mic.

Chris Woodfield: Chris Woodfield, ARIN AC.

First off, as a member of the Policy Experience Report Working Group, Kevin, we hear you. Thank you for your comment about policy coming from this report. Thank you.

I have a question about the utilization of 4.4 space. I remember, last year, there was some concern about an unprecedented use of that space. There were submissions to create a large number of new IXPs at an unprecedented rate and scale that raised some concerns about the longevity of the unreserved space.

Going by your slide here, am I correct in assuming that concern appears to be largely misplaced?

John Sweeting: Yes.

Hollis Kara: Awesome. We’ll come back across to the other microphone.

Adair Thaxton: John did not make the microphone short enough for me. Adair Thaxton, Internet2, ARIN 53 Fellow.

If organizations requesting space are audited under Section 12 – do note that I haven’t read Section 12 for the purposes of this question – are organizations who frequently transfer space audited or vetted similarly?

John Sweeting: Section 12 is used when we at ARIN feel it needs to be used. When we smell a rat, we get a fraud report, because anybody can submit a fraud report.

As I said, a lot of people reach out to me, I know on Discord these Org IDs are all advertising 4.10 space for leasing. We then can initiate a Section 12 audit on them, and that’s our vehicle to be able to question them on how they’re using the space and to back up why they got it from us.

And you said you were going to do it for translation, that’s what it’s for, but you’re leasing it. So that’s basically it.

We don’t have to have any reason. Section 12 basically lets us audit an organization when we want to but no more than once in any 12-month cycle. But if we get reports and have reasons to, we can do a Section 12 audit at any point in time.

Hollis Kara: She did it. Good job, Adair. You got him.

John Curran: For clarity, we don’t actually issue space or do allocations under Section 12. It’s purely an audit. So the vetting of organizations under Section 12 is in the audit process, not done as original issuance.

So the question of what is Section 12, it’s not another way to get Number Resources, it’s a way of having the existing resources you have reviewed for veracity of your application.

Adair Thaxton: I just wanted to make sure both senders and recipients were audited if necessary.

John Sweeting: Thank you, John. Maybe I didn’t get the whole question.

John is absolutely correct. You can’t get resources under Section 12. You can lose resources under Section 12; you can’t get any.

Hollis Kara: Point of performance here. Trying to respect our transcriptionist’s need for a break.

Are we good with perhaps deferring this conversation for the open microphone this afternoon, would everybody be okay with that so we can go on break? We can just take the last question now. I don’t want to go –

John Sweeting: Why don’t you close it after the ones that are there.

Hollis Kara: Folks who are in line and we’ve got one virtual to take. Microphones are closed. Just want to make sure we get through this.

Alison Wood: Thank you. Alison Wood, State of Oregon, ARIN AC and member of the Policy Experience Report Working Group.

If 4.4 space is starting to be used up, maybe we should encourage critical infrastructure applicants to look at v6 space instead.

John Sweeting: Thank you. Great point.

Geoff Cost: Geoff Cost, Merit Network. As you move forward to your onboarding, we have the same issue with our RADb, and I’m wondering if you think – you want to do due diligence versus it takes a lot of time.

I’m wondering if you’ve figured how much time it’s going to take to do this onboarding versus your reviews that you do.

John Sweeting: Joe Westover and Hollis are working on it. Hollis runs the comms team. Joe runs the Customer Experience Team, and they are putting that together and looking at that.

There are tradeoffs. It could take a lot. But we’re looking at how much time we spend now once we’ve let the resources out of the barn and have to go back and recoup them, versus, hey, if we just do this one step really quick at the beginning and know – because that’s a big deterrent for somebody, especially the people we’re seeing creating Orgs at ARIN, for them to get on a Zoom and let us see them and know who they are and show their ID.

Geoff Cost: I think it’s a good idea. I’m very curious to see how this works out.

John Sweeting: We’ll keep you informed.

Geoff Cost: Please, thank you.

Darren Kara: Darren Kara, no current affiliation. John, good morning.

My question is around reallocation of returned space. I know that the policy has it held for 24 months before it can be re-released. Are there any circumstances or policy where space will never be re-released?

I know ARIN is mandated with returning as much space back out to the community as possible. But say for a block with polluted reputation or one that’s been well known before, are there any mechanisms by which space can be –

John Sweeting: Great question, Darren.

In reality, we have a very tight process right now. It’s basically an organization has up to six months to pay their past due bill before they’re terminated, their RSA is terminated.

We hold the space only six months more past that, and we clean all that space up in that time.

Now, if there’s space that’s still being routed by somebody and we haven’t been successful in getting the AS’s that are routing it to stop routing it, or if maybe it’s dirty on Spamhaus or whatever, we work to get that clean.

We may hold it a little bit longer. But we’re right now into a really good cycle where if it’s 12 months past when it was supposed to be paid, it’s being giving back out to the wait list.

Darren Curran: Great. Thank you, John.

John Sweeting: And the last question.

Mike Burns: Mike Burns, IPTrading and Board candidate. You mentioned that for organizations that have multiple Org IDs, you kind of bundled them together when considering new requests.

How do you know what Org IDs belong to a single organization?

John Sweeting: Thank you for that. It’s not easy. Sometimes it’s really easy. There’s big corporations, like I said, like Time Warner Cable. We always had we had Orgs, and those are the easy ones.

It’s the ones where, I can’t give away a whole lot of secrets, but if you know we have users linked to POCs, linked to Orgs, and we can see what users are linked to what Orgs. When we start seeing a pattern, we go from there.

Mike Burns: But when they’re making requests –

John Sweeting: If we have a user that’s linked to six different Orgs and we go in and look and that person signed all the RSAs and they are like the listed owner or director of that organization, then we –

Mike Burns: I’m thinking of some larger organizations that have multiple Org IDs.

John Sweeting: Most of them don’t come in for any special pools. Not the wait list, not 4.10 and not 4.4.

Mike Burns: That’s true. But I was wondering if you have a master Org ID behind the scenes to link up these organizations into a single entity.

John Sweeting: We don’t other than the address and the users that are linked to them. That’s really the key.

Mike Burns: Each time a request comes in, you have to search to see if there might be multiple Org IDs for this organization, which is kind of onerous.

John Sweeting: It is onerous. That’s why we’re trying to stop it from the beginning. But the way we do it is really through the linked users.

Mike Burns: Makes sense. Thanks.

John Sweeting: I do want to say one thing. There are times when there can be multiple Org IDs and they can qualify for space because they’re a totally special separate project that needs to have their own space, especially like IPv6.

But for the special pools, we are always going to look at them as one organization requesting from the wait list and they can only be on the wait list once at a time.

Hollis Kara: All right. One more question for you from the virtual queue.

Beverly Hicks: Eric Yurick, Gettysburg College. How long is the wait list queue currently, and what’s the trend of fulfilling IPv4 requests from there?

John Sweeting: It’s about a two-year wait right now. I believe that Joe might be covering that in his. Yes. It’s going to be covered in Joe Westover’s report tomorrow, the exact.

But it’s about two years. The thing is that can change at any point in time depending on how much space we get back, how much space we end up cleaning that maybe we can’t use today. And there’s a whole lot of factors, but the average right now is two years.

Hollis Kara: Okay. I think we’re good.

Thank you, John.

John Sweeting: Thank you.

(Applause.)

Hollis Kara: All right, folks. I’m appreciating the energy and enthusiasm in the room. Because we are running a little bit behind, we’re going to do something we don’t typically do, which is delay our return to 11:15 so everybody gets a decent break.

Before you run away, please note my Fellows I need you to come up to the stage when we break so we can get some pictures.

And also please note that we are working with building engineering, between the 20-degree drop last night and just the building itself, heat’s having a little trouble catching up. I don’t know, go run some laps in the lobby, grab a coffee. We’ll see you back at 11:15.

(Break)

Hollis Kara: All right. All right, all right. Come on on back in, folks. “On on”? I don’t know. I’m skipping. Hopefully everybody warmed up just a little bit or at least got a hot beverage and are thawing out. I can mostly feel my toes.

If we can get folks back in the room, there’s lots of opportunities for audience participation in this next block. Going to be starting in on policy.

Where is John Sweeting. I need him to yell in the lobby. That’s his other duty as assigned. Can you be as loud as John? Okay, I’m counting on you, Matthew. I thank everybody joining us online for your patience with our timing adjustment. Really excited to see such robust conversation this morning. Let’s keep that energy going.

(Chitchat)

Hope everybody enjoyed the break. I would like to welcome Kat Hunter, the Advisory Council chair, up to the stage. She’s going to give us an update on AC activities and the On Docket Report.

Advisory Council Update and On-Docket

Kathleen Hunter: Hello, everyone. My name is Kat Hunter, and this is the Advisory Council and Docket Report.

And if I’m shaking up here, it’s not because I’m anxious, it’s just actually because it’s really cold.

The Advisory Council serves in an advisory capacity to the Board of Trustees on Internet Number Resource policy and related matters, and then we adhere to the procedures put forward in the Policy Development Process.

Then we forward consensus-based policy proposals to the Board for ratification. And there’s currently 15 members of the Advisory Council. So this is us. I’m currently the Chair of the Advisory Council. Matthew Wilder is our Vice Chair. And Alison Wood is our Policy Experience Report Working Group Chair. I was going to have you all stand but Hollis already took care of that.

AC members generally serve a three-year term and five members are up for re-election each year. This is the outgoing slate for 2024.

So, the AC, you can find in a lot of different locations. You can find us at all of the RIR meetings, CaribNOG and the NANOG meetings. Typically you’ll find us at the NANOG meetings getting input on policy.

And if you find us at an RIR meeting, there’s a couple of things we do there. One is we’re there in an observation capacity, just to see how the other RIRs do their meetings. On top of that, we’re also there looking at the policy that’s discussed.

And we also have some additional volunteer roles that we fill. Some of us are part of the Policy Experience Working Group, the Grant Selection Committee, ARIN on the Road, the Nomination Committee, the Mailing List Acceptable Use Policy Committee, and you’ve heard a couple times, we are also a big part of the Fellowship Program.

Next slide. There we go. So we’ve been really busy since the last meeting in Barbados. We’ve had seven proposals come in. On the next couple of slides, you’re going to see some of the policies have a little star next to them.

I wanted to highlight the policies that were coming in from the Advisory Council versus the community. And Advisory Council also includes the Working Group. So you’ll notice that there’s a whole lot of policy that came in from the community since the last meeting.

We have five Recommended Draft Policies this meeting. So these are probably going to be – they have the potential to be the last time that you see these policies. They’re considered very far into the process. They’ve been considered – or they are considered – fair, impartial, technically sound and have a decent amount of community support at this point.

2022-12, we’ve seen quite a few times at this point. This is the policy that updates the language of assignments and allocations. This is not the same thing as reallocations and reassignments.

That is a different function within ARIN. This is just updating the language of assignments and allocations because assignments are no longer used.

2023-7 is Clarification of NRPM Section 4.5, 6.11, Multiple Discrete Networks. Most of this policy is to clarify that section. It had gone through a lot of work and most of this was just to make it easier for the community to be able to read this policy.

2024-1 is exactly as it sounds. It’s the Definition of an Org ID, Organization ID.

2024-2, Whois Data Requirements Policy for Nonpersonal Information. That is for POC data, Point of Contact data.

2024-9 is to Remove Outdated Carve-Out for Community Networks. And that is exactly how it sounds.

There are also seven draft policies. We’re going to have a busy meeting. 2023-8 has had a lot of discussion on PPML. This is also going to have a Table Topic as well. We fully expect this to have a lot of discussion. This is Changing the wait list Block Size that you get from a /22 to a /24.

2024-4 is a Definition for Internet Exchange Point.

2024-5 is Rewrite of NRPM Section 4.4. This is a rather large rewrite. This includes critical infrastructure and Internet exchange assignment language within it. If that’s something that’s important to you, definitely listen to that one.

2024-6 was supposed to be a quick cleanup of some language in Section 6. There’s a reference to LIR in there. There’s discussion as to whether that should be left there or whether that should be updated.

2024-7 is the Addition of Definitions for General and Special Purpose IPs. Exactly as it sounds. That would go in the definition section.

2024-8, Restrict the Largest Initial IPv6 Allocation to a /20. This lowers that.

2024-10, Registration Requirements and Timing of Requirements with Retirement of Section 4.2.3.7.2. I can’t tell you how many times every month I read that and I don’t want to read it. It’s so long.

Actually, this is sort of a policy reborn. This was to take, when you register a SWIP or reassignment, you have seven days to get it into the registry. This would give 14 days.

The original policy on this, the Problem Statement changed over time. So the AC took this, rewrote it, because the Problem Statement no longer matched the policy that was actually in place. Wrote a new policy. It’s basically the same thing with updated language to the Problem Statement.

These are the policy statistics for the last couple of years. I guess interesting point is we’ve been getting the same amount of policy over the last couple of years. It’s a little odd. 2019 looks strange, sort of, because that was the year we had the Working Groups put in place.

There was a backlog from the Policy Experience Report items, and there was a lot of the NRPM, or the policy manual, that needed to be reviewed. So a lot of policy went out that year. Those groups went crazy trying to clean up as much as they could. So after that we kept getting policy. That’s why we have so much now. It’s just been a backlog in trying to catch up.

All right. The Working Groups. So the Number Resource Policy Manual Working Group was suspended for 2024. I did go over this in the spring.

Most of the NRPM has been reviewed. We had a lot of new AC members this year. It’s hard to assign policy when you have two Working Groups and the Working Groups can’t work on their own policy and you have new people that weren’t quite ready to be primary shepherds on policy.

It’s worked out quite well. I’m really happy to see the community has come through with their own policy in a lot of cases. We may follow through with this next year as well.

The Policy Experience Working Group has been doing a ton of work. Even if you don’t see a lot of policy coming directly from them this year, they’ve been submitting a decent amount of ideas from the report, like you saw from John Sweeting earlier, on what the community thinks we should do with policy. Rather than outright saying, we’re going to work on this policy because we think this is a good idea, they’ve been sort of reviewing it with the community first.

So these are the Working Group proposals that have come in over the last three years. Obviously this year is a little light because the NRPM Working Group no longer is working on policy.

The ones that are crossed out are ones that were abandoned, and the rest are either in place today or they are in the process either as a Draft Policy or Recommended Policy.

So Table Topics were already discussed earlier. I’m not going to go through all of these. We do expect additional discussion on these topics and potentially not enough time in the room for these. But they are all in a draft state. So we do have plenty of time to work on these.

The last point that I do want to bring up is the Policy Author Participation. So Alicia Trotman and Chris Woodfield are going to be covering this Table Topic. On the mailing list, there were some suggestions that the policy author should be more involved in the PDP process. We’d love to know what you think about having this happen. I can tell you from experience that the shepherds already do their best to do this. It doesn’t happen all the time. It’s not guaranteed, because once the policy comes out, it’s community-driven.

You don’t always have a policy follow through and have an author necessarily agree with everything the whole time. But a lot of times the shepherds will do their best to ask the authors what they think. But it’s a topic for lunch.

So this is not necessarily the end. I did not make a slide for this because the people that check over my slides would have seen this slide.

I want to just quickly as my first year as Chair give a huge thank you to the prior Chairs that have helped me this year.

In addition, I want to thank Matthew Wilder, who’s my Vice Chair, and Eddie Diego, for just being behind me this whole year as we go through the learning process and get everything going, going over slides, going over the meetings, making sure everything runs smoothly, and the whole AC for just making this look easy.

We had so many new people do such a good job this year and just hit the ground running. I mean, thanks to the community, too, for who you voted in last year. It made it really really easy to be Chair this year.

(Applause.)

With that, are there any questions or comments?

Hollis Kara: All right. Any questions for Kat before we head into our policy discussions.

Here he comes. He couldn’t resist it.

Kevin Blumberg: Kevin Blumberg, no affiliation in this particular case. I’ve represented a number of companies over the years. I’ve been involved with ARIN policy for 10-plus years.

Rob Seastrom said something earlier that I think applies directly to this. We can only keep so many things at once in our brain. 10, 12, 14, 16 policies is not great.

It’s not great for the community to be able to work through that in a very limited amount of time. One thing that would be very helpful is, while every author believes their policy is the important policy, I think it is incumbent on the Advisory Council to help steer and really show us which are the key policies for discussion at this ARIN meeting that the others may need to take a little longer, there’s no problem with that, but there’s just too many policies, and I don’t want the good ones, the ones that actually have a real impact, being forgotten because they’re tomorrow at 3:00 in the afternoon and everybody’s tired.

So please continue the work you’re doing in that area. Less is more, and appreciate that.

The second thing I wanted to bring up because you did at the end without the slide, a huge thanks to the Chair. I cannot stress how much work being a Chair of anything is and everybody in this room should understand that whether you’re on the Board or on the Advisory Council and you’re in a leadership position within that, it is 10X the work you think it actually is.

So thank you very much for being the Chair this year.

(Applause.)

Matthew Wilder: Matthew Wilder, Telus, Vice Chair of the AC. I wanted to add onto his comments.

It’s super easy being your Vice Chair because, Kat, you really do pay attention. You make it easy. Thank you.

(Applause.)

Hollis Kara: All right. Thank you, Kat.

Okay. We’re off to the races. So please bear in mind we will be having discussion at the end of each of the policy presentations and polling on the RDPs, the Recommended Draft Policies. Keep do your comments and questions, if you’re participating, pertinent to policies under discussion.

Other questions about things and stuff and stuff and things will be welcomed later in the day during our Open Microphone or when we’re on a policy that relates to the topic you have a question about.

Okay. That’s my word of advice. Next up, Doug, where are you at? I’d like to welcome Doug Camin. He’s going to come up and talk about Policy Proposal 2022-12 and this is Direct Assignment Language Updates.

Policy Block 1

Recommended Draft Policy ARIN-2022-12: Direct Assignment Language Update

Douglas Camin: Good morning, everyone. Doug Camin, the shepherd, along with Leif Sawyer, for Recommended Draft Policy 2022-12.

This policy has kind of grown up with me. As my time on the Advisory Council, I’m happy to see it in recommended draft status here, and hopefully we can move it along today. Perhaps I’ll shed a tear when it’s done.

(Laughter.)

So going right into it. The Problem Statement for this policy is, to summarize it in a little bit different language, ARIN created a new Fee Harmonization Schedule a couple years ago and current practice does not align with what is stated in the NRPM. So this policy seeks to create alignment with current business practice in the NRPM language.

So the Policy Statement: What we’ve done is red lines here so you can see where the updates have been made and what’s been changed. So there will be a series of slides because this one updates in several different places throughout the NRPM.

We’ll start with Section 2.5, Updating Definition of Allocation and Assignment to Reflect Current Practice.

I’ll pause for a moment with each one to give a moment to absorb what’s there and move on to the next slide.

Moving forward. Next up is changing Section 2.6. This focuses on the changing the words – changing “receiving assignments of” to the word “issued.”

Moving on to the next one. Section 2.8, changing “allocated or assigned” to “issued.” This is only one word change in a larger paragraph. At a previous presentation it was noted to see this in context so people could understand the implications of it. So we put the whole text of that paragraph in here.

Moving on. Section 3.6.3, changing the text in paragraph number 1, removing the section that says “direct assignment/direct allocation or AS number” and adding a section that says “Internet number resources issued by” instead. This is the section in context as well in 3.6.3.

Then moving to the next slide. Section 4.2.2, replace the text as follows. Now, I’ll just point out this is a reorganization of that text instead of a full rewrite.

So the goal of this was to take the text that was on the left column and put it into a more succinct format on the right column.

Moving on to the next slide. I’m just lingering for a second because there’s a lot of text on that one.

Section 4.3.2, changing the paragraph number 1 text, removing “direct assignment or allocations” from the sentence and replacing it with an “IPv4 allocation.”

Next slide, Section 6.5.8, changing the title from “Direct Assignments from ARIN to End User Organizations” to “End User Allocations.”

Section 8.5.4, changing the text in the section to remove “direct assignments or allocations” from the sentence and replace that with an “IPv4 allocation” and note in the second part of the sentence we add the word “allocation” to make that clear.

Coming up towards the end here, Section 8.5.6, changing this section’s text from “organizations with direct assignments or allocations,” replacing the “direct assignments or allocations” language with “an IPv4 allocation."

This policy is in recommended draft status. The AC has created an assessment of conformance with the principles of Internet number policy. So this policy does conform to the principles of ARIN’s Policy Development Process. This Draft Policy is found to be fair, impartial and technically sound.

Based on community feedback and AC discussion, we have a motion to move ARIN-2012-12, Direct Assignment Language Update to Recommended Draft.

If adopted, this policy aims to update the language of the Number Resource Policy Manual to remove references to the deprecated term “assignment” and use the term “allocation” which conforms with current ARIN business practices.

A little history – as I mentioned, this policy has grown up with me at my time on the AC – presented at ARIN 51, ARIN 52, 53, and now at ARIN 54.

This policy has received a substantial amount of community feedback. I do appreciate the feedback. And I know Leif and I appreciate the feedback from the community.

A lot of very sound and appropriate comments and commentary as we shape this policy and moved it to get it to where it is today. So definitely want to express appreciation for that input and those communications.

So this policy has been in recommended draft status since the end of ARIN 53. So it has been sitting out there for a few months at this point and has been – feedback has been solicited in a couple of different areas, which I’ll get to in a moment.

This has undergone Staff and Legal Review. The most recent was on March 15th, and staff – without reading through the details of it – but they do find that – staff did agree that the policy does, using the consistent use of the term “allocation” when the definition of “allocation” is intended. Instead of synonyms or other forms of the word such as “allocated” will add clarity and precision to the text.

So staff recommends eventually making these updates to the entire NRPM. They found it implementable as written and did not find any impact on ARIN operations and services.

There was a Legal Review, in a moment here. No legal objection to the proposed language. There was a note about using the term “issued” instead of “allocated” or “assigned.” That was incorporated into the most recent updates that is in recommended draft.

So Policy Impact: This Draft Policy could potentially harmonize the Number Resource Policy Manual and Registration Services Plan Fee Schedule. The term “issued” currently used in the Registration Services Agreement would match the proposed changes in this Draft Policy as well.

As I mentioned before about community feedback. I went one too far ahead. There we go. So this originally was presented for the first time at ARIN 51. I did not note the specific feedback received then, but from ARIN 52, we did receive feedback there about changing the definitions. The original draft of this did redefine those terms.

There was community feedback that that was not the way the community wanted to see this implemented, so it was revised. We took other feedback regarding the impact from no allocations and no IP addresses. We reviewed and updated that as appropriate.

PPML was solicited for feedback on several occasions. Supportive comments were received. They were incorporated into recent revisions, and there was some comments on PPML regarding changing the definitions again, but community feedback previously indicated that there was not general support for that, so we left it as is.

At ARIN 53, feedback received was positive at the microphone, and there were clarification questions asked that were answered by staff.

So today, our question for the community is one and one question only. Are you in favor or against implementing this Recommended Draft Policy as written.

