ARIN XVI, Presentation and Discussion Synopsis, Public Policy Meeting Day 2 [Archived]
OUT OF DATE?
Here in the Vault, information is published in its final form and then not changed or updated. As a result, some content, specifically links to other pages and other references, may be out-of-date or no longer available.
Call to Order and Announcements
Speaker: Ray Plzak, ARIN President and CEO
Ray Plzak opened the second day of the ARIN Public Policy Meeting at 9:00 AM EDT. He thanked Equinix who had contributed sponsorship of the meeting network connectivity and Terminal Room.
Ray offered information on the Terminal Room, the ARIN Help Desk, and the ARIN XVI meeting survey. He concluded with a summary of the agenda for the day.
At the beginning of the meeting there were approximately 119 people in attendance.
John Curran, as Chairman of the Board, moderated discussions throughout the day.
[ARIN offered the opportunity for remote participation throughout the meeting. Comments from remote participants were read aloud at the meeting and are integrated into these meeting minutes.]
Proposal 2005-7: Rationalize Multi-Homing Definition and Requirement
Speaker: Robert Seastrom, Proposal Author
Presentation (Read-only): PDF
Ray Plzak presented an introduction to the proposal. Highlights included:
- Introduced on PPML – September 1, 2005
- Staff Impact Analysis – October 2005
- “ARIN departments - no significant implementation impact”
- Legal Review – October 2005
- “Does not create legal issues that need disclosure or analysis”
- Public Policy Mailing List (PPML) Discussion Summary
- There were 3 posts by 1 person
- Discussion before formal proposal: Two posts in favor of the proposal
Robert Seastrom, the author of the proposal, continued with the presentation [Presentation: PDF ] and discussed the goals of the proposal and its intended effect.
General Comments:
- We had some customers that had gone through the original dance in order to get their /22.
- I have had somebody from a large ISP who I suggested that he say this in person, and he respectfully declined… complained about the fact that it makes it more difficult to lock their customers in.
Statements For and Against:
- This seems a really good idea.
- I would also like to register a strong support for this. The basic idea here being that this is bringing up a situation in which currently people often falsify or misrepresent themselves in order to get past the roadblock.
- I support this. I think it’s a good idea and I think you’ve done a good job.
Questions/Responses/Clarifications:
- How long is the timeline from the point when somebody can submit the paperwork, all the justifications, to when the paperwork can be confirmed and the assignment made? Leslie Nobile, ARIN Director of Registration Services, responded that ARIN tries for less than 48 hours, but we sometimes don’t get the information we’re asking for. So it can go back and forth. With this issue especially, sometimes we go back and forth for a week or two weeks on this particular case.
- When you mentioned they have to show intent to basically, immediately announce, are you just referring to the fact that they have to show they have the permits from other providers, is that what that is? Robert Seastrom said intent to multi-home could take a number of different possibilities. One might have a single transit provider and a contract with an exchange point. One might have particular peering agreements with particular networks that do not involve a peering point, as is the case with certain content distribution networks. I would anticipate that the intent of multi-home would be pretty much congruent with the requirements for getting an ASN.
End of Discussion:
John Curran took a straw poll to determine the consensus of the room. There was consensus to move the policy proposal forward.
Out-of-Band Demand Drivers for In-Band Resources: Interpreting the ASN Allocation Record
Speaker: Tom Vest, Packet Clearing House
Presentation (Read-only): PDF
Tom Vest gave a report on his investigation into the ASN allocation record. Highlights include:
- Interested in the relationship between ASNs production, their value and their allocation patterns, to the underlying context of telecommunications policy and the markets.
- As a response to mergers and acquisitions, it is increasingly more difficult to make a distinction between core operators and edge or access network operators.
- The earliest days of the allocations of ASNs correspond to the separation of access and transport in the U.S.
- Modest increase in ASN allocation with the selection of the research core, and again with the integration or interconnection of commercial facilities. Wholesale access, a product of the 1996 Telecommunications Act, further enhanced demand.
- In 2004, regulatory changes ended the wholesale access era, and now, the majority of business, traffic, etc., are accounted for by the access core. Independent core networks may soon disappear from the marketplace.
- ASNs are layer three glue, usually distance spanning in practice and operational practice.
- In the presence of affordable transport, lots of different people are applying different business models that require AS numbers and independent particle resources. You then see a rapid proliferation of ASNs.
- If the demand for ASNs is related to the telecom market structure issues, one might expect to press demand for both new and production ASNs and everything that goes with them, both in terms of protocol resources and services. This might also create a rising demand for policies that are more favorable to large operators.
There were no comments or questions from the floor.
NRO Activities Report
Speaker: Axel Pawlik, NRO Chairman
Presentation (Read-only): PDF
Axel Pawlik reported on the activities of the Number Resource Organization (NRO). Highlights include:
- The NRO was established by a Memorandum of Understanding between four RIRs in October 2003. It has since been joined by AFRINIC. It is meant as a lightweight tool for RIR coordination.
- The NRO has been discussing incorporation of the NRO.
- The NRO is producing contract drafts for ICANN contribution and IANA service levels.
- The NRO is monitoring, coordinating, and influencing the World Summit on the Information Society (WSIS). Internet governance is the big issue for the NRO, but it is also concerned with capacity building and financing.
- After the 2003 summit in Geneva, a report was published in July 2005 giving four possible models for Internet governance.
- A PrepCom was held in Geneva this year, with no consensus reached and three main positions being introduced.
- No clear result is expected from the upcoming Summit in Tunis, but ICANN will be affected.
- As part of the Internet community, the NRO is helping coordinate a booth for Tunis, under the ISOC umbrella, to meet people, explain what the NRO and RIRs do, how it’s being done and why it’s being done.
Comments and Questions:
- Richard Hill of the ITU commented on the issue of why the PrepCom sessions are not always open. He said the WSIS is an attempt by heads of state to get together to make a joint statement. Though informal lobbying occurs, no formal influence can occur within the sessions. The content of the EU proposal should not have been surprising. They simply projected an EU type model onto the Internet. They’ve taken a mechanism for transnational government that they seem to think has worked for other areas and other trade, and are now projecting that mechanism onto the Internet.
- Raúl Echeberría, CEO of LACNIC, commented that local governments and bodies will also have to change their way to operate and that this discussion regarding Internet governance goes beyond the Internet and is a discussion about governments. He also added that a fourth proposal was presented after PrepCom 3 in Geneva.
- One audience member stated that vice presidents of public policy or external relations or general council for companies need to start paying attention to the WSIS issue right now. He encouraged audience members to talk with the people in their corporations who would care about the overall external business climate and have them pay attention to what people are saying in public about this process.
Proposal 2005-4: AFRINIC Recognition Policy
Presenter: Ray Plzak, ARIN President and CEO
Presentation (Read-only): PDF
Ray Plzak presented the proposal stating that it was administrative in nature and that it simply made corrections to the Number Resource Policy Manual to reflect the official recognition of AFRINIC as an RIR. He explained that its implementation would mean, removing those policy sections that specifically referred to those portions of Africa that were previously in the ARIN region. The proposal summary included:
- Introduced on PPML – May 25, 2005
- Staff Impact Analysis – October 2005
- ARIN departments - no significant implementation impact
- Legal Review – October 2005
- “… Does not create legal issues that need disclosure or analysis
- Public Policy Mailing List (PPML) Discussion Summary
- There were 2 posts by 2 people
- Responses included:
- “This seems a straightforward conclusion… given the successful emergence and recognition of AFRINIC.”
Statements For and Against:
- Andrew Dul, the proposal author, stated that he supported the proposal
End of Discussion:
John Curran took a straw poll to determine the consensus of the room. There was consensus to move the policy proposal forward.
ICANN Activities Report
Speaker: Barbara Roseman, IANA Operations Manager
Presentation: PDF
Special Remarks
Speaker: Paul Twomey, ICANN President and CEO
Ray Plzak introduced Paul Twomey, ICANN President and CEO and invited him to make remarks. Paul began by saying how pleased ICANN was with its working relationship with ARIN and the other RIRs. This relationship has encompassed some very important areas, such as WSIS and our ability to express some key doubts about how IP addresses could be allocated geographically. ICANN has also worked with APNIC Director General Paul Wilson on a couple of issues. We believe that those who participate in ARIN meetings can contribute greatly by providing education to the rest of the community on issues including not only the doubts we have on geographic IP allocations, but also on the broader issue of the importance of our current bottom-up processes and how it works within Internet organizations.
Paul stated that Barbara Roseman will be presenting an update on the IANA and the improvements that are happening there. He then went on to say that ICANN is very pleased to welcome David Conrad, who has come on board as IANA General Manager, especially with his strong background in the ARIN community.
In conclusion, Paul stated that his final point was ICANN and the RIRs are talking about some further agreements and working through those agreements together. He added that one of the things we have learned together in the last several years is that ICANN appreciates that within the addressing community people don’t all think the same way, and so there has to be a dialogue and discussion within the communities about issues and there is a growing appreciation that when things come into action with ICANN, there will be potentially different perspectives. Paul finished by thanking Ray Plzak for the opportunity to address the meeting.
_ Ray Plzak and John Curran then recognized David Conrad and thanked him for his years of service on the ARIN Board of Trustees. _
Barbara Roseman presented an IANA update. Highlights included:
- IANA has made several staffing changes. In addition to bringing David Conrad on board as general manager, IANA has hired an operations manager, two project specialists, and two project analysts. Kim Davies will serve as a TLD technical liaison to improve communications with the TLDs.
