ARIN 56 Public Policy and Members Meeting, Day 1 Transcript - Thursday, 30 October 2025
Opening and Announcements
Hollis Kara: Welcome, everyone, to ARIN 56.
Thank you for sticking around, if you’ve been here through NANOG. I know it makes for a long week. Those who came in to join us for ARIN 56, we’re especially happy to have you here with us.
My name is Hollis Kara. I’m ARIN’s Director of Communications, and I’m here to make sure this train stays mostly on the tracks.
So, let’s go through what’s going to happen today.
First of all, can I get my Board of Trustees to stand up. I’d like to thank them all. They’re a critical part of the ARIN community, and they do a lot of work, and we couldn’t have this meeting without them.
(Applause.)
They are here. Please seek them out if you are here with us on site. They would love to chat with you.
Equally important, especially in the Public Policy Meeting is our Advisory Council. Okay, everybody, this is the audience participation. AC, on your feet. Round of applause for the Advisory Council.
(Applause.)
And then, finally, but last but not least, our Number Resource Organization Number Council. I think we have two of them in the house with us today.
(Applause.)
Nick is unfortunately unable to be with us. He is representing the NRO Number Council at the ICANN meeting that is just wrapping up in Dublin today. So, yes.
Now, attendance. I don’t think we’ve got these numbers updated from yesterday. We’ve got really great registration numbers for virtual attendance. We’ve got 185 of us here in person, hopefully. Room looks pretty full. I’ll buy that number. I think the last count I saw since this was updated was 420. So do with that what you will.
I’d like to also welcome all of my Fellows that here in the room. We have a split. Some of our Fellows are here in person. Some are joining us online. They’ve been great in the lead-up to this program, participating in everything.
Special shout-out, I’m not sure she made it online today, to Arsenia Brown and the rest of our colleagues that are in Jamaica that have been dealing this week with Hurricane Melissa. Our thoughts and prayers with them as they face cleanup from a pretty epic hurricane, not in a good way.
Several of you may have joined us last week for our orientation. If you did, you had an opportunity on the way out to complete a short survey in order to be eligible for a survey prize today. And do we have a winner? Beverly?
Beverly Hicks: We do, just a second. I’m so sorry.
Hollis Kara: Hold on one second. I will note, the penalty for attending orientation is that a lot of what I go over in the next five to ten minutes is going to sound kind of familiar. But that’s okay. Bear with us. Do we have a winner? Can I get a drum roll?
Beverly Hicks: We have a winner. It’s actually one of our Fellows.
Hollis Kara: Okay.
Beverly Hicks: All right. I will send that out for you.
Hollis Kara: Wonderful. Let’s talk — who was it? No keeping secrets. Beverly? Name? Did we have a name?
Beverly Hicks: I was verifying attendance, which is why I couldn’t do it yet. But I will announce it in just a minute if you want to keep going.
Hollis Kara: Okay. Sorry, I missed that part.
Beverly Hicks: Sorry, apologies.
Hollis Kara: Now I get it. We have to wait. Patience is everything.
So, if you’re joining us virtually today, thank you very much. Please note that if you are in the Zoom, you can use the chat to talk to your Fellow Zoomers and the Q&A for any comments or questions that you would like to read into moderation during any discussions of policy, Open Microphone, any other periods of that sort.
If you are busy typing out a longer reply and haven’t gotten it done, you can raise your hand — hit that button; we know you’re typing — or drop just your name into the chat so we know that you’re working on something. The advantage you have there for policy discussions is you can go ahead and drop your questions in the queue while the presentation is ongoing, and then they’re ready when we get to that part of the presentation.
Our Virtual Help Desk is open right now. Des, who by the way is the one behind the great design you’ve seen around ARIN 56, he’s sitting at the Virtual Help Desk, so if you don’t need help, feel free to drop in and tell him what a great job he did for all the graphics for this meeting.
If the Zoom disconnects, please hop on over to the livestream and see what’s happening. Also, just try to reconnect in case it’s on your side. But if for some reason Zoom is down, you will hear an update on the livestream on what’s coming, plans to get you back, back online.
If the livestream and Zoom are down, hang tight, you’ll get an email. We’ll probably be pausing the meeting in order to not proceed without your participation.
So, just keep watching that email and we’ll get through to you. With any luck, we won’t have to exercise any of those options today.
For folks who are here with us in the room, do note that you are welcome to join the Zoom for a couple of reasons. One, you can hop on there and talk to your fellow attendees who are maybe not on site. If you do that, please make sure that your device is muted and disconnected from audio. It’s also an option if for some reason you maybe don’t want to come up to the mic during a question-and-answer period. You can use the Q&A there, and we’ll get you into the discussion that way.
Do remember, for everybody, when we get to a Q&A portion, that we do want you to lead with your name and affiliation. That helps us with the transcript and the meeting report. It also helps people in the room know who’s talking. And please speak slowly and clearly. Probably like 5 to 10 percent slower than I’m talking right now, if you can manage it.
As I said, we do want to hear from everyone. So, Q&A in the Zoom is available to anyone who wants to use that avenue. But also please do make sure, as we’re queueing up the mics — we don’t have a lot of runway for room — but that the queue has cleared before you come back to the mic with a follow-up question or comments. We want to try to get as many of you up and moving as we can. It’s gonna be get squishy getting in and out of those aisles but we’ll make it work.
Beverly Hicks: Hollis, I have a winner.
Hollis Kara: Oh, thank goodness.
Beverly Hicks: Correction, it is John Stitt, and I believe he’s in the room.
Hollis Kara: He’s right down in front. Way to go, John.
Beverly Hicks: Amazing. Apologies.
Hollis Kara: You could have just asked me. I could see him. He’s one of the only ones I can see.
All right. If you aren’t on the Wi-Fi, haven’t figured it out, haven’t found it this week, please do check in at the Registration Desk. They will help you out.
And today, at lunch, as we always do, we’ll have a few table topics. We have one with the Policy Engagement Working Group, talking about ways to get more folks involved in our Public Policy process; one on the Out-of-Region Use policy; and another on the Section 6 IPv6 request formula.
If you have an interest in talking about any of those topics, please feel free to join those tables at lunch.
Tonight, thank you, Kalorama, we will be having — they’re our social host tonight, if I can get a round of applause for them.
(Applause.)
We will have the opportunity to visit and tour the AT&T Stadium. There’s going to be a great meal. It’s going to be a good time. Please do wear your badge.
We are walking. There are accommodations for anybody who has a mobility issue getting there. Please check at the Registration Desk, and we’ll help you out with transportation. But otherwise, it’s going to be a little bit of a hike. If you check your email that you got this morning — I think it was this morning’s email — it’s got specific details about how to, the directions to get to the stadium and the entrance to use.
I will note, if you go out the front entrance of the hotel and walk down the hill and turn, there’s going to be a point where you lose the stadium. I’ve been walking in the morning. It’s a little weird. It does disappear behind the building. I promise, it’s still there, keep going.
In the event of an emergency, please follow any directions that come in over the intercom. The rally point, if they have to evacuate the building, is out the front doors, across the street, and by the Starbucks in the bottom level of the Choctaw Stadium. You can see it when you go out. Don’t go shopping for cowboy boots. It’s right next door.
If you need medical assistance, dial 88 on the hotel phone. We’ve got information on the urgent care and closest pharmacy. As always you can check in with us for directions to anything, but we’ve got all that covered.
And just a reminder: We are recording, which means I have to watch this again. Anyway, recording and livestreaming, and there’s live transcript. So, you can read along.
Presentations are all available. They’re up on the meeting website. They’re also available on the meeting materials page. You can open those presentations and view them while they’re being given, if they’re a little bit hard to view in the Zoom stream or the livestream. Sometimes that can be a little bit tricky. As I said, live transcription is also available.
You will notice, if you go to the website now, when we took the screen shot, it wasn’t live, so it’s not there. But right below the big yellow Register Now button is a button that says “Join Livestream” and that will take you to the livestream and transcript.
So, let’s take a look at some of the other stuff. If you go on to the website, we have a big program information drop-down, couple of key points there. No, I lied. Let me walk you back through this.
You will notice there is a tab for elections. If you are a voting contact for an organization in this election and you’re having any issues as polls open this afternoon, we do have an Election Help Desk. You can find the link there. It’s a Virtual Help Desk this time because we know not everybody who’s a voter is here on site. We have folks that might be trying to do that from elsewhere, so that’s available there.
All the information about all the things is in that drop-down. I do recommend that if this is your first meeting, we do our best to use real words, but sometimes we like to — we default to acronyms on accident. We are a not jargon-free industry. The acronym guide can be a big help for that. And you can download that and have it handy if you want to play acronym bingo as the meeting goes on.
In-person participants, you have your own drop-down on the website with things that you may need to look at. Virtual participants, again, you’ve got the Virtual Help Desk and also an access point to join the Zoom if for some reason you didn’t get your email with the link.
And, as I mentioned, ARIN elections will be opening this afternoon. We’ll have candidate speeches and presentations after lunch, all about that. Voting will happen at 3:00 PM Eastern, closing at 7:00 PM Eastern on November 7th. And, as I mentioned, we have the Virtual Help Desk.
Today, what are we going to do? I’m going to stop talking soon. We’re going to have a few more welcomes. We’ll have an update from the Board, and then updates from NANOG and ICANN and IANA. Then our Policy Experience Report.
Get to take a break, reload on coffee. Come back and we’ll have our first policy block of the day starting off with the AC On-Docket Report. We’ll do three policies. We’ve got two recommended drafts and one draft this morning, and then we’ll break for lunch.
And when we come back, again, we’ll have the election introduction and candidate speeches before our afternoon break, after which we will do our final policy block of the day, concluding with an Open Microphone and more of me.
Just a reminder, we do want to make ARIN a welcoming and safe meeting for everyone. We do have Standards of Behavior, which you all agreed to adhere to when you registered for the meeting. Basically, you know, let’s just be nice. Let’s play nice. Let’s understand that everybody’s here to try to reach consensus on policy and work together to have a productive meeting.
I’d like to actually to expound upon this, welcome our ombudsperson, Wade Hinton, to come up and talk about his role here at the meeting. Wade.
(Applause.)
Wade Hinton: Thanks, Hollis. Good morning.
You’re right. It’s really dark and light at the same time.
It’s great to, I would say see all of you, but I can’t see all of you. But it’s great to be here with you.
My name is Wade Hinton. I’m CEO of Hinton & Company. We’re an organization that is rooted in trying to help organizations or partner with organizations to bring their values to life and make sure that their leaders are aligned with those values. And so it’s been an honor to serve as the ombudsperson here.
Part of my role is to do exactly what Hollis mentioned, which is to encourage and make sure that this is a safe community, not only in person but online. So, we’re going to be around, have conversation, discussion. But, again, as Hollis mentioned, everyone here wants to be in a safe space, where they can learn, listen and lead together.
So, I do want to call out a couple of quick things just to bring your attention. And this is also how, I believe, ARIN brings their values to life. We wanted to make it a more accessible place. I want to give a shout out to Dan and Denise, as you can see there’s live captioning in the room. Let’s give them a round of applause and welcome.
(Applause.)
Also, I want to bring attention to the fact that we have a lot of first-time attendees and Fellows here. So, if you would, if you are a Fellow, a
first-time attendee, could you just raise your hand, so we can at least give them a round of applause.
(Applause.)
And I would encourage you to make sure you’re making them feel welcome as well.
Now, if indeed there is a moment where you feel like someone has crossed the line or is not living up to those Standards of Behavior that Hollis just mentioned, there are several ways of getting in contact with me.
There’s a QR code that you’ll see throughout the venue where you can just scan it and get the contact information. You can email me. You could also text as well, so — or just really stop me. And what you talk to me about is completely confidential. So please feel free to do that at any time.
With that, I wish all of you a great conference. And I’m looking forward to connecting with you throughout the meeting. Thanks.
(Applause.)
Hollis Kara: Thank you, Wade. To Wade’s point, I believe the QR code is on the banners right by the door to the entrance to the room, so if you need to do that, that has contact information for any — we have, in addition to Wade, a number of other staff reporters that you can use if you would like to discuss an issue, have a concern, want to tell them that I did a great job. I don’t know, whatever you feel like saying.
All right. So, we’re getting to the last bit of audience participation before we launch into our presentations. I’d like to get a round of applause for our Network Sponsor, AT&T. (Applause.)
Our Platinum Sponsor, AWS. (Applause.)
Our Social Sponsor, Kalorama. (Applause.)
Our Silver Sponsor, IPXO. (Applause.)
And they changed their name trying to trick me, our Exhibitor Sponsor, IPv4.Global by Hilco Global.
(Applause.)
We’re getting ready to get rolling. With that, I’d like to welcome our president and CEO, John Curran, to come up and say a few words.
Welcome from ARIN’s President and CEO
John Curran: Thank you, Hollis. Okay. It’s my job to give the welcome. I’d like to say good to see everyone here, welcome to ARIN 56, Arlington, Texas. Very happy to have everyone here.
People tend to think about ARIN meetings and think, you know, it’s not very important, is it? It doesn’t feel that way at times. A bunch of people in a room talking about some NRPM thing, whatever that is, and some line and whether it should be a /22 or /24.
The fact is, this is very important. And I just want to emphasize — ARIN’s been around 27 years. We’re 10,000 days old, roughly. If you think about it, we are how the community manages number resources. We are your way of getting that done.
If it weren’t for ARIN and the other RIRs, number resources would be managed by a process that wasn’t accessible. You wouldn’t have a way of coming and getting Fellows to be introduced to policy. You wouldn’t have people welcoming you to participate. You wouldn’t have the ability to discuss things in a forum that’s welcoming and everyone can share.
You might be submitting to a government process. You might be, instead, doing this in some manner that is not friendly, might involve more structure, more lawyers. I like lawyers, but more lawyers can be a little much.
And the fact of the matter is that the reason this is important is you’re managing the number resources. No one else. This is the community that uses them. This is the community that manages them.
So, while it may seem a very lightweight, trivial thing, that’s because we try to make it really easy for you to participate and set the policies by which we manage the registry. But it’s very important. It is an anchor of self-governance for the Internet. It’s because you participate, and you set the policies.
You do that, and you work on these on behalf of the entire ISP community — 27,000 participants in the ARIN registry in our region; 100,000 globally participate in the Number Services Registry. And you’re the ones setting policy.
So, please work with each other. Set good policy, policy that’s easy for people to understand, easy for us to administer, very important.
In the meantime, have fun. I know people, you know, it’s a lot of work to do this sometimes, but enjoy each other. Spend the time, talk to each other, take the time to meet each other. We are a community, and we want to keep that alive and well.
That’s all my comments. I’m very happy to see you all here today. And I just want to now turn it over, and can I introduce the next speaker? I’d like to introduce the next speaker, Bill Sandiford, who is going to come up and give the Board of Trustees Report.
(Applause.)
Welcome and Board of Trustees Report
Bill Sandiford: Good morning, everyone. Welcome. Welcome to the most boring presentation that you’ll see over the next two days.
(Laughter.)
As John mentioned, my name is Bill Sandiford, and I’m here representing the Board of Trustees. I’ll take you through this relatively quickly so we can get on to the good stuff.
The purpose of the Board of Trustees Report is to just give everybody a very quick, brief overview of the activities that the Board has been up to since the last meeting and over the year-to-date, detailing at a high level. Many of the items you’ll hear about in more detail from some of my Board colleagues later on in their presentations.
So, from a financial perspective, we took care of all the usual statutory requirement things like accepting auditor’s reports, financial statements, take care of all the tax documents for filing with the IRS.
There were some changes made this year to our investment Policy Statement. I’m sure you’ll hear all about that a little bit later in the Finance Report.
We approved all the funding for the grant program that the organization has. And, yes, we approved a recommended increase in registry fees by about 5 percent.
From a fiduciary standpoint, in terms of those types of matters, we do all the typical things like ensuring that we adopt minutes of meetings and make them available on the organization’s website so that members can review.
We accepted a new Code of Conduct for election nominees to ensure that the election runs smoothly and our nominees are operating inside of a code of conduct to help ensure a fair election.
And finally, and this one was — did we — my screen disappeared but the one there did not.
Hollis Kara: Hold on one second, Bill.
Beverly Hicks: We’re working on it.
Bill Sandiford: That’s okay. I can do it.
Hollis Kara: Sorry.
Bill Sandiford: Most importantly, we adopted a new RSA this year with deliberate language in it that was meant to try and bring the remaining legacy holders into the fold with a set of language that was more appealing to those remaining LRSA holdouts. And we’ve already seen immediate success from that effort.
Another thing that we undertook —
Beverly Hicks: It should be swapped.
Bill Sandiford: We’re good.
Another thing that we did this year that was a little bit different from previous years is we retained the assistance of an outside firm, Finley & Associates, to take us through a review of our strategic planning processes and how we do strategic planning.
The process started off with a review of our current processes. We didn’t do this with a goal to take the strategic planning process that we’ve had for years, throw it out and bring something in new because we did believe in our existing strategic planning processes. But every once in a while, it makes sense to holistically have someone from the outside come in, take a look at what you’re doing, to make sure that you don’t get caught in that rut of, well, we did it the same way we’ve always been doing it.
Well, things change, times change. Sometimes there’s slightly better ways to do things or tweak your existing processes. So, we undertook that. It was a comprehensive process. And it’s wrapping up near the end of that process now. And we looked at the organization from top to bottom, and it was a really valuable exercise.
Wanted to say thank you to all our committee chairs on the Board. These are the people, along with the entire Board, who spend countless hours of volunteer time making sure that the organization has effective guidance at the Board level. The committee chairs — Nancy, Peter, Dan, Rob — spend a lot of time keeping their committees moving and doing the real work behind the scenes that sometimes just comes to the Board for nothing more than a rubber stamp after they’ve done all the hard work. So, thank you very much to them.
And with that, I will open up the floor to any questions and comments.
Hollis Kara: If anybody has any questions or comments for Bill, now would be the time to approach the microphone. Got anybody walking?
Bill Sandiford: All right.
Hollis Kara: I don’t see any.
Bill Sandiford: But wait, there’s more! As many of you know, I’ve had the pleasure of working as a volunteer for ARIN for a number of years, the past 12 on the Board, a number of years before that on the Advisory Council.
And in accordance with the term-limits policy that our Board put in place a couple of years ago, I term out at the end of this year. And I think it’s a good thing. It was a very deliberate move, something that the Board put in place.
In accordance with that, we’ve been following a succession plan for Chair transition to ensure that we have a seamless transition. It’s my personal belief — and I believe that also of my Board colleagues — that when you’re entrusted in a leadership position, that comes with the responsibility of ensuring that there’s an extremely smooth and intentional transition to new leadership when your time in that role inevitability comes to an end.
On that note, at the conclusion of our Board meeting yesterday afternoon and in accordance with that plan, I tendered my resignation as the Board Chair. And I’m pleased to announce that the Board conducted an election and selected a new chair.
For the first time in the — what is it, John, 28-year of history of ARIN? — I’m pleased to announce we have female leadership. I would like you to join me in welcoming our new Board chair, Nancy Carter, and congratulating her for that new role.
(Applause.)
All right. And it’s really the end this time.
Hollis Kara: Thank you, Bill. Are we back? Moving on — I like this slide, that’s really cool. Congratulations to Nancy.
With that, I’d like to move into our next presentation. Jonathan, if you are in the room, Jonathan Black, I’d like an update on things at NANOG. He’s there. I really can’t see, you guys. You have no idea.
NANOG Update
Jonathan Black: Thank you. It’s great to be here with you all today. If some of you were with us for NANOG 95 earlier in the week, we are the ones with bags under our eyes and needing more coffee than the rest of you.
It was a good week. We had just over 820 people in person at the event and almost another 100 on line. Those are good numbers for us.
The North American Network Operators Group, in case you didn’t know what the acronym was for — we’re going to run through a couple of things right now. But, Hollis, I hope I don’t have to talk until 10:00.
Hollis Kara: Feel free to take your time but you don’t have to fill the half hour.
Jonathan Black: Okay, good. ARIN has been a premium sponsor for NANOG for a number of years, and we really appreciate that. Thank you for your support.
The premium sponsors are with us for a full year, and they really make our program and our conferences possible. So, we really do appreciate that.
Governance. We do have a Board of Directors as well. Most are elected through a typical election process. The chair of the Program Committee is ex-officio, voice but no vote on the Board. I’m also not elected in there because I’m the Executive Director, but I do have full vote.
Several of these — a couple of these people are here with us this week as well. Be sure to introduce yourself and thank them.
That’s our staff team. Small team, seven of us. Val and De’ celebrated 10 years with us. Now, thank you for, not lending us, but we stole De’ from ARIN a number of years ago, 10 years ago. And Val has been with the organization longer than 10, but as far as the sort of legal, formal process goes, it’s about 10.
So, they are here as well. They are fantastic and in many ways they are the heart and soul of NANOG. And those who have been around NANOG long enough certainly understand that.
Content is really the key and the focal point of NANOG. For those who haven’t been to a NANOG before, all of the content is selected by our Program Committee. If there’s too much advertising, if there are logos, if it’s a pitch on the latest and greatest service or technology, it does not get through the committee. Adair does a great job at running that for us currently. She’s here as well with us.
I have limited input. That’s a good thing because I’m not a network engineer. I come at the Internet from the business side. But really it is educational content for engineers by engineers.
For a few years now, we’ve had an online tool for submitting talks, presentations. And please feel free to submit ideas for talks. Adair and her committee will review those. They meet almost weekly to talk through those to prepare for the next meeting. So be sure to submit. Any kind of talk or content is submitted through that online portal. It’s available off our website.
As I mentioned, I have little input into that committee. It really is self-governed. They determine what content gets presented. In a sense, it is peer reviewed by that group of 20 or so people.
Now, in the past, a lot of you have — if you’ve looked for NANOG content, some of you have been going to archive.NANOG.org. Some have been going to Google. But now we have all that content available through the search bar on our website. So, I encourage you to go there.
If you’re looking for — actually, John Curran, you had a fantastic presentation a number of years ago — a number of people have referenced me back to that. If you’re looking for that or looking for some of the other great talks in the past, you can head to our website, click on the search bar and you’ll get through to all of the, not just the sort of pages on our website, but also the presentations, the videos, the talks and abstracts.
We actually went so far as to index all of the transcripts from all of the presentations. So, if you search in our search bar for casual words, I’ll just call them casual words, you might actually find some content out there. I think I Googled — I think I checked for “Woohoo” at one point, and it actually came up with a few presentations. You can enjoy that.
Any feedback on that, please send to feedback@NANOG.org. It’s notionally in beta right now. We just went public with it last week. So, we’re excited about that.
Events update. We do three events a year. So we are in San Francisco, Bellevue and Miami next year. Please come and join us. It would be fantastic to see you there. I know a number of you do come, and it would be great to have you.
The other thing, as you can see, it’s no surprise, NANOG 100 is coming. We’re going to have some special features and maybe a look-back on our history. So be sure to put that one on your calendar as well.
Community update. Often what we say at NANOG is people come for the content and they come back for the community. Once they’ve had their hallway track, once they’ve been there for a few meetings, they really want to come back because those connections they make are the ones that will help them when they run into an issue or when they need some advice. So that’s incredibly important to us.
We go about building community in a number of ways. In the past couple of meetings, we’ve been focusing on a bit of community service. So, we partner with a group in Denver, and most recently we’ve partnered with Compudopt. This past week we had Compudopt in our meeting times and our Beer N Gear, and our showcase area.
Compudopt takes laptops, iPads, computers, whatever they can, they refurbish them. They cleanse them. They make sure they’re all anonymized and all the data is gone. And then they hand them back out to needy children and schools. And it’s really a fantastic program.
If you have any equipment lying around — in fact, one of our NANOGers at the university walked up to the desk and said, “How many pallets do you want? We keep collecting stuff that I can’t redeploy.” So, if you have old equipment out there, Compudopt, look them up, they’re a fantastic organization. They will help get that equipment back into the hands of people who really can use them. So that’s been a fantastic partnership at this past NANOG.
We also have a mentorship program. We have about 30 or 35 people involved in mentorship. This isn’t life coaching necessarily. This isn’t about a 1-800-help-my-network program. It’s about some of the soft skills: How do I, as a network engineer, manage this relationship? What courses should I be taking? It isn’t a help desk for your network, but it is someone who you can go to to get some advice on some other skills, those other parts of your career.
We had a lot of momentum in the past few weeks. We’ve probably increased that. That number will probably be up close to 50 come the next meeting. So that’s been something we’ve been working on.
At each meeting we have ambassadors. They wear purple lanyards. And they are the ones who kind of self-identify and say, hey, if you have a question about the event, if you’re a newcomer, doesn’t matter if it’s, how do I get to the social event tonight, how do I get to this room — they are there to answer questions and help newcomers find their way through our event.
We’ve also been trying to encourage community through activities. So, we’ve been doing regular run club, hiking possibly. We’ve done some pickleball and we’ve done some yoga. So, it’s another way of getting to know your people and, frankly, staying healthy and alert during our meetings. Nothing like going for a run, like yesterday at 54 degrees with the wind going, running around the lakes out back. Those people were very alert for the meeting. In addition, community appointment windows.
So, we have communities, as you do. That window is coming up January, February 2026. So, if you are a NANOGer or want to get involved, please consider that.
Chart, you don’t need to see the exact details. Some of those numbers are small. But the dip there is during COVID. So, some good news. Our membership has increased slightly since COVID. That’s a good thing. Many of us would say there were only a few good things that happened through COVID, but this would be one good result of it.
Our membership are the people who vote. Like the ARIN membership on our Board of Directors, and that’s been a very key part. You need to be a member as well to be on our committees.
So that’s all I have. A quick update on NANOG, and I’m available for any questions. If you don’t have any now, I’m certainly around for a couple of days.
Hollis Kara: Do you have any questions for Jonathan? Please feel free to approach the microphone or start typing in the Q&A. I’ll give it just a second. I’m not seeing anything. Thank you so much, Jonathan.
Jonathan Black: Thank you.
Hollis Kara: We’re going to have a slight change-up in batting order this morning. Our IANA presenter is coming to us — will be coming to us, I believe, from Dublin virtually. They’re not yet online. We’re going to go ahead and jump to the Policy Implementation and Experience Report with John Sweeting. You’re already here. Come on up.
Policy Implementation and Experience Report
John Sweeting: Good morning, welcome to Arlington and ARIN 56.
I’m John Sweeting. I’m the Chief Experience Officer, at least for today and tomorrow. I’m going on a sabbatical starting Saturday, and Joe Westover will take over as the acting CXO at ARIN for the next five weeks. So, be easy on him but be hard on him, too. I want him to know the pain I feel every day.
(Laughter.)
Just kidding. It’s a great experience. I love what I do. I don’t know what I’m going to do the next five weeks, but I’ll find something.
Okay. So, I’m going to run through three topics here on the Policy Experience and Implementation Report. The first two are kind of easy, will be easy to get through. And the third one is just a lot of information that we want to share with the community on how the inter-RIR transfer policies have been working out.
So, 4.10 is the dedicated IPv4 allocation to facilitate IPv6 deployment. So it’s where you, if you have IPv6, you’re trying to deploy it, you don’t have any IPv4 to use any of the transition protocols to help roll out that IPv6 network, you can get a /24 from ARIN by requesting it and saying, hey, I need a /24 for transition purposes to IPv6.
You can get one. You can get another six months later if you’re using 80 percent of that first /24 for transitional purposes to IPv6. And we ask for a lot of proof for that. Don’t get upset because it’s one of the biggest fraud vectors we have today, is people coming in trying to get those free — not free, but /24 is for IPv6, and they use them for everything but that. They lease them. They do a lot of stuff with that.
So, the topic today is that the allocations and assignments from this block have to be justified by immediate IPv6 deployment requirements. Examples are, of course, key to dual stack your DNS server’s critical infrastructure, you have to dual stack in order to be able to run IPv6. NAT-PT (CGN), NAT464 translators, and ARIN staff uses our discretion to make sure that that’s what you’re going to use that /24 for.
