ARIN-PPML Message

[arin-ppml] SWIPs & IPv6

Maybe its timely for a SWIP/rWHOIS review? I think there is a great deal to
be said for establishing whether SWIP is going to become burdensome with
IPv6 allocations and consider whether a different architect eg *("run their
own server which provides an rwhois-like service to lookup the status of the
provider's prefixes"..M.Dillon)* is going to be advantageous.

RD

I believe that the resource review policy would preserve the
> need for ISPs to keep SWIPs up to date or risk having their
> resources audited.
>
> Owen
>
> On Nov 30, 2009, at 2:22 PM, Danny McPherson wrote:
>
> >
> > I'd like to know what folks here are thinking regarding
> > IPv6 and SWIPs.  In particular, a primary driver for SWIPs
> > today is to enable justification of additional addresses
> > (when the time comes).  SWIP data is clearly invaluable to
> > network operations and security folks, as well as law
> > enforcement, when investigating or dealing with various
> > incidents (not to mention many other uses, as many of you
> > well know).
> >
> > I suspect that with such large IPv6 allocations, the need
> > to keep SWIP/(rwhois) data up to date will diminish, severely
> > hindering folks that use SWIP data on a regular basis.
> >
> > Furthermore, while development of an RPKI is underway, it
> > really only deals with certification of routed number spaces
> > (as currently specified).  While I _think we don't want all
> > subsequent assignment/allocation data in the RPKI, I'm worried
> > we won't have it anywhere with IPv6 -- or in many different
> > places and formats.
> >
> > I suspect at least a BCP (some form, some where) and some
> > community guidance is in order along these lines (i.e.,
> > SWIP-esque data is a must to some reasonable level of
> > granularity), I'd like to see what folks here are thinking
> > along these lines..
> >
> > If I've missed this discussion here (or in other forums)
> > references welcome, a cursory search yields nothing expressly
> > related to this topic.
> >
> > Thanks in advance,
> >
> > -danny
> >
> >
> > _______________________________________________
> > PPML
> > You are receiving this message because you are subscribed to
> > the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
> > Unsubscribe or manage your mailing list subscription at:
> > http://lists.arin.net/mailman/listinfo/arin-ppml
> > Please contact info at arin.net if you experience any issues.
>
>
>
> ------------------------------
>
> Message: 2
> Date: Mon, 30 Nov 2009 23:25:54 -0600
> From: Stan Barber <sob at academ.com>
> To: Owen DeLong <owen at delong.com>
> Cc: arin ppml <ppml at arin.net>
> Subject: Re: [arin-ppml] SWIPs & IPv6
> Message-ID: <4B14A8E2.5020800 at academ.com>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> Owen,
>
> How real is the risk of being audited?
>
> I am not asking that flippantly. I just wonder if ARIN has ever audited
> and if so, what was the reason? Was it because of bad SWIP information?
>
> Owen DeLong wrote:
> > I believe that the resource review policy would preserve the
> > need for ISPs to keep SWIPs up to date or risk having their
> > resources audited.
> >
> > Owen
> >
> > On Nov 30, 2009, at 2:22 PM, Danny McPherson wrote:
> >
> >>
> >> I'd like to know what folks here are thinking regarding
> >> IPv6 and SWIPs.  In particular, a primary driver for SWIPs
> >> today is to enable justification of additional addresses
> >> (when the time comes).  SWIP data is clearly invaluable to
> >> network operations and security folks, as well as law
> >> enforcement, when investigating or dealing with various
> >> incidents (not to mention many other uses, as many of you
> >> well know).
> >>
> >> I suspect that with such large IPv6 allocations, the need
> >> to keep SWIP/(rwhois) data up to date will diminish, severely
> >> hindering folks that use SWIP data on a regular basis.
> >>
> >> Furthermore, while development of an RPKI is underway, it
> >> really only deals with certification of routed number spaces
> >> (as currently specified).  While I _think we don't want all
> >> subsequent assignment/allocation data in the RPKI, I'm worried
> >> we won't have it anywhere with IPv6 -- or in many different
> >> places and formats.
> >>
> >> I suspect at least a BCP (some form, some where) and some
> >> community guidance is in order along these lines (i.e.,
> >> SWIP-esque data is a must to some reasonable level of
> >> granularity), I'd like to see what folks here are thinking
> >> along these lines..
> >>
> >> If I've missed this discussion here (or in other forums)
> >> references welcome, a cursory search yields nothing expressly
> >> related to this topic.
