[arin-ppml] ULA, GUA, NCN and the potential for abuse

[Matthew Petach]

On Thu, Mar 18, 2010 at 2:15 PM, Owen DeLong <owen at delong.com> wrote:
> ULA - Unique Local Addresses
> GUA - Globally Unique Addresses
> NCN - Non-Connected Networks
> I'm seeing a lot of confusion and consternation about policy for these
> different
> things.
> Part of this comes from the fact that there are several perspectives on the
> issue
> which are not entirely compatible.  There are people who legitimately want
> addresses for non-connected networks. In some of these cases, assigning
> global unicast space is a fine solution, but, in some cases, there is
> actually
> a (political/administrative/policy/human factors) reason to want space which
> is actually well-known to be "non-routable" on the global internet.
> Some of the people who feel the need for globally unique addresses for
> their NCN would like to get them from ARIN, but, see the current policies
> as a significant barrier.
> Part of it comes from the (erroneous) perspective that receiving a prefix
> from
> ARIN entitles you to a slot in the "Global Routing Table".  This perspective
> creates a certain amount of fear about over-allocation/over-assignment
> leading to an unsustainable level of growth in the routing table.
> I think a unified solution is possible. The following steps would be
> required:
> 1. Reduce the criteria for getting Global IPv6 Unicast space to the
> minimum set of justified need and remove the artificial barriers
> created to prevent routing table growth from address assignment
> policy.
> 2. Create a pool of Global IPv6 Unicast space that can be issued to
> applicants that believe they need space which is regarded as
> "non-routable" by community convention.
> 3. Maintain the same qualification and assignment criteria for both
> groups of IPv6 unicast addresses. Do not differentiate them at
> the fee structure, either.

I think this is going to be the biggest stumbling point.

Today, there's no fee for a private organization to use
RFC1918 addresses internally.  If they're building
a massive internal test network, and use most of 10/8
to do it, but only need a /29 from their upstream ISP
for minimal external connectivity, they don't pay ARIN
for the ability to use 10/8 internally.

In your model, the network would now have to pay
annual ARIN fees to use IPv6 addresses internally,
*even* if they are never using them on the global
internet.

I think the only way this model is going to work is
if non-routed prefix blocks are fee-exempt and are
designated as martian blocks, to be filtered by
ISPs.  Otherwise, people are going to decide that
if they have to shell out an annual fee for getting
legitimate space, they might as well just stake
out a chunk of space and not tell anyone they're
using it; and at that point, we'll be back to the
jungle of every internal private network just picking
a random range to squat on.

> 4. Leave the determination of what actually makes it into a routing
> table up to those who run routers and remove it entirely from
> ARIN policy.
> By doing this, we can meet the needs of non-connected networks that
> require globally unique addresses and the needs of networks that
> require globally unique addresses which are known by convention
> to be "unroutable" as well as the more generic needs of networks
> that are attached to the internet.  It prevents abuse of "unroutable"
> addresses in the routing system because there is no advantage
> to this form of abuse if the policies and fee structures remain
> identical. Growth of the routing table is limited to legitimate
> demand and ISPs remain free to reject routes which do not meet
> their criteria.

I would argue just the reverse; it's likely to increase the likelihood
of abuse of unroutable addresses, because a company that's
paying for a block of addresses for internal use is likely to feel
*more* justified in just announcing it out one day, because hell,
they've been paying the 'real' address fee for it the whole time
already.  The existence of the fee structure for the addresses
legitimizes their 'real' nature, and is likely to grease the slippery
slope towards eventual announcement into the global table.

> Owen
> (Speaking only for himself)

And, just so it's clear, I support the rest of your effort, and think
it's a good idea; I simply think that your 'same fee as for real blocks'
clause will end up elevating these blocks to the same status in
the eyes of many of the enterprise companies that end up paying
for the space year after year.  ^_^;

Matt