Hollis Kara: Okay. I’d like to invite Mr. Sandiford to come up and help us with moderation on the discussion. Microphones are open for questions on this policy. So please, virtual attendees, if you have questions on Recommended Draft Policy 2022-12, please start typing or raise your hand. And anyone in the room who would like to come to the microphone, microphones are open.

Do we have any comments or questions? This is the last chance before this one is eligible to go to Last Call.

Bill Sandiford: Left side.

Namra Naseer: I’m Namra from Columbia University, New York City, and I’m also a Fellow.

I had a question related to the policy. I’m just wondering, you said using outdated language can have a lot of implications. And this policy has been in the process for over two years. During that process, have you seen any implications of like not updating it while it was in the process?

Hollis Kara: Can we get our microphone back on stage at the podium?

Douglas Camin: This particular policy emerged from the Policy Experience Report workgroup. It was reported – I don’t know which ARIN it might have been. Before I was on the council, there was a PER report that outlined the challenges that were found with regard to the language of the policy no longer aligning with the business practices of ARIN.

I can’t speak to any specific thing unless somebody from staff has an example they would like to bring up because my experience is mostly on the policy side of it.

Bill Sandiford: A member of staff.

John Sweeting: I’ll just say all the updating they’re doing on this getting the language out is all great. It really doesn’t impact policy because there is no direct assignments done any more. We just ignore those words in NRPM, but this will actually get them out of there so we can stop ignoring them and they’re no longer there to confuse people that maybe don’t have the experience with the NRPM that we have. It has no real effect on staff and how we interpret the policies.

Namra Naseer: Thank you.

Bill Sandiford: Right side microphone.

Kevin Blumberg: Kevin Blumberg, The Wire.

I support the policy as written with one nuance. If you could go to the very beginning, the definitions, I have a question for you.

Under assignment, “this term is no longer used to describe IP addresses issued by ARIN.” That is a statement. That is not a definition. I think by just putting it in brackets, which is not a change to this, but just to denote that is an editorial – it’s not actually a definition. But I think you didn’t want to remove it. I understand all that. But it just needs to have something to denote it’s not actually a definition.

Bill Sandiford: Deprecated?

Kevin Blumberg: Whatever fits within the style guide of it.

The last part, and I think the most important part for me, is while within the ARIN community – this is deprecated now, it was in use for many years – it’s a foreign concept, assignments were a foreign concept to other regions as well.

It’s not just our region that we’re helping. It’s when people come from other regions and are looking at our policy, assignment was a completely foreign thing. It’s not in use. It absolutely should be removed.

How you have addressed it is fair and I think very, very well done. It was just that one thing, and I think it could go either way written as written. Thank you.

Douglas Camin: Thank you.

Bill Sandiford: Anything online?

Beverly Hicks: We have one online, actually a couple online.

Bill Sandiford: Okay, let’s go to those.

Beverly Hicks: First one, Louie Lee, Google Fiber, IP manager. In favor as written. Thank you for your hard work on this.

Want me to keep going?

Hollis Kara: Please.

Beverly Hicks: Matthew Cowen, Fellow, unaffiliated. I support this policy as written with the caveat that Kevin mentioned.

And Tyler O’Meara, in 4.2.2 and 4.3.2, it was stated that organizations without any IPv4 allocation can get an automatic justification list approval for a /24. Is the intention that the policy – I’m sorry, is the intention of the policy that IPv4 allocations allocated under 4.4, 4.10 or 10 would count against this?

Please don’t make me read that again.

John Sweeting: I won’t make you read it again, but, no, they do not count against that. 4.4 and 4.10 are special pools and they’re always looked at on their own merits and not with any other – basically it’s for the wait list. If you want to get on the wait list, you have no space, you can get on the wait list with no justification for /24s is basically what that says, boiled down.

Bill Sandiford: Great. Thank you, any more?

Hollis Kara: There are no more questions. I think we can go to the poll.

Bill Sandiford: Michael is not here. Who is our vote tallier when Mike is not here?

Hollis Kara: We have Erin Alligood and Jennifer Lee will be vote talliers. And they did ask, please, everyone, when we get to this part, if you’re in the room voting, hands high.

Bill Sandiford: Question for the community: those who are in favor of this Recommended Draft Policy as written please raise your hand now until told to lower it. And for those of you online, is the poll popping up for them like normal?

Hollis Kara: They’ve got the poll.

Bill Sandiford: Awesome. Okay. Lower your hands. Any who are against the policy, please indicate by raising your hand now. Should be much easier to count.

Hollis Kara: Our talliers are tallying. We need some music. Give a joke. No, we’re not going to do that. I didn’t see Jenny was back there counting as well. Thank you, Jenny.

Beverly Hicks: I have your results. There are 117 people in the room.

Bill Sandiford: We asked 117 people in the room and online, are you in favor. Survey says!

Beverly Hicks: You threw me for a loop there, Bill. I have 117 in the room and 68 online. Survey says, 89 are for it and two against.

Bill Sandiford: Thank you. All right. That information will be passed on to the Advisory Council for their information and their guidance. Thank you.

Hollis Kara: With all due enthusiasm, thank you very much.

(Applause.)

Gotta warn me before you do that, Bill. Next up, keeping us on our toes, I’d like to invite up Gerry George, who will present Policy 2023-8. And this is the reduction of the maximum allocation under 4.1.8.

Draft Policy ARIN-2023-8: Reduce 4.1.8 Maximum Allocation

Gerry George: Good day to all. And as a Caribbean man who came up straight up here, thank you so much for the “warm” Canadian welcome.

(Laughter.)

So we’re looking at the Draft Policy 2023-8, which talks about the reduction of the maximum allocation for 4.1.8.

My co-shepherd is Brian Jones, who is sitting somewhere in the back there. Yep.

Okay. This policy has been around for roughly about a year and was also presented at ARIN 53. So I’m not going to go into too much detail as to some of the information there, but it’s presented for completeness. And as you know, you guys can download the slides and so on. And it has been on PPML for quite a bit.

So the Problem Statement, in summary, is that the waiting list times are too long and there are not enough IP addresses to satisfy the waiting list within reasonable time space.

So the recommendation or the suggestion is to reduce the maximum allocation on the wait list from a /22 to a /24. So the proposed Policy Statement is on here. The blue text is the main new text that is being proposed and there are also some additional changes that will show up later where text has been recommended to be actually excluded or removed from other sections.

But in brief, it says that it will be reduced from a /22 to a /24. That’s the first change indicated. And organizations which have ever held any IPv4 will – difficult to read from here – will not be eligible to apply on the wait list.

And as I mentioned, here are some of the other changes in red where text is being struck off because it would no longer apply.

And this is basically just a summary of the Policy Statement without the pretty colors on there. The current NRPM text is what applies right now. And, of course, I’m not going to read through that, but this is what currently applies as far as the wait list is concerned. And there’s also some additional text in subsections 4.1.8.1, .2 and .3.

And here are the proposed changes as per the policy that’s been proposed. So you see some of the text has been struck off based on the NRPM text.

And more changes in there. Once again, the Policy Statement, as it will look, key changes being highlighted and, again, without the pretty colors.

So history of this policy is two days short of being a year. Presented at ARIN 53. And we’re back here at ARIN 54. Let me jump back – we had text change proposed on PPML in February, just before we went into ARIN 53. And then we had text changes also at the end of September, just before this session.

So historical feedback. There has been quite a bit of community discussion on this, and some of the discussion has actually been polarized. But the one area where there seems to have been some consensus is that persons are saying, if this policy goes through, there should be some protection for persons already on the list, because if an organization has applied for, say, a /22 and this policy kicks in, it will then revoke that /22 request and replace it with a /24, which some felt would be unfair.

So we put in some additional text, which you will see in the September 30th version where it puts in some protection for those persons already on the wait list. And that’s just I’m showing what that text is, that protection clause.

Okay. If the policy goes through and adopted as is, it will only impact new wait list entrants.

This is just the screen that I borrowed from I think it was Jon Worley’s presentation at – the last session was at, not NANOG, something last week, I think.

Hollis Kara: At CaribNOG?

Gerry George: Yes. And it just shows the status of the wait list.

Now we need to consider the “protection clause.” And here I’m quoting the well known – what is the term – I don’t want to use the term “old” – quoting John Sweeting, “experienced,” yes, the experienced John Sweeting.

And it says essentially if the wait list was – if the allocation on the wait list was reduced from a /22 to /24 there would be a significant reduction in the size of the wait list, roughly about two-thirds. If it remains as is there is a – previously it was like a three-year, but just today it was mentioned it’s a little over a two-year wait time on that wait list.

So if we implement that protection clause, it means that there is still that two-plus-year time frame before any impact of that policy will happen.

If we do nothing, then the wait list remains with the, well, two-plus-year – I apologize where it says three-plus-year; I wasn’t able to make the edit this morning.

So if we do nothing, the wait list remains as is. If we put in the clause, the policy going through means there is still a two-plus-year wait time before the new allocations of the new policy comes in. So we’re still two to three years out before anyone can benefit from this policy.

If we have no protection clause and there’s immediate application, then we can see an immediate change in the wait list.

Just explains it a little more on the impact of the policy – do nothing, the wait list remains as is; protection clause, so no protection.

Community feedback. Well, this just reiterates the need for the protection clause. And actually let me just – beyond the text that was essentially frozen as of 30th of September, there were additional comments on the PPML. So I’m proposing those there, but those comments mainly referenced grammatical language, not really changes in the policy. So there’s a comment, in terms of the way some of the sentences were written that it was a little awkward. So I’m presenting those there for edification and awareness. And also a change in the way the protection clause was written.

So we have two options – option A, which is the current one; and option B, which rewords it just a little, but no effective change in what’s happening.

And then there was some other – there was a query about the restriction, the policy and a misunderstanding as to whether it applied to organizations that already had – that already had distributions.

But just to clarify, it is the restriction that applies to the organization. The restriction for the /24. And I will just read where it says, “this restriction will be applied to all future distributions from the wait list to also include those organizations” – in brackets I have “requested,” but I just want to mention that that requested is not intended to be part of the policy. It’s put in here just for clarification and better understanding. So, “to reduce to include those organizations currently listed.”

And community feedback, as I said, has been all over the place. Some persons say this is no good. Some say that a /24 is really not that useful to large organizations. It really restricts them. And others say this policy should just be abandoned.

So going forward, questions for the community – so we consider the revised policy as written with the proposed protection clause and the impact it will have if that goes through with the protection clause. Consider it going through without the protection clause.

There’s been suggestions, do away with the wait list completely – that would require a whole new policy to be submitted – or just abandon the policy and let the wait list remain as is and let the status quo continue.

So the question to the community: Should we keep working on this policy as formulated? I just want to say we actually haven’t been able to get any kind of consensus. We’ve had very strong opinions – very strong divergent opinions.

So question, should we keep working on this policy as formulated?

Hollis Kara: All right. Thank you so much, Gerry. Bill, welcome back to the stage.

Microphones are open. Virtual attendees, please start typing.

Bill Sandiford: We’ll start over here on the left-side microphone.

Adair Thaxton: Adair Thaxton, Internet2. I had asked on PPML, understanding that it’s not the purpose of the PPML, if anyone who was on the wait list was going to be affected by this. And John correctly replied that that was not really the purpose of the PPML to survey the wait list participants for their opinions.

But I would like to know if there’s anyone in the room who would be affected by the policy change and what their thoughts are since it affects them directly.

Bill Sandiford: Approach the microphones if you have an answer to that question and feedback to give. Go to the right side.

Gary Giesen: Gary Giesen, EGATE Networks. I do not support the policy as written. I think it should be abandoned. I think limiting it to /24s limits the utility, particularly for startup ISPs, where /24 is just not enough space.

I mean, the wait list is what it is. We’re in a post-runout world for a long time now. There’s still some utility to some people. But I think if you’re depending on the wait list to start your business, you’re going to be waiting a while, regardless what’s done.

I don’t necessarily think that limiting to /24s is going to have any great utility or going to dramatically change the usefulness of the wait list.

Bill Sandiford: Well said. Thanks, Gary. Left side.

John Brown: John Brown. Question: Would an existing wait list policy, wait list person, be able to modify their position on the wait list and say, I’d be happy to go ahead and take a /24 if that gets me moving sooner? And, so, instead of abandoning a position they’ve already held and then reapplying, could they modify since we’re not forcing it to be a retroactive?

Bill Sandiford: I see John Sweeting jumping up there. I’ll let him answer.

John Sweeting: Yes, John Sweeting. Current policy is, yes, if you want to reduce it, you can reduce it and keep your place on the wait list.

However, if you want to make it bigger, no, you have to get off and put in a new request.

So, yes, you can say I’ll take a /24 and you can change my maximum from /22 to a /24.

Bill Sandiford: Go to the right side.

Kevin Blumberg: Kevin Blumberg, The Wire.

We’ve already had a lot of this discussion the last time we adjusted the wait list. I think the pain threshold that we reached we’re reaching again, which is everybody who is on the wait list is very annoyed that we’re about to change the wait list, which was exactly the same thing that happened the last time and we had to fix that.

Bill Sandiford: The last time it was a suspension of the wait list because of other issues, but the sentiment of annoyance of tinkering with the wait list is well heard.

Kevin Blumberg: There’s a simple way to address this in policy which should be done if you’re going to move ahead with any policy, which is this policy can change at any time. Your place on the wait list and the amount of space you get and the requirements of that may change at any time.

When you are applying for the wait list, please understand that policy can change at any time. Not having that there means that as the wait list change – when it becomes 25,000 people on the wait list and it’s an 80-year – we have to have something that actually explains to people that this is a mystery bag that you’re getting, not a /22.

The second part to all of this is, there is an unbelievable number of people that are saying scorched earth – oh, John has his hand up.

Bill Sandiford: I see the monitors come to life here, and the wizard appears.

John Curran: Kevin, I don’t mean to interrupt. I agree with what you’re saying. I want people to understand, the default at present is if you go to make a policy that changes the wait list requirements, because in the past there was an ambiguity regarding what happened to the existing people, you are likely to see pushback that says: We need clarity; what happens to those people on the wait list?

It should be perfectly clear that this policy does change existing wait list entries or does not. And my recommendation, I’ll only just say, it’s far easier, until we have a policy that says people on the wait list may be affected by future policy changes, if you’re making a policy change this the wait list, it’s far easier to say now this applies to new entries, not old entries, because if you want to apply to old entries, you have to make sure that we go through a prolonged process of contacting everyone on the wait list so they can opine about this policy change. They may not be aware of that.

So two aspects, as Kevin says, it might be nice to add something to wait list policy indicating that the policy itself is subject to change; you need to participate in the policy process. If you want to maintain your position on the list, please understand, participate in the policy process or you may end up being affected by future policy.

Until we have that, it’s probably not a wise idea to adopt policy that explicitly changes those already on the list because they weren’t told about that when they got on.

So we’re thinking about two aspects. Do we want to have the policy say explicitly, regardless of any change to it, say explicitly for people getting on now, your entry is subject to change? We don’t have that at present in the wait list policy. And then the second is, for this particular change being proposed, can we make sure it’s explicit one way or the other?

If it’s explicit and it doesn’t impact the wait list, that is the straighter path. If it does impact the wait list, we have the issue exactly what we’ve said.

There’s people probably on the wait list who are not in the room and not on PPML, and you probably want to go to an extended call for that.

Bill Sandiford: Thank you, John. Front left side.

Mike Burns: Mike Burns, IPTrading. I was the original author of this proposal. And I did, as John specified, have in the proposal the idea that there was no grandfathering in of current wait list members.

But I was always 50/50 on that. And I don’t mind the idea of protecting the current wait list members in the way the revised policy says.

But going to the 80-year wait, I used the word “absurd” on the PPML because it just doesn’t look like great governance to be doing and requiring a two-year needs test for addresses that won’t be delivered for well beyond two years.

So I would say that I’ve already done a proposal to do away with the Waiting List and take returned addresses and put them in the reserve pools. And that proposal failed.

So I do think leaving it alone is not a good idea, as the absurdity grows with the duration of time between a needs test and delivery of the addresses. So I would think we should keep working on it.

And I do support the protection for the current members with the hope that – and basically we’ve learned now, it’s not three-plus years; maybe it’s two-plus years – but once that bulge in the wait list of /23s and /22s gets moved through, maybe this policy will end up with a wait list where delivery is within the time period of the needs test.

And the other reason I wrote the policy was to simplify the NRPM. I think we could see there’s a lot more red text going away, which I think is good. I do support working on it.

Bill Sandiford: One thing I wanted to note on that, Mike, and I keep hearing when people say about the two years, we don’t have a crystal ball. We could have a block come tomorrow that, on the next distribution satisfies the entire wait list. We could have not enough come back that the current two-year wait list could be a five-year wait list. We actually don’t know the time horizon.

Mike Burns: Well, we kind of know. There’s not going to be many more big blocks coming. That’s another issue I brought up at the last meeting is, unlike in other registries, we don’t know what’s in the quarantine; we don’t know what’s expected to come through or what’s going to be delivered in the future. I think that’s an absence of knowledge that we really would benefit from having.

But I think that given the market conditions it’s unlikely that large blocks are going to keep coming back and more likely that the Waiting List is just going to get longer and longer.

Bill Sandiford: Possible. Noted. Right side, front.

Nathan Kellyman: Hi, Nathan Kellyman, Small Island ICT. Just a question, more so clarification.

At the beginning of the presentation, there was an element that said that organizations that held /24s, or held IP subnets before, would not be eligible to be on the wait list.

Just from my perspective, I kind of want to clarify, does this apply to organizations that may have had spaces leased by IP brokerage companies or from other companies, or just for subnets that were leased from ARIN directly?

And one more question, for larger organizations that may have had larger spaces and they want to get new allocations, will they be able to get multiple /24 spaces to compensate for the larger spaces that they want?

Gerry George: To the second question, I think an organization can only be on the wait list once. You can’t have multiple requests on the wait list. And the first one I think John –

John Sweeting: That is correct, they can only be on the wait list once, and then they have to wait six months – 90 days? 90 days before they can submit another request after they get it.

And one thing to John’s – about the two years, we go back sometimes and check, most of the times people still need it, because if they had gone out and fulfilled their needs, their requirements any ways, through a transfer or anything, they’re removed from the wait list. So people who are still on the wait list still have that two-year need.

Nathan Kellyman: What about the first question?

Bill Sandiford: Was the first question about this topic that’s up here now?

Nathan Kellyman: Yeah, there’s an element here that says, if you held IP spaces before, you will not be eligible to get on the wait list. I want to know who does that apply to? Does that apply to everybody?

If you had IP space that was leased from an IP brokerage firm or someone else, are you now, if you want to apply for a lot of space, not going to be eligible to be on the wait list?

John Sweeting: That’s in the proposal to change. That’s not there today, so that’s nothing that’s there. You can have up to a /20 of space from anywhere. You could have got it from ARIN earlier.

That’s some kind of change to the policy that –

Bill Sandiford: I still don’t think it answers the question. The question is – and I believe the answer to the question is, this wording in the proposal is suggesting that if you have directly held IP address space, not if you’re getting it from your upstream ISP or a lease or whatever.

All right. Left side.

Douglas Camin: Doug Camin, CCSI. First a little note, if there’s a mystery bag, I think it should come with a nice toy; that would be awesome.

(Laughter.)

Regarding the policy here, I do think that if people have specific needs, there’s 4.10, there’s a couple other avenues for people to get space, specifically in small blocks, from ARIN. But I do think that this needs to be given consideration to fix.

And I would say that I support, as a member of the community, an approach that takes into account that the space should go to organizations that have needs. So if we can identify the need, however that looks – whether that’s consolidating the various lists into one and finding a way to satisfy that block, going to the /24 and this, I do support that as written. So I think that would be option number one.

Given the current trajectory, and understanding that that can change, the current trajectory if we went to a /24 set up, would bring the period down to something more reasonable. I do think that’s a good policy goal. I think that it doesn’t seem like good governance to just let it sit and fester. So I do think something should be done.

Gerry George: To speak directly to that, and I suspect that’s what John was coming to say, the last allocation, which happened last week, there were, I’ll give you numbers, 318 /24s were issued. That was to 117 organizations.

If the restriction was in place, it would – actually before I get to that point, based on the number of requests currently, with no change and no policy change, it would require 1,727 /24s to fulfill all those requests. If the /24 restriction was in place, you would have 318 organizations coming off that list. So take the list down to 501 as opposed to the current 702.

John Sweeting: John Sweeting, I just want to remind everyone, this is a Draft Policy. So there’s plenty of time to talk on PPML and get your thoughts there. And actually it will be documented there much better. And you can also find AC members anywhere around.

It’s a great conversation and everything, but we do have a schedule we have to keep. I’m sure people are getting hungry and want lunch. So if it’s not real important to say it here at the mic, consider using PPML or grabbing one of your AC members during – in the lunch or at lunch.

Bill Sandiford: On that note, we’ve got three people in the online queues, and we’re going to close off the queues now for new entrants into the queue. Let’s go online.

Gerry George: Let me also say quickly, there’s also a Table Topic at lunchtime on this policy.

Bill Sandiford: Very good. Online, I understand we have three.

Beverly Hicks: I have four now.

Denis Motova, B-Rock Crude Partners. I believe that the only way this policy should or would move forward is with protections for people on the Waiting List. Overall I don’t support this policy as written.

Alan Rowley, Citizen Support. I think this should be abandoned and let the status quo work. When a shortage makes a five-year wait in time, the supply will meet its own demand and may raise the price on IP options, yes, but it’s a limited resource and the economy should fix it via demand and costs. Any changes should be on new orders after an effective date.

Continue?

Bill Sandiford: Keep going.

Beverly Hicks: All right.

Tyler O’Meara, unaffiliated. I fully support protecting the current behavior for existing wait list participants irrespective of whether this policy goes ahead or not. I support John’s proposal to modify the wait list to say that it is subject to change. And further future changes may affect the requests already on the wait list.

And Matthew Cowen, Fellow, unaffiliated. I don’t support the policy as written. The ambiguity of the rules for those on the wait list is clearly not helping, and it seems there is no one position that is true for all. Therefore, I’d agree to a two-tiered structure.

Bill Sandiford: All right.

Kevin Blumberg: Kevin Blumberg, The Wire.

Since this is a policy meeting, I feel this is probably one of the best places to talk about policy. And, quite frankly, the PPML has become less than ideal for these kinds of discussions.

I would love it to improve, John, but it hasn’t. This policy should be abandoned, not because I don’t believe that there are things that should be done on this policy but because after a year, the text is so awful and we’ve made so many – we’re going to be nice to this person and nice to that person.

The fact that it says any IP, and I could be using my home computer and therefore I’m not eligible, that ambiguity in this policy, after a year, says to me let’s start over. Start over with very simple guidelines.

The things that I’ve heard are /22, I may need it. Guess what? We have what we have. /24 is only fair and equitable to as many people as possible. Write a very simple operational need, /24 policy, get rid of the entire thing and say this may change at any time. Start with a new policy because this one is not going to go anywhere unfortunately.

