[arin-ppml] ARIN-PPML Digest, Vol 100, Issue 2
nathalie coupet
nathaliecoupet at yahoo.com
Sat Oct 5 17:04:45 EDT 2013
Hello John,
As far as law enforcement agencies are concerned, the problem is not so much a question of depletion of the IPv4 pool but of traceability back to the attacker in case of misuse of the Internet, such as for MitMA or DDoS (many attackers of US websites being located in the APNIC/Middle East Regions). The problem is even more acute for IPv6 addresses, since blocks allocated are larger than those for IPv4.
Maybe ARIN's policy should be consistent regarding the allocation of both IPv4 and IPv6 addresses requesting that stakeholders have sufficient attachment to the region prior to receiving IP addresses from ARIN.
If we do not take into consideration security concerns into our own hands and decide for ourselves what we tolerate and what we don't, others will enact rules and procedures that might end up affecting the organization in a way that could really detrimental to business.
Nathalie Coupet
ARIN Member
________________________________
From: "arin-ppml-request at arin.net" <arin-ppml-request at arin.net>
To: arin-ppml at arin.net
Sent: Friday, October 4, 2013 7:32 PM
Subject: ARIN-PPML Digest, Vol 100, Issue 2
Send ARIN-PPML mailing list submissions to
arin-ppml at arin.net
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.arin.net/mailman/listinfo/arin-ppml
or, via email, send a message with subject or body 'help' to
arin-ppml-request at arin.net
You can reach the person managing the list at
arin-ppml-owner at arin.net
When replying, please edit your Subject line so it is more specific
than "Re: Contents of ARIN-PPML digest..."
Today's Topics:
1. Re: Draft Policy ARIN-2013-6: Allocation of IPv4 and IPv6
Address Space to Out-of-region Requestors - Revised (John Curran)
2. Out-of-region overreaction? (Frank Bulk)
3. Re: Out-of-region overreaction? (Scott Leibrand)
4. Re: Out-of-region overreaction? (Jimmy Hess)
----------------------------------------------------------------------
Message: 1
Date: Fri, 4 Oct 2013 19:55:59 +0000
From: John Curran <jcurran at arin.net>
To: Gary Buhrmaster <gary.buhrmaster at gmail.com>
Cc: "arin-ppml at arin.net" <arin-ppml at arin.net>
Subject: Re: [arin-ppml] Draft Policy ARIN-2013-6: Allocation of IPv4
and IPv6 Address Space to Out-of-region Requestors - Revised
Message-ID: <42C9B415-75DB-4AB7-955F-BD84AB9C64EC at arin.net>
Content-Type: text/plain; charset="us-ascii"
Gary -
Since June 2013, there have been 52 requests that would not have
been approved under the new policy because these organizations
had only some equipment in a data center in the ARIN region, but
either all or most of their technical infrastructure outside of the region
and most or all of their customers outside of the ARIN region.
Total amount of space issued to these 52 organizations: 9,672 /24s,
(which is a bit more than a /11 in total) and nearly all organizations were based in the APNIC region.
FYI,
/John
John Curran
President and CEO
ARIN
> On Sep 27, 2013, at 11:37 PM, John Curran <jcurran at arin.net> wrote:
>
>> On Sep 26, 2013, at 3:06 PM, Gary Buhrmaster <gary.buhrmaster at gmail.com> wrote:
>>
>>> On Thu, Sep 26, 2013 at 6:21 PM, John Curran <jcurran at arin.net> wrote:
>>> ...
>>> That is correct (and reflects current practice handling resource requests.)
>>
>> John,
>>
>> I support the policy, but I do have a few questions that
>> would help finalize my thinking (that I do not recall seeing
>> asked or answered). I understand that any answers are
>> going to be more WAGs than facts, and you may not
>> have the information or ability to provide the answers,
>> but any answers would help me (and perhaps others)
>> recognize the implications of such a change (if any)?
>> I'll accept as many additional caveats you want to add
>> to any response.
>>
>> * If this policy was in place for (say) the last year, what
>> is the order of magnitude of number of requests that
>> would have been referred to another RIR (1, 10, 100, 1000)?
>>
>> * If this policy was in place for (say) the last year, can
>> you break down the requests by the RIR that the
>> requester appeared to be have their plurality?
>>
>> * If this policy was in place for (say) the last year, what
>> is the order of magnitude of the IPv4 numbers that
>> would not have been issued by ARIN (/24 ... /8)?
