[arin-ppml] ARIN-PPML Digest, Vol 100, Issue 2

Skojec, Martin mskojec at virtacore.com
Sat Oct 5 17:35:04 EDT 2013


Hi Nathalie,

I appreciate your views but I don't think that the law enforcement's
insight should even be considered in this discussion.

I have no security concerns because I secure my networks.  That will not
change if it's IPv4 or IPv6.

Both ranges will be trackable so I see no reason to change things.


On Sat, Oct 5, 2013 at 5:04 PM, nathalie coupet <nathaliecoupet at yahoo.com>wrote:

> Hello John,
>
> As far as law enforcement agencies are concerned, the problem is not so
> much a question of depletion of the IPv4 pool but of traceability back to
> the attacker in case of misuse of the Internet, such as for MitMA or DDoS
> (many attackers of US websites being located in the APNIC/Middle East
> Regions). The problem is even more acute for IPv6 addresses, since blocks
> allocated are larger than those for IPv4.
> Maybe ARIN's policy should be consistent regarding the allocation of both
> IPv4 and IPv6 addresses requesting that stakeholders have sufficient
> attachment to the region prior to receiving IP addresses from ARIN.
> If we do not take into consideration security concerns into our own hands
> and decide for ourselves what we tolerate and what we don't, others will
> enact rules and procedures that might end up affecting the organization in
> a way that could really detrimental to business.
>
>
> Nathalie Coupet
> ARIN Member
>
>   ------------------------------
>  *From:* "arin-ppml-request at arin.net" <arin-ppml-request at arin.net>
> *To:* arin-ppml at arin.net
> *Sent:* Friday, October 4, 2013 7:32 PM
> *Subject:* ARIN-PPML Digest, Vol 100, Issue 2
>
> Send ARIN-PPML mailing list submissions to
>     arin-ppml at arin.net
>
> To subscribe or unsubscribe via the World Wide Web, visit
>     http://lists.arin.net/mailman/listinfo/arin-ppml
> or, via email, send a message with subject or body 'help' to
>     arin-ppml-request at arin.net
>
> You can reach the person managing the list at
>     arin-ppml-owner at arin.net
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of ARIN-PPML digest..."
>
>
> Today's Topics:
>
>   1. Re: Draft Policy ARIN-2013-6: Allocation of IPv4 and IPv6
>       Address Space to Out-of-region Requestors - Revised (John Curran)
>   2. Out-of-region overreaction? (Frank Bulk)
>   3. Re: Out-of-region overreaction? (Scott Leibrand)
>   4. Re: Out-of-region overreaction? (Jimmy Hess)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Fri, 4 Oct 2013 19:55:59 +0000
> From: John Curran <jcurran at arin.net>
> To: Gary Buhrmaster <gary.buhrmaster at gmail.com>
> Cc: "arin-ppml at arin.net" <arin-ppml at arin.net>
> Subject: Re: [arin-ppml] Draft Policy ARIN-2013-6: Allocation of IPv4
>     and IPv6 Address Space to Out-of-region Requestors - Revised
> Message-ID: <42C9B415-75DB-4AB7-955F-BD84AB9C64EC at arin.net>
> Content-Type: text/plain; charset="us-ascii"
>
> Gary -
>
> Since June 2013, there have been 52 requests that would not have
> been approved under the new policy because these organizations
> had only some equipment in a data center in the ARIN region, but
> either all or most of their technical infrastructure outside of the region
> and most or all of their customers outside of the ARIN region.
>
> Total amount of space issued to these 52 organizations:  9,672 /24s,
> (which is a bit more than a /11 in total) and nearly all organizations
> were based in the APNIC region.
>
> FYI,
> /John
>
> John Curran
> President and CEO
> ARIN
>
> > On Sep 27, 2013, at 11:37 PM, John Curran <jcurran at arin.net> wrote:
> >
> >> On Sep 26, 2013, at 3:06 PM, Gary Buhrmaster <gary.buhrmaster at gmail.com>
> wrote:
> >>
> >>> On Thu, Sep 26, 2013 at 6:21 PM, John Curran <jcurran at arin.net> wrote:
> >>> ...
> >>> That is correct (and reflects current practice handling resource
> requests.)
> >>
> >> John,
> >>
> >> I support the policy, but I do have a few questions that
> >> would help finalize my thinking (that I do not recall seeing
> >> asked or answered).  I understand that any answers are
