From michael.dillon at bt.com Sun Jul 1 07:38:34 2007 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Sun, 1 Jul 2007 12:38:34 +0100 Subject: [ppml] [GLOBAL-V6] How to get a IPv6 /32 the cheap way: go to AFRINIC In-Reply-To: <467BEC67.5080307@spaghetti.zurich.ibm.com> References: <467BDA31.4030607@spaghetti.zurich.ibm.com><200706221526.46024.aalain@trstech.net> <467BEC67.5080307@spaghetti.zurich.ibm.com> Message-ID: > I've sent it to all the RIR lists as it affects global policy > decisions: that a single RIR is acting in their own good > without even having asked their own membership about this situation. In general, when there are no explicit rules for appealing decisions of some group, the accepted appeal process is to begin by appealing directly to the group which made the disputed decision. The next step is to appeal to whichever body oversees that group. And so on. In this case, has an appeal been made to the AfriNIC hostmasters who made the allocation? Has an appeal already been made to the AfriNIC board of directors? Has an appeal been made to the AfriNIC membership? Has an appeal been made to the NRO directly? If not, then I don't see that this issue is relevant to ARIN or RIPE. Until the groups listed above have been given the opportunity to deal with the issue, ARIN and RIPE have no role in this. In addition, the appeal must be done sequentially, i.e. the person appealing the issue must allow a reasonable time for the issue to be considered before escalating the appeal to the next level. My sense is that none of this was done, and the appeal is being broadcast everywhere at once in an attempt to sling mud. This is not acceptable. And yes, Africa is a special case. It is a very large area in which the telecommunications structure is very complex, unlike Europe where the complainant lives. Wars and political disputes as well as hostile environments mean that all levels of the network from physical upwards, will have so-called "waste" which does not exist in Europe. That includes IP addressing. In this case AfriNIC is not conveniently located in one large well-connected city as in Europe or North America. Instead it is in 3 widely separated locations where you simply cannot connect by running three private lines. --Michael Dillon From michael.dillon at bt.com Sun Jul 1 07:44:45 2007 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Sun, 1 Jul 2007 12:44:45 +0100 Subject: [ppml] on PPML? - was Re: How to get ... In-Reply-To: <467BEE48.6050108@spaghetti.zurich.ibm.com> References: <467BCF8B.4090308@spaghetti.zurich.ibm.com> <200706221451.l5MEpIQP012336@ns1.afrinic.net> <467BE9A1.80008@spaghetti.zurich.ibm.com> <467BEE48.6050108@spaghetti.zurich.ibm.com> Message-ID: > As an exercise, remind me again where Canada is, does this > fall in ARIN region or in the AfriNIC region? > > Then please try to explain me why I saw this recently: > 2001:42c8::/32 Canada TGB-V6-AFRICA Canada is not where you think it is. There is Canadian territory in many African countries. It is convention for foreign embassies to be treated as the territory of the foreign nation. In any case, you are pointing out something that has existed since day 1 in the IPv4 world. What is the point. Nobody has ever seen enough of an issue to make policy covering this situation. We are not engineers here, we are politicians. Politics is the art of making 80-20 decisions which means that inevitably, there is complex stuff that is not covered by policies. I wouldn't want to see bridges designed by politicians, but I also dislike the idea of engineers making policy in the same way that bridges are designed. --Michael Dillon From michael.dillon at bt.com Sun Jul 1 08:32:20 2007 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Sun, 1 Jul 2007 13:32:20 +0100 Subject: [ppml] RIR Shopping, Table Growth x5? In-Reply-To: <20070623171426.GA22425@ussenterprise.ufp.org> References: <20070623171426.GA22425@ussenterprise.ufp.org> Message-ID: > If you're a global company though, it would seem the current > policies in all of the regions lead us down a path to 5 > prefixes per ASN. > That is, each company would get a prefix from each RIR. As far as I am aware, there is no policy which requires a global network operator to get addresses from each of the regions where their network has a footprint. While some global network operators do indeed get blocks from multiple RIRs, others do not. My company operates a global network and we decided to get all our addresses worldwide from ARIN. At the time, the corporate head office was in the USA but that was a minor factor in the decision. We already had some ARIN addresses from an acquisition back in the early days of the Internet and it seemed easier to manage just one RIR relationship. The two major factors in dealing with only one RIR was that our network design was a central function (although the people sat outside the ARIN region) and that we did not want to deal with the internal route explosion (and related complexity) that Leo mentioned. Should there be a policy external to our company that required us to choose one way or the other? I don't think so. At this point in time, companies are free to follow the path that we did or the path that VSNL Teleglobe did based on their own internal technical, operational or management needs. This is a good thing even if it does allow some companies to do RIR shopping. I am not aware of any negative effects of RIR shopping that would justify a restrictive policy in this area. --Michael Dillon From owen at delong.com Mon Jul 2 03:01:43 2007 From: owen at delong.com (Owen DeLong) Date: Mon, 2 Jul 2007 00:01:43 -0700 Subject: [ppml] Policy Proposal: Resource Reclamation Incentives In-Reply-To: <46871609.9060508@internap.com> References: <371EB4EE-C2FE-46CD-BAF9-DB35937B572A@delong.com> <480dad640706301938geaf4152k9bd9b44163a6abca@mail.gmail.com> <46871609.9060508@internap.com> Message-ID: <5D70BD2F-6117-407E-81D4-6454AE22353A@delong.com> Yes... I thought that was the literal meaning of them rather than a between-the-lines interpretation, but, I am open to wordsmithing as well as substantive suggestions for improvement. Owen On Jun 30, 2007, at 7:48 PM, Scott Leibrand wrote: > I think what Owen meant was: > > 1. If the organization does not currently pay ARIN fees, their > remaining IPv4 resources shall remain fee exempt. > > and > > 4. All organizations returning space under this policy shall, > if they meet other eligibility requirements and so request, obtain > an appropriate IPv6 end-user assignment or ISP allocation as > applicable, with no fees for these IPv6 resources for the first 5 > years.... etc. > > I presume that the normal rules (that you pay the greater of your > IPv4 or IPv6 fees, not the sum) will still apply in such > situations, meaning that a legacy IPv4 holder who returns some of > their space and gets an IPv6 block will begin paying fees, based on > their IPv6 space, after 5 years. > > Owen, am I reading between the lines correctly? > > -Scott > > P.S. Aaron, you might want to update the From: line your mailer > generates. :-) > > heh heh wrote: >> Owen, >> Doesn't #1 and #4 conflict with each other or am I missing something? >> #1 says that they will remain exempt >> #4 says that anyone returning will be exempt for 5yrs >> So, if I return legacy space, which one do I fall under? >> >> Aaron >> >> On 6/28/07, *Owen DeLong* > > wrote: >> >> Here's an attempt to partially drain the swamp and create some >> incentives >> for legacy holders to both return available IPv4 space and >> start using >> IPv6. >> >> Comments welcome. >> >> Owen >> >> >> Template: ARIN-POLICY-PROPOSAL-TEMPLATE-1.0 >> >> >> Policy Proposal Name: Legacy Outreach and Partial Reclamation >> Author >> name: Owen DeLong >> email: owen at delong.com >> telephone: 408-921-6984 >> organization: JITTR Networks >> >> Proposal Version: 0.0.1 >> Submission Date: 2007 April 22 >> Proposal type: M >> new, modify, or delete. >> Policy term: permanent >> temporary, permanent, or renewable. >> Policy statement: >> Modify section 4.6 as follows: >> >> 4.6 Amnesty Requests >> ARIN will accept the return or relinquishment of >> any address space >> from any existing address holder. If the address >> holder wishes to >> aggregate into a single block, ARIN may work with >> the address holder >> to arrive at an allocation or assignment which is >> equal to or smaller >> than the sum of their existing blocks and which >> best meets the needs >> of the existing holder and the community. There >> shall be no fee for >> returning addresses under this policy. Further, >> organizations >> returning addresses under this policy shall >> receive the following >> benefits: >> >> 1. If the organization does not >> currently pay ARIN >> fees, they shall remain fee >> exempt. >> >> 2. If the organization currently >> pays >> ARIN fees, >> their fees shall be waived for >> two >> years for >> each /20 equivalent returned, >> with >> any fractional /20 >> equivalent resulting in a one- >> time >> single year waiver. >> >> 3. Any organization returning >> address >> space under >> this policy shall continue under >> their existing >> RSA or they may choose to sign >> the >> current RSA. >> For organizations which currently >> do not >> have an RSA, they may sign the >> current RSA, or, >> they may choose to remain without >> an RSA. >> >> 4. All organizations returning space >> under this >> policy shall, if they meet other >> eligibility >> requirements and so request, >> obtain an >> appropriate IPv6 end-user >> assignment >> or ISP allocation as applicable, >> with no fees >> for the first 5 >> years. Organizations electing >> to receive IPv6 >> allocation/assignment under >> this provision must sign a >> current >> RSA and >> must agree that all of their IPv4 >> resources are >> henceforth subject to the RSA. >> Organizations >> taking this election shall be >> subject to end-user >> fees for their IPv4 resources not >> previously >> under an ARIN RSA. If they are >> already an >> ARIN subscriber, then IPv4 >> resources >> affected by this process may, >> instead, be added to >> their existing subscriber >> agreement at the >> address holder's discretion. >> >> Rationale: >> >> The current amnesty policy does a nice job of >> facilitating >> aggregation, which was the intent when it was >> drafted. However, >> as we approach IPv4 free-space exhaustion, the >> community now >> has an additional need to facilitate address reclamation. >> >> A very high percentage of underutilized space is in the >> hands of >> legacy holders who currently have no benefit to joining >> the ARIN >> process. Further, there is an unfortunate perception >> that >> doing >> so will require force the legacy holder into certain >> future >> disadvantages. >> This proposal attempts to resolve both of those issues >> while also >> providing some incentive to legacy organizations to start >> using >> IPv6 resources and bring their IPv4 resources into the >> ARIN >> process. >> >> This policy attempts to provide some benefit and remove >> most of >> the costs of making partial IPv4 returns. It also >> attempts to >> provide an incentive for these IPv4 holders to join >> the ARIN >> process. >> >> Timetable for implementation: >> >> Immediate >> >> Meeting presenter: >> >> TBD, probably Owen DeLong >> >> END OF TEMPLATE >> _______________________________________________ >> This message sent to you through the ARIN Public Policy >> Mailing List >> (PPML at arin.net ). >> Manage your mailing list subscription at: >> http://lists.arin.net/mailman/listinfo/ppml >> >> >> --------------------------------------------------------------------- >> --- >> >> _______________________________________________ >> This message sent to you through the ARIN Public Policy Mailing List >> (PPML at arin.net). >> Manage your mailing list subscription at: >> http://lists.arin.net/mailman/listinfo/ppml From michael.dillon at bt.com Mon Jul 2 07:49:14 2007 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Mon, 2 Jul 2007 12:49:14 +0100 Subject: [ppml] Policy Proposal: Resource Reclamation Incentives In-Reply-To: <5D70BD2F-6117-407E-81D4-6454AE22353A@delong.com> References: <371EB4EE-C2FE-46CD-BAF9-DB35937B572A@delong.com><480dad640706301938geaf4152k9bd9b44163a6abca@mail.gmail.com><46871609.9060508@internap.com> <5D70BD2F-6117-407E-81D4-6454AE22353A@delong.com> Message-ID: > If the address > holder wishes to > aggregate into a single block, ARIN > may work with > the address holder > to arrive at an allocation or > assignment which is > equal to or smaller > than the sum of their existing blocks Why equal to or smaller? If the agreggate allocation is LARGER than the sum of the existing blocks and yet still is fully justified, what is wrong with that? Note that your wording means that an organization which is about to apply for additional addresses, needs to wait until after they have received their next allocation, then immediately return it back with all their old addresses to get an aggregate allocation. This is twice the hassle for both ARIN and the applicant organization. The key criteria must be that the allocation given to the org is fully justified. There is no need to pick nits and have a different requirement than a normal allocation. Since an org needs to do a complete review of their addressing situation before applying under this policy, it should allow, and perhaps even encourage orgs to apply for both an additional allocation and the aggregation process at the same time. As far as all the language about exemption, I strongly disagree. Every holder of IP address resources must sign the same RSA that we sign and pay fees according to the same fee schedule under which we pay fees. There must be a level playing field. If an organization can reduce the number of distinct route announcements into the public Internet by aggregating multiple allocations into one, then we should allow and encourage that. But not by creating a special class of address holder, the IP address nobility. There are parallels to this in regard to immigration status in the USA. Illegal immigrants live and work in the USA but pay no taxes. The government could either give these people citizenship and allow them to continue to be free from paying taxes, or the government could give them citizenship and require them to follow all the laws that other citizens follow, including paying income tax. In both cases, the illegal immigrants' past transgressions are being forgiven. The various US amnesty bills since 1986 have forgiven past transgressions but have not given special status in the future. --Michael Dillon From stephen at sprunk.org Mon Jul 2 09:55:27 2007 From: stephen at sprunk.org (Stephen Sprunk) Date: Mon, 2 Jul 2007 08:55:27 -0500 Subject: [ppml] Policy Proposal: Resource Reclamation Incentives References: <371EB4EE-C2FE-46CD-BAF9-DB35937B572A@delong.com><480dad640706301938geaf4152k9bd9b44163a6abca@mail.gmail.com><46871609.9060508@internap.com><5D70BD2F-6117-407E-81D4-6454AE22353A@delong.com> Message-ID: <007c01c7bcb5$1f00b130$583816ac@atlanta.polycom.com> Thus spake >> If the address holder wishes to aggregate into a single block, >> ARIN may work with the address holder to arrive at an >> allocation or assignment which is equal to or smaller >> than the sum of their existing blocks > > Why equal to or smaller? If the agreggate allocation is LARGER > than the sum of the existing blocks and yet still is fully justified, > what is wrong with that? There's already existing policy covering that, and there's no reason to give people incentive for something that benefits them (i.e. getting more addresses). This proposal gives people an incentive for something that benefits the community (i.e. returning addresses). > Note that your wording means that an organization which is about to > apply for additional addresses, needs to wait until after they have > received their next allocation, then immediately return it back with all > their old addresses to get an aggregate allocation. This is twice the > hassle for both ARIN and the applicant organization. I'm sure if an org wanted to submit requests for new space and aggregation at the same time, ARIN staff would be able to do that in a single step instead of how you describe. > The key criteria must be that the allocation given to the org is fully > justified. There is no need to pick nits and have a different > requirement than a normal allocation. The point of the proposal is to deal with orgs who have legacy space that _isn't_ justified. > If an organization can reduce the number of distinct route > announcements into the public Internet by aggregating multiple > allocations into one, then we should allow and encourage that. We already have an aggregation policy for that. > But not by creating a special class of address holder, the IP > address nobility. There already _is_ a special class: legacy holders. Counsel has indicated that all we can do is incent such folks into becoming part of the normal class, not force them into compliance, and this proposal attempts to use one of the few carrots ARIN has at its disposal. S Stephen Sprunk "Those people who think they know everything CCIE #3723 are a great annoyance to those of us who do." K5SSS --Isaac Asimov From owen at delong.com Mon Jul 2 11:21:15 2007 From: owen at delong.com (Owen DeLong) Date: Mon, 2 Jul 2007 08:21:15 -0700 Subject: [ppml] Policy Proposal: Resource Reclamation Incentives In-Reply-To: References: <371EB4EE-C2FE-46CD-BAF9-DB35937B572A@delong.com><480dad640706301938geaf4152k9bd9b44163a6abca@mail.gmail.com><46871609.9060508@internap.com> <5D70BD2F-6117-407E-81D4-6454AE22353A@delong.com> Message-ID: On Jul 2, 2007, at 4:49 AM, wrote: > >> If the address >> holder wishes to >> aggregate into a single block, ARIN >> may work with >> the address holder >> to arrive at an allocation or >> assignment which is >> equal to or smaller >> than the sum of their existing blocks > > > Why equal to or smaller? If the agreggate allocation is LARGER than > the > sum of the existing blocks and yet still is fully justified, what is > wrong with that? > Existing policy already covers this. This policy does not remove that other policy. > Note that your wording means that an organization which is about to > apply for additional addresses, needs to wait until after they have > received their next allocation, then immediately return it back > with all > their old addresses to get an aggregate allocation. This is twice the > hassle for both ARIN and the applicant organization. > No, it doesn't. It means that an organization has to apply for their convergence under a different policy. Suggest you read NRPM 4.7 > The key criteria must be that the allocation given to the org is fully > justified. There is no need to pick nits and have a different > requirement than a normal allocation. > Except this policy is there specifically to allow an organization which has legacy space to retain as much of their space as they choose to while returning what they are willing to. In many cases, this may be more than they could actually justify under current policy, but, since the alternative would be forcing them to keep ALL of their space in order to avoid such a provision altogether, I think this is an improvement. > Since an org needs to do a complete review of their addressing > situation > before applying under this policy, it should allow, and perhaps even > encourage orgs to apply for both an additional allocation and the > aggregation process at the same time. > There are other policies that cover that situation. > As far as all the language about exemption, I strongly disagree. Every > holder of IP address resources must sign the same RSA that we sign and > pay fees according to the same fee schedule under which we pay fees. > There must be a level playing field. > OK, so, you'd rather force the holders that are not under RSAs to keep all of their space and return none of it in order to remain fee exempt? That doesn't make a lot of sense to me. I'm not exempting anyone who is already paying fees (except in the case where they return sizeable chunks of address space, and, in those cases, I think the exemptions are worth while in order to encourage the returns). > If an organization can reduce the number of distinct route > announcements > into the public Internet by aggregating multiple allocations into one, > then we should allow and encourage that. But not by creating a special > class of address holder, the IP address nobility. > See NRPM 4.7 It covers this quite well. This proposal does not change 4.7. It also doesn't target what you are describing. This proposal is targeted at LEGACY HOLDERS who are already a special class of address holder and attempts to find ways to make them less special. Hopefully this clarification allows you to see the proposal more clearly for what it is and the benefits it offers. > There are parallels to this in regard to immigration status in the > USA. > Illegal immigrants live and work in the USA but pay no taxes. The > government could either give these people citizenship and allow > them to > continue to be free from paying taxes, or the government could give > them > citizenship and require them to follow all the laws that other > citizens > follow, including paying income tax. In both cases, the illegal > immigrants' past transgressions are being forgiven. The various US > amnesty bills since 1986 have forgiven past transgressions but have > not > given special status in the future. > Except that there are some key differences: 1. Legacy holders are not here illegaly. 2. Legacy holders can't be deported. 3. Legacy holders can remain and continue not paying "taxes" without any risk because they haven't violated any law/rules. 4. Legacy holders are already exempt from ARIN contracts because they never signed one and ARIN is not a governmental organization, so, is unable to make "laws" which require actions or payments from entities with no contractual relationship. Owen From andrew.dul at quark.net Mon Jul 2 12:04:44 2007 From: andrew.dul at quark.net (=?iso-8859-1?Q?Andrew=20Dul?=) Date: Mon, 02 Jul 2007 08:04:44 -0800 Subject: [ppml] Policy Proposal: Resource Reclamation Incentives Message-ID: <20070702160445.29481.qmail@hoster908.com> In general I support the idea to provide a policy that would allow legacy holders to exchange or reduce their assignments easily. A few notes below. Andrew > > On 6/28/07, OWEN DELONG <[LINK: mailto:owen at delong.com] owen at delong.com> > > 1. If the organization does not currently pay > ARIN > fees, they shall remain fee exempt. I would support a fee waiver for a specific number of years (maybe 10?) not an indefinite waiver. > > 2. If the organization currently pays ARIN > fees, > their fees shall be waived for two years > for > each /20 equivalent returned, with any > fractional /20 > equivalent resulting in a one-time single > year waiver. Here I would like to see a cap on the maximum number of years they receive a fee waiver. > > 3. Any organization returning address space > under > this policy shall continue under their > existing > RSA or they may choose to sign the current > RSA. > For organizations which currently do not > have an RSA, they may sign the current > RSA, or, > they may choose to remain without an RSA. I personally believe that any action that an organization has with an RIR at this point should be done with a valid RSA in place. From michael.dillon at bt.com Mon Jul 2 14:00:46 2007 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Mon, 2 Jul 2007 19:00:46 +0100 Subject: [ppml] Policy Proposal: Resource Reclamation Incentives In-Reply-To: <007c01c7bcb5$1f00b130$583816ac@atlanta.polycom.com> References: <371EB4EE-C2FE-46CD-BAF9-DB35937B572A@delong.com><480dad640706301938geaf4152k9bd9b44163a6abca@mail.gmail.com><46871609.9060508@internap.com><5D70BD2F-6117-407E-81D4-6454AE22353A@delong.com> <007c01c7bcb5$1f00b130$583816ac@atlanta.polycom.com> Message-ID: > There already _is_ a special class: legacy holders. Counsel > has indicated that all we can do is incent such folks into > becoming part of the normal class, not force them into > compliance, and this proposal attempts to use one of the few > carrots ARIN has at its disposal. Who said anything about forcing them? In my view, there is *NO* special class of address holders. Those legacy holders are not a special class, they are either ignorant of the rules or they are blatantly flouting the rules. In either case, they are *NOT* a special class and have no special rights. If it ever came to it in the courts, the likelihood is that the courts will once again rule that legacy address holders must comply with the ARIN rules and policies which all other address holders comply with. The playing field must be made as level as we can without extraordinary effort. That's why we don't actively take legacy holders to court and try to force them to sign the RSA and pay their fare share of the fees. To do that would be extraordinary effort. But at the same time we must not in any way actively provide benefits to those who flout the rules and leech off the rest of us. If these organizations are going to continue to flout the rules, I would rather leave them in exactly the same state they are today, not provide the benefit of an aggregate allocation. Also, note that an organization must exert considerable effort to renumber into a new allocation, and the only real reason to do that is to be a good network citizen. But if they want to be a good network citizen, then they can simply sign the RSA, start paying membership fees, and turn back any extra addresses that they may have. This is all possible today with no change in policy. --Michael Dillon From michael.dillon at bt.com Mon Jul 2 14:26:15 2007 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Mon, 2 Jul 2007 19:26:15 +0100 Subject: [ppml] Policy Proposal: Resource Reclamation Incentives In-Reply-To: References: <371EB4EE-C2FE-46CD-BAF9-DB35937B572A@delong.com><480dad640706301938geaf4152k9bd9b44163a6abca@mail.gmail.com><46871609.9060508@internap.com> <5D70BD2F-6117-407E-81D4-6454AE22353A@delong.com> Message-ID: > 1. Legacy holders are not here illegaly. Legacy holders are violating the rules that the industry has collectively agreed upon. The legacy holders are not playing fair. There are obviously shades of grey here but the legacy holders are closer to being here illegally than those who sign the RSA and pay their membership fees. > 2. Legacy holders can't be deported. They could be deported, i.e. the legacy resources could be taken away from them by suing them in court. I wouldn't recommend doing that at this time, but it may be that the industry collectively will decide to begin doing that as IPv4 resources become scarcer. > 3. Legacy holders can remain and continue not > paying "taxes" > without any risk because they haven't violated > any law/rules. This is not true. They are in violation of ARIN rules and they run several risks. First, they may be seen to be acting unfairly and thus lose business. Secondly they may have their addresses reclaimed either through operational actions (filtering announcements) or through court action. I believe that these risks will increase as IPv4 addresses get close to exhaustion. > 4. Legacy holders are already exempt from ARIN contracts > because they never signed one and ARIN is not a > governmental > organization, so, is unable to make "laws" > which require actions > or payments from entities with no contractual > relationship. The law is not that simple. There are such things as common law and case law. At least one court has already ruled that an organization must sign ARIN's RSA and follow ARIN's rules and policies in order to transfer an address allocation from another organization. Unless there are U.S. laws that specifically address IP address allocations, it is not clear which other laws, existing or new ones, might apply to IP address allocations and the ARIN relationships. That kind of thing gets settled in court cases which is why it is called case law. I believe that if ARIN did implement any policy granting special waivers and benefits to organizations in violation of ARIN's rules and policies, that would weaken ARIN's case-law position. That is why I will not support any such policy. In fact, given the unlikeliness of an organization going through the pain of renumbering to be a good network citizen, I suspect that this policy was introduced as an attempt to weaken ARIN's case-law position. --Michael Dillon From owen at delong.com Mon Jul 2 14:26:33 2007 From: owen at delong.com (Owen DeLong) Date: Mon, 2 Jul 2007 11:26:33 -0700 Subject: [ppml] Policy Proposal: Resource Reclamation Incentives In-Reply-To: References: <371EB4EE-C2FE-46CD-BAF9-DB35937B572A@delong.com><480dad640706301938geaf4152k9bd9b44163a6abca@mail.gmail.com><46871609.9060508@internap.com><5D70BD2F-6117-407E-81D4-6454AE22353A@delong.com> <007c01c7bcb5$1f00b130$583816ac@atlanta.polycom.com> Message-ID: <46E36065-3BF7-4889-9EAB-C251AF991E25@delong.com> On Jul 2, 2007, at 11:00 AM, wrote: >> There already _is_ a special class: legacy holders. Counsel >> has indicated that all we can do is incent such folks into >> becoming part of the normal class, not force them into >> compliance, and this proposal attempts to use one of the few >> carrots ARIN has at its disposal. > > Who said anything about forcing them? > In my mind, you did. > In my view, there is *NO* special class of address holders. Those > legacy > holders are not a special class, they are either ignorant of the rules > or they are blatantly flouting the rules. In either case, they are > *NOT* > a special class and have no special rights. If it ever came to it > in the > courts, the likelihood is that the courts will once again rule that > legacy address holders must comply with the ARIN rules and policies > which all other address holders comply with. > Um, not exactly. They are NOT SUBJECT to the rules. They have no contractual relationship with the RIRs and no reason to believe they need one. The courts have never ruled that. I don't know what makes you think they would rule that way again given that they never have. Steve Ryan has stated that we don't likely have any such case against legacy address holders and that we would likely loose. When it comes to a legal opinion on this subject, I tend to believe Steve before I would believe you. > The playing field must be made as level as we can without > extraordinary > effort. That's why we don't actively take legacy holders to court and > try to force them to sign the RSA and pay their fare share of the > fees. Actually, I believe the reasons are: 1. There isn't enough money in the fees to justify the effort. 2. We wouldn't be likely to win even if we did (at least according to Steve Ryan). 3. It would be very expensive and time consuming. 4. It would also probably create some fairly massive publicity that would be negative to both sides. > To do that would be extraordinary effort. But at the same time we must > not in any way actively provide benefits to those who flout the rules > and leech off the rest of us. If these organizations are going to > continue to flout the rules, I would rather leave them in exactly the > same state they are today, not provide the benefit of an aggregate > allocation. > I hate to break it to you, but, existing policy provides that benefit already. This proposal doesn't seek to change that fact. Instead, it seeks to provide them some benefit and encouragement to RETURN addresses which will benefit the community. Please try to look at the issues the policy attempts to address instead of continuing down this rathole of other existing policies that are already on the books. Please re-read the existing NRPM 4.6 and 4.7 and then let's discuss this in terms of the changes being proposed instead of how much you dislike what is already on the books. > Also, note that an organization must exert considerable effort to > renumber into a new allocation, and the only real reason to do that is > to be a good network citizen. But if they want to be a good network > citizen, then they can simply sign the RSA, start paying membership > fees, and turn back any extra addresses that they may have. This is > all > possible today with no change in policy. > True, but, obviously, there are reasons it's not happening. I know that there are legacy holders with contiguous chunks of unused address space. I believe that this policy would facilitate them returning more space than current policy. As such, I think this policy would put us in a better place than we are today. I agree it is not a complete solution, but, my measure of good policy change is "Does it put us in a better place than we are today?", rather than "Does it solve all problems in one fell swoop?" Owen From owen at delong.com Mon Jul 2 14:38:17 2007 From: owen at delong.com (Owen DeLong) Date: Mon, 2 Jul 2007 11:38:17 -0700 Subject: [ppml] Policy Proposal: Resource Reclamation Incentives In-Reply-To: References: <371EB4EE-C2FE-46CD-BAF9-DB35937B572A@delong.com><480dad640706301938geaf4152k9bd9b44163a6abca@mail.gmail.com><46871609.9060508@internap.com> <5D70BD2F-6117-407E-81D4-6454AE22353A@delong.com> Message-ID: <4DD72BCA-F856-407C-9EC2-3152936F55C4@delong.com> On Jul 2, 2007, at 11:26 AM, wrote: > >> 1. Legacy holders are not here illegaly. > > Legacy holders are violating the rules that the industry has > collectively agreed upon. The legacy holders are not playing fair. > There > are obviously shades of grey here but the legacy holders are closer to > being here illegally than those who sign the RSA and pay their > membership fees. > No. They are not. The industry has, generally collectively agreed that legacy holders are grandfathered under a different set of rules. The fact that you don't like this collective decision is another matter. >> 2. Legacy holders can't be deported. > > They could be deported, i.e. the legacy resources could be taken away > from them by suing them in court. I wouldn't recommend doing that at > this time, but it may be that the industry collectively will decide to > begin doing that as IPv4 resources become scarcer. > Well... According to ARIN's lawyer, we probably wouldn't win on that one, so, I'm not inclined to believe your statement over that of Steve Ryan. >> 3. Legacy holders can remain and continue not >> paying "taxes" >> without any risk because they haven't violated >> any law/rules. > > This is not true. They are in violation of ARIN rules and they run > several risks. First, they may be seen to be acting unfairly and thus > lose business. Secondly they may have their addresses reclaimed either > through operational actions (filtering announcements) or through court > action. I believe that these risks will increase as IPv4 addresses get > close to exhaustion. > They aren't subject to ARIN rules. They have no contractual relationship with ARIN and there is no legal basis for claiming that they should be subject to ARIN rules. ARIN has no force of law other than the contractual relationships they have with the recipients of ARIN resources. So far, nobody seems to be boycotting Harvard or MIT because of their legacy address space. I don't think such a thing is likely in the future. I don't know of any organization who is losing business because of their possession of legacy addresses. Do you? Secondly, I think operationally, such actions against the larger holders of legacy addresses (i.e. the ones that matter in terms of this policy) would be unlikely because, generally, ISPs don't want to piss-off large clients. Court action has been deemed unlikely to succeed by someone I am convinced knows way more about it than you do, so, I think you're wrong on that as well. As to the risks increasing, well, perhaps, but, I don't think they will ever increase to meaningful proportions. >> 4. Legacy holders are already exempt from ARIN contracts >> because they never signed one and ARIN is not a >> governmental >> organization, so, is unable to make "laws" >> which require actions >> or payments from entities with no contractual >> relationship. > > The law is not that simple. There are such things as common law and > case > law. At least one court has already ruled that an organization must > sign > ARIN's RSA and follow ARIN's rules and policies in order to > transfer an > address allocation from another organization. Unless there are U.S. > laws > that specifically address IP address allocations, it is not clear > which > other laws, existing or new ones, might apply to IP address > allocations > and the ARIN relationships. That kind of thing gets settled in court > cases which is why it is called case law. > While you sort of have that right, you've missed some key points of the situation... The ruling was that ARIN was not required to take action outside of ARINs documented processes and procedures. That ARIN could not be required to transfer the block unless the recipient organization complied with ARINS policies and procedures. That is a far cry from implementing ARIN policies on an existing holder of resources. I believe the legal term for such an action would be a "law of ex post facto". Correct me if I am wrong, but, I believe there is a constitutional prohibition of such things... Yep... Article 1 section 9... Section 9. ... No Bill of Attainder or ex post facto Law shall be passed. ... (from http://caselaw.lp.findlaw.com/data/constitution/article01/) > I believe that if ARIN did implement any policy granting special > waivers > and benefits to organizations in violation of ARIN's rules and > policies, > that would weaken ARIN's case-law position. That is why I will not > support any such policy. > Perhaps. I'm discussing that matter with Steve Ryan off-list. We're working on finding a way to address the issues in question without such consequences. > In fact, given the unlikeliness of an organization going through the > pain of renumbering to be a good network citizen, I suspect that this > policy was introduced as an attempt to weaken ARIN's case-law > position. > You can suspect all you want, but, I can tell you that I am pretty sure I know better than you the intent of the introduction of this policy. The intent is to remove some of the barriers to address space reclamation and to encourage legacy holders to begin using IPv6 and join the ARIN community and process. Frankly, I find your accusation baseless and offensive. Owen -------------- next part -------------- An HTML attachment was scrubbed... URL: From tedm at ipinc.net Mon Jul 2 15:49:15 2007 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Mon, 2 Jul 2007 12:49:15 -0700 Subject: [ppml] Policy Proposal: Resource Reclamation Incentives In-Reply-To: <4DD72BCA-F856-407C-9EC2-3152936F55C4@delong.com> Message-ID: >From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net]On Behalf Of Owen DeLong >>On Jul 2, 2007, at 11:26 AM, wrote: Owen, it's bad form to post HTML mail pleast stop it. We all aren't running non-complaint mail clients and it makes quoting difficult. >> but the legacy holders are closer to >>being here illegally than those who sign the RSA and pay their >>membership fees. >No. They are not. The industry has, generally collectively agreed that >legacy holders are grandfathered under a different set of rules. The fact >that you don't like this collective decision is another matter. The industry has grandfathered the legacy holders into the system because it is to the industries benefit, NOT to the legacy holders benefit. Because the Internet is IPv4 now, we need to know who the legacy holders are. Thus it benefits us to keep an eye on them. Once we switch to IPv6 there will be less and less incentive for the rest of us who have switched to IPv6 to worry about IPv4 numbered sites that don't want to play by the rules. Thus there will be a huge incentive to boot the non-paying legacy holders out the door. I would push for ALL records for commercial legacy holders to be stripped from the RIR's after IPv4 exhaustion, and for non-profits to be stripped 2 years later, unless that is they sign RSA's and start paying money to the RIR's. Those IPv4 addresses can then be available for reassignment. If I'm an ISP that desperately needs IPv4 addresses post-IPv4 exhaustion, and ARIN tells me "we don't got any clean addresses for you, but we will assign you addresses that a legacy holder is currently using and has no right to use on a temporary basis" then you bet your ass that I will start advertising those addresses. The legacy holder can then go bitch to his interconnects, I will sit tight with my allocations, and all of the intermediate networks will see that I have a right to those numbers (because I'm in the whois) and the legacy does not (since they are in nothing) and who do you think is going to "win" I may not be able to use those new IPv4 addresses for a year, perhaps, but during that year things will be extremely difficult for the lgacy holder, their users will be screaming at them because of being unable to get to various websites and so on, and that will provide incentive enough for the lgacy holder to sign an RSA and start paying. Or to vacate the addresses. >>They could be deported, i.e. the legacy resources could be taken away >>from them by suing them in court. >Well... According to ARIN's lawyer, we probably wouldn't win on that >one, so, I'm not inclined to believe your statement over that of Steve >Ryan. I don't see the need to sue anyone. If the lgacy holders who refuse to give up their IPv4 allocations and switch to IPv6 want to go off and form their own little IPv4 Internet with their own RIR then more power to them. It will be the right of any IPv6 site to block IPv4 access from the rogues that don't want to play fair. Extremely large legacy organizations are not going to give up access to customers on IPv6 networks, that serves as enough incentive for them to switch over. >They aren't subject to ARIN rules. They have no contractual relationship >with ARIN and there is no legal basis for claiming that they should be >subject to ARIN rules. ARIN has no force of law other than the contractual >relationships they have with the recipients of ARIN resources. >So far, nobody seems to be boycotting Harvard or MIT because of their >legacy address space. I don't think such a thing is likely in the future. >I don't know of any organization who is losing business because of their >possession of legacy addresses. Do you? That isn't the issue. The issue is that Harvard and MIT have students that will want to go to websites that will eventually switch over to IPv6, (because IPv4 will not be available) and if those sites are boycotting legacy holders, then Harvard's own students will start agitating for Harvard to fix things. And all it takes is one angry man with the force of law behind him. If ARIN withdraws sponsorship of Harvards' ARIN whois records, and assigns the IP subnets that, lets' say, Harvard's nameservers are on to Mr Michael Dillion, just how long do you think that Harvard will have a viable Internet connection? Harvard and MIT may be big and powerful compared to you or me, but they are nothing compared to the rest of the Internet. >Secondly, I think operationally, such actions against the larger holders >of legacy addresses (i.e. the ones that matter in terms of this policy) >would be unlikely because, generally, ISPs don't want to piss-off >large clients. What is your definition of an ISP? I hae read about a single individual in the past who gamed the system and now has something like a /18 and has no more ISP to his name than Burger King does. >Court action has been deemed unlikely to succeed by >someone I am convinced knows way more about it than you do, so, >I think you're wrong on that as well. Ah, yes, I'd love to see this one: Harvard Plaintiff: "Your Honor, Defendant is wilfully disrupting our Internet service to thousands of students and costing us millions of dollars by using the IP addresses that we were assigned" Judge: "Assigned by who?" Plaintiff: "well they were assigned by these dead guys out of a spiral notebook sometime about 40 years ago" Judge: "Is this how IP addresses are assigned in this industry?" Plantiff: "Uh, well, no not really" Judge: "Baliff, please throw these people out of the court, suit has no grounds to be filed" >>In fact, given the unlikeliness of an organization going through the >>pain of renumbering to be a good network citizen, I suspect that this >>policy was introduced as an attempt to weaken ARIN's case-law position. Interesting. Do you apply such a litmus test to all ARIN proposals, Michael? >You can suspect all you want, but, I can tell you that I am pretty sure >I know better than you the intent of the introduction of this policy. >The intent is to remove some of the barriers to address space reclamation >and to encourage legacy holders to begin using IPv6 and join >the ARIN community and process. I completely disagree with the idea of giving away more free stuff to legacy holders. I also completely disagree with the idea that the legacy holders should get away without signing an RSA. ARIN and the RIR's have a big giant stick they can use with the legacy holders, the threat of withdrawing whois records for legacy holders. I believe the first step needs to be to tell the legacy holders that by the time IPv4 runout occurs they MUST HAVE SIGNED an RSA that committs them to paying ARIN for IP assignment. If you want to carrot and stick them, then tell the legacy holders that runout is planned for year 2012, and for every year they delay signing an RSA they will lose a year of fee deferrment. In other words, if they sign right now, 5 years in advance of planned runout, they will get 5 years of fee exemptions POST runout. (ie: fees will be exempted until 2017) If they sign next year, 4 years in advance of planned runout, they get only 4 years of fee exemption post runout, (ie: no fees until 2016) If they sign 3 years they only exempt until 2015. And so on. If they do not sign at all then on planned runout, 2012, their records will be struck from WHOIS and their IP numbers will be allocated to new requestors post actual runout. The only way that a controlled transition will EVER happen from IPv4 to IPv6 is to get EVERY holder onto RSA's then start jacking up fees to retain IPv6, with exemptions to organizations that have dual-stacked. As the years go by the fees for single-stacking on IPv4 will get higher and higher and the discounts for dual-stacking on IPv4 and IPv6 will get higher, and IPv6-only sites will get the steepest discounts. I simply do not believe an orderly transition can happen if a large percentage of IPv4 holders are not under RSA. Ted From kkargel at polartel.com Mon Jul 2 16:04:12 2007 From: kkargel at polartel.com (Kevin Kargel) Date: Mon, 2 Jul 2007 15:04:12 -0500 Subject: [ppml] Policy Proposal: Resource Reclamation Incentives In-Reply-To: <46E36065-3BF7-4889-9EAB-C251AF991E25@delong.com> Message-ID: <70DE64CEFD6E9A4EB7FAF3A0631410667070F3@mail> Just a thought, but while it is true that the legacy holders have no obligation to ARIN (or any other RIR), so ARIN has no obligation to them. If their IP's were treated as bogon it would certainly change the status quo. > -----Original Message----- > From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On > Behalf Of Owen DeLong > Sent: Monday, July 02, 2007 1:27 PM > To: michael.dillon at bt.com > Cc: ppml at arin.net > Subject: Re: [ppml] Policy Proposal: Resource Reclamation Incentives > > > On Jul 2, 2007, at 11:00 AM, wrote: > > >> There already _is_ a special class: legacy holders. Counsel has > >> indicated that all we can do is incent such folks into > becoming part > >> of the normal class, not force them into compliance, and this > >> proposal attempts to use one of the few carrots ARIN has at its > >> disposal. > > > > Who said anything about forcing them? > > > In my mind, you did. > > > In my view, there is *NO* special class of address holders. Those > > legacy holders are not a special class, they are either ignorant of > > the rules or they are blatantly flouting the rules. In either case, > > they are > > *NOT* > > a special class and have no special rights. If it ever came > to it in > > the courts, the likelihood is that the courts will once again rule > > that legacy address holders must comply with the ARIN rules and > > policies which all other address holders comply with. > > > Um, not exactly. They are NOT SUBJECT to the rules. They > have no contractual relationship with the RIRs and no reason > to believe they need one. The courts have never ruled that. > I don't know what makes you think they would rule that way > again given that they never have. > > Steve Ryan has stated that we don't likely have any such case > against legacy address holders and that we would likely > loose. When it comes to a legal opinion on this subject, I > tend to believe Steve before I would believe you. > > The playing field must be made as level as we can without > > extraordinary effort. That's why we don't actively take > legacy holders > > to court and try to force them to sign the RSA and pay their fare > > share of the fees. > > Actually, I believe the reasons are: > 1. There isn't enough money in the fees to justify > the effort. > 2. We wouldn't be likely to win even if we did (at > least according > to Steve Ryan). > 3. It would be very expensive and time consuming. > 4. It would also probably create some fairly > massive publicity > that would be negative to both sides. > > > To do that would be extraordinary effort. But at the same > time we must > > not in any way actively provide benefits to those who flout > the rules > > and leech off the rest of us. If these organizations are going to > > continue to flout the rules, I would rather leave them in > exactly the > > same state they are today, not provide the benefit of an aggregate > > allocation. > > > I hate to break it to you, but, existing policy provides that > benefit already. > This proposal doesn't seek to change that fact. Instead, it > seeks to provide them some benefit and encouragement to > RETURN addresses which will benefit the community. Please > try to look at the issues the policy attempts to address > instead of continuing down this rathole of other existing > policies that are already on the books. Please re-read the > existing NRPM 4.6 and 4.7 and then let's discuss this in > terms of the changes being proposed instead of how much you > dislike what is already on the books. > > > Also, note that an organization must exert considerable effort to > > renumber into a new allocation, and the only real reason to > do that is > > to be a good network citizen. But if they want to be a good network > > citizen, then they can simply sign the RSA, start paying membership > > fees, and turn back any extra addresses that they may have. This is > > all possible today with no change in policy. > > > True, but, obviously, there are reasons it's not happening. > I know that there are legacy holders with contiguous chunks > of unused address space. I believe that this policy would > facilitate them returning more space than current policy. As > such, I think this policy would put us in a better place than > we are today. I agree it is not a complete solution, but, my > measure of good policy change is "Does it put us in a better > place than we are today?", rather than "Does it solve all > problems in one fell swoop?" > > Owen > > _______________________________________________ > This message sent to you through the ARIN Public Policy > Mailing List (PPML at arin.net). > Manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml > From stephen at sprunk.org Mon Jul 2 16:28:57 2007 From: stephen at sprunk.org (Stephen Sprunk) Date: Mon, 2 Jul 2007 15:28:57 -0500 Subject: [ppml] Policy Proposal: Resource Reclamation Incentives References: <70DE64CEFD6E9A4EB7FAF3A0631410667070F3@mail> Message-ID: <022e01c7bce8$4ab292c0$583816ac@atlanta.polycom.com> All, In the interests of saving everyone time (and post-mortem equestrian abuse), I'd like to remind folks of the legacy space panel discussion from the recent meeting in San Juan. The presentation, summary, and transcript are all available online at: http://www.arin.net/meetings/minutes/ARIN_XIX/ppm1_notes.html#anchor_13 After reading that, it'd also be beneficial to review the existing policy that Owen's proposal is attempting to modify: http://www.arin.net/policy/nrpm.html#four6 The question at hand is not whether we like legacy address space or amnesty requests, but whether we like Owen's version of amnesty more or less than the existing policy's. For some of you, that may come down to a decision as to which is "less bad" rather than which is "better", though hopefully if that's your position then you'll submit a competing proposal for the community to consider. S Stephen Sprunk "Those people who think they know everything CCIE #3723 are a great annoyance to those of us who do." K5SSS --Isaac Asimov From bmanning at vacation.karoshi.com Mon Jul 2 16:36:21 2007 From: bmanning at vacation.karoshi.com (bmanning at vacation.karoshi.com) Date: Mon, 2 Jul 2007 20:36:21 +0000 Subject: [ppml] Policy Proposal: Resource Reclamation Incentives In-Reply-To: <70DE64CEFD6E9A4EB7FAF3A0631410667070F3@mail> References: <46E36065-3BF7-4889-9EAB-C251AF991E25@delong.com> <70DE64CEFD6E9A4EB7FAF3A0631410667070F3@mail> Message-ID: <20070702203621.GA12016@vacation.karoshi.com.> actually, i beleive that ARIN, as a condition in its charter, is to ensure that those who received addresses prior to ARINs existance are treated fairly (and fair is open to debate)... The upshot is that ARIN does have an obligation to these address holders... the long/lean of the argument is that they received their addresses under certain terms and conditions... and forcing changes on those t&c's in a unilateral manner might be problematic. Just like folks who signed up under RSA #5... one might argue that RSA #9 is what holds sway, but the truth is, they signed up to RSA #5 and have not upgraded yet. --bill On Mon, Jul 02, 2007 at 03:04:12PM -0500, Kevin Kargel wrote: > Just a thought, but while it is true that the legacy holders have no > obligation to ARIN (or any other RIR), so ARIN has no obligation to > them. If their IP's were treated as bogon it would certainly change the > status quo. > > > > > -----Original Message----- > > From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On > > Behalf Of Owen DeLong > > Sent: Monday, July 02, 2007 1:27 PM > > To: michael.dillon at bt.com > > Cc: ppml at arin.net > > Subject: Re: [ppml] Policy Proposal: Resource Reclamation Incentives > > > > > > On Jul 2, 2007, at 11:00 AM, wrote: > > > > >> There already _is_ a special class: legacy holders. Counsel has > > >> indicated that all we can do is incent such folks into > > becoming part > > >> of the normal class, not force them into compliance, and this > > >> proposal attempts to use one of the few carrots ARIN has at its > > >> disposal. > > > > > > Who said anything about forcing them? > > > > > In my mind, you did. > > > > > In my view, there is *NO* special class of address holders. Those > > > legacy holders are not a special class, they are either ignorant of > > > the rules or they are blatantly flouting the rules. In either case, > > > they are > > > *NOT* > > > a special class and have no special rights. If it ever came > > to it in > > > the courts, the likelihood is that the courts will once again rule > > > that legacy address holders must comply with the ARIN rules and > > > policies which all other address holders comply with. > > > > > Um, not exactly. They are NOT SUBJECT to the rules. They > > have no contractual relationship with the RIRs and no reason > > to believe they need one. The courts have never ruled that. > > I don't know what makes you think they would rule that way > > again given that they never have. > > > > Steve Ryan has stated that we don't likely have any such case > > against legacy address holders and that we would likely > > loose. When it comes to a legal opinion on this subject, I > > tend to believe Steve before I would believe you. > > > The playing field must be made as level as we can without > > > extraordinary effort. That's why we don't actively take > > legacy holders > > > to court and try to force them to sign the RSA and pay their fare > > > share of the fees. > > > > Actually, I believe the reasons are: > > 1. There isn't enough money in the fees to justify > > the effort. > > 2. We wouldn't be likely to win even if we did (at > > least according > > to Steve Ryan). > > 3. It would be very expensive and time consuming. > > 4. It would also probably create some fairly > > massive publicity > > that would be negative to both sides. > > > > > To do that would be extraordinary effort. But at the same > > time we must > > > not in any way actively provide benefits to those who flout > > the rules > > > and leech off the rest of us. If these organizations are going to > > > continue to flout the rules, I would rather leave them in > > exactly the > > > same state they are today, not provide the benefit of an aggregate > > > allocation. > > > > > I hate to break it to you, but, existing policy provides that > > benefit already. > > This proposal doesn't seek to change that fact. Instead, it > > seeks to provide them some benefit and encouragement to > > RETURN addresses which will benefit the community. Please > > try to look at the issues the policy attempts to address > > instead of continuing down this rathole of other existing > > policies that are already on the books. Please re-read the > > existing NRPM 4.6 and 4.7 and then let's discuss this in > > terms of the changes being proposed instead of how much you > > dislike what is already on the books. > > > > > Also, note that an organization must exert considerable effort to > > > renumber into a new allocation, and the only real reason to > > do that is > > > to be a good network citizen. But if they want to be a good network > > > citizen, then they can simply sign the RSA, start paying membership > > > fees, and turn back any extra addresses that they may have. This is > > > all possible today with no change in policy. > > > > > True, but, obviously, there are reasons it's not happening. > > I know that there are legacy holders with contiguous chunks > > of unused address space. I believe that this policy would > > facilitate them returning more space than current policy. As > > such, I think this policy would put us in a better place than > > we are today. I agree it is not a complete solution, but, my > > measure of good policy change is "Does it put us in a better > > place than we are today?", rather than "Does it solve all > > problems in one fell swoop?" > > > > Owen > > > > _______________________________________________ > > This message sent to you through the ARIN Public Policy > > Mailing List (PPML at arin.net). > > Manage your mailing list subscription at: > > http://lists.arin.net/mailman/listinfo/ppml > > > _______________________________________________ > This message sent to you through the ARIN Public Policy Mailing List > (PPML at arin.net). > Manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml From arin-contact at dirtside.com Mon Jul 2 16:45:58 2007 From: arin-contact at dirtside.com (William Herrin) Date: Mon, 2 Jul 2007 16:45:58 -0400 Subject: [ppml] Policy Proposal: Resource Reclamation Incentives In-Reply-To: <4DD72BCA-F856-407C-9EC2-3152936F55C4@delong.com> References: <371EB4EE-C2FE-46CD-BAF9-DB35937B572A@delong.com> <480dad640706301938geaf4152k9bd9b44163a6abca@mail.gmail.com> <46871609.9060508@internap.com> <5D70BD2F-6117-407E-81D4-6454AE22353A@delong.com> <4DD72BCA-F856-407C-9EC2-3152936F55C4@delong.com> Message-ID: <3c3e3fca0707021345m72030a5ev2c09bad3134fd531@mail.gmail.com> On 7/2/07, Owen DeLong wrote: > That is a far cry from implementing ARIN policies on an existing holder > of resources. I believe the legal term for such an action would be a > "law of ex post facto". Correct me if I am wrong, but, I believe there is > a constitutional prohibition of such things... > > [...] > > No Bill of Attainder or ex post facto Law shall be passed. Owen, That likely isn't relevant. Ex post facto means ARIN can't make a policy saying, "All holders must now pay dues. All legacy holders must pay back dues or lose their space." when no policy was previously in place requiring those dues. It says nothing about whether ARIN must continue to service the implied contracts legacy holders entered with Network Solutions those many years ago. IP addresses are not and have never been understood to be property. All were assigned under a contract, even before the RIR's implemented RSAs. Before the RSA's the contract was implied rather than expressed: give us this form and we agree to provide you with reverse DNS and to generally discourage anyone else from using the respective addresses. One thing to remember about contracts is that all contracts end. No enforceable contract exists in perpetuity. There is always either a specific end date or a specific way for either side to end it. That's no less true of implied contracts than it is of written ones. The lack of specified end conditions for those early contracts does not mean there are none. Usually a failure to specify end conditions means that either side can terminate a contract at will. That being said, ARIN should tread lightly. Consider the following scenario: ARIN scours its records and composes a list of assigned IP addresses under its management which have not signed an RSA and for which no BGP4 route exists in the default-free zone (DFZ). ARIN posts this list prominantly on its web site and asks any registrant who wishes to assert that particular addresses on the list are still in use to fill out a contact update form or lose the addresses. It also sends email and postal mail to the last known addresses for each affected registrant. After 6 months, ARIN ends the registrations and reverse DNS for all listed blocks which haven't submitted a contact update. They publish a last-chance list indicating that the blocks will be reassigned in 6 more months if no contact update is received. Finally, 12 months after the start, ARIN returns the listed legacy addresses to the assignment pool and begins assigning them. They've successfully reclaimed all the IPv4 blocks under their management which are truly defunct. Does this get ARIN in trouble legally? I'm not a lawyer to say for sure, but I'm pretty confident ARIN gets through such a scenario smoothly. I'd also bet that ARIN can get a written opinion from a US DOC attorney that its okay for them to proceed with such a plan. Regards, Bill Herrin -- William D. Herrin herrin at dirtside.com bill at herrin.us 3005 Crane Dr. Web: Falls Church, VA 22042-3004 From randy at psg.com Mon Jul 2 16:56:44 2007 From: randy at psg.com (Randy Bush) Date: Mon, 02 Jul 2007 10:56:44 -1000 Subject: [ppml] Policy Proposal: Resource Reclamation Incentives In-Reply-To: <3c3e3fca0707021345m72030a5ev2c09bad3134fd531@mail.gmail.com> References: <371EB4EE-C2FE-46CD-BAF9-DB35937B572A@delong.com> <480dad640706301938geaf4152k9bd9b44163a6abca@mail.gmail.com> <46871609.9060508@internap.com> <5D70BD2F-6117-407E-81D4-6454AE22353A@delong.com> <4DD72BCA-F856-407C-9EC2-3152936F55C4@delong.com> <3c3e3fca0707021345m72030a5ev2c09bad3134fd531@mail.gmail.com> Message-ID: <4689668C.3040502@psg.com> William Herrin wrote: > It says nothing about whether ARIN must continue to service the > implied contracts legacy holders entered with Network Solutions those > many years ago. see last bullet on slide 9 of , the promise arin made to usg and the community on formation randy From bicknell at ufp.org Mon Jul 2 16:59:20 2007 From: bicknell at ufp.org (Leo Bicknell) Date: Mon, 2 Jul 2007 16:59:20 -0400 Subject: [ppml] Policy Proposal: Resource Reclamation Incentives In-Reply-To: <20070702203621.GA12016@vacation.karoshi.com.> References: <46E36065-3BF7-4889-9EAB-C251AF991E25@delong.com> <70DE64CEFD6E9A4EB7FAF3A0631410667070F3@mail> <20070702203621.GA12016@vacation.karoshi.com.> Message-ID: <20070702205920.GA14067@ussenterprise.ufp.org> In a message written on Mon, Jul 02, 2007 at 08:36:21PM +0000, bmanning at vacation.karoshi.com wrote: > ARIN does have an obligation to these address holders... the long/lean of > the argument is that they received their addresses under certain > terms and conditions... and forcing changes on those t&c's in a > unilateral manner might be problematic. Just like folks who signed Or not. Some of us registered our domain names back at a time when they were free. At some point NSF/NSI decided we should pay a yearly fee, and simply started charging it. There was no revolt. APNIC passed a policy (prop-018) that required all legacy space holders in that region to sign a service agreement and cryptographically protect their resource records. There was no revolt. Let's put the cards on the table. If ARIN were to pass a policy "All legacy holders must sign an RSA by December 31, 2008 or their entries will be removed from whois and in-addr.arpa." who would sue? And yes, I mean sue because I'm sure a number of people would complain that they had to do it, but who thinks they have a strong enough case, and that it's worth spending $200k on court costs rather than agreeing to a $100 per year fee? Legacy holders WILL NEVER like being brought into the system. If I had a legacy assignment I would hold out as long as possible, and throw up every bit of FUD I could find. But at the end of the day I'd know I should be part of the system, and that it's far cheaper and easier to be a part of the system then to rebel. I am in support of Owens polcy in general, with the one issue being the one I've already posted -- nothing new from ARIN without a signed RSA. However this carrot, such as it is, should be followed up with a stick, weilded as gently as possible. -- Leo Bicknell - bicknell at ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ Read TMBG List - tmbg-list-request at tmbg.org, www.tmbg.org -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available URL: From bicknell at ufp.org Mon Jul 2 17:15:00 2007 From: bicknell at ufp.org (Leo Bicknell) Date: Mon, 2 Jul 2007 17:15:00 -0400 Subject: [ppml] Policy Proposal: Resource Reclamation Incentives In-Reply-To: <4689668C.3040502@psg.com> References: <371EB4EE-C2FE-46CD-BAF9-DB35937B572A@delong.com> <480dad640706301938geaf4152k9bd9b44163a6abca@mail.gmail.com> <46871609.9060508@internap.com> <5D70BD2F-6117-407E-81D4-6454AE22353A@delong.com> <4DD72BCA-F856-407C-9EC2-3152936F55C4@delong.com> <3c3e3fca0707021345m72030a5ev2c09bad3134fd531@mail.gmail.com> <4689668C.3040502@psg.com> Message-ID: <20070702211500.GB14067@ussenterprise.ufp.org> In a message written on Mon, Jul 02, 2007 at 10:56:44AM -1000, Randy Bush wrote: > see last bullet on slide 9 of > , the promise arin made to > usg and the community on formation The bullet Randy is talking about is: * Current and old allocations and their DNS will be maintained with no policy changes I think we've all had it drilled into our heads enough by the ARIN Board and Staff that "Fees are not policy", and "The RSA is not policy." I don't believe making them sign an RSA or pay a fee would violate this bullet point. This might have impact on other things, like reclaiming addresses. -- Leo Bicknell - bicknell at ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ Read TMBG List - tmbg-list-request at tmbg.org, www.tmbg.org -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available URL: From Keith at jcc.com Mon Jul 2 17:50:46 2007 From: Keith at jcc.com (Keith W. Hare) Date: Mon, 2 Jul 2007 17:50:46 -0400 Subject: [ppml] Policy Proposal: Resource Reclamation Incentives Message-ID: <57000a053a533846807a83ab7f7c84aa46897342@jcc.com> As one of "them", I think Leo Bicknell is probably correct. My company would probably not make a big stink about paying a small annual fee for our legacy IPv4 /24, as long as signing the current RSA didn't impact our IPv4 /24. While Owen DeLong's proposed changes to the Resource Reclamation policy are unlikely to directly affect my company, his approach and attitude are more likely to convince me to join the ARIN process then the "legacy holders are evil" attitude I've seen in other messages. Keith ______________________________________________________________ Keith W. Hare JCC Consulting, Inc. keith at jcc.com 600 Newark Road Phone: 740-587-0157 P.O. Box 381 Fax: 740-587-0163 Granville, Ohio 43023 http://www.jcc.com USA ______________________________________________________________ -----Original Message----- From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On Behalf Of Leo Bicknell Sent: Monday, July 02, 2007 5:15 PM To: ppml at arin.net Subject: Re: [ppml] Policy Proposal: Resource Reclamation Incentives In a message written on Mon, Jul 02, 2007 at 10:56:44AM -1000, Randy Bush wrote: > see last bullet on slide 9 of > , the promise arin made to > usg and the community on formation The bullet Randy is talking about is: * Current and old allocations and their DNS will be maintained with no policy changes I think we've all had it drilled into our heads enough by the ARIN Board and Staff that "Fees are not policy", and "The RSA is not policy." I don't believe making them sign an RSA or pay a fee would violate this bullet point. This might have impact on other things, like reclaiming addresses. -- Leo Bicknell - bicknell at ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ Read TMBG List - tmbg-list-request at tmbg.org, www.tmbg.org From martin.hannigan at batelnet.bs Tue Jul 3 10:07:06 2007 From: martin.hannigan at batelnet.bs (Martin Hannigan) Date: Tue, 03 Jul 2007 10:07:06 -0400 Subject: [ppml] Policy Proposal: Resource Reclamation Incentives Message-ID: <468a580a.222.4ae3.26333@batelnet.bs> ----- Original Message ----- From: Leo Bicknell To: PPML at arin.net Subject: Re: [ppml] Policy Proposal: Resource Reclamation Incentives Date: Mon, 2 Jul 2007 16:59:20 -0400 > In a message written on Mon, Jul 02, 2007 at 08:36:21PM > > +0000, bmanning at vacation.karoshi.com wrote: ARIN does > have an obligation to these address holders... the > > long/lean of the argument is that they received their > > addresses under certain terms and conditions... and > > forcing changes on those t&c's in a unilateral manner > might be problematic. Just like folks who signed > > Or not. > > Some of us registered our domain names back at a time when > they were free. At some point NSF/NSI decided we should > pay a yearly fee, and simply started charging it. There > was no revolt. There was no pending shortage either, and I seem to recall an outcry when NSI implemented fees. I had to dig for $5. We are magnitudes more users at this time so if domain names were free today and the same thing happened, there would be a riot. It's fair to say we had the equivalent riot back then. [ clip ] > Let's put the cards on the table. If ARIN were to pass a > policy "All legacy holders must sign an RSA by December 31 > , 2008 or their entries will be removed from whois and > in-addr.arpa." who would sue? AT&T? Ford? Level(3)? Apple? Haliburton? > And yes, I mean sue because > I'm sure a number of people would complain that they had > to do it, but who thinks they have a strong enough case, > and that it's worth spending $200k on court costs rather > than agreeing to a $100 per year fee? I'm not a lawyer so I can't comment as to whether anyone has a case or not, but I can say that I believe that legacy IP address space is property in some instances. That is the issue isn't it? It's not about signing the RSA, it's about giving up rights. You sign the RSA, you give up rights. It's not about $100.00 Let's look at a few: 014/8 Jun 91 IANA - Public Data Network IANA is working on this one, it's a public x.25 network, from what I understand. 034/8 Mar 93 Halliburton Company Good luck with making them sign an RSA. 035/8 Apr 94 MERIT Computer Network NANOG, take this one 'just because'. 038/8 Sep 94 Performance Systems International Cogent. Blood. Stone. 045/8 Jan 95 Interop Show Network Now here's one to go after. Now we have "two" low hangers. Reclamation is not as simple as it looks. *I don't support Owen's policy*, but I support the intent. Amnesty is a one shot deal, not a stop at the drive through convenience store dropping off a token /20 for a bottle deposit refund every now and then. We could consider creating a class of reclamation around 'inherited' space and start there. We are far less likely to be tied down by entities who have taken space from defunct companies or through slipping into their domain name. Let's start with the people who have obviously gotten space nefariously, regardless of whether it's in use or not. Components of an amnesty I would support: - time limited - "as is" - by class inherited - less lenient, but case by case legacy /8 - much more liberal other - to be defined -M< From bicknell at ufp.org Tue Jul 3 10:39:44 2007 From: bicknell at ufp.org (Leo Bicknell) Date: Tue, 3 Jul 2007 10:39:44 -0400 Subject: [ppml] Policy Proposal: Resource Reclamation Incentives In-Reply-To: <468a580a.222.4ae3.26333@batelnet.bs> References: <468a580a.222.4ae3.26333@batelnet.bs> Message-ID: <20070703143944.GA77690@ussenterprise.ufp.org> In a message written on Tue, Jul 03, 2007 at 10:07:06AM -0400, Martin Hannigan wrote: > AT&T? Ford? Level(3)? Apple? Haliburton? Two of three already have signed RSA's (I assume). AT&T and Level(3) both have a large number of blocks they got by buying companies that formed post-ARIN, and so they got the RSA's with them. If you in herit an RSA, does it cover your legacy space as well? > I'm not a lawyer so I can't comment as to whether anyone has > a case or not, but I can say that I believe that legacy IP > address space is property in some instances. That is the > issue isn't it? It's not about signing the RSA, it's about > giving up rights. You sign the RSA, you give up rights. It's > not about $100.00 I haven't seen anyone make a formal argument it's property. Legacy owners seem concerned about two things: - Fees. - That they not be subjected to the policy requirements for the space. That is, 80%, 50%, or whatever utilization numbers. - Specifically, that their space cannot be revoked for failing to use it. Note, if you want to transfer your block to someone legally (via ARIN), the transfer guidelines page clearly states that the new owner must sign the RSA and abide by all policies. That is, if there is an implied contract with legacy space it's non-transferable. > Reclamation is not as simple as it looks. *I don't support > Owen's policy*, but I support the intent. Amnesty is a one > shot deal, not a stop at the drive through convenience store > dropping off a token /20 for a bottle deposit refund every > now and then. While Owen's policy has "Reclamation" in the title, it doesn't appear to me it actually encourages reclamation that much. Sure, it allows it to happen, but we already have an amnesty program that allows it to happen. Rather, it appears to me he has three intents: - Entice people into the RIR system by giving them more favorable terms. (Sign an RSA, pay fees.)w - Turn in your existing bucket of disjoint small netblocks for one large, aggregateable netblock. - Returning address space reduces your fees to provide some incentive. So if I have 16 disjoint /24's in the swamp taking up 16 routing slots I can turn them back in for a /20 and take up one routing slot. Sure, there's a carrot in there to reclaim space, but I can't imagine anyone thinks this will get someone to return a /8. Rather than call it the "Legacy Outreach and Partial Reclamation" policy I think it might be better termed the "Legacy Outreach and Aggregation" policy. -- Leo Bicknell - bicknell at ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ Read TMBG List - tmbg-list-request at tmbg.org, www.tmbg.org -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available URL: From kloch at kl.net Tue Jul 3 11:01:19 2007 From: kloch at kl.net (Kevin Loch) Date: Tue, 03 Jul 2007 11:01:19 -0400 Subject: [ppml] Policy Proposal: Resource Reclamation Incentives In-Reply-To: <468a580a.222.4ae3.26333@batelnet.bs> References: <468a580a.222.4ae3.26333@batelnet.bs> Message-ID: <468A64BF.6040402@kl.net> Martin Hannigan wrote: > > ----- Original Message ----- > From: Leo Bicknell >> Some of us registered our domain names back at a time when >> they were free. At some point NSF/NSI decided we should >> pay a yearly fee, and simply started charging it. There >> was no revolt. > > There was no pending shortage either, and I seem to recall > an outcry when NSI implemented fees. I had to dig for $5. We > are magnitudes more users at this time so if domain names > were free today and the same thing happened, there would be > a riot. It's fair to say we had the equivalent riot back > then. > It stuck because they had the full support of the US Govt to do it. A $1/yr per address block, or other similar low flat rate fee would shake out the 'ghost' registrants and would be beneficial to everyone. Anything aimed at reclaiming inefficiently used legacy space would be going against the promise to maintain the status quo. - Kevin From michael.dillon at bt.com Tue Jul 3 11:06:09 2007 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Tue, 3 Jul 2007 16:06:09 +0100 Subject: [ppml] Policy Proposal: Resource Reclamation Incentives In-Reply-To: <20070703143944.GA77690@ussenterprise.ufp.org> References: <468a580a.222.4ae3.26333@batelnet.bs> <20070703143944.GA77690@ussenterprise.ufp.org> Message-ID: > - Specifically, that their space cannot be revoked for > failing to use > it. That is going to be intractable as we get closer to IPv4 exhaustion. When ISP X is facing losses of millions of dollars due to the fact that ARIN has no more addresses to give, and it is known that ISP Y has an unused hoard, then what happens. Perhaps ISP X simply "borrows" ISP Y's hoard. Will Y go to court and argue that X can't do that because ARIN's whois shows that these are Y's addresses? Will X argue that Y has no right to addresses because they are not an ARIN member and have no contract with ARIN, therefore no expectation of service from ARIN? Will the court revoke all of Y's addresses? Will the court order Y to return unused addresses to ARIN because they are, by proxy, causing ARIN to materially damage X's business? The complexity makes your head spin. In general, courts are supposed to be a last resort after the parties have sat down, discussed the issue, and tried to hammer out an agreement. Can Y really be said to have done this if Y has not joined ARIN, signed the RSA, returned excessive unused addresses and made and honest attempt to comply with ARIN policy? ARIN is not just a 3rd party here; ARIN is the forum in which all parties come together and hammer out the mutual agreement to shared these limited resources. Organizations which do not enagage with each other in ARIN are the rogues who refuse to negotiate. It's hard to predict the legal outcomes but one thing is certain, any organizations which persist in refusing to join ARIN will suffer the consequences of a lot of negative publicity as we get closer to IPv4 exhaustion. Even if they don't don the black hat and get involved in a court case, these organizations will be tarred with a nasty brush. In particular the larger ones with class A and B allocations because one would expect them to have the most capability for implementing IPv6 and reducing their consumption of IPv4 addresses. > - Turn in your existing bucket of disjoint small netblocks for > one large, aggregateable netblock. Hmmm... Thought experiment. Entity A has acquired 300 class C address blocks. None of these are used at all, just acquired. Entity A goes to ARIN and turns in their 300 class C's in return for a /16 which is 256 /24 equivalents, therefore it is less than their original hoard. Now Entity A markets itself to organizations who are concerned about the pending IPv4 shortage. They manage to rake in 6 figures for their shell company and the buyer gets a /16 to use. Sale is timed to close shortly after the buyer gets their next ARIN allocation. Obviously this could only occur if Entity A does not have to fully justify their space. Currently the wording of the policy does allow for this loophole. I can't help but think that we would make better policy if we started out with use-cases and requirements rather than diving straight into the specific text of a policy. --Michael Dillon From owen at delong.com Tue Jul 3 11:07:08 2007 From: owen at delong.com (Owen DeLong) Date: Tue, 3 Jul 2007 08:07:08 -0700 Subject: [ppml] Policy Proposal: Resource Reclamation Incentives In-Reply-To: <20070703143944.GA77690@ussenterprise.ufp.org> References: <468a580a.222.4ae3.26333@batelnet.bs> <20070703143944.GA77690@ussenterprise.ufp.org> Message-ID: On Jul 3, 2007, at 7:39 AM, Leo Bicknell wrote: > In a message written on Tue, Jul 03, 2007 at 10:07:06AM -0400, > Martin Hannigan wrote: >> AT&T? Ford? Level(3)? Apple? Haliburton? > > Two of three already have signed RSA's (I assume). AT&T and Level(3) > both have a large number of blocks they got by buying companies > that formed post-ARIN, and so they got the RSA's with them. If you > in herit an RSA, does it cover your legacy space as well? > Even if an organization has signed an RSA covering other resources, I'm not sure that means they would be willing to bring their legacy space under that agreement. There is a difference between an organization being willing to sign an RSA for new resources and an organization being willing to give up perceived rights in resources they have held since before ARIN existed. > I haven't seen anyone make a formal argument it's property. Legacy > owners seem concerned about two things: > > - Fees. > - That they not be subjected to the policy requirements for the space. > That is, 80%, 50%, or whatever utilization numbers. > - Specifically, that their space cannot be revoked for failing to > use > it. > While nobody has made that argument formally (except Martin at this point), it might not be as easily dismissed as we would hope. I don't agree with Martin on the property status (it's hard for me to imagine a law which provides for the ownership of integers), but, it's not hard for me to imagine lawyers convincing a judge that IP addresses are property. I think that for most legacy holders, the "Fees" issue is a matter of principle or a minor issue. I think that the real issues from the legacy holder perspective are: - I don't get any benefit from signing an RSA - It subjects me to policies that could force me to renumber - It subjects me to policies that could change at any time - It potentially limits my options in terms of what I can do with my address space - It costs me money GIven the first bullet point, any one of the latter bullet points is pretty much a no-brainer to say no to the existing RSA. We really don't have a way to change the first bullet point, so, all we can do is work on reducing or eliminating the negativity of the others. > Note, if you want to transfer your block to someone legally (via > ARIN), the transfer guidelines page clearly states that the new > owner must sign the RSA and abide by all policies. That is, if > there is an implied contract with legacy space it's non-transferable. > Right... I fully agree with this. >> Reclamation is not as simple as it looks. *I don't support >> Owen's policy*, but I support the intent. Amnesty is a one >> shot deal, not a stop at the drive through convenience store >> dropping off a token /20 for a bottle deposit refund every >> now and then. > > While Owen's policy has "Reclamation" in the title, it doesn't > appear to me it actually encourages reclamation that much. Sure, > it allows it to happen, but we already have an amnesty program that > allows it to happen. Rather, it appears to me he has three intents: > I think it provides some encouragement towards reclamation. I think that gentle reclamation efforts allowing people to return address space in whatever size chunks they are willing to and on whatever timetable they are willing to is more likely to result in reclamation than policies which attempt to force the issue. While I can understand Martin's desire to have reclamation happen as a one-shot deal, I don't think that as many organizations will sign on for it under those terms. For the ones that would, my policy doesn't really provide any advantage to returning things a /20 at a time. If you return 10 /20s day 1, you get 20 years of fee waivers (if you are subject to fees). If you return a /20 every other year, then, if the policy doesn't get changed for 10 years, you get the same result, but, you face the risk that the policy could change along the way. > - Entice people into the RIR system by giving them more favorable > terms. (Sign an RSA, pay fees.) Yes. > - Turn in your existing bucket of disjoint small netblocks for > one large, aggregateable netblock. Sort of. My policy allows this, but, for the most part, these situations would fall under existing 4.7. My policy only applies in cases where the new aggregate netblock is smaller than the sum of the existing netblocks being turned in. > - Returning address space reduces your fees to provide some incentive. > Correct. > So if I have 16 disjoint /24's in the swamp taking up 16 routing > slots I can turn them back in for a /20 and take up one routing > slot. > That would fall more under 4.7 than my policy. If you had 20 disjoint /24s, then, replacing them with a /20 would fall under this policy and get you 1 year of fee waivers. > Sure, there's a carrot in there to reclaim space, but I can't imagine > anyone thinks this will get someone to return a /8. > I don't think it will get someone to return a /8. I do think it might get some /8 holders to return a /12 or a few /16s or some /20s, etc. > Rather than call it the "Legacy Outreach and Partial Reclamation" > policy I think it might be better termed the "Legacy Outreach and > Aggregation" policy. > I think Aggregation is more the purview of 4.7. I did want to maximize aggregation as part of my policy, but, it is not a primary goal. Owen From owen at delong.com Tue Jul 3 11:20:11 2007 From: owen at delong.com (Owen DeLong) Date: Tue, 3 Jul 2007 08:20:11 -0700 Subject: [ppml] Policy Proposal: Resource Reclamation Incentives In-Reply-To: References: <468a580a.222.4ae3.26333@batelnet.bs> <20070703143944.GA77690@ussenterprise.ufp.org> Message-ID: <964FA559-B941-4ED0-9CB5-682D799CA63D@delong.com> > >> - Turn in your existing bucket of disjoint small netblocks for >> one large, aggregateable netblock. > > Hmmm... Thought experiment. > Entity A has acquired 300 class C address blocks. None of these are > used > at all, just acquired. Entity A goes to ARIN and turns in their 300 > class C's in return for a /16 which is 256 /24 equivalents, > therefore it > is less than their original hoard. Now Entity A markets itself to > organizations who are concerned about the pending IPv4 shortage. They > manage to rake in 6 figures for their shell company and the buyer > gets a > /16 to use. Sale is timed to close shortly after the buyer gets their > next ARIN allocation. > Obviously this could only occur if Entity A does not have to fully > justify their space. Currently the wording of the policy does allow > for > this loophole. > While it's true that my proposal does not close this loophole, I'll point out that the existing 4.6 and 4.7 actually allow this person to get a /15 to sell instead of a /16, so, I still think that the proposal is an improvement over the current state. Not one of your arguments against my proposal has mentioned a flaw that is not already present in existing policy. As such, I think that my proposal is still an improvement over existing policy. Owen From martin.hannigan at batelnet.bs Tue Jul 3 11:25:32 2007 From: martin.hannigan at batelnet.bs (Martin Hannigan) Date: Tue, 03 Jul 2007 11:25:32 -0400 Subject: [ppml] Policy Proposal: Resource Reclamation Incentives Message-ID: <468a6a6c.de.4dfc.22519@batelnet.bs> ----- Original Message ----- From: Leo Bicknell To: Martin Hannigan Cc: PPML at arin.net Subject: Re: [ppml] Policy Proposal: Resource Reclamation Incentives Date: Tue, 3 Jul 2007 10:39:44 -0400 > In a message written on Tue, Jul 03, 2007 at 10:07:06AM > > -0400, Martin Hannigan wrote: [ I dont feel like arguing legal points, nothing personal ] > > Reclamation is not as simple as it looks. *I don't > > support Owen's policy*, but I support the intent. > > Amnesty is a one shot deal, not a stop at the drive > > through convenience store dropping off a token /20 for a > > bottle deposit refund every now and then. > > While Owen's policy has "Reclamation" in the title, it > doesn't appear to me it actually encourages reclamation > that much. Sure, it allows it to happen, but we already > have an amnesty program that allows it to happen. Rather, > it appears to me he has three intents: His policy is amnesty as well since it uses fees as the proverbial carrot, IMHO. > > - Entice people into the RIR system by giving them more > favorable > terms. (Sign an RSA, pay fees.)w I agree with paying fees. I think the problem is the penalization. Without an RSA, there are no terms so entering into one causes a penalty. Softening that penalty doesn't make it any better, but that takes us back in the lawyer arguments surrounding property. > - Turn in your existing bucket of disjoint small netblocks > for > one large, aggregateable netblock. This is good. > - Returning address space reduces your fees to provide > some incentive. I think this is ineffective. > So if I have 16 disjoint /24's in the swamp taking up 16 > routing slots I can turn them back in for a /20 and take > up one routing slot. > > Sure, there's a carrot in there to reclaim space, but I > can't imagine anyone thinks this will get someone to > return a /8. Call that a reality. I would suggest removing anything associated with the IANA registry from the policy to make it better. > > Rather than call it the "Legacy Outreach and Partial > Reclamation" policy I think it might be better termed the > "Legacy Outreach and Aggregation" policy. Sounds better. -M< From stephen at sprunk.org Tue Jul 3 11:53:11 2007 From: stephen at sprunk.org (Stephen Sprunk) Date: Tue, 3 Jul 2007 10:53:11 -0500 Subject: [ppml] Policy Proposal: Resource Reclamation Incentives References: <468a580a.222.4ae3.26333@batelnet.bs> <468A64BF.6040402@kl.net> Message-ID: <014001c7bd8d$e716fbb0$543816ac@atlanta.polycom.com> Thus spake "Kevin Loch" > A $1/yr per address block, or other similar low flat rate fee > would shake out the 'ghost' registrants and would be beneficial > to everyone. As would a policy that directed ARIN to attempt to determine the "liveness" of legacy blocks by checking the BGP tables and making reasonable attempts to reach the last known holder (~50% of which haven't been updated since ARIN's formation). > Anything aimed at reclaiming inefficiently used legacy space > would be going against the promise to maintain the status quo. If you restrict that claim to revocation of legacy space still in use (whether justified or not), I completely agree. I do not believe that asking people to voluntarily return what they're not using is a violation of that promise. One can debate whether reclaiming blocks that aren't "live" (see above) is a violation. S Stephen Sprunk "Those people who think they know everything CCIE #3723 are a great annoyance to those of us who do." K5SSS --Isaac Asimov From sethm at rollernet.us Tue Jul 3 12:23:48 2007 From: sethm at rollernet.us (Seth Mattinen) Date: Tue, 03 Jul 2007 09:23:48 -0700 Subject: [ppml] Policy Proposal: Resource Reclamation Incentives In-Reply-To: <014001c7bd8d$e716fbb0$543816ac@atlanta.polycom.com> References: <468a580a.222.4ae3.26333@batelnet.bs> <468A64BF.6040402@kl.net> <014001c7bd8d$e716fbb0$543816ac@atlanta.polycom.com> Message-ID: <468A7814.3090301@rollernet.us> Stephen Sprunk wrote: > Thus spake "Kevin Loch" >> A $1/yr per address block, or other similar low flat rate fee >> would shake out the 'ghost' registrants and would be beneficial >> to everyone. > > As would a policy that directed ARIN to attempt to determine the "liveness" > of legacy blocks by checking the BGP tables and making reasonable attempts > to reach the last known holder (~50% of which haven't been updated since > ARIN's formation). > Except not all of it is behind a public AS. People usually put more stock in a notice when there's a bill attached. ~Seth From dean at av8.com Tue Jul 3 12:40:45 2007 From: dean at av8.com (Dean Anderson) Date: Tue, 3 Jul 2007 12:40:45 -0400 (EDT) Subject: [ppml] Policy Proposal: Resource Reclamation Incentives In-Reply-To: <468a580a.222.4ae3.26333@batelnet.bs> Message-ID: On Tue, 3 Jul 2007, Martin Hannigan wrote: > > Or not. > > > > Some of us registered our domain names back at a time when > > they were free. At some point NSF/NSI decided we should > > pay a yearly fee, and simply started charging it. There > > was no revolt. > > There was no pending shortage either, and I seem to recall > an outcry when NSI implemented fees. Funny how people forget history. Before the internet was commercialized, it was a government funded research project: Not only was commercial use of the government research network forbidden, but you had to state a research purpose to just to get a connection. In 1989 and 1991, I worked at companies that filled out this paperwork. And it was all paper. If the internet were still a government-funded non-commercial research program, it would still be "free" to register domains, but there would be no commercial use: no spam, no ISPs, no web companies, no google, no nothing; just government research. The NSF/NSI didn't just 'decide' to charge a yearly fee. The Internet was commercialized at the joint agreement of industry and the US government. Commercialization means the Internet wasn't going to be government-funded anymore. Even most idiots realize that Registry services can't be free, so one has to pay for domains, etc. People (the same people it seems) also conveniently "forget" that Usenet, was always commercial, and it was always 'spammed' in the form of announcements of commercial products and services. Indeed, the "UU" in UUnet refers to 'UUCP'. UUnet was a commercial UUCP/Usenet operator before the Internet. UUnet was able to be one of the first ISPs because it was previously a commercial usenet operator. Many other companies like Compuserve were online providers who also pre-dated the internet. These people conveniently "forget" that that thing with the Immigration spam in 1994 was a cancel/repost war between the immigration lawyers and some idiots who tried to impose their own mistaken ideas on Usenet. The immigration lawyers didn't post 5000 messages to annoy people, nor to get people to read their spam 5000 times, as anti-spammer zealots describe the incident. Rather, the immigration lawyers posted 5000 times to override 4999 improper cancels. It was indeed annoying to get 5000 messages (especially tedious at many sites that had already prevented untrusted cancels), but the true fault of that problem was the people who improperly posted the cancels: they had no right to say what was appropriate or not appropriate on usenet. The lawyers who posted the announcment of immigration services had every right to use the commercial usenet network to announce their services; certainly they had as much right to use it as DEC and other companies that announced new products and services on Usenet, because usenet was always commercial. So one wonders how people (junior people, generally) became so confused about both Usenet and the Internet, that they would zealously post such cancels. It makes more sense when you investigate the senior people who were misleading the junior people, and prompting their misbehavior. This subject was just discussed on the DJB dns list, concerning open-rsc.org, which is an alternate root server site. The message below is not written to be responsive to the history issue, but its still relevant to the 'outcry' over NSI, and other dirty tricks of the time. --------------------------- But, I'm a bit dubious about this site. The website is hosted by UltraDNS. You probably already know UltraDNS is one of the Rodney Joffe & Paul Vixie "BIND companies". Joffe is also the guy who runs the spam operation called Whitehat.com. There is some background to this: You've all probably heard of Sanford Wallace (the proto-spammer). Not so well-known is that Sanford Wallace also sold anti-spam software. Wallace created the nuisance and also sold the cure. Most anti-spammer sites just talk about the nuisance side of Wallace, and leave out the anti-spam software he sold. In 1996 or so, Vixie and Joffe just stole Wallace's business plan, founding a blacklist (MAPS) and founding a Spam company (Whitehat), and keeping a very low profile on the connection between them. Joffe is a founder (or board member) of UltraDNS. Vixie, John Levine (now chair of ASRG anti-spam-research-group), and Ray Everett-Church were on the board of Whitehat. Joffe connects Vixie to UltraDNS, but I think there are other connections, too. In January 1998, in an attempted squeeze-out of network solutions for "spamming" NetSol domain contacts with NetSol added services (not something we'd call unsolicited today), Postel, with Vixie and 8 other server operators, tried to take control of the roots. They tried to force out NetSol on the Machiavellian principle of "if you can destroy something, you control it". By taking over the roots, they could destabilize the internet, and forcibly remove NetSol. The government stepped in, and they lost. There is a good book on this episode, entitled "Who Controls the Internet" subtitled "Illusions of a borderless world" by Goldsmith and Wu. Prophetically, open-rsc was formed 18-Dec-1997. A month _before_ Postel tried to take over with Vixie and co. Interested yet? Open-rsc.org is currently seviced by: open-rsc.org. 172800 IN NS mejac.palo-alto.ca.us. open-rsc.org. 172800 IN NS ns1.quasar.net. open-rsc.org. 172800 IN NS ns1.vrx.net. Richard Sexton and Brian Reid founded open-rsc.org. Sexton is VRX.net, and a frequent Nanog poster/Vixie crony. Brian Reid is: NetRange: 192.147.236.0 - 192.147.236.255 CIDR: 192.147.236.0/24 NetName: BKR-HOME-NET NetHandle: NET-192-147-236-0-1 Parent: NET-192-0-0-0-0 NetType: Direct Assignment NameServer: MEJAC.PALO-ALTO.CA.US NameServer: UUCP-GW-1.PA.DEC.COM NameServer: UUCP-GW-2.PA.DEC.COM Comment: RegDate: 1992-02-20 Updated: 1997-06-09 PA.DEC.COM used to be run by Vixie. MEJAC.PALO-ALTO.CA.US is currently hosted by ISC. I think we can say Reid is a Vixie crony, too. And since Vixie is operator of the ICANN F-root, one wonders why Vixie/UltraDNS and co. would be involved in opposing ICANN. Seems to be a bit heretical for the ICANN-approved operator to be doing this. (I can't help but think of the StarWars Count Dooku/Chancellor Palpatine thing). I'll just say there is a long history of various dirty tricks that weren't in anyone's interests but the people selling spam/anti-spam/ancasted-roots. Indeed, makes one wonder if we might know who runs the botnets. There is unquestionably a rich seam of dubious antics for soap-opera and conspiracy writers to write about. That isn't my point, here though. My point is this: the public interest has certainly not been well-served by these antics, nor by the clowns performing the antics. But.... The time may have come for alternate root servers, though. Because on the otherhand, since ICANN allows anycasting DNS roots, breaking TCP and ENDSO replies (in spite of the need to support TCP in the roots), an alternate (and non-anycasted) set of root servers may be a good idea. [The Anycasting of roots was also at Vixie's urging. It allows Vixie and others can sell copies to ISPs for thousands per month. 37+ copies for ISC, 70+ for Verisign, and RIPE doesn't report the number. Last I heard, 6 of 13 root operators are anycasting or planning to do so.] Scalability of the roots would be enhanced by a larger number of non-anycast roots. Anycasted roots (and non-roots) are more vulnerable to DDOS attack, because as one falls over, and the path is withdrawn, more load automatically falls on the remaining servers. If the path isn't withdrawn, the legit users of that server still lose. Anycast is vulnerable to a domino effect. Such a domino effect doesn't occur with hundreds of unique IPs (using the same number of servers). Anycast makes DDoS easier and more effective for the DDoS'r. Anycast works well for that 'we can destroy, so we control' thing they tried in 1998. There is also no need to have optional authority information in the root response. This also allows more than 13 root servers in a standard non-ednso response for the nameservers for "." But this query is usually only run by humans. Autoconfiguration using this query is rare, I think. The hints and caches are not populated this way. In fact, one can have hundreds is unique root servers without putting them all in the hints/cache configuration. All that is necessary is to have a distribution system for the current list, and then select from that for the cache files. I'd say a news server, as DJB suggests, with signed root zone messages would be a good idea. Then root servers just have to be configured to give back a limited number for queries to "." for type NS. If this is done, anyone can run a root server, just by looking at the message with the proper (signed) root zone contents, and telling their customers to put the server in their root hints configuration. This makes the root DNS service invulnerable to DDoS attack. And that, I think, well serves the public interest. --Dean -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000 From stephen at sprunk.org Tue Jul 3 13:36:55 2007 From: stephen at sprunk.org (Stephen Sprunk) Date: Tue, 3 Jul 2007 12:36:55 -0500 Subject: [ppml] Policy Proposal: Resource Reclamation Incentives References: <468a580a.222.4ae3.26333@batelnet.bs> <468A64BF.6040402@kl.net><014001c7bd8d$e716fbb0$543816ac@atlanta.polycom.com> <468A7814.3090301@rollernet.us> Message-ID: <03f501c7bd9a$c080aca0$543816ac@atlanta.polycom.com> Thus spake "Seth Mattinen" > Stephen Sprunk wrote: >> Thus spake "Kevin Loch" >>> A $1/yr per address block, or other similar low flat rate fee >>> would shake out the 'ghost' registrants and would be beneficial >>> to everyone. >> >> As would a policy that directed ARIN to attempt to determine >> the "liveness" of legacy blocks by checking the BGP tables >> and making reasonable attempts to reach the last known >> holder (~50% of which haven't been updated since ARIN's >> formation). > > Except not all of it is behind a public AS. People usually put more > stock in a notice when there's a bill attached. If no portion of the block appears in the DFZ, then ARIN would attempt to contact the last known holder (and any likely successors in interest) to ask if the block was in private use. If they were unable to get any response, or if the response was negative, then it would be assumed to be dead and subject to reclamation. If the response were positive, ARIN could suggest they update their contact information to keep WHOIS current. There is no need to send a bill, and I am doubtful that people will respond more positively to a bill than to a polite email or telephone call. I would expect a bill appearing out of nowhere to get stuck in the accounting and/or legal departments -- not IT, which is who we really want to hear from. S Stephen Sprunk "Those people who think they know everything CCIE #3723 are a great annoyance to those of us who do." K5SSS --Isaac Asimov From dean at av8.com Tue Jul 3 13:55:44 2007 From: dean at av8.com (Dean Anderson) Date: Tue, 3 Jul 2007 13:55:44 -0400 (EDT) Subject: [ppml] Policy Proposal: Resource Reclamation Incentives In-Reply-To: Message-ID: On Tue, 3 Jul 2007, Owen DeLong wrote: > I don't agree with Martin on the property status (it's hard > for me to imagine a law which provides for the ownership of > integers), but, it's not hard for me to imagine lawyers convincing > a judge that IP addresses are property. It's not the integers that would be owned, but what the integers represent. Perhaps you think you own a house. Specifically, you own a piece of paper (a deed) which has some numbers (property coordinates). The deed gives you some legal rights to do things at a place identified by the numbers on the deed. That is what ownership means. Ownership of IPs would simply give you rights to do certain things on the public internet. However, I'm not saying I support this. I'm just saying that arguments that somehow the notion is invalid don't stand up. Presently, one has essentially a lease to IP addresses. The question of ownership of IP's is similar to the question of ownership of land. I suspect the question could be addressed by a comparision between land (or deeded property) and IP addresses. Registration. For both, one needs to fund a registry. (taxes on land or fees on IP addresses) Maintenance. Land requires maintenance. Ownership of land promotes improvements based on pride in ownership. IP addresses don't require maintenance. Economic development. Land sales promote economic development. Banks loan money to buy land. IP sales won't promote economic development. Banks probably won't loan money to buy IP addresses. The main issue is orderly use of IP addresses. A central registry is required for this order, and is all that is required. So, I'm thinking that the current method of leasing is basically sufficient. I'm a little concerned about cases like Kremen, and that the Registries may think they aren't subject to the law. The Kremen case is pretty simple: Cohen had a favorable contract with ARIN. A contract is an asset. Cohen lost a substantial suit to Kremen, and, as compensation, the court awarded Cohen's favorable contract to Kremen. This remedy is no different from Goldman getting O.J. Simpson's assets: the rights to O.J.'s book, etc. There is no reason that ARIN can't perform for Kremen the exactly same as it peformed for Cohen. Performance for ARIN is just changing a record of assignment. Performance is done by a database change and appropriate paperwork. So ARIN's opposition to that doing that performance seems most unreasonable. ARIN has already had opportunity to claim that it cannot perform, and the court has already rejected that claim, yet ARIN still refuses to perform the court order. There seems to be no justification for that refusal. So I can't blame a court that throws the book at ARIN, and I have to wonder about ARIN management. --Dean -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000 From randy at psg.com Tue Jul 3 14:00:16 2007 From: randy at psg.com (Randy Bush) Date: Tue, 03 Jul 2007 08:00:16 -1000 Subject: [ppml] Policy Proposal: Resource Reclamation Incentives In-Reply-To: <03f501c7bd9a$c080aca0$543816ac@atlanta.polycom.com> References: <468a580a.222.4ae3.26333@batelnet.bs> <468A64BF.6040402@kl.net><014001c7bd8d$e716fbb0$543816ac@atlanta.polycom.com> <468A7814.3090301@rollernet.us> <03f501c7bd9a$c080aca0$543816ac@atlanta.polycom.com> Message-ID: <468A8EB0.1040405@psg.com> > If no portion of the block appears in the DFZ, then ARIN would attempt to > contact the last known holder (and any likely successors in interest) to ask > if the block was in private use. If they were unable to get any response, > or if the response was negative, then it would be assumed to be dead and > subject to reclamation. and three years later, the holder decides to announce and it becomes lawyerville. there is a root problem. rightly or wrongly, folk were given space with what we would consider today to be insufficient constraints on contact, fees. justification of need, ... that was a contract, whether we like it or not. the world has changed. we would like to change those contracts. well, we're gonna have to *negotiate* that. and acting unilaterally or arbitrarily will only polarize and make a mess we just don't need. randy From kloch at kl.net Tue Jul 3 16:45:50 2007 From: kloch at kl.net (Kevin Loch) Date: Tue, 03 Jul 2007 16:45:50 -0400 Subject: [ppml] Policy Proposal: Resource Reclamation Incentives In-Reply-To: <468A8EB0.1040405@psg.com> References: <468a580a.222.4ae3.26333@batelnet.bs> <468A64BF.6040402@kl.net><014001c7bd8d$e716fbb0$543816ac@atlanta.polycom.com> <468A7814.3090301@rollernet.us> <03f501c7bd9a$c080aca0$543816ac@atlanta.polycom.com> <468A8EB0.1040405@psg.com> Message-ID: <468AB57E.1010907@kl.net> Randy Bush wrote: > and three years later, the holder decides to announce and it becomes > lawyerville. > > there is a root problem. rightly or wrongly, folk were given space with > what we would consider today to be insufficient constraints on contact, > fees. justification of need, ... that was a contract, whether we like > it or not. > > the world has changed. we would like to change those contracts. well, > we're gonna have to *negotiate* that. and acting unilaterally or > arbitrarily will only polarize and make a mess we just don't need. Legacy domain names were also free and free from any annual renewal requirement. That was changed without any negotiation that I can remember. Couldn't that same political process be used to convert legacy address registrations to an annual renewal system? Maybe they lawyers could answer this: What IS the legal difference between legacy address space and legacy domain names? - Kevin From owen at delong.com Tue Jul 3 17:18:01 2007 From: owen at delong.com (Owen DeLong) Date: Tue, 3 Jul 2007 14:18:01 -0700 Subject: [ppml] Policy Proposal: Resource Reclamation Incentives In-Reply-To: <468AB57E.1010907@kl.net> References: <468a580a.222.4ae3.26333@batelnet.bs> <468A64BF.6040402@kl.net><014001c7bd8d$e716fbb0$543816ac@atlanta.polycom.com> <468A7814.3090301@rollernet.us> <03f501c7bd9a$c080aca0$543816ac@atlanta.polycom.com> <468A8EB0.1040405@psg.com> <468AB57E.1010907@kl.net> Message-ID: > > Legacy domain names were also free and free from any annual > renewal requirement. That was changed without any negotiation > that I can remember. Couldn't that same political process > be used to convert legacy address registrations to an annual > renewal system? > Here's the thing... Domain names don't function without DNS. IP Assignments function reasonably well without DNS although not having reverse DNS can be an inconvenience. Usually it is not inconvenient to the address holder for the most part, however. > Maybe they lawyers could answer this: What IS the legal difference > between legacy address space and legacy domain names? > I don't know about the legal difference, but, operationally, I would say dependencies and the agreements/statements made at the time the RIRs were created. Owen > - Kevin > _______________________________________________ > This message sent to you through the ARIN Public Policy Mailing List > (PPML at arin.net). > Manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml From tedm at ipinc.net Tue Jul 3 17:28:08 2007 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Tue, 3 Jul 2007 14:28:08 -0700 Subject: [ppml] Policy Proposal: Resource Reclamation Incentives In-Reply-To: Message-ID: >-----Original Message----- >From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net]On Behalf Of >Dean Anderson > >There is no reason that ARIN can't perform for Kremen the exactly same >as it peformed for Cohen. Performance for ARIN is just changing a record >of assignment. Performance is done by a database change and appropriate >paperwork. So ARIN's opposition to that doing that performance seems >most unreasonable. ARIN has already had opportunity to claim that it >cannot perform, and the court has already rejected that claim, yet ARIN >still refuses to perform the court order. There seems to be no >justification for that refusal. So I can't blame a court that throws >the book at ARIN, and I have to wonder about ARIN management. I don't. What ARIN is doing is not national-specific and lawsuits regarding it properly belong in the World Court, which is a body created to address these international legal problems. There are MANY national courts that make rulings against people and companies, that are regularly ignored by those companies and people. Everything from what's-his-name being considered a criminal in India for publically kissing a girl, to Iran ruling that some other guy be put to death for some book he published. And shall I get into the rulings out of Germany that make it illegal to talk about Hitler and Naziism? Which are ignored in the US routinely? A US court has no jurisdiction over North America. ARIN is not assigning IP numbers for the US, they are assigning them for North America. Ted From tedm at ipinc.net Tue Jul 3 17:28:34 2007 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Tue, 3 Jul 2007 14:28:34 -0700 Subject: [ppml] Policy Proposal: Resource Reclamation Incentives In-Reply-To: <468A8EB0.1040405@psg.com> Message-ID: >-----Original Message----- >From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net]On Behalf Of >Randy Bush > >there is a root problem. rightly or wrongly, folk were given space with >what we would consider today to be insufficient constraints on contact, >fees. justification of need, ... that was a contract, whether we like >it or not. > >the world has changed. we would like to change those contracts. well, >we're gonna have to *negotiate* that. and acting unilaterally or >arbitrarily will only polarize and make a mess we just don't need. > I don't oppose negotiation. But the idea to give the legacy holders new IP addressing in perpetuity for free, without signing an RSA, is not negotiation. It's merely taking a bad situation of questionable legality and codifying it. Ted From tedm at ipinc.net Tue Jul 3 17:37:52 2007 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Tue, 3 Jul 2007 14:37:52 -0700 Subject: [ppml] IPv4 "Up For Grabs" proposal Message-ID: Hi All, What do you all think of the following proposal idea: 1) When all unallocated IPv4 has been exhausted, the RIR's shall review IP utilization yearly and shall determine when more than 20% of IPv4 holders are dual-stacked and advertising IPv6 2) When the 20% point has been passed, all RIR's shall remove all whois and reverse IP records for IPv4 blocks that are assigned to organizations which have NOT signed an RSA with an RIR for that space Legacy holders can sign an RSA at any point beyond this time and gain whois and reverse assignment records back with an RIR 3) IPv4 space not recorded in an RIR shall be considered "Up for Grabs" No RIR shall assign it, and no RIR shall retain recording assignments of it except that which a legacy holder decides to bring under RSA. 4) "Up for Grabs" IP space will be usable by any organization needing IPv4 numbering. None of the RIR's will provide any sort of mediation between competing organizations wanting to use the same IPv4 space, except for that provided for in #2 Ted Mittelstaedt From william at elan.net Tue Jul 3 18:52:48 2007 From: william at elan.net (william(at)elan.net) Date: Tue, 3 Jul 2007 15:52:48 -0700 (PDT) Subject: [ppml] IPv4 "Up For Grabs" proposal In-Reply-To: References: Message-ID: Lets not make a wildwest show in ip routing of IPv4 space please! On Tue, 3 Jul 2007, Ted Mittelstaedt wrote: > > Hi All, > > What do you all think of the following proposal idea: > > 1) When all unallocated IPv4 has been exhausted, the RIR's shall review IP > utilization yearly and shall determine when > more than 20% of IPv4 holders are dual-stacked and advertising IPv6 > > 2) When the 20% point has been passed, all RIR's shall remove all > whois and reverse IP records for IPv4 blocks that are assigned to > organizations which have NOT signed an RSA with an RIR for that space > > Legacy holders can sign an RSA at any point beyond this time and > gain whois and reverse assignment records back with an RIR > > 3) IPv4 space not recorded in an RIR shall be considered "Up for Grabs" > No RIR shall assign it, and no RIR shall retain recording assignments of it > except that which a legacy holder decides to bring under RSA. > > 4) "Up for Grabs" IP space will be usable by any organization needing > IPv4 numbering. None of the RIR's will provide any sort of mediation > between competing organizations wanting to use the same IPv4 space, > except for that provided for in #2 > > > Ted Mittelstaedt > _______________________________________________ > This message sent to you through the ARIN Public Policy Mailing List > (PPML at arin.net). > Manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml From heather.schiller at verizonbusiness.com Tue Jul 3 18:06:47 2007 From: heather.schiller at verizonbusiness.com (Heather Schiller) Date: Tue, 03 Jul 2007 22:06:47 +0000 (GMT) Subject: [ppml] IPv4 "Up For Grabs" proposal In-Reply-To: References: Message-ID: I can't tell if you are just eliciting feedback on an idea, or you want to make this into a formal policy proposal? Policy proposals should be submitted to policy at arin.net - there is a template designed in a way to help to capture the answers to important questions about why the policy should be considered/implemented http://www.arin.net/policy/irpep_template.html After a policy proposal is submitted it is posted to ppml and passed to the AC. There is a whole process (http://www.arin.net/policy/irpep.html) but if you would like some help with a policy proposal, I or any member of the AC would be glad to help. If you just want some feedback.. I can do that too: 1) What is the goal of this policy? 2) Policy term? temporary, permanent, renewable? (would be hard to undo, if people start using it..) WRT the goal of the policy - this seems to reclaim some legacy space to create more 'private' address space, that is, address space that is not globally unique. If the goal is to be able to recover legacy address space, because of impending IPv4 depletion, and to be able to extend the life of IPv4 - this isn't going to get you far. If the space is 'up for grabs and usable by any organization' - you are essentially creating more RFC1918 like space. The point of having registered address space, is so that you know who is using it, and it remains globally unique, which is often important when you start connecting networks together, and most commonly when you want to route it in the "global internet" If OTOH, you want to create more RFC1918/IANA reserved address space, my question to you would be, do we need it? If OTOH, you want to scare legacy folks into signing an RSA.. again my question would be why? and there might be better ways to go about this. --Heather On Tue, 3 Jul 2007, Ted Mittelstaedt wrote: > > Hi All, > > What do you all think of the following proposal idea: > > 1) When all unallocated IPv4 has been exhausted, the RIR's shall review IP > utilization yearly and shall determine when > more than 20% of IPv4 holders are dual-stacked and advertising IPv6 > > 2) When the 20% point has been passed, all RIR's shall remove all > whois and reverse IP records for IPv4 blocks that are assigned to > organizations which have NOT signed an RSA with an RIR for that space > > Legacy holders can sign an RSA at any point beyond this time and > gain whois and reverse assignment records back with an RIR > > 3) IPv4 space not recorded in an RIR shall be considered "Up for Grabs" > No RIR shall assign it, and no RIR shall retain recording assignments of it > except that which a legacy holder decides to bring under RSA. > > 4) "Up for Grabs" IP space will be usable by any organization needing > IPv4 numbering. None of the RIR's will provide any sort of mediation > between competing organizations wanting to use the same IPv4 space, > except for that provided for in #2 > > > Ted Mittelstaedt > _______________________________________________ > This message sent to you through the ARIN Public Policy Mailing List > (PPML at arin.net). > Manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml > From tedm at ipinc.net Tue Jul 3 20:03:46 2007 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Tue, 3 Jul 2007 17:03:46 -0700 Subject: [ppml] IPv4 "Up For Grabs" proposal In-Reply-To: Message-ID: >-----Original Message----- >From: Heather Schiller [mailto:heather.schiller at verizonbusiness.com] >Sent: Tuesday, July 03, 2007 3:07 PM >To: Ted Mittelstaedt >Cc: ARIN PPML >Subject: Re: [ppml] IPv4 "Up For Grabs" proposal > > > >I can't tell if you are just eliciting feedback on an idea, Sorry, I thought the phrase: "What do you all think of the following proposal idea" made that clear. >or you want to >make this into a formal policy proposal? There is no point if there's no will among members to grapple with this issue. As we all know there's been much discussion on this list for the last year or so (probably much longer) about what to do about the upcoming IPv4 runout. It appears to me that one of the fundamental dichotomies is that everyone on this list gives tremendous lip service to the idea that they want everyone to transition to IPv6. IPv6 is the answer I keep reading. Yet, whenever someone proposes anything that might kick-start the transition (because frankly to argue that the transition is happening now is rediculous, at least in the global routing table) they water it down to be worse than useless. And the few who propose anything with real teeth get shouted down. Everyone wants to transition to IPv6 but... nobody is willing to force any IPv4 holders to give up anything nobody is willing to raise fees to make it cost effective to transition to IPv6 nobody is willing to tell anyone they cannot buy-and-sell IPv4 assignments in a kind of huge ebay sale nobody is willing to give the boot to a bunch of freeloading legacy holders that haven't contributed a dime in fees to keep the entire assignment mechanism going - including funding for this very mailing list I might add. and on and on and on. So I thought, why don't I propose a proposal that would ONLY TAKE EFFECT AFTER IPv6 TRANSITION HAS HAPPENED. In other words, I'll make it as easy to follow and as least controversial as possible You cannot argue against it because it only codifies what is going to happen AFTER THE MESS IS OVER. Kind of like saying let's schedule the Kumbiya song around the campfire once every nation has given up war. My feeling is that if the community CANNOT EVEN AGREE WHAT THE POST IPV6 INTERNET IS GOING TO LOOK LIKE, then screw everyone. Because we are all just kidding ourselves that we are ever going to get any kind of policy other than an endless series of useless resolutions exhorting everyone that it Would Be A Real Good Thing To Switch. How can you find out how to get there if you don't even know where you want to get to? > > > If you just want some feedback.. I can do that too: > >1) What is the goal of this policy? > Since nobody can agree how to get TO an IPv6 world, let's stand the problem on it's head. Go as far forward as you want and work BACKWARDS. >2) Policy term? temporary, permanent, renewable? (would be hard to undo, >if people start using it..) > Permanent >WRT the goal of the policy - this seems to reclaim some legacy space to >create more 'private' address space, that is, address space that is not >globally unique. > No, not at all 'Reclamation' ASSUMES THE IP SPACE WILL BE REUSED. I am saying this, why can't we agree that when IPv4 is OVER that the RIR's will GET OUT OF THE BUSINESS OF KEEPING TRACK OF IT. The obvious place to start is with the people who aren't even paying for the RIR's to track it to begin with! What do we owe them once the rest of us are in the IPv6 world? Are you arguing that in a post-IPv4 world that we STILL WANT TO BE ASSIGNING IPv4? WHAT IS THE POINT to transitioning to IPv6 IF WE ARE GOING TO CONTINUE TO ASSIGN IPv4? I might as well ask if I'm an ISP in year 2010 when IPv4 runout has happened, and I need IP addresses, why BOTHER GETTING IPv6? I might as well just wait for a bit until some IPv4 is reclaimed - then get that? I won't have to change my network as much - save quite a bit of money there. >If the goal is to be able to recover legacy address space, because of >impending IPv4 depletion, and to be able to extend the life of IPv4 - this >isn't going to get you far. NO. The OPPOSITE The RIR's have NO authority to dictate what people broadcast into the global BGP table. 20 years from now when IPv4 is over and done with, NOTHING THE RIR's can do can stop someone somewhere from advertising IPv4. So, what are we as a community to do? Let's say that in year 2030, 100% of the original IPv4 organizations are now dual-stacked with both IPv4 and IPv6 advertisements. Some of them are forward looking and are starting to abandon their IPv4 network, they tell ARIN "we aren't paying fees on that anymore, you can reclaim it" What are we going to do with THAT space? Make it available for reassignment to the few slow-as-slug organizations that want to KEEP USING IPv4 and want MORE of it EVEN THEN? are the RIR's going to get into a situation where FOREVER they are going to track IPv4 usage? Forever and ever? If you don't agree with this then put your money where your mouth is and name a date. Just like the bride said to the reluctant groom - if you want to get married, name a date. Or, name some CONCRETE things that are going to happen before we do it. So, OK, maybe 20% is too harsh. Maybe we should wait until 50% of the Internet has switched over to IPv6 before throwing the freeloaders out the door. If you won't agree to a number, or you won't agree to a date, then your just giving lip service to the idea that we are ever going to switchover to IPv6. >If the space is 'up for grabs and usable by >any organization' - you are essentially creating more RFC1918 like space. Exactly. >The point of having registered address space, is so that you know who is >using it, and it remains globally unique, which is often important when >you start connecting networks together, and most commonly when you want to >route it in the "global internet" > >If OTOH, you want to create more RFC1918/IANA reserved address space, my >question to you would be, do we need it? > >If OTOH, you want to scare legacy folks into signing an RSA.. again my >question would be why? and there might be better ways to go about this. > Heather, I'll answer those 3 questions from you with a question of my own to you: WHEN will the RIR's STOP keeping track of IPv4 allocations? When 100% of the Internet is switched over to IPv6? If so, then why not change that to when 90% of the Internet is switched over to IPv6 - to convince the remaining 10% that they need to drop IPv4. And if you agree with this, then why not when 80% is switched over - to convince the remaining 20% to switch over. And if you agree with that, what about when 70% are switched over? and so on? I think you get my drift? What percentage of people have to leave the IPv4 building before your comfortable turning off the lights and saying the IPv4 party is over? Because I will tell you a great secret. we will NEVER REACH that 100% UNTIL YOU HAVE TURNED OUT THE LIGHTS. As long as the RIR's are tracking IPv4 utilization - people will use it on the Internet. And as long as people are using it, there will not be much incentive to STOP using it. And IPv6 transition will be STALLED. Classic catch-22. How do you think it's ever going to be broken? Ted >--Heather > >On Tue, 3 Jul 2007, Ted Mittelstaedt wrote: > >> >> Hi All, >> >> What do you all think of the following proposal idea: >> >> 1) When all unallocated IPv4 has been exhausted, the RIR's shall >review IP >> utilization yearly and shall determine when >> more than 20% of IPv4 holders are dual-stacked and advertising IPv6 >> >> 2) When the 20% point has been passed, all RIR's shall remove all >> whois and reverse IP records for IPv4 blocks that are assigned to >> organizations which have NOT signed an RSA with an RIR for that space >> >> Legacy holders can sign an RSA at any point beyond this time and >> gain whois and reverse assignment records back with an RIR >> >> 3) IPv4 space not recorded in an RIR shall be considered "Up for Grabs" >> No RIR shall assign it, and no RIR shall retain recording >assignments of it >> except that which a legacy holder decides to bring under RSA. >> >> 4) "Up for Grabs" IP space will be usable by any organization needing >> IPv4 numbering. None of the RIR's will provide any sort of mediation >> between competing organizations wanting to use the same IPv4 space, >> except for that provided for in #2 >> >> >> Ted Mittelstaedt >> _______________________________________________ >> This message sent to you through the ARIN Public Policy Mailing List >> (PPML at arin.net). >> Manage your mailing list subscription at: >> http://lists.arin.net/mailman/listinfo/ppml >> > From randy at psg.com Tue Jul 3 20:33:01 2007 From: randy at psg.com (Randy Bush) Date: Tue, 03 Jul 2007 14:33:01 -1000 Subject: [ppml] IPv4 "Up For Grabs" proposal In-Reply-To: References: Message-ID: <468AEABD.7030408@psg.com> > Everyone wants to transition to IPv6 but... > > nobody is willing to force any IPv4 holders to give up anything and these are related how? > nobody is willing to raise fees to make it cost effective to > transition to IPv6 possibly a more convincing approach would be to lower the cost barriers to transitioning to ipv6? and i mean the operational ones, not some artificial address space rental prices. > nobody is willing to tell anyone they cannot buy-and-sell IPv4 > assignments in a kind of huge ebay sale what good would it do and what would it accomplish? > nobody is willing to give the boot to a bunch of freeloading legacy > holders that haven't contributed a dime in fees to keep the entire > assignment mechanism going - including funding for this very mailing > list I might add. and no one is willing to kick out the loudmouth but no brains johnny come latelies freeloading off the decades of work the legacy folk did. and this is productive how? at about age five (some decades ago), my son came back from moving cows from one pasture to the other. he reported "you know, it is easier to lead them from in front with a can of grain than from behind with a stick." there seem to be a lot of supposed grown-ups who have not learned that lesson. randy From owen at delong.com Tue Jul 3 22:27:13 2007 From: owen at delong.com (Owen DeLong) Date: Tue, 3 Jul 2007 19:27:13 -0700 Subject: [ppml] IPv4 "Up For Grabs" proposal In-Reply-To: References: Message-ID: I think it is a phenomenally bad idea. First, once there's a 20% adoption rate on IPv6, there's enough momentum to make most of the other issues around IPv4 a "short-term problem". Given the amount of time we have lived with the status quo, I don't see any advantage to taking action to change it at that point. Item 3 is especially bad because you've basically encouraged vigilante routing as a denial of service attack against legacy holders who choose to boycott the RSA. Encouraging others to such an action (which would in most of North America be considered a violation of law) would subject ARIN not only to very likely civil liability, but, could even subject the corporation to criminal prosecution under some circumstances. IANAL, but, I'm betting Steve Ryan would shoot this policy dead in a heart beat on the legal ramifications alone. Owen On Jul 3, 2007, at 2:37 PM, Ted Mittelstaedt wrote: > > Hi All, > > What do you all think of the following proposal idea: > > 1) When all unallocated IPv4 has been exhausted, the RIR's shall > review IP > utilization yearly and shall determine when > more than 20% of IPv4 holders are dual-stacked and advertising IPv6 > > 2) When the 20% point has been passed, all RIR's shall remove all > whois and reverse IP records for IPv4 blocks that are assigned to > organizations which have NOT signed an RSA with an RIR for that space > > Legacy holders can sign an RSA at any point beyond this time and > gain whois and reverse assignment records back with an RIR > > 3) IPv4 space not recorded in an RIR shall be considered "Up for > Grabs" > No RIR shall assign it, and no RIR shall retain recording > assignments of it > except that which a legacy holder decides to bring under RSA. > > 4) "Up for Grabs" IP space will be usable by any organization needing > IPv4 numbering. None of the RIR's will provide any sort of mediation > between competing organizations wanting to use the same IPv4 space, > except for that provided for in #2 > > > Ted Mittelstaedt > _______________________________________________ > This message sent to you through the ARIN Public Policy Mailing List > (PPML at arin.net). > Manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml From martin.hannigan at batelnet.bs Tue Jul 3 23:55:30 2007 From: martin.hannigan at batelnet.bs (Martin Hannigan) Date: Tue, 03 Jul 2007 23:55:30 -0400 Subject: [ppml] Policy Proposal: Resource Reclamation Incentives Message-ID: <468b1a32.9c.5fd6.2376@batelnet.bs> ----- Original Message ----- From: "Ted Mittelstaedt" To: "Dean Anderson" , "Owen DeLong" Cc: PPML at arin.net Subject: Re: [ppml] Policy Proposal: Resource Reclamation Incentives Date: Tue, 3 Jul 2007 14:28:08 -0700 > > A US court has no jurisdiction over North America. ARIN > is not assigning IP numbers for the US, they are assigning > them for North America. > Archimedes Plutonium? -M< From JOHN at egh.com Wed Jul 4 00:52:17 2007 From: JOHN at egh.com (John Santos) Date: Wed, 4 Jul 2007 00:52:17 -0400 Subject: [ppml] Policy Proposal: Resource Reclamation Incentives In-Reply-To: Message-ID: <1070704004435.10161C-100000@Ives.egh.com> On Tue, 3 Jul 2007 michael.dillon at bt.com wrote: > > > - Specifically, that their space cannot be revoked for > > failing to use > > it. > > That is going to be intractable as we get closer to IPv4 exhaustion. > When ISP X is facing losses of millions of dollars due to the fact that > ARIN has no more addresses to give, and it is known that ISP Y has an > unused hoard, then what happens. Define "used" and "unused". > > Perhaps ISP X simply "borrows" ISP Y's hoard. Will Y go to court and > argue that X can't do that because ARIN's whois shows that these are Y's > addresses? Will X argue that Y has no right to addresses because they > are not an ARIN member and have no contract with ARIN, therefore no > expectation of service from ARIN? Will the court revoke all of Y's > addresses? Will the court order Y to return unused addresses to ARIN > because they are, by proxy, causing ARIN to materially damage X's > business? What if Exxon wants to drill for oil in my back yard because, hey, I'm not doing it. Am I materially damaging Exxon's profits by not allowing them to drill? > > The complexity makes your head spin. In general, courts are supposed to > be a last resort after the parties have sat down, discussed the issue, > and tried to hammer out an agreement. Can Y really be said to have done > this if Y has not joined ARIN, signed the RSA, returned excessive unused > addresses and made and honest attempt to comply with ARIN policy? ARIN > is not just a 3rd party here; ARIN is the forum in which all parties > come together and hammer out the mutual agreement to shared these > limited resources. Y got its IP addresses according to the rules, before ARIN existed. ARIN can't just arbitrarily change the rules on them, whatever you want it to do. > > Organizations which do not enagage with each other in ARIN are the > rogues who refuse to negotiate. No, in Y's view, ARIN is the rogue that is trying to change the rules out from under it. > > It's hard to predict the legal outcomes but one thing is certain, any > organizations which persist in refusing to join ARIN will suffer the > consequences of a lot of negative publicity as we get closer to IPv4 > exhaustion. Even if they don't don the black hat and get involved in a > court case, these organizations will be tarred with a nasty brush. In > particular the larger ones with class A and B allocations because one > would expect them to have the most capability for implementing IPv6 and > reducing their consumption of IPv4 addresses. Actually, ARIN's lawyer apparently has predicted the legal outcome, and his prediction is that ARIN would lose... > > > - Turn in your existing bucket of disjoint small netblocks for > > one large, aggregateable netblock. > > Hmmm... Thought experiment. > Entity A has acquired 300 class C address blocks. None of these are used Define "used"... > at all, just acquired. Entity A goes to ARIN and turns in their 300 > class C's in return for a /16 which is 256 /24 equivalents, therefore it > is less than their original hoard. Now Entity A markets itself to > organizations who are concerned about the pending IPv4 shortage. They > manage to rake in 6 figures for their shell company and the buyer gets a > /16 to use. Sale is timed to close shortly after the buyer gets their > next ARIN allocation. > > Obviously this could only occur if Entity A does not have to fully > justify their space. Currently the wording of the policy does allow for > this loophole. > > I can't help but think that we would make better policy if we started > out with use-cases and requirements rather than diving straight into the > specific text of a policy. > > --Michael Dillon > _______________________________________________ > This message sent to you through the ARIN Public Policy Mailing List > (PPML at arin.net). > Manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml > > -- John Santos Evans Griffiths & Hart, Inc. 781-861-0670 ext 539 From michael.dillon at bt.com Wed Jul 4 05:47:53 2007 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Wed, 4 Jul 2007 10:47:53 +0100 Subject: [ppml] Policy Proposal: Resource Reclamation Incentives In-Reply-To: References: <468a580a.222.4ae3.26333@batelnet.bs><20070703143944.GA77690@ussenterprise.ufp.org> Message-ID: > I think that for most legacy holders, the "Fees" issue is a > matter of principle or a minor issue. I think that the real > issues from the legacy holder perspective are: > > - I don't get any benefit from signing an RSA You become a legitimate holder of IPv4 address allocations. > - It subjects me to policies that could force me > to renumber It frees you from being forced to renumber when some other company decides to "borrow" your addresses due to IPv4 address shortages. > - It subjects me to policies that could change at any time It gives you a formal vote in ARIN policies and since you are now a legitimate holder of address resources, other ARIN members are more likely to listen to your point of view. > - It potentially limits my options in terms of > what I can do > with my address space The only option I can see that disappears is the option to sell the addresses and this is pretty marginal if they are not legitimately registered with ARIN. > - It costs me money Money is not an issue here. The sums are nominal. It can cost a lot more in lawyers fees or forced renumbering when (not if) someone takes your addresses as we reach the point of IPv4 exhaustion. > I think it provides some encouragement towards reclamation. > I think that gentle reclamation efforts allowing people to > return address space in whatever size chunks they are willing > to and on whatever timetable they are willing to is more > likely to result in reclamation than policies which attempt > to force the issue. You seem to be presenting "reclamation" as a positive thing which we should bend over backwards to encourage and entice. I take a different view. Reclamation is an obligation under ARIN policies which require companies to *JUSTIFY* their address allocations. When that justification disappears, likely due to IPv6 migration, companies have an obligation to return the addresses to ARIN. It is not too late for a controlled migration combined with reclamation to prevent IPv4 exhaustion entirely. --Michael Dillon From michael.dillon at bt.com Wed Jul 4 05:59:51 2007 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Wed, 4 Jul 2007 10:59:51 +0100 Subject: [ppml] Policy Proposal: Resource Reclamation Incentives In-Reply-To: <468A8EB0.1040405@psg.com> References: <468a580a.222.4ae3.26333@batelnet.bs> <468A64BF.6040402@kl.net><014001c7bd8d$e716fbb0$543816ac@atlanta.polycom.com> <468A7814.3090301@rollernet.us><03f501c7bd9a$c080aca0$543816ac@atlanta.polycom.com> <468A8EB0.1040405@psg.com> Message-ID: > the world has changed. we would like to change those > contracts. well, we're gonna have to *negotiate* that. and > acting unilaterally or arbitrarily will only polarize and > make a mess we just don't need. We have been negotiating. Many legacy holders have turned in addresses or signed the RSA. Stanford University is one place that did the work of renumbering to return addresses. In any case, at some point we have to say enough is enough. We give people the opportunity to play ball but when they refuse to come on board, we have to act unilaterally. I believe that we are now at the point, due to IPv4 exhaustion being so near, where we have to give people ONE LAST CHANCE, and after that act unilaterally. We won't be acting arbitrarily because ARIN is an open organization and any actions will be discussed openly until we come to a consenus. This is our strength and I believe that when ARIN finally does act, it won't polarize anthing and will not create a mess. --Michael Dillon From michael.dillon at bt.com Wed Jul 4 06:05:13 2007 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Wed, 4 Jul 2007 11:05:13 +0100 Subject: [ppml] IPv4 "Up For Grabs" proposal In-Reply-To: References: Message-ID: > What do you all think of the following proposal idea: First of all let me congratulate you for putting the horse before the cart. In order to give legacy holders one last chance, I think we need a frank and open discussion before we decide on the specifics of a policy proposal. Once we get to a rough consensus on how to give people one last chance and how to act unilaterally, then we can word a policy proposal that will achieve that. In particular, before writing the policy proposal, we need to review any proposed actions against the existing policy set, to make sure that we cover everything that needs to be covered. We also need to check that we are withing the framework of what can be done through policy, i.e. we cannot set any fees. --Michael Dillon From michael.dillon at bt.com Wed Jul 4 06:44:22 2007 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Wed, 4 Jul 2007 11:44:22 +0100 Subject: [ppml] Policy Proposal: Resource Reclamation Incentives In-Reply-To: <1070704004435.10161C-100000@Ives.egh.com> References: <1070704004435.10161C-100000@Ives.egh.com> Message-ID: > Y got its IP addresses according to the rules, before ARIN existed. > ARIN can't just arbitrarily change the rules on them, > whatever you want it to do. Changing the rules is not necessarily aritrary. ARIN can and does change the rules but it does so in an open and consultative manner. > > Organizations which do not enagage with each other in ARIN are the > > rogues who refuse to negotiate. > > No, in Y's view, ARIN is the rogue that is trying to change > the rules out from under it. ARIN is not merely a 3rd party. ARIN is the forum in which all IP networking industry participants discuss issues and reach a consensus on how the shared resources will be managed. The courts have already recognized that ARIN is not a rogue organization. > Actually, ARIN's lawyer apparently has predicted the legal > outcome, and his prediction is that ARIN would lose... Where is that? Here are some words that ARIN's lawyer did say quoted from http://www.arin.net/meetings/minutes/ARIN_XVIII/ppm1_transcript.html (Search for RYAN to find his words) ----- We received the order approximately two years after it had been issued. It was provided to us in a formal way, and Mr. Kremen asked us to obey the order. That is, to revoke the IP resources that were held by Mr. Cohen and transfer them to Mr. Kremen. We agreed to do so, so long as Mr. Kremen would do what all of you have done since ARIN began in 1998, which is apply for the resources and sign the normal RSA. Mr. Kremen refused to do that and has refused to the current date. His theory is that he doesn't have to do that because he has a court order, and our theory is that we have a certain set of rules and requirements, and that you have to obey the rules and requirements of the community, and we don't read the court order as giving Mr. Kremen a permanent pass from the rules that all of you obey. ... We revoked resources that were held by Mr. Cohen or his associates that were covered by the 2001 order when they were not paid for. In other words, by our own processes, we were very aggressively trying to recover these resources so that they weren't out there. ... First, we've gone back to the court and said that the court in its 2001 order ought to consider modifying the order to make it clear that Mr. Kremen, like everyone else, has to sign an RSA and has to pay for the resources in the future. ... One is that Mr. Kremen is a legacy address holder. He has legacy address blocks. ----- Then in http://www.arin.net/media/clarification-granted.pdf the judge says: ----- 1. Kremen shall submit a Registration Services Transfer Application ("Application") to request a transfer of the IP Resources identified as Blocks 1, 3, and 4 above; 2. ARIN shall approve Kremen's Application for Blocks 1, 3, and 4, once received. ARIN shall afford Kremen the option of signing Registration Services Agreement 2, 3, or 9, as described above; 3. Once Kremen has signed RSA 2, 3, or 9, ARIN shall immediately revoke Blocks 1 and 4 from their current recipients. ARIN shall transfer Blocks 1, 3, and 4 to Kremen; 4. In lieu of Block 5, which is no longer within ARIN's control, ARIN shall provide a substitute ASN to Kremen. ARIN's transfer of this ASN to Kremen shall be on the same terms as its transfer of Blocks 1, 3, and 4; 5. ARIN will not be required to revoke Block 2, as that IP Resource has never been within ARIN's control; 6. Kremen will not be responsible for overdue payments regarding the IP Resources described in this Order prior to the date of this Order, but shall be responsible for paying ARIN for routine services hereafter, pursuant to the terms of his RSA with ARIN; 7. If, for any reason related to its policies, ARIN cannot comply in transferring or issuing the IP Resources described in this Order, ARIN will notify the Court immediately so that the Court can consider what, if any, remedial action. ----- The fact is that ARIN may never end up in court even if it does take unilateral action. And when ARIN does end up in court, the decisions will be made based on the details of the case, not broad brushstrokes that we discuss on a mailing list. ARIN does have expert legal advice and it is unlikely that ARIN will take unilateral action that is clearly untenable in the law. However, the law is notorious for grey areas and the legal system does include appellate courts and the Supreme court as well as international adjudication venues (treaties like NAFTA, ICJ in the Hague). ARIN could conceivable lose at first and win later. When we reach the point where IPv4 addresses are really scarce, the NAFTA tribunal could rule that this is in effect a hidden subsidy, and the DOC will knock on ARIN's door and ask politely could ARIN please revoke legacy resources and reallocate them to organizations who have signed the RSA and have paid their fees. It's all about an open and level playing field. --Michael Dillon From owen at delong.com Wed Jul 4 12:19:24 2007 From: owen at delong.com (Owen DeLong) Date: Wed, 4 Jul 2007 09:19:24 -0700 Subject: [ppml] Policy Proposal: Resource Reclamation Incentives In-Reply-To: References: <468a580a.222.4ae3.26333@batelnet.bs><20070703143944.GA77690@ussenterprise.ufp.org> Message-ID: <658BD299-6F7F-4CDD-80C8-6D54C8384F7C@delong.com> On Jul 4, 2007, at 2:47 AM, wrote: > > >> I think that for most legacy holders, the "Fees" issue is a >> matter of principle or a minor issue. I think that the real >> issues from the legacy holder perspective are: >> >> - I don't get any benefit from signing an RSA > > You become a legitimate holder of IPv4 address allocations. > Whether you like it or not legacy holders are already legitimate holders of IPv4 address allocations. >> - It subjects me to policies that could force me >> to renumber > > It frees you from being forced to renumber when some other company > decides to "borrow" your addresses due to IPv4 address shortages. > I have no reason to believe that will happen. >> - It subjects me to policies that could change at any time > > It gives you a formal vote in ARIN policies and since you are now a > legitimate holder of address resources, other ARIN members are more > likely to listen to your point of view. > I have as much input on ARIN policies now as I would have then. What I might gain, if I joined ARIN as a member, would be a vote on items discussed in the members meetings and the right to vote for certain representatives. However, I can become an ARIN member without signing an RSA, so, again, this is not a benefit of signing an RSA. >> - It potentially limits my options in terms of >> what I can do >> with my address space > > The only option I can see that disappears is the option to sell the > addresses and this is pretty marginal if they are not legitimately > registered with ARIN. > The option to sell the address space doesn't exist today. However, currently, the only way for ARIN to reclaim my addresses is through my voluntary surrender. Otherwise, ARIN has no right to them and no ability to "manage" them. ARIN is just a record keeper. If I sign the current RSA, then, ARIN has the right of reclamation if my address usage no longer meets ARIN policy. This can happen whether that is a result of my changing usage _OR_ ARIN's changing policy. Today, I have no reason to fear ARIN policy changes... They do not affect me. If I sign an RSA, that changes. >> - It costs me money > > Money is not an issue here. The sums are nominal. It can cost a lot > more > in lawyers fees or forced renumbering when (not if) someone takes your > addresses as we reach the point of IPv4 exhaustion. > Likely, I will recover the lawyers fees as part of the lawsuit. More likely, most ISPs will respect the original assignment and the lawsuit won't really be necessary. Even more likely, the person attempting to steal my addresses will soon realize that all they are accomplishing is a DOS attack on me and that the addresses are unusable by them as well. In the situation you describe, all that will happen is nobody can use the address. Not the legitimate legacy holder and not the later usurper. >> I think it provides some encouragement towards reclamation. >> I think that gentle reclamation efforts allowing people to >> return address space in whatever size chunks they are willing >> to and on whatever timetable they are willing to is more >> likely to result in reclamation than policies which attempt >> to force the issue. > > You seem to be presenting "reclamation" as a positive thing which we > should bend over backwards to encourage and entice. I take a different > view. Reclamation is an obligation under ARIN policies which require > companies to *JUSTIFY* their address allocations. When that > justification disappears, likely due to IPv6 migration, companies have > an obligation to return the addresses to ARIN. > Companies that are not recipients of resources from ARIN have no obligation to ARIN whatsoever. I really do not understand where people have developed the perspective that ARIN controls all of this address space. ARIN volunteered to keep records for this space. The do not control it unless the current holder voluntarily returns it to ARIN or joins the ARIN process by voluntarily signing an RSA. Until one of those two things happen, they have a permanent non-transferable right to use those addresses and ARIN has no right to them. > It is not too late for a controlled migration combined with > reclamation > to prevent IPv4 exhaustion entirely. > You cannot prevent IPv4 exhaustion entirely. For one thing, nothing leads me to believe that IPv6 will achieve anything remotely resembling critical mass prior to IPv4 exhaustion, regardless of how far you put off IPv4 exhaustion. Owen From owen at delong.com Wed Jul 4 12:33:53 2007 From: owen at delong.com (Owen DeLong) Date: Wed, 4 Jul 2007 09:33:53 -0700 Subject: [ppml] Policy Proposal: Resource Reclamation Incentives In-Reply-To: References: <1070704004435.10161C-100000@Ives.egh.com> Message-ID: The Kremen case is very different from what we are talking about here. In the Kremen case, Kremen already held legacy addresses, but, he was attempting to transfer Cohen's non-legacy addresses. He tried to claim that because he held legacy addresses, he should be able to transfer Cohen's non-legacy addresses without signing an RSA. Of course that's bunk. Even if you attempt to transfer legacy addresses, you have to sign an RSA and the addresses are as part of the transfer process brought under ARIN management. Now, let's take a better look at the situation we are really discussing: 1. Party Y receives addresses from the legitimate registry of the day prior to ARIN's existence. 2. Party Y legitimately believes that those addresses were granted to him in perpetuity without fee so long as party Y chose to retain them with the following restrictions: A. Non-transferrable except through substantial acquisition. B. In the event of substantial acquisition, the transfer would have to be processed and approved by the current registry. 3. Party Y's belief matches the policies and general attitudes of the registry at the time when the addresses were issued to party Y. 4. ARIN comes along later and doesn't really like the way these grants were made. 5. ARIN has no actual relationship with party Y. 6. Party Y does not choose to establish a relationship with ARIN. Please, now, explain to me why you think that ARIN has any right to usurp Party Y's grant? Owen From mysidia at gmail.com Thu Jul 5 08:55:04 2007 From: mysidia at gmail.com (James Hess) Date: Thu, 5 Jul 2007 07:55:04 -0500 Subject: [ppml] IPv4 "Up For Grabs" proposal In-Reply-To: References: Message-ID: <6eb799ab0707050555k18e4a4d5wb6d9f1949fb1b0d9@mail.gmail.com> > 4) "Up for Grabs" IP space will be usable by any organization needing > IPv4 numbering. None of the RIR's will provide any sort of mediation > between competing organizations wanting to use the same IPv4 space, > except for that provided for in #2 It's not that ARIN can't do that, it's that I don't think it makes sense to do that. Essentially, I wonder how "no stewardship at all," by intending to incite chaos over some addresses, counts as responsible stewardship, as per ARIN's mission. However, in case the policy were implemented that way... Once random orgs start trying to pick at "up for grabs space", I worry if there's much to keep the up-for-grabbers away from doing the same, trying to use space that was actually legitimately assigned by the current registry, but the org doesn't "think" is being used. I expect ARIN could lose legitimacy not only with the legacy holders, but a lot of people out there, who rely on there not being total and utter addressing chaos. Recall.. ARIN/etc is not the actual mechanism that allows or disallows an organization from using address space. The registry itself can't prevent two determined parties from trying to use the same addresses, that is not the function of ARIN.; Only if they are both registrants, can it help, and that is only done only by making sure not to assign the two registrants the same addresses. Possibly, if providers found that ARIN said "anything goes" for the legacy assignments, the providers would just come up with their own ad-hoc rules to pick up where ARIN left a big hole. I.E. some of the legacy registrants would become further solidified, when their providers develop ad-hoc filters to discard attempts by "rogue orgs" to announce prefixes that would be "up for grabs" according to ARIN (rogue orgs being anything other than the legacy holder). Otherwise, the IP address would no longer be globally unique, making it useless to everyone. Now all the legacy holders would suddenly have a justifiable need for new addressing, they may even be able to justify larger assignments than they had before. Exhaustion could occur even more quickly at that point. ARIN only provides the service of assuring registrants that their assignments are unique among other registrants, which is a pre-requisite for their networks being able to communicate with each other. It is providers themselves that respect whatever ARIN's registry says a range is assigned to. I think they know better than to accept "up for grabs". Either that means the addresses become useless, or the consequence is the legacy holder gets them permanently, even if the legacy holder later decides to return addresses, filters may remain in place all over the world. It's not hard to have chaos, but how can you have it one little range of addresses and really be assured of not have it all over the place? -- -J From jcurran at istaff.org Thu Jul 5 09:24:14 2007 From: jcurran at istaff.org (John Curran) Date: Thu, 5 Jul 2007 09:24:14 -0400 Subject: [ppml] Policy Proposal: Resource Reclamation Incentives In-Reply-To: References: <1070704004435.10161C-100000@Ives.egh.com> Message-ID: Folks - There will be legal review of the policy proposal via the IRPEP; I would recommend focusing on the desired policy outcome rather than constraining policy in advance based on potential legal issues. If it turns out that we can't move ahead with a policy due to the legal aspects, it's still very valuable to know what the desired outcome of the public policy process is... /John From tedm at ipinc.net Thu Jul 5 13:19:02 2007 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Thu, 5 Jul 2007 10:19:02 -0700 Subject: [ppml] IPv4 "Up For Grabs" proposal In-Reply-To: <468AEABD.7030408@psg.com> Message-ID: >-----Original Message----- >From: Randy Bush [mailto:randy at psg.com] >Sent: Tuesday, July 03, 2007 5:33 PM >To: Ted Mittelstaedt >Cc: ARIN PPML >Subject: Re: [ppml] IPv4 "Up For Grabs" proposal > > >at about age five (some decades ago), my son came back from moving cows >from one pasture to the other. he reported "you know, it is easier to >lead them from in front with a can of grain than from behind with a >stick." there seem to be a lot of supposed grown-ups who have not >learned that lesson. > No, the grownups have learned that you can get more cooperation with a kind word and a 2x4 than just a kind word. Obviously people like you won't learn anything until your face is rubbed in it. As I kind of expected. So, I'll wait - and a decade from now when IPv4 runout is a dim memory and everyone is bemoaning how the major networks still haven't switched over, then perhaps you will learn then. Ted From tedm at ipinc.net Thu Jul 5 13:45:40 2007 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Thu, 5 Jul 2007 10:45:40 -0700 Subject: [ppml] IPv4 "Up For Grabs" proposal In-Reply-To: Message-ID: >-----Original Message----- >From: Owen DeLong [mailto:owen at delong.com] >Sent: Tuesday, July 03, 2007 7:27 PM >To: Ted Mittelstaedt >Cc: ARIN PPML >Subject: Re: [ppml] IPv4 "Up For Grabs" proposal > > >I think it is a phenomenally bad idea. First, once there's a 20% >adoption >rate on IPv6, there's enough momentum to make most of the other issues >around IPv4 a "short-term problem". So then, what's the problem with instituting such a policy if it's all just going to be short term? >Given the amount of time we have >lived with the status quo, I don't see any advantage to taking action to >change it at that point. > >Item 3 is especially bad because you've basically encouraged vigilante >routing as a denial of service attack against legacy holders who choose >to boycott the RSA. So you are saying that legacy holders boycotting the RSA is a good thing? How can a legacy holder boycott the RSA anyway, since they have to sign one in order to get an IPv6 allocation? Unless of course they intending never getting IPv6 and just running IPv4 forever. Oh I forgot, you were advocating that legacy holders don't even have to sign an RSA to get IPv6. I guess your true colors are showing Owen, you simply want the same situation perpetuated with the legacy holders that they already have, namely, that the legacy holders get any kind of numbering allocations for free in perpetuity. > Encouraging others to such an action (which would >in most of North America be considered a violation of law) would subject >ARIN not only to very likely civil liability, but, could even subject >the >corporation to criminal prosecution under some circumstances. IANAL, >but, I'm betting Steve Ryan would shoot this policy dead in a heart >beat on the legal ramifications alone. > Choosing to not speak on an issue is not "encouraging" You assume that the only thing that is preventing so-called "vigilante routing" as you call it from happening right now, is because the RIR's are keeping track of things. Here in the US (I really wonder if your in the US since you show such ignorance of the law) it is illegal to take a horse and buggy out onto an Interstate highway. Why? Because they are obsolete. The governing bodies that govern vehicle registration (ie: the States) have no laws that cover buggy registration for Interstate highway travel. I am proposing exactly the same thing. IPv4 will eventually be obsolete. The RIR's do not keep track of Arcnet addressing schemes because that is obsolete - the Internet has long grown beyond that numbering system. When IPv4 becomes obsolete the RIR's will have no business keeping track of IPv4 numbering either. Fundamentally I am saying let's make that policy right now. If you believe that 20% IPv6 adoption isn't sufficient enough to call IPv4 obsolete, then what about 40% IPv6 adoption? If that's not enough, what about 60% adoption? Either you want the RIR's to keep track of IPv4 forever - in which case the legacy holders could simply choose to never adopt IPv6 and the Internet would be stuck in dual-stack mode forever - or you must agree that at some point the RIR's stop keeping track of it. If you do agree the RIR's stop keeping track of it at some point, then what conditions must exist for that point to be reached? Ted >Owen > >On Jul 3, 2007, at 2:37 PM, Ted Mittelstaedt wrote: > >> >> Hi All, >> >> What do you all think of the following proposal idea: >> >> 1) When all unallocated IPv4 has been exhausted, the RIR's shall >> review IP >> utilization yearly and shall determine when >> more than 20% of IPv4 holders are dual-stacked and advertising IPv6 >> >> 2) When the 20% point has been passed, all RIR's shall remove all >> whois and reverse IP records for IPv4 blocks that are assigned to >> organizations which have NOT signed an RSA with an RIR for that space >> >> Legacy holders can sign an RSA at any point beyond this time and >> gain whois and reverse assignment records back with an RIR >> >> 3) IPv4 space not recorded in an RIR shall be considered "Up for >> Grabs" >> No RIR shall assign it, and no RIR shall retain recording >> assignments of it >> except that which a legacy holder decides to bring under RSA. >> >> 4) "Up for Grabs" IP space will be usable by any organization needing >> IPv4 numbering. None of the RIR's will provide any sort of mediation >> between competing organizations wanting to use the same IPv4 space, >> except for that provided for in #2 >> >> >> Ted Mittelstaedt >> _______________________________________________ >> This message sent to you through the ARIN Public Policy Mailing List >> (PPML at arin.net). >> Manage your mailing list subscription at: >> http://lists.arin.net/mailman/listinfo/ppml > > From arin-contact at dirtside.com Thu Jul 5 13:51:18 2007 From: arin-contact at dirtside.com (William Herrin) Date: Thu, 5 Jul 2007 13:51:18 -0400 Subject: [ppml] Policy Proposal: Resource Reclamation Incentives In-Reply-To: <371EB4EE-C2FE-46CD-BAF9-DB35937B572A@delong.com> References: <371EB4EE-C2FE-46CD-BAF9-DB35937B572A@delong.com> Message-ID: <3c3e3fca0707051051p6d9de6d9v6d3abe4591ed2be@mail.gmail.com> On 6/28/07, Owen DeLong wrote: > Here's an attempt to partially drain the swamp and create some > incentives > for legacy holders to both return available IPv4 space and start using > IPv6. Owen, I don't object to your proposal but I question its value. I'm a legacy registrant with a /23 down in the swamp and until a couple years ago I was the lead engineer for a registrant holding two legacy /18's. The policy offered by your proposal does not appeal to me in either role. As a /23 holder, why should I return the /23 or part of it (a /24)? I pay ARIN nothing now so a fee waiver is meaningless. A full fee waiver for the initial assignment of an IPv6 block might be nice but I'd want a more definite statement than "if you qualify" before both making the effort to apply and turning in IPv4 addresses. As the engineer for the /18s registrant, I recognize that renumbering folks out of part of that space is a major undertaking. It will cost me many thousands of dollars of manpower and will impose additional and unexpected engineering costs on my customers leading some to reconsider their service contracts. Even if I approach it opportunistically and just don't reallocate space in a particular part of the block when old customers depart, I fail to see how giving up precious IPv4 space (and doubly-precious fee-free legacy space) could possibly be compensated by saving a pittance on my new IPv6 block. It just doesn't make good business sense. I don't want to be the kind of guy who just says, "No!" so what would it take to get me to sign an RSA, turn in part of my space or both? Before I'd step forward with my legacy registration and either sign an RSA or give back part of it, at least one of two things would have to be true: 1. I'd have to realize some appreciable gain for my activity, to offset the loss. What if, for example, I could trade up to a /48 of IPv6 addresses with no initial assignment fee and no justification for each /24 of IPv4 addresses I turn in with the requirements that I also place any retained IPv4 addresses under the RSA and that do so no later than 12/31/2008? Now you have a real enticement. I can get something cheaply now that may not be available later at any price but I have to behave in a way that meaningfully benefits the community to get it. 2. My action would have to REDUCE future uncertainty about the status of my registration. At present, ARIN guarantees that legacy assignments will be managed under the policies then active while assignments under the RSA are subject to whatever policies we folks here on ppml can convince the board to implement. Thus signing an RSA and undertaking related activities would serve to INCREASE my uncertainty around continued holding of the address space. On the other hand, I presently have no contractual rights associated with my legacy registration. Any rights I might have had expired with the implied contract with Network Solutions when they quit the IP registry business. ARIN has chosen to obligate itself to maintain that registration, but if they reinterpret that obligation to my disadvantage I might not even have standing to sue. If I could sign a modified RSA that contractually obligated both ARIN and I to follow the policies in place today but exempted me from any future policy until such a time as I found it advantageous to accept the regular RSA, that might well REDUCE the uncertainty associated with my registration. As a legacy registrant, I would at least find it worth considering. Offered as food for thought. Regards, Bill Herrin -- William D. Herrin herrin at dirtside.com bill at herrin.us 3005 Crane Dr. Web: Falls Church, VA 22042-3004 From dogwallah at gmail.com Thu Jul 5 13:51:33 2007 From: dogwallah at gmail.com (McTim) Date: Thu, 5 Jul 2007 20:51:33 +0300 Subject: [ppml] IPv4 "Up For Grabs" proposal In-Reply-To: References: Message-ID: On 7/4/07, Ted Mittelstaedt wrote: > > Hi All, > > What do you all think of the following proposal idea: I think it's asking for chaos. -- Cheers, McTim $ whois -h whois.afrinic.net mctim From james at towardex.com Thu Jul 5 13:59:36 2007 From: james at towardex.com (James Jun) Date: Thu, 5 Jul 2007 13:59:36 -0400 Subject: [ppml] IPv4 "Up For Grabs" proposal In-Reply-To: References: Message-ID: <014a01c7bf2e$4e589ee0$1efc5dd8@HCMC.local> > Either you want the RIR's to keep track of IPv4 forever You are confused. RIR's keep track of their subscriber numbering resources (in IPv4 and IPv6). Legacy owners who are not members of the RIR are beyond the scope of RIR responsibility. If you want your policy proposal to have any chance of consideration, you will have better luck submitting such proposal to the NRO for global adoption and provide input to the IANA. Ignorantly assuming that somehow legacy holders are ARIN responsibility just because they are in ARIN region is not helpful. > - in which case > the legacy holders could simply choose to never adopt IPv6 and the > Internet > would be stuck in dual-stack mode forever Who cares if they choose to not adopt IPv6? People can continue to run Arcnet and Token Ring as long as they have a need to, same goes for IPv4->IPv6. It is *their* responsibility as operator of their own network to ensure that their customers and majority of Internet public as whole can get to their services -- which means, they will be the ones responsible for dual-stacking, not you (which by the way you still haven't even received your IPv6 block from ARIN, why are you even advocating crazy rules when you don't even care about IPv6?) or anyone else. > - or you must agree that at some > point the RIR's stop keeping track of it. If you do agree the RIR's stop > keeping track of it at some point, then what conditions must exist for > that > point to be reached? RIR's are already not keeping track of legacy holders, simply because they are not members controlled by the RIR. The legacy holders can certainly apply to become a member by signing an RSA, which then their addr space would come under RIR's policies and be tracked in accordance to RIR policies. James From owen at delong.com Thu Jul 5 14:30:08 2007 From: owen at delong.com (Owen DeLong) Date: Thu, 5 Jul 2007 11:30:08 -0700 Subject: [ppml] IPv4 "Up For Grabs" proposal In-Reply-To: References: Message-ID: <3889FEE9-5D5B-4BEA-A716-216F9DAB54D7@delong.com> On Jul 5, 2007, at 10:45 AM, Ted Mittelstaedt wrote: > > >> -----Original Message----- >> From: Owen DeLong [mailto:owen at delong.com] >> Sent: Tuesday, July 03, 2007 7:27 PM >> To: Ted Mittelstaedt >> Cc: ARIN PPML >> Subject: Re: [ppml] IPv4 "Up For Grabs" proposal >> >> >> I think it is a phenomenally bad idea. First, once there's a 20% >> adoption >> rate on IPv6, there's enough momentum to make most of the other >> issues >> around IPv4 a "short-term problem". > > So then, what's the problem with instituting such a policy if it's > all just going to be short term? > Because most of the other issues being a short term problem means there's no need for such a policy. It doesn't mean the phenomenally large problem set with this proposal disappears. >> Given the amount of time we have >> lived with the status quo, I don't see any advantage to taking >> action to >> change it at that point. >> >> Item 3 is especially bad because you've basically encouraged >> vigilante >> routing as a denial of service attack against legacy holders who >> choose >> to boycott the RSA. > > So you are saying that legacy holders boycotting the RSA is a good > thing? No. I'm saying that launching a denial of service attack against them is an even worse thing. > How can a legacy holder boycott the RSA anyway, since they have to > sign one > in order to get an IPv6 allocation? Unless of course they > intending never > getting IPv6 and just running IPv4 forever. Signing an RSA for new IPv6 space _DOES_ _NOT_ subject your existing IPv4 space to that RSA. Also, it is quite a viable option, actually, for them to run IPv4 and IPv6 dual-stack using 6to4 addresses in native IPv6 mode which is permitted under the RFC. > > Oh I forgot, you were advocating that > legacy holders don't even have to sign an RSA to get IPv6. > Please show me one place where I have advocated such a thing. I have never advocated that and your accusations here are baseless and misleading at best. > I guess your true colors are showing Owen, you simply want the same > situation perpetuated with the legacy holders that they already have, > namely, that the legacy holders get any kind of numbering > allocations for > free in perpetuity. > Hardly. I just want to recognize what is and isn't possible and do the best we can with the situation we have. There really is little point in wasting the monumental amount of effort and capital that it would take to (probably fail in the) attempt to revoke legacy IPv4 resources. By the time all the court battles were done, the reclamation of legacy IPv4 resources would probably not be of substantial benefit to the community. I have no desire to grant legacy holders any new assignments or allocations without signing an RSA. In fact, my proposal specifically required legacy holders who wanted to have their fees on IPv6 resources waived for up to 5 years not only receive that IPv6 resource under an RSA, but, also bring ALL of their existing IP resources under RSA. >> Encouraging others to such an action (which would >> in most of North America be considered a violation of law) would >> subject >> ARIN not only to very likely civil liability, but, could even subject >> the >> corporation to criminal prosecution under some circumstances. IANAL, >> but, I'm betting Steve Ryan would shoot this policy dead in a heart >> beat on the legal ramifications alone. >> > > Choosing to not speak on an issue is not "encouraging" You assume > that > the only thing that is preventing so-called "vigilante routing" as you > call it from happening right now, is because the RIR's are keeping > track > of things. > Marking the addresses as "up for grabs" and having a policy discussion on record describing "up for grabs" the way you already have would certainly hold up as "encouraging". Actually, besides the RIRs there are a number of other resources that track these, including, but, not limited to completewhois. What actually prevents this vigilante routing is well behaved ISPs. The number of not-so-well behaved ISPs is why so much of it occurs anyway. > Here in the US (I really wonder if your in the US since you show such > ignorance of the law) it is illegal to take a horse and buggy out onto > an Interstate highway. Why? Because they are obsolete. The > governing > bodies > that govern vehicle registration (ie: the States) have no laws that > cover > buggy registration for Interstate highway travel. I am proposing > exactly > the same thing. IPv4 will eventually be obsolete. The RIR's do > not keep > track of Arcnet addressing schemes because that is obsolete - the > Internet > has long grown beyond that numbering system. When IPv4 becomes > obsolete > the RIR's will have no business keeping track of IPv4 numbering > either. > The RIRs are not governing bodies. It amazes me that you are so thoroughly ignorant of the law. The governing bodies that govern what is or is not allowed on the highways are actual GOVERNMENTs. The RIRs are NOT GOVERNMENT. Further, you can take a horse and buggy onto an interstate highway. While you can't do it in most places, your blanket assertion does prove false if you look at Pennsylvania, parts of Ohio, and a number of other rural areas where the Interstate replaced earlier roads and would render places inaccessible to horse and buggy if they could not traverse said interstate. > Fundamentally I am saying let's make that policy right now. If you > believe > that 20% IPv6 adoption isn't sufficient enough to call IPv4 > obsolete, then > what about 40% IPv6 adoption? If that's not enough, what about 60% > adoption? > What does it matter? What's the point of calling IPv4 obsolete at the RIR level? When ISPs start derouting it, it will be obsolete for any meaningful definition. > Either you want the RIR's to keep track of IPv4 forever - in which > case > the legacy holders could simply choose to never adopt IPv6 and the > Internet > would be stuck in dual-stack mode forever - or you must agree that > at some > point the RIR's stop keeping track of it. If you do agree the > RIR's stop > keeping track of it at some point, then what conditions must exist > for that > point to be reached? > Doesn't matter. Eventually, the legacy holders won't be able to get an ISP to route their IPv4 addresses. Of course, they can continue to use them as 6to4 assignments in perpetuity, so, I suppose, we could argue that instead of tracking the IPv4 addignments, the RIRs should track them as 6to4 assignments, but, I don't really see any gain to that. Owen > Ted > >> Owen >> >> On Jul 3, 2007, at 2:37 PM, Ted Mittelstaedt wrote: >> >>> >>> Hi All, >>> >>> What do you all think of the following proposal idea: >>> >>> 1) When all unallocated IPv4 has been exhausted, the RIR's shall >>> review IP >>> utilization yearly and shall determine when >>> more than 20% of IPv4 holders are dual-stacked and advertising IPv6 >>> >>> 2) When the 20% point has been passed, all RIR's shall remove all >>> whois and reverse IP records for IPv4 blocks that are assigned to >>> organizations which have NOT signed an RSA with an RIR for that >>> space >>> >>> Legacy holders can sign an RSA at any point beyond this time and >>> gain whois and reverse assignment records back with an RIR >>> >>> 3) IPv4 space not recorded in an RIR shall be considered "Up for >>> Grabs" >>> No RIR shall assign it, and no RIR shall retain recording >>> assignments of it >>> except that which a legacy holder decides to bring under RSA. >>> >>> 4) "Up for Grabs" IP space will be usable by any organization >>> needing >>> IPv4 numbering. None of the RIR's will provide any sort of >>> mediation >>> between competing organizations wanting to use the same IPv4 space, >>> except for that provided for in #2 >>> >>> >>> Ted Mittelstaedt >>> _______________________________________________ >>> This message sent to you through the ARIN Public Policy Mailing List >>> (PPML at arin.net). >>> Manage your mailing list subscription at: >>> http://lists.arin.net/mailman/listinfo/ppml >> >> From dean at av8.com Thu Jul 5 14:37:40 2007 From: dean at av8.com (Dean Anderson) Date: Thu, 5 Jul 2007 14:37:40 -0400 (EDT) Subject: [ppml] Policy Proposal: Resource Reclamation Incentives In-Reply-To: Message-ID: On Tue, 3 Jul 2007, Ted Mittelstaedt wrote: > There are MANY national courts that make rulings against people and > companies, that are regularly ignored by those companies and people. > Everything from what's-his-name being considered a criminal in India for > publically kissing a girl, to Iran ruling that some other guy be > put to death for some book he published. And shall I get into the rulings > out of Germany that make it illegal to talk about Hitler and Naziism? > Which are ignored in the US routinely? You mean like French jurisdiction over Yahoo? (Yahoo lost, because it turned out that Yahoo can (and did) control what content went to France), or Chinese jurisdiction over Google (google complied) The laws of other countries aren't ignored: Americans don't bring pro-nazi literature to Germany. If they do, they will suffer the consequences. n Rushdie will be put to death if he returns to Iran, and so he doesn't go to Iran. Its hard to tell who "what's his name" is, since googling 'india kiss' returns a lot of scandals. Public kissing in India is against the law. Perhaps you mean Richard Gere, who said he was ignorant of the law, and apologized for the offense. Ignorance is never a defense. > A US court has no jurisdiction over North America. ARIN is not assigning > IP numbers for the US, they are assigning them for North America. Facts show otherwise, and it is rather pointless to argue law or policy with anarchists who think that no laws apply to them, and that no courts have jurisdiction. Indeed, I presume that one day the WTO will take up cases involving the Internet. However, juridiction in a world court doesn't preclude suit in a national, state, or local court with juridiction over one of the parties. --Dean -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000 From owen at delong.com Thu Jul 5 14:44:40 2007 From: owen at delong.com (Owen DeLong) Date: Thu, 5 Jul 2007 11:44:40 -0700 Subject: [ppml] Policy Proposal: Resource Reclamation Incentives In-Reply-To: <3c3e3fca0707051051p6d9de6d9v6d3abe4591ed2be@mail.gmail.com> References: <371EB4EE-C2FE-46CD-BAF9-DB35937B572A@delong.com> <3c3e3fca0707051051p6d9de6d9v6d3abe4591ed2be@mail.gmail.com> Message-ID: <72918365-6104-45D6-90EC-94F6CDD8EB5D@delong.com> On Jul 5, 2007, at 10:51 AM, William Herrin wrote: > On 6/28/07, Owen DeLong wrote: >> Here's an attempt to partially drain the swamp and create some >> incentives >> for legacy holders to both return available IPv4 space and start >> using >> IPv6. > > Owen, > > I don't object to your proposal but I question its value. > > I'm a legacy registrant with a /23 down in the swamp and until a > couple years ago I was the lead engineer for a registrant holding two > legacy /18's. The policy offered by your proposal does not appeal to > me in either role. > OK... As the /23 holder, you're really not the target. > As a /23 holder, why should I return the /23 or part of it (a /24)? I > pay ARIN nothing now so a fee waiver is meaningless. A full fee waiver > for the initial assignment of an IPv6 block might be nice but I'd want > a more definite statement than "if you qualify" before both making the > effort to apply and turning in IPv4 addresses. > ARIN has no way to determine if you qualify for an IPv6 assignment before you apply for one. However, when you applied, the only thing you would be obliged to is filling out the template and emailing it. If you didn't qualify, it would end there unless you choose to pursue it further. If you do qualify (either initially or after further effort), then, you would have the OPTION of taking an election under my policy to receive the IPv6 space for free (for 5 years) by bringing your IPv4 space (and ASN(s)) under RSA. > As the engineer for the /18s registrant, I recognize that renumbering > folks out of part of that space is a major undertaking. It will cost > me many thousands of dollars of manpower and will impose additional > and unexpected engineering costs on my customers leading some to > reconsider their service contracts. > Depends. If you're sparse-allocated all over the /18s, then, you're right. If, OTOH, like many of the legacy /8s out there, you have vacant /20s all over the place, then, there's virtually no cost to returning them. > Even if I approach it opportunistically and just don't reallocate > space in a particular part of the block when old customers depart, I > fail to see how giving up precious IPv4 space (and doubly-precious > fee-free legacy space) could possibly be compensated by saving a > pittance on my new IPv6 block. > And lots of people will probably feel that way. Obviously, there will be no value to this proposal in those cases. However, some people will actually choose to do what is best for the community if they can do it without taking on significant additional risk or cost to themselves in the process. > It just doesn't make good business sense. > Community minded action rarely makes good business sense from the perspective you are approaching this with. > I don't want to be the kind of guy who just says, "No!" so what would > it take to get me to sign an RSA, turn in part of my space or both? > > Before I'd step forward with my legacy registration and either sign an > RSA or give back part of it, at least one of two things would have to > be true: > > 1. I'd have to realize some appreciable gain for my activity, to > offset the loss. > > What if, for example, I could trade up to a /48 of IPv6 addresses with > no initial assignment fee and no justification for each /24 of IPv4 > addresses I turn in with the requirements that I also place any > retained IPv4 addresses under the RSA and that do so no later than > 12/31/2008? Now you have a real enticement. I can get something > cheaply now that may not be available later at any price but I have to > behave in a way that meaningfully benefits the community to get it. > I'm already offering you pretty close to that. The barrier to qualifying for IPv6 space has been reduced to the same requirements as IPv4 space has today. So, if you are multihomed and have 500 or more hosts, you can get portable IPv6 space. It does not make sense to me to hand out a /48 for every /24 returned. Each /48 is 65,536 subnets. There's no way to carve a /24 up into more than 256 unique subnets, and, to do that, you have to make it into /32s. Even if you go with point-to-point link numbering, you're maximum number of subnets from a /24 is 64 /30s. Why should we trade you 1024:1? If you have a need for more than a /48, you can easily justify it. If you are an ISP and would be issuing /48s to other organizations, you can easily get a /32. Other than that and the "lack of justification", you haven't presented anything my proposal doesn't already offer. Best of all, you can actually "justify" and see if ARIN accepts your justification _BEFORE_ making any commitment. > > 2. My action would have to REDUCE future uncertainty about the status > of my registration. > > At present, ARIN guarantees that legacy assignments will be managed > under the policies then active while assignments under the RSA are > subject to whatever policies we folks here on ppml can convince the > board to implement. Thus signing an RSA and undertaking related > activities would serve to INCREASE my uncertainty around continued > holding of the address space. > I'm not sure about that original guarantee. While I think that ARIN is obliged to exactly that, there are a number of people with different opinions, and, the angry mob mentality will only get worse as IPv4 free space exhaustion gets closer. > On the other hand, I presently have no contractual rights associated > with my legacy registration. Any rights I might have had expired with > the implied contract with Network Solutions when they quit the IP > registry business. ARIN has chosen to obligate itself to maintain that > registration, but if they reinterpret that obligation to my > disadvantage I might not even have standing to sue. > IANAL, but, the way I interpret the situation, you would not be able to sue ARIN for dropping your WHOIS record(s) or your IN-ADDR delegations, but, you'd probably have a pretty good case if they issued any of your resources to a third party or encouraged the use of any of your resources by third parties. > If I could sign a modified RSA that contractually obligated both ARIN > and I to follow the policies in place today but exempted me from any > future policy until such a time as I found it advantageous to accept > the regular RSA, that might well REDUCE the uncertainty associated > with my registration. As a legacy registrant, I would at least find it > worth considering. > Understood. There is effort being expended on exploring ideas like this, but, that effort is not yet ready to be brought out into public light. Thanks for your input. I'd really like to continue the discussion on section one of your response above as I think we are much closer together and that perhaps some tweaking on both sides would facilitate a more attractive proposal and acquire your support. Owen From michael.dillon at bt.com Thu Jul 5 14:54:37 2007 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Thu, 5 Jul 2007 19:54:37 +0100 Subject: [ppml] IPv4 "Up For Grabs" proposal In-Reply-To: <014a01c7bf2e$4e589ee0$1efc5dd8@HCMC.local> References: <014a01c7bf2e$4e589ee0$1efc5dd8@HCMC.local> Message-ID: > If you want your policy proposal to have any chance of > consideration, you will have better luck submitting such > proposal to the NRO for global adoption and provide input to > the IANA. Ignorantly assuming that somehow legacy holders > are ARIN responsibility just because they are in ARIN region > is not helpful. Technically, if you want a global policy, you have to get the same wording accepted in all 5 RIRs. Therefore ARIN is a reasonable place to start. But, since the ARIN region has the most legacy allocations, ARIN is absolutely the right place to introduce it. Any wording that gets accepted here will likely be rubber-stamped by the other 4 regions with few legacy holders in them. > to ensure that their customers and majority of Internet > public as whole can get to their services -- which means, > they will be the ones responsible for dual-stacking, MPLS with 6PE is another way to go. Even just running Teredo services or 6to4 relays are a good first step for many ISPs. There are many paths to IPv6. > not you > (which by the way you still haven't even received your IPv6 > block from ARIN, why are you even advocating crazy rules when > you don't even care about IPv6?) or anyone else. Aside from the abusive language, this forum is for people not companies. Typically, companies will apply for allocations and implement IPv6, not the PEOPLE who participate in this forum. -- Michael Dillon From tedm at ipinc.net Thu Jul 5 15:21:48 2007 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Thu, 5 Jul 2007 12:21:48 -0700 Subject: [ppml] IPv4 "Up For Grabs" proposal In-Reply-To: <6eb799ab0707050555k18e4a4d5wb6d9f1949fb1b0d9@mail.gmail.com> Message-ID: >-----Original Message----- >From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net]On Behalf Of >James Hess >Sent: Thursday, July 05, 2007 5:55 AM >To: ARIN Address Policy >Subject: Re: [ppml] IPv4 "Up For Grabs" proposal > > >> 4) "Up for Grabs" IP space will be usable by any organization needing >> IPv4 numbering. None of the RIR's will provide any sort of mediation >> between competing organizations wanting to use the same IPv4 space, >> except for that provided for in #2 > >It's not that ARIN can't do that, it's that I don't think it makes >sense to do that. > >Essentially, I wonder how "no stewardship at all," by intending to >incite chaos >over some addresses, counts as responsible stewardship, as per >ARIN's mission. > Saying you aren't going to steward something doesen't mean your advocating chaos. > >However, in case the policy were implemented that way... > >Once random orgs start trying to pick at "up for grabs space", I worry >if there's >much to keep the up-for-grabbers away from doing the same, trying to >use space that was actually legitimately assigned by the current >registry, but >the org doesn't "think" is being used. > The same situation exists today. What prevents it is that most responsible networks don't allow end-node AS's to announce prefixes that are not listed in a registries database, and presumably responsible networks don't originate such advertisements. It is also important to keep in mind that one of these days IPv4 will be declared obsolete, and the RIR's will stop keeping track of it, at that point it will effectively be "up for grabs" >I expect ARIN could lose legitimacy not only with the legacy holders, >but a lot of >people out there, who rely on there not being total and utter >addressing chaos. > > >Recall.. ARIN/etc is not the actual mechanism that allows or disallows >an organization >from using address space. > Yes, it effectively is, because so many transit AS's rely on it to determine whether or not an advertisement is legitimate or not. >The registry itself can't prevent two determined parties from trying >to use the same >addresses, that is not the function of ARIN.; Only if they are both >registrants, can >it help, and that is only done only by making sure not to assign the >two registrants the >same addresses. > If 2 entities try to use the same space, and neither is listed in a record as being the owner, then both are going to have problems and no network is going to help them solve them (by erecting blocks or whatever) until one of the entites signs an RSA with an RIR and becomes the assigner of record for that space. Please reread my original post. I said that only legacy space where the legacy owner refused to sign an RSA for it would be "up for grabs" If the legacy owner does sign a RSA then the space is now allocated to them, and is no longer up for grabs. If another party tries using it then they will be frozen out by the network operators who can easily see that the space is allocated to the legacy holder now. > >Possibly, if providers found that ARIN said "anything goes" for the >legacy assignments, >the providers would just come up with their own ad-hoc rules to pick >up where ARIN left >a big hole. > Quite possible. Of course, the providers would certainly require the legacy holders to sign an RSA with the new entity that controls the legacy assignments, as well as pay for maintaining the records, so I don't see why any legacy holder would prefer to do it this way. Either they fund an RIR alternative or they fund the RIR, either way, the free ride is over. >I.E. some of the legacy registrants would become further solidified, >when their providers >develop ad-hoc filters to discard attempts by "rogue orgs" to announce >prefixes that >would be "up for grabs" according to ARIN >(rogue orgs being anything other than the legacy holder). > >Otherwise, the IP address would no longer be globally unique, making >it useless to everyone. Now all the legacy holders would suddenly >have a justifiable need for new addressing, they may even be able to >justify larger assignments than they had before. > >Exhaustion could occur even more quickly at that point. > OK let's be a little more specific, please. Your saying a legacy holder might abandon a legacy IPv4 assignment and sign an RSA for a new unsullied IPv4 assignment with a RIR? Why would they do this? The cost would be the same as if they just went ahead and signed an RSA for the legacy addresses they already are using, and they wouldn't have to renumber. > >ARIN only provides the service of assuring registrants that their >assignments are >unique among other registrants, which is a pre-requisite for their networks >being able to communicate with each other. > >It is providers themselves that respect whatever ARIN's registry >says a range >is assigned to. > >I think they know better than to accept "up for grabs". > >Either that means the addresses become useless, or the consequence >is the legacy >holder gets them permanently, even if the legacy holder later >decides to return >addresses, filters may remain in place all over the world. > >It's not hard to have chaos, but how can you have it one little range >of addresses >and really be assured of not have it all over the place? > We already have such a situation, as it's been already documented that spammers are using legacy IPv4 that is NOT advertised, advertising it themselves, and spamming from it. Ted From tedm at ipinc.net Thu Jul 5 15:24:39 2007 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Thu, 5 Jul 2007 12:24:39 -0700 Subject: [ppml] IPv4 "Up For Grabs" proposal In-Reply-To: Message-ID: >-----Original Message----- >From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net]On Behalf Of >McTim >Sent: Thursday, July 05, 2007 10:52 AM >To: ARIN PPML >Subject: Re: [ppml] IPv4 "Up For Grabs" proposal > > >On 7/4/07, Ted Mittelstaedt wrote: >> >> Hi All, >> >> What do you all think of the following proposal idea: > >I think it's asking for chaos. > The only chaos would be among legacy IPv4 assignments that the legacy holders refuse to sign an RSA for, and the legacy holders of such blocks could fix that easily by just signing an RSA. Ted From dean at av8.com Thu Jul 5 15:26:52 2007 From: dean at av8.com (Dean Anderson) Date: Thu, 5 Jul 2007 15:26:52 -0400 (EDT) Subject: [ppml] Policy Proposal: Resource Reclamation Incentives In-Reply-To: Message-ID: On Wed, 4 Jul 2007 michael.dillon at bt.com wrote: > > In any case, at some point we have to say enough is enough. We give > people the opportunity to play ball but when they refuse to come on > board, we have to act unilaterally. I believe that we are now at the > point, due to IPv4 exhaustion being so near, where we have to give > people ONE LAST CHANCE, and after that act unilaterally. I think it is rather funny that people argue on one hand to loosen IPv4 allocation policy, and on the other to tighten reclamation. Are you trying to create a artificial crisis? It seems to me that 'Resource Reclamation" is a policy in search of a problem to solve. When IPv4 runs out, people will use pure IPv6 and gateways to old IPv4. There is also a false dichotomy. IPv4 allocations are already automatically IPv6 allocations, so there is no need for anyone to exchange IPv4 for IPv6 [it would be kind of stupid, even]. An IPv4 address is automatically an IPv6 address. There is only a need to convert V4 wire protocols to V6 wire protocols. Address translation is defined from IPv6->IPv4. Traditional NAT is only needed for the return path (IPv4 -> IPv6). This is not an terribbly difficult problem, and becomes easier as more ISPs are native IPv6. And I think paths over native IPv6 (e.g. IPv4 - IPv6 - IPv4) should be transparent. So, there is no need for any unilateral actions for IPv4. There may be some need for some software/hardware for the V4-V6 gateways, but that isn't anything ARIN can fix. These gateways might not be easy, but that difficulty isn't ARIN's problem, either. I think the real issue and motivation is the size of the routing table. Some companies have always filtered /24s and anything smaller than /16 from classB nets, etc. They did this to reduce their table size. But IPv4 resource reclamation won't solve that problem for more than a few months, while people get IPv6 allocations, which take up even more space per route, so this is a very shortsighted and contentious policy. The recent example of running out of RFC1918 space on cable modems is solved by using IPv6 space, behind a traditional NAT. Again, software/hardware, not policy changes, is required. > We won't be acting arbitrarily because ARIN is an open organization > and any actions will be discussed openly until we come to a consenus. > This is our strength and I believe that when ARIN finally does act, it > won't polarize anthing and will not create a mess. Wasn't it claimed that the IETF/ISOC would be fair, open, and consensus based? And before that, Nanog claimed to be open and consensus based. Yet both organizations have created false consensus by dirty tricks such as blatantly lying about the consensus results, or creating false consensus by silencing the opposition, or acting in conflict of interest upto and including frauds. These aren't really very fair or very open, or very honest. None of what they did in those cases was in the public interest. And you (Dillon) participated in both organizations without objection to blatant dishonesty and unfairness, so I have to wonder about your assurance of a "fair and open" process. If past experience is any guide to what you apparently consider "fair and open", then I have to conclude that we should all be very worried. Examples of IETF/ISOC and Nanog misbehavior are available, and some have previously been cited. --Dean From mksmith at adhost.com Thu Jul 5 15:47:39 2007 From: mksmith at adhost.com (Michael K. Smith - Adhost) Date: Thu, 5 Jul 2007 12:47:39 -0700 Subject: [ppml] Policy Proposal: Resource Reclamation Incentives In-Reply-To: <72918365-6104-45D6-90EC-94F6CDD8EB5D@delong.com> References: <371EB4EE-C2FE-46CD-BAF9-DB35937B572A@delong.com><3c3e3fca0707051051p6d9de6d9v6d3abe4591ed2be@mail.gmail.com> <72918365-6104-45D6-90EC-94F6CDD8EB5D@delong.com> Message-ID: <17838240D9A5544AAA5FF95F8D520316022AC514@ad-exh01.adhost.lan> > -----Original Message----- > From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On Behalf Of > Owen DeLong > Sent: Thursday, July 05, 2007 11:45 AM > To: William Herrin > Cc: ARIN Address Policy > Subject: Re: [ppml] Policy Proposal: Resource Reclamation Incentives > > > On Jul 5, 2007, at 10:51 AM, William Herrin wrote: > > > On 6/28/07, Owen DeLong wrote: > >> Here's an attempt to partially drain the swamp and create some > >> incentives > >> for legacy holders to both return available IPv4 space and start > >> using > >> IPv6. > > > > Owen, > > > > I don't object to your proposal but I question its value. > > > > I'm a legacy registrant with a /23 down in the swamp and until a > > couple years ago I was the lead engineer for a registrant holding two > > legacy /18's. The policy offered by your proposal does not appeal to > > me in either role. > > > OK... As the /23 holder, you're really not the target. > > > As a /23 holder, why should I return the /23 or part of it (a /24)? I > > pay ARIN nothing now so a fee waiver is meaningless. A full fee > waiver > > for the initial assignment of an IPv6 block might be nice but I'd > want > > a more definite statement than "if you qualify" before both making > the > > effort to apply and turning in IPv4 addresses. > > > ARIN has no way to determine if you qualify for an IPv6 assignment > before you apply for one. However, when you applied, the only > thing you would be obliged to is filling out the template and emailing > it. If you didn't qualify, it would end there unless you choose to > pursue it further. If you do qualify (either initially or after > further > effort), then, you would have the OPTION of taking an election under > my policy to receive the IPv6 space for free (for 5 years) by bringing > your IPv4 space (and ASN(s)) under RSA. That's an interesting point. It sounds to me as if the ultimate depletion of IPv4 space is not going to be put off to any great degree by reclaiming the old swamp space. And, ARIN has guidelines for acquiring new space based upon need/justification as defined by previous allocations. If it's true that reclamation is not going to help us to any great degree, why not focus our efforts on writing language to allow entities to use swamp space as justification for IPv6 allocations, but not provide any particular incentives beyond that? As someone said on another list, (paraphrased) it's up to the entity to decide their own routing policies. If they want to continue to run Token Ring/AppleTalk/IPv4 then that's their prerogative. If they are interested in running IPv6 then they should fall under the same guidelines as everyone else who is allocated space from ARIN (or whatever RIR they choose). If ARIN wants to "be nice" and help those entities get IPv6 space by allowing them to justify their allocation using their swamp space then I'm in favor of it. I'm not in favor of any continuation of the ambiguities the swamp-holders enjoy/suffer. Regards, Michael K. Smith mksmith at adhost.com (work) mksmith at mac.com (!work) From tedm at ipinc.net Thu Jul 5 16:09:12 2007 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Thu, 5 Jul 2007 13:09:12 -0700 Subject: [ppml] IPv4 "Up For Grabs" proposal In-Reply-To: <014a01c7bf2e$4e589ee0$1efc5dd8@HCMC.local> Message-ID: >-----Original Message----- >From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net]On Behalf Of >James Jun >Sent: Thursday, July 05, 2007 11:00 AM >To: 'ARIN PPML' >Subject: Re: [ppml] IPv4 "Up For Grabs" proposal > > >> Either you want the RIR's to keep track of IPv4 forever > >You are confused. RIR's keep track of their subscriber numbering resources >(in IPv4 and IPv6). Legacy owners who are not members of the RIR >are beyond >the scope of RIR responsibility. > Let me demonstrate: # whois -h whois.arin.net 199.248.255.0 OrgName: Leatherman Tool Group, Inc OrgID: LTG Address: 12106 NE Ainsworth Circle City: Portland StateProv: OR PostalCode: 97220 Country: US NetRange: 199.248.255.0 - 199.248.255.255 CIDR: 199.248.255.0/24 NetName: LEATHERMAN NetHandle: NET-199-248-255-0-1 Parent: NET-199-0-0-0-0 NetType: Direct Assignment NameServer: NS.FTA.COM NameServer: NS01.SAVVIS.NET Comment: RegDate: 1994-10-11 Updated: 2004-05-05 RTechHandle: BCO-ARIN RTechName: O'Brien, Byron RTechPhone: +1-503-546-9929 RTechEmail: hostmaster at hcorp.com # ARIN WHOIS database, last updated 2007-07-04 19:10 # Enter ? for additional hints on searching ARIN's WHOIS database. news# I guarenteee to you that Leatherman Tool Group IS NOT paying ARIN a dime, has NEVER paid them a dime. Yet, ARIN is still tracking this so ARIN obviously considers this legacy holder still their responsibility. >If you want your policy proposal to have any chance of consideration, you >will have better luck submitting such proposal to the NRO for global >adoption and provide input to the IANA. Ignorantly assuming that somehow >legacy holders are ARIN responsibility just because they are in ARIN region >is not helpful. > > > >> - in which case >> the legacy holders could simply choose to never adopt IPv6 and the >> Internet >> would be stuck in dual-stack mode forever > >Who cares if they choose to not adopt IPv6? People can continue to run >Arcnet and Token Ring as long as they have a need to, same goes for >IPv4->IPv6. It is *their* responsibility as operator of their own network >to ensure that their customers and majority of Internet public as whole can >get to their services -- which means, they will be the ones responsible for >dual-stacking, not you No, sorry it does not work that way. The reason is that when "their" customers cannot connect to a service one of my customers is fielding, their customer may in fact complain to them, but my customer is going to complain to me also. If I want to retain my customer I'm going to have to do whatever it takes to allow the legacy network to connect to me, because there's always another ISP somewhere that will claim they will allow my customer to service the customer on the legacy network. (even if it isn't true) By the time my customer finds the truth out he's left me and gone to the other ISP (and probably left that ISP and gone to yet another one) The same thing happened when Verizon.net started doing their "caller ID call-back" e-mail which is definitely NOT compliant to the RFCs. WE had to change to be compliant with them, even though they were the ones breaking the rules, because customers don't care who is right, they just want you to "fix it" and they don't care that your fix might be the wrong thing to do. >(which by the way you still haven't even received >your IPv6 block from ARIN, why are you even advocating crazy rules when you >don't even care about IPv6?) or anyone else. > Letting legacy holders get away witout funding the RIR that tracks them is in my opinion, far crazier than any rules I've proposed. Yet, you accept it. > > >> - or you must agree that at some >> point the RIR's stop keeping track of it. If you do agree the RIR's stop >> keeping track of it at some point, then what conditions must exist for >> that >> point to be reached? > >RIR's are already not keeping track of legacy holders, simply because they >are not members controlled by the RIR. Wrong, as I illustrated above. Ted From james at towardex.com Thu Jul 5 16:32:36 2007 From: james at towardex.com (James Jun) Date: Thu, 5 Jul 2007 16:32:36 -0400 Subject: [ppml] IPv4 "Up For Grabs" proposal In-Reply-To: References: <014a01c7bf2e$4e589ee0$1efc5dd8@HCMC.local> Message-ID: <016b01c7bf43$adff4410$1efc5dd8@HCMC.local> [ snip ] > > I guarenteee to you that Leatherman Tool Group IS NOT paying ARIN a dime, > has NEVER paid them a dime. Yet, ARIN is still tracking this so ARIN > obviously considers this legacy holder still their responsibility. Yes, I am well aware of ARIN keeping whois record of all legacy holders in their service region (likewise, 17.0.0.0/8, 3.0.0.0/8, etc, we can spend the whole summer discussing this string by string and argue over how fast the moon moves and etc). But you advocate that it is ARIN's responsibility: no, other than maintaining whois records, it is not, and that is my point in my previous email. ARIN policies do not apply, unless legacy holders voluntarily want ARIN policies to apply over them. > > No, sorry it does not work that way. The reason is that when "their" > customers > cannot connect to a service one of my customers is fielding, their > customer > may in fact complain to them, but my customer is going to complain to me > also. If I want to retain my customer I'm going to have to do whatever it > takes > to allow the legacy network to connect to me, because there's always > another > ISP somewhere that will claim they will allow my customer to service the > customer on the legacy network. (even if it isn't true) That's a moot argument. You can enable IPv6 and IPv4 on your network and figure out dualstacking migration like other ISP's are doing (heck, even most "Tier-1" ISP's and many large access carriers are working toward a solution now, number of big guys already offering production class service already). After you enable it, your customers can suddenly talk to both worlds until much of the Internet moves over to IPv6, which you can then turn off IPv4. And reduced-cost transition mechanisms are continued to be worked on at IETF and other forums, such as Teredo, and that original PT-NAT idea back in the days was pretty cool too. Are you advocating that you are going to sue Apple for deprecating support for AppleTalk in recent Mac OS X series, because your network continues to use old AppleTalk protocol and you're hell bent on keeping it? How about move on like everyone else has, to TCP/IP, in order to support Apple share volumes? We can play this game all day long, citing specific scenarios that all of us encounter on a daily basis to counter-argue each other. So please, get on with the program. Technology changes, market adopts, and there's always something in life called marginal cost of doing business. IPv4->IPv6 transition is costly but it is manageable and acceptable by much of the Internet community, especially with hard work being put forth on transition technologies. If you want to create chaos because you are so lazy to transition your network to IPv6, then I am sorry that there isn't much that people can do for you. > Letting legacy holders get away witout funding the RIR that tracks them is > in my opinion, far crazier than any rules I've proposed. Yet, you accept > it. Because legacy holders got their IP space before ARIN existed, thus RSA and ARIN policies do not apply to them. Since when did ARIN become a government body? I mean do we really need a lawyer to figure this out? James From tedm at ipinc.net Thu Jul 5 16:53:39 2007 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Thu, 5 Jul 2007 13:53:39 -0700 Subject: [ppml] IPv4 "Up For Grabs" proposal In-Reply-To: <3889FEE9-5D5B-4BEA-A716-216F9DAB54D7@delong.com> Message-ID: >-----Original Message----- >From: Owen DeLong [mailto:owen at delong.com] >Sent: Thursday, July 05, 2007 11:30 AM >To: Ted Mittelstaedt >Cc: ARIN PPML >Subject: Re: [ppml] IPv4 "Up For Grabs" proposal > >> >> So you are saying that legacy holders boycotting the RSA is a good >> thing? > >No. I'm saying that launching a denial of service attack against >them is an >even worse thing. > And I'm not advocating that. > >> >> Oh I forgot, you were advocating that >> legacy holders don't even have to sign an RSA to get IPv6. >> >Please show me one place where I have advocated such a thing. >I have never advocated that and your accusations here are baseless >and misleading at best. I already e-mailed you this off list, maybe you didn't read it: In your proposal: "... 1. If the organization does not currently pay ARIN fees, they shall remain fee exempt...." You didn't say "fee exempt for a certain amount of time", nor did you say "does not currently pay ARIN IPv4 fees they shall remain fee exempt for IPv4 only" both of which would have closed a huge hole. > >Hardly. I just want to recognize what is and isn't possible and do the >best we can with the situation we have. There really is little point in >wasting the monumental amount of effort and capital that it would take >to (probably fail in the) attempt to revoke legacy IPv4 resources. How does the RIR's ceasing to track IPv4 that isn't under an RSA with them post-IPv4 runout constitute a revoking of IPv4? >By the time all the court battles were done, the reclamation of >legacy IPv4 resources would probably not be of substantial benefit >to the community. > This isn't about reclamation. This is about getting people that aren't paying IPv4 fees to an RIR, out of the tracking system once IPv4 runout has happened and a significant number of orgs have switched to IPv6. Specifically, my suggestion wouldn't even take place until IPv4 was effectively useless for new assignments - even if it was available. >Marking the addresses as "up for grabs" and having a policy discussion >on record describing "up for grabs" the way you already have would >certainly hold up as "encouraging". > Except that this isn't a policy discussion since no policy has been proposed and your not even discussing the items in the post anyway. >Actually, besides the RIRs there are a number of other resources that >track these, including, but, not limited to completewhois. > So go join the fringe at http://www.opennic.unrated.net/ and quit bothering the rest of us. How many ISP's do they have now? 7? 