[arin-ppml] Update: 2014-1 Out of Region Use
David Farmer
farmer at umn.edu
Fri Mar 28 13:23:02 EDT 2014
Based on the discussion at the PPC in Atlanta (link below), the
following changes are proposed.
https://www.arin.net/participate/meetings/reports/ppc_nanog60/webcast/2014-1.mov
There is a summary of the changes and a red-lined version of the policy
text with new and deleted text highlighted following the complete Draft
Policy.
----
Draft Policy ARIN-2014-1
Out of Region Use
Date: 28 March 2014
Problem statement:
Current policy neither clearly forbids nor clearly permits out or region
use of ARIN registered resources. This has created confusion and
controversy within the ARIN community for some time. Earlier work on
this issue has explored several options to restrict or otherwise limit
out of region use. None of these options have gained consensus within
the community. The next logical option is to discuss a proposal that
clearly permits out of region use without limits, beyond those already
existing in policy.
Permitting out of region use, however, poses issues that have to be
addressed by policy and adjustments to operational practice. Out of
region use needs a clear definition and any operational practices based
on that definition must not be unnecessarily burdensome. It is
significantly more difficult and costly for ARIN Staff to independently
verify the justification and utilization of resources that are
reassigned or otherwise used outside of the ARIN service region. There
needs to be recognition of this difference in policy and associated
operational practices, especially the cost differential when there is
more than an incidental amount of out of region use.
Policy statement:
Create new Section X;
X. Out of Region Use
ARIN registered resources may be used outside the ARIN service region
and such use is valid justification for new or additional resources.
Resources are considered to be used outside the region if the user or
customer service address or the technical infrastructure address, such
as the point of presence (POP), data center, or other similar location,
are outside the ARIN service region.
There is a general presumption that requesting resources from ARIN for
use within another RIR's service region duplicates any resources held by
the organization with that other RIR. Therefore, the organization
should, not hold any resources with the other RIR, or demonstrate that
all such resources held are utilized based on ARIN policy requirements,
or provide an operational justification clarifying how the resources
from ARIN will not duplicate any underutilized resources held with the
other RIR.
Only the utilization rate of ARIN registered resources or immediate need
may be use to determine a valid request size beyond the applicable
minimum allocation size. The utilization rate of resources received
from another RIR is not applicable in determining a valid request size.
X.1 Verification of Out of Region Use
The utilization of all ARIN registered resources must be verified when
evaluating a request for additional resources or during a resource
review, including any resources used outside the ARIN service region.
All ARIN registered resources used outside the region must be verified
to no less than an equivalent standard as resources used within the ARIN
region. To this end ARIN, in its sole discretion, may engage independent
external entities to assist it in the verification of information
related to any resources used outside the region.
X.2 Reporting Resources Held with other RIRs
Except to the extent that incidental use, multi-instance use, or the
critical infrastructure criteria described below apply, when out of
region need is used to justify a request for resources from ARIN; The
requesting organization will also report to ARIN the utilization status,
based on applicable ARIN policy, of all resources it holds with the RIRs
who's service regions the need justifying a request to ARIN is within,
and any additional supporting documentation requested by ARIN regarding
these reported resource.
X.3 Incidental Use
Out of region use of ARIN registered resources by an organization that
totals less than an equivalent of a /20 of IPv4, a /36 of IPv6, and two
(2) ASNs within each of the other RIR's service regions are considered
incidental use and as such are accounted for as if used within the ARIN
service region.
X.4 Multi-Instance Use
Any resources used simultaneously in multiple locations, such as an
anycast prefix or ASN, are considered as used within the ARIN service
region, provided at least one instance is located within the region,
regardless of how many other instances are located outside the region.
X.5 Critical Infrastructure
Resources justified through ARIN critical infrastructure policies are
accounted for as if used within the ARIN service region, regardless of
their actual location of use.
Comments:
a. Timetable for implementation: Immediate
b. Anything else
Current policy is ambiguous on the issue of out of region use of ARIN
registered resources. The only guidance on the issue in current policy
is in Section 2.2, that defines the term RIR; "... The primary role of
RIRs is to manage and distribute public Internet address space within
their respective regions." Some in the community believe this means out
of region use should be at least limited or restricted while others
believe this is only intended to focus efforts within the region and not
define where resources may be used.
Several other policy proposals have explored restricting or otherwise
limiting out of region use. None of these proposals gained consensus
within the ARIN community. During the latest of these proposals,
ARIN-2013-6, several standards were explored, a majority of use within
region, a plurality of use within region, and some discussion of a
minimum of 20 percent use within region. It was felt that each of these
standards would interfered, to one extent or another, with the
legitimate operations of multi- or trans-regional networks.
Section 2.2 tells us, the primary purpose of the RIRs are to manage and
distribute resources within their regions. None the less, there have
always been networks that don't neatly fit within the regions created by
the RIR system. These legitimate trans-regional networks are operated by
international businesses or global service providers, many of which are
based within the ARIN region. Prior to IPv4 run-out, many of these
trans-regional networks requested resources from ARIN for use both
inside or outside the region, as long as the requests were justified by
need.
