[arin-ppml] ARIN-PPML Digest, Vol 100, Issue 2
Skojec, Martin
mskojec at virtacore.com
Sat Oct 5 17:35:04 EDT 2013
Hi Nathalie,
I appreciate your views but I don't think that the law enforcement's
insight should even be considered in this discussion.
I have no security concerns because I secure my networks. That will not
change if it's IPv4 or IPv6.
Both ranges will be trackable so I see no reason to change things.
On Sat, Oct 5, 2013 at 5:04 PM, nathalie coupet <nathaliecoupet at yahoo.com>wrote:
> Hello John,
>
> As far as law enforcement agencies are concerned, the problem is not so
> much a question of depletion of the IPv4 pool but of traceability back to
> the attacker in case of misuse of the Internet, such as for MitMA or DDoS
> (many attackers of US websites being located in the APNIC/Middle East
> Regions). The problem is even more acute for IPv6 addresses, since blocks
> allocated are larger than those for IPv4.
> Maybe ARIN's policy should be consistent regarding the allocation of both
> IPv4 and IPv6 addresses requesting that stakeholders have sufficient
> attachment to the region prior to receiving IP addresses from ARIN.
> If we do not take into consideration security concerns into our own hands
> and decide for ourselves what we tolerate and what we don't, others will
> enact rules and procedures that might end up affecting the organization in
> a way that could really detrimental to business.
>
>
> Nathalie Coupet
> ARIN Member
>
> ------------------------------
> *From:* "arin-ppml-request at arin.net" <arin-ppml-request at arin.net>
> *To:* arin-ppml at arin.net
> *Sent:* Friday, October 4, 2013 7:32 PM
> *Subject:* ARIN-PPML Digest, Vol 100, Issue 2
>
> Send ARIN-PPML mailing list submissions to
> arin-ppml at arin.net
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://lists.arin.net/mailman/listinfo/arin-ppml
> or, via email, send a message with subject or body 'help' to
> arin-ppml-request at arin.net
>
> You can reach the person managing the list at
> arin-ppml-owner at arin.net
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of ARIN-PPML digest..."
>
>
> Today's Topics:
>
> 1. Re: Draft Policy ARIN-2013-6: Allocation of IPv4 and IPv6
> Address Space to Out-of-region Requestors - Revised (John Curran)
> 2. Out-of-region overreaction? (Frank Bulk)
> 3. Re: Out-of-region overreaction? (Scott Leibrand)
> 4. Re: Out-of-region overreaction? (Jimmy Hess)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Fri, 4 Oct 2013 19:55:59 +0000
> From: John Curran <jcurran at arin.net>
> To: Gary Buhrmaster <gary.buhrmaster at gmail.com>
> Cc: "arin-ppml at arin.net" <arin-ppml at arin.net>
> Subject: Re: [arin-ppml] Draft Policy ARIN-2013-6: Allocation of IPv4
> and IPv6 Address Space to Out-of-region Requestors - Revised
> Message-ID: <42C9B415-75DB-4AB7-955F-BD84AB9C64EC at arin.net>
> Content-Type: text/plain; charset="us-ascii"
>
> Gary -
>
> Since June 2013, there have been 52 requests that would not have
> been approved under the new policy because these organizations
> had only some equipment in a data center in the ARIN region, but
> either all or most of their technical infrastructure outside of the region
> and most or all of their customers outside of the ARIN region.
>
> Total amount of space issued to these 52 organizations: 9,672 /24s,
> (which is a bit more than a /11 in total) and nearly all organizations
> were based in the APNIC region.
>
> FYI,
> /John
>
> John Curran
> President and CEO
> ARIN
>
> > On Sep 27, 2013, at 11:37 PM, John Curran <jcurran at arin.net> wrote:
> >
> >> On Sep 26, 2013, at 3:06 PM, Gary Buhrmaster <gary.buhrmaster at gmail.com>
> wrote:
> >>
> >>> On Thu, Sep 26, 2013 at 6:21 PM, John Curran <jcurran at arin.net> wrote:
> >>> ...
> >>> That is correct (and reflects current practice handling resource
> requests.)
> >>
> >> John,
> >>
> >> I support the policy, but I do have a few questions that
> >> would help finalize my thinking (that I do not recall seeing
> >> asked or answered). I understand that any answers are
> >> going to be more WAGs than facts, and you may not
> >> have the information or ability to provide the answers,
> >> but any answers would help me (and perhaps others)
> >> recognize the implications of such a change (if any)?
> >> I'll accept as many additional caveats you want to add
> >> to any response.
> >>
> >> * If this policy was in place for (say) the last year, what
> >> is the order of magnitude of number of requests that
> >> would have been referred to another RIR (1, 10, 100, 1000)?
> >>
> >> * If this policy was in place for (say) the last year, can
> >> you break down the requests by the RIR that the
> >> requester appeared to be have their plurality?
> >>
> >> * If this policy was in place for (say) the last year, what
> >> is the order of magnitude of the IPv4 numbers that
> >> would not have been issued by ARIN (/24 ... /8)?
