ARIN 42 Public Policy Meeting, Day 1 Transcript - Thursday, 4 October 2018 [Archived]

Please Note: This transcript may contain errors due to errors in transcription or in formatting it for posting. Therefore, the material is presented only to assist you, and is not an authoritative representation of discussion at the meeting. If additional clarification and details are required, videos from our original webcast are available on our YouTube channel.

For an executive summary of this day of the meeting, read the daily digest on the TeamARIN website.

Public Policy Meeting, Day 1 - Opening Announcements

John Curran: Good morning. If everyone will come in and be seated, we’ll get started.

In a room this small, I actually don’t even need this. So I need to be very careful. Indoor voice.

Good morning. Welcome to ARIN 42 in Vancouver. I’m John Curran, President and CEO of the American Registry for Internet Numbers, ARIN. I’d like to welcome everyone here. We’re going to have a great couple of days and should have some excellent discussions. Work on policy. All in all a good time.

So, I want to point out that our Board of Trustees, under which all the work is done, is actually here. We have them in the audience everywhere.

So Dan Alexander, Paul Andersen, Nancy Carter, myself, Patrick Gilmore, Aaron Hughes, Bill Sandiford, and Regenie Fräser, our Board of Trustees.

Regenie Fräser been appointed for next year. She’s an observer right now. So we’re all here this week. Feel free. You’ll see. We have distinguished red stripes, if you want to talk a Board member.

The Board is responsible for the fiduciary – has fiduciary duties responsible for the mission of ARIN, make sure it gets done, make sure we handle the finances, not take on undue risk, and make sure we provide the services you want us to provide. So worth paying attention to.

Our Advisory Council is here, the ARIN Advisory Council. I’m not going to call all the names, but if you’re with the ARIN AC, please stand up.

The ARIN Advisory Council is the one that works on the number registry policy. They work on the policies we use in administering the registry. They listen to you.

They work on policy proposals. They’ll be the ones leading a lot of that discussion. So if you have an issue about how our policies work, find someone standing up, and they’re on the ARIN AC. Thank you.

We have a number of – we have the NRO Number Council here. The NRO Number Council is the group that works with the other four RIRs, three per RIR. And they work on global number policy. Global number policy is the policy that’s used to get numbers from the IANA to each of the RIRs.

So the Number Council is our representatives, a 15-member body, that coordinates that process, including Louie Lee; Kevin Blumberg, I know you’re here, Kevin, somewhere; and Jason Schiller.

Go ahead, Louie.

Louie Lee: Louie Lee, small correction on that last slide, if you would. The Vice Chair is Kevin Blumberg.

John Curran: Yes. The hat has changed. But not the hat, obviously.

(Laughter.)

Very good. We have a number of RIR colleagues from APNIC, from LACNIC, and from the RIPE NCC. Welcome, our fellow RIR guests. They’re here to help coordinate what we do amongst each other.

The ARIN management team is here. You’ll see us. We have staff badges. Badge says staff. And there’s quite a list. Feel free if you have a question about any of the functions that we perform, that’s the team that’s doing it. Almost our whole management team is here this week. So we’re all in the halls. If you have a question, don’t hesitate to hunt any of us down.

Now, we do bring people here through our Fellowship Program. And our Fellowship Program is very important to ARIN. What it does it provides an ability to bring new people into the process, become aware of ARIN, what we do, and also bring that information back to their communities.

So we actually have Fellows from each of the sectors within the region. And in addition we assign each Fellow a mentor, because rather than just wandering the halls aimlessly, it’s good, as a new person, for you to have someone help guide you, answer your questions, explain what’s going on.

I’d just like to have the Fellows stand as I read your name. So from Canada, I might get these wrong, Blaise Arbouet, Canada. Stand if you’re here. From Canada, Andrew Martey Asare. And Adrian Schmidt. If you’re a Canadian Fellow, stand up. Welcome to our meeting.

From the Caribbean, Suzette Burley. Back there. Gary Campbell. Thank you, Gary. And Roosevelt Lewars. Yes, yes, maybe. Okay. Also from the Caribbean.

From the U.S., Austin Murkland. Alan Shackelford. Alan. Soren Sorensen. I like your name, Soren. Nice name. Ovidiu, I am sorry. I apologize. Ovidiu Viorica. Yes? Am I close with your name?

Ovidiu Viorica: Close enough.

(Laughter.)

John Curran: And also Cesar Oscar Cordero Casilla. Thank you.

Our Fellows come here. We welcome you all. If you see a Fellow, please feel free to speak to them, tell them what you think about ARIN.

We have newcomers, total newcomers. How many newcomers, Susan?

Susan Hamlin: 56.

John Curran: 56 newcomers. Very good. Our Newcomer Orientation, we had – we introduced people to ARIN and what it’s about and they got to get an orientation to what’s going on. We’re now going to do a drawing, a prize drawing, for the newcomers who filled out the survey. They help us refine that.

So here it is. I’m going to need someone to come up. Owen DeLong, come on up.

(Laughter.)

Owen DeLong: What a surprise.

John Curran: I don’t have to read it both in English and French, do I? Bonjour. So the winner of the survey – thank you for filling out the surveys – Daniel Dent, we will send you a gift certificate. Thank you.

(Applause.)

Thank you, Owen, for your services in drawing. Wonderful job.

So I’d like to welcome our remote participants. You may not realize it, but this is not the ARIN meeting. This is just a piece of it. We have a number of remote participants watching the video who have access to an online chat room. They can ask questions. They can actually participate when we do a show of support. They can participate in those polls. They have access to all the same materials.

So when we’re running the meeting, recognize it’s both you and the remote participants. Okay.

Emergency procedures. This is interesting. I’m going to put this slide up here. If you want to know where the nearest hospital is, pharmacy, urgent care center, those are the addresses and phone numbers.

I don’t know if we should print those out somewhere because in an emergency I’m not going to be standing up here.

Paul Andersen: That’s California.

John Curran: Okay. So some of them are a little far away.

(Laughter.)

Paul Andersen: The Shoppers Drug Mart is just up the street. Right out the hotel.

John Curran: You have to travel great distances to get great U.S. healthcare.

(Laughter.)

We’ll work on better information in the next version of this. I would ask if you have an emergency, you know, go to the front desk of the hotel. They probably have local information. Sorry about that.

Okay. SSID. So we have a wireless network. We actually work together with NANOG to get a wireless network running, and the wireless network is named NANOG. NANOG. That’s up and running since the meeting that was earlier this week.

We also have a legacy network for those people who can’t handle 802.1X. It’s open and it’s unencrypted. Feel free.

Attendance stats. Our attendance, we have 38 people from Canada here. We have 91 from the U.S., seven from the Caribbean, 21 from outside the ARIN region, and 29 remote participants. So wonderful distribution.

I’d like to thank our sponsors. Our network sponsor, TELUS. Big round of applause.

(Applause.)

We’ll actually hear from them very shortly. And our webcast sponsor, Google.

(Applause.)

All of you at home listening to the webcast, you need to clap for that, okay. That’s what’s making you able to listen to this.

So Happy Hour sponsor, for those who made the Happy Hour last night, it was sponsored by Addrex. Round of applause. Thank you for that.

(Applause.)

And I’d like to say we have a help desk we run during this meeting. If anyone has any questions about their number resources, how to make use of our services, it’s in the foyer; feel free to help yourself.

A lot of people end up with questions that sometimes you just don’t know how to handle or awkward to handle over email. This is a great opportunity to clean up any outstanding issues you might have.

We also have an election help desk, because we’re running an election for our AC and our Board and our NRO Number Resource – NRO Number Council appointee. So when you’re doing your elections, if you have trouble voting, go hunt them out. We’ll talk about that later today.

We have another desk out there, a lot of desks, a lot of our staff out there. This one is important. We have a user testing desk for the new website and ARIN Online. So we actually are changing our user interface after much feedback from the community.

We have a prototype of that. We’d like to collect some final feedback. So if you have any questions, feel free. Or if you want to see the new one, go there.

You can also see it online. We sent out a link. It’s preview.arin.net, if you want to see the new interface. You can actually sit down with the user interface experts, walk through some trials with them and provide them feedback. We want to refine this so we can push it out to you by the end of the year, make sure everyone has a nice new interface.

Okay. Turn in your ticket. In your badges you’ve got a ticket, turn in your ticket to claim your ARIN t-shirt with the logo. Very nice, very pretty.

Okay. There’s an app. There’s an app for everything nowadays. We have an app for ARIN 42. Lets you get to the schedule and see what’s going down. If you have the old one, you need to delete it and download this one.

Okay. We’re going to have some discussions today. And we want everyone to have productive discussion. So to that end, we moderate the discussion. We make sure that everyone has an opportunity to speak at the microphone.

When you speak, speak clearly. If you want to say something, find a microphone so our remote participants can hear you. State your name and affiliation each time so we know who you are.

Otherwise, some people have similar sounding voices. If you don’t say who you are, we don’t know how to actually attribute what we’re hearing. It will end up in the translation wrong.

Please comply with the rules and courtesies in the program. You’ll see them in the program. Short version: Be polite to others; let others speak if you’ve already spoken; let other people have an opportunity at the mic before you come back; try to keep focused on the topic rather than the person. We’re trying to make progressive, useful discussions.

Okay. Here’s our agenda. We’ll have our sponsor, TELUS, up. That will be wonderful. We’ll have a Regional Policy Update, talk about what’s happened in all the RIRs with respect to their number policy.

We’ll have the AC docket, the Advisory Council Docket Report, where the AC comes up and presents what they’re working on. We’ll be hearing about some of these proposals later. But you don’t always hear about every proposal in detail. And so this is an update that covers that.

Policy Implementation and Experience Report. So the staff, when we implement the policy, we take footnotes – things that work well, things that don’t work well, questions we might have, things that the community might not realize, notes and how the policy actually ends up being implemented.

So we bring that to you every meeting to help educate you on how the policy’s working. We’ll have an Internet Number Status Report. We all use these Internet numbers, these unique numbers that keep the Internet running. There’s pools of numbers in each of the RIRs, and then the IANA has the unallocated pool. We’ll have someone come up, give the Numbers Status Report.

And then we have an IETF reporter who will come up and give the IETF Activities Report, which is fairly important. The IETF makes protocols including the ones that created the registries, IPv4 and IPv6. When the IETF changes how network protocols work, it changes how we manage numbers, as it turns out.

So we have someone who goes to the IETF. Those are short meetings. They only run a week from 7:00 AM to 9:00 at night. There’s only about 150 working groups. And they try to track the most important developments, bring them to you so you can know what’s going on at the IETF at a high level.

So that’s our morning agenda. And that’s actually what we’re going to get done between now and 10:30, to give you an idea what’s coming up. Okay?

After the break, after 10:30, we’re going to handle some policy discussions, because we have a number of policies that the Advisory Council wants feedback. These are the ones that will come up.

We’re going to have 2018-1, Inter-regional Transfers. We’re going to have 2018-2, Clarification of ISP Initial Allocation and Permit Renumbering; and 2018-3, Remove Reallocation Requirements for Residential Markets.

Tonight, just a little heads up, there’s going to be a social. The ARIN social is at the Waterview Special Events Space. There’s buses leaving at 6:45 and 7:00. And it’s going to be fun. We’re going to have games there, skiing and snowboard simulators, a guided taste of Vancouver microbrews, Canadian delicacies, and music from Canadian artists. Wonderful. That’ll be tonight, so see everyone at the social.

At the head table – Paul Andersen, Bill Sandiford, Tina Morris, Leif Sawyer.

(Applause.)

That might be a first, actually. I’m actually going to, at this point, ask Matthew Wilder of TELUS to come on up. TELUS is our sponsor for the network connectivity. And I thought it would be good to have Matthew come up and say a few words.

Sponsor Remarks

Matthew Wilder: Hi, Matthew Wilder, TELUS. As a TELUS team member, welcome, and I hope you enjoy the network. And as a Vancouverite, welcome to Vancouver.

So we have a network. Pretty typical diagram here. Canada is pretty big. We cover all of it with fiber and most of it with 4G network. Lots of subscribers.

One thing I want to talk to you about that’s a little bit different is how we give where we live.

So TELUS has a program called Connecting for Good. Through this, we gift through three main buckets. One is called Internet for Good. We give to low-income households high speed internet access in a subsidized manner. We also give Mobility for Good to at-risk youth. And we give Health for Good, which is a mobile health clinic to those who are homeless, typically. So we have this in Victoria, it’s launched. And we recently announced it will be expanding to other areas in Canada.

So these are a few things about TELUS. Again, welcome, and I hope you enjoy the network. And I can tell you’re enjoying the network if I hear that clickety clack on the keyboards. Thank you very much.

(Laughter.)

(Applause.)

John Curran: Very good. I would now like to move on to the Regional Policy Update. Sean Hopkins, come on up.

Regional Policy Update

Sean Hopkins: Thank you, John. Hello, everyone. Good morning.

Fine, stay silent.

From the floor: Good morning, Sean.

Sean Hopkins: I live for it. So, I’m Sean Hopkins. I’m ARIN’s Policy Analyst. We’re going to walk you through a few things that are happening outside our neck of the woods. We’ll hit on AFRINIC, APNIC, LACNIC, and the RIPE NCC – all RIRs, just like us, and they cover these respective regions.

AFRINIC, pending implementation are a few proposals I’ve mentioned before, a mechanism for AFRINIC staff to sweep for lame delegation records on domain objects, some updates to pointers, throughout existing IPv6 policy, and the allowance for organizations to submit new addressing plans for a larger block than they originally thought they needed without having to renumber.

Still under discussion, we’ve got an extensive rework of the PDP underway. Mechanism for regular resource reviews by AFRINIC staff. These are random reviews looking for RSA or policy breaches.

Also under discussion we’ve got a revision to soft landing policies that were drafted a bit ago, and some clarification on v6 sub-assignment language that actually excludes anything that’s nonpermanent from the definition of a sub-assignment.

APNIC. Under discussion we have a no-need policy that impacts transfers within and into the APNIC region. Of course if that comes from a region that has needs-based, like ARIN, it would include a 50 percent utilization plan over the next five years.

Also some familiar clarifying language excluding nonpermanent use of v6 from the definition of a sub-assignment.

Now, this abuse contact validation proposal actually reached consensus in Noumea a couple of weeks back. They’re still working on an update to their PDP as well, broadens consensus a little bit. Allows a little bit of time for mailing list consensus to be determined alongside folks that are actually in the room.

LACNIC. Recently implemented, there’s an IP-based geolocation proposal that went through, a sweep for v6 policy for some outdated references, minor inconsistencies, things like that.

Also implemented, a PDP update just like the one I mentioned for APNIC. It allows new addressing plans to be submitted for a larger block without having to be renumbered.

There was also a proposal mentioning a Global Internet Registry creation. You might remember we had a table topic about it last time around here, and that’s actually since been abandoned by the author, overall lack of support, and you’ll notice June 26 was when that was dropped.

So under discussion. Now, a very familiar update, excluding nonpermanent use of v6 address space from the definition of a sub-assignment, and an update to v4 language allowing for that same larger assignment without renumbering.

Also under discussion update to – oops – also under discussion – sorry, lost my place here.

A bit more on the docket, some reference alignment in v4 end user policy, minor updates to the PDP. It’s actually a follow-up to a larger revision to the PDP that was pushed through a little bit ago. This one allows a discussion phase to be extended if just a little bit more input is needed to determine whether or not there’s rough consensus.

Also under discussion, an update to the merger and acquisition policy and registration and validation of abuse contacts.

RIPE NCC, last but not least. Recently implemented some updates to minor outdated info in v4 policy. Clarification on some definitions in v6 policy and abuse contact validation. Remember that from ten seconds ago? Alright.

Also recently implemented PDP clarifications. Gives options for extending a review phase if consensus hasn’t been quite determined yet. Last but not least, a proposal you should all know by heart – a clarification allowing, excluding nonpermanent use of v6 from sub-assignment policies. That’s what’s happening out there. If you have any questions for me, I’m here.

(No response.)

None. Beautiful.

John Curran: Thank you, Sean. At this point I’ll have Tina Morris come up and give the ARIN AC Report.

AC Docket Report

Tina Morris: Good morning. I’m going to – I’m Tina Morris, Chair of the Advisory Council – review the policies that we’re looking at this week.

We have some Recommended Draft Policies. The Recommended Draft Policies are all in a state where the AC is happy with the language, and we’re bringing them to the community to see if you also agree and if there’s consensus that it should move forward to Last Call.

First we have 2018-1, which allows inter-region ASN transfers that you’ll hear more about each of these policies in detail with the shepherds later this week.

We have also 2018-3, which removes reallocation requirements for residential market assignments, essentially taking where people don’t have to SWIP residential space anymore.

Next we have 2018-4, clarification of temporary sub-assignments. You may have seen that before.

And then we have 2017-12. This one’s a little different. This one’s been through Last Call and it was sent to the Board. It’s required new POC validation upon reassignment. This went to the Board for recommended adoption.

The Board remanded it to the AC with questions of technical soundness. Essentially the AC took community consensus and our evaluation of the efforts required and sent it to the Board for evaluation. However, we did not reach out to the large users of this ability, the large SWIP assignment entities.

And so the Board has asked that we go back out and evaluate with them. So that is in process, and you’ll hear much more about this policy later. But if your organization does SWIPs, we would love to talk to you about that in detail during this meeting.

These next ones are draft policies. Draft Policies are still working on language, seeing if there’s an appetite in the community to continue.

We very much need input on these, and these will not be adopted immediately.

So we have 2018-2, Clarification to ISP Initial Allocation and Permit Renumbering. And then editorial changes. These are not – they don’t change the intent of policy. They’re grammatical. They’re cleanup, they’re language. It’s going back through our Number Resource Manual and seeing things that don’t really make sense anymore.

So we have two of these going on right now as we polish up the language that will be shared with the community. If we have, once we have the community feedback on them they’ll be sent to the Board for adoption.

Any questions?

(No response.)

John Curran: Thank you, Tina.

(Applause.)

Next up, I’d like to have John Sweeting come up and give the Policy Experience Report.

Policy Implementation and Experience Report

John Sweeting: Alright. Good morning, everyone. Happy to be here in Vancouver. It’s been a long week already for those that have been here for NANOG.

So I’m John Sweeting, Senior Director of Registration Services. I want to talk to you this morning about the Policy Experience Report, but more specifically the waitlist that ARIN has.

So the purpose of this briefing is to – the community has to ultimately decide what to do proposing change, removal of existing policy, proposing new policy.

I’m going to give you some information and feedback on the current policy for the waitlist. And then you can – hopefully there will be some discussion about this, because I think there needs to be – also provide feedback on the Number Resource Policy Manual policies.

So the policies we’re going to review today are all part of the waitlist policy. 4.1.8 is your unmet requests. 4.1.8.1 is the waiting listing itself. And 4.1.8.2 is how we fulfill those unmet needs from the wait list to the people that are on the waitlist.

It’s a lot of text, straight out of the NRPM. It’s the 4.1.8. It’s the unmet requests. It’s a little bit dated because it talks about, in the event that ARIN doesn’t have contiguous block of addresses to meet requests, when we all know we run out of the free pool. So we just don’t have that now. We actually – everything goes on to the waitlist for people that are seeking IPv4 addresses.

And there’s some other words in there about rules on when you can apply, how you can apply. You have to wait three months, which is a little – we’re interpreting that to say that once you’ve received an allocation you have to wait – or an assignment, you have to wait three months before you can come back and ask for it again.

It’s not quite where it says there, but that’s how we have interpreted it and that’s how we’re doing it today.

So for the waiting list and fulfilling the unmet needs off the waiting list, the requests comes in, we approve them or disapprove them. But the ones that get approved get added to waiting list by the date and time they’re approved.

We then, to fulfill those, anytime an address becomes available, we will – it’s matched to – you have, like, what you’re really requesting and then what you would accept. So it could be you’re requesting a /20 but you’re willing to accept a /22.

If you’re on the list and we have a /22 but we don’t have a /20, we’re going to send you that /22 – we’re going to offer that /22 to you. If you accept it, you come off the waitlist. If you don’t accept it then you come off the waitlist today.

So one of the – yeah, let’s go. Some of the observations – I didn’t want to start back then – organizations are receiving addresses and then transferring them.

24 percent of the space issued has been transferred, mostly in the /16, /17. We actually, since – this slide deck, about a month and a half ago, was put together at the request of John for some review.

We’ve actually had another two /18s transferred that had been, one was 16 months and one was 18 months. So people are – they’re getting on the waitlist. They’re waiting, getting filled and then a year later, because that’s in accordance with the policy, they’re transferring those addresses.

So the one-year waiting period doesn’t seem to have a whole lot of impact on people that want to come in and just get addresses to then enter the transfer market down the road. I could see if it was a very small percentage, maybe that would be circumstances. But because it’s such a high percentage and it’s only the larger blocks, it seems like there’s intent to use this policy not as I think the community intended.

A lot of organizations that are coming in to get on the waitlist already have a substantial amount of space. And I can say, because I was on the AC when we came up with this policy, was that the intent was to have address space available for those people that either were new entrants or were smaller ISPs that didn’t have like a ton of IPv4 address space already. It was to help sustain the smaller guys or the new entrants going forward. As you can see, four organizations currently on the waiting list already have more than of a /16 worth of space.

And the majority are first timers asking for smaller blocks. So in that sense, it’s really working well. There’s a lot of smaller ISPs. I think part of the thing that’s happening today is the larger ISPs are telling new customers they can’t provide them IPs or IPv4, or they’re actually providing it but at a very high cost.

So those smaller customers are coming in and requesting space and being put on the waitlist.

So think of it this way: If somebody’s on the waitlist for a /16, a /16 becomes available, one company gets fulfilled. If it’s /24s that they’re looking for, that could be 256 smaller ISPs that get what they actually require.

So continuing, blocks that are being transferred via 8.2 transfers that are probably specified recipient transfers. That’s just saying merger acquisition transfers are happening that we really suspect are market transfers.

So people go out, they make a company. They come in, they get on the waitlist, they get their address space and then they sell the whole company.

Some of those, they sell, like, they sell this router and a customer base to a recipient. Our suspicion is that a lot of those are actually market transfers, not merger and acquisitions. But they follow the policy because they understand the steps they have to take to qualify for an 8.2.

Also the 24-month, again, it’s very difficult for the Registration Services Department to look at someone that comes in asking for a 24 month supply.

An officer has to verify that that is true and that they really do need that. That’s fine most of the time, but for some of these companies that are shell companies, it’s very easy to get an officer, the actual person that registered that company to actually sign stating that they have a 24-month need for a /16.

And we have at least one case where multiple large blocks were obtained by multiple organizations and then transferred via an /8 to a single organization.

We do a lot of forensics and investigations today at RSD. We’re not quite like “Law and Order” or anything like that, but we do collect IP addresses that requests come in on, and we can tell when several different organizations are coming in for requests from the same IP or range.

And that’s part of our observations that brought me here today to bring this to your attention.

And the merger and acquisition transfers are occurring while the organization on the waiting list – we don’t have clear-cut policy that says that can’t – that that waitlist doesn’t transfer with the M&A. So it would be nice to have some clear-cut guidance on that.

Basically, we try to revalidate that they’re using all the space, but then we have the 8.2 policy that says we can’t ask for needs or utilization of an 8.2 transfer. So we’re kind of in a quandary there as well.

So some relevant data that RSD has put together, 209 of 241 requests on the waiting list are for a /21 or smaller. So as you can see the majority are pretty much what we would call legitimate and people in need.

So one suggestion is imposing a /21 maximum would impact only 13 percent of the requests on the waiting list. So you could consider maybe you want to limit that now because right now there is no limit to how much space they can ask for and get put on the waiting list.

And five of the 241 requests on the waiting list, 2 percent are for Orgs that already have a /16 equivalent or more. So that could be another thing you could impose a threshold on the amount of address space that an organization currently holds that is coming in and getting placed on the waiting list.

So some of the questions that I hope we can discuss here, and you can give us some guidance and give the AC some guidance actually on these policies, should a waiting list recipient be able to transfer the block they received? Ever? Or should maybe 12 months isn’t long enough? Maybe it should be five years?

Should an organization be eligible for the waiting list if that organization already has a substantial amount of space. That would be if you have like more than a /16, /15, /14, whatever the community thinks is the right number, they would not be able to go on the waitlist.

Should they be able to get multiple blocks on the waitlist? So we have had a few organizations that have already received three fulfillments on the waiting list. That’s due to the waiting list is actually, as I said before, successful, for the most part, in what the community was seeking to accomplish.

And then some other questions – should first timers get priority? So new start-ups that don’t have any space, should they have priority? And should a maximum block size be imposed?

So some of the options, status quo. Maintain the current waitlist approach. Other options, optimize the waitlist processing to better serve the ARIN community and ARIN’s mission.

Waiting list transfers, status quo, one year waiting period before the block can be transferred. The main issue, it creates a financial incentive for organizations to try and get as much space as possible so that they can then make some money on the transfer market. And – anyway.

Other options, disallow waiting list blocks from being transferred as we do with 4.10 and 4.4 blocks and disallow waiting list blocks from being transferred if the transaction is effectively a sale of addresses.

So I think that’s to say you have to consider an M&A. If it’s an M&A, what would happen there with anything that was gotten off the waitlist. Today would be 4.10 and 4.4, as long as they’re going to be used for the same purpose, they can be transferred in an M&A.

The waiting list block size. No maximum block size today. The main problem is evaluating. It takes time and prevents other Orgs from getting space, and was that the real intent of what we had for the waitlist?

