ARIN 47 Public Policy Meeting, Day 2 Transcript - Tuesday, 13 April 2021
Public Policy Meeting, Day 2 - Opening Announcements and Format Overview
John Curran: Good morning, one and all. If folks will get ready, we’ll soon get started on day two of ARIN 47 Virtual Meeting. I’d like to welcome everyone.
We had a great day yesterday, and we’re looking for another exciting day today. Next slide.
As usual, we’re joined by the volunteers who support ARIN, which come in a variety of types – the elected Board of Trustees; Paul Andersen, Chair; Nancy Carter, our Treasurer; myself, I’m not elected, I’m hired; Peter Harrison; Catherine Middleton; Tina Morris; and Bill Sandiford, Vice Chair.
We have six Trustees elected for three-year terms, two each year. And they’re the ones who help guide the future the organization, provide fiduciary oversight and help me set the direction for where ARIN goes.
Next slide. We also have the ARIN Advisory Council, which plays the lead role in policy development at ARIN, working on shepherding various policy proposals into draft policies, Recommended Draft Policies and then sending them to Board for ratification.
They’re led by Leif Sawyer, the Chair, and Kat Hunter, who is the Vice Chair.
Next slide. We also have the NRO Number Council, the group that works on global policy when that comes up. They do that within the structure of ICANN where they’re known as the ASO AC, the Address Supporting Organization or Address Council.
And we have three members from this region – Kevin Blumberg, Martin Hannigan and Louie Lee. You’ll be hearing more about that later.
Next slide. We reviewed the platform yesterday. But, again, raise your hand if you want to be queued for speaking during open mic sessions. During the panels we generally use the Q&A. When you submit your question to the panel, include your affiliation.
And chat is for you folks to chat among yourselves. That’s not for questions to the panel.
Okay. Next, be professional, be on topic, following ARIN standards of behavior. People have been generally very good about that. And I ask that you continue. Keep your discussions relevant to the general topics of ARIN and Internet number policy.
Next. Rules and reminder. When we go through the policy, the Chair will moderate the discussion so everyone can be heard. Everyone has an opportunity to speak. You don’t need to be an ARIN member or an ARIN customer. We listen to good policy ideas and comments no matter where they come from.
Clearly state your name and affiliation. If you’re using the Q&A, put your affiliation down, your name, if it’s not included in your log-in session within the online meeting.
Standards of behavior are in your Discussion Guide and available online. Generally they say be courteous to others and professional in your behavior.
Next slide. Again, we’re recording and live streaming. We will make all the materials available. There will be transcripts. Speak clearly and slowly, unlike me, to help the person doing the transcription.
Next. I’d like to thank our Bronze Sponsor, the organization that provided yesterday’s keynote speaker, which was incredible, Team Cymru.
And next slide. We have an important agenda coming up. In the morning we’re going to have a number of reports from around the Internet. We’ll have the Internet Number Resource Status Report, talking about the Number Resources and where they are in the various RIRs.
Mark Kosters will give a software update at ARIN. And we’ll hear from the Number Resource Council. And we’ll hear from ARIN’s Government Affairs Department, the Governor’s Affairs Report from Anne-Rachel. And we’ll have global reports from our counterparts at other RIRs, and hear from the IANA, which is also the Public Technical Identifier organization. That should be exciting.
We’ll have a break, another break, including stretching with Erin a word scramble. Should be exciting. We’ll move on to a policy block in the afternoon with Draft Policy ARIN-2021-1: ASN Clarifications; and draft policy ARIN-2021-2: Special Use IPv4 Space Out of Scope for Purposes of Waitlist Eligibility.
We’ll do an open mic as we did yesterday, and that will be a wrap for the day. It should be a good day. Glad to have everyone back. And I look forward to getting kicked off.
Our first speaker is John Sweeting, our Chief Customer Officer, who is going to give the Internet Number Resource Status Report. Take it away, John.
Internet Number Resource Status Report
John Sweeting: Thank you, John. Welcome, everyone, back to the second day here of the ARIN PPML for spring 2021.
I’m going to quickly run through the Internet Number Resource Status Report. This is a report that is prepared by all five of the RIRs and consolidates all the numbers and gives an update and status on the Number Resources in each of the regions and a comparative look at that.
Next slide, please. So, this is just a representation of where all the 256 /8s are residing, where they’ve been given out to. Nothing too interesting. This doesn’t change much these days. As a matter of fact, I don’t think it changes at all unless there’s a transfer – actually, it doesn’t even change then because this is the distribution from IANA. So it doesn’t change no matter what happens.
Next slide. This is a look at the total IPv4 addresses that are managed at each of the RIRs. Not a lot interesting there, other than probably, as you could guess, that 99.76 at ARIN, there’s a lot of legacy included in that.
Next slide. Next slide. Next slide, please. Next slide. My Internet is unstable.
John Curran: John, do you want me to take it over?
John Sweeting: If you can. My Internet is unstable, it says. I’m in the office, but can you hear me now?
John Curran: We can hear you. Do you know what slide you’re on?
John Sweeting: What’s showing now is available IPv4 space in each RIR.
Paul Andersen: Which is what we’re seeing.
John Sweeting: Okay, awesome.
John Curran: Very good.
John Sweeting: This slide is the available space in each of the RIRs currently. It’s available for distribution from what we used to call our free pool. But some of these are special use.
As everyone knows at ARIN, we don’t have any that we can say with any certainty here’s how much we have, but we have space that gets returned and we use our waiting list to manage that.
Next slide. Okay. Internet, this is IPv4 space issued by RIRs in terms of /8s, how much space has each RIR issued per year. As you would guess, this shows that it’s gone down and down and down and down. And it will probably go even less for 2021. Not a whole lot interesting with that.
Next slide. All right. Intra-RIR Transfers. Number of transfers per year. This is intra – so, this is within each of the RIRs. They’re customers to other customers within the same RIR.
It’s steadily going up. In most regions RIPE leads the way in the number of transfers each year.
Next slide. This is the number of addresses transferred by year. And as you can see, it’s a little bit of a different story. The number of addresses transferred by year, ARIN is transferring the most when you go by the address count.
So, there’s a big difference in the number of transfers and the number of address blocks, which means there’s a lot of – probably a lot of bigger transfers going on within the ARIN region.
Next slide. Okay. This slide is a little busy. But this is the total number of IPv4 transfers between RIRs. We’re actually going to be updating this slide to use a table that shows this a lot clearer.
But for our purposes here, what this shows is going out from ARIN to APNIC there was 327 transfers and coming in, 53. Actually, let’s go to the next slide so we can just talk about number of addresses rather than number of transfers. That’s what’s more interesting, I think.
From ARIN to APNIC is 19.01 million out and 189,000 in. To LACNIC, it’s 256 out and 13.82 in.
And to RIPE, 8.7 million out and 735.75 thousand in. So you can see with the legacy space that ARIN has, the amount of legacy space there’s been a lot of transfers of legacy space outside the region to other regions, which is probably pretty good.
Next. Okay. This shows, this is where all the current IPv6 address space and how much has been allocated to the RIRs. There were some smaller blocks allocated from IANA to the RIRs earlier on, but today as you can see, AFRINIC has a /12, APNIC has a /12, LACNIC has a /12. ARIN and RIPE are the only two that have gone back to IANA for their second /12s, so now ARIN and RIPE are now holding a /11 of that space.
You can see the space allocated to RIRs before October 2006 on that chart down there.
Next slide, please. These are the number of IPv6 allocations, allocated that each RIR has allocated through the years.
LACNIC is pretty steady. LACNIC transfers a lot of IPv6 – allocates a lot of IPv6 out. I think that has something to do – they have a policy that everyone gets IPv6 when they’re a LACNIC customer.
Not a whole lot of other interesting stuff there, other than it stays pretty steady. It does grow from time to time if you notice for ARIN.
ARIN has stayed remarkably steady over the last 10 years. If that means anything to anybody, I don’t know. But it seems kind of remarkable to me that it stays so steady. The same with AFRINIC is pretty steady.
Next slide, please. The total allocated IPv6 space by RIR. RIPE has allocated the most. And then you see APNIC and LACNIC and AFRINIC.
Next slide. This is the prefixes at RIR, IPv6 assignments that have been assigned per year. Looks like APNIC does a lot of assignments. The rest of it is pretty steady. Nothing that really begs for explanation.
Next slide. And this is just the total, all those years totaled up. LACNIC has a lot of assignments, as you can see from the chart.
Next slide. So the percentage of members with IPv6 in each RIR, and this slide is a little bit weird. I believe that that’s 9.1, those pieces floating over the top, I think, are members with IPv6 only. Yeah, it should show something different. But, anyway, for the total for ARIN, members with IPv6 is 60.1 percent.
Next slide, please. We’re going to talk about the AS numbers. This is just, again, a slide that shows where all the AS numbers are allocated out to at this point in time.
Next slide. How many ASNs each RIR issues per year. And that’s broken down by 32-bit and 16-bit. I’m just pausing here to give everybody a chance to look at it. Not a whole lot to say about it. It is what it is. These are the numbers.
Next slide. I’m sure everybody could guess that this was the total. This slide would be the total ASNs assigned by each RIR. And the floating numbers, the 32-bit number, I would guess.
These slides – apologize for the slides. I’m not sure what happened on the rendering of these.
Next slide, please. This is the reference where you can find these slides and the statistics on the NRO site and also for the IANA resources on the IANA site.
Next slide. That is it. That is a look at where all the number resources in the world are residing these days and what each of the RIRs are doing annually.
Remote Host: Thank you. And just to clarify, for those as we open it up for questions, please make sure that you note – if your name in Zoom is not your first and last name, that you note your first and last name, as well as your affiliation, when you ask your questions.
If you choose to raise your hand, leave that hand up as we will toggle back between questions and answers. Currently, Mr. Sweeting, it looks like we have one question from Mercia Arnold at The Obsidian Group, asking: Are transfers by governments ISP companies or by end users?
John Sweeting: The quick answer to that is the transfers are done by the RIRs to the RIRs. But they’re originating with customers of the RIRs.
So, if it’s an intra within ARIN, it’s a customer of ARIN transferring to another customer of ARIN. So there’s a source and a recipient for that transfer.
They could be governments. They could be ISPs. They could be end users. They are just organizations that have number resources from ARIN.
If it’s an ARIN customer transferring to a RIPE customer, then it’s ARIN working with RIPE staff to actually complete the transfer between those customers.
And, again, they could be government, ISPs or end users. They just have to be customers of that RIR that they’re doing the transfer to.
Remote Host: Thank you. Doesn’t look like we have any further questions. I’ll turn it back over to Mr. Curran to introduce the next speaker.
John Curran: Very good. And I’m working on that video thing. Okay. Thank you. Our next presentation will be Mark Kosters, and he’ll be giving the ARIN software update. Mark, take it away.
Mark Kosters: Thank you, John. I’m going to go around and give you a brief tour of ARIN’s Engineering Team. So let’s go on to the next slide, please.
Before I begin, it’s kind of funny, both Mr. Sweeting and I are in the office today. I’m in the office today because there’s construction going on in my neighborhood and I didn’t want to leave anything to chance. And here we have just a bit of a hiccup at our network at the office, but I think everything’s okay now.
Let’s go on with our agenda. We have a bit of development history I want to talk about. Prioritization: How does Engineering actually figure out what’s going to go on?
What we have done since ARIN 46 and what we plan on doing – actually, 47 – and what do we plan on doing for the remainder of 2021.
Next slide, please. Development History.
Next slide, please. I started in ARIN back in 2007. Back then we were a Perl shop and we also used waterfall. And it became fairly apparent that we needed to make some changes.
We did a number of different things. One is we went to Java. So most of our application development now is in Java. And we moved to an Agile environment. That’s worked out really well for us. Our first sprint was completed in December of 2009, and we’ve completed 170 sprints since then.
Sprint durations are now four weeks, three to four weeks, and the two-week release hardening sprint right before deployment.
One of the things that’s interesting here is, after each sprint, we actually have a sprint review and planning where we go through and say this is what this team has done and what they’ve developed over this past sprint and actually review it with interested parties within ARIN – within the company of ARIN.
It’s well seen by those who are interested in what we’re doing. Since that time we’ve had 67 planned releases since 2008, and we’ve had many, many other minor releases during that time.
Most of them you don’t see because we’ve now gone to a development – an actual operational environment where we can make changes without any interruption to the public. Most of our releases are no longer customer-impacting as a result. Thank you. Next slide please.
Let’s talk about prioritization. Here are the factors that influence priorities. It’s not, hey, this is what Engineering wants to do and this is what we’re going to do. There are a number of things that actually influence our priorities. And these are all things that are approved and acknowledged by Mr. Curran and also Mr. Jimmerson. And there’s a number of things that are used as part of our plan as we go forward with what we plan on doing.
These are factors that influence our priorities: Board of Trustee initiatives; legal and regulatory requirements; ratified policies that need development or implementation changes; ACSPs; operating plan objectives – hey, we’ve got to change out this piece of hardware because it’s about ready to fail; defects, maintenance and upgrades – just something that we have to do, almost every engineering team has to do this; environmental changes – we’re moving different offices; customer feedback via the feedback button or otherwise; customer service; and Mailing List requests.
All these things actually play a role in setting up our plan for this, for the current year and also for the upcoming years. So, we typically do a two-year plan.
Next slide, please. So what have we completed since ARIN 46 into ARIN 47?
Next slide, please. So our themes have been: decrease our technical debt. You’ve heard me speak a number of times in the past about our technical debt. And we are doing a tremendous amount of work here and having a tremendous amount of success in reducing our technical debt.
We plan on continue to iterate on the IRR that’s going on and upgrading our back-end services and monitoring.
Next slide, please. Here’s what we’ve done. And here are the things that are external that you’ve seen.
We’ve rolled out a base-level API for the IRR. There’s now RESTful service for people to add and remove routes, et cetera, within – using a RESTful API.
We also put out an RDAP Bootstrap Server that’s released on GitHub, including a Docker image. So, if you wanted to run an RDAP Bootstrap Server, you can do so.
We’ve increased our CRL limits on RPKI, that we used to have a very hard limit based on hardware limitations on our high-security module. That’s now been removed. And now we basically can deal with as many ROAs as we currently have in our inventory.
We fixed a delegated RPKI issue in the OT&E, so customers wouldn’t have to request RSD to make a change. This is actually now seamless.