Staff ensures that the requester actually has IPv6. And a lot of times they have it, not directly from ARIN, but they have it reallocated or reassigned from someone else. And we’ve noticed over time — if they have it directly from ARIN and they return the IPv6 space to ARIN, the IPv4 space comes with it because they’re obviously not using it for the purpose of the policy.
But if they have it reassigned or reallocated, we’ve noticed several of those reassignments, reallocations disappear; they’re just sitting there with a /24 of IPv4. And then we look a little bit more and we see it’s actually being leased and it’s being announced out of some other region.
So, then we have to open up a Section 12 audit on them for policy violation — or possible policy violation, and it takes a lot of resources.
So, I probably already covered this slide. I’m sure I did. Yes. So, the Section 12 audit is, basically, we contact them. We say, hey, we’re going to do a Section 12 audit; we need you to provide all the information and documentation that we asked you for to show that you are actually abiding by policy and you’re in line with policy.
If they’re not in line with policy, then we say, well, how long will it take you to get back within policy? And they’ll tell us 30 days, 60 days, 90 days, whatever. We give them that time. If at the end of that time they still haven’t yet come within the boundaries of the policy, then we will usually reclaim that space and have it in the pool for other people to use for transition to IPv6.
So, questions for the community: Is the current practice consistent with the intent of the community and the policy?
Should staff continue to issue 4.10 space to organizations that only have a reassignment or reallocation? Or should they have to have direct allocations from ARIN themselves?
There’s no fee difference if they have their own IPv6 /40 and a /24. And should the policy be updated to provide greater clarity for the community, specifying type of allocation and a requirement to maintain IPv6 in the organizational account? And actually, maybe something about maybe actually be continued to be deploying IPv6, not just holding it.
Okay. The next one is the initial allocation to ISPs and the minimum assignment.
So today — so here’s the different policies — all ISP organizations without any IPv4 addresses from ARIN automatically qualify for an initial allocation of a /24. ISPs providing a 24-month plan for the request size specified may receive up to a /22.
And then the minimum assignment, ARIN’s minimum assignment for end user organizations is a /24. End user organizations without an IPv4 allocation from ARIN qualify for an initial allocation of ARIN’s minimum allocation size.
So, what staff has been experiencing is that the current policy language allows for that /24 allocations for organizations with no direct allocations from ARIN. Well, there’s nothing in that policy that says that organization has to be in the ARIN region. There’s nothing in that policy that says that they have to use it in the ARIN region.
So, we get a lot of ISPs from around the world saying, well, your policy says any ISP that doesn’t have space from ARIN can get a /24.
So, staff’s looking for some possible help on the language, tightening it up, so that it basically — if the intent is that it’s for ISPs in the ARIN region, that the policy be more specific to that and that we show — we put that into — that that can be put into the policy.
It’s just to really clear up any confusion, not just for staff, but for the community so that people don’t waste their time, because they might come in, they might create an Org and do all that stuff to apply for this space, saying, well, your policy said I could get a /24 because I’m an ISP.
Okay. And then Section 9 states an organization must be using at least a /22 within the ARIN region prior to acquiring space for out-of-region Use.
So, some of the observations and suggestions from staff, to address the observed lack of clarity regarding the in region use, staff suggests that the community may wish to explicitly write into the requirement into these policies to ensure understanding of out-of-region IPv4 address use.
Maybe what words are there is what the intent is. Staff doesn’t think so, and we don’t really let anybody outside the ARIN region just get a /24 for the asking. So, we would very much appreciate clarification on that.
And then also suggested policy clarification. So, the suggested policy clarification from ARIN staff is: All organizations in the ARIN region not holding direct allocations of IPv4 addresses automatically qualify for an initial allocation of a /24, which must be used within the ARIN region.
Okay. Those were the two easy ones, kind of easy to understand what’s going on with that and why staff is asking for some clarity. This last item is a little bit of some information on how the inter-RIR transfer policies are working. And I’ll just jump right into it.
So, the question is: Are they working as intended? Are the inter-RIR transfers working the way that the community and the policies that were developed are intended?
So inter-RIR transfers were created to support efficient IPv4 resource movement between regions. Over time, regional policies have influenced how and where transfers occur. Current data shows very uneven transfer activity between the RIRs.
If the community feels these outcomes may not reflect the intended policy goals, further review of inter-RIR transfer data may help clarify whether adjustments are needed, and we want to review transfer trends to and from all RIRs to maybe help clarify the picture.
So, here’s some numbers that were put together by staff. You can see from ARIN to RIPE, 126,326 /24s over the last four and a half years. Out from ARIN to RIPE, in from RIPE to ARIN, 38,176 /24s. You can see ARIN to APNIC, APNIC to ARIN, it’s 10,000 out, 9,000 in. And ARIN to LACNIC, pretty much 226 out to LACNIC and 357 in for ARIN.
So, we see a very big discrepancy between ARIN and one of the other RIRs. So, staff observations are, so there’s a large broker or facilitator that has transferred 1700 /24s for the purpose of network operational needs into the RIPE NCC region. But staff has observed that the majority of those are currently being leased out. And they were leased very quickly after the transfer was approved and completed.
Well, there’s a variation in regional policy frameworks because that would not be allowed in the ARIN region under the policies in the ARIN regions.
So, the different policies affecting the treatment of leasing or third-party use is very different in the regions. And there is some thought that that maybe accounts for the imbalance of the in and out of IP addresses between at least RIPE and ARIN.
So other possible variances are in the validation reporting and the transfer approval process. As we know, all the RIRs have different transfer approval processes have different policies that they use for those transfers.
One of the things is ARIN has a needs-based ruling for a recipient. And RIPE really didn’t have, but then they put one in place that — here we go. So, here’s the needs-based — here’s the comparison of the policies.
So, in ARIN, we require plan for 50-percent utilization within two years for operational networks or connected customers. LACNIC pretty much requires the same. And APNIC requires that they must demonstrate a detailed plan to use the transferred resources within 24 months. And RIPE is, they require a plan for 50-percent usage utilization within five years.
Policy stance on leasing. In the ARIN region, leases do not qualify as efficient utilization. So, you can’t say — my mouth is so dry. Give me one minute, please. I can do that. Thank you.
Okay. That’s better. All right. So for leasing, you can’t use it — so you can’t — if you’re the recipient and you’ve got a lot of IPv4 address space, you can’t say, well, I’m leasing it all out to a bunch of customers so it’s in use. No, ARIN will not recognize that as efficient utilization, and you won’t qualify to transfer in more space.
You also can’t use it as the reason, the needs for transferring, being a transfer recipient. You can’t say, I’ve got 256 customers lined up, they want to lease a /24 from me, therefore, I want to buy a /16 and transfer it into my account. Neither one of those would be approved; it doesn’t happen.
In LACNIC, leasing is effectively prohibited. And in APNIC, LIRs must only delegate addresses to customers who will be using those addresses in relation to network connectivity services. So basically, they don’t allow for leasing either. But RIPE has very permissive policies, including a temporary transfer policy explicitly intended to facilitate leasing.
So, the key consequences of this on transfers; transfers must be compatible and reciprocal with ARIN’s needs-based policy. So that’s the question. Are all those other four RIRs, are their needs-based policies actually reciprocal and compatible to the ARIN region policies?
That’s the key question. I don’t have an opinion one way or the other. ARIN doesn’t have an opinion one way or the other. It’s the community’s policy. We’re giving the information to the community to evaluate and say, yeah, maybe that’s not the way we want it to work, or yeah, that’s exactly — that’s perfect.
There’s different ways it can be fixed. We can change policies in ARIN. We can do — there’s a lot of different ways to change it if that’s what the community wants. If the community doesn’t want that, then that’s fine.
We felt the obligation that we had to share this information with the community so they understood it, especially, since there’s been some articles that has highlighted the fact that RIPE is a preferred RIR for transfers because of fees which I won’t talk to and we don’t talk to in policy, and really the main reason we feel is the policy is not really the fees.
We wanted to bring that out, share this with the community to offset and balance the articles you may have read recently.
So, questions for the community: Does current inter-RIR transfer activity and volume align with the community’s intended policy outcomes?
Is ARIN interpreting reciprocal compatible needs-based policies correctly?
If not, would additional policy alignment or guidance help to improve the consistency across regions?
Are there areas where further community clarification or input is needed to ensure expectations are clear and applied uniformly?
So, with that, are there any questions or comments?
Hollis Kara: That was a whole lot of information. So, let’s go ahead and queue up at the microphones. I believe we actually have one virtual attendee who got a question in early, so let’s start over there.
Beverly Hicks: I actually have a couple, but I’ll start with one.
Tim Liu, thanks for your presentation. “When reviewing NRPM 4.10 requests, do we only consider the organization’s existing IPv6 addresses registered in ARIN? Or, in practice, IPv6 addresses obtained from other RIRs might also be used with the ARIN region depending on their policy, together with the requested IPv4 addresses for IPv6 transition.”
John Sweeting: So, if they can show — and I think Lisa is in here; she’ll correct me if I say something wrong — but if they can show that they actually have IPv6 from a different RIR but they’re using portions of that in the ARIN region and they’re going to use that IPv4 only, /24 only in the ARIN region for the transition, then they would most likely be approved.
But they have to have an ARIN account for us to issue that to them.
Hollis Kara: Okay. I’m going to take a question from over on this side.
Alison Wood: Alison Wood, State of Oregon. I’m also on the ARIN Advisory Council and the chair of the Policy Experience Report Working Group. Thank you very much, Mr. Sweeting. That was amazing. We have a lot of good things to work on.
As far as 4.10 space goes, if a customer undergoes a Section 12 audit, fails that audit, is there anything prohibiting them from coming back and requesting more 4.10 space and trying to get back into that 4.10 kind of —
John Sweeting: No, as I said, if they go through the Section 12 and they’re found not in policy and they say, well, we’re going to get in policy within 60 days, 90 days, even six months, we’ll say, fine, we’ll give you the time. We’ll flag them. We’ll give them the time to get back within policy.
However, if they don’t, we will reclaim it, put it back in the pool. Nothing prevents them from coming in when they can meet policy and get more space.
Alison Wood: Got it. Okay, thank you very much.
John Sweeting: It’s all based on policy at the time they do the request or when we get notified that they’re using it against policy.
And we get a lot of notifications from people out there all over the world that say, hey, so and so has a /24 of your 4.10 space, and they’re leasing it; I know because I’m the one leasing it from them.
Alison Wood: Absolutely, I’ve seen that as well. Thank you.
Hollis Kara: You want to take another one from the floor or go back to virtual? Your choice.
John Sweeting: Virtual.
Hollis Kara: Okay, let’s go back to our online attendees. Bev next question.
Beverly Hicks: Kate Gerry, NetActuate. “Regarding the 4.10 space, I agree that space should be pulled if people are outside of the policy, for example, removal of IPv6 space. I also believe that they should only get IPv4 space if they also have a direct allocation of IPv6 space.
I believe that 4.10 space should stay in region and do not believe that the restriction should apply to Wait List space.”
John Sweeting: Awesome, thank you, Kate. And that’s why we’re asking, if that’s — policy working group chair there, Policy Experience Working Group chair, take some good input. Thank you, Kate.
Hollis Kara: Pick your poison.
Mike Burns: Mike Burns, IPTrading. Hi, John.
John Sweeting: Hi, Mike.
Mike Burns: I want to point out, that slide, something is a little unusual. When there’s an inbound transfer into RIPE from anywhere but ARIN, they don’t do any needs tests whatsoever.
John Sweeting: Right.
Mike Burns: It’s only because ARIN’s language requires that reciprocal, that word. So, they don’t do needs tests, only for ARIN addresses.
But the point of the transfer of addresses between registries and registry shopping, and the issues you raised, they all seem to orbit around a certain idea. And that’s the idea of leasing.
The problem is that this community hasn’t recognized that as the Internet has evolved, leasing has a valid role. We can tell that by the vast number of people who lease. There’s plenty of reasons to lease for business cases, nefarious and non-nefarious, just economic reasons.
And I think it’s time for the community to realize that we wanted justification to show addresses were in use. But somehow, that’s become connected to have to be in use by your network. And I don’t really see that that’s that important.
If the addresses are in use and you can demonstrate somebody is using them, what does it really matter whether there’s a physical or virtual circuit back to the registrant?
So, I think if this community would revisit ARIN’s leasing policies, a lot of this registry shopping stuff would disappear.
John Sweeting: Thank you, Mike. And that’s why I said it can be — there’s a lot of different ways to resolve this discrepancy between, the inter-RIR transfers between RIPE and ARIN.
Lee, I think you’re next. And I just want to thank you for that, Mike. And, yeah, you’ve got the point of what we’re talking about.
Lee Howard: Lee Howard, unaffiliated. Your statistics about inter-RIR transfers included a lot of stuff from ARIN to the RIPE NCC. Did that include the legacy resources?
John Sweeting: Yes.
Lee Howard: Okay, because RIPE doesn’t recognize those as transfers. They maintain —
John Sweeting: These are our in and out from RIPE. And just one thing on the legacy, that’s another — we didn’t cover that in things. But even space that we have already come under an agreement and are no longer considered legacy by ARIN based on the date of issue, RIPE will put the legacy sticker back on it.
Lee Howard: Interesting. That goes to my next question, a related question, which is, with the update to the RSA, which for newcomers is the standard contract with people who receive numbers, with the updates to the RSA allowing legacy resources, making it easier for people with legacy resources, do you think that will change?
I guess from your answer right now, the answer is no because RIPE will still let them go back to being legacy even if they’re no longer legacy here?
John Sweeting: To clarify, on a market transfer, an 8.3 or 8.4, because the date changes with the issue at ARIN — ARIN’s the only region where that happens — it’s no longer legacy, and nobody can change that back to being legacy because there’s no date. The date is now, you know, 2025 or whatever.
It’s with the 8.2 transfers, we don’t change the date because it’s a legal successor that bought it, so you show the same date that was initially issued.
And that’s what keeps it identified as legacy in the ARIN region, but only for purposes of a clause or two in the RSA. There’s no other special — they have to do all the policies, they’re not exempt from policies. They go to RIPE, they get reclassified as legacy. There’s no policy for them.
Lee Howard: And then a comment about the, a sort of meta-comment about the format of the presentation, this is great. This was incredibly dense material. I would really love to see some time in between each topic for us to do a little more discussion, because I forgot all the points you made about the 4.10.
It’s great, a fantastic presentation. I’ve got to go back and reread the slides and do more conversation.
John Sweeting: Good input. So, I should take questions after each section?
Lee Howard: I think. Yes, please.
Hollis Kara: Real quick before we go back to the floor. I will note we have one more online. And we will be closing the queues here in just a moment. If you have other questions for John, go ahead and get typing or approach the microphones.
Beverly Hicks: Tim Liu, Zero Distance Internet. “I have another question. If an address block is used for Anycast, announced simultaneously in multiple regions, including both within and outside the ARIN region, should this address block be considered as being used within the ARIN region?”
John Sweeting: If it is announced in the ARIN region, it is considered announced in the ARIN region. Yes.
Hollis Kara: All right.
Beverly Hicks: You want the other one online?
Hollis Kara: Let’s go back to the floor, then we’ll come back.
Kevin Blumberg: Kevin Blumberg, The Wire.
I have two — we’ll go Section 4.10 and then the inter RIR.
With Section 4.10, it was our soft landing. We were the only region to do it. Other regions had different policies, mostly crash-into-wall policies. We had a soft landing, specifically about IPv6.
Ultimately, this is for in-region use — the IPv6 should be from in-region. The whole point of IPv6 is you’ve got large blocks for the regions. The way they’re separated out really should be about that.
I think there’s work that can be done to clean it up, from a staff perspective, because that’s one of the areas there. I think you’re doing the right thing in terms of being very careful and methodical with this. This is our last little bit for people.
The only point I would make is there was a question you had in regards to, if people have IPv4 in region, they shouldn’t get the space. Whether you’re new or old, the whole point of this was to give you a leg up on deploying of IPv6.
John Sweeting: If I said that, I didn’t mean that, because — if they have a /16 and they only show they’re using a 24 of it, then we’re going to deny it and say use the space you already have.
If they show usage that meets the requirements of that, they can get this — and we don’t even count this against Wait List or transfers or anything else. It’s strictly its own.
Kevin Blumberg: Perfect, I wanted to clarify on that.
In regards to the RIR transfers, there’s a couple points. One, fees absolutely play a key issue to this. There’s nothing you can do about it. But ultimately, water flows in the easiest direction. And if it’s much cheaper in a region to go from many different Orgs to one Org, and that’s not cumulative, it’s just one fee, it’s going to be easier over there. That may have some part to it.
John Sweeting: Real quick, and John may want to jump up, I don’t know, but we have looked at all that. And, like, 80 percent of our customers have cheaper fees than RIPE.
Kevin Blumberg: Understood.
John Sweeting: So it’s not a big —
Kevin Blumberg: In the large transfer, like you sort of used as an example, that would be a significant —
John Sweeting: We know that was specifically to get around the leasing.
Kevin Blumberg: Right.
The real question for me with all of this is what you put up there is, is this still a compatible needs-based policy? Is there a compatible needs-based policy? And if it’s being abused, I don’t think the community can answer that question. I think it’s really for the Board to say, to look into this situation. Maybe report to the community, seek feedback from the community. I don’t think the community can really do that.
But the way you’ve described it is, no, we do not have a compatible needs-based policy anymore. And that’s concerning. So, we, I think, have to address this.
That, I think, is the biggest issue that you’ve brought up today, and I appreciate it. And I’m not sure how we are going to operate under it. I know that we’re the only region that has it. We have it for a very good reason. We spend a lot of time saying, no, this is really important to us.
If it’s not the case, then we actually have to do something, and possibly pause transfers until this issue is resolved. Thank you.
John Sweeting: Thank you. So, Board was listening? Okay.
Hollis Kara: Let’s take one more from the floor and then we’ll go back to virtual.
Amy Potter: Amy Potter, AWS. I do not believe that inter-RIR transfers are currently occurring in a way that aligns with the intent of the policy language in Section 8.4.
John Sweeting: Thank you, Amy.
Hollis Kara: Awesome, actually can we go virtual? We have one waiting for a minute. Go ahead, Bev.
Beverly Hicks: Robert Hoppenfeld, Up In Two, LLC. “While leasing your addresses is a valid business case, why should ARIN give away these addresses for others to profit off of if not to have any direct benefit? Why not have some number of ARIN addresses that would have been given out to the market for people to lease and have the profits pay for ARIN operations? Just handing out addresses for others to lease would restrict people who want to start their own networks.”
John Sweeting: That’s a big can of worms.
John, do you want to — let me get — so, what the insinuation there is that ARIN get a big pool of IPv4 addresses and it’s then giving them out for transition IPv6 or whatever — we lease them out to people rather than directly allocate them. Is that what we’re saying.
Beverly Hicks: Do you need me to reread it?
John Sweeting: That’s what it sounded like.
John Curran: That was the remote comment, John. So, to date, ARIN issues number resources to parties that need them for your use to build networks. We’ve never seen a policy proposal from the community for ARIN to lease address space instead, and that would be a pretty significant change to our practices. If indeed that’s what people want, you would need to be exceedingly clear.
In general, if you think about the history of the registry system and how ARIN’s evolved, it’s been about making addresses available. And we’re able to do that with a small maintenance fee. We don’t consider that a lease. We consider that just maintaining the operations.
A change to that would be very significant. So, I don’t think we need to change. I will note that ARIN is remarkably financially stable. And in fact, even with discrepancies in fees among the regions, we don’t have a problem. We have a very high, very consistent user base.
So, I did hear the idea that ARIN would actually itself be a lessor of address space. And if that’s something the community wants, you need to discuss it at length and understand and propose very clearly why that would be.
With respect to the 4.10 space and with respect to inter-RIR transfers and compatible needs-based policy, I did ask John specifically to present what’s happening with transfers to other regions here to get the community feedback as to whether or not we currently have a situation where the expectations of the community and their policy are being met with inter-RIR transfers or not.
Based on the feedback, it may be that we need to clarify the policy. Based on the feedback, it may be that the policy’s fine, but, no, we don’t have alignment in how the policy is implemented and how it’s being used in other regions.
It’s very much the case that I needed John to present that, you folks to talk about that and provide feedback. If a policy is fine but it turns out that we don’t have compatible needs-based policy, then that’s something people need to talk about and we’ll take action. We’ll identify that and note that there’s no longer a compatible needs-based policy. But doing that is first, presenting the data, getting you folks to think about it and talk about it. So, thank you.
John Sweeting: Thanks, John.
Hollis Kara: All right. Come on up.
Oksana Denesiuk: Thank you, John, so much for the insightful presentation. Oksana Denesiuk, I’m an ARIN Fellow.
I wanted to ask about RIR transfers and specifically if there are any guardrails with regards to leases and transfer policies among all RIRs. And if not, if there is any discussion in terms of how it’s going to be regulated moving forward, if there’s any intent for that.
John Sweeting: So, the guardrails are supposed to be at the very beginning where the compatible reciprocal compatible policy would be that, in any other region, that they’re ensuring that they’re using it for their network or connected customers to be compatible with the ARIN policies.
I do understand that they sometimes get a story about how they’re going to use it. And the stance, at RIPE anyway, is that once the transfer is complete, those resources fall under their policies, and they don’t have any policy against leasing.
So, if the person — if the people change their mind and use it for leasing, it’s fine.
Oksana Denesiuk: Thank you.
John Sweeting: That’s one of the things, I’ll probably have a discussion with John, who will have a discussion with the Board, on the compatibility of the policies and stuff. Thank you.
And thank you for being a Fellow first timer here and coming up and asking a very good question.
(Applause.)
Mike Burns: John, I snuck up. Mike Burns, IPTrading. I just wanted to make a quick comment.
When our inter-regional policy was crafted, we did not require identical needs-based policies in the receiving registry.
We specifically used the word “compatible.” And I think that was an acknowledgment that we are not the policymakers for other regions.
If other regions, you know, have a different idea of what a justifiable need is, I think we recognize that by using the word “compatible” and not “exact” or “matching.” That’s something for the Board to listen to also.
John Sweeting: Thank you, Mike. We can always count on you to come up to actually have the other side of the story, which is it’s, like I said, there’s two sides to this story. There’s a couple of different ways to resolve this. There’s policy, there’s Board, there’s a whole lot of things.
As John said, he asked me to present all this stuff so we could hear from the community. We weren’t sure the community understood everything that was going on with inter-RIR transfers.
Hollis Kara: We have time for one last question.
Abdelkrim Mekkaoui: I’m Abdelkrim Mekkaoui from MEKTEL.
John Sweeting: Another Fellow.
Abdelkrim Mekkaoui: Thanks, John, for the presentation. I just want to make sure that I didn’t miss anything. What are the benefits of ARIN to transfer resources to other regions? Why an organization in other regions are in need of these resources? And in one of your slides, you mentioned some numbers, and they say resources from ARIN to other regions are way larger than what we get from them.
John Sweeting: It’s pretty balanced with two of the three RIRs that we do inter-RIR with. It’s really, one — it’s really RIPE that is really imbalanced. It’s 126 to, like, 35 or — 126,000 to 35,000. All the rest of them are within — you know, very close to each other. I can go back to the numbers.
So, there’s the numbers. 126,000 from ARIN to RIPE. 38,000 from RIPE. By far, RIPE and ARIN are the biggest users of the inter-RIR. But then you see ARIN to APNIC, APNIC to ARIN. It’s you know 1700 difference, not 100,000 different or, yeah, 100,000 different. And RIPE to LACNIC is very close, too.
I will say — I do want to point out there was a really large transfer from LACNIC to ARIN that would have skewed these numbers. It was like 26,000 /24s. But it was kind of what we call an 8.4 — it was a move between subsidiaries of the same company. So, it just really threw off the numbers.
But the true inter-RIR transfer numbers are there, which I guess from LACNIC to ARIN, they’ve sent 131 more to us than we’ve sent to them. But it’s very low volume there. So those are the numbers.
The reason for the transfer policy, I think I had it — were created to support efficient IPv4 resource movement between regions. And one of the things — so, you’re a Fellow, so you may not — you’re a first-timer here?
Abdelkrim Mekkaoui: Yes.
John Sweeting: So, one of the things, ARIN had a huge legacy pool of addresses, of IPv4. So, ARIN had 1.6 billion addresses, of which, like, 800 million of those were legacy. So, the thing that was the fairness was to allow some of that space to be divvied up around the globe. So that’s really the inter-RIR transfer and why it came about. And, plus, a lot of work by the facilitators to get that policy through the development process.
Abdelkrim Mekkaoui: Thank you.
Hollis Kara: I hate to pull the plug on a good conversation, but I’d love it if we could save the rest of the discussion for the end of the day. You want to take these last two?
Mike Burns: One quick sentence.
Hollis Kara: Okay, one quick sentence.
Mike Burns: Another reason for flight of addresses to RIPE. I have heard from legacy holders to segway after what you said, and they are considering moving to RIPE because of what they feel are threats to their legacy status. Now, there have been movements, for example, in APNIC to kind of bring legacy status into RSA status.
And some legacy holders feel that with the POC update and things going on in ARIN policy community, that protecting their legacy status is an incentive for them to move, specifically to RIPE, which they feel, as you said, is more loose with the policy. So that’s another driving —
John Sweeting: So, by protecting their legacy status, you mean —
Mike Burns: They want to go to RIPE.
John Sweeting: You mean not wanting to help participate in helping the community develop the system and everything?
Mike Burns: That’s right.
John Sweeting: Because there’s nothing — I mean, ARIN, absolutely, I can say right now, there is absolutely no intent of ARIN to go take anybody’s legacy space away from them. We want data accuracy, so we do want them to update their records. And they can do that as legacy. And that’s really our main focus is data accuracy.
Mike Burns: I’m just reflecting what I’ve heard as a motivating factor, you know? It’s not just the fees; it’s not just the leasing policy. It’s the actual legacy policy.
John Sweeting: And I do hear that. Because they’re told that legacy has a much higher value on the transfer market, they want to protect their legacy status too. That’s a rumor that I hear from a lot of people. Go ahead, Kevin.
Hollis Kara: Kevin promises me he’ll be quick. Let’s see if we can do one sentence.
Kevin Blumberg: Kevin Blumberg, The Wire.
Just very quickly, please give us a very specific use-case example asking us a very specific set of questions. You can’t just say, hey, the community, we believe this is a problem; we’re not really going to dive into a specific use case. But we want you to then pontificate on it — big word.
Please, if you believe that there’s an issue, you can give us an exact question to answer and let us do that. But I’m very concerned that we’re getting some hearsay and some other stuff. Please give us specificity.
John Sweeting: Got it. And we’ll do it through the Policy Experience and Working Group — with our chair sitting right there taking this all in.
Hollis Kara: Okay, with that, are you done?
John Sweeting: I’m done.
(Applause.)
Hollis Kara: See you later, John. All right. I would like to welcome James Mitchell with the ICANN and IANA update. I’d like to thank him for his patience waiting in queue while we finished up that lively conversation. Do we have James ready to bring up on screen? All right. Go for it.
ICANN and IANA Update
James Mitchell: Thank you. And hello, everyone. Apologies for being remote. I was asked to call in sort of last minute when our presenter, Joe, sort of became unavailable.
I’m in LA. It’s sort of just after 8:00 here. I missed my school drop-off. I apologize in advance. If there is an interruption from children, but as you know. I’ll try to keep to the time and we’ll go through.
As I said, my name’s James Mitchell. I’m the Director of Technical Services at IANA. I’ve been with the company now for coming up five years. Yeah, I wanted to talk to you what’s happening with IANA over the sort of next year or so.
But before I do, just wanted to give some context into the topics of what’s coming up. We are now in our first year of our five-year strategic plan that aligns with the ICANN’s five-year strategic plan.
In putting together this plan, it’s sort of centered around these three pillars. IANA really is a service organization. Operational excellence is sort of paramount.