And other options, impose the maximum block size and would ensure more Orgs can get space.

The priority, we’ve gone over this, too, the oldest request that can be filled is filled. Doesn’t recognize that some need to be considered more justified than others. To me this is a very difficult one, because I don’t know how Registration Services would be able to really fairly understand who needs it more than somebody else. But it’s an option that’s out there.

And possibly there’s another option, phase out the ARIN Waiting List. Status quo would be we continue recovering space to fill the waiting list and distribute it using the waiting list.

Other options, strengthen ARIN’s ability to serve the community by utilizing recovered IPv4 resources to build an ARIN Endowment or other worthy purpose such as community grant programs, training programs and others. This would significantly simplify ARIN Number Resource Policy.

Thank you.

John Curran: Thank you, John. I’m actually going to handle the discussion.

Okay. Thank you, John. Round of applause for John, head of Registration Services.

(Applause.)

We’re going to wait for him to step safely out of the blast radius. Okay. Microphones are open for questions. R.S.

Rob Seastrom: Rob Seastrom, ByteGrid and ARIN AC, and I have a question, which is: There are all sorts of anecdotal things that John just brought up, which is stuff that’s happening that we may or may not want to be happening.

What are those as a percentage of the total number of transactions?

John Curran: Sure. Let’s talk about it this way. First, if there is a case where we have evidence of number resource fraud, then we will correct it.

So the challenge is that the difference between something that looks suspicious and something that’s provably fraud can be pretty great. So, for example, you have someone who, in three different organizations, all happen to apply, all happen to get address blocks and all happen to be acquired by the same entity. Can’t prove that it’s number resource fraud, but it looks highly suspicious.

So when you ask about some of the questionable assignments, very little. In terms of total number of – a handful, two or three, that would be things that we consider questionable but we can’t show enough to issue fraud, in terms of reclaiming the blocks.

Rob Seastrom: Sure. To put a fine point on that, I’m interested in things that appear to be very pedantically adhering to policies that we have in place without ones that we really didn’t have in mind, not ones that are in the fraud grade.

John Curran: When you look at Number Resources, however, we have a number of cases where people are on the waiting list for /16, /17, /18, /19, /20, waiting for address space. They’ve said credibly they need it. They’ve shown that to RSD.

Now, you need this. You’ve proven you need these resources. You’re waiting for /17. 14 months later we say we have it available. And you have to show that you now need them.

Well, any business that needed a /17 14 months ago is either out of business or found a way to get it, one way or the other.

By pure coincidence we have people who have said, I needed it then, but, by the way, I still need it now. I’m still growing to the point where I need it.

So you’ve got a little bit of disingenuous activity. People qualifying for the waitlist that say they immediately need something generally go out and obtain it, but they may lease it from someone. That way they’re not taken off the waitlist.

They might borrow someone’s address space. So we have a whole number of creative endeavors people are doing to remain qualified to get this windfall of addresses.

And the question really for the community is: Did you intend the waiting list to be those people who didn’t have any other means and might be unable to go to the market? Or did you intend it to be somewhat a lottery system, where you sign up and you hope your number comes up?

Rob Seastrom: And as a percentage of total –

John Curran: Resources?

Rob Seastrom: – transfers. Forget the block size. As a number of total transactions, as a percentage of that, is this a 2 percent thing, a 20 percent thing, a 70 percent thing?

John Curran: Probably 10 to 20 percent of the transactions, 50 to 60 percent of the total /24 resources involved.

Rob Seastrom: Okay. Thank you.

John Curran: Kevin.

Kevin Blumberg: Kevin Blumberg, The Wire. Those numbers that were shown by John in the very first slide are not a rounding error, are not – they’re significant, massively significant.

My suggestion and hope is that the Board suspends this policy until such time as the community can adequately address how it is being abused.

Following policy and then transferring out space at one year and one day is not the intent and is just an abuse of our good nature as the community to make things fair. This issue of transferring out resources from free pools has happened in other regions and they’ve had to address this.

We’re now the suckers. We need to fix this. And I would suggest that be done expeditiously.

John Curran: Okay. Can you put the slides back up? We get to see how this is done. The magic screen that has all the presentations. Very good.

Okay. Here we go. [Counting] Okay. Okay. So, for example, the question about the suspension, okay. Generally the Board suspends policy when we believe it doesn’t meet the function that – we don’t do it very often – but if we really believe it no longer meets the requirements that the community put so forth.

The challenge with suspension is that there’s a number of people who have waited months and are looking for a /24, for example, who when you suspend the whole policy, you take the people who are getting the windfall and the people who have waited diligently and you put them in the same category. Everyone loses as a result.

Hence, the question that comes up is: Given that, for example, at the bottom, of the 241 requests on the waiting list, 154 are requesting their first block ever. And 148 of those would accept a /21 or smaller.

There’s a number of parties who would accept a very modest-sized block and don’t have any. If those are people who really don’t have an effective alternative, when you suspend the policy rather than amending the policy, you sort of put them in the process.

What do you feel about that?

Kevin Blumberg: If a scalpel or an amendment would fix the problem, again, I believe in these types of situations. The Board is best able to address this issue. I’m perfectly fine with either as long as the rampant – when we’re seeing these numbers – issue can be dealt with.

Because now that this is in the open, people are going to start running towards dealing with this because they know they have time until that policy comes through in the community.

John Curran: Understood. The good news, the one exception for the waiting list policy compared to everything else, is if there’s a run on the bank they end up at the end of the line, so you actually can make a policy and implement it and affect those people who were queued.

So it’s a small benefit here, unlike other policies, where we actually have the ability, even if people were to say, oh, my God, maybe this is a great opportunity for me, we won’t be satisfying them for some time. A policy change could easily affect those who got in the queue after today.

Kevin Blumberg: I guess, John, I was more referring to those who have received the space.

John Curran: I see. Got it.

Center front.

Andrew Dul: Andrew Dul, 8 Continents, ARIN AC. The thing that happened that we didn’t anticipate is that we’re getting more address space back into ARIN, and we expected that this excess address space would be transacted in the market.

And so my suggestion, and I think at this point, is that we need to figure out either how to greatly limit the size and the destination of these or we need to make them market transactions somehow.

John Curran: Understood.

Center front queue.

Alison Wood: Alison Wood, state of Oregon, ARIN AC. To Kevin’s point, are there any sanctions we can impose on the bad actors?

John Curran: So, we can. If I can show someone’s a bad actor and I can defend it to the point of protecting ARIN, we can take the numbers back. We can absolutely take the numbers back. And in fact, for people who are curious, you endanger your number resources with ARIN significantly if you engage in bad activity.

But sometimes the difference between being able to call someone a bad actor versus a business that’s growing and successful is very hard to discern. And the last thing you want to do is cause harm to a party that has no malfeasance, has no – tend to be very careful there.

Alison Wood: Thank you.

John Curran: Thank you.

Yes, Owen, center front.

Owen DeLong: Owen DeLong, SAIL Internet. I think that in terms of dealing with the ones that have already received addresses, especially ones that have already transferred them, that horse has left the barn, so to speak. And certainly suspending the policy is not going to do anything to them.

So if Mr. –

John Curran: They can no longer be addressed; is that what you’re saying?

Owen DeLong: Right. If Mr. Blumberg is attempting to deal with that issue through suspending the policy, I don’t see how that works.

In terms of the ongoing problem, I think it is appropriate that we consider amending the policy. Ideally, there comes a day soon when we don’t even care about this policy. v6 is the way to go. Come on, people. It’s been 25-plus years. Get with the program. The good news is more than 50 percent of U.S. traffic is on v6 now. So we are making serious progress.

John Curran: Yes. Final response at the back microphone. Go ahead.

Mike Burns: Mike Burns, IPTrading. I’d like to make a statement about the last idea that was presented where ARIN retain the essentially ownership of returned addresses for purposes of establishing an endowment or some other financial instrument. I just think that’s a terrible idea.

But my question is – and this goes to the idea of starving the waiting list by having addresses sold on the market rather than returned to ARIN. And the question is where are these returned addresses coming from?

John Curran: That’s actually a great question. So I have the Department of Returned Addresses under me, amongst other things at ARIN. Addresses come back for couple of purposes. One, if you don’t pay your invoice we start down a process – it’s on the website, you can go find it – and about 142 days later your reverse DNS gets turned off. You’ve already received notarized letters. You’ve already received phone calls.

If you still don’t realize that your addresses are going away, we actually do reclaim them. And that’s a small number, but it does happen.

Mike Burns: Why don’t you tell these people they can sell them?

John Curran: We do, actually. The next category will truly boggle your mind. There’s a small number of resources that are returned to ARIN: I don’t need this anymore, ARIN. You can have it back.

And we have a discussion with them about there’s a market and there’s people who know how to deal with this and you really should – and some people, I don’t want to deal with that. What do I need to sign to return it. I understand. That’s why I said the second category is even –

Mike Burns: I appreciate the effort. I shake my head.

John Curran: And then there’s a third one. I just want to say, there are resources that have come back to ARIN through the chain of history, the last 20 years. Sometimes we can’t determine who has the proper rights.

Companies have merged or folded in a way that no one can see the agreements. Companies have gone defunct and simply disappear with no party holding clear remnant interests or ongoing bankruptcy interests. And so we have resources that we scrub over time and occasionally we’ll say, okay, there really is no one who has legitimate claim to these rights anymore. It really does look like it’s defunct.

When we sufficiently are confident that we can issue them without harming someone – because if there’s anyone who has a residual interest I don’t want to harm them – when we’re really sure we can issue them without harming anyone, then they’re marked available and they end up going, right now, into this waiting list policy. You’ll see a few of those being released.

Mike Burns: So you have a team in ARIN dedicated to that process?

John Curran: In the priorities of things to do, that’s the bottom one. When someone’s not answering your requests and answering help desk phones or anything else, they’re trying to dig up and clean these. It’s not a huge priority.

Mike Burns: What about a process for people like me, like brokers who uncover abandoned blocks?

John Curran: Brokers, you guys – you guys handle people’s address blocks on your own.

Mike Burns: We do it all the time, but is there a provision for us notifying ARIN when there’s a case where like you’ve described we can find nothing.

John Curran: Yes, if you believe an address block has truly been abandoned and has a defunct organization, email RSD or email myself. We’ll look at it.

Mike Burns: Is there any information about the volume of these, you know, retaking of addresses? How often does it occur? Is that something that you’re pushing for driving those recoveries?

John Curran: So, if you want to know do we have a list of address blocks that we see absolutely no activity on, can’t see any valid rights holder and that haven’t shown up in the routing table, yes.

If you ask the second question, does that mean that they’re not being used by someone who’s the right successor holder, successor of rights, we don’t know that. Because quite frankly companies merge and it ends up in a lab somewhere it never gets routed. Or it’s being used internally but it’s not being shown up in a public routing table.

So the fact that we know about potential isn’t a good indication of how many of those might actually be defunct, if that helps.

Mike Burns: And it’s very strenuous effort to try to really get to the point where your legal team could say, yeah, this is absolutely abandoned. No one else is going to come after us. And it’s hard and it’s time-consuming.

John Curran: Hard and time-consuming, not a top priority, but they do come up now and then. If you’ll notice, we just did an issuance from the waiting list a month ago before this meeting. Some of those were resources that had been clearly returned or resources that have been clearly revoked and some resources that we had determined really had no successor in rights.

Mike Burns: Thanks.

John Curran: Probably more than you want to know but it gives you an idea.

Last, last question. Go ahead.

Alan Shackelford: Good morning. Alan Shackelford, Johns Hopkins University. In this room actually in the back half of this room on Tuesday I was offered $1.2 million for one of my class – did I hear you say you’d rather do that than me send it back to you?

John Curran: So let’s be clear. We won’t refuse address space. But we will tell you so that you and your organization are 100 percent clear that you have rights. You may not have freely held property, but you have an interest. You have actual rights to an entry in the registry. It’s transferrable. There’s a market and you can do it.

It’s fairly important that we’re up front and clear about this and that the party we’re dealing with actually has the rights to return those to ARIN. We deal with company officers on this matter. We don’t want someone to say, oh, my assistant gave away my /16 the other day and he wasn’t authorized.

So we’re very up front and very vocal to make sure you understand, even then we have parties who say it’s just easier to give back to ARIN.

You don’t have to give it back to ARIN. You can go to the marketplace. We just want to make sure you’re 100 percent informed of your choice. Got it?

Alan Shackelford: Okay.

John Curran: Steve Ryan, ARIN’s general counsel.

Steve Ryan: I just want to make a general point, and we don’t do it all the time, but I want to give an antitrust admonition in the room. When we rise, if you don’t give your specific corporate plan or a specific offer – no offense taken, by the way – but we’re here to talk about public policy with regard to it, not any particular company’s decision-making.

And it is important, by the way, and the entire ARIN structure exists so that we can have these public meetings as an exception to the antitrust law.

We have all the ISPs, and end users in North America are welcome at this meeting to discuss these issues and to actually make standards about them. And our right to do that legally depends on us doing it in a manner like this.

And, again, maybe sometimes we should do this more generally. But if you could avoid talking about a particular company’s name, et cetera, it’s always helpful. Thank you.

John Curran: Excellent reminder. Thank you.

We’re going to now have – we’re going to skip the Internet Number Status Report. John, you got recused.

We’re moving right into our IETF Report from Cathy. I refuse to take time from your report, given that you have to cover a lot of material and it’s usually full enough as it is.

IETF Activities Report

Cathy Aronson: We could have skipped my report, though. So I’m just going to take a second even though I have 75 slides and however many minutes.

This is a photo from Cadillac Ranch. It has nothing to do with the IETF. But since I stood up here last time, I bicycled from Chicago to Santa Monica. And I just wanted to thank everybody here in this community who supported my fundraiser, sent me cheery emails, read my nonsense I wrote from the road and all that sort of stuff. So, thank you, I really appreciate your support.

Anyway, onward. If you get to go there it’s in the middle of nowhere but it’s still pretty cool. And the photo makes it look a lot prettier than it is.

(Laughter.)

Because it’s literally just a bunch of cars stuck in the dirt covered with paint.

Okay. This is just one IETF meeting, IETF 102 in Montreal. It’s super high level. I have 75 slides and 30 minutes or something.

So, I’m going to skip over some stuff. A lot of it is exercise for the reader. So there’s that.

So this really funny thing, whether you like it or not, popped up on the v6ops Mailing List, you should check out the URL because it’s really pretty funny. Anyway, enough of that.

The chairs of the v6ops working group challenged us all to read a draft a week from the July IETF until now, until the next IETF, so next month. I’ve been reading an RFC a week, which, boy, that’s super fun. And so, I have a couple of slides about a couple of drafts that I think this community would be interested in.

We’re now deciding to talk about terminology in RFCs and whether it’s offensive or not, which is pretty entertaining – master/slave, those sorts of things. Not sure how you fix that. And I’m not sure how man in the middle is offensive. But maybe it is or maybe it isn’t. Anyway, you might want to follow that.

So, drafts I’ve recently read. There are two. They’re sort of interrelated. But basically one of them is the survey of kind of all the RFCs that reference what a prefix length should be on a point-to-point link, sort of, so that maybe nobody starts hard coding them because it really should be a prefix and a mask and not an actual /128 or /127 or whatever.

So, they’re trying to kind of put all the information together so that you know where all the references are and what you can do and what you should do and shouldn’t do.

So, there’s a point-to-point one. There’s an end-site one. I don’t know why this one has a lot more text. But anyway, they’re both basically the same thing, an overall recommendation and reference to all the other RFCs that reference what a prefix length should be on that particular medium. So, you might want to check that out.

So IEPG is an operator’s group that’s been meeting at the IETF now on the Sunday before the IETF for now 25 years or something. And it’s always been from 10:00 to noon on the Sunday before IETF, so much so that I didn’t look at the schedule for the past IETF and I showed up at 10:00 only to find that because of the World Cup it started at 9:00.

So, I apologize that I missed two of the most contentious and argumentative presentations that I got to see later in a much more calm and non-yelling state.

So, for those of you, I’m sure that Ruediger was there and probably Geoff. I missed the whole screaming match that I heard about later. So, I’m sorry about that. But the talks will be covered in, I think it’s SIDR ops.

So, here’s some topics that we talked about at the part of IEPG that I went to. And I’m just going to skim through these. Let’s see.

So, this is basically they’re looking at – I think it was Igor that wrote the draft that talked about how you could melt down a denial of service attack melting down a network by just doing a scan to see how many hosts are on a /48, and then your queues fill up and you roll over and it’s all bad.

So, they’re looking at how – different approaches to prevent that from happening. And one of the really common ones is just have a prefix per host, and then there’s only one thing on that network. And it’s not a network where you’re looking around to see how many different things are out there.

So, let’s see. There was a prefix hijack that recently happened in May where an AS announced a bunch of prefixes that happened to be Anycast prefixes for a certain ISP. And they were configured in such a way that you really couldn’t fat finger it. So it looks like this might have been a malicious attack and there was a whole presentation about it. I can’t remember who did it.

Let’s see. They’re looking a lot at what’s still not right for the key signing key rollover. And so, they found a whole bunch of stuff in GitHub that – some of it was real, some of it wasn’t real. I have another slide in another working group where they talked some more about different things they’re doing.

I think the rollover is supposed to happen – is this October now? So it’s supposed to happen soon here in October. So, we’ll see how that goes. Crazy.

October 11th. Wow, that’s like next week.

So, this Dmap is a crawler for the DNS and looks at what’s broken. And they did the slides at the bottom. They crawled the DNS and .NL and looked at what was broken. I think you can get it and do it yourself. So, you might want to check that out.

So global access to the Internet for all. For those of you who are wondering about community networks, this is where they’re all hidden. They’re all hidden in GAIA. Every talk in this working group is a community network. They do exist. I mean, we always have been wondering about that with the community networks policy. They do exist and they’re all in this group.

Yeah, that’s where they hide them. And 49 percent of the people in the world aren’t connected. So, community networks are the way that’s going to happen.

So TakNet-A is one of these networks. And I think the most entertaining things about his presentation is that he made an antennae out of a wok, you know, like a wok that you stir fry in. It was super cool. And he had a picture of it. That’s what grassroots community network stuff is all about – taking your wok and making an antenna. Super cool.

Let’s see. These guys arguing: Online training to help those remote networks. And there’s a six-week training course that you can do, and they also train trainers, so that’s something to look at. And I’ve talked about Quifi.net before. It’s another community network.

And then these guys, they’re building a community network that’s LTE, but they’re not using it for phone service. So, it’s basically LTE for data, but they’re using the users are using WhatsApp and Skype and things like that for the phone part of it. So they’re not really sure what to call themselves because they’re really not in telecom. They’re not providing phone service.

So anyway it’s another community network. They’re all hidden here, I tell ya. There’s a ton of them.

This is one of the working groups that really hurts my head. So, they’re trying to combine link state and distant vector routing protocols because link state protocols are too chatty and they’re a really dense datacenter, and they don’t want them to be so chatty.

So, they’re trying to do this, like, link state BGP thing that – I don’t know, I’m still having a hard time getting my head around it. But basically that’s the gist of it is that they’re trying to make the datacenter networks not so chatty but still get what they need.

So, and these are all more of that stuff. And then BGP, the eBGP neighbor discovery is another thing I’m still having a hard time getting my head wrapped around because if you’re eBGPing with somebody you need to have agreement and you need to know whose routes and who is paying and who is not paying, so maybe you discover the neighbor but you’re still going to have to configure a whole bunch of stuff and approve – but they’re working on eBGP neighbor discovery. Anyway, it hurts my head. I go there though because it’s interesting.

So, I have a really short DNS op presentation this time because a lot of the talks are repetitive. Like I saw that one and a different one and I already covered it. So when I was going through this last night I was thinking why is there only a couple slides, but it’s because it’s covered other places.

So, this was one of the drafts that was discussed. Yeah. And they’re all – a lot of the processes they’re working on trying to see what’s broken in the DNS and what isn’t broken.

So, the technical plenary, I guess there was only one DNS ops slide. The big news for the IETF. I’ve covered the IASA process before. Basically, the IETF has decided to form its own LLC that will be a legal entity within ISOC. Right now they’re just an activity of the Internet Society, but they’re going to form their own LLC because right now, since they’re an activity of the Internet Society, they can’t even sign their own contracts or make their own deals for hotels. It all has to go through ISOC.

So, there’s actually a nomination for people to sit on the Board of the new LLC that will be the governing body for the organization. So that’s something to follow.

The other big news is on Fridays, I guess there are no actual meetings at the IETF. There’s, like, this ad hoc, like, maybe you meet people and you have a meeting. So, I’m wondering if that means I just get to go home and my presentation is shorter. We’ll find out as it goes on.

So, the other technical plenary thing, there is this BoF, and the IAB didn’t follow their own process to form the BoF, but they had a BoF – and this is the slide about the BoF – about what to call an RFC, the different kinds of RFCs, whether an informational RFC should be called an RFC or whether it should be called something else.

And since the way they formed the BoF and the RFC editor wasn’t really included in that, got people really – I don’t know if you’ve been to an IETF – but people get very emotional about certain things. And this was one of the very emotional things. There were long lines at the microphone. There were the “you should have done this, you should have done that, you should have done this.”

So, they’ve agreed that the RFC editor should have a really huge say in what RFCs are called. And that was a big moment for all of us.

Anyway, I guess I’m trying not to make fun of it. But it was emotional.

There we go. v6 operations. So v6 operations is all about IPv6 and IPv4 coexisting and making sure that the processes and standards are there to allow that to happen.

So, with the newcomers thing the other night, somebody had mentioned that there are a lot of – that we should always consider the problems with dual stack networks. But it turns out that more and more networks are just v6 only. And there’s a long list of problems when you have a v6-only network, because a lot of the equipment is still expecting v4 for something. Or it’s waiting for v4 and it has to time out with v4 before it will do v6. Or it does everything in v6 but, boy, you better not update your software because you need v4 to do that.

So, there’s a long list of things that don’t work in a v6-only network. And so everybody is sort of trying to figure out, like, how do we solve these problems. And so they’re starting to just put together a list of all the things they’ve seen that are broken if you don’t have v4.

And this is just some world IPv6 trends, the percentage of v6 in various countries. I won’t go through all of it. They’re still working on the requirements for IPv6 routers and customer edge routers, and there’s RFC drafts that are working on those things.

This is how do you get a NAT64 address. And there’s a whole lot of work being done with multiple – in v6 you might want to have multiple addresses for your host because there’s tons of addresses. So maybe you’d want to have an address for each different service or a privacy address for some things and a different kind of address for other things.

And then if you have all these addresses, how do you know it’s the same host? So, there’s a whole lot of work being done just on all of that kind of multiple address gorp.

And then there’s this little bit of brokenness with DHCP, where DHCP doesn’t really know that you have a connection. And if you lose your connection, you have to wait until your lease expires to get your v6 back. So, there’s some work being done on that because it shouldn’t be – it should be connection-less, but it really truly is kind of broken for v6.

Let’s see. Okay. The measurement and analysis of protocols. So, I went to this because there was no v6 thing going on and it looked interesting. And this is where all the measurement stuff kind of starts in this research group. And then maybe it makes its way to the IETF proper.

There’s a lot of different sorts of measurement things that go on that are being talked about. This one was also talked about in IEPG. So, I won’t go over – but this is the mapping of the DNS.

So we’ve talked about Bufferbloat before where your buffers are too big and then everything gets stuck in there and it slows everything down or maybe your buffers are too small.

And these guys are starting to measure what can you find out about somebody or a network if they have Bufferbloat. Can you figure out where it is? Can you figure out how bad it is? Is it really a privacy concern that, armed only with ping you can learn a lot about somebody’s network if it’s got Bufferbloat? So there’s some work being done on that.

Let’s see. This is more monitoring of the DNS. And also packet – there’s a whole lot of issues right now with v6 and packet size and fragmentation and having the network know what your MTU is.

And so some of the – I’m sure that some of the reordering stuff has to do with that. Let’s see. And this is the same, what I was talking about before: How do you tell if it’s the same machine if it has multiple IP addresses?

Let’s see. And again more path MTU stuff. So maybe you use – there’s a whole bunch of mechanisms that are being proposed to fix this in v6 because the packets are so large, there’s either encapsulation or there’s extra headers. There’s all these different things that make the packets really big and you get fragmentation and fragments get dropped and maybe you want to be able to send a packet that says, my packet gets too big; if this gets truncated then change the MTU. So there’s a whole lot of work being done to try to figure out what the best thing to do there is.

Let’s see. So, you can buy botnet attacks. I thought that was super cool. I think maybe if I don’t like you I might try that, I don’t know. We’ll see.

So, this is more – there was a DDOS attack in the DNS. And if your TTLs are just the right length or long enough, then you can still serve stale and that helps mitigate the DDOS attack. So, there’s work being done to try to figure out, like, what the best way to go about it is and how to make it so that you’re still serving up DNS if you’re being attacked.

Let’s see. This is more about the key signing key rollover, and in this measurement they said that 8 percent of the devices out there are still screwed up. So we’ll see what happens on October 11th. Super excited. Maybe it will get postponed again.

These I’m not going to go into a lot of depth with. This was another group that I went to just because I was curious and I didn’t have a v6 thing.

So, let’s see. So this is a DNS over http. There’s some stuff going on with that and a lot of people use cloudflare for that. I’m not a super expert on that.