8? If you really thought that someone else tracking these was a serious problem you wouldn't be using that as an argument, because since an alterantive would be available, it would make what the RIR's did a non-issue. The only reason your bringing it up is because you know it's a bogus argument. > >The RIRs are not governing bodies. It amazes me that you are so >thoroughly >ignorant of the law. The governing bodies that govern what is or is >not allowed >on the highways are actual GOVERNMENTs. The RIRs are NOT GOVERNMENT. Yup - and so, what requirement does an RIR have to continue to record a legacy assignment? They have no contract and as you point out they aren't a government, so why do they have to keep doing it? >Further, you can take a horse and buggy onto an interstate highway. >While you >can't do it in most places, your blanket assertion does prove false >if you look >at Pennsylvania, parts of Ohio, and a number of other rural areas >where the >Interstate replaced earlier roads and would render places >inaccessible to >horse and buggy if they could not traverse said interstate. http://www.commonsensei69.org/damage.htm "...Because the Amish travel only by horse-and-buggy, they cannot travel on or across interstate highways..." >> Fundamentally I am saying let's make that policy right now. If you >> believe >> that 20% IPv6 adoption isn't sufficient enough to call IPv4 >> obsolete, then >> what about 40% IPv6 adoption? If that's not enough, what about 60% >> adoption? >> >What does it matter? What's the point of calling IPv4 obsolete at >the RIR >level? When ISPs start derouting it, it will be obsolete for any >meaningful >definition. > That is nothing more than setting up circular logic. As long as the RIR's track IPv4, those assignments are official, and anyone who has one can claim that an ISP cannot deroute it. (you claim they can file a court injunctions over this kind of thing, well there you go) So the ISP's aren't going to deroute them. Your saying the RIR's aren't going to consider the assignments obsolete until the ISP's start derouting them. Until they consider them obsolete they will still track them. So in summary, the RIR's will never stop tracking them and the ISPs will never stop routing them. So explain why again that a legacy holder who pays no fees to an RIR for IPv4 would choose to go to IPv6 and start paying fees? >> >Doesn't matter. Eventually, the legacy holders won't be able to get >an ISP >to route their IPv4 addresses. Then why are you so opposed to setting a date in advance that we will all say this is going to happen? If it doesen't matter, then why argue against this? Sounds to me like the boyfriend objecting to his girlfriend visiting churches and looking at wedding packages, while at the same time insisting that he's going to marry her... eventually. Ted From dogwallah at gmail.com Thu Jul 5 16:58:37 2007 From: dogwallah at gmail.com (McTim) Date: Thu, 5 Jul 2007 23:58:37 +0300 Subject: [ppml] IPv4 "Up For Grabs" proposal In-Reply-To: References: Message-ID: On 7/5/07, Ted Mittelstaedt wrote: > > The only chaos would be among legacy IPv4 assignments patently false, chaos would ensue for all. "legacy" space holders, "grabbers", and everyone who has to decide whom to listen to when these blocks are announced. > that the legacy holders refuse to sign an RSA for, they don't need to, see slide 9 on the link that Randy sent in a different thread. >and the legacy > holders of such blocks could fix that easily by just signing an > RSA. > If they haven't yet, they probably won't. It doesn't look like you'll get consensus on this one. -- Cheers, McTim $ whois -h whois.afrinic.net mctim From randy at psg.com Thu Jul 5 16:59:18 2007 From: randy at psg.com (Randy Bush) Date: Thu, 05 Jul 2007 10:59:18 -1000 Subject: [ppml] IPv4 "Up For Grabs" proposal In-Reply-To: References: Message-ID: <468D5BA6.90600@psg.com> > Obviously people like you won't learn anything until your face is rubbed > in it. As I kind of expected. So, I'll wait - and a decade from now when > IPv4 runout is a dim memory and everyone is bemoaning how the major > networks still haven't switched over, then perhaps you will learn then. clue, oh mature one: i work for the first isp on the bleeping planet to provide ipv6. randy From dean at av8.com Thu Jul 5 17:03:23 2007 From: dean at av8.com (Dean Anderson) Date: Thu, 5 Jul 2007 17:03:23 -0400 (EDT) Subject: [ppml] Policy Proposal: Resource Reclamation Incentives In-Reply-To: Message-ID: I've just reviewed the clarification order. There are some problems. I note that ASN 11083 (block 5 on Kremen's documents) was under ARIN's control in 2001. ARIN transferred this block to LACNIC in 2002, _while_ it was under order to transfer it to Kremen. Plzak's statement that it isn't under ARIN's control really should be challenged. I note that ASN's 11082 and 11084 are still in ARIN's hands, so this wasn't simply swept up in a larger block of numbers, but was individually transfered in _spite_ of the court order. Well, that's snarky: transfer it to LACNIC so it can't be given to Kremen. There is a legal term for that, I think. The Court should be informed of this. The transfer to LACNIC really should be invalidated. The court says "Kremen may sign his choice of (1) RSA mirroring the terms and conditions of ARIN's agreement with Cohen (RSA 2);" RSA 2 would be the legacy form. (Essentially, nothing but the name and address). So, ARIN should just change the name and address, as Kremen requests. While the court found that 2 blocks don't have to be transfered (AS11083 and an IP block belonging to UUnet apparently just used by Cohen), Kremen won again: ARIN has to give Cohen's legacy terms to Kremen, if Kremen wants them (and he does). Yet, ARIN still refuses to comply, and by its refusal, harms Kremen further. ARIN knows that it ultimately has no choice but to comply. Its dispute is not based on any principle but on obstinance. Just like Exactis v. MAPS, where MAPS lawyer was chastised for coming to court the frivolous claim that the First Amendment permitted violation of the Sherman Act and extortion, etc. It is perhaps telling that Paul Vixie is involved in both of these two frivolous disputes. (Vixie was CEO of MAPS, and is a board member of ARIN) There is no policy or principle that is being defended by ARIN. Neither Kremen, nor the Court, are demanding any policy change on ARIN. ARIN just has to do for Kremen exactly what it did for Cohen. ARIN's continued dispute and refusal is just frivolous. Therefore, greater penalties on ARIN are very appropriate. That is a proper and just result, to everyone but the anarchists. More inline. On Wed, 4 Jul 2007 michael.dillon at bt.com wrote: > > (Search for RYAN to find his words) > ----- > We received the order approximately two years after it had been issued. The court found otherwise, and found that Kremen had been negotiating with ARIN for 5 years between 2001 and 2006. > It was provided to us in a formal way, and Mr. Kremen asked us to obey > the order. That is, to revoke the IP resources that were held by Mr. > Cohen and transfer them to Mr. Kremen. We agreed to do so, so long as > Mr. Kremen would do what all of you have done since ARIN began in 1998, > which is apply for the resources and sign the normal RSA. In fact, and the court held, Mr. Kremen can't be held standards that didn't apply to Mr. Cohen, and don't apply to other legacy holders. If Cohen didn't sign a current RSA, neither should Kremen. The court cites 3 RSAs (at Kremen's choice) that are appropriate. The Court included the one Kremen has wanted: the legacy agreement. ARIN wants Kremen to agree to _new_ terms, and ARIN's lawyer incorrectly describes Kremen's as not wanting to agree to _any_ terms. The court has repeatedly, now, said that ARIN has to give Kremen the same terms it gave Cohen (the legacy terms: basically, name and address). ARIN is refusing to do that. > Mr. Kremen refused to do that and has refused to the current date. His > theory is that he doesn't have to do that because he has a court > order, and our theory is that we have a certain set of rules and > requirements, and that you have to obey the rules and requirements of > the community, and we don't read the court order as giving Mr. Kremen > a permanent pass from the rules that all of you obey. ... We revoked > resources that were held by Mr. Cohen or his associates that were > covered by the 2001 order when they were not paid for. In other words, > by our own processes, we were very aggressively trying to recover > these resources so that they weren't out there. ... ARIN can't claim that _Cohen_ didn't pay on the block after 2001, because thats during the dispute. The 'payment' argument was already rejected, by the way. > First, we've gone back to the court and said that the court in its > 2001 order ought to consider modifying the order to make it clear that > Mr. Kremen, like everyone else, has to sign an RSA and has to pay for > the resources in the future. ... One is that Mr. Kremen is a legacy > address holder. He has legacy address blocks. ----- No such formal agreement was ever required of legacy holders. Nor is any such agreement even now required of _current_ legacy holders. Current legacy holders have never signed a formal RSA, just the legacy registration form, so there is no justification to force Kremen to do more. This is the basis of Kremen's suit, and Kremen has won repeatedly. What's more, its all a waste of ARIN resources to fight this. There is no principle to be found here for ARIN. (except the principle of anarchy and not submitting to court orders, which many people here do advocate, but which isn't going to be useful in court) ARIN can perform immediately: It can record Kremen as a legacy holder in 30 seconds, if it chooses to do so. Its been ordered to make Kremen a legacy holder. There is no justification for disobeying the court. > It's all about an open and level playing field. On that, we agree. -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000 From tedm at ipinc.net Thu Jul 5 17:08:19 2007 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Thu, 5 Jul 2007 14:08:19 -0700 Subject: [ppml] IPv4 "Up For Grabs" proposal In-Reply-To: <016b01c7bf43$adff4410$1efc5dd8@HCMC.local> Message-ID: >-----Original Message----- >From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net]On Behalf Of >James Jun >Sent: Thursday, July 05, 2007 1:33 PM >To: 'ARIN PPML' >Subject: Re: [ppml] IPv4 "Up For Grabs" proposal > > >Yes, I am well aware of ARIN keeping whois record of all legacy holders in >their service region (likewise, 17.0.0.0/8, 3.0.0.0/8, etc, we can >spend the >whole summer discussing this string by string and argue over how fast the >moon moves and etc). > >But you advocate that it is ARIN's responsibility: no, other than >maintaining whois records, it is not, and that is my point in my previous >email. ARIN policies do not apply, unless legacy holders voluntarily want >ARIN policies to apply over them. > OK, then how exactly is this fact an argument AGAINST arin simply removing these records out of it's whois? Which is what I am suggesting? >After you enable it, your customers can suddenly talk to both >worlds until much of the Internet moves over to IPv6, which you can then >turn off IPv4. No, I can't. I think you missed the point. As long as someone out there on the Internet is uing ONLY IPv4, then I'm not going to be able to turn off dual stacking if one of my customers wants to talk to them or wants them to talk to my customer. There is none of this "much of" you seem to think exists. I can argue with my customer that "much of" the Internet is now single IPv6 stacked and his coorespondent on the IPv4-only network is who is the problem - that will go over like a lead balloon, my customer will just go to some other ISP. And most likely it will be a legacy ISP with a block they have that they aren't paying for. And if you really honestly believe this then tell me what ratio of dual-stack to single-IPv4 stack constitutes "much of" and I'll adjust my suggestion accordingly. Of course you will probably then argue it's irrelevant and still shouldn't be done. Face it, in summary, you don't want IPv4 shut off by any overt action, you just want to do nothing and your assuming that somehow it will just stop being used by itself. That isn't realistic. > >Are you advocating that you are going to sue Apple for deprecating support >for AppleTalk in recent Mac OS X series, because your network continues to >use old AppleTalk protocol and you're hell bent on keeping it? No, the opposite. I'm arguing that Apple SHOULD deprecate support for Appletalk to try to get people to switch away from it. ARIN and the RIR's SHOULD deprecate support for the non-paying legacy IPv4 blocks to try to get the legacy holders to either sign an RSA for their IPv4 or go to IPv6. >How about >move on like everyone else has, to TCP/IP, in order to support Apple share >volumes? EXACTLY, how about having the legacy IPv4 holders move on to IPv6 and just give up their IPv4 ranges? >transition technologies. If you want to create chaos because you are so >lazy to transition your network to IPv6, then I am sorry that there isn't >much that people can do for you. > Please continue to shout that to every legacy IPv4 holder out there, I think they need to hear it. > >> Letting legacy holders get away witout funding the RIR that >tracks them is >> in my opinion, far crazier than any rules I've proposed. Yet, you accept >> it. > >Because legacy holders got their IP space before ARIN existed, thus RSA and >ARIN policies do not apply to them. Then ARIN should simply ignore them, remove all records of who the legacy blocks are owned by, and not make assignments out of those ranges. As you say, the RSA and ARIN policies don't apply to them. Ted From stephen at sprunk.org Thu Jul 5 16:41:08 2007 From: stephen at sprunk.org (Stephen Sprunk) Date: Thu, 5 Jul 2007 15:41:08 -0500 Subject: [ppml] Policy Proposal: Resource Reclamation Incentives References: <371EB4EE-C2FE-46CD-BAF9-DB35937B572A@delong.com><3c3e3fca0707051051p6d9de6d9v6d3abe4591ed2be@mail.gmail.com><72918365-6104-45D6-90EC-94F6CDD8EB5D@delong.com> <17838240D9A5544AAA5FF95F8D520316022AC514@ad-exh01.adhost.lan> Message-ID: <06de01c7bf48$d56931a0$6701a8c0@atlanta.polycom.com> Thus spake "Michael K. Smith - Adhost" > That's an interesting point. It sounds to me as if the ultimate > depletion of IPv4 space is not going to be put off to any great > degree by reclaiming the old swamp space. Projections say it'll buy us six months. Even if it's year or two, that's still of dubious benefit in the long run. > And, ARIN has guidelines for acquiring new space based > upon need/justification as defined by previous allocations. > If it's true that reclamation is not going to help us to any great > degree, why not focus our efforts on writing language to > allow entities to use swamp space as justification for IPv6 > allocations, but not provide any particular incentives beyond > that? That's how things work for v4, but it's not how things work for v6. As it stands, all one needs for a v6 allocation is to be an "existing, known ISP" or have a plan to make 200 assignments, and all one needs for a v6 assignment is to qualify for a v4 assignment. Presumably, anyone with v4 swamp space already meets the relevant standard, so what needs to be changed? Can you provide an example of someone with v4 swamp space who _isn't_ elligible for v6 space already but should be? S Stephen Sprunk "Those people who think they know everything CCIE #3723 are a great annoyance to those of us who do." K5SSS --Isaac Asimov From tedm at ipinc.net Thu Jul 5 17:15:59 2007 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Thu, 5 Jul 2007 14:15:59 -0700 Subject: [ppml] IPv4 "Up For Grabs" proposal In-Reply-To: Message-ID: >-----Original Message----- >From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net]On Behalf Of >McTim >Sent: Thursday, July 05, 2007 1:59 PM >To: ARIN PPML >Subject: Re: [ppml] IPv4 "Up For Grabs" proposal > > >On 7/5/07, Ted Mittelstaedt wrote: > >> >> The only chaos would be among legacy IPv4 assignments > >patently false, chaos would ensue for all. "legacy" space holders, >"grabbers", and everyone who has to decide whom to listen to when >these blocks are announced. > Why, all they have to do is look and see if the block is registered in an RIR. > >If they haven't yet, they probably won't. It doesn't look like you'll >get consensus on this one. If there is no consensus on what to do with the IPv4 blocks held by the legacy holders after 20% of the Internet has become IPv6 only, then there is absolutely no point in proposing any further policies dealing with IPv4 runout, because people really honestly don't want to switch over. The IPv4 runout has become Somebody Else's Problem, and as long as it is such, Somebody Else is going to solve it. Hopefully you read Douglas Adams so you get the reference. Ted From mksmith at adhost.com Thu Jul 5 17:17:59 2007 From: mksmith at adhost.com (Michael K. Smith - Adhost) Date: Thu, 5 Jul 2007 14:17:59 -0700 Subject: [ppml] Policy Proposal: Resource Reclamation Incentives In-Reply-To: <06de01c7bf48$d56931a0$6701a8c0@atlanta.polycom.com> References: <371EB4EE-C2FE-46CD-BAF9-DB35937B572A@delong.com><3c3e3fca0707051051p6d9de6d9v6d3abe4591ed2be@mail.gmail.com><72918365-6104-45D6-90EC-94F6CDD8EB5D@delong.com> <17838240D9A5544AAA5FF95F8D520316022AC514@ad-exh01.adhost.lan> <06de01c7bf48$d56931a0$6701a8c0@atlanta.polycom.com> Message-ID: <17838240D9A5544AAA5FF95F8D520316022AC52C@ad-exh01.adhost.lan> > -----Original Message----- > From: Stephen Sprunk [mailto:stephen at sprunk.org] > Sent: Thursday, July 05, 2007 1:41 PM > To: Michael K. Smith - Adhost; Owen DeLong; William Herrin > Cc: ARIN Address Policy > Subject: Re: [ppml] Policy Proposal: Resource Reclamation Incentives > > Thus spake "Michael K. Smith - Adhost" > > That's an interesting point. It sounds to me as if the ultimate > > depletion of IPv4 space is not going to be put off to any great > > degree by reclaiming the old swamp space. > > Projections say it'll buy us six months. Even if it's year or two, > that's > still of dubious benefit in the long run. > > > And, ARIN has guidelines for acquiring new space based > > upon need/justification as defined by previous allocations. > > If it's true that reclamation is not going to help us to any great > > degree, why not focus our efforts on writing language to > > allow entities to use swamp space as justification for IPv6 > > allocations, but not provide any particular incentives beyond > > that? > > That's how things work for v4, but it's not how things work for v6. As > it > stands, all one needs for a v6 allocation is to be an "existing, known > ISP" > or have a plan to make 200 assignments, and all one needs for a v6 > assignment is to qualify for a v4 assignment. > > Presumably, anyone with v4 swamp space already meets the relevant > standard, > so what needs to be changed? Can you provide an example of someone > with v4 > swamp space who _isn't_ elligible for v6 space already but should be? > I think we're on the same page here. We (not you and I) seem to be overly concerned with incenting or dis-incenting the swamp holders into returning their space to ARIN. If they can get IPv6 space with no hassles and there are no real benefits to reclaiming the space in terms of buying us additional time in a IPv4 world, why do we care? I'm not sure how modifying ARIN policy in regards to swamp holders is going to promote the transition to IPv6. Regards, Michael K. Smith mksmith at adhost.com (work) mksmith at mac.com (!work) From tedm at ipinc.net Thu Jul 5 17:19:29 2007 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Thu, 5 Jul 2007 14:19:29 -0700 Subject: [ppml] IPv4 "Up For Grabs" proposal In-Reply-To: <468D5BA6.90600@psg.com> Message-ID: >-----Original Message----- >From: Randy Bush [mailto:randy at psg.com] >Sent: Thursday, July 05, 2007 1:59 PM >To: Ted Mittelstaedt >Cc: ARIN PPML >Subject: Re: [ppml] IPv4 "Up For Grabs" proposal > > >> Obviously people like you won't learn anything until your face is rubbed >> in it. As I kind of expected. So, I'll wait - and a decade >from now when >> IPv4 runout is a dim memory and everyone is bemoaning how the major >> networks still haven't switched over, then perhaps you will learn then. > >clue, oh mature one: i work for the first isp on the bleeping planet to >provide ipv6. > Off of a Xenix system, no less! ;-) Ted From bmanning at vacation.karoshi.com Thu Jul 5 17:32:17 2007 From: bmanning at vacation.karoshi.com (bmanning at vacation.karoshi.com) Date: Thu, 5 Jul 2007 21:32:17 +0000 Subject: [ppml] Policy Proposal: Resource Reclamation Incentives In-Reply-To: <17838240D9A5544AAA5FF95F8D520316022AC52C@ad-exh01.adhost.lan> References: <17838240D9A5544AAA5FF95F8D520316022AC514@ad-exh01.adhost.lan> <06de01c7bf48$d56931a0$6701a8c0@atlanta.polycom.com> <17838240D9A5544AAA5FF95F8D520316022AC52C@ad-exh01.adhost.lan> Message-ID: <20070705213217.GA4400@vacation.karoshi.com.> top postiing to annoy.. :) i THINK that for the legacy holders I know, the value add for them in entering into a relationship w/ ARIN is one of keeping data current/fresh... like getting records updated. the value add for ARIN is that there is/becomes an unambigious tie as ARIN being the recognised successor in interest from the original registry. little or nothing to do w/ IPv6 and only tangential bearing on reclaimation. at least from this neck of the woods. --bill > > I think we're on the same page here. We (not you and I) seem to be > overly concerned with incenting or dis-incenting the swamp holders into > returning their space to ARIN. If they can get IPv6 space with no > hassles and there are no real benefits to reclaiming the space in terms > of buying us additional time in a IPv4 world, why do we care? I'm not > sure how modifying ARIN policy in regards to swamp holders is going to > promote the transition to IPv6. > > Regards, > > Michael K. Smith > mksmith at adhost.com (work) > mksmith at mac.com (!work) > > _______________________________________________ > This message sent to you through the ARIN Public Policy Mailing List > (PPML at arin.net). > Manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml From jcurran at istaff.org Thu Jul 5 18:47:51 2007 From: jcurran at istaff.org (John Curran) Date: Thu, 5 Jul 2007 18:47:51 -0400 Subject: [ppml] ARIN/Kremen matter In-Reply-To: References: Message-ID: Dean - ARIN has stipulated since the beginning that signing a version of the RSA would be necessary to effect the transfers requested. This was the primary basis of initial dispute between the parties. In December, the US District Court dismissed Kremen's claims with prejudice, and further made his signing a version of ARIN's RSA a prerequisite condition prior to transfer of any numbering resources. ARIN will, of course, honor the Court's order if/when the prerequisites are met. I'd like to also note that the Ninth Circuit Court of Appeals has just seen to dismiss the appeal of this case on May 24th, and that was the result of discussions between representatives of the parties. At this point, you have made points contrary to those already agreed between the parties in this matter and you do not appear to represent either party. If that situation changes, please contact me at your convenience. /John John Curran Chairman of the Board of Trustees American Registry for Internet Numbers === At 5:03 PM -0400 7/5/07, Dean Anderson wrote: >I've just reviewed the clarification order. There are some problems. I >note that ASN 11083 (block 5 on Kremen's documents) was under ARIN's >control in 2001. ARIN transferred this block to LACNIC in 2002, _while_ >it was under order to transfer it to Kremen. Plzak's statement that it >isn't under ARIN's control really should be challenged. I note that >ASN's 11082 and 11084 are still in ARIN's hands, so this wasn't simply >swept up in a larger block of numbers, but was individually transfered >in _spite_ of the court order. Well, that's snarky: transfer it to >LACNIC so it can't be given to Kremen. There is a legal term for that, I >think. The Court should be informed of this. The transfer to LACNIC >really should be invalidated. > >The court says "Kremen may sign his choice of (1) RSA mirroring the >terms and conditions of ARIN's agreement with Cohen (RSA 2);" > >RSA 2 would be the legacy form. (Essentially, nothing but the name and >address). So, ARIN should just change the name and address, as Kremen >requests. > >While the court found that 2 blocks don't have to be transfered (AS11083 >and an IP block belonging to UUnet apparently just used by Cohen), >Kremen won again: ARIN has to give Cohen's legacy terms to Kremen, if >Kremen wants them (and he does). > >Yet, ARIN still refuses to comply, and by its refusal, harms Kremen >further. ARIN knows that it ultimately has no choice but to comply. Its >dispute is not based on any principle but on obstinance. Just like >Exactis v. MAPS, where MAPS lawyer was chastised for coming to court the >frivolous claim that the First Amendment permitted violation of the >Sherman Act and extortion, etc. It is perhaps telling that Paul Vixie >is involved in both of these two frivolous disputes. (Vixie was CEO of >MAPS, and is a board member of ARIN) > >There is no policy or principle that is being defended by ARIN. Neither >Kremen, nor the Court, are demanding any policy change on ARIN. ARIN >just has to do for Kremen exactly what it did for Cohen. ARIN's >continued dispute and refusal is just frivolous. Therefore, greater >penalties on ARIN are very appropriate. That is a proper and just >result, to everyone but the anarchists. > >More inline. > >On Wed, 4 Jul 2007 michael.dillon at bt.com wrote: >> >> (Search for RYAN to find his words) >> ----- >> We received the order approximately two years after it had been issued. > >The court found otherwise, and found that Kremen had been negotiating >with ARIN for 5 years between 2001 and 2006. > >> It was provided to us in a formal way, and Mr. Kremen asked us to obey >> the order. That is, to revoke the IP resources that were held by Mr. >> Cohen and transfer them to Mr. Kremen. We agreed to do so, so long as >> Mr. Kremen would do what all of you have done since ARIN began in 1998, >> which is apply for the resources and sign the normal RSA. > >In fact, and the court held, Mr. Kremen can't be held standards that >didn't apply to Mr. Cohen, and don't apply to other legacy holders. If >Cohen didn't sign a current RSA, neither should Kremen. The court cites >3 RSAs (at Kremen's choice) that are appropriate. The Court included the >one Kremen has wanted: the legacy agreement. > >ARIN wants Kremen to agree to _new_ terms, and ARIN's lawyer incorrectly >describes Kremen's as not wanting to agree to _any_ terms. The court >has repeatedly, now, said that ARIN has to give Kremen the same terms it >gave Cohen (the legacy terms: basically, name and address). ARIN is >refusing to do that. > >> Mr. Kremen refused to do that and has refused to the current date. His >> theory is that he doesn't have to do that because he has a court >> order, and our theory is that we have a certain set of rules and >> requirements, and that you have to obey the rules and requirements of >> the community, and we don't read the court order as giving Mr. Kremen >> a permanent pass from the rules that all of you obey. ... We revoked >> resources that were held by Mr. Cohen or his associates that were >> covered by the 2001 order when they were not paid for. In other words, >> by our own processes, we were very aggressively trying to recover >> these resources so that they weren't out there. ... > >ARIN can't claim that _Cohen_ didn't pay on the block after 2001, >because thats during the dispute. The 'payment' argument was already >rejected, by the way. > >> First, we've gone back to the court and said that the court in its >> 2001 order ought to consider modifying the order to make it clear that >> Mr. Kremen, like everyone else, has to sign an RSA and has to pay for >> the resources in the future. ... One is that Mr. Kremen is a legacy >> address holder. He has legacy address blocks. ----- > >No such formal agreement was ever required of legacy holders. Nor is any >such agreement even now required of _current_ legacy holders. Current >legacy holders have never signed a formal RSA, just the legacy >registration form, so there is no justification to force Kremen to do >more. This is the basis of Kremen's suit, and Kremen has won >repeatedly. > >What's more, its all a waste of ARIN resources to fight this. There is >no principle to be found here for ARIN. (except the principle of anarchy >and not submitting to court orders, which many people here do advocate, >but which isn't going to be useful in court) > >ARIN can perform immediately: It can record Kremen as a legacy holder in >30 seconds, if it chooses to do so. Its been ordered to make Kremen a >legacy holder. There is no justification for disobeying the court. > >> It's all about an open and level playing field. > >On that, we agree. > >-- >Av8 Internet Prepared to pay a premium for better service? >www.av8.net faster, more reliable, better service >617 344 9000 From owen at delong.com Thu Jul 5 18:49:54 2007 From: owen at delong.com (Owen DeLong) Date: Thu, 5 Jul 2007 15:49:54 -0700 Subject: [ppml] IPv4 "Up For Grabs" proposal In-Reply-To: References: Message-ID: On Jul 5, 2007, at 1:53 PM, Ted Mittelstaedt wrote: >> No. I'm saying that launching a denial of service attack against >> them is an >> even worse thing. >> > > And I'm not advocating that. > Up for grabs is _EXACTLY_ that whether you realize it or not. >> >>> >>> Oh I forgot, you were advocating that >>> legacy holders don't even have to sign an RSA to get IPv6. >>> >> Please show me one place where I have advocated such a thing. >> I have never advocated that and your accusations here are baseless >> and misleading at best. > > I already e-mailed you this off list, maybe you didn't read it: > > In your proposal: > > "... 1. If the organization does not currently pay ARIN > fees, they shall remain fee exempt...." > > You didn't say "fee exempt for a certain amount of time", nor did you > say "does not currently pay ARIN IPv4 fees they shall remain > fee exempt for IPv4 only" both of which would have closed a huge hole. > Nor did section 1 discuss IPv6 address space. Read section 4. which is the only part of the proposal that speaks of anything related to IPv6 space being issued... > 4. All organizations returning space under this > policy shall, if they meet other eligibility > requirements and so request, obtain an > appropriate IPv6 end-user assignment > or ISP allocation as applicable, with no fees > for the first 5 years. Organizations electing > to receive IPv6 allocation/assignment under > this provision must sign a current RSA and > must agree that all of their IPv4 resources are > henceforth subject to the RSA. Organizations > taking this election shall be subject to end-user > fees for their IPv4 resources not previously > under an ARIN RSA. If they are already an > ARIN subscriber, then IPv4 resources > affected by this process may, instead, be added to > their existing subscriber agreement at the > address holder's discretion. Note that it very specifically requires them not only to sign an RSA for their IPv6 resources, but, also, in order to get IPv6 for free for 5 years, they _MUST_ bring all IPv4 resources under RSA _AND_ start paying appropriate fees for them. >> >> Hardly. I just want to recognize what is and isn't possible and >> do the >> best we can with the situation we have. There really is little >> point in >> wasting the monumental amount of effort and capital that it would >> take >> to (probably fail in the) attempt to revoke legacy IPv4 resources. > > How does the RIR's ceasing to track IPv4 that isn't under an RSA > with them > post-IPv4 runout constitute a revoking of IPv4? > Removing then from the registry isn't revocation, but, it's also not helpful and there's really no point to doing it. >> By the time all the court battles were done, the reclamation of >> legacy IPv4 resources would probably not be of substantial benefit >> to the community. >> > > This isn't about reclamation. This is about getting people that > aren't paying IPv4 fees to an RIR, out of the tracking system once > IPv4 runout has happened and a significant number of orgs have > switched to IPv6. What's the point of doing that? > Specifically, my suggestion wouldn't even take place until IPv4 > was effectively useless for new assignments - even if it was > available. > I'm not convinced this assertion is accurate. >> Marking the addresses as "up for grabs" and having a policy >> discussion >> on record describing "up for grabs" the way you already have would >> certainly hold up as "encouraging". >> > > Except that this isn't a policy discussion since no policy has been > proposed and your not even discussing the items in the post anyway. > Sorry... If this isn't a policy discussion, it doesn't belong on this mailing list. This list is for the purpose of discussing and developing ARIN policies. Whether the policy has been proposed or not, this _IS_ a policy discussion. You can have a policy discussion without a formal policy proposal. >> Actually, besides the RIRs there are a number of other resources that >> track these, including, but, not limited to completewhois. >> > > So go join the fringe at http://www.opennic.unrated.net/ and quit > bothering the rest of us. How many ISP's do they have now? 7? 8? First, I would hardly put www.completewhois.net in the same bin with opennic.unrated.net. Second, I have a long history of constructive participation in the ARIN policy process including a number of proposals I have either written or participated in the development of which are now policy. > If you really thought that someone else tracking these was a serious > problem you wouldn't be using that as an argument, because since an > alterantive would be available, it would make what the RIR's did a > non-issue. The only reason your bringing it up is because you know > it's a bogus argument. > I'm bringing it up because it further demonstrates the extent to which your proposal accomplishes nothing positive and all of its limited potential effects are just disruptive. >> >> The RIRs are not governing bodies. It amazes me that you are so >> thoroughly >> ignorant of the law. The governing bodies that govern what is or is >> not allowed >> on the highways are actual GOVERNMENTs. The RIRs are NOT GOVERNMENT. > > Yup - and so, what requirement does an RIR have to continue to record > a legacy assignment? They have no contract and as you point out they > aren't a government, so why do they have to keep doing it? > I believe they made an agreement to do so with IANA as part of the process of their formation. Other than that, I suppose, perhaps, they don't need to, however, there's also no gain to anyone for them to stop doing so. >> Further, you can take a horse and buggy onto an interstate highway. >> While you >> can't do it in most places, your blanket assertion does prove false >> if you look >> at Pennsylvania, parts of Ohio, and a number of other rural areas >> where the >> Interstate replaced earlier roads and would render places >> inaccessible to >> horse and buggy if they could not traverse said interstate. > > http://www.commonsensei69.org/damage.htm > > "...Because the Amish travel only by horse-and-buggy, they cannot > travel on or across interstate highways..." > That's only between two cities within Indiana which is not one of the states I mentioned. I know that the Amish are allowed to operate horse and buggy on Pennsylvania interstates, and, I know that in some parts of Ohio this is common practice and the LE folks seem to ignore it even if it is against the law. Unfortunately, neither Ohio nor Pennsylvania put their laws on the web in such a way as to make it easy for me to give you the exact statutes (or even to read them myself). > >>> Fundamentally I am saying let's make that policy right now. If you >>> believe >>> that 20% IPv6 adoption isn't sufficient enough to call IPv4 >>> obsolete, then >>> what about 40% IPv6 adoption? If that's not enough, what about 60% >>> adoption? >>> >> What does it matter? What's the point of calling IPv4 obsolete at >> the RIR >> level? When ISPs start derouting it, it will be obsolete for any >> meaningful >> definition. >> > > That is nothing more than setting up circular logic. As long as the > RIR's track IPv4, those assignments are official, and anyone who has > one can claim that an ISP cannot deroute it. (you claim they can file > a court injunctions over this kind of thing, well there you go) So > the > ISP's aren't going to deroute them. > Nobody can claim an ISP can't deroute an IPv4 address today. Lots of IPSs deroute lots of addresses every day now. No ISP has to carry your IPv4 route unless you or someone else has a contract with them that says they will. > Your saying the RIR's aren't going to consider the assignments > obsolete > until the ISP's start derouting them. Until they consider them > obsolete they will still track them. > Pretty much. > So in summary, the RIR's will never stop tracking them and the ISPs > will never stop routing them. So explain why again that a legacy > holder who pays no fees to an RIR for IPv4 would choose to go to IPv6 > and start paying fees? > I don't accept your premise. I firmly believe that ISPs will begin charging more and more for IPv4 connectivity and eventually will terminate IPv4 services on an ISP by ISP basis. I believe that when there is no longer a critical mass of IPv4 connectivity, IPv4 will rapidly fall into disuse on the public internet and that at that time, the RIRs can put obsolescence policies in place to sunset the tracking of IPv4 registration data. An IPv4 legacy holder who wants to talk to the rest of the internet will move to IPv6 because he will have to in order to talk to the rest of the internet. It will be the ISPs that provide this forcing function, however, and not the RIRs. >>> >> Doesn't matter. Eventually, the legacy holders won't be able to get >> an ISP >> to route their IPv4 addresses. > > Then why are you so opposed to setting a date in advance that we will > all say this is going to happen? If it doesen't matter, then why > argue > against this? > Because the date should be decided on a case-by-case basis between the ISP and the address holder, not by some RIR policy decision without any visibility into the real world of what is happening. Because there is no benefit to doing so, only cost. > Sounds to me like the boyfriend objecting to his girlfriend visiting > churches and looking at wedding packages, while at the same time > insisting > that he's going to marry her... eventually. > Only if we accept all of your broken assertions. I don't. Owen From tedm at ipinc.net Thu Jul 5 20:09:59 2007 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Thu, 5 Jul 2007 17:09:59 -0700 Subject: [ppml] IPv4 "Up For Grabs" proposal In-Reply-To: <20070705213110.GN9951@elvis.mu.org> Message-ID: >-----Original Message----- >From: bill fumerola [mailto:billf at mu.org] >Sent: Thursday, July 05, 2007 2:31 PM >To: Ted Mittelstaedt >Cc: 'ARIN PPML' >Subject: Re: [ppml] IPv4 "Up For Grabs" proposal > > >On Thu, Jul 05, 2007 at 02:08:19PM -0700, Ted Mittelstaedt wrote: >> OK, then how exactly is this fact an argument AGAINST arin >simply removing >> these records out of it's whois? Which is what I am suggesting? > >who does that hurt? the legacy holders or the rest of the community >trying to use a tool to find out who to contact when that netblock does >something foolish. > >as a paying ARIN member, i want ARIN to keep track of as much as they're >legally, financially, technically allowed to. that WHOIS service is more >useful to me, the paying ARIN member, not the legacy holder. For now. What about post-IPv4 runout? Ted From sethm at rollernet.us Thu Jul 5 20:24:48 2007 From: sethm at rollernet.us (Seth Mattinen) Date: Thu, 05 Jul 2007 17:24:48 -0700 Subject: [ppml] IPv4 "Up For Grabs" proposal In-Reply-To: References: Message-ID: <468D8BD0.2010401@rollernet.us> Ted Mittelstaedt wrote: > >> -----Original Message----- >> From: bill fumerola [mailto:billf at mu.org] >> Sent: Thursday, July 05, 2007 2:31 PM >> To: Ted Mittelstaedt >> Cc: 'ARIN PPML' >> Subject: Re: [ppml] IPv4 "Up For Grabs" proposal >> >> >> On Thu, Jul 05, 2007 at 02:08:19PM -0700, Ted Mittelstaedt wrote: >>> OK, then how exactly is this fact an argument AGAINST arin >> simply removing >>> these records out of it's whois? Which is what I am suggesting? >> who does that hurt? the legacy holders or the rest of the community >> trying to use a tool to find out who to contact when that netblock does >> something foolish. >> >> as a paying ARIN member, i want ARIN to keep track of as much as they're >> legally, financially, technically allowed to. that WHOIS service is more >> useful to me, the paying ARIN member, not the legacy holder. > > For now. What about post-IPv4 runout? > How does whois become less useful after that point? ~Seth From tedm at ipinc.net Thu Jul 5 20:33:22 2007 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Thu, 5 Jul 2007 17:33:22 -0700 Subject: [ppml] IPv4 "Up For Grabs" proposal In-Reply-To: Message-ID: >-----Original Message----- >From: Owen DeLong [mailto:owen at delong.com] >Sent: Thursday, July 05, 2007 3:50 PM >To: Ted Mittelstaedt >Cc: ARIN PPML >Subject: Re: [ppml] IPv4 "Up For Grabs" proposal > > >> >> This isn't about reclamation. This is about getting people that >> aren't paying IPv4 fees to an RIR, out of the tracking system once >> IPv4 runout has happened and a significant number of orgs have >> switched to IPv6. > >What's the point of doing that? > Your asking in effect, what is the point of winding down IPv4? If there is no point of winding down IPv4 then what is the point of winding ip IPv6? >> Specifically, my suggestion wouldn't even take place until IPv4 >> was effectively useless for new assignments - even if it was >> available. >> >I'm not convinced this assertion is accurate. > OK. Are you saying that IPV4 will NEVER become useless for new assignments? Explain yourself! >>> Marking the addresses as "up for grabs" and having a policy >>> discussion >>> on record describing "up for grabs" the way you already have would >>> certainly hold up as "encouraging". >>> >> >> Except that this isn't a policy discussion since no policy has been >> proposed and your not even discussing the items in the post anyway. >> >Sorry... If this isn't a policy discussion, it doesn't belong on this >mailing list. >This list is for the purpose of discussing and developing ARIN policies. >Whether the policy has been proposed or not, this _IS_ a policy >discussion. >You can have a policy discussion without a formal policy proposal. > People do it all the time on this list, introducing all kinds of side issues. Such as the topic that seems to come up all the time that people who want legacy holders to start paying their way are jealous, nasty and so on. Even though that has not been on any policy I've seen. >> >> Yup - and so, what requirement does an RIR have to continue to record >> a legacy assignment? They have no contract and as you point out they >> aren't a government, so why do they have to keep doing it? >> >I believe they made an agreement to do so with IANA as part of the >process >of their formation. Other than that, I suppose, perhaps, they don't >need to, >however, there's also no gain to anyone for them to stop doing so. > OK, well here is the heart of the issue. Are you saing then that the RIR's should continue to keep legacy IPv4 assignments recorded in perpetuity? What happens when an org switches over to IPv6 and decides to tell an RIR that they don't want their IPv4 anymore and take it back and stop billing them for it, but they are going to keep their IPv6 in force and continue to pay the bills on that. Right now the RIR pulls the whois and makes the IPv4 available for assignment elsewhere. But, what happens in the future when everyone on the Internet has switched to dual-stacks and so nobody wants to pay for IPv4 assignments any longer - and companies are turning them in right and left. All except the legacy holders - since they aren't paying for them, they won't have incentive to inform anyone they aren't using them any longer, since that will not affect any billing they are paying. is the RIR supposed to keep the legacy IPv4 in it's whois forever? >I don't accept your premise. I firmly believe that ISPs will begin >charging more and more for IPv4 connectivity and eventually will >terminate IPv4 services on an ISP by ISP basis. I believe that >when there is no longer a critical mass of IPv4 connectivity, IPv4 >will rapidly fall into disuse on the public internet and that at that >time, the RIRs can put obsolescence policies in place to sunset >the tracking of IPv4 registration data. > >An IPv4 legacy holder who wants to talk to the rest of the internet >will move to IPv6 because he will have to in order to talk to the >rest of the internet. It will be the ISPs that provide this forcing >function, however, and not the RIRs. > What possible incentive do the ISPs have to stop using IPv4 unless they are paying for the addressing? Legacy holders are not paying thus where is the incentive? >> >> Then why are you so opposed to setting a date in advance that we will >> all say this is going to happen? If it doesen't matter, then why >> argue >> against this? >> >Because the date should be decided on a case-by-case basis between >the ISP and the address holder, not by some RIR policy decision without >any visibility into the real world of what is happening. Then IPv6 switchover will never happen. > Because there >is no benefit to doing so, only cost. > There is cost to any possible future. The future you are advocating - that IPv4 be considered viable for time out of mind beyond the end of IPv4 runout is the most costly of all. It will promote a buying-and-selling market and make the growing networks bear the brunt of the costs while the legacy holders reap windfalls. Ted From james at towardex.com Thu Jul 5 20:49:05 2007 From: james at towardex.com (James Jun) Date: Thu, 5 Jul 2007 20:49:05 -0400 Subject: [ppml] IPv4 "Up For Grabs" proposal In-Reply-To: References: Message-ID: <018401c7bf67$82b47630$1efc5dd8@HCMC.local> >> >> Then why are you so opposed to setting a date in advance that we will >> all say this is going to happen? If it doesen't matter, then why >> argue against this? >> >Because the date should be decided on a case-by-case basis between the >ISP and the address holder, not by some RIR policy decision without any >visibility into the real world of what is happening. > > Then IPv6 switchover will never happen. > As someone who maintains over 450 IPv6 hand-off connections around the U.S., I can tell you that the reality contradicts your argument on all grounds. Most large carriers already run IPv6 natively on their backbone; those who haven't done it so far at the least have IPv6 migration planning being planned out inside their organization. There is far greater number of small ISP's who haven't gotten the memo yet to implement IPv6, than there are big guys who already are working toward some sort of solution for their customers. I say this, because much of your utopian drama proposals are designed around "rich gets richer, poorer gets poorer, big guys are the evil" mantra, including your latest frivolous proposal against legacy holders. And seriously, most legacy holders, especially the large-block holders, are not in carrier business with some notable exceptions (for example, Level3 holding 4.0.0.0/8, after acquisition of BBN assets; however, even so, (3) has a direct IPv6 allocation from ARIN, 2001:1900::/32 and offer IPv6 service to customers now -- and they are an ARIN member). A lot of legacy holders are in enterprise environment (unless you consider small /24-/22 mom & pop legacy holders and enterprise WAN's as big giant evil carriers who would prevent Global IPv6 Adoption from ever happening), which they will only make themselves suffer by not adopting IPv6. So please, before you argue that somehow if we don't do XYZ in a frivolous chaotic manner, IPv6 will never happen, first pay more attention to products and services available in the carrier industry today regarding IPv6; and new developments that are being worked on to further expand IPv6 services out to the edge (the end users). It's all happening right now, slowly but definitely gaining traction, all without your input. Regards, james From Keith at jcc.com Thu Jul 5 23:03:22 2007 From: Keith at jcc.com (Keith W. Hare) Date: Thu, 5 Jul 2007 23:03:22 -0400 Subject: [ppml] Policy Proposal: Resource Reclamation Incentives Message-ID: <4d34b95bc071886854b72ceb892bee82468db10c@jcc.com> I've seen a lot of discussion over the last couple of days about legacy address space reclamation and whether or not legacy address holders are paying their fair share to support ARIN. The thing I haven't seen are any numbers. How many legacy address blocks exist that are large enough to be useful to ARIN? If there are enough address blocks to be useful to ARIN, then it may be worth enhancing incentives. This discussion of reclamation incentives has also generated a lot of discussion about legacy address holders who have not signed an RSA and do not pay ARIN anything. However, I have not seen anything about how many legacy address holders exist. Numbers would be useful to help decide whether the proposed change is worth making. Keith ______________________________________________________________ Keith W. Hare JCC Consulting, Inc. keith at jcc.com 600 Newark Road Phone: 740-587-0157 P.O. Box 381 Fax: 740-587-0163 Granville, Ohio 43023 http://www.jcc.com USA ______________________________________________________________ From Keith at jcc.com Thu Jul 5 23:31:33 2007 From: Keith at jcc.com (Keith W. Hare) Date: Thu, 5 Jul 2007 23:31:33 -0400 Subject: [ppml] IPv4 "Up For Grabs" proposal Message-ID: <3b7d91eb38eb96161bc866c67491a133468db7a8@jcc.com> One of the assumptions of the "Up For Grabs" not-quite-a-proposal is that there are evil legacy address holders who have refused to pay their fair share of the ARIN costs. I've been the technical point of contact for our IPv4 /24 address for some time. I don't ever remember seeing anything from ARIN asking us to sign an RSA and pay a yearly fee. So, I've refused to respond to an invitation I haven't received. I went to the ARIN web site to see what I would have to do to sign an RSA for our IPv4 /24. I don't immediately see anything that says "If you are a legacy address holder, this is what you do..." So, I've refused to follow a process that isn't visible. Yep, I'm definitely evil. I do see the ARIN membership application, which seems to be different from signing an RSA. Maybe if I become a member and pay the yearly membership fee I won't be as evil. If "Up For Grabs" were a real policy proposal, I would be opposed to it. It is an attempt to punish legacy address holders rather than an attempt to do anything positive. Since it is not a real policy proposal, I can ignore it for the moment, and maybe it will go away. Keith ______________________________________________________________ Keith W. Hare JCC Consulting, Inc. keith at jcc.com 600 Newark Road Phone: 740-587-0157 P.O. Box 381 Fax: 740-587-0163 Granville, Ohio 43023 http://www.jcc.com USA ______________________________________________________________ From stephen at sprunk.org Fri Jul 6 01:02:01 2007 From: stephen at sprunk.org (Stephen Sprunk) Date: Fri, 6 Jul 2007 00:02:01 -0500 Subject: [ppml] Policy Proposal: Resource Reclamation Incentives References: <4d34b95bc071886854b72ceb892bee82468db10c@jcc.com> Message-ID: <099801c7bf8d$39830410$6701a8c0@atlanta.polycom.com> Thus spake "Keith W. Hare" > I've seen a lot of discussion over the last couple of days about > legacy address space reclamation and whether or not legacy > address holders are paying their fair share to support ARIN. > > The thing I haven't seen are any numbers. > ... > This discussion of reclamation incentives has also generated > a lot of discussion about legacy address holders who have > not signed an RSA and do not pay ARIN anything. However, > I have not seen anything about how many legacy address > holders exist. Per the presentation at ARIN XIX, there are 31,386 legacy direct registrations to 20,501 organizations, and 2,277 of those orgs have signed an RSA. Currently no fees are collected for those 31,386 legacy blocks; however, the orgs that have signed an RSA are likely paying for other, non-legacy resources. Also, only 44% of the blocks appear in the routing tables, and only 54% have been updated since Dec 97. That means a sizeable fraction of the blocks are likely abandoned. Since ARIN (per a response to an off-list query) doesn't know whether legacy blocks are "assignments" or "allocations", it's not possible to determine how much revenue would be generated if all of them were subject to fees. Worst case, ARIN would collect around $1M/yr if the active blocks were all determined to be "assignments" and the registrants were paying the $100/yr maintenance fee -- an increase of about 10% to ARIN's revenue. OTOH, if most of the blocks were "allocations", the increase could be 20+ times that. Nobody knows. > How many legacy address blocks exist that are large enough > to be useful to ARIN? All of them are potentially useful. However, I haven't seen any stats that break out how many of the registrations are of the various sizes. Common sense says that most will be /24s, but there's gobs of /16s out there as well, and a few /8s. S Stephen Sprunk "Those people who think they know everything CCIE #3723 are a great annoyance to those of us who do." K5SSS --Isaac Asimov From dogwallah at gmail.com Fri Jul 6 01:39:31 2007 From: dogwallah at gmail.com (McTim) Date: Fri, 6 Jul 2007 08:39:31 +0300 Subject: [ppml] IPv4 "Up For Grabs" proposal In-Reply-To: References: Message-ID: On 7/6/07, Ted Mittelstaedt wrote: > > > >patently false, chaos would ensue for all. "legacy" space holders, > >"grabbers", and everyone who has to decide whom to listen to when > >these blocks are announced. > > > > Why, all they have to do is look and see if the block is registered in > an RIR. Don't you mean RR? First of all we will have to ignore hierarchical authentication, but let's say for the sake of this argument that you and I could both register a /8 when it became "up for grabs". I register it in RIPE, you register it in ARIN on the same day. Whose block is it then? The first to create the inetnum? The first to create a route object? if the RIRs have no role in adjudicating disputes, then what? the courts? where, EU or US? see, chaos. > > If there is no consensus on what to do with the IPv4 blocks held by the > legacy holders after 20% of the Internet has become IPv6 only, then > there is absolutely no point in proposing any further policies dealing with > IPv4 runout, because people really honestly don't want to switch over. I don't see the logic here. I don't know why 20% is a magic number. Some folk don't won't want to switch and might never, Those IPv4 registrations could be in RIR DBs in perpetuity. I don't see a problem here. > > The IPv4 runout has become Somebody Else's Problem, and as long as it > is such, Somebody Else is going to solve it. This proposal would make it a problem for all. Right now it's a challenge, not a problem. -- Cheers, McTim $ whois -h whois.afrinic.net mctim From stephen at sprunk.org Fri Jul 6 02:10:15 2007 From: stephen at sprunk.org (Stephen Sprunk) Date: Fri, 6 Jul 2007 01:10:15 -0500 Subject: [ppml] IPv4 "Up For Grabs" proposal References: Message-ID: <09f501c7bf95$c5f15bb0$6701a8c0@atlanta.polycom.com> Thus spake "Ted Mittelstaedt" > I guarenteee to you that Leatherman Tool Group IS NOT > paying ARIN a dime, has NEVER paid them a dime. Yet, > ARIN is still tracking this so ARIN obviously considers this > legacy holder still their responsibility. > ... > Letting legacy holders get away witout funding the RIR that > tracks them is in my opinion, far crazier than any rules I've > proposed. Yet, you accept it. That is primarily because it benefits ARIN's paying members to know who's using that space. WHOIS primarily benefits people _other than_ the registrant. The same argument could be made for reverse DNS service, though that's not quite as clear-cut. "Tracks" is also not quite accurate; ARIN is dependent on the registrants keeping their data up to date. Half of them haven't bothered to do so in the last decade, and ARIN isn't out there hunting them down. The amount of money spent on legacy folks is minimal, since the systems need to be built and maintained for non-legacy folks anyways. It's a negligible incremental cost. S Stephen Sprunk "Those people who think they know everything CCIE #3723 are a great annoyance to those of us who do." K5SSS --Isaac Asimov From bicknell at ufp.org Fri Jul 6 09:43:34 2007 From: bicknell at ufp.org (Leo Bicknell) Date: Fri, 6 Jul 2007 09:43:34 -0400 Subject: [ppml] Policy Proposal: Resource Reclamation Incentives In-Reply-To: <4d34b95bc071886854b72ceb892bee82468db10c@jcc.com> References: <4d34b95bc071886854b72ceb892bee82468db10c@jcc.com> Message-ID: <20070706134333.GA54239@ussenterprise.ufp.org> In a message written on Thu, Jul 05, 2007 at 11:03:22PM -0400, Keith W. Hare wrote: > If there are enough address blocks to be useful to ARIN, then it may be > worth enhancing incentives. Useful is an interesting word. Can we push out IPv4 exhaustion with aggressive reclamation? Only for a relatively short period of time. I think the top end estimate is 1-2 years. Is there value in taking away unused addresses and giving them to people who can use them based on "efficient utilization" and stewardship prior to them just becoming an asset on the black/grey/white market? Depends on your point of view. Is there value to having everyone under an RSA, one of the terms of which is that there are "no property rights" to addresses prior to exhaustion? Depends on your point of view. Is it good to start now reclaiming the low hanging fruit such that if the transition goes poorly and the community wants us to reach for fruit further up the tree we already have some experience picking it? Perhaps. -- Leo Bicknell - bicknell at ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ Read TMBG List - tmbg-list-request at tmbg.org, www.tmbg.org -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available URL: From bicknell at ufp.org Fri Jul 6 09:52:27 2007 From: bicknell at ufp.org (Leo Bicknell) Date: Fri, 6 Jul 2007 09:52:27 -0400 Subject: [ppml] ARIN Outreach to Legacy Holders Message-ID: <20070706135227.GB54239@ussenterprise.ufp.org> In a message written on Thu, Jul 05, 2007 at 11:31:33PM -0400, Keith W. Hare wrote: > I've been the technical point of contact for our IPv4 /24 address for > some time. I don't ever remember seeing anything from ARIN asking us to > sign an RSA and pay a yearly fee. So, I've refused to respond to an > invitation I haven't received. > > I went to the ARIN web site to see what I would have to do to sign an > RSA for our IPv4 /24. I don't immediately see anything that says "If > you are a legacy address holder, this is what you do..." So, I've > refused to follow a process that isn't visible. Keith makes an interesting point. Should ARIN create a web page clearly linked off the home page with instructions on how to sign an RSA and become a Member for legacy holders? They could then mass-mail all of the legacy holders with the web page. For all of our attempts to do things with policy, is one of the right things to do to get the community behind a suggestion that ARIN attempt some very direct outreach to the legacy holders? -- Leo Bicknell - bicknell at ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ Read TMBG List - tmbg-list-request at tmbg.org, www.tmbg.org -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available URL: From Keith at jcc.com Fri Jul 6 10:42:06 2007 From: Keith at jcc.com (Keith W. Hare) Date: Fri, 6 Jul 2007 10:42:06 -0400 Subject: [ppml] ARIN Outreach to Legacy Holders Message-ID: <5c31aa460b4f3eef0ee13986b3c2779e468e54d1@jcc.com> > In a message sent on Friday, July 06, 2007 9:52 AM, > Leo Bicknell wrote: > To: ARIN PPML > Subject: [ppml] ARIN Outreach to Legacy Holders > >>... > > Keith makes an interesting point. Should ARIN create a web page > clearly linked off the home page with instructions on how to sign > an RSA and become a Member for legacy holders? They could then > mass-mail all of the legacy holders with the web page. ARIN should definitely create a web page with information for legacy holders. > For all of our attempts to do things with policy, is one of the right > things to do to get the community behind a suggestion that > ARIN attempt > some very direct outreach to the legacy holders? > Yes, direct outreach to legacy holders is the right thing to do. Policies are great (this is the policy mailing list, after all) but if the people/companies to whom the policies are addressed don't know the policies exist, the policies are are not particularly useful. Keith ______________________________________________________________ Keith W. Hare JCC Consulting, Inc. keith at jcc.com 600 Newark Road Phone: 740-587-0157 P.O. Box 381 Fax: 740-587-0163 Granville, Ohio 43023 http://www.jcc.com USA ______________________________________________________________ From paul at vix.com Fri Jul 6 10:57:46 2007 From: paul at vix.com (Paul Vixie) Date: Fri, 06 Jul 2007 14:57:46 +0000 Subject: [ppml] ARIN Outreach to Legacy Holders In-Reply-To: Your message of "Fri, 06 Jul 2007 09:52:27 -0400." <20070706135227.GB54239@ussenterprise.ufp.org> References: <20070706135227.GB54239@ussenterprise.ufp.org> Message-ID: <30818.1183733866@sa.vix.com> > Keith makes an interesting point. Should ARIN create a web page > clearly linked off the home page with instructions on how to sign > an RSA and become a Member for legacy holders? They could then > mass-mail all of the legacy holders with the web page. > > For all of our attempts to do things with policy, is one of the right > things to do to get the community behind a suggestion that ARIN attempt > some very direct outreach to the legacy holders? i think the reason there are no instructions is that we don't know what they should say. "if you have a /16 that you would not qualify for under current rules, then as a legacy holder upgrading to RSA, you [may][may not] keep this address space." riddle me that, batman. From kkargel at polartel.com Fri Jul 6 10:57:57 2007 From: kkargel at polartel.com (Kevin Kargel) Date: Fri, 6 Jul 2007 09:57:57 -0500 Subject: [ppml] ARIN Outreach to Legacy Holders In-Reply-To: <5c31aa460b4f3eef0ee13986b3c2779e468e54d1@jcc.com> Message-ID: <70DE64CEFD6E9A4EB7FAF3A063141066707117@mail> Yes, outreach is the right thing to do. I am not optimistic that it will have any appreciable effect, but we need to be able to say we tried cooperative measures. Kevin :$s/worry/happy/g > -----Original Message----- > From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On > Behalf Of Keith W. Hare > Sent: Friday, July 06, 2007 9:42 AM > To: ARIN PPML > Subject: Re: [ppml] ARIN Outreach to Legacy Holders > > > > In a message sent on Friday, July 06, 2007 9:52 AM, Leo Bicknell > > wrote: > > To: ARIN PPML > > Subject: [ppml] ARIN Outreach to Legacy Holders > > > >>... > > > > Keith makes an interesting point. Should ARIN create a web page > > clearly linked off the home page with instructions on how > to sign an > > RSA and become a Member for legacy holders? They could > then mass-mail > > all of the legacy holders with the web page. > > ARIN should definitely create a web page with information for > legacy holders. > > > For all of our attempts to do things with policy, is one of > the right > > things to do to get the community behind a suggestion that ARIN > > attempt some very direct outreach to the legacy holders? > > > > Yes, direct outreach to legacy holders is the right thing to do. > > Policies are great (this is the policy mailing list, after all) but if > the people/companies to whom the policies are addressed don't know the > policies exist, the policies are are not particularly useful. > > Keith > > ______________________________________________________________ > > Keith W. Hare JCC Consulting, Inc. > keith at jcc.com 600 Newark Road > Phone: 740-587-0157 P.O. Box 381 > Fax: 740-587-0163 Granville, Ohio 43023 > http://www.jcc.com USA > ______________________________________________________________ > > > _______________________________________________ > This message sent to you through the ARIN Public Policy Mailing List > (PPML at arin.net). > Manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml > From jeroen at unfix.org Fri Jul 6 10:58:52 2007 From: jeroen at unfix.org (Jeroen Massar) Date: Fri, 06 Jul 2007 15:58:52 +0100 Subject: [ppml] ARIN Outreach to Legacy Holders In-Reply-To: <20070706135227.GB54239@ussenterprise.ufp.org> References: <20070706135227.GB54239@ussenterprise.ufp.org> Message-ID: <468E58AC.7010708@spaghetti.zurich.ibm.com> Leo Bicknell wrote: > In a message written on Thu, Jul 05, 2007 at 11:31:33PM -0400, Keith W. Hare wrote: >> I've been the technical point of contact for our IPv4 /24 address for >> some time. I don't ever remember seeing anything from ARIN asking us to >> sign an RSA and pay a yearly fee. So, I've refused to respond to an >> invitation I haven't received. >> >> I went to the ARIN web site to see what I would have to do to sign an >> RSA for our IPv4 /24. I don't immediately see anything that says "If >> you are a legacy address holder, this is what you do..." So, I've >> refused to follow a process that isn't visible. > > Keith makes an interesting point. Should ARIN create a web page > clearly linked off the home page with instructions on how to sign > an RSA and become a Member for legacy holders? They could then > mass-mail all of the legacy holders with the web page. > > For all of our attempts to do things with policy, is one of the right > things to do to get the community behind a suggestion that ARIN attempt > some very direct outreach to the legacy holders? I think such a page and then spamming the legacy holders with the information might be worthwhile. As ARIN would then be spamming them anyway with this information, an additional incentive, like the one proposed by Owen DeLong might be a good idea to spam along, also raising IPv6 awareness to them. One could also go propose a "Sign IPv4 RSA for legacy space at 50% of normal fees when also getting IPv6 space (under RSA+normal fees+justification)" option. Nevertheless, a good information page about legacy space, what it is in the first place and how to easily get an RSA signed for it, might be very worthwhile. Greets, Jeroen -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 311 bytes Desc: OpenPGP digital signature URL: From kkargel at polartel.com Fri Jul 6 11:09:02 2007 From: kkargel at polartel.com (Kevin Kargel) Date: Fri, 6 Jul 2007 10:09:02 -0500 Subject: [ppml] ARIN Outreach to Legacy Holders In-Reply-To: <468E58AC.7010708@spaghetti.zurich.ibm.com> Message-ID: <70DE64CEFD6E9A4EB7FAF3A063141066707118@mail> There ya go.. just spam them with a tried and true method.. "You have been pre-approved for a large block of IPv6 addresses at a huge discount if you respond now. Free T-shirt to the first 50 registrants. Some restrictions apply." Then just put an RSA in the fine print.. lol Kevin :$s/worry/happy/g > -----Original Message----- > From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On > Behalf Of Jeroen Massar > Sent: Friday, July 06, 2007 9:59 AM > To: ARIN PPML > Subject: Re: [ppml] ARIN Outreach to Legacy Holders > > Leo Bicknell wrote: > > In a message written on Thu, Jul 05, 2007 at 11:31:33PM > -0400, Keith W. Hare wrote: > >> I've been the technical point of contact for our IPv4 /24 > address for > >> some time. I don't ever remember seeing anything from > ARIN asking us > >> to sign an RSA and pay a yearly fee. So, I've refused to > respond to > >> an invitation I haven't received. > >> > >> I went to the ARIN web site to see what I would have to do > to sign an > >> RSA for our IPv4 /24. I don't immediately see anything > that says "If > >> you are a legacy address holder, this is what you do..." So, I've > >> refused to follow a process that isn't visible. > > > > Keith makes an interesting point. Should ARIN create a web page > > clearly linked off the home page with instructions on how > to sign an > > RSA and become a Member for legacy holders? They could > then mass-mail > > all of the legacy holders with the web page. > > > > For all of our attempts to do things with policy, is one of > the right > > things to do to get the community behind a suggestion that ARIN > > attempt some very direct outreach to the legacy holders? > > I think such a page and then spamming the legacy holders with > the information might be worthwhile. > > As ARIN would then be spamming them anyway with this > information, an additional incentive, like the one proposed > by Owen DeLong might be a good idea to spam along, also > raising IPv6 awareness to them. > > One could also go propose a "Sign IPv4 RSA for legacy space > at 50% of normal fees when also getting IPv6 space (under RSA+normal > fees+justification)" option. > > Nevertheless, a good information page about legacy space, > what it is in the first place and how to easily get an RSA > signed for it, might be very worthwhile. > > Greets, > Jeroen > > From owen at delong.com Fri Jul 6 11:21:22 2007 From: owen at delong.com (Owen DeLong) Date: Fri, 6 Jul 2007 08:21:22 -0700 Subject: [ppml] ARIN Outreach to Legacy Holders In-Reply-To: <20070706135227.GB54239@ussenterprise.ufp.org> References: <20070706135227.GB54239@ussenterprise.ufp.org> Message-ID: On Jul 6, 2007, at 6:52 AM, Leo Bicknell wrote: > In a message written on Thu, Jul 05, 2007 at 11:31:33PM -0400, > Keith W. Hare wrote: >> I've been the technical point of contact for our IPv4 /24 address for >> some time. I don't ever remember seeing anything from ARIN asking >> us to >> sign an RSA and pay a yearly fee. So, I've refused to respond to an >> invitation I haven't received. >> >> I went to the ARIN web site to see what I would have to do to sign an >> RSA for our IPv4 /24. I don't immediately see anything that says "If >> you are a legacy address holder, this is what you do..." So, I've >> refused to follow a process that isn't visible. > > Keith makes an interesting point. Should ARIN create a web page > clearly linked off the home page with instructions on how to sign > an RSA and become a Member for legacy holders? They could then > mass-mail all of the legacy holders with the web page. > Becoming a member and bringing your resources under RSA are separate and unrelated things for most legacy holders. There really are at least four sets of directions needed, but, yes, having a "Legacy Holder Information Page" which is easily reachable from the front page would be a good idea IMHO. Here are the four sets of directions needed on or from that page: + Legacy End User who wishes to bring their addresses into the ARIN process and does not have any RSA-related resources. + Legacy End User who also has RSA-related resources and would like their legacy resources added to their existing RSA. + Legacy ISP who wishes to add their legacy resources to their current ARIN membership. + Legacy End User who wishes to join ARIN as a member. > For all of our attempts to do things with policy, is one of the right > things to do to get the community behind a suggestion that ARIN > attempt > some very direct outreach to the legacy holders? > YES!!!! Owen From stephen at sprunk.org Fri Jul 6 11:28:19 2007 From: stephen at sprunk.org (Stephen Sprunk) Date: Fri, 6 Jul 2007 10:28:19 -0500 Subject: [ppml] ARIN Outreach to Legacy Holders References: <20070706135227.GB54239@ussenterprise.ufp.org> <30818.1183733866@sa.vix.com> Message-ID: <00ac01c7bfe3$49f7da90$6701a8c0@atlanta.polycom.com> Thus spake "Paul Vixie" > i think the reason there are no instructions is that we don't know > what they should say. "if you have a /16 that you would not qualify > for under current rules, then as a legacy holder upgrading to RSA, > you [may][may not] keep this address space." riddle me that, > batman. Merely signing an RSA does not bring legacy resources under the domain of ARIN policy nor cause fees to be assessed. This should probably be explicitly stated in policy somewhere. S Stephen Sprunk "Those people who think they know everything CCIE #3723 are a great annoyance to those of us who do." K5SSS --Isaac Asimov From bicknell at ufp.org Fri Jul 6 11:38:36 2007 From: bicknell at ufp.org (Leo Bicknell) Date: Fri, 6 Jul 2007 11:38:36 -0400 Subject: [ppml] ARIN Outreach to Legacy Holders In-Reply-To: <30818.1183733866@sa.vix.com> References: <20070706135227.GB54239@ussenterprise.ufp.org> <30818.1183733866@sa.vix.com> Message-ID: <20070706153836.GA60747@ussenterprise.ufp.org> In a message written on Fri, Jul 06, 2007 at 02:57:46PM +0000, Paul Vixie wrote: > i think the reason there are no instructions is that we don't know what > they should say. "if you have a /16 that you would not qualify for under > current rules, then as a legacy holder upgrading to RSA, you [may][may not] > keep this address space." riddle me that, batman. A number of people have stood up and said that ARIN made a promise to the legacy holders that they would exist under the status-quo "forever". Randy has provided the only hard evidence I have seen, and it's a single bullet point in a presentation prior to ARIN's formation. That has, however, continued to be the status-quo for 10+ years now. It has also been the status quo that if you want to transfer the block to someone else, you trigger a review and the new recipient must sign an RSA. Of course, council would have to put this into legalese, most likely by altering the RSA for legacy holders but I think something along the lines of: "As an original owner of a legacy address space block you may continue to use the address space forever for your own purposes. As a legacy holder you will not be subjected to ARIN's policies for legacy space holders for the legacy blocks only, and will not be subject to audit by ARIN for those legacy blocks. Any sale, lease, or transfer of the block or a portion of the block to a party outside the original owners control will require that the new recipient sign a current RSA and agree to abide by all of ARIN's policies for address space assignment. Failure to maintain contact information for the block, or to pay the $100 per year maintenance fee will result in forfeiture of the block. The $100 per year fee will never change." Quite simply, an original legacy holder gets their (so claimed) implied contract put on paper, and we codify in that paper that it is in fact a non-transferable agreement. I think for the legacy holders to have a formal contract with that written down would be seen as a huge win for them, and would constitute giving them something. At the same time, they would be under an RSA, and ARIN would have a legal stick to help curtail any black market in IP's that may appear. -- Leo Bicknell - bicknell at ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ Read TMBG List - tmbg-list-request at tmbg.org, www.tmbg.org -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available URL: From terry.l.davis at boeing.com Fri Jul 6 12:15:45 2007 From: terry.l.davis at boeing.com (Davis, Terry L) Date: Fri, 6 Jul 2007 09:15:45 -0700 Subject: [ppml] ARIN Outreach to Legacy Holders In-Reply-To: <20070706153836.GA60747@ussenterprise.ufp.org> References: <20070706135227.GB54239@ussenterprise.ufp.org><30818.1183733866@sa.vix.com> <20070706153836.GA60747@ussenterprise.ufp.org> Message-ID: <0D090F1E0F5536449C7E6527AFFA280A03685880@XCH-NW-8V1.nw.nos.boeing.com> Leo Not a bad approach; it would give ARIN some control of the transfer process then. Your second sentence needs a bit of a touch-up; it doesn't seem to read quite right. Take care Terry > -----Original Message----- > From: Leo Bicknell [mailto:bicknell at ufp.org] > Sent: Friday, July 06, 2007 8:39 AM > To: ARIN PPML > Subject: Re: [ppml] ARIN Outreach to Legacy Holders > > In a message written on Fri, Jul 06, 2007 at 02:57:46PM +0000, Paul Vixie > wrote: > > i think the reason there are no instructions is that we don't know what > > they should say. "if you have a /16 that you would not qualify for > under > > current rules, then as a legacy holder upgrading to RSA, you [may][may > not] > > keep this address space." riddle me that, batman. > > A number of people have stood up and said that ARIN made a promise > to the legacy holders that they would exist under the status-quo > "forever". Randy has provided the only hard evidence I have seen, > and it's a single bullet point in a presentation prior to ARIN's > formation. > > That has, however, continued to be the status-quo for 10+ years > now. It has also been the status quo that if you want to transfer > the block to someone else, you trigger a review and the new recipient > must sign an RSA. > > Of course, council would have to put this into legalese, most > likely by altering the RSA for legacy holders but I think something > along the lines of: > > "As an original owner of a legacy address space block you may > continue to use the address space forever for your own purposes. > As a legacy holder you will not be subjected to ARIN's policies for > legacy space holders for the legacy blocks only, and will not be > subject to audit by ARIN for those legacy blocks. > > Any sale, lease, or transfer of the block or a portion of the block > to a party outside the original owners control will require that > the new recipient sign a current RSA and agree to abide by all of > ARIN's policies for address space assignment. > > Failure to maintain contact information for the block, or to pay > the $100 per year maintenance fee will result in forfeiture of the > block. The $100 per year fee will never change." > > Quite simply, an original legacy holder gets their (so claimed) > implied contract put on paper, and we codify in that paper that it > is in fact a non-transferable agreement. I think for the legacy > holders to have a formal contract with that written down would be > seen as a huge win for them, and would constitute giving them > something. At the same time, they would be under an RSA, and ARIN > would have a legal stick to help curtail any black market in IP's > that may appear. > > -- > Leo Bicknell - bicknell at ufp.org - CCIE 3440 > PGP keys at http://www.ufp.org/~bicknell/ > Read TMBG List - tmbg-list-request at tmbg.org, www.tmbg.org From andrew.dul at quark.net Fri Jul 6 12:33:35 2007 From: andrew.dul at quark.net (=?iso-8859-1?Q?Andrew=20Dul?=) Date: Fri, 06 Jul 2007 08:33:35 -0800 Subject: [ppml] Policy Proposal: Authentication of Legacy Resources Message-ID: <20070706163335.831.qmail@hoster908.com> I've been working on this policy with a few people from the AC for a couple of months. Given today's discussion on the PPML, it seemed like an appropriate time to submit it to the policy process. ============== Template: ARIN-POLICY-PROPOSAL-TEMPLATE-1.0 1. Policy Proposal Name: Authentication of Legacy Resources 2. Author a. name: Andrew Dul b. email: andrew.dul at quark.net c. telephone: +1 206-359-8130 d. organization: Perkins Coie LLP 3. Proposal Version: 1.0 4. Submission Date: 07012007 5. Proposal type: New 6. Policy term: Permanent 7. Policy statement: Add new NRPM section 4.9 - Legacy Records Legacy resource record holders shall be permitted to sign an registration services agreement which permits the organization which is currently using the resources as of January 1, 2007 to continue to use those resources as long as a registration services agreement is signed by the organization and the organization is not past-due on their annual maintenance fee. ARIN will evaluate and verify the chain of custody of any resource records prior to executing a registration services agreement with an organization. If a legacy resource holder requests additional IPv4 resources all IPv4 resources (legacy and non-legacy) shall be evaluated to determine utilization for additional assignments under NRPM sections 4.2 or 4.3. ARIN shall use all reasonable methods to attempt to contact legacy record holders starting on January 1, 2008. ARIN shall also post information on the public website regarding this outreach to legacy resource holders. No changes shall be made to legacy resource records which are not covered by a registration services agreement after December 31, 2007. Add new NRPM section 7.3 - Legacy Reverse Delegation Records Legacy IP address record holders who have not signed a registration services agreement with ARIN will have their name server delegations for the in-addr.arpa zone removed starting on June 30, 2009. All name server delegations shall be removed from the in-addr.arpa zone by December 31, 2009. If an individual contacts ARIN and claims to represent a legacy record holder after the removal of an organization's name server delegations, the individual shall be permitted to request a one-time 6 month reinstatement of their name server delegations. This 6 month period is intended to allow an organization to work in good faith to establish a registration services agreement. 8. Rationale: An ARIN Legacy resource holder is an organization which was issued number resources prior to the formation of ARIN and whose registration information was not transferred to another RIR through the Early Registration Transfer Project (http://www.arin.net/registration/erx). Legacy resource holders were issued number resources through an informal process. This policy proposal attempts to bring these legacy resource holders into a formal agreement with ARIN, the manager of the IP numbering resources for many of the legacy record holders. Some legacy resource holders have expressed concerns about committing to a registration services agreement when the legacy resource holder cannot be assured that they will be permitted to retain and their resources for the long-term. This policy proposal also does not preclude existing legacy space holders, who may have signed another version of the registration services agreement from having the same commitment level. It is suggested that the Board of Trustees formalize the annual maintenance fees for legacy resource holders at a level similar to the $100 USD per year for end-sites. This policy sets in place a notification period of 18 months to contact all legacy resource holders and creates an incentive for the holders to formalize their relationship with ARIN. The dates in this policy proposal were arbitrarily chosen based upon an expected ratification by the ARIN Board of Trustees by December 31, 2007. If this policy is implemented after December 31, 2007, the trigger dates in the policy should be adjusted appropriately. Given the informal relationship under which the resources were granted, ARIN current maintains the records including WHOIS and in-addr.arpa delegations in a best-effort fashion. Many believe that ARIN may not be obligated to maintain these records. ARIN has experienced some difficulty maintaining these records. Legacy records have been a popular target for hijackers, in part due to the out of date information contained in these records. Having up to date contact information would assist ARIN and ISP's in insuring the stability of the Internet. This policy proposal sets a termination date for in-addr.arpa delegation services for legacy resource record holders who have not formalized their relationship with ARIN through a registration services agreement. The 6 month period of delegation record removal was intended to provide ARIN the flexibility of removing the records on a gradual plan during second half of 2009 and to avoid a large change on a single day. Legacy resource holders who sign a registration services agreement would continue to receive all the services that are currently provided by ARIN plus they would be eligible for any future services that ARIN may offer, such as cryptographic signing of resource records. 9. Timetable for implementation: As stated in policy 10. Meeting presenter: Andrew Dul END OF TEMPLATE From owen at delong.com Fri Jul 6 13:13:51 2007 From: owen at delong.com (Owen DeLong) Date: Fri, 6 Jul 2007 10:13:51 -0700 Subject: [ppml] Policy Proposal: Authentication of Legacy Resources In-Reply-To: <20070706163335.831.qmail@hoster908.com> References: <20070706163335.831.qmail@hoster908.com> Message-ID: While I like the intent of the policy, I would oppose this policy as written. 1. While a bit softer, it's still somewhat of a strong-arm approach to the legacy issue and I think ARIN would get farther with outreach than tactics like this. 2. I would encourage Andrew to work with Leo and get something closer to Leo's proposal on the table as a policy proposal. 3. I'm not convinced legacy holders will have any desire or reason to pay fees to ARIN even with this policy. 4. Prohibiting changes to records is an absolute mistake. We do not want to further discourage legacy holders from keeping their records up to date. Owen On Jul 6, 2007, at 9:33 AM, Andrew Dul wrote: > I've been working on this policy with a few people from the AC for > a couple of months. Given today's discussion on the PPML, it > seemed like an appropriate time to submit it to the policy process. > > ============== > > Template: ARIN-POLICY-PROPOSAL-TEMPLATE-1.0 > 1. Policy Proposal Name: Authentication of Legacy Resources > 2. Author > a. name: Andrew Dul > b. email: andrew.dul at quark.net > c. telephone: +1 206-359-8130 > d. organization: Perkins Coie LLP > 3. Proposal Version: 1.0 > 4. Submission Date: 07012007 > 5. Proposal type: New > 6. Policy term: Permanent > 7. Policy statement: > > Add new NRPM section 4.9 - Legacy Records > > Legacy resource record holders shall be permitted to sign an > registration services agreement which permits the organization > which is currently using the resources as of January 1, 2007 to > continue to use those resources as long as a registration services > agreement is signed by the organization and the organization is not > past-due on their annual maintenance fee. ARIN will evaluate and > verify the chain of custody of any resource records prior to > executing a registration services agreement with an organization. > > If a legacy resource holder requests additional IPv4 resources all > IPv4 resources (legacy and non-legacy) shall be evaluated to > determine utilization for additional assignments under NRPM > sections 4.2 or 4.3. > > ARIN shall use all reasonable methods to attempt to contact legacy > record holders starting on January 1, 2008. > > ARIN shall also post information on the public website regarding > this outreach to legacy resource holders. > > No changes shall be made to legacy resource records which are not > covered by a registration services agreement after December 31, 2007. > > Add new NRPM section 7.3 - Legacy Reverse Delegation Records > > Legacy IP address record holders who have not signed a registration > services agreement with ARIN will have their name server > delegations for the in-addr.arpa zone removed starting on June 30, > 2009. All name server delegations shall be removed from the in- > addr.arpa zone by December 31, 2009. > > If an individual contacts ARIN and claims to represent a legacy > record holder after the removal of an organization's name server > delegations, the individual shall be permitted to request a one- > time 6 month reinstatement of their name server delegations. This > 6 month period is intended to allow an organization to work in good > faith to establish a registration services agreement. > > 8. Rationale: > > An ARIN Legacy resource holder is an organization which was issued > number resources prior to the formation of ARIN and whose > registration information was not transferred to another RIR through > the Early Registration Transfer Project (http://www.arin.net/ > registration/erx). Legacy resource holders were issued number > resources through an informal process. This policy proposal > attempts to bring these legacy resource holders into a formal > agreement with ARIN, the manager of the IP numbering resources for > many of the legacy record holders. > > Some legacy resource holders have expressed concerns about > committing to a registration services agreement when the legacy > resource holder cannot be assured that they will be permitted to > retain and their resources for the long-term. This policy proposal > also does not preclude existing legacy space holders, who may have > signed another version of the registration services agreement from > having the same commitment level. It is suggested that the Board > of Trustees formalize the annual maintenance fees for legacy > resource holders at a level similar to the $100 USD per year for > end-sites. > > This policy sets in place a notification period of 18 months to > contact all legacy resource holders and creates an incentive for > the holders to formalize their relationship with ARIN. The dates > in this policy proposal were arbitrarily chosen based upon an > expected ratification by the ARIN Board of Trustees by December 31, > 2007. If this policy is implemented after December 31, 2007, the > trigger dates in the policy should be adjusted appropriately. > > Given the informal relationship under which the resources were > granted, ARIN current maintains the records including WHOIS and in- > addr.arpa delegations in a best-effort fashion. Many believe that > ARIN may not be obligated to maintain these records. ARIN has > experienced some difficulty maintaining these records. Legacy > records have been a popular target for hijackers, in part due to > the out of date information contained in these records. Having up > to date contact information would assist ARIN and ISP's in insuring > the stability of the Internet. > > This policy proposal sets a termination date for in-addr.arpa > delegation services for legacy resource record holders who have not > formalized their relationship with ARIN through a registration > services agreement. The 6 month period of delegation record > removal was intended to provide ARIN the flexibility of removing > the records on a gradual plan during second half of 2009 and to > avoid a large change on a single day. > > Legacy resource holders who sign a registration services agreement > would continue to receive all the services that are currently > provided by ARIN plus they would be eligible for any future > services that ARIN may offer, such as cryptographic signing of > resource records. > > 9. Timetable for implementation: As stated in policy > 10. Meeting presenter: Andrew Dul > > END OF TEMPLATE > _______________________________________________ > This message sent to you through the ARIN Public Policy Mailing List > (PPML at arin.net). > Manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml From mack at exchange.alphared.com Fri Jul 6 13:53:44 2007 From: mack at exchange.alphared.com (mack) Date: Fri, 6 Jul 2007 12:53:44 -0500 Subject: [ppml] Incentive to legacy address holders In-Reply-To: References: Message-ID: <859D2283FD04CA44986CC058E06598F8417F92DE3E@exchange4.exchange.alphared.local> One way to add incentive to legacy address holders would be to withdraw reverse DNS support. We can assume most legacy address holders use that space for a mail server. Most mail servers are configured to require a matching reverse DNS before they will accept mail from an ip address. This is particularly true for SPF records and other mail authentication schemes. I am sure there are other applications that similarly require reverse DNS. Withdrawing reverse DNS would be a moderately strong motivator for legacy address holders with a large number of mail servers. Losing e-mail is very costly for most businesses. This could very easily cover the cost of coming into compliance for some percentage of legacy address holders. When e-mail stops working people pay attention. This is not as draconian as dropping them from whois or reissuing their space. Combined with an appropriate carrot such as fee waivers this could be effective. This of course should be after some outreach is attempted. A percentage of legacy space is definitely abandon and there should be some effort to reclaim it. This could be a preliminary step in reclamation. LR Mack McBride Network Administrator Alpha Red, Inc. From jcurran at istaff.org Fri Jul 6 14:05:05 2007 From: jcurran at istaff.org (John Curran) Date: Fri, 6 Jul 2007 14:05:05 -0400 Subject: [ppml] ARIN Outreach to Legacy Holders In-Reply-To: <00ac01c7bfe3$49f7da90$6701a8c0@atlanta.polycom.com> References: <20070706135227.GB54239@ussenterprise.ufp.org> <30818.1183733866@sa.vix.com> <00ac01c7bfe3$49f7da90$6701a8c0@atlanta.polycom.com> Message-ID: At 10:28 AM -0500 7/6/07, Stephen Sprunk wrote: > >Merely signing an RSA does not bring legacy resources under the domain of >ARIN policy nor cause fees to be assessed. This should probably be >explicitly stated in policy somewhere. If one were to sign the standard RSA, I expect you'd consider yourself then subject to the policies adopted by public policy process. Section 7 of said document doesn't leave a lot of room for alternative interpretation. That's not to prevent ARIN from having an RSA which has different terms for this purpose if that be the desire of the community, but it would need to be be clearly spelt out and would come with its share of pluses and minuses. /John From ipgoddess at gmail.com Fri Jul 6 14:08:47 2007 From: ipgoddess at gmail.com (Stacy Taylor) Date: Fri, 6 Jul 2007 11:08:47 -0700 Subject: [ppml] ARIN Outreach to Legacy Holders In-Reply-To: <20070706135227.GB54239@ussenterprise.ufp.org> References: <20070706135227.GB54239@ussenterprise.ufp.org> Message-ID: <1c16a4870707061108i2c045ae0reb7613e55fa5fc9f@mail.gmail.com> Hi Everyone, Of all the ideas we've had about legacy space holders, I like this one the best. At the very least, a link on the main page about what legacy space mean to ARIN and the community would be a great start. Extending a handshake is always better than hitting someone with a bat. Stacy On 7/6/07, Leo Bicknell wrote: > In a message written on Thu, Jul 05, 2007 at 11:31:33PM -0400, Keith W. Hare wrote: > > I've been the technical point of contact for our IPv4 /24 address for > > some time. I don't ever remember seeing anything from ARIN asking us to > > sign an RSA and pay a yearly fee. So, I've refused to respond to an > > invitation I haven't received. > > > > I went to the ARIN web site to see what I would have to do to sign an > > RSA for our IPv4 /24. I don't immediately see anything that says "If > > you are a legacy address holder, this is what you do..." So, I've > > refused to follow a process that isn't visible. > > Keith makes an interesting point. Should ARIN create a web page > clearly linked off the home page with instructions on how to sign > an RSA and become a Member for legacy holders? They could then > mass-mail all of the legacy holders with the web page. > > For all of our attempts to do things with policy, is one of the right > things to do to get the community behind a suggestion that ARIN attempt > some very direct outreach to the legacy holders? > > -- > Leo Bicknell - bicknell at ufp.org - CCIE 3440 > PGP keys at http://www.ufp.org/~bicknell/ > Read TMBG List - tmbg-list-request at tmbg.org, www.tmbg.org > > _______________________________________________ > This message sent to you through the ARIN Public Policy Mailing List > (PPML at arin.net). > Manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml > > -- :):) /S From owen at delong.com Fri Jul 6 14:22:56 2007 From: owen at delong.com (Owen DeLong) Date: Fri, 6 Jul 2007 11:22:56 -0700 Subject: [ppml] Incentive to legacy address holders In-Reply-To: <859D2283FD04CA44986CC058E06598F8417F92DE3E@exchange4.exchange.alphared.local> References: <859D2283FD04CA44986CC058E06598F8417F92DE3E@exchange4.exchange.alphared.local> Message-ID: <8CCA6D1D-6206-465E-B925-E617E25F569C@delong.com> What would prevent the legacy holders from coming together and asking IANA to delegate those in-addrs to an alternate server? Owen On Jul 6, 2007, at 10:53 AM, mack wrote: > One way to add incentive to legacy address holders would be to > withdraw > reverse DNS support. > > We can assume most legacy address holders use that space for a mail > server. > Most mail servers are configured to require a matching reverse DNS > before > they will accept mail from an ip address. This is particularly > true for > SPF records and other mail authentication schemes. I am sure there > are other applications that similarly require reverse DNS. > > Withdrawing reverse DNS would be a moderately strong motivator for > legacy > address holders with a large number of mail servers. Losing e-mail > is very > costly for most businesses. This could very easily cover the cost > of coming > into compliance for some percentage of legacy address holders. > When e-mail > stops working people pay attention. > > This is not as draconian as dropping them from whois or reissuing > their space. > Combined with an appropriate carrot such as fee waivers this could > be effective. > > This of course should be after some outreach is attempted. > A percentage of legacy space is definitely abandon and there should > be some > effort to reclaim it. This could be a preliminary step in reclamation. > > LR Mack McBride > Network Administrator > Alpha Red, Inc. > _______________________________________________ > This message sent to you through the ARIN Public Policy Mailing List > (PPML at arin.net). > Manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml From jcurran at istaff.org Fri Jul 6 14:36:26 2007 From: jcurran at istaff.org (John Curran) Date: Fri, 6 Jul 2007 14:36:26 -0400 Subject: [ppml] Incentive to legacy address holders In-Reply-To: <8CCA6D1D-6206-465E-B925-E617E25F569C@delong.com> References: <859D2283FD04CA44986CC058E06598F8417F92DE3E@exchange4.exchange.alphared.lo cal> <8CCA6D1D-6206-465E-B925-E617E25F569C@delong.com> Message-ID: At 11:22 AM -0700 7/6/07, Owen DeLong wrote: >What would prevent the legacy holders from coming together and >asking IANA to delegate those in-addrs to an alternate server? The IANA could easily do exactly that... Of course, the IANA might also ask each of them about their actual utilization, and then read to them from RFC 2050: "IP addresses are valid as long as the criteria continues to be met. The IANA reserves the right to invalidate any IP assignments once it is determined the the requirement for the address space no longer exists. In the event of address invalidation, reasonable efforts will be made by the appropriate registry to inform the organization that the addresses have been returned to the free pool of IPv4 address space." It would be awesome if they'd all come together in one spot... I'm sure something interesting would happen. /John From stephen at sprunk.org Fri Jul 6 14:38:04 2007 From: stephen at sprunk.org (Stephen Sprunk) Date: Fri, 6 Jul 2007 13:38:04 -0500 Subject: [ppml] ARIN Outreach to Legacy Holders References: <20070706135227.GB54239@ussenterprise.ufp.org> <30818.1183733866@sa.vix.com> <00ac01c7bfe3$49f7da90$6701a8c0@atlanta.polycom.com> Message-ID: <021401c7bffc$fb7d5fb0$6701a8c0@atlanta.polycom.com> Thus spake "John Curran" > At 10:28 AM -0500 7/6/07, Stephen Sprunk wrote: >> Merely signing an RSA does not bring legacy resources under >> the domain of ARIN policy nor cause fees to be assessed. >> This should probably be explicitly stated in policy somewhere. > > If one were to sign the standard RSA, I expect you'd consider > yourself then subject to the policies adopted by public policy > process. Section 7 of said document doesn't leave a lot of > room for alternative interpretation. OTOH, sections 6 and 8 do leave a lot of room for debate because they only refer to "resources ... received from ARIN". One may read section 7 as saying policy is binding on legacy blocks, but if legacy holders aren't required to pay for them and are exempt from revocation, in practice there is no mechanism to force compliance with policy and therefore legacy holders aren't truly subject to it. As Mao said, power grows from the barrel of a gun. > That's not to prevent ARIN from having an RSA which has > different terms for this purpose if that be the desire of the > community, but it would need to be be clearly spelt out and > would come with its share of pluses and minuses. I can't say your interpretation is wrong, given your position, but I'd suggest that the text isn't as clear as it should be. S Stephen Sprunk "Those people who think they know everything CCIE #3723 are a great annoyance to those of us who do." K5SSS --Isaac Asimov From Keith at jcc.com Fri Jul 6 14:44:09 2007 From: Keith at jcc.com (Keith W. Hare) Date: Fri, 6 Jul 2007 14:44:09 -0400 Subject: [ppml] Incentive to legacy address holders Message-ID: <15ebe21de99b7db1ce4d3df9ef7bd069468e8d8d@jcc.com> > -----Original Message----- > From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On > Behalf Of mack > Sent: Friday, July 06, 2007 1:54 PM > To: ppml at arin.net > Subject: [ppml] Incentive to legacy address holders > > One way to add incentive to legacy address holders would be > to withdraw reverse DNS support. It is premature to spend time devising threats to legacy address holders who haven't accepted an invitation that has not yet been issued. Keith From kkargel at polartel.com Fri Jul 6 14:50:06 2007 From: kkargel at polartel.com (Kevin Kargel) Date: Fri, 6 Jul 2007 13:50:06 -0500 Subject: [ppml] Incentive to legacy address holders In-Reply-To: <15ebe21de99b7db1ce4d3df9ef7bd069468e8d8d@jcc.com> Message-ID: <70DE64CEFD6E9A4EB7FAF3A06314106670711D@mail> Strongly agreed.. let's try friendly means before we get belligerent.. who knows, if we invite them to the picnic and ask them nicely to dance they might actually like the idea.. Kevin :$s/worry/happy/g > -----Original Message----- > From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On > Behalf Of Keith W. Hare > Sent: Friday, July 06, 2007 1:44 PM > To: ppml at arin.net > Subject: Re: [ppml] Incentive to legacy address holders > > > > > -----Original Message----- > > From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] > On Behalf > > Of mack > > Sent: Friday, July 06, 2007 1:54 PM > > To: ppml at arin.net > > Subject: [ppml] Incentive to legacy address holders > > > > One way to add incentive to legacy address holders would be to > > withdraw reverse DNS support. > > It is premature to spend time devising threats to legacy > address holders who haven't accepted an invitation that has > not yet been issued. > > Keith > _______________________________________________ > This message sent to you through the ARIN Public Policy > Mailing List (PPML at arin.net). > Manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml > From Ed.Lewis at neustar.biz Fri Jul 6 14:55:33 2007 From: Ed.Lewis at neustar.biz (Edward Lewis) Date: Fri, 6 Jul 2007 14:55:33 -0400 Subject: [ppml] Incentive to legacy address holders In-Reply-To: <859D2283FD04CA44986CC058E06598F8417F92DE3E@exchange4.exchange.alphared.lo cal> References: <859D2283FD04CA44986CC058E06598F8417F92DE3E@exchange4.exchange.alphared.lo cal> Message-ID: At 12:53 -0500 7/6/07, mack wrote: >One way to add incentive to legacy address holders would be to withdraw >reverse DNS support. This is 540 degrees from the right direction. Representing legacy holders in the registry benefits members as much as the legacy address holders. If the legacy space is not in the registry, it becomes "mystery space" and that is not helpful. Penalizing legacy space holders for their early adoption is an inappropriate way to thank them for being pioneers - okay, maybe they aren't the pioneers now, but the somewhere along the way the pioneer experience and burden has probably come along with the legacy space. Legacy holders ought to neither be coerced nor badgered into becoming part of the RSA'd crowd. They got the space they have "fair and square" and (probably) had to pay their dues in experience. The "burden" of them being in the registry ought to borne by those of us who rely on the registry (in the sense of "garbage in, garbage out"). Don't penalize database updates. All that will do is discourage anyone from putting accurate and up to date data in the database. If there is a real need for legacy holders to sign RSA's and let their space be treated as RIR allocated space, then the real need can be translated into a benefit to offer the legacy holders. Why would I voluntarily take on responsibility (signing the RSA) and cost (a maintenance fee) unless I get something in return? I am all for making the process of joining ARIN clear. I'm all for encouraging legacy resources to be brought under ARIN's policies. I'm all for outreach, a membership drive. But I am against any pressure or penalizing tactics to accomplish this. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis +1-571-434-5468 NeuStar Think glocally. Act confused. From jcurran at istaff.org Fri Jul 6 15:18:23 2007 From: jcurran at istaff.org (John Curran) Date: Fri, 6 Jul 2007 15:18:23 -0400 Subject: [ppml] Incentive to legacy address holders In-Reply-To: <70DE64CEFD6E9A4EB7FAF3A06314106670711D@mail> References: <70DE64CEFD6E9A4EB7FAF3A06314106670711D@mail> Message-ID: At 1:50 PM -0500 7/6/07, Kevin Kargel wrote: > Strongly agreed.. let's try friendly means before we get belligerent.. >who knows, if we invite them to the picnic and ask them nicely to dance >they might actually like the idea.. > >Kevin > > > It is premature to spend time devising threats to legacy >> address holders who haven't accepted an invitation that has > > not yet been issued. >> > > Keith And actually, I agree as well that we should engage in outreach of legacy space holders in order to encourage address space usage and improved accuracy of our record keeping. It's the right thing to do, even if the adoption rate turns out to be low. My only purpose in sending the extract from RFC 2050 was simply to point out that the intent of the first IANA (Jon Postel) on this topic is rather clear, even before the formation of ARIN... one of the three tenets of address space management is conservation, via the fair distribution according to operational needs and via the prevention of stockpiling in order to maximize the lifetime of the IP address space. One may not have signed an agreement with an RIR which says such, but that doesn't mean it wasn't implicit in your participation in the Internet. /John From randy at psg.com Fri Jul 6 15:45:56 2007 From: randy at psg.com (Randy Bush) Date: Sat, 07 Jul 2007 03:45:56 +0800 Subject: [ppml] Incentive to legacy address holders In-Reply-To: References: <70DE64CEFD6E9A4EB7FAF3A06314106670711D@mail> Message-ID: <468E9BF4.3080309@psg.com> > My only purpose in sending the extract from RFC 2050 was simply to > point out that the intent of the first IANA (Jon Postel) on this > topic is rather clear, even before the formation of ARIN... one of > the three tenets of address space management is conservation, via the > fair distribution according to operational needs and via the > prevention of stockpiling in order to maximize the lifetime of the IP > address space. One may not have signed an agreement with an RIR > which says such, but that doesn't mean it wasn't implicit in your > participation in the Internet. 2050 was after most of what we call legacy was allocated. it was well into the nsi years, and one year before arin. most was allocated by the early '90s. i not do decry prudence. but the social contract was much less clear when most of legacy space was being handed out. randy From jcurran at istaff.org Fri Jul 6 16:11:32 2007 From: jcurran at istaff.org (John Curran) Date: Fri, 6 Jul 2007 16:11:32 -0400 Subject: [ppml] Incentive to legacy address holders In-Reply-To: <468E9BF4.3080309@psg.com> References: <70DE64CEFD6E9A4EB7FAF3A06314106670711D@mail> <468E9BF4.3080309@psg.com> Message-ID: At 3:45 AM +0800 7/7/07, Randy Bush wrote: > > My only purpose in sending the extract from RFC 2050 was simply to >> point out that the intent of the first IANA (Jon Postel) on this >> topic is rather clear, even before the formation of ARIN... one of >> the three tenets of address space management is conservation, via the >> fair distribution according to operational needs and via the >> prevention of stockpiling in order to maximize the lifetime of the IP >> address space. One may not have signed an agreement with an RIR >> which says such, but that doesn't mean it wasn't implicit in your >> participation in the Internet. > >2050 was after most of what we call legacy was allocated. it was well >into the nsi years, and one year before arin. most was allocated by the >early '90s. Randy, I agree, but note that RFC 2050's authorship includes most of the folks who performed those allocations (and earlier ones), including Jon. The allocation paperwork trail certainly could have been better, but it's hard to argue on the intent of RFC2050, which explicitly calls forth the right of the IANA to invalidate right to invalidate any IP assignments once it is determined the the requirement for the address space no longer exists. If someone wants to claim that they received their assignment in the early days and that it carries no social obligations whatsoever, they're free to do so. Jon's not here to argue, and we didn't see fit to make it explicit in the forms, so it's an easy position to defend (at least from a legal perspective). /John From randy at psg.com Fri Jul 6 16:36:41 2007 From: randy at psg.com (Randy Bush) Date: Sat, 07 Jul 2007 04:36:41 +0800 Subject: [ppml] Incentive to legacy address holders In-Reply-To: References: <70DE64CEFD6E9A4EB7FAF3A06314106670711D@mail> <468E9BF4.3080309@psg.com> Message-ID: <468EA7D9.1090607@psg.com> >> 2050 was after most of what we call legacy was allocated. it was well >> into the nsi years, and one year before arin. most was allocated by the >> early '90s. > > Randy, I agree, but note that RFC 2050's authorship includes most of > the folks who performed those allocations (and earlier ones), including > Jon. The allocation paperwork trail certainly could have been better, > but it's hard to argue on the intent of RFC2050, which explicitly calls > forth the right of the IANA to invalidate right to invalidate any IP > assignments once it is determined the the requirement for the address > space no longer exists. > > If someone wants to claim that they received their assignment in the > early days and that it carries no social obligations whatsoever, they're > free to do so. Jon's not here to argue, and we didn't see fit to make it > explicit in the forms, so it's an easy position to defend (at least from a > legal perspective). the problem is that there was no perceived or legal obligation until maybe '94-ish. otherwise we would have not had such a damned uphill war to get cidr rolled. if there was a culture of conservation, would we have tossed out Bs and As just like we are tossing out /32s in ipv6 space now? randy From reid at mejac.palo-alto.ca.us Fri Jul 6 17:39:39 2007 From: reid at mejac.palo-alto.ca.us (Brian Reid) Date: Fri, 06 Jul 2007 14:39:39 -0700 Subject: [ppml] Incentive to legacy address holders In-Reply-To: References: <70DE64CEFD6E9A4EB7FAF3A06314106670711D@mail> <468E9BF4.3080309@psg.com> Message-ID: <40EE810DB60CEA9B7910777D@scarborough.isc.org> I am a legacy address holder. I didn't even know this until Leo Bicknell explained the concept to me last week. Until then I just thought I had a /24 that I was issued by Kim Hubbard of nic.ddn.mil in February 1992 that I've been using and depending on ever since. Since I've had a "legacy" assignment, I didn't think I needed to know or care much about ARIN when it was founded, except to be suspicious of it out of fear that it might be like ICANN. I think I had 3 or maybe 4 beers with Jon Postel over the years, and I met Joyce Reynolds a couple of times. I was a peripheral member of a long-gone community, and the creation of ARIN was politics that I didn't watch. I spent years wondering if I would someday be sent an invoice for my /24. I had a vague notion of what an RIR is, enough to realize that whatever an RIR was, I didn't need to care. I got another /24 in December 1993, this time from "netreg at internic.net", which I haven't used as much, and which is not currently routed because I work around people who are forever worrying that the core routing tables are too big, so as my small contribution to draining the swamp, I don't announce routes to it outside my house and my brother's house in Maine. If anybody ever tried to force my hand by cutting off in-addr delegation, I would do my best to fight back and fight dirty. If you shoot first, then you deserve what happens to you. Despite having been subscribed to PPML for months, I have no idea what an RSA is, though I know both Rivest and Adleman. If it is non-threatening and doesn't contain dangerous clauses that might cause me to lose my allocation, either by having it taken away from me or by raising the price to something that I could no longer afford, I'd probably be willing to sign it. What I want, and what I suspect that others like me would want, is something like a New York rent-controlled lease, that gives me safety by putting a lid on rent hikes, and lets me keep it as long as I continue to live there. I don't have the slightest idea what it costs these days to get a /24, or if it's even possible. I just used a search engine to look up "arin rsa" and I see what that is. Whether or not I'd be willing to sign such a thing would depend entirely on whether or not I trusted ARIN, which at the moment I do. I intensely distrust ICANN because of its imperial secrecy, and I've seen it behave badly for years; I have a vague fear that ARIN might drift towards becoming like ICANN, but as long as ARIN remains a trustworthy and relatively transparent and non-corrupt organization, I think I would have no issue in signing an RSA. The problem is just one of education. I've never needed to know or care about any of this stuff, and before I sign anything I need to know what it means. I can't understand what an ARIN RSA means without understanding ARIN and its place in the world, which means I have to learn a lot more about global politics than I'm accustomed to doing in a year not divisible by 4. Brian Reid Palo Alto, California, USA From jcurran at istaff.org Fri Jul 6 18:01:58 2007 From: jcurran at istaff.org (John Curran) Date: Fri, 6 Jul 2007 18:01:58 -0400 Subject: [ppml] Incentive to legacy address holders In-Reply-To: <40EE810DB60CEA9B7910777D@scarborough.isc.org> References: <70DE64CEFD6E9A4EB7FAF3A06314106670711D@mail> <468E9BF4.3080309@psg.com> <40EE810DB60CEA9B7910777D@scarborough.isc.org> Message-ID: At 2:39 PM -0700 7/6/07, Brian Reid wrote: >I just used a search engine to look up "arin rsa" and I see what that is. Whether or not I'd be willing to sign such a thing would depend entirely on whether or not I trusted ARIN, which at the moment I do. That's encouraging, at least. >as ARIN remains a trustworthy and relatively transparent and non-corrupt organization, I think I would have no issue in signing an RSA. In any case, keep a healthy dose of suspicion handy at all times, as having lots of skeptics watching is the one of the few things that helps keep community-based organizations on the right path... >The problem is just one of education. I've never needed to know or care about any of this stuff, and before I sign anything I need to know what it means. That sounds like an existence proof on the need for outreach; now we just need to figure out the right method and message. Thanks! /John From peter at boku.net Fri Jul 6 18:11:53 2007 From: peter at boku.net (Peter Eisch) Date: Fri, 06 Jul 2007 17:11:53 -0500 Subject: [ppml] Incentive to legacy address holders In-Reply-To: <40EE810DB60CEA9B7910777D@scarborough.isc.org> Message-ID: I too am a legacy /24 multi-homed user/holder. I got on ppml as my ASN came from ARIN a number of years ago. I too had no clue what RSA did or didn't mean until I got an end-user assignment for "work." The revolt-like comments with all the levity of torching the homes of legacy holders is, in a way humorous. The energy of youth can often be endearing if not tempered. I've been preparing for a couple of months to apply for an IPv6 End User Assignment but I have other projects that have been sucking my time dry. (Not time to apply, but the time to implement.) If I were approved and the fees were paid, would I be able to convert my legacy network into "good standing?" From Andrew's recent proposal I can't tell if this would meet the requirements. peter From cliffb at cjbsys.bdb.com Sun Jul 8 17:04:23 2007 From: cliffb at cjbsys.bdb.com (Cliff Bedore) Date: Sun, 08 Jul 2007 17:04:23 -0400 Subject: [ppml] Incentive to legacy address holders Message-ID: <46915157.4030506@cjbsys.bdb.com> There has been a lot of reference to RFC 2050 for address assignment requirements and how we legacy people are under those requirements. RFC 2050 was issued in Nov 1996 and superseded RFC 1466 (May of 1993) which referenced RFC 1174 (Aug 1990) which appears to be the first to officially discuss address assignments. If you look at http://www.bdb.com/~cliffb/bdb_netreg.jpg, you'll see a copy of my address assignment which was issued in March of 1990. Not being funny, I don't think any of those RFCs apply to me. The assignment letter was a nice simple document in keeping with the times but there was no mention of requirements, usage and rules regarding revocation, fees etc. Having said that, I can see benefits to being an ARIN member. If ARIN can develop an RSA that says we'll charge you a nominal non-changing fee and not try to take your address space way as long as you continue to use it. Further, if ARIN is absorbed or otherwise changed, the agreement remains in place unchanged or is rendered null and void and we're back to legacy status. ( to avoid ICANN/NetSol problems) Do I really want to spend the money? Of course not, but I think it would probably be reasonable to contribute to the operation of ARIN. I much prefer the way ARIN is run over the DNS debacle. I feel like I've made a pact with the devil every time I have to go through the DNS renewal process. I've been quite impressed with most of the discussions and attitudes here and even though I don't grasp all the nuances of some of the arguments, I'm learning I obviously disagree with those who think ARIN should in some way force legacy users to join but strongly agree with those who want to invite us to join. I don't think you have a leg to stand on to make us join or take the addresses but if you approach us in a reasonable manner, I think you'll get a reasonable number to join. I'd like to claim I was smart enough to have done this all on my own back then but I got some good advice from people at the University of Maryland and the DC DEC Unilug so thanks to Mike Petry, Louis Mamakos and Fred Avolio. Their advice and guidance has stood the test of time. Cliff Bedore cliffb at cjbsys.bdb.com http://www.bdb.com Amateur Radio Call Sign W3CB For info on ham radio, http://www.arrl.org/ From bicknell at ufp.org Sun Jul 8 18:56:27 2007 From: bicknell at ufp.org (Leo Bicknell) Date: Sun, 8 Jul 2007 18:56:27 -0400 Subject: [ppml] Incentive to legacy address holders In-Reply-To: <46915157.4030506@cjbsys.bdb.com> References: <46915157.4030506@cjbsys.bdb.com> Message-ID: <20070708225627.GA59661@ussenterprise.ufp.org> In a message written on Sun, Jul 08, 2007 at 05:04:23PM -0400, Cliff Bedore wrote: > officially discuss address assignments. If you look at > http://www.bdb.com/~cliffb/bdb_netreg.jpg, you'll see a copy of my > address assignment which was issued in March of 1990. Not being funny, I want to thank you for posting the letter. I suspect more than a few people have lost their letter, and even if they have it haven't bothered to scan it in. For those who didn't get a network in 1990 this is a valuable part of history. I'd also like to show you what ARIN brings to the table. I'm sure you continue to reach the ARPA-Internet and DDN-Internet through a BBN supplied gateway so you're in compliance with this letter. Do you connect to a core gateway directly, or are you still running EGP? Humm, I'm guessing not; and of course I'm being totally sarcastic. If I were a legacy holder, I'd be worried. If I take the position you outlined (RFC's after I got my netblock don't apply, etc) then I have a great peice of paper allowing me to connect to the ARPA-Internet, or the DDN-Internet, or the NSF-Internet....none of which exist anymore. After all, the commercial Internet came after all that, so the legacy assignment must not apply to that use, right? But if I take the opposite position, that the letter carries forward and applies to today's commercial internet, then by extensions shouldn't all current RFC's under which the network is operated applied? Don't you automatically get sucked into RFC 2050? How can you pick and choose which parts of the modernized Internet apply? Most importantly, if someone, anyone were to go to court on either point of view it's likely the court would decide which applies. Which one would you prefer happens? You're not going to get any choice, unless by chance you're the one with the lawsuit. What would happen to you if the court ruled your legacy assignment doesn't mean squat in today's Internet? What if they ruled you had to comply with all current ARIN practices, including utilization requirements? However, by signing an RSA with ARIN you can get a current, up to date piece of paper, with real contractual terms going forward that back up a claim that the space is for your use. Even if some other random person out there sues and establishes one way or the other how legacy space should be treated you have no risk, being covered and up to date. You know what rules you have to follow, and you have a document that the community agrees supports your ability to use the address space That's the real reason legacy holders should want to update to a current agreement. It takes away risk. It's been said here many times, no one really knows what legacy holders are entitled to, because it was never written down. If you have a business with a risk assessment group tell that to them, and see how they react. I think if ARIN and the legacy holders can find a way to find each other and get RSA's signed it's a win for both parties. Both now clearly know that their relationship is current and what it covers. -- Leo Bicknell - bicknell at ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ Read TMBG List - tmbg-list-request at tmbg.org, www.tmbg.org -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available URL: From bonomi at mail.r-bonomi.com Sun Jul 8 20:17:06 2007 From: bonomi at mail.r-bonomi.com (Robert Bonomi) Date: Sun, 8 Jul 2007 19:17:06 -0500 (CDT) Subject: [ppml] Incentive to legacy address holders Message-ID: <200707090017.l690H6u8018571@s25.firmware.com> > Date: Sun, 8 Jul 2007 18:56:27 -0400 > From: Leo Bicknell > To: ppml at arin.net > Subject: Re: [ppml] Incentive to legacy address holders > > In a message written on Sun, Jul 08, 2007 at 05:04:23PM -0400, Cliff Bedore= > wrote: > > officially discuss address assignments. If you look at=20 > > http://www.bdb.com/~cliffb/bdb_netreg.jpg, you'll see a copy of my=20 > > address assignment which was issued in March of 1990. Not being funny,= > =20 > > I want to thank you for posting the letter. I suspect more than a > few people have lost their letter, and even if they have it haven't > bothered to scan it in. For those who didn't get a network in 1990 > this is a valuable part of history. > > I'd also like to show you what ARIN brings to the table. > > I'm sure you continue to reach the ARPA-Internet and DDN-Internet > through a BBN supplied gateway so you're in compliance with this > letter. Do you connect to a core gateway directly, or are you still > running EGP? > > Humm, I'm guessing not; and of course I'm being totally sarcastic. > > Sarcastic or not, you materially misrepresent what the letter says. :) It says that *IF* you connect to ARPA, or DDN you musc go through a BBN gateway, or the gateway of another ASN, and that some gateway to ARPA or DDN (yours or that other ASNs) must speak EGP. If you're *not* connecting to ARPA or DDN, then those restrictions are moot. As it makes clear when it states that a _separate_ authorization_ is required to connect to ARPA-Internet or DDN-Internet. That aside, the simple fact is that neither ARIN, ICANN, or even the U.S. Dept of Commerece have any way to *enforce* any restrictions on any use of any arbitrary ranges of numbers for network addressing purposes, by _anyone_. A coalition of network (and IX) operators could decide _tomorrow_ to ignore *all* address-range "assignments" from the above-mentioned hierarchy, and only route traffic from address-blocks "blessed" by some alternative source, and there is *nothing* that the aforementioned 'authorities' could do to prevent it. The existing system works *ONLY* because of 'voluntary co-operation', because 'enlightened self-interest' indicates, *presently*, that cooperation with those agencies is desirable. In that environment, 'coercion', or 'force' is simply *not* a practical approach. Offend _enough_ people, and they'll 'take their ball, go home, and start heir _own_ game.' There's the poor 'referee' standing all alone there on the empty field, with no players, and no audience -- he can make whatever 'rules' he wants, but nobody is paying attention. Persuasion' is the only _usable_ tool. Now, if/when the time comes that major network operators 'cannot' get additional address-space assignments -they- need, because of a lack of 'unassigned' address-space, *AND* there are significant blocks of 'unannounced' space, one *will* see operators starting to use that space, regardless of what the 'authorities' decree. The end result will be a 'We'll guarantee you can talk to _our_ customers, and that *our* customers can talk to you, using these addresses, we cannot guarantee what other networks will do with traffic to/from this address-space. end-users may have to buy access from _multiple_ carriers to ensure connectivity to all their customers, and vice versa. One *cannot* 'legislate' this end-game out of existence. One cannot *prevent* it from occuring. The _best_ one can do is offer a 'better alternative' and 'pray' that enough people adopt it to keep the endgame from reaching crisis proportions. The _only_ tool available is 'persuasion'. From paul at vix.com Sun Jul 8 20:43:49 2007 From: paul at vix.com (Paul Vixie) Date: Mon, 09 Jul 2007 00:43:49 +0000 Subject: [ppml] ARIN Outreach to Legacy Holders In-Reply-To: Your message of "Fri, 06 Jul 2007 11:38:36 -0400." <20070706153836.GA60747@ussenterprise.ufp.org> References: <20070706135227.GB54239@ussenterprise.ufp.org> <30818.1183733866@sa.vix.com> <20070706153836.GA60747@ussenterprise.ufp.org> Message-ID: <10722.1183941829@sa.vix.com> > > i think the reason there are no instructions is that we don't know what > > they should say. ... > > ... along the lines of: > > "As an original owner of a legacy address space block you may > continue to use the address space forever for your own purposes. > As a legacy holder you will not be subjected to ARIN's policies for > legacy space holders for the legacy blocks only, and will not be > subject to audit by ARIN for those legacy blocks. here, you make it seem that if someone has a legacy /16 at 1% utilization it will not affect their ability to apply for new RSA space. is that what you intend? > Any sale, lease, or transfer of the block or a portion of the block > to a party outside the original owners control will require that > the new recipient sign a current RSA and agree to abide by all of > ARIN's policies for address space assignment. this is redundant to current policy, and should be marked "as a reminder". > Failure to maintain contact information for the block, or to pay > the $100 per year maintenance fee will result in forfeiture of the > block. The $100 per year fee will never change." so you're telling a family who owns a new york city taxi medallion that they can no longer pass it from generation to generation, nor sell it on ebay for USD 500K, and you expect them to sign this why exactly? > Quite simply, an original legacy holder gets their (so claimed) > implied contract put on paper, and we codify in that paper that it > is in fact a non-transferable agreement. I think for the legacy > holders to have a formal contract with that written down would be > seen as a huge win for them, and would constitute giving them > something. At the same time, they would be under an RSA, and ARIN > would have a legal stick to help curtail any black market in IP's > that may appear. i'm all for protecting the DFZ from the deaggregation implicit in a black market. but negotiating the terms is going to be tricky for a number of reasons. From mysidia at gmail.com Sun Jul 8 21:02:08 2007 From: mysidia at gmail.com (James Hess) Date: Sun, 8 Jul 2007 20:02:08 -0500 Subject: [ppml] Incentive to legacy address holders In-Reply-To: <200707090017.l690H6u8018571@s25.firmware.com> References: <200707090017.l690H6u8018571@s25.firmware.com> Message-ID: <6eb799ab0707081802m6631f17ej60d9480a4a37d8dc@mail.gmail.com> I'll agree that force can't make providers to follow a specific policy, that is, in the face of address exhaustion, unless they have signed some agreement that requires them to, as some might have. > It says that *IF* you connect to ARPA, or DDN you musc go through a BBN > gateway, or the gateway of another ASN, and that some gateway to ARPA or > DDN (yours or that other ASNs) must speak EGP. > If you're *not* connecting to ARPA or DDN, then those restrictions are moot. > > As it makes clear when it states that a _separate_ authorization_ is required > to connect to ARPA-Internet or DDN-Internet. Exactly. The effect of that final note is that the letter itself does not appear to actually give authorization to connect and use the numbers on either of the two networks. Presence in the registry and authorization to connect the numbers are two different things, that came from different authorities. If you weren't to follow whatever basic requirements were imposed at the time by the relevant authorities, it is very possible connecting the numbers would not have been authorized, even if the registry had set aside those numbers. Or if you stopped following whatever rules were required, authorization to continue to connect the numbers could have been revoked by the provider (I.E. the ISP may have refused to renew service). Similarly, the registry could have notified you and de-assigned those numbers in their database later if the determined they hadn't been used; the letter doesn't promise they wouldn't, it only states that "this is the new class and network number for X network," i.e. we have currently given this network some numbers. That statement alone doesn't promise there will be no future renumbering or removal from a database. Very likely the separate authority allowing a user to connect those numbers would examine the registry database, so they would have the assurance of uniqueness for their network that the registry provides. Prior to choosing to allow you to connect the numbers. However, yes, the option was always there for them to prefer a different registry over IANA, or to allow numbers to be connected, even if there was no registry entry, or even to refuse to authorize connecting the numbers, even if the they had been registered. If you signed a contract with your provider assuring you could permanently connect, then, perhaps the use of that addressing is permanent for that provider's network. However, if the other providers they interconnect with don't always continue to agree (about authorizing your provider to connect those numbers), then the effective scope of that assignment might indeed be less than world-wide. That's where the registry, and even ARIN is providing a service to even legacy holders. It serves as a publicly visible record, that X organization was the first to be assigned and to keep assigned the address space. In case of different providers sending conflicting information, it helps the rest of the world determine which connection of the numbers (which route) is more legitimate, and possibly continue to communicate with you... Without this resource, the legacy holder may be more likely to lose the use of their addresses to whoever else is trying to use the addresses (the providers with conflicting connections not having the convenience of a registry to decide who should get to use the address and if something should get blocked or not). -- -J From bicknell at ufp.org Sun Jul 8 21:09:39 2007 From: bicknell at ufp.org (Leo Bicknell) Date: Sun, 8 Jul 2007 21:09:39 -0400 Subject: [ppml] Incentive to legacy address holders In-Reply-To: <200707090017.l690H6u8018571@s25.firmware.com> References: <200707090017.l690H6u8018571@s25.firmware.com> Message-ID: <20070709010939.GA66547@ussenterprise.ufp.org> In a message written on Sun, Jul 08, 2007 at 07:17:06PM -0500, Robert Bonomi wrote: > Sarcastic or not, you materially misrepresent what the letter says. :) > > It says that *IF* you connect to ARPA, or DDN you musc go through a BBN > gateway, or the gateway of another ASN, and that some gateway to ARPA or > DDN (yours or that other ASNs) must speak EGP. > > If you're *not* connecting to ARPA or DDN, then those restrictions are moot. Actually, I believe you got what I was trying to get across perfectly. > Now, if/when the time comes that major network operators 'cannot' get additional > address-space assignments -they- need, because of a lack of 'unassigned' > address-space, *AND* there are significant blocks of 'unannounced' space, > one *will* see operators starting to use that space, regardless of what > the 'authorities' decree. Exactly. Back to the original poster's argument that he was not bound by RFC 2050 because his allocation predates RFC 2050. If the operators, 99.9% of which are bound by 2050 decide those principals should apply to legacy space they will apply. It's not hard to envision a future where operators require holders of large blocks to show they are efficiently utilizing them prior to connection to return them to ARIN simply because there is no more IPv4 space and that's the only way the industry as a whole can create a more. Is it likely, I sure hope not. But it's far from impossible as well. > The _only_ tool available is 'persuasion'. Yes, but persuasion comes in many forms. While at the end of the day it may be all ARIN does is some begging, ISP's may force the issue by dropping routes. The government may step in and "fix" the situation as part of saving the national infrastructure from terrorists or some other nonsense. Which comes back to my point. If I were a legacy holder I would see those as significant risks. If we get to a point where Microsoft and Google and IBM and GM say that they can't do business because there are no more IPv4 addresses and you're one of the people who has a letter from someone who can't be found anymore, that isn't even on stationary, and only talks about networks that ceased to exist 15 years ago who do you think is going to win and who is going to loose? If I was a legacy holder of a smaller block (the /8 people are a different story, but small in number) I would be jumping to comply with current rules (which isn't all that hard) and sign an RSA. In particular, if I were a legacy holder that can't find my original letter and/or e-mail (and I bet there's a few) I would be beating down a path to ARIN's door to get a signed document dated this year saying I have an assignment under current rules. In short, legacy holders are (in my opinion) running a huge risk by not staying current with the changing process. I would like to persuade them to work in their own best interest, which I think is also in ARIN's best interest. There's also a significant second part of this problem that we keep ignoring. Estimates exist saying 10-20% of the legacy space is no longer in use by anyone. It was given to someone who is now dead, or to a corporation that no longer exists. It's not routed, and in some cases hasn't been over over 10 years. I doubt very many people would object to putting a dead person's address space back in the free pool. Surely being given the block does not mean we must keep it reserved in case of reincarnation. Who has the authority to recover those blocks? Put the other way, who has the authority to demand a legacy holder simply stand up and say "yep, still here, still in use", as that's the only way it's going to happen. Surely we haven't put all these addresses in the virtual bit-bucket because of some implied "no one will ever ask you later if you're still using it" clause. But can ARIN do that? IANA? Does the government have to come back and do it, since they gave it out? -- Leo Bicknell - bicknell at ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ Read TMBG List - tmbg-list-request at tmbg.org, www.tmbg.org -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available URL: From JOHN at egh.com Sun Jul 8 21:47:07 2007 From: JOHN at egh.com (John Santos) Date: Sun, 8 Jul 2007 21:47:07 -0400 Subject: [ppml] Incentive to legacy address holders In-Reply-To: <20070709010939.GA66547@ussenterprise.ufp.org> Message-ID: <1070708212338.36955G-301000@Ives.egh.com> GD it. Why can't I reply properly to this? Some where you say "All I need to do is sign an RSA and pay my $100 per year, and I get to keep my addresses for ever." Is this really true? I have a legacy class C (/24) that used to be connected to the Internet but no longer is. Our orignal ISP (TIAC, hi there Martin), published a route to us. Later we switched to another, larger regional ISP which also published a route to our class C. About a year ago we switched ISPs again, and now have a handful of ISP-assigned addresses, and use outbound NAT to reach the Internet and inbound PAT to reach our servers from the Internet. But here's the rub, we also have 3 private connections to 3 of our customers, 2 via SSH tunnels over the Internet and 1 via a private T1 circuit. All 3 private connections are firewalled at both ends to allow a certain subset of our original class C hosts to connect to various subsets of our customers' hosts via various protocols. If we were to renumber using RFC1918 numbers, we would have to ensure none of our hosts collided with any of the 3 different, competing customers, all of whom have their own RFC1918 usage, and, much harder, ensure we also don't collide with any of those customers' future use of RFC1918, nor any future customers we network with, nor with any other vendors or customers they our customers eventually network with. This is on top of the pain of coordinating a renumbering with 3 other parties. But we only have about 100 assigned addresses at the moment. Probably about 30 of these need to be accessible to the customers' networks. So I don't think we would qualify for a /24 PI under the current rules. Not because we don't need provider-independent addresses, but because we don't need enough of them. Under these circumstances, I can't see any sense in doing anything else but what we are doing now, continuing as a legacy, non-RSA- signing holder. -- John Santos Evans Griffiths & Hart, Inc. 781-861-0670 ext 539 -------------- next part -------------- In a message written on Sun, Jul 08, 2007 at 07:17:06PM -0500, Robert Bonomi wrote: > Sarcastic or not, you materially misrepresent what the letter says. :) > > It says that *IF* you connect to ARPA, or DDN you musc go through a BBN > gateway, or the gateway of another ASN, and that some gateway to ARPA or > DDN (yours or that other ASNs) must speak EGP. > > If you're *not* connecting to ARPA or DDN, then those restrictions are moot. Actually, I believe you got what I was trying to get across perfectly. > Now, if/when the time comes that major network operators 'cannot' get additional > address-space assignments -they- need, because of a lack of 'unassigned' > address-space, *AND* there are significant blocks of 'unannounced' space, > one *will* see operators starting to use that space, regardless of what > the 'authorities' decree. Exactly. Back to the original poster's argument that he was not bound by RFC 2050 because his allocation predates RFC 2050. If the operators, 99.9% of which are bound by 2050 decide those principals should apply to legacy space they will apply. It's not hard to envision a future where operators require holders of large blocks to show they are efficiently utilizing them prior to connection to return them to ARIN simply because there is no more IPv4 space and that's the only way the industry as a whole can create a more. Is it likely, I sure hope not. But it's far from impossible as well. > The _only_ tool available is 'persuasion'. Yes, but persuasion comes in many forms. While at the end of the day it may be all ARIN does is some begging, ISP's may force the issue by dropping routes. The government may step in and "fix" the situation as part of saving the national infrastructure from terrorists or some other nonsense. Which comes back to my point. If I were a legacy holder I would see those as significant risks. If we get to a point where Microsoft and Google and IBM and GM say that they can't do business because there are no more IPv4 addresses and you're one of the people who has a letter from someone who can't be found anymore, that isn't even on stationary, and only talks about networks that ceased to exist 15 years ago who do you think is going to win and who is going to loose? If I was a legacy holder of a smaller block (the /8 people are a different story, but small in number) I would be jumping to comply with current rules (which isn't all that hard) and sign an RSA. In particular, if I were a legacy holder that can't find my original letter and/or e-mail (and I bet there's a few) I would be beating down a path to ARIN's door to get a signed document dated this year saying I have an assignment under current rules. In short, legacy holders are (in my opinion) running a huge risk by not staying current with the changing process. I would like to persuade them to work in their own best interest, which I think is also in ARIN's best interest. There's also a significant second part of this problem that we keep ignoring. Estimates exist saying 10-20% of the legacy space is no longer in use by anyone. It was given to someone who is now dead, or to a corporation that no longer exists. It's not routed, and in some cases hasn't been over over 10 years. I doubt very many people would object to putting a dead person's address space back in the free pool. Surely being given the block does not mean we must keep it reserved in case of reincarnation. Who has the authority to recover those blocks? Put the other way, who has the authority to demand a legacy holder simply stand up and say "yep, still here, still in use", as that's the only way it's going to happen. Surely we haven't put all these addresses in the virtual bit-bucket because of some implied "no one will ever ask you later if you're still using it" clause. But can ARIN do that? IANA? Does the government have to come back and do it, since they gave it out? -- Leo Bicknell - bicknell at ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ Read TMBG List - tmbg-list-request at tmbg.org, www.tmbg.org -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available URL: -------------- next part -------------- _______________________________________________ This message sent to you through the ARIN Public Policy Mailing List (PPML at arin.net). Manage your mailing list subscription at: http://lists.arin.net/mailman/listinfo/ppml From jcurran at istaff.org Sun Jul 8 22:08:21 2007 From: jcurran at istaff.org (John Curran) Date: Sun, 8 Jul 2007 22:08:21 -0400 Subject: [ppml] Incentive to legacy address holders In-Reply-To: <200707090017.l690H6u8018571@s25.firmware.com> References: <200707090017.l690H6u8018571@s25.firmware.com> Message-ID: At 7:17 PM -0500 7/8/07, Robert Bonomi wrote: >The existing system works *ONLY* because of 'voluntary co-operation', because >'enlightened self-interest' indicates, *presently*, that cooperation with >those agencies is desirable. You are correct; the fact is that the Internet was built on voluntary cooperation, and making things work together was the entire reason that there was an IANA (Jon) to coordinate IP address assignments. In general, there's been fairly good cooperation among ISPs over the decades... we've managed to do lots of things (like DNS, CIDR, bogon filtering, MD5 for BGP, anycast DNS, etc.) We've also had some areas that have been more challenging (e.g. route registries, prefix filtering policies, any secure BGP, DNSSEC, routing table containment) Decision making based on distributed enlightened self-interest is what we have to work with, but let's also recognize that it's remarkable bad at handling situations that require significant coordinated efforts well in advance of any imminent crisis... >Now, if/when the time comes that major network operators 'cannot' get additional >address-space assignments -they- need, because of a lack of 'unassigned' >address-space, *AND* there are significant blocks of 'unannounced' space, >one *will* see operators starting to use that space, regardless of what >the 'authorities' decree. There's a number of interesting options at that point, and ISP's *will* do what's necessary to keep their businesses running. The challenging part is whether the enlightened self-interest will result in an actual functional result for the Internet. For example, one option would be for ISP's and deep-pocketed new endeavors to start mining the unannounced address space. This has some fairly interesting side-effects, as there's every reason for "holders" who have no other use for their space to heavily subdivide their blocks for maximum financial return. Since there is no inherent hierarchy to the space obtained in this manner (whether by ISP or end-sites), we need to expect a much higher ratio of new routes to new Internet customers. Obviously, if "enlightenment" exceeds "self-interest", the ISP community would also need to get together and come up with some guidelines for avoiding the routing table explosion, but but that's always been a hard meeting to convene (and we've no mechanism enforce the outcome). I fully agree with you; The ISP's & Internet community get to call the shots here, just as they get to set the Internet resource policies which are followed by the RIR's. I wouldn't be surprised to see the ISP community decide that it's very much in their interest to know the utilization of the unannounced blocks, whether it's so that they can later play "let's make a deal" or so that they can direct the current IANA to invalidate per RFC2050 and get the space through today's processes. >A coalition of network (and IX) operators could decide _tomorrow_ to ignore >*all* address-range "assignments" from the above-mentioned hierarchy, and >only route traffic from address-blocks "blessed" by some alternative source, >and there is *nothing* that the aforementioned 'authorities' could do to >prevent it. Perfectly true, although it certainly would be very, very exciting for the "alternative source", who would be relying entirely on some expression of collective will of the ISPs when reclaiming space... The time from appropriation to courtroom might be really quick, unless there was also an accepted community statement (formed in an open & public fashion) which provided the basis for action. /John From cliffb at cjbsys.bdb.com Sun Jul 8 22:17:04 2007 From: cliffb at cjbsys.bdb.com (Cliff Bedore) Date: Sun, 08 Jul 2007 22:17:04 -0400 Subject: [ppml] Incentive to legacy address holders Message-ID: <46919AA0.9060004@cjbsys.bdb.com> OK I'm an independent consultant working out of my home. Why are the rest of you working on a Sunday? :-) Thanks for all the interesting perspectives on legacy owners. Cliff Bedore cliffb at cjbsys.bdb.com http://www.bdb.com Amateur Radio Call Sign W3CB For info on ham radio, http://www.arrl.org/ From randy at psg.com Sun Jul 8 22:27:46 2007 From: randy at psg.com (Randy Bush) Date: Mon, 09 Jul 2007 10:27:46 +0800 Subject: [ppml] Incentive to legacy address holders In-Reply-To: <46919AA0.9060004@cjbsys.bdb.com> References: <46919AA0.9060004@cjbsys.bdb.com> Message-ID: <46919D22.7010203@psg.com> > I'm an independent consultant working out of my home. Why are the rest > of you working on a Sunday? :-) it's mid morning monday ranndy From mysidia at gmail.com Sun Jul 8 22:38:21 2007 From: mysidia at gmail.com (James Hess) Date: Sun, 8 Jul 2007 21:38:21 -0500 Subject: [ppml] Incentive to legacy address holders In-Reply-To: <20070709010939.GA66547@ussenterprise.ufp.org> References: <200707090017.l690H6u8018571@s25.firmware.com> <20070709010939.GA66547@ussenterprise.ufp.org> Message-ID: <6eb799ab0707081938l31e72e31m53727a9f8f286ac7@mail.gmail.com> > Who has the authority to recover those blocks? Put the other way, > who has the authority to demand a legacy holder simply stand up and > say "yep, still here, still in use", as that's the only way it's > going to happen. Surely we haven't put all these addresses in the > virtual bit-bucket because of some implied "no one will ever ask > you later if you're still using it" clause. But can ARIN do that? > IANA? Does the government have to come back and do it, since they > gave it out? I would say the responsibilities went to ICANN, and it would be the responsibility of the ICANN ASO to develop suitable policies ultimately it would be up to the ICANN board to approve or deny policies about what RIRs can do, policies about what IANA can do, etc, otherwise the policies already written apply.. I believe ICANN has deferred to the RIRs on matters like this one; from a policy making standpoint, the legacy blocks allocated to the RIRs are no different than the fresh /8s delegated to the RIRs, in that the ASO documents do not make that kind of distinction about addressing. I think "legacy addressing" is mostly a fiction RIRs have created by attempting to apply different policies to different registrants, just because the registration authority was delegated to a different entity at one time. We could have called them something different like "people who got addresses, before we required people to sign a contract in advance." As I see it, there should be some global policy action encouraged, not just any one RIR taking it upon itself to try to reclaim inactive legacy blocks, since the matter of lost legacy resources unused for decades need to be reclaimed outright regardless of region, to avoid wasting blocks of addresses, legacy blocks that are dormant and unused should be reclaimed in all regions, provided the cost of reclamation is small enough and the number of addresses likely to be reclaimed is substantial. I think what should happen, is first, for records not updated in 5 years that have no addressing advertised, add a notation to WHOIS records "Network Seems to be Inactive/Possibly Abandoned, Please contact xxxx at rir-name if you have information." In other words, make it very visible that the registry is trying to get better information about the status of that network. The last known mailing address should be tried, there is a chance the old contact information is still good. If it is good, and the contact can show they still represent the organization the addresses were assigned to, and they are using any of the legacy addresses (for example, in a private network, where rfc1918 addresses would be unsuitable), then they change from inactive/possibly abandoned to "active status". Once every year or 6 months, publish (somewhere very visible), the list of blocks and organizations with legacy address blocks that appeared to be inactive, in some very visible location, in the hopes of reaching contacts whose street address AND phone numbers had changed over the years. If there has been no definitive response (with proof that the responder is the organization the legacy assignment was made to, AND some addresses in the block are in use or will be in use) for 1 year after the publication, then return the address space to IANA or whichever RIR the block was managed by. If the addresses were claimed to not be in use (but would be in use in the future), then only extend the allowed time by another year, and refuse extensions by more than 3 years in total. -- -J From martin.hannigan at batelnet.bs Sun Jul 8 22:59:07 2007 From: martin.hannigan at batelnet.bs (Martin Hannigan) Date: Sun, 08 Jul 2007 22:59:07 -0400 Subject: [ppml] Incentive to legacy address holders Message-ID: <4691a47b.368.422a.20313@batelnet.bs> ----- Original Message ----- From: "James Hess" To: ppml at arin.net Subject: Re: [ppml] Incentive to legacy address holders Date: Sun, 8 Jul 2007 21:38:21 -0500 > > Who has the authority to recover those blocks? Put the > > other way, who has the authority to demand a legacy > > holder simply stand up and say "yep, still here, still > > in use", as that's the only way it's going to happen. > > Surely we haven't put all these addresses in the virtual > > bit-bucket because of some implied "no one will ever ask > you later if you're still using it" clause. But can ARIN > > do that? IANA? Does the government have to come back > > and do it, since they gave it out? > > I would say the responsibilities went to ICANN, and it > would be the responsibility of the ICANN ASO to develop > suitable policies The ASO has few, but important, functions. We certify that RIR's PDP was followed WRT global policies We appoint two RIR linked individuals to ICANN BoD seats 9 and 10. We develop and execute "administrative" procedures to comply with the MoU and Attachments that the RIR's have with ICANN. The ASO AC can not create numbering policy. You should be very happy about this for a variety of reasons. Martin Hannigan ASO AC/NRO NC Member (The ASO AC and the NRO NC are effectively the same bug) From martin.hannigan at batelnet.bs Sun Jul 8 23:10:15 2007 From: martin.hannigan at batelnet.bs (Martin Hannigan) Date: Sun, 08 Jul 2007 23:10:15 -0400 Subject: [ppml] Incentive to legacy address holders Message-ID: <4691a717.15f.4238.12196@batelnet.bs> ----- Original Message ----- From: Leo Bicknell To: ppml at arin.net Subject: Re: [ppml] Incentive to legacy address holders Date: Sun, 8 Jul 2007 21:09:39 -0400 > In a message written on Sun, Jul 08, 2007 at 07:17:06PM > > -0500, Robert Bonomi wrote: Sarcastic or not, you > > materially misrepresent what the letter says. :) > > It says that *IF* you connect to ARPA, or DDN you musc > > go through a BBN gateway, or the gateway of another ASN, > > and that some gateway to ARPA or DDN (yours or that > > other ASNs) must speak EGP. > > If you're *not* connecting to ARPA or DDN, then those > restrictions are moot. > > Actually, I believe you got what I was trying to get > across perfectly. > > > Now, if/when the time comes that major network operators > > 'cannot' get additional address-space assignments -they- > > need, because of a lack of 'unassigned' address-space, > > *AND* there are significant blocks of 'unannounced' > space, one *will* see operators starting to use that space > > , regardless of what the 'authorities' decree. > > Exactly. Back to the original poster's argument that he > was not bound by RFC 2050 because his allocation predates > RFC 2050. If the operators, 99.9% of which are bound by > 2050 RFC 2050 is out of date and magically acknowledges it's time and place in the Internet by talking about "existing" conditions and technologies. Part of our problem is legacy thinking. -M< From michael.dillon at bt.com Mon Jul 9 03:41:19 2007 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Mon, 9 Jul 2007 08:41:19 +0100 Subject: [ppml] Incentive to legacy address holders In-Reply-To: <46915157.4030506@cjbsys.bdb.com> References: <46915157.4030506@cjbsys.bdb.com> Message-ID: > Having said that, I can see benefits to being an ARIN member. > If ARIN can develop an RSA that says we'll charge you a > nominal non-changing fee and not try to take your address > space way as long as you continue to use it. This last is the key point. Any IP address is a shared resource because it comes from a finite shared resource pool. If an organization continues to use the resource, then it has a justification for the address space regardless of whether it was a legacy allocation or a more recent one. The problem arises with the large number of legacy allocations which do not appear to be in use where the original address holder seems to have disappeared. In addition, it is possible that some legacy holders that clearly do exist, such as Dupont, are in violation of ARIN guidelines because they do not have justification for all of the address space which they hold. This gives them special status which they do not deserve and is an example of a non-level playing field. We can no longer accept the situation in which all legacy holders are just lumped together. We need to begin sorting out the mess and reclaiming addresses which are either unused or unjustified. And if a legacy holder does not want to be part of the RIR system and actively refuses to work with us, they we need to flag that fact. IP addresses do not belong to the holder, they belong to the community and if a legacy holder is a rogue then the community should be informed about that. > Further, if ARIN > is absorbed or otherwise changed, the agreement remains in > place unchanged or is rendered null and void and we're back > to legacy status. I doubt this will happen. Since ARIN is an incorporated organization, it has to be wound up in an orderly fashion. --Michael Dillon From Ed.Lewis at neustar.biz Mon Jul 9 10:10:11 2007 From: Ed.Lewis at neustar.biz (Edward Lewis) Date: Mon, 9 Jul 2007 10:10:11 -0400 Subject: [ppml] Policy Proposal: Authentication of Legacy Resources In-Reply-To: <20070706163335.831.qmail@hoster908.com> References: <20070706163335.831.qmail@hoster908.com> Message-ID: At 8:33 -0800 7/6/07, Andrew Dul wrote: >I've been working on this policy with a few people from the AC for a >couple of months. Given today's discussion on the PPML, it seemed >like an appropriate time to submit it to the policy process. > >============== > >Template: ARIN-POLICY-PROPOSAL-TEMPLATE-1.0 >Legacy IP address record holders who have not signed a registration services >agreement with ARIN will have their name server delegations for the >in-addr.arpa zone removed starting on June 30, 2009. All name server >delegations shall be removed from the in-addr.arpa zone by December 31, 2009. Speaking as a member of ARIN (persumably in good standing but I can't say as I don't sign the checks here) I beg that this is not done. I rely upon ARIN maintaining and publishing information on the allocation of address space. What is more important to me, as a paying member, is complete, accurate, and up to date information. What is not important to me i whether the information is about an organization in good, bad, or indifferent standing with ARIN. We should always highlight the responsible/authorized party for address space. Members of ARIN benefit from this. Please don't hide network registrations. (Yes, maybe the WhoIs is there, but still, the registrant in the reverse map is not the reliant party.) Some questions about the rationale: >8. Rationale: > > This policy proposal attempts to bring these legacy resource holders into a >formal agreement with ARIN, the manager of the IP numbering resources for many >of the legacy record holders. Why do this? I wish we could list the reasons why it is so essential to the membership to make sure legacy holders are members too, so essential we are willing to drop information about this space if we don't get what we want. Perhaps you would rather prevent DNS queries from the free-loading legacy holders from being answered? "I want the dirt about the legacy space, but if they don't want to pay, they shouldn't get to look stuff up about me." >Some legacy resource holders have expressed concerns about committing to a >registration services agreement when the legacy resource holder cannot be >assured that they will be permitted to retain and their resources for the >long-term. This policy proposal also does not preclude existing legacy >space holders, who may have signed another version of the registration >services agreement from having the same commitment level. It is suggested >that the Board of Trustees formalize the annual maintenance fees for legacy >resource holders at a level similar to the $100 USD per year for end-sites. I have yet to see a good reason why I would (if I were in position to do so), choose to pay $100/year to keep what I already have or continue to pay nothing for what I already have. >Given the informal relationship under which the resources were granted, ARIN >current maintains the records including WHOIS and in-addr.arpa delegations >in a best-effort fashion. Many believe that ARIN may not be obligated to >maintain these records. ARIN has experienced some difficulty maintaining >these records. Legacy records have been a popular target for hijackers, in >part due to the out of date information contained in these records. Having >up to date contact information would assist ARIN and ISP's in insuring the >stability of the Internet. ARIN is obligated to encourage this - up to date record keeping. The members of ARIN are expecting ARIN to do this as part of its role in maintaining uniqueness in address resource utilization. ARIN does rely on the registrants to perform this as the staff does not trawl the data for accuracy. ARIN ought to be encouraging updates, ought to be lowering any barrier to voluntary updates. Creating a barrier to having up to date information is the wrong course of action. I realize that we believe that there is an incremental cost associated with legacy space. If the cost of maintaining a record is great, I would be satisfied with giving it a label of "legacy allocation, information unknown". I would like better information, so even if the legacy holder refuses to submit to an agreement or pay, I would expect ARIN to be willing to accommodate the update. (Assuming there is no question of authenticity of the claim.) >Legacy resource holders who sign a registration services agreement would >continue to receive all the services that are currently provided by ARIN >plus they would be eligible for any future services that ARIN may offer, >such as cryptographic signing of resource records. I think that we ought to make it clear that legacy is legacy and we have no expectation of reclaiming and reassigning it. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis +1-571-434-5468 NeuStar Think glocally. Act confused. From marla.azinger at frontiercorp.com Mon Jul 9 11:24:44 2007 From: marla.azinger at frontiercorp.com (Azinger, Marla) Date: Mon, 9 Jul 2007 11:24:44 -0400 Subject: [ppml] ARIN Outreach to Legacy Holders Message-ID: <454810F09B5AA04E9D78D13A5C39028A0272F95C@nyrofcs2ke2k01.corp.pvt> I believe the web link with markers like Owens broken down would be a great thing. As for Owen's details, I think they are good but need work. And it would also be great to get input from our BOT and Legal. So how about we first start off easy and just create a link for any Legacy Users that just want to cooperate like the rest of us (yes I believe there is a possibility this could happen). Then work on the links and details for those Legacy holders that still need to have their special legacy status (if a bullet point slide from 10 years ago really is legally binding). Cheers! Marla Azinger -----Original Message----- From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net]On Behalf Of Paul Vixie Sent: Sunday, July 08, 2007 5:44 PM To: ARIN PPML Subject: Re: [ppml] ARIN Outreach to Legacy Holders > > i think the reason there are no instructions is that we don't know what > > they should say. ... > > ... along the lines of: > > "As an original owner of a legacy address space block you may > continue to use the address space forever for your own purposes. > As a legacy holder you will not be subjected to ARIN's policies for > legacy space holders for the legacy blocks only, and will not be > subject to audit by ARIN for those legacy blocks. here, you make it seem that if someone has a legacy /16 at 1% utilization it will not affect their ability to apply for new RSA space. is that what you intend? > Any sale, lease, or transfer of the block or a portion of the block > to a party outside the original owners control will require that > the new recipient sign a current RSA and agree to abide by all of > ARIN's policies for address space assignment. this is redundant to current policy, and should be marked "as a reminder". > Failure to maintain contact information for the block, or to pay > the $100 per year maintenance fee will result in forfeiture of the > block. The $100 per year fee will never change." so you're telling a family who owns a new york city taxi medallion that they can no longer pass it from generation to generation, nor sell it on ebay for USD 500K, and you expect them to sign this why exactly? > Quite simply, an original legacy holder gets their (so claimed) > implied contract put on paper, and we codify in that paper that it > is in fact a non-transferable agreement. I think for the legacy > holders to have a formal contract with that written down would be > seen as a huge win for them, and would constitute giving them > something. At the same time, they would be under an RSA, and ARIN > would have a legal stick to help curtail any black market in IP's > that may appear. i'm all for protecting the DFZ from the deaggregation implicit in a black market. but negotiating the terms is going to be tricky for a number of reasons. _______________________________________________ This message sent to you through the ARIN Public Policy Mailing List (PPML at arin.net). Manage your mailing list subscription at: http://lists.arin.net/mailman/listinfo/ppml From dlw+arin at tellme.com Mon Jul 9 11:39:36 2007 From: dlw+arin at tellme.com (David Williamson) Date: Mon, 9 Jul 2007 08:39:36 -0700 Subject: [ppml] ARIN Outreach to Legacy Holders In-Reply-To: <454810F09B5AA04E9D78D13A5C39028A0272F95C@nyrofcs2ke2k01.corp.pvt> References: <454810F09B5AA04E9D78D13A5C39028A0272F95C@nyrofcs2ke2k01.corp.pvt> Message-ID: <20070709153936.GB24890@shell01.corp.tellme.com> On Mon, Jul 09, 2007 at 11:24:44AM -0400, Azinger, Marla wrote: > I believe the web link with markers like Owens broken down would be a great thing. I agree. There's little reason to believe that a stick will be more effective than a carrot at this point. I find it interesting that we've had a few legacy holders pop up to provide input, which is refreshing and exceedingly useful. I also find it interesting that all of them seem to be holders of class C space. I suspect that the class C swamp is not the real point of interest in this conversation, however, and I'm wondering if any of the A or B holders have any opinion on the direction this is heading. It also occured to me that the modern definitions that most closely apply for class A and class C space are almost certainly "allocation" and "assignment", respectively. It's hard to imagine an allocation of a /24, especially from that earlier era. As usual, the class B space is the troubling one when it comes to definitions. I also had the throught that if/when a stick does get applied, it should be done in such a way that we get the most bang for the buck. Within the class C space, I would support a general amnesty for anyone holding a /22 equivalent or less. Let them sign an RSA that indicates that they have a PI assignment of their existing space. As long as they have actual use for the space, they can keep it at the normal low rate for such things. (We could also encourage someone holding two or four swamp class C addresses to return them in exchange for contiguous /23 or /22 assignments.) I'd still prefer to avoid the "stick" and stay with the carrot, though. -David From info at arin.net Mon Jul 9 11:46:20 2007 From: info at arin.net (Member Services) Date: Mon, 09 Jul 2007 11:46:20 -0400 Subject: [ppml] Policy Proposal: Authentication of Legacy Resources In-Reply-To: <20070706163335.831.qmail@hoster908.com> References: <20070706163335.831.qmail@hoster908.com> Message-ID: <4692584C.6040509@arin.net> ARIN received the following policy proposal. In accordance with the ARIN Internet Resource Policy Evaluation Process, the proposal is being posted to the ARIN Public Policy Mailing List (PPML) and being placed on ARIN's website. The AC will review this proposal and may decide to: 1. Accept the proposal as a formal policy proposal as it is presented; 2. Work with the author to: a) clarify the language or intent of the proposal; b) divide the proposal into two (2) or more proposals; or c) combine the proposal with other proposals; or, 3. Not accept the proposal as a formal policy proposal. The AC will review this proposal at their next regularly scheduled meeting. If the AC accepts the proposal, then it will be posted as a formal policy proposal to PPML and it will be presented at a Public Policy Meeting. If the AC does not accept the proposal, then the AC will explain that decision; and at that time the author may elect to use the petition process to advance their proposal. If the author elects not to petition or the petition fails, then the proposal will be closed. The ARIN Internet Resource Policy Evaluation Process can be found at: http://www.arin.net/policy/irpep.html Mailing list subscription information can be found at: http://www.arin.net/mailing_lists/index.html Regards, Member Services American Registry for Internet Numbers (ARIN) ## * ## Andrew Dul wrote: > I've been working on this policy with a few people from the AC for a couple of months. Given today's discussion on the PPML, it seemed like an appropriate time to submit it to the policy process. > > ============== > > Template: ARIN-POLICY-PROPOSAL-TEMPLATE-1.0 > 1. Policy Proposal Name: Authentication of Legacy Resources > 2. Author > a. name: Andrew Dul > b. email: andrew.dul at quark.net > c. telephone: +1 206-359-8130 > d. organization: Perkins Coie LLP > 3. Proposal Version: 1.0 > 4. Submission Date: 07012007 > 5. Proposal type: New > 6. Policy term: Permanent > 7. Policy statement: > > Add new NRPM section 4.9 - Legacy Records > > Legacy resource record holders shall be permitted to sign an registration services agreement which permits the organization which is currently using the resources as of January 1, 2007 to continue to use those resources as long as a registration services agreement is signed by the organization and the organization is not past-due on their annual maintenance fee. ARIN will evaluate and verify the chain of custody of any resource records prior to executing a registration services agreement with an organization. > > If a legacy resource holder requests additional IPv4 resources all IPv4 resources (legacy and non-legacy) shall be evaluated to determine utilization for additional assignments under NRPM sections 4.2 or 4.3. > > ARIN shall use all reasonable methods to attempt to contact legacy record holders starting on January 1, 2008. > > ARIN shall also post information on the public website regarding this outreach to legacy resource holders. > > No changes shall be made to legacy resource records which are not covered by a registration services agreement after December 31, 2007. > > Add new NRPM section 7.3 - Legacy Reverse Delegation Records > > Legacy IP address record holders who have not signed a registration services agreement with ARIN will have their name server delegations for the in-addr.arpa zone removed starting on June 30, 2009. All name server delegations shall be removed from the in-addr.arpa zone by December 31, 2009. > > If an individual contacts ARIN and claims to represent a legacy record holder after the removal of an organization's name server delegations, the individual shall be permitted to request a one-time 6 month reinstatement of their name server delegations. This 6 month period is intended to allow an organization to work in good faith to establish a registration services agreement. > > 8. Rationale: > > An ARIN Legacy resource holder is an organization which was issued number resources prior to the formation of ARIN and whose registration information was not transferred to another RIR through the Early Registration Transfer Project (http://www.arin.net/registration/erx). Legacy resource holders were issued number resources through an informal process. This policy proposal attempts to bring these legacy resource holders into a formal agreement with ARIN, the manager of the IP numbering resources for many of the legacy record holders. > > Some legacy resource holders have expressed concerns about committing to a registration services agreement when the legacy resource holder cannot be assured that they will be permitted to retain and their resources for the long-term. This policy proposal also does not preclude existing legacy space holders, who may have signed another version of the registration services agreement from having the same commitment level. It is suggested that the Board of Trustees formalize the annual maintenance fees for legacy resource holders at a level similar to the $100 USD per year for end-sites. > > This policy sets in place a notification period of 18 months to contact all legacy resource holders and creates an incentive for the holders to formalize their relationship with ARIN. The dates in this policy proposal were arbitrarily chosen based upon an expected ratification by the ARIN Board of Trustees by December 31, 2007. If this policy is implemented after December 31, 2007, the trigger dates in the policy should be adjusted appropriately. > > Given the informal relationship under which the resources were granted, ARIN current maintains the records including WHOIS and in-addr.arpa delegations in a best-effort fashion. Many believe that ARIN may not be obligated to maintain these records. ARIN has experienced some difficulty maintaining these records. Legacy records have been a popular target for hijackers, in part due to the out of date information contained in these records. Having up to date contact information would assist ARIN and ISP's in insuring the stability of the Internet. > > This policy proposal sets a termination date for in-addr.arpa delegation services for legacy resource record holders who have not formalized their relationship with ARIN through a registration services agreement. The 6 month period of delegation record removal was intended to provide ARIN the flexibility of removing the records on a gradual plan during second half of 2009 and to avoid a large change on a single day. > > Legacy resource holders who sign a registration services agreement would continue to receive all the services that are currently provided by ARIN plus they would be eligible for any future services that ARIN may offer, such as cryptographic signing of resource records. > > 9. Timetable for implementation: As stated in policy > 10. Meeting presenter: Andrew Dul > > END OF TEMPLATE > _______________________________________________ > This message sent to you through the ARIN Public Policy Mailing List > (PPML at arin.net). > Manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml > From jmorrison at bogomips.com Mon Jul 9 13:32:25 2007 From: jmorrison at bogomips.com (John Paul Morrison) Date: Mon, 09 Jul 2007 10:32:25 -0700 Subject: [ppml] Legacy Outreach and Partial Reclamation Message-ID: <46927129.3050307@bogomips.com> I am not in favor of this (or any) proposal which attempts to reclaim IPv4 address space. However, I do like the approach of waiving fees for new IPv6 registrants as a way to encourage adoption of IPv6, but any attempt to reclaim IPv4 addresses will be divisive, unenforceable, and ultimately pointless: the quicker we run out of IPv4 addresses, the quicker we can move on to IPv6. From jmorrison at bogomips.com Mon Jul 9 13:42:08 2007 From: jmorrison at bogomips.com (John Paul Morrison) Date: Mon, 09 Jul 2007 10:42:08 -0700 Subject: [ppml] Policy Proposal: Authentication of Legacy Resources Message-ID: <46927370.9040609@bogomips.com> I am not in favor of this proposal as it is pointless. IPv4 is going to go away anyway, so it's a waste of time and resources to chase people down and clean up the paperwork from the pre-historic Internet. Anyone who needs new or changed assignments can deal with an RSA at that time, while legacy assignments will simply wither on the vine. From tedm at ipinc.net Mon Jul 9 14:17:14 2007 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Mon, 9 Jul 2007 11:17:14 -0700 Subject: [ppml] Incentive to legacy address holders In-Reply-To: <1070708212338.36955G-301000@Ives.egh.com> Message-ID: >-----Original Message----- >From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net]On Behalf Of >John Santos >Sent: Sunday, July 08, 2007 6:47 PM >To: Leo Bicknell >Cc: ppml at arin.net >Subject: Re: [ppml] Incentive to legacy address holders > > >Under these circumstances, I can't see any sense in doing anything >else but what we are doing now, continuing as a legacy, non-RSA- >signing holder. > I guess you think your pretty smart in that you have outlined a situation you think isn't solvable in IPv4. So, when all your customers have switched over to IPv6 and are demanding that you do the same, it appears to me you will be still in exactly the same circumstances. You customers will still be natting under IPv6 - if you don't think so, go ask them now. So what are you going to do then Mr. Smarty? You won't have any legacy class C to fall back on since there isn't an equivalent in IPv6? People can always justify not even trying to follow the rules. Ted PS Cisco wrote back-to-back translation to solve exactly this issue. From michael.dillon at bt.com Mon Jul 9 14:38:02 2007 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Mon, 9 Jul 2007 19:38:02 +0100 Subject: [ppml] Policy Proposal: Authentication of Legacy Resources In-Reply-To: <46927370.9040609@bogomips.com> References: <46927370.9040609@bogomips.com> Message-ID: > I am not in favor of this proposal as it is pointless. IPv4 > is going to go away anyway, IPv4 is not going to go away for at least a generation, if ever. The thing that is about to START disappearing is the public IPv4 Internet because there are no longer enough free IPv4 addresses for this public Internet to continue growing. > so it's a waste of time and > resources to chase people down and clean up the paperwork > from the pre-historic Internet. Anyone who needs new or > changed assignments can deal with an RSA at that time, while > legacy assignments will simply wither on the vine. It is entirely possible that through a combination of actions involving deployment of IPv6, deployment of IPv4-IPv6 gateway services, and RIR address reclamation, we may never actually run out of IPv4 addresses, just get very close to that point. Therefore, any and all address reclamation efforts by ARIN are useful to the entire community. If we ever get to a point where it is clear that address reclamation will not stem the tide, I may change my opinion. But for now, we need to reclaim as much legacy space as we can since we know that lots of this space is unused. --Michael Dillon From dean at av8.com Mon Jul 9 16:13:16 2007 From: dean at av8.com (Dean Anderson) Date: Mon, 9 Jul 2007 16:13:16 -0400 (EDT) Subject: [ppml] ARIN Outreach to Legacy Holders In-Reply-To: <20070709153936.GB24890@shell01.corp.tellme.com> Message-ID: You want class B contacts? I am the contact on a legacy class B for the Open Software Foundation (1989 delegation). Av8 Internet is a paid-up ARIN member, and pays for ASN 11784 and the 198.3.136/21 block. I think this idea is a subterfuge for snarky purposes. There is some more background to this discussion: Paul Vixie/SORBS have, since 2003, claimed falsely and dishonestly that 130.105/16 and 198.3.136/21 are hijacked. These were the same tactics that were used by ORBS. Recall that ORBS was shut by court order for contempt, after it refused a court order to remove false listings. ORBS lost 3 defamation suits. Matthew Sullivan, the claimed operator of SORBS, claims to have no assets to pay damages for defamation, and seeks AV8 to expend money to sue him. The goal is to increase the expenses of Av8 Internet, and that Av8 Internet will be unable to justly recover---the goal is further harm to Av8 Internet) See http://www.iadl.org/, particularly pages on SORBS and MAPS. They attack me because I've exposed the truth about them, or rather, exposed their lies and hypocrisy (e.g. anti-spammers who spam for abuse and profit) There aren't very many legacy B's or legacy A's that aren't in use, and so there is very little, if any, possibility of any reclamation whatsoever. I agree that legacy C's are of no concern to people in this discussion. In fact, there seems to be no genuine problem to solve, yet a lot of discussion about what tools to use to solve the non-existing problem. Essentially, I suspect they are trying to do to Av8 what they did to Kremen. Which is why I am thinking of filing a Motion to Reconsider in the Kremen case. The Kremen result, dismissal on a technicality, was a very unjust result. The case was a 'big deal' on Internet governance and public policy that should not be dismissed on a technicality when ARIN had unclean hands in the matter. I talked with Kremen's lawyer this morning. He didn't know that ASN 11082 and 11084 still belonged to ARIN, or that ARIN had transfered ASN 11083 individually to LACNIC while the ASN was under dispute. These subsequent transfers are additional events further harming Kremen that ought to restart the clocks for the statutes of limitations. The untruthful and/or misleading statements about the nature of the transfers should also restart the clocks. There is indeed a settlement with Kremen as John Curran reported, which isn't public. Kremen could even be satisfied with the result, as Curran seemed to imply. But I am very concerned about the policy implications of the decision and the way it was handled. The public interest is not well served by allowing anarchists to prevail with unclean hands---Anarchists who refuse to implement court orders, who transfer assets under dispute and who then untruthfully report those assets aren't under their control all while conducting frivolous negotiations asserting for example that ARIN wasn't notified until 2003. The principle of Estoppel should prevent ARIN from subsequently claiming that the violations began in 2001, contrary to its earlier assertions that no notice was received and hence no violations accrued until 2003. --Dean On Mon, 9 Jul 2007, David Williamson wrote: > On Mon, Jul 09, 2007 at 11:24:44AM -0400, Azinger, Marla wrote: > > I believe the web link with markers like Owens broken down would be a great thing. > > I agree. There's little reason to believe that a stick will be more > effective than a carrot at this point. > > I find it interesting that we've had a few legacy holders pop up to > provide input, which is refreshing and exceedingly useful. I also find > it interesting that all of them seem to be holders of class C space. I > suspect that the class C swamp is not the real point of interest in > this conversation, however, and I'm wondering if any of the A or B > holders have any opinion on the direction this is heading. > > It also occured to me that the modern definitions that most closely > apply for class A and class C space are almost certainly "allocation" > and "assignment", respectively. It's hard to imagine an allocation of > a /24, especially from that earlier era. As usual, the class B space > is the troubling one when it comes to definitions. > > I also had the throught that if/when a stick does get applied, it > should be done in such a way that we get the most bang for the buck. > Within the class C space, I would support a general amnesty for anyone > holding a /22 equivalent or less. Let them sign an RSA that indicates > that they have a PI assignment of their existing space. As long as > they have actual use for the space, they can keep it at the normal low > rate for such things. (We could also encourage someone holding two or > four swamp class C addresses to return them in exchange for contiguous > /23 or /22 assignments.) > > I'd still prefer to avoid the "stick" and stay with the carrot, though. > > -David > _______________________________________________ > This message sent to you through the ARIN Public Policy Mailing List > (PPML at arin.net). > Manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml > > -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000 From drc at virtualized.org Mon Jul 9 16:22:22 2007 From: drc at virtualized.org (David Conrad) Date: Mon, 9 Jul 2007 13:22:22 -0700 Subject: [ppml] Policy Proposal: Authentication of Legacy Resources In-Reply-To: <46927370.9040609@bogomips.com> References: <46927370.9040609@bogomips.com> Message-ID: <65EEB431-2BBC-4284-AD33-940AEA3B6F4A@virtualized.org> On Jul 9, 2007, at 10:42 AM, John Paul Morrison wrote: > IPv4 is going to go away anyway, Why do you think this? Rgds, -drc From billf at powerset.com Mon Jul 9 16:31:18 2007 From: billf at powerset.com (bill fumerola) Date: Mon, 9 Jul 2007 13:31:18 -0700 Subject: [ppml] IPv4 "Up For Grabs" proposal In-Reply-To: References: <016b01c7bf43$adff4410$1efc5dd8@HCMC.local> Message-ID: <20070709203118.GJ9951@elvis.mu.org> On Thu, Jul 05, 2007 at 02:08:19PM -0700, Ted Mittelstaedt wrote: > OK, then how exactly is this fact an argument AGAINST arin simply removing > these records out of it's whois? Which is what I am suggesting? who does that hurt? the legacy holders or the rest of the community trying to use a tool to find out who to contact when that netblock does something foolish. as a paying ARIN member, i want ARIN to keep track of as much as they're legally, financially, technically allowed to. that WHOIS service is more useful to me, the paying ARIN member, not the legacy holder. the legacy holders probably know how to contact themselves. ARIN's mission is stewardship, your mission seems to be vengeance. this attitude is obvious across other mailing lists as well. (c.f. basically accusing cisco of crimes against humanity on cisco-nsp at puck.nether.net). just officially submit a proposal so it can die a quick, public death. -- bill From billf at powerset.com Mon Jul 9 16:31:43 2007 From: billf at powerset.com (bill fumerola) Date: Mon, 9 Jul 2007 13:31:43 -0700 Subject: [ppml] IPv4 "Up For Grabs" proposal In-Reply-To: References: <20070705213110.GN9951@elvis.mu.org> Message-ID: <20070709203143.GK9951@elvis.mu.org> On Thu, Jul 05, 2007 at 05:09:59PM -0700, Ted Mittelstaedt wrote: > >> OK, then how exactly is this fact an argument AGAINST arin > >simply removing > >> these records out of it's whois? Which is what I am suggesting? > > > >who does that hurt? the legacy holders or the rest of the community > >trying to use a tool to find out who to contact when that netblock does > >something foolish. > > > >as a paying ARIN member, i want ARIN to keep track of as much as they're > >legally, financially, technically allowed to. that WHOIS service is more > >useful to me, the paying ARIN member, not the legacy holder. > > For now. What about post-IPv4 runout? i think you assume that ARIN's IPv4 services will change in some major way when that happens. i don't believe the memebership would want that change and the IPv6 fees at that point would cover maintanence of those 'legacy' systems. i'd imagine ripping the IPv4 components would be more costly than just maintaining them after any sort of: ipv4 runout of addresses by ARIN, ipv6 eclipse of ipv4, ipv4 runout of addresses by IANA, etc. i would want to see the same level of service provided. no difference between legacy pre-ARIN holders and paid members. -- bill From andrew.dul at quark.net Mon Jul 9 17:04:34 2007 From: andrew.dul at quark.net (=?iso-8859-1?Q?Andrew=20Dul?=) Date: Mon, 09 Jul 2007 13:04:34 -0800 Subject: [ppml] Policy Proposal: Authentication of Legacy Resources Message-ID: <20070709210434.21326.qmail@hoster908.com> > -------Original Message------- > From: Edward Lewis > Subject: Re: [ppml] Policy Proposal: Authentication of Legacy Resources > Sent: 09 Jul '07 06:10 > > At 8:33 -0800 7/6/07, Andrew Dul wrote: > >============== > > > >Template: ARIN-POLICY-PROPOSAL-TEMPLATE-1.0 > > >Legacy IP address record holders who have not signed a registration services > >agreement with ARIN will have their name server delegations for the > >in-addr.arpa zone removed starting on June 30, 2009. All name server > >delegations shall be removed from the in-addr.arpa zone by December 31, 2009. > > Speaking as a member of ARIN (persumably in good standing but I can't > say as I don't sign the checks here) I beg that this is not done. > > I rely upon ARIN maintaining and publishing information on the > allocation of address space. What is more important to me, as a > paying member, is complete, accurate, and up to date information. > What is not important to me i whether the information is about an > organization in good, bad, or indifferent standing with ARIN. > > We should always highlight the responsible/authorized party for > address space. Members of ARIN benefit from this. Please don't hide > network registrations. (Yes, maybe the WhoIs is there, but still, > the registrant in the reverse map is not the reliant party.) While I agree that we shouldn't be taking away information, the fact that approx. 50% of the legacy records have not been updated since ARIN's inception tells me that more needs to be done to make sure that the records are updated as best as possible. This policy is an attempt to conduct an outreach to legacy resource holders with some consequences for not taking any action. By setting a sunset time line for Legacy reverse DNS records we hopefully can accomplish two goals. 1. Formalize the relationship between the ARIN and active legacy address holders. 2. Start the process of marking address space that is no-longer in active use. The goal here is not reclamation but rather updating the database with accurate information from Legacy holders and continuing that relationship long-term. > > Some questions about the rationale: > > >8. Rationale: > > > > This policy proposal attempts to bring these legacy resource holders into a > >formal agreement with ARIN, the manager of the IP numbering resources for many > >of the legacy record holders. > > Why do this? I wish we could list the reasons why it is so essential > to the membership to make sure legacy holders are members too, so > essential we are willing to drop information about this space if we > don't get what we want. Perhaps you would rather prevent DNS queries > from the free-loading legacy holders from being answered? There are a lot of reasons that have been discussed. I'll just name some that I have heard, there are probably others. - Legitimize & confirm legacy holders right to use space they were assigned - Remove ambiguity about the status of legacy holder's address space - Create a relationship with legacy holders, including a yearly "touch-point" to help insure that records are up-to-date - ARIN currently provides services to legacy holders for "free", as ARIN is a cost-recovery non-profit, some believe that all address space holders should share in the costs of providing these services. - Preventing the in-addr DNS queries from returning answers is an interesting concept, and not one that I have considered. If people think this is a better method than removing the delegations to motivate legacy holders to create a formal agreement with ARIN, I'd be open to modifying the policy. My initial concern with this approach would be that this approach could be more operationally difficult to deal with. It is pretty easy to understand why a query returns no records if there isn't a valid set of NS records for a zone. If your query was answered or not depending on the source of your query, that could be hard to troubleshoot and understand for the operational community. > > "I want the dirt about the legacy space, but if they don't want to > pay, they shouldn't get to look stuff up about me." > > >Some legacy resource holders have expressed concerns about committing to a > >registration services agreement when the legacy resource holder cannot be > >assured that they will be permitted to retain and their resources for the > >long-term. This policy proposal also does not preclude existing legacy > >space holders, who may have signed another version of the registration > >services agreement from having the same commitment level. It is suggested > >that the Board of Trustees formalize the annual maintenance fees for legacy > >resource holders at a level similar to the $100 USD per year for end-sites. > > I have yet to see a good reason why I would (if I were in position to > do so), choose to pay $100/year to keep what I already have or > continue to pay nothing for what I already have. The best reason I have seen is that it legitimizes an organizations right to use specific IP address resources. There is no ambiguity or risk that the resources could be reused, reissued, or records otherwise invalidated. > > >Given the informal relationship under which the resources were granted, ARIN > >current maintains the records including WHOIS and in-addr.arpa delegations > >in a best-effort fashion. Many believe that ARIN may not be obligated to > >maintain these records. ARIN has experienced some difficulty maintaining > >these records. Legacy records have been a popular target for hijackers, in > >part due to the out of date information contained in these records. Having > >up to date contact information would assist ARIN and ISP's in insuring the > >stability of the Internet. > > ARIN is obligated to encourage this - up to date record keeping. The > members of ARIN are expecting ARIN to do this as part of its role in > maintaining uniqueness in address resource utilization. ARIN does > rely on the registrants to perform this as the staff does not trawl > the data for accuracy. ARIN ought to be encouraging updates, ought > to be lowering any barrier to voluntary updates. Creating a barrier > to having up to date information is the wrong course of action. I agree that creating barriers in general is not a good idea. I would certainly like to see ARIN do an outreach specifically to legacy holders. My attempt with this policy was to create an incentive (loss of current in-addr service) to encourage the establishing of a formal relationship and the ongoing relationship that would help keep the records as up-to-date. In addition I see additional incentives in affirming an organizations right to use number resources granted prior to the formation of ARIN. I would also point out that APNIC passed a policy which was similar to the first section of this proposed policy. http://www.apnic.net/docs/policy/proposals/prop-018-v001.html From tedm at ipinc.net Mon Jul 9 17:51:16 2007 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Mon, 9 Jul 2007 14:51:16 -0700 Subject: [ppml] IPv4 "Up For Grabs" proposal In-Reply-To: <20070709203143.GK9951@elvis.mu.org> Message-ID: >-----Original Message----- >From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net]On Behalf Of >bill fumerola >Sent: Monday, July 09, 2007 1:32 PM >To: 'ARIN PPML' >Subject: Re: [ppml] IPv4 "Up For Grabs" proposal > > >On Thu, Jul 05, 2007 at 05:09:59PM -0700, Ted Mittelstaedt wrote: >> >> OK, then how exactly is this fact an argument AGAINST arin >> >simply removing >> >> these records out of it's whois? Which is what I am suggesting? >> > >> >who does that hurt? the legacy holders or the rest of the community >> >trying to use a tool to find out who to contact when that netblock does >> >something foolish. >> > >> >as a paying ARIN member, i want ARIN to keep track of as much as they're >> >legally, financially, technically allowed to. that WHOIS service is more >> >useful to me, the paying ARIN member, not the legacy holder. >> >> For now. What about post-IPv4 runout? > >i think you assume that ARIN's IPv4 services will change in some major >way when that happens. i don't believe the memebership would want that >change and the IPv6 fees at that point would cover maintanence of those >'legacy' systems. i'd imagine ripping the IPv4 components would be more >costly than just maintaining them after any sort of: ipv4 runout of >addresses by ARIN, ipv6 eclipse of ipv4, ipv4 runout of addresses by >IANA, etc. > >i would want to see the same level of service provided. no difference >between legacy pre-ARIN holders and paid members. So then if the membership doesen't want IPv4 to be removed from the registries, then what is going to be created is a situation where nobody has any incentive to remove their IPv4 reachability, nor remove the ability for their customers to reach IPv4 sites. In short, IPv4 will NEVER "go away" Your proposing a future were we add IPv6, and nobody ever gives up IPv4 resources. So the Internet merely becomes an Internet of both IPv6 and IPv4, not an Internet of IPv4 only or an Internet of IPv6 only. I'm not debating we could or couldn't do this technically. However, if we do this, then don't you see that ALL IPv4 holders, not just the legacy ones, will never have any incentive to drop IPv4. If all of that is OK with you, then why would an existing paying IPv4 holder today who doesen't need numbering, want to bother going to IPv6? After all you just said everyone will be maintaining their IPv4, so what need is there for an IPv4 holder to load up IPv6? The only incentive I see would be to reach a network that is IPv6 ONLY, such as a network that needs numbering post-IPv4 runout. This puts a terrible burden on these networks because since they are new, they cannot be reached by a lot of the Internet, and it is not likely that they can provide enough of an incentive to get IPv4-only holders to update to reach them. Ted From tedm at ipinc.net Mon Jul 9 17:55:03 2007 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Mon, 9 Jul 2007 14:55:03 -0700 Subject: [ppml] IPv4 "Up For Grabs" proposal In-Reply-To: <20070709203118.GJ9951@elvis.mu.org> Message-ID: >-----Original Message----- >From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net]On Behalf Of >bill fumerola >Sent: Monday, July 09, 2007 1:31 PM >To: ppml at arin.net >Subject: Re: [ppml] IPv4 "Up For Grabs" proposal > > >On Thu, Jul 05, 2007 at 02:08:19PM -0700, Ted Mittelstaedt wrote: >> OK, then how exactly is this fact an argument AGAINST arin >simply removing >> these records out of it's whois? Which is what I am suggesting? > >who does that hurt? the legacy holders or the rest of the community >trying to use a tool to find out who to contact when that netblock does >something foolish. > If the rest of the community is IPv6 only they won't need to worry about what some misconfigured IPv4 is doing. >as a paying ARIN member, i want ARIN to keep track of as much as they're >legally, financially, technically allowed to. that WHOIS service is more >useful to me, the paying ARIN member, not the legacy holder. What use are records that aren't updated? What incentive does a legacy holder have to maintain these updates? Holders that are under an RSA are obligated by contract to maintain accurate contact info. Legacy holders have no such obligation. >the legacy >holders probably know how to contact themselves. > >ARIN's mission is stewardship, your mission seems to be vengeance. I see you like to use loaded emotional words to make arguments of emotion against a logical proposal. I guess that means you have no answer to the logical questions. Ted From bicknell at ufp.org Mon Jul 9 18:17:11 2007 From: bicknell at ufp.org (Leo Bicknell) Date: Mon, 9 Jul 2007 18:17:11 -0400 Subject: [ppml] ARIN Outreach to Legacy Holders In-Reply-To: <10722.1183941829@sa.vix.com> References: <20070706135227.GB54239@ussenterprise.ufp.org> <30818.1183733866@sa.vix.com> <20070706153836.GA60747@ussenterprise.ufp.org> <10722.1183941829@sa.vix.com> Message-ID: <20070709221711.GA72988@ussenterprise.ufp.org> In a message written on Mon, Jul 09, 2007 at 12:43:49AM +0000, Paul Vixie wrote: > here, you make it seem that if someone has a legacy /16 at 1% utilization > it will not affect their ability to apply for new RSA space. is that what > you intend? That was what the text as written allowed. One of the points of hallway conversation is the difference between what it might take to reclaim a block, and what it would take to get more space. I tend to lean a bit more towards never reclaiming a "legacy" block, even if only 1% in use, but requiring a holder to use all of the block before applying for more space. What can we get people to agree to as terms? > so you're telling a family who owns a new york city taxi medallion that > they can no longer pass it from generation to generation, nor sell it on > ebay for USD 500K, and you expect them to sign this why exactly? What makes anyone think today legacy addresses pass generation to generation, or can be sold on eBay? eBay won't let you sell IP addresses, sighting appropriate RFC's. Legacy addresses, if you read the documents were assigned to specific people for specific networks. What argument could be made that they should be transferable to that person's children? > i'm all for protecting the DFZ from the deaggregation implicit in > a black market. but negotiating the terms is going to be tricky for > a number of reasons. The clocks a-tickin. Two years and the legacy holders, ARIN, and the community will all be rolling the dice as this unfolds. We have to lay out some decent terms quickly and hope most people sign up, otherwise it's going to be too late to matter. If we don't all come to some agreement soon I'm sure a court will impose situation that no one likes if things go badly. Most interestingly, neither outreach for RSA modifications are policy matters, so that really puts the pressure squarely on the BOD. -- Leo Bicknell - bicknell at ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ Read TMBG List - tmbg-list-request at tmbg.org, www.tmbg.org -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available URL: From paul at vix.com Mon Jul 9 18:30:36 2007 From: paul at vix.com (Paul Vixie) Date: Mon, 09 Jul 2007 22:30:36 +0000 Subject: [ppml] ARIN Outreach to Legacy Holders In-Reply-To: Your message of "Mon, 09 Jul 2007 18:17:11 -0400." <20070709221711.GA72988@ussenterprise.ufp.org> References: <20070706135227.GB54239@ussenterprise.ufp.org> <30818.1183733866@sa.vix.com> <20070706153836.GA60747@ussenterprise.ufp.org> <10722.1183941829@sa.vix.com> <20070709221711.GA72988@ussenterprise.ufp.org> Message-ID: <55228.1184020236@sa.vix.com> > Most interestingly, neither outreach for RSA modifications are policy > matters, so that really puts the pressure squarely on the BOD. yup. From bicknell at ufp.org Mon Jul 9 18:34:06 2007 From: bicknell at ufp.org (Leo Bicknell) Date: Mon, 9 Jul 2007 18:34:06 -0400 Subject: [ppml] Incentive to legacy address holders In-Reply-To: <6eb799ab0707081938l31e72e31m53727a9f8f286ac7@mail.gmail.com> References: <200707090017.l690H6u8018571@s25.firmware.com> <20070709010939.GA66547@ussenterprise.ufp.org> <6eb799ab0707081938l31e72e31m53727a9f8f286ac7@mail.gmail.com> Message-ID: <20070709223406.GB72988@ussenterprise.ufp.org> In a message written on Sun, Jul 08, 2007 at 09:38:21PM -0500, James Hess wrote: > As I see it, there should be some global policy action encouraged, not just any > one RIR taking it upon itself to try to reclaim inactive legacy > blocks, since the > matter of lost legacy resources unused for decades need to be reclaimed > outright regardless of region, to avoid wasting blocks of addresses, legacy > blocks that are dormant and unused should be reclaimed in all regions, You are aware that at least APNIC passed a policy to require all of the legacy space holders in their region to sign a current RSA and (as far as I can tell) abide by all current APNIC rules? http://www.apnic.net/docs/policy/proposals/prop-018-v001.html When the records were transferred to RIPE, RIPE made the statement that to modify them the user would have to sign a RIPE service agreement. I can't find anyone that states the success level they have had with that policy. http://www.arin.net/registration/erx/faq.html I can't quickly find any information on the ERX activities to LACNIC or AfriNIC. In terms of global policy though, at least two RIR's have already taken action on their own, and the action is to sign a current contract and abide by all current rules. I'm not sure those RIR's would be interested a global policy that does something different at this point. -- Leo Bicknell - bicknell at ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ Read TMBG List - tmbg-list-request at tmbg.org, www.tmbg.org -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available URL: From JOHN at egh.com Mon Jul 9 18:58:46 2007 From: JOHN at egh.com (John Santos) Date: Mon, 9 Jul 2007 18:58:46 -0400 Subject: [ppml] Incentive to legacy address holders In-Reply-To: Message-ID: <1070709185229.11438A-100000@Ives.egh.com> On Mon, 9 Jul 2007, Ted Mittelstaedt wrote: > > > >-----Original Message----- > >From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net]On Behalf Of > >John Santos > >Sent: Sunday, July 08, 2007 6:47 PM > >To: Leo Bicknell > >Cc: ppml at arin.net > >Subject: Re: [ppml] Incentive to legacy address holders > > > > > >Under these circumstances, I can't see any sense in doing anything > >else but what we are doing now, continuing as a legacy, non-RSA- > >signing holder. > > > > I guess you think your pretty smart in that you have outlined a > situation you think isn't solvable in IPv4. > > So, when all your customers have switched over to IPv6 and are > demanding that you do the same, it appears to me you will be still > in exactly the same circumstances. You customers will still be natting > under IPv6 - if you don't think so, go ask them now. > > So what are you going to do then > Mr. Smarty? You won't have any legacy class C to fall back on since > there isn't an equivalent in IPv6? What a jerk!!! I described precisely and accurately as I could my exact situation. If you think it is invented, then you are totally full of it. > People can always justify not even trying to follow the rules. Bull. I followed the rules, as written, in 1993. > > Ted > > PS Cisco wrote back-to-back translation to solve exactly this issue. > > -- John Santos Evans Griffiths & Hart, Inc. 781-861-0670 ext 539 From tedm at ipinc.net Mon Jul 9 19:07:16 2007 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Mon, 9 Jul 2007 16:07:16 -0700 Subject: [ppml] IPv4 "Up For Grabs" proposal In-Reply-To: <09f501c7bf95$c5f15bb0$6701a8c0@atlanta.polycom.com> Message-ID: >-----Original Message----- >From: Stephen Sprunk [mailto:stephen at sprunk.org] >Sent: Thursday, July 05, 2007 11:10 PM >To: Ted Mittelstaedt; James Jun; 'ARIN PPML' >Subject: Re: [ppml] IPv4 "Up For Grabs" proposal > > >Thus spake "Ted Mittelstaedt" >> I guarenteee to you that Leatherman Tool Group IS NOT >> paying ARIN a dime, has NEVER paid them a dime. Yet, >> ARIN is still tracking this so ARIN obviously considers this >> legacy holder still their responsibility. >> ... >> Letting legacy holders get away witout funding the RIR that >> tracks them is in my opinion, far crazier than any rules I've >> proposed. Yet, you accept it. > >That is primarily because it benefits ARIN's paying members to know who's >using that space. WHOIS primarily benefits people _other than_ the >registrant. The same argument could be made for reverse DNS >service, though >that's not quite as clear-cut. > >"Tracks" is also not quite accurate; ARIN is dependent on the registrants >keeping their data up to date. Half of them haven't bothered to do so in >the last decade, and ARIN isn't out there hunting them down. The >amount of >money spent on legacy folks is minimal, since the systems need to be built >and maintained for non-legacy folks anyways. It's a negligible >incremental >cost. > True, but the cost to run the system is spread out over only the non-legacy folks. If the cost was spread out over all holders, legacy or not, then it would be cheaper for non-legacy holders. Assuming your a non-legacy holder, are you objecting to a fee reduction for your numbering? Ted From tedm at ipinc.net Mon Jul 9 19:17:14 2007 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Mon, 9 Jul 2007 16:17:14 -0700 Subject: [ppml] Incentive to legacy address holders In-Reply-To: <20070709223406.GB72988@ussenterprise.ufp.org> Message-ID: >-----Original Message----- >From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net]On Behalf Of >Leo Bicknell >Sent: Monday, July 09, 2007 3:34 PM >To: ppml at arin.net >Subject: Re: [ppml] Incentive to legacy address holders > > >In a message written on Sun, Jul 08, 2007 at 09:38:21PM -0500, >James Hess wrote: >> As I see it, there should be some global policy action >encouraged, not just any >> one RIR taking it upon itself to try to reclaim inactive legacy >> blocks, since the >> matter of lost legacy resources unused for decades need to be reclaimed >> outright regardless of region, to avoid wasting blocks of >addresses, legacy >> blocks that are dormant and unused should be reclaimed in all regions, > >You are aware that at least APNIC passed a policy to require all >of the legacy space holders in their region to sign a current RSA >and (as far as I can tell) abide by all current APNIC rules? > >http://www.apnic.net/docs/policy/proposals/prop-018-v001.html > >When the records were transferred to RIPE, RIPE made the statement >that to modify them the user would have to sign a RIPE service >agreement. I can't find anyone that states the success level they >have had with that policy. > >http://www.arin.net/registration/erx/faq.html > >I can't quickly find any information on the ERX activities to LACNIC >or AfriNIC. > >In terms of global policy though, at least two RIR's have already >taken action on their own, and the action is to sign a current >contract and abide by all current rules. I'm not sure those RIR's would >be interested a global policy that does something different at this >point. I think it very likely that since such a heavy-handed, dictatorial policy has worked for them, that the global response would be to adopt it since it is apparently working, and require all legacy space holders in ARIN's region to sign a current RSA. Ted From dean at av8.com Mon Jul 9 19:24:56 2007 From: dean at av8.com (Dean Anderson) Date: Mon, 9 Jul 2007 19:24:56 -0400 (EDT) Subject: [ppml] Policy Proposal: Authentication of Legacy Resources In-Reply-To: <20070709210434.21326.qmail@hoster908.com> Message-ID: Someone already said that ARIN is just the steward of records. I'd like to add to that and point out that ARIN doesn't own the registrations records any more than SRI or NSI owned the registration books before ARIN existed. Even more specifically, ARIN is an agent of the IANA, which is now a function of the US Department of Commerce. Legacy holders already have a relationship with the DoC through earlier agents, and do not require a new relationship with ARIN. ARIN is merely the custodian of records. In that light, there are a number of problems with the current RSA. Perhaps this custodianship should be changed once again, or at least put up for bid periodically, so we can have some new management once in a while. BTW, people also assert without any evidence that legacy records aren't correct or uptodate. This is no truth to this assertion that I can see: Legacy holders have as much interest as anyone else in keeping records uptodate. More interest, probably. Legacy holders have existed for more than 10 years, and so tend to be stable businesses understanding role contacts, and so the records don't need to be changed. Most records probably won't need to be changed for a long time to come. The recency of update has no bearing on the accuracy of the data. --Dean On Mon, 9 Jul 2007, Andrew Dul wrote: > While I agree that we shouldn't be taking away information, the fact > that approx. 50% of the legacy records have not been updated since > ARIN's inception tells me that more needs to be done to make sure that > the records are updated as best as possible. This policy is an > attempt to conduct an outreach to legacy resource holders with some > consequences for not taking any action. > > By setting a sunset time line for Legacy reverse DNS records we > hopefully can accomplish two goals. 1. Formalize the relationship > between the ARIN and active legacy address holders. 2. Start the > process of marking address space that is no-longer in active use. > The goal here is not reclamation but rather updating the database with > accurate information from Legacy holders and continuing that > relationship long-term. -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000 From tedm at ipinc.net Mon Jul 9 19:54:33 2007 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Mon, 9 Jul 2007 16:54:33 -0700 Subject: [ppml] Incentive to legacy address holders In-Reply-To: <1070709185229.11438A-100000@Ives.egh.com> Message-ID: >-----Original Message----- >From: John Santos [mailto:JOHN at egh.com] >Sent: Monday, July 09, 2007 3:59 PM >To: Ted Mittelstaedt >Cc: Leo Bicknell; ppml at arin.net >Subject: RE: [ppml] Incentive to legacy address holders > > >On Mon, 9 Jul 2007, Ted Mittelstaedt wrote: > >> >> >> >-----Original Message----- >> >From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net]On Behalf Of >> >John Santos >> >Sent: Sunday, July 08, 2007 6:47 PM >> >To: Leo Bicknell >> >Cc: ppml at arin.net >> >Subject: Re: [ppml] Incentive to legacy address holders >> > >> > >> >Under these circumstances, I can't see any sense in doing anything >> >else but what we are doing now, continuing as a legacy, non-RSA- >> >signing holder. >> > >> >> I guess you think your pretty smart in that you have outlined a >> situation you think isn't solvable in IPv4. >> >> So, when all your customers have switched over to IPv6 and are >> demanding that you do the same, it appears to me you will be still >> in exactly the same circumstances. You customers will still be natting >> under IPv6 - if you don't think so, go ask them now. >> >> So what are you going to do then >> Mr. Smarty? You won't have any legacy class C to fall back on since >> there isn't an equivalent in IPv6? > >What a jerk!!! Exactly what I thought when I read your post. >I described precisely and accurately as I could >my exact situation. If you think it is invented, then you are >totally full of it. > I never said it was invented. I said you outlined a situation you think isn't solvable. Since you failed to respond to my question as to what are you going to do about IPv6, I wonder if your more mad that someone poked an obvious hole into your scenario than anything else. >> People can always justify not even trying to follow the rules. > >Bull. I followed the rules, as written, in 1993. > And I'm sure that all those people who registered variations of coca-cola domain names and had them taken away when the Domain Name System changed the rules to allow notable trademarks to take precidence, made similar arguments. This argument is as invalid as arguing you shouldn't be given a ticket by a cop for drunk driving because back in 1993 the legal limit for intoxication was higher, and while your over the 2007 limit your not over the 1993 limit. Face the facts. Your getting something for nothing. Your getting tracking and visibility in a system you aren't paying for - in fact, in a system that -I'm- paying for. (or more accurately, my employer, who due to paying for this system has less money he can pay me, and so forth) You certainly don't seem appreciative of this. It seems to me that your doing nothing more than fulfilling the stereotype of the "evil legacy holder" that some people claim I'm saying exist (even though I've never made any such claim) And, as I asked before, how are you going to move your setup to IPv6? Ted From bicknell at ufp.org Mon Jul 9 21:22:55 2007 From: bicknell at ufp.org (Leo Bicknell) Date: Mon, 9 Jul 2007 21:22:55 -0400 Subject: [ppml] Policy Proposal: Authentication of Legacy Resources In-Reply-To: References: <20070709210434.21326.qmail@hoster908.com> Message-ID: <20070710012255.GA2288@ussenterprise.ufp.org> In a message written on Mon, Jul 09, 2007 at 07:24:56PM -0400, Dean Anderson wrote: > BTW, people also assert without any evidence that legacy records aren't > correct or uptodate. This is no truth to this assertion that I can see: > Legacy holders have as much interest as anyone else in keeping records > uptodate. More interest, probably. Legacy holders have existed for more > than 10 years, and so tend to be stable businesses understanding role > contacts, and so the records don't need to be changed. Most records > probably won't need to be changed for a long time to come. The recency > of update has no bearing on the accuracy of the data. ARIN staff has asserted that a large percentage of the record hijacking attempts are made on Legacy space records specifically because contact information is out of date. When ARIN staff detects these hijacking attempts they must attempt to find correct contact information, which has been reported as difficult in many cases. One of the reasons ARIN went to yearly billing was experience at ARIN and elsewhere that bills sent less frequently than once a year (the USPS mail forwarding interval, BTW have a significantly higher return as undeliverable rate. This is one of the reasons we have yearly billing, it helps keep records fresh. I'm sure ARIN staff could provide more details at the next meeting if you are interested. -- Leo Bicknell - bicknell at ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ Read TMBG List - tmbg-list-request at tmbg.org, www.tmbg.org -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available URL: From rgaglian at antel.net.uy Mon Jul 9 21:43:10 2007 From: rgaglian at antel.net.uy (Roque Gagliano) Date: Mon, 9 Jul 2007 22:43:10 -0300 Subject: [ppml] Incentive to legacy address holders In-Reply-To: References: Message-ID: <9B1FD542-B6BF-45E1-9A53-3E5484E93C85@antel.net.uy> >> >> I can't quickly find any information on the ERX activities to LACNIC >> or AfriNIC. In the LACNIC region there is a policy approved and ratified last year but not yet implemented. Here is the info: http://lacnic.net/documentos/lacnicix/LAC-2006-02-EN.pdf http://lacnic.net/en/politicas/propuesta-politicas.html Best regards, ------------------------------------------------------------- Roque Gagliano ANTEL - URUGUAY rgaglian at antel.net.uy -------------- next part -------------- An HTML attachment was scrubbed... URL: From davids at webmaster.com Mon Jul 9 22:07:20 2007 From: davids at webmaster.com (David Schwartz) Date: Mon, 9 Jul 2007 19:07:20 -0700 Subject: [ppml] Policy Proposal: Authentication of Legacy Resources In-Reply-To: <20070710012255.GA2288@ussenterprise.ufp.org> Message-ID: > ARIN staff has asserted that a large percentage of the record > hijacking attempts are made on Legacy space records specifically > because contact information is out of date. When ARIN staff detects > these hijacking attempts they must attempt to find correct contact > information, which has been reported as difficult in many cases. I would love to see a general consensus on the outline of a mostly-carrot approach to get legacy address holders back into the fold and allow them to keep their contact information up-to-date. I see this as the biggest problem though. If the cost to legacy address holders are too high, they won't bother. The carrot of renewed legitimacy only goes so far. ARIN would have to make sure that the people contacting them to 'update' the contact information on each legacy block are in fact entitled to that block. If that is an expensive process, the cost will have to be correspondingly high. That could be the deal-killer right there. It would be nice to get some kind of estimate of how much that would have to be. David Schwartz WebMaster, Incorporated From martin.hannigan at batelnet.bs Mon Jul 9 22:16:31 2007 From: martin.hannigan at batelnet.bs (Martin Hannigan) Date: Mon, 09 Jul 2007 22:16:31 -0400 Subject: [ppml] Policy Proposal: Authentication of Legacy Resources Message-ID: <4692ebff.21.5665.7114@batelnet.bs> ----- Original Message ----- From: Leo Bicknell To: ppml at arin.net Subject: Re: [ppml] Policy Proposal: Authentication of Legacy Resources Date: Mon, 9 Jul 2007 21:22:55 -0400 [ snip ] > One of the reasons ARIN went to yearly billing was > experience at ARIN and elsewhere that bills sent less > frequently than once a year (the USPS mail forwarding > interval, BTW have a significantly higher return as > undeliverable rate. This is one of the reasons we have > yearly billing, it helps keep records fresh. What portion of legacy space could be classified as "stolen" or "misappropriated" and does these policies include the IANA legacy registry? > I'm sure ARIN staff could provide more details at the next > meeting if you are interested. Probably could provide some now too. From Keith at jcc.com Mon Jul 9 22:18:47 2007 From: Keith at jcc.com (Keith W. Hare) Date: Mon, 9 Jul 2007 22:18:47 -0400 Subject: [ppml] Policy Proposal: Authentication of Legacy Resources Message-ID: > -----Original Message----- > From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On > Behalf Of David Schwartz > Sent: Monday, July 09, 2007 10:07 PM > To: ppml at arin.net > Subject: Re: [ppml] Policy Proposal: Authentication of Legacy > Resources > > > I would love to see a general consensus on the outline of a > mostly-carrot > approach to get legacy address holders back into the fold and > allow them to > keep their contact information up-to-date. I agree. It would be a good start to actually have a mechanism available so a legacy holder could figure out how to join up, and what the cost and other implications would be. > I see this as the biggest problem though. If the cost to > legacy address > holders are too high, they won't bother. The carrot of > renewed legitimacy > only goes so far. The cost is mostly not money. If I can't justify my address space under the current rules, I'm not sure I will sign up. There is a certain amount of freedom that one does not get with provider supplied address space. Keith W. Hare From jcurran at istaff.org Mon Jul 9 22:20:31 2007 From: jcurran at istaff.org (John Curran) Date: Mon, 9 Jul 2007 22:20:31 -0400 Subject: [ppml] Policy Proposal: Authentication of Legacy Resources In-Reply-To: References: Message-ID: At 7:24 PM -0400 7/9/07, Dean Anderson wrote: >Perhaps this custodianship should be changed once again, or at least put >up for bid periodically, so we can have some new management once in a >while. New management (both at the board level and at the advisory council level) is encouraged; in fact, we're approaching that time of year... (See: https://app.arin.net/election for the time line for nominations) Anything that you can do to get more qualified candidates is welcome! In terms of complete organizational replacement, there are times when such may be called for... I frankly don't think ARIN's there, but if you do and would prefer to work on an alternative model rather than evolving the current one, you have every right to do so. I'd start by gathering a group of similar minded folks, defining the problem, putting together a concrete plan to address it, and then going to one of IANA/ICANN(/DoC?) to discuss the matter. ARIN has a specific mission to accomplish with respect to stewardship and administration of Internet number resources, so if you've got a better way to accomplish it, go forth. In the end, it's making sure that the job gets done that really matters. /John From JOHN at egh.com Mon Jul 9 22:24:34 2007 From: JOHN at egh.com (John Santos) Date: Mon, 9 Jul 2007 22:24:34 -0400 Subject: [ppml] Incentive to legacy address holders In-Reply-To: Message-ID: <1070709215705.10161A-100000@Ives.egh.com> On Mon, 9 Jul 2007, Ted Mittelstaedt wrote: > > > >-----Original Message----- > >From: John Santos [mailto:JOHN at egh.com] > >Sent: Monday, July 09, 2007 3:59 PM > >To: Ted Mittelstaedt > >Cc: Leo Bicknell; ppml at arin.net > >Subject: RE: [ppml] Incentive to legacy address holders > > > > > >On Mon, 9 Jul 2007, Ted Mittelstaedt wrote: > > > >> > >> > >> >-----Original Message----- > >> >From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net]On Behalf Of > >> >John Santos > >> >Sent: Sunday, July 08, 2007 6:47 PM > >> >To: Leo Bicknell > >> >Cc: ppml at arin.net > >> >Subject: Re: [ppml] Incentive to legacy address holders > >> > > >> > > >> >Under these circumstances, I can't see any sense in doing anything > >> >else but what we are doing now, continuing as a legacy, non-RSA- > >> >signing holder. > >> > > >> > >> I guess you think your pretty smart in that you have outlined a > >> situation you think isn't solvable in IPv4. > >> > >> So, when all your customers have switched over to IPv6 and are > >> demanding that you do the same, it appears to me you will be still > >> in exactly the same circumstances. You customers will still be natting > >> under IPv6 - if you don't think so, go ask them now. You don't know my customers. They strongly believe in "if it ain't broke, don't fix it." (In case you totally have the wrong end of the stick, my customers are *NOT* buying any sort of internet service from us. We use the internet as a tool for supporting our customers. They typically have enormous internal networks, and may eventually implement v6 on them, but there is no prospect they'll be turning off v4 for decades. Switching to v6 for this function would be a pointless waste of time for both us and them.) > >> > >> So what are you going to do then > >> Mr. Smarty? You won't have any legacy class C to fall back on since > >> there isn't an equivalent in IPv6? > > > >What a jerk!!! > > Exactly what I thought when I read your post. Shut up, he explained. > > >I described precisely and accurately as I could > >my exact situation. If you think it is invented, then you are > >totally full of it. > > > > I never said it was invented. I said you outlined a situation you think > isn't solvable. Since you failed to respond to my question as to what > are you going to do about IPv6, I wonder if your more mad that someone > poked an obvious hole into your scenario than anything else. > > >> People can always justify not even trying to follow the rules. > > > >Bull. I followed the rules, as written, in 1993. > > > > And I'm sure that all those people who registered variations of > coca-cola domain names and had them taken away when the Domain Name > System changed the rules to allow notable trademarks to take precidence, > made similar arguments. This argument is as invalid as arguing > you shouldn't be given a ticket by a cop for drunk driving because > back in 1993 the legal limit for intoxication was higher, and > while your over the 2007 limit your not over the 1993 limit. Totally bogus analogies. Why don't you propose the police go back to their records and charge with drunk driving anyone they stopped with a breathalyzer reading below what was then the threshold but is now above the threshold? > Face the facts. Your getting something for nothing. Your getting > tracking and visibility in a system you aren't paying for - in fact, > in a system that -I'm- paying for. (or more accurately, my employer, > who due to paying for this system has less money he can pay me, and > so forth) You certainly don't seem appreciative of this. I never said I wasn't willing to pay my fair share for *something* (like v6 addresses.) I'm not willing to pay, agree to terms I did not originally agree to, and risk losing my /24 for no discernable benefit to me. > > It seems to me that your doing nothing more than fulfilling the > stereotype of the "evil legacy holder" that some people claim I'm > saying exist (even though I've never made any such claim) Yet another ad hominen attack. You really have nothing to stand on except your own prejudices, do you? > > And, as I asked before, how are you going to move your setup to > IPv6? > I didn't answer this before because I don't spout nonsense off the top of my head, unlike some people I could name, and I need to do a bit of research before answering, but at least three possibilities come to mind: 1) I believe there is a class of addresses that can be generated from IPv4 addresses, and I can just use those. 