> >
> > Gary -
> >
> > We're looking into your concerns, and will see whether we
> > can provide any insights/WAGs can be provided regarding
> > the potential impact of the policy (as compared to past
> > requests.)
> >
> > Thanks for the thought-provoking questions!
> > /John
> >
> > John Curran
> > President and CEO
> > ARIN
> >
> > _______________________________________________
> > PPML
> > You are receiving this message because you are subscribed to
> > the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
> > Unsubscribe or manage your mailing list subscription at:
> > http://lists.arin.net/mailman/listinfo/arin-ppml
> > Please contact info at arin.net if you experience any issues.
>
>
> ------------------------------
>
> Message: 2
> Date: Fri, 4 Oct 2013 15:31:32 -0500
> From: "Frank Bulk" <frnkblk at iname.com>
> To: <arin-ppml at arin.net>
> Subject: [arin-ppml] Out-of-region overreaction?
> Message-ID: <00ef01cec140$b6ccb5e0$246621a0$@iname.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> I was requesting some ISP IPv6 space and the kindly ARIN staff posted this
> in their response:
>
> Please reply and verify that you will be using
> the requested number resources within the ARIN region
> and announcing all routing prefixes of the requested
> space from within the ARIN region. In accordance with
> section 2.2 of the NRPM, ARIN issues number resources
> only for use within its region. ARIN is therefore only
> able to provide for your in-region numbering needs.?
>
> I'm familiar with the concern about out-of-region folk taking advantage of
> ARIN's current IPv4 supply, but I have a few concerns about the wording of
> the staff communication.
>
> a) It's been my understanding thus far that if I'm an ISP that provides
> service in multiple places around the world that I may divide my allocation
> into smaller prefixes and advertise those to area peers. It seems ARIN
> staff would preclude me from doing any of that. "All" is a pretty strong
> word, and if ARIN really believes it, a lot of violators could be found.
>
> b) It seems that Section 2.2 of the NRPM is being misapplied.
> 2.2. Regional Internet Registry (RIR)
>
> Regional Internet Registries (RIRs) are established and
> authorized by respective regional communities, and
> recognized by the IANA to serve and represent large
> geographical regions. The primary role of RIRs is to
> manage and distribute public Internet address space
> within their respective regions.
>
> While ARIN does issue numbers within its region, section 2.2 does not say
> "only for use". If an "only" had be applied, I would suggest that it's
> "only manage and distribute".
>
> If I could be so bold, I'd suggest ARIN to use language something along
> these lines in their communications:
>
> Please reply and verify that you will be using
> the requested number resources primarily within the
> ARIN region and announcing the majority of routing prefixes
> of the requested space from within the ARIN region.
> In accordance with section 2.2 of the NRPM, ARIN issues
> number resources within its region.
>
> Frank
>
>
>
> ------------------------------
>
> Message: 3
> Date: Fri, 4 Oct 2013 14:42:50 -0700
> From: Scott Leibrand <scottleibrand at gmail.com>
> To: Frank Bulk <frnkblk at iname.com>
> Cc: ARIN-PPML List <arin-ppml at arin.net>
> Subject: Re: [arin-ppml] Out-of-region overreaction?
> Message-ID:
> <CAGkMwz4cOch2v8M6HBw4-2N4x_QG9X5dYu8arehow1+86y9OXw at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Agreed. IMO this is *not* was intended by current policy, *particularly*
> IPv6 policy. If you get a /32, there's no reason you shouldn't be able to
> use it globally.
>
> Thanks for bringing this up. I think we're going to have a lively
> discussion next week in Phoenix. :-)
>
> -Scott
>
>
> On Fri, Oct 4, 2013 at 1:31 PM, Frank Bulk <frnkblk at iname.com> wrote:
>
> > I was requesting some ISP IPv6 space and the kindly ARIN staff posted
> this
> > in their response:
> >
> > Please reply and verify that you will be using
> > the requested number resources within the ARIN region
> > and announcing all routing prefixes of the requested
> > space from within the ARIN region. In accordance with
> > section 2.2 of the NRPM, ARIN issues number resources
> > only for use within its region. ARIN is therefore only
> > able to provide for your in-region numbering needs.
> >
> > I'm familiar with the concern about out-of-region folk taking advantage
> of
> > ARIN's current IPv4 supply, but I have a few concerns about the wording
> of
> > the staff communication.
> >
> > a) It's been my understanding thus far that if I'm an ISP that provides
> > service in multiple places around the world that I may divide my
> allocation
> > into smaller prefixes and advertise those to area peers. It seems ARIN
> > staff would preclude me from doing any of that. "All" is a pretty strong
> > word, and if ARIN really believes it, a lot of violators could be found.
> >
> > b) It seems that Section 2.2 of the NRPM is being misapplied.
> > 2.2. Regional Internet Registry (RIR)
> >
> > Regional Internet Registries (RIRs) are established and
> > authorized by respective regional communities, and
> > recognized by the IANA to serve and represent large
> > geographical regions. The primary role of RIRs is to
> > manage and distribute public Internet address space
> > within their respective regions.