- IANA is also working to improve its processing and keep the improvements consistent across all stakeholder groups.
- IANA will next be focusing on improving communications.
- Barbara displayed several slides showing how response time to fill requests has improved. However, IANA is still working to improve the processes and work management and will be implementing a new reporting tool.
Comments:
- An audience member inquired about some longstanding issues with IANA services and questioned when improvements would be made. Roseman responded that IANA is getting its hands around the entire problem, prioritizing and coming up with a plan to address the issues.
- An attendee questioned if IANA saw itself as being a legacy holder or registry or if other options were being considered. David Conrad responded that IANA is a service bureau and basically does what the community believes is appropriate for it to do. He stressed that IANA has to listen to policy, to input from a wide variety of organizations, and to implement policy. However, IANA does not make the policy. Much discussion then ensued on how a policy must first be discussed at the RIR and NRO level before it reaches ICANN and the process that is followed.
NRO NC Report
Speaker: Lee Howard, NRO NC Representative
Presentation: PDF
Lee Howard explained the organization of the Number Resource Organization, its functions and its status on several activities.
Three supporting organizations provide the funding and organizational input for ICANN.
- Address Supporting Organization (ASO)
- Country Code Name Supporting Organization
- Generic Name Supporting Organization
The Number Resource Organization (NRO) fills the role of the ASO, and is made of two parts:
- The NRO Executive Council, made up of the five CEOs of the RIRs, provides the funding and operational advice to ICANN.
- The NRO Numbers Council (ICANN also calls ASO Address Council) advises ICANN on policy. It has five functions:
- Global policy development process - In this area, the ICANN Board ratified the policy on how IANA allocates IPv4 space to the RIRs. The same procedure is now being followed to pass a policy on IPv6 address space.
- Provide recommendations on the recognition of new RIRs - The NRO NC recommended the recognition of AFRINIC.
- Selection of individuals to the ICANN Board - As no terms were expiring for ICANN Board members appointed from the ASO, this function was not exercised this year.
- Advise the ICANN Board on number resource policy - The NRO NC provided advice on the Working Group on Internet Governance (WGIG) and sent a delegate to Geneva to participate in the last WGIG open consultation. The NRO NC identified two major issues for potential discussion, IPv6 and independence from government control or authority.
- Develop procedures to facilitate internal functions of NRO NC - As the NRO NC is fairly new, it is still figuring out how to put together its own procedures. It is reviewing its website and documents that need to be translated.
ITU and IPv6
Speaker: Richard Hill, ITU-T SG2, Counsellor
Presentation (Read-only): PDF
Richard Hill began his presentation by describing his background and the history of the ITU. He noted its current activities and that the ITU is really a cooperative relationship between industry and government to develop non-binding recommendations. He continued with an explanation of the process by which those recommendations are arrived at, spotlighting differences with how other organizations operate and speaking specifically to how the ITU operates differently than it has in decades past. He then went on with a look at how IPv4 allocations were handled in the early days of the Internet and went on to discuss ideas put forward within the ITU on how IPv6 should be handled going forward. In conclusion, Richard discussed ideas put forward by Houlin Zhao on allocating a portion of the IPv6 space in a different way, with a small portion of the IPv6 address space assigned to countries, much the way we do with telephone numbers. He added that this would be done side-by-side with the existing RIR mechanisms and that the idea has raised many issues including the routing table, economic issues, and the power of national sovereignty.
Comments and Questions:
- I think actually you raised a false question in asking whether the question is whether national sovereignty should apply in some condition, because it’s not a question of applying national sovereignty to a national entity in much of the world. It’s one thing in China for it to say China gets a block of address space and assigns it to Chinese ISPs, because there are Chinese ISPs that don’t exist anywhere else. That’s not the case in a lot of the world. So if you have a European ISP that provides service in 10 countries, that’s not the question of should each of those countries be able to assign addresses because that doesn’t make sense in the technology side. It also doesn’t make sense in some level on the routing side. If indeed we had only national ISPs, then this proposal would only add as many countries as there are to the routing table and therefore would have no impact. But because we don’t have that, we’d have to have exception-based routing, which is sort of like geographic-based routing. There was a proposal on the IPv6 process to do geographic-based revenue. The best example I can give of that is my home has a cable modem connected to my ISP -a company called PSI, and my office was connected to MCI, and the closest connection to Boston between MCI and PSI was Washington, D.C. If we’re doing geographic-based addressing, then every single address up and down the East coast would have to be covered in the routing table. So, I think that positioning this as whether national sovereigns should do be able to something is something like saying, “Should national sovereignty work on a satellite which is over multiple countries?” And I don’t think that’s a fair question, but I don’t think it applies. Richard Hill responded that it may or may not be a fair question, nevertheless, the question is being asked. There are two points raised, which are very interesting. The satellites, in fact as you know the satellite slots, the actual positioning of the geosynchronous satellites are national, and then can’t we sell it because Tuvalu doesn’t need a satellite slot, so they sell it to somebody else. And, the other point is that Europe is very interesting because in this model it is not clear whether you had considered Europe to be one country or multiple countries, they have attempted to come up with an integrated telephone numbering scheme at the European level, but that has failed, so I think Europe is going into a process of trying to figure out to what extent they are one country and to what extent they are not.
- There are existing mechanisms for people who feel strongly about sovereignty to have control over IP blocks and there are intermediate level organizations that cover multiple geographic areas, so I don’t see that there is a problem that’s been stated here. There are some higher level, nationally organized people overseeing this; it already exists. Richard Hill replied that is a common comment and it’s a question of perceptions, so we are working in the industry, you all see that everything is working fine and there are no problems. Now, people who are not necessarily familiar with this process and participating in it, they see problems which may not exist, but everything is in self-perception. If you manage to get a liaison going, it would be helpful because we could tell them “if you don’t like the idea of going to an ARIN meeting directly, okay fine, we have a different conduit where you can write a paper and we’ll put it in and it will be labeled ITU and then they’ll look at it.” But what’s happening is that at least some portion of our membership, primarily the state membership, primarily the governments and it is only a portion of that, is saying that they feel that they don’t have enough control. I think we should enter into a communication setup where we assure them and it becomes well known that whatever concerns you have, they are really about perception and not about reality and actually you do have sufficient influence.
- I believe a very big misperception has been made in this proposal. It is explicit within the context of the proposal; the mistake is associating identity and location. When you make an analogy towards telephone numbers, a telephone number is an identity of an M Station. It is a knot in the telephone network that I am aware of, actually part of the location. If you attempt to use those to assist in IP addresses with identity and location, you’ll run into significant issues. The two solutions that I am aware of are flat routing and forced peering and reciprocal charges and the unpleasantries associated with the existing telephony system. Richard Hill responded that he has made that comment himself because people do think that IP addresses somehow are telephone numbers. Telephone numbers used to be a routing address, but that was a long time ago. Right now they are names; they are much more akin to domain names. However, the routing addresses in telephony are also assigned geographically and those are either the signaling area and network codes for the fixed network or the International Mobile Subscriber Identities (IMSIs) , for the mobile codes and they have the side effects that you mentioned. Everything you say is perfectly correct. There are consequences to that policy of doing this on a national basis.
- Paul Wilson from APNIC, in a query of Richard Hill, said there was a contradiction in your presentation, which I’m sure was unintentional on your part. You said that high level IPv6 address blocks would be given to countries to do whatever they wanted with, but later you said there would be coordination at the policy level. Those two things are quite contradictory. If you say to a country that has an expectation or motivation to have address space with which to do what they want, and “what they want” could be anything, and how they view “coordination” could fall along a large spectrum of possibilities. If you’ve got 200 countries, who are all doing what they want to do with address space, you really have chaos in terms of address management. In turn, the integrity of the Internet as a global end-to-end network, both in terms of data traffic and routing,under those circumstances could be seriously at risk. Richard replied that it could be compromised and you are perfectly right. That wasn’t actually a contradiction. What I said is kind of in the general framework of the way these inter-governmental organizations work. Each country is sovereign to do what it wants, within the limits of what has been agreed in the form of international coordination. I remember the ITU was created because they found out pretty quickly that the telegraphy system was not going to cross borders if they didn’t agree on certain basic things. I don’t know what those were, but I presume there were things like electrical levels and in fact addressing. So, the correct statement would have been, the countries would be free to do what they want within the constraints imposed by the international agreement, which international agreement will have to come about by consensus, and although it’s not binding because it was arrived at by consensus, presumably, would be followed and again all I can do is give is examples and there’s no guarantee this would scale. As we all know the past is not necessarily a good indicator of the future, but in fact the completely anarchic fashion in which, and let’s stick to the telephony routing codes, the IMSIs and the SACs are allocated, doesn’t seem to cause any problem because in fact there is sufficient agreement at the international level of how to do this to avoid creating chaos and that is because there is a great deal of commercial interest in interoperability. Nobody is interested in setting up routing cables such that you can’t communicate because everybody is interested in communicating. Now, I agree there is some issues with freedom of expression and some countries restrict that, but that’s a separate issue that’s come up in control, in terms of technical interoperability, aside from maybe one country which I won’t mention and you can think of, I don’t see anybody sitting there trying to deliberately create massive blockages to impede connectivity.