Bill Sandiford: Thanks, Kevin. Thanks, everybody, for your valuable feedback. The AC will take it all under advisement. Thank you.

Hollis Kara: Awesome, thank you.

(Applause.)

So clearly it got a little warmer in the room because everybody doesn’t seem to be in such a rush to get out of here. However, we are now 20 minutes late to break for lunch. What we’re going to do is go ahead and go to lunch.

We’re going to start, when we come back, we will pick up with the election block, which will run until the afternoon break. And then we will start the next policy block where we’re ending now so the first one up will be 2024-1 in the afternoon. And we’re just going to have a honkin’ chonkin’ block of policy to get through.

Eat lunch, caffeinate. Is it possible to get the break slides? I think I have a couple of reminders that I need to go over before I run out of the room.

Table Topics, please do visit your Table Topics. Don’t run yet. I’m not done. I’m waiting for my slides. They hate it when I change things on the fly. I’m sorry, guys.

Lunch break. There are some handy dandy dots on the floor. They point the way to the meals and meeting. For those who need some wayfinding help, we are back where we had breakfast; if you had breakfast, that’s where lunch is. And do stop in at a Table Topic table if you’d like to discuss any of those with the AC.

And we will be back at 1:30. This room is not secured, so please consider taking your personals with you when you go. And for folks who are joining us virtually, feel free to just leave the Zoom window open and hop back in when we restart.

Thank you, everybody. It’s been a great morning.

(Lunch Break)

Hollis Kara: I feel like I’m being interrogated up here. Clearly everybody enjoyed lunch, or is still enjoying lunch. I’m waiting for everyone to flood down the escalator there. They’re coming. We’ll get started, give folks a moment to come in and get settled. It’s particularly critical that Mr. John Sweeting enters the room since he’s going to be first up on the agenda. I can see him. Hope everybody is looking forward to the Hockey Hall of Fame this evening. Brought their socks. It’s a little chilly outside, or so I understand.

We’re rolling in. I can see him, but I don’t want to yell into the microphone. I can see him, he’s in the hall. Here he comes. You’re holding up the show, John. Say nothing else, John does care about the customer experience. I have the after-hours Slack messages to prove it. We are gonna talk about elections. All the important people are here, including my boss, John Sweeting. Well, not all. Most. Bill’s right there. Bill was on time, John.

So I’m going to stop talking and I’m going to let him start talking. And then we’re going to do things. And then we’re going to play videos.

2024 ARIN Elections

John Sweeting: Hello, everyone. I’m back again. We’re going to do an election introduction here. 2024 elections, we’re going to talk about.

Voting opens today, 24 October, at 3:00 p.m. Eastern, noon Pacific. Voting closes at 7:00 p.m. Eastern, 4:00 p.m. Pacific, on 1 November, which is a week from tomorrow, next Friday. November. November is almost here. Oh, my goodness.

Okay. So Statements of Support and candidate bios are available at that URL. You want me to read it, Bill? Come on.

OK, so the six steps you need to do to get ready for ARIN Elections, get to know the candidates. You’re going to see them all speaking on the big screen here in the next few minutes.

Join the General Members Mailing List, if you’re a General Member, and only General Members can vote. So to get ready to vote you should join that General Members Mailing List, because there is some information on there.

Although we really don’t see the back-and-forth we’d like to see. I don’t think any of the candidates have used that to put their story out to the General Members on that list. But that’s what one of the purposes of that list is.

All the candidates were subscribed, whether they were a General Member or not, so that they could see what was going on with the election. They will be unsubscribed after the election is over.

View or make statements of support at that URL I showed you on the previous slide. Watch the virtual candidate forum recording, which was held last Wednesday afternoon virtually. I think we had, what did we have, 39, 40 people watch it live?

Hollis Kara: We did.

John Sweeting: Do we know how many we’ve had look at the recording?

Hollis Kara: I do not know that. But it is available. Y’all could pump up those numbers right now, just pull it up on your screen. Not in the room. Don’t do that now.

John Sweeting: You can all start watching that forum at the same time you’re watching the speeches.

And then listen to the candidates’ speeches that are coming up really soon and then cast your vote.

How to cast your organization’s vote? So who can vote? Real quick, General Members in Good Standing with a designated Voting Contact as of 9 September. We now allow organizations that are in that state on 9 September to update their Voting Contact all the way up ’til seven days prior to the voting period beginning. So that cut-off was last Thursday at 3:00 p.m. Eastern, noon Pacific.

The thing there is, though, if you didn’t have a Voting Contact designated on 9 September you can’t add one after because you’re not eligible on the eligible voting list at that point in time.

So the big thing is to make sure you had that Voting Contact before. That will help you next year, maybe.

Okay. So getting to your ballot. So after 3:00 p.m. today, Eastern, noon Pacific, eligible Voting Contacts should log in to your ARIN Online.

You’re going to have to have multifactor authentication to help you log in there. Select the ‘Vote Now’ link and cast ballots for Board of Trustees, Advisory Council, and the NRO NC. And voting opens at 3:00 p.m. today.

So understanding your ballot. I can’t see that ballot, but when viewing your ballot, you’re going to see your name and your vote weight. So if you’re a Voting Contact for more than one General Member in Good Standing, you will have a weight of however many of those General Members you represent. So you could have, you know, your vote weight could be three.

There is no way to split that weight. You have a weight of three. You will vote and all your votes are cast the same for those three, for that weight of three.

So then you will see the organizations that you are casting a ballot on behalf of and the email address that will receive the confirmation email of who you voted for.

The full ballot for all elections will be presented at one time on the same screen. So that is what that thing on the right of your screen — right as you’re looking at it — will look like. Everybody, they’ll all be listed there. And all three different separate elections will be on there as well.

So choose up the three candidates for the Board, five for the AC, and one for the NRO NC. You don’t have to choose three for the Board, but you can choose three for the Board. Same with the AC, you can choose one to five. I believe you can even not select anyone if you don’t want to. And that still counts as you participated in the election so that you don’t get kicked back to Service Member status in the next year or so.

You’ll be able to review your choices. And if you feel you need to change your selections, you will be able to do that. Then you’re going to agree to the participant consent and transparency agreement, and then you will do a vote confirmation. You will confirm, yes, this is who I want to vote for. And once you do that, you’ll receive a confirmation email and you will be done.

So getting to know the candidates. There’s a Voter Guide, candidate forum recording, which is available at ARIN.net/elections, General Members Mailing List. Like I said, there hasn’t been a whole lot of traffic on the mailing list. You probably wouldn’t get much from looking at that. Hopefully next year we’ll get more participation on that. And then the Statements of Support, which are found at ARIN-elections.net.

2024 Board of Trustees candidates. I’m not going to read them all. You can see them there. There are 13, lucky 13, running. So make sure you do your homework and you select three, up to three, of those 13 that you would like to see representing you on the ARIN Board of Trustees.

The Advisory Council candidates, there are nine Advisory Council candidates, all listed there on the screen. You can select up to five for that election.

And then for the NRO NC candidates, we have three people running for that one position. You can select one of those names to be your NRO NC representative.

Election headquarters, arin.net/elections, your source for all information on elections.

The calendar is there, all the process documentation, step-by-step instructions for voting.

I think we’re going to have a slide here that says — do we not? Oh, yeah, there it is. Visit the ARIN Elections Help Desk here in Toronto. Jason Byrne is sitting outside in the lobby out there with his own nice, big table ready to help you with any questions you have concerning the elections.

All right. That’s it. We can now let the fun begin.

Hollis Kara: Yep.

John Sweeting: It’s time to hear from those candidates.

Hollis Kara: That’s right. All right. You are done.

And if you need a little bit more incentive to vote, we have reminders in the system that will go out to our voters every day until a ballot is submitted. So the easiest way to make those reminders go away is to log in, vote, and submit that ballot, and then you’ll be off that list. Just putting it out there.

So for starters, we’re going to lead off with speeches from our Board candidates. They will be shown in alphabetical order. And with that, I’m going to sit down and we’re going to run film.

Candidate Speeches

Board of Trustees

John Brown

Announcer: Our first candidate for the ARIN Board of Trustees is John Brown.

John Brown: Hello. My name is John Brown, and I’m a 2024 candidate for the ARIN Board of Trustees. Over the next few minutes, I would like to briefly tell you a little bit about me and why you should vote for me.

I first got involved with computers in the mid-to-late 1970s while in grammar school. Starting out with an Apple 2 and then moving on to build several Sinclair computers, such as ZX80 and the ZX81.

When we moved back to the U.S., I became fascinated with bulletin board systems and ran one while in high school. The thought of communicating with people in far off lands was exciting.

I distinctly remember sending and receiving messages with people in other countries and continents using tools such as FidoNet.

While in high school, I had the opportunity to connect to the University of New Mexico’s UNIX system via dialup connection. Using my CPM System Modem 7 and a 1200-baud modem I was now on this thing called the NSFNET, or what we now call the Internet. To me, this was bulletin boards on steroids.

After high school, I had several jobs working as a software engineer and ultimately moved out to Silicon Valley. At this time, the Internet was becoming more commercial and regular people were connecting. I and several friends started an ISP in Silicon Valley providing dialup but mostly frame relay and ISDN connections to businesses. This was the first time we received Internet resources, IPs and AS data, from InterNIC. InterNIC was the predecessor to ARIN.

I attended my first NANOG, NANOG 10, in 1997 and shortly thereafter hosted two of the three NANOGs in Albuquerque — NANOG 12 and NANOG 19. I was a contractor for ICANN for nearly four years, principally having the technical responsibility for L-root DNS, one of the 13 critical root DNS servers.

I also helped sponsor and host the ICANN meeting right after 9/11. Over the years, I have operated two ISPs and one hosting firm. Most of my ISP operations have been in rural parts of the U.S. I’ve also served in the past as a member of the ARIN technical Advisory Council.

For the last 10 years I have been active in cybersecurity, achieving CISP certification and being approved by ISC2 as an instructor for the CISP certification.

I’ve technical relationships with many folks in the RIR community globally, attend those meetings, and many times provide technical training.

So why should you vote for me? Forty years of being connected to something that uses TCP/IP. The benefit of seeing how this transformative technology has positively impacted the human race. Firsthand, in-the-trenches experience with the unique challenges that small to midsized providers have with respect to Internet resources. Very aware of cybersecurity issues that face the community at large and face ARIN internally. Specifically skilled to help with this.

I am highly motivated to keep ARIN as a member-driven org and to ensure it continues the excellent services it provides well into the future.

Should you have any questions, feel free to reach out to me. I will be attending ARIN 54 in Toronto.

Thank you for your consideration and for your vote.

Mike Burns

Announcer: The next candidate for the ARIN Board of Trustees is Mike Burns.

Mike Burns: Thanks for watching my video. I will be in Toronto, so if you have any questions or just want to talk, please come see me.

I’ve been President of my company since 1986, but I govern it along with other shareholders who have the same duties and responsibilities that trustees have to ARIN. My ability to work at such a group can be measured by the longevity of the company and the shareholders who have been together for decades.

I do have a degree in business from MIT and spent over 15 years consulting with businesses, large and small, regarding the computerizing of their accounting and operations. This included hardware, networks, training, and programming. These activities provided an inside view of these companies and an excellent business education, which I think would serve me well on ARIN’s Board.

However, these are general qualities. I also have specific experience that deals directly with ARIN. I have been interacting with ARIN since 2001 when we decided to return some unneeded address space that we got along with an acquired company.

ARIN told us some of the space was legacy, and we kept that and thus began a long relationship starting as resource holders. We waited for the IPv4 market to develop, and eventually I wrote a more suitable transfer policy for ARIN via Prop 151 in 2011.

This began my participation in ARIN policymaking and my visits to the ARIN meetings, of which I’ve attended at least a dozen. I have a much deeper understanding of ARIN these days, and I believe my input is best directed outside the policy arena now.

My long experience with the IPv4 market provides perspective on risks to ARIN that aren’t readily visible. These include the risk that the ITU will determine that the Internet is just too important to let its regulation be left to an experiment in stakeholder governance.

Any weakness in the stakeholder model can be exploited by actors who want governments to have a larger say. I worry that the impact of money and the IPv4 market will lead to regulatory capture or collusion on the buyer or seller side or just plain pay-to-play corruption. I worry that the situation in AFRINIC provides evidence that stakeholders aren’t up to the job.

I have direct experiences with these issues that could inform the Board, and I think it’s likely my voice would add some diversity to the Board’s thoughts. So for those who have read my PPML posts and think that I belong on the Board, please cast your vote for me. And for those who have read my PPML posts and just wish I would shut up, please understand, as a board member, I won’t be participating. So cast your vote for me.

Thanks.

William Charnock

Announcer: The next candidate for the ARIN Board of Trustees is William Charnock.

Will Charnock: Hi. My name is Will Charnock, and I’m excited to seek a seat on the ARIN Board of Trustees and I’m here to ask for your support.

My current role is as Head of Infrastructure and Cloud Operations for Imperva/Thales. My previous experience ranges from front-line engineer all the way up to cofounder and CEO of my own company. In the last decade, most of my experience has been in the senior leadership ranks of companies where I oversaw large chunks of the business.

In those roles, I had to build budgets, head count plans, go-to-market and product strategies, deal with HR issues, board members, investors, manage small and large global teams and ensure that we were meeting the business objectives that we’ve been tasked with.

While I’ve entrusted much of the policy issues associated with the RIRs and ARIN to folks who have more time to give the attention necessary to ensure that the policies adopted serve the community well, it doesn’t mean I haven’t been involved in the Internet community at large.

I care deeply about this community. It’s given me so much personally and professionally over the years, and because of that, I was willing and fortunate to serve for five years on the NANOG Board of Directors, where I was the Treasurer for the bulk of that time. One of the key initiatives we were tasked with during that time was shoring up the financial foundations of the organization to ensure its future viability and success, and I’m proud of the work that we did and all that we accomplished, establishing a multimillion-dollar reserve towards that end.

As I look at some of the challenges that ARIN faces, whether it’s uncertainty about the RIR governance role going forward or whether it’s threats against the traditional governance model that has served the community so well throughout the years, I believe that because of my experience that I’d be a good choice for the Board of Trustees.

I have strong business experience. I have strong financial experience. I’ve had to manage organizations through crises successfully and I have strong experience in oversight and governance. So I’d like to ask for your vote for the Board of Trustees. If elected, my number one goal will be to serve the community to the best of my ability, to ensure that the good work that’s been accomplished thus far continues and that we’re positioned for a bright future.

Thank you.

Ron da Silva

Announcer: The next candidate for the ARIN Board of Trustees is Ron da Silva.

Ron da Silva: Hello. I’m Ron da Silva, and I am running for the ARIN Board of Trustees. I have an extensive career of over 30 years building Internet infrastructure, working in telecommunications, broadband, and data centers.

I am comfortable moving across management, technology, strategy, and finance. My senior leadership experience includes working in the boardroom both as a member of staff and as a board director.

My ARIN experience includes chairing the AC during a six-year term from 2002 to 2007. I represented ARIN on the NRO for five years, from 2010 to 2015, and also represented the global numbering resource community as a member of the ICANN Board for six years, from 2015 to 2021, on behalf of the NRO.

I have, early in my career, experience doing standards development at the IETF. I have been an active member of the Internet Society and an occasional speaker, sponsor, member, and participant of NANOG. I have served on seven boards, including today a credit union and co-chairing the D.C. chapter of the Internet Society.

I am NACD certified. That is an industry accreditation from the National Association of Corporate Directors.

I am very comfortable with board succession planning and development. I have strong financial literacy, extensive governance experience, and have served on finance, audit, compensation, governance, executive, technical, and nominating committees.

My diversity of experience and maturity would benefit ARIN. Looking at the challenges across the ocean with AFRINIC, it’s imperative that directors bring a strong board experience, bring integrity and executive leadership.

Also, with the continued challenges with the global Internet ecosystem at large, it’s also important to bring Internet governance experience, managing competing interests from governments and NGOs and also comfortably navigating U.S. federal and state policies and legislative developments that could impact ARIN.

ARIN at its core is a membership organization, and the Board is here to serve on behalf of its members. I bring you no conflicts. I don’t work for someone buying, selling, or accumulating Internet numbering resources or for an operator or an enterprise that is assigning addresses.

Even though I’ve done that in the past and understand the importance of numbering resources, I bring independence. I am committed to you to continue to improve upon transparency and accountability of ARIN and its Board, and I ask for your vote to represent you as a trustee on the Board of ARIN.

And thank you very much for your consideration.

Peter Harrison

Announcer: The next candidate for the ARIN Board of Trustees is Peter Harrison.

Peter Harrison: When good governance requires a call to action, I am there. If this is important to you, then vote for me.

I was a founding member of the Governance Working Group that, through research, collaboration, and consultation, recommended transition such as Board term limits for greater resilience; increasing the Board size to improve fiduciary scrutiny; reforming the Nomination Committee and its processes; creating a Risk and Cybersecurity Committee for the safety of the organization; and making governance a priority with a dedicated committee.

During my current term, I have chaired or co-chaired all these committees. Because of this, ARIN now has clearly defined nomination criteria and impartial third-party evaluations, unprecedented risk and cybersecurity visibility, SOC compliance, a Chief Information Security Officer, formal board training, the first iterations of succession planning, and more. If this is important to you, then vote for me.

These transitions are only the beginning. ARIN’s good governance is a beacon for the RIR system and it must continue to adapt.

Careers that began with the Internet like mine are starting to end. Reforms that I championed will gradually change the composition of the Board. In the decade to come, there will be uncertainties unlike those of today.

What is a world dominated by IPv6? How do we guarantee RIR system stability? How can we accommodate new perspectives and leadership? Should ARIN seek new areas of relevance and service? What is the best planning horizon for this new world? Board members like I collaborate for answers.

Smooth transitions require research, collaboration and consultation. I have done transitions before, and in my final term I can help the new trustees find the way. If this is important to you, then vote for me.

Like I said in my first election speech, governance. Governance requires trust. Put your faith in me. Our community inherently knows that the new Risk and Cybersecurity Committee works with ARIN’s capable staff to cover our technical debt, RPKI, RDAP, DNSSEC compliance, and more. But good governance also requires a community that understands what the Board does in more qualitative ways.

The Board’s visibility must grow in the Caribbean beyond CaribNOG to include regional government forums. I have worked with my colleagues to get this on our calendars. We must also explore new approaches to visibility.

As we approach the crossroads, we must prepare. The changes are going to be new, and ARIN stability must be maintained. The transitions must be smooth.

Voting for me will help to assure this. The membership believed I could bring transformation. I know that support will continue.

Thank you.

Philip Inshanally

Announcer: The next candidate for the ARIN Board of Trustees is Philip Inshanally.

Philip Inshanally: Hello. My name is Philip Inshanally, and I’m running for a seat in the upcoming Board of Trustee elections. I bring over 23 years of experience within the IT industry, having worked with diverse array of technologies across both the private and the public sectors.

My career has afforded me the opportunity to solve complex challenges, manage large-scale projects, and help organizations leverage technologies that drive success.

I currently hold the prestigious CCIE, which stands for Cisco Certified Internetwork Expert, and my number is 61204. Throughout my career, I have been committed to sharing my knowledge with others.

I have produced numerous online training courses for renowned platforms such as INE, Cybrary, and BPB Publications, helping thousands of professionals gain the skills necessary to thrive in the rapidly evolving tech industry.

In addition to my training contributions, I am immensely proud to be the only Guyanese to have authored two internationally recognized books focused on IT certifications, which are namely the CompTIA Linux+ Certification Study Guide and the newer one, which was released last year in 2023, which is called the CompTIA Linux+ Reference Guide, which is focused on the current Linux+ certification.

These publications have been invaluable resources for those who are preparing for challenging industry exams within the Linux industry, and they reflect my dedication to fostering education and professional development on a global scale.

As a lifelong resident of Guyana, which is located in South America, I am deeply invested in the growth and advancement of our community, both technologically and educationally.

I believe my background and experience can bring fresh perspectives to the Board of Trustees, helping to shape decisions that will positively impact our future.

I kindly ask your for your support in this upcoming election. By voting for me, Philip Inshanally, you are choosing a candidate who is committed, experienced, and passionate about using technology and education to drive progress.

Thank you for your time, and I look forward to the opportunity to serve on the Board of Trustees at ARIN. My name is Philip Inshanally, and I want to thank you for viewing.

Altie Jackson

Announcer: The next candidate for the ARIN Board of Trustees is Altie Jackson.

Altie Jackson: Hi, my name is Altie Jackson. I’m currently the Senior Capacity Planning Engineer for Liberty Latin America, which is the largest telecoms company within the Caribbean and Latin America region.

Some of us have known this company to be Cable & Wireless or Flow or Cable & Wireless Business. Now our Liberty in Puerto Rico, we know it as Liberty Puerto Rico.

Now, in my role, I oversee the operation of the CDN network, which is called a content delivery network, or the caching network. I also support the entire capacity planning of the entire network. I am this year running for Board of Trustee member. Now, I’m looking to come in to drive the policies and the mission of ARIN.

Now, one of the key things for us is that Internet number resources, I’m looking to ensure that these resources are available and they are driven in each country.

And for RPKI, one of my biggest drives within my business is to ensure all of our IPs, all of our prefixes, are RPKI validated. So please tell a friend, vote for me, Altie Jackson.

Keith Mitchell

Announcer: The next candidate for the ARIN. Board of Trustees is Keith Mitchell.

Keith Mitchell: My name is Keith Mitchell, and I’m seeking your support for election to the ARIN Board of Trustees. I am one of the seven candidates independently rated as ‘well-qualified’ for this position, and I bring a wealth of relevant skills, experience, and achievements in my background and track record. Although I may not be well known to some in the ARIN community, I have served much of my career with similar Internet nonprofit membership organizations with a public benefit, infrastructure-critical mission. This includes as the first chair of the RIPE NCC board, and a founder of the London Internet Exchange, Nominet, UKNOF, plus several other 501(c)3s.

More recently, I have just stepped down as president of DNS-OARC, a U.S.-based membership organization for the Domain Name Systems’ infrastructure community.

I am motivated and excited to devote time freed up from this into keeping the Internet open and well-run. I have been a long-standing active member of the RIPE community, including serving as a member of the RIPE NCC Dispute Arbiters’ Panel.

This has granted an ongoing insight into the market and geopolitical landscape of Internet number resource management and policy. OARC has been the successful recipient of three ARIN Community Grants under my leadership.

These furthered ARIN’s mission of RPKI deployment and DNS support of number resource infrastructure. All three projects were delivered successfully within time and budget.

OARC has also worked closely with NANOG and ARIN for co-located conferences within the ARIN region.

In addition to my strengths in Internet nonprofit governance and financial management, I

believe I have two unique aspects to bring to the ARIN Board: Having retired from executive roles in the industry, I can serve on the ARIN Board in a neutral capacity, putting ARIN’s best interests ahead of any vested interests, time demands, or distractions of an associated commercial entity.