2) Apply for v6 addresses through the normal process. 3) If I don't qualify for 2 because my network is too small, then form a cooperative with some of the 20,000 other legacy class C holders, pointlessly duplicating the work of ARIN, etc. but aquiring enough v6 addresses for all of us. If any of this is wrong, or unworkable, *you* are the one who insisted on an answer... If you're so damn smart, what would you do? > Ted > > -- John Santos Evans Griffiths & Hart, Inc. 781-861-0670 ext 539 From tedm at ipinc.net Mon Jul 9 22:26:59 2007 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Mon, 9 Jul 2007 19:26:59 -0700 Subject: [ppml] Policy Proposal: Authentication of Legacy Resources In-Reply-To: Message-ID: >-----Original Message----- >From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net]On Behalf Of >Dean Anderson >Sent: Monday, July 09, 2007 4:25 PM >To: Andrew Dul >Cc: ppml at arin.net; Edward Lewis >Subject: Re: [ppml] Policy Proposal: Authentication of Legacy Resources > > >Someone already said that ARIN is just the steward of records. I'd like >to add to that and point out that ARIN doesn't own the registrations >records any more than SRI or NSI owned the registration books before >ARIN existed. Even more specifically, ARIN is an agent of the IANA, >which is now a function of the US Department of Commerce. Legacy holders >already have a relationship with the DoC through earlier agents, and do >not require a new relationship with ARIN. ARIN is merely the custodian >of records. In that light, there are a number of problems with the >current RSA. > >Perhaps this custodianship should be changed once again, or at least put >up for bid periodically, so we can have some new management once in a >while. > And the very frist thing that any company that "won" such a bid would do is go search for new sources of revenue. As the legacy holders aren't paying, those whould be the very first ones they would go after. I would assume based on this that all the legacy holders would quash such a move. Of course, if you know of a way to fulfill the same function as ARIN for no money, you will have everyone signing up in a heartbeat. Ted From jcurran at istaff.org Mon Jul 9 22:40:52 2007 From: jcurran at istaff.org (John Curran) Date: Mon, 9 Jul 2007 22:40:52 -0400 Subject: [ppml] Policy Proposal: Authentication of Legacy Resources In-Reply-To: References: Message-ID: At 7:26 PM -0700 7/9/07, Ted Mittelstaedt wrote: >Of course, if you know of a way to fulfill the same function as ARIN >for no money, you will have everyone signing up in a heartbeat. One little nit: fulfill the same *functions* as ARIN - Records and updates and in-addr and new assignments&allocations&transfers are just a tiny bit of the job, as you also need to have the open process, public meetings, interface with other RIR's/ICANN/IANA, response to law enforcement, handling contracts, running fair and open elections, supporting the ASO, and coordinate dozens of policy proposals actions... Oh year, this year you might also want to do some outreach to the community regarding IPv6, since in a few years the community will otherwise be rather surprised. It's not free (even with all of the volunteer efforts of the AC, Board, ASO AC, and numerous PPML folks!) but it sure beats the alternative... /John From dean at av8.com Mon Jul 9 23:08:45 2007 From: dean at av8.com (Dean Anderson) Date: Mon, 9 Jul 2007 23:08:45 -0400 (EDT) Subject: [ppml] Policy Proposal: Authentication of Legacy Resources In-Reply-To: <20070710012255.GA2288@ussenterprise.ufp.org> Message-ID: On Mon, 9 Jul 2007, Leo Bicknell wrote: > In a message written on Mon, Jul 09, 2007 at 07:24:56PM -0400, Dean Anderson wrote: > > BTW, people also assert without any evidence that legacy records aren't > > correct or uptodate. This is no truth to this assertion that I can see: > > Legacy holders have as much interest as anyone else in keeping records > > uptodate. More interest, probably. Legacy holders have existed for more > > than 10 years, and so tend to be stable businesses understanding role > > contacts, and so the records don't need to be changed. Most records > > probably won't need to be changed for a long time to come. The recency > > of update has no bearing on the accuracy of the data. > > ARIN staff has asserted that a large percentage of the record > hijacking attempts are made on Legacy space records specifically > because contact information is out of date. When ARIN staff detects > these hijacking attempts they must attempt to find correct contact > information, which has been reported as difficult in many cases. And just how many of these hijacking attempts have there been? (not very many) Is this just faux "urgency" by people trying to drum up subscribers to the (fake) SORBS 'hijack' list? (http://www.iadl.org/sorbs/sorbs-story.html) > One of the reasons ARIN went to yearly billing was experience at ARIN > and elsewhere that bills sent less frequently than once a year (the > USPS mail forwarding interval, BTW have a significantly higher return > as undeliverable rate. This is one of the reasons we have yearly > billing, it helps keep records fresh. Good idea. So mail out a first class newsletter to the admin contacts, and keep track of the returns for further update efforts. Problem solved. Everyone is happy. > I'm sure ARIN staff could provide more details at the next meeting if > you are interested. Perhaps they can post on the subject on this list, sooner. --Dean -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000 From dean at av8.com Mon Jul 9 23:22:35 2007 From: dean at av8.com (Dean Anderson) Date: Mon, 9 Jul 2007 23:22:35 -0400 (EDT) Subject: [ppml] Incentive to legacy address holders In-Reply-To: Message-ID: On Mon, 9 Jul 2007, Ted Mittelstaedt wrote: > > Face the facts. Your getting something for nothing. Your getting > tracking and visibility in a system you aren't paying for - in fact, > in a system that -I'm- paying for. (or more accurately, my employer, > who due to paying for this system has less money he can pay me, and > so forth) You certainly don't seem appreciative of this. Because its not true. Legacy holders established the Internet. We took the risks to career and business to get things to where you are, just like the homesteaders of the 1800s. You are a latecomer, and deserve to pay more to benefit from our efforts. You're buying into a phase 3 development. (low risk, established) Homesteaders in the 19th century took large risks. Now, farmland is about ~$3k per acre. Subdivided housing developments go for multiples more. Maybe you notice that many of your Credit Card bills come from Sioux Falls, SD. I suppose that means there are a fair number of transplanted New York bankers working in Sioux Falls for Citibank and other banks. Are they paying more than the homesteaders? Yes. Is that unfair? No. If they would have risked life and limb in the 1800s, they'd have got the same deal. And if today those transplanted New Yorkers working in Sioux Falls began talking against the property rights of homesteaded families, do you think there would be some quick problems? You bet. The homesteaded families risked life and limb to survive, settle the territory, establish rule of law, and make it livable so companies like Citibank could move in and make a profit. The only benefit they got from that risk and effort was the thrill, adventure, and cheap property. Likewise, the Internet is here because of the efforts and risks of Legacy holders. You don't seem appreciative of that. Legacy holders need little or no attention from ARIN, and thereby require less expenditure than the newbies who come in confused, easily misled, and making trouble. > And, as I asked before, how are you going to move your setup to IPv6? Read RFC4038, and hope for the best??? How about oh, maybe, use IPv4 mapped IPv6 addresses: "::FFFF:"? Did that change? Did I miss something? Could be I did. Please tell me there is some problem with that. --Dean -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000 From tedm at ipinc.net Mon Jul 9 23:41:16 2007 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Mon, 9 Jul 2007 20:41:16 -0700 Subject: [ppml] Incentive to legacy address holders In-Reply-To: <1070709215705.10161A-100000@Ives.egh.com> Message-ID: >-----Original Message----- >From: John Santos [mailto:JOHN at egh.com] >Sent: Monday, July 09, 2007 7:25 PM >To: Ted Mittelstaedt >Cc: ppml at arin.net >Subject: RE: [ppml] Incentive to legacy address holders > > >On Mon, 9 Jul 2007, Ted Mittelstaedt wrote: > >> >> >> >-----Original Message----- >> >From: John Santos [mailto:JOHN at egh.com] >> >Sent: Monday, July 09, 2007 3:59 PM >> >To: Ted Mittelstaedt >> >Cc: Leo Bicknell; ppml at arin.net >> >Subject: RE: [ppml] Incentive to legacy address holders >> > >> > >> >On Mon, 9 Jul 2007, Ted Mittelstaedt wrote: >> > >> >> >> >> >> >> >-----Original Message----- >> >> >From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net]On >Behalf Of >> >> >John Santos >> >> >Sent: Sunday, July 08, 2007 6:47 PM >> >> >To: Leo Bicknell >> >> >Cc: ppml at arin.net >> >> >Subject: Re: [ppml] Incentive to legacy address holders >> >> > >> >> > >> >> >Under these circumstances, I can't see any sense in doing anything >> >> >else but what we are doing now, continuing as a legacy, non-RSA- >> >> >signing holder. >> >> > >> >> >> >> I guess you think your pretty smart in that you have outlined a >> >> situation you think isn't solvable in IPv4. >> >> >> >> So, when all your customers have switched over to IPv6 and are >> >> demanding that you do the same, it appears to me you will be still >> >> in exactly the same circumstances. You customers will still >be natting >> >> under IPv6 - if you don't think so, go ask them now. > >You don't know my customers. They strongly believe in "if it ain't >broke, don't fix it." > Yeah, sounds exactly like mine too. Believe it or not I've been told "the reason we don't apply Microsoft security patches is because if it ain't broke, don't fix it" (this was when talking to a customer that their line was clogged with outbound spam because their exchange server had been cracked into) >(In case you totally have the wrong end of the stick, my customers >are *NOT* buying any sort of internet service from us. We use the >internet as a tool for supporting our customers. They typically >have enormous internal networks, and may eventually implement v6 >on them, but there is no prospect they'll be turning off v4 for >decades. Switching to v6 for this function would be a pointless >waste of time for both us and them.) > No, I understood this. We have dealt with similar private-to-private interconnects ourselves and I'm aware that it is very seductive to use legal numbers for such interconnects to avoid clashes with private number space. One of the main drivers for going to IPv6 is, of course, it gives so much numbering that it should make no difference if a bit of the public numbering goes away into these kinds of connections forever. I will also point out that staying with IPv4 for your interconnect is also a solution, if the other parties don't want to update. Once the Internet switches over to IPv6 the IPv4 you have in the interconnect will be worthless anyway, so there's a great argument to leaving it alone, and nobody will care if it's legacy or not. Obviously you will have problems sourcing traffic from it into the rest of the world but generally most interconnects of these types aren't sourcing anyway. However, the mistake you made is trying to apply your situation to the global problem with legacy numbering. You set up a fairly narrow situation, and in this post you have added even more conditions to narrow it even further. Doubtless if we were to discuss it further and discuss the usual solutions used for this situation, you would bring reasons why you can't do them which would even further narrow the scope of the example. Eventually so many solutions would have been brought up and shot down that it would be obvious to anyone that your situation is so unique it's completely inapplicable to the larger discussion of legacy number holders, and you would have succeeded in invalidating the original analogy you tried to make in the first place. > >Totally bogus analogies. Why don't you propose the police go back >to their records and charge with drunk driving anyone they stopped >with a breathalyzer reading below what was then the threshold but >is now above the threshold? > Nobody is arguing that in 1993 your now-legacy assignment was assigned incorrectly or that you shouldn't have had it in 1993, or 1994 or so on. But the point that has been repeatedly made over and over on this list is that the IP numbering SCHEME is a SHARED scheme. You cannot deny that the Internet would not function if nobody agreed to respect numbering allocations - you yourself respected them when you got yours originally. What I think your blind spot is, is that your implying that conditions on the Internet haven't changed from 1993. I think a few of the old timers on this list (and keep in mind I was running UUCP back in 1982) seem to have a problem with the idea that their baby grew up into the 800 pound gorilla. You have to treat the 800 pound gorilla differently, you don't let him sit on your lap like he could when he was a baby gorilla. Life changes and we all have to change with it. Me, I absolutely deplore a lot of changes that have happened on the Internet, for example I think it's a terrible thing that child predators are able to use it nowadays to get victims, that wasn't going on a decade ago that I remember. The numbering rules that were in effect in 1993 cannot stand. As proof of this the entire IPv4 numbering scheme itself has been tossed in the garbage can, and replaced by IPv6. Yet, there's still people out there that if they got a chance would turn the clock back to 1993 and bring the old 1993 rules into 2007 and beyond. >> Face the facts. Your getting something for nothing. Your getting >> tracking and visibility in a system you aren't paying for - in fact, >> in a system that -I'm- paying for. (or more accurately, my employer, >> who due to paying for this system has less money he can pay me, and >> so forth) You certainly don't seem appreciative of this. > >I never said I wasn't willing to pay my fair share for *something* >(like v6 addresses.) I'm not willing to pay, agree to terms I did >not originally agree to, and risk losing my /24 for no discernable >benefit to me. > As others have claimed if you sign an RSA for IPv6 it doesen't affect your IPv4 holdings. I would ask, have you even e-mailed hostmaster at arin.net and asked any of these questions? > >> >> And, as I asked before, how are you going to move your setup to >> IPv6? >> > >I didn't answer this before because I don't spout nonsense off the >top of my head, unlike some people I could name, and I need to do >a bit of research before answering, but at least three possibilities >come to mind: 1) I believe there is a class of addresses that can >be generated from IPv4 addresses, and I can just use those. >2) Apply for v6 addresses through the normal process. 3) If I >don't qualify for 2 because my network is too small, then form a >cooperative with some of the 20,000 other legacy class C holders, >pointlessly duplicating the work of ARIN, etc. but aquiring enough >v6 addresses for all of us. > >If any of this is wrong, or unworkable, *you* are the one who insisted >on an answer... If you're so damn smart, what would you do? > I don't see anything wrong with #2. But keep in mind that I also feel the requirements in the following: http://www.arin.net/registration/guidelines/micro_alloc.html) are unworkable and favor large companies. But you see there's a lot of politics going on. One of the biggest problems I think is the insistence on aggregation. This is why the requirements for getting a micro allocation are unworkable for most organizations, the people that wrote them want to force every potential small holder to request from upstream. (except, of course, then the small holder is them - why if your a holder that runs a public exchange you can get a micro allocation) I mean - think of this! We have people fighting with me on this list that IPv4 is so important post-transition that ARIN must keep track of IPv4 allocations forever! They are happy to spill some 100,000+ IPv4 route entries into the public BGP table post-IPv6 for the next 50 years - yet the same folks buy off on the policy that there are too many route entries so we must restrict the micro allocations! Clearly there's contradictions in the policies, and far more in how some people view things. As I said last week nobody wants to take any steps to push IPv6 implementation, they are all expecting the other guy to just do it without trouble. And nobody had any response to that. They just bitched up a storm with the idea that it might be a good idea to one of these days just stop paying attention to IPv4. But I ask you, how do we even start uncovering these problems if the legacy holders don't want to get engaged? (and I'm not talking about you, I'm talking about the legacy holders who are out there and who aren't even reading, much less participating, in the discussion) You at least are partipating in the discussion. Ted From tedm at ipinc.net Tue Jul 10 00:08:54 2007 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Mon, 9 Jul 2007 21:08:54 -0700 Subject: [ppml] Incentive to legacy address holders In-Reply-To: Message-ID: >-----Original Message----- >From: Dean Anderson [mailto:dean at av8.com] >Sent: Monday, July 09, 2007 8:23 PM >To: Ted Mittelstaedt >Cc: John Santos; ppml at arin.net >Subject: Re: [ppml] Incentive to legacy address holders > > >On Mon, 9 Jul 2007, Ted Mittelstaedt wrote: >> >> Face the facts. Your getting something for nothing. Your getting >> tracking and visibility in a system you aren't paying for - in fact, >> in a system that -I'm- paying for. (or more accurately, my employer, >> who due to paying for this system has less money he can pay me, and >> so forth) You certainly don't seem appreciative of this. > >Because its not true. Legacy holders established the Internet. We took >the risks to career and business to get things to where you are, just >like the homesteaders of the 1800s. You are a latecomer, and deserve to >pay more to benefit from our efforts. You're buying into a phase 3 >development. (low risk, established) > That sounds perfectly fair to me. Now, let's talk about how long the latecomers are expected to pay extra. You see the problem isn't that the latecomers are paying extra. The problem is that they are paying extra and some of the homesteaders expect the situation to continue FOREVER. >Homesteaders in the 19th century took large risks. Now, farmland is >about ~$3k per acre. Subdivided housing developments go for multiples >more. Maybe you notice that many of your Credit Card bills come from >Sioux Falls, SD. I suppose that means there are a fair number of >transplanted New York bankers working in Sioux Falls for Citibank and >other banks. Are they paying more than the homesteaders? Yes. Is that >unfair? No. If they would have risked life and limb in the 1800s, >they'd have got the same deal. And if today those transplanted New >Yorkers working in Sioux Falls began talking against the property rights >of homesteaded families, do you think there would be some quick >problems? You bet. The homesteaded families risked life and limb to >survive, settle the territory, establish rule of law, and make it >livable so companies like Citibank could move in and make a profit. >The only benefit they got from that risk and effort was the thrill, >adventure, and cheap property. > And many of the homesteaders did in fact sell land and make a big chunk which after they died the inhertance taxes took quite a bit away. This is in the US, of course. In some other countries they seem to like to encourage descendents of roya-- I mean rich people, to be supported forever. >Likewise, the Internet is here because of the efforts and risks of >Legacy holders. You don't seem appreciative of that. I would think that getting a free ride for so long is a good expression of appreciation by the community? On a personal level, I've been doing my part far longer than I've been working for my current employer who is also doing it's part. Ted From JOHN at egh.com Tue Jul 10 01:24:22 2007 From: JOHN at egh.com (John Santos) Date: Tue, 10 Jul 2007 01:24:22 -0400 Subject: [ppml] Incentive to legacy address holders In-Reply-To: Message-ID: <1070710002314.10161A-100000@Ives.egh.com> On Mon, 9 Jul 2007, Ted Mittelstaedt wrote: > > > >-----Original Message----- > >From: John Santos [mailto:JOHN at egh.com] > >Sent: Monday, July 09, 2007 7:25 PM > >To: Ted Mittelstaedt > >Cc: ppml at arin.net > >Subject: RE: [ppml] Incentive to legacy address holders > > > > > >On Mon, 9 Jul 2007, Ted Mittelstaedt wrote: > > > >> > >> > >> >-----Original Message----- > >> >From: John Santos [mailto:JOHN at egh.com] > >> >Sent: Monday, July 09, 2007 3:59 PM > >> >To: Ted Mittelstaedt > >> >Cc: Leo Bicknell; ppml at arin.net > >> >Subject: RE: [ppml] Incentive to legacy address holders > >> > > >> > > >> >On Mon, 9 Jul 2007, Ted Mittelstaedt wrote: > >> > > >> >> > >> >> > >> >> >-----Original Message----- > >> >> >From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net]On > >Behalf Of > >> >> >John Santos > >> >> >Sent: Sunday, July 08, 2007 6:47 PM > >> >> >To: Leo Bicknell > >> >> >Cc: ppml at arin.net > >> >> >Subject: Re: [ppml] Incentive to legacy address holders > >> >> > > >> >> > > >> >> >Under these circumstances, I can't see any sense in doing anything > >> >> >else but what we are doing now, continuing as a legacy, non-RSA- > >> >> >signing holder. > >> >> > > >> >> > >> >> I guess you think your pretty smart in that you have outlined a > >> >> situation you think isn't solvable in IPv4. > >> >> > >> >> So, when all your customers have switched over to IPv6 and are > >> >> demanding that you do the same, it appears to me you will be still > >> >> in exactly the same circumstances. You customers will still > >be natting > >> >> under IPv6 - if you don't think so, go ask them now. > > > >You don't know my customers. They strongly believe in "if it ain't > >broke, don't fix it." > > > > Yeah, sounds exactly like mine too. Believe it or not I've been told > "the reason we don't apply Microsoft security patches is because if > it ain't broke, don't fix it" (this was when talking to a customer > that their line was clogged with outbound spam because their exchange > server had been cracked into) > > >(In case you totally have the wrong end of the stick, my customers > >are *NOT* buying any sort of internet service from us. We use the > >internet as a tool for supporting our customers. They typically > >have enormous internal networks, and may eventually implement v6 > >on them, but there is no prospect they'll be turning off v4 for > >decades. Switching to v6 for this function would be a pointless > >waste of time for both us and them.) > > > > No, I understood this. We have dealt with similar private-to-private > interconnects ourselves > and I'm aware that it is very seductive to use legal numbers for such > interconnects to avoid clashes with private number space. > > One of the main drivers for going to IPv6 > is, of course, it gives so much numbering that it should make no difference > if > a bit of the public numbering goes away into these kinds of connections > forever. > > I will also point out that staying with IPv4 for your > interconnect is also a solution, if the other parties don't want to > update. Once the Internet switches over to > IPv6 the IPv4 you have in the interconnect will be worthless anyway, > so there's a great argument to leaving it alone, and nobody will > care if it's legacy or not. Obviously you will have problems sourcing > traffic from it into the rest of the world but generally most > interconnects of these types aren't sourcing anyway. > > However, the mistake you made is trying to apply your situation to > the global problem with legacy numbering. You set up a fairly narrow No, I did not say anything about any global problem. I just described my situation and said it did not seem to fit in with what was being discussed. I don't know how many others are in the same situation, it might be extremely rare or it might be very common. > situation, and in this post you have added even more conditions to > narrow it even further. Doubtless if we were to discuss it further > and discuss the usual solutions used for this situation, you would bring > reasons why you can't do them which would even further narrow the > scope of the example. Eventually so many solutions would have been > brought up and shot down that it would be obvious to anyone that > your situation is so unique it's completely inapplicable to the > larger discussion of legacy number holders, and you would have succeeded > in invalidating the original analogy you tried to make in the first > place. What analogy? I didn't make any analogy. I just described reality. > > > > >Totally bogus analogies. Why don't you propose the police go back > >to their records and charge with drunk driving anyone they stopped > >with a breathalyzer reading below what was then the threshold but > >is now above the threshold? > > > Oh, this analogy? You mean my mocking response to *your* ridiculous analogies (which you conveniently snipped?) > Nobody is arguing that in 1993 your now-legacy assignment was assigned > incorrectly or that you shouldn't have had it in 1993, or 1994 or > so on. But the point that has been repeatedly made over and over on > this list is that the IP numbering SCHEME is a SHARED scheme. > > You cannot deny that the Internet would not function if nobody agreed to > respect numbering allocations - you yourself respected them when you > got yours originally. > > What I think your blind spot is, is that your implying that conditions > on the Internet haven't changed from 1993. I think a few of the old timers > on this list (and keep in mind I was running UUCP back in 1982) seem > to have a problem with the idea that their baby grew up into the 800 pound > gorilla. > > You have to treat the 800 pound gorilla differently, you don't let him > sit on your lap like he could when he was a baby gorilla. Life changes > and we all have to change with it. Me, I absolutely deplore a lot of > changes that have happened on the Internet, for example I think it's a > terrible thing that child predators are able to use it nowadays to get > victims, that wasn't going on a decade ago that I remember. > > The numbering rules that were in effect in 1993 cannot stand. As proof of > this the entire IPv4 numbering scheme itself has been tossed in the > garbage can, and replaced by IPv6. Yet, there's still people out there > that if they got a chance would turn the clock back to 1993 and > bring the old 1993 rules into 2007 and beyond. I'm not one of them. But I think some babies (whether they grew up to be 800 pound gorillas or bonobos) got thrown out with the bath water... And if IPv4 has been replaced by IPv6, why do you care about legacy v4 assignments anymore? (Down below, it sounds like you don't... :-) > > >> Face the facts. Your getting something for nothing. Your getting > >> tracking and visibility in a system you aren't paying for - in fact, > >> in a system that -I'm- paying for. (or more accurately, my employer, > >> who due to paying for this system has less money he can pay me, and > >> so forth) You certainly don't seem appreciative of this. > > > >I never said I wasn't willing to pay my fair share for *something* > >(like v6 addresses.) I'm not willing to pay, agree to terms I did > >not originally agree to, and risk losing my /24 for no discernable > >benefit to me. > > > > As others have claimed if you sign an RSA for IPv6 it doesen't affect > your IPv4 holdings. I would ask, have you even e-mailed hostmaster at arin.net > and asked any of these questions? > Not yet. I don't need v6 *yet*. I probably will someday. I've got an O'Reilly book on my desk that I'll read someday when I have time. :-) So if I sign up for a v6 allocation and sign the RSA and pay my $100 per year, will I still be in danger of losing my v4 allocation as various policy proposals being discussed here seem to indicate? Will I in fact increase the danger of that happening? (Leo seemed to indicate in another subthread that I'm using enough of my /24 to be safe, currently 126 hosts in my DNS, but I know some of them are defunct.) > > > >> > >> And, as I asked before, how are you going to move your setup to > >> IPv6? > >> > > > >I didn't answer this before because I don't spout nonsense off the > >top of my head, unlike some people I could name, and I need to do > >a bit of research before answering, but at least three possibilities > >come to mind: 1) I believe there is a class of addresses that can > >be generated from IPv4 addresses, and I can just use those. > >2) Apply for v6 addresses through the normal process. 3) If I > >don't qualify for 2 because my network is too small, then form a > >cooperative with some of the 20,000 other legacy class C holders, > >pointlessly duplicating the work of ARIN, etc. but aquiring enough > >v6 addresses for all of us. > > > >If any of this is wrong, or unworkable, *you* are the one who insisted > >on an answer... If you're so damn smart, what would you do? > > > > I don't see anything wrong with #2. But keep in mind that I also > feel the requirements in the following: > > http://www.arin.net/registration/guidelines/micro_alloc.html) > > are unworkable and favor large companies. But you see there's a lot > of politics going on. One of the biggest problems I think is the > insistence on aggregation. This is why the > requirements for getting a micro allocation are unworkable for most > organizations, the people that wrote them want to force every potential > small holder to request from upstream. (except, of course, then the > small holder is them - why if your a holder that runs a public exchange > you can get a micro allocation) > I think it would fall under the Exchange Point Operator category. But I'm not sure. The other two categories clearly don't apply (Critical Network Infrastructure, it's critical to us, and to our customers, but not to the world at large, and Non-Routed Core Addressing, which requires that you already have a v6 allocation. > I mean - think of this! We have people fighting with me on this list > that IPv4 is so important post-transition that ARIN must keep track of > IPv4 allocations forever! They are happy to spill some 100,000+ > IPv4 route entries into the public BGP table post-IPv6 for the next 50 > years - yet the same folks buy off on the policy that there are too many > route entries so we must restrict the micro allocations! As I pointed out previously, my /24 (and future v6 allocation) doesn't need to go out to the public BGP table (though it would be nice if it did, I can live with it remaining on our private networks.) > > Clearly there's contradictions in the policies, and far more in how some > people view things. As I said last week nobody wants to take any steps > to push IPv6 implementation, they are all expecting the other guy to > just do it without trouble. And nobody had any response to that. They > just bitched up a storm with the idea that it might be a good idea to > one of these days just stop paying attention to IPv4. But I ask you, how > do we even start uncovering these problems if the legacy holders don't > want to get engaged? (and I'm not talking about you, I'm talking about > the legacy holders who are out there and who aren't even reading, much > less participating, in the discussion) You at least are partipating in > the discussion. > > Ted > > > > -- John Santos Evans Griffiths & Hart, Inc. 781-861-0670 ext 539 From stephen at sprunk.org Tue Jul 10 01:04:09 2007 From: stephen at sprunk.org (Stephen Sprunk) Date: Tue, 10 Jul 2007 00:04:09 -0500 Subject: [ppml] IPv4 "Up For Grabs" proposal References: Message-ID: <002c01c7c2b3$0a21f2c0$020110ac@atlanta.polycom.com> Thus spake "Ted Mittelstaedt" > So then if the membership doesen't want IPv4 to be removed > from the registries, then what is going to be created is a > situation where nobody has any incentive to remove their IPv4 > reachability, nor remove the ability for their customers to reach > IPv4 sites. Once IPv6 is fully working and IPv4 is no longer necessary, there will be a financial incentive to remove it. The problem is how long it will be until we reach that point. > However, if we do this, then don't you see that ALL IPv4 holders, > not just the legacy ones, will never have any incentive to drop > IPv4. Running two protocols instead of one costs money. Paying v4 fees as opposed to the lower v6 fees costs money. The beancounters will shut off v4 as soon as they can get away with it. S Stephen Sprunk "Those people who think they know everything CCIE #3723 are a great annoyance to those of us who do." K5SSS --Isaac Asimov From peter at boku.net Tue Jul 10 01:35:05 2007 From: peter at boku.net (Peter Eisch) Date: Tue, 10 Jul 2007 00:35:05 -0500 Subject: [ppml] Policy Proposal: Authentication of Legacy Resources In-Reply-To: <20070709210434.21326.qmail@hoster908.com> Message-ID: On 7/9/07 4:04 PM, "Andrew Dul" wrote: > While I agree that we shouldn't be taking away information, the fact that > approx. 50% of the legacy records have not been updated since ARIN's inception > tells me that more needs to be done to make sure that the records are updated > as best as possible. This policy is an attempt to conduct an outreach to > legacy resource holders with some consequences for not taking any action. The information in my records are, oddly enough, still correct and valid. Are we required to change them regularly even if it isn't a material change? peter From michael.dillon at bt.com Tue Jul 10 06:44:41 2007 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Tue, 10 Jul 2007 11:44:41 +0100 Subject: [ppml] IPv4 "Up For Grabs" proposal In-Reply-To: References: <20070709203143.GK9951@elvis.mu.org> Message-ID: > In short, IPv4 will NEVER "go away" Your proposing a future > were we add IPv6, and nobody ever gives up IPv4 resources. > So the Internet merely becomes an Internet of both IPv6 and > IPv4, not an Internet of IPv4 only or an Internet of > IPv6 only. First of all, it is not ARIN's place to make IPv4 go away. It is a perfectly good technology that has proven itself in the field. Just like the Intel 8080 architecture, it will probably not go away for a long, long time. Instead it will be used in areas where IPv6 is immature or where Internet connectivity is NOT a desired characteristic. As far as IPv4 on the Internet is concerned, if people want to continue using transition technologies for the next 20 years, then ARIN should support that use by maintaining a proper IPv4 registry, in-addr.arpa, and so on. > However, if we do this, then don't you see that ALL IPv4 > holders, not just the legacy ones, will never have any > incentive to drop IPv4. Incentives are not manufactured. When you try to manufacture incentives, you often make yourself the target of hatred instead of providing the incentive that you intended. ARIN, quite rightly, does not manufacture incentives. The most ARIN does is to try and make sure that ARIN itself is not a barrier to IPv6 adoption because ARIN realizes that IPv6 is the only way to resolve the problem of IPv4 address exhaustion. --Michael Dillon From mysidia at gmail.com Tue Jul 10 08:38:26 2007 From: mysidia at gmail.com (James Hess) Date: Tue, 10 Jul 2007 07:38:26 -0500 Subject: [ppml] IPv4 "Up For Grabs" proposal In-Reply-To: References: <20070709203143.GK9951@elvis.mu.org> Message-ID: <6eb799ab0707100538q4d8d1eb5o247a618ab2fbf0ed@mail.gmail.com> > incentives. The most ARIN does is to try and make sure that ARIN itself > is not a barrier to IPv6 adoption because ARIN realizes that IPv6 is the > only way to resolve the problem of IPv4 address exhaustion. IPv6 creates other problems (i.e. it incurs costs due to the large size of the addresses it uses). It is not necessarily the only way to resolve the problem of IPv4 exhaustion, and it's not a RIR's place to try to deprecate the IPv4, the RIRs are the stewards of the address space and continue to do their job, otherwise, a new RIR could be formed to fill in the void. Unless at a point there truly are too few IPv4 users to care. Most connected hosts do not need to accept inbound connections, and an alternative would be say for ISPs to NAT and PAT everything. The NAT-capable technology is cheaper and possibly already well in place. The same cannot be said of IPv6, it is in fact possible that it will be preferred. In that case, ISPs ultimately reclaim public addresses not used for servers, make customers pay dearly for each public IP, and resolve the problem of IPv4 exhaustion by reducing the number of public IP addresses that are justifiable for any user of address space, to a small number of hosts that are used for operating well-known services to the public. And they actually gain an advantage by doing so -- the scarcity of IPv4 addresses and the difficulty of obtaining address space creates a barrier to entry for new hosting providers to ever form. This means (when using IPv4), older ISPs/ hosting providers with more ip addresses get a competitive advantage out of the mess. At that point, why would they ever give up the advantage, and replace a perfectly good NAT solution by adoptiong IPv6 as a preferred technology? In many ways, IPv6 is the superior, cleaner, "more correct" technology. But superior, "more correct" technologies do not always win the marketplace, particularly not when they are more expensive, and a simpler solution to the problem that would cause the change is already available without taking on the risk of switching to a brand new protocol. -- -J From jcurran at istaff.org Tue Jul 10 09:08:48 2007 From: jcurran at istaff.org (John Curran) Date: Tue, 10 Jul 2007 09:08:48 -0400 Subject: [ppml] IPv4 "Up For Grabs" proposal In-Reply-To: <6eb799ab0707100538q4d8d1eb5o247a618ab2fbf0ed@mail.gmail.com> References: <20070709203143.GK9951@elvis.mu.org> <6eb799ab0707100538q4d8d1eb5o247a618ab2fbf0ed@mail.gmail.com> Message-ID: At 7:38 AM -0500 7/10/07, James Hess wrote: >In that case, ISPs ultimately reclaim public addresses not used for servers, >make customers pay dearly for each public IP, and resolve the problem of IPv4 >exhaustion by reducing the number of public IP addresses that are justifiable >for any user of address space, to a small number of hosts that are used for >operating well-known services to the public. James - Your suggestion (just continue to use IPv4, with smaller and smaller assignments to end-sites) works fine, at least for the immediate future. It not only delays depletion of IPv4, it also reduces the routing entries per new end-site. The challenge is that once there is not readily available new blocks of IPv4 space for the ISP's, they will need to explore new avenues to obtain new IPv4 to connect new customers. Some approaches (such as nicely asking your own customers with extra PA space to return it, or mining your network for unused 'stranded' space) work just fine and don't cause global impact. Some of the approaches (getting really big presently unannounced IPv4 address blocks from parties which forgot they were supposed to return them) also work with effectively the same global routing impact as today's system. However, there will be a natural tendency for providers of such big address space to make it into smaller blocks, since many smaller sales (particularly as scarcity increases) could be far more lucrative than the one big transfer. Further, there will be a tendency to start mining IPv4 space from areas with even smaller potential return (such as unused space in ARIN PI or other ISP PA end-site assignments). Unfortunately, as the pressure to continue to connect customers increases, these approaches become inevitable, and result in enormous load on the global routing system, leading eventually to nearly one to one ratio in new global routes to new customers. At that point, it really doesn't matter if super backbone routers can do 500,000, 1M, 5M, or 10M routes, they're not going to keep up with a one-customer/one-global-route scenario. If you've got a way to keep IPv4 running, and still maintain the enough hierarchy to keep global routing running, then it's time to enter the spotlight and share the secret. There is no doubt that its so much easier for us all to stay on IPv6 then to move to IPv4, we just don't know how to do it, and still keep the Internet running. /John From michael.dillon at bt.com Tue Jul 10 09:17:00 2007 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Tue, 10 Jul 2007 14:17:00 +0100 Subject: [ppml] IPv4 "Up For Grabs" proposal In-Reply-To: <6eb799ab0707100538q4d8d1eb5o247a618ab2fbf0ed@mail.gmail.com> References: <20070709203143.GK9951@elvis.mu.org> <6eb799ab0707100538q4d8d1eb5o247a618ab2fbf0ed@mail.gmail.com> Message-ID: > Most connected hosts do not need to accept inbound > connections, and an alternative would be say for ISPs to NAT > and PAT everything. That used to be true 10 years ago, but the trend is against this. For instance: http://gizmoproject.com/ Standards based Voice over IP is spreading and although there are ways to make it work with NAT and PAT, they are not pretty and not a universal solution. > In that case, ISPs ultimately reclaim public addresses not > used for servers, make customers pay dearly for each public > IP, Even if an ISP did reclaim IPv4 addresses from consumer customers, I doubt they would be able to make customers pay for an IPv4 address when the competition is offering a free /48 using IPv6 with no NAT/PAT and no restrictions regarding running servers. Internal reclamation may indeed push back the runout date for IPv4 but it will not remove the imperative to enable IPv6 services and IPv6 Internet access. --Michael Dillon From jcurran at istaff.org Tue Jul 10 09:25:06 2007 From: jcurran at istaff.org (John Curran) Date: Tue, 10 Jul 2007 09:25:06 -0400 Subject: [ppml] IPv4 "Up For Grabs" proposal [MORE] In-Reply-To: References: <20070709203143.GK9951@elvis.mu.org> <6eb799ab0707100538q4d8d1eb5o247a618ab2fbf0ed@mail.gmail.com> Message-ID: It just occurred to me that my response was to a message that was part of a policy proposal discussion. I have no opinion whatsoever on the particular policy proposal; I just wanted to make sure that the particular issue with "just staying with IPv4" was clear. /John At 9:08 AM -0400 7/10/07, John Curran wrote: >At 7:38 AM -0500 7/10/07, James Hess wrote: >>In that case, ISPs ultimately reclaim public addresses not used for servers, >>make customers pay dearly for each public IP, and resolve the problem of IPv4 >>exhaustion by reducing the number of public IP addresses that are justifiable >>for any user of address space, to a small number of hosts that are used for >>operating well-known services to the public. > >James - > > Your suggestion (just continue to use IPv4, with smaller and > smaller assignments to end-sites) works fine, at least for the > immediate future. It not only delays depletion of IPv4, it also > reduces the routing entries per new end-site. > > The challenge is that once there is not readily available new > blocks of IPv4 space for the ISP's, they will need to explore > new avenues to obtain new IPv4 to connect new customers. > Some approaches (such as nicely asking your own customers > with extra PA space to return it, or mining your network for > unused 'stranded' space) work just fine and don't cause global > impact. Some of the approaches (getting really big presently > unannounced IPv4 address blocks from parties which forgot > they were supposed to return them) also work with effectively > the same global routing impact as today's system. > > However, there will be a natural tendency for providers of such > big address space to make it into smaller blocks, since many > smaller sales (particularly as scarcity increases) could be far > more lucrative than the one big transfer. Further, there will > be a tendency to start mining IPv4 space from areas with > even smaller potential return (such as unused space in ARIN > PI or other ISP PA end-site assignments). Unfortunately, > as the pressure to continue to connect customers increases, > these approaches become inevitable, and result in enormous > load on the global routing system, leading eventually to nearly > one to one ratio in new global routes to new customers. At > that point, it really doesn't matter if super backbone routers > can do 500,000, 1M, 5M, or 10M routes, they're not going > to keep up with a one-customer/one-global-route scenario. > > If you've got a way to keep IPv4 running, and still maintain > the enough hierarchy to keep global routing running, then > it's time to enter the spotlight and share the secret. There > is no doubt that its so much easier for us all to stay on IPv6 > then to move to IPv4, we just don't know how to do it, and > still keep the Internet running. > >/John >_______________________________________________ >This message sent to you through the ARIN Public Policy Mailing List >(PPML at arin.net). >Manage your mailing list subscription at: >http://lists.arin.net/mailman/listinfo/ppml From Ed.Lewis at neustar.biz Tue Jul 10 09:37:32 2007 From: Ed.Lewis at neustar.biz (Edward Lewis) Date: Tue, 10 Jul 2007 09:37:32 -0400 Subject: [ppml] Policy Proposal: Authentication of Legacy Resources In-Reply-To: <20070709210434.21326.qmail@hoster908.com> References: <20070709210434.21326.qmail@hoster908.com> Message-ID: At 13:04 -0800 7/9/07, Andrew Dul wrote: Thanks for the reply, it gives me a different perspective on this. >While I agree that we shouldn't be taking away information, the fact that >approx. 50% of the legacy records have not been updated since ARIN's >inception tells me that more needs to be done to make sure that the records >are updated as best as possible. This policy is an attempt to conduct an >outreach to legacy resource holders with some consequences for not taking >any action. My first reaction is to then being the legacy DNS delegations under the Lame Delegation policy (2005-1 and 2002-1). That's just to get rid of stale and misleading information regarding delegations from the DNS. Realizing that there isn't guaranteed to be a 1:1 correlation between the untouched legacy registrations and lame or broken DNS delegations (I'm sure there will be examples that break that "stereotype" in both directions) this is one way to clean up any in-network mess being caused. It would be interesting to note the correlation of Lame/Broken delegation rates to the kind of delegation (legacy or ARIN). >By setting a sunset time line for Legacy reverse DNS records we hopefully can >accomplish two goals. 1. Formalize the relationship between the ARIN and >active legacy address holders. 2. Start the process of marking address space >that is no-longer in active use. The goal here is not reclamation but >rather updating the database with accurate information from Legacy holders >and continuing that relationship long-term. I have strong objection to #2. In as much as "ARIN does not dictate routing policy" how does one detect that a number resource is "no-longer in active use?" The purpose of ARIN is uniqueness, not routability. After first coming to my personal conclusion that there is no reliable way to decide whether a number resource is in use (e.g., it could be used in a network between two apartments in NYC air-gapped from the rest of the world). As far as #1, I don't think that it is appropriate to use the sunsetting of a service as a motivation to get the other side to agree to a formal relationship. (I suppose this is done in business, my cable company recently moved a PBS station from analog cable to digital cable and presumably to charge more, about $20/month, to see the shows I was already paying for.) >There are a lot of reasons that have been discussed. I'll just name some >that I have heard, there are probably others. > >- Legitimize & confirm legacy holders right to use space they were assigned >- Remove ambiguity about the status of legacy holder's address space I agree that the above two are good and worthy goals, I'd include this in any documentation about this effort (whether this remains a policy, is shunted through the consultation and suggestion thing, or is taken as a board matter. >- Create a relationship with legacy holders, including a yearly "touch-point" > to help insure that records are up-to-date This sounds credible, but touch-point sounds like money changing hands. Then again, I'm sounding cynical based on troll-induced threads that the RIRs are only after money and power. >- ARIN currently provides services to legacy holders for "free", as ARIN is > a cost-recovery non-profit, some believe that all address space holders > should share in the costs of providing these services. This I disagree with. "Address space holders" (I don't mean to be pedantic but to keep us disciplined - "Number resource holders") aren't the only ones benefiting from ARIN's services. Many rely on the DNS and WhoIs that are not holders of resources, although you can argue that the holding of a resource is made "valuable" because of the role ARIN and the other RIR's have. If we tie the cost-recovery burden to holding number resources, then how is this different from charging rent? Okay, beside the target of 0% profit and a say in the determination of the overall costs of operating ARIN (via membership approval of budget items). It would be nice of the burden of operating ARIN is adequately shared, but that probably won't happen. We'll remain in a state where certain interests will fund ARIN because the interests have a greater need for ARIN to be. >Preventing the in-addr DNS queries from returning answers is an >interesting concept, and not one that I have considered. If people think >this is a better method than removing the delegations to motivate legacy >holders to create a formal agreement with ARIN, I'd be open to modifying >the policy. My initial concern with this approach would be that this >approach could be more operationally difficult to deal with. It is pretty >easy to understand why a query returns no records if there isn't a valid set >of NS records for a zone. If your query was answered or not depending on >the source of your query, that could be hard to troubleshoot and understand >for the operational community. Whether what I had suggested is appropriate or not for ARIN, this is a model used in other industries in which operational data sharing benefits a segment. The attitude is that consumers of the data band together and try to learn all they can about the "universe." Data in is free, data out costs. But that model is not going to be easy to retrofit into the public Internet. So, perhaps I'm just wasting bits. >The best reason I have seen is that it legitimizes an organizations right >to use specific IP address resources. There is no ambiguity or risk that >the resources could be reused, reissued, or records otherwise invalidated. Isn't having gotten the legacy resource enough of a justification? It's legitimate. It's ARIN's responsibility that no other uses the same space - if ARIN allocated me a resource that was allocated as a legacy, ARIN has done me wrong and the legacy holder wrong. >I agree that creating barriers in general is not a good idea. I would >certainly like to see ARIN do an outreach specifically to legacy holders. My >attempt with this policy was to create an incentive (loss of current in-addr >service) to encourage the establishing of a formal relationship and the >ongoing relationship that would help keep the records as up-to-date. >In addition I see additional incentives in affirming an organizations right >to use number resources granted prior to the formation of ARIN. Where I am losing the faith is that I believe that legacy holders already have full legitimacy and rights to the resource. They paid their dues by playing the role of an early adopter. But their benefit ends with their own (personal or single organizational) use of the IPv4 space, this privilege does not extend to IPv6 nor transferrable to another entity. I am not sure whether it is the resource that is special or the allocation (i.e., that which ends when the resource is released) that is special. I don't think that a legacy resource should be touched in anyway by ARIN policy, not renewal, not reviewable, not reclaimable, not part of the usage calculation. Perhaps I'd agree with extending the IPv6 fee wavier to legacy holders, not just to whom it is available to now (as an incentive to join up). There are other incentives I'd hold out for legacy holders, such as cryptographic protection for the legacy space (records and certification). But I don't think we have the right to expect that they *should* join in. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis +1-571-434-5468 NeuStar Think glocally. Act confused. From Keith at jcc.com Tue Jul 10 11:01:38 2007 From: Keith at jcc.com (Keith W. Hare) Date: Tue, 10 Jul 2007 11:01:38 -0400 Subject: [ppml] Policy Proposal: Authentication of Legacy Resources Message-ID: > -----Original Message----- > From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On > Behalf Of Andrew Dul > Sent: Monday, July 09, 2007 5:05 PM > To: Edward Lewis; > Subject: Re: [ppml] Policy Proposal: Authentication of Legacy > Resources > ... > > I agree that creating barriers in general is not a good idea. > I would certainly like to see ARIN do an outreach > specifically to legacy holders. My attempt with this policy > was to create an incentive (loss of current in-addr service) > to encourage the establishing of a formal relationship and > the ongoing relationship that would help keep the records as > up-to-date. In addition I see additional incentives in > affirming an organizations right to use number resources > granted prior to the formation of ARIN. > I currently see two barriers to establishing a formal relationship with ARIN for our /24 legacy address allocation. 1. I don't see how to accomplish establishing a formal relationship -- the informaton on how to accomplish this is not easily available. 2. I am unlikely to sign an agreement that does not protect our use of our /24 address allocation. Keith ______________________________________________________________ Keith W. Hare JCC Consulting, Inc. keith at jcc.com 600 Newark Road Phone: 740-587-0157 P.O. Box 381 Fax: 740-587-0163 Granville, Ohio 43023 http://www.jcc.com USA ______________________________________________________________ From rich at nic.umass.edu Tue Jul 10 11:02:40 2007 From: rich at nic.umass.edu (Rich Emmings) Date: Tue, 10 Jul 2007 11:02:40 -0400 (EDT) Subject: [ppml] Policy Proposal: Authentication of Legacy Resources In-Reply-To: <20070706163335.831.qmail@hoster908.com> References: <20070706163335.831.qmail@hoster908.com> Message-ID: Opposed as written. Much legacy space predates ARIN which makes for odd grandfathering issues. I'd want to at least hear from ARIN vis a via the workload on this. Finally, the contact data may be 15 years old, but that doesn't relate to it's veracity. If it's out of date, how do you get a hold of someone to let them know it's out of data? Breaking their Internet isn't a nice thing to do. Who gets sued when it happens? From michael.dillon at bt.com Tue Jul 10 11:23:28 2007 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Tue, 10 Jul 2007 16:23:28 +0100 Subject: [ppml] Policy Proposal: Authentication of Legacy Resources In-Reply-To: References: <20070706163335.831.qmail@hoster908.com> Message-ID: > Finally, the contact data may be 15 years old, but that > doesn't relate to it's veracity. If it's out of date, how do > you get a hold of someone to let them know it's out of data? > Breaking their Internet isn't a nice thing to do. Who gets > sued when it happens? I wonder what the courts would think if a plaintiff admitted that they had not contacted their provider of critical infrastructure for the past 15 years? Might the courts consider that the plaintiff had been negligent and therefore, the author of their own misfortune? Lawsuits are like a shotgun with a barrel which shoots out both ends, and after you pull the trigger, someone else decides whether you blast yourself in the face, or whether your opponent gets shot. Also, courts do not like to award a case to plaintiffs who have not taken some steps to mitigate the damage which they claim to have suffered. ARIN's duty is to ensure that potential plaintiffs have ample opportunity to come on board with the rest of the IPv4-using community so that if someone does point a lawsuit shotgun at ARIN, the blast will go back on themselves. Note that ARIN could still break someone's Internet by shutting off in-addr.arpa and still come off scot free in the courts. It is not the act of shutting off the free service that determines liability. It is the whole process surrounding it. The open discussion on this list is one of the things that strengthens ARIN's ability to shut off free in-addr.arpa services if a legacy holder does not come on board with the rest of the community. --Michael Dillon From Ed.Lewis at neustar.biz Tue Jul 10 11:35:02 2007 From: Ed.Lewis at neustar.biz (Edward Lewis) Date: Tue, 10 Jul 2007 11:35:02 -0400 Subject: [ppml] Policy Proposal: Authentication of Legacy Resources In-Reply-To: References: <20070709210434.21326.qmail@hoster908.com> Message-ID: Some errata - I was distracted while trying to write my notes... At 9:37 -0400 7/10/07, Edward Lewis wrote: >I have strong objection to #2. In as much as "ARIN does not dictate >routing policy" how does one detect that a number resource is >"no-longer in active use?" The purpose of ARIN is uniqueness, not >routability. After first coming to my personal conclusion that there >is no reliable way to decide whether a number resource is in use >(e.g., it could be used in a network between two apartments in NYC >air-gapped from the rest of the world). ...I was going to continue to say that "reclaiming space would be quixotic". But then I noticed you said that the purpose wasn't reclaiming space. I didn't remove enough of the sentence. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis +1-571-434-5468 NeuStar Think glocally. Act confused. From andrew.dul at quark.net Tue Jul 10 12:33:31 2007 From: andrew.dul at quark.net (=?iso-8859-1?Q?Andrew=20Dul?=) Date: Tue, 10 Jul 2007 08:33:31 -0800 Subject: [ppml] Policy Proposal: Authentication of Legacy Resources Message-ID: <20070710163331.4046.qmail@hoster908.com> > -------Original Message------- > From: Keith W. Hare > Subject: Re: [ppml] Policy Proposal: Authentication of Legacy Resources > Sent: 10 Jul '07 07:01 > > > > > -----Original Message----- > > From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On > > Behalf Of Andrew Dul > > Sent: Monday, July 09, 2007 5:05 PM > > To: Edward Lewis; > > Subject: Re: [ppml] Policy Proposal: Authentication of Legacy > > Resources > > > ... > > > > I agree that creating barriers in general is not a good idea. > > I would certainly like to see ARIN do an outreach > > specifically to legacy holders. My attempt with this policy > > was to create an incentive (loss of current in-addr service) > > to encourage the establishing of a formal relationship and > > the ongoing relationship that would help keep the records as > > up-to-date. In addition I see additional incentives in > > affirming an organizations right to use number resources > > granted prior to the formation of ARIN. > > > I currently see two barriers to establishing a formal relationship with > ARIN for our /24 legacy address allocation. > > 1. I don't see how to accomplish establishing a formal relationship -- > the informaton on how to accomplish this is not easily available. > > 2. I am unlikely to sign an agreement that does not protect our use of > our /24 address allocation. > I hope that both of these barriers are lowered by this policy proposal. 1: The proposal specifically asks ARIN to do an outreach to legacy holders, publish how to establish those formal relationships, and sets an 18 month time frame to accomplish the outreach project. 2: The proposal also specifically calls for a version of the RSA which would protect the usage of assignments for legacy holders and basically ignore utilization requirements on legacy assignments as long as an organization does not request additional address space from ARIN. Andrew From rich at nic.umass.edu Tue Jul 10 12:46:14 2007 From: rich at nic.umass.edu (Rich Emmings) Date: Tue, 10 Jul 2007 12:46:14 -0400 (EDT) Subject: [ppml] Policy Proposal: Authentication of Legacy Resources In-Reply-To: References: <20070706163335.831.qmail@hoster908.com> Message-ID: On Tue, 10 Jul 2007, michael.dillon at bt.com wrote: >> Finally, the contact data may be 15 years old, but that >> doesn't relate to it's veracity. If it's out of date, how do >> you get a hold of someone to let them know it's out of data? >> Breaking their Internet isn't a nice thing to do. Who gets >> sued when it happens? > > I wonder what the courts would think if a plaintiff admitted that they > had not contacted their provider of critical infrastructure for the past > 15 years? Might the courts consider that the plaintiff had been > negligent and therefore, the author of their own misfortune? I think it's called extortion, when you have no agreement with an organization, and they say "Give us money or else" or "Sign this or else" If can sign an RSA, but don't have to, legacy user, it is a voluntary document, and legacy assets can't be held do it. I'll restate, just because it's 15 years old, doesn't mean it's not valid. Put this into a court of law, and I can guarantee everyone on this list will be worse off of the outcome, with 12 [probably] non-technical people making this decision. ("which end of the pipe is this again????") But we can go around in circles. Doesn't matter how we got here, we're here. ObConstructive: I have no disagreement with writing a letter asking a non-RSA legacy holder if they are using the asset. At worse case, the realize they have an asset, and keep it, and we're no worse off then we are now. Why do we have to go to the woodshed and get out the largest stick? Let's not threaten everyone as a first step. From andrew.dul at quark.net Tue Jul 10 12:49:20 2007 From: andrew.dul at quark.net (=?iso-8859-1?Q?Andrew=20Dul?=) Date: Tue, 10 Jul 2007 08:49:20 -0800 Subject: [ppml] Policy Proposal: Authentication of Legacy Resources Message-ID: <20070710164920.18218.qmail@hoster908.com> > -------Original Message------- > From: Rich Emmings > Subject: Re: [ppml] Policy Proposal: Authentication of Legacy Resources > Sent: 10 Jul '07 07:02 > > Opposed as written. > Is there something specific in the policy that you oppose or do you oppose the entire concept? > Much legacy space predates ARIN which makes for odd grandfathering issues. > All legacy space predates ARIN. Legacy space is defined as space that was assigned/allocated before ARIN. This policy is intended to try and clean up those "odd grandfathering issues", by formalizing the relationships between legacy space holders and ARIN. > I'd want to at least hear from ARIN vis a via the workload on this. > ARIN staff will prepare their assessment of the workload required to implement this policy as part of the policy development process, that assessment has usually been posted shortly before the public policy meeting. > Finally, the contact data may be 15 years old, but that doesn't relate to > it's veracity. True, I didn't mean to imply that just because data is old it is in accurate, but I believe that in general the older data gets the more likely it is to be incorrect. We might not have an wholly accurate picture of how many legacy records are incorrect, but many records are incorrect. Thanks to those legacy holders out there who have valid contact information in their records. > If it's out of date, how do you get a hold of someone to let > them know it's out of data? Through general outreach to the Internet community. Through mailing lists, conferences, notices in publications, and other methods of broadcasting information. Andrew From MOHLER at graceland.edu Tue Jul 10 12:53:49 2007 From: MOHLER at graceland.edu (Dave Mohler) Date: Tue, 10 Jul 2007 11:53:49 -0500 Subject: [ppml] Policy Proposal: Authentication of Legacy Resources In-Reply-To: <20070710163331.4046.qmail@hoster908.com> Message-ID: > -----Original Message----- > From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On Behalf Of > Andrew Dul > Sent: Tuesday, July 10, 2007 11:34 AM > To: Keith W. Hare; > Subject: Re: [ppml] Policy Proposal: Authentication of Legacy Resources > > > -------Original Message------- > > From: Keith W. Hare > > Subject: Re: [ppml] Policy Proposal: Authentication of Legacy Resources > > Sent: 10 Jul '07 07:01 > > > > > > > > > -----Original Message----- > > > From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On > > > Behalf Of Andrew Dul > > > Sent: Monday, July 09, 2007 5:05 PM > > > To: Edward Lewis; > > > Subject: Re: [ppml] Policy Proposal: Authentication of Legacy > > > Resources > > > > > ... > > > > > > I agree that creating barriers in general is not a good idea. > > > I would certainly like to see ARIN do an outreach > > > specifically to legacy holders. My attempt with this policy > > > was to create an incentive (loss of current in-addr service) > > > to encourage the establishing of a formal relationship and > > > the ongoing relationship that would help keep the records as > > > up-to-date. In addition I see additional incentives in > > > affirming an organizations right to use number resources > > > granted prior to the formation of ARIN. > > > > > I currently see two barriers to establishing a formal relationship with > > ARIN for our /24 legacy address allocation. > > > > 1. I don't see how to accomplish establishing a formal relationship -- > > the informaton on how to accomplish this is not easily available. > > > > 2. I am unlikely to sign an agreement that does not protect our use of > > our /24 address allocation. > > > > I hope that both of these barriers are lowered by this policy proposal. > > 1: The proposal specifically asks ARIN to do an outreach to legacy holders, > publish how to establish those formal relationships, and sets an 18 month > time frame to accomplish the outreach project. > 2: The proposal also specifically calls for a version of the RSA which > would protect the usage of assignments for legacy holders and basically > ignore utilization requirements on legacy assignments as long as an > organization does not request additional address space from ARIN. > > Andrew > [Dave Mohler] I'd like to see that the discussion of "request[ing] additional address space from ARIN" doesn't add a barrier to legacy users' movement toward IPv6. It is reasonable to consider that requests for additional IPv4 space might prompt a review of the utilization of the legacy IPv4 assignment. However, I would hope that a request for IPv6 space from a legacy holder would only cause review of that request the same as if the user had no previous IPv4 allocation. -- dave From rich at nic.umass.edu Tue Jul 10 13:10:04 2007 From: rich at nic.umass.edu (Rich Emmings) Date: Tue, 10 Jul 2007 13:10:04 -0400 (EDT) Subject: [ppml] Policy Proposal: Authentication of Legacy Resources In-Reply-To: <20070710164920.18218.qmail@hoster908.com> References: <20070710164920.18218.qmail@hoster908.com> Message-ID: On Tue, 10 Jul 2007, Andrew Dul wrote: > Is there something specific in the policy that you oppose or do you oppose the entire concept? The idea of a unilateral clubbing doesn't thrill me. The question of applying ARIN policies to people who have not signed an RSA. Neither effects me, but it doesn't strike me as fair, possibly not legal. > >> Much legacy space predates ARIN which makes for odd grandfathering issues. >> > > All legacy space predates ARIN. Legacy space is defined as space that was > assigned/allocated before ARIN. This policy is intended to try and clean > up those "odd grandfathering issues", by formalizing the relationships > between legacy space holders and ARIN. > I said much in the context of a legacy user who has a signed RSA vs those w/o one. But I'm fine with your definition. Before an org signs an RSA, they'll need to have a need. Why sign it otherwise? The non-ARIN party doesn't gain anything. Not to muddy the waters, with a side issue, but the data didn't come all that clean into ARIN's db, and I have had to do a lot of clean up to make all ("my") org's matched up with assets, and I still have a crosslinked (two org's, one asset) one from the original import. A large number of the records I needed to fix were not orphaned, but the whois records make it look so. Perhaps: Get folks to update their whois without needing the RSA, or the threat of getting clubbed. Once the DB is in better shape, futher correspondence becomes possible. However, this will be a lot of work. From kloch at kl.net Tue Jul 10 13:20:25 2007 From: kloch at kl.net (Kevin Loch) Date: Tue, 10 Jul 2007 13:20:25 -0400 Subject: [ppml] Policy Proposal: Authentication of Legacy Resources In-Reply-To: References: Message-ID: <4693BFD9.4070304@kl.net> Dean Anderson wrote: > Someone already said that ARIN is just the steward of records. I'd like > to add to that and point out that ARIN doesn't own the registrations > records any more than SRI or NSI owned the registration books before > ARIN existed. Even more specifically, ARIN is an agent of the IANA, > which is now a function of the US Department of Commerce. Legacy holders > already have a relationship with the DoC through earlier agents, and do > not require a new relationship with ARIN. So to clean up this mess we should lobby DoC to require annual renewals and new contracts just like they did with domain names? - Kevin From rich at nic.umass.edu Tue Jul 10 13:26:28 2007 From: rich at nic.umass.edu (Rich Emmings) Date: Tue, 10 Jul 2007 13:26:28 -0400 (EDT) Subject: [ppml] Policy Proposal: Authentication of Legacy Resources In-Reply-To: <3c3e3fca0707100958q4da01182k70ebd09897bcd6e1@mail.gmail.com> References: <20070706163335.831.qmail@hoster908.com> <3c3e3fca0707100958q4da01182k70ebd09897bcd6e1@mail.gmail.com> Message-ID: On Tue, 10 Jul 2007, William Herrin wrote: > If there is active RDNS then there are two more POCs: the operator of > the DNS server and registrant of the forward domains referenced. > > If there is an active route then there is another POC: the AS > announcing the route. Agreed about the DNS, but taking a bad example here: I know one record where the end user is getting their service from an upstream ISP, with split dns, one @ upstream ISP, and one local. The local DNS is not globally pingable which is wrong, but the way it is. The global DNS is an error, referencing a virtual mail domain, which no longer supports dns services so it isn't accurate either. The ARIN contact for the network record is a BITNET address. Record last updated over 10 year ago. No AS, no dual homing.) They have been encourged many times in the past to fix things. They were told the global DNS server they were using was going away. They've been told their contact data is ancient and wrong. This is a large live network. Revoking their registration (so it could be reassigned) it would cause much problems. I could provide the correct info to ARIN, except I'm not POC. I supposed if they want to create a template, 3rd party reporting, I could report it, they could call the number, etc, and could verify it, and then update their data at their end, if they wanted to. > If neither of these things exist then there is a very limited amount of > damage we can do by revoking the registration. Even then, we can borrow a > lesson from property law and set up an escheat process. Treat these as property, and I think you open a large can of worms. From jmorrison at bogomips.com Tue Jul 10 13:27:51 2007 From: jmorrison at bogomips.com (John Paul Morrison) Date: Tue, 10 Jul 2007 10:27:51 -0700 Subject: [ppml] Policy Proposal: Authentication of Legacy Resources In-Reply-To: <65EEB431-2BBC-4284-AD33-940AEA3B6F4A@virtualized.org> References: <46927370.9040609@bogomips.com> <65EEB431-2BBC-4284-AD33-940AEA3B6F4A@virtualized.org> Message-ID: <4693C197.3090308@bogomips.com> I'm talking about the public Internet - if your printer is still happily running IPv4 within a private network that doesn't count. Assuming IPv6 takes off on the public Internet, it will displace IPv4 just because of the administrative overhead. Who's going to want to maintain two routing protocols in a large network for very long? Verify twice as many firewall rules? Patch and maintain two sets of drivers? If IPX, Appletalk and NetBEUI can disappear from the desktop, so can IPv4. So assuming IPv6 replaces IPv4, it's pointless to chase down the legacy users since it will all become legacy. If it doesn't, then there's a different set of issues, but others on the list have already made very good points against this proposal. David Conrad wrote: > On Jul 9, 2007, at 10:42 AM, John Paul Morrison wrote: >> IPv4 is going to go away anyway, > > Why do you think this? > > Rgds, > -drc From arin-contact at dirtside.com Tue Jul 10 14:03:15 2007 From: arin-contact at dirtside.com (William Herrin) Date: Tue, 10 Jul 2007 14:03:15 -0400 Subject: [ppml] Policy Proposal: Authentication of Legacy Resources In-Reply-To: References: <20070706163335.831.qmail@hoster908.com> <3c3e3fca0707100958q4da01182k70ebd09897bcd6e1@mail.gmail.com> Message-ID: <3c3e3fca0707101103w5b76e8cbw8f79e8e8e23e27c3@mail.gmail.com> On 7/10/07, Rich Emmings wrote: > On Tue, 10 Jul 2007, William Herrin wrote: > > borrow a > > lesson from property law and set up an escheat process. > > Treat these as property, and I think you open a large can of worms. I think we can probably borrow ideas anywhere we find good ones. Escheat, for example, allows a local government to take back ownership of a private property when its owner can no longer be identified or contacted. It generally involves placing notices about the property's pending ownership change on the property itself and in various newspapers and then waiting a reasonable amount of time for anyone to step forward and offer information that leads to the owner. Except for the "property," "owner," and "government" parts, that's pretty much exactly what we want here. > I know one record where the end user is getting their service from an > upstream ISP, with split dns, one @ upstream ISP, and one local. The local > DNS is not globally pingable which is wrong, but the way it is. The global > DNS is an error, referencing a virtual mail domain, which no longer supports > dns services so it isn't accurate either. The ARIN contact for the network > record is a BITNET address. Record last updated over 10 year ago. No > AS, no dual homing.) If they're using the addresses on the global Internet then someone is announcing the routes. That someone can be contacted and can either provide informatinon to ARIN or (if he's a stickler for privacy) pass a message from ARIN to the registrant to the effect of "contact us to avoid losing your addresses." If the addresses are used on a private lan then you do the escheat-like process. At that point, good samaritans can certainly step up and say, "Hey, here's the guy you want to talk to and his phone number is." And if after all of that your example folks don't find their addresses important enough to contact ARIN then their actions have expressed pretty clearly the level of importance they attach to keeping the addresses. Regards, Bill -- William D. Herrin herrin at dirtside.com bill at herrin.us 3005 Crane Dr. Web: Falls Church, VA 22042-3004 From cliffb at cjbsys.bdb.com Tue Jul 10 14:01:16 2007 From: cliffb at cjbsys.bdb.com (Cliff Bedore) Date: Tue, 10 Jul 2007 14:01:16 -0400 Subject: [ppml] Policy Proposal: Authentication of Legacy Resources Message-ID: <4693C96C.8010304@cjbsys.bdb.com> There has been a lot of talk about taking some action to "induce" legacy holders to sign up with ARIN. Without getting into specifics of who is to blame, I'd point to the US problems in Iraq as an example of how wrong things can go when someone takes an action to "help" someone else. The law of unintended consequences would certainly apply here and I would think ARIN would want to tread very lightly before they change the status quo for legacy holders other than by an appropriate carrot (if then). Cliff From owen at delong.com Tue Jul 10 14:26:18 2007 From: owen at delong.com (Owen DeLong) Date: Tue, 10 Jul 2007 11:26:18 -0700 Subject: [ppml] Policy Proposal: Authentication of Legacy Resources In-Reply-To: References: <20070709210434.21326.qmail@hoster908.com> Message-ID: <33728F81-8A57-48E5-8361-CB2564E9E9FA@delong.com> > >> By setting a sunset time line for Legacy reverse DNS records we >> hopefully can >> accomplish two goals. 1. Formalize the relationship between the >> ARIN and >> active legacy address holders. 2. Start the process of marking >> address space >> that is no-longer in active use. The goal here is not >> reclamation but >> rather updating the database with accurate information from Legacy >> holders >> and continuing that relationship long-term. > > I have strong objection to #2. In as much as "ARIN does not dictate > routing policy" how does one detect that a number resource is > "no-longer in active use?" The purpose of ARIN is uniqueness, not > routability. After first coming to my personal conclusion that there > is no reliable way to decide whether a number resource is in use > (e.g., it could be used in a network between two apartments in NYC > air-gapped from the rest of the world). > What about a tri-state variable: In-Use -- Confirmed valid contact information within the last year Contact verifies that addresses are still in active use. Abandoned -- Unable to reach contact. Good faith efforts to contact organization and contacts have failed. in-addr delegation is lame/broken, not visible in routing table. Unknown -- Similar to Abandoned, but, efforts to reach the org. and/or its contacts have not been completed yet. Owen From owen at delong.com Tue Jul 10 14:31:53 2007 From: owen at delong.com (Owen DeLong) Date: Tue, 10 Jul 2007 11:31:53 -0700 Subject: [ppml] Policy Proposal: Authentication of Legacy Resources In-Reply-To: References: <20070706163335.831.qmail@hoster908.com> Message-ID: <9FA99155-01A9-4C77-BABE-E4D50A474635@delong.com> On Jul 10, 2007, at 8:02 AM, Rich Emmings wrote: > Opposed as written. > > Much legacy space predates ARIN which makes for odd grandfathering > issues. > Yep. > I'd want to at least hear from ARIN vis a via the workload on this. > Then you should have been at the PR meeting or at least read Leslie's presentation. > Finally, the contact data may be 15 years old, but that doesn't > relate to > it's veracity. If it's out of date, how do you get a hold of > someone to let > them know it's out of data? Breaking their Internet isn't a nice > thing to > do. Who gets sued when it happens? That's the problem. However, if we start with the blocks that meet all of the following criteria: 1. Not routed on public internet 2. in-addrs are lame 3. Contacts are unreachable 4. Organization cannot be reached I think that would be the low hanging fruit. Turning off lame in- addrs isn't actually going to break anything. Making the block visible to ISPs as in a questionable status means that when someone asks a responsible ISP to route the block, the ISP will be able to encourage them to contact ARIN and update their data. From there, we could start looking at: 1. Routed on public internet -- Ought to be able to track down organization via the ISP if the usage of the addresses is legitimate. If not, then, I'm not so worried about breaking their service. 2. Reachable in-addrs -- If the in-addrs appear to work or at least have a legitimate delegation, presumably the operator(s) of the nameserver(s) should be able to put ARIN in touch with the organization in question. 3. Reachable contacts -- This seems like a no-brainer 4. Reachable organization -- This also seems like a no-brainer. > _______________________________________________ > This message sent to you through the ARIN Public Policy Mailing List > (PPML at arin.net). > Manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml From Ed.Lewis at neustar.biz Tue Jul 10 14:48:31 2007 From: Ed.Lewis at neustar.biz (Edward Lewis) Date: Tue, 10 Jul 2007 14:48:31 -0400 Subject: [ppml] Policy Proposal: Authentication of Legacy Resources In-Reply-To: <33728F81-8A57-48E5-8361-CB2564E9E9FA@delong.com> References: <20070709210434.21326.qmail@hoster908.com> <33728F81-8A57-48E5-8361-CB2564E9E9FA@delong.com> Message-ID: At 11:26 -0700 7/10/07, Owen DeLong wrote: Regarding categorizing the status of a number resource: >What about a tri-state variable: > >In-Use -- Confirmed valid contact information within the last year > Contact verifies that addresses are still in active use. >Abandoned -- Unable to reach contact. Good faith efforts to contact > organization and contacts have failed. in-addr delegation > is lame/broken, not visible in routing table. >Unknown -- Similar to Abandoned, but, efforts to reach the org. and/or > its contacts have not been completed yet. Realistically, the latter two are the same. There may be a many month process for contacting anyone related to a number resource, that is true, but unless there is a (fairly) concretely defined process, it's hard to distinguish between "can't reach them" and "haven't reached them yet." It's like that Turing machine thing from school. A few months ago I threw onto the list a question of whether we should have whois report the RSA status of a resource and received no words of support. (Reminded me of a commercial with the punch line "It hurts when they boo.") I would think that if we knew if the resource was legacy or not and when the record was last updated we would have some (what?) information. Perhaps we would want a last verified date or some way for a 3rd party to report misinformation (I saw someone else propose this on PPML today). I say this because, well, I don't know what we get with that tri-state variable. I would like to throw this question on the list...what's the purpose of trying to do, umm, this? If it is just to verify the registration information, let's do a policy like 2005-1 and 2002-1 for WhoIs. (Not a novel concept, ICANN wants accuracy in WhoIs for domain names.) If it is to identify abandoned number resources that can be brought back in from legacy status so they can be be issued again, is the expectation that there is enough space that will be made available to make it worth it? Do we want to reclaim only class A's (as opposed to /8's, if you get my meaning), class B's or anything larger than a /20 (say)? Are legacy class C's worth the effort? Sorry if I keep returning to the reclaimation issue - I realize Andrew's message said it was a non-goal, but, well, maybe I'm reading more into the "not visible in the routing table" and "effort to reach the org"anization as prelude to wanting unused space back in the fold. Correct me if I am missing the point. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis +1-571-434-5468 NeuStar Think glocally. Act confused. From jeroen at unfix.org Tue Jul 10 14:51:07 2007 From: jeroen at unfix.org (Jeroen Massar) Date: Tue, 10 Jul 2007 19:51:07 +0100 Subject: [ppml] Routing Registries / RPKI (Was: Policy Proposal: Authentication of Legacy Resources) In-Reply-To: <9FA99155-01A9-4C77-BABE-E4D50A474635@delong.com> References: <20070706163335.831.qmail@hoster908.com> <9FA99155-01A9-4C77-BABE-E4D50A474635@delong.com> Message-ID: <4693D51B.3040703@spaghetti.zurich.ibm.com> Owen DeLong wrote: > [..] Making the block visible to ISPs as in > a questionable status means that when someone asks a responsible ISP > to route the block, the ISP will be able to encourage them to contact > ARIN and update their data. Agreeing with Owens post, but having to comment on this portion which is a bit on a different subject, thus here goes. It seems that for these and quite a number of other purposes that the RIR communities and thus effectively ISP's are trying to avoid having superfluous routes in the routing tables. Currently this is being partially enforced by allocation policies: difference between PI and PA, minimum PI block sizes, and the current proposals for ULA space. The thing what would actually address all these concerns is a PKI which authenticates the routing information, at least when the certificate contains a "no-sub-prefixes" flag or similar. There are and have been efforts underway for this, I think that the communities should be trying to help those efforts out and support them where possible. At the point in time that RIR's will introduce these mechanisms and they become widely deployed (would only need a couple of global transit providers to do so) all these issues of "who owns which address space" are out of the picture. Of course, currently something in the 'authenticating routes' area can already be done: Routing Registries. These are quite well used, from what I see, already in the RIPE region. Maybe a small push in that area for wider acceptance might be a good thing and help already take care of these things. This also has the same 'you don't have a route[6] object in the rr, please fix it up' kind of case as the above proposal where the whois information would be either made unavailable or otherwise clearly noted that the information is incorrect. Greets, Jeroen -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 311 bytes Desc: OpenPGP digital signature URL: From leroy at emailsorting.com Tue Jul 10 14:55:06 2007 From: leroy at emailsorting.com (Leroy Ladyzhensky) Date: Tue, 10 Jul 2007 14:55:06 -0400 Subject: [ppml] Policy Proposal: Authentication of Legacy Resources References: <20070709210434.21326.qmail@hoster908.com> <33728F81-8A57-48E5-8361-CB2564E9E9FA@delong.com> Message-ID: <063c01c7c323$d501b8c0$c80a0a0a@integrated.net> All this talk about legacy holders is really interesting... comments range from actions the would end up bringing legeal nightmares of insane magnitude, to.. "just let IPv6 take care of all this". But has anyone yet come up with a number of how many IP addresses legacy holders actually hold? whats the total number of /24's? This has been asked before but I never saw any information or anynumbers... also, most that have commented on this list that are legacy holders seem to have only a /24 or something just a bit larger.. I guess my stand on this... is all this even going to be worth the effort. Leroy L. From owen at delong.com Tue Jul 10 15:39:29 2007 From: owen at delong.com (Owen DeLong) Date: Tue, 10 Jul 2007 12:39:29 -0700 Subject: [ppml] Policy Proposal: Authentication of Legacy Resources In-Reply-To: References: <20070706163335.831.qmail@hoster908.com> Message-ID: On Jul 10, 2007, at 8:23 AM, wrote: > >> Finally, the contact data may be 15 years old, but that >> doesn't relate to it's veracity. If it's out of date, how do >> you get a hold of someone to let them know it's out of data? >> Breaking their Internet isn't a nice thing to do. Who gets >> sued when it happens? > > I wonder what the courts would think if a plaintiff admitted that they > had not contacted their provider of critical infrastructure for the > past > 15 years? Might the courts consider that the plaintiff had been > negligent and therefore, the author of their own misfortune? > You are assuming facts not in evidence. For most legacy holders, as far as they are concerned, ARIN is not their provider of anything. I suppose if they consider their in-addrs critical, you could make an argument, but, for the most part, they probably don't. Beyond that, as far as they are concerned, ARIN doesn't provide or have anything to do with their addresses. They got them from some other entity. As an example, I received a General Radiotelephone License for aircraft from the FCC. This license doesn't expire and I only really need it if I fly a US aircraft in certain foreign airspace. You could argue that it is a form of critical infrastructure in that it is a legal requirement under certain circumstances. However, there's no need for me to contact the FCC again about it unless I change my address or other pertinent detail. The license would still be valid even if it had been 20 years without contacting the FCC. Similarly, my pilots license does not require any regular contact with the FAA. Sure, I need to stay current, and, that requires a visit to a flight instructor every other year and that I at least log some other stuff as well as a visit to a flight surgeon every two (or three, depending on age), but, short of a change of address, there's no need to contact the FAA. As such, I think legacy holders that haven't contacted ARIN if their data hasn't changed are in a fairly strong position. > Lawsuits are like a shotgun with a barrel which shoots out both ends, > and after you pull the trigger, someone else decides whether you blast > yourself in the face, or whether your opponent gets shot. > True. Usually they seem to seek a solution where each side ends up with some buckshot implanted. > Also, courts do not like to award a case to plaintiffs who have not > taken some steps to mitigate the damage which they claim to have > suffered. ARIN's duty is to ensure that potential plaintiffs have > ample > opportunity to come on board with the rest of the IPv4-using community > so that if someone does point a lawsuit shotgun at ARIN, the blast > will > go back on themselves. > To some extent this is true. However, whether the courts would rule against ARIN or not, I believe ARIN has some obligation to continue the status quo even for legacy holders that continue to choose not to join the ARIN process. > Note that ARIN could still break someone's Internet by shutting off > in-addr.arpa and still come off scot free in the courts. It is not the > act of shutting off the free service that determines liability. It is > the whole process surrounding it. True. > The open discussion on this list is > one of the things that strengthens ARIN's ability to shut off free > in-addr.arpa services if a legacy holder does not come on board > with the > rest of the community. That I'm not so sure of. Owen From JOHN at egh.com Tue Jul 10 17:04:57 2007 From: JOHN at egh.com (John Santos) Date: Tue, 10 Jul 2007 17:04:57 -0400 Subject: [ppml] Policy Proposal: Authentication of Legacy Resources In-Reply-To: Message-ID: <1070710165909.10161B-100000@Ives.egh.com> On Tue, 10 Jul 2007, Dave Mohler wrote: > > > > -----Original Message----- > > From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On Behalf > Of > > Andrew Dul > > Sent: Tuesday, July 10, 2007 11:34 AM > > To: Keith W. Hare; > > Subject: Re: [ppml] Policy Proposal: Authentication of Legacy > Resources > > > > > -------Original Message------- > > > From: Keith W. Hare > > > Subject: Re: [ppml] Policy Proposal: Authentication of Legacy > Resources > > > Sent: 10 Jul '07 07:01 > > > > > > > > > > > > > -----Original Message----- > > > > From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On > > > > Behalf Of Andrew Dul > > > > Sent: Monday, July 09, 2007 5:05 PM > > > > To: Edward Lewis; > > > > Subject: Re: [ppml] Policy Proposal: Authentication of Legacy > > > > Resources > > > > > > > ... > > > > > > > > I agree that creating barriers in general is not a good idea. > > > > I would certainly like to see ARIN do an outreach > > > > specifically to legacy holders. My attempt with this policy > > > > was to create an incentive (loss of current in-addr service) > > > > to encourage the establishing of a formal relationship and > > > > the ongoing relationship that would help keep the records as > > > > up-to-date. In addition I see additional incentives in > > > > affirming an organizations right to use number resources > > > > granted prior to the formation of ARIN. > > > > > > > I currently see two barriers to establishing a formal relationship > with > > > ARIN for our /24 legacy address allocation. > > > > > > 1. I don't see how to accomplish establishing a formal > relationship -- > > > the informaton on how to accomplish this is not easily available. > > > > > > 2. I am unlikely to sign an agreement that does not protect our > use of > > > our /24 address allocation. > > > > > > > I hope that both of these barriers are lowered by this policy > proposal. > > > > 1: The proposal specifically asks ARIN to do an outreach to legacy > holders, > > publish how to establish those formal relationships, and sets an 18 > month > > time frame to accomplish the outreach project. > > 2: The proposal also specifically calls for a version of the RSA which > > would protect the usage of assignments for legacy holders and > basically > > ignore utilization requirements on legacy assignments as long as an > > organization does not request additional address space from ARIN. > > > > Andrew > > > [Dave Mohler] I'd like to see that the discussion of "request[ing] > additional address space from ARIN" doesn't add a barrier to legacy > users' movement toward IPv6. It is reasonable to consider that requests > for additional IPv4 space might prompt a review of the utilization of > the legacy IPv4 assignment. However, I would hope that a request for > IPv6 space from a legacy holder would only cause review of that request > the same as if the user had no previous IPv4 allocation. > > -- dave Dave - I have a partially composed response that basically says the same thing, in about 20 times as many words... Anyway, I agree... I think point 2 should say "as long as the organization does not request additional *v4* address space from ARIN." How to handle IPv6 requests from legacy users is a different issue from how to handle v4 requests from the same users. -- John Santos Evans Griffiths & Hart, Inc. 781-861-0670 ext 539 From marla.azinger at frontiercorp.com Tue Jul 10 17:17:13 2007 From: marla.azinger at frontiercorp.com (Azinger, Marla) Date: Tue, 10 Jul 2007 17:17:13 -0400 Subject: [ppml] Why ULA-* will not harm the DFZ Message-ID: <454810F09B5AA04E9D78D13A5C39028A0272F96B@nyrofcs2ke2k01.corp.pvt> Thank you Joe. That is where my thoughts went with all of it and its nice to see it written out line by line. There is just one point that needs to be considered as well, and that is what next? While I believe ULA-Central should be used for private VPNs or internal infrastructure, I also ask everyone to consider the following: 1. Either designate space FC00::/8 as ULA-central and finish the documentation and processes needed (which their is a draft in front of IETF right now). 2. Or release space FC00::/8 for another type of use (becuase sitting on the shelf is wasteful) 3. Or maybe double the size of statistically unique ULA. Ok. Those are my thoughts. Fire at will. Marla Azinger Frontier Communications -----Original Message----- From: Joe Abley [mailto:jabley at ca.afilias.info] Sent: Monday, July 09, 2007 7:25 PM To: IPv6 WG Subject: Why ULA-* will not harm the DFZ The risk to the DFZ of leaking ULA-* {routes, packets, whatever} keeps coming up on this list. I thought I'd try to address just that problem in isolation, just to see whether I'm hearing things right. Please attack the following. 1. With PI address space there is an expectation of global utility (or, reachability across the DFZ, or however you want to describe "useful on the Internet"). I said expectation, not guarantee. 2. With ULA-* address space there would be no expectation of global utility. In fact, there would be an expectation that the addresses are for local use only (for some definition of "local"). 3. There is doubt that any ULA-* address space would be kept properly local in all cases. In fact, there is an expectation that {routes, packets, something} would leak. 4. If some leaks are tolerated, then maybe, eventually, all leaks will be tolerated. Let's assume that will happen, just to see where it takes us. 5. If everybody has non-PA addresses (be they PI or ULA-*) and they are all leaked to the Internet, then the DFZ will suffer state explosion. 6. If operators can distinguish between should-be-local addresses (ULA-*) and allowed-to-be-global addresses (PI) in ASICs then operators can filter in order to head off the cataclysm looming in (5). 7. Since people were told up-front that their ULA-* addresses were no good for use on the Internet, step (6) shouldn't cause anybody to lock and load their lawyers. (6) and (7) above ring true for ULA-* but not for PI-for-all. So, ULA- * would not harm the DFZ in the way that PI-for-all might harm the DFZ. Joe -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6 at ietf.org Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 -------------------------------------------------------------------- From michael.dillon at bt.com Tue Jul 10 17:45:02 2007 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Tue, 10 Jul 2007 22:45:02 +0100 Subject: [ppml] Why ULA-* will not harm the DFZ In-Reply-To: <454810F09B5AA04E9D78D13A5C39028A0272F96B@nyrofcs2ke2k01.corp.pvt> References: <454810F09B5AA04E9D78D13A5C39028A0272F96B@nyrofcs2ke2k01.corp.pvt> Message-ID: > 1. Either designate space FC00::/8 as ULA-central and finish > the documentation and processes needed (which their is a > draft in front of IETF right now). > 2. Or release space FC00::/8 for another type of use (becuase > sitting on the shelf is wasteful) 3. Or maybe double the size > of statistically unique ULA. > > Ok. Those are my thoughts. Fire at will. Either participate in the IETF WG or step aside and let others do that. But please don't cross-post between the PPML and an IETF WG. The discussion belongs in one place or the other, not both. Given that the IETF is working through 2 or 3 variations of ULA-centrally-registered at the moment, it does not seem worth our while to discuss this on PPML. --Michael Dillon From stephen at sprunk.org Tue Jul 10 17:25:07 2007 From: stephen at sprunk.org (Stephen Sprunk) Date: Tue, 10 Jul 2007 16:25:07 -0500 Subject: [ppml] Policy Proposal: Authentication of Legacy Resources References: <20070706163335.831.qmail@hoster908.com> Message-ID: <029401c7c33c$60e8ebc0$4db8b60a@atlanta.polycom.com> Thus spake "Rich Emmings" > I think it's called extortion, when you have no agreement with > an organization, and they say "Give us money or else" or > "Sign this or else" Extortion? Sounds more like government. > If can sign an RSA, but don't have to, legacy user, it is a voluntary > document, and legacy assets can't be held do it. OTOH, ARIN has no legal obligation to provide any services to or on behalf of someone who doesn't sign that voluntary agreement. ARIN could drop WHOIS and DNS for legacy blocks with zero risk; the risk only comes if/when ARIN tried reassigning those blocks to other folks. > I have no disagreement with writing a letter asking a non-RSA > legacy holder if they are using the asset. At worse case, the > realize they have an asset, and keep it, and we're no worse > off then we are now. Why do we have to go to the woodshed > and get out the largest stick? Let's not threaten everyone as a > first step. I agree; we need to do some outreach to legacy holders, with whatever carrots we can come up with, before we worry about what sticks we may or may not have/need. S Stephen Sprunk "Those people who think they know everything CCIE #3723 are a great annoyance to those of us who do." K5SSS --Isaac Asimov From stephen at sprunk.org Tue Jul 10 17:44:56 2007 From: stephen at sprunk.org (Stephen Sprunk) Date: Tue, 10 Jul 2007 16:44:56 -0500 Subject: [ppml] Policy Proposal: Authentication of Legacy Resources References: <20070709210434.21326.qmail@hoster908.com> Message-ID: <029601c7c33c$628efaa0$4db8b60a@atlanta.polycom.com> Thus spake "Edward Lewis" > I have strong objection to #2. In as much as "ARIN does not > dictate routing policy" how does one detect that a number > resource is "no-longer in active use?" The purpose of ARIN > is uniqueness, not routability. ARIN's purpose is responsible stewardship, which doesn't stop at uniqueness; it includes determining use and justification for resources. Current policy explicitly states that private use of ARIN-issued resources does not preclude them being justified. > After first coming to my personal conclusion that there is no > reliable way to decide whether a number resource is in use > (e.g., it could be used in a network between two apartments > in NYC air-gapped from the rest of the world). A first step could be to (a) check to see if the prefix shows up in the DFZ, and/or (b) ask the holder. Either should be sufficient as a first pass to claim a resource is "in use". We can always go back and improve that later if needed, but I think ARIN staff would have their hands busy for quite a while just getting that first step done. I'd prefer to hold off deciding what to do after that point until we have an idea of what the results are going to look like. >>- Create a relationship with legacy holders, including a yearly >> "touch-point" to help insure that records are up-to-date > > This sounds credible, but touch-point sounds like money > changing hands. Then again, I'm sounding cynical based on > troll-induced threads that the RIRs are only after money and > power. There's no requirement that any money change hands. It appears most legacy holders would be willing to pay reasonable fees (currently $100/yr regardless of assignment size), but if they aren't that shouldn't prevent them from keeping their contact and DNS information up to date. > Whether what I had suggested is appropriate or not for ARIN, > this is a model used in other industries in which operational > data sharing benefits a segment. The attitude is that > consumers of the data band together and try to learn all they > can about the "universe." Data in is free, data out costs. > > But that model is not going to be easy to retrofit into the public > Internet. So, perhaps I'm just wasting bits. That model doesn't seem applicable to someone trying to provide a public service, where data out must be free. The problem is that some people think the only option is to charge for data in. It's possible to charge for neither, if we feel other activities should subsidize WHOIS and DNS -- and I'd thought until recently there'd never be any disagreement on that point. S Stephen Sprunk "Those people who think they know everything CCIE #3723 are a great annoyance to those of us who do." K5SSS --Isaac Asimov From stephen at sprunk.org Tue Jul 10 17:31:29 2007 From: stephen at sprunk.org (Stephen Sprunk) Date: Tue, 10 Jul 2007 16:31:29 -0500 Subject: [ppml] IPv4 "Up For Grabs" proposal References: Message-ID: <029501c7c33c$61de9660$4db8b60a@atlanta.polycom.com> Thus spake "Ted Mittelstaedt" >> "Tracks" is also not quite accurate; ARIN is dependent on the >> registrants keeping their data up to date. Half of them haven't >> bothered to do so in the last decade, and ARIN isn't out there >> hunting them down. The amount of money spent on legacy >> folks is minimal, since the systems need to be built and >> maintained for non-legacy folks anyways. It's a negligible >> incremental cost. > > True, but the cost to run the system is spread out over only the > non-legacy folks. If the cost was spread out over all holders, > legacy or not, then it would be cheaper for non-legacy holders. > Assuming your a non-legacy holder, are you objecting to a > fee reduction for your numbering? Since I am not a voting member, my positions on fees are irrelevant. However, even if every legacy holder not currently paying fees started to do so, the incremental revenue to ARIN (under the current fee schedule, assuming the blocks were all "assignments") would be in the ballpark of $1M/yr. IIRC, ARIN's already running a surplus of roughly that amount, so increasing revenues doesn't seem to be a priority. As a non-profit, ARIN needs to be reducing revenues and/or increasing services provided. S Stephen Sprunk "Those people who think they know everything CCIE #3723 are a great annoyance to those of us who do." K5SSS --Isaac Asimov From marla.azinger at frontiercorp.com Tue Jul 10 17:59:34 2007 From: marla.azinger at frontiercorp.com (Azinger, Marla) Date: Tue, 10 Jul 2007 17:59:34 -0400 Subject: [ppml] Why ULA-* will not harm the DFZ Message-ID: <454810F09B5AA04E9D78D13A5C39028A0272F96C@nyrofcs2ke2k01.corp.pvt> Michael- I am sorry if you find this bothersome. However, I purposely did this for the following reasons. 1. What Joe wrote was informative to many interested parties of the ARIN community who have been actively participating in this discussion on ARIN ppml. 2. This was posted to ARIN ppml due to the nature of the subject. It is of interest and will possibly effect ARIN policy. And thank you. I do participate in the IETF WG and I will be at the next IETF. Cheers! Marla Azinger -----Original Message----- From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net]On Behalf Of michael.dillon at bt.com Sent: Tuesday, July 10, 2007 2:45 PM To: ppml at arin.net Subject: Re: [ppml] Why ULA-* will not harm the DFZ > 1. Either designate space FC00::/8 as ULA-central and finish > the documentation and processes needed (which their is a > draft in front of IETF right now). > 2. Or release space FC00::/8 for another type of use (becuase > sitting on the shelf is wasteful) 3. Or maybe double the size > of statistically unique ULA. > > Ok. Those are my thoughts. Fire at will. Either participate in the IETF WG or step aside and let others do that. But please don't cross-post between the PPML and an IETF WG. The discussion belongs in one place or the other, not both. Given that the IETF is working through 2 or 3 variations of ULA-centrally-registered at the moment, it does not seem worth our while to discuss this on PPML. --Michael Dillon _______________________________________________ This message sent to you through the ARIN Public Policy Mailing List (PPML at arin.net). Manage your mailing list subscription at: http://lists.arin.net/mailman/listinfo/ppml From randy at psg.com Tue Jul 10 18:16:22 2007 From: randy at psg.com (Randy Bush) Date: Wed, 11 Jul 2007 06:16:22 +0800 Subject: [ppml] Why ULA-* will not harm the DFZ In-Reply-To: <454810F09B5AA04E9D78D13A5C39028A0272F96C@nyrofcs2ke2k01.corp.pvt> References: <454810F09B5AA04E9D78D13A5C39028A0272F96C@nyrofcs2ke2k01.corp.pvt> Message-ID: <46940536.8080600@psg.com> > Either participate in the IETF WG or step aside and let others do that. > But please don't cross-post between the PPML and an IETF WG. The > discussion belongs in one place or the other, not both. > > Given that the IETF is working through 2 or 3 variations of > ULA-centrally-registered at the moment, it does not seem worth our while > to discuss this on PPML. this is a crock. ULA is policy, not technology, and the ivtf is supposed to stay the bleep out of policy and operations. it's the ivory tower "this is the way the net should run" stuff again. randy From michael.dillon at bt.com Tue Jul 10 18:30:54 2007 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Tue, 10 Jul 2007 23:30:54 +0100 Subject: [ppml] Why ULA-* will not harm the DFZ In-Reply-To: <46940536.8080600@psg.com> References: <454810F09B5AA04E9D78D13A5C39028A0272F96C@nyrofcs2ke2k01.corp.pvt> <46940536.8080600@psg.com> Message-ID: > > Either participate in the IETF WG or step aside and let > others do that. > > But please don't cross-post between the PPML and an IETF WG. The > > discussion belongs in one place or the other, not both. > > > > Given that the IETF is working through 2 or 3 variations of > > ULA-centrally-registered at the moment, it does not seem worth our > > while to discuss this on PPML. > > this is a crock. ULA is policy, not technology, and the ivtf > is supposed to stay the bleep out of policy and operations. > it's the ivory tower "this is the way the net should run" stuff again. As I said, the IETF is *WORKING THROUGH* 2 or 3 variations. They may end up dropping the whole thing. Or the final draft that comes out might be quite different from what was first proposed by a certain vocal person on this list. The point is, that ULA-C doesn't exist until IANA allocates the address range and that doesn't happen until the IETF publishes an RFC. The IETF defines technology, it does not mandate that anyone use the technology. There are lots of ghost towns in the RFC collection. --Michael Dillon From steven.feldman at cnet.com Tue Jul 10 19:31:03 2007 From: steven.feldman at cnet.com (Steve Feldman) Date: Tue, 10 Jul 2007 16:31:03 -0700 Subject: [ppml] Why ULA-* will not harm the DFZ In-Reply-To: References: <454810F09B5AA04E9D78D13A5C39028A0272F96C@nyrofcs2ke2k01.corp.pvt> <46940536.8080600@psg.com> Message-ID: Randy said: >> ... ULA is policy, not technology, ... And Michael responded: > ... The point is, that ULA-C doesn't exist until IANA > allocates the address range and that doesn't happen until the IETF > publishes an RFC. > ... But is that really true? ARIN somehow got an allocation to use for 2005-1 PI space, after all. In any case, as an operator interested in the policy, and who has 2005-1 PI space and might choose to take advantage of ULA-C space if it's offered, I thank Marla for bringing the discussion here. Steve From jcurran at istaff.org Tue Jul 10 20:00:30 2007 From: jcurran at istaff.org (John Curran) Date: Tue, 10 Jul 2007 20:00:30 -0400 Subject: [ppml] IPv4 "Up For Grabs" proposal In-Reply-To: <029501c7c33c$61de9660$4db8b60a@atlanta.polycom.com> References: <029501c7c33c$61de9660$4db8b60a@atlanta.polycom.com> Message-ID: At 4:31 PM -0500 7/10/07, Stephen Sprunk wrote: > IIRC, ARIN's already running a surplus of roughly that amount, so >increasing revenues doesn't seem to be a priority. As a non-profit, ARIN >needs to be reducing revenues and/or increasing services provided. Stephen - Full agreement there... we've lowered fees 4 (or 5?) times over the history of ARIN while increasing services, and will need to continue working in both directions. Of course, we also need have sufficient reserves to manage through any unforeseen changes in coming years. /John From william at elan.net Tue Jul 10 21:03:49 2007 From: william at elan.net (william(at)elan.net) Date: Tue, 10 Jul 2007 18:03:49 -0700 (PDT) Subject: [ppml] Policy Proposal: Authentication of Legacy Resources In-Reply-To: <063c01c7c323$d501b8c0$c80a0a0a@integrated.net> References: <20070709210434.21326.qmail@hoster908.com> <33728F81-8A57-48E5-8361-CB2564E9E9FA@delong.com> <063c01c7c323$d501b8c0$c80a0a0a@integrated.net> Message-ID: On Tue, 10 Jul 2007, Leroy Ladyzhensky wrote: > All this talk about legacy holders is really interesting... > > comments range from actions the would end up bringing legeal nightmares of > insane magnitude, to.. "just let IPv6 take care of all this". > > But has anyone yet come up with a number of how many IP addresses legacy > holders actually hold? whats the total number of /24's? > This has been asked before but I never saw any information or anynumbers... This is a bit old but may have data you're looking for: http://www.completewhois.com/statistics/rir_ratios.htm > also, most that have commented on this list that are legacy holders > seem to have only a /24 or something just a bit larger.. Larger number that have this, but they represent smaller proportion if you could based on amount of ip space. > I guess my stand on this... is all this even going to be worth the effort. Not for /24 holders and similar holders. It might be if you count on organizations that got /16s (class-b) from Internic yearly on. > Leroy L. > > _______________________________________________ > This message sent to you through the ARIN Public Policy Mailing List > (PPML at arin.net). > Manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml From mysidia at gmail.com Tue Jul 10 20:06:21 2007 From: mysidia at gmail.com (James Hess) Date: Tue, 10 Jul 2007 19:06:21 -0500 Subject: [ppml] IPv4 "Up For Grabs" proposal In-Reply-To: <029501c7c33c$61de9660$4db8b60a@atlanta.polycom.com> References: <029501c7c33c$61de9660$4db8b60a@atlanta.polycom.com> Message-ID: <6eb799ab0707101706y1acc709dl2aa1a3a47f07f287@mail.gmail.com> > $1M/yr. IIRC, ARIN's already running a surplus of roughly that amount, so > increasing revenues doesn't seem to be a priority. As a non-profit, ARIN > needs to be reducing revenues and/or increasing services provided. As ARIN is a non-profit, then ultimately, making every organization serviced by ARIN be treated equally and pay the same amount shouldn't ultimately increase revenue. And so long as fees are charged, a surplus is a good thing, as it means in case of an unforseen expense (or seldom major infrastructure upgrade costs in future years), so fees don't have to be raised drastically for that year. I would expect any surplus would be saved and used to make ARIN eventually able to be self-sustaining, to cover large one-time costs in later years or to reduce and eventually eliminate the need for fees in future years. -- -J From sleibrand at internap.com Tue Jul 10 20:09:44 2007 From: sleibrand at internap.com (Scott Leibrand) Date: Tue, 10 Jul 2007 17:09:44 -0700 Subject: [ppml] Policy Proposal: Authentication of Legacy Resources In-Reply-To: References: <20070706163335.831.qmail@hoster908.com> Message-ID: <46941FC8.2050607@internap.com> Edward Lewis wrote: > At 8:33 -0800 7/6/07, Andrew Dul wrote: > > >> Legacy IP address record holders who have not signed a registration services >> agreement with ARIN will have their name server delegations for the >> in-addr.arpa zone removed starting on June 30, 2009. All name server >> delegations shall be removed from the in-addr.arpa zone by December 31, 2009. >> > > Speaking as a member of ARIN (persumably in good standing but I can't > say as I don't sign the checks here) I beg that this is not done. > > I rely upon ARIN maintaining and publishing information on the > allocation of address space. What is more important to me, as a > paying member, is complete, accurate, and up to date information. > What is not important to me i whether the information is about an > organization in good, bad, or indifferent standing with ARIN. > > We should always highlight the responsible/authorized party for > address space. Members of ARIN benefit from this. Please don't hide > network registrations. (Yes, maybe the WhoIs is there, but still, > the registrant in the reverse map is not the reliant party.) > Edward, I can see how your arguments would apply to removing whois records from the database, but after re-reading the proposal I see that Andrew only proposed removing DNS delegation. Can you explain how you depend on ARIN publishing information on the allocation of address space in DNS (rather than WHOIS)? It would seem to me that ARIN members like you and me benefit primarily from having WHOIS information on legacy netblocks. Thanks, Scott From jrhett at svcolo.com Tue Jul 10 20:41:29 2007 From: jrhett at svcolo.com (Jo Rhett) Date: Tue, 10 Jul 2007 17:41:29 -0700 Subject: [ppml] Policy Proposal: Resource Reclamation Incentives In-Reply-To: <468A8EB0.1040405@psg.com> References: <468a580a.222.4ae3.26333@batelnet.bs> <468A64BF.6040402@kl.net><014001c7bd8d$e716fbb0$543816ac@atlanta.polycom.com> <468A7814.3090301@rollernet.us> <03f501c7bd9a$c080aca0$543816ac@atlanta.polycom.com> <468A8EB0.1040405@psg.com> Message-ID: <13E8807F-2FA2-4053-9858-1A0D0C2FF7A9@svcolo.com> On Jul 3, 2007, at 11:00 AM, Randy Bush wrote: > and three years later, the holder decides to announce and it becomes > lawyerville. > > there is a root problem. rightly or wrongly, folk were given space > with > what we would consider today to be insufficient constraints on > contact, I went back as far as my oldest allocation (1994) and everything I have says that I'm responsible for keeping contact information for the network block up to date. If ARIN tries to contact and gets no response for 3 years then they've violated the original contract. -- Jo Rhett senior geek Silicon Valley Colocation Support Phone: 408-400-0550 From william at elan.net Tue Jul 10 22:04:33 2007 From: william at elan.net (william(at)elan.net) Date: Tue, 10 Jul 2007 19:04:33 -0700 (PDT) Subject: [ppml] ARIN Outreach to Legacy Holders In-Reply-To: <20070709221711.GA72988@ussenterprise.ufp.org> References: <20070706135227.GB54239@ussenterprise.ufp.org> <30818.1183733866@sa.vix.com> <20070706153836.GA60747@ussenterprise.ufp.org> <10722.1183941829@sa.vix.com> <20070709221711.GA72988@ussenterprise.ufp.org> Message-ID: On Mon, 9 Jul 2007, Leo Bicknell wrote: > Legacy addresses, if you read the documents were assigned to specific > people for specific networks. I beleieve above is wrong although its harder now to judge specifics of process that legacy holders went through. But general view seems to be that ip addresses are and were assigned/allocated to organizations or more specifically to legal entities (which is either organization or individual by himself). > What argument could be made that they should be transferable to that > person's children? They need not make any transfer require if block was assigned to organization. They simply become new owners of organization and get control of the block as part of the ownership transition. > The clocks a-tickin. Two years and the legacy holders, ARIN, and > the community will all be rolling the dice as this unfolds. We > have to lay out some decent terms quickly and hope most people sign > up, otherwise it's going to be too late to matter. If we don't all > come to some agreement soon I'm sure a court will impose situation > that no one likes if things go badly. Courts will likely be tried no matter what and in fact its likely that if ARIN imposed certain policy or requirement of RSA on person who did not have this before, this will not be viewed favorately by courts (i.e. its worth then status quo), but IANAL. > Most interestingly, neither outreach for RSA modifications are > policy matters, so that really puts the pressure squarely on the > BOD. It is. That does not mean its bad that its discussed here, I'm sure people from BoT can use more feedback on this subject and would like to take into account community views when making their decisions. However it does seem that some policy proposals go beyond what could possibly be put on ARIN's policy page. And considering recent case of policy proposal that went through entire process and ulitmately was not accepted by BoT it would be great if ARIN when doing their review of the policy proposal provides feedback if that or is not so. -- William Leibzon Elan Networks william at elan.net From mysidia at gmail.com Tue Jul 10 21:11:46 2007 From: mysidia at gmail.com (James Hess) Date: Tue, 10 Jul 2007 20:11:46 -0500 Subject: [ppml] Policy Proposal: Authentication of Legacy Resources In-Reply-To: <46941FC8.2050607@internap.com> References: <20070706163335.831.qmail@hoster908.com> <46941FC8.2050607@internap.com> Message-ID: <6eb799ab0707101811m1b14f6f4tf3e70883ade922b@mail.gmail.com> > I can see how your arguments would apply to removing whois records from > the database, but after re-reading the proposal I see that Andrew only > proposed removing DNS delegation. Can you explain how you depend on > ARIN publishing information on the allocation of address space in DNS > (rather than WHOIS)? It would seem to me that ARIN members like you and > me benefit primarily from having WHOIS information on legacy netblocks. Providing answers to automated DNS and WHOIS queries and providing the information period are two different things. Legacy information could be provided in just a slightly different manner solely to separate it, and to make sure anyone who looks up the addresses will know "the X address space assigned to region Y is not up-to-date and in good standing with the RIR (hasn't signed an RSA, for the space, for instance)". Consider this alternative possibility... address space users who have signed an RSA, or are in good standing with the RIR in another region continue to have full access to the WHOIS. The "legacy" addresses get banned or restricted. Users who are in known legacy address space are blocked from accessing the WHOIS servers and from putting queries to the reverse DNS servers. It's not that people can't look them up -- it's that they can't look stuff up -- i.e. no user whose source address is in the legacy IP space is allowed to make any lookups at all, except perhaps for their own record (so they can see that up-to-date contact information has been provided). The information is still public, it's just that there are some exceptions as to from where it can be requested directly online, without payment of a nominal fee to cover the costs for maintaining the WHOIS server(s). Their names can still be reverse-resolved, but DNS resolvers operating from the legacy network are not allowed to reverse resolve any address. Chances are they do not care the least bit about this, but their users may complain about it, particularly when a WHOIS attempt fails and alerts the user that was trying to perform the lookup with a meaningful explanation that their Service Provider is not in good standing with their Regional Registry, and includes the last known contact information regarding "who is responsible for the address space". Follow that up with ammendment for the RSA to require that networks who DO sign a RSA agree not to proxy reverse DNS or WHOIS requests to the ARIN servers on behalf of a user of any address that according to WHOIS is part of a non-RSA historic address block... -- -J From owen at delong.com Tue Jul 10 21:23:11 2007 From: owen at delong.com (Owen DeLong) Date: Tue, 10 Jul 2007 18:23:11 -0700 Subject: [ppml] ARIN Outreach to Legacy Holders In-Reply-To: References: <20070706135227.GB54239@ussenterprise.ufp.org> <30818.1183733866@sa.vix.com> <20070706153836.GA60747@ussenterprise.ufp.org> <10722.1183941829@sa.vix.com> <20070709221711.GA72988@ussenterprise.ufp.org> Message-ID: <9A0FDEB7-28B3-48BB-B58C-C948143F97C4@delong.com> On Jul 10, 2007, at 7:04 PM, william(at)elan.net wrote: > > On Mon, 9 Jul 2007, Leo Bicknell wrote: > >> Legacy addresses, if you read the documents were assigned to specific >> people for specific networks. > > I beleieve above is wrong although its harder now to judge > specifics of > process that legacy holders went through. But general view seems to be > that ip addresses are and were assigned/allocated to organizations or > more specifically to legal entities (which is either organization or > individual by himself). > Nope... Prior to ARIN, IP addresses were assigned to people, organizations, and just about anything else you can imagine. I know a guy who managed to get a class B for his dog back when (I'm not defending it, just pointing out that it was possible). >> What argument could be made that they should be transferable to that >> person's children? > > They need not make any transfer require if block was assigned to > organization. They simply become new owners of organization and > get control of the block as part of the ownership transition. > If memory serves, addresses were never given out as transferrable. To effect a transfer, you always had to submit a transfer request which was subject to approval and required a similar (albeit less formal) set of circumstances to what is now documented in ARIN policy. >> The clocks a-tickin. Two years and the legacy holders, ARIN, and >> the community will all be rolling the dice as this unfolds. We >> have to lay out some decent terms quickly and hope most people sign >> up, otherwise it's going to be too late to matter. If we don't all >> come to some agreement soon I'm sure a court will impose situation >> that no one likes if things go badly. > > Courts will likely be tried no matter what and in fact its likely > that if ARIN imposed certain policy or requirement of RSA on person > who did not have this before, this will not be viewed favorately > by courts (i.e. its worth then status quo), but IANAL. > Impose, yes. Encourage, promote, request, etc., I think the courts would view favorably, and, that's what most people on this list are suggesting. The cry for a big stick seems to be limited to very few rather vocal participants. >> Most interestingly, neither outreach for RSA modifications are >> policy matters, so that really puts the pressure squarely on the >> BOD. > > It is. That does not mean its bad that its discussed here, I'm > sure people from BoT can use more feedback on this subject and > would like to take into account community views when making their > decisions. > I have already been solicited to put some of this through the ACSP. I just haven't had time to write it up there yet. Coming soon. > However it does seem that some policy proposals go beyond what could > possibly be put on ARIN's policy page. And considering recent case of > policy proposal that went through entire process and ulitmately was > not accepted by BoT it would be great if ARIN when doing their review > of the policy proposal provides feedback if that or is not so. > This was intentional in the case of my proposal. I discussed it with some members of the AC and some members of the BoT first. The general consensus of those consulted was that it made the most sense to submit it as policy, run it through the policy mill, then let the BoT sort out what parts belonged as policy, what needed to be taken before the membership, and, what needed to be implemented through other actions. In general, ARIN doesn't have a better forum for discussing anything that has a policy element to it, and, all policy elements must be discussed here anyway. Since there's no such requirement for the rest (other than some level of requirement for involvement of the membership in certain financial decisions), I put it up here first. Let's see what, if anything, makes it through the AC, PPML, Meeting, AC cycle, then address what else needs to happen next. If you want, I can always add a section that requires the policy implementation be contingent on the relevant non-policy steps being approved in their respective correct places. Owen From Keith at jcc.com Tue Jul 10 23:46:36 2007 From: Keith at jcc.com (Keith W. Hare) Date: Tue, 10 Jul 2007 23:46:36 -0400 Subject: [ppml] Policy Proposal: Authentication of Legacy Resources Message-ID: > -----Original Message----- > From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On > Behalf Of James Hess > Sent: Tuesday, July 10, 2007 9:12 PM > To: ARIN Address Policy > Subject: Re: [ppml] Policy Proposal: Authentication of Legacy > Resources > > Consider this alternative possibility... address space users who have > signed an > RSA, or are in good standing with the RIR in another region > continue to have > full access to the WHOIS. > > The "legacy" addresses get banned or restricted. > It is premature to start sharpening sticks to stab those who don't respond to an invitation that has not yet been issued. Keith Hare From Ed.Lewis at neustar.biz Wed Jul 11 01:30:35 2007 From: Ed.Lewis at neustar.biz (Edward Lewis) Date: Wed, 11 Jul 2007 01:30:35 -0400 Subject: [ppml] Policy Proposal: Authentication of Legacy Resources In-Reply-To: <46941FC8.2050607@internap.com> References: <20070706163335.831.qmail@hoster908.com> <46941FC8.2050607@internap.com> Message-ID: At 17:09 -0700 7/10/07, Scott Leibrand wrote: >Edward, > >I can see how your arguments would apply to removing whois records from the >database, but after re-reading the proposal I see that Andrew only proposed >removing DNS delegation. Can you explain how you depend on ARIN publishing >information on the allocation of address space in DNS (rather than WHOIS)? It >would seem to me that ARIN members like you and me benefit primarily from >having WHOIS information on legacy netblocks. In brief and in theory...if I get a packet from legacy space, I will want to do a lookup based on the address it came from. To see if the claimed domain name matches the address' PTR record or some other protocol related info tied to address space and not domain name. (As I said - in theory and way past my local bed time.) -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis +1-571-434-5468 NeuStar Think glocally. Act confused. From sleibrand at internap.com Wed Jul 11 01:39:40 2007 From: sleibrand at internap.com (Scott Leibrand) Date: Tue, 10 Jul 2007 22:39:40 -0700 Subject: [ppml] Policy Proposal: Authentication of Legacy Resources In-Reply-To: References: <20070706163335.831.qmail@hoster908.com> <46941FC8.2050607@internap.com> Message-ID: <46946D1C.8000607@internap.com> Edward Lewis wrote: > At 17:09 -0700 7/10/07, Scott Leibrand wrote: > >> I can see how your arguments would apply to removing whois records >> from the >> database, but after re-reading the proposal I see that Andrew only >> proposed >> removing DNS delegation. Can you explain how you depend on ARIN >> publishing >> information on the allocation of address space in DNS (rather than >> WHOIS)? It >> would seem to me that ARIN members like you and me benefit primarily >> from >> having WHOIS information on legacy netblocks. > > In brief and in theory...if I get a packet from legacy space, I will > want to do a lookup based on the address it came from. To see if the > claimed domain name matches the address' PTR record or some other > protocol related info tied to address space and not domain name. > > (As I said - in theory and way past my local bed time.) Yeah, that's pretty common, for applications like SSH and SMTP. My question is, if the lookup fails, don't you just treat it like an untrusted connection? That seems like something that would impact the clients on the legacy space a lot more than you as a server operator and ARIN member. A follow-up question for the morning: Is there anything you use DNS for (or that you know other people use it for) that would significantly affect non-legacy parties (without also affecting the legacy netblock's users) if PTR lookups from legacy space were to fail? -Scott From Ed.Lewis at neustar.biz Wed Jul 11 10:20:29 2007 From: Ed.Lewis at neustar.biz (Edward Lewis) Date: Wed, 11 Jul 2007 10:20:29 -0400 Subject: [ppml] Policy Proposal: Authentication of Legacy Resources In-Reply-To: <46946D1C.8000607@internap.com> References: <20070706163335.831.qmail@hoster908.com> <46941FC8.2050607@internap.com> <46946D1C.8000607@internap.com> Message-ID: At 22:39 -0700 7/10/07, Scott Leibrand wrote: >A follow-up question for the morning: Is there anything you use DNS for (or >that you know other people use it for) that would significantly affect >non-legacy parties (without also affecting the legacy netblock's users) if >PTR lookups from legacy space were to fail? The IETF has been asking this question too. The URL below is to the latest attempt to document something, an effort that dates back already 7 years. (The US space program progressed from its first manned sub-orbital launch to a manned moon landing and return in shorter time!) I mention this because "question for morning" - hope you have a long morning. ;) http://ietf.org/internet-drafts/draft-ietf-dnsop-reverse-mapping-considerations-04.txt In the document I'll call attention to two (out of context probably) snippets: # 4.2 Delegation considerations # # ... # It is desirable that Regional Registries and any Local Registries to # whom they delegate encourage, or continue to encourage, reverse # mappings. and # 4.3 Application considerations # # Applications should not rely on reverse mapping for proper operation, # although functions that depend on reverse mapping will obviously not # work in its absence. Operators and users are reminded that the use # of the reverse tree, sometimes in conjunction with a lookup of the # name resulting from the PTR record, provides no real security, can # lead to erroneous results and generally just increases load on DNS # servers. Further, in cases where address block holders fail to # properly configure reverse mapping, users of those blocks are # penalized. This document is a work in (slow) progress (no offense intended to the editors, it's a group problem) but it reflects an approximation of the consensus opinion held today. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis +1-571-434-5468 NeuStar Think glocally. Act confused. From mksmith at adhost.com Wed Jul 11 12:36:00 2007 From: mksmith at adhost.com (Michael K. Smith - Adhost) Date: Wed, 11 Jul 2007 09:36:00 -0700 Subject: [ppml] Policy Proposal: Authentication of Legacy Resources In-Reply-To: <6eb799ab0707101811m1b14f6f4tf3e70883ade922b@mail.gmail.com> References: <20070706163335.831.qmail@hoster908.com> <46941FC8.2050607@internap.com> <6eb799ab0707101811m1b14f6f4tf3e70883ade922b@mail.gmail.com> Message-ID: <17838240D9A5544AAA5FF95F8D520316022AC80B@ad-exh01.adhost.lan> Hello James: > -----Original Message----- > From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On Behalf Of > James Hess > Sent: Tuesday, July 10, 2007 6:12 PM > To: ARIN Address Policy > Subject: Re: [ppml] Policy Proposal: Authentication of Legacy Resources > > > I can see how your arguments would apply to removing whois records > from > > the database, but after re-reading the proposal I see that Andrew > only > > proposed removing DNS delegation. Can you explain how you depend on > > ARIN publishing information on the allocation of address space in DNS > > (rather than WHOIS)? It would seem to me that ARIN members like you > and > > me benefit primarily from having WHOIS information on legacy > netblocks. > > Providing answers to automated DNS and WHOIS queries and providing > the information period are two different things. Legacy information > could > be provided in just a slightly different manner solely to separate it, > and to > make sure anyone who looks up the addresses will know "the X address > space assigned to region Y is not up-to-date and in good standing with > the RIR (hasn't signed an RSA, for the space, for instance)". > > > Consider this alternative possibility... address space users who have > signed an > RSA, or are in good standing with the RIR in another region continue to > have > full access to the WHOIS. > > The "legacy" addresses get banned or restricted. > > Users who are in known legacy address space are blocked from accessing > the WHOIS servers and from putting queries to the reverse DNS servers. > > It's not that people can't look them up -- it's that they can't look > stuff up -- > i.e. no user whose source address is in the legacy IP space is allowed > to make any > lookups at all, except perhaps for their own record (so they can see > that up-to-date > contact information has been provided). > > The information is still public, it's just that there are some > exceptions as to from > where it can be requested directly online, without payment of a > nominal fee to cover > the costs for maintaining the WHOIS server(s). > > Their names can still be reverse-resolved, but DNS resolvers operating > from the > legacy network are not allowed to reverse resolve any address. > > > Chances are they do not care the least bit about this, but their users > may complain about it, particularly when a WHOIS attempt fails and > alerts the user that was trying to perform the lookup with a > meaningful explanation that their Service Provider is not in good > standing with their Regional Registry, and includes the last known > contact information regarding "who is responsible for the address > space". > > > Follow that up with ammendment for the RSA to require that networks who > DO sign a RSA agree not to proxy reverse DNS or WHOIS requests to the > ARIN servers on behalf of a user of any address that according to > WHOIS is part of > a non-RSA historic address block... > I think it would benefit us more to use the carrot approach instead of the big stick. Why not actually incent them to get their information into the appropriate places (DNS/Routing Registries)? The management overhead of allowing them to do so (but not requiring), doing some due diligence in trying to contact them and making tools available and information available to make it easy for them to update their records is, to my mind, significantly less than what it would take to restrict access and then deal with angry 3rd parties who (judging from the bigger allocations) are likely lawyered-up and have reason to believe that ARIN has no particular rights and responsibilities for their asset. I think generating goodwill and making attempts to provide assistance to those beyond the pale for the benefit of the greater community would certainly serve us better as a group than what might be perceived as an attempt by ARIN to extend its reach/"power" beyond the reach of its charter/mandate/responsibilities. So, that would seem to suggest: 1) Gather a list of present legacy holders with their current contact info to the best of our ability 2) Create a location (legacy.arin.net or some such) that guides the legacy holders through the process of updating their information *and* includes a list of things ARIN needs in order to update records (company letterhead, solemn oaths, signet rings, etc.). 3) Create a guide through the process of doing RR updates 4) Explain at every step in the process how beneficial it would be to everyone concerned if the old swamp space was returned and replaced with an RSA-covered allocation. 5) Provide Renumbering for Dummies assistance (I'm thinking textual references, not Help Desk support). Then, when they tremble in fear at the thought of renumbering their network, hit them with IPv6 for Dummies so they see the benefit of renumbering only once. (Far stretch, I know). 6) No change in charges to legacy customers I guess you could make all web resources free of charge and bill T&M for phone calls (1-900-4legacy) if you wanted to go through the hassle. Regards, Mike From mack at exchange.alphared.com Wed Jul 11 13:58:19 2007 From: mack at exchange.alphared.com (mack) Date: Wed, 11 Jul 2007 12:58:19 -0500 Subject: [ppml] My take on legacy resource proposal In-Reply-To: References: Message-ID: <859D2283FD04CA44986CC058E06598F84217D8DCC1@exchange4.exchange.alphared.local> Things people agree on: 1) ARIN should do outreach. 2) Do outreach before doing anything else. 3) Outdated whois records that are invalid should be marked as such - last modified date gives some indication. 4) If the reverse DNS isn't valid mark or remove it - txt records at the delegation point are perfect for this. 5) If space is abandoned it should be reclaimed. 6) Whois is more use to people trying to contact address holders than the address holders. Things people don't agree on: 1) Legacy holders getting a free ride. My Take: They have had a free ride long enough but we can't force them to pay anything for legacy resources. 2) Legacy holders keeping unjustified resources. My Take: The DFZ needs resources but the /24 holders should get to keep the resources if they are using them. The /16 and /8 holders probably need to be dealt with on a case by case basis. Caveat: A network between computers with an air gap firewall from the rest of the world doesn't constitute use in my opinion while connecting 3 or more businesses but not routing the IPs publicly does. Although if they aren't public reclamation is unlike to effect the businesses one way or the other in the long run. 3) What services Legacy holders are entitled to. My Take: No one promised Legacy holders reverse DNS, as previously stated it didn't exist when a lot of these allocation/assignments were made. It CAN be used as a stick after everything else has been tried. That doesn't mean it should be or that it will be effective. Caveat: Someone may have some document contradicting the promise of reverse DNS but I doubt it was codified anywhere before 2050. 2050 doesn't require support for reverse DNS on legacy blocks only on direct allocations from the RIRs. 4) If 2050 applies to legacy space. My Take: Either it does or ARIN can reissue the space. That is, either ARIN is required to maintain legacy space per 2050 or it can reissue it. Caveat: 2050 seems to indicate only IANA can revoke legacy space. If I was a legacy holder I would hope a court ruled that 2050 applies and only IANA can revoke legacy space. This will wind up in court sooner or later. The NETBLOCKS case still is not settled. ARIN should really have a page dedicated to current legal actions and filings etc. If the DoC steps in there is no telling what could happen. 5) If there should be some codified penalty for not signing an RSA. My Take: Legacy holders need to be brought into an RSA of some kind. I don't know that we can get them to sign one that does anything other than codify their current status. Other RIRs have forced legacy holders to sign the current RSA. The number of legacy blocks and legal environments are much different in those regions. 6) What constitutes abandoned space. My Take: Space is abandon if it is not in the DFZ and records are out of date. Obviously every effort to update records should be made before reclamation. 7) What constitutes use. My Take: A block is in use if it is being routed between multiple entities that are not in the same building. >From a practical perspective businesses are using non-1918 space internally. Revoking IPv4 space that is not in the DFZ and assigning it for use in the DFZ will not be popular but is unlikely to break things for a lot of people. I am not advocating this. It is likely to gain traction after IPv4 runs out. 8) How long IPv4 records should be maintained. My Take: It will be at least 5-10 years before a majority of people are single homed on IPv6. LR Mack McBride Network Administrator Alpha Red, Inc. From marla.azinger at frontiercorp.com Wed Jul 11 14:41:23 2007 From: marla.azinger at frontiercorp.com (Azinger, Marla) Date: Wed, 11 Jul 2007 14:41:23 -0400 Subject: [ppml] My take on legacy resource proposal Message-ID: <454810F09B5AA04E9D78D13A5C39028A023EFC07@nyrofcs2ke2k01.corp.pvt> Mack- Thanks for this posting. Its nice to see it all lined up without clutter. I hate to use the word but in response to your thoughts on the matters...I would like to say "ditto". Cheers! Marla -----Original Message----- From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net]On Behalf Of mack Sent: Wednesday, July 11, 2007 10:58 AM To: ppml at arin.net Subject: [ppml] My take on legacy resource proposal Things people agree on: 1) ARIN should do outreach. 2) Do outreach before doing anything else. 3) Outdated whois records that are invalid should be marked as such - last modified date gives some indication. 4) If the reverse DNS isn't valid mark or remove it - txt records at the delegation point are perfect for this. 5) If space is abandoned it should be reclaimed. 6) Whois is more use to people trying to contact address holders than the address holders. Things people don't agree on: 1) Legacy holders getting a free ride. My Take: They have had a free ride long enough but we can't force them to pay anything for legacy resources. 2) Legacy holders keeping unjustified resources. My Take: The DFZ needs resources but the /24 holders should get to keep the resources if they are using them. The /16 and /8 holders probably need to be dealt with on a case by case basis. Caveat: A network between computers with an air gap firewall from the rest of the world doesn't constitute use in my opinion while connecting 3 or more businesses but not routing the IPs publicly does. Although if they aren't public reclamation is unlike to effect the businesses one way or the other in the long run. 3) What services Legacy holders are entitled to. My Take: No one promised Legacy holders reverse DNS, as previously stated it didn't exist when a lot of these allocation/assignments were made. It CAN be used as a stick after everything else has been tried. That doesn't mean it should be or that it will be effective. Caveat: Someone may have some document contradicting the promise of reverse DNS but I doubt it was codified anywhere before 2050. 2050 doesn't require support for reverse DNS on legacy blocks only on direct allocations from the RIRs. 4) If 2050 applies to legacy space. My Take: Either it does or ARIN can reissue the space. That is, either ARIN is required to maintain legacy space per 2050 or it can reissue it. Caveat: 2050 seems to indicate only IANA can revoke legacy space. If I was a legacy holder I would hope a court ruled that 2050 applies and only IANA can revoke legacy space. This will wind up in court sooner or later. The NETBLOCKS case still is not settled. ARIN should really have a page dedicated to current legal actions and filings etc. If the DoC steps in there is no telling what could happen. 5) If there should be some codified penalty for not signing an RSA. My Take: Legacy holders need to be brought into an RSA of some kind. I don't know that we can get them to sign one that does anything other than codify their current status. Other RIRs have forced legacy holders to sign the current RSA. The number of legacy blocks and legal environments are much different in those regions. 6) What constitutes abandoned space. My Take: Space is abandon if it is not in the DFZ and records are out of date. Obviously every effort to update records should be made before reclamation. 7) What constitutes use. My Take: A block is in use if it is being routed between multiple entities that are not in the same building. >From a practical perspective businesses are using non-1918 space internally. Revoking IPv4 space that is not in the DFZ and assigning it for use in the DFZ will not be popular but is unlikely to break things for a lot of people. I am not advocating this. It is likely to gain traction after IPv4 runs out. 8) How long IPv4 records should be maintained. My Take: It will be at least 5-10 years before a majority of people are single homed on IPv6. LR Mack McBride Network Administrator Alpha Red, Inc. _______________________________________________ This message sent to you through the ARIN Public Policy Mailing List (PPML at arin.net). Manage your mailing list subscription at: http://lists.arin.net/mailman/listinfo/ppml From kkargel at polartel.com Wed Jul 11 15:07:16 2007 From: kkargel at polartel.com (Kevin Kargel) Date: Wed, 11 Jul 2007 14:07:16 -0500 Subject: [ppml] IPv4 "Up For Grabs" proposal In-Reply-To: Message-ID: <70DE64CEFD6E9A4EB7FAF3A063141066707133@mail> Why is there such a big push to drop IPv4? Is there a reason that v4 and v6 can't operate concurrently in perpetuity? Won't the customers go where the content is and the content go where the money is? I would suggest that if IPv6 is a good thing (and I firmly believe that it is) then networks will naturally gravitate to IPv6. That being the case then let IPv4 die a natural death of attrition. There is no need to murder it outright. If in fact IPv4 continues to survive and thrive alongside IPv6 wouldn't that very fact demonstrate the need to keep it going and foster it? It sounds like a lot of people have so little faith in the value of IPv6 that they for some odd reason cinsider IPv4 a threat. If IPv6 is better than IPv4 then people will use it. If it isn't then they will stay where they are. I see no reason to 'force' people to switch. They will move when it is in their best interests to do so for features and markets. > -----Original Message----- > From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On > Behalf Of Ted Mittelstaedt > Sent: Monday, July 09, 2007 4:51 PM > To: bill fumerola; 'ARIN PPML' > Subject: Re: [ppml] IPv4 "Up For Grabs" proposal > > > > >-----Original Message----- > >From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net]On > Behalf Of > >bill fumerola > >Sent: Monday, July 09, 2007 1:32 PM > >To: 'ARIN PPML' > >Subject: Re: [ppml] IPv4 "Up For Grabs" proposal > > > > > >On Thu, Jul 05, 2007 at 05:09:59PM -0700, Ted Mittelstaedt wrote: > >> >> OK, then how exactly is this fact an argument AGAINST arin > >> >simply removing > >> >> these records out of it's whois? Which is what I am suggesting? > >> > > >> >who does that hurt? the legacy holders or the rest of the > community > >> >trying to use a tool to find out who to contact when that > netblock > >> >does something foolish. > >> > > >> >as a paying ARIN member, i want ARIN to keep track of as much as > >> >they're legally, financially, technically allowed to. that WHOIS > >> >service is more useful to me, the paying ARIN member, not > the legacy holder. > >> > >> For now. What about post-IPv4 runout? > > > >i think you assume that ARIN's IPv4 services will change in > some major > >way when that happens. i don't believe the memebership would > want that > >change and the IPv6 fees at that point would cover > maintanence of those > >'legacy' systems. i'd imagine ripping the IPv4 components would be > >more costly than just maintaining them after any sort of: > ipv4 runout > >of addresses by ARIN, ipv6 eclipse of ipv4, ipv4 runout of > addresses by > >IANA, etc. > > > >i would want to see the same level of service provided. no > difference > >between legacy pre-ARIN holders and paid members. > > So then if the membership doesen't want IPv4 to be removed > from the registries, then what is going to be created is a > situation where nobody has any incentive to remove their IPv4 > reachability, nor remove the ability for their customers to > reach IPv4 sites. > > In short, IPv4 will NEVER "go away" Your proposing a future > were we add IPv6, and nobody ever gives up IPv4 resources. > So the Internet merely becomes an Internet of both IPv6 and > IPv4, not an Internet of IPv4 only or an Internet of > IPv6 only. > > I'm not debating we could or couldn't do this technically. > > However, if we do this, then don't you see that ALL IPv4 > holders, not just the legacy ones, will never have any > incentive to drop IPv4. > > If all of that is OK with you, then why would an existing > paying IPv4 holder today who doesen't need numbering, want to > bother going to IPv6? After all you just said everyone will > be maintaining their IPv4, so what need is there for an > IPv4 > holder to load up IPv6? The only incentive I see would be to > reach a network that is IPv6 ONLY, such as a network that > needs numbering post-IPv4 runout. > This puts a terrible burden on these networks because since > they are new, they cannot be reached by a lot of the > Internet, and it is not likely that they can provide enough > of an incentive to get IPv4-only holders to update to reach them. > > Ted > > > _______________________________________________ > This message sent to you through the ARIN Public Policy > Mailing List (PPML at arin.net). > Manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml > From info at arin.net Wed Jul 11 15:19:10 2007 From: info at arin.net (Member Services) Date: Wed, 11 Jul 2007 15:19:10 -0400 Subject: [ppml] ARIN XX Registration Now Open Message-ID: <46952D2E.9000206@arin.net> ARIN invites you to join us 17-19 October 2007 in Albuquerque, New Mexico for the ARIN XX Public Policy and Members Meeting. The meeting will be held back-to-back with NANOG 41 at the Hyatt Regency Albuquerque. Previous back-to-back meetings have proven to be excellent opportunities for involvement in both organizations and we look forward to even greater success and participation this fall. Registration for ARIN XX is now open. Meeting information is available at http://www.arin.net/ARIN-XX/. The special room rate of $158 single/double occupancy is available for reservations made on or before 24 September 2007. Reserve your room now as space may be limited. ARIN holds open, biannual Public Policy and Members Meetings, providing an opportunity for the entire Internet community to contribute to Internet number resource policy discussions and development, network with colleagues, and attend workshops and tutorials. Community participation is the basis of the ARIN policy development process and current policy proposals up for discussion at this meeting are available at: http://www.arin.net/policy/proposals/proposal_archive.html ARIN XX Overview * Sunday, 14 October - NANOG and ARIN are excited to jointly offer a day of workshops and tutorials on a variety of IPv6 topics -- more details coming soon! * Tuesday, 16 October - Evening Open Policy Hour, First Timer Luncheon * Wednesday, 17 October - ARIN Public Policy Meeting, Day 1, evening ARIN Social * Thursday, 18 October - ARIN Public Policy Meeting, Day 2 * Friday, 19 October - ARIN Members Meeting (open to all ARIN XX attendees) Additional agenda details and more information about ARIN XX will be posted to our website as we get closer to the meeting, so check back often! Regards, Member Services Department American Registry for Internet Numbers From randy at psg.com Wed Jul 11 15:36:16 2007 From: randy at psg.com (Randy Bush) Date: Thu, 12 Jul 2007 04:36:16 +0900 Subject: [ppml] My take on legacy resource proposal In-Reply-To: <859D2283FD04CA44986CC058E06598F84217D8DCC1@exchange4.exchange.alphared.local> References: <859D2283FD04CA44986CC058E06598F84217D8DCC1@exchange4.exchange.alphared.local> Message-ID: <46953130.908@psg.com> > 3) Outdated whois records that are invalid should be marked as such recipe for invalidness detection solicited randy From randy at psg.com Wed Jul 11 15:38:32 2007 From: randy at psg.com (Randy Bush) Date: Thu, 12 Jul 2007 04:38:32 +0900 Subject: [ppml] IPv4 "Up For Grabs" proposal In-Reply-To: <70DE64CEFD6E9A4EB7FAF3A063141066707133@mail> References: <70DE64CEFD6E9A4EB7FAF3A063141066707133@mail> Message-ID: <469531B8.6060402@psg.com> Kevin Kargel wrote: > Why is there such a big push to drop IPv4? there isn't. there is big talk, the vast majority of which comes from folk who do not run v6. if this conversation was restricted to those who actually run v6 from host to dfz, it would be very quiet here. randy From michael at rancid.berkeley.edu Wed Jul 11 15:59:41 2007 From: michael at rancid.berkeley.edu (Michael Sinatra) Date: Wed, 11 Jul 2007 12:59:41 -0700 Subject: [ppml] IPv4 "Up For Grabs" proposal In-Reply-To: <70DE64CEFD6E9A4EB7FAF3A063141066707133@mail> References: <70DE64CEFD6E9A4EB7FAF3A063141066707133@mail> Message-ID: <469536AD.5090308@rancid.berkeley.edu> Kevin Kargel wrote: > Why is there such a big push to drop IPv4? Is there a reason that v4 > and v6 can't operate concurrently in perpetuity? Won't the customers go > where the content is and the content go where the money is? > > I would suggest that if IPv6 is a good thing (and I firmly believe that > it is) then networks will naturally gravitate to IPv6. That being the > case then let IPv4 die a natural death of attrition. There is no need > to murder it outright. > > If in fact IPv4 continues to survive and thrive alongside IPv6 wouldn't > that very fact demonstrate the need to keep it going and foster it? > > It sounds like a lot of people have so little faith in the value of IPv6 > that they for some odd reason cinsider IPv4 a threat. If IPv6 is > better than IPv4 then people will use it. If it isn't then they will > stay where they are. I see no reason to 'force' people to switch. They > will move when it is in their best interests to do so for features and > markets. The point of dual-stack configurations is to allow v4 and v6 to do just that--coexist in perpetuity. Eventually, it will likely become too much of a pain to support dual stack in every OS codebase, so we should start to see v6 only OS stacks. That will allow us to eventually phase out v4 on routers and the like, and eventually, it will fade away. I think the idea that we will be able to establish a timeline for the abolition of v4 through a policy process is a bit unrealistic, and probably not worth our time. The issues with predicting technological trends that far in advance need not be restated here. I think in general, it makes more sense to use carrots instead of sticks, both with respect to the adoption of v6 and in dealing with legacy address space holders. I think the stick approach is way too risky from everyone's perspective. michael From dean at av8.com Wed Jul 11 17:13:48 2007 From: dean at av8.com (Dean Anderson) Date: Wed, 11 Jul 2007 17:13:48 -0400 (EDT) Subject: [ppml] My take on legacy resource proposal In-Reply-To: <454810F09B5AA04E9D78D13A5C39028A023EFC07@nyrofcs2ke2k01.corp.pvt> Message-ID: > Things people agree on: You haven't been paying attention to what people agree on. > 3) Outdated whois records that are invalid should be marked as such - > last modified date gives some indication. People do not agree on 3. That last modified date gives no indication. > 4) If the reverse DNS isn't valid mark or remove it - txt records at > the delegation point are perfect for this. People do not agree on 4. > 6) Whois is more use to people trying to contact address holders than the address holders. 6 is nonsense. Communication is 2way, and valued by both parties. Responses to your take on what you consider the disagreements: > 3) What services Legacy holders are entitled to. > > My Take: No one promised Legacy holders reverse DNS, as previously > stated it didn't exist when a lot of these allocation/assignments were > made. It CAN be used as a stick after everything else has been tried. > That doesn't mean it should be or that it will be effective. This is historically inaccurate. Reverse mapping has existed in concept since RFC 883 (1983) and reverse DNS was created in RFC 1034/1035 (1987). I don't know the exact date of the first In-addr operation, but I suspect it was close to the RFC1034 date. I suggest you read this proposed draft on reverse DNS status (and I hope you urge the DNSOP group take it up and approve it) http://www.ietf.org/internet-drafts/draft-anderson-reverse-dns-status-00.txt > Caveat: Someone may have some document contradicting the promise of > reverse DNS but I doubt it was codified anywhere before 2050. 2050 > doesn't require support for reverse DNS on legacy blocks only on > direct allocations from the RIRs. It is true that reverse DNS isn't a required service. However, discrimination would be problematic. > 4) If 2050 applies to legacy space. > > My Take: Either it does or ARIN can reissue the space. > That is, either ARIN is required to maintain legacy space per 2050 or it can reissue it. > > Caveat: 2050 seems to indicate only IANA can revoke legacy space. If > I was a legacy holder I would hope a court ruled that 2050 applies and > only IANA can revoke legacy space. This will wind up in court sooner > or later. The NETBLOCKS case still is not settled. ARIN should > really have a page dedicated to current legal actions and filings etc. > If the DoC steps in there is no telling what could happen. RFC 2050 doesn't define anything. RFC2050 is a recommendation by the technical consultant (IETF) to the operating authority of IANA (ICANN/DoC) ICANN/DoC can take that advice or reject it. > 5) If there should be some codified penalty for not signing an RSA. > > My Take: Legacy holders need to be brought into an RSA of some kind. > I don't know that we can get them to sign one that does anything other > than codify their current status. We have an agreement already. We don't need another one. Our current status is already known and documented. > Other RIRs have forced legacy > holders to sign the current RSA. The number of legacy blocks and > legal environments are much different in those regions. I don't know of anyone, at any RIR ever being 'forced' to sign a new RSA on legacy blocks. Signing a new RSA to get a new allocation is not what I'd call being forced. --Dean -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000 From tedm at ipinc.net Wed Jul 11 17:14:13 2007 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Wed, 11 Jul 2007 14:14:13 -0700 Subject: [ppml] IPv4 "Up For Grabs" proposal In-Reply-To: <6eb799ab0707100538q4d8d1eb5o247a618ab2fbf0ed@mail.gmail.com> Message-ID: >-----Original Message----- >From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net]On Behalf Of >James Hess >Sent: Tuesday, July 10, 2007 5:38 AM >To: ARIN Address Policy >Subject: Re: [ppml] IPv4 "Up For Grabs" proposal > > >> incentives. The most ARIN does is to try and make sure that ARIN itself >> is not a barrier to IPv6 adoption because ARIN realizes that IPv6 is the >> only way to resolve the problem of IPv4 address exhaustion. > >IPv6 creates other problems (i.e. it incurs costs due to the large >size of the >addresses it uses). It is not necessarily the only way to resolve >the problem >of IPv4 exhaustion, and it's not a RIR's place to try to deprecate >the IPv4, >the RIRs are the stewards of the address space and continue to do their >job, otherwise, a new RIR could be formed to fill in the void. The new RIR is an empty threat. Any new RIR formed to track IPv4 that was deprecated would be mainly doing it for the legacy IPv4 holders as they are the ones with a financial interest in NOT having to replace their free IPv4 allotments with costly IPv6. And the new RIR would need to be funded and so the legacy holders would have to pay, which defeats the entire point of holding on to a legacy IPv4 allotment. > >In many ways, IPv6 is the superior, cleaner, "more correct" technology. >But superior, "more correct" technologies do not always win the >marketplace, IP addressing isn't a marketplace. That is like saying let the market decide between VHS and Betamax. It was a disaster and cost millions for customers who bought Betamax. That is why they didn't repeat it with DVD's and have multiple incompatible formats. As much as some people seem to think that every problem can be solved by the free market, this attitude created disasters with the electrical power market and a number of others, when tried. Standardization is a lot more important for large markets than you want to believe. Haven't you ever wondered why milk in the grocery store no matter what dairy makes it, comes in the same plastic jugs that are the same size and same material? Ted From dean at av8.com Wed Jul 11 17:14:42 2007 From: dean at av8.com (Dean Anderson) Date: Wed, 11 Jul 2007 17:14:42 -0400 (EDT) Subject: [ppml] Incentive to legacy address holders In-Reply-To: Message-ID: On Mon, 9 Jul 2007, Ted Mittelstaedt wrote: > That sounds perfectly fair to me. Now, let's talk about how long the > latecomers are expected to pay extra. The latecomer's aren't paying "extra". The price went up, just like the price of property rises in the late stages of development. The first people in take the biggest risks, and get the lowest price. Second, the Legacy holders have an agreement which ARIN doesn't have a right to break or modify. ARIN is the custodian of the records, not the owner of the records. > You see the problem isn't that the latecomers are paying extra. The > problem is that they are paying extra and some of the homesteaders > expect the situation to continue FOREVER. Since there are so few legacy blocks, and since ARIN isn't short of money, and since your charges are nominal, this isn't really the problem or even _a_ problem, is it? Indeed, your expenses continue to decrease as more assignments are made. ARIN now has a 20+million dollar surplus. The maintanance costs on a small number of long established blocks (half of which haven't changed in 15 years) is pretty trivial. So, I don't think you are really concerned money about here. > >Likewise, the Internet is here because of the efforts and risks of > >Legacy holders. You don't seem appreciative of that. > > I would think that getting a free ride for so long is a good > expression of appreciation by the community? It hasn't been a free ride for legacy holders. The latecomers are the ones getting the free ride: using free protocols, free software, and free operational experience that the legacy holders developed for them. As has been said previously, ARIN is the custodian of records for the IANA (DoC). Even the non-legacy delegations don't belong to ARIN. ARIN is just the agent of the IANA. The legacy holders have pre-existing agreements with the IANA. ARIN has no standing and no justification to interfere with those prior agreements. The true purpose of this proposal is not outreach, nor identification of abandoned delegations. Those purposes could be carried out by a newsletter, and those purposes are also not unique to Legacy blocks, but are relevant to all blocks. So, when the legitimate purposes are completely and better served by alternate means, what does that mean for the purpose of this proposal? --Dean -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000 From tedm at ipinc.net Wed Jul 11 17:28:21 2007 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Wed, 11 Jul 2007 14:28:21 -0700 Subject: [ppml] IPv4 "Up For Grabs" proposal In-Reply-To: <70DE64CEFD6E9A4EB7FAF3A063141066707133@mail> Message-ID: >-----Original Message----- >From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net]On Behalf Of >Kevin Kargel >Sent: Wednesday, July 11, 2007 12:07 PM >To: PPML at arin.net >Subject: Re: [ppml] IPv4 "Up For Grabs" proposal > > >Why is there such a big push to drop IPv4? Didn't you read John's posting yesterday? "If you've got a way to keep IPv4 running, and still maintain the enough hierarchy to keep global routing running, then it's time to enter the spotlight and share the secret. There is no doubt that its so much easier for us all to stay on IPv4 then to move to IPv6, we just don't know how to do it, and still keep the Internet running" >Is there a reason that v4 >and v6 can't operate concurrently in perpetuity? Yes. Because they won't in the long term. Consider the common RJ45 plastic crimp plug. Why is it used for all different forms of Ethernet speeds, T1's, and many other applications? Because it is senseless to have multiple incompatible connectors, it drives up prices for the connectors as well as the tooling needed to crimp them on. Time was that many T1 connectors were DB15. It was a lot of trouble to continually build cables with RJ45 on one end and DB15 on the other, so the market eventually stopped accepting DB15. If your goal is to have IPv4 and IPv6 operate concurrently in perpetuity on the Internet you will be ultimately stymied. But until then it will be more costly to run both concurrent, and so it is to our advantage to make the concurrent period as short as possible. >I would suggest that if IPv6 is a good thing (and I firmly believe that >it is) then networks will naturally gravitate to IPv6. That being the >case then let IPv4 die a natural death of attrition. There is no need >to murder it outright. > >If in fact IPv4 continues to survive and thrive alongside IPv6 wouldn't >that very fact demonstrate the need to keep it going and foster it? > How do you foster something that isn't going to be available to new people in a few years? > I see no reason to 'force' people to switch. They >will move when it is in their best interests to do so for features and >markets. > A rather strange statement because the people ARE being forced anyway. It is kind of like saying that 911 didn't force the US to invade Afganistan. Of course it did. But I suppose there are those few ultraliberals who comfort themselves by repeating that. Ted From tedm at ipinc.net Wed Jul 11 17:43:22 2007 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Wed, 11 Jul 2007 14:43:22 -0700 Subject: [ppml] IPv4 "Up For Grabs" proposal In-Reply-To: <469531B8.6060402@psg.com> Message-ID: >-----Original Message----- >From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net]On Behalf Of >Randy Bush >Sent: Wednesday, July 11, 2007 12:39 PM >To: Kevin Kargel >Cc: PPML at arin.net >Subject: Re: [ppml] IPv4 "Up For Grabs" proposal > > >Kevin Kargel wrote: >> Why is there such a big push to drop IPv4? > >there isn't. Not right now. But if IPv4 handling is botched in the future (such as the scenario of a one-customer/one-global-route) then there will be. It is to our advantage to take what steps possible to avoid this. It is a perfectly valid question to ask how long we are expected to track IPv4. It is a shame that certain people's egos were buised when they realized that they didn't think to ask the question, so now they want to damp down discussion of it. >there is big talk, the vast majority of which comes from >folk who do not run v6. if this conversation was restricted to those >who actually run v6 from host to dfz, it would be very quiet here. And if discussion of IPv6 was confined to those who had switched, then you would never see serious adoption of it. Ted From tedm at ipinc.net Wed Jul 11 18:39:36 2007 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Wed, 11 Jul 2007 15:39:36 -0700 Subject: [ppml] Incentive to legacy address holders In-Reply-To: Message-ID: >-----Original Message----- >From: Dean Anderson [mailto:dean at av8.com] >Sent: Wednesday, July 11, 2007 2:15 PM >To: Ted Mittelstaedt >Cc: John Santos; ppml at arin.net >Subject: RE: [ppml] Incentive to legacy address holders > > >On Mon, 9 Jul 2007, Ted Mittelstaedt wrote: > >> That sounds perfectly fair to me. Now, let's talk about how long the >> latecomers are expected to pay extra. > >The latecomer's aren't paying "extra". The price went up, just like the >price of property rises in the late stages of development. The first >people in take the biggest risks, and get the lowest price. > >Second, the Legacy holders have an agreement which ARIN doesn't have a >right to break or modify. ARIN is the custodian of the records, not the >owner of the records. > ONLY for IPv4 records. >> You see the problem isn't that the latecomers are paying extra. The >> problem is that they are paying extra and some of the homesteaders >> expect the situation to continue FOREVER. > >Since there are so few legacy blocks, and since ARIN isn't short of >money, and since your charges are nominal, this isn't really the problem >or even _a_ problem, is it? Indeed, your expenses continue to decrease >as more assignments are made. ARIN now has a 20+million dollar surplus. >The maintanance costs on a small number of long established blocks (half >of which haven't changed in 15 years) is pretty trivial. So, I don't >think you are really concerned money about here. > >> >Likewise, the Internet is here because of the efforts and risks of >> >Legacy holders. You don't seem appreciative of that. >> >> I would think that getting a free ride for so long is a good >> expression of appreciation by the community? > >It hasn't been a free ride for legacy holders. The latecomers are the >ones getting the free ride: using free protocols, free software, and >free operational experience that the legacy holders developed for them. > >As has been said previously, ARIN is the custodian of records for the >IANA (DoC). Even the non-legacy IPv4 > delegations don't belong to ARIN. >ARIN is just the agent of the IANA. The legacy holders have pre-existing >agreements with the IANA. for IPv4. > ARIN has no standing and no justification to >interfere with those prior agreements. > Incorrect. If IPv4 becomes a menace on the Internet then ARIN has to act to assist in removing it. If IPv4 becomes fragmented and inflates the route table is must be removed. IPv4 is ALREADY a block to widespread adoption of IPv6. If we had no IPv4 we would all run to adopt IPv6. Right now I don't thnk the legacy IPv4 holders are the largest part of the foot-dragging-IPv4 holders out there. So singling them out right now may not be merited. However if they ever become the bulk of the foot-draggers then they are going to have to be singled out. >The true purpose of this proposal is not outreach, nor identification of >abandoned delegations. Those purposes could be carried out by a >newsletter, and those purposes are also not unique to Legacy blocks, but >are relevant to all blocks. So, when the legitimate purposes are >completely and better served by alternate means, what does that mean for >the purpose of this proposal? It means you must either start employing those alternate means or you must adopt this proposal. One or the other. But you cannot simply sit on your hands and do nothing. Ted From jmorrison at bogomips.com Wed Jul 11 18:49:40 2007 From: jmorrison at bogomips.com (John Paul Morrison) Date: Wed, 11 Jul 2007 15:49:40 -0700 Subject: [ppml] IPv4 "Up For Grabs" proposal In-Reply-To: References: Message-ID: <46955E84.8030600@bogomips.com> There's a lot of reasons for IPv6 (about 2^128 reasons), but I don't think it has anything to do with keeping global routing running. Not when the two biggest vendors have routers that will scale to millions of routes, the biggest carriers have or will have these routers in their networks, and likely don't even have BGP running within their cores (since you don't have to with MPLS). Routing tables are of course growing (though nowhere near at the rate of the early 1990's) and mid-sized carriers may be feeling the pinch. But hey, if you haven't upgraded your hardware or network architecture since Y2K, you can't complain - and I don't think they are, I think they're just happy that they can actually get another few years out of their kit by re-using as MPLS switches or aggregation routers. The fact they've survived in business this long means they can afford to upgrade their edge/peering boxes where the big routing tables are needed. Call me a cynic, but I think it's either very optimistic or very naive to think that just because IPv6 has a nice hierarchical address allocation/aggregation plan on paper, that the IPv6 routing tables are going to look much different from today. You have the pressures of the market/business and the random entropy of global network with no central management that's going to churn the routing tables, punch holes in it and leak prefixes everywhere. Ted Mittelstaedt wrote: > >> -----Original Message----- >> From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net]On Behalf Of >> Kevin Kargel >> Sent: Wednesday, July 11, 2007 12:07 PM >> To: PPML at arin.net >> Subject: Re: [ppml] IPv4 "Up For Grabs" proposal >> >> >> Why is there such a big push to drop IPv4? >> > > Didn't you read John's posting yesterday? > > "If you've got a way to keep IPv4 running, and still maintain > the enough hierarchy to keep global routing running, then > it's time to enter the spotlight and share the secret. There > is no doubt that its so much easier for us all to stay on IPv4 > then to move to IPv6, we just don't know how to do it, and > still keep the Internet running" > -------------- next part -------------- An HTML attachment was scrubbed... URL: From arin-contact at dirtside.com Wed Jul 11 19:45:14 2007 From: arin-contact at dirtside.com (William Herrin) Date: Wed, 11 Jul 2007 19:45:14 -0400 Subject: [ppml] IPv4 "Up For Grabs" proposal In-Reply-To: <70DE64CEFD6E9A4EB7FAF3A063141066707133@mail> References: <70DE64CEFD6E9A4EB7FAF3A063141066707133@mail> Message-ID: <3c3e3fca0707111645n3c13d02dq36adcf9745444637@mail.gmail.com> On 7/11/07, Kevin Kargel wrote: > Why is there such a big push to drop IPv4? Is there a reason that v4 > and v6 can't operate concurrently in perpetuity? Won't the customers go > where the content is and the content go where the money is? Kevin, Others have offered excellent and concise answers to your three questions. I'll attempt a longer one that hopefully clarifies more than it muddies. IPv4 causes a lot of grief for the operators of the "default-free zone" or DFZ. The DFZ is the part of the Internet which has authoritative knowledge of the direction in which to route any packet legitimately on the Internet. It has no "default" route, no path to "everything else." Right now there are about 220,000 routes in the IPv4 DFZ. This puts a good deal of strain on the system. For one thing, every subprocessor on every router in the DFZ has to have enough memory and horsepower to manage 220,000 routes. For another, every time one link in the DFZ comes up or goes down, routers potentially across the entire DFZ have to rearrange all 220,000 routes so that they follow the new best paths. While this process completes there can be routing loops and dead zones where the Internet is just plain broken. The more routes there are, the longer it takes to complete. As the crunch for IPv4 addresses starts to tighten, its likely that large service providers will receive more small allocations instead of fewer large ones. This exacerbates the problem: each allocation consumes yet another route in the DFZ. To address this, DFZ providers spend vast sums of money on routing hardware and high-reliability core network links that rarely go down yet they are still only able to do an adequate job of keeping the Internet stable. Because of the change in how IP addresses are justified and assigned, the IPv6 DFZ has only a couple thousand routes and is expected to have fewer than 100,000 routes at full deployment. This will make it possible for folks on the DFZ to both spend less money -and- do a better job of keeping the Internet stable. The hitch is: until IPv4 goes away, you're not talking about 100,000 routes. You're talking about 100,000 IPv6 routes PLUS 220,000 IPv4 routes. So it gets worse before it gets better and until IPv4 goes away, it doesn't get better. So, how does end come? Surely companies don't just up and refuse to provide IPv4! Right? Right. But you don't have to be in the DFZ to provide IPv4 service. You can use a default route to someone who is. That's the path to IPv4's decline. In addition to the redundancy/reliability advantage to participating in the IPv4 DFZ, there is an economic advantage: DFZ participants can peer with each other. Peering means you charge your customers to send you packets but then trade them off to the destination network for free. The destination accepts your packets for free. He'll charge his customer to deliver them and would rather receive them for free than pay someone for the privilege. Today, this cost advantage strongly outweighs the costs associated with managing 220,000 routes. As IPv6 use increases and IPv4 use correspondingly declines, these advantages shrink until provider by provider, participation in the IPv4 DFZ costs more than a default route would. Exit stage left. They'll still announce their prefixes into the IPv4 DFZ but they'll discard the routing table in favor of a default route. Its the beginning of the end. As folks drop out of the IPv4 DFZ, the reliability and efficiency of the IPv4 Internet will decline. Static default routes break easily in non-trivial networks. That creates a feedback loop encouraging more service migration to IPv6 which in turn encourages more folks to drop out of the IPv4 DFZ. Eventually, this destabilizes IPv4 enough that folks start to deploy IPv6 tunnels to get the IPv4 packets where they need to go. With that tunnelling in place and IPv4 traffic much lighter than it is today, its suddenly very advantageous for folks still in the IPv4 DFZ to drop the zone back to a single router inside the AS so that the IPv6 border routers don't have to contend with IPv4 at all. IPv4 regains stability, but the routing becomes opaque and very ineffecient. IPv4 probably hangs on for quite a while in this marginalized state but for all intents and purposes its no longer the protocol on the Internet. RIP. Regards, Bill Herrin -- William D. Herrin herrin at dirtside.com bill at herrin.us 3005 Crane Dr. Web: Falls Church, VA 22042-3004 From james at towardex.com Wed Jul 11 20:12:08 2007 From: james at towardex.com (James Jun) Date: Wed, 11 Jul 2007 20:12:08 -0400 Subject: [ppml] IPv4 "Up For Grabs" proposal In-Reply-To: <3c3e3fca0707111645n3c13d02dq36adcf9745444637@mail.gmail.com> References: <70DE64CEFD6E9A4EB7FAF3A063141066707133@mail> <3c3e3fca0707111645n3c13d02dq36adcf9745444637@mail.gmail.com> Message-ID: <01f801c7c419$57cb8290$1efc5dd8@HCMC.local> [ snip ] > > Because of the change in how IP addresses are justified and assigned, > the IPv6 DFZ has only a couple thousand routes and is expected to have > fewer than 100,000 routes at full deployment. Not quite, the IPv6 DFZ is currently at around ~800 routes. > This will make it > possible for folks on the DFZ to both spend less money -and- do a > better job of keeping the Internet stable. > > The hitch is: until IPv4 goes away, you're not talking about 100,000 > routes. You're talking about 100,000 IPv6 routes PLUS 220,000 IPv4 > routes. So it gets worse before it gets better and until IPv4 goes > away, it doesn't get better. It's not that of a big problem than some people are speculating actually. Most modern TCAM sizes can perform 1M entries, even at a bad case implementation view point, you still have plenty of space to shove IPv4 DFZ and IPv6 DFZ altogether, put a several thousand of your interior routes, and on top of that play with MPLS and multicast entries. For most carriers right now, there's more urgency to upgrade hardware in order to support higher bandwidth load than due to routing table. Routing table issue is mostly secondary issue for many carriers -- many of them upgrade their gear mostly out of need to support higher port capacities and scaling for increased bandwidth use by their clients. Additionally, a number of networks have designed their core in such a way that it doesn't even have to carry much of DFZ anymore (see MPLS). This reduced opex translates to availability of funds to do something more useful (i.e. purchase edge routers that are more beefy with increased FIB capacity or otherwise). james From jmorrison at bogomips.com Wed Jul 11 20:31:24 2007 From: jmorrison at bogomips.com (John Paul Morrison) Date: Wed, 11 Jul 2007 17:31:24 -0700 Subject: [ppml] Incentive to legacy address holders In-Reply-To: References: Message-ID: <4695765C.9010804@bogomips.com> Indeed, IPv4 is a huge block to IPv6. (Aside: it took the Web for people to RUN to adopt IPv4. If we didn't have IPv4 and the Internet instead evolved on top of a competing protocol, we wouldn't be having any discussion about replacing the protocol; mostly because competing protocols had bigger addresses, and also possibly because the Internet would not have been as fertile ground for developing things like the Web, which made it take off). I'd like to see IPv6 replace IPv4 and think it will eventually, but IPv4 could linger well past its usable life (NAT will guarantee this). It's not like buying a newer faster car, more like getting everyone to switch to driving on the opposite sides of the road. Dual stack? Great, so why am I going to invest in training and man-power to upgrade everything when IPv4 is just good enough? IPv6 is here today in about every enterprise /service provider OS and network device, but it's not enough to get the ball rolling. It's getting into consumer devices but it's not enough. Until you can talk to everybody with IPv6, you might as well talk to nobody with IPv6, because IPv4 already works. What can policy do? It can nudge things along, remind us all that it would be a nicer if we all moved on to v6, and to help encourage things: we'll waive the fees for the early adopters, or better yet, simply keep your addresses and use IPv6-compatible addressing, since v6 is a proper superset of v4. Policy can also drop a lot of baggage about how IPv4 is so flawed that we need a clean slate and we need more paper work and more BS to get going. We have a lot of running code but not a lot of consensus, but I think over time it will become apparent that we just need an "IPv6" enable button on our existing systems to accomplish a migration, and then people can just carry on, business as usual, just with a lot more addresses. Ted Mittelstaedt wrote: > IPv4 is ALREADY a block to widespread adoption of IPv6. If we had no > IPv4 we would all run to adopt IPv6. > > Right now I don't thnk the legacy IPv4 holders are the largest part of > the foot-dragging-IPv4 holders out there. So singling them out right now > may not be merited. However if they ever become the bulk of the > foot-draggers > then they are going to have to be singled out. > > From jmorrison at bogomips.com Wed Jul 11 20:44:43 2007 From: jmorrison at bogomips.com (John Paul Morrison) Date: Wed, 11 Jul 2007 17:44:43 -0700 Subject: [ppml] IPv4 "Up For Grabs" proposal In-Reply-To: <3c3e3fca0707111645n3c13d02dq36adcf9745444637@mail.gmail.com> References: <70DE64CEFD6E9A4EB7FAF3A063141066707133@mail> <3c3e3fca0707111645n3c13d02dq36adcf9745444637@mail.gmail.com> Message-ID: <4695797B.4030806@bogomips.com> William Herrin wrote: > For one thing, every subprocessor on every router in the DFZ has to > have enough memory and horsepower to manage 220,000 routes. > Even MPLS P routers/label switch routers, which do not run iBGP at all, and have at most a few thousand OSPF or IS-IS routes? These routers are basically invisible to the DFZ but yet they carry a lot of traffic with none of drawbacks of carrying those routes. This seems to put the "B" back in Border Gateway Protocol, so that it's at the edge where it belongs. > For another, every time one link in the DFZ comes up or goes down, > routers potentially across the entire DFZ have to rearrange all > 220,000 routes so that they follow the new best paths. While this > Isn't that why dampening was invented? Your route flaps, that's your network's problem, not mine. > process completes there can be routing loops and dead zones where the > Internet is just plain broken. The more routes there are, the longer > it takes to complete. > > From sethm at rollernet.us Wed Jul 11 20:48:34 2007 From: sethm at rollernet.us (Seth Mattinen) Date: Wed, 11 Jul 2007 17:48:34 -0700 Subject: [ppml] v6 Multihoming (was Re: IPv4 "Up For Grabs" proposal) In-Reply-To: <3c3e3fca0707111645n3c13d02dq36adcf9745444637@mail.gmail.com> References: <70DE64CEFD6E9A4EB7FAF3A063141066707133@mail> <3c3e3fca0707111645n3c13d02dq36adcf9745444637@mail.gmail.com> Message-ID: <46957A62.9070601@rollernet.us> William Herrin wrote: > Because of the change in how IP addresses are justified and assigned, > the IPv6 DFZ has only a couple thousand routes and is expected to have > fewer than 100,000 routes at full deployment. This will make it > possible for folks on the DFZ to both spend less money -and- do a > better job of keeping the Internet stable. > > The hitch is: until IPv4 goes away, you're not talking about 100,000 > routes. You're talking about 100,000 IPv6 routes PLUS 220,000 IPv4 > routes. So it gets worse before it gets better and until IPv4 goes > away, it doesn't get better. So... explain multihoming in an IPv6 world to me. ~Seth From arin-contact at dirtside.com Wed Jul 11 20:49:19 2007 From: arin-contact at dirtside.com (William Herrin) Date: Wed, 11 Jul 2007 20:49:19 -0400 Subject: [ppml] IPv4 "Up For Grabs" proposal In-Reply-To: <01f801c7c419$57cb8290$1efc5dd8@HCMC.local> References: <70DE64CEFD6E9A4EB7FAF3A063141066707133@mail> <3c3e3fca0707111645n3c13d02dq36adcf9745444637@mail.gmail.com> <01f801c7c419$57cb8290$1efc5dd8@HCMC.local> Message-ID: <3c3e3fca0707111749y738ca331g8dec31a58631454b@mail.gmail.com> On 7/11/07, James Jun wrote: > > Because of the change in how IP addresses are justified and assigned, > > the IPv6 DFZ has only a couple thousand routes and is expected to have > > Not quite, the IPv6 DFZ is currently at around ~800 routes. Wishful thinking on my part. I'd like IPv6 deployment to be further along than it is. > > The hitch is: until IPv4 goes away, you're not talking about 100,000 > > routes. You're talking about 100,000 IPv6 routes PLUS 220,000 IPv4 > > routes. So it gets worse before it gets better and until IPv4 goes > > away, it doesn't get better. > > It's not that of a big problem than some people are speculating actually. I'll stipulate that the impending collapse of the IPv4 DFZ has been greatly exaggerated if you'll stipulate that IPv6 BGP will converge faster when the same routers don't have to converge IPv4 BGP in parallel. There will be real incentives not just to move towards IPv6 but to move away from IPv4. Regards, Bill Herrin -- William D. Herrin herrin at dirtside.com bill at herrin.us 3005 Crane Dr. Web: Falls Church, VA 22042-3004 From sleibrand at internap.com Wed Jul 11 21:00:25 2007 From: sleibrand at internap.com (Scott Leibrand) Date: Wed, 11 Jul 2007 18:00:25 -0700 Subject: [ppml] v6 Multihoming (was Re: IPv4 "Up For Grabs" proposal) In-Reply-To: <46957A62.9070601@rollernet.us> References: <70DE64CEFD6E9A4EB7FAF3A063141066707133@mail> <3c3e3fca0707111645n3c13d02dq36adcf9745444637@mail.gmail.com> <46957A62.9070601@rollernet.us> Message-ID: <46957D29.5000202@internap.com> Seth Mattinen wrote: > William Herrin wrote: > >> Because of the change in how IP addresses are justified and assigned, >> the IPv6 DFZ has only a couple thousand routes and is expected to have >> fewer than 100,000 routes at full deployment. This will make it >> possible for folks on the DFZ to both spend less money -and- do a >> better job of keeping the Internet stable. >> >> The hitch is: until IPv4 goes away, you're not talking about 100,000 >> routes. You're talking about 100,000 IPv6 routes PLUS 220,000 IPv4 >> routes. So it gets worse before it gets better and until IPv4 goes >> away, it doesn't get better. >> > > So... explain multihoming in an IPv6 world to me. > Basically, you can multihome in IPv6 the same way you do in IPv4. If you qualify for PI addresses in IPv4, you also qualify for IPv6 PI (in the ARIN region). You can announce your PI /48, or you PA block for that matter, in BGP to your upstreams. The main reason you can do the same thing in IPv6 as in IPv4 and get half the routes is that you're no longer allocating multiple discrete netblocks to a single ASN, so the ratio of routes to ASNs in the table is closer to 2:1 instead of 5:1. Is that what you were asking? In addition, IPv6 supports host multihoming, where a host has multiple IP addresses and uses whichever is appropriate. Extensions like shim6 are being standardized to allow session failover, which will open up a new realm of possibilities for small-site multihoming. I suspect most large sites will continue to multihome with BGP and PI space, though. -Scott From mysidia at gmail.com Wed Jul 11 21:20:42 2007 From: mysidia at gmail.com (James Hess) Date: Wed, 11 Jul 2007 20:20:42 -0500 Subject: [ppml] Incentive to legacy address holders In-Reply-To: References: Message-ID: <6eb799ab0707111820w22d53509sa0d0e95f6ca03657@mail.gmail.com> > The latecomer's aren't paying "extra". The price went up, just like the > price of property rises in the late stages of development. The first > people in take the biggest risks, and get the lowest price. People, providers, organizations use the address space they have registered, but they don't own it, they are not like homesteaders; they don't have any property at all, they are merely tenants of certain addresses in certain registries. IANA doesn't own address space (not even the address space reserved for IANA purposes). ARIN doesn't own address space. They assign addresses. Which is not the same as selling or conferring some form of ownership. > Second, the Legacy holders have an agreement which ARIN doesn't have a > right to break or modify. ARIN is the custodian of the records, not the > owner of the records. The informal agreement (if any) is not with ARIN, but an organization that used to exist that no longer does in that form -- IANA is a generic name now, for whatever organization currently happens to be assigned to perform certain functions, So ARIN really has no obligation to uphold an agreement made with the organization that is not responsible anymore for that aspect of maintaining the registry. > It hasn't been a free ride for legacy holders. The latecomers are the > ones getting the free ride: using free protocols, free software, and > free operational experience that the legacy holders developed for them. Being a legacy holder has nothing to do with developing free software or developing free protocols. There are probably plenty of legacy holders who have made no substantial contribution to the community. There are plenty of "latecomers" who have developed free software, free protocols, and other useful things. In effect, that a legacy holder "developed" something useful may be true, for the oldest legacy holders, but I don't see it as a compelling basis for treating legacy holders as a class any differently. If some organizations should get preferential treatment just because they made X contribution that was useful to the registry members, than the policy should be formalized and apply to any organization who had done that type of work, not just a legacy holder, because they happened to need ip addressing a few years earlier. > As has been said previously, ARIN is the custodian of records for the > IANA (DoC). Even the non-legacy delegations don't belong to ARIN. > ARIN is just the agent of the IANA. The legacy holders have pre-existing > agreements with the IANA. ARIN has no standing and no justification to > interfere with those prior agreements. Saying it over and over again doesn't make it the case. The organization that is now called IANA does not own the delegations; IANA is the mere technical custodian in this picture, not ARIN. ARIN is not an agent of IANA. IANA is subordinate to ICANN. If you examine the IANA web site, you will note of particular interest the "IANA-Related Issue Escalation Procedure," in case of IANA-related issues, and the final escalations if an issue remains unresolved are to ICANN staff. I.E. The ICANN President and CEO have oversight over the IANA general manager. > The true purpose of this proposal is not outreach, nor identification of > abandoned delegations. Those purposes could be carried out by a > newsletter, and those purposes are also not unique to Legacy blocks, but > are relevant to all blocks. So, when the legitimate purposes are > completely and better served by alternate means, what does that mean for > the purpose of this proposal? One legitimate purpose is equal treatment of all the organizations whose records are being maintained by the RIR, by getting them in the same fair policy framework. I also don't agree with the supposition that the proposal is not about outreach or identification of abandoned delegations. If you have a better way that does all these things, then propose it.. -- -J From christopher.morrow at gmail.com Wed Jul 11 21:21:30 2007 From: christopher.morrow at gmail.com (Christopher Morrow) Date: Wed, 11 Jul 2007 21:21:30 -0400 Subject: [ppml] v6 Multihoming (was Re: IPv4 "Up For Grabs" proposal) In-Reply-To: <46957A62.9070601@rollernet.us> References: <70DE64CEFD6E9A4EB7FAF3A063141066707133@mail> <3c3e3fca0707111645n3c13d02dq36adcf9745444637@mail.gmail.com> <46957A62.9070601@rollernet.us> Message-ID: <75cb24520707111821q678906d7x1fd2c5259de842b2@mail.gmail.com> On 7/11/07, Seth Mattinen wrote: > William Herrin wrote: > > Because of the change in how IP addresses are justified and assigned, > > the IPv6 DFZ has only a couple thousand routes and is expected to have > > fewer than 100,000 routes at full deployment. This will make it > > possible for folks on the DFZ to both spend less money -and- do a > > better job of keeping the Internet stable. > > Bill's making a giant leap of faith that all multi-homing won't be done like ipv4 multihoming and that people will be 'as good' as they are today wrt de-aggregation... This seems, based on past history, like a very, very bad bet. -Chris From james at towardex.com Wed Jul 11 21:27:48 2007 From: james at towardex.com (James Jun) Date: Wed, 11 Jul 2007 21:27:48 -0400 Subject: [ppml] IPv4 "Up For Grabs" proposal In-Reply-To: <3c3e3fca0707111749y738ca331g8dec31a58631454b@mail.gmail.com> References: <70DE64CEFD6E9A4EB7FAF3A063141066707133@mail> <3c3e3fca0707111645n3c13d02dq36adcf9745444637@mail.gmail.com> <01f801c7c419$57cb8290$1efc5dd8@HCMC.local> <3c3e3fca0707111749y738ca331g8dec31a58631454b@mail.gmail.com> Message-ID: <01f901c7c423$e976b980$1efc5dd8@HCMC.local> [ snip ] > > > The hitch is: until IPv4 goes away, you're not talking about 100,000 > > > routes. You're talking about 100,000 IPv6 routes PLUS 220,000 IPv4 > > > routes. So it gets worse before it gets better and until IPv4 goes > > > away, it doesn't get better. > > > > It's not that of a big problem than some people are speculating > actually. > > I'll stipulate that the impending collapse of the IPv4 DFZ has been > greatly exaggerated if you'll stipulate that IPv6 BGP will converge > faster when the same routers don't have to converge IPv4 BGP in > parallel. There will be real incentives not just to move towards IPv6 > but to move away from IPv4. But currently, the same routers I run today that are participating in both IPv4 and IPv6 world are not suffering at all -- (and yes it could theoretically be different when routing table size of IPv6 suddenly bloats beyond proportion). May be it's different scenario for you, but for me, I'm spending more money upgrading my gears to meet growing customer base and their bandwidth demand, than because of router resource issues created by v4/v6 routing tables. Either way, it's too early to make any stipulations regarding this in my opinion as none of us have seen how large_IPv4 + large_IPv6 dual-stacked routing table would look like in the future. The fact of the matter is, major router vendors are making routers with enough control plane horsepower nowadays[1] that in the future, if things come as predicted, no one will pay a lot of attention to routing table size anymore at least probably from carrier positions. [1] i.e. one good example is the recent RSP720 supervisor to replace SUP720 for Cisco 7600. MSFC speed is more than doubled. And then there are elements driving the networking hardware industry on matters that don't have a lot to do with BGP routing convergence. Vendors are continuously competing each other trying to build platforms with new integrated features, triple-play, converged networking, self-defending network(tm), CALEA On Demand(tm), 802.3ah Ethernet OAM, virtual routers, etc yadda yadda, that all require continued improvement of their control plane hardware and software architectures (see IOS XR and Cat65k modular IOS code). Enhanced hardware and software capacities required for implementation of these new features alone could make routing protocol convergence issue a non-issue. A long time ago, people speculated that the Internet will come to grinding halt if routing table size bloats in excess of 200k, and as ridiculous as it may sound, some have even questioned whether the trie data structures for RIB will be able to scale to hold let alone scalability of BGP convergence. But it seems history has taught us that router companies are in business to make money by designing and building routers. And they seem to be aware of scalability issues in their own products looking ahead in the future -- especially when their customers vote with their money by looking at their competitors. But are we going to see technological advantages (i.e. clean routing table??) in IPv6 that would make IPv4 a liability for an organization to keep on running? I'm betting no. IPv6 is no different than IPv4 in my book other than increased address space. Deaggregation, routing table bloat, security issues, etc, etc we see today will be business as usual in IPv6 land too. It's just the way it is. In closing, at the end of the day, IPv6 will most likely prevail, probably not because of routing table/router resource issues and other problems in current IPv4 internet, but more likely because we are simply running out of addresses in IPv4. Does that mean we should simply shut down IPv4? (as someone on this mailing list indicates that we should, but I'm not talking about you ;>) No. We should rather work on improving mechanisms that permit easier transition. James From christopher.morrow at gmail.com Wed Jul 11 21:28:45 2007 From: christopher.morrow at gmail.com (Christopher Morrow) Date: Wed, 11 Jul 2007 21:28:45 -0400 Subject: [ppml] v6 Multihoming (was Re: IPv4 "Up For Grabs" proposal) In-Reply-To: <46957D29.5000202@internap.com> References: <70DE64CEFD6E9A4EB7FAF3A063141066707133@mail> <3c3e3fca0707111645n3c13d02dq36adcf9745444637@mail.gmail.com> <46957A62.9070601@rollernet.us> <46957D29.5000202@internap.com> Message-ID: <75cb24520707111828x5220cf8et5fe5002edcc75a50@mail.gmail.com> On 7/11/07, Scott Leibrand wrote: > In addition, IPv6 supports host multihoming, where a host has multiple > IP addresses and uses whichever is appropriate. Extensions like shim6 I think it's worth mentioning that to be very, very clear about 'host multihoming' here the way in which a host goes about selecting which address to source traffic FROM or destine traffic TO is still quite mysterious and 'undefined' for the most part in host-os-es. So, you may have 2-3-4-5-more addresses on your host's interface, but there's no clear understanding of which to use, nor control for the user in which gets used. Then, which far-side address gets used? DNS Round-Robin anyone? sense of path size/stability/use/abuse/over-use anyone? yikes... this isn't multihoming except in the most basic of definitions :( Oh, then try to get your host to release the address when RA goes away for that subnet... fun! some OSes don't do that right/at-all either :( fun stuff! -Chris From arin-contact at dirtside.com Wed Jul 11 21:28:51 2007 From: arin-contact at dirtside.com (William Herrin) Date: Wed, 11 Jul 2007 21:28:51 -0400 Subject: [ppml] v6 Multihoming (was Re: IPv4 "Up For Grabs" proposal) In-Reply-To: <46957A62.9070601@rollernet.us> References: <70DE64CEFD6E9A4EB7FAF3A063141066707133@mail> <3c3e3fca0707111645n3c13d02dq36adcf9745444637@mail.gmail.com> <46957A62.9070601@rollernet.us> Message-ID: <3c3e3fca0707111828y4e3a51f6rc0d3bd358f6c7264@mail.gmail.com> On 7/11/07, Seth Mattinen wrote: > So... explain multihoming in an IPv6 world to me. Seth, I wish I could, but frankly I don't see how its going to work out. Small operators with two broadband links are becoming more common. Using DNS tricks on top of two sets of PA space (consistent with the current assignment model) serves them very poorly. Assigning routeable PI space (as is regularly proposed) serves the DFZ participants poorly. If Shim6 works out, it won't be ubiquitous for the better part of a decade. I'm not sure where the happy middle ground is, but I'm looking for it. Regards, Bill Herrin -- William D. Herrin herrin at dirtside.com bill at herrin.us 3005 Crane Dr. Web: Falls Church, VA 22042-3004 From arin-contact at dirtside.com Wed Jul 11 21:40:25 2007 From: arin-contact at dirtside.com (William Herrin) Date: Wed, 11 Jul 2007 21:40:25 -0400 Subject: [ppml] v6 Multihoming (was Re: IPv4 "Up For Grabs" proposal) In-Reply-To: <75cb24520707111821q678906d7x1fd2c5259de842b2@mail.gmail.com> References: <70DE64CEFD6E9A4EB7FAF3A063141066707133@mail> <3c3e3fca0707111645n3c13d02dq36adcf9745444637@mail.gmail.com> <46957A62.9070601@rollernet.us> <75cb24520707111821q678906d7x1fd2c5259de842b2@mail.gmail.com> Message-ID: <3c3e3fca0707111840o65a26974odb0a71200b31633a@mail.gmail.com> On 7/11/07, Christopher Morrow wrote: > Bill's making a giant leap of faith that all multi-homing won't be > done like ipv4 multihoming and that people will be 'as good' as they > are today wrt de-aggregation... This seems, based on past history, > like a very, very bad bet. Chris, Actually I'm not. I haven't personally checked the numbers, but I'm told that if every org that has one or more prefixes announced in IPv4 announces exactly one prefix into IPv6, the table would have in the neighborhood of 50k-60k entries. More, deaggregation is hard to get away with when almost everybody has exactly a /48 and nobody has less. Not sayin' it won't happen, just that it won't be as common. Will the IPv6 DFZ eventually grow past 100k entries? Sure. Soon? No. Regards, Bill Herrin -- William D. Herrin herrin at dirtside.com bill at herrin.us 3005 Crane Dr. Web: Falls Church, VA 22042-3004 From drc at virtualized.org Wed Jul 11 21:43:49 2007 From: drc at virtualized.org (David Conrad) Date: Wed, 11 Jul 2007 18:43:49 -0700 Subject: [ppml] Policy Proposal: Authentication of Legacy Resources In-Reply-To: <4693C197.3090308@bogomips.com> References: <46927370.9040609@bogomips.com> <65EEB431-2BBC-4284-AD33-940AEA3B6F4A@virtualized.org> <4693C197.3090308@bogomips.com> Message-ID: <6A2333E7-940C-4A32-8880-D8443A6115AD@virtualized.org> John, On Jul 10, 2007, at 10:27 AM, John Paul Morrison wrote: > I'm talking about the public Internet - if your printer is still > happily running IPv4 within a private network that doesn't count. OK. > Assuming IPv6 takes off on the public Internet, it will displace > IPv4 just because of the administrative overhead. Who's going to > want to maintain two routing protocols in a large network for very > long? The folks who want to connect to the Internet. IPv6 is not going to be universal for a very, very long time as there is so little (business) justification for the vast majority of current content providers to expend the resources (money, manpower, time) to do the conversion. > So assuming IPv6 replaces IPv4, it's pointless to chase down the > legacy users since it will all become legacy. I personally believe that in its current form, it is highly unlikely IPv6 will replace IPv4 in my lifetime. When the IPv4 free pool is exhausted, people are not going to turn off their IPv4-only devices and ISPs will do what is necessary to continue generating revenues. I imagine there will be business opportunities in mechanisms that allow IPv6-only sites/devices to communicate with the (predominantly) IPv4 Internet which will tend to prolong the lifetime of IPv4. However, regardless of the clarity of my crystal ball, it would seem prudent to me to have mechanisms in place to clearly and unambiguously identify the users of the address space for the (likely inevitable) market that will be emerging in IPv4 addresses. Rgds, -drc From michel at arneill-py.sacramento.ca.us Wed Jul 11 22:07:28 2007 From: michel at arneill-py.sacramento.ca.us (Michel Py) Date: Wed, 11 Jul 2007 19:07:28 -0700 Subject: [ppml] v6 Multihoming (was Re: IPv4 "Up For Grabs" proposal) In-Reply-To: <75cb24520707111828x5220cf8et5fe5002edcc75a50@mail.gmail.com> References: <70DE64CEFD6E9A4EB7FAF3A063141066707133@mail><3c3e3fca0707111645n3c13d02dq36adcf9745444637@mail.gmail.com><46957A62.9070601@rollernet.us> <46957D29.5000202@internap.com> <75cb24520707111828x5220cf8et5fe5002edcc75a50@mail.gmail.com> Message-ID: > Christopher Morrow wrote: > So, you may have 2-3-4-5-more addresses on your host's interface I don't see that happening. It's an administrative nightmare, plus try to do security or TE with that :-( Exactly what enterprise network operators don't want to do, it's easier to toss $$$ at C$ or J$ and get a bigger router. Michel. From christopher.morrow at gmail.com Wed Jul 11 22:12:59 2007 From: christopher.morrow at gmail.com (Christopher Morrow) Date: Wed, 11 Jul 2007 22:12:59 -0400 Subject: [ppml] v6 Multihoming (was Re: IPv4 "Up For Grabs" proposal) In-Reply-To: References: <70DE64CEFD6E9A4EB7FAF3A063141066707133@mail> <3c3e3fca0707111645n3c13d02dq36adcf9745444637@mail.gmail.com> <46957A62.9070601@rollernet.us> <46957D29.5000202@internap.com> <75cb24520707111828x5220cf8et5fe5002edcc75a50@mail.gmail.com> Message-ID: <75cb24520707111912g37b08b9eq57d7a1a56b62d0f0@mail.gmail.com> On 7/11/07, Michel Py wrote: > > Christopher Morrow wrote: > > So, you may have 2-3-4-5-more addresses on your host's interface > > I don't see that happening. It's an administrative nightmare, plus try it's not about 'admin nightmare' it's about: "thats how the spec reads". My point wasn't really 'in the real world this is a giant cluster, doh!' it was that saying half the story isn't helping anyone... Similar to the long held belief/story that 'ipv6 is more secure!' Baloney, it's as secure as ipv4, perhaps less if you think about the age/maturity of ipv6 stacks and deployers... The main issue I had was with telling half the story (or in incomplete story at the very least). > to do security or TE with that :-( Exactly what enterprise network > operators don't want to do, it's easier to toss $$$ at C$ or J$ and get > a bigger router. Agreed, it's a nightmare, I've presented/said as much here and other places... What I DO like though is that SHIM6 MAY offer home folks/consumers some simple options for their multihoming needs (even if they don't tihnk they have those needs today, think about using all the wireless networks you see in your apartment/neighborhood to increase the meshiness of your personal connectivity?) I don't see it being a good option for enterprises or providers, but for smaller endstations it seems attractive... hop your iphone connection from ap to ap as you walk down the street, hopping your voip call along the way. Apple could have fun with that commercial. :) From christopher.morrow at gmail.com Wed Jul 11 22:20:32 2007 From: christopher.morrow at gmail.com (Christopher Morrow) Date: Wed, 11 Jul 2007 22:20:32 -0400 Subject: [ppml] v6 Multihoming (was Re: IPv4 "Up For Grabs" proposal) In-Reply-To: <3c3e3fca0707111840o65a26974odb0a71200b31633a@mail.gmail.com> References: <70DE64CEFD6E9A4EB7FAF3A063141066707133@mail> <3c3e3fca0707111645n3c13d02dq36adcf9745444637@mail.gmail.com> <46957A62.9070601@rollernet.us> <75cb24520707111821q678906d7x1fd2c5259de842b2@mail.gmail.com> <3c3e3fca0707111840o65a26974odb0a71200b31633a@mail.gmail.com> Message-ID: <75cb24520707111920r2fd67f4ek4f7d04b0633af84a@mail.gmail.com> On 7/11/07, William Herrin wrote: > On 7/11/07, Christopher Morrow wrote: > > Bill's making a giant leap of faith that all multi-homing won't be > > done like ipv4 multihoming and that people will be 'as good' as they > > are today wrt de-aggregation... This seems, based on past history, > > like a very, very bad bet. > > Chris, > > Actually I'm not. I haven't personally checked the numbers, but I'm > told that if every org that has one or more prefixes announced in IPv4 > announces exactly one prefix into IPv6, the table would have in the I think this depends upon how you define an org actually, but given that some folks are doing that by 'if you have an ASN you get a /32 or /48' perhaps the number is as low as 45k (rounded up today). There are certainly some of these cases that may need more than one prefix, or may have disjoint AS's that would require more than 1 prefix, double to 90k. Add some fuzz for the multi-national corps that have multihomed offices all over creation on 'whatever convenient provider' is in region, add easily another 30k... This is a tough problem to model today. Multihoming is becoming more prevalent, not less (somewhere near 30% of uunet customers today are multihomed, and growing). Also, add in the (as mentioned before) existing 220k v4 routes, look at the growth curves (see vaf at cisco.com/schiller at uu.net/geoff at apnic presentations on same) and in 5 years you're looking at over 500k v4 routes alone. Look at the reasons for deaggragation, look at the update-rate for the global table... > neighborhood of 50k-60k entries. More, deaggregation is hard to get > away with when almost everybody has exactly a /48 and nobody has less. > Not sayin' it won't happen, just that it won't be as common sure, look at the data :( it doesn't have to be so much 'more deaggragation', just more routes for all the normal reasons. > > Will the IPv6 DFZ eventually grow past 100k entries? Sure. Soon? No. read the vaf/schiller presentations from RAW/RAM/IETF/NANOG... looks like it's coming sooner than you'd think. (based on some projects that seem to hold fairly well so far) -Chris (healthy disclaimer, i work with schiller at uu so I have some both interest in his work and have presented some of it) From sethm at rollernet.us Wed Jul 11 22:25:58 2007 From: sethm at rollernet.us (Seth Mattinen) Date: Wed, 11 Jul 2007 19:25:58 -0700 Subject: [ppml] v6 Multihoming (was Re: IPv4 "Up For Grabs" proposal) In-Reply-To: <46957D29.5000202@internap.com> References: <70DE64CEFD6E9A4EB7FAF3A063141066707133@mail> <3c3e3fca0707111645n3c13d02dq36adcf9745444637@mail.gmail.com> <46957A62.9070601@rollernet.us> <46957D29.5000202@internap.com> Message-ID: <46959136.2060901@rollernet.us> Scott Leibrand wrote: > Seth Mattinen wrote: >> >> So... explain multihoming in an IPv6 world to me. >> > > Basically, you can multihome in IPv6 the same way you do in IPv4. If > you qualify for PI addresses in IPv4, you also qualify for IPv6 PI (in > the ARIN region). You can announce your PI /48, or you PA block for > that matter, in BGP to your upstreams. > > The main reason you can do the same thing in IPv6 as in IPv4 and get > half the routes is that you're no longer allocating multiple discrete > netblocks to a single ASN, so the ratio of routes to ASNs in the table > is closer to 2:1 instead of 5:1. > > Is that what you were asking? > My main concern as a small operator myself - single AS and /22 worth of PI space - is being forced to do something ugly like shim6 and/or stupid DNS tricks because my single /48 ball isn't enough to play BGP with the big boys in an IPv6 world. I can see shim6 being a great solution for something like a end-user VOIP handset, but not so much more past that. ~Seth From arin-contact at dirtside.com Wed Jul 11 22:46:00 2007 From: arin-contact at dirtside.com (William Herrin) Date: Wed, 11 Jul 2007 22:46:00 -0400 Subject: [ppml] v6 Multihoming (was Re: IPv4 "Up For Grabs" proposal) In-Reply-To: <75cb24520707111920r2fd67f4ek4f7d04b0633af84a@mail.gmail.com> References: <70DE64CEFD6E9A4EB7FAF3A063141066707133@mail> <3c3e3fca0707111645n3c13d02dq36adcf9745444637@mail.gmail.com> <46957A62.9070601@rollernet.us> <75cb24520707111821q678906d7x1fd2c5259de842b2@mail.gmail.com> <3c3e3fca0707111840o65a26974odb0a71200b31633a@mail.gmail.com> <75cb24520707111920r2fd67f4ek4f7d04b0633af84a@mail.gmail.com> Message-ID: <3c3e3fca0707111946r49d3f9fdr94cba27433d1f2d8@mail.gmail.com> On 7/11/07, Christopher Morrow wrote: > On 7/11/07, William Herrin wrote: > > Actually I'm not. I haven't personally checked the numbers, but I'm > > told that if every org that has one or more prefixes announced in IPv4 > > announces exactly one prefix into IPv6, the table would have in the > > I think this depends upon how you define an org actually, but given > that some folks are doing that by 'if you have an ASN you get a /32 or > /48' perhaps the number is as low as 45k (rounded up today). There are Chris, According to an ARIN routing report from three weeks ago there are 25,500 AS's announcing routes into IPv4. If every AS announced exactly one IPv6 prefix, we'd have 25,500 entries in the table. Not sure where you came up with 45k. This is the ARIN mailing list, so I'm using their definition of an org: a unique org entity in the whois records, in this case one to which address blocks have been assigned or allocated and subsequently announced via BGP. My 50k-60k number is based on the proposition that all orgs (not asns) who currently have an IPv4 prefix announced would announce exactly one prefix into IPv6. I suppose if you want to double-check it, you'd have to pull the bgp table, look up the org-id in whois and then sort -u | wc -l. Personally, I'm not real inclined to pound the whois system with 220,000 requests. Regards, Bill -- William D. Herrin herrin at dirtside.com bill at herrin.us 3005 Crane Dr. Web: Falls Church, VA 22042-3004 From christopher.morrow at gmail.com Wed Jul 11 22:55:52 2007 From: christopher.morrow at gmail.com (Christopher Morrow) Date: Wed, 11 Jul 2007 22:55:52 -0400 Subject: [ppml] v6 Multihoming (was Re: IPv4 "Up For Grabs" proposal) In-Reply-To: <46959136.2060901@rollernet.us> References: <70DE64CEFD6E9A4EB7FAF3A063141066707133@mail> <3c3e3fca0707111645n3c13d02dq36adcf9745444637@mail.gmail.com> <46957A62.9070601@rollernet.us> <46957D29.5000202@internap.com> <46959136.2060901@rollernet.us> Message-ID: <75cb24520707111955s1653f3fanac701248c6646d8a@mail.gmail.com> On 7/11/07, Seth Mattinen wrote: > > My main concern as a small operator myself - single AS and /22 worth of > PI space - is being forced to do something ugly like shim6 and/or stupid > DNS tricks because my single /48 ball isn't enough to play BGP with the > big boys in an IPv6 world. > actually I think "have asn == have /48 PI" in the ARIN region, so rejoice (sorta) From michel at arneill-py.sacramento.ca.us Thu Jul 12 00:09:53 2007 From: michel at arneill-py.sacramento.ca.us (Michel Py) Date: Wed, 11 Jul 2007 21:09:53 -0700 Subject: [ppml] v6 Multihoming (was Re: IPv4 "Up For Grabs" proposal) In-Reply-To: <75cb24520707111912g37b08b9eq57d7a1a56b62d0f0@mail.gmail.com> References: <70DE64CEFD6E9A4EB7FAF3A063141066707133@mail> <3c3e3fca0707111645n3c13d02dq36adcf9745444637@mail.gmail.com> <46957A62.9070601@rollernet.us> <46957D29.5000202@internap.com> <75cb24520707111828x5220cf8et5fe5002edcc75a50@mail.gmail.com> <75cb24520707111912g37b08b9eq57d7a1a56b62d0f0@mail.gmail.com> Message-ID: > Christopher Morrow wrote: > What I DO like though is that SHIM6 MAY offer home > folks/consumers some simple options for their multihoming > needs (even if they don't think they have those needs today, I like the idea myself; when I started ipv6mh with Iljitsch ways back when, we had a design goal of 1 billion multihomed sites. Multihoming for the masses. That being said, you used the word "simple" and that does not register with shim6. Imagine the following scenario: you're a soho/smallbiz with both DSL and cable. There is a connectivity issue that is a bit more complex that "nothing works"; typical: VPN between the home and the office has issues. You have to troubleshoot that one. Good luck. First, you don't have any tools; it's going to be ages before you put your hands on a sniffer that understands shim6, and even longer to get it to a price that makes it compatible with soho/smallbiz money. Second, if there is an issue with one of the ISPs, good luck trying to explain the tech support subcontracted overseas. Today, if you have v4 BGP peering with someone, you'll eventually get to talk to a tech with some clue and enable. Not for $100/month DSL or cable. Not only the troubleshooting itself is going to be tremendously more complex, but you won't be able to talk to anybody that has a clue. > think about using all the wireless networks you see in your > apartment/neighborhood to increase the meshiness of your > personal connectivity?) You don't need IPv6 for that. All you need is: a) One or more cans and strings: cheap, and does help when the neighbor's house is far away or has thick walls ;-) http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=290136557728 b) More Ethernet ports, cheap also. http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=230149843484 c) Understanding of route-maps applied to NAT and possibly object tracking. Then you can put all the P2P traffic on the wifi you have [cough] borrowed from your neighbor and keep your own pipe free to surf fast :-D Michel. From sleibrand at internap.com Thu Jul 12 01:35:52 2007 From: sleibrand at internap.com (Scott Leibrand) Date: Wed, 11 Jul 2007 22:35:52 -0700 Subject: [ppml] v6 Multihoming (was Re: IPv4 "Up For Grabs" proposal) In-Reply-To: <75cb24520707111955s1653f3fanac701248c6646d8a@mail.gmail.com> References: <70DE64CEFD6E9A4EB7FAF3A063141066707133@mail> <3c3e3fca0707111645n3c13d02dq36adcf9745444637@mail.gmail.com> <46957A62.9070601@rollernet.us> <46957D29.5000202@internap.com> <46959136.2060901@rollernet.us> <75cb24520707111955s1653f3fanac701248c6646d8a@mail.gmail.com> Message-ID: <4695BDB8.9020006@internap.com> Christopher Morrow wrote: > On 7/11/07, Seth Mattinen wrote: > >> My main concern as a small operator myself - single AS and /22 worth of >> PI space - is being forced to do something ugly like shim6 and/or stupid >> DNS tricks because my single /48 ball isn't enough to play BGP with the >> big boys in an IPv6 world. >> >> > > actually I think "have asn == have /48 PI" in the ARIN region, so > rejoice (sorta) > And to directly address your question, I think your /48 ball will be big enough to play BGP for the foreseeable future. There's a lot of pressure to avoid giving out PI /48's to the folks that have PA /24's today, but I think anyone who already qualifies for a PI /22 can count on continuing to do PI+BGP in IPv6. -Scott From randy at psg.com Thu Jul 12 02:45:04 2007 From: randy at psg.com (Randy Bush) Date: Thu, 12 Jul 2007 15:45:04 +0900 Subject: [ppml] Incentive to legacy address holders In-Reply-To: References: Message-ID: <4695CDF0.2000700@psg.com> ted, do you run an ipv6 enabled network, dfz to edge and to end hosts? if not, could you tell us all where you get such deep wisdom about what you don't actually know jack about so we can take the cheap and easy route to deep knowledge too? if not, you are about to be widely plonked. randy From michael.dillon at bt.com Thu Jul 12 03:36:18 2007 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Thu, 12 Jul 2007 08:36:18 +0100 Subject: [ppml] My take on legacy resource proposal In-Reply-To: References: <454810F09B5AA04E9D78D13A5C39028A023EFC07@nyrofcs2ke2k01.corp.pvt> Message-ID: > I suggest you read this proposed draft on reverse DNS status > (and I hope you urge the DNSOP group take it up and approve > it) > http://www.ietf.org/internet-drafts/draft-anderson-reverse-dns > -status-00.txt Please don't use the public policy list to do IETF work. It is up to the engineers in the IETF to decide whether or not your draft has merit, and until the IETF has published an RFC on the topic I don't think it is proper for ARIN policy work to take note of your document. In particular you are proposing some significant changes to the way people use DNS and, in fact, asking the IETF to dictate operations. One aspect which you and many others seem to miss, is that although having reverse DNS is not a complete security solution, it is still valuable in a layered security model. That is why many applications check reverse DNS before communicating. That is why ARIN operates in-addr.arpa and ip6.arpa. --Michael Dillon From michael.dillon at bt.com Thu Jul 12 03:41:50 2007 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Thu, 12 Jul 2007 08:41:50 +0100 Subject: [ppml] IPv4 "Up For Grabs" proposal In-Reply-To: <3c3e3fca0707111749y738ca331g8dec31a58631454b@mail.gmail.com> References: <70DE64CEFD6E9A4EB7FAF3A063141066707133@mail><3c3e3fca0707111645n3c13d02dq36adcf9745444637@mail.gmail.com><01f801c7c419$57cb8290$1efc5dd8@HCMC.local> <3c3e3fca0707111749y738ca331g8dec31a58631454b@mail.gmail.com> Message-ID: > I'll stipulate that the impending collapse of the IPv4 DFZ > has been greatly exaggerated if you'll stipulate that IPv6 > BGP will converge faster when the same routers don't have to > converge IPv4 BGP in parallel. There will be real incentives > not just to move towards IPv6 but to move away from IPv4. And when the IPv6 routing table only has one /32 entry per provider. --Michael Dillon From randy at psg.com Thu Jul 12 03:48:20 2007 From: randy at psg.com (Randy Bush) Date: Thu, 12 Jul 2007 16:48:20 +0900 Subject: [ppml] IPv4 "Up For Grabs" proposal In-Reply-To: <46955E84.8030600@bogomips.com> References: <46955E84.8030600@bogomips.com> Message-ID: <4695DCC4.1040402@psg.com> > Not when the two biggest vendors have routers that will scale to > millions of routes as we say in my family, "do i smell cows?" randy From randy at psg.com Thu Jul 12 05:26:10 2007 From: randy at psg.com (Randy Bush) Date: Thu, 12 Jul 2007 18:26:10 +0900 Subject: [ppml] v6 Multihoming (was Re: IPv4 "Up For Grabs" proposal) In-Reply-To: <3c3e3fca0707111840o65a26974odb0a71200b31633a@mail.gmail.com> References: <70DE64CEFD6E9A4EB7FAF3A063141066707133@mail> <3c3e3fca0707111645n3c13d02dq36adcf9745444637@mail.gmail.com> <46957A62.9070601@rollernet.us> <75cb24520707111821q678906d7x1fd2c5259de842b2@mail.gmail.com> <3c3e3fca0707111840o65a26974odb0a71200b31633a@mail.gmail.com> Message-ID: <4695F3B2.6090209@psg.com> > Actually I'm not. I haven't personally checked the numbers, but I'm > told that if every org that has one or more prefixes announced in IPv4 > announces exactly one prefix into IPv6, the table would have in the > neighborhood of 50k-60k entries. if every org in ipv4 got a /8, ... and that's what /32s in v6 space will look like in 25 years. randy From jordi.palet at consulintel.es Thu Jul 12 09:43:49 2007 From: jordi.palet at consulintel.es (JORDI PALET MARTINEZ) Date: Thu, 12 Jul 2007 14:43:49 +0100 Subject: [ppml] IPv4 "Up For Grabs" proposal In-Reply-To: <70DE64CEFD6E9A4EB7FAF3A063141066707133@mail> Message-ID: Hi, I already mention this in other threads (may be not in ppml). IPv6 has been designed to coexist with IPv4 for an undetermined period of time. It is not expected to run *only* IPv4 since day one, and not all the stacks actually support this. In fact, many stacks are somehow hybrids instead of two-stacks, what it means that you can't disable IPv4 (of course you can let IPv4 "un-configured", which is almost equivalent). This means that IPv4 will be here for a long time and dual-stack is the main transition technique. This will change with the time, at least in some networks, once IPv6 traffic become predominant, among other economic factors. You always will have, at least for many years, old IPv4 boxes that can't be upgrades, and the easier way to reach them is if you run dual-stack, at least in the hosts in any LAN, instead of requiring translation. This doesn't mean public IPv4 addresses, as in most of the situations, private IPv4 behind NAT and global IPv6 will make it. However, the question may be different for whatever is not an end-site LAN (for instance backbone, access, etc.), as there are already protocols such as softwires (basically L2TP), that allow you to automatically tunnel IPv4-in-IPv6 (or in the other way around today in most of the IPv4-only networks), in order to be able to handle the IPv4-only applications in an automatic fashion. This is the case for some big networks (+5.000 sites) that we have where the initial deployment was completely dual-stack, and then we realized that because the kind of traffic was becoming predominantly IPv6, and most of the IPv4 traffic was basically going to Internet thru proxies, it make sense to turn the proxies dual-stack and carry that inside the complete network as IPv4-in-IPv6 (up to the proxy), so we had been able to disable IPv4 everywhere (except in the LANs, for both clients and servers). This is the model that I certainly believe will be the one as IPv6 penetration becomes bigger and bigger, and then as indicated by Kevin, IPv4 will vanish naturally ... I've introduced the description of this scenario also in a document that I've circulated a few weeks ago (http://www.ipv6tf.org/index.php?page=news/newsroom&id=3004), as I believe that this will mean less trouble for possible "new" ISPs when IPv4 addresses are gone or "almost" gone and at the same time will help existing ISPs to keep growing their networks without the need for asking for more IPv4 addresses to the RIR. Regards, Jordi > De: Kevin Kargel > Responder a: > Fecha: Wed, 11 Jul 2007 14:07:16 -0500 > Para: > Conversaci?n: [ppml] IPv4 "Up For Grabs" proposal > Asunto: Re: [ppml] IPv4 "Up For Grabs" proposal > > Why is there such a big push to drop IPv4? Is there a reason that v4 > and v6 can't operate concurrently in perpetuity? Won't the customers go > where the content is and the content go where the money is? > > I would suggest that if IPv6 is a good thing (and I firmly believe that > it is) then networks will naturally gravitate to IPv6. That being the > case then let IPv4 die a natural death of attrition. There is no need > to murder it outright. > > If in fact IPv4 continues to survive and thrive alongside IPv6 wouldn't > that very fact demonstrate the need to keep it going and foster it? > > It sounds like a lot of people have so little faith in the value of IPv6 > that they for some odd reason cinsider IPv4 a threat. If IPv6 is > better than IPv4 then people will use it. If it isn't then they will > stay where they are. I see no reason to 'force' people to switch. They > will move when it is in their best interests to do so for features and > markets. > > > > > >> -----Original Message----- >> From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On >> Behalf Of Ted Mittelstaedt >> Sent: Monday, July 09, 2007 4:51 PM >> To: bill fumerola; 'ARIN PPML' >> Subject: Re: [ppml] IPv4 "Up For Grabs" proposal >> >> >> >>> -----Original Message----- >>> From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net]On >> Behalf Of >>> bill fumerola >>> Sent: Monday, July 09, 2007 1:32 PM >>> To: 'ARIN PPML' >>> Subject: Re: [ppml] IPv4 "Up For Grabs" proposal >>> >>> >>> On Thu, Jul 05, 2007 at 05:09:59PM -0700, Ted Mittelstaedt wrote: >>>>>> OK, then how exactly is this fact an argument AGAINST arin >>>>> simply removing >>>>>> these records out of it's whois? Which is what I am suggesting? >>>>> >>>>> who does that hurt? the legacy holders or the rest of the >> community >>>>> trying to use a tool to find out who to contact when that >> netblock >>>>> does something foolish. >>>>> >>>>> as a paying ARIN member, i want ARIN to keep track of as much as >>>>> they're legally, financially, technically allowed to. that WHOIS >>>>> service is more useful to me, the paying ARIN member, not >> the legacy holder. >>>> >>>> For now. What about post-IPv4 runout? >>> >>> i think you assume that ARIN's IPv4 services will change in >> some major >>> way when that happens. i don't believe the memebership would >> want that >>> change and the IPv6 fees at that point would cover >> maintanence of those >>> 'legacy' systems. i'd imagine ripping the IPv4 components would be >>> more costly than just maintaining them after any sort of: >> ipv4 runout >>> of addresses by ARIN, ipv6 eclipse of ipv4, ipv4 runout of >> addresses by >>> IANA, etc. >>> >>> i would want to see the same level of service provided. no >> difference >>> between legacy pre-ARIN holders and paid members. >> >> So then if the membership doesen't want IPv4 to be removed >> from the registries, then what is going to be created is a >> situation where nobody has any incentive to remove their IPv4 >> reachability, nor remove the ability for their customers to >> reach IPv4 sites. >> >> In short, IPv4 will NEVER "go away" Your proposing a future >> were we add IPv6, and nobody ever gives up IPv4 resources. >> So the Internet merely becomes an Internet of both IPv6 and >> IPv4, not an Internet of IPv4 only or an Internet of >> IPv6 only. >> >> I'm not debating we could or couldn't do this technically. >> >> However, if we do this, then don't you see that ALL IPv4 >> holders, not just the legacy ones, will never have any >> incentive to drop IPv4. >> >> If all of that is OK with you, then why would an existing >> paying IPv4 holder today who doesen't need numbering, want to >> bother going to IPv6? After all you just said everyone will >> be maintaining their IPv4, so what need is there for an >> IPv4 >> holder to load up IPv6? The only incentive I see would be to >> reach a network that is IPv6 ONLY, such as a network that >> needs numbering post-IPv4 runout. >> This puts a terrible burden on these networks because since >> they are new, they cannot be reached by a lot of the >> Internet, and it is not likely that they can provide enough >> of an incentive to get IPv4-only holders to update to reach them. >> >> Ted >> >> >> _______________________________________________ >> This message sent to you through the ARIN Public Policy >> Mailing List (PPML at arin.net). >> Manage your mailing list subscription at: >> http://lists.arin.net/mailman/listinfo/ppml >> > _______________________________________________ > This message sent to you through the ARIN Public Policy Mailing List > (PPML at arin.net). > Manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml ********************************************** The IPv6 Portal: http://www.ipv6tf.org Bye 6Bone. Hi, IPv6 ! http://www.ipv6day.org This electronic message contains information which may be privileged or confidential. The information is intended to be for the use of the individual(s) named above. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, including attached files, is prohibited. From terry.l.davis at boeing.com Thu Jul 12 10:47:32 2007 From: terry.l.davis at boeing.com (Davis, Terry L) Date: Thu, 12 Jul 2007 07:47:32 -0700 Subject: [ppml] IPv4 "Up For Grabs" proposal In-Reply-To: References: <70DE64CEFD6E9A4EB7FAF3A063141066707133@mail> Message-ID: <0D090F1E0F5536449C7E6527AFFA280A0368589E@XCH-NW-8V1.nw.nos.boeing.com> Jordi I agree and I started to respond to a post week with a similar response and got distracted. I can absolutely guarantee that the aviation industry expects the migration from v4 to v6 to take over 25 years. We just expect to build airplanes that can deal with OSI, v4, and v6. The global air traffic management system is made up of 10 of thousands of pieces controlled by approaching 1000 different organizations from small private operations to nations and v4 is already built into infrastructure pieces that are not likely to see communications upgrades for 10 to 20 years. I routinely speak to aviation industry leaders on this and I generally place v4 end of life somewhere from 25 to 40 years out. Likewise most critical infrastructure around the globe is the same; the SCADA that runs this today is mostly all v4 as are the hospital's (including Intensive Care Units) infrastructure around the world. This type of infrastructure is much harder to convert than just corporate IT; it takes years of planning and scores of individual governmental design approvals/certifications to change it. Take care Terry > -----Original Message----- > From: JORDI PALET MARTINEZ [mailto:jordi.palet at consulintel.es] > Sent: Thursday, July 12, 2007 6:44 AM > To: ppml at arin.net > Subject: Re: [ppml] IPv4 "Up For Grabs" proposal > > Hi, > > I already mention this in other threads (may be not in ppml). > > IPv6 has been designed to coexist with IPv4 for an undetermined period of > time. It is not expected to run *only* IPv4 since day one, and not all the > stacks actually support this. In fact, many stacks are somehow hybrids > instead of two-stacks, what it means that you can't disable IPv4 (of > course > you can let IPv4 "un-configured", which is almost equivalent). > > This means that IPv4 will be here for a long time and dual-stack is the > main > transition technique. This will change with the time, at least in some > networks, once IPv6 traffic become predominant, among other economic > factors. > > You always will have, at least for many years, old IPv4 boxes that can't > be > upgrades, and the easier way to reach them is if you run dual-stack, at > least in the hosts in any LAN, instead of requiring translation. This > doesn't mean public IPv4 addresses, as in most of the situations, private > IPv4 behind NAT and global IPv6 will make it. > > However, the question may be different for whatever is not an end-site LAN > (for instance backbone, access, etc.), as there are already protocols such > as softwires (basically L2TP), that allow you to automatically tunnel > IPv4-in-IPv6 (or in the other way around today in most of the IPv4-only > networks), in order to be able to handle the IPv4-only applications in an > automatic fashion. > > This is the case for some big networks (+5.000 sites) that we have where > the > initial deployment was completely dual-stack, and then we realized that > because the kind of traffic was becoming predominantly IPv6, and most of > the > IPv4 traffic was basically going to Internet thru proxies, it make sense > to > turn the proxies dual-stack and carry that inside the complete network as > IPv4-in-IPv6 (up to the proxy), so we had been able to disable IPv4 > everywhere (except in the LANs, for both clients and servers). > > This is the model that I certainly believe will be the one as IPv6 > penetration becomes bigger and bigger, and then as indicated by Kevin, > IPv4 > will vanish naturally ... > > I've introduced the description of this scenario also in a document that > I've circulated a few weeks ago > (http://www.ipv6tf.org/index.php?page=news/newsroom&id=3004), as I believe > that this will mean less trouble for possible "new" ISPs when IPv4 > addresses > are gone or "almost" gone and at the same time will help existing ISPs to > keep growing their networks without the need for asking for more IPv4 > addresses to the RIR. > > Regards, > Jordi > > > > > > De: Kevin Kargel > > Responder a: > > Fecha: Wed, 11 Jul 2007 14:07:16 -0500 > > Para: > > Conversaci?n: [ppml] IPv4 "Up For Grabs" proposal > > Asunto: Re: [ppml] IPv4 "Up For Grabs" proposal > > > > Why is there such a big push to drop IPv4? Is there a reason that v4 > > and v6 can't operate concurrently in perpetuity? Won't the customers go > > where the content is and the content go where the money is? > > > > I would suggest that if IPv6 is a good thing (and I firmly believe that > > it is) then networks will naturally gravitate to IPv6. That being the > > case then let IPv4 die a natural death of attrition. There is no need > > to murder it outright. > > > > If in fact IPv4 continues to survive and thrive alongside IPv6 wouldn't > > that very fact demonstrate the need to keep it going and foster it? > > > > It sounds like a lot of people have so little faith in the value of IPv6 > > that they for some odd reason cinsider IPv4 a threat. If IPv6 is > > better than IPv4 then people will use it. If it isn't then they will > > stay where they are. I see no reason to 'force' people to switch. They > > will move when it is in their best interests to do so for features and > > markets. > > > > > > > > > > > >> -----Original Message----- > >> From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On > >> Behalf Of Ted Mittelstaedt > >> Sent: Monday, July 09, 2007 4:51 PM > >> To: bill fumerola; 'ARIN PPML' > >> Subject: Re: [ppml] IPv4 "Up For Grabs" proposal > >> > >> > >> > >>> -----Original Message----- > >>> From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net]On > >> Behalf Of > >>> bill fumerola > >>> Sent: Monday, July 09, 2007 1:32 PM > >>> To: 'ARIN PPML' > >>> Subject: Re: [ppml] IPv4 "Up For Grabs" proposal > >>> > >>> > >>> On Thu, Jul 05, 2007 at 05:09:59PM -0700, Ted Mittelstaedt wrote: > >>>>>> OK, then how exactly is this fact an argument AGAINST arin > >>>>> simply removing > >>>>>> these records out of it's whois? Which is what I am suggesting? > >>>>> > >>>>> who does that hurt? the legacy holders or the rest of the > >> community > >>>>> trying to use a tool to find out who to contact when that > >> netblock > >>>>> does something foolish. > >>>>> > >>>>> as a paying ARIN member, i want ARIN to keep track of as much as > >>>>> they're legally, financially, technically allowed to. that WHOIS > >>>>> service is more useful to me, the paying ARIN member, not > >> the legacy holder. > >>>> > >>>> For now. What about post-IPv4 runout? > >>> > >>> i think you assume that ARIN's IPv4 services will change in > >> some major > >>> way when that happens. i don't believe the memebership would > >> want that > >>> change and the IPv6 fees at that point would cover > >> maintanence of those > >>> 'legacy' systems. i'd imagine ripping the IPv4 components would be > >>> more costly than just maintaining them after any sort of: > >> ipv4 runout > >>> of addresses by ARIN, ipv6 eclipse of ipv4, ipv4 runout of > >> addresses by > >>> IANA, etc. > >>> > >>> i would want to see the same level of service provided. no > >> difference > >>> between legacy pre-ARIN holders and paid members. > >> > >> So then if the membership doesen't want IPv4 to be removed > >> from the registries, then what is going to be created is a > >> situation where nobody has any incentive to remove their IPv4 > >> reachability, nor remove the ability for their customers to > >> reach IPv4 sites. > >> > >> In short, IPv4 will NEVER "go away" Your proposing a future > >> were we add IPv6, and nobody ever gives up IPv4 resources. > >> So the Internet merely becomes an Internet of both IPv6 and > >> IPv4, not an Internet of IPv4 only or an Internet of > >> IPv6 only. > >> > >> I'm not debating we could or couldn't do this technically. > >> > >> However, if we do this, then don't you see that ALL IPv4 > >> holders, not just the legacy ones, will never have any > >> incentive to drop IPv4. > >> > >> If all of that is OK with you, then why would an existing > >> paying IPv4 holder today who doesen't need numbering, want to > >> bother going to IPv6? After all you just said everyone will > >> be maintaining their IPv4, so what need is there for an > >> IPv4 > >> holder to load up IPv6? The only incentive I see would be to > >> reach a network that is IPv6 ONLY, such as a network that > >> needs numbering post-IPv4 runout. > >> This puts a terrible burden on these networks because since > >> they are new, they cannot be reached by a lot of the > >> Internet, and it is not likely that they can provide enough > >> of an incentive to get IPv4-only holders to update to reach them. > >> > >> Ted > >> > >> > >> _______________________________________________ > >> This message sent to you through the ARIN Public Policy > >> Mailing List (PPML at arin.net). > >> Manage your mailing list subscription at: > >> http://lists.arin.net/mailman/listinfo/ppml > >> > > _______________________________________________ > > This message sent to you through the ARIN Public Policy Mailing List > > (PPML at arin.net). > > Manage your mailing list subscription at: > > http://lists.arin.net/mailman/listinfo/ppml > > > > > ********************************************** > The IPv6 Portal: http://www.ipv6tf.org > > Bye 6Bone. Hi, IPv6 ! > http://www.ipv6day.org > > This electronic message contains information which may be privileged or > confidential. The information is intended to be for the use of the > individual(s) named above. If you are not the intended recipient be aware > that any disclosure, copying, distribution or use of the contents of this > information, including attached files, is prohibited. > > > > _______________________________________________ > This message sent to you through the ARIN Public Policy Mailing List > (PPML at arin.net). > Manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml From kkargel at polartel.com Thu Jul 12 11:08:59 2007 From: kkargel at polartel.com (Kevin Kargel) Date: Thu, 12 Jul 2007 10:08:59 -0500 Subject: [ppml] IPv4 "Up For Grabs" proposal In-Reply-To: Message-ID: <70DE64CEFD6E9A4EB7FAF3A063141066707140@mail> > > > >Why is there such a big push to drop IPv4? > > Didn't you read John's posting yesterday? Yes I read that post, but his arguments don't stand up. > > "If you've got a way to keep IPv4 running, and still maintain > the enough hierarchy to keep global routing running, then > it's time to enter the spotlight and share the secret. There > is no doubt that its so much easier for us all to stay on IPv4 > then to move to IPv6, we just don't know how to do it, and > still keep the Internet running" > There is no reason that dual-stack won't work.. we are doing it now. > >Is there a reason that v4 > >and v6 can't operate concurrently in perpetuity? > > Yes. Because they won't in the long term. Consider the > common RJ45 plastic crimp plug. > Why is it used for all different forms of Ethernet speeds, > T1's, and many other applications? Because it is senseless > to have multiple incompatible connectors, it drives up prices > for the connectors as well as the tooling needed to crimp them on. The RJ45 plug for T1 cam about because hardware manufacturers liked the smaller form factor of the RJ45. It let them make smaller physical interfaces and saved money. This actually works against your argument. The reality is that industry has found a way to efficiently use the same hardware for multiple purposes using multiple protocols. You can now use the same inexpensive RJ45 cable to run ethernet, X.25 et.al.. So if the internet is like an RJ45 then... > > Time was that many T1 connectors were DB15. It was a lot of > trouble to continually build cables with RJ45 on one end and > DB15 on the other, so the market eventually stopped accepting DB15. > > If your goal is to have IPv4 and IPv6 operate concurrently in > perpetuity on the Internet you will be ultimately stymied. > But until then it will be more costly to run both concurrent, > and so it is to our advantage to make the concurrent period > as short as possible. > I certainly agree that is will be more costly, add administrative burden and make networking more complicated. This is true of many things that exist in networking today. Most networks run multiple routing protocols and export routing data between the protocols. It is not uncommon to find RIP, IS-IS, BGP, iBGP and others running on the same router. This allows routing to take place between different networks (including legacy networks) whose administrators initially set them up with different philosophies. Granted these networks should ultimately migrate to a simpler strategy as legacy networks attrite, but in the mean time there are methodologies to allow them to communicate. > >I would suggest that if IPv6 is a good thing (and I firmly > believe that > >it is) then networks will naturally gravitate to IPv6. That > being the > >case then let IPv4 die a natural death of attrition. There > is no need > >to murder it outright. > > > >If in fact IPv4 continues to survive and thrive alongside > IPv6 wouldn't > >that very fact demonstrate the need to keep it going and foster it? > > > > How do you foster something that isn't going to be available to new > people in a few years? Who says it isn't going to be available in a few years? Anyone in authority? I have seen no enacted rules saying anything about the end of v4. I have seen a lot of speculation. I suspect it is going to take quite a while for v4 to go away. Even if v4 is deprecated in the official realm, I suspect there will be a resurgence of the anarchistic network that started TCP/IP in the first place. As long as people are willing to pay for it the top tier providers will continue to route it. When AT&T, Sprint, AlterNet, Global Crossing and Cisco announce the end of IPv4 then I will take it seriously. Until then it is all speculation. > > > I see no reason to 'force' people to switch. They > >will move when it is in their best interests to do so for > features and > >markets. > > > > A rather strange statement because the people ARE being forced anyway. > It is kind of like saying that 911 didn't force the US to invade > Afganistan. Of course it did. But I suppose there are those few > ultraliberals who comfort themselves by repeating that. > > Ted > Who is being forced? Are you being forced? I am still running v4 in my networks. I have no plans in place to deprecate IPv4. My upstreams are giving me no hint that they are going to run anything but v4 in the next few years.. if anything I am forcing them to bring v6 in to the mix concurrently. From michael.dillon at bt.com Thu Jul 12 11:17:18 2007 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Thu, 12 Jul 2007 16:17:18 +0100 Subject: [ppml] IPv4 is not going away was: IPv4 "Up For Grabs" proposal In-Reply-To: <0D090F1E0F5536449C7E6527AFFA280A0368589E@XCH-NW-8V1.nw.nos.boeing.com> References: <70DE64CEFD6E9A4EB7FAF3A063141066707133@mail> <0D090F1E0F5536449C7E6527AFFA280A0368589E@XCH-NW-8V1.nw.nos.boeing.com> Message-ID: > ...v4 > is already built into infrastructure pieces that are not > likely to see communications upgrades for 10 to 20 years. I > routinely speak to aviation industry leaders on this and I > generally place v4 end of life somewhere from 25 to 40 years out. I agree with this timeline. I think that anyone who cares to dig can find numerous examples in industry where IPv4 is similarily embedded into infrastructure. The trick is to look at non-Internet and non-corporate-LAN applications. There are vast quantities of embedded systems based on Intel 8080 architecture chips (microcontrollers) running IPv4 which cannot be upgraded, only retired. When we talk about the end of global IPv4 address supply, we are most certainly not talking about the end of IPv4. And when we speak of beginning to deploy IPv6 on a systematic global basis, we are not talking about replacing IPv4. I expect that we will see 3-4 years of IPv6 deployment, followed by 10 years or so in which IPv4 usage steadily reduces and IPv6 steadily rises. Then in about 14-15 years we will begin a period of consolidation in which there is an effort to retire IPv4 on the public Internet and in corporate/enterprise networks. Give this another 10 years, which means that in about 25 years, IPv4 will be considered end-of-life. At that point, general purpose networking gear will cease to support IPv4, however it is possible that new IPv4 devices will continue to be built for special uses. Even today, it is not hard for an undergraduate student to build their own IPv4 router using off-the-shelf parts and open-source software. Even ASICs are available off-the-shelf in the form of FPGAs and one can expect that in 25 years this type of thing becomes even easier and cheaper. So IPv4 may linger on for a few generations hidden inside MP3 player headsets and heel computers (inside your running shoes) and concert posters. This issues before us today, are how to keep IPv4 going even though we are getting close to exhausting the global IPv4 address supply, and how to get IPv6 deployment moving faster so that we can reduce the pressure on the global IPv4 address supply. If we do this right, especially on the IPv6 deployment side, we may be able to stave off complete exhaustion of IPv4 addresses long enough to get into the time period where IPv4 usage starts to shrink. This is anywhere from 3 to 5 years from now. If we do nothing, then in 3 years or less, we hit a brick wall. If we do the right things, then in 5 years things get very, very tight, but we manage to supply everybody's IPv4 needs (not wants) up to the point where people start returning addresses for reuse. That's why the discussions are not just about speeding IPv6 and scraping up the last few IPv4 addresses from legacy holders, but also about putting a reclamation system in place with the right policies and the right processes. --Michael Dillon From kkargel at polartel.com Thu Jul 12 11:19:38 2007 From: kkargel at polartel.com (Kevin Kargel) Date: Thu, 12 Jul 2007 10:19:38 -0500 Subject: [ppml] IPv4 "Up For Grabs" proposal In-Reply-To: <3c3e3fca0707111645n3c13d02dq36adcf9745444637@mail.gmail.com> Message-ID: <70DE64CEFD6E9A4EB7FAF3A063141066707141@mail> Thanks Bill, I do agree with everything you have said, with the exception of the danger of route proliferation with some of the proposed "ULA" schemes. In the interest of not muddying the waters I will leave it at that and not explore tangents. BTW, I am a DFZ provider. I do agree that many small to medium networks will need to conserve route processor resources and pick a protocol and stick to it. My humble forecast is certainly that IPv4 will be predominantly replaced by something else, which at the moment looks like IPv6. I just don't see it happening in the accelerated time frame (within a couple/few years) that many are propounding. Kevin :$s/worry/happy/g > -----Original Message----- > From: wherrin at gmail.com [mailto:wherrin at gmail.com] On Behalf > Of William Herrin > Sent: Wednesday, July 11, 2007 6:45 PM > To: Kevin Kargel; ARIN Address Policy > Subject: Re: [ppml] IPv4 "Up For Grabs" proposal > > On 7/11/07, Kevin Kargel wrote: > > Why is there such a big push to drop IPv4? Is there a > reason that v4 > > and v6 can't operate concurrently in perpetuity? Won't the > customers > > go where the content is and the content go where the money is? > > Kevin, > > Others have offered excellent and concise answers to your > three questions. I'll attempt a longer one that hopefully > clarifies more than it muddies. > > IPv4 causes a lot of grief for the operators of the > "default-free zone" or DFZ. The DFZ is the part of the > Internet which has authoritative knowledge of the direction > in which to route any packet legitimately on the Internet. It > has no "default" route, no path to "everything else." > > Right now there are about 220,000 routes in the IPv4 DFZ. > This puts a good deal of strain on the system. > > For one thing, every subprocessor on every router in the DFZ > has to have enough memory and horsepower to manage 220,000 routes. > > For another, every time one link in the DFZ comes up or goes > down, routers potentially across the entire DFZ have to > rearrange all 220,000 routes so that they follow the new best > paths. While this process completes there can be routing > loops and dead zones where the Internet is just plain broken. > The more routes there are, the longer it takes to complete. > > As the crunch for IPv4 addresses starts to tighten, its > likely that large service providers will receive more small > allocations instead of fewer large ones. This exacerbates the > problem: each allocation consumes yet another route in the DFZ. > > To address this, DFZ providers spend vast sums of money on > routing hardware and high-reliability core network links that > rarely go down yet they are still only able to do an adequate > job of keeping the Internet stable. > > Because of the change in how IP addresses are justified and > assigned, the IPv6 DFZ has only a couple thousand routes and > is expected to have fewer than 100,000 routes at full > deployment. This will make it possible for folks on the DFZ > to both spend less money -and- do a better job of keeping the > Internet stable. > > The hitch is: until IPv4 goes away, you're not talking about > 100,000 routes. You're talking about 100,000 IPv6 routes PLUS > 220,000 IPv4 routes. So it gets worse before it gets better > and until IPv4 goes away, it doesn't get better. > > > So, how does end come? Surely companies don't just up and > refuse to provide IPv4! Right? > > Right. But you don't have to be in the DFZ to provide IPv4 service. > You can use a default route to someone who is. That's the > path to IPv4's decline. > > In addition to the redundancy/reliability advantage to > participating in the IPv4 DFZ, there is an economic > advantage: DFZ participants can peer with each other. Peering > means you charge your customers to send you packets but then > trade them off to the destination network for free. The > destination accepts your packets for free. He'll charge his > customer to deliver them and would rather receive them for > free than pay someone for the privilege. Today, this cost > advantage strongly outweighs the costs associated with > managing 220,000 routes. > > As IPv6 use increases and IPv4 use correspondingly declines, > these advantages shrink until provider by provider, > participation in the > IPv4 DFZ costs more than a default route would. Exit stage left. > They'll still announce their prefixes into the IPv4 DFZ but > they'll discard the routing table in favor of a default route. > > Its the beginning of the end. As folks drop out of the IPv4 > DFZ, the reliability and efficiency of the IPv4 Internet will > decline. Static default routes break easily in non-trivial > networks. That creates a feedback loop encouraging more > service migration to IPv6 which in turn encourages more folks > to drop out of the IPv4 DFZ. > > Eventually, this destabilizes IPv4 enough that folks start to deploy > IPv6 tunnels to get the IPv4 packets where they need to go. > With that tunnelling in place and IPv4 traffic much lighter > than it is today, its suddenly very advantageous for folks > still in the IPv4 DFZ to drop the zone back to a single > router inside the AS so that the IPv6 border routers don't > have to contend with IPv4 at all. IPv4 regains stability, but > the routing becomes opaque and very ineffecient. > > IPv4 probably hangs on for quite a while in this marginalized > state but for all intents and purposes its no longer the > protocol on the Internet. > > RIP. > > Regards, > Bill Herrin > > > > -- > William D. Herrin herrin at dirtside.com bill at herrin.us > 3005 Crane Dr. Web: > Falls Church, VA 22042-3004 > From kloch at kl.net Thu Jul 12 11:19:31 2007 From: kloch at kl.net (Kevin Loch) Date: Thu, 12 Jul 2007 11:19:31 -0400 Subject: [ppml] v6 Multihoming (was Re: IPv4 "Up For Grabs" proposal) In-Reply-To: <75cb24520707111955s1653f3fanac701248c6646d8a@mail.gmail.com> References: <70DE64CEFD6E9A4EB7FAF3A063141066707133@mail> <3c3e3fca0707111645n3c13d02dq36adcf9745444637@mail.gmail.com> <46957A62.9070601@rollernet.us> <46957D29.5000202@internap.com> <46959136.2060901@rollernet.us> <75cb24520707111955s1653f3fanac701248c6646d8a@mail.gmail.com> Message-ID: <46964683.6030301@kl.net> Christopher Morrow wrote: > actually I think "have asn == have /48 PI" in the ARIN region, so > rejoice (sorta) Not quite. It's more like "have IPv4 assignment from ARIN == /48 PI". It's a bit easier to get an ASN than a /48. - Kevin From dean at av8.com Thu Jul 12 12:53:01 2007 From: dean at av8.com (Dean Anderson) Date: Thu, 12 Jul 2007 12:53:01 -0400 (EDT) Subject: [ppml] Incentive to legacy address holders In-Reply-To: Message-ID: On Wed, 11 Jul 2007, Ted Mittelstaedt wrote: > >Second, the Legacy holders have an agreement which ARIN doesn't have a > >right to break or modify. ARIN is the custodian of the records, not the > >owner of the records. > > > > ONLY for IPv4 records. No. ARIN doesn't own the IPv6 records either. What part of 'custodian of records' don't you understand? If the DoC/IANA selects a successor to ARIN, ARIN has to give the records to the successor, just like SRI turned over records to NSI, and NSI turned over records to ARIN. IANA/DoC is the authority ultimately in charge of IPv6 delegations as well. Or are you disputing that? > > ARIN has no standing and no justification to interfere with those > > prior agreements. > > Incorrect. If IPv4 becomes a menace on the Internet then ARIN has to > act to assist in removing it. "IPv4 a menace to the internet" ??? Now I've heard everything. > If IPv4 becomes fragmented and inflates the route table is must be > removed. "route table fragmented and inflated by IPv4"??? Let see: IPv4 has 32 bits, IPv6 has 128bits. Which is going to inflate the route table most? Each route is 4 times larger, and we expect more IPv6 routes. I think it won't be long until IPv4 takes up a small fraction of router memory: 200,000 IPv6 routes take up more memory than 200,000 IPv4 routes. People seem to anticipate that IPv6 will probably see several million routes, while IPv4 might not ever see 400,000. It will never be _necessary_ to remove IPv4, and it will probably never ever go away. FAX was supposed to go away many years ago. People still use dialup. Useful tools never really go away. > IPv4 is ALREADY a block to widespread adoption of IPv6. If we had no > IPv4 we would all run to adopt IPv6. Riiiigggt. Without IPv4, there would be no adoption of IPv6. We'd all be running NetBEUI or Novell, or DECnet, or maybe IBM's network (name escapes me now--LU6.2 is all I can recall) If you really think IPv4 blocks IPv6, then I think you really, fundamentally, misunderstand the technology lifecycle and how adoption works. If you read RFC4038, you'd know that IPv4 isn't a block on IPv6, but is enabling IPv6. But this proposal isn't about promoting IPv6 adoption. Legacy holders aren't preventing IPv6 adoption. > >The true purpose of this proposal is not outreach, nor identification > >of abandoned delegations. Those purposes could be carried out by a > >newsletter, and those purposes are also not unique to Legacy blocks, > >but are relevant to all blocks. So, when the legitimate purposes are > >completely and better served by alternate means, what does that mean > >for the purpose of this proposal? > > It means you must either start employing those alternate means or you > must adopt this proposal. One or the other. But you cannot simply > sit on your hands and do nothing. No: we certainly _CAN_ do the same thing we've done for the last 20+ years. There is no crisis here that requires quick action. Your "urgency" also sounds reminiscent of SORBS, but that was a trick. But I am inclined to think that a newsletter every 6 months or year, monitored for returns is probably a "good thing", probably not very expensive, and probably something welcomed by all. --Dean -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000 From dean at av8.com Thu Jul 12 12:55:11 2007 From: dean at av8.com (Dean Anderson) Date: Thu, 12 Jul 2007 12:55:11 -0400 (EDT) Subject: [ppml] Incentive to legacy address holders In-Reply-To: <6eb799ab0707111820w22d53509sa0d0e95f6ca03657@mail.gmail.com> Message-ID: On Wed, 11 Jul 2007, James Hess wrote: > > The latecomer's aren't paying "extra". The price went up, just like the > > price of property rises in the late stages of development. The first > > people in take the biggest risks, and get the lowest price. > > People, providers, organizations use the address space > they have registered, but they don't own it, they are not like homesteaders; > they don't have any property at all, they are merely tenants of certain > addresses in certain registries. They have a time-unlimited registration agreement with IANA/DoC. > > Second, the Legacy holders have an agreement which ARIN doesn't have a > > right to break or modify. ARIN is the custodian of the records, not the > > owner of the records. > > The informal agreement (if any) is not with ARIN, but an organization that > used to exist that no longer does in that form -- IANA is a generic name now, > for whatever organization currently happens to be assigned to perform certain > functions, The IANA function most certainly does exist, and is the subject of a contract between ICANN and the DoC. > So ARIN really has no obligation to uphold an agreement made with > the organization that is not responsible anymore for that aspect of maintaining > the registry. Sorry. the IANA is still responsible. And ARIN is still responsible to the IANA and DoC. Your fallacy is a good reason that there should be organizational change periodically. > > It hasn't been a free ride for legacy holders. The latecomers are > > the ones getting the free ride: using free protocols, free software, > > and free operational experience that the legacy holders developed > > for them. > > Being a legacy holder has nothing to do with developing free software > or developing free protocols. There are probably plenty of legacy > holders who have made no substantial contribution to the community. They have generally made much more contribution than the latecomers. > There are plenty of "latecomers" who have developed free software, > free protocols, and other useful things. > > In effect, that a legacy holder "developed" something useful may be > true, for the oldest legacy holders, but I don't see it as a > compelling basis for treating legacy holders as a class any > differently. They have to be treated according to the agreements they already have. > > As has been said previously, ARIN is the custodian of records for > > the IANA (DoC). Even the non-legacy delegations don't belong to > > ARIN. ARIN is just the agent of the IANA. The legacy holders have > > pre-existing agreements with the IANA. ARIN has no standing and no > > justification to interfere with those prior agreements. > > Saying it over and over again doesn't make it the case. Disputing it over and over again without facts doesn't make your case. I've read the contracts. Maybe you could also read the contracts, rather than just assert nonsense which has no basis in fact. > The organization that is now called IANA does not own the delegations; > IANA is the mere technical custodian in this picture, not ARIN. ARIN > is not an agent of IANA. > > IANA is subordinate to ICANN. That isn't what the contracts say. The contracts say that the US government has contracted the IANA function to ICANN. ICANN just provides staff to __operate__ the IANA function, and will only do so as long as the US government allows it to do so by contract. IANA isn't "subordinate" to ICANN, but "operated" by ICANN. There is a difference. > If you examine the IANA web site, you will note of particular interest > the "IANA-Related Issue Escalation Procedure," in case of IANA-related > issues, and the final escalations if an issue remains unresolved are > to ICANN staff. > > I.E. The ICANN President and CEO have oversight over the IANA general > manager. ICANN _operates_ the IANA function. It is different the relationship you describe. IANA isn't an organization, Its a function of the DoC, operated by ICANN. > One legitimate purpose is equal treatment of all the organizations > whose records are being maintained by the RIR, by getting them in the > same fair policy framework. The fallacy you are promoting is that their is something unfair. We already have the same fair policy framework, established by the DoC. However, just like domain name registration, your fees for creating new domains may change. That's not unfair. > I also don't agree with the supposition that the proposal is not about > outreach or identification of abandoned delegations. > > If you have a better way that does all these things, then propose it.. I already did propose a better way. You obviously ignored it. -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000 From jmorrison at bogomips.com Thu Jul 12 13:56:31 2007 From: jmorrison at bogomips.com (John Paul Morrison) Date: Thu, 12 Jul 2007 10:56:31 -0700 Subject: [ppml] IPv4 "Up For Grabs" proposal In-Reply-To: <0D090F1E0F5536449C7E6527AFFA280A0368589E@XCH-NW-8V1.nw.nos.boeing.com> References: <70DE64CEFD6E9A4EB7FAF3A063141066707133@mail> <0D090F1E0F5536449C7E6527AFFA280A0368589E@XCH-NW-8V1.nw.nos.boeing.com> Message-ID: <46966B4F.9020803@bogomips.com> I really, *really* hope these systems are not connected to the global Internet! :-) I think there's likely a big difference between IPv4 end of life on the Public Internet, and IPv4 end of life on private networks, control systems etc. Right now the Internet is a bunch of private networks running IPv4 and internetworking with IPv4. For the Internet to evolve it will need to be a bunch of private networks running either IPv4 and/or v6, and internetworking with IPv6. (If you can interconnect with v6, v4 becomes redundant and will likely be thought of as a security hole). I don't see how two protocols, side by side on the same device are scalable on the Public Internet for very long. We could see: 1. Stick with IPv4, forget IPv6. (Ab)use NAT, trade valuable IPv4 addresses on the black market, the whole thing could keep going indefinitely but it would get more and more in the way of commerce as IPv4 addresses get expensive. 2. Dual stack for a transition period, but who wants to double their network administration workload? Hosting farms have very complicated setups for load balancing, firewalls, DNS etc. I wouldn't want to keep maintaining two sets of rules. Services providers have complicated networks, do they want to start messing around much if they don't have to? If you look at 6PE for MPLS service providers, you side step having to make changes in the IPv4 MPLS core, and you can easily add IPv6 at the edge for VPNs or even the global routing table. 6to4 can do some similar things, leveraging IPv4 networks. I don't really consider 6to4 or 6PE as dual stack, except at the edge. If I operate a large hosting site and want to start offering v6 (maybe so developing countries can reach me natively or whatever), I'm going to use an appliance or firewall that automates this process, leaving existing systems alone for the time being. 3. "Native" IPv6 Public Internet. I would define this as the day one can safely put an AAAA record in DNS as the only entry, and expect anyone to reach it, with the onus on the querier to deal with the NAT'ing to IPv4 if necessary. At this point it becomes redundant to return A records. I'm sure the IPv4 Internet will still be around but I would assume it would mainly be carrying tunneled v6 traffic over it. Davis, Terry L wrote: > Jordi > > I agree and I started to respond to a post week with a similar response and got distracted. > > I can absolutely guarantee that the aviation industry expects the migration from v4 to v6 to take over 25 years. We just expect to build airplanes that can deal with OSI, v4, and v6. The global air traffic management system is made up of 10 of thousands of pieces controlled by approaching 1000 different organizations from small private operations to nations and v4 is already built into infrastructure pieces that are not likely to see communications upgrades for 10 to 20 years. I routinely speak to aviation industry leaders on this and I generally place v4 end of life somewhere from 25 to 40 years out. > > Likewise most critical infrastructure around the globe is the same; the SCADA that runs this today is mostly all v4 as are the hospital's (including Intensive Care Units) infrastructure around the world. This type of infrastructure is much harder to convert than just corporate IT; it takes years of planning and scores of individual governmental design approvals/certifications to change it. > > Take care > Terry > > >> -----Original Message----- >> From: JORDI PALET MARTINEZ [mailto:jordi.palet at consulintel.es] >> Sent: Thursday, July 12, 2007 6:44 AM >> To: ppml at arin.net >> Subject: Re: [ppml] IPv4 "Up For Grabs" proposal >> >> Hi, >> >> I already mention this in other threads (may be not in ppml). >> >> IPv6 has been designed to coexist with IPv4 for an undetermined period of >> time. It is not expected to run *only* IPv4 since day one, and not all the >> stacks actually support this. In fact, many stacks are somehow hybrids >> instead of two-stacks, what it means that you can't disable IPv4 (of >> course >> you can let IPv4 "un-configured", which is almost equivalent). >> >> This means that IPv4 will be here for a long time and dual-stack is the >> main >> transition technique. This will change with the time, at least in some >> networks, once IPv6 traffic become predominant, among other economic >> factors. >> >> You always will have, at least for many years, old IPv4 boxes that can't >> be >> upgrades, and the easier way to reach them is if you run dual-stack, at >> least in the hosts in any LAN, instead of requiring translation. This >> doesn't mean public IPv4 addresses, as in most of the situations, private >> IPv4 behind NAT and global IPv6 will make it. >> >> However, the question may be different for whatever is not an end-site LAN >> (for instance backbone, access, etc.), as there are already protocols such >> as softwires (basically L2TP), that allow you to automatically tunnel >> IPv4-in-IPv6 (or in the other way around today in most of the IPv4-only >> networks), in order to be able to handle the IPv4-only applications in an >> automatic fashion. >> >> This is the case for some big networks (+5.000 sites) that we have where >> the >> initial deployment was completely dual-stack, and then we realized that >> because the kind of traffic was becoming predominantly IPv6, and most of >> the >> IPv4 traffic was basically going to Internet thru proxies, it make sense >> to >> turn the proxies dual-stack and carry that inside the complete network as >> IPv4-in-IPv6 (up to the proxy), so we had been able to disable IPv4 >> everywhere (except in the LANs, for both clients and servers). >> >> This is the model that I certainly believe will be the one as IPv6 >> penetration becomes bigger and bigger, and then as indicated by Kevin, >> IPv4 >> will vanish naturally ... >> >> I've introduced the description of this scenario also in a document that >> I've circulated a few weeks ago >> (http://www.ipv6tf.org/index.php?page=news/newsroom&id=3004), as I believe >> that this will mean less trouble for possible "new" ISPs when IPv4 >> addresses >> are gone or "almost" gone and at the same time will help existing ISPs to >> keep growing their networks without the need for asking for more IPv4 >> addresses to the RIR. >> >> Regards, >> Jordi >> >> >> >> >> >>> De: Kevin Kargel >>> Responder a: >>> Fecha: Wed, 11 Jul 2007 14:07:16 -0500 >>> Para: >>> Conversaci?n: [ppml] IPv4 "Up For Grabs" proposal >>> Asunto: Re: [ppml] IPv4 "Up For Grabs" proposal >>> >>> Why is there such a big push to drop IPv4? Is there a reason that v4 >>> and v6 can't operate concurrently in perpetuity? Won't the customers go >>> where the content is and the content go where the money is? >>> >>> I would suggest that if IPv6 is a good thing (and I firmly believe that >>> it is) then networks will naturally gravitate to IPv6. That being the >>> case then let IPv4 die a natural death of attrition. There is no need >>> to murder it outright. >>> >>> If in fact IPv4 continues to survive and thrive alongside IPv6 wouldn't >>> that very fact demonstrate the need to keep it going and foster it? >>> >>> It sounds like a lot of people have so little faith in the value of IPv6 >>> that they for some odd reason cinsider IPv4 a threat. If IPv6 is >>> better than IPv4 then people will use it. If it isn't then they will >>> stay where they are. I see no reason to 'force' people to switch. They >>> will move when it is in their best interests to do so for features and >>> markets. >>> >>> >>> >>> >>> >>> >>>> -----Original Message----- >>>> From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On >>>> Behalf Of Ted Mittelstaedt >>>> Sent: Monday, July 09, 2007 4:51 PM >>>> To: bill fumerola; 'ARIN PPML' >>>> Subject: Re: [ppml] IPv4 "Up For Grabs" proposal >>>> >>>> >>>> >>>> >>>>> -----Original Message----- >>>>> From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net]On >>>>> >>>> Behalf Of >>>> >>>>> bill fumerola >>>>> Sent: Monday, July 09, 2007 1:32 PM >>>>> To: 'ARIN PPML' >>>>> Subject: Re: [ppml] IPv4 "Up For Grabs" proposal >>>>> >>>>> >>>>> On Thu, Jul 05, 2007 at 05:09:59PM -0700, Ted Mittelstaedt wrote: >>>>> >>>>>>>> OK, then how exactly is this fact an argument AGAINST arin >>>>>>>> >>>>>>> simply removing >>>>>>> >>>>>>>> these records out of it's whois? Which is what I am suggesting? >>>>>>>> >>>>>>> who does that hurt? the legacy holders or the rest of the >>>>>>> >>>> community >>>> >>>>>>> trying to use a tool to find out who to contact when that >>>>>>> >>>> netblock >>>> >>>>>>> does something foolish. >>>>>>> >>>>>>> as a paying ARIN member, i want ARIN to keep track of as much as >>>>>>> they're legally, financially, technically allowed to. that WHOIS >>>>>>> service is more useful to me, the paying ARIN member, not >>>>>>> >>>> the legacy holder. >>>> >>>>>> For now. What about post-IPv4 runout? >>>>>> >>>>> i think you assume that ARIN's IPv4 services will change in >>>>> >>>> some major >>>> >>>>> way when that happens. i don't believe the memebership would >>>>> >>>> want that >>>> >>>>> change and the IPv6 fees at that point would cover >>>>> >>>> maintanence of those >>>> >>>>> 'legacy' systems. i'd imagine ripping the IPv4 components would be >>>>> more costly than just maintaining them after any sort of: >>>>> >>>> ipv4 runout >>>> >>>>> of addresses by ARIN, ipv6 eclipse of ipv4, ipv4 runout of >>>>> >>>> addresses by >>>> >>>>> IANA, etc. >>>>> >>>>> i would want to see the same level of service provided. no >>>>> >>>> difference >>>> >>>>> between legacy pre-ARIN holders and paid members. >>>>> >>>> So then if the membership doesen't want IPv4 to be removed >>>> from the registries, then what is going to be created is a >>>> situation where nobody has any incentive to remove their IPv4 >>>> reachability, nor remove the ability for their customers to >>>> reach IPv4 sites. >>>> >>>> In short, IPv4 will NEVER "go away" Your proposing a future >>>> were we add IPv6, and nobody ever gives up IPv4 resources. >>>> So the Internet merely becomes an Internet of both IPv6 and >>>> IPv4, not an Internet of IPv4 only or an Internet of >>>> IPv6 only. >>>> >>>> I'm not debating we could or couldn't do this technically. >>>> >>>> However, if we do this, then don't you see that ALL IPv4 >>>> holders, not just the legacy ones, will never have any >>>> incentive to drop IPv4. >>>> >>>> If all of that is OK with you, then why would an existing >>>> paying IPv4 holder today who doesen't need numbering, want to >>>> bother going to IPv6? After all you just said everyone will >>>> be maintaining their IPv4, so what need is there for an >>>> IPv4 >>>> holder to load up IPv6? The only incentive I see would be to >>>> reach a network that is IPv6 ONLY, such as a network that >>>> needs numbering post-IPv4 runout. >>>> This puts a terrible burden on these networks because since >>>> they are new, they cannot be reached by a lot of the >>>> Internet, and it is not likely that they can provide enough >>>> of an incentive to get IPv4-only holders to update to reach them. >>>> >>>> Ted >>>> >>>> >>>> _______________________________________________ >>>> This message sent to you through the ARIN Public Policy >>>> Mailing List (PPML at arin.net). >>>> Manage your mailing list subscription at: >>>> http://lists.arin.net/mailman/listinfo/ppml >>>> >>>> >>> _______________________________________________ >>> This message sent to you through the ARIN Public Policy Mailing List >>> (PPML at arin.net). >>> Manage your mailing list subscription at: >>> http://lists.arin.net/mailman/listinfo/ppml >>> >> >> >> ********************************************** >> The IPv6 Portal: http://www.ipv6tf.org >> >> Bye 6Bone. Hi, IPv6 ! >> http://www.ipv6day.org >> >> This electronic message contains information which may be privileged or >> confidential. The information is intended to be for the use of the >> individual(s) named above. If you are not the intended recipient be aware >> that any disclosure, copying, distribution or use of the contents of this >> information, including attached files, is prohibited. >> >> >> >> _______________________________________________ >> This message sent to you through the ARIN Public Policy Mailing List >> (PPML at arin.net). >> Manage your mailing list subscription at: >> http://lists.arin.net/mailman/listinfo/ppml >> > _______________________________________________ > This message sent to you through the ARIN Public Policy Mailing List > (PPML at arin.net). > Manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml > -------------- next part -------------- An HTML attachment was scrubbed... URL: From jmorrison at bogomips.com Thu Jul 12 14:33:33 2007 From: jmorrison at bogomips.com (John Paul Morrison) Date: Thu, 12 Jul 2007 11:33:33 -0700 Subject: [ppml] IPv4 "Up For Grabs" proposal In-Reply-To: <4695DCC4.1040402@psg.com> References: <46955E84.8030600@bogomips.com> <4695DCC4.1040402@psg.com> Message-ID: <469673FD.3050906@bogomips.com> Randy Bush wrote: >> Not when the two biggest vendors have routers that will scale to >> millions of routes >> > > as we say in my family, "do i smell cows?" > > randy http://www.lightreading.com/document.asp?doc_id=84690 http://www.eantc.com/fileadmin/eantc/downloads/test_reports/2003-2005/EANTC-Summary-Report-Cisco-12kXR.FINAL.pdf A two year old test with XR's doing 3 million routes. http://www.cisco.com/univercd/cc/td/doc/product/core/cis7600/software/122sr/swcg/rsp720.pdf 1 million routes advertised on lower end RSP720. (Somehow, with 4 GB route processor memory, I think that's conservative). And it's not like bigger carriers don't have Ixia's or Spirent boxes lying around to verify this, or wouldn't make the vendor rep bring one in to prove it. -------------- next part -------------- An HTML attachment was scrubbed... URL: From stephen at sprunk.org Thu Jul 12 14:24:08 2007 From: stephen at sprunk.org (Stephen Sprunk) Date: Thu, 12 Jul 2007 13:24:08 -0500 Subject: [ppml] Incentive to legacy address holders References: Message-ID: <00f301c7c4b3$e5ef6510$3d3816ac@atlanta.polycom.com> Thus spake "Dean Anderson" > "route table fragmented and inflated by IPv4"??? Let see: > IPv4 has 32 bits, IPv6 has 128bits. Which is going to inflate > the route table most? Each route is 4 times larger, and we > expect more IPv6 routes. We do? We've been consciously designing allocation policies so that the number of IPv6 routes per AS will be significantly lower than with IPv4. If we end up with more IPv6 routes, it's because the artificial limit on the number of ASes has been raised an order of magnitude. > I think it won't be long until IPv4 takes up a small fraction of > router memory: 200,000 IPv6 routes take up more memory > than 200,000 IPv4 routes. Of course. However, if we have 200k IPv6 routes, one would expect 2M+ IPv4 routes, and IPv4 will still end up taking more memory. > People seem to anticipate that IPv6 will probably see several > million routes, while IPv4 might not ever see 400,000. It will > never be _necessary_ to remove IPv4, As we get closer to (and past) exhaustion, the number of IPv4 routes is going to explode as people get more, smaller blocks instead of aggregates, making the routes-per-AS figure even worse than it already is. It may be 'necessary' to remove IPv4, or filter so severely as to make it useless, to keep the DFZ healthy. > and it will probably never ever go away. On that, we agree. It'll never go away completely, but it'll eventually get pulled from the DFZ and tunneled over IPv6 to the people that still insist on having it, or be in isolated islands behind v6/v4 NAT boxes. > Riiiigggt. Without IPv4, there would be no adoption of IPv6. > We'd all be running NetBEUI or Novell, or DECnet, Nah, the Internet would be running OSI by now. Of course, it'd probably still be only a few hundred hosts. The design "flaws" of IPv4 are what enabled the Internet to succeed and grow. > or maybe IBM's network (name escapes me now--LU6.2 is all > I can recall) APPN? That's a truly evil blast from the past; IBM managed to mix the worst of SNA and IP together while adding other, completely new, problems. The only way we ever got APPN even minimally functional and reliable was to tunnel it over IP... S Stephen Sprunk "Those people who think they know everything CCIE #3723 are a great annoyance to those of us who do." K5SSS --Isaac Asimov From kloch at kl.net Thu Jul 12 15:31:13 2007 From: kloch at kl.net (Kevin Loch) Date: Thu, 12 Jul 2007 15:31:13 -0400 Subject: [ppml] Incentive to legacy address holders In-Reply-To: <00f301c7c4b3$e5ef6510$3d3816ac@atlanta.polycom.com> References: <00f301c7c4b3$e5ef6510$3d3816ac@atlanta.polycom.com> Message-ID: <46968181.8020001@kl.net> Stephen Sprunk wrote: > > If we end up with more IPv6 routes, it's because the artificial limit on the > number of ASes has been raised an order of magnitude. The last time I looked at this, roughly 50% of the deaggregates were due to inefficient allocation by RIR's (multiple prefixes issued to same org) and the other half was some combination of TE, laziness or incompetence. Thus instead of ~8 prefixes/ASN we might expect to see 4/ASN. That would be a definite improvement but you can't expect the v6 ratio to remain at 1.1/ASN. At some point someone is going to start doing something real (i.e. expensive) with it and some excess routes will emerge. - Kevin From kmedcalf at dessus.com Thu Jul 12 15:54:35 2007 From: kmedcalf at dessus.com (Keith Medcalf) Date: Thu, 12 Jul 2007 15:54:35 -0400 Subject: [ppml] Policy Proposal: Authentication of Legacy Resources In-Reply-To: Message-ID: <2c177fb21165414982c2b68b61d64274@mail.dessus.com> > # 4.3 Application considerations > # > # Applications should not rely on reverse mapping for > proper operation, > # although functions that depend on reverse mapping will > obviously not > # work in its absence. Operators and users are reminded > that the use > # of the reverse tree, sometimes in conjunction with a lookup of the > # name resulting from the PTR record, provides no real security, can > # lead to erroneous results and generally just increases load on DNS > # servers. Further, in cases where address block holders fail to > # properly configure reverse mapping, users of those blocks are > # penalized. Hrm. They should read the RFC for the operation of an MTA connected to the Internet. That RFC requires (MUST) proper DNS (forward and reverse) for any MTA attached to the Internet and that any "unauthenticated" incoming SMTP connection from a source where the DNS is incorrectly configured MAY be dropped. > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= > -=-=-=-=-=-=- > Edward Lewis > +1-571-434-5468 > NeuStar > > Think glocally. Act confused. > _______________________________________________ > This message sent to you through the ARIN Public Policy Mailing List > (PPML at arin.net). > Manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml > From leo.vegoda at icann.org Thu Jul 12 17:00:32 2007 From: leo.vegoda at icann.org (Leo Vegoda) Date: Thu, 12 Jul 2007 14:00:32 -0700 Subject: [ppml] Incentive to legacy address holders In-Reply-To: <46968181.8020001@kl.net> References: <00f301c7c4b3$e5ef6510$3d3816ac@atlanta.polycom.com> <46968181.8020001@kl.net> Message-ID: On 12 Jul 2007, at 12:31, Kevin Loch wrote: > Stephen Sprunk wrote: >> >> If we end up with more IPv6 routes, it's because the artificial >> limit on the >> number of ASes has been raised an order of magnitude. > > The last time I looked at this, roughly 50% of the deaggregates > were due to inefficient allocation by RIR's (multiple prefixes > issued to same org) and the other half was some combination > of TE, laziness or incompetence. I've not done the research myself, but I remember Harsha Narayan's 2003 research indicated that 89% of routing table prefixes were down to what he called splitting and spawning, not RIR allocation practices. http://www.ripe.net/ripe/meetings/ripe-45/presentations/ripe45-eof- harsha/page38.htm Regards, Leo From sleibrand at internap.com Thu Jul 12 17:10:07 2007 From: sleibrand at internap.com (Scott Leibrand) Date: Thu, 12 Jul 2007 14:10:07 -0700 Subject: [ppml] Incentive to legacy address holders In-Reply-To: References: <00f301c7c4b3$e5ef6510$3d3816ac@atlanta.polycom.com> <46968181.8020001@kl.net> Message-ID: <469698AF.3050405@internap.com> Leo Vegoda wrote: > On 12 Jul 2007, at 12:31, Kevin Loch wrote: > > >> >> The last time I looked at this, roughly 50% of the deaggregates >> were due to inefficient allocation by RIR's (multiple prefixes >> issued to same org) and the other half was some combination >> of TE, laziness or incompetence. >> > > I've not done the research myself, but I remember Harsha Narayan's > 2003 research indicated that 89% of routing table prefixes were down > to what he called splitting and spawning, not RIR allocation practices. > Some splitting is the result of RIR allocation practices, but that may not be apparent just from looking at the announcements. For example, ARIN gives us about a /17 at a time, and we have to split that up and allocate it, usually as /20's, to our various ASNs. If we didn't have to do the IPv4 justification thing, we could have a single aggregate (/16 or so) for each ASN. In IPv6, we'll be able to split our /32 up into one subnet per ASN. -Scott From terry.l.davis at boeing.com Thu Jul 12 17:11:35 2007 From: terry.l.davis at boeing.com (Davis, Terry L) Date: Thu, 12 Jul 2007 14:11:35 -0700 Subject: [ppml] IPv4 "Up For Grabs" proposal In-Reply-To: <46966B4F.9020803@bogomips.com> References: <70DE64CEFD6E9A4EB7FAF3A063141066707133@mail><0D090F1E0F5536449C7E6527AFFA280A0368589E@XCH-NW-8V1.nw.nos.boeing.com> <46966B4F.9020803@bogomips.com> Message-ID: <0D090F1E0F5536449C7E6527AFFA280A036858A9@XCH-NW-8V1.nw.nos.boeing.com> John Paul Probably yes and no as to the connectivity to the global Internet; the requirement for security and the need to do business often clash harshly I just don't see any ISP telling their local power company or hospital that they will no longer carry their IPv4 traffic. And don't forget that government (rightly or wrongly) will get involved in that type of issue; my experience is that "politics and technology make poor bedfellows" as the outcome is not usually what either wants. From ages ago, in the very early phases of my career, I still know where there is a major US highway in the southern US that has a very large "dog leg" in it to preserve "Granma's walnut tree". (And yea, 35 years ago I was civil engineering student designing highways not networks; I'm still registered as a PE in three states and can still approve civil designs in them.) It may be true about the difference in "end of life" and conceivably the legacy v4 could be tunneled across a v6 Internet, but only time will tell how it evolves. We just have no way to rip IPv4 out of everyplace we have put it; embedded control systems are really not "upgradeable"! Take care Terry ________________________________ From: John Paul Morrison [mailto:jmorrison at bogomips.com] Sent: Thursday, July 12, 2007 10:57 AM To: Davis, Terry L Cc: jordi.palet at consulintel.es; ppml at arin.net Subject: Re: [ppml] IPv4 "Up For Grabs" proposal I really, *really* hope these systems are not connected to the global Internet! :-) I think there's likely a big difference between IPv4 end of life on the Public Internet, and IPv4 end of life on private networks, control systems etc. Right now the Internet is a bunch of private networks running IPv4 and internetworking with IPv4. For the Internet to evolve it will need to be a bunch of private networks running either IPv4 and/or v6, and internetworking with IPv6. (If you can interconnect with v6, v4 becomes redundant and will likely be thought of as a security hole). I don't see how two protocols, side by side on the same device are scalable on the Public Internet for very long. We could see: 1. Stick with IPv4, forget IPv6. (Ab)use NAT, trade valuable IPv4 addresses on the black market, the whole thing could keep going indefinitely but it would get more and more in the way of commerce as IPv4 addresses get expensive. 2. Dual stack for a transition period, but who wants to double their network administration workload? Hosting farms have very complicated setups for load balancing, firewalls, DNS etc. I wouldn't want to keep maintaining two sets of rules. Services providers have complicated networks, do they want to start messing around much if they don't have to? If you look at 6PE for MPLS service providers, you side step having to make changes in the IPv4 MPLS core, and you can easily add IPv6 at the edge for VPNs or even the global routing table. 6to4 can do some similar things, leveraging IPv4 networks. I don't really consider 6to4 or 6PE as dual stack, except at the edge. If I operate a large hosting site and want to start offering v6 (maybe so developing countries can reach me natively or whatever), I'm going to use an appliance or firewall that automates this process, leaving existing systems alone for the time being. 3. "Native" IPv6 Public Internet. I would define this as the day one can safely put an AAAA record in DNS as the only entry, and expect anyone to reach it, with the onus on the querier to deal with the NAT'ing to IPv4 if necessary. At this point it becomes redundant to return A records. I'm sure the IPv4 Internet will still be around but I would assume it would mainly be carrying tunneled v6 traffic over it. Davis, Terry L wrote: Jordi I agree and I started to respond to a post week with a similar response and got distracted. I can absolutely guarantee that the aviation industry expects the migration from v4 to v6 to take over 25 years. We just expect to build airplanes that can deal with OSI, v4, and v6. The global air traffic management system is made up of 10 of thousands of pieces controlled by approaching 1000 different organizations from small private operations to nations and v4 is already built into infrastructure pieces that are not likely to see communications upgrades for 10 to 20 years. I routinely speak to aviation industry leaders on this and I generally place v4 end of life somewhere from 25 to 40 years out. Likewise most critical infrastructure around the globe is the same; the SCADA that runs this today is mostly all v4 as are the hospital's (including Intensive Care Units) infrastructure around the world. This type of infrastructure is much harder to convert than just corporate IT; it takes years of planning and scores of individual governmental design approvals/certifications to change it. Take care Terry -----Original Message----- From: JORDI PALET MARTINEZ [mailto:jordi.palet at consulintel.es] Sent: Thursday, July 12, 2007 6:44 AM To: ppml at arin.net Subject: Re: [ppml] IPv4 "Up For Grabs" proposal Hi, I already mention this in other threads (may be not in ppml). IPv6 has been designed to coexist with IPv4 for an undetermined period of time. It is not expected to run *only* IPv4 since day one, and not all the stacks actually support this. In fact, many stacks are somehow hybrids instead of two-stacks, what it means that you can't disable IPv4 (of course you can let IPv4 "un-configured", which is almost equivalent). This means that IPv4 will be here for a long time and dual-stack is the main transition technique. This will change with the time, at least in some networks, once IPv6 traffic become predominant, among other economic factors. You always will have, at least for many years, old IPv4 boxes that can't be upgrades, and the easier way to reach them is if you run dual-stack, at least in the hosts in any LAN, instead of requiring translation. This doesn't mean public IPv4 addresses, as in most of the situations, private IPv4 behind NAT and global IPv6 will make it. However, the question may be different for whatever is not an end-site LAN (for instance backbone, access, etc.), as there are already protocols such as softwires (basically L2TP), that allow you to automatically tunnel IPv4-in-IPv6 (or in the other way around today in most of the IPv4-only networks), in order to be able to handle the IPv4-only applications in an automatic fashion. This is the case for some big networks (+5.000 sites) that we have where the initial deployment was completely dual-stack, and then we realized that because the kind of traffic was becoming predominantly IPv6, and most of the IPv4 traffic was basically going to Internet thru proxies, it make sense to turn the proxies dual-stack and carry that inside the complete network as IPv4-in-IPv6 (up to the proxy), so we had been able to disable IPv4 everywhere (except in the LANs, for both clients and servers). This is the model that I certainly believe will be the one as IPv6 penetration becomes bigger and bigger, and then as indicated by Kevin, IPv4 will vanish naturally ... I've introduced the description of this scenario also in a document that I've circulated a few weeks ago (http://www.ipv6tf.org/index.php?page=news/newsroom&id=3004), as I believe that this will mean less trouble for possible "new" ISPs when IPv4 addresses are gone or "almost" gone and at the same time will help existing ISPs to keep growing their networks without the need for asking for more IPv4 addresses to the RIR. Regards, Jordi De: Kevin Kargel Responder a: Fecha: Wed, 11 Jul 2007 14:07:16 -0500 Para: Conversaci?n: [ppml] IPv4 "Up For Grabs" proposal Asunto: Re: [ppml] IPv4 "Up For Grabs" proposal Why is there such a big push to drop IPv4? Is there a reason that v4 and v6 can't operate concurrently in perpetuity? Won't the customers go where the content is and the content go where the money is? I would suggest that if IPv6 is a good thing (and I firmly believe that it is) then networks will naturally gravitate to IPv6. That being the case then let IPv4 die a natural death of attrition. There is no need to murder it outright. If in fact IPv4 continues to survive and thrive alongside IPv6 wouldn't that very fact demonstrate the need to keep it going and foster it? It sounds like a lot of people have so little faith in the value of IPv6 that they for some odd reason cinsider IPv4 a threat. If IPv6 is better than IPv4 then people will use it. If it isn't then they will stay where they are. I see no reason to 'force' people to switch. They will move when it is in their best interests to do so for features and markets. -----Original Message----- From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On Behalf Of Ted Mittelstaedt Sent: Monday, July 09, 2007 4:51 PM To: bill fumerola; 'ARIN PPML' Subject: Re: [ppml] IPv4 "Up For Grabs" proposal -----Original Message----- From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net]On Behalf Of bill fumerola Sent: Monday, July 09, 2007 1:32 PM To: 'ARIN PPML' Subject: Re: [ppml] IPv4 "Up For Grabs" proposal On Thu, Jul 05, 2007 at 05:09:59PM -0700, Ted Mittelstaedt wrote: OK, then how exactly is this fact an argument AGAINST arin simply removing these records out of it's whois? Which is what I am suggesting? who does that hurt? the legacy holders or the rest of the community trying to use a tool to find out who to contact when that netblock does something foolish. as a paying ARIN member, i want ARIN to keep track of as much as they're legally, financially, technically allowed to. that WHOIS service is more useful to me, the paying ARIN member, not the legacy holder. For now. What about post-IPv4 runout? i think you assume that ARIN's IPv4 services will change in some major way when that happens. i don't believe the memebership would want that change and the IPv6 fees at that point would cover maintanence of those 'legacy' systems. i'd imagine ripping the IPv4 components would be more costly than just maintaining them after any sort of: ipv4 runout of addresses by ARIN, ipv6 eclipse of ipv4, ipv4 runout of addresses by IANA, etc. i would want to see the same level of service provided. no difference between legacy pre-ARIN holders and paid members. So then if the membership doesen't want IPv4 to be removed from the registries, then what is going to be created is a situation where nobody has any incentive to remove their IPv4 reachability, nor remove the ability for their customers to reach IPv4 sites. In short, IPv4 will NEVER "go away" Your proposing a future were we add IPv6, and nobody ever gives up IPv4 resources. So the Internet merely becomes an Internet of both IPv6 and IPv4, not an Internet of IPv4 only or an Internet of IPv6 only. I'm not debating we could or couldn't do this technically. However, if we do this, then don't you see that ALL IPv4 holders, not just the legacy ones, will never have any incentive to drop IPv4. If all of that is OK with you, then why would an existing paying IPv4 holder today who doesen't need numbering, want to bother going to IPv6? After all you just said everyone will be maintaining their IPv4, so what need is there for an IPv4 holder to load up IPv6? The only incentive I see would be to reach a network that is IPv6 ONLY, such as a network that needs numbering post-IPv4 runout. This puts a terrible burden on these networks because since they are new, they cannot be reached by a lot of the Internet, and it is not likely that they can provide enough of an incentive to get IPv4-only holders to update to reach them. Ted _______________________________________________ This message sent to you through the ARIN Public Policy Mailing List (PPML at arin.net). Manage your mailing list subscription at: http://lists.arin.net/mailman/listinfo/ppml _______________________________________________ This message sent to you through the ARIN Public Policy Mailing List (PPML at arin.net). Manage your mailing list subscription at: http://lists.arin.net/mailman/listinfo/ppml ********************************************** The IPv6 Portal: http://www.ipv6tf.org Bye 6Bone. Hi, IPv6 ! http://www.ipv6day.org This electronic message contains information which may be privileged or confidential. The information is intended to be for the use of the individual(s) named above. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, including attached files, is prohibited. _______________________________________________ This message sent to you through the ARIN Public Policy Mailing List (PPML at arin.net). Manage your mailing list subscription at: http://lists.arin.net/mailman/listinfo/ppml _______________________________________________ This message sent to you through the ARIN Public Policy Mailing List (PPML at arin.net). Manage your mailing list subscription at: http://lists.arin.net/mailman/listinfo/ppml -------------- next part -------------- An HTML attachment was scrubbed... URL: From leo.vegoda at icann.org Thu Jul 12 17:20:32 2007 From: leo.vegoda at icann.org (Leo Vegoda) Date: Thu, 12 Jul 2007 14:20:32 -0700 Subject: [ppml] Incentive to legacy address holders In-Reply-To: <469698AF.3050405@internap.com> References: <00f301c7c4b3$e5ef6510$3d3816ac@atlanta.polycom.com> <46968181.8020001@kl.net> <469698AF.3050405@internap.com> Message-ID: On 12 Jul 2007, at 14:10, Scott Leibrand wrote: [...] > Some splitting is the result of RIR allocation practices, but that > may not be apparent just from looking at the announcements. For > example, ARIN gives us about a /17 at a time, and we have to split > that up and allocate it, usually as /20's, to our various ASNs. If > we didn't have to do the IPv4 justification thing, we could have a > single aggregate (/16 or so) for each ASN. In IPv6, we'll be able > to split our /32 up into one subnet per ASN. It sounds like you're using the word "practices" as a synonym for "policy". Presumably ARIN only allocate /17s if that's what you need for the next six months because that's the policy (4.2.4.4) the community gave them. Regards, Leo From sleibrand at internap.com Thu Jul 12 18:00:27 2007 From: sleibrand at internap.com (Scott Leibrand) Date: Thu, 12 Jul 2007 15:00:27 -0700 Subject: [ppml] Incentive to legacy address holders In-Reply-To: References: <00f301c7c4b3$e5ef6510$3d3816ac@atlanta.polycom.com> <46968181.8020001@kl.net> <469698AF.3050405@internap.com> Message-ID: <4696A47B.604@internap.com> Leo Vegoda wrote: > On 12 Jul 2007, at 14:10, Scott Leibrand wrote: > >> Some splitting is the result of RIR allocation practices, but that >> may not be apparent just from looking at the announcements. For >> example, ARIN gives us about a /17 at a time, and we have to split >> that up and allocate it, usually as /20's, to our various ASNs. If >> we didn't have to do the IPv4 justification thing, we could have a >> single aggregate (/16 or so) for each ASN. In IPv6, we'll be able to >> split our /32 up into one subnet per ASN. > > It sounds like you're using the word "practices" as a synonym for > "policy". Presumably ARIN only allocate /17s if that's what you need > for the next six months because that's the policy (4.2.4.4) the > community gave them. Yes, I would say that all RIR allocation practices of this type are dictated by policy (and there's a good reason for doing it that way). My only point is that this particular type of deaggregation should get better in IPv6, so we can expect fewer routes in the IPv6 table as a result. -Scott From randy at psg.com Thu Jul 12 18:09:10 2007 From: randy at psg.com (Randy Bush) Date: Fri, 13 Jul 2007 07:09:10 +0900 Subject: [ppml] IPv4 "Up For Grabs" proposal In-Reply-To: <469673FD.3050906@bogomips.com> References: <46955E84.8030600@bogomips.com> <4695DCC4.1040402@psg.com> <469673FD.3050906@bogomips.com> Message-ID: <4696A686.9010006@psg.com> John Paul Morrison wrote: > Randy Bush wrote: >>> Not when the two biggest vendors have routers that will scale to >>> millions of routes >> as we say in my family, "do i smell cows?" > http://www.lightreading.com/document.asp?doc_id=84690 > http://www.eantc.com/fileadmin/eantc/downloads/test_reports/2003-2005/EANTC-Summary-Report-Cisco-12kXR.FINAL.pdf glad someone smokes that stuff. economy could not afford that many marketeers out of work. in reality, they can put enough ram in these boxes, but they can not load churn worth squat. it would be inappropriate for me to quote numbers, but let's just say "not pretty" would be an understatement. randy From sleibrand at internap.com Thu Jul 12 18:23:13 2007 From: sleibrand at internap.com (Scott Leibrand) Date: Thu, 12 Jul 2007 15:23:13 -0700 Subject: [ppml] Route capacity and route churn In-Reply-To: <4696A686.9010006@psg.com> References: <46955E84.8030600@bogomips.com> <4695DCC4.1040402@psg.com> <469673FD.3050906@bogomips.com> <4696A686.9010006@psg.com> Message-ID: <4696A9D1.4020900@internap.com> Randy Bush wrote: > John Paul Morrison wrote: > >> Randy Bush wrote: >> >>>> Not when the two biggest vendors have routers that will scale to >>>> millions of routes >>>> >>> > > > in reality, they can put enough ram in these boxes, but they can not > load churn worth squat. it would be inappropriate for me to quote > numbers, but let's just say "not pretty" would be an understatement. It sounds to me like Cisco and Juniper need to work on a suitable replacement for route flat damping, which simply picks the more stable route when one of them is unstable, and slows down the rate it sends along updates when they come in too frequently for a specific prefix. From the research presentations I've seen, implementations based on a few simple rules like that could significantly reduce route churn without reducing availability... Is there already implementation work like this ongoing? -Scott From stephen at sprunk.org Thu Jul 12 18:53:08 2007 From: stephen at sprunk.org (Stephen Sprunk) Date: Thu, 12 Jul 2007 17:53:08 -0500 Subject: [ppml] Incentive to legacy address holders References: <00f301c7c4b3$e5ef6510$3d3816ac@atlanta.polycom.com><46968181.8020001@kl.net> Message-ID: <02c801c7c4d8$c6234a10$3d3816ac@atlanta.polycom.com> Thus spake "Leo Vegoda" > I've not done the research myself, but I remember Harsha > Narayan's 2003 research indicated that 89% of routing table > prefixes were down to what he called splitting and spawning, > not RIR allocation practices. > > http://www.ripe.net/ripe/meetings/ripe-45/presentations/ripe45- > eof-harsha/page38.htm Interesting work. However, there's one new tool we've given (or at least tried to give) ourselves in v6: uniform prefix lengths. If everyone filters the LIR blocks at /32, until an LIR qualifies for more (which should be extremely rare, and not any time soon) than that their allocation can't be split or spawn more-specifics. Hopefully, what we'll see is people announcing a covering route plus more-specifics (for TE) that are filtered at N hops away where they don't matter. Ditto for end-user blocks being filtered at or near /48. So, we should see close to one globally-visible prefix per AS. If (when?) we get to a million routes in the v6 table, it should be because we have at least half a million ASes. That isn't possible in v4 because of the conservation requirement that dictates ISPs getting a new block every 6 mos, and the splitting and spawning that aren't feasible to stop due to varying prefix length. That is why many networks are advertising an average of 14.5 v4 routes each, and even the majority of origin-only networks (i.e. leaf sites) announce more than one v4 route. S Stephen Sprunk "Those people who think they know everything CCIE #3723 are a great annoyance to those of us who do." K5SSS --Isaac Asimov From randy at psg.com Thu Jul 12 19:11:24 2007 From: randy at psg.com (Randy Bush) Date: Fri, 13 Jul 2007 08:11:24 +0900 Subject: [ppml] Incentive to legacy address holders In-Reply-To: <02c801c7c4d8$c6234a10$3d3816ac@atlanta.polycom.com> References: <00f301c7c4b3$e5ef6510$3d3816ac@atlanta.polycom.com><46968181.8020001@kl.net> <02c801c7c4d8$c6234a10$3d3816ac@atlanta.polycom.com> Message-ID: <4696B51C.5030100@psg.com> Stephen Sprunk wrote: > If everyone filters the LIR blocks at /32, i guess you missed the recent announcement of rir allocations of /48s welcome to the machine. btw, which one's pink? randy From stephen at sprunk.org Thu Jul 12 19:13:26 2007 From: stephen at sprunk.org (Stephen Sprunk) Date: Thu, 12 Jul 2007 18:13:26 -0500 Subject: [ppml] IPv4 "Up For Grabs" proposal References: <70DE64CEFD6E9A4EB7FAF3A063141066707133@mail><0D090F1E0F5536449C7E6527AFFA280A0368589E@XCH-NW-8V1.nw.nos.boeing.com><46966B4F.9020803@bogomips.com> <0D090F1E0F5536449C7E6527AFFA280A036858A9@XCH-NW-8V1.nw.nos.boeing.com> Message-ID: <038d01c7c4dd$12d95d00$3d3816ac@atlanta.polycom.com> Thus spake Davis, Terry L > Probably yes and no as to the connectivity to the global > Internet; the requirement for security and the need to do > business often clash harshly I just don't see any ISP telling > their local power company or hospital that they will no longer > carry their IPv4 traffic. I don't see that happening either. What most people seem to be predicting is that, at some point, IPv4 service will cost more than IPv6 service and the gap will widen as the people who can jump off the IPv4 ship do so and there's fewer and fewer people to spread the costs of dual-stacking across. > It may be true about the difference in "end of life" and > conceivably the legacy v4 could be tunneled across a v6 > Internet, but only time will tell how it evolves. 4Bone! > We just have no way to rip IPv4 out of everyplace we have put > it; embedded control systems are really not "upgradeable"! That's what NAT is for. The IETF wants nothing to do with that transition model, but the market will want it anyways and so the vendors will ship it. You can't pay your shareholders with dogma. S Stephen Sprunk "Those people who think they know everything CCIE #3723 are a great annoyance to those of us who do." K5SSS --Isaac Asimov From dean at av8.com Fri Jul 13 00:02:13 2007 From: dean at av8.com (Dean Anderson) Date: Fri, 13 Jul 2007 00:02:13 -0400 (EDT) Subject: [ppml] IPv6/IPv4 route table size compared In-Reply-To: <00f301c7c4b3$e5ef6510$3d3816ac@atlanta.polycom.com> Message-ID: On Thu, 12 Jul 2007, Stephen Sprunk wrote: > Thus spake "Dean Anderson" > > "route table fragmented and inflated by IPv4"??? Let see: > > IPv4 has 32 bits, IPv6 has 128bits. Which is going to inflate > > the route table most? Each route is 4 times larger, and we > > expect more IPv6 routes. > > We do? We've been consciously designing allocation policies so that the > number of IPv6 routes per AS will be significantly lower than with IPv4. Yeah, well, there are too few IPv6 routes due to nonuse (Doh!) Fewer average routes per AS, but more AS's. (wasn't planning to get lost on aggregation issues, so I renamed the subject) > If we end up with more IPv6 routes, it's because the artificial limit on the > number of ASes has been raised an order of magnitude. How about 64k times larger? 32 bit AS numbers (vs current 16 bit AS numbers) are under development/deployment. (I haven't been following ASN expansion, so I don't know exactly where the ASN project stands. > > I think it won't be long until IPv4 takes up a small fraction of > > router memory: 200,000 IPv6 routes take up more memory than 200,000 > > IPv4 routes. > > Of course. However, if we have 200k IPv6 routes, one would expect 2M+ > IPv4 routes, and IPv4 will still end up taking more memory. I don't think that is likely to happen. The rough math of 2M IPv4 routes requires an average block size of /21. (anyone know the average block size and variation for the current table?) I can't claim any special knowledge, but I think there is some under estimation of the number of IPv6 routes, and what root factors cause routes to be added. I think we will continue to see more organizations with allocations because for example, most end users really don't like having to change IP address numbers or phone numbers. I expect end users will be seeking something similar to phone number portability in there internet numbers. That prompts end-users to seek their own allocations and AS numbers. This line of thought can be further developed for some interesting conclusions. I expect both IPv6 and IPv4 will tend towards fewer routes per AS. This doesn't mean fewer routes. As long as each AS has both IPv6 and IPv4 needs, those numbers will tend to about the same, with V6 being lower for a long time. Eventually, I expect that IPv6 will start to outnumber IPv4 as native V6 users begin to find no use for v4. But that will take some long time, I think. I expect IPv4 mapped IPv6 routes will exist for a long, long time. > > People seem to anticipate that IPv6 will probably see several > > million routes, while IPv4 might not ever see 400,000. It will > > never be _necessary_ to remove IPv4, > > As we get closer to (and past) exhaustion, the number of IPv4 routes > is going to explode as people get more, smaller blocks instead of > aggregates, making the routes-per-AS figure even worse than it already > is. Could be. But it isn't exhaustion that drives that route growth (smaller blocks); Its multihoming. I'd guess that 32bit AS numbers and multihoming will make the number of routes per AS drop, but will be more than offset by the increased number of AS's with small blocks. --Dean -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000 From cliffb at cjbsys.bdb.com Fri Jul 13 19:46:59 2007 From: cliffb at cjbsys.bdb.com (Cliff Bedore) Date: Fri, 13 Jul 2007 19:46:59 -0400 Subject: [ppml] test ignore Message-ID: <46980EF3.1080702@cjbsys.bdb.com> ignore this Cliff From ryanczak at arin.net Mon Jul 16 20:03:28 2007 From: ryanczak at arin.net (Matt Ryanczak) Date: Mon, 16 Jul 2007 20:03:28 -0400 Subject: [ppml] test Message-ID: <1184630608.12788.5.camel@bender> This is a test. Please disregard this message. -- Matt Ryanczak ARIN Systems Operations Manager ryanczak at arin.net From stephen at sprunk.org Tue Jul 17 22:44:44 2007 From: stephen at sprunk.org (Stephen Sprunk) Date: Tue, 17 Jul 2007 21:44:44 -0500 Subject: [ppml] Policy Proposal: Resource Review Process Message-ID: <012201c7c8e5$c85e07a0$8c41f848@atlanta.polycom.com> This proposal was originally titled "Reclamation of Number Resources"; Owen and I have reviewed comments on the second revision, have worked with the AC shepherds to revise it again, and felt a change in title was prudent to avoid potential confusion with the more recent, but unrelated, proposal titled "Resource Reclamation Incentives". Policy Proposal Name: Resource Review Process Author: Owen DeLong, Stephen Sprunk Proposal Version: 3 Submission Date: 07/17/07 Proposal type: modify Policy term: permanent Policy statement: Add the following to the NRPM: Resource Review 1. ARIN may review the current usage of any resources issued by ARIN to an organization. The organization shall furnish whatever records are necessary to perform this review. 2. ARIN may conduct such reviews: a. when any new resource is requested, b. whenever ARIN has cause to believe that the resources had originally been obtained fraudulently, or c. at any other time without cause unless a prior review has been completed in the preceding 12 months. 3. ARIN shall communicate the results of the review to the organization. 4. If the review shows that existing usage is substantially not in compliance with current allocation and/or assignment policies, the organization shall return resources as needed to bring them substantially into compliance. If possible, only whole resources shall be returned. Partial address blocks shall be returned in such a way that the portion retained will comprise a single aggregate block. 5. If the organization does not voluntarily return resources as required, ARIN may revoke any resources issued by ARIN as required to bring the organization into overall compliance. ARIN shall follow the same guidelines for revocation that are required for voluntary return in the previous paragraph. 6. Except in cases of fraud, an organization shall be given a minimum of six months to effect a return. ARIN shall negotiate a longer term with the organization if ARIN believes the organization is working in good faith to substantially restore compliance and has a valid need for additional time to renumber out of the affected blocks. 7. ARIN shall continue to maintain the resource(s) while their return or revocation is pending, except no new maintenance fees shall be assessed for the resource(s). 8. Legacy resources in active use, regardless of utilization, are not subject to revocation by ARIN. However, the utilization of legacy resources shall be considered during a review to assess overall compliance. Delete NRPM sections 4.1.2, 4.1.3, 4.1.4 Remove the sentence "In extreme cases, existing allocations may be affected." from NRPM section 4.2.3.1. Rationale: ARIN feels that current policy does not give them the power to review or reclaim resources except in cases of fraud, despite this being mentioned in the Registration Services Agreement. This policy proposal provides clear policy authority to do so, guidelines for how and under what conditions it shall be done, and a guarantee of a (minimum) six-month grace period so that the current user shall have time to renumber out of any resources to be reclaimed. The nature of the "review" is to be of the same form as is currently done when an organization requests new resources, i.e. the documentation required and standards should be the same. The renumbering period does not affect any "hold" period that ARIN may apply after return or revocation of resources is complete. The deleted sections/text would be redundant with the adoption of this proposal. Timetable for implementation: Immediate Stephen Sprunk "Those people who think they know everything CCIE #3723 are a great annoyance to those of us who do." K5SSS --Isaac Asimov From michael.dillon at bt.com Wed Jul 18 04:23:31 2007 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Wed, 18 Jul 2007 09:23:31 +0100 Subject: [ppml] Policy Proposal: Resource Review Process In-Reply-To: <012201c7c8e5$c85e07a0$8c41f848@atlanta.polycom.com> References: <012201c7c8e5$c85e07a0$8c41f848@atlanta.polycom.com> Message-ID: > The nature of the "review" is to be of the same form as is > currently done when an organization requests new resources, > i.e. the documentation required and standards should be the same. This text is not in the policy itself but is in the explanation. As such, it is not binding on ARIN. But it does raise the question. If the nature of the review is the same as is done for new allocations, then what is the point of having a review policy at all? Are there that many organizations that do not apply for new allocations every year or two? Just how many addresses in total are allocated to such organizations? Or is the entire point of this policy to slip in the language which gives legacy address holders extra rights above and beyond the majority of us. Let's look at point 8: 8. Legacy resources in active use, regardless of utilization, are not subject to revocation by ARIN. However, the utilization of legacy resources shall be considered during a review to assess overall compliance. If an organization is a legacy address holder and also has non-legacy addresses, then they could lose the non-legacy addresses if their overall usage is not sufficient. But they cannot lose any of their legacy addresses regardless of what their usage level is. If a company has a Class B /16 legacy block in which they can only justfy one /24, then ARIN can *NOT* recover the additional 255 /24's. But the same company with allocations under the RSA must show that they are using some percentage (is it 50% ?) of the /16 or they risk losing the unused addresses. This is not a fair and balanced policy. --Michael Dillon From MOHLER at graceland.edu Wed Jul 18 06:41:06 2007 From: MOHLER at graceland.edu (Dave Mohler) Date: Wed, 18 Jul 2007 05:41:06 -0500 Subject: [ppml] Policy Proposal: Resource Review Process In-Reply-To: <012201c7c8e5$c85e07a0$8c41f848@atlanta.polycom.com> Message-ID: A couple of concerns: - Would it be appropriate/important to specify in the policy that the "results of the review" communicated to the organization in paragraph 3 include the list of resources required to be returned? (And I realize the intent is to require an amount of resources to be returned and allow the organization some flexibility in determining which specific blocks of IP addresses they could most easily return consistent with the policy requirements.) - Paragraph 5 doesn't give any timeline in relation to paragraphs 3 and 4. For instance, if ARIN notified someone yesterday and they don't voluntarily return the resources today, would ARIN be authorized by this policy to start the 6-month clock of paragraph 6 as early as tomorrow? - Is it the intention of paragraph 8 to require legacy resource allocations to be reviewed with an organization's non-legacy resources? What about an organization whose only IP allocation is as legacy? Would a review of these legacy resources be valid only upon the organization's application for additional IP addresses? (Would this review be triggered by new or existing policy associated with application process?) -- Dave Mohler From stephen at sprunk.org Wed Jul 18 09:13:55 2007 From: stephen at sprunk.org (Stephen Sprunk) Date: Wed, 18 Jul 2007 08:13:55 -0500 Subject: [ppml] Policy Proposal: Resource Review Process References: Message-ID: <001b01c7c93d$e9078280$363816ac@atlanta.polycom.com> Thus spake "Dave Mohler" >A couple of concerns: > > - Would it be appropriate/important to specify in the policy that > the "results of the review" communicated to the organization in > paragraph 3 include the list of resources required to be returned? > (And I realize the intent is to require an amount of resources to be > returned and allow the organization some flexibility in determining > which specific blocks of IP addresses they could most easily > return consistent with the policy requirements.) ARIN _could_ make suggestions, but I don't want to _require_ that they do so, and your parenthetical comment explains exactly why. The org has more information about the relative "value" of their various blocks, how easy different parts could be renumbered, etc. ARIN only cares about what's used vs not. If the org voluntarily returns space, they get the carrot of picking what gets returned; if not, they get the stick of ARIN picking. > - Paragraph 5 doesn't give any timeline in relation to paragraphs > 3 and 4. For instance, if ARIN notified someone yesterday and they > don't voluntarily return the resources today, would ARIN be authorized > by this policy to start the 6-month clock of paragraph 6 as early as > tomorrow? In theory, that's possible, but it assumes ARIN to be evil. Either way, exactly when the clock starts doesn't matter so much since one can negotiate a longer renumbering period if needed. > - Is it the intention of paragraph 8 to require legacy resource > allocations to be reviewed with an organization's non-legacy > resources? Yes. > What about an organization whose only IP allocation is as legacy? > Would a review of these legacy resources be valid only upon the > organization's application for additional IP addresses? (Would > this review be triggered by new or existing policy associated with > application process?) Since ARIN has no legal power to force a legacy-only holder to provide justification, any response on their part would be completely voluntary. Presumably, such an org would only respond if they were willing to voluntarily return space if the review showed that such was warranted. I wouldn't expect staff to waste their time on legacy folks that weren't cooperative. S Stephen Sprunk "Those people who think they know everything CCIE #3723 are a great annoyance to those of us who do." K5SSS --Isaac Asimov From stephen at sprunk.org Wed Jul 18 09:02:25 2007 From: stephen at sprunk.org (Stephen Sprunk) Date: Wed, 18 Jul 2007 08:02:25 -0500 Subject: [ppml] Policy Proposal: Resource Review Process References: <012201c7c8e5$c85e07a0$8c41f848@atlanta.polycom.com> Message-ID: <001a01c7c93d$e8202fc0$363816ac@atlanta.polycom.com> Thus spake >> The nature of the "review" is to be of the same form as is >> currently done when an organization requests new resources, >> i.e. the documentation required and standards should be the same. > > This text is not in the policy itself but is in the explanation. As > such, it is not binding on ARIN. There's no binding text that says what the current review process is, so there's nothing to reference or quote. We went over this last time, and my answer is the same now: if you don't like the NRPM's complete lack of guidance on what "justify", "documentation", etc. mean, submit a proposal to fix it. > But it does raise the question. If the nature of the review is the same > as is done for new allocations, then what is the point of having a > review policy at all? Are there that many organizations that do not > apply for new allocations every year or two? LIRs are supposed to be getting a six-month supply of addresses. The point of this proposal is to address folks who _don't_ apply for new allocations/assignments "every year or two", which means mostly folks that got way more than they needed. There may be some inconvenience to folks that got exactly what they need and aren't growing, but isn't it within ARIN's charter as a responsible steward to find out that's the case? (And then, presumably, not bother them again for a long time) > Just how many addresses in total are allocated to such organizations? I have no data on the number of /24 equivalents, but the majority of direct assignments fall into this category, as do a minority of LIR allocations. > Or is the entire point of this policy to slip in the language which > gives legacy address holders extra rights above and beyond the > majority of us. Through lack of policy action to change historical practices, legacy holders _already_ have extra privileges. > Let's look at point 8: > > 8. Legacy resources in active use, regardless of utilization, are not > subject to revocation by ARIN. However, the utilization of legacy > resources shall be considered during a review to assess overall > compliance. > > If an organization is a legacy address holder and also has non-legacy > addresses, then they could lose the non-legacy addresses if their > overall usage is not sufficient. That is correct. > But they cannot lose any of their legacy addresses regardless of > what their usage level is. If a company has a Class B /16 legacy > block in which they can only justfy one /24, then ARIN can *NOT* > recover the additional 255 /24's. That is already true today; this just codifies existing treatment of legacy space. > This is not a fair and balanced policy. The first and second times around, this policy was opposed in part because it wasn't clear if it affected legacy space. We're going to get flak on this area no matter what we say until the community manages to get consensus on what to do about legacy space in general. S Stephen Sprunk "Those people who think they know everything CCIE #3723 are a great annoyance to those of us who do." K5SSS --Isaac Asimov From owen at delong.com Wed Jul 18 09:30:02 2007 From: owen at delong.com (Owen DeLong) Date: Wed, 18 Jul 2007 06:30:02 -0700 Subject: [ppml] Policy Proposal: Resource Review Process In-Reply-To: References: Message-ID: <0F298091-7029-4A06-9B79-2083CB073518@delong.com> On Jul 18, 2007, at 3:41 AM, Dave Mohler wrote: > A couple of concerns: > > - Would it be appropriate/important to specify in the policy that > the "results of the review" communicated to the organization in > paragraph 3 include the list of resources required to be returned? > (And > I realize the intent is to require an amount of resources to be > returned > and allow the organization some flexibility in determining which > specific blocks of IP addresses they could most easily return > consistent > with the policy requirements.) > We believe that ARIN staff can take care of this as a procedure and that it is not necessary to spell it out in policy. > - Paragraph 5 doesn't give any timeline in relation to paragraphs > 3 and 4. For instance, if ARIN notified someone yesterday and they > don't voluntarily return the resources today, would ARIN be authorized > by this policy to start the 6-month clock of paragraph 6 as early as > tomorrow? > Paragraph 6 is intended to express the timeline for voluntary return under paragraph 4. Perhaps reordering paragraphs 5 and 6 would make this more clear? > - Is it the intention of paragraph 8 to require legacy resource > allocations to be reviewed with an organization's non-legacy > resources? Yes. > What about an organization whose only IP allocation is as legacy? > Would > a review of these legacy resources be valid only upon the > organization's > application for additional IP addresses? (Would this review be > triggered by new or existing policy associated with application > process?) > Yes. The reasoning behind this is that we do not believe ARIN has any contract or authority which allows ARIN to take such actions with respect to legacy holders. ARIN is not a government body and cannot apply imminent domain. ARIN doesn't have any agreement with legacy holders which allows them to take any such action with respect to legacy space. Owen From michael.dillon at bt.com Wed Jul 18 10:17:59 2007 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Wed, 18 Jul 2007 15:17:59 +0100 Subject: [ppml] Policy Proposal: Resource Review Process In-Reply-To: <001b01c7c93d$e9078280$363816ac@atlanta.polycom.com> References: <001b01c7c93d$e9078280$363816ac@atlanta.polycom.com> Message-ID: > Since ARIN has no legal power to force a legacy-only holder > to provide justification, any response on their part would be > completely voluntary. I have no legal power to force you to reply to my messages, yet time and time again, you do reply. I think this whole "legal power" thing is a red herring. We should try to do the best thing for the whole IP address-using community and not worry about whether or not we have the legal power of enforcement. In the USA, where ARIN is incorporated, legal power is a very vague and malleable thing. Several levels of legislature change it all the time as do a large number of quasi-governmental regulatory bodies and authorities, not to mention the courts which have the last word on who has what legal powers. The situation is so complex and fluid that we should not try to second guess it while creating policy. After all, we have legal counsel who can advise the AC and BOT when the specific language of a policy proposal is formally presented to them. --Michael Dillon From MOHLER at graceland.edu Wed Jul 18 18:54:18 2007 From: MOHLER at graceland.edu (Dave Mohler) Date: Wed, 18 Jul 2007 17:54:18 -0500 Subject: [ppml] Policy Proposal: Resource Review Process In-Reply-To: <001b01c7c93d$e9078280$363816ac@atlanta.polycom.com> Message-ID: See further explanations of my thinking in context. > -----Original Message----- > From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On Behalf Of > Stephen Sprunk > Sent: Wednesday, July 18, 2007 8:14 AM > To: Dave Mohler; ARIN PPML > Subject: Re: [ppml] Policy Proposal: Resource Review Process > > Thus spake "Dave Mohler" > >A couple of concerns: > > > > - Would it be appropriate/important to specify in the policy that > > the "results of the review" communicated to the organization in > > paragraph 3 include the list of resources required to be returned? > > (And I realize the intent is to require an amount of resources to be > > returned and allow the organization some flexibility in determining > > which specific blocks of IP addresses they could most easily > > return consistent with the policy requirements.) > > ARIN _could_ make suggestions, but I don't want to _require_ that they do > so, [Dave Mohler] Yes. My concern is that the organization is asked to "return resources as required" (paragraph 5). Is it adequate for the purpose of this policy to assume that ARIN will include a list of the size of block(s) expected/"required" to be returned as part of that communication? and your parenthetical comment explains exactly why. The org has more > information about the relative "value" of their various blocks, how easy > different parts could be renumbered, etc. ARIN only cares about what's > used > vs not. If the org voluntarily returns space, they get the carrot of > picking what gets returned; if not, they get the stick of ARIN picking. > > > - Paragraph 5 doesn't give any timeline in relation to paragraphs > > 3 and 4. For instance, if ARIN notified someone yesterday and they > > don't voluntarily return the resources today, would ARIN be authorized > > by this policy to start the 6-month clock of paragraph 6 as early as > > tomorrow? > > In theory, that's possible, but it assumes ARIN to be evil. [Dave Mohler] Well, I wasn't really making that assumption!! ;-) I feel that the policy is the place that ARIN and organizations look to for communicating their respective responsibilities. As such, explicitly communicating that "If, after a reasonable time, the organization does not..." or, perhaps even more clearly, "If, after three months, the organization has not contacted ARIN to arrange for the return of..." would help future readers of the policy to understand these expectations. In looking back over the proposal with the benefit of these discussions, I think I understand that the 6-month minimum clock essentially begins when "ARIN [communicates] the results of the review to the organization." After that, it is up to the organization to return the required amount of resources within the 6 months or demonstrate that "good faith effort" toward returning those resources; otherwise ARIN can unilaterally revoke its choice of the required amount of those resources. If this accurately reflects the intent of the policy, I believe I've identified my core misunderstanding. I interpreted "voluntarily return" as being something that the organization recognizes their lack of compliance with policy based on the review and of their own free will offers back resources to bring them into compliance. It appears that the communication of results is more in terms of "This is how much you must return within 6 months in order to come back into compliance; develop and implement your own plan or we'll take what we need." I'm not arguing about the need for such a policy, just pointing out that the phrase "voluntary return" led me (and could likely lead others) to different assumptions about the policy's intent. Am I now getting the essence of the policy accurately? Either way, > exactly when the clock starts doesn't matter so much since one can > negotiate > a longer renumbering period if needed. > [Dave Mohler] understood. ... > > Stephen Sprunk "Those people who think they know everything > CCIE #3723 are a great annoyance to those of us who do." > K5SSS --Isaac Asimov > > > _______________________________________________ > This message sent to you through the ARIN Public Policy Mailing List > (PPML at arin.net). > Manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml From dean at av8.com Thu Jul 19 12:53:33 2007 From: dean at av8.com (Dean Anderson) Date: Thu, 19 Jul 2007 12:53:33 -0400 (EDT) Subject: [ppml] Policy Proposal: Resource Review Process In-Reply-To: Message-ID: On Wed, 18 Jul 2007 michael.dillon at bt.com wrote: > > Since ARIN has no legal power to force a legacy-only holder to > > provide justification, any response on their part would be > > completely voluntary. > > I have no legal power to force you to reply to my messages, yet time > and time again, you do reply. There is a difference, though, between voluntary replies, and coerced replies. > I think this whole "legal power" thing is a red herring. I think this whole 'resource review' is a red herring. 2. ARIN may conduct such reviews: a. when any new resource is requested, b. whenever ARIN has cause to believe that the resources had originally been obtained fraudulently, or c. at any other time without cause unless a prior review has been completed in the preceding 12 months. I have no problem with a. or b. above. But option c. is just begging for trouble "without cause". It gives an unlimited power to review the private customer data of a recipient "without cause" once a year. ARIN shouldn't be doing anything without cause and justification. One wonders why that would ever be good policy in any circumstance. The potential for abuse is tremendous. The total legacy allocations do not amount to much. The amount of _unused_ legacy allocations do not amount to a drip in the bucket. The underlying premise that resources are not being reclaimed is a red herring. (It was asserted against Kremen, though) There are some _bad_ reasons that Vixie cronies want this. There is no legitimate reason to be harrassing IP recipients or persons like Kremen or Av8 Internet or anyone "without cause"; the only political cause is the Paul Vixie/SORBS harrassment of Av8 Internet and of persons like Kremen. That harrassment isn't in the public interest. The harrassment is nothing but revenge for having exposed their schemes and dishonest activities. Policies should be scrutinized closely for their potential to be abused for ulterior purposes that aren't in the public interest. Anytime I see things "without cause", I wonder why that unlimited power would be needed. Unlimited powers need to be reviewed carefully, and need to be very well justified as being absolutely necessary. In this case, there isn't even a hint of necessity for such a power. --Dean -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000 From arin-contact at dirtside.com Thu Jul 19 13:37:11 2007 From: arin-contact at dirtside.com (William Herrin) Date: Thu, 19 Jul 2007 13:37:11 -0400 Subject: [ppml] Policy Proposal: Resource Review Process In-Reply-To: References: Message-ID: <3c3e3fca0707191037r19cd3c06xc9ceed5fa69a19c1@mail.gmail.com> On 7/19/07, Dean Anderson wrote: > 2. ARIN may conduct such reviews: > c. at any other time without cause unless a prior review has been > completed in the preceding 12 months. > But option c. is just begging for trouble "without cause". It gives an > unlimited power to review the private customer data of a recipient > "without cause" once a year. ARIN shouldn't be doing anything without > cause and justification. One wonders why that would ever be good policy > in any circumstance. The potential for abuse is tremendous. This could be resolved by lengthening the review term to 60 months. That offers some disincentive for a "just because" audit by preventing ARIN from asking again for what amounts to a lifetime in the world of IP address assignments. At the same time, it preserves the staff's ability to make a documentation request without having to carefully lay out the reasons and run it by the lawyers. I'd also add a D and an E: d. when all designated reverse DNS servers for a resource fail to report authoritative for at least 3 months. e. when a route to the block has not been present in the DFZ for at least 3 months. > There are some _bad_ reasons that Vixie cronies want this. Was that statement really necessary? Did it add any value to the conversation? Regards, Bill Herrin -- William D. Herrin herrin at dirtside.com bill at herrin.us 3005 Crane Dr. Web: Falls Church, VA 22042-3004 From info at arin.net Thu Jul 19 14:27:08 2007 From: info at arin.net (Member Services) Date: Thu, 19 Jul 2007 14:27:08 -0400 Subject: [ppml] Deadline for Policy Proposals - 18 August 2007 Message-ID: <469FACFC.3010702@arin.net> The ARIN XX Public Policy Meeting will take place 17-18 October 2007 in Denver. New policy proposals must be submitted by 23:59 EDT, 18 August 2007, in order to be considered by the ARIN Advisory Council for possible inclusion on the ARIN XX agenda. This is in accordance with ARIN's Internet Resource Policy Evaluation Process, which requires that proposed policies be submitted at least 60 days prior to the meeting. Those who wish to propose new ARIN number resource policies or modifications to existing policies must submit a Policy Proposal Template. The template must be sent via e-mail to policy at arin.net. The Policy Proposal Template can be found at: http://www.arin.net/policy/irpep_template.html The ARIN Internet Resource Policy Evaluation Process can be found at: http://www.arin.net/policy/irpep.html Regards, Member Services American Registry for Internet Numbers (ARIN) From info at arin.net Thu Jul 19 15:44:43 2007 From: info at arin.net (Member Services) Date: Thu, 19 Jul 2007 15:44:43 -0400 Subject: [ppml] ARIN Opens IPv6 Wiki Site Message-ID: <469FBF2B.6030406@arin.net> As directed by the ARIN Board of Trustees in its 7 May 2007 IPv6 resolution (http://www.arin.net/announcements/20070521.html), ARIN continues to look for ways to assist the community by providing education and outreach on migration to IPv6. Today ARIN opens a new wiki-based site as an open forum for the ARIN community. All interested individuals in the community are invited to use the site, at http://www.getipv6.info, to post information they believe may be helpful to others looking at implementations or migrations of networks to IPv6. This can include recommended practices, success stories, case studies, and general information on using IPv6 in the ARIN region. The intent is to create a site that is useful and relevant, particularly to those involved with IPv6 within the ARIN region, by taking advantage of the incredible range of knowledge available in the ARIN community. As is the case with all wiki-based websites, this site will be an open and organic repository of information. What appears on the site will be up to the community, with only minimal involvement by ARIN staff. To help begin and frame the focus of the site, some relevant links back to ARIN's main website have been added, and general policies regarding acceptable use and privacy have been created and posted. Those unfamiliar with wiki-based websites should review the MediaWiki User's Guide at http://meta.wikimedia.org/wiki/MediaWiki_User's_Guide before getting started. As the site develops and grows, ARIN staff involvement will be limited to assisting or organizing navigation and highlighting specific content articles or categories. Individuals with questions or suggestions about this site may send them to webmaster at arin.net. ARIN looks forward to the community taking this small "seed" and developing it into a resource that has value to everyone. Regards, Member Services Department American Registry for Internet Numbers (ARIN) From stephen at sprunk.org Thu Jul 19 15:46:08 2007 From: stephen at sprunk.org (Stephen Sprunk) Date: Thu, 19 Jul 2007 14:46:08 -0500 Subject: [ppml] Policy Proposal: Resource Review Process References: Message-ID: <01de01c7ca3d$79c507c0$6701a8c0@atlanta.polycom.com> Thus spake "Dean Anderson" > On Wed, 18 Jul 2007 michael.dillon at bt.com wrote: >> I think this whole "legal power" thing is a red herring. > > I think this whole 'resource review' is a red herring. > > 2. ARIN may conduct such reviews: > a. when any new resource is requested, > b. whenever ARIN has cause to believe that the resources had > originally been obtained fraudulently, or > c. at any other time without cause unless a prior review has been > completed in the preceding 12 months. > > I have no problem with a. or b. above. Of course not; ARIN already does both. If you had a serious problem with either action, you'd have proposed a policy change to correct it -- and, I predict, gotten thoroughly trounced. > But option c. is just begging for trouble "without cause". It gives an > unlimited power to review the private customer data of a recipient > "without cause" once a year. The RSA already gives ARIN unlimited power to conduct reviews as often as they want. Go read it; it's enlightening. This proposal seeks to put a _limit_ on that power and create process around how it's conducted. As far as the "once a year" angle, Owen and I are open to suggestions for a longer period. I said so in the last round of debate, and got zero suggestions for other periods, which indicates either (a) people weren't that unhappy with 12 months, or (b) they objected to the proposal as a whole and not the frequency. The reason I originally settled on 12 months is that, according to policy, ARIN members are to get a six-month supply of addresses. Any member complying with that policy will be exempt from "without cause" reviews if they're even minimally growing, even if they are getting twice the address space per round that policy allows. Those who are shrinking deserve a review. Those who are doing neither are rare but collateral damage; I expect staff would recognize that fact and not bother them again after the first review, at least not for several years. > ARIN shouldn't be doing anything without cause and justification. > One wonders why that would ever be good policy > in any circumstance. ARIN's charter dictates stewardship. Since we're getting dangerously close to running out of v4 addresses, it is ARIN's responsibility to make sure that none are being wasted. To do so, it must perform reviews on existing allocations and assignments, not just new ones. > The total legacy allocations do not amount to much. The amount of > _unused_ legacy allocations do not amount to a drip in the bucket. As far as we're able to tell without reviews, roughly half of legacy resources are unused. However, this proposal is principally aimed at non-legacy resources, which is particularly obvious with the wording of section 8. > The underlying premise that resources are not being reclaimed is > a red herring. ... (It was asserted against Kremen, though) It has been asserted several times, by several different folks, that ARIN doesn't have policy power to reclaim unused space. Owen and I were asked independently to make a proposal to fix that. We have. If the community rejects it, that's fine. > There are some _bad_ reasons that Vixie cronies want this. I'd think twice before accusing me of being a Vixie crony. I've had very few dealings with him over the years, and his most recent response to me (in another forum) was that I'd called him a liar. That's not quite what I said, but I stand by my original statement that inspired his comment. In any case, I'm hardly an ardent supporter; he's just another guy to me, one I disagree with as often as we agree. Just because you and Paul have some long-standing antipathy doesn't mean that everyone who doesn't hate him is part of some conspiracy against you. > Policies should be scrutinized closely for their potential to be > abused for ulterior purposes that aren't in the public interest. Neither Owen nor I have any ulterior motives in this matter; the policy's intent is exactly what its plain text says and the rationale explains. If it happens to offend some spammers because they know they wouldn't survive a review, that is not my problem. They're being handled adequately by existing fraud processes, IMHO, and they're not a specific target of this proposal. I'm only interested in folks that are hoarding addresses they no longer have any justification for, no longer exist, etc. The size of that target pool is irrelevant; we're rapidly approaching the point where even a /24 will be valuable, and we have a duty to reduce blatant waste. > Anytime I see things "without cause", I wonder why that unlimited > power would be needed. Unlimited powers need to be reviewed > carefully, and need to be very well justified as being absolutely > necessary. In this case, there isn't even a hint of necessity for > such a power. See above. S Stephen Sprunk "Those people who think they know everything CCIE #3723 are a great annoyance to those of us who do." K5SSS --Isaac Asimov From JOHN at egh.com Thu Jul 19 16:59:33 2007 From: JOHN at egh.com (John Santos) Date: Thu, 19 Jul 2007 16:59:33 -0400 Subject: [ppml] Policy Proposal: Resource Review Process In-Reply-To: <3c3e3fca0707191037r19cd3c06xc9ceed5fa69a19c1@mail.gmail.com> Message-ID: <1070719165620.6027A-100000@Ives.egh.com> On Thu, 19 Jul 2007, William Herrin wrote: > On 7/19/07, Dean Anderson wrote: > > 2. ARIN may conduct such reviews: > > c. at any other time without cause unless a prior review has been > > completed in the preceding 12 months. > > > But option c. is just begging for trouble "without cause". It gives an > > unlimited power to review the private customer data of a recipient > > "without cause" once a year. ARIN shouldn't be doing anything without > > cause and justification. One wonders why that would ever be good policy > > in any circumstance. The potential for abuse is tremendous. > > This could be resolved by lengthening the review term to 60 months. > That offers some disincentive for a "just because" audit by preventing > ARIN from asking again for what amounts to a lifetime in the world of > IP address assignments. At the same time, it preserves the staff's > ability to make a documentation request without having to carefully > lay out the reasons and run it by the lawyers. > > I'd also add a D and an E: > > d. when all designated reverse DNS servers for a resource fail to > report authoritative for at least 3 months. > > e. when a route to the block has not been present in the DFZ for at > least 3 months. e. Does *NOT* mean an address block is not in use. As has been re-iterated many times, there are many semi-private networks which require non-colliding addresses and are not under the control of a single entity, so RFC1918 addresses are not appropriate. > > > > There are some _bad_ reasons that Vixie cronies want this. > > Was that statement really necessary? Did it add any value to the conversation? > > Regards, > Bill Herrin > > > -- > William D. Herrin herrin at dirtside.com bill at herrin.us > 3005 Crane Dr. Web: > Falls Church, VA 22042-3004 > _______________________________________________ > This message sent to you through the ARIN Public Policy Mailing List > (PPML at arin.net). > Manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml > > -- John Santos Evans Griffiths & Hart, Inc. 781-861-0670 ext 539 From arin-contact at dirtside.com Thu Jul 19 17:05:53 2007 From: arin-contact at dirtside.com (William Herrin) Date: Thu, 19 Jul 2007 17:05:53 -0400 Subject: [ppml] Policy Proposal: Resource Review Process In-Reply-To: <1070719165620.6027A-100000@Ives.egh.com> References: <3c3e3fca0707191037r19cd3c06xc9ceed5fa69a19c1@mail.gmail.com> <1070719165620.6027A-100000@Ives.egh.com> Message-ID: <3c3e3fca0707191405o563628a3q88b4d7ff6de46daa@mail.gmail.com> On 7/19/07, John Santos wrote: > On Thu, 19 Jul 2007, William Herrin wrote: > > > 2. ARIN may conduct such reviews: > > e. when a route to the block has not been present in the DFZ for at > > least 3 months. > > e. Does *NOT* mean an address block is not in use. As has been > re-iterated many times, there are many semi-private networks which > require non-colliding addresses and are not under the control of > a single entity, so RFC1918 addresses are not appropriate. Never said it did John; merely suggested that it was a valid reason for ARIN to conduct a review for compliance with the policies. Regards, Bill Herrin -- William D. Herrin herrin at dirtside.com bill at herrin.us 3005 Crane Dr. Web: Falls Church, VA 22042-3004 From info at arin.net Thu Jul 19 17:07:18 2007 From: info at arin.net (Member Services) Date: Thu, 19 Jul 2007 17:07:18 -0400 Subject: [ppml] Deadline for Policy Proposals - 18 August 2007 In-Reply-To: <469FACFC.3010702@arin.net> References: <469FACFC.3010702@arin.net> Message-ID: <469FD286.2090202@arin.net> Correction. The ARIN XX Public Policy Meeting will take place 17-18 October 2007 in Albuquerque. Regards, Member Services American Registry for Internet Numbers (ARIN) Member Services wrote: > The ARIN XX Public Policy Meeting will take place 17-18 October 2007 in > Denver. New policy proposals must be submitted by 23:59 EDT, 18 August > 2007, in order to be considered by the ARIN Advisory Council for > possible inclusion on the ARIN XX agenda. This is in accordance with > ARIN's Internet Resource Policy Evaluation Process, which requires that > proposed policies be submitted at least 60 days prior to the meeting. > > Those who wish to propose new ARIN number resource policies or > modifications to existing policies must submit a Policy Proposal > Template. The template must be sent via e-mail to policy at arin.net. > > The Policy Proposal Template can be found at: > http://www.arin.net/policy/irpep_template.html > > The ARIN Internet Resource Policy Evaluation Process can be found at: > http://www.arin.net/policy/irpep.html > > Regards, > > Member Services > American Registry for Internet Numbers (ARIN) > > > > > _______________________________________________ > This message sent to you through the ARIN Public Policy Mailing List > (PPML at arin.net). > Manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml > From JOHN at egh.com Thu Jul 19 17:25:51 2007 From: JOHN at egh.com (John Santos) Date: Thu, 19 Jul 2007 17:25:51 -0400 Subject: [ppml] Policy Proposal: Resource Review Process In-Reply-To: <3c3e3fca0707191405o563628a3q88b4d7ff6de46daa@mail.gmail.com> Message-ID: <1070719171309.6027A-100000@Ives.egh.com> On Thu, 19 Jul 2007, William Herrin wrote: > On 7/19/07, John Santos wrote: > > On Thu, 19 Jul 2007, William Herrin wrote: > > > > 2. ARIN may conduct such reviews: > > > e. when a route to the block has not been present in the DFZ for at > > > least 3 months. > > > > e. Does *NOT* mean an address block is not in use. As has been > > re-iterated many times, there are many semi-private networks which > > require non-colliding addresses and are not under the control of > > a single entity, so RFC1918 addresses are not appropriate. > > Never said it did John; merely suggested that it was a valid reason > for ARIN to conduct a review for compliance with the policies. Okay, "e." is a reason for a review, not a reason for revocation. This sounds like another of those things where after discovering the reason why, the staff should wait a long time before reviewing again. Just like for users who are neither growing nor shrinking. This situation should *not* trigger a review every 3 months. I don't have any inkling whether "3 months" is a good or bad time, except I've been involved in many projects over the years where there are long lead times and random unaccountable delays, so it might be too short, and if the review can be repeated every 3 months it definitely would be. 3 months for an initial review followed by 6 months or a year if the initial review result was "It's not there yet, but we're working on it..." might be more appropriate. Or is this an ARIN staff thing rather than a policy issue? > > Regards, > Bill Herrin > > -- > William D. Herrin herrin at dirtside.com bill at herrin.us > 3005 Crane Dr. Web: > Falls Church, VA 22042-3004 > > -- John Santos Evans Griffiths & Hart, Inc. 781-861-0670 ext 539 From owen at delong.com Thu Jul 19 17:54:04 2007 From: owen at delong.com (Owen DeLong) Date: Thu, 19 Jul 2007 14:54:04 -0700 Subject: [ppml] Policy Proposal: Resource Review Process In-Reply-To: <1070719165620.6027A-100000@Ives.egh.com> References: <1070719165620.6027A-100000@Ives.egh.com> Message-ID: >> >> e. when a route to the block has not been present in the DFZ for at >> least 3 months. > > e. Does *NOT* mean an address block is not in use. As has been > re-iterated many times, there are many semi-private networks which > require non-colliding addresses and are not under the control of > a single entity, so RFC1918 addresses are not appropriate. > I am neutral on whether or not to add clauses d and e to the proposal, however, I'd like to point out that just adding them to the text as indicated is not any form of claim that they by themselves constitute non-use of the space. Merely that the could be considered cause for review of whether the space is in compliance with policies or not. Personally, I think the without cause phrasing in (c.) adequately addresses the issue vs. adding the proposed clauses (d) and (e), but, if people feel that would be a better way to write the policy, I don't see it as harmful to the policy intent. (d) was about lame in-addr delegation for those who may not remember. Owen From dean at av8.com Thu Jul 19 19:15:56 2007 From: dean at av8.com (Dean Anderson) Date: Thu, 19 Jul 2007 19:15:56 -0400 (EDT) Subject: [ppml] Policy Proposal: Resource Review Process In-Reply-To: <01de01c7ca3d$79c507c0$6701a8c0@atlanta.polycom.com> Message-ID: On Thu, 19 Jul 2007, Stephen Sprunk wrote: > > But option c. is just begging for trouble "without cause". It gives an > > unlimited power to review the private customer data of a recipient > > "without cause" once a year. > > The RSA already gives ARIN unlimited power to conduct reviews as often > as they want. Go read it; it's enlightening. Oh. So then we don't need this policy at all. Right? But you said 2a and 2b equal the RSA. Section 2c expands the RSA. But whatever the RSA, we don't need it in this policy. > This proposal seeks to put a _limit_ on that power and create process > around how it's conducted. Oh. So you think the RSA needs to be _limited_. I see. (scribbling notes) Hmm. I don't see any limits being placed anywhere. > Any member complying with that policy will be exempt from "without > cause" reviews Maybe you want to re-parse the phrase "without cause". That phrase "without cause" doesn't mean "those who are even minimally complying with policy are exempt". It means anyone can be reviewed "without cause". End of story. I don't know whether you are just dumb or dishonest in your assurances. > if they're even minimally growing, even if they are getting twice the > address space per round that policy allows. Those who are shrinking > deserve a review. I don't know why that should be. If they are still in business, they will probably grow again. Your premises don't seem to be very well justified, nor discussed much. > > ARIN shouldn't be doing anything without cause and justification. > > One wonders why that would ever be good policy in any circumstance. > > ARIN's charter dictates stewardship. Yes. Stewardship doesn't include harassment and ulterior motives. > Since we're getting dangerously close to running out of v4 addresses, Another assertion that we've heard repeatedly since at least 1994. Its just a scare tactic that doesn't seem to be true this time either, since ARIN has reduced the criteria for getting a block. ARIN is _trying_ to give out more space, faster. If we are actually running out of IP addresses, maybe ARIN should slow down the rate it is giving out address space. There seems to be a disconnect between these two efforts. Or is it maybe just simply dishonest ulterior purposes? > > The total legacy allocations do not amount to much. The amount of > > _unused_ legacy allocations do not amount to a drip in the bucket. > > As far as we're able to tell without reviews, roughly half of legacy > resources are unused. This seems to be a pretty dubious claim to me. Perhaps you could find some facts before making unsubstantiated claims. > > There are some _bad_ reasons that Vixie cronies want this. > > I'd think twice before accusing me of being a Vixie crony. I think one is a vixie crony when they associate with Vixie and his other cronies. I've had enough dealing with you and Owen in other forums to claim that you both are a Vixie cronies. If you don't like the label, you should choose your associates more carefully. > I've had very few dealings with him over the years, and his most > recent response to me (in another forum) was that I'd called him a > liar. That's not quite what I said, but I stand by my original > statement that inspired his comment. In any case, I'm hardly an > ardent supporter; he's just another guy to me, one I disagree with as > often as we agree. I'm dubious of your asserted 'anti-Vixie' credentials. I heard almost the same claim from ISC employee Rob Austein in a conflict of interest issue on the DNSOP WG. In that case, Vixie, David Crocker, and others mounted an attack on a proposal to by Thierry Moreau. Crocker (previously pro-patent in other patent disputes) complained that Moreau's proposal was patented.(?!?) Austein, as chair, __directed__ the working group to ignore Moreau's proposal. This direction is unusual by itself, and is not permitted except when a WG can't agree, which wasn't the case. Moreau and myself complained that this was a conflict of interest for Austein, and an inappropriate use of the chair powers. Vixie said that Austein was just a regular guy who wouldn't do what he said anyway. (I'm still laughing at this "assurance" from Vixie) Ted Lemon (of Nomimum, one of the so-called BIND companies) wrote me off-list that Moreau's proposal was unethical and that I should criticize Moreau. I reviewed Moreau's proposal and all of Moreau's messages on the topic; Moreau, in his first message, disclosed the patent, offered a free, unlimited, and universal license to the patented technology. Now remember, I'm the President of the League for Programming Freedom, which is an anti-patent organization founded by Richard Stallman. Moreau's patent terms are as good as it gets. Moreau was in no way unethical in any of his messages on the subject. It is still a mystery as to why the Vixie cronies oppose Moreau's proposal, which seems to improve the security of Root DNSSEC operations. I can't imagine why they would want to have weaker security. Ron Bonica, the IETF/IESG supervisor of Mr. Austein, in an exchange that I'm going to be documenting as _the_ example of unscrupulous behavior, asserted without reason or rationale that there was no conflict of interest for Austein, and then asserted that business law (conflict of interest) didn't apply to the IETF because it wasn't documented in an RFC. Oddly, I've heard this claim from Owen before, but Owen isn't a senior manager at a public non-profit with responsibility to the public interest. Bonica, interestingly, now at Juniper (but not a manager), was previously a senior manager at MCI. ["unscrupulous" means to not give proper consideration to an ethics issue.] So, I'm just a little dubious of these kinds of disingenuous claims of non-influence. We have to be alert for abuse of the public interest for ulterior purposes. > Just because you and Paul have some long-standing antipathy doesn't mean > that everyone who doesn't hate him is part of some conspiracy against you. Indeed, it is not required to hate him in order to not participate in a conspiracy against me (and others). However, it is required to have good justifications for doing things that hurt me and others, and help Vixie. Your justifications don't hold water and your premises aren't valid. > Neither Owen nor I have any ulterior motives in this matter; the > policy's intent is exactly what its plain text says and the rationale > explains. Easy to say. Every criminal says they didn't _intend_ any harm. However, intent is determined by the certain, foreseeable consequences of an action. When the consequences are certain and foreseeable, you intend the consequences. And your rationale doesn't hold water. > If it happens to offend some spammers because they know they wouldn't > survive a review, that is not my problem. Ah ha. There it is. Vixie and cronies (who are actually long-time spammers through whitehat.com) is again trying to act dishonestly and unfairly against his competition. Sanford Wallace also sold anti-spam software. Vixie just stole Wallace's business plan, while pretending to be anti-spam. (http://www.iadl.org/maps/maps-story.html) But if you are so concerned with possible waste, maybe you would explain why ISC.ORG has 146,000+ IP addresses when Vixie says it isn't even in the Internet service business. Hmm? Or maybe ISC _is_ in the Internet service business, after all. > I'm only interested in folks that are hoarding addresses they no > longer have any justification for, no longer exist, etc. The size of > that target pool is irrelevant; we're rapidly approaching the point > where even a /24 will be valuable, and we have a duty to reduce > blatant waste. And by what criteria do you decide waste and hoarding? If a /24 really is valuable, then the assignee will find a valuable use for it, won't they? ARIN doesn't have to find uses for IP space, especially if we are running out of space, as you claim. --Dean From dean at av8.com Thu Jul 19 23:14:07 2007 From: dean at av8.com (Dean Anderson) Date: Thu, 19 Jul 2007 23:14:07 -0400 (EDT) Subject: [ppml] Tell me, Mr. Anderson, what good is a mailing list when we are unable to speak? In-Reply-To: <20070720012046.GP9951@elvis.mu.org> Message-ID: Despite the invitation to "Tell you", There is no content, really to reply to. Just accusations of conspiracy __theory__. But the fallacy is the assertion of (somehow baseless) "theory". I've documented and footnoted every claim I make. I have no concern about defamation. Truth is an absolute defense. I'll keep this short. This subject matter related to ARIN policy (PPML) because these people are proposing an __ARIN_policy__ to enable review "without cause", of "Hijacked/Disused Netblocks", particularly aimed at legacy block holders. I am a contact for a legacy block, and I have an assignment. And I'm an ARIN member, with a valid complaint. Most non-profits have standards for the ethics and integrity of their board members, and board members found guilty of dishonesty even outside the organization would be made to resign. That is public policy, by the way: to remove dishonest board members from non-profits. So indeed, that subject is related to ARIN public policy. But let me make it simple for you: If Vixie is so smart why does he associate with SORBS, and why does he dishonestly claim that 130.105/16 and 198.3.136/21 are hijacked? ----- Transcript of session follows ----- ... while talking to sa.vix.com.: >>> DATA <<< 553 5.7.1 Service unavailable; Client host [130.105.36.66] blocked using dnsbl.sorbs.net; Hijacked/Disused Netblocks See: http://www.sorbs.net/lookup.shtml?130.105.36.66 550 5.1.1 ... User unknown <<< 554 5.5.1 Error: no valid recipients This isn't a "theory" of a conspiracy. This is actual harm, actual lies. The false claims are found at SORBS site. 130.105/16 and 198.3.136/21 are not hijacked, yet we have an ARIN board member (Vixie) who (through his associates) falsely claims they are. Oh, and by the way, I've been vindicated on the IETF issues that I exposed. Stateful DNS Anycast was another Vixie scam (Vixie sells root anycast clones), where they silenced the whistleblower. Root DNS has to include TCP, and TCP isn't stable on anycast. The IETF misconduct wasn't exclusive to me, either. JFC Morphin and Todd Glassey were also silenced on dubious or unlawful grounds. Glassey blew the whistle on undocumented copyright transfers, and was falsely accused of "spamming". Morphin blew the whistle on language issues that were illegal in Europe, and was silenced unlawfully. Bill Woodcock (another ARIN board member) was also involved in the stateful anycast fraud that I exposed. And if you haven't noticed, the people I've shown to have been involved in misconduct are resigning or being replaced. Oh yes. Indeed, volunteers' time has been wasted. A lot of it. But not by me. It is wasted by those who entertain dishonest people and schemes pretending to be good public policy. The quicker we remove the dishonest, the better public policy we will have. --Dean On Thu, 19 Jul 2007, bill fumerola wrote: > i want to talk policy, not conspiracy theories. i believe the rest of > us are here for the same reason. i'll take a hundred "how do i unsubscribe > posts" over the drivel that lists are reduced to when Mr. Anderson shifts > his fingers into high gear. > > this will be my only public post on the matter. I Doubt that. -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000 From michael.dillon at bt.com Fri Jul 20 04:36:58 2007 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Fri, 20 Jul 2007 09:36:58 +0100 Subject: [ppml] Tell me, Mr. Anderson, what good is a mailing list when we are unable to speak? In-Reply-To: References: <20070720012046.GP9951@elvis.mu.org> Message-ID: > I've documented and footnoted every claim > I make. > Oh, and by the way, I've been vindicated on the IETF issues > that I exposed. Hmmm... You seem to have slipped up on the footnotes this time. I can see nothing to indicate that you might have been vindicated. In any case, this list is for policy discussions, not personal attacks. If you think a BoT member is breaking the law, contact the police. If you think that a BoT member should not be on the board, then contact the other BoT members. If you think that ARIN should do something, then use the ARIN suggestion process. This list is for hashing out policy proposals which will be presented at ARIN public policy meetings. --Michael Dillon From info at arin.net Fri Jul 20 10:48:22 2007 From: info at arin.net (Member Services) Date: Fri, 20 Jul 2007 10:48:22 -0400 Subject: [ppml] Policy Proposal: Global Policy for the Allocation of the Remaining IPv4 Address Space Message-ID: <46A0CB36.7050201@arin.net> ARIN received the following policy proposal. In accordance with the ARIN Internet Resource Policy Evaluation Process, the proposal is being posted to the ARIN Public Policy Mailing List (PPML) and being placed on ARIN's website. The ARIN Advisory Council (AC) will review this proposal at their next regularly scheduled meeting. The AC may decide to: 1. Accept the proposal as a formal policy proposal as written. If the AC accepts the proposal, it will be posted as a formal policy proposal to PPML and it will be presented at a Public Policy Meeting. 2. Postpone their decision regarding the proposal until the next regularly scheduled AC meeting in order to work with the author. The AC will work with the author to clarify, combine or divide the proposal. At their following meeting the AC will accept or not accept the proposal. 3. Not accept the proposal. If the AC does not accept the proposal, the AC will explain their decision. If a proposal is not accepted, then the author may elect to use the petition process to advance their proposal. If the author elects not to petition or the petition fails, then the proposal will be closed. The AC will assign shepherds in the near future. ARIN will provide the names of the shepherds to the community via the PPML. In the meantime, the AC invites everyone to comment on this proposal on the PPML, particularly their support or non-support and the reasoning behind their opinion. Such participation contributes to a thorough vetting and provides important guidance to the AC in their deliberations. The ARIN Internet Resource Policy Evaluation Process can be found at: http://www.arin.net/policy/irpep.html Mailing list subscription information can be found at: http://www.arin.net/mailing_lists/ Regards, Member Services American Registry for Internet Numbers (ARIN) ## * ## Policy Proposal Name: Global Policy for the Allocation of the Remaining IPv4 Address Space Author: Roque Gagliano Co-authors: Francisco Obispo, Hytham EL Nakhal, Didier Allain Kla Proposal Version: v1 Submission Date: 07/17/2007 Proposal type: new Policy term: permanent Policy statement: This policy describes the process for the allocation of the remaining IPv4 space from IANA to the RIRs. When a minimum amount of available space is reached, an identical number of IPv4 allocation units (/8s) will be allocated from IANA to each RIR, replacing the current IPv4 allocation policy. In order to fulfill the requirements of this policy, at the time it is adopted, an identical number of IPv4 allocation units (N units) will be reserved by IANA for each RIR. The number N is defined as: 5. The reserved allocation units will no longer be part of the available space at the IANA pool. The process for the allocation of the remaining IPv4 space is divided in two consecutive phases: 1. Existing Policy Phase: During this phase IANA will continue allocating IPv4 addresses to the RIRs using the existing allocation policy. This phase will continue until a request for IPv4 address space from any RIR to IANA cannot be fulfilled with the remaining IPv4 space available at the IANA pool. This will be the last IPv4 address space request that IANA will accept from any RIR. At this point the next phase of the process will be initiated. 2. Exhaustion Phase: IANA will automatically allocate the reserved IPv4 allocation units to each RIR (N units to each one) and respond to the last request with the remaining available allocation units at the IANA pool (M units). 2.1. Size of the final IPv4 allocations: During this phase IANA will automatically allocate N allocation units to each RIR from the reserved space defined in this policy. IANA will also allocate M allocation units to the RIR that submitted the last request for IPv4 addresses. 2.2. Allocation of the remaining IPv4 Address space: After the completion of the evaluation of the final request for IPv4 addresses, IANA MUST: A) Immediately notify the NRO about the activation of the second phase of this policy. B) Proceed to allocate M allocation units to the RIR that submitted the last request for IPv4 address space. C) Proceed to allocate N allocation units to each RIR from the reserved space. Rationale: The IANA pool of allocation units of IPv4 addresses (/8s) is decreasing rapidly. A new policy is proposed to replace the current "on demand" policy in order to bring certainty on how the remaining space will be allocated. This policy eliminates the pressure on the remaining central pool of addresses by allocating equal amount of allocation units (N) to each RIR. RIR may be studying slow-landing policies or the possibility to reserve specific address spaces for "critical infrastructure" or new companies in order to comply with anti-trust regulations in its region. This policy allows each RIR to adopt those policies through its PDP, which is simpler than a global policy discussion process. Each RIR will have the exact information on the amount of address spaces that they will be receiving as a last allocation from the IANA. The policy is written in such a way that the discussion could be split in two sections: first do we agree on the concept of the policy and second what is the appropriate value for the last allocation units N. Timetable for implementation: This is a Global policy that needs to be approved by all RIRs and then ratified by ASO/ICANN. It has already reached consensus at LACNIC meeting. From info at arin.net Fri Jul 20 15:50:27 2007 From: info at arin.net (Member Services) Date: Fri, 20 Jul 2007 15:50:27 -0400 Subject: [ppml] ARIN Community Consultation - Participation Details Message-ID: <46A11203.8070505@arin.net> On Monday, 23 July, ARIN will open a community consultation following the guidelines in the ARIN Consultation and Suggestion Process. There will be one week of discussion followed by polling. The subject is improvements to ARIN WHOIS Directory Service. Consult at arin.net, an open and archived mailing list, will host the public discussion. Only list subscribers will be eligible to participate in the discussion and polling. Poll results will be publicly available and will be used by the ARIN President to help determine what course of action, if any, ARIN should take regarding the subject. The ACSP documentation is available at: http://www.arin.net/about_us/corp_docs/acsp.html Details on how to subscribe to consult at arin.net are available at: http://lists.arin.net/mailman/listinfo/consult We welcome community-wide participation. Please address any questions to info at arin.net. Regards, Member Services American Registry for Internet Numbers (ARIN) From billf at powerset.com Fri Jul 20 16:29:29 2007 From: billf at powerset.com (bill fumerola) Date: Fri, 20 Jul 2007 13:29:29 -0700 Subject: [ppml] Tell me, Mr. Anderson, what good is a mailing list when we are unable to speak? In-Reply-To: References: <01de01c7ca3d$79c507c0$6701a8c0@atlanta.polycom.com> Message-ID: <20070720202929.GS9951@elvis.mu.org> [ oops, reposting from my subscribed address. this is still my one and only post on the topic of not feeding the Vixie conspiracy troll ] On Thu, Jul 19, 2007 at 07:15:56PM -0400, Dean Anderson wrote: > I think one is a vixie crony when they associate with Vixie and his > other cronies. I've had enough dealing with you and Owen in other forums > to claim that you both are a Vixie cronies. If you don't like the > label, you should choose your associates more carefully. Stephen is a smart guy. Vixie is a smart guy. they both work in the same industry. it stands to reason that from time to time they would agree in common forums. i'm sure you have a twenty-page response brewing in your head linking mail headers, traceroutes, number resource registrations, list archives, case law, and god knows what else linking them. save it. every mail from you on every list i see you on (and to paraphrase you, "i've seen enough dealings with you in other forums") is some sort of conspiracy theory about how some Secret Internet Junto is harming you and/or your Very Important Business. at minimum, it's annoying. more topically, it's counter-productive. most of all, it's trolling of the highest order. you're really good at it, i will credit you with that. the IETF/IESG/etc has already had to deal with you for years. volunteer time has been wasted, the open process is threatened when people avoid the mailing lists and turn to private discussions to avoid the insane rants of trolls, and here we go again. same shit, different channel. http://search.yahoo.com/search?p=dean+anderson+av8+IETF-watch http://search.yahoo.com/search?p=dean+anderson+RFC+3683 List moderators: please consider this a request to review Mr. Anderson's posts against the charter of the list and take any and all appropriate actions. specifically, i'd ask to consider the personal attacks and accusations he makes towards members. consider the baseless inferences of wrongdoing towards members in good standing clearly trying to improve the policies of ARIN. List members: I apologize for keeping this on-list, but i hope that you will consider NOT taking the bait, doing a little research (look at the results from the above search URLs) and realizing the virtual thorn in the side that comes with Mr. Anderson's existance on any open policy & engineering lists. just ignore him. it's for the better. i want to talk policy, not conspiracy theories. i believe the rest of us are here for the same reason. i'll take a hundred "how do i unsubscribe posts" over the drivel that lists are reduced to when Mr. Anderson shifts his fingers into high gear. this will be my only public post on the matter. -- bill From info at arin.net Fri Jul 20 17:44:52 2007 From: info at arin.net (Member Services) Date: Fri, 20 Jul 2007 17:44:52 -0400 Subject: [ppml] Mailing List Syndication Message-ID: <004501c7cb17$348b4fe0$528888c0@arin.net> ARIN is now offering a Really Simple Syndication (RSS) feed of its Public Policy Mailing List (PPML) to make it easier for the community to follow the discussions about Internet number resource policy in the ARIN region. There are two feeds available; one contains all postings to PPML, while the second one contains only ARIN announcements to the list. ARIN announcements to the list include announcements of new policy proposals, the status of proposals as they make their way through the Internet Resource Policy Evaluation Process (IRPEP), and policy implementation announcements. Both of the feeds will be updated every time a message is submitted to the mailing list.. Information about these new feeds, and the existing RSS feed of all website announcements, is available at http://www.arin.net/rss.html. The RSS feed of all posts to PPML is available at http://lists.arin.net/pipermail/ppml/rss.xml The RSS feed of just ARIN announcements to PPML is available at http://lists.arin.net/pipermail/info/rss.xml ARIN hopes this effort proves useful to the community and feedback about this offering or suggestions on other methods of bringing content to the community are welcome at webmaster at arin.net. Regards, Member Services Department American Registry for Internet Numbers (ARIN) From tedm at ipinc.net Fri Jul 20 19:11:29 2007 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Fri, 20 Jul 2007 16:11:29 -0700 Subject: [ppml] Tell me, Mr. Anderson, what good is a mailing list when we are unable to speak? In-Reply-To: Message-ID: >-----Original Message----- >From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net]On Behalf Of >Dean Anderson >Sent: Thursday, July 19, 2007 8:14 PM >To: bill fumerola; ppml-owner at arin.net; ppml at arin.net >Subject: Re: [ppml] Tell me, Mr. Anderson, what good is a mailing list >when we are unable to speak? > > > >This isn't a "theory" of a conspiracy. This is actual harm, actual lies. > >The false claims are found at SORBS site. > >130.105/16 and 198.3.136/21 are not hijacked, yet we have an ARIN board >member (Vixie) who (through his associates) falsely claims they are. > >Oh, and by the way, I've been vindicated on the IETF issues that I >exposed. Stateful DNS Anycast was another Vixie scam (Vixie sells root >anycast clones), where they silenced the whistleblower. Root DNS has to >include TCP, and TCP isn't stable on anycast. The IETF misconduct >wasn't exclusive to me, either. JFC Morphin and Todd Glassey were also >silenced on dubious or unlawful grounds. Glassey blew the whistle on >undocumented copyright transfers, and was falsely accused of "spamming". >Morphin blew the whistle on language issues that were illegal in Europe, >and was silenced unlawfully. > >Bill Woodcock (another ARIN board member) was also involved in the >stateful anycast fraud that I exposed. And if you haven't noticed, the >people I've shown to have been involved in misconduct are resigning or >being replaced. > No, I haven't noticed - Russ Housley is still IETF chair, you have been complaining about him and the patented TLS issue for a couple years, now. Mind naming some names of people you've "outed" who are resigning? And as for the 130.105.36.66 being blocked, from what I can see that class A is being advertised with an AS belonging to a company that has a PO Box for an address, and your e-mail address using a domain name, av8.com that has no website. Looks pretty spammy to me! Don't you think you might possibly have just a bit more credibility if you had a street address and a website like every other normal company? Just a thought! And while you might think Aivation to be a clever play on the word Aviation, to the rest of us it just looks like a spelling error. My apologies to the rest of the list for feeding the troll. Ted From info at arin.net Mon Jul 23 11:04:54 2007 From: info at arin.net (Member Services) Date: Mon, 23 Jul 2007 11:04:54 -0400 Subject: [ppml] Call for Consultation: ARIN WHOIS Directory Services Message-ID: <46A4C396.3040006@arin.net> ARIN received a suggestion to allow CIDR style queries to the ARIN WHOIS directory service. In addition to this enhancement, ARIN would like to explore other possible modifications that the community desires. ARIN requests that you provide specific feedback as to what additional WHOIS enhancements would benefit you and why they are needed. Please submit your suggestions and feedback to the consult at arin.net. You can subscribe to the arin-consult mailing list at http://lists.arin.net/mailman/listinfo/consult. Discussion on consult at arin.net will close at noon ET 27 July. A poll on the topic will be conducted beginning Tuesday, 31 July. Only subscribers on the consult at arin.net list when the poll opens will be eligible to participate. Poll results will be publicly available and will be used by the ARIN President to help determine what course of action, if any, ARIN should take regarding the subject. The ARIN Consultation and Suggestion Process documentation is available at: http://www.arin.net/about_us/corp_docs/acsp.html We welcome community-wide participation. Please address any process questions to info at arin.net. Regards, Member Services American Registry for Internet Numbers (ARIN) From marla.azinger at frontiercorp.com Mon Jul 23 13:41:37 2007 From: marla.azinger at frontiercorp.com (Azinger, Marla) Date: Mon, 23 Jul 2007 13:41:37 -0400 Subject: [ppml] Policy Proposal: Global Policy for the Allocation of the Remaining IPv4 Address Space Message-ID: <454810F09B5AA04E9D78D13A5C39028A02A4C6FA@nyrofcs2ke2k01.corp.pvt> As this is written now, I am against this proposal. "N" needs to be defined. This would be like signing a blank check as it is written right now. Any chance the authors would be willing to define "N"? If revised and "N" is defined...I am not sure if I will be for or against this. I lean a little towards against becuase I lean toward "when we run out of IPv4, we run out. Let it run its course". However, the fact that there seems to be some type of a global effort to talk this through in policy...I debate supporting it. Cheers! Marla Frontier Communications -----Original Message----- From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net]On Behalf Of Member Services Sent: Friday, July 20, 2007 7:48 AM To: ppml at arin.net Subject: [ppml] Policy Proposal: Global Policy for the Allocation of the Remaining IPv4 Address Space ARIN received the following policy proposal. In accordance with the ARIN Internet Resource Policy Evaluation Process, the proposal is being posted to the ARIN Public Policy Mailing List (PPML) and being placed on ARIN's website. The ARIN Advisory Council (AC) will review this proposal at their next regularly scheduled meeting. The AC may decide to: 1. Accept the proposal as a formal policy proposal as written. If the AC accepts the proposal, it will be posted as a formal policy proposal to PPML and it will be presented at a Public Policy Meeting. 2. Postpone their decision regarding the proposal until the next regularly scheduled AC meeting in order to work with the author. The AC will work with the author to clarify, combine or divide the proposal. At their following meeting the AC will accept or not accept the proposal. 3. Not accept the proposal. If the AC does not accept the proposal, the AC will explain their decision. If a proposal is not accepted, then the author may elect to use the petition process to advance their proposal. If the author elects not to petition or the petition fails, then the proposal will be closed. The AC will assign shepherds in the near future. ARIN will provide the names of the shepherds to the community via the PPML. In the meantime, the AC invites everyone to comment on this proposal on the PPML, particularly their support or non-support and the reasoning behind their opinion. Such participation contributes to a thorough vetting and provides important guidance to the AC in their deliberations. The ARIN Internet Resource Policy Evaluation Process can be found at: http://www.arin.net/policy/irpep.html Mailing list subscription information can be found at: http://www.arin.net/mailing_lists/ Regards, Member Services American Registry for Internet Numbers (ARIN) ## * ## Policy Proposal Name: Global Policy for the Allocation of the Remaining IPv4 Address Space Author: Roque Gagliano Co-authors: Francisco Obispo, Hytham EL Nakhal, Didier Allain Kla Proposal Version: v1 Submission Date: 07/17/2007 Proposal type: new Policy term: permanent Policy statement: This policy describes the process for the allocation of the remaining IPv4 space from IANA to the RIRs. When a minimum amount of available space is reached, an identical number of IPv4 allocation units (/8s) will be allocated from IANA to each RIR, replacing the current IPv4 allocation policy. In order to fulfill the requirements of this policy, at the time it is adopted, an identical number of IPv4 allocation units (N units) will be reserved by IANA for each RIR. The number N is defined as: 5. The reserved allocation units will no longer be part of the available space at the IANA pool. The process for the allocation of the remaining IPv4 space is divided in two consecutive phases: 1. Existing Policy Phase: During this phase IANA will continue allocating IPv4 addresses to the RIRs using the existing allocation policy. This phase will continue until a request for IPv4 address space from any RIR to IANA cannot be fulfilled with the remaining IPv4 space available at the IANA pool. This will be the last IPv4 address space request that IANA will accept from any RIR. At this point the next phase of the process will be initiated. 2. Exhaustion Phase: IANA will automatically allocate the reserved IPv4 allocation units to each RIR (N units to each one) and respond to the last request with the remaining available allocation units at the IANA pool (M units). 2.1. Size of the final IPv4 allocations: During this phase IANA will automatically allocate N allocation units to each RIR from the reserved space defined in this policy. IANA will also allocate M allocation units to the RIR that submitted the last request for IPv4 addresses. 2.2. Allocation of the remaining IPv4 Address space: After the completion of the evaluation of the final request for IPv4 addresses, IANA MUST: A) Immediately notify the NRO about the activation of the second phase of this policy. B) Proceed to allocate M allocation units to the RIR that submitted the last request for IPv4 address space. C) Proceed to allocate N allocation units to each RIR from the reserved space. Rationale: The IANA pool of allocation units of IPv4 addresses (/8s) is decreasing rapidly. A new policy is proposed to replace the current "on demand" policy in order to bring certainty on how the remaining space will be allocated. This policy eliminates the pressure on the remaining central pool of addresses by allocating equal amount of allocation units (N) to each RIR. RIR may be studying slow-landing policies or the possibility to reserve specific address spaces for "critical infrastructure" or new companies in order to comply with anti-trust regulations in its region. This policy allows each RIR to adopt those policies through its PDP, which is simpler than a global policy discussion process. Each RIR will have the exact information on the amount of address spaces that they will be receiving as a last allocation from the IANA. The policy is written in such a way that the discussion could be split in two sections: first do we agree on the concept of the policy and second what is the appropriate value for the last allocation units N. Timetable for implementation: This is a Global policy that needs to be approved by all RIRs and then ratified by ASO/ICANN. It has already reached consensus at LACNIC meeting. _______________________________________________ This message sent to you through the ARIN Public Policy Mailing List (PPML at arin.net). Manage your mailing list subscription at: http://lists.arin.net/mailman/listinfo/ppml From rgaglian at antel.net.uy Mon Jul 23 13:48:53 2007 From: rgaglian at antel.net.uy (Roque Gagliano) Date: Mon, 23 Jul 2007 14:48:53 -0300 Subject: [ppml] Policy Proposal: Global Policy for the Allocation of the Remaining IPv4 Address Space In-Reply-To: <454810F09B5AA04E9D78D13A5C39028A02A4C6FA@nyrofcs2ke2k01.corp.pvt> References: <454810F09B5AA04E9D78D13A5C39028A02A4C6FA@nyrofcs2ke2k01.corp.pvt> Message-ID: <1185212933.9336.6.camel@jessy.antel.net.uy> Hi, As it is state in the policy: The number N is defined as: 5. That is what is been proposed and has been approved at LACNIC meeting. Regards, Roque On Mon, 2007-07-23 at 13:41 -0400, Azinger, Marla wrote: > The number N is defined as: 5. -- ------------------------------------------------------------- Roque Gagliano ANTEL - URUGUAY rgaglian at antel.net.uy -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: From marla.azinger at frontiercorp.com Mon Jul 23 13:52:12 2007 From: marla.azinger at frontiercorp.com (Azinger, Marla) Date: Mon, 23 Jul 2007 13:52:12 -0400 Subject: [ppml] Policy Proposal: Global Policy for the Allocation ofthe Remaining IPv4 Address Space Message-ID: <454810F09B5AA04E9D78D13A5C39028A02A4C6FB@nyrofcs2ke2k01.corp.pvt> Thank you for the correction. I missed that somehow! Cheers! Marla -----Original Message----- From: Roque Gagliano [mailto:rgaglian at antel.net.uy] Sent: Monday, July 23, 2007 10:49 AM To: Azinger, Marla Cc: Member Services; ppml at arin.net Subject: Re: [ppml] Policy Proposal: Global Policy for the Allocation ofthe Remaining IPv4 Address Space Hi, As it is state in the policy: The number N is defined as: 5. That is what is been proposed and has been approved at LACNIC meeting. Regards, Roque On Mon, 2007-07-23 at 13:41 -0400, Azinger, Marla wrote: > The number N is defined as: 5. -- ------------------------------------------------------------- Roque Gagliano ANTEL - URUGUAY rgaglian at antel.net.uy From andrew.dul at quark.net Mon Jul 23 15:06:17 2007 From: andrew.dul at quark.net (=?iso-8859-1?Q?Andrew=20Dul?=) Date: Mon, 23 Jul 2007 11:06:17 -0800 Subject: [ppml] Policy Proposal: Global Policy for the Allocation of the Remaining IPv4 Address Space Message-ID: <20070723190617.3784.qmail@hoster908.com> > ## * ## > > > Policy Proposal Name: Global Policy for the Allocation of the Remaining > IPv4 Address Space > > This policy describes the process for the allocation of the > remaining IPv4 space from IANA to the RIRs. When a minimum amount of > available space is reached, an identical number of IPv4 allocation units > (/8s) will be allocated from IANA to each RIR, replacing the current > IPv4 allocation policy. > > In order to fulfill the requirements of this policy, at the time it > is adopted, an identical number of IPv4 allocation units (N units) will > be reserved by IANA for each RIR. The number N is defined as: 5. > The reserved allocation units will no longer be part of the available > space at the IANA pool. The process for the allocation of the remaining > IPv4 space is divided in two consecutive phases: > I'm not sure this policy is necessary. I don't specifically think there is anything wrong with the current policy. RIRs could develop their own "end of IPv4 allocation schemes" even if the IANA to RIR policy was not changed. RIRs use IPv4 resources at different rates due to the different sizes of the communities they represent. This policy will artificially extend the availability in some of IPv4 resources in some RIR's, that could lead to RIR shopping. I do not support this policy as currently written. Andrew From arin-contact at dirtside.com Mon Jul 23 15:11:42 2007 From: arin-contact at dirtside.com (William Herrin) Date: Mon, 23 Jul 2007 15:11:42 -0400 Subject: [ppml] Policy Proposal: Global Policy for the Allocation of the Remaining IPv4 Address Space In-Reply-To: <1185212933.9336.6.camel@jessy.antel.net.uy> References: <454810F09B5AA04E9D78D13A5C39028A02A4C6FA@nyrofcs2ke2k01.corp.pvt> <1185212933.9336.6.camel@jessy.antel.net.uy> Message-ID: <3c3e3fca0707231211t4933d81fn2cc2e9169a2fb88@mail.gmail.com> Hi Roque, A predictable final allocation at the endgame seems reasonable. What are the current rates of consumption for each RIR? What is the size of the connected, partially connected and unconnected populations they serve? Is the scope of each RIR's community well balanced with the other RIRs? If not, I wonder if assigning them each the same final number of /8's can be considered egalitarian. I suppose that question could be mooted by setting N=1 though that would weaken the proposal in other ways. Regards, Bill Herrin On 7/23/07, Roque Gagliano wrote: > Hi, > > As it is state in the policy: The number N is defined as: 5. > > That is what is been proposed and has been approved at LACNIC meeting. > > Regards, > Roque -- William D. Herrin herrin at dirtside.com bill at herrin.us 3005 Crane Dr. Web: Falls Church, VA 22042-3004 From michael.dillon at bt.com Mon Jul 23 15:35:08 2007 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Mon, 23 Jul 2007 20:35:08 +0100 Subject: [ppml] Policy Proposal: Global Policy for the Allocation of theRemaining IPv4 Address Space In-Reply-To: <3c3e3fca0707231211t4933d81fn2cc2e9169a2fb88@mail.gmail.com> References: <454810F09B5AA04E9D78D13A5C39028A02A4C6FA@nyrofcs2ke2k01.corp.pvt><1185212933.9336.6.camel@jessy.antel.net.uy> <3c3e3fca0707231211t4933d81fn2cc2e9169a2fb88@mail.gmail.com> Message-ID: > A predictable final allocation at the endgame seems reasonable. Reasonable? When we hit the IPv4 exhaustion point, some organizations will be unable to obtain the IPv4 addresses that they need to continue growing the network. This policy propsal brings that point forward so that IPv4 exhaustion will happen sooner. They propose that 25 /8's be reserved for this special endgame. This means that when we reach T minus 25 /8's, some organizations will be unable to obtain the IPv4 addresses that they need to continue growing the network. Perhaps it will be fewer organizations? Or perhaps it will be more because people will not be as far along their IPv6 deplyoment. We know that IPv4 exhaustion is not a brick wall because problems will be caused by events that happen before total exhaustion. This policy proposal plans to make that chaos happen sooner, when we are less prepared to deal with it. This is a bad, bad policy and we need to soundly reject it. --Michael Dillon From bicknell at ufp.org Mon Jul 23 15:55:38 2007 From: bicknell at ufp.org (Leo Bicknell) Date: Mon, 23 Jul 2007 15:55:38 -0400 Subject: [ppml] Policy Proposal: Global Policy for the Allocation of the Remaining IPv4 Address Space In-Reply-To: <3c3e3fca0707231211t4933d81fn2cc2e9169a2fb88@mail.gmail.com> References: <454810F09B5AA04E9D78D13A5C39028A02A4C6FA@nyrofcs2ke2k01.corp.pvt> <1185212933.9336.6.camel@jessy.antel.net.uy> <3c3e3fca0707231211t4933d81fn2cc2e9169a2fb88@mail.gmail.com> Message-ID: <20070723195538.GB87943@ussenterprise.ufp.org> In a message written on Mon, Jul 23, 2007 at 03:11:42PM -0400, William Herrin wrote: > What are the current rates of consumption for each RIR? What is the http://www.potaroo.net/tools/ipv4/ Figure Figure 28 is probably the most interesting. At the extremes, AfriNIC is around 1 /8 per year right now, where as ARIN is 3 /8's per year. Also note that they are projected to grow at quite a different rate. (I believe this graph is in /8's per month, although the y-axis is not labeled. This is based on comparing it with other graphs on the site.) Thus giving ARIN 5 /8's would be perhaps 18 months, while for AfriNIC it would be a 5 year supply. The more interesting question is what would happen after 18 months. Would companies that are in both the ARIN region and AfriNIC region today that may prefer ARIN due to their own history start to make new requests of AfriNIC? Do the policies require space to be used in the region where it is requested? Would they be able to staff up? APNIC is actually projected to have the highest need going forward, might this leave them with less than a year of space when it comes to pass? -- Leo Bicknell - bicknell at ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ Read TMBG List - tmbg-list-request at tmbg.org, www.tmbg.org -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available URL: From stephen at sprunk.org Mon Jul 23 16:28:08 2007 From: stephen at sprunk.org (Stephen Sprunk) Date: Mon, 23 Jul 2007 15:28:08 -0500 Subject: [ppml] Policy Proposal: Global Policy for the Allocation oftheRemaining IPv4 Address Space References: <454810F09B5AA04E9D78D13A5C39028A02A4C6FA@nyrofcs2ke2k01.corp.pvt><1185212933.9336.6.camel@jessy.antel.net.uy><3c3e3fca0707231211t4933d81fn2cc2e9169a2fb88@mail.gmail.com> Message-ID: <023701c7cd6c$0a927180$613816ac@atlanta.polycom.com> Thus spake > We know that IPv4 exhaustion is not a brick wall because problems > will be caused by events that happen before total exhaustion. This > policy proposal plans to make that chaos happen sooner, when we > are less prepared to deal with it. I find no reason to believe that we will be any better prepared to deal with exhaustion if it's delayed. We've made remarkably little progress in deploying IPv6 over the last decade, and that doesn't appear to be likely to change until IPv4 exhaustion, whether real or artificial, is actually reached. > This is a bad, bad policy and we need to soundly reject it. On that, we agree. Allocating v4 space to RIRs that haven't asked for it, and particularly the same amount of space to RIRs with significantly different burn rates, doesn't make sense. I will say that I find this proposal to be less bad than the "countdown" proposal. S Stephen Sprunk "Those people who think they know everything CCIE #3723 are a great annoyance to those of us who do." K5SSS --Isaac Asimov From stephen at sprunk.org Mon Jul 23 16:28:07 2007 From: stephen at sprunk.org (Stephen Sprunk) Date: Mon, 23 Jul 2007 15:28:07 -0500 Subject: [ppml] Policy Proposal: Global Policy for the Allocation oftheRemaining IPv4 Address Space References: <454810F09B5AA04E9D78D13A5C39028A02A4C6FA@nyrofcs2ke2k01.corp.pvt><1185212933.9336.6.camel@jessy.antel.net.uy><3c3e3fca0707231211t4933d81fn2cc2e9169a2fb88@mail.gmail.com> Message-ID: <023601c7cd6c$0a75c1c0$613816ac@atlanta.polycom.com> Thus spake > We know that IPv4 exhaustion is not a brick wall because problems > will be caused by events that happen before total exhaustion. This > policy proposal plans to make that chaos happen sooner, when we > are less prepared to deal with it. I find no reason to believe that we will be any better prepared to deal with exhaustion if it's delayed. We've made remarkably little progress in deploying IPv6 over the last decade, and that doesn't appear to be likely to change until IPv4 exhaustion, whether real or artificial, is actually reached. > This is a bad, bad policy and we need to soundly reject it. On that, we agree. Allocating v4 space to RIRs that haven't asked for it, and particularly the same amount of space to RIRs with significantly different burn rates, doesn't make sense. I will say that I find this proposal to be less bad than the "countdown" proposal. S Stephen Sprunk "Those people who think they know everything CCIE #3723 are a great annoyance to those of us who do." K5SSS --Isaac Asimov From rgaglian at antel.net.uy Mon Jul 23 17:17:37 2007 From: rgaglian at antel.net.uy (Roque Gagliano) Date: Mon, 23 Jul 2007 18:17:37 -0300 Subject: [ppml] Policy Proposal: Global Policy for the Allocation of theRemaining IPv4 Address Space In-Reply-To: References: <454810F09B5AA04E9D78D13A5C39028A02A4C6FA@nyrofcs2ke2k01.corp.pvt> <1185212933.9336.6.camel@jessy.antel.net.uy> <3c3e3fca0707231211t4933d81fn2cc2e9169a2fb88@mail.gmail.com> Message-ID: <1185225457.9336.36.camel@jessy.antel.net.uy> Hi, here are my answers... > When we hit the IPv4 exhaustion point, some organizations will be unable > to obtain the IPv4 addresses that they need to continue growing the > network. This policy propsal brings that point forward so that IPv4 > exhaustion will happen sooner. They propose that 25 /8's be reserved for > this special endgame. 25 x /8 is a proposition, we can come out of this discussion with 20, 15 x /8s, etc. > This means that when we reach T minus 25 /8's, > some organizations will be unable to obtain the IPv4 addresses that they > need to continue growing the network. Not true. At that time the RIR will received their last allocations. If there are not policies changes at the RIRs, organizations will continue to receive allocations as usual untill its RIR pool is exhausted. However, each RIR will be able to have their own "soft landing" policies or any policies to sub-allocate with this "last allocation". > > Perhaps it will be fewer organizations? Or perhaps it will be more > because people will not be as far along their IPv6 deplyoment. We know > that IPv4 exhaustion is not a brick wall because problems will be caused > by events that happen before total exhaustion. This policy proposal > plans to make that chaos happen sooner, when we are less prepared to > deal with it. How sooner? 10 months? 12 months? that is why this policies helps each RIR to focus on their communities needs when the central IPv4 pool is emptying. > > This is a bad, bad policy and we need to soundly reject it. > > --Michael Dillon > _______________________________________________ > This message sent to you through the ARIN Public Policy Mailing List > (PPML at arin.net). > Manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml -- ------------------------------------------------------------- Roque Gagliano ANTEL - URUGUAY rgaglian at antel.net.uy -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: From Alain_Durand at cable.comcast.com Mon Jul 23 17:27:36 2007 From: Alain_Durand at cable.comcast.com (Durand, Alain) Date: Mon, 23 Jul 2007 17:27:36 -0400 Subject: [ppml] Policy Proposal: Global Policy for the Allocationof theRemaining IPv4 Address Space In-Reply-To: <1185225457.9336.36.camel@jessy.antel.net.uy> Message-ID: > -----Original Message----- > From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On > Behalf Of Roque Gagliano > > > When we hit the IPv4 exhaustion point, some organizations will be > > unable to obtain the IPv4 addresses that they need to > continue growing > > the network. This policy propsal brings that point forward so that > > IPv4 exhaustion will happen sooner. They propose that 25 /8's be > > reserved for this special endgame. > > 25 x /8 is a proposition, we can come out of this discussion > with 20, 15 x /8s, etc. This is one major issue with the current policy proposal. It neither defines the **value** of N (Nx5 is the floor) nor the **process** to decide a value for N. The way it is written, this will be the equivalent of signing a blank check. This proposal would be more palatable if it were to be rewritten with a specific value of N. Say N=1, N=1.5, N=2,... Then we could understand and discuss the practical effect of this proposal, ie how much 'waste' (or delayed used) this introduce and how much to the left does this push the cliff... As a side note, this proposal is revisiting one of the major tenet of IP allocation: demonstated need. IMHO, this is setting a fairly dangerous precendent, as it could be reuse in each region by saying: let's re-divide whatever the local RIR has equaly among its member... - Alain. From christopher.morrow at gmail.com Mon Jul 23 17:51:22 2007 From: christopher.morrow at gmail.com (Christopher Morrow) Date: Mon, 23 Jul 2007 17:51:22 -0400 Subject: [ppml] Policy Proposal: Global Policy for the Allocation of theRemaining IPv4 Address Space In-Reply-To: <1185225457.9336.36.camel@jessy.antel.net.uy> References: <454810F09B5AA04E9D78D13A5C39028A02A4C6FA@nyrofcs2ke2k01.corp.pvt> <1185212933.9336.6.camel@jessy.antel.net.uy> <3c3e3fca0707231211t4933d81fn2cc2e9169a2fb88@mail.gmail.com> <1185225457.9336.36.camel@jessy.antel.net.uy> Message-ID: <75cb24520707231451r265b9f4ft12f46ce375e8cc19@mail.gmail.com> On 7/23/07, Roque Gagliano wrote: > > Perhaps it will be fewer organizations? Or perhaps it will be more > > because people will not be as far along their IPv6 deplyoment. We know > > that IPv4 exhaustion is not a brick wall because problems will be caused > > by events that happen before total exhaustion. This policy proposal > > plans to make that chaos happen sooner, when we are less prepared to > > deal with it. > > How sooner? 10 months? 12 months? that is why this policies helps each > RIR to focus on their communities needs when the central IPv4 pool is > emptying. I'm confused by most of these 'soft landing' sorts of proposals. These basically all have the side effect of bringing the end-date closer to 'now'. I'm not sure that this is in anyway helpful. If people are not aware already of some end-date for ability to get new allocations from RIR's moving the date closer certainly isn't going to help them out... Exhaustion of ipv4 space has been discussed for near 15 years at this point, how are any of these proposals going to help? In short, I don't support this proposal anymore than the last ones of it's ilk. -Chris From schiller at uu.net Mon Jul 23 17:56:35 2007 From: schiller at uu.net (Jason Schiller) Date: Mon, 23 Jul 2007 17:56:35 -0400 (EDT) Subject: [ppml] Policy Proposal: Global Policy for the Allocation of theRemaining IPv4 Address Space In-Reply-To: <1185225457.9336.36.camel@jessy.antel.net.uy> Message-ID: I am trying to understand what is the desired effect of this policy. As far as I can tell, the goal of this policy is to assign the last chunk of IP addresses to each of the RIRs in order to accomplish two things. 1. Allow each RIR to be certain about how much of the remaing space they have. 2. Give each RIR time to implement new policy to make the runout more managable. If that is the case, then does it make more sense to talk in units of 18-month supply of addresses instead of number of /8s? For example, when IANA has only a 36 month supply of IPv4 addresses, IANA will automatically allocate a 36 month supply of addresses to each RIR based on the current demand of each RIR. (maybe round up to the nearest /8) This does three things. 1. It addresses Alain's concerns about justified need. 2. It give all RIRs a roughly equal amount of time to craft their individual policies. 3. It will minimize the amount of time where one RIR is exhausted and demand rushes to the remaining RIRs. (not sure if this is a concern) __Jason On Mon, 23 Jul 2007, Roque Gagliano wrote: > > This means that when we reach T minus 25 /8's, > > some organizations will be unable to obtain the IPv4 addresses that they > > need to continue growing the network. > > Not true. At that time the RIR will received their last allocations. If > there are not policies changes at the RIRs, organizations will continue > to receive allocations as usual untill its RIR pool is exhausted. > However, each RIR will be able to have their own "soft landing" policies > or any policies to sub-allocate with this "last allocation". > On Fri, 20 Jul 2007, Member Services wrote: > Rationale: > > The IANA pool of allocation units of IPv4 addresses (/8s) is decreasing > rapidly. A new policy is proposed to replace the current "on demand" > policy in order to bring certainty on how the remaining space will be > allocated. This policy eliminates the pressure on the remaining central > pool of addresses by allocating equal amount of allocation units (N) to > each RIR. On Mon, 23 Jul 2007, Durand, Alain wrote: > As a side note, this proposal is revisiting one of the major tenet > of IP allocation: demonstated need. IMHO, this is setting a > fairly dangerous precendent, as it could be reuse in each region > by saying: let's re-divide whatever the local RIR has equaly among its > member... On Mon, 23 Jul 2007, Leo Bicknell wrote: > http://www.potaroo.net/tools/ipv4/ > > Figure Figure 28 is probably the most interesting. At the extremes, > AfriNIC is around 1 /8 per year right now, where as ARIN is 3 /8's > per year. Also note that they are projected to grow at quite a > different rate. (I believe this graph is in /8's per month, although > the y-axis is not labeled. This is based on comparing it with other > graphs on the site.) > > Thus giving ARIN 5 /8's would be perhaps 18 months, while for AfriNIC > it would be a 5 year supply. From sleibrand at internap.com Mon Jul 23 18:20:30 2007 From: sleibrand at internap.com (Scott Leibrand) Date: Mon, 23 Jul 2007 15:20:30 -0700 Subject: [ppml] Policy Proposal: Global Policy for the Allocation of theRemaining IPv4 Address Space In-Reply-To: References: Message-ID: <46A529AE.1050406@internap.com> I would agree with Jason that dividing the last IPv4 space based on run-rate would be more equitable than giving out the same number of /8's to each RIR, regardless of how long it would take them to use them. If this policy were revised in the direction of Jason's suggestions, it would seem to me to be a good way to provide certainty around IP space availability to the RIRs as exhaustion nears, and allow each RIR time to implement appropriate policies to exercise stewardship over a defined quantity of remaining space. However, I think the proposal, as written, could make things worse, by moving up the exhaustion date for larger RIRs (those with a higher rate of IPv4 allocation) while extending it for smaller ones. -Scott Jason Schiller wrote: > I am trying to understand what is the desired effect of this policy. As > far as I can tell, the goal of this policy is to assign the last chunk of > IP addresses to each of the RIRs in order to accomplish two things. > > 1. Allow each RIR to be certain about how much of the remaing space they > have. > > 2. Give each RIR time to implement new policy to make the runout more > managable. > > If that is the case, then does it make more sense to talk in units of > 18-month supply of addresses instead of number of /8s? For example, when > IANA has only a 36 month supply of IPv4 addresses, IANA will automatically > allocate a 36 month supply of addresses to each RIR based on the current > demand of each RIR. (maybe round up to the nearest /8) > > This does three things. > 1. It addresses Alain's concerns about justified need. > 2. It give all RIRs a roughly equal amount of time to craft their > individual policies. > 3. It will minimize the amount of time where one RIR is exhausted and > demand rushes to the remaining RIRs. (not sure if this is a concern) > > __Jason > > On Mon, 23 Jul 2007, Roque Gagliano wrote: > > >>> This means that when we reach T minus 25 /8's, >>> some organizations will be unable to obtain the IPv4 addresses that they >>> need to continue growing the network. >>> >> Not true. At that time the RIR will received their last allocations. If >> there are not policies changes at the RIRs, organizations will continue >> to receive allocations as usual untill its RIR pool is exhausted. >> However, each RIR will be able to have their own "soft landing" policies >> or any policies to sub-allocate with this "last allocation". >> >> > > On Fri, 20 Jul 2007, Member Services wrote: > > >> Rationale: >> >> The IANA pool of allocation units of IPv4 addresses (/8s) is decreasing >> rapidly. A new policy is proposed to replace the current "on demand" >> policy in order to bring certainty on how the remaining space will be >> allocated. This policy eliminates the pressure on the remaining central >> pool of addresses by allocating equal amount of allocation units (N) to >> each RIR. >> > > > On Mon, 23 Jul 2007, Durand, Alain wrote: > > >> As a side note, this proposal is revisiting one of the major tenet >> of IP allocation: demonstated need. IMHO, this is setting a >> fairly dangerous precendent, as it could be reuse in each region >> by saying: let's re-divide whatever the local RIR has equaly among its >> member... >> > > > On Mon, 23 Jul 2007, Leo Bicknell wrote: > > >> http://www.potaroo.net/tools/ipv4/ >> >> Figure Figure 28 is probably the most interesting. At the extremes, >> AfriNIC is around 1 /8 per year right now, where as ARIN is 3 /8's >> per year. Also note that they are projected to grow at quite a >> different rate. (I believe this graph is in /8's per month, although >> the y-axis is not labeled. This is based on comparing it with other >> graphs on the site.) >> >> Thus giving ARIN 5 /8's would be perhaps 18 months, while for AfriNIC >> it would be a 5 year supply. >> > > > > > > > > _______________________________________________ > This message sent to you through the ARIN Public Policy Mailing List > (PPML at arin.net). > Manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml > From tedm at ipinc.net Mon Jul 23 19:00:46 2007 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Mon, 23 Jul 2007 16:00:46 -0700 Subject: [ppml] Policy Proposal: Global Policy for the Allocation of theRemaining IPv4 Address Space In-Reply-To: <3c3e3fca0707231211t4933d81fn2cc2e9169a2fb88@mail.gmail.com> Message-ID: >-----Original Message----- >From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net]On Behalf Of >William Herrin >Sent: Monday, July 23, 2007 12:12 PM >To: Roque Gagliano >Cc: ppml at arin.net >Subject: Re: [ppml] Policy Proposal: Global Policy for the Allocation of >theRemaining IPv4 Address Space > > >Hi Roque, > >A predictable final allocation at the endgame seems reasonable. > I agree >What are the current rates of consumption for each RIR? What is the >size of the connected, partially connected and unconnected populations >they serve? > Exactly. After looking at this proposal what I can't exactly understand is how is it any different than a policy requiring IANA to issue reports at 2 month intervals to each RIR on the amount of IPv4 left for allocation, and their projected runout date for that RIR, once IANA's forcasts indicate that there is less than two years worth of IPv4 overall. In other words, suppose IANA has 50 /8's left in 2008 RIR #1 is consuming /8's at 1 a year RIR #2 is consuming /8's at 2 a year RIR #3 is consuming /8's at 5 a year Total consumption is 9 /8s a year 50/9 = 5 years left, thus runout in 2013 So in 2008 the projection indicates that in 2013 there will be 9 /8's left and RIR #3 will runout in February 2013, RIR #2 will runout in June 2013, RIR#1 will run out in September 2013. If runout rates change per RIR in 2009, then in 2009 the projections will be different of course. As runout is closer then runout rates will most likely change, thus the need for more frequent projections. Is there some fault in my mathematics? Ted From jordi.palet at consulintel.es Mon Jul 23 19:20:12 2007 From: jordi.palet at consulintel.es (JORDI PALET MARTINEZ) Date: Mon, 23 Jul 2007 18:20:12 -0500 Subject: [ppml] Policy Proposal: Global Policy for the Allocationof theRemaining IPv4 Address Space In-Reply-To: Message-ID: Hi, This is about the same type of comments I did in the last LACNIC meeting (May) when this proposal was presented. 1) You can never be fair with different regions fixing a distribution of addressing space that doesn't correlate to something "fixable", instead of looking into utilization. 2) You can't decide up-front that 5 /8s make sense for this, especially because being a global policy they need to be approved with the same text in all the 5 RIRs, and the time may take to agree on that, may be 25 /8 are no longer available. So I suggested to use a formula for N. 3) I think this type of policies, if approved in all the regions, which I doubt, will be against the regions that promote them by different reasons, for example, "granting" them more time to keep going with IPv4 while the rest of the world will be moving to IPv6. 4) Last, but not least, I'm against policies that try to change the natural trends of existing allocations. They don't make sense. Time is short and we should, instead of wasting time, use ALL those extra time-slices that each one of us has, in moving to IPv6. I've indeed analyzed all this kind of policy proposals and other ways of mitigating the IPv4 exhaustion in a paper that you can find at http://www.ipv6tf.org/index.php?page=news/newsroom&id=3004. Regards, Jordi > De: "Durand, Alain" > Responder a: > Fecha: Mon, 23 Jul 2007 17:27:36 -0400 > Para: Roque Gagliano > CC: > Conversaci?n: [ppml] Policy Proposal: Global Policy for the Allocationof > theRemaining IPv4 Address Space > Asunto: Re: [ppml] Policy Proposal: Global Policy for the Allocationof > theRemaining IPv4 Address Space > > > >> -----Original Message----- >> From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On >> Behalf Of Roque Gagliano >> >>> When we hit the IPv4 exhaustion point, some organizations will be >>> unable to obtain the IPv4 addresses that they need to >> continue growing >>> the network. This policy propsal brings that point forward so that >>> IPv4 exhaustion will happen sooner. They propose that 25 /8's be >>> reserved for this special endgame. >> >> 25 x /8 is a proposition, we can come out of this discussion >> with 20, 15 x /8s, etc. > > This is one major issue with the current policy proposal. > It neither defines the **value** of N (Nx5 is the floor) nor > the **process** to decide a value for N. > > The way it is written, this will be the equivalent of > signing a blank check. This proposal would be more > palatable if it were to be rewritten with a specific > value of N. Say N=1, N=1.5, N=2,... > > Then we could understand and discuss the practical effect of this > proposal, > ie how much 'waste' (or delayed used) this introduce and how much > to the left does this push the cliff... > > As a side note, this proposal is revisiting one of the major tenet > of IP allocation: demonstated need. IMHO, this is setting a > fairly dangerous precendent, as it could be reuse in each region > by saying: let's re-divide whatever the local RIR has equaly among its > member... > > - Alain. > _______________________________________________ > This message sent to you through the ARIN Public Policy Mailing List > (PPML at arin.net). > Manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml ********************************************** The IPv6 Portal: http://www.ipv6tf.org Bye 6Bone. Hi, IPv6 ! http://www.ipv6day.org This electronic message contains information which may be privileged or confidential. The information is intended to be for the use of the individual(s) named above. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, including attached files, is prohibited. From dean at av8.com Mon Jul 23 20:31:56 2007 From: dean at av8.com (Dean Anderson) Date: Mon, 23 Jul 2007 20:31:56 -0400 (EDT) Subject: [ppml] Tell me, Mr. Anderson, what good is a mailing list when we are unable to speak? In-Reply-To: Message-ID: This subject should be "Why should you be allowed to speak untruths without being challenged? On Fri, 20 Jul 2007 michael.dillon at bt.com wrote: > > I've documented and footnoted every claim > > I make. > > > Oh, and by the way, I've been vindicated on the IETF issues > > that I exposed. > > Hmmm... You seem to have slipped up on the footnotes this time. I can > see nothing to indicate that you might have been vindicated. Yeah, I don't have a page that says "Dean was right". But if you were actually interested in the facts and following the various issues, you'd know that I was vindicated. http://www.av8.net/IETF-watch should provide a good source of footnotes for you. As IESG member Sam Hartman said of the Anycast issue: "I think that the area director [David Kessens --ed] chose to play hard enough ball that the process can no longer be considered open and that the IESG erred in supporting this process and approving the document. "In particular, I believe that last call comments from Dean Anderson, Sam Hartman, Lars Eggert, Eric Rescorla and David Oran were not given due consideration. [...]" The full text is a good read. https://datatracker.ietf.org/idtracker/draft-ietf-grow-anycast/comment/57703/? Hardball isn't an honest or fair process. I won't pretend to think you're actually interested in facts about Anycast, but I have and anyone can detect Anycasted recursors. That means that TCP can "detect" anycast services, and so stateful Anycast isn't stable. Also, a root DNS failure was just reported on Nanog. [BGP Anycast has a problem with BGP convergence delay--this is a known problem with BGP anycast. "Oops."] So, we have an unfair process, and technical vindication of my assertions about Anycast. There's more, but I'd say that's pretty vindicated. I haven't said my business is any more important than anyone elses. I have never used the phrase "Secret Hunta". What I have demanded and have a right to expect, as everyone else has a right to demand and expect, is a fair and honest administration of quasi-governmental organizations. We all have a right to fair and honest public officials and directors of quasi-governmental bodies including ARIN and the ISOC/IETF. Overwhelmingly, people were against silencing anyone at the IETF. Yet the IESG still reported a "consensus" approving a silencing of valid disputes of science and fact. Playing hardball with science is never going to win. The question is why would people play hardball with science? What would possibly motivate that behavior? People with high ethical standards and integrity do not associate with other people who are known to lie regarding serious issues---Serious issues such as operation of a blacklist blocking hijacked IP address space. That is relevant to any question of ethics or integrity, of say, an ARIN Board member. > In any case, this list is for policy discussions, not personal > attacks. Thats right. But _I_ haven't prevented anyone speaking. That is a false charge. _I_ haven't asked to have anyone prevented from speaking. And _I_ didn't change the subject to have your name in it the with false assertions of preventing anyone speaking. I have indeed made serious charges against certain persons, but those charges are well documented and they are not exaggerated. The charges are true and serious. The charges are relevant to ARIN, and involve ARIN board members and their associates. Good and honest government and the integrity and honesty of officials is relevant to the public interest, and to public policy. In contrast, you have asserted nothing but lies, untruths, and exaggerations about my statements and claims. I have not said or done any of the things you accuse me of doing. --Dean -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000 From martin.hannigan at batelnet.bs Tue Jul 24 01:20:14 2007 From: martin.hannigan at batelnet.bs (Martin Hannigan) Date: Tue, 24 Jul 2007 01:20:14 -0400 Subject: [ppml] Example of a questionable block Was: Re: Tell me, Mr. Anderson, what good is a mailing list when we are unable to speak? Message-ID: <46a58c0e.327.b1d.32565@batelnet.bs> ----- Original Message ----- From: Dean Anderson To: bill fumerola , , Subject: Re: [ppml] Tell me, Mr. Anderson, what good is a mailing list when we are unable to speak? Date: Thu, 19 Jul 2007 23:14:07 -0400 (EDT) [ snip ] > > claim that 130.105/16 and I agree that this one is suspect and I would encourage you to sign an RSA and request a formal disposition. > 198.3.136/21 are hijacked? I believe that this is AV8's. -M< From michael.dillon at bt.com Tue Jul 24 05:03:15 2007 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Tue, 24 Jul 2007 10:03:15 +0100 Subject: [ppml] Verifying the title to an IP address block Message-ID: In an IEPG meeting at IETF Chicago, Randy Bush presented some slides in which he states: - ARIN developing full multi-RIR/LIR open source software to certify and verify title to IPv4 and IPv6 resources Is there any element of truth to this? Refer to slide 5 here http://rip.psg.com/~randy/070722.v6-op-reality.pdf ------------------------------------------------------- Michael Dillon RadianzNet Capacity Management, 66 Prescot St., London, E1 8HG, UK Mobile: +44 7900 823 672 Internet: michael.dillon at btradianz.com Phone: +44 20 7650 9493 Fax: +44 20 7650 9030 http://www.btradianz.com One Community One Connection One Focus From drc at virtualized.org Tue Jul 24 05:20:13 2007 From: drc at virtualized.org (David Conrad) Date: Tue, 24 Jul 2007 11:20:13 +0200 Subject: [ppml] Policy Proposal: Global Policy for the Allocation of theRemaining IPv4 Address Space In-Reply-To: <75cb24520707231451r265b9f4ft12f46ce375e8cc19@mail.gmail.com> References: <454810F09B5AA04E9D78D13A5C39028A02A4C6FA@nyrofcs2ke2k01.corp.pvt> <1185212933.9336.6.camel@jessy.antel.net.uy> <3c3e3fca0707231211t4933d81fn2cc2e9169a2fb88@mail.gmail.com> <1185225457.9336.36.camel@jessy.antel.net.uy> <75cb24520707231451r265b9f4ft12f46ce375e8cc19@mail.gmail.com> Message-ID: <371A1B81-772D-4738-91CE-F64D5F452835@virtualized.org> Chris, On Jul 23, 2007, at 11:51 PM, Christopher Morrow wrote: > I'm confused by most of these 'soft landing' sorts of proposals. These > basically all have the side effect of bringing the end-date closer to > 'now'. I think you mean 'countdown' type proposals. My proposal (called 'soft landing') increases the requirements in order to extend the IPv4 lifetime. (Yes, I'm still working on it. Or rather, I'm still planning on working on it. Been buried under a bunch of other things recently, but that's changing) Rgds, -drc From drc at virtualized.org Tue Jul 24 05:23:22 2007 From: drc at virtualized.org (David Conrad) Date: Tue, 24 Jul 2007 11:23:22 +0200 Subject: [ppml] Policy Proposal: Global Policy for the Allocation of theRemaining IPv4 Address Space In-Reply-To: References: Message-ID: <3ED515A7-45A1-4BD9-8E98-E931AA62C7E6@virtualized.org> On Jul 23, 2007, at 11:56 PM, Jason Schiller wrote: > 1. Allow each RIR to be certain about how much of the remaing space > they > have. > > 2. Give each RIR time to implement new policy to make the runout more > managable. 