- I was wondering if you looked at history as we did this for the OSI, and countries had blocks and I’m wondering whether we looked at how this contributed to the failure of that or if it did or whether we really need to learn from past mistakes? Richard Hill replied that yes, I was involved in OSI, but I don’t think so actually that that contributed. I think the big contributor to the failure of OSI, and those who were involved know it, was the country profiles. The fact was that there was not one single interoperable thing, there were a French flavor and a German flavor and that came about because the manufacturers wanted it that way. That was one of the big problems. The other problem is that it was clearly overengineered for the time, so it had too much security, too much quality of service, too much billing. It was overengineered like many “Bell-head” things, now, for those of you who are “Bell-heads,” or have contact with “Bell-heads,” you know that, and the competing technology, which was TCP/IP, being much lighter, simpler, and quicker, prevailed. So I don’t think that that particular thing was the killer although it may have contributed, but compared to the other factors I think that was a very small factor.
- My first thought is that countries really don’t run networks by and large, and the folks that do run networks and allocate the IP space are sometimes multi-country or global companies. So trying to tie allocations per country just seems horribly broken to me, as somebody who allocates to customers on a daily basis. The allocation to the country seems sort of arbitrary, and there are many other boundaries you can consider, like street that you live on, the city, town, the county, the state, the province, the planet, the moon, or the solar system, and I think the answer is it’s a political decision because someone was worried that someone else looked better than they did. My last point is that the phone routing system only changes a couple of times a day. So, MCI pushes phone routing changes every six hours, not every six times a second like the Internet does. So, the additional scalability and hierarchy in your argument doesn’t necessarily follow the reality. Richard answered I agree with everything you’ve said. In fact it’s interesting, one of the things that fascinates me having just come from the stint with a telephone operator and now being more involved with the Internet is that I think that both systems need to learn from each other. I’m surprised that you are able to do the routing changes in the telephone system every six hours because at Orange it was more like every six weeks and the reason for that is because it is manual process, as you well know whereas in the Internet it is largely an automatic process, there is some manual configuration, but it is mostly automated, but you know why should we manual on the telephone system. The other thing that I said before, there is no root server for the telephone system and someone could say maybe that is a mistake, maybe there should be, maybe there should be some SS7 switch everywhere where you can go to get authoritative information. So I think these are all very valid questions and I think as the industry evolves and I think that point was made by a couple of the other presenters, we really got to start looking at these two different historical traditions in figuring out what is the best way to go in the future. You’re perfectly right; doing it by country is arbitrary.
- As far as transparency goes, I heard you say that as long as you are an ITU member, ITU is open and transparent. Yet a couple of slides previously you said that sector membership was $25,000 a year, which not only exceeds how much I spend to come to the NANOG/ARIN meetings, but really exceeds my discretionary spending for the next several years. Information wants to be free. RFCs are free and for those of us who want stuff around for debugging purposes and implementation purposes, the price adds up very, very quickly to have a cost associated with your recommendations. The question is, what’s in it for us, what would greater ITU involvement have as an advantage to us in the community? Richard answered that you are absolutely right about the recommendations; there are a number of people who think that they should all be free. It’s not as cumbersome as it used to be because if you get the CD-ROM, which has all of them including a very nice search engine, it’s fairly reasonably priced. But there is an issue, I fully agree with you, and the membership is aware of that and it’s being discussed. In terms of small organizations not being able to participate, that’s true. Now, there is a workaround, which is not widely used, but it’s used in at least one case, which is that nothing prevents you from banding together and joining. NANOG could join; it would cost the $22,000 a year, but then we don’t look behind NANOG, so we don’t care who shows up under the NANOG flag. You can come with 100 people under NANOG and it’s the same dollars. Then we have a special deal with the IETF and ISOC where that was negotiated and so they don’t even pay. They got a waiver for the membership fees in recognition of their special status and you know they come with whoever they want and they can make inputs and so on. I agree it’s not perfect, but the world isn’t perfect. In terms of the workload of assignment, again because of the way the IP works with national sovereignty, we’d never get into an actual assignment. We’d simply say prefix X goes to country Y and then country Y will have to setup a national Internet registry or maybe even work with the existing structure.
- So Tuvalu gets the same sized block as the U.S.? Richard answered that presumably no, but that’s one of the things that would have to be discussed. Somebody would have to do that, but again it wouldn’t be the ITU, it would be people like you if you thought there was value in going through that process, which I fully understand you don’t, at least not at this stage. Fixed versus variable, let’s get off telephone numbers because that’s really the wrong analogy. If you look at the telephone routing codes, which are the IMSIs and the SACs, they are all fixed line from the country code, always three digits. That’s really the model to look at, but in that model everybody is getting the same size and space because the thing has so many digits, three digit country code and every country gets so many digits even if they hardly need them.
- But they are not getting the same amount of space, they can have their phone numbers be as long or short as they want. Richard replied that no, not really, that’s a little more complex, and involves historical reasons.
- Traditionally, the public interest wasn’t so quite predominantly in the public sector activity, in terms of treaty organizations effectively working to get these public sectors coordinated. That doesn’t appear to be the way native governments and national sovereignties want to work these days where the public sector interest is expressed in different ways. In your view, when will the ITU reform itself to be relevant to the industry of tomorrow in a global sense? In your personal opinion, what will that reform take? Do you think it’s capable of ever executing such a reform? Richard replied that the ITU is capable, because it has changed repeatedly over the past 100-some years. Booz Allen did a survey of most enduring institutions - one of them was the U.S. Constitution, and another one was the ITU, because over 100-some years it’s always been able to adapt and reinvent itself. Some governments think this and some governments think that and in fact what we see at the ITU as staff members is that even within the single government there are significant divisions. Even individual governments don’t really know which way they want telecoms to go. The answer is, the ITU will not be able to reform itself to a future view until governments come to some reasonable consensus of what that future view is. Now, it’s no secret that when Izumi launched the WSIS, he was hoping for that consensus by the year 2005. And it turns out he was wrong. He launched that process eight years ago and we’re no closer to consensus now than we were eight years ago. It’s at least, in my opinion, four very conservatively, or more likely eight to ten years before the governments come to some reasonable consensus about how they want to do things at the international level, and as you say, that might be completely different from the way they’ve done it in the past.
- What do you think about the VLR and ISI concept, and why that’s been scaled to some sort of a worldwide requirement that necessitates such an act. It makes implicit sense why, but if you want to tie numbers to the location, perhaps in downtown Chicago, 1-312, will we have that for IP addresses, and have fixed mobility, which is antithetical to IPv6 in theory, how are we going to be able to meet all the requirements anytime you want? If you want us now to consider an address somehow fixed to a physical location in these kinds of matters, it’s the first point. Richard responded that we should get this proposal up for discussion, because some governments are apparently saying that they want this. And then the discussion to have is, “But wait, you don’t fully understand or hear the implications.” I’m not here to say that things are going to work. I’m here to say that the governments are asking these questions, and I think it helps if we find a way to address them.
- I’d just like to advance the notion for some consideration that all of this may be much ado about nothing, and that what we may be seeing here is the international irrelevancy of Sino-centric policy. This is Chinese internal policy and doesn’t really have anything to do with how the world works outside of the great firewall. If we just let them go do what they want inside China, and not pay attention to it, none of our lives will be disrupted. Richard replied that the IP push is not coming from China, but from other countries. But that’s a very good question, and of course you could replace China with any other country and ask the very same question. Everything’s made in China these days; anything I’d buy in Switzerland is made in China. Do you really want a world where the next significant standardization party is not the IEEE, but some Chinese body that works only in Chinese and can be as open as you like and everything is free? If you don’t speak Chinese, you’re not going to get the fluency in standards. What role does that leave for everybody else? But it’s a very valid question that you asked.
- Ray Plzak commented to Richard Hill that you had a slide up there that had a table of countries with allocations and you stated early on that this was the historical distribution. While you had this slide up, you quietly said that no one was criticizing the RIRs. And, by implication you were saying that the distribution of IPv4 addresses historically was inequitable and I don’t think anyone in this room would argue that. However you implicitly are saying, by keeping that up there, that the current system is unfair in its distribution. You have never shown what the distribution of the address space has been via the RIR system. I would contend that number six in that list on your slide would move up to either number 2 or number 1, as they received most of their space from an RIR. Then you have said several times that no one is criticizing the RIR system, but that is always followed by a “but . . .” In light of all this, you have yet to demonstrate what is unfair about the current system or why it has to change. Richard answered you’re right. The allocations by the RIR slide was actually in there, but I took it out, and it does show exactly what you said. I just tried to reduce the number of slides. In terms of inequitable, I don’t think I said it was “inequitable,” if I did, it was a mistake. The early allocations, I think were based on a thinking of how the network would evolve, which turned out not to be correct, because the network evolved in different ways. So I don’t think it’s necessarily inequitable, as they had certain assumptions, which didn’t work out. I don’t think the current system is unfair. The correct statement is, again that there are some countries who are asking questions. And they’re not saying the current system is unfair, they’re saying that a different system might have a different cost-benefit trade-off. And some of these were mentioned in the technical discussion. If you go to a geographic system, you probably are going to wind up with geographic routing. So that has a cost-benefit trade-off, which is different from the current setup. So I don’t like these value terms, specially, since for engineers, you know, fair/unfair,I’d rather look at what are the consequences of any particular system and then we can work out, whether we think if that has some economic, and social, and political, and consequences that we like, or that we don’t like. Scott Bradner pointed out that some of the ITU documents do talk about an historical inequity in the distribution and Richard replied that is probably true.