Also, I bring an external, international perspective. I divided my professional career equally between living in Europe and North America, and have an understanding of the Internet provider and Regional Internet Registry space and cultures in both these regions.

My approach to ARIN is to come with an open mind and willingness to listen and to serve. ARIN is a well-managed and well-resourced organization with a deserved strong reputation. However, I can also see that the Regional Internet Registry system is today facing growing sustainability, vested interest, malicious, and geopolitical challenges, and I want to contribute to helping ARIN face and navigate these.

Should I receive the honor of being elected to the Board, I aspire to contribute some of my strengths to furthering ARIN’s mission, and seek to find areas where I can serve and make a difference with my particular skills.

Shernon Osepa

Announcer: The next candidate for the ARIN Board of Trustees is Shernon Osepa.

Shernon Osepa: Hello to everyone. My name is Shernon Osepa, and I’m one of the candidates for the ARIN Board of Trustees. Permit me to share a bit of me with you and how I’m planning to make a difference if elected.

I have over 30 years’ experience working in telecoms, regulations, and Internet governance. Having worked for global organizations such as ICANN, ISOC, and regional organizations and companies such as the Regulatory Authority in the Netherlands Antilles and also a telecoms operator.

On the academic side, I have studied electrical engineering, business administration, and the regulations and policy, all on bachelor or master’s levels and from recognized institutions in the Netherlands and in Trinidad and Tobago. Currently, I’m working as an independent telecoms and Internet governance consultant, whereby I’m, among others, a strategic advisor to the Caribbean Telecommunication Union.

The world is changing, and we’re standing at an important crossroads. We are constantly being bombarded with new technologies and terminologies such as AI, IoT, cybersecurity, digital sovereignty, quantum computing, and so on.

What impact would all these developments have on the Internet that we know today and on the future of the Internet? The decisions that we take today will have an impact on future generations.

That is why I would like to stand on the right side of history. If you look at ARIN’s service area, it covers the U.S., Canada, the northern Atlantic, and several Caribbean islands.

When mentioning the Caribbean, we often don’t realize that we’re talking about 30 nations that have different challenges and needs. My contribution as an ARIN Board member would be in addition to focusing on the whole ARIN service area, to ensure that the necessary deep dive is made on all these nations in the Caribbean as well.

The Caribbean has some very specific challenges that none of the other countries within ARIN service area do not have. That is why they’re called Small Island Development States, SIDS, and are officially defined and recognized by United Nations. SIDS have unique characteristics such as vulnerable to natural disasters, small enclosed economies, lack of capacity, high import and export costs, and limited resources.

I do realize that ARIN primarily is focusing on issuing Internet resources. These resources must be seen as key building blocks to construct something much bigger, which is the Internet economy.

As an ARIN Board member, if elected, I will be focusing, among others, on several key areas related to its strategic vision and planning, collaboration with its leadership and community, stakeholder engagement, and good corporate governance and compliance. I’m deeply passionate about ARIN’s mission and vision, and I’m eager to contribute my time and expertise to furthering its success, not only for the ARIN community but to the global Internet community as well.

Together we ought to defend the Internet, and I’m ready, fully committed, and equipped to do so. I count on you and your support.

Thank you very much.

Chris Roosenraad

Announcer: The next candidate for the ARIN Board of Trustees is Chris Roosenraad.

Chris Roosenraad: Hello. My name is Chris Roosenraad, and I’m coming to you today seeking your support for a seat on ARIN’s Board of Trustees.

First, a quick review of my professional background, how that maps to ARIN’s desired qualification and Board guidance memos. These memos start with a strong understanding of ARIN and the Regional Internet Registry system.

I have close to 30 years of experience in building Internet access networks both in the U.S. and Europe, including my current role as head of security at Google Fiber.

In addition, I have extensive experience on the name side of the Internet, having managed one of the largest DNS providers in UltraDNS, as well as spending six years on ICANN’s Security and Stability Advisory Committee.

The second item that ARIN mentioned is experience in running large nonprofit organizations, included, in bolded line, that ARIN is not an entry-level board.

I have decades as an advisor, board member, and officer for large nonprofit corporations. I served for over 10 years on the Board of M3AAWG, including several terms as chairman. And I was treasurer for the Technology Coalition Against Online Child Sexual Exploitation.

There’s also a stated desire for strong cybersecurity experience. I run Google Fiber’s Security, Privacy, and Abuse Response Department. And in my last role, I was the chief cybersecurity architect and a division CISO for Capital One bank. From nonprofit board experience, to ISP experience, to cybersecurity experience, I think you’ll find my CV maps very closely to what ARIN has laid out for a Board trustee. So now that I’ve talked about my background, I’d like to talk about three areas of focus that I see ARIN looking at over the next couple of years.

The first is finance. Thanks to a number of macroeconomic issues such as inflation, organizations are facing budget crunches around the world. ARIN is no exception. It is going to need to have strong budgetary-type controls as it moves forward.

My experience as a board trustee during the Great Recession and as a treasurer will be critical, financial oversight and guidance.

The second is around transitions. There are several areas of change coming for ARIN, ranging from how ARIN handles the sale and leasing of IP addresses, to organizational change within ARIN organization, to how ARIN continues the outreach to all the members of the community.

This is where having strong board members with extensive experience in leading organizations through change is going to be critical.

And finally is around security. The RIRs are under siege from the ITU, to unfriendly governments, to individuals such as what we’ve seen with AFRINIC. On top of this, ARIN, as an Internet organization, faces constant cybersecurity threats and challenges.

My experience in the messaging industry and as a senior cybersecurity leader will be a great help to leading the organization through these challenges.

Thank you very much.

Adrian Schmidt

Announcer: The next candidate for the ARIN Board of Trustees is Adrian Schmidt.

Adrian Schmidt: Hello, everyone.

I’m Adrian Schmidt, and I’m honored to be considered for the ARIN Board of Trustees. In these three minutes, I would like to share why I can bring a valuable and unique perspective to ARIN.

I was born in South America with Spanish as my first language. Today, I stand before you as both an Argentinean citizen and a Canadian citizen, fluent in English, and with a career spanning across four continents. My background is a blend of technical expertise and business acumen. I hold a degree as an electronic engineer and an MBA, providing me with a solid foundation to understand the technical and the strategic aspects of ARIN’s work.

Over the past two decades, I’ve dedicated my career to the nonprofit sector, following earlier experiences in business, government, and entrepreneurship.

This diverse career path has given me a comprehensive view of how different sectors approach and utilize Internet resources. I can provide for ARIN in the following ways:

Global perspective. My international experience will be invaluable as ARIN navigates global Internet governance issues.

Bridge builder. My multicultural background positions me as an effective communicator and mediator among diverse stakeholders.

Innovation and growth. My blend of technical knowledge, business acumen, and nonprofit experience will help ARIN innovate while staying true to its core mission.

Expanding reach. I’m passionate about expanding Internet access and can bring insight from developing regions to help ARIN support Internet growth across our entire service area.

In conclusion, I stand before you as someone deeply committed to ARIN’s mission. My unique experiences and perspectives can help ARIN continue to grow, adapt, and lead in an ever-changing digital world.

Thank you for your consideration. I look forward to the opportunity to serve ARIN and our community.

Chris Tacit

Announcer: The next candidate for the ARIN Board of Trustees is Chris Tacit.

Chris Tacit: My name is Chris Tacit, and I’m seeking reelection to the ARIN Board of Trustees. For those of you who don’t know me, I’m the founder of Tacit Law, a boutique Canadian law firm. Our practice areas include information technology, Internet and communications law, as well as corporate governance.

I’ve been involved in the ARIN community since 2010. I’ve served on the ARIN Advisory Council for nine years, starting in 2014, and was a mentor to participants in the Fellowship Program during that period.

I’ve also served on the AUP, Nominating, and Grant Selection committees. I’m now a member of the Board of Trustees. I have significant corporate and Internet governance experience, which includes serving as a director on the boards of 10 organizations, some commercials and others not-for-profit.

I’ve held a range of offices, including chair, vice chair, and secretary, in a number of these organizations. I also recently completed the Director’s Education Program conducted jointly by the Rotman Business School of the University of Toronto and the Institute of Corporate Directors.

I’m currently waiting to receive my ICD.D designation, which is one of the two most coveted director designations in North America. My education and experience in engineering, business, law, and governance provide me with a valuable set of skills for approaching my duties as an ARIN trustee.

If reelected, I will continue working diligently and in a collaborative manner for the benefit of the ARIN community.

My primary focus as a trustee will be on ensuring that, one, ARIN has the right processes in place for setting its strategic objectives so that it can continue to meet the evolving needs of its members and the broader community.

Two, the governance framework of ARIN continues to be strengthened to avoid any possibility of capture by specific interest groups.

And three, ARIN members are provided the information they need to understand how the Board governs the organization. Please help me to continue contributing to the ARIN community by voting for me in this election.

Thank you.

David Zumwalt

Announcer: The final candidate for the ARIN Board of Trustees is David Zumwalt.

David Zumwalt: Hello, ARIN community. My name is David Zumwalt, and I’m a candidate in the upcoming election to ARIN’s Board of Trustees.

I’m asking for your vote because telecommunications and broadband have been at the heart of who I am and what I’ve done throughout my professional life.

For example, I presently serve as President and CEO of WISPA, the industry association for hometown ISPs in the U.S. that are actively working to bridge the digital divide in their communities.

I previously served as COO for a midsized ISP with several thousand residential, enterprise, academic, and government subscribers.

Before that, I led a tech-centric economic development program in the Caribbean, a region largely dependent on tourism, and leveraged sub-c optical fiber to attract businesses which drove technology workforce development and diversified the tax base.

I also founded and expanded a software and engineering services company that supported the planning, implementation, and operation of mobile networks worldwide.

And along the way I’ve been active in tech accelerators, venture capital, and served on commercial and nonprofit boards.

I’m asking for your vote because I believe ARIN has a crucial role in facilitating everything the Internet makes possible and especially tomorrow’s innovations. My career experience might demonstrate that I’ve been active in and around the Internet industry, but my interest in serving on ARIN’s Board of Trustees and why I’m asking for your vote goes deeper.

I’m asking for your vote because I believe I can add value to ARIN and the community it serves. I have technical curiosity, take stewardship seriously, think long-term, and keep my commitments.

I’d be honored to receive your vote. But more importantly, I’d like to thank you for your consideration and all you’re doing to bring our future into focus.

Thank you.

Hollis Kara: This is going to be the world’s shortest break. Anybody need to stand up and stretch real quick before we go to the next set of — everybody real quick just shake it out. All right, we awake? Okay cool, here we go.

Next up — first of all, thank you to all of our Board of Trustees candidates. I do hope you will take time to visit the election website, check out the statements of support. Check out the candidate forum, it was a really great conversation with each of the candidates. But with that, we’re going to move on and hear from our candidates for Advisory Council.

Advisory Council Speeches

Lily Botsyoe

Announcer: The first candidate for the ARIN Advisory Council is Lily Botsyoe.

Lily Botsyoe: Thank you for the opportunity to speak today. My name is Lily Edinam Botsyoe, and I am a Ph.D. student in information technology, as well as an ARIN Fellow for both ARIN 51 and ARIN 54. As someone who has worked extensively in promoting digital inclusion, I understand the critical need to bring more diverse voices into conversations about Internet number resources, IP address management, and IPv6 expansion.

I believe this is an essential part of ARIN’s mission and the role of the Advisory Council to ensure the policies and frameworks that govern the Internet’s infrastructure are built inclusively, with input from a wide range of stakeholders. I have personally benefited from ARIN’s Fellowship Program and the valuable mentoring it provides.

Through the program, I gained insights into ARIN’s Policy Development Processes, and the support I received was instrumental in helping me navigate the complexities of Internet governance.

However, I believe there is an opportunity to strengthen pathways for sustained involvement beyond the Fellowship experience, ensuring that those who complete the program have more structured ways to continue contributing.

To address this, I propose the establishment of a ‘Youth Advisory Board’ within ARIN. This board would serve as a bridge between the mentorship program and more active, long-term involvement, giving Fellows and other young professionals an opportunity to shape policy recommendations directly.

It would provide a formal platform for younger participants to engage in ARIN leadership and the Advisory Council, helping to expand ARIN’s community engagement efforts and ensuring that emerging voices are heard.

This would complement the mentorship structure and further equip participants with the skills and confidence needed to contribute meaningfully to ARIN’s work.

Furthermore, my background in both technical and policy-driven roles, ranging from my work with the MANRS program in ISOC and ICANN to my academic research right now on privacy and cybersecurity, gives me a holistic perspective that aligns with ARIN’s goals. I am eager to contribute this knowledge to help strengthen ARIN’s Policy Development Process, ensuring it remains both responsive to the needs of the community and proactive in addressing the challenges posed by evolving technologies.

Ultimately, my goal is to support ARIN by fostering an engaged, diverse, and informed community that actively participates in shaping the future of the Internet.

By building this pipeline of new talent and diverse voices, we can ensure that ARIN continues to be at the forefront of Internet governance, while also reflecting the needs and perspectives of the global community.

Thank you once again for your consideration, and I look forward to the opportunity to work alongside you in driving ARIN’s mission forward.

Thank you.

E. Marie Brierley

Announcer: The next candidate for ARIN Advisory Council is E. Marie Brierley.

E. Marie Brierley: Hi, my name is E. Marie Brierley, and I’m a candidate for ARIN’s Advisory Council. I hold an MBA from Santa Clara University, and I’ve previously been a board director for Silicon Valley’s largest provider of mental health services, Momentum for Health.

So in 2011, I started my v6 journey at Cisco, and they asked me to lead their transition of cisco.com. And I thought to myself, ‘Well, if someone wants to tell me what that is, I’d be happy to do it.’ Here we are 13 years later, and I’ve had some great opportunities to develop obviously much more awareness of IPv6 and its role in the global Internet and as well as developing a relationship with ARIN.

I’ve had the opportunity to be a Fellow. I’ve been the very happy recipient of two rounds of ARIN Community Grant funds, which thankfully NIST offered to collaborate on my IPv6 research.

I’ve had the opportunity to blog for ARIN and for APNIC, and I’ve also been a presenter at APNIC. My focus is enterprise adoption of IPv6. It is obviously not going as quickly as we’d like.

My background is in enterprise systems, and so I believe that by developing decision-makers in the systems that recognize derived value from an IP address can be convinced to be stakeholders and advocates and, more importantly, sponsors for the v6 transition.

So I’d like to see my role at the ARIN Advisory Council as an advocate and strategy developer for accelerating the enterprise adoption of IPv6. I would very much appreciate your support and your vote.

Thank you.

Matthew Cowen

Announcer: The next candidate for the ARIN Advisory Council is Matthew Cowen.

Matthew Cowen: Good morning, good afternoon, good evening. My name is Matthew Cowen. I’m an independent consultant based in Martinique who works with companies around the Caribbean. I’m running for a position on the ARIN Advisory Council.

In 1989, while studying for a qualification in computing at what is now known as the University of West London, I managed to negotiate access to the U.K.’s university network, JANET, the Joint Academic Network.

From JANET, I figured out how to hop onto NIST and then onto the Internet proper. It changed my life, and from that single moment, I knew the Internet was where I needed to concentrate my studies and future work prospects.

I’m among the older generation of Internet users who used the Internet before the Web and HTTP, let alone HTTPS. This Internet was an open space waiting to be built, discovered, and leveraged by all.

Today, I’m standing as a candidate for a place on the ARIN Advisory Council, the American Registry for Internet Numbers. We’re at an inflexion point in the way the Internet will evolve.

More regulation is coming, and developments like the Global Digital Compact and the United Nations Pact for the Future will affect how the Internet will be used.

I’m here to put my time and effort into preserving what is good about the Internet: its openness, access for all, and other laudable goals, without being naive about the challenges of governance and future developments.

Being on the ARIN Advisory Council will allow me to participate in some small way and allow me to contribute to shaping the future of the Internet we want through participation in policy development and governance of Internet resources.

I believe I have the experience, knowledge, passion, and unique perspective of a European living in a Caribbean country that is both part of the EU and firmly Caribbean. As a member of the Advisory Council, I intend to make this unique perspective available to the ARIN community and beyond.

I would like to help build capacity in the French West Indies and drive more participation from a region that is not often present, primarily due to language barriers, by leveraging contacts with a large network of students, professionals, and officials in the ICT space. Whilst not strictly an Advisory Council task, I believe being on the Advisory Council will help facilitate this.

Thank you for your time. I look forward to your vote.

William Herrin

Announcer: The next candidate for the Advisory Council is William Herrin.

William Herrin: Hi, my name is William Herrin and I’m a candidate for the Advisory Council. If elected, I will act within reason to prevent edits to draft policy made without the consent of the policy’s original author.

The ARIN policy process is supposed to be bottom up, written by members of the community itself, not just by its representatives. If I can’t convince an author to agree to a change, it’s probably not a very good change.

As shepherds of the process, editing policy text over the author’s objection should be a last resort.

And if elected, I will do what I can to see that it is. Again, my name is William Herrin, and I hope to serve you on the Advisory Council.

Thank you.

Kathleen Hunter

Announcer: The next candidate for the ARIN Advisory Council is Kat Hunter.

Kat Hunter: Hello, everyone. My name is Kathleen Hunter, and I’m running for my third term on the Advisory Council. I would first like to take this time to thank everyone who has given me the opportunity to serve on the Advisory Council.

In my day job, I’m a number resource strategist for a large ISP. I manage the number resources from ARIN down to the edge customers for voice, video, and data at Comcast.

I’ve been involved in assisting our security and business teams on issues involving SWIP, fraud, and geolocation.

In addition, I have experience working with our RPKI teams and continue to do some work with the international registries.

During my first term on the Advisory Council, I shepherded policies from proposal to adoption. The last few years I transitioned away from shepherding policies into the role of the vice chair, and now chair, where I’m involved with working groups and the Fellowship Program.

As chair, I assign policies to shepherds and assist with meeting planning and running our monthly meetings.

In addition to my Advisory Council role, I volunteered as part of the Grant Selection Committee several times and the Acceptable Use Policy Committee for PPML.

Over the last few years, the AC has worked diligently in cleaning up the Number Resource Policy Manual. We had a long period of time when we went virtual when we didn’t see a lot of new policy coming from the community. We took that opportunity to clean up years of cut-and-paste policy.

Now that we’ve pushed for participation, I’m happy to say that the policy submissions are now split about evenly between the community and the Advisory Council. I asked for greater participation during spring meeting and the community really came through and answered the call. If elected, I would continue to encourage community involvement in policy, whether it’s proposing new policies or feeling comfortable just coming to the microphone, raising a hand, or participating in the mailing list. The Advisory Council is way more effective when we receive participation from a large set of the community.

I know it’s super hard to tell, but I love what I do on the Advisory Council and would like to continue the work we’ve started.

My record will show that I’ve always taken the community’s interests in mind when voting on policy and plan to continue this in my upcoming term. I still continue to support meaningful justification for IP space without impeding business.

There are parts of the community that may still feel they need a voice, and I encourage you to be part of our meetings and mailing list.

If you ever have questions, please feel free to reach out to me through my ARIN email or in the hallways.

Thank you again for putting your trust in me, and I would appreciate your vote for another term.

Andrés Mayhew

Announcer: The next candidate for the ARIN Advisory Council is Andrés Mayhew.

Andrés Mayhew: Hello, my name is Andrés Mayhew, and I’m a candidate for the Advisory Council for ARIN. I have well over 25 years of experience in Internet space, having registered my first domain and applied for a Class C IP space by going to the library, finding a book, finding the forms in the back of the book, and faxing in those forms.

Things have changed radically since those days, and I think that’s great. I look forward to advising the Board and to ensure that we keep an open and free Internet such that constraints of IPv4 do not constrain the usage to just the large players and large industry, hoping that we can increase our education outreach such that IPv6 becomes more and more of a reality so that we can get away from those constraints.

Appreciate your consideration and your vote.

Thanks.

Daniel Schatte

Announcer: The next candidate for the ARIN Advisory Council is Daniel Schatte.

Daniel Schatte: Hello. My name is Daniel Schatte, and I’m the vice president of network operations at Charter Communications. I’ve been at Charter and in the networking industry for over 17 years now. My current responsibilities include IP address management, IPv6 strategy, automation, and architecture over IP and optical networks.

It’s been a privilege to serve on the Advisory Council for the last year to complete out a vacant seat with a one-year term and I’m now seeking the community support for reelection for a full term in which I can continue to shepherd current and future policy proposals through the Policy Development Process.

As part of my IP management and IPv6 strategy responsibilities at Charter, I must ensure that the policies in which we apply within the company are sound, have the proper support, feedback, and buy-in from the business units.

This translates to how justification is completed for new assignments, deployment practices, and numbering policies to effectively utilize space. This has translated well for my time on the Advisory Council, because I’ve been involved with the policies which the community has suggested and ensuring that the community’s feedback is heard and incorporated into the proposed policy.

I’m a proponent for IPv6 adoption within the Internet ecosystem, as well as a proponent for the adoption of RPKI and securing the prefixes routed across the Internet. I’m happy to share insights and lessons learned through our deployments to members of the community at these policy meetings, during round tables, or engaging in hallway conversations, as this often aids in discussion around policy suggestions that you, the community, might have.

In conclusion, I wish to continue to serve the community as a member of the Advisory Council for a full term.

Please consider my candidacy with your vote, and feel free to stop and talk to me throughout the course of the meeting.

Thank you.

Alicia Trotman

Announcer: The next candidate for the ARIN Advisory Council is Alicia Trotman.

Alicia Trotman: Hello, everyone. My name is Alicia Trotman. I’m an independent telecommunications consultant with over 20 years of experience in the industry. I was first elected to the ARIN Advisory Council in 2018, and I’ve served on the Advisory Council for the past six years.

Throughout my journey on the Advisory Council, I have shepherd and co-shepherd numerous policies. I have served on the Policy Development Process Working Group, and this ARIN 54 meeting I’ll be co-hosting a table topic on Policy Authors and Participation in the ARIN Policy. So look for me during lunch, and let’s have a chat over some good food.

One of my favorite contributions to the community is being a Mentor to our ARIN Fellows.

This is my fourth year being a Mentor. The Fellowship Program has been an integral part of ARIN’s development, as quite a few of the past and present ARIN Advisory Council and Board members have passed through the Fellowship Program. I can say every year this program gets better and better.

I am confident that with your support we can continue to create policy solutions that benefit everyone. I want to make sure that our Advisory Council truly reflects the diverse voices within our community and that everyone feels heard and valued.

To everyone who has voted for me in the past, I would like to say thank you, great job, let’s do it again. But seriously, I want to thank the entire community for giving me the opportunity to serve.

Thank you for your time, and I hope to earn your vote.

Chris Woodfield

Announcer: The next candidate for the ARIN Advisory Council is Chris Woodfield.

Chris Woodfield: Hi. I’m Chris Woodfield, and I’d appreciate your giving me an opportunity to continue to serve the community as I run for reelection to the ARIN Advisory Council.

