Re: [sig-policy] prop-110v001: Designate 1.2.3.0/24 as Anycast to suppor
Hash: SHA1
Hi all,
I have reviewed this proposal and at this time do not support this. I
am netural on the main issue of designating 1.2.3.0/24 as an 'special
purpose anycast' block.
I have issues with the RPKI portion. It creates additional burden on
APNIC to support non-member entities, which I do not support. As a fee
paying member, this whole idea of supporting the 46K ASNs currently
visible on the Internet doesn't scale and I'd find it a waste of fee
paying member resources.
- -gaurab
>
> ------------------------------------------------------------------------
>
>
prop-110v001: Designate 1.2.3.0/24 <http://1.2.3.0/24> as Anycast to
> support DNS Infrastructure
> ------------------------------------------------------------------------
>
>
>
> Proposers: Dean Pemberton, dean at internetnz dot net dot nz
> <mailto:dean at internetnz dot net dot nz> Geoff Huston, gih at apnic dot net
> <mailto:gih at apnic dot net>
>
>
> 1. Problem statement --------------------
>
> Network 1 (1.0.0.0/8 <http://1.0.0.0/8>) was allocated to APNIC by
> the IANA on 19 January 2010. In line with standard practice APNIC's
> Resource Quality Assurance activities determined that 95% of the
> address space would be suitable for delegation as it was found to
> be relatively free of unwanted traffic [1].
>
> Testing, conducted by APNIC R&D found that certain blocks within
> Network 1 attract significant amounts of unwanted traffic,
> primarily due to its unauthorised use as private address space
> [2].
>
> Analysis revealed that, prior to any delegations being made from
> the block, 1.0.0.0/8 <http://1.0.0.0/8> attracted an average of
> 140Mbps - 160Mbps of unsolicited incoming traffic as a continuous
> sustained traffic level, with peak bursts of over 800Mbps.
>
> The analysis highlighted individual addresses such as 1.2.3.4 with
> its covering /24 (identified as 1.2.3.0/24 <http://1.2.3.0/24>)
> remain in APNIC quarantine and it is believed they will not be
> suitable for normal address distribution.
>
> The proposal proposes the use of 1.2.3.0/24 <http://1.2.3.0/24> in
> a context of locally scoped infrastructure support for DNS
> resolvers.
>
> 2. Objective of policy change -----------------------------
>
> As the addresses attract extremely high levels of unsolicited
> incoming traffic, the block has been withheld from allocation and
> periodically checked to determine if the incoming traffic profile
> has altered. None has been observed to date. After four years, it
> now seems unlikely there will ever be any change in the incoming
> traffic profile.
>
> The objective of this proposal is to permit the use 1.2.3.0/24
> <http://1.2.3.0/24> as a anycast addresses to be used in context of
> scoped routing to support the deployment of DNS resolvers. It is
> noted that as long as providers who use this address use basic
> route scope limitations, the side effect of large volumes of
> unsolicited incoming traffic would be, to some extent mitigated
> down to manageable levels.
>
>
> 3. Situation in other regions -----------------------------
>
> Improper use of this address space is a globally common issue.
> However the block is delegated only APNIC and so therefor, no other
> RIR has equivalent policy to deal with the situation.
>
>
> 4. Proposed policy solution ---------------------------
>
> This proposal recommends that the APNIC community agree to assign
> 1.2.3.0/24 <http://1.2.3.0/24> to the APNIC Secretariat, to be
> managed as a common anycast address to support DNS infrastructure
> deployment
>
> Any party who applies to APNIC to use this address block on a
> non-exclusive basis to number their DNS resolver will receive a
> Signed Letter of Authority to permit their Autonomous System to
> originate a route for 1.2.3.0/24 <http://1.2.3.0/24>, and APNIC
> will also publish a RPKI ROA designating the AS as being permitted
> to originate a route. This ROA shall be valid until APNIC is
> advised otherwise by the AS holder.
>
> 5. Advantages / Disadvantages -----------------------------
>
> Advantages
>
> - It will make use of this otherwise unusable address space. - DNS
> operators will have an easy-to-remember address they can use to
> communicate with their users (e.g. configure "1.2.3.4" as your DNS
> resolver")
>
>
> Disadvantages
>
> - The address attracts a large volume of unsolicited incoming
> traffic, and leakage of an anycast advertisement outside of a
> limited local scope may impact on the integrity of the DNS service
> located at the point associated with the scope leakage. Some
> operators with high capacity infrastructure may see this as a
> negligible issue.
>
> 6. Impact on APNIC ------------------
>
> Although this space will no longer be available for use by a
> single APNIC/NIR account holder, the proposal would result in
> benefit for all APNIC community members, as well as the communities
> in other regions.
>
> There is the need to set up an administrative process in the
> reception of applications to use the address block, and in the
> maintenance of a set of ROAs associated with these applications
>
>
> References ----------
>
> [1] Resource Quality Good for Most of IPv4 Network “1”
> http://www.apnic.net/publications/press/releases/2010/network-1.pdf
>
> [2] Traffic in Network 1.0.0.0/8 <http://1.0.0.0/8>
> http://www.potaroo.net/ispcol/2010-03/net1.html
>
>
>
>
> * sig-policy: APNIC SIG on resource management policy
> * _______________________________________________ sig-policy
> mailing list sig-policy at lists dot apnic dot net
> http://mailman.apnic.net/mailman/listinfo/sig-policy
>
- --
http://www.gaurab.org.np/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlLsPegACgkQSo7fU26F3X3smQCgqTQrl/sJwTn73azgB0qBQWWE
reAAoLX9+bcPpO/SIWWpdDM818VPeNDI
=Ziz/
-----END PGP SIGNATURE-----