- I just want to point out the previous geographic based routing regime on the international service system, effectively collapsed precisely because of the inability of sovereign entities to create the hermetically sealed national network economy. That seems to me the only way that they could maintain it in this case. Richard replied that no, but I think that’s a very good example because the point is, even with a technology, which is more centralized at the switching level and therefore easier to control, they weren’t able to prevent unofficial routing. So the Internet helps, for example for voice-over-IP, you don’t need a tromboning call-back or that kind of good stuff that happened in the traditional system. So, you’re right, this is a factor to consider. Personally I think that an impressive authoritarian state is going to be able to do what it wants anyway, using the good old tried and proved police state methods and they don’t need technical methods, but that’s just the value judgment.
- One comment about the IPv4 slide in the countries. I think it would look very different from what was shown, in regards to perceived historical inequality, if we were talking about IPv6.
- To reiterate the comment from earlier today that, make sure your organization’s government affairs people know whatever is going on here. And your legal staff can calculate and anticipate each process that’s going on so the right thing from your perspective happens. Otherwise you might not be able to get what you expect.
- Yes, I’m John Curran with a company called Server Vault. We’re a very secure, managed hosting company and I’m an officer of the corporation. My business is based on worldwide Internet connectivity, and my customers value that greatly. What I am trying to figure out in the present scheme of how we do address allocation, if there is any concerns about the endpoint, where traffic is going and the local laws, dealing with the sovereign power of a destination country, that’s between the recipient and the country they are sitting in. So I don’t see that there is a need to enable sovereign power, they seem to already to have in the country they’re in. And I guess in terms of address allocation, for IPv6 at least, there appears to be quite a few IPv6 addresses, and it doesn’t look like the allocation practices going forward are going to create a shortage for anyone anywhere.So because I spend my time answering questions from my customers about how the Internet works and how we get worldwide connectivity, and I value one connected Internet, and I can’t see any discrepancy in allocation and I can’t see any enablement of sovereignty through this proposal. I guess I am just trying to figure out, you’re going to confuse my life and what I have to tell my customers, and you haven’t yet said what is the motivators that these sovereign countries are thinking of, what alternative policies they may want to implement in their sovereignties, since those policies would be brought here just as easily. Richard answered that I am not trying to say this is a good thing, I am saying this is a topic that has been raised and is going to get discussed in forums whether you like it or not, unfortunately. So I would say what you need to do is to take your message to those guys and then those guys will not be on my back saying this should happen because, you know, I don’t need more work. I have enough work. More specifically, clearly in IP addressing we are not talking about contact, control, or lack of content control, although as was pointed out there might be an interaction, but that’s not the primary topic. The primary topic there would be the idea that scarce addressing resources like frequencies are public good and then who administers the public good. And there’s lots of models.
- John Curran, in a follow-up, asked to make sure I understand, people are seeking the ability to administer address space in their countries, but no has yet stated why the would like to administer this address space? Richard replied that no, you are correct. This is one of the chicken and egg things. We have had Korea standing up quite explicitly saying, “We want this.” But when you ask them, “Well, exactly why do you want it, what are the benefits and how are you going to administer it,” we haven’t seen anything. We’re still at the “I think I want this” stage.
- So the discussion is going to take place on the pros and cons of allowing the administration without any discussion of the actual application? Richard answered no, I don’t think that will be the case . Nobody has actually put in a concrete proposal to ITU or anywhere else. If they did then presumably this discussion would start and the first thing you would say, you know, “I could have the discussion here on the various proposals that are going around the table. All right, I understand this is tech – again, how would it work and now why are you trying to do that? And by the way, you don’t need that because there is a different way in which you can get the same end objective which is much neater, simpler et cetera so you don’t need this new mechanism.” But that discussion hasn’t taken place. We’re still at the sort of, “I think I want this” kind of thing.
- Adiel Akplogan, AFRINIC CEO, asked why is the ITU itself is too frightened of its membership to explain to them what is going on - what the reality is. That will save time, it will save a lot of work for you too, but that’s just the key. Richard replied that the answer is we do actually. Maybe we don’t do well enough, but the main way we do it is by organizing workshops. And again, I realize we have some restrictions on participation, but we can always invite people to really come and explain it because again the staff is not really supposed to say, “This is how it is.” The staff is really supposed to facilitate the communication between the members or invite experts who are nonmembers. So for example, in the case of AFRINIC, I think we should try to work out some kind of joint workshop between ITU and AFRINIC in Africa.
- Scott Bradner, as temporary moderator, added there are two different communities that are talking about this general concept of a sovereign-based allocation scheme. One is the ITU community and it’s a bit surprising that a random idea has percolated up to the director’s level and percolated back out again, but that shows how some of the political stuff works. The other is, that you can have WSIS come say this is the way things have to be, independent of any technical review by the ITU or anybody else. But to repeat what other people have said, get your people and your companies involved in understanding what’s going on in the WSIS environment.
- Ray Plzak concluded this discussion by thanking Richard Hill for coming and noting that this was likely the first time a representative from the ITU has spoken at any RIR forum, and that we certainly would always welcome you to come back at any time. Ray added that the Director of the ITU-T is always welcome as well and we would gladly give more time to discuss these things and have the ITU present and become a more active part of our forum.
Proposal 2005-2: Directory Services Overhaul
Speaker: Leo Bicknell, Proposal Author
Presentation (Read-only): PDF
Ray Plzak presented an introduction to the proposal. Highlights include:
- Introduced on PPML – March 9, 2005
- Presented – ARIN XV, Text unchanged from ARIN XV
- Staff Impact Analysis – October 2005
- Implementation - Very resource intensive
- Must resolve implementation questions it raises; Level of effort for development, implementation, and support after requirements are made clear.
- Implementation - Very resource intensive
- Legal Review – October 2005
- Legal review raised concerns that this may increase the litigation potential to ARIN
- Public Policy Mailing List (PPML) Discussion Summary
- Since June 2005 when author posted draft revision, 81 posts by 19 people in thread “Directory Services - Take 2.” Discussion of recommended protocols and means to deliver bulk data
- Before that, there were 2 posts by 2 people.
- Notable response: “We need to develop the purpose and scope of this directory service before coming to some sort of agreeable policy.”
Leo Bicknell, as the proposal author, continued with his own presentation on the proposal [Presentation : PDF ]. Leo chronicled the circumstances that led to the proposal being created, citing conventional wisdom that a single proposal was needed after several proposals of smaller scope had failed. He also noted that while his proposal in its entirety did not receive much support on the Public Policy Mailing List or at the previous meeting, there seemed to be an insatiable interest within the community about the issues it raised. After mentioning the Directory Service Roundtable to be held as the next agenda item, Leo stated that while he was withdrawing his proposal, the issue needs more attention than ever, and that as a community, we first need to agree on the scope of the problem that policy can address, what we want the policy to cover, and then move on to solutions. Additionally, he cited the need to educate people about what is in WHOIS, what is in directory services and that many people are really only aware of their own little corner of it because as we all know this room is very diverse. We have governments who get IP addresses, we have businesses that are big, businesses that are small. We have end users and they’ve each found their own niche as to how they fit into the system and that includes what information they provide not only to ARIN, but also in SWIP. He concluded his presentation by stating more analysis needs to be done, and that more statistics presented on the data that’s actually in there will help clarify a lot of people’s positions on how we should move forward with policy.
As the proposal was withdrawn by the author, a consensus of the room was not sought.
Directory Services Requirements Roundtable
Introductions: Ray Plzak
Discussion Moderator: John Curran
Speakers: Doug Maughan, Robert Flaim, Leo Bicknell, Mark Kosters
Ray Plzak began by stating the purpose of this discussion is not to make a policy proposal, but instead really to establish what are the needs for the proposal for policy. We’re looking at it from two perspectives. One, and Leo had them very obviously put there in the slide, is what data is ARIN to collect and then the other piece of that is what are the parties that use this data going to do with it. Obviously the parties that have interest in data associated with Internet number resources varies and so also what varies is the interest of the parties whose data is there. There are some legal concepts around who owns data. There are also some concerns about someone’s data necessarily being made available in public for everyone to use it so they can get on someone’s snail mail list, spam list, and so forth. So there are issues of privacy, and at the same time, it has to be balanced against the needs of legitimate users to have access to that type of data. So to start this discussion off and hopefully at some point in the future come up with a nice set of policy proposals once we really understand what those requirements are we’ve assembled a roundtable here and starting from the far end have Bobby Flaim from the FBI, Doug Maughan from the Department of Homeland Security, Mark Kosters, ARIN AC, and Leo Bicknell from ARIN AC, and, of course, the moderator John Curran. I will say this about the two representatives here from the U.S. Government. They are not speaking on behalf of the U.S. Government. They are not going to say these are government requirements, this is what the government absolutely requires, but what they are going to do, they are going to voice the concerns that governments have. They’re also going to voice what the needs are that the government has for data. These are not necessarily official U.S. Government positions, but the people that are saying them know the business that they do. And so in the spirit of a open and free discussion on this matter and to make sure that we hear all the voices and hear all the requirements please take it in that matter.
Ray then invited the panel speakers to make their initial presentations.