As a result of IPv4 run-out, many in the community want to restrict out
of region use to prevent ARIN resources from going to networks without a
real technical presence in the ARIN region. However, any attempt to
limit or restrict such out of region use inevitably will affect these
legitimate trans-regional networks. Further, even the most restrictive
regional use requirements will not significantly prolong the
availability of IPv4 resources within the ARIN region. Therefore,
attempting to restrict or limit out of region use of resources, even if
it were for IPv4 only, is ineffective, inefficient, and overly
burdensome to important elements of the global Internet.
The major concept behind this proposal is to allow out of region use
without any limits, other than those already in policy, but bring an
economic and reporting factors to play on the issue. It requires ARIN to
verify out of region use of ARIN registered resources to no less than an
equivalent standard as in region use, and enables ARIN to engage
external entities to assist in this verification. It is expected ARIN
will have agreements with all such external entities to ensure the
confidentiality of all supporting documentation is preserved.
ARIN engaging external entities to assist in verification of out of
region use is mostly an ARIN business issue, and not primarily a policy
issue. However, today there is a general assumption that such
verification for in region use is done almost exclusively in house at
ARIN. Making this issue clear in policy follows a principle of least
surprise, as the use of such external entities is likely to be
frequently necessary to verify out of region use, especially in parts of
the world where English is not the primary language. Or put another way,
use of an external entity when verifying out of region use is more
likely to be the rule rather than an exception.
When resources are requested for out of region use an organization also
needs to report the utilization status of all resources it holds with
the RIRs for the regions that the requested need is within. This is to
ensure there are not underutilized resources held with another RIR that
would contradict the justified need for resources from ARIN.
There are additional expenses and complexity involved in verifying out
of region use, as a result of language and logistical barriers that the
regionality of the RIR system was originally conceived to mitigate.
In addition, evaluating the reported information about resources held
with other RIRs, needed to ensure ARIN resources are not duplicating
resources held with outer RIRs, increase staff's burden related to out
of region use. Furthermore, section 2.2 is clear that providing
resources for out of region use is, at best, only a secondary role for
ARIN. As a result, out of region use should not significantly burden the
primary role of providing resources for use within the region. These
factors justify a recommendation to the Board of Trusties to create a
separate fee structure for out of region use, creating the
aforementioned economic factor.
This economic factor and the recommendation for a separate fee
structure, are again mostly ARIN business issues, and not part of policy
in general. However, this is one of those instances where policies and
fees are intertwined.
It seems reasonable that this economic factor should be applied only to
those that make substantial use of ARIN registered resources outside the
region, and not to those that primarily use resources within the region.
This proposal defines incidental out of region use, to ensure that
trivial, insignificant or otherwise incidental use are exempt from the
discussed economic factor, the reporting of resources help with other
RIRs as well, and are accounted for as if used within the region.
Some amount of out of region use should be considered normal even for a
network primarily based within the ARIN region. For example, numbering a
global backbone that provides global access necessary for in region
customers. Also, the other RIRs have minimum requirements to justify an
initial allocation or assignment, similar to ARIN. These and other
examples and issues, justify allowing some minimal amount of out of
region use to be accounted for as if it were in region use. The
currently proposed policy statement, X.3, defines incidental use in
terms of an absolute thresholds for each type of resource.
Another option would be a percentage based threshold, say 20%. However,
a percentage based threshold has the disadvantage that even a minimal
change in usage can cause the ratio between in region and out of region
use to change, potentially causing an oscillation around this threshold.
This creates significant uncertainty for organizations as to if the
discussed economic factor will apply to them, or not. Where as once an
absolute threshold has been crossed by a significant amount, it is
highly unlikely that any additional changes in usage will cause an
oscillation around the threshold, providing much more certainty for most
organizations.
Additionally, the proposal deals with a couple special cases in X.4 and
X.5. Due to the relatively small resource impact and high importance to
overall Internet stability; resources for critical infrastructure are
accounted for as if used within the region. Anycast prefixes, and other
resources used simultaneously in multiple locations, are considered as
used outside the region only when they are exclusively used outside the
region. Or put another way, as long as at least one instance is located
within the region, they are considered used within the region,
regardless of how many other instances are located outside the region.
Both of these special cases have an overall positive impact on the
Internet and should not be discouraged in anyway by this policy, lumping
them in with general out of region use could be a disservice to the
Internet and unnecessarily burdensome.
The intent of allowing an operational justification to clarify how
resources received from ARIN will not duplicate any underutilized
resources held with another RIR is to account for situations like; It
may be necessary to use resources from another RIR to meet legal or
regulatory requirements, or prevailing operational expectations, in some
economies around the world. In such cases it is justified to also
receive minimal resources from another RIR for use only in those
economies. And using resources received from ARIN for the rest of a
global network.