During my tenure on the AC, I’ve authored or coauthored 10 policy proposals, of which four have been implemented into the NRPM after a successful Policy Development Process, and I’ve shepherded numerous other policy proposals submitted by the community through this process.

Several of my own submissions were developed through my membership in the AC’s Policy Experience Report Working Group, to which I’m grateful for the collaboration opportunity with my colleagues that produced these policies.

I’ve been in the network industry for over 25 years now, with tenure at a number of large-scale ISPs and over-the-top content providers. And in my time, I’ve dealt with a wide range of engineering, operational, and policy challenges that inform my experience with address management, including IPv4 conservation and planning, IPv6 planning and deployment, global-scale BGP operations, and network automation, among many other aspects of keeping my part of the Internet up and running.

I hope to continue this experience forward in a spirit of service back to the community if I were to be reelected. It’s no question, the last few years have seen some major evolutions in this field, and I don’t expect the next to be any less exciting.

We’ve seen entire cottage industries come into provenance around IP address resource management, transfers, acquisitions, brokers, and address lease providers, among others, and as we move further into what I call a post-scarcity era for IPv4 address resources, I expect to see policy evolution to reflect the community’s needs for these services balanced against the operator community’s needs.

I also expect further pushes to remove roadblocks, whether they’re real or perceived, to continued IPv6 adoption, helping to guarantee that the Internet remains a model of scale and stability as the world continues to move more of its work and play online.

I also see and welcome continued momentum towards the adoption of RPKI to enhance routing security and would love to support policy where appropriate to encourage community members to maintain ROAs for their resources to continue and improve the Internet’s safety and security.

I hope to build my experience here on the AC, and in the industry in general, to help guide policy that makes all of our professional lives easier, helping to remove ambiguities where possible and promoting clear, consistent policy that eliminates corner cases and, in general, can always be a little bit less opaque.

As a founding member of the AC’s Policy Experience Report Working Group, I’m particularly well positioned to help drive policy that addresses lived experiences of community members with their interactions with ARIN and move the largest pain points from triage to policy-based solutions.

In conclusion, I’m grateful for the nomination and having been given the opportunity to serve you in the past and hopefully to continue to do so in the future. I believe I have a lot to offer this community.

And if you agree, I’d very much appreciate your vote. Thank you.

Hollis Kara: Everybody hanging in there?

We’re in the homestretch.

Thank you to all of the candidates who are standing for election for the Advisory Council. Really appreciated hearing from you. And again, I do advise folks to check out the Statement of Support site and take that information in when making your decisions.

All right, so, next up, we have the NRO NC, last but not least.

NRO NC Candidate Speeches

Andrew Gallo

Announcer: The first candidate for the NRO Number Council is Andrew Gallo.

Andrew Gallo: Greetings, ARIN 54. My name is Andrew Gallo, and I am running for one of ARIN’s seats on the Number Resource Organization’s Number Council.

I want to serve on the NRO NC to continue my involvement with Internet governance. I have been a member of the MANRS Steering Committee since its inception in 2020 and have participated in several routing security activities, including a NIST effort to develop routing security guidelines.

I have contributed to industry publications, including the Broadband Technical Advisory Group’s Security of the Internet’s Routing Infrastructure and Juniper’s Day One: Developing BGP Routing Security.

I have participated in the FCC’s Communications Security, Reliability, and Interoperability Council. I have also participated in some FCC’s comments for proceedings dealing with the classification and regulation of the Internet, commonly referred to as ’Network Neutrality,’ as well as its recent Notice of Inquiry and Notice of Proposed Rule Making concerning routing security. But more than just routing security, I’m interested in global Internet governance in a constantly changing environment.

The Internet is recognized as critical infrastructure, and governments around the world are taking a closer look at Internet governance and operation.

I see a need for harmonization of some of the activities of the RIRs and LIRs, but this isn’t to say we should adopt a top-down approach for number resource policy. But as the RPKI has brought the RIRs closer to network operations, having some consistency with, for example, APIs or common definitions of terms would be helpful.

I would like to use my experience, both in network engineering and operations, as well as my policy experience, to represent the ARIN region and contribute to the work of the NRO NC.

Thank you.

Frank Petrilli

Announcer: The next candidate for the NRO Number Council is Frank Petrilli.

Frank Petrilli: Hello, folks. I’m Frank Petrilli, and I’m honored to speak to you today as a candidate for the ARIN NRO Number Council. Throughout my career, I’ve been committed to effectiveness and resiliency, from launching my own one-man start-ups to taking on leadership roles at Google.

During this time I’ve had the pleasure of working alongside engineers at organizations like Apple, ByteDance, and Verizon. My passion for advancing Internet accessibility and infrastructure resilience drives my desire to serve in this role with ARIN.

In my journey, I’ve navigated both technical and operational realms, giving me a unique hands-on perspective to the challenges our community faces.

These experiences have informed my belief that policy must be rooted in real-world understanding.

It’s essential that the decisions we make are not just theoretical but practical and actionable for the organizations that rely on ARIN’s resources. Our policy should empower them to thrive. What sets me apart as a candidate is my diverse experience across our industry, similar to Chris Quesada’s.

I spent time in nearly every facet, from cloud services to service providers and cellular networking. I’ve dug trenches and buried fiber, climbed towers to hang eNodeBs, and architected complex Kubernetes containerized NFV stacks for 5G networks.

My career has taken me through capacity planning, managing teams of senior engineers and even presenting to Fortune 500 boards. Each role has developed my understanding of our industry’s intricacies. Bringing these varied perspectives to the ARIN NRO NC is crucial.

I aim to drive high-level policy, while ensuring it’s informed by the realities faced on the ground. I know firsthand what it’s like to hang off a tower, to curl up in a basement with a console cable at midnight, or to debug a complex networking issue under pressure.

I’ve painstakingly impedance matched PCB traces, written cycle counted DSP code, and managed some of the world’s largest Kubernetes clusters.

These experiences give me insight into how our decisions resonate throughout the industry. I’m committed to ensuring that ARIN continues to evolve alongside our rapidly changing landscape.

Together, I believe we can enhance our policies to not only meet today’s needs but also anticipate tomorrow’s challenges.

I believe that by fostering collaboration and dialogue within our community, we can drive innovation and resilience in our Internet infrastructure and ensure equitable access to the Internet for all.

Let’s work together to build a stronger, more accessible, and resilient Internet for everyone.

Thank you for your consideration of me for the ARIN NRO Number Council.

Amy Potter

Announcer: The final candidate for the NRO Number Council is Amy Potter.

Amy Potter: Hi, my name is Amy Potter, and I’m running for a position representing ARIN on the ASO Advisory Council. My experience serving the ARIN community, as well as my professional and educational background, make me uniquely well-suited to serve ARIN in its open seat on the ASO AC.

The role of the ASO AC includes global policy development. Now, this is not a matter of passing policy edicts from on high. Under the ASO MoU, global policies are Internet number resource policies that have the agreement of all RIRs according to their policy development processes.

Now, this requires coordination with the individual RIRs in their communities and an ability to work within each RIR’s PDP. Now, I spent almost a decade facilitating policy development within the ARIN region while serving on ARIN’s Advisory Council as the co-chair of the PDP Working Group and was heavily involved in writing the current version of ARIN’s Policy Development Process, but I’m also familiar with the other regions as well.

I’ve attended in-person policy sessions at each of the five RIRs, and for many of the RIRs I’ve been attending their meetings for many years and am quite familiar with their unique cultures and structures of developing policy.

So I believe I’m well-qualified to the work of global policy development. Another major thing that the ASO AC is working on right now is reviewing and updating ICP-2. ICP-2 is the document that sets out the criteria for establishing new RIRs.

Now, this kind of work falls well within my wheelhouse. I have a law degree from Notre Dame, and I’ve spent my career doing business development in various capacities. I currently lead IP address acquisition at Amazon, and in the past I’ve helped to build and develop IP address brokerages.

All of these roles heavily involve reviewing, negotiating, and recommending revisions to the language of various documents, most of which contemplated the role of RIRs in the Internet ecosystem.

Working on something like ICP-2 not only requires the ability to wordsmith language to achieve your desired goals, but it also requires you to understand the broader context in which you’re working. And in this case that context is the RIR system.

I’ve been heavily involved in the RIR world for many years, from my work on ARIN’s Advisory Council, to actually using the services of each RIRs in a professional capacity, to participating in conferences and talking to the members.

It’s all given me insight into the functioning of RIRs and their essential role within the Internet ecosystem. I think my extensive experience of the types of work that the ASO AC does, as well as my understanding and familiarity with the broader ecosystem, would make me an asset.

So I ask for your votes to represent ARIN for their position on the ASO Advisory Council.

Thank you.

Hollis Kara: All right, everybody. Thank you so much. This concludes our block of candidate presentations. We are actually going to go on break a few minutes early here.

So it is 2:48, we’re going to cut the break short by 10 minutes in order to leave as much time as possible for our afternoon policy block, with hopes of still getting out of here relatively close to 5:00. So with that, yes, please do go out and enjoy the break and we will see you back promptly at 3:20.

If I could get the floor mic, I have a reinforcement.

John Sweeting: John Sweeting. Just want to make sure you’re back in at 3:20 so that we can start precisely at 3:20 on policy that we had to stop a little early on this morning.

So we’re going to start right at 3:20. So please be back at 3:20. Thank you.

Hollis Kara: So what time are you guys going to be back?

From the Floor: 3:20.

Hollis Kara: Thank you, everyone. Enjoy the break.

(Break)

Hollis Kara: Is it really that time? I guess it is. Okay. Thank you, everybody, for coming back promptly at 3:20. I’d like to remind you that you have brought this upon yourselves.

We are going to proceed with the largest policy block I’ve ever experienced in my 17 years with ARIN, so congratulations to you all on that. And we’re going to do it by changing things up just a tiny bit from this morning.

For our draft policies, we’re still going to present on those. The shepherds are going to pose the questions they want to hear back from you on. But we’re asking that the answers to those questions, unless there’s something that is absolutely urgent be said in the room, that you take those responses to the PPML and carry on that conversation there because we are early in the development process on those particular policies.

So there is time for those conversations to happen. They don’t necessarily have to happen in this room. I’ve heard from a few people they really, really do want to go to the Hockey Hall of Fame tonight.

To make sure we can do that, that’s how we’re going to handle the draft policies. Everything will continue as normal with recommended policies.

So everybody clear on that one? We good? Can I get a thumbs up? Okay. Thank you.

We’re going to proceed, like I mentioned. First up is going to be Gus Reese. Gus, if you want to come up. Gus is going to come up, and he’s going to present on Draft Policy 2024-1. And this is the definition of Organization Identifier, or Org ID. We’ll give Gus a minute to walk.

Policy Block 2

Recommended Draft Policy ARIN-2024-1: Definition of Organization ID/Org ID

Gus Reese: Well, good afternoon, everybody.

A little bit of a small crowd in here.

So we’ll start off with the Recommended Draft Policy ARIN 2024-1: Definition of Organization ID. All right, the problem statement. This arose from the NRPM Working Group that determined that a definition of Organization Identifier should be included in the NRPM to add clarity to the term and unify some of the references and match the use of that term in other ARIN publications such as ARIN Online.

So the proposed text that made it into this Recommended Draft Policy for Organization Identifier is “an Organization Identifier, or Org ID, is an identifier assigned to a resource holder in the ARIN Registry.”

And a statement of conformance was submitted after it went to Recommended Draft Policy there.

If adopted, it will add clarity to the NRPM by providing a clear definition of Organization Identifier in Section 2.18. It is fair, impartial, technically sound and has received support from the community.

And a brief history of this. It was given to the AC as a proposal on December 18th of last year. It moved to a Draft Policy on January 31 this year.

It was revised in early February, and it was presented at ARIN 53. And shortly after that meeting it went to a Recommended Draft Policy.

The Staff and Legal came back on the first of May of this year. And you can read it right there. There’s no material legal issue. Estimated time frame is about three months to implement there.

Okay. So here’s a little wrinkle that came into this Recommended Draft Policy or after this policy was moved to recommended.

After it was moved to recommended, we had received suggestions to change the language, and that language proved to be more effective. And the proposed changes are here.

The requested changes are in red here. “An organization identifier is a unique text label assigned to entities that intend to participate in the Internet numbers registry system via ARIN registry services.”

This newer language has been shown to be more well received than the initial language. That was put through and recommended there.

Let me go back – well, let me finish this.

So when you are showing hands at the end of this, please remember, this is for the – this is not for the text on this. This is for the text that was put through in the recommended draft. Let me go back.

So you are showing support and/or no support for the statement of “An organization identifier is an identifier assigned to resource holders in the ARIN registry.”

So if you have or you lean either way, I would appreciate it. You can come to the microphone and express support for the language as it is written in the Recommended Draft Policy. You are not showing support for the language that came after the policy was moved to recommended there.

And the policy impact is pretty simple.

We’re defining the term “organization identifier” in the Number Resource Policy Manual which doesn’t currently exist. And that’s it.

So the questions for the community: Are you in favor or against the policy as written? Again, this was in favor of the initial language that moved to the Recommended Draft Policy, not the language in red on this slide here.

Hollis Kara: Okay. This is a Recommended Draft Policy. So the microphones are open.

Bill Sandiford: Start over here on the left-hand side.

Lee Howard: My name is Lee Howard. I’m with IPv4.Global by Hilco Streambank.

I oppose the proposed policy as written, both versions, because I think that the term “Org ID” is not used anywhere else in ARIN. I see the term “Org,” “Org name,” “handle” and sometimes “Org handle.” But I have no idea what an Org ID actually is.

I thought I did. Then I started looking at some Whois entries. What I thought was an Org ID is called a handle. So this doesn’t have any bearing on ARIN practice or procedure anywhere that I can find.

And if there are intended synonyms among these terms, that should be explicit and we should rewrite it so that it is.

Bill Sandiford: Thank you, Lee. Right side.

Kevin Blumberg: Kevin Blumberg, The Wire.

I don’t support this policy or the revision for very similar reasons, but one key additional point.

It should not be for the community to define the definitions of an external entity. It would be like us asking for the definition of ICANN or IANA. ICANN and IANA are perfectly suitable to make the definition of who they are.

If there’s a requirement for a definition from ARIN and they are the gatekeepers and the users of that definition, they should be providing that definition.

If we need to have that definition in the ARIN NRPM, it should be a straight copy from them, and we should not be creating definitions on the fly as a community.

Bill Sandiford: Thank you. Any online?

Hollis Kara: I don’t see any online.

Bill Sandiford: All right. Please come up to the microphone if you have a comment to add, adhering to Hollis’ earlier guidance as well. And we’ll give it another moment for online and then we’ll call the question.

Seeing nobody in the room, anyone online?

Hollis Kara: No one online.

Bill Sandiford: As this is a Recommended Draft Policy, I ask you to raise your hand nice and high and keep it up if you’re in favor of the policy as written. If you’re against, please raise your hand and hold it high. I’m bringing my sunglasses tomorrow.

You can put your hands down.

Gus Reese: Okay, if you want a joke, what is the scariest tree in the forest? Bam-boo!

(Laughter.)

Hollis Kara: Count faster, please. (Laughter.)

Gus Reese: Didn’t say it was going to be funny but just a joke.

Bill Sandiford: There we go. In the room, 101; remote, 62. Nine for, 32 against.

Thank everybody for your feedback. It will be given to the AC to take under advisement.

Hollis Kara: Wonderful. Thank you, Gus.

Thank you, Bill.

(Applause.)

All right. Here we go. Onward.

Kendrick Knowles, if you could come on down, we’d like to discuss Draft Policy 2024-6 – it’s really confusing having a number at the name of the title of a policy right after the number of the policy. This is 6.5.1a: Definition Update.

Draft Policy ARIN-2024-6: 6.5.1a Definition Update

Kendrick Knowles: Thank you very much. This should be a quick one actually. Kendrick, obviously I’m presenting this policy with my co-shepherd, Douglas Camin, who I would like to thank for all the help. We had a very healthy Table Topic discussion on this during lunch.

So Draft Policy ARIN 2024-6: 6.5.1a: Definition Update.

The current text of the NRPM defines a Local Internet Registry as an LIR that primarily assigns IP addresses to the users of the network services that it provides.

LIRs are generally Internet service providers whose customers are primarily end users and possibly other ISPs. The statement differs from the intention of Section 6.5.1a that allows Section 6 to use LIR and ISPs interchangeably. This proposal seeks to clarify the text in Section 6. That was a mouthful.

The ask is to change the text from “the terms ISP and LIR are used interchangeably in this document.” So the word “document” is key here. And “any use of either term shall be construed to include both meanings.”

Two, “the terms ISP and LIR are used interchangeably in this section, and any use of either term shall be construed to include both meanings.”

Timetable for implementation, immediate. We have some dates there.

So far we had some mixed views from the community. Primarily there are some views that the policy doesn’t speak to fixing the larger issue of definitions entirely as it relates to the distinction between a Local Internet Registry and an ISP.

And that’s it. So we have two very important questions at this point. Do you feel a policy change is necessary at this time? And should the Advisory Council continue working on this policy?

Bill Sandiford: All right. Microphones and online participation are open for Draft Policy 2024-6. Please come to the microphones. We’ll start on the left hand side of the room.

Dustin Moses: Hi, Dustin Moses from Intermax.

There comes a point in this section where it specifically says, these things are used interchangeably, ISP and LIR. Separately in this specific section of the document, I do not think that is valuable to have policy specifically saying only in this section are these similar. But then there’s very specific terms and conditions where ISPs and LIRs are different, especially in other sections like Section 4.

I don’t feel like this is helpful to make this distinction in this section, but rather give the actual definition that ISPs are, in fact, LIRs, that LIRs are not always ISPs.

So in this case by adding an explicit definition in one, it kind of makes it incohesive for the rest of the NRPM where we actually do have specific definitions for what an ISP is.

Bill Sandiford: Okay. Thank you. Right side.

Kevin Blumberg: Kevin Blumberg, The Wire.

This makes it worse. It doesn’t make it better. This is a draft, and I think you should take what the advice is, which is to deal with the bigger issue of LIR and ISP.

Globally, this is an issue, not global policy but within the other RIRs because the term “LIR” is actually used there. It is actually something that is done in other regions.

Staff can clarify, but I do not believe LIRs are utilized in the ARIN region in the way they’re utilized in other regions. LIR is not interchangeable in those regions. We say it’s interchangeable even though it’s never been used.

The reality is we should be removing the term “LIR” completely from the NRPM unless we plan to expand significantly the use of it, which I don’t believe is the case. It has never been used in our region, to the best of my knowledge. Thank you.

Bill Sandiford: Thank you. Any comments online?

Hollis Kara: Nothing online.

Bill Sandiford: All right. We’ll give it another ten seconds or so. If you have anything to add in the room, please approach the mics now. Online, please get it in quick.

Hearing or seeing none, the AC will take the feedback under advisement, thanks.

Hollis Kara: Thank you, Kendrick. Thank you, Bill.

(Applause.)

And I’m reminded to remind you now that we’re once again in the land of acronyms, that the acronym guide is available at the top of the meeting agenda if anyone needs it.

We try to avoid them. Everybody is cooperating to try to avoid them, but they’re kind of baked into the system. So if you’re unfamiliar with some of the terms, NRPM, that you keep hearing, you might find that handy.

Okay. Onward. I’d like to invite Liz Goodson to come up to the stage. She’ll be presenting Draft Policy ARIN 2024-8: Restrict the Largest Initial IPv6 allocation to a /20.

Draft Policy ARIN-2024-8: Restrict the Largest Initial IPv6 Allocation to /20

Elizabeth Goodson: 2024-8, Restrict the Largest Initial IPv6 Allocation to /20. I’m working on this with Gus Reese.

The Problem Statement is that the NRPM currently allows allocations up to a 16. However, IPv6 address only contains 65,000 /16s. So therefore a /16 is a sufficiently large portion of the IPv6 address space, that the goal of conservation starts to outweigh the goal of aggregation.

So the Policy Statement will change “In no case shall an ISP receive more than a /16 initial allocation” to “In no case shall an LIR receive more than a /20 initial allocation.”

You’ll see there are two very small and significant changes. So we change from an ISP to an LIR. And we change from a /16 to a /20.

This was proposed in May and went to a draft in June.

So the community feedback has been mixed. There have been two rounds of very robust discussion on the Mailing List. We also had a good Table Topic discussion at lunch today.

So I put a few quotes in here that were representative of what’s been going on in the Mailing List.

Top comment is basically saying that the policy is working as designed. There’s been one /16 allocation in over a decade. And other opinions were there are no scenarios in which anybody should ever need a /16 allocation. And there were a fair amount of people who said, well, let’s wait and see.

There was also some discussion about nibble boundaries. Basically we’d have to move from a /16 to a /20 because of our current policies around doing allocations on nibble boundaries. So there was some discussion about whether or not it made sense to move away from that.

The response was that there are some technical limitations and reasons why we would want to stick with nibble boundaries.

So the policy impact will obviously change the maximum allocation from a /16 to a /20.

I also put in here, and this looks a lot like what was on the previous slide, the definition of an LIR since this proposal would change the term “ISP” to “LIR.”

So there’s several questions on here, but I would actually kind of have you focus on the first one because based on the conversations at lunch today, you know, with the Table Topic, there was pretty clear, unanimous consensus that we should probably abandon this policy because there is not clear consensus from the community that this is the direction we want to move in.

If you look at the Mailing List, I would say that the feedback had been about 50/50. So I think that the AC would like a clear direction on whether or not we should continue to pursue this policy or not.

Hollis Kara: Awesome. Thank you, Liz. Come on up, Bill.

If anybody has any comments or questions on this one, now would be the time to approach the microphone.

Bill Sandiford: Microphones are open. Let’s start on this side.

John Brown: Abandon. John Brown, not affiliated with any logo. Comment: Abandon.

Chris Roosenraad: Chris Roosenraad, not affiliated, abandon.

Bill Sandiford: Kevin?

Kevin Blumberg: Kevin Blumberg, The Wire. Abandon, with one question.

Bill Sandiford: You had to, didn’t you, Kevin?

Kevin Blumberg: I absolutely had to. (Laughter.)

By putting ISP and LIR here what happens to the content networks that may need a /16 or a /20? Why aren’t we just using “organization” if we’re – I guess that’s a question for the room.

If we have gotten rid of the complexities of assignments and we’ve gotten rid of the whole concept of all of this, why are we stuck on these old words that are complicating and limiting people? But ultimately just abandon this. It’s working as intended.

Bill Sandiford: Thanks, Kevin. Anything online?

Hollis Kara: I do not see anything.

Bill Sandiford: Anyone in the room with comments, feel free to approach the microphone. Going once. Going twice.

Hollis Kara: Thank you, Liz. Thank you, Bill.

(Applause.)

Here we go. Moving on, Alicia Trotman coming up to present Draft Policy 2024-10: Registration Requirements and Timing of Requirements with Retirement of Section 4.2.3.7.2.

