[arin-ppml] Simplified IPv6 policy
On Wed, Dec 23, 2009 at 4:05 AM, Scott Leibrand <scottleibrand at gmail.com> wrote:
> Here's an attempt at how we might simplify IPv6 policy, incorporating many
> of the ideas we've discussed recently. It's much simpler than current
> policy, but is still quite long. It's also late, so I reserve the right to
> make mistakes, and to disagree with myself later. :-)
I think your proposal offers a major improvement on existing IPv6 policy.
Problems addressed by your proposal:
* Enables effective TE filtering where ISPs determine that
disaggregate TE is undesirable.
* Unifies ISP/end-user policy so that all organizations are treated fairly
Problems not resolved by your proposal:
* Offers no IPv6 replacement for organizations with small but valuable
server infrastructures which today multihome with either a legacy
address block or a /24 ISP cutout.
* Retains ARIN as the gatekeeper for Internet routing policy. ISPs
must accept and route all allocations, even the x-small ones, or
they'll lose access to critical infrastructure.
Some specific comments inline:
> Delete "6.1 Introduction"
> This is all historical.
> Delete "6.2 Definitions"
> The definitions we need are all defined in section 2.
> Leave 6.3 as is (renumber to 6.1)
> I think these still accurately reflect the Goals we want our policy to
Try to avoid renumbering sections. Many volumes of googleable verbiage
have been written which refer to ARIN policy by section number. These
often-useful documents can become incomprehensible when the referenced
policy number suddenly contains something entirely different.
> Move 6.4.1 to 1.1. Retitle to "Number resources not to be considered
> property" and update text per below.
> This is a principle more general than just IPv6, and needs to be updated to
> be ARIN-specific and refer to the RSA.
> Delete 6.4.2 - 6.4.4
> These principles don't seem worthy of elevation to special status.
> Replace 6.5 Policies for allocations and assignments with text below
> (renumber to 6.2)
> This seems to be where most of the changes and simplification are needed.
> Delete 6.6 References
> This is all historical, and doesn't need to be part of the NRPM.
> Delete 6.7 Appendix A: HD-Ratio
> As above, we can let the HD-Ratio guide policy without making people do the
> Delete 6.8. Appendix B: Background information
> This is all historical
> Move 6.9 and 6.10 into 184.108.40.206 below
> Replacement text:
> 1.1. Number resources not to be considered property
> It is contrary to the goals of this document and is not in the interests of
> the Internet community as a whole for address space to be considered
> freehold property.
> The policies in this document are based upon the understanding that
> globally-unique number resources are licensed for use rather than owned.
> Specifically, IP addresses and ASNs will be allocated and assigned on a
> license basis, with licenses subject to renewal on a periodic basis. The
> granting of a license is subject to specific conditions applied at the start
> or renewal of the license, as definied in the ARIN Registration Services
> Note that when a license is renewed, the new license will be evaluated under
> and governed by the applicable number resource policies in place at the time
> of renewal, which may differ from the policy in place at the time of the
> original allocation or assignment.
Good or bad, I'm not sure 1.1 is germane to the rest of the proposal.
Can it be left out without impacting the rest or does it change
> 6.2. Policies for IPv6 allocations and assignments
> 6.2.1. Allocations and assignments
> To meet the goal of Fairness, ARIN makes both allocations and assignments
> according to common criteria. Allocations are made to LIRs, and assignments
> to certain end users.
In a policy designed to enable disaggregate filtering, the distinction
between a LIR and an ISP is not technologically sound. There are no
LIRs who allocate or assign addresses to entities they don't also
supply Internet service to. I suggest replacing all instances of LIR
> 6.2.2. Assignments from LIRs/ISPs
> End-users are assigned an end site assignment from their LIR or ISP. The
> exact size of the assignment is a local decision for the LIR or ISP to make,
> using a minimum value of a /64 (when only one subnet is anticipated for the
> end site) up to the normal maximum of /48, except in cases of extra large
> end sites where a larger assignment can be justified.
> The following guidelines may be useful (but they are only guidelines):
> * /64 when it is known that one and only one subnet is needed
> * /56 for small sites, those expected to need only a few subnets over the
> next 5 years.
> * /48 for larger sites
> For end sites to whom reverse DNS will be delegated, the LIR/ISP should
> consider making an assignment on a nibble (4-bit) boundary to simplify
> reverse lookup delegation.
> ARIN is not concerned about which address size an LIR/ISP actually assigns.
> Accordingly, ARIN will not request the detailed information on IPv6 user
> networks as in IPv4, except for the purpose of measuring utilization as
> defined in this document.
> 6.2.3. Allocations and assignments from ARIN
> 220.127.116.11 Goals
> To balance the goals of Aggregation, Conservation, Fairness, and Minimized
> Overhead, ARIN normally makes allocations only in the discrete sizes of /48,
> /40, /32, /28, or /24 or larger. Each organization or discrete network may
> qualify for one allocation or assignment of each size, and must pay fees
> according to ARIN's <a
> href="https://www.arin.net/fees/fee_schedule.html">fee schedule</a>
> for each size assigned.