We’ve updated our RDAP bootstrap endpoints in nicinfo and fixed some bugs as well. Nicinfo is a client that is universally used by the community – RDAP community. It’s probably one of the most prevalent uses and highest uses of RDAP, using the nicinfo client.
We’re not sending any more validation emails to reassignment POCs anymore per policy. We’re doing an upgrade to CentOS 7 across the board. We were running CentOS 6. All our publicly-available instances are running CentOS 7 or other variant of BSD.
So, we’re fairly recent on our OSes across our public infrastructure. We’ve removed all our public NetApp appliances. One of these, as you may recall, actually gave us some troubles about a year and a half ago. So all our publicly-available NetApps are now gone. And they’ve been replaced.
We’ve replaced – removed SSL 1.1 support, which – and we will soon be adding SSL 1.3 support. We are adding CAPTCHA to the ARIN Online process. I talked about that yesterday. We Anycasted a very busy DNS secondary box that has a huge amount of traffic. It’s now going across our three public-facing sites that we have – one in Dulles, one in Seattle and one in San Jose.
We’ve moved Board and AC support to a cloud-based solution. And we have a service status dashboard.
Go to the next slide, please. Here is the Service Status Dashboard. You can now see, via the web, you can actually see the availability of our services.
Outage notifications will be displayed here. And you can also subscribe to it. So you can actually get notifications. You don’t always have to poll the website to see what’s going on.
There’s a whole variety of ways to actually get this information. Next slide, please.
What we’ve done internally that you haven’t seen or actually you may see in the near future, we secured – we have a DNSSEC appliance called Secure64 and we’ve recently upgraded it. And we’re going to move to a more modern algorithm.
We’re currently on algorithm 5, which is being deprecated. And we’ll be moving to algorithm 8. So you will be seeing this in the upcoming months.
We’re going about this very carefully so that we don’t have any issues. We have had lots of tech debt in our software that we’ve replaced, dealing with the management application, as well as our zone generator.
We also have put in place reporting analysis of third-party issues that we have within ARIN Online. We have a dependency checker that we check against as well as a security review audit appliance called SonarQube. We have better security monitoring put in place. And we’ve been focusing on moving internal services into the cloud. Thank you.
Next slide, please. What do we have in plan? Next slide, please.
We plan on continuing to iterate on the IRR. There’s more API endpoints coming out with IRR that you’ll soon see. We have some work to do with Premier Services that was announced yesterday to make it easier for RSD.
We plan on adding new features to RPKI. Things that we have, one that’s fairly near, is adding RRDP instances to the cloud.
Repositories can be fetched by one of two ways. One is a web-based protocol called RRDP, which is pretty easy to put into the cloud. And the other one is via the rsync protocol, which is a little bit harder to put into the protocol.
We also are putting – supporting – planning on supporting a hosted repository service for delegated customers.
There’s been a number of people that have been asking Brad Gorman for this, and something I’m sure we’ll be working on – and also the synchronization of IRR and RPKI objects.
We plan on doing improved login security following our NIST guidelines that we talked about yesterday. And regarding a question that R.S. asked yesterday in terms of what our password guidelines are in terms of length, the NIST guidelines are a minimum of eight characters and a maximum – or the maximum being no less than 64 characters. Our current implementation has 12 as a minimum. Which can be variable and currently the maximum is set at 64.
We are working on the integration of a third-party election system, integrating a new one. Rolling out new in.addr zones that I mentioned before with a more modern algorithm and updating our load balancers to the latest so that we can support SSL 1.3.
Next slide, please. Internally, we’re moving more and more services into the cloud that are currently hosted by ARIN. I did a count a little bit earlier today. And we currently have 10 services that we are currently using – relying on the cloud for our systems. And this goes from laptop backups all the way through things like doing management of laptops.
And we’re planning on doing three more. And we have two more that are under evaluation, whether or not they’re going to be cost-effective to be put into the cloud.
We’re going to be upgrading our PBX. You may have heard of an issue we had with our phone system being down. It’s currently using very old technology, using a PRI, using a plain old telephone network for us to gain access, which is interesting because actually we have a converter that actually moves it to SIP internally. Then it actually is distributed to the various people who have extensions, like the help desk, both RSD and FSD.
And we’ve moved CentOS 6 boxes to CentOS 7. And we’re moving more and more technical debt by upgrading our software. We’re updating our internal Windows software, making our billing application fully-redundant.
Upgrading our videos – our security video monitoring gear. So this is gear that we have to actually make sure that our office is secure in the evenings.
If we get an alarm, we can – some sort of a tamper alarm, we can actually check the video system to see if anyone has actually tried to enter the facility. And we can do that remotely.
We’re hardening our laptop support for zero-touch management, which is important in today’s COVID environment. Upgrading our monitoring system so that we can support fully-redundant sites in terms of where the monitoring head is.
We’re doing improvements on our high-availability infrastructure, as well as a hardware refresh on older gear. Okay.
Next slide, please. So and here goes to the bonus. Next slide, please.
These are slides I always like to show. And this is Whois and Whois-RWS, the amount of traffic that we see.
And what’s interesting about this is that we see – we see just an amazing amount of traffic on our directory service infrastructure. And this is amazing in comparison to what the other regional registries see.
And, I think, it’s because that we’re essentially legacy RIR, even though we’re the third in line in terms of its inception. ARIN actually came from the InterNIC which actually came from SRI-NIC and so on from way back when. And people default to our services to figure out where they need to go for their directory service question.
So you can see here that we have quite a bit of traffic – 2500 queries per second. It’s gone down a little bit. It’s been as high as 4,000 queries a second. Now it’s currently sort of settled down to 2500 queries per second, at least for now. Okay. And that’s on Port 43.
Next slide, please. This is another interesting slide. And this is RDAP. You can see from the blue line here that here is our traffic on v4. We’re seeing about 150 queries per second.
This is in comparison to other regional registries seeing about 30. We’re seeing about 150 on v4. And actually one of the things I find kind of interesting is that v6, we’re starting to see a little bit of traffic.
You can see that we’re still on the low side, maybe between five and 10 queries per second. But you can see that we’re finally seeing some traffic over v6. That’s mainly because RDAP is a fairly modern protocol. Has a modern client that you can use.
And if your host that uses that RDAP client actually supports v6, it will use v6.
So anyways, next slide, please. That is the end of my presentation. And I think I’m five minutes over.
Remote Host: That’s okay. We’ll forgive you for that with all that information you had to cover. Reminder to everybody, again, to please make sure your name and affiliation are connected to your questions.
Now is the time to get those questions in as well as raise your hand if you’d like to speak. Currently I’ve got a couple of questions for you, Mark.
Kevin Blumberg from The Wire is curious why you’re migrating to CentOS 7 which has an EOL of three years and is now considered very dated?
Mark Kosters: CentOS 8 is something we’re not sure we want to go to at this point in time because we like the idea of having sort of regular releases that are timed.
And so we haven’t moved to that yet. So CentOS 7 is at least here for three years, and that gives us some opportunity to figure out what we want to do next. So good question, though, very good question.
Remote Host: Thanks. And Gary Giesen from CentriLogic, also ARIN AC: We’re planning on relying on free services like HIBP. Is ARIN contributing back to those services, either with financial assistance or technical assistance?
Mark Kosters: Sorry, can you re-ask that question again?
Remote Host: Sure. Planning on relying on free services like HIBP. And he wants to know whether ARIN is contributing back to those services.
Mark Kosters: Not at this point in time. But that’s something that I’m sure that we will consider. I think Mr. Curran may want to answer.
John Curran: Yeah, that’s actually an excellent point. We can – I don’t know whether or not there’s an option for contributing, but we’ll go check.
It’s possible we might need someone to sponsor that contribution. What I mean by that is, it may be that we need to double-check. That would be the type of thing we could do as a grant, for example, periodically.
It’s not quite a purchase of service. So it wouldn’t be a normal expense we just do. But if the community thought that the value of the service was high and it was something that ARIN should contribute to, that might be something that we could consider.
I’ll need to look at the various ways we can fund or contribute to that and see which one makes sense.
Mark Kosters: Thank you, John. So one of the things that we’re doing within ARIN, which is actually fairly new, is that many of the tools that we’re putting out, actually, we’re putting out in the public domain as well, which is fairly new for ARIN to do, with nicinfo as well as the RDAP Bootstrap Client. There are a number of other tools that are in ARIN’s GitHub repository that you’re more than welcome to take a look at and use.
Remote Host: Thank you so much. Last chance if anyone has any further questions or would like to raise their hand and share or ask questions. Looks like the queues are clear right now.
Thanks, Mark. I’ll turn it back over to Mr. Curran to introduce our next presentation.
Mark Kosters: Thank you very much.
John Curran: Very good. Thank you, Mark. Our next speaker will be Kevin Blumberg. And he’ll be presenting the NRO Number Resource Organization Number Council update. Take it away, Kevin.
NRO NC Report
Kevin Blumberg: Good afternoon from sunny Canada. I’m Kevin Blumberg, the Chairman of the ASO AC. And I will be doing the updates today.
The ASO AC, also referred to as the NRO Number Council – towards RIR’s we’re called the NRO Number Council, and towards ICANN we’re called the ASO AC, just to avoid any confusion. Effectively it’s the same terminology at play.
We are 15 members, three from each region. Two are elected and one is appointed by the respective RIR Board. We also have a number of RIR and ICANN observers that join us regularly on calls. The term of office is different for each year. But for the ARIN region it is three years.
The ASO AC’s primary role is to oversee global policy development. We have a set of procedures that are detailed on our website. And we’ll get a little bit more into that in a minute, but our main goal is being there for global policy development.
We, as well, elect – or appoint, I should say, two members to the ICANN Board for seats 9 and 10. We appoint a member to the ICANN NomCom. And as well, as requested, we will advise the ICANN Board as part of things.
We meet telephonically over Zoom once a month, usually on a Wednesday at noon UTC. We have a face-to-face as well annually usually at the first ICANN meeting of the year. This year it was canceled.
As you can see here, here are all the different ASO AC members for the various regions. As mentioned earlier, this year I’m the Chair. Mike Silber from the AFRINIC region and Hervé Clément from RIPE NCC are the Vice Chairs.
When we’re talking about global policy development, the first thing is to be able to know when a global policy is being formulated. To be able to do that we have what are called PPFTs, Policy Proposal Facilitator Team members.
Martin Hannigan in the ARIN region handles that function for us for 2021. And their main goal is to monitor RIR activity, notify the ASO AC if a policy is being submitted in the respective region.
And then we can start within our Policy Development Process, making sure that it is being submitted to all the regions, if the author would like us to submit on their behalf in some of the regions, et cetera.
There are a number of different situations, but the goal is that we aren’t writing the policies. We are making sure that they conform and are standardized across the regions, that they’ve passed, that they’ve followed their processes before going up, that they are a global policy, et cetera.
But we don’t actually write or input into the validity of that aspect of it. So the Global Policy Development Process was last used a couple of years ago. Generally speaking, you’re – between all of the different RIR timelines, from inception to completion, you probably are looking at 18 to 24 months, just based on the various requirements of each RIR and making sure that everything is, as mentioned, equivalent.
During our last ASO review, which is done every five years, one key recommendation was that we open up as much as possible wherever possible to the public our deliberations and the work that we do on a day-to-day basis.
To be able to facilitate that, all of our face-to-face meetings are now open. Our AC-DISCUSS Mailing List is open. Our monthly teleconferences are open. They’re listed there, the link to be able to view, and if you’d like to join they’re there.
We maintain a public record of all ASO AC participation. So pretty much at this point today, in 2021, almost everything related to the ASO AC is open and available for observers. The only thing that is not are deliberations related to appointments.
Let’s go to the current appointments. For seat 10 on the ICANN Board, Maemura Akinori. His term ends at the end of 2022. And for seat 9, we have Ron da Silva, whose term ends at the end of ‘21. For the ICANN NomCom, we have Pankaj Chaturvedi – and I apologize if I got the names pronounced a little wrong. His term does comes due at the end of the NomCom cycle for 2021. And Hervé Clément for the ICANN Ethos awards.
So our timeline for the Board seat 9, because a lot of work does go into that. This year we had 10 candidates at the beginning of the process. It stretches all the way from September to just into May now. It was revised slightly at the end of March. We added approximately a two-week extension to the period to allow for a third round of what would have been normally in-person interviews. We’re doing them by video, so to allow for that.
One key date for everybody who is on this call or at the ARIN meeting is that on April 13th, at the end of April 13th, the comment phase closes. And on the 14th the ASO AC starts its final deliberations.
So for everybody on the call, if there is some comment that you’d like to make, it is available on the ASO website. You can go and publicly leave a statement of support as an example. You have a couple of hours left to do that. That would be appreciated, I’m sure, by all the candidates. I want to mention that the comment phase is closing by the end of today. So if you do have an opportunity, post something.
The last thing that we’ll be working on, again, shortly is going to be the ASO representative to the NomCom. The NomCom is responsible for many, many of the ICANN Board members and is part of the MoU between ICANN and the NRO. We appoint one member to sit on that body.
And that is it for today. I hope everybody is staying safe. And if you have any questions, please let me know.
John Curran: I see no questions in the queue. We’ll move right ahead. Our next speaker will be the Government Affairs Update by Anne-Rachel Inné. Anne-Rachel, take it away.
Government Affairs Department Update
Anne-Rachel Inné: Thank you very much, John. Good day, everybody. I hope you can hear me clearly. I’m going to review the Government Affairs Department update. And the Government Affairs is made up of four people: myself; Einar Bohlin, who is our public policy manager; Leslie Nobile, who is taking care of our law enforcement activities and public trust out there; and also Bevil Wooding, the Director of Caribbean Affairs.
Next slide, please. I’m going to talk to you about International Internet Public Policy, not the type of Public Policy that we do; governments, how we interact with them, law enforcement and public safety; and also touch a little bit on Caribbean affairs and what we do there.
Next slide, please. There you go. So before I engage and go through the rest of the slides, I’d like to say a little something about one of our community friends who lately, at the beginning of the month of April, said at a national IGF that Internet governance is no longer a technical problem with political implications; that it’s become a political problem with a technical component.
And I tend to really believe him given all the things that we’re hearing nowadays. It’s kind of even rare that outside of our settings and IGF and others that we hear about Internet governance. It’s all about digital governance – the governance of the digital future, of the digital society, of the digital economy.
So it’s all the more important that we engage in awareness raising and capacity building because it’s very important that governments and their affiliates in general and their strategic partners understand how the Internet works and who at WSIS were deemed to be part of the technical community.
