[arin-ppml] ULA, GUA, NCN and the potential for abuse
owen at delong.com
Fri Mar 19 00:14:17 EDT 2010
On Mar 18, 2010, at 4:13 PM, Matthew Petach wrote:
> On Thu, Mar 18, 2010 at 2:15 PM, Owen DeLong <owen at delong.com> wrote:
>> ULA - Unique Local Addresses
>> GUA - Globally Unique Addresses
>> NCN - Non-Connected Networks
>> I'm seeing a lot of confusion and consternation about policy for these
>> Part of this comes from the fact that there are several perspectives on the
>> which are not entirely compatible. There are people who legitimately want
>> addresses for non-connected networks. In some of these cases, assigning
>> global unicast space is a fine solution, but, in some cases, there is
>> a (political/administrative/policy/human factors) reason to want space which
>> is actually well-known to be "non-routable" on the global internet.
>> Some of the people who feel the need for globally unique addresses for
>> their NCN would like to get them from ARIN, but, see the current policies
>> as a significant barrier.
>> Part of it comes from the (erroneous) perspective that receiving a prefix
>> ARIN entitles you to a slot in the "Global Routing Table". This perspective
>> creates a certain amount of fear about over-allocation/over-assignment
>> leading to an unsustainable level of growth in the routing table.
>> I think a unified solution is possible. The following steps would be
>> 1. Reduce the criteria for getting Global IPv6 Unicast space to the
>> minimum set of justified need and remove the artificial barriers
>> created to prevent routing table growth from address assignment
>> 2. Create a pool of Global IPv6 Unicast space that can be issued to
>> applicants that believe they need space which is regarded as
>> "non-routable" by community convention.
>> 3. Maintain the same qualification and assignment criteria for both
>> groups of IPv6 unicast addresses. Do not differentiate them at
>> the fee structure, either.
> I think this is going to be the biggest stumbling point.
> Today, there's no fee for a private organization to use
> RFC1918 addresses internally. If they're building
> a massive internal test network, and use most of 10/8
> to do it, but only need a /29 from their upstream ISP
> for minimal external connectivity, they don't pay ARIN
> for the ability to use 10/8 internally.
It is not my intent to supplant RFC-1918 style ULA-Random
addressing. I'm talking about the people who want
globally unique (ULA-Central style) addressing which is
currently NOT available anywhere at any cost in IPv6.
There have been proposals for it in IETF but they have not
yet gained any consensus.
> In your model, the network would now have to pay
> annual ARIN fees to use IPv6 addresses internally,
> *even* if they are never using them on the global
Not at all. They would only need to pay if they want
REGISTERED addresses. Sorry if this was not clear.
No registration service, no registration fee. Simple.
> I think the only way this model is going to work is
> if non-routed prefix blocks are fee-exempt and are
> designated as martian blocks, to be filtered by
> ISPs. Otherwise, people are going to decide that
> if they have to shell out an annual fee for getting
> legitimate space, they might as well just stake
> out a chunk of space and not tell anyone they're
> using it; and at that point, we'll be back to the
> jungle of every internal private network just picking
> a random range to squat on.
There are two types of non-routed blocks.
non-routed non-unique blocks should remain fee-free and
their use should come with an appropriate disclaimer.
non-routed guaranteed unique registered blocks should be
registered just like routed blocks and should have the same
policy and fee structure.
>> 4. Leave the determination of what actually makes it into a routing
>> table up to those who run routers and remove it entirely from
>> ARIN policy.
>> By doing this, we can meet the needs of non-connected networks that
>> require globally unique addresses and the needs of networks that
>> require globally unique addresses which are known by convention
>> to be "unroutable" as well as the more generic needs of networks
>> that are attached to the internet. It prevents abuse of "unroutable"
>> addresses in the routing system because there is no advantage
>> to this form of abuse if the policies and fee structures remain
>> identical. Growth of the routing table is limited to legitimate
>> demand and ISPs remain free to reject routes which do not meet
>> their criteria.
> I would argue just the reverse; it's likely to increase the likelihood
> of abuse of unroutable addresses, because a company that's
> paying for a block of addresses for internal use is likely to feel
> *more* justified in just announcing it out one day, because hell,
> they've been paying the 'real' address fee for it the whole time
> already. The existence of the fee structure for the addresses
> legitimizes their 'real' nature, and is likely to grease the slippery
> slope towards eventual announcement into the global table.
The thing is, that's not abuse, so long as they asked for a block
that was not tagged as "not routable by convention". However,
whether or not a service provider or the rest of the internet
chooses to accept that route is now up to the people being
asked to shoulder the burden of carrying the route instead
of being limited to a decision made by ARIN in proxy.
>> (Speaking only for himself)
> And, just so it's clear, I support the rest of your effort, and think
> it's a good idea; I simply think that your 'same fee as for real blocks'
> clause will end up elevating these blocks to the same status in
> the eyes of many of the enterprise companies that end up paying
> for the space year after year. ^_^;
Hopefully with the clarification above, it makes more sense.
More information about the ARIN-PPML