Recommended Draft Policy ARIN-2014-1: Out of Region Use
ARIN
info at arin.net
Wed Dec 24 11:21:19 EST 2014
Recommended Draft Policy ARIN-2014-1
Out of Region Use
On 18 December 2014 the ARIN Advisory Council (AC) recommended
ARIN-2014-1 for adoption, making it a Recommended Draft Policy.
ARIN-2014-1 is below and can be found at:
https://www.arin.net/policy/proposals/2014_1.html
You are encouraged to discuss Draft Policy 2014-1 on the PPML prior to
the upcoming ARIN Public Policy Consultation at NANOG 63 in San Antonio
in February 2015. Both the discussion on the list and at the meeting
will be used by the ARIN Advisory Council to determine the community
consensus for adopting this as policy.
The ARIN Policy Development Process can be found at:
https://www.arin.net/policy/pdp.html
Draft Policies and Proposals under discussion can be found at:
https://www.arin.net/policy/proposals/index.html
Regards,
Communications and Member Services
American Registry for Internet Numbers (ARIN)
## * ##
Recommended Draft Policy ARIN-2014-1
Out of Region Use
Date: 24 December 2014
AC's assessment of conformance with the Principles of Internet Number
Resource Policy:
This proposal enables fair and impartial number resource administration
by clearing up a significant ambiguity in policy and practice. This
proposal is technically sound, as no technical issues are raised by
permitting a single network operator to use resources from one RIR in
any region. This proposal is supported by the community. Permitting out
of region use allows operators with facilities spanning more than one
region to obtain resources in the most direct and convenient way, and to
utilize their numbers more flexibly and efficiently. The concerns of law
enforcement and staff raised by the first staff and legal assessment
have been mitigated by the latest amendments.
Problem statement:
Current policy neither clearly forbids nor clearly permits out or region
use of ARIN registered resources. This has created confusion and
controversy within the ARIN community for some time. Earlier work on
this issue has explored several options to restrict or otherwise limit
out of region use. None of these options have gained consensus within
the community. The next logical option is a proposal that clearly
permits out of region use while addressing some of the concerns
expressed about unlimited openness to out of region use.
Policy statement:
Create new Section X:
ARIN registered resources may be used outside the ARIN service region.
Out of region use of IPv4, IPv6, or ASNs are valid justification for
additional number resources if the applicant is currently using at least
the equivalent of a /22 of IPv4, /44 of IPv6, or 1 ASN within the ARIN
service region, respectively.
The services and facilities used to justify the need for ARIN resources
that will be used out of region cannot also be used to justify resource
requests from another RIR. When a request for resources from ARIN is
justified by need located within another RIR’s service region, the
officer of the applicant must attest that the same services and
facilities have not been used as the basis for a resource request in the
other region(s). ARIN reserves the right to request a listing of all the
applicant's number holdings in the region(s) of proposed use, but this
should happen only when there are significant reasons to suspect
duplicate requests.
Comments:
a. Timetable for implementation: Immediate
b. Anything else
Current policy is ambiguous on the issue of out of region use of ARIN
registered resources. The only guidance on the issue in current policy
is Section 2.2, which defines the the role of RIRs as “to manage and
distribute public Internet address space within their respective
regions.” Some in the community believe this means out of region use
should be prevented or restricted, while others believe this is only
intended to focus efforts within the region and not define where
resources may be used.
Previous policy proposals have explored restricting or otherwise
limiting out of region use, but none have gained consensus within the
ARIN community. Several standards for restricting out of region use were
explored, but all of them were perceived as interfering with the
legitimate operations of multi- or trans-regional networks.
The requirement to have a minimal level of resources deployed in the
region (/44 for IPv6, /22 for IPv4, 1 ASN) is an attempt to respond to
law enforcement and some community concerns. An absolute threshold
ensures that those applying for ARIN resources are actually operating in
the region and not simply a shell company, but it avoids the known
pitfalls of trying to use percentages of the organization's overall
holdings to do that. The use of officer attestation and the possibility
of an audit is an attempt to prevent duplicate requests without
requiring burdensome reporting requirements.
In summary, this proposal ensures that trans-regional organizations or
service providers operating within the ARIN region may receive all the
resources they need from ARIN if they wish to do so. This change is
particularly important for IPv6. Requiring organizations get IPv6
resources from multiple RIRs will result in additional unique
non-aggregatable prefixes within the IPv6 route table.
#####
ARIN STAFF ASSESSMENT
Date of Assessment: 22 October 2014 to 13 November 2014
2014-1 “Out of Region Use”
1. Summary (Staff Understanding)
This policy would allow out of region use of ARIN issued resources as
long as the requesting organization is an ARIN member in good standing
and currently using at least a /22, or a /44, or 1 ASN within the ARIN
region.
2. Comments
A. ARIN Staff Comments
There are registrants in the ARIN region, such as end-users, who are not
necessarily ARIN members. As written, this policy would not be available
to an organization that is not currently a member of ARIN, due to the
use of "ARIN member in good standing" in the policy text. Unless the
intention is specifically to require ARIN membership, the policy text
should simply reference "a registrant currently using at least the
equivalent of a /22 of IPv4, or a /44 of IPv6 in the region."
Staff would apply ARIN policy to all out of region requests to include
asking for utilization details of resources registered in another RIR’s
database if the ARIN resources are being requested for use in that region.
This policy adds a new requirement that staff review utilization outside
of the ARIN region, which will require additional time, and could delay
the review and processing of requests of this type as well as other
request types that ARIN currently handles.