But as you’ve come to see, and through some of the topics, innovation, also a lack of movement, I guess, on sort of the IANA services and systems has been, I think has been holding us back and is definitely a key area, as well as that of community engagement, looking at how we can sort of broaden our reach into sort of the various Internet communities, especially as, sort of, the older generation, the ones that grew up understanding IANA sort of begin to retire or move on.
There’s more there if you just want to Google the IANA 2030 Strategy. You might have to throw the word “ICANN” in there. We start talking about some of the KPIs and things that underpin these.
So, yeah, as I said, as a service organization, we operate primarily through Policy Development Processes. Coming up this year, we’re looking at ICANN’s New gTLD Program, the next round of gTLDs. And specifically, coming up, we will be looking at how we — standardizing how we delegate these temporary delegations.
It’s a slight deviation from sort of the past procedure that sort of began in 2012, also called the 2012 Round, where we expect the delegations to be, or these new domains to be delegated in the DNS for a short period of controlled interruption, to make sure there’s no adverse effects of delegating these top-level domains. And then they’ll be revoked or pulled from the DNS before contracting.
So, that’s a slight change. For those that might remember, it’s sort of similar to what we did for the TS IDNs quite some time ago. We’re sort of streamlining that policy there. And some factors are governing that are around how we — the procedures around the sort of growth of the Root Zone.
So, we’re looking at how we report on that coming out of the ccTLD space and also tying back to the gTLDs. We’ll be looking at IDNs and specifically variant domains.
So, their domains we are — they’re sort of considered — I’m going to probably not quite get this right, but confusingly similar. In this case, we might be talking about, you know, a simplified Chinese name and a traditional Chinese name, delegating sort of both of those, and sort of really preventing the possible confusion if they were to be, by the, one, not delegated; or, two, delegated to a third party or someone else. There’s potentially going to be some work around that in both the ccTLD space and the gTLD space.
And then also, I think, for some time there’s been a bit of discussion around IANA’s role in RPKI. From my understanding, this is an area I haven’t been particularly involved in that much to date, but my understanding is we’ll be looking to sign ROAs for potential non-globally routable addresses.
I think this is still in the early days.
But I apologize if I’ve made a mistake here, but I think that’s going to be something that will obviously be developed in conjunction with this community and the broader RIRs.
So, we’re looking at a modernization of the website, as you can see here. It sort of hasn’t changed in many years. That’s sort of wrapped around these sort of three pillars that aligns also with our governance structure, domain names, sort of the numbering and protocols through the IETF.
What we’re looking at doing here is switching this to sort of a registry-first view, sort of taking people — not requiring users to understand how we’re governed in order to find how they — to find the registries they need.
And in this we’re looking at improved responsiveness, specifically via mobile, but also for our global audience, using CDNs and whatnot, to make — push our content towards the edge, closer towards the users, to have that better experience.
And more relevant to this community here, as part of this sort of registries approach, our current architecture has been limiting in our ability to, I think, sort of pull together different registries.
Right now we have the IPv6 Assignment Registry, move up global, unicast registry, special reserved addresses. And there’s sort of no clear relationship between those once you sort of narrow down to one space.
So, I think we’re looking at, maybe not in the first iteration, but we’re definitely aiming towards being able to sort of pull these related registries together and sort of present them in a way that makes sense based on their content.
And through that, obviously then it makes sense to promote how one might apply for an assignment or a registration. Obviously in the IP space, obviously directing them towards the RIRs. But talking about sort of port numbers, there’s an expert processing workflow. So, providing sort of contextual information at the right time in order to drive users through to the right next step.
So, one area that sort of, I’ll call it, is probably lacking to date, is we’ve been publishing all of our registry data primarily on CSV, but also there’s sort of an XML file representation. That was sort of our internal XML file representation. And it’s been published and people use it, so it’s obviously now sort of a public-committed sort of API.
We just recently began publishing all our registries in JSON. It’s not quite ready for public yet. We’ve sort of just announced this to the IETF.
But if you go to beta.IANA.org, you should be able to find all the registry data there in JSON. We sort of expect to roll that out probably early next year, once we shake out any concerns from the community.
Another area of publication is, though irrelevant to this community, is the RDAP.ARPA is not published in the RDAP bootstrap at this point in time. IANA does run the .NET registry. There is — we do have the RDAP service available for that. But obviously ARPA is a little bit more special, with the sunsetting of Whois, we would like to provide a comparable sort of lookup service for ARPA.
If someone queried home.ARPA and wanted to know what that was and that interface or that mechanism was through RDAP, we would like to provide an answer to that.
Obviously, you know, all the reverse names are under in-addr.arpa, so we had some conversations with the relevant technical teams at the RIRs in order to redirect those.
One area that we’re looking to change here is to also look at publishing those sort of suffixes like 1.in-addr.arpa in the RDAP bootstrap file, which will be a little bit of a change. There’s currently only today top-level domains in there.
So, we’ll take that to the community before doing, making that change. But regardless, the service would redirect to the RIR.
And last on our sort of updates is around DNSSEC. And just a quick sort of background on that. DNSSEC is ultimately the mechanism for cryptographically verifying responses from the DNS, matching them up to what was intended to be provided, not transported the data itself. IANA is the Root Zone — manager of the Root Zone. We run, operate the key signing key, which is the trust anchor for the DNSSEC.
And we maintain that through public transparent processes where we interact and sign the next sort of quarter’s worth of signatures or produce the next quarter’s worth of signatures during these public key ceremonies.
Obviously, as a trust anchor, it’s important that all validating resolvers have that trust anchor in place and configured.
DNSSEC was sort of introduced 2010 with the first rollover effectively taking effect in 2018.
Following that, we set out a three-year intensive regular three-year rollover. It was delayed during COVID and other factors.
But we’ve begun the next one. We’re part way through our sort of pre-publication period. And over the next sort of six or — probably not the next six months — but beginning in the next year, we’ll start to see a lot more communications from ICANN and IANA, just advising people to make sure that they have updated their systems to trust the new key.
The rollover is scheduled for the 11th of October. That is a Sunday. Our intention is to — it’s a little bit behind that — but sort of how it all works is these actions take effect effectively on the 11th day of the quarter.
So, we hemmed and hawed about whether that was an appropriate day, whether we should look to change it. But for us, we want to sort of establish that regular cadence. So, we’re not expecting any issues. But it’s something to be aware of.
As I said, the trust anchor is available.
We published an XML file. That’s one mechanism by which people may obtain it. We’re really here talking about really towards the software vendors.
Resolver operators, most likely, will be receiving this new key through software updates or a mechanism known as RFC 5011, which is an in-band mechanism for updating the key.
I think, as we get towards the next six months, we’ll start to see more communications, and hopefully people should be able to confirm that they’re ready to go.
And on that, following the next — following the rollover in 2016, we’ll be generating the new keys for the subsequent rollover.
At this point in time, we’re looking at an algorithm rollover, so changing from RSA to ECDSA. And we’ll put a public comment out for that sort of February of next year. And that’s it for me.
Hollis Kara: Thank you, James. Does anybody have any questions for James before we let him hop offline and get about his day? Now is the time to start typing or to approach the microphone.
Anything online? Nothing online. All right. We’ll go to the floor.
Darren Kara: Darren Kara, Quad9, but speaking as myself, as a community member of ICANN that’s concerned. James, I hope you’ve been well.
Of course, I’m going to ask something that’s KSK or KSK adjacent. I’m concerned that we have two KMFs that are in the United States. Is there any initiative for a third KMF outside the United States in some other region?
James Mitchell: That’s a good question. A bit of feedback here. Sorry. Hi Darren. Good question.
I think this has come up multiple times.
Obviously having a third KSK outside of the United States, I think, is a desirable property to have. It is an expensive exercise, and I think this really does need to be driven sort of through — it’s not IANA’s decision, right, in its entirety. It needs to come through the community, and they need to recognize that the cost of doing this and sort of support that, so sort of expect that to come through the ICANN Board and through those channels there.
I think the team here definitely recognizes that, as I said, it would be a desirable property to have. But there are quite significant implications.
Darren Kara: I understand that. I think the cost of not doing it can be much more severe than the outlay of having a new KMF.
For those in the room that don’t know what a KMF is, it’s a Key Management Facility for the Root Zone. It’s where the KSK occurs, you know, East Coast/West Coast throughout the year.
So, again, I know a lot of community members in the ICANN community. I’ll probably have to engage with them more to make this more of an issue. But, again, I think the cost, possible cost of not doing it is greater than the cost of turning up a new data center and a new secure facility. So, thank you for your time, James.
James Mitchell: Thanks, Darren.
Hollis Kara: We’ve got one more question.
Kevin Blumberg: Kevin Blumberg, The Wire.
Actually, a bit of a comment. The KSK ceremony, for anybody here who has not seen it, have the fast-forward button ready. It is a multi-hour process that shows the level of transparency and care that the community and IANA and the people that are around it put into it.
It is a highly recommended thing to spend five minutes on fast-forward to watch it go through, absolutely recommended. And I thank all the members in the room who have done this in the past, because we do have a couple, for their time and dedication to this volunteer position.
Secondly, when will the RIRs be doing something similar for their key signing? And that’s for another day. But —
John Curran: See if I’m actually live here. There we go. So, we actually do do a similar ceremony with a level of rigor for the key signing that we do for our HSMs. We don’t record it and broadcast it. If that’s something that’s important, we can do so. But it’s taken very seriously, involves multiple staff in a manner that’s done in a very similar structured relationship.
Kevin Blumberg: John, if you do it, public show it, that way we will all appreciate it.
John Curran: Thank you.
Hollis Kara: Thank you. All right. Seeing no further questions. Thank you, James, for joining us at the last minute to take on this spot on the agenda. So, appreciate your time. And a round of applause for James.
(Applause.)
With that, we are actually running just a couple minutes behind, so we’re going to take a break. I’ll remind everyone, we’ll start back promptly at 11. We do our best to make sure we stay on schedule for our policy blocks. So, we want to make sure we get started back promptly at 11.
Coffee and refreshments are out in the foyer. Please do enjoy the break, and we’ll see you back shortly.
(Break)
Hollis Kara: Hello. All right. Let’s start getting folks in from the hall so we can get going on this policy talk. We’ve got work to do.
Come on, y’all. Let’s go. They’re coming. It’s about that time. Let’s get this party started. We’re going to give them just a second to get in the room, Kat. Sound good?
Thank you, everybody, online for your patience, while we get everybody in from break.
You tried? I was going to say, if you would have tried I would have heard you in here…
“Tried” (with quotation fingers).
I want you all to know anybody who was with us in Toronto, who witnessed the miracle of the water bottles on the stage, they are multiplying inside of the podium in case you’re worried. My hydration is secure.
There is a bell out there. I can hear it chiming. What we should have done is given Alastair the bell and that would have… There you go. I can hear it. It’s a polite little chime.
All right. Richard’s going to drop the doors. We need more cowbell is what I’m hearing. Always. Always.
All right, welcome back. We’re going to get rolling on our first policy block today. And to kick it off we have our Advisory Council update and On-Docket Report from Kathleen Hunter, the Chair of the Advisory Council. Come on up, Kat.
(Applause.)
Advisory Council Update and On-Docket Report
Kathleen Hunter: Thank you, Hollis. All right. Good morning, everyone. My name is Kathleen Hunter, I’m the AC chair. And this is the Advisory Council Update and On-Docket Report.
So the Advisory Council, or AC, serves in an advisory capacity to the Board of Trustees on Internet number resource policy and related matters. And adhering to the procedures in the Policy Development Process — you’ll commonly hear us just say PDP— the Advisory Council forwards consensus-based policy proposals to the Board for ratification. The current AC consists of 15 members.
This super awesome group of people, and I cannot overstate, understate that enough, are the people that are helping your policies get through the process. They dedicate a ton of time to do the best they can to get everything through the process. And I know we did a round of applause earlier, but I think the AC absolutely deserves another round of applause for the work they do.
(Applause.)
I’m the Chair of the Advisory Council, and Matthew Wilder is my Vice Chair.
The Advisory Council members are elected to three-year terms. Five seats are up for election each year, given that no one has decided they needed to leave early. AC members whose terms are ending the end of this year are: Gerry George, Brian Jones, Kendrick Knowles, Gus Reese and Alison Wood.
You can find the Advisory Council in a number of other, at another — back up — you can find the Advisory Council at a number of other RIR meetings — too many acronyms — and also at the NANOG meetings as well.
We typically send two members of the Advisory Council to each of the other RIR meetings in an observatory capacity to see how the other meetings are run and take notes on policies that are discussed. And we attend the NANOG meetings to conversate with the network operators and get input from them as well. You’ll usually see most of the AC at our October meetings since our meetings are typically back to back.
On top of all that work, you can also find us doing a number of other volunteering roles — the Advisory Council Working Groups, the Nomination Committee, the Grant Selection Committee and also the Fellowship Program.
So Advisory Council activities since the last meeting. So we’ve had five proposals come in since ARIN 55. This is all of them. There is a star next to one of them that represents that either a Gorking group or an Advisory Council member submitted that. We are purposely pointing that out to show that the community is really sending us the majority of the work that we see.
I believe the Working Group policy that was submitted was actually something where the Working Group was asking for input. The community said, yes, please do work on this, but could you write it for us. So that’s what the Working Group did.
So ARIN 56 Recommended Draft Policies. No policy is more important than any of the other ones, but this is probably the last time, or it could be the last time, you see these policies.
ARIN-2024-5: Rewrite of NRPM, Number Resource Policy Manual, Section 4.4 Micro-Allocation, that policy you’ve seen quite a few times before.
This is in reference to the critical infrastructure space.
And ARIN-2025-2: Clarify 8.5.1 Registration Services Agreement, this is to remove the business practices from the Number Resource Policy Manual and to handle some of the RSA language outside of the policy manual.
And for each of these, the questions will be the same: Do you support these as written? We don’t really make changes to Recommended Draft Policies once they’re in this state.
There are also five other Draft Policies that are under discussion.
ARIN-2025-1 — for those that are on PPML, you’re probably sick of seeing this one; it’s on there a lot. This is to Clarify ISP and LIR Definitions and References to Address Ambiguity in the NRPM Text. I believe LIR is used once. ISP is used pretty much everywhere else. So this was to realign the language in that text.
ARIN-2025-3: NRPM Section 9, Out of Region Use. That is to change the size from a /22 to a /24 for in-region use.
ARIN-2025-6: Fix Formula in 6.5.2.1c. The long and the short of that, the problem — or the formula in that is incorrect and needs to be corrected. So this is an attempt to either get the right formula in there or to get the language updated to better fit something in place of the formula.
ARIN-2025-7: Make Policy in 6.5.8.2 Match the Examples. That one is kind of how it sounds. There are examples that need to be realigned. For those that don’t know, Section 6 is IPv6 policy.
ARIN-2025-8: Reserve 4.10 Space for In-Region Use. 4.10 space is the IPv6 facilitation space. That is to sort of hard-line state that that space should be used in region. ARIN staff’s already doing that, but the Policy Manual doesn’t specifically say that’s how that should be used.
So some policy statistics: Luckily next year that really, really tall bar is going to go away. Then you’ll see that the amount of policy we get every year is generally the same. The last couple of years, we’ve done a pretty good job of using the lunchroom table topics and the NRPM Working Group to go through some of the language, push a policy as far as we can. And if it’s just policy that the community doesn’t want, that moves to abandonment.
So we really only have one policy left over from last year, and everything else is from this year.
So Advisory Council Working Groups. Number Resource Policy Manual Working Group, I specified in the spring that that was reinstated but with a different charter. So that group is now used for brainstorming and collaboration for policy that just seems to be giving us a problem.
We found that the lunchtime discussions were working very well here. So we sort of created a mini version of that while we are working monthly on policy to try to get the language the best we can before it gets reposted to PPML.
The policy shepherds are still responsible for their own policy, but this does help them work through some of the language, because you can get stuck and get writer’s block a little bit.
The chair for that policy is Brian Jones.
Also Lily and Kaitlyn are members of the NRPM Working Group. And Matthew Wilder and Eddie Diego are always on those meetings in an advisory capacity.
We also have the Policy Experience Report Working Group. I love that the Policy Experience Report happens before I say what this group does because they will take that and they will evaluate it, try to come up with some policy ideas, post on PPML, see if anyone wants to work on policy, see if PPML wants them to work on policy, and take it from there.
Alison Wood is the chair of that Working Group. Doug and Liz and Chris Woodfield are also part of the Working Group. And Matthew Wilder and Eddie Diego are there in an advisory capacity.
And we have a new Working Group. Like, we didn’t have enough working groups to start with. ARIN 55, there was sort of a loud call to us in a hallway conversation, open mic and pretty much everywhere else, that the community wanted some better potential ways to work with the Advisory Council on policy.
So that group has been tasked with looking into things. And Discord is not something that we’re using right away. But look at things like Discord, social media, training avenues, an email address maybe for new policy authors that are having issues writing policy, instead of “just go find an AC member.” That doesn’t always work for everybody. It’s a way for everyone to engage with the AC in a better way.
Doug Camin is the chair of that Working Group. Alicia and Lily are also members. And Matthew Wilder, Eddie Diego and Ashley Perks from the Communications team is also helping out with this as well. Because if we’re coming up with new training, maybe that could be part of the package for the training that goes out on ARIN Online. They’re also looking to send out a survey in November and December, so look out for that.
Working Group proposals. We changed the slide just a little bit. It used to just list all of the Working Group proposals, and it kind of looked like all of them were getting worked on at the same time. That is definitely not the case. Anything that’s crossed out on there has been abandoned as a policy. Anything that is highlighted in bold has been sent to the Board for adoption.
Really the only two policies that have come from a Working Group all year are still being worked , but they’re brand new. So sort of expected.
Join a lunchtime table topic. There will be a table topic on the Policy Engagement Working Group. Lily and Alicia will be covering that.
Out-of-Region Use, Liz and Brian Jones will be covering the Out-of-Region Use. Section 6, IPv6 Request Formula, Bill Herrin and Alison Wood will be covering that table.
And just a general statement before I get to my last fun slide: Don’t be afraid to come up to the microphones. That’s what we’re here for. I probably know better than most people how scary it can be to go up to a microphone for the first time. I remember going up and turning beet red and I’m not really sure what came out of my mouth after that.
It takes a little while to get used to coming up to the microphone. But we’ve all been there once, and we really would like your input on discussions when we get to that point.
Now my fun slide. I told him I was going to post this because this was one of the socials we were at. We were at the Science Center, and Eddie, for those that don’t know, is our Policy Analyst.
So if we are going through and working on policy — hey, Eddie, when do we send an email for this? Hey, Eddie how does the Policy Development Policy work at this point? The Chair and Vice Chair definitely use Eddie a lot.
The AC, we go to him for — the AC go to Eddie for all sorts of help. So, Eddie, giant, giant thank you for running the hamster wheel behind us and making sure that we do what we’re supposed to do.
(Applause.)
And that is it for me. Questions or comments?
Hollis Kara: All right, if anybody has any questions or comments for Kat before we get into policy, please approach the microphone or start typing.
Chris Woodfield: Chris Woodfield, Woodfield Network Consultants. The spike in policy proposals in 2019, if memory serves, that came as a result of the instantiation and the commissioning of the Working Groups.
Kathleen Hunter: Yes.
Chris Woodfield: And there was a wide, wide range of policy proposals that came from those Working Groups. I’m curious — I’m trying to remember what the stat was for 2018 which would have been the year before —
Kathleen Hunter: It dropped off — Eddie might still have that somewhere. I believe it was even larger than that bar by quite a bit. I believe there was a backlog of Policy Experience Report stuff that had sort of gotten stuck.
Chris Woodfield: Okay, thank you.
Douglas Camin: Doug Camin, CCSI, also ARIN AC and the new Policy Engagement Working Group chair. Really excited and thanks for the shout-out. Great presentation, Kat. Thank you, as usual.
Wanted to share with the community, we do have the table topic today. It’s a new workgroup. We’re really focused on trying to figure out the ways that we want to hear from the community about engagement.
So engagement has changed over time. We hear things about how you engage, what you don’t like to engage. We hear these in hallway conversations, but we’re trying to formulate it into something more formal, something that we can action upon and something that really helps all of you as members of the community get your feedback and have it heard and incorporated into the policy.
So we’d love to see you at the table topic.
And there was that survey that Kat mentioned coming out. When we get that, too, we’d love to hear your feedback there and through other sources. So, thank you.
Kevin Blumberg: Kevin Blumberg, The Wire.
And this is me speaking completely personally, not as a member of the NRO NC, but having served on the NRO NC now for a number of years and watched a different type of policymaking, policy decision processes going through.
One very useful piece of information is you have spent a great deal of time working on the style guide for how policies are done, how the text should look, et cetera, and that’s wonderful.
But many of the policies today don’t fit into the style guide, but are just as important. This is something that we noticed with the work that was being done with ICP-2, which is implicit versus explicit.
So you brought up the policy prop-340, and I took a look at it. And it’s, like, this policy is saying something that is explicitly mentioned, and it doesn’t need to be explicitly mentioned because it’s implicitly implied; therefore, we’ll now remove it out, so that it’s implicit and not explicit.
And there’s this juggling with many of the policies that have been going on. Well, we don’t need to say that it’s implicit. Oh, but now it’s not implicit, there are people who are questioning it. So we need to — I think that’s something that we need to work on as a community because the NRPM juggles between that. And from a style-guide point of view, we need to figure this out as a community and through the help of, when do we do something implicitly, when is it explicit and why. Thank you.
Kathleen Hunter: Thanks.
Hollis Kara: We’ll come back to the other side real quick.
Adair Thaxton: Adair Thaxton, Internet2, previous ARIN Fellow. I was wondering if any of the Working Group discussions are open to the ARIN community to sit in and listen in on, and if you have thought about taking community volunteers as kind of as volunteers?
Kathleen Hunter: We haven’t and we can discuss it. Most of the Working Group work has been with the AC, which is why we do the table topics at the meeting so that we can loop everybody in when we kind of worked the data a little bit better by the time it gets here. But, yeah, we can consider that.
Adair Thaxton: Thank you.
Hollis Kara: Wonderful. We have one last question on this.
Samuel Benzaquen-Gasparro: Samuel Benzaquen, a current Fellow for ARIN and from Securitech Systems. Very grateful to be here. And it’s more a comment than a question.
I’m amazed to see how communication and the debate on the Internet is very alive. Grateful to see everyone there and that ARIN exists to have these, let’s say, very structured approach to making sure the Internet we like is not disappearing.
Notably, I’ve seen the proposition on Out-of-Region Use. There’s a lot of interesting propositions also on the table. So very grateful to be here and thanks to everyone here as well to fight for the Internet.
Hollis Kara: Thank you very much. Seeing no questions online, I think we’re done. Thank you, Kat.
(Applause.)
All right. Now we head into the thick of the business. Chris Woodfield, come on down. We’re going to talk about Recommended Draft Policy 2024-5. This is the Rewrite of Policy Manual Section 4.4 for Micro-Allocation.
Policy Block 1
Recommended Draft Policy 2024-5: Rewrite of Policy Manual Section 4.4 for Micro-Allocation
Chris Woodfield: Hi, I’m Chris Woodfield, ARIN AC. I’ll be talking to you about the 2024-5 Micro-Allocation policy.
As you might tell from the number, this is a policy that’s been bouncing around and slowly taking form over the course of, you know, about a year and a half now, which isn’t all that unusable for policies, but in this case just happens to be the oldest one still in our docket.
So I am the primary shepherd. Bill Herrin, wherever you are, is my co-shepherd on this. Here is the problem statement that was presented to the ARIN AC by a community member. This is the current text of it, which last was revised in July 2025.
Generally, we leave problem statements unmodified when we get proposals in from the community. The AC is not in — does not want to be in the business of changing the intent of incoming policies. We generally keep the problem statement unmodified and then we work on the policy text to best address the policy statement as intended.
And here is a very long block of text. I will not read it out loud. But just to be clear, this replaces the current 4.4 section. This is a complete rewrite of that section. First thing you’ll notice is that we’ve renamed the section. Currently the NRPM refers to it as Micro-Allocations. And this comes back from a time when ARIN was not issuing /24s to organizations. I believe the minimum allocation size was a /21 or a /20.
So this was a smaller allocation normal for these specific purposes. Now, /24s are a standard allocation size. So micro is not so micro anymore.
So we preserved the original requirements for nameserver operators for top-level DNS operators, which is one of the two main operators that qualify for CII space, critical Internet infrastructure. The second being IXPs, where is where most of the development work for this policy came in. And it didn’t so much change the technical requirements for qualifying for CII space as an IXP, but it did raise the documentation bar.
The prior language did not have specific requirements for the information ARIN must have from the intended participating IXPs. There’s a specific mention of physical infrastructure versus, I believe, the original text just said infrastructure or didn’t address that bit at all. So it must be — an IXP must be an L2 switch of some sort, not a virtual setup anywhere.
The one crucial change is that current policy did not address and left ambiguous, whether or not an IXP operator could route their CII space as a public, on the public Internet. Most IXPs do not want that space advertised. But there are IXPs with use cases that would require that. Specifically for numbering other resources that might be needed for the operation of the IXP, like a looking glass or a member portal or similar.
So we have language in there now that explicitly allows IXPs to number, to route their IXP block, their CII block they’ve received for running their IXP.
Some language about what justifies and the request and the request mechanisms, but also codifies the ability to request a larger resource should an IXP outgrow their original /24, and also making explicit the practice of issue and replace — sorry, replace and return.
So IXPs, in particular, need a contiguous block, whatever their size is. If an IXP that has a /24 now needs a /23, they will get a contiguous /23 and then a year to renumber and give back the /24 they had previously.
So just a little bit of history on this. As noted, it was originally proposed in April 2024. I will add some color around this, was that the original impetus of this policy was to address the point of IXP block routability that came up in the Policy Experience Report Working Group in the October 2023 meeting. Just an example of how what we say on stage and what ARIN staff gives us, gives us to work with, results in policy. And this time not from the AC, from a member of the community, who saw the same Policy Experience Report that we all saw here in the room.
Here is the AC Statements of Conformance, which states the clarifications and the conformance with ARIN Policy Development Process principles, and goes into a summary of what’s going to be changed here and why.
Here is our Staff and Legal Review, which currently has no objections to this and specifies Staff and Legal’s understanding of what this policy change is. Apologies again for the wall of text you’re going to see a lot in these.
On to the next. And Staff and Legal Review continued. Staff understanding. And mainly a lot of this aligns with ARIN’s current business practices.
You’ll see that as a theme in many policy proposals where ARIN staff is currently doing this in a way because the current text is ambiguous but then comes to the community and says, we would like some explicit instructions here. On the AC we have the PEWG and NRPM Working Group to field those questions.
And here is the last bit of our Staff and Legal Review. Noting a minimal amount of time and effort to review and process Section 4.4 if the blocks are routable.
No other material issues. Implementing timeframes. Generally three months is what we put here. If it is entirely a process change and does not require any change to infrastructure like Whois or other systems, ARIN systems.
There’s a lot of digital paper burned through the discussion of this policy over the past year and a half. I have picked out some — a very small example of many of the comments on this.
One of the things that came out in the discussion was there’s an open question of, if we are allowing IXPs to route this space, do we want to explicitly enumerate what purposes IXPs are allowed to use that space for, what types of resources, applications are in line and which ones aren’t.
The community consensus did not feel that that was a good idea to enumerate specific uses. So that will be left up to ARIN staff discretion. With some obvious green/red lines, a monitoring site for IXP participants, a BGP looking glass, absolutely. Running a Web hosting business on the side, not so much.
There were some comments about the definitions of CII, which appeared to be arbitrary. Which is a reasonable critique. One comment about the first sentence, and this is a phrase that was inherited from the original section, which is: ARIN will allocate a /15. That is text unchanged from the current text. But the concern was that, is that going to imply that ARIN is going to allocate a new /15 when this policy is implemented? We don’t believe so, but the concern was raised.
There was also some comments about the need for more clarity around the examples of which DNS providers qualify for CII space.