Doug Maughan Ph.D. , U.S. Department of Homeland Security, Program Manager, HSARPA
“U.S. Government Concerns with the Routing Infrastructure”
Presentation: PDF
Presentation highlights:
- Discussed what DHS has been doing on the routing side
- Created a program entitled Secure Protocols for the Routing Infrastructure
- DHS has held three workshops to discuss security requirements necessary for securing the routing infrastructure, and these meeting minutes are published and are public
- U.S. government concerns include:
- Lack of authentication on prefix assignments and ASN assignments
- The absence of processes to provide authentication on the AS to prefix mapping and making that available through the infrastructure
- The absence of processes and data associated with the suballocations
- All the legacy issues
- DHS is seeking the technical requirements for tools and services to address the issues of routing security
Robert Flaim** , U.S. Federal Bureau of Investigation, Special Agent**
“The FBI and the Internet”
Presentation: PDF
Presentation highlights:
- Explained the tools used by the Cyber Division to combat a variety of cyber crimes
- One of the most important tools used is the IP WHOIS
- They want to keep WHOIS open with all current information intact
- Inaccurate data is better than no data, sometimes it provides a starting point
Leo Bicknell** , ARIN Advisory Council**
“Directory Services Round Table - Leo’s Thoughts”
Presentation: PDF
Presentation highlights:
- Examined the current data in ARIN’s WHOIS, looking at both legacy records and what’s been submitted through SWIP
- Because of that legacy space, we’ve given out more /24s than anything else we’ve ever processed by a huge margin.
- From Randy Bush’s presentation, we know there was a 400-week lag time for some records from when IP address space was used and when it appeared in the database.
- ARIN’s database is migrating from a database of network contacts to a something resembling a phone book
- How do we get it back on track?
Mark Kosters, ARIN Advisory Council
“A Start of Defining ARIN’s Directory Service”
Presentation: PDF
Presentation highlights:
- We need to fix the current directory services dilemma, and we to do that we need to have a process to fix it
- Start over and come up with requirements from both a data perspective and an access perspective
- Get community consensus on the requirements and then have a protocol bake off
- Provided an initial list of requirements to get discussion started
A discussion period then took place.
Comments and Questions:
- John Curran started the discussion with the following question: we’ve seen both sides of the approach of how important is this data for law enforcement and for security purposes and one of the questions it begs, of course, is if it’s very clear that this information is being used for that purpose, I’m wondering from my law enforcement folks in the panel, won’t criminals just omit putting their data in place once it’s clear that these records are there for that purpose? Robert Flaim responded that I think a lot of them already do know that a lot is there to begin with and a lot of them do either put false information and leave things out but, as you know, a lot of the criminals aren’t so smart and they do leave a lot of things in there and they do leave a trail and that’s a lot of what we rely on. And also if you look at a lot of the WHOIS they might start being a little truthful and then as they continue their criminalities they start to change, they start to adopt, and they start to become a little bit wiser and that’s when they start hiding more. But, like I said, a lot of them do always leave a trail. They always leave a little something for us to go on and that’s what a lot of our work is based on.
- A question was submitted remotely: This is sort of a meta question, but I wonder how a full discussion of the issues involved in Directory Service can be held without inviting civil liberties or privacy experts as a counter balance to law enforcement on the panel. John Curran replied that in general this audience tends to self-represent their community very well, but perhaps you’re right. There should have been someone up at the panel.
- Mark, I liked what you did up there and I want to help you with that. I actually think you have a great idea. The other one is for Leo. I don’t really agree with your feature creep residence theory. My question for Bobby Flaim is that after I spent a half-hour on the phone with an FBI agent teaching him how to access WHOIS and RWhois, I’m curious does the FBI now train these specific FBI cybergroup agents that need to use those tools? Robert Flaim responded that yes, if you are on one of the cyber squads there is actually training at Quantico, but a lot of the agents who aren’t on cyber squads, which a lot of them who are probably calling you, it might be a violent crime squad, it might be a white collar crime squad, like I said, the traditional crimes, but they’re using the Internet. A lot of them aren’t trained on that. So a lot of times the cyber squads will actually help some of these other squads, but there definitely is training for those agents who are on cyber squads but, like I said, there are 11,000 agents and even though when you first go through Quantico there’s just so much to learn in the 17 weeks even though there has been more training there still needs to be even greater training considering that cyber-based crime or the use of the Internet is increasing.
- Just to take away something from this, the FBI might want to consider a link that’s internal for them if they have to do subpoenas for that type of stuff or it might show them how to actually do that. I was perfectly fine teaching them, but I really don’t want to spend too much time on the phone teaching people how to access this information.
- In response to the previous attendee’s statement, Leo Bicknell commented that I just want to say one thing about my assumption. One of the pieces of data I attempted to get before the meeting and was not easy to get for a number of reasons is I want to present how many of those /29s registered are in areas covered by a privacy policy. And that turns out be a very hard question to ask at the moment although I’m sure that can be produced. And I think that statistic is something the membership needs to see.
- One of the things that I heard you talk about was that if this database has all the information anybody would ever want in there, but there would be restricted views depending on who you were, et cetera, it seems to me that that needs to be a very flexible operation because the international demands upon what can be or cannot be seen by different audiences probably varies considerably all the time. And then if the database has, in fact, views restricted, but comprehensive amounts of information then if there was some failure of those view controls so that a lot of the information escaped then there might be potentially significant liabilities.
- Richard Hill from ITU offered the following comment. One is this is another example of what I find a fascinating difference between one technology and another technology because there are pretty draconian rules in almost all countries regarding tracing of telephone resources. And, for example, for those who follow these terrorist things the use SIM cards in the GSM phones that are closely tracked and both the Madrid bombers and I believe the Bali bomber were tracked down from SIM cards that were left over when the devices exploded because, as our colleague from the FBI said, not everybody is knowledgeable enough to know about electronics. So, again, this is fascinating. Why is it that in one world we have these draconian tracking requirements and in the other world we don’t? I’m not saying which is right and which is wrong, just an interesting difference as we look at convergence. On a more forward looking and positive note I’m not an expert on this stuff, but people I know who I think are knowledgeable do say that IRIS is a very good thing.
- There was a second court decision restricting the use of mobile phone triangulation without adequate protection. There’s a strong question of what data may be collected, what data may be viewed, and by whom. And I think that’s an issue of policy. In the registries it’s also an issue of requiring some protocols. It’s also an issue of how do you restrict access to our data, how long, et cetera The real issue isn’t the WHOIS protocol. The real issue is what information you store and how you present it. And we can get hung up on protocol because of all this and try to encode our policy in a protocol and that’s a tough road to hoe. But who’s the customer? Who are the people for whom we’re trying to hold and present these data? Is it operational? Is it law enforcement? Our job isn’t necessarily to make law enforcement easier. Where law enforcement is too easy it’s called a police state. Mark Kosters responded that one of the things that has come up with Leo’s policy proposal is that all these people are coming at ARIN from so many different angles and they all consider themselves customers of ARIN. And since they don’t see what the other sides are they’re not able to really have any real conversation. That’s what I’m hoping that the requirements actually will solve.
- Leo Bicknell asked for a clarification from the attendee who brought up the issue of encoding policy in the protocol, inquiring that one of the things you said earlier in your comment that you glossed over and so I want to ask it specifically and make sure I heard you correctly is do you believe that people’s opinions on what data should be available change based on what protocol we discuss providing it in? The attendee responded that how data is made, what data are selected and how those data are made visible and to whom is a cultural, geopolitical issue and it varies. And if we try to take the protocol and make it able to represent all the constraints in policies, the sum of all those venues, then only an organization which loves complexity as much as the IETF could contemplate doing so. And that’s why 15 years later we are still using WHOIS.
- Would anyone on the panel like to pick up on the comment that it’s not our job to make law enforcement easier? Leo Bicknell responded that to a certain extent I think some of the law enforcement comments are orthogonal to the directory services question. They need access to data. We don’t need to stand up here and say we don’t like law enforcement for whatever reason so we’re not going to show them the data and we’ll let the network operators have it. That’s not what anybody wants to do. But, like I said, it seems obvious to me the law enforcement point of view is the extreme one. If they could, and maybe some private company would come along and do this for them, they would like to have a mapping of individual IP address, the name, address, telephone number, Social Security number, mug shot, fingerprint, and I don’t say that to be flippant. It’s what they want. They always want the most amount of information immediately and that is not a technical or policy driver. That’s a fact.
- But that is a legitimate desire on their part. The question is not whether that is a legitimate desire on their part. The question is how much it is our job to provide that information.
- I hope this issue gets a lot more discussion. I’m just concerned right now because directory service is probably the second most important thing to operating the registry. Leo followed up with the question of does the fact that IRIS exist change the way we look at policy? Do we pick that spec up and go it has A, B, and C in it so our policy must be to do A, B, and C? The attendee replied I don’t think so. ARIN’s protocol is going to be to transport information and what that information represents can be changed. I mean, it’s a schema, language, and so on. Whatever we decide we want to expose through that can be defined later on. It’s a vehicle transporting information back and forth and it actually has built into it the ability to do authorization-based information too. I can identify who I am and get back more information because I have certain authorization credentials.
- I’m here just as a researcher. I’m interested in this from an historical perspective and there is a lot of information embedded in WHOIS that really doesn’t exist anywhere else. And so, as you make a transition from whatever we have now to whatever you want it to be, I’d like to find a mechanism that transitions this data between those so it’s not lost because while we researchers have some of it, we’re not going to be here tomorrow and maybe we would want something else and delete that to save space on our hard disk.