> 18.104.22.168 X-Small (/48)
> To qualify for a /48 allocation or assignment, an organization must:
> * Serve at least 500 hosts, if multihomed; or
> * Serve at least 1000 hosts; or
IPv6 addressing is LAN-centric rather than host-centric. Accordingly I
suggest expressing this in terms of a number of LANs served. Perhaps
50 or 100 LANs instead of 500 or 1000 hosts?
> * Demonstrate efficient utilization of all direct IPv4 assignments and
> allocations, each of which must be covered by any current ARIN RSA; or
> * Be a critical infrastructure provider of the Internet, including public
> exchange points, core DNS service providers (e.g. ICANN-sanctioned root,
> gTLD, and ccTLD operators) as well as the RIRs and IANA; or
> * Qualify for a Micro-allocations for Internal Infrastructure per
> 22.214.171.124.1 Critical Infrastructure
> Organizations qualified as critical infrastructure providers may be granted
> multiple /48 allocations in certain situations. Exchange point allocations
> MUST be allocated from specific blocks reserved only for this purpose. All
> other micro-allocations WILL be allocated out of other blocks reserved for
> micro-allocation purposes. ARIN will make a list of these blocks publicly
> available. Exchange point operators must provide justification for the
> allocation, including: connection policy, location, other participants
> (minimum of two total), ASN, and contact information. ISPs and other
> organizations receiving these micro-allocations will be charged under the
> ISP fee schedule, while end-users will be charged under the fee schedule for
> end-users. This policy does not preclude exchange point operators from
> requesting address space under other policies.
At work I operate a ground station for a satellite constellation. The
non-IP satellite devices deliver messages to the ground station which
disperses them via the Internet.
This very high value application uses 5 T1s from 5 different ISPs, a
100 meg ISP link and a 100 meg peering link. It uses only a few score
hosts and a handful of LANs.
I use an ARIN AS# to announce an IPv4 /24 cutout from an ISP block via
BGP on all the ISP and peering links. Because it's multihomed, this is
in full compliance with ARIN policy. Because it's impractical to
filter announcements /24 and shorter, it works great.
How do I get usable IPv6 addresses?
> 126.96.36.199.2 Micro-allocations for Internal Infrastructure
> Organizations that currently hold IPv6 allocations may apply for a /48
> micro-allocation for internal infrastructure. Applicant must provide
> technical justification indicating why a separate non-routed block is
> required. Justification must include why a sub-allocation of currently held
> IP space cannot be utilized. Internal infrastructure allocations must be
> allocated from specific blocks reserved only for this purpose.
> 188.8.131.52 Small (/40)
> To qualify for a /40 allocation or assignment, an organization must qualify
> for two or more /48s.
> 184.108.40.206 Medium (/32)
> To qualify for a /32 allocation or assignment, an organization must:
> * Qualify for 100 or more /48s; or
> * Be an existing, known LIR; or
> * Have a plan to provide IPv6 connectivity to other organizations and
> assign at least 100 end-site assignments to those organizations within 5
> 220.127.116.11 Large (/28)
> To qualify for a /28, an organization must demonstrate the need to make
> assignments and/or reallocations equal to at least 20,000 /48s.
Why not demonstrate that they -have made- at least 20,000 /48
assignments from their /32?
> 18.104.22.168 X-Large (/24 or larger)
> Allocations or assignments of /24 or larger may be made only in exceptional
> cases, to organizations that require more than a /28, and have submitted
> documentation that reasonably justifies the request. If approved, the
> allocation size will be based on the number of existing users and the extent
> of the organization's infrastructure.
> 6.3. Registration
> When an organization holding an IPv6 address allocation makes IPv6 address
> assignments, it must register assignment information in a database,
> accessible by RIRs as appropriate (information registered by ARIN may be
> replaced by a distributed database for registering address management
> information in future). Information is registered in units of assigned /56
> networks. When more than a /56 is assigned to an organization, the assigning
> organization is responsible for ensuring that the address space is
> registered in an ARIN database.
Might want to put some verbiage here about assignments/reallocations
to legal entities other than the registrant so that you don't have to
register internal assignments for the printer LAN.
> IRs shall maintain systems and practices that protect the security of
> personal and commercial information that is used in request evaluation, but
> which is not required for public registration.
> 6.3.1. Residential Customer Privacy (2003-3)
> To maintain the privacy of their residential customers, an organization with
> downstream residential customers may substitute that organization's name for
> the customer's name, e.g. 'Private Customer - XYZ Network', and the
> customer's street address may read 'Private Residence'. Each private
> downstream residential reassignment must have accurate upstream Abuse and
> Technical POCs visible on the WHOIS record for that block.
Is residential privacy already in effect? If not, it probably isn't
germane to the rest of the policy proposal. Potentially valuable but
better off in a separate proposal.
> 6.3.2. Reverse lookup
> When ARIN delegates IPv6 address space to an organization, it also delegates
> the responsibility to manage the reverse lookup zone that corresponds to the
> allocated IPv6 address space. Each organization should properly manage its
> reverse lookup zone. When making an address assignment, the organization
> must delegate to an assignee organization, upon request, the responsibility
> to manage the reverse lookup zone that corresponds to the assigned address.
That would be totally sweet if ISPs were required to delegate RNDS to
the customers on request. I have a long-running argument with Cox on
the subject. But is this really ARIN's job?
William D. Herrin ................ herrin at dirtside.com bill at herrin.us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004