> >> going to be more WAGs than facts, and you may not
> >> have the information or ability to provide the answers,
> >> but any answers would help me (and perhaps others)
> >> recognize the implications of such a change (if any)?
> >> I'll accept as many additional caveats you want to add
> >> to any response.
> >>
> >> * If this policy was in place for (say) the last year, what
> >> is the order of magnitude of number of requests that
> >> would have been referred to another RIR (1, 10, 100, 1000)?
> >>
> >> * If this policy was in place for (say) the last year, can
> >> you break down the requests by the RIR that the
> >> requester appeared to be have their plurality?
> >>
> >> * If this policy was in place for (say) the last year, what
> >> is the order of magnitude of the IPv4 numbers that
> >> would not have been issued by ARIN (/24 ... /8)?
> >
> > Gary -
> >
> >  We're looking into your concerns, and will see whether we
> >  can provide any insights/WAGs can be provided regarding
> >  the potential impact of the policy (as compared to past
> >  requests.)
> >
> > Thanks for the thought-provoking questions!
> > /John
> >
> > John Curran
> > President and CEO
> > ARIN
> >
> > _______________________________________________
> > PPML
> > You are receiving this message because you are subscribed to
> > the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
> > Unsubscribe or manage your mailing list subscription at:
> > http://lists.arin.net/mailman/listinfo/arin-ppml
> > Please contact info at arin.net if you experience any issues.
>
>
> ------------------------------
>
> Message: 2
> Date: Fri, 4 Oct 2013 15:31:32 -0500
> From: "Frank Bulk" <frnkblk at iname.com>
> To: <arin-ppml at arin.net>
> Subject: [arin-ppml] Out-of-region overreaction?
> Message-ID: <00ef01cec140$b6ccb5e0$246621a0$@iname.com>
> Content-Type: text/plain;    charset="iso-8859-1"
>
> I was requesting some ISP IPv6 space and the kindly ARIN staff posted this
> in their response:
>
>     Please reply and verify that you will be using
>     the requested number resources within the ARIN region
>     and announcing all routing prefixes of the requested
>     space from within the ARIN region. In accordance with
>     section 2.2 of the NRPM, ARIN issues number resources
>     only for use within its region. ARIN is therefore only
>     able to provide for your in-region numbering needs.?
>
> I'm familiar with the concern about out-of-region folk taking advantage of
> ARIN's current IPv4 supply, but I have a few concerns about the wording of
> the staff communication.
>
> a) It's been my understanding thus far that if I'm an ISP that provides
> service in multiple places around the world that I may divide my allocation
> into smaller prefixes and advertise those to area peers.  It seems ARIN
> staff would preclude me from doing any of that.  "All" is a pretty strong
> word, and if ARIN really believes it, a lot of violators could be found.
>
> b) It seems that Section 2.2 of the NRPM is being misapplied.
>     2.2. Regional Internet Registry (RIR)
>
>     Regional Internet Registries (RIRs) are established and
>     authorized by respective regional communities, and
>     recognized by the IANA to serve and represent large
>     geographical regions. The primary role of RIRs is to
>     manage and distribute public Internet address space
>     within their respective regions.
>
> While ARIN does issue numbers within its region, section 2.2 does not say
> "only for use".  If an "only" had be applied, I would suggest that it's
> "only manage and distribute".
>
> If I could be so bold, I'd suggest ARIN to use language something along
> these lines in their communications:
>
>     Please reply and verify that you will be using
>     the requested number resources primarily within the
>     ARIN region and announcing the majority of routing prefixes
>     of the requested space from within the ARIN region.
>     In accordance with section 2.2 of the NRPM, ARIN issues
>     number resources within its region.
>
> Frank
>
>
>
> ------------------------------
>
> Message: 3
