Re: [sig-policy] Revised version: prop-100 National IP Address Plan - Al
>
> The Government of India released a national IPv6 policy in July 2010 in
> which it took the following important decisions –
>
> 1. All major service providers will target to handle IPv6 traffic
> and offer IPv6 services by December 2011
>
That's excellent!
> 2. All central and state government ministries and departments,
> including its PSUs, shall start using IPv6 services by
> March-2012
>
Also excellent news.
> 3. Formation of India IPv6 Task Force
>
> For the implementation of the above policy decisions many discussions
> were held with service providers and organizations in which they were of
> the opinion that there should be proper address planning for different
> organizations within the economy. So taking cue from this, Government of
> India (Department of Telecommunications) set up a committee for
> formulation of a National IPv6 address policy.
>
I'm less convinced that this is such a good idea. In fact, I think such process
could be potentially very harmful to India and the people of India in the long
run. I think it is good to look at IPv6 addressing policy and consider whether
there are ways that the policy can be improved to achieve better aggregation
and better service capabilities to end users, better administration by ISPs, etc.
However, placing an entire economy behind a single prefix still continues to
ignore a number of operational realities and creates new risks that I do not
believe have been properly considered in this process.
1. Economic and National Boundaries usually have little or no relationship
to topological boundaries on the internet.
2. Placing an entire economy behind a single prefix which cannot, by
definition be aggregated behind a common routing policy due to
use by disparate organizations will not improve routing and will not
provide any aggregation benefit.
3. Placing an entire economy behind a single prefix does allow anyone
who wants to disconnect that economy to do so with a single-line
ACL. The prefix will be well known and easily identified. In contrast,
current allocation policy might allow a single organization to be
targeted in this manner relatively easily, but, because other proximal
organizations will not so easily share the same fate, it can be trivial
to route around damage imposed by such a move. This makes the
internet more resilient and makes it much harder for hostile forces
to remove an entire country from some fraction of the internet. The
proposal at hand would significantly reduce this resiliency and basically
turn each affected country's prefix into multiple single points of failure.
> In the 2nd meeting of the committee held on 18th July 2011 in New Delhi,
> members were of the opinion that India as a whole should request for the
> reservation of a suitably-sized block of IPv6 addresses from APNIC. This
> block can be allocated to different organizations by keeping in view the
> long term planning perspective.
>
> So it was decided that this issue should be taken up with APNIC. As
> this was a policy related issue, and other economies in the APNIC region
> may also have similar needs, therefore, the proposal was put up to APNIC
> for address block reservation at the economy level for subsequent
> allocation to different organizations within the economies in the APNIC
> region.
>
If, in spite of the above concerns, you still feel that this is the best way for
India to proceed, I believe that APNIC can set aside a prefix from which to
make allocations to India and do so. I don't think this requires policy to be
implemented. I think it can be done largely by making a coordinated
request with APNIC staff.
>
> 2. Summary
> ----------
>
> Right now IPv6 addresses are being allocated to individual organizations
> in different economies by APNIC within a certain policy framework, which
> was developed in the IPv4 era. But there are certain concerns with the
> above APNIC policy -
>
> (a) Contiguous address block allocation is not ensured by APNIC when
> an organization goes back to APNIC for further allocation
> (reapplying after more than one year)
>
While that is true, in there are proposals that deal with this in a better
way. Proposal 98 and 99 both offer better alternative solutions to this
problem. A national prefix doesn't guarantee this either. It merely
guarantees that both fragments will appear with in a single easy-to-
filter national prefix which will, by definition of the topological reality
be deaggregated when it is advertised to the global internet.
> (b) Non provision of address space for future organizations in
> economies who are not in a position (or not aware) to ask for
> addresses at present.
>
This was an issue in IPv4 not because of poor allocation policy in the
beginning, but, because IPv4 was repurposed for a radically different
application than it was originally designed. IPv4 was intended as a
protocol for an experimental network connecting a few universities,
research institutions, and government entities. When IPv4 was being
designed, noone had even conceived of HTML, HTTP, Gopher, WAIS,
or anything remotely resembling the World Wide Web.
For the original intended audience, 3.2 billion unicast addresses was
luxurious. When the audience went from a few thousand users at a
few hundred locations to 6+ billion users in millions of locations almost
over night, the internet engineering community immediately set about
to design and develop IPv6. While it has taken longer than it should
to do so, and, deployment of IPv6 still lags, I really do not see address
allocation policy as a barrier to entry for IPv6 for the foreseeable
future. I would happily support these kinds of reservation policies
at a time when we begin to invade even the 4th or 5th /3 of IPv6
space, but, at this time when only 1 /3 has been issued for unicast
space and only a tiny fraction of a second /3 is used for special
use addresses (ULA, multicast, link-local, etc. all from f000/4),
I think we are better to keep things topologically aligned and not
devolve the internet with geopolitical boundaries that are unrelated
to topology.
> APNIC policy does not currently allow address blocks to be allocated at
> the economy level, so through this proposal, we are seeking a change in
> the policy for reservation of adequate IPv6 address space economy wise
> for further allocation to different organizations and stakeholders
> within the economy.
>
For the reasons stated above, I still think that allocating address blocks
at the country or economy level is a phenomenally bad idea.
Owen DeLong
Hurricane Electric