Sept COOK Report on IANA Authority and ARIN
Gordon Cook
cook at NETAXS.COM
Sun Jul 27 23:12:19 EDT 1997
INTERNET GOVERNANCE NOT SCALING WELL
IANA & IP NUMBER REGISTRY POLICY NEED FORMALIZING
NSF TELLS NSI NOT TO ENTER NEW TOP LEVEL DOMAINS
NSI Operational Failures & Direction of US Government Policy Could
Give Impetus to Move of DNS Operations to Europe as Opening of
ARIN is Held up by Delay in Getting Liability Insurance in Place
pp. 1 - 19
We have examined IANA and IP registry policy closely during the past
month. In a long four part article we look at registry policy and
coordination problems; at IANA authority, and finally at evolving U.S.
policy. What we have found is disappointing. Part I below surveys
registry policy. Part II focuses on the issue of IANA authority and how it
is coping with the Internet's having gone from a sleepy academic and
research communications network to a critical piece of the world's
communications infrastructure. Part III covers the launching of the
American Registry for Internet Numbers (ARIN). Part IV surveys jockeying
for position between IAHC and IANA, on the one hand, and the US
Government's on-going effort to shape DNS issues, on the other. Not
surprisingly developments in each of these areas impact processes underway
in the other areas. The cooperative model that enabled the original growth
of the Internet has been fractured with uncertain consequences for all
players.
Consider Network Solutions' evaluation of the situation in which it finds
itself [from its July 3rd SEC filing] : "Continuing to achieve consensus
may become difficult or impossible and may become extremely time consuming
and costly. Achieving consensus may be made more difficult because of the
lack of leadership by any one entity. This lack of regulation creates
great uncertainty as to the legality of any action, making business
planning and operations difficult. Conversely, the lack of regulation
could theoretically result in individuals and entities taking harmful or
disruptive actions with respect to the Internet with impunity."
Part I: Registry Policy, pp. 2 - 7
We found that correct interpretation of RFC 2050 demands very careful
reading. Also RFC 2050 does not inform its readers that policy among
registries differs significantly. For example, when an ISP joins RIPE it
receives a routable 19/. While there are reasons for this, no single
document exists that serves as a clear guidance mechanism to global
registry and IANA policy in an area that is increasingly contentious for
ISPs served by InterNic. Many of these ISPs wish to receive a globally
routable 19/ IP block direct from the Registry in order to be able to
multi-home effectively to two or more different upstream providers. But
many who want 19/s find themselves unable to meet the InterNic's
requirements in terms of total number of customers and allocation of their
existing IP space.
One of the critical reasons for the creation of ARIN is to move policy
making for the allocation of IP numbers from the very slow and laborious
IETF RFC best current practice track to a membership organization
responsive to the needs of its members. We present some highlights of
pagan and apnic list discussion from July. This discussion highlights the
reasons why multi-homed providers need provider independent 19/
allocations from InterNic/ARIN. It also contains suggestions for the
formulation of policy designed to deal with concerns about route flap,
routing table entries, and efficient use of IPv4 space. ARIN hopes to have
its first membership meeting in October. Its intent is to have member
driven policy before the end of this year.
Part II IANA Authority, pp. 7 - 13
Depending on which metaphor one prefers Jon Postel is either thought of by
Internet insiders as the Supreme Court, the FCC, or God. His decisions are
considered to be final and beyond the review of the Internet Architecture
Board and Internet Engineering Steering Group. They include final
decisions affecting all of DNS, all of IP, serving as secretary for all
Internet RFCs and making port assignments for various Internet protocols.