3. Remove IANA from the target of lawyers when the runout occurs. I like this last one... :-) Rgds, -drc From linda at sat-tel.com Tue Jul 24 08:54:36 2007 From: linda at sat-tel.com (Linda) Date: Tue, 24 Jul 2007 08:54:36 -0400 Subject: [ppml] Policy Proposal: Global Policy for the Allocation ofthe Remaining IPv4 Address Space References: <20070723190617.3784.qmail@hoster908.com> Message-ID: <015401c7cdf1$ca5c5690$966600d0@accountsrec> I do not support this policy and feel that the current policy is sufficient. Regards, Linda Werner Satellite Communication Systems, Inc. ----- Original Message ----- From: "Andrew Dul" To: "Azinger, Marla" ; Sent: Monday, July 23, 2007 3:06 PM Subject: Re: [ppml] Policy Proposal: Global Policy for the Allocation ofthe Remaining IPv4 Address Space > >> ## * ## >> >> >> Policy Proposal Name: Global Policy for the Allocation of the Remaining >> IPv4 Address Space >> >> This policy describes the process for the allocation of the >> remaining IPv4 space from IANA to the RIRs. When a minimum amount of >> available space is reached, an identical number of IPv4 allocation units >> (/8s) will be allocated from IANA to each RIR, replacing the current >> IPv4 allocation policy. >> >> In order to fulfill the requirements of this policy, at the time it >> is adopted, an identical number of IPv4 allocation units (N units) will >> be reserved by IANA for each RIR. The number N is defined as: 5. >> The reserved allocation units will no longer be part of the available >> space at the IANA pool. The process for the allocation of the remaining >> IPv4 space is divided in two consecutive phases: >> > > I'm not sure this policy is necessary. I don't specifically think there > is anything wrong with the current policy. > > RIRs could develop their own "end of IPv4 allocation schemes" even if the > IANA to RIR policy was not changed. > > RIRs use IPv4 resources at different rates due to the different sizes of > the communities they represent. This policy will artificially extend the > availability in some of IPv4 resources in some RIR's, that could lead to > RIR shopping. > > I do not support this policy as currently written. > > Andrew > > > _______________________________________________ > This message sent to you through the ARIN Public Policy Mailing List > (PPML at arin.net). > Manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml > > From Gary.Allmond at do.treas.gov Tue Jul 24 09:18:39 2007 From: Gary.Allmond at do.treas.gov (Gary.Allmond at do.treas.gov) Date: Tue, 24 Jul 2007 09:18:39 -0400 Subject: [ppml] FW: Policy Proposal: Global Policy for the Allocation oftheRemaining IPv4 Address Space Message-ID: <29ACF8A4CC525A4EBD6E8BCAA3FD99F07362C7@D01EXC1P.do.treas.gov> I also do not support the proposed policy. If I read this correctly, each RIR would get the same amount of IPv4 space. This is penalizes larger areas while not encouraging slower growth areas to transfer to IPv6. Gary Allmond -----Original Message----- From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On Behalf Of Linda Sent: Tuesday, July 24, 2007 8:55 AM To: ppml at arin.net Subject: Re: [ppml] Policy Proposal: Global Policy for the Allocation oftheRemaining IPv4 Address Space I do not support this policy and feel that the current policy is sufficient. Regards, Linda Werner Satellite Communication Systems, Inc. ----- Original Message ----- From: "Andrew Dul" To: "Azinger, Marla" ; Sent: Monday, July 23, 2007 3:06 PM Subject: Re: [ppml] Policy Proposal: Global Policy for the Allocation ofthe Remaining IPv4 Address Space > >> ## * ## >> >> >> Policy Proposal Name: Global Policy for the Allocation of the Remaining >> IPv4 Address Space >> >> This policy describes the process for the allocation of the >> remaining IPv4 space from IANA to the RIRs. When a minimum amount of >> available space is reached, an identical number of IPv4 allocation units >> (/8s) will be allocated from IANA to each RIR, replacing the current >> IPv4 allocation policy. >> >> In order to fulfill the requirements of this policy, at the time it >> is adopted, an identical number of IPv4 allocation units (N units) will >> be reserved by IANA for each RIR. The number N is defined as: 5. >> The reserved allocation units will no longer be part of the available >> space at the IANA pool. The process for the allocation of the remaining >> IPv4 space is divided in two consecutive phases: >> > > I'm not sure this policy is necessary. I don't specifically think there > is anything wrong with the current policy. > > RIRs could develop their own "end of IPv4 allocation schemes" even if the > IANA to RIR policy was not changed. > > RIRs use IPv4 resources at different rates due to the different sizes of > the communities they represent. This policy will artificially extend the > availability in some of IPv4 resources in some RIR's, that could lead to > RIR shopping. > > I do not support this policy as currently written. > > Andrew > > > _______________________________________________ > This message sent to you through the ARIN Public Policy Mailing List > (PPML at arin.net). > Manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml > > _______________________________________________ This message sent to you through the ARIN Public Policy Mailing List (PPML at arin.net). Manage your mailing list subscription at: http://lists.arin.net/mailman/listinfo/ppml From jordi.palet at consulintel.es Tue Jul 24 10:11:29 2007 From: jordi.palet at consulintel.es (JORDI PALET MARTINEZ) Date: Tue, 24 Jul 2007 09:11:29 -0500 Subject: [ppml] FW: Policy Proposal: Global Policy for the Allocation oftheRemaining IPv4 Address Space In-Reply-To: <29ACF8A4CC525A4EBD6E8BCAA3FD99F07362C7@D01EXC1P.do.treas.gov> Message-ID: The point is not being a "larger" area. Is a question of utilization, may be a formula of population+services+need. Even if we do evenly according to the current population and utilization, what precludes people moving from one area to another, or creating new services demanding more addresses ? And then addresses are already given up to other regions ? Of course, this should not be a problem if the addresses are still under IANA pool, because then we can change policies (if we have time), but once at the RIRs pool it may be more difficult to achieve any global policy change in the future. The alternative is to make regional policies that allow a RIR to claim IANA for more blocks "now", but as I indicated in my document, I don't think we want to start a fight among RIR communities challenging who is faster in making policies to claim for more blocks now :-) And please, I'm not suggesting that, I'm clearly saying this is what we should avoid. Instead, spend cycles in moving to IPv6, it is a much cheaper plan, smarter and has a long term vision, not just delaying what is unavoidable. Regards, Jordi > De: > Responder a: > Fecha: Tue, 24 Jul 2007 09:18:39 -0400 > Para: > Conversaci?n: [ppml] Policy Proposal: Global Policy for the Allocation > oftheRemaining IPv4 Address Space > Asunto: [ppml] FW: Policy Proposal: Global Policy for the Allocation > oftheRemaining IPv4 Address Space > > I also do not support the proposed policy. If I read this correctly, > each RIR would get the same amount of IPv4 space. This is penalizes > larger areas while not encouraging slower growth areas to transfer to > IPv6. > > Gary Allmond > > -----Original Message----- > From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On Behalf Of > Linda > Sent: Tuesday, July 24, 2007 8:55 AM > To: ppml at arin.net > Subject: Re: [ppml] Policy Proposal: Global Policy for the Allocation > oftheRemaining IPv4 Address Space > > I do not support this policy and feel that the current policy is > sufficient. > > Regards, > Linda Werner > Satellite Communication Systems, Inc. > > ----- Original Message ----- > From: "Andrew Dul" > To: "Azinger, Marla" ; > Sent: Monday, July 23, 2007 3:06 PM > Subject: Re: [ppml] Policy Proposal: Global Policy for the Allocation > ofthe > Remaining IPv4 Address Space > > >> >>> ## * ## >>> >>> >>> Policy Proposal Name: Global Policy for the Allocation of the > Remaining >>> IPv4 Address Space >>> >>> This policy describes the process for the allocation of the >>> remaining IPv4 space from IANA to the RIRs. When a minimum amount of >>> available space is reached, an identical number of IPv4 allocation > units >>> (/8s) will be allocated from IANA to each RIR, replacing the current >>> IPv4 allocation policy. >>> >>> In order to fulfill the requirements of this policy, at the time > it >>> is adopted, an identical number of IPv4 allocation units (N units) > will >>> be reserved by IANA for each RIR. The number N is defined as: 5. >>> The reserved allocation units will no longer be part of the > available >>> space at the IANA pool. The process for the allocation of the > remaining >>> IPv4 space is divided in two consecutive phases: >>> >> >> I'm not sure this policy is necessary. I don't specifically think > there >> is anything wrong with the current policy. >> >> RIRs could develop their own "end of IPv4 allocation schemes" even if > the >> IANA to RIR policy was not changed. >> >> RIRs use IPv4 resources at different rates due to the different sizes > of >> the communities they represent. This policy will artificially extend > the >> availability in some of IPv4 resources in some RIR's, that could lead > to >> RIR shopping. >> >> I do not support this policy as currently written. >> >> Andrew >> >> >> _______________________________________________ >> This message sent to you through the ARIN Public Policy Mailing List >> (PPML at arin.net). >> Manage your mailing list subscription at: >> http://lists.arin.net/mailman/listinfo/ppml >> >> > > > _______________________________________________ > This message sent to you through the ARIN Public Policy Mailing List > (PPML at arin.net). > Manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml > _______________________________________________ > This message sent to you through the ARIN Public Policy Mailing List > (PPML at arin.net). > Manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml From owen at delong.com Tue Jul 24 10:47:18 2007 From: owen at delong.com (Owen DeLong) Date: Tue, 24 Jul 2007 07:47:18 -0700 Subject: [ppml] Verifying the title to an IP address block In-Reply-To: References: Message-ID: <48DB56E6-DBFE-4DD7-81AF-25C5585C9410@delong.com> Given that addresses are not sold or leased and are not property and therefore don't have "ownership", I think title verification is an absurd concept. Further, I don't think that the registries should reverse their position on this subject. Moving from registry to title agent would be a very bad idea in my opinion. Having said that, I do think that it is a good idea for the registries and the IANA to work together and develop a system that would enable the following: 1. IANA signs all delegations with a well-known key in a way that strongly identifies the recipient. 2. Each RIR would sign its allocations/assignments in a way that strongly identifies the direct recipient. 3. This chain would continue until finally the end-user was identified. 4. A mechanism should be built to enable DNS RRs to reflect IP/ASN tuples signed by both the Address and the ASN holders, reflecting the chain of authority for each. I am not saying such a mechanism doesn't exist yet, but, I will say that it is not widely deployed, common knowledge, or readily available to the community at large. It should be, and, it should be done in as light-weight a manner as possible without sacrificing the positive identity aspects. Owen On Jul 24, 2007, at 2:03 AM, wrote: > In an IEPG meeting at IETF Chicago, Randy Bush presented some > slides in > which he states: > > - ARIN developing full multi-RIR/LIR open source software to > certify and > verify title to IPv4 and IPv6 resources > > Is there any element of truth to this? > > Refer to slide 5 here http://rip.psg.com/~randy/070722.v6-op- > reality.pdf > > ------------------------------------------------------- > Michael Dillon > RadianzNet Capacity Management, 66 Prescot St., London, E1 8HG, UK > Mobile: +44 7900 823 672 > Internet: michael.dillon at btradianz.com > Phone: +44 20 7650 9493 Fax: +44 20 7650 9030 > http://www.btradianz.com > > One Community One Connection One Focus > > _______________________________________________ > This message sent to you through the ARIN Public Policy Mailing List > (PPML at arin.net). > Manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml From dean at av8.com Tue Jul 24 10:47:18 2007 From: dean at av8.com (Dean Anderson) Date: Tue, 24 Jul 2007 10:47:18 -0400 (EDT) Subject: [ppml] Example of a questionable block Was: Re: Tell me, Mr. Anderson, what good is a mailing list when we are unable to speak? In-Reply-To: <46a58c0e.327.b1d.32565@batelnet.bs> Message-ID: And give up legacy status? And formal disposition of what? Whether someone on the internet is dishonest? It seems a positive result should be that the board member associated with those lies being dismissed. I don't think that requires an RSA. I'm a member. Indeed, I think it is better to expose those who would lie. If they lie on one thing, they probably lie on other things, and it is much better to act on the failure of honesty and integrity than to overlook such failure. www.osf.org -> www.opengroup.org. The OSF, The X Consortium, and X/Open formed The Open Group. Its a pretty well known group of standards organizations. Perhaps you've heard of UNIX, SQL, The X Window System, Motif, and XPG4, etc. Hmm. Offices in Burlington, MA. Hmm. Burlington, that Av8 Internet's footprint. (as Hannigan already knows) dig ns camb.opengroup.org ; <<>> DiG 9.1.0 <<>> ns camb.opengroup.org ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14397 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 5 ;; QUESTION SECTION: ;camb.opengroup.org. IN NS ;; ANSWER SECTION: camb.opengroup.org. 10800 IN NS xopuk.xopen.co.uk. camb.opengroup.org. 10800 IN NS concorde.av8.com. camb.opengroup.org. 10800 IN NS ns1.camb.opengroup.org. camb.opengroup.org. 10800 IN NS ns2.camb.opengroup.org. camb.opengroup.org. 10800 IN NS xopen.xopen.co.uk. ;; ADDITIONAL SECTION: ns1.camb.opengroup.org. 10800 IN A 130.105.1.223 ns2.camb.opengroup.org. 10800 IN A 130.105.1.25 xopen.xopen.co.uk. 45501 IN A 192.153.166.4 xopuk.xopen.co.uk. 45501 IN A 192.153.166.5 concorde.av8.com. 3600 IN A 130.105.11.3 Doesn't look closed, disused or hijacked. So, Martin, I do demand a retraction for repeating slander. --Dean On Tue, 24 Jul 2007, Martin Hannigan wrote: > > ----- Original Message ----- > From: Dean Anderson > To: bill fumerola , , > > Subject: Re: [ppml] Tell me, Mr. Anderson, what good is a > mailing list when we are unable to speak? > Date: Thu, 19 Jul 2007 23:14:07 -0400 (EDT) > > [ snip ] > > > > > claim that 130.105/16 and > > I agree that this one is suspect and I would encourage you > to sign an RSA and request a formal disposition. > > > 198.3.136/21 are hijacked? > > I believe that this is AV8's. > > -M< > > > > -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000 From christopher.morrow at gmail.com Tue Jul 24 11:22:23 2007 From: christopher.morrow at gmail.com (Christopher Morrow) Date: Tue, 24 Jul 2007 11:22:23 -0400 Subject: [ppml] Verifying the title to an IP address block In-Reply-To: <48DB56E6-DBFE-4DD7-81AF-25C5585C9410@delong.com> References: <48DB56E6-DBFE-4DD7-81AF-25C5585C9410@delong.com> Message-ID: <75cb24520707240822h6dd0a170o15b2bba140a62daa@mail.gmail.com> On 7/24/07, Owen DeLong wrote: > > 1. IANA signs all delegations with a well-known key > in a way that strongly identifies the recipient. > > 2. Each RIR would sign its allocations/assignments in > a way that strongly identifies the direct recipient. > > 3. This chain would continue until finally the end-user > was identified. > > 4. A mechanism should be built to enable DNS RRs > to reflect IP/ASN tuples signed by both the Address > and the ASN holders, reflecting the chain of > authority for each. i agree with all of the above save #4... Only because I don't see it being feasible in a 'light weight manner' (from the ops perspective) in the short term and because it seems bolted onto the side of the larger initial goal which was some cert-chain down to the end-delegation. I believe Sandy Miller had some slide-ware on this very thing actually? -Chris From raul at lacnic.net Tue Jul 24 11:48:04 2007 From: raul at lacnic.net (Raul Echeberria) Date: Tue, 24 Jul 2007 12:48:04 -0300 Subject: [ppml] Policy Proposal: Global Policy for the Allocationof theRemaining IPv4 Address Space In-Reply-To: References: Message-ID: <7.0.1.0.1.20070724123940.0437bec0@lacnic.net> At 08:20 p.m. 23/07/2007, JORDI PALET MARTINEZ wrote: >Hi, > >4) Last, but not least, I'm against policies that try to change the natural >trends of existing allocations. They don't make sense. Time is short and we >should, instead of wasting time, use ALL those extra time-slices that each >one of us has, in moving to IPv6. Jordi: I think that discussing in our forums is never wasting time and I also think that a global policy proposal that has been approved in one region deserves that we spend some time in discussing it. Beside that I don't think that there is a contradiction between working on IPv6 adoption and discussing about IPv4 exhaustion policies. You are aware of the efforts that are being made in LAC region regarding IPv6 and it has no relation with the discussion of this proposal. Ra?l -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From rgaglian at antel.net.uy Tue Jul 24 12:06:30 2007 From: rgaglian at antel.net.uy (Roque Gagliano) Date: Tue, 24 Jul 2007 13:06:30 -0300 Subject: [ppml] Policy Proposal: Global Policy for the Allocation of the Remaining IPv4 Address Space In-Reply-To: <20070723190617.3784.qmail@hoster908.com> References: <20070723190617.3784.qmail@hoster908.com> Message-ID: <1185293190.11522.88.camel@jessy.antel.net.uy> Andrew, here are my answers, On Mon, 2007-07-23 at 11:06 -0800, Andrew Dul wrote: > > I'm not sure this policy is necessary. I don't specifically think > there is anything wrong with the current policy. > > RIRs could develop their own "end of IPv4 allocation schemes" even if > the IANA to RIR policy was not changed. Why should they do it? with the current policy RIRs are encouraged to consume as many addresses as possible until the IANA pool exhausts. The proposed policy eliminates the pressure on the central pool at IANA and allows each RIR to develop its own policies on how are they going to distribute its last allocation (probably more conservative policies). It will also be a clear message to the rest of the community about how the IANA pool will be distributed and by doing that avoiding discussion outside the RIR environment. Probably we should also ask ourselves: What may happen if we just do nothing about this issue? > RIRs use IPv4 resources at different rates due to the different sizes > of the communities they represent. This policy will artificially > extend the availability in some of IPv4 resources in some RIR's, that > could lead to RIR shopping. We need to take a global perspective on this issue, here I have to scenarios: 1) If a small RIR run out of IPv4 addresses, the ISPs of that region will have problems to get IPv4 addresses from any black or grey market because the prices and they will not have other options like recover unused IPv4 addresses or legacy space due to the fact that those regions have been under the RIR policies and RIR system almost since day one. The amount of unused or leagy space is very small. 2) If the bigger RIRS run out of addresses and there are available addresses at the smaller RIRS. There will be large amount of IPv4 addresses in the regions of the RIRS that run out. ISPs in those regions will have the chance of getting IPv4 addresses from parallel markets, legacy or unallocated space. RIR shopping could happen in any scenario but at the time they receive their last allocation RIR will probably already have in place more conservative policies. Particularly in scenario number #1, smaller ISPs from smaller countries will be lacking of options, and,the most important, in scenario #2 no ISP from the first world will base their business in the possibility of getting small amounts of IPv4 addresses for a short time from smaller RIRs. They will move to IPv6. Regards Roque > I do not support this policy as currently written. > > Andrew -- ------------------------------------------------------------- Roque Gagliano ANTEL - URUGUAY rgaglian at antel.net.uy -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: From bicknell at ufp.org Tue Jul 24 12:21:30 2007 From: bicknell at ufp.org (Leo Bicknell) Date: Tue, 24 Jul 2007 12:21:30 -0400 Subject: [ppml] Dean Anderson, 130.105.0.0/16 and the future of the IPv4 Internet. Message-ID: <20070724162130.GA62720@ussenterprise.ufp.org> I think it's unfortunate that Dean's presence on the list has been so polarizing. For better or for worse many people on this list have history with Dean, usually with opposing points of view. The reason I think it is unfortunate is because I think this list can actually take some valuable study from his situation. There is one particular dispute that should be of interest to the readership of PPML. If you put "Dean Anderson SORBS" into google you will find that Dean and various people of SORBS have been in a long running argument. It is over the netblock 130.105.0.0/16. Both sides have their arguments well documented in multiple forums across the Internet. I think Dean, in this case, is the canary in the coal mine. Legacy space has been transferred. In some cases completely legitimately, in some cases fraudulently; and in many cases in some sort of grey area. Historically there were no rules. Can a legacy holder transfer their space to another party? Are they required to tell anyone if they do? If someone disputes the transfer, what constitutes proof? What role does ARIN play in any of this process? Can a technical contact initiate the transfer, or does it need to be authorized by an officer of the company? As IPv4 space increases in value I suspect we'll see many more cases of all possible outcomes. Hijacked space will turn up like crazy as people wake up and take notice. Legitimate transfers that were never documented will cause headaches for many companies. Companies that were previously friendly and worked on a handshake arrangement will turn hostile, and the lack of documentation will harm them all. It's IANA's problem. It's ARIN's problem. It's DARPA and the DOD's problem. It may turn out to be the courts problem, but most of all, it's the community's problem. Should netblock ownership and routing slots descend into some sort of Mad Max type of future we're all going to loose, big time. Secure routing is never going to work if we can't figure out who gets the certificate. While we can learn from Dean's specific case, arguing over the details is not productive. If we want to have a productive discourse about this issue we need to consider all of the legacy space. -- Leo Bicknell - bicknell at ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ Read TMBG List - tmbg-list-request at tmbg.org, www.tmbg.org -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available URL: From Keith at jcc.com Tue Jul 24 12:30:39 2007 From: Keith at jcc.com (Keith W. Hare) Date: Tue, 24 Jul 2007 12:30:39 -0400 Subject: [ppml] X/Open SQL is a profile, not a standard Message-ID: <768ee7c04e069bd8d43b02981e339dea46a6293c@jcc.com> > -----Original Message----- > From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On > Behalf Of Dean Anderson > Sent: Tuesday, July 24, 2007 10:47 AM > www.osf.org -> www.opengroup.org. The OSF, The X Consortium, > and X/Open > formed The Open Group. Its a pretty well known group of standards > organizations. Perhaps you've heard of UNIX, SQL, The X Window System, > Motif, and XPG4, etc. > A slight quibble with this statement, that really doesn't matter to PPML, but X/Open produced a profile of the ISO/IEC 9075 SQL standard, not a separate standard. Keith Hare ______________________________________________________________ Keith W. Hare JCC Consulting, Inc. keith at jcc.com 600 Newark Road Phone: 740-587-0157 P.O. Box 381 Fax: 740-587-0163 Granville, Ohio 43023 http://www.jcc.com USA ______________________________________________________________ From jordi.palet at consulintel.es Tue Jul 24 13:41:23 2007 From: jordi.palet at consulintel.es (JORDI PALET MARTINEZ) Date: Tue, 24 Jul 2007 12:41:23 -0500 Subject: [ppml] Policy Proposal: Global Policy for the Allocationof theRemaining IPv4 Address Space In-Reply-To: <7.0.1.0.1.20070724123940.0437bec0@lacnic.net> Message-ID: Hi Raul, May be I was too strong ... I agree, discussions are always useful. However I believe is much more productive using more time in moving to IPv6 instead of using that time in pushing for a global policy when has become evident (from previous comments in this list) that at least in this region is difficult to see it progressing. Of course, this is only my very personal opinion. And yes, I've very "actively" aware of the IPv6 efforts in LAC, and somehow agree that you can do both things, but I still thing is a wrong approach to believe that to deploy IPv6 you need to make sure that you have more (public) IPv4, and this is not just my personal opinion, but a technical, practical and objective view. Regards, Jordi > De: Raul Echeberria > Responder a: > Fecha: Tue, 24 Jul 2007 12:48:04 -0300 > Para: > Asunto: Re: [ppml] Policy Proposal: Global Policy for the Allocationof > theRemaining IPv4 Address Space > > At 08:20 p.m. 23/07/2007, JORDI PALET MARTINEZ wrote: >> Hi, >> >> 4) Last, but not least, I'm against policies that try to change the natural >> trends of existing allocations. They don't make sense. Time is short and we >> should, instead of wasting time, use ALL those extra time-slices that each >> one of us has, in moving to IPv6. > > > Jordi: > > I think that discussing in our forums is never > wasting time and I also think that a global > policy proposal that has been approved in one > region deserves that we spend some time in discussing it. > Beside that I don't think that there is a > contradiction between working on IPv6 adoption > and discussing about IPv4 exhaustion policies. > You are aware of the efforts that are being made > in LAC region regarding IPv6 and it has no > relation with the discussion of this proposal. > > > Ra?l > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > _______________________________________________ > This message sent to you through the ARIN Public Policy Mailing List > (PPML at arin.net). > Manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml From jordi.palet at consulintel.es Tue Jul 24 13:50:09 2007 From: jordi.palet at consulintel.es (JORDI PALET MARTINEZ) Date: Tue, 24 Jul 2007 12:50:09 -0500 Subject: [ppml] Policy Proposal: Global Policy for the Allocation of the Remaining IPv4 Address Space In-Reply-To: <1185293190.11522.88.camel@jessy.antel.net.uy> Message-ID: But the answer is still simple in any case: Before we run out of addresses, move to IPv6, so the *possible* period of time when IPv4 addresses aren't available from the RIRs but may be still required becomes so short that is not an issue. Regards, Jordi > De: Roque Gagliano > Organizaci?n: ANTELDATA > Responder a: > Fecha: Tue, 24 Jul 2007 13:06:30 -0300 > Para: Andrew Dul > CC: > Asunto: Re: [ppml] Policy Proposal: Global Policy for the Allocation of the > Remaining IPv4 Address Space > > Andrew, here are my answers, > > On Mon, 2007-07-23 at 11:06 -0800, Andrew Dul wrote: >> >> I'm not sure this policy is necessary. I don't specifically think >> there is anything wrong with the current policy. >> >> RIRs could develop their own "end of IPv4 allocation schemes" even if >> the IANA to RIR policy was not changed. > > Why should they do it? with the current policy RIRs are encouraged to > consume as many addresses as possible until the IANA pool exhausts. > > The proposed policy eliminates the pressure on the central pool at IANA > and allows each RIR to develop its own policies on how are they going to > distribute its last allocation (probably more conservative policies). It > will also be a clear message to the rest of the community about how the > IANA pool will be distributed and by doing that avoiding discussion > outside the RIR environment. > > Probably we should also ask ourselves: What may happen if we just do > nothing about this issue? > >> RIRs use IPv4 resources at different rates due to the different sizes >> of the communities they represent. This policy will artificially >> extend the availability in some of IPv4 resources in some RIR's, that >> could lead to RIR shopping. > > We need to take a global perspective on this issue, here I have to > scenarios: > > 1) If a small RIR run out of IPv4 addresses, the ISPs of that region > will have problems to get IPv4 addresses from any black or grey market > because the prices and they will not have other options like recover > unused IPv4 addresses or legacy space due to the fact that those regions > have been under the RIR policies and RIR system almost since day one. > The amount of unused or leagy space is very small. > > 2) If the bigger RIRS run out of addresses and there are available > addresses at the smaller RIRS. There will be large amount of IPv4 > addresses in the regions of the RIRS that run out. ISPs in those regions > will have the chance of getting IPv4 addresses from parallel markets, > legacy or unallocated space. > > RIR shopping could happen in any scenario but at the time they receive > their last allocation RIR will probably already have in place more > conservative policies. Particularly in scenario number #1, smaller ISPs > from smaller countries will be lacking of options, and,the most > important, in scenario #2 no ISP from the first world will base their > business in the possibility of getting small amounts of IPv4 addresses > for a short time from smaller RIRs. They will move to IPv6. > > Regards > Roque > > >> I do not support this policy as currently written. >> >> Andrew > -- > > ------------------------------------------------------------- > Roque Gagliano ANTEL - URUGUAY > rgaglian at antel.net.uy > _______________________________________________ > This message sent to you through the ARIN Public Policy Mailing List > (PPML at arin.net). > Manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml From owen at delong.com Tue Jul 24 14:13:41 2007 From: owen at delong.com (Owen DeLong) Date: Tue, 24 Jul 2007 11:13:41 -0700 Subject: [ppml] Dean Anderson, 130.105.0.0/16 and the future of the IPv4 Internet. In-Reply-To: <20070724162130.GA62720@ussenterprise.ufp.org> References: <20070724162130.GA62720@ussenterprise.ufp.org> Message-ID: <45B285AD-D94B-4261-BFDE-4224857BFDBC@delong.com> > > It's IANA's problem. It's ARIN's problem. It's DARPA and the DOD's > problem. It may turn out to be the courts problem, but most of > all, it's the community's problem. Should netblock ownership and > routing slots descend into some sort of Mad Max type of future we're > all going to loose, big time. Secure routing is never going to > work if we can't figure out who gets the certificate. > Actually, Leo, I think that paragraph may have hit on a good portion of the solution: ARIN is not required to provide any NEW services to legacy holders without an RSA. I doubt anyone will dispute that. So, simple suggestion here (let's see what kind of opposition it develops)... ARIN should start issuing certificates for prefixes handed out by ARIN. ARIN should issue those certificates ONLY to recipients who have signed an ARIN RSA and only for the prefixes which are covered under said RSA. If secure routing starts using those certificates and becomes popular, then, the ability to get a certificate becomes a carrot for legacy holders to sign an RSA. Owen From davids at webmaster.com Tue Jul 24 14:27:55 2007 From: davids at webmaster.com (David Schwartz) Date: Tue, 24 Jul 2007 11:27:55 -0700 Subject: [ppml] Dean Anderson, 130.105.0.0/16 and the future of the IPv4 Internet. In-Reply-To: <45B285AD-D94B-4261-BFDE-4224857BFDBC@delong.com> Message-ID: > ARIN should start issuing certificates for prefixes handed out by > ARIN. ARIN should issue those certificates ONLY to recipients > who have signed an ARIN RSA and only for the prefixes which are > covered under said RSA. > > If secure routing starts using those certificates and becomes popular, > then, the ability to get a certificate becomes a carrot for legacy > holders to sign an RSA. It would only be a matter of time before someone else started issuing certificates to legacy holders. That's actually not a bad thing. If they just issue them randomly to anyone who asks for them, no sane person would honor those certificates. On the other hand, if they do actually do the legwork to track down these netblocks, they'll be doing a valuable service. One possible way that this could somewhat backfire is if large providers insist on being able to issue their own certificates. If a large number of legitimate routes are signed by a certificate, you won't be able to refuse that certificate. This will make getting a certificate to route no more difficult than getting a large provider to route. If any large provider says "we're going to sign our blocks with our own key", it will be awfully hard to tell them no. DS From dean at av8.com Tue Jul 24 14:41:47 2007 From: dean at av8.com (Dean Anderson) Date: Tue, 24 Jul 2007 14:41:47 -0400 (EDT) Subject: [ppml] Dean Anderson, 130.105.0.0/16 and the future of the IPv4 Internet. In-Reply-To: <20070724162130.GA62720@ussenterprise.ufp.org> Message-ID: On Tue, 24 Jul 2007, Leo Bicknell wrote: > > I think Dean, in this case, is the canary in the coal mine. Thanks, Leo. > Legacy space has been transferred. In some cases completely > legitimately, in some cases fraudulently; and in many cases in some > sort of grey area. Possibly true in general. However, no legacy space has been transferred in the case of 130.105/16. The OSF still exists, and is still the assignee. I am merely the contact for the space, because the OSF allows it. There are no legitimate disputes over 130.105/16 or 198.3.136/21 being hijacked or disused, whatsoever. But there are some apparent illegitimate reasons. I exposed some of Vixies schemes some years ago. I think particularly the Anycast issue and the AXFR "clarify" scam (fall 2002 - spring 2003). But I also asserted that Antitrust would apply to blacklists and that ECPA would apply to ISPs in the late 1990s. Vixie and cronies did other things to retaliate for those early disputes. Though I did tend to say I was vindicated in the ECPA and Antitrust disputes after the Exactis v. MAPS case became well-known in 2002, and after NANOG held a seminar on the ECPA in 2002. In 2003 in approximate conjunction with the AXFR-clarify dispute and roughly the beginning of the Anycast dispute, I think it can be seen that Vixie and cronies just retaliated by trying to interfere with AV8 Internet business using blacklists and lies. Vixie et al have plenty of reason to dislike me: I have effectively opposed them at times. But they have no legitimate reason to use quasi-governmental privileges and positions of influence and trust against me. There is no legitimate reason to lie. This sort of defamatory attack is very similar to what Alan Brown did with ORBS--Events for which he lost 3 defamation suits. Similarly to SORBS, in 2 of the suits, Brown had another (financial) dispute with ISPs, and used the ORBS blacklist to retaliate. In the 3rd suit, Brown also made defamatory statements against Domainz, in order to profit. ORBS was shut for contempt of Court. Brown lost his business to pay damages. Incidentally, Brown is also associated with SORBS and Vixie through the false statements about Av8 Internet. SORBS picked up the exact text used by Brown. And for the record, I think Vixie professes to have no association with SORBS. But in September 1997, Vixie also claimed to have no association with MAPS after concerns about conspiracy in restraint of trade. And we know that turned out to be false. ISC.ORG hosts SORBS. As demonstrated by Media3 v MAPS, when you host abuse, you can be described as associated with abuse. I think Vixie's support of SORBS is deeper than Media3's support of its spam customers. It seems that SORBS was organized to defeat the successful claims in Exactis v. MAPS and the successful claims against ORBS, by moving SORBS offshore and having a purported pauper (Matthew Sullivan) profess to be the sole responsible person for SORBS. However, we can still show Vixie's association with the SORBS activity and show his previous attempts at dissembling about similar associations. These serious, unethical activities and abuse of powers are a stain on the integrity of the people who make them, and on the integrity of the people who are associated and allied with the false statements. Therefore, I call for Paul Vixie to removed from the ARIN Board of Trustees. --Dean -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000 From info at arin.net Tue Jul 24 14:45:17 2007 From: info at arin.net (Member Services) Date: Tue, 24 Jul 2007 14:45:17 -0400 Subject: [ppml] Policy Proposal: Global Policy for the Allocation of the Remaining IPv4 Address Space In-Reply-To: <46A0CB36.7050201@arin.net> References: <46A0CB36.7050201@arin.net> Message-ID: <46A648BD.7030601@arin.net> > The AC will assign shepherds in the near future. ARIN will provide the > names of the shepherds to the community via the PPML. The shepherds from the ARIN Advisory Council for this proposal are Matt Pounsett and Bill Darte. Regards, Member Services American Registry for Internet Numbers (ARIN) Member Services wrote: > ARIN received the following policy proposal. In accordance with the ARIN > Internet Resource Policy Evaluation Process, the proposal is being > posted to the ARIN Public Policy Mailing List (PPML) and being placed on > ARIN's website. > > The ARIN Advisory Council (AC) will review this proposal at their next > regularly scheduled meeting. The AC may decide to: > > 1. Accept the proposal as a formal policy proposal as written. If the > AC accepts the proposal, it will be posted as a formal policy proposal > to PPML and it will be presented at a Public Policy Meeting. > > 2. Postpone their decision regarding the proposal until the next > regularly scheduled AC meeting in order to work with the author. The AC > will work with the author to clarify, combine or divide the proposal. At > their following meeting the AC will accept or not accept the proposal. > > 3. Not accept the proposal. If the AC does not accept the proposal, > the AC will explain their decision. If a proposal is not accepted, then > the author may elect to use the petition process to advance their > proposal. If the author elects not to petition or the petition fails, > then the proposal will be closed. > > The AC will assign shepherds in the near future. ARIN will provide the > names of the shepherds to the community via the PPML. > > In the meantime, the AC invites everyone to comment on this proposal on > the PPML, particularly their support or non-support and the reasoning > behind their opinion. Such participation contributes to a thorough > vetting and provides important guidance to the AC in their deliberations. > > The ARIN Internet Resource Policy Evaluation Process can be found at: > http://www.arin.net/policy/irpep.html > > Mailing list subscription information can be found at: > http://www.arin.net/mailing_lists/ > > Regards, > > Member Services > American Registry for Internet Numbers (ARIN) > > > ## * ## > > > Policy Proposal Name: Global Policy for the Allocation of the Remaining > IPv4 Address Space > > Author: Roque Gagliano > > Co-authors: Francisco Obispo, Hytham EL Nakhal, Didier Allain Kla > > Proposal Version: v1 > > Submission Date: 07/17/2007 > > Proposal type: new > > Policy term: permanent > > Policy statement: > > This policy describes the process for the allocation of the > remaining IPv4 space from IANA to the RIRs. When a minimum amount of > available space is reached, an identical number of IPv4 allocation units > (/8s) will be allocated from IANA to each RIR, replacing the current > IPv4 allocation policy. > > In order to fulfill the requirements of this policy, at the time it > is adopted, an identical number of IPv4 allocation units (N units) will > be reserved by IANA for each RIR. The number N is defined as: 5. > The reserved allocation units will no longer be part of the available > space at the IANA pool. The process for the allocation of the remaining > IPv4 space is divided in two consecutive phases: > > 1. Existing Policy Phase: > > During this phase IANA will continue allocating IPv4 addresses to > the RIRs using the existing allocation policy. This phase will continue > until a request for IPv4 address space from any RIR to IANA cannot be > fulfilled with the remaining IPv4 space available at the IANA pool. > > This will be the last IPv4 address space request that IANA will > accept from any RIR. At this point the next phase of the process will be > initiated. > > 2. Exhaustion Phase: > > IANA will automatically allocate the reserved IPv4 allocation units > to each RIR (N units to each one) and respond to the last request with > the remaining available allocation units at the IANA pool (M units). > > 2.1. Size of the final IPv4 allocations: > > During this phase IANA will automatically allocate N allocation > units to each RIR from the reserved space defined in this policy. > IANA will also allocate M allocation units to the RIR that submitted the > last request for IPv4 addresses. > > 2.2. Allocation of the remaining IPv4 Address space: > > After the completion of the evaluation of the final request for > IPv4 addresses, IANA MUST: > > A) Immediately notify the NRO about the activation of the second > phase of this policy. > > B) Proceed to allocate M allocation units to the RIR that submitted > the last request for IPv4 address space. > > C) Proceed to allocate N allocation units to each RIR from the > reserved space. > > > Rationale: > > The IANA pool of allocation units of IPv4 addresses (/8s) is decreasing > rapidly. A new policy is proposed to replace the current "on demand" > policy in order to bring certainty on how the remaining space will be > allocated. This policy eliminates the pressure on the remaining central > pool of addresses by allocating equal amount of allocation units (N) to > each RIR. > > RIR may be studying slow-landing policies or the possibility to reserve > specific address spaces for "critical infrastructure" or new companies > in order to comply with anti-trust regulations in its region. This > policy allows each RIR to adopt those policies through its PDP, which is > simpler than a global policy discussion process. > > Each RIR will have the exact information on the amount of address spaces > that they will be receiving as a last allocation from the IANA. > > The policy is written in such a way that the discussion could be split > in two sections: first do we agree on the concept of the policy and > second what is the appropriate value for the last allocation units N. > > Timetable for implementation: This is a Global policy that needs to be > approved by all RIRs and then ratified by ASO/ICANN. It has already > reached consensus at LACNIC meeting. > > > > _______________________________________________ > This message sent to you through the ARIN Public Policy Mailing List > (PPML at arin.net). > Manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml > From owen at delong.com Tue Jul 24 14:49:03 2007 From: owen at delong.com (Owen DeLong) Date: Tue, 24 Jul 2007 11:49:03 -0700 Subject: [ppml] Dean Anderson, 130.105.0.0/16 and the future of the IPv4 Internet. In-Reply-To: References: Message-ID: On Jul 24, 2007, at 11:27 AM, David Schwartz wrote: > >> ARIN should start issuing certificates for prefixes handed out by >> ARIN. ARIN should issue those certificates ONLY to recipients >> who have signed an ARIN RSA and only for the prefixes which are >> covered under said RSA. >> >> If secure routing starts using those certificates and becomes >> popular, >> then, the ability to get a certificate becomes a carrot for legacy >> holders to sign an RSA. > > It would only be a matter of time before someone else started issuing > certificates to legacy holders. That's actually not a bad thing. > > If they just issue them randomly to anyone who asks for them, no > sane person > would honor those certificates. On the other hand, if they do > actually do > the legwork to track down these netblocks, they'll be doing a valuable > service. > > One possible way that this could somewhat backfire is if large > providers > insist on being able to issue their own certificates. If a large > number of > legitimate routes are signed by a certificate, you won't be able to > refuse > that certificate. This will make getting a certificate to route no > more > difficult than getting a large provider to route. > > If any large provider says "we're going to sign our blocks with our > own > key", it will be awfully hard to tell them no. > > DS > Actuallly, the simple solution to that is that certificates are already designed to be hierarchical, so, the ISP should be faced with the ability to use their ARIN issued certificate to sign subordinate blocks. Owen From info at arin.net Tue Jul 24 14:56:12 2007 From: info at arin.net (Member Services) Date: Tue, 24 Jul 2007 14:56:12 -0400 Subject: [ppml] Policy Proposal: IPv4 Soft Landing In-Reply-To: <464425E7.1070305@arin.net> References: <464425E7.1070305@arin.net> Message-ID: <46A64B4C.1070002@arin.net> On 19 July 2007, the ARIN Advisory Council (AC) postponed their decision regarding the proposal titled "IPv4 Soft Landing" in order to work with the author. The AC will work with the author to clarify, combine or divide the proposal. At the next regularly scheduled AC meeting, the AC will make their decision to accept or not accept the proposal as a formal policy proposal. The proposal text is below and can be found at: http://www.arin.net/policy/proposals/submission_archive.html The ARIN Internet Resource Policy Evaluation Process can be found at: http://www.arin.net/policy/irpep.html Regards, Member Services American Registry for Internet Numbers (ARIN) > ## * ## > > > Policy Proposal Name: IPv4 Soft Landing > > Author: David Conrad > > Proposal Version: 1.0 > > Submission Date: 2007-05-02 > > Proposal type: New > > Policy term: Permanent > > Policy statement: > > 30 days after specified thresholds in the amount of address space > remaining in the IANA IPv4 free pool are crossed, the requirements > necessary for ISPs to obtain additional IPv4 address space are made > more stringent and requesters must demonstrate efforts both to utilize > scarce IPv4 address space more efficiently, set up IPv6 infrastructure > services, and eventually offer production IPv6 connectivity. > > The proposed thresholds and the requirements to justify an allocation > of new IPv4 address space from ARIN are: > > Phase 0 > Threshold N/A > Requirements > > Requesters must demonstrate: > > * No requirements to document IPv6 infrastructure services or IPv6 > connectivity services. > > * 80% utilization in all customer assignments as reflected in > SWIP/rwhois reassignments > > * Downstream immediate requirement: 25% > > * Downstream requirement after 1 year: 50% > > Phase 1 > Threshold 40 /8s > Requirements: > > Requesters must demonstrate: > > * Documented plans for availability of production IPv6 infrastructure > services within 6 months > > * Documented plans for availability of production IPv6 service within > 1 year > > * 85% utilization in all customer assignments as reflected in > SWIP/rwhois reassignments > > * Downstream immediate requirement: 33% > > * Downstream requirement after 1 year: 66% > > Phase 2 > Threshold 30 /8s > Requirements: > > Requesters must demonstrate: > > * Documented availability of production IPv6 infrastructure services > > * Documented plans for availability of production IPv6 service within > 6 months > > * 90% utilization in all customer assignments as reflected in > SWIP/rwhois reassignments > > * Current 3rd-party auditors report of IPv4 address space utilization > > * Downstream immediate requirement: 50% > > * Downstream requirement after 1 year: 75% > > Phase 3 > Threshold 20 /8s > Requirements: > > Requesters must demonstrate: > > * Documented availability of production IPv6 infrastructure services > > * Documented availability of production IPv6 connectivity service > > * A migration plan for all internal infrastructure to either IPv6 or > private addressing > > * 92% utilization in all customer assignments as reflected in > SWIP/rwhois reassignments > > * Current 3rd-party auditors report of IPv4 address space utilization > > * Downstream immediate requirement: 60% > > * Downstream requirement after 1 year: 80% > > Phase 4 > Threshold 15 /8s > Requirements: > > Requesters must demonstrate: > > * Documented availability of production IPv6 connectivity services > > * Initiation of migration of internal infrastructure to either IPv6 or > private addressing > > * 94% utilization in all customer assignments as reflected in > SWIP/rwhois reassignments > > * Current 3rd-party auditors report of IPv4 address space utilization > > * Downstream immediate requirement: 70% > > * Downstream requirement after 1 year: 85% > > Internal infrastructure can be used in justification for IPv4 address > space only in special circumstances > > Phase 5 > Threshold 10 /8s > Requirements: > > Requesters must demonstrate: > > * Documented availability of production IPv6 connectivity services > > * Recycling of 25% of (non-private) IPv4 address space formerly used > for internal infrastructure > > * 96% utilization in all customer assignments as reflected in > SWIP/rwhois reassignments > > * Current 3rd-party auditors report of IPv4 address space utilization > > * Downstream immediate requirement: 75% > > * Downstream requirement after 1 year: 90% > > Internal infrastructure can no longer be used in justification for > IPv4 address space > > Phase 6 > Threshold 5 /8s > Requirements: > > Requesters must demonstrate: > > * Documented availability of production IPv6 connectivity services > > * Recycling of 75% of IPv4 address space formerly used for internal > infrastructure > > * 98% utilization in all customer assignments as reflected in > SWIP/rwhois reassignments > > * Current 3rd-party auditors report of IPv4 address space utilization > > * Downstream immediate requirement: 80% > > * Downstream requirement after 1 year: 95% > > Internal infrastructure can no longer be used in justification for > IPv4 address space > > Note that for the purposes of this proposal, the following definitions > apply: > > * Downstream: entities to which the ISP may assign address space. > > * IPv6 infrastructure services: services such as DNS, WWW, FTP, > etc. accessible via IPv6. > > * IPv6 connectivity: IP connectivity service provided over IPv6 > transport, either natively or via an IPv6 tunnel. > > * Internal infrastructure: routers, switches, servers, etc., that are > not normally visible or directly accessed by the ISP customers. > > Phase 0 reflects current allocation requirements. Subsequent phases > of this policy are to be implemented 30 days after IANA allocates > address space from the IPv4 free pool that reduces that free pool to a > number of /8s that are at or below the threshold specified. If > multiple thresholds should be crossed within a 30 day period, the > requirements from the last threshold crossed will be applied to > requesters for additional address space. > > Rationale: > > The rationale for this proposal is threefold: > > * to prolong the availability of IPv4 addresses to requesters who can > provide sufficient justification; > > * to encourage the deployment of IPv6 as an alternative to IPv4 by > making the requirements to justify IPv4 allocations increasingly > stringent over time; > > * to promote the more efficient use of increasingly scarce IPv4 > resources. > > As the lack of significant deployment of IPv6 can attest, the cost of > deploying IPv6 currently outweighs the benefits that protocol would > appear to provide. This proposal aims to encourage the deployment of > IPv6 by making the allocation of IPv4 both more difficult and > contingent on the ISP demonstrating both support for IPv6 as well as > more efficient use of the IPv4 address space they administer. The > goal of these measures is to rebalance the IPv6 deployment > cost/benefit ratio thereby encouraging greater uptake of IPv6 before > the IPv4 free pool is exhausted. > > The "IPv4 Soft Landing" policy aims to provide for a smoother > transition away from IPv4 towards IPv6 by imposing increasingly strict > requirements for new address allocations as the amount of address > space available in the IANA unallocated IPv4 address pool decreases. > These increased requirements include both more stringent reassignment > and utilization percentages as well as requiring documented IPv6 > infrastructure services and connectivity provision and the reuse of > IPv4 address space used for internal infrastructure. > > The increased stringency in the allocation requirements is intended > both to increase the efficiency of utilization of the IPv4 address > space and to reduce the likelihood of a "run" on the remaining free > pool of IPv4 address space. ARIN staff would be expected to use the > same mechanisms in use today to verify utilization of customer > requirements. > > The requirements for demonstration of IPv6 infrastructure services and > connectivity are intended to motivate ISPs to provide those services > before the only address space they can offer their customers is IPv6, > thereby breaking the "chicken-and-egg" problem limiting significant > IPv6 deployment. Verification of these requirements can be done by > ARIN staff by using IPv6 transport to connect to published services of > the ISP (e.g., DNS servers, WWW URLs, etc.) as well as using IPv6 ping > to identified addresses internal to the ISP. > > The requirement to provide a current third-party auditors report of > utilization is intended to deter fraudulent justification data used to > support IPv4 allocations in the absence of actual need. > > The requirements to migrate internal infrastructure to either IPv6 or > private (e.g., RFC 1918) addressing are intended to improve the > efficiency of utilization of IPv4 address space, reserving the scarce > IPv4 resources for purposes for which IPv6 or private addresses are > not suitable. These requirements acknowledge that pragmatically, the > use of IPv4 is absolutely essential only for servers in client-server > architectures, machines engaged in peer-to-peer applications, and > entry points for NAT/ALG devices. As such, use of IPv4 for purposes > such as router interface numbering, client-only devices, and devices > which should not be available from external networks should be > discouraged. This policy anticipates ARIN staff will make use of > auditor reports to verify appropriate use of IPv4 addresses in > internal infrastructure. > > The time for transition between phases of this policy are not fixed, > rather they depend on the rate of consumption of IPv4 address space > from the IANA free pool. Current RIR operational procedure is to > request 2 /8s from the IANA when their current pool of free IPv4 > address space is depleted. This procedure should ensure transitions > between phases will have some lead-time, so organizations can prepare > for the next phase of IPv4 address allocation. > > Timetable for implementation: > > Immediately upon approval of this policy by the ARIN Board of Trustees. > > > > _______________________________________________ > This message sent to you through the ARIN Public Policy Mailing List > (PPML at arin.net). > Manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml > From info at arin.net Tue Jul 24 15:01:43 2007 From: info at arin.net (Member Services) Date: Tue, 24 Jul 2007 15:01:43 -0400 Subject: [ppml] Policy Proposal: Legacy Outreach and Partial Reclamation In-Reply-To: <46851DF7.8020106@arin.net> References: <371EB4EE-C2FE-46CD-BAF9-DB35937B572A@delong.com> <46851DF7.8020106@arin.net> Message-ID: <46A64C97.1050604@arin.net> On 19 July 2007, the ARIN Advisory Council (AC) postponed their decision regarding the proposal titled "Legacy Outreach and Partial Reclamation" in order to work with the author. The AC will work with the author to clarify, combine or divide the proposal. At the next regularly scheduled AC meeting, the AC will make their decision to accept or not accept the proposal as a formal policy proposal. The proposal text is below and can be found at: http://www.arin.net/policy/proposals/submission_archive.html The ARIN Internet Resource Policy Evaluation Process can be found at: http://www.arin.net/policy/irpep.html Regards, Member Services American Registry for Internet Numbers (ARIN) > ## * ## > > > Owen DeLong wrote: > >>Here's an attempt to partially drain the swamp and create some >>incentives >>for legacy holders to both return available IPv4 space and start using >>IPv6. >> >>Comments welcome. >> >>Owen >> >> >>Template: ARIN-POLICY-PROPOSAL-TEMPLATE-1.0 >> >> >>Policy Proposal Name: Legacy Outreach and Partial Reclamation >>Author >> name: Owen DeLong >> email: owen at delong.com >> telephone: 408-921-6984 >> organization: JITTR Networks >> >>Proposal Version: 0.0.1 >>Submission Date: 2007 April 22 >>Proposal type: M >> new, modify, or delete. >>Policy term: permanent >> temporary, permanent, or renewable. >>Policy statement: >> Modify section 4.6 as follows: >> >> 4.6 Amnesty Requests >> ARIN will accept the return or relinquishment of any address space >> from any existing address holder. If the address holder wishes to >> aggregate into a single block, ARIN may work with the address holder >> to arrive at an allocation or assignment which is equal to or smaller >> than the sum of their existing blocks and which best meets the needs >> of the existing holder and the community. There shall be no fee for >> returning addresses under this policy. Further, organizations >> returning addresses under this policy shall receive the following >> benefits: >> >> 1. If the organization does not currently pay ARIN >> fees, they shall remain fee exempt. >> >> 2. If the organization currently pays ARIN fees, >> their fees shall be waived for two years for >> each /20 equivalent returned, with any fractional /20 >> equivalent resulting in a one-time single year waiver. >> >> 3. Any organization returning address space under >> this policy shall continue under their existing >> RSA or they may choose to sign the current RSA. >> For organizations which currently do not >> have an RSA, they may sign the current RSA, or, >> they may choose to remain without an RSA. >> >> 4. All organizations returning space under this >> policy shall, if they meet other eligibility >> requirements and so request, obtain an >> appropriate IPv6 end-user assignment >> or ISP allocation as applicable, with no fees >> for the first 5 years. Organizations electing >> to receive IPv6 allocation/assignment under >> this provision must sign a current RSA and >> must agree that all of their IPv4 resources are >> henceforth subject to the RSA. Organizations >> taking this election shall be subject to end-user >> fees for their IPv4 resources not previously >> under an ARIN RSA. If they are already an >> ARIN subscriber, then IPv4 resources >> affected by this process may, instead, be added to >> their existing subscriber agreement at the >> address holder's discretion. >> >>Rationale: >> >> The current amnesty policy does a nice job of facilitating >> aggregation, which was the intent when it was drafted. However, >> as we approach IPv4 free-space exhaustion, the community now >> has an additional need to facilitate address reclamation. >> >> A very high percentage of underutilized space is in the hands of >> legacy holders who currently have no benefit to joining the ARIN >> process. Further, there is an unfortunate perception that doing >> so will require force the legacy holder into certain future >>disadvantages. >> This proposal attempts to resolve both of those issues while also >> providing some incentive to legacy organizations to start using >> IPv6 resources and bring their IPv4 resources into the ARIN >> process. >> >> This policy attempts to provide some benefit and remove most of >> the costs of making partial IPv4 returns. It also attempts to >> provide an incentive for these IPv4 holders to join the ARIN >> process. >> >>Timetable for implementation: >> >> Immediate >> >>Meeting presenter: >> >> TBD, probably Owen DeLong >> >>END OF TEMPLATE >>_______________________________________________ >>This message sent to you through the ARIN Public Policy Mailing List >>(PPML at arin.net). >>Manage your mailing list subscription at: >>http://lists.arin.net/mailman/listinfo/ppml >> > > > > _______________________________________________ > This message sent to you through the ARIN Public Policy Mailing List > (PPML at arin.net). > Manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml > From Lee.Howard at stanleyassociates.com Tue Jul 24 15:04:40 2007 From: Lee.Howard at stanleyassociates.com (Howard, W. Lee) Date: Tue, 24 Jul 2007 15:04:40 -0400 Subject: [ppml] Board processes. In-Reply-To: Message-ID: <369EB04A0951824ABE7D8BAC67AF9BB4067CD036@CL-S-EX-1.stanleyassociates.com> > -----Original Message----- > From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On > Behalf Of Dean Anderson > Sent: Tuesday, July 24, 2007 2:42 PM > To: Leo Bicknell > Cc: ppml at arin.net > Subject: Re: [ppml] Dean Anderson, 130.105.0.0/16 and the > future of the IPv4 Internet. > > Therefore, I call for Paul Vixie to removed from the ARIN > Board of Trustees. > > --Dean Being an open and transparent organization, we have a publically-posted procedure for that. Search on ARIN's site for "removal trustee." You may also note that his term expires this year; you may wish to nominate other candidates for the Board of Trustees. Lee From martin.hannigan at batelnet.bs Tue Jul 24 15:17:54 2007 From: martin.hannigan at batelnet.bs (Martin Hannigan) Date: Tue, 24 Jul 2007 15:17:54 -0400 Subject: [ppml] Example of a questionable block Was: Re: Tell me, Mr. Anderson, what good is a mailing list when we are unable to speak? Message-ID: <46a65062.da.1ae4.7531@batelnet.bs> ----- Original Message ----- From: Dean Anderson To: Martin Hannigan Cc: bill fumerola , , Subject: Re: Example of a questionable block Was: Re: [ppml] Tell me, Mr. Anderson, what good is a mailing list when we are unable to speak? Date: Tue, 24 Jul 2007 10:47:18 -0400 (EDT) > Hmm. Offices in Burlington, MA. Hmm. Burlington, that Av8 > Internet's footprint. (as Hannigan already knows) > > Doesn't look closed, disused or hijacked. > OrgName: Open Software Foundation OrgID: OSF Address: P.O. Box 7286 City: Nashua StateProv: NH PostalCode: 03060 Country: US NetRange: 130.105.0.0 - 130.105.255.255 CIDR: 130.105.0.0/16 NetName: OSF NetHandle: NET-130-105-0-0-1 Parent: NET-130-0-0-0-0 NetType: Direct Allocation NameServer: STARSHIP.AV8.COM NameServer: CONCORDE.AV8.COM >concorde.av8.com. 3600 IN > A 130.105.11.3 7 av8.cust.gnaps.NET (199.232.42.54) 70 ms (ttl=242!) 43 ms (ttl=242!) 77 ms (ttl=242!) 8 av8-camb-gw1.av8.net (130.105.32.13) 117 ms (ttl=241!) 109 ms (ttl=241!) 39 ms (ttl=241!) 9 av8-bos-gw1.av8.net (130.105.3.69) 66 ms (ttl=240!) 37 ms (ttl=240!) 22 ms (ttl=240!) 10 130.105.11.3 (130.105.11.3) 45 ms (ttl=48!) 23 ms (ttl=48!) 74 ms (ttl=48!) > So, Martin, I do demand a retraction for repeating > slander. Sorry Dean. I'm not jumping on the hook. If you are saying this is not your space but opengroups, then that works for me. -M< From arin-contact at dirtside.com Tue Jul 24 15:28:13 2007 From: arin-contact at dirtside.com (William Herrin) Date: Tue, 24 Jul 2007 15:28:13 -0400 Subject: [ppml] Soliciting comments: IPv4 to IPv6 fast migration Message-ID: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com> Hi Folks, Following your comments and some helpful off-list discussion, I've prepared a replacement for last month's "IPv4 to IPv6 Migration Incentive Address Space" proposal. With some mild tweaks to the existing 6to4 protocol, it seeks to address four problems ARIN faces: 1. The looming exhaustion of the IPv4 space. 2. Obsolete and incorrect legacy IPv4 registration and contact information. 3. Legacy IPv4 registrants don't pay their fair share. 4. The need to constrain route announcements in the IPv6 Default-Free Zone. The current draft of the proposal is at: http://bill.herrin.us/arin-policy-proposal-6to4.html Your comments, suggestions and constructive criticism will be greatly appreciated. Thanks in advance, Bill Herrin -- William D. Herrin herrin at dirtside.com bill at herrin.us 3005 Crane Dr. Web: Falls Church, VA 22042-3004 From info at arin.net Tue Jul 24 15:56:21 2007 From: info at arin.net (Member Services) Date: Tue, 24 Jul 2007 15:56:21 -0400 Subject: [ppml] Policy Proposal 2007-14: Resource Review Process Message-ID: <46A65965.6070108@arin.net> On 19 July 2007, the ARIN Advisory Council (AC) concluded their initial review of "Resource Review Process" and accepted it as a formal policy proposal for discussion by the community. The AC accepted the revised version of this proposal which was posted to PPML on 17 July 2007. The revised version included changing the name of the proposal from "Reclamation of Number Resources" to "Resource Review Process". The proposal is designated Policy Proposal 2007-14: Resource Review Process. The proposal text is below and can be found at: http://www.arin.net/policy/proposals/2007_14.html All persons in the community are encouraged to discuss Policy Proposal 2007-14 prior to it being presented at the ARIN Public Policy Meeting in Albuquerque, New Mexico, 17-18 October 2007. Both the discussion on the Public Policy Mailing List and at the Public Policy Meeting will be used to determine the community consensus regarding this policy proposal. The ARIN Internet Resource Policy Evaluation Process can be found at: http://www.arin.net/policy/irpep.html ARIN's Policy Proposal Archive can be found at: http://www.arin.net/policy/proposals/proposal_archive.html Regards, Member Services American Registry for Internet Numbers (ARIN) ## * ## Policy Proposal 2007-14 Resource Review Process Author: Owen DeLong, Stephen Sprunk Proposal type: modify Policy term: permanent Policy statement: Add the following to the NRPM: Resource Review 1. ARIN may review the current usage of any resources issued by ARIN to an organization. The organization shall furnish whatever records are necessary to perform this review. 2. ARIN may conduct such reviews: a. when any new resource is requested, b. whenever ARIN has cause to believe that the resources had originally been obtained fraudulently, or c. at any other time without cause unless a prior review has been completed in the preceding 12 months. 3. ARIN shall communicate the results of the review to the organization. 4. If the review shows that existing usage is substantially not in compliance with current allocation and/or assignment policies, the organization shall return resources as needed to bring them substantially into compliance. If possible, only whole resources shall be returned. Partial address blocks shall be returned in such a way that the portion retained will comprise a single aggregate block. 5. If the organization does not voluntarily return resources as required, ARIN may revoke any resources issued by ARIN as required to bring the organization into overall compliance. ARIN shall follow the same guidelines for revocation that are required for voluntary return in the previous paragraph. 6. Except in cases of fraud, an organization shall be given a minimum of six months to effect a return. ARIN shall negotiate a longer term with the organization if ARIN believes the organization is working in good faith to substantially restore compliance and has a valid need for additional time to renumber out of the affected blocks. 7. ARIN shall continue to maintain the resource(s) while their return or revocation is pending, except no new maintenance fees shall be assessed for the resource(s). 8. Legacy resources in active use, regardless of utilization, are not subject to revocation by ARIN. However, the utilization of legacy resources shall be considered during a review to assess overall compliance. Delete NRPM sections 4.1.2, 4.1.3, 4.1.4 Remove the sentence "In extreme cases, existing allocations may be affected." from NRPM section 4.2.3.1. Policy Rationale Rationale: ARIN feels that current policy does not give them the power to review or reclaim resources except in cases of fraud, despite this being mentioned in the Registration Services Agreement. This policy proposal provides clear policy authority to do so, guidelines for how and under what conditions it shall be done, and a guarantee of a (minimum) six-month grace period so that the current user shall have time to renumber out of any resources to be reclaimed. The nature of the "review" is to be of the same form as is currently done when an organization requests new resources, i.e. the documentation required and standards should be the same. The renumbering period does not affect any "hold" period that ARIN may apply after return or revocation of resources is complete. The deleted sections/text would be redundant with the adoption of this proposal. Timetable for implementation: Immediate From info at arin.net Tue Jul 24 15:56:49 2007 From: info at arin.net (Member Services) Date: Tue, 24 Jul 2007 15:56:49 -0400 Subject: [ppml] Policy Proposal 2007-15: Authentication of Legacy Resources Message-ID: <46A65981.90004@arin.net> On 19 July 2007, the ARIN Advisory Council (AC) concluded their initial review of "Authentication of Legacy Resources" and accepted it as a formal policy proposal for discussion by the community. The proposal is designated Policy Proposal 2007-15: Authentication of Legacy Resources. The proposal text is below and can be found at: http://www.arin.net/policy/proposals/2007_15.html All persons in the community are encouraged to discuss Policy Proposal 2007-15 prior to it being presented at the ARIN Public Policy Meeting in Albuquerque, New Mexico, 17-18 October 2007. Both the discussion on the Public Policy Mailing List and at the Public Policy Meeting will be used to determine the community consensus regarding this policy proposal. The ARIN Internet Resource Policy Evaluation Process can be found at: http://www.arin.net/policy/irpep.html ARIN's Policy Proposal Archive can be found at: http://www.arin.net/policy/proposals/proposal_archive.html Regards, Member Services American Registry for Internet Numbers (ARIN) ## * ## Policy Proposal 2007-15 Authentication of Legacy Resources Author: Andrew Dul Proposal type: New Policy term: Permanent Policy statement: Add new NRPM section 4.9 - Legacy Records Legacy resource record holders shall be permitted to sign an registration services agreement which permits the organization which is currently using the resources as of January 1, 2007 to continue to use those resources as long as a registration services agreement is signed by the organization and the organization is not past-due on their annual maintenance fee. ARIN will evaluate and verify the chain of custody of any resource records prior to executing a registration services agreement with an organization. If a legacy resource holder requests additional IPv4 resources all IPv4 resources (legacy and non-legacy) shall be evaluated to determine utilization for additional assignments under NRPM sections 4.2 or 4.3. ARIN shall use all reasonable methods to attempt to contact legacy record holders starting on January 1, 2008. ARIN shall also post information on the public website regarding this outreach to legacy resource holders. No changes shall be made to legacy resource records which are not covered by a registration services agreement after December 31, 2007. Add new NRPM section 7.3 - Legacy Reverse Delegation Records Legacy IP address record holders who have not signed a registration services agreement with ARIN will have their name server delegations for the in-addr.arpa zone removed starting on June 30, 2009. All name server delegations shall be removed from the in-addr.arpa zone by December 31, 2009. If an individual contacts ARIN and claims to represent a legacy record holder after the removal of an organization's name server delegations, the individual shall be permitted to request a one-time 6 month reinstatement of their name server delegations. This 6 month period is intended to allow an organization to work in good faith to establish a registration services agreement. Policy Rationale An ARIN Legacy resource holder is an organization which was issued number resources prior to the formation of ARIN and whose registration information was not transferred to another RIR through the Early Registration Transfer Project (http://www.arin.net/registration/erx). Legacy resource holders were issued number resources through an informal process. This policy proposal attempts to bring these legacy resource holders into a formal agreement with ARIN, the manager of the IP numbering resources for many of the legacy record holders. Some legacy resource holders have expressed concerns about committing to a registration services agreement when the legacy resource holder cannot be assured that they will be permitted to retain and their resources for the long-term. This policy proposal also does not preclude existing legacy space holders, who may have signed another version of the registration services agreement from having the same commitment level. It is suggested that the Board of Trustees formalize the annual maintenance fees for legacy resource holders at a level similar to the $100 USD per year for end-sites. This policy sets in place a notification period of 18 months to contact all legacy resource holders and creates an incentive for the holders to formalize their relationship with ARIN. The dates in this policy proposal were arbitrarily chosen based upon an expected ratification by the ARIN Board of Trustees by December 31, 2007. If this policy is implemented after December 31, 2007, the trigger dates in the policy should be adjusted appropriately. Given the informal relationship under which the resources were granted, ARIN current maintains the records including WHOIS and in-addr.arpa delegations in a best-effort fashion. Many believe that ARIN may not be obligated to maintain these records. ARIN has experienced some difficulty maintaining these records. Legacy records have been a popular target for hijackers, in part due to the out of date information contained in these records. Having up to date contact information would assist ARIN and ISP's in insuring the stability of the Internet. This policy proposal sets a termination date for in-addr.arpa delegation services for legacy resource record holders who have not formalized their relationship with ARIN through a registration services agreement. The 6 month period of delegation record removal was intended to provide ARIN the flexibility of removing the records on a gradual plan during second half of 2009 and to avoid a large change on a single day. Legacy resource holders who sign a registration services agreement would continue to receive all the services that are currently provided by ARIN plus they would be eligible for any future services that ARIN may offer, such as cryptographic signing of resource records. Timetable for implementation: As stated in policy From tedm at ipinc.net Tue Jul 24 16:45:05 2007 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Tue, 24 Jul 2007 13:45:05 -0700 Subject: [ppml] Example of a questionable block Was: Re: Tell me, Mr. Anderson, what good is a mailing list when we are unable to speak? In-Reply-To: <46a65062.da.1ae4.7531@batelnet.bs> Message-ID: >-----Original Message----- >From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net]On Behalf Of >Martin Hannigan >Sent: Tuesday, July 24, 2007 12:18 PM >To: Dean Anderson >Cc: ppml at arin.net >Subject: Re: [ppml] Example of a questionable block Was: Re: Tell me,Mr. >Anderson,what good is a mailing list when we are unable to speak? > > > >----- Original Message ----- >From: Dean Anderson >To: Martin Hannigan >Cc: bill fumerola , , > >Subject: Re: Example of a questionable block Was: Re: [ppml] >Tell me, Mr. Anderson, what good is a mailing list when we >are unable to speak? >Date: Tue, 24 Jul 2007 10:47:18 -0400 (EDT) > > > > >> Hmm. Offices in Burlington, MA. Hmm. Burlington, that Av8 >> Internet's footprint. (as Hannigan already knows) >> >> Doesn't look closed, disused or hijacked. >> > > >OrgName: Open Software Foundation >OrgID: OSF >Address: P.O. Box 7286 >City: Nashua >StateProv: NH >PostalCode: 03060 >Country: US > >NetRange: 130.105.0.0 - 130.105.255.255 >CIDR: 130.105.0.0/16 >NetName: OSF >NetHandle: NET-130-105-0-0-1 >Parent: NET-130-0-0-0-0 >NetType: Direct Allocation >NameServer: STARSHIP.AV8.COM >NameServer: CONCORDE.AV8.COM > >>concorde.av8.com. 3600 IN >> A 130.105.11.3 > > 7 av8.cust.gnaps.NET (199.232.42.54) 70 ms (ttl=242!) 43 >ms (ttl=242!) 77 ms (ttl=242!) > 8 av8-camb-gw1.av8.net (130.105.32.13) 117 ms (ttl=241!) >109 ms (ttl=241!) 39 ms (ttl=241!) > 9 av8-bos-gw1.av8.net (130.105.3.69) 66 ms (ttl=240!) 37 >ms (ttl=240!) 22 ms (ttl=240!) >10 130.105.11.3 (130.105.11.3) 45 ms (ttl=48!) 23 ms >(ttl=48!) 74 ms (ttl=48!) > > >> So, Martin, I do demand a retraction for repeating >> slander. > >Sorry Dean. I'm not jumping on the hook. If you are saying >this is not your space but opengroups, then that works for >me. > Strange, how Open Software Foundation does not show up in the list of New Hampshire Coprorations here: https://www.sos.nh.gov/corporate/soskb/csearch.asp But of course it IS a "foundation" so I guess they must have a 503(c) filing somewhere. Perhaps the IRS listing of 503(c)s would be more instructive? Ted From owen at delong.com Tue Jul 24 17:08:24 2007 From: owen at delong.com (Owen DeLong) Date: Tue, 24 Jul 2007 14:08:24 -0700 Subject: [ppml] Soliciting comments: IPv4 to IPv6 fast migration In-Reply-To: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com> References: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com> Message-ID: <4E20C0CA-8E54-4237-8E2E-8BE3487BD930@delong.com> On Jul 24, 2007, at 12:28 PM, William Herrin wrote: > Hi Folks, > > Following your comments and some helpful off-list discussion, I've > prepared a replacement for last month's "IPv4 to IPv6 Migration > Incentive Address Space" proposal. With some mild tweaks to the > existing 6to4 protocol, it seeks to address four problems ARIN faces: > First, I don't completely accept your premise... > 1. The looming exhaustion of the IPv4 space. This isn't a problem. It's just a fact. There is a finite amount of IPv4 space available, and, when it is all allocated, it will be impossible to allocate more without reclamation. No problem. There are a number of problems which are derivatives of this fact, but, this fact, in and of itself is not a problem. I say this, not to pick nits, but, because it is important that we target solutions at the actual problem rather than at some meta-issue related to the problem. > 2. Obsolete and incorrect legacy IPv4 registration and contact > information. This is a problem, but, I don't really think it is necessarily related to the IPv6 migration problem except to the extent that legacy holders moving off IPv4 space will (absent your proposal) inherently resolve the issue by deprecating said IPv4 space. > 3. Legacy IPv4 registrants don't pay their fair share. Here, I strongly disagree with your premise. First, Legacy IPv4 registrants don't have a "fair share" to pay. They got into the system before there were fees. Attempts by some random organization to extort money from them (to their perspective, ARIN is just some random organization) are not likely to be taken seriously. The continued registration by ARIN of these blocks and maintenance of their whois and in-addr records is of far more benefit to the community at large than it is to the legacy holders. As such, ARIN continues to provide this service on a status quo basis (as agreed at ARIN's inception, btw) to serve the ARIN community. The fact that the legacy holders also benefit is a happy coincidence, not a direct goal. > 4. The need to constrain route announcements in the IPv6 Default- > Free Zone. > ARIN has no role in this. In IPv4, because of the need to balance the tradeoffs between aggregation and free-pool exhaustion, it was necessary to place portions of both roles in ARIN purview. In IPv6, there is no reason for ARIN to retain a role in routing table maintenance. This role should be pushed back to the ISPs where it belongs. Let those who own routers manage routers. Let ARIN manage address space. > The current draft of the proposal is at: > > http://bill.herrin.us/arin-policy-proposal-6to4.html > I'll read it and comment on the proposal separately, but, I wanted to take this opportunity to first comment on the paradigm framing the proposal since I think it is so far off the mark. Owen From owen at delong.com Tue Jul 24 17:27:53 2007 From: owen at delong.com (Owen DeLong) Date: Tue, 24 Jul 2007 14:27:53 -0700 Subject: [ppml] Policy Proposal 2007-15: Authentication of Legacy Resources In-Reply-To: <46A65981.90004@arin.net> References: <46A65981.90004@arin.net> Message-ID: <1E27D726-6C00-452F-8217-069F96AEDCBD@delong.com> I oppose this proposal as written. While I am in favor of some of the general intent of this proposal, I take issue with the following: 1. Termination of changes to records. The information in WHOIS is already horribly out of date for many records. Refusing to register changes for those organizations willing to register their changes but unwilling to sign an RSA is a disservice to the ARIN community and does not really provide any meaningful incentive to sign the RSA. 2. Fees ARIN is not really in a position to demand fees from legacy holders. We should make it possible for legacy holders to enter into an RSA without requiring fees. We should encourage legacy holders to fully join the ARIN process and pay annual fees, but, I think that tying the RSA signing to a commitment to pay fees is an unnecessary barrier to the RSA. The RSA is, in my opinion, the more important goal. 3. Termination of DNS services Much like the refusal to make changes to whois, this action is more of a disservice to the ARIN community than any sort of incentive for legacy holders. Owen On Jul 24, 2007, at 12:56 PM, Member Services wrote: > On 19 July 2007, the ARIN Advisory Council (AC) concluded their > initial > review of "Authentication of Legacy Resources" and accepted it as a > formal policy proposal for discussion by the community. > > The proposal is designated Policy Proposal 2007-15: Authentication of > Legacy Resources. The proposal text is below and can be found at: > http://www.arin.net/policy/proposals/2007_15.html > > All persons in the community are encouraged to discuss Policy Proposal > 2007-15 prior to it being presented at the ARIN Public Policy > Meeting in > Albuquerque, New Mexico, 17-18 October 2007. Both the discussion on > the > Public Policy Mailing List and at the Public Policy Meeting will be > used > to determine the community consensus regarding this policy proposal. > > The ARIN Internet Resource Policy Evaluation Process can be found at: > http://www.arin.net/policy/irpep.html > > ARIN's Policy Proposal Archive can be found at: > http://www.arin.net/policy/proposals/proposal_archive.html > > Regards, > > Member Services > American Registry for Internet Numbers (ARIN) > > > ## * ## > > > Policy Proposal 2007-15 > Authentication of Legacy Resources > > Author: Andrew Dul > > Proposal type: New > > Policy term: Permanent > > Policy statement: > > Add new NRPM section 4.9 - Legacy Records > > Legacy resource record holders shall be permitted to sign an > registration services agreement which permits the organization > which is > currently using the resources as of January 1, 2007 to continue to use > those resources as long as a registration services agreement is signed > by the organization and the organization is not past-due on their > annual > maintenance fee. ARIN will evaluate and verify the chain of custody of > any resource records prior to executing a registration services > agreement with an organization. > > If a legacy resource holder requests additional IPv4 resources all > IPv4 > resources (legacy and non-legacy) shall be evaluated to determine > utilization for additional assignments under NRPM sections 4.2 or 4.3. > > ARIN shall use all reasonable methods to attempt to contact legacy > record holders starting on January 1, 2008. > > ARIN shall also post information on the public website regarding this > outreach to legacy resource holders. > > No changes shall be made to legacy resource records which are not > covered by a registration services agreement after December 31, 2007. > > Add new NRPM section 7.3 - Legacy Reverse Delegation Records > > Legacy IP address record holders who have not signed a registration > services agreement with ARIN will have their name server > delegations for > the in-addr.arpa zone removed starting on June 30, 2009. All name > server > delegations shall be removed from the in-addr.arpa zone by December > 31, > 2009. > > If an individual contacts ARIN and claims to represent a legacy record > holder after the removal of an organization's name server delegations, > the individual shall be permitted to request a one-time 6 month > reinstatement of their name server delegations. This 6 month period is > intended to allow an organization to work in good faith to establish a > registration services agreement. > > Policy Rationale > > An ARIN Legacy resource holder is an organization which was issued > number resources prior to the formation of ARIN and whose registration > information was not transferred to another RIR through the Early > Registration Transfer Project (http://www.arin.net/registration/erx). > Legacy resource holders were issued number resources through an > informal > process. This policy proposal attempts to bring these legacy resource > holders into a formal agreement with ARIN, the manager of the IP > numbering resources for many of the legacy record holders. > > Some legacy resource holders have expressed concerns about > committing to > a registration services agreement when the legacy resource holder > cannot > be assured that they will be permitted to retain and their > resources for > the long-term. This policy proposal also does not preclude existing > legacy space holders, who may have signed another version of the > registration services agreement from having the same commitment level. > It is suggested that the Board of Trustees formalize the annual > maintenance fees for legacy resource holders at a level similar to the > $100 USD per year for end-sites. > > This policy sets in place a notification period of 18 months to > contact > all legacy resource holders and creates an incentive for the > holders to > formalize their relationship with ARIN. The dates in this policy > proposal were arbitrarily chosen based upon an expected > ratification by > the ARIN Board of Trustees by December 31, 2007. If this policy is > implemented after December 31, 2007, the trigger dates in the policy > should be adjusted appropriately. > > Given the informal relationship under which the resources were > granted, > ARIN current maintains the records including WHOIS and in-addr.arpa > delegations in a best-effort fashion. Many believe that ARIN may > not be > obligated to maintain these records. ARIN has experienced some > difficulty maintaining these records. Legacy records have been a > popular > target for hijackers, in part due to the out of date information > contained in these records. Having up to date contact information > would > assist ARIN and ISP's in insuring the stability of the Internet. > > This policy proposal sets a termination date for in-addr.arpa > delegation > services for legacy resource record holders who have not formalized > their relationship with ARIN through a registration services > agreement. > The 6 month period of delegation record removal was intended to > provide > ARIN the flexibility of removing the records on a gradual plan during > second half of 2009 and to avoid a large change on a single day. > > Legacy resource holders who sign a registration services agreement > would > continue to receive all the services that are currently provided by > ARIN > plus they would be eligible for any future services that ARIN may > offer, > such as cryptographic signing of resource records. > > Timetable for implementation: As stated in policy > > > _______________________________________________ > This message sent to you through the ARIN Public Policy Mailing List > (PPML at arin.net). > Manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml From dean at av8.com Tue Jul 24 18:05:31 2007 From: dean at av8.com (Dean Anderson) Date: Tue, 24 Jul 2007 18:05:31 -0400 (EDT) Subject: [ppml] Example of a questionable block Was: Re: Tell me, Mr. Anderson, what good is a mailing list when we are unable to speak? In-Reply-To: Message-ID: On Tue, 24 Jul 2007, Ted Mittelstaedt wrote: > > Strange, how Open Software Foundation does not show up in the > list of New Hampshire Coprorations here: This isn't strange at all. The OSF is allowed to put whatever address they want on the registration, and designate any contact they want. And you wouldn't be the first looney to send the Open Group a defamatory letter, "anonymously". http://www.iadl.org/ks/kai-schlicting-story.html -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000 From arin-contact at dirtside.com Tue Jul 24 18:27:42 2007 From: arin-contact at dirtside.com (William Herrin) Date: Tue, 24 Jul 2007 18:27:42 -0400 Subject: [ppml] Example of a questionable block Was: Re: Tell me, Mr. Anderson, what good is a mailing list when we are unable to speak? In-Reply-To: References: <46a65062.da.1ae4.7531@batelnet.bs> Message-ID: <3c3e3fca0707241527u3532ff39x71ec576578a3cb90@mail.gmail.com> On 7/24/07, Ted Mittelstaedt wrote: > Strange, how Open Software Foundation does not show up in the > list of New Hampshire Coprorations here: > > https://www.sos.nh.gov/corporate/soskb/csearch.asp > > But of course it IS a "foundation" so I guess they must > have a 503(c) filing somewhere. Perhaps the IRS listing of > 503(c)s would be more instructive? Ted, The Democratic National Committee is a well known non-profit organization headquartered in Washington DC. I assume you've heard of it. Find it at DC's corporation site: http://mblr.dc.gov/corp/lookup/index.asp What you propose is not by itself a reliable test for a legacy registrant's existance or legitimacy. Regards, Bill Herrin -- William D. Herrin herrin at dirtside.com bill at herrin.us 3005 Crane Dr. Web: Falls Church, VA 22042-3004 From dean at av8.com Tue Jul 24 18:45:04 2007 From: dean at av8.com (Dean Anderson) Date: Tue, 24 Jul 2007 18:45:04 -0400 (EDT) Subject: [ppml] Dean Anderson, 130.105.0.0/16 and the future of the IPv4 Internet. In-Reply-To: <45B285AD-D94B-4261-BFDE-4224857BFDBC@delong.com> Message-ID: On Tue, 24 Jul 2007, Owen DeLong wrote: > > It's IANA's problem. It's ARIN's problem. It's DARPA and the DOD's > > problem. It may turn out to be the courts problem, but most of all, > > it's the community's problem. Should netblock ownership and routing > > slots descend into some sort of Mad Max type of future we're all > > going to loose, big time. Secure routing is never going to work if > > we can't figure out who gets the certificate. > > > Actually, Leo, I think that paragraph may have hit on a good portion > of the solution: > > ARIN is not required to provide any NEW services to legacy holders > without an RSA. I doubt anyone will dispute that. I dispute that. ARIN is required to perform the services that IANA has delegated to it. Legacy services are part of that delegation. This is like saying ARIN has no obligation to cart the boxes of legacy records to a new office. Or to convert legacy records to a new electronic format. Any service that required, ARIN is required to perform for everyone. I think you still fail to grasp that ARIN is an agent of IANA, that is to say, the US Government; That the records and assignments belong ultimately to the government, not to ARIN. > If secure routing starts using those certificates and becomes popular, > then, the ability to get a certificate becomes a carrot for legacy > holders to sign an RSA. But, secure routing (of the sort you envision) is a pipedream. The notion of mad-max advertisement of IP blocks is just nonsense. Advertising someone elses active block would be a civil and/or criminal violation of the Computer Fraud and Abuse Act and the Wiretap Act. [as Chris Morrow discovered for advertising /22 masks to 198.3.136/21, and as Martin Hannigan quite nearly found out for advertising a route to Sanford Wallace's net block in 1996. If I hadn't met Hannigan at the Cambridge Brewing Company that night, I think he wouldn't have told Wallace that it was all an accident.] This fear-mongering is no different than previous fear-mongering. Like RADB, this certificate scheme is just another good-old-boys club, and another tool for abuse like the SORBS hijacked list. Sure, there is some reason to think these might have been good ideas, but not enough reason to do so honestly, and not enough reason to avoid abuse and get universal buy-in. [I quit RADB when Susan Harris blocked my email from Merit. That block was part of the 1990's retaliation for saying that Antitrust applied to blacklists and ECPA applied to ISPs. Others quit for similar reasons.] I don't think I'll be asking for a certificate. But I expect if ARIN offers certificate services, other Legacy holders might want certificates, and will be entitled to the same services as everyone else. BTW, Airports also have legacy issues, too. 50 and 99 year leases given out years ago. The legacy's always win on anything that just involves money. Sure, build a new runway, and it might be necessary to tear down a hangar. But a lease is a lease, and you can't get out just because you want to charge more money. Every once in a while someone will try, though. Its best to get that item last on the agenda so you can leave early. --Dean -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000 From tedm at ipinc.net Tue Jul 24 19:17:02 2007 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Tue, 24 Jul 2007 16:17:02 -0700 Subject: [ppml] Soliciting comments: IPv4 to IPv6 fast migration In-Reply-To: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com> Message-ID: >-----Original Message----- >From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net]On Behalf Of >William Herrin >Sent: Tuesday, July 24, 2007 12:28 PM >To: ARIN Address Policy >Subject: [ppml] Soliciting comments: IPv4 to IPv6 fast migration > > >Hi Folks, > >Following your comments and some helpful off-list discussion, I've >prepared a replacement for last month's "IPv4 to IPv6 Migration >Incentive Address Space" proposal. With some mild tweaks to the >existing 6to4 protocol, it seeks to address four problems ARIN faces: > >1. The looming exhaustion of the IPv4 space. >2. Obsolete and incorrect legacy IPv4 registration and contact information. >3. Legacy IPv4 registrants don't pay their fair share. You know, William, I and many others have raised this payment issue repeatedly. The legacy holders appear to generally not be even on this list at all or even paying attention, or they are getting apologists to make the lame argument that the RIR's tracking these people benefits me more than them, so as a paying member I must want to pay for them to be tracked. Of course, this argument completely ignores that I have already asked to NOT pay for them to be tracked and I am not interested in being told by the apologists what is in my best interest. Frankly, I think it is a lost cause. We all know that IPv4 is going to be around for many more years, and the legacy holders are going to continue to use their IPv4 allocations for many more years free of charge. Furthermore as recent discussion seems to indicate that a lot of people, not just legacy holders, are vehemently opposed to derouting IPv4 once IPv6 becomes in wide usage on the Internet, it is very likely that 10 or 20 years post IPv4-runout (long after both of us are retired no doubt) the Internet will STILL have both IPv4 and IPv6 on it, with NO end to the IPv4 in sight. The dirty little secret that it appears a lot of people want to cover up is that ONLY organizations with EXPANDING addressing needs are going to need to bother to migrate to IPv6, immediately post-IPv4-runout. It is going to take many years before must-have servers and must-connect locations on the Internet appear that are ONLY IPv6. And before that happens, huge incentive will exist for new orgs and new deployments to be available to the IPv4 world - because nobody is going to know which one of their potential customers is still on an IPv4-only connection. Clearly, the idea that runout is going to spur IPv6 switchover is bankrupt. I will also point out that NO financial incentive exists for orgs who HAVE completely switched to IPv6 to release their IPv4 holdings, EVEN IF the ENTIRE INTERNET has switched to IPv6. Only if it is a NEW org that has NEVER been touched by IPv4 - never configured an IPv4 address on anything - then incentive exists to NOT use IPv4 on an IPv6 Internet. But, if the org has gear that once upon a time ran IPv4, it is not a financial incentive to stop running it. The situation is very similar to networks that ran TCP/IP and IPX. When NetWare NCP became available on TCP/IP these orgs didn't just shut off IPX. Same goes for orgs that ran Apple's Ethertalk in conjunction with TCP/IP. They continued to run it concurrently and only as brand new gear never sullied with IPX or Ethertalk was deployed did they stop running it. And until they shut it off at their servers, people running the old Mac's without TCP/IP, or the old DOS-based ipx.com clients, they didn't have to switch. Granted, small scale, but similar. I call your attention to the US public switched telephone network, instituted over a century ago. POTS line voltage: - 48v, a century old standard still in use. Rotary dialing - Strowger switching, 1891, a century old standard still in use. DTMF, late 50's a half-century standard still in use. The Internet - IPv4, late 70's early 80's - a 25 year old standard still in use - and if you don't think it's not going to make it another 15 years post-runout, your out of your mind. So don't hope for the legacy IPv4 holders to be paying anything, anytime soon. Maybe what is needed is a policy proposal that has as it's only line item a NON-binding demand for all legacy holders to immediately sign RSA's for all their legacy holdings and start paying the fees. With no penalties if they do not. In that way we might move the fee discussion off the RIRs and to the legacy holders where it belongs. In other words, if the stated policy of the RIR is that all legacy holders are to sign RSA's for all their holdings and be subject to addressing fees, then the discussion will become one of which legacy holders are choosing to do the right thing and pay the fees, and which are not, and legacy holder fee payment will no longer be a line item that will come up in policy proposal. For legacy holders that choose to ignore the demand, no penalties will follow - which means they will be unable to file lawsuits to overturn anything, of course, since no damages will have been suffered - but the moral weight of being classified as a deadbeat or non-participant might have meaning in policy discussions. And, if such a policy proposal was voted down it would also help to end the fee discussion. In other words - we put together a policy proposal telling the legacy holders they have to sign an RSA - but if they don't, we won't punish them - and we couldn't even get that voted in. In other words a completely toothless fee proposal couldn't even get passed. Kind of like the scene from Animal House; "thank you sir, may I have another" Ted From paul at vix.com Tue Jul 24 19:19:56 2007 From: paul at vix.com (Paul Vixie) Date: Tue, 24 Jul 2007 23:19:56 +0000 Subject: [ppml] Dean Anderson, 130.105.0.0/16 and the future of the IPv4 Internet.] Message-ID: <15525.1185319196@sa.vix.com> dean anderson wrote: > But there are some apparent illegitimate reasons. I exposed some of > Vixies schemes some years ago. I think particularly the Anycast issue > and the AXFR "clarify" scam (fall 2002 - spring 2003). actually, you pretty much lost both of those arguments, and demonstrated considerable technical ignorance in the process. > But I also asserted that Antitrust would apply to blacklists and that ECPA > would apply to ISPs in the late 1990s. Vixie and cronies did other things > to retaliate for those early disputes. for the record, i have no cronies and i don't have time for retaliation. > Though I did tend to say I was vindicated in the ECPA and Antitrust disputes > after the Exactis v. MAPS case became well-known in 2002, and after NANOG > held a seminar on the ECPA in 2002. ECPA had no bearing on the issues at the heart of Exactis vs. MAPS. > In 2003 in approximate conjunction with the AXFR-clarify dispute and roughly > the beginning of the Anycast dispute, I think it can be seen that Vixie and > cronies just retaliated by trying to interfere with AV8 Internet business > using blacklists and lies. assuming for the moment that i had time for retaliation, and that i had cronies, the fact that you pretty much lost both disputes on their merits (and showed yourself to be quite ignorant of the technical details in both cases) would seem to indicate that no retaliation could even be called for. > Vixie et al have plenty of reason to dislike me: I have effectively opposed > them at times. But they have no legitimate reason to use quasi-governmental > privileges and positions of influence and trust against me. There is no > legitimate reason to lie. i don't know where to begin. you have never effectively opposed anything. noone can (by definition) legitimately use quasi-governmental privileges against anyone. and neither i, nor the cronies i don't have, are lying about anything. so i guess we'll just have to agree to misunderstand. > [...ORBS...]. Incidentally, Brown is also associated with SORBS and Vixie > through the false statements about Av8 Internet. ... for the record, brown is not associated with sorbs or vixie. > And for the record, I think Vixie professes to have no association with > SORBS. matthew's a good guy. some of his servers have been my personal guests for some time now. "guest" means he doesn't pay, in money or privilege, for my assistance. i do sometimes forward complaints to him when folks can't reach him directly. sometimes i complain to him if i think he's made a mistake. i also subscribe to his blackhole lists on my personal servers. however, i have no financial or fiduciary interest in sorbs or anything else in which matthew has a financial or fiduciary interest. whether this meets the standard for "association" depends on what legal system you're asking the question in. note, i also help spamhaus when i can. also with no financial or fiduciary interest or connection. also completely outside of my ISC or ARIN duties. note, i also help vernon schryver with DCC when i can. also with no financial or fiduciary interest or connection. also completely outside of my ISC or ARIN duties. > But in September 1997, Vixie also claimed to have no association > with MAPS after concerns about conspiracy in restraint of trade. > And we know that turned out to be false. reference, please? > ISC.ORG hosts SORBS. ISC does not host SORBS. all of my "help the antispam world" work is done on my own time with my own resources. ISC's only interest in that part of the internet food chain is that when folks like castlecops.com or benedelman.org get DDoS'd, they are sometimes invited to put their web sites inside OARC, which is hosted inside ISC. note that castlecops.com was made to remove all their text ads since ISC can't host commercial content. but in any case SORBS isn't at ISC. all of the help i give to SORBS is given totally outside of ISC and using only my own personal time and resources. > As demonstrated by Media3 v MAPS, when you host abuse, you can be described > as associated with abuse. I think Vixie's support of SORBS is deeper than > Media3's support of its spam customers. for the record, i think you're quite ignorant on that topic. (and wrong.) > It seems that SORBS was organized to defeat the successful claims in Exactis > v. MAPS and the successful claims against ORBS, by moving SORBS offshore and > having a purported pauper (Matthew Sullivan) profess to be the sole > responsible person for SORBS. for the record, all of that conjecture is both ignorant and incorrect. > However, we can still show Vixie's association with the SORBS activity and > show his previous attempts at dissembling about similar associations. for the record, until you can successfully show such association or dissemblement, it remains conjecture. > These serious, unethical activities and abuse of powers are a stain on > the integrity of the people who make them, and on the integrity of the > people who are associated and allied with the false statements. for the record, and to summarize, there are no unethical activities, nor abuse of powers; no stain on anyone's integrity; and, no false statements. > Therefore, I call for Paul Vixie to removed from the ARIN Board of Trustees. as lee has said, there's a procedure for that. for the record, if renominated, i will run, and if reelected, i will serve. From martin.hannigan at batelnet.bs Tue Jul 24 19:19:56 2007 From: martin.hannigan at batelnet.bs (Martin Hannigan) Date: Tue, 24 Jul 2007 19:19:56 -0400 Subject: [ppml] Example of a questionable block Message-ID: <46a6891c.3c0.2140.6486@batelnet.bs> ----- Original Message ----- From: Dean Anderson To: Ted Mittelstaedt Cc: Martin Hannigan , Subject: RE: [ppml] Example of a questionable block Was: Re: Tell me,Mr. Anderson,what good is a mailing list when we are unable to speak? Date: Tue, 24 Jul 2007 18:05:31 -0400 (EDT) > On Tue, 24 Jul 2007, Ted Mittelstaedt wrote: > > > > Strange, how Open Software Foundation does not show up > > in the list of New Hampshire Coprorations here: > > This isn't strange at all. The OSF is allowed to put > whatever address they want on the registration, and > designate any contact they want. Perhaps a policy that requires "LOA" for changes on blocks that are suspect in one way or another would be interesting in terms of transition? It would certainly clear up a situation like Dean's if a block holder was required to provide LOA (Letter of Authority) when changes or authoritative actions needed to occur. -M< From tedm at ipinc.net Tue Jul 24 19:29:12 2007 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Tue, 24 Jul 2007 16:29:12 -0700 Subject: [ppml] Example of a questionable block Was: Re: Tell me, Mr. Anderson, what good is a mailing list when we are unable to speak? In-Reply-To: <3c3e3fca0707241527u3532ff39x71ec576578a3cb90@mail.gmail.com> Message-ID: >-----Original Message----- >From: wherrin at gmail.com [mailto:wherrin at gmail.com]On Behalf Of William >Herrin >Sent: Tuesday, July 24, 2007 3:28 PM >To: Ted Mittelstaedt >Cc: ppml at arin.net >Subject: Re: [ppml] Example of a questionable block Was: Re: Tell me, >Mr. Anderson, what good is a mailing list when we are unable to speak? > > >On 7/24/07, Ted Mittelstaedt wrote: >> Strange, how Open Software Foundation does not show up in the >> list of New Hampshire Coprorations here: >> >> https://www.sos.nh.gov/corporate/soskb/csearch.asp >> >> But of course it IS a "foundation" so I guess they must >> have a 503(c) filing somewhere. Perhaps the IRS listing of >> 503(c)s would be more instructive? > >Ted, > >The Democratic National Committee is a well known non-profit non-profit? That's what YOU think... ;-) >organization headquartered in Washington DC. I assume you've heard of >it. Find it at DC's corporation site: > >http://mblr.dc.gov/corp/lookup/index.asp > >What you propose is not by itself a reliable test for a legacy >registrant's existance or legitimacy. > Hmmm I wonder then what SORBS used then? Wasn't this discussion started by Dean complaining that block was blacklisted or something? I agree that by itself it isn't reliable. Nor was I attempting to state it was. The point I was making was it's rather difficult merely by looking at a whois output to determine legitimacy. That is why it is so important for orgs that list themselves in whois records to use actual e-mail addresses of real people, actual telephone numbers that go somewhere, rather than anonymous PO boxes. Ultimately, all you have for your online persona to legitimize yourself is what you put up that can be verified - and if you put an anonymous PO box that might not even exist, you really have about as much credibility as that PO box. I find it amazing, frankly, that people seem to think it's perfectly OK to identify things like netblocks with LESS data than they would use to identify themselves on an Ebay sellers' profile!! Ted From vixie at vix.com Tue Jul 24 19:36:32 2007 From: vixie at vix.com (Paul Vixie) Date: 24 Jul 2007 23:36:32 +0000 Subject: [ppml] Dean Anderson, 130.105.0.0/16 and the future of the IPv4 Internet. In-Reply-To: References: <45B285AD-D94B-4261-BFDE-4224857BFDBC@delong.com> Message-ID: dean at av8.com (Dean Anderson) writes: > ... > I think you still fail to grasp that ARIN is an agent of IANA, that is > to say, the US Government; That the records and assignments belong > ultimately to the government, not to ARIN. for the record, this is completely wrong. > ... [I quit RADB when Susan Harris blocked my email from > Merit. That block was part of the 1990's retaliation for saying that > Antitrust applied to blacklists and ECPA applied to ISPs. Others quit > for similar reasons.] for the record, you sure seem to think a lot of people are retaliating against you, and you sure do seem to know a lot of unnamed others. -- Paul Vixie From owen at delong.com Tue Jul 24 19:56:53 2007 From: owen at delong.com (Owen DeLong) Date: Tue, 24 Jul 2007 16:56:53 -0700 Subject: [ppml] Dean Anderson, 130.105.0.0/16 and the future of the IPv4 Internet. In-Reply-To: References: Message-ID: On Jul 24, 2007, at 3:45 PM, Dean Anderson wrote: > On Tue, 24 Jul 2007, Owen DeLong wrote: > >>> It's IANA's problem. It's ARIN's problem. It's DARPA and the DOD's >>> problem. It may turn out to be the courts problem, but most of all, >>> it's the community's problem. Should netblock ownership and routing >>> slots descend into some sort of Mad Max type of future we're all >>> going to loose, big time. Secure routing is never going to work if >>> we can't figure out who gets the certificate. >>> >> Actually, Leo, I think that paragraph may have hit on a good portion >> of the solution: >> >> ARIN is not required to provide any NEW services to legacy holders >> without an RSA. I doubt anyone will dispute that. > > I dispute that. ARIN is required to perform the services that IANA has > delegated to it. Legacy services are part of that delegation. This is > like saying ARIN has no obligation to cart the boxes of legacy records > to a new office. Or to convert legacy records to a new electronic > format. Any service that required, ARIN is required to perform for > everyone. > No... That's not what I'm saying at all. Carting the boxes to a new office would be part of an orderly transition to a new registrar/ registry. I would agree that ARIN has that obligation. As to new electronic format, that's more of a gray area, depending on the purpose of the conversion. If we were, for example (not that I think we should do this) to convert from WHOIS to LDAP, then, yes, ARIN would, indeed, be obliged to convert all records. I'm saying that if ARIN starts offering services that were never offered to legacy holders by the previous registries, ARIN is under no obligation to provide those services to legacy holders unless they elect to subscribe to such services by completing the appropriate process. > I think you still fail to grasp that ARIN is an agent of IANA, that is > to say, the US Government; That the records and assignments belong > ultimately to the government, not to ARIN. > While I don't agree with your premise here, even if it were true, ARIN would be an agent with specific responsibilities in that area. Those responsibilities do not include issuing certificates to legacy holders. The mere fact that ARIN chooses to offer a new service to paying customers does not oblige it to offer that same new service to legacy holders free of charge. >> If secure routing starts using those certificates and becomes >> popular, >> then, the ability to get a certificate becomes a carrot for legacy >> holders to sign an RSA. > > But, secure routing (of the sort you envision) is a pipedream. The > notion of mad-max advertisement of IP blocks is just nonsense. > Advertising someone elses active block would be a civil and/or > criminal > violation of the Computer Fraud and Abuse Act and the Wiretap Act. [as > Chris Morrow discovered for advertising /22 masks to 198.3.136/21, and > as Martin Hannigan quite nearly found out for advertising a route to > Sanford Wallace's net block in 1996. If I hadn't met Hannigan at the > Cambridge Brewing Company that night, I think he wouldn't have told > Wallace that it was all an accident.] > We can agree to disagree on this. While I agree with you about the advertising, if the advertiser is not within the US, then, the US law about what they are doing has little power over what they do. [...more conspiracy theory rant deleted...] > > I don't think I'll be asking for a certificate. But I expect if ARIN > offers certificate services, other Legacy holders might want > certificates, and will be entitled to the same services as everyone > else. > I see no reason that they would be entitled unless they choose to pay for the service. > BTW, Airports also have legacy issues, too. 50 and 99 year leases > given > out years ago. The legacy's always win on anything that just involves > money. Sure, build a new runway, and it might be necessary to tear > down > a hangar. But a lease is a lease, and you can't get out just because > you want to charge more money. Every once in a while someone will > try, > though. Its best to get that item last on the agenda so you can leave > early. > The legacy's don't always win where airports are concerned. If they did, Carmel Valley airport would still exist, Eastridge Mall wouldn't be sitting at the end of 31L and 31R for KRHV, and we wouldn't have had a major fight to keep EA from building a tall tower in the departure path for KSQL runway 30. Those are just the legacy issues I can think of near me with regards to airports where the legacy had the potential to lose. In the case of Carmel Valley and KRHV, the legacy (airport) lost. In the case of KSQL, the legacy won. There were also such lease issues at KSJC and many airplanes were, indeed, displaced from KSJC through an imminent domain process at KSJC. Nobody is proposing to take away legacy holders addresses, but, there is no reason to expect that a new service provided independent of the registration service would be provided for free just because the registration service was provided for free. Owen From tedm at ipinc.net Tue Jul 24 20:16:26 2007 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Tue, 24 Jul 2007 17:16:26 -0700 Subject: [ppml] Example of a questionable block Was: Re: Tell me, Mr. Anderson, what good is a mailing list when we are unable to speak? In-Reply-To: Message-ID: >-----Original Message----- >From: Dean Anderson [mailto:dean at av8.com] >Sent: Tuesday, July 24, 2007 3:06 PM >To: Ted Mittelstaedt >Cc: Martin Hannigan; ppml at arin.net >Subject: RE: [ppml] Example of a questionable block Was: Re: Tell me,Mr. >Anderson,what good is a mailing list when we are unable to speak? > > >On Tue, 24 Jul 2007, Ted Mittelstaedt wrote: >> >> Strange, how Open Software Foundation does not show up in the >> list of New Hampshire Coprorations here: > >This isn't strange at all. The OSF is allowed to put whatever address >they want on the registration, and designate any contact they want. > >And you wouldn't be the first looney to send the Open Group a defamatory >letter, "anonymously". > I think that an anonymous defamatory letter is a contradiction in terms. ;-) Struck a nerve, did I? Ted From dean at av8.com Tue Jul 24 20:18:24 2007 From: dean at av8.com (Dean Anderson) Date: Tue, 24 Jul 2007 20:18:24 -0400 (EDT) Subject: [ppml] Example of a questionable block In-Reply-To: <46a6891c.3c0.2140.6486@batelnet.bs> Message-ID: On Tue, 24 Jul 2007, Martin Hannigan wrote: > Perhaps a policy that requires "LOA" for changes on blocks that are > suspect in one way or another would be interesting in terms of > transition? It would certainly clear up a situation like Dean's if a > block holder was required to provide LOA (Letter of Authority) when > changes or authoritative actions needed to occur. There is nothing suspect about 130.105/16. It has been that way for many years: RegDate: 1988-07-20 Updated: 1998-12-21 The OSF isn't out of business, and if it objected to anything in the registration, it certainly has the resources to make any dispute or any changes it wanted. There is nothing suspect about 198.3.136/21 either. The claims otherwise by Vixie and SORBS, including Hannigan's, are nothing but slander. --Dean -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000 From paul at vix.com Tue Jul 24 20:23:38 2007 From: paul at vix.com (Paul Vixie) Date: Wed, 25 Jul 2007 00:23:38 +0000 Subject: [ppml] Example of a questionable block In-Reply-To: Your message of "Tue, 24 Jul 2007 20:18:24 -0400." References: Message-ID: <30073.1185323018@sa.vix.com> > The claims otherwise by Vixie and SORBS, including Hannigan's, are > nothing but slander. for the record, i'm not making any claims about 130.105/16; and, neither sorbs nor hannigan have checked with me before making whatever claims they've made. From dean at av8.com Tue Jul 24 20:41:01 2007 From: dean at av8.com (Dean Anderson) Date: Tue, 24 Jul 2007 20:41:01 -0400 (EDT) Subject: [ppml] Dean Anderson, 130.105.0.0/16 and the future of the IPv4 Internet.] In-Reply-To: <15525.1185319196@sa.vix.com> Message-ID: On Tue, 24 Jul 2007, Paul Vixie wrote: > dean anderson wrote: > > > But there are some apparent illegitimate reasons. I exposed some of > > Vixies schemes some years ago. I think particularly the Anycast issue > > and the AXFR "clarify" scam (fall 2002 - spring 2003). > > actually, you pretty much lost both of those arguments, and demonstrated > considerable technical ignorance in the process. Really? You didn't get AXFR clarify though, and that scheme failed entirely. And the Anycast scheme, while you got it through by playing hardball, isn't working, for the reasons I said it wouldn't. > > But I also asserted that Antitrust would apply to blacklists and > > that ECPA would apply to ISPs in the late 1990s. Vixie and cronies > > did other things to retaliate for those early disputes. > > for the record, i have no cronies and i don't have time for > retaliation. Really? Good to hear. (Just wish it were true.) > > Though I did tend to say I was vindicated in the ECPA and Antitrust > > disputes after the Exactis v. MAPS case became well-known in 2002, > > and after NANOG held a seminar on the ECPA in 2002. > > ECPA had no bearing on the issues at the heart of Exactis vs. MAPS. I never said it did. I think Exactis claimed Antitrust, fraud, extortion, violation of the Colorado Electronic Communications Privacy Act and some other things I can't remember right now. I have the complaint they filed. If I recall, there were 7 claims, and they got a Temporary Restraining Order. The Judge chastised MAPS lawyer for arguing frivolously that the First Amendment exempted them from all these things. Just by way of reference, many people will remember Paul Vixie blustering in the 1990s about how he looked forward to a lawsuit to resolve all these questions. Well, there is a memo in the Exactis case which reveals the truth behind this bluster. See http://www.dotcomeon.com/exactis1.html Particularly, this statement from MAPS: Threats of legal action are especially common. . . . Please note that threats of legal action are counterproductive. The moment a lawsuit is threatened, all discussions are halted immediately, and MAPS will take no further action with respect to the listing until the lawsuit threat is retracted. Consequently, any listed site will remain listed. > > But in September 1997, Vixie also claimed to have no association > > with MAPS after concerns about conspiracy in restraint of trade. And > > we know that turned out to be false. > > reference, please? See the article on http://www.iadl.org/maps/maps-story.html Under the heading "September, 1997: Problems, Blacklists, Coercion" There is a link to your message on Nanog. > > ISC.ORG hosts SORBS. > > ISC does not host SORBS. http://www.iadl.org/bm/bill-manning-story.html 204.152.186.189 still resolves to www.dnsbl.us.sorbs.net. Saying ISC doesn't host SORBS is more dissembling, by the way. But I do see the forward reference to www.dnsbl.us.sorbs.net. has been changed to 64.124.52.230 (Bungi.com---Dave Rand, co-founder of MAPS) --Dean -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000 From arin-contact at dirtside.com Tue Jul 24 20:46:23 2007 From: arin-contact at dirtside.com (William Herrin) Date: Tue, 24 Jul 2007 20:46:23 -0400 Subject: [ppml] Example of a questionable block Was: Re: Tell me, Mr. Anderson, what good is a mailing list when we are unable to speak? In-Reply-To: References: <3c3e3fca0707241527u3532ff39x71ec576578a3cb90@mail.gmail.com> Message-ID: <3c3e3fca0707241746t3f171ac6ra802bee31c61edf0@mail.gmail.com> On 7/24/07, Ted Mittelstaedt wrote: > Hmmm I wonder then what SORBS used then? Yeah, that's the $64,000 question, isn't it. I think Leo has the right of things: should netblock ownership and routing slots descend into some sort of Mad Max type of future we're all going to lose. SORBS makes an interesting bellwether; they seem to revel in being on the leading edge of the storm. > The point I was making was it's rather difficult merely by looking > at a whois output to determine legitimacy. That is why it is so important > for orgs that list themselves in whois records to use actual e-mail > addresses of real people, actual telephone numbers that go somewhere, > rather than anonymous PO boxes. You'll get no argument from me there. Though if I was in Dean's shoes I might worry that publishing my real address and phone number would allow the Vixie cronies [sic] to track me down. ;) Regards, Bill -- William D. Herrin herrin at dirtside.com bill at herrin.us 3005 Crane Dr. Web: Falls Church, VA 22042-3004 From paul at vix.com Tue Jul 24 22:28:04 2007 From: paul at vix.com (Paul Vixie) Date: Wed, 25 Jul 2007 02:28:04 +0000 Subject: [ppml] Dean Anderson, 130.105.0.0/16 and the future of the IPv4 Internet.] In-Reply-To: Your message of "Tue, 24 Jul 2007 20:41:01 -0400." References: Message-ID: <57780.1185330484@sa.vix.com> > > actually, you pretty much lost both of those arguments, and demonstrated > > considerable technical ignorance in the process. > > Really? You didn't get AXFR clarify though, and that scheme failed entirely. it wasn't my clarification. i never supported the draft since RFC 1034 was quite clear on the matter as far as i was concerned. which is, i think, what IESG ruled during last call. if some other RFC has amended 1034 to cause BIND's behaviour to be noncompliant, please point it out. i can't and won't try to imagine what scheme you thought this was part of, or what success or failure of that scheme would have meant to you. > And the Anycast scheme, while you got it through by playing > hardball, isn't working, for the reasons I said it wouldn't. you didn't understand what "working" would mean, and apparently still don't. many servers, be them root, TLD, or SLD, have run with IP Anycast for many years, and they are working fine. if you can show me a tcpdump that shows failure where IP Anycast is used and shows success otherwise, and it's not due to a configuration error or topology constraint violation on your end, i remain willing to look at it. meanwhile, this was never more than a tempest in a teapot, and i don't think you knew what you were talking about then, or now. > > for the record, i have no cronies and i don't have time for retaliation. > > Really? Good to hear. (Just wish it were true.) that something could be good to hear even though you don't believe it, would astound me under any normal circumstances. > > ECPA had no bearing on the issues at the heart of Exactis vs. MAPS. > > I never said it did. I think Exactis claimed Antitrust, fraud, > extortion, violation of the Colorado Electronic Communications Privacy > Act and some other things I can't remember right now. please re-raise this assertion when your memory improves. > Just by way of reference, many people will remember Paul Vixie blustering in > the 1990s about how he looked forward to a lawsuit to resolve all these > questions. as i've said, there are lawsuits one welcomes when the nasdaq is above 5000 that aren't as welcome when it's below 1500. being right doesn't mean you can afford discovery costs from determined and well funded opponents. > ... See http://www.dotcomeon.com/exactis1.html thanks for reminding me about . i had lost the url, and somebody recently didn't believe me when i told them i was considered responsible for the 9/11 attacks against the world trade center. > > > But in September 1997, Vixie also claimed to have no association > > > with MAPS after concerns about conspiracy in restraint of trade. And > > > we know that turned out to be false. > > > > reference, please? > > See the article on http://www.iadl.org/maps/maps-story.html Under the > heading "September, 1997: Problems, Blacklists, Coercion" There is a link to > your message on Nanog. can you be more specific, and quote it here? > > > ISC.ORG hosts SORBS. > > > > ISC does not host SORBS. > > http://www.iadl.org/bm/bill-manning-story.html > > 204.152.186.189 still resolves to www.dnsbl.us.sorbs.net. > > Saying ISC doesn't host SORBS is more dissembling, by the way. thanks for the notice. i've updated that PTR. now i'm hosting av8 instead. or is that what you mean by dissembling? > But I do see the forward reference to www.dnsbl.us.sorbs.net. has been > changed to 64.124.52.230 (Bungi.com---Dave Rand, co-founder of MAPS) i think that's a uunet block. which they got from arin. is that what you mean by conspiracy? From jr at jrw.org Tue Jul 24 22:30:12 2007 From: jr at jrw.org (J. R. Westmoreland) Date: Tue, 24 Jul 2007 20:30:12 -0600 Subject: [ppml] Policy Proposal 2007-15: Authentication of Legacy Resources In-Reply-To: <1E27D726-6C00-452F-8217-069F96AEDCBD@delong.com> References: <46A65981.90004@arin.net> <1E27D726-6C00-452F-8217-069F96AEDCBD@delong.com> Message-ID: <000101c7ce63$bd3575b0$37a06110$@org> Based on my initial reading of this proposal I would agree with Owen. I have a /24 block, which I have had for about 15 years. I don't want to get in to a situation like my cable company thought was a great idea and have to pay $1250 per month to route this address block, or own it for that matter. I agree that there are records that need to be updated. I'm still working on an issue to remove myself from the records of the company for which I previously worked. The paperwork required is necessary I fully understand but not much fun. A possibility for a fix might be a fee based on size and number of blocks/resources. I would hope that this fee would not be so large as to destroy those of us who are just mere mortals and not attached to a corporate checkbook. Regards, J. R. ---------------------------------------- J. R. Westmoreland Email: jr at jrw.org -----Original Message----- From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On Behalf Of Owen DeLong Sent: Tuesday, July 24, 2007 3:28 PM To: Member Services Cc: ppml at arin.net Subject: Re: [ppml] Policy Proposal 2007-15: Authentication of Legacy Resources I oppose this proposal as written. While I am in favor of some of the general intent of this proposal, I take issue with the following: 1. Termination of changes to records. The information in WHOIS is already horribly out of date for many records. Refusing to register changes for those organizations willing to register their changes but unwilling to sign an RSA is a disservice to the ARIN community and does not really provide any meaningful incentive to sign the RSA. 2. Fees ARIN is not really in a position to demand fees from legacy holders. We should make it possible for legacy holders to enter into an RSA without requiring fees. We should encourage legacy holders to fully join the ARIN process and pay annual fees, but, I think that tying the RSA signing to a commitment to pay fees is an unnecessary barrier to the RSA. The RSA is, in my opinion, the more important goal. 3. Termination of DNS services Much like the refusal to make changes to whois, this action is more of a disservice to the ARIN community than any sort of incentive for legacy holders. Owen On Jul 24, 2007, at 12:56 PM, Member Services wrote: > On 19 July 2007, the ARIN Advisory Council (AC) concluded their > initial > review of "Authentication of Legacy Resources" and accepted it as a > formal policy proposal for discussion by the community. > > The proposal is designated Policy Proposal 2007-15: Authentication of > Legacy Resources. The proposal text is below and can be found at: > http://www.arin.net/policy/proposals/2007_15.html > > All persons in the community are encouraged to discuss Policy Proposal > 2007-15 prior to it being presented at the ARIN Public Policy > Meeting in > Albuquerque, New Mexico, 17-18 October 2007. Both the discussion on > the > Public Policy Mailing List and at the Public Policy Meeting will be > used > to determine the community consensus regarding this policy proposal. > > The ARIN Internet Resource Policy Evaluation Process can be found at: > http://www.arin.net/policy/irpep.html > > ARIN's Policy Proposal Archive can be found at: > http://www.arin.net/policy/proposals/proposal_archive.html > > Regards, > > Member Services > American Registry for Internet Numbers (ARIN) > > > ## * ## > > > Policy Proposal 2007-15 > Authentication of Legacy Resources > > Author: Andrew Dul > > Proposal type: New > > Policy term: Permanent > > Policy statement: > > Add new NRPM section 4.9 - Legacy Records > > Legacy resource record holders shall be permitted to sign an > registration services agreement which permits the organization > which is > currently using the resources as of January 1, 2007 to continue to use > those resources as long as a registration services agreement is signed > by the organization and the organization is not past-due on their > annual > maintenance fee. ARIN will evaluate and verify the chain of custody of > any resource records prior to executing a registration services > agreement with an organization. > > If a legacy resource holder requests additional IPv4 resources all > IPv4 > resources (legacy and non-legacy) shall be evaluated to determine > utilization for additional assignments under NRPM sections 4.2 or 4.3. > > ARIN shall use all reasonable methods to attempt to contact legacy > record holders starting on January 1, 2008. > > ARIN shall also post information on the public website regarding this > outreach to legacy resource holders. > > No changes shall be made to legacy resource records which are not > covered by a registration services agreement after December 31, 2007. > > Add new NRPM section 7.3 - Legacy Reverse Delegation Records > > Legacy IP address record holders who have not signed a registration > services agreement with ARIN will have their name server > delegations for > the in-addr.arpa zone removed starting on June 30, 2009. All name > server > delegations shall be removed from the in-addr.arpa zone by December > 31, > 2009. > > If an individual contacts ARIN and claims to represent a legacy record > holder after the removal of an organization's name server delegations, > the individual shall be permitted to request a one-time 6 month > reinstatement of their name server delegations. This 6 month period is > intended to allow an organization to work in good faith to establish a > registration services agreement. > > Policy Rationale > > An ARIN Legacy resource holder is an organization which was issued > number resources prior to the formation of ARIN and whose registration > information was not transferred to another RIR through the Early > Registration Transfer Project (http://www.arin.net/registration/erx). > Legacy resource holders were issued number resources through an > informal > process. This policy proposal attempts to bring these legacy resource > holders into a formal agreement with ARIN, the manager of the IP > numbering resources for many of the legacy record holders. > > Some legacy resource holders have expressed concerns about > committing to > a registration services agreement when the legacy resource holder > cannot > be assured that they will be permitted to retain and their > resources for > the long-term. This policy proposal also does not preclude existing > legacy space holders, who may have signed another version of the > registration services agreement from having the same commitment level. > It is suggested that the Board of Trustees formalize the annual > maintenance fees for legacy resource holders at a level similar to the > $100 USD per year for end-sites. > > This policy sets in place a notification period of 18 months to > contact > all legacy resource holders and creates an incentive for the > holders to > formalize their relationship with ARIN. The dates in this policy > proposal were arbitrarily chosen based upon an expected > ratification by > the ARIN Board of Trustees by December 31, 2007. If this policy is > implemented after December 31, 2007, the trigger dates in the policy > should be adjusted appropriately. > > Given the informal relationship under which the resources were > granted, > ARIN current maintains the records including WHOIS and in-addr.arpa > delegations in a best-effort fashion. Many believe that ARIN may > not be > obligated to maintain these records. ARIN has experienced some > difficulty maintaining these records. Legacy records have been a > popular > target for hijackers, in part due to the out of date information > contained in these records. Having up to date contact information > would > assist ARIN and ISP's in insuring the stability of the Internet. > > This policy proposal sets a termination date for in-addr.arpa > delegation > services for legacy resource record holders who have not formalized > their relationship with ARIN through a registration services > agreement. > The 6 month period of delegation record removal was intended to > provide > ARIN the flexibility of removing the records on a gradual plan during > second half of 2009 and to avoid a large change on a single day. > > Legacy resource holders who sign a registration services agreement > would > continue to receive all the services that are currently provided by > ARIN > plus they would be eligible for any future services that ARIN may > offer, > such as cryptographic signing of resource records. > > Timetable for implementation: As stated in policy > > > _______________________________________________ > This message sent to you through the ARIN Public Policy Mailing List > (PPML at arin.net). > Manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml _______________________________________________ This message sent to you through the ARIN Public Policy Mailing List (PPML at arin.net). Manage your mailing list subscription at: http://lists.arin.net/mailman/listinfo/ppml From mysidia at gmail.com Wed Jul 25 02:11:12 2007 From: mysidia at gmail.com (James Hess) Date: Wed, 25 Jul 2007 01:11:12 -0500 Subject: [ppml] Dean Anderson, 130.105.0.0/16 and the future of the IPv4 Internet. In-Reply-To: References: <45B285AD-D94B-4261-BFDE-4224857BFDBC@delong.com> Message-ID: <6eb799ab0707242311p5d6af967g852fbe0f5693406e@mail.gmail.com> On 7/24/07, Dean Anderson wrote: > I dispute that. ARIN is required to perform the services that IANA has > delegated to it. Legacy services are part of that delegation. This is > like saying ARIN has no obligation to cart the boxes of legacy records > to a new office. Or to convert legacy records to a new electronic > format. Any service that required, ARIN is required to perform for > everyone. Any service that required, ARIN is required to perform for everyone... but only under the same terms. Legacy assignees that have not signed an RSA are not operating on the same terms, in fact, a legacy assignee by definition has no agreement for "services" to be provided. ARIN may by policy choose to provide the same services, but this is different from being obligated to someone else to do so. In that regard, the obligation for ARIN towards legacy holders is to follow its own policies and mission/purpose RIR obligations are spelled out by the ASO MOU and the numbering policy of ICANN, very basic requirements. It would be a choice of ARIN by policy whether additional services are performed for legacy holders, without signing of a RSA. However the requirement for equal treatment of all organizations making requests of a RIR (like a request for a certificate), would suggest that ARIN should require a RSA to be signed before providing the service, unless ARIN were to start providing a way for release of "non-legacy registrations" from their RSA, while maintaining the registration As a matter of policy, ARIN should be objective and impartial, and therefore not treat requestors who are "legacy registrants" with undue favor over new registrants. > I think you still fail to grasp that ARIN is an agent of IANA, that is > to say, the US Government; That the records and assignments belong > ultimately to the government, not to ARIN. I think you failed to grasp that ARIN is in fact NOT an agent of IANA, and the fact that a record appears or doesn't appear in a regional registry is not something the US government has the authority over. That is a matter between the registry and registrants they serve. Re-iterating that ARIN is an agent of IANA does not make it true. Any more than repeating that "Internet is a US government-owned network" would make it true. > Advertising someone elses active block would be a civil and/or criminal > violation of the Computer Fraud and Abuse Act and the Wiretap Act. [as > Chris Morrow discovered for advertising /22 masks to 198.3.136/21, and > as Martin Hannigan quite nearly found out for advertising a route to > Sanford Wallace's net block in 1996. If I hadn't met Hannigan at the Not necessarily. > I don't think I'll be asking for a certificate. But I expect if ARIN > offers certificate services, other Legacy holders might want > certificates, and will be entitled to the same services as everyone > else. They will be entitled to the same services as everyone else, but only if they also sign the same agreements, that everyone else has signed, in order to subscribe to the additional services. -- -J From colin at thusa.co.za Wed Jul 25 03:14:40 2007 From: colin at thusa.co.za (Colin Alston) Date: Wed, 25 Jul 2007 09:14:40 +0200 Subject: [ppml] Tell me, Mr. Anderson, what good is a mailing list when we are unable to speak? In-Reply-To: References: Message-ID: <46A6F860.9060000@thusa.co.za> On 21/07/2007 01:11 Ted Mittelstaedt wrote: > No, I haven't noticed - Russ Housley is still IETF chair, you have been > complaining about him and the patented TLS issue for a couple years, now. This whole argument is almost as old as those over the Gaza-strip. At least though if it were over something of life threatening importance people might be interesting - I'm quite bored though. Frankly, if people are able to debate a no-win argument for this length of time (I saw it going on about 2 years back when I was on the IETF list briefly) they must have a great deal of spare time. I'm tempted to ramble along the lines of "Peace my bothers, we must work together in these troubled times of IPv4 extinction", but rather pretend I didn't... Thanks for the sum of events so far Leo. -- Colin Alston ______ Linux & Internet Services /\_\_\_\ Thusa Business Support (Pty) Ltd /\/\_\_\_\ http://www.thusa.co.za/ /\/\/\_\_\_\ Tel: (+27) 031 277 1257 \/\/\/_/_/_/ Fax: (+27) 031 277 1269 \/\/_/_/_/ \/_/_/_/ "To the world you may be one person, to one person you may be the world" ~ Rachel Ann Nunes. From randy at psg.com Wed Jul 25 05:51:14 2007 From: randy at psg.com (Randy Bush) Date: Wed, 25 Jul 2007 04:51:14 -0500 Subject: [ppml] Dean Anderson, 130.105.0.0/16 and the future of the IPv4 Internet.] In-Reply-To: <57780.1185330484@sa.vix.com> References: <57780.1185330484@sa.vix.com> Message-ID: <46A71D12.1030606@psg.com> paul, why is anyone paying attention to a clueless and sick troll? procmail is your friend. randy From heldal at eml.cc Wed Jul 25 08:12:30 2007 From: heldal at eml.cc (Per Heldal) Date: Wed, 25 Jul 2007 14:12:30 +0200 Subject: [ppml] Dean Anderson, 130.105.0.0/16 and the future of the IPv4 Internet. In-Reply-To: <20070724162130.GA62720@ussenterprise.ufp.org> References: <20070724162130.GA62720@ussenterprise.ufp.org> Message-ID: <1185365550.20196.43.camel@localhost.localdomain> On Tue, 2007-07-24 at 12:21 -0400, Leo Bicknell wrote: > Legacy space has been transferred. In some cases completely > legitimately, in some cases fraudulently; and in many cases in some > sort of grey area. Why use the terms "legacy space" and "legacy address-holder" in this context at all? To me it sounds like implicit acceptance of the principle that ip-addresses are assets. Laws and regulations change over time in real life. Why should the internet be any different? You either play by *current* rules or not at all. Anybody can suggest changes to the policies, but you can't opt to stick to old rules or invent your own and expect to stay in the game. > Historically there were no rules. Can a legacy > holder transfer their space to another party? Are they required > to tell anyone if they do? Ideally there should be digital signatures and allocation policies should be worded as if there were. Thus, any transfer must be communicated to and authorised by the authority that originally allocated the resource -- unless they have formally delegated responsibility for that allocation to another organisation (which is the case for many legacy IANA allocations). > If someone disputes the transfer, what > constitutes proof? What role does ARIN play in any of this process? A transfer shouldn't differ from any other allocation. The registry's role is to ensure that the new resource-holder meets current policy requirements, and of course verify that the previous resource-holder has authorised the transfer. //per From heldal at eml.cc Wed Jul 25 08:33:25 2007 From: heldal at eml.cc (Per Heldal) Date: Wed, 25 Jul 2007 14:33:25 +0200 Subject: [ppml] Dean Anderson, 130.105.0.0/16 and the future of the IPv4 Internet. In-Reply-To: References: Message-ID: <1185366805.20196.55.camel@localhost.localdomain> On Tue, 2007-07-24 at 18:45 -0400, Dean Anderson wrote: > I think you still fail to grasp that ARIN is an agent of IANA, that is > to say, the US Government; That the records and assignments belong > ultimately to the government, not to ARIN. > I don't think you should put too much emphasis on the connection to the us government. The ARIN function will eventually be placed where it is most convenient for the community at large. We've already seen an "uprising" where the RIRs through the NRO nearly had a number of ARIN responsibilities removed from ICANN. //per From davids at webmaster.com Wed Jul 25 08:45:35 2007 From: davids at webmaster.com (David Schwartz) Date: Wed, 25 Jul 2007 05:45:35 -0700 Subject: [ppml] Dean Anderson, 130.105.0.0/16 and the future of the IPv4 Internet. In-Reply-To: <1185365550.20196.43.camel@localhost.localdomain> Message-ID: > Why use the terms "legacy space" and "legacy address-holder" in this > context at all? To me it sounds like implicit acceptance of the > principle that ip-addresses are assets. Laws and regulations change over > time in real life. Why should the internet be any different? You either > play by *current* rules or not at all. Anybody can suggest changes to > the policies, but you can't opt to stick to old rules or invent your own > and expect to stay in the game. The current rules are that you must agree to certain things as a condition of getting address space assigned to you. In the distance past, address space was treated essentially as property. Legacy holders can make a reasonable claim that they own their address space and are grandfathered. It is not clear what legal or administrative process would be appropriate to defeat this claim. This is why I think the carrot will be far more effective than the stick. DS From heldal at eml.cc Wed Jul 25 09:32:28 2007 From: heldal at eml.cc (Per Heldal) Date: Wed, 25 Jul 2007 15:32:28 +0200 Subject: [ppml] Dean Anderson, 130.105.0.0/16 and the future of the IPv4 Internet. In-Reply-To: <1185366805.20196.55.camel@localhost.localdomain> References: <1185366805.20196.55.camel@localhost.localdomain> Message-ID: <1185370348.20196.56.camel@localhost.localdomain> On Wed, 2007-07-25 at 14:33 +0200, Per Heldal wrote: > On Tue, 2007-07-24 at 18:45 -0400, Dean Anderson wrote: > > I think you still fail to grasp that ARIN is an agent of IANA, that is > > to say, the US Government; That the records and assignments belong > > ultimately to the government, not to ARIN. > > > > I don't think you should put too much emphasis on the connection to the > us government. The ARIN function will eventually be placed where it is s/ARIN/IANA/ > most convenient for the community at large. We've already seen an > "uprising" where the RIRs through the NRO nearly had a number of ARIN > responsibilities removed from ICANN. > From info at arin.net Wed Jul 25 10:47:29 2007 From: info at arin.net (Member Services) Date: Wed, 25 Jul 2007 10:47:29 -0400 Subject: [ppml] Policy Proposal: IANA Policy for Allocation of ASN Blocks to RIRs Message-ID: <46A76281.4030706@arin.net> ARIN received the following policy proposal. In accordance with the ARIN Internet Resource Policy Evaluation Process, the proposal is being posted to the ARIN Public Policy Mailing List (PPML) and being placed on ARIN's website. The ARIN Advisory Council (AC) will review this proposal at their next regularly scheduled meeting. The AC may decide to: 1. Accept the proposal as a formal policy proposal as written. If the AC accepts the proposal, it will be posted as a formal policy proposal to PPML and it will be presented at a Public Policy Meeting. 2. Postpone their decision regarding the proposal until the next regularly scheduled AC meeting in order to work with the author. The AC will work with the author to clarify, combine or divide the proposal. At their following meeting the AC will accept or not accept the proposal. 3. Not accept the proposal. If the AC does not accept the proposal, the AC will explain their decision. If a proposal is not accepted, then the author may elect to use the petition process to advance their proposal. If the author elects not to petition or the petition fails, then the proposal will be closed. The AC will assign shepherds in the near future. ARIN will provide the names of the shepherds to the community via the PPML. In the meantime, the AC invites everyone to comment on this proposal on the PPML, particularly their support or non-support and the reasoning behind their opinion. Such participation contributes to a thorough vetting and provides important guidance to the AC in their deliberations. The ARIN Internet Resource Policy Evaluation Process can be found at: http://www.arin.net/policy/irpep.html Mailing list subscription information can be found at: http://www.arin.net/mailing_lists/ Regards, Member Services American Registry for Internet Numbers (ARIN) ## * ## Policy Proposal Name: Internet Assigned Numbers Authority (IANA) Policy for Allocation of ASN Blocks to Regional Internet Registries Author: Axel Pawlik Proposal Version: 1 Submission Date: 24 July 2007 Proposal type: New Policy term: renewable Policy statement: Abstract This document describes the policy governing the allocation of Autonomous System Numbers (ASNs) from the IANA to the Regional Internet Registries (RIRs). This policy document does not stipulate performance requirements in the provision of services by the IANA to an RIR. Such requirements will be specified by appropriate agreements between ICANN and the Number Resource Organization (NRO). 1. Allocation Principles IANA allocates ASNs to RIRs in blocks of 1024 ASNs. In this document the term "ASN block" refers to a set of 1024 ASNs. Until 31 December 2009, allocations of 2-byte only and 4-byte only ASN blocks will be made separately and independent of each other [1]. This means until 31 December 2009, RIRs can receive two separate ASN blocks, one for 2-byte only ASNs and one for 4-byte only ASNs from the IANA under this policy. After this date, IANA and the RIRs will cease to make any distinction between 2-byte only and 4-byte only ASNs, and will operate ASN allocations from an undifferentiated 4-byte ASN allocation pool. 2. Initial Allocations Each new RIR will be allocated a new ASN block. 3. Additional Allocations An RIR is eligible to receive (an) additional ASN block(s) from the IANA if one of the following conditions is met: 1. The RIR has assigned/allocated 80% of the previously received ASN block, or 2. The number of free ASNs currently held by the RIR is less than two months need. This projection is based on the monthly average number of ASNs assigned/allocated by the RIR over the previous six months. An RIR will be allocated as many ASN blocks as are needed to support their registration needs for the next 12 months, based on their average assignment/allocation rate over the previous six months, unless the RIR specifically requests fewer blocks than it qualifies for. 4. Announcement of IANA Allocations The IANA, the NRO and the RIRs will make announcements and update their respective websites/databases when an allocation is made by the IANA to an RIR. ICANN and the NRO will establish administrative procedures to manage this process. [1. http://www.ripe.net/ripe/policies/proposals/2005-12.html] Rationale: There are global policies governing the allocation of IPv4 and IPv6 blocks from the IANA to RIRs. At this point there is no specific policy regarding the allocation of Autonomous System Numbers from the IANA to the RIRs. This proposal will create a policy to fill this gap. The criteria being proposed has already been the practice between IANA and RIRs so far and it has been proven to work. It is designed to allow RIRs to request ASN blocks from the IANA in a timely fashion and maintain enough ASNs in holding to ensure that their registration services can be sustained. It is also proposed that the RIRs be allocated as many ASN blocks as are needed to support their registration needs for the next 12 months. This will generally mean that each RIR will only need to make one ASN request from the IANA each year, thus lowering operational overhead for the RIRs. Timetable for implementation: Immediate From andrew.dul at quark.net Wed Jul 25 11:56:53 2007 From: andrew.dul at quark.net (=?iso-8859-1?Q?Andrew=20Dul?=) Date: Wed, 25 Jul 2007 07:56:53 -0800 Subject: [ppml] Policy Proposal: Global Policy for the Allocation of the Remaining IPv4 Address Space Message-ID: <20070725155653.26459.qmail@hoster908.com> > -------Original Message------- > From: Roque Gagliano > Subject: Re: [ppml] Policy Proposal: Global Policy for the Allocation of the Remaining IPv4 Address Space > Sent: 24 Jul '07 08:06 > > Andrew, here are my answers, > > On Mon, 2007-07-23 at 11:06 -0800, Andrew Dul wrote: > > > > I'm not sure this policy is necessary. I don't specifically think > > there is anything wrong with the current policy. > > > > RIRs could develop their own "end of IPv4 allocation schemes" even if > > the IANA to RIR policy was not changed. > > Why should they do it? with the current policy RIRs are encouraged to > consume as many addresses as possible until the IANA pool exhausts. > > The proposed policy eliminates the pressure on the central pool at IANA > and allows each RIR to develop its own policies on how are they going to > distribute its last allocation (probably more conservative policies). This doesn't eliminate pressure on the IANA pool, it just speeds up the date when IANA says, sorry we are all out of IPv4 /8s. As you know the RIRs are made up of members of the Internet community, the only way any policy will reach consensus is if the members of the community think this is the right thing to do. However, sometimes economics trumps technical ideals. > It > will also be a clear message to the rest of the community about how the > IANA pool will be distributed and by doing that avoiding discussion > outside the RIR environment. I think the current policy accurately describes what will happen. RIRs will keep asking for /8 allocations until there are no more available. You don't know who will get the last allocation, but you do know how it will happen. > Probably we should also ask ourselves: What may happen if we just do > nothing about this issue? All IPv4 address space will eventually be allocated or assigned, the same thing that will happen if we do decide to have an alternate assignment/allocation scheme. > > > RIRs use IPv4 resources at different rates due to the different sizes > > of the communities they represent. This policy will artificially > > extend the availability in some of IPv4 resources in some RIR's, that > > could lead to RIR shopping. > > We need to take a global perspective on this issue, here I have to > scenarios: I agree a global perspective is needed. I was just pointing out that because you are allocating a fixed size to each RIR, that will have consequences. Those consequences may or may not be better or worse than not allocating a last fixed amount of /8s to the RIRs. And your opinion on if the consequences are better or worse will also probably depend on your individual perspective. Andrew From arin-contact at dirtside.com Wed Jul 25 12:34:55 2007 From: arin-contact at dirtside.com (William Herrin) Date: Wed, 25 Jul 2007 12:34:55 -0400 Subject: [ppml] Policy Proposal: Global Policy for the Allocation of the Remaining IPv4 Address Space In-Reply-To: <20070725155653.26459.qmail@hoster908.com> References: <20070725155653.26459.qmail@hoster908.com> Message-ID: <3c3e3fca0707250934t37cea6c6mc3e6e78fe5876733@mail.gmail.com> On 7/25/07, Andrew Dul wrote: > > It > > will also be a clear message to the rest of the community about how the > > IANA pool will be distributed and by doing that avoiding discussion > > outside the RIR environment. > > I think the current policy accurately describes what will happen. RIRs will keep > asking for /8 allocations until there are no more available. You don't know who > will get the last allocation, but you do know how it will happen. Andrew, The problem is, it could happen two days after ARIN requests its next /8 block but it could also happen two days before. It could be a nasty "gotcha." By assigning the final blocks in a big chuck to all of the registries, each registry would have at least a couple months of warning before the final "all gone." Would the extra warning be useful? Squandered? I don't know. I do know that it is less chaotic than the first-come first-served until sold out ending and chaos is the enemy of responsible stewardship. I'm against this proposal with N=5 because I don't think it distributes the final /8's fairly. But with N=1 (a final /8 to each registry all at the same time) I think think this proposal would be reasonable. Regards, Bill Herrin -- William D. Herrin herrin at dirtside.com bill at herrin.us 3005 Crane Dr. Web: Falls Church, VA 22042-3004 From sleibrand at internap.com Wed Jul 25 12:40:05 2007 From: sleibrand at internap.com (Scott Leibrand) Date: Wed, 25 Jul 2007 09:40:05 -0700 Subject: [ppml] Policy Proposal: Global Policy for the Allocation of the Remaining IPv4 Address Space In-Reply-To: <3c3e3fca0707250934t37cea6c6mc3e6e78fe5876733@mail.gmail.com> References: <20070725155653.26459.qmail@hoster908.com> <3c3e3fca0707250934t37cea6c6mc3e6e78fe5876733@mail.gmail.com> Message-ID: <46A77CE5.5090906@internap.com> Bill Herrin wrote: > > The problem is, it could happen two days after ARIN requests its next > /8 block but it could also happen two days before. It could be a nasty > "gotcha." > > By assigning the final blocks in a big chuck to all of the registries, > each registry would have at least a couple months of warning before > the final "all gone." Would the extra warning be useful? Squandered? I > don't know. I do know that it is less chaotic than the first-come > first-served until sold out ending and chaos is the enemy of > responsible stewardship. > > > I'm against this proposal with N=5 because I don't think it > distributes the final /8's fairly. But with N=1 (a final /8 to each > registry all at the same time) I think think this proposal would be > reasonable. I would still favor a final allocation based on usage rate instead of a static value of "N". If that is not something smaller RIRs like LACNIC and AfriNIC would support, though, I would agree with Bill, and would be OK with this proposal with a smaller value of N. -Scott From fobispo at cenit.gob.ve Wed Jul 25 12:53:57 2007 From: fobispo at cenit.gob.ve (Francisco Obispo) Date: Wed, 25 Jul 2007 12:53:57 -0400 Subject: [ppml] Posible Spam** Re: Policy Proposal: Global Policy for the Allocation of the Remaining IPv4 Address Space In-Reply-To: <46A77CE5.5090906@internap.com> References: <20070725155653.26459.qmail@hoster908.com> <3c3e3fca0707250934t37cea6c6mc3e6e78fe5876733@mail.gmail.com> <46A77CE5.5090906@internap.com> Message-ID: <815D72CF-2E88-43D0-8E1B-AD395FAB541C@cenit.gob.ve> Dear Scott, My comments below. _____________________________ Francisco Obispo Director de Operaciones y Red Acad?mica Centro Nacional de Innovaci?n Tecnol?gica http://www.cenit.gob.ve On 25/07/2007, at 12:40 PM, Scott Leibrand wrote: > Bill Herrin wrote: >> >> The problem is, it could happen two days after ARIN requests its next >> /8 block but it could also happen two days before. It could be a >> nasty >> "gotcha." >> >> By assigning the final blocks in a big chuck to all of the >> registries, >> each registry would have at least a couple months of warning before >> the final "all gone." Would the extra warning be useful? >> Squandered? I >> don't know. I do know that it is less chaotic than the first-come >> first-served until sold out ending and chaos is the enemy of >> responsible stewardship. >> >> >> I'm against this proposal with N=5 because I don't think it >> distributes the final /8's fairly. But with N=1 (a final /8 to each >> registry all at the same time) I think think this proposal would be >> reasonable. > > I would still favor a final allocation based on usage rate instead > of a > static value of "N". If that is not something smaller RIRs like > LACNIC > and AfriNIC would support, though, I would agree with Bill, and > would be > OK with this proposal with a smaller value of N. > I'm pretty sure that smaller RIRs will support this proposal for a value N>=1. This is why the policy was approved in LACNIC in such a way that N could be changed by the time it gets a global concensus. If you and more people on the list agree with the policy but disagree with the value of N, perhaps we should discuss the proper value. Regards -francisco > -Scott > _______________________________________________ > This message sent to you through the ARIN Public Policy Mailing List > (PPML at arin.net). > Manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml -------------- next part -------------- An HTML attachment was scrubbed... URL: From briand at ca.afilias.info Wed Jul 25 12:59:48 2007 From: briand at ca.afilias.info (Brian Dickson) Date: Wed, 25 Jul 2007 12:59:48 -0400 Subject: [ppml] Policy Proposal: Global Policy for the Allocation of the Remaining IPv4 Address Space In-Reply-To: <3c3e3fca0707250934t37cea6c6mc3e6e78fe5876733@mail.gmail.com> References: <20070725155653.26459.qmail@hoster908.com> <3c3e3fca0707250934t37cea6c6mc3e6e78fe5876733@mail.gmail.com> Message-ID: <46A78184.8030905@ca.afilias.info> William Herrin wrote: > On 7/25/07, Andrew Dul wrote: > >>> It >>> will also be a clear message to the rest of the community about how the >>> IANA pool will be distributed and by doing that avoiding discussion >>> outside the RIR environment. >>> >> I think the current policy accurately describes what will happen. RIRs will keep >> asking for /8 allocations until there are no more available. You don't know who >> will get the last allocation, but you do know how it will happen. I think the problem is not that there are X CIDR blocks left to dole out to RIRs, but that the size of the CIDR blocks being doled out is fixed. >> Andrew, >> >> The problem is, it could happen two days after ARIN requests its next >> /8 block but it could also happen two days before. It could be a nasty >> "gotcha." >> >> I'm against this proposal with N=5 because I don't think it >> distributes the final /8's fairly. But with N=1 (a final /8 to each >> registry all at the same time) I think think this proposal would be >> reasonable. >> In environments where fixed capacity has a very specific upper limit, such as filling a fuel tank, the "best common practice" is to fill at full speed until some critical level is reached, and then to slow the fill rate substantially, and as needed, repeating this until the tank is full. This avoids overfilling, or other nasty effects. Changing the size of CIDR blocks given to RIRs, at some point, would increase the number of blocks available, thus ensuring that fair allocations continue to occur. E.g. when there are 6 of the /8 ranges left, start allocating /10's, of which there would be 24. And when there are 6 of the /10's left, start allocating /12's, etc. Just my observation on finite pool allocation and exhaustion of the resource... Brian Dickson From Lee.Howard at stanleyassociates.com Wed Jul 25 13:24:36 2007 From: Lee.Howard at stanleyassociates.com (Howard, W. Lee) Date: Wed, 25 Jul 2007 13:24:36 -0400 Subject: [ppml] Policy Proposal: Global Policy for the Allocation of theRemaining IPv4 Address Space In-Reply-To: <3c3e3fca0707250934t37cea6c6mc3e6e78fe5876733@mail.gmail.com> Message-ID: <369EB04A0951824ABE7D8BAC67AF9BB4067CD53C@CL-S-EX-1.stanleyassociates.com> > -----Original Message----- > From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On > Behalf Of William Herrin > Sent: Wednesday, July 25, 2007 12:35 PM > To: ppml at arin.net > Subject: Re: [ppml] Policy Proposal: Global Policy for the > Allocation of theRemaining IPv4 Address Space > [. . .] > By assigning the final blocks in a big chuck to all of the > registries, each registry would have at least a couple months > of warning before the final "all gone." Would the extra > warning be useful? Squandered? I don't know. What do you think might/should happen in those few months? What's the best way to get from here to there? Lee From dean at av8.com Wed Jul 25 13:27:54 2007 From: dean at av8.com (Dean Anderson) Date: Wed, 25 Jul 2007 13:27:54 -0400 (EDT) Subject: [ppml] Dean Anderson, 130.105.0.0/16 and the future of the IPv4 Internet. In-Reply-To: Message-ID: On 24 Jul 2007, Paul Vixie wrote: > dean at av8.com (Dean Anderson) writes: > > > ... > > I think you still fail to grasp that ARIN is an agent of IANA, that is > > to say, the US Government; That the records and assignments belong > > ultimately to the government, not to ARIN. > > for the record, this is completely wrong. Thanks for clearing that up with all those references. > > ... [I quit RADB when Susan Harris blocked my email from > > Merit. That block was part of the 1990's retaliation for saying that > > Antitrust applied to blacklists and ECPA applied to ISPs. Others quit > > for similar reasons.] > > for the record, you sure seem to think a lot of people are retaliating > against you, and you sure do seem to know a lot of unnamed others. Yeah it is a lot. But not a lot when you consider the whole of the internet operations staff, over 10 year period. You have high turnover. Of course, millions of dollars are at stake in some of these schemes for you and your co-conspirators. While this isn't really the right forum, lets consider for a moment some income related to the schemes: Anycast Root DNS income (millions) Income from DNS sales (especially if you had gotten AXFR clarify though) (millions) Income from "listwashing" services (how much is this worth?) Income from spamming. (millions) Income from anti-spam services. (millions) I'm sure I missed some things. This list is just off the top of my head. And I wonder who owns the undisclosed patents on the 3 DNS standards that I complained about in 2005, and was told that RFC 3979 wasn't the policy of the IETF, and that discussion or complaints about patents were not on-topic. --Dean -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000 From dlw+arin at tellme.com Wed Jul 25 13:34:23 2007 From: dlw+arin at tellme.com (David Williamson) Date: Wed, 25 Jul 2007 10:34:23 -0700 Subject: [ppml] Dean Anderson, 130.105.0.0/16 and the future of the IPv4 Internet. In-Reply-To: References: Message-ID: <20070725173423.GD24890@shell01.corp.tellme.com> On Wed, Jul 25, 2007 at 01:27:54PM -0400, Dean Anderson wrote: > While this isn't really the right forum, That's absolutely correct. Please please PLEASE take this somewhere else. This has zero to do with ARIN policy. -David From dean at av8.com Wed Jul 25 14:10:05 2007 From: dean at av8.com (Dean Anderson) Date: Wed, 25 Jul 2007 14:10:05 -0400 (EDT) Subject: [ppml] Dean Anderson, 130.105.0.0/16 and the future of the IPv4 Internet. In-Reply-To: <6eb799ab0707242311p5d6af967g852fbe0f5693406e@mail.gmail.com> Message-ID: On Wed, 25 Jul 2007, James Hess wrote: > On 7/24/07, Dean Anderson wrote: > > > I dispute that. ARIN is required to perform the services that IANA has > > delegated to it. Legacy services are part of that delegation. This is > > like saying ARIN has no obligation to cart the boxes of legacy records > > to a new office. Or to convert legacy records to a new electronic > > format. Any service that required, ARIN is required to perform for > > everyone. > > Any service that required, ARIN is required to perform for everyone... but only > under the same terms. Legacy assignees that have not signed an RSA are not > operating on the same terms, in fact, a legacy assignee by definition has no > agreement for "services" to be provided. The do have an agreement, in the form of the registration made with SRI or NSI on behalf of IANA, and the implied terms of that agreement. > ARIN may by policy choose to provide the same services, but this is > different from being obligated to someone else to do so. Yes. I agree that ARIN is obligated in some cases, but not in others. We are only considering those cases where ARIN is obligated. Those cases are (at least) the cases where it is necessary for ARIN to perform some service for the continued operation of the previous agreements. > In that regard, the obligation for ARIN towards legacy holders is to > follow its own policies and mission/purpose ARIN has the same as NSI had to SRI legacies, and the same as SRI had to the government before that function was called IANA. > RIR obligations are spelled out by the ASO MOU and the numbering > policy of ICANN, very basic requirements. ASO is an organization of RIRs. They can't generate there own requirements. They just agree to operate in certain ways that are still within the IANA umbrella. They cannot defy IANA. The root server operators tried to defy IANA in 1998. The government stepped in. The same would happen if ASO tried to defy IANA. The root operators also created a MOU organization (somewhat like ASO) to defy IANA. It didn't work. There is a good book on these events. "Who Controls the Internet Illusions of a Borderless World" by Goldsmith and Wu. > Re-iterating that ARIN is an agent of IANA does not make it true. Indeed, repeating it doesn't make it true. That the government has interceded previously in similar IANA supervised organizations, however, does have some weight. --Dean -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000 From dean at av8.com Wed Jul 25 14:21:59 2007 From: dean at av8.com (Dean Anderson) Date: Wed, 25 Jul 2007 14:21:59 -0400 (EDT) Subject: [ppml] Tell me, Mr. Anderson, what good is a mailing list when we are unable to speak? In-Reply-To: <46A6F860.9060000@thusa.co.za> Message-ID: The patent deception only became public in February this year. Russ Housley has only been the IETF chair since March. It was only discussed on the TLS Working Group list in May. And I created a web page in June. The IETF is meeting now in Chicago for the first time since March. Whether Housley resigns might be part of their current discussions. (Since the issue probably wasn't well known in March, one can't really criticize them for not booting Housley until after this meeting). Some organizations I work with, haven't even settled on the wording of the announcement yet. We are working on that now. I guess its been a long few months for a few people. Also, Housley's resignation would be a symbol of contrition and is certainly appropriate, but it won't solve the underlying problems. I didn't respond to Ted's original message because, well, it seemed a bit insober, and was sent on a Friday night. --Dean On Wed, 25 Jul 2007, Colin Alston wrote: > On 21/07/2007 01:11 Ted Mittelstaedt wrote: > > No, I haven't noticed - Russ Housley is still IETF chair, you have been > > complaining about him and the patented TLS issue for a couple years, now. > > This whole argument is almost as old as those over the Gaza-strip. At > least though if it were over something of life threatening importance > people might be interesting - I'm quite bored though. > > Frankly, if people are able to debate a no-win argument for this > length of time (I saw it going on about 2 years back when I was on the > IETF list briefly) they must have a great deal of spare time. > > I'm tempted to ramble along the lines of "Peace my bothers, we must > work together in these troubled times of IPv4 extinction", but rather > pretend I didn't... > > Thanks for the sum of events so far Leo. > > -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000 From woody at pch.net Wed Jul 25 14:19:39 2007 From: woody at pch.net (Bill Woodcock) Date: Wed, 25 Jul 2007 11:19:39 -0700 (PDT) Subject: [ppml] Policy Proposal 2007-14: Resource Review Process In-Reply-To: <46A65965.6070108@arin.net> References: <46A65965.6070108@arin.net> Message-ID: > 4. If the review shows that existing usage is substantially not in > compliance with current allocation and/or assignment policies, the > organization shall return resources as needed to bring them > substantially into compliance. If possible, only whole resources shall > be returned. Partial address blocks shall be returned in such a way that > the portion retained will comprise a single aggregate block. How do you envision this working, in the case that someone is both lightly and sparsely using the space they've been allocated? That is, if someone is using the first and last addresses of a /22, would they be forced to renumber, in order to create a returnable /23 from one end or the other? -Bill From dean at av8.com Wed Jul 25 14:30:03 2007 From: dean at av8.com (Dean Anderson) Date: Wed, 25 Jul 2007 14:30:03 -0400 (EDT) Subject: [ppml] Dean Anderson, 130.105.0.0/16 and the future of the IPv4 Internet. In-Reply-To: <1185366805.20196.55.camel@localhost.localdomain> Message-ID: On Wed, 25 Jul 2007, Per Heldal wrote: > On Tue, 2007-07-24 at 18:45 -0400, Dean Anderson wrote: > > I think you still fail to grasp that ARIN is an agent of IANA, that is > > to say, the US Government; That the records and assignments belong > > ultimately to the government, not to ARIN. > > > > I don't think you should put too much emphasis on the connection to the > us government. The ARIN function will eventually be placed where it is > most convenient for the community at large. We've already seen an > "uprising" where the RIRs through the NRO nearly had a number of ARIN > responsibilities removed from ICANN. I agree, that the US government may be replaced at some point. I suspect that the UN will probably be the replacement. It won't be a group like the MoUvment from 1998, which is what the ASO looks like. The groups that really complain are the third world. And they don't trust the ASO either. The ASO is the status quo group that they are fighting. On the one hand, a group wants anarchy and no accountability (the ASO), and other the other hand, there is a group that wants fair play and honest accountable government. But you have to have government and accountability. The choices of government are the US and the UN. As we can see, just by looking at my situation, there is disaster without accountability, and there is a low, but significant number of dishonest people about. I think Leo was spot on, and not just for ARIN: My situation is the a canary in the gold mine. --Dean -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000 From tedm at ipinc.net Wed Jul 25 14:40:37 2007 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Wed, 25 Jul 2007 11:40:37 -0700 Subject: [ppml] Dean Anderson, 130.105.0.0/16 and the future of the IPv4 Internet. In-Reply-To: Message-ID: >-----Original Message----- >From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net]On Behalf Of >Owen DeLong >Sent: Tuesday, July 24, 2007 4:57 PM >To: Dean Anderson >Cc: ppml at arin.net >Subject: Re: [ppml] Dean Anderson,130.105.0.0/16 and the future of the >IPv4 Internet. > > >I'm saying that if ARIN starts offering services that were never offered >to legacy holders by the previous registries, ARIN is under no >obligation >to provide those services to legacy holders unless they elect to >subscribe >to such services by completing the appropriate process. Owen, I think this is his issue. He is trying to say that IPv6 addressing is supposed to be covered over the original agreements that legacy holders made for legacy addressing space. Ted From tedm at ipinc.net Wed Jul 25 14:42:42 2007 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Wed, 25 Jul 2007 11:42:42 -0700 Subject: [ppml] Example of a questionable block Was: Re: Tell me, Mr. Anderson, what good is a mailing list when we are unable to speak? In-Reply-To: <3c3e3fca0707241746t3f171ac6ra802bee31c61edf0@mail.gmail.com> Message-ID: >-----Original Message----- >From: wherrin at gmail.com [mailto:wherrin at gmail.com]On Behalf Of William >Herrin >Sent: Tuesday, July 24, 2007 5:46 PM >To: Ted Mittelstaedt >Cc: ppml at arin.net >Subject: Re: [ppml] Example of a questionable block Was: Re: Tell me, >Mr. Anderson, what good is a mailing list when we are unable to speak? > > >On 7/24/07, Ted Mittelstaedt wrote: >> Hmmm I wonder then what SORBS used then? > >Yeah, that's the $64,000 question, isn't it. I think Leo has the right >of things: should netblock ownership and routing slots descend into >some sort of Mad Max type of future we're all going to lose. > >SORBS makes an interesting bellwether; they seem to revel in being on >the leading edge of the storm. > > >> The point I was making was it's rather difficult merely by looking >> at a whois output to determine legitimacy. That is why it is so >important >> for orgs that list themselves in whois records to use actual e-mail >> addresses of real people, actual telephone numbers that go somewhere, >> rather than anonymous PO boxes. > >You'll get no argument from me there. Though if I was in Dean's shoes >I might worry that publishing my real address and phone number would >allow the Vixie cronies [sic] to track me down. ;) Wouldn't the tinfoil hat protect him from the black helicopters, though? Ted From tedm at ipinc.net Wed Jul 25 14:47:21 2007 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Wed, 25 Jul 2007 11:47:21 -0700 Subject: [ppml] Policy Proposal 2007-15: Authentication ofLegacy Resources In-Reply-To: <000101c7ce63$bd3575b0$37a06110$@org> Message-ID: >-----Original Message----- >From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net]On Behalf Of >J. R. Westmoreland >Sent: Tuesday, July 24, 2007 7:30 PM >To: ppml at arin.net >Subject: Re: [ppml] Policy Proposal 2007-15: Authentication ofLegacy >Resources > > >Based on my initial reading of this proposal I would agree with Owen. > >I have a /24 block, which I have had for about 15 years. I don't >want to get >in to a situation like my cable company thought was a great idea >and have to >pay $1250 per month to route this address block, or own it for that matter. > If we ever are in a situation where people are scrounging around for the odd /24 of IPv4 that they can use to satisfy a need for IP address allocation to the point that they would be willing to contemplate going after a legacy /24 holder for $1250 per month, I would take that as a definitive proof of the utter failure to migrate to IPv6 post IPv4-runout. In other words, the only solution at that time would be for all of us to admit we failed, and allow the world's governments to come in and order people to stop using IPv4 - because catastrophic failure of the Internet otherwise would be imminent by then. Ted From leo.vegoda at icann.org Wed Jul 25 14:51:44 2007 From: leo.vegoda at icann.org (Leo Vegoda) Date: Wed, 25 Jul 2007 20:51:44 +0200 Subject: [ppml] Policy Proposal: Global Policy for the Allocation of the Remaining IPv4 Address Space In-Reply-To: <46A78184.8030905@ca.afilias.info> References: <20070725155653.26459.qmail@hoster908.com> <3c3e3fca0707250934t37cea6c6mc3e6e78fe5876733@mail.gmail.com> <46A78184.8030905@ca.afilias.info> Message-ID: <1195746E-FADB-49DC-B6FB-DFB4AAB80FBB@icann.org> On 25 Jul 2007, at 18:59, Brian Dickson wrote: [...] > In environments where fixed capacity has a very specific upper limit, > such as filling a fuel > tank, the "best common practice" is to fill at full speed until some > critical level is reached, > and then to slow the fill rate substantially, and as needed, repeating > this until the tank is full. > > This avoids overfilling, or other nasty effects. > > Changing the size of CIDR blocks given to RIRs, at some point, would > increase the number > of blocks available, thus ensuring that fair allocations continue > to occur. > > E.g. when there are 6 of the /8 ranges left, start allocating / > 10's, of > which there would be 24. > And when there are 6 of the /10's left, start allocating /12's, etc. Do you want to change the unit size or the maximum amount of space that can be allocated? The current global policy allows the RIRs to receive all the space they need and changing the way it is measured from /8s to /10s doesn't change anything other than add extra lines to the IPv4 registry. Regards, Leo Vegoda From tedm at ipinc.net Wed Jul 25 15:01:56 2007 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Wed, 25 Jul 2007 12:01:56 -0700 Subject: [ppml] Policy Proposal 2007-15: Authentication of LegacyResources In-Reply-To: <1E27D726-6C00-452F-8217-069F96AEDCBD@delong.com> Message-ID: >-----Original Message----- >From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net]On Behalf Of >Owen DeLong >Sent: Tuesday, July 24, 2007 2:28 PM >To: Member Services >Cc: ppml at arin.net >Subject: Re: [ppml] Policy Proposal 2007-15: Authentication of >LegacyResources > > >I oppose this proposal as written. > >While I am in favor of some of the general intent of this proposal, I >take >issue with the following: > >1. Termination of changes to records. > > The information in WHOIS is already horribly out of date for > many records. Refusing to register changes for those organizations > willing to register their changes but unwilling to sign an RSA is a > disservice to the ARIN community and does not really provide > any meaningful incentive to sign the RSA. This is a circular argument. Your saying that people who are unwilling to sign an RSA are going to change their minds if a meaningful incentive is provided, yet you don't think that refusing to register changes is a meaningful incentive. It sounds to me like the kid telling the parent "I'll eat my dinner after getting ice cream" and the parent giving the ice cream to the kid. Once the changes are made, you have just given away any possibility of having a meaningful incentive. > >2. Fees > > ARIN is not really in a position to demand fees from legacy holders. Yes, without an RSA they cannot demand fees. > We should make it possible for legacy holders to enter into an RSA > without requiring fees. The entire point of an RSA is to get fees out of an address holder. What possible use is a signed RSA to the community that does not levy fees? > We should encourage legacy holders to fully > join the ARIN process and pay annual fees, but, I think >that tying the > RSA signing to a commitment to pay fees is an unnecessary barrier > to the RSA. The RSA is, in my opinion, the more important goal. > Kind of like a nun saying she wants to get pregnant but retain her vow of chastity. The fees and RSA are part and parcel of each other. >3. Termination of DNS services > > Much like the refusal to make changes to whois, this action is more > of a disservice to the ARIN community than any sort of incentive for > legacy holders. > The ARIN community comprises both RSA-signers and non-RSA-signers. This action helps the RSA-signers because now the legacy holders will start carrying more of the financial burden and the fees for the RSA-signers will go down. It hurts the non-RSA-signers because now they have to start paying money for something they got free. The help and harm counterbalance each other and so this proposal is absolutely neutral to the community as a whole. You are just playing at a very clever word game when you use the term "ARIN community" as in one sentence your meaning for it includes legacy holders, in another it doesen't, your switching it around by implication. The long and short of it is that the only argument that has any weight at all for letting the legacy holders continue to get a free ride is that they somehow have a "moral" right to get a free ride because they were promised one. Of course, the American Indian made the same argument when the Europeans pushed them out of their homelands and onto reservations and we know what happened there. Ted From sleibrand at internap.com Wed Jul 25 15:06:30 2007 From: sleibrand at internap.com (Scott Leibrand) Date: Wed, 25 Jul 2007 12:06:30 -0700 Subject: [ppml] Policy Proposal 2007-15: Authentication of LegacyResources In-Reply-To: References: Message-ID: <46A79F36.2060809@internap.com> Ted, A signed RSA also obligates the signer to abide by current and future ARIN policies, including those requiring justification for continued use of IP space. As we approach IPv4 exhaustion, that will IMO be more important than whatever additional fees we might collect. -Scott Ted Mittelstaedt wrote: > >> -----Original Message----- >> From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net]On Behalf Of >> Owen DeLong >> Sent: Tuesday, July 24, 2007 2:28 PM >> To: Member Services >> Cc: ppml at arin.net >> Subject: Re: [ppml] Policy Proposal 2007-15: Authentication of >> LegacyResources >> >> >> I oppose this proposal as written. >> >> While I am in favor of some of the general intent of this proposal, I >> take >> issue with the following: >> >> 1. Termination of changes to records. >> >> The information in WHOIS is already horribly out of date for >> many records. Refusing to register changes for those organizations >> willing to register their changes but unwilling to sign an RSA is a >> disservice to the ARIN community and does not really provide >> any meaningful incentive to sign the RSA. >> > > This is a circular argument. Your saying that people who are unwilling to > sign > an RSA are going to change their minds if a meaningful incentive is > provided, > yet you don't think that refusing to register changes is a meaningful > incentive. > > It sounds to me like the kid telling the parent "I'll eat my dinner after > getting > ice cream" and the parent giving the ice cream to the kid. Once the changes > are > made, you have just given away any possibility of having a meaningful > incentive. > > >> 2. Fees >> >> ARIN is not really in a position to demand fees from legacy holders. >> > > Yes, without an RSA they cannot demand fees. > > >> We should make it possible for legacy holders to enter into an RSA >> without requiring fees. >> > > The entire point of an RSA is to get fees out of an address holder. What > possible use is a signed RSA to the community that does not levy fees? > > >> We should encourage legacy holders to fully >> join the ARIN process and pay annual fees, but, I think >> that tying the >> RSA signing to a commitment to pay fees is an unnecessary barrier >> to the RSA. The RSA is, in my opinion, the more important goal. >> >> > > Kind of like a nun saying she wants to get pregnant but retain her vow > of chastity. The fees and RSA are part and parcel of each other. > > >> 3. Termination of DNS services >> >> Much like the refusal to make changes to whois, this action is more >> of a disservice to the ARIN community than any sort of incentive for >> legacy holders. >> >> > > The ARIN community comprises both RSA-signers and non-RSA-signers. > This action helps the RSA-signers because now the legacy holders will > start carrying more of the financial burden and the fees for the RSA-signers > will go down. It hurts the non-RSA-signers because now they have to start > paying > money for something they got free. The help and harm counterbalance each > other and so this proposal is absolutely neutral to the community as a > whole. > > You are just playing at a very clever word game when you use the term "ARIN > community" > as in one sentence your meaning for it includes legacy holders, in another > it doesen't, > your switching it around by implication. > > > The long and short of it is that the only argument that has any weight at > all > for letting the legacy holders continue to get a free ride is that they > somehow > have a "moral" right to get a free ride because they were promised one. Of > course, > the American Indian made the same argument when the Europeans pushed them > out > of their homelands and onto reservations and we know what happened there. > > Ted > > > _______________________________________________ > This message sent to you through the ARIN Public Policy Mailing List > (PPML at arin.net). > Manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml > From stephen at sprunk.org Wed Jul 25 15:19:23 2007 From: stephen at sprunk.org (Stephen Sprunk) Date: Wed, 25 Jul 2007 14:19:23 -0500 Subject: [ppml] Policy Proposal 2007-15: AuthenticationofLegacy Resources References: Message-ID: <021d01c7cef2$2cba1ab0$423816ac@atlanta.polycom.com> Thus spake "Ted Mittelstaedt" >>I have a /24 block, which I have had for about 15 years. I don't >>want to get in to a situation like my cable company thought was >>a great idea and have to pay $1250 per month to route this >>address block, or own it for that matter. > > If we ever are in a situation where people are scrounging around > for the odd /24 of IPv4 that they can use to satisfy a need for IP > address allocation to the point that they would be willing to > contemplate going after a legacy /24 holder for $1250 per month, > I would take that as a definitive proof of the utter failure to migrate > to IPv6 post IPv4-runout. Where did this $1250/mo number come from? Even if ARIN did, somehow, manage to convince/force folks to pay for their legacy resources, the fee is $100/yr for all assignments, regardless of size. While not insignificant, ARIN hardly needs that money and it'd likely be a net loss even trying to collect it. What any particular ISP charges to route a block, legacy or not, is irrelevant to policy discussions here. S Stephen Sprunk "Those people who think they know everything CCIE #3723 are a great annoyance to those of us who do." K5SSS --Isaac Asimov From stephen at sprunk.org Wed Jul 25 15:44:50 2007 From: stephen at sprunk.org (Stephen Sprunk) Date: Wed, 25 Jul 2007 14:44:50 -0500 Subject: [ppml] Policy Proposal 2007-14: Resource Review Process References: <46A65965.6070108@arin.net> Message-ID: <026301c7cef6$740d16c0$423816ac@atlanta.polycom.com> Thus spake "Bill Woodcock" > > 4. If the review shows that existing usage is substantially not in > > compliance with current allocation and/or assignment policies, > > the organization shall return resources as needed to bring them > > substantially into compliance. If possible, only whole resources > > shall be returned. Partial address blocks shall be returned in > > such a way that the portion retained will comprise a single > > aggregate block. > > How do you envision this working, in the case that someone is > both lightly and sparsely using the space they've been allocated? > That is, if someone is using the first and last addresses of a /22, > would they be forced to renumber, in order to create a returnable > /23 from one end or the other? Presuming returning a /23 would be sufficient given how they're using the /22, yes. Consider a pathological case where someone has a /16 but is only using every fourth /24. If they were allowed to return the parts they weren't using, that'd result in a return of 64 /23s and 64 /24s, and they'd be forced to advertise the remaining 64 /24s. That's bad for everyone -- including the returning org. Odds are they wouldn't be able to get their /24s past filters anyways, and the other /23s and /24s would be equally unusable if ARIN tried to reassign them to someone else. (Actually, I'd expect in that case they'd return 64 /23s and get to keep the other unused 64 /24s, meaning they'd be advertising 64 /23s. That's irrelevant, though, since they'd hit the same filters. Much better that they renumber into one /17 and return the other.) S Stephen Sprunk "Those people who think they know everything CCIE #3723 are a great annoyance to those of us who do." K5SSS --Isaac Asimov From stephen at sprunk.org Wed Jul 25 15:45:29 2007 From: stephen at sprunk.org (Stephen Sprunk) Date: Wed, 25 Jul 2007 14:45:29 -0500 Subject: [ppml] Policy Proposal 2007-15: Authentication ofLegacyResources References: Message-ID: <026401c7cef6$749e8150$423816ac@atlanta.polycom.com> Thus spake "Ted Mittelstaedt" >>From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net]On Behalf Of >>Owen DeLong >> >>I oppose this proposal as written. >> >>While I am in favor of some of the general intent of this proposal, I >>take issue with the following: >> >>1. Termination of changes to records. >> >> The information in WHOIS is already horribly out of date for >> many records. Refusing to register changes for those organizations >> willing to register their changes but unwilling to sign an RSA is a >> disservice to the ARIN community and does not really provide >> any meaningful incentive to sign the RSA. > > This is a circular argument. Your saying that people who are > unwilling to sign an RSA are going to change their minds if a > meaningful incentive is provided, yet you don't think that refusing > to register changes is a meaningful incentive. It's not a meaningful incentive, and it harms the community because it's harder for the rest of us to track down who the current contacts are for legacy space. It goes beyond useless and is actually counterproductive. If you want to incent someone to do something, you have to offer something they want. Legacy holders don't care what's in WHOIS because they derive no benefit from _their own_ records being correct. After all, _they_ know who the contacts are because they _are_ the contacts. In fact, having WHOIS be wrong is a benefit because spammers will stop bugging them... >>2. Fees >> >> ARIN is not really in a position to demand fees from legacy holders. > > Yes, without an RSA they cannot demand fees. > >> We should make it possible for legacy holders to enter into an >> RSA without requiring fees. > > The entire point of an RSA is to get fees out of an address holder. No, the point of the RSA is to establish a contractual relationship between ARIN and the current holder of resources and to subject those resources to public policy as determined by the community. Fees are optional. > What possible use is a signed RSA to the community that does > not levy fees? See above. Note that the legacy holders who've spoken up here have no argument with signing the RSA or paying the current $100/yr fee. What they're asking for is to be exempt from public policy, or at least parts thereof that adversely affect them. > The long and short of it is that the only argument that has any > weight at all for letting the legacy holders continue to get a free > ride is that they somehow have a "moral" right to get a free ride > because they were promised one. ARIN made a promise to do something, and it's doing it. We cannot ignore that promise simply because you find it inconvenient. It's taken a long time for ARIN to build a good reputation in the community, and it'd be stupid of us to throw that away by ignoring promises made and then expect people to trust us in the future with such a track record. S Stephen Sprunk "Those people who think they know everything CCIE #3723 are a great annoyance to those of us who do." K5SSS --Isaac Asimov From tedm at ipinc.net Wed Jul 25 16:06:10 2007 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Wed, 25 Jul 2007 13:06:10 -0700 Subject: [ppml] Dean Anderson, 130.105.0.0/16 and the future of the IPv4 Internet.] In-Reply-To: <46A71D12.1030606@psg.com> Message-ID: >-----Original Message----- >From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net]On Behalf Of >Randy Bush >Sent: Wednesday, July 25, 2007 2:51 AM >To: Paul Vixie >Cc: ppml at arin.net >Subject: Re: [ppml] Dean Anderson, 130.105.0.0/16 and the future of the >IPv4 Internet.] > > >paul, why is anyone paying attention to a clueless and sick troll? "A lie told often enough becomes truth" -Vladimir Lenin. Ted From tedm at ipinc.net Wed Jul 25 16:27:27 2007 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Wed, 25 Jul 2007 13:27:27 -0700 Subject: [ppml] Dean Anderson, 130.105.0.0/16 and the future of the IPv4 Internet. In-Reply-To: Message-ID: >-----Original Message----- >From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net]On Behalf Of >David Schwartz >Sent: Wednesday, July 25, 2007 5:46 AM >To: Leo Bicknell >Cc: ppml at arin.net >Subject: Re: [ppml] Dean Anderson,130.105.0.0/16 and the future of the >IPv4 Internet. > > > >> Why use the terms "legacy space" and "legacy address-holder" in this >> context at all? To me it sounds like implicit acceptance of the >> principle that ip-addresses are assets. Laws and regulations change over >> time in real life. Why should the internet be any different? You either >> play by *current* rules or not at all. Anybody can suggest changes to >> the policies, but you can't opt to stick to old rules or invent your own >> and expect to stay in the game. > >The current rules are that you must agree to certain things as a condition >of getting address space assigned to you. In the distance past, address >space wrong, IPv4 address space, not address space. was treated essentially as property. Legacy holders can make a >reasonable claim that they own their address space wrong, IPv4 address space, not address space. >and are grandfathered. > >It is not clear what legal or administrative process would be >appropriate to >defeat this claim. Unnecessary. IPv6 was never treated as "property" so even if this screwy daffynition of numbers as property were to ever hold up in silly-court, it would only apply to IPv4. Ted From briand at ca.afilias.info Wed Jul 25 16:32:17 2007 From: briand at ca.afilias.info (Brian Dickson) Date: Wed, 25 Jul 2007 16:32:17 -0400 Subject: [ppml] Policy Proposal: Global Policy for the Allocation of the Remaining IPv4 Address Space In-Reply-To: <1195746E-FADB-49DC-B6FB-DFB4AAB80FBB@icann.org> References: <20070725155653.26459.qmail@hoster908.com> <3c3e3fca0707250934t37cea6c6mc3e6e78fe5876733@mail.gmail.com> <46A78184.8030905@ca.afilias.info> <1195746E-FADB-49DC-B6FB-DFB4AAB80FBB@icann.org> Message-ID: <46A7B351.2020301@ca.afilias.info> Leo Vegoda wrote: >> Changing the size of CIDR blocks given to RIRs, at some point, would >> increase the number >> of blocks available, thus ensuring that fair allocations continue to >> occur. >> >> E.g. when there are 6 of the /8 ranges left, start allocating /10's, of >> which there would be 24. >> And when there are 6 of the /10's left, start allocating /12's, etc. > > Do you want to change the unit size or the maximum amount of space > that can be allocated? The current global policy allows the RIRs to > receive all the space they need and changing the way it is measured > from /8s to /10s doesn't change anything other than add extra lines to > the IPv4 registry. Unit size. Clearly this method won't support maximum space allocations that exceed available space - but no method can. Maximum space would likely be a function of number of blocks left at current unit size, and/or some kind of "oversubscription" rules that relate to how many additional blocks (of decreasing size) get assigned to satisfy requests for blocks. The sequence of block sizes would be strictly deterministic. 18 /10's, 18 /12's, 18 /14's, 18 /16's, etc., until the plug is pulled via the last 6 blocks being assigned without subdivision. If collectively the RIRs are about to hit the exhaustion of IPv4 space "wall", then the presumption is more frequent and smaller allocations make it possible to continue to serve up *something*, rather than having no more space. It's a bit of Zeno's paradox, put to practice. It is, however, fundamentally fair, since there continue to be blocks available, albeit decreasing in size and increasing in frequency of assignment. At some point, there will need to be a final assignment of blocks to RIRs, but I don't think that should happen until the block sizes are substantially smaller than /8, if fairness is important. (And yes, I believe it is, in the allocation of the last remaining portions of a finite resource.) Brian From martin.hannigan at batelnet.bs Wed Jul 25 16:44:02 2007 From: martin.hannigan at batelnet.bs (Martin Hannigan) Date: Wed, 25 Jul 2007 16:44:02 -0400 Subject: [ppml] Dean Anderson, 130.105.0.0/16 and the future of the IPv4 Internet. Message-ID: <46a7b612.2fd.3875.11913@batelnet.bs> Dean Anderson made my evening by saying: > I agree, that the US government may be replaced at some > point. I suspect that the UN will probably be the > replacement. Ok then. > It won't be a group like the MoUvment from > 1998, which is what the ASO looks like. The groups that > really complain are the third world. And they don't trust > the ASO either. The ASO is the status quo group that they > are fighting. And... > On the one hand, a group wants anarchy and no > accountability (the ASO), and other the other hand, there > is a group that wants fair play and honest accountable > government. But you have to have government and > accountability. The choices of government are the US and > the UN. Dean, There is an election for Sandy George's expiring seat on the ASO AC coming up at the next ARIN meeting. I will be happy to nominate you to run to fill his seat if you'd like. Best Regards, Martin Hannigan ASO AC Member From Keith at jcc.com Wed Jul 25 16:50:39 2007 From: Keith at jcc.com (Keith W. Hare) Date: Wed, 25 Jul 2007 16:50:39 -0400 Subject: [ppml] Policy Proposal 2007-15: Authentication of Legacy Resources Message-ID: <0543e83bc9ee6f292b00178f766b000546a7b7ab@jcc.com> > -----Original Message----- > From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On > Behalf Of Member Services > Sent: Tuesday, July 24, 2007 3:57 PM > To: ppml at arin.net > Subject: [ppml] Policy Proposal 2007-15: Authentication of > Legacy Resources > ... > > Policy Proposal 2007-15 > Authentication of Legacy Resources > > Author: Andrew Dul > > Proposal type: New > > Policy term: Permanent > > Policy statement: > > Add new NRPM section 4.9 - Legacy Records > > Legacy resource record holders shall be permitted to sign an > registration services agreement which permits the > organization which is > currently using the resources as of January 1, 2007 to continue to use > those resources as long as a registration services agreement is signed > by the organization and the organization is not past-due on > their annual > maintenance fee. ARIN will evaluate and verify the chain of custody of > any resource records prior to executing a registration services > agreement with an organization. > > If a legacy resource holder requests additional IPv4 > resources all IPv4 > resources (legacy and non-legacy) shall be evaluated to determine > utilization for additional assignments under NRPM sections 4.2 or 4.3. > > ARIN shall use all reasonable methods to attempt to contact legacy > record holders starting on January 1, 2008. > > ARIN shall also post information on the public website regarding this > outreach to legacy resource holders. I have no problem this proposal up to this point. This would be an improvement over the current situation where it is unlikely that I would sign an RSA for our current legacy IPv4 resources, even if I could figure out how to do so. The rest of this policy proposal is stick in case I don't respond to the invitation in this proposal. Why not issue the invitation and see what happens before worrying about the stick? > > No changes shall be made to legacy resource records which are not > covered by a registration services agreement after December 31, 2007. > Add new NRPM section 7.3 - Legacy Reverse Delegation Records > > Legacy IP address record holders who have not signed a registration > services agreement with ARIN will have their name server > delegations for > the in-addr.arpa zone removed starting on June 30, 2009. All > name server > delegations shall be removed from the in-addr.arpa zone by > December 31, > 2009. > > ... Keith ______________________________________________________________ Keith W. Hare JCC Consulting, Inc. keith at jcc.com 600 Newark Road Phone: 740-587-0157 P.O. Box 381 Fax: 740-587-0163 Granville, Ohio 43023 http://www.jcc.com USA ______________________________________________________________ From leo.vegoda at icann.org Wed Jul 25 16:53:46 2007 From: leo.vegoda at icann.org (Leo Vegoda) Date: Wed, 25 Jul 2007 22:53:46 +0200 Subject: [ppml] Policy Proposal: Global Policy for the Allocation of the Remaining IPv4 Address Space In-Reply-To: <46A7B351.2020301@ca.afilias.info> References: <20070725155653.26459.qmail@hoster908.com> <3c3e3fca0707250934t37cea6c6mc3e6e78fe5876733@mail.gmail.com> <46A78184.8030905@ca.afilias.info> <1195746E-FADB-49DC-B6FB-DFB4AAB80FBB@icann.org> <46A7B351.2020301@ca.afilias.info> Message-ID: <20E00262-E62E-4B18-8BC1-530DF32935EB@icann.org> On 25 Jul 2007, at 10:32pm, Brian Dickson wrote: [...] >> Do you want to change the unit size or the maximum amount of space >> that can be allocated? The current global policy allows the RIRs to >> receive all the space they need and changing the way it is measured >> from /8s to /10s doesn't change anything other than add extra >> lines to >> the IPv4 registry. > Unit size. > Clearly this method won't support maximum space allocations that > exceed > available space - but no method can. > > Maximum space would likely be a function of number of blocks left at > current unit size, and/or some kind of "oversubscription" rules that > relate to how many additional blocks (of decreasing size) get assigned > to satisfy requests for blocks. The sequence of block sizes would be > strictly deterministic. 18 /10's, 18 /12's, 18 /14's, 18 /16's, etc., > until the plug is pulled via the last 6 blocks being > assigned without subdivision. > > If collectively the RIRs are about to hit the exhaustion of IPv4 space > "wall", then the presumption is more frequent and smaller allocations > make it possible to continue to serve up *something*, rather than > having > no more space. Would you suggest limiting ISPs to some percentage of the amount they requested, or would the RIR be free to return to the IANA for an additional block straight away, allowing them to fulfil the request in a piecemeal fashion? Regards, Leo From Lee at dilkie.com Wed Jul 25 16:57:45 2007 From: Lee at dilkie.com (Lee Dilkie) Date: Wed, 25 Jul 2007 16:57:45 -0400 Subject: [ppml] Policy Proposal 2007-15: Authentication ofLegacyResources In-Reply-To: <026401c7cef6$749e8150$423816ac@atlanta.polycom.com> References: <026401c7cef6$749e8150$423816ac@atlanta.polycom.com> Message-ID: <46A7B949.1060304@dilkie.com> Stephen Sprunk wrote: > Thus spake "Ted Mittelstaedt" > >>> We should make it possible for legacy holders to enter into an >>> RSA without requiring fees. >>> >> The entire point of an RSA is to get fees out of an address holder. >> > > No, the point of the RSA is to establish a contractual relationship between > ARIN and the current holder of resources and to subject those resources to > public policy as determined by the community. Fees are optional. > > >> What possible use is a signed RSA to the community that does >> not levy fees? >> > > See above. > > Note that the legacy holders who've spoken up here have no argument with > signing the RSA or paying the current $100/yr fee. What they're asking for > is to be exempt from public policy, or at least parts thereof that adversely > affect them. > > Actually Stephen. While I support all your arguments (and Owen's POV as well), *I* do have a problem with a $100/yr fee when I get almost *nothing* in return. I hardly think RDNS costs $100/yr to hold my records*. And trying to extort that much money for such a nominal service is, well, extortion. Or would be if it actually mattered all that much. Also, I think the whole point of getting legacy holders to sign the RSA *is* to bring them into the public policy fold, not continue their exemption. * - and before you point out that ARIN's $10M/yr buget does all sorts of other "good" things, not one single "good" thing affects those end-users who are not growing their networks. If you want to get into a discussion on what's "fair", ask yourself if it's "fair" that all your membership pays excessive fees that are used to subsidize new requests. >> The long and short of it is that the only argument that has any >> weight at all for letting the legacy holders continue to get a free >> ride is that they somehow have a "moral" right to get a free ride >> because they were promised one. >> > > ARIN made a promise to do something, and it's doing it. We cannot ignore > that promise simply because you find it inconvenient. It's taken a long > time for ARIN to build a good reputation in the community, and it'd be > stupid of us to throw that away by ignoring promises made and then expect > people to trust us in the future with such a track record. > > I've watched this list for months now. My views on ARIN were neutral before (lack of exposure/contact). They certainly are not anymore. I asked around at work and ARIN certainly does have a reputation, but it isn't a good one. And I can see why. Poisonous vitriolic attitudes towards legacy holders (them damn free-loaders!), a complete lack of understanding on how to roll out and encourage ipv6, the roll ipv4 will play in the future and for how long.... What I see on this list is a quasi-government organization that seeks more control and more power (more power, damnit!) and seems to be willing to concoct anything to try and justify power grabs (if trying to force legacy holders into your RSA and fee structure isn't a power grab, just what would you call it?). Now. It's entirely possible (and I hope it is) that my views are shaped by a minority of the membership, a vocal minority that frequents this list. I hope that ARIN proper (the staff) does have a good sense of their purpose and tries to moderate things down to reasonable levels. I am encouraged by a number of staff recommendations against proposals that came out earlier this year. Anyway. My take on this policy? It's a thinly veiled grab at the legacy holders (again). -lee From briand at ca.afilias.info Wed Jul 25 16:59:24 2007 From: briand at ca.afilias.info (Brian Dickson) Date: Wed, 25 Jul 2007 16:59:24 -0400 Subject: [ppml] Policy Proposal: Global Policy for the Allocation of the Remaining IPv4 Address Space In-Reply-To: <20E00262-E62E-4B18-8BC1-530DF32935EB@icann.org> References: <20070725155653.26459.qmail@hoster908.com> <3c3e3fca0707250934t37cea6c6mc3e6e78fe5876733@mail.gmail.com> <46A78184.8030905@ca.afilias.info> <1195746E-FADB-49DC-B6FB-DFB4AAB80FBB@icann.org> <46A7B351.2020301@ca.afilias.info> <20E00262-E62E-4B18-8BC1-530DF32935EB@icann.org> Message-ID: <46A7B9AC.1050604@ca.afilias.info> Leo Vegoda wrote: > On 25 Jul 2007, at 10:32pm, Brian Dickson wrote: > > [...] > >>> Do you want to change the unit size or the maximum amount of space >>> that can be allocated? The current global policy allows the RIRs to >>> receive all the space they need and changing the way it is measured >>> from /8s to /10s doesn't change anything other than add extra lines to >>> the IPv4 registry. >> Unit size. >> Clearly this method won't support maximum space allocations that exceed >> available space - but no method can. >> >> Maximum space would likely be a function of number of blocks left at >> current unit size, and/or some kind of "oversubscription" rules that >> relate to how many additional blocks (of decreasing size) get assigned >> to satisfy requests for blocks. The sequence of block sizes would be >> strictly deterministic. 18 /10's, 18 /12's, 18 /14's, 18 /16's, etc., >> until the plug is pulled via the last 6 blocks being >> assigned without subdivision. >> >> If collectively the RIRs are about to hit the exhaustion of IPv4 space >> "wall", then the presumption is more frequent and smaller allocations >> make it possible to continue to serve up *something*, rather than having >> no more space. > > Would you suggest limiting ISPs to some percentage of the amount they > requested, or would the RIR be free to return to the IANA for an > additional block straight away, allowing them to fulfil the request in > a piecemeal fashion? I'd expect (suggest) that the RIR's track their customer usage rate, and adjust the customer request time window to match their own available space vs run rate. If an RIR was getting space that satisfied only 3 months of run-rate, I'd hope they turn around and specify to their customers that requests would be for 3 months of usage. In either case, regardless of time-frame for ISP usage, requests that can't be satisfied by available space would, I would expect, result in the RIR going to IANA for another block. Of course, if the requested block is larger than the IANA allocations, the ISP is SOL. :-) Brian From arin-contact at dirtside.com Wed Jul 25 17:00:27 2007 From: arin-contact at dirtside.com (William Herrin) Date: Wed, 25 Jul 2007 17:00:27 -0400 Subject: [ppml] Policy Proposal 2007-15: Authentication of Legacy Resources In-Reply-To: <46A65981.90004@arin.net> References: <46A65981.90004@arin.net> Message-ID: <3c3e3fca0707251400w52035d94q878218db8f2ac6d3@mail.gmail.com> > The proposal is designated Policy Proposal 2007-15: Authentication of > Legacy Resources. The proposal text is below and can be found at: > http://www.arin.net/policy/proposals/2007_15.html > > Legacy IP address record holders who have not signed a registration > services agreement with ARIN will have their name server delegations for > the in-addr.arpa zone removed starting on June 30, 2009. All name server > delegations shall be removed from the in-addr.arpa zone by December 31, > 2009. I oppose this proposal for two reasons: 1. Ending RDNS for legacy registrants violates both the spirit and the letter of how ARIN promised to treat the legacy registrants during its formation a decade ago. If circumstances require ARIN to walk away from its promise, then a decent respect to the community it serves requires ARIN to acknowledge the breach and declare the causes which compel it. This proposal does an adequate job of neither. 