Let’s see. Okay, so, DPRIV is the DNS privacy exchange working group. And they’re starting to, with RIPE Atlas, they have DNS over TLS in the probes now. So there’s going to probably be a lot more research with Transport Layer Security in DNS, which will be really interesting.

A lot of work gets done because of the RIPE probes and the data they gather. I have one at my house. I think there’s two in Wyoming. Not that we have anything going on in Wyoming. So…

Yeah, again, this is multiple IP addresses. So, making sure that you can decouple the DNS query from the IP address to make it more private. So maybe you don’t really want somebody to know that you made that DNS query.

So, this is work being done to try to make it more private.

Okay. So Homenet, the group I like to make the most fun of. I’m always amazed at the fact that there’s things I think that surely they’re solved, and then there’s a new draft to solve the problem that I could have sworn, like, why would that have not been solved.

But right now there’s a lot of work being done with DNS and the Homenet and how do you use DNSSEC in the Homenet, and how do the keys get there, and do you need it? So, there’s a whole lot of work being done on that. And these two drafts are both interrelated. One is from the outside in and one is what your data is going to be visible from the inside out in your Homenet.

This one again is how you distribute DNSSEC keys to make DNSSEC work in a Homenet. Let’s see. Anyway, I don’t know. I just – it seems like – I don’t know, a Homenet – I just – I’m baffled sometimes about how complex your Homenet really needs to be. I guess that’s the thing I struggle with about some of this stuff. But there are huge lists of unresolved problems.

And then there’s a problem where if your IPv4 uplink goes down it takes a really long time before you switch to v6. And maybe you never do. Or maybe HNCP, the networking protocol in the home, has to unconfigure all your internal v4s so that v6 works.

So, there’s some bugs, like features going on there that just – I don’t know, I just marvel over it.

So, this is 6lo. 6lo is basically v6 over all the little, teeny tiny gizmos that have no memory and that barely power and that maybe they’re battery operated, just all that little stuff. And so – and for this community, I mean, they’re working a little bit to encode hardware addresses in the v6 addresses for these little devices. So that’s something that affects address space.

And then there’s problems with fragments in these little gizmos, too, because they have a teeny weeny bit of memory, and it has little resources. And you get this giant packet, and it doesn’t know what to do with it, doesn’t know what to do with the fragment. So, one of them is about, does it forward fragments and the other one is about how do I recover a fragment and make a real packet.

This was the fascinating part about it. They’re starting to do all this interoperability with all these 6lo implementations and all these little gismos and almost none of them interoperate, because nobody can implement all of it because they’re little tiny constrained devices and we’ve put tons of stuff in there, so almost none of them interoperate. And they’re working on ways to figure out how to make it so that they do because they’re little and they have no resources.

Okay. So v6ops is – are standards for v4, v6 coexisting. v6 maintenance is the group that deals with the v6 protocol and what changes need to be made to the protocol just in general not to interoperate with v4. It’s more work on the protocol itself.

And there’s header work always being done. And they’re generating addresses to make eavesdropping more difficult. Let’s see what else is going on.

Again, the Packet Too Big issue with the MTU. So, this is a proposal to solve it, where you send the packet-was-too-big message, and if it’s truncated in a certain way then the MTU, the devices change the MTU. So that’s happening in 6man.

This is a lifetime thing where you want the lifetime to not be less than two hours, but if you’re a point-to-point link and there’s only one thing that could be on the other end of the link, you don’t really need to have that. So, there’s a draft to make it so that you don’t have a long lifetime on a point-to-point link.

Yeah. So, this is a router advertisement extension draft that talks about service continuity and mobile hosts. Okay. So SIDR operations is where the two presentations that I missed in IEPG happened. And they were super polite and really pleasant. So, I think I missed the yelling and screaming part and I got the super pleasant part, which is really good.

So, in the RPKI they’re recommending you don’t use maxlength for the prefix that you put in your ROA. They’re saying you really should put the prefixes in your ROA that actually exist because maxlength leaves you open to a certain kind of forged origin hijack, where you have these prefixes that are in your ROA, and if you just smooshed them into maxlength there’s other prefixes in there that you’re not actually using.

So, they’re recommending that everything that’s in your ROA is something that you’re actually going to be advertising.

Oh, and then in this case, so say you have a PoP that you control, has a whole bunch of routers, and maybe they’re doing route reflecting or whatever, and maybe you don’t want all a hundred of them to validate the routes. Maybe you just want one of them to validate the route and then tell the other guys, oh, it’s okay. That’s what this draft is. It’s basically a way that you can save the overhead of having to validate routes on every single router in your PoP.

It’s really effective if you have a route reflector cluster because then you don’t have to do it on all of them and they’re all basically doing the same thing anyway.

And then this is more – say you have some prefixes and an autonomous system and you delegate, you tell your ISP that you’re going to be the one originating this ASN. This is the authorization that gives them the authority to advertise, to speak on behalf of your ASN.

Let’s see. And then – so there’s the provider authorization and then there’s the piece that the certificate that attaches the path, the prefixes to it.

Okay. So, there are a lot of people complaining about the RPKI. The last time I talked about how they had a little meltdown because there are five roots and there shouldn’t be five roots, and nobody told them there were going to be five roots and, I don’t know, even though everybody told them there were going to be.

So, here’s some of the current complaints that it’s not production quality. What happens when a normal user, normal user installs it and we tell them to tweak it but they’re just a regular user and they don’t really understand how to tweak it and maybe it should just work when you install it.

There’s a big complaint about the RIRs and how they don’t have 24-hour NOCs. So if something breaks there’s no one to call. But of course it’s all free, so how do you fund a 24-hour NOC when it’s a free service? Anyway, there’s a whole presentation about some long outages.

And at least there was a compromise that they made, the lifetime, the cert long enough so that it could survive a week-long outage. But, still, I guess there are outages longer than that.

And there are some folks here that were in the group. So, if you want to add something to any of this, let me know at the end.

So, this is basically the Trust Anchor role piece that I was talking about earlier that was missing and they’re working on some software that will just roll the Trust Anchor.

Okay. So, this is – the advanced networking research workshop used to happen the Saturday before IETF. And now it’s sort of intermingled with the IETF. So, there’s like a track that’s going on all the time.

And I tried to stick my head in whenever I could, because some of the talks are really interesting. So, it’s all kind of futuristic stuff like networks running themselves but still it’s pretty interesting work that’s going on and a lot of really enthusiastic people. The ones I went to this time were a lot about networks running themselves.

And then the Internet research task force open meeting. So, there were two or 10 or eight, I don’t know, people who got the advanced networking research prize for their papers. And two of them are presented at this meeting. And this one fascinated me.

So I’ve heard blockchain be likened to taking a chicken – hacking it – to be taking a Chicken McNugget and turning it back into a chicken.

(Laughter.)

And you can get your head around that. That’s probably impossible. But there are ways to hack the crypto currencies with BGP. So you can – there are two different attacks. There’s one where you can delay – so one part of the network doesn’t know that the other, that the coin’s been spent and it gets respent.

And then there’s a partitioning where one part of the network gets sucked over here and these guys don’t know about it. So, it’s a really interesting paper. The woman was quite a good presenter, not like me. So, it’s really a good read because you think it’s super secure, but there are ways to hack it.

And then this is my constant, like, I really don’t want my car to talk to your car. I don’t care. I don’t want it negotiating with your car.

But they’re working on inter-car communication and one car letting the other car know that the route over here might not be good and that sort of thing. And I don’t know how these two ended up right at the very end but I think I’m right at the very end.

Okay. So, this is where you find all this stuff. If you have any questions or you can’t find something, sometimes I do one of these and it’s too IETF, and people don’t know. So I’ve tried to be more specific so you can find the drafts. Usually if you just Google, like, whatever I said in the first bullet you’ll get the draft.

There’s a video on how to go to your first IETF. But if you’re going to your first IETF, definitely tell me because I’ll help you out.

And this is again from my bike trip in Oklahoma. It’s an old water park gone awry.

Anyway, any questions, comments, corrections?

John Curran: Microphones are open.

Owen DeLong: Owen DeLong, SAIL Internet. Going back to your comment about not wanting your car to talk to other cars, I’m going to make the argument that you do.

For many years now the reason that we haven’t had airliners having mid-air collisions is a thing called TCAS – Traffic Collision Avoidance System. It’s a little device required in every airliner that transmits its position and listens to other airliners transmitting their positions, and if they’re starting to approach each other in an unfriendly way, the two TCASes actually negotiate and provide a resolution advisory to the pilots and in some cases will actually activate the auto pilot and avoid the collision.

Cathy Aronson: Right. But that’s a little bit harder to hack than my car going down the road.

Owen DeLong: Actually not. It’s a pretty simple radio message in clear text.

Cathy Aronson: There you have it. I feel super safe now.

(Laughter.)

John Curran: Does anyone have a train schedule?

Cathy Aronson: Lee.

Lee Howard: Can I take the train back to Virginia? Thank you for reminding me about the drafts I have to write. And one of those drafts was about the things that are hard to do when you do a v6-only network. I wanted to solicit more information because I think that also the list that you had, I think, was mostly things that I said. And all of those I had fairly easy work around for, but I’m looking for other people who have done other things in v6-only and that I should also add to the operational advice.

Cathy Aronson: Right. Because it’s shocking. Like, you don’t even think about the fact that it might be still dependent on v4 for some stupid little thing that, like downloading software to your phone or whatever.

Lee Howard: Right, Windows updates, for instance. You can reach the server to find the updates, but you can’t actually download them.

Cathy Aronson: If you come across any of that, let me know because we’re really trying to enumerate them and then solve them.

Lee Howard: Thank you.

Cathy Aronson: Thank you.

John Curran: Any other questions? Thank you, Cathy.

(Applause.)

That concludes the first part of our morning program. We’ll take a quick break. There’s refreshments out there. Our break lasts until 11:00. So you have 24 minutes.

We look forward to seeing everyone back here promptly at 11 AM.

[Break]

Overcoming Legal Barriers to RPKI Adoption

John Curran: Okay, if people will come in and be seated, we’ll get started. Welcome back.

I’d like to do an introduction. We have a couple of guests here at the meeting this year. And the guests are Christopher Yoo and David Wishnick. They’re doing a study. I’d like to invite them up here– come on up, David and Christopher – to talk about their study, so you’re familiar with their faces and you can take a chance to seek them out.

Christopher Yoo: We’re delighted to be here. We wanted to make you aware of a project we’re doing. We’re working on a National Science Foundation grant, studying legal obstacles to RPKI adoption and to understand changes in the process that might facilitate broader distribution and solve the inevitable chicken-and-egg problem, which has plagued RPKI and adoption of many such technologies.

We’re doing both from combining a legal analysis and a technical analysis. We’ve been in active discussion with over three dozen members of the community and with active discussions with ARIN, which has been extremely productive and has already yielded concrete results of ways we can improve the system.

There are other areas we’re continuing to study. We are definitely interested in hearing from more members of the community who have perspectives about this, both in terms of your own experience. Also we have a number of questions that have emerged in our research where we could use specific help from the community both in your role but also contacting other members in your organization.

We will be here for the remainder of the ARIN meeting. This has been a subject, for those who don’t know, of some extended discussion at the preceding NANOG meetings through the course of two presentations we made.

We invite you and encourage you to come up. Anyone who is interested, in learning more or in sharing with us your perspective on this, we really invite you and encourage you to come speak with us so we can incorporate your viewpoints and your experiences into the work that we’re doing and eventually incorporate the NSF report which will be out by the end of the calendar year.

Thank you.

(Applause.)

John Curran: If you have a view on legal barriers to RPKI adoption, seek them out. They’ll be here today and tomorrow.

Recommended Draft Policy ARIN-2018-1: Allow Inter-regional ASN Transfers

John Curran: Okay. So welcome back. We’re going to start into our policy block. First policy up is Recommended Draft Policy 2018-1: Allow Inter-regional ASN Transfers. I will do the staff introduction. Then I’ll have the AC come up and present.

So, history. This policy started out as ARIN Policy Proposal 250. It became a Draft Policy on 31st of January 2018. It was presented at our last meeting, ARIN 41. It was recommended for adoption on the 23rd of April 2018. The AC shepherds are Alison Wood and Chris Tacit.

Staff understanding: It adds the ability for staff – the ability to transfer ASNs between RIRs that share reciprocal compatible needs-based policies, much as we have for IPv4.

It’s a very straightforward change to the inter-RIR transfer section. Easy to implement it. Once implemented, we’ll be able to approve ASN transfers both in and out of the ARIN region to other RIRs who share similar needs-based policies. At this date, by our assessment, that would include both APNIC and RIPE NCC.

In our previous discussion, we noted minimum work was necessary with the exception of RPKI. Today the RPKI TA now contains all AS numbers. That’s a change, making RPKI a nonissue with regard to inter-RIR transfers. However, inter-RIR transfers of AS numbers would greatly complicate any future implementation of a Global Trust Anchor if that were to occur.

During a previous assessment, transfers were not fully automated within the registry system and now they are. So transfers can be done by ARIN Online.

That automated process needs to be changed for inter-RIR transfers which will take one or two months.

Legal assessment: No material legal risk to the policy. Resource impact: Minimal impact. Implementation within three months upon approval by the Board of Trustees.

We need to update our documentation and internal procedures. We need to do staff training. We need between one and two months of engineering work.

So at this point I’ll turn it on to the ARIN Advisory Council to give you their presentation.

Alison.

Alison Wood: Thanks, John. Hello, everyone. My name is Alison Wood. I’m on the ARIN Advisory Council. And this is Draft Policy 2018-1.

For some of you, this is the second time you’ve seen this presentation. I presented it in Miami about six months ago.

There we go. So the problem statement for 2018-1 is to allow RIR transfers of ASNs between reciprocal RIRs. So today we can transfer IPv4 addresses but there isn’t a policy to transfer ASNs.

Alright. So the change in the current text would be: Right now 8.4 in the NRPM says inter-regional transfers may take place only via RIRs who agree to the transfer and share reciprocal, compatible, and needs-based policies. And we would change that to include IPv4 and ASNs.

Awesome. So I have some points for discussion. Mergers and acquisitions: 2-byte versus 4-byte ASNs; RPKI and ARIN implications that John touched on a moment ago; APNIC and RIPE NCC. The two RIRs that do allow ASN transfers, and the IANA ASN Registry issues.

Alright. So real world possibilities. Let’s say that you own a company. You transfer into the RIPE region. You can transfer your address space today. But you cannot transfer your ASN. So this policy would resolve that issue. Again, RIPE and APNIC do have reciprocal policies but ARIN does not.

So we have 2-byte and 4-byte ASNs. So 2-byte ASNs are valuable. And it would benefit network operators if they were able to transfer from one RIR to another.

RFC8092 was passed in February of 2017 that incorporates 4-byte ASNs into the larger BGP communities, but not all network equipment can handle 4-byte ASNs, making 2-byte ASNs and the transfer of 2-byte ASNs much more valuable.

So one of the questions that’s come up on the PPML is whether we want to just limit this policy to 2-byte ASNs or to incorporate 2-byte and 4-byte ASNs.

I would appreciate your feedback at the mics after this presentation regarding how you feel about 2-byte and 4-byte, or anything at all.

Alright. So ARIN implications: John touched on it a bit. This policy has come up twice in the past. And due to RPKI limitations it wasn’t able to be put through, just for the technical side of it. All of that’s been resolved.

So ARIN feels – ARIN staff feels this would be an easy implementation if passed.

Alright. So RPKI, same thing. In the past, the RPKI didn’t allow ASN transfers. It wasn’t incorporated into it. Now the code does allow for adding all AS numbers, which would allow for AS transfers among RIRs.

Okay. So APNIC and RIPE NCC do allow ASN transfers from other regions. However, I called their help desks about two weeks ago. Neither one of them have actually done a transfer to date. But they do have the policies in place.

Alright. So that may be something that comes up in the future. Their policies have been in for about a year.

So IANA. So this was kind of a hot topic in the last six months. So the RIRs and IANA are discussing how the top-level ASN registries should be updated. So 2-byte ASNs were just deployed and just sent out to whoever needed them. 4-byte ASNs are actually sent out in contiguous blocks.

So there wasn’t a tremendous amount of organization in the beginning with 2-byte ASNs, but there is, like I said, blocks that went out for the 4-byte ASNs.

And NRO EC is working with IANA to ensure a single ASN that is moved from one RIR to another shouldn’t have to be reflected in the IANA PTI, which helps a lot, which makes it technically possible to do this where it wasn’t before.

And I would appreciate questions on this. This may be the last time that this policy is presented to the community in a meeting. So I would love to get your feedback and hear how you feel about this policy.

Paul Andersen: Thank you. So if you want to discuss this policy, please approach a microphone either in the room or remote participant. If you’re a remote participant – we’ve had a change. Now it’s in the audience, you’ll come up to a mic.

Yes. Anybody who can hear the sound of my voice is open to participate in this process. So if you can – you don’t need to be a member, you just need to be present. So, please, if you have views even as to say I support or I’m against, that’s a great intervention. And we’ll start with remote participation on the front microphone.

Alicia Trotman: Jason Schiller, Google, ASO AC. I have sympathy for two cases: One, an ISP has downstream customers that cannot support big communities. As a result, their downstream customer with old gear cannot participate in BGP TE as they cannot encode their upstream ISPs 4-bit ASN into a big BGP community.

Second, the same 4-bit ASN used in transit provider may want to purchase transit or payer with a network that supports only 2-byte ASN and will not be able to BGP pair. I don’t know how big a problem these two are.

Paul Andersen: Thank you. Rear microphone.

Michael Peddemors: Michael Peddemors, LinuxMagic. I just wanted to ask the language about which RIRs that we would have these agreements. I fully support the concept of transferring ASNs.

But I would like to see a little bit of language to protect for the future in case another RIR didn’t have the same policies as far as transparency and point of contacts, et cetera.

If, for instance, another RIR said nobody had to present public point of contacts and of course ARIN says that you do have to, I’d like to make sure there’s some language to ensure that for the future, that the same policies would apply.

Paul Andersen: Thank you.

John, did you want to address that?

John Curran: No.

Paul Andersen: Comment received. Front microphone.

Doug Montgomery: Doug Montgomery, NIST. A comment not so much about the policy but the underlying systems.

You seem to say that APNIC had never actually exercised an AS transfer.

Alison Wood: That’s correct.

Doug Montgomery: Is it part of the process, when, in particular, when dealing with these transfer systems, to actually exercise the system, potentially take a test AS and transfer it around the world?

John Curran: Yes, we do lots of testing, and that’s the case.

Paul Andersen: Yes, all the staff RIRs have coordination groups that meet regularly through the year when such –

John Curran: But you can’t test a policy which only has one hand clapping. You needed another RIR to pass –

Doug Montgomery: I was talking about the underlying systems.

John Curran: Yes, we engage –

Doug Montgomery: You have transferred a test ASN to APNIC?

John Curran: We have test environments we coordinate with the other RIRs.

Paul Andersen: There is also the ERX transfers, that was one of our earlier experiences in transferring resources many, many years ago. There’s been a lot of experience in moving them.

John Curran: Sorry. With regard to the –

Paul Andersen: Are you talking the systems between the RIRs or just the internal systems?

Doug Montgomery: Between the RIRs.

John Curran: Yes, we test extensively our transfer processes. Right now they’re used with v4. We haven’t done a test with an AS transfer because we have had not policy that enables it.

Kevin Blumberg: Kevin Blumberg, The Wire. This is a Recommended Draft Policy. As such, I support the text as written and would like to see it move forward.

The whole 2-byte versus 4-byte, I think, was a great discussion for when it was in draft. It was a great discussion for earlier. I would have preferred it one way, but I am very happy with moving it forward the way it is.

My question was, back to the RPKI that John, one of the slides you brought up – or you mentioned that this is now a nonissue because of 0-0. In the current form, easy peazy, no problem. You mentioned, but when we go to global trust, if we go to global trust, whatever it may be, then it becomes a problem again.

Now, my question is solely – is it a problem for then things moving forward, or does it become a problem for the things that have been?

John Curran: So the challenge is that when you have a Global Trust Anchor and resources move between RIR, there will be additional coordination necessary to affect future changes. So just future.

And that will apply, by the way, even if we don’t pass this policy, IPv4 moves will require one more level of coordination in a Global Trust Anchor environment.

Kevin Blumberg: So passing this policy today means that we move the burden of work forward, that when that change is done, you’re going to have to deal with it; you’ll have to bring to the community, but it’s not going to impact anything today with this. So that’s fine. Thank you.

John Curran: This notes that the Global Trust Anchor will have a work base required to implement due to IPv4 inter-RIR transfers.

Now it will have a work base required to implement due to the presence of both IPv4 and ASN transfers. To enable either of those to occur once you do a Global Trust Anchor, you’ve got additional coordination and processes that will need to be done.

Paul Andersen: Thank you. Microphones are still open. This is going to be one of your last opportunities to potentially discuss this. If you have a view, please approach, because once I start seeing it diminishing we’ll start having a last call for microphones. Front microphone.

Chris Tacit: Chris Tacit, Tacit Law, Vancouver Internet Exchange and ARIN AC. I support this policy and would like to see it passed expeditiously.

With regard to the comment that was made about ensuring reciprocity of how information is entered in the database, in my view that’s a different issue.

It’s a broader issue because it relates to all transfers between or among RIRs. And so I don’t think we should hold this policy up for that, even if somebody would like to propose a different policy to deal with that issue on a stand-alone basis.

I also have some reservations about that sort of policy because I think it gets to one RIR trying to control how another one implements its own policies. And I have some reservations.

But in any case, I think it’s out of scope for this. Thank you.

Paul Andersen: Thank you for the feedback.

Rear microphone.

Mike Burns: Mike Burns, IPTrading. I authored this proposal because we’ve been contacted by people looking to transfer ASNs inter-regionally.

And I know the last time this came up at the ARIN meeting, none of those interregional ASN transfers had actually been processed.

And I still don’t know if any have. But we have one deal for an ASN going from RIPE to APNIC that is signed and should be completed within a couple of weeks.

We have another one behind that. So I don’t think this is going to be a big volume operation, but the need exists.

Paul Andersen: I assume you are then in support still.

Mike Burns: Still in support. Yes.

Paul Andersen: Rear microphone. Thank you, Cathy. I did not even know there was a microphone over there. I will now turn to the side microphone. Thank you.

Austin Murkland: Austin Murkland, QScend Technologies. I support the policy as written.

Paul Andersen: Thank you very much.

Back microphone.

Daniel Dent: Daniel Dent, QA2. Not currently taking a position on the policy but wanting to make sure that the conversation includes sufficient discussion around how RPKI and kill switches become a concern potentially. And I understand once we’re adding another layer of complexity here with interregion changes, that could actually become a more complicated conversation.

John Curran: Are you asking specifically with respect to RPKI as it’s implemented today or with respect to additional work this means if we have a single Trust Anchor with RPKI?

Daniel Dent: What direction does it put us in on the path we’re taking?

John Curran: So this doesn’t – it’s possible to support this with RPKI. Not a problem. RPKI single Trust Anchor has – we have to first have consensus among all the RIRs that that’s desirable and that needs to be discussed in every region.

And then there would need to be momentum for that. We have not yet historically had consensus from all the regions that a single Trust Anchor is a priority item.

Daniel Dent: Thank you.

Paul Andersen: Thank you. I appear to have run out of speakers. If you wish to speak on this topic, please start making a motion. Otherwise, this is last call and we’ll close the microphones. Last call for comments. If you’re remote, please start typing. Anyone remote? No.

Last call. Once. Twice. The microphones are closed. Let’s thank Alison for the presentation.

(Applause.)

So as mentioned, there’s different types of policies depending where they are in the development process. If you look in the guide, you can find the diagram that shows – and this one is in the very late stages.

So at this point we generally will ask a question or poll of those who are here in the room and remote whether they are in favor of supporting the policy – sorry, whether they’re in favor of advancing the policy as written or whether they are opposed to advancing the policy as written.

This information is then provided to the Advisory Council who will use it later this week and in their future meetings to decide how to proceed on that.

So, if you can hear the sound of my voice, you are able to raise your hand either in favor or against when I ask or participate remotely.

So let’s see if we can get a good first showing here on this one. Are my counters ready? I assume.

For all those who are in favor of advancing Recommended Draft Policy ARIN 2018-1 as presented, please raise your hand in the room nice and high. Keep it up. We have our expert counters counting your hand.

If you’re online, please indicate. Just another moment. Please keep it up. Only one hand, please. Straight up, if possible. No waving. Alright. You can lower. Alright. Thank you.

All those opposed to moving the policy forward, please raise your hand nice and high. Wait a moment while the results are tallied.

Hopefully all are looking forward to tonight’s excellent social here in Vancouver. If you have time, you’ll get out and about, if this is your first time in Vancouver, it’s a lovely city. I always love getting out here to Vancouver.

If you’re from the U.S. and coming, remember it’s Canadian Thanksgiving. If you’re here, it might be quiet. If you’re flying out Friday, it might be busy.

The envelope is on its way. On the question of ARIN 2018-1, Allow Inter-regional ASN Transfers: The number of people in person and remote: 131. In favor, 49. Against, two.

Thank you for the input. We’ll move on to the next item.

John Curran: Okay. We’ll move on to the next policy. We’re starting a little early, five minutes, but we’re already in a policy block. If someone is going to join because they want to talk just about this policy, they’ll be joining us five minutes in. I hope they don’t take offense. We’ll use those minutes.

I don’t let us start policy early in a nonpolicy block because there are people who participate remotely specifically to comment on the policies. But since we’re in one now, let’s make it happen.