So that’s part of our outreach, and that’s how we get insight and that’s how – that’s the reason why we engage and we engage in – we participate in regional, our own regions’ government activities, our regional organizations, but also international discussions that can impact ARIN.
As an example, we go to OECD right now, and their work around going digital, for example. At OECD they talk about anywhere from critical infrastructure to digital security, privacy, data transfers, taxation – taxation, why we’re looking at it. Because as John showed you, on one of those slides on transfers, for example, a lot of governments or people who do not engage with us on a daily basis tend to believe that Regional Internet Registries actually make a lot of money in transfers because they of course see what is happening out there and they understand that v4 addresses now have some value.
So part of the things that you have to deal with are, for example, questions around why are you selling IP addresses and how much are you making. So we have to explain all of these things so we’re not part of taxation talks, for example, going forward.
Next slide, please. So these are some of the things that we do to strengthen the ARIN community in our own region, clustered into regional collaboration between our own governments. When we do things in the Caribbean, for example, we tend to invite the US and Canada and vice versa.
We increase the Caribbean contribution because as policy makers and people understand how the technical community and the number resource community as a whole operates, they tend to be a lot more interested.
We support, of course – by doing that we support the International Internet Public Policy development process and we share our own community’s position when the time comes.
Next slide. So these are some of the international trends that we’re tracking pretty closely. As I told you, when people talk today about digital society or digital economy, they tend to look at the full chain of actors, really, and how the Internet works and who are the actors in there – what they are doing, how much they’re making. Can we tax them or not? Are they legitimate?
The elephant in the room, basically, since WSIS has always been that for the organizations that are part of the technical community, what is their legitimacy out there and what makes their legitimacy, in a sense, and how can we interact with them.
Because often they have the tendency to think that they’re not really – that they’re outside of the community that is ours, and we have to remind them, for example, that, no, their network operators are part of our community; they’re actually our members. So definitely let’s sit down and talk about what’s going on.
So when you look at, for example, the infrastructure, today, just about everywhere, from our service region to the UN level to the Caribbean region, everybody is talking about critical infrastructure. What is critical infrastructure? It’s all the networks today that carry the electrical grid, that carry health, hospitals, education.
More than ever, these sectors have become something really, really important since the pandemic, and the fact that everybody wants now to be connected and to have access.
When you go to the economic level, we have issues of e-commerce again. When the economy fails or if one part of the economy fails, let’s say the financial sector, parts of the financial sector fail, who is accountable? What are the networks that are involved? Are Regional Internet Registries folks that we can go to?
So these are all – again, the discovery really along the chain of actors is very – it is progressing, I would say, in a way that it hasn’t before.
When you go to development and capacity building, yes, it’s – yes, everybody has to go online. So how do we make sure that everybody has the capacity to be online? How do we actually make sure that those networks are properly connected? What is involved in the connectivity and the access?
On the legal side, jurisdiction has always been one of the issues that we have had problems with, in terms of explaining to the community why the historical basis of the Internet, for example, has made it that a lot of the big networks and ISPs are in developed countries.
Human rights. So access, is access a human right? And then again, if it is, who is accountable when those rights are breached?
And security has become just –- it’s everywhere. We have from the United Nations government group of experts, to the open-ended working group to the different – the two United Nations General Assembly committees that are dealing with security and cybersecurity and ICTs, to what I told you the OECD is doing lately – digital economy and security in digital economy.
Security has really become also the crux of any type of talks globally. And hopefully that will not be the means of taking us to Internet fragmentation.
Next slide, please. There we go. So that’s how we – we discover by monitoring the discussions, for example, around nationalization, jurisdiction, security. We have heard from different regions nowadays that some are even talking about digital sovereignty as a means of basically having anywhere from – looking at root servers or looking at registries as being part of the digital sovereignty of regions or countries.
So these are the things that we need to interpret and then talk to the governments to see – to first tell them who we are and the reasons why basically they should leave us alone to do our job, and look into the plethora of regulations that are coming to make sure that we are ahead of them and we can find the points where issues are.
This is actually what we’re doing with our colleagues from the other Regional Internet Registries and the Internet Technical Advisory Committee at OECD because there is lately –- in the work on security and going digital, there is a draft, for example, that is specifically addressing routing and DNS.
And, of course, we keep our management and the community apprised. So here really I would like to appeal to all of our members. Whenever you get the opportunity to talk with the governments, to talk to regional organizations, please engage and talk to them about what we’re doing.
It is important that as many of us get out there and talk to them about what is – who we are and the reasons why, again, that they should leave us alone if at all possible.
Next slide. So these are some of the forums that we participate in. I don’t think there’s much to say here, but it’s really –- the more collaboration we can get between us and the governments, I think the better for us, because it is important that they understand where we come from in doing the job that we’re doing. And not simply say, leave us alone, we know what we’re doing. Because, no, the Internet is now, you know, 40, 50 percent, and more of their economy. And they won’t leave us alone, that’s for sure.
Next slide, please. In doing that, one of the things that we’re doing especially in the Caribbean nowadays is to foster more work with the high-level officials. And we have an upcoming Caribbean Forum. We’ll start the ARIN LACNIC Justice Forum, and we’re going to do an ARIN Forum for Law Enforcement also in how we collaborate with them.
Next slide. There you go. So these are the community-driven priorities. In talking to CTU, to CARICOM, to the governments in the Caribbean region, they want more support in developing the International Internet Public Policies, because among the governments that are in the Caribbean and in our region, we have 10 that are members of the UN and nine that are members of ITU, so they participate on a daily basis in things that are happening at ITU, for example, on standards, on capacity building.
They’re hearing things like new IP or future vertical communication networks, what does that mean for them and all of that. So, yes, that’s one of the reasons why we engage heavily on the government side.
And also LEAs. LEAs, why? Because of security. Security has become a global thing. And I think you all know that our Whois database has been used anyway for the longest time by law enforcement people, but also, as we go more and more along, for example, by intellectual property people, because it’s becoming – our Whois is one of the ones that is open now given what is happening at domain names level.
And, again, we do this of course, the hand-holding on an individual basis or multilateral basis with the high-level officials.
Next slide. So these are some of the activities we have for this year. We continue, of course, working the coordination calls, one-on-one meetings with the government in the region.
We participate in the regional organizations like CITEL. CITEL is the mechanism that we have in the Organization of American States, so our region, to basically develop the priorities and the interactions, for example, at ITU level, the World Telecommunications Development Conference that’s going to take place in November this year, if possible.
And also the World Telecommunications Standardisation Assembly group, there are two of the big ITU conferences. So WTDC is for the D sector, and the WTSA is for the T sector on standardization.
And then we continue, of course, practically on a daily basis our meetings and we follow the different study groups at ITU. Just as an example I’m going to give you a few study groups that we participate in at ITU.
So study group three, for example, it looks at all of the economic policies and OTT taxation. We want to make sure that they don’t confuse us with over-the-top or operators in terms of taxation.
Study group 11 talks about performance and interoperability.
Study group 13 is the one where all of the discussions happen on new IP and future vertical networks.
Study group 17 is specifically on cybersecurity.
Study group 20 is on standardization of requirements and technologies for IoT and all of that.
And, yes, we even have resurfacing interest in national Internet registries at TSAG level.
So really, really a lot of work. At OECD level, as I told you, going digital, all aspects of going digital. And at the UN, I talked about the different working groups, and the United Nations General Assembly committees that we monitor.
So next month we have the Caribbean forum that’s going to take place in two days. The first day we are having mostly International Internet Public Policy-related discussions. We are inviting Doreen Bogdan-Martin. Doreen is the Director of ITU-D, so the development sector. She’s from our region. And our governments are definitely very much interested in hearing from her, especially going into the World Telecommunications Development Conference that I told you is happening this year.
And we’ll also have our one and only John Curran. And quite a few other speakers are lined up for this event that I think will be really very interesting.
We also, on the second day, are going to have a technical group forum with CaribNOG. And I think this one will also be pretty interesting because the region is very much looking at how to connect right now.
It is a region that has traditionally relied on satellite, for example, and they’re looking at all of these ways of connecting. And then of course we help them for the next steps.
In June we’re going to have one of the – we were hoping we will have the ARIN high-level official forum, like an inaugural meeting. We hope it’s still going to take place. But it might be a little bit less of what we thought because we’re waiting for information from the region to see if the officials will be available.
And then on the 16th of June we’re having the ARIN Symposium for Judicial Officials where we’ll also be co-opting our general counsel to be part of the talks with people from that region.
So we will make sure that all of this is posted, and I think some of them are already tentatively posted. But all of the information, for example, for registration and all of that will come as of end of this month at most. And we will make sure also for the last quarter that you get updated at ARIN 48.
Next slide. And that’s it from me. I’m happy to take any questions. Thank you.
Remote Host: Thank you so much. This is a reminder we’re opening up the floor for questions. If you have any questions, please write them in the Q&A window. Remember to include your name and company information, or you can always put your hand up and we will acknowledge you in the order that the question was received.
We do have one question in the window. It’s from Mercia with The Obsidian Group: How are communication satellites treated as a government affairs matter? Are satellites based on the country they launched from or the country they serve?
John Curran: Anne-Rachel, do you want me to take that one?
Anne-Rachel Inné: Yes, go ahead, John.
John Curran: So, recognize that, per se, it’s not really a question of countries versus companies. The communication satellites are something that exist as infrastructure, just like international – just like undersea fiber is infrastructure.
All of them have owners that are often private investors, private telecommunications. But governments are very interested in where telecommunications’ undersea cables are, are very interested in the footprint of communication satellites.
Even though they’re not government property per se, the governments are very interested because you have governments on occasion that wish to control the information in and out of the country. That requires knowing what the infrastructure looks like.
So it becomes a Government Affairs matter when governments want to know how the Internet is put together so that they can exercise control over parts of it.
As a government, the Internet’s a very mysterious thing. Think about this for a moment. Telecommunications in many countries was controlled by a single government. The government in the country licensed the main telecommunications operator, and all of the phone services, all the transport were provided by one operator completely under government control.
The Internet appears. And now it’s unclear how these providers are appearing that are serving your customers – serving your citizens, serving your businesses, and you don’t have a Department of the Internet. You have a telecom department, and that does do something with phone lines, but when you actually say, who is in charge of the Internet in your country, in the vast majority of these countries, there’s no good answer for them. There is no one in charge.
And in fact, the businesses operating in a given country doing Internet services may not even be known, listed or regulated.
And so communication satellites are the specific case, but governments are very interested in which communication satellites have a footprint serving their customers and whether or not they can regulate them or control that footprint.
Probably more than you wanted, but I wanted to give a full answer there.
Remote Host: Thank you.
John Curran: Anything else for Anne-Rachel?
Remote Host: We actually do have a hand raised. Sai, I’ll allow you to unmute yourself. Please state your name and company.
Sai Mattapally: My name is Sai Mattapally. I am from Mattapally Technologies, a nonprofit organization. I’m trying to do telecommunications from India where one village doesn’t have Internet.
So actually I have write a project proposal, also submitted to ARIN as a grant fellowship. So the idea is – so you said that satellites are not regulated in some countries. But as an Indian citizen, I only little bit have the knowledge about this Internet regulation in India.
That means I have written my idea, how we can use it. If you have a satellite, how is this backhaul is regulated? So the question is, this one, and how is backhaul is regulated? That is my question.
John Curran: That would be something that you would need to take up with each individual country. So that’s something you need to take up with the government in India if you want to talk about the backhaul regulation in India.
Anne-Rachel Inné: Yes, and actually you can go to the regulator.
Sai Mattapally: How is it in USA? Common? How it is in USA, common? Can you have any – so I want to learn, right, first to ask them.
John Curran: I would say ARIN focuses on the IP addresses and their administration. We do spend quite a bit of time educating governments about how the Internet works and how IP addresses are used in construction of the Internet.
But we are not a regulatory body. And we don’t deal with government regulatory matters over infrastructure such as fiber, intersea fiber, satellite, spectrum. All of those are government matters for each individual respective economy.
Remote Host: Okay. That is all the questions I see.
Anne-Rachel Inné: Wonderful, if you’ll allow me, I’ll just say, I would just add for Mercia that this is actually something that is very much on the plate at the international telecommunications, radio communications sector right now.
With everybody going after their own constellations to offer the Internet internationally, the orbital slots are completely crowded and it’s becoming a huge issue internationally. So the next World Radio Communication Conference is definitely going to be about all of these things.
Thank you very much for being here, and if you have any other questions, you can leave them in the chat and I will try and answer. Thank you, John. Thank you, all.
John Curran: Thank you, Anne-Rachel.
Moving on to our next session, we’ll have the global reports from our fellow RIRs, and Kim Davies also presenting from IANA PTI. So take it away.
Global Reports - AFRINIC, APNIC, LACNIC, RIPE NCC, IANA/PTI
Madhvi Gokool: Ladies and gentlemen, good day. I’m Madhvi Gokool. I work as a senior IP resource specialist at AFRINIC. It is a pleasure to present to you the AFRINIC report during the ARIN 47 meeting today.
AFRINIC is the fifth Regional Internet Registry, and our service region is 55 economies on the African continent and the Indian Ocean islands. We have 54 staff who work in providing services to our members and community.
Let us talk about some numbers now. In 2020, AFRINIC grew by 191 new members and it closed the year with a total of 1,951 resource members.
In regard to Internet number resources, sightly over a million of IPv4 addresses were distributed or delegated to the AFRINIC resource members. In accordance with the AFRINIC policy, 105 /32s of IPv6 address space were issued and 210 AS numbers assigned to our resource members.
In regard to IPv4 addresses exhaustion, AFRINIC still has 1.85 million of IP addresses in its Board. On the 13th of January, 2020, AFRINIC reached soft landing phase 2, which meant at that time that it had only one /11 worth of IP resources available in its inventory.
And as from the 13th of January, the rules for allocation or assignment of IP addresses changed the size. The maximum that can be issued in any request that is evaluated and in accordance with the policies is a /22.
However, the AFRINIC resource members can come and request as many /22s as they need. As long as they can justify the need, they can get these resources.
The policy landscape at AFRINIC has been very active. Currently we have 10 proposals that are under discussion, and two proposals reached consensus after the Public Policy Meeting in September 2020.
Of these two proposals, one ratification report has not been sent or received by the Board while the other one, the inter-RIR transfer Policy Proposal, is currently under appeal.
