Keyboard Shortcuts
Thread View
j: Next unread messagek: Previous unread messagej a: Jump to all threadsj l: Jump to MailingList overview
Geoff et. al.,
Having seen a link to prop-050 on the ARIN public policy mailing list, and considering the implications of several forms of markets in IPv4 addresses, I thought I'd provide some perspective and input on the policy from a perspective somewhere on the ARIN side of global.
The premise of this policy proposal, and a fairly reasonable one, is that transfers of IPv4 addresses will occur regardless, and that it is best for APNIC to keep track of such transfers, place some limits on them, and constrain the parties to the transfer to continue abiding by APNIC policies. It also provides a mechanism by which organizations can continue to acquire IPv4 addresses after APNIC's free pool is exhausted.
However, this policy proposal abandons at least two important goals of RIR stewardship: aggregation and hierarchical assignment. By allowing the complete deaggregation (down to /24) of any APNIC allocation or direct assignment, and registering the transfer of each individual /24 to a different organization, this policy would leave the world no choice but to accept /24 announcements of APNIC-managed space or withdraw from the DFZ.
A much better course, in my opinion, would be to allow the complete and total transfer only of entire allocations or direct assignments. This would preserve aggregation, and continue to give operators across the globe the option of filtering prefixes longer than APNIC's minimum allocation size without completely destroying reachability.
Now it is obvious to me that as we exhaust the IPv4 free pool, some deaggregation will be necessary to allow us to increase the number of networks using IPv4 space. That deaggregation, however, need not be complete: it can be hierarchical. For example, consider a large IP space holder with a /8 who begins transitioning their existing customers to IPv6 and reduces or eliminates their need for IPv4 space. Say this organization then wanted to transfer some of that freed space to another APNIC account holder. One way to do that would be as Geoff proposes. If they do not wish to transfer the entire /8, however, a better way (for the Internet as a whole) would be to lease (re-allocate) portions of the IP space to recipient organizations. The /8 could still be announced, and the source organization could provide some form of connectivity (probably a tunnel) to the recipient organization. This would ensure full reachability for the recipient organization, while preserving the rest of the Internet's ability to filter out more-specific deaggregates outside their sphere of usefulness (possibly with as-pathlimit). Even though such filtering is not necessary or common now, we must preserve our ability to filter, as there is a very real possibility that the growth of the IPv4 routing table after IPv4 free pool depletion will accelerate beyond the ability of affordable routers to keep up.
If, at some future date APNIC wants to further liberalize the IPv4 transfer policy to allow transfer of smaller blocks (perhaps down to /20 or the then-current minimum allocation size), that is always possible. However, if prop-050 is adopted as written, APNIC (and the world) will lose the ability to reverse the deaggregation, and we'll be stuck with a "swamp" much bigger than that created by the allocation of Class C's.
I hope the members of the APNIC policy-making community will consider the goals of aggregation and hierarchical assignment when considering prop-050, and will only adopt it as policy if it is modified to preserve our future ability to effectively deal with deaggregates.
Thanks, Scott
Scott,
Thank you for your comments.
You phrase in objective text what I would see as some interpretations and perspectives. While it is clear to me that you hold these views and perspectives, it is not clear to me that these are necessarily objective truths.
There is considerable uncertainty on the true capabilities of the routing system and its not entirely clear to me what limitations exist in the routing system as distinct from various impressions of what such limits may be. I would think it less than entirely appropriate to base policy on such perceptions of the nature of the inter-domain routing system and its capabilities, and even less appropriate to phrase current policy on perceptions of what such limits may have been some years ago.
What appears to me is that we are in a situation where:
We are facing a transition to IPv6 that requires the operation of a dual stack environment where both future and existing deployments require access to both IPv4 and IPv6 address space.
http://www.potaroo.net/ispcol/2007-08/dualstack.html
We are facing a transition that is complex
http://www.iepg.org/2007-07-ietf69/070722.v6-op-reality.pdf
This transition probably will take an extended period of time, and probably will take much longer than the anticipated time remaining in the unallocated Ipv4 address space pool
http://www.potaroo.net/tools/ipv4/
So we can anticipate that new network deployments will take place after this pool exhaustion time, but they will still need IPv4 addresses in order to support dual stack operation as part of the overall IPv6 transition. But the RIRs will be unable to assist them, as their address pools are empty at that time. So, in the absence of alternatives, its likely that we will see various forms of IPv4 address transfer take place in order to meet these continuing demands for address space during this dual stack transition period.
Now, in terms of registry policy, can either allow such transfers to be recorded in the registry system or we can choose to deny access to the registry system. The registry system underpins the concepts of uniqueness, consistency, coherency, accuracy and integrity of the network's address plan. If the registry cannot fulfil this function then the utility of the entire network is severely undermined. Chaos in addresses is chaos in the network.
The extent to which other policies can be intertwined with this measure of transfer registration is uncertain. The higher the barrier of entry to the registry the higher the temptation to avoid registration altogether, raising the potential risks referred to above.