> >
> > While ARIN does issue numbers within its region, section 2.2 does not say
> > "only for use". If an "only" had be applied, I would suggest that it's
> > "only manage and distribute".
> >
> > If I could be so bold, I'd suggest ARIN to use language something along
> > these lines in their communications:
> >
> > Please reply and verify that you will be using
> > the requested number resources primarily within the
> > ARIN region and announcing the majority of routing prefixes
> > of the requested space from within the ARIN region.
> > In accordance with section 2.2 of the NRPM, ARIN issues
> > number resources within its region.
> >
> > Frank
> >
> > _______________________________________________
> > PPML
> > You are receiving this message because you are subscribed to
> > the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
> > Unsubscribe or manage your mailing list subscription at:
> > http://lists.arin.net/mailman/listinfo/arin-ppml
> > Please contact info at arin.net if you experience any issues.
> >
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://lists.arin.net/pipermail/arin-ppml/attachments/20131004/54de2c60/attachment-0001.html
> >
>
> ------------------------------
>
> Message: 4
> Date: Fri, 4 Oct 2013 18:25:16 -0500
> From: Jimmy Hess <mysidia at gmail.com>
> To: Frank Bulk <frnkblk at iname.com>
> Cc: "arin-ppml at arin.net" <arin-ppml at arin.net>
> Subject: Re: [arin-ppml] Out-of-region overreaction?
> Message-ID:
> <CAAAwwbXKQ6z47bkUtLKMZ0BK3qubpELFE=pkYdxU2DedJ4bhBg at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> On Fri, Oct 4, 2013 at 3:31 PM, Frank Bulk <frnkblk at iname.com> wrote:
>
> >
> > I'm familiar with the concern about out-of-region folk taking advantage
> of
> > ARIN's current IPv4 supply, but I have a few concerns about the wording
> of
> > the staff communication.
> >
> > a) It's been my understanding thus far that if I'm an ISP that provides
> > service in multiple places around the world that I may divide my
> allocation
> > into smaller prefixes and advertise those to area peers. It seems ARIN
> >
>
> No. You can subdelegate portions of your allocation to customers.
> Your upstreams are not going to necessarily let you pick apart your
> allocation
> and advertise every /29; Although ARIN staff should have no objections
> to this,
> if your upstreams will allow it, and you show that to be the case.
>
> If you are chopping up your block; you do not need a big allocation from
> ARIN, though,
> of sufficient size for all your regions. It only makes sense if you
> intend to keep your block _whole_;
> and advertise a single block in multiple regions.
>
> If you intend to chop up your blocks anyways; then a sensible thing to do
> is to obtain multiple blocks instead -- from the appropriate regions
> where they will be used.
>
>
>
> > staff would preclude me from doing any of that. "All" is a pretty strong
> > word, and if ARIN really believes it, a lot of violators could be found.
> >
>
> Routing is out of scope of ARIN policy in the first place; you have an
> option of
> not advertising your allocation at all. You are allowed to have a
> privately interconnected network
> that spans regions.
>
> ARIN staff can reject your verification justification for the allocation;
> if you don't show you have an intention
> to use a significant amount of resources in the ARIN region
>
> While ARIN does issue numbers within its region, section 2.2 does not say
> > "only for use". If an "only" had be applied, I would suggest that it's
> > "only manage and distribute".
> >
>
> Policy does not say "only for use"; however there is not policy
> specifically encouraging ARIN to recognize use outside of the ARIN region.
>
> It is not sufficient for use to merely be "allowed"; ARIN has to have
> procedures
> for validating and auditing the use.
>
> It is possible, that you may be allowed to use out of region, but not be
> able to
> cite your out of region networks requirements as justification for
> obtaining
> a larger block than if your out-of-region usage did not exist at all,
>
> or it may not be accepted as current use to satisfy utilization requirement
> for a future allocation.
>
>
> > If I could be so bold, I'd suggest ARIN to use language something along
> > these lines in their communications:
> >
> > Please reply and verify that you will be using
> > the requested number resources primarily within the
> > ARIN region and announcing the majority of routing prefixes
> > of the requested space from within the ARIN region.
> > In accordance with section 2.2 of the NRPM, ARIN issues
> > number resources within its region.
> >
> >
> This is very similar to the original quote of what they had said.......
>
>
>
> > Frank
> >
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://lists.arin.net/pipermail/arin-ppml/attachments/20131004/7e771055/attachment.html
> >
>
> ------------------------------
>
> _______________________________________________
> ARIN-PPML mailing list
> ARIN-PPML at arin.net
> http://lists.arin.net/mailman/listinfo/arin-ppml
>
> End of ARIN-PPML Digest, Vol 100, Issue 2
> *****************************************
>
>
>
> _______________________________________________
> PPML
> You are receiving this message because you are subscribed to
> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
> Unsubscribe or manage your mailing list subscription at:
> http://lists.arin.net/mailman/listinfo/arin-ppml
> Please contact info at arin.net if you experience any issues.
>
--
Martin Skojec
Director of Engineering and Operations - Virtacore Systems Inc.
mskojec at virtacore.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20131005/930fbe3c/attachment.htm>
More information about the ARIN-PPML
mailing list