A little bit about the policy impact of this. The documentation is clarified, and organizations requesting space have clear information on whether or not they will qualify and what documentation they need to bring in order to qualify for this space, which I hope will make ARIN staff’s job a little bit easier. Again, it resolves the ambiguous routability question, and then codifies the return — renumbering and return procedure for getting a larger block as an IXP.
All right. And as this is a Recommended Draft Policy, our first and sole question for the community is: Do you support this policy as written?
Hollis Kara: Okay. So before we get to that question, I’d like to open the microphones for discussion. And I’d like to invite Nancy up to help moderate. So if you are online, please start typing. If you have a question or a comment on this policy, before we get to the poll, and similarly approach the microphones in the room.
I do see we have one question online. So let’s begin there.
Beverly Hicks: Andrew Dul, 8 Continents Network. “I support the updated draft. It addresses many of the issues and ambiguities that exist in the current section which has not been updated in many years. Thank you.”
Hollis Kara: All right. Nancy, pick a microphone.
Nancy Carter: Microphone over here.
Darren Kara: Darren Kara, Quad9, again. As a global DNS resolver, I looked at this policy this year, looking for more space and realized that under the current language I did not qualify under 4.4, and we used another mechanism to get our space.
I do agree with the comment that it’s far too restrictive under what qualifies as DNS.
The second thing I have, having some history with it, I think that saying “ICANN-authorized root servers” is incorrect. They do not authorize the root servers at this time. Maybe “recognized” or “confirmed” by the IANA would be more appropriate, but I think “authorized” is incorrect. Thank you.
Hollis Kara: Thank you. All right. We’ll go to the other side of the room.
Adair Thaxton: Adair Thaxton, Internet2, ARIN 53 Fellow. This isn’t a question that’s directly related to the policy. It’s more a procedural question about how the policy gets done.
I was in an earlier discussion with a new Fellow and a Board member about why older, retired sections of the NRPM are still included and noted as retired. The Board member explained that this allows for historical tracking changes. When a section of NRPM is completely rewritten like this, how is the previous version preserved for the historical record?
Chris Woodfield: May I answer?
Hollis Kara: Please go ahead.
Chris Woodfield: The answer is that there’s a GitLab for changes to the NRPM that track each change as a separate commit. So anybody can look at the various versions of the NRPM at any point in time and see specific changes to policy just like this.
Adair Thaxton: I’ve summoned him.
Hollis Kara: Yes, you have summoned John Curran.
John Curran: Absolutely correct. In addition, the reason not to renumber is not so much tracking of change, but for references. The day that we renumber, 8.2, 8.3 and 8.4 get different numbers, and all of us end up being confused for the next five years.
So we maintain the sectioning just because we know the numbers and we don’t want to change them. But we do have a GitLab to track it all.
Adair Thaxton: That’s what the Board member explained about renumbering. Thank you.
Rob Seastrom: Just really briefly, several meetings ago — and I tried really quickly to find which one and failed — I did a presentation at ARIN with a quick tutorial on how to claw through GitLab and spelunk through and find 15-year-old NRPM entries, like what was this like in 2005. I encourage you to go spelunking in ARIN archives to find that video. Thank you.
Adair Thaxton: Thank you.
Hollis Kara: Go ahead, Kevin.
Kevin Blumberg: Kevin Blumberg. Toronto Internet Exchange. Do I support the policy as written? No. Do I support the intent of the policy? Yes.
Ground-up rewrites require a significant level of rigor that has not been applied here. And I will give you some examples.
The word “public” Internet exchange or exchange point — it’s not called an “Internet exchange point.” It’s called an “exchange point” in the text. “Public” has been removed. That is a massive fundamental expectation change to this policy.
It’s not in the red line, it’s not actually called out. It’s not there. That is a fundamental change that needs to be addressed.
The good. This policy clarifies that space that’s used by an exchange point operator can be routed. That solves one issue. But what this policy doesn’t then deal with is the fact that every exchange point operator needs two /24s, not one — not one /23 that it’s separating out, but two non-contiguous mostly, or two separate blocks of space, one for their peering fabric and one for.
This policy, once it is done, will never be touched again. The appetite of the community to make any changes to this policy will be next to impossible for the next 10 years.
So, I operate an NTP Stratum 1 public time service. Many people consider that critical to the operation of the Internet. Not in there. DNS operators are in there, but not in there, but sort of in there.
We need to get this right once. Yes, it’s been many years. Yes, some small changes would be wonderful. But if we’re going to completely rewrite this, it has to be done properly.
And I think the community needs to look at what are we trying to do before we write the text because we’ve gotten so focused on the text, we’ve actually missed what we’re trying to do in critical infrastructure. Thank you.
Nancy Carter: Thank you, Kevin. Lee.
Lee Howard: Lee Howard, unaffiliated.
Having seen 25 or 27 years of changes to the micro-allocation policy, I’m not sure I agree with Kevin that we’ll never touch it again. We’ve touched this section a lot of times.
That said, I remember a question from — I think it was the last ARIN meeting, might have been before that — asking why some TLDs are different than others in terms of criticality. I don’t remember the response to that. I think that was a “we need to go back and talk about it.” Do you remember?
Chris Woodfield: What I remember from that meeting was that the text at the time did have changes to that qualification, like, who would qualify, who wouldn’t. And I think the intent of the modifications from the community at the time were that a TLD operator that was not internal only would qualify for space.
So not just ccTLDs or the original com.org TLDs, but you know the .txt or .biz would qualify.
That was a modification that went in and then subsequent community feedback expressed that was not preferred over time after further discussion. So that language was reverted to actually exactly the same language that’s in the current 4.4 section.
Lee Howard: So gTLDs are eligible but don’t get addresses from the reserve pool, but ccTLDs do.
Chris Woodfield: Correct.
Lee Howard: Okay. What I would like to suggest, based on partly what I’m hearing now and partly the age of the policy, I think I would like to suggest that the AC, especially in particular the members who have been shepherding this proposal have a workshop, and invite critical infrastructure operators to say, hey, are we missing use cases? Are we missing things that we need there? And make sure we’re actually getting, because there aren’t maybe enough of the exact right people in the room to represent all of the potential corner cases and use cases that I’m hearing Kevin and others discussing.
Chris Woodfield: Okay, thank you.
Hollis Kara: All right. Seeing no other folks in the queue or questions online, I think, Nancy, we are ready for the question.
Nancy Carter: Great. Do you support the policy as written? Please raise your hand, raise it high, and leave it up a while, while the counters have an opportunity to count from the back.
Hollis Kara: Yes. And for our online folks, you will see that that poll has popped up on your screen, so please take a moment and answer. Our counters are counting.
Are we done with the fors? Can I get a thumbs up from somebody in the back. We’re done with the fors. We’re ready for the do not support?
Nancy Carter: Is there another slide?
Hollis Kara: Yeah, so that’s the reverse of the question. We need to know who doesn’t support the policy.
Nancy Carter: Put your hand up if you don’t support this policy as written. I think you can put your hands down now. I’ll just wait for —
Hollis Kara: Okay, take a moment while we get the tally together from the room and online. All right. We’re almost there. Hang tight, guys. The tabulation machine is tabulating. Can I get boop-boop noises?
Excellent. We tried to automate the process, and it’s slower.
While we’re waiting, I do want to point something out. Everybody mentioned GitHub as being a place that you can go to look for previous versions and all of that, and that’s greatif that’s where you like to play.
You can also go to the policy section of the website. When you go to look at the Number Resource Policy Manual, in the navigation, you’ll see a link to the GitHub, but also to something called the Changelog, which is the old-fashioned way of doing that, and we meticulously maintain that. So feel free to go there to look for previous versions as well. I will stop talking because I see we have a count.
Erin Alligood: Excellent. Thanks, Hollis.
All right. So for Recommended Draft Policy ARIN-2024-5: Rewrite of NRPM Section 4.4 Micro-Allocation, participants in the room, 102; remote, 89 — show of hands for “for” is 21, and against is 26.
Hollis Kara: Thank you, Erin.
Nancy Carter: Thanks for your feedback. We’ll go back to the Advisory Council for their consideration. Thank you.
Chris Woodfield: Quick correction. It’s GitLab not GitHub.
Hollis Kara: Sorry, Git-something.
Chris Woodfield: Right. (Applause.)
Hollis Kara: Thank you, everyone. Thank you, Nancy. Thank you, Chris. Okay, we did it.
Next up, Gus Reese, where are you at? There he is. Come on up, Gus. We’ve got Recommended Draft Policy 2025-2: Clarify 8.5.1 Registration Services Agreement. He’s walking slow, so I had to actually read the whole thing. Geez, thanks Gus. Come on.
Recommended Draft Policy 2025-2: Clarify 8.5.1 Registration Services Agreement
Gus Reese: So my policy is Recommended Draft Policy ARIN-2025-2: Clarify 8.5.1 Registration Services Agreement. And my co-shepherd is Kendrick Knowles. He’s somewhere in the room. Of course, I can’t see him. Sorry.
So the problem statement was that the current policy mandates that entities receiving transferred resources sign a new RSA unless they have an RSA on file no older than the last two versions.
However, defining the RSA versioning requirements within the NRPM does not align with the Policy Development Process guidelines as determining which Registration Services Agreement version is considered a current business — I’m sorry — determining which RSA version is considered current is a business decision rather than a policy matter there.
So the changes. We are going to remove the statement within the last two versions from 8.5.1 to state: The receiving entity must sign an RSA covering all resources to be transferred unless that entity has a current RSA on file per ARIN business practices.
And the history, this came to the Advisory Council as a proposal in February of this year. We adopted it as a Draft Policy. And then after an ARIN presentation at ARIN 55 and a Staff and Legal Review, it was changed to a Recommended Draft Policy in July of this year.
And here’s the Statement of Conformance. I’ll let you read through that. Basically it is fair, impartial and technically sound, and has received community support from both the feedback in the room at ARIN 55 as well as the PPML.
And the Staff and Legal Review, basically removing — I’m sorry — current transfer policy of 8.5.1 defines the current RSA to be within the last two versions. ARIN business practices for determination of what constitutes current under any given business conditions are constrained by the Number Resource Policy text.
The current wording of the policy is overly specific and requires that ARIN either utilize in the same definition elsewhere or have inconsistent practices across different business functions there.
This is kind of a timely Draft Policy, I’m sorry, Recommended Draft Policy, as a new version of the Registration Services Agreement went live last month.
Again, is it implementable as written? Yes.
No impact on ARIN registration operation services. Legal review, no material legal issues.
On to the community feedback. The feedback from the Public Policy Mailing List, or the PPML, was overall in favor of this proposed policy change. One of the comments was this change seems reasonable, letting this be a business decision seems okay.
And Policy Impact, what does this mean? This policy, if adopted, will allow ARIN the flexibility needed for effective operations by returning that decision to ARIN on what the current version of the RSA regarding transfers under 8.5 in the Number Resource Policy Manual there.
The only question I have for the community is: Do you support this policy as written?
Hollis Kara: All right. It’s about that time. Come on up, Nancy. Questions and comments from the community. Please approach the microphone or start typing if you’re joining us online. We’ll get these questions in and comments before we move to the poll.
Looks like Adair. Go ahead.
Adair Thaxton: It’s always Adair. Adair Thaxton, Internet2 and ARIN 53 Fellow. So because I represent Internet2, we have a lot of colleges and universities that have a lot of legacy space. So the current policy mandates that entities receiving transferred resources sign a new RSA. Is there a similar requirement for entities that are transferring address space?
John Curran: In order to transfer address space, you have to sign an RSA in the process of doing so. It’s just required because it sets conditions between us before we provide you the transfer service.
Nancy Carter: Thank you, John. Kevin.
Kevin Blumberg: Kevin Blumberg, The Wire.
I support the policy. But I do have a question, because this has come up a number of times, which is, enforcement of the NRPM as a policy document versus the RSA as a legal contract.
The NRPM is a policy direction for staff, for everybody else. But ultimately I have signed an RSA. The RSA says certain things about when it needs to be reopted. It’s auto nature, things like that. It’s a legal document.
Is this one of the situations where it is sort of moot? Ultimately the organization can deal with terms in their legal documents outside of the NRPM because this is sort of a no-op, as in we’re removing it because we want to give flexibility, but the reality is there should have been a no-op in the first place because what this is doing is directing on legal matters, legal documents, where we’ve said we can’t do that in the NRPM, just like billing fees can’t be in the NRPM.
So to me this is — I do support this — this is really a no-op. It’s important for the community to understand, unless I’m misunderstanding the difference between legal and policy, which I would love some clarification on for future policies also that come down the pipe.
John Curran: Hi. So when it said “within two versions,” that’s a particular requirement. It’s not one that belongs in policy. But it reflected the community intent. And, so, if you wanted to have something that clear, you would have had to put it in policy and not left it.
Now that it’s more general, and it’s been generalized to “have an agreement,” yeah, that’s almost safely implied, and you could go all the way and strike it altogether. Baby steps. There’s nothing to say you have to go there in one fell swoop.
Hollis Kara: All right, do we have any questions online? No, nothing online. Seeing nothing further in the room. Nancy, you want to —
Nancy Carter: Call the question. Do you support this policy as written? If yes, please put up your hand. Raise it high and keep it up for a while, while the counters do their work. You’re good. I can’t see a thing, so you’ll have to let me know.
If you don’t support this policy as written, now is the time to raise your hand. Raise it high and keep it held high so we can count.
Looks like we’re good. If you have your hand up, I can’t tell if you do, you can put it down now. Thanks.
Hollis Kara: We’ll give our tabulators just a moment to tabulate.
(Whistling.)
Be careful, you might get my YouTube stream yanked. Don’t do that. Oh, don’t do that. They’re really picky about music copyright, if you hadn’t noticed.
Adair Thaxton: Nobody whistle “Happy Birthday.”
Hollis Kara: Yeah, that’s okay. “Happy Birthday” is public domain. But just to be safe, everybody be (whispering) very, very quiet. Here’s the tally.
Erin Alligood: Erin Alligood, ARIN’s Chief Human Resources Officer. On Recommended Draft Policy ARIN-2025-2: Clarify 8.5.1 Registration Services Agreement, participants in the room, a total of 102; remote, 89. Show of hands for was 63; against, 1.
Nancy Carter: Great, thanks, Erin. Thanks for your feedback. We’ll go back to the Advisory Council for their consideration. Thanks.
Hollis Kara: Excellent. Thank you, Nancy and Gus.
(Applause.)
All right. And that concludes our Recommended Drafts. So any further questions put to the community will just be informational and not decisional. A big thanks to Nancy for getting through those first two Recommended Draft Policies as Chair.
Let’s give her a round of applause. (Applause.)
All right. Next up, Leif, Leif Sawyer with Draft Policy 2025-1. It’s got a long title. He’s here, I’m not going to read it.
Draft Policy ARIN-2025-1: Clarify ISP and LIR Definitions and References to Address Ambiguity in NRPM Text
Leif Sawyer: Good morning, everybody. For those of you that were here for NANOG, you’re probably wondering why I’m dressed so normally today, that’s because I had to give you a break after all the wild outfits. If you missed it, tune in tomorrow.
Anyway, this is Draft Policy ARIN-2025-1: Clarify ISP and LIR Definitions and References to Address Ambiguity in Number Resource Policy Manual Text.
I’m Leif Sawyer. And Elizabeth Goodson is my co-shepherd for this.
So what this policy attempts to do, this Draft Policy, is attempt to clarify the use of LIR in Section 6 against the use of ISP within the rest of the NRPM.
When we adopted Section 6, which was a global policy, LIR was the predominant use around the world. But in the ARIN region, we use ISP.
So, we attempted to do something about that, which was to add LIR and ISP together within the documentation. You saw that at the last ARIN meeting.
Feedback from the community was, too many acronyms tied together; let’s just settle on one.
So we went back to the drawing board and decided to change everything to ISP. What that meant was we needed to add in additional definitions here, correct the definition for LIR, and go through, adjust everything to say just ISP; fix 6.5.1 here so that the LIR and ISP consistency text is removed.
And again, as I’m saying here, changing everything to ISP. And there’s a lot of changing LIR to ISP through the entire policy block.
So this did start back in January. As I said, we’ve taken it to ARIN. We’ve gone through PPML. And we’re bringing it here. This is the second presentation.
So the impact of this and changing from LIR to ISP means we’re impacting Sections 2 and 6, the definitions and just the Section 6 clarifications. 22 instances of LIR will be corrected to ISP. This aligns with existing business practices and all the educational and internal and external materials.
One of the notes that was brought up was changing everything within the NRPM to LIR. And so that’s referenced here. That impacts more sections, two more sections, adding 3 and 4; 58 instances of ISP would need to be changed to LIR. It requires additional training.
All of the material updates, and talking with staff, there may be a requirement to submit a parallel ACSP to align the internal business practices with the new business policy. We can get clarification from John here. I’m sure he’ll be happy to figure that out.
As I mentioned earlier, community feedback has gone both ways on this. There’s the split between PPML depending on when they saw the text, which way to go.
Internally, the IP request flow does use the combined LIR/ISP as the equivalence term. It’s the only place currently that we see this. So we would have to align that as well.
We do note here Section 6 does include the header that LIR and ISP is used as an equivalent term in the document, as opposed to the section, as Section 6 was its own stand-alone document at adoption.
So I’ve got a quick definition comparison, what the definition of LIR and ISP is, whether it’s on the IP request workflow, or the 2025.1 definition within the Number Resource Policy Manual, and the current definition as it exists in this Draft Policy. I can leave that up there for a second, if you’d like to look at that.
So I do have some questions for you. And mostly it comes down to, do you support continued work on this policy? Whether that as currently written to migrate everything to the term “ISP” or should we look at moving it toward “LIR”? Should we try to effect different definitions to help with that clarity, or are there other minor changes that people are interested in?
Nancy, this is where I bring you up on stage to open up the microphones.
Hollis Kara: Come on up, Nancy.
Nancy Carter: All right, the microphones are open over here.
Roman Tatarnikov: Roman Tatarnikov with IntLos. Yes, I remember the conversation on PPML very well. There were a lot of emails. I wanted to write my response. A lot of more emails showed up, so I haven’t written anything. So I’m taking the microphone right now instead.
I do believe it’s best to switch everything to LIR, mostly because LIR encompasses ISPs but ISPs do not necessarily cover everything that LIR covers.
And what I remember was the most common concern on PPML is that people who already know NRPM so well, they’re so used to ISP terminology that it’s going to confuse everyone.
I think while I agree that it’s important to make sure that no one in the community is confused, I think it’s best to align terminology not just with the legacy ways we call the LIRs ISPs but actually align it with the rest of the world and make sure that we use the proper terminology.
That’s why I think it’s best to switch everything to LIR and maybe in the definition make a small note that previously, in previous versions, it was commonly called ISPs. This is kind of clarification for legacy definitions. That’s about it. Thank you.
Leif Sawyer: Great. Thanks, Roman.
Nancy Carter: On my left.
Eric Landgraf: Eric Landgraf, Virginia Tech, and also an ARIN 56 Fellow. I think it is valuable to add the definition of ISP explicitly separate from LIR, but the current text of the NRPM should probably be kept the same because of the changes to business practice of switching entirely to LIR, which would be more consistent with other RIRs.
Leif Sawyer: Okay. Great. Thank you.
Nancy Carter: Again on the left. Thank you.
Chris Rapier: Chris Rapier, Pittsburgh Supercomputing Center, ARIN Fellow 56. Question about the proposed text that it’s going to. You have a sentence here, “LIRs are generally Internet Service Providers whose customers are primarily end users and possibly other ISPs.”
If we have that definition in there and then turn all of the mentions of LIR into ISP, are we excluding any class of organization from being part of the number process?
Leif Sawyer: That’s a good question. Anytime you start to explicitly list things, it’s very easy to miss corner cases; so, yeah.
Chris Rapier: Thank you.
Nancy Carter: Over on my right.
Douglas Camin: Doug Camin, CCSI.
Actually, I authored this policy based on some of the feedback that we had received when I was shepherding Policy 2022-12.
So the original writing of this — I appreciate you, Leif, your lengthy kind of walkthrough of how we’ve cycled through some of this stuff. The background here was that there’s, in Section 6 — we adopted that as a policy — mentioned it once before. It’s a document, it applies to this document. That was because of the adoption of all Section 6 as a whole across all the RIRs across the globe.
We wanted to fix that. We asked the community at the time, what should we do to fix that? A simple fix would be to say “document section.” And the immediate community feedback was: Don’t do it; if you’re going to fix it, fix it right.
And we took that feedback. So I drafted this policy and submitted it with the understanding of the fix-it-right kind of idea behind it. And I think previous commenter mentioned about the corner case of LIRs.
So all ISPs — at least by the definitions we have established here — all ISPs are LIRs but not all LIRs are ISPs.
So that was the intent behind the original language where it was listed as LIR/ISP to cover all the cases, cover all the corner cases that we could identify at the time, and solve the problem in its entirety through the entire document.
Of course, it’s up to the community to decide if that’s the way we really want to go. As a member of the community, I still feel that’s the strongest case. It makes the most logical sense overall, — if you’re going to fix it. Aside from going back to change the one word to say “document” to “section,” that would probably be the only other alternative that I feel would work and cover the cases.
Leif Sawyer: Thanks, Doug.
Kevin Blumberg: Kevin Blumberg, The Wire.
I got a new keyboard last week, it took me a week to get used to it and it annoyed me that entire week, but it was one week.
We need to make the changes. Once and for all, for the people that go into the NRPM all the time, it will take a week to get used to it. For somebody who has not come to the NRPM, they’ll never know the difference. So that’s a nonargument in my mind. But we need to change it to the right thing.
We are the only ones using the term ISP. ISP — if anybody here can give me a definition that encompasses everything on the Internet today and what will be, what was, what is today and what will be, with the term ISP, good luck, I’ll happily then change my mind on this.
LIR is a consistent term used globally. Unfortunately, it’s a term that nobody outside of the RIR space uses, which is my annoyance with it, but at the same time it is the right term to use. I believe that it is better to do a search and replace on anytime the word ISP is used. If you want to have a definition that talks about history, that’s secondary to this. There should be consistency among it.
Don’t interchange it. Don’t have half here, half there. I realize ISP is used more. But the right term is LIR.
We need to just make the change, be done with it, and over. Thank you.
Hollis Kara: Real quick, we do have one question online.
Beverly Hicks: Yes. Harry Crowder from Empirical Networks, Ltd. “Is there a case for where an LIR would include entities that are not ISP? If the global usage term is LIR, having a common definition in ARIN member group would be more effective in communication with other RIR groups. That being true, using LIR exclusively would be a better choice. Thank you.”
Leif Sawyer: Thank you.
Lee Howard: Lee Howard, unaffiliated. When Kevin said it’s inarguable, I decided I had to argue. Because I think that LIR is a term that is impenetrable to people who aren’t already inside the community. It’s a barrier — as a jargon term, it’s a barrier to understanding how the processes work.
And it is possible to train, but it’s another step to getting people to understand what the policies say. I’m not confident — maybe the AC has done the work to say, is every instance of — if you just did a global search and replace, does every instance of the three-letter acronym ISP mean LIR, or are there cases where you go, oh, wait, no, those are actually used in different ways throughout the entire policy manual, and are there other ways to make sure that we’re doing the right things?
My guess, my supposition, is that we use ISP largely for historical reasons because it used to be that ISPs were the only organizations that delegated addresses further.
And the Internet has changed. I suppose we probably need broader policy changes to reflect that.
I know the AC has a Working Group that’s been going through and trying to update the entire policy manual, and I appreciate that. As we’ve seen those rolling through the meetings, that’s been fantastic.
I think there was one more thing I was — but actually, Kevin — I also — I don’t care what the rest of the world says. I’m worried about — I’ve been to every other RIR meeting, not every meeting, but meetings of every other RIR — I’ve participated in the policy processes. They do use the term but they’re different communities than ours. I want to make sure we’re open and available to new participants in the community.
Leif Sawyer: Thanks, Lee.
Nancy Carter: Kevin.
Kevin Blumberg: Kevin Blumberg, The Wire.
A little bit of retort to Lee, but it did bring up some new things. LIR definitions are not globally identical.
Leif Sawyer: They’re not.
Kevin Blumberg: But they’re sort of a class that you understand and, yes, each region will be different. Each region has different policies. But the overall idea of LIR in the regions is the same, but they are not identical. They’re not baked in as identical in the regions.
The issue with ISP versus LIR — LIR, we don’t know what an LIR is, therefore this is more complicated. I’m a generative AI construct company, I’m not an ISP. I don’t understand — am I an ISP, not an ISP?
As we move forward, the reality is there are many more organizations, that from a layperson’s terminology, they don’t consider themselves as an Internet service provider, they consider themselves a this or that, and I think we’ve reached the point on the Internet where it’s probably better to retire the term “Internet service provider” because there’s so many other services that are being done on the Internet that may require IP space from us legitimately, from the community, and that’s my main take on it.
Lee Howard: I generally agree that ISP is not the universal term. It’s not an all-encompassing term. Back to my point, we probably need a broader review of the policies to make sure that we’re covering the kinds of organizations that are doing sub allocations and reassignments, which includes campus networks, it includes hosting companies and various other kinds of organizations. Thanks.
Nancy Carter: Do you want to jump in? Because I have virtual questions.
John Sweeting: I want to do a quick point of clarification from ARIN staff point of view.
John Sweeting, Chief Experience Officer at ARIN.
So the reason we have all of this is because we have two sets of policies: one for end users and one for LIR/ISPs. Most people — we mostly see with our community, they use the term ISP. We don’t have a lot of people saying, “I don’t know if I’m an LIR.”
They say, “How do I know if I’m an ISP?”
And basically we ask one question: Do you have to use external customers to validate your request? Or is this all internal usage in your company?
Internal usage in your company, you’re an end user; external, you have to use external customers, then you’re under the ISP/LIR policy.
Leif Sawyer: Thanks, John.
Hollis Kara: We have online questions, if we can drain that queue.
Beverly Hicks: Okay. Alyssa Quinn, unaffiliated. “Plus one to Kevin’s comment. I remember being confused by the term LIR when I first went to my first meeting for another RIR. But it’s definitely the better term. Lots of network operators who reject the term ISP.”
I have additional questions.
Hollis Kara: Just keep going.
Beverly Hicks: Tyler O’Meary, unaffiliated. “I think the fact that LIR is unknown is the reason we should use it. ISP is used by ARIN and the NRPM does not mean the same thing as ISP when it is used in common parlance. Using a common word for an entirely different definition can be very confusing to new participants.”
And I have one more.
Hollis Kara: Go ahead.
Beverly Hicks: Okay. Bayo Olotu, ARIN 55 Fellow, unaffiliated. “The Problem Statement isn’t clear to me. The document says, since all ISPs are LIRs, but to me not all LIRs are ISPs” — that was a tongue twister — “and LIR is not used in the ARIN service region, ISP is the equivalent term. These things mean totally different items. I’m inclined to think that the terms should be defined in the glossary or similar so the ARIN definition is clear. And where the sentence refers to LIR, call it LIR, where it refers to ISP, call it ISP.”
I’m done now.
Nancy Carter: Thank you.
Douglas Camin: Doug Camin, CCSI. Taking in some of the feedback, and this reflects — to me this reflects the feedback that we’ve also seen on PPML and other places where you have two camps.
Like Kevin’s comments, I wholeheartedly agree, LIR is the term. I also think that there’s a number of very valid arguments that say why ISP as a term, I’ll call it a term of art — I don’t know if that’s the right way to frame it — but coming back to a comment that I think Mr. Curran had made earlier on either a different policy or in a general sense, do we need to go all the way to one thing?
Like, if the end result is to get to LIR, I think that’s a very proper path to follow. But is there an incremental step to get part way there that involves putting both terms together and using those as the incremental step to then a future change where you go towards, is there work to do internally with staff, with the systems of ARIN, to change those over to reflect that new reality, if that’s what the community wants.
I’m just sharing that as how I hear the community feedback and what it internalizes for me as I think about that.
Nancy Carter: Thank you. Do you have what you need?
Hollis Kara: One more.
