[arin-ppml] ARIN-2024-5 Rewrite of NRPM Section 4.4 Micro-Allocation - Community Questions

Fri Feb 21 19:28:14 EST 2025

> The current draft text can be found on ARIN’s policy page here:
> https://www.arin.net/participate/policy/drafts/2024_5/

Hi folks,

There hasn't been a whole lot of discussion about this proposal since
it was introduced last year.  A few folks argued back and forth about
what an IXP peering LAN looks like, spelling out "critical
infrastructure," whether policy can express "intent," IX
virtualization, and so on. Some of those have been addressed in the
current text. Some have not yet been addressed. Discussion has kinda
tapered off with, in the latest round, only Tyler stepping forward to
offer feedback and say he likes the proposal and wants to see it move
forward (thank you Tyler!)

I'd like to step back a moment and get a sense of what all of you
think about the problems 2024-5 is trying to solve and whether it's
still worth trying to solve them. Here's the draft's problem statement
and some questions I have for which answers from you would help me
better understand.

> Problem Statement:
>
> The current NRPM Section 4.4 language hasn't aged well.

Would anyone offer some discussion about this? In what manner has it
failed to age well? Examples would be welcome. If you have an example
containing private information, feel free to send it to me off-list
and I'll anonymize it for the group.

> As the ARIN 53
> policy experience report demonstrated, 4.4 has also become difficult to
> implement by ARIN staff.

For reference you can find that policy experience report (PER) here,
along with the transcript of its presentation at ARIN 53:

https://www.arin.net/participate/meetings/ARIN53/materials/monday/arin53_policyimplementation.pdf
https://www.arin.net/participate/meetings/ARIN53/day1_transcript/#policy-implementation-and-experience-report

My understanding is that the issue raised by the PER is whether or not
IXPs receiving 4.4 space are permitted to broadly route that space via
BGP on the Internet. Many common IXP implementations do not route
those addresses in order to prevent hacking from end users. It's hard
to hack equipment if you can't send packets to it and there's no
technical requirement that the routers on the IXP lan be able to
receive packets to their IP addresses from end users -- only that they
be able to send ICMP unreachables.

ARIN's current implementation of NRPM 4.4 is that IXP addresses
allocated under 4.4 are NOT permitted to be broadly routed and could
be revoked if found to be used for equipment other than the IXP
interconnect LAN.

Are there issues from the PER that I missed or misunderstood?

I note that restricting the routing of 4.4 IXP addresses gives ARIN an
effective lever to limit abuse by applicants who aren't really
operating an IXP. Is this desirable, or is it a problem? The draft
says it's a problem and reverses ARIN's no-routing rule.

And of course the big question: would you like to see the Advisory
Council continue working on this draft and moving it forward?

Regards,
Bill Herrin

--
William Herrin
bill at herrin.us
https://bill.herrin.us/