Now, an assessment of these 10 proposals currently under discussion shows that some of these proposals aim at modifying some aspect of the Policy Development Process. Now, the Policy Development Process is also a policy and it is documented in Section 3 of the AFRINIC Consolidated Policy Manual.
And the other proposals, they are technical proposals. For example, the resource transfer policies, the Policy Compliance Dashboard, the RPKI rollouts, the abuse contact policy updates. So these are technical policies aimed as resource management.
Capacity building in IPv6 has remained a key activity at AFRINIC. Over a 1900 professionals have participated in 20 webinars. The IPv6 help desk attended to 227 requests. 866 participants enrolled in our e-learning courses. And 30 participants took part in two IPv6 deployathons.
The outreach and engagement activities conducted by AFRINIC had to be adapted to the global pandemic situation in 2020. Most of them went online. And the projects completed are as follows.
The Africa Internet Summit 2020 was held online with over 500 attendees. AFRINIC supported 12 regional Nogs and community events. AFRINIC also participated in nine government roundtable meetings and conducted 17 community outreaches. Four MoUs were signed with governments for a total amount of nine projects.
Which brings us to the last slide. The next Africa Internet Summit 2021 will be held in online format, 31st of May to the 4th of June 2021. The Public Policy Meeting will also be on the agenda during that week.
We encourage you, we invite you to participate in our event. And thank you very much for your attention. Until next time, stay safe and goodbye.
Sanjaya: Hi, everyone. My name is Sanjaya. I’m deputy general of APNIC. I’m happy to provide you a quick update of APNIC activities at this ARIN 47 online meeting.
I’m going to cover three major things that I think is worth sharing from the APNIC community.
First one is the deployment of AS0 ROA for unallocated space. And second one I’ll talk about the increase in our Internet development activities. And thirdly, I will cover it a little bit of what’s happening with COVID-19 in our region, the impact to our members and our operations.
So with that, I’ll start with the first one. And that’s the AS0 for unallocated space. This came up from the proposal in our policy discussion group that receives a good spot from the community. For APNIC to publish ROA under AS0 for all unallocated and unassigned resources.
It will be – it should be implemented according to RFC 6483. And that covers undelegated IPv4 and IPv6. We developed that last year. And September we put it out on production last year.
And just to be on the safe side, we actually published it under a different Trust Anchor from our main RPKI hierarchy. So people who rely on party, who want to use this service would actually have to add this additional Trust Anchor. So, it needs to be a deliberate process for them to consume this information.
The way it works is we will publish it and then whenever there is a delegation that our hostmaster make to a member, then within five minutes that prefix that was delegated will be removed from the AS0 ROA. So far so good since we deployed it in September.
We’ve got, by September we had 24 AS numbers fetching regularly from the service. And that’s coming from big networks, actually.
The AS0 ROA itself, it’s quite big. The size is about one million bytes, one megabyte. And it contains about 1500 IPv4 prefixes and more than 64,000 IPv6 prefixes.
The reason we have large IPv6 prefixes there is because of APNIC’s way of delegating from our pool in a sparse manner. There’s a lot of clumps of IPv6 over the space that we have. So that’s AS0 for unallocated space.
The second one I want to share is about increasing Internet development activities. You probably know APNIC has a fund foundation called the APNIC Foundation that is raising funds to support the development activities at APNIC.
And the development activity is part of our bylaws. So it is something that is expected to be done by the APNIC secretariat.
So the foundation continues to raise Internet development funding from various organizations and recently get more funding from Asia Pacific Internet Development Trust, or APIDT. That manages the fund from the auction of IPv4 address that was historically delegated to the WIDE Project in Japan.
Quite a substantial amount there. So, with this additional funding, APNIC development activities in 2021 will be significantly increased, including increased face-to-face training resources, more staff trainers as well as community trainers, which come from the community themselves.
We have a team of trainers who on a daily basis operate networks and therefore the skill that they share is very current.
We also increased the curriculum and content development of APNIC Academy online platform. And with the additional funding we will do more support for infrastructure development projects such as root server deployment.
In particular this year we’ll be focusing on M-root. That happens to be from the Asia region. And also helping others to set up Internet exchange and any infrastructure development that needs to be done in their region.
So that’s on increased Internet development activities. And last but not least is to give you a quick update of what happens with COVID-19 in this region.
Number one is, luckily it doesn’t affect the membership growth. So the membership growth is still, in 2020, is still according to what we anticipated in the budget. So no impact to that.
There has been some requests on billing or payment deferment for those who are affected by the pandemic. And we provide that. No time limitation. We’ll allow people to just take whatever time the members need to catch up with their payment.
And luckily within a few months usually they’re all caught up. So not much impact there.
There is a big impact on reduction of APNIC operational costs, particularly from travel because we can no longer travel so we’ve got a lot of – pretty much probably 80 percent of our travel budget is not used because of that.
Also on capital expenditures, also because especially in infrastructure deployment that didn’t happen because we can’t track, we can’t ship equipment around the regions. So that project didn’t happen.
So not much impact on revenue. Cost is reduced. Also the impact to the APNIC staff itself, luckily is not significant.
We have always been able to operate remotely, most staff. So during the peak of the pandemic we managed to get 100 percent of our staff working from home.
And then as things get better, we are now at a 50 percent capacity allowing people to come over up to 50 percent of the capacity of the office.
And now we are even going to be make it easier on our staff just to come and only – the only restriction we have now is just to maintain one and a half meter distance from each other. And that’s where it stands at the moment.
So all in all, we’re not too much impacted. The members are also not impacted but we help defer payment for those who need it. And so that’s an update on the COVID-19 impact in our region.
So that’s my update. Thank you very much for the time. And happy to receive any questions or email or online. Thank you.
Oscar Robles: Thanks to everybody to give this update with the main highlights of LACNIC during 2020. I’m going to start with the LACNIC services and the attention to our regional community.
I think that the most relevant highlight in LACNIC during this 2020 was the IPv4 exhaustion.
During August we finished our pool of IPv4 addresses for the first time in LACNIC history. We were not able to attend specific request for IPv4 space. So that was during this year.
As you can see during that time we received – we doubled the number of requests that we should receive in the services area. And that was almost at the same time we implemented transfers, inter-RIR transfers. You can see this little red bar that’s the number of transfers, requests for transfers that we received since we implemented the inter-RIR transfers with the other three of the registries that allow these kind of services.
One relevant element of our services to address the customer needs. So we conduct a Customer Satisfaction Survey every two years to identify those needs and to know how we are conducting our services, how we perceive this satisfaction by our main – by all of our customers.
So in 2020 – within 2020 we received the highest level of satisfaction, customer satisfaction, with 98 percent of the top two boxes responses. That’s the highest level in LACNIC history. But also the best answer grew from 68 percent to 81 percent, which is highly satisfied answer.
Following with our community, the statutory electoral processes we conducted three different statutory electoral processes every year, two for commissions, the fiscal commission and the electoral commission, and one for the LACNIC Board.
We have the same turnout for the three elections with 12 percent. And that is a little bit less than the highest point – not a little bit, almost a half of the 20 percent which was the highest point in 2018. There were five seats filled in these elections.
And as you know, we were the first RIR event to move to a virtual one. And we only had five weeks to come up with this format. We had around a thousand participants in each event. Although physical attendance is not comparable to virtual participants.
Something thing worth mentioning is we were able to recognize these two events with this level of satisfaction. As you can see, we had a 93 percent and 98 percent of satisfaction in each of the events.
But it was not by accident. But mainly for the strong community we have built in all these years. I mean, the previous work we have done with the community and also the ability to react to this situation.
But I think that we need to get back soon to physical events to keep this permanent building process.
I’d like to update you with our community Code of Conduct. We introduced the concept of trusted representatives. They’re staff and community, members designated by the LACNIC Board. And their role is to provide support to the community as well as information regarding this Code of Conduct.
Also one of our main efforts were conducted through the online training, which is the LACNIC Campus. We have a very good offer of training courses in different topics, mostly technical topics related with our activities.
But last year we introduced the IPv6 in Massive Networks: An Introduction to Internet Governance. Also last year, we published the Introduction of our Internet Routing Registry, taking advantage of the attributed information that we have on the registry.
By mid-year, in June, we realized that we have a very low execution of expenses, nearly 60 percent. So we presented 60 initiatives from different topics, but most of them related to our customers, 80 percent of them related to our customers and our community to try to reduce this lack of execution.
So by the end of the year we were able to do most of what we had to do with little effect to our community. Finally, last but not least, historically we have been paying a lot of attention to the workplace.
This year we’ve given more energy trying to allocate the additional stress by the pandemic. We received two awards from the 2019 evaluation. And this year, 2020, we conducted the employee assessment, and we maintained the positive feedback of 93 percent.
And that assessment was done during the worst part of the pandemic, which was October. So it appears that some of our efforts seem to have been effective for this situation.
So that was our update. Thank you for your attention.
Hans Petter Holen: I’m Hans Petter Holen, the Managing Director of the RIPE NCC.
Compliance is on our agenda in 2021. In order to maintain an accurate registry, we need to do proper due diligence on updates. As this can be time-consuming, we have streamlined our processes where authenticity can easily be verified so that we can spend our resources on updates that are not that straightforward.
We firmly believe that political sanctions should not affect our services. The Dutch Ministry of Foreign Affairs is of the opinion, however, that IP address transfers is covered by the EU sanctions.
We have established more elaborate checks of our members and their controlling parties. To do this we’re using a third-party service to identify potentially sanctioned members.
After further investigation which might require requesting more elaborate documentation from the members, the decision on what action to take is made by an internal sanctions committee.
We have a large amount of IPv6 addresses available. And there is a waiting list for the bits and pieces of v4 that is still there.
You may have already seen our announcement to retire the RPKI validator on the first of July this year. That’s partly because there are several good alternatives, but also to focus our resources on the core RPKI service.
With introduction of RPKI to secure the Internet Routing system, we have become an integral part of the operations of the Internet. As a result of this, we’re seeing an increased focus on documented compliance from our members and on the community at large, not only for the registry but also for the RPKI service.
We currently are building a control framework with the goal to have a third-party at the station report publicly available.
From the very beginning a key element in building and operating the Internet has been knowledge sharing. I’m quite proud of the work done by my colleagues in developing the RIPE NCC Certified Professionals programme. As a result of the pandemic, we have adapted all our in-person training courses to webinars, and we’ve still managed to update the e-learning courses in the RIPE NCC Academy.
RIRs are all about the numbers. But with the numbers comes the reverse lookup in the in-addr.arpa. And here we’ve added new sites to improve this service. RIPEAtlas software probes are now available on several platforms. And for RIPEstats we’re moving parts of the service to the cloud and have improved monitoring of the service. The BGPplay also have some new features.
Right now we’re creating a new coordination team for security risk and compliance. The goal here is to align the company-wide risk framework, RPKI compliance and registry compliance and IT security.
The overall goal is to increase trust to increased security and compliance. But we also need to verify this by external audits.
We have several open positions in this area from security engineers to a chief information security officer.
Last but not least, we’re improving the usability of our services. Academy got a new look in the beginning of last year. RIPE stats and RIPE Atlas have a new user experience. And soon RIPE Labs will be having a new look and feel.
Finally, I’d like to welcome you all to RIPE 82 in a month’s time, this year starting on the Norwegian Constitution Day, May 17th. Welcome. With that, thanks for listening.
Kim Davies: Hi, my name is Kim Davies. This is an update on the IANA functions for the past year. The IANA functions involve the global coordination of the unique identifiers that are needed for interoperability on the Internet. We typically divide these functions into three areas.
One of these three areas is number resources, comprised of the IP addresses and autonomous system numbers that are managed by the RIRs.
We allocate large blocks of these addresses for the RIRs who then provide them to local network operators in accordance with their regional policies.
Our most recent allocation to ARIN was in late 2019 and was composed of a /12 block of IPv6 unique address space.
In addition to allocations, we service the in-addr.arpa and IPv6.arpa DNS zones and coordinate with RIR’s the appropriate delegations to ensure reverse DNS service.
We also offer a number of support services for these core activities. One of them I’d like to highlight today is a dashboard that allows you to drill down into allocation trends that inform how IANA allocates resources.
This is something we’ve built with feedback from the RIRs, and provides greater transparency into the allocation methodology employed in global policies. We can find this dashboard on our website.
Also on our website you can find performance reporting relating to the number resource functions as well as other IANA functions. There you’ll find monthly reporting for each of our functional areas. In the case of root-zone management, we also offer a realtime dashboard.
In addition to this performance reporting, the RIR community performs and annual review of the IANA functions. I’m pleased to report the recently released annual review which covers 2020 found no issues of concern.
We also have an annual third-party audit conducted according to the SOC 2 framework. These findings are provided to our RIR partners.
More generally we recently conducted an annual survey of our customers. We’re delighted to share we received our highest marks for customer satisfaction. It was underscored by findings just last month where we had 100 percent customer satisfaction across all of our customer segments. This is a first for us.
Operationally we’ve been fortunate. We’ve not been significantly impacted by the coronavirus pandemic. Our teams started working from home in late February of 2020. Since then we’ve continued to meet our performance targets in all of our service areas.
This gives us confidence in our ability to successfully deliver the IANA functions in future disaster recovery scenarios.
One specific area where we had to significantly modify operations is our Root Zone KSK ceremonies. We conduct these ceremonies to administer the Trust Anchor for the DNS in an open and transparent way.
The unique design about our approach is intended to foster trust in the integrity of the cryptography used to secure the DNS. This is in contrast to the secrecy used in comparable key management for other applications.
We typically hold these events every three months, and they involve participants from around the world. Some of these participants are from the RIR community. The pandemic has meant we’ve had to significantly alter our approach.
We continue to hold these ceremonies with increased remote participation and compensating controls to ensure security is not diminished. We’re hopeful ceremonies can resume in their normal approach later this year.
As we continue to adapt and evolve our operations, not only in the face of the pandemic, but in response to evolution that is happening throughout our communities, we would love to hear your feedback on areas where we can enhance our effectiveness.
We welcome our ideas on how we can improve our participation in community events after the recent pause in activity caused by the various travel restrictions. Thank you for listening.
Remote Host: With that we’ll let you know if there are questions, as some of our – let me stop sharing that – some of our attendees are here but I’ll let Mr. Curran make decisions as to what we’re doing next.
John Curran: Yes, obviously if there’s questions on that, please send them to the info address.
And at this time we’re going to go into break. We’re going to delay our break 15 minutes. So we’re breaking now. We will resume at 2:15 Eastern time. So I ask that people be back promptly at 2:15.