>
> Gary -
>
> We're looking into your concerns, and will see whether we
> can provide any insights/WAGs can be provided regarding
> the potential impact of the policy (as compared to past
> requests.)
>
> Thanks for the thought-provoking questions!
> /John
>
> John Curran
> President and CEO
> ARIN
>
> _______________________________________________
> PPML
> You are receiving this message because you are subscribed to
> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
> Unsubscribe or manage your mailing list subscription at:
> http://lists.arin.net/mailman/listinfo/arin-ppml
> Please contact info at arin.net if you experience any issues.
------------------------------
Message: 2
Date: Fri, 4 Oct 2013 15:31:32 -0500
From: "Frank Bulk" <frnkblk at iname.com>
To: <arin-ppml at arin.net>
Subject: [arin-ppml] Out-of-region overreaction?
Message-ID: <00ef01cec140$b6ccb5e0$246621a0$@iname.com>
Content-Type: text/plain; charset="iso-8859-1"
I was requesting some ISP IPv6 space and the kindly ARIN staff posted this
in their response:
Please reply and verify that you will be using
the requested number resources within the ARIN region
and announcing all routing prefixes of the requested
space from within the ARIN region. In accordance with
section 2.2 of the NRPM, ARIN issues number resources
only for use within its region. ARIN is therefore only
able to provide for your in-region numbering needs.?
I'm familiar with the concern about out-of-region folk taking advantage of
ARIN's current IPv4 supply, but I have a few concerns about the wording of
the staff communication.
a) It's been my understanding thus far that if I'm an ISP that provides
service in multiple places around the world that I may divide my allocation
into smaller prefixes and advertise those to area peers. It seems ARIN
staff would preclude me from doing any of that. "All" is a pretty strong
word, and if ARIN really believes it, a lot of violators could be found.
b) It seems that Section 2.2 of the NRPM is being misapplied.
2.2. Regional Internet Registry (RIR)
Regional Internet Registries (RIRs) are established and
authorized by respective regional communities, and
recognized by the IANA to serve and represent large
geographical regions. The primary role of RIRs is to
manage and distribute public Internet address space
within their respective regions.
While ARIN does issue numbers within its region, section 2.2 does not say
"only for use". If an "only" had be applied, I would suggest that it's
"only manage and distribute".
If I could be so bold, I'd suggest ARIN to use language something along
these lines in their communications:
Please reply and verify that you will be using
the requested number resources primarily within the
ARIN region and announcing the majority of routing prefixes
of the requested space from within the ARIN region.
In accordance with section 2.2 of the NRPM, ARIN issues
number resources within its region.
Frank
------------------------------
Message: 3
Date: Fri, 4 Oct 2013 14:42:50 -0700
From: Scott Leibrand <scottleibrand at gmail.com>
To: Frank Bulk <frnkblk at iname.com>
Cc: ARIN-PPML List <arin-ppml at arin.net>
Subject: Re: [arin-ppml] Out-of-region overreaction?
Message-ID:
<CAGkMwz4cOch2v8M6HBw4-2N4x_QG9X5dYu8arehow1+86y9OXw at mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"
Agreed. IMO this is *not* was intended by current policy, *particularly*
IPv6 policy. If you get a /32, there's no reason you shouldn't be able to
use it globally.
Thanks for bringing this up. I think we're going to have a lively
discussion next week in Phoenix. :-)
-Scott
On Fri, Oct 4, 2013 at 1:31 PM, Frank Bulk <frnkblk at iname.com> wrote:
> I was requesting some ISP IPv6 space and the kindly ARIN staff posted this
> in their response:
>
> Please reply and verify that you will be using
> the requested number resources within the ARIN region
> and announcing all routing prefixes of the requested
> space from within the ARIN region. In accordance with
> section 2.2 of the NRPM, ARIN issues number resources
> only for use within its region. ARIN is therefore only
> able to provide for your in-region numbering needs.
>
> I'm familiar with the concern about out-of-region folk taking advantage of
> ARIN's current IPv4 supply, but I have a few concerns about the wording of
> the staff communication.
>
> a) It's been my understanding thus far that if I'm an ISP that provides
> service in multiple places around the world that I may divide my allocation
> into smaller prefixes and advertise those to area peers. It seems ARIN
> staff would preclude me from doing any of that. "All" is a pretty strong
> word, and if ARIN really believes it, a lot of violators could be found.
>
> b) It seems that Section 2.2 of the NRPM is being misapplied.
