[ARIN-consult] NEW Consultation: Available Methods of Reporting Network Sub-Delegation Information

[Andrew Dul]

I'm writing to support the sunsetting of the rwhois protocol as a method
for ARIN members to document reallocation and reassignment records. 

That doesn't mean this year or next year, but I believe we should set a
timeline for deprecating this protocol.  Perhaps a date of 2022 would be
reasonable.  (Yes, some organizations will not do the work despite the 4
years of time to do it, but a shorter time frame would also be
unacceptable to some)

I have seen those who have posted on this consultation noting that
"rwhois works and isn't broken so don't fix it."  While I will agree
that it is "technically" not broken, I believe that it is operationally
broken. 

These are some of the reasons why I believe we should move on to
something better.  Any by better, I mean moving to records stored in the
ARIN database (SWIP) or RDAP.

-Rwhois doesn't support encryption or data-integrity during transport
-There is no automatic referral, so when most people query ARIN whois
they don't know there is potentially another more specific record and
even if they are aware, how to do rwhois is not "easy" for many users. 
Yes its easy for engineers and some operators, but there are many users
of "whois" data for whom this is a barrier too high.  Could we invest in
lots of training for rwhois, yes, but we will always be behind on this
as long as its not a click away for most users.
-As was noted in the most recent ARIN meeting, law enforcement agencies
use whois data as a source for their investigations and other work, and
having accurate records available on a timely basis is very important to
them.  I don't believe that rwhois data is as accessible and available
as data in the ARIN database.
-RDAP was designed with referral in mind from the ground up, so that you
get all the records no matter where they are located with a single query. 
-ARIN (in possible collaboration with other RIRS) should develop an RDAP
package for those who like to host their own,  distributed database. 
The new package should support bulk retrieval of records to assist in
data collection and analysis.  (Also it was noted in the most recent
ARIN meeting that there are differences today in how the different RIRs
are reporting fields/data via RDAP.  It would be good for the RIRs in
collaboration with each other and other organizations that want to run
RDAP servers for IP number resources to work to create a standard met of
fields which are required for IP number resource records, along with
other optional fields for additional data)

It has been noted casually that there are many rwhois servers which are
down or aren't available.  I believe this also contributes to this data
set being operationally unavailable. 

I'd like to ask if ARIN staff can confirm some of these details with
data from the ARIN's database and operational practices.  Specifically
if ARIN could provide the following details about how rwhois is being
operated today I believe it would inform the community in this
consultation process.

1) Number of orgs which have IPv4 or IPv6 resources and a rwhois record
on their org-id.
 
2) Number of IPv4 and IPv6 blocks with a rwhois server under the org-id
records
 
3) Number of /24 IPv4 equivalents covered by the above records
 
4) Number of /32 IPv6 equivalents covered by the above records
 
5) Total number of unique rwhois servers
 
6) Percent of rwhois servers which are online (complete a tcp connection
accept a string and respond with some text)
 
7) Percent of rwhois server who appear to respond with a valid record
for an address within each allocated block


Thanks,
Andrew



On 10/2/2017 8:19 AM, ARIN wrote:
>
> ARIN was previously requested via the ARIN Consultation and Suggestion
> Process (ACSP) to open a consultation to generate discussion about the
> possibility of sun-setting RWhois support by the ARIN organization.
> ARIN's initial response to the ACSP indicated we would open a
> consultation following the completion of the Registration Data Access
> Protocol (RDAP) specification inside the IETF processes. This work has
> been completed and the RFC has been published. ARIN took the
> additional step of implementing RDAP inside its own directory services
> offering with referral support to the other Regional Internet
> Registries (RIRs). With this work complete, we are following through
> with the formalized request to open a consultation on this topic.
>
> https://www.arin.net/participate/acsp/suggestions/2013-22.html
>
> In accordance with ARIN's Number Resource Policy Manual (NRPM),
> Organizations are required to report certain types of customer network
> sub-delegation information (reassignments and reallocations) to ARIN.
> Currently there are two reporting methods available. Both are
> delineated in the NRPM and supported by ARIN's production services.
> There is also a third possible method of reporting sub-delegation
> information that could be made available, but is not yet offered.
>
> Method 1: 
>
> SWIP (currently available):  The reporting of sub-delegation
> information using ARIN's database. This can be done either by
> submitting a SWIP template, interfacing with ARIN's RESTful API, or by
> creating a sub-delegation inside ARIN Online using ARIN's SWIP-EZ
> functionality. 
>
> https://www.arin.net/resources/request/reassignments.html
>
> Method 2: 
>
> RWhois (currently available):  The reporting of sub-delegation
> information on your own hosted and operated RWhois server with
> referral link information provided in ARIN Whois as part of your own
> organization's Whois records. In order for a user of ARIN's directory
> services to view sub-delegation information hosted by an RWhois
> server, they would have to submit a separate query to that RWhois
> server, and are not referred in an automated fashion.
>
> https://www.arin.net/resources/request/reassignments_rwhois.html           
>
> Method 3: 
>
> RDAP:  The five RIRs currently use RDAP for referrals to each other's
> Whois data. Although the specification language of the RDAP could
> allow it to be used as a third method for the reporting of
> sub-delegation information to ARIN, it is not currently offered as an
> option. In order to make this option available, associated registry
> software would need to be created. This possible method would allow
> users of ARIN's directory services to view sub-delegation information
> available on customer hosted RDAP servers in an automated fashion.
> This RDAP method may also be viewed as redundant to RWhois.
>
> https://tools.ietf.org/html/rfc7482
> https://www.arin.net/resources/rdap.html
>
> Options Going Forward
>
> ARIN expects to continue offering Method 1 (SWIP) into the foreseeable
> future. As previously described, we are acting on a formal suggestion
> to consult with the community about the future of RWhois support, and
> also have potential options with RDAP.
>
>   * Question (general): 
>
>
>         Of the three sub-delegation reporting methods listed (SWIP,
> RWhois, RDAP), which should ARIN support in the future?
>
>   * Question (SWIP/RESTful API specific): 
>
>
>         The existing RESTful API allows users to report (SWIP) one
> sub-delegation at a time to be added to ARIN Whois. Should    ARIN add
> bulk-upload features to the RESTful API?
>
>   * Question (RWhois specific): 
>
>
>          As noted, RWhois servers are not referred to in an automated
> fashion when users query ARIN Whois. Should ARIN   automate referrals
> to RWhois servers from ARIN's Whois service?
>
>   * Question (RDAP specific): 
>
>
>         If ARIN was to allow the reporting of network sub-delegation
> information using RDAP, associated enabling software would be
> required. Should ARIN enable this method by creating an RDAP software
> suite that would allow ARIN registrants to run         RDAP service
> locally?
>
> The feedback you provide during this consultation will help inform
> decisions about software tools and support for the reporting of
> network sub-delegation information to ARIN in the future. Thank you
> for your participation in the ARIN Consultation and Suggestion Process.
>
> Discussion on arin-consult at arin.net will close on 27 October 2017. If
> you have any questions, please contact us at info at arin.net.
>
>
> Regards,
>
>
> John Curran
> President and CEO
> American Registry for Internet Numbers (ARIN)
>
>
>
>
>
> _______________________________________________
> ARIN-Consult
> You are receiving this message because you are subscribed to the ARIN Consult Mailing
> List (ARIN-consult at arin.net).
> Unsubscribe or manage your mailing list subscription at:
> http://lists.arin.net/mailman/listinfo/arin-consult Please contact the ARIN Member Services
> Help Desk at info at arin.net if you experience any issues.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-consult/attachments/20171012/71dd85d1/attachment.html>