Draft Policy ARIN-2018-2: Clarification to ISP Initial Allocation and Permit Renumbering

John Curran: This is Draft Policy ARIN-2018-2: Clarification to ISP Initial Allocation and Permit Renumbering. The shepherds are Kerrie Richards and Rob Seastrom. This is in draft state.

The problem statement as discussed in more detail – actually I’ll call them up at this point. There’s no staff introduction. So come on up. Is this going to be R.S. or Kerrie? Come on up. You can present your slides.

Kerrie Richards: Hello. Good morning. Kerrie Richards, ARIN AC. This Draft Policy was actually presented for the first time in Miami at ARIN 41. I hope I know how to use this thing. Yep.

Alright. As discussed in ARIN 2017-9 and noted in the Experience Report, the criteria to qualify for an initial block of address space in 4.2.2 and 8.5.4 are seemingly at odds with each other.

So as it sits in the NRPM, 2018-2 currently states – 4.2.2 appears to state that an initial allocation of up to a /21 could be granted without any more justification than needed to qualify for a /24. Therefore, 4.2.2 should be modified allowing for the initial allocation of only a /24 without any additional justification – my accent is coming through – and allowing an initial allocation of up to a /21 when justified by a 24-month allocation plan.

So this is the policy statement here. Those that have the policy, the manual and can take a quick look, so this is what we’re suggesting that replaced Section 4.2.2 with.

So there’s been a bit of progress since ARIN 41.

[Sneezing.]

God bless you. At ARIN 41, the community seemed to favor the approach contained in this policy as opposed to the policy, the ARIN 2017-9, which was subsequently abandoned.

As a newbie shepherd, I took note of that and the shepherds there – so I knew I was going to have to call upon David to do a bit of consultation here.

So there was initial discussion on PPML. We posted stuff, but there was no commentary. We worked with a small internal team to refine the language. We had brainstorming sessions respecting the process. We came up with a plan A which resulted in four comments. And at this point having four comments in the community, we want to have an idea should we progress or what’s the next step for this policy.

So that’s the presentation. But I’ll be looking out and paying special attention to the comments and the show of hands.

Paul Andersen: Okay. The microphones are now open on Draft Policy 2018-2. This is a little earlier in the cycle as opposed to the last one. So all input is appreciated to help the AC craft. What I generally like to suggest is what can also be useful even if you don’t agree with the policy statement, it’s always good if you can state if this is a problem you think the AC should be trying to solve.

Am I on the wrong policy? I’m not looking. Alright. Approach the microphones, please. The microphones are open. I see our first speaker. Looks like a newcomer.

(Laughter.)

Owen DeLong: Owen DeLong, SAIL Internet. Personally, I’d rather see us solve this in the other direction and liberalize Section 8 rather than restrict Section 4. There’s no free pool to allocate from. So the difference between a 24 and a 21 is kind of irrelevant there anyway.

It’s even less relevant in transfers at this point. And can’t we just stop rearranging the v4 deck chairs and move to v6, please?

Paul Andersen: Okay. Rear microphone.

Kevin Blumberg: Kevin Blumberg, The Wire. I don’t support this policy. 8.5 was meant to be different. And after the staff update earlier today regarding the waitlist and issues with the waitlist, automatically anything with Section 4 should probably not be done.

We don’t need to change this policy. Staff are using Section 4 like they have for many years for the free pool as limited as it is.

Section 8.5 was meant to be easy for transfers. If it’s something about Section 8, great. But we don’t need to be changing and making easier Section 4.

Paul Andersen: Front microphone.

Andrew Dul: Andrew Dul. I support Section 4. I feel we need to fix it in Section 4. The transfer policy as it is is working well and we need to harmonize with that. Section 4 things should be very rare.

Paul Andersen: Okay. Microphones are still open, but I’m rapidly once again running out of people.

We will be having a little bit of a poll after this one, which is optional, on draft policies for those that are new. But on this one we will be asking for a poll of general support of the problem.

Front microphone.

David Farmer: David Farmer, University of Minnesota, ARIN AC. I support this policy as written. I think it’s important to fix this. There was a mild consensus to go this direction at the previous meeting. And I support that.

The reason this needs to be fixed is not because of the inconsistencies for the people in this room, it’s the people that aren’t in this room that are confused by this inconsistency. And that’s why we need to fix it.

Paul Andersen: Would anybody else like to come up and speak on the policy text or the problem statement? Anyone remote?

Not everyone is quite in the gear, need a bit of controversy to get everyone excited. Microphones are closing. I’ll ask poll counters to get in position. Last chance for microphones. Once, twice, three times. Sold.

Microphones are now closed. We’ll thank Kerri for the presentation.

(Applause.)

So the question is different than last time. That is: Do you wish the AC to consider working on this? Should the AC continue to work on this? And again my suggestion is that you focus on the problem statement.

Is this a problem that you think that the AC should be trying to solve, and a little bit less on the text, if you have feedback on the text you can get the AC members in the hallway or after.

So I’ll first ask for those that are in favor and those that are against.

So those that are in favor of the AC continuing to work on the problem of 2018-2, please raise your hand nice and high. And remote participants, there’s some box right here on the side of the video that you can indicate.

I have to actually remote participate one of these days so I can actually see.

Alright. Please keep it up. Please keep it up. I saw that go down. And you too, Andrew.

Audience participation time. We eat heavily at the break. Then we have to do the workout. So thank you. You can lower your hands.

Okay. And just looking for an okay to go ahead. All those opposed to continue to work, nice and high. You can go higher than that Kevin. Just a second.

Thank you. You can lower. And just need yet another minute for the results to be tabulated. Just wait for remote participants. There can be sometimes a bit of a delay in the stream.

Reminder to fill out the meeting surveys. I should get a key of list of things that I can fill in on these times or John and I go back to our banter.

John Curran: We have time for the Internet Status Report.

Paul Andersen: Extra content, I know you’re all thrilled. Show of hands results: Should the council continue to work on Draft Policy 2018-2? 130 people in the room and remote. 37 in favor, two against. This will be provided immediately to the AC for their consideration, and I’ll turn it back over to John. Thank you.

Recommended Draft Policy ARIN-2018-3: Remove Reallocation Requirements for Residential Market Assignments

John Curran: Very good. Moving right ahead. We’re going to move to our third policy of the morning, Recommended Draft Policy ARIN-2018-3: Remove Reallocation Requirements for Residential Market Assignments.

This is a Recommended Draft Policy. I’ll do the staff introduction. This is a policy that originated in ARIN Policy Proposal 253. It became a Draft Policy in April of this year. It was recommended for adoption on the 24th of July 2018. It has not yet been presented at an ARIN meeting. But I know it’s a Recommended Draft Policy.

So like all Recommended Draft Policies, it could be recommended to the Board for adoption after this very meeting. This could be the one meeting you get to see this.

So worth paying attention to. AC shepherds Joe Provo and Amy Potter.

Staff and legal review: The policy will eliminate the need for ISPs that have residential subscribers and have assigned address space to their access infrastructure to register these assignments with ARIN. Section 4.2.3.7.3.1 Residential Market Area will be removed in entirety.

Negligible impact on the Registration Services team. Can be implemented as written. It does not create any material legal issue.

It would have minimal resource impact. Would occur within three months after ratification by updating the documents online and the staff training. There’s no engineering work involved in implementing this.

So I’ll now have Joe Provo come up and give the Advisory Council presentation.

Joe Provo: You got the introduction from Mr. Curran. It is relatively simple and straightforward in the fact that it is a long problem statement, however.

This falls into the bucket of some of the work we’ve been doing to clean up and trim out some things that don’t appear to apply anymore.

I’m not going to just completely regurgitate the long problem statement. You can read it. It actually takes two slides. But it was raised as a portion of the community getting some extra effort for negligible gain at this point with the v4 free pool exhausted.

And just give you a second for the remainder of the problem statement here. No new text is added. We are removing 4.2.3.7.31. We also are not regurgitating the whole text here. It’s within the Discussion Guide, page 53.

And slight history: We went to PPML in April. There was a modicum of positive support. And in July the AC took that positive support to advance it.

We did receive a critique to the overall concept, and there was no further public discussion. But I did directly reach out to the individual who provided that critique and they continued to oppose it with – there was no real recourse to adjust it. So just sharing that for full disclosure.

Any questions? Comments?

Hi, Cathy.

Cathy Aronson: Hi. Do I go ahead? Cathy Aronson. I’m the reason that this policy exists, because it was a deal with Jon Postel a hundred years ago so that cable providers could get more address space. And I’d love that it would go away. So I’m super in support of this because it really isn’t needed anymore.

Paul Andersen: Not just in support, you’re in super support?

Cathy Aronson: Super duper support.

Paul Andersen: Gets better.

Rear microphone please.

Michael Peddemors: Michael Peddemors, LinuxMagic. I’m opposed to this in the sense that a lot of this designation that was being done was very helpful for really demonstrating for a lot of other uses which parts of their IP space was actually delegated to residential because there are different threat vectors, et cetera, that are evidenced between, say, the corporate networks and the IP addresses that they’re using and assigning to residential customers versus, say, commercial customers.

So I think it has a lot of value still today. And also I’d like to have a little other point that when we talk about the word “residential,” I do think that it needs to be understood that some ISPs are actually now assigning space designated as residential in say /29s or /24s, in larger segments. So I do think there could use some tweaking on this but I do think it’s valuable policy to have in place.

Paul Andersen: Thank you. Over to the side microphone.

Kathleen Hunter: Kathleen Hunter, Comcast, ARIN AC candidate. I agree with this just because it says that we no longer have to do reallocations. It does not mean that I’m going to stop doing the reallocations. It’s helpful for me as someone that manages the IP space to know where my space is and for a lot of the community to know where that is, it helps sometimes with geolocation issues and things like that. So…

Paul Andersen: Thank you. Front microphone.

Owen DeLong: Owen DeLong, SAIL Internet, ARIN AC. The existing policy really has become an anachronism. And I don’t think we’re going to lose out on any useful reallocations by taking this remaining cruft out of the NRPM. I really think that’s kind of a red herring. So I support the policy and I think we should move it forward.

Paul Andersen: Thank you. Once again, if you wish to comment on this Recommended Draft Policy, this is maybe your last opportunity, please approach a mic quickly as I will be closing shortly.

Mike Joseph: Mike Joseph, Mode. Quick questions for staff. Initially the policy is presented as no-op, but my concern seems to be not the case. One of the things we were able to do in a residential ISP context was express an assignment to market as fully allocated, as long as that individual assignment met the utilization threshold.

It created a two-tier measurement for assignments and utilization. And this seems to do away with that. So if you took it to extreme under current policy prior to the implementation of this proposed policy an ISP’s allocation could be considered utilized at 40 percent, but this would seem to take that requirement to 50 percent.

Could staff please clarify if there’s something in the NRPM that I’m missing?

Paul Andersen: John, is that for you or the other John?

Can we take that under advisement? Did you have other questions?

Mike Joseph: I’d like an answer.

Paul Andersen: We’ll get an answer for you. We’ll get the answer for you.

Mike Joseph: The other question is related: Why hasn’t this policy been useful in the transfer context? One of the justifications for this proposal has been that transfers no longer require allocation to market. But why don’t they?

Paul Andersen: We have now two queued questions for staff. I know John or John in the back would like to address.

John Curran: Generally, when you look at the requirements for transfer, the criteria are so much more generous that they can meet it without using the particular policy referenced.

Paul Andersen: Does that answer question two?

Mike Joseph: I think so. But regarding question number one –

Paul Andersen: He’s working on it.

John Curran: I paused to answer number two.

Mike Joseph: To be clear then on number two, you’re suggesting that those ISPs seeking transfer approval are doing so without considering allocation to market at all and are justifying simply on individual customer utilization?

John Curran: What – their overall utilization meets the transfer requirements, we don’t look at distinguishing one way or the other.

Mike Joseph: Okay. Can they elect to distinguish it based upon assignment to market today?

John Curran: If they asked us to. But if they don’t – we process the application as you request it. If you come in and you say we meet this overall utilization, then that’s how we’ll process it.

If someone says I need this because of this particular aspect, then we will go look at that particular policy. Like if you say I meet this according to third-party Internet resell provisions, then we’ll look against that. Otherwise, we’ll use your overall utilization.

Paul Andersen: Could I ask you to wait at the microphone? Do you have a comment?

Cathy Aronson: I do. I’m helping John stall just because –

(Laughter.)

Just because the whole concept of this.

Paul Andersen: We thank you.

Cathy Aronson: The whole concept and market applying blocks to market was because the early CMTS gear was incredibly stupid. The minimum allocation you could give it was a /24. And you couldn’t give it a bit of line block of /24s and you couldn’t do a lot of things that you can do now.

And so you had to give a ridiculously big block to a neighborhood that maybe only had 10 houses. And so there was a whole lot – there’s a whole lot of ridiculous history because of ancient CMTS gear that made this happen. And it was our compromise that we could say, look, we have to give a /24 to a neighborhood that has ten houses because that’s the only block that we can configure.

So anyway do you have enough – have you had enough time?

John Curran: Yep.

(Laughter.)

Paul Andersen: We thank you for that, Cathy.

John Curran: Are you ready? No.

Mike Joseph: Could you elaborate?

(Laughter.)

John Curran: Yes, the rule will not affect the ability of such parties to transfer under the transfer policy. It’s not materially – the subset of 40 percent is a subset of anyone who would qualify from what I can tell. I need to do a math proof to be sure but I don’t believe anyone removing this does not reduce the ability of anyone to do a transfer who would be doing it under the existing 8.4 policy.

Mike Joseph: Thank you.

Paul Andersen: You’ve been up there so long my mind is lost. Are you in favor or opposed?

Mike Joseph: I don’t take a position at this time.

Paul Andersen: Thank you. Would anyone else like to speak on this Recommended Draft Policy? Please approach the mic. If I do not see someone moving shortly, we’ll go to a poll. I see my counters have taken cue.

Microphones closing once, twice, three times sold. We’ll thank Joe for the presentation and allow him to return.

(Applause.)

We’ll now have a poll we’ll try to hold as quickly as possible to go to lunch – we’re not going to be allowed to go to lunch early? I tried.

This is a Recommended Draft Policy. So we are asking for those that are willing to advance and those that are opposed to advancing, that will be the question.

So for those in the room, all those in favor of advancing ARIN-2018-3: Remove Reallocation Requirements for Residential Market Assign, please raise your hand nice and high. Keep them up.

I’ll ask remote participants to participate remotely at this time. One hand only. Double votes will be disqualified. Super support. Then you have to stand while –

You may lower. Now, all those opposed to advancing 2018-3, please raise your hand nice and high. Seeing at least one.

One moment, please. Alright. You may lower. Wait for the poll before we have one more riveting presentation on Internet number resource status. That’s a cue for that presenter since that person will be the one standing between you and lunch and not me.

I see the envelope coming down the aisle. Alright. On Recommended Draft Policy ARIN-2018-3: Remove Reallocation Requirements for Residential Market Assignment, we’re back up to 132, 51 in favor and one against, our biggest participation yet. Thank you for that. We will advance the policy for this block.

John Curran: Earlier today, when we started out, we moved right to the IETF Report, passing over the Internet Number Resource Status Report because we wanted to stay on schedule. We now have time. There’s nothing to do for the rest of the day except maybe lunch. So we’re going to bring John up to catch up by doing the Internet Resource Status Report. Come on up, John.

Internet Number Resource Status Report

John Sweeting: Alright. It’s still morning on the West Coast. So good morning again. This is the Internet Number Status Report for all the RIRs.

It’s in a new format. This will be the first time I’ll be giving this format. I believe APNIC used this format in their last meeting. And it’s what the RIRs are going to use going forward.

First slide here just shows the distribution of the 256 /8s from IANA and where they all sit today, as far as how they were distributed from IANA.

I don’t believe we update this at all when we do transfers and stuff. So this is like – this will never change. This is how they were issued out from IANA.

Saw the available IPv4 space at each of the RIRs, in terms of /8s as you can see ARIN says 0.0, which is true as far as current space. But I know people will keep saying how do you keep issuing space out to the waitlist then.

As John alluded to this morning, we get space returned, revoked. We have space that has been returned and revoked that we have a very elaborate procedure and process in place that we go through to make sure that it actually can be reissued.

So at times you will see usually once a quarter you will see some address space being given out to the waitlist because it takes – each quarter we go through the space that we can.

We get about five or six directors and employees in a room and we go through each one of those netblocks and make sure, hey, we’re doing this right; we’re not going to harm anybody. Nobody’s going to come back and say, hey, you gave my addresses away; I’m using those.

So it is very work-intensive. And that’s why it takes long. That’s why we do it once a quarter.

This is IPv4 space issued by the RIRs. Goes back 10 years. As you can see it’s gone down and down and down to where you can just barely see little bumps there for 2018.

So IPv4 transfers, this is exclusive of mergers and acquisitions. So it’s just your actual what we’d call market transfers, but it’s not called that everywhere. But that’s kind of what we refer to it as.

So inter-RIR, the inter-RIR IPv4 transfers, as you can see they have grown. The 2018 is a year-to-date. It’s not a projection of the whole year. So ARIN’s already surpassed. RIPE is getting up there.

I don’t think there’s anything there that you wouldn’t expect to see.

That was the number of transfers. This is the number of addresses. It’s just a little bit different and 2017, I believe RIPE had more transfers but it involved less address space. But again, nothing real big to point out there.

This one is the inter-RIR transfers. And as you can see it only involves three of the RIRs since the other two RIRs currently don’t have an inter-RIR transfer policy past.

This is the number of the transfers between the RIRs. But what’s more important or more – I think more telling is when you go to the number of IPv4 addresses transferred. So you can see from ARIN to APNIC there’s 16 and a half million, which actually today it’s a little over 18 million as of this was just up to the end of the second quarter.

And to RIPE 8.1 million. And as you can see coming the other way, it’s a lot less, 111,000 from APNIC and 290,000 – I think that’s a miss-type because I think it’s more like 29,000. I just noticed that. Sorry. But that actually is – because we have got less from RIPE than we have from APNIC.

Moving right on to IPv6. This is just the, again, the allocation from IANA down to the RIRs. You have the five /12s that each RIR has one of those and then there was another /12 originally that there was space given out to the different RIRs.

IPv6 allocations per year from each RIR. As you can see, RIPE leads the way with that. LACNIC is right behind. And ARIN has been pretty steady over the years. You can see we don’t get big any years and we don’t get – it’s been pretty steady.

It’s really weird because since I’ve been there two years we do about a hundred IPv6 requests a month. And it’s really steady. We do a hundred v4 requests a month and it’s been that study as you’ll see in my department report tomorrow.

Total allocated IPv6 space again the numbers are there. RIPE, APNIC, ARIN. LACNIC is down there but LACNIC has about I believe it’s north of 90 percent of their members and organizations have IPv6. Prefixes assigned per year. Again this is the last 10 years. Nothing real telling there. Nothing that you wouldn’t expect.

The total size of the IPv6 and /48s that each RIR has assigned. So as you can see the number of /48s in the LACNIC region is, assignments are a lot more than anywhere else.

Okay. So this slide here is the members. Owen, last year, maybe the year before, requested that we throw in members with IPv6 only to this slide. So we have done that. So as you can see in ARIN we have 48.2 percent of our members have IPv4 and IPv6 and another 9.6 have IPv6-only.

Again, I’ll state that that doesn’t mean they only have IPv6. That means they only have direct IPv6 from ARIN. They could have IPv4 from their upstreams.

But as far as direct assignment, direct allocation, those are the numbers.

AS numbers: I don’t know what to say about it. The numbers are there. You can see for yourself where they are.

ARIN continues to – we actually give out probably more of the 16-bit AS’s and it’s really because we had – we had a lot of legacy, we had a lot given out. We do give a lot back. Surprisingly, when people transfer off their IPv4 addresses and all they have left is AS number, they don’t bother to pay for it and it gets revoked. We had a lot of revocation of AS numbers every month.

And those get – they get cleaned up the same way as the IPs if they’re not being used we hold them for six months after they’ve been returned and then they go back into the pool the way our community has asked ARIN to process ASN requests is that we treat them all the same. They’re all in one pool and the lowest number that is in that pool and available at the time that an ASN number is approved, final approved, it’s paid and RSA, whatever else needs to be done, the next AS number in the pool automatically gets assigned to that customer’s request.

Again, AS number per each RIR each year. And as I said you can see that ARIN does give out quite a bit of the 16 – we’re about equal.

Trying to see what’s the – the shaded is – I can’t tell from the – 32-bit must be the shaded. Yes, because most of the other RIRs give out 32-bit. So the lines on there are the 32-bit and the solid is the 16-bit.

John Curran: Right. You see ARIN is still giving out some 16 and RIPE still giving out some 16.

John Sweeting: Most everybody has given out 32s. We’ll work on that slide. I think we need to get that to show up a little bit better.

John Curran: Yeah. And two oranges need to become orange and another color.

John Sweeting: Yes, it’s supposed to be red, John. But okay, got it.

Then there’s the total. This is easier to read but still to my eyes it’s hard.

Okay. There’s the references if you really want to go back and look at all these numbers. You can go to the NRO.net site and look them up. And if you have any questions about them, you can come to the mic now or you can see me afterwards.

Yes, Lee.

Lee Howard: Lee Howard. On the statistics about transfers, I got a little lost. Was that year-to-date or was that overall transfers?

John Sweeting: Let’s go back and see. The inter?

Lee Howard: Yes, inter.

John Sweeting: Total through all time, yes.

That one there? Yes, those are totals.

Owen DeLong.

Owen DeLong: Owen DeLong, SAIL Internet. Couple of comments. One on – actually on the v6 issuance slide. If we can get that one back up. There.

The first comment is that at least on these projectors, the contrast between APNIC and RIPE is quite minimal. And I would suggest changing the color of at least one of them to be more contrasting.

John Sweeting: Thank you. Yep.

Owen DeLong: Second comment: You said you’re doing about a hundred six – v6 – issues per month and how is that possible and we’re below.

John Sweeting: Didn’t say issuance. I said requests.

Owen DeLong: We don’t have anywhere near a one-to-one relationship between v6 requests and allocations?

John Sweeting: The requests are also for assignments.

Owen DeLong: Got it. And this is allocations only?

John Sweeting: Yes.

Owen DeLong: And we don’t have an assignment slide.

John Sweeting: Yes, we did.

Owen DeLong: I’m sorry. I missed it. Thank you.

John Sweeting: You’re welcome. Thank you for your input. Ingrid is writing notes. So she might have to be the next one to give this presentation.

Martin Levy: Martin Levy, Cloudflare. In regards to the recycled ASNs and something you said on that, as a company that is the recipient of one of these recycled ASNs, the cleanup process needs to also include a friendly note towards the RIR community, both your own RIR, of course which you deal with, but the others as well.

I went through a fairly prolonged process of cleaning up, which ultimately ended up in the RIR contacting the owner of the ASN to confirm that I was allowed to get something deleted because I was the new owner of the ASN I approved myself.

(Laughter.)

Yeah, think about that for a moment. But the point is in the world of RPKI and signed data, you would be doing a natural cleanup anyway. But the RIR, the legacy environment is one that I think you should add to this process or at least highly recommend I should say I’d highly recommend you should add to this process.

John Sweeting: Great input. We’ll do that. Today, one part of our process is we look to see if it’s actually being used on the Internet. We have tools to do that. But we do not go back and look at RIRs. We can do that, though. And it’s actually a great suggestion. Thank you very much, Mark.

Mike Joseph: Mike Joseph, Mode. Minor point of feedback. You do start with a slide showing all the top-level allocations of IPv4 space to RIRs. But as you show shortly thereafter, there’s been a significant movement of address space particularly out of the ARIN region, and it would be good to show a slide documenting how much address space is currently held in each region now.

If I missed it, I apologize. But I don’t think I saw that.

John Sweeting: And that first slide is actually, that shows what actually is on the IANA – and IANA does not update how they have issued out.

Mike Joseph: I’m asking you to.

John Sweeting: We’ll take that back.

John Curran: Since that first slide’s never going to change. And anyone can build it from going to the IANA. Maybe the first slide should show a pie chart with the current distribution.

Mike Joseph: Exactly. Thank you.

John Curran: That might be more useful.

John Sweeting: Got it.

John Curran: John has done so well and we have so much time that we should keep him up here and have him present more information about transfers.

Right there. Transfers, go.

We have a special more detailed presentation on – no, no. Update on Transfers in the ARIN region. Go.

Update on Transfers in the ARIN Region

John Sweeting: I’m hoping this is the same one that I gave at LACNIC last week. Okay. And it is. Alright.

I can probably do this one. So transfers are increasing. Anybody surprised by that? Anybody? Mike Burns, surprised with that? Not at all.

So as you can see – I want to point out the 2018 number is projected, but it’s projected to again be pretty significant growth over last year.

As the second bullet there need-based transfers are driving M&A transfers. That is true because a lot of people come in and they want to do a needs-based transfer and a three or a four they haven’t vetted and haven’t talked to ARIN in 20 years. And they’re not vetted. They don’t vet. They’re not registered any longer.

And we have to tell them, well, first we have to get this into an organization that vets and can actually transfer it. So that’s where the M&A comes in and we have to do an 8.2 with them and it comes into a long process.

So that’s kind of a tip for 8.3 transfers for people with especially legacy holders, if you’re planning to do a transfer, it’s very smart to get that 8.2 done and make sure you have your resources in an organization that vets so it won’t take as long.