Please recognize that we have some activities during the break which we’re now going to tell you about. So if you want to stay, stick around during the break. Otherwise, we’ll see you back here at 2:15. That’s a 15-minute delay from the published program.
(Break from 1:44 PM to 2:15 PM.)
Draft Policy ARIN-2020-10: Removal of Requirement to Demonstrate Utilization of Reassignments and Reallocations for ISPs Seeking Initial Allocation from ARIN
John Curran: That was entertaining. I note that we’re now back. It is a little late, but we’ll move ahead with our policy.
First one is Draft Policy ARIN-2020-10: Removal of the Requirement to Demonstrate Utilization of Reassignments and Reallocations for ISPs Seeking Initial Allocation from ARIN.
Amy Potter is the shepherd from the AC and will be presenting the proposal. Amy, take it away.
Amy Potter: So, 2020-10 is a Policy Proposal that deals with initial allocations to ISPs.
Next slide, please. And next slide. So what’s important to remember here is that we’re talking about ISPs that are receiving their very first batch of space directly from ARIN. These organizations can fall into two different groups.
They can either already have some space that’s been reassigned to them from an upstream provider, or they can just have no space at all.
And currently Section 4.2.2 treats these two groups differently. So organizations that already have a reallocation or a reassignment from an upstream provider have to show efficient utilization of that space in order to qualify to receive space directly from ARIN.
If you are an organization that doesn’t have any space from an upstream provider, then you do not have to show previous utilization of anything because you don’t have any space already to be utilizing.
Next slide, please. So this Policy Proposal came out of a Policy Experience Report. There are some organizations that felt like the different burdens being applied to these two types of organizations was unfair.
So remember, ARIN doesn’t have this free pool to give out anymore. They have the waitlist space. And the organizations that already hold space from an upstream provider have to go through the extra hurdle of providing documentation to ARIN to show that they have efficiently utilized that space.
The extra time that it takes to put all of that together and submit it means that they would get on to the waitlist a little later than an organization that didn’t have space already, that didn’t have to go through that. And there was the thought that this might provide an unfair advantage to new companies that don’t have space yet.
Next slide. So the proposed text here, you can read on the slide. It basically does away with those distinctions. And organizations that already have space from an upstream provider under this proposal would no longer need to show efficient utilization of that space prior to applying for space directly from ARIN.
Next slide, please. So what we would like to hear some feedback from all of you today on is whether or not you feel that the current text is unfair; is this a problem that we really need to resolve? And if we did implement the proposed changes here, would there be any unexpected issues that might pop up? So would love to hear your feedback.
Paul Andersen: I’ll try and pop up here. I think I popped up. Thank you, Amy. Are you filling in for Owen again? Is this how this works?
Amy Potter: No, I’m not.
Paul Andersen: Good to see you. So, yes, per Amy’s comments, the virtual microphones are now open. Today, it would be great if people used the raised-hand as well as the Q&A section.
The Q&A is great, but sometimes it’s good to get a little bit interactive and hear some. I encourage you to make use of the raised-hand if you would like to open your mic and let the community hear from you.
So, again, this is just a Draft Policy. So feedback on whether or not you support the problem statement to be solved. You don’t have to love the solution right now. But whether the AC should continue to work on this as a problem and any feedback to the current text questions.
So we will give it a moment. I see we actually have some hands up. Let’s go to our first hand, Owen DeLong. Name and affiliation when you’re unmuted.
Remote Host: Owen, I’m going to allow you to talk now.
Paul Andersen: Owen, you’re on the air. We can hear you now.
Owen DeLong: Owen DeLong, ARIN Advisory Council, DeLong Consulting. I think that this is a good and useful change to the policy. I’m not convinced the current text is unfair. I’m not convinced it’s a problem we need to solve. But I think it’s a problem we should solve. So I support it moving forward.
Paul Andersen: Thank you, Owen. We’ll go to our Q&A next.
Remote Host: All right. We have Mercia with The Obsidian Group: What is efficient utilization? Is it defined as to what is adequate for efficient utilization?
Paul Andersen: Amy, did you want to address Mercia’s question, or did you want staff to answer that?
Amy Potter: I think I’ll let staff answer that. They can probably give a more precise reference to NRPM.
Paul Andersen: It is reference to the NRPM, and I’d try to reference it myself, but I learned a long time ago why take a guess when I can make John do it.
John Curran: Yeah, I can do that. There is a reference in NRPM. I’m actually going to pull it up myself to make sure I get this right, because we’d rather not get something like this wrong.
So efficient utilization currently, ISPs are required to provide utilization efficiency criteria in providing address space to customers. They have to document justification for each reassignment. We can request this at any time.
So that’s the definition in the current text. Okay. And it basically says when we go to request space – when an ISP asks for space, we will take their reassignments and we’ll consider them if they can show that they allocated them to their customers.
If they can’t, then we don’t consider that space utilized. Okay. So they’re supposed to make the same allocations that ARIN would make to an end user customer. When they make allocations we can ask them for a copy of that documentation.
Paul Andersen: Hopefully, Mercia, that answers your question. So, thank you. We’ll move on to our next in-person speaking. Lee Howard, name and affiliation after the staff opens the queue for you.
Remote Host: All right. Lee, you can unmute yourself.
Paul Andersen: Lee, go ahead.
Lee Howard: Lee Howard from IPv4.Global by Hilco Streambank. Looking at the text as currently drafted, it seems to me there’s going to be some impact with the previous section in the policy manual also.
4.2.1 talks about slow start and minimum allocation. And my instant response was: What about the slow start model? And the policy says if you need less than a /24, then get it from your upstream provider.
Anybody who is multi-homed, I believe multi-homing is already considered justification for a /24. So, what we’re talking about is an ISP that doesn’t qualify for a /24 based on number of users and doesn’t qualify for a /24 based on multi-homing, would be the only case where there’s not a policy that already covers them.
I haven’t decided yet whether this change to the definition of slow start, and it’s actually in other policies, means – I haven’t decided yet whether I will support it or oppose it on that basis. But I think because there’s going to be more analysis needed.
Paul Andersen: Is it the problem you’re not sure if you can support or the proposed text, out of curiosity?
Lee Howard: I think understanding – maybe it’s understanding the scale of the problem, because there are a couple of different ways to do this. And the definition of an ISP, as someone who does reassignments or reallocations, who has less than a /24 is a pretty small ISP.
If you only have a /26 and you need an allocation so you can SWIP /29s, that’s a pretty small set as far as I can see.
Paul Andersen: Okay. Thank you for that feedback. Did you have anything you wanted to add, Amy?
Amy Potter: No, we’ll take that under consideration.
Paul Andersen: Thank you for the feedback, Lee. Good to hear from you.
Also I’ll note that Mercia does note that we did answer her question on utilization. And, Mercia, my apologies on the name mispronunciation. I’ll do better in the future.
We’re slowly running out of queues here. I see Lee’s hand is still up. Is that laggard or does he – I was going to give you an opportunity if there were items he wanted to go on.
We’ll close the queue shortly not because we’re running out of time but we’re running out of items. Put your hand up if you would like to speak.
In the Q&A, maybe we can try something a bit different. I always hate it, I cut it off a second too earlier. If you could type, say typing, put a quick question in so we know to wait for your more fulsome question. If you could give us a one word that you have something coming.
Let’s go to the next Q&A.
Remote Host: We have Alison Wood with the State of Oregon, also with ARIN AC: What’s the average delay for ISPs that do have holdings?
Paul Andersen: John Sweeting, would you be able to address that?
John Sweeting: Yeah, I mean, there’s no average delay. There’s differing delays. They have to put together the spreadsheet that goes to the utilizations that they have for each of the blocks. If they have a 22, it might take them a little longer.
It’s really just the back and forth in the ticket. They come in; we have to go back and ask them for it. And then they come back with their answer. If it’s good, then we are good from there. If not, we have to ask them again.
So the delay, it’s variable. There’s no real average. It could be anywhere from three days to 10 days, depending on how quickly they get the responses turned around and back in to us.
Paul Andersen: Thank you for that, John Sweeting. We have one more person in queue, and then I guess we’ll close off. This is your last call to raise your hand or put a question in.
Can we please go to Sai Mattapally. Please state your name and affiliation, and staff, if you can unmute.
Remote Host: Sai, you can unmute yourself?
Sai Mattapally: Can you hear me?
Paul Andersen: Yes, we can. Go ahead with your comments.
Sai Mattapally: The ISP for a static IP and dynamic IP, how are you included in the Draft Policy if it is – means caching during the static to dynamic IP conversion? Is there involved in this – it could be a problem?
Paul Andersen: So that’s generally a level that the policy does not delve into other than if it was an ISP, for instance, who had dynamic IP pools they would have to provide information in their application when they’re trying to show their utilization.
And they would state, if I recall correctly – and John Sweeting might be able to give more specifics – but you would give how big a pool you’ve allocated that would be used to calculate utilization. Does that answer your question?
Sai Mattapally: Okay.
Paul Andersen: Thanks for your question. John, is that correct?
John Sweeting: Yes, that is correct.
Paul Andersen: Thank you for your question. I see that Mercia has another question. So why don’t we go to that and we’ll close off.
Remote Host: All right, Mercia Arnold with The Obsidian Group: Does this policy anticipate a shift to virtual machines and cloud services by end users?
Amy Potter: This policy doesn’t really get into that. It’s something that sort of came about– I think towards the beginning of the pandemic. I don’t think it really addresses that specifically.
Paul, I don’t know if you have something you want to say about that.
Paul Andersen: No, I don’t think it – I think the shift to virtual machines and cloud services is just another factor of utilization which we’ve generally not gotten too specific in. If either of the staff Johns want to correct me on that.
John Sweeting: I just want to add that it could do something with that, the cloud services because of the whole bring-your-own IP programs that several of the cloud providers provide which would, of course, incentivise the end users to get their own /24 to use in that scenario.
Paul Andersen: We’ve got the Brady Bunch going here. I see John Curran has popped up. John?
John Curran: Obviously we’re seeing a shift. But I don’t think this policy – this policy doesn’t aim to address that shift. And this policy is one way or another the question of how you account for virtual machines and hosting, cloud hosting is orthogonal to the question this policy asks, which is regarding documentation for suballocations.
So I think it’s an interesting point, something that the community should be thinking about, is in today’s age, if you go back 10 years ago, 15 years ago, ISPs allocated IP addresses to end users.
That was a fairly permanent thing unless an end user left for another customer. Nowadays we have ISPs who are running virtual infrastructure for customers. We have end user computing companies running infrastructure. It looks very similar.
And so I think that this – it’s a great question about long term how the community wants to handle it. We are seeing convergence among what was ISP and end users in their utilization, particularly ones that are service providers of any type.
But this policy, one way or another, doesn’t directly address it, nor does it – I don’t think it’s relevant directly to consideration of this proposal.
Paul Andersen: Thank you for that. We’re going to close the microphones now and go to our last queue, then we’ll move on to next policy. If staff can let Kevin Blumberg of The Wire –
Remote Host: Kevin, you can unmute.
Kevin Blumberg: Good afternoon. Kevin Blumberg, The Wire. Amy, does this policy take into account the open consultation right now where end users are effectively put into the same sort of policy framework as Internet providers?
That’s sort of part one of the question. I think if your answer is yes or no, the next question becomes is this policy premature? Based on what Lee said earlier, I get the impression there’s a lot of edge cases – this is really dealing with free pool/waitlist and not dealing with what’s in the transfer market.
And maybe this policy needs to be looked at more holistically as when can an organization come to the waitlist for their initial allocation versus going to the transfer market?
This is maybe trying to solve one very, very specific problem, but leaving out the real question that should be asked.
Paul Andersen: I want to take the first question, if that’s okay, Amy, and I’ll let you comment on the second one.
The first one is the fee-schedule change – for end users at least that you’re referring to, there’s obviously more than that as part of the fee consultation, is really just about an amount being billed for address space being held.
It really doesn’t get into the policy on how ARIN determines needs for an end user. So unless John is going to correct me, which I could be wrong, the policy – in theory, I guess the point is if there is an interpretation that this policy would impact it, I think the Board would then be sending it back for clarification because that fee should not be impacted by policy.
And I know that the only exception has been that sometimes the minimum allocation size has been opened up because people want to get access to lower fees, which is kind of more of an end-around the fee, but how much people get charged if anything, we’re now eliminating the differentiation on that.
John, I saw you pop up. So you might –
John Curran: Paul, so I agree that the fee question should be kept totally separate. But what Kevin asks is a valid question. Kevin’s question is, is this policy, which is addressing –
Paul Andersen: There’s two parts. You’re going to the second part now?
John Curran: The second part, I guess, is what I would – I just want to comment.
Paul Andersen: You’re letting Amy off the hook.
Kevin Blumberg: To clarify on the first part, it’s not about the fees that I’m talking about. It’s in reference to the fact that there is no longer potentially a distinction between ISP and end user where we have that in the – we have that in policy today because of what was in the fee side of it.
But I’m not talking specifically about the fees themselves, but the fact that now there is no differentiation between ISP and end user.
Paul Andersen: There’s no differentiation in the fee table, but there’s still end users from that standpoint. John?
John Curran: Kevin, the policy is the policy. If the policy has end users and ISPs, then we still implement end users and ISPs. Okay?
The fees are about making sure, regardless of the size of your holdings, you pay a proportional rate just like everyone else. It doesn’t eliminate end user and ISPs if the policy continues to try to distinguish those categories.
So, I don’t think that optimizing or changing the policies that are applicable to ISPs. I would say there’s a bigger meta issue, which is we have two decades’ worth of policy based on incremental dribble allocation and coming back for your next block, most of which for v4 is no longer relevant. And it might be good for the AC to take a fresh look, looking backwards and saying what is the minimum policy necessary.
But that’s a much bigger task. As long as we have these sections of policy, the AC should continue to consider proposals to do upkeep on individual sections.
Paul Andersen: Certainly since the terms “ISP” and “end user” are rooted in 20 years of history or more I think at this point – right, John? – the fee bit – it is a bit tangential but it is raised – I think lets us be more flexible to the fact that the way the industry is evolved is quite much more flexible.
Amy, anything you’d like to add to Kevin’s question?
Amy Potter: No, happy to chat later.
Paul Andersen: I apologize. We didn’t mean to monopolize your bit there.