Draft Policy ARIN-2024-10: Registration Requirements and Timing of Requirements With Retirement of Section 4.2.3.7.2

Alicia Trotman: And I chose that name, so. So my name is Alicia Trotman. Myself and Daniel Schatte, we are the shepherds of this Draft Policy.

So the Problem Statement: This Draft Policy is an iteration of the abandoned policy that we had, ARIN 2023-4, which was abandoned earlier this year.

The Problem Statement basically says that the Draft Policy will eliminate the outdated term “SWIP” in Section 4 and simplify the language to use the term “directory services.”

The Policy Statement. The solution for this, there are quite a few sections that were changed. Firstly, the Draft Policy will retire Section 4.2.3.7.1 and combine it with the language in Section 4.2.3.7.2. And it will also change Section 6.5.5.1 to include IP version 6 relocation, and that is written here in this text.

In addition, the registration would be changed from seven days to 14 days.

The proposal was sent in on July 17th. The draft, it was accepted on the 20th of August, and it was revised with the change in the name because it still had the old name from the original policy and we felt that that would confuse the community. So we’ve changed the name to what it is now and that was revised on the 17th of September.

So we had a Staff and Legal done before the meeting, and it had some interesting recommendations.

I’ll give you a summary of the recommendations from the Staff.

So we updated Section 4. However, under Section 6.5.5.2, Reassignment Allocation, it’s recommended to update this to 14 days as well so that the reassignment/reallocation requirements of IPv4 and IPv6 are the same, because in this current policy, we’re not changing the requirements in Section 6.

In addition, currently we’re saying we’re going to update it from seven days to 14 days, but to stay with the consistency and best practices of the NRPM, it should be 14 calendar days.

Staff, they would implement it in 14 calendar days, but it would be good to be precise and state that within the policy.

In Section 6.5.5.1, the term “SWIP” and “fiduciary services” are still used while we’re changing that in Section 4.2.3.7.1. So to make it consistent between Section 4 and Section 6, they should also be updated to Directory Services.

This is Staff and Legal. Implementation as written, yes. The impact on ARIN Registry Operations and Services. None. There’s no material legal issues.

Implementation requirements to be staff training, updating to public documentation, updates to internal procedures and guidelines.

Community feedback. We’ve not gotten a lot of community feedback on this thus far. We were hoping to hear from the community on this today.

I’m just going to read out a little bit of the Policy Impact. This really summarizes what we’re trying to do with the policy.

It changes the title 6.5.5.1 to include IPv6 Reallocations. Section 4.2.3.7.2, Reassignments and Reallocations Visible Within Seven Days. That section is retired. It is gobbled up by Section 4.2.3.7.1.

In addition, this Draft Policy will lengthen the time to publicly report IPv4 reassignments or reallocations from seven days to 14 days.

So questions, do you support the policy as written? Should the Advisory Council continue to work on this policy. And a very important question, since you heard the Staff and Legal about the inconsistency between Section 4 and Section 6 that this would introduce, should the policy also include changes to Section 6 to align with the policy text in Section 4 as suggested by the Staff and Legal Review.

Hollis Kara: Good job, Alicia. You did it.

Bill Sandiford: Microphones are now open. Let’s start over here on the left side of the room.

Adair Thaxton: Adair Thaxton, Internet2. Could you repeat all of that?

(Laughter.)

I’ll just be unnecessarily picky about grammar because that’s what I do. The section that says “within 14 days” seems to me to be a misplaced modifier. I would recommend a “/29 or more addresses shall,” comma, “within 14 days” comma, “be registered via directory.”

Bill Sandiford: Right-hand side.

Kevin Blumberg: Kevin Blumberg, The Wire.

Changes like this is good, especially when new technologies are in use, et cetera. But the NRPM is about getting space, qualifications for space, and this is requirements for how we would then use the space after the fact in terms of registrations.

It was very important in prior days, with v4 runout, and it was a requirement to get additional space to do this work.

But I actually have a question for the wizard. What if I don’t do any of this? I don’t need more space. I don’t do any of it, what does it mean? Because this is putting a requirement on people where I’ve got an RSA and I don’t believe that this is a hard requirement in the RSA.

If you say in the RSA, you must follow policy, but if I don’t follow this policy, what does that mean?

Hollis Kara: Behold.

John Curran: The RSA contains language that says you have to follow policy. If you make policy, we enforce the policy you make, and that includes citing people and saying there’s a policy now that covers that, you need to comply with it.

Kevin Blumberg: I understand that. I asked the second part to it, which was what are the ramifications of not following this policy in the RSA? Because I don’t believe revocation of space, this would be a reason for revocation of space.

John Curran: We would literally seek the community guidance on that. Presently, we have told people that they need to comply with policy.

When someone cites an operational issue, someone has a defective RWhois server, for example, we say you need to remove it or fix it or do something, it’s an operational problem.

We get to tell someone that they have to comply, but we’re generally not driven to revocation unless it’s really causing a problem for someone. If you wish it to drive to revocation, please be clear in the policy. Please state that ARIN should conduct resource review or ARIN should contact the organization.

But we’re happy to enforce policy all the way up to revocation, as long as the policy is clear. I will tell you, do not put loaded policy in the NRPM unless you intend us to enforce it and tell us how.

Kevin Blumberg: Thank you. Based on the answer that was just given to me, I do not support this rewrite. I support the simplification in 2024 of registration requirements that were designed 20 years ago. So I do not support this policy at all.

Bill Sandiford: Thank you. Left side.

Lee Howard: Lee Howard. As an employee of IPv4.Global by Hilco Streambank, I congratulate you on the title of your draft.

(Laughter.)

I would like to also thank and congratulate you for removing an entire acronym from the NRPM. That’s fantastic.

As written, it looks to me like it says:

You must register the reallocation or reassignment in a directory services – I forget the exact language – as described in 3.2.1, which describes a distributed information system, which I take to mean something like RWhois, although we don’t do that anymore.

I don’t understand how – I think it’s intended to say you need to register your reallocations, reassignments in Whois, but I don’t read it that way as saying that’s what you need to do. I’d like to make sure that is clear.

I actually disagree with Kevin. I think that registering reassignments is important for contact information on who is using addresses both for resolving – mostly for resolving operational problems but also for demonstrating need if somebody does need additional addresses. That is still one of the things that ARIN will look at, is how the addresses have been reassigned to others.

Bill Sandiford: Anything online?

Hollis Kara: Nothing online, but I do see a gentleman with his hand on the confidence monitor.

John Curran: With respect to something, when you make a significant change in requirements for number resources, you are free to add suggestions for implementation.

So, for example, you can say, ARIN should encourage compliance with this new policy, et cetera, et cetera, but wait until or wait a period of 12 months for enforcement or wait until a certain date specific and come back to the community.

You are free to decide how to phase in a change to policy and suggest that, and it’s something that we do look at implementation notes if this is suggested for implementation.

It also may clarify in the community what the intention is for handling, much like when we talk about changing the Waiting List, everyone asks, well, what about the people out there?

If you suddenly make a policy registration requirement that’s clearer, that could be a good thing. But you may have a transition issue you want to address in an implementation note or implementation suggestion. That’s not binding.

I have to deal with the Board and the staff. It would help people understand how would this policy actually work as it’s being rolled out. So something to consider.

Bill Sandiford: All right. Thank you. We’ll close the microphones in the room other than those in the queue. Get your comments in online now if you need to.

Let’s go over here to the right side.

Mohibul Mahmud: Mohibul Mahmud, Microsoft.

I am an ARIN 52 Fellow. My question is on number three, which Alicia mentioned, like do other Internet registries have similar reassignment policies, sorry, timeline for both IPv4 and IPv6 resources?

And how about, how does ARIN’s approach compare? And are there plans to coordinate with other RIRs aligning reassignment policies globally?

Two-part.

John Sweeting: John Sweeting. We do not coordinate policy with other RIRs. Our policy is coordinated with the ARIN community, within the ARIN community. We just enforce that policy that is coordinated within the ARIN community.

There is no coordination among RIRs on policy.

Mohibul Mahmud: But do they have similar kind of policy, just to compare?

Bill Sandiford: They may. I’m not sure that –

John Sweeting: They may. I don’t follow – Eddie, do you have any idea?

You can see the policies that are similar, different between the RIRs on the NRO website.

There’s a document there. But we don’t follow that as an RIR staff. We listen to our community and do what our community says.

Bill Sandiford: Context to add over here.

Karla Skarda: Karla Skarda. I’m from APNIC. Just to echo what John was saying, the policies are actually proposed by people within our own communities.

This specific policy, we don’t have a waiting list. So we still have IPv4 available. So we don’t have a similar policy to this.

Mohibul Mahmud: Thank you.

Bill Sandiford: All right. Right side.

Gary Giesen: Gary Giesen, EGATE Networks.

I’m kind of curious about the rationale for the extension from seven to 14 days to SWIP or register your assignments.

Was that expected to increase compliance? Allow people to be lazier? I’m kind of curious, what was the rationale, if it’s known, for the increase? And do we expect better compliance? Worse compliance?

Bill Sandiford: A voice in my head is telling me that rationale is unknown.

Gary Giesen: So I would say, unless we actually have some idea whether that’s going to have some sort of positive effect, probably best to drop that part and just keep the current policy.

Or if you want to make a change, have some sort of enforcement mechanism.

Bill Sandiford: Gary, I see the left microphone has been stormed. Let’s jump over there for a second.

Kathleen Hunter: From what we had heard from a couple of Staff members. Oh, sorry, Kat Hunter, Comcast, and also ARIN AC.

There were some larger organizations that it took them some time to get all the registrations in, especially from multiple customers, and it was just to give them a little bit more time to get the registrations in. That was all it was for, to give them an extra week. That was what the original ask was. It seems like it’s kind of a weird thing.

But, yeah. Everybody has their own stuff they have to go through.

Gary Giesen: If the answer we think it’s going to increase compliance, I think it’s a laudable goal.

But that being said, I think the policy still needs some work. I think the changes should be made to Section 6 if the policy is going to go forward. I don’t think it should go forward as it is.

Bill Sandiford: Thanks, Gary. I think we have an online comment. Two. Let’s do those real quick back-to-back.

Hollis Kara: Sure.

Beverly Hicks: Michael Flowers, TDS Telecom. “Section 4 and 6 should be brought to the state of policy with the same wording. Section 2.3, Distributed Information Systems, doesn’t list a specific manner that needs to be registered. My assumption is that it was through the ARIN registry or the Whois database. It’s very unclear.”

The second comment is from Rune Stromsness – sorry if I mispronounced that – Lawrence Berkeley National Laboratory. “If this change moves forward, it should change Section 6 to align with the changes in Section 4.”

Bill Sandiford: Kevin, 30 seconds.

Kevin Blumberg: Kevin Blumberg, The Wire.

Lee brought up the best word that I could use to describe this “operational networks.”

With every business in the best practices of getting a /48, I’m not registering every business in my company. Same with /29s. Most of them are not operational networks. This policy, the whole SWIP concept needs to be brought into the 21st century. That’s the issue.

Bill Sandiford: Thanks, Kevin.

Everybody, thank you for your feedback. The AC will take it under advisement.

Hollis Kara: Wonderful, thank you, Bill. Thank you, Alicia.

(Applause.)

Okay. Alison, come on down. She’s scooting. This is Recommended Draft Policy 2024-9: Remove Outdated Carveout for Community Networks.

Recommended Draft Policy ARIN-2024-9: Remove Outdated Carveout for Community Networks

Alison Wood: Thank you to my esteemed co-shepherd chair Alicia on this.

We’ll talk quickly about removing community networks from the NRPM. So Section 2.11 defines a community network as – the purpose of it is to provide free or low-cost Internet connectivity to a community.

There was a special dispensation that was made for community networks. In 2017, it was changed so that a community network could apply for, if they met the requirements, for a /40 of IPv6 space. But in, I guess, 2017, the smallest amount of v6 space you could get was a /36. So a /40 was something that would definitely work for a small community network.

However, in 2020, ARIN changed the policy so that anyone could apply for a /40, making applying for a community network much more difficult than just applying as an LIR to get a /40. So it has now made community networks harder to apply for for no additional benefit.

There we go, retiring Sections 2.11 and 6.5.9, effectively removing community networks from the NRPM.

There it is again. So perfect. So here is kind of just a summary of what I spoke about. It’s just removing the special carveout for community networks that is factually no longer needed.

Staff and Legal Review. We had this done. Staff agreed that community network policy is somewhat confusing to the community, using a different term for community, and really no longer needed anymore.

So here is the Staff and Legal policies and review. All right. So this is implementable as written. There’s no legal issues with this. And the time frame to implement is approximately three months.

I would love to hear from any community network users out there, love to hear your opinion on this.

All right. So when I did put this out on PPML, there was just agreement for sunsetting something that has not been used in quite some time.

And again Policy Impact. This is just a little bit of a confusing situation. We use the word “community” kind of interchangeably, but this is just referring to a community network providing free or low-cost Internet access.

This special carveout was kind of put in place knowing that community networks had low budgets, and so we were trying to accommodate that aspect of our community.

This is in recommended draft state. I’d love to know, number one, if you are representing a community network and if you support this policy as written.

And I spoke really fast, so I’m very sorry to my Oregon friends over there.

Hollis Kara: Thanks, Alison.

Bill Sandiford: Microphones are now open.

Hollis Kara: Virtual participants, feel free to start typing.

Alison Wood: Kevin, match my pace running down to the microphone.

Kevin Blumberg: No chance. Bad knee.

Kevin Blumberg, The Wire. Support as written. Fully support as written. ‘02, ‘22, 2017, remove community network, section, section.

I asked for this seven years ago. It is not a policy. In fact, I think this policy makes it harder for community networks to get space because they have to go through extra hoops for policy that is not used by Staff.

So this actually makes it worse for community networks rather than better. So support 100 percent.

Alison Wood: Thank you very much. I’m in 100 percent agreement. It is much more difficult for them to apply for community network status as opposed to just a regular /40.

Bill Sandiford: Any comments online?

Hollis Kara: I see none.

Bill Sandiford: Nobody online, nobody else storming the microphones, we’ll give you a few moments, give the folks online a chance. Here we go, right side microphone.

Mohibul Mahmud: Mohibul Mahmud, Microsoft. I was an ARIN 52 Fellow.

I’m not from a small network, but I have a question. How is ARIN planning to handle the transition for community networks that currently benefit from the carveout?

Alison Wood: Absolutely. They’ve been assigned a /40 as a community network. That will remain. They have obtained that /40.

Moving forward, any LIR can apply for a /40. That’s the minimum allocation. There’s no change to current community networks. They’ll just continue on with the /40 that they obtained previously and operate the same as any other LIR with the /40. Thank you for coming to the mic.

Bill Sandiford: Anyone online?

Hollis Kara: Nada.

Bill Sandiford: Since this is Recommended Draft Policy, asking those who are in favor of this policy to raise your hand very high now, please, so the tabulators can see it. And those online, I’m assuming you have your poll.

Alison Wood: Tell me, what did one OSPF router say to another OSPF router?

From the Floor: Hello.

Alison Wood: Oh, you guys have heard this one.

What do you call a group of network engineers?

From the Floor: An outage.

Bill Sandiford: For those who didn’t hear, the answer was an outage.

Alison Wood: An IPv6 walks into a bar.

From the Floor: No one talks to him.

Alison Wood: Oh, my God.

John Brown: Are we allowed to comment on this?

Why was the mobile phone wearing glasses?

Because it lost its contacts.

Bill Sandiford: Those against the policy, please raise your hand high now.

Adair Thaxton: What’s a pirate’s favorite type of meeting? A webi-narrrr.

Bill Sandiford: Are we good?

From the Floor: What’s a pirate’s favorite letter?

Alison Wood: R.

From the Floor: C.

Hollis Kara: Please count faster.

Alison Wood: A TCP packet walks into a bar and orders a beer, what’s the bartender say? You want a beer? What’s the TCP packet say? Yes, I want a beer.

I like the act better. That’s way funnier.

At least you guys didn’t know that one.

Hollis Kara: Good job, Alison.

Alison Wood: I probably should have thought it through a little better.

From the Floor: Can I get you a CNAC?

Bill Sandiford: Can I get you a CNAC. That would be a good one.

Alison Wood: I want it neat.

Hollis Kara: Walk faster, Jennifer. Come on. I can’t take it anymore.

(Laughter.)

They’re killing me.

Bill Sandiford: What did the ARIN host say to the other? Count faster.

All right. In the case of Recommended Draft Policy 2024-9, 101 in the room; 59 remote. 59 for, two against. Alison will take this feedback back to the AC for their guidance. Thank you.

Hollis Kara: Thank you, Bill and Alison.

And thank you, audience, for all your assistance.

(Applause.)

I’m living to regret the point that dad jokes entered the chat. Okay.

Next up, Chris, where are you, buddy? There you are. Chris Woodfield, come on down. We’ll talk about Recommended Draft Policy 2023-7: Clarification to NRPM Sections 4.5 and 6.11, Multiple Discrete Networks.

Recommended Draft Policy ARIN-2023-7: Clarification of NRPM Sections 4.5 and 6.11 Multiple Discrete Networks

Chris Woodfield: Hello, everybody. I’m Chris Woodfield. I’ve been working on this policy along with my colleague, Liz Goodson, who you saw earlier today.

Recommended Draft Policy 2023-7: Clarification of NRPM Sections 4.5 and 6.11, Multiple Discrete Networks. Still longer than IPv4.Global by Hilco Streambank. Okay.

Our Problem Statement here is mainly style. Sections 4.5 and Section 6.11 of the NRPM does not adhere to the style guide used by the remainder of the document for largely historical reasons.

The numbered lists in these two sections also detracts from the readability and usability of the NRPM. A hard agree. So apologies for small text, but this is quite a bit of policy here in a not terribly well-organized state.

So I will let this on screen for a little bit before going to the next – on to the next page. Even more small text.

What you’ll see, when we move from this to the proposed text that very little of the actual text has changed. What has changed is how it is organized.

So if we move along on to the proposed text, you’ll see that we’ve got some embedded criteria that I’m not usually a fan of bullet points but here they make a whole lot of sense.

We went from 10 numbered items to five. And as a side effect of making these two sections conform to current style standards, we were able to make the similar language in Sections 4 and 6 much more homogenous and readable, as well as duplicating language where possible. You’ll see the current 6.11 already has the more updated style.

So we didn’t have to make a whole lot of change here. This is the current. And then on to the proposed new text.

Again, very little has changed from the language. I consider this almost an editorial policy. With immediate timetable for implementation.

This has a history. It was presented at the last ARIN meeting actually as a Recommended Draft Policy. Based upon the feedback, we determined that the amount of changes requested were a bit more than the AC was comfortable with changing in RDP state. So it was actually moved back to a Draft Policy, changes were proposed and then promoted back to Recommended Draft Policy, which is where it sits today.

The most recent promotion are substantive performance that is based on AC feedback and discussion.

We have promoted ARIN-2023-7: Clarification of NRPM Sections 4.5 and 6.11, Multiple Discrete Networks to Recommended Draft Policy.

This Draft Policy is fair, impartial and technically sound and it will add clarity and readability to the NRPM sections being updated by this proposal.

Here’s the timeline. You can see it was – this harkens back to August of 2023, accepted from draft, revised, promoted to recommended draft, reverted back to draft, revised two more times, and then sits here as a Recommended Draft Policy.

Staff and Legal Review: Staff understands this policy corrects and reorganizes the numbered bullets. Additional edits were made to include allocation which did not exist in the original text. This reflects ARIN’s deprecation of assignment that you’ve seen in other Recommended Draft Policies that were presented earlier today.

ARIN staff made several minor editorial suggestions, which at this point have been integrated into the latest revision of the policy. So the things you see here are, in fact, in the policy text I presented a few slides ago. Implement as written, yes. No impact. No material legal issue. And the standard time frame estimates, requirements. Otherwise, Staff and Legal is happy with this one.

Community feedback: Initial PPML feedback, generally positive. No apparent lack of support. As I mentioned at ARIN 53, there was many suggestions to revise the formatting further, which we took under advisement, as I mentioned taking it back to Draft Policy in order to do that.

New version published to PPML. No additional feedback was received after those revisions. So, as such, we’re going to look to the reactions in this room as our primary signal of continued community support.

One mention in the Policy Impact is because we are not using the word “assignment” in this policy, that is anticipating the adoption of ARIN 2022-12, which also deprecates the term “assignment.”

There were some open questions as to any potential knock-on impacts of this. There may be slightly less clarity, but operationally, we were advised that that did not create any material issues here.

We’d like to remind you that policies should be considered independently. We do believe this policy can stand on its own.

So our single question for the community is: Do you support this policy as written? Thank you.

Hollis Kara: Thanks, Chris. Here comes Bill. If you have comments or questions on this policy, please approach the microphones.

Bill Sandiford: Microphones are open. Let’s start on this side.

Andrew Dul: Andrew Dul, 8 Continents Networks, multiple discrete networks guy. I approve of the rewrite. Thank you.

Bill Sandiford: Thank you, Andrew. Very succinct.

Gary Giesen: Gary Giesen, EGATE Networks.

I support the policy as written and any further attempts to clarify and simplify the NRPM.

Bill Sandiford: Thank you, Gary. Short and sweet. Kevin?

Kevin Blumberg: Kevin Blumberg, The Wire.

I support the policy as written. The only thing I would ask is do an extended Last Call because I don’t know how many MDN networks are in this room.

I think these changes are good, but it’s a very wholesale change and cleanup and possibly an extended Last Call would be helpful to make sure that all MDNs are able to view this. Thank you.

Bill Sandiford: Noted. Thanks, Kevin. Again to the right side, Jonathan.

Jonathan Stewart: Jonathan Stewart, Manitoba Internet Exchange. I just have a question out of ignorance. You sort of referenced that this new style adheres to like some kind of style standard or style guide. Is that a formal thing that exists, or is it just this is the style that you will observe elsewhere in the NRPM?

Chris Woodfield: We do have a style guide that we refer to. I believe it is a public document.

John Sweeting: Hollis should chime in here since she’s responsible for the ARIN Style Guide as the Director of Communications.

Hollis Kara: We do have a style guide. I don’t know that our word list is available directly, I would have to go and take a look. But we do have a style guide that we use across all of the content in the organization, and we’re trying to, where possible, give some guidance or at least suggestions to the Advisory Council so they can bring terminology and language usage in line with how things are discussed elsewhere in documentation so that there is kind of uniformity.

Jonathan Stewart: That sounds good. It’s not like a public published document?

Hollis Kara: I would have to look. I think you can reach that. I don’t want to say that until I check. But I don’t want to sit here and Google while you’re standing at the microphone; that feels weird. I’ll get back to you.

Jonathan Stewart: Sounds good. Clarification is always good. I just wondered if there’s something we’ll reference in the future when making other policy changes; it follows the style guide, that’s good.

Hollis Kara: I believe Eddie points it to them. It’s internally shared, and I think he shares that with the AC when they do the wordsmithing on their side.

