Consultation Now Open on the Future of ARIN’s IRR
Job Snijders
job at fastly.com
Mon Feb 8 11:34:32 EST 2021
Dear ARIN, global community,
I object to the proposal to discontinue RIPE-NONAUTH. I propose an
alternative course of action.
The function of the ARIN-NONAUTH primarily appears to to serve holders
of Internet Number Resources which pre-date ARIN (so-called 'legacy
holders'). Expectations have been set by ARIN through the concept of
'grandparenting' that for example Reverse DNS works in some capacity,
and a degree of IRR service.
The ARIN-NONAUTH registry since the ARIN/ARIN-NONAUT split is fairly
harmless (either for users with a presence expressed in the registry, or
for consumers of the ARIN-NONAUTH data), and clearly benefits a
(perhaps somewhwat under-represented) group of stakeholders.
My proposal is that ARIN works to apply the 'RIPE-731' cleanup mechanism
to ARIN-NONAUTH. This can be accomplished by enabling the 'RPKI aware
mode' in IRRd v4: https://irrd.readthedocs.io/en/stable/admins/rpki/#enabling-rpki-aware-mode
Enabling the feature should be fairly straightforward for ARIN (as in,
minimal cost and minimal burden, existing open source software can be
used).
The big advantage of RIPE-731 style IRR object filtering is that any RSA
/ LRSA / global RPKI-capable holders of INRs can ensure the ARIN-NONAUTH
database does not contain conflicting information (simply by publishing
RPKI ROAs, allowing a graceful path towards obsolence (aka let the thing
die out on its own over time)
My fear is that discontinuation of the ARIN-NONAUTH service at this
point in time (or in September 2021) will have adverse negative effects
on the global routing system, which are easily avoided by taking a few
intermediate steps (such as RPKI-aware mode on the ARIN-NONAUTH DB).
Many considerations that applied to the RIPE / RIPE-NONAUTH split and
subsequent continuation of RIPE-NONAUTH also apply to ARIN-NONAUTH. It
is not the right time yet.
If ARIN for one reason or another cannot become a RPKI Relying Party of
the other Trust Anchors (AFRINIC, APNIC, LACNIC, and RIPE NCC), I
propose the service is just left 'as-is', and we revisit this topic in
June 2022.
Kind regards,
Job Snijders
On Mon, Feb 08, 2021 at 03:57:11PM +0000, John Curran wrote:
> From: ARIN <info at arin.net>
> Subject: [arin-announce] Consultation Now Open on the Future of ARIN’s IRR
> Date: 8 February 2021 at 10:46:18 AM EST
> To: arin-announce at arin.net
>
> ARIN has been engaged in a multi-year project to create and deploy a
> new and improved Internet Routing Registry (IRR). On 10 June 2020
> (https://www.arin.net/announcements/20200610-irr/), we launched
> IRR-online, an authenticated and web-based service designed to make it
> simple for users to publish routing information via ARIN’s website. At
> that time, the existing IRR-email system was temporarily left in place
> to allow organizations to continue using email-based updates to
> publish routing information (in the ARIN-NONAUTH data stream).
>
> On 1 February 2021 (https://www.arin.net/announcements/20210201-rn/),
> we deployed a RESTful API to provide a way to securely automate
> updates to objects in ARIN’s authenticated IRR service.
>
> With the availability of automation for ARIN’s new IRR system, we
> intend to retire ARIN’s previous non-authenticated, email-based IRR
> service at the end of September 2021. We are providing advance notice
> of this plan so that organizations using the non-authenticated and
> email-based IRR will have time to switch publication of their routing
> registry information to a more current solution. Similarly, by
> establishing a firm end date for the non-authenticated and email-based
> IRR, organizations making use of the outdated and non-authenticated
> IRR data stream can be ready for when ARIN ceases publishing the
> ARIN-NONAUTH data stream.
>
> The authenticated IRR is available to all ARIN resource holders that
> have resources covered by a signed Registration Services Agreement
> (RSA) or Legacy Registration Services Agreement (LRSA). Organizations
> with resources not currently under an RSA/LRSA that wish to use the
> authenticated IRR may contact ARIN’s Registration Services Department
> for assistance with bringing those registrations under an RSA/LRSA.
>
> We recognize that this change will have significant impacts on our
> customers and, as always, we’re interested in your feedback regarding
> this proposed transition. In particular, we would appreciate hearing
> from the ARIN community regarding these aspects of the proposed
> transition:
>
> 1. For those using ARIN’s email-based and non-authenticated IRR
> system, does the proposed shutdown date of 30 September 2021 provide
> sufficient time for migration to another IRR system?
>
> 2. For those making use of the ARIN-NONAUTH data stream, is there any
> reason to provide this information beyond the system shutdown date?
>
> The community feedback provided during this consultation will help
> inform how we move forward. Please provide comments to
> arin-consult at arin.net. You can subscribe to this mailing list at:
>
> http://lists.arin.net/mailman/listinfo/arin-consult
>
> This consultation will remain open through 5:00 PM ET on Monday, 8 March.
>
> Regards,
>
> John Curran
> President and CEO
> American Registry for Internet Numbers (ARIN)
More information about the ARIN-consult
mailing list