Those 8.2s can take months to get all the proper documentation that is required, asset purchase agreements, bankruptcy papers. There’s lots and lots of documentation that is required to get those 8.2s approved.

And, again, there’s no signs of it slowing down, which is good news for some of you people out there. Right, Mike?

John Curran: If I could say one thing. The reason that an 8.2 transfer takes so long is because an 8.2 transfer is either a wonderful thing that we’re getting the documentation on or an attempted hijack of your address space that we’re sparing you from.

So it is a little bit of work, but it’s to prevent someone from coming in and saying they have rights to your resource and taking it.

So just appreciate the fact that we do a lot of diligence there because we don’t someone to lose their rights to their number resources through really creative social engineering.

John Sweeting: And my folks in RSD are getting very, very good at this.

Okay. Specified recipient volume. So this just shows that the increase in the number of transfers is not directly related to the number of IP addresses transferred.

As you saw on that previous one, there was more transfers – what the – okay. Hold on. I gotta remember what this is. Seems like it’s out of order.

There’s more transfers – there’s a larger number of transfers that’s going to be completed this year but there was more actual addresses transferred last year.

So it’s showing that some of the smaller players are getting into the transfer market. There’s more that’s going to come in this slide deck to show you that.

And there it is. As you can see, there’s a lot of – /16 is kind of like the bellwether there. But if you go to the left – your left – there’s a lot more number of transfers over there with the smaller blocks, but those larger blocks have a lot more IPs in them so they can skew the difference between the number of addresses and the actual number of transfers.

Okay. Inter-RIR transfer volume. Going out from ARIN 14.8 million or 14.8 million and into ARIN 500,000.

There’s about 30 times more space being transferred out of ARIN than into ARIN.

The expectation this is going to continue since ARIN has the majority of the legacy space. The breakdown, the prefix breakdown on inter-RIRs, as you can see there’s still more of the smaller ones. But 16 again is the sweet spot for the transfer and that’s because most of those are legacy blocks and most of them are your Class B networks from olden days.

98 percent of them are /16 or smaller, though.

Current ARIN inventory. The bulk of transfers are legacy space. Today we have 41. – the equivalent of 41.7 /8s of legacy space in our inventory.

And our ISPs, we have an equivalent of 44.7 and end users 13.3, reserved held, .35. About half of that legacy space is DOD space and it’s considered to be under contract.

So that leaves the equivalent of 20 /8s to ARIN, APNIC and RIPE through inter-RIR transfers.

Remember I gave this presentation last week to LACNIC and that was one of the points that we just wanted to point out to that community is that we have this large inventory of legacy addresses that are ripe – let me not use that word – that are available for the transfer market but they’re only available today to three of the RIRs and that’s ARIN, RIPE and APNIC.

There was a question asked at the end of the panel I was on last week that if the panel felt that the smaller number – I think LACNIC had 20 transfers in two years and the question was do you think the small number of transfers is due to no inter-RIR policy. And of course the simple answer is, yeah, you don’t have any unused space in a region; you’re not going to have a lot of people doing transfers because everybody’s using their space.

So, in summary, number of transfers are growing every year. The total volume is about 2.5 /8s a year. Lee’s queueing up even before I get to the last summary point. I like that.

ARIN is losing space overall due to the inter-RIR transfers, but we’re actually gaining in our nonlegacy space.

Was that slide in there? I don’t remember seeing that slide. We have a slide that actually shows that – we’ve lost about 7 million but – of legacy space but we’ve actually gained like 3 million of space that’s under contract.

John Curran: I don’t know where that slide is, but it’s in one of the decks I’ve reviewed for this meeting.

John Sweeting: Anyway, sorry about that. So the whole thing is we’re actually overall inventory we’re losing inventory through the inter-RIR transfers mostly. But under space under contract we’ve actually gained quite a bit. So the legacy space is slowly getting moved under contract and cleaned up and updated in the database.

ARIN has a lot of legacy space. That’s a brand new idea nobody ever knew. And today that space is available to ARIN, APNIC and RIPE through the inter-RIRs.

Lee.

Lee Howard: Lee Howard. Two questions: Can you go back one slide? When you say ARIN has a lot of legacy space, do you mean the ARIN region?

John Sweeting: Yes.

Lee Howard: That’s what I thought. Can you go back one more slide? On this one, when you say half the legacy space is U.S. DOD space considered to be under contract, do you simply mean locked up and not available for transfer, or do you mean it’s under contract like somebody has contracted to do something with it?

John Sweeting: I’m going to let John –

John Curran: That’s probably – it’s known to be held by a U.S. government entity. That doesn’t necessarily mean it’s not available; it just means we happen to know it’s within use with the U.S. government as opposed to a private enterprise.

Lee Howard: Thank you. That does help clarify it. One more thing, on this one. So 20 /8s are legacy address space that would theoretically be potentially available for transfer. Have you compared what volume of space among those 20 /8s has been transferred? I think we could sort of infer it from some previous slides but –

John Sweeting: This is what is left. This is what is remaining.

Andrew.

Andrew Dul: Andrew Dul, ARIN AC. I don’t really like the word “inventory” here. It implies that it’s available. And I believe that probably a lot of that is actively in use by various entities. Perhaps we find a better word.

John Curran: Administration is what – it’s what’s being administered in the ARIN region.

John Sweeting: Would ARIN region inventory –

Andrew Dul: It’s not inventory. Inventory implies that it’s available to be used, sitting on a shelf.

John Curran: So, John, the term “inventory,” certainly no one would expect their number resources to show up as ARIN inventory. Because it’s their number resource rights. Got it.

John Sweeting: It was done by our inventory manager. Thank you, Andrew.

Cathy.

Cathy Aronson: I didn’t know if there was anybody back there. Cathy Aronson. Maybe this isn’t the right time for this question, but how does all this in and out affect ARIN’s bottom line, like the revenue? Are you positive? Negative?

John Curran: Actually, we’re good there. It’s something we do track. One of the things that John noted, and I know we have in the presentation, I just think it’s coming up, is we actually have – there’s – what’s happening is because legacy number resources that aren’t under any contract are dropping, the total number of IPv4 resources that were not – /24s equivalent that were not under contract used to be 56 or 57 percent in the region.

It used to be 100 percent the day we were formed. But for the last 10 years it’s been in the 50s, the legacy – recently that’s been dropping radically. It’s now down to 42, 43 percent. All those resources have come under contract or transferred out.

So when you count what’s – as John said, what’s coming into the region under contract but not transferring, we’re actually ending up with net member adds and net more customers under resources.

John Sweeting: While it’s revenue generating, it might not generate more revenue because it depends on who it goes to and whether it takes them to another tier or not.

Owen.

Owen DeLong: Owen DeLong, SAIL Internet, ARIN AC. I think it’s very handily to assume that the half of the legacy resources that you don’t know for sure are in use are available for a purchase or whatever statement you’re making about that. That seems to imply available for transfer or purchase.

I would be willing to bet that the actual number is significantly less than that and that, for example, HP doesn’t plan on selling their addresses anytime soon and so that subtracts one from that /20 right there, if not two.

John Curran: It would probably be best to refer to the fact that we know a subset of it you can see in the register is assigned to the U.S. government and it’s probably somewhat less available. But even that doesn’t mean not available, necessarily.

Owen DeLong: True. But, more importantly, I think even less than the /20 are truly available.

John Curran: Go ahead. Final speaker.

Chris Woodfield: Chris Woodfield, Salesforce, ARIN AC. You mentioned the need to vet RSA applications for fraudulent activity.

I’m curious if you have anything to say about how common that is or have you noticed any trends in volume or sophistication of the attempts to hijack space that you catch? Either of which would be – I would expect would be a drain on ARIN’s staff resources.

John Sweeting: I’m not sure – you started out talking about RSA.

Chris Woodfield: You talked about the need to vet.

John Sweeting: Somebody coming in and –

Chris Woodfield: And claiming ownership of resources.

John Sweeting: And claiming ownership, yeah.

John Curran: So, to be clear, when the first time someone is going to take legacy resources and put them under agreement, there’s a vetting process, because we have no relationship with them.

So it’s not really – it’s not really activity with regard to number resources under contract; it’s people who have had no relation with ARIN coming in and saying this legacy resource, I need to prove myself to ARIN the first time to show I’m the rights holder.

With the increase in transfers is an increase in the need for people to get their resources properly vetted under an organization so that they can submit a transfer, which means there’s an increase in the number of people who are trying to do that for resources that they have no valid claim on.

Now, sometimes these people coming in actually truly believe they have a claim to the number resources.

If you were the sys admin of a company and you got it at /24 and it ran for two years and it went out of business and you’re still using the address in your home because you’ve decided to do that, you may think, well, I requested it; it’s my number block.

But quite frankly, that organization that went out of business with the creditor and bills, they actually have the right to it. So when you say fraudulent, we sometimes have people come in and say it was my name and it’s obviously my number. No, it’s the organization you applied on the behalf of.

In terms of actual fraud, people attempting to come in, I don’t know. That would be attempts to vet that fail. And what would that be, John? Many? Increasing?

John Sweeting: It’s not a large percentage but it is the largest percentage of our time.

John Curran: Right.

John Sweeting: If that makes sense.

The ones that are coming in, trying to get something through that’s not true, takes the most time for us to vet out and –

John Curran: Microphones are closed, but we have a remote participant. Go ahead.

Alicia Trotman: Comment from Anthony DelaCruz: Thank you, staff. This year I have worked many 8.2s and you’ve been very helpful, responsive and friendly.

John Curran: Thank you for that comment. On that wonderful comment, not staged, whoever you are, we will now break for lunch. Let’s have a round of applause.

(Applause.)

So lunch is right outside, I believe; is that correct? Alright. Around the corner. Take your valuables with you. The room is not locked. There is no security.

RSD Help Desk. We have an RSD Help Desk. Good time, if you have a question about a ticket or a resource, now is the time to do it. If you want to update your POC, other things, voting. If you have question about upcoming voting, we’ll talk about elections in the afternoon, stop by the Election Help Desk.

You can also go see the new ARIN Online interface, www.arin.net, desk for that. The meeting will resume at 1:30 promptly. Please return promptly. We’ll continue with the ARIN Election Overview and Candidate Speeches. Thank you.

[Break]

ARIN Elections Overview

John Curran: If folks will come in and get seated, we’ll get started.

Welcome, everyone, back. Remember, during the afternoon break go claim your ARIN t-shirt.

So tonight we have a social at the Waterview Events Space. Buses will leave at 6:45 and 7:00 PM; return service will start at Waterview coming back at 8:30. You need to wear your badge, or if you have – so you can put the social badge on a piece of clothes, one or the other.

Our afternoon agenda consists of election overview and candidate speeches for the ARIN elections. We have the Draft Policy 2018-4: Clarification on Temporary Sub-Assignments. We have an update on our Caribbean outreach. We have an update on Internet governance activities. And we have the ARIN Website Redesign Update.

At the head table, me. And so I will start right in and now do the election overview. I will have – Sean, are you coming up? Who is doing that?

Thank you, come on up, Wendy. Sorry. I was, like, it can’t be Sean. It’s got to be Wendy.

Wendy Leedy: Thanks, John. Good afternoon and thank you all for joining us. My name is Wendy Leedy. And I’m ARIN’s Member Engagement Coordinator.

Over the next several minutes I’m going to briefly walk you through how to vote in this year’s ARIN elections.

Before I begin I’ll take a moment to acknowledge ARIN’s members and thank each of you for your ongoing support and involvement with ARIN especially during election season.

I’d also like to thank our volunteers, especially those who served on this year’s nomination committee.

Now let’s talk about ARIN’s elections. Each October eligible general members in good standing have the opportunity to vote in ARIN elections.

Beginning today at 3:00 PM, so I guess a little over an hour, ARIN’s elections will open to all eligible ARIN member organizations designated voting contacts, who on behalf of their organization will cast an online ballot to elect representatives to ARIN’s Board of Trustees, Advisory Council and a representative to the NRO Number Council.

Now I’m going to highlight key voting details. To be eligible to participate in this year’s elections, an organization must be a general member in good standing.

This includes no outstanding invoices as of the voter eligibility deadline of August the 20th. An organization must also have designated a voting contact with an ARIN Online account by this date as well, too.

This year, 4,730 ARIN member organizations will have the opportunity to elect two members to ARIN’s Board of Trustees, five members to ARIN’s Advisory Council, and one representative to the NRO Number Council.

As I mentioned already, voting will open at 3:00 PM today and will remain open until 6:00 PM Eastern time next Friday, October the 12th.

Voting is conducted online. So you may cast your ballot within minutes from the comfort of your home or office using your computer or mobile device.

As you see, the steps necessary for casting your organization’s ballot in this year’s elections, they’re quick and easy. Momentarily I’ll walk you through what you should see when you log on to ARIN Online, and why voting is essential and it’s an extremely important responsibility that each of our ARIN member organizations have. It helps to guide the future of ARIN, your community and the Internet itself.

Before I walk you through the process, I want to quickly highlight ARIN’s election process and the timeframe in which we prepare to and for launching our elections.

This year’s nominations opened in July and were open from July 1st through the 31st. In August we had our voter eligibility deadline that was set at August the 20th. And on September the 3rd, the initial candidate slate was announced and the petition process opened. The petition process closed on September the 9th, and this year we had no petitioners. Therefore, the final slate of candidates was announced on September the 12th.

In September, statements of support also opened and will remain opened until the close of the election process which again will be next Friday, 6:00 PM Eastern, October 12th.

If you are interested, you may still submit a statement of support by visiting the ARIN elections headquarters home page, which brings us to October. It’s time to vote – almost. Voting will open at 3:00, so in a little over an hour.

With this slide we’re now going to review, or I’m going to review, and show you what it looks like when you go to vote.

To vote, you simply want to visit ARIN.net and from ARIN’s homepage you will see the login information for ARIN Online.

Once you’ve logged into ARIN Online, you want to click the “Vote Now” link that appears at the top of your dashboard. Then you’ll want to go ahead and click the “I Agree” to the Transparency Agreement that you’ll be taken to.

It’s really important to understand, if you choose not to accept the Transparency Agreement, you will be ineligible to vote in this year’s election. So in order to vote, which I hope those who are designated voting contacts will choose to, select the Transparency Agreement and “I Agree.”

Next you’ll be taken to the ballot where you can adjust your voter weight only if you are a designated voting contact for more than one member organization.

For most of you, you will only have a vote weight of one, so there’s no change or action you will need to take other than selecting your candidates and moving forward.

If for any reason, though, you are the voting contact for multiple organizations, then you will have the option to change your vote weight.

At the top of the ballot you will see a place where you can adjust the vote weight. For a vote weight option, for option one you can leave – if you have more than one, you can leave your vote weight at the number that it’s automatically set to, which represents the number of member organizations that you’re eligible to vote for.

Again, if it’s more than one, you can change that. If you wish for the ballots to remain the same for the multiple organizations you’re voting on behalf of, leave that number as is. If you wish to change some of the ballots that you’re submitting, change it to the correct vote-weight number at the top of the page and at that point select your candidates, go through the submission process. It will then take you back to the page that I’m going to show you next, the ballot, and you will go through the process again.

Every time you change the vote weight, you can change and reselect different candidates to cast that particular ballot.

So this is what the ballot’s going to look like for not only the Board of Trustees but for the ARIN Advisory Council and the NRO Number Council as well too.

Again, adjust at the top of the page to reduce your vote weight if you have more than a vote weight of one and wish to do so and change your ballots. There you want to make sure you select your candidates and then you want to submit, use the “Submit Vote” button to cast your ballot.

From here what we introduced last year and what we will continue to do currently is you will be prompted by another form on your screen that will ask you to reconfirm that this is the ballot that you do indeed wish to cast.

If you do, you want to select the “Confirm” button at the bottom of the page. If you have revisions – you noticed you accidentally didn’t select somebody or you selected the wrong person – please use the “Back to make a correction” button and it will take you back to your ballot. So you can make that correction.

Here, again, you’ll go through, you’ll select your candidates, use your “Submit Vote” button, adjust your weight. And, again, you will do this as many times as necessary based on your vote weight.

Remember, you do want to complete these steps. We have essentially three elections. So you will have one ballot for the Advisory Council, one ballot for the Board of Trustees and one for the number, the NRO Number Council.

Again, this is just a slide that shows you that the ballots look the same. The only thing that’s different are the candidate names.

At the very end, once you have submitted or you have selected the confirm button, you will be given a vote confirmation page that will be emailed to you. That will be for your records for you to be able to keep track of who it is that you selected in the elections that you participated in.

Essentially, in the end, the biggest things I want you to remember other than please going out and casting your ballot is review the ARIN Election 2018 Voter Guide.

For those who have been designated Voter Contacts you will have received a physical voter guide in the mail in the past week. If you are interested, if you didn’t receive one, if you would like to have a hard copy, I have some at the elections desk. Please stop by and see me.

I encourage you in addition to going through the voter guide and reading the responses to the questionnaires that each of the candidates completed and submitted, please take time to read the statements of support. That provides additional information from the community as well, too.

You again can make statements of support now up until the end of elections, which is going to be that 6:00 PM deadline Eastern time next Friday, October the 12th.

And then the biggest thing is voting does open after we hear from the candidates. So please, if you are the designated Voting Contact, get out and vote. If you know who that representative is back home, please make sure that you remind them to get out and cast a ballot.

We will be next week calling from our offices each voting contact on file as a friendly reminder to please get out and vote. Thank them for their involvement and support of ARIN. So if you’re that person or you know who that person is, please let them know that a call will be coming.

And then finally the reminder is polls close sharply at 6:00 PM. So again, voting only takes minutes. You can do it from the comfort of your office or home using your mobile device, your computer.

If you do have any issues or questions or concerns, you’re welcome to email us at members@arin.net. You may also submit an ARIN Online ticket. Just make sure that you select Meetings and Elections and we’ll get back to you as quick as we can.

With that, thank you all for your participation. We look forward to seeing you virtually at the polls. And, again, voting is a key responsibility. You helped to shape the future of ARIN, your community and the Internet and we look forward to your participation.

With that, I’m going to turn – if anyone has any questions, I guess I could ask. No? With that I’ll turn it over to John he’s going to introduce this year’s candidates. Thank you for your time.

ARIN Elections Candidate Speeches

John Curran: Thank you, Wendy.

(Applause.)

Okay. We have candidates running for our offices. The first set of offices is the ARIN Advisory Council. And I’m going to ask each candidate to come up and say some remarks. And you’ll get to learn a little more about them. This is good because you’ll get to see them in the hallways. You’ll see them tonight, have an opportunity to hear about them, reach out, talk to them later.

So for the ARIN Advisory Council, first up I’d like to have Kerrie Ann Richards come up.

Kerrie Richards: Good afternoon, everyone. Sorry for taking so long to get to the microphone. I did not fly from the Caribbean. Good afternoon. My name is Kerrie Richards and I’m currently sitting on the Advisory Council with a term that ends on December 31st this year.

And I’m here to encourage you to vote for me. Let me start by saying thank you for the opportunity to serve on the Advisory Council for the last ten months.

Being on the inside – so in the Caribbean we see lots of things happening in the world and we hear people say, yes, it’s an inclusive process; yes, you have a voice. And it’s true with ARIN. Being on the inside, I’ve been able to see the level of respect that there is for the process, the level of respect that there is for community consultation.

The Caribbean is a part of that community and as such I feel honored to be the Caribbean voice on the AC, along with Alicia.

And I think that us coming to the AC and being on the Advisory Council, not only because we’re from the Caribbean, but I think we’ve been also able to bring interesting perspectives.

So when the AC hears that there’s a hurricane in the Caribbean, it’s not just news that affects us. Connectivity issues. But getting back to the Policy Development Process, it’s rare to see or it’s rare for a Caribbean person to be on the inside and to be able to affect that process.

The respect that I have for that process, I was given a chance to illustrate that respect when I took on the process that Rob and I have been shepherding and I introduced this morning.

So I just want to stop and just say thank you again for the opportunity. It’s been a great learning opportunity. And I don’t think my work is done. And it’s been an honor to serve. And I’ll continue to serve if you vote me in. Thank you.

(Applause.)

John Curran: Next up for the ARIN Advisory Council, Brad Gorman.

Brad Gorman: Hello, everyone. Again, my name is Brad Gorman, and I’m a candidate for the ARIN AC. Behind me you’ll see a slide that shows highlights about the places I’ve worked, the responsibilities I’ve had, the different segments of the Internet customers I’ve served.

But what they all share in common is my experience in serving the community – community. Serving the community should be the goal of anyone who is on the AC.

As a member, you listen to ideas. You facilitate discussions. You present proposals. And you make recommendations.

All of this work and effort is on behalf of the community. And that’s you. For years I’ve been a consumer of the work that members of the AC has done for me. It’s not easy. It’s not always well-received. At times, it’s thankless. But it’s all done for the betterment of the community.

I’ve always said a person who wants to be the President of the United States is crazy. And you know what, they’re right.

(Laughter.)

It’s hard work. It’s tiresome. And you have zero percent chance of making everyone happy. Some might say the same about a person who wants to be on the Advisory Council. And it might be true. But I believe now is my time to be that crazy person.

So I’d like your support and your vote to choose me, Brad Gorman, to become a member of the ARIN Advisory Council. Thank you.

(Applause.)

John Curran: Next up for the ARIN Advisory Council, Rob Seastrom.

Rob Seastrom: Thank you, John. I’m going to see if I can be lucky today with an iPad and technology not burning me.

Good afternoon. My name is Rob Seastrom. And I’m standing for re-election to the ARIN Advisory Council. My day job is at ByteGrid, which is a company that specializes in HIPAA and pharma-compliant hosting, where I am chief architect.

I’m part of the team that DNSSEC signs the root, and I run a tiny friends and family colo company. In the last quarter century I’ve worked for large ISPs, small ISPs, TLD operators, large CDN, and a big cable company.

My background makes me sensitive to the needs of the whole spectrum, number resource users, large, small, and nontraditional. I’ve stood up here in the past and spoken about the need to have policies that address IPv4 runout in a way that is fair and equitable.

IPv4 run-out is firmly in the rearview mirror. And with years of experience in the post-run-out world, we’ve made good progress at paring down legacy policies in the NRPM. Yet, our work is not done.

We continue to relax requirements and make our processes work more smoothly without neglecting our stewardship responsibilities or creating opportunities for fraud.

I’d like to thank my colleagues on the AC and on the Board of Directors – or Trustees, rather, pardon me – for countless hours of work, to enact good policy. But most of all I want to thank you, the community, for bringing policy proposals and ideas and suggestions forward whenever you see the need.

In closing, I ask you to vote for me as a candidate for the ARIN Advisory Council. Thank you.

(Applause.)

John Curran: Next up for the ARIN Advisory Council, Amy Potter.

Amy Potter: Hi, I’m Amy Potter, I’ve been serving on the Advisory Council for three years now, and I’m here to ask you to vote me in for another three.

I think that I bring a really unique skill set to this group. Unlike most of the rest of the people involved in this, I come from a legal background, which has been very helpful in crafting policy over this past term.

I also spent several years building an IP address brokerage. It’s given me a really unique insight into some of the issues that we’re addressing when we’re working on transfer policy, and also trying to address issues of fraud through the Policy Development Process.

It’s also put me in touch with a number of different types of organizations that might not be present in this room and might not participate on PPML but are affected by the policies we work on.

I think one of the more important things we do on the AC is we try to make sure all the organizations that are going to be impacted by the policies we work on are able to have a voice in the Policy Development Process.

And that’s something that I’d really like to continue doing for another three years. So I would appreciate your vote. Thank you.

(Applause.)

John Curran: Next up, candidate for the ARIN Advisory Council, Kathleen Hunter.

Kathleen Hunter: Good afternoon. For those that don’t know me, my name is Kathleen Hunter. I’ve been a network engineer and number resource strategist at Comcast for the last 16 years and have gained useful experience that I find would make me a benefit to the Advisory Council.

Our team of two manages voice, video, and data for both commercial and residential customers. I’ve dealt with billing, applications both in and out of the ARIN region, transfers – small ones – IPv6 resources and IPv6 recycling.

I’ve also spent a lot of my time working with teams from various technological backgrounds as well as business backgrounds.

Obviously, both ends of the spectrum have their own goals and we always find a way to make the best practices and processes work for everyone.

More importantly, I’ve been a member of the ARIN community for the last 14 years by attending and participating in discussions and meetings, open mic, PPML, and a variety of other discussions elsewhere.

What ARIN and my day job have both taught me is big or small, no matter where you come from, your voice and opinions should be heard when policy is discussed.

I’d like to ask for your vote today as someone that believes and has voted for the community as a whole. Lastly, I’d like to thank the nomination committee and the people that nominated me for the opportunity to run for the Advisory Council.

There’s an excellent slate of candidates this year and I’m proud to be a part of that. I ask you for your vote and thank you.

(Applause.)

John Curran: And our final candidate for the ARIN Advisory Council, Alicia Trotman.

Alicia Trotman: Good afternoon, everyone. My name is Alicia Trotman, and I’m up for re-election for the ARIN Advisory Council.

Last time that I was part of this process, I had a beautiful presentation and a view of Barbados from some drone footage that I put at the end of it. And I don’t know if that helped my candidacy last time, but ARIN 43 is in Barbados next year so maybe I did have something to do with that.

(Laughter.)

But the first thing I want to say is thank you to the ARIN Board of Trustees as well as the Advisory Council members who have made me feel very welcome here. It was very nerve-racking coming here from the Caribbean, being one of the first to do it.