Thank you, Kevin, for your comment and question. Thank you to the community for their feedback. Thank you, Amy, for the presentation. She’s going to be a double-hitter at this conference. Good to see you again.
This being a Draft Policy, this feedback is now forwarded to the AC, and we’ll move on to the next policy. John, over to you.
John Curran: Very good. I’d like to say we have the next policy coming up is Draft Policy ARIN-2020-11: Add Textual Description for the Number Resource Hierarchy Image in Section 2. Andrew Dul will be the presenter. I’ll turn it over to Andrew. Andrew, go ahead.
Draft Policy ARIN-2020-11: Add Textual Description for the Number Resource Hierarchy Image in Section 2
Andrew Dul: Hello, everybody. I’m here today to talk about a text change around the definition section in Section 2 of the Number Policy Resource Manual [sic]. Next slide, please.
Here’s a brief history of this. This came to us late last year. And it’s gone through a couple of revisions so far in the text.
Next slide, please. Here’s the problem statement as it came to us. The main issue that was raised by a community member was that there’s a graphic in our policy manual that does not have alt text or any other description of it.
So if someone was – had a disability, sight-related disability or perhaps in the event that the NRPM was translated, this could cause issues as information would be lost. So we were asked to take a look at that.
Next slide, please. This is the definition and the graphic as it exists today in the NRPM. It’s just a very simple one sentence which says “Responsibility for management of address space is distributed globally in accordance with the hierarchical structure shown below.” And then that’s the graphic that exists today in the NRPM.
Next slide, please. These are the definitions that currently exist that are related to the graphic that is in the NRPM today for reference.
Next slide, please. All right. So the issues as were brought to us. So the original proposal suggested that we replace the image. However, we believe the image is useful as it does kind of very quickly describe the relationship between the different entities. So the AC suggested to leave the image in and just add some text in addition to it.
As feedback from PPML, a number of members noted that the term “ISP” is in this graphic, and that it is perhaps better used the term “LIR” which is Local Internet Registry, to better align with the rest of the policy manual and also as part of our cleanup to remove the overloaded term “ISP” from the manual.
Next slide, please. So the final questions for the day are does the addition of the text add value to the NRPM? Does the update from the ISP to LIR clarify the text? Do you think that there’s any additional text that needs discussion? And are there any other issues raised by this update which needs to be considered?
So I don’t see – there was missing a slide, I thought. I guess the slide is missing out of the deck. So anyway, there was a slide that I thought showed the actual text as we intended. But looks like that got left off the deck.
Anyway, we’re open for your comments and questions about this. The updated text has been posted to PPML. So it’s there for sure.
Paul Andersen: If we could get the discussion question slide up, I find that’s always helpful to refresh.
Andrew Dul: That’s the second to last slide.
Paul Andersen: There we are. And we’ll open up the queues for discussion. We have some good time available. So if you have a comment or question, please go into the Q&A or raise your hand.
And I see we have our first question. So let’s go to that.
Remote Host: Chris Woodfield with Twitter: This proposal should be uncontroversial and clarifies the text. It could be argued that this is editorial. Was that discussed and dismissed at any point?
Paul Andersen: Andrew, was that discussed?
Andrew Dul: It’s discussed and actually our plan is to make this editorial. We wanted to bring this to the community after the discussion of ISP and LIR to clarify that that is indeed the community’s direction.
So the direction we do intend to take is to make this editorial from this point going forward, assuming there are no issues raised in today’s discussion.
Paul Andersen: Let’s go to our raised hand. Let’s go to Sai for a second.
Remote Host: Sai, you can unmute yourself now.
Paul Andersen: Name and affiliation always.
Sai Mattapally: My name is Sai Mattapally from Mattapally Technologies. My question is that Internet Service Provider to Local Internet Registry, right? This means supposed if I’m charting in Facebook and Twitter, think of two examples.
So I have a link about Mattapally.com. So when I paste in the chat box, sometimes it will come with some HTML, with included images. That means downloaded automatically.
But in the Twitter chat, they’re not accept, only text. So, these kind of differences between the social media platform companies, are there regulations?
Paul Andersen: Sai, I have to ask you to keep your question or comment on the policy. And the policy, as I understand it, is just whether or not the image – we’re just talking about the text, the image that’s in the current manual and whether or not it should be replaced or not.
Could you comment on that? If you have some other questions, we can deal with them offline in our breakout rooms.
Sai Mattapally: Okay.
Paul Andersen: Thank you for your comment. Let’s go to the Q&A.
Remote Host: We have a question from Scott Morizot with the IRS: I support making the guide accessible even if it’s just a single image without text. The text seems fine.
Paul Andersen: Thank you. Next hand up here Donnie Lewis.
Donnie Lewis: My name is Donnie Lewis. I’m from The Obsidian Group, Incorporated. And just from looking at the image in a text, to me, it seems clear enough, and as far as changing the “ISP” to “LIR,” the last thing we need to have is more acronyms.
I think the ISP and what it implies is clear. I don’t see why changing “ISP” to “LIR” would make things less clear except adding yet another acronym we’ll have to keep track of.
Andrew Dul: I’ll note to you that the acronym “LIR” is already used throughout the number policy manual and is actually formally defined in our “Definition” section whereas ISP is not.
And so I think actually moving to LIR, even though it is another acronym and maybe one that is not – people aren’t as familiar with outside of this community, is probably more accurate as organizations who act as LIRs, Local Internet Registries, are not always Internet Service Providers in the traditional sense of selling Internet transit service to someone.
Donnie Lewis: Okay.
Paul Andersen: Does that answer your question, Donnie? Any further follow-up?
Donnie Lewis: I have no further comment on it.
Paul Andersen: Okay. Are you supportive of the policy?
Donnie Lewis: Yeah. Overall I think the image with the text on it is very clear to me. So everything else I’m okay with.
Paul Andersen: Thank you for that. And that’s the beauty of putting up your hand, because we could use the follow-up.
We’ll go to our two Q&A. After the two Q&A are cleared we will close the queues. So, please type a quick query in – our three Q&A now. We’ll do the two, then we’ll go to the mic, then we’ll back to what might be our last comment.
If you do want to get into the Q&A, please just type the word “queue” or something so we’ll save your spot. And then take your time to type. Or put your hand up. But at the end of these two comments we’ll close off.
Let’s go ahead with the next two comments.
Remote Host: Comment from Nia Brown with Amazon Web Services: I support the policy. Accessibility work like this is important.
Paul Andersen: Thank you, Nia. Joe?
Remote Host: Joe Provo with Google and ARIN AC: Support as written, plus editorial.
Paul Andersen: Okay. We’re now closing the queues. And thank you, Gary Giesen, for using the technique. It proves it works.
Let’s go to Kevin while our last two people type their question. Kevin Blumberg, go ahead.
Remote Host: Kevin, you’re unmuted.
Kevin Blumberg: Thank you. Kevin Blumberg, The Wire. Any policy that can be fast-tracked from an accessibility point of view should absolutely be done, as long as the terminology is not being changed.
If it’s improving accessibility, that should absolutely be a priority, and I agree with that and support this policy from that respect.
Regarding the terminology “ISP” versus “LIR,” my understanding is the term “ISP” has been used within the ARIN region for many, many years. It had a very formal sort of description that does not necessarily relate to what many consider an Internet Service Provider today.
The term “LIR,” on the other hand, has been used in many other regions ubiquitously over the years and is probably more accurate today.
I don’t think how the word “ISP” was defined 20 years ago and on is necessarily where an ISP is in its terminology and understanding today. So I actually do prefer being consistent both globally in terms of how we use the term “LIR” as well as the fact that it is a more generic meaning than “ISP.” Thank you.
Paul Andersen: Thank you, Kevin. Any follow-up, Andrew, or take the feedback?
Andrew Dul: Thank you.
Paul Andersen: We did actually get in the Q&A, so we’ll finish off this Q&A and then we will move on to the next policy Q&A. So, staff, next one, please.
Remote Host: Lee Howard with IPv4.Global by Hilco Streambank: I don’t think that LIR adds clarity when the NRPM uses both terms. Section 4.2 is about ISPs, not LIRs, as currently written.
Paul Andersen: Okay, thank you, Lee.
Andrew Dul: So, to follow up to Lee on that item is that the NRPM Clean-up Working Group is working on doing the LIR ISP cleanup. So that is on their to-do list as well to harmonize throughout the document.
Paul Andersen: Let’s go to Gary’s comment next, please.
Remote Host: Gary Giesen with CentriLogic, also the ARIN AC: I support as written. It doesn’t change any policy, improves accessibility for those with screen readers, and support use of LIR as it helps harmonize definitions within the NRPM and among the LIRs.
Paul Andersen: Okay. Thank you for that. Just to note that we have our – thanks, Andrew, he did figure the working group would fix it.
Let’s get our last Q&A and then we’ll finish up this proposal. Frank Bulk, please.
Remote Host: All right, Frank Bulk with FiberNet Communications: I support the policy as communicated.
Paul Andersen: All right. Thank you – last-minute one that came in. We’ll take it. Let’s take Gus’ even though he didn’t put the “queue” in.
Remote Host: Gus with Cogent Communications: I support this policy as written.
Paul Andersen: The queue thing did seem to work, so if everyone can try to make use of that for the next two policy issues, I would appreciate it.
This feedback will be provided to the AC. Andrew, thanks for the presentation. John over to you.
John Curran: Thank you, Paul. Next presentation is regarding Draft Policy ARIN-2021-1: ASN Clarifications to Sections 2, 8 and 10. Anita Nikolich shall be giving the presentation. Thank you, Anita.
Draft Policy ARIN-2021-1: ASN Clarifications to Sections 2, 8 and 10
Anita Nikolich: Okay. So this is an output from the NRPM Working Group to do some clarifications to some language which started out, and as they unraveled the thread, it led to more. So I’ll go through all of them.
Shepherds, myself and Gary Giesen. This is a very recent proposal from January. The Draft Policy obviously from February. And this is the first time being presented at an ARIN meeting. Again, it came from the AC’s NRPM Clean-up Working Group.
Next slide. The problem statement originated with the language in Section 8 about ASN-only transactions was not clear. While addressing this, and looking through Sections 2 and 10, there was additional language and referencing inconsistencies that also should be adjusted.
Next slide. So this is adding a definition for ASN in Section 2. You can see ASN, “unique identifier which represents a collection of network resources operated under a common routing policy administration, known as an autonomous system.”
So, there’s no definition currently. This is to add a definition Section 2.
Next slide. I’ll go through these. The second part, the bold are the things that are new. I want to distinguish between the two. There’s a bunch of these slides kind of grouped under seven things.
So if we replace this on the top, the replacement, the bold is “transfer under Section 2,” just to clarify some wording, and “the transfer.”
Next slide. This is to replace something that says – instead of having “that they have acquired,” “that it has acquired,” just to change some semantics, make it clearer.
Next slide. Also, in Section 8.2, instead of “they have,” “it has acquired.”
Next slide. This clarifies in the first sentence “under Section 8.2,” instead of “8.2 IPv4 transfer.” Again, just to make it very explicit.
Next slide. Now we see where under Section 8.3, instead of saying “IPv4 numbers,” we see “IPv4 address and/or ASN resources.”
Next slide. Same thing, instead of “IPv4 address resources,” it’s changed to “IPv4 address and/or ASN resources.”
Next slide. Clarifying the words a bit, instead of “an 8.2 transfer,” “a transfer under Section 8.2.”
Next slide. In Section 8.4, again, instead of “IPv4 number resources,” “addresses and/or ASN resources.”
Next slide. And, again, adding “and/or ASN resources” after IPv4.
Next slide. Also in Section 8.4, replacing “number resources” with “addresses.”
Next slide. Purely grammatical, a space between “Section,” “4.4.”
And next slide. Section 8.5.6, adding “IPv4 space” in that sentence.
Next slide. 8.5.7, we add “the requirements in Sections 8.5.5 and 8.5.6.”
Next slide. Adding “Section” 8.5.7, make that a little more clearer.
Next slide. And in Section 10.3, again, adding “allocation of ASNs” since that was defined presumably above in Section 2, take out the “Autonomous System Numbers” and just replace it with the acronym “ASNs.”
Next slide. So some notes. Posted to PPML March 9, only got one comment on this. No concerns have been raised on the list.
Next slide. So, questions? Do the clarifications make sense?
Paul Andersen: So we’ll open the microphones. Thank you, Anita, for this and the AC’s work on it. A lot of changes. And I would suggest that any comment related to the proposal is welcome but it might be useful if you have small edits or suggestions, that may be better to the PPML, or the authors, since this is more editorial and more just if we could focus the discussion on the problem statement and if just generally these changes at a higher level.
But, if there’s something that’s burning or especially if a change is fundamentally changing the text, let’s – we can obviously raise that.
So, with that in mind, let’s go to our first Q&A. We’ll go to our first Q&A.
Remote Host: All right. I apologize if I butcher your name, but Omo Akintoye from Amazon Web Services: I support this policy.
Paul Andersen: Okay, and let’s go to our first microphone with Kevin.
Remote Host: Kevin, you can unmute yourself.
Paul Andersen: Name and affiliation, whether or not you support or against the problem statement.
Kevin Blumberg: Kevin Blumberg, The Wire. I support the problem statement. I support almost all of the text. It was a great clean-up, except for Section 10. Even a modest and minor change to global policy in Section 10 potentially could require clarification as a global policy change.
As such, I don’t believe that making a change to that section is both going to be timely or necessarily benefit. If it is an editorial change, I would recommend leaving that one part out to allow this to go through faster.
Paul Andersen: Can I just ask if maybe a good outcome of this is to ask the AC shepherds to reach out to the ASO AC and just run the change through that and get the feedback of the ASO and potentially get that feedback. And that I think would be very useful feedback. Would that be process-correct, Kevin, or John?
John Curran: That’s fine, Paul.
Paul Andersen: Okay. All right. Thank you, Kevin. That’s a good raise. Global policy is always fun. I think I saw Cathy Aronson on earlier. She can tell tales of it.
Next Q&A, please.
Remote Host: David Farmer, University of Minnesota: Support as written.
Paul Andersen: Donnie Lewis.
Remote Host: Mr. Lewis, you should be able to unmute yourself now.
Donnie Lewis: Yes, I like the clean-up.
Paul Andersen: Donnie, could you state your name and affiliation. And then you can – no problem.
Donnie Lewis: Donnie Lewis, Obsidian Group. I support the changes. It made the document much, much more readable. And I always like more information versus less. I do support the changes.