Jonathan Stewart: Thanks.

Bill Sandiford: We’ll close the microphones in the room. Anything online?

Hollis Kara: Nothing online.

Bill Sandiford: All right. Recommended Draft Policy 2023-7, all those in favor, please raise your hand high now.

Chris Woodfield: What do you call a network engineer who has never caused an outage?

From the Floor: Liar.

Chris Woodfield: The new guy.

From the Floor: Or girl.

Chris Woodfield: The new person.

Bill Sandiford: Thank you. All right. Those against, please raise your hand high now.

Hollis Kara: Do y’all want a remote joke while we’re talking? I want to give our virtual participants a chance to participate. Matthew Cowen submitted it earlier. “I’d like to tell you a UDP joke, but you might not get it.”

(Laughter.)

From the Floor: I’ve got one. What did the Buddhist say to the hot dog vendor? Make me one with everything.

Robert Seastrom: So since someone told a UDP joke, I’d like to tell a TCP joke. But at least

I’ll know if you didn’t get it so I can tell it again a couple times, slowly, and then I’ll back off.

(Laughter.) (Applause.)

John Brown: Why did the computer go to the dentist? To get his bluetooth checked.

Bill Sandiford: You can save it for the next session. We’re tight on time.

In reference to Draft Policy 2023-7, Recommended Draft Policy: 101 in the room; 51 online.

51 for; zero against. Thank you very much, everyone, for your feedback.

Hollis Kara: Thank you, Bill and Chris.

(Applause.)

Chugging right along. Leif, where are you?

Here he comes. Leif Sawyer. Coming up to discuss Recommended Draft Policy 2024-2: Whois Data Requirements Policy for Nonpersonal Information.

Recommended Draft Policy ARIN-2024-2: Whois Data Requirements Policy for Non-Personal Information

Leif Sawyer: Thank you, Hollis. As she said, I’m Leif Sawyer. My co-shepherd Daniel Schatte.

The Problem Statement for 2024-2: The mission statement or the current Policy Statement text is fairly long. So let’s look at some individual bits here.

This is talking about Whois and the information presented and published in it. Cross-border sharing of personally identified information could lead to redactions among Whois resources outside of ARIN’s purview.

There are currently no ARIN policies that clearly define what organization and associated Point of Contact information must be provided and registered. So that’s what this policy attempts to address.

So first off, we’ll be modifying the 2.12 definition, removing all of the informational requirements and just simply stating that organizational information is the information needed to uniquely identify it.

Modifying 3.8.1 to allow registered DBAs to use that business name rather than their personal party name.

We will be adding in additional record information here for the organizational name to include their primary address and Point of Contact information. Adding additional Point of Contact information here and what that requires, the contact name, their physical location and how to get a hold of them.

Timetable for implementation is immediately.

Our conformance was that it was found to conform to the principles of our PDP, fair, impartial, technically sound, and was moved to Recommended Draft.

If adopted by the Board, it would further clarify what information is collected and published.

So this was brought onboard in February. Adopted as a draft in March. We revised it a couple of times, presented it at the last ARIN meeting in Barbados, and it became recommended draft last month.

Staff and Legal Review. A number of points were brought up by the Staff and Legal team, which we addressed in the policy.

Let’s see if there’s anything that is critical to point out that I need to summarize here. Some of it is just cleaning up how the data is represented. So the different organizational addresses, postal addresses, et cetera, et cetera.

Getting rid of “may,” changing it to “must.” Some grammatical issues, “a” to “an.” “Role account” to “Role Point of Contact,” and “postal address” instead of just “contact address.”

So it is implementable as written currently with all of the Staff and Legal changes. Impact on the registry services is none. There are no material legal issues. And ARIN does point out that the Privacy Policy which states and clarifies the handling of PII is published on their website at the link provided.

They could implement this in three months with updates to the public documentation and internal procedures.

So some community feedback: Mostly positive on this. The Policy Impact, it attempts only to clarify and codify ARIN’s existing practices, and it states that how ARIN handles and manages PII can already be viewed on the website. This appears to have no other material impact to resource management and only impacts what information is published in Directory Services.

It could increase the complexity of managing the Privacy Policy as it exists in coordinating between the NRPM and ARIN’s Privacy Policy.

So questions for you, the community. Are you in favor or against this Recommended Draft Policy as written?

Hollis Kara: All right. Please approach the microphones if you have comments or questions. And for our virtual participants, please go ahead and get typing or raise your hand.

Bill Sandiford: All right. Start over on this side, over on the left side of the room.

Altie Jackson: My name is Altie Jackson, Liberty Latin America. I do support this. In looking at my businesses that have about 10 different ASNs from you guys, this is needed.

Going through everything, it is not clear. But with this policy, I’m in full support.

Bill Sandiford: Thank you. And again on the left side of the room.

Adair Thaxton: Adair Thaxton, Internet2, boring American. Is “DBA” a well-known acronym for our country representatives who do not have English –

Leif Sawyer: “Doing business as” is well-known in the business community. We list it in tons of places. We use it all the time in our business.

Adair Thaxton: But for people who live in areas where English is not necessarily the first language or primary language?

Leif Sawyer: We could add it to our list of acronyms and terms, if that is a concern, sure.

Bill Sandiford: Something you can take under advisement. Over to the right side of the room.

Brian Morisette: Brian Morisette, Connect Holdings II, dba Brightspeed. I support this because that would certainly make the application process easier as it relates to company name.

Bill Sandiford: Thank you. Anything online?

Hollis Kara: We do have one online.

Bill Sandiford: All right. Let’s go for it.

Beverly Hicks: Matthew Cowen, Fellow, unaffiliated, with Martinique in Guadeloupe, being in the ARIN region but also France, not independent countries, where does this sit with respect to GDPR? I don’t know, hence the question.

Leif Sawyer: I don’t know if I can answer that question.

John Sweeting: I’m looking to see if Jennifer’s in the room and can answer it. If she can’t, then I don’t think we can.

Bill Sandiford: We have the wizard.

Leif Sawyer: I did it.

John Curran: I’m here. So recognize that ARIN serves organizations. That’s what we serve. We don’t serve individuals. We serve organizations with IP addresses and those IP addresses let them run infrastructure connected to the public Internet.

ARIN has a Privacy Policy you can read online that describes this. If you’re an individual and you decide to hold yourself out there and run a piece of public infrastructure, then you’ll need public IP addresses but you’re choosing to make contacts public by getting addresses from ARIN.

And that’s your choice. If you’re going to run public infrastructure, people need the ability to find you because there may be packets addressed with those numbers. So we serve organizations.

You can be a single person, individual, doing effectively a DBA, a doing business as, or a sole proprietorship.

But the act of getting addresses from ARIN means you’re holding yourself out. You should choose appropriate contacts. If you don’t want to use personal contacts, your personal email or your personal name or your phone, then you use a DBA for the organization, you use an email address that’s a role account, set up a phone number for that purpose.

But that’s not our difficulty. If you’re running public infrastructure, with public addresses, you need to be in the public.

So as for GDPR, well, frankly, we do business with organizations, not with individuals, and they choose to act in that manner.

So it’s inapplicable, but read the ARIN Privacy Policy if you wish.

Bill Sandiford: Thanks, John.

And final comment from the right side.

Kevin Blumberg: Kevin Blumberg, The Wire.

Support the policy. I had one question. Is there anything that would require any changes on the outputs of the data in this policy? I didn’t see it, but I’m only worried about automation, if there were any changes there.

This doesn’t seem to apply to that, but I wanted to confirm. No changes to the actual output of the data is being pushed or that staff would then interpret to be needed.

Leif Sawyer: If I understand your question, you’re asking if this impacts how the directory services outputs the data?

Kevin Blumberg: Correct.

Leif Sawyer: This policy does not address that. It’s only for the intake of data.

Kevin Blumberg: Right, but intake then is outtake when it gets displayed.

John Sweeting: Correct. And, Kevin, if that was an issue or a problem, it would have been annotated in the Staff and Legal Review. So I feel pretty comfortable that Mark wouldn’t have missed that, and there’s nothing there.

Kevin Blumberg: That’s wonderful. I believe that. I just wanted to confirm it. I support as written.

Bill Sandiford: Thank you. All right.

Recommended Draft Policy 2024-2, all those in favor, please raise your hands nice and high, while Chris Woodfield makes his way to the microphone and tells a joke that I cut him off on, if he remembers. There he is. Lee beat you there, Chris.

Lee Howard: Why did traffic move to UDP during the pandemic?

Bill Sandiford: Why?

Lee Howard: To avoid handshakes. (Laughter.)

Bill Sandiford: Chris.

Chris Woodfield: Are we telling nerd jokes or not nerd jokes at this point?

Bill Sandiford: We’ve gone so far down the slippery slope, it doesn’t really matter.

Hollis Kara: Just keep it clean, please.

Chris Woodfield: What’s the secret of comedy?

Timing!

Leif Sawyer: That’s terrible.

Adair Thaxton: How do you catch a network bug?

Bill Sandiford: How?

Adair Thaxton: With an Ethernet.

Bill Sandiford: All those opposed, please raise your hands now.

Lee Howard: What is a network geek? Someone who bites the headers off of packets.

Bill Sandiford: Suddenly Google is wondering why it’s getting so many queries for network jokes in Toronto.

(Laughter.)

Something is wrong with our algorithm. Toronto is going mad.

From the Floor: Are we registered in Toronto or showing up in –

Bill Sandiford: We might be wherever NANOG was last.

John Brown: Knock knock.

Bill Sandiford: Who’s there?

John Brown: Hello World.

Bill Sandiford: Hello, World, who?

John Brown: Name error. Name who not defined.

Bill Sandiford: Okay. This is the one we’ve all been waiting. Nancy Carter, what have you got for us?

Nancy Carter: What does an accountant use to hang up their Halloween decorations?

Bill Sandiford: I don’t know. What is it?

Nancy Carter: Tacks.

Bill Sandiford: Recommended Draft 2024-2: 101 in the room; 60 remote. 47 for; one against.

Thank you, everybody, for your feedback. The AC will take it under advisement.

Hollis Kara: Thank you, everybody.

Next up, Brian Jones. Where are you? Brian Jones with Draft Policy 2024-4: Internet Exchange Point Definition.

Draft Policy ARIN-2024-4: Internet Exchange Point Definition

Brian Jones: Okay. ARIN Draft Policy 2024-4. Myself and Matthew Gamble were the shepherds.

The term “Internet exchange point” appears in the Number Resource Policy Manual as an entity eligible for special allocations and treatment but is not clearly defined. That’s what this proposal does.

Here’s the definition: An Internet exchange point, also known as an exchange point, Internet exchange, IX, IXP, NAP, is a shared, physical switching fabric used by three or more autonomous systems for the exchange of data destined for and between their respective networks.

This is the same thing.

Okay. This was a proposal that came in in April. It became a Draft Policy in May. Circulated to the community, and we revised it in June, essentially taking out the word “Ethernet.”

Staff and Legal. They found that there is a discrepancy in Section 6.10.1 of micro-allocations that states “a minimum of only two other participants,” and this creates the discrepancy.

Otherwise, implementable as written. No major legal issues. Implementation time frame, three months.

Community feedback. The biggest thing that came out of this was prescribing a physical medium. So we took out the word “Ethernet” and most of the feedback was positive.

The Policy Impact: This allows ARIN and the community to communicate effectively when discussing Internet exchange points and requests made for resources pertaining to these entities.

This could also impact Draft Policy 2024-5, which rewrites Section 4.4, Micro-allocation.

Okay. Questions for the community. Given the Staff and Legal Review, does the number of participants need to be two or three to qualify as an Internet exchange point?

So should Section 6.10.1, Micro-allocations for Critical Infrastructure, be corrected to say a minimum of three total, or should the definition of IXP for this proposal be modified to say used by two or more autonomous systems?

Bill Sandiford: Microphones are now open. Get your comments online. We’ll start over here on the right side.

Douglas Camin: Doug Camin, CCSI, generally support as written. Maybe a technical question. If we go to the language there. You mentioned autonomous systems. So I think it’s kind of a general question.

Does that create a situation where a single organization who has different AS numbers could claim themselves as an IXP? So should the language include a statement about unrelated business entities or something similar?

I’m not specifying language, but I’m making the statement that that may allow somebody to come through and say, hey, I’ve got three AS numbers, I’m an IXP.

Bill Sandiford: Thank you. Right side.

Mohibul Mahmud: Mohibul Mahmud, Microsoft.

My question is on the community feedback. Yeah, this one. So this community feedback seems like they raised concern about being too specific in defining IXP technologies like Ethernet.

So my question is, should the policy be more flexible to allow for other layered technologies and future innovations in IXP setup?

Brian Jones: The whole idea was we got rid of Ethernet. That was the big – that’s why we changed it to “physical switching fabric used.” That is the new text. It no longer has “Ethernet” specified. That was community feedback. They didn’t want “Ethernet” specified.

Mohibul Mahmud: It will be more flexible to other Internet technologies?

Bill Sandiford: Yep.

Brian Jones: That’s the whole idea.

Bill Sandiford: Anything online?

Hollis Kara: Nothing so far.

Bill Sandiford: Let’s go to this side.

Adair Thaxton: Adair Thaxton, Internet2. I had the same feedback as Doug. I thought the word choice “participants” in Section 4.4 would get around having one IXP with multiple internal ASNs.

Bill Sandiford: Good feedback. Thank you. We’ll continue on this side.

John Brown: I defer to my kind gentleman on the other side.

John Brown, no logo. We’re saying physical switching infrastructure. What about virtual? There are virtual Internet exchanges out there. Are we capping and limiting ourselves or causing a definitional problem down the road?

Bill Sandiford: I think virtual in an exchange is physical somewhere, right? It exists somewhere. Your connection to it may be virtual.

John Brown: It’s in the cloud.

Bill Sandiford: Noted. The AC can take that as feedback. Kevin.

Kevin Blumberg: Kevin Blumberg, Toronto Internet Exchange. Section 4.4 is for critical infrastructure. It lays out Internet exchange points and some DNS root servers.

The key point to this is that it is for the public good. We have reserved space for public good critical infrastructure, and this definition does a lousy job of explaining that.

It’s basically coming up with the way any company could prove themselves out to be an Internet exchange.

It’s not that I don’t support this work. This does not really give the gravitas to what we want to be doing for critical infrastructure.

The other thing is we have already learned – we know that Autonomous System Numbers and all of those things are abused. One Org can have three autonomous systems. So combining and co-mingling in definition a requirement is problematic.

I think you should really focus on what a public good Internet exchange or public good critical infrastructure is as the definition and the requirements then to allow for that is in this section. They’re two different things.

Bill Sandiford: Thanks, Kevin. We’ll close off the queues where they are now. Anything online?

Hollis Kara: Nothing.

Bill Sandiford: We’ll go over to this side for the last three comments.

Matthew Wilder: Matthew Wilder, Telus. In general, I am in favor of adding this definition and giving clarity to Internet exchange points.

Like Kevin and others, I think the bar could be higher or clearer, perhaps. I think when we think about IXPs, if the community wants to support those but we have something specific in mind. Like I want to go to an IXP site, how do I peer to this, and how do I see the list of peers? There’s a certain threshold there.

It’s in draft status. PPML is open. I’d welcome any definition people might have for that.

Bill Sandiford: Thank you, Matthew. Lee.

Lee Howard: Lee Howard, IPv4.Global by Hilco Streambank. I tend to agree that maybe “organization” is a better word than “autonomous systems” and maybe there’s a better way to do that and we can think about it.

But I also agree that we should keep working on this. This is a good space for some additional effort.

I do think that the numbers should be three in both places because I think that two organizations peering with each other is a private interconnect and not an exchange point.

To the point of virtual versus physical. I think those are antonyms, and antonyms are not synonyms. But I also don’t know that virtual interconnects, virtual exchange points, would be considered critical infrastructure.

I’m willing to stand to be corrected with that. Not really my space.

Bill Sandiford: Thanks. Final word.

John Brown: John Brown, no logo. My kind gentleman on the other side, I would just be cautious of using the term “public good.” I think that could be construed in different ways.

I mean, is a commercial Internet exchange where you’re paying money a public good thing? Is it structured as a for-profit entity in that jurisdiction versus a not-for-profit?

To Lee’s comment, I think we’re potentially close but we may need to wordsmith and tool on it a little bit more.

I will agree that three is a good number but we might –

Hollis Kara: He’s back.

Bill Sandiford: Go ahead, John.

John Curran: False alarm. (Laughter.)

Bill Sandiford: All right.

Adair Thaxton: Adair Thaxton, Internet2. I agree with three. Three shall be the number thou shall count. The number of the counting shall be three. Four shall thou not count, nor count thou two, excepting that thou then proceeds to three. Five is right out.

Hollis Kara: Well done, Adair.

Bill Sandiford: Thank you, everybody. The AC will take –

Beverly Hicks: One virtual.

Bill Sandiford: Sorry.

Hollis Kara: Do we have one virtual?

Bill Sandiford: Let’s hear them.

Beverly Hicks: Brad Fecker, state of Oregon, ARIN 53 Fellow. “I agree with the effort in general. And in answer to the direction, question three should be the minimum. And 6.10.1 should be changed to reflect that.”

Bill Sandiford: Thank you, everybody. The AC will take the feedback under advisement.Thank you.

(Applause.)

Hollis Kara: What you guys don’t know is while you’re seeing this on screen, I’ve got John Curran just staring at me from down there. He’s gone now. It’s a little unsettling, I’m not going to lie.

Okay. Feeling a little – okay. Daniel Schatte, where are you, come on down. Draft Policy ARIN 2024-5: Rewrite of NRPM Section 4.4, Micro-Allocations.

Draft Policy ARIN-2024-5: Rewrite of NRPM Section 4.4 Micro-Allocation

Daniel Schatte: All right. Draft Policy 2024-5, a rewrite of basically NRPM Section 4.4 for micro-allocations, with my co-shepherd of Chris Woodfield.

Problem Statement: Section 4.4 language hasn’t aged well. As the ARIN 53 Policy Experience Report demonstrated, increasingly difficult for ARIN staff to actually allocate space, or to implement.

Growth and use of Internet exchanges has also changed. Seeks to improve the soundness of it and really move it this time.

All right. So Policy Statement here. ARIN 4.4, rename instead of micro-allocation. It is CI assignments. I’m not going to read it. I will let you all read it here. But really is a rewrite of the policy into multiple sections. So still a reserve a /15 equivalent for critical infrastructure, sparse allocation and nothing smaller than a /24.

Will also be used for Internet exchanges, root servers, ccTLD operators, ARIN and IANA.

And only Section 8.2 transfers are allowed. So use of this policy for critical infrastructure is voluntary and they will publish it.

Additionally, Section 4.4.1. So it goes into the Internet Exchange Assignments. This will be moved to allocations as the rest the NRPM is moving towards.

Has a definition that we just talked about in it. The plan would be to actually use the definition instead of having a second place for the definition.

And then 4.4.2, root and ccTLD assignments provide – root and ccTLD operators will provide justification and certification of their status as an active zone operator.

The timeline would be immediate. So, 4.4 as it’s currently written. I’m not going to read it again. So really micro-allocation.

Core DNS servers, ICANN-sanctioned, RIRs and IANA. Nothing smaller than a /24.

I’ll give you a little bit more time to read it. All right. Now on to basically what we went over before of the proposed changes but now within red lines.

So CI assignments versus micro-allocation. A lot of the same, a reserve of /15, sparse allocations, ccTLD operators, ARIN and IANA. Revoked if no longer in use for approved purposes. 8.2 transfers being allowed.

Again, the 4.4.1 of Internet Exchange Assignments. We’ll talk about that in a few. And 4.4.2, the root and ccTLD assignments from previously.

The proposal came in on 23rd of April. Moved to Draft Policy 21st of May. This will be the first time it’s presented.

So community feedback of changing Critical Infrastructure to Critical Internet Infrastructure. So this was brought up on PPML. And then the change or the IXP portion of the three initial physically present ethernet, change it to “must meet the minimum

requirements of an Internet exchange point as outlined in Section 2.18,” which 2.18 would be the IXP assignment in 2024-4.

And community feedback. Similar there with the Critical Internet Infrastructure as the official term.

Again, ARIN should not be specifying network technologies. So back to making just use of the IXP definition.

Then it also mentions that we either need 2024-4 or 2024-5 but definitely not both. I think what’s said is two different definitions that had to be synchronized. That’s part of what you saw previously.

And a support for having 2024-4 and removing descriptive language from other uses as well.

Policy Impact: Seeks to clarify the requirements needed to qualify for 4.4. The Draft Policy changes “ICANN-sanctioned root and ccTLD operators” to “IANA authorized root servers.” And RIRs outside of ARIN are not included in the text when they were previously included.

Questions for the community: Do you support this policy as written? Do you support this policy with the changes recommended by PPML feedback? And should other RIRs be able to request 4.4 allocations when they previously were in there?

Bill Sandiford: All right. Draft 2024-5. Microphones are open in the room and online. We’ll start on this side.

Kevin Blumberg: Kevin Blumberg, Toronto Internet Exchange. I support continuing to work on this policy far more than the previous policy.

The way this is laid out, you don’t need a definition when it’s used in one place and in that place and how you’re doing it, you’re defining it through the actions. So this is a far better way.

In all of the previous iterations that we’ve worked on with the Section 4.4, it’s come down to DNS and expansion of is ccTLD, if a thousand – they wouldn’t be – if a hundred ccTLDs were managed and operated out of the ARIN region, that would completely take away the entire pool and you’d have to refill it. That wasn’t the intent.

So I’m concerned that a simple addition in that area may actually end the pool and then have to have it refilled from the wait list, which will create another issue.

So I don’t think anybody is looking for an extreme expansion of who can use this pool, and we just need to be careful on some of the wording there.

I do like many of the changes in here, including the revocation, if it’s not used for intended purpose. Hopefully that would be retroactive. But c’est la vie, because we have seen some of that.

But ultimately what I don’t see in here is a limit. Does that mean that I can just keep coming back and keep coming back for my same Org because I’m a critical infrastructure provider, an IXP, will I need a block for this purpose and a block for that purpose and just keep coming back, rinse and repeat, even though it isn’t for the key intended purpose of running the Internet exchange?

That may be the one thing that I don’t see in here that would help improve it. Thank you.

Bill Sandiford: Thanks, Kevin. Over to this side.

Lee Howard: Lee Howard, IPv4.Global by Hilco Streambank. I tend to agree with most of the comments made online, and with Kevin’s.

As far as switching fabric, SMDS is fine; you can use that too. I don’t like the title. 4.4 CI, there’s no reason to add another acronym to the policy manual, which has no acronym as far as I’m concerned – whether it’s critical Internet infrastructure, probably is clearer than critical infrastructure. We don’t need to abbreviate it “CI” or “CII.” It’s only used twice in the entire document. Spell it out.

Bill Sandiford: Thank you. In the room, microphone queues are closed. We’ll go to the online comments Please.