> Date: Fri, 4 Oct 2013 14:42:50 -0700
> From: Scott Leibrand <scottleibrand at gmail.com>
> To: Frank Bulk <frnkblk at iname.com>
> Cc: ARIN-PPML List <arin-ppml at arin.net>
> Subject: Re: [arin-ppml] Out-of-region overreaction?
> Message-ID:
>     <CAGkMwz4cOch2v8M6HBw4-2N4x_QG9X5dYu8arehow1+86y9OXw at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Agreed.  IMO this is *not* was intended by current policy, *particularly*
> IPv6 policy.  If you get a /32, there's no reason you shouldn't be able to
> use it globally.
>
> Thanks for bringing this up.  I think we're going to have a lively
> discussion next week in Phoenix.  :-)
>
> -Scott
>
>
> On Fri, Oct 4, 2013 at 1:31 PM, Frank Bulk <frnkblk at iname.com> wrote:
>
> > I was requesting some ISP IPv6 space and the kindly ARIN staff posted
> this
> > in their response:
> >
> >        Please reply and verify that you will be using
> >        the requested number resources within the ARIN region
> >        and announcing all routing prefixes of the requested
> >        space from within the ARIN region. In accordance with
> >        section 2.2 of the NRPM, ARIN issues number resources
> >        only for use within its region. ARIN is therefore only
> >        able to provide for your in-region numbering needs.
> >
> > I'm familiar with the concern about out-of-region folk taking advantage
> of
> > ARIN's current IPv4 supply, but I have a few concerns about the wording
> of
> > the staff communication.
> >
> > a) It's been my understanding thus far that if I'm an ISP that provides
> > service in multiple places around the world that I may divide my
> allocation
> > into smaller prefixes and advertise those to area peers.  It seems ARIN
> > staff would preclude me from doing any of that.  "All" is a pretty strong
> > word, and if ARIN really believes it, a lot of violators could be found.
> >
> > b) It seems that Section 2.2 of the NRPM is being misapplied.
> >        2.2. Regional Internet Registry (RIR)
> >
> >        Regional Internet Registries (RIRs) are established and
> >        authorized by respective regional communities, and
> >        recognized by the IANA to serve and represent large
> >        geographical regions. The primary role of RIRs is to
> >        manage and distribute public Internet address space
> >        within their respective regions.
> >
> > While ARIN does issue numbers within its region, section 2.2 does not say
> > "only for use".  If an "only" had be applied, I would suggest that it's
> > "only manage and distribute".
> >
> > If I could be so bold, I'd suggest ARIN to use language something along
> > these lines in their communications:
> >
> >        Please reply and verify that you will be using
> >        the requested number resources primarily within the
> >        ARIN region and announcing the majority of routing prefixes
> >        of the requested space from within the ARIN region.
> >        In accordance with section 2.2 of the NRPM, ARIN issues
> >        number resources within its region.
> >
> > Frank
> >
> > _______________________________________________
> > PPML
> > You are receiving this message because you are subscribed to
> > the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
> > Unsubscribe or manage your mailing list subscription at:
> > http://lists.arin.net/mailman/listinfo/arin-ppml
> > Please contact info at arin.net if you experience any issues.
> >
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://lists.arin.net/pipermail/arin-ppml/attachments/20131004/54de2c60/attachment-0001.html
> >
>
> ------------------------------
>
> Message: 4
> Date: Fri, 4 Oct 2013 18:25:16 -0500
> From: Jimmy Hess <mysidia at gmail.com>
> To: Frank Bulk <frnkblk at iname.com>
> Cc: "arin-ppml at arin.net" <arin-ppml at arin.net>
> Subject: Re: [arin-ppml] Out-of-region overreaction?
> Message-ID:
>     <CAAAwwbXKQ6z47bkUtLKMZ0BK3qubpELFE=pkYdxU2DedJ4bhBg at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> On Fri, Oct 4, 2013 at 3:31 PM, Frank Bulk <frnkblk at iname.com> wrote:
>
> >
> > I'm familiar with the concern about out-of-region folk taking advantage