> >>
> >> Thanks in advance,
> >>
> >> -danny
> >>
> >>
> >> _______________________________________________
> >> PPML
> >> You are receiving this message because you are subscribed to
> >> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
> >> Unsubscribe or manage your mailing list subscription at:
> >> http://lists.arin.net/mailman/listinfo/arin-ppml
> >> Please contact info at arin.net if you experience any issues.
> >
> > _______________________________________________
> > PPML
> > You are receiving this message because you are subscribed to
> > the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
> > Unsubscribe or manage your mailing list subscription at:
> > http://lists.arin.net/mailman/listinfo/arin-ppml
> > Please contact info at arin.net if you experience any issues.
>
>
>
> ------------------------------
>
> Message: 3
> Date: Tue, 1 Dec 2009 06:53:15 -0500
> From: John Curran <jcurran at arin.net>
> To: Stan Barber <sob at academ.com>
> Cc: arin ppml <ppml at arin.net>
> Subject: Re: [arin-ppml] SWIPs & IPv6
> Message-ID: <2C7B54B5-3261-4691-A7C1-A5165A1532F4 at arin.net>
> Content-Type: text/plain; charset="us-ascii"
>
> On Dec 1, 2009, at 12:25 AM, Stan Barber wrote:
>
> > Owen,
> >
> > How real is the risk of being audited?
> >
> > I am not asking that flippantly. I just wonder if ARIN has ever audited
> and if so, what was the reason? Was it because of bad SWIP information?
>
> Stan -
>
>  The resource review policy is relatively new, but ARIN has indeed been
> making use of when we see strong indication of fraudulent activities or
> related misappropriation of number resources.
>
>  While in theory resource review could be performed for any reason
> (including lax updates to SWIP information), it has been our practice to
> only make use of it where that the community is potentially being deprived
> of the use of numbering resources.
>
> /John
>
> John Curran
> President and CEO
> ARIN
>
>
>
>
> ------------------------------
>
> Message: 4
> Date: Tue, 1 Dec 2009 11:57:23 -0000
> From: <michael.dillon at bt.com>
> To: <ppml at arin.net>
> Subject: Re: [arin-ppml] SWIPs & IPv6
> Message-ID:
>        <
> 28E139F46D45AF49A31950F88C497458044FE712 at E03MVZ2-UKDY.domain1.systemhost.net
> >
>
> Content-Type: text/plain;       charset="us-ascii"
>
> > I suspect that with such large IPv6 allocations, the need to
> > keep SWIP/(rwhois) data up to date will diminish, severely
> > hindering folks that use SWIP data on a regular basis.
>
> I think that a good way to counter this would be to provide
> an easy to use, standard way, for providers to report this
> information. The current SWIP system is not the way forward.
>
> A better architecture would be for every provider to run
> their own server which provides an rwhois-like service to
> lookup the status of the provider's prefixes. This service
> should allow for richer information to be provided than
> just assigned/unassigned. This provides the possibilities
> for providers to cooperate under the auspices of some other
> organization like MAAWG and agree to provide each other
> certain status information. For instance they could flag
> an address as a former SPAM source that was dealt with, or
> a botnet infestation that was cleaned, or any other status
> information that is useful to share.
>
> ARIN's role would be to produce the open-source software
> package to run this service, to define a minimum set of status
> to be reported, and to provide a mirroring service. In this
> way, the ISP's responsibility is to record the status in
> their database and to make sure that their status reporting
> server has access to the database. People can then query
> the ISP's server directly, or ARIN's mirror, or a 3rd party
> mirror at their liberty.
>
> In addition to lookups, the server should provide support for
> mirroring, i.e. it should be possible to query for all updates
> since a certain time, and get a batch feed of the changes for
> the ARIN mirror.
>
> Included in the minimum status information to be reported,
> should be the identity and contact information for the people
> who are charged with managing the network which uses
> particular address range. This should never be assumed to
> be the party to whom the addresses were assigned, but should
> by default be the ISP who owns the allocation. Rather than
> overloading the existing whois data with multiple meanings,
> this new service should make a serious effort to separate
> things so that the current status of an address block is
> reported clearly and unambiguously. And the protocol used
> for this should be extensible, for instance don't use a
> yes/no value for "assigned", but use a 3 digit status code
> with value 000 meaning unused, 001 meaning assigned, and
> all the rest of the values open for definition in future.
> And don't return a single code, but return a list of codes
> so that you can have either "001," or "001,202" meaning
> assigned and blocked for non-payment. REST may be the best
> protocol to choose for this status reporting.
>
> We have the opportunity here to fix the whois system and
> replace it with something that makes sense for the long
> haul, and get rid of the legacy of identifying system
> users to justify DARPA funding.