- I’m one of the architects for the VeriSign directory service bureau. I have a lot of experience in this area in terms of the procedures to use I wonder do you see a lot of precedent on PSTN and the way that you have to apply your data to be applicable here in terms of an example of data actually turning into some phone book and why wouldn’t those tried and true processes be suitable for your needs? Robert Flaim answered that If I understand your question correctly, the way that it’s set up now we can actually get a lot of good information from what’s on there now. And I think one of my main points was that that’s good. Obviously in a perfect world part of our job is to get the most information we can as expeditiously as we can. And what we have now is we’re able to get a lot of public information in a quick and efficient manner and obviously we want to keep that. In so far as special circumstances with exigent subpoenas, so on and so forth, we do do that. We do continue to use that. The whole point here is that if things are going to change and the directory services are going to change and it’s going to be restructured we just want to let people know that what we get now is good and very helpful and I don’t think we want to overstep our boundaries in so far as the legal processes or people’s rights or privacy issues that are in place now.
- The irony in this really gives me goose bumps because I have this history in my head now, so I know that in 1966 DARPA funded the creation of this architecture, which by the way is 20 years older than the thing you said was too old, and the routing architecture which is 10 years older than what you said was too old. So I see a lot of similarities between this panel and yesterday’s panel. You need to do innovation in this architecture, right, and this is an innovation in the middle, not the edge. And this is an innovation that needs the same two things that IPv6 does, which is capital and incentive for the people who have to actually do work with their hands. And so really the law enforcement aspect of this discussion is a bit of a red herring. What I see in these guys, at least in DHS, I know, is a source of capital, little tiny bits of capital. Doug Maughan replied that was incorrect. The attendee continued, saying what DHS is not running yet is a source incentive, but I think what I hear the Government saying is if you guys cooperate on this thing for your best interest what would the others’ best interest be and here’s what our interests are the same, not demanding anything right now, just trying to express what their concerns are and there are legitimate concerns to bring to the table. I agree obvious concerns about the price and similar type of stuff should be brought to the table too, but I think we are missing that we have two issues here. We’ve got capital and we’ve got incentive issues. So we really ought to open our eyes on what do we do about those issues and how can we carry our responsibility forward in protecting whatever it is we are protecting.
- Doug Maughan responded that we don’t have a large pile of money to do capital investment. What I did say is what we are interested in doing is providing funding for tool development, but only after what we see to be an architectural agreement for moving forward. So while I think what Mark and others propose is in fact this is a need for a re-architecting, if you will, of something that’s maybe old and out of date. But our view from the standpoint of capital is that ARIN is an organization that collects membership fees. There is nothing that says they can’t pay for this effort to do the re-architecting and the incentive, I would think, should come from the members of ARIN that say the existing system isn’t meeting our needs, one of which is the US Government that says we have needs as well. We’re interested in using the tools and the data as well. There should be other ARIN members that should say what is there today that doesn’t meet what we need and therefore our view is ARIN should make the decision to go off and do the re-architecting. From a government’s side we’ll certainly need to be an interested party at the table and in the R&D space providing funding where necessary. All tools DHS pays for would be open source, not only to the US, but to the world.
- Leo Bicknell added that the idea of getting people to the table and incentive have been mentioned, and I think they both apply to one group that does not often speak and so I’m going to step on a thorn here slightly. One of the groups who have the most invested in this data set is the ARIN staff. Usually they don’t speak at an ARIN meeting for very, very good reasons and I don’t want them to necessarily drive this, but I think we need to get them a little more involved in this particular discussion because they may well have some internal incentives in how they process this and changes they would very much like to see for their own reasons and in this case, unlike much of our allocation policy, that’s actually a valid customer-user person who has to deal with this data. John Curran responded that I should say at the end of the day we’ll figure out how to staff, automate, systemize, to meet the members’ needs, but rest assured I guarantee you that any proposal that comes out or any direction will get heavy review and comment by the staff in how to implement it or what it takes. So I agree there’s an implementation question that’s very important. I think not only ARIN staff, but the other RIR staffs will be heavily involved. In some ways there are lots of opinions there, it’s just getting the members to voice some.
- I actually have two questions really, a user question and a use question. It would be nice if the data that is used today, tomorrow, the next generation, wherever it may be has the ability to link the POCs and the ASN and all the different parts that make up the data about me and link it together in some reasonable fashion and change the linkages as changes happen. The next question is that each one of those parts should probably also have the ability to have privacy stuff turned on and off to offer granularity and I’d like some authentication of the request method as well.
- The main issue that I see, I think it’s summed up in Bobby’s last slide there about that report about the differences between privacy, stewardship, abuse, and law enforcement and how we balance all four of those pillars in creating a directory service that actually works for all of those people. And I think one of the issues that we’ve struggled with the past couple of years with this issue is we hear that there are privacy issues, but no one clearly enumerates what they are or what they should be to us so we’re wandering in the dark and saying well, if we put private residence here in these fields is that good enough or other types of things like that and more involvement, I think, from the civil libertarian perspective as well as law enforcement probably would be warranted to help us. When we come to these making decisions at least having all the opinions so that we can make a good judgment call in that area. That’s just one example of how we decide what we should or shouldn’t do.
- A remote participant stated it is a Directory Services requirement, because policy dictates the kind of access controls on the information. Certainly law enforcement may need the information and should be able to go through due process of the legal system in order to obtain it when necessary. The policy decision is whether the info should be freely available to them without due process. And the response to the policy question dictates how the tools should work.
Final comments from roundtable panel:
- Robert Flaim: I just want to say thanks for allowing me to express my views on behalf of law enforcement. Like Ray said, it’s not the official view, but just to give you a little synopsis of how we use WHOIS and hopefully the future directory services. Thank you.
- Doug Maughan: As I mentioned, I think we do have some concerns from the US Government side. I think this is an opportunity for the ARIN membership to discuss and decide on how to move forward. It has a lot of angles, privacy, et cetera, and the whole data structure issue may very well be a tough computer science problem, but it’s worth tackling as you go forward.
- Mark Kosters: So as I’ve heard a lot of these comments I’ve heard the start of a number of different requirements that actually you could put into this and I look forward to seeing a number of these comments in writing so we can get to work and get this thing taken care of.
- Leo Bicknell: I think we’ll find over the next probably two to five years that the two things that are going to consume us at ARIN meetings are going to be Internet governance and directory services. I think this is going to be paramount on many people’s minds. There are obviously very important people very concerned about what data is there and how they can access it. And so I think this is an important topic that everyone needs to really pay attention to.
ip6.int Deprecation
Speaker: Ginny Listman, ARIN Director of Engineering
Presentation (Read-only): PDF
Ginny Listman gave a presentation on the history of ip6.int and a schedule to phase out ip6.int. Highlights include:
- ip6.int was established to handle reverse DNS for IPv6 until the technical issues were resolved. The technical issues were resolved, so the maintenance of ip6.int is no longer required. The phase-out plan for the ARIN region is:
- February - April 2006 - announcements made through NRO, to ARIN mailing lists and to IPv6 POCs
- May 2006 - formal notification to zone administrators
- June 2006 - remove all delegations and discontinue registration
There were no questions or comments.
Proposal 2005-1: Provider-independent IPv6 Assignments for End Sites
Speaker: Owen DeLong and Kevin Loch, Proposal Authors
Presentation (Read-only): PDF
Ray Plzak presented an introduction to the proposal. Highlights included:
- Introduced on PPML – September 1, 2005
- Presented – ARIN XV
- Merged and Revised – September 23, 2005
- Staff Impact Analysis – October 2005
- ARIN departments - no significant implementation impact
- Legal Review – October 2005
- “… Does not create legal issues that need disclosure or analysis
- Public Policy Mailing List (PPML) Discussion Summary
- There were 14 posts by 8 people. Notable responses included:
- “[This] is a compromise to try and get some form of PI policy on the books…”
- “…consider extending the time frame of assignment to 2 years… 25,000 [devices] x 2 years.”
- There were 14 posts by 8 people. Notable responses included:
Kevin Loch, the author of the proposal, continued with the presentation [Presentation: PDF ] of the proposal, stating that the need for PI space, which is what this proposal addresses, is that despite the promises that IPv6 made in the beginning no technology solution yet exists to replace PI assignments, which is how we’re doing this in IPv4 for end sites that need to do is. Shim6 keeps coming up as a solution to this; it does not solve all of the problems that need to be solved. And even if it did, as we know from previous presentations, it’s not here today.
General Comments:
- This thing we’re doing worrying about filter size is driving me crazy. F-root has a /48 for one host because that’s the policy and we really should have been able to do it with a /128, but we were apparently worried about filtering. I think we should have the correct policy from the point of view of what makes sense, that is, if a lot of addresses are allocated and we run out of address space, and things that we are properly supposed to be worried about. We should not try to do policy based on what we do and do not think would be filtered.
- I believe that the goal of the proposal is to help people to actually go to IPv6, but it seems like that goal is in contradiction with the numbers that we are talking about. Also, I don’t think it’s a good idea to move to a different prefix like a /44. I understand that that’s big enough to facilitate the distinction of different networks, but there is also another thing to consider. In some regions they have policy for critical infrastructure. If we are raising the limit as high as 100,000 devices… maybe what we’re going to do is to change the policy for critical infrastructure to include big networks because obviously these cases are critical Kevin Loch agreed that setting the bar too high defeats the purpose of facilitating the adoption of IPv6.