Paul Andersen: Let’s go to our next Q&A then.
Remote Host: Next Q&A, Lee Howard, IPv4.Global by Hilco Streambank: A lot of work must have gone into this. Definitely an improvement. Thank you.
Paul Andersen: Thank you for that comment, supportive. We’ll go to Chris Tacit.
Remote Host: You should be able to unmute now.
Chris Tacit: Chris Tacit, Tacit Law, ARIN AC. In the work that we’ve been doing in the NRPM simplification, a lot of these changes you’ll see across some of the other sections as well.
In terms of the one issue I wanted to address, the Section 10 issue that Kevin raised, if this is going to hold it up, then I think the AC ought to consider either splitting it out into a separate policy or abandoning it if it’s not worth the lift of trying to get harmonization across regions, if that is indeed necessary at the end of the day. Thank you.
Paul Andersen: Thank you, Chris, for that. We’ll go to our next Q&A and ask people to start approaching mics or again using the queue trick. So if you can get in queue now because we are out of hands and we only have two more comments.
We will be closing shortly. Please get in the queue.
Remote Host: Joe Provo, Google, ARIN AC, NRPM Working Group, primary author: Apologies for the all pure editorial comments. It was initially believed that this could be able to be executed as editorial, but since there was confusion over purely ASN transfers, it worked its way through the policy support with or without Section 10 adjustments.
Paul Andersen: As there’s no one else with their hands up, we’ll close that queue. Type the word “queue” if you plan to put anything in the Q&A. At the end of this one, it will be closed, and we’ll try to be more firm on that. Go ahead with the next comment.
Remote Host: John O’Brien, University of Pennsylvania: I support this problem statement and am generally supportive of the proposed solutions. Is there an intended distinction between IPv4 address resource and IPv4 space?
Paul Andersen: That’s a great question. Anita, did you have a comment on that?
Anita Nikolich: I don’t. I want to be sure I give the best answer. It would be helpful if you want to post it on PPML so I can make sure I give you a thorough answer that’s not just my opinion at the moment.
Paul Andersen: John, if you wouldn’t mind putting that on the PPML or just sending it to the shepherd directly, if you want to do it that way. They would – obviously, if there’s clarity they’ve overlooked, they’ll be happy to take it on.
Seeing no one else in queue. We’ll take our last and final comment. Over to Frank Bulk.
Remote Host: Frank Bulk, FiberNet and Premier Communications. I support the changes as written. I appreciate Kevin and Chris’ point about possibly splitting out the global policy in Section 10 as to more speedily adopt the other changes.
Paul Andersen: Okay. Thank you very much for that. And thank you very much for that Policy Proposal. Thank you for the presentation, Anita.
We are going to move on to our next one. I’d like to say there’s, for whatever reason, people are putting up and down their hand consistently. And we obviously see that.
It’s causing some confusion here. So if we see it, we’re going to assume that the person is not looking to be identified as having some other technical challenge.
If you are having a technical challenge, please reach out to staff at firstname.lastname@example.org. We don’t know if it’s a Zoom issue or not. But we see the hand going up and down. We don’t know what that means. We’ll take it it’s a technical issue. Please keep your hand up and remain that way if you require.
John, over to you.
John Curran: Okay. Very good. Making good progress here. Our next policy for consideration is Draft Policy ARIN-2021-2: Special Use IPv4 Space Out of Scope for Purposes of Determining Waitlist Eligibility.
Matthew Wilder stepping in to cover this. And it’s over to you, Matthew.
Draft Policy ARIN-2021-2: Special Use IPv4 Space Out of Scope for Purposes of Determining Waitlist Eligibility
Matthew Wilder: Thank you, John. Next slide, please. All right. We’re going to be talking today about ARIN Policy 2021-2: Special Use Space Out of Scope for the Purpose of Determining Waitlist Eligibility.
Next slide. This is the first time that it’s come to any ARIN meetings. It was submitted by Rob Seastrom as a Policy Proposal. Kerrie Richards is the co-shepherd, and it’s my pleasure to share the policy on behalf of the two of us.
So this was submitted on the 15th of January and then elevated to Draft Policy on the ARIN AC meeting the 23rd of March 2021.
Next slide. There’s the problem statement. Current policy does not clearly indicate whether special use addresses for critical infrastructure, defined in Section 4.4, as well as special use addressing for facilitating IPv6 deployment, defined in Section 4.10, should be considered as part of the /20 equivalent IPv4 space in aggregate, which would make an organization ineligible for the ARIN Waitlist defined in Section 4.1.8 of NRPM.
So these have been evaluated independently in the past. Next slide. The policy statement as proposed is to replace the current sentence in Section 4.1.8 which states “Organizations which hold more than a /20 equivalent of IPv4 space in aggregate are not eligible to apply.”
And that text will be replaced with the same but just adding what’s in brackets there. So “Organizations which hold more than a /20 equivalent of IPv4 space in aggregate, exclusive of special use space received under Section 4.4 or 4.10, are not eligible to apply.”
Next slide. So the origin and background of this is that staff and legal assessment, 1st of May 2019 for ARIN 2019-16. The staff noted that ARIN staff would immediately perform an audit of the current waitlist and remove and inform any organization that holds more than a /20 in IPv4 space excluding 4.4 and 4.10.
So the intent was clear at this point to treat those blocks distinctly, although that doesn’t exist in policy today.
So next slide. So failure to incorporate this nuance into the NRPM or explicitly contradict it has resulted in some confusion. A recent Policy Experience Report cited three occurrences in as many weeks, so three weeks, where staff had a difficult time determining whether or not to include those address blocks in the evaluation of the /20.
Next slide. And here’s a nice quote. “Clarity affords focus.” So the benefit of clarity, of course, is that there’s no uncertainty as to how this would be treated. So clear policies get – next slide, please. Thank you.
Paul Andersen: Thank you, Matthew, for your knowledgeable AC presentation. My thanks also to Kerrie Richards, who I know she was going to give the presentation. She sends regrets. Technology has unfortunately gotten in the way of a technology conference.
But my thanks to her and Matthew on this presentation. We look forward to seeing you back online shortly, Kerrie.
This is the last proposal before Open Microphone. If you want to comment, you know the drill. Put up your hand or put it in the Q&A. This is a Draft Policy.
So feedback from the problem statement is definitely the main focus, but any other feedback is welcome. Give it a couple more seconds. All right. I thought I saw – okay. We have a hand up. Let’s go to I believe it’s Marlin.
Remote Host: Marlin, you should be able to unmute yourself.
Paul Andersen: Name, affiliation, whether you support or are against the policy, please.
Marlin Martes: Marlin Martes, Amazon Web Services, and I support this policy.
Paul Andersen: Thank you for the feedback. Let’s go to the Q&A. Let’s go to that.
Remote Host: Paul Emmons from Ninja-IX: As an Internet exchange point operator, we support this change. We have run into this issue recently having to supply utilization of 1X space.
I assume that’s 1X space, in order to get on the waitlist for IPv4 space.
Paul Andersen: Okay. Thank you. We have another Q&A. Let’s go to that.
Remote Host: Gary Giesen, CentriLogic, ARIN AC. Support the policy as written and the problem statement. It codifies the practice already occurring and makes it clear to those on the waitlist or to those looking to apply to the waitlist what the requirements specifically are.
Paul Andersen: Thank you. Okay. We’ll go to John O’Brien, next.
Remote Host: John O’Brien, University of Pennsylvania. Is it a true statement that the non-special use allocation can be used for special uses? But a special use allocation cannot be used for nonspecial uses?
If so, I would be in favor of excluding special uses addresses address resources.
Sorry, that was a little hard to say.
Paul Andersen: Okay. Sai Mattapally, you put a question, but I’m having a hard time understanding. Maybe you could try clarifying what you’re trying to comment specifically if you’re in favor or against the policy. If you could do that, we’ll come back to you. Let’s go to Gus.
Remote Host: I’m sorry, did we answer the question for Mr. O’Brien?
Paul Andersen: We’re going to – I’ve asked Sai to put back in – I don’t see the question as germane to the policy.
Remote Host: Okay. And Gus Reese, Cogent Communications, I support this policy as written and the problem statement.
Paul Andersen: Okay. Next comment from Joe Provo.
Remote Host: Joe Provo, Google, ARIN AC. I support as written.
Paul Andersen: Okay. We’re going to close the queues in a second. We’ll give Sai a few seconds to type something. Otherwise we’ll go with his original – if you want to put your hand up, put it up. Okay.
Sai, let’s go to Sai live, and we’ll go from there. At the end of Sai’s comments, the Q&A will be closed.
Sai, give your name and affiliation, start with whether you’re in favor or against the policy.
Sai Mattapally: My name is Sai Mattapally from Mattapally Technologies. I’m very new to this meeting. I don’t know how to ask a question, because you are asking my opinion about policy as now. Then you’re asking a question and answer which I have under policy. You clarify and then take my decision, I support or not?
Paul Andersen: That’s how our policy process works. We ask those who are speaking at the microphone on policy as a standard rule of order to start with –
Sai Mattapally: Yeah, you are asking –
Paul Andersen: Let me go first.
– to start with whether you’re in favor or against and then the reasons for that.
I understand you’re new to the community. We welcome that. What may make more use is we can have a staff member reach out to you with your question and they can help. If at that time you still want to give some feedback into the policy process, the Public Policy Mailing List is available and you can put your comment on that.
That would be my suggestion, but if you want to recreate your question now –
Sai Mattapally: Thank you.
Paul Andersen: Thank you so much for that. So, thank you for that. As I have no other Q&A in the queue, this is going to one Last Call, because this will end our policy process, and then I’ll take us into Open Microphone.
We’ve gotten back on track here timewise. We have ample time for Open Microphone. We have, of course, our breakout sessions later. But seeing none, we’ll close the microphones on this policy. This ends our policy block for today and ends our policies for the ARIN 47 meeting.
So I’d like to thank everyone for their participation. I know that virtual has been a large adjustment to this process. My thanks, of course, to Mike Lauder for stepping in as well presenting that.
Our thanks to the community for this and thanks to the AC who will now take all the feedback that’s been garnered over the last two days. They’ll be meeting in short order in the next day or so to decide what to do with these policies.
If you have some thoughts, we still have the Open Microphone right here but there’s always the ARIN Public Policy Mailing List. We encourage you to join it and we encourage you can put your feedback on there. If you don’t feel comfortable about that, we will – sorry, apologies, you can always email the shepherds as well. They’re always happy to take your feedback.
Public Policy Meeting, Day 2 - Open Microphone
Paul Andersen: With that, we’ll go into Open Microphone. This is – again, we generally like to focus on what’s come up today.
If you have an idea for a new Policy Proposal or have a thought on a presentation that you’ve seen or if there’s something that you have about ARIN the organization or the policy process that you’d like to raise, this is the opportunity.
We have the CEO here, John Curran, as you can see, some of the senior staff on standby, the AC Chair is here as well. Please raise your hand or put something in the Q&A. We’ll go from there. Give it a few seconds.
John told me he’s prepared one of the finest offers to sing in the remaining 20 minutes, if required. I don’t know where it came out that he said he was an opera singer but – we have our first hand. So we’ll go to David Farmer. David, name and affiliation and what your topic is.
David Farmer: David Farmer, University of Minnesota. There’s the fee consultation open. The fee consultation raises a policy question for me. If the fee consultation goes forward, is it still germane to have a policy difference between –
Paul Andersen: Between end users and –
David Farmer: Between end users and ISPs or LIRs in the future? That’s a question to the community.
Paul Andersen: Yes. And so if somebody wants – a few things, if you would like to speak to that, John being the first in queue on that, please raise your hand on this topic or put it in the Q&A and we’ll deal with that.
I think the high level is the flexibility of the schedule now is such that bad categories or other categories can be defined. And now we have a unified fee schedule.
We don’t get into this issue we had before where policies seem to be skirting around fee schedules by saying we’ll classify you as an end user. That’s now disappeared. It’s not that end users have disappeared in policy; it’s just that there’s an ISP end user and ISP fee schedule which will be the RSP fee schedule if this proposal is adopted after the consultation.
So we have two people in queue. We have John Curran and we have Kevin Blumberg. Please raise your hand if you want to speak on this issue. Go ahead, John.
John Curran: David, you bring up a great point. Let’s start with IPv6. In IPv6, the space issued for new end user allocations and new ISP allocations is fairly distinct sizes.
Organizations can say they want an end user allocation. Organizations can say they want a larger ISP allocation.
You might want policy to qualify who can be an ISP. Further, you might want policy to insist on who is an ISP.
There’s been concerns in the past in the IPv6 community that people will ask for smaller allocations and give still smaller to their customers.
If you want ARIN to be the one enforcing customer allocation size, that’s perfectly fine, but the community needs to discuss and agree on that.
You can see where with v6 there’s still great need for policy as to – or there’s still a need to discuss how much policy you want.
On v4, we get into an interesting situation. We have an enormous amount of v4 policy for issuing new space, initial allocations. And then we have an enormous amount of policy for doing additional allocations and assignments based on those who have already gotten their initials.
And it looks like 80 or 90 percent of that might not be relevant in a going forward scope.
And so again this is – there’s nothing to say that we can’t have policy that is the same policy we have today.
The fee schedule doesn’t require any policy changes one way or the other. The question you’re really asking is now knowing a good fee structure that’s uniform, do we need the same policy that we have?
That’s a great question. The question is what policy do you really want for policy sake? As opposed to get certain feel from –
Paul Andersen: Can we unmute Kevin Blumberg. Kevin, is this the issue you wish to speak on?
Remote Host: Kevin, you can unmute yourself.
Kevin Blumberg: Kevin Blumberg, The Wire. Yes, this is what I wanted to speak on. I sort of touched on it earlier. I agree with David. There is a lot of policy that made the assumption that an end user would not have certain features available to them, that ISPs would, as an example, downstream SWIPing would now technically be available to all.
All the rules and requirements we have related in policy to that should apply to all organizations if they’re going to be using that side of things.
I believe if we go to one consistent type of organization set from a fee point of view, that our policy should reflect that. A lot of, again, the requirements for end user and ISP were based on things that could or could not be done by the different ones.
And I think we need to move to a more holistic view that you have different kinds of organizations that use Internet resources and there may be some exceptions where one type of organization is able to get a smaller assignment or allocation at this point.
But I think the whole concept needs to be refreshed if we are now going to one unified set of services across the board.