Beverly Hicks: Tyler O’Meara, unaffiliated. “Why are legacy gTLD operators such as the operators of dotcom and dotnet, et cetera, not permitted to get 4.4 space short of the Root DNS Zone? These are likely the most critical Internet infrastructure in practice. I support this policy in principle.”

Did you want the next one?

Bill Sandiford: Yep.

Beverly Hicks: And Rune Stromsness from Lawrence Berkeley National Laboratory. “‘Critical infrastructure’ is used in both 4.4 and 6.10 for IPv6 micro-allocations, and however these topics move forward should either keep definitions the same for both or move the definitions into one common location.”

Bill Sandiford: Thank you very much.

John Brown: John Brown, no logo. Very quickly. I generally agree with the other comments. It needs a little bit more work. We need to have some language in there to prevent abuse and capture of this space.

Especially if you’re an IX, right, and you do need another /24 because your IX has grown. Great, then have another /24 for the actual purpose of the IX, not for the IX’s Web servers or email servers or back-end infrastructure. We need to make sure there’s some appropriate language for that.

And number two is, I don’t really have a problem with other RIRs because they’re not generally bad actors. Having the ability to get maybe one in our region for each of those if they wish to place critical infrastructure here for the good of the Internet, and I’m sure the RIRs can play well with that.

Bill Sandiford: All right. This side.

Darren Kara: Darren Kara, still no current affiliation since earlier.

I’m an ex-root server operator, though, and I have a little bit of concern around the critical infrastructure space.

Do we know how much we have? What’s the current burn-down rate? Because there’s 512 /24s available, or 256 –

John Sweeting: Darren, from my earlier one, it’s like 282, I think, but it’s about half of the pool.

Darren Kara: Right. With the explosion of IXs I see coming online, it seems like that /15 will burn down quicker than it did in the past, like most things, and I think that needs to be taken into consideration, and how would you refill the –

John Sweeting: Well, there is a policy for replenishment of that pool. That would be anything we get back, that we would normally give on the wait list, we’d have to put it in that pool. When it gets past the three-year burn rate of, I believe, it’s 95 – we do about 30 a year. So it’s like 95 is what would it be – what it would be now. But if we all of a sudden lost them all, that would actually offset those numbers and probably everything we got back from nonpayment would go into that pool.

Darren Kara: Last concern, in the root server operators, they all have previous space that they’ve all changed at least once, I think, new IP addresses.

Would you be revoking that space because it’s just hanging out there answering queries but doesn’t really fit the purpose of critical infrastructure at this time?

Bill Sandiford: I heard the R word. I’m waiting for the wizard to appear.

John Sweeting: Where is the wizard? The wizard. I do think we need the wizard. There he is.

Hollis Kara: He’s back.

John Curran: So the requirements for address space are applied at the time you request. Once you’ve received address space, it’s presumed that you’re applying in good faith.

If it turns out you apply in bad faith, nefarious purposes, you do fraud or similar in your application, we will take it back.

If you apply in good faith, receive address space and years later your use of that address space changes in a way that doesn’t conform with current requirements, that doesn’t matter; we’ve issued you the space in good faith. Businesses change.

We don’t have many policies that I’m aware of that require current compliance and a review. So to that extent, someone who has received address space if we set a policy for issuing new space, that doesn’t automatically get reassessed unless you folks make policy that’s like go out and assess the existing operators.

John Sweeting: John, there’s one guardrail on that. You cannot do a market transfer of that special reserve pool space. You can do an 8.2 if somebody bought you. But other than buying the whole company, you can’t do a transfer.

John Curran: There are particular allocations and even transfers, not just allocations but transfers, that end up with additional constraints that you have to comply with or you risk a revocation.

Bill Sandiford: Microphones are closed, but if you could make it quick, Kevin.

Kevin Blumberg: Very quick. One additional thing is “return and renumber” was removed. You can’t just keep getting /24s to grow in an IXP, they all need to be one fabric. One thing to consider is to have a specific additional part there that is a return and renumber for larger prefixes. Thank you.

Bill Sandiford: Thank you. All right. The AC will take that under advisement. And last but not least.

Hollis Kara: You want to get this one?

Bill Sandiford: Kaitlyn.

Hollis Kara: Kaitlyn, come on up. Last policy of the day, Draft Policy 2024-7: Additional Definitions for General and Special Purpose IP Addresses.

Draft Policy ARIN-2024-7: Addition of Definitions for General and Special Purpose IP Addresses

Kaitlyn Pellak: Hello, everyone. I come to you today from the candy corn lobby.

So as we said, this is a definition for general and special purpose IP addresses.

So essentially the current policy text reads the NRPM treats general purpose and special purpose IPs differently, but there isn’t really an easy and clear way to distinguish them at this time.

As a result, the policy can be either unclear or wordy. Some examples include current Draft Policies, Draft Policy 2023-8, which is repetitive with respect to 4.4 and 4.10 space, and Draft Policy 2022-12, where 4.4 and 4.10 are not explicitly excluded from counting against an organization.

This is actually adding entirely new language to Section 2. The Policy Statement and then the proposed changes are the same. So I’ll just go ahead with the red lines for you.

Essentially, it would just be adding definitions for both special purpose IPv4 addresses, special purpose IPv6 addresses, and then the corresponding general purpose definitions for both IPv4 and IPv6.

So the definition essentially reads that an address should be made available specifically for maintaining critical infrastructure facilitating v6 deployment or for experimental purposes, and then the general purpose definition essentially just reads all other IP address allocations.

This is a relatively new policy. So the proposal was made back in April of 2024. It was voted in as a Draft Policy in June of 2024. This is the first time that this is being presented to the community at an ARIN meeting.

So we have received some strong community feedback on this. It has trended to that this policy requires some wordsmithing. Certain things that I’ve heard from the community include maybe we should be very explicit in what we’re defining. So just stick to the three listed purposes instead of kind of being vague.

Another comment reads that a special purpose IP, they’re already actually defined by the IETF per RFC 7249. So perhaps reserved pool resources would be a better term.

Finally, the author broke out v4 and v6 definitions separately. That might actually be better served to just combine the two.

So the intention of this policy is basically to simplify the language in the NRPM, and the hope is to clarify the differences between general purpose IP addresses and IP addresses that are allocated for a specific purpose.

The outcome would be that the NRPM would be more concise and the intention of those addresses would be more explicit.

And last but not least, some questions for the community: Do we have time for questions?

Bill Sandiford: We do.

Kaitlyn Pellak: Excellent. So a couple things to consider. Do we think reserved pool addresses would be better terminology than special purpose IP addresses? Can we come up with any unforeseen consequences or any unintended consequences that could come from adding definitions to this policy?

And finally, is it actually necessary to define general purpose IP addresses as well as special purpose, or can we kind of infer from defining special purpose what the general purpose IP addresses are for?

And then again, can we combine the IPv4 and IPv6 definitions into one?

Bill Sandiford: Microphones are now open.

Hollis Kara: Approach the microphones in the room or type online if you have a comment or question.

Mohibul Mahmud: Mohibul Mahmud, Microsoft. First, I’d like to know about the first question. I assume like this question comes from the community feedback based on like to change the reserve pool address as a better terminology than a special purpose IP address.

So I would like to know, like, if it is changed, like, what would be the impact? Will it be aligned more with IETF and INS standard in that case?

Kaitlyn Pellak: I believe the reason this was posed is because as the IETF has already defined special purpose IP addresses and that definition doesn’t quite align with what the proposed definition to the NRPM would be, using reserve pool addresses, which is referenced elsewhere in the NRPM would be a better terminology.

Mohibul Mahmud: I assume by this, it will be aligned with IETF then?

Bill Sandiford: John.

John Curran: When we talk about reserve pool, when we talk about reserve pool, we’re talking about a subset of general purpose IP addresses.

So the addresses that we have are addresses out of the general purpose slice of IPv4 or IPv6, which can be used for all sorts of things.

In the IETF, special purpose addresses – they have a different definition, and those apply to many things that aren’t general IP addresses.

So, for example, multicast, loopback and documentation, which you can’t or should not configure into your devices. We actually need our own term to identify the subset of general purpose addresses in this particular use.

The IETF deems all of the addresses we use as general purpose.

Mohibul Mahmud: Sounds good.

Matthew Wilder: Matthew Wilder, Telus. I feel, based on the last policy that was discussed, this maybe could have some utility to say “constrained resources” or some label that gives an indication that transfers, et cetera, would still have that constraint placed on them. Just my thought.

So not really in support or against at this point. Just not –

Bill Sandiford: Kevin.

Kevin Blumberg: Kevin Blumberg, The Wire.

My definition of this policy, abandoned. This isn’t a definition. Pointing to three other sections in a policy and saying that is what the definition is, is circular.

I don’t see the benefit of this policy, and I’m very concerned that all of these definitions that people suddenly have decided is a great place to play in the NRPM is actually complicating and not doing good work in the sections that need it. So define this as abandoned in my view.

Bill Sandiford: Thanks, Kevin. Microphones closed other than those in queue. Nothing online?

Hollis Kara: No.

Dustin Moses: Dustin Moses, Intermax. I’d like to kind of keep the getting too far into so many different definitions. Like you just put in four new definitions in Section 2, and I feel like there’s only one word that just slightly alters between special and general.

I would say that “reserved” seems to be better and more cohesive across the NRPM entirely. They’re special use, but they’re specifically reserved. And I feel like “special” can be tied into other IP addresses and other resources that have specific use.

And so it boils down into, you know, let’s not confuse everything. Let’s keep it kind of consistent.

I kind of agree with Kevin that it needs a bit of wordsmithing. Maybe even just getting rid of that whole definitions thing and trying to just use those sections for what they’re intended to do.

Bill Sandiford: Thank you. Darren?

Darren Kara: Darren Kara. You know the drill.

Kaitlyn, I think I agree with your idea about defining “general.” But rather than it being a canonical list that it will point to this and say that it’s any other space other than this special purpose or reserve space, so that if anybody – if there’s ambiguity, the assumption then is, if you come in and ask for it, if it’s not in the canonical list on this side for private use or, sorry, special purpose, that it is general.

That would be my suggestion. Thank you.

Bill Sandiford: Thank you, everyone. All right. The AC will take this under advisement. And I might as well stay here as we move –

Hollis Kara: You might as well stay here.

Thank you so much, Kaitlyn. She’s running away with the clicker. Chaos ensues. You can’t trust the candy corn.

All right. If we can get John back on screen. It’s now time for Open Microphone. Welcome back, John.

Open Microphone

John Curran: Sure. Why do network engineers avoid working on modern networks during Halloween?

Bill Sandiford: Why, John?

John Curran: Those networks run IPv6 and they want to avoid a hex.

(Appropriately humored groans.)

Bill Sandiford: All right. Let’s start on the left side of the room here with Lee.

Lee Howard: Lee Howard. I find it outrageous that we had any concern about getting through all of the Policy Proposal discussions today.

The purpose of the Public Policy Meeting is to discuss the Public Policy Proposals. We had three hours of agenda time today that had nothing to do with Public Policy.

Anything that does not need to be Public Policy, is not relevant to Public Policy, could be moved to day two. Many of those things are much more relevant to members than the public and that’s the Members Meeting.

If we needed to run long, there’s no reason the Members Meeting, it needs to be half a day. I think it’s outrageous that we would ever have any concern of getting through the agenda. Congratulations on doing it. Well done.

Bill Sandiford: No, we didn’t. I didn’t have any concern at all, Lee. In fact, we went long, and we made sure that we took every single person that approached a microphone and comments online.

We’re here for policy. We are here to do policy. We didn’t cut anyone off. We even let people back into the queue after they were closed.

Lee Howard: We made it through it. There shouldn’t be any concern. Maybe it shouldn’t be the last thing in the day.

Bill Sandiford: Maybe. I had no concern. We got it done. And as far as I know we didn’t abbreviate anyone.

Douglas Camin: Doug Camin, CCSI. Just a thought. We didn’t clap when Daniel Schatte finished his policy. Good job, Daniel.

Hollis Kara: Please. Thank you, Doug.

(Applause.)

Hollis Kara: Sorry, Dan.

Bill Sandiford: Matthew.

Matthew Wilder: Matthew Wilder, Telus. Along a similar line, I just want to say to the community here, we’ve had a great turnout and had great engagement today and policy discussion.

So thank you all. It really makes our jobs easier as an AC to know what to do with policy when we hear from you. So thank you.

(Applause.)

Bill Sandiford: Peter.

Peter Harrison: Peter Harrison, Board of Trustees. One of the things that I volunteer with on a regular basis each year is the ARIN Grant Committee. Now, it’s not on the agenda this year, or at least in this meeting. But if you have the time and the willingness, I strongly suggest that the community volunteer for it. There are a number of reasons for this.

Firstly, there’s a sense of community, in that you’re giving back. You have an opportunity to fine tune some of your engineering chops, and it also provides you with great insights into the operation of ARIN as a whole.

If you have the time next year, just get prepared for it. Please volunteer for it. It’s time well worth it and it’s very well spent. Thank you.

Bill Sandiford: Thanks, Peter. Kevin.

Kevin Blumberg: Kevin Blumberg, The Wire. Couple years ago I got up to the mic and asked -

Bill Sandiford: No?

Kevin Blumberg: I know.

(Laughter)

– and asked to cut the mailings from ARIN to the community. That we were getting inundated.

You did a great job of that. You really cut it down. You got the important stuff out to us, and I appreciated it.

In the last 12 months we’ve seen a number of community consultations that are, quite frankly, stuff you should be doing and the community’s input, the way you’re doing it, is wasteful of our time, is a nice way to say it.

These are best practices or whatever the case may be. You may have your reasons for wanting to do it. And I see John ready to pounce.

Bill Sandiford: I’m not going to let him. I’m going to take this one myself. Keep going.

Kevin Blumberg: You may have ways – point to where the consultations are going on, have it in one place. Don’t send us 48 emails. Appreciated.

I understand the NRO is, the group I’m with, we send out stuff as well, and we are trying to be more careful about what gets sent out.

But the community consultations, it’s getting a little silly. Try to find a better way of communicating is maybe a way to say it.

This also applies in the elections to all of our candidates. Misusing of email lists is a guaranteed way to annoy people. And whether that be your personal list of people that you’re sending to or the public Mailing Lists, I think ARIN needs and has already talked about a much stronger policy in terms of this for future elections.

But just understand that we as DMRs treat this as spam. If that’s the way you’re going to operate, I don’t know how you can be on any of these bodies. Thank you.

Bill Sandiford: All right. Kevin, I’ll tell you this: I will say that from the Board level – I know that Hollis with her team and the entire organization, we walk a fine line when it comes to communication.

You communicate too much, you get people approaching the microphone at Open Mic saying stop emailing me. You don’t communicate enough, you have people saying how come you never communicate with me. It’s really a fine delicate line to watch.

Personally, I may be the Board Chair, but I’m a community member. I represent ISPs, whatever. I personally think the staff has done a pretty good job of trying to walk that line.

We have mailing lists for consultations. We try to contain those communications into certain lists. So if people don’t want to be bothered by the noise of consultations, unsubscribe from the consultations list.

There are certain things that the organization does in an effort to be a bottoms-up multistakeholder organization that requires consultation and feedback from the community.

Yeah, that generates conversation by design. And sometimes it gets a bit much. Sometimes there are things that need to get done. And I apologize if it gets busy at times. But it’s part of what we have to do to effectively serve the community and carry out our mission. And it is what it is. I’m sorry.

Kevin Blumberg: Thank you.

(John raises his hand over Zoom.)

Bill Sandiford: Come on, John. That had to be good enough.

(Laughter.)

John Curran: It was perfect. I was going to say, Kevin, tell me your mail user interface, I’ll tell you how to set up a filter for ARIN Consult.

(Laughter.)

Bill Sandiford: There you go. We’re already over time. If you have anything to add to Open Mic approach the queues now. Nothing online. So we’ll go over to this side here.

John Brown: John Brown, Board of Trustees candidate. Last week I spent time at WISPAPALOOZA. The ARIN folks were there. It was wonderful. So, first of all, thanks to the entire ARIN outreach team for coming to WISPA. We really enjoy it. It’s very beneficial. Money well spent.

As I was walking around WISPA handing out my little blue vote for me cards –

Bill Sandiford: I somehow got two of them.

John Brown: So double vote. You said you represent multiple ISPs.

– I had a number of people look at me and go, “Didn’t ARIN just do the elections? I just had an email last week, last month, that said that ARIN elections and voting and I thought I already voted.”

It wasn’t one. It wasn’t two. I would say it was almost a dozen people confused.

I hear what the other side said. I also hear what you said with regards to there’s a fine line. I respect and appreciate that. Somehow there is a volume of messages coming out where there is the feeling that this election cycle has already come and gone.

So I don’t know how we address it. Maybe if I get elected, I can help solve that problem. Or even if I’m not elected, help with how we can solve that problem.

But there’s a constituency out there that thinks that this election cycle has already come and gone based on the volume of communications they’ve received. So just feedback. Not necessarily saying –

Bill Sandiford: Well noted. I know the team, for the most part – from the various different organizations I’ve been involved with, and ARIN is just one of them, ARIN has a pretty well-defined playbook when it comes how to run elections. It really hasn’t changed much from year to year. There’s little tweaks here and there based on community feedback and things that we hear from the community. So maybe this is one of those things that we take a look at for the coming cycles. But it’s good feedback, nonetheless.

Russell Sutherland: Russell Sutherland, from the University of Toronto. I’ll be brief. I’ve been involved with the networking space long before ARIN. And this is my first ARIN conference that I’ve been to.

I’ve been to, I think, all the other IETF conferences that were held in Toronto. And I just wanted to commend just the community.

I found this to be a very thoughtful and arenic way of discussing what sometimes can be quite contentious issues. I wanted to make that note, as a first-timer here, very good, well-organized.

But things were said and things were done well and we didn’t need the ombudsperson.

Bill Sandiford: Thanks very much. We love having first-timers. We love you even better when you become second-timers. Hopefully we’ll see you back.

Lee Howard: Lee Howard, IPv4.Global. I don’t know if ARIN has a process for this, but one of the longest-serving members of the ARIN Advisory Council passed away this year, and I just wanted to recognize Stacy Taylor’s contribution to ARIN over the years and all the things she’s done for us.

Bill Sandiford: Hear! Hear! Lee, Thank you.

(Applause.)

Bill Sandiford: All right. If there’s nothing online, we’ll consider the Open Microphone closed.

Hollis Kara: Oh! Do we have one more? Quick quick quick!

Geoff Cost: This is my first year, and my friend Abha Ahuja from NANOG and ARIN days as well –

Bill Sandiford: Sorry, can you state your name and affiliation?

Geoff Cost: Geoff Cost, Merit Network. – 25 years ago would tell me about coming and seeing all these nerds, and we would pick on her.

Bill Sandiford: I resemble that comment.

Geoff Cost: You do. And her passion was huge. And she passed away 23 years last week, and finally I’m here all these years later and I can feel her spirit. And liking you big time (referring to someone in the audience to laughter). And I love the discourse. I like that nothing’s easy. Nothing worth it is easy. So thank you.

Bill Sandiford: Thank you for the kind words.

Hollis Kara: Thank you both.

Bill Sandiford: On that note, I’ll close the Open Microphone, pass it back to Hollis for closing announcements.

Closing Announcements and Adjournment

Hollis Kara: Thank you, everybody, for your patience today and for tolerating my sense of humor.

We’re happy to have you here. We look forward to seeing you again tomorrow.

I’d like to thank our sponsors. Network Sponsor, Rogers, and our Webcast Sponsor, Google. If I could get a round of applause for them.

(Applause.)

I’d also like to thank our sponsors that are out in the expo area, Kalorama IPv4 Brokers & Advisors, our Platinum Sponsor, and our Silver Sponsor, IPv4.Global by Hilco Streambank. And our Exhibitor Sponsor, IPXO. So if I could get a thank you for them. Please stop by and thank them for supporting ARIN. Without their support, we could not bring you these meetings.

Just a reminder, the social event will begin at 7:00 p.m. tonight at the Hockey Hall of Fame. If you need directions or a map, we have them available at the registration desk. Please bring your badge.

Drink tickets will be given to you when you arrive and you will get two of those. And beyond that, it’s a cash bar, and I hope you will take advantage of the opportunity to tour the museum and enjoy some food and talk with friends.

We are committed to providing a safe and welcoming environment for everyone who participates. That applies to the social as well. Take it into thought.

We look forward to having you join us back here again tomorrow. Breakfast will be at eight across the way in Pier 4 and 5, and the meeting will begin here promptly at 9:00 a.m.

With that, thank you so much for your support. We look forward to seeing you back tomorrow.

(Meeting adjourned at 5:25 p.m.)

ARIN 54 Public Policy and Members Meeting, Day 1 Transcript - Thursday, 24 October 2024

On this page

Welcome from the ARIN Board Chair

Opening and Announcements

Welcome from ARIN’s President and CEO

NANOG Update

Board of Trustees Report

Financial Report

Risk and Cybersecurity Committee Update

Policy Implementation and Experience Report

Advisory Council Update and On-Docket

Policy Block 1

Recommended Draft Policy ARIN-2022-12: Direct Assignment Language Update

Draft Policy ARIN-2023-8: Reduce 4.1.8 Maximum Allocation

2024 ARIN Elections

Candidate Speeches

Board of Trustees

John Brown

Mike Burns

William Charnock

Ron da Silva

Peter Harrison

Philip Inshanally

Altie Jackson

Keith Mitchell

Shernon Osepa

Chris Roosenraad

Adrian Schmidt

Chris Tacit

David Zumwalt

Advisory Council Speeches

Lily Botsyoe

E. Marie Brierley

Matthew Cowen

William Herrin

Kathleen Hunter

Andrés Mayhew

Daniel Schatte

Alicia Trotman

Chris Woodfield

NRO NC Candidate Speeches

Andrew Gallo

Frank Petrilli

Amy Potter

Policy Block 2

Recommended Draft Policy ARIN-2024-1: Definition of Organization ID/Org ID

Draft Policy ARIN-2024-6: 6.5.1a Definition Update

Draft Policy ARIN-2024-8: Restrict the Largest Initial IPv6 Allocation to /20

Draft Policy ARIN-2024-10: Registration Requirements and Timing of Requirements With Retirement of Section 4.2.3.7.2

Recommended Draft Policy ARIN-2024-9: Remove Outdated Carveout for Community Networks

Recommended Draft Policy ARIN-2023-7: Clarification of NRPM Sections 4.5 and 6.11 Multiple Discrete Networks

Recommended Draft Policy ARIN-2024-2: Whois Data Requirements Policy for Non-Personal Information

Draft Policy ARIN-2024-4: Internet Exchange Point Definition

Draft Policy ARIN-2024-5: Rewrite of NRPM Section 4.4 Micro-Allocation

Draft Policy ARIN-2024-7: Addition of Definitions for General and Special Purpose IP Addresses

Open Microphone

Closing Announcements and Adjournment

Related