In summary, this proposal ensures that global organizations or global
service providers base within the ARIN region may receive resources to
operate their global network solely from ARIN, if they wish to do so. As
long as the utilization of the out of region resources are verified to
no less than an equivalent standard as in region resources and any
additional reporting requirements are also meet. This is particularly
important for IPv6; requiring organizations get IPv6 resources from
multiple RIRs, or even making it appear that they should, will result in
additional unique non-aggregatable prefixes within the IPv6 route table,
rather than minimizing them, which one of the policy objectives for IPv6.
Finally, a separate but somewhat related issue; regardless of where ARIN
registered resources are used, inside or outside of the ARIN service
region, organizations must first qualify to receive resources from ARIN.
ARIN's current operational practice is that an organization must be
formed within the ARIN service region in order to qualify to receive any
resources from ARIN. The issue of who should be eligible to receive
resources was commingled with out of region use in ARIN-2013-6. It was
felt these issues should be considered separately. Therefore, the issue
of who should be eligible to receive resources is purposefully not dealt
with by this proposal, and if any changes are necessary there should be
separate policy proposals to deal with this issue independently.
----
Summary of Changes;
- Clarified out of region use is valid justification for both *new* or
additional resources.
- Eliminated "user or customer billing address" from definition for out
of region use, and change the items left to sentence from, instead of
list form.
- Added that there is a general presumption that requesting resources
from ARIN for use within another RIR's service region duplicates any
resources held by the organization with that other RIR.
- Made it clear that only the utilization rate of ARIN resources or
immediate need are used to determine the valid request size.
- New sections X.2 "Reporting Resources Held with other RIRs," this new
section is intended to have organizations report the utilization of
their resources, based on ARIN Policy, for the other RIRs where they are
requesting ARIN resources for. Except to the extent incidental use,
multi-instance use, or critical infrastructure clauses apply.
- Changed incidental use to be on a per other RIR region basis to
simplify the determination of if the Reporting Resources Held with other
RIRs applies.
- Changed multi-instance use to use "at least one instance is located
within the region" language.
- Updated the comments section to account for the above changes.
----
Here is an annotated version of the policy text
_
Deleted Text_
New Text
Retained Text
X. Out of Region Use
ARIN registered resources may be used outside the ARIN service region
and such use is valid justification for new or additional resources.
Resources are considered to be used outside the region if _any of the
following are located outside the region. A. The user or customer
billing address B._ the user or customer service address or _C._ the
technical infrastructure address, such as the point of presence (POP),
data center, or other similar location, are outside the ARIN service region.
There is a general presumption that requesting resources from ARIN for
use within another RIR's service region duplicates any resources held by
the organization with that other RIR. Therefore, the organization
should, not hold any resources with the other RIR, or demonstrate that
all such resources held are utilized based on ARIN policy requirements,
or provide an operational justification clarifying how the resources
from ARIN will not duplicate any underutilized resources held with the
other RIR.
Only the utilization rate of ARIN registered resources or immediate need
may be use to determine a valid request size beyond the applicable
minimum allocation size. The utilization rate of resources received
from another RIR is not applicable in determining a valid request size.
X.1 Verification of Out of Region Use
The utilization of all ARIN registered resources must be verified when
evaluating a request for additional resources or during a resource
review, including any resources used outside the ARIN service region.
All ARIN registered resources used outside the region must be verified
to no less than an equivalent standard as resources used within the ARIN
region. To this end ARIN, in its sole discretion, may engage independent
external entities to assist it in the verification of information
related to any resources used outside the region.
X.2 Reporting Resources Held with other RIRs
Except to the extent that incidental use, multi-instance use, or the
critical infrastructure criteria described below apply, when out of
region need is used to justify a request for resources from ARIN; The
requesting organization will also report to ARIN the utilization status,
based on applicable ARIN policy, of all resources it holds with the RIRs
who's service regions the need justifying a request to ARIN is within,
and any additional supporting documentation requested by ARIN regarding
these reported resource.
X._2_3 Incidental Use
Out of region use of ARIN registered resources by an organization that
totals less than an equivalent of a /20 of IPv4, a /36 of IPv6, and two
(2) _10 _ASNs within each of the other RIR's service regions are
considered incidental use and as such are accounted for as if used
within the ARIN service region.
X.4 Multi-Instance Use
Any resources used simultaneously in multiple locations, such as an
anycast prefix or ASN, are _accounted for as used outside the region,
only if they are exclusively used outside the region._considered as used
within the ARIN service region, provided at least one instance is
located within the region, regardless of how many other instances are
located outside the region.
X._3_5 Critical Infrastructure
Resources justified through ARIN critical infrastructure policies are
accounted for as if used within the ARIN service region, regardless of
their actual location of use.
--
================================================
David Farmer Email: farmer at umn.edu
Office of Information Technology
University of Minnesota
2218 University Ave SE Phone: 1-612-626-0815
Minneapolis, MN 55414-3029 Cell: 1-612-812-9952
================================================
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20140328/a24f1f8e/attachment.htm>
More information about the ARIN-PPML
mailing list