I wasn’t sure how I was going to fit in with everything, but it was a beautiful process. So I want to say thank you for that.

This here, we’ve seen this before. What I want to talk about is not my career up to this point but the last ten months, my work with ARIN.

It was a pleasure to contribute with ARIN in the Caribbean. Standing there before IT professionals, government officials, as well as service providers, and being able to tell them that ARIN truly is an open and fair process, it came across very differently because I was actually a part of the process.

It wasn’t like Narnia to them. It’s like, I know this already. So I think it was an impact before them because they actually know some person who is a part of the process.

I took great pride also in going back to my university in the West Indies, Capo campus, and talking to the Computer Society as well as the undergraduates in IT and telling them about ARIN and how it fits into the whole Internet ecosystem.

I think it’s a glitch in the system where you have young professionals coming out of university who can subnet the hell out of a block of IP addresses but have no idea where the IP addresses come from.

So I think it’s important to educate young people on Internet governance. And they see in me who sat in the same classroom as them being a part of the process also convinced them this is actually real.

I’d like to also tell you about how I introduced one of our IPv6 evangelists in the Caribbean to ARIN staff where they were able to do a case study on the work that they’re doing. And I was a shepherd, secondary shepherd at first. And now I’m a primary shepherd of my own policy this time around. And it has truly been a remarkable process for me.

So I ask you again, it’s been an honor to serve and I would like the chance to serve for another three years, well for three years this time, on the Advisory Council. Thank you.

(Applause.)

John Curran: Now we’ll move on to candidates for the ARIN Board of Trustees. And the first candidate is Anna Valsami.

Anna Valsami: I sat on purpose in the back of the room so I could create more momentum.

(Laughter.)

And also since I’m kicking off the speeches for the Board of Trustees, I think it’s only fair to have Tigger stand here. Just a second; I need my speech. I hope you hear me well. I caught a cold.

So, hello, everyone. First I would like to say how honored I am to be here in a room full of such talented individuals, many of whom I have looked up to for years.

I am fortunate to have the opportunity to actively participate, contribute and give back to the community that shaped me into the professional that I am today.

I have been with Telstra for 10 years. I architect networks for customers with global presence, complex infrastructure and diverse IP addressing and routing requirements.

My involvement with the RIRs goes back a long way. Back in 1997, that’s when I started my career as a network engineer for a big ISP in Greece.

For 10 years I was the sole LIR administrator, and I had daily interaction with the RIPE NCC, the RIPE database and other members in the region.

I personally invited the NCC to come to Greece for the first time and I helped organize RIPE 43. I think some of you in the audience can confirm that RIPE 43 was a meeting to remember – or maybe forget, I don’t know.

In addition to that, at Telstra, a global company headquartered in the Asia-Pacific, I get the chance to work with customers across all regions. Three years ago I moved to San Francisco from the U.K., and since then my role is to design international networks for our North American customers.

So since then I have had the opportunity to appreciate and experience ARIN and its community.

While living in the U.K., I founded two nonprofit social groups. By the time I left for the U.S., they had reached 1500 active members.

Bringing together such a diverse and large membership base has been an experience and a deep dive in leadership, in people management, in governance.

It helped me understand soft power, consensus building, skills that I would bring to the ARIN Board. Other things that I would bring are internationalism; experience on managing global multistakeholder networks; knowledge and understanding of the policies and the operation of multiple RIRs; the commitment to facilitate further the collaboration between ARIN, the rest of the registries and the operator community; and above all a positive attitude and a fresh perspective.

I hope that this brief summary has given you an idea of who I am, my background and my skills. I hope you take all this into consideration when you’re ready to cast your votes. By all means, feel free to contact me here or on LinkedIn if you need to get in touch and learn more.

Thank you for your time. I appreciate your trust in me. And I ask for your vote. Thank you.

(Applause.)

John Curran: Next candidate for the ARIN Board of Trustees, Peter Harrison.

Peter Harrison: Thank you. Governance. Governance requires trust. For ARIN, this is important as we have many stakeholders. They include content, cloud, ISP, IPV, colocation providers. I’ve seen them all, on teams launching Netflix streaming, launching Google Fiber.

In the Caribbean, I’ve worked from Barbados to Bermuda. I networked Jamaican tax collection and promoted Latin American trade for Trinidad and Tobago. By creating the Palisadoes Foundation, I encouraged new global engineers. Our university student fellowships expand the institution of engineering in Jamaica. There are many ARIN parallels, this range of perspectives is valued and trusted.

I returned to ARIN through my data center start-up. Our clients have supercomputing needs. We’re in competitive Silicon Valley. We want to grow.

My business, our customers, cannot grow without IPv6 interconnection. The relevance of ARIN is stark. For some, it is life or death. For others, the risk is stagnation. This concerns us all – you, your companies, your customers, and the communities you serve.

Communities where IPv6 is a mystery but the jobs it creates are not; where regulation threatens Internet speed, not technology; where cyber crime is daily news; where the underserved consumer is forgotten. As the world changes, we are becoming more than a steward of resources. ARIN increasingly represents members who face these issues.

Software collaborations with unfamiliar stakeholders are now the norm, where the primary focus is often the outcome, not the technology as we already see in the ARIN region.

In these rapidly changing times, our non-policy community decision-making will become as important as that for policy. This is where I can make a difference. I will make a tangible contribution to how ARIN responds to these changing circumstances for our members and the wider Internet community.

In closing, our community is effective, supportive, and vibrant. I appreciate the Wikipedia searches our discussions encourage. As a Trustee, I will apply endurance, flexibility, and technique to understand the unfamiliar and participate as I should.

My nonprofit Board experience is rich. The learning curve invigorates me as it has so many times before. The ARIN Board of Trustees is a steady hand. Governance must be strong and trusted. For these values to endure, vote for me. I truly look forward to working with the ARIN community. Thank you.

(Applause.)

John Curran: Next candidate, Cathy Chen-Rennie.

Cathy Chen-Rennie: Is this on? It is. I decided that since I’m so short, I wasn’t going to stand behind the podium.

It’s after lunch, so I’ll show you how quirky I am. I want to spend 20 seconds of my three to four minutes and ask everybody to stand up and maybe stretch. It’s a nice after-lunch thing.

So have a seat if you feel like it. Basically I’m yet another one of these people who seems to be a little bit of an outsider coming in.

So I wanted to give a little bit of reasons – a few reasons to vote for me for the Board of Trustees.

First of all, I do have a rich and long history within tech and within networking. My first role, first job right out of college was actually at Ford Motor Company where they have 19 /8s. And I got to do some interesting stuff even though we had a single Internet connection, we still had a whole bunch of IP addresses.

I moved on from there to ANS, one of the original NSF backbone companies. And I like to say that my Internet claim to fame was that I got to turn up the first T1 for Motley Fool.

I moved on to Global Center, Frontier Global Center, Global Crossing. I did a variety of things including some network architect handed me four routers. He said, “Here you go. Set up these four routers.” Okay. I try to log in. The traditional logins didn’t work. Guess what? They were Juniper routers.

The serial number was under a thousand on all four of those routers, and I had to figure it out and go get those four boxes turned up for the first time. It was always an adventure, especially at Global Crossing.

Finally, I went to a couple of other companies. Actually had lunch with some New Edge Networks people that I worked with a while ago, and then went to Google. At Google, I was the first woman on the team. I was the first program manager on the team and about five months later, I was the network engineering manager at Google, for about a year and a half.

And you’ll see if you look through my LinkedIn history that I like to change jobs quite a bit. So after about two years at Google doing networking, I actually moved into software engineering and did some other things.

And so now I wonder if you don’t actually need all those technical skills on the Board because the community is involved in all of that. And so the community provides the vision and provides a lot of the technology. And so on the Board you need some of my other skills. I actually have a degree in organizational psychology.

I facilitate classes of which there are some classes there. And I do a lot of other things in meetings to be able to do what I call process consultation.

So when things are happening in a meeting and they need to be pointed out, that’s the role that I take up. So if there’s conflict in the room and we need to stop and talk about the conflict, I’m the person who would bring that up and how do we actually do that and talk about the process of our conversation instead of what we’re talking about, so that we can actually make good decisions and actually have those conversations.

Finally, I have experience on nonprofit boards. And I think there’s two types of people who run for boards. There’s people who were the visionaries and the people who get stuff done.

And I’d like to say that I am a get-stuff-done kind of person. And I enjoy seeing the process of ARIN, because I’m new to ARIN, that there is a lot of visionary process going on and that hearing our community, taking that in and figuring out what to do with it. So I hope you will vote for me for the Board of Trustees. Thanks.

(Applause.)

John Curran: Final candidate of the ARIN Board of Trustees, Paul Andersen.

Paul Andersen: Thank you, John. Good afternoon. So I am Paul Andersen. As a way of background, I’m a CEO of a service provider based in Toronto, and I’ve been actively involved in the service-provider community the past three decades. My bio is available on the slide and in the meeting election guide. I’d encourage you to read that.

It’s been my privilege to be deeply involved in ARIN for many years. Today I’m serving as your Board chair, and I humbly ask you to return me for a three-year term as a trustee.

I’m very proud of the progress and accomplishments that we’ve made together. As chair and previously treasurer, I’ve worked hard to ensure a strong financial position for the organization while ensuring we achieve our goals and objectives.

That includes creating and maintaining a modest but sufficient financial reserve and a steady but not excessive stream of revenue. We as a Board made the difficult but intentional decision to reduce financial reserves for a short period to run a deficit but to strengthen our technical development teams.

We’ve now adjusted that plan that gives the organizational financial stability while still being able to meet community objectives.

As a Board member and leader, I will continue to look for ways to modernize ARIN while maintaining a fee structure and will continue to look for ways to maintain the lowest overall fees while meeting our responsibilities to the community.

Since ARIN is a membership-based organization, I am deeply committed to transparency wherever possible for ARIN generally and the Board activities in particular.

I think we make great progress with increased transparency and information to the operations of the Board. We’ve increased the Board’s minutes and are now publishing as much of the briefing documents as we can.

And the community can now see in many cases what we see to understand the process and what went into our decision-making.

We also took very seriously the feedback we got from you, the community, on greater skills, background and gender diversity. And we’ve worked hard as a Board to bring change to the Board and the Advisory Council. And just recently we added for the first time in the organization’s history a Board member and also to AC members from the Caribbean sector.

Over the past several years I’ve encouraged ARIN staff to increase ways in which they can get the feedback on operations. Most importantly, we’ve ensured that there’s sufficient resources to respond and implement the feedback that we get from you and the community in a timely manner.

Perhaps one of the best examples is the mention I made earlier of the significant increase in engineering resources to help clear that backlog of feedback and ensure new requests can see timely action and we received overall – overwhelmingly positive feedback from the community.

We’ve also stressed the need for operational excellence in registration services with transfers being the primary way v4 addresses are now obtained. Under the Board’s leadership, staff have worked with all stakeholders to make sure the process is efficient and as quick as possible.

ARIN has become busier in many ways that are different than in the past. Making sure transfers are properly and fairly addressed occupies a tremendous amount of staff resources. The organization needs to remain nimble while dealing with its new reality of having to do more with less.

We always need to, of course, walk a fine line between financial responsibility and forging ahead to provide new services and development projects. We need to continue with our intent to provide best-in-breed customer services. Our customer service numbers show that while ARIN is not perfect by any means, we have greatly improved over the past three years in the area of customer service and our surveys show that.

As a Board member I will insist this positive trend continue. We will look for new and innovative ways to deliver services that you the community want. It’s crucial that we stay flexible and relevant.

We also have challenges ahead in our modest but very important roles in engaging stakeholders such as the sovereign governments in our region and the operator community as it relates to both security and privacy.

ARIN will need to engage to ensure that ARIN is able to continue to grow while working to harden the underlining infrastructure. I believe that also, in the next three years, we as the community will need to better reflect on how our community interacts. We’ll need to assess if the structure we have for policy should be adjusted to reflect that the policy as a whole has become more simplified.

I’m very proud of the work I’ve done for this organization, and I don’t take your support for granted. And I ask again for your trust.

As we chart the ARIN course ahead, I will be listening to you, the community. To be clear, I strongly believe in bringing new people, new voices and new perspectives to the community. I see many of you who I encouraged to join and I’m also grateful your participation.

But it is very important that this Board has a clear vision for the road ahead and to be nimble and to respond to the many challenges we expect to see in its way. I’m committed to the organization and excited about the role I can continue to play in helping shape the organization.

If given the privilege to serve, I will continue to work hard, listen, build capacity and be a strong voice for the values we all share as part of the multi-stakeholder process. Like all my Board colleagues and community leaders, we’re all volunteers. I’m happy to volunteer this time.

I thank you all for your patience and trust both in the past and future. I’m asking for and I hope I can count on your support. And thank you very much.

(Applause.)

John Curran: Moving on to the elections for the NRO Number Council, we have two candidates. I’ll have the first candidate up, Mike Arbrouet.

Michael Arbrouet: Hi. My name is Brett Kavanaugh, and I’m running for the United States Supreme Court – that’s just a joke to calm my nerves.

(Laughter.)

My name is Michael Arbrouet. I am running for ARIN and our number council position. A little bit about me: I’m a family man, a multi-lingual, small-business owner, the Cyber Security Conference cofounder for the Caribbean region. And a certified informations systems security professional working as an applications systems security analyst for a security firm in Florida.

I spent the past decade in the security industry problem solving and helping other companies become more profitable.

Currently, I’m a system applications security analyst at a large cyber security firm, like I just said, that has allowed me to contribute in unique ways so to have the opportunity to draft a global disclosure vulnerability policy, as well as substantial work in the corporate effort to become compliant with GDPR standards and to fully document the compliance.

I also have a depth of experience with connecting and creating opportunities for those in the global community which include cofounding the sub security conference that focuses on serving the less fortunate in the Caribbean region.

I’m looking forward – these experiences will allow me to be a great asset for ARIN by drafting and developing policies that will lead to better lives for those in the ARIN region.

My name is Michael Arbrouet, and I would appreciate your vote. Thank you.

(Applause.)

John Curran: And our second candidate for the NRO Number Council, Louie Lee.

Louie Lee: Hi everyone. My name is Louie and this is Louie’s hat. I’ve been a member of the Number Council for many years. And I thank you all for the years of trust you have placed in me to carry out the duties of facilitating the Global Policy Development Process, appointing individuals to the ICANN Board, advise the ICANN Board on matters on IPs and ASNs, and now, reporting on the services that IANA provides to ARIN and other RIRs.

On your behalf, I wake up early for our monthly 4:00 AM conference calls. On your behalf, I travel to cities around the world to spend a week in a hotel conference room engaging with government officials, lawyers, and law enforcement to teach them about all the policy work that the numbers community is doing.

So you should vote for me if you trust me to continue doing these things for you. I found myself on the Council this past year that my decade-long experience is still very valuable when the committee working to appoint the ICANN board members stalled and I was asked to not only provide guidance, but to jump in and lead.

My personal stance on individual issues is of little relevance because my role is to be your voice on the global stage. So I hope you see fit to let me serve you for another three years.

(Applause.)

John Curran: Okay. That concludes our candidate speeches. And remember, the elections will open shortly. And you should vote for the people that you believe will do the best job.

We have a little bit of time. Our break isn’t until 3:00. So I’m going to actually pull something, two things from the schedule tomorrow and bring them up now. I’d like to have Nate Davis come up, and Nate will give us the ARIN Software Development Update.

Software Development Update

Nate Davis: Alright. Good afternoon, everybody. This is the Software Development Update. It’s an update that I give typically at every ARIN meeting. And the reason for that is we use a fair number of resources at ARIN to do software development. It’s a large part of our budget. Therefore, we like to report on the activities that the software development team has undertaken both previously as well as what we foresee them doing in the next six months or so.

So, that being said, some of the items I’m going to cover are the strategic guidance, how we prioritize work within the software engineering team, projects that we’ve completed since the last ARIN meeting when I reported, and then projects that are forthcoming that we’re working on between now and the next ARIN meeting.

So the strategic guidance. As you see we have strategic guidance from the Board. It’s actually enshrined in the strategic plan that’s available out on ARIN’s website. If you haven’t taken a look, I strongly encourage you all to take a look at what that plan is, because that lays out exactly what the organization’s going to be doing over the next two years.

For this specific presentation, some of the things I want to highlight is that in the strategic plan initiatives that I have behind me, it actually shows that community input is really key to the strategic objectives that ARIN pursues from a software development standpoint.

That’s essential. And the Board wants us to continue to listen to the community, hear what they have to say and prioritize based on that. And so it’s an important goal that we strive to, try to hit as far as our deliverables on a regular basis.

We have several, like any organization, we have a number of factors that actually influence our priorities of things that we work on. They could be regulatory issues. It could be the policies the community here has put forth for the Board to ratify. It could be specific trustee initiatives that the Board wants us to pursue. It could also be items such as ACSP, user feedback and so forth. So, there’s a number of things that we work on.

The ACSPs, we mentioned that this morning, there was some discussion about the process, being able to capture those items that are outside the Policy Development Process. Those will typically come in through ACSPs, and they have visibility to you and the community because you can see those within the ARIN website.

But there’s a fair amount of feedback that we get either directly to our customer service teams, whether it be RSD, or FSD or CMSD, that comes through direct interaction with the customers, but it also comes through our feedback button. Everywhere on ARIN’s website you have the ability to provide us feedback directly. And we get a fair amount of feedback from the community.

So, while the ACSPs are visible, we also consider things that we get indirectly outside the ACSP process. And all of that is sort of evaluated and myself and the other product managers meet at least once a week and we go through what those priorities are and then on a once-a-month basis we establish what the priorities are that the engineering team’s going to work on.

And I guess the message I want to leave with the community here is that the community is largely influential on what we work on.

And we do strive hard to try to meet those needs, given the resources that we have.

So, the projects that we’ve completed since the last ARIN meeting – or shouldn’t say projects, the ACSPs we’ve completed, and I want to focus on those for the intent of today’s presentation – we did some updates regarding the mailing list to support DMARC, which was a suggestion that was submitted.

And we also added details to annual invoices. I don’t know if you recall or not, but when your invoice went out, sometimes it was very brief and the actual summary line items on what you were being charged for. So, we’ve given direction to those receiving the invoice, specifically where they can get the detailed information, whether it’s ASNs, IPv6 or IPv4 address blocks for which the services they’re being charged for.

We’ve made an enhancement to the daily ASN Delegation File. Previously we had reported ranges as one-line item. We’ve now broken that out so that those are reported individually in that report.

And then lastly, and it was mentioned by Sean yesterday during one of the tutorials, that we had a suggestion come in about using GitHub to be able to manage the versions and compare the versions of the Number Resource Policy Manual. And that’s been implemented as well.

Some of the other items that, in addition to ACSPs, we have a number of things that we’ve worked on in the past six months. A lot of technical debt. I’ve said this before and I’ll say it again is that ARIN is still working a fair amount of technical debt. We have systems that we need to retire and replace. We have technology we need to advance.

Such things as that include a recent update to Postgres to 10.4. We also are better equipping our website. If you haven’t had a chance to, please, please, please go out and meet our user experience folks who are collecting feedback on our website.

Jan and Jesse would love to have you stop by and preview our website and take a look at that and give us feedback on how that’s looking. We’re planning to launch that early in the year, and we’d like to have as much feedback as we can on that.

We’ve also continued to make Whois performance improvements. And, let’s see, internally we also focus on those things to improve our customer services that we’re delivering to you.

So, for example, some of these enhancements and system tools that we’re providing may not be visible to you, but we may provide tools to FSD or CMSD or, in particular, RSD, so that we may be better able to serve you, the customer, when you call on the phone or you submit any type of request tickets.

For next year: Between now and the next ARIN meeting, we’re going to be launching the new ARIN website. We’re also going to complete work on staff-initiated tickets. This is an example of the staff-initiated tickets, something that kind of percolated inside, and that is inside within ARIN. It’s the capability for us to be able to open tickets on your behalf. And that’s with your approval of course, but that would help us service the customer because sometimes tickets get closed before customers are able to respond to them. And rather than recreating that entire ticket we’d be able to help with actually creating that ticket. And there are other situations where it would be very useful for us to be able to provide the capability to create those tickets.

We’re going to begin long-awaited Internet Routing Registry enhancements within ARIN Online. There are really three segments to the IRR project and first one is actually complete the enhancements within ARIN Online. That’s going to begin work at the new year.

And then quickly following that, excuse me, quickly following the launch of the new website, we’re also going to make improvements to the – continue to make improvements to the ARIN website for some of the features that folks have submitted through ACSPs or – such as web chat and other enhancements that we’re planning to make there.

That’s really all I have. I welcome any questions.

Back mic.

Kevin Blumberg: Kevin Blumberg, the Toronto Internet Exchange. If you could go to page 7 for a minute. The word “begin,” Nate, under Internet Routing Registry. IRR, validated IRR, which only ARIN can do, is an absolute priority within the IXP community and has exacerbated massively this year. It’s become incredibly important this year.

Every month that goes by becomes a bigger problem. I’m a little disappointed unfortunately to see the word “begin,” as in it hasn’t started.

The only thing I can suggest is while as a consumer of ARIN’s services, I enjoy that the website is being worked on. The IRR, in any way you can get it bootstrapped, is an absolute priority for my organization and I’m sure many organizations in this room.

Not knowing also what the IRR is going to be, i.e., will legacy space be allowed to be in the IRR? What will and won’t be done in the IRR is going to be detrimental. We need to know in advance.

While you can go off and do your thing, but we need to see a roadmap of the features so if there’s something that’s missing or we need we can at least feed that back to version 2 today. And if there’s something that’s missing that we can work around, we at least then can program it on our side as well.

To that effect, the origin AS has been extremely helpful in our ability to do some of that filtering that this should be an absolute top priority. And unfortunately, the consultation process took so long that we’re now at a point where it’s reached a critical phase.

Nate Davis: Okay, thank you, Kevin. Let me clarify, if I could, with you, which is I heard two things from you. One, to the extent we can advance the IRR work, that would be preferred by the community, correct?

Kevin Blumberg: Sorry?

Nate Davis: And the second one is that if we can provide a roadmap of what that solution looks like for community input that would be ideal. Is that what I heard?

Kevin Blumberg: A roadmap is important because at this point I don’t know is this done – I don’t know what features are going to be there, and I don’t know if it’s going to be done in 2021 or 2022.

And if we’re talking ‘21 or ‘22, then the people at the mic and the amping up of vocal voices in regards to this, it’s going to be very different than if you come back and say end of 2019 it will be done.

So, a roadmap and timeline and a roadmap of features, for the first version we expect to be able to do this, things like that.

Nate Davis: Thank you, that’s good input. Thank you for that. Any other questions?

(No response.)

Alright. Thank you very much.

(Applause.)

John Curran: We are a tad early. And I went out there and checked on the cookies and they’re a tad – they’re on time, but we’re early so they’re not there.

So we should spend a little more time – there’s actually a presentation I wanted Mark to give because there’s some technical work going on to keep our services available. So, Mark, if you’re here – where are you, Mark? Come on up. I’d like to have Mark talk about defending our directory services from extremely high query rates.

Directory Service Defense (DSD)

Mark Kosters: So before I begin, ARIN has a lot of services it offers to the community. So as DNS, DNS is fairly easy. You ask a query to get a response. It’s basically a hash. So it’s very, very computationally easy to, given the query, find a response. So therefore it’s fairly easy. It’s fairly easy to service.

Whois, on the other hand, is a much different beast, or directory services I’ll talk about in a little bit, because you can ask a question and a lot of times we don’t have any idea what you’re really asking for. So, we have to do a lot of queries to figure it out and come back with hits.

So, it’s a much more different, complex animal we have to deal with. And frankly in the world there’s not a lot of people who do this type of thing.

We also have web services. Everybody wants to go to ARIN’s site. Everyone wants to go to ARIN Online. We make that available.

Provisioning, making sure that is highly available. Whether you go through email templates or you go through Reg-RWS, which is our RESTful API.

We have IRR. You have RPKI. You have FTP. All these things are highly robust services that we put out and they’re redundant as well. And much like almost every place, in terms of what they do, in terms of having good Internet presence.

But what I really want to talk about is the directory services component, which is Whois, Whois-RWS, RDAP and soon RPSL when we put out IRR services. And our goal here is to actually make this available to you.

So, if you have a question you want Whois to answer or RDAP or Whois-RWS that you get a response within a timely manner. And of course you need to abide by the Whois terms of service that is out there as well. Who here is actually willing to admit that they do not abide by the Whois Terms of Service? Okay.

Okay. So, we know that there’s a lot of automation that’s in the mix because we see it. There’s no way that humanly possible that you can type those questions as fast as we see the things coming across the Internet.

Maybe Rob here. He’s volunteering. Okay. We’re on. We’ll see what goes on here.

But in automation, a lot of times the rates are so high that we actually have to do something. So we’re going to introduce the concept called tarpitting. So the abuses continue, it’s continued for a number of meetings. I’ve talked about this at ARIN 40, 41, and now 42.

And every time we have some sort of abuse that occurs, we have to have basically a response team and it involves operations. It involves the developers, because maybe there’s something wrong with the code. And a lot of times it involves even me. I notify Nate who notifies John. So, it’s just a – it’s a pretty invasive set of things that occur.

And of course this interrupts sleep, depending on the time, interrupts work and sometimes it interrupts both, especially if it’s a long-term event. And of course this doesn’t scale. So, you have a small team at ARIN and you have this abuse that occurs and it occurs from all over the world, and how are you going to deal with this?