Kevin Blumberg: I’ll be quick. Kevin Blumberg, The Wire. We got in trouble years ago when I was on the Advisory Council for defining other people’s terms. We defined some entities that was in there, and we realized that was not a good idea to define other terms.
ISP is not necessarily a defined term by one entity or organization. It’s more like Kleenex. You don’t call it a tissue, you call it Kleenex. In North America. But the correct term is “tissue,” not “Kleenex.” “Kleenex” is a trademarked term.
ISP to me has been usurped and used in so many different ways. LIR is our term. It’s something that within the RIR ecosystem we can work with.
But ISP now means so many things. While back in the day it may have been our term, ARIN is very old in that respect. It may have been our term. But it isn’t our term anymore. I think we just need to recognize that.
Leif Sawyer: Thank you, Kevin.
Nancy Carter: Thank you, Kevin.
All right. So do you support continued work on Draft Policy ARIN 2025-1? Please raise your hand.
Hollis Kara: We’re doing an informal poll.
This is a draft, and the question has been posed to the participants. So if I can get my tabulators tabulating, or counters counting. I guess you’re not in tabulation mode yet. Whatever. You knew what I meant.
We’re good. Do you want to ask the opposite question, Leif?
Nancy Carter: Do you not support continued work on Draft Policy ARIN 2025-1? Please put up your hand. Keep it raised so that it can be counted.
While we wait for Erin, I wanted to respond to Kevin. So, Kevin, having worked at White Swan back in the day, I can tell you I was never allowed to call it a Kleenex, ever.
(Laughter.)
Hollis Kara: All right. Quick moment to tabulate. We’ll get this count out, and then next up we’ll be going out on break. So sit tight, folks.
Erin Alligood: Erin Alligood, ARIN’s Chief Human Resources Officer. To the question to the community: Do you support continued work on Draft Policy ARIN-2025-1: Clarify ISP and LIR Definitions and References to Address Ambiguity in NRPM Text, the total participants in the room, 102, remote, 83. And then votes, for yes, combined, were 46 for yes. For no were three.
Nancy Carter: Thanks so much for your feedback. That will go to the Advisory Council and Leif will —
Leif Sawyer: Thank you, all.
Nancy Carter: Thank you.
Hollis Kara: Thank you, Leif and Nancy. (Applause.)
All right. We made it through the first policy block. Everybody give themselves a round of applause.
(Applause.)
Well done. You earned your lunch break. So folks that are here with us, please step out in the hall, around the corner, back where we had breakfast in Monument D. Don’t forget, we have table topics. Join one if you’re interested in discussing it with the AC members who are there facilitating those conversations.
If you are a virtual attendee, feel free to leave the Zoom open through lunch if you like, and we will be back at 1:30 Central.
If you need any help, our Virtual Help Desk will be open during this time. We will see you at 1:30. Thank you, everyone.
(Lunch break taken at 12:18.)
Hollis Kara: All right. We’re waiting for folks to kind of wander back in. We’re going to give them just a moment. We’re going to go ahead and start? Okay. In just a few moments we’re going to drop the doors. If you snooze, you lose.
We’re going to keep this show on the road. Oh yeah, I’ve got to wait for him to come back, because he’s got to talk. Whoops. Let’s go back to this one.
All right. I hope everybody enjoyed their break, folks here had a chance to step outside and get a little bit of sunshine. It’s a lovely day, if a little chilly.
And if you were at home, I hope you got to do the same and that the weather was equally nice, I guess. Sure, let’s go with that.
All right. Welcome back. Here he comes.
I’d like to welcome John Sweeting, our Chief Experience Officer, to walk through the introduction for the 2025 ARIN Elections.
2025 ARIN Elections
John Sweeting: I think I’m good. All right. So John’s not here, so we’re going to start anyway. So John Sweeting, Chief Experience Officer, with ARIN, for another 48 hours, 36 hours.
All right. Countdown begins.
All right. And I said this already. So voting opens today at 3:00 PM Eastern. So very soon, like in the next half hour. Voting will close next Friday, the 7th of November, at 7:00 PM. For Statements of Support and candidate bios, you can go to www.arin-elections.net. So six steps to get you ready for the ARIN Elections.
Get to know the candidates. You’re going to see some videos. There was a forum that was live and recorded and is available online. Join the General Members Mailing List and have discussions there. You can view and make Statements of Support for any candidate that you want to make a Statement of Support for or you can view all of them.
Watch the Virtual Candidate Forum that I just mentioned and listen to the candidates’ speeches coming up and then cast your vote.
How to cast your organization’s vote. So who can vote? Any organization must have been a general member in good standing with a Designated Voting Contact as of 15 September. So there’s a little over 1,600 General Members out of our population of 26,000 service members. Those are the organizations that are eligible to vote if they have paid all their annual invoices, and they have had a Voting Contact designated on 15 September.
A change we put in last year, no, two years ago, used to be that once that 15 September list was pulled, you could not update your Voting Contact, but then we looked at it, it was like, well, it’s the organization that has the vote. So we said okay if — we’d have people that would say, hey, our Voting Contact left but we want to vote. We want to vote. And it’d be like, we’re sorry, that’s the only person that can vote.
So we made it to where as long as you’re eligible on that 15 September date, you had all the way up to 23 October to get a valid Voting Contact in there. And we again downloaded that and ensured that that was all correct so that we have the list of Voting Contacts that are eligible to vote.
If you’re eligible to vote, after 3:00 PM today, you should log in to ARIN Online, select the Vote Now link. Cast ballots for the Board of Trustees. There’s three seats open. Advisory Council, there’s five seats open. And the NRO NC, there’s one seat open. And again, it begins today at 3:00 PM through 7:00 PM, all Eastern Time, on 7 November.
Understanding your ballot. When viewing your ballot, you’ll see your name and your vote weight. You’re going to see the organization you’re casting a ballot on behalf of and the email address that will receive the confirmation email.
So Candidate Assessment Criteria. Let me pull these words out of my pocket. These are the words for this slide. The qualified candidates meet all of the required attributes. Well-qualified candidates have additional skills recommended by the Board in this year’s Guidance Letter in financial skills or executive compensation succession planning.
The qualifications-not-confirmed candidates materials, for the Board only, did not conclusively meet all the requirements for a qualified rating.
So that’s that. So understanding your ballot a little bit more, you’re going to see the full ballot for all the elections that are going to be presented to you on the screen. You choose up to, like I said, up to three. You don’t have to choose three. You can choose one, two, or three.
I believe you can choose none. I think we enacted that. But I’m going to have to check on that.
Hollis Kara: You can submit a blank ballot.
John Sweeting: You can cast an empty ballot.
Hollis Kara: You can.
John Sweeting: That’s because of the policy that ARIN has, operational policy, that says a general member that hasn’t cast a ballot in three consecutive elections loses their general membership. So we allow the casting of an empty ballot.
So you can choose up to one, two, three, or no candidates for the Board. One through five or none for the AC, and one or none for the NRO NC and you still have cast a valid ballot.
So then you’ll get a — a page will pop up for you to review your choices. So review it very carefully. Once it’s cast, it’s cast. We’re not going to be able to pull it back and say, oh, you can get a do-over.
No, make sure that what you’re getting ready to do is exactly what you want to do. Don’t submit until you’re positive.
All right, then you will receive confirmation that your vote was received and you may print a receipt. You’ll also receive a confirmation email at the address indicated.
If for some reason you think something happened to who you actually submitted and what you get, you can actually reach out to the ARIN Elections and we can confirm that what you submitted was what you got on your confirmation or that there might have been an issue. We’ve never had that. So knock on wood for me there, Hollis. Thank you.
All right. Get to know the candidates. So we have a Voter Guide and Candidate Forum recording, available on ARIN.net/elections. The General Members Mailing List doesn’t see a whole lot of action, or I should say activity, but it’s there, and you can use it to discuss things.
Now, the candidates are on — the candidates are automatically added to the General Member Mailing List if they’re not already General Members, but they can only submit one email soliciting your vote and telling you who they are and why you should vote for them. So we monitor that very closely.
And then Statements of Support, make or view statements at arin-elections.net
For Statements of Support, there’s some people who will have hundreds. Some people will have one. It doesn’t matter. The thing that we look at, they have to be under the Terms of Service for a Statement of Support, which means they can’t just say yeah, I support John or I support Joe. It’s got to say, I support Joe for this position because Joe has this experience, that experience, whatever it is.
If it’s just, hey, I like this person, I’m supporting him, we’re going to send that rejected as a Statement of Support back to the candidate to get with the person that sent the Statement of Support on their behalf, for them to work with them to get some substantive information in there.
Okay, so here’s your list of candidates for the 2025 Board of Trustees: Christopher Holbert; Lee Howard; Hank Kilmer; James Lorimer; Robert Seastrom; and Mark Thorpe.
Hollis Kara: Pause please. Back to the slides.
John Sweeting: 2025 Advisory Council candidates: Ethan Angele; E. Marie Brierley; Matthew Cowen; Gerry George; Altie Jackson; Brian Jones; Kendrick Knowles; Mohibul Mahmud; Caleb Ogundele; Gus Reese; Preston L. Ursini; and Alison Wood.
Maybe I should just say, yeah, you can read these names.
Ahmad Enaya, Chris Grundemann, and Alyssa Quinn are your NRO NC candidates.
And then Election Headquarters is your source for all the information there on elections. The election calendar and all the process, everything, step-by-step instructions on voting are all on there. And if you have any questions, you can contact us at elections@ARIN.net or visit the ARIN Customer Service Desk here in Arlington. Or you can visit the Virtual Election Help Desk that’s on the ARIN 56 website for the times and details on that, and I think you can, if you go there, you can click right on and go right into the session and talk to Jason, who is working to do that.
Hollis Kara: Yep, he’s online right now.
John Sweeting: And I think that’s it.
Hollis Kara: That’s it. Unless anybody has a question for John about this part of the election process.
No, doesn’t look like it. I think we’re good.
John Sweeting: Here you go. Thank you. (Applause.)
Hollis Kara: All right. And I’m going to hang out over here because the next portion, we’re going to be cutting to video. Is this going to work from over here? Oh, man, I do have to move. Or no, I just need to be able to see. Dang, I need to go back to the eye doctor.
Okay, here’s how it’s going to work: In order to be fair and equitable to all of our candidates, we asked them to prerecord their candidate speeches to be shared at the election because we know that not all of our candidates are able to travel to be here with us and to meet with the community.
So what we’re going to spend the next little bit of time doing is going through all of those candidate speeches, starting off with the Board of Trustees.
Board of Trustees Candidate Speeches
Christopher Holbert
Announcer: Our first candidate for the ARIN Board of Trustees is Christopher Holbert.
Christopher Holbert: Hello, everyone. My name is Christopher Holbert. I am the CFO and for the last four years I have been elected Chairman of the Board for Denuo, Inc. Denuo is an IPv4 supply facilitator in the Internet infrastructure ecosystem.
I would first like to thank ARIN for this opportunity to participate as a nominee for the Board. And I would also like to congratulate all my fellow Board nominees. A bit about my background: I am a graduate of Bowie State University with a bachelor’s degree in business administration with a concentration in accounting.
I started my career when I was recruited to work in the New York office of Deloitte & Touche as a financial statement auditor. While working in the New York office, I passed the CPA exam and received the highest evaluation of my class and as a result was assigned to the company’s largest financial services client,the Merrill Lynch’s parent company audit.
Deloitte and Touche later paid for me to study Mandarin in China and work in their Taiwan office as part of their employee exchange program. These opportunities launched my financial and international journeys.
I subsequently worked in financial managerial roles in five publicly traded companies including: the Director of Finance for a NASDAQ-listed Internet and ERP software company; the CFO of a NASDAQ-listed mobile phone manufacturing company; the VP of finance for a NASDAQ-listed advertising company; the CEO of a New York Stock Exchange-listed manufacturing company; and the Director of Finance for an African subsidiary of a Toronto Stock Exchange-listed mining company. As part of my nonprofit/federal government financial experience, I led several government program audits and co-led the financial reporting of a U.S. government agency, namely the National Transportation Safety Board, which required adherence to strict government accounting standards.
As a current board member, I understand the challenges associated with consistently managing and striving to exceed the expectations of our various stakeholders while operating within the confines of our internal corporate governance and statutory corporate regulations.
If elected, I look forward to bringing my broad array of financial and risk management experiences to the ARIN organization. Not that I think that there is anything inherently wrong with ARIN’s finances or risk management, but I genuinely believe that any organization can benefit from a true outsider bringing in new perspectives, diverse experiences, and potentially novice solutions to old, entrenched problems.
Thank you for your time, and I look forward to meeting all of you at the next ARIN meeting.
Lee Howard
Announcer: Our next candidate for the ARIN Board of Trustees is Lee Howard.
Lee Howard: Hi. My name is Lee Howard. When you hire somebody for a role, you’re looking for the experience, the skills, and the attributes that will give you reassurance that he’ll be successful in that role.
I have experience. I have formerly been on the ARIN Board. I was Treasurer for a number of years, Vice Chair, Secretary.
I was on the NRO NC for a little while. I was even engaged with them during the working group in Internet governance.
I’ve been co-chair of the IPv6 Renumbering Working Group at the IETF and IPv6 operations at the IETF. And for a while, I was on the Internet Architecture Board, the IAB. So I’m familiar with Internet governance in general.
I’ve worked for several kinds of companies, small ISPs where it was just me and one other person, and large ISPs, UUNET and Time Warner Cable. And at Time Warner Cable, I led the deployment of IPv6 to millions of households.
I’ve worked even in corporate IT, which is a completely different kind of networking than Internet ISP networking. I’ve been a consultant.
Most recently, I retired from working for an IPv4 address broker. So I have lots of different kinds of experience, and that includes experience with finances, as I said, Treasurer of ARIN. And in succession planning, I was on the ARIN Board when we last had to find a new CEO.
There are several hot topics in our community now. The IPv4 address market, of course, is still interesting and ongoing in how it affects our ability to make sure getting scarce resources to networks that need them, but the leasing market is evolving and changing how we’re managing those addresses, and we need to stay on top of that to make sure that we’re keeping the database accurate.
ICP-2 is being renegotiated.I was on the ARIN Board when we first negotiated ICP-2. And when we then recognized LACNIC and AFRINIC, and it’s been a blessing to be able to workwith those communities.
There has been some litigiousness among the RIRs in recent years, and that’s something we need to protect against. And I think our biggest defense against litigation is making sure that or policies and even our contracts are grounded in community consensus.
If everybody has a chance to hash out and argue about what the terms ought to be, then that grounding will give us better protection against people who may disagree with how we’re doing things. And, of course, we can have government support, make sure we have good relationships with the governments in our region.
So I have experience. I also want to say how much I care about this community. In retirement, I most want to spend time volunteering and serving the communities that I care about.
I first discovered the Internet in the early ’90s, and I realized this was something really important that I wanted to spend my life working on. And I’ve been very lucky to be able to do that.
Thank you. Again, my name is Lee Howard, and I hope you vote for me.
Hank Kilmer
Announcer: Our next Board of Trustees candidate is Hank Kilmer.
Hank Kilmer: Hello, my name is Hank Kilmer, and I’m running for the Board of Trustees.
I’d like to start off by thanking the community for their trust in voting for me three years ago. It’s been a productive three years on the Board, and I would be honored to gain your vote for another three-year term.
During the past three years on the Board, I’ve been involved in the Governance Committee, overseeing the NomCom, the Finance Committee, and the Risk and Cybersecurity Committee.
One of the focuses these past few years has been getting each committee’s structure and reporting responsibilities aligned, setting clear expectations on deliverables.
This builds a structure where the Board can better align and communicate with the community, which is a big part of the responsibility of ARIN’s Board.
I would like to continue the work started on the Board and would be grateful for your vote. Thank you very much.
James Lorimer
Announcer: Our next Board of Trustees candidate is James Lorimer.
James Lorimer: Hello, ARIN community. My name is James Lorimer, and I’m honored to introduce myself as a candidate for trustee. I’m excited to engage with you and share how my experience can help guide ARIN’s future.
Currently, I serve as Chief Financial Officer at Data Communications Management, a TSX-listed, tech-enabled provider of print and digital solutions that help simplify complex marketing communications and workflow for leading Canadian organizations.
With over 30 years in financial strategy, including more than 15 years in investment banking and the past decade as a CFO, I bring a deep understanding of financial management, board oversight, and navigating change in technology-driven markets.
I’d like to acknowledge up front that I’m new to the ARIN community, but I do bring many relevant skills and a somewhat unique perspective that I hope you’ll support.
I believe my experience aligns closely with ARIN’s evolving needs, and I’d like to focus on four key themes.
Firstly, financial oversight. At DCM, I oversee more than $500 million Canadian of annual revenue. My expertise in budgeting, audit financial reporting, and risk management will help ensure ARIN’s fiscal responsibility and transparency with its US$30 million annual budget.
Secondly, strategic direction. Throughout my professional career, I’ve advised senior leadership teams and boards on how best to achieve their strategic objectives.
I’ve also helped guide organizations through digital transformation and increased IT security demands. This positions me well to help ARIN advance priorities like IPv6 adoption, cybersecurity, and member services.
Third, governance and compliance. My boardroom experience, along with my experience negotiating and executing complex transactions, equips me to support ARIN’s governance model, policy development, and ethical oversight.
Fourth, and finally, recruitment and talent. As ARIN grows, my background in executive recruitment, people management, and team building will help foster a high-performing, inclusive culture.
While I’m new to the ARIN community, I offer a fresh perspective and relevant expertise from outside the organization. I’m committed to learning from ARIN members and working collaboratively to address the challenges and opportunities ahead.
I look forward to learning from and working with all of you. Thank you for your consideration and welcoming me into the ARIN community.
Robert Seastrom
Announcer: The next candidate for the ARIN Board of Trustees is Robert Seastrom.
Robert Seastrom: I’m Rob Seastrom. I’ve served as a volunteer for ARIN for over 20 years, on the Advisory Council from 2004 to 2022 and more recently on the Board of Trustees since 2022.
Today I am humbled to stand before you to ask for your vote for another term on the Board. Over five years ago my career pivoted.
After decades working predominantly at smaller organizations designing and building infrastructure, I began working in an oversight and risk management capacity at a very large bank, contextualizing technology and business risk for senior leadership.
But outside of my day job, I remained hands-on with technology, looking after the networking and routing side of a very small colocation provider. During my first term on the ARIN Board of Trustees, I leveraged that practical experience to contribute to ARIN’s governance via service on the Risk and Cybersecurity Committee, which I chaired for two years out of my three-year term.
A few of ARIN’s recent achievements in the risk and cybersecurity arena include: SOC 2 Type 2 and PCI certifications; implementation of controls to reduce coercion risk to our staff; tabletop exercises to test our ability to respond to cyber event scenarios; detailed read-out and commentary on our Risk Register to the entire Board, as an aid in executing their fiduciary duties; and periodic reporting to the community of metrics related to our Risk Register.
We stand at a crossroads of Internet governance that is larger than ourselves. We must do our part to bring the ICP-2 revision process to its conclusion, and then follow through to set the example, to make our risk governance the gold standard that meets or exceeds the letter and intent of this evolved benchmark in every way.
Risk governance, if mishandled, stands to have far-reaching impacts that could affect the entire RIR system. If handled well, it is a force multiplier -— by ever improving our formal documentation and tracking, we improve prioritization of efforts and conservation of scarce resources.
In short, it allows ARIN to better serve its constituency. Over five years in a formal risk evaluation environment combined with my deep institutional memory and hands-on experience with both technology and ARIN’s policy, gives me a unique perspective and ability to continue to contribute to ARIN’s risk and governance future.
By the way, I left my day job earlier this month after over five and a half years, and I’m not sure what path I will choose next for my day job. But with your help, I will be able to continue to serve the ARIN community. For all these reasons, I ask for your support and your vote in the current election.
Thank you.
Mark Thorpe
Announcer: The final candidate for the Board of Trustees is Mark Thorpe.
Mark Thorpe: ARIN is the cornerstone of the Internet infrastructure, a vital steward of public resources with a profound responsibility to its member community.
Hello, members of the ARIN community. Thank you for the opportunity to share my background with you today and respectfully ask for your vote. I am Mark Thorpe, and I’m a candidate for the ARIN Board of Trustees.
I’m a C-level finance executive, a CP, and former Big Four consultant with KPMG, who has spent over 20-plus years building resilient, scalable technology and technology-related companies, such as Citrix Systems, VeloCloud Networks, and Ergo.
I see the Board’s primary role as one of diligent oversight and its duty to build and maintain financial strength, operational integrity, and strategic foresight to sustain ARIN’s mission into the future.
I offer my expertise in financial stewardship, risk management, and corporate governance in support of ARIN’s long-term success and organizational excellence, and that it remains a stable and trusted steward for this community.
My career overlaps with some of the industries that ARIN supports such as networking infrastructure.
As a VP of finance for VeloCloud Networks, a pioneer in SD land, I saw firsthand how a stable, well-managed Internet registry helps enable innovation. And as a corporate leader, I interacted with companies where the information super highway was critical to their existence. Therefore, my perspective is that of a leader who understands the role of ARIN and the operational demands placed on the organization that it serves.
I know what it takes to build a fiscally sound organization from the ground up. At VeloCloud, I have built the organization’s finance, administrative, and sales infrastructure and helped to scale the company from zero revenue to its half-a-billion dollar acquisition by VMWare.
My experience also covers the complexities associated with operating as a public company. I helped Ergo, a medtech device company, become IPO-ready, operate under the intense scrutiny of public company reporting and governance standards, and had-direct line reporting to the company’s board of directors via its audit company. That means I bring more than budget oversight to the table.
Beyond financial strategy, I’ve helped to build resilient organizations through robust risk management and strong internal controls, and I’ve been responsible for building the pre- and post-IPO accounting function and implementing the rigorous SOCs-compliant financial controls required of a public company.
My focus would be on strengthening the processes that protect ARIN’s critical assets, ensuring operational stability and reinforcing ARIN’s integrity. My role as a Board of Trustee is to bring a governance focused perspective to the boardroom and to ARIN.
I will help to advance the community’s priorities and champion the highest standards of fiscal prudence and transparent financial reporting. Further, my goal is to help support and champion ARIN’s Policy Development Process and its technical operations.
Along with fellow trustees, I’ll ensure key decisions are weighed against ARIN’s long-term financial health and work to ensure our risk management strategies are comprehensive and promote accountability.
In conclusion, I offer a distinct yet complementary skill set to the Board of Trustees. My experience as a CFO, with experience in financial management, corporate governance, and risk management, will provide a holistic oversight structure that reinforces ARIN’s technical and policy strengths.
I’d be honored to earn your trust and your vote. Thank you, and I look forward to meeting and speaking with you in Dallas.
Hollis Kara: All right. And next up we’re going to move straight on into our speeches from the Advisory Council candidates.
Advisory Council Candidate Speeches
Ethan Angele
Announcer: Next, we welcome Ethan Angele, a candidate for the ARIN Advisory Council.
Ethan Angele: Hello. My name is Ethan Angele, and I’m a candidate for the ARIN Advisory Council. I’d like to take a moment to tell you a little bit about myself, my background, and why ultimately I’m interested in serving on the ARIN Advisory Council.
I’d always been pretty curious about technology and electronics since I was very young doing things as simple as pulling apart stereos and speakers, things that probably were beyond repair but still seeing if I could fix them.
But I’d have to say the real defining moment for me that really set the hook for networking as a career was at Air Force tech school, where I configured a pair of Cisco routers for probably the most basic way.
It was that moment where I saw the ping packets change from request timed out to echo reply, and I knew I was hooked. I was like, this is amazing that I could cause this communication to occur.
Like most of you, that career started out doing things like help desk, desktop support, eventually being a network intrusion analyst, which was an amazing job and an incredible time of growth for me, somewhere where I really had the opportunity to learn about protocols within the TCP/IP suite.
I then briefly worked at SolarWinds before spending a little over nine years working for a power company in the inland northwest.
My time there really shaped me, shaped what I know today and gave me real experience, designing and building networks. And then I was able to spend the latter one and a half years there as an architect leading the automation and observability project for the infrastructure teams, a project that exposed me to how technology ultimately supports the business as well as an opportunity for me to be a leader of a team of engineers, develop my leadership abilities.
I would then start my journey at my current company, Kentik, where I’m able to be a part of an amazing team doing amazing work within the realm of network observability.
I originally began as a post-sales engineer, and then for the last year I’ve been on the presales side. In both of those roles, I’ve had the privilege of working with some of the greatest companies on the planet, helping them with their network observability and monitoring challenges both for their internal networks but also for their external edge networks as well.
Within the presales role, specifically, it’s allowed me to gain an appreciation on why customers need networks to not just to support their business but also to be able to be enablers of innovation, giving their companies the competitive edge.
I’ve learned to attach network observability to the value of the network and then to the business value that the network provides. And it’s given me appreciation, ultimately, of how computer network support and enable businesses, economies, and just overall quality of life.
It’s because of this, and my experience as a network engineer, architect, presales engineer, that I jumped at the opportunity to volunteer for ARIN, something I hadn’t really considered until it was brought to my attention.
I’ve always known what ARIN is and know how important it is to the industry. So I’m just super excited to be able to potentially be a part of that. And if elected, I’ll bring the same thought leadership that I use in my current roles and previous roles, as well as bring my experience serving on the board of two volunteer organizations in the past.
My goal being to serve and to give back to the community that has given me more than I could ever repay. Thank you so much.
E. Marie Brierley
Announcer: Our next candidate for the Advisory Council is E. Marie Brierley.
E. Marie Brierley: My name is E. Marie Brierley, and I am currently running for ARIN’s Advisory Council. I’ve had the opportunity to partner with ARIN in some of their activities in the state of Nevada. I’ve been a Fellow.
I have received two rounds of Community Grant funds for IPv6 behavior-based research, and I have also facilitated an ARIN on the Road event in Nevada. I have blogged for ARIN. I’ve blogged for APNIC and presented at APRICOT during COVID. I’ve also presented at IETF.
My philosophy is that the IPv6 transition as we know has been stuck in certain areas, namely enterprise. And so I believe that reaching the application owners, the strategic decision-makers in the application layers, can help us get sponsorship and prioritization for that transition.
I also believe that cybersecurity cannot be fully implemented without also addressing Internet security.
I had the opportunity to speak as a panelist at UNR’s cybersecurity conference last fall and pitched that to the audience andit was extremely well-received by them.
Some of the actions that I’m involved with and some of the value I think I can bring to the ARIN community is working with our state’s legislature to try to enhance their ability to make sound policy decisions to support ARIN’s mission and the mission of the Internet at large.
I’m also working with economic development organizations to try to strengthen the funding models for Internet exchanges, a critical piece of Internet infrastructure that is invisible, but it’s as invisible as it is important.
So I would appreciate your consideration and your vote as I run for ARIN’s Advisory Council and continue my support of ARIN and its mission. Thank you.
Matthew Cowen
Announcer: Next, we have Matthew Cowen, a candidate for the ARIN Advisory Council.
Matthew Cowen: Good day to all, wherever you may be. The Internet changed my life in 1989, when I first encountered global computing networks as a student at the University of West London. That moment sparked a lifelong journey in Internet technology and governance, one that has spanned over 30 years of consulting and helping businesses harness the power of the Internet.
Today, I’m standing as a candidate for the ARIN Advisory Council. I’m asking for your vote so I can contribute meaningfully to the Policy Development Process and support ARIN’s broader mission, especially in areas like capacity-building and knowledge sharing.
I hold a passion for the work of ARIN and Internet governance as a whole, as demonstrated by my commitment to, and involvement with, ARIN over the last several years.
I have experience in Internet network technology, as well as the historical knowledge to give my time to the ARIN AC productively.
I believe we’re at a critical point in the development of the Internet’s future, and it is precisely because of this that Internet governance bodies need volunteers to help drive and implement positive change.
I’m on the ballot to offer my time and effort towards helping preserve the best aspects of the Internet -— its openness, access for all, etc. -— without being naive about the challenges.
Being on the ARIN Advisory Council will allow me to participate in a small way, contributing to shaping the future of the Internet we want through active involvement in policy development.
