[arin-ppml] ARIN-2011-5: Shared Transition Space for IPv4 Address Extension - Last Call

Ray Hunter v6ops at globis.net
Fri Apr 29 13:48:18 EDT 2011 

nonsupport.

My view is that this proposal as it stands is a rushed and badly thought 
out policy, and I cannot support it in its current form.

Why act now?

The main justification for acting now seems to be that the original 
author of the proposal 
http://tools.ietf.org/html/draft-shirasaki-isp-shared-addr-01 suggested 
that a /10 is required to cover the needs of large ISPs, whilst it is 
unlikely that it will be possible for ARIN to allocate a /10 in the near 
future. The proposal has also been "shopped around" since 2009 to try to 
find someone willing to accept it.

Meanwhile new entrants to the ISP market are effectively shut out, due 
to the "last /8" allocation policy for IPv4 addresses coming into effect 
in the ARIN region.

Allocating a further /10 will probably suit large existing players, but 
would deprive a potential new market entrant (who may be more willing to 
deploy IPv6) from a significant number of IPv4 addresses.

I therefore think there needs to be some more justification of the need 
to allocate this significant number of addresses now, as opposed to 
eeking out the existing IPv4 space for as long as possible.




What is the operational experience with RFC1918?

RFC1918 addresses required special treatment in many systems, which had 
a large knock on effect on ancillary applications and code e.g. network 
provisioning systems, route filters, address filters, network intrusion 
detection, traffic counters and classification, WAN acceleration, 
application level proxies, network management systems, reverse DNS 
resolution, policy based routing, DHCP servers, IP space allocation and 
management applications, programmes that parse traceroute output  etc.

RFC1918 is even used by some applications, protocols, and transition 
mechanisms to detect whether they are connected to the public internet 
or not [e.g. Windows Teredo]

The operational experience with RFC1918 showed that it had far more, and 
far wider reaching effects, than anyone thought at the time it was adopted.


What Question Remain Unanswered About the new /10?

Adding a new "class" of addresses: the shared inter-ISP address space, 
potentially adds a whole new level of complexity.

There is also no clear definition of what constitutes a "service provider."
There is no clear definition of "acceptable use" in the proposed policy.

Would it be acceptable for a hosting provider to deploy such address on 
their internal infrastructure, which is then connected to an ISP?
Is an outsourcer/ASP also a "Service Provider"?
What if a customer contracts multiple Service Providers?
Would it be acceptable to allocate these addresses to end hosts that 
only connected to other systems within the organisation?
Would it be acceptable for a reseller to employ such addresses on their 
internal infrastructure?
Would these /10 addresses be used instead of new globally unique address 
allocations?
Is there any penalty clause/incentive for moving to the new /10 scheme?
Would an ISP be required to renumber ALL existing IPv4 internal links 
into this new space to free up existing globally unique addresses for 
alternate use?



Faulty Base Rationale?

The base rationale includes avoiding preventing RFC1918 style address 
conflicts.
Quote "therefore to prevent address conflicts, new address space is 
needed."

Why do people believe that this new /10 allocation will solve the issue 
of address conflicts?

Allocating this new space as per the proposed policy will NOT on its own 
prevent future address conflicts, as there is no global coordination of 
the use of the new /10 address space. The problem is not solved, it is 
merely deferred.

What if service provider 1 and service provider 2 merge?
Are these addresses allowed to be routed into customer networks?
What if the customer connects to multiple Service Providers?
What if the customer changes ISP?
What is the impact of a tier two provider implementing CGN with this new 
/10 range, who then connects via a tier one provider who also implements 
CGN also with the same /10 range?


If NAT444 is the solution, it should also work in the situation where 
there are RFC1918 address conflicts, because the new /10 allocation will 
also give rise to those very same address conflicts at some time or 
another if ARIN proceeds as per the current policy.

Otherwise I think that you need to seriously rethink how the /10 is 
going to be allocated and managed, because it is not well-defined in 
this proposal.



Has There Been Sufficient Study on the Likely Knock-on Effects?

The introduction of NAT444 will be the first time that NAT has been 
deployed within the Internet cloud, and the first time that NAT has been 
deployed that is not under the direct control of the end user. I do not 
believe that the operational impact of this and related issues have been 
fully investigated yet.

Has there been any impact analysis on the likely knock-on affects of 
this new /10 allocation?

It's also very unclear how this allocation, if ever, will be undone, 
potentially leaving a nasty legacy.

What modifications would be necessary to existing code to handle the new 
address class?
What BGP/AS routing policy updates are required?



My gut feeling says that this time and effort would be better spent 
deploying native IPv6 protocols.

Best regards and the best of luck in taking the correct policy decision.

RayH
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20110429/78856f89/attachment.htm>

More information about the ARIN-PPML mailing list