2. This proposal creates unnecessary enmity by hitting legacy registrants with a very large stick. We should try at least a few carrots before we seriously consider using a stick. Regards, Bill Herrin -- William D. Herrin herrin at dirtside.com bill at herrin.us 3005 Crane Dr. Web: Falls Church, VA 22042-3004 From davids at webmaster.com Wed Jul 25 17:00:15 2007 From: davids at webmaster.com (David Schwartz) Date: Wed, 25 Jul 2007 14:00:15 -0700 Subject: [ppml] Dean Anderson, 130.105.0.0/16 and the future of the IPv4 Internet. In-Reply-To: Message-ID: > >The current rules are that you must agree to certain things as a > >condition > >of getting address space assigned to you. In the distance past, address > >space > > wrong, IPv4 address space, not address space. > > >was treated essentially as property. Legacy holders can make a > >reasonable claim that they own their address space > > wrong, IPv4 address space, not address space. > > >and are grandfathered. > > > >It is not clear what legal or administrative process would be > >appropriate to > >defeat this claim. > Unnecessary. IPv6 was never treated as "property" so even if this screwy > daffynition of numbers as property were to ever hold up in silly-court, it > would only apply to IPv4. I don't get it, why would you bring IPv6 into a discussion that had nothing whatsoever to do with IPv6 just to point out that it has nothing to do with IPv6? Oh, I see, it so that you appear to respond to my argument without addressing it. DS From Lee.Howard at stanleyassociates.com Wed Jul 25 17:21:22 2007 From: Lee.Howard at stanleyassociates.com (Howard, W. Lee) Date: Wed, 25 Jul 2007 17:21:22 -0400 Subject: [ppml] Policy Proposal 2007-15: Authentication ofLegacyResources In-Reply-To: <46A7B949.1060304@dilkie.com> Message-ID: <369EB04A0951824ABE7D8BAC67AF9BB4067CD740@CL-S-EX-1.stanleyassociates.com> > Actually Stephen. While I support all your arguments (and > Owen's POV as well), *I* do have a problem with a $100/yr fee > when I get almost > *nothing* in return. I hardly think RDNS costs $100/yr to > hold my records*. And trying to extort that much money for > such a nominal service is, well, extortion. Or would be if it > actually mattered all that much. > * - and before you point out that ARIN's $10M/yr buget does > all sorts of other "good" things, not one single "good" thing > affects those end-users who are not growing their networks. > If you want to get into a discussion on what's "fair", ask > yourself if it's "fair" that all your membership pays > excessive fees that are used to subsidize new requests. I'll take the blame for the $100. One reason for it is so that there's an annual transaction, so ARIN gets a contact who actually exists, checking whois records, etc. In addition to reverse DNS, ARIN maintains Whois. Even if you never use Whois, it is for the public good, used by all kinds of people to fix brokenness and find bad guys. Some folks update whois and IN ADDRs more than others. You may not care about the public policy process and members meetings, which is of course a substantial part of ARIN's mission. You might be interested in ARIN's outreach programs, training, and education of governments and other organizations. ARIN also provides support to some Internet organizations that work for the common good, and provides support to ICANN. Even for end-users who aren't growing their networks, ARIN helps keep the Internet stable. Having said all of that, I'm always open to suggestions. As a steady-state end-user with a pre-ARIN assignment, what do you think would be fair? What should ARIN provide you, at what cost? Lee Howard From michael.dillon at bt.com Wed Jul 25 17:32:17 2007 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Wed, 25 Jul 2007 22:32:17 +0100 Subject: [ppml] Policy Proposal 2007-15: Authentication ofLegacyResources In-Reply-To: References: <1E27D726-6C00-452F-8217-069F96AEDCBD@delong.com> Message-ID: > The ARIN community comprises both RSA-signers and non-RSA-signers. In what way are non-RSA-signers, members of the ARIN community? It seems to me that those who shun ARIN, are not members of the ARIN community at all. --Michael Dillon From william at elan.net Wed Jul 25 18:33:15 2007 From: william at elan.net (william(at)elan.net) Date: Wed, 25 Jul 2007 15:33:15 -0700 (PDT) Subject: [ppml] Policy Proposal 2007-15: Authentication ofLegacyResources In-Reply-To: <369EB04A0951824ABE7D8BAC67AF9BB4067CD740@CL-S-EX-1.stanleyassociates.com> References: <369EB04A0951824ABE7D8BAC67AF9BB4067CD740@CL-S-EX-1.stanleyassociates.com> Message-ID: For legacy people willing to sign RSA but "worried" about $100 fee you may want to consider sending letter asking to confirm address & contact data (they would have to return some form back or go to some webpage) and if they do it once/year within say a month of receiving letter then you can consider giving them $100 discount off this maintenance fee that year :) On Wed, 25 Jul 2007, Howard, W. Lee wrote: >> Actually Stephen. While I support all your arguments (and >> Owen's POV as well), *I* do have a problem with a $100/yr fee >> when I get almost >> *nothing* in return. I hardly think RDNS costs $100/yr to >> hold my records*. And trying to extort that much money for >> such a nominal service is, well, extortion. Or would be if it >> actually mattered all that much. > >> * - and before you point out that ARIN's $10M/yr buget does >> all sorts of other "good" things, not one single "good" thing >> affects those end-users who are not growing their networks. >> If you want to get into a discussion on what's "fair", ask >> yourself if it's "fair" that all your membership pays >> excessive fees that are used to subsidize new requests. > > > I'll take the blame for the $100. > > One reason for it is so that there's an annual transaction, > so ARIN gets a contact who actually exists, checking whois > records, etc. > > In addition to reverse DNS, ARIN maintains Whois. Even if you > never use Whois, it is for the public good, used by all kinds > of people to fix brokenness and find bad guys. Some folks > update whois and IN ADDRs more than others. > > You may not care about the public policy process and members > meetings, which is of course a substantial part of ARIN's > mission. You might be interested in ARIN's outreach programs, > training, and education of governments and other organizations. > ARIN also provides support to some Internet organizations that > work for the common good, and provides support to ICANN. > > Even for end-users who aren't growing their networks, ARIN > helps keep the Internet stable. > > Having said all of that, I'm always open to suggestions. As > a steady-state end-user with a pre-ARIN assignment, what do > you think would be fair? What should ARIN provide you, at > what cost? > > > Lee Howard > > _______________________________________________ > This message sent to you through the ARIN Public Policy Mailing List > (PPML at arin.net). > Manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml From Lee at dilkie.com Wed Jul 25 18:06:25 2007 From: Lee at dilkie.com (Lee Dilkie) Date: Wed, 25 Jul 2007 18:06:25 -0400 Subject: [ppml] Policy Proposal 2007-15: Authentication of LegacyResources In-Reply-To: References: Message-ID: <46A7C961.10607@dilkie.com> I couldn't pass this on up because I almost replied to a thread some while back with a similar (but opposing) argument. Ted Mittelstaedt wrote: > > The long and short of it is that the only argument that has any weight at > all > for letting the legacy holders continue to get a free ride is that they > somehow > have a "moral" right to get a free ride because they were promised one. Of > course, > the American Indian made the same argument when the Europeans pushed them > out > of their homelands and onto reservations and we know what happened there. > > > Yes, we know what happened to the "legacy" land holders when an annexing power arrived on the scene and made promises that they later broke and then tried to change their own laws to suit themselves. It worked. For a while. But here we are, a couple of hundred years later, *still* dealing with those issues that just won't go away. And now, our own courts are resolving these land claim issues in the "legacy holders" favour. I can't speak for the US, but up here in Canada we've had a similar history wrt native peoples and perhaps we are a bit ahead of the game, due probably to our smaller size (population). It was only 15 years ago that 750,000 square miles (3 times the size of Texas) of our land was carved off from this country and returned to the original inhabitants. (see http://en.wikipedia.org/wiki/Nunavut). In that battle, we (the annexing power who broke promises) did *not* win. The native people of Canada still do not pay taxes, still get free education, free medicine and social assistance when they need. Those were promises made many years ago and the courts will always rule against us if/when we try to break those promises. The next few years ought to be interesting, resolving claims on the better part of the city of Toronto, for example. But that's what you have to deal with in the end if you do not honour promises. And BTW. To those that think that simply not offering "new services" to legacy holders is a way of dealing with the issue. Think about the above analogy. We are not housing our native peoples in tents anymore, they get whatever is considered "modern". Housing, medicine, education, all modern. Same as the folks in the rest of Canada who are paying for these "free loaders" (understand, I'm using your terms here, I certainly don't believe this). Now, the internet is a far different place and the above analogy can only be taken so far. But is it so different that the law and contracts and promises do not apply? -lee From Keith at jcc.com Wed Jul 25 18:07:14 2007 From: Keith at jcc.com (Keith W. Hare) Date: Wed, 25 Jul 2007 18:07:14 -0400 Subject: [ppml] Policy Proposal 2007-15: Authentication ofLegacyResources Message-ID: <877203a37f805efe920a4e7fc04c6bcb46a7c99a@jcc.com> > -----Original Message----- > From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On > Behalf Of michael.dillon at bt.com > Sent: Wednesday, July 25, 2007 5:32 PM > To: ppml at arin.net > Subject: Re: [ppml] Policy Proposal 2007-15: Authentication > ofLegacyResources > > > The ARIN community comprises both RSA-signers and non-RSA-signers. > > In what way are non-RSA-signers, members of the ARIN community? > > It seems to me that those who shun ARIN, are not members of the ARIN > community at all. > I'm not sure what it means to "shun" ARIN. If I have a legacy IPv4 address range, but have up-to-date information in the ARIN WHOIS records, have I shunned ARIN? If I have not signed an RSA for a legacy IPv4 address range, have I shunned ARIN? But wait, how do I go about signing an RSA for a legacy IPv4 address range? I don't see a mechanism to do that on the ARIN web page. (Maybe ARIN is shunning me?) If I have not signed an RSA for a legacy IPv4 address range, but have paid the $500 annual membership fee, have I shunned ARIN? It appears that shunning ARIN means that I have not responded to an invitation that has not been issued to use a mechanism that doesn't exist. Keith ______________________________________________________________ Keith W. Hare JCC Consulting, Inc. keith at jcc.com 600 Newark Road Phone: 740-587-0157 P.O. Box 381 Fax: 740-587-0163 Granville, Ohio 43023 http://www.jcc.com USA ______________________________________________________________ From dean at av8.com Wed Jul 25 18:16:21 2007 From: dean at av8.com (Dean Anderson) Date: Wed, 25 Jul 2007 18:16:21 -0400 (EDT) Subject: [ppml] Dean Anderson, 130.105.0.0/16 and the future of the IPv4 Internet. In-Reply-To: <20070725173423.GD24890@shell01.corp.tellme.com> Message-ID: Its not the right forum to discuss the details of Vixie and crony finances. But, I believe this is the right forum for discussing the details of ARIN Board Member misconduct, and its relation to false claims about 130.105/16 being hijacked/disused. --Dean On Wed, 25 Jul 2007, David Williamson wrote: > On Wed, Jul 25, 2007 at 01:27:54PM -0400, Dean Anderson wrote: > > While this isn't really the right forum, > > That's absolutely correct. Please please PLEASE take this somewhere > else. This has zero to do with ARIN policy. > > -David > > -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000 From dlw+arin at tellme.com Wed Jul 25 18:30:13 2007 From: dlw+arin at tellme.com (David Williamson) Date: Wed, 25 Jul 2007 15:30:13 -0700 Subject: [ppml] Dean Anderson, 130.105.0.0/16 and the future of the IPv4 Internet. In-Reply-To: References: <20070725173423.GD24890@shell01.corp.tellme.com> Message-ID: <20070725223013.GH24890@shell01.corp.tellme.com> On Wed, Jul 25, 2007 at 06:16:21PM -0400, Dean Anderson wrote: > But, I believe this is the right forum for discussing the details of > ARIN Board Member misconduct, and its relation to false claims about > 130.105/16 being hijacked/disused. No, it's not. This list is for discussions of ARIN's policy, not it's Board membership. If you really want to discuss that, and it pains me to even suggest a forum, you should go to arin-discuss. As Lee notes, there's a process for removing a board member. If that's really what you want to accomplish, please follow the process. If you just want to discuss the ways in which the Vixie cabal has caused you some sort of harm, please do it somewhere else entirely. Can we please stick to policy discussions? There's enough to discuss on several of the open proposals without a lot of extra noise. -David From arin-contact at dirtside.com Wed Jul 25 18:40:36 2007 From: arin-contact at dirtside.com (William Herrin) Date: Wed, 25 Jul 2007 18:40:36 -0400 Subject: [ppml] Policy Proposal 2007-14: Resource Review Process In-Reply-To: <46A65965.6070108@arin.net> References: <46A65965.6070108@arin.net> Message-ID: <3c3e3fca0707251540m56a9b597xb16fb4f2a110b9fc@mail.gmail.com> I think this proposal is generally a good idea but I oppose it because of one specific issue: > 2. ARIN may conduct such reviews: > c. at any other time without cause unless a prior review has been > completed in the preceding 12 months. While it may not be the intent of the proposal, this line allows ARIN to institute an annual without-cause review (aka annual audit) of all RSA-based registrants. Given that ARIN may face external pressure to implement a regular audit during the next several years (making each of our lives that much more of a pain in the rump), I think its a bad idea to enable the behavior with policy. I believe the without-cause statement should be reworded. Reviews should only be initiated when there is some affirmative reason to believe that a registrant is not in compliance with the policies. Regards, Bill Herrin -- William D. Herrin herrin at dirtside.com bill at herrin.us 3005 Crane Dr. Web: Falls Church, VA 22042-3004 From arin-contact at dirtside.com Wed Jul 25 18:42:29 2007 From: arin-contact at dirtside.com (William Herrin) Date: Wed, 25 Jul 2007 18:42:29 -0400 Subject: [ppml] Soliciting comments: IPv4 to IPv6 fast migration In-Reply-To: References: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com> Message-ID: <3c3e3fca0707251542p5ba313f4w72457acb65fc4db5@mail.gmail.com> On 7/24/07, Ted Mittelstaedt wrote: > >3. Legacy IPv4 registrants don't pay their fair share. > > You know, William, > > I and many others have raised this payment issue repeatedly. [...] > Frankly, I think it is a lost cause. Ted, As a small proprieter I hold a legacy /23 down in the swamp. As the infrastructure manager for a multimillion dollar organization, I hold a recently registered /22. As the former engineering lead at an ISP, I held both two legacy /18s and an ARIN /19. I've grappled with the issue from all three perspectives. When I wrote this proposal, I asked myelf (among other things): as a legacy holder, what would entice me to buy in to the ARIN process without greatly offending me as either the recent end-user or the ISP? This is what I came up with. Do you or Owen have any comments about the proposal itself? For/against/indifferent? http://bill.herrin.us/arin-policy-proposal-6to4.html I respect that there will be some difference of opinion about various elements of the rationale. Issues which are important to some can seem trivial or even misguided to others. I tried to be inclusive in the hope of finding some common ground. I'd like to solicit the folks on nanog for their estimate of the impact to the routers they manage, but before I do that I'd prefer to see more input on the policy side from you folks here on PPML. Regards, Bill Herrin -- William D. Herrin herrin at dirtside.com bill at herrin.us 3005 Crane Dr. Web: Falls Church, VA 22042-3004 From dean at av8.com Wed Jul 25 18:58:01 2007 From: dean at av8.com (Dean Anderson) Date: Wed, 25 Jul 2007 18:58:01 -0400 (EDT) Subject: [ppml] Dean Anderson, 130.105.0.0/16 and the future of the IPv4 Internet.] In-Reply-To: <57780.1185330484@sa.vix.com> Message-ID: On Wed, 25 Jul 2007, Paul Vixie wrote: > > > actually, you pretty much lost both of those arguments, and demonstrated > > > considerable technical ignorance in the process. > > > > Really? You didn't get AXFR clarify though, and that scheme failed entirely. > > it wasn't my clarification. i never supported the draft Really? I have to document this issue, then. I recall that you (ISC) put the protocol changes in BIND, and talked it up on Nanog as having no effect. Vixie et al told people it had no effect on the wire protocol, and that no implementations had to change. My role (with others), was to point out that there _was_ an incompatible change to the wire protocol, and that BIND had code to detect this and silently go back to the old protocol. The NANOG operators were just misled, and the deception was successful because NANOG folks were unable or uninspired to do any testing beyond checking to see if zones transferred. These transfers worked because of the BIND detection code. Had the draft been approved, Vixie just had to take out the detection code from BIND, and then claim that everyone else (well, everyone except the so-called BIND companies), wasn't RFC compliant, and reap the profits resulting from people converting to the "RFC compliant" bind companies software. [BTW, it is usually the practice that when an RFC is vague, and several implmentations make the same assumption, the assumption is documented as the clarification. One doesn't typically, as Vixie proposed, alter the protocol to something else.] I think described the scam on the DNSEXT list at the time. I do need to write up a page about the scam though, especially if you're denying the whole thing. Once other implementers got wind of (and verified) that the protocol clarify was a wire protocol change, the draft died and scam failed. > > And the Anycast scheme, while you got it through by playing > > hardball, isn't working, for the reasons I said it wouldn't. > > you didn't understand what "working" would mean, and apparently still don't. Apparently that's true: Indeed, I didn't know what your term "working" would mean. Many people didn't. For you, "working" seems to have something to do with a revenue stream, not with the technical stability of TCP on Anycast. I see it _is_ working for you. Its just not working for the rest of the internet. [more frivolous dispute deleted] > > Just by way of reference, many people will remember Paul Vixie blustering in > > the 1990s about how he looked forward to a lawsuit to resolve all these > > questions. > > as i've said, there are lawsuits one welcomes when the nasdaq is above > 5000 that aren't as welcome when it's below 1500. being right doesn't > mean you can afford discovery costs from determined and well funded > opponents. MAPS seems pretty well funded, and you seem pretty well funded. Both MAPS and Vixie provided attorneys in the case. And I _think_ one has to dispute facts before one can do discovery for anything. MAPS didn't dispute any of the facts asserted by Exactis. I know that discovery has to be relevant to disputed facts. And I know its not the case that one gets carte blanch to go through opponents confidential records. > > ... See http://www.dotcomeon.com/exactis1.html > > thanks for reminding me about > . i had lost the url, and > somebody recently didn't believe me when i told them i was considered > responsible for the 9/11 attacks against the world trade center. And they still shouldn't believe you. The page doesn't say you were responsible for 9/11. It says that you disrupt emergency email communciations. And you do disrupt emergency and non-emergency email communications, through MAPS at time the page was written and still do through SORBS. > > > > ISC.ORG hosts SORBS. > > > > > > ISC does not host SORBS. > > > > http://www.iadl.org/bm/bill-manning-story.html > > > > 204.152.186.189 still resolves to www.dnsbl.us.sorbs.net. > > > > Saying ISC doesn't host SORBS is more dissembling, by the way. > > thanks for the notice. i've updated that PTR. now i'm hosting av8 > instead. or is that what you mean by dissembling? Yes, it is more dissembling, and altering records for the purpose of deception. So are you often in the habit of putting in deceptive PTR records? Why would you put in the SORBS record if they were never a customer? At the time of the complaint to Bill Manning, and until just recently, the forward record also pointed to 204.152.186.189. The server at that address performed services for SORBS. But we can see from this that Mr. Vixie will move servers and alter records to continue a deception. I'm sure glad these folks don't have physical access to alter ARIN records. Lets make sure they don't ever get the chance. Oh, and please remove the record pointing to AV8. --Dean -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000 From stephen at sprunk.org Wed Jul 25 19:02:59 2007 From: stephen at sprunk.org (Stephen Sprunk) Date: Wed, 25 Jul 2007 18:02:59 -0500 Subject: [ppml] Soliciting comments: IPv4 to IPv6 fast migration References: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com> Message-ID: <03d601c7cf10$34f27600$423816ac@atlanta.polycom.com> Thus spake "William Herrin" > Following your comments and some helpful off-list discussion, I've > prepared a replacement for last month's "IPv4 to IPv6 Migration > Incentive Address Space" proposal. With some mild tweaks to the > existing 6to4 protocol, it seeks to address four problems ARIN faces: > > 1. The looming exhaustion of the IPv4 space. > 2. Obsolete and incorrect legacy IPv4 registration and contact > information. > 3. Legacy IPv4 registrants don't pay their fair share. > 4. The need to constrain route announcements in the IPv6 Default-Free > Zone. > > The current draft of the proposal is at: > > http://bill.herrin.us/arin-policy-proposal-6to4.html > > Your comments, suggestions and constructive criticism will be greatly > appreciated. I don't see how this proposal solves problems 1 or 4 above, though I'll grant it may partially solve problems 2 and 3. I am particularly opposed to abusing the 6to4 spec in this way; if a change to 6to4 is desired (i.e. leaking routes under 2002::/16 into the DFZ), then the IETF is the proper forum to do so, and ARIN should not be considering policy that depends on an RFC change until a draft is at least in the RFC Editor's queue. If the goal is to give PIv6 space to legacy holders -- without meeting the existing standard -- in return for subjecting themselves to the RSA and maintenance fees, then I feel that the appropriate place to propose such a change is in the PIv6 policy itself and that such blocks should be assigned from the same superblock that other PIv6 space is assigned from, not from 2002::/16. S Stephen Sprunk "Those people who think they know everything CCIE #3723 are a great annoyance to those of us who do." K5SSS --Isaac Asimov From paul at vix.com Wed Jul 25 19:28:52 2007 From: paul at vix.com (Paul Vixie) Date: Wed, 25 Jul 2007 23:28:52 +0000 Subject: [ppml] Policy Proposal 2007-15: Authentication ofLegacyResources In-Reply-To: Your message of "Wed, 25 Jul 2007 22:32:17 +0100." References: <1E27D726-6C00-452F-8217-069F96AEDCBD@delong.com> Message-ID: <76422.1185406132@sa.vix.com> > It seems to me that those who shun ARIN, are not members of the ARIN > community at all. plenty of RSA nonsigners have never heard of ARIN, so "shun" doesn't apply. From owen at delong.com Wed Jul 25 19:51:50 2007 From: owen at delong.com (Owen DeLong) Date: Wed, 25 Jul 2007 16:51:50 -0700 Subject: [ppml] Policy Proposal 2007-15: Authentication of LegacyResources In-Reply-To: References: Message-ID: On Jul 25, 2007, at 12:01 PM, Ted Mittelstaedt wrote: > > >> -----Original Message----- >> From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net]On >> Behalf Of >> Owen DeLong >> Sent: Tuesday, July 24, 2007 2:28 PM >> To: Member Services >> Cc: ppml at arin.net >> Subject: Re: [ppml] Policy Proposal 2007-15: Authentication of >> LegacyResources >> >> >> I oppose this proposal as written. >> >> While I am in favor of some of the general intent of this proposal, I >> take >> issue with the following: >> >> 1. Termination of changes to records. >> >> The information in WHOIS is already horribly out of date for >> many records. Refusing to register changes for those organizations >> willing to register their changes but unwilling to sign an RSA is a >> disservice to the ARIN community and does not really provide >> any meaningful incentive to sign the RSA. > > This is a circular argument. Your saying that people who are > unwilling to > sign > an RSA are going to change their minds if a meaningful incentive is > provided, > yet you don't think that refusing to register changes is a meaningful > incentive. > > It sounds to me like the kid telling the parent "I'll eat my dinner > after > getting > ice cream" and the parent giving the ice cream to the kid. Once > the changes > are > made, you have just given away any possibility of having a meaningful > incentive. I am saying that having the whois data current benefits the entire community and that detracting from that is counterproductive. I am all for incentives to sign the RSA, but, termination of changes to whois is not an incentive, it's an attempt to wield a club. A club, which, in this case hurts the wielder more than the recipient of the blow. Mine is not a circular argument, but, I can see how from a certain warped perspective it might appear circular. Unwarp the perspective to the point where you can distinguish between carrot and stick, and, all should become clear. >> >> 2. Fees >> >> ARIN is not really in a position to demand fees from legacy holders. > > Yes, without an RSA they cannot demand fees. > Right, so, making fees a direct result of signing an RSA serves as a disincentive to signing an RSA. >> We should make it possible for legacy holders to enter into an RSA >> without requiring fees. > > The entire point of an RSA is to get fees out of an address > holder. What > possible use is a signed RSA to the community that does not levy fees? > No, it is not. The point of an RSA is to get to a point where the holder is subject to the same general policies and processes as the rest of the community. The increase in ARIN revenues which would result if we somehow convinced EVERY legacy holder to begin paying fees would be very small. The numbers that have been bandied about are relatively trivial, and, they are drastic overestimations of the reality. The reality is that many legacy holders also have ARIN resources which are under RSA. Such holders probably would not pay any additional fees by bringing their resources under RSA. Further, it is very likely that a good chunk of the legacy blocks are held by organizations that are defunct, further reducing the likelihood of actually collecting money. >> We should encourage legacy holders to fully >> join the ARIN process and pay annual fees, but, I think >> that tying the >> RSA signing to a commitment to pay fees is an unnecessary barrier >> to the RSA. The RSA is, in my opinion, the more important goal. >> > > Kind of like a nun saying she wants to get pregnant but retain her vow > of chastity. The fees and RSA are part and parcel of each other. > No, they are not. The RSA is an agreement which, among other things, specifies obligations of the parties on both sides to behave in certain ways and make certain assurances to each other. These aspects of the RSA are the most important goal with respect to legacy addresses. The fees are virtually irrelevant other than the extent to which imposing them stands in the way of the other goals. >> 3. Termination of DNS services >> >> Much like the refusal to make changes to whois, this action is more >> of a disservice to the ARIN community than any sort of incentive for >> legacy holders. >> > > The ARIN community comprises both RSA-signers and non-RSA-signers. > This action helps the RSA-signers because now the legacy holders will > start carrying more of the financial burden and the fees for the > RSA-signers > will go down. It hurts the non-RSA-signers because now they have > to start > paying > money for something they got free. The help and harm > counterbalance each > other and so this proposal is absolutely neutral to the community as a > whole. > Even if the non-signers paid fully the maximum estimated amount, you would not see RSA-signers fees reduced by more than 1 or 2 dollars. I really don't think a 1-2% maximum reduction in fees is a meaningful outcome here. I do think that getting as many legacy holders as possible to agree to abide by ARIN policies is a far more meaningful goal and getting them to sign an RSA will accomplish that goal. > You are just playing at a very clever word game when you use the > term "ARIN > community" > as in one sentence your meaning for it includes legacy holders, in > another > it doesen't, > your switching it around by implication. > I don't believe that I have used the term ARIN community in any context where I intended it to exclude legacy holders. Termination of DNS services for legacy blocks is a disservice to the ENTIRE ARIN COMMUNITY, legacy and non- legacy. It might be a small club (incentive is far too positive a word for this tactic) in terms of it might cause legacy holders some pain, but, the pain will also be shared by non-legacy holders that can no longer resolve reverses for those legacy blocks. > > The long and short of it is that the only argument that has any > weight at > all > for letting the legacy holders continue to get a free ride is that > they > somehow > have a "moral" right to get a free ride because they were promised > one. Of > course, Which, while true, is really not the core issue in my opinion. I really don't care whether they continue to get a free ride or not. I don't think any of the proposals to end the free ride have any chance of being effective. What I do care about is trying to find a way to incorporate the legacy holders into the ARIN policy process and make sure that legacy blocks are properly considered in respect to new resource delegations. > the American Indian made the same argument when the Europeans > pushed them > out > of their homelands and onto reservations and we know what happened > there. > Yes... One of the greatest examples of tyranny, oppression, and atrocities in human history. While the Europeans definitely got the upper hand and the better end of the events, I really would not hold that up as behavior that should be emulated. Owen From paul at vix.com Wed Jul 25 20:09:07 2007 From: paul at vix.com (Paul Vixie) Date: Thu, 26 Jul 2007 00:09:07 +0000 Subject: [ppml] Dean Anderson, 130.105.0.0/16 and the future of the IPv4 Internet.] In-Reply-To: Your message of "Wed, 25 Jul 2007 18:58:01 -0400." References: Message-ID: <90318.1185408547@sa.vix.com> addressed to all: ok, so i've now heard from twice as many people telling me to shut the fsck up as i had previously heard from telling me that (as ted put it) "lies, repeated often enough, become truth." since this is all off-topic anyway, and since dean knows how to pursue trustee removal now, i'm about to STFU about it. a possible bit of wisdom for all of us is that regardless of whether dean is mentally ill, or merely unintelligent, or even perhaps slickly nefarious, it's clear from his output over the last decade or so in every forum he's entered that he lives in his own private idaho. before engaging someone in debate, a common frame of reference is needed. nobody shares a common frame of reference with dean anderson. he certainly won't be learning anything from your attempt communicate with him. i've tried to limit my statements to dean on this thread to objective matters of fact, pointing out falsehoods where they appeared, clarifying things that might have been said in ignorance, that sort of thing. as you have now seen, this kind of response merely adds fuel to dean's fire. we will never know if dean actually believes that the UN is going to take over the governance of the united states of america, or if he just says that kind of stuff to amuse us or to amuse himself. but we do know that there's no way to answer dean in a way that satisfies him or makes these e-mail threads shorter. not here, not on namedroppers, not on the ietf mailing list... nowhere. the more you say, the more he'll rage. so, learn from my example over the last 24 hours, and observe that the only possible constructive thing to do when dean says something you think is whacky is to ignore it. open, but addressed to dean: dean, as an arin trustee i am committed to the well being of this organization, of which you are a member. on the one hand that means defending your right to IP addresses and other resources whenever you can justify your need for them, exactly as i would for anyone else. on the other hand that means i can ignore you when you're talking about stuff unrelated to ARIN, which i now plan to resume doing, as i have done for most of the time since i first encountered you. i wish you well in your walk with the gods, but could you do it more quietly? From arin-contact at dirtside.com Wed Jul 25 20:40:26 2007 From: arin-contact at dirtside.com (William Herrin) Date: Wed, 25 Jul 2007 20:40:26 -0400 Subject: [ppml] Policy Proposal 2007-14: Resource Review Process In-Reply-To: <3c3e3fca0707251540m56a9b597xb16fb4f2a110b9fc@mail.gmail.com> References: <46A65965.6070108@arin.net> <3c3e3fca0707251540m56a9b597xb16fb4f2a110b9fc@mail.gmail.com> Message-ID: <3c3e3fca0707251740h425cb4a7i4c50a80cc59afcd@mail.gmail.com> Leo Bicknell pointed out to me that under section 8 of the RSA, ARIN already has authority to conduct reviews at any time. The proposed policy would further restrict that to no more than once every 12 months. Accordingly, I'll eat some crow and reverse my position: I am FOR this proposal. Regards, Bill Herrin On 7/25/07, William Herrin wrote: > I think this proposal is generally a good idea but I oppose it because > of one specific issue: > > > 2. ARIN may conduct such reviews: > > c. at any other time without cause unless a prior review has been > > completed in the preceding 12 months. > > While it may not be the intent of the proposal, this line allows ARIN > to institute an annual without-cause review (aka annual audit) of all > RSA-based registrants. Given that ARIN may face external pressure to > implement a regular audit during the next several years (making each > of our lives that much more of a pain in the rump), I think its a bad > idea to enable the behavior with policy. > > I believe the without-cause statement should be reworded. Reviews > should only be initiated when there is some affirmative reason to > believe that a registrant is not in compliance with the policies. -- William D. Herrin herrin at dirtside.com bill at herrin.us 3005 Crane Dr. Web: Falls Church, VA 22042-3004 From bicknell at ufp.org Wed Jul 25 20:42:35 2007 From: bicknell at ufp.org (Leo Bicknell) Date: Wed, 25 Jul 2007 20:42:35 -0400 Subject: [ppml] Policy Proposal 2007-15: Authentication of Legacy Resources In-Reply-To: <3c3e3fca0707251400w52035d94q878218db8f2ac6d3@mail.gmail.com> References: <46A65981.90004@arin.net> <3c3e3fca0707251400w52035d94q878218db8f2ac6d3@mail.gmail.com> Message-ID: <20070726004235.GB83329@ussenterprise.ufp.org> In a message written on Wed, Jul 25, 2007 at 05:00:27PM -0400, William Herrin wrote: > 1. Ending RDNS for legacy registrants violates both the spirit and the > letter of how ARIN promised to treat the legacy registrants during its > formation a decade ago. If circumstances require ARIN to walk away > from its promise, then a decent respect to the community it serves > requires ARIN to acknowledge the breach and declare the causes which > compel it. This proposal does an adequate job of neither. I'm really interested by the concept of an "implied contract" for legacy space. I generally agree with the late great Samuel Godlwyn, "A verbal contract isn't worth the paper it's written on." However I've attempted to put that aside and try to see things from the other side of the coin here. First, a reminder of what makes a contract. http://www.expertlaw.com/library/business/contract_law.html Let's walk through it. Was there a "meeting of the minds", specifically with respect to the following issues: That the contract was... * permanent. * transferable. * survivable. * reassignable. * automatically extended to cover "new services". * for the "ownership" of the space. * for the "right to use" the space. * unable to be amended by future policy changes. * that the implied contract with ARIN is identical to the original contract and not a new contract. Offer and acceptance seems pretty clear, IP space was offered in exchange for the user filling out various paperwork and providing various information. [Note, said paperwork and information changed over time; which may have bearing on some of the points above.] Mutual consideration. The requester obtains address space they can use, that part is clear. What of value goes in the other direction. It surely wasn't money in the early days. The only thing that seems clear to me is information, namely the company name and contact information. The thing of value provided by the requester is the information about who's responsible for the block. Performance / Delivery. Now we get to some really interesting ideas. If you take that part of the mutual consideration was the exchange of a range of addresses for contact information, than doesn't letting your contact information lapse (specifically e-mail and snail mail information that is undeliverable) represent breach of contract? If your RDNS servers fall lame, would that be enough to represent breach of contract? Good faith. If the requester thought the contract covered things that SRI, InterNIC, DoDNIC or others did not, were they acting in good faith? It largely goes back to the meeting of the minds problem. No violation of public policy. Wow, here's a briar patch. Is ARIN's "Open Policy Process" public policy? Do the contracts between ICANN and the Government constitute public policy that may limit the contract? Issues that quickly become quite complicated. However, some public policy is simpler. Contracts generally have to abide by the statue of frauds. See http://en.wikipedia.org/wiki/Statute_of_frauds. Of interest here, if legacy space is more like a lease, where ARIN maintains RDNS and whois records then would it not be a contract that cannot be performed in a year and thus generally be required to be in writing? If you take the view that legacy space is more like property, then you run up against goods over $500 need to have a contract in writing. What's the value of a /24? Of a /16? Objectively, I would not want to be ARIN or a Legacy Holder should this ever go to court. If I were a betting man I'd bet neither side got what they wanted. Indeed, that's the crux of the whole problem. I think it's clear at this point that to have a meeting of the minds, in the contract or philosophical sense both sides are going to have to move to the middle. Neither party is going to concede to the other. The question is, how do we come together and find some reasonable middle ground? -- Leo Bicknell - bicknell at ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ Read TMBG List - tmbg-list-request at tmbg.org, www.tmbg.org -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available URL: From owen at delong.com Wed Jul 25 20:59:28 2007 From: owen at delong.com (Owen DeLong) Date: Wed, 25 Jul 2007 17:59:28 -0700 Subject: [ppml] Dean Anderson, 130.105.0.0/16 and the future of the IPv4 Internet. In-Reply-To: References: Message-ID: Actually, it is not. There is a process for addressing that documented on the ARIN website and nowhere does it suggest posting such an accusation to the PPML. http://www.arin.net/about_us/boardguidelines.html#removal So, Dean, I suggest you go try and recruit either 10% of the members in good standing or a majority of the BoT to make an appropriate petition or motion. Owen On Jul 25, 2007, at 3:16 PM, Dean Anderson wrote: > Its not the right forum to discuss the details of Vixie and crony > finances. > > But, I believe this is the right forum for discussing the details of > ARIN Board Member misconduct, and its relation to false claims about > 130.105/16 being hijacked/disused. > > --Dean > > > On Wed, 25 Jul 2007, David Williamson wrote: > >> On Wed, Jul 25, 2007 at 01:27:54PM -0400, Dean Anderson wrote: >>> While this isn't really the right forum, >> >> That's absolutely correct. Please please PLEASE take this somewhere >> else. This has zero to do with ARIN policy. >> >> -David >> >> > > -- > Av8 Internet Prepared to pay a premium for better service? > www.av8.net faster, more reliable, better service > 617 344 9000 > > > _______________________________________________ > This message sent to you through the ARIN Public Policy Mailing List > (PPML at arin.net). > Manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml From owen at delong.com Wed Jul 25 21:07:51 2007 From: owen at delong.com (Owen DeLong) Date: Wed, 25 Jul 2007 18:07:51 -0700 Subject: [ppml] Soliciting comments: IPv4 to IPv6 fast migration In-Reply-To: <3c3e3fca0707251542p5ba313f4w72457acb65fc4db5@mail.gmail.com> References: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com> <3c3e3fca0707251542p5ba313f4w72457acb65fc4db5@mail.gmail.com> Message-ID: <77053E98-C998-4094-8970-C6213947B4A6@delong.com> I have some comments on the proposal as follows: 1. It is very unnecessarily complex. 2. Do you really think that the required 6to4 functionality can be widely enough deployed in less than 4 months? 3. This would make the 6to4 address range a permanent encampment of legacy v4 holders and preserve all of the issues related to the swamp. We should not give up on the v6 transition as an opportunity to drain the swamp. Enshrining the swamp in a permanent IPv6 map is counter-productive. 4. This proposal (and 6to4 in general) appear to ignore what happens when sites have IPv4 addresses, native IPv6 connectivity, but, no longer have native IPv4 connectivity. I oppose the proposal as written. Owen From bonomi at mail.r-bonomi.com Wed Jul 25 21:44:15 2007 From: bonomi at mail.r-bonomi.com (Robert Bonomi) Date: Wed, 25 Jul 2007 20:44:15 -0500 (CDT) Subject: [ppml] EPO Message-ID: <200707260144.l6Q1iFbI005782@s25.firmware.com> > From owner-nanog at merit.edu Wed Jul 25 15:53:45 2007 > Date: Wed, 25 Jul 2007 12:10:11 -0700 > To: nanog at merit.edu > > > Leo Bicknell wrote: > > I was complaining to some of the power designers during the building > > of a major facility that the EPO button represented a single point > > of failure, and effectively made all of the redundancy built into > > the power system useless. After all, what's the point of having > > two (or more) of anything, if there's one button somewhere that > > turns it all off? > It seems to me -- without digging into 'code' compliance reqirements -- that one could profit from some of the 'positive control' designs used in missle silos, nuclear submarines, and the like. Where, to trigger the function, *two* 'buttons' must be pushed. And the buttons are located such that a single person cannot reach both simultaneously. Requiring '2 of 2' buttons to trigger eliminates false positives, but doubles the risk of 'false negatives' if a button malfunctions. This issue can be ameliorated by providing 'more than 2' buttons, while requiring only two buttons pushed to trigger. '2 of 3' will work properly unless there is a _double_ failure -- intentional or accidental. Particularly for a building-wide 'kill' switch, this would seem to be a prudent design. A passive design turns out to be fairly simple. Requirements, in minimal form is a DPDT swith in each box, and 3-wire daisy-chain interconnect. Use 'ring' wiring, with both ends tied to the master control, and even a break (single) in the wiring does not a failure make. From dean at av8.com Wed Jul 25 22:34:46 2007 From: dean at av8.com (Dean Anderson) Date: Wed, 25 Jul 2007 22:34:46 -0400 (EDT) Subject: [ppml] Dean Anderson, 130.105.0.0/16 and the future of the IPv4 Internet.] In-Reply-To: <90318.1185408547@sa.vix.com> Message-ID: On Thu, 26 Jul 2007, Paul Vixie wrote: > we will never know if dean actually believes that the UN is going to > take over the governance of the united states of america, or if he > just says that kind of stuff to amuse us or to amuse himself. I've never said that the UN is going to take over the governance of the United States of America. I said it was possible that the UN might take over the governance of the Internet, from the US Department of Commerce. One might otherwise be tempted to add "...Idiot", but your departure from reality is truly extraordinary. But as we've seen that you repeatedly make entirely false statements, I'm not too surprised by this last one. However, your pathological lying is unbecoming and worrisome when it comes from a person entrusted with the serious responsibilities of which you are entrusted. --Dean -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000 From Keith at jcc.com Wed Jul 25 22:36:14 2007 From: Keith at jcc.com (Keith W. Hare) Date: Wed, 25 Jul 2007 22:36:14 -0400 Subject: [ppml] Soliciting comments: IPv4 to IPv6 fast migration Message-ID: <5c1a7aa646c813405eb2285b353cccd546a808ad@jcc.com> It is not at all clear to me whether or not this proposal will speed adoption of IPv6. I see a several impediments to adopting IPv6: 1. Current ARIN policies favor Provider Agregatable (PA) address allocations rather than Provider Independent allocations (PI). Since IPv6 discourages NAT, this suggests that I get an IPv6 address assignment from an ISP and number all internal resources using the ISP's IPv6 addresses. Then, If I decide to switch ISPs, I have to renumber everything and rewrite all firewall rules. Why would I adopt a protocol that tied me to an ISP? 2. I have lots of devices on the internal network that may not (or maybe they do, I dunno) support IPv6, the temperature monitor and the UPS, for example. These types of devices are going to slow the move to IPv6 in the internal network. 3. My firewalls do not currently support IPv6 and the firewall vendor has not announced when IPv6 will be supported. 4. I *think* my T1 router supports IPv6, but maybe on the next version of the software. It's difficult to find the documentation. 5. I don't know if my upstream ISP supports IPv6 yet. Their web site does not say. I asked my sales contact that question several weeks ago, but between various summer vacations, I haven't gotten an answer yet. 6. Do the software products I use support IPv6 yet? There is a large amount of inertia here. With what I know at the moment, I don't see how we can completely convert the internal network to IPv6 for at least five years, and maybe longer. Keith From arin-contact at dirtside.com Wed Jul 25 22:39:39 2007 From: arin-contact at dirtside.com (William Herrin) Date: Wed, 25 Jul 2007 22:39:39 -0400 Subject: [ppml] Soliciting comments: IPv4 to IPv6 fast migration In-Reply-To: <03d601c7cf10$34f27600$423816ac@atlanta.polycom.com> References: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com> <03d601c7cf10$34f27600$423816ac@atlanta.polycom.com> Message-ID: <3c3e3fca0707251939p43751536y2c5d9c0bfa77b5b@mail.gmail.com> On 7/25/07, Stephen Sprunk wrote: > Thus spake "William Herrin" > > 1. The looming exhaustion of the IPv4 space. > > 2. Obsolete and incorrect legacy IPv4 registration and contact > > information. > > 3. Legacy IPv4 registrants don't pay their fair share. > > 4. The need to constrain route announcements in the IPv6 Default-Free > > Zone. > > http://bill.herrin.us/arin-policy-proposal-6to4.html > > I don't see how this proposal solves problems 1 or 4 above, though I'll > grant it may partially solve problems 2 and 3. Hi Stephen, The only solution I've heard proposed to problem #1 which isn't ridiculous is to deploy IPv6. This proposal forwards that goal by offering any IPv4 registrant willing to deploy IPv6 now the ability to get more IPv6 addresses now than they will qualify for later within the scope of a mechanism that allows them to deploy IPv6 themselves even if their service provider isn't ready yet. This takes a group of folks, IPv4 registrants who don't qualify for IPv6 PI space or just aren't paying attention, folks who are now either on the fence or actively hostile to IPv6 deployment and converts them enthusiastic advocates. For problem 4, I've had it drilled in to my head that IPv6 PI space is a Really Bad Thing because it consumes routing slots in DFZ for small organizations of which there are too many. I have mixed emotions about that claim but I respect that a substantial number of intelligent folks consider it very important. This proposal improves that situation by allowing the inevitable PI space to piggy-back on the existing IPv4 routing table through what could reasonably be described as an MPLS-like tagging process. By doing so, it avoids polluting the IPv6 DFZ. > If the goal is to give PIv6 space to legacy holders -- without meeting the > existing standard -- in return for subjecting themselves to the RSA and > maintenance fees, then I feel that the appropriate place to propose such a > change is in the PIv6 policy itself and that such blocks should be assigned > from the same superblock that other PIv6 space is assigned from, not from > 2002::/16. That's not the goal. The goal is to ubiquitously deploy IPv6 in the next 24 months. For a variety of reasons, that goal is impaired by passive hostility from small operators. This proposal forwards the goal by converting at least some and hopefully a lot of that hostility into productive enthusiasm. Its about using the carrot to lead folks to a helpfully fast deployment of IPv6. And if we can knock out a couple other birds with the same stone, so much the better. Regards, Bill Herrin -- William D. Herrin herrin at dirtside.com bill at herrin.us 3005 Crane Dr. Web: Falls Church, VA 22042-3004 From arin-contact at dirtside.com Wed Jul 25 22:40:41 2007 From: arin-contact at dirtside.com (William Herrin) Date: Wed, 25 Jul 2007 22:40:41 -0400 Subject: [ppml] Soliciting comments: IPv4 to IPv6 fast migration In-Reply-To: <77053E98-C998-4094-8970-C6213947B4A6@delong.com> References: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com> <3c3e3fca0707251542p5ba313f4w72457acb65fc4db5@mail.gmail.com> <77053E98-C998-4094-8970-C6213947B4A6@delong.com> Message-ID: <3c3e3fca0707251940i70f3b83fpa53782e0312fbf74@mail.gmail.com> On 7/25/07, Owen DeLong wrote: > 1. It is very unnecessarily complex. Hi Owen, It is complex. I'm open to constuctive suggestions on how to reduce that complexity. > 2. Do you really think that the required 6to4 functionality can be > widely enough deployed in less than 4 months? A minimalist implementation involves removing what little filtering of 2002:: prefixes exists from routers used by some 800 organizations. I believe it could be accomplished in 4 weeks, let alone 4 months. All the same, this is a fair question for the network operators. I'll refer it to the folks on nanog when I ask them. Beyond the minimalist implementation, orgs are free to filter and encapsulate or not, whatever meets their local goals. As no avalanche of 6to4 users will suddenly appear on 1/1/2008, they have ample time to choose, plan, test and implement. > 3. This would make the 6to4 address range a permanent encampment > of legacy v4 holders and preserve all of the issues related to the > swamp. The first issue with the swamp is the scattered, discontiguous blocks. This proposal addresses that issue by permitting each org only one block. The second issue with the swamp is ARIN's ambiguous authority to do anything about it like asking folks to renumber. This proposal addresses that issue by requiring the blocks to fall under the RSA. This proposal does create a permanent encampment of v4 holders. But they're not legacy holders: they'll all have signed an RSA, subjecting themselves to then-current IPv4 and IPv6 policies moving forward. > 4. This proposal (and 6to4 in general) appear to ignore what happens > when sites have IPv4 addresses, native IPv6 connectivity, but, no > longer have native IPv4 connectivity. Phase 3 of the proposal entitled "Native phase: Following the decline of IPv4," addresses your question. 6to4 does not address the question because absent a policy like this one the question is moot. A more general sketch of what happens is this: the backbones drop native IPv4 and start tunnelling it before the end-user sites do. The end user with 6to4 space certainly isn't going to drop IPv4 connectivity. As the beckbones drop IPv4, they start routing 2002:: natively as required in the updated RFC. As a result, a steadily lower percentage of the incoming v6 traffic at the end-user site is encapsulated. By the time any of this becomes more than a mild annoyance, ARIN makes its periodic assessment (last item in phase 2) and announces the move to phase 3 in which folks are asked to propagate the 2002:: routes so that normal routing takes precendence over the 2002::/16 route to the encapsulator while those who are not part of the IPv6 DFZ are asked to remove any 6to4 encapsulators. Regards, Bill Herrin -- William D. Herrin herrin at dirtside.com bill at herrin.us 3005 Crane Dr. Web: Falls Church, VA 22042-3004 From arin-contact at dirtside.com Wed Jul 25 22:43:22 2007 From: arin-contact at dirtside.com (William Herrin) Date: Wed, 25 Jul 2007 22:43:22 -0400 Subject: [ppml] Soliciting comments: IPv4 to IPv6 fast migration In-Reply-To: <20070726013016.GS9951@elvis.mu.org> References: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com> <20070726013016.GS9951@elvis.mu.org> Message-ID: <3c3e3fca0707251943r429432at3dfa7d87c63563d2@mail.gmail.com> On 7/25/07, bill fumerola wrote: > 6to4 is one of many systems to help transition. changes to how the space > is handled must go through the IETF. this policy proposal seems moot > given that it seeks to change RFC defined policies. Hi Bill, I've been discussing this off-list for the past few weeks with Brian Carpenter, one of RFC 3056's authors. The view he expressed to me (and I'm relying on his judgement here) is that submitting a short update RFC would be a side issue if consensus could be reached here at ARIN and among the network operators on NANOG's list. Does that allay your concerns about the IETF/RFC side of the proposal? > IETF/RFC concerns aside, dragging legacy addressing assignments forward > into a new DFZ we're trying to keep clean also seems counter-productive. > turning the 6to4 2002::/16 into a source of potential table pollution > seems like the wrong direction to take. this forum is the wrong place > to make that decision for the entire community. It is my intention to ask folks on NANOG's list to comment on the operational aspects of the proposal, especially table pollution. I wanted to get my feet a little wet over here first before jumping the rest of the way in. :) Regards, Bill Herrin -- William D. Herrin herrin at dirtside.com bill at herrin.us 3005 Crane Dr. Web: Falls Church, VA 22042-3004 From jordi.palet at consulintel.es Wed Jul 25 22:57:02 2007 From: jordi.palet at consulintel.es (JORDI PALET MARTINEZ) Date: Wed, 25 Jul 2007 21:57:02 -0500 Subject: [ppml] Soliciting comments: IPv4 to IPv6 fast migration In-Reply-To: <5c1a7aa646c813405eb2285b353cccd546a808ad@jcc.com> Message-ID: Hi Keith, This is a very good example of the typical set of issues that have easy solutions ;-), at least in a temporary phase, so you can start testing IPv6 w/o any major investment. We are talking about transition and co-existence, not migration. Starting from that point, all make much more sense. See below in-line. Regards, Jordi > De: "Keith W. Hare" > Responder a: > Fecha: Wed, 25 Jul 2007 22:36:14 -0400 > Para: ARIN Address Policy > Asunto: Re: [ppml] Soliciting comments: IPv4 to IPv6 fast migration > > > It is not at all clear to me whether or not this proposal will speed > adoption of IPv6. > > I see a several impediments to adopting IPv6: > > 1. Current ARIN policies favor Provider Agregatable (PA) address > allocations rather than Provider Independent allocations (PI). Since > IPv6 discourages NAT, this suggests that I get an IPv6 address Doesn't discourages. It is no longer needed, because NAT was created as an earlier and quick solution for the lack of IPv4 addresses. Then we started using it for many other things that was not designed for (such as avoiding renumbering using PA, hiding networks, false security, etc.). > assignment from an ISP and number all internal resources using the ISP's > IPv6 addresses. Then, If I decide to switch ISPs, I have to renumber > everything and rewrite all firewall rules. Why would I adopt a protocol > that tied me to an ISP? You can also obtain IPv6 PI if this is problem for your case. > > 2. I have lots of devices on the internal network that may not (or > maybe they do, I dunno) support IPv6, the temperature monitor and the > UPS, for example. These types of devices are going to slow the move to > IPv6 in the internal network. Not an issue, as it is a transition and co-existence, so we keep using DUAL-STACK. Those devices still can keep using IPv4. In fact my strong recommendation is to keep using dual-stack in the LAN, typically you keep using private addresses for IPv4. If any of those devices need to be addressed from outside of you LAN, you use same techniques as today (NAT/PAT translations, VPNs, etc.), or if you want to use them from IPv6 "only" networks, then you will use some kind of portproxy or similar, to allow an incoming IPv6 connection to your network to be forwarded to that IPv4 device in the LAN. > > 3. My firewalls do not currently support IPv6 and the firewall vendor > has not announced when IPv6 will be supported. It is a bad vendor ;-) No, seriously, you can still setup a linux or your preferred low-cost alternative box with iptables6. > > 4. I *think* my T1 router supports IPv6, but maybe on the next version > of the software. It's difficult to find the documentation. You can use the same box (a PC) to be used as the IPv6 firewall as the IPv6 router for your network an tunnel IPv6 to outside. > > 5. I don't know if my upstream ISP supports IPv6 yet. Their web site > does not say. I asked my sales contact that question several weeks ago, > but between various summer vacations, I haven't gotten an answer yet. If your ISP doesn't support IPv6, make sure to ask for it, but meanwhile, you can use alternative IPv6 transit providers, most of them even free. > > 6. Do the software products I use support IPv6 yet? Difficult to say w/o a list, but even if it is not the case, as you run dual-stack, there is no immediate need for that ! And if needed, portproxy is your friend. > > There is a large amount of inertia here. With what I know at the moment, > I don't see how we can completely convert the internal network to IPv6 > for at least five years, and maybe longer. I guess much before 5 years you will have many other reasons to replace hardware and apps if you still want to get rid of IPv4 completely at that time. > > Keith > > > > > > > > > _______________________________________________ > This message sent to you through the ARIN Public Policy Mailing List > (PPML at arin.net). > Manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml From arin-contact at dirtside.com Wed Jul 25 22:59:57 2007 From: arin-contact at dirtside.com (William Herrin) Date: Wed, 25 Jul 2007 22:59:57 -0400 Subject: [ppml] Soliciting comments: IPv4 to IPv6 fast migration In-Reply-To: <5c1a7aa646c813405eb2285b353cccd546a808ad@jcc.com> References: <5c1a7aa646c813405eb2285b353cccd546a808ad@jcc.com> Message-ID: <3c3e3fca0707251959h1bfdbecem6df1bd2f230b8877@mail.gmail.com> On 7/25/07, Keith W. Hare wrote: > I see a several impediments to adopting IPv6: > > 1. Current ARIN policies favor Provider Agregatable (PA) address > allocations rather than Provider Independent allocations (PI). Since > IPv6 discourages NAT, this suggests that I get an IPv6 address > assignment from an ISP and number all internal resources using the ISP's > IPv6 addresses. Then, If I decide to switch ISPs, I have to renumber > everything and rewrite all firewall rules. Why would I adopt a protocol > that tied me to an ISP? Hi Keith, This proposal addresses that concern by allowing you to move your existing IPv4 PI block forward in to IPv6. > 2. I have lots of devices on the internal network that may not (or > maybe they do, I dunno) support IPv6, the temperature monitor and the > UPS, for example. These types of devices are going to slow the move to > IPv6 in the internal network. This proposal does not address that, however I would note that deploying IPv6 does not preclude continued use of IPv4. Indeed, its unlikely that anyone deploying IPv6 will soon stop using IPv4. > 3. My firewalls do not currently support IPv6 and the firewall vendor > has not announced when IPv6 will be supported. This proposal does not address that. > 4. I *think* my T1 router supports IPv6, but maybe on the next version > of the software. It's difficult to find the documentation. This proposal does not address that however T1 routers which do support IPv6 are readily available on ebay in the sub-$500 range. > 5. I don't know if my upstream ISP supports IPv6 yet. Their web site > does not say. I asked my sales contact that question several weeks ago, > but between various summer vacations, I haven't gotten an answer yet. This proposal addresses that. 6to4 was specifically designed to allow islands of IPv6 users interconnected via IPv4 networks to communicate with each other and the native IPv6 backbone. Under this proposal, you could begin using IPv6 immediately and then convert to native IPv6 without renumbering once your ISP supports it. > 6. Do the software products I use support IPv6 yet? Windows XP and forward do, along with the common applications such as Internet Explorer. Linux kernel 2.4 and forward do as do most of the common applications including Firefox. I'm pretty sure Mac OS X does as well. Regards, Bill Herrin -- William D. Herrin herrin at dirtside.com bill at herrin.us 3005 Crane Dr. Web: Falls Church, VA 22042-3004 From james.rink at us.army.mil Wed Jul 25 23:00:04 2007 From: james.rink at us.army.mil (Rink, James P CTR USA) Date: Wed, 25 Jul 2007 22:00:04 -0500 Subject: [ppml] Help Message-ID: <97EE5EA4A17D4344A131C0A828DAA79C56ADD3@POLK1100BEA3C1V.nasw.ds.army.mil> -------------------------- Sent from my BlackBerry Wireless Handheld -----Original Message----- From: ppml-bounces at arin.net To: ppml at arin.net Sent: Wed Jul 25 21:57:26 2007 Subject: PPML Digest, Vol 25, Issue 71 Send PPML mailing list submissions to ppml at arin.net To subscribe or unsubscribe via the World Wide Web, visit http://lists.arin.net/mailman/listinfo/ppml or, via email, send a message with subject or body 'help' to ppml-request at arin.net You can reach the person managing the list at ppml-owner at arin.net When replying, please edit your Subject line so it is more specific than "Re: Contents of PPML digest..." Today's Topics: 1. Re: Dean Anderson, 130.105.0.0/16 and the future of the IPv4 Internet. (Owen DeLong) 2. Re: Soliciting comments: IPv4 to IPv6 fast migration (Owen DeLong) 3. Re: EPO (Robert Bonomi) 4. Re: Dean Anderson, 130.105.0.0/16 and the future of the IPv4 Internet.] (Dean Anderson) 5. Re: Soliciting comments: IPv4 to IPv6 fast migration (Keith W. Hare) 6. Re: Soliciting comments: IPv4 to IPv6 fast migration (William Herrin) 7. Re: Soliciting comments: IPv4 to IPv6 fast migration (William Herrin) 8. Re: Soliciting comments: IPv4 to IPv6 fast migration (William Herrin) 9. Re: Soliciting comments: IPv4 to IPv6 fast migration (JORDI PALET MARTINEZ) ---------------------------------------------------------------------- Message: 1 Date: Wed, 25 Jul 2007 17:59:28 -0700 From: Owen DeLong Subject: Re: [ppml] Dean Anderson, 130.105.0.0/16 and the future of the IPv4 Internet. To: Dean Anderson Cc: Paul Vixie , ppml at arin.net Message-ID: Content-Type: text/plain; charset=US-ASCII; format=flowed Actually, it is not. There is a process for addressing that documented on the ARIN website and nowhere does it suggest posting such an accusation to the PPML. http://www.arin.net/about_us/boardguidelines.html#removal So, Dean, I suggest you go try and recruit either 10% of the members in good standing or a majority of the BoT to make an appropriate petition or motion. Owen On Jul 25, 2007, at 3:16 PM, Dean Anderson wrote: > Its not the right forum to discuss the details of Vixie and crony > finances. > > But, I believe this is the right forum for discussing the details of > ARIN Board Member misconduct, and its relation to false claims about > 130.105/16 being hijacked/disused. > > --Dean > > > On Wed, 25 Jul 2007, David Williamson wrote: > >> On Wed, Jul 25, 2007 at 01:27:54PM -0400, Dean Anderson wrote: >>> While this isn't really the right forum, >> >> That's absolutely correct. Please please PLEASE take this somewhere >> else. This has zero to do with ARIN policy. >> >> -David >> >> > > -- > Av8 Internet Prepared to pay a premium for better service? > www.av8.net faster, more reliable, better service > 617 344 9000 > > > _______________________________________________ > This message sent to you through the ARIN Public Policy Mailing List > (PPML at arin.net). > Manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml ------------------------------ Message: 2 Date: Wed, 25 Jul 2007 18:07:51 -0700 From: Owen DeLong Subject: Re: [ppml] Soliciting comments: IPv4 to IPv6 fast migration To: "William Herrin" Cc: ARIN Address Policy Message-ID: <77053E98-C998-4094-8970-C6213947B4A6 at delong.com> Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed I have some comments on the proposal as follows: 1. It is very unnecessarily complex. 2. Do you really think that the required 6to4 functionality can be widely enough deployed in less than 4 months? 3. This would make the 6to4 address range a permanent encampment of legacy v4 holders and preserve all of the issues related to the swamp. We should not give up on the v6 transition as an opportunity to drain the swamp. Enshrining the swamp in a permanent IPv6 map is counter-productive. 4. This proposal (and 6to4 in general) appear to ignore what happens when sites have IPv4 addresses, native IPv6 connectivity, but, no longer have native IPv4 connectivity. I oppose the proposal as written. Owen ------------------------------ Message: 3 Date: Wed, 25 Jul 2007 20:44:15 -0500 (CDT) From: Robert Bonomi Subject: Re: [ppml] EPO To: ppml at arin.net Message-ID: <200707260144.l6Q1iFbI005782 at s25.firmware.com> > From owner-nanog at merit.edu Wed Jul 25 15:53:45 2007 > Date: Wed, 25 Jul 2007 12:10:11 -0700 > To: nanog at merit.edu > > > Leo Bicknell wrote: > > I was complaining to some of the power designers during the building > > of a major facility that the EPO button represented a single point > > of failure, and effectively made all of the redundancy built into > > the power system useless. After all, what's the point of having > > two (or more) of anything, if there's one button somewhere that > > turns it all off? > It seems to me -- without digging into 'code' compliance reqirements -- that one could profit from some of the 'positive control' designs used in missle silos, nuclear submarines, and the like. Where, to trigger the function, *two* 'buttons' must be pushed. And the buttons are located such that a single person cannot reach both simultaneously. Requiring '2 of 2' buttons to trigger eliminates false positives, but doubles the risk of 'false negatives' if a button malfunctions. This issue can be ameliorated by providing 'more than 2' buttons, while requiring only two buttons pushed to trigger. '2 of 3' will work properly unless there is a _double_ failure -- intentional or accidental. Particularly for a building-wide 'kill' switch, this would seem to be a prudent design. A passive design turns out to be fairly simple. Requirements, in minimal form is a DPDT swith in each box, and 3-wire daisy-chain interconnect. Use 'ring' wiring, with both ends tied to the master control, and even a break (single) in the wiring does not a failure make. ------------------------------ Message: 4 Date: Wed, 25 Jul 2007 22:34:46 -0400 (EDT) From: Dean Anderson Subject: Re: [ppml] Dean Anderson, 130.105.0.0/16 and the future of the IPv4 Internet.] To: Paul Vixie Cc: ppml at arin.net Message-ID: Content-Type: TEXT/PLAIN; charset=US-ASCII On Thu, 26 Jul 2007, Paul Vixie wrote: > we will never know if dean actually believes that the UN is going to > take over the governance of the united states of america, or if he > just says that kind of stuff to amuse us or to amuse himself. I've never said that the UN is going to take over the governance of the United States of America. I said it was possible that the UN might take over the governance of the Internet, from the US Department of Commerce. One might otherwise be tempted to add "...Idiot", but your departure from reality is truly extraordinary. But as we've seen that you repeatedly make entirely false statements, I'm not too surprised by this last one. However, your pathological lying is unbecoming and worrisome when it comes from a person entrusted with the serious responsibilities of which you are entrusted. --Dean -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000 ------------------------------ Message: 5 Date: Wed, 25 Jul 2007 22:36:14 -0400 From: "Keith W. Hare" Subject: Re: [ppml] Soliciting comments: IPv4 to IPv6 fast migration To: "ARIN Address Policy" Message-ID: <5c1a7aa646c813405eb2285b353cccd546a808ad at jcc.com> Content-Type: text/plain; charset="us-ascii" It is not at all clear to me whether or not this proposal will speed adoption of IPv6. I see a several impediments to adopting IPv6: 1. Current ARIN policies favor Provider Agregatable (PA) address allocations rather than Provider Independent allocations (PI). Since IPv6 discourages NAT, this suggests that I get an IPv6 address assignment from an ISP and number all internal resources using the ISP's IPv6 addresses. Then, If I decide to switch ISPs, I have to renumber everything and rewrite all firewall rules. Why would I adopt a protocol that tied me to an ISP? 2. I have lots of devices on the internal network that may not (or maybe they do, I dunno) support IPv6, the temperature monitor and the UPS, for example. These types of devices are going to slow the move to IPv6 in the internal network. 3. My firewalls do not currently support IPv6 and the firewall vendor has not announced when IPv6 will be supported. 4. I *think* my T1 router supports IPv6, but maybe on the next version of the software. It's difficult to find the documentation. 5. I don't know if my upstream ISP supports IPv6 yet. Their web site does not say. I asked my sales contact that question several weeks ago, but between various summer vacations, I haven't gotten an answer yet. 6. Do the software products I use support IPv6 yet? There is a large amount of inertia here. With what I know at the moment, I don't see how we can completely convert the internal network to IPv6 for at least five years, and maybe longer. Keith ------------------------------ Message: 6 Date: Wed, 25 Jul 2007 22:39:39 -0400 From: "William Herrin" Subject: Re: [ppml] Soliciting comments: IPv4 to IPv6 fast migration To: "Stephen Sprunk" Cc: ARIN PPML Message-ID: <3c3e3fca0707251939p43751536y2c5d9c0bfa77b5b at mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1 On 7/25/07, Stephen Sprunk wrote: > Thus spake "William Herrin" > > 1. The looming exhaustion of the IPv4 space. > > 2. Obsolete and incorrect legacy IPv4 registration and contact > > information. > > 3. Legacy IPv4 registrants don't pay their fair share. > > 4. The need to constrain route announcements in the IPv6 Default-Free > > Zone. > > http://bill.herrin.us/arin-policy-proposal-6to4.html > > I don't see how this proposal solves problems 1 or 4 above, though I'll > grant it may partially solve problems 2 and 3. Hi Stephen, The only solution I've heard proposed to problem #1 which isn't ridiculous is to deploy IPv6. This proposal forwards that goal by offering any IPv4 registrant willing to deploy IPv6 now the ability to get more IPv6 addresses now than they will qualify for later within the scope of a mechanism that allows them to deploy IPv6 themselves even if their service provider isn't ready yet. This takes a group of folks, IPv4 registrants who don't qualify for IPv6 PI space or just aren't paying attention, folks who are now either on the fence or actively hostile to IPv6 deployment and converts them enthusiastic advocates. For problem 4, I've had it drilled in to my head that IPv6 PI space is a Really Bad Thing because it consumes routing slots in DFZ for small organizations of which there are too many. I have mixed emotions about that claim but I respect that a substantial number of intelligent folks consider it very important. This proposal improves that situation by allowing the inevitable PI space to piggy-back on the existing IPv4 routing table through what could reasonably be described as an MPLS-like tagging process. By doing so, it avoids polluting the IPv6 DFZ. > If the goal is to give PIv6 space to legacy holders -- without meeting the > existing standard -- in return for subjecting themselves to the RSA and > maintenance fees, then I feel that the appropriate place to propose such a > change is in the PIv6 policy itself and that such blocks should be assigned > from the same superblock that other PIv6 space is assigned from, not from > 2002::/16. That's not the goal. The goal is to ubiquitously deploy IPv6 in the next 24 months. For a variety of reasons, that goal is impaired by passive hostility from small operators. This proposal forwards the goal by converting at least some and hopefully a lot of that hostility into productive enthusiasm. Its about using the carrot to lead folks to a helpfully fast deployment of IPv6. And if we can knock out a couple other birds with the same stone, so much the better. Regards, Bill Herrin -- William D. Herrin herrin at dirtside.com bill at herrin.us 3005 Crane Dr. Web: Falls Church, VA 22042-3004 ------------------------------ Message: 7 Date: Wed, 25 Jul 2007 22:40:41 -0400 From: "William Herrin" Subject: Re: [ppml] Soliciting comments: IPv4 to IPv6 fast migration To: "Owen DeLong" Cc: ppml at arin.net Message-ID: <3c3e3fca0707251940i70f3b83fpa53782e0312fbf74 at mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1 On 7/25/07, Owen DeLong wrote: > 1. It is very unnecessarily complex. Hi Owen, It is complex. I'm open to constuctive suggestions on how to reduce that complexity. > 2. Do you really think that the required 6to4 functionality can be > widely enough deployed in less than 4 months? A minimalist implementation involves removing what little filtering of 2002:: prefixes exists from routers used by some 800 organizations. I believe it could be accomplished in 4 weeks, let alone 4 months. All the same, this is a fair question for the network operators. I'll refer it to the folks on nanog when I ask them. Beyond the minimalist implementation, orgs are free to filter and encapsulate or not, whatever meets their local goals. As no avalanche of 6to4 users will suddenly appear on 1/1/2008, they have ample time to choose, plan, test and implement. > 3. This would make the 6to4 address range a permanent encampment > of legacy v4 holders and preserve all of the issues related to the > swamp. The first issue with the swamp is the scattered, discontiguous blocks. This proposal addresses that issue by permitting each org only one block. The second issue with the swamp is ARIN's ambiguous authority to do anything about it like asking folks to renumber. This proposal addresses that issue by requiring the blocks to fall under the RSA. This proposal does create a permanent encampment of v4 holders. But they're not legacy holders: they'll all have signed an RSA, subjecting themselves to then-current IPv4 and IPv6 policies moving forward. > 4. This proposal (and 6to4 in general) appear to ignore what happens > when sites have IPv4 addresses, native IPv6 connectivity, but, no > longer have native IPv4 connectivity. Phase 3 of the proposal entitled "Native phase: Following the decline of IPv4," addresses your question. 6to4 does not address the question because absent a policy like this one the question is moot. A more general sketch of what happens is this: the backbones drop native IPv4 and start tunnelling it before the end-user sites do. The end user with 6to4 space certainly isn't going to drop IPv4 connectivity. As the beckbones drop IPv4, they start routing 2002:: natively as required in the updated RFC. As a result, a steadily lower percentage of the incoming v6 traffic at the end-user site is encapsulated. By the time any of this becomes more than a mild annoyance, ARIN makes its periodic assessment (last item in phase 2) and announces the move to phase 3 in which folks are asked to propagate the 2002:: routes so that normal routing takes precendence over the 2002::/16 route to the encapsulator while those who are not part of the IPv6 DFZ are asked to remove any 6to4 encapsulators. Regards, Bill Herrin -- William D. Herrin herrin at dirtside.com bill at herrin.us 3005 Crane Dr. Web: Falls Church, VA 22042-3004 ------------------------------ Message: 8 Date: Wed, 25 Jul 2007 22:43:22 -0400 From: "William Herrin" Subject: Re: [ppml] Soliciting comments: IPv4 to IPv6 fast migration To: "bill fumerola" Cc: ARIN Address Policy Message-ID: <3c3e3fca0707251943r429432at3dfa7d87c63563d2 at mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1 On 7/25/07, bill fumerola wrote: > 6to4 is one of many systems to help transition. changes to how the space > is handled must go through the IETF. this policy proposal seems moot > given that it seeks to change RFC defined policies. Hi Bill, I've been discussing this off-list for the past few weeks with Brian Carpenter, one of RFC 3056's authors. The view he expressed to me (and I'm relying on his judgement here) is that submitting a short update RFC would be a side issue if consensus could be reached here at ARIN and among the network operators on NANOG's list. Does that allay your concerns about the IETF/RFC side of the proposal? > IETF/RFC concerns aside, dragging legacy addressing assignments forward > into a new DFZ we're trying to keep clean also seems counter-productive. > turning the 6to4 2002::/16 into a source of potential table pollution > seems like the wrong direction to take. this forum is the wrong place > to make that decision for the entire community. It is my intention to ask folks on NANOG's list to comment on the operational aspects of the proposal, especially table pollution. I wanted to get my feet a little wet over here first before jumping the rest of the way in. :) Regards, Bill Herrin -- William D. Herrin herrin at dirtside.com bill at herrin.us 3005 Crane Dr. Web: Falls Church, VA 22042-3004 ------------------------------ Message: 9 Date: Wed, 25 Jul 2007 21:57:02 -0500 From: JORDI PALET MARTINEZ Subject: Re: [ppml] Soliciting comments: IPv4 to IPv6 fast migration To: Message-ID: Content-Type: text/plain; charset="US-ASCII" Hi Keith, This is a very good example of the typical set of issues that have easy solutions ;-), at least in a temporary phase, so you can start testing IPv6 w/o any major investment. We are talking about transition and co-existence, not migration. Starting from that point, all make much more sense. See below in-line. Regards, Jordi > De: "Keith W. Hare" > Responder a: > Fecha: Wed, 25 Jul 2007 22:36:14 -0400 > Para: ARIN Address Policy > Asunto: Re: [ppml] Soliciting comments: IPv4 to IPv6 fast migration > > > It is not at all clear to me whether or not this proposal will speed > adoption of IPv6. > > I see a several impediments to adopting IPv6: > > 1. Current ARIN policies favor Provider Agregatable (PA) address > allocations rather than Provider Independent allocations (PI). Since > IPv6 discourages NAT, this suggests that I get an IPv6 address Doesn't discourages. It is no longer needed, because NAT was created as an earlier and quick solution for the lack of IPv4 addresses. Then we started using it for many other things that was not designed for (such as avoiding renumbering using PA, hiding networks, false security, etc.). > assignment from an ISP and number all internal resources using the ISP's > IPv6 addresses. Then, If I decide to switch ISPs, I have to renumber > everything and rewrite all firewall rules. Why would I adopt a protocol > that tied me to an ISP? You can also obtain IPv6 PI if this is problem for your case. > > 2. I have lots of devices on the internal network that may not (or > maybe they do, I dunno) support IPv6, the temperature monitor and the > UPS, for example. These types of devices are going to slow the move to > IPv6 in the internal network. Not an issue, as it is a transition and co-existence, so we keep using DUAL-STACK. Those devices still can keep using IPv4. In fact my strong recommendation is to keep using dual-stack in the LAN, typically you keep using private addresses for IPv4. If any of those devices need to be addressed from outside of you LAN, you use same techniques as today (NAT/PAT translations, VPNs, etc.), or if you want to use them from IPv6 "only" networks, then you will use some kind of portproxy or similar, to allow an incoming IPv6 connection to your network to be forwarded to that IPv4 device in the LAN. > > 3. My firewalls do not currently support IPv6 and the firewall vendor > has not announced when IPv6 will be supported. It is a bad vendor ;-) No, seriously, you can still setup a linux or your preferred low-cost alternative box with iptables6. > > 4. I *think* my T1 router supports IPv6, but maybe on the next version > of the software. It's difficult to find the documentation. You can use the same box (a PC) to be used as the IPv6 firewall as the IPv6 router for your network an tunnel IPv6 to outside. > > 5. I don't know if my upstream ISP supports IPv6 yet. Their web site > does not say. I asked my sales contact that question several weeks ago, > but between various summer vacations, I haven't gotten an answer yet. If your ISP doesn't support IPv6, make sure to ask for it, but meanwhile, you can use alternative IPv6 transit providers, most of them even free. > > 6. Do the software products I use support IPv6 yet? Difficult to say w/o a list, but even if it is not the case, as you run dual-stack, there is no immediate need for that ! And if needed, portproxy is your friend. > > There is a large amount of inertia here. With what I know at the moment, > I don't see how we can completely convert the internal network to IPv6 > for at least five years, and maybe longer. I guess much before 5 years you will have many other reasons to replace hardware and apps if you still want to get rid of IPv4 completely at that time. > > Keith > > > > > > > > > _______________________________________________ > This message sent to you through the ARIN Public Policy Mailing List > (PPML at arin.net). > Manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml ------------------------------ _______________________________________________ PPML mailing list PPML at arin.net http://lists.arin.net/mailman/listinfo/ppml End of PPML Digest, Vol 25, Issue 71 ************************************ -------------- next part -------------- An HTML attachment was scrubbed... URL: From arin-contact at dirtside.com Wed Jul 25 23:17:25 2007 From: arin-contact at dirtside.com (William Herrin) Date: Wed, 25 Jul 2007 23:17:25 -0400 Subject: [ppml] Policy Proposal 2007-15: Authentication of Legacy Resources In-Reply-To: <20070726004235.GB83329@ussenterprise.ufp.org> References: <46A65981.90004@arin.net> <3c3e3fca0707251400w52035d94q878218db8f2ac6d3@mail.gmail.com> <20070726004235.GB83329@ussenterprise.ufp.org> Message-ID: <3c3e3fca0707252017h3f525488ub4ada1f6bea978b5@mail.gmail.com> On 7/25/07, Leo Bicknell wrote: > I'm really interested by the concept of an "implied contract" for > legacy space. I generally agree with the late great Samuel Godlwyn, > "A verbal contract isn't worth the paper it's written on." However > I've attempted to put that aside and try to see things from the > other side of the coin here. > > Performance / Delivery. Now we get to some really interesting > ideas. If you take that part of the mutual consideration was the > exchange of a range of addresses for contact information, than > doesn't letting your contact information lapse (specifically e-mail > and snail mail information that is undeliverable) represent breach > of contract? If your RDNS servers fall lame, would that be enough to > represent breach of contract? Hi Leo, There's a big one here that many folks miss: when the law talks about performance or delivery, it also means completion. Contracts generally don't continue forever. When the goods are delivered and the warranty expires, the contract is done. If a contract fails to specify when or how a contract ends, the court usually holds that its a "contract of indefinite duration," terminable at the will of either party. On the flip side, the courts generally hold that to be enforceable, a contract which purports to run in perpetuity must be adamantly clear that this is the parties' intent. Even then, they're frequently found to be contrary to public policy. Regards, Bill Herrin -- William D. Herrin herrin at dirtside.com bill at herrin.us 3005 Crane Dr. Web: Falls Church, VA 22042-3004 From Keith at jcc.com Wed Jul 25 23:28:17 2007 From: Keith at jcc.com (Keith W. Hare) Date: Wed, 25 Jul 2007 23:28:17 -0400 Subject: [ppml] Soliciting comments: IPv4 to IPv6 fast migration Message-ID: <76ce3557c290a3d4b184fb111711dbf946a814e4@jcc.com> > -----Original Message----- > From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On > Behalf Of JORDI PALET MARTINEZ > Sent: Wednesday, July 25, 2007 10:57 PM > To: ppml at arin.net > Subject: Re: [ppml] Soliciting comments: IPv4 to IPv6 fast migration >... > > > > 1. Current ARIN policies favor Provider Agregatable (PA) address > > allocations rather than Provider Independent allocations > (PI). Since > > IPv6 discourages NAT, this suggests that I get an IPv6 address > > Doesn't discourages. It is no longer needed, because NAT was > created as an > earlier and quick solution for the lack of IPv4 addresses. > Then we started > using it for many other things that was not designed for > (such as avoiding > renumbering using PA, hiding networks, false security, etc.). > > > assignment from an ISP and number all internal resources > using the ISP's > > IPv6 addresses. Then, If I decide to switch ISPs, I have > to renumber > > everything and rewrite all firewall rules. Why would I > adopt a protocol > > that tied me to an ISP? > > You can also obtain IPv6 PI if this is problem for your case. I might be able to obtain an IPv6 PI allocation. I will have to apply to find out. However, I don't see why any end user with more than a couple of systems would accept PA addresses for an internal network. Keith From michael.dillon at bt.com Thu Jul 26 05:02:41 2007 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Thu, 26 Jul 2007 10:02:41 +0100 Subject: [ppml] Dean Anderson, 130.105.0.0/16 and the future of the IPv4 Internet.] In-Reply-To: References: <57780.1185330484@sa.vix.com> Message-ID: > Vixie et al told people it had > no effect on the wire protocol, and that no implementations > had to change. Wire protocols? > MAPS seems pretty well funded, and you seem pretty well funded. Both > MAPS and Vixie provided attorneys in the case. And I _think_ > one has to > dispute facts before one can do discovery for anything. Attorneys? Discovery? Why on earth is this discussion still on the public policy list? What do we need to do to get ARIN to clean up this mess? --Michael Dillon From michael.dillon at bt.com Thu Jul 26 05:18:17 2007 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Thu, 26 Jul 2007 10:18:17 +0100 Subject: [ppml] Policy Proposal 2007-15: Authentication of LegacyResources In-Reply-To: <20070726004235.GB83329@ussenterprise.ufp.org> References: <46A65981.90004@arin.net><3c3e3fca0707251400w52035d94q878218db8f2ac6d3@mail.gmail.com> <20070726004235.GB83329@ussenterprise.ufp.org> Message-ID: > Mutual consideration. The requester obtains address space > they can use, that part is clear. What of value goes in the > other direction. > It surely wasn't money in the early days. My understanding is that "consideration" means money, or something that has monetary value such as shares, gold, a car with resale value. If there was no consideration, then there is no contract. This is the reason why, during World War II, a large number of businessmen offered their services to the government for a dollar a day. The payment was required in order to have an enforceable contract with these dollar-a-day men. This is why I don't believe that legacy holders have any right to the addresses which they hold unless they can meet ARIN's current rules for justification of address space. And as we get closer to the IPv4 exhaustion point, this will become very important. Imagine that ARIN denies a new allocation to a member who has complied with ARIN rules for years. The request is denied because ARIN has just run out of addresses. However, there are still many legacy blocks whose holders have never justified their use. The disgruntled ARIN member decides to sue ARIN and points out to the courts that ARIN is materially damaging their business and is refusing to allocate address blocks which have never been reviewed and justified with ARIN. I suspect that the courts will side, more or less, with the member who has worked with the rules over many years, and against the legacy holder who has never shown any justification for holding their allocation. --Michael Dillon From michael.dillon at bt.com Thu Jul 26 05:27:19 2007 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Thu, 26 Jul 2007 10:27:19 +0100 Subject: [ppml] Soliciting comments: IPv4 to IPv6 fast migration In-Reply-To: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com> References: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com> Message-ID: > Following your comments and some helpful off-list discussion, > I've prepared a replacement for last month's "IPv4 to IPv6 > Migration Incentive Address Space" proposal. With some mild > tweaks to the existing 6to4 protocol, it seeks to address > four problems ARIN faces: Huh? I quote from your document: ARIN shall recommend that all native IPv6 providers implement a 6to4 encapsulating router and a 2002::/16 route within their networks. What business is it of ARIN to dictate operational details to ISPs? This is not within ARIN's charter. Not to mention the fact that *NOBODY* has the right to dictate what technology will be used to transition to IPv6. There is a whole smorgasbord of technologies defined by the IETF because everybody's needs are different. Not all IP internetworks are connected to either the IPv4 Internet or the IPv6 Internet. One size does *NOT* fit all. This is a total waste of ARIN's time. If you want to discuss transition best practices, then I suggest that you do it at a NANOG meeting or else organize your own forum for this such as MAAWG has done for their special interest area. --Michael Dillon From Keith at jcc.com Thu Jul 26 07:03:48 2007 From: Keith at jcc.com (Keith W. Hare) Date: Thu, 26 Jul 2007 07:03:48 -0400 Subject: [ppml] Policy Proposal 2007-15: Authentication ofLegacyResources Message-ID: > -----Original Message----- > From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On > Behalf Of michael.dillon at bt.com > Sent: Thursday, July 26, 2007 5:18 AM > To: ppml at arin.net > Subject: Re: [ppml] Policy Proposal 2007-15: Authentication > ofLegacyResources > >... > > This is why I don't believe that legacy holders have any right to the > addresses which they hold unless they can meet ARIN's current > rules for > justification of address space. And as we get closer to the IPv4 > exhaustion point, this will become very important. > ARIN could spend a lot of time, energy, and good will arguing whether or not the information exchanged between legacy address holders and whoever was allocating addresses is a contract that binds ARIN. Or ARIN could create a policy that incorporates legacy address holders into the ARIN process while preserving the expressed or implied rights under the rules that existed when legacy address holders were assigned addresses 15 years ago. Which would be more constructive? Keith ______________________________________________________________ Keith W. Hare JCC Consulting, Inc. keith at jcc.com 600 Newark Road Phone: 740-587-0157 P.O. Box 381 Fax: 740-587-0163 Granville, Ohio 43023 http://www.jcc.com USA ______________________________________________________________ From michael.dillon at bt.com Thu Jul 26 07:53:55 2007 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Thu, 26 Jul 2007 12:53:55 +0100 Subject: [ppml] Policy Proposal 2007-15: Authentication ofLegacyResources In-Reply-To: References: Message-ID: > ARIN could spend a lot of time, energy, and good will arguing > whether or > not the information exchanged between legacy address holders > and whoever > was allocating addresses is a contract that binds ARIN. > > Or ARIN could create a policy that incorporates legacy address holders > into the ARIN process while preserving the expressed or implied rights > under the rules that existed when legacy address holders were assigned > addresses 15 years ago. > > Which would be more constructive? It's not such a simplistic either-or decision. Several people are bullying ARIN into creating special rights for legacy address holders based on the fear that legacy holders could win lawsuits against ARIN. I'm pointing out, that not only is the legal position of legacy holders weak, but there are other organizations waiting in the wings who can also launch lawsuits. While I don't believe fear of lawsuits is a good motive to make policy, I do think that whenever policy is being made that people need to look at the big picture. And today, the big picture is in the future not in the past. Rather than spending so much effort on enshrining special status that some people are claiming was given to them 15 years ago, we should be looking at how to deal with the very real and imminent problem of IPv4 address exhaustion. It is a complex issue that will hurt some organizations no matter what ARIN does. But we can make policy in such a way as to 1) minimize the damage and 2) spread the pain. Spreading the pain, means that ARIN must force legacy holders to provide justification for their entire allocation/assignment under current ARIN rules, or reclaim those addresses for those organizations who can justfify their requirement. Yes, this is robbing Peter to pay Paul, but when the endgame for IPv4 happens, Paul will be happy to receive a slightly worn set of addresses rather than nothing at all. And Peter, if he really needs the addresses, has nothing to fear. Anyone who does not want to see this scenario come to pass, should become an IPv6 evangelist within their company and their industry. If enough infrastructure shifts to IPv6, then the demand on IPv4 can be reduced to the point where we will never run out of IPv4 addresses. There is no grand master plan that will make this happen. There is no organization that will tell us how to do this. There are no experts whose opinions can be trusted to point the way through the murk. We each have to educate ourselves on IPv6, study our own company's strengths and weaknesses, and then navigate a path forward. The issue has not really hit the press yet, but it will soon. When it does, the non-technical people who make buy-sell decisions on the stock markets, will drive the debate. They are not concerned with technical details; they just want to know that the CEOs and management teams of publicly traded companies have control of the situation and have a real plan to navigate the business through the IPv4 endgame either unscathed, or reaping great profits. The killer application of IPv6 is that it will cause CEOs to sink or swim when the IPv4 endgame tsunami hits us. This could be sooner than you think. Large ISPs do not go to the RIRs as frequently as you imagine. And when they do, they receive very large chunks of space. Go to http://www.apnic.net and type in 126 for the whois search. An entire /8 to one company. A few more such requests and the rest of the IPv4 space will quickly be allocated. In addition, there are several companies who are known to be running out of RFC 1918 space in their internal networks. They will be applying for large blocks of registered IP addresses to continue growing their internal infrastructure. We really need to spend more time and energy looking at the future, particularly the IPv4 endgame, and less time worrying about the hurt feelings of a few people who are hoarding legacy address allocations that they have no technical justification for. --Michael Dillon From leo.vegoda at icann.org Thu Jul 26 08:12:52 2007 From: leo.vegoda at icann.org (Leo Vegoda) Date: Thu, 26 Jul 2007 14:12:52 +0200 Subject: [ppml] Policy Proposal: Global Policy for the Allocation of the Remaining IPv4 Address Space In-Reply-To: <46A7B9AC.1050604@ca.afilias.info> References: <20070725155653.26459.qmail@hoster908.com> <3c3e3fca0707250934t37cea6c6mc3e6e78fe5876733@mail.gmail.com> <46A78184.8030905@ca.afilias.info> <1195746E-FADB-49DC-B6FB-DFB4AAB80FBB@icann.org> <46A7B351.2020301@ca.afilias.info> <20E00262-E62E-4B18-8BC1-530DF32935EB@icann.org> <46A7B9AC.1050604@ca.afilias.info> Message-ID: <78427CD7-7875-4B1D-A125-615E1FE8E96D@icann.org> On 25 Jul 2007, at 22:59, Brian Dickson wrote: [...] >>> If collectively the RIRs are about to hit the exhaustion of IPv4 >>> space >>> "wall", then the presumption is more frequent and smaller >>> allocations >>> make it possible to continue to serve up *something*, rather than >>> having >>> no more space. >> >> Would you suggest limiting ISPs to some percentage of the amount they >> requested, or would the RIR be free to return to the IANA for an >> additional block straight away, allowing them to fulfil the >> request in >> a piecemeal fashion? > > I'd expect (suggest) that the RIR's track their customer usage > rate, and > adjust the customer request time window to match their own available > space vs run rate. If an RIR was getting space that satisfied only 3 > months of run-rate, I'd hope they turn around and specify to their > customers that requests would be for 3 months of usage. Ignoring the issues with reliably predicting short term needs in a situation where a run on the bank is likely, changing the policy so that an RIR allocates for an ISP's three month - or six week - needs rather than six month needs just increases the administrative burden to both the RIR and the ISP. I'm not convinced that finer granularity in allocations helps solve a problem. It is quite likely to add extra, unnecessary routes to those ISPs, though. Regards, Leo Vegoda From MOHLER at graceland.edu Thu Jul 26 10:08:24 2007 From: MOHLER at graceland.edu (Dave Mohler) Date: Thu, 26 Jul 2007 09:08:24 -0500 Subject: [ppml] Policy Proposal 2007-14: Resource Review Process In-Reply-To: <46A65965.6070108@arin.net> Message-ID: I understand the goals of this policy. My concern is that the policy, as worded, obscures the nature of the communication of "the results of the review to the organization" (paragraph 3). It seems to me that that communication actually constitutes notice of a _requirement_ to return to ARIN a set of resources which would bring the organization into compliance with a deadline of no less than six months. Specifically, the phrase "voluntarily return" in paragraph 5 implies to me a decision solely on the part of the organization to bring themselves into compliance. The policy actually _requires_ the return of these resources; the organization simply has up until this deadline to return (or demonstrate to ARIN that they are "working in good faith" to return) the required amount resources according to a plan the organization devises before ARIN revokes the resources. Is there some way to word paragraph 3 to clearly communicate this expectation to those reading the policy and to remove the ambiguity that I see caused by the inclusion of the phrase "voluntarily return" in paragraph 5? David A. Mohler Senior Network Specialist Graceland University > > Policy Proposal 2007-14 > Resource Review Process > > Author: Owen DeLong, Stephen Sprunk > > 3. ARIN shall communicate the > results of the review to the organization. > > 4. If the review shows that existing usage is substantially not in > compliance with current allocation and/or assignment policies, the > organization shall return resources as needed to bring them > substantially into compliance. If possible, only whole resources shall > be returned. Partial address blocks shall be returned in such a way that > the portion retained will comprise a single aggregate block. > > 5. If the organization does not voluntarily return resources as > required, ARIN may revoke any resources issued by ARIN as required to > bring the organization into overall compliance. ARIN shall follow the > same guidelines for revocation that are required for voluntary return in > the previous paragraph. > > 6. Except in cases of fraud, an organization shall be given a minimum of > six months to effect a return. ARIN shall negotiate a longer term with > the organization if ARIN believes the organization is working in good > faith to substantially restore compliance and has a valid need for > additional time to renumber out of the affected blocks. > > 7. ARIN shall continue to maintain the resource(s) while their return or > revocation is pending, except no new maintenance fees shall be assessed > for the resource(s). > > 8. Legacy resources in active use, regardless of utilization, are not > subject to revocation by ARIN. However, the utilization of legacy > resources shall be considered during a review to assess overall compliance. > > Delete NRPM sections 4.1.2, 4.1.3, 4.1.4 > > Remove the sentence "In extreme cases, existing allocations may be > affected." from NRPM section 4.2.3.1. > Policy Rationale > > Rationale: ARIN feels that current policy does not give them the power > to review or reclaim resources except in cases of fraud, despite this > being mentioned in the Registration Services Agreement. This policy > proposal provides clear policy authority to do so, guidelines for how > and under what conditions it shall be done, and a guarantee of a > (minimum) six-month grace period so that the current user shall have > time to renumber out of any resources to be reclaimed. > > The nature of the "review" is to be of the same form as is currently > done when an organization requests new resources, i.e. the documentation > required and standards should be the same. > > The renumbering period does not affect any "hold" period that ARIN may > apply after return or revocation of resources is complete. > > The deleted sections/text would be redundant with the adoption of this > proposal. > > Timetable for implementation: Immediate > > _______________________________________________ > This message sent to you through the ARIN Public Policy Mailing List > (PPML at arin.net). > Manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml From stephen at sprunk.org Thu Jul 26 10:26:40 2007 From: stephen at sprunk.org (Stephen Sprunk) Date: Thu, 26 Jul 2007 09:26:40 -0500 Subject: [ppml] Policy Proposal 2007-15: Authentication ofLegacyResources References: <46A65981.90004@arin.net><3c3e3fca0707251400w52035d94q878218db8f2ac6d3@mail.gmail.com><20070726004235.GB83329@ussenterprise.ufp.org> Message-ID: <004e01c7cf91$3f2c3da0$513816ac@atlanta.polycom.com> Thus spake > The disgruntled ARIN member decides to sue ARIN and points > out to the courts that ARIN is materially damaging their business > and is refusing to allocate address blocks which have never > been reviewed and justified with ARIN. I suspect that the courts > will side, more or less, with the member who has worked with > the rules over many years, and against the legacy holder who > has never shown any justification for holding their allocation. It's up to counsel to consider the legal exposure that policy (or proposals) creates and raise those issues with the BoT. The BoT is obligated to take action to keep ARIN safe. The rest of us have been told to create policy that makes sense for the community as if there were no legal ramifications. If there are, counsel will tell us, and we (or, worst case, the BoT) can react to that competent advice. There is little sense in us acting as armchair lawyers when ARIN employs counsel to keep us out of trouble. S Stephen Sprunk "Those people who think they know everything CCIE #3723 are a great annoyance to those of us who do." K5SSS --Isaac Asimov From woody at pch.net Thu Jul 26 10:44:27 2007 From: woody at pch.net (Bill Woodcock) Date: Thu, 26 Jul 2007 07:44:27 -0700 (PDT) Subject: [ppml] Policy Proposal 2007-15: Authentication ofLegacyResources In-Reply-To: <004e01c7cf91$3f2c3da0$513816ac@atlanta.polycom.com> References: <46A65981.90004@arin.net><3c3e3fca0707251400w52035d94q878218db8f2ac6d3@mail.gmail.com><20070726004235.GB83329@ussenterprise.ufp.org> <004e01c7cf91$3f2c3da0$513816ac@atlanta.polycom.com> Message-ID: On Thu, 26 Jul 2007, Stephen Sprunk wrote: > It's up to counsel to consider the legal exposure that policy (or proposals) > creates and raise those issues with the BoT. The BoT is obligated to take > action to keep ARIN safe. The rest of us have been told to create policy > that makes sense for the community as if there were no legal ramifications. > If there are, counsel will tell us, and we (or, worst case, the BoT) can > react to that competent advice. There is little sense in us acting as > armchair lawyers when ARIN employs counsel to keep us out of trouble. I would second this. Our present counsel is particularly good at this, and has given us (both the membership at large and the BoT specifically) a heck of a lot of really good advice. If we need it, he'll tell us so. We don't need to second-guess him on that, or try to do a half-assed job of his job, to save him work. We've got some really pressing policy issues before us right now, as we run to the end of the IPv4 space, so we really do need all of you participating as actively as you can in the policy-formation process. We have very little time remaining, so any substantive policy changes that you do want to see happen need to be proposed and debated and dealt with _at our next meeting_. We also need you to be thinking about the implications and potential repercussions of the policies that are being bandied about in other regions, and those that are being proposed as global policies. As we run to the end of the v4 space, it would probably be wise to coordinate with other regions, to avoid too much gaming of policies, runs-on-the-bank, et cetera; at the same time, other regions may pass policies without the benefit of our experience, which we already know wouldn't work here. So look at them carefully, talk about what they mean, on the list, and be prepared for vigorous debate at the meeting in Albuquerque. -Bill From dean at av8.com Thu Jul 26 11:07:00 2007 From: dean at av8.com (Dean Anderson) Date: Thu, 26 Jul 2007 11:07:00 -0400 (EDT) Subject: [ppml] Dean Anderson, 130.105.0.0/16 and the future of the IPv4 Internet.] In-Reply-To: Message-ID: On Thu, 26 Jul 2007 michael.dillon at bt.com wrote: > > > Vixie et al told people it had > > no effect on the wire protocol, and that no implementations > > had to change. > > Wire protocols? > > > MAPS seems pretty well funded, and you seem pretty well funded. Both > > MAPS and Vixie provided attorneys in the case. And I _think_ > > one has to > > dispute facts before one can do discovery for anything. > > Attorneys? Discovery? > > Why on earth is this discussion still on the public policy list? > > What do we need to do to get ARIN to clean up this mess? 1. Get honest and reliable ARIN board members. 2. Adopt a policy requiring honest and reliable ARIN board members. 3. Alter the procedure to remove board members. I have been in discussion with Lee Howard, and there is no way to remove Vixie before October, about when his term expires. --Dean -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000 From owen at delong.com Thu Jul 26 11:22:40 2007 From: owen at delong.com (Owen DeLong) Date: Thu, 26 Jul 2007 08:22:40 -0700 Subject: [ppml] Policy Proposal 2007-15: Authentication of LegacyResources In-Reply-To: References: <46A65981.90004@arin.net><3c3e3fca0707251400w52035d94q878218db8f2ac6d3@mail.gmail.com> <20070726004235.GB83329@ussenterprise.ufp.org> Message-ID: <5BCCE42A-ACBA-4512-A2C2-3F0181E32C6A@delong.com> > Imagine that ARIN denies a new allocation to a member who has complied > with ARIN rules for years. The request is denied because ARIN has just > run out of addresses. However, there are still many legacy blocks > whose > holders have never justified their use. The disgruntled ARIN member > decides to sue ARIN and points out to the courts that ARIN is > materially > damaging their business and is refusing to allocate address blocks > which > have never been reviewed and justified with ARIN. I suspect that the > courts will side, more or less, with the member who has worked with > the > rules over many years, and against the legacy holder who has never > shown > any justification for holding their allocation. > The fallacy in your argument, Michael, is that there are many legitimate blocks which ARIN has never reviewed. For example, all of those issued by RIPE, APNIC, AfriNIC, and LACNIC. ARIN is merely a custodian of records for the legacy blocks in the ARIN region. ARIN does not have any more authority to issue those addresses until they are returned that ARIN does to issue addresses out of ranges delegated to other RIRs. Owen From dlw+arin at tellme.com Thu Jul 26 11:23:49 2007 From: dlw+arin at tellme.com (David Williamson) Date: Thu, 26 Jul 2007 08:23:49 -0700 Subject: [ppml] Dean Anderson, 130.105.0.0/16 and the future of the IPv4 Internet.] In-Reply-To: References: Message-ID: <20070726152349.GL24890@shell01.corp.tellme.com> On Thu, Jul 26, 2007 at 11:07:00AM -0400, Dean Anderson wrote: > 3. Alter the procedure to remove board members. I have been in > discussion with Lee Howard, and there is no way to remove Vixie before > October, about when his term expires. Very well...this gives you two choices. Either wait for his term to expire and lobby for him to be replaced by someone else, or start the removal process. You won't get Mr. Vixie removed any faster unless you convince him to step down, which I see as very unlikely. In the meantime, I think we all very clearly understand your position with regard to Mr. Vixie. As near as I can tell, you see him as a source of great evil. Based on the fact he was elected to this position, a large number of the ARIN membership do not agree...unless you wish to also propose that the ballot box was stuffed. In any case, we continue to be extremely clear on your point of view. Can you *please* refrain yourself from sharing that point of view on the public policy mailing list? It's hard enough to keep up on some of the znier points of view on the various v6 proposals (which have become plentiful enough to require a scorecard to keep separate) without additional useless chatter on this list. Seriously, please take it somewhere else. The bickering is doing nothing good for this list, and is probably forcing some people to start simply ignoring the entire list, which is a shame. As Bill Woodcock pointed out, we have to get some of the v6 decisions made at the next meeting, and people's input is required now. In case I haven't been clear enough in my request - and I really hope I have been at this point - please stop posting to ppml unless you are discussing one of the policy proposals that is on the table, or wish to propose one yourself. Thanks. -David From steveb at eagle.ca Thu Jul 26 11:46:43 2007 From: steveb at eagle.ca (Steve Bertrand) Date: Thu, 26 Jul 2007 11:46:43 -0400 Subject: [ppml] Policy Proposal 2007-15: Authentication of LegacyResources In-Reply-To: References: <46A65981.90004@arin.net><3c3e3fca0707251400w52035d94q878218db8f2ac6d3@mail.gmail.com> <20070726004235.GB83329@ussenterprise.ufp.org> Message-ID: <46A8C1E3.70807@eagle.ca> > This is why I don't believe that legacy holders have any right to the > addresses which they hold unless they can meet ARIN's current rules for > justification of address space. And as we get closer to the IPv4 > exhaustion point, this will become very important. I don't technically agree with this. AFAICT, ARIN has about as much right to the legacy holder's IP address space as the legacy holder does. Trying to coerce legacy holders to give rights over for what they have had before ARIN existed via bullying and threats is unacceptable. Even speaking of it will push legacy holders farther away to ever wanting to hear any positive methods laid out in the future. > Imagine that ARIN denies a new allocation to a member who has complied > with ARIN rules for years. The request is denied because ARIN has just > run out of addresses. However, there are still many legacy blocks whose > holders have never justified their use. The disgruntled ARIN member > decides to sue ARIN and points out to the courts that ARIN is materially > damaging their business and is refusing to allocate address blocks which > have never been reviewed and justified with ARIN. I suspect that the > courts will side, more or less, with the member who has worked with the > rules over many years, and against the legacy holder who has never shown > any justification for holding their allocation. I would think that some form of grandfather clause may come into play here, but IANAL. If you found $1M in the street and claimed it as your own, I would suspect no court on earth would make you give me any of it if I sued you because I have undue hardship, and can't pay my bills. Just because 'he has more than me but doesn't use it', doesn't afford me the right to take what isn't mine. The following two statements essentially are equivalent, however, I would stop reading and cringe in anger at the first, and be more apt to continue reading with the second: "we will pull your rDNS records if you don't sign this RSA" "by signing this RSA, we can assure you that your continued use of your IP space will remain functional with no future unforseen operational failure (rDNS removal etc)". Steve From arin-contact at dirtside.com Thu Jul 26 12:02:25 2007 From: arin-contact at dirtside.com (William Herrin) Date: Thu, 26 Jul 2007 12:02:25 -0400 Subject: [ppml] Soliciting comments: IPv4 to IPv6 fast migration In-Reply-To: <77053E98-C998-4094-8970-C6213947B4A6@delong.com> References: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com> <3c3e3fca0707251542p5ba313f4w72457acb65fc4db5@mail.gmail.com> <77053E98-C998-4094-8970-C6213947B4A6@delong.com> Message-ID: <3c3e3fca0707260902o345d6127xbb3c0893912d1bc8@mail.gmail.com> On 7/25/07, Owen DeLong wrote: > I have some comments on the proposal as follows: > 1. It is very unnecessarily complex. Here's the simple solution which stays strictly within ARIN's purview as the resource steward: http://bill.herrin.us/arin-policy-proposal-simple.html If you don't like the simple answer, I implore you to give the complex answer a fair shake. Regards, Bill Herrin -- William D. Herrin herrin at dirtside.com bill at herrin.us 3005 Crane Dr. Web: Falls Church, VA 22042-3004 From leroy at emailsorting.com Thu Jul 26 12:02:59 2007 From: leroy at emailsorting.com (Leroy Ladyzhensky) Date: Thu, 26 Jul 2007 12:02:59 -0400 Subject: [ppml] Dean Anderson, 130.105.0.0/16 and the future of the IPv4 Internet.] References: <20070726152349.GL24890@shell01.corp.tellme.com> Message-ID: <009d01c7cf9e$704a7a20$20c8a8c0@integrated.net> very well put... and I agree ----- Original Message ----- From: "David Williamson" To: "Dean Anderson" Cc: Sent: Thursday, July 26, 2007 11:23 AM Subject: Re: [ppml] Dean Anderson,130.105.0.0/16 and the future of the IPv4 Internet.] > On Thu, Jul 26, 2007 at 11:07:00AM -0400, Dean Anderson wrote: >> 3. Alter the procedure to remove board members. I have been in >> discussion with Lee Howard, and there is no way to remove Vixie before >> October, about when his term expires. > > Very well...this gives you two choices. Either wait for his term to > expire and lobby for him to be replaced by someone else, or start the > removal process. You won't get Mr. Vixie removed any faster unless you > convince him to step down, which I see as very unlikely. > > In the meantime, I think we all very clearly understand your position > with regard to Mr. Vixie. As near as I can tell, you see him as a > source of great evil. Based on the fact he was elected to this > position, a large number of the ARIN membership do not agree...unless > you wish to also propose that the ballot box was stuffed. > > In any case, we continue to be extremely clear on your point of view. > Can you *please* refrain yourself from sharing that point of view on > the public policy mailing list? It's hard enough to keep up on some of > the znier points of view on the various v6 proposals (which have become > plentiful enough to require a scorecard to keep separate) without > additional useless chatter on this list. > > Seriously, please take it somewhere else. The bickering is doing > nothing good for this list, and is probably forcing some people to > start simply ignoring the entire list, which is a shame. As Bill > Woodcock pointed out, we have to get some of the v6 decisions made at > the next meeting, and people's input is required now. > > In case I haven't been clear enough in my request - and I really hope I > have been at this point - please stop posting to ppml unless you are > discussing one of the policy proposals that is on the table, or wish to > propose one yourself. > > Thanks. > > -David > _______________________________________________ > This message sent to you through the ARIN Public Policy Mailing List > (PPML at arin.net). > Manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml > From arin-contact at dirtside.com Thu Jul 26 12:22:57 2007 From: arin-contact at dirtside.com (William Herrin) Date: Thu, 26 Jul 2007 12:22:57 -0400 Subject: [ppml] Policy Proposal 2007-15: Authentication of LegacyResources In-Reply-To: <46A8C1E3.70807@eagle.ca> References: <46A65981.90004@arin.net> <3c3e3fca0707251400w52035d94q878218db8f2ac6d3@mail.gmail.com> <20070726004235.GB83329@ussenterprise.ufp.org> <46A8C1E3.70807@eagle.ca> Message-ID: <3c3e3fca0707260922m27550397v39ab5b9dd2f1b1b4@mail.gmail.com> On 7/26/07, Steve Bertrand wrote: > The following two statements essentially are equivalent, however, I > would stop reading and cringe in anger at the first, and be more apt to > continue reading with the second: > > "we will pull your rDNS records if you don't sign this RSA" > > "by signing this RSA, we can assure you that your continued use of your > IP space will remain functional with no future unforseen operational > failure (rDNS removal etc)". Steve, The second version is what's known as a "protection racket." In exchange for money, we agree to protect you from the harm we would otherwise cause. My friend Frankie here really wants to shoot something with his new gun, but if you pay me $100 I'll protect you from him. I oppose this proposal, but at least its honest about what its doing. Regards, Bill Herrin -- William D. Herrin herrin at dirtside.com bill at herrin.us 3005 Crane Dr. Web: Falls Church, VA 22042-3004 From MOHLER at graceland.edu Thu Jul 26 13:09:36 2007 From: MOHLER at graceland.edu (Dave Mohler) Date: Thu, 26 Jul 2007 12:09:36 -0500 Subject: [ppml] Policy Proposal 2007-15: Authentication ofLegacyResources In-Reply-To: <004e01c7cf91$3f2c3da0$513816ac@atlanta.polycom.com> Message-ID: I appreciate Stephen's suggestion about the use of counsel for advice for the legality of proposed policies. I also appreciate Steve Bertrand's expression that policies and actions that can be perceived as "bullying and threats" are unacceptable. There is a wide range of things that can be done legally with policy. We have an obligation as participants in this open policy formation process to help develop a consensus of what is fair and ethical, as well as what meets the needs of both individuals and the Internet community as a whole. My opinion is that this policy proposal puts too much emphasis on authorizing the "stick" approach before the "carrot" approach has received any significant attention and effort. David A. Mohler Senior Network Specialist Graceland University > -----Original Message----- > From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On Behalf Of > Stephen Sprunk > Sent: Thursday, July 26, 2007 9:27 AM > To: michael.dillon at bt.com; ppml at arin.net > Subject: Re: [ppml] Policy Proposal 2007-15: Authentication > ofLegacyResources > > Thus spake > > The disgruntled ARIN member decides to sue ARIN and points > > out to the courts that ARIN is materially damaging their business > > and is refusing to allocate address blocks which have never > > been reviewed and justified with ARIN. I suspect that the courts > > will side, more or less, with the member who has worked with > > the rules over many years, and against the legacy holder who > > has never shown any justification for holding their allocation. > > It's up to counsel to consider the legal exposure that policy (or > proposals) > creates and raise those issues with the BoT. The BoT is obligated to take > action to keep ARIN safe. The rest of us have been told to create policy > that makes sense for the community as if there were no legal ramifications. > If there are, counsel will tell us, and we (or, worst case, the BoT) can > react to that competent advice. There is little sense in us acting as > armchair lawyers when ARIN employs counsel to keep us out of trouble. > > S > > Stephen Sprunk "Those people who think they know everything > CCIE #3723 are a great annoyance to those of us who do." > K5SSS --Isaac Asimov > > > _______________________________________________ > This message sent to you through the ARIN Public Policy Mailing List > (PPML at arin.net). > Manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml From dean at av8.com Thu Jul 26 13:44:28 2007 From: dean at av8.com (Dean Anderson) Date: Thu, 26 Jul 2007 13:44:28 -0400 (EDT) Subject: [ppml] Dean Anderson, 130.105.0.0/16 and the future of the IPv4 Internet.] In-Reply-To: <20070726152349.GL24890@shell01.corp.tellme.com> Message-ID: Two messages, each in turn. On Thu, 26 Jul 2007, David Williamson wrote: > On Thu, Jul 26, 2007 at 11:07:00AM -0400, Dean Anderson wrote: > > 3. Alter the procedure to remove board members. I have been in > > discussion with Lee Howard, and there is no way to remove Vixie before > > October, about when his term expires. > > Very well...this gives you two choices. Either wait for his term to > expire and lobby for him to be replaced by someone else, or start the > removal process. You won't get Mr. Vixie removed any faster unless you > convince him to step down, which I see as very unlikely. Yes. There are two choices for Vixie in particular.. However, there is also the question of removing a Board Member for misconduct in less than 4 months. It takes less time to impeach the president of the United States, or a Federal Judge. But, it does appear that in no case can we remove _Vixie_ in less than 4 months. We can, however, make policy so that Board Members can be more quickly removed in the future for misconduct. I think this is the most sensible path forward related to policy. I think there is also a policy issue in the subject of slander of IP Address Registrations maintained by ARIN. So there are two policy issues to be worked. I'll try to refocus my efforts into the form of policy proposals. On Thu, 26 Jul 2007, Joel M Snyder wrote: > > 3. Alter the procedure to remove board members. I have been in > > discussion with Lee Howard, and there is no way to remove Vixie > > before October, about when his term expires. > > Well, given that he's a bright guy, understands the reality of the > Internet, isn't a total crackpot, and brings a couple of decades of > wisdom to the whole picture, I'm not sure why the ARIN community would > want to... Smart has nothing to do with it. Scooter Libby was a smart guy, too. Bill Clinton was a smart guy. Bernie Ebbers was a smart guy. Most people consider lying to be a serious offense. If we restrict ourselves to the deceptions given on the PPML list, then we have Vixie lying about SORBS: > > > ISC does not host SORBS. This statement is just like Clinton saying he didn't have sex with that girl. Then we have these facts, contrary to Vixie's statements: > > http://www.iadl.org/bm/bill-manning-story.html > > > > 204.152.186.189 still resolves to www.dnsbl.us.sorbs.net. This is quite like Lewinski's stained dress. After the stained dress came to light, Clinton stopped claiming he didn't have sex with Lewinsky. By contrast, Vixie is still denying providing services to SORBS. Then we also have a slew of statements like the one about Mitch Halmu saying that Vixie caused 9/11. Vixie's statement is untrue. Vixie's statement is not an exaggeration, its a falsehood, a lie. Its misconduct because it comes from an ARIN board member on the ARIN Public Policy Mailing List. And we just seen a message from Vixie, on a serious list, on a serious topic, in a serious role as ARIN Board Member, slandering my sanity. This is also misconduct, and also has legal implications for ARIN. I think its obviously bad public policy to have ARIN officials lying on ARIN lists. --Dean -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000 From steveb at eagle.ca Thu Jul 26 14:48:23 2007 From: steveb at eagle.ca (Steve Bertrand) Date: Thu, 26 Jul 2007 14:48:23 -0400 Subject: [ppml] Policy Proposal 2007-15: Authentication ofLegacyResources In-Reply-To: References: Message-ID: <46A8EC77.1050504@eagle.ca> > There is a wide range of things that can be done legally with policy. > We have an obligation as participants in this open policy formation > process to help develop a consensus of what is fair and ethical, as well > as what meets the needs of both individuals and the Internet community > as a whole. > > My opinion is that this policy proposal puts too much emphasis on > authorizing the "stick" approach before the "carrot" approach has > received any significant attention and effort. I haven't been on this list all that long, and furthermore, this is the first day I've actually had any input into it. I'd like to know if there is a loosely-knit general consensus on what the 'carrot' approach is, only because most of the discussions I've followed follow general 'punish first' and 'contempt prior to investigation' type attitudes. Also (OT, I don't know where else to post this), it would be interesting to know an approximation of how many ARIN IPv4 holders on this list helping develop proposals/policies are actually utilizing IPv6 space, and to what extent they use it. We (small independent ISP) have a /21 (from ARIN), and I have only begun to dabble with v6. I wish I had the time and resources to getting up to speed on how IPv6 works as well as I know how v4 hangs together. There is nothing more I'd like to get all of my core infrastructure internally and up to our upstreams IPv6 enabled, and even provide our end-users the option to connect to us via v6 as well. However, time and personnel are a huge hurdle for us. Almost all of my core infrastructure equipment is already capable of v6. Steve From paul at vix.com Thu Jul 26 15:19:11 2007 From: paul at vix.com (Paul Vixie) Date: Thu, 26 Jul 2007 19:19:11 +0000 Subject: [ppml] Policy Proposal 2007-15: Authentication ofLegacyResources In-Reply-To: Your message of "Thu, 26 Jul 2007 14:48:23 -0400." <46A8EC77.1050504@eagle.ca> References: <46A8EC77.1050504@eagle.ca> Message-ID: <35731.1185477551@sa.vix.com> > From: Steve Bertrand ... > We (small independent ISP) have a /21 (from ARIN), and I have only begun > to dabble with v6. I wish I had the time and resources to getting up to > speed on how IPv6 works as well as I know how v4 hangs together. > > There is nothing more I'd like to get all of my core infrastructure > internally and up to our upstreams IPv6 enabled, and even provide our > end-users the option to connect to us via v6 as well. However, time and > personnel are a huge hurdle for us. Almost all of my core infrastructure > equipment is already capable of v6. > ... steve, i am sensitive to the need to keep the lights on and the paychecks coming. however, it's important to keep in mind for planning purposes that the long term outlook for IPv4 is quite grim. within a couple of years, IANA will have no more space to give ARIN and the other RIRs, and shortly after that moment, ARIN and the other RIRs will have no more space to give ISPs and LIRs. the common name for this is "IPv4 pool depletion" and there is no controversy or disagreement as to the inevitability of that depletion. depletion could herald some kind of market-driven era, according to RFC 1744 and recent comments here and elsewhere by randy bush and others. but with or without a market, depletion will usher in a steady state IPv4 economy where no new resources are available. perhaps you won't need to grow the number of connected devices in your network in order to grow revenue, but i think you probably will need to grow, and i also think that everybody that your customers will want to connect to will need to grow, and that no matter what the steady state IPv4 world looks like, it will not be able to grow the number of connected devices. the only way i know of to grow the number of connected internet devices after IPv4 pool depletion, is IPv6. maybe a lot more folks will turn to IPv4 NAT, but that won't answer the need for growth. maybe the global IPv4 routing table won't explode (somehow) but i don't see a way to prevent that in a steady state universe, since entropy always increases. maybe a market will stabilize everything including routing table entropy, but i don't see it. so, by all means, please keep your lights on and your paychecks coming. but don't forget that your business will absolutely suffer during and after the depletion of the IPv4 pool, unless you find a way to do parallel development on IPv6 technology. that's where all growth will occur after a few short years. don't cut yourself out of it, or you may find yourself on the wayside. paul vixie From davids at webmaster.com Thu Jul 26 15:30:21 2007 From: davids at webmaster.com (David Schwartz) Date: Thu, 26 Jul 2007 12:30:21 -0700 Subject: [ppml] Policy Proposal 2007-15: Authentication ofLegacyResources In-Reply-To: Message-ID: > My understanding is that "consideration" means money, or something that > has monetary value such as shares, gold, a car with resale value. If > there was no consideration, then there is no contract. > > This is the reason why, during World War II, a large number of > businessmen offered their services to the government for a dollar a day. > The payment was required in order to have an enforceable contract with > these dollar-a-day men. > > This is why I don't believe that legacy holders have any right to the > addresses which they hold unless they can meet ARIN's current rules for > justification of address space. And as we get closer to the IPv4 > exhaustion point, this will become very important. I am not a lawyer, and I don't know nearly enough to tell you how it would work out. But I'm pretty sure the issues that are being discussed here are not the ones that would actually be involved in any such suit. The issues would largely be the terms of the contracts by which ARIN gets its authority, whether ARIN is in compliance with those contracts, and whether or not the legacy holders are intended third-party beneficiaries of those contracts with legal standing to enforce or enjoin ARIN's performance. DS From michael.dillon at bt.com Thu Jul 26 16:24:59 2007 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Thu, 26 Jul 2007 21:24:59 +0100 Subject: [ppml] Soliciting comments: IPv4 to IPv6 fast migration In-Reply-To: <3c3e3fca0707260902o345d6127xbb3c0893912d1bc8@mail.gmail.com> References: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com><3c3e3fca0707251542p5ba313f4w72457acb65fc4db5@mail.gmail.com><77053E98-C998-4094-8970-C6213947B4A6@delong.com> <3c3e3fca0707260902o345d6127xbb3c0893912d1bc8@mail.gmail.com> Message-ID: > Here's the simple solution which stays strictly within ARIN's > purview as the resource steward: > > http://bill.herrin.us/arin-policy-proposal-simple.html More complexities... You wrote: ARIN shall immediately waive the host count count requirement for applicants seeking IPv6 end-user assignments. All other requirements for assignment remain in full effect. Waivers are bad things to have in policy. It's like the sword of Damocles because you know that the waiver could end at any time. Policy should be clear and simple. It should not have a waiver in it. Host counts do not exist in the IPv6 policy as far as I am aware. This reference seems to refer to the requirement for allocations of /48 to 200 sites in the ISP allocation policy. Yet you refer to the end user assignment policy which has no such requirement and nothing else that I can see which looks like a host count. Policies should never say that all the rest of the policy still applies. If you can't make your special case clear in and of itself, then there is something wrong with the whole section of policy and it needs to be restructured and rewritten. Please stop suggesting these overly vague and general policies. We have some serious policy issues that need to be on the agenda in Albuquerque if we want to make an impact on the IPv4 endgame. As Bill Woodcock pointed out, we are not alone. There are proposals being made in 4 other RIRs. Is there anything good there? Anything to learn there? And let's not forget that we are not the only such number allocation organization around. How did NANPA deal with phone number shortages. Should we be implementing some of the usage reporting and run-out reporting that NANPA requires? What about FEMA? They often deal with resource shortage and allocation issues. Can we learn something from them? And please remember that we do *NOT* run the Internet. We do *NOT* engineer the Internet ecosystem. We can *NOT* mandate routing and other ISP operational issues. And we *DO* have the responsibility to allocate IPv4 addresses for non-Internet use as well. If you really, really, really want to help solve the IPv6 transition problem then you should probably leave this list and work on operational issues of interworking between two Internets, one IPv4 and one IPv6. All we can do here is to keep a sane, balanced resource allocation system functioning throughout the IPv4 endgame. That, in itself, does little to help transition to IPv6. --Michael Dillon From paul at vix.com Thu Jul 26 16:49:57 2007 From: paul at vix.com (Paul Vixie) Date: Thu, 26 Jul 2007 20:49:57 +0000 Subject: [ppml] Soliciting comments: IPv4 to IPv6 fast migration In-Reply-To: Your message of "Thu, 26 Jul 2007 21:24:59 +0100." References: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com><3c3e3fca0707251542p5ba313f4w72457acb65fc4db5@mail.gmail.com><77053E98-C998-4094-8970-C6213947B4A6@delong.com> <3c3e3fca0707260902o345d6127xbb3c0893912d1bc8@mail.gmail.com> Message-ID: <58236.1185482997@sa.vix.com> > ... > And please remember that we do *NOT* run the Internet. We do *NOT* > engineer the Internet ecosystem. We can *NOT* mandate routing and other > ISP operational issues. And we *DO* have the responsibility to allocate > IPv4 addresses for non-Internet use as well. > ... > --Michael Dillon the arin community has always taken into account engineering issues such as routing table explosion when suggesting, debating, approving and reviewing policy matters. arin is what its members and its community makes it. while arin does not directly run the internet, or engineer the ecosystem, many of our members do. while arin cannot mandate routing or isp operational issues, many of our members have decisions to make which are shaped and informed by arin's policies, and vice versa. indeed, it would be unwise for the arin policy process to occur in a vacuum, uninformed by operational reality. so while the things you said are true of arin the organization, they aren't true of arin's policy making community. From michael.dillon at bt.com Thu Jul 26 17:02:37 2007 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Thu, 26 Jul 2007 22:02:37 +0100 Subject: [ppml] Soliciting comments: IPv4 to IPv6 fast migration In-Reply-To: <58236.1185482997@sa.vix.com> References: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com><3c3e3fca0707251542p5ba313f4w72457acb65fc4db5@mail.gmail.com><77053E98-C998-4094-8970-C6213947B4A6@delong.com><3c3e3fca0707260902o345d6127xbb3c0893912d1bc8@mail.gmail.com> <58236.1185482997@sa.vix.com> Message-ID: > the arin community has always taken into account engineering > issues such as routing table explosion when suggesting, > debating, approving and reviewing policy matters. arin is > what its members and its community makes it. while arin does > not directly run the internet, or engineer the ecosystem, > many of our members do. while arin cannot mandate routing or > isp operational issues, many of our members have decisions to > make which are shaped and informed by arin's policies, and > vice versa. indeed, it would be unwise for the arin policy > process to occur in a vacuum, uninformed by operational > reality. so while the things you said are true of arin the > organization, they aren't true of arin's policy making community. No arguments with that. --Michael Dillon From tedm at ipinc.net Thu Jul 26 17:27:13 2007 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Thu, 26 Jul 2007 14:27:13 -0700 Subject: [ppml] Soliciting comments: IPv4 to IPv6 fast migration In-Reply-To: <3c3e3fca0707251542p5ba313f4w72457acb65fc4db5@mail.gmail.com> Message-ID: >-----Original Message----- >From: wherrin at gmail.com [mailto:wherrin at gmail.com]On Behalf Of William >Herrin >Sent: Wednesday, July 25, 2007 3:42 PM >To: Ted Mittelstaedt >Cc: ARIN Address Policy >Subject: Re: [ppml] Soliciting comments: IPv4 to IPv6 fast migration > > >On 7/24/07, Ted Mittelstaedt wrote: >> >3. Legacy IPv4 registrants don't pay their fair share. >> >> You know, William, >> >> I and many others have raised this payment issue repeatedly. [...] >> Frankly, I think it is a lost cause. > >Ted, > >As a small proprieter I hold a legacy /23 down in the swamp. As the >infrastructure manager for a multimillion dollar organization, I hold >a recently registered /22. As the former engineering lead at an ISP, >I held both two legacy /18s and an ARIN /19. I've grappled with the >issue from all three perspectives. > >When I wrote this proposal, I asked myelf (among other things): as a >legacy holder, what would entice me to buy in to the ARIN process >without greatly offending me as either the recent end-user or the ISP? >This is what I came up with. > > >Do you or Owen have any comments about the proposal itself? >For/against/indifferent? > >http://bill.herrin.us/arin-policy-proposal-6to4.html Yes. My comment is that there is nothing that can be done in policy to hasten IPv6 adoption and hasten IPv4 abandonment. Even immediately levying separate fees - that is, creating a financial incentive in the fees to abandon IPv4 space "early" - won't do it. Not because of an inherent problem with policy. But because the community does not have the balls to allow it to happen. I threfore oppose any weakening of the requirement for legacy holders to go through the same RSA procedure everyone else has to go through to obtain IPv6 addressing. My feeling to be perfectly honest is the Internet community is technically advanced but business and politically extremely immature. Most of them are so incredibly worried that someone is going to come along and tell them what to do, that they are opposing everything that has any scrap or hint of appointing a strong central leadership that will force change. Other industries do not have this problem. THe banking industry for example took care of cleaning house when the thrifts all started failing by creating the RTC which broke a huge number of hearts and spurred hundreds of lawsuits. The banks knew that would happen but they wern't afraid of pissing off a few lawyers. It so happened that in some cases the lawsuits did, in fact, win - because the plaintiffs were in fact right. But it made no difference because by the time the wins happened, the thrift industry was gone and even the judges that awarded the wins realized you cannot put Humpty Dumpty back together, and the wins merely resulted in transferring money around - they did not result in thrifts like Benj Franklin coming back into business. If the Internet community had balls, they would appoint a Czar and tell all IPv4 holders they had until 2010 to switch to IPv6 and pay the fees, to hell with your legacy status. In 2010 they would aggressivly block IPv4 all over the Internet. In 2012, everyone would have switched to IPv6 and you would have 4 or 5 large legacy holders in court, suing ARIN/IANA/everyone claiming they were illegally forced to submit to IPv6. The courts would find in their favor sometime in year 2020 by which time IPv6 would be so entrenched and IPv4 so dead, that the wins would have no meaning whatsoever. And no court would go against the rest of the world and try ordering the Internet to stop blocking IPv4 so the legacy holders could get their free ride for a few more years. And even if one did the rest of the world would ignore it with the result that a tiny chunk of the Internet would revert to IPv4 and become useless. But, the Internet community is too short sighted to understand that since they are unwilling to do this, and force the issue, that if ignoring the problem ever causes a serious problem on the Internet, the worlds governments will simply come in and take over and do it for them. And if that happens once the governments get involved they will never leave. There is a term for that it is called a Pyrric victory. Ted From arin-contact at dirtside.com Thu Jul 26 17:35:56 2007 From: arin-contact at dirtside.com (William Herrin) Date: Thu, 26 Jul 2007 17:35:56 -0400 Subject: [ppml] Soliciting comments: IPv4 to IPv6 fast migration In-Reply-To: References: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com> <3c3e3fca0707251542p5ba313f4w72457acb65fc4db5@mail.gmail.com> <77053E98-C998-4094-8970-C6213947B4A6@delong.com> <3c3e3fca0707260902o345d6127xbb3c0893912d1bc8@mail.gmail.com> Message-ID: <3c3e3fca0707261435m375ce9c4h50611e77c11f1901@mail.gmail.com> On 7/26/07, michael.dillon at bt.com wrote: > Host counts do not exist in the IPv6 policy as far as I am aware. This > reference seems to refer to the requirement for allocations of /48 to > 200 sites in the ISP allocation policy. Yet you refer to the end user > assignment policy which has no such requirement and nothing else that I > can see which looks like a host count. Michael, The reference (6.5.8.1b) refers to the requirement for an IPv6 applicant to qualify for an IPv4 assignment under current policies. The current IPv4 policy allows the assignment of a /22 to a multihomed end-user who can immediately fill half of the /22. That's roughly 500 hosts. This is why I call it a "back door" requirement. > And let's not forget that we are not the only such number allocation > organization around. How did NANPA deal with phone number shortages. > Should we be implementing some of the usage reporting and run-out > reporting that NANPA requires? They dealt with the phone number shortage by mandating technology tweaks to the dialing process which opened up vastly more area codes. Something to do with ten digit dialing and zeros in the second digit of the area code; I don't remember the exact details. When we run out of all 10 digits, they'll add a couple more and mandate another dialing change. In essence, they implemented exactly the kind of technology-tweak based policy that you just criticized me for discussing on the ARIN PPML list. > What about FEMA? They often deal with resource shortage and allocation > issues. Can we learn something from them? Despite years of foreknowledge that they could expect a problem, they arrived in New Orleans a day late and a dollar short. If there's a lesson to be learned, its this: don't do what FEMA did. Don't wait for someone to call you. Don't wait for top-down. Get the components staged in the field early so that when the s**t hits the fan the resources are already there. Regards, Bill Herrin -- William D. Herrin herrin at dirtside.com bill at herrin.us 3005 Crane Dr. Web: Falls Church, VA 22042-3004 From paul at vix.com Thu Jul 26 17:44:10 2007 From: paul at vix.com (Paul Vixie) Date: Thu, 26 Jul 2007 21:44:10 +0000 Subject: [ppml] Soliciting comments: IPv4 to IPv6 fast migration In-Reply-To: Your message of "Thu, 26 Jul 2007 14:27:13 MST." References: Message-ID: <70895.1185486250@sa.vix.com> > ... because the community does not have the balls to allow it to happen. i don't think it's wise to bet against this community's will or powers. > If the Internet community had balls, they would appoint a Czar and tell all > IPv4 holders they had until 2010 to switch to IPv6 and pay the fees, to hell > with your legacy status. In 2010 they would aggressivly block IPv4 all over > the Internet. In 2012, everyone would have switched to IPv6 and you would > have 4 or 5 large legacy holders in court, suing ARIN/IANA/everyone claiming > they were illegally forced to submit to IPv6. The courts would find in > their favor sometime in year 2020 by which time IPv6 would be so entrenched > and IPv4 so dead, that the wins would have no meaning whatsoever. And no > court would go against the rest of the world and try ordering the Internet > to stop blocking IPv4 so the legacy holders could get their free ride for a > few more years. And even if one did the rest of the world would ignore it > with the result that a tiny chunk of the Internet would revert to IPv4 and > become useless. while i won't address your concern (or lack of same) about lawsuits against ARIN, i'm generally in favour of "tough love" positions. see my 1995 paper on domain names (http://sa.vix.com/~vixie/dns-badnames.pdf) for an example. the big problem with the above proposal isn't lack of "balls", but lack of coherency. there isn't an "internet community" in the sense you mean, and there isn't going to be a Czar because there's no way to get universal agreement on who it could be. whatever "we" (the internet community or even just the ARIN community) do will be by bottom-up consensus, period. and that rather does take "tough love" positions off the menu. (i have no regrets.) > But, the Internet community is too short sighted to understand that since > they are unwilling to do this, and force the issue, that if ignoring the > problem ever causes a serious problem on the Internet, the worlds > governments will simply come in and take over and do it for them. And if > that happens once the governments get involved they will never leave. There > is a term for that it is called a Pyrric victory. it's not all doom and gloom. consensus driven governance has high inertia, so, it's hard to get it moving, but also very hard to stop it. let's steer. From owen at delong.com Thu Jul 26 18:48:08 2007 From: owen at delong.com (Owen DeLong) Date: Thu, 26 Jul 2007 15:48:08 -0700 Subject: [ppml] Policy Proposal 2007-15: Authentication ofLegacyResources In-Reply-To: <46A8EC77.1050504@eagle.ca> References: <46A8EC77.1050504@eagle.ca> Message-ID: <1A37573D-E02A-4C85-AFE4-E31164DC6238@delong.com> > > I'd like to know if there is a loosely-knit general consensus on what > the 'carrot' approach is, only because most of the discussions I've > followed follow general 'punish first' and 'contempt prior to > investigation' type attitudes. > I think that is largely because proposals which do not contain a stick are obscured in the shouting match between the stick-wielders. Much of the current discussion started around a proposal I submitted which did not contain a stick at all. The AC decided to postpone a decision on whether to accept my proposal or not and I am still awaiting feedback on what changes they are looking for in order to make it a proposal. I am surprised to see 2007-15 accepted as a proposal when mine was deferred, as one of the outcomes I would have expected was the AC asking Andrew and I to work together on merging the proposals into a compromise between the two. I am not opposed to such an effort if Andrew is interested. I know Andrew's goal, like mine, is the best policy for the community, but, we may have different opinions of what is best. > Also (OT, I don't know where else to post this), it would be > interesting > to know an approximation of how many ARIN IPv4 holders on this list > helping develop proposals/policies are actually utilizing IPv6 space, > and to what extent they use it. > I don't have general numbers for you, but, FWIW, I have a /64 that I am using to familiarize myself with IPv6, v6 tunneling over IPv4 and the like. > We (small independent ISP) have a /21 (from ARIN), and I have only > begun > to dabble with v6. I wish I had the time and resources to getting > up to > speed on how IPv6 works as well as I know how v4 hangs together. > I do not think you are alone in this position. Owen From mysidia at gmail.com Thu Jul 26 21:36:13 2007 From: mysidia at gmail.com (James Hess) Date: Thu, 26 Jul 2007 20:36:13 -0500 Subject: [ppml] Policy Proposal 2007-15: Authentication ofLegacyResources In-Reply-To: References: <004e01c7cf91$3f2c3da0$513816ac@atlanta.polycom.com> Message-ID: <6eb799ab0707261836g35517792n93c07d45b87999ed@mail.gmail.com> > My opinion is that this policy proposal puts too much emphasis on > authorizing the "stick" approach before the "carrot" approach has > received any significant attention and effort. > The problem with the "carrot" approach, is many legacy assignees already believe they have a big juicy carrot. A carrot that's much bigger and juicier than anything the community can offer them, without eliminating the benefit to the community of getting a legacy assignee to sign up in the first place. If ARIN formulates a special RSA for them where they get a free waiver from the rules and a waiver from the fees... then nothing at all is really accomplished. And even then, the carrot being offered is not particularly larger than the carrot that has to be given up in order to accept it. I say it's much better for them to be lightly prodded with a tiny stick today than be impaled by a tree limb 2 years later, when Ipv4 pools run out, and more aggressive unused space recovery efforts are justifiable. I say with certainty the carrot would not have close to 100% success, and it's best to have the stick ready up front, rather than keep it hidden behind the back "for later". -- -J From Keith at jcc.com Thu Jul 26 22:31:35 2007 From: Keith at jcc.com (Keith W. Hare) Date: Thu, 26 Jul 2007 22:31:35 -0400 Subject: [ppml] Policy Proposal 2007-15: Authentication ofLegacyResources Message-ID: <713dabf1378e9a7b567231b19f939a9b46a9590a@jcc.com> > -----Original Message----- > From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On > Behalf Of James Hess > Sent: Thursday, July 26, 2007 9:36 PM > To: ARIN Address Policy > Subject: Re: [ppml] Policy Proposal 2007-15: Authentication > ofLegacyResources > > > My opinion is that this policy proposal puts too much emphasis on > > authorizing the "stick" approach before the "carrot" approach has > > received any significant attention and effort. > > > > The problem with the "carrot" approach, is many legacy > assignees already > believe they have a big juicy carrot. > > A carrot that's much bigger and juicier than anything the > community can offer > them, without eliminating the benefit to the community of > getting a legacy > assignee to sign up in the first place. > > If ARIN formulates a special RSA for them where they get a > free waiver from the > rules and a waiver from the fees... then nothing at all is > really accomplished. > >From my point of view, there are two impediments from putting my company's legacy IPv4 /24 under an ARIN RSA: 1. I don't know how to do it. 2. I don't understand what affect the current RSA would have on our current IPv4 /24 use. Over the last month, any discussion of doing something to encourage legacy IPv4 address holders to do somethng gets lost in the chourus of "let's figure out how to punish them because they haven't done whatever" where the focus is on the methods to punish, not on the definition of "whatever". If you really want me to sign an RSA, add information to the ARIN web site about how a legacy address holder would go about signing an RSA, and what effect signing the RSA would have. Keith From sleibrand at internap.com Thu Jul 26 22:36:54 2007 From: sleibrand at internap.com (Scott Leibrand) Date: Thu, 26 Jul 2007 19:36:54 -0700 Subject: [ppml] Policy Proposal 2007-15: Authentication ofLegacyResources In-Reply-To: <713dabf1378e9a7b567231b19f939a9b46a9590a@jcc.com> References: <713dabf1378e9a7b567231b19f939a9b46a9590a@jcc.com> Message-ID: <46A95A46.8000304@internap.com> Keith W. Hare wrote: > From my point of view, there are two impediments from putting my > company's legacy IPv4 /24 under an ARIN RSA: > > 1. I don't know how to do it. > 2. I don't understand what affect the current RSA would have on our > current IPv4 /24 use. > > > > If you really want me to sign an RSA, add information to the ARIN web > site about how a legacy address holder would go about signing an RSA, > and what effect signing the RSA would have. > I think pretty much everyone agrees this is a necessary first step. Can anyone from ARIN staff comment publicly on the progress towards adding this information to the ARIN web site, preferably to a page with "all the information holders of pre-ARIN IP allocations need to know"? Thanks, Scott From jr at jrw.org Thu Jul 26 22:57:02 2007 From: jr at jrw.org (J. R. Westmoreland) Date: Thu, 26 Jul 2007 20:57:02 -0600 Subject: [ppml] Policy Proposal 2007-15: Authentication ofLegacyResources In-Reply-To: <713dabf1378e9a7b567231b19f939a9b46a9590a@jcc.com> References: <713dabf1378e9a7b567231b19f939a9b46a9590a@jcc.com> Message-ID: <000001c7cff9$d1f7e900$75e7bb00$@org> I completely agree with Keith's observations. In my case, with a /24 address space, the cost amounts to about $0.40/year per address. That's not bad on the surface. But, it is a heck of a lot more than the $0.00 that it cost me in the first place. In fact, at that time, the view was something like: "We have about 16,000,000 /24 blocks. We will never run out before we move to ipv6." So, it seems to me that there could be some place where we can all meet in the middle with everyone getting some of what they want but not all of what they want. J. R. ---------------------------------------- J. R. Westmoreland Email: jr at jrw.org > -----Original Message----- > From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On Behalf Of > Keith W. Hare > Sent: Thursday, July 26, 2007 8:32 PM > To: ARIN Address Policy > Subject: Re: [ppml] Policy Proposal 2007-15: Authentication > ofLegacyResources > > > > > -----Original Message----- > > From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On > > Behalf Of James Hess > > Sent: Thursday, July 26, 2007 9:36 PM > > To: ARIN Address Policy > > Subject: Re: [ppml] Policy Proposal 2007-15: Authentication > > ofLegacyResources > > > > > My opinion is that this policy proposal puts too much emphasis on > > > authorizing the "stick" approach before the "carrot" approach has > > > received any significant attention and effort. > > > > > > > The problem with the "carrot" approach, is many legacy > > assignees already > > believe they have a big juicy carrot. > > > > A carrot that's much bigger and juicier than anything the > > community can offer > > them, without eliminating the benefit to the community of > > getting a legacy > > assignee to sign up in the first place. > > > > If ARIN formulates a special RSA for them where they get a > > free waiver from the > > rules and a waiver from the fees... then nothing at all is > > really accomplished. > > > > >From my point of view, there are two impediments from putting my > company's legacy IPv4 /24 under an ARIN RSA: > > 1. I don't know how to do it. > 2. I don't understand what affect the current RSA would have on our > current IPv4 /24 use. > > Over the last month, any discussion of doing something to encourage > legacy IPv4 address holders to do somethng gets lost in the chourus of > "let's figure out how to punish them because they haven't done > whatever" > where the focus is on the methods to punish, not on the definition of > "whatever". > > If you really want me to sign an RSA, add information to the ARIN web > site about how a legacy address holder would go about signing an RSA, > and what effect signing the RSA would have. > > Keith > > > > > > > > > > > _______________________________________________ > This message sent to you through the ARIN Public Policy Mailing List > (PPML at arin.net). > Manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml From michael.dillon at bt.com Fri Jul 27 04:14:26 2007 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Fri, 27 Jul 2007 09:14:26 +0100 Subject: [ppml] Soliciting comments: IPv4 to IPv6 fast migration In-Reply-To: <3c3e3fca0707261435m375ce9c4h50611e77c11f1901@mail.gmail.com> References: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com> <3c3e3fca0707251542p5ba313f4w72457acb65fc4db5@mail.gmail.com> <77053E98-C998-4094-8970-C6213947B4A6@delong.com> <3c3e3fca0707260902o345d6127xbb3c0893912d1bc8@mail.gmail.com> <3c3e3fca0707261435m375ce9c4h50611e77c11f1901@mail.gmail.com> Message-ID: > > And let's not forget that we are not the only such number > allocation > > organization around. How did NANPA deal with phone number shortages. > > Should we be implementing some of the usage reporting and run-out > > reporting that NANPA requires? > > They dealt with the phone number shortage by mandating > technology tweaks to the dialing process which opened up > vastly more area codes. > Something to do with ten digit dialing and zeros in the > second digit of the area code; I don't remember the exact > details. When we run out of all 10 digits, they'll add a > couple more and mandate another dialing change. > > In essence, they implemented exactly the kind of > technology-tweak based policy that you just criticized me for > discussing on the ARIN PPML list. NANPA had *RESERVED* NNX codes of the form n0n so that switches could distinguish NPA's from NNX's in the first 3 digits dialed. I don't believe that NANPA ever mandated any technology change. The switching technology was already in place long before 10-digit dialing was introduced anywhere. But that is not all that NANPA did. They also moved to allocating smaller blocks and I believe there were changes to reporting. In any case, there is far more detailled phone number usage reporting than we have in ARIN. And there are more strict rules on things like how long you can leave a number unused before assigning it to another customer. > > What about FEMA? They often deal with resource shortage and > allocation > > issues. Can we learn something from them? > > Despite years of foreknowledge that they could expect a > problem, they arrived in New Orleans a day late and a dollar > short. If there's a lesson to be learned, its this: don't do > what FEMA did. Don't wait for someone to call you. Don't wait > for top-down. Get the components staged in the field early so > that when the s**t hits the fan the resources are already there. FEMA was not created to deal with hurricane Katrina and that is not the only "event" where they provided their services. In any case, we are trying to get things staged early for IPv4 exhaustion but that requires some thinking on what needs to be staged and what bad outcomes can be avoided by being proactive. --Michael Dillon From steveb at eagle.ca Fri Jul 27 09:01:30 2007 From: steveb at eagle.ca (Steve Bertrand) Date: Fri, 27 Jul 2007 09:01:30 -0400 Subject: [ppml] Policy Proposal 2007-15: Authentication ofLegacyResources In-Reply-To: <713dabf1378e9a7b567231b19f939a9b46a9590a@jcc.com> References: <713dabf1378e9a7b567231b19f939a9b46a9590a@jcc.com> Message-ID: <46A9ECAA.6070506@eagle.ca> >>From my point of view, there are two impediments from putting my > company's legacy IPv4 /24 under an ARIN RSA: > > 1. I don't know how to do it. > 2. I don't understand what affect the current RSA would have on our > current IPv4 /24 use. > > Over the last month, any discussion of doing something to encourage > legacy IPv4 address holders to do somethng gets lost in the chourus of > "let's figure out how to punish them because they haven't done whatever" > where the focus is on the methods to punish, not on the definition of > "whatever". > > If you really want me to sign an RSA, add information to the ARIN web > site about how a legacy address holder would go about signing an RSA, > and what effect signing the RSA would have. As a first step, would it be feasible to have a web-based 'opt-in' type page, where legacy holders can fill out their information, the size of space they hold, and without entering into any binding agreements, at least imply that they are at least willing to find out more about the RSA process and impacts? This way, if these willing-to-learn-more legacy holders are not actively monitoring these lists, they can be notified by email about important updates/changes in policy, and what effects said changes will have on them if/when they do decide to sign an RSA. The more legacy holders that we know about (especially that are not dead set against coming out of the woodworks), the more we can learn about their concerns and ideas, which may have an impact on the mind-set of the community in regards to policy steering. Again, I have no idea if this is feasible or worth the effort or not. Steve From Keith at jcc.com Fri Jul 27 09:36:50 2007 From: Keith at jcc.com (Keith W. Hare) Date: Fri, 27 Jul 2007 09:36:50 -0400 Subject: [ppml] Soliciting comments: IPv4 to IPv6 fast migration Message-ID: <60afb3fd3fce5c394ba62332d22cbe4646a9f4f3@jcc.com> > -----Original Message----- > From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On > Behalf Of michael.dillon at bt.com > Sent: Friday, July 27, 2007 4:14 AM > To: ppml at arin.net > Subject: Re: [ppml] Soliciting comments: IPv4 to IPv6 fast migration > > ... > > NANPA had *RESERVED* NNX codes of the form n0n so that switches could > distinguish NPA's from NNX's in the first 3 digits dialed. I don't > believe that NANPA ever mandated any technology change. The switching > technology was already in place long before 10-digit dialing was > introduced anywhere. > > But that is not all that NANPA did. They also moved to allocating > smaller blocks and I believe there were changes to reporting. In any > case, there is far more detailled phone number usage reporting than we > have in ARIN. And there are more strict rules on things like how long > you can leave a number unused before assigning it to another customer. > With some amount of push from customers and lawmakers, the telephone companies have moved from Provider Agregatable phone numbers to Provider Independent phone numbers. Keith From cliffb at cjbsys.bdb.com Fri Jul 27 09:37:09 2007 From: cliffb at cjbsys.bdb.com (Cliff Bedore) Date: Fri, 27 Jul 2007 09:37:09 -0400 Subject: [ppml] Legacy users and ARIN duties Message-ID: <46A9F505.40500@cjbsys.bdb.com> As a legacy address holder and newcomer to the list, I'm a little concerned about all the effort to get us to join ARIN/sign RSAs etc. I've had my Class C (/24 for the newbies :-) ) since 1990. Until I was invited to join this list, I have had virtually no interface with ARIN. I think there were a few changes made over the years as I switched providers but mostly no contact. When we got our addresses, there were no ISPs. Companies/groups/individuals got addresses to connect to the internet not to make a business of getting others connected to the internet. Our needs were fairly static for the most part. The world changed but we were left alone for 15-17 years. Now as IPv4 space is getting low, everyone wants us to in some way legitimatize our status. Like common law marriage after 7 years, I think our status is established by custom that is recognized as valid. If there is really going to be an IPv6 Internet "real soon now" why the hell does anybody care about getting fees/RSAs from the legacy holders of IPv4 address space after all these years. The only reason I can think of is that nobody really believes IPv6 is going to happen and all that legacy space (however much that is) is beginning to look more and more attractive as there is less and less available. People are sharpening their knives at how to carve up the legacy space. If IANA/ARIN/other RIRs are serious about IPv6, they would be much better off trying to get IPv6 going rather than chase legacy users for their space. If IPv6 is going to happen and the legacy users are going to be around, they will need IPv6 space and will join the community and sign the proper RSAs when they do. Would it be good stewardship for ARIN to develop a v6/v4 gateway that was freely available for various ISPs to use to induce IPv6 adoption? Personally, the more I hear about IPv6, the more I am reminded of the OSI/GOSIP fiasco of the early 90s. OSI was too big, too complicated and had too many "undefineds". IPv6 is beginning to look the same way. I personally think that some big company is going to start their own separate IPv4 space, develop big gateways and double the size of the Internet without requiring any change to any equipment on either side of the gateway. Don't ask me how, I don't know but I'll bet somebody can do it. Maybe they'll call the domain .FUV6. :-) Seriously, I think ARIN is wasting its time trying to do anything with legacy space. If they really want IPv6 to take off, the sooner v4 disappears, the sooner v6 will happen. It's like they have a split personality and want to keep both. Cliff From dean at av8.com Fri Jul 27 10:45:16 2007 From: dean at av8.com (Dean Anderson) Date: Fri, 27 Jul 2007 10:45:16 -0400 (EDT) Subject: [ppml] Policy Proposal 2007-15: Authentication ofLegacyResources In-Reply-To: <35731.1185477551@sa.vix.com> Message-ID: On Thu, 26 Jul 2007, Paul Vixie wrote: > within a couple of years, IANA will have no more space to give ARIN > and the other RIRs, and shortly after that moment, ARIN and the other > RIRs will have no more space to give ISPs and LIRs. the common name > for this is "IPv4 pool depletion" and there is no controversy or > disagreement as to the inevitability of that depletion. There is no data associated with these claims. As Lord Kelvin said, "your knowledge is of a meager and unsatisfactory kind". Can the ARIN staff report on the past rate of delegation (in total IP addresses and in total blocks, year by year, and the current year month by month? Of course, everything runs out eventually. However, there are things that we can do to prolong that time as long as possible. Delay in Assignment Processing of Requests Smaller Assignments Tougher requirements If ARIN (and IANA) adopt a policy of measuring the rate of delegation against the expected depletion time at the current rate, and adjust the above parameters so that depletion will not occur for, say, 10 years, then we will see an exponential decreasing rate of delegation, but we will never run out of address space. Certainly not in the next 20 or 30 years, after which time we can expect that IPv6 is the preferred protocol, and we will never run out of IPv6 space. No more than the expected amount of IP addresses can be assigned in a given year. Pending requests would be delayed to the next year, and then assigned in the next year's policy to achieve 10 year depletion. --Dean -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000 From bicknell at ufp.org Fri Jul 27 10:46:20 2007 From: bicknell at ufp.org (Leo Bicknell) Date: Fri, 27 Jul 2007 10:46:20 -0400 Subject: [ppml] Legacy users and ARIN duties In-Reply-To: <46A9F505.40500@cjbsys.bdb.com> References: <46A9F505.40500@cjbsys.bdb.com> Message-ID: <20070727144620.GB23301@ussenterprise.ufp.org> In a message written on Fri, Jul 27, 2007 at 09:37:09AM -0400, Cliff Bedore wrote: > If there is really going to be an IPv6 Internet "real soon now" why the > hell does anybody care about getting fees/RSAs from the legacy holders > of IPv4 address space after all these years. The only reason I can > think of is that nobody really believes IPv6 is going to happen and all > that legacy space (however much that is) is beginning to look more and > more attractive as there is less and less available. People are > sharpening their knives at how to carve up the legacy space. I think you're right, however I think you may have the wrong target of your concern. The impression I get from your e-mail is that you believe the ARIN community would like legacy blocks under RSA so they can be partially repossessed (carved up) and handed back out later. I don't think that's a very likely outcome. Estimates put the most optimistic view of such action at extending the life of IPv4 by 2-3 years, which from a policy cycle is about the same amount of time it would take to pass and implement such a policy. Quite simply, it doesn't make sense for the RIR community to take such action on a grand scale. However, your concern is right. Move forward to a time when you can no longer get IPv4 space from ARIN. You also can't get it from your ISP. It's not hard to envision a legacy /8 holder deciding to "sell" their /8 as a bunch of small /24's to the highest bidder. People who can't get their space anywhere else will likely pay. What's the effect of that on the community? Well, if one /8 did that we'd be talking another 65,536 routes in the routing table, potentially. If they charged $10,000 per /24 (which if you can't get it anywhere else as a one time fee seems quite reasonable; that company will add 655 Million dollars to it's bottom line. The fear, at the end of the day, is for the routing table. If ARIN can't give out blocks of PA space to ISP's, and ISP's can give out PA space to their customers then people will turn elsewhere. The effect is to turn customers who get PA space today into PI space holders of space they "bought" on the open market. With only a few moderate sized block holders doing this it's fairly easy to see the routing table double from the current 220k routes to 440k routes in a short period of time, perhaps under a year. This would greatly hurt the entire community. Now, specifically about IPv6. I don't think the concern is that it's not going to happen, but that it won't happen in time. If you had to pay $10k per /24, there's a lot of economic incentive to move to IPv6, so people would move. If the IPv4 routing table exploded, ISP's would move to IPv6 and then aggressively filter IPv4. Rather, the concern is simply we're not going to move to IPv6 in time -- the community seems to be on a crash course to feel some sort of major pain before they are willing to make the transition. In fact, I believe what we've walked into is a real life case of the Prisoner's Dilemma: http://en.wikipedia.org/wiki/Prisoner's_dilemma We'd all be better off if we could cooperate, but we can't all trust each other so that won't happen, so we're doomed to all betray each other in the hopes of at least finding a equilibrium state. -- Leo Bicknell - bicknell at ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ Read TMBG List - tmbg-list-request at tmbg.org, www.tmbg.org -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available URL: From bicknell at ufp.org Fri Jul 27 10:53:09 2007 From: bicknell at ufp.org (Leo Bicknell) Date: Fri, 27 Jul 2007 10:53:09 -0400 Subject: [ppml] Policy Proposal 2007-15: Authentication ofLegacyResources In-Reply-To: References: <35731.1185477551@sa.vix.com> Message-ID: <20070727145309.GC23301@ussenterprise.ufp.org> In a message written on Fri, Jul 27, 2007 at 10:45:16AM -0400, Dean Anderson wrote: > There is no data associated with these claims. As Lord Kelvin said, > "your knowledge is of a meager and unsatisfactory kind". Geoff Huston of APNIC has put together the most comprehensive set of numbers, looking at all 5 RIR's plus IANA. http://www.potaroo.net/tools/ipv4/ ARIN presents statistics at each public policy meeting. The last one was ARIN XIX (http://www.arin.net/meetings/minutes/ARIN_XIX/ppm.html), and includes a presentation (http://www.arin.net/meetings/minutes/ARIN_XIX/PDF/monday/nroJointStats_Nobile.pdf) with details on all five RIR's as well. Each of the other 4 RIR's perform similar reports at their meetings, and can be found off their various web pages. -- Leo Bicknell - bicknell at ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ Read TMBG List - tmbg-list-request at tmbg.org, www.tmbg.org -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available URL: From paul at vix.com Fri Jul 27 11:12:51 2007 From: paul at vix.com (Paul Vixie) Date: Fri, 27 Jul 2007 15:12:51 +0000 Subject: [ppml] Legacy users and ARIN duties In-Reply-To: Your message of "Fri, 27 Jul 2007 09:37:09 -0400." <46A9F505.40500@cjbsys.bdb.com> References: <46A9F505.40500@cjbsys.bdb.com> Message-ID: <75417.1185549171@sa.vix.com> > From: Cliff Bedore > > As a legacy address holder and newcomer to the list, I'm a little concerned > about all the effort to get us to join ARIN/sign RSAs etc. ... welcome. > ... > If there is really going to be an IPv6 Internet "real soon now" why the hell > does anybody care about getting fees/RSAs from the legacy holders of IPv4 > address space after all these years. because ARIN is a steward of this public resource. > The only reason I can think of is that nobody really believes IPv6 is going > to happen and all that legacy space (however much that is) is beginning to > look more and more attractive as there is less and less available. People > are sharpening their knives at how to carve up the legacy space. there is no possible non-IPv6 future. without continuous growth in the number of connected devices, the internet fails, both politically, economically, and technologically. there is, however, more than one way that the transition can occur. examples include continuous regulation in the form of the RIRs, as well as deregulation similar to what happened with the electricity markets and a company called Enron a few years back. our mileage MUST vary. some of us who think that legacy space should be subject to regulation don't want to take it away, we just don't want it floating around loose during what promises to be a very interesting, and inevitable, transition to IPv6. From arin-contact at dirtside.com Fri Jul 27 12:14:27 2007 From: arin-contact at dirtside.com (William Herrin) Date: Fri, 27 Jul 2007 12:14:27 -0400 Subject: [ppml] Soliciting comments: IPv4 to IPv6 fast migration In-Reply-To: <60afb3fd3fce5c394ba62332d22cbe4646a9f4f3@jcc.com> References: <60afb3fd3fce5c394ba62332d22cbe4646a9f4f3@jcc.com> Message-ID: <3c3e3fca0707270914g5583ae1ep7c004c08f5221a42@mail.gmail.com> On 7/27/07, Keith W. Hare wrote: > With some amount of push from customers and lawmakers, the telephone > companies have moved from Provider Agregatable phone numbers to Provider > Independent phone numbers. That's a great point Keith. And here's the nasty part: because they waited until the issue was forced, they had to make it fully PI, individual number by individual number. They lost the option to use some sort of sensible grouping strategy. Regards, Bill -- William D. Herrin herrin at dirtside.com bill at herrin.us 3005 Crane Dr. Web: Falls Church, VA 22042-3004 From info at arin.net Fri Jul 27 12:30:31 2007 From: info at arin.net (Member Services) Date: Fri, 27 Jul 2007 12:30:31 -0400 Subject: [ppml] WHOIS Enhancement Consultation Now Closed Message-ID: <46AA1DA7.4050704@arin.net> ARIN thanks the community for its input regarding the suggestion to allow CIDR style queries to the ARIN WHOIS directory services. Additional enhancements were suggested and will be reviewed. Given the nature of the feedback provided on the list, a subsequent polling is not necessary. ARIN staff will take all input under discussion and next week will report back to the community with its intended course of action regarding changes to ARIN WHOIS directory services. The archives of this discussion are available at: http://lists.arin.net/pipermail/consult/ Regards, Member Services American Registry for Internet Numbers (ARIN) From tedm at ipinc.net Fri Jul 27 15:08:06 2007 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Fri, 27 Jul 2007 12:08:06 -0700 Subject: [ppml] Soliciting comments: IPv4 to IPv6 fast migration In-Reply-To: <3c3e3fca0707270914g5583ae1ep7c004c08f5221a42@mail.gmail.com> Message-ID: >-----Original Message----- >From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net]On Behalf Of >William Herrin >Sent: Friday, July 27, 2007 9:14 AM >To: Keith W. Hare >Cc: ppml at arin.net >Subject: Re: [ppml] Soliciting comments: IPv4 to IPv6 fast migration > > >On 7/27/07, Keith W. Hare wrote: >> With some amount of push from customers and lawmakers, the telephone >> companies have moved from Provider Agregatable phone numbers to Provider >> Independent phone numbers. > >That's a great point Keith. And here's the nasty part: because they >waited until the issue was forced, they had to make it fully PI, >individual number by individual number. They lost the option to use >some sort of sensible grouping strategy. > I think we have carried this analogy to the point of silliness. Area codes still create groups. But more importantly, the phone number can be an abstraction because it is only used 1 time during the call - at the beginning for the phone switches to setup the call. Once that is complete and the query into the lookup table that matches the PI phone number to the internal routing number used by the phone company is complete, the table isn't queried again. With IP traffic, to implement something similar to a PI IP address, you would have to have every non-edge router on the Internet make a query to a lookup table of some sort, and they would have to do it for every packet. For a VoIP phone call that might have 10,000 packets in the entire call that passes through the routers during call existence. You can't do a query for each packet. That is why IP is still going to require some sort of "sensible grouping" and why telephone numbers don't. Ted From tedm at ipinc.net Fri Jul 27 15:48:30 2007 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Fri, 27 Jul 2007 12:48:30 -0700 Subject: [ppml] Soliciting comments: IPv4 to IPv6 fast migration In-Reply-To: <70895.1185486250@sa.vix.com> Message-ID: >-----Original Message----- >From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net]On Behalf Of >Paul Vixie >Sent: Thursday, July 26, 2007 2:44 PM >To: ARIN Address Policy >Subject: Re: [ppml] Soliciting comments: IPv4 to IPv6 fast migration > > >> ... because the community does not have the balls to allow it to happen. > >i don't think it's wise to bet against this community's will or powers. Why not? You say later on here that there isn't an internet community so seems a safe bet to me... > >> If the Internet community had balls, they would appoint a Czar >and tell all >> IPv4 holders they had until 2010 to switch to IPv6 and pay the >fees, to hell >> with your legacy status. In 2010 they would aggressivly block >IPv4 all over >> the Internet. In 2012, everyone would have switched to IPv6 and >you would >> have 4 or 5 large legacy holders in court, suing >ARIN/IANA/everyone claiming >> they were illegally forced to submit to IPv6. The courts would find in >> their favor sometime in year 2020 by which time IPv6 would be so >entrenched >> and IPv4 so dead, that the wins would have no meaning whatsoever. And no >> court would go against the rest of the world and try ordering >the Internet >> to stop blocking IPv4 so the legacy holders could get their free >ride for a >> few more years. And even if one did the rest of the world would >ignore it >> with the result that a tiny chunk of the Internet would revert >to IPv4 and >> become useless. > >while i won't address your concern (or lack of same) about lawsuits against >ARIN, i'm generally in favour of "tough love" positions. see my 1995 paper >on domain names (http://sa.vix.com/~vixie/dns-badnames.pdf) for an example. > >the big problem with the above proposal isn't lack of "balls", but lack of >coherency. Same thing. Your just using the politically correct terminology. >there isn't an "internet community" in the sense you mean, and >there isn't going to be a Czar because there's no way to get universal >agreement on who it could be. If there was coherency, ie: "Balls" and a way to get universal agreement (or mostly universal agreement) there wouldn't be a need for a Czar. >whatever "we" (the internet >community or even >just the ARIN community) do will be by bottom-up consensus, >period. If we do anything. Which right now there is no universal interest in doing anything other than letting IPv4-to-IPv6 migration just happen by itself. Every proposal to either hasten or push out the date by anybody has been shot to pieces, sometimes by legitimate bullets, other times by politics. Clearly, the majority will is that things are fine the way they are. If some people have problems getting IPv4 allocations at some point in the future, well tough cookies to them, they shouldn't be bothering with IPv4 then anyway, they should be using IPv6. It's the old "I got mine so I don't give a crap if you can't get yours" mentality. If the Internet community really did care about people's addressing needs in the future, most people would be bothered by the idea that there are legacy addresses floating around out there that aren't being used, aren't being advertised, but are unavailable for assignment because of paperwork baloney. Such as for example the 199.248 block I have brought up before that the only reason it's just floating around is because the company that was assigned to it doesen't even know they have it, and couldn't use it even if they did know they had it. Most people would also be bothered with the idea that there might be legacy allocations currently being advertised that are way in excess of the address holders needs, but are out there because the legacy holders got them free and don't want to have to start paying a yearly fee. In other words, there would be a whole lot more interest in cleaning house on IPv4 than just saying the house is a giant effing mess so we are just going to shut the door on it and build a new house. The feeling seems to be we are going to spend a lot of effort on migrating to IPv6 now, because it's easier FOR US to solve the technical problems of migration, than the political problems of cleaning up IPv4. While that might be OK, the issue that is being skirted is how do you handle the situation in the future, where post-runout, Sally Sue needs addresses, gets her IPv6, and now needs to connect to Billy Goat who has been on the Internet longer than her, has IPv4 he's using that can connect to everyone else, and hasn't gotten around to deploying IPv6 yet. It doesen't seem to me that Sally Sue has any compelling enough reason to induce Billy Goat to go dual-stack all of his stuff. So, Sally is going to end up having to go through an intermediary, which is going to put a cost and hack burden on her that Billy Goat doesen't have. And as the intermediaries get more use, the Billy Goats of the Internet will have even less incentive to dual-stack. I am not sure that even you, Paul, understand. The Czar isn't really going to be needed to force IPv6 migration, he's going to be needed to force IPv4 off the Internet or we are going to see a huge growth of hacks to try to get both addressing to coexist, which is going to impact stability. And if it gets bad enough, and the Internet gets unreliable enough, then the billionaires that run sites like Google will see it impact their bottom line, and call in the governments, who are going to take control. That is how it's worked in other industries where they tried "bottom up" solutions in the face of change. Ted From paul at vix.com Fri Jul 27 16:04:05 2007 From: paul at vix.com (Paul Vixie) Date: Fri, 27 Jul 2007 20:04:05 +0000 Subject: [ppml] Soliciting comments: IPv4 to IPv6 fast migration In-Reply-To: Your message of "Fri, 27 Jul 2007 12:48:30 MST." References: Message-ID: <41653.1185566645@sa.vix.com> > Clearly, the majority will is that things are fine the way they are. no. the common viewpoint is some mixture of "this is a problem we don't know how to solve" and "this is a problem and i hope somebody works on it". > "If some people have problems getting IPv4 allocations at some point > in the future, well tough cookies to them, they shouldn't be bothering > with IPv4 then anyway, they should be using IPv6." since the value of having an internet connected device depends on the size and diversity of the population of other internet connected devices, there is no sane way to ignore any market size constraint like ipv4 depletion. you may be mistaking the common american business practice of focusing on the quarter's results rather than on the long term effects on the economy or ecology of the system, for a deliberate head-in-sand approach to the problems of ipv4 depletion and ipv6 transition. > I am not sure that even you, Paul, understand. note, i would usually exit a discussion when personal identities come into play -- our discussions here have to be about the issues, not the people. however, since i can see that your focus is still the issues, i'll continue. > The Czar isn't really going to be needed to force IPv6 migration, he's going > to be needed to force IPv4 off the Internet or we are going to see a huge > growth of hacks to try to get both addressing to coexist, which is going to > impact stability. the internet would interpret that kind of force as damage and route around it. the answer to "what will internet people do?" does not depend in any way on government mandates. there is no place for a Czar to sit. i can think of some monopoly-like players on the business side who could force something like this through, if there was a business model for it involving lock-in revenue, but for the rest of us, all we can do is build roads that go in our preferred directions, and hope those roads are the ones more often taken. > And if it gets bad enough, and the Internet gets unreliable enough, then the > billionaires that run sites like Google will see it impact their bottom > line, and call in the governments, who are going to take control. if the billionaires want to protect their existing revenue streams without also trying to lock in additional revenue, then they need to get going on their own IPv6 transition, and build roads for others to do the same. there is no government who could mandate the end of IPv4, no matter who asked for it or how many billions of dollars were involved. > That is how it's worked in other industries where they tried "bottom up" > solutions in the face of change. sometimes the internet proceeds differently than any example or template that the world knew before. my bet is on us. From owen at delong.com Fri Jul 27 16:28:37 2007 From: owen at delong.com (Owen DeLong) Date: Fri, 27 Jul 2007 13:28:37 -0700 Subject: [ppml] Soliciting comments: IPv4 to IPv6 fast migration In-Reply-To: References: Message-ID: On Jul 27, 2007, at 12:08 PM, Ted Mittelstaedt wrote: > > >> -----Original Message----- >> From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net]On >> Behalf Of >> William Herrin >> Sent: Friday, July 27, 2007 9:14 AM >> To: Keith W. Hare >> Cc: ppml at arin.net >> Subject: Re: [ppml] Soliciting comments: IPv4 to IPv6 fast migration >> >> >> On 7/27/07, Keith W. Hare wrote: >>> With some amount of push from customers and lawmakers, the telephone >>> companies have moved from Provider Agregatable phone numbers to >>> Provider >>> Independent phone numbers. >> >> That's a great point Keith. And here's the nasty part: because they >> waited until the issue was forced, they had to make it fully PI, >> individual number by individual number. They lost the option to use >> some sort of sensible grouping strategy. >> > > I think we have carried this analogy to the point of silliness. > > Area codes still create groups. But more importantly, the phone Really, they don't. Area codes are portable across multiple providers. There isn't even a separation of area codes between Cellular and Local providers. > number can be an abstraction because it is only used 1 time during > the call - at the beginning for the phone switches to setup the > call. Once that is complete and the query into the lookup table That's true, but, only mildly relevant. > that matches the PI phone number to the internal routing number used > by the phone company is complete, the table isn't queried again. > Much like mapping of domain names to IP addresses. > With IP traffic, to implement something similar to a PI IP address, > you would have to have every non-edge router on the Internet make > a query to a lookup table of some sort, and they would have to do it > for every packet. For a VoIP phone call that might have 10,000 This is not necessarily 100% true. The router could cache the lookup result for previously seen destinations. Another option would be to encode the destination AS on the packet near the edge and route across the DFZ based on ASPath/Next Hop data without the need to keep prefix data distributed. > packets in the entire call that passes through the routers during > call existence. You can't do a query for each packet. That is why > IP is still going to require some sort of "sensible grouping" > and why telephone numbers don't. > Actually, that's why IP needs a new routing paradigm more than why phone numbers don't require grouping. IP only requires grouping if we continue to use the End System Identifier as the Routing Locator. There have been several proposals for ID/LOC split. In the long run, it is ID/LOC split that is needed to make this feasible for both the phone companies (which have it already) and for IP (which doesn't yet). In the phone companies, the ID and LOC look a lot like each other and are sometimes even the same number. In IP, there isn't really any benefit to doing so, but, we could do it that way if we wanted to. Owen From JOHN at egh.com Fri Jul 27 16:44:24 2007 From: JOHN at egh.com (John Santos) Date: Fri, 27 Jul 2007 16:44:24 -0400 Subject: [ppml] Soliciting comments: IPv4 to IPv6 fast migration In-Reply-To: Message-ID: <1070727162736.7305B-100000@Ives.egh.com> On Fri, 27 Jul 2007, Ted Mittelstaedt wrote: > > > >-----Original Message----- > >From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net]On Behalf Of > >William Herrin > >Sent: Friday, July 27, 2007 9:14 AM > >To: Keith W. Hare > >Cc: ppml at arin.net > >Subject: Re: [ppml] Soliciting comments: IPv4 to IPv6 fast migration > > > > > >On 7/27/07, Keith W. Hare wrote: > >> With some amount of push from customers and lawmakers, the telephone > >> companies have moved from Provider Agregatable phone numbers to Provider > >> Independent phone numbers. > > > >That's a great point Keith. And here's the nasty part: because they > >waited until the issue was forced, they had to make it fully PI, > >individual number by individual number. They lost the option to use > >some sort of sensible grouping strategy. > > > > I think we have carried this analogy to the point of silliness. > > Area codes still create groups. But more importantly, the phone > number can be an abstraction because it is only used 1 time during > the call - at the beginning for the phone switches to setup the > call. Once that is complete and the query into the lookup table > that matches the PI phone number to the internal routing number used > by the phone company is complete, the table isn't queried again. > > With IP traffic, to implement something similar to a PI IP address, > you would have to have every non-edge router on the Internet make > a query to a lookup table of some sort, and they would have to do it > for every packet. For a VoIP phone call that might have 10,000 > packets in the entire call that passes through the routers during > call existence. You can't do a query for each packet. That is why > IP is still going to require some sort of "sensible grouping" > and why telephone numbers don't. Not really. The first non-edge router could look up a "physical" IP address, cache it, and forward all packets for the "virtual" PI address to that physical address (encapsulated with the original virtual address still attached.) The "physical" address could be either the current provider-provided PA address of the destination or the address of a router "close" to the destination. If its a router at that address it would then extract the original packet and forward it to the (close-by) destination. None of the intermediate routers would have to know anything about the destination PI address. The only time you would need to do a second lookup of an established (i.e. recently used) connection is if the cache overflowed, or the destination physical address died, or if the destination router decided there was a better route to the virtual destination address. (N.B. This encapsulation could either ipv4 or ipv6 packets and the virtual source/destinations could also be either ipv4 or 6.) This is pretty much how cell phones work (where the "virtual" 10-digit phone number gets re-routed every time it changes cells), and how number portability works for regular PSTN numbers, at a huge degree of abstraction. Telephone numbers don't require grouping precisely because a lookup like this is done at call origination time (and for cell numbers, on the relatively rare occasions when a phone moves to a different cell.) I'm not as familier with IP routing, but I get the impression the routing folks are looking into exactly this sort of thing. It would be enormously useful for things like mobile VOIP. > > Ted > _______________________________________________ > This message sent to you through the ARIN Public Policy Mailing List > (PPML at arin.net). > Manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml > > -- John Santos Evans Griffiths & Hart, Inc. 781-861-0670 ext 539 From info at arin.net Fri Jul 27 16:44:36 2007 From: info at arin.net (Member Services) Date: Fri, 27 Jul 2007 16:44:36 -0400 Subject: [ppml] Policy Proposal: IANA Policy for Allocation of ASN Blocks to RIRs In-Reply-To: <46A76281.4030706@arin.net> References: <46A76281.4030706@arin.net> Message-ID: <46AA5934.4090806@arin.net> > The AC will assign shepherds in the near future. ARIN will provide the > names of the shepherds to the community via the PPML. The shepherds from the ARIN Advisory Council for this proposal are Dan Alexander and Heather Schiller. Regards, Member Services American Registry for Internet Numbers (ARIN) Member Services wrote: > ARIN received the following policy proposal. In accordance with the ARIN > Internet Resource Policy Evaluation Process, the proposal is being > posted to the ARIN Public Policy Mailing List (PPML) and being placed on > ARIN's website. > > The ARIN Advisory Council (AC) will review this proposal at their next > regularly scheduled meeting. The AC may decide to: > > 1. Accept the proposal as a formal policy proposal as written. If the > AC accepts the proposal, it will be posted as a formal policy proposal > to PPML and it will be presented at a Public Policy Meeting. > > 2. Postpone their decision regarding the proposal until the next > regularly scheduled AC meeting in order to work with the author. The AC > will work with the author to clarify, combine or divide the proposal. At > their following meeting the AC will accept or not accept the proposal. > > 3. Not accept the proposal. If the AC does not accept the proposal, > the AC will explain their decision. If a proposal is not accepted, then > the author may elect to use the petition process to advance their > proposal. If the author elects not to petition or the petition fails, > then the proposal will be closed. > > The AC will assign shepherds in the near future. ARIN will provide the > names of the shepherds to the community via the PPML. > > In the meantime, the AC invites everyone to comment on this proposal on > the PPML, particularly their support or non-support and the reasoning > behind their opinion. Such participation contributes to a thorough > vetting and provides important guidance to the AC in their deliberations. > > The ARIN Internet Resource Policy Evaluation Process can be found at: > http://www.arin.net/policy/irpep.html > > Mailing list subscription information can be found at: > http://www.arin.net/mailing_lists/ > > Regards, > > Member Services > American Registry for Internet Numbers (ARIN) > > > ## * ## > > > Policy Proposal Name: Internet Assigned Numbers Authority (IANA) Policy > for Allocation of ASN Blocks to Regional Internet Registries > > Author: Axel Pawlik > > Proposal Version: 1 > > Submission Date: 24 July 2007 > > Proposal type: New > > Policy term: renewable > > Policy statement: > > Abstract > > This document describes the policy governing the allocation of > Autonomous System Numbers (ASNs) from the IANA to the Regional Internet > Registries (RIRs). > > This policy document does not stipulate performance requirements in the > provision of services by the IANA to an RIR. Such requirements will be > specified by appropriate agreements between ICANN and the Number > Resource Organization (NRO). > > 1. Allocation Principles > > IANA allocates ASNs to RIRs in blocks of 1024 ASNs. In this document the > term "ASN block" refers to a set of 1024 ASNs. Until 31 December 2009, > allocations of 2-byte only and 4-byte only ASN blocks will be made > separately and independent of each other [1]. > > This means until 31 December 2009, RIRs can receive two separate ASN > blocks, one for 2-byte only ASNs and one for 4-byte only ASNs from the > IANA under this policy. After this date, IANA and the RIRs will cease to > make any distinction between 2-byte only and 4-byte only ASNs, and will > operate ASN allocations from an undifferentiated 4-byte ASN allocation pool. > > 2. Initial Allocations > > Each new RIR will be allocated a new ASN block. > > 3. Additional Allocations > > An RIR is eligible to receive (an) additional ASN block(s) from the IANA > if one of the following conditions is met: > > 1. The RIR has assigned/allocated 80% of the previously received ASN > block, or > > 2. The number of free ASNs currently held by the RIR is less than two > months need. This projection is based on the monthly average number of > ASNs assigned/allocated by the RIR over the previous six months. > > An RIR will be allocated as many ASN blocks as are needed to support > their registration needs for the next 12 months, based on their average > assignment/allocation rate over the previous six months, unless the RIR > specifically requests fewer blocks than it qualifies for. > > 4. Announcement of IANA Allocations > > The IANA, the NRO and the RIRs will make announcements and update their > respective websites/databases when an allocation is made by the IANA to > an RIR. ICANN and the NRO will establish administrative procedures to > manage this process. > > [1. http://www.ripe.net/ripe/policies/proposals/2005-12.html] > > > Rationale: > > There are global policies governing the allocation of IPv4 and IPv6 > blocks from the IANA to RIRs. At this point there is no specific policy > regarding the allocation of Autonomous System Numbers from the IANA to > the RIRs. This proposal will create a policy to fill this gap. > > The criteria being proposed has already been the practice between IANA > and RIRs so far and it has been proven to work. It is designed to allow > RIRs to request ASN blocks from the IANA in a timely fashion and > maintain enough ASNs in holding to ensure that their registration > services can be sustained. > > It is also proposed that the RIRs be allocated as many ASN blocks as are > needed to support their registration needs for the next 12 months. This > will generally mean that each RIR will only need to make one ASN request > from the IANA each year, thus lowering operational overhead for the RIRs. > > Timetable for implementation: Immediate > > _______________________________________________ > This message sent to you through the ARIN Public Policy Mailing List > (PPML at arin.net). > Manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml > From tedm at ipinc.net Fri Jul 27 18:07:01 2007 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Fri, 27 Jul 2007 15:07:01 -0700 Subject: [ppml] Soliciting comments: IPv4 to IPv6 fast migration In-Reply-To: <1070727162736.7305B-100000@Ives.egh.com> Message-ID: >-----Original Message----- >From: John Santos [mailto:JOHN at egh.com] >Sent: Friday, July 27, 2007 1:44 PM >To: ppml at arin.net >Cc: William Herrin; Keith W. Hare; Ted Mittelstaedt >Subject: Re: [ppml] Soliciting comments: IPv4 to IPv6 fast migration > > >On Fri, 27 Jul 2007, Ted Mittelstaedt wrote: > >> >> >> >-----Original Message----- >> >From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net]On Behalf Of >> >William Herrin >> >Sent: Friday, July 27, 2007 9:14 AM >> >To: Keith W. Hare >> >Cc: ppml at arin.net >> >Subject: Re: [ppml] Soliciting comments: IPv4 to IPv6 fast migration >> > >> > >> >On 7/27/07, Keith W. Hare wrote: >> >> With some amount of push from customers and lawmakers, the telephone >> >> companies have moved from Provider Agregatable phone numbers >to Provider >> >> Independent phone numbers. >> > >> >That's a great point Keith. And here's the nasty part: because they >> >waited until the issue was forced, they had to make it fully PI, >> >individual number by individual number. They lost the option to use >> >some sort of sensible grouping strategy. >> > >> >> I think we have carried this analogy to the point of silliness. >> >> Area codes still create groups. But more importantly, the phone >> number can be an abstraction because it is only used 1 time during >> the call - at the beginning for the phone switches to setup the >> call. Once that is complete and the query into the lookup table >> that matches the PI phone number to the internal routing number used >> by the phone company is complete, the table isn't queried again. >> >> With IP traffic, to implement something similar to a PI IP address, >> you would have to have every non-edge router on the Internet make >> a query to a lookup table of some sort, and they would have to do it >> for every packet. For a VoIP phone call that might have 10,000 >> packets in the entire call that passes through the routers during >> call existence. You can't do a query for each packet. That is why >> IP is still going to require some sort of "sensible grouping" >> and why telephone numbers don't. > >Not really. The first non-edge router could look up a "physical" >IP address, cache it, and forward all packets for the "virtual" PI >address to that physical address (encapsulated with the original >virtual address still attached.) The "physical" address could be >either the current provider-provided PA address of the destination >or the address of a router "close" to the destination. If its a router >at that address it would then extract the original packet and forward >it to the (close-by) destination. None of the intermediate routers would >have to know anything about the destination PI address. The only >time you would need to do a second lookup of an established (i.e. >recently used) connection is if the cache overflowed, or the >destination physical address died, or if the destination router >decided there was a better route to the virtual destination address. > >(N.B. This encapsulation could either ipv4 or ipv6 packets and the >virtual source/destinations could also be either ipv4 or 6.) > >This is pretty much how cell phones work (where the "virtual" >10-digit phone number gets re-routed every time it changes cells), >and how number portability works for regular PSTN numbers, at >a huge degree of abstraction. > >Telephone numbers don't require grouping precisely because a lookup >like this is done at call origination time (and for cell numbers, >on the relatively rare occasions when a phone moves to a different >cell.) I'm not as familier with IP routing, but I get the impression >the routing folks are looking into exactly this sort of thing. It >would be enormously useful for things like mobile VOIP. > Once again, I think this analogy has been carried too far. Now your saying that all routers on the Internet would have to be redesigned for this analogy to work. Did the telephone network have to be completely redesigned and all phone switches replaced for PI? Ted From arin-contact at dirtside.com Fri Jul 27 19:17:36 2007 From: arin-contact at dirtside.com (William Herrin) Date: Fri, 27 Jul 2007 19:17:36 -0400 Subject: [ppml] Soliciting comments: IPv4 to IPv6 fast migration In-Reply-To: <58236.1185482997@sa.vix.com> References: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com> <3c3e3fca0707251542p5ba313f4w72457acb65fc4db5@mail.gmail.com> <77053E98-C998-4094-8970-C6213947B4A6@delong.com> <3c3e3fca0707260902o345d6127xbb3c0893912d1bc8@mail.gmail.com> <58236.1185482997@sa.vix.com> Message-ID: <3c3e3fca0707271617mc969245u40a107f57a2278e2@mail.gmail.com> Look fellas, We can't go to the entrepreneurs and small operators out there and in one moment say, "We know you're multihomed and have a direct IPv4 addresses assignment today but you're just too insignificant to play with the big boys in IPv6," then turn around in the next moment and say, "But won't you pretty please make your wonderful content available via IPv6 so that we big boys don't get screwed by IPv4 depletion." It won't work. The small operators will shake their heads at the irony of our predicament and continue ignoring IPv6. More than a few will first flip us the bird for our arrogance. In the past two months I've offered three different proposals to address this problem. If you don't like mine, lets see yours. Regards, Bill Herrin -- William D. Herrin herrin at dirtside.com bill at herrin.us 3005 Crane Dr. Web: Falls Church, VA 22042-3004 From bonomi at mail.r-bonomi.com Fri Jul 27 19:41:41 2007 From: bonomi at mail.r-bonomi.com (Robert Bonomi) Date: Fri, 27 Jul 2007 18:41:41 -0500 (CDT) Subject: [ppml] Policy Proposal 2007-15: Authentication ofLegacyResources Message-ID: <200707272341.l6RNffFI008487@s25.firmware.com> > Date: Fri, 27 Jul 2007 10:45:16 -0400 (EDT) > From: Dean Anderson > Cc: ppml at arin.net > Subject: Re: [ppml] Policy Proposal 2007-15: Authentication ofLegacyResources > > On Thu, 26 Jul 2007, Paul Vixie wrote: > > > > within a couple of years, IANA will have no more space to give ARIN > > and the other RIRs, and shortly after that moment, ARIN and the other > > RIRs will have no more space to give ISPs and LIRs. the common name > > for this is "IPv4 pool depletion" and there is no controversy or > > disagreement as to the inevitability of that depletion. > > There is no data associated with these claims. As Lord Kelvin said, > "your knowledge is of a meager and unsatisfactory kind". As a quotable being once said, "you have sense-organ cluster all jammed up ventral orifice." The raw data in question is published by ARIN, and the other RIRs, on a *DAILY* basis, and is readily available for those who know where to look for it. > Can the ARIN staff report on the past rate of delegation (in total IP > addresses and in total blocks, year by year, and the current year month > by month? Why do you think ARIN staff should do extra work for you that you apparently are incapable of reading from data they, and all the other RIRs, already publish? Why are you making requests for material that they have already prepared and published? Do you know they have _already_ prepared and PUBLISHED ot just the raw data but nice 3-d bar charts as well, for everything you asked them to 'report on'? Are you really that badly informed, or are you merely maliciously ignoring the public record in a futile attempt to confuse the matter with the 'big lie'? > Of course, everything runs out eventually. However, there are things > that we can do to prolong that time as long as possible. > > Delay in Assignment Processing of Requests > Smaller Assignments > Tougher requirements > > If ARIN (and IANA) adopt a policy of measuring the rate of delegation > against the expected depletion time at the current rate, and adjust the > above parameters so that depletion will not occur for, say, 10 years, That sounds good. but even the hand-waving you egage in below proves that depletion -will- occur. Under your 'proposal', you yourself _admit_ it will occur every year. > then we will see an exponential decreasing rate of delegation, but we > will never run out of address space. Hmmm. Like a spammer, re-defining the terminology to mean what he wants it to mean. If, _at_any_time_, people are unable to get the addresses they meet the requirements for, then one *has* 'run out' of those addresses. Regardless of whether it is 'temporarily' (in the case of a 'term quota' exceeded), or 'permanently' (in the case of 'address-space exhausted'). And, of course, everybody who has thought about the matter for more than 30 seconds has figured out that making 'smaller assignments' has absolutely *NO*EFFECT* on the rate of consumption -- that *all* it does is make the requesting party make additional requests _more_often_. "tougher requirements" is a nice-sounding smoke-screen, but it has only a very temporary and transient effect. This is because requests are already restricted to that which is necessary for a fixed forward time frame. Requiring a higher utilization factor introdues a hiccup in the rate of requests but that is all. scoreboad: out of three 'bright ideas' to prevent 'running out' of addresses, 1 introduces 'artificial' unavailability of addresses even sooner 1 has absolutely no effect 1 might 'delay the inevitable' for a few weeks to a month or two, at best that looks like "three strikes, you're out!" to me. > Certainly not in the next 20 or 30 > years, after which time we can expect that IPv6 is the preferred > protocol, and we will never run out of IPv6 space. > > No more than the expected amount of IP addresses can be assigned in a > given year. Pending requests would be delayed to the next year, and then > assigned in the next year's policy to achieve 10 year depletion. I see. You assert that running out of the 'current time-period' quota, and having no more available to assign that period is not 'running out ' of the AVAILABLE supply at that time. From bonomi at mail.r-bonomi.com Fri Jul 27 19:45:35 2007 From: bonomi at mail.r-bonomi.com (Robert Bonomi) Date: Fri, 27 Jul 2007 18:45:35 -0500 (CDT) Subject: [ppml] Soliciting comments: IPv4 to IPv6 fast migration Message-ID: <200707272345.l6RNjZ3C008527@s25.firmware.com> From sleibrand at internap.com Fri Jul 27 19:47:47 2007 From: sleibrand at internap.com (Scott Leibrand) Date: Fri, 27 Jul 2007 16:47:47 -0700 Subject: [ppml] Soliciting comments: IPv4 to IPv6 fast migration In-Reply-To: <3c3e3fca0707271617mc969245u40a107f57a2278e2@mail.gmail.com> References: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com> <3c3e3fca0707251542p5ba313f4w72457acb65fc4db5@mail.gmail.com> <77053E98-C998-4094-8970-C6213947B4A6@delong.com> <3c3e3fca0707260902o345d6127xbb3c0893912d1bc8@mail.gmail.com> <58236.1185482997@sa.vix.com> <3c3e3fca0707271617mc969245u40a107f57a2278e2@mail.gmail.com> Message-ID: <46AA8423.5060202@internap.com> William Herrin wrote: > Look fellas, > > We can't go to the entrepreneurs and small operators out there and in > one moment say, "We know you're multihomed and have a direct IPv4 > addresses assignment today but you're just too insignificant to play > with the big boys in IPv6," then turn around in the next moment and > say, "But won't you pretty please make your wonderful content > available via IPv6 so that we big boys don't get screwed by IPv4 > depletion." It won't work. The small operators will shake their heads > at the irony of our predicament and continue ignoring IPv6. More than > a few will first flip us the bird for our arrogance. > Anyone who's multihomed and has a direct IPv4 assignment from ARIN (PI space) today already qualifies for a similar IPv6 PI assignment. I'm not sure which existing policy you're referring to with your first statement, or who would need to say such a thing in the ARIN region. -Scott From bonomi at mail.r-bonomi.com Fri Jul 27 20:18:34 2007 From: bonomi at mail.r-bonomi.com (Robert Bonomi) Date: Fri, 27 Jul 2007 19:18:34 -0500 (CDT) Subject: [ppml] Soliciting comments: IPv4 to IPv6 fast migration Message-ID: <200707280018.l6S0IYYj008898@s25.firmware.com> > From ppml-bounces at arin.net Fri Jul 27 11:15:03 2007 > Date: Fri, 27 Jul 2007 12:14:27 -0400 > From: "William Herrin" > To: "Keith W. Hare" > Cc: ppml at arin.net > Subject: Re: [ppml] Soliciting comments: IPv4 to IPv6 fast migration > > On 7/27/07, Keith W. Hare wrote: > > With some amount of push from customers and lawmakers, the telephone > > companies have moved from Provider Agregatable phone numbers to Provider > > Independent phone numbers. > > That's a great point Keith. And here's the nasty part: because they > waited until the issue was forced, they had to make it fully PI, > individual number by individual number. They lost the option to use > some sort of sensible grouping strategy. When provider assigments to end users are individual numbers, there is _NO_OTHER_ way to implement 'portability'. For some strange reason, it is't real portability if it is "you can take your number with you to the new phone company, but -only- if you can convince the 9 other people in your 'group' to move to that company at the same time. It is also worth noting that 'bigger' telephony customers "didn't give a hoot" about number portability -- their primary expense is -outgoing- calls, for which 'stability' of the originating number doesn't matter. It is 'trivial' to leave the 'public' incoming number with one phone company, while making outgoing calls through a different phone company. *IF* you have more than a few lines, that is. And, if you have your own PBX you have 'nat' built in, so 'renumbering' outgoing lines is a 'non-issue'. It was the -little- users -- equivalent to a /30 or maybe a /29 -- that drove the telco PI situation. From stephen at sprunk.org Fri Jul 27 21:26:36 2007 From: stephen at sprunk.org (Stephen Sprunk) Date: Fri, 27 Jul 2007 20:26:36 -0500 Subject: [ppml] Soliciting comments: IPv4 to IPv6 fast migration References: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com> <3c3e3fca0707251542p5ba313f4w72457acb65fc4db5@mail.gmail.com> <77053E98-C998-4094-8970-C6213947B4A6@delong.com> <3c3e3fca0707260902o345d6127xbb3c0893912d1bc8@mail.gmail.com> <58236.1185482997@sa.vix.com><3c3e3fca0707271617mc969245u40a107f57a2278e2@mail.gmail.com> <46AA8423.5060202@internap.com> Message-ID: <019901c7d0b6$852a84d0$6701a8c0@atlanta.polycom.com> Thus spake "Scott Leibrand" > William Herrin wrote: >> We can't go to the entrepreneurs and small operators out there >> and in one moment say, "We know you're multihomed and have >> a direct IPv4 addresses assignment today but you're just too >> insignificant to play with the big boys in IPv6," then turn around >> in the next moment and say, "But won't you pretty please make >> your wonderful content available via IPv6 so that we big boys >> don't get screwed by IPv4 depletion." It won't work. The small >> operators will shake their heads at the irony of our predicament >> and continue ignoring IPv6. More than a few will first flip us the >> bird for our arrogance. > > Anyone who's multihomed and has a direct IPv4 assignment from > ARIN (PI space) today already qualifies for a similar IPv6 PI > assignment. I'm not sure which existing policy you're referring to > with your first statement, or who would need to say such a thing > in the ARIN region. That's the case for anyone who (a) got their PI block from ARIN, as opposed to legacy space, and (b) would still qualify for that block if they were to apply for it today. However, I think the number of folks that have PIv4 space (legacy or not) but wouldn't qualify for a new minimum-sized block is fairly small. And, for that matter, most of us wouldn't miss them if they refused to move to v6 because of it, or our users wouldn't notice that they were passing through some sort of proxy or NAT-PT device to get to them (if we couldn't just ignore them). I'm far more worried about getting Google, eBay, MySpace, CNN, etc. on v6 than I am the small folks, because the small folks are depending on the big boys to get vendors to make their products v6 capable. S Stephen Sprunk "Those people who think they know everything CCIE #3723 are a great annoyance to those of us who do." K5SSS --Isaac Asimov From arin-contact at dirtside.com Fri Jul 27 21:31:01 2007 From: arin-contact at dirtside.com (William Herrin) Date: Fri, 27 Jul 2007 21:31:01 -0400 Subject: [ppml] Soliciting comments: IPv4 to IPv6 fast migration In-Reply-To: <200707280018.l6S0IYYj008898@s25.firmware.com> References: <200707280018.l6S0IYYj008898@s25.firmware.com> Message-ID: <3c3e3fca0707271831p828083ah9b4f1b8ac41c3cbb@mail.gmail.com> On 7/27/07, Robert Bonomi wrote: > > That's a great point Keith. And here's the nasty part: because they > > waited until the issue was forced, they had to make it fully PI, > > individual number by individual number. They lost the option to use > > some sort of sensible grouping strategy. > > When provider assigments to end users are individual numbers, there > is _NO_OTHER_ way to implement 'portability'. Robert, DID assignments aren't all individual numbers, Robert. The folks I work for have hundreds of direct inward dial numbers (i.e. phone numbers) assigned to their set of four PRIs. Had the telcos started early they could have grouped those numbers and required all of them to be moved or none. Instead... > It was the -little- users -- equivalent to a /30 or maybe a /29 -- that > drove the telco PI situation. And with the government's weight behind them, they forced the process down the telco's throats so that now telcos have to implement number-by-number portability not just for the little guys but for the big accounts too. There's a lesson there for anyone who would overreach in their efforts to keep the DFZ small. Regards, Bill Herrin -- William D. Herrin herrin at dirtside.com bill at herrin.us 3005 Crane Dr. Web: Falls Church, VA 22042-3004 From arin-contact at dirtside.com Fri Jul 27 21:32:51 2007 From: arin-contact at dirtside.com (William Herrin) Date: Fri, 27 Jul 2007 21:32:51 -0400 Subject: [ppml] Soliciting comments: IPv4 to IPv6 fast migration In-Reply-To: <46AA8423.5060202@internap.com> References: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com> <3c3e3fca0707251542p5ba313f4w72457acb65fc4db5@mail.gmail.com> <77053E98-C998-4094-8970-C6213947B4A6@delong.com> <3c3e3fca0707260902o345d6127xbb3c0893912d1bc8@mail.gmail.com> <58236.1185482997@sa.vix.com> <3c3e3fca0707271617mc969245u40a107f57a2278e2@mail.gmail.com> <46AA8423.5060202@internap.com> Message-ID: <3c3e3fca0707271832y749f09ccw38ddf7b7a4f3d435@mail.gmail.com> On 7/27/07, Scott Leibrand wrote: > Anyone who's multihomed and has a direct IPv4 assignment from ARIN (PI > space) today already qualifies for a similar IPv6 PI assignment. I'm > not sure which existing policy you're referring to with your first > statement, or who would need to say such a thing in the ARIN region. Scott, Here's the relevant policy, emphasis mine: http://www.arin.net/policy/nrpm.html 6.5.8.1: To qualify for a direct [IPv6] assignment, an organization must [...] qualify for an IPv4 assignment or allocation from ARIN under the IPv4 policy CURRENTLY IN EFFECT. I wish that sentence was, "... must have qualified for and received an IPv4 assignment or allocation managed by ARIN." The difference excludes thousands of organizations in good standing with resources under ARIN's management, including mine. I hold a multihomed /23 under ARIN's management. The contacts are up to date and its all in good standing. I DO NOT qualify for the minimum /22 assignment under the policy currently in effect. Therefore I DO NOT qualify for an IPv6 end-user assignment. Regards, Bill Herrin -- William D. Herrin herrin at dirtside.com bill at herrin.us 3005 Crane Dr. Web: Falls Church, VA 22042-3004 From sleibrand at internap.com Fri Jul 27 22:06:59 2007 From: sleibrand at internap.com (Scott Leibrand) Date: Fri, 27 Jul 2007 19:06:59 -0700 Subject: [ppml] Soliciting comments: IPv4 to IPv6 fast migration In-Reply-To: <3c3e3fca0707271832y749f09ccw38ddf7b7a4f3d435@mail.gmail.com> References: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com> <3c3e3fca0707251542p5ba313f4w72457acb65fc4db5@mail.gmail.com> <77053E98-C998-4094-8970-C6213947B4A6@delong.com> <3c3e3fca0707260902o345d6127xbb3c0893912d1bc8@mail.gmail.com> <58236.1185482997@sa.vix.com> <3c3e3fca0707271617mc969245u40a107f57a2278e2@mail.gmail.com> <46AA8423.5060202@internap.com> <3c3e3fca0707271832y749f09ccw38ddf7b7a4f3d435@mail.gmail.com> Message-ID: <46AAA4C3.3050103@internap.com> William Herrin wrote: > Scott, > Here's the relevant policy, emphasis mine: > > http://www.arin.net/policy/nrpm.html > > 6.5.8.1: To qualify for a direct [IPv6] assignment, an > organization must [...] qualify for an IPv4 assignment > or allocation from ARIN under the IPv4 policy CURRENTLY > IN EFFECT. > > I wish that sentence was, "... must have qualified for and received an > IPv4 assignment or allocation managed by ARIN." The difference > excludes thousands of organizations in good standing with resources > under ARIN's management, including mine. > > I hold a multihomed /23 under ARIN's management. The contacts are up > to date and its all in good standing. I DO NOT qualify for the minimum > /22 assignment under the policy currently in effect. Therefore I DO > NOT qualify for an IPv6 end-user assignment. > Ah, ok. I wouldn't mind rephrasing that portion of 6.5.8.1 to read "qualify for an IPv4 assignment or allocation from ARIN under the IPv4 policy currently in effect, or have qualified for, received, and continue to efficiently utilize an IPv4 assignment or allocation from ARIN." Would that qualify you for IPv6 PI? And, out of curiosity, when/how did you get a directly assigned /23? Did you have to qualify for it under rules similar to the rules currently in place for PI /22's? Have you been able to maintain efficient utilization by ARIN's current standards? -Scott From arin-contact at dirtside.com Fri Jul 27 22:28:16 2007 From: arin-contact at dirtside.com (William Herrin) Date: Fri, 27 Jul 2007 22:28:16 -0400 Subject: [ppml] Soliciting comments: IPv4 to IPv6 fast migration In-Reply-To: <019901c7d0b6$852a84d0$6701a8c0@atlanta.polycom.com> References: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com> <3c3e3fca0707251542p5ba313f4w72457acb65fc4db5@mail.gmail.com> <77053E98-C998-4094-8970-C6213947B4A6@delong.com> <3c3e3fca0707260902o345d6127xbb3c0893912d1bc8@mail.gmail.com> <58236.1185482997@sa.vix.com> <3c3e3fca0707271617mc969245u40a107f57a2278e2@mail.gmail.com> <46AA8423.5060202@internap.com> <019901c7d0b6$852a84d0$6701a8c0@atlanta.polycom.com> Message-ID: <3c3e3fca0707271928v19e03a5bl74ca686aa00598d6@mail.gmail.com> On 7/27/07, Stephen Sprunk wrote: > However, I think the number of folks that have PIv4 space (legacy or not) > but wouldn't qualify for a new minimum-sized block is fairly small. And, > for that matter, most of us wouldn't miss them [...] > I'm far more worried about getting Google, eBay, MySpace, > CNN, etc. on v6 than I am the small folks Stephen, That's an interesting take on the problem. As I mentioned, I run a small multihomed network. I suspect you've visited one of my web sites; most people have. But that's not my day job. In my day job I'm the lead networking manager at a $400M organization whose name would be right at home among the ones you listed. So riddle me this: after disrespecting me on my little network, how exactly were you planning to convince me to push IPv6 deployment on the big one? Of course, I'm probably unique. I'm sure none of Google's senior network staff holds a legacy IPv4 assignment. Regards, Bill Herrin -- William D. Herrin herrin at dirtside.com bill at herrin.us 3005 Crane Dr. Web: Falls Church, VA 22042-3004 From arin-contact at dirtside.com Fri Jul 27 22:44:40 2007 From: arin-contact at dirtside.com (William Herrin) Date: Fri, 27 Jul 2007 22:44:40 -0400 Subject: [ppml] Soliciting comments: IPv4 to IPv6 fast migration In-Reply-To: <46AAA4C3.3050103@internap.com> References: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com> <3c3e3fca0707251542p5ba313f4w72457acb65fc4db5@mail.gmail.com> <77053E98-C998-4094-8970-C6213947B4A6@delong.com> <3c3e3fca0707260902o345d6127xbb3c0893912d1bc8@mail.gmail.com> <58236.1185482997@sa.vix.com> <3c3e3fca0707271617mc969245u40a107f57a2278e2@mail.gmail.com> <46AA8423.5060202@internap.com> <3c3e3fca0707271832y749f09ccw38ddf7b7a4f3d435@mail.gmail.com> <46AAA4C3.3050103@internap.com> Message-ID: <3c3e3fca0707271944v6fca3ccel68547b6067a34a9c@mail.gmail.com> On 7/27/07, Scott Leibrand wrote: > Ah, ok. I wouldn't mind rephrasing that portion of 6.5.8.1 to read > "qualify for an IPv4 assignment or allocation from ARIN under the IPv4 > policy currently in effect, or have qualified for, received, and > continue to efficiently utilize an IPv4 assignment or allocation from ARIN." > > Would that qualify you for IPv6 PI? Scott, I could probably make a case for it. And if I couldn't, it wouldn't kill me to renumber into a /24 as part of the whole process. > And, out of curiosity, when/how did you get a directly assigned /23? I got it the same way everybody else did: I got it before there was an ARIN. Regards, Bill Herrin -- William D. Herrin herrin at dirtside.com bill at herrin.us 3005 Crane Dr. Web: Falls Church, VA 22042-3004 From sleibrand at internap.com Fri Jul 27 23:14:08 2007 From: sleibrand at internap.com (Scott Leibrand) Date: Fri, 27 Jul 2007 20:14:08 -0700 Subject: [ppml] PIv6 for legacy holders (/w RSA + efficient use) In-Reply-To: <3c3e3fca0707271944v6fca3ccel68547b6067a34a9c@mail.gmail.com> References: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com> <3c3e3fca0707251542p5ba313f4w72457acb65fc4db5@mail.gmail.com> <77053E98-C998-4094-8970-C6213947B4A6@delong.com> <3c3e3fca0707260902o345d6127xbb3c0893912d1bc8@mail.gmail.com> <58236.1185482997@sa.vix.com> <3c3e3fca0707271617mc969245u40a107f57a2278e2@mail.gmail.com> <46AA8423.5060202@internap.com> <3c3e3fca0707271832y749f09ccw38ddf7b7a4f3d435@mail.gmail.com> <46AAA4C3.3050103@internap.com> <3c3e3fca0707271944v6fca3ccel68547b6067a34a9c@mail.gmail.com> Message-ID: <46AAB480.6020400@internap.com> William Herrin wrote: > On 7/27/07, Scott Leibrand wrote: > >> Ah, ok. I wouldn't mind rephrasing that portion of 6.5.8.1 to read >> "qualify for an IPv4 assignment or allocation from ARIN under the IPv4 >> policy currently in effect, or have qualified for, received, and >> continue to efficiently utilize an IPv4 assignment or allocation from ARIN." >> >> Would that qualify you for IPv6 PI? >> > > Scott, > > I could probably make a case for it. And if I couldn't, it wouldn't > kill me to renumber into a /24 as part of the whole process. > I think you just identified a missing carrot. What if we make a policy proposal along these lines: Any holder of a direct IPv4 assignment/allocation (including pre-ARIN assignments) who would like IPv6 PI space, but doesn't qualify under 6.5.8.1 today, could get an IPv6 PI /48 by signing an RSA (if they haven't already done so), and demonstrating efficient usage of their IPv4 space. The actual policy changes could be as simple as updating the wording in 6.5.8.1 to read "qualify for an IPv4 assignment or allocation from ARIN under the IPv4 policy currently in effect, or demonstrate efficient utilization of a direct IPv4 assignment or allocation covered by a current ARIN RSA." Would you support such a policy proposal? Do you think it would provide a useful means for legacy holders to migrate to IPv6? Do you think the requirements are reasonable enough that legacy holders like yourself would take ARIN up on the offer? Would you/they be willing to sign an RSA and demonstrate efficient utilization of existing space (or renumber and return unused space) in order to get provider independence in IPv6? -Scott From peter at boku.net Fri Jul 27 23:21:49 2007 From: peter at boku.net (Peter A Eisch) Date: Fri, 27 Jul 2007 22:21:49 -0500 (CDT) Subject: [ppml] Soliciting comments: IPv4 to IPv6 fast migration In-Reply-To: <3c3e3fca0707271832y749f09ccw38ddf7b7a4f3d435@mail.gmail.com> Message-ID: On Fri, 27 Jul 2007, William Herrin wrote: > On 7/27/07, Scott Leibrand wrote: > > Anyone who's multihomed and has a direct IPv4 assignment from ARIN (PI > > space) today already qualifies for a similar IPv6 PI assignment. I'm > > not sure which existing policy you're referring to with your first > > statement, or who would need to say such a thing in the ARIN region. > > Scott, > > Here's the relevant policy, emphasis mine: > > http://www.arin.net/policy/nrpm.html > > 6.5.8.1: To qualify for a direct [IPv6] assignment, an > organization must [...] qualify for an IPv4 assignment > or allocation from ARIN under the IPv4 policy CURRENTLY > IN EFFECT. > > I wish that sentence was, "... must have qualified for and received an > IPv4 assignment or allocation managed by ARIN." The difference > excludes thousands of organizations in good standing with resources > under ARIN's management, including mine. As with my situation: I'm legacy, multi-homed /24 and I don't need/want anymore IPv4 space. I can't get an IPv6 assignment from ARIN under the current policy. (I've tried and been rejected.) This further disincents not just me but likely others to even consider IPv6. ...but maybe that's by design. I guess it's time to unfold the hosted domains onto discreet subnets to generate a synthetic need for more IPv4 and play the game by the rules. peter From arin-contact at dirtside.com Fri Jul 27 23:59:10 2007 From: arin-contact at dirtside.com (William Herrin) Date: Fri, 27 Jul 2007 23:59:10 -0400 Subject: [ppml] PIv6 for legacy holders (/w RSA + efficient use) In-Reply-To: <46AAB480.6020400@internap.com> References: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com> <3c3e3fca0707260902o345d6127xbb3c0893912d1bc8@mail.gmail.com> <58236.1185482997@sa.vix.com> <3c3e3fca0707271617mc969245u40a107f57a2278e2@mail.gmail.com> <46AA8423.5060202@internap.com> <3c3e3fca0707271832y749f09ccw38ddf7b7a4f3d435@mail.gmail.com> <46AAA4C3.3050103@internap.com> <3c3e3fca0707271944v6fca3ccel68547b6067a34a9c@mail.gmail.com> <46AAB480.6020400@internap.com> Message-ID: <3c3e3fca0707272059j61ca793aid7b02cd611d0e883@mail.gmail.com> On 7/27/07, Scott Leibrand wrote: > I think you just identified a missing carrot. What if we make a policy > proposal along these lines: > > Any holder of a direct IPv4 assignment/allocation (including pre-ARIN > assignments) who would like IPv6 PI space, but doesn't qualify under > 6.5.8.1 today, could get an IPv6 PI /48 by signing an RSA (if they > haven't already done so), and demonstrating efficient usage of their > IPv4 space. > > The actual policy changes could be as simple as updating the wording in > 6.5.8.1 to read "qualify for an IPv4 assignment or allocation from ARIN > under the IPv4 policy currently in effect, or demonstrate efficient > utilization of a direct IPv4 assignment or allocation covered by a > current ARIN RSA." > > Would you support such a policy proposal? Yes. > Do you think it would provide > a useful means for legacy holders to migrate to IPv6? I do. > Do you think the > requirements are reasonable enough that legacy holders like yourself > would take ARIN up on the offer? I honestly don't know. But if they're not even willing to sign an RSA, how important can IPv6 PI space really be to them? I'm sure the network operators won't miss the extra routes. > Would you/they be willing to sign an > RSA and demonstrate efficient utilization of existing space (or renumber > and return unused space) in order to get provider independence in IPv6? In a heartbeat. I can see the writing on the wall. It may be sooner, it may be later but IPv6 is the way things are going to be. Those requirements won't break me, and if that's what it takes to buy my way into the club then so be it. Regards, Bill Herrin -- William D. Herrin herrin at dirtside.com bill at herrin.us 3005 Crane Dr. Web: Falls Church, VA 22042-3004 From owen at delong.com Sat Jul 28 01:42:13 2007 From: owen at delong.com (Owen DeLong) Date: Fri, 27 Jul 2007 22:42:13 -0700 Subject: [ppml] Soliciting comments: IPv4 to IPv6 fast migration In-Reply-To: <3c3e3fca0707271617mc969245u40a107f57a2278e2@mail.gmail.com> References: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com> <3c3e3fca0707251542p5ba313f4w72457acb65fc4db5@mail.gmail.com> <77053E98-C998-4094-8970-C6213947B4A6@delong.com> <3c3e3fca0707260902o345d6127xbb3c0893912d1bc8@mail.gmail.com> <58236.1185482997@sa.vix.com> <3c3e3fca0707271617mc969245u40a107f57a2278e2@mail.gmail.com> Message-ID: <104B5538-E362-4D65-B487-1445639E5C3F@delong.com> On Jul 27, 2007, at 4:17 PM, William Herrin wrote: > Look fellas, > > We can't go to the entrepreneurs and small operators out there and in > one moment say, "We know you're multihomed and have a direct IPv4 > addresses assignment today but you're just too insignificant to play > with the big boys in IPv6," then turn around in the next moment and > say, "But won't you pretty please make your wonderful content > available via IPv6 so that we big boys don't get screwed by IPv4 > depletion." It won't work. The small operators will shake their heads > at the irony of our predicament and continue ignoring IPv6. More than > a few will first flip us the bird for our arrogance. > If you are multihomed and qualify for a direct IPv4 assignment today, then, in ARIN region, you qualify for a direct IPv6 PI assignment. I'm pretty sure I've got this right since it is the result of Policy proposal 2005-1. Owen From mysidia at gmail.com Sat Jul 28 09:22:59 2007 From: mysidia at gmail.com (James Hess) Date: Sat, 28 Jul 2007 08:22:59 -0500 Subject: [ppml] PIv6 for legacy holders (/w RSA + efficient use) In-Reply-To: <46AAB480.6020400@internap.com> References: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com> <3c3e3fca0707260902o345d6127xbb3c0893912d1bc8@mail.gmail.com> <58236.1185482997@sa.vix.com> <3c3e3fca0707271617mc969245u40a107f57a2278e2@mail.gmail.com> <46AA8423.5060202@internap.com> <3c3e3fca0707271832y749f09ccw38ddf7b7a4f3d435@mail.gmail.com> <46AAA4C3.3050103@internap.com> <3c3e3fca0707271944v6fca3ccel68547b6067a34a9c@mail.gmail.com> <46AAB480.6020400@internap.com> Message-ID: <6eb799ab0707280622o313680b7gc639fa2bade0fd5f@mail.gmail.com> > The actual policy changes could be as simple as updating the wording in > 6.5.8.1 to read "qualify for an IPv4 assignment or allocation from ARIN > under the IPv4 policy currently in effect, or demonstrate efficient > utilization of a direct IPv4 assignment or allocation covered by a > current ARIN RSA." > > Would you support such a policy proposal? Do you think it would provide > a useful means for legacy holders to migrate to IPv6? Do you think the > requirements are reasonable enough that legacy holders like yourself > would take ARIN up on the offer? Would you/they be willing to sign an > RSA and demonstrate efficient utilization of existing space (or renumber > and return unused space) in order to get provider independence in IPv6? The proposal is a good idea in that it COULD help some legacy holders to be more open to ipv6 migration, and sign up in the process. I suggest the legacy holders that are most likely to naturally want to migrate are ones that _need more_ address space, after it is exhausted, and have little choice but to take up the offer. This doesn't seem like a carrot for the legacy holders that have plenty of address space for for the next 20 years. Having policy provide options like this doesn't hurt, but not likely to make such legacy assignees suddenly have any reason to migrate, unless they already want V6 space it's not a carrot for them. Assume there is eventual widespread migration to V6, then V4 assignees start getting left out and can't communicate with with an increasingly large part of the world moving to V6. Well, at that point, there is no reason ARIN should provide them an extra carrot. Legacy assignee at that point will have every reason to apply for V6 space and sign a RSA; Since moving to IPv6 will have become a necessity at that point: I think ARIN should not give them extra incentives just for having been assigned legacy V4 space. I.E. Set a deadline on any extra "carrots" for V4 legacy holders to sign the RSA and get V6 space to automatically expire say some time around 2010, when V6 will have become a necessity. Such deadline should in the future be adjusted (moved earlier or later), depending on V6 adoption. If legacy assignees hold out too long to take up the offer to get V6 space in addition to the V4 space and an RSA, let them eventually lose the special opportunity, and be subject to the same requirements as any other org applying to hold V6 space, including signing a RSA for any V4 blocks they may hold, and doing any internal renumbering and returning of blocks required in order to be efficiently utilizing the V4 space. So yes, you have a carrot, provided V6 is ever adopted. If the carrot is left open forever without expiration, the legacy assignee has no impetus to act "now" rather than later, however, seeing as V6 isn't even particularly usable yet. -- -J From arin-contact at dirtside.com Sat Jul 28 10:27:21 2007 From: arin-contact at dirtside.com (William Herrin) Date: Sat, 28 Jul 2007 10:27:21 -0400 Subject: [ppml] PIv6 for legacy holders (/w RSA + efficient use) In-Reply-To: <6eb799ab0707280622o313680b7gc639fa2bade0fd5f@mail.gmail.com> References: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com> <58236.1185482997@sa.vix.com> <3c3e3fca0707271617mc969245u40a107f57a2278e2@mail.gmail.com> <46AA8423.5060202@internap.com> <3c3e3fca0707271832y749f09ccw38ddf7b7a4f3d435@mail.gmail.com> <46AAA4C3.3050103@internap.com> <3c3e3fca0707271944v6fca3ccel68547b6067a34a9c@mail.gmail.com> <46AAB480.6020400@internap.com> <6eb799ab0707280622o313680b7gc639fa2bade0fd5f@mail.gmail.com> Message-ID: <3c3e3fca0707280727x333c3193yead6bd7fa70234d5@mail.gmail.com> On 7/28/07, James Hess wrote: > I.E. Set a deadline on any extra "carrots" for V4 legacy holders to > sign the RSA > and get V6 space to automatically expire say some time around 2010, when V6 > will have become a necessity. James, I concur. The primary value to the exercise lies in convincing IPv4 registrants to deploy IPv6 prior to IPv4 depletion. If they're unwilling to do that for the community's sake then the community should afford them no extra privilege. Regards, Bill Herrin -- William D. Herrin herrin at dirtside.com bill at herrin.us 3005 Crane Dr. Web: Falls Church, VA 22042-3004 From randy at psg.com Sat Jul 28 11:49:25 2007 From: randy at psg.com (Randy Bush) Date: Sat, 28 Jul 2007 08:49:25 -0700 Subject: [ppml] PIv6 for legacy holders (/w RSA + efficient use) In-Reply-To: <6eb799ab0707280622o313680b7gc639fa2bade0fd5f@mail.gmail.com> References: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com> <3c3e3fca0707260902o345d6127xbb3c0893912d1bc8@mail.gmail.com> <58236.1185482997@sa.vix.com> <3c3e3fca0707271617mc969245u40a107f57a2278e2@mail.gmail.com> <46AA8423.5060202@internap.com> <3c3e3fca0707271832y749f09ccw38ddf7b7a4f3d435@mail.gmail.com> <46AAA4C3.3050103@internap.com> <3c3e3fca0707271944v6fca3ccel68547b6067a34a9c@mail.gmail.com> <46AAB480.6020400@internap.com> <6eb799ab0707280622o313680b7gc639fa2bade0fd5f@mail.gmail.com> Message-ID: <46AB6585.7080900@psg.com> > Having policy provide options like this doesn't hurt, but not likely > to make such legacy assignees suddenly have any reason to migrate, > unless they already want V6 space it's not a carrot for them. and it is our job to use policy to 'make' anyone migrate why? randy From randy at psg.com Sat Jul 28 11:50:33 2007 From: randy at psg.com (Randy Bush) Date: Sat, 28 Jul 2007 08:50:33 -0700 Subject: [ppml] PIv6 for legacy holders (/w RSA + efficient use) In-Reply-To: <3c3e3fca0707280727x333c3193yead6bd7fa70234d5@mail.gmail.com> References: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com> <58236.1185482997@sa.vix.com> <3c3e3fca0707271617mc969245u40a107f57a2278e2@mail.gmail.com> <46AA8423.5060202@internap.com> <3c3e3fca0707271832y749f09ccw38ddf7b7a4f3d435@mail.gmail.com> <46AAA4C3.3050103@internap.com> <3c3e3fca0707271944v6fca3ccel68547b6067a34a9c@mail.gmail.com> <46AAB480.6020400@internap.com> <6eb799ab0707280622o313680b7gc639fa2bade0fd5f@mail.gmail.com> <3c3e3fca0707280727x333c3193yead6bd7fa70234d5@mail.gmail.com> Message-ID: <46AB65C9.3000809@psg.com> > I concur. The primary value to the exercise lies in convincing IPv4 > registrants to deploy IPv6 prior to IPv4 depletion. if they are not asking for more ipv4 space, this is to the community's advantage, why? randy From sleibrand at internap.com Sat Jul 28 11:56:50 2007 From: sleibrand at internap.com (Scott Leibrand) Date: Sat, 28 Jul 2007 08:56:50 -0700 Subject: [ppml] PIv6 for legacy holders (/w RSA + efficient use) In-Reply-To: <46AB6585.7080900@psg.com> References: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com> <3c3e3fca0707260902o345d6127xbb3c0893912d1bc8@mail.gmail.com> <58236.1185482997@sa.vix.com> <3c3e3fca0707271617mc969245u40a107f57a2278e2@mail.gmail.com> <46AA8423.5060202@internap.com> <3c3e3fca0707271832y749f09ccw38ddf7b7a4f3d435@mail.gmail.com> <46AAA4C3.3050103@internap.com> <3c3e3fca0707271944v6fca3ccel68547b6067a34a9c@mail.gmail.com> <46AAB480.6020400@internap.com> <6eb799ab0707280622o313680b7gc639fa2bade0fd5f@mail.gmail.com> <46AB6585.7080900@psg.com> Message-ID: <46AB6742.9000105@internap.com> Randy Bush wrote: [James Hess] >> Having policy provide options like this doesn't hurt, but not likely >> to make such legacy assignees suddenly have any reason to migrate, >> unless they already want V6 space it's not a carrot for them. >> > > and it is our job to use policy to 'make' anyone migrate why? > > randy I don't think we can or should "make" anyone migrate to IPv6, but I think we should reduce or eliminate barriers to doing so where prudent. Would you support a PIv6 for legacy holders (/w RSA + efficient use) policy proposal? Thanks, Scott From mysidia at gmail.com Sat Jul 28 13:47:15 2007 From: mysidia at gmail.com (James Hess) Date: Sat, 28 Jul 2007 12:47:15 -0500 Subject: [ppml] PIv6 for legacy holders (/w RSA + efficient use) In-Reply-To: <46AB6585.7080900@psg.com> References: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com> <58236.1185482997@sa.vix.com> <3c3e3fca0707271617mc969245u40a107f57a2278e2@mail.gmail.com> <46AA8423.5060202@internap.com> <3c3e3fca0707271832y749f09ccw38ddf7b7a4f3d435@mail.gmail.com> <46AAA4C3.3050103@internap.com> <3c3e3fca0707271944v6fca3ccel68547b6067a34a9c@mail.gmail.com> <46AAB480.6020400@internap.com> <6eb799ab0707280622o313680b7gc639fa2bade0fd5f@mail.gmail.com> <46AB6585.7080900@psg.com> Message-ID: <6eb799ab0707281047l71652f57n9f75737c2bef054f@mail.gmail.com> On 7/28/07, Randy Bush wrote: > > Having policy provide options like this doesn't hurt, but not likely > > to make such legacy assignees suddenly have any reason to migrate, > > unless they already want V6 space it's not a carrot for them. > > and it is our job to use policy to 'make' anyone migrate why? The technical decision for each network, whether it migrates is up to that network. However, as a steward of addresses, ARIN should be encouraging users to drink from some well other than the one that is about to run dry. V6 is the only other well, and right now it's underutilized, because most networks use V4 addresses instead of V6 addresses. For any network that migrates to V6, fewer V4 addresses should eventually be needed, now, and more V4 addresses would then be freed up for V6 users who have a need to operate V6<->V4 gateways so that V4 users can continue to reach their key public services after they have migrated to V6. It makes sense to offer incentives to spur migration now, but not excessive incentives (like prolonging "legacy status" to V6). I think it won't be justifiable to offer incentives, once enough major migration to V6 happens: the incentive becomes continued interoperability with the rest of the world. -- -J From dean at av8.com Sat Jul 28 13:50:20 2007 From: dean at av8.com (Dean Anderson) Date: Sat, 28 Jul 2007 13:50:20 -0400 (EDT) Subject: [ppml] Legacy users and ARIN duties In-Reply-To: <75417.1185549171@sa.vix.com> Message-ID: On Fri, 27 Jul 2007, Paul Vixie wrote: > > If there is really going to be an IPv6 Internet "real soon now" why the hell > > does anybody care about getting fees/RSAs from the legacy holders of IPv4 > > address space after all these years. > > because ARIN is a steward of this public resource. A steward does not blindly run out of resources. Oil companies also have to manage limited resources. As the prospects dry up, the price goes up. I'm not buying the 'public resource steward' assertions. A steward has to account for all the resources. Those not not yet used, there are several different kinds of ARIN legacies, the NSI legacies, and the SRI legacies. If address space is a problem, the very _first_ thing that should happen is to slow down the assignment of new resources. In contrast, ARIN is _accelerating_ the delegation process. I'm a little dubious of this combination. The conjuction has a lot in common with the effects of people trying to hoard up the remaining space, and people at ARIN helping them do so. > some of us who think that legacy space should be subject to regulation > don't want to take it away, we just don't want it floating around > loose during what promises to be a very interesting, and inevitable, > transition to IPv6. Huh??? Legacy space "floating around loose"??? What the hxxl does that mean? The transition will be a lot more "interesting" if ARIN blindly just allocates space until it is all gone one day. "Stewards" are expected to avoid abrupt changes. The sliding 10 year plan I outlined eases these effects to well past the time where IPv6 should be dominant and preferred. I'm glad you brought up Enron. The Enron Board had to give back a lot of money for their mismanagement. Bechtel just returned a Billion dollars to Boston/MA/Feds for their BigDig engineering and construction failures. I think an abrupt 'oops we're out of space' is going to result in some very definite legal challenges to ARIN and its management. --Dean > _______________________________________________ > This message sent to you through the ARIN Public Policy Mailing List > (PPML at arin.net). > Manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml > > -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000 From dean at av8.com Sat Jul 28 13:52:32 2007 From: dean at av8.com (Dean Anderson) Date: Sat, 28 Jul 2007 13:52:32 -0400 (EDT) Subject: [ppml] Policy Proposal 2007-15: Authentication ofLegacyResources In-Reply-To: <200707272341.l6RNffFI008487@s25.firmware.com> Message-ID: On Fri, 27 Jul 2007, Robert Bonomi wrote: Seems like a lot of drivel without a link to reference any raw data. > As a quotable being once said, "you have sense-organ cluster all jammed up > ventral orifice." > > The raw data in question is published by ARIN, and the other RIRs, on a > *DAILY* basis, and is readily available for those who know where to look for it. > > > Can the ARIN staff report on the past rate of delegation (in total IP > > addresses and in total blocks, year by year, and the current year month > > by month? > > Why do you think ARIN staff should do extra work for you that you apparently > are incapable of reading from data they, and all the other RIRs, already > publish? > > Why are you making requests for material that they have already prepared > and published? > > Do you know they have _already_ prepared and PUBLISHED ot just the raw data > but nice 3-d bar charts as well, for everything you asked them to 'report on'? > > Are you really that badly informed, or are you merely maliciously ignoring > the public record in a futile attempt to confuse the matter with the 'big > lie'? > > > Of course, everything runs out eventually. However, there are things > > that we can do to prolong that time as long as possible. > > > > Delay in Assignment Processing of Requests > > Smaller Assignments > > Tougher requirements > > > > If ARIN (and IANA) adopt a policy of measuring the rate of delegation > > against the expected depletion time at the current rate, and adjust the > > above parameters so that depletion will not occur for, say, 10 years, > > That sounds good. but even the hand-waving you egage in below proves that > depletion -will- occur. Under your 'proposal', you yourself _admit_ it > will occur every year. > > > then we will see an exponential decreasing rate of delegation, but we > > will never run out of address space. > > Hmmm. Like a spammer, re-defining the terminology to mean what he wants it > to mean. > > If, _at_any_time_, people are unable to get the addresses they meet the > requirements for, then one *has* 'run out' of those addresses. Regardless > of whether it is 'temporarily' (in the case of a 'term quota' exceeded), or > 'permanently' (in the case of 'address-space exhausted'). > > And, of course, everybody who has thought about the matter for more than > 30 seconds has figured out that making 'smaller assignments' has absolutely > *NO*EFFECT* on the rate of consumption -- that *all* it does is make the > requesting party make additional requests _more_often_. > > "tougher requirements" is a nice-sounding smoke-screen, but it has only a > very temporary and transient effect. This is because requests are already > restricted to that which is necessary for a fixed forward time frame. > Requiring a higher utilization factor introdues a hiccup in the rate of > requests but that is all. > > scoreboad: > out of three 'bright ideas' to prevent 'running out' of addresses, > > 1 introduces 'artificial' unavailability of addresses even sooner > 1 has absolutely no effect > 1 might 'delay the inevitable' for a few weeks to a month or two, at best > > that looks like "three strikes, you're out!" to me. > > > Certainly not in the next 20 or 30 > > years, after which time we can expect that IPv6 is the preferred > > protocol, and we will never run out of IPv6 space. > > > > No more than the expected amount of IP addresses can be assigned in a > > given year. Pending requests would be delayed to the next year, and then > > assigned in the next year's policy to achieve 10 year depletion. > > I see. You assert that running out of the 'current time-period' quota, and > having no more available to assign that period is not 'running out ' of the > AVAILABLE supply at that time. > > > > _______________________________________________ > This message sent to you through the ARIN Public Policy Mailing List > (PPML at arin.net). > Manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml > > -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000 From jcurran at istaff.org Sat Jul 28 14:22:02 2007 From: jcurran at istaff.org (John Curran) Date: Sat, 28 Jul 2007 14:22:02 -0400 Subject: [ppml] Legacy users and ARIN duties In-Reply-To: References: Message-ID: Good afternoon Dean - At 1:50 PM -0400 7/28/07, Dean Anderson wrote: >If address space is a problem, the very _first_ thing that should happen >is to slow down the assignment of new resources. In contrast, ARIN is >_accelerating_ the delegation process. I'm a little dubious of this >combination. The conjuction has a lot in common with the effects of >people trying to hoard up the remaining space, and people at ARIN >helping them do so. "People at ARIN" implement the policies that come through the public process. "ARIN and the Internet community" is likely a better antecedent. "We" (including all those on this list and in the meetings) is probably the shortest, most common term. >The transition will be a lot more "interesting" if ARIN blindly just >allocates space until it is all gone one day. "Stewards" are expected >to avoid abrupt changes. Community consensus on policy changes prior to depletion will determine the nature of the transition. Some advocate for a status-quo situation till depletion as businesses rely on predicable policies, and some recommend changes so as to affect the nature of the transition. The ARIN Board resolution made it clear what we'd like to see in the 7 May 2007 resolution: . In particular, we'd like to have policies that encourage IPv6 transition, and have asked the Advisory Council to consider this issue. That has resulted in quite a few policy proposals and lots of community discussion and all of that is a good thing. >I'm glad you brought up Enron. The Enron Board had to give back a lot of >money for their mismanagement. Bechtel just returned a Billion dollars >to Boston/MA/Feds for their BigDig engineering and construction >failures. I think an abrupt 'oops we're out of space' is going to >result in some very definite legal challenges to ARIN and its >management. An interesting assertion, but I do not believe there is a valid claim that this will be an abrupt change, unless the community fails to act responsibly in light of all of the preparation. We started the IPng task force in the early nineties, have had a stable Draft standard for IPv6 since 1998, and many vendors have been shipping production code for 5 years. Now, it is true that we have 2 or 3 years left for general availability of large IPv4 blocks, and that it would be wise for all to include IPv6 connectivity for their public facing servers in next years budget. If your an ISP, you've likely got more work to do, but that isn't news to anyone. Some may claim that our formal announcement of the forthcoming changes IPv4 block availability hasn't given them enough time to transition, but that's a judgement call which I personally feel we've balanced very well. /John From dns-tech at buckeye-access.com Sat Jul 28 14:25:11 2007 From: dns-tech at buckeye-access.com (Rebecca) Date: Sat, 28 Jul 2007 14:25:11 -0400 Subject: [ppml] FW: Policy Proposal 2007-15: Authentication ofLegacyResources Message-ID: <20070728112620.D575F74@pop16.mta.everyone.net> This is my first post here, and I really don't want to get involved in the politics and arguments that seem to be raging. I work for a small ISP and am reading this list to get an idea of what we need to be doing in the way of an IPv6 implementation. Anyway, the links you're requesting have been posted a number of times since I started reading the messages on this forum (too bad I've long since deleted those). A quick Google search turned up a good Wikipedia site (http://en.wikipedia.org/wiki/IPv4_address_exhaustion), and I found the following links in the references section to be helpful: (I'm not saying this supports either side of these arguments, just wanted to give you a link to the data...) http://www.potaroo.net/tools/ipv4/index.html http://www.tndh.net/~tony/ietf/ipv4-pool-combined-view.pdf (These are the links to the sites that include graphs. You can get links to the raw data from a Google search, but I've got to get back to work.) Also, I'd like to include a little request (please). I know there are a number of hot topics and people are really emotionally invested in some of these issues, but I'd really like to request people try to stay on topic with their posts here. There's a TON to read anyway, and I just want to keep abreast of the policy situation and get ideas for how best to go about our IPv6 implementation when I read these posts. Thanks, Rebecca K. Core Network Engineer Buckeye CableSystem -----Original Message----- From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On Behalf Of Dean Anderson Sent: Saturday, July 28, 2007 1:53 PM To: Robert Bonomi Cc: ppml at arin.net Subject: Re: [ppml] Policy Proposal 2007-15: Authentication ofLegacyResources On Fri, 27 Jul 2007, Robert Bonomi wrote: Seems like a lot of drivel without a link to reference any raw data. > As a quotable being once said, "you have sense-organ cluster all jammed up > ventral orifice." > > The raw data in question is published by ARIN, and the other RIRs, on a > *DAILY* basis, and is readily available for those who know where to look for it. > > > Can the ARIN staff report on the past rate of delegation (in total IP > > addresses and in total blocks, year by year, and the current year month > > by month? > > Why do you think ARIN staff should do extra work for you that you apparently > are incapable of reading from data they, and all the other RIRs, already > publish? > > Why are you making requests for material that they have already prepared > and published? > > Do you know they have _already_ prepared and PUBLISHED ot just the raw data > but nice 3-d bar charts as well, for everything you asked them to 'report on'? > > Are you really that badly informed, or are you merely maliciously ignoring > the public record in a futile attempt to confuse the matter with the 'big > lie'? > > > Of course, everything runs out eventually. However, there are things > > that we can do to prolong that time as long as possible. > > > > Delay in Assignment Processing of Requests > > Smaller Assignments > > Tougher requirements > > > > If ARIN (and IANA) adopt a policy of measuring the rate of delegation > > against the expected depletion time at the current rate, and adjust the > > above parameters so that depletion will not occur for, say, 10 years, > > That sounds good. but even the hand-waving you egage in below proves that > depletion -will- occur. Under your 'proposal', you yourself _admit_ it > will occur every year. > > > then we will see an exponential decreasing rate of delegation, but we > > will never run out of address space. > > Hmmm. Like a spammer, re-defining the terminology to mean what he wants it > to mean. > > If, _at_any_time_, people are unable to get the addresses they meet the > requirements for, then one *has* 'run out' of those addresses. Regardless > of whether it is 'temporarily' (in the case of a 'term quota' exceeded), or > 'permanently' (in the case of 'address-space exhausted'). > > And, of course, everybody who has thought about the matter for more than > 30 seconds has figured out that making 'smaller assignments' has absolutely > *NO*EFFECT* on the rate of consumption -- that *all* it does is make the > requesting party make additional requests _more_often_. > > "tougher requirements" is a nice-sounding smoke-screen, but it has only a > very temporary and transient effect. This is because requests are already > restricted to that which is necessary for a fixed forward time frame. > Requiring a higher utilization factor introdues a hiccup in the rate of > requests but that is all. > > scoreboad: > out of three 'bright ideas' to prevent 'running out' of addresses, > > 1 introduces 'artificial' unavailability of addresses even sooner > 1 has absolutely no effect > 1 might 'delay the inevitable' for a few weeks to a month or two, at best > > that looks like "three strikes, you're out!" to me. > > > Certainly not in the next 20 or 30 > > years, after which time we can expect that IPv6 is the preferred > > protocol, and we will never run out of IPv6 space. > > > > No more than the expected amount of IP addresses can be assigned in a > > given year. Pending requests would be delayed to the next year, and then > > assigned in the next year's policy to achieve 10 year depletion. > > I see. You assert that running out of the 'current time-period' quota, and > having no more available to assign that period is not 'running out ' of the > AVAILABLE supply at that time. > > > > _______________________________________________ > This message sent to you through the ARIN Public Policy Mailing List > (PPML at arin.net). > Manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml > > -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000 _______________________________________________ This message sent to you through the ARIN Public Policy Mailing List (PPML at arin.net). Manage your mailing list subscription at: http://lists.arin.net/mailman/listinfo/ppml From peter at boku.net Sat Jul 28 16:46:52 2007 From: peter at boku.net (Peter A Eisch) Date: Sat, 28 Jul 2007 15:46:52 -0500 (CDT) Subject: [ppml] Soliciting comments: IPv4 to IPv6 fast migration In-Reply-To: <46AAB743.2070208@internap.com> Message-ID: On Fri, 27 Jul 2007, Scott Leibrand wrote: > Peter A Eisch wrote: > > > > As with my situation: I'm legacy, multi-homed /24 and I don't need/want > > anymore IPv4 space. I can't get an IPv6 assignment from ARIN under the > > current policy. (I've tried and been rejected.) This further disincents > > not just me but likely others to even consider IPv6. > > > > ...but maybe that's by design. > > > > I guess it's time to unfold the hosted domains onto discreet subnets to > > generate a synthetic need for more IPv4 and play the game by the rules. > > Now *that* we definitely don't want. :-) > > What do you think of the policy proposal I just outlined? Would that be > a viable path forward for you? I'd appreciate your input, preferably > publicly. > If you mean this excerpt: > Ah, ok. I wouldn't mind rephrasing that portion of 6.5.8.1 to read > "qualify for an IPv4 assignment or allocation from ARIN under the IPv4 > policy currently in effect, or have qualified for, received, and > continue to efficiently utilize an IPv4 assignment or allocation from > ARIN." Yes, I think so. The "effeciently utilize" phrase causes a little concern. I try to extensively use NAT and high application density in their hosting environment and then uses their legacy space sparingly with as much PAT/NAT as possible could look inefficient by policy. (Maybe I'm paranoid about others nosing around.) In the end I think it might prove to be a reasonable carrot but still leave room for the stick to come later. At least you can likely get low-hanging fruit like me on-board with allowing us to get into IPv6 (grass-roots-like). peter From arin-contact at dirtside.com Sat Jul 28 17:43:00 2007 From: arin-contact at dirtside.com (William Herrin) Date: Sat, 28 Jul 2007 17:43:00 -0400 Subject: [ppml] PIv6 for legacy holders (/w RSA + efficient use) In-Reply-To: <46AB65C9.3000809@psg.com> References: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com> <3c3e3fca0707271617mc969245u40a107f57a2278e2@mail.gmail.com> <46AA8423.5060202@internap.com> <3c3e3fca0707271832y749f09ccw38ddf7b7a4f3d435@mail.gmail.com> <46AAA4C3.3050103@internap.com> <3c3e3fca0707271944v6fca3ccel68547b6067a34a9c@mail.gmail.com> <46AAB480.6020400@internap.com> <6eb799ab0707280622o313680b7gc639fa2bade0fd5f@mail.gmail.com> <3c3e3fca0707280727x333c3193yead6bd7fa70234d5@mail.gmail.com> <46AB65C9.3000809@psg.com> Message-ID: <3c3e3fca0707281443n6e9b1306i48f88571d85dd94b@mail.gmail.com> On 7/28/07, Randy Bush wrote: > > I concur. The primary value to the exercise lies in convincing IPv4 > > registrants to deploy IPv6 prior to IPv4 depletion. > > if they are not asking for more ipv4 space, this is to the community's > advantage, why? Proposition: it is valuable to the community as a whole for IPv6 deployment to become sufficiently ubiquitous that an assignment of IPv6 addresses holds the same or greater utility as an assignment of IPv4 addresses. Observation: Ubiquitous rarely means less than 90%. Observation: Less that 50% of the IPv4 community has an expanding need for IPv4 addresses. Observation: IPv6 is of essentially no value to anyone today due to its use by less than 10% of the community. Conclusion: For IPv6 to become useful to any part of the community, organizations who DO NOT need additional IPv4 addresses must deploy IPv6. Regards, Bill Herrin -- William D. Herrin herrin at dirtside.com bill at herrin.us 3005 Crane Dr. Web: Falls Church, VA 22042-3004 From dlw+arin at tellme.com Sat Jul 28 18:05:36 2007 From: dlw+arin at tellme.com (David Williamson) Date: Sat, 28 Jul 2007 15:05:36 -0700 Subject: [ppml] PIv6 for legacy holders (/w RSA + efficient use) In-Reply-To: <3c3e3fca0707281443n6e9b1306i48f88571d85dd94b@mail.gmail.com> References: <3c3e3fca0707271617mc969245u40a107f57a2278e2@mail.gmail.com> <46AA8423.5060202@internap.com> <3c3e3fca0707271832y749f09ccw38ddf7b7a4f3d435@mail.gmail.com> <46AAA4C3.3050103@internap.com> <3c3e3fca0707271944v6fca3ccel68547b6067a34a9c@mail.gmail.com> <46AAB480.6020400@internap.com> <6eb799ab0707280622o313680b7gc639fa2bade0fd5f@mail.gmail.com> <3c3e3fca0707280727x333c3193yead6bd7fa70234d5@mail.gmail.com> <46AB65C9.3000809@psg.com> <3c3e3fca0707281443n6e9b1306i48f88571d85dd94b@mail.gmail.com> Message-ID: <20070728220536.GK20308@shell01.cell.sv2.tellme.com> On Sat, Jul 28, 2007 at 05:43:00PM -0400, William Herrin wrote: > Conclusion: For IPv6 to become useful to any part of the community, > organizations who DO NOT need additional IPv4 addresses must deploy > IPv6. Observation: most of those organizations see that transition as an expense with no clear ROI. Why would they be even vaguely interested? Personally, I suspect many of those organizations won't be interested in the transition until something actually breaks. I think Leo was right. We're stuck with the Prisoner's Dilemma. -David From sleibrand at internap.com Sat Jul 28 18:11:17 2007 From: sleibrand at internap.com (Scott Leibrand) Date: Sat, 28 Jul 2007 15:11:17 -0700 Subject: [ppml] PIv6 for legacy holders (/w RSA + efficient use) In-Reply-To: <20070728220536.GK20308@shell01.cell.sv2.tellme.com> References: <3c3e3fca0707271617mc969245u40a107f57a2278e2@mail.gmail.com> <46AA8423.5060202@internap.com> <3c3e3fca0707271832y749f09ccw38ddf7b7a4f3d435@mail.gmail.com> <46AAA4C3.3050103@internap.com> <3c3e3fca0707271944v6fca3ccel68547b6067a34a9c@mail.gmail.com> <46AAB480.6020400@internap.com> <6eb799ab0707280622o313680b7gc639fa2bade0fd5f@mail.gmail.com> <3c3e3fca0707280727x333c3193yead6bd7fa70234d5@mail.gmail.com> <46AB65C9.3000809@psg.com> <3c3e3fca0707281443n6e9b1306i48f88571d85dd94b@mail.gmail.com> <20070728220536.GK20308@shell01.cell.sv2.tellme.com> Message-ID: <46ABBF05.7020606@internap.com> David Williamson wrote: > On Sat, Jul 28, 2007 at 05:43:00PM -0400, William Herrin wrote: > >> Conclusion: For IPv6 to become useful to any part of the community, >> organizations who DO NOT need additional IPv4 addresses must deploy >> IPv6. >> > > Observation: most of those organizations see that transition as an > expense with no clear ROI. Why would they be even vaguely interested? > Personally, I suspect many of those organizations won't be interested > in the transition until something actually breaks. > > I think Leo was right. We're stuck with the Prisoner's Dilemma. > Perhaps so. But, should we be encouraging or discouraging such organizations to adopt IPv6? I believe we need to do what we can to reduce the obstacles to IPv6 adoption, so that far-sighted organizations, and those for whom there is an ROI, can more easily adopt IPv6. -Scott From randy at psg.com Sat Jul 28 23:48:03 2007 From: randy at psg.com (Randy Bush) Date: Sat, 28 Jul 2007 20:48:03 -0700 Subject: [ppml] PIv6 for legacy holders (/w RSA + efficient use) In-Reply-To: <6eb799ab0707281047l71652f57n9f75737c2bef054f@mail.gmail.com> References: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com> <58236.1185482997@sa.vix.com> <3c3e3fca0707271617mc969245u40a107f57a2278e2@mail.gmail.com> <46AA8423.5060202@internap.com> <3c3e3fca0707271832y749f09ccw38ddf7b7a4f3d435@mail.gmail.com> <46AAA4C3.3050103@internap.com> <3c3e3fca0707271944v6fca3ccel68547b6067a34a9c@mail.gmail.com> <46AAB480.6020400@internap.com> <6eb799ab0707280622o313680b7gc639fa2bade0fd5f@mail.gmail.com> <46AB6585.7080900@psg.com> <6eb799ab0707281047l71652f57n9f75737c2bef054f@mail.gmail.com> Message-ID: <46AC0DF3.8050902@psg.com> >> and it is our job to use policy to 'make' anyone migrate why? > The technical decision for each network, whether it migrates is up to > that network. > However, as a steward of addresses, ARIN should be encouraging users > to drink from some well other than the one that is about to run dry. why? first, it will not soon run dry, just get a lot more expensive per glass. second, that will likely be sufficient incentive. let's leave to the experts, the governments, foolishly trying to use policy and regulation where technology and economics will do the job. and i suspect even they will be wise enough to keep out of this one. it would be pretty droll for us amateurs to try regulatory means where the experts do not tread. randy From james at towardex.com Sun Jul 29 04:30:30 2007 From: james at towardex.com (James Jun) Date: Sun, 29 Jul 2007 04:30:30 -0400 Subject: [ppml] Legacy users and ARIN duties In-Reply-To: References: <75417.1185549171@sa.vix.com> Message-ID: <00ab01c7d1ba$c7d84470$1efc5dd8@HCMC.local> > > If address space is a problem, the very _first_ thing that should happen > is to slow down the assignment of new resources. In contrast, ARIN is > _accelerating_ the delegation process. I'm a little dubious of this > combination. ARIN is accelerating the delegation because IP requests are continuing to go up higher as more networks join the internet and become multihomed. It's not fair for ARIN to discriminate IP assignments with preference to existing members. > The conjuction has a lot in common with the effects of > people trying to hoard up the remaining space, and people at ARIN > helping them do so. Interesting theory but there's no proof of that however. Getting IP addresses without sufficient justification pursuant to NRPM + RFC2050 details is quite more difficult these days than back during "legacy" days. Someone can't just get a personal /19 to "hoard up" the remaining space (with some possible exceptions of brilliant liars). ARIN is forced to respond to the needs of its serving regional Internet community, and when more people need their IP blocks for obvious legitimate reasons, ARIN has no choice but to allocate per guidelines set forth by its membership. When IPv4 runs out as a result of this, this is out of our control. And yes, ARIN is being "steward" in my opinion, by beginning to market IPv6 adoption and putting efforts to make it easier on people to obtain IPv6 block. I haven't seen your 10-year sliding plan but I would be happy to review when it's submitted in proper format through IRPEP process. > Bechtel just returned a Billion dollars > to Boston/MA/Feds for their BigDig engineering and construction > failures. That's not true. The legal proceeding and negotiations are still ongoing and the settlement figure for Central Artery/Tunnel Project between Bechtel Parsons Brinkerhoff (BPB) and plaintiffs is not finalized. Neither BPB nor involved contractors (Modern Continental Construction Co. and Jay Cashman) have so far completed settlement with the state/local gov'ts to close the case regarding 2004 water leak/slurry wall breach incident at C11A1-C17A1 contract interface area under Atlantic Avenue (I-93). Then there is also the ceiling collapse of I-90 EBD tunnel under D Street in South Boston which is also not completed in reaching a settlement agreement. Lawyers are scrambling to figure out how much BPB should be responsible in paying for, and how much others including Gannet Flemming (the section design consultant for C04A2 contract area where ceiling collapsed) should pay for -- this issue is far from being settled at this point in time. The only contractor which finalized its settlement with the respective state and federal governments regarding its performance is Aggregate Industries. Aggregate agreed to pay $50 million (in exchange for not being debarred from the state for highway construction projects) for supplying substandard concrete to the project. > I think an abrupt 'oops we're out of space' is going to > result in some very definite legal challenges to ARIN and its > management. Some of us could call that "frivolous lawsuit." I think an abrupt "oops we're out of space" issue is more appropriate to be called a case of "force majeure." James From arin-contact at dirtside.com Sun Jul 29 05:12:01 2007 From: arin-contact at dirtside.com (William Herrin) Date: Sun, 29 Jul 2007 05:12:01 -0400 Subject: [ppml] PIv6 for legacy holders (/w RSA + efficient use) In-Reply-To: <46AC0DF3.8050902@psg.com> References: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com> <46AA8423.5060202@internap.com> <3c3e3fca0707271832y749f09ccw38ddf7b7a4f3d435@mail.gmail.com> <46AAA4C3.3050103@internap.com> <3c3e3fca0707271944v6fca3ccel68547b6067a34a9c@mail.gmail.com> <46AAB480.6020400@internap.com> <6eb799ab0707280622o313680b7gc639fa2bade0fd5f@mail.gmail.com> <46AB6585.7080900@psg.com> <6eb799ab0707281047l71652f57n9f75737c2bef054f@mail.gmail.com> <46AC0DF3.8050902@psg.com> Message-ID: <3c3e3fca0707290212r74d8d8adod8489ab5f9d9d8bf@mail.gmail.com> On 7/28/07, Randy Bush wrote: > > However, as a steward of addresses, ARIN should be encouraging users > > to drink from some well other than the one that is about to run dry. > > why? first, it will not soon run dry, just get a lot more expensive per > glass. second, that will likely be sufficient incentive. Randy, You said it yourself: existing IPv4 registrants whose address needs aren't expanding have no need for IPv6. Stir in ARIN's numbers which suggest that less than 50% of registrants come back for more addresses and add a dash of missing killer app. You don't end up with any math that leads IPv6 to a critical mass. My addressing needs may not be expanding but yours are. In a couple years filling your needs will, as you say, "get a lot more expensive." You may not care whether I deploy IPv6 now, but you'll care then. I can afford to outwait you. Regards, Bill Herrin -- William D. Herrin herrin at dirtside.com bill at herrin.us 3005 Crane Dr. Web: Falls Church, VA 22042-3004 From randy at psg.com Sun Jul 29 11:20:30 2007 From: randy at psg.com (Randy Bush) Date: Sun, 29 Jul 2007 08:20:30 -0700 Subject: [ppml] PIv6 for legacy holders (/w RSA + efficient use) In-Reply-To: <3c3e3fca0707290212r74d8d8adod8489ab5f9d9d8bf@mail.gmail.com> References: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com> <46AA8423.5060202@internap.com> <3c3e3fca0707271832y749f09ccw38ddf7b7a4f3d435@mail.gmail.com> <46AAA4C3.3050103@internap.com> <3c3e3fca0707271944v6fca3ccel68547b6067a34a9c@mail.gmail.com> <46AAB480.6020400@internap.com> <6eb799ab0707280622o313680b7gc639fa2bade0fd5f@mail.gmail.com> <46AB6585.7080900@psg.com> <6eb799ab0707281047l71652f57n9f75737c2bef054f@mail.gmail.com> <46AC0DF3.8050902@psg.com> <3c3e3fca0707290212r74d8d8adod8489ab5f9d9d8bf@mail.gmail.com> Message-ID: <46ACB03E.4020208@psg.com> William Herrin wrote: > On 7/28/07, Randy Bush wrote: >>> However, as a steward of addresses, ARIN should be encouraging users >>> to drink from some well other than the one that is about to run dry. >> why? first, it will not soon run dry, just get a lot more expensive per >> glass. second, that will likely be sufficient incentive. > You said it yourself: existing IPv4 registrants whose address needs > aren't expanding have no need for IPv6. Stir in ARIN's numbers which > suggest that less than 50% of registrants come back for more addresses > and add a dash of missing killer app. You don't end up with any math > that leads IPv6 to a critical mass. > My addressing needs may not be expanding but yours are. In a couple > years filling your needs will, as you say, "get a lot more expensive." > You may not care whether I deploy IPv6 now, but you'll care then. no, because it's gonna be a dual stack universe for a few decades. randy From dns-tech at buckeye-access.com Sun Jul 29 11:39:36 2007 From: dns-tech at buckeye-access.com (Rebecca) Date: Sun, 29 Jul 2007 11:39:36 -0400 Subject: [ppml] Policy proposals- my take Message-ID: <20070729084045.D57492E@pop16.mta.everyone.net> >Rebecca wrote: >> I just want to >> keep abreast of the policy situation and get ideas for how best to go >>about our IPv6 implementation when I read these posts. Geoff Huston wrote: >It's still not an easy call - its not a cheap exercise and figuring out >the right time to make the investment within the available resources you >have at hand is part of the issue here. Well, for good or for ill our owners & upper management are very much for bleeding edge technology, despite being a smaller ISP (We've got a /16, /17, and /18) and cable operator. We've sunk a lot of money in the past into projects that went absolutely nowhere, and also into projects that end up being quite lucrative. Somehow we stay afloat. In this case, DOCSIS 3 will be needed for the majority of our subscribers to be able to use IPv6. DOCSIS 3 firmware for our equipment isn't really available in production yet, but for reasons unrelated to v6 we're in process of changing vendors to one that *promises* to have a code upgrade within a year. (Personally I'm not going to hold my breath on that one.) Just recently management began asking why we didn't already have an IPv6 implementation plan already in progress. So we finally got the application for an allocation submitted & approved like I've been asking to be able to do since January. :D (Yay) And now we've got to do our best to look at IPv6 implementation, starting with our core network. Since we're still expanding our customer base, and looking into SIP, I think we would be one of the companies that would be hurting if/when IPv4 runs out. (Lately we've had to go to ARIN 1-2x a year for another allocation) Anyway, enough back history - back on topic. As far as policies, I'll try to sum up my feelings - keep in mind this may all change as we get a better idea of what our needs will be, and I'm not one of the decision-makers for our company - I just give recommendations and then wait to see what really happens. I see 4 current active policy proposals on the ARIN site. 1. Policy Proposal 2007-15 Authentication of Legacy Resources I understand why this was proposed, but in all fairness, I think this proposal is premature and a bit heavy handed. Overall, I don't support this proposal. If I were a legacy holder, this would be greatly resented. I agree with other people that recommend trying to entice the legacy holders to sign RSA's or at least get current contact info without going about it this way. First see who responds willingly when ASKED to do so. If there's little to no response, then re-evaluate. But *as far as I know*, there hasn't been a concerted effort to contact them, explain the purposes of updating their info, and get them to join these discussions. Someone else suggested sending letters requesting confirmation of contact info/ownership, and terminating rDNS for the ones that don't respond. It makes more sense to me to remove the entries that can't be confirmed to be current, as they are more likely erroneous anyway. I personally use ARIN's rDNS info when researching all sorts of issues. Even if it's not always CURRENT - it's a starting point. Losing that info for the legacy allocations all together b/c we're trying to force them to give up theoretically wasted IPv4 space and/or get them to implement IPv6 doesn't work for me. 2. Policy Proposal 2007-14 Resource Review Process Sounds good to me 3. 2007-13: Removal of ISP Immediate Need from End-User Sounds good. 4. 2006-7: Changes to IPv6 initial allocation criteria Sounds good Then of course there's a lot of discussions going on that relate to already abandoned policy proposals or future proposals. My 2 cents are as follows: As I said before, our company is probably going to need IPv6 as we expect to continue to steadily expand our product offerings and customer base over the next 5 years (which goes beyond even the most conservative estimates for exhaustion that I've been seeing). And many of our customers would SCREAM if we started using NAT to get them all online without getting new allocations as we run out. *That doesn't mean that other companies should be required to implement IPv6 if they are not expanding their offerings/customer base. I don't support policies that try to FORCE others to adopt IPv6 to accommodate our needs due to our growth.* I do expect our upstream providers to accommodate that traffic, but if they don't, when our contracts expire, we'll just take our business elsewhere (we are currently multi-homed with 4 providers). That is what we've done in the past whenever a vendor can't meet our needs, and has worked thus far. As far as legacy v4 allocations, I don't see enough benefit in trying to *make* them give it back/have it managed by ARIN. It's theirs - that cat is out of the bag, that train has left the station, IMHO. We have new options, so take them and do what it takes to make it work. HOWEVER. If the legacy holders want v6 allocations as well, that's a different story. At that point they should have to sign an RSA with ARIN, and start paying dues. They should be given the *option* to have their legacy allocation put under the purview of ARIN, otherwise they should be treated as though the v6 application is a request for a first allocation. At that point I figure they're either not utilizing the space ideally, and in order to avoid having to pay dues/sign the RSA they'll do what it takes to renumber to use it more efficiently when v4 runs out, OR they're already using it efficiently and now they'll find themselves facing the same crunch as the rest of us. And even if they're not using their legacy allocation(s) in the most efficient manner, if they are willing to pay ARIN to join the IPv6 movement - let 'em. I think this is a decent compromise given the high likelihood of a dual stack environment (barring extrememe measures like everyone using NAT only or artificially "ending" IPv4, neither of which I consider to be likely eventualities). Anywho, I've got to do some real work now, so I'll stop my rambling here. Rebecca From paul at vix.com Sun Jul 29 12:09:12 2007 From: paul at vix.com (Paul Vixie) Date: Sun, 29 Jul 2007 16:09:12 +0000 Subject: [ppml] PIv6 for legacy holders (/w RSA + efficient use) In-Reply-To: Your message of "Sun, 29 Jul 2007 08:20:30 MST." <46ACB03E.4020208@psg.com> References: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com> <46AA8423.5060202@internap.com> <3c3e3fca0707271832y749f09ccw38ddf7b7a4f3d435@mail.gmail.com> <46AAA4C3.3050103@internap.com> <3c3e3fca0707271944v6fca3ccel68547b6067a34a9c@mail.gmail.com> <46AAB480.6020400@internap.com> <6eb799ab0707280622o313680b7gc639fa2bade0fd5f@mail.gmail.com> <46AB6585.7080900@psg.com> <6eb799ab0707281047l71652f57n9f75737c2bef054f@mail.gmail.com> <46AC0DF3.8050902@psg.com> <3c3e3fca0707290212r74d8d8adod8489ab5f9d9d8bf@mail.gmail.com> <46ACB03E.4020208@psg.com> Message-ID: <65115.1185725352@sa.vix.com> > > You may not care whether I deploy IPv6 now, but you'll care then. > > no, because it's gonna be a dual stack universe for a few decades. for folks who can get IPv4 space or who already have it, dual stack is a natural thing to do. but in the coming decades, the internet will grow far beyond the confines of IPv4, and most of that growth will be in the form of IPv6-only, though possibly conjoined with IPv4 NAT. the problem with this is that any IPv4-only target (like a web site) will not be reachable to any IPv6-only initiator. so when we say "deploy IPv6 now" we mean "deploy dual-stack", whereas when we say "deploy IPv6 after 2009" we mean "deploy IPv6". so, yes, we will all care whether other people have "deployed IPv6" either "now", or "then". it's a damned shame that IPv6 doesn't include a better transition method. From randy at psg.com Sun Jul 29 20:51:47 2007 From: randy at psg.com (Randy Bush) Date: Sun, 29 Jul 2007 17:51:47 -0700 Subject: [ppml] PIv6 for legacy holders (/w RSA + efficient use) In-Reply-To: <65115.1185725352@sa.vix.com> References: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com> <46AA8423.5060202@internap.com> <3c3e3fca0707271832y749f09ccw38ddf7b7a4f3d435@mail.gmail.com> <46AAA4C3.3050103@internap.com> <3c3e3fca0707271944v6fca3ccel68547b6067a34a9c@mail.gmail.com> <46AAB480.6020400@internap.com> <6eb799ab0707280622o313680b7gc639fa2bade0fd5f@mail.gmail.com> <46AB6585.7080900@psg.com> <6eb799ab0707281047l71652f57n9f75737c2bef054f@mail.gmail.com> <46AC0DF3.8050902@psg.com> <3c3e3fca0707290212r74d8d8adod8489ab5f9d9d8bf@mail.gmail.com> <46ACB03E.4020208@psg.com> <65115.1185725352@sa.vix.com> Message-ID: <46AD3623.6070309@psg.com> Paul Vixie wrote: >>> You may not care whether I deploy IPv6 now, but you'll care then. >> no, because it's gonna be a dual stack universe for a few decades. > for folks who can get IPv4 space or who already have it, dual stack is > a natural thing to do. but in the coming decades, the internet will > grow far beyond the confines of IPv4, and most of that growth will be > in the form of IPv6-only, though possibly conjoined with IPv4 NAT. the > problem with this is that any IPv4-only target (like a web site) will > not be reachable to any IPv6-only initiator. so when we say "deploy > IPv6 now" we mean "deploy dual-stack", whereas when we say "deploy IPv6 > after 2009" we mean "deploy IPv6". so, yes, we will all care whether > other people have "deployed IPv6" either "now", or "then". > > it's a damned shame that IPv6 doesn't include a better transition method. gosh! you sound like you almost actually read my preso randy From paul at vix.com Sun Jul 29 23:02:41 2007 From: paul at vix.com (Paul Vixie) Date: Mon, 30 Jul 2007 03:02:41 +0000 Subject: [ppml] PIv6 for legacy holders (/w RSA + efficient use) In-Reply-To: Your message of "Sun, 29 Jul 2007 17:51:47 MST." <46AD3623.6070309@psg.com> References: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com> <46AA8423.5060202@internap.com> <3c3e3fca0707271832y749f09ccw38ddf7b7a4f3d435@mail.gmail.com> <46AAA4C3.3050103@internap.com> <3c3e3fca0707271944v6fca3ccel68547b6067a34a9c@mail.gmail.com> <46AAB480.6020400@internap.com> <6eb799ab0707280622o313680b7gc639fa2bade0fd5f@mail.gmail.com> <46AB6585.7080900@psg.com> <6eb799ab0707281047l71652f57n9f75737c2bef054f@mail.gmail.com> <46AC0DF3.8050902@psg.com> <3c3e3fca0707290212r74d8d8adod8489ab5f9d9d8bf@mail.gmail.com> <46ACB03E.4020208@psg.com> <65115.1185725352@sa.vix.com> <46AD3623.6070309@psg.com> Message-ID: <82295.1185764561@sa.vix.com> > > > > You may not care whether I deploy IPv6 now, but you'll care then. > > > > no, because it's gonna be a dual stack universe for a few decades. > > > it's a damned shame that IPv6 doesn't include a better transition method. > > gosh! you sound like you almost actually read my preso i did read it, since i had to leave for another meeting while you were giving it. (at IEPG recently, this was.) and your preso almost appears to disagree with your statement above. note that i don't admit the possibility of a growth-inhibited Internet, and so, by at or near IPv4 depletion, dual stack is what everybody has to be doing. and so, the first statement quoted above seems obviously true to me. which is why, i didn't understand your objection. From Keith at jcc.com Sun Jul 29 23:44:23 2007 From: Keith at jcc.com (Keith W. Hare) Date: Sun, 29 Jul 2007 23:44:23 -0400 Subject: [ppml] PIv6 for legacy holders (/w RSA + efficient use) Message-ID: <2e0d71dd9187604d456f8a535fbb60e046ad5ea3@jcc.com> > -----Original Message----- > From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On > Behalf Of David Williamson > Sent: Saturday, July 28, 2007 6:06 PM > To: William Herrin > Cc: Randy Bush; ppml at arin.net > Subject: Re: [ppml] PIv6 for legacy holders (/w RSA + efficient use) > > On Sat, Jul 28, 2007 at 05:43:00PM -0400, William Herrin wrote: > > Conclusion: For IPv6 to become useful to any part of the community, > > organizations who DO NOT need additional IPv4 addresses must deploy > > IPv6. > > Observation: most of those organizations see that transition as an > expense with no clear ROI. Why would they be even vaguely interested? > Personally, I suspect many of those organizations won't be interested > in the transition until something actually breaks. > Organizations do lots of things where there is not a clear ROI, most frequently where not doing something will result in a clear cost. Right now, the biggest obstacle in moving to IPv6 for a lot of organizations is a lack of knowledge about the issues and technology. Once organizations figure out the issues and technology, the biggest obstacle is going to be lack of PI space. Since IPv6 prefers not to have NAT, an organization needs to number all resources on the internal network using routable addresses. If these address are PA addresses, changing ISPs is going to be a major effort -- renumbering all resources, rewriting all firewall rules, retesting all applications, and maybe redoing an internal security audit. Why whould an organization agree to a technology that ties them to an ISP? Keith From randy at psg.com Sun Jul 29 23:56:02 2007 From: randy at psg.com (Randy Bush) Date: Sun, 29 Jul 2007 20:56:02 -0700 Subject: [ppml] PIv6 for legacy holders (/w RSA + efficient use) In-Reply-To: <82295.1185764561@sa.vix.com> References: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com> <46AA8423.5060202@internap.com> <3c3e3fca0707271832y749f09ccw38ddf7b7a4f3d435@mail.gmail.com> <46AAA4C3.3050103@internap.com> <3c3e3fca0707271944v6fca3ccel68547b6067a34a9c@mail.gmail.com> <46AAB480.6020400@internap.com> <6eb799ab0707280622o313680b7gc639fa2bade0fd5f@mail.gmail.com> <46AB6585.7080900@psg.com> <6eb799ab0707281047l71652f57n9f75737c2bef054f@mail.gmail.com> <46AC0DF3.8050902@psg.com> <3c3e3fca0707290212r74d8d8adod8489ab5f9d9d8bf@mail.gmail.com> <46ACB03E.4020208@psg.com> <65115.1185725352@sa.vix.com> <46AD3623.6070309@psg.com> <82295.1185764561@sa.vix.com> Message-ID: <46AD6152.4060501@psg.com> >>>>> You may not care whether I deploy IPv6 now, but you'll care then. >>>> no, because it's gonna be a dual stack universe for a few decades. >>> it's a damned shame that IPv6 doesn't include a better transition method. >> gosh! you sound like you almost actually read my preso > i did read it, since i had to leave for another meeting while you were giving > it. (at IEPG recently, this was.) and your preso almost appears to disagree > with your statement above. note that i don't admit the possibility of a > growth-inhibited Internet, and so, by at or near IPv4 depletion, dual stack > is what everybody has to be doing. and so, the first statement quoted above > seems obviously true to me. there will be five stages at the edges, i will steal from the yet released next slide set in the series. 0 Denial, from both ?sides?: . We can ignore brain-dead IPv6 . IPv6 is perfect and those greedy fools just have to deploy it 1 Dual stack with IPv4 Dominant 2 Dual stack with both widely used 3 Dual stack with IPv6 Dominant 4 The IPv6 Internet (getting ready for IPv10 transition:) i assume dual stack core before we move an inch, i.e. out of stage 0. and we are getting the dual stack core now. transit providers who don't make that move will see it on their bottom line in one or two years. one problem is that (some) router vendor support is still mediocre, so stalling increases the value of your capital. in stages 1 and 2, there will be massive use of v4/v4 nat and v4/v6 nat. we can hope that v4/v4 slowly dies away in stage 3, as v6 technologic barriers are significantly lower financially, inter-operation is widespread, and acquisition of new ipv4 space becomes a more and more expensive proposition, but at no time will growth be inhibited. as we all know, the internet routes around blockage. and growth will find the currently least cost path. that's life in the big city. i sure wish the north american culture did not think of next quarter as long range financial planning, or things might progress more quickly, ironically. as the community passes through these stages, which will be a decade or two, it will do so in a gaussian distribution, with a few folk in the lead, the snake which ate the elephant in the middle (or is it a hat?), and others in a long tail. make it cheaper to move forward, and folk will do so. try to make it _artificially_ expensive to be toward the tail, and we'll get the all religious zealots deserve. the key thing is to reduce the _technology_ expense of choosing v6 over v4 in stages 1 and 2. and for that, you have to wait for me to finish the next preso :). randy From paul at vix.com Mon Jul 30 00:21:23 2007 From: paul at vix.com (Paul Vixie) Date: Mon, 30 Jul 2007 04:21:23 +0000 Subject: [ppml] PIv6 for legacy holders (/w RSA + efficient use) In-Reply-To: Your message of "Sun, 29 Jul 2007 23:44:23 -0400." <2e0d71dd9187604d456f8a535fbb60e046ad5ea3@jcc.com> References: <2e0d71dd9187604d456f8a535fbb60e046ad5ea3@jcc.com> Message-ID: <1744.1185769283@sa.vix.com> > Why whould an organization agree to a technology that ties them to an ISP? surely ipv6 and ipv4 are equivilient in that regard, and it's only newly allocated vs. oldly allocated address blocks of either family that differ? From paul at vix.com Mon Jul 30 00:57:20 2007 From: paul at vix.com (Paul Vixie) Date: Mon, 30 Jul 2007 04:57:20 +0000 Subject: [ppml] PIv6 for legacy holders (/w RSA + efficient use) In-Reply-To: Your message of "Sun, 29 Jul 2007 20:56:02 MST." <46AD6152.4060501@psg.com> References: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com> <46AA8423.5060202@internap.com> <3c3e3fca0707271832y749f09ccw38ddf7b7a4f3d435@mail.gmail.com> <46AAA4C3.3050103@internap.com> <3c3e3fca0707271944v6fca3ccel68547b6067a34a9c@mail.gmail.com> <46AAB480.6020400@internap.com> <6eb799ab0707280622o313680b7gc639fa2bade0fd5f@mail.gmail.com> <46AB6585.7080900@psg.com> <6eb799ab0707281047l71652f57n9f75737c2bef054f@mail.gmail.com> <46AC0DF3.8050902@psg.com> <3c3e3fca0707290212r74d8d8adod8489ab5f9d9d8bf@mail.gmail.com> <46ACB03E.4020208@psg.com> <65115.1185725352@sa.vix.com> <46AD3623.6070309@psg.com> <82295.1185764561@sa.vix.com> <46AD6152.4060501@psg.com> Message-ID: <7319.1185771440@sa.vix.com> > there will be five stages at the edges, i will steal from the yet > released next slide set in the series. > 0 Denial, from both ?sides?: > . We can ignore brain-dead IPv6 > . IPv6 is perfect and those greedy fools just have to deploy it > 1 Dual stack with IPv4 Dominant > 2 Dual stack with both widely used > 3 Dual stack with IPv6 Dominant > 4 The IPv6 Internet (getting ready for IPv10 transition:) > > i assume dual stack core before we move an inch, i.e. out of stage 0. and > we are getting the dual stack core now. transit providers who don't make > that move will see it on their bottom line in one or two years. one problem > is that (some) router vendor support is still mediocre, so stalling > increases the value of your capital. i don't understand that final sentence. > in stages 1 and 2, there will be massive use of v4/v4 nat and v4/v6 nat. we > can hope that v4/v4 slowly dies away in stage 3, as v6 technologic barriers > are significantly lower financially, inter-operation is widespread, and > acquisition of new ipv4 space becomes a more and more expensive proposition, other than completing buildouts which were already planned and in progress when IPv4 depletion occurs, i'm not sure what force will drive IPv4 space to a higher price. the value of an address is that you can reach other people with it, and if other people can't grow in IPv4, then why would you care to? (other than as i said, if it's V4-only infrastructure that you already had in the deployment queue before the upcoming depletion event.) > but at no time will growth be inhibited. as we all know, the internet > routes around blockage. and growth will find the currently least cost path. i am now completely off the rails of this message. for one thing you seem to be assuming that overcoming alternative cost is itself a cost-free event and that it will be instantaneous and that the "market" will have perfect knowledge. for another thing you seem to assume that the step function in value (customer's reachability) and cost (training, equipment, operations) for those who choose an IPv6 alternative _as a result of_ IPv4 "costs" rather than having planned for it, will be so low as to not be called a catastrophy. > the key thing is to reduce the _technology_ expense of choosing v6 over v4 > in stages 1 and 2. and for that, you have to wait for me to finish the next > preso :). "we're not going to win this with torpedoes, chief." but lay it on me anyway. From colin at thusa.co.za Mon Jul 30 01:28:25 2007 From: colin at thusa.co.za (Colin Alston) Date: Mon, 30 Jul 2007 07:28:25 +0200 Subject: [ppml] PIv6 for legacy holders (/w RSA + efficient use) In-Reply-To: <65115.1185725352@sa.vix.com> References: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com> <46AA8423.5060202@internap.com> <3c3e3fca0707271832y749f09ccw38ddf7b7a4f3d435@mail.gmail.com> <46AAA4C3.3050103@internap.com> <3c3e3fca0707271944v6fca3ccel68547b6067a34a9c@mail.gmail.com> <46AAB480.6020400@internap.com> <6eb799ab0707280622o313680b7gc639fa2bade0fd5f@mail.gmail.com> <46AB6585.7080900@psg.com> <6eb799ab0707281047l71652f57n9f75737c2bef054f@mail.gmail.com> <46AC0DF3.8050902@psg.com> <3c3e3fca0707290212r74d8d8adod8489ab5f9d9d8bf@mail.gmail.com> <46ACB03E.4020208@psg.com> <65115.1185725352@sa.vix.com> Message-ID: <46AD76F9.5000001@thusa.co.za> On 29/07/2007 18:09 Paul Vixie wrote: >>> You may not care whether I deploy IPv6 now, but you'll care >>> then. >> no, because it's gonna be a dual stack universe for a few >> decades. > > for folks who can get IPv4 space or who already have it, dual stack > is a natural thing to do. but in the coming decades, the internet > will grow far beyond the confines of IPv4, and most of that growth > will be in the form of IPv6-only, though possibly conjoined with > IPv4 NAT. You shook me from my sleep with "NAT". I live in the country where hack IT people feel NAT is the saving grace of the world - sadly there is nothing worse than having to renumber your private network because it conflicts with the subnet that your provider has dished out. And no one would, you just get a new provider or renumber your gateway and perform double NAT. NAT just isn't a scalable solution to the problem of IP depletion. (Not that I suspect anyone here thinks that it is) > it's a damned shame that IPv6 doesn't include a better transition > method. I can't really conceive a way in which it would include a better transition method other than being able to have both at the same time. The real problem with its transition method is where silly men in black suits think that IPv6 should be some kind of alternate profit area that is marketable as something other than IPv4, whereas it should be more a case of "This is the new standard, provision it or quit now and go sell stationary". My question is why it wasn't possible to learn from the NCP to TCP switch already performed in the internet history. I guess the issues are fundamentally different though. -- Colin Alston ______ Linux & Internet Services /\_\_\_\ Thusa Business Support (Pty) Ltd /\/\_\_\_\ http://www.thusa.co.za/ /\/\/\_\_\_\ Tel: (+27) 031 277 1257 \/\/\/_/_/_/ Fax: (+27) 031 277 1269 \/\/_/_/_/ \/_/_/_/ "To the world you may be one person, to one person you may be the world" ~ Rachel Ann Nunes. From mysidia at gmail.com Mon Jul 30 01:30:11 2007 From: mysidia at gmail.com (James Hess) Date: Mon, 30 Jul 2007 00:30:11 -0500 Subject: [ppml] PIv6 for legacy holders (/w RSA + efficient use) In-Reply-To: <2e0d71dd9187604d456f8a535fbb60e046ad5ea3@jcc.com> References: <2e0d71dd9187604d456f8a535fbb60e046ad5ea3@jcc.com> Message-ID: <6eb799ab0707292230j18493728id45fdf7afb31436e@mail.gmail.com> > Once organizations figure out the issues and technology, the biggest > obstacle is going to be lack of PI space. I would say IPv6 PI space _must_ be available or the lack would be such a major obstacle to V6 adoption that it would be a problem definitely needing solution. Some users of IP will deem it critical for their purposes that they have PI addressing. But from what I see in the the current NRPM, there _IS_ ipv6 PI space. Am I missing something? "6.5.8. Direct assignments from ARIN to end-user organizations 6.5.8.1. Criteria To qualify for a direct assignment, an organization must: 1. not be an IPv6 LIR; and 2. qualify for an IPv4 assignment or allocation from ARIN under the IPv4 policy currently in effect. " -- -J From paul at vix.com Mon Jul 30 02:05:03 2007 From: paul at vix.com (Paul Vixie) Date: Mon, 30 Jul 2007 06:05:03 +0000 Subject: [ppml] PIv6 for legacy holders (/w RSA + efficient use) In-Reply-To: Your message of "Mon, 30 Jul 2007 07:28:25 +0200." <46AD76F9.5000001@thusa.co.za> References: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com> <46AA8423.5060202@internap.com> <3c3e3fca0707271832y749f09ccw38ddf7b7a4f3d435@mail.gmail.com> <46AAA4C3.3050103@internap.com> <3c3e3fca0707271944v6fca3ccel68547b6067a34a9c@mail.gmail.com> <46AAB480.6020400@internap.com> <6eb799ab0707280622o313680b7gc639fa2bade0fd5f@mail.gmail.com> <46AB6585.7080900@psg.com> <6eb799ab0707281047l71652f57n9f75737c2bef054f@mail.gmail.com> <46AC0DF3.8050902@psg.com> <3c3e3fca0707290212r74d8d8adod8489ab5f9d9d8bf@mail.gmail.com> <46ACB03E.4020208@psg.com> <65115.1185725352@sa.vix.com> <46AD76F9.5000001@thusa.co.za> Message-ID: <21561.1185775503@sa.vix.com> > You shook me from my sleep with "NAT". I live in the country where > hack IT people feel NAT is the saving grace of the world - sadly there > is nothing worse than having to renumber your private network because > it conflicts with the subnet that your provider has dished out. i refer you to ipv6 ula, ipv6 ula central, and ipv6 ula global. > > it's a damned shame that IPv6 doesn't include a better transition > > method. > > I can't really conceive a way in which it would include a better > transition method other than being able to have both at the same time. that's what DEC did in the VAX for the first few years. (to execute PDP11 opcodes.) DEC later failed, but it wasn't because they got this part wrong. the V4/V6 transition thinking as i heard and participated it in was that every V6 node would also present V4 to its applications, either via native, or via proxy. the V6/V4 proxy setting would be like a default route, you'd leard it from your DHCP server or via router solicitation/advertisement/etc. the thing you were told by your proxy to use at your end of what amounted to a V4-in-V6 tunnel could either be RFC 1918 or native. so it would be possible to run V4-only apps in a V6-only enterprise, so long as that enterprise was connected to a dual stack core or had its own upstream proxy. seemed like a really good balance of cost:benefit to me, since i could see (in 1995 or so, this was) that the cost of not having seamless transition would be huge, vs. the complexity cost of putting this logic into every node. > The real problem with its transition method is where silly men in black > suits think that IPv6 should be some kind of alternate profit area that is > marketable as something other than IPv4, whereas it should be more a case of > "This is the new standard, provision it or quit now and go sell stationary". well, maybe so, but i think the reason V6 is mostly ignored today is that it was sent out as "let's build a brand new internet having only a tenuous connection to the old one" rather than "let's add more address space to the internet we already have." the difference may be too subtle. i hope not. > My question is why it wasn't possible to learn from the NCP to TCP switch > already performed in the internet history. I guess the issues are > fundamentally different though. different people, different times, and a lot more money and nodes in the mix. From randy at psg.com Mon Jul 30 04:57:31 2007 From: randy at psg.com (Randy Bush) Date: Sun, 29 Jul 2007 22:57:31 -1000 Subject: [ppml] PIv6 for legacy holders (/w RSA + efficient use) In-Reply-To: <7319.1185771440@sa.vix.com> References: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com> <46AA8423.5060202@internap.com> <3c3e3fca0707271832y749f09ccw38ddf7b7a4f3d435@mail.gmail.com> <46AAA4C3.3050103@internap.com> <3c3e3fca0707271944v6fca3ccel68547b6067a34a9c@mail.gmail.com> <46AAB480.6020400@internap.com> <6eb799ab0707280622o313680b7gc639fa2bade0fd5f@mail.gmail.com> <46AB6585.7080900@psg.com> <6eb799ab0707281047l71652f57n9f75737c2bef054f@mail.gmail.com> <46AC0DF3.8050902@psg.com> <3c3e3fca0707290212r74d8d8adod8489ab5f9d9d8bf@mail.gmail.com> <46ACB03E.4020208@psg.com> <65115.1185725352@sa.vix.com> <46AD3623.6070309@psg.com> <82295.1185764561@sa.vix.com> <46AD6152.4060501@psg.com> <7319.1185771440@sa.vix.com> Message-ID: <46ADA7FB.60809@psg.com> >> i assume dual stack core before we move an inch, i.e. out of stage >> 0. and we are getting the dual stack core now. transit providers >> who don't make that move will see it on their bottom line in one >> or two years. one problem is that (some) router vendor support is >> still mediocre, so stalling increases the value of your capital. > i don't understand that final sentence. stalling a hardware upgrade gets me better hardware for the same bucks. > other than completing buildouts which were already planned and in > progress when IPv4 depletion occurs, i'm not sure what force will > drive IPv4 space to a higher price. folk who can stall going to v6 by buying v4 space will drive up cost of v4 space. > i am now completely off the rails of this message. for one thing you > seem to be assuming that overcoming alternative cost is itself a > cost-free event and that it will be instantaneous and that the > "market" will have perfect knowledge. i missed where i said those things. though i suspect ebay, or a specialized brokerage, may make v4 prices somewhat transparent. but the costs of conversion to v6 will be far less easy to quantify, and hence may seem larger than they actually are. > for another thing you seem to assume that the step function in value > (customer's reachability) and cost (training, equipment, operations) > for those who choose an IPv6 alternative _as a result of_ IPv4 > "costs" rather than having planned for it, will be so low as to not > be called a catastrophy. yep. the net is not going to balkanize. so you can pay one set of costs now, a slightly different set in a year, another a year more out, etc. no radical change is going to happen here. randy From Keith at jcc.com Mon Jul 30 06:47:33 2007 From: Keith at jcc.com (Keith W. Hare) Date: Mon, 30 Jul 2007 06:47:33 -0400 Subject: [ppml] PIv6 for legacy holders (/w RSA + efficient use) Message-ID: <8e707a764d7789eb11dad919c0be0a0846adc1cd@jcc.com> > > > Why whould an organization agree to a technology that ties > them to an ISP? > > surely ipv6 and ipv4 are equivilient in that regard, and it's > only newly > allocated vs. oldly allocated address blocks of either family > that differ? With IPv4, NAT allows one to isolate most of the internal network by using non-routable addresses. So, switching ISPs means renumbering the external nodes and revising some firewall rules. With IPv6, without NAT, switching vendors with PA space means renumbering both the external and the internal network. Keith From Keith at jcc.com Mon Jul 30 06:52:07 2007 From: Keith at jcc.com (Keith W. Hare) Date: Mon, 30 Jul 2007 06:52:07 -0400 Subject: [ppml] PIv6 for legacy holders (/w RSA + efficient use) Message-ID: <304f40a4687d35bdcf5268f196c594ab46adc2de@jcc.com> > -----Original Message----- > From: James Hess [mailto:mysidia at gmail.com] > Sent: Monday, July 30, 2007 1:30 AM > To: ARIN Address Policy; Keith W. Hare > Subject: Re: [ppml] PIv6 for legacy holders (/w RSA + efficient use) > > > Once organizations figure out the issues and technology, the biggest > > obstacle is going to be lack of PI space. > > I would say IPv6 PI space _must_ be available or the lack > would be such > a major obstacle to V6 adoption that it would be a problem > definitely needing > solution. > > Some users of IP will deem it critical for their purposes > that they have PI > addressing. > > > But from what I see in the the current NRPM, there _IS_ ipv6 PI space. > Am I missing something? > > > "6.5.8. Direct assignments from ARIN to end-user organizations > > 6.5.8.1. Criteria > > To qualify for a direct assignment, an organization must: > > 1. not be an IPv6 LIR; and > 2. qualify for an IPv4 assignment or allocation from ARIN under > the IPv4 policy currently in effect. > " The criteria for qualifying for an IPv4 assignment are fairly restrictive. Keith From michael.dillon at bt.com Mon Jul 30 07:22:29 2007 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Mon, 30 Jul 2007 12:22:29 +0100 Subject: [ppml] PIv6 for legacy holders (/w RSA + efficient use) In-Reply-To: <8e707a764d7789eb11dad919c0be0a0846adc1cd@jcc.com> References: <8e707a764d7789eb11dad919c0be0a0846adc1cd@jcc.com> Message-ID: > With IPv4, NAT allows one to isolate most of the internal > network by using non-routable addresses. So, switching ISPs > means renumbering the external nodes and revising some firewall rules. > > With IPv6, without NAT, switching vendors with PA space means > renumbering both the external and the internal network. With IPv6, ULA addressing defined in RFC 4193 http://www.ietf.org/rfc/rfc4193.txt allows one to isolate most of the internal network using non-routable addresses. Combine that with the typical enterprise configuration of firewall, web proxy, and internal email service. You don't even need NAT in this scenario. --Michael Dillon From Keith at jcc.com Mon Jul 30 08:25:34 2007 From: Keith at jcc.com (Keith W. Hare) Date: Mon, 30 Jul 2007 08:25:34 -0400 Subject: [ppml] PIv6 for legacy holders (/w RSA + efficient use) Message-ID: <4545548cc0f42424cffca8ab6de5b68a46add8c6@jcc.com> > -----Original Message----- > From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On > Behalf Of michael.dillon at bt.com > Sent: Monday, July 30, 2007 7:22 AM > To: ppml at arin.net > Subject: Re: [ppml] PIv6 for legacy holders (/w RSA + efficient use) > > > With IPv4, NAT allows one to isolate most of the internal > > network by using non-routable addresses. So, switching ISPs > > means renumbering the external nodes and revising some > firewall rules. > > > > With IPv6, without NAT, switching vendors with PA space means > > renumbering both the external and the internal network. > > With IPv6, ULA addressing defined in RFC 4193 > http://www.ietf.org/rfc/rfc4193.txt allows one to isolate most of the > internal network using non-routable addresses. Combine that with the > typical enterprise configuration of firewall, web proxy, and internal > email service. You don't even need NAT in this scenario. > rfc4193 describes a mechanism for allocating local addresses that are not routed outside of a site. However, any node that needs to be reachable from outside of the site or any node that needs to communicate with nodes outside of the site also needs to have a global address. How does this help? Keith From michael.dillon at bt.com Mon Jul 30 08:55:34 2007 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Mon, 30 Jul 2007 13:55:34 +0100 Subject: [ppml] PIv6 for legacy holders (/w RSA + efficient use) In-Reply-To: <4545548cc0f42424cffca8ab6de5b68a46add8c6@jcc.com> References: <4545548cc0f42424cffca8ab6de5b68a46add8c6@jcc.com> Message-ID: > > With IPv6, ULA addressing defined in RFC 4193 > > http://www.ietf.org/rfc/rfc4193.txt allows one to isolate > most of the > > internal network using non-routable addresses. Combine that > with the > > typical enterprise configuration of firewall, web proxy, > and internal > > email service. You don't even need NAT in this scenario. > > > > rfc4193 describes a mechanism for allocating local addresses > that are not routed outside of a site. > > However, any node that needs to be reachable from outside of > the site or any node that needs to communicate with nodes > outside of the site also needs to have a global address. > > How does this help? In network engineering, it is rare to find nice neat solutions that cover 100% of the use cases. ULA addressing is not presented as a 100% solution. But it does cover a number of important use cases, particularly in Enterprise networks. Therefore ULA addressing does help roll out IPv6 services. As for global access, the most straightforward way is to use PI or PA addresses. But you could also decide to continue using existing IPv4 infrastructure for that. And since many enterprises purposely ban the majority of their hosts from direct Internet access, the problem is reduced to one of setting up appropriate proxy servers. In such enterprises, a web proxy combined with IPv6 access to the corporate email system is sufficient to cover the majority of use cases. In my opinion, it would be foolish for any organization to attempt a conversion from IPv4 to IPv6 at this time, even a phased conversion. It makes far more sense to begin implementing IPv6 with the intent that in the near future, all internal network GROWTH will be accomodated with IPv6 infrastructure. IPv4 is not going away and if you have ARIN allocations/assignments today, you will have them even after the global IPv4 free pool is exhausted. Once an organization is in a position where all necessary network growth can be handled with IPv6 addresses, they are extremely unlikely to suffer any negative consequences of IPv4 exhaustion. At that point, the question of shutting off IPv4 or migrating away from IPv4 is a completely separate issue that each organization should resolve according to their own needs. As far as ARIN is concerned, we want to encourage organizations to deploy IPv6 sufficiently to mitigate any negative effects of IPv4 exhaustion, but we don't care whether they go any further than that. We are stewards of the IPv4 space as well as IPv6 space, and as long as people need a registry for globally unique IPv4 addresses, ARIN will provide that service. I expect that it will be at least 25 years before people seriously considering dropping IPv4 registry services. --Michael Dillon From drc at virtualized.org Sun Jul 29 22:42:43 2007 From: drc at virtualized.org (David Conrad) Date: Sun, 29 Jul 2007 19:42:43 -0700 Subject: [ppml] PIv6 for legacy holders (/w RSA + efficient use) In-Reply-To: <65115.1185725352@sa.vix.com> References: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com> <46AA8423.5060202@internap.com> <3c3e3fca0707271832y749f09ccw38ddf7b7a4f3d435@mail.gmail.com> <46AAA4C3.3050103@internap.com> <3c3e3fca0707271944v6fca3ccel68547b6067a34a9c@mail.gmail.com> <46AAB480.6020400@internap.com> <6eb799ab0707280622o313680b7gc639fa2bade0fd5f@mail.gmail.com> <46AB6585.7080900@psg.com> <6eb799ab0707281047l71652f57n9f75737c2bef054f@mail.gmail.com> <46AC0DF3.8050902@psg.com> <3c3e3fca0707290212r74d8d8adod8489ab5f9d9d8bf@mail.gmail.com> <46ACB03E.4020208@psg.com> <65115.1185725352@sa.vix.com> Message-ID: <6C350250-4E0A-49B7-A8DE-A2A24335BBD9@virtualized.org> Paul, On Jul 29, 2007, at 9:09 AM, Paul Vixie wrote: > the > problem with this is that any IPv4-only target (like a web site) will > not be reachable to any IPv6-only initiator. I don't see this as a big concern: "IPv6-only" does not preclude the use of RFC 1918 and NAT if you assume ISPs will continue to be able to provide /32s as IPv4 NAT end points for the foreseeable future (a safe bet, I'd argue). One might even envision a business model where ISPs obtain additional revenues by leasing IPv4 PA /32s for customer servers... Rgds, -drc From Thys at Zinpro.com Mon Jul 30 10:07:01 2007 From: Thys at Zinpro.com (COETZEE, Thys) Date: Mon, 30 Jul 2007 09:07:01 -0500 Subject: [ppml] Policy Proposal 2007-15: Authentication ofLegacyResources In-Reply-To: References: <35731.1185477551@sa.vix.com> Message-ID: ... the rate of depletion is secondary to the fact that depletion will occur. If we focus on rate then a thirsty man will die before he gets his next water ration. _________________________________________________________________ Thys Coetzee Director of Information Technology email: thys at zinpro.com Zinpro Performance Minerals???????? tel : 952-983-4000 10400 Viking Drive, Ste 240,??????? help: 952-983-3911 Eden Prairie,? MN? 55344? USA?????? www.zinpro.com _________________________________________________________________ -----Original Message----- From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On Behalf Of Dean Anderson Sent: Friday, July 27, 2007 9:45 AM To: Paul Vixie Cc: ppml at arin.net Subject: Re: [ppml] Policy Proposal 2007-15: Authentication ofLegacyResources On Thu, 26 Jul 2007, Paul Vixie wrote: > within a couple of years, IANA will have no more space to give ARIN > and the other RIRs, and shortly after that moment, ARIN and the other > RIRs will have no more space to give ISPs and LIRs. the common name > for this is "IPv4 pool depletion" and there is no controversy or > disagreement as to the inevitability of that depletion. There is no data associated with these claims. As Lord Kelvin said, "your knowledge is of a meager and unsatisfactory kind". Can the ARIN staff report on the past rate of delegation (in total IP addresses and in total blocks, year by year, and the current year month by month? Of course, everything runs out eventually. However, there are things that we can do to prolong that time as long as possible. Delay in Assignment Processing of Requests Smaller Assignments Tougher requirements If ARIN (and IANA) adopt a policy of measuring the rate of delegation against the expected depletion time at the current rate, and adjust the above parameters so that depletion will not occur for, say, 10 years, then we will see an exponential decreasing rate of delegation, but we will never run out of address space. Certainly not in the next 20 or 30 years, after which time we can expect that IPv6 is the preferred protocol, and we will never run out of IPv6 space. No more than the expected amount of IP addresses can be assigned in a given year. Pending requests would be delayed to the next year, and then assigned in the next year's policy to achieve 10 year depletion. --Dean -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000 _______________________________________________ This message sent to you through the ARIN Public Policy Mailing List (PPML at arin.net). Manage your mailing list subscription at: http://lists.arin.net/mailman/listinfo/ppml From Keith at jcc.com Mon Jul 30 10:16:52 2007 From: Keith at jcc.com (Keith W. Hare) Date: Mon, 30 Jul 2007 10:16:52 -0400 Subject: [ppml] PIv6 for legacy holders (/w RSA + efficient use) Message-ID: > -----Original Message----- > From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On > Behalf Of michael.dillon at bt.com > Sent: Monday, July 30, 2007 8:56 AM > To: ppml at arin.net > Subject: Re: [ppml] PIv6 for legacy holders (/w RSA + efficient use) > ... > > In my opinion, it would be foolish for any organization to attempt a > conversion from IPv4 to IPv6 at this time, even a phased > conversion. It > makes far more sense to begin implementing IPv6 with the > intent that in > the near future, all internal network GROWTH will be accomodated with > IPv6 infrastructure. IPv4 is not going away and if you have ARIN > allocations/assignments today, you will have them even after > the global > IPv4 free pool is exhausted. > For a lot of organizations, this makes sense. However, if I want to start now there are a lot of things I need that do not seem to be available: -- IPv6 addresses -- If I can demonstrate that I'm going to use a lot of IPv6 addresses and can use them efficiently, I can get an assignment, but I'm probably never going to use more than 10 subnets. -- Firewall -- Yes, I could build my own with linux and freely available software. We did that with IPv4 10 years ago. Today, I would prefer to purchase an off-the-shelf model. -- Software support -- Many operating systems have some level of IPv6 support in them. But what about data-access protocols such as ODBC, JDBC, and OCI? I can't test these until I have an IPv6 network in place. If IPv6 is going to be adopted, there has to be a critical mass of network devices and software that supports it. That critical mass has to include both high-end and medium to low-end routers & firewalls. I'm only going to purchase a couple of US$ 5,000 devices, so we need a lot of organizations like mine to drive vendors to build US$ 5,000 level devices. To do this, we need a lot of organizations that say "Hey, we now have IPv6 addresses, we need equipment and software that use them." Keith ______________________________________________________________ Keith W. Hare JCC Consulting, Inc. keith at jcc.com 600 Newark Road Phone: 740-587-0157 P.O. Box 381 Fax: 740-587-0163 Granville, Ohio 43023 http://www.jcc.com USA ______________________________________________________________ From kkargel at polartel.com Mon Jul 30 10:30:16 2007 From: kkargel at polartel.com (Kevin Kargel) Date: Mon, 30 Jul 2007 09:30:16 -0500 Subject: [ppml] Soliciting comments: IPv4 to IPv6 fast migration In-Reply-To: Message-ID: <70DE64CEFD6E9A4EB7FAF3A0631410667071D2@mail> I think you guys don't understand how the area code system on telephones work. With local number portability you do not get to just magically move a number to a different area and everyone knows where to find you. The area code you moved is still assigned to the home switch for the original area. When you dial that number you are first connected to the original switch. That switch then has to look up the ported number in its database, decide which switch the number really belongs to and redirects you to the appropriate switch. LNP made telephone routing more complicated, increased call failure, and increased hardware cost. All this was done to accommodate a feature that was mandated to the telco's by the government. This increased complexity and hardware comes at a cost. You can safely assume the telco's are not going to absorb that added cost out of the goodness of their hearts. The added cost will be passed on to the provider. The same thing will happen in the TCP world if "local IP portability" is forced and aggrability is abandoned. > -----Original Message----- > From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On > Behalf Of Ted Mittelstaedt > Sent: Friday, July 27, 2007 5:07 PM > To: John Santos; ppml at arin.net > Cc: William Herrin; Keith W. Hare > Subject: Re: [ppml] Soliciting comments: IPv4 to IPv6 fast migration > > > > >-----Original Message----- > >From: John Santos [mailto:JOHN at egh.com] > >Sent: Friday, July 27, 2007 1:44 PM > >To: ppml at arin.net > >Cc: William Herrin; Keith W. Hare; Ted Mittelstaedt > >Subject: Re: [ppml] Soliciting comments: IPv4 to IPv6 fast migration > > > > > >On Fri, 27 Jul 2007, Ted Mittelstaedt wrote: > > > >> > >> > >> >-----Original Message----- > >> >From: ppml-bounces at arin.net > [mailto:ppml-bounces at arin.net]On Behalf > >> >Of William Herrin > >> >Sent: Friday, July 27, 2007 9:14 AM > >> >To: Keith W. Hare > >> >Cc: ppml at arin.net > >> >Subject: Re: [ppml] Soliciting comments: IPv4 to IPv6 > fast migration > >> > > >> > > >> >On 7/27/07, Keith W. Hare wrote: > >> >> With some amount of push from customers and lawmakers, the > >> >> telephone companies have moved from Provider Agregatable phone > >> >> numbers > >to Provider > >> >> Independent phone numbers. > >> > > >> >That's a great point Keith. And here's the nasty part: > because they > >> >waited until the issue was forced, they had to make it fully PI, > >> >individual number by individual number. They lost the > option to use > >> >some sort of sensible grouping strategy. > >> > > >> > >> I think we have carried this analogy to the point of silliness. > >> > >> Area codes still create groups. But more importantly, the phone > >> number can be an abstraction because it is only used 1 time during > >> the call - at the beginning for the phone switches to > setup the call. > >> Once that is complete and the query into the lookup table that > >> matches the PI phone number to the internal routing number used by > >> the phone company is complete, the table isn't queried again. > >> > >> With IP traffic, to implement something similar to a PI IP > address, > >> you would have to have every non-edge router on the > Internet make a > >> query to a lookup table of some sort, and they would have to do it > >> for every packet. For a VoIP phone call that might have 10,000 > >> packets in the entire call that passes through the routers during > >> call existence. You can't do a query for each packet. > That is why > >> IP is still going to require some sort of "sensible grouping" > >> and why telephone numbers don't. > > > >Not really. The first non-edge router could look up a "physical" > >IP address, cache it, and forward all packets for the "virtual" PI > >address to that physical address (encapsulated with the original > >virtual address still attached.) The "physical" address could be > >either the current provider-provided PA address of the > destination or > >the address of a router "close" to the destination. If its > a router at > >that address it would then extract the original packet and > forward it > >to the (close-by) destination. None of the intermediate > routers would > >have to know anything about the destination PI address. The > only time > >you would need to do a second lookup of an established (i.e. > >recently used) connection is if the cache overflowed, or the > >destination physical address died, or if the destination > router decided > >there was a better route to the virtual destination address. > > > >(N.B. This encapsulation could either ipv4 or ipv6 packets and the > >virtual source/destinations could also be either ipv4 or 6.) > > > >This is pretty much how cell phones work (where the "virtual" > >10-digit phone number gets re-routed every time it changes > cells), and > >how number portability works for regular PSTN numbers, at a > huge degree > >of abstraction. > > > >Telephone numbers don't require grouping precisely because a lookup > >like this is done at call origination time (and for cell numbers, on > >the relatively rare occasions when a phone moves to a different > >cell.) I'm not as familier with IP routing, but I get the > impression > >the routing folks are looking into exactly this sort of thing. It > >would be enormously useful for things like mobile VOIP. > > > > Once again, I think this analogy has been carried too far. > Now your saying that all routers on the Internet would have > to be redesigned for this analogy to work. Did the telephone > network have to be completely redesigned and all phone > switches replaced for PI? > > Ted > _______________________________________________ > This message sent to you through the ARIN Public Policy > Mailing List (PPML at arin.net). > Manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml > From stephen at sprunk.org Mon Jul 30 10:12:36 2007 From: stephen at sprunk.org (Stephen Sprunk) Date: Mon, 30 Jul 2007 09:12:36 -0500 Subject: [ppml] PIv6 for legacy holders (/w RSA + efficient use) References: <304f40a4687d35bdcf5268f196c594ab46adc2de@jcc.com> Message-ID: <00ed01c7d2b6$cc467980$5b3816ac@atlanta.polycom.com> Thus spake "Keith W. Hare" >> I would say IPv6 PI space _must_ be available or the lack >> would be such a major obstacle to V6 adoption that it would >> be a problem definitely needing solution. >> >> Some users of IP will deem it critical for their purposes >> that they have PI addressing. >> >> But from what I see in the the current NRPM, there _IS_ ipv6 >> PI space. Am I missing something? >> >> >> "6.5.8. Direct assignments from ARIN to end-user organizations >> >> 6.5.8.1. Criteria >> >> To qualify for a direct assignment, an organization must: >> >> 1. not be an IPv6 LIR; and >> 2. qualify for an IPv4 assignment or allocation from ARIN under >> the IPv4 policy currently in effect. >> " > > The criteria for qualifying for an IPv4 assignment are fairly > restrictive. All you need is ~256 hosts if you're multihomed, ~1024 if you're not. If that's "fairly restrictive", well, put up a policy proposal to lower the bar for both v4 and v6. There was one during the last policy cycle, and it was shot down -- not for routing slot reasons, but due to fears of spammers. Another attempt, with more attention to that issue, may succeed. S Stephen Sprunk "Those people who think they know everything CCIE #3723 are a great annoyance to those of us who do." K5SSS --Isaac Asimov From michael.dillon at bt.com Mon Jul 30 11:10:57 2007 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Mon, 30 Jul 2007 16:10:57 +0100 Subject: [ppml] PIv6 for legacy holders (/w RSA + efficient use) In-Reply-To: References: Message-ID: > -- Firewall -- Yes, I could build my own with linux and > freely available software. We did that with IPv4 10 years > ago. Today, I would prefer to purchase an off-the-shelf model. A few minutes with Google found this quote from VARBusiness magazine. Because IPv6-supported firewalls are now widely available, agencies likely won't run into trouble finding the right equipment. Cisco, Check Point Software Technologies and other major vendors now offer IPv6 firewall solutions. IPv6-enabled firewalls can also be configured using open-source Linux and Berkeley Software Distribution, or BSD, operating systems. I suggest that you need to either contact Juniper/Cisco/Checkpoint with your requirements or find a consulting firm that will install and support an off-the-shelf IPv6 firewall for you. > -- Software support -- Many operating systems have some level > of IPv6 support in them. But what about data-access > protocols such as ODBC, JDBC, and OCI? I can't test these > until I have an IPv6 network in place. You've just made the business case for setting up an IPv6 test environment today. If your test environment shows that IPv4 is essential for DB communication, then it will also allow you to trial workarounds such as IPv4 over IPv6 tunnels, or an application layer gateway. The IPv6 purists will curse you for implementing such things but in most organizations the goal is to make it work, reduce risk, keep costs under control, and deliver value to the customer. > If IPv6 is going to be adopted, there has to be a critical > mass of network devices and software that supports it. > > That critical mass has to include both high-end and medium to > low-end routers & firewalls. I'm only going to purchase a > couple of US$ 5,000 devices, so we need a lot of > organizations like mine to drive vendors to build US$ 5,000 > level devices. > > To do this, we need a lot of organizations that say "Hey, we now have > IPv6 addresses, we need equipment and software that use them." The accepted tool for doing this is the RFP process. Write a good Request For Proposals and circulate it to the vendors who you think may be able to deliver. Make sure that you do some research so that it does get in the hands of smaller IPv6 specialists as well as the well-known IPv4 companies. Since you are running the process, make sure that all vendors receive a list of the companies who received the RFP, run a Q&A session with the complete Q&A minutes distributed to all vendors. This type of RFP process a) lets vendors know there is demand for IPv6 support, b) lets vendors know who is a player in the IPv6 space and c) gives vendors a view of the kinds of questions that should be asked to fully understand the situation for the product installation. All of this generates buzz, wakes up product development teams, leads to acquisitions and generally gets IPv6 products on the market faster. --Michael Dillon From kkargel at polartel.com Mon Jul 30 11:32:13 2007 From: kkargel at polartel.com (Kevin Kargel) Date: Mon, 30 Jul 2007 10:32:13 -0500 Subject: [ppml] PIv6 for legacy holders (/w RSA + efficient use) In-Reply-To: <3c3e3fca0707280727x333c3193yead6bd7fa70234d5@mail.gmail.com> References: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com><58236.1185482997@sa.vix.com><3c3e3fca0707271617mc969245u40a107f57a2278e2@mail.gmail.com><46AA8423.5060202@internap.com><3c3e3fca0707271832y749f09ccw38ddf7b7a4f3d435@mail.gmail.com><46AAA4C3.3050103@internap.com><3c3e3fca0707271944v6fca3ccel68547b6067a34a9c@mail.gmail.com><46AAB480.6020400@internap.com><6eb799ab0707280622o313680b7gc639fa2bade0fd5f@mail.gmail.com> <3c3e3fca0707280727x333c3193yead6bd7fa70234d5@mail.gmail.com> Message-ID: <70DE64CEFD6E9A4EB7FAF3A0631410667071D6@mail> Well, I tell you what, I am sitting primed and ready to deploy v6, I have my allocation and have plugged it in to my edge routers, but neither my tier2 nor my tier3 providers offer it here yet. The question of v4 vs. v6 is basically moot until v6 is available on the common backbones. I realize v6 is out there and working somewhere, but here in our part of the midwest in is unaccessable. I have put in numerous requests to my upstreams, but so far they do not seem interested in routing v6. They politely accept my request and say all the nice things about wanting suggestions, but nothing happens. Kevin :$s/worry/happy/g > -----Original Message----- > From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On > Behalf Of William Herrin > Sent: Saturday, July 28, 2007 9:27 AM > To: James Hess > Cc: ARIN Address Policy > Subject: Re: [ppml] PIv6 for legacy holders (/w RSA + efficient use) > > On 7/28/07, James Hess wrote: > > I.E. Set a deadline on any extra "carrots" for V4 legacy > holders to > > sign the RSA and get V6 space to automatically expire say some time > > around 2010, when V6 will have become a necessity. > > James, > > I concur. The primary value to the exercise lies in > convincing IPv4 registrants to deploy IPv6 prior to IPv4 > depletion. If they're unwilling to do that for the > community's sake then the community should afford them no > extra privilege. > > Regards, > Bill Herrin > > -- > William D. Herrin herrin at dirtside.com bill at herrin.us > 3005 Crane Dr. Web: > Falls Church, VA 22042-3004 > _______________________________________________ > This message sent to you through the ARIN Public Policy > Mailing List (PPML at arin.net). > Manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml > From stephen at sprunk.org Mon Jul 30 11:30:55 2007 From: stephen at sprunk.org (Stephen Sprunk) Date: Mon, 30 Jul 2007 10:30:55 -0500 Subject: [ppml] Policy Proposal 2007-15: Authentication ofLegacyResources References: <026401c7cef6$749e8150$423816ac@atlanta.polycom.com> <46A7B949.1060304@dilkie.com> Message-ID: <014201c7d2bf$5d47c6c0$5b3816ac@atlanta.polycom.com> Thus spake "Lee Dilkie" > Stephen Sprunk wrote: >> Note that the legacy holders who've spoken up here have no >> argument with signing the RSA or paying the current $100/yr fee. >> What they're asking for is to be exempt from public policy, or at >> least parts thereof that adversely affect them. > > Actually Stephen. While I support all your arguments (and Owen's > POV as well), *I* do have a problem with a $100/yr fee when I > get almost *nothing* in return. I hardly think RDNS costs $100/yr > to hold my records*. And trying to extort that much money for such > a nominal service is, well, extortion. Or would be if it actually > mattered all that much. Perhaps the fee is too high; one would have to get detailed accounting information from ARIN on what their services actually cost for various types of subscribers, how much goes towards amortizing fixed costs, etc. That's somewhat off-topic here; I think arin-discuss is the correct list for that. > Also, I think the whole point of getting legacy holders to sign the > RSA *is* to bring them into the public policy fold, not continue > their exemption. That's some people's intent. Others of us are willing to extend the exemptions because our goal is merely to have them in the fold and we know that even if we revoked legacy resources (which is fraught with legal complications), it wouldn't appreciably change the IPv4 exhaustion timeline. Legacy blocks in particular are popular targets for spammers because ARIN doesn't have any contractual relationship to determine who the legitimate holder/contact for a given block is. Tracking that down costs ARIN a lot of money, and getting the legacy space under RSA -- even without fees -- would be a net savings to us all. > * - and before you point out that ARIN's $10M/yr buget does all > sorts of other "good" things, not one single "good" thing affects > those end-users who are not growing their networks. You never use RDNS for any network maintained by ARIN? You never use WHOIS? You've never sent a message to a mailing list run by ARIN, such as this one? Someone has to pay for those things. > If you want to get into a discussion on what's "fair", ask yourself if > it's "fair" that all your membership pays excessive fees that are > used to subsidize new requests. New requests have a significantly larger fee which covers the up-front costs involved in making an assignment or allocation. They are not "subsidized" by maintenance fees AFAICT. >> ARIN made a promise to do something, and it's doing it. We >> cannot ignore that promise simply because you find it >> inconvenient. It's taken a long time for ARIN to build a good >> reputation in the community, and it'd be stupid of us to throw >> that away by ignoring promises made and then expect >> people to trust us in the future with such a track record. > > I've watched this list for months now. My views on ARIN were neutral > before (lack of exposure/contact). They certainly are not anymore. I > asked around at work and ARIN certainly does have a reputation, but it > isn't a good one. And I can see why. Poisonous vitriolic attitudes > towards legacy holders (them damn free-loaders!), a complete lack of > understanding on how to roll out and encourage ipv6, the roll ipv4 will > play in the future and for how long.... ... > Now. It's entirely possible (and I hope it is) that my views are > shaped by a minority of the membership, a vocal minority that > frequents this list. Please take a closer look; there are certain high-volume commenters that have such attitudes, but the majority of commenters are bright, reasonable folks who are just trying to determine the best path for the community. And then there's the vast, silent majority... The policy process, unfortunately, is a bit like making sausage. There's lots of kooky stuff that gets proposed, and lots of trolls trying to disrupt the process. However, please don't confuse that with what policies actually get approved and implemented -- those are pretty reasonable. > I hope that ARIN proper (the staff) does have a good sense of > their purpose and tries to moderate things down to reasonable > levels. I am encouraged by a number of staff recommendations > against proposals that came out earlier this year. I haven't seen staff explicitly take any position; they seem to restrain themselves to commenting on wording and logistical issues with proposals, not whether they're good ideas or not. You may be confusing some of the more rational folks here with staffers, or taking the occasional personal comment by BoT or AC members as being some sort of official stand. > Anyway. My take on this policy? It's a thinly veiled grab at the > legacy holders (again). This particular one? I agree. I seriously doubt it, or anything along the same lines, will get passed in Albuquerque. S Stephen Sprunk "Those people who think they know everything CCIE #3723 are a great annoyance to those of us who do." K5SSS --Isaac Asimov From stephen at sprunk.org Mon Jul 30 11:56:19 2007 From: stephen at sprunk.org (Stephen Sprunk) Date: Mon, 30 Jul 2007 10:56:19 -0500 Subject: [ppml] Policy Proposal 2007-15: Authentication ofLegacyResources References: <004e01c7cf91$3f2c3da0$513816ac@atlanta.polycom.com> <6eb799ab0707261836g35517792n93c07d45b87999ed@mail.gmail.com> Message-ID: <01b301c7d2c4$aed38830$5b3816ac@atlanta.polycom.com> Thus spake "James Hess" > If ARIN formulates a special RSA for them where they get a free > waiver from the rules and a waiver from the fees... then nothing at > all is really accomplished. Yes, something would be accomplished. For one thing, ARIN would know that the block is still being used, not abandoned. For another, it would make it much harder for spammers to hijack blocks (a very common problem, according to staff at the last meeting) if ARIN had a contract with the legitimate holder. Getting legacy blocks under policy would be nice, as would collecting the same fees non-legacy holders pay for the same services, but neither of those are necessary for the community to benefit. > I say with certainty the carrot would not have close to 100% > success, and it's best to have the stick ready up front, rather than > keep it hidden behind the back "for later". I find it distasteful to discuss sticks before we try to come up with carrots and see how effective they are. At minimum, it shows bad faith. Likewise, I don't see much purpose in discussing carrots until ARIN does some outreach to at least make legacy holders aware of ARIN and give them an opportunity to join on the existing terms. We've heard from legacy holders here that want to join and can't figure out how, and there are thousands that have never even heard of ARIN. IMHO, those problems need to be solved before we discuss carrots _or_ sticks, and the success level of those efforts will dictate what later discussions will look like. S Stephen Sprunk "Those people who think they know everything CCIE #3723 are a great annoyance to those of us who do." K5SSS --Isaac Asimov From paul at vix.com Mon Jul 30 12:43:27 2007 From: paul at vix.com (Paul Vixie) Date: Mon, 30 Jul 2007 16:43:27 +0000 Subject: [ppml] PIv6 for legacy holders (/w RSA + efficient use) In-Reply-To: Your message of "Sun, 29 Jul 2007 22:57:31 -1000." <46ADA7FB.60809@psg.com> References: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com> <46AA8423.5060202@internap.com> <3c3e3fca0707271832y749f09ccw38ddf7b7a4f3d435@mail.gmail.com> <46AAA4C3.3050103@internap.com> <3c3e3fca0707271944v6fca3ccel68547b6067a34a9c@mail.gmail.com> <46AAB480.6020400@internap.com> <6eb799ab0707280622o313680b7gc639fa2bade0fd5f@mail.gmail.com> <46AB6585.7080900@psg.com> <6eb799ab0707281047l71652f57n9f75737c2bef054f@mail.gmail.com> <46AC0DF3.8050902@psg.com> <3c3e3fca0707290212r74d8d8adod8489ab5f9d9d8bf@mail.gmail.com> <46ACB03E.4020208@psg.com> <65115.1185725352@sa.vix.com> <46AD3623.6070309@psg.com> <82295.1185764561@sa.vix.com> <46AD6152.4060501@psg.com> <7319.1185771440@sa.vix.com> <46ADA7FB.60809@psg.com> Message-ID: <69726.1185813807@sa.vix.com> > > for another thing you seem to assume that the step function in value > > (customer's reachability) and cost (training, equipment, operations) for > > those who choose an IPv6 alternative _as a result of_ IPv4 "costs" rather > > than having planned for it, will be so low as to not be called a > > catastrophy. > > yep. the net is not going to balkanize. so you can pay one set of costs > now, a slightly different set in a year, another a year more out, etc. no > radical change is going to happen here. that's net-centric thinking. the internet won't die from this affliction, i agree with that. a lot of individual isp's will die from it, and, a lot of individual enterprise career paths will be flattened by it too. if 25% of the net makes money when the ipv6 switch happens, and 50% fails to lose money, and 25% loses money, then the net survives. but depending on which % each of us falls into, we might say we got tutored. leaving it at that would be a kind of tough love incompatible with stewardship. if some folks float to the tail of the curve by conscious choice, well, there wasn't much we could do about it. (i have a teenager at home now, so i'm hip to this.) but this community has a lot of consciousness raising to do before that choice can be thought to have been conscious. From paul at vix.com Mon Jul 30 12:47:57 2007 From: paul at vix.com (Paul Vixie) Date: Mon, 30 Jul 2007 16:47:57 +0000 Subject: [ppml] PIv6 for legacy holders (/w RSA + efficient use) In-Reply-To: Your message of "Sun, 29 Jul 2007 19:42:43 MST." <6C350250-4E0A-49B7-A8DE-A2A24335BBD9@virtualized.org> References: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com> <46AA8423.5060202@internap.com> <3c3e3fca0707271832y749f09ccw38ddf7b7a4f3d435@mail.gmail.com> <46AAA4C3.3050103@internap.com> <3c3e3fca0707271944v6fca3ccel68547b6067a34a9c@mail.gmail.com> <46AAB480.6020400@internap.com> <6eb799ab0707280622o313680b7gc639fa2bade0fd5f@mail.gmail.com> <46AB6585.7080900@psg.com> <6eb799ab0707281047l71652f57n9f75737c2bef054f@mail.gmail.com> <46AC0DF3.8050902@psg.com> <3c3e3fca0707290212r74d8d8adod8489ab5f9d9d8bf@mail.gmail.com> <46ACB03E.4020208@psg.com> <65115.1185725352@sa.vix.com> <6C350250-4E0A-49B7-A8DE-A2A24335BBD9@virtualized.org> Message-ID: <76042.1185814077@sa.vix.com> > > the problem with this is that any IPv4-only target (like a web site) will > > not be reachable to any IPv6-only initiator. > > I don't see this as a big concern: "IPv6-only" does not preclude the use of > RFC 1918 and NAT if you assume ISPs will continue to be able to provide /32s > as IPv4 NAT end points for the foreseeable future (a safe bet, I'd argue). > One might even envision a business model where ISPs obtain additional > revenues by leasing IPv4 PA /32s for customer servers... this sounds fatalistic. like "it is our destiny to squeeze every last possible route into the V4 DFZ" and "it is our destiny to use V4 as long as humanly possible" and "it is our destiny to use V4 until the additive and inertial costs of switching to V6 are terrible to witness". for those of you who feel that human nature dictates a tipping point be reached and surpassed, either in V4/V6 transition or global warming or whatever, some set of options will appear to be on vs. off the table. for me, who still thinks nonfatalistic thoughts about the V4/V6 transition, a different set of options will appear to be on vs. off the table. From info at arin.net Mon Jul 30 12:51:27 2007 From: info at arin.net (Member Services) Date: Mon, 30 Jul 2007 12:51:27 -0400 Subject: [ppml] Policy Proposal: Definition of known ISP and changes to IPv6 initial allocation criteria Message-ID: <46AE170F.6010901@arin.net> ARIN received the following policy proposal. In accordance with the ARIN Internet Resource Policy Evaluation Process, the proposal is being posted to the ARIN Public Policy Mailing List (PPML) and being placed on ARIN's website. The ARIN Advisory Council (AC) will review this proposal at their next regularly scheduled meeting. The AC may decide to: 1. Accept the proposal as a formal policy proposal as written. If the AC accepts the proposal, it will be posted as a formal policy proposal to PPML and it will be presented at a Public Policy Meeting. 2. Postpone their decision regarding the proposal until the next regularly scheduled AC meeting in order to work with the author. The AC will work with the author to clarify, combine or divide the proposal. At their following meeting the AC will accept or not accept the proposal. 3. Not accept the proposal. If the AC does not accept the proposal, the AC will explain their decision. If a proposal is not accepted, then the author may elect to use the petition process to advance their proposal. If the author elects not to petition or the petition fails, then the proposal will be closed. The AC will assign shepherds in the near future. ARIN will provide the names of the shepherds to the community via the PPML. In the meantime, the AC invites everyone to comment on this proposal on the PPML, particularly their support or non-support and the reasoning behind their opinion. Such participation contributes to a thorough vetting and provides important guidance to the AC in their deliberations. The ARIN Internet Resource Policy Evaluation Process can be found at: http://www.arin.net/policy/irpep.html Mailing list subscription information can be found at: http://www.arin.net/mailing_lists/ Regards, Member Services American Registry for Internet Numbers (ARIN) ## * ## Policy Proposal Name: Definition of known ISP and changes to IPv6 initial allocation criteria Author: Kevin Loch Proposal Version: 1 Submission Date: 2007-07-27 Proposal type: new Policy term: permanent Policy statement: Add the following section 6.2.10: 6.2.10 Existing ISP An existing ISP is an organization which meets the following criteria: 1. Has IPv4 or IPv6 address space directly allocated by ARIN; or 2. Has at least a total of an IPv4 /23 or an IPv6 /44 of address space reallocated to them via SWIP by one or more upstream ISPs. Address space directly assigned from ARIN or reassigned from upstream ISPs does not count towards these requirements. Replace 6.5.1.1 (d) with the following text: d. be an existing ISP in the ARIN region or have a plan for making assignments to at least 200 separate organizations within five years. Rationale: This policy proposal would change two things in the IPv6 Initial allocation criteria. It adds a definition for "known ISP" and changes "200 /48 assignments" to 200 assignments of any size, but to separate organizations. Existing ISP: The term "existing, known ISP" in the IPv6 ISP qualification section is too vague and does not give ARIN staff sufficient guidance for evaluating qualifications. This text defines "existing, ISP" in a precise manner and removes the unnecessary and ambiguous word "known". It has come to the author's attention that several organizations have been refused IPv6 ISP allocations because they were not considered an existing, known ISP. At least one of these organizations has a /18 worth of IPv4 space reallocated to them by various upstream ISPs and over 200 IPv4 customers. An organization's choice to use provider addresses does not have any affect on whether or not they are in fact an ISP. Address space that has been reallocated (not reassigned) is a good indicato of an ISP as those SWIP templates are only supposed to be used for downstream ISPs. The IPv4 /23 value was selected to match the utilization requirement for the smallest direct IPv4 allocation from ARIN under current policy. The IPv6 /44 value was selected to represent a number of downstream customers comparable to the IPv4 requirements. Updates to IPv6 initial allocation criteria: Section 6.5.4.1 recommends /56 assignments in some cases and /48 assignments in others. The Initial allocation criteria should reflect the flexibility of these recommendations. An ISP should not have to provide an inefficient address plan on their application even though they expect to have over 200 IPv6 customers. Timetable for implementation: Immediate From sleibrand at internap.com Mon Jul 30 13:01:45 2007 From: sleibrand at internap.com (Scott Leibrand) Date: Mon, 30 Jul 2007 10:01:45 -0700 Subject: [ppml] Policy Proposal: Definition of known ISP and changes to IPv6 initial allocation criteria In-Reply-To: <46AE170F.6010901@arin.net> References: <46AE170F.6010901@arin.net> Message-ID: <46AE1979.5080500@internap.com> I think this proposal moves in the right direction. However, I think it goes a bit too far in allowing any organization with a /23 of IPv4 PA space to get an IPv6 /32 if they can get their ISP to re-SWIP it as an allocation. I think it would be more appropriate to require that, to be a known ISP, an organization must reassign and/or reallocate a /23 worth of space to their own downstream customers. Such reassignments and reallocations are already covered under existing policy requiring justification and efficient use, so this criterion would be much harder to game. It would also be worthwhile for the policy to recognize that not all reallocations and reassignments are done via SWIP: rwhois should be just as good. -Scott Member Services wrote: > ARIN received the following policy proposal. In accordance with the ARIN > Internet Resource Policy Evaluation Process, the proposal is being > posted to the ARIN Public Policy Mailing List (PPML) and being placed on > ARIN's website. > > The ARIN Advisory Council (AC) will review this proposal at their next > regularly scheduled meeting. The AC may decide to: > > 1. Accept the proposal as a formal policy proposal as written. If the > AC accepts the proposal, it will be posted as a formal policy proposal > to PPML and it will be presented at a Public Policy Meeting. > > 2. Postpone their decision regarding the proposal until the next > regularly scheduled AC meeting in order to work with the author. The AC > will work with the author to clarify, combine or divide the proposal. At > their following meeting the AC will accept or not accept the proposal. > > 3. Not accept the proposal. If the AC does not accept the proposal, > the AC will explain their decision. If a proposal is not accepted, then > the author may elect to use the petition process to advance their > proposal. If the author elects not to petition or the petition fails, > then the proposal will be closed. > > The AC will assign shepherds in the near future. ARIN will provide the > names of the shepherds to the community via the PPML. > > In the meantime, the AC invites everyone to comment on this proposal on > the PPML, particularly their support or non-support and the reasoning > behind their opinion. Such participation contributes to a thorough > vetting and provides important guidance to the AC in their deliberations. > > The ARIN Internet Resource Policy Evaluation Process can be found at: > http://www.arin.net/policy/irpep.html > > Mailing list subscription information can be found at: > http://www.arin.net/mailing_lists/ > > Regards, > > Member Services > American Registry for Internet Numbers (ARIN) > > > ## * ## > > > Policy Proposal Name: Definition of known ISP and changes to IPv6 > initial allocation criteria > > Author: Kevin Loch > > Proposal Version: 1 > > Submission Date: 2007-07-27 > > Proposal type: new > > Policy term: permanent > > Policy statement: > > Add the following section 6.2.10: > > 6.2.10 Existing ISP > > An existing ISP is an organization which meets the following > criteria: > > 1. Has IPv4 or IPv6 address space directly allocated > by ARIN; or > 2. Has at least a total of an IPv4 /23 or an IPv6 /44 of address > space reallocated to them via SWIP by one or more upstream > ISPs. > > Address space directly assigned from ARIN or reassigned from > upstream ISPs does not count towards these requirements. > > Replace 6.5.1.1 (d) with the following text: > > d. be an existing ISP in the ARIN region or have a plan for > making assignments to at least 200 separate organizations > within five years. > > Rationale: > > This policy proposal would change two things in the IPv6 > Initial allocation criteria. It adds a definition for > "known ISP" and changes "200 /48 assignments" to > 200 assignments of any size, but to separate organizations. > > Existing ISP: > > The term "existing, known ISP" in the IPv6 ISP qualification > section is too vague and does not give ARIN staff sufficient > guidance for evaluating qualifications. This text defines > "existing, ISP" in a precise manner and removes the unnecessary > and ambiguous word "known". > > It has come to the author's attention that several organizations > have been refused IPv6 ISP allocations because they were not > considered an existing, known ISP. At least one of these > organizations has a /18 worth of IPv4 space reallocated to them > by various upstream ISPs and over 200 IPv4 customers. An > organization's choice to use provider addresses does not > have any affect on whether or not they are in fact an ISP. > > Address space that has been reallocated (not reassigned) > is a good indicato of an ISP as those SWIP templates > are only supposed to be used for downstream ISPs. > > The IPv4 /23 value was selected to match the utilization > requirement for the smallest direct IPv4 allocation from ARIN > under current policy. > > The IPv6 /44 value was selected to represent a number > of downstream customers comparable to the IPv4 requirements. > > > Updates to IPv6 initial allocation criteria: > > Section 6.5.4.1 recommends /56 assignments in some cases and > /48 assignments in others. The Initial allocation criteria > should reflect the flexibility of these recommendations. > An ISP should not have to provide an inefficient address > plan on their application even though they expect to have > over 200 IPv6 customers. > > Timetable for implementation: Immediate > > > > > _______________________________________________ > This message sent to you through the ARIN Public Policy Mailing List > (PPML at arin.net). > Manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml > From colin at thusa.co.za Mon Jul 30 13:03:57 2007 From: colin at thusa.co.za (Colin Alston) Date: Mon, 30 Jul 2007 19:03:57 +0200 Subject: [ppml] PIv6 for legacy holders (/w RSA + efficient use) In-Reply-To: <70DE64CEFD6E9A4EB7FAF3A0631410667071D6@mail> References: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com><58236.1185482997@sa.vix.com><3c3e3fca0707271617mc969245u40a107f57a2278e2@mail.gmail.com><46AA8423.5060202@internap.com><3c3e3fca0707271832y749f09ccw38ddf7b7a4f3d435@mail.gmail.com><46AAA4C3.3050103@internap.com><3c3e3fca0707271944v6fca3ccel68547b6067a34a9c@mail.gmail.com><46AAB480.6020400@internap.com><6eb799ab0707280622o313680b7gc639fa2bade0fd5f@mail.gmail.com> <3c3e3fca0707280727x333c3193yead6bd7fa70234d5@mail.gmail.com> <70DE64CEFD6E9A4EB7FAF3A0631410667071D6@mail> Message-ID: <46AE19FD.4020800@thusa.co.za> On 30/07/2007 17:32 Kevin Kargel wrote: > > Well, I tell you what, I am sitting primed and ready to deploy v6, I > have my allocation and have plugged it in to my edge routers, but > neither my tier2 nor my tier3 providers offer it here yet. The question > of v4 vs. v6 is basically moot until v6 is available on the common > backbones. You have hit upon the nail, as it were. The nail of the thumb that is. If you wait until your backbone provisions v6, and that comes late (due to the significantly larger scale of their task) you are going to land yourself in an emergency situation which will cost far more money to recover from than early adoption - or at the very least a clear plan and prior groundwork. -- Colin Alston ______ Linux & Internet Services /\_\_\_\ Thusa Business Support (Pty) Ltd /\/\_\_\_\ http://www.thusa.co.za/ /\/\/\_\_\_\ Tel: (+27) 031 277 1257 \/\/\/_/_/_/ Fax: (+27) 031 277 1269 \/\/_/_/_/ \/_/_/_/ "To the world you may be one person, to one person you may be the world" ~ Rachel Ann Nunes. From randy at psg.com Mon Jul 30 13:05:37 2007 From: randy at psg.com (Randy Bush) Date: Mon, 30 Jul 2007 07:05:37 -1000 Subject: [ppml] PIv6 for legacy holders (/w RSA + efficient use) In-Reply-To: <8e707a764d7789eb11dad919c0be0a0846adc1cd@jcc.com> References: <8e707a764d7789eb11dad919c0be0a0846adc1cd@jcc.com> Message-ID: <46AE1A61.1020307@psg.com> > With IPv4, NAT allows one to isolate most of the internal network by > using non-routable addresses. So, switching ISPs means renumbering the > external nodes and revising some firewall rules. > > With IPv6, without NAT, switching vendors with PA space means > renumbering both the external and the internal network. so now we know yet another reason nats will be prevalent in the pure ipv6 world of our grandchildren randy From paul at vix.com Mon Jul 30 13:08:13 2007 From: paul at vix.com (Paul Vixie) Date: Mon, 30 Jul 2007 17:08:13 +0000 Subject: [ppml] PIv6 for legacy holders (/w RSA + efficient use) In-Reply-To: Your message of "Mon, 30 Jul 2007 19:03:57 +0200." <46AE19FD.4020800@thusa.co.za> References: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com><58236.1185482997@sa.vix.com><3c3e3fca0707271617mc969245u40a107f57a2278e2@mail.gmail.com><46AA8423.5060202@internap.com><3c3e3fca0707271832y749f09ccw38ddf7b7a4f3d435@mail.gmail.com><46AAA4C3.3050103@internap.com><3c3e3fca0707271944v6fca3ccel68547b6067a34a9c@mail.gmail.com><46AAB480.6020400@internap.com><6eb799ab0707280622o313680b7gc639fa2bade0fd5f@mail.gmail.com> <3c3e3fca0707280727x333c3193yead6bd7fa70234d5@mail.gmail.com> <70DE64CEFD6E9A4EB7FAF3A0631410667071D6@mail> <46AE19FD.4020800@thusa.co.za> Message-ID: <77342.1185815293@sa.vix.com> > > Well, I tell you what, I am sitting primed and ready to deploy v6, I > > have my allocation and have plugged it in to my edge routers, but > > neither my tier2 nor my tier3 providers offer it here yet. The question > > of v4 vs. v6 is basically moot until v6 is available on the common > > backbones. > > If you wait until your backbone provisions v6, and that comes late > (due to the significantly larger scale of their task) you are going to > land yourself in an emergency situation which will cost far more money > to recover from than early adoption - or at the very least a clear > plan and prior groundwork. to get going on IPv6 before you upstream can do so, try one of these URL's: https://tb.ipv6.btexact.com/start.html http://www.ipv6day.org/action.php?n=En.GetConnected-TB http://www.go6.net/4105/freenet.asp http://www.he.net/releases/release6.html From bmanning at vacation.karoshi.com Mon Jul 30 13:21:25 2007 From: bmanning at vacation.karoshi.com (bmanning at vacation.karoshi.com) Date: Mon, 30 Jul 2007 17:21:25 +0000 Subject: [ppml] PIv6 for legacy holders (/w RSA + efficient use) In-Reply-To: <46AE19FD.4020800@thusa.co.za> References: <3c3e3fca0707280727x333c3193yead6bd7fa70234d5@mail.gmail.com> <70DE64CEFD6E9A4EB7FAF3A0631410667071D6@mail> <46AE19FD.4020800@thusa.co.za> Message-ID: <20070730172124.GB4788@vacation.karoshi.com.> On Mon, Jul 30, 2007 at 07:03:57PM +0200, Colin Alston wrote: > On 30/07/2007 17:32 Kevin Kargel wrote: > > > > Well, I tell you what, I am sitting primed and ready to deploy v6, I > > have my allocation and have plugged it in to my edge routers, but > > neither my tier2 nor my tier3 providers offer it here yet. The question > > of v4 vs. v6 is basically moot until v6 is available on the common > > backbones. > > You have hit upon the nail, as it were. The nail of the thumb that is. > > If you wait until your backbone provisions v6, and that comes late > (due to the significantly larger scale of their task) you are going to > land yourself in an emergency situation which will cost far more money > to recover from than early adoption - or at the very least a clear > plan and prior groundwork. > > -- > Colin Alston ______ oh that this were universally true: "Poor planning on YOUR part does NOT make it an emergency on MY part." although the v6 zelots will have heartburn, and the routing purests will twist in the wind, the IETF, back when the E mattered, championed a transition strategy to deal w/ isolated communities who adopted new stuff. May I suggest a review of GRE and a listing of IPv6 friendly peers who will build/terminate your tunnels ... routing around the"Tier(x) ISP who can't or won't accomodate your valid request. --bill From info at arin.net Mon Jul 30 13:23:53 2007 From: info at arin.net (Member Services) Date: Mon, 30 Jul 2007 13:23:53 -0400 Subject: [ppml] Policy Proposal: PIv6 for legacy holders with RSA and efficient use Message-ID: <46AE1EA9.3010509@arin.net> ARIN received the following policy proposal. In accordance with the ARIN Internet Resource Policy Evaluation Process, the proposal is being posted to the ARIN Public Policy Mailing List (PPML) and being placed on ARIN's website. The ARIN Advisory Council (AC) will review this proposal at their next regularly scheduled meeting. The AC may decide to: 1. Accept the proposal as a formal policy proposal as written. If the AC accepts the proposal, it will be posted as a formal policy proposal to PPML and it will be presented at a Public Policy Meeting. 2. Postpone their decision regarding the proposal until the next regularly scheduled AC meeting in order to work with the author. The AC will work with the author to clarify, combine or divide the proposal. At their following meeting the AC will accept or not accept the proposal. 3. Not accept the proposal. If the AC does not accept the proposal, the AC will explain their decision. If a proposal is not accepted, then the author may elect to use the petition process to advance their proposal. If the author elects not to petition or the petition fails, then the proposal will be closed. The AC will assign shepherds in the near future. ARIN will provide the names of the shepherds to the community via the PPML. In the meantime, the AC invites everyone to comment on this proposal on the PPML, particularly their support or non-support and the reasoning behind their opinion. Such participation contributes to a thorough vetting and provides important guidance to the AC in their deliberations. The ARIN Internet Resource Policy Evaluation Process can be found at: http://www.arin.net/policy/irpep.html Mailing list subscription information can be found at: http://www.arin.net/mailing_lists/ Regards, Member Services American Registry for Internet Numbers (ARIN) ## * ## Policy Proposal Name: PIv6 for legacy holders with RSA and efficient use Author: Scott Leibrand Proposal Version: 1.0 Submission Date: 7/28/2007 Proposal type: new Policy term: permanent Policy statement: Modify NRPM section 6.5.8.1 (Direct assignments from ARIN to end-user organizations: Criteria), to read: To qualify for a direct assignment, an organization must: 1. not be an IPv6 LIR; and 2. qualify for an IPv4 assignment or allocation from ARIN under the IPv4 policy currently in effect, or demonstrate efficient utilization of a direct IPv4 assignment or allocation covered by a current ARIN RSA. Rationale: Current policy allows direct IPv6 allocations and assignments to nearly all organizations with IPv4 allocations or assignments from ARIN. As a result, such organizations can get IPv6 space just as easily as they can get IPv4 space, making it easy for them to transition to IPv6 as soon as they're ready to do so. However, there are some organizations who received IPv4 /23's and /24's prior to the formation of ARIN, and use that space in a multihomed, provider-independent fashion. Under current policy, such organizations cannot get IPv6 PI space without artificially inflating host counts, and are therefore discouraged from adopting IPv6. This policy proposal aims to remove this disincentive, and allow such organizations to easily adopt IPv6. In addition, pre-ARIN assignments were issued through an informal process, and many legacy resource holders have not yet entered into a formal agreement with ARIN, the manager of many such IP numbering resources. This policy proposal would require that such assignments be brought under a current ARIN Registration Services Agreement, thereby formalizing the relationship. Some pre-ARIN assignments may not be used efficiently. As unallocated IPv4 numbering resources are approaching exhaustion, it is important to ensure efficient utilization of IPv4 assignments, and to arrange for reclamation of unused space. Therefore, this policy would require that the organization wishing to receive IPv6 PI space demonstrate efficient utilization of their IPv4 assignment. (Efficient utilization is already defined elsewhere in policy, and the exact mechanism for achieving and determining efficient use is a matter of procedure, not of policy, so detailed procedures are not included in the policy statement above. The intent is that any organization with an assignment of /23 or larger which is less than 50% utilized would renumber and return whole unused CIDR blocks as necessary to bring the remaining CIDR block to 50% utilization or higher. A /24 should be considered efficiently utilized as long as it is in use for multihoming, as /25's and smaller are not routable for that purpose.) It has been suggested that this policy would be useful only until the growth of IPv6 exceeds the growth of IPv4. I would agree with this, and would further posit that the existing "qualify ... under the IPv4 policy currently in effect" language should also be modified at that time. I have therefore proposed this policy with a policy term of "permanent", with the expectation that this section of policy (6.5.8.1) will be rewritten at the appropriate time to entirely remove all IPv4 dependencies. Timetable for implementation: immediate From michael.dillon at bt.com Mon Jul 30 13:34:59 2007 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Mon, 30 Jul 2007 18:34:59 +0100 Subject: [ppml] PIv6 for legacy holders (/w RSA + efficient use) In-Reply-To: <70DE64CEFD6E9A4EB7FAF3A0631410667071D6@mail> References: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com><58236.1185482997@sa.vix.com><3c3e3fca0707271617mc969245u40a107f57a2278e2@mail.gmail.com><46AA8423.5060202@internap.com><3c3e3fca0707271832y749f09ccw38ddf7b7a4f3d435@mail.gmail.com><46AAA4C3.3050103@internap.com><3c3e3fca0707271944v6fca3ccel68547b6067a34a9c@mail.gmail.com><46AAB480.6020400@internap.com><6eb799ab0707280622o313680b7gc639fa2bade0fd5f@mail.gmail.com><3c3e3fca0707280727x333c3193yead6bd7fa70234d5@mail.gmail.com> <70DE64CEFD6E9A4EB7FAF3A0631410667071D6@mail> Message-ID: > Well, I tell you what, I am sitting primed and ready to > deploy v6, I have my allocation and have plugged it in to my > edge routers, but neither my tier2 nor my tier3 providers > offer it here yet. The question of v4 vs. v6 is basically > moot until v6 is available on the common backbones. There are IPv6 tunnel brokers such as Hurricane Electric, and you can also try 6to4 relays. The important thing is to try these things, gain operational experience with IPv6 (troubleshooting bandwidth issues and routing issues) and be ready when your ISPs offer native IPv6. Also, by putting tunnel traffic on their networks, they can measure it and build internal business cases for IPv6 service. There isn't anybody out there who will give you fully-functioning IPv6 services on a platter. It's like the early 90's all over again where you have to climb the learning curve through hard-won experience. --Michael Dillon From drc at virtualized.org Mon Jul 30 13:39:31 2007 From: drc at virtualized.org (David Conrad) Date: Mon, 30 Jul 2007 10:39:31 -0700 Subject: [ppml] PIv6 for legacy holders (/w RSA + efficient use) In-Reply-To: <76042.1185814077@sa.vix.com> References: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com> <46AA8423.5060202@internap.com> <3c3e3fca0707271832y749f09ccw38ddf7b7a4f3d435@mail.gmail.com> <46AAA4C3.3050103@internap.com> <3c3e3fca0707271944v6fca3ccel68547b6067a34a9c@mail.gmail.com> <46AAB480.6020400@internap.com> <6eb799ab0707280622o313680b7gc639fa2bade0fd5f@mail.gmail.com> <46AB6585.7080900@psg.com> <6eb799ab0707281047l71652f57n9f75737c2bef054f@mail.gmail.com> <46AC0DF3.8050902@psg.com> <3c3e3fca0707290212r74d8d8adod8489ab5f9d9d8bf@mail.gmail.com> <46ACB03E.4020208@psg.com> <65115.1185725352@sa.vix.com> <6C350250-4E0A-49B7-A8DE-A2A24335BBD9@virtualized.org> <76042.1185814077@sa.vix.com> Message-ID: On Jul 30, 2007, at 9:47 AM, Paul Vixie wrote: > this sounds fatalistic. like "it is our destiny to squeeze every last > possible route into the V4 DFZ" and "it is our destiny to use V4 as > long as > humanly possible" and "it is our destiny to use V4 until the > additive and > inertial costs of switching to V6 are terrible to witness". You talk of this as if it is religion. It isn't. It is simply business. There are costs to migration. There will be increased costs to obtaining additional IPv4 addresses. There are projected revenues depending on the mix of migrated vs. non-migrated. When either the cost of migrating is deemed to be be less than the cost of obtaining additional IPv4 addresses or the prospect of migrated revenues is higher than non-migrated, people will migrate. Until that time, people will get more efficient with IPv4, with the implication of increased NAT use and longer prefixes hitting the routing system. This isn't fatalistic, it is just reality. Rgds, -drc From randy at psg.com Mon Jul 30 13:47:22 2007 From: randy at psg.com (Randy Bush) Date: Mon, 30 Jul 2007 07:47:22 -1000 Subject: [ppml] PIv6 for legacy holders (/w RSA + efficient use) In-Reply-To: <69726.1185813807@sa.vix.com> References: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com> <46AA8423.5060202@internap.com> <3c3e3fca0707271832y749f09ccw38ddf7b7a4f3d435@mail.gmail.com> <46AAA4C3.3050103@internap.com> <3c3e3fca0707271944v6fca3ccel68547b6067a34a9c@mail.gmail.com> <46AAB480.6020400@internap.com> <6eb799ab0707280622o313680b7gc639fa2bade0fd5f@mail.gmail.com> <46AB6585.7080900@psg.com> <6eb799ab0707281047l71652f57n9f75737c2bef054f@mail.gmail.com> <46AC0DF3.8050902@psg.com> <3c3e3fca0707290212r74d8d8adod8489ab5f9d9d8bf@mail.gmail.com> <46ACB03E.4020208@psg.com> <65115.1185725352@sa.vix.com> <46AD3623.6070309@psg.com> <82295.1185764561@sa.vix.com> <46AD6152.4060501@psg.com> <7319.1185771440@sa.vix.com> <46ADA7FB.60809@psg.com> <69726.1185813807@sa.vix.com> Message-ID: <46AE242A.9000901@psg.com> Paul Vixie wrote: >>> for another thing you seem to assume that the step function in value >>> (customer's reachability) and cost (training, equipment, operations) for >>> those who choose an IPv6 alternative _as a result of_ IPv4 "costs" rather >>> than having planned for it, will be so low as to not be called a > that's net-centric thinking. the internet won't die from this affliction, i > agree with that. a lot of individual isp's will die from it, and, a lot of > individual enterprise career paths will be flattened by it too. if 25% of the > net makes money when the ipv6 switch happens, and 50% fails to lose money, and > 25% loses money, then the net survives. but depending on which % each of us > falls into, we might say we got tutored. what is gonna kill small isps, as i have said before, is the cost of a dfz router that can load and hold the fragmented routing table we are going to see due to v4 and v6 nat frag. as i said, it will be like the small telcos having to buy $10m switches to stay in the ss7 game. and if you believe the vendor marketing folk (who wear engineer clothes) that their routers can operationally handle 2m routes today, then i have this bridge you can buy real cheap. randy From michael.dillon at bt.com Mon Jul 30 13:56:18 2007 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Mon, 30 Jul 2007 18:56:18 +0100 Subject: [ppml] Policy Proposal 2007-15: Authentication ofLegacyResources In-Reply-To: <01b301c7d2c4$aed38830$5b3816ac@atlanta.polycom.com> References: <004e01c7cf91$3f2c3da0$513816ac@atlanta.polycom.com><6eb799ab0707261836g35517792n93c07d45b87999ed@mail.gmail.com> <01b301c7d2c4$aed38830$5b3816ac@atlanta.polycom.com> Message-ID: > I find it distasteful to discuss sticks before we try to come > up with carrots and see how effective they are. At minimum, > it shows bad faith. I mentioned a non-stick idea back in May but nobody had much to say about it. http://lists.arin.net/pipermail/ppml/2007-May/007068.html If you hate following up URLs, here is the gist of it: I would prefer to see a new policy that says effective immediately, all applications for assignments or allocations must include the answers to a set of questions about the organization's preparations for IPv6. This is not an arduous requirement because it doesn't force the applicant to do anything more than research information internally and report it to ARIN. This is the kind of thing that the contacts already do. But it does raise the awareness of IPv6 inside these organizations because the questions are being asked. I haven't specified the exact questions because this is not a formal proposal. But I would think that they should be the type of questions that are meaningful for reporting statistics about IPv6 planning. Ideally, the author of the questions would seek some assistance from a university department (sociology, economics) to help structure the questions so that the statistics can detect movement through stages getting closer to a fully-functional network service. > Likewise, I don't see much purpose in discussing carrots > until ARIN does some outreach to at least make legacy holders > aware of ARIN and give them an opportunity to join on the > existing terms. Let's not get carried away with sequencing here. Yes, ARIN shoul make an attempt to contact every single legacy holder in the ARIN region, and update their contact data on whois. If an organization has ceased to exist, that should be put in the whois (DEFUNCT). If contact attempts fail utterly, that should go in whois. If the result is ambiguous, i.e. postal mail not returned but also not answered, put that in the whois. I do believe that legacy holders who do not sign the RSA and present proof to ARIN that they continue to have a technical justification for their address blocks, run the risk of losing their address rights during the IPv4 endgame. I believe that when a corporation is refused IPv4 addresse because ARIN has run out, that corporation will launch lawsuits against legacy address holders and ARIN, to force the reclamation and reallocation of legacy address ranges. This lawsuit could be fought and won by a corporation entirely separate from ARIN. The concept of address as property does not come to play at all in such a suit, merely the fact that corporation X has been a member in good standing of ARIN for many years while Legacy Holder Y has not. Therefore Legacy Holder Y has effectively waived their rights to continue using that IPv4 address range. The risk is there. Even if a legacy holder ends up keeping their IPv4 addresses after such a lawsuit, they still end up with a substantial legal bill. > We've heard from legacy holders here that want to join and > can't figure out how, and there are thousands that have never > even heard of ARIN. IMHO, those problems need to be solved Yes, this problem does need to be solved and I suggest that everyone who is concerned about this contact the individual members of the Board of Trustees and urge them to fix this pronto. http://www.arin.net/about_us/bot.html I don't believe this is a policy issue. --Michael Dillon From paul at vix.com Mon Jul 30 13:59:23 2007 From: paul at vix.com (Paul Vixie) Date: Mon, 30 Jul 2007 17:59:23 +0000 Subject: [ppml] PIv6 for legacy holders (/w RSA + efficient use) In-Reply-To: Your message of "Mon, 30 Jul 2007 10:39:31 MST." References: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com> <46AA8423.5060202@internap.com> <3c3e3fca0707271832y749f09ccw38ddf7b7a4f3d435@mail.gmail.com> <46AAA4C3.3050103@internap.com> <3c3e3fca0707271944v6fca3ccel68547b6067a34a9c@mail.gmail.com> <46AAB480.6020400@internap.com> <6eb799ab0707280622o313680b7gc639fa2bade0fd5f@mail.gmail.com> <46AB6585.7080900@psg.com> <6eb799ab0707281047l71652f57n9f75737c2bef054f@mail.gmail.com> <46AC0DF3.8050902@psg.com> <3c3e3fca0707290212r74d8d8adod8489ab5f9d9d8bf@mail.gmail.com> <46ACB03E.4020208@psg.com> <65115.1185725352@sa.vix.com> <6C350250-4E0A-49B7-A8DE-A2A24335BBD9@virtualized.org> <76042.1185814077@sa.vix.com> Message-ID: <88234.1185818363@sa.vix.com> > ... When either the cost of migrating is deemed to be be less than the cost > of obtaining additional IPv4 addresses or the prospect of migrated revenues > is higher than non-migrated, people will migrate. you're either depending on perfect knowledge, or are willing to put up with colossal loss of money, brains, and time, if that's your transition strategy. if by willing to seek a third, more realistic and acceptable, alternative, i appear to be arguing from religion, then we're not communicating at all. From paul at vix.com Mon Jul 30 14:03:23 2007 From: paul at vix.com (Paul Vixie) Date: Mon, 30 Jul 2007 18:03:23 +0000 Subject: [ppml] PIv6 for legacy holders (/w RSA + efficient use) In-Reply-To: Your message of "Mon, 30 Jul 2007 07:47:22 -1000." <46AE242A.9000901@psg.com> References: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com> <46AA8423.5060202@internap.com> <3c3e3fca0707271832y749f09ccw38ddf7b7a4f3d435@mail.gmail.com> <46AAA4C3.3050103@internap.com> <3c3e3fca0707271944v6fca3ccel68547b6067a34a9c@mail.gmail.com> <46AAB480.6020400@internap.com> <6eb799ab0707280622o313680b7gc639fa2bade0fd5f@mail.gmail.com> <46AB6585.7080900@psg.com> <6eb799ab0707281047l71652f57n9f75737c2bef054f@mail.gmail.com> <46AC0DF3.8050902@psg.com> <3c3e3fca0707290212r74d8d8adod8489ab5f9d9d8bf@mail.gmail.com> <46ACB03E.4020208@psg.com> <65115.1185725352@sa.vix.com> <46AD3623.6070309@psg.com> <82295.1185764561@sa.vix.com> <46AD6152.4060501@psg.com> <7319.1185771440@sa.vix.com> <46ADA7FB.60809@psg.com> <69726.1185813807@sa.vix.com> <46AE242A.9000901@psg.com> Message-ID: <88505.1185818603@sa.vix.com> > > ... if 25% of the net makes money when the ipv6 switch happens, and 50% > > fails to lose money, and 25% loses money, then the net survives. but > > depending on which % each of us falls into, we might say we got tutored. > > what is gonna kill small isps, as i have said before, is the cost of a dfz > router that can load and hold the fragmented routing table we are going to > see due to v4 and v6 nat frag. as i said, it will be like the small telcos > having to buy $10m switches to stay in the ss7 game. agreed. > and if you believe the vendor marketing folk (who wear engineer clothes) > that their routers can operationally handle 2m routes today, then i have > this bridge you can buy real cheap. it wouldn't matter. even if i believed that an affordable router could exist that handled 2mR, i wouldn't believe that global bgp could converge if everybody had such a router, nor would i believe that there would be room for customer traffic on links that had to carry that reachability churn. From randy at psg.com Mon Jul 30 14:03:57 2007 From: randy at psg.com (Randy Bush) Date: Mon, 30 Jul 2007 08:03:57 -1000 Subject: [ppml] PIv6 for legacy holders (/w RSA + efficient use) In-Reply-To: <88234.1185818363@sa.vix.com> References: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com> <46AA8423.5060202@internap.com> <3c3e3fca0707271832y749f09ccw38ddf7b7a4f3d435@mail.gmail.com> <46AAA4C3.3050103@internap.com> <3c3e3fca0707271944v6fca3ccel68547b6067a34a9c@mail.gmail.com> <46AAB480.6020400@internap.com> <6eb799ab0707280622o313680b7gc639fa2bade0fd5f@mail.gmail.com> <46AB6585.7080900@psg.com> <6eb799ab0707281047l71652f57n9f75737c2bef054f@mail.gmail.com> <46AC0DF3.8050902@psg.com> <3c3e3fca0707290212r74d8d8adod8489ab5f9d9d8bf@mail.gmail.com> <46ACB03E.4020208@psg.com> <65115.1185725352@sa.vix.com> <6C350250-4E0A-49B7-A8DE-A2A24335BBD9@virtualized.org> <76042.1185814077@sa.vix.com> <88234.1185818363@sa.vix.com> Message-ID: <46AE280D.3050107@psg.com> >> ... When either the cost of migrating is deemed to be be less than >> the cost of obtaining additional IPv4 addresses or the prospect of >> migrated revenues is higher than non-migrated, people will migrate. > you're either depending on perfect knowledge, or are willing to put > up with colossal loss of money, brains, and time, if that's your > transition strategy. no. you, the idealist engineer, wish you had perfect market knowledge. in reality, folk almost always operate without perfect knowledge. it's called "real life." yep, it's inefficient; but it's all we have. poor funny monkeys. randy From stephen at sprunk.org Mon Jul 30 14:27:20 2007 From: stephen at sprunk.org (Stephen Sprunk) Date: Mon, 30 Jul 2007 13:27:20 -0500 Subject: [ppml] Policy Proposal 2007-15: Authentication ofLegacyResources References: <004e01c7cf91$3f2c3da0$513816ac@atlanta.polycom.com> <6eb799ab0707261836g35517792n93c07d45b87999ed@mail.gmail.com> <01b301c7d2c4$aed38830$5b3816ac@atlanta.polycom.com> <5h4sa3hpddmcu1prjlruiqr5po0odtstki@4ax.com> Message-ID: <023c01c7d2d8$ccd50570$5b3816ac@atlanta.polycom.com> Thus spake "Jeremy H. Griffith" > On Mon, 30 Jul 2007 10:56:19 -0500, "Stephen Sprunk" > wrote: >> Likewise, I don't see much purpose in discussing carrots until >> ARIN does some outreach to at least make legacy holders >> aware of ARIN and give them an opportunity to join on the >> existing terms. > > Actually, ARIN *has* done that, on March 14th. That's why I'm here: > >>>You are receiving this message because you are a registered >>>Point of Contact (POC) with ARIN and are not subscribed by >>>this e-mail address (jhg at omsys.com) to the ARIN Public >>>Policy Mailing List (PPML). ARIN invites you to join the PPML. > > I appreciate that ARIN staff took that initiative. There are > probably quite a few of us old-timers here lurking, listening > to the dialogue with varying degrees of disbelief and horror. > And occasional glimmers of hope... ;-) Well, getting people onto PPML is a first step. Unfortunately, so far there's been no next step on how to get resources under RSA for those willing. There was also a big flurry of unsubscribes as those POCs that joined realized that PPML is a high-traffic list and they have little interest in participating. That's their choice, and I have no problem with it, but it means we're mostly back to where we were before -- though at least they've heard of ARIN now. It also doesn't solve the problem of all the POC contact addresses that are invalid. Many (but certainly not all) legacy blocks are still in use, but their contact info hasn't been updated in at least a decade. It's rather rare for an email address to be valid for that long, and even rarer that that person would still be the appropriate person for ARIN to be contacting. >>We've heard from legacy holders here that want to join and can't >>figure out how, > > I'm one of those. The $100 a year isn't a showstopper, though > it's about what I pay for *ten* domain registrations, That $100/yr is for an unlimited number of end-user (i.e. non-LIR) registrations. Perhaps that's not the appropriate fee model either, but it's not quite fair to compare it to domains, where you pay per registration. > but the mechanism is invisible. Apply for what I already have? > Uh, no, that seems impossible. And I don't need any more, thank > you. That's a big hole right now. See below. > My contact info is up to date. If things got desperate, I > probably would return two or three /26s to help out. That's a nice gesture, but if we get to the point /26s will help in any meaningful way, all is already lost. > But agree to something that could expropriate it *all*? I don't > *think* so... ;-) Well, as it stands today, ARIN doesn't revoke _anything_ unless there was fraud involved or people don't pay their bills. Owen and I have submitted a policy proposal (2007-14) that would allow ARIN to review resources for utilization after the fact. In the case of direct assignments, one would need to be using substantially less than 50% of one's block to be in any danger, and even then there's a specific exemption for legacy space (e.g. your block). OTOH, that exemption could be removed from the policy later on, if consensus could be achieved to do so. >>and there are thousands that have never even heard of ARIN. >>IMHO, those problems need to be solved before we discuss >>carrots _or_ sticks, and the success level of those efforts will >>dictate what later discussions will look like. > > Exactly. How about at least a Web page suggesting what we > should *do*... if in fact we need to do *anything* besides > keeping our info current? IIRC, there was a comment that staff is working on that, but I can't find the message at the moment. In the meantime, if you're motivated, contact hostmaster@ and ask them what the process is to get your resources under an RSA. > I'd sign an RSA just to get voting rights, if it didn't allow taking > my current legacy resources to benefit somebody else with > more money... Signing an RSA doesn't make you a voting member. You need to either be a LIR with a direct allocation (which requires an RSA) or pay $500/yr to be a general member (which doesn't). (Unless I'm reading the fee schedule wrong; it explicitly uses the word "allocation" and not "assignment" or "resource" when discussing who gets automatic membership.) S Stephen Sprunk "Those people who think they know everything CCIE #3723 are a great annoyance to those of us who do." K5SSS --Isaac Asimov From dean at av8.com Mon Jul 30 14:40:06 2007 From: dean at av8.com (Dean Anderson) Date: Mon, 30 Jul 2007 14:40:06 -0400 (EDT) Subject: [ppml] Policy Proposal 2007-15: Authentication ofLegacyResources In-Reply-To: Message-ID: On Mon, 30 Jul 2007, COETZEE, Thys wrote: > ... the rate of depletion is secondary to the fact that depletion will > occur. If we focus on rate then a thirsty man will die before he gets > his next water ration. Of course, if the man doesn't ration his water at all, he will die sooner still. Rationing is always a prudent action when depletion is going to be very undesirable. --Dean -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000 From kkargel at polartel.com Mon Jul 30 14:46:33 2007 From: kkargel at polartel.com (Kevin Kargel) Date: Mon, 30 Jul 2007 13:46:33 -0500 Subject: [ppml] Policy Proposal 2007-15: Authentication ofLegacyResources In-Reply-To: References: Message-ID: <70DE64CEFD6E9A4EB7FAF3A0631410667071E2@mail> Actually, current survival tactics say that rationing the last of your water in a desert situation may actually reduce your survival chances. The latest thinking is to drink when you are thirsty until your water is gone to maximize your survival chances. Of course I assume this discounts wasteful, gluttonous or recreational water drinking as well as bathing. > -----Original Message----- > From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On > Behalf Of Dean Anderson > Sent: Monday, July 30, 2007 1:40 PM > To: COETZEE, Thys > Cc: ppml at arin.net > Subject: Re: [ppml] Policy Proposal 2007-15: Authentication > ofLegacyResources > > > On Mon, 30 Jul 2007, COETZEE, Thys wrote: > > > ... the rate of depletion is secondary to the fact that > depletion will > > occur. If we focus on rate then a thirsty man will die > before he gets > > his next water ration. > > Of course, if the man doesn't ration his water at all, he > will die sooner still. Rationing is always a prudent action > when depletion is going to be very undesirable. > > > --Dean > > > -- > Av8 Internet Prepared to pay a premium for better service? > www.av8.net faster, more reliable, better service > 617 344 9000 > > > > _______________________________________________ > This message sent to you through the ARIN Public Policy > Mailing List (PPML at arin.net). > Manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml > From leroy at emailsorting.com Mon Jul 30 14:50:41 2007 From: leroy at emailsorting.com (Leroy Ladyzhensky) Date: Mon, 30 Jul 2007 14:50:41 -0400 Subject: [ppml] Policy Proposal: PIv6 for legacy holders with RSA andefficient use References: <46AE1EA9.3010509@arin.net> Message-ID: <025b01c7d2da$8717b5d0$c80a0a0a@integrated.net> My take on this, and I am really trying to be nice, is..... This policy is clearly motivated by self interests and not for the better of all.... There are plenty of good honest people and businesses out there that would love to be provider independent.. but since they cannot meet the requirement for IP usage they are not eligible for IP block from ARIN, and thus are locked into their ISP. So just because a Legacy holder got one way back in the beginning entitles them to do it again with IPv6, when they are unable to meet the current IPv6 requirements? If this were to pass my faith in the fairness of ARIN would be rocked to the core. Leroy L. ----- Original Message ----- From: "Member Services" To: Sent: Monday, July 30, 2007 1:23 PM Subject: [ppml] Policy Proposal: PIv6 for legacy holders with RSA andefficient use > ARIN received the following policy proposal. In accordance with the ARIN > Internet Resource Policy Evaluation Process, the proposal is being > posted to the ARIN Public Policy Mailing List (PPML) and being placed on > ARIN's website. > > The ARIN Advisory Council (AC) will review this proposal at their next > regularly scheduled meeting. The AC may decide to: > > 1. Accept the proposal as a formal policy proposal as written. If the > AC accepts the proposal, it will be posted as a formal policy proposal > to PPML and it will be presented at a Public Policy Meeting. > > 2. Postpone their decision regarding the proposal until the next > regularly scheduled AC meeting in order to work with the author. The AC > will work with the author to clarify, combine or divide the proposal. At > their following meeting the AC will accept or not accept the proposal. > > 3. Not accept the proposal. If the AC does not accept the proposal, > the AC will explain their decision. If a proposal is not accepted, then > the author may elect to use the petition process to advance their > proposal. If the author elects not to petition or the petition fails, > then the proposal will be closed. > > The AC will assign shepherds in the near future. ARIN will provide the > names of the shepherds to the community via the PPML. > > In the meantime, the AC invites everyone to comment on this proposal on > the PPML, particularly their support or non-support and the reasoning > behind their opinion. Such participation contributes to a thorough > vetting and provides important guidance to the AC in their deliberations. > > The ARIN Internet Resource Policy Evaluation Process can be found at: > http://www.arin.net/policy/irpep.html > > Mailing list subscription information can be found at: > http://www.arin.net/mailing_lists/ > > Regards, > > Member Services > American Registry for Internet Numbers (ARIN) > > > ## * ## > > > Policy Proposal Name: PIv6 for legacy holders with RSA and efficient use > > Author: Scott Leibrand > > Proposal Version: 1.0 > > Submission Date: 7/28/2007 > > Proposal type: new > > Policy term: permanent > > Policy statement: > > Modify NRPM section 6.5.8.1 (Direct assignments from ARIN to end-user > organizations: Criteria), to read: > > To qualify for a direct assignment, an organization must: > > 1. not be an IPv6 LIR; and > 2. qualify for an IPv4 assignment or allocation from ARIN under the > IPv4 policy currently in effect, or demonstrate efficient > utilization of a direct IPv4 assignment or allocation covered by a > current ARIN RSA. > > Rationale: > > Current policy allows direct IPv6 allocations and assignments to nearly > all organizations with IPv4 allocations or assignments from ARIN. As a > result, such organizations can get IPv6 space just as easily as they can > get IPv4 space, making it easy for them to transition to IPv6 as soon as > they're ready to do so. However, there are some organizations who > received IPv4 /23's and /24's prior to the formation of ARIN, and use > that space in a multihomed, provider-independent fashion. Under current > policy, such organizations cannot get IPv6 PI space without artificially > inflating host counts, and are therefore discouraged from adopting IPv6. > This policy proposal aims to remove this disincentive, and allow such > organizations to easily adopt IPv6. > > In addition, pre-ARIN assignments were issued through an informal > process, and many legacy resource holders have not yet entered into a > formal agreement with ARIN, the manager of many such IP numbering > resources. This policy proposal would require that such assignments be > brought under a current ARIN Registration Services Agreement, thereby > formalizing the relationship. > > Some pre-ARIN assignments may not be used efficiently. As unallocated > IPv4 numbering resources are approaching exhaustion, it is important to > ensure efficient utilization of IPv4 assignments, and to arrange for > reclamation of unused space. Therefore, this policy would require that > the organization wishing to receive IPv6 PI space demonstrate efficient > utilization of their IPv4 assignment. (Efficient utilization is already > defined elsewhere in policy, and the exact mechanism for achieving and > determining efficient use is a matter of procedure, not of policy, so > detailed procedures are not included in the policy statement above. The > intent is that any organization with an assignment of /23 or larger > which is less than 50% utilized would renumber and return whole unused > CIDR blocks as necessary to bring the remaining CIDR block to 50% > utilization or higher. A /24 should be considered efficiently utilized > as long as it is in use for multihoming, as /25's and smaller are not > routable for that purpose.) > > It has been suggested that this policy would be useful only until the > growth of IPv6 exceeds the growth of IPv4. I would agree with this, > and would further posit that the existing "qualify ... under the IPv4 > policy currently in effect" language should also be modified at that > time. I have therefore proposed this policy with a policy term of > "permanent", with the expectation that this section of policy (6.5.8.1) > will be rewritten at the appropriate time to entirely remove all IPv4 > dependencies. > > Timetable for implementation: immediate > > _______________________________________________ > This message sent to you through the ARIN Public Policy Mailing List > (PPML at arin.net). > Manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml > From peter at boku.net Mon Jul 30 14:51:36 2007 From: peter at boku.net (Peter Eisch) Date: Mon, 30 Jul 2007 13:51:36 -0500 Subject: [ppml] Policy Proposal 2007-15: Authentication ofLegacyResources In-Reply-To: <023c01c7d2d8$ccd50570$5b3816ac@atlanta.polycom.com> Message-ID: On 7/30/07 1:27 PM, "Stephen Sprunk" wrote: > Owen and I have submitted a policy proposal (2007-14) that would allow ARIN > to review resources for utilization after the fact. In the case of direct > assignments, one would need to be using substantially less than 50% of one's > block to be in any danger, and even then there's a specific exemption for > legacy space (e.g. your block). OTOH, that exemption could be removed from > the policy later on, if consensus could be achieved to do so. > Would this "danger clause" apply to /24's or just assignments larger than /24? peter From owen at delong.com Mon Jul 30 15:00:57 2007 From: owen at delong.com (Owen DeLong) Date: Mon, 30 Jul 2007 12:00:57 -0700 Subject: [ppml] Policy Proposal 2007-15: Authentication ofLegacyResources In-Reply-To: References: Message-ID: <219A29FA-A4B0-4FB4-8095-E0B1CE7593C0@delong.com> On Jul 30, 2007, at 11:51 AM, Peter Eisch wrote: > On 7/30/07 1:27 PM, "Stephen Sprunk" wrote: > >> Owen and I have submitted a policy proposal (2007-14) that would >> allow ARIN >> to review resources for utilization after the fact. In the case >> of direct >> assignments, one would need to be using substantially less than >> 50% of one's >> block to be in any danger, and even then there's a specific >> exemption for >> legacy space (e.g. your block). OTOH, that exemption could be >> removed from >> the policy later on, if consensus could be achieved to do so. >> > > Would this "danger clause" apply to /24's or just assignments > larger than > /24? > It would apply to any size assignment or allocation made by ARIN, but, that's only one possible way to be in compliance. There are situations (critical infrastructure, for example) where a /24 could remain justified even with far less than 50% utilization. This policy doesn't attempt to address all the complexities of ARIN policy. It merely attempts to provide a mechanism for allowing ARIN to better ensure conformance with that policy while trying to provide sufficient safeguards against abuse by ARIN in that process. Owen From sleibrand at internap.com Mon Jul 30 15:10:30 2007 From: sleibrand at internap.com (Scott Leibrand) Date: Mon, 30 Jul 2007 12:10:30 -0700 Subject: [ppml] Policy Proposal: PIv6 for legacy holders with RSA andefficient use In-Reply-To: <025b01c7d2da$8717b5d0$c80a0a0a@integrated.net> References: <46AE1EA9.3010509@arin.net> <025b01c7d2da$8717b5d0$c80a0a0a@integrated.net> Message-ID: <46AE37A6.4080108@internap.com> Leroy, For what it's worth, I don't personally have any legacy blocks, and never have. I was in high school when ARIN was created, and my current employer was a brand new startup still getting PA space at the time. My own take is that it is in the community's interest to encourage transition to IPv6, encourage legacy holders to formalize their ARIN relationship with an RSA, and to encourage the reclamation of unused IPv4 space. As stated in the Rationale, this policy was proposed for those reasons. If you feel that this proposal violates the community's interest in fairness, and that outweighs the other interests outlined above, I respect your opinion and will agree to disagree on that point. I just want to make sure you understand that this proposal was made with those community interests in mind, not based on any self interest. -Scott P.S. I would also be in favor of a proposal to liberalize PI requirements generally, provided it addresses previously voiced concerns about assignments to non-legitimate organizations (like "spammers") and to a lesser extent routing table explosion. Leroy Ladyzhensky wrote: > My take on this, and I am really trying to be nice, is..... > > This policy is clearly motivated by self interests and not for the better of > all.... > > There are plenty of good honest people and businesses out there that would > love to be provider independent.. > but since they cannot meet the requirement for IP usage they are not > eligible for IP block from ARIN, and thus are locked into their > ISP. > > So just because a Legacy holder got one way back in the beginning entitles > them to do it again with IPv6, when they are unable to meet the current IPv6 > requirements? > > If this were to pass my faith in the fairness of ARIN would be rocked to the > core. > > Leroy L. > > > > ----- Original Message ----- > From: "Member Services" > To: > Sent: Monday, July 30, 2007 1:23 PM > Subject: [ppml] Policy Proposal: PIv6 for legacy holders with RSA > andefficient use > > > >> ARIN received the following policy proposal. In accordance with the ARIN >> Internet Resource Policy Evaluation Process, the proposal is being >> posted to the ARIN Public Policy Mailing List (PPML) and being placed on >> ARIN's website. >> >> The ARIN Advisory Council (AC) will review this proposal at their next >> regularly scheduled meeting. The AC may decide to: >> >> 1. Accept the proposal as a formal policy proposal as written. If the >> AC accepts the proposal, it will be posted as a formal policy proposal >> to PPML and it will be presented at a Public Policy Meeting. >> >> 2. Postpone their decision regarding the proposal until the next >> regularly scheduled AC meeting in order to work with the author. The AC >> will work with the author to clarify, combine or divide the proposal. At >> their following meeting the AC will accept or not accept the proposal. >> >> 3. Not accept the proposal. If the AC does not accept the proposal, >> the AC will explain their decision. If a proposal is not accepted, then >> the author may elect to use the petition process to advance their >> proposal. If the author elects not to petition or the petition fails, >> then the proposal will be closed. >> >> The AC will assign shepherds in the near future. ARIN will provide the >> names of the shepherds to the community via the PPML. >> >> In the meantime, the AC invites everyone to comment on this proposal on >> the PPML, particularly their support or non-support and the reasoning >> behind their opinion. Such participation contributes to a thorough >> vetting and provides important guidance to the AC in their deliberations. >> >> The ARIN Internet Resource Policy Evaluation Process can be found at: >> http://www.arin.net/policy/irpep.html >> >> Mailing list subscription information can be found at: >> http://www.arin.net/mailing_lists/ >> >> Regards, >> >> Member Services >> American Registry for Internet Numbers (ARIN) >> >> >> ## * ## >> >> >> Policy Proposal Name: PIv6 for legacy holders with RSA and efficient use >> >> Author: Scott Leibrand >> >> Proposal Version: 1.0 >> >> Submission Date: 7/28/2007 >> >> Proposal type: new >> >> Policy term: permanent >> >> Policy statement: >> >> Modify NRPM section 6.5.8.1 (Direct assignments from ARIN to end-user >> organizations: Criteria), to read: >> >> To qualify for a direct assignment, an organization must: >> >> 1. not be an IPv6 LIR; and >> 2. qualify for an IPv4 assignment or allocation from ARIN under the >> IPv4 policy currently in effect, or demonstrate efficient >> utilization of a direct IPv4 assignment or allocation covered by a >> current ARIN RSA. >> >> Rationale: >> >> Current policy allows direct IPv6 allocations and assignments to nearly >> all organizations with IPv4 allocations or assignments from ARIN. As a >> result, such organizations can get IPv6 space just as easily as they can >> get IPv4 space, making it easy for them to transition to IPv6 as soon as >> they're ready to do so. However, there are some organizations who >> received IPv4 /23's and /24's prior to the formation of ARIN, and use >> that space in a multihomed, provider-independent fashion. Under current >> policy, such organizations cannot get IPv6 PI space without artificially >> inflating host counts, and are therefore discouraged from adopting IPv6. >> This policy proposal aims to remove this disincentive, and allow such >> organizations to easily adopt IPv6. >> >> In addition, pre-ARIN assignments were issued through an informal >> process, and many legacy resource holders have not yet entered into a >> formal agreement with ARIN, the manager of many such IP numbering >> resources. This policy proposal would require that such assignments be >> brought under a current ARIN Registration Services Agreement, thereby >> formalizing the relationship. >> >> Some pre-ARIN assignments may not be used efficiently. As unallocated >> IPv4 numbering resources are approaching exhaustion, it is important to >> ensure efficient utilization of IPv4 assignments, and to arrange for >> reclamation of unused space. Therefore, this policy would require that >> the organization wishing to receive IPv6 PI space demonstrate efficient >> utilization of their IPv4 assignment. (Efficient utilization is already >> defined elsewhere in policy, and the exact mechanism for achieving and >> determining efficient use is a matter of procedure, not of policy, so >> detailed procedures are not included in the policy statement above. The >> intent is that any organization with an assignment of /23 or larger >> which is less than 50% utilized would renumber and return whole unused >> CIDR blocks as necessary to bring the remaining CIDR block to 50% >> utilization or higher. A /24 should be considered efficiently utilized >> as long as it is in use for multihoming, as /25's and smaller are not >> routable for that purpose.) >> >> It has been suggested that this policy would be useful only until the >> growth of IPv6 exceeds the growth of IPv4. I would agree with this, >> and would further posit that the existing "qualify ... under the IPv4 >> policy currently in effect" language should also be modified at that >> time. I have therefore proposed this policy with a policy term of >> "permanent", with the expectation that this section of policy (6.5.8.1) >> will be rewritten at the appropriate time to entirely remove all IPv4 >> dependencies. >> >> Timetable for implementation: immediate >> >> _______________________________________________ >> This message sent to you through the ARIN Public Policy Mailing List >> (PPML at arin.net). >> Manage your mailing list subscription at: >> http://lists.arin.net/mailman/listinfo/ppml >> >> > > _______________________________________________ > This message sent to you through the ARIN Public Policy Mailing List > (PPML at arin.net). > Manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml > From dean at av8.com Mon Jul 30 15:18:43 2007 From: dean at av8.com (Dean Anderson) Date: Mon, 30 Jul 2007 15:18:43 -0400 (EDT) Subject: [ppml] FW: Policy Proposal 2007-15: Authentication ofLegacyResources In-Reply-To: <20070728112620.D575F74@pop16.mta.everyone.net> Message-ID: Thanks, Rebecca. However, none of these reports have actual raw data from authoritative sources such as ARIN or IANA. They may have been generated from ARIN raw data at some point, but the source of this data is not clear. I have examined the pages from potaroo.net, and the source code. However, the source code just downloads datafiles from potaroo.net and processes them into graphs. Data from downloaded from potaroo.net is not the official raw data---it may indeed be a copy, but we can't tell unless we compare it with the official raw data. I note also that Mr. Huston (of APNIC, IETF GROW WG, Potaroo.net) has previously been involved in playing "hardball" and silencing the critics of unsupported scientific conclusions, and Huston (through APNIC) was the very first customer of Vixie's DNS Root Anycast service. I've found it best to check on the facts asserted, and I've previously found false assertions of fact, and claims that aren't supported by the facts. I note that no one has so far identified a source URL for the raw data that these reports are based on. It would be helpful if someone could identify where this may be found. That potaroo.net report may also be the source of the proposal to 'authenticate Legacy resources'. That report includes sections on unadvertised space, and includes a projection based on "reclaiming" this unadvertised space and re-delegating it to others. I believe that there is a possiblity that the projection is based on an assumption that unadvertised space is constant or permanent, when I'd expect it to be constantly changing. Sort of like the number of trucks/airplanes in for service being counted as "unused", and assuming that they could be "used" somehow. This requires some work to investigate (and official raw data), but is worth looking into. This 'unadvertised space' may not be recoverable for a variety of reasons. One false assumption that I noticed right away was that the report cites "the latest BGP table", as though there were a single canonical BGP table. There is no such beast. Blocks may not appear in the table Mr. Huston uses because, as someone already pointed out, the blocks may be used for private peering or other ways that do not include the BGP table or may not make it into Mr. Huston's copy. BGP feeds are commonly filtered, and can be filtered at each BGP router hop. Another example of unadvertised space is datacenters that close and then reopen; expansion, remodeling, relocation. Examples are endless. During the downtime, the IP addresses are not advertised into BGP. I think that rationing should occur without the assumption of recovery of unadvertised space, until any unused space is actually recovered. After actual recovery, the rationing algorithm can naturally consider the space in the available pool. Incidentally, contrary to Mr. Bonomi's hyperbolic claims, all of these reports _do_ show accelerating rates of IP Address usage. First semester calculus should be enough to know that an plot curving upwards has a positive first derivative. The first derivative with respect to time is commonly called the rate of acceleration when positive. Also, contrary to Mr. Bonomi's claims, "decreasing exponential" is not a term I made up and is "not like something a spammer would say". However, by 'decreasing exponential' I mean a function in the family of e^(-x). To give an example of rationing on such a function, consider that you have 100 widgets and you want them to last 10 years, for as long as possible. Year 1: 100 total, give out 10 widgets Year 2: 90 total, give out 9 Year 3: 81 total, give out 8 year 4: 73 total, give out 7 etc. One gives out the 1 year ration of widgets to the most 'worthy'. 