So anyways the terms of use that we have out there, talks about what you do with the data but doesn’t talk about acceptable query rates. And we have nothing about that.

So here you have a normal day, right? You can see that we had a little bit of traffic going up. And it’s about double our normal or triple our normal usage. You can see that traffic here is pretty normal.

And you can see that there’s basically 2,000 queries per second that come across the network. And actually, that’s on one particular site. So that turns out to be about 6,000 queries per second that’s going across our entire constellation.

So I used to work at Verisign, and we had a Whois system there as well. Those numbers we’re not seeing at Verisign back in the day when I was there. And that’s what we’re seeing at ARIN today.

But you can see here that here’s our error reporting. This is fairly normal. And actually there’s nothing to be alarmed about with these numbers.

The blue is basically closest, or no answers, or the client closed the connection early before they got the response. So there’s really nothing here.

Now, here’s the abuse. Now, I said that, hey, on a normal day you see about 2,000 queries per second at – per site on an aggregate basis and we have three sites.

Now you can see that we’re up to 6 million. Have I got that right? You can say, wow, that’s pretty amazing. You can see we had quite a bit of spikes about this.

So, let’s go see what happened to the performance on the servers themselves. See all those green lines up there? Those are rejections because their load was so high. So, you were actually trying to do a query, but basically, we were trying to ingest all those queries that we actually had to throw people out of the system to actually get back to regular normal operating system procedures.

So anyways you can see here that this is something – and of course we were all trying to figure out who was the offender and actually deal with it, right?

So, this is something that as a public service that we have to take care of. But you can see here it’s kind of an issue. So, we want to solve this. And we want to solve this in an automated way.

Before I begin I want to describe the infrastructure we have within our directory services.

You all see Whois. But it involves more than Whois. It involves RDAP, Whois-RWS, which is a RESTful interface, we have to do it. And soon, RPSL. And you can see here that we’ve got all these different ways of getting data from the user side, which comes from our FI, which is our load balancer.

And if it’s Whois, this is a text query, it goes to basically a protocol translator that changes to the Java and XML to our engine here, which actually goes and says, okay, I need to ask these questions to our database here that’s on each local node that we have and come back with the answer which is then aggregated within the Protocol Analyzer sent out across via text to the client.

Or if you’re using RDAP or RWS or our user interface, you go through Apache interface and you go through the same protocol engine and you deal with the same database.

And what’s interesting here, this Postgres instance, that is our main provisioning database. When you go ahead and put in your reassignments or get an allocation from ARIN, that’s all sorted in our Postgres instance.

We have this replicator, which actually, in near real time, actually takes that information, propagates it to various Whois, our directory services site, so you see the updates in near real time.

So, anyways, here’s our traffic trends. You can see we have about 112 million requests per day on a normal basis. 90 percent of that is Whois on Port 43. And almost 7 percent is Whois-RWS, which is a nice interface. RDAP, which is an IETF standard that we have that – actually Andy Newton in the back actually is the father of RDAP, and I want to acknowledge him as such.

And then we have about 1 percent actually going through our user interface. And for our node, in each node there’s six nodes per sites and we had three sites, each node sees 63 queries per second normally and seven queries per second on the various other server requests. So, it gives you sort of a breakout what’s normal for us.

But we have these surges. It’s usually three times our normal traffic which we can adjust pretty easily. And obviously there’s spots involved.

And I’ll get into this on the next page. Most of these requests we’ve actually tuned the system so 90 percent of those queries are answered from cache. It doesn’t go to the back and it doesn’t go to the database. We actually answer and it goes back to the client and so on.

We’ve actually built up a lot of good, effective caching, but when we do see things that are abnormal, like people asking us who owns example.com, I mean, does ARIN have that information? No it doesn’t. So why are they asking us? I don’t know.

So, when those queries come through, our database connections sort of max out and the CPU usage rises because we’re trying to figure out what are you asking for. That’s not an IP address. Is example.com someone’s name or is that an organization? I’m not exactly sure.

So, this comes out of cookbooks that people have out there. And I talked about this at ARIN 40, that people are actually – people have actually said here’s how you get all the information out of ARIN’s database. Go ahead and go to AWS, get a VM from someone else, I don’t care where. And here’s some tools that you can use to query us and pull things down.

I’m sorry, I pulled up AWS as an example. But that’s one that they used. So, what have we done so far? We’ve improved – done improvements to our systems. And we spent a lot of time on this. And the big thing that we need to deal with – and, for example, example.com, we got rid of. So, if you come and ask us for example.com, we’ll say, oh, that’s a domain name. We don’t have an answer for you and come back with an answer right away.

And we also have gone on to talk about tarpitting. We’ve installed tarpitting, which Mike Crossin back there – why don’t you wave your hand, Mike? Why don’t you wave it a little bit more for those who didn’t turn around quick enough?

If you have any questions about this at the end of the presentation, he’s the guy you want to talk to. So anyways let’s go talk about tarpitting some.

What we wanted to do is we wanted to be able find an automated way to stop this abuse. What we didn’t want to do is put an effective rate limit on what you want to do. But what we wanted to do is be able to defend our systems so that when some sort of real amazing abuse actually comes through, or high query rates, rather, that we can actually sustain service.

And so what we do is if that limit is exceeded we put you on a queue. And that queue is looked at every two seconds. And if you’re still sustaining that rate, we keep it on the queue a little bit longer.

If you go underneath that rate then your question is then answered, just a little bit later. If you continue to sustain that rate, we’ll actually send a reset for that particular query that was put in this penalty box.

Therefore, we have a way to actually, in an automated fashion, be able to start slowing down what y’all are doing – not y’all, whoever those people are.

Here’s a diagram, how you see this. We do have a white list. If you have a legitimate need for high rates, we actually have a way of actually putting you, say – look, you can go through this and not be tarpitted. That’s the main thing about this diagram. Again, if you have any questions, go talk to Mike.

Here’s an example. Say you have 100 queries per second. You’re coming at, hitting us at 100 queries per second. But you decide, hey, I want to do 105 queries per second. What happens to those queries?

They got put in this penalty box. And if you go underneath that sustained rate, say, you start going, ahh, okay, I’m going a little bit too fast. I go down to 99. Then one of those queries out of that five that was put in that penalty box will be answered on subsequent seconds, so that the queue will actually go down. But if you sustain that rate or go above that rate those particular queries will be dropped on the floor.

I wanted to give you a little bit of an update of what we’re doing. We’re also looking at the elasticity of this system. Right now we have only so many boxes we have to do. We’re looking at – but to do so, we have to make some architectural changes. So it wouldn’t be too expensive on ARIN putting these things in the cloud and so on and so forth.

So we’re looking at this. We’ve spent quite a bit of time on it. And it’s something that we want to serve to the community, but we also want you to be aware that we’re seeing some pretty high rates, and this is what we’re doing to actually solve the problem.

So, with that, are there any questions?

Daniel Dent: I actually find this quite upsetting as a community member. This is data that is really potentially useful for people.

Sorry, Daniel Dent, QA2. Hi. Thanks. And so what I’m hearing is that actors that are willing to go to a lot of effort to bypass your policies, those are the people that have the data. And everybody else in the community doesn’t.

So why isn’t it just being made available as a bulk download so that you don’t have this problem?

Mark Kosters: Actually there’s a bulk download that people actually can use, but they choose not to various reasons. You do have to sign an agreement to get this bulk download. It may be lack of knowledge. We’ve actually had a case of this –

Daniel Dent: But don’t you think that a lot of those people in fact, maybe the agreement is the problem, and given that they’re getting the data anyway, how does this actually improve the situation?

Mark Kosters: That’s certainly true.

John Curran: So if the community wishes to provide the data by bulk download, we will do that. Historically you’ve said you want an appropriate usage for it, a set of governing terms.

If you change your mind, we’ll make it available tomorrow. But I’m also not responsible for the impact to your inbox. What you want to do is your own choice.

Daniel Dent: And I can tell you, a new POC, start getting phone calls the next day. Clearly they’re getting the data.

John Curran: So, clearly some are getting the data. What’s unknown is what quantity would obtain the data if it was available for bulk download even if we said not to and use it: Unknown.

Daniel Dent: Thank you.

Mark Kosters: Martin.

Martin Levy: Martin Levy, Cloudflare. Three locations, six servers. When will this move to the cloud? And I mean that seriously, because your numbers on your query rates, it also would solve this previous question, this is 2018. You should get it to be able to do millions of queries and not even sweat.

Mark Kosters: Agreed.

John Curran: So, that’s a great idea. We need to hear again from you folks, including particularly you folks that have a cloud, whether or not any of you care about a dependency on a cloud provider in our services.

We’ve historically been told to avoid that because sometimes people come to us when other things don’t work. And it would be a shame if we weren’t available. But if you say we can live higher on the stack, please tell us.

Martin Levy: And let me be the first to say I agree with that as a concern. Yes, that’s a valid question.

Mark Kosters: Back mic.

Lee Howard: Lee Howard, Retevia. I wonder, a little bit of follow-up, as somebody who has in the past signed the bulk Whois download AUP and has used it for research, it essentially says you will not use the information for spam.

That’s really, that’s the only limitation. I do not think ARIN should remove that AUP. Thank you for having that.

And I think that actually rate limiting at some reasonable number, both as a DDOS defense but also to make it harder for bad guys to get data. They’ll still get some but let’s make it a little bit harder. I’m totally cool with this.

I also have no objection to cloud. The research I’ve done says to me that they are – the well-known cloud providers do an excellent job, but only the ones that also support IPv6 which makes it a much smaller number.

Mark Kosters: Thank you, Lee. Front mic.

Andrew Dul: Andrew Dul. Is the abuse you’re seeing only on port 43 or is it the other ones as well?

Mark Kosters: It’s primarily on 43 but we have seen abuse on other protocols as well – Whois-RWS as well as RDAP – and both on v4 and v6.

Andrew Dul: And as a follow-up, is the tarpitting source IP address phased or something else?

Mark Kosters: It’s actually per network based.

Back mic.

Job Snijders: Job Snijders, NTT Communications. A few small comments. Indeed, I would like to encourage you to consider moving to the cloud. It can bring tremendous benefits in terms of operations and help people spend their time on more worthwhile tasks.

Secondly, in the tarpitting, has anybody ever complained that they by accident hit this limit? Is there a feedback loop where you accidentally ended up tarpitting a good guy?

Mark Kosters: Actually we did end up tarpitting a good guy.

Job Snijders: Sorry, you did or didn’t?

Mark Kosters: We did. And we actually talked to them and said, hey, why are you doing this? They went back and looked at their systems and somehow magically it went away.

So there’s a whole bunch of different reasons. When you start looking at these logs, when we see high rates, you start looking at the data, most of the times you’ll see appearance occur.

And a lot of the questions that are asked is, hey, give me 1.1.1.1.1. Now, give me 1.1.1.1.2 and so forth and so forth coming from places all over the world.

Job Snijders: So, if you only got one complaint, then I would like to congratulate you on picking the correct parameters. Well done.

John Curran: Good actors can become inadvertent propagators of bad behavior through typos and code, but they’re quick to correct it when pointed out.

Daniel Kluss: Hello, Daniel Kluss, Archeo Futurus. I’d just make the suggestion of perhaps multiple cloud providers, that’s all. Thank you.

Mark Kosters: Thank you. Good feedback. Appreciate it.

Doug Montgomery: Doug Montgomery, NIST. I didn’t see it mentioned. Do your RPKI publication points get deployed over that same infrastructure or is it a different question of scaling and replication?

Mark Kosters: So when this occurs, they’re on separate hardware in the same sites. We do not have a problem with bandwidth on these particular sites. So they would not be affected.

John Curran: If I understand your question correctly, will they be affected, is what Mark answered, no, they won’t be affected. But if you asked the question, are they protected – is that the question? Are they protected by the same infrastructure and detection and tarpitting. I believe the answer is not at this time.

Mark Kosters: No, it’s not at this time. But, again, we’re not seeing the same rates on people who actually are going against our repos. And frankly we need to move from rsync to RRDP as well. And, again, you can put that in the cloud and the problem is solved.

John Curran: Thank you, Mark.

(Applause.)

Okay, we’re coming up to our 3:00 break. We’ll have a half-hour break. There’s refreshments outside. I look forward to seeing everyone back in here at 3:30. Thank you.

[Break]

Recommended Draft Policy ARIN-2018-4: Clarification on Temporary Sub-Assignments

John Curran: I’d like to welcome everyone back to ARIN 42. This is the afternoon session of the Public Policy Meeting.

We’re going to move immediately into discussion of Recommended Draft Policy ARIN-2018-4: Clarification on Temporary Sub-Assignments. Because this is a Recommended Draft Policy, I’ll do the staff introduction.

This Recommended Draft Policy started at ARIN Policy Proposition 254. Became a Draft Policy in April this year. It was revised on the 16th, the 13th and the 30th. It got moved to recommended status on the 25th of September.

It has not yet been presented at an ARIN meeting. So you’re seeing it here for public discussion. This is the first time it will be up for a Public Policy Consultation here.

It is a Recommended Draft Policy, which means it is possible the ARIN Advisory Council will recommend it to the ARIN Board of Trustees for adoption after this meeting.

So it’s worth paying particular attention to and speaking your mind on this policy process. The AC shepherds are Chris Woodfield and Rob Seastrom.

Staff and legal review. It’s our understanding that this policy allows an organization that’s received direct assignment from ARIN to temporarily assign portions of that to a third party without characterizing it as a reassignment. As revised the wording is clear and concise. It has negligible impact on the registration services team. It can be implemented as written. No material legal risk noticed in the Policy Proposal.

Resource impact: Minimal impact to resources to implement. We should have it done within three months as usual. Update guidelines, documents and internal procedures. Staff training. This doesn’t require any engineering work to implement.

So with that I’ll turn it over to the ARIN AC to give their presentation.

Chris Woodfield: Hi, I’m Chris Woodfield, the ARIN Advisory Council. And this Policy Proposal aims to correct certain ambiguity in the way that the incidental or temporary allocations of resources should be, whether or not they should be considered a reassignment.

Next slide. I’ll go ahead and read the problem statement: When the policy was drafted, the concept of assignments and sub-assignments did not consider the use of IP addresses in hotspots, the use of addresses by guests or employees in Bring Your Own Device situations and many other similar cases.

In addition, the IETF has recently approved the use of a unique v6 prefix per interface/host. That’s RFC8273, instead of unique addresses. What that means is that you join a hotspot, you don’t get one IPv6 address, you get a whole /64.

This, for example, allows users to connect to hotspot, receives a /64 such that they’re isolated from other users for reasons of security, regulatory requirements, et cetera, and they can use multiple virtual machines on their devices with unique addresses for each one.

Currently NRPM 2018.2 Section 2.5 explicitly prohibits such assignments, stating that assignments and reassignments are intended for the exclusive use of the recipient organization. This proposal clarifies the situation in this regard by means of additional clarifying language in the Definitions section.

So effectively there are many common use cases that would not traditionally be considered assignments but could be interpreted that way. And as it turns out, a while back RIPE did exactly that.

Similar definitions in honestly not only RIPE’s policy but every RIR appears to have similar language. A strict interpretation was held within RIPE and had a result of organizations with direct assignments being counselled that they could not provide /64 allocations to users in Wi-Fi hotspots, and if they did that would be considered a reallocation and not a valid use of a direct assignment space.

This situation was addressed by RIPE NCC Policy 2016-4. Although halfway that policy only covered allocations of specific IPs and not entire networks, not /64 networks.

A subsequent policy, which is 2018-02, has been submitted to address that. The author of this policy has also submitted similar proposals to the remaining RIRs – LACNIC, AFRINIC, APNIC.

On to the text. This is in addition to the existing definitions of allocation assignment, reallocation, and reassignment. The additional text reads: Note that the incidental or temporary use of address space by third parties shall not be considered a reassignment or a violation of the exclusive use criteria.

A little bit on the history that John touched on. It was accepted on the docket as a Draft Policy on April, you had the 23rd, I had the 18th. So there’s a discrepancy there but that’s okay.

It was announced between April 23rd and May 15th. A PPML discussion took place on the policy. There was consensus towards fixing the ambiguity. But quite a bit of feedback on the chosen language used to correct the ambiguity.

Based on that feedback, the AC took it back and we resubmitted language on July 17th. We also renamed the proposal at the same time given that one of the bits of feedback we received that was this is not purely an IPv6; any solution we provide should be protocol-independent. And as such we took v6, added in temporary.

That revised text was sent to PPML July 17th. Additional discussion took place. Another minor revision was had based on that feedback as well as staff and legal review.

And also at the same time, revisions were required due to the fact that an editorial change had been made to section 2.5 and the new language did not match that editorial change.

So that brings you to the current language that I just read to you on the last slide, which has been advanced from Draft Policy to Recommended Draft Policy at the last AC meeting on September 20th. And here we are today.

Thank you, any questions?

Paul Andersen: Would anyone like to speak? Approach the microphones. The microphones are open.

Cathy Aronson: Hi, Cathy Aronson. I didn’t see that this is a problem, but I just wanted to mention that there could be applications in the future where you might have four or five or six of these, of these /64s for a single host, and we should make sure it doesn’t preclude that either, because they’re talking about using all these different kinds of addresses for – all at the same time. So you might have more than one /64 on a host temporarily. I don’t think it precludes that, but I just wanted to mention it.

Chris Woodfield: There’s no mention of any limits on use of addresses. We strictly define it as incidental or temporary use. Incidental is a – there’s rooms for interpretation in both of those terms, and that’s intentional because there will be use cases that clearly fall outside the intent of the policy.

Do you support the policy?

Cathy Aronson: Yeah, I support it. Thanks. I was just going to say that.

Paul Andersen: Rear microphone.

Kevin Blumberg: Kevin Blumberg, The Wire. I’ve been following this policy and felt that it was probably easiest to ask the questions here because I’m really trying to understand the real problem that this is solving without creating more problems down the road.

So if I understand it right, you have a coffee shop. That coffee shop is given a /48 of v6 space. Every customer who comes into that coffee shop gets a /64. And that’s a problem? Is that what this is trying to solve? We’re supposed to be SWIPing those 64s?

Chris Woodfield: That was specific guidance given by one of the regional RIRs, yes.

Kevin Blumberg: Okay, so, that is – I would love for staff to say that that is their interpretation, because for the last 25 years we’ve never done it that way in v4 or v6.

So, like I said, I’m very confused about that. But beyond that I’m confused about “temporary.” The word “temporary” is an abuse vector. It’s like “immediate need.”

Staff will define it one way and the spammer who is getting temporary space for six months will define it another way. So using ambiguous terms to try to fix a problem and create five more new problems puts me on the right now no support, but, please, if you can explain the problem that’s being solved, because I don’t get it.

Paul Andersen: In favor, against, no opinion?

Kevin Blumberg: Right now against, but I’d like to hear an actual problem.

Chris Woodfield: I can speak to the specific case, which was communicated by the proposal author, was that there was an RIR who took that definition of exclusive use and told a business that they could not allocate subnet, 64 subnets to users of their hotspot.

Kevin Blumberg: So I’m asking, in this region, is it a problem because we have differing concepts and languages and terms? Is it a problem? Have staff said this is actually a problem in this region?

Chris Woodfield: That would be a question for staff.

Paul Andersen: That would be a good staff question.

John Curran: I am aware of any [sic] circumstance where we have informed someone they cannot sub assign v6 address blocks to people.

Kevin Blumberg: Thank you. I do not support this policy as written.

Paul Andersen: Thank you. Microphone on the side. I see it this time.

Austin Murkland: Austin Murkland, QScend Technologies. I support this policy. I think there might be a little bit more work on the language, but still in support.

Paul Andersen: Thank you very much. Front.

Owen DeLong: Owen DeLong, SAIL Internet, ARIN AC. I support the policy. The problem that’s being solved is not one of staff action. It is not one of implementation. It is one of the more general understanding of the NRPM by people that are not necessarily as steeply versed in the NRPM as myself and some of the other people in this room.

There is a question of when RIPE does this very literal interpretation of the policy and it gets publicized widely, as it has already, people may assume that ARIN will interpret it that way whether ARIN actually does or not.

And it has been pointed out that it is actually better for policy to say what we intend than for us to have policy when you interpret it strictly becomes nonsensical, and therefore staff doesn’t interpret it strictly. As is the case here.

Were staff to suddenly start interpreting the policy strictly, literally as it’s written, they could argue that assigning a /64 to somebody in a coffee shop from the coffee shop’s assignment is not valid, and the coffee shop needs an allocation if they wish to do that.

I don’t think that’s something we want staff to do. And this policy change will make it very clear that that is not the intent of the current policy or the policy as it would be amended.

Paul Andersen: Thank you for your comment. Front microphone, please.

Andrew Dul: Andrew Dul, ARIN AC. What I want to do is relay some comments, a discussion that I had with the author last week at the LACNIC meeting and a subsequent email conversation.

The first part is about the policy as we’ve been discussing it so far in that what we’re trying to do is not make a requirement for organizations to reassign temporary blocks and temporary subnets. So that’s one part. And I think the current text does that.

The second part that was discussed at the meeting last week was about a new and slightly different use case where a direct assignment organization and end user receives, let’s call it, a /48 and then reassigns a /64 to a subcontractor who, for example, is running a video system in that organization on a non-temporary basis.

So the use case there is about whether an end user should create a reassignment record for that. And the downstream of that also is is an end user permitted to do so. And in this region, the answer to that question is: Are you a registration services user or a regular end user? And if you’re a regular end user you cannot. And if you a registration services user, you can.

But the policy itself does not distinguish what an end user should do based upon your fee category. So there’s a lot in there. I hope that I have illuminated something useful.

Paul Andersen: Question?

Chris Woodfield: I believe – so that conversation had come up before. Our assessment of that specific case is that that would be covered by the term “incidental,” and actually it was cases like that was the reason why the term “incidental” was added to the policy, where it originally only contained the word “temporary.”

Andrew Dul: I’m not disagreeing with that. I think some users believe that that is not an incidental use when it’s a permanent basis of a significant size.

Paul Andersen: Thank you. Just – we’re running out of speakers here. We do have a few minutes. If you want to speak on this Recommended Draft Policy, please approach a microphone and make your comment or if you’re remote make your participant start typing.

Rear microphone. My queuing strategy is neither fair nor efficient. Rear microphone.

Mike Joseph: Alright, I’ll take it. Mike Joseph, Mode. I oppose the policy as written for all the reasons that Kevin previously articulated. And further I’d say that I think the IPv6 aspect of this is a bit of a red herring.

There’s nothing IPv6-specific about this problem. You can run a coffee shop, and you can choose to give your customers public IPs, and you can be in this very same situation with v4. I think it’s a good thing to define what legitimate use as an end site constitutes.

I think that should be commended. But I think adding the words “incidental” and “temporary” creates more ambiguity, not less. So I think this needs quite a bit of work.

Paul Andersen: Okay, did you want to respond or –

Chris Woodfield: Thank you, thank you for your comment.

Paul Andersen: Microphones will close at the end of this speaker. Front microphone.

David Farmer: David Farmer, University of Minnesota, ARIN AC. I support the policy as written. The term “incidental” is incidental to the organization’s use. And so if you contract for something – the fact that somebody else is doing it, it’s on your behalf. That’s incidental to your use, which is what the assignment was granted for. That’s where “incidental” comes into this.

The other piece of this is we have to remember these policies, not only is it not people in this room, it’s also these policies have to be interpreted by people that are not first – English is not their first language. And these are – while I think it’s not a problem, it’s not been a problem – it is a proper point that if you took the most strict interpretation of what’s there right now, we get into some gray area.

Does this clear up all the gray area? No. But I think it pushes the gray area to the side we want it instead of the other side.

And I don’t think – unless we want to end up putting in two or three paragraphs about this point, I don’t think you’re going to get out of gray area.

Chris Woodfield: Just a comment on that. Many of the revisions that were made to this were in fact to remove references to specific use cases due to the danger of, you know, what are we going to miss, are we going to have to add more specific use cases and is it going to turn into a quagmire of specific uses.

Paul Andersen: Thank you. Any final – microphones are now closed and we’ll go to remote participation.

Chris Tacit: It’s not actually remote; I just took the baby with me in case something showed up when I was in the queue.

Paul Andersen: No remote participation, but go ahead.

Chris Tacit: Chris Tacit, Tacit Law, Vancouver Internet Exchange and ARIN AC. I agree with the intent and I support the intent of the policy, but I do agree with Kevin and others who have said that we need to inject a little more precision into this. So I would suggest that we keep working on that.

I think maybe what we need to do is insert the concept of the transient nature of the use rather than “incidental” or “temporary,” because it sounds to me like that’s what we’re really talking about. People who pass through and while they’re passing through are using it. So if that’s of any help for consideration. Thank you.

Paul Andersen: Thank you.

Chris, any final comments?

Chris Woodfield: I have no additional comments.

Paul Andersen: Okay. Then we’ll thank Chris for the presentation of this.

(Applause.)

We’ll now move, as this is a Recommended Draft Policy, to our poll. The question will be, because it’s Recommended Draft Policy, if you are in favor or against the Advisory Council advancing this.

As I see our counters, illustrious counters are ready, I’ll now ask all those in the room that are in favor of advancing 2018-4 to put up their hand nice and high. Remote participation also please engage. I know it’s after lunch and there’s been snacks and get tired, but let’s try – last poll of the day. Just a little longer, please.

Thank you. You can put your hands down. And those opposed to 2018-4, please raise your hand nice and high. Okay.

