Recommended Draft Policy ARIN-2014-1: Out of Region Use

ARIN info at arin.net
Wed Dec 24 11:21:19 EST 2014


Recommended Draft Policy ARIN-2014-1
Out of Region Use

On 18 December 2014 the ARIN Advisory Council (AC) recommended
ARIN-2014-1 for adoption, making it a Recommended Draft Policy.

ARIN-2014-1 is below and can be found at:
https://www.arin.net/policy/proposals/2014_1.html

You are encouraged to discuss Draft Policy 2014-1 on the PPML prior to
the upcoming ARIN Public Policy Consultation at NANOG 63 in San Antonio 
in February 2015. Both the discussion on the list and at the meeting 
will be used by the ARIN Advisory Council to determine the community 
consensus for adopting this as policy.

The ARIN Policy Development Process can be found at:
https://www.arin.net/policy/pdp.html

Draft Policies and Proposals under discussion can be found at:
https://www.arin.net/policy/proposals/index.html

Regards,

Communications and Member Services
American Registry for Internet Numbers (ARIN)


## * ##


Recommended Draft Policy ARIN-2014-1
Out of Region Use

Date: 24 December 2014

AC's assessment of conformance with the Principles of Internet Number 
Resource Policy:

This proposal enables fair and impartial number resource administration 
by clearing up a significant ambiguity in policy and practice. This 
proposal is technically sound, as no technical issues are raised by 
permitting a single network operator to use resources from one RIR in 
any region. This proposal is supported by the community. Permitting out 
of region use allows operators with facilities spanning more than one 
region to obtain resources in the most direct and convenient way, and to 
utilize their numbers more flexibly and efficiently. The concerns of law 
enforcement and staff raised by the first staff and legal assessment 
have been mitigated by the latest amendments.

Problem statement:

Current policy neither clearly forbids nor clearly permits out or region 
use of ARIN registered resources. This has created confusion and 
controversy within the ARIN community for some time. Earlier work on 
this issue has explored several options to restrict or otherwise limit 
out of region use. None of these options have gained consensus within 
the community. The next logical option is a proposal that clearly 
permits out of region use while addressing some of the concerns 
expressed about unlimited openness to out of region use.

Policy statement:

Create new Section X:

ARIN registered resources may be used outside the ARIN service region. 
Out of region use of IPv4, IPv6, or ASNs are valid justification for 
additional number resources if the applicant is currently using at least 
the equivalent of a /22 of IPv4, /44 of IPv6, or 1 ASN within the ARIN 
service region, respectively.

The services and facilities used to justify the need for ARIN resources 
that will be used out of region cannot also be used to justify resource 
requests from another RIR. When a request for resources from ARIN is 
justified by need located within another RIR’s service region, the 
officer of the applicant must attest that the same services and 
facilities have not been used as the basis for a resource request in the 
other region(s). ARIN reserves the right to request a listing of all the 
applicant's number holdings in the region(s) of proposed use, but this 
should happen only when there are significant reasons to suspect 
duplicate requests.

Comments:

a. Timetable for implementation: Immediate

b. Anything else

Current policy is ambiguous on the issue of out of region use of ARIN 
registered resources. The only guidance on the issue in current policy 
is Section 2.2, which defines the the role of RIRs as “to manage and 
distribute public Internet address space within their respective 
regions.” Some in the community believe this means out of region use 
should be prevented or restricted, while others believe this is only 
intended to focus efforts within the region and not define where 
resources may be used.

Previous policy proposals have explored restricting or otherwise 
limiting out of region use, but none have gained consensus within the 
ARIN community. Several standards for restricting out of region use were 
explored, but all of them were perceived as interfering with the 
legitimate operations of multi- or trans-regional networks.

The requirement to have a minimal level of resources deployed in the 
region (/44 for IPv6, /22 for IPv4, 1 ASN) is an attempt to respond to 
law enforcement and some community concerns. An absolute threshold 
ensures that those applying for ARIN resources are actually operating in 
the region and not simply a shell company, but it avoids the known 
pitfalls of trying to use percentages of the organization's overall 
holdings to do that. The use of officer attestation and the possibility 
of an audit is an attempt to prevent duplicate requests without 
requiring burdensome reporting requirements.

In summary, this proposal ensures that trans-regional organizations or 
service providers operating within the ARIN region may receive all the 
resources they need from ARIN if they wish to do so. This change is 
particularly important for IPv6. Requiring organizations get IPv6 
resources from multiple RIRs will result in additional unique 
non-aggregatable prefixes within the IPv6 route table.

#####

ARIN STAFF ASSESSMENT

Date of Assessment: 22 October 2014 to 13 November 2014
2014-1 “Out of Region Use”

1. Summary (Staff Understanding)

This policy would allow out of region use of ARIN issued resources as 
long as the requesting organization is an ARIN member in good standing 
and currently using at least a /22, or a /44, or 1 ASN within the ARIN 
region.

2. Comments

A. ARIN Staff Comments

There are registrants in the ARIN region, such as end-users, who are not 
necessarily ARIN members. As written, this policy would not be available 
to an organization that is not currently a member of ARIN, due to the 
use of "ARIN member in good standing" in the policy text. Unless the 
intention is specifically to require ARIN membership, the policy text 
should simply reference "a registrant currently using at least the 
equivalent of a /22 of IPv4, or a /44 of IPv6 in the region."

Staff would apply ARIN policy to all out of region requests to include 
asking for utilization details of resources registered in another RIR’s 
database if the ARIN resources are being requested for use in that region.

This policy adds a new requirement that staff review utilization outside 
of the ARIN region, which will require additional time, and could delay 
the review and processing of requests of this type as well as other 
request types that ARIN currently handles.

