[arin-ppml] Feedback on ARIN 53 question on micro-allocations for IXPs

Fernando Frediani fhfrediani at gmail.com
Thu Apr 18 23:31:58 EDT 2024 

On 18/04/2024 19:44, Ryan Woolley wrote:
> At ARIN 53, John Sweeting asked for clarification from the community 
> on whether an internet exchange needs IP space beyond that used for 
> the switching fabric, and whether IP allocations made to an IXP 
> operator may need to be routable. Additionally, John shared a 
> suggestion that the historical basis for maintaining a pool specific 
> to IXPs was to enable the building of filters to prevent those 
> addresses from being globally routable.
I don't see a problem they being routable as there may be infrastructure 
like Portal, Looking Glass, internal Infrastructure etc e and other 
tools that need it. In the other hand it is expected that most of the 
allocation to be used for connecting members. Issue here is where 
micro-allocations would be enough for the second case, they are not for 
the first. Another point of attention is what would the risk of abuse 
and how feasible to monitor it in order to prevent abuse if necessary.
It doesn't make total sense to me to say that a pool specific to IXPs is 
intended only to build filters to prevent those addresses from being 
globally routable as there are legitimate cases. Maybe this was 
someone's opinion on the past and not a community understanding that 
ended up being expected as such.

> Community IX operates two IXPs, FL-IX in south Florida and CIX-ATL in 
> Atlanta.  FL-IX was founded in 2015 and now connects 158 member 
> networks.  CIX-ATL began operations in 2019 and currently connects 66 
> member networks.
>
> Both IXPs have been assigned IP address space from ARIN.  Each IXP 
> uses one prefix for the member LAN, which is not announced outside of 
> our members’ networks, and a second, routed, prefix for the IXP 
> infrastructure.
Fair enough, as mentioned above. If the allocation is for allowing to 
build a IX which plays a fairly important role in this ecosystem that 
should be for whatever is needed and justifiable, and of course there 
are means to monitor and make sure one that receives such allocation 
doesn't use it otherwise.
>
> The routed prefix supports operations critical to the operation of the 
> exchange.  Our member portal, network management systems, and 
> equipment loopback addresses are, by need and design, addressed in 
> routable IP space.  For example, route servers build filters based on 
> ROAs and IRR databases, and configurations are replicated off-site.
>
> Unlike an IXP affiliated with an ISP or data center operator, we have 
> no line of business which would enable us to borrow IP space from, for 
> example, a pool maintained for allocation to IP transit customers.  
> Our transit is provided as a donation by members, who may come or go 
> as their connectivity needs require, so we cannot reasonably use 
> non-provider-independent IP space.
Even an ISP that sponsors an private for profit ISP if necessary should 
request allocation from this pool as the existence of an IXP, is still 
relevant to the Internet ecosystem, but your case is a prefect example 
of the usage of this
>
> On the second question of whether space reserved for IXP allocations 
> should be unroutable as a feature, we have not, in our years of 
> operation, encountered any issues with reachability for these 
> allocations.  If networks are building filters for this purpose, our 
> experience suggests that is not a common practice.
>
> IXPs do commonly have a desire to prevent their member LAN prefix from 
> being routable.  The current best practice is that this prefix is 
> signed in RPKI with an origin ASN of zero (as described in RFC 6483), 
> and Community IX does this for both our IXPs’ member LANs.  To the 
> extent that filtering based on IP addressing may have been 
> contemplated in the past, is it now obsoleted by RPKI.

Perfect. Well done.

Fernando

>
> Regards,
>
> Ryan Woolley
> Community IX
>
> _______________________________________________
> ARIN-PPML
> You are receiving this message because you are subscribed to
> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
> Unsubscribe or manage your mailing list subscription at:
> https://lists.arin.net/mailman/listinfo/arin-ppml
> Please contactinfo at arin.net  if you experience any issues.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20240419/d6155952/attachment.htm>

More information about the ARIN-PPML mailing list