Alright, you may lower them now. And we’ll just wait for the results and Paul’s housekeeping notes. Apparently, just a reminder, there’s lovely t-shirts out in the hallway that you should go get. You need your little coupon that was in your badge. Go get them before they’re gone.

And we have a lovely social tonight outside, near Granville Island, it’s a lovely little area in Vancouver. Buses leave at 6:45. Find your social badge, again, in your little package before you go. And the results are coming.

On the item of ARIN-2018-4: Clarification on Temporary Sub-Assignments, 108 people in the room, 26 in favor, nine against. This will be provided to the AC for their consideration. And we’ll move to the next item for John.

John Curran: Okay. Very good. We’re done with the policy discussions for the day. We’re going to move into our last updates before the end of the day. First one up I’ll have Bevil come up and give our Caribbean Update.

Caribbean Outreach Update

Bevil Wooding: Hi. Good afternoon, everyone. Give you an update on what’s been happening in the Caribbean.

As many of you know, in February, we began our ARIN in the Caribbean series of events. We called it the ARIN Caribbean events. We started in the country of Grenada and concluded last month with an outreach to Jamaica. In all we’ve touched over 400 persons, many of them who would have heard about ARIN for the first time.

This series started against the backdrop of the disastrous 2017 hurricane season. And so there was great interest in network resilience and what would need to be in place to avoid some of the mishaps that took place across various private and public sector networks.

And so the messaging around the ARIN in the Caribbean events uncovered some of the priorities, some of which were no surprise. They range from network resilience, understanding what does it take and what role ARIN plays in terms of its number resource services, network autonomy – IPv6 adoption was one of the most heavily requested areas of explanation and clarification – network security and technical capacity building.

Now, these priorities came from surveys that we conducted at the end of every one of the outreach programs that we did. And in every case, in every territory that we visited, the set of concerns were the same.

And so a lot of what we learned this year is going into the plans for the 2019 series of events.

Some of the highlights coming out of what we did in the Caribbean included the fact that this was the first time that we had such a sustained direct outreach to the Caribbean region.

And this outreach spanned not just the technical community. We also made a very deliberate attempt to get more deeply involved in Internet policy discussions, to understand what some of the issues were around policy in the region; and in public safety, understanding the role that we can play in facilitating a new dialogue between law enforcement and public safety officers in the region and their counterparts in North America.

The other highlight, I would say, for what happened this year would have been the participation in relevant Caribbean fora. ARIN attended the CANTO meeting, which is a major trade organization gathering every year. We played a key part in this year’s CarPIF, Caribbean Peering Forum, and of course, as always, was very supportive of the CaribNOG community, attending their events and providing speakers and support for the outreach to the technical community.

Now, all of this took place against a backdrop of the launch of what we’re calling the ARIN Caribbean Forum. And this was launched at the ARIN meeting in Miami earlier this year, ARIN 41.

The forum aims to cement and put greater structure around our interventions in the region and also allows for a new point of entry for those in the Caribbean who are trying to understand how the ARIN community works, what we’re about, what we’re doing and how they can participate in it.

So far, we have been able to provide advice and direction to both government and technical community members who are trying to play their part in adding their voice to the community. And I would have to take a small amount of credit in terms of the impact this outreach has had with the amount of Fellows and applications of Fellows that we’ve been seeing from the Caribbean region.

That’s been one of the positives that’s come out of our outreach, and as a highlight I would say the strengthening of partnerships. ARIN has been very much involved in reaching out, not just to organizations that are based in the Caribbean like the Caribbean Telecommunications Union, CarPIF, and CaribNOG.

But we’ve also strengthened the partnerships with some of the I Orgs – ICANN, ISOC – That is necessary, as well as LACNIC, who is also very much interested in seeing what and how these outreach efforts are impacting the development of the community.

So that’s our highlights for this year. Now we look forward to 2019, and it’s going to be more of the same. We really want to continue the outreach. The level of positive feedback that we’ve gotten from being on the ground. And having these direct interventions is something we plan to continue building upon.

In addition, the support for CaribNOG and the work that we’re doing with the technical community in the region is something that, based on the feedback we’ve received, particularly around issues like IPv6 and issues around how do you move from a place and time and season where most of what has been taking place has been managing and building the networks from a place of scarcity.

As people understand that they can come directly to ARIN and that they can start to leverage number resources, not just on the v4 side but on the v6 side.

We recognize that it is imperative that explanations about how to build out v6 networks go beyond the standard slide decks that talk about there’s a need to shift, and now people want to figure out, “okay, now that we want to shift, what exactly must we do?”

And so we actually started discussions with some of the universities and community colleges in the region and are looking to see to what extent new partnerships can be forged where trainers can go in and help actually put v6 engineering programs within the university and pre-university level curriculum.

And then of course the outreach in terms of getting more persons to see the value of participating and lending their voice to this community and this forum. That’s one of the big priorities for next year.

So what will 2019 look like? The country visits will continue. One of the new things that will be happening, there’s a planned State-of-the-Internet forum which we are doing in collaboration with the Caribbean Telecommunications Union.

And the idea with this forum is to identify some of the global trends in the Internet, not just technical trends. Some of the very challenging issues that are coming up regarding cross-jurisdictional concerns, privacy, security, things that have been question marks, not just for systems administrators but for government officials who are trying to wrestle with the growing impact the Internet is having on the economy and on society generally.

And our intention is to create this forum that brings some of the hot topics to the fore, and then have the region discuss the implications for national and regional policy in an IGF-styled interaction. That’s going to take place sometime in March of 2019.

The third major activity will be the outreach to the justice sector, and here we’re planning training and awareness interventions for both the public bar as well as for the judiciary, who again are grappling with the issues of how all of these matters relate to their function and their continued role. And finally growing our footprint among the technical community.

CarPIF comes up again in 2019, and we’ll be a big part of that. And the CaribNOG meetings, we’re jointly hosting CaribNOG 17 with the ARIN 43 in Barbados. That’s what it looks for 2019.

Lots of good stuff happening in the Caribbean. More good stuff to come. There’s a real need for the kind of outreach and awareness that we’ve been doing, and it is having a positive impact on the community’s understanding of the role that ARIN is playing and their opportunities to be a part of the community. Thank you.

(Applause.)

John Curran: Hold on, Bevil. Bevil, hold on. So are there any questions for Bevil?

(No response.)

No, okay. Now then.

(Applause.)

Very good. Next up we have our Internet Governance Update. I’ll have Anne-Rachel Inné come up and give it.

Internet Governance Update

Anne-Rachel Inné: Good afternoon, everybody. My name is Anne-Rachel Inné, and I’m the Executive Director for Government Affairs and Public Policy at ARIN.

And some of you who were here yesterday when we were doing the newcomers session will have heard that I am somebody’s clone here. My clone is at the back there. She’s a little blonder. She’s been around for about ten-plus years. And I have big shoes to fill.

I want to tell you a little bit about Cathy. She’s part of the Internet governance landscape and in what we do in general. Cathy’s really one of the people who are the most respected in this government affairs dealings that we do out there with the community. So, help me in saying thank you, Cathy, because Cathy will be leaving us at the end of the year.

(Applause.)

Thanks very much.

(Standing ovation.)

So now she hates me.

(Laughter.)

And we’re going to have to work together through Plenipot.

I’m going to give you a little bit of an overview of some of the things that the government affairs team does out there when we go.

Why are we here, first? To improve relationships with the world out there. And the world out there doesn’t stop in the community that is here. It is all of the regional folks that you see. You just heard Bevil talk about the Caribbean.

We’re also – apart from the Caribbean, when you talk about Internet governance, we’re part of what is called CITEL, the Americas region, because that’s how policies around Internet governance in general are done. And then we’re also members of international organizations like the International Telecommunications Union, where we go often.

So we participate, we monitor all of the global relevant meetings that are out there. Why? Because a lot of the policies that they put together in terms of the wording somehow are inching towards looking into what we call Internet identifiers today. And in doing that we make sure that we keep the ARIN executives involved in terms of making sure that everybody understands what is going out there and what can come back to bite us.

We do this why? Because there’s a change in the world – I think everybody feels this. We have a world that’s way more connected. Apparently by next year, we will have 50 percent of the world connected.

You’ve heard Bevil say some of the governments in his region are – yes – some of the governments in his region are very much involved into looking more into today having their own networks. That comes of course with a lot of responsibilities that are – everybody now, here, is aware of what’s happening in terms of, for example, data protection and so on and so much.

We have issues with global political commercial uncertainty. We deal with the networks here. What is above the networks today counts just as much. And that is what is making the governments look at us to look into not only our processes: What is this multi-stakeholder thing? Who gave you the authority to do what you do? Why aren’t you controlling this v4 market? Why do you have legacy people who are not part of your processes? And so on and so forth.

So these are some of the questions that we get. And of course we have an unraveling geopolitical order, where you have – the ones who have been protecting and talking about multi-stakeholder model, open Internet and all that are today looking at – well, let’s stay home and do it.

The concept of sovereignty is becoming a really huge theme out there. And of course issues like what everybody here every day – on breaches on networks is not helping us.

Some of the key issues that we basically have to deal with out there. When they say privacy data protection regulations, what does that mean for us?

Well, we manage a database that is called Whois, where we have people information. When one jurisdiction says you can’t have people’s data out there for everybody to see and then, you know, we are having databases that do exactly that unless we can prove that there is real need to have people’s information out there.

Well, we’re going to have to explain. And basically they are now looking into all of these processes where at any level we collect people’s data. Again, because of jurisdiction issues on data privacy, they want to keep data local. They want to make sure that people are not monetizing that data and so on and so forth.

Cyber conventions. The insecurity on the networks has really gotten to the point where they’re saying, they’re looking at who is responsible. Whose network has been bridged? What has happened? Why did that happen? Who’s responsible in the process?

So data management, I talked about that. All of the issues of Internet of Things, with devices that are hooked up on the Internet globally where, that are not secured enough, that other people can hack into and then get to other networks, to the point where this is bringing issues of what traditionally in the Internet governance world, some of you may have heard us talking about network, not only network security, but issues of how do you deal with security breaches at all levels.

Again, this is something that comes back for, you know, them to say who is responsible. When we give out only IP addresses, ISPs are in the middle and people are doing bad things with addresses that have been allocated.

One of our colleagues here, Leslie, works with law enforcement people who are always looking at ways, simple ways to get to the people who do bad things on the Internet.

And then, of course, the adoption of IPv6, I think, we all know how slow that has been. The issue for certain regions today who have come on the Internet pretty late, who could have issues getting v4 addresses, because for them they say the equation is very simple. Why do you want us to get IPv6 when still about 70 percent of the Internet is v4? And why did you not keep enough for the latecomers?

So in working with governments and intergovernmental organizations in general, what we do is we go to several places. You know that ICANN has a Governmental Advisory Committee. That committee has people that actually are also part of government, just like, as I told you, law enforcement.

But often you get people who go to ICANN who know all of the things that are happening here who really have no idea, for example, what is happening at ITU. It’s the same networks. It’s the same country. But when it comes to policy issues, you have two people basically doing completely different things.

So one of the reasons why we go to ICANN is also that it helps us in terms of things that we have seen in one place. It could be OECD. It could be UNGA, which is the United Nations General Assembly, because countries are taking resolutions also there today that are related to Internet and its governance, all the way from the technical aspects to the policy issues.

We find that, you know, it is important that some of them are aware in their own countries that some things are happening and that these are things that we’re seeing here and there.

So it’s a way of making sure that we talk to the people who know about the multi-stakeholder process, that can help us also advance that by talking to their colleagues at home.

Oftentimes, we point to them, the people at home who are dealing with ITU, for example. We’re going to be next, at the end of this month we’re going to the ITU Plenipotentiary meeting. The ITU Plenipotentiary meeting is four years – it happens every four years. It is the place where basically ITU reopens a bunch of resolutions.

International Telecommunications Union has three sectors – one dealing with spectrum, so radio communications; one dealing with telecommunications standardization; and another one dealing with development and a lot of capacity building. Some of the RIRs actually have MoUs with that department in ITU to help do capacity building in IPv6, for example. I’ll come back to that a little bit more later.

We have the United Nations General Assembly, as I just said. The second committee in the United Nations General Assembly deals with ICTs for development and global partnerships. So it works on the committee – the committee works on ICTs and cybersecurity, and SIDS is a Small Island Development Space.

So it’s just about everybody that’s in Bevil’s region. And they talk about anything from connectivity. Like just this past week there was a meeting at UNGA that just finished with the first part of it were heads of states and everybody comes to speak, where they had countries and also operators, the ITU talking about how to get a resolution to the UNGA to have connectivity as a human right.

So these are the things that, again, everybody is kind of working on policies, resolutions and all of that that we have to make sense of and look into how do we get to those people and talk – let them know what it is we’re doing and be part of the conversation so they can let us do some of the things, or continue doing what we’re doing at the moment.

Inter-American Telecommunication Commission, so CITEL – CITEL is the body that deals with everything that is complication in the Americas. We participate in their meetings because most of what they do also feeds into ITU in general.

And, of course, they take resolutions from the ITU to implement, for example, everything on capacity building that comes out of ITU-D or resolutions on SIDS that from the UN General Assembly that are sent to the ITU, saying you have to do more capacity building on ICTs and telecommunication that translate into the Caribbean region.

So we also work with the Caribbean Telecommunications Union. You’ve heard Bevil talk about that. We look into what is happening at the OECD, the Organization for Economic Cooperation and Development. Why? Because OECD has a full concept called Going Digital. And Going Digital looks into anything from the regular networks all the way to, say, taxation and what they call OTTs, over-the-top bodies that are doing, are dealing with the content issues and all of that.

So, again, these are places where you feel like, oh, well, content is not something that really matters to us. But if you dig down, when they say content and then come to how they’re going to impose regulation on people, you backtrack in there and then you find that, oh, yeah, it’s going to come to the ISPs. It’s going to come to us eventually.

World Summit on Information Society-related activities, also an Internet Governance Forum. With our other colleagues at RIRs, we have booths and we also participate as individuals on several panels talking about Internet and Internet governance in general.

So I was telling you about the Plenipotentiary meeting. These are some of the resolutions that, for example, touch us directly. These are only just the ones that are core Internet, 101, Internet protocol-based networks.

These are actually all the resolutions. Some of them date back to 1998. And they are reopened every four years because for the longest time the ITU and dealing with telecommunications has tried to get Internet as core activity. Telecommunications probably means that for them. So Internet should be included. So these resolutions, all of them, are being reopened at Plenipot.

What happens is that member states are the ones who have the last say. The way we work is that we work with them to make sure that they understand some wording could be prejudicial to what has now somewhat been accepted as, okay, this really should be done multi-stakeholder. This really should be done in region. The RIR model as you know it. We’ve explained several times that it’s working. You have agreed to it.

So some are being reopened with language that could be innocuous until we get there and see who is saying what. Because these are the resolutions that touch us directly, but there’s a lot more where they basically have to barter. So it will be, I give you my vote on this one and you accept my language on that one. That’s how it works also.

So we basically have to run around and make sure that everybody agrees with us that we’re good guys, we do a good job and it is important that so far they kind of leave us alone and keep things in your hands instead of just making sure that or having policies that would dictate that all of the stuff that we’re doing go back into government hands.

So, in the ITU we also participate to the development conference, the World Telecommunications Development Conference. This one we participated last October, too, and it’s really where all of the D sector do all their resolutions on what is happening in that sector. So a lot of them are on capacity building, but you have a lot that are on also security of networks and all of that.

Standardization Assembly is the one where they discuss a lot of the standards. And we do participate in that.

The last one is the World Conference on International Telecommunications Regulations, which is really the basic treaty – ITRs, for short – is the basic treaty for telecoms. Some of you may have heard that we had – there was a WCIT in 2012 where we ended up having another set of ITRs.

So we have two right now in the world because regulating telecommunications. And if you’re signatory to one and then unsignatory to both, if we have any dealings in telecommunications, we fall back on the one that we’re both signatory of. That’s how it works at the moment.

Now, a lot of people are not happy about that. They would like to have one set still. So there’s a lot of talk about should we go for one set. If we go for that one set, what does it include, just basic telecommunications as we knew them or do we include Internet stuff?

So it’s going to be discussed also at Plenipot. And we basically are going to have to listen in and work the corridors to make sure that they don’t do that. If they decide to have another WCIT there’s not much we can do. It will depend on how many people will feel that it’s a good thing to do.

If not, we fall back on having, again, another Study Group. And we will have to participate to the Study Group to continue working with everybody on not having another WCIT and not having another big conference where we could include Internet in there.

So in Study Groups, in between the two sectors, were members of T and D sector. These are some of the Study Groups that we participate into. And as you can see, they really go into stuff that we do. Study Group 2 goes into operational aspects of service provision and telecommunications, ENUM, you know, INRs NG standards.

Our colleague, Einar, has actually written quite a few, two, I think – Einar? Yes, two papers that are on the “Participate” link on ARIN’s website, if you feel like reading them on number resources and with also our colleagues from RIPE.

We participate to Study Group 20. That talks about Internet of Things, smart cities and communities. It involves everything.

Study Group 1 at ITU-D is enabling environment for the development of telecommunications.

So when you say “enabling environment,” it goes from capacity building to putting the networks, but mostly there it’s a lot of regulators also that we have to convince that, yes, please, at home make sure you don’t nail down our ISPs, put them in a box. Allow IXPs. Do this, do that.

It’s really getting them to understand the way it works and hopefully dealing with the community of our folks that are working with the networks.

And we participate to TSAG, which is the coordination committee at the T-sector, with all of the Study Groups. There are a lot of Study Groups in ITU-T and in ITU-D. And we also participate in ITU-D to the Coordination Advisory Group.

And this is it. If you have questions.

Lee Howard: Hi. Lee Howard from Retevia. Thank you for all the work you do. I was relieved to see, because I wasn’t paying attention to what ARIN was doing at the time around the study-group question or the proposed numbering plan for IPv6 in IoT.

And so I was relieved to see, as you said, Einar had written a couple of papers, and I went to see what they were. And I saw there was an ARIN response there. Thank you very much.

I haven’t heard anything about that in the last several months. Any idea what’s happened since they asked the world – since they asked a couple of people what they thought?

Anne-Rachel Inné: Einar, do you want to respond to that?

Einar Bohlin: Hi, everybody. Einar Bohlin, Policy Analyst in the GAPP team. There’s an Internet Draft that suggests a different way of numbering with IPv6 addresses and with the large increase in hardware to make routing be much quicker, with lower latency, a different – I’ll tell you about it, Geoff.

(Laughter.)

So they brought it to Study Group 2. They presented it. We asked them what state this Internet Draft was. They just submitted it.

They said they intend to work on the code and bring it to the IETF in 2019. And we welcome them to come back and report on it. That’s basically it. I’ll be happy to share the actual draft with anyone that’s interested. Thank you.

Anne-Rachel Inné: Thank you.

John Curran: Any other questions for Anne-Rachel Inné?

Gary Campbell: Gary Campbell, Government of Jamaica. A good presentation. I enjoyed listening to all you had to say. A question I would like to ask, though: Are there any formal channels where which governments can engage ARIN in terms of formulating policies related to all the issues you had up there – cybersecurity, IPv6 transition and so on?

Can you point me to just specific channels where which I could perhaps have that kind of communication with ARIN to get these done?

Anne-Rachel Inné: We’ll be very happy to work with you and identify what it is exactly you need and make sure if it is at our level we’re happy to respond. And if not, I’m pretty sure on issues of cybersecurity, we can find people in the community who can help you deal with that, too.

Thank you.

Yes.

Suzette Burley: Suzette Burley, Digicel Jamaica, a Fellow for ARIN 42. One of the things in my portfolio’s working with government agencies on a board, and I sometimes find it challenging to get or influence change.

I just want to commend you first for the work you’re doing because I know it’s quite difficult work to do that. But have you found them very receptive when you’ve made a suggestion to the table in terms of policy changes to drive change within the region?

Anne-Rachel Inné: It really depends on the people. And it depends on what it is.

To be honest, I think the whole thing is a question of trust. The more they see you, the more they’re comfortable talking to you because it is in their settings. And basically because you’re there, you know, once you interact and they do realize that you’re there as a neutral body to tell them, okay, this is really in the interests of everybody, they listen.

So, I don’t know, Cathy, do you want to add anything?

But honestly, in general, I don’t think we’ve had any issues. It’s a question of relationship. It’s how it works with governments. If they trust you, they listen. And, yeah. Thank you.

Cathy Handley: In answer to your question, Anne-Rachel, I think one of the important things to do, and I’ve said this time and time again, is listen. And a lot of times you’ll get questions that don’t seem to make sense. But it’s really important.

They don’t know necessarily the right way to ask the questions. So you have to listen and hear what they’re saying and just stay in there and keep coming back. It’s the best thing to do.

John Curran: Any other questions for Anne-Rachel?

(Applause.)

John Curran: We have our final update of the day. Some of you have explored the new ARIN website. I’m going to ask Richard to come up and speak to it.

ARIN Website Redesign Update

Richard Jimmerson: Thank you, John. How many people have been out back in the registration area to talk to Jan and Jesse in the lab coats over the last couple of days? Raise your hand. Thank you very much for that.

There’s a very large user population of the ARIN website to manage their Internet resources, to participate in this Policy Development Process. There are tens of thousands of organizations that do that on an annual basis.

And you guys here in the room are a special representative set of all of those people because you’re talking to the folks in the lab coats in the back, and they’re really absorbing all the feedback that you’re providing to make this a successful project for everyone else who can’t be here.

We are doing a lot of this online and people are giving us feedback online. But this in-person feedback is important. And thank you guys for doing that.

For those of you who have not done that yet, some of you signed and you haven’t gone back there yet, please go see Jan and Jesse in the registration area during the day tomorrow, and go through the tests that they have. It will really help out those tens of thousands of users that use the ARIN website every year. We really appreciate it.

This is the timeline that we shared with you in April. And in April, we did our first site preview. And we had some things coming up here for the rest of the year. Now, we started the project in – we announced the redesign project in October of 2017, one year ago at our meeting, and this is where we’re at today.

We’re right on schedule. We’re right where we plan to be. We’ve got our final site preview out there today. And we’ve done, with some super users over the past month and a half, some testing on account management integration on the website as well that can be tested out there with Jan and Jesse if you haven’t already been out there this week.

So the things that have been driving this redesign have been all these things that we have listed here. We’ve really worked hard to make sure that we have a strong engagement with the community about the change that we’re making.

We know there’s still going to be a population of people when we launch the site that are going to be surprised by it because they didn’t know it was happening. But we’re trying to limit that to the extent that it’s possible.

So this is the site that you can see if you go to preview.arin.net. We’d appreciate it even if you don’t go out with Jan and Jesse and talk to them, at least go to the site, hit the feedback button and let us know what you think. There’s a short survey there.

Of course, we have emphasis on mobile for this project. It’s just not for the pages that you can see on the phone here, on the phone screen here, but it’s also for account management, our ARIN Online interface.

We’re working to make sure that all of that is enhanced so that it’s responsive and it works for you inside this new launch that we have.

Before we come to the next ARIN meeting, the site will be launched. It will be out there. You’ll see increased communications over the next couple of months because we don’t want people to be surprised by the launch. And please endure those. I know that you guys know all about it because you’re in the room here today. You were probably in the room here in April. But just know that we’ll be going out and doing a lot of talking about this over the next couple of months.

And with that, I’d like to thank you for participating in the review of the project. I’d like to thank the team inside ARIN that’s put in so much work into this. They’re doing an outstanding job, taking your feedback, integrating that into what we’re delivering back to you. And I think you’re going to be pleased with it. They’re doing a wonderful job.

Any questions?

John Curran: Thank you, Richard.

(Applause.)

Public Policy Meeting, Day 1 - Closing Announcements and Adjournment

John Curran: Okay, we’ve actually concluded the program for the day. I’ve got some wrap-up announcements.

Voting is open. Remember to vote. You have – the eligible Voting Contacts may vote through 6:00 PM on October 12th. Vote, click “vote now.” There’s an Elections Help Desk available to you. Send questions to members@arin.net if you have any questions.

Thanks to our sponsors, TELUS and Google.

(Applause.)

There’s a social tonight. Buses leave at 6:45 and 7:00 PM on the north side of the hotel. Go to the north side, buses, 6:45, 7:00 PM.

Okay, let’s see, almost done. I’d like to – don’t forget the meeting survey, ARIN 42 survey. Fill it out. Everyone’s going to be in a drawing for an Xbox One.

Reminders, breakfast tomorrow, 8:00 AM. Public Policy Meeting, 9:00 AM. And then we’ll switch to the Members Meeting, which is open to everyone – you don’t have to be a member – at 11:30. The meeting materials are online.

Congratulations, Nate and Cathy. Please stand, Nate and Cathy.

This is their last meeting. Both Nate and Cathy will be retiring actually, no more number policy for them. So I’d like a round of applause, Nate for 14 years; Cathy for 10.

(Applause.)

(Standing ovation.)

They have been an incredible asset at ARIN. Both of them have been just a joy to work with. We’re going to lose them both at the same time. Luckily Richard is stepping up for Nate, and Anne-Rachel is stepping up for Cathy. But truly their contributions have defined the organization.

And we need to celebrate the fact that they’ve given so much of their life to ARIN. I’d like you all to join me out in the plaza here, out in the hall for a champagne toast for Nate and Cathy. Thank you very much.

(Applause.)

[Meeting adjourned at 4:45 PM]

Network Sponsor

Webcast Sponsor