My name is Matthew Cowen. I am a technology consultant based in Martinique, with a passion for the Internet. Thank you for your time, and I would be honored to have your vote and support.
Gerry George
Announcer: Our next candidate for the Advisory Council is Gerry George.
Gerry George: Hi, my name is Gerry George, and I am from St. Lucia in the Caribbean, where I currently live and work.
I’m an ICT professional and consultant with my own firm, DigiSolv, for over 25 years. Currently a sixth-term commissioner with the National Telecommunications Regulatory Commission, NTRC, in St. Lucia since the year 2011, and I’m actively engaged in the CT industry as a member advocate, serving as the current president of the ICT Association of St. Lucia, SLICTA, and an active participant in CaribNOG.
With over 30 years of professional experience, having served on a number of boards, been a part-time lecturer at the National Community College and the University of the West Indies, I have a strong track record in governance, oversight, policy, advocacy, and mentorship.
Prompted by the encouragement of present colleagues, I took the step to run for the Advisory Council, successfully secure the seat, and I am now seeking reelection as my current term concludes.
I’ve also been a repeat mentor for the Fellowship Program, a role I particularly enjoy and look forward to each year.
What do I bring to ARIN and the AC? A different outlook, a different perspective, and different experience. The Caribbean is very underrepresented within the ARIN member community, and I have continued to advocate among my fellow Caribbean peers for greater and more active involvement with the various organizations which form integral components of the global Internet infrastructure, mainly ARIN, ICANN, ISOC, etc.
Also for the adoption and usage of IPv6 and ASNs, DNSSEC, RPKI, and other aspects of Internet security to promote the obvious need for migration from IPv4, of course, and encourage adoption in those various areas.
What does ARIN offer to me? It provides avenues for ongoing advocacy to engage in practical experiences and direct networking with influential and living figures who are shaping the industry. So, why me?
During my term on the AC, I have been lead or co-shepherd on a number of policies, helping navigate what can be a challenging array of membership opinions and positions, offering clarity and guidance to ensure awareness, level of support, and work towards the successful, broadly accepted outcome.
This often requires careful recognition and consideration to ensure clarity, intentions, desired outcomes, consequences, whether intended or unintended, to ensure informed decision-making, collaborative participation, and that consensus-based adoption of policies are community-driven, seek to advance ARIN’s mission, and is in the interests of the ARIN community and membership.
In closing, I’d like to thank the community for the opportunity to serve during my first term and to respectfully solicit your support in casting your vote for me so that I may continue contributing on the Advisory Council.
I remain committed to the stewardship of policies through member engagement and public participation, working collaboratively towards consensus-based policy adoption. Thank you.
Altie Jackson
Announcer: Our next candidate for the Advisory Council is Altie Jackson.
Altie Jackson: My ARIN community members, today I come before you not just as a candidate for ARIN Advisory Council, but as somebody deeply committed to the future of our digital landscape.
My name is Altie Jackson. And for the past eight and a half years, I had the privilege of working with the leading telecommunications company in the Caribbean. I have witnessed firsthand transmission pull of connectivity and the importance of sound governance in our industry.
As a former ARIN Fellow, I have gained invaluable insights in the challenges and opportunities that lies ahead for our region.
This experience has fueled my passion for advocating for policies that promote reasonable access to technology and enhance our community resilience in the face of the rapid change.
The role of an ARIN Advisory Council member is not just to provide advice, it is about being a voice of our community.
It is about ensuring that our collective needs and aspiration are represented at the highest level. It is about fostering collaboration among stakeholders and driving forward initiatives that benefit all users of the Internet.
As we look towards a future, we must prioritize the transparent ance and engage in meaningful discussion on issues that impact the digital ecosystem.
Together, we can address the challenges of IPv4 exhaustion and the transition to IPv6. We can promote best practices in network security and encourage innovation in the region.
My commitment to you is to listen, to advocate, and to act in the best interests of our community. With your support, I hope to bring my experience and passion to the ARIN Advisory Council. Let us work together to create a bright and connective future for all.
I encourage you, vote Altie Jackson.
Brian Jones
Announcer: Next we welcome Brian Jones, a candidate for the Advisory Council.
Brian Jones: Hello, I’m Brian Jones. I work at Virginia Tech in the network infrastructure and services division of central IT. In my day job, I manage a group of IT escalation engineers, sometimes referred to as the Team of Misfit Engineers. It’s a team of IT experts, routing experts, centralized storage administrators, DNS DHCP and TP gurus, data center technology. You name it, there’s somebody on my team that probably does it. That also includes the Virginia Tech host master duties.
So on my qualifications. I’ve got my IPv6 H certification from Hurricane Electric; yes, I have the T-shirt. IPv6 engineer certification with the IPv6 Forum. And more recently a bronze IPv6 certification from the Home Networking Group.
I’m also a certified scrum professional, scrum master and product owner of the Scrum Alliance and have been since 2018. And I’m a certified flow master with Kanban University.
I became involved with ARIN around 2007 when Virginia Tech needed more IPv4 address space.
At that time, IPv4 address space was beginning to approach runout. We were able to get IPv4 space just before the runout, and I was also able to secure some more space off the Wait List a little bit later on.
And then we needed more IPv6 address space, so we were able to get a /32 to supplement our already-in-use Internet2 IPv6 address space.
I was originally nominated to be part of the Advisory Council back in 2020-21 by Celeste Anderson, who was acquainted with me from the IPv6 Working Group community.
I served a one-year term and was reelected to a three-year term after that, which ends this December. I’ve learned a great deal about ARIN’s Policy Development Process, the Number Resource Policy Manual over the last four years, and I’ve served on several working groups: The Number Resource Policy Manual Working Group and also the Policy Experience Report Working Group.
And I’ve also been a member of the Fellowship Selection Committee and the Nomination Committee. I’m currently a mentor for the incoming Fellows and plan to continue to do that if I’m reelected.
So again, I’m Brian Jones. I am soliciting your vote for another term on the ARIN Advisory Council. I believe my experience serving the ARIN community and my networking background allows me to serve the community well and shepherd your proposals through the process with confidence.
I’m also one of the few, maybe the only candidate, that has a strictly research and education IT background.
Again, I’m Brian Jones, and I would very much appreciate your vote for the ARIN Advisory Council. Thank you.
Kendrick Knowles
Announcer: Our next Advisory Council candidate is Kendrick Knowles.
Kendrick Knowles: Good day, everyone. My name is Kendrick Knowles, and it’s an honor to stand before you as a candidate once again for ARIN Advisory Council.
When I looked at this year’s slate of candidates, it reminded me of a family reunion because there’s so many candidates and so little vacancies.
And speaking of family, my last speech, when I was first elected, my candidate speech I talked about thanking my father, and how he introduced me to Internet Protocol and IPv6 and IPv4.
And I think it’s only fitting that this second time around I thank my community family and my ARIN family and my ARIN AC family for the opportunity to serve and also the opportunity to nominate again and to seek another term.
Today, I seek nomination because I want to carry the same spirit of gratitude forward to the community.
I want to ensure that my colleagues on the Advisory Council understand that I take my position on serving the AC as humbling and inspiring, and I’ve learned how deeply the community cares about fairness, collaboration, and the future of the Internet.
So in my own work in the Caribbean since joining the ARIN AC, I was able to assist all of the companies that hold Autonomous System numbers and IP resources in the Bahamas since joining the AC.
So, any company that has received number resources got them through my company or my consulting or my assistance, and I believe that that’s a direct correlation to my working on the AC and my increased knowledge on Internet policy.
I’ve also helped quite a few companies with RPKI and IPv6 transitioning as well.
So I’m seeking renomination, not just to continue contributing my voice, but also to continue honoring the trust the community has placed in me.
I look forward to continuing to work together. And thank you for your support.
Mohibul Mahmud
Announcer: Next we welcome Advisory Council Candidate Mohibul Mahmud.
Mohibul Mahmud: Hello, ARIN community. I’m Mohibul Mahmud, and I’d like to begin by thanking the ARIN community, the Nomination Committee, and the Board of Trustees, for giving me the opportunity to stand for the Advisory Council.
I work as a Cloud Engineer at Microsoft and care deeply about the health and clarity of Internet number policy in our region. I bring more than two decades of experience in networking and cloud infrastructure, including about 15 years in the ISP industry as a Network Engineer.
Over that time, I’ve worked directly with IP addressing, routing, and service delivery,seeing first-hand how policy decisions affect operators and customers.
I have also participated in ARIN policy discussions, regional community calls, and Internet governance groups.
And I serve as a member of the ICANN RSSAC Caucus, which I contribute to efforts that strengthen the stability and security of the global root server systems.
These experiences have taught me the value of open collaboration and practical policy work.
I’m running to strengthen clarity, fairness, and engagement in ARIN’s Number Resource Policy Manual.
My goal is to help make ARIN policies easier to understand and implement, while preserving stability for current operators.
I also want to make the policy process more welcoming to new voices so future network engineers and organizations feel confident participating and keeping our policies relevant.
If elected, I will listen first, build bridges across different stakeholders’ needs, and work transparently with fellow AC members and the community.
I’ll help ensure our Policy Development Process remains open, predictable, and aligned with the global Internet ecosystem, while serving the unique needs of the ARIN region.
Thank you for your time and for the trust you place in candidates like me. Please participate in the election and continue to make your voices heard.
It’s the community that makes ARIN strong. Thank you.
Calub Ogundele
Announcer: Next we hear from Caleb Ogundele, a candidate for the Advisory Council.
Caleb Ogundele: Hi, my name is Caleb Ogundele, a Canadian citizen based out of Winnipeg, Manitoba, and I just wanted to thank you all for taking time to watch this video. I’m honored to seek your support for the ARIN Advisory Council.
With over 20 years in Internet governance and policy development, I bring hands-on experience to the ARIN community as, one, a consensus-driven person and someone who has a clear understanding of the policy work that we do across multiple RIRs.
I do also have a very good technical background. I have actively engaged within the PPML discussion list and as well as participated in a couple of ARIN meetings. I have participated both in global governance forums through the fact that I’ve been an ISOC board member.
I currently serve within the GNSO in ICANN, and in AFRINIC I’ve sat in a couple of other positions such as NomCom. I’ve also authored policies within the AFRINIC region, and I’ve also actively participated within the IGF, the Internet Governance Forum.
My record includes not just authoring or coauthoring different policy proposals across different cross-community, and also mentoring new contributors.
The fact that ARIN is at a pivotal moment right now when it comes to routing security, IPv6 transitions across different strata and inclusive policy development, the Advisory Council actually needs someone with technical expertise, proven policy authorship, global perspective, and I believe that my background positions me to contribute immediately on these priorities.
What I bring. I bring policy leadership. I have authored proposals. I bring consensus building. I bring global governance perspective, ARIN being active within different I*s (I-star). I also bring community engagement as well as good and clear technical translation.
My vision, actually, is to continue to support the work that other members of the Advisory Council will be doing working in harmony with them, try to see how we can shepherd or co-shepherd different policies that will continue to help to serve the community at a greater good.
Now, I do believe that I am that candidate that you’re looking for to vote in this current election.
So please vote for me, my name is Caleb Ogundele, as you will see on the ballot, and I do hope to see you at the meeting. Thank you very much.
Gus Reese
Announcer: The next candidate for the Advisory Council is Gus Reese.
Gus Reese: Greetings, ARIN community. My name is Gus Reese, and I am asking for your support for reelection to the ARIN Advisory Council.
For the past three years, I’ve had the privilege of serving on the Advisory Council where I’ve shepherded and co-shepherded policies from proposal through the development process to adoption by the Board of Trustees.
In my day job, I work for a global ISP, Cogent Communications, serving as the senior director of IP edge engineering. I lead a team of 25 engineers, who configure, maintain, and support the edge of the Cogent network.
I also administer all of our IP address and AS holdings, and my team helps manage reassignment information, geolocation, and RPKI functionality. I’m also the primary contact with all five Regional Internet Registries where we hold resources.
Early in my career, I helped craft my company’s IP allocations policy, which still follows ARIN’s best practices to date outlined in the Number Resource Policy Manual. I played a key role in deploying IPv6 into the Cogent network in 2006, enabling IPv6 for our customers in 2007.
I believe strongly in ARIN’s bottom-up policy process. My focus has always been on ensuring that policies are clear, fair, and practical for the entire community.
If reelected, I will continue to champion consensus-driven policies that reflect real world operational needs.
This year we have one of the largest Advisory Council slates in the past decade. I encourage you to get to know all the candidates. Look for us in the hallways and during lunches. We’ll have ribbons on our badges indicating we’re candidates.
Come talk to us.
Thank you for allowing me to serve over the past three years. I would be honored to earn your vote for another term.
Preston Louis Ursini
Announcer: Our next candidate for the Advisory Council is Preston Louis Ursini.
Preston Ursini: I’m Preston Louis Ursini, and I’m a candidate for the ARIN’s Advisory Council. My experience starts with my work with the Paducah Internet Exchange as its executive director and chief executive officer of Quad State Internet.
Our journey with Internet exchanges and interconnections starts with an enterprise network in far western Paducah, Kentucky, where we had networks that were right within the same city and pinging each other and connecting to each other led to a path across the country of over 72 milliseconds, and we were having really serious degradation problems.
As the enterprise network and other services expanded, we really saw the need for interconnection and started what is now the largest Internet exchange within the state of Kentucky.
Through this journey, I have worked with small- and medium-sized networks and even some of the largest CDNs, and what we found is the need for Internet interconnection and interchange and peering is greater now more than ever. And that also falls back and goes into numbering policy.
So in working with a lot of these small and medium networks, especially, we find gaps within ARIN’s policies that could be filled that would better serve these networks.
And so whether it’s policies to make sure that everybody has easy access to numbering assets, whether it’s policies that can help push the implementation of IPv6 on a wider basis, there is always room for community engagement and consensus building within the Advisory Council to help build and shape these policies.
And so I spent a lot of time working with a lot of these networks and that has resulted with me working alongside the ARIN Advisory Council in introducing and working with the shepherds and going through the process of having these looked at.
One thing I’ve done in doing that is I look at the meeting minutes and see where I feel that I’d be able to kind of fill some gaps in the discussions that the AC has in pushing these policies to the Board of Trustees.
And so there’s a lot of great people on the Advisory Council. I look forward to the opportunity to build consensus and have these discussions with them and meet with them in person.
And anything that I can do to help anybody, I’m readily accessible on LinkedIn as Preston Louis Ursini and could be found at PrestonUrsini.com. So I thank you for your time and I hope to see you guys at the AC.
Alison Wood
Announcer: Finally, we welcome our last ARIN Advisory Council candidate, Alison Wood.
Alison Wood: Hello, everyone. I am so honored to speak with you today. My name is Alison Wood, and I am running for reelection to the ARIN Advisory Council.
Over the last few years, I’ve had the privilege of working with many of you, assisting with your policy ideas, shepherding your policies to the community, sharing ideas, collaborating, and advancing the community for a greater effective Internet registry.
I have served as a mentor, an advisor, a table talker, a chairperson. I’ve been a Fellow, and I have served on several committees in ARIN. And I’m very, very proud of the work that we have accomplished together.
In addition to serving on the Advisory Council, I have worked as a network engineer and network architect for over 25 years.
I am the lead network analytics engineer for the state of Oregon and recently named Oregon’s Packet Huntress.
I work for the Oregon State Data Center. We’re a 24/7 data center that serve all state agencies in Oregon, counties, cities, municipalities, K-12, and higher education. We serve as a large ISP to the state of Oregon. We have over 40,000 direct end users, and I really am proud of the work that we have accomplished in the state of Oregon.
I also serve on a couple of industry advisory councils, and I continue to promote peering, IPv6, and remote Internet connectivity throughout the Pacific Northwest.
My company, like yours, is directly affected by the policies that we develop with the community. I understand the need to continually mature the Number Resource Policy Manual and, like you, I respect the need for the council to represent the best interests of the community.
My experience as a network engineer and as a public servant allows me to bring a unique perspective to my role on the council.
I have an understanding of how to help policy positively serve the community as a whole with a solid understanding of the technical efforts behind the ideas.
I am committed to this community and continuing to further your ideas, your policies, the Fellows, and your Internet.
I will work hard to listen, to be your voice in the Policy Development Process, and help in any and all ways that I can.
From the text of our PDP, I am technically sound. I’m fair and I’m impartial. And now I ask for the support of the community.
Today, I’m asking for your vote so that I can continue to be your voice to champion the best interests of the community and to continue to improve the policies for all of us. I’m Alison Wood. Thank you so much. Have a great meeting.
Hollis Kara: All right. Thank you to all of our AC candidates. And finally, we’ll move on to the candidates for the NRO Number Council.
NRO Number Council Candidate Speeches
Ahmad Enaya
Announcer: Next, we welcome Ahmad Enaya, a candidate for the NRO Number Council.
Ahmad Enaya: Hello, everyone. My name is Ahmad Enaya. I have been in the industry for more than
20 years and in academia for almost five years. I began my career as a telecom engineer for Saudi Elexon, working across the EMEA region. Over time, I shifted my focus from TDM and telco towards IP networking, mainly in service providers’ IP core and Internet service delivery.
In 2005, I achieved my Cisco CCIE Service Provider Certification, and since then I have worked on the network for major service providers in RIPE NCC, AFRINIC, and ARIN region.
In 2018, I moved to Canada, where I have been leading projects to build infrastructure, data center, and Internet connectivity for large universities, hospitals, and financial institutions.
Alongside industry work, I became a lecturer and instructor in networking and cybersecurity, teaching at universities, colleges, and within the industry, sharing my knowledge with the next generation of engineers.
What I bring to the NRO NC is a blended perspective across regions, technologies, and roles. I have worked for service providers, enterprise customers, and networking vendors. I have served both industry and academia, combining real world operations with advanced research.
My expertise spans service provider IP core network, ISP routing, enterprise infrastructure, cybersecurity, smart cities, and AI.
Today, my research focuses on how technologies like AI, blockchain, and Web3 can be applied to secure and scale the network for the future.
This unique background allows me to see challenges and opportunities from multiple perspectives: technical, operational, business, and academic.
I understand not only how services and applications run over the Internet, but also how emerging architectures will shape our global network ecosystems.
I believe this depth of experience will bring real value to the NRO NC, ensuring that ARIN’s voice is strong in global Internet policy, while fostering innovation, security, and inclusivity.
I ask for your support, and I look forward to contributing my knowledge and dedication to the future of the Internet. Thank you.
Chris Grundemann
Announcer: Our next candidate for the NRO Number Council is Chris Grundemann.
Chris Grundemann: Hello, ARIN community.
Greetings from the past. Prerecorded speeches are an interesting form of time travel, don’t you think? I’m Chris Grundemann, and I’m honored to be considered for the NRO NC.
I do want to be clear from the start: I’m here because I believe in service to our community. For over 20 years, I’ve had the privilege of working alongside many of you to build and strengthen the Internet. From my time on the ARIN Advisory Council to building and running IX-Denver, from founding the Colorado Chapter of the Internet Society, to working at ISOC headquarters promoting global Internet standards — each experience has deepened my appreciation for the delicate balance required to keep the Internet functioning for everyone.
The NRO NC role is fundamentally about stewardship. It’s about representing our region’s voice in global coordination while ensuring that policies serve operators, not bureaucracy. It’s about bridging the gap between what sounds good in theory and what actually works in practice.
I’ve seen firsthand how Internet number resource decisions ripple through our networks. When IX-Denver allocates address space or when we help members navigate BGP policies and RPKI ROAs, those aren’t abstract concepts — they’re real challenges that affect real networks serving real people.
If you choose me to serve, I bring no agenda other than this: to listen carefully, think clearly, and represent our community’s interests with integrity. I’ve learned that the best solutions often come not from the loudest voices in the room, but from understanding the quiet concerns of operators trying to do their jobs well.
The Internet we’ve built together is remarkable, but it requires constant care. Number resource policies might seem technical, but they’re really about ensuring the Internet remains open, stable, and accessible to the next generation of innovators and users.
I’m not asking you to vote for me because I have all the answers. I’m asking you to consider me because I know the right questions to ask, I understand how to build consensus among diverse stakeholders, and I’m committed to putting the community’s needs above any personal interests.
The choice, of course, is yours. If you believe I can serve our community well in this role, I’m ready. If others would better represent our region, I will support them wholeheartedly. What matters most is that we choose someone who will faithfully represent the ARIN community in the global coordination that keeps our Internet strong.
Well, since that only took two minutes, I will now recite some poetry … I kid. In all sincerity, thank you for your consideration, and thank you for the work you do every day to keep the Internet running.
Alyssa Quinn
Announcer: Our final candidate for the NRO Number Council is Alyssa Quinn.
Alyssa Quinn: Hello, everyone. My name is Alyssa Quinn, and I’m running for a seat on the NRO Number Council. I’m sorry that I can’t be there with you in Texas this week, but I am pleased to return virtually to the halls of an ARIN meeting.
I think that I’m a unique candidate for this particular job. I have years of experience in both the ARIN and the ICANN communities. I’ve served on ARIN’s Advisory Council for six years, writing and shepherding policy proposals, working closely with staff, and understanding operator needs. This, of course, involves participating in ARIN meetings, traveling to other RIR meetings, and understanding the needs of the other global communities and understanding their policy development processes as well.
I also have experience navigating the ICANN sphere because in a past day job I coordinated the engagement for the ICANN — sorry, for the .ca top-level domain at ICANN. In this role, I participated in PDPs. I liaised with the Canadian governments regarding ICANN development. And I worked on other multistakeholder administrivia such as the Country Code Name Supporting Organisation Guidelines Review Committee.
All of this to say, I’m as experienced navigating ICANN as I am in the RIRs. So I would expect to hit the ground running on the NRO NC and carry forward all the hard work that the current council has done, especially on ICP-2.
I would also hope to work with the NRO to anticipate and plan for potential geopolitical risks that may impact the RIR system. I have worked and volunteered in the policy and technical communities for a decade.
I served on the Board of the Internet Society ada Chapter, the Montreal Internet Exchange, I coordinated the steering committee work for the Canadian Internet Governance Forum, and early in my career I worked for the Research and Education Network in Alberta, serving the needs of colleges and universities there.So as you may have discerned, I am Canadian, but I currently live in the Seattle area after marrying an American just a few years ago. I am presently unaffiliated.
I’m a free agent because I am working as a homemaker and stay-at-home mom. Although the term “stay-at-home mom” is a bit of a misnomer because we spend a lot of time outside. In addition to that, I have also been volunteering for and with moms of other toddlers, but I am feeling called back to using my expertise in the Internet governance community and sitting on the NRO NC representing all of you fine folks.
And so for this reason, I present to you myself as a candidate for NRO Number Council, and I hope I have secured your vote. Thank you.
Hollis Kara: All right. Can we have a big round of applause for all of our candidates standing up for election?
(Applause.)
I will note that if you are a Voting Contact for a General Member Organization, if you log in to your ARIN Online account, you’ll see the Vote Now button is live. So feel free to do that at your leisure but before the end of day next Friday.
As you may have also discerned, we are running slightly ahead of schedule. It would not be an ARIN meeting if we didn’t have a slight fire drill with the presentations. Because we are, as I mentioned also earlier, very dedicated to making sure our policy blocks don’t shift so as not to disrupt plans of our virtual attendees, since policy is the primary directive of these meetings, we are pulling forward a different presentation to land us into the break.
Do I have the first slide? Oops. Nope, go back. I’d like to invite our CTO, Mark Kosters, up to give us an update on Directory Services at ARIN.
(Applause.)
Directory Services at ARIN
Mark Kosters: So I’d like to share with you all something first. One, I think you could tell I’m kind of height challenged.
From the Floor: What?
Mark Kosters: I know, I know. And there’s been times where people said, hey, I really need to have some sort of stepping stool up here so you can see me from behind the podium. I’m totally fine with that. I really am. I really am.
But it reminds me of a dad joke. Okay. You all ready for a dad joke? All right. All right. And one of you in the audience has heard this dad joke because I used this about a month ago. So why did the presenter bring a stepladder on to the podium?
From the Floor: Why?
Mark Kosters: All right. He wanted to elevate his presentation to new levels.
(Chuckling.)
All right. So I’m going to actually — I have something that’s very interesting to talk about. This is something I’ve been working on for over 20 years, and that’s dealing with directory services.
And we have currently four ways of doing about the same thing. And so maybe we should think about, hey, we can kind of reduce the number of services we have here, right?
So we’ve talked in the past about, hey, let’s get rid of templates. Anyone still use templates out there? No, you don’t.
So next one, has anyone used FTP as a service? No, you don’t. So now let’s talk about some other potential services that we can actually start working on retiring.
And a good part of this is actually going to be y’all’s input on what do you think we should do to retire some of these redundant services.
So we have Whois Port 43. Who here uses Port 43 for Whois? One. I can’t see you over there. Two. All right. Just a few of you. Okay, three. Okay.
Who uses RWhois? Okay, a few more. But you’re only using it for sharing your information that you have within your customer base, right? Okay, for reassignments, okay. Cool. Cool.
Who uses Whois-RWS? All right. Why? Yeah, well, I can tell you why. When you go to Whois.ARIN.net you’re actually using Whois-RWS as a backend service.
Who is using RDAP? Okay. A few, a few. So anyways, all these services basically do essentially the same thing.
RWhois is slightly different, but it has the same sort of purpose. And a lot of these things are moving fairly quickly within IETF, and maybe we should consider moving along with the IETF on some of these new things.
So we could probably work on simplifying some of these things. RWhois, Whois-RWS and Whois. Maybe we can sort of bring all these things and consolidate them into one protocol underneath.
So let’s talk about RWhois. I know many of you use this, and there was, within the NRPM, there was actually, explicitly there was RWhois support.
And that’s been taken out. There was SWIP. I love these terms. I came up with SWIP years ago. I just absolutely love it. But I’m actually really glad to see it retire.
As we retire these things, we should look at how can we actually work on this and create a softer landing for those who still use RWhois, and how we can actually move this into a new sort of more modern protocol like RDAP.
And so one of the things we could do as a community, or at ARIN, however we figure out how to do this, is we can create a migration tool for you to move your data from your provisioning system from using RWhois service into using an RDAP service. And there are plenty of freeware tools out there now that you can set up your own RDAP server. That’s number one.
Or number two, use this opportunity to push your data that you currently have, because you find that this is atrocious, why am I doing this? And sending it to ARIN itself. So you have two ways of going about this — maybe three. Love to hear from you on more.
Let’s move on to the next one. Let’s talk about Whois-RWS. This is a predecessor to RDAP based on XML and JSON. It’s not an IETF standard. RDAP is. And, actually, Whois-RWS was a predecessor to RDAP. It was basically sort of a fielding of a way of actually doing this.
And as I mentioned earlier the web portion of our site, one part of it, is using Whois-RWS, Whois.ARIN.net.
So basically this involves two parts. One is moving Whois.ARIN.net to an RDAP backend. This would be transparent for y’all. You won’t notice it. And the other one is actually retire the API so that people would have time to actually transfer to using RDAP.
Retiring Whois. So here is where it gets kind of interesting. So Whois is a very, very popular protocol. Sadly, it’s underspecified. It’s older than dirt. RFC 984 has been around since I was — before I was born — not quite, but close. It has undefined queries, undefined results, lots of custom code. You don’t know who’s saying what to, you know, who has servers. There’s no way of doing navigation. For example, I was looking for some space that belongs to AFRINIC. And it basically went from us to RIPE and then it ended.
Unless you really knew that space was in AFRINIC territory, you had no idea who actually was a contact for that space.
There’s no internationalization support. And it’s, of course, insecure. So maybe we should think about retiring Whois.
So RDAP, which is going through the IETF, it has a lot of energy behind it. It has defined queries and results, unlike Whois. It has multiple client implementations — there’s actually 26 of them today. There’s a lot of authoritative server implementations that deal with RWhois issue. There’s 11 of those right now.
And it gives you automatic navigation. I can actually find that IP address that belongs to AFRINIC, and it wouldn’t be lost in this ether.