'Worthy' can be determined in a variety of ways: by those willing to wait, those willing to pay more, and/or those with the most need. Etc. The selection criteria can be argued separately. However, I do want to make this clear: * Both reports agree on this: If we continue the current policy, we will run out of space in March 2010. * Everyone seems to agree that depletion will be a very bad event. * It is therefore imperative to begin rationing to slow down the rate of new delegations to conserve the available address space. * It is necessary to do this now. One can't start rationing after the resources run out. --Dean > -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000 From drc at virtualized.org Mon Jul 30 15:23:23 2007 From: drc at virtualized.org (David Conrad) Date: Mon, 30 Jul 2007 12:23:23 -0700 Subject: [ppml] PIv6 for legacy holders (/w RSA + efficient use) In-Reply-To: <88234.1185818363@sa.vix.com> References: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com> <46AA8423.5060202@internap.com> <3c3e3fca0707271832y749f09ccw38ddf7b7a4f3d435@mail.gmail.com> <46AAA4C3.3050103@internap.com> <3c3e3fca0707271944v6fca3ccel68547b6067a34a9c@mail.gmail.com> <46AAB480.6020400@internap.com> <6eb799ab0707280622o313680b7gc639fa2bade0fd5f@mail.gmail.com> <46AB6585.7080900@psg.com> <6eb799ab0707281047l71652f57n9f75737c2bef054f@mail.gmail.com> <46AC0DF3.8050902@psg.com> <3c3e3fca0707290212r74d8d8adod8489ab5f9d9d8bf@mail.gmail.com> <46ACB03E.4020208@psg.com> <65115.1185725352@sa.vix.com> <6C350250-4E0A-49B7-A8DE-A2A24335BBD9@virtualized.org> <76042.1185814077@sa.vix.com> <88234.1185818363@sa.vix.com> Message-ID: <0ADD7367-339E-4360-80CD-45DEA230CE87@virtualized.org> Paul, On Jul 30, 2007, at 10:59 AM, Paul Vixie wrote: >> ... When either the cost of migrating is deemed to be be less than >> the cost >> of obtaining additional IPv4 addresses or the prospect of migrated >> revenues >> is higher than non-migrated, people will migrate. > > you're either depending on perfect knowledge, 'Course not. > or are willing to put up with > colossal loss of money, brains, and time, if that's your transition > strategy. You misunderstand. It isn't _my_ transition strategy, it isn't even really a strategy (is predicting a rock will hit the ground if you drop it a strategy?). I'm merely suggesting it is the most likely outcome of the situation we've placed ourselves in. You might not like it and I'd agree that it is sub-optimal, but it is the bed we made ourselves when we chose to focus on header bit patterns instead of figuring out how to actually fix the real problems facing IP. However, that's water under the bridge. > if by willing to seek a third, more realistic and acceptable, > alternative, i > appear to be arguing from religion, then we're not communicating at > all. Gee, that never happens... :-) Rgds, -drc From drc at virtualized.org Mon Jul 30 15:37:23 2007 From: drc at virtualized.org (David Conrad) Date: Mon, 30 Jul 2007 12:37:23 -0700 Subject: [ppml] PIv6 for legacy holders (/w RSA + efficient use) In-Reply-To: <7319.1185771440@sa.vix.com> References: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com> <46AA8423.5060202@internap.com> <3c3e3fca0707271832y749f09ccw38ddf7b7a4f3d435@mail.gmail.com> <46AAA4C3.3050103@internap.com> <3c3e3fca0707271944v6fca3ccel68547b6067a34a9c@mail.gmail.com> <46AAB480.6020400@internap.com> <6eb799ab0707280622o313680b7gc639fa2bade0fd5f@mail.gmail.com> <46AB6585.7080900@psg.com> <6eb799ab0707281047l71652f57n9f75737c2bef054f@mail.gmail.com> <46AC0DF3.8050902@psg.com> <3c3e3fca0707290212r74d8d8adod8489ab5f9d9d8bf@mail.gmail.com> <46ACB03E.4020208@psg.com> <65115.1185725352@sa.vix.com> <46AD3623.6070309@psg.com> <82295.1185764561@sa.vix.com> <46AD6152.4060501@psg.com> <7319.1185771440@sa.vix.com> Message-ID: <749DAE11-E6B1-4CA5-B55A-E50FBF0DA911@virtualized.org> > i'm not sure what force will drive IPv4 space to a higher price. Market economics driven by scarcity. > the value of an address is that you can reach other people with it, Not quite. The value of a globally unique, routed address is that it lets you provide services others can connect to. > and if other people can't grow in IPv4, then why would you care to? To provide a service to the 1B+ people who are connected on the Internet today? Rgds, -drc From drc at virtualized.org Mon Jul 30 15:49:49 2007 From: drc at virtualized.org (David Conrad) Date: Mon, 30 Jul 2007 12:49:49 -0700 Subject: [ppml] PIv6 for legacy holders (/w RSA + efficient use) In-Reply-To: References: <8e707a764d7789eb11dad919c0be0a0846adc1cd@jcc.com> Message-ID: On Jul 30, 2007, at 4:22 AM, wrote: >> With IPv6, without NAT, switching vendors with PA space means >> renumbering both the external and the internal network. > > With IPv6, ULA addressing defined in RFC 4193 > http://www.ietf.org/rfc/rfc4193.txt allows one to isolate most of the > internal network using non-routable addresses. Combine that with the > typical enterprise configuration of firewall, web proxy, and internal > email service. You don't even need NAT in this scenario. And you don't need IPv6 in this scenario. How is this any better than using RFC 1918 IPv4? Rgds, -drc From dean at av8.com Mon Jul 30 15:50:30 2007 From: dean at av8.com (Dean Anderson) Date: Mon, 30 Jul 2007 15:50:30 -0400 (EDT) Subject: [ppml] Legacy users and ARIN duties In-Reply-To: Message-ID: On Sat, 28 Jul 2007, John Curran wrote: > Community consensus on policy changes prior to depletion will > determine the nature of the transition. Some advocate for a > status-quo situation till depletion as businesses rely on predicable > policies, and some recommend changes so as to affect the nature > of the transition. The ARIN Board resolution made it clear what > we'd like to see in the 7 May 2007 resolution: > . "WHEREAS, ongoing community access to Internet Protocol version 4 (IPv4) numbering resources can not be assured indefinitely; and," Through rationing based on a decreasing exponential, the IPv4 addresses can be assured indefinitely, certainly beyond the next 10+ years. The pain of depletion, instead of being felt all at once, could be spread out over a long period. Looks like the ARIN board didn't get its facts straight in May. There should be smart people on the board, who understand rationing. > In particular, we'd like to have policies that encourage IPv6 > transition, and have asked the Advisory Council to consider > this issue. That has resulted in quite a few policy proposals > and lots of community discussion and all of that is a good thing. > > >I'm glad you brought up Enron. The Enron Board had to give back a lot of > >money for their mismanagement. Bechtel just returned a Billion dollars > >to Boston/MA/Feds for their BigDig engineering and construction > >failures. I think an abrupt 'oops we're out of space' is going to > >result in some very definite legal challenges to ARIN and its > >management. > > An interesting assertion, but I do not believe there is a valid claim > that this will be an abrupt change, unless the community fails to > act responsibly in light of all of the preparation. I also note that you seem to use community consensus to defend your actions when convenient, and yet the statement above seems to put the blame on the community for the consequences of any abrupt change. You can't have it both ways. There is a failure of leadership in assuming both ways, and a failure to foresee the consequences of the abrupt change. I hope there aren't any negative consequences to abruptly running out of IPv4 space. But I do note that the consequences are probably serious and global, and not limited to ARIN, and involve governments and regions that could use other means of diplomacy to resolve real and perceived affronts to the fair allocation of limited resources. And I also note that a number of the people involved in making these decisions are already involved in a number of other scandals and frauds, "hardball", and silencing of critics. --Dean -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000 From sleibrand at internap.com Mon Jul 30 15:57:36 2007 From: sleibrand at internap.com (Scott Leibrand) Date: Mon, 30 Jul 2007 12:57:36 -0700 Subject: [ppml] Legacy users and ARIN duties In-Reply-To: References: Message-ID: <46AE42B0.5030808@internap.com> Dean, I don't recall having seen a policy proposal yet for how one would ration the remaining IPv4 space. I think it would be worthwhile to have such a proposal on the table so we can discuss it along with other options for dealing with the impending IPv4 scarcity. Would you be interested in proposing such a policy? Thanks, Scott Dean Anderson wrote: > On Sat, 28 Jul 2007, John Curran wrote: > > >> Community consensus on policy changes prior to depletion will >> determine the nature of the transition. Some advocate for a >> status-quo situation till depletion as businesses rely on predicable >> policies, and some recommend changes so as to affect the nature >> of the transition. The ARIN Board resolution made it clear what >> we'd like to see in the 7 May 2007 resolution: >> . >> > > "WHEREAS, ongoing community access to Internet Protocol version 4 > (IPv4) numbering resources can not be assured indefinitely; and," > > Through rationing based on a decreasing exponential, the IPv4 addresses > can be assured indefinitely, certainly beyond the next 10+ years. The > pain of depletion, instead of being felt all at once, could be spread > out over a long period. > > Looks like the ARIN board didn't get its facts straight in May. There > should be smart people on the board, who understand rationing. > > > > >> In particular, we'd like to have policies that encourage IPv6 >> transition, and have asked the Advisory Council to consider >> this issue. That has resulted in quite a few policy proposals >> and lots of community discussion and all of that is a good thing. >> >> >>> I'm glad you brought up Enron. The Enron Board had to give back a lot of >>> money for their mismanagement. Bechtel just returned a Billion dollars >>> to Boston/MA/Feds for their BigDig engineering and construction >>> failures. I think an abrupt 'oops we're out of space' is going to >>> result in some very definite legal challenges to ARIN and its >>> management. >>> >> An interesting assertion, but I do not believe there is a valid claim >> that this will be an abrupt change, unless the community fails to >> act responsibly in light of all of the preparation. >> > > I also note that you seem to use community consensus to defend your > actions when convenient, and yet the statement above seems to put the > blame on the community for the consequences of any abrupt change. You > can't have it both ways. There is a failure of leadership in assuming > both ways, and a failure to foresee the consequences of the abrupt > change. > > I hope there aren't any negative consequences to abruptly running out of > IPv4 space. But I do note that the consequences are probably serious and > global, and not limited to ARIN, and involve governments and regions > that could use other means of diplomacy to resolve real and perceived > affronts to the fair allocation of limited resources. And I also note > that a number of the people involved in making these decisions are > already involved in a number of other scandals and frauds, "hardball", > and silencing of critics. > > > --Dean > > > From drc at virtualized.org Mon Jul 30 16:12:10 2007 From: drc at virtualized.org (David Conrad) Date: Mon, 30 Jul 2007 13:12:10 -0700 Subject: [ppml] Legacy users and ARIN duties In-Reply-To: <46AE42B0.5030808@internap.com> References: <46AE42B0.5030808@internap.com> Message-ID: <36C74433-37BA-4949-81E6-6D87EE176CD4@virtualized.org> Scott, On Jul 30, 2007, at 12:57 PM, Scott Leibrand wrote: > I don't recall having seen a policy proposal yet for how one would > ration the remaining IPv4 space. The "Soft Landing" proposal is a rationing approach. I'm working on a revision. Rgds, -drc From leroy at emailsorting.com Mon Jul 30 16:11:33 2007 From: leroy at emailsorting.com (Leroy Ladyzhensky) Date: Mon, 30 Jul 2007 16:11:33 -0400 Subject: [ppml] Policy Proposal: PIv6 for legacy holders with RSA andefficient use References: <46AE1EA9.3010509@arin.net> <025b01c7d2da$8717b5d0$c80a0a0a@integrated.net> <46AE37A6.4080108@internap.com> Message-ID: <02b901c7d2e5$d33fdc70$c80a0a0a@integrated.net> Having to move to IPv6 will encourage all Legacy holders to sign RSA's if they want IPv6 IP's. there is no way around this. And if they can meet the current standard requirements... to bad... or change the policy for all of us. But allowing them to bend the rules and get special treatment is another thing... why do they need incentive when eventually they will have no choice in the future? PLEASE NOTE: Before everyone get the idea that I am bashing Legacy holders.. and "lets get the big stick out and beat their butts red..." that is not the case.. its just this particular proposal that is a slap in the face for all others that would like ARIN ip's but cannot meet the usage requirements. Leroy L. ----- Original Message ----- From: "Scott Leibrand" To: "Leroy Ladyzhensky" Cc: Sent: Monday, July 30, 2007 3:10 PM Subject: Re: [ppml] Policy Proposal: PIv6 for legacy holders with RSA andefficient use > Leroy, > > For what it's worth, I don't personally have any legacy blocks, and never > have. I was in high school when ARIN was created, and my current employer > was a brand new startup still getting PA space at the time. > > My own take is that it is in the community's interest to encourage > transition to IPv6, encourage legacy holders to formalize their ARIN > relationship with an RSA, and to encourage the reclamation of unused IPv4 > space. As stated in the Rationale, this policy was proposed for those > reasons. > > If you feel that this proposal violates the community's interest in > fairness, and that outweighs the other interests outlined above, I respect > your opinion and will agree to disagree on that point. I just want to > make sure you understand that this proposal was made with those community > interests in mind, not based on any self interest. > > -Scott > > P.S. I would also be in favor of a proposal to liberalize PI requirements > generally, provided it addresses previously voiced concerns about > assignments to non-legitimate organizations (like "spammers") and to a > lesser extent routing table explosion. > > Leroy Ladyzhensky wrote: >> My take on this, and I am really trying to be nice, is..... >> >> This policy is clearly motivated by self interests and not for the better >> of all.... >> >> There are plenty of good honest people and businesses out there that >> would love to be provider independent.. >> but since they cannot meet the requirement for IP usage they are not >> eligible for IP block from ARIN, and thus are locked into their >> ISP. >> >> So just because a Legacy holder got one way back in the beginning >> entitles them to do it again with IPv6, when they are unable to meet the >> current IPv6 requirements? >> >> If this were to pass my faith in the fairness of ARIN would be rocked to >> the core. >> >> Leroy L. >> >> >> >> ----- Original Message ----- >> From: "Member Services" >> To: >> Sent: Monday, July 30, 2007 1:23 PM >> Subject: [ppml] Policy Proposal: PIv6 for legacy holders with RSA >> andefficient use >> >> >> >>> ARIN received the following policy proposal. In accordance with the ARIN >>> Internet Resource Policy Evaluation Process, the proposal is being >>> posted to the ARIN Public Policy Mailing List (PPML) and being placed on >>> ARIN's website. >>> >>> The ARIN Advisory Council (AC) will review this proposal at their next >>> regularly scheduled meeting. The AC may decide to: >>> >>> 1. Accept the proposal as a formal policy proposal as written. If the >>> AC accepts the proposal, it will be posted as a formal policy proposal >>> to PPML and it will be presented at a Public Policy Meeting. >>> >>> 2. Postpone their decision regarding the proposal until the next >>> regularly scheduled AC meeting in order to work with the author. The AC >>> will work with the author to clarify, combine or divide the proposal. At >>> their following meeting the AC will accept or not accept the proposal. >>> >>> 3. Not accept the proposal. If the AC does not accept the proposal, >>> the AC will explain their decision. If a proposal is not accepted, then >>> the author may elect to use the petition process to advance their >>> proposal. If the author elects not to petition or the petition fails, >>> then the proposal will be closed. >>> >>> The AC will assign shepherds in the near future. ARIN will provide the >>> names of the shepherds to the community via the PPML. >>> >>> In the meantime, the AC invites everyone to comment on this proposal on >>> the PPML, particularly their support or non-support and the reasoning >>> behind their opinion. Such participation contributes to a thorough >>> vetting and provides important guidance to the AC in their >>> deliberations. >>> >>> The ARIN Internet Resource Policy Evaluation Process can be found at: >>> http://www.arin.net/policy/irpep.html >>> >>> Mailing list subscription information can be found at: >>> http://www.arin.net/mailing_lists/ >>> >>> Regards, >>> >>> Member Services >>> American Registry for Internet Numbers (ARIN) >>> >>> >>> ## * ## >>> >>> >>> Policy Proposal Name: PIv6 for legacy holders with RSA and efficient use >>> >>> Author: Scott Leibrand >>> >>> Proposal Version: 1.0 >>> >>> Submission Date: 7/28/2007 >>> >>> Proposal type: new >>> >>> Policy term: permanent >>> >>> Policy statement: >>> >>> Modify NRPM section 6.5.8.1 (Direct assignments from ARIN to end-user >>> organizations: Criteria), to read: >>> >>> To qualify for a direct assignment, an organization must: >>> >>> 1. not be an IPv6 LIR; and >>> 2. qualify for an IPv4 assignment or allocation from ARIN under the >>> IPv4 policy currently in effect, or demonstrate efficient >>> utilization of a direct IPv4 assignment or allocation covered by a >>> current ARIN RSA. >>> >>> Rationale: >>> >>> Current policy allows direct IPv6 allocations and assignments to nearly >>> all organizations with IPv4 allocations or assignments from ARIN. As a >>> result, such organizations can get IPv6 space just as easily as they can >>> get IPv4 space, making it easy for them to transition to IPv6 as soon as >>> they're ready to do so. However, there are some organizations who >>> received IPv4 /23's and /24's prior to the formation of ARIN, and use >>> that space in a multihomed, provider-independent fashion. Under current >>> policy, such organizations cannot get IPv6 PI space without artificially >>> inflating host counts, and are therefore discouraged from adopting IPv6. >>> This policy proposal aims to remove this disincentive, and allow such >>> organizations to easily adopt IPv6. >>> >>> In addition, pre-ARIN assignments were issued through an informal >>> process, and many legacy resource holders have not yet entered into a >>> formal agreement with ARIN, the manager of many such IP numbering >>> resources. This policy proposal would require that such assignments be >>> brought under a current ARIN Registration Services Agreement, thereby >>> formalizing the relationship. >>> >>> Some pre-ARIN assignments may not be used efficiently. As unallocated >>> IPv4 numbering resources are approaching exhaustion, it is important to >>> ensure efficient utilization of IPv4 assignments, and to arrange for >>> reclamation of unused space. Therefore, this policy would require that >>> the organization wishing to receive IPv6 PI space demonstrate efficient >>> utilization of their IPv4 assignment. (Efficient utilization is already >>> defined elsewhere in policy, and the exact mechanism for achieving and >>> determining efficient use is a matter of procedure, not of policy, so >>> detailed procedures are not included in the policy statement above. The >>> intent is that any organization with an assignment of /23 or larger >>> which is less than 50% utilized would renumber and return whole unused >>> CIDR blocks as necessary to bring the remaining CIDR block to 50% >>> utilization or higher. A /24 should be considered efficiently utilized >>> as long as it is in use for multihoming, as /25's and smaller are not >>> routable for that purpose.) >>> >>> It has been suggested that this policy would be useful only until the >>> growth of IPv6 exceeds the growth of IPv4. I would agree with this, >>> and would further posit that the existing "qualify ... under the IPv4 >>> policy currently in effect" language should also be modified at that >>> time. I have therefore proposed this policy with a policy term of >>> "permanent", with the expectation that this section of policy (6.5.8.1) >>> will be rewritten at the appropriate time to entirely remove all IPv4 >>> dependencies. >>> >>> Timetable for implementation: immediate >>> >>> _______________________________________________ >>> This message sent to you through the ARIN Public Policy Mailing List >>> (PPML at arin.net). >>> Manage your mailing list subscription at: >>> http://lists.arin.net/mailman/listinfo/ppml >>> >>> >> >> _______________________________________________ >> This message sent to you through the ARIN Public Policy Mailing List >> (PPML at arin.net). >> Manage your mailing list subscription at: >> http://lists.arin.net/mailman/listinfo/ppml >> > From sleibrand at internap.com Mon Jul 30 16:30:34 2007 From: sleibrand at internap.com (Scott Leibrand) Date: Mon, 30 Jul 2007 13:30:34 -0700 Subject: [ppml] Policy Proposal: PIv6 for legacy holders with RSA andefficient use In-Reply-To: <02b901c7d2e5$d33fdc70$c80a0a0a@integrated.net> References: <46AE1EA9.3010509@arin.net> <025b01c7d2da$8717b5d0$c80a0a0a@integrated.net> <46AE37A6.4080108@internap.com> <02b901c7d2e5$d33fdc70$c80a0a0a@integrated.net> Message-ID: <46AE4A6A.1070603@internap.com> Leroy Ladyzhensky wrote: > > Having to move to IPv6 will encourage all Legacy holders to sign RSA's > if they want IPv6 IP's. there is no way around this. And > if they can meet the current standard requirements... to bad... or > change the policy for all of us. > > But allowing them to bend the rules and get special treatment is > another thing... why do they need incentive when eventually they will > have no choice in the future? Yes, they will need to sign an RSA to cover their new IPv6 allocation/assignment, but AFAIK they don't have to bring their IPv4 space under RSA, or demonstrate efficient use of their existing IPv4 space. Those are the activities that this policy proposal would incent. > > PLEASE NOTE: Before everyone get the idea that I am bashing Legacy > holders.. and "lets get the big stick out and beat their butts red..." > that is not the case.. its just this particular proposal that is a > slap in the face for all others that would like ARIN ip's but cannot > meet the usage requirements. Where do you see the un-met demand for PI space, on the v4 or v6 side, or evenly across both? Would it be useful, in your opinion, to make IPv6 PI requirements less stringent than those for IPv4? -Scott > > > ----- Original Message ----- From: "Scott Leibrand" > > To: "Leroy Ladyzhensky" > Cc: > Sent: Monday, July 30, 2007 3:10 PM > Subject: Re: [ppml] Policy Proposal: PIv6 for legacy holders with RSA > andefficient use > > >> Leroy, >> >> For what it's worth, I don't personally have any legacy blocks, and >> never have. I was in high school when ARIN was created, and my >> current employer was a brand new startup still getting PA space at >> the time. >> >> My own take is that it is in the community's interest to encourage >> transition to IPv6, encourage legacy holders to formalize their ARIN >> relationship with an RSA, and to encourage the reclamation of unused >> IPv4 space. As stated in the Rationale, this policy was proposed for >> those reasons. >> >> If you feel that this proposal violates the community's interest in >> fairness, and that outweighs the other interests outlined above, I >> respect your opinion and will agree to disagree on that point. I >> just want to make sure you understand that this proposal was made >> with those community interests in mind, not based on any self interest. >> >> -Scott >> >> P.S. I would also be in favor of a proposal to liberalize PI >> requirements generally, provided it addresses previously voiced >> concerns about assignments to non-legitimate organizations (like >> "spammers") and to a lesser extent routing table explosion. >> >> Leroy Ladyzhensky wrote: >>> My take on this, and I am really trying to be nice, is..... >>> >>> This policy is clearly motivated by self interests and not for the >>> better of all.... >>> >>> There are plenty of good honest people and businesses out there that >>> would love to be provider independent.. >>> but since they cannot meet the requirement for IP usage they are not >>> eligible for IP block from ARIN, and thus are locked into their >>> ISP. >>> >>> So just because a Legacy holder got one way back in the beginning >>> entitles them to do it again with IPv6, when they are unable to meet >>> the current IPv6 requirements? >>> >>> If this were to pass my faith in the fairness of ARIN would be >>> rocked to the core. >>> >>> Leroy L. >>> >>> >>> >>> ----- Original Message ----- From: "Member Services" >>> To: >>> Sent: Monday, July 30, 2007 1:23 PM >>> Subject: [ppml] Policy Proposal: PIv6 for legacy holders with RSA >>> andefficient use >>> >>> >>> >>>> ARIN received the following policy proposal. In accordance with the >>>> ARIN >>>> Internet Resource Policy Evaluation Process, the proposal is being >>>> posted to the ARIN Public Policy Mailing List (PPML) and being >>>> placed on >>>> ARIN's website. >>>> >>>> The ARIN Advisory Council (AC) will review this proposal at their next >>>> regularly scheduled meeting. The AC may decide to: >>>> >>>> 1. Accept the proposal as a formal policy proposal as written. If >>>> the >>>> AC accepts the proposal, it will be posted as a formal policy proposal >>>> to PPML and it will be presented at a Public Policy Meeting. >>>> >>>> 2. Postpone their decision regarding the proposal until the next >>>> regularly scheduled AC meeting in order to work with the author. >>>> The AC >>>> will work with the author to clarify, combine or divide the >>>> proposal. At >>>> their following meeting the AC will accept or not accept the proposal. >>>> >>>> 3. Not accept the proposal. If the AC does not accept the proposal, >>>> the AC will explain their decision. If a proposal is not accepted, >>>> then >>>> the author may elect to use the petition process to advance their >>>> proposal. If the author elects not to petition or the petition fails, >>>> then the proposal will be closed. >>>> >>>> The AC will assign shepherds in the near future. ARIN will provide the >>>> names of the shepherds to the community via the PPML. >>>> >>>> In the meantime, the AC invites everyone to comment on this >>>> proposal on >>>> the PPML, particularly their support or non-support and the reasoning >>>> behind their opinion. Such participation contributes to a thorough >>>> vetting and provides important guidance to the AC in their >>>> deliberations. >>>> >>>> The ARIN Internet Resource Policy Evaluation Process can be found at: >>>> http://www.arin.net/policy/irpep.html >>>> >>>> Mailing list subscription information can be found at: >>>> http://www.arin.net/mailing_lists/ >>>> >>>> Regards, >>>> >>>> Member Services >>>> American Registry for Internet Numbers (ARIN) >>>> >>>> >>>> ## * ## >>>> >>>> >>>> Policy Proposal Name: PIv6 for legacy holders with RSA and >>>> efficient use >>>> >>>> Author: Scott Leibrand >>>> >>>> Proposal Version: 1.0 >>>> >>>> Submission Date: 7/28/2007 >>>> >>>> Proposal type: new >>>> >>>> Policy term: permanent >>>> >>>> Policy statement: >>>> >>>> Modify NRPM section 6.5.8.1 (Direct assignments from ARIN to end-user >>>> organizations: Criteria), to read: >>>> >>>> To qualify for a direct assignment, an organization must: >>>> >>>> 1. not be an IPv6 LIR; and >>>> 2. qualify for an IPv4 assignment or allocation from ARIN under the >>>> IPv4 policy currently in effect, or demonstrate efficient >>>> utilization of a direct IPv4 assignment or allocation covered >>>> by a >>>> current ARIN RSA. >>>> >>>> Rationale: >>>> >>>> Current policy allows direct IPv6 allocations and assignments to >>>> nearly >>>> all organizations with IPv4 allocations or assignments from ARIN. >>>> As a >>>> result, such organizations can get IPv6 space just as easily as >>>> they can >>>> get IPv4 space, making it easy for them to transition to IPv6 as >>>> soon as >>>> they're ready to do so. However, there are some organizations who >>>> received IPv4 /23's and /24's prior to the formation of ARIN, and use >>>> that space in a multihomed, provider-independent fashion. Under >>>> current >>>> policy, such organizations cannot get IPv6 PI space without >>>> artificially >>>> inflating host counts, and are therefore discouraged from adopting >>>> IPv6. >>>> This policy proposal aims to remove this disincentive, and allow such >>>> organizations to easily adopt IPv6. >>>> >>>> In addition, pre-ARIN assignments were issued through an informal >>>> process, and many legacy resource holders have not yet entered into a >>>> formal agreement with ARIN, the manager of many such IP numbering >>>> resources. This policy proposal would require that such >>>> assignments be >>>> brought under a current ARIN Registration Services Agreement, thereby >>>> formalizing the relationship. >>>> >>>> Some pre-ARIN assignments may not be used efficiently. As unallocated >>>> IPv4 numbering resources are approaching exhaustion, it is >>>> important to >>>> ensure efficient utilization of IPv4 assignments, and to arrange for >>>> reclamation of unused space. Therefore, this policy would require >>>> that >>>> the organization wishing to receive IPv6 PI space demonstrate >>>> efficient >>>> utilization of their IPv4 assignment. (Efficient utilization is >>>> already >>>> defined elsewhere in policy, and the exact mechanism for achieving and >>>> determining efficient use is a matter of procedure, not of policy, so >>>> detailed procedures are not included in the policy statement >>>> above. The >>>> intent is that any organization with an assignment of /23 or larger >>>> which is less than 50% utilized would renumber and return whole unused >>>> CIDR blocks as necessary to bring the remaining CIDR block to 50% >>>> utilization or higher. A /24 should be considered efficiently >>>> utilized >>>> as long as it is in use for multihoming, as /25's and smaller are not >>>> routable for that purpose.) >>>> >>>> It has been suggested that this policy would be useful only until the >>>> growth of IPv6 exceeds the growth of IPv4. I would agree with this, >>>> and would further posit that the existing "qualify ... under the IPv4 >>>> policy currently in effect" language should also be modified at that >>>> time. I have therefore proposed this policy with a policy term of >>>> "permanent", with the expectation that this section of policy >>>> (6.5.8.1) >>>> will be rewritten at the appropriate time to entirely remove all IPv4 >>>> dependencies. >>>> >>>> Timetable for implementation: immediate >>>> >>>> _______________________________________________ >>>> This message sent to you through the ARIN Public Policy Mailing List >>>> (PPML at arin.net). >>>> Manage your mailing list subscription at: >>>> http://lists.arin.net/mailman/listinfo/ppml >>>> >>>> >>> >>> _______________________________________________ >>> This message sent to you through the ARIN Public Policy Mailing List >>> (PPML at arin.net). >>> Manage your mailing list subscription at: >>> http://lists.arin.net/mailman/listinfo/ppml >>> >> > From michael.dillon at bt.com Mon Jul 30 16:34:57 2007 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Mon, 30 Jul 2007 21:34:57 +0100 Subject: [ppml] PIv6 for legacy holders (/w RSA + efficient use) In-Reply-To: References: <8e707a764d7789eb11dad919c0be0a0846adc1cd@jcc.com> Message-ID: > > With IPv6, ULA addressing defined in RFC 4193 > > http://www.ietf.org/rfc/rfc4193.txt allows one to isolate > most of the > > internal network using non-routable addresses. Combine that > with the > > typical enterprise configuration of firewall, web proxy, > and internal > > email service. You don't even need NAT in this scenario. > > And you don't need IPv6 in this scenario. How is this any > better than using RFC 1918 IPv4? It is better because you are using IPv6, gaining experience with IPv6, and enabling your internal network to grow (add devices) without using any more IPv4 addresses. Many companies are facing exhaustion of the RFC 1918 space as well so transitioning to IPv6 is motivated by more than one exhaustion event. --Michael Dillon From leo.vegoda at icann.org Mon Jul 30 16:35:02 2007 From: leo.vegoda at icann.org (Leo Vegoda) Date: Mon, 30 Jul 2007 22:35:02 +0200 Subject: [ppml] FW: Policy Proposal 2007-15: Authentication ofLegacyResources In-Reply-To: References: Message-ID: <4CEF6D61-45A8-4B91-8B2D-A3C9283561A1@icann.org> On 30 Jul 2007, at 21:18, Dean Anderson wrote: [...] > I note that no one has so far identified a source URL for the raw data > that these reports are based on. It would be helpful if someone could > identify where this may be found. http://www.nro.net/statistics/index.html I believe that each of the quarterly presentations listed on that page is generated from the RIRs' regular statistical reports. The last page of each presentation provides links to the raw data. Regards, Leo Vegoda From michael.dillon at bt.com Mon Jul 30 16:42:49 2007 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Mon, 30 Jul 2007 21:42:49 +0100 Subject: [ppml] Policy Proposal: PIv6 for legacy holders with RSA andefficient use In-Reply-To: <46AE4A6A.1070603@internap.com> References: <46AE1EA9.3010509@arin.net><025b01c7d2da$8717b5d0$c80a0a0a@integrated.net><46AE37A6.4080108@internap.com><02b901c7d2e5$d33fdc70$c80a0a0a@integrated.net> <46AE4A6A.1070603@internap.com> Message-ID: > Yes, they will need to sign an RSA to cover their new IPv6 > allocation/assignment, but AFAIK they don't have to bring > their IPv4 space under RSA, or demonstrate efficient use of > their existing IPv4 space. Those are the activities that > this policy proposal would incent. The current RSA text refers to "number resources". The text explicitly defines this term as follows: Allocation/assignment of IP address space and assignment of ASNs shall hereinafter be defined as number resources. Note: the ARIN web site does have a search engine (see bottom right hand corner of web page) which will lead you to the RSA. --Michael Dillon From arin-contact at dirtside.com Mon Jul 30 16:50:51 2007 From: arin-contact at dirtside.com (William Herrin) Date: Mon, 30 Jul 2007 16:50:51 -0400 Subject: [ppml] Policy Proposal: Definition of known ISP and changes to IPv6 initial allocation criteria In-Reply-To: <46AE170F.6010901@arin.net> References: <46AE170F.6010901@arin.net> Message-ID: <3c3e3fca0707301350p23a9f5e5ja20f4285ced3798f@mail.gmail.com> On 7/30/07, Member Services wrote: > 6.2.10 Existing ISP > > An existing ISP is an organization which meets the following > criteria: > > 1. Has IPv4 or IPv6 address space directly allocated > by ARIN; or > 2. Has at least a total of an IPv4 /23 or an IPv6 /44 of address > space reallocated to them via SWIP by one or more upstream > ISPs. > > Address space directly assigned from ARIN or reassigned from > upstream ISPs does not count towards these requirements. Kevin, You should re-word that last sentence. It took me several read-throughs to catch the distinction: "directly assigned" = end user = not allocated where the ISP can reallocate and reassign. Maybe add "End-user" to the front of the sentence. Other than that, I'm neutral on this proposal. There are others on this list in a better position to say and I'll defer to them. Regards, Bill Herrin -- William D. Herrin herrin at dirtside.com bill at herrin.us 3005 Crane Dr. Web: Falls Church, VA 22042-3004 From owen at delong.com Mon Jul 30 16:52:20 2007 From: owen at delong.com (Owen DeLong) Date: Mon, 30 Jul 2007 13:52:20 -0700 Subject: [ppml] Policy Proposal: PIv6 for legacy holders with RSA andefficient use In-Reply-To: References: <46AE1EA9.3010509@arin.net><025b01c7d2da$8717b5d0$c80a0a0a@integrated.net><46AE37A6.4080108@internap.com><02b901c7d2e5$d33fdc70$c80a0a0a@integrated.net> <46AE4A6A.1070603@internap.com> Message-ID: On Jul 30, 2007, at 1:42 PM, wrote: >> Yes, they will need to sign an RSA to cover their new IPv6 >> allocation/assignment, but AFAIK they don't have to bring >> their IPv4 space under RSA, or demonstrate efficient use of >> their existing IPv4 space. Those are the activities that >> this policy proposal would incent. > > The current RSA text refers to "number resources". The text > explicitly > defines this term as follows: > > Allocation/assignment of IP address space and assignment > of ASNs shall hereinafter be defined as number resources. > However, in virtually every context in which that term appears in the RSA, it refers to "number resources assigned by ARIN". In the case of legacy, such text would not apply. Owen > Note: the ARIN web site does have a search engine (see bottom right > hand > corner of web page) which will lead you to the RSA. > Or one can simply click on "Registration Services" on the front page and there is a link from that page directly to the RSA. Owen From sleibrand at internap.com Mon Jul 30 16:59:09 2007 From: sleibrand at internap.com (Scott Leibrand) Date: Mon, 30 Jul 2007 13:59:09 -0700 Subject: [ppml] Policy Proposal: PIv6 for legacy holders with RSA andefficient use In-Reply-To: References: <46AE1EA9.3010509@arin.net><025b01c7d2da$8717b5d0$c80a0a0a@integrated.net><46AE37A6.4080108@internap.com><02b901c7d2e5$d33fdc70$c80a0a0a@integrated.net> <46AE4A6A.1070603@internap.com> Message-ID: <46AE511D.9080303@internap.com> michael.dillon at bt.com wrote: >> Yes, they will need to sign an RSA to cover their new IPv6 >> allocation/assignment, but AFAIK they don't have to bring >> their IPv4 space under RSA, or demonstrate efficient use of >> their existing IPv4 space. Those are the activities that >> this policy proposal would incent. >> > > The current RSA text refers to "number resources". The text explicitly > defines this term as follows: > > Allocation/assignment of IP address space and assignment > of ASNs shall hereinafter be defined as number resources. > > Note: the ARIN web site does have a search engine (see bottom right hand > corner of web page) which will lead you to the RSA. > Perhaps ARIN counsel could address this question: Does signing the current RSA and receiving IPv6 addresses obligate the signer with regards to IPv4 addresses obtained before the formation of ARIN? The RSA states that "Applicant must submit this Agreement and any requested accompanying information to ARIN to apply to receive and use certain services (?Services?) from ARIN, which may include, without limitation, an allocation/assignment of IP address space, assignment of Autonomous System numbers (?ASNs?), inverse addressing on network blocks, maintenance of network records, and administration of IP address space. Allocation/assignment of IP address space and assignment of ASNs shall hereinafter be defined as ?number resources.?" I'm not a lawyer, which is why I posed the question above to ARIN counsel, but I could read that paragraph, and other references to "number resources" throughout the RSA, as covering only the "number resources" received from ARIN. -Scott From paul at vix.com Mon Jul 30 17:12:03 2007 From: paul at vix.com (Paul Vixie) Date: Mon, 30 Jul 2007 21:12:03 +0000 Subject: [ppml] PIv6 for legacy holders (/w RSA + efficient use) In-Reply-To: Your message of "Mon, 30 Jul 2007 12:23:23 MST." <0ADD7367-339E-4360-80CD-45DEA230CE87@virtualized.org> References: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com> <46AA8423.5060202@internap.com> <3c3e3fca0707271832y749f09ccw38ddf7b7a4f3d435@mail.gmail.com> <46AAA4C3.3050103@internap.com> <3c3e3fca0707271944v6fca3ccel68547b6067a34a9c@mail.gmail.com> <46AAB480.6020400@internap.com> <6eb799ab0707280622o313680b7gc639fa2bade0fd5f@mail.gmail.com> <46AB6585.7080900@psg.com> <6eb799ab0707281047l71652f57n9f75737c2bef054f@mail.gmail.com> <46AC0DF3.8050902@psg.com> <3c3e3fca0707290212r74d8d8adod8489ab5f9d9d8bf@mail.gmail.com> <46ACB03E.4020208@psg.com> <65115.1185725352@sa.vix.com> <6C350250-4E0A-49B7-A8DE-A2A24335BBD9@virtualized.org> <76042.1185814077@sa.vix.com> <88234.1185818363@sa.vix.com> <0ADD7367-339E-4360-80CD-45DEA230CE87@virtualized.org> Message-ID: <24940.1185829923@sa.vix.com> > You misunderstand. It isn't _my_ transition strategy, it isn't even really > a strategy (is predicting a rock will hit the ground if you drop it a > strategy?). I'm merely suggesting it is the most likely outcome of the > situation we've placed ourselves in. as i have been shown the folly of ignoring your wisdom in the past, please elucidate. what other outcomes were measured for likeliness, and why was this one selected? (without the backup data, the above statement still seems fatalistic to me, but my mind is open.) From kmedcalf at dessus.com Mon Jul 30 17:51:56 2007 From: kmedcalf at dessus.com (Keith Medcalf) Date: Mon, 30 Jul 2007 17:51:56 -0400 Subject: [ppml] Authentication of Legacy Resources In-Reply-To: <023c01c7d2d8$ccd50570$5b3816ac@atlanta.polycom.com> Message-ID: <2250bd62fe80974fa27c0108c860baff@mail.dessus.com> > >> Likewise, I don't see much purpose in discussing carrots until > >> ARIN does some outreach to at least make legacy holders > >> aware of ARIN and give them an opportunity to join on the > >> existing terms. > > Actually, ARIN *has* done that, on March 14th. That's why I'm here: > >>>You are receiving this message because you are a registered > >>>Point of Contact (POC) with ARIN and are not subscribed by > >>>this e-mail address (jhg at omsys.com) to the ARIN Public > >>>Policy Mailing List (PPML). ARIN invites you to join the PPML. That is why I'm here too. Mind you, I have had to update my rDNS delegations a couple of times over the years (twice maybe thrice in 12 years), so I am (and always have been) familiar with ARIN. It just didn't/doesn't seem very relevant. > > I appreciate that ARIN staff took that initiative. There are > > probably quite a few of us old-timers here lurking, listening > > to the dialogue with varying degrees of disbelief and horror. > > And occasional glimmers of hope... ;-) :) > It's rather rare for an email address to be valid for that long, > and even rarer that that person would still be the appropriate > person for ARIN to be contacting. Really? My e-mail address hasn't changed in a long time -- it was the same back when e-mail transport was via UUCP over 9600 baud modems. Of course, the routing and connection method has changed (and especially the transport bandwidth) ... and disk-to-disk times are now measured in milliseconds around the globe instead of days. > >>We've heard from legacy holders here that want to join and can't > >>figure out how, > > I'm one of those. The $100 a year isn't a showstopper, though > > it's about what I pay for *ten* domain registrations, Ditto. > That $100/yr is for an unlimited number of end-user (i.e. non-LIR) > registrations. Perhaps that's not the appropriate fee model > either, but it's not quite fair to compare it to domains, where you > pay per registration. I only have *one* ip4 /24 PI registration. I do not want any more, though I would want *one* ipv6 minimum-size PI. But that IPv6 space is not going to come from ARIN with their current policies and thus, ARIN is, once again, relegated to irrelevance -- at least to me. > > but the mechanism is invisible. Apply for what I already have? > > Uh, no, that seems impossible. And I don't need any more, thank > > you. > That's a big hole right now. See below. > > My contact info is up to date. If things got desperate, I > > probably would return two or three /26s to help out. Ditto. Out of my *ONE* /24 (which is not publicly multihomed -- that is, it is only single-homed on the Internet) So, in summary, ARIN provides almost no useful services to me -- and certainly none which are worth US$100 per year. I am required to keep my registration information updated, which I do and it is even though it has *not* changed, other than the rDNS delegations, since before the formation of ARIN. The only valuable service that ARIN could provide would be some IPv6 PI space but that is unlikely to come to pass, as far as I can see as I am not qualified for it or I would have to dissemble my way to it (not likely). I do *not* sign lock-in contracts. If you suck I want the option to immediately tell you when to go shove yourself and NOT pay you any more money. This applies to telcos, Cell Carriers, CableCos, Internet Carriers, etc. I do *NOT* do "specials" (free calling for the first six months and for the rest of the three year contract you will be ripped off at every turn). I do NOT want PA space -- that is fine for little rubber people who use gmail, but not for me. Because of this it is extremely unlikely that I will touch IPv6 before IPv4 runout (or quite likely, afterwards either) except if it is though someone else's network. I am simply not interested in subjecting myself to the vagaries of dealing with the brain-dead and the incompetent (having PI space is fantastic for weeding out the incompetent). So, if ARIN cannot provide any useful services I don't see any need to give them any money. And if they want to try to extort money for nothing, lawsuits can be fun! It is entertaining to watch all you budding gangsters try to figure out how to put over your petty extortion schemes and protection rackets however. One word of advice though -- you should keep you criminal conspiring in private and not published where it can be used as evidence against you. From kmedcalf at dessus.com Mon Jul 30 17:56:23 2007 From: kmedcalf at dessus.com (Keith Medcalf) Date: Mon, 30 Jul 2007 17:56:23 -0400 Subject: [ppml] Policy Proposal 2007-15: Authentication ofLegacyResources In-Reply-To: Message-ID: <37cda1eb1928474286eeec7df8d49710@mail.dessus.com> > > ... the rate of depletion is secondary to the fact that > > depletion will occur. If we focus on rate then a thirsty > > man will die before he gets his next water ration. > Of course, if the man doesn't ration his water at all, he will die > sooner still. Rationing is always a prudent action when depletion is > going to be very undesirable. Water should never be rationed. The most efficient place to store water is inside your body. Rationing is only *prudent* for things that have no actual importance. From sleibrand at internap.com Mon Jul 30 18:02:06 2007 From: sleibrand at internap.com (Scott Leibrand) Date: Mon, 30 Jul 2007 15:02:06 -0700 Subject: [ppml] Authentication of Legacy Resources In-Reply-To: <2250bd62fe80974fa27c0108c860baff@mail.dessus.com> References: <2250bd62fe80974fa27c0108c860baff@mail.dessus.com> Message-ID: <46AE5FDE.9050006@internap.com> Keith Medcalf wrote: > > So, in summary, ARIN provides almost no useful services to me -- and certainly none which are worth US$100 per year. I am required to keep my registration information updated, which I do and it is even though it has *not* changed, other than the rDNS delegations, since before the formation of ARIN. > > The only valuable service that ARIN could provide would be some IPv6 PI space but that is unlikely to come to pass, as far as I can see as I am not qualified for it or I would have to dissemble my way to it (not likely). > > I do *not* sign lock-in contracts. If you suck I want the option to immediately tell you when to go shove yourself and NOT pay you any more money. This applies to telcos, Cell Carriers, CableCos, Internet Carriers, etc. I do *NOT* do "specials" (free calling for the first six months and for the rest of the three year contract you will be ripped off at every turn). I do NOT want PA space -- that is fine for little rubber people who use gmail, but not for me. > > Because of this it is extremely unlikely that I will touch IPv6 before IPv4 runout (or quite likely, afterwards either) except if it is though someone else's network. I am simply not interested in subjecting myself to the vagaries of dealing with the brain-dead and the incompetent (having PI space is fantastic for weeding out the incompetent). > Keith, If a "PIv6 for legacy holders with RSA and efficient use" policy were adopted, would you be willing/able to demonstrate efficient utilization of a direct IPv4 assignment or allocation covered by a current ARIN RSA in order to get an IPv6 PI block from ARIN? Would adoption of such a policy prompt you to adopt IPv6? Would you support such a policy proposal? Thanks, Scott From tony at lava.net Mon Jul 30 18:19:11 2007 From: tony at lava.net (Antonio Querubin) Date: Mon, 30 Jul 2007 12:19:11 -1000 (HST) Subject: [ppml] Soliciting comments: IPv4 to IPv6 fast migration In-Reply-To: <70DE64CEFD6E9A4EB7FAF3A0631410667071D2@mail> References: <70DE64CEFD6E9A4EB7FAF3A0631410667071D2@mail> Message-ID: On Mon, 30 Jul 2007, Kevin Kargel wrote: > LNP made telephone routing more complicated, increased call failure, and > increased hardware cost. All this was done to accommodate a feature > that was mandated to the telco's by the government. This increased > complexity and hardware comes at a cost. You can safely assume the > telco's are not going to absorb that added cost out of the goodness of > their hearts. The added cost will be passed on to the provider. > > The same thing will happen in the TCP world if "local IP portability" is > forced and aggrability is abandoned. I suspect this isn't as big an issue for IP as it is for telephone numbers. Consumers really drove the demand for LNP and if you ignore SIP-style addressing for making voice calls, there really was no viable alternative for telephone numbers at the time. Telephone users weild significantly more political clout numerically than network administrators who don't want to go through the pain of renumbering. IP addresses simply don't reach down into the consciousness of the average user enough for them to care because they're accustomed to dealing with email addresses or domain names, not IP addresses. Antonio Querubin whois: AQ7-ARIN From drc at virtualized.org Mon Jul 30 18:19:44 2007 From: drc at virtualized.org (David Conrad) Date: Mon, 30 Jul 2007 15:19:44 -0700 Subject: [ppml] Policy Proposal 2007-15: Authentication ofLegacyResources In-Reply-To: <37cda1eb1928474286eeec7df8d49710@mail.dessus.com> References: <37cda1eb1928474286eeec7df8d49710@mail.dessus.com> Message-ID: <3C69ED5C-B54C-4ACD-9FF5-9CC4DD054525@virtualized.org> On Jul 30, 2007, at 2:56 PM, Keith Medcalf wrote: > Water should never be rationed. The most efficient place to store > water is inside your body. So, you have 100 people and water for 50. It isn't a question of storage, it is of allocation. What would you propose? FCFS? "To each according to need"? A market? > Rationing is only *prudent* for things that have no actual importance. Actually, rationing is a normal mechanism to cope with situations in which you have greater demand than supply, regardless of the importance of the resource. Rgds, -drc From dean at av8.com Mon Jul 30 18:22:46 2007 From: dean at av8.com (Dean Anderson) Date: Mon, 30 Jul 2007 18:22:46 -0400 (EDT) Subject: [ppml] Legacy users and ARIN duties In-Reply-To: <46AE42B0.5030808@internap.com> Message-ID: Yes. I'll try to write something up. I'm not certain I know the procedure and form. I'll also look at Mr. Conrad's "Soft Landing" proposal more closely. --Dean On Mon, 30 Jul 2007, Scott Leibrand wrote: > Dean, > > I don't recall having seen a policy proposal yet for how one would > ration the remaining IPv4 space. I think it would be worthwhile to have > such a proposal on the table so we can discuss it along with other > options for dealing with the impending IPv4 scarcity. Would you be > interested in proposing such a policy? -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000 From paul at vix.com Mon Jul 30 18:28:01 2007 From: paul at vix.com (Paul Vixie) Date: Mon, 30 Jul 2007 22:28:01 +0000 Subject: [ppml] Policy Proposal 2007-15: Authentication ofLegacyResources In-Reply-To: Your message of "Mon, 30 Jul 2007 15:19:44 MST." <3C69ED5C-B54C-4ACD-9FF5-9CC4DD054525@virtualized.org> References: <37cda1eb1928474286eeec7df8d49710@mail.dessus.com> <3C69ED5C-B54C-4ACD-9FF5-9CC4DD054525@virtualized.org> Message-ID: <40978.1185834481@sa.vix.com> > So, you have 100 people and water for 50. > > It isn't a question of storage, it is of allocation. What would you > propose? FCFS? "To each according to need"? A market? can you define more of the constraints? if it's all the fresh water left in the universe, after which everyone is going to die, then i'd pick 1/N. if it's all the convenient water but there's lot of other water over the hill that folks are going to have to walk to, then i'd pick FCFS. in no case would i work to create a market, since that would almost certainly lead to suffering by the youngest and most infirm. > > Rationing is only *prudent* for things that have no actual importance. > > Actually, rationing is a normal mechanism to cope with situations in which > you have greater demand than supply, regardless of the importance of the > resource. i can't think of an example where rationing was used for a fixed resource which was going to run completely and forever out at a predictable moment. From paul at vix.com Mon Jul 30 18:36:34 2007 From: paul at vix.com (Paul Vixie) Date: Mon, 30 Jul 2007 22:36:34 +0000 Subject: [ppml] PIv6 for legacy holders (/w RSA + efficient use) In-Reply-To: Your message of "Mon, 30 Jul 2007 12:37:23 MST." <749DAE11-E6B1-4CA5-B55A-E50FBF0DA911@virtualized.org> References: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com> <46AA8423.5060202@internap.com> <3c3e3fca0707271832y749f09ccw38ddf7b7a4f3d435@mail.gmail.com> <46AAA4C3.3050103@internap.com> <3c3e3fca0707271944v6fca3ccel68547b6067a34a9c@mail.gmail.com> <46AAB480.6020400@internap.com> <6eb799ab0707280622o313680b7gc639fa2bade0fd5f@mail.gmail.com> <46AB6585.7080900@psg.com> <6eb799ab0707281047l71652f57n9f75737c2bef054f@mail.gmail.com> <46AC0DF3.8050902@psg.com> <3c3e3fca0707290212r74d8d8adod8489ab5f9d9d8bf@mail.gmail.com> <46ACB03E.4020208@psg.com> <65115.1185725352@sa.vix.com> <46AD3623.6070309@psg.com> <82295.1185764561@sa.vix.com> <46AD6152.4060501@psg.com> <7319.1185771440@sa.vix.com> <749DAE11-E6B1-4CA5-B55A-E50FBF0DA911@virtualized.org> Message-ID: <41621.1185834994@sa.vix.com> > > the value of an address is that you can reach other people with it, > > Not quite. The value of a globally unique, routed address is that it lets > you provide services others can connect to. i meant by statement reflexively. "to reach and to be reached by". hopefully you did also, and you're not saying that there's value in being reached, but no value in reaching. (there's also technically a symmetric case where synchronization is external and there aren't initiator and target roles.) > > and if other people can't grow in IPv4, then why would you care to? > > To provide a service to the 1B+ people who are connected on the Internet > today? nobody makes a business plan involving the investment of new capital where the returns will be declining. investors internal and external large and small want to know, "where's the growth?" after ipv4 depletion, growth will shift toward ipv6. it's already foolish to invest in new capital in new non- dualstack networks, and it will get increasingly more foolish to do so as we reach and pass depletion. From davids at webmaster.com Mon Jul 30 18:39:39 2007 From: davids at webmaster.com (David Schwartz) Date: Mon, 30 Jul 2007 15:39:39 -0700 Subject: [ppml] Policy Proposal 2007-15: Authentication ofLegacyResources In-Reply-To: <40978.1185834481@sa.vix.com> Message-ID: > can you define more of the constraints? if it's all the fresh > water left in > the universe, after which everyone is going to die, then i'd pick 1/N. if > it's all the convenient water but there's lot of other water over the hill > that folks are going to have to walk to, then i'd pick FCFS. in no case > would i work to create a market, since that would almost certainly lead to > suffering by the youngest and most infirm. Obviously a market makes no sense if there is one and only one useful substance in the entire universe. DS From randy at psg.com Mon Jul 30 19:41:13 2007 From: randy at psg.com (Randy Bush) Date: Mon, 30 Jul 2007 13:41:13 -1000 Subject: [ppml] Policy Proposal 2007-15: Authentication ofLegacyResources In-Reply-To: <3C69ED5C-B54C-4ACD-9FF5-9CC4DD054525@virtualized.org> References: <37cda1eb1928474286eeec7df8d49710@mail.dessus.com> <3C69ED5C-B54C-4ACD-9FF5-9CC4DD054525@virtualized.org> Message-ID: <46AE7719.4070409@psg.com> Keith Medcalf wrote: > Water should never be rationed. in various places in the states, it has been. and, sad to say, it will be again, and much more seriously, in our lifetimes. randy From drc at virtualized.org Mon Jul 30 19:44:38 2007 From: drc at virtualized.org (David Conrad) Date: Mon, 30 Jul 2007 16:44:38 -0700 Subject: [ppml] Policy Proposal 2007-15: Authentication ofLegacyResources In-Reply-To: <40978.1185834481@sa.vix.com> References: <37cda1eb1928474286eeec7df8d49710@mail.dessus.com> <3C69ED5C-B54C-4ACD-9FF5-9CC4DD054525@virtualized.org> <40978.1185834481@sa.vix.com> Message-ID: On Jul 30, 2007, at 3:28 PM, Paul Vixie wrote: >> So, you have 100 people and water for 50. >> >> It isn't a question of storage, it is of allocation. What would you >> propose? FCFS? "To each according to need"? A market? > > can you define more of the constraints? Why? The statement was that "water should never be rationed." Your response is asking for what would constrain the rationing, not whether the rationing was necessary. > i can't think of an example where rationing was used for a fixed > resource > which was going to run completely and forever out at a predictable > moment. ? Any limited resource, land, gold, food, water, oil, etc. are all subject to rationing when the demand outstrips supply. The mechanism used for rationing varies, from market distribution to non-price rationing such as queues, bureaucracy, or edicts. The fact that a resource will "run completely and forever out" at a predictable (or un-) moment is irrelevant. The point is to distribute the resource as "equitably" (for some value of that variable) as possible during the period of scarcity. Rgds, -drc From paul at vix.com Mon Jul 30 20:00:20 2007 From: paul at vix.com (Paul Vixie) Date: Tue, 31 Jul 2007 00:00:20 +0000 Subject: [ppml] Policy Proposal 2007-15: Authentication ofLegacyResources In-Reply-To: Your message of "Mon, 30 Jul 2007 16:44:38 MST." References: <37cda1eb1928474286eeec7df8d49710@mail.dessus.com> <3C69ED5C-B54C-4ACD-9FF5-9CC4DD054525@virtualized.org> <40978.1185834481@sa.vix.com> Message-ID: <55837.1185840020@sa.vix.com> > >> So, you have 100 people and water for 50. > >> > >> It isn't a question of storage, it is of allocation. What would you > >> propose? FCFS? "To each according to need"? A market? > > > > can you define more of the constraints? > > Why? The statement was that "water should never be rationed." your question was "what would you propose?" > Your response is asking for what would constrain the rationing, not whether > the rationing was necessary. my response is to learn more about your question so i can consider it. > > i can't think of an example where rationing was used for a fixed resource > > which was going to run completely and forever out at a predictable moment. > > ? > > Any limited resource, land, gold, food, water, oil, etc. are all subject > to rationing when the demand outstrips supply. we're not talking about limited resources, we're talking about dead-end resources. last of the mohicans resources. more fresh water will come out of a spring or melt out of snow (for now, anyway), and so rationing works because there's both a present allocation and a future supply to be considered. ipv4 has no future supply, only future zero-sum. > The fact that a resource will "run completely and forever out" at a > predictable (or un-) moment is irrelevant. The point is to distribute the > resource as "equitably" (for some value of that variable) as possible during > the period of scarcity. humour me. it actually is very relevant whether a future supply will exist. or whether it's a zero-sum game. this changes what you call it, how you treat it, what you can expect from it -- it changes everything. if you'd like an answer to your hypothetical question, i'll need more constraints. note that at the macro level, the "soft landing" proposal had one similar element to my open-mic ("bad ideas night") proposal which i now see echoed in a current proposal -- get folks to describe their ipv6 plans before they can get more ipv4 space. noone should be deploying non-dualstack in this day+age. (it should go without saying that i make that suggestion as a member of the community and not as a member of arin's board -- i don't know what the board thinks of this idea but it is unlikely to be identical to my personal views.) From drc at virtualized.org Mon Jul 30 20:01:53 2007 From: drc at virtualized.org (David Conrad) Date: Mon, 30 Jul 2007 17:01:53 -0700 Subject: [ppml] PIv6 for legacy holders (/w RSA + efficient use) In-Reply-To: <24940.1185829923@sa.vix.com> References: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com> <46AA8423.5060202@internap.com> <3c3e3fca0707271832y749f09ccw38ddf7b7a4f3d435@mail.gmail.com> <46AAA4C3.3050103@internap.com> <3c3e3fca0707271944v6fca3ccel68547b6067a34a9c@mail.gmail.com> <46AAB480.6020400@internap.com> <6eb799ab0707280622o313680b7gc639fa2bade0fd5f@mail.gmail.com> <46AB6585.7080900@psg.com> <6eb799ab0707281047l71652f57n9f75737c2bef054f@mail.gmail.com> <46AC0DF3.8050902@psg.com> <3c3e3fca0707290212r74d8d8adod8489ab5f9d9d8bf@mail.gmail.com> <46ACB03E.4020208@psg.com> <65115.1185725352@sa.vix.com> <6C350250-4E0A-49B7-A8DE-A2A24335BBD9@virtualized.org> <76042.1185814077@sa.vix.com> <88234.1185818363@sa.vix.com> <0ADD7367-339E-4360-80CD-45DEA230CE87@virtualized.org> <24940.1185829923@sa.vix.com> Message-ID: <12CF3748-BEF2-4FAC-A1A2-801634C67084@virtualized.org> Paul, On Jul 30, 2007, at 2:12 PM, Paul Vixie wrote: > as i have been shown the folly of ignoring your wisdom in the past, > please > elucidate. what other outcomes were measured for likeliness, and > why was > this one selected? (without the backup data, the above statement > still > seems fatalistic to me, but my mind is open.) You're missing the point. Again, I'm not discussing possible transition strategies. I'm simply pointing out that as available resources diminish, people tend to become more efficient in the use of those resources, particularly when there is a cost associated with obtaining them. In the context of IPv4 free pool exhaustion, the implication of this is that people will tend to reduce their public address space footprint, most likely by making use of private address space and NAT where possible. This may result in longer prefixes coming available as people figure out they don't need all of the legacy /8 they were given by Jon (and people are willing to pay for the subnets of that /8). They may also start deploying IPv6, if the cost/benefit ratio of that deployment makes sense (something that has, as can be seen empirically, not yet been demonstrated). None of this is about destiny or fate or lofty ideals about what is "Good for the Internet"(tm). It is about what makes business sense. Rgds, -drc From dean at av8.com Mon Jul 30 20:44:12 2007 From: dean at av8.com (Dean Anderson) Date: Mon, 30 Jul 2007 20:44:12 -0400 (EDT) Subject: [ppml] Legacy users and ARIN duties In-Reply-To: Message-ID: BTW, on reflection, I want to state that the criticism contained in my previous message is not directed at John Curran personally, but at the so-called "royal you": the ARIN board and those others who participated in this and similar decisions at ARIN, IANA, and the other RIRs. --Dean On Mon, 30 Jul 2007, Dean Anderson wrote: > On Sat, 28 Jul 2007, John Curran wrote: > > > Community consensus on policy changes prior to depletion will > > determine the nature of the transition. Some advocate for a > > status-quo situation till depletion as businesses rely on predicable > > policies, and some recommend changes so as to affect the nature > > of the transition. The ARIN Board resolution made it clear what > > we'd like to see in the 7 May 2007 resolution: > > . > > "WHEREAS, ongoing community access to Internet Protocol version 4 > (IPv4) numbering resources can not be assured indefinitely; and," > > Through rationing based on a decreasing exponential, the IPv4 addresses > can be assured indefinitely, certainly beyond the next 10+ years. The > pain of depletion, instead of being felt all at once, could be spread > out over a long period. > > Looks like the ARIN board didn't get its facts straight in May. There > should be smart people on the board, who understand rationing. > > > > > In particular, we'd like to have policies that encourage IPv6 > > transition, and have asked the Advisory Council to consider > > this issue. That has resulted in quite a few policy proposals > > and lots of community discussion and all of that is a good thing. > > > > >I'm glad you brought up Enron. The Enron Board had to give back a lot of > > >money for their mismanagement. Bechtel just returned a Billion dollars > > >to Boston/MA/Feds for their BigDig engineering and construction > > >failures. I think an abrupt 'oops we're out of space' is going to > > >result in some very definite legal challenges to ARIN and its > > >management. > > > > An interesting assertion, but I do not believe there is a valid claim > > that this will be an abrupt change, unless the community fails to > > act responsibly in light of all of the preparation. > > I also note that you seem to use community consensus to defend your > actions when convenient, and yet the statement above seems to put the > blame on the community for the consequences of any abrupt change. You > can't have it both ways. There is a failure of leadership in assuming > both ways, and a failure to foresee the consequences of the abrupt > change. > > I hope there aren't any negative consequences to abruptly running out of > IPv4 space. But I do note that the consequences are probably serious and > global, and not limited to ARIN, and involve governments and regions > that could use other means of diplomacy to resolve real and perceived > affronts to the fair allocation of limited resources. And I also note > that a number of the people involved in making these decisions are > already involved in a number of other scandals and frauds, "hardball", > and silencing of critics. > > > --Dean > > > -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000 From drc at virtualized.org Mon Jul 30 20:58:02 2007 From: drc at virtualized.org (David Conrad) Date: Mon, 30 Jul 2007 17:58:02 -0700 Subject: [ppml] Policy Proposal 2007-15: Authentication ofLegacyResources In-Reply-To: <55837.1185840020@sa.vix.com> References: <37cda1eb1928474286eeec7df8d49710@mail.dessus.com> <3C69ED5C-B54C-4ACD-9FF5-9CC4DD054525@virtualized.org> <40978.1185834481@sa.vix.com> <55837.1185840020@sa.vix.com> Message-ID: Paul, On Jul 30, 2007, at 5:00 PM, Paul Vixie wrote: > we're not talking about limited resources, we're talking about dead- > end > resources. A dead-end resource is just an extreme of a limited resource. Rationing in these cases is typically used to extend the usable lifetime until a replacement can be found and transitioned to or the demand is reduced in some other fashion. > ipv4 has no future supply, only future zero-sum. IPv4, like land and gold and any other indestructible resource, isn't magically going away on when the free pool is exhausted. All that will occur is the policy regime that has existed since around 1995 will be forced to change since the underlying free pool that policy regime was created to manage will no longer exist. The "future supply" of IPv4 is like the "future supply" of land and will likely be managed the same way (whether or not the RIRs acknowledge it). MIT might discover that maybe they don't really need 16,777,216 addresses for their 11,000 students and faculty and begin to sublet portions of that space. HP might decide they don't actually need the DEC /8 and start leasing it for additional revenues. The individuals who thought they might have more than 256 hosts and thus needed a class B (you know who you are :-)) might decide to sell (gasp!) their space to the highest bidder. Etc. Why do you think this won't happen? Rgds, -drc From mysidia at gmail.com Mon Jul 30 21:04:01 2007 From: mysidia at gmail.com (James Hess) Date: Mon, 30 Jul 2007 20:04:01 -0500 Subject: [ppml] Legacy users and ARIN duties In-Reply-To: References: Message-ID: <6eb799ab0707301804n5d5e3f2bn172a50cd39c7abf5@mail.gmail.com> On 7/30/07, Dean Anderson wrote: > Looks like the ARIN board didn't get its facts straight in May. There > should be smart people on the board, who understand rationing. > [...] > > "WHEREAS, ongoing community access to Internet Protocol version 4 > (IPv4) numbering resources can not be assured indefinitely; and," > > Through rationing based on a decreasing exponential, the IPv4 addresses > can be assured indefinitely, certainly beyond the next 10+ years. The > pain of depletion, instead of being felt all at once, could be spread > out over a long period. The moment anyone requesting an allocation cannot get the IP addresses they need from ARIN, that they meet the justification criteria for, depletion has impacted them, and it's every bit as severe as if ARIN had run out of ip addresses altogether. It would be even more severe if the number of requests explodes as a result of ARIN not properly allocating the number of addresses needed. Not giving people the addresses they need doesn't really delay depletion, it accelerates it. The policy _already_ is to ration IP addresses, they are not allocated freely in as much quantity as anyone asks, addresses are already allocated based on justified need, and not in excess amounts. The rate at which people come to need additional IP addresses is not something ARIN has control over, and yet it's ARIN's responsibility to efficiently allocate the addresses needed. -- -J From bicknell at ufp.org Mon Jul 30 21:13:13 2007 From: bicknell at ufp.org (Leo Bicknell) Date: Mon, 30 Jul 2007 21:13:13 -0400 Subject: [ppml] Policy Proposal 2007-15: Authentication ofLegacyResources In-Reply-To: References: <37cda1eb1928474286eeec7df8d49710@mail.dessus.com> <3C69ED5C-B54C-4ACD-9FF5-9CC4DD054525@virtualized.org> <40978.1185834481@sa.vix.com> <55837.1185840020@sa.vix.com> Message-ID: <20070731011313.GA90659@ussenterprise.ufp.org> In a message written on Mon, Jul 30, 2007 at 05:58:02PM -0700, David Conrad wrote: > IPv4, like land and gold and any other indestructible resource, isn't > magically going away on when the free pool is exhausted. All that > will occur is the policy regime that has existed since around 1995 > will be forced to change since the underlying free pool that policy > regime was created to manage will no longer exist. It's not going to go away, but it's importance in day to day life will diminish. I believe if you want to use a fixed resource as your analogy that getting away from IPv4 is more akin to going off the "gold standard". Today each IP address is a brick of gold. There is only so much gold. Tomorrow, each IP address is a fiat currency based on the "subnet". Because we have gone off the gold standard does not mean gold has no value, or that people cease to be interested in it. However, interest in it as a currency of our time will rapidly dwindle if the new economy is successful. As you said in an earlier post, it's all about business. Running dual stack costs more than running single stack. Once IPv4 is deployed "enough" there will be pressure for IPv4 to be removed from the network. Is that 10, 20, or 50 years from now? I don't know; however I am quite sure that "IPv4 forever" is 100% wrong. Which makes this all the more interesting. IPv4's "value" is going to increase as people who aren't ready for IPv6 try to get what they can when there is no more IPv4. However, all know it will be temporary, the higher the price the more attractive IPv6 looks. In essence, the faster the "price" of IPv4 shoots up, the faster the deployment of IPv6, and the faster the crash of IPv4 as people abandon it as too expensive. Note: That's not to say I would support making IPv4 run out quicker. As stewards we're better off making the price curve look like a normal distribution than a singularity. -- Leo Bicknell - bicknell at ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ Read TMBG List - tmbg-list-request at tmbg.org, www.tmbg.org -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available URL: From paul at vix.com Mon Jul 30 21:25:08 2007 From: paul at vix.com (Paul Vixie) Date: Tue, 31 Jul 2007 01:25:08 +0000 Subject: [ppml] PIv6 for legacy holders (/w RSA + efficient use) In-Reply-To: Your message of "Mon, 30 Jul 2007 17:01:53 MST." <12CF3748-BEF2-4FAC-A1A2-801634C67084@virtualized.org> References: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com> <46AA8423.5060202@internap.com> <3c3e3fca0707271832y749f09ccw38ddf7b7a4f3d435@mail.gmail.com> <46AAA4C3.3050103@internap.com> <3c3e3fca0707271944v6fca3ccel68547b6067a34a9c@mail.gmail.com> <46AAB480.6020400@internap.com> <6eb799ab0707280622o313680b7gc639fa2bade0fd5f@mail.gmail.com> <46AB6585.7080900@psg.com> <6eb799ab0707281047l71652f57n9f75737c2bef054f@mail.gmail.com> <46AC0DF3.8050902@psg.com> <3c3e3fca0707290212r74d8d8adod8489ab5f9d9d8bf@mail.gmail.com> <46ACB03E.4020208@psg.com> <65115.1185725352@sa.vix.com> <6C350250-4E0A-49B7-A8DE-A2A24335BBD9@virtualized.org> <76042.1185814077@sa.vix.com> <88234.1185818363@sa.vix.com> <0ADD7367-339E-4360-80CD-45DEA230CE87@virtualized.org> <24940.1185829923@sa.vix.com> <12CF3748-BEF2-4FAC-A1A2-801634C67084@virtualized.org> Message-ID: <71643.1185845108@sa.vix.com> > None of this is about destiny or fate or lofty ideals about what is > "Good for the Internet"(tm). It is about what makes business sense. so, no other possible outcomes were studied, you "just like this one"? From randy at psg.com Mon Jul 30 21:30:46 2007 From: randy at psg.com (Randy Bush) Date: Mon, 30 Jul 2007 15:30:46 -1000 Subject: [ppml] PIv6 for legacy holders (/w RSA + efficient use) In-Reply-To: <71643.1185845108@sa.vix.com> References: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com> <46AA8423.5060202@internap.com> <3c3e3fca0707271832y749f09ccw38ddf7b7a4f3d435@mail.gmail.com> <46AAA4C3.3050103@internap.com> <3c3e3fca0707271944v6fca3ccel68547b6067a34a9c@mail.gmail.com> <46AAB480.6020400@internap.com> <6eb799ab0707280622o313680b7gc639fa2bade0fd5f@mail.gmail.com> <46AB6585.7080900@psg.com> <6eb799ab0707281047l71652f57n9f75737c2bef054f@mail.gmail.com> <46AC0DF3.8050902@psg.com> <3c3e3fca0707290212r74d8d8adod8489ab5f9d9d8bf@mail.gmail.com> <46ACB03E.4020208@psg.com> <65115.1185725352@sa.vix.com> <6C350250-4E0A-49B7-A8DE-A2A24335BBD9@virtualized.org> <76042.1185814077@sa.vix.com> <88234.1185818363@sa.vix.com> <0ADD7367-339E-4360-80CD-45DEA230CE87@virtualized.org> <24940.1185829923@sa.vix.com> <12CF3748-BEF2-4FAC-A1A2-801634C67084@virtualized.org> <71643.1185845108@sa.vix.com> Message-ID: <46AE90C6.8060406@psg.com> >> None of this is about destiny or fate or lofty ideals about what is >> "Good for the Internet"(tm). It is about what makes business sense. > so, no other possible outcomes were studied, you "just like this one"? did he say that? what i heard him say was that simple business and economics will drive toward this. made sense to me. randy From paul at vix.com Mon Jul 30 22:22:45 2007 From: paul at vix.com (Paul Vixie) Date: Tue, 31 Jul 2007 02:22:45 +0000 Subject: [ppml] PIv6 for legacy holders (/w RSA + efficient use) In-Reply-To: Your message of "Mon, 30 Jul 2007 15:30:46 -1000." <46AE90C6.8060406@psg.com> References: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com> <46AA8423.5060202@internap.com> <3c3e3fca0707271832y749f09ccw38ddf7b7a4f3d435@mail.gmail.com> <46AAA4C3.3050103@internap.com> <3c3e3fca0707271944v6fca3ccel68547b6067a34a9c@mail.gmail.com> <46AAB480.6020400@internap.com> <6eb799ab0707280622o313680b7gc639fa2bade0fd5f@mail.gmail.com> <46AB6585.7080900@psg.com> <6eb799ab0707281047l71652f57n9f75737c2bef054f@mail.gmail.com> <46AC0DF3.8050902@psg.com> <3c3e3fca0707290212r74d8d8adod8489ab5f9d9d8bf@mail.gmail.com> <46ACB03E.4020208@psg.com> <65115.1185725352@sa.vix.com> <6C350250-4E0A-49B7-A8DE-A2A24335BBD9@virtualized.org> <76042.1185814077@sa.vix.com> <88234.1185818363@sa.vix.com> <0ADD7367-339E-4360-80CD-45DEA230CE87@virtualized.org> <24940.1185829923@sa.vix.com> <12CF3748-BEF2-4FAC-A1A2-801634C67084@virtualized.org> <71643.1185845108@sa.vix.com> <46AE90C6.8060406@psg.com> Message-ID: <83945.1185848565@sa.vix.com> > > so, no other possible outcomes were studied, you "just like this one"? > > did he say that? what i heard him say was that simple business and > economics will drive toward this. made sense to me. i'd like to know what makes this alternative the most likely. if someone who holds the "markets are efficient and inevitable so just relax" view can show how that view is falsifiable, i'm listening. From drc at virtualized.org Mon Jul 30 23:03:24 2007 From: drc at virtualized.org (David Conrad) Date: Mon, 30 Jul 2007 20:03:24 -0700 Subject: [ppml] PIv6 for legacy holders (/w RSA + efficient use) In-Reply-To: <71643.1185845108@sa.vix.com> References: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com> <46AA8423.5060202@internap.com> <3c3e3fca0707271832y749f09ccw38ddf7b7a4f3d435@mail.gmail.com> <46AAA4C3.3050103@internap.com> <3c3e3fca0707271944v6fca3ccel68547b6067a34a9c@mail.gmail.com> <46AAB480.6020400@internap.com> <6eb799ab0707280622o313680b7gc639fa2bade0fd5f@mail.gmail.com> <46AB6585.7080900@psg.com> <6eb799ab0707281047l71652f57n9f75737c2bef054f@mail.gmail.com> <46AC0DF3.8050902@psg.com> <3c3e3fca0707290212r74d8d8adod8489ab5f9d9d8bf@mail.gmail.com> <46ACB03E.4020208@psg.com> <65115.1185725352@sa.vix.com> <6C350250-4E0A-49B7-A8DE-A2A24335BBD9@virtualized.org> <76042.1185814077@sa.vix.com> <88234.1185818363@sa.vix.com> <0ADD7367-339E-4360-80CD-45DEA230CE87@virtualized.org> <24940.1185829923@sa.vix.com> <12CF3748-BEF2-4FAC-A1A2-801634C67084@virtualized.org> <71643.1185845108@sa.vix.com> Message-ID: <60C77950-A4D0-4360-B64C-D65400A3B3A5@virtualized.org> On Jul 30, 2007, at 6:25 PM, Paul Vixie wrote: >> None of this is about destiny or fate or lofty ideals about what is >> "Good for the Internet"(tm). It is about what makes business sense. > > so, no other possible outcomes were studied, you "just like this one"? ? We appear to be talking past each other. I never said this is an outcome I particularly like (quite the opposite, really), it just seems to be the most likely one given the situation we're put ourselves in. I'd be interested to see what you think the most likely outcome of the current situation is. Rgds, -drc From randy at psg.com Tue Jul 31 00:39:47 2007 From: randy at psg.com (Randy Bush) Date: Mon, 30 Jul 2007 18:39:47 -1000 Subject: [ppml] PIv6 for legacy holders (/w RSA + efficient use) In-Reply-To: <83945.1185848565@sa.vix.com> References: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com> <46AA8423.5060202@internap.com> <3c3e3fca0707271832y749f09ccw38ddf7b7a4f3d435@mail.gmail.com> <46AAA4C3.3050103@internap.com> <3c3e3fca0707271944v6fca3ccel68547b6067a34a9c@mail.gmail.com> <46AAB480.6020400@internap.com> <6eb799ab0707280622o313680b7gc639fa2bade0fd5f@mail.gmail.com> <46AB6585.7080900@psg.com> <6eb799ab0707281047l71652f57n9f75737c2bef054f@mail.gmail.com> <46AC0DF3.8050902@psg.com> <3c3e3fca0707290212r74d8d8adod8489ab5f9d9d8bf@mail.gmail.com> <46ACB03E.4020208@psg.com> <65115.1185725352@sa.vix.com> <6C350250-4E0A-49B7-A8DE-A2A24335BBD9@virtualized.org> <76042.1185814077@sa.vix.com> <88234.1185818363@sa.vix.com> <0ADD7367-339E-4360-80CD-45DEA230CE87@virtualized.org> <24940.1185829923@sa.vix.com> <12CF3748-BEF2-4FAC-A1A2-801634C67084@virtualized.org> <71643.1185845108@sa.vix.com> <46AE90C6.8060406@psg.com> <83945.1185848565@sa.vix.com> Message-ID: <46AEBD13.1080105@psg.com> Paul Vixie wrote: >>> so, no other possible outcomes were studied, you "just like this >>> one"? >> did he say that? what i heard him say was that simple business and >> economics will drive toward this. made sense to me. > i'd like to know what makes this alternative the most likely. you may want to read drc's mail > if someone who holds the "markets are efficient and inevitable so > just relax" view can show how that view is falsifiable, i'm > listening. i am not sure anyone but you has been talking about market efficiency. market reality, maybe. and nothing is inevitable. well, death and taxes, i guess. but, unless we change the perceived costs to the enterprises, services, and large last mile isps, what drc, i, and others have been describing is indeed the most likely outcome, whether we like it or not. the underlying problem is that the decisions will be made by people counting beans, not rosaries. ever since the dot bomb, it's been all about this quarter's net, not what's right for the internet (as if it ever really was). right now, in most cases v4 and v4 nat look a lot cheaper to new deployments and expansions than v6 with v6/v4 nat (alain has a good counterexample, but it involves really massive scale). this is because v4 kit is a known reliable quantity, cheap, and with no compatibility issues with the rest of today's internet. it's a no-brainer. the fun question is how expensive will the street price for a /24 or /19 or whatever of ipv4 space have to be to make folk perceive that the next quarter costs of using ipv6 internally are less? and note that the perceived ipv6 cost has a high risk add-on, as it is not clear that all the pieces of the puzzle are there for non-trivial cases (we should do something about this). randy From paul at vix.com Tue Jul 31 00:51:58 2007 From: paul at vix.com (Paul Vixie) Date: Tue, 31 Jul 2007 04:51:58 +0000 Subject: [ppml] PIv6 for legacy holders (/w RSA + efficient use) In-Reply-To: Your message of "Mon, 30 Jul 2007 20:03:24 MST." <60C77950-A4D0-4360-B64C-D65400A3B3A5@virtualized.org> References: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com> <46AA8423.5060202@internap.com> <3c3e3fca0707271832y749f09ccw38ddf7b7a4f3d435@mail.gmail.com> <46AAA4C3.3050103@internap.com> <3c3e3fca0707271944v6fca3ccel68547b6067a34a9c@mail.gmail.com> <46AAB480.6020400@internap.com> <6eb799ab0707280622o313680b7gc639fa2bade0fd5f@mail.gmail.com> <46AB6585.7080900@psg.com> <6eb799ab0707281047l71652f57n9f75737c2bef054f@mail.gmail.com> <46AC0DF3.8050902@psg.com> <3c3e3fca0707290212r74d8d8adod8489ab5f9d9d8bf@mail.gmail.com> <46ACB03E.4020208@psg.com> <65115.1185725352@sa.vix.com> <6C350250-4E0A-49B7-A8DE-A2A24335BBD9@virtualized.org> <76042.1185814077@sa.vix.com> <88234.1185818363@sa.vix.com> <0ADD7367-339E-4360-80CD-45DEA230CE87@virtualized.org> <24940.1185829923@sa.vix.com> <12CF3748-BEF2-4FAC-A1A2-801634C67084@virtualized.org> <71643.1185845108@sa.vix.com> <60C77950-A4D0-4360-B64C-D65400A3B3A5@virtualized.org> Message-ID: <15680.1185857518@sa.vix.com> > We appear to be talking past each other. I never said this is an outcome I > particularly like (quite the opposite, really), it just seems to be the most > likely one given the situation we're put ourselves in. to the extent that you're talking as if none of us has any choice as to the outcome, the word i've been using, "fatalistic", is dictionary perfect. > I'd be interested to see what you think the most likely outcome of > the current situation is. you mean, if good men do nothing? i have no answer to that, at this stage, since i still hope that something can be done to accelerate the transition from V4 to V6, such that some of the /8's held by IANA might never be filled. to say that human nature preordains a period of scarcity before the new kind of IP addresses start being relevant, goes beyond me, at this stage. to say that a market would lead to efficient utilization of either routing table slots (vs. subdivision) or space (vs. a futures market), and will serve humanity as well as a market in pork bellies or google shares, goes beyond me, at this stage. but i'm not going to turn the question back on you and say, why are you so fatalistic. a lot of people have said that a market is inevitable and a lot of people have said that a market would be efficient. so we've all clearly had a chance to "hear it somewhere." maybe it's the kind of thing where if enough people believe it, it would be the default result. maybe most folks here aren't going to consider the roads not taken, why-are-we-doing-this, what-were-the-alternatives, or why-didn't-we-choose-a-different-one. that's not my way. i want to know those things. ("where are we going and why are we in this handbasket?", as suz would say.) instead, here's a rim shot: what's your preferred outcome? never mind why you consider it unlikely and not worth working toward. just, what is it? From arin-contact at dirtside.com Tue Jul 31 00:52:58 2007 From: arin-contact at dirtside.com (William Herrin) Date: Tue, 31 Jul 2007 00:52:58 -0400 Subject: [ppml] PIv6 for legacy holders (/w RSA + efficient use) In-Reply-To: <83945.1185848565@sa.vix.com> References: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com> <76042.1185814077@sa.vix.com> <88234.1185818363@sa.vix.com> <0ADD7367-339E-4360-80CD-45DEA230CE87@virtualized.org> <24940.1185829923@sa.vix.com> <12CF3748-BEF2-4FAC-A1A2-801634C67084@virtualized.org> <71643.1185845108@sa.vix.com> <46AE90C6.8060406@psg.com> <83945.1185848565@sa.vix.com> Message-ID: <3c3e3fca0707302152y38cba766oa2066eda41ec3691@mail.gmail.com> On 7/30/07, Paul Vixie wrote: > i'd like to know what makes this alternative the most likely. if someone > who holds the "markets are efficient and inevitable so just relax" view > can show how that view is falsifiable, i'm listening. Paul, If I understand David's argument (and hopefully he'll correct me if I got it wrong) its that IPv4 depletion is more likely to drive IPv4 address space conservation (and hence an explosion of the DFZ table) than it is to drive IPv6 adoption. Business will tend towards this path because the incremental cost of conservation is small and the benefits are immediate while the cost of IPv6 deployment is large and the benefits are remote. The argument would be false if IPv6 could be used as a less-desirable drop-in replacement for IPv4. For example, if IPv4 was Cola and IPv6 was juice, a restaurant could reasonably serve juice after the cola ran out. That doesn't appear to be the case. Until IPv6 reaches some critical mass where the remaining IPv4-only servers can be ignored, the two protocols will lack sufficient equivalence. It would be more like serving animal crackers when the steak ran out. The argument would be false if there was a reason to deploy IPv6 independent of IPv4 depletion. For example, if there was some killer app for which use of IPv6 was a prerequisite. No such app has emerged and I can't imagine what requirement would make such an app unable to use IPv4 instead. Even the peer to peer guys have managed to make their software work through the NAT firewalls. The argument would be false if a sufficiently large subset of the IPv4 community could be enticed to begin paying money for IPv6 regardless of whether they could yet use it. The fact that they're paying for it anyway would motivate them to deploy IPv6, and put pressure on their service and content providers to deploy it as well, independent of IPv4 depletion. For example, if the legacy end-user registrants had a short, well-publicized opportunity to get an IPv6 PI assignment before the window permanently closed, for which they had to pay $500 and then continue paying $100/year... Regards, Bill Herrin -- William D. Herrin herrin at dirtside.com bill at herrin.us 3005 Crane Dr. Web: Falls Church, VA 22042-3004 From randy at psg.com Tue Jul 31 01:24:44 2007 From: randy at psg.com (Randy Bush) Date: Mon, 30 Jul 2007 19:24:44 -1000 Subject: [ppml] PIv6 for legacy holders (/w RSA + efficient use) In-Reply-To: <3c3e3fca0707302152y38cba766oa2066eda41ec3691@mail.gmail.com> References: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com> <76042.1185814077@sa.vix.com> <88234.1185818363@sa.vix.com> <0ADD7367-339E-4360-80CD-45DEA230CE87@virtualized.org> <24940.1185829923@sa.vix.com> <12CF3748-BEF2-4FAC-A1A2-801634C67084@virtualized.org> <71643.1185845108@sa.vix.com> <46AE90C6.8060406@psg.com> <83945.1185848565@sa.vix.com> <3c3e3fca0707302152y38cba766oa2066eda41ec3691@mail.gmail.com> Message-ID: <46AEC79C.9030103@psg.com> brilliantly stated except. it ain't serving animal crackers when the steak runs out. it is serving gasoline when the steak runs out. ipv4 and ipv6 are flat incompatible on the wire. it takes a special digestive system to be able to use them both. and > The argument would be false if a sufficiently large subset of the IPv4 > community could be enticed to begin paying money for IPv6 regardless > of whether they could yet use it. The fact that they're paying for it > anyway would motivate them to deploy IPv6, and put pressure on their > service and content providers to deploy it as well, independent of > IPv4 depletion. For example, if the legacy end-user registrants had a > short, well-publicized opportunity to get an IPv6 PI assignment before > the window permanently closed, for which they had to pay $500 and then > continue paying $100/year... the real question is how much we would have to pay them to use it. stealing from my own foils again ... Why is Japan in Better Shape? o Folk with vision (i.e. Murai) convinced the government that early movement to IPv6 was wise for Japan o Government $upport$ IPv6 research o Government $upport$ IPv6 development by industry, vendors, ? o Government give$ tax incentive$ to enterprises which become v6 compatible randy From christopher.morrow at gmail.com Tue Jul 31 01:36:47 2007 From: christopher.morrow at gmail.com (Christopher Morrow) Date: Tue, 31 Jul 2007 01:36:47 -0400 Subject: [ppml] PIv6 for legacy holders (/w RSA + efficient use) In-Reply-To: <7319.1185771440@sa.vix.com> References: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com> <6eb799ab0707281047l71652f57n9f75737c2bef054f@mail.gmail.com> <46AC0DF3.8050902@psg.com> <3c3e3fca0707290212r74d8d8adod8489ab5f9d9d8bf@mail.gmail.com> <46ACB03E.4020208@psg.com> <65115.1185725352@sa.vix.com> <46AD3623.6070309@psg.com> <82295.1185764561@sa.vix.com> <46AD6152.4060501@psg.com> <7319.1185771440@sa.vix.com> Message-ID: <75cb24520707302236i3704d981u74769af716207406@mail.gmail.com> On 7/30/07, Paul Vixie wrote: > "we're not going to win this with torpedoes, chief." but lay it on me anyway. I also liked randy's preso (though I didn't see him give it, I just read it) but one thing that strikes me is that the arin/ripe/apnic/RIR folks/members in general are positioned to see the coming issues, so this is sort of preaching to the choir. I'm interested in how the rest of the world NOT on 'ppml' (substitute ripe/apnic/RIR-mailing-lists) are looking at this problem space. As near as I can tell most of them mostly aren't... It'll be an interesting coming few years :) -Chris From arin-contact at dirtside.com Tue Jul 31 02:36:14 2007 From: arin-contact at dirtside.com (William Herrin) Date: Tue, 31 Jul 2007 02:36:14 -0400 Subject: [ppml] PIv6 for legacy holders (/w RSA + efficient use) In-Reply-To: <46AEC79C.9030103@psg.com> References: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com> <88234.1185818363@sa.vix.com> <0ADD7367-339E-4360-80CD-45DEA230CE87@virtualized.org> <24940.1185829923@sa.vix.com> <12CF3748-BEF2-4FAC-A1A2-801634C67084@virtualized.org> <71643.1185845108@sa.vix.com> <46AE90C6.8060406@psg.com> <83945.1185848565@sa.vix.com> <3c3e3fca0707302152y38cba766oa2066eda41ec3691@mail.gmail.com> <46AEC79C.9030103@psg.com> Message-ID: <3c3e3fca0707302336w357fcda7od944fae04810d645@mail.gmail.com> On 7/31/07, Randy Bush wrote: > > > For example, if the legacy end-user registrants had a > > short, well-publicized opportunity to get an IPv6 PI assignment before > > the window permanently closed, for which they had to pay $500 and then > > continue paying $100/year... > > the real question is how much we would have to pay them to use it. Then you wouldn't object if the folks who are willing to pay you (instead of you paying them) got some IPv6 PI space from ARIN and started pressuring their service providers to connect it? Regards, Bill Herrin -- William D. Herrin herrin at dirtside.com bill at herrin.us 3005 Crane Dr. Web: Falls Church, VA 22042-3004 From randy at psg.com Tue Jul 31 04:11:08 2007 From: randy at psg.com (Randy Bush) Date: Mon, 30 Jul 2007 22:11:08 -1000 Subject: [ppml] PIv6 for legacy holders (/w RSA + efficient use) In-Reply-To: <3c3e3fca0707302336w357fcda7od944fae04810d645@mail.gmail.com> References: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com> <88234.1185818363@sa.vix.com> <0ADD7367-339E-4360-80CD-45DEA230CE87@virtualized.org> <24940.1185829923@sa.vix.com> <12CF3748-BEF2-4FAC-A1A2-801634C67084@virtualized.org> <71643.1185845108@sa.vix.com> <46AE90C6.8060406@psg.com> <83945.1185848565@sa.vix.com> <3c3e3fca0707302152y38cba766oa2066eda41ec3691@mail.gmail.com> <46AEC79C.9030103@psg.com> <3c3e3fca0707302336w357fcda7od944fae04810d645@mail.gmail.com> Message-ID: <46AEEE9C.8040606@psg.com> >>> For example, if the legacy end-user registrants had a short, >>> well-publicized opportunity to get an IPv6 PI assignment before >>> the window permanently closed, for which they had to pay $500 and >>> then continue paying $100/year... >> the real question is how much we would have to pay them to use it. > Then you wouldn't object if the folks who are willing to pay you > (instead of you paying them) got some IPv6 PI space from ARIN and > started pressuring their service providers to connect it? i have no problem with folk getting ipv6 space and looking for a transit provider. we were the first provider in the world to offer it. smirk. but you deleted the core of my point. where ipv6 is actually gaining some deployment, japan, korea, china, ... it has been heavily subsidized. to date, this looks to have been the only way to get folk making rational, albeit short term, business decisions to get on the v6 train. randy From michael.dillon at bt.com Tue Jul 31 05:20:01 2007 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Tue, 31 Jul 2007 10:20:01 +0100 Subject: [ppml] Policy Proposal 2007-15: Authentication ofLegacyResources In-Reply-To: <55837.1185840020@sa.vix.com> References: <37cda1eb1928474286eeec7df8d49710@mail.dessus.com><3C69ED5C-B54C-4ACD-9FF5-9CC4DD054525@virtualized.org><40978.1185834481@sa.vix.com> <55837.1185840020@sa.vix.com> Message-ID: > we're not talking about limited resources, we're talking > about dead-end resources. last of the mohicans resources. > more fresh water will come out of a spring or melt out of > snow (for now, anyway), and so rationing works because > there's both a present allocation and a future supply to be > considered. ipv4 has no future supply, only future zero-sum. Let's cut the talk about water rationing because we are not dealing with a water shortage. We are dealing with a pear juice shortage due to pear tree blight which is killing the pear orchards that we depend on. Pear tree blight has been with us almost as long as we have been drinking pear juice, but fortunately, in the next valley over, there is a steady supply of apple juice for those people willing to pick up and move. And better yet, pear tree blight does not affect apple trees so we have been busy planting apple orchards in our valley. And those apple trees are only a couple of years away from bearing fruit. The question is, do we just let people drink as much pear juice as they want, or do we ration it so that the supply lasts until the apple orchards are in full production of apple juice? > noone should be deploying non-dualstack in this day+age. Why not? IPv4 MPLS networks are perfectly capable of providing native IPv6 services to customers. Any existing service provider has an internal supply of IPv4 addresses needed to grow their MPLS network by simply redeploying IPv4 blocks assigned to customers who are able to transition to IPv6. Not to mention RFC 1918, using non-registered addresses, and trying the class E range. --Michael Dillon From michael.dillon at bt.com Tue Jul 31 05:26:33 2007 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Tue, 31 Jul 2007 10:26:33 +0100 Subject: [ppml] Policy Proposal 2007-15: Authentication ofLegacyResources In-Reply-To: References: <37cda1eb1928474286eeec7df8d49710@mail.dessus.com><3C69ED5C-B54C-4ACD-9FF5-9CC4DD054525@virtualized.org><40978.1185834481@sa.vix.com><55837.1185840020@sa.vix.com> Message-ID: > MIT might discover that maybe they > don't really need 16,777,216 addresses for their 11,000 > students and faculty and begin to sublet portions of that > space. HP might decide they don't actually need the DEC /8 > and start leasing it for additional revenues. The > individuals who thought they might have more than 256 hosts > and thus needed a class B (you know who you are :-)) might > decide to sell (gasp!) their space to the highest bidder. Etc. > > Why do you think this won't happen? Because MIT and HP don't have a very strong ownership claim on those addresses. If they start selling them, they are likely to find themselves on the wrong end of a lawsuit as the large ISPs start feeling the pinch. In addition, if these are private sales then they could find themselves the target of an antitrust investigation. Currently, there is a public allocation process for addresses based on technically justified needs. Anything less than a public sale (open auction like the NYSE) does not seem to have legal justification and certainly, the DoC is unlikely to support anything less than a public sale mechanism. --Michael Dillon From jcurran at istaff.org Tue Jul 31 05:27:34 2007 From: jcurran at istaff.org (John Curran) Date: Tue, 31 Jul 2007 05:27:34 -0400 Subject: [ppml] PIv6 for legacy holders (/w RSA + efficient use) In-Reply-To: <46AEEE9C.8040606@psg.com> References: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com> <88234.1185818363@sa.vix.com> <0ADD7367-339E-4360-80CD-45DEA230CE87@virtualized.org> <24940.1185829923@sa.vix.com> <12CF3748-BEF2-4FAC-A1A2-801634C67084@virtualized.org> <71643.1185845108@sa.vix.com> <46AE90C6.8060406@psg.com> <83945.1185848565@sa.vix.com> <3c3e3fca0707302152y38cba766oa2066eda41ec3691@mail.gmail.com> <46AEC79C.9030103@psg.com> <3c3e3fca0707302336w357fcda7od944fae04810d645@mail.gmail.com> <46AEEE9C.8040606@psg.com> Message-ID: At 10:11 PM -1000 7/30/07, Randy Bush wrote: >to date, this looks to have been the only way to get folk making >rational, albeit short term, business decisions to get on the v6 train. "albeit short term" - This is pure bait, but sake of argument I'll go for it: Randy - Why "short term"? /John From michael.dillon at bt.com Tue Jul 31 05:30:46 2007 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Tue, 31 Jul 2007 10:30:46 +0100 Subject: [ppml] Legacy users and ARIN duties In-Reply-To: <6eb799ab0707301804n5d5e3f2bn172a50cd39c7abf5@mail.gmail.com> References: <6eb799ab0707301804n5d5e3f2bn172a50cd39c7abf5@mail.gmail.com> Message-ID: > Not giving people the addresses they need doesn't really > delay depletion, it accelerates it. That message needs to be communicated loud and clear to the people who depend on IPv4 addresses. Some form of rationing could still be passed as policy, and this would mean that we have a lot less than the 3 year buffer we thought that we had. If rationing starts in 12 months from now, then companies who are not already rolling out IPv6 will have their business damaged. This is a real crisis situation which will cause another reshuffle of the companies in the IP networking industry. Chaos for some, opportunity for others. --Michael Dillon From jcurran at istaff.org Tue Jul 31 06:08:24 2007 From: jcurran at istaff.org (John Curran) Date: Tue, 31 Jul 2007 06:08:24 -0400 Subject: [ppml] Policy Proposal 2007-15: Authentication of LegacyResources In-Reply-To: References: <37cda1eb1928474286eeec7df8d49710@mail.dessus.com> <3C69ED5C-B54C-4ACD-9FF5-9CC4DD054525@virtualized.org> <40978.1185834481@sa.vix.com> <55837.1185840020@sa.vix.com> Message-ID: At 5:58 PM -0700 7/30/07, David Conrad wrote: >The "future supply" of IPv4 is like the "future supply" of land and >will likely be managed the same way (whether or not the RIRs >acknowledge it). ... > >Why do you think this won't happen? Because there are many alternative outcomes? For example, the North American Numbering Plan Administration provides for administration of +1 numbering resources, operating under FCC authority and using industry-developed guidelines from ATIS (*) to provide for equitable distribution of resources. ATIS has had folks from quite a few carriers that work on consensus policies for these issues, and did not fall into a market-is-inevitable situation. If the members want a "rationing"-based resource management approach or a "market"-based resource management approach, then ARIN will need to advocate for such. While the pros & cons of a "rationed" resource approach has been well discussed, it's harder to find actual consensus for how a market is desirable since the standard response has been"it's just inevitable"... /John (*) In fact, in May of last year ATIS released its initial IPv6 Report and Recommendations: which states that IPv6 deployment is inevitable, with deployment schedules set by individual members based on their specific needs. The ATIS IPv6 Task Force includes representatives from AT&T, Bell Canada, BellSouth, Cisco, Ericsson, Juniper Networks, Lucent, Nortel, Qwest and Verizon. From Keith at jcc.com Tue Jul 31 09:58:29 2007 From: Keith at jcc.com (Keith W. Hare) Date: Tue, 31 Jul 2007 09:58:29 -0400 Subject: [ppml] PIv6 for legacy holders (/w RSA + efficient use) Message-ID: > -----Original Message----- > From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On > Behalf Of Randy Bush > Sent: Tuesday, July 31, 2007 12:40 AM > right now, in most cases v4 and v4 nat look a lot cheaper to new > deployments and expansions than v6 with v6/v4 nat (alain has a good > counterexample, but it involves really massive scale). this > is because > v4 kit is a known reliable quantity, cheap, and with no compatibility > issues with the rest of today's internet. it's a no-brainer. One of the IPv6 costs right now is finding equipment that claims to support IPv6. I tend to purchase in quanities of 1 or 2, so I use resellers such as PCConnection and CDW. If I search these sites for IPv6, I find only a couple of things that claim to support IPv6, the most useful of which is an HP network adapter for a printer. To find networking equipment that claims to support IPv6, I have to go to Cisco or Juniper or maybe a couple of other vendors. These guys are geared torwards larger customers and don't respond overly quickly to someone who might be interested in one or two of product X sometime in the next year or so. To push IPv6 forward, we have to have enough users with IPv6 addresses to convince the venders there is a market for IPv6 hardware. The only way to do this is to make Provider Independent address space widely available to organizations with only a couple of hundred nodes. This has implications for the size of the routing tables, but without a market pull, IPv6 is not going to happen quickly. Keith ______________________________________________________________ Keith W. Hare JCC Consulting, Inc. keith at jcc.com 600 Newark Road Phone: 740-587-0157 P.O. Box 381 Fax: 740-587-0163 Granville, Ohio 43023 http://www.jcc.com USA ______________________________________________________________ From arin-contact at dirtside.com Tue Jul 31 10:11:32 2007 From: arin-contact at dirtside.com (William Herrin) Date: Tue, 31 Jul 2007 10:11:32 -0400 Subject: [ppml] PIv6 for legacy holders (/w RSA + efficient use) In-Reply-To: <46AEEE9C.8040606@psg.com> References: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com> <24940.1185829923@sa.vix.com> <12CF3748-BEF2-4FAC-A1A2-801634C67084@virtualized.org> <71643.1185845108@sa.vix.com> <46AE90C6.8060406@psg.com> <83945.1185848565@sa.vix.com> <3c3e3fca0707302152y38cba766oa2066eda41ec3691@mail.gmail.com> <46AEC79C.9030103@psg.com> <3c3e3fca0707302336w357fcda7od944fae04810d645@mail.gmail.com> <46AEEE9C.8040606@psg.com> Message-ID: <3c3e3fca0707310711o219346f5ia4a8141a6081faf8@mail.gmail.com> On 7/31/07, Randy Bush wrote: > but you deleted the core of my point. where ipv6 is actually gaining > some deployment, japan, korea, china, ... it has been heavily subsidized. > > to date, this looks to have been the only way to get folk making > rational, albeit short term, business decisions to get on the v6 train. I don't like your odds. I'm not saying you shouldn't try to achieve this, but I don't like your odds. I'd recommend targeting particular US states instead of the federal government. Perhaps California, New York and Maryland. I don't see the Democratic Congress agreeing with the current President on any sort of incentive program. With the Democrats recasting themselves as the party of fiscal responsibility, I don't like the prospects for federal sponsorship in the next administration either. Besides, by pushing too early, too hard with a mandate to deploy IPv6 inside the Federal government, we've lost support from the bureaucracy. The pushback was growing even when I was there. Www.doc.gov and www.whitehouse.gov still don't offer an IPv6 address in response to a AAAA query. > i have no problem with folk getting ipv6 space and looking for a transit > provider. we were the first provider in the world to offer it. smirk. Then you'll support Scott's "PIv6 for legacy holders with RSA and efficient use" proposal? I'd sure like to get my network online with IPv6 but the PA space you'd provide my multihomed network doesn't really do me any good. Regards, Bill Herrin -- William D. Herrin herrin at dirtside.com bill at herrin.us 3005 Crane Dr. Web: Falls Church, VA 22042-3004 From paul at vix.com Tue Jul 31 11:29:23 2007 From: paul at vix.com (Paul Vixie) Date: Tue, 31 Jul 2007 15:29:23 +0000 Subject: [ppml] Policy Proposal 2007-15: Authentication ofLegacyResources In-Reply-To: Your message of "Tue, 31 Jul 2007 10:20:01 +0100." References: <37cda1eb1928474286eeec7df8d49710@mail.dessus.com><3C69ED5C-B54C-4ACD-9FF5-9CC4DD054525@virtualized.org><40978.1185834481@sa.vix.com> <55837.1185840020@sa.vix.com> Message-ID: <73251.1185895763@sa.vix.com> > The question is, do we just let people drink as much pear juice as they > want, or do we ration it so that the supply lasts until the apple orchards > are in full production of apple juice? so, to get this thread back on track, is there policy work here? conrad's soft landing proposal was a form of rationing. are there others? can they get written up and put into the PDP so that we can all discuss them in ABQ? (note that in my role as an arin trustee, i'm asked to ponder the fiduciary impact of a policies that come up through the PDP, but i am never asked whether i actually like a policy or not, and that's as it should be. so, i am not speaking as a trustee on this thread, because as a trustee, there would be nothing to say, at this stage.) > > noone should be deploying non-dualstack in this day+age. > > Why not? IPv4 MPLS networks are perfectly capable of providing native IPv6 > services to customers. Any existing service provider has an internal supply > of IPv4 addresses needed to grow their MPLS network by simply redeploying > IPv4 blocks assigned to customers who are able to transition to IPv6. that's a lifeboat scenario, policy-wise. let's not try to reason from such corner cases, they aren't illustrative. > Not to mention RFC 1918, using non-registered addresses, and trying the > class E range. none of those would come from ARIN, as things stand today, and so there's no policy work to be done on them. in general terms, no new IPv4-only networks should be built using public resources. finishing builds now in process is understood. corner cases like the IPv4 MPLS example given above would be understood. but a new build of core or other infrastructure, begun after August 1, 2007, ought to include IPv6. as a trustee i've learned that it's better that i don't author policy proposals, but i hope someone within the sound of my voice will take this one as their own and push it. From jordi.palet at consulintel.es Tue Jul 31 12:14:11 2007 From: jordi.palet at consulintel.es (JORDI PALET MARTINEZ) Date: Tue, 31 Jul 2007 12:14:11 -0400 Subject: [ppml] PIv6 for legacy holders (/w RSA + efficient use) In-Reply-To: Message-ID: You have many other router (and other) vendors that support IPv6 with low and very low cost boxes. Look at http://www.ipv6-to-standard.org and type router at free search. Also you can find news about specific products at http://www.ipv6tf.org/index.php?page=news/newsroom. In addition to that, for many low cost boxes, running Linux or similar, there are several open source IPv6-enabled versions. Regards, Jordi > De: "Keith W. Hare" > Responder a: > Fecha: Tue, 31 Jul 2007 09:58:29 -0400 > Para: > Asunto: Re: [ppml] PIv6 for legacy holders (/w RSA + efficient use) > > > >> -----Original Message----- >> From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On >> Behalf Of Randy Bush >> Sent: Tuesday, July 31, 2007 12:40 AM > >> right now, in most cases v4 and v4 nat look a lot cheaper to new >> deployments and expansions than v6 with v6/v4 nat (alain has a good >> counterexample, but it involves really massive scale). this >> is because >> v4 kit is a known reliable quantity, cheap, and with no compatibility >> issues with the rest of today's internet. it's a no-brainer. > > One of the IPv6 costs right now is finding equipment that claims to > support IPv6. I tend to purchase in quanities of 1 or 2, so I use > resellers such as PCConnection and CDW. If I search these sites for > IPv6, I find only a couple of things that claim to support IPv6, the > most useful of which is an HP network adapter for a printer. > > To find networking equipment that claims to support IPv6, I have to go > to Cisco or Juniper or maybe a couple of other vendors. These guys are > geared torwards larger customers and don't respond overly quickly to > someone who might be interested in one or two of product X sometime in > the next year or so. > > To push IPv6 forward, we have to have enough users with IPv6 addresses > to convince the venders there is a market for IPv6 hardware. The only > way to do this is to make Provider Independent address space widely > available to organizations with only a couple of hundred nodes. This > has implications for the size of the routing tables, but without a > market pull, IPv6 is not going to happen quickly. > > Keith > > > ______________________________________________________________ > > Keith W. Hare JCC Consulting, Inc. > keith at jcc.com 600 Newark Road > Phone: 740-587-0157 P.O. Box 381 > Fax: 740-587-0163 Granville, Ohio 43023 > http://www.jcc.com USA > ______________________________________________________________ > > > _______________________________________________ > This message sent to you through the ARIN Public Policy Mailing List > (PPML at arin.net). > Manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml ********************************************** The IPv6 Portal: http://www.ipv6tf.org Bye 6Bone. Hi, IPv6 ! http://www.ipv6day.org This electronic message contains information which may be privileged or confidential. The information is intended to be for the use of the individual(s) named above. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, including attached files, is prohibited. From arin-contact at dirtside.com Tue Jul 31 12:21:10 2007 From: arin-contact at dirtside.com (William Herrin) Date: Tue, 31 Jul 2007 12:21:10 -0400 Subject: [ppml] PIv6 for legacy holders (/w RSA + efficient use) In-Reply-To: <46AEEE9C.8040606@psg.com> References: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com> <24940.1185829923@sa.vix.com> <12CF3748-BEF2-4FAC-A1A2-801634C67084@virtualized.org> <71643.1185845108@sa.vix.com> <46AE90C6.8060406@psg.com> <83945.1185848565@sa.vix.com> <3c3e3fca0707302152y38cba766oa2066eda41ec3691@mail.gmail.com> <46AEC79C.9030103@psg.com> <3c3e3fca0707302336w357fcda7od944fae04810d645@mail.gmail.com> <46AEEE9C.8040606@psg.com> Message-ID: <3c3e3fca0707310921k3449a4dfha6c7a7e7e7adf707@mail.gmail.com> On 7/31/07, Randy Bush wrote: > but you deleted the core of my point. where ipv6 is actually gaining > some deployment, japan, korea, china, ... it has been heavily subsidized. > > to date, this looks to have been the only way to get folk making > rational, albeit short term, business decisions to get on the v6 train. I don't like your odds. I'm not saying you shouldn't try to this approach, but I don't like your odds. I'd recommend targeting particular US states instead of the federal government. Perhaps California, New York and Maryland. I don't see the Democratic Congress agreeing with the current President on any sort of incentive program. With the Democrats recasting themselves as the party of fiscal responsibility, I don't like the prospects for federal sponsorship in the next administration either. Besides, by pushing too early, too hard with a mandate to deploy IPv6 inside the Federal government, we've lost support from the bureaucracy. The pushback was growing even when I was there. Www.doc.gov and www.whitehouse.gov still don't offer an IPv6 address in response to a AAAA query. > i have no problem with folk getting ipv6 space and looking for a transit > provider. we were the first provider in the world to offer it. smirk. Then you'll support Scott's "PIv6 for legacy holders with RSA and efficient use" proposal? I'd sure like to get my network online with IPv6 but the PA space you'd provide my multihomed network doesn't really do me any good. Regards, Bill Herrin -- William D. Herrin herrin at dirtside.com bill at herrin.us 3005 Crane Dr. Web: Falls Church, VA 22042-3004 From Keith at jcc.com Tue Jul 31 12:35:23 2007 From: Keith at jcc.com (Keith W. Hare) Date: Tue, 31 Jul 2007 12:35:23 -0400 Subject: [ppml] PIv6 for legacy holders (/w RSA + efficient use) Message-ID: <6fcbbb61b64ba3ee1f8bb0046c5595d546af64d4@jcc.com> > -----Original Message----- > From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net] On > Behalf Of JORDI PALET MARTINEZ > Sent: Tuesday, July 31, 2007 12:14 PM > To: ppml at arin.net > Subject: Re: [ppml] PIv6 for legacy holders (/w RSA + efficient use) > > You have many other router (and other) vendors that support > IPv6 with low > and very low cost boxes. > > Look at http://www.ipv6-to-standard.org and type router at > free search. Also > you can find news about specific products at > http://www.ipv6tf.org/index.php?page=news/newsroom. > > In addition to that, for many low cost boxes, running Linux > or similar, > there are several open source IPv6-enabled versions. > Maybe, but they are keeping it a secret. For example, if I look at http://www.ipv6-to-standard.org, I find that D-Link has a: DI-524D is an 802.11 b/g wireless router (54Mbps) with 1 WAN and 4 LAN 10/100M full duplex Ethernet ports. This device supports IPv4/IPv6 dual stack and 6to4 tunnel function. Looks good, but if I go to the D-link web site, I can find a DI-524 (not a DI-524D) and the product specifications do not mention IPv6. It looks like product vendors do not yet see IPv6 as an important marketing point. Keith From bonomi at mail.r-bonomi.com Tue Jul 31 13:48:58 2007 From: bonomi at mail.r-bonomi.com (Robert Bonomi) Date: Tue, 31 Jul 2007 12:48:58 -0500 (CDT) Subject: [ppml] Motivating migration to IPv6 Message-ID: <200707311748.l6VHmwqP026867@s25.firmware.com> I'm sure the following idea has to have occured to better minds than mine, but I _cannot_ see what the downside to it is -- Given that: 1) it is policy to 'encourage' migration to IPv6 2) there is a looming shortage of IPv4 addresses available for assignment 3) _At_present_ IPv4 address-space *is* viewed by requestors as 'preferable' to IPv6 space. 4) more than 95% of address-space assignments are to entities for which there is a reasonable expectation they will be making _additional_ address- space requests in the 'not too distant' future. Proposed: A) every IPv4 block assignment includes the assignment of an 'equivalent- size' IPv6 address block ( e.g. assuming '1 IPv4 /32' == '1 IPv6 /64) B) _subsequent_ v4 requests must show the required utilization levels of *both* the allocated IPv4 *and* IPv6 space. With "utilization" of IPv6 space requiring the actual deployment of functional machines in that address-space. C) As the pool of available IPv4 addresses gets smaller, the ratio of the relative size of the IPv6 allocation vs the IPv4 allocation _increases_. For 'revenue' purposes, the 'paired' IPv4 and IPv6 allocations are counted as single block, as long as both are allocated. IF the requestor _returns_ the IPv4 block, they get a significant discount on the IPv6 space for some period of time. (50% off for 5 years, maybe?) If the 'sliding ratio' described in 'C' is anounced well in advance, there is clear self-interest incentive for the larger requestors to start deploying IPv6 promptly. It is obviously easier to 'start small' _now_, than to be forced into 'massive' deployment at a later date. If that 'sliding scale' is based on the (total) quantity of IPv4 space remaining, not on fixed calendar dates, the incentive to "start now" is even greater -- one doesn't know 'how high' the price will be "when we _need_ it" later. Just that it will be much cheaper -then-, if one does the groundwork _now_. ++++ Another possible 'motivator' for IPv6 migration -- tie the requirements for getting _additional_ IPv4 space to the ratio of IPv6 vs IPv4 space that the requestor _already_ has "in verified use". The less IPv6 space they have in use relative to their IPv4 space the *higher* the utilization of the IPv4 space they have to show to get any additional IPv4 space. Again, if this is "scaled" to remaining IPv4 space availability, matters should be 'self-correcting' due to simple market forces. An _absolutely_ effective way of driving migration to IPv6 would be to condition additional IPv4 address-space allocations on the percentage of IPv6 traffic that transits the boundaries of the requestor's network. That requires that not only does the requestor deploy IPv6 internally, but that they _use_ it with external parties as well. Nobody can argue the efectiveness of such an approach; however I suspect there are a number of significant obstacles to actual implementation. As I said at the top of things, I'm sure things like this have already occured to far brighter people than me -- I await, with some trepidation, being shown 'the **** obvious facts' that I have overlooked, that kill such an approach. :) From drc at virtualized.org Tue Jul 31 13:58:37 2007 From: drc at virtualized.org (David Conrad) Date: Tue, 31 Jul 2007 10:58:37 -0700 Subject: [ppml] alternative realities (was PIv6 for legacy holders (/w RSA + efficient use)) In-Reply-To: <83945.1185848565@sa.vix.com> References: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com> <46AA8423.5060202@internap.com> <3c3e3fca0707271832y749f09ccw38ddf7b7a4f3d435@mail.gmail.com> <46AAA4C3.3050103@internap.com> <3c3e3fca0707271944v6fca3ccel68547b6067a34a9c@mail.gmail.com> <46AAB480.6020400@internap.com> <6eb799ab0707280622o313680b7gc639fa2bade0fd5f@mail.gmail.com> <46AB6585.7080900@psg.com> <6eb799ab0707281047l71652f57n9f75737c2bef054f@mail.gmail.com> <46AC0DF3.8050902@psg.com> <3c3e3fca0707290212r74d8d8adod8489ab5f9d9d8bf@mail.gmail.com> <46ACB03E.4020208@psg.com> <65115.1185725352@sa.vix.com> <6C350250-4E0A-49B7-A8DE-A2A24335BBD9@virtualized.org> <76042.1185814077@sa.vix.com> <88234.1185818363@sa.vix.com> <0ADD7367-339E-4360-80CD-45DEA230CE87@virtualized.org> <24940.1185829923@sa.vix.com> <12CF3748-BEF2-4FAC-A1A2-801634C67084@virtualized.org> <71643.1185845108@sa.vix.com> <46AE90C6.8060406@psg.com> <83945.1185848565@sa.vix.com> Message-ID: <1E5A9D35-D086-47BC-A1DD-9BF71577F316@virtualized.org> Paul, On Jul 30, 2007, at 7:22 PM, Paul Vixie wrote: > i'd like to know what makes this alternative the most likely. Roughly, the way I figure it, given: a) there is a demand for that resource (say, people who want to connect to the Internet) b) there is a limited supply of a resource (say, for argument, unused IPv4 addresses) c) there are entities who have more of the resource than they need d) there are entities who are willing to exchange value for that resource e) "traditional" mechanisms to obtain the resource will not work (no more free pool) Then you have a breeding ground for a market (color isn't important here). The situation today, given: 1) IPv6 isn't backwards compatible with IPv4 2) upgrading to IPv6 isn't free 3) there is no killer IPv6 app to drive acceptance 4) the vast majority of content is only available over IPv4 5) RIR policies effectively block the establishment of markets then the vast majority of users have no business incentive to deploy IPv6 and hence no reason to ask your ISP for IPv6 service. Without customer demand for IPv6, it has been empirically shown ISPs do not have incentive to undertake the costs to deploy IPv6. Hence, demand for IPv4 continues unabated, but that demand is met by the registries. Now, fast forward a couple of years. The IPv4 free pool exhausts. What changes? (1) probably won't change (although someone might come up with a "superNAT" that allows for backwards compatibility). (2) will reduce over time, but it will never be free. (3) might happen, but I wouldn't bet the farm on it. (4) will probably change (call me an optimist), but I argue there will be significant content that is not available via IPv6 for the foreseeable future. (5) will become less effective over time as more and more addresses are traded on the black market (I actually expect VCs to jump into the nascent address market: remember that the only reason RIR policies works is because the ISPs abide by those policies. A startup address market company could likely short-circuit this by simply paying the ISPs to look to their registry before looking at the RIR registries). So, I believe demand driven by (4) for IPv4 will continue satisfying (a) above. Looking at the rest of the conditions for the creation of a market: (b) will obviously remain true. (c) is true now (unless you believe MIT needs all 16M addresses they have, etc.) (d) has been demonstrated in the past and I doubt it will go away. (e) will obviously be true. So, from my perspective, it would seem the conditions are ripe for a market. The question then becomes, why wouldn't a market form? I haven't been able to come up with a convincing reason. > if someone > who holds the "markets are efficient and inevitable so just relax" > view > can show how that view is falsifiable, i'm listening. I don't have a strong opinion on whether the markets are efficient. However, given a market already exists, albeit one that is buried under the need to buy/sell companies which hold IP address assets, I'm not sure how you can say they aren't inevitable. And just to be perfectly clear, I don't necessarily consider this a good thing. The creation of the entities known as "domainers" is a perfect example of the risks of market driven economics. However, it isn't clear to me that playing King Canute and demanding the tide not come in is a good stewardship nor a good way to address those risks. Rgds, -drc From randy at psg.com Tue Jul 31 14:05:30 2007 From: randy at psg.com (Randy Bush) Date: Tue, 31 Jul 2007 08:05:30 -1000 Subject: [ppml] PIv6 for legacy holders (/w RSA + efficient use) In-Reply-To: References: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com> <88234.1185818363@sa.vix.com> <0ADD7367-339E-4360-80CD-45DEA230CE87@virtualized.org> <24940.1185829923@sa.vix.com> <12CF3748-BEF2-4FAC-A1A2-801634C67084@virtualized.org> <71643.1185845108@sa.vix.com> <46AE90C6.8060406@psg.com> <83945.1185848565@sa.vix.com> <3c3e3fca0707302152y38cba766oa2066eda41ec3691@mail.gmail.com> <46AEC79C.9030103@psg.com> <3c3e3fca0707302336w357fcda7od944fae04810d645@mail.gmail.com> <46AEEE9C.8040606@psg.com> Message-ID: <46AF79EA.7000000@psg.com> >> to date, this looks to have been the only way to get folk making >> rational, albeit short term, business decisions to get on the v6 train. > "albeit short term" - This is pure bait, but sake of argument I'll go for it: > Randy - Why "short term"? because we live in a next quarter business culture, like it or not. randy From sleibrand at internap.com Tue Jul 31 14:12:55 2007 From: sleibrand at internap.com (Scott Leibrand) Date: Tue, 31 Jul 2007 11:12:55 -0700 Subject: [ppml] Motivating migration to IPv6 In-Reply-To: <200707311748.l6VHmwqP026867@s25.firmware.com> References: <200707311748.l6VHmwqP026867@s25.firmware.com> Message-ID: <46AF7BA7.6090803@internap.com> Robert, What you're describing sounds a lot like an "unfunded mandate" to me. I don't think it's ARIN's job to force its members to deploy IPv6 in order to get more IPv4 space. I would support previous proposals to require applicants for IPv4 space to document their plans for IPv6 deployment, but I don't think ARIN should be requiring applicants to meet binding IPv6 deployment targets. -Scott Robert Bonomi wrote: > I'm sure the following idea has to have occured to better minds than mine, > but I _cannot_ see what the downside to it is -- > > Given that: > 1) it is policy to 'encourage' migration to IPv6 > 2) there is a looming shortage of IPv4 addresses available for assignment > 3) _At_present_ IPv4 address-space *is* viewed by requestors as 'preferable' > to IPv6 space. > 4) more than 95% of address-space assignments are to entities for which there > is a reasonable expectation they will be making _additional_ address- > space requests in the 'not too distant' future. > > Proposed: > A) every IPv4 block assignment includes the assignment of an 'equivalent- > size' IPv6 address block ( e.g. assuming '1 IPv4 /32' == '1 IPv6 /64) > B) _subsequent_ v4 requests must show the required utilization levels of > *both* the allocated IPv4 *and* IPv6 space. With "utilization" of IPv6 > space requiring the actual deployment of functional machines in that > address-space. > C) As the pool of available IPv4 addresses gets smaller, the ratio of the > relative size of the IPv6 allocation vs the IPv4 allocation _increases_. > > For 'revenue' purposes, the 'paired' IPv4 and IPv6 allocations are counted > as single block, as long as both are allocated. IF the requestor _returns_ > the IPv4 block, they get a significant discount on the IPv6 space for some > period of time. (50% off for 5 years, maybe?) > > > If the 'sliding ratio' described in 'C' is anounced well in advance, there > is clear self-interest incentive for the larger requestors to start deploying > IPv6 promptly. It is obviously easier to 'start small' _now_, than to be > forced into 'massive' deployment at a later date. > > If that 'sliding scale' is based on the (total) quantity of IPv4 space > remaining, not on fixed calendar dates, the incentive to "start now" is > even greater -- one doesn't know 'how high' the price will be "when we > _need_ it" later. Just that it will be much cheaper -then-, if one does > the groundwork _now_. > > > ++++ > > Another possible 'motivator' for IPv6 migration -- tie the requirements > for getting _additional_ IPv4 space to the ratio of IPv6 vs IPv4 space > that the requestor _already_ has "in verified use". The less IPv6 space > they have in use relative to their IPv4 space the *higher* the utilization > of the IPv4 space they have to show to get any additional IPv4 space. > > Again, if this is "scaled" to remaining IPv4 space availability, matters > should be 'self-correcting' due to simple market forces. > > > > An _absolutely_ effective way of driving migration to IPv6 would be to > condition additional IPv4 address-space allocations on the percentage > of IPv6 traffic that transits the boundaries of the requestor's network. > That requires that not only does the requestor deploy IPv6 internally, > but that they _use_ it with external parties as well. Nobody can argue > the efectiveness of such an approach; however I suspect there are a number > of significant obstacles to actual implementation. > > > As I said at the top of things, I'm sure things like this have already > occured to far brighter people than me -- I await, with some trepidation, > being shown 'the **** obvious facts' that I have overlooked, that kill > such an approach. :) > > > _______________________________________________ > This message sent to you through the ARIN Public Policy Mailing List > (PPML at arin.net). > Manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml > From mark at mcsnet.ca Tue Jul 31 14:27:24 2007 From: mark at mcsnet.ca (Mark Beland) Date: Tue, 31 Jul 2007 12:27:24 -0600 Subject: [ppml] Motivating migration to IPv6 -> IPV4 deprecation In-Reply-To: <200707311748.l6VHmwqP026867@s25.firmware.com> References: <200707311748.l6VHmwqP026867@s25.firmware.com> Message-ID: <46AF7F0C.6050900@mcsnet.ca> I'd do that and take it a step further, IPV4 deprecation: In tandem with a measure like this, make a press release that after a certain date, "IPV4 will be obsolete" (I'm probably ruffling feathers here by saying this) After said date, Arin will no longer publish or maintain any ipv4 whois information, remove the in-addr.arpa zone. After all, the goal here is to have an ipv6 only global network - right?! (maybe we don't even agree on that objective) Arin can't force people not to use IPV4, but by publicly declaring it 'obsolete', I would surmise that it would create a certain marketing push to entice migration. Make users think that the Internet is going to stop working unless their on IPV6. Of course, this would make more sense if IANA and everyone else did this..... I really don't understand the talk about resource reclamation, legacy or otherwise, we're just delaying the inevitable... I just see us (the internet community as a whole) being stuck running dual ipv4 + ipv6 networks to the detriment of all... Robert Bonomi wrote: > I'm sure the following idea has to have occured to better minds than mine, > but I _cannot_ see what the downside to it is -- > > Given that: > 1) it is policy to 'encourage' migration to IPv6 > 2) there is a looming shortage of IPv4 addresses available for assignment > 3) _At_present_ IPv4 address-space *is* viewed by requestors as 'preferable' > to IPv6 space. > 4) more than 95% of address-space assignments are to entities for which there > is a reasonable expectation they will be making _additional_ address- > space requests in the 'not too distant' future. > > Proposed: > A) every IPv4 block assignment includes the assignment of an 'equivalent- > size' IPv6 address block ( e.g. assuming '1 IPv4 /32' == '1 IPv6 /64) > B) _subsequent_ v4 requests must show the required utilization levels of > *both* the allocated IPv4 *and* IPv6 space. With "utilization" of IPv6 > space requiring the actual deployment of functional machines in that > address-space. > C) As the pool of available IPv4 addresses gets smaller, the ratio of the > relative size of the IPv6 allocation vs the IPv4 allocation _increases_. > > For 'revenue' purposes, the 'paired' IPv4 and IPv6 allocations are counted > as single block, as long as both are allocated. IF the requestor _returns_ > the IPv4 block, they get a significant discount on the IPv6 space for some > period of time. (50% off for 5 years, maybe?) > > > If the 'sliding ratio' described in 'C' is anounced well in advance, there > is clear self-interest incentive for the larger requestors to start deploying > IPv6 promptly. It is obviously easier to 'start small' _now_, than to be > forced into 'massive' deployment at a later date. > > If that 'sliding scale' is based on the (total) quantity of IPv4 space > remaining, not on fixed calendar dates, the incentive to "start now" is > even greater -- one doesn't know 'how high' the price will be "when we > _need_ it" later. Just that it will be much cheaper -then-, if one does > the groundwork _now_. > > > ++++ > > Another possible 'motivator' for IPv6 migration -- tie the requirements > for getting _additional_ IPv4 space to the ratio of IPv6 vs IPv4 space > that the requestor _already_ has "in verified use". The less IPv6 space > they have in use relative to their IPv4 space the *higher* the utilization > of the IPv4 space they have to show to get any additional IPv4 space. > > Again, if this is "scaled" to remaining IPv4 space availability, matters > should be 'self-correcting' due to simple market forces. > > > > An _absolutely_ effective way of driving migration to IPv6 would be to > condition additional IPv4 address-space allocations on the percentage > of IPv6 traffic that transits the boundaries of the requestor's network. > That requires that not only does the requestor deploy IPv6 internally, > but that they _use_ it with external parties as well. Nobody can argue > the efectiveness of such an approach; however I suspect there are a number > of significant obstacles to actual implementation. > > > As I said at the top of things, I'm sure things like this have already > occured to far brighter people than me -- I await, with some trepidation, > being shown 'the **** obvious facts' that I have overlooked, that kill > such an approach. :) > > > _______________________________________________ > This message sent to you through the ARIN Public Policy Mailing List > (PPML at arin.net). > Manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml > From randy at psg.com Tue Jul 31 14:34:50 2007 From: randy at psg.com (Randy Bush) Date: Tue, 31 Jul 2007 08:34:50 -1000 Subject: [ppml] PIv6 for legacy holders (/w RSA + efficient use) In-Reply-To: References: Message-ID: <46AF80CA.6070802@psg.com> > To push IPv6 forward, we have to have enough users with IPv6 addresses > to convince the venders there is a market for IPv6 hardware. The only > way to do this is to make Provider Independent address space widely > available to organizations with only a couple of hundred nodes. leaps over tall concepts in a single bound, he does! if the users can not deploy without gear, then they can not use the address space, so they can not justify it. if they had the gear today, they would be trying v6 off their dual-stack transit provider today. they are not. the reason is that they do not care. they just want their mtv. giving PI space to anyone who passes on the street corner is not gonna do one bleeding thing for ipv6 other than make a future mess and have folk screaming about those who got space in the big give-away of the 2008-2010 era, just as they scream at legacy holders today. randy From dlw+arin at tellme.com Tue Jul 31 14:42:32 2007 From: dlw+arin at tellme.com (David Williamson) Date: Tue, 31 Jul 2007 11:42:32 -0700 Subject: [ppml] PIv6 for legacy holders (/w RSA + efficient use) In-Reply-To: <46AF80CA.6070802@psg.com> References: <46AF80CA.6070802@psg.com> Message-ID: <20070731184232.GQ20308@shell01.cell.sv2.tellme.com> On Tue, Jul 31, 2007 at 08:34:50AM -1000, Randy Bush wrote: > giving PI space to anyone who passes on the street corner is not gonna > do one bleeding thing for ipv6 other than make a future mess and have > folk screaming about those who got space in the big give-away of the > 2008-2010 era, just as they scream at legacy holders today. While I generally agree, there is one subtle difference between a hypothetical IPv6 giveaway and the legacy IPv4 space: current IPv6 recipients will only receive such space from an RIR, and presumably will have signed an RSA in order to do so. That doesn't change the argument much, but it might be an important difference at some future time. -David From arin-contact at dirtside.com Tue Jul 31 14:44:55 2007 From: arin-contact at dirtside.com (William Herrin) Date: Tue, 31 Jul 2007 14:44:55 -0400 Subject: [ppml] PIv6 for legacy holders (/w RSA + efficient use) In-Reply-To: <46AF80CA.6070802@psg.com> References: <46AF80CA.6070802@psg.com> Message-ID: <3c3e3fca0707311144v63f75b84u1500721693ddf62a@mail.gmail.com> On 7/31/07, Randy Bush wrote: > giving PI space to anyone who passes on the street corner is not gonna > do one bleeding thing for ipv6 other than make a future mess and have > folk screaming about those who got space in the big give-away of the > 2008-2010 era, just as they scream at legacy holders today. Randy, I respectfully disagree. Given that folks who receive IPv6 PI space have to pay for it and have to continue paying for it year after year regardless of whether they use it, selling it to them does at least one bleeding thing: it creates customers who are motivated to select dual stack vendors in preference to IPv4-only vendors. Regards, Bill Herrin -- William D. Herrin herrin at dirtside.com bill at herrin.us 3005 Crane Dr. Web: Falls Church, VA 22042-3004 From randy at psg.com Tue Jul 31 14:50:21 2007 From: randy at psg.com (Randy Bush) Date: Tue, 31 Jul 2007 08:50:21 -1000 Subject: [ppml] PIv6 for legacy holders (/w RSA + efficient use) In-Reply-To: <3c3e3fca0707310711o219346f5ia4a8141a6081faf8@mail.gmail.com> References: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com> <24940.1185829923@sa.vix.com> <12CF3748-BEF2-4FAC-A1A2-801634C67084@virtualized.org> <71643.1185845108@sa.vix.com> <46AE90C6.8060406@psg.com> <83945.1185848565@sa.vix.com> <3c3e3fca0707302152y38cba766oa2066eda41ec3691@mail.gmail.com> <46AEC79C.9030103@psg.com> <3c3e3fca0707302336w357fcda7od944fae04810d645@mail.gmail.com> <46AEEE9C.8040606@psg.com> <3c3e3fca0707310711o219346f5ia4a8141a6081faf8@mail.gmail.com> Message-ID: <46AF846D.3030104@psg.com> >> but you deleted the core of my point. where ipv6 is actually >> gaining some deployment, japan, korea, china, ... it has been >> heavily subsidized. to date, this looks to have been the only way >> to get folk making rational, albeit short term, business decisions >> to get on the v6 train. > I don't like your odds. I'm not saying you shouldn't try to achieve > this, but I don't like your odds. oh, i assure you that i do not like them any more than you do. but i have been in the biz for a while, and kinda found that admitting and dealing with the disgusting crass reality gets me more progress than pretending it's a more ideal world than it is. and i really assure you that govt subsidies are not my cup of tea. but i gotta look at what has actually worked. (note that giving large v6 space with purchase of a liter of petrol was tried in asia and failed to do anything). > I'd recommend targeting particular US states instead of the federal > government. i have no ideas on how. way above my pay grade. > by pushing too early, too hard with a mandate to deploy IPv6 inside > the Federal government, we've lost support from the bureaucracy. i have wondered and worried about this. the gossip i get is that the initiative is still moving forward, though maybe not as fast as we might like, and more strongly in the military than the civilian areas. but i am as far from dc as one can get in america, geographically and emotionally. >> i have no problem with folk getting ipv6 space and looking for a >> transit provider. we were the first provider in the world to offer >> it. smirk. > Then you'll support Scott's "PIv6 for legacy holders with RSA and > efficient use" proposal? dunno how you made this leap to pi, legacy, ... > I'd sure like to get my network online with IPv6 but the PA space > you'd provide my multihomed network doesn't really do me any good. hmmm. please explain why pa space from one provider announced to both upstreams will not work? is it some hidden deficiency in the ipv6 architecture that is not present in ipv4? 'cause it sure works in ipv4. my experience in the seemingly same pi/pa debates of the early '90s has not set me up to think that pi space will do anything useful and will only make a mess in the long run. somehow "i want" is transformed into "i need" is transformed into "ipv6 can not be used without." the problem with ipv6 deployment is its perceived costs and lack of kit. pouring sugar on a stinksys dsl cpe will not make it speak v6. randy From owen at delong.com Tue Jul 31 15:11:42 2007 From: owen at delong.com (Owen DeLong) Date: Tue, 31 Jul 2007 12:11:42 -0700 Subject: [ppml] Motivating migration to IPv6 In-Reply-To: <200707311748.l6VHmwqP026867@s25.firmware.com> References: <200707311748.l6VHmwqP026867@s25.firmware.com> Message-ID: On Jul 31, 2007, at 10:48 AM, Robert Bonomi wrote: > > I'm sure the following idea has to have occured to better minds > than mine, > but I _cannot_ see what the downside to it is -- > > Given that: > 1) it is policy to 'encourage' migration to IPv6 > 2) there is a looming shortage of IPv4 addresses available for > assignment > 3) _At_present_ IPv4 address-space *is* viewed by requestors as > 'preferable' > to IPv6 space. > 4) more than 95% of address-space assignments are to entities for > which there > is a reasonable expectation they will be making _additional_ > address- > space requests in the 'not too distant' future. > > Proposed: > A) every IPv4 block assignment includes the assignment of an > 'equivalent- > size' IPv6 address block ( e.g. assuming '1 IPv4 /32' == '1 > IPv6 /64) Those are not equvalant. 1 IPv4 /32 == 1 host. 1 IPv6 /64 == somewhere between 2 and 2^64 hosts. (Technically, I suppose you could put the router on a /64 by itself, but, that wouldn't be particularly useful in most circumstances) Additionally, as I have repeatedly stated on this list and in other forums, I do not believe there is benefit to the automatic issuance of v6 addresses to parties that have not requested them. I'm all for making it easy to get v6 if you want it, but, force-feeding people IPv6 addresses whether they want them or not is not of benefit to the recipients or the community in general. > B) _subsequent_ v4 requests must show the required utilization > levels of > *both* the allocated IPv4 *and* IPv6 space. With > "utilization" of IPv6 > space requiring the actual deployment of functional machines > in that > address-space. I'm not entirely opposed to this, but, I don't think we could throw that switch right now without causing substantially more pain than is desirable. I would not oppose a policy that created some form of ramp towards this. > C) As the pool of available IPv4 addresses gets smaller, the > ratio of the > relative size of the IPv6 allocation vs the IPv4 allocation > _increases_. > Tying these two things together is absurd. > For 'revenue' purposes, the 'paired' IPv4 and IPv6 allocations are > counted > as single block, as long as both are allocated. IF the requestor > _returns_ > the IPv4 block, they get a significant discount on the IPv6 space > for some > period of time. (50% off for 5 years, maybe?) > I see no reason to encourage the return of the IPv4 block or discourage people from dual-stacking. In fact, I can think of a number of reasons this would not be the desired behavior to encourage. Owen From craig.finseth at state.mn.us Tue Jul 31 15:15:40 2007 From: craig.finseth at state.mn.us (Craig Finseth) Date: Tue, 31 Jul 2007 14:15:40 -0500 Subject: [ppml] Motivating migration to IPv6 In-Reply-To: <200707311748.l6VHmwqP026867@s25.firmware.com> (message from Robert Bonomi on Tue, 31 Jul 2007 12:48:58 -0500 (CDT)) References: <200707311748.l6VHmwqP026867@s25.firmware.com> Message-ID: <200707311915.l6VJFeDp031765@inana.itg.state.mn.us> This is one of the more intelligent proposals that I have seen on this list lately... I'm sure the following idea has to have occured to better minds than mine, but I _cannot_ see what the downside to it is -- ... Proposed: A) every IPv4 block assignment includes the assignment of an 'equivalent- size' IPv6 address block ( e.g. assuming '1 IPv4 /32' == '1 IPv6 /64) B) _subsequent_ v4 requests must show the required utilization levels of *both* the allocated IPv4 *and* IPv6 space. With "utilization" of IPv6 space requiring the actual deployment of functional machines in that address-space. C) As the pool of available IPv4 addresses gets smaller, the ratio of the relative size of the IPv6 allocation vs the IPv4 allocation _increases_. ... Craig A. Finseth craig.finseth at state.mn.us Systems Architect +1 651 201 1011 desk State of Minnesota, Office of Enterprise Technology 658 Cedar Ave +1 651 297 5368 fax St Paul MN 55155 +1 651 297 1111 NOC, for reporting problems From randy at psg.com Tue Jul 31 15:22:34 2007 From: randy at psg.com (Randy Bush) Date: Tue, 31 Jul 2007 09:22:34 -1000 Subject: [ppml] PIv6 for legacy holders (/w RSA + efficient use) In-Reply-To: <20070731184232.GQ20308@shell01.cell.sv2.tellme.com> References: <46AF80CA.6070802@psg.com> <20070731184232.GQ20308@shell01.cell.sv2.tellme.com> Message-ID: <46AF8BFA.4030607@psg.com> >> giving PI space to anyone who passes on the street corner is not gonna >> do one bleeding thing for ipv6 other than make a future mess and have >> folk screaming about those who got space in the big give-away of the >> 2008-2010 era, just as they scream at legacy holders today. > While I generally agree, there is one subtle difference between a > hypothetical IPv6 giveaway and the legacy IPv4 space: current IPv6 > recipients will only receive such space from an RIR, and presumably > will have signed an RSA in order to do so. the ipv4 legacy holders fulfilled all the formalisms of those days. things change over a couple of decades. induce ... randy From owen at delong.com Tue Jul 31 15:22:14 2007 From: owen at delong.com (Owen DeLong) Date: Tue, 31 Jul 2007 12:22:14 -0700 Subject: [ppml] Motivating migration to IPv6 -> IPV4 deprecation In-Reply-To: <46AF7F0C.6050900@mcsnet.ca> References: <200707311748.l6VHmwqP026867@s25.firmware.com> <46AF7F0C.6050900@mcsnet.ca> Message-ID: <37EEB4B2-7556-4547-B914-49D66AC9B3B8@delong.com> On Jul 31, 2007, at 11:27 AM, Mark Beland wrote: > I'd do that and take it a step further, > > IPV4 deprecation: > In tandem with a measure like this, make a press release that after a > certain date, > "IPV4 will be obsolete" (I'm probably ruffling feathers here by saying > this) > After said date, Arin will no longer publish or maintain any ipv4 > whois > information, > remove the in-addr.arpa zone. After all, the goal here is to have an > ipv6 only global > network - right?! (maybe we don't even agree on that objective) > I don't see any reason that is the goal. I think the goal is to have a network which allows generally ubiquitous IPv6 connectivity at least to all devices that need to participate in the "global" internet. I do not think that IPv4 deprecation is something that should be helped along by anything other than market forces and the costs of maintaining it. As IPv6 gains ubiquity, ISPs will want to terminate IPv4 services due to cost. If there is customer demand to keep it running, then, the ISPs will start charging more to cover those costs. This will shrink the customer base for IPv4, causing further price increases for IPv4 services until such time as some form of balance between the demand and the cost is reached. > Arin can't force people not to use IPV4, but by publicly declaring it > 'obsolete', I would surmise > that it would create a certain marketing push to entice migration. > Make > users think that > the Internet is going to stop working unless their on IPV6. > IPv4 deprecation will not encourage IPv6 adoption. In fact, I think that such an announcement from ARIN would merely serve to create an array of competing IPv4 registries to offer "replacement" services. Oh, and, in case you hadn't noticed, ARIN doesn't control in-addr.arpa. They only control several of the third level zones within in-addr.arpa. > Of course, this would make more sense if IANA and everyone else did > this..... > It could only work if IANA did it in terms of deprecating the in- addr.arpa zone. Fortunately, I think the IANA is smarter than this. > I really don't understand the talk about resource reclamation, > legacy or > otherwise, > we're just delaying the inevitable... I just see us (the internet > community as a whole) > being stuck running dual ipv4 + ipv6 networks to the detriment of > all... > As an author and proponent of at least one of the resource reclamation proposals on the table, I can assure you it is not intended to delay the inevitable. There is no intent in the proposal, nor, on my side any belief that it will in any way extend the useful life of IPv4 or increase the IPv4 free pool in a meaningful way. The intent of reclamation proposals, to my knowledge, is to get those blocks which are deprecated marked as such so that they can not be used so easily for abuse. Owen > > > > > > Robert Bonomi wrote: >> I'm sure the following idea has to have occured to better minds >> than mine, >> but I _cannot_ see what the downside to it is -- >> >> Given that: >> 1) it is policy to 'encourage' migration to IPv6 >> 2) there is a looming shortage of IPv4 addresses available for >> assignment >> 3) _At_present_ IPv4 address-space *is* viewed by requestors as >> 'preferable' >> to IPv6 space. >> 4) more than 95% of address-space assignments are to entities >> for which there >> is a reasonable expectation they will be making _additional_ >> address- >> space requests in the 'not too distant' future. >> >> Proposed: >> A) every IPv4 block assignment includes the assignment of an >> 'equivalent- >> size' IPv6 address block ( e.g. assuming '1 IPv4 /32' == '1 >> IPv6 /64) >> B) _subsequent_ v4 requests must show the required utilization >> levels of >> *both* the allocated IPv4 *and* IPv6 space. With >> "utilization" of IPv6 >> space requiring the actual deployment of functional machines >> in that >> address-space. >> C) As the pool of available IPv4 addresses gets smaller, the >> ratio of the >> relative size of the IPv6 allocation vs the IPv4 allocation >> _increases_. >> >> For 'revenue' purposes, the 'paired' IPv4 and IPv6 allocations are >> counted >> as single block, as long as both are allocated. IF the requestor >> _returns_ >> the IPv4 block, they get a significant discount on the IPv6 space >> for some >> period of time. (50% off for 5 years, maybe?) >> >> >> If the 'sliding ratio' described in 'C' is anounced well in >> advance, there >> is clear self-interest incentive for the larger requestors to >> start deploying >> IPv6 promptly. It is obviously easier to 'start small' _now_, >> than to be >> forced into 'massive' deployment at a later date. >> >> If that 'sliding scale' is based on the (total) quantity of IPv4 >> space >> remaining, not on fixed calendar dates, the incentive to "start >> now" is >> even greater -- one doesn't know 'how high' the price will be >> "when we >> _need_ it" later. Just that it will be much cheaper -then-, if >> one does >> the groundwork _now_. >> >> >> ++++ >> >> Another possible 'motivator' for IPv6 migration -- tie the >> requirements >> for getting _additional_ IPv4 space to the ratio of IPv6 vs IPv4 >> space >> that the requestor _already_ has "in verified use". The less IPv6 >> space >> they have in use relative to their IPv4 space the *higher* the >> utilization >> of the IPv4 space they have to show to get any additional IPv4 space. >> >> Again, if this is "scaled" to remaining IPv4 space availability, >> matters >> should be 'self-correcting' due to simple market forces. >> >> >> >> An _absolutely_ effective way of driving migration to IPv6 would >> be to >> condition additional IPv4 address-space allocations on the percentage >> of IPv6 traffic that transits the boundaries of the requestor's >> network. >> That requires that not only does the requestor deploy IPv6 >> internally, >> but that they _use_ it with external parties as well. Nobody can >> argue >> the efectiveness of such an approach; however I suspect there are >> a number >> of significant obstacles to actual implementation. >> >> >> As I said at the top of things, I'm sure things like this have >> already >> occured to far brighter people than me -- I await, with some >> trepidation, >> being shown 'the **** obvious facts' that I have overlooked, that >> kill >> such an approach. :) >> >> >> _______________________________________________ >> This message sent to you through the ARIN Public Policy Mailing List >> (PPML at arin.net). >> Manage your mailing list subscription at: >> http://lists.arin.net/mailman/listinfo/ppml >> > > > _______________________________________________ > This message sent to you through the ARIN Public Policy Mailing List > (PPML at arin.net). > Manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml From sleibrand at internap.com Tue Jul 31 15:27:09 2007 From: sleibrand at internap.com (Scott Leibrand) Date: Tue, 31 Jul 2007 12:27:09 -0700 Subject: [ppml] Motivating migration to IPv6 In-Reply-To: <200707311915.l6VJFeDp031765@inana.itg.state.mn.us> References: <200707311748.l6VHmwqP026867@s25.firmware.com> <200707311915.l6VJFeDp031765@inana.itg.state.mn.us> Message-ID: <46AF8D0D.2090504@internap.com> Craig and Robert, Have you deployed IPv6 across your network yet? If not, could you do so within 6 months? An IPv4 allocation is usually sized for 6 months of growth, so this proposal would require all growing IP networks to deploy IPv6 within 6 months, instead of allowing them to do so over the next few years (between now and when they can no longer grow with IPv4). I don't know about you, but such a mandate would significantly increase our cost of deploying IPv6, for no real benefit. -Scott Craig Finseth wrote: > This is one of the more intelligent proposals that I have seen on this > list lately... > > I'm sure the following idea has to have occured to better minds than mine, > but I _cannot_ see what the downside to it is -- > ... > Proposed: > A) every IPv4 block assignment includes the assignment of an 'equivalent- > size' IPv6 address block ( e.g. assuming '1 IPv4 /32' == '1 IPv6 /64) > B) _subsequent_ v4 requests must show the required utilization levels of > *both* the allocated IPv4 *and* IPv6 space. With "utilization" of IPv6 > space requiring the actual deployment of functional machines in that > address-space. > C) As the pool of available IPv4 addresses gets smaller, the ratio of the > relative size of the IPv6 allocation vs the IPv4 allocation _increases_. > ... > > Craig A. Finseth craig.finseth at state.mn.us > Systems Architect +1 651 201 1011 desk > State of Minnesota, Office of Enterprise Technology > 658 Cedar Ave +1 651 297 5368 fax > St Paul MN 55155 +1 651 297 1111 NOC, for reporting problems > > _______________________________________________ > This message sent to you through the ARIN Public Policy Mailing List > (PPML at arin.net). > Manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/ppml > From briand at ca.afilias.info Tue Jul 31 15:29:51 2007 From: briand at ca.afilias.info (Brian Dickson) Date: Tue, 31 Jul 2007 15:29:51 -0400 Subject: [ppml] Motivating migration to IPv6 In-Reply-To: <200707311915.l6VJFeDp031765@inana.itg.state.mn.us> References: <200707311748.l6VHmwqP026867@s25.firmware.com> <200707311915.l6VJFeDp031765@inana.itg.state.mn.us> Message-ID: <46AF8DAF.1090207@ca.afilias.info> Craig Finseth wrote: > This is one of the more intelligent proposals that I have seen on this > list lately... > > I'm sure the following idea has to have occured to better minds than mine, > but I _cannot_ see what the downside to it is -- > Scalability is the downside. Consider: We have had serious scalability problems on current IPv4 hardware due to the deaggregation and proliferation of IPv4 routes. That is notwithstanding the very limited amount of IPv4 space. Any proposal which duplicates (or worse!) the allocation of IPv6 *quantities* of prefixes, e.g. on the basis of IPv4 prefixes, only dumps this problem, wholesale, into an otherwise pristine IPv6 DFZ. I have been, and continue to be, a proponent of a DFZ which as an absolute minimum number of IPv6 prefixes per ASN. Sizes of PI blocks don't matter, its the *number* of PI blocks that matter. A /64 takes the same number of router slots as a /48 or a /32 or a /96 - that is to say, one router slot per prefix. I am all in favour of giving out exactly one IPv6 block (of PI space) per ASN, sized appropriately (e.g. sufficient for 10-20 year needs at least). It's difficult to make a case that 2^64 of address space (as in, a /64), let alone much larger blocks, *per ASN*, wouldn't be enough, given that we have fewer than 2^34 people on the planet. So, as a favour to us all, *please* don't propose any solutions which require handing out more than *one* PI block to any organization. Two, if they need PI space that won't be part of the DFZ (e.g. as an alternative to ULA-{C|G} allocations). Thank you in advance for considering the DFZ as a whole, as opposed to merely the needs of individual participants of the DFZ. (The DFZ, by definition, has to exist in its entirety on *someone's* hardware, and ideally should be able to fit on most folk's biggest pieces of hardware.) Brian Dickson From dean at av8.com Tue Jul 31 15:36:39 2007 From: dean at av8.com (Dean Anderson) Date: Tue, 31 Jul 2007 15:36:39 -0400 (EDT) Subject: [ppml] Policy Proposal 2007-15: Authentication ofLegacyResources In-Reply-To: Message-ID: On Mon, 30 Jul 2007, David Conrad wrote: > > ipv4 has no future supply, only future zero-sum. > > IPv4, like land and gold and any other indestructible resource, isn't > magically going away on when the free pool is exhausted. All that will > occur is the policy regime that has existed since around 1995 will be > forced to change since the underlying free pool that policy regime was > created to manage will no longer exist. Yes, exactly: But the free pool also won't ever go away completely. There will continue to be addresses blocks returned, and those addresses can then be re-delegated. Just like Redsox season tickets. A steady state will probably develop for a while. Rationing can spread the pain of depletion out over a longer period. The notion that ipv4 is a dead-end is just wrong. The long lifecycle isn't too hard to envision: Eventually, given enough time, the rate of return of addresses will exceed the demand for new addresses. Even later, the RIR's will probably think maintaining the registration of IPv4 a pitiful and useless burden, and seek to rid themselves of it. Someday, in the far distant future, all address space might be returned. I rather doubt it, though. I think there will be someone who will insist on IPv4. Someone in the Air Force is still using HPUX 5. Museums maybe the last users. And that's where the registration of IPv4 will probably end up. Those who think they can speed IPv6 by wrecking IPv4, deceive themselves and cause trouble to others. --Dean -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000 From dean at av8.com Tue Jul 31 15:36:45 2007 From: dean at av8.com (Dean Anderson) Date: Tue, 31 Jul 2007 15:36:45 -0400 (EDT) Subject: [ppml] Legacy users and ARIN duties In-Reply-To: <6eb799ab0707301804n5d5e3f2bn172a50cd39c7abf5@mail.gmail.com> Message-ID: On Mon, 30 Jul 2007, James Hess wrote: > On 7/30/07, Dean Anderson wrote: > > > Looks like the ARIN board didn't get its facts straight in May. There > > should be smart people on the board, who understand rationing. > > [...] > > > > "WHEREAS, ongoing community access to Internet Protocol version 4 > > (IPv4) numbering resources can not be assured indefinitely; and," > > > > Through rationing based on a decreasing exponential, the IPv4 addresses > > can be assured indefinitely, certainly beyond the next 10+ years. The > > pain of depletion, instead of being felt all at once, could be spread > > out over a long period. > > The moment anyone requesting an allocation cannot get the IP addresses > they need from ARIN, that they meet the justification criteria for, depletion > has impacted them, and it's every bit as severe as if ARIN had run out of > ip addresses altogether. Nonsense. ARIN, I suspect, turns down requests now. > It would be even more severe if the number of requests explodes as a > result of ARIN not properly allocating the number of addresses needed. The number of insufficiently justified requests is of no consequence to anything. > Not giving people the addresses they need doesn't really delay > depletion, it accelerates it. Strange logic, I think. So, you'd continue giving a heroin addict a full dose of heroin, because they think they "need it"? Of course, stopping cold turkey might kill them, too. Rationing just spreads the pain over time. It doesn't accelerate the depletion of address space. Rationing prevents and restrains hoarding and selfish behavior. Hoarding and Selfish behavior happens no matter what, and is caused when people realize the resource is going to run out. What you and Michael Dillon are proposing is to get the message to start hoarding out before rationing can begin. That seems to be contrary to the community interests. > The policy _already_ is to ration IP addresses, they are not allocated > freely in as much quantity as anyone asks, addresses are already > allocated based on justified need, and not in excess amounts. I suppose that's true. My proposal for rationing just causes the justification requirements to be more stringent. Justification has continued to get harder over the years. > The rate at which people come to need additional IP addresses is not > something ARIN has control over, and yet it's ARIN's responsibility to > efficiently allocate the addresses needed. Yes, indeed: "Efficiently allocate the addresses needed". Rationing considers future needs against present needs, and avoids abrupt changes. --Dean -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000 From Keith at jcc.com Tue Jul 31 15:49:11 2007 From: Keith at jcc.com (Keith W. Hare) Date: Tue, 31 Jul 2007 15:49:11 -0400 Subject: [ppml] PIv6 for legacy holders (/w RSA + efficient use) Message-ID: <9c7415d8b5fe940517b7edf45044854e46af9240@jcc.com> > -----Original Message----- > From: Randy Bush [mailto:randy at psg.com] > Sent: Tuesday, July 31, 2007 2:35 PM > To: Keith W. Hare > Cc: ppml at arin.net > Subject: Re: [ppml] PIv6 for legacy holders (/w RSA + efficient use) > > > To push IPv6 forward, we have to have enough users with > IPv6 addresses > > to convince the venders there is a market for IPv6 > hardware. The only > > way to do this is to make Provider Independent address space widely > > available to organizations with only a couple of hundred nodes. > > leaps over tall concepts in a single bound, he does! Yep. I have no problem with making a fool out of myself in public. I have lots of practice. > if the users can not deploy without gear, then they can not use the > address space, so they can not justify it. if they had the > gear today, > they would be trying v6 off their dual-stack transit provider today. > they are not. the reason is that they do not care. they just want > their mtv. There is a circular issue here -- I can't justify a request for IPv6 address space because I can't get the gear to use it. But I can't tell vendors I need IPv6 gear because I don't can't get IPv6 address space. So, where do I start? ARIN can't do much directly to convince vendors to make IPv6 more visible and available. ARIN can make it easier for end users to get IPv6 address space. > giving PI space to anyone who passes on the street corner is not gonna > do one bleeding thing for ipv6 other than make a future mess and have > folk screaming about those who got space in the big give-away of the > 2008-2010 era, just as they scream at legacy holders today. I'm not advocating giving PI space to anyone on the street corner, only those who are paying enough attention to the process to know that ARIN exists, and can document 200 or so nodes. There are a couple of differences between this and the pre-ARIN legacy IPv4 allocations. -- This would be covered by an ARIN RSA -- This would be covered by the ARIN annual fee There are also some similarities. -- In the early 90's, a number of organizations got IPv4 addresses before they had any hope of connecting to the internet. -- The fact that there was a market for IPv4 networking equipment helped drive vendors to market IPv4 equipment. The fact that folk today are screaming about legacy address holders is because ARIN mostly ignored the legacy address holders so the legacy address holders mostly ignored ARIN. That is water over the bridge now so lets move on and make different mistakes. Keith ______________________________________________________________ Keith W. Hare JCC Consulting, Inc. keith at jcc.com 600 Newark Road Phone: 740-587-0157 P.O. Box 381 Fax: 740-587-0163 Granville, Ohio 43023 http://www.jcc.com USA ______________________________________________________________ From arin-contact at dirtside.com Tue Jul 31 15:52:14 2007 From: arin-contact at dirtside.com (William Herrin) Date: Tue, 31 Jul 2007 15:52:14 -0400 Subject: [ppml] PIv6 for legacy holders (/w RSA + efficient use) In-Reply-To: <46AF846D.3030104@psg.com> References: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com> <71643.1185845108@sa.vix.com> <46AE90C6.8060406@psg.com> <83945.1185848565@sa.vix.com> <3c3e3fca0707302152y38cba766oa2066eda41ec3691@mail.gmail.com> <46AEC79C.9030103@psg.com> <3c3e3fca0707302336w357fcda7od944fae04810d645@mail.gmail.com> <46AEEE9C.8040606@psg.com> <3c3e3fca0707310711o219346f5ia4a8141a6081faf8@mail.gmail.com> <46AF846D.3030104@psg.com> Message-ID: <3c3e3fca0707311252x68ab6b36s905f966564e32ed3@mail.gmail.com> On 7/31/07, Randy Bush wrote: > and i really assure you that govt subsidies are not my cup of tea. but > i gotta look at what has actually worked. Nor are subsidies my specialty. Unless someone is willing to step forward and say, "I think we can induce the creation of subsidies here in the Americas and here's how," we have to file it along with the other blue-sky suggestions: interesting but not something that provides a path to success. > > by pushing too early, too hard with a mandate to deploy IPv6 inside > > the Federal government, we've lost support from the bureaucracy. > > i have wondered and worried about this. the gossip i get is that the > initiative is still moving forward, though maybe not as fast as we might > like, and more strongly in the military than the civilian areas. but i > am as far from dc as one can get in america, geographically and emotionally. IPv6 deployment is on the priority list of unfunded mandates. That's the list of mandates which get worked on after all the funded mandates are either complete or temporarily stalled. Which is to say: very rarely. Every once in a while there's even a memo reminding the IT folks that IPv6 deployment is on the priority list of unfunded mandates and should be taken seriously. > >> i have no problem with folk getting ipv6 space and looking for a > >> transit provider. we were the first provider in the world to offer > >> it. smirk. > > Then you'll support Scott's "PIv6 for legacy holders with RSA and > > efficient use" proposal? > > dunno how you made this leap to pi, legacy, ... Scott's proposal is all about folk getting IPv6 space and looking transit providers. I'd like to see you support it and suggest tweaks that better refine it towards that goal. > hmmm. please explain why pa space from one provider announced to both > upstreams will not work? is it some hidden deficiency in the ipv6 > architecture that is not present in ipv4? 'cause it sure works in ipv4. Each upstream has to announce the precise customer route into the DFZ regardless of whether its carved from PI or PA space. In IPv4 that's a /24 because anything longer gets filtered. The route is propagated through the entire DFZ for it to have the intended effect of allowing communications from any remote host through either network path. If you have discovered an ingenious strategy for multihoming without announcing a customer-specific route short enough that it doesn't get filtered within the DFZ itself, I'm all ears. If a multihomed customer has to consume an extra route in the DFZ anyway, what benefit would motivate us to want to carve that out of someone's PA space with all the nastiness associated with administrative management and renumbering? Give them a PI /48 and be done with it. By the by, that suggests a way in which a market for IPv4 blocks can form despite ARIN's efforts to prevent it: A service provider agrees to provide a /24 for multihoming with a cheap connection such as ISDN or DSL. The "for multihoming" part is an extra fee. For the extra fee the customer is permitted to announce the /24 via other providers and is given a portal where they can instruct the original ISP to either announce or not announce the route depending on whether the customer wants to treat the original ISP as a backup link or a primary link. Good money for the ISP. Good value for the customer who can't justify an ARIN assignment. Bad news for the size of the DFZ. This behavior could be blocked by filtering the blocks from which ISPs receive addresses to /20... But doing so would create the deficiency you just demanded to see. Regards, Bill Herrin -- William D. Herrin herrin at dirtside.com bill at herrin.us 3005 Crane Dr. Web: Falls Church, VA 22042-3004 From michael.dillon at bt.com Tue Jul 31 15:54:08 2007 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Tue, 31 Jul 2007 20:54:08 +0100 Subject: [ppml] alternative realities (was PIv6 for legacy holders (/wRSA + efficient use)) In-Reply-To: <1E5A9D35-D086-47BC-A1DD-9BF71577F316@virtualized.org> References: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com><46AA8423.5060202@internap.com><3c3e3fca0707271832y749f09ccw38ddf7b7a4f3d435@mail.gmail.com><46AAA4C3.3050103@internap.com><3c3e3fca0707271944v6fca3ccel68547b6067a34a9c@mail.gmail.com><46AAB480.6020400@internap.com><6eb799ab0707280622o313680b7gc639fa2bade0fd5f@mail.gmail.com><46AB6585.7080900@psg.com><6eb799ab0707281047l71652f57n9f75737c2bef054f@mail.gmail.com><46AC0DF3.8050902@psg.com><3c3e3fca0707290212r74d8d8adod8489ab5f9d9d8bf@mail.gmail.com><46ACB03E.4020208@psg.com> <65115.1185725352@sa.vix.com><6C350250-4E0A-49B7-A8DE-A2A24335BBD9@virtualized.org><76042.1185814077@sa.vix.com><88234.1185818363@sa.vix.com><0ADD7367-339E-4360-80CD-45DEA230CE87@virtualized.org><24940.1185829923@sa.vix.com><12CF3748-BEF2-4FAC-A1A2-801634C67084@virtualized.org><71643.1185845108@sa.vix.com> <46AE90C6.8060406@psg.com><83945.1185848565@sa.vix.com> <1E5A9D35-D086-47BC-A1 DD-9BF71 577F316@virtualized.org> Message-ID: > On Jul 30, 2007, at 7:22 PM, Paul Vixie wrote: > > i'd like to know what makes this alternative the most likely. > > Roughly, the way I figure it, given: > > a) there is a demand for that resource (say, people who want > to connect to the Internet) > b) there is a limited supply of a resource (say, for argument, unused > IPv4 addresses) > c) there are entities who have more of the resource than they need If so, then they are not in compliance with global policies on IPv4 allocation. The only entities that I know of who are in this postion are so-called legacy holders such as MIT. But I do not believe that entities like MIT have a right to monetize their IPv4 addresses when the vast majority of industry is playing by the rules and has no surplus. > d) there are entities who are willing to exchange value for > that resource > e) "traditional" mechanisms to obtain the resource will not > work (no more free pool) > > Then you have a breeding ground for a market (color isn't > important here). Maybe you are right but that is not the necessary conditions to SUSTAIN a market. If you can't sustain a market in IPv4 addresses through regular churn i.e. address blocks changing hands, then you don't have a real market. Instead you have a flash in the pan where a few private deals get made, and then the IPv4 free pool is utterly exhausted. Possibly a few of the private deals were purchases by speculators who now have a monopoly on available addresses and charge an inflated rate for the last few blocks. You simply cannot sustain a market under those conditions. In financial terms, there is not enough liquidity. To have liquidity you either need a large number of potential sellers or you need a minimum volume of transactions. Check various financial market liquidity rules to see how this is done. If you have insufficient liquidity then you will not have fair prices and that means you also do not have stability of predictability. Without stability or predictability, companies will refuse to participate in the market, further reducing liquidity. Given the nature of these problems, and the fundamental shortage of addresses to trade, I really cannot see a market forming, even if the legal issues surrounding "property" and "ownership" could be resolved. The only thing that will convince me that a market is possible would be an official public statement from the U.S. Department of Commerce stating that it supports the concept of a market in IPv4 addresses. > then the vast majority of users have no business incentive to deploy > IPv6 and hence no reason to ask your ISP for IPv6 service. Running out of IPv4 addresses and putting the brakes on network growth, are reason enough for most IP network operators to deploy IPv6. Customers will be forced to go along because they also will be unable to grow their internal networks using globally unique addresses. I fully expect ISPs to introduce IPv6 with price differentials between IPv6 and IPv4 services. If a company absolutely must have IPv4 connectivity with globally unique addresses, then they will have to pay a higher price. Smaller, more innovative and agile companies will take the cheaper IPv6 option. IPv4 exhaustion is a business incentive in and of itself. It is a fact, like earthquakes in California and hurricanes in Florida. Businesses must deal with it and spend the money to avoid catastrophe, or when the wall hits, they will suffer. > (4) will probably change (call me an optimist), but I argue > there will be significant content that is not available via > IPv6 for the foreseeable future. If I were you, I would check with the developers of Squid to see if it can function on a server with two network interfaces, one running IPv4 connected to the Internet and one running IPv6 connected to the LAN. I suspect that if it is not already fully functional, then someone will discover that it requires only two or three days of development and testing. You know the effect that "running code" has, don't you? --Michael Dillon From michael.dillon at bt.com Tue Jul 31 15:57:50 2007 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Tue, 31 Jul 2007 20:57:50 +0100 Subject: [ppml] Motivating migration to IPv6 -> IPV4 deprecation In-Reply-To: <46AF7F0C.6050900@mcsnet.ca> References: <200707311748.l6VHmwqP026867@s25.firmware.com> <46AF7F0C.6050900@mcsnet.ca> Message-ID: > IPV4 deprecation: > In tandem with a measure like this, make a press release that > after a certain date, > "IPV4 will be obsolete" (I'm probably ruffling feathers here by saying > this) > After said date, Arin will no longer publish or maintain any > ipv4 whois information, remove the in-addr.arpa zone. After > all, the goal here is to have an > ipv6 only global > network - right?! (maybe we don't even agree on that objective) I agree with that... in 2045. After all, it will take about 25 years after exhaustion for IPv4 to truly become obsolete for global internetworking. After that, anyone who wants to continue using it can run their own in-addr.arpa zone, or simply run without any DNS at all. --Michael Dillon From michael.dillon at bt.com Tue Jul 31 16:08:58 2007 From: michael.dillon at bt.com (michael.dillon at bt.com) Date: Tue, 31 Jul 2007 21:08:58 +0100 Subject: [ppml] PIv6 for legacy holders (/w RSA + efficient use) In-Reply-To: <9c7415d8b5fe940517b7edf45044854e46af9240@jcc.com> References: <9c7415d8b5fe940517b7edf45044854e46af9240@jcc.com> Message-ID: > There is a circular issue here -- I can't justify a request > for IPv6 address space because I can't get the gear to use > it. But I can't tell vendors I need IPv6 gear because I > don't can't get IPv6 address space. > > So, where do I start? I thought I already answered this question... RFC 4193 http://www.ietf.org/rfc/rfc4193.txt There are all the addresses that you need to set up and test your gear. While you are testing and certifying your gear, put in your ARIN application. If you fill out all the forms correctly and supply the background info that they requested, you will have your own IPv6 block within a week. --Michael Dillon From dean at av8.com Tue Jul 31 16:10:18 2007 From: dean at av8.com (Dean Anderson) Date: Tue, 31 Jul 2007 16:10:18 -0400 (EDT) Subject: [ppml] More on Kremen/Cohen In-Reply-To: Message-ID: More of a subterfuge than I thought: I thought the AS had been reassigned to _someone_else_ to unfairly keep it from Kremen. Turns out, ARIN apparently transferred the AS11083 to LACnic to avoid court jurisdiction, and KEEP IT IN COHEN'S HANDS. Holy perjury and fraudulent transfers, batman. --Dean whois as11083 at whois.arin.net [Querying whois.arin.net] [Redirected to whois.lacnic.net] [Querying whois.lacnic.net] [whois.lacnic.net] % Joint Whois - whois.lacnic.net % This server accepts single ASN, IPv4 or IPv6 queries % Copyright LACNIC lacnic.net % The data below is provided for information purposes % and to assist persons in obtaining information about or % related to AS and IP numbers registrations % By submitting a whois query, you agree to use this data % only for lawful purposes. % 2007-07-31 17:00:13 (BRT -03:00) aut-num: AS11083 owner: Ocean Fund International Ltd. ownerid: MX-OFIL-LACNIC address: Paseo De Los Heroes, #10105, address: Piso7th, Del Rio Tijuana address: Del Rio Tijuana, Tijuana, BajaCalifornia, CP 22320 country: MX owner-c: SMC4-ARIN created: 19980403 changed: 20040217 source: ARIN-HISTORIC nic-hdl: SMC4-ARIN person: Stephen Michael Cohen e-mail: steve at OMNITEC.COM address: Paseo De Los Heroes, #10105, address: Piso7th, Del Rio Tijuana, Tijuana address: Baja California, 22320 country: MX phone: 0115266343480 source: ARIN-HISTORIC % whois.lacnic.net accepts only direct match queries. % Types of queries are: POCs, ownerid, CIDR blocks, IP % and AS numbers. On Mon, 9 Jul 2007, Dean Anderson wrote: > Which is why I am thinking of filing a Motion to Reconsider in the > Kremen case. The Kremen result, dismissal on a technicality, was a > very unjust result. The case was a 'big deal' on Internet governance > and public policy that should not be dismissed on a technicality when > ARIN had unclean hands in the matter. I talked with Kremen's lawyer > this morning. He didn't know that ASN 11082 and 11084 still belonged > to ARIN, or that ARIN had transfered ASN 11083 individually to LACNIC > while the ASN was under dispute. These subsequent transfers are > additional events further harming Kremen that ought to restart the > clocks for the statutes of limitations. The untruthful and/or > misleading statements about the nature of the transfers should also > restart the clocks. > > There is indeed a settlement with Kremen as John Curran reported, > which isn't public. Kremen could even be satisfied with the result, as > Curran seemed to imply. But I am very concerned about the policy > implications of the decision and the way it was handled. The public > interest is not well served by allowing anarchists to prevail with > unclean hands---Anarchists who refuse to implement court orders, who > transfer assets under dispute and who then untruthfully report those > assets aren't under their control all while conducting frivolous > negotiations asserting for example that ARIN wasn't notified until > 2003. The principle of Estoppel should prevent ARIN from subsequently > claiming that the violations began in 2001, contrary to its earlier > assertions that no notice was received and hence no violations accrued > until 2003. > -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000 From randy at psg.com Tue Jul 31 16:19:56 2007 From: randy at psg.com (Randy Bush) Date: Tue, 31 Jul 2007 10:19:56 -1000 Subject: [ppml] PIv6 for legacy holders (/w RSA + efficient use) In-Reply-To: <9c7415d8b5fe940517b7edf45044854e46af9240@jcc.com> References: <9c7415d8b5fe940517b7edf45044854e46af9240@jcc.com> Message-ID: <46AF996C.3020005@psg.com> > There is a circular issue here -- I can't justify a request for IPv6 > address space because I can't get the gear to use it. But I can't tell > vendors I need IPv6 gear because I don't can't get IPv6 address space. > ARIN can't do much directly to convince vendors to make IPv6 more > visible and available. ARIN can make it easier for end users to get > IPv6 address space. and the vendors will listen to you more then? ha ha. > I'm not advocating giving PI space to anyone on the street corner, only > those who are paying enough attention to the process to know that ARIN > exists, and can document 200 or so nodes. no hardware, no justification. randy From tedm at ipinc.net Tue Jul 31 16:22:52 2007 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Tue, 31 Jul 2007 13:22:52 -0700 Subject: [ppml] Motivating migration to IPv6 In-Reply-To: <200707311748.l6VHmwqP026867@s25.firmware.com> Message-ID: >-----Original Message----- >From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net]On Behalf Of >Robert Bonomi >Sent: Tuesday, July 31, 2007 10:49 AM >To: ppml at arin.net >Subject: [ppml] Motivating migration to IPv6 > > > >I'm sure the following idea has to have occured to better minds than mine, >but I _cannot_ see what the downside to it is -- > >Given that: > 1) it is policy to 'encourage' migration to IPv6 > 2) there is a looming shortage of IPv4 addresses available for assignment > 3) _At_present_ IPv4 address-space *is* viewed by requestors as >'preferable' > to IPv6 space. > 4) more than 95% of address-space assignments are to entities >for which there > is a reasonable expectation they will be making _additional_ address- > space requests in the 'not too distant' future. > >Proposed: > A) every IPv4 block assignment includes the assignment of an 'equivalent- > size' IPv6 address block ( e.g. assuming '1 IPv4 /32' == '1 IPv6 /64) Robert, I suggested this about 4 months ago in a discussion and was shouted down. You can read the list archives to see all of the objections. In summary, it boiled down to if you give an entity IPv6 space automatically and they don't use it, you are creating a hazard for a spammer to go hijack the space and use it - then joe-user on the Internet cannot look at an incoming attack or spam originating from IPv6 and know if it's legitimate. One of the big problems with IPv4 right now is all of these legacy holders who aren't paying a dime every year but are also not advertising the IPv4 space allocated to them. Since they aren't paying, ARIN has no way of revoking the assignment for non-payment, and the legacy holder has no incentive to stop paying for IPv4 addressing they are assigned since they aren't paying anything anyway in the first place. Since there is no advertisement we don't know if the space is abandonded or not. The feeling on the list is by giving people resources they aren't asking for you are just creating the same problem all over again. > B) _subsequent_ v4 requests must show the required utilization levels of > *both* the allocated IPv4 *and* IPv6 space. With >"utilization" of IPv6 > space requiring the actual deployment of functional machines in that > address-space. What is the goal here? To restrict IPv4 handouts? For what reason? Look at it this way. An organization that is going full-bore into IPv6 is likely to be LESS interested in obtaining additional IPv4. So restricting IPv4 handouts to people who are going full bore is a bit like telling poor people that the only ones who can get welfare cards are the people who are already not poor. Your really a lot better off giving away the IPv4 as quick as you can to organizations that have a real need for it. The reason is that they will use it and then post-IPv4 runout you won't have a lot of unused IPv4 sitting in the hands of speculators who have no use for it other than selling or renting it to other people. > C) As the pool of available IPv4 addresses gets smaller, the >ratio of the > relative size of the IPv6 allocation vs the IPv4 allocation >_increases_. > >For 'revenue' purposes, the 'paired' IPv4 and IPv6 allocations are counted >as single block, as long as both are allocated. IF the requestor _returns_ >the IPv4 block, they get a significant discount on the IPv6 space for some >period of time. (50% off for 5 years, maybe?) > Once more, what is the goal here? To get a lot of IPv4 returned? Which will then create clamoring for the returned IPv4 to be handed out again. What your doing is creating a scenario where shortly after IPv4 runout, orgs that choose to go full bore into IPv6 will end up dumping all their IPv4 and orgs that choose to NOT get in to IPv6 will just get their IPv4 needs fulfilled from all the returned IPv4. Your creating an inducement to IPv4 orgs to not update to IPv6. Obviously you will never get 100% returned IPv4 from IPv6 orgs since they will need some IPv4 to dual-stack all the devices they have that offer services to the Internet - (ie: webservers and the like) because they will not want to cut off customers that are still on IPv4-only networks. Orgs that are mainly IPv4 will do the same thing - for servers of theirs that offer services to the Internet, they will dual-stack those with numbers out of the minimum IPv6 assignments, then never bother updating the rest of their internal network. The only way to force IPv6 updating is to make IPv4 unavailable by having it tied up in allocations. Because then what will happen is orgs that need more numbering will have no choice but to use IPv6 internally and the IPv4 that they currently have will be squeezed into dual-stacked servers that will fulfill web serving and other service serving and be used as gateway servers for their internal IPv6 clients that need to get to IPv4-only resources on the Internet. > >An _absolutely_ effective way of driving migration to IPv6 would be to >condition additional IPv4 address-space allocations on the percentage >of IPv6 traffic that transits the boundaries of the requestor's network. >That requires that not only does the requestor deploy IPv6 internally, >but that they _use_ it with external parties as well. Nobody can argue >the efectiveness of such an approach; however I suspect there are a number >of significant obstacles to actual implementation. > > >As I said at the top of things, I'm sure things like this have already >occured to far brighter people than me -- I await, with some trepidation, >being shown 'the **** obvious facts' that I have overlooked, that kill >such an approach. :) > Let me speak as an IPv4-only org for a moment. What is going to motivate us to upgrade to IPv6? I know how to do it and I have plans to do it, I even have a notion of the cost to do it. I will tell you. The day that we see THE POTENTIAL for SIGNIFICANT customer loss to our competitors by NOT updating to IPv6 is when we will update. Who are our biggest competitors? Verizon, Qwest, Comcast. None of whom are telling customers that the customers HAVE TO RUN IPv6. Qwest is still delivering ActionTec DSL modems that CANNOT run IPv6. And I would reckon only about 10% of our customers are running Windows Vista, the remaining 90% are majority XP but probably 40% are MacOS Panther, Win2K and so on where IPv6 isn't available. As for enticing us to update to IPv6 by making new requests for IPv4 unfulfilled, well the problem there is I've got a billion tricks up my sleeve to extract IPv4 from our network. Such as putting in IP-unnumbered instead of /30's on links - makes it harder to troubleshoot, but hey. Such as replacing /29's at customers with /30's if they aren't using the additional numbers. Such as giving a small discount to our DSL customers willing to to to RFC1918 numbers instead of public numbers. I could also put or modem banks behind translators - it might even reduce the number of customers who get broken into. Until my big competitors start telling customers they HAVE to update to Vista to get DSL or pay more money, or they HAVE to pay more money if they want their websites to be dual-homed, there is not a snowballs chance in HELL that I could pass along ANY update costs to our customers, and even less that I could require them to go IPv6. And furthermore, the day that my big competitors run out of IPv4 and start telling customers that they have to be IPv6-compliant if they want a public IP address, I'd be a fool if I didn't try extending IPv4 even futher. Hell, it would be a golden opportunity since some of those Verizon, Comcast and Qwest customers wouldn't want to switch to Vista or update in any way, and I would like to obtain those customers. God knows the biggies have done their share of stealing customers from us over the years. And if you think the biggies don't know all this your nuts. They do. IPv6 is basically a game of chicken between me and my competitors. Each of us is involved in a race to be the LAST isp to start forcing customers to update to IPv6. The ONLY way this would EVER change is if a must-have application came along that was IPv6 ONLY. People have joked here that if you put free illegal downloads of movies, music, and free porno, on an IPv6-only network, that the question of IPv6 updating would be a moot issue. I am sorry to have to say but this is really a lot closer to the truth, and a lot closer to what is really going to have to happen. Think up a killer-app to attract end-users to IPv6 and you will solve the problem. I would definitely prefer it than the alternative which is to keep playing the chicken game with my competitors. Ted From bonomi at mail.r-bonomi.com Tue Jul 31 16:42:14 2007 From: bonomi at mail.r-bonomi.com (Robert Bonomi) Date: Tue, 31 Jul 2007 15:42:14 -0500 (CDT) Subject: [ppml] Motivating migration to IPv6 Message-ID: <200707312042.l6VKgEJD028523@s25.firmware.com> > Date: Tue, 31 Jul 2007 15:29:51 -0400 > From: Brian Dickson > Subject: Re: [ppml] Motivating migration to IPv6 > > Craig Finseth wrote: > > This is one of the more intelligent proposals that I have seen on this > > list lately... > > > > I'm sure the following idea has to have occured to better minds than mine, > > but I _cannot_ see what the downside to it is -- > > > Scalability is the downside. > > Consider: > We have had serious scalability problems on current IPv4 hardware due to > the deaggregation and proliferation of IPv4 routes. > That is notwithstanding the very limited amount of IPv4 space. Agreed. > > Any proposal which duplicates (or worse!) the allocation of IPv6 > *quantities* of prefixes, e.g. on the basis of IPv4 prefixes, only dumps > this problem, wholesale, into an otherwise pristine IPv6 DFZ. FALSE ASSUMPTION. > So, as a favour to us all, *please* don't propose any solutions which > require handing out more than *one* PI block to any organization. Two, > if they need PI space that won't be part of the DFZ (e.g. as an > alternative to ULA-{C|G} allocations). What makes you think I made any such proposal? NOTHING prevents the RIR from 'reserving' a large block per requestor, but actually _allocating_ it incrementally. > Thank you in advance for considering the DFZ as a whole, as opposed to > merely the needs of individual participants of the DFZ. (The DFZ, by > definition, has to exist in its entirety on *someone's* hardware, and > ideally should be able to fit on most folk's biggest pieces of hardware.) I'm playing with an idea that would allow _everybody_ to have their own "permanent" chunk of IPv6 space (i.e., would _not_ have to renumber if they changed providers) and which would *NOT* adversely affect the the size of the DFZ. In fact it would significantly _shrink_ the routing entries required for the DFZ. As in a _total_ of about 16,000 entries. It actually accomplishes the 'uncoupling' of routing from address-space prefixing. From tedm at ipinc.net Tue Jul 31 16:42:36 2007 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Tue, 31 Jul 2007 13:42:36 -0700 Subject: [ppml] More on Kremen/Cohen In-Reply-To: Message-ID: I've reviewed some of the court documentation on this and while I'll refrain from comment on the legalities, everything I've read about them leads me to believe that both of them are scumbags. Would you want one of your daughters dating either of them? 'nuff said. Ted >-----Original Message----- >From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net]On Behalf Of >Dean Anderson >Sent: Tuesday, July 31, 2007 1:10 PM >To: ARIN PPML >Subject: [ppml] More on Kremen/Cohen > > > >More of a subterfuge than I thought: I thought the AS had been >reassigned to _someone_else_ to unfairly keep it from Kremen. > >Turns out, ARIN apparently transferred the AS11083 to LACnic to avoid >court jurisdiction, and KEEP IT IN COHEN'S HANDS. > >Holy perjury and fraudulent transfers, batman. > > --Dean > > >whois as11083 at whois.arin.net >[Querying whois.arin.net] >[Redirected to whois.lacnic.net] >[Querying whois.lacnic.net] >[whois.lacnic.net] > >% Joint Whois - whois.lacnic.net >% This server accepts single ASN, IPv4 or IPv6 queries > > >% Copyright LACNIC lacnic.net >% The data below is provided for information purposes >% and to assist persons in obtaining information about or >% related to AS and IP numbers registrations >% By submitting a whois query, you agree to use this data >% only for lawful purposes. >% 2007-07-31 17:00:13 (BRT -03:00) > >aut-num: AS11083 >owner: Ocean Fund International Ltd. >ownerid: MX-OFIL-LACNIC >address: Paseo De Los Heroes, #10105, >address: Piso7th, Del Rio Tijuana >address: Del Rio Tijuana, Tijuana, BajaCalifornia, CP 22320 >country: MX >owner-c: SMC4-ARIN >created: 19980403 >changed: 20040217 >source: ARIN-HISTORIC > >nic-hdl: SMC4-ARIN >person: Stephen Michael Cohen >e-mail: steve at OMNITEC.COM >address: Paseo De Los Heroes, #10105, >address: Piso7th, Del Rio Tijuana, Tijuana >address: Baja California, 22320 >country: MX >phone: 0115266343480 >source: ARIN-HISTORIC > >% whois.lacnic.net accepts only direct match queries. >% Types of queries are: POCs, ownerid, CIDR blocks, IP >% and AS numbers. > > > >On Mon, 9 Jul 2007, Dean Anderson wrote: > >> Which is why I am thinking of filing a Motion to Reconsider in the >> Kremen case. The Kremen result, dismissal on a technicality, was a >> very unjust result. The case was a 'big deal' on Internet governance >> and public policy that should not be dismissed on a technicality when >> ARIN had unclean hands in the matter. I talked with Kremen's lawyer >> this morning. He didn't know that ASN 11082 and 11084 still belonged >> to ARIN, or that ARIN had transfered ASN 11083 individually to LACNIC >> while the ASN was under dispute. These subsequent transfers are >> additional events further harming Kremen that ought to restart the >> clocks for the statutes of limitations. The untruthful and/or >> misleading statements about the nature of the transfers should also >> restart the clocks. >> >> There is indeed a settlement with Kremen as John Curran reported, >> which isn't public. Kremen could even be satisfied with the result, as >> Curran seemed to imply. But I am very concerned about the policy >> implications of the decision and the way it was handled. The public >> interest is not well served by allowing anarchists to prevail with >> unclean hands---Anarchists who refuse to implement court orders, who >> transfer assets under dispute and who then untruthfully report those >> assets aren't under their control all while conducting frivolous >> negotiations asserting for example that ARIN wasn't notified until >> 2003. The principle of Estoppel should prevent ARIN from subsequently >> claiming that the violations began in 2001, contrary to its earlier >> assertions that no notice was received and hence no violations accrued >> until 2003. >> > >-- >Av8 Internet Prepared to pay a premium for better service? >www.av8.net faster, more reliable, better service >617 344 9000 > > >_______________________________________________ >This message sent to you through the ARIN Public Policy Mailing List >(PPML at arin.net). >Manage your mailing list subscription at: >http://lists.arin.net/mailman/listinfo/ppml > From dean at av8.com Tue Jul 31 17:07:54 2007 From: dean at av8.com (Dean Anderson) Date: Tue, 31 Jul 2007 17:07:54 -0400 (EDT) Subject: [ppml] alternative realities (was PIv6 for legacy holders (/wRSA + efficient use)) In-Reply-To: Message-ID: On Tue, 31 Jul 2007 michael.dillon at bt.com wrote: > > If so, then they are not in compliance with global policies on IPv4 > allocation. The only entities that I know of who are in this postion are > so-called legacy holders such as MIT. But I do not believe that entities > like MIT have a right to monetize their IPv4 addresses when the vast > majority of industry is playing by the rules and has no surplus. MIT has just as much right to monetize their IPv4 address space as does British Telecom. --Dean -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000 From craig.finseth at state.mn.us Tue Jul 31 17:09:48 2007 From: craig.finseth at state.mn.us (Craig Finseth) Date: Tue, 31 Jul 2007 16:09:48 -0500 Subject: [ppml] Motivating migration to IPv6 In-Reply-To: <46AF8D0D.2090504@internap.com> (message from Scott Leibrand on Tue, 31 Jul 2007 12:27:09 -0700) References: <200707311748.l6VHmwqP026867@s25.firmware.com> <200707311915.l6VJFeDp031765@inana.itg.state.mn.us> <46AF8D0D.2090504@internap.com> Message-ID: <200707312109.l6VL9mH8032421@inana.itg.state.mn.us> Have you deployed IPv6 across your network yet? If not, could you do so within 6 months? An IPv4 allocation is usually sized for 6 months of We have some IPv6, mainly for our testing. Very little customer demand. Higher education, mostly. growth, so this proposal would require all growing IP networks to deploy IPv6 within 6 months, instead of allowing them to do so over the next few years (between now and when they can no longer grow with IPv4). I don't know about you, but such a mandate would significantly increase our cost of deploying IPv6, for no real benefit. I didn't say that the proposal was perfect. Merely that it seems to actually be doing something useful by attmpting to match growth in one area to growth in another. And it sure beats the "let's all try to make everyone's lives miserable, but without actually doing anything to solve any real problem" proposals that have been on the list lately. Craig From craig.finseth at state.mn.us Tue Jul 31 17:12:01 2007 From: craig.finseth at state.mn.us (Craig Finseth) Date: Tue, 31 Jul 2007 16:12:01 -0500 Subject: [ppml] Motivating migration to IPv6 In-Reply-To: <46AF8DAF.1090207@ca.afilias.info> (message from Brian Dickson on Tue, 31 Jul 2007 15:29:51 -0400) References: <200707311748.l6VHmwqP026867@s25.firmware.com> <200707311915.l6VJFeDp031765@inana.itg.state.mn.us> <46AF8DAF.1090207@ca.afilias.info> Message-ID: <200707312112.l6VLC1Vm032441@inana.itg.state.mn.us> ... So, as a favour to us all, *please* don't propose any solutions which require handing out more than *one* PI block to any organization. Two, ... If you modify it to one per organization * Internet connection, it makes sense. Large organizations have multiple, independent connections. E.g., multinational X may have a connection in the US and one in Europe and it makes sense for them to be different prefixes. Craig From paul at vix.com Tue Jul 31 17:53:01 2007 From: paul at vix.com (Paul Vixie) Date: Tue, 31 Jul 2007 21:53:01 +0000 Subject: [ppml] Motivating migration to IPv6 In-Reply-To: Your message of "Tue, 31 Jul 2007 12:27:09 MST." <46AF8D0D.2090504@internap.com> References: <200707311748.l6VHmwqP026867@s25.firmware.com> <200707311915.l6VJFeDp031765@inana.itg.state.mn.us> <46AF8D0D.2090504@internap.com> Message-ID: <93066.1185918781@sa.vix.com> scott wrote: > ... An IPv4 allocation is usually sized for 6 months of growth, so this > proposal would require all growing IP networks to deploy IPv6 within 6 > months, instead of allowing them to do so over the next few years (between > now and when they can no longer grow with IPv4). I don't know about you, > but such a mandate would significantly increase our cost of deploying IPv6, > for no real benefit. if you insist on using ipv4 until the moment you can't grow, you're hurting yourself and also others, assuming you hit the date exactly. however, you'll miss the date by a few months in some direction, and the date will move around as we get closer to it. a hard cut isn't feasible unless you're comfortable with a couple of flat or down quarters while you figure out which bets pay off and which ones cost you. if you bring ipv6 up in parallel earlier than the moment you can't grow with v4, then you'll be sitting pretty when others less prepared than you win the race to the bottom of the IPv4 pile. and you'll be part of the equation in other folks' games theories that tells them it's safe to deploy earlier since they'll have at least internap to talk to. so six months from next allocation seems draconian. but when IPv4 enters its last year of unallocated pile, i predict that this community will scream for withholding new IPv4 for anyone who can't prove that they've already started deploying IPv6. so, maybe the time to actually do it isn't today, but please don't wait for the depletion event. if you don't like six months, propose something that seems realistic and achievable for internap. paul ps. i'm not speaking as an arin trustee in this message. From captain at netidea.com Tue Jul 31 18:05:18 2007 From: captain at netidea.com (Kirk Ismay) Date: Tue, 31 Jul 2007 15:05:18 -0700 Subject: [ppml] Motivating migration to IPv6 In-Reply-To: <46AF8DAF.1090207@ca.afilias.info> References: <200707311748.l6VHmwqP026867@s25.firmware.com> <200707311915.l6VJFeDp031765@inana.itg.state.mn.us> <46AF8DAF.1090207@ca.afilias.info> Message-ID: <46AFB21E.7030008@netidea.com> > Scalability is the downside. > > > I am all in favour of giving out exactly one IPv6 block (of PI space) > per ASN, sized appropriately (e.g. sufficient for 10-20 year needs > at least). This makes a lot of sense to me. How about a policy that: a) allows any organization to request an IPv6 allocation of a suitably sized block to so long as they have an existing RSA, ASN and IPv4 allocation. b) includes a clause that allows legacy IPv4 holders to be able to also get a block by signing an RSA (carrot approach). Note: I have not worked with IPv6 as of yet, so I'm not sure if I've wrapped my head around just how big IPv6 is. -- Sincerely, Kirk Ismay System Administrator -- Net Idea 201-625 Front Street Nelson, BC V1L 4B6 P:250-352-3512 | F:250-352-9780 | TF:1-888-352-3512 Check out our brand new website! www.netidea.com From sleibrand at internap.com Tue Jul 31 18:10:05 2007 From: sleibrand at internap.com (Scott Leibrand) Date: Tue, 31 Jul 2007 15:10:05 -0700 Subject: [ppml] Motivating migration to IPv6 In-Reply-To: <46AFB21E.7030008@netidea.com> References: <200707311748.l6VHmwqP026867@s25.firmware.com> <200707311915.l6VJFeDp031765@inana.itg.state.mn.us> <46AF8DAF.1090207@ca.afilias.info> <46AFB21E.7030008@netidea.com> Message-ID: <46AFB33D.4040808@internap.com> Kirk Ismay wrote: >> Scalability is the downside. >> >> >> I am all in favour of giving out exactly one IPv6 block (of PI space) >> per ASN, sized appropriately (e.g. sufficient for 10-20 year needs >> at least). >> > > This makes a lot of sense to me. How about a policy that: > > a) allows any organization to request an IPv6 allocation of a suitably > sized block to so long as they have an existing RSA, ASN and IPv4 > allocation. > > b) includes a clause that allows legacy IPv4 holders to be able to also > get a block by signing an RSA (carrot approach). > Kirk, If by "have an existing IPv4 allocation" you mean a direct allocation/assignment, I think you just described my "PIv6 for legacy holders with RSA and efficient use" policy proposal. Is that what you meant, or were you referring to reallocations and reassignments in addition to direct allocations/assignments? -Scott From sleibrand at internap.com Tue Jul 31 18:24:13 2007 From: sleibrand at internap.com (Scott Leibrand) Date: Tue, 31 Jul 2007 15:24:13 -0700 Subject: [ppml] Motivating migration to IPv6 In-Reply-To: <93066.1185918781@sa.vix.com> References: <200707311748.l6VHmwqP026867@s25.firmware.com> <200707311915.l6VJFeDp031765@inana.itg.state.mn.us> <46AF8D0D.2090504@internap.com> <93066.1185918781@sa.vix.com> Message-ID: <46AFB68D.7020909@internap.com> Paul Vixie wrote: > scott wrote: > > >> ... An IPv4 allocation is usually sized for 6 months of growth, so this >> proposal would require all growing IP networks to deploy IPv6 within 6 >> months, instead of allowing them to do so over the next few years (between >> now and when they can no longer grow with IPv4). I don't know about you, >> but such a mandate would significantly increase our cost of deploying IPv6, >> for no real benefit. >> > > if you insist on using ipv4 until the moment you can't grow, you're hurting > yourself and also others, assuming you hit the date exactly. however, you'll > miss the date by a few months in some direction, and the date will move around > as we get closer to it. a hard cut isn't feasible unless you're comfortable > with a couple of flat or down quarters while you figure out which bets pay off > and which ones cost you. > > if you bring ipv6 up in parallel earlier than the moment you can't grow with > v4, then you'll be sitting pretty when others less prepared than you win the > race to the bottom of the IPv4 pile. and you'll be part of the equation in > other folks' games theories that tells them it's safe to deploy earlier since > they'll have at least internap to talk to. > Of course. I think most/all of the operators on this list understand the necessity of being ready to use IPv6 (for some definition of "ready") before IPv4 exhaustion hits. And, like us, I suspect most operators have been going after the low-hanging fruit, making sure new hardware supports IPv6, getting their allocation/assignment from ARIN, etc. As exhaustion nears, we'll need to start reaching a little higher, and even bring out the step-ladders, but I don't anticipate we'll need bucket-trucks for awhile. > so six months from next allocation seems draconian. but when IPv4 enters its > last year of unallocated pile, i predict that this community will scream for > withholding new IPv4 for anyone who can't prove that they've already started > deploying IPv6. Yep. And if that's done as part of a sensible proposal like "Soft Landing", that's entirely reasonable and something I'd support. -Scott From arin-contact at dirtside.com Tue Jul 31 18:26:48 2007 From: arin-contact at dirtside.com (William Herrin) Date: Tue, 31 Jul 2007 18:26:48 -0400 Subject: [ppml] alternative realities (was PIv6 for legacy holders (/wRSA + efficient use)) In-Reply-To: References: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com> <88234.1185818363@sa.vix.com> <0ADD7367-339E-4360-80CD-45DEA230CE87@virtualized.org> <24940.1185829923@sa.vix.com> <12CF3748-BEF2-4FAC-A1A2-801634C67084@virtualized.org> <71643.1185845108@sa.vix.com> <46AE90C6.8060406@psg.com> <83945.1185848565@sa.vix.com> <1E5A9D35-D086-47BC-A1DD-9BF71577F316@virtualized.org> Message-ID: <3c3e3fca0707311526i5a1ac121w4e512931f732b5fe@mail.gmail.com> On 7/31/07, michael.dillon at bt.com wrote: > > On Jul 30, 2007, at 7:22 PM, Paul Vixie wrote: > > c) there are entities who have more of the resource than they need > > If so, then they are not in compliance with global policies on IPv4 > allocation. The only entities that I know of who are in this postion are > so-called legacy holders such as MIT. But I do not believe that entities > like MIT have a right to monetize their IPv4 addresses when the vast > majority of industry is playing by the rules and has no surplus. Michael, consider if you will: MIT offers "special" dialup accounts to all takers. The dialup is a local number in Cambridge MA, the accounts cost $50/month and include a /24 of IP addresses. Each customer gets a portal. The portal allows them to do two things: 1. Turn on or off MIT's announcement of the /24 into the DFZ. If off, only MIT's supernet route will apply. 2. Establish a GRE tunnel in lieu of the dialup. The tunnel is limited to 128kbps unless the customer pays more. Finally, explicit in each of these dialup contracts: the customer may ask any other ISP to announce the /24 route into the DFZ as they choose for so long as they continue buying the dialup account from MIT. In case you missed the point, the dialup is a ruse. What they're really renting is /24's for $50/mo with a catchall tunnel just in case someone decides to obstinately filter the long prefixes. MIT wins by collecting upwards of $39M/yr for slicing up its /8. Discounted tuition for all. End users win. For a mere $50/mo they get a /24 they can use with whatever provider they want to so long as that particular provider isn't retaliating against MIT. Given that its a source of customers who don't walk in requiring more of my scarce IPv4 addresses and MIT clearly isn't competing with me, why would I try that hard to retaliate? The community overall loses with upwards of 65k new routes slammed into the IPv4 DFZ. Policies violated? None. No global policy defines MIT's use of that /8. They're not even a legacy registrant under ARIN; the in-addr.arpa delagation comes from further upstream. Yeah, okay, so its a little far fetched to think that MIT would do anything quite so crass. But they're not the only ones sitting on a /8. Regards, Bill Herrin -- William D. Herrin herrin at dirtside.com bill at herrin.us 3005 Crane Dr. Web: Falls Church, VA 22042-3004 From captain at netidea.com Tue Jul 31 18:37:24 2007 From: captain at netidea.com (Kirk Ismay) Date: Tue, 31 Jul 2007 15:37:24 -0700 Subject: [ppml] Motivating migration to IPv6 In-Reply-To: <46AFB33D.4040808@internap.com> References: <200707311748.l6VHmwqP026867@s25.firmware.com> <200707311915.l6VJFeDp031765@inana.itg.state.mn.us> <46AF8DAF.1090207@ca.afilias.info> <46AFB21E.7030008@netidea.com> <46AFB33D.4040808@internap.com> Message-ID: <46AFB9A4.2010608@netidea.com> Scott Leibrand wrote: > Kirk Ismay wrote: >>> Scalability is the downside. >>> >>> >>> I am all in favour of giving out exactly one IPv6 block (of PI space) >>> per ASN, sized appropriately (e.g. sufficient for 10-20 year needs >>> at least). >>> >> >> This makes a lot of sense to me. How about a policy that: >> >> a) allows any organization to request an IPv6 allocation of a >> suitably sized block to so long as they have an existing RSA, ASN and >> IPv4 allocation. >> >> b) includes a clause that allows legacy IPv4 holders to be able to >> also get a block by signing an RSA (carrot approach). >> > > Kirk, > > If by "have an existing IPv4 allocation" you mean a direct > allocation/assignment, I think you just described my "PIv6 for legacy > holders with RSA and efficient use" policy proposal. Is that what you > meant, or were you referring to reallocations and reassignments in > addition to direct allocations/assignments? > > -Scott > Yes, I agree with your proposal. It was Brian Dickson's explanation of the scalability issues of smaller IPv6 fragments on the routing tables that put it into perspective for me. -- Sincerely, Kirk Ismay System Administrator -- Net Idea 201-625 Front Street Nelson, BC V1L 4B6 P:250-352-3512 | F:250-352-9780 | TF:1-888-352-3512 Check out our brand new website! www.netidea.com From paul at vix.com Tue Jul 31 18:44:14 2007 From: paul at vix.com (Paul Vixie) Date: Tue, 31 Jul 2007 22:44:14 +0000 Subject: [ppml] alternative realities (was PIv6 for legacy holders (/wRSA + efficient use)) In-Reply-To: Your message of "Tue, 31 Jul 2007 18:26:48 -0400." <3c3e3fca0707311526i5a1ac121w4e512931f732b5fe@mail.gmail.com> References: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com> <88234.1185818363@sa.vix.com> <0ADD7367-339E-4360-80CD-45DEA230CE87@virtualized.org> <24940.1185829923@sa.vix.com> <12CF3748-BEF2-4FAC-A1A2-801634C67084@virtualized.org> <71643.1185845108@sa.vix.com> <46AE90C6.8060406@psg.com> <83945.1185848565@sa.vix.com> <1E5A9D35-D086-47BC-A1DD-9BF71577F316@virtualized.org> <3c3e3fca0707311526i5a1ac121w4e512931f732b5fe@mail.gmail.com> Message-ID: <1953.1185921854@sa.vix.com> > In case you missed the point, the dialup is a ruse. What they're > really renting is /24's for $50/mo with a catchall tunnel just in case > someone decides to obstinately filter the long prefixes. ... > The community overall loses with upwards of 65k new routes slammed > into the IPv4 DFZ. can each extant enterprise /8 be carved up into 64K /24's without exploding the global routing table / default free zone / internet core? ruse or not, if it makes things break all over, then filtering won't just be obstinate. > Policies violated? None. No global policy defines MIT's use of that > /8. They're not even a legacy registrant under ARIN; the in-addr.arpa > delagation comes from further upstream. > > Yeah, okay, so its a little far fetched to think that MIT would do > anything quite so crass. But they're not the only ones sitting on a > /8. i agree that if there's no attempt to treat ip addresses as property, or the right to use an ip address as if it were a dark fibre IRU, then current policy would seem to support this activity. it's just another kind of "connection" as in "connected devices". From bonomi at mail.r-bonomi.com Tue Jul 31 18:47:53 2007 From: bonomi at mail.r-bonomi.com (Robert Bonomi) Date: Tue, 31 Jul 2007 17:47:53 -0500 (CDT) Subject: [ppml] Motivating migration to IPv6 Message-ID: <200707312247.l6VMlr3T029671@s25.firmware.com> > From sleibrand at internap.com Tue Jul 31 14:27:24 2007 > Date: Tue, 31 Jul 2007 12:27:09 -0700 > From: Scott Leibrand > To: craig.finseth at state.mn.us > CC: bonomi at mail.r-bonomi.com, ppml at arin.net > Subject: Re: [ppml] Motivating migration to IPv6 > > Craig and Robert, > > Have you deployed IPv6 across your network yet? If not, could you do so > within 6 months? An IPv4 allocation is usually sized for 6 months of > growth, so this proposal would require all growing IP networks to deploy > IPv6 within 6 months, instead of allowing them to do so over the next > few years (between now and when they can no longer grow with IPv4). Yes, it requires that one _start_ deployment within that timeframe. It does not mandate that ones _entire_ network be IPv6 compatible or capable. Can you run an IPv6 to IPv4 gateway, to one room-full of servers? With IPv6 connectivity to one or more peers? You're quite correct about one thing, it doesn't provide _you_ any direct benefit. It _does_ benefit the _entire_ Internet community, however. > I > don't know about you, but such a mandate would significantly increase > our cost of deploying IPv6, for no real benefit. Can you explain how your costs will _significantly_ increase if you know you have to start _minimal_ deployment of IP6 within roughly 12 months rather than having to rush out full-sale deployment in, say 4 years? BTW, you would have around 12 months, not 6 for initial deployment. For starters it's about 3 months for formal approval of a proposed rules change, minimum. When the rules-change goes into effect, it is 'average' 3 montths before the first request for a new block comes in. The fulfillment of that request has no constraints beyond the situation, but does include an 'automatic' iPv6 allocation. Six months -later- you have to show reasonable utilization of that allocation. That's twelve months _minimum_ before you have to show small-scale deployment. Longer if the Board would chose to make the effective date delayed from the date of adoption. From paul at vix.com Tue Jul 31 19:04:34 2007 From: paul at vix.com (Paul Vixie) Date: Tue, 31 Jul 2007 23:04:34 +0000 Subject: [ppml] Motivating migration to IPv6 In-Reply-To: Your message of "Tue, 31 Jul 2007 15:24:13 MST." <46AFB68D.7020909@internap.com> References: <200707311748.l6VHmwqP026867@s25.firmware.com> <200707311915.l6VJFeDp031765@inana.itg.state.mn.us> <46AF8D0D.2090504@internap.com> <93066.1185918781@sa.vix.com> <46AFB68D.7020909@internap.com> Message-ID: <7170.1185923074@sa.vix.com> scott wrote: > I think most/all of the operators on this list understand the necessity of > being ready to use IPv6 (for some definition of "ready") before IPv4 > exhaustion hits. how long before, though? that's the rub. everybody wants everybody else to go first, because they don't want to pre-depreciate their capital, or be left as a Beta user in a VHS world (like with early versions of DNSSEC), or be the ones creating a network value effect that incents others to join the party. (is it a news flash that we can't all be the last ones to the IPv6 party?) > And, like us, I suspect most operators have been going after the low-hanging > fruit, making sure new hardware supports IPv6, getting their allocation / > assignment from ARIN, etc. As exhaustion nears, we'll need to start > reaching a little higher, and even bring out the step-ladders, but I don't > anticipate we'll need bucket-trucks for awhile. by my reading of the tea leaves, you need the bucket trucks right now. but i might lay off if you submit an "ipv6 transition in practice" talk to ABQ NANOG and did a similar preso for the ABQ ARIN as well, just to demonstrate the hard realities of getting this done, and helping others consider their own situations in light of yours. paul ps. i'm not speaking as an arin trustee in this message. From sleibrand at internap.com Tue Jul 31 19:05:10 2007 From: sleibrand at internap.com (Scott Leibrand) Date: Tue, 31 Jul 2007 16:05:10 -0700 Subject: [ppml] Motivating migration to IPv6 In-Reply-To: <200707312247.l6VMlr3T029671@s25.firmware.com> References: <200707312247.l6VMlr3T029671@s25.firmware.com> Message-ID: <46AFC026.30201@internap.com> Robert Bonomi wrote: >> From sleibrand at internap.com Tue Jul 31 14:27:24 2007 >> Date: Tue, 31 Jul 2007 12:27:09 -0700 >> From: Scott Leibrand >> To: craig.finseth at state.mn.us >> CC: bonomi at mail.r-bonomi.com, ppml at arin.net >> Subject: Re: [ppml] Motivating migration to IPv6 >> >> Craig and Robert, >> >> Have you deployed IPv6 across your network yet? If not, could you do so >> within 6 months? An IPv4 allocation is usually sized for 6 months of >> growth, so this proposal would require all growing IP networks to deploy >> IPv6 within 6 months, instead of allowing them to do so over the next >> few years (between now and when they can no longer grow with IPv4). >> > > Yes, it requires that one _start_ deployment within that timeframe. > It does not mandate that ones _entire_ network be IPv6 compatible or capable. > > Can you run an IPv6 to IPv4 gateway, to one room-full of servers? > With IPv6 connectivity to one or more peers? > Your proposal requires I deploy an amount of IPv6 space "equivalent" to my IPv4 allocation before I can get more IPv4 space. I can't/shouldn't do that with a gateway or a room full of servers, and I don't think I should be dual-stacking routers that don't support IPv6 in hardware. In any event, we already have an IPv6 /32, so we don't need any more IPv6 space. I think an approach like "Soft Landing" is a much more reasonable way to tie IPv6 adoption to the allocation of the last IPv4 prefixes, and I would recommend you re-read and comment on that policy proposal rather than proposing something along these lines. -Scott From randy at psg.com Tue Jul 31 19:18:43 2007 From: randy at psg.com (Randy Bush) Date: Tue, 31 Jul 2007 13:18:43 -1000 Subject: [ppml] Motivating migration to IPv6 In-Reply-To: <7170.1185923074@sa.vix.com> References: <200707311748.l6VHmwqP026867@s25.firmware.com> <200707311915.l6VJFeDp031765@inana.itg.state.mn.us> <46AF8D0D.2090504@internap.com> <93066.1185918781@sa.vix.com> <46AFB68D.7020909@internap.com> <7170.1185923074@sa.vix.com> Message-ID: <46AFC353.5010208@psg.com> >> I think most/all of the operators on this list understand the necessity of >> being ready to use IPv6 (for some definition of "ready") before IPv4 >> exhaustion hits. > how long before, though? if by "ipv4 exhaustion" you mean the iana free pool run-out, the answer is, in many cases, a negative number. ( or did you mean that those poor ipv4 packets are gonna drop from overwork, victims of their success? :) folk will spend the effort to deploy ipv6 when they perceive that the costs of continued deployment of ipv4 are greater than starting to deploy ipv6. doh. some of the main factors in this will be availability of dual stack equipment and software all the way to the back office, the price of ipv4 space on ebay, how much public space their deployment actually needs, and their ability to scrounge, nat, ... and frank solensky's projections, which 15 years later look as good as anything, have the iana free pool run-out before many of those factors have the move-to-ipv6 choice become the less expensive one. randy From jcurran at istaff.org Tue Jul 31 19:28:13 2007 From: jcurran at istaff.org (John Curran) Date: Tue, 31 Jul 2007 19:28:13 -0400 Subject: [ppml] Motivating migration to IPv6 In-Reply-To: <46AFC353.5010208@psg.com> References: <200707311748.l6VHmwqP026867@s25.firmware.com> <200707311915.l6VJFeDp031765@inana.itg.state.mn.us> <46AF8D0D.2090504@internap.com> <93066.1185918781@sa.vix.com> <46AFB68D.7020909@internap.com> <7170.1185923074@sa.vix.com> <46AFC353.5010208@psg.com> Message-ID: At 1:18 PM -1000 7/31/07, Randy Bush wrote: >folk will spend the effort to deploy ipv6 when they perceive that the >costs of continued deployment of ipv4 are greater than starting to >deploy ipv6. doh. > >some of the main factors in this will be availability of dual stack >equipment and software all the way to the back office, the price of ipv4 >space on ebay, how much public space their deployment actually needs, >and their ability to scrounge, nat, ... Actually, the greatest cost may be trying to keep full connectivity when your peers are handing you routes from this weeks numerous IPv4 remnants, and you can't turn 'em down because you're doing the same to them... Hopefully, most will perceive the pain a few years ahead of time, since it's otherwise a little late to be thinking about starting deployment of IPv6. /John From drc at virtualized.org Tue Jul 31 19:37:31 2007 From: drc at virtualized.org (David Conrad) Date: Tue, 31 Jul 2007 16:37:31 -0700 Subject: [ppml] alternative realities (was PIv6 for legacy holders (/wRSA + efficient use)) In-Reply-To: References: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com><46AA8423.5060202@internap.com><3c3e3fca0707271832y749f09ccw38ddf7b7a4f3d435@mail.gmail.com><46AAA4C3.3050103@internap.com><3c3e3fca0707271944v6fca3ccel68547b6067a34a9c@mail.gmail.com><46AAB480.6020400@internap.com><6eb799ab0707280622o313680b7gc639fa2bade0fd5f@mail.gmail.com><46AB6585.7080900@psg.com><6eb799ab0707281047l71652f57n9f75737c2bef054f@mail.gmail.com><46AC0DF3.8050902@psg.com><3c3e3fca0707290212r74d8d8adod8489ab5f9d9d8bf@mail.gmail.com><46ACB03E.4020208@psg.com> <65115.1185725352@sa.vix.com><6C350250-4E0A-49B7-A8DE-A2A24335BBD9@virtualized.org><76042.1185814077@sa.vix.com><88234.1185818363@sa.vix.com><0ADD7367-339E-4360-80CD-45DEA230CE87@virtualized.org><24940.1185829923@sa.vix.com><12CF3748-BEF2-4FAC-A1A2-801634C67084@virtualized.org><71643.1185845108@sa.vix.com> <46AE90C6.8060406@psg.com><83945.1185848565@sa.vix.com> <1E5A9D35-D086-47BC-A! 1 DD-9BF71 577F316@virtualized.org> Message-ID: <05635FD4-D9D6-4855-8649-1CBCDA7F35A5@virtualized.org> Michael, On Jul 31, 2007, at 12:54 PM, wrote: >> c) there are entities who have more of the resource than they need > > If so, then they are not in compliance with global policies on IPv4 > allocation. The only entities that I know of who are in this > postion are > so-called legacy holders such as MIT. Which I believe is about 100 /8s. > But I do not believe that entities > like MIT have a right to monetize their IPv4 addresses when the vast > majority of industry is playing by the rules and has no surplus. Because? > If you can't sustain a market in IPv4 addresses through > regular churn i.e. address blocks changing hands, then you don't > have a > real market. I'm not sure why you think a real market can't be time constrained (in fact, I believe most are in one way or another). A while back "Beany Babies" were all the rage and people were buying and selling those dolls, often at significant markups. Are you saying there wasn't a market for Beany Babies? > Instead you have a flash in the pan where a few private > deals get made, and then the IPv4 free pool is utterly exhausted. I suspect that when people with 'surplus' address space see 'private deals' getting made, they'll begin to question whether NAT is all that evil after all. I'm guessing not and as a result, you'll see increased address utilization efficiency and an expansion of the "available" (if not "free") pool. > The only thing that will convince me that a market is possible > would be > an official public statement from the U.S. Department of Commerce > stating that it supports the concept of a market in IPv4 addresses. I'm not sure I see why DoC would be relevant in this. > You know the effect that "running code" has, don't you? Sure. I was at ISC when we developed the "running code" that supported A6 records. Your point? Rgds, -drc From randy at psg.com Tue Jul 31 19:42:03 2007 From: randy at psg.com (Randy Bush) Date: Tue, 31 Jul 2007 13:42:03 -1000 Subject: [ppml] Motivating migration to IPv6 In-Reply-To: References: <200707311748.l6VHmwqP026867@s25.firmware.com> <200707311915.l6VJFeDp031765@inana.itg.state.mn.us> <46AF8D0D.2090504@internap.com> <93066.1185918781@sa.vix.com> <46AFB68D.7020909@internap.com> <7170.1185923074@sa.vix.com> <46AFC353.5010208@psg.com> Message-ID: <46AFC8CB.6040604@psg.com> John Curran wrote: > At 1:18 PM -1000 7/31/07, Randy Bush wrote: >> folk will spend the effort to deploy ipv6 when they perceive that the >> costs of continued deployment of ipv4 are greater than starting to >> deploy ipv6. doh. >> some of the main factors in this will be availability of dual stack >> equipment and software all the way to the back office, the price of ipv4 >> space on ebay, how much public space their deployment actually needs, >> and their ability to scrounge, nat, ... > Actually, the greatest cost may be trying to keep full connectivity > when your peers are handing you routes from this weeks numerous > IPv4 remnants, and you can't turn 'em down because you're doing > the same to them... route fragmentation will be a slow growth thing, accelerating well after iana free pool run-out, which is the time range paul and i were discussing. it will be a secondary effect, though a bad one. and it will be one of those "my contribution is small" so everyone pollutes with insufficient guilt. and sean doran's suggestion of bgp announcement charging has some very complex operational issues in settlement distribution, aside from the political hurdles. > Hopefully, most will perceive the pain a few years ahead of time hope stopped running the internet at the turn of the last millennium. she is on vacation in the comores, and sends the occasional post card. randy From bonomi at mail.r-bonomi.com Tue Jul 31 19:58:34 2007 From: bonomi at mail.r-bonomi.com (Robert Bonomi) Date: Tue, 31 Jul 2007 18:58:34 -0500 (CDT) Subject: [ppml] Motivating migration to IPv6 Message-ID: <200707312358.l6VNwYJt000518@s25.firmware.com> > From sleibrand at internap.com Tue Jul 31 18:05:26 2007 > Date: Tue, 31 Jul 2007 16:05:10 -0700 > From: Scott Leibrand > To: Robert Bonomi > CC: ppml at arin.net > Subject: Re: [ppml] Motivating migration to IPv6 > > Robert Bonomi wrote: > >> From sleibrand at internap.com Tue Jul 31 14:27:24 2007 > >> Date: Tue, 31 Jul 2007 12:27:09 -0700 > >> From: Scott Leibrand > >> To: craig.finseth at state.mn.us > >> CC: bonomi at mail.r-bonomi.com, ppml at arin.net > >> Subject: Re: [ppml] Motivating migration to IPv6 > >> > >> Craig and Robert, > >> > >> Have you deployed IPv6 across your network yet? If not, could you do so > >> within 6 months? An IPv4 allocation is usually sized for 6 months of > >> growth, so this proposal would require all growing IP networks to deploy > >> IPv6 within 6 months, instead of allowing them to do so over the next > >> few years (between now and when they can no longer grow with IPv4). > >> > > > > Yes, it requires that one _start_ deployment within that timeframe. > > It does not mandate that ones _entire_ network be IPv6 compatible or capable. > > > > Can you run an IPv6 to IPv4 gateway, to one room-full of servers? > > With IPv6 connectivity to one or more peers? > > > > Your proposal requires I deploy an amount of IPv6 space "equivalent" to > my IPv4 allocation before I can get more IPv4 space. I can't/shouldn't > do that with a gateway or a room full of servers, and I don't think I > should be dual-stacking routers that don't support IPv6 in hardware. Woops! Mis-understanding. Not the IPv6 equivalent of ones _entire_ IPv4 space. Just the equivalent of the IPv4 space received in requests fulfilled under the proposed policy. Requiring near-immediate deployment of something equivalent to one's _total_ IPv4 space would be, I agree, "excessive". If you're growing slowly, the burden is not all that onerous. Approaches as mentioned above do do the trick. If you're growing fast, you're buying lots of additional gear; dual-stack is just one more thing on the RFQ. > In any event, we already have an IPv6 /32, so we don't need any more > IPv6 space. Good point. "bright idea" revised to include that if the requesting organization already has IPv6 space at least equivalent to what would be the cumulative IPv6 space to have been allocated based on IPv4 space requested under this proposal, no additional IPv6 space will be allocated, but requestor will be required to subsequently show appropriate utilization of IPv6 space of the size that would have been allocated. (*SHEESH* there's got to be a less-convoluted way to say that! :) From drc at virtualized.org Tue Jul 31 20:18:18 2007 From: drc at virtualized.org (David Conrad) Date: Tue, 31 Jul 2007 17:18:18 -0700 Subject: [ppml] PIv6 for legacy holders (/w RSA + efficient use) In-Reply-To: <15680.1185857518@sa.vix.com> References: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com> <46AA8423.5060202@internap.com> <3c3e3fca0707271832y749f09ccw38ddf7b7a4f3d435@mail.gmail.com> <46AAA4C3.3050103@internap.com> <3c3e3fca0707271944v6fca3ccel68547b6067a34a9c@mail.gmail.com> <46AAB480.6020400@internap.com> <6eb799ab0707280622o313680b7gc639fa2bade0fd5f@mail.gmail.com> <46AB6585.7080900@psg.com> <6eb799ab0707281047l71652f57n9f75737c2bef054f@mail.gmail.com> <46AC0DF3.8050902@psg.com> <3c3e3fca0707290212r74d8d8adod8489ab5f9d9d8bf@mail.gmail.com> <46ACB03E.4020208@psg.com> <65115.1185725352@sa.vix.com> <6C350250-4E0A-49B7-A8DE-A2A24335BBD9@virtualized.org> <76042.1185814077@sa.vix.com> <88234.1185818363@sa.vix.com> <0ADD7367-339E-4360-80CD-45DEA230CE87@virtualized.org> <24940.1185829923@sa.vix.com> <12CF3748-BEF2-4FAC-A1A2-801634C67084@virtualized.org> <71643.1185845108@sa.vix.com> <60C77950-A4D0-4360-B64C-D65400A3B3A5@virtualized.org> <1! 5680.1185857518@sa.vix.com> Message-ID: Paul, On Jul 30, 2007, at 9:51 PM, Paul Vixie wrote: > to the extent that you're talking as if none of us has any choice > as to the > outcome, the word i've been using, "fatalistic", is dictionary > perfect. Individually, we all have a choice. Collectively, Leo was right: http://en.wikipedia.org/wiki/Prisoner's_dilemma > to say that human nature preordains a period of scarcity before the > new kind > of IP addresses start being relevant, goes beyond me, at this stage. I guess I have less faith in companies to see beyond the end of this quarter than you. > to say that a market would lead to efficient utilization of either > routing > table slots (vs. subdivision) or space (vs. a futures market), and > will serve > humanity as well as a market in pork bellies or google shares, goes > beyond > me, at this stage. I have said on several occasions that increased address utilization that will come from an address market will result in a flood of long prefixes and that I worry about this. However, the IETF backed away from the output of the RAWS workshop and I have been told that YFRV (both colors) have stood up at NANOG (etc.) and claimed 2M prefixes today, 10M soon with no change in hardware, and that they're not worried. Who am I to contract these learned groups? > a lot of people have said that a market is inevitable and a lot > of people have said that a market would be efficient. A market in address space already exists. As to whether it will be efficient, sure: for some value of "efficient". Utilization efficiency will increase. Routing efficiency will decrease. Money will move from one place to another. So it goes. > instead, here's a rim shot: what's your preferred outcome? That IPv6 provides its own incentive to migrate. I once had a dream: IPv6 would be able to provide something that isn't possible in IPv4, namely a simple mechanism to allow for (non- BGP) multi-homing, mobility without the complexity of MobileIP, and didn't require people to renumber when they changed providers. The LOC/ID split, separating the end point identifier from the locator could have been done in IPv6 where it was essentially impossible in IPv4. There is still a small glimmer of hope. However, failing that, I figure it's going to get really ugly and I have a fear governments are going to get involved in the end. Hence, my desire to extend the lifetime of the free pool via proposals such as "Soft Landing"... Rgds, -drc From mysidia at gmail.com Tue Jul 31 20:22:09 2007 From: mysidia at gmail.com (James Hess) Date: Tue, 31 Jul 2007 19:22:09 -0500 Subject: [ppml] More on Kremen/Cohen In-Reply-To: References: Message-ID: <6eb799ab0707311722w16097811gb47276ada55109ea@mail.gmail.com> On 7/31/07, Dean Anderson wrote: > More of a subterfuge than I thought: I thought the AS had been > reassigned to _someone_else_ to unfairly keep it from Kremen. > Turns out, ARIN apparently transferred the AS11083 to LACnic to avoid > court jurisdiction, and KEEP IT IN COHEN'S HANDS. How about ARIN apparently created the proper referral record and LACNIC took up its responsibility for maintaining and recording the AS contact information, because according to the record it's a network in Mexico, AND Mexico is in LACNIC's region and networks in Mexico are not in ARIN's region or responsibility? Sounds fairly innocuous to me. What do you suggest it means to "transfer" an AS? ARIN doesn't "have" any ASes in the first place. An AS is an identity, not a "thing" transferred any more than your name is something you can transfer; any more than you could find someone walking down the street and transfer your name to them, or they could transfer their name to you. An AS is not 'transferred' by a change in responsible registries any more than the name "DEAN ANDERSON" has been transferred, if you move to a different country, so you now appear on the rolls of a different Motor Vehciles office. The only thing that is changed is who advertises your name, and who you go to in order to update the information. And no, your former country of residence doesn't get to force your new country of residence to revoke your driver's license in the new country, although, they can still force the Motor Vehicle's office in your country of former residence to issue your license to a different person, it just wouldn't make much sense. > > Holy perjury and fraudulent transfers, batman. > > --Dean > > > whois as11083 at whois.arin.net > [Querying whois.arin.net] > [Redirected to whois.lacnic.net] > [Querying whois.lacnic.net] > [whois.lacnic.net] > > % Joint Whois - whois.lacnic.net > % This server accepts single ASN, IPv4 or IPv6 queries > > -- -J From drc at virtualized.org Tue Jul 31 20:31:28 2007 From: drc at virtualized.org (David Conrad) Date: Tue, 31 Jul 2007 17:31:28 -0700 Subject: [ppml] alternative realities (was PIv6 for legacy holders (/wRSA + efficient use)) In-Reply-To: <1953.1185921854@sa.vix.com> References: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com> <88234.1185818363@sa.vix.com> <0ADD7367-339E-4360-80CD-45DEA230CE87@virtualized.org> <24940.1185829923@sa.vix.com> <12CF3748-BEF2-4FAC-A1A2-801634C67084@virtualized.org> <71643.1185845108@sa.vix.com> <46AE90C6.8060406@psg.com> <83945.1185848565@sa.vix.com> <1E5A9D35-D086-47BC-A1DD-9BF71577F316@virtualized.org> <3c3e3fca0707311526i5a1ac121w4e512931f732b5fe@mail.gmail.com> <1953.1185921854@sa.vix.com> Message-ID: <61ACEB05-86BF-4254-8C25-437AFC7168D5@virtualized.org> On Jul 31, 2007, at 3:44 PM, Paul Vixie wrote: > can each extant enterprise /8 be carved up into 64K /24's without > exploding > the global routing table / default free zone / internet core? I'm told YFRV have indicated we're currently at 10% what routers today can handle and by the time we see the shattering of legacy space into the routing system, the limits will be much higher. Plenty o' room... NOTE: I do not believe this, however the people paying the bills will use arguments along these lines in CEO and board room discussions and guess where network operators' input will land? Anyhow, there won't be an explosion. As Randy points out elsewhere, routing table growth is boiling the frog. See http://en.wikipedia.org/ wiki/Boiling_frog or http://en.wikipedia.org/wiki/ Tragedy_of_the_commons (Wikipedia is great! :-)). Rgds, -drc From tedm at ipinc.net Tue Jul 31 20:33:18 2007 From: tedm at ipinc.net (Ted Mittelstaedt) Date: Tue, 31 Jul 2007 17:33:18 -0700 Subject: [ppml] More on Kremen/Cohen In-Reply-To: <6eb799ab0707311722w16097811gb47276ada55109ea@mail.gmail.com> Message-ID: >-----Original Message----- >From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net]On Behalf Of >James Hess >Sent: Tuesday, July 31, 2007 5:22 PM >To: Dean Anderson >Cc: ARIN PPML >Subject: Re: [ppml] More on Kremen/Cohen > > >On 7/31/07, Dean Anderson wrote: >> More of a subterfuge than I thought: I thought the AS had been >> reassigned to _someone_else_ to unfairly keep it from Kremen. > >> Turns out, ARIN apparently transferred the AS11083 to LACnic to avoid >> court jurisdiction, and KEEP IT IN COHEN'S HANDS. > >How about ARIN apparently created the proper referral record and LACNIC >took up its responsibility for maintaining and recording the AS >contact information, >because according to the record it's a network in Mexico, AND Mexico is in >LACNIC's region and networks in Mexico are not in ARIN's region or >responsibility? > Um, you are aware that Cohen fled to Mexico with a warrent out for his arrest 5 years ago, he apparently screwed up and crossed over into New Mexico last year and was arrested in the United States. He is in custody now and I believe sentencing is set for another week I think. >Sounds fairly innocuous to me. > Does that mean that I can claim to the IRS that my residence is actually in Mexico and thus avoid paying taxes in the US? Even though I am living in the US right now? Since I suspect Cohen's address will be one of the federal pens for a number of years I suspect his country of residence won't be Mexico much longer. ;-) > >And no, your former country of residence doesn't get to force your >new country >of residence to revoke your driver's license in the new country, >although, they >can still force the Motor Vehicle's office in your country of former >residence to >issue your license to a different person, it just wouldn't make much sense. Of course, when you stupidly walk back into your former country of residence and get yourself arrested, all of this theorizing goes up in smoke... Like I said - would you want one of your daughters dating either of the scum? This case should not have been in front of a court at all, the courts (as of yet) have no business involved in IP addressing. I support any moves that ARIN makes to get the case vacated, even if they have to do a scummy underhanded trick to do it. Both of these people are pure slime and deserve scummy tricks. Both of them got what was coming to them (pardon the pun) Ted From jcurran at istaff.org Tue Jul 31 21:07:35 2007 From: jcurran at istaff.org (John Curran) Date: Tue, 31 Jul 2007 21:07:35 -0400 Subject: [ppml] alternative realities (was PIv6 for legacy holders (/wRSA + efficient use)) In-Reply-To: <61ACEB05-86BF-4254-8C25-437AFC7168D5@virtualized.org> References: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com> <88234.1185818363@sa.vix.com> <0ADD7367-339E-4360-80CD-45DEA230CE87@virtualized.org> <24940.1185829923@sa.vix.com> <12CF3748-BEF2-4FAC-A1A2-801634C67084@virtualized.org> <71643.1185845108@sa.vix.com> <46AE90C6.8060406@psg.com> <83945.1185848565@sa.vix.com> <1E5A9D35-D086-47BC-A1DD-9BF71577F316@virtualized.org> <3c3e3fca0707311526i5a1ac121w4e512931f732b5fe@mail.gmail.com> <1953.1185921854@sa.vix.com> <61ACEB05-86BF-4254-8C25-437AFC7168D5@virtualized.org> Message-ID: At 5:31 PM -0700 7/31/07, David Conrad wrote: > >Anyhow, there won't be an explosion. As Randy points out elsewhere, >routing table growth is boiling the frog. I'd agree with respect to current routing table growth, but not with post-IPv4 depletion routing growth. Currently large providers add hundreds of customers per new prefix. Don't expect the number of new business customers to change, just the number of routes that are needed to serve them when much smaller IPv4 blocks are in play. /John From randy at psg.com Tue Jul 31 23:00:27 2007 From: randy at psg.com (Randy Bush) Date: Tue, 31 Jul 2007 17:00:27 -1000 Subject: [ppml] alternative realities (was PIv6 for legacy holders (/wRSA + efficient use)) In-Reply-To: References: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com> <88234.1185818363@sa.vix.com> <0ADD7367-339E-4360-80CD-45DEA230CE87@virtualized.org> <24940.1185829923@sa.vix.com> <12CF3748-BEF2-4FAC-A1A2-801634C67084@virtualized.org> <71643.1185845108@sa.vix.com> <46AE90C6.8060406@psg.com> <83945.1185848565@sa.vix.com> <1E5A9D35-D086-47BC-A1DD-9BF71577F316@virtualized.org> <3c3e3fca0707311526i5a1ac121w4e512931f732b5fe@mail.gmail.com> <1953.1185921854@sa.vix.com> <61ACEB05-86BF-4254-8C25-437AFC7168D5@virtualized.org> Message-ID: <46AFF74B.8010602@psg.com> >> routing table growth is boiling the frog. > I'd agree with respect to current routing table growth, but not with > post-IPv4 depletion routing growth. post ipv4 depletion, there will be no ipv4 routes because ipv4 will have been depleted. see . or was "ipv4 depletion" yet another scare term for the end of the iana free pool? if the latter, then > Currently large providers add hundreds of customers per new prefix. > Don't expect the number of new business customers to change, just the > number of routes that are needed to serve them when much smaller IPv4 > blocks are in play. how will the fact that providers get their ipv4 space from ebay as opposed to iana radically affect the number of prefixes which they announce? as ebay prices rise, their singly homed customers will just get smaller pieces and hide more behind nats, as if enough was not behind nats already. but the number of announcements into the dmz will be inversely proportional to the chunk size the isp can get on ebay, not the number of singly homed customers, not a radical change at all. their multi homed customers will add one prefix with N paths into the v4 table, just as they do today. it will be a longer prefix as the ebay prices climb. but the number of prefixes is O(multi-homed customers). routing table growth will still be dominated by multi-homing, traffic engineering, and new folk entering the game. ( for a while, this may actually get easier when one can buy the space on ebay as opposed to justifying it to some technocracy. would you let your son marry a hostmistress? :) randy From jcurran at istaff.org Tue Jul 31 23:17:34 2007 From: jcurran at istaff.org (John Curran) Date: Tue, 31 Jul 2007 23:17:34 -0400 Subject: [ppml] alternative realities (was PIv6 for legacy holders (/wRSA + efficient use)) In-Reply-To: <46AFF74B.8010602@psg.com> References: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com> <88234.1185818363@sa.vix.com> <0ADD7367-339E-4360-80CD-45DEA230CE87@virtualized.org> <24940.1185829923@sa.vix.com> <12CF3748-BEF2-4FAC-A1A2-801634C67084@virtualized.org> <71643.1185845108@sa.vix.com> <46AE90C6.8060406@psg.com> <83945.1185848565@sa.vix.com> <1E5A9D35-D086-47BC-A1DD-9BF71577F316@virtualized.org> <3c3e3fca0707311526i5a1ac121w4e512931f732b5fe@mail.gmail.com> <1953.1185921854@sa.vix.com> <61ACEB05-86BF-4254-8C25-437AFC7168D5@virtualized.org> <46AFF74B.8010602@psg.com> Message-ID: At 5:00 PM -1000 7/31/07, Randy Bush wrote: >how will the fact that providers get their ipv4 space from ebay as >opposed to iana radically affect the number of prefixes which they announce? > >as ebay prices rise, their singly homed customers will just get smaller >pieces and hide more behind nats, as if enough was not behind nats >already. but the number of announcements into the dmz will be inversely >proportional to the chunk size the isp can get on ebay, not the number >of singly homed customers, not a radical change at all. You want to connect N businesses, and presently you're assigning them various block sizes from /27 down to /22... You're going to do this everyday until you need to get a new block from your RIR (and presently you're getting a /14 or so, based on past utilization)... Surprise! Now you have to go hunt down a /24 here, maybe a /20 now and then (presuming some folks factor their old assignments). You're going to be going through several dozen of these blocks every week in order to meet the same customer demand. Those blocks don't aggregate, so the routing entries are inevitable once they're put in use. >their multi homed customers will add one prefix with N paths into the v4 >table, just as they do today. it will be a longer prefix as the ebay >prices climb. but the number of prefixes is O(multi-homed customers). Not talking multi-homed customers; trying to serve the bread and butter everyday business customer is going to take more routes for the same number of new customers. The moment that you try and squeeze down the address space that you're providing, the customer walk to a competitor who says that giving them that entire /24 is "no problem". /John From randy at psg.com Tue Jul 31 23:25:25 2007 From: randy at psg.com (Randy Bush) Date: Tue, 31 Jul 2007 17:25:25 -1000 Subject: [ppml] alternative realities (was PIv6 for legacy holders (/wRSA + efficient use)) In-Reply-To: References: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com> <88234.1185818363@sa.vix.com> <0ADD7367-339E-4360-80CD-45DEA230CE87@virtualized.org> <24940.1185829923@sa.vix.com> <12CF3748-BEF2-4FAC-A1A2-801634C67084@virtualized.org> <71643.1185845108@sa.vix.com> <46AE90C6.8060406@psg.com> <83945.1185848565@sa.vix.com> <1E5A9D35-D086-47BC-A1DD-9BF71577F316@virtualized.org> <3c3e3fca0707311526i5a1ac121w4e512931f732b5fe@mail.gmail.com> <1953.1185921854@sa.vix.com> <61ACEB05-86BF-4254-8C25-437AFC7168D5@virtualized.org> <46AFF74B.8010602@psg.com> Message-ID: <46AFFD25.5050909@psg.com> > You want to connect N businesses, and presently you're assigning them > various block sizes from /27 down to /22... You're going to do this > everyday until you need to get a new block from your RIR (and > presently you're getting a /14 or so, based on past utilization)... > > Surprise! Now you have to go hunt down a /24 here, maybe a /20 now > and then (presuming some folks factor their old assignments). i think you significantly underestimate what will be on ebay. as drc said O(100) /8s. but time will tell, won't it. as time goes on, indeed, smaller and smaller chunks will be readily available. hence the frog boil analogy drc used. randy From jcurran at istaff.org Tue Jul 31 23:38:10 2007 From: jcurran at istaff.org (John Curran) Date: Tue, 31 Jul 2007 23:38:10 -0400 Subject: [ppml] alternative realities (was PIv6 for legacy holders (/wRSA + efficient use)) In-Reply-To: <46AFFD25.5050909@psg.com> References: <3c3e3fca0707241228r6dcd014ey7ed90da84131b027@mail.gmail.com> <88234.1185818363@sa.vix.com> <0ADD7367-339E-4360-80CD-45DEA230CE87@virtualized.org> <24940.1185829923@sa.vix.com> <12CF3748-BEF2-4FAC-A1A2-801634C67084@virtualized.org> <71643.1185845108@sa.vix.com> <46AE90C6.8060406@psg.com> <83945.1185848565@sa.vix.com> <1E5A9D35-D086-47BC-A1DD-9BF71577F316@virtualized.org> <3c3e3fca0707311526i5a1ac121w4e512931f732b5fe@mail.gmail.com> <1953.1185921854@sa.vix.com> <61ACEB05-86BF-4254-8C25-437AFC7168D5@virtualized.org> <46AFF74B.8010602@psg.com> <46AFFD25.5050909@psg.com> Message-ID: At 5:25 PM -1000 7/31/07, Randy Bush wrote: > > You want to connect N businesses, and presently you're assigning them >> various block sizes from /27 down to /22... You're going to do this >> everyday until you need to get a new block from your RIR (and >> presently you're getting a /14 or so, based on past utilization)... >> >> Surprise! Now you have to go hunt down a /24 here, maybe a /20 now >> and then (presuming some folks factor their old assignments). > >i think you significantly underestimate what will be on ebay. as drc >said O(100) /8s. but time will tell, won't it. The burn rate is between 10 to 15 /8's per annum, increasing, and while you'll see some pieces of the legacy space show up, the extractable and reusable space will burn off under that demand in a few short years. >as time goes on, indeed, smaller and smaller chunks will be readily >available. hence the frog boil analogy drc used. More like a convection oven roast; very quickly the largest ISP's will face having to ignore new routes from their peers (or they'll be seeing if they can replace every EGP router to some of "2M" route variety, only to do it again every ninety days...) Markets aren't hierarchical, and there's no working backpressure model for the imputed non-hierarchical routing cost, so it will spin apart sooner or later. /John