- I don’t see how the fact that these people would be getting a /44 instead of a /32 is really relevant. The fact is that for 200 networks that ISPs were doing with the /48s, that’s a lot more than the 16 /48s that are here in this policy. The /44 was kept partly because of the desire of the proposers that they didn’t want to have a cycle of coming back for more space. They figured that /44 for a single entity should be something most people could live with. I think that was not a bad choice and I’m not quite sure why people are concerned about that. I had also talked to them about using subnets and, as Kevin said, they were concerned because part of the justification for this policy is that the large entities renumbering costs are at least partially related to the size or the number of things that have to be renumbered, that is, devices. Some have commented here that large entities will not go to IPv6 if they’re going to be held captive by provider allocated space.
- We took a perfectly good policy proposal from the last meeting and we authored it by committee and dumped a big pile of draconian garbage on top of it which across the board made it less attractive to us. So maybe we should look at rolling some of this back. Then we’ll have policy that will work for exchange points, that will work for root servers, and it will work for big corporations and so forth like we all want it. I’m not sure why it didn’t pass the last time. We often nitpick the heck out of something before realizing that we all support it in the first place. I would suggest getting rid of the number of devices requirement. Maybe there is a number of subnets requirement that would be in proportion. An ISP can give out 200 subnets with 200 hosts in it, right? If you have to be 5,000 times larger as an end site to get a block, that’s unfair. I also don’t care about /44; /44 is fine for me. IPv6 purists, you’d rather see everything on fixed boundaries, but I’ve been doing flexible boundary stuff since CIDR. I’m for less documentation work needed, less work for the staff.
- This particular proposal seems to be going against something we just talked about this morning which is the other multi-homing thing, trying to make it so we don’t have to number and renumber and renumber and renumber and whatever. So you might want to consolidate that… the requirement of already having two prefixes seems to me a little funky. But I think I qualified for this. I’ve got 400,000 nodes. I can go in and turn on IPv6 on most of them because they’re Microsoft boxes and the other 25,000 or 20,000 or so are Macs and they just come with it. I’ve got two links both of which are capable of v6. One is configured for it. The other one we haven’t decided whether it’s worthwhile doing it. So I think I qualify. But I think it’s the wrong approach. And I echo what some of the other folks have said here. I think we need to pop up a level and just understand the future we want the network to look like relative to large sites. Large IPv4 sites, they’re multi-homed. Why don’t we want that in v6? There are a lot of big organizations who are simply not going to go to IPv6 until they can be assured that they’re not going to be held hostage by some provider. So we need some higher level of thinking about how we want to approach it. I don’t think it’s the right conceptual approach. We need to back up and look at it conceptually. If you got IPv4 address space, then why don’t we get qualified for a IPv6 allocation? That seems to be a logical thing, independent of the IPv6 nature. If IPv6 takes off or if it doesn’t take off, that’s just the way it goes. Kevin Loch asked the previous speaker if he would want to tie getting a direct assignment in IPv6 with some holding of IPv4 addresses. The speaker responded that yes, having IPv4 should be a logical starting point to decide whether you should qualify for v6.
Statements For and Against:
- The question is what’s a reasonable number to set for subnets? Is it 2,048, is it twice that, is it 100,000? I don’t know. I’m glad to see that there is not much question, though, as to whether we need something like this and it’s more of a debate about where the dials need to be set as far as whether people are eligible because I know of several organizations who, regardless of whether this is actually routable on the public Internet in the default free zone or not… that IPv6 adoption internally for intra- and inter-company communication on private internets is being held up by the fact that they can’t get PI space at this time. So regardless of where we decide to set the dials as far as availability I would really like to see this go forward and it is just fine if we set them high and decide to inch them back down in another nine months.
- I am for the proposal; it’s a good first step. However, I don’t think you’re going to see a lot of adopters. The way to encourage IPv6 is to encourage the transit providers.
- I want to address routing table overflow. How many routes are we going to have for the routing table? For me in the default-free zone carrying full routes with a IPv4 routing stack and a IPv6 routing stack that’s a big deal. Let’s look at the numbers. 80K IPv6 Internet routes. 166K IPv4 Internet routes. Add to that your internal deaggregates for IPv4, easily to 50 to 100K prefixes. Add to that your internal IPv6 prefixes which are at least one for every customer. You very quickly get to a very big number, 400-500K prefixes in the routing table. I need five years to test and deploy new routers and I need to be able to afford them. I’m against the proposal. Am I the only carrier in the default-free zone that’s concerned about the numbers?
- I’m for the proposal, drop some of the requirements. I understand the concerns, I sympathize with a lot of the concerns; however, those concerns, to me at least, aren’t a reason to stop IPv6 adoption and the lack of the PI space is a real challenge. As somebody who is not a tier 1 ISP having space that if I move from one provider to another and I can jump them monthly and quite a few other people do as well, is a requirement. That is the whole reason for PI space. It must be provider-independent and I happen to think that you really need it for IPv6 adoption.
- I guess I’d have to say that my current sense is that the policy proposal as written is sufficiently useless that I think no one will object to it.
- I think this is an important policy and we need something in place but, I also think we need to think very carefully about what we’re doing because we’re taking a step in a direction we haven’t gone with IPv6 before. This is going to have implications for a long time to come. And if we don’t get it right and we’re not careful what we do here we may look back a few years later to say oops, we shouldn’t have done it that way. I’m against it in its current form. I think we need to work on it a bit more.
- We need something that’s PI space. I don’t know if this policy is it, but I don’t believe my company will adopt IPv6 until there is the PI space. I don’t believe a lot of the companies out there will do it either until there is PI space or there is some other multi-homing mechanism. From what I’ve heard of shim6, from what I’ve heard of everything else, PI space is the only way to multi-home right now. The other point I wanted to make is that the /44 to demarcate this space versus the other space seems to be not the way it’s normally done. Every other policy that I’ve read where there’s a special kind of allocation, micro-allocation or whatever, it’s done out of a special net block. If you want to do /44s out of a special net block, great, but I really think something should be in the policy that says this needs to come out of a pool that’s used for this type of allocation because there will be people who want to say I’m willing to accept /44s or /48s from this pool. These are different allocations with different rules and in my opinion they should come out of different pools. So that doesn’t stop you from doing it. It just is a little bit of extra work that you have to do that provides some extra information to the community and to filters they seem fit. The other point I wanted to make is that we definitely, as has been said before, need to consider the restrictions we’re placing on people’s ability to use the space they’re given. The policy says if you get a /32 as an ISP you have to advertise that as a /32. Does that mean that if you have multiple discrete networks that you can’t advertise the aggregates or you have to advertise the aggregate plus the deaggregates? If you’re inside multiple discrete networks same question, can you advertise the /44 or can you advertise /48s, can you advertise both? I really think we’re in a world where the RIRs are setting the policy for the aggregation and deaggregation. There hasn’t been time for the ISPs to work out amongst themselves what their policies are going to be so until that happens I think we need to be careful on the one hand not to restrict people so much that they can’t multi-home in an effective manner or allocate their addresses to their multiple discrete networks in an effective manner. On the other side, as I’ve already heard, you have to be careful not to totally break the hierarchy. So those are the things to consider, but in my opinion we need to do this or something like this or IPv6 will not get off the ground until we’re absolutely forced to use it. Kevin Loch replied that regarding making assignments out of special space, that’s not in the proposal, I had assumed, perhaps naively, that ARIN would automatically do this as they have in the past. Maybe that does need to be in there explicitly. That was certainly the intent even if it wasn’t stated.
- I supported the proposal last time without the requirements. I support it this time. I don’t necessarily support the requirements because that would effectively, I think, eliminate almost everybody who might come in to request address space. That said, I don’t know that I would necessarily go to zero as a requirement.
- You asked earlier if anyone supports the proposal. I support the proposal. And I support the proposal for a very simple reason. We’ve run out of time. It’s nice to talk about let’s go back, let’s do it right, let’s make sure things work, whatever. I’ll pick on people in the room because they said when UUnet fails to upgrade their network and goes belly up and loses all their customers I’d like to get those customers. We’re out of time. Make it work. I think this proposal is the worst IPv6 proposal I’ve ever seen, but we can’t afford six more months of talking about it and so let’s do it. I think ARIN’s job is to make sure that good routing is possible, but it is not ARIN’s job to tell people what good routing is. So if we’re going to allocate somebody a /44 worth of space we shouldn’t give them 16 individual /48s all spread apart that can’t be aggregated. That would be really stupid. We should give them one /44 they can announce one of. If someone would like to filter on a /48 boundary or a 47 or a 2 boundary or whatever he and the gentlemen at NANOG can set business policy to ensure the stability of their networks and that has no business at an ARIN meeting. And I want to actually give you a recommendation there. Many of the size things that we have in the IPv4 world are an artifact of what happened in the past. And I think, for instance, if in IPv6 all of the root servers were /128 announcements out of a very small, well defined block then major providers would have no problems allowing /128s for critical infrastructure. But because they’re not from a small, well defined, easy to allow through my filters block, and because people like you haven’t done it there’s no incentive to. I’m not going to design a network where root servers don’t work. Please put them in one small block and announce them as /128s. The operators will figure it out. It’s one routing slot. We just need to be able to ensure it’s only root service. Thank you.