Jon is widely and we find deservedly respected and trusted. However, the
Internet has grown and changed so fast that the current environment has
outstripped his ability to function adequately. IANA, as now constituted,
is having difficulty dealing with an environment where attorneys appeal IP
allocation decisions directly to Jon and then, finding inconsistencies and
what may look, at first glance, to be loop holes in the allocation
process, threaten to sue him if he does not grant the allocation they
seek. Having been the recent target of one suit and, as far as we can
ascertain without serious legal liability insurance, he would be under
pressure just from the sheer numbers of issues that he is called to deal
with, even had the atmosphere had not grown vastly more contentious as
well. It is folly to expect Jon to continue to operate as the sole world
authority in this area without putting a sound foundation of checks and
balances underneath him. The difficulty of Jon's position has been further
increased, by USC's unwillingness to provide him with any legal defense
for actions taken as IANA, even though, as a USC employee carrying out his
official duties, he'd normally be entitled as such.
Insiders are critical of aspects of his recent performance, yet they will
not say so in public. Consider some of the testimony given us by a recent
former member of the Internet Architecture Board. ExIAB: Jon honestly
believes he has the ability to make the right and ethical decisions on a
consistent basis. I have known him for a long time and know better than to
ever try to convince him differently. We need his help and backing often
on many things, so every now and then we even tend to be a little extra
compliant. COOK Report: In the sense of propitiating the "gods"? ExIAB:
Yes. COOK Report: What we are most fearful of right now is that Jon Postel
may wind up moving too slowly to broaden and share his authority. IANA
institutionalization remains the achilles heel of the Internet. It needs
to happen rapidly. ExIAB: I agree. What do you think would help
Postel/Whomever Else to make it happen better? I think many feel that the
IANA institution needs to become broad-based.
We reviewed some of the recent IANA decisions that have been criticized:
The case of the 19/ allocation in March of this year, the @home
allocation, the Genuity board membership, and the Haiti TLD decision in
March of this year. In every case we found nothing serious for which Jon
can be blamed - except that, when operating with little support structure
and essentially alone in midst of turmoil and under great pressure, it is
very difficult to be always completely consistent.
Both @home and the March 97 19/ Geist allocation involve the not well
documented area of appeals. Even though Kim Hubbard says she has precisely
described the @home situation on network mailing list, her description is
not easily retrievable. The decision which given the identity of players
has taken on an undeserved life of its own was nothing more than @home
requesting a very large allocation from InterNic, being turned down, and
appealing to Jon,who, on the basis of information presented by them to
InterNic, said they qualified for a 14/ - period. We described March 97's
19/ appeal last month.
Rodney Joffe, the CTO of Genuity, was kind enough to answer our questions
about Jon's involvement with Genuity. He explained that he prevailed on
Jon to join his Board after he sold Bechtel a 75% interest in Genuity. He
did so in order for Jon to make it very clear to Bechtel management the
kinds of behavior that were appropriate in order to be a good citizen
within the Internet community. He also stated that Jon said while he would
advise Bechtel about of some ways in which it could improve the Internet
community, he would never permit himself to be involved in advising
Bechtel how to improve its own interests.
Unfortunately, we did not recall, until we were going to press, that the
member of a Board of Directors of a corporation has a legal, fiduciary
responsibility to that corporation. Thus, contrary to Rodney's assertion
about Jon's insisting that his membership not benefit Genuity, it could be
said that, if Jon had information about an action that he would take as
IANA, and he did not disclose it to Genuity, he might be acting in
violation of his legal, fiduciary responsibility to Genuity. If Jon served
on an advisory board, this liability would vanish. Unfortunately the web
page http://www.genuity.net/about_genuity/officers.html makes it very
clear he is a full member of the Board of Directors of the corporation. We
see this as one more example that, filled with good intentions as he may
be, Jon has gotten in over his head.
The issue of the Haiti TLD is a bit different and, some people feel,
potentially serious. Jon delegated the HT TLD to REHRED, a non
governmental group, in early March. When soon there after the Haitian
government came to him and demanded that it get the TLD, Jon gave in,
contravening as he did so the process established in RFC 1591. In the
words of an observer: "was not about to stick his neck out without any
protection from our government by refusing to grant what even smelled like
a request from any other government." For on April 3 Jon wrote to REHRED
(from who he had removed control of the HT Top Level Domain). "Hello: I am
sorry if you do not understand that we have explained to you that there is
a rule we have adopted since RFC 1591 was published: 'Follow the expressed
wishes of the government of the country with regard to the domain name
manager for the country code corresponding to that country'. We have
decided that this rule takes priority. We do not believe it is wise to
argue with the government of a country about the TLD for that country."