> of
> > ARIN's current IPv4 supply, but I have a few concerns about the wording
> of
> > the staff communication.
> >
> > a) It's been my understanding thus far that if I'm an ISP that provides
> > service in multiple places around the world that I may divide my
> allocation
> > into smaller prefixes and advertise those to area peers.  It seems ARIN
> >
>
> No.    You  can subdelegate portions of your allocation to customers.
> Your upstreams are not going to necessarily let you pick apart your
> allocation
> and advertise every /29;    Although  ARIN staff should have no objections
> to this,
> if your upstreams will allow it,  and you show that to be the case.
>
> If you are chopping up your block; you do not need a big allocation from
> ARIN, though,
> of sufficient size for all your regions.  It only makes sense if you
> intend to keep your block _whole_;
> and advertise a single block in multiple regions.
>
> If you intend to chop up your blocks anyways;  then a sensible thing to do
> is to obtain  multiple blocks instead -- from the appropriate regions
> where they will be used.
>
>
>
> > staff would preclude me from doing any of that.  "All" is a pretty strong
> > word, and if ARIN really believes it, a lot of violators could be found.
> >
>
> Routing is out of scope of ARIN policy in the first place;  you have an
> option of
> not advertising your allocation at all.    You are allowed to have a
> privately interconnected network
> that spans regions.
>
> ARIN staff can reject your verification justification for the allocation;
> if you don't show you have an intention
> to use a significant amount of resources in the ARIN region
>
> While ARIN does issue numbers within its region, section 2.2 does not say
> > "only for use".  If an "only" had be applied, I would suggest that it's
> > "only manage and distribute".
> >
>
> Policy does not say "only for use";  however there is not policy
> specifically encouraging ARIN to recognize use outside of the ARIN region.
>
> It is not sufficient for use to merely be "allowed";  ARIN has to have
> procedures
> for validating and auditing the use.
>
> It is possible, that you may be allowed to use out of region, but not be
> able to
> cite your  out of region networks requirements  as justification for
> obtaining
> a larger block  than  if your out-of-region usage  did not exist at all,
>
> or it may not be accepted as current use to satisfy utilization requirement
> for a future allocation.
>
>
> > If I could be so bold, I'd suggest ARIN to use language something along
> > these lines in their communications:
> >
> >        Please reply and verify that you will be using
> >        the requested number resources primarily within the
> >        ARIN region and announcing the majority of routing prefixes
> >        of the requested space from within the ARIN region.
> >        In accordance with section 2.2 of the NRPM, ARIN issues
> >        number resources within its region.
> >
> >
> This is very similar to  the original quote of what they had said.......
>
>
>
> > Frank
> >
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://lists.arin.net/pipermail/arin-ppml/attachments/20131004/7e771055/attachment.html
> >
>
> ------------------------------
>
> _______________________________________________
> ARIN-PPML mailing list
> ARIN-PPML at arin.net
> http://lists.arin.net/mailman/listinfo/arin-ppml
>
> End of ARIN-PPML Digest, Vol 100, Issue 2
> *****************************************
>
>
>
> _______________________________________________
> PPML
> You are receiving this message because you are subscribed to
> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
> Unsubscribe or manage your mailing list subscription at:
> http://lists.arin.net/mailman/listinfo/arin-ppml
> Please contact info at arin.net if you experience any issues.
>



-- 
Martin Skojec
Director of Engineering and Operations - Virtacore Systems Inc.
mskojec at virtacore.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20131005/930fbe3c/attachment.htm>


More information about the ARIN-PPML mailing list