> 2.2. Regional Internet Registry (RIR)
>
> Regional Internet Registries (RIRs) are established and
> authorized by respective regional communities, and
> recognized by the IANA to serve and represent large
> geographical regions. The primary role of RIRs is to
> manage and distribute public Internet address space
> within their respective regions.
>
> While ARIN does issue numbers within its region, section 2.2 does not say
> "only for use". If an "only" had be applied, I would suggest that it's
> "only manage and distribute".
>
> If I could be so bold, I'd suggest ARIN to use language something along
> these lines in their communications:
>
> Please reply and verify that you will be using
> the requested number resources primarily within the
> ARIN region and announcing the majority of routing prefixes
> of the requested space from within the ARIN region.
> In accordance with section 2.2 of the NRPM, ARIN issues
> number resources within its region.
>
> Frank
>
> _______________________________________________
> PPML
> You are receiving this message because you are subscribed to
> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
> Unsubscribe or manage your mailing list subscription at:
> http://lists.arin.net/mailman/listinfo/arin-ppml
> Please contact info at arin.net if you experience any issues.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.arin.net/pipermail/arin-ppml/attachments/20131004/54de2c60/attachment-0001.html>
------------------------------
Message: 4
Date: Fri, 4 Oct 2013 18:25:16 -0500
From: Jimmy Hess <mysidia at gmail.com>
To: Frank Bulk <frnkblk at iname.com>
Cc: "arin-ppml at arin.net" <arin-ppml at arin.net>
Subject: Re: [arin-ppml] Out-of-region overreaction?
Message-ID:
<CAAAwwbXKQ6z47bkUtLKMZ0BK3qubpELFE=pkYdxU2DedJ4bhBg at mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"
On Fri, Oct 4, 2013 at 3:31 PM, Frank Bulk <frnkblk at iname.com> wrote:
>
> I'm familiar with the concern about out-of-region folk taking advantage of
> ARIN's current IPv4 supply, but I have a few concerns about the wording of
> the staff communication.
>
> a) It's been my understanding thus far that if I'm an ISP that provides
> service in multiple places around the world that I may divide my allocation
> into smaller prefixes and advertise those to area peers. It seems ARIN
>
No. You can subdelegate portions of your allocation to customers.
Your upstreams are not going to necessarily let you pick apart your
allocation
and advertise every /29; Although ARIN staff should have no objections
to this,
if your upstreams will allow it, and you show that to be the case.
If you are chopping up your block; you do not need a big allocation from
ARIN, though,
of sufficient size for all your regions. It only makes sense if you
intend to keep your block _whole_;
and advertise a single block in multiple regions.
If you intend to chop up your blocks anyways; then a sensible thing to do
is to obtain multiple blocks instead -- from the appropriate regions
where they will be used.
> staff would preclude me from doing any of that. "All" is a pretty strong
> word, and if ARIN really believes it, a lot of violators could be found.
>
Routing is out of scope of ARIN policy in the first place; you have an
option of
not advertising your allocation at all. You are allowed to have a
privately interconnected network
that spans regions.
ARIN staff can reject your verification justification for the allocation;
if you don't show you have an intention
to use a significant amount of resources in the ARIN region
While ARIN does issue numbers within its region, section 2.2 does not say
> "only for use". If an "only" had be applied, I would suggest that it's
> "only manage and distribute".
>
Policy does not say "only for use"; however there is not policy
specifically encouraging ARIN to recognize use outside of the ARIN region.
It is not sufficient for use to merely be "allowed"; ARIN has to have
procedures
for validating and auditing the use.
It is possible, that you may be allowed to use out of region, but not be
able to
cite your out of region networks requirements as justification for
obtaining
a larger block than if your out-of-region usage did not exist at all,
or it may not be accepted as current use to satisfy utilization requirement
for a future allocation.
> If I could be so bold, I'd suggest ARIN to use language something along
> these lines in their communications:
>
> Please reply and verify that you will be using
> the requested number resources primarily within the
> ARIN region and announcing the majority of routing prefixes
> of the requested space from within the ARIN region.
> In accordance with section 2.2 of the NRPM, ARIN issues
> number resources within its region.
>
>
This is very similar to the original quote of what they had said.......
> Frank
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.arin.net/pipermail/arin-ppml/attachments/20131004/7e771055/attachment.html>
------------------------------
_______________________________________________
ARIN-PPML mailing list
ARIN-PPML at arin.net
http://lists.arin.net/mailman/listinfo/arin-ppml
End of ARIN-PPML Digest, Vol 100, Issue 2
*****************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20131005/a6cefb7d/attachment.htm>
More information about the ARIN-PPML
mailing list