B. ARIN General Counsel - Legal Assessment
This policy has been improved from counsel's perspective since the last
version was reviewed at ARIN 34 in Baltimore.
Counsel recognizes and supports the issuance of resources to entities in
the ARIN region that need number resources that will be used in both
this region and in the remainder of the world. ARIN currently issues
resources for these needs based on a needs based allocation methodology.
This proposed revised policy now requires that there be /22 of deployed
resources in the ARIN service region, and once that installation exists
it allows all of the recipients' needs outside the ARIN service region
to be met by ARIN. This is a substantial improvement from a legal
perspective as it requires a "meaningful" or "material" physical
presence of the recipient in the service region that was absent from the
prior version. This meets a core objective answering my prior concern
about the lack of such a requirement.
This policy still represents a type of exception to ICP2, despite the
helpful added requirement of the recipients /22 presence in region. ARIN
is governed by ICANN ICP-2, which calls for establishment of a single
RIR to serve each region. ICP2 further notes that multiple RIRs serving
in a single region is likely to lead to difficulty for co-ordination and
co-operation between the RIRs as well as confusion for the community
within the region. The implication of that governance structure is that
each RIR can and should serve its service region. This revised policy
still allows entities with /22 technological connections to the ARIN's
service region to obtain increasingly scarce IPv4 resources from ARIN
and related registry services for needs outside the ARIN regions. This
policy still will result in ARIN effectively providing significant
registry services to ARIN qualified recipients operating in other RIR
regions.
If the draft policy is adopted and ARIN provides resources to qualifying
entities for use outside of the region, it is essential that the present
requirement for dispute resolution via arbitration at a location in
ARIN's service region as currently required in the RSA be maintained to
assist in reducing the risk of ARIN becoming subject to the venue,
jurisdiction and laws of legal forums outside the ARIN service region.
ARIN cannot perform business functions contemplated in the policy with
certain countries, and related public or private entities, such as
relationships to Cuba, Iran and North Korea under U.S. law. This has not
historically been an issue for ARIN prior to this proposed policy. The
new requirement to spell out that the recipient must maintain an actual
physical presence, as well as a corporate legal entity in the ARIN
region, reduces, but does not entirely eliminate this concern. It may be
necessary to require ARIN's implementation of this policy to require a
certification that none of the resources will be deployed contrary to
U.S., Canada or Caribbean nations law in this respect.
3. Resource Impact
This policy would have significant resource impact from an
implementation aspect. It is estimated that implementation would occur
within 5-6 months after ratification by the ARIN Board of Trustees. The
following would be needed in order to implement:
Updated guidelines and internal procedures
Staff training
Engineering efforts to handle out of region business rules may be
substantial.
4. Proposal/Draft Policy Text Assessed
Draft Policy ARIN-2014-1 Out of Region Use
Date: 21 October 2014
Problem statement:
Current policy neither clearly forbids nor clearly permits out or region
use of ARIN registered resources. This has created confusion and
controversy within the ARIN community for some time. Earlier work on
this issue has explored several options to restrict or otherwise limit
out of region use. None of these options have gained consensus within
the community. The next logical option is a proposal that clearly
permits out of region use while addressing some of the concerns
expressed about unlimited openness to out of region use.
Policy statement:
Create new Section X:
ARIN registered resources may be used outside the ARIN service region.
Out of region use of IPv4, IPv6, or ASNs are valid justification for
additional number resources if the applicant is an ARIN member in good
standing and is currently using at least the equivalent of a /22 of
IPv4, or a /44 of IPv6, or 1 ASN within the ARIN service region,
respectively.
The services and facilities used to justify the need for ARIN resources
that will be used out of region cannot also be used to justify resource
requests from another RIR. When a request for resources from ARIN is
justified by need located within another RIR’s service region, an
officer of the applicant must attest that the same services and
facilities have not been used as the basis for a resource request in the
other region(s). ARIN reserves the right to request a listing of all the
applicant's number holdings in the region(s) of proposed use, but this
should happen only when there are significant reasons to suspect
duplicate requests.
Comments:
a. Timetable for implementation: Immediate
b. Anything else
Current policy is ambiguous on the issue of out of region use of ARIN
registered resources. The only guidance on the issue in current policy
is Section 2.2, which defines the the role of RIRs as “to manage and
distribute public Internet address space within their respective
regions.” Some in the community believe this means out of region use
should be prevented or restricted, while others believe this is only
intended to focus efforts within the region and not define where
resources may be used.
Previous policy proposals have explored restricting or otherwise
limiting out of region use, but none have gained consensus within the
ARIN community. Several standards for restricting out of region use were
explored, but all of them were perceived as interfering with the
legitimate operations of multi- or trans-regional networks.
The requirement to have a minimal level of resources deployed in the
region (/44 for IPv6, /22 for IPv4, 1 ASN) is an attempt to respond to
law enforcement and some community concerns. An absolute threshold
ensures that those applying for ARIN resources are actually operating in
the region and not simply a shell company, but it avoids the known
pitfalls of trying to use percentages of the organization's overall
holdings to do that. The use of officer attestation and the possibility
of an audit is an attempt to prevent duplicate requests without
requiring burdensome reporting requirements.
In summary, this proposal ensures that trans-regional organizations or
service providers operating within the ARIN region may receive all the
resources they need from ARIN if they wish to do so. This change is
particularly important for IPv6. Requiring organizations get IPv6
resources from multiple RIRs will result in additional unique
non-aggregatable prefixes within the IPv6 route table.
More information about the Info
mailing list