>
> --Michael Dillon
>
>
> ------------------------------
>
> Message: 5
> Date: Tue, 1 Dec 2009 12:01:47 -0000
> From: <michael.dillon at bt.com>
> To: <ppml at arin.net>
> Subject: Re: [arin-ppml] SWIPs & IPv6
> Message-ID:
>        <
> 28E139F46D45AF49A31950F88C497458044FE731 at E03MVZ2-UKDY.domain1.systemhost.net
> >
>
> Content-Type: text/plain;       charset="us-ascii"
>
> >   While in theory resource review could be performed for any
> > reason (including lax updates to SWIP information), it has
> > been our practice to only make use of it where that the
> > community is potentially being deprived of the use of
> > numbering resources.
>
> Sounds like you are following the old maxim "You'll catch
> more flies with honey than with vinegar" and reserving the
> use of vinegar for the outrageous offenders. As it should be.
>
> I think that where there is non-compliance with ARIN
> rules, it is most often because the rules are confusing
> and the systems that one must be compliant with are
> hard to use. A better action would be to talk to people,
> find out what barriers are leading to non-compliance,
> and work to remove or minimize those barriers.
>
> --Michael Dillon
>
>
> ------------------------------
>
> Message: 6
> Date: Tue, 01 Dec 2009 08:33:01 -0800
> From: Ted Mittelstaedt <tedm at ipinc.net>
> To: Danny McPherson <danny at tcb.net>
> Cc: arin ppml <ppml at arin.net>
> Subject: Re: [arin-ppml] SWIPs & IPv6
> Message-ID: <4B15453D.2070309 at ipinc.net>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> Danny McPherson wrote:
> > I'd like to know what folks here are thinking regarding
> > IPv6 and SWIPs.  In particular, a primary driver for SWIPs
> > today is to enable justification of additional addresses
> > (when the time comes).  SWIP data is clearly invaluable to
> > network operations and security folks, as well as law
> > enforcement, when investigating or dealing with various
> > incidents (not to mention many other uses, as many of you
> > well know).
> >
> > I suspect that with such large IPv6 allocations, the need
> > to keep SWIP/(rwhois) data up to date will diminish, severely
> > hindering folks that use SWIP data on a regular basis.
> >
>
> I think it would be foolish to assume this.  You bought into
> this naieve notion that SWIP data is mainly of benefit to OTHER people,
> promulgated by all the bonehead privacy-terrorists out there who think
> that a SWIP filed on them will let the identity thieves steal
> them blind.
>
> In reality, SWIPs aren't for the rest of the Internet, they help
> make YOUR job easier.
>
> If you don't file SWIP data or run RWhois on your subnets, then
> the only SWIP
> entry that will exist for your subnet that's assigned by the RIR is
> going to be the one that the RIR inserted when they gave
> you your IPv6 assignment.  Thus, any time one of the orgs
> that you assigned subnets to goes and honks-off ME, well
> then YOU are going to get my complaint.
>
> If YOU want to waste all your time handling these complaints
> well then I don't give a rat's ass, but if you DON'T -handle- the
> complaint and your customer continues honking me off, well then I'm
> going to block YOUR ENTIRE BLOCK - because since you didn't
> file a SWIP how the hell am I going to know what part of
> your assigned numbers does this org have access to that
> is honking me off?  From my point of view, your ENTIRE block is
> suspect, not just the piece that you assigned to Wonkulating
> Gronkulators.
>
> So, for LIRS that want to pee all over themselves, well
> then don't file SWIPS.  In fact I ENCOURAGE IT STRONGLY because
> then all I have to do is null-route your ENTIRE AS, I don't even
> have to waste CPU cycles blocking just the obnoxious traffic
> from Wonkulating.
>
> >
> > If I've missed this discussion here (or in other forums)
> > references welcome, a cursory search yields nothing expressly
> > related to this topic.
> >
>
> Probably because of the same reason that a cursory search
> won't find any discussions about the pros and cons of
> staring straight into the sun for an hour at high noon.
>
> Ted
>
> > Thanks in advance,
> >
> > -danny
> >
> >
> > _______________________________________________
> > PPML
> > You are receiving this message because you are subscribed to
> > the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
> > Unsubscribe or manage your mailing list subscription at:
> > http://lists.arin.net/mailman/listinfo/arin-ppml
> > Please contact info at arin.net if you experience any issues.
>
>
>
> ------------------------------
>
> _______________________________________________
> ARIN-PPML mailing list
> ARIN-PPML at arin.net
> http://lists.arin.net/mailman/listinfo/arin-ppml
>
> End of ARIN-PPML Digest, Vol 54, Issue 1
> ****************************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.arin.net/pipermail/arin-ppml/attachments/20091201/0f0c4bf0/attachment.html>