B. ARIN General Counsel - Legal Assessment

This policy has been improved from counsel's perspective since the last 
version was reviewed at ARIN 34 in Baltimore.

Counsel recognizes and supports the issuance of resources to entities in 
the ARIN region that need number resources that will be used in both 
this region and in the remainder of the world. ARIN currently issues 
resources for these needs based on a needs based allocation methodology. 
This proposed revised policy now requires that there be /22 of deployed 
resources in the ARIN service region, and once that installation exists 
it allows all of the recipients' needs outside the ARIN service region 
to be met by ARIN. This is a substantial improvement from a legal 
perspective as it requires a "meaningful" or "material" physical 
presence of the recipient in the service region that was absent from the 
prior version. This meets a core objective answering my prior concern 
about the lack of such a requirement.

This policy still represents a type of exception to ICP2, despite the 
helpful added requirement of the recipients /22 presence in region. ARIN 
is governed by ICANN ICP-2, which calls for establishment of a single 
RIR to serve each region. ICP2 further notes that multiple RIRs serving 
in a single region is likely to lead to difficulty for co-ordination and 
co-operation between the RIRs as well as confusion for the community 
within the region. The implication of that governance structure is that 
each RIR can and should serve its service region. This revised policy 
still allows entities with /22 technological connections to the ARIN's 
service region to obtain increasingly scarce IPv4 resources from ARIN 
and related registry services for needs outside the ARIN regions. This 
policy still will result in ARIN effectively providing significant 
registry services to ARIN qualified recipients operating in other RIR 
regions.

If the draft policy is adopted and ARIN provides resources to qualifying 
entities for use outside of the region, it is essential that the present 
requirement for dispute resolution via arbitration at a location in 
ARIN's service region as currently required in the RSA be maintained to 
assist in reducing the risk of ARIN becoming subject to the venue, 
jurisdiction and laws of legal forums outside the ARIN service region.

ARIN cannot perform business functions contemplated in the policy with 
certain countries, and related public or private entities, such as 
relationships to Cuba, Iran and North Korea under U.S. law. This has not 
historically been an issue for ARIN prior to this proposed policy. The 
new requirement to spell out that the recipient must maintain an actual 
physical presence, as well as a corporate legal entity in the ARIN 
region, reduces, but does not entirely eliminate this concern. It may be 
necessary to require ARIN's implementation of this policy to require a 
certification that none of the resources will be deployed contrary to 
U.S., Canada or Caribbean nations law in this respect.

3. Resource Impact

This policy would have significant resource impact from an 
implementation aspect. It is estimated that implementation would occur 
within 5-6 months after ratification by the ARIN Board of Trustees. The 
following would be needed in order to implement:

Updated guidelines and internal procedures

Staff training

Engineering efforts to handle out of region business rules may be 
substantial.

4. Proposal/Draft Policy Text Assessed
Draft Policy ARIN-2014-1 Out of Region Use
Date: 21 October 2014
Problem statement:
Current policy neither clearly forbids nor clearly permits out or region 
use of ARIN registered resources. This has created confusion and 
controversy within the ARIN community for some time. Earlier work on 
this issue has explored several options to restrict or otherwise limit 
out of region use. None of these options have gained consensus within 
the community. The next logical option is a proposal that clearly 
permits out of region use while addressing some of the concerns 
expressed about unlimited openness to out of region use.

Policy statement:
Create new Section X:
ARIN registered resources may be used outside the ARIN service region. 
Out of region use of IPv4, IPv6, or ASNs are valid justification for 
additional number resources if the applicant is an ARIN member in good 
standing and is currently using at least the equivalent of a /22 of 
IPv4, or a /44 of IPv6, or 1 ASN within the ARIN service region, 
respectively.
The services and facilities used to justify the need for ARIN resources 
that will be used out of region cannot also be used to justify resource 
requests from another RIR. When a request for resources from ARIN is 
justified by need located within another RIR’s service region, an 
officer of the applicant must attest that the same services and 
facilities have not been used as the basis for a resource request in the 
other region(s). ARIN reserves the right to request a listing of all the 
applicant's number holdings in the region(s) of proposed use, but this 
should happen only when there are significant reasons to suspect 
duplicate requests.

Comments:
a. Timetable for implementation: Immediate
b. Anything else
Current policy is ambiguous on the issue of out of region use of ARIN 
registered resources. The only guidance on the issue in current policy 
is Section 2.2, which defines the the role of RIRs as “to manage and 
distribute public Internet address space within their respective 
regions.” Some in the community believe this means out of region use 
should be prevented or restricted, while others believe this is only 
intended to focus efforts within the region and not define where 
resources may be used.
Previous policy proposals have explored restricting or otherwise 
limiting out of region use, but none have gained consensus within the 
ARIN community. Several standards for restricting out of region use were 
explored, but all of them were perceived as interfering with the 
legitimate operations of multi- or trans-regional networks.
The requirement to have a minimal level of resources deployed in the 
region (/44 for IPv6, /22 for IPv4, 1 ASN) is an attempt to respond to 
law enforcement and some community concerns. An absolute threshold 
ensures that those applying for ARIN resources are actually operating in 
the region and not simply a shell company, but it avoids the known 
pitfalls of trying to use percentages of the organization's overall 
holdings to do that. The use of officer attestation and the possibility 
of an audit is an attempt to prevent duplicate requests without 
requiring burdensome reporting requirements.
In summary, this proposal ensures that trans-regional organizations or 
service providers operating within the ARIN region may receive all the 
resources they need from ARIN if they wish to do so. This change is 
particularly important for IPv6. Requiring organizations get IPv6 
resources from multiple RIRs will result in additional unique 
non-aggregatable prefixes within the IPv6 route table.



More information about the Info mailing list