- My comment is multihoming is a business decision. It has nothing to do with size. A small network like the NASDAQ Trading Network that has less than 200 surely wants to be multi-homed. We had problems with routing in the past. Vendors were there to bail us out time and time again. Do you want to continue this cycle in the future? Then let me point out that with IPv6 there’s a very good chance that this cycle will be shorter. I can foresee a day where I can’t finish my upgrade before starting a new upgrade. That’s not going to work in my network with its size. And the last comment I wanted to make was yes, shim6 is being worked on, but other solutions like shim6 or things may never come to pass if we start giving out space that people can deaggregate because they all need one. And is that the future that we want to have? That we commit to growing the route table?
- Everybody’s saying to adopt v6. We are already doing v6. It’s on our backbone. We’re just moving forward. So I need to know because I have a /32 whether I can chop it up because I have 18 ASs. And if I can’t, should I just go get a /13 for each of my ASs? I have a problem with that personally because it’s an awful waste of space. And my little teeny guys that I have could get by with a /22 for each of them. I would have to get this type of space for them, that or if I can chop up a /32 and just place them in a small block. They’re in the smallest aggregatable block would be out there, a /48 or a /32 or whatever. Who’s willing to step up and say what the smallest routing block is going to be? Who is it? Kevin Loch responded that it’s the networks that either filter your route or do not and people are announcing deaggregates today and they will tomorrow and the next day and there’s not a whole lot ARIN can do about it in IPv6 when you’re not coming back for more addresses.
Questions/Responses/Clarifications:
- /44, what’s to stop somebody from deaggregating and announcing /48s? People do that all the time. So using the size of the allocation as the distinctive thing that says it’s one of these is probably not a useful thing. I’m not saying that the deaggregation is the problem, but it doesn’t uniquely distinguish these as portable allocations. The size of them doesn’t distinguish them. Maybe they should be out of a specific block or something that says oh, it’s a /44, it’s one of these. Kevin Loch replied that there is absolutely nothing to prevent someone from deaggregating and announcing /48s today. I actually checked my IPv6 tables before coming up here and there were almost 100 /48s in my table. I don’t filter this for a variety of reasons. Those are my reasons. I’m sure everybody else has their own policy. But they’re there. Right now it’s not a problem because it’s only about 710 records and we don’t really care about that. If they’re not announcing the /44 then that’s the risk they probably shouldn’t take because some folks probably will filter. Definitely there will be somebody who’ll filter out the /48s if you don’t have the /44 out there so the /44 route itself is a distinguishing factor in what it enables you.
- Businesses that might be making use of this policy may in fact have a very strong business case for deaggregating. That’s the way they break that up internally and so just going out and saying we’re going to give this to you, but you can’t use it the way your business needs to use it is not useful. On to the last point about the 100,000 node thing, you’re measuring the wrong thing. You’re thinking IPv4 and you’re thinking end points. In IPv6 you’re allocating networks. So the benchmark, if there’s going to be a benchmark, needs to be in terms of numbers of subnets, you’re allocating subnets, you’re not allocating hosts, and the policy should be talking about subnets. Kevin Loch replied that that was considered as an alternative or an additional requirement. The problem is with the subnet there’s no effort or cost effectively associated with creating a very large number of subnets. All you need is two machines and say I have got 65,000 subnets.
- I strongly suggest adding to such a policy that, if specific assignments are supposed to be recognized as a special class, then there are techniques available in database that are used that could be easily used to identify an address block. When the RIRs are handing out prefixes of certain minimum size there are ways where database information can be easily imported into available tools for making use in defining filter policies. Kevin Loch replied that this is being misunderstood. The idea of the /44 isn’t absolutely to say you should route this or you shouldn’t route deaggregated /48s from these /44s. That’s entirely up to the operator community. Each person sets their own filters. Do whatever you want. What it is saying is if you get to the point were you have millions of deaggregated /48s and something has to give this might be a smart thing to do to make it easier for folks to filter if they want to.
- I support the fact that we’re measuring the wrong thing by measuring devices. The scale is the number of subnets you have, not hosts. I’m talking about a certain number of /64s that actually exist. Need to look at this in a more IPv6-centric way. Second point is concerning deaggragating the /44s, do we expect that dual stack routers won’t be able to handle all of the sites that are currently announcing IPv4 space, lots of IPv4 space, lots of IPv4 prefixes, and be able to handle the IPv6 prefixes?
- Why is multi-homing a requirement in this proposal, why is it required to be currently multi-homed? Kevin Loch responded that multihoming could be something as trivial as getting a tunnel from two different IPv6 networks. That’s easy to do. The real trick of that requirement is not multi-homing. I know that sounds like you’re supposed to be announcing deaggregated /48s. That’s really not what it says. Multi-homing in the traditional definition, I think there was some discussion about this on the NANOG list, you’re connected to two networks and at least one of those is assigned a /48 out of PI space to you indicating you’re using something on IPv6 today, not that you’re announcing deaggregated routes. There is no requirement here to announce anything. You simply need to have IP addresses from two different upstream providers. It could even be tunneled. It doesn’t mean that you’re using that in what we classically think it’s used for multi-homing. It’s merely you’re using IPv6 today is really what that boils down to.
- Are you going to require that you have to announce a single aggregate? I didn’t see that in your proposal, but it is there for other space. Kevin Loch said that’s a good point. The ISP /32 do need to be announced as single aggregates and that was not included in this proposal. That’s a good observation. The current proposal obviously makes no mention of announcing it as a single aggregate, but I’m not sure what happens if you break that rule since not many ISPs are going to be going back for more space. I’m not sure how we would enforce that.
- Why can a small ISP obtain IPv6 space, but not a company as large as 10,000 subnets? If somebody provides services to, let’s say, 100,000 computers who cares whether it’s an ISP or a big company? Why the distinction between ISPs and end sites? And, I’m looking not at the slide, but what’s written down, it says 100,000 nodes that must be advertised through a single aggregated prefix. So my interpretation of the policy is that you must not deaggregate and I was basing my comment on that we will not be able to deaggregate these prefixes if we get them. Kevin Loch replied that the distinction, of course, is that an ISP is providing transit services to customers and the end sites are not. That is, of course, the definition of end site. Another attendee replied that in my routing policy, and I’m looking not at that slide, but what’s written down, says 100,000 nodes that must be advertised through a single aggregated prefix. So my interpretation of the policy is that you must not deaggregate and I was basing my comment on that we will not be able to deaggregate these prefixes if we get them.
- An attendee stated that he’d like to respond to a comment by Lea Roberts, and stated there is inconsistency with yesterday’s discussion. We need to think about what message we’re sending here when we tell folks you get one shot at this. You have to get the right number up front and never come back. The other message is you tell them, we don’t care, but we’re going to make you come back and it doesn’t matter what it’s going to cost you. You keep coming back. Those are inconsistent messages. Lea responded that I think that the concept is that the “little guys” or whatever are obviously a much smaller number of devices on whatever number of subnets they actually have deployed. I would readily grant you that a lot of people would be able to have a lot more than 100,000 devices on 250 subnets, but it’s not as likely. So, I mean, I think what you’re confusing is the difference between provider allocated space and provider independent space and personally from the discussions yesterday I would still like to see people always get enough space where they could grow. This is probably a lot more than most people need and it’s the idea to give them enough so that they would be able to grow as far as they possibly can. And I would advocate the same thing for assignments from PA space as well, that /56 should go to cell phones, /52 should go home offices, whatever, to have that same level of growth. But that’s not the same policy as this, is it? The attendee responded back and said I understand. I wasn’t trying to say it was the same policy. I was trying to say the message coming from this group is inconsistent. I agree with what you just said so as long as we’re crisp about the message then it’s fine. The other issue is never come back and so if a large organization that qualifies under this realizes in three of four years oh, wait a minute, we actually need two of those /44s because we’re actually that big they’re toast. There are significant problems with this that need to be reworked and just redrawn. That was just in response to yours. Another thing, we have to step back and redo the approach to how we handle this routing and that’s a business practice issue, it’s not a technology issue.
End of Discussion:
John Curran took a straw poll to determine the consensus of the room. There was no clear consensus for the proposal as is.
Another question was posed, “Should the ARIN AC continue work on end-user, provider-independent IPv6 space?” There was consensus to continue this work.
Ray Plzak echoed a request to the people who responded to the poll to please sign up and post to the Public Policy Mailing List.
Open Microphone
Speaker: Moderator: John Curran
- A comment was submitted remotely: Hopefully people here have followed posts on PPML this week. Quick summary is that ARIN has made a recommendation on its website that ISPs not enter address for SWIP made for residential customers where as the current policy text is not a recommendation, but simply an option for ISPs to do so presumably after getting such request from their customer. The general question I’d like to raise if doing such policy-like and somewhat political recommendation is appropriate without having had this discussed with community to find consensus. My personal view is that it is not and this should have gone through the policy process and that recommendations that are appropriate are technical ones that deal with efficiency with ARIN registration process. Ray Plzak responded that there is a discrepancy there and we’ll take care of it.
Closing Announcements and Meeting Adjournment
Speaker: Ray Plzak, ARIN President and CEO
Ray Plzak made closing announcements, thanked Equinix, the sponsor of the meeting network connectivity and Terminal Room, and adjourned the Public Policy Meeting at 5:31 PM PDT.
Sponsor
OUT OF DATE?
Here in the Vault, information is published in its final form and then not changed or updated. As a result, some content, specifically links to other pages and other references, may be out-of-date or no longer available.