It also has some new features coming up. One is a pointer to geolocation services. So if ISPs actually wanted to provide this information they can do so through a URL that’s actually put into the RDAP service.
And RPKI registration information. This is not to do validation, but this is to find the organization that may have that ROA that you’re sort of interested in. It may be a way to contact, the tech contact dealing with that offending ROA. Don’t know. So there’s more features to come.
And the bottom line is all the regional registries are coalescing under RDAP. We are all doing the same things. So it will be consistent interfaces within the RIR community on dealing with directory services.
Unlike what we have today. Today, it’s an absolute mess. And here you can see sort of a listing of things with Whois-RWS and RDAP. The big thing I’ll highlight here is Whois-RWS was defined by ARIN, but it’s supported by no one other than ARIN, whereas RDAP is supported by all and it’s defined by the IETF.
So Whois. I know this is sort of a why, why are you doing this? Why are you getting rid of this really important directory service? Well, ICANN has dropped the Whois requirement for their domain registries. And the talk that was earlier today on dealing with ICANN was talking about sunsetting Whois as a service and actually moving to RDAP.
Many gTLDs have actually already done this. At least 139, according to Andy Newton, who works at ICANN now, have dropped their Whois directory service. And Whois usage is dropping as a result.
Here you can see the queries. I don’t know where they got these numbers from, but I’m taking this from Andy Newton, who spoke at a conference here about a month ago.
Here you see RDAP queries starting to rise.
So kind of interesting. We’ll see how it goes. So here we go. We have a consultation coming up that is going to ask you for your opinions on this and what we should do. And would love to hear from you.
So it’s not my normal engineering presentation where I have lots of graphs that go up to the right. But this presentation is more about, hey, these are things that we’re looking at doing to streamline ARIN Engineering and make it — make better available systems for y’all to actually deal with in the future. So, thank you.
Hollis Kara: All right. Stay right there. Microphones are open, so if folks would like to start queueing up or start typing online, we will get some questions or comments for Mark.
Alison Wood: Alison Wood, State of Oregon, awesome job. Can you please bring your QR code back up again. I was too slow.
Mark Kosters: Oh, of course.
Kevin Blumberg: Kevin Blumberg, The Wire.
I appreciate your enthusiasm for RDAP. I also appreciate the Board continually telling us that ARIN is very tight on budget money, and I can’t have my cake and eat the cake and ask for another piece of cake. So without those limitations in place, all of the stuff up here is useless, Mark.
We really need to know more because ultimately we’re going to have to help design it. If money is no object, we would say, keep it all, but money is an object, so we’ve got to — to that end, your slides were very misleading. Please go back to the RDAP implementation slide. .6 billion queries; Whois, 100 billion queries. You can’t do this, Mark. You can’t show one slide where it’s .6 billion and the other 100 billion.
That being said, here’s my real thing. You show me where an RDAP client is on 95 percent of current-gen desktop computers, you can get rid of Whois. Until that time, can’t do it.
So you want to sunset and tell people in 15 years you’re sunsetting? Awesome. We can have the IPv4, IPv6 RDAP, Whois discussion in 15 years. But the reality is what ARIN really needs to do is come up with a way to get the vendors to do it or you’re going to be using Whois in 15 years.
Mark Kosters: To that end, let’s talk about this just a bit. So current vendors, in terms of what their default implement — what services they have on OS vendors, on OSes, Whois no longer comes as a default. You have to actually add it, right? It’s no longer a default, much like FTP clients are no longer as a default.
So these things are starting to evolve. And, yes, there’s no RDAP clients that are on as a default on the OSes. But I understand what you’re saying, but this is just to start opening the door, saying, hey, we’ve got to start looking at this.
And you’re seeing other big players in this, like ICANN, saying, hey, we’re sunsetting this. Under their model, it’s all contractually obligated, right?
And they’re looking at changing this. And actually this is going to go quite fast.
Kevin Blumberg: So the fact that it’s not installed but it’s available, I don’t mean default as it’s installed. Telnet isn’t either available by default but it’s there.
Mark Kosters: Yes.
Kevin Blumberg: Is there an RDAP client that mimics the functionality of Whois available on 95 percent of the deployed operating systems? If the answer is yes, that’s awesome. If there isn’t, then that is really the task that is before us before we can look at sunsetting Whois.
Mark Kosters: As I mentioned earlier, there’s 29 implementations out there, and you can choose whichever one you want to go for. And they actually all work in a similar fashion. But they have additional features because you have all this enhanced search capability. So it’s actually better than what we currently have.
Anyways, I encourage you to look at that and we can talk more.
Hollis Kara: I see we have another question.
William Herrin: Bill Herrin, speaking for myself. So I run a lot of Linux servers. And Debian Linux recently released a new version. I installed it on my test server to see what issues I would run into. And what I found is that the Who command, which has been in UNIX since before I’ve been involved in UNIX, doesn’t work anymore.
And it turns out that the Debian folks decided to completely rework how Linux interacts with utmpp. And the consequence was that the Who command doesn’t work anymore. I’m sure they had terrific reasons for that. I mean, it’s very edge technology. But the problem for me running Linux servers is that the Who command doesn’t work anymore.
Mark Kosters: Yeah, yeah, nor does finger and nor does talk.
William Herrin: I don’t use the finger or talk. I use the Who command quite a bit, and I use Whois command quite a bit.
Mark Kosters: I’m with you. But things are changing. Us dinosaurs now, at least me as a dinosaur, some of these things that we used to use all the time have sort of faded away, and new things have come in. That is our opportunity to see things sort of evolve too. Yes, John.
John Sweeting: Thanks, Mark. John Sweeting, Chief Experience Officer with ARIN for — anyway, I’ll be back in time for this stuff because what maybe didn’t come through to everybody is this is nothing that’s happening tomorrow, next month, next year. This is a roadmap. The consultation will be a roadmap of how we move with the community and help the community move to this new expanded service that will help everybody do their jobs better.
We’re not leaving anybody behind. We will take everybody with us. And that’s why we’re doing the consultation and letting you know, you know, maybe Kevin said 15 years. I don’t think we’ll wait 15 years, but maybe three, maybe four. Yeah, don’t know. But we’re not leaving anybody behind.
I just wanted to point that out.
Mark Kosters: Thank you for that clarification, John. Thank you.
Lee Howard: Lee Howard, unaffiliated. As one of the three people in the room — apparently we’ve all gotten to the mic, I guess — who use Port 43, the command-line Whois, I support the effort. I’m happy to figure out how to use cURL or Wget to do RESTful query if I need to or one of the many command-line implementations of RDAP. If I have to create an alias so I can use the word “Whois.” I could do that as well.
One of the things I’ve already discovered in the last five minutes, as I did a quick search, is that I don’t have to do Whois-H Whois.ARIN.net in order to specify a server. As you pointed out, there’s this discovery built into the client tools, so I’m already happier with — as I’m installing the software now — with the available clients under RDAP.
Mark Kosters: Thank you very much for that, Lee.
Hollis Kara: One more.
Leif Sawyer: Leif Sawyer, GCI Communications, ARIN Advisory Council. And I guess I’m the last of the few of us that are still using it. I run the RWhois server for my company. I developed all the automation, tooling that deals with importing the netblocks as they change that pushes updates, et cetera, et cetera, et cetera.
And one of the things I would love to see, like we did for RPKI, is a bunch of training sessions and, like, walking through as we start to develop the tooling for pushing out servers and doing all that data migration. That would be really helpful for me. That would probably be really helpful for a lot of people who are doing this and getting used to this whole new tooling system of RDAP versus the legacy RWhois.
Mark Kosters: That’s a really good point. Thank you for that.
John Sweeting: And that way we all win.
Hollis Kara: All right. I don’t see any questions online. Do we have anything? Nothing online. I see no one else in the room. I think that brings us to break.
Thank you, Mark. (Applause.)
One second, folks. We’ll be on break until 3:30, at which point we’ll come back and do our second policy block of the day.
We have four Draft Policies on deck. And we look forward to you all rejoining and another lively conversation.
(Break)
Hollis Kara: Before we get started, just to check, everybody should have one of these. Yours is probably beige. Mine’s blue because I’m staff. If you’re staff, yours is blue. Right? You picked this up.
The reason I ask is if for some reason you have not picked up your badge, you’re going to want to do that before 5:00 today because otherwise you are not going to be — well, assuming that you want to go to the social — you’re not going to be able to access the social.
So please do make sure that you have your ARIN badge. I know these paper badges — long story, don’t ask — have been causing trouble for some people. They do have plastic sleeves for them at the desk. If you want one of those to reinforce them because they’re a little finicky. Anyway, that’s done.
Now we’re going to do real meeting things. With that we’re going to start our next policy block. Doug Camin is on his way up to talk about Draft Policy 2025-3. Here he comes.
Policy Block 2
Draft Policy ARIN-2025-3: Change Section 9 Out-of-Region Use Minimum Criteria
Douglas Camin: Thank you, Hollis. Thank you, everyone. I’m Doug Camin. I am the shepherd on ARIN-2025-3: Change Section 9 Out-of-Region Use Minimum Criteria. I’m the shepherd along with Gerry George. I’m just going to move right into this.
The problem statement for this, Section 9 of the NRPM Out-of-Region Use requires organizations to use at least a /22 in the ARIN region before they can justify out of region Use.
This harms smaller organizations that have less than a /22 in region but do require some out of region use.
So this is a really simple change. Doesn’t mean that it has simple implications, but this one here we go into Section 9 and we modify the text under IPv4 from at least a /22 to a /24.
So this is the change in line with that text in Section 9. You’ll notice the red highlight indicates the section that changed. This policy was proposed just before ARIN 55. And then it was accepted as a Draft Policy in March.
I’m sorry, I should say it was presented at ARIN 55. That’s my bad. We did get — we have asked for feedback on the Public Policy Mailing List. That has generally been supportive. The ARIN 55 feedback was mixed. There were three people who spoke at the microphone in support, and there were two who were opposed.
The supportive feedback centered on registrations moving out of the ARIN region when the minimums were not met. So generally revolving around a loss of revenue for ARIN.
And the feedback that was in opposition centered on already — stated the requirement for a /22 versus a /24 was already low, so to meet the minimum viable redundant network threshold, a /24 did not meet that threshold.
The policy impact here, there’s actually three things. I have one extra thing to add that’s not on the slide. I apologize for that omission.
But changing this minimum value would impact how much IPv4 space an organization must utilize inside the ARIN region to justify additional IPv4 allocations from ARIN’s waiting list under Section 4.1.8. It would also impact a new waiting list IP space can be requested and used out of region with only one qualifying /24, in use inside the ARIN region instead of a /22.
This also has an impact on Section 8.3 transfers and 8.4 transfers where an organization who is purchasing new IP addresses and wants to transfer them in, they have to justify for that transfer for ARIN to accept that transfer with a /22 currently and switching that to a /24.
So our question for the community is, there are two here, and I will — do I turn that over?
Hollis Kara: Sure. Nancy, why don’t you come on up and we’ll talk about this one. We’ve got a couple of questions for the community. And I guess the questions — we’re not doing polling on this one, we’re just talking.
Douglas Camin: This one, yeah.
Hollis Kara: All right. Noting that we are just talking, there’s no polling, if you have thoughts or feelings on this one, please feel free to approach the microphone and/or start typing if you’re with us online.
Does anybody have thoughts, feelings, questions? Noting that Kevin waited politely to see if anybody wanted to come to the microphone ahead of him.
(Laughter.) Kevin.
Kevin Blumberg: Thank you. Kevin Blumberg, The Wire.
Doug, can you help me with some math?
Douglas Camin: Yeah.
Kevin Blumberg: An Org has a /24, they can’t get new space in the ARIN region because they’re not using it in our region, correct? That’s the point of this? If they had a /24 that was registered but it was not being used in our region, then they could get another /24, why are we giving somebody who has a /24 that they decided to use out of region in the first place another /24 that they want to use in region?
So the /22 was set up for a very good reason, and that was all of the games that you’re playing here. And unless my math is wrong, that doesn’t change. It’s somebody who got a /24 from whichever list it may be and now wants another /24 but they’re using the first /24 in a way they shouldn’t have been using it which was out of region.
John Sweeting: I’ll answer that, and Lisa will keep me straight. If they come in and request a /24 and they have a /24, and they say, “Here’s the usage of this, we’re using this in the APNIC region,” we will say, “Sorry, you cannot get any more space because you’re violating policy. You must first move that /24 back into the ARIN region and then you can request” — actually, they still couldn’t today because it’s a /22. But they would not get more space if they tried to use space that they were using out of region outside of policy.
Kevin Blumberg: Right. We are basically changing policy to fix people who have broken policies, what I just heard.
John Sweeting: No.
Kevin Blumberg: Please, I’d love to —
John Sweeting: No. They would not get more space. If they had a /24 and they were using it out of region, they would not get more space.
Kevin Blumberg: If they were using a /24 from the ARIN region —
John Sweeting: We would probably open a Section 12 and say you’re violating policy and we’re going to audit what your use is. And you’re going to have to come back into compliance with policy before you can request any additional space.
Kevin Blumberg: I think we’re arguing the same thing. The /24 is in the ARIN region. It is being used out of region. It is out of compliance to begin with. But let’s lower the bar so they can now get a /24 that they can use in region. That is how I’m reading this.
Douglas Camin: I don’t think —
John Sweeting: No, this is basically saying if they wanted to get a /22 off of the wait list and they wanted to use three /24s outside of region and one /24 in region, it would qualify under this change where as today it wouldn’t.
The whole /22, that initial /22 would have to be used in region before they could then request more space on the wait list 90 days later for use out of region.
Kevin Blumberg: Okay. Ultimately, there’s some complexity here. It’s not just a red-line change. And what you described — this is the part that’s worrying me. This wait list is for in-region use.
John Sweeting: Uh-huh.
Kevin Blumberg: If this change has anything that will have an impact on the in-region use, I’d like to better understand it, Doug, is really what I’m saying. I’m actually saying I don’t understand the math and the complexity. I don’t believe this is just a simple change, is all I’m saying.
John Sweeting: It’s not just for the wait list. It’s for transferred space and preapprovals, everything else. But also if you’re on the — if you want to get on the wait list and you have a /21 worth of space already, and you’re using all of it in the ARIN region, you can get on for a /22 to use out of region because you are in compliance with Section 9, using at least a /29 in the region —
Douglas Camin: /22.
John Sweeting: /22. What did I say, /29? Section 9, a /22.
Kevin Blumberg: To the question, yes, I understand it needs to be worked on. That’s not a question for me. The change is very simple. Do I support it written or not, as written? I just want to understand all of the scenarios. And that’s the key for me for this one and I think for the community, is to understand all the variables that are at play here.
If the AC can give that back to me, then it will be much better.
But I just don’t understand all the different nuances of what this change implies.
Douglas Camin: I appreciate that feedback.
Mike Burns: Mike Burns, IPTrading. I’m going to offer the scenario that prompted this authorship of this policy. We had a client who’s got a /23 in ARIN and wanted to buy another /24 to use in the APNIC region. It’s as simple as that. They were using a /23 in ARIN and wanted to purchase a /24 for use in APNIC. But this policy removed that potential because they have to have a /22 in ARIN.
So if you’re a small business, it’s really a bad policy for you. This business was small. They had a /23. They used it here. They were opening an office in the Asia region. They sought to buy another /24 into their ARIN account. But this policy, the /22 minimum, thwarted that.
Eric Landgraf: Eric Landgraf, Virginia Tech. So, there’s no restriction on what ratio of addresses you have that have to be used in region? This just changes the minimum requirement to be a /24, correct?
Douglas Camin: This changes — so currently if you’re going to justify a transfer, so let’s say you own a /22, and if you’re not using — you have to use that /22 in the ARIN region currently in order to acquire more space, then add more space to your allocation in ARIN. So this would change that minimum to be /24.
So the scenario that Mike Burns just brought up is one company had — they were only using the / — they were one /24 short in the ARIN region of being able to get more space.
Eric Landgraf: But in theory with this, if you had a /24 in use in the ARIN region you could still have a /22, a /20 even, that is in use out of the ARIN region — ARIN.
Douglas Camin: You can, yes.
Eric Landgraf: — that’s registered with
Douglas Camin: That is registered with ARIN. But you couldn’t, under this policy, you couldn’t add — unless you were using a /22, you couldn’t transfer additional space to your ARIN account. You can’t acquire more space because you’re not using /22 in region.
Eric Landgraf: But with the change, it would be reduced to /24.
John Sweeting: John Sweeting, with ARIN. So what you’re saying is correct. With the change, they only have to use a /24 in the ARIN region, and they can get as much other space as they want into that account in the ARIN region to use. They could get a /16 in there if they could justify the usage of it, if by this policy they were using a /16 in the — /24 in the ARIN region.
Eric Landgraf: So, my question is, should this section of the NRPM be reworked such that it requires merely that a majority of addresses be used in the ARIN region?
Douglas Camin: That’s valid feedback. Thank you.
Eddie Stauble: Eddie Stauble, IPTrading. I submitted this proposal.
We do see a lot of small users that do have a /24 in region. They have an office maybe in the UK, one down in Australia. And they can’t demonstrate need, according to ARIN policy. They’d prefer to keep everything in ARIN because that’s where they’re headquartered, but they can’t do it.
So we usually end up sending them to RIPE either to get PI space, which usually comes from ARIN or APNIC, just because that’s the most feasible way for them to do it.
I did not know when I supported — when I suggested this policy that they could get space from the Waiting List. I think it would be reasonable to say, you can justify need, but you can’t go on the Waiting List for it.
Douglas Camin: So I’m going to pull your suggestion out of that. You just suggested that adding a caveat that the change, you still require a /22 for Waiting List?
Eddie Stauble: No, all you just need is a /24 in region that you already have. And if you can demonstrate out of region use, that you can’t go on the Waiting List to get that space, which I think is reasonable.
Kevin Blumberg: Kevin Blumberg, The Wire. I support that. And I’ll just expand on it a little bit. This is two different pieces of text now — one to deal with the old 4.x in the areas there, and the other to deal with the transfer market.
I think — I believe, at least, that you will find a lot more support in regards to transfers where they really have to show their need internally, et cetera, versus this is just a cheap way to get onto the Waiting List with space that you’re playing with that really should be a section, as John said, a Section 12. Let’s look at this because it’s not being used the way it was.
So maybe it’s just split it into two and deal with it that way.
Douglas Camin: Thank you.
Hollis Kara: All right. I don’t see any questions online. Seeing no more from the floor, I think that concludes this discussion.
Nancy Carter: Thanks for your feedback.
Hollis Kara: Thank you, Nancy and Doug. (Applause.)
All right. Next up, I’d like to invite William Herrin to present on 2025-6. This is regarding the formula in Section 6.5.2.1c. Say that three times fast. Or don’t. Green button.
Draft Policy ARIN-2025-6: Fix Formula in 6.5.2.1c
William Herrin: Hi, I’m Bill Herrin, and I’m presenting Draft Policy 2025-6. What this draft does is make a pair of corrections to the IPv6 policies where there were a couple of mistakes made.
So the policy manual Section 6.5.2.1 is where the policies describe how many IP addresses an ISP is entitled to, the maximum number of IP addresses they’re entitled to.
And part C of this section includes both some text, which describes how to calculate the maximum number of IP addresses, and a math formula that’s intended to clarify that text.
And unfortunately, the two do not agree with each other. The math formula produces a different number than following the text does. So this draft attempts to correct that.
And here’s what it looks like. The two key changes here are that in the math formula, the number of sites being served at the ISP’s largest — or the number of customers being served, I’m sorry, at the ISP’s largest site, is replaced by the logarithm of that number of customers.
The reason for that is that the formula is supposed to produce a shift in the net mask rather than a shift in the raw number of IP addresses. That was the mistake.
The second correction is unifying the terms in the manual for Provider Allocation Unit. What is the Provider Allocation Unit? That’s the default number of IP addresses that the ISP gives their customers. ITF recommended a /48. A lot of ISPs use a /56. Whatever number they’ve settled on as the default, that’s the Provider Allocation Unit.
But when you run across The Provider Allocation unit in this policy, and you hit Ctrl-F, to go figure out what it means, you get nothing. When you go to Google it, you still get nothing because when it’s actually defined, they use the words “Provider Assignment Unit” instead. So this unifies these terms on Provider Allocation Unit.
This policy was a proposal received from the community back in May. The AC adopted it as a Draft Policy. And this is the first ARIN meeting at which it’s being presented. Assuming it advances, it will become a Recommended Draft Policy at the April meeting and then be moved forward to the Board.
The next five slides are the Staff and Legal analysis for this draft. You’ll find it in your meeting materials and linked to the day’s agenda. I’m not going to read the whole thing to you. I just want to hit the highlights.
So the first highlight is that ARIN staff doesn’t actually use the formula in the first place. They rely strictly on the text to figure out the maximum number of IP addresses that the ISP is entitled to. And, in fact, they’d be perfectly happy if we got rid of the formula altogether.
The second highlight is that, yeah, they agree that making Provider Allocation Unit a term that’s findable would be a helpful thing in the policy.
So, in summary, trivial change to the policies. No change to how ARIN actually allocates IPv6 addresses. No legal concerns. It’s really just some documentation updates.
Since ARIN relies strictly on the policy text instead of the formula, I wanted to take a moment and look at that policy text. You can see it on your screen here. If you’re reading through that and you understand what it means at the first read, congratulations. I didn’t.
It’s kind of hard to read. And that’s why the formula was there in the first place, to try and clarify this text.
So community feedback so far. There’s been very little feedback on the mailing list. The most notable feedback is that the guy who wrote the original formula posted to say, yep, my bad; this is a correct correction.
So in summary, improved consistency in the policy manual, no change to how IPv6 addresses are actually allocated.
So with that, I’d like to open up the microphones and ask for feedback in hopes that we can discover the consensus for or against this draft or how to improve it to get there.
Hollis Kara: I see Nancy is back with us on stage. The queues are open. Folks can start typing. And pick a microphone, Nancy.
Nancy Carter: Start over here on the left.
Eric Landgraf: Eric Landgraf, Virginia Tech. I think we should just adopt the policy as written, and in the future, just fix this entire section because it’s unreadable and the formula is confusing.
William Herrin: Thank you.
Lee Howard: Lee Howard, unaffiliated. I think I exactly agree with that verbatim. I think perfectly fine with adopting it as written. But as we discussed at lunch, I thought I should say a few things out loud in the community, is I think that one of the things I’ve been talking about a lot today is I want the policies to be readable and comprehensible by a person coming to them fresh and new.
And I think if you’re reading along, you said the text as written is not impenetrable, but it’s a little rough to get through, and then to have math — you have to switch languages from English to algebra, I think it’s going to cause a lot of people to spend more time working on it.
I also think that the term Provider Assignment Unit or Provider Allocation Unit is one more unnecessary piece of jargon. The answer is /48. You are automatically assigned for a /48 to give to all of your customers at the natural aggregable foundries in your network — aggregable, there’s another great piece of jargon.
And the only reason not to give the /48s to your customers is that you’re worried it’s going to push you into a different fee category, fine. You justified a /24 in IPv6 but you’re only requesting a /28. I think we’re all perfectly happy with that.
William Herrin: Lee, just to clarify, that’s how ARIN actually implements this policy. They assume that your Provider Allocation Unit is a /48.
Lee Howard: Even if the organization applying is saying we’re going to give all of our customers a /60 or a /64, ARIN goes, nope, we’re —
William Herrin: My understanding is ARIN doesn’t ask. Go ahead.
John Sweeting: John Sweeting. We won’t force somebody to take a larger block so they can pay us more. We are not in that business.
Kevin Blumberg: Yet.
Lee Howard: That’s not what I heard or what I thought we were saying.
William Herrin: Their entitlement, their maximum entitlement is based on /48.
Lee Howard: Say you’re approved for up to a /24, but I’m only requesting a /28; fine, you can take a /28.
Nancy Carter: Mr. Blumberg.
Kevin Blumberg: Thank you. Kevin Blumberg, The Wire. So the great news is we actually have IPv6 policy to talk about. The policy should just be to eradicate this.
You have bad math that has sat here for 10-plus years that nobody noticed because nobody actually did the back-of-the-napkin math to realize that it was off. You have the staff saying they don’t use this anyway. This is complicating everything when we want to make it easier.
Just get rid of this. But everybody here is right: we don’t do a good job explaining. And the reality is, unfortunately, with IPv6, we shouldn’t be in the business of trying to explain IPv6 numbering schemes to organizations that need it. That is a whole different category of fish.
There are some great documents on how to do it. People in this room could talk for hours about how many sites you have and how many this you have and how you should do it and everybody should get a /48, or, no, a /64, a /60 — you can spend hours talking about it. I don’t think you can put that into policy.
We just need some plain language that helps staff and the person who is doing it get the boundary they need. That’s it. This math is not helping anybody, unfortunately, Bill.
John Sweeting: John Sweeting, again, with ARIN. To Kevin’s point, we actually do have a very good webinar training session that Jon Worley does that is on our website in our LMS that Hollis would know where that is.
Hollis Kara: It will be there soon.
John Sweeting: It walks you through exactly how to figure out — and we should be in the business of helping people with their addressing plan, Kevin, or at least we feel we should be.
Nancy Carter: Go ahead, Doug.
Douglas Camin: Doug Camin, CCSI. I agree with the comments that are made here. We should be removing this formula. Like, there isn’t a place for this formula in the policy. And to all of Kevin’s points about we didn’t notice it for so long, it really just speaks to what we need. And it’s not used.
So I think it should be removed. And I don’t know that even, right now, we need to change the text, just take the formula out.
Chris Rapier: Chris Rapier, Pittsburgh Supercomputing Center. While I agree that we should get rid of the formula that is obviously wrong, I do not agree that we should just get rid of formulas entirely. I’m a scientist. I like formulas. I use formulas to help me understand what text and policy means.
So having an accurate formula there helps me get a greater understanding into what is being said.
So while I agree in large part with everyone else, I’m really good with continuing to have the formula there, as long as it’s correct.
Hollis Kara: I do see we have one question online.
Beverly Hicks: Mohibul Mahmud, from Microsoft. “Given the staff stated that they already implement the policy based on the written text alone, and this formula, even when corrected, remains complex for our community members, why are we prioritizing a fix? Wouldn’t it be the best path to create simplicity and clearer governance to be suggesting removing the complex error-prone formula entirely from the NRPM?”
William Herrin: Thank you.
Hollis Kara: All right. Do we have any more questions in the room? Any more online? Okay, not seeing any. Thank you, Nancy and Bill.
Nancy Carter: Thank you.
William Herrin: Thank you very much. (Applause.)
Hollis Kara: To John’s point, be on the lookout. Sometime before the end of the year we will have that IPv6 address planning course in our LMS. I had the opportunity to demo it. And I actually figured it out, I calculated the right blocks. It’s kind of cool. Didn’t think I could do that.
All right. Onward. Lily Botsyoe with Draft Policy 2025-7.
Draft Policy ARIN-2025-7: Make Policy in 6.5.8.2 Match the Examples
Lily Botsyoe: I have evidence that she can’t see anything from here. Hi, everyone. Good morning, good afternoon, good evening, depending on where in the world you’re joining from. That’s for our online audience. For those in here, good afternoon. My name is Lily Edinam Botsyoe. And I’m shepherding this with Leif Sawyer. So I’m going to scoot this way so I can read from here and share with you what this policy is about.
I just want to say, it’s probably in the same bloodline as the one that just left. So please prepare to come to the microphone again. It’s a bit of, form a line and all of those. So let’s get started.
What we have here as current text is seeking to more or less look at a policy example which conflicts with the stated 75 percent rule because a single-site organization which justifies only one /48 technically meets the 75 percent utilization threshold for a /48 and should, by the rule’s strict application, qualify for the next larger prefix, a /44 even though the examples suggest they should only receive a /48.
That’s what the current language is trying to say.
Here there’s just going to be a little addition, which is seeking to do a little bit of differentiation. So in the Section 6.5.8.2, it reads now, “An organization qualifies for an assignment on the next larger nibble boundary when their sites exceed 75 percent of the /48s available in a prefix.”