"In other words," continued the observer, "he gave in, and issuing a
*private* directive that, in effect, said that 1591 applies unless a
government objects, in which case the government gets its way in its own
country. Jon was told that if governments were given special consideration
and permitted to contravene standard IANA procedures, he might just as
well pack up the IANA and let the U.N take over."
Looking at these events, we must ask from a policy point of view whether
the issue is Postel or the functions of IANA? If we argue that it is Jon,
we have the problems of whether we can get him to go along with the
conclusion that he should retire because neither he nor any other fallible
human should have to be asked to carry responsibility, in isolation, for
the financial consequences that flow from the decisions he is being asked
to make. On the other hand if we argue that the issue is the IANA
FUNCTIONS, we can entertain the following scenario.
We see three alternatives. 1. Jon Postel bails out and retires by year
end, exacerbating the present "authority problem and destabilizing an
already troubled Internet. 2. Jon hangs on. Makes mistakes. Legal actions
begin. IP gets as controversial as DNS and US government decides to
intercede. Or 3. Jon shares power and convenes the Council of Global
Registries (CGR) in which he participates (perhaps, initially, as Chair)
providing stability and guidance in time of transition. Eventually, he
turns the IANA Functions over to the CGR and Council over completely to
the registries while remaining as an Emeritus IANA available for guidance
and consultation.. He creates an institutionalized function for appeals,
for coordination and development of procedures. This function, with the
larger set of CGR by laws and procedures, becomes the legal basis for
policy.
Part III Launching ARIN, pp. 15 - 23
The process of getting ARIN up and running is ensnared in a kind of "catch
22" position because prior to the founding of ARIN, NSI has paid for IP
number allocation costs out of income from sale of domain names. Therefore
ARIN is setting up a membership organization with no cash flow. Given the
criticality of its functions for the Internet and the volume of its
day-to-day business, the resources needed to perform these tasks are
substantial. The execution of these tasks cannot stop while ARIN collects
membership fees and ramps up its activities. Therefore NSI's Year 5
Program Plan proposed that NSI would bear the full costs of the transition
and this has been incorporated into the NSF co-operative agreement. NSI's
responsibility for the IP functions includes the financial responsibility
to establish ARIN and pay its expenses until it is financially self
sustaining.
NSI, with its July 3rd IPO filing and recent DNS infrastructure troubles,
has had its hands full and the launch of ARIN has progressed more slowly
than we would like. When we set out to rebut Dave McClure's recent attack
on ARIN, we found out in a phone interview with NSI's Senior Vice
President Don Telage that due to a delay in getting legal liability
insurance in place, what we had assumed to be the ARIN board was not yet
legally seated and ARIN would be unable to accept members until the Board
was in place. We are now confident that it will be in place in less than
two weeks.
Part IV DNS, IANA and US Government on a Collision Course?, pp. 16 - 19
Jon Postel not surprisingly, regards much of his stewardship over the IANA
processes as being one of making sure that the infrastructure works. We
can imagine that the events of the last ten days (Kashpureff's attacks and
the defective tape loaded into the root servers) have given him severe
indigestion on this account. In this context, a wide range of people to
whom we have talked say that Jon has the power to remove the root or "."
server from the control of Network Solutions.
The tension existing in the area of the ownership of root has been
heightened by a move on the part of the US government. On page 14 of
NSI's IPO filing with the SEC we have found a very telling statement: The
NSF has given "written direction . . . not to take any action to create
additional TLDs or to add any new TLDs to the Internet root servers until
further guidance is provided." The chances that this would happen without
the direction of either DOJ or the Interagency Task Force or both would be
remote. We will no longer find the NSF making independent policy in this
very sensitive area. Furthermore "written direction" sounds like an order
and not a request. An order would not be given without the US government
having decided that it has authority to make law and determine policy.
Ignoring the question of whether root moves, if the US government has
decided that the best interests of the Internet, from an American
perspective, would be served by no new TLDs in the root servers, the
decision on whether to try to keep the IAHC domains out of them, is likely
to be some time away. Dave Crocker has told us that it will be October
before IAHC/IPOC has any new TLDs ready for the root servers. Furthermore,
other sources suggest that the more likely moment of decision for Jon
Postel on this issue won't come until January.
Consider his situation. (1) out of money at home. (2) his leadership on
DNS new TLDs stymied by US government. (3) ARIN approved but not yet
operational. (4) his IAHC TLD process more centered in Europe than the
U.S. (5) the RIPE registry in Europe under Daniel Karrenberg strongly
supportive of his goals. (6) a new TLD root server in London (7) DNS
infrastructure under control of Network Solutions in the US crumbling.
Given these facts it would be hard to imagine Jon not thinking of ordering
a move of the DNS root from NSI to Europe at some point in the next few
months.
In the meantime, ISOC, IANA and IAHC/IPOC appear to be well ensconced in
the driver's seat on this issue and are showing no signs of being willing
to back off. Consequently, the U.S. government has painted itself into
kind of a corner. For, if it comes down openly and hard in the next few
weeks with the position that no new TLDs should go into the root servers,
it seems likely to us that such action would ensure - barring a major
change of heart on the part of Jon Postel, a move of root to Europe.
Forecasting a denouement for these highly uncertain variables is not easy.
is also difficult to imagine an outcome - other than one involving prompt
and creative cooperation among the three IP registries regarding the IANA
functions - that would really benefit the Internet.
CAIDA Offers Tools for Inter NSP Cooperation, pp. 20-25
We interview KC Claffy and Tracie Monk of the National Laboratory for
Applied Network Research (NLANR) about the origin and progress of the
Cooperative Association for Internet Data Analysis. While NLANR has
provided engineering "glue" for members of the research community who are
using the vBNS, the hope is to have CAIDA to the same for national ISPs
who, since the have emerged, have had no cooperative means for developing
tools to help them build reliable networks that can best handle the stress
of the enormous growth of the commercial Internet as a whole.
The tools in question range form web caching technology to Oc3mon, a tool
to identify separate IP flows over ATM paths. Oc3mon can be used both for
real time flow analysis and to improve hardware design. Cisco has funded
CAIDA to do a tool taxonomy. CAIDA also is focusing on virtual
environments where engineers from different NSPs can meet to do problems
solving and technical idea exchange. In May of this year it held a second
annual Internet Statistics and Metric Analysis Workshop where it brought
tool makers together to critique and analyze the strengths and weaknesses
of each others tools. The tools that it supports development of are all
also in the public domain. The interview is filled with URLs that give
further information about the technical elements discussed.
David Holub on
Peering: pp. 26 - 31
We interview David to assess his experience on the evolution of peering
and interconnection issues over the past two years. Regardless of the
issue of who benefits from peering (and as the interview shows it remains
difficult to define) he points out that one of the most difficult
positions the smaller players find themselves in is getting full
disclosure from the largest backbones, in advance, of just what their
conditions for peering are now or will be six months in the future. Holub
also has some very interesting things about how common carrier status
would affect an ISP both in the context of peering and in the context of
dial up network access charge exemptions.
************************************************************************
The COOK Report on Internet For subsc. pricing & more than
431 Greenway Ave, Ewing, NJ 08618 USA ten megabytes of free material
(609) 882-2572 (phone & fax) visit http://cookreport.com/
Internet: cook at cookreport.com On line speech of critics under
attack by Ewing NJ School Board, go to http://cookreport.com/sboard.shtml
************************************************************************
More information about the Naipr
mailing list