That doesn’t mean we don’t have differentiation between types of organizations. But I think this whole concept of end user and ISP will need to be completely revisited in policy. It will be utterly confusing otherwise.
Paul Andersen: Go ahead, John.
John Curran: If I could briefly respond. Kevin, I agree with you to some extent. But recognize if you want a policy constraint on how people can use addresses, we need that today regardless of whether the fee table changes.
You have organizations right now that are end users who are subdividing and leasing their IP address space. If that’s not allowed, then that’s worth knowing.
You have organizations that are not providing directory services for the issuance of IP address space to their customers.
So your question is valid, but it’s not driven by the fee; it’s if ARIN’s going to have some specific constraints on the use of IP address blocks and that changes by organization, or even if it doesn’t, it should be explicit. And that should be in policy.
That’s not a fee question. If you have assumptions about how address space is supposed to be used, that needs to be in policy. And presently it isn’t.
Kevin Blumberg: John, my clarification is, irrelevant to the amounts on the fee table, you had two fee structures before. The current discussion is to go to one unified fee structure.
And unless I’m misunderstanding that change, everybody is going to have the same set of services and is going to pay the same thing, depending on what they’re utilizing, but basically you’re going from two structures to one.
Is that me misunderstanding what’s being done?
John Curran: Sorry, you cut out on my end, Kevin. Kevin, I’m having a problem here.
Paul Andersen: John Sweeting. John Sweeting is offering to jump in for you, John.
John Sweeting: I just want to answer Kevin’s question. There’s still these different types of organizations out there. And there could be policy that says if you are an ISP, that here’s how you qualify for space. And there could be end users.
And it says here’s how you qualify for space. It could be that way. It could change, but there’s no reason why we can’t have policy that’s germane to how end users use space and how ISPs use their space and how they qualify for more space.
Kevin Blumberg: Just to clarify. And I think this is the part that I’m trying to understand. If this change occurs, all organizations, irrespective of whether they’re currently delineated as ISP or end user, will have access to all the same services uniformly offered by ARIN; is that correct?
John Curran: That is the case.
John Sweeting: That is correct. And that is why we’re looking for the equitable fee being charged.
Kevin Blumberg: Right. So if an end user –
Paul Andersen: Just to clarify, John Sweeting. While there’d be a unified fee structure, it’s possible there could be services that are only available to certain types of entities based on the policy they qualify.
I’m not saying – that could still occur, correct? If there was a service – if only ISPs could only send emails in pink, then, that could be potentially a service only available – because that’s what policy says.
Go ahead, John, sorry.
John Sweeting: John’s back.
John Curran: I’m back. Sorry. The Internet apparently blipped here. Yes, if you folks want to constrain services by a particular type of user, particular type of organization, you can. However, that’s probably not what you want to do.
Because, quite frankly, long-term we can’t control that. People are capable of spinning up many of these same services on their own and it’s beyond ARIN’s control.
So what you’re really talking about is constraining people to use address blocks in only certain ways.
If that’s what you wish to do, you need to be explicit in doing so. Again, you have end users right now subdividing their address space through leasing. That’s happening today. Has nothing to do with the fee schedule.
We are presently not enforcing anything. If you believe there’s a policy constraint that needs to be enforced there, it needs to be stated about those blocks. That’s independent of the fee schedule.
Paul Andersen: Does that make sense to you, Kevin?
Kevin Blumberg: Yeah, I think we’re arguing the same thing. All I’m trying to say is end user policy has no concept of downstream assignments or allocations. In a homogenous environment, an end user could take advantage of those services.
Our policy needs to be cleaned up to allow for all the services to be homogenous across all of the things.
And where there’s a differentiation, have that differentiation. But there’s a lot of policy that doesn’t envision end users having access to, quote/unquote, ISP services which would no longer be the case.
So I’m just – I think we’re all agreeing about the same thing. Just policy needs to be cleaned if this fee schedule goes forward.
John Curran: My only point, Kevin, is policy needs to be cleaned anyway, because even if the fee schedule doesn’t go forth, the users will still – it’s not what services are available; it’s what usage of blocks policy allows.
If you’re saying blocks can’t be suballocated, okay, then you need to say it and explain that, independent of the fee schedule, because it’s happening today.
Users are subdividing their blocks today. They’re just not necessarily having the services, but it’s happening. So if you’re trying to constrain the usage of blocks, it’s not a services question. We agree with you – I agree with you that the policy doesn’t cover it. And historically it’s been anchored in services.
But you don’t actually want policy to constrain services. What you want to say is end user allocations may only be used in the following ways.
You need to think very carefully about what those policies should be. Because we have a large base of end users subdividing their address blocks, leasing with some forms of connectivity that vary from one to another.
Paul Andersen: I think we have to leave it at that. The ARIN Consult List is available if you guys still want to keep going at this. But I think we’ve had a chance to do that.
I have Gary Giesen next. Can we open his microphone, please, or did we lose Gary? Gary, you’re next.
Remote Host: You can unmute yourself.
Paul Andersen: Name and affiliation and topic, whether it’s this one or a new topic.
Gary Giesen: Gary Giesen, CentriLogic, ARIN AC. It’s on this topic. I know policy was never tied to the fee schedule, but the reality is the big wedge between end user and ISPs was SWIP. And as far as I’m aware, end users could always become an ISP by paying ISP fees. There was no other impediment. Please correct me if I’m wrong.
If end users are now being asked to pay these same fees as ISPs, why wouldn’t we just make everyone ISPs?
I get for further SWIPing downstream, that you may want to have more policy controls, but I think the ISP policy pretty well covers that. To Kevin’s original point, why would we have two classes of users if everyone is paying the same fees, and historically the big wedge between the two sets of policies has been to reduce fees and, consequently, services like SWIP.
Paul Andersen: So I think I would just disagree a little bit in that there’s always been and historically policies that wrap around a certain type of almost use case. And a perfect example, Gary, you’d be familiar with is Canadian TPIA, and in order to qualify under a certain clause, you had to be a certain type or fit certain criteria.
I don’t think the fee schedule is meant to eliminate that. I think as John Curran said, there may be a useful reevaluation of policy to see if it still makes sense where there are differentiations between certain types of providers, especially since the – I think as we said – it’s becoming grayer.
And 20 years ago an ISP clearly looked like an ISP and end user clearly looked like an end user. Now it’s a little foggier. We have different types of players and different types of entities.
John Sweeting, did you have anything to add on that from that standpoint? I know you’ve done a lot of work on this.
John Sweeting: Yeah, I just want to say that we today we have end users that for one reason or another they want to become an RSP, Registration Services Plan.
With a Registration Services Plan, they can do SWIPs, they can do anything an ISP can do. That’s basically how the fee harmonization is going to work. All end users will be converted to being under a Registration Services Plan and will have access to all the services that are available to an RSP, as they would do today if they voluntarily did it.
Yes, they would be able to SWIP. RSPs, end users that convert to RSPs today will have the ability to SWIP.
Paul Andersen: Use all the services. There’s no policy preventing – no policy today preventing an end user moving to RSP, thus getting accesses to services.
John Sweeting: That’s correct. That’s what John was trying to say as well. Services and policies are different things. We have all these services they can use. Your policy would, then, if you want to keep somebody from SWIPing a class of customers, I guess you could do it through policy. I don’t know why you would. But anyway, yeah.
Paul Andersen: That would be a curious question that we may need to clarify a little bit, to both Johns, to just if there was a service that the community did not want somebody to have access, it did not want a certain class having access to, would that be through NRPM or would that be through ACSP, would we take that back –
John Curran: If the community passes a policy that says users should not suballocate their blocks, it must be used for internal customers only, then we wouldn’t provide access to a service that violated policy.
But I want the policy to constrain the address block usage because that’s what the community’s really saying.
And we have the problem is that we have people who are doing working around this now, and they’ll do it – ARIN services are not sufficient to prevent what you’re talking about; you need policy.
Paul Andersen: I’d like to close off the microphones, because we are now at the allotted time and we should be ending for the day.
I’ll give one last chance to put your hand up. We have one person in queue put their hand up and one Q&A. We’ll go to the person with the hand up because he’s confirmed that he’s on topic, on this topic.
Then we have somebody with a slightly tangential. And then after that we’re going to close off. Either put the word “queue” in or put your hand up now.
Let’s go to David Farmer.
David Farmer: I wanted to clarify one thing. You said that – David Farmer, University of Minnesota. I wanted to clarify one thing. You said that we should discuss this on the ARIN Consult List.
My personal opinion, the question I raised is a policy question and belongs on the Policy Mailing List, not – it’s not actually a question about the fee consultation; it’s a result of the fee consultation but it’s not really –
Paul Andersen: So this is when I ask John Curran, his head pops up, look at that, he saw. That’s what I said, and I agree, that would be my gut, on which Mailing List to go. John’s the expert, did I misspeak, is this a PPML discussion?
John Curran: If you want to change NRPM it’s on PPML. Otherwise it would be – if it’s on the consultation, ARIN Discuss. You no longer have – (phone ringing.)
I apologize. David, what do you want to discuss?
David Farmer: What I raised the question as was, as a result of the potential change, there are some policies that we probably need to change, which is why I said I think it’s a policy question, not a consultation question.
John Curran: Right. I’m going to ask an interesting question, David. In general, that means it’s on PPML – that should be on PPML.
David Farmer: Yep.
John Curran: Do you think those policies – shouldn’t those policies change in any case, regardless of whether the fee change goes through?
David Farmer: There’s an argument for that. But I –
John Curran: Then take it to PPML.
David Farmer: I think there’s an argument for that. But I think the fee consultation changes the rightness of those questions, is what I would say.
John Curran: Sure, I agree. I think there’s a number of policy cleanup issues that should be considered. And now potentially they need to be expeditiously considered.
David Farmer: Yes.
Paul Andersen: I think, like, David, this is one of the problems is if it affects your feeling on whether or not the Board should proceed with the fee change or not, that should be on Consult. But if it’s a general policy change, it’s a good idea, just because of the thought of the fee consultation, definitely PPML.
And if there’s expeditious changes, the fee schedule, probably on PPML, couldn’t hurt to put on Consult to get the AC thinking about it. But…
David Farmer: Thank you. That’s all I wanted to talk about. There’s a whole bunch of stuff to talk about, but I’ll do that on PPML.
Paul Andersen: Okay. Thank you for that, David. So the queues are now closed. The Q&A is now closed. We have our last comment from Mercia from the Obsidian Group.
Remote Host: Mercia Arnold from Obsidian Group: Does ARIN do policy position papers on the expected usage of ARIN resources as services and as addresses now that types of players have diversified from the dichotomy of ISP or end users? I have no interest in the fee debate.
Paul Andersen: I don’t know if I would use the word “policy papers,” but we do publish documents clarifying the policy for the community. But John clearly has some thoughts on this. I’ll defer to you.
John Curran: It’s an interesting question, actually. ARIN, the registry, stays away from usage of IP address resources except to the extent that it’s covered by the Registration Services Agreement, which are some very base level requirements, and/or it’s covered in policy.
So, in general, we don’t actually police the usage of IP address blocks other than when someone comes back and looks for an additional block, or other than if there’s a report of something going amiss with the usage of an address block.
Because we’re not involved in the usage of those blocks, and it isn’t necessarily needed for us for the administration of the registry, we do not do policy position papers.
It is – there’s a number of organizations that make use of their address blocks in all sorts of ways that ARIN has historically not been involved in in enforcing.
Again, the same community that asks ARIN to potentially consider how address blocks are being used and potentially enforced, is the same one that asks us not to.
So at a high-level, no, ARIN does not do the policy position papers.
We would not propose to tell the community what an appropriate usage of an address block is. However, I think if anyone has any thoughts on whether there should be a distinction in policy between end users and ISPs and what constraints each should have on their usage of their address blocks, that’s a great thing to write up your thoughts and send to PPML, because for us to do anything about that, it has to end up in the policy manual.
Paul Andersen: Thank you for that, John. Thank you, everyone, that ends our Open Microphone today.
Public Policy Meeting, Day 2 - Closing Announcements and Adjournment
Paul Andersen: I’ll go to closing talks. Thank you very much to everyone that’s participated here in day two of ARIN 47. We thank you.
Please make sure you submit a meeting survey so you can win an iPad Air. Very exciting device. Takes a few minutes. Go to the link you see below and it’s being fired out to you by email as well every morning.
Next slide, please. Again, thanks to our Bronze Sponsor. I’m going to ask John say the name because I’ll botch it. I feel bad –
John Curran: It’s Team Cymru.
Paul Andersen: Cymru.
John Curran: Cymru.
Paul Andersen: Thanks to our event sponsor. We appreciate their support and their talk. I know there was lots of great feedback.
Just a reminder, if you do have feedback on that new format, please let staff know because that was an experiment this time. If you would like to see it as a more permanent addition, we’d like to get your feedback.
Next slide. Our final day tomorrow, we’re done with the policy aspect, but tomorrow is the ARIN Members Meeting. It’s open to all. We’ll have great discussions from staff on key areas. You’ll hear from the AC Chair, the Treasurer of the organization, and me, on exciting topics.
We also have a panel discussion on transfer market trends that staff put together. To give a little bit of excitement and difference. Something for you to come again tomorrow at noon.
Next slide, please. So we have breakout sessions today. These are normally the table topics for those that have attended that we normally have at lunch. We’ll try some virtual table topics. There’s a question, we’re running a bit late, it wasn’t quite the threshold. We’ll say they’ll start at 3:50 today.
We’ll give you an extra five minutes to refresh your coffee break, bathroom break. Go to the link there in the registration portal or arin.swoogo.com/arin47, and we have six breakout rooms that you can join. Very freeform discussion. It’s not like this panel. If you were at the social last night, very similar.
So regular Zoom meeting where you can go, very casual. Please feel free, if you’re a newcomer, to either come listen or speak or give your view on any of these topics: Terminology in the Number Resource Policy Manuals. Pandemic impact on ARIN stakeholders. RPKI deployment best practices. How to join the AC and NRPM policy manual adjustments. And just a general lobby bar/coffee chat conversation area.
Next slide. Just one more. How to get there. Go to the virtual enhancement page, click the link for the breakout sessions.
If there’s no other announcements staff want to bring up, we will break the – we’ll end today’s formal meeting. You have until 3:50 to refresh up, join the Zoom rooms.
Thank you all for your participation, and we’ll see you tomorrow. Goodbye.
John Curran: Thank you, everyone.
Paul Andersen: And stay safe.
(Meeting adjourned at 3:40 PM.)