Here, what the author is saying let’s just add something to do a bit of differentiation, so we read the same thing, but would add something that reads like this. And that is in the red here. It says, “Unless they have a single site.” So trying to make the text much like the example given so there’s no confusion, I guess.
We want to hear from you. This is presented to you, so that is why I want you all to come to the microphone and share your thoughts. So this proposal was received in May. It became a Draft Policy in July 2025.
Like I said, it’s been very quiet on the PPML, not as popular as others, but maybe we can make it popular here and then we’ll take it back to the PPML.
The impact for this policy, the first one is that for a single-site organization currently receiving a /48, 75 percent of the available /48 and that /48 is 0.75. And that’s where the math comes in. So this one site exceeds .75. A strict reading of the policy would mandate a /44.
Again, the proposed change directly overrides this outcome for the single-site case, ensuring that a single-site end user continues to receive the smaller Internet /48 allocation, and that’s aligning the formal text with established examples. So, like I said, aligning what the policy says with an example to make sure that it’s not confusing to anybody.
We have questions for the community. We want you to come to the microphone and want to hear from you for these three questions.
Should the AC continue to work on this policy? And then the other two we have regarding support on the specific exception to the 75 percent allocation. And the middle, we talk about allocation size, which best serves the single-site end user. So hoping to hear from everyone.
Hollis Kara: With that, the microphones are open, which means please go ahead and come to the front if you have a question or comment on this policy. If you are joining us online, please start typing. And Nancy, the choice is yours.
Nancy Carter: Go ahead, please.
Eric Landgraf: Eric Landgraf, Virginia Tech. I believe this should probably be reworked such that it says, “A single-site organization receives a /48. A multi-site organization then applies the .75 formula,” rather than writing it as an exception to a rule.
Lily Botsyoe: Thanks for that.
Nancy Carter: Kevin?
Kevin Blumberg: Kevin Blumberg, The Wire. Should any company or organization coming to ARIN get a /48? The whole point is that organizations should be able to grow, and if they have limited themselves to one site, period, this is the whole scarcity model over again. And now what they’re doing is they’re coming back for another block, which means they’re now eating up multiple routing slots, et cetera.
So really the question is — again, all of this is old stuff. I remember the 12, the change in the number of sites. That was because of an edge-case scenario that came up.
But the reality is, I think all of this is time to rework it from the ground up, clean it up and start over. We have learned a lot. The reality is most ISPs got a /32, the small ISPs got a /32. There was no thinking about it. You just got a /32.
Then we went smaller and smaller for the end users. And now all of this complexity is here. /48 is actually not correct, in my mind, maybe for a single site where it’s not coming directly from ARIN and you’re not supplying other people and there’s no chance for growth. But how do you know that? There will always be growth. So a /48 isn’t right.
I think for the AC, this should all be cleaned up. If an Org is actually coming to ARIN for space, they should probably get bigger. If they are forced, because of fees or whatever, they want a /48, great. But it shouldn’t be we’re hard-limiting them to a /48 because they’re a single site.
Nancy Carter: Mr. Sweeting.
John Sweeting: John Sweeting, with ARIN. Kevin, just for clarification, so a /48 is for an end-user single site. An ISP has to get at least a /40 under current policy. And Lisa will correct me if I’m wrong, but I don’t think I’m wrong.
Kevin Blumberg: I remember, John, back in the day when the smallest an ISP could get was a /32. Then it was a /36. Then it was a /40. And that was for billing purposes. And there was always a concern that not enough was being given — that they were going to be too frugal with what they then gave out to their customers.
I’m suggesting this is the same problem but the other way around. End users that are coming directly to ARIN that have a need should get more than a /48 to start with.
If they want to be frugal and all they want is a /48, that’s their choice. But the default should be to get larger than a /48 even for a single site if they’re coming directly to ARIN. They’re now going to be using up a routing slot. We don’t want them to use up two routing slots or four routing slots down the road.
John Sweeting: And just one other clarification. Part of the reason for the ISP to get smaller is because ARIN started engaging with some WISPs, the wireless Internet service providers, and learned a lot from them, how they build their networks and what their needs are and what their budgets and stuff are. And so that’s why we have accommodated down to that level. But yeah, I hear what you’re saying.
Kevin Blumberg: Absolutely. It’s in policy. The community is good with it. I’m just suggesting we actually need to go the opposite way because we really don’t have end users anymore, per se, from a fee side of things, but our policy is very much still geared towards that. Let’s help end users — I’m using that in quotes — give them more. Let’s clean up the text.
If you want to do it in this policy, wonderful. I think there’s more of a fundamental cleanup that needs to be done possibly through a new policy.
I wouldn’t just change this, is all I’m saying. I don’t support that.
William Herrin: Bill Herrin, AC member.
Just a reminder that, like all of the IPv6 allocations, these are sparsely allocated. So when the end user gets a /48 and later on they decide they need more, there is a high probability that that mass change to /44 and not an additional block that’s discontiguous. So maybe that relieves some of your concerns. No? I see a head shake no. But I wanted to point that out.
Hollis Kara: All right. Do we have any questions online? No questions online. Do we have anything else in the room?
All right. Don’t see anything else.
Beverly Hicks: Hold on for one second. Sorry, somebody’s trying to type. They put a hand up to wait.
Hollis Kara: One moment.
Beverly Hicks: There we go. Thank you. I have Hendrik Visage from AFRINIC, RIPE member, hosting provider. “Once you come to an LIR or RIR, you typically need to get an ASN, and that would be the need for something like a /44. I have found that I quickly do need extra space for Anycast or any other services.”
Hollis Kara: Okay. Great.
Nancy Carter: Thanks for all the feedback.
Hollis Kara: All right. Thank you, everyone. Thank you, Lily and Nancy. (Applause.)
All right. And on to the next policy. Now, this says “Kendrick,” but I believe Kaitlyn is presenting on his behalf. This is on Draft Policy ARIN-2025-8: Reserving 4.10 Space for In-Region Use. She’s on her way up in her candy corn sweater. Very seasonal. We approve.
Draft Policy ARIN-2025-8: Reserving 4.10 Space for In-Region Use
Kaitlyn Pellak: Hello, everybody. As Hollis stated, yes, I am not Kendrick. I am Kaitlyn. And this is ARIN-2025-8: Reserve 4.10 Space for In-Region Use.
Okay. So our Problem Statement. 4.10 space is reserved to facilitate IPv6 deployment. Aside from general language in Section 9 which pertains to out-of-region use broadly within the NRPM, there are no other explicit restrictions in 4.10 on 4.10 space for out-of-region usage.
ARIN staff are already interpreting this policy as prohibiting out–of-region use of this space. But the intention of this policy is to make ARIN staff’s interpretation explicit to the community.
So our Policy Statement is pretty simple. The current language, IPv4 allocation, will be set aside and dedicated to facilitate IPv6 deployment. This is just simply adding “within the ARIN service region” to the end of that sentence. Pretty simple change.
Again, history, pretty brief. It came in in July of 2025. We determined it was qualified for a Draft Policy in August. And we are presenting it here to the community today.
There hasn’t been a ton of community feedback on this policy. We did get one — we did get one comment in the PPML. They are concerned that the policy language is ambiguous. They said that currently the proposed policy language, the proposed change, implies that 4.10 space could be used out of the region as long as the IPv6 allocation is used within the ARIN service region. So that was just one concern.
Policy Impact. Again, to be very clear, this would not actually impact current 4.10 space. This is simply codifying and making it explicit how ARIN staff is already interpreting this policy. So, again, we’re just basically trying to align ARIN staff’s interpretation with the actual language in the NRPM.
So our questions for the community, I will give Nancy a moment to walk up here.
Hollis Kara: Nancy is on the way up. The queues are open. This is a pretty new draft.
Hopefully we’ve got some questions for our Advisory Council on this one, either coming in online or in the room. Microphones are open. Don’t all fall over each other on your way up.
Douglas Camin: Doug Camin, CCSI, support as written.
Kevin Blumberg: Kevin Blumberg, The Wire.
Support as written. I think you nailed it. It’s implicitly there; the community expected it. Staff are implementing it that way. I guess we have to let people know that this is how the space needs to be used.
At some point I guess the question is, is this also appropriate for the wait list to really, really, really specify it down. I know there’s out-of-region use that’s in Section 9, but do we just need to say, you know what, if you are coming to the wait list, it has to be in region.
It’s not for this policy, but I think it’s a bigger question now for the community. When there’s free pool/reserve full space, it’s not part of the transfer market, does it have to be used in region?
But I support this as written. Thank you.
Nancy Carter: Adair.
Adair Thaxton: These people keep being taller than me.
Kaitlyn Pellak: Same.
Adair Thaxton: Adair Thaxton, Internet2. Support as written. Thank you.
Hollis Kara: All right. Do we have any questions or comments coming in online? Nothing coming in online. Do we have anything else here in the room? All right. I think we’re good. Thank you, Nancy and Kaitlyn.
Nancy Carter: Thanks for your feedback.
Kaitlyn Pellak: Thank you for making that painless, everybody.
(Applause.)
Hollis Kara: If you thought you could get out early by not saying anything, you were wrong.
We have the great good fortune of having a guest here with us. Geoff Huston is here from APNIC, and he’s kindly offered to give a presentation on Internet evolution and IPv6.
We don’t often get to feature a guest speaker at our fall meeting because of the compressed schedule. But I’ll give him a moment to get himself up here. I’m really happy that Geoff has volunteered and offered to jump in and share his thoughts.
(Applause.)
Internet Evolution and IPv6
Geoff Huston: Thanks a lot for that. And I’ll try to sort of elevate above the day-to-day mundanities of /48s here and /24s there and all that kind of stuff, and actually talk about the industry we’re in and trying to understand where and how it’s going. What time have I got? Have I got until 4:30?
Hollis Kara: You’ve got until 4:45. Go for it, man.
Geoff Huston: Let’s go all the way back then.
(Laughter.)
I’m not sure many of you can instantly recognize that’s a VAX-11/780. I can, sadly. Weird machines. But that was the lingua franca. This is why IPv4 was so revolutionary, because at the time that photo was taken, there are a hundred thousand of these computers in the world. And that was a lot.
And we looked at the IPv4 address space, 4 billion and said: What is your problem, dude? We’re here forever. And in some ways, too, the thinking about networking was actually, I suppose the best espousal of networking was Ethernet. It was a cable.
There was no technology. There was no switch. There was no transistors. It was the simplest network you could ever have. It was a cable.
And everything happened at the edge. And that’s why Ethernet took off, because everything was in the connected computers. The network was just a piece of cable.
And, in essence, the network was just transmission. Everything else was in the mainframes. Dumb network/smart devices.
What this meant is that the money wasn’t the network’s problem. Your problem. You were buying the machines. You were maintaining the software.
So the Internet was just packet switch data. But, in essence, it was your machines doing the switching, not the network. Simple stuff.
But the silicon industry are really, really weird people. They’re just out of control. Moore’s Law is such a hard taskmaster. At the time that this was being done, it wasn’t doubling every two years; it was doubling every year.
They were taking the same single idea from 1957. I can put two transistors on a single silicon substrate. Aren’t I clever? And going, well, if I could do two, I can do four. If I do four on the same silicon substrate, I can do a million. If I can do a million — and that just went out of control. But the issue is who was going to buy it?
Well, the funny thing was that not only were they making it smaller, they were making it cheaper.
And so the industry really had a problem. It wasn’t, how do I sell a million mainframes into every residence in the country. You know, that was never going to fly. But if I could take advantage of what the silicon industry was doing and package it to the point that it became a consumer item, then everything changed. Everything changed.
And although the picture there is of — I don’t know; it’s some kind of IBM stuff or something — I actually think the person with the thought process was Steve Jobs. He understood that it wasn’t geeky, nerdy stuff speaking some job-control language of weird hieroglyphics. It was a machine that said hello. It was the machine in the terms of the environment that we were looking at.
So the rise of the personal computer was actually the rise of computing as a consumer theme. We started to do a distinction there because consumers, on the whole, don’t run web servers, mail servers, file servers. Well, some of you do, but you’re special, okay, just special.
The rest of us, it’s like television, you know? Slightly better programming control. That’s all we want. I’m a customer. I’m not a provider. I don’t actually want to host services. And I don’t want them in my home. I just want the television box.
Interestingly, we built the network of the ’90s around that, which was actually really convenient, because the one folk that didn’t grok it, just did not. And the network that was never going to grok it was AT&T and their copper-twisted pair network.
It wasn’t fast enough to run services out there at the edge. And the way it was actually built was you only talked for five minutes and then you hung up because you got bored with speaking. All the calls radiated inward. You know, everything was wrong with that network. So when we tried to put data on it, we couldn’t make the edge compute-centric. They were just televisions.
So we actually invented to make this the client server network. And all of our stuff became asymmetric. Mainframe computer was both. The PC at home, the PC even on your desk was not. It was a slave. It was the thing that simply said: Look at the data out there; I’m really good; I’m showing you what’s happening remotely.
And we applied that entire asymmetric process back into the network architecture of the Internet itself. So it wasn’t just this machine can do anything. If you’re a client, you couldn’t do much at all, but you could make contact with servers. So numbers went up. We started growing and growing and growing.
We’ll get to 2000 and you get the first of these, you know, this is what we built. And compared to the modern AI data center that some folk are, you know, having wet dreams about or something, this is just small-scale stuff, you know. It’s only a room or two. It’s only a few, you know, hundred megawatts. It’s not a gigawatt or two. Oh, my God.
But you see the specialization at the server side. All of those services are now crammed into these sort of really dense points. We started building large-scale exchanges and peering points and so on. And then it moved into sort of the whole thing about traffic engineering.
And it was kind of interesting that at the same time, we were expanding the base, and the silicon industry was working like crazy to make it bigger and cheaper. The other application of silicon was doing similar magic. Because when you try and push a laser through fiber, you’ve got to watch the other end and decode the signal.
And that digital signal processing phase requires a hefty dose of silicon. But if you can improve the processing power, keep the size constant, you can salvage double the signal and double and double and double.
And so the reason why you can push up to almost a terabit of signal, of bit capacity through fiber, is not because Crown Corning is doing anything different with the glass. It’s not. It could be the same glass from ‘95, for all anyone knows or cares.
But the processing at either end, and in particular the digital signal processors, if you are using three nanometer feature technology, you can pull 800 gig. It’s tough, but you can.
And so this silicon revolution wasn’t just in acres of racks of servers and all that kind of stuff. It was also in the underlying communications capacity. And that had a fundamental impact.
But there was kind of two models going on. The networking industry was kind of seeing stuff drifting into the computer center, drifting into the data center. And they’re kind of going, if this stress continues, we’re going to be broke; the network will add nothing. We need to do something.
Quality of service, MPLS, segmented networks, piles of Ethernet VXLAN, blah, blah, blah blah, blah, sort of not really understanding that the fundamental magic of the Internet was actually pushing technology off the network out to the edge, whereas, the network guys are going, now, hang on, I can do better. I can do even more. Please, users, spend some money with us. This router’s got a zillion lines of code. It’s really cool. You should buy 20 of them.
And everyone else was kind of going, my machine does all that in my data center. I’ve got it off the network. Surely I’m better off. We kept going. We kept going.
And the variety of the networks sort of multiply, but at the same time we were just using the same basic technology where the Internet is this single adaptation layer that takes a myriad of transmission technologies. ‘Cause who cares? And also takes a whole variety of service application points and go, that’s fine. As long as you’ve got enough bandwidth, quality of service is there. You don’t need to adapt to it. You don’t need to ration when there’s so much around that you just adapt.
And that was why the Internet is now a what? Close to as old as Ethernet. In its original incarnation, it’s 50 years old. In sort of the version we know, I think it dates from about ‘81 or ‘82. It’s kicking over 40 years.
And I look at my house and the technology in it. Do I have a 40-year-old television set? Nah. Do I have a 40-year-old-technology toaster? No. That died years ago. Fridge? No, none of that stuff.
About the only piece of technology in my house that’s that vintage is the software running on, you know, even my phone. That’s 40 years old because it was built in a different kind of model of being, ultimately, scalable by orders of billions.
So you’re trying to do today what I think all of us try to do in our jobs. Perfecting yesterday is no fun. You might have made mistakes and want to do it again. But, you know, time travel doesn’t exist. It’s tomorrow that we’ve all got to worry about.
And what you’ve got to understand is that the seeds are what shaping tomorrow. And it’s getting pretty scary. It’s getting pretty scary when countries are the only entities big enough to build AI data centers. It’s almost beyond the scale of individual companies. There are very, very few.
But, you know, Malaysia is going to have one. It’s like the mainframes of the 1970s. Malaysia had one, then two. We’ve got back to this extraordinary large-scale engineering. So what does the future hold — bigger, more expensive or more distributed? What’s the drivers?
This industry spent 100 years rationing scarcity. That’s all it did. It wasn’t expensive to put in a wire between Chicago and New York. But if 100,000 people wanted to use it at once, woohoo, the people who pay the most can get the use of it and everyone else will have to wait. So a lot of the margins in this industry is taking a finite resource and applying a scarcity premium to it.
What have we done to that scarcity? Oops.
There is none. You look at transmission — and we are seriously talking right now submarine cable systems with an entire system is measured in terabits. Individual wavelengths on individual fiber strands on individual polarization is now kicking one terabit.
This is not scarcity. It’s not even vaguely like scarcity. It’s kind of, how much bandwidth do you want? I’ll double you. I’ll raise you by a factor of 10 because, you know, I can. That is an “it’s amazing” slide. It kind of relates capacity to computing to the actual state of the digital signal processors coming out of chip fabrication.
So the first thing is, this is not a world of scarcity. When I can get a gig to my house for a few bucks a month, we’ve solved that problem. And so can you. It’s solved. Compute power. Solved.
I seem to recall, when I was working at the university in the ’80s, that this amount of computing on my wrist was costing them a million bucks. It was a supercomputer. It had an army of people servicing it — on my wrist.
If you look at that scale — obviously it’s logarithmic because you couldn’t do it any other way — but we’ve now managed to make processing not a rarity.
You couldn’t afford AI even three years ago. It’s just you needed an extraordinary amount of computing. Guess what we have? An extraordinary amount of computing.
So, you know, processing is not scarce. It’s abundant. Storage, same kind of problem. It hasn’t gotten any faster for about 15 years, but there’s a lot of it. I don’t know about you, but my laptop has two terabytes of solid-state memory. I’m, like, two terabytes?
With mainframes, you sort of sit there and go, wow, that’s a really big 500-meg disk. It’s the size of a washing machine. Remember them? It’s not a Fujitsu Eagle, it’s a great drive. Two terabytes — inside the laptop.
This will have two terabytes within them in a couple of months. So abundance. What happens with abundance?
Well, that’s the driver of today’s Internet.
That’s completely different to the last 100 years. Scarcity drove this industry. And now you’re in a different industry where almost everything is being commoditized and being overwhelmed with capacity.
And now we used to use pricing to actually ration that scarcity and distribute the good. Pricing doesn’t work. So if you’re a carrier, life is grim. Because that was the carrier’s job, to take a single sort of piece of resource and share it amongst the folk who wanted it. And because it was scarce, they could demand a premium. Didn’t Sprint sell its network to Cogent for a dollar? They probably paid too much.
(Laughter.)
So what have we changed? We’ve destroyed the network — completely. Because the network was a just-in-case delivery network, right? But now we’ve gone on — I’m sorry, it was on demand.
We were actually staying, if you want this resource, send some packets over there, start up a TCP session, use an HTTP session, get it to you.
Microsoft was the black hole of distributing Windows because everyone was making connections to Seattle.
We don’t do that anymore, do we? We don’t sort of sit this stuff over there and say, come and get it.
For everybody in this room, I think without qualification, 90 percent of your traffic has traveled, oh, 10 kilometers except if you’re really out in the woods. And, you know, good luck to you. But we’ve now managed to populate replicated content everywhere.
Google, bless their black little hearts, knows that I’m in Dallas. They have taken my Gmail and said, aha, Geoff’s not in Australia, I will load up the cache here because I know. And all of a sudden, Gmail is really super fast, again — just in case, I read my email. Fair bet, Google, I do.
But you see what’s going on that we’re changing the entire delivery system into — well, you might want it. Every Netflix sort of caching point has the entire inventory. You don’t grab stuff from far away. The packet miles are tiny. The packet miles are tiny — because the currency of networking is distance.
And if you shrink the network from the globe to the continent, to this room, as we all knew with Local Area Networks, the shorter the distance, my God, it’s fast. My God, it’s big.
If you can build an Internet that looks and performs like a Local Area Network, where’s the scarcity? Where’s the performance issues? It’s gone. Because when you shrink distance, everything is easy.
So now it’s bigger. We are talking terabits and we’ll continue to talk terabits or more. We just put all the content in all the places all at once because that’s what abundance is.
And we also did it in the mobile system. How fast do you want your mobile phone to run? A gig? You can do it. 10 gig? You might have to wait for a couple of years. Maybe three. That’s about the equation of what we’re doing in abundance.
So, all of this is actually allowed us to move a network which is phenomenally big because it’s not distance big; it’s capacity big. Because when you shrink distance, it’s the same law of physics. It’s just that in networking cost is distance squared.
So when I halve the distance, I don’t halve my costs. I bring it way down, factor of four, factor of five. Speed is distance squared too. All those protocols that go, hi, here’s a packet, have you got it yet? How long should I wait for it to know that I think you haven’t got it yet?
Well, if the round-trip time between you and me is one millisecond, I don’t wait for very long. I know you haven’t got it or I do within a millisecond. All of a sudden, when you bring distance down, protocols sing and dance like they never could before.
So, now, packet miles has been reducing. This stuff is now fast, really fast. Not only do I get a gigabit per second to my house, but I can actually pull down content with a cooperating server or two at that same capacity. I can actually make it work at that speed. It’s not just on paper; I can get it delivered because of shorter distance.
So bigger, faster and, yes, Moore’s Law is prodigious — cheaper, cheaper, cheaper, cheaper. I don’t pay much. In fact, my salary has gone way up compared to how much I’m paying in real terms.
If I took Internet service and pushed it back to 1970 dollars, that gigabit, five bucks a month of 1970 dollars, maybe less. My God, who’d ever thought? No one. They would think you’re fantasizing or on some great 1970s drugs.
One way or the other, this is a massive revolution in the way we think about this because moving stuff around is really, really cheap. There’s no profit in it anymore. It’s just really, really cheap.
A form of luxury service is almost a necessity, but it’s certainly a basic commodity, a mass-market commodity. Oh, I live in the hills. Elon has the answer, and it’s really fast, too. As soon as I put 10,000 of them up in the sky — and he has — you can get up to 300 megabits per second wherever you happen to be on the surface of the planet. Oh, my God.
So cheaper, faster, bigger, yeah? Everything we always wanted and always said, I don’t know if you remember, two out of three. Can’t deliver cheaper, faster, better. One of them has got to go. No. Thanks to chips, all three all at once.
So that’s the euphoric side. But we’re down at feature sizes of three nanometers. How big is three nanometers in terms of atoms? About 50? 100? Can I go to one nanometer? You can try. The problem is electrons — and let’s assume they’re particles because, you know, quantum theory, blah, blah, blah, who knows — but down at one nanometer they have a mind of their own. They tunnel, the bastards.
And you put down this nice track, and it kind of goes, tracks, I don’t care. At one nanometer, I’ll just chart my own path. It’s hard to get this even smaller using today’s planar technology. That thing we did in ‘57 is getting close to how far we can go. We need to be really smart to get more features in.
So we can see it in processor speed. You’re starting to see it in gate counts. Gate counts are not doubling every two years. No one’s announcing the 4 trillion transistor chip. And I’m not sure they ever will.
This technology, as it stands, is close to that physical edge, and someone’s got to be really, really, really off the wall clever and do something none of us have thought about to get past that.
Now, we should be concerned, because in some ways what we’ve been doing is exhausting our infrastructure. Like, IPv4 and Ethernet was great, but it only had 4 billion addresses. Right? And scarcity was actually one of the few things that was sitting there going, in a world of abundance, you’ve got a problem.
And what we did, was we papered over the crack. Number of things talking? Billions. Number of addresses to let them talk to each other? A lot less than billions.
The gap, let’s just be smarter. Let’s employ computing, processing and edge-based systems. You call them NATs. Doesn’t matter what you call them. It’s bridging that gap between the capabilities of the technology and how big we wanted to deploy it.
And so that infrastructure complexity just got higher and higher and higher. And that embedded processing in the network starts to become problematical. There’s a whole lot of networking. But NATs running at terabits per second is kind of an interesting question — i.e., I don’t think we can do it at that kind of speed. You know, there are real limits going on there.
And this kind of gap means that if you really want scale, really, really want scale, then at least at the moment you’ve almost got no choice. If you want to build over the next few years all that’s left at speed and scale for new builds is IPv6. Who got the message? Not you guys. India got the message in 2017 and rolled out a IPv6 network across a billion users.
That’s getting the message at scale. At the scale they needed to do to be a part of today’s world.
That’s a problem. They managed to solve it quietly. None of you were employed — some of you may have been employed as contractors — but they did it largely there in India on their own. Amazing feat.
China, you know, it surprises me to say this: I don’t think they’re as organized as the Indians — which, you know, is contrary to all popular mythology about India being a complete mess. The Indians are organized. The Chinese are taking quite long. And there’s a lot of sponsorship, so we really need to do this at scale. Same kind of scale, billions.
But kind of IPv6 is their only way out right now. And so you see, they are on the move because they don’t have the piles of IPv4 infrastructure, which has given this market the time to take things at a more leisurely pace.
The sense of urgency and gaps to be filled is not in North America. But that doesn’t translate to China. It doesn’t translate to India. And that explains it, but no one is stopping it. It’s continuing on. There’s no end here. It just continues to scale and push and scale and push.
And there’s another tension coming, and it’s the tension inside the protocol stack because the network is the commodity sewerage pipes. Meh, nothing to do. All the intelligence is moving up into this supercomputer in my pocket and the things that it wants to talk to.
The application is now the service. Everything else doesn’t matter. All the money — who are the giants in this world? Let me think — Google, applications; Meta, applications; Microsoft — oh, I guess it’s applications.
You go through that inventory, and the trillion-dollar companies are actually at the top of the application stack; they’re not pushing the packets.
The longer-term evolution of this is kind of interesting. If the 1980s was a miracle because they finally got it, what AT&T was doing was end of life. The network didn’t matter. The edges do.
That’s the entire Internet philosophy. Push everything out of the network, the edges matter.
Coherent address technology kept that dream going. What’s today’s innovation? I’m pushing.
I’m still pushing. I use Cloudflare for my web service. I’m, like, it doesn’t matter. I’m here in Dallas. This phone has some IP address. My website has some other IP address that references something here in Dallas.
I go back home, same website, different address pair. What was my website? An address? Nah. Not even remotely tied up to the identity of the service. We’re tying the Internet together with the DNS. And while you’re having a meeting here to talk about addressing in Arlington, Texas — whoever new Texas had Arlington? I didn’t. The other meeting that’s drawing to a close is the meeting of the DNS folk in Dublin.
And when, I must admit some years ago, career-wise, I was going, names, addresses, names, addresses — I made a dud choice. I swung over into the addressing. I thought these guys were cool. The future is in the DNS.
The future of this kind of networking is names. Why? Names scale. We haven’t even started to scale the DNS. Whereas the addressing world, the scaling has been painful. Let’s switch from IPv4 to IPv6. We are still living the life. I just heard a day of this stuff. It’s hard.
I don’t hear the same stories about scaling the DNS. Take a domain name and have fun. Go and enjoy yourself. There’s no coordination. It’s my domain. Those are your domains, you know? It’s a different kind of model, and it really is scaling like crazy.
That evolutionary shift is not going to stop, not. The longer-term evolution is the namespace evolution. DNS services now underpin the entire security of the Internet. Who needs routing security?
Well, if I get routed to the wrong place, the TLS exchange fails. It doesn’t matter that I got routed to the wrong