The transfer policy proposal being proposed in the APNIC policy forum is deliberately phrased as one that is simple and direct, and it tries to get to the heart of what needs to be undertaken in terms of roles of the registry in an environment where the associated address allocation function has finished through address pool exhaustion, yet the demand for uniqueness, consistency, coherency, accuracy and integrity in the registry function remains. In such an environment the registry needs to be in a position to accurately reflect the reality of address distribution. For that reason the policy proposal is quite limited in its scope, as it addresses quite directly the concept of including in the policy framework a capability to admit access to the registry in order to record address transfers.
regards,
Geoff Huston
Geoff Huston wrote:
Scott,
Thank you for your comments.
You're welcome: I'm glad my criticism was receptively accepted as constructive.
You phrase in objective text what I would see as some interpretations and perspectives. While it is clear to me that you hold these views and perspectives, it is not clear to me that these are necessarily objective truths.
Of course, my views do reflect my own opinions, interpretations, and perspective. I don't have any religious delusions that such views represent objective truths, but I do hope to encourage you and others to consider this policy proposal from such a perspective.
There is considerable uncertainty on the true capabilities of the routing system and its not entirely clear to me what limitations exist in the routing system as distinct from various impressions of what such limits may be. I would think it less than entirely appropriate to base policy on such perceptions of the nature of the inter-domain routing system and its capabilities, and even less appropriate to phrase current policy on perceptions of what such limits may have been some years ago.
I agree there is much uncertainly in the capabilities of the routing system, both now and in the future. However, I believe that the best course of action in the face of such uncertainty is to leave our options open, as much as possible, to take future action to respond as future capabilities, limits, and requirements become better known.
What appears to me is that we are in a situation where:
We are facing a transition to IPv6 that requires the operation of a dual stack environment where both future and existing deployments require access to both IPv4 and IPv6 address space. We are facing a transition that is complex. This transition probably will take an extended period of time, and probably will take much longer than the anticipated time remaining in the unallocated Ipv4 address space pool. So we can anticipate that new network deployments will take place after this pool exhaustion time, but they will still need IPv4 addresses in order to support dual stack operation as part of the overall IPv6 transition. [references removed]
Agreed.
But the RIRs will be unable to assist them, as their address pools are empty at that time. So, in the absence of alternatives, its likely that we will see various forms of IPv4 address transfer take place in order to meet these continuing demands for address space during this dual stack transition period.
If we continue on our current course, that will likely be true. We are not without policy options, both for preventing the complete exhaustion of the IPv4 free pool and for dealing with a world in which pretty much all IPv4 addresses have already been allocated/assigned. (One such option, of course, is the one we're discussing.)
Now, in terms of registry policy, can either allow such transfers to be recorded in the registry system or we can choose to deny access to the registry system. The registry system underpins the concepts of uniqueness, consistency, coherency, accuracy and integrity of the network's address plan. If the registry cannot fulfil this function then the utility of the entire network is severely undermined. Chaos in addresses is chaos in the network.
The extent to which other policies can be intertwined with this measure of transfer registration is uncertain. The higher the barrier of entry to the registry the higher the temptation to avoid registration altogether, raising the potential risks referred to above.
I think I agree with you on the need to allow such transfers to be recorded in the registry system and try to avoid the potential risks referred to above.
The transfer policy proposal being proposed in the APNIC policy forum is deliberately phrased as one that is simple and direct, and it tries to get to the heart of what needs to be undertaken in terms of roles of the registry in an environment where the associated address allocation function has finished through address pool exhaustion, yet the demand for uniqueness, consistency, coherency, accuracy and integrity in the registry function remains. In such an environment the registry needs to be in a position to accurately reflect the reality of address distribution.
Agreed.
For that reason the policy proposal is quite limited in its scope, as it addresses quite directly the concept of including in the policy framework a capability to admit access to the registry in order to record address transfers.
This is, I think, the heart of our disagreement. I see prop-050 as quite broad in scope, in that it not only allows APNIC to record transfers, but it allows the full and complete deaggregation of allocated and assigned resources. In my opinion, that significantly, and unnecessarily, broadens the scope of the proposal beyond what is reasonable and prudent.
As APNIC manages fewer legacy allocations (such as Class A and Class B netblocks given out before the creation of the RIRs), and has been more successful in bringing such early registrations under the same set of policies as APNIC allocations and assignments, I think APNIC has far fewer fairness issues to deal with than ARIN does in considering a regulated market in IPv4 addresses. Therefore, I would not oppose prop-050 (for the APNIC region) if it were revised along these lines:
Rather than "Only IPv4 address blocks equal to, or larger than, a /24 prefix may be transferred.", require that "Only complete IPv4 allocations may be transferred".
Later on, if demand is sufficiently high, this could be relaxed further to something like "IPv4 address blocks may only be transferred in sizes equal to, or larger than, the minimum allocation size defined for that address range as documented at http://www.apnic.net/db/min-alloc.html".
I believe these relatively minor changes to prop-050 would preserve the benefits of a regulated market in IPv4 addresses without abandoning the goals of aggregation and hierarchical allocation, and would eliminate much of the risk to the routing system of the complete deaggregation of many large APNIC-managed netblocks.
-Scott
Activity Summary
- 5899 days inactive
- 5899 days old
- sig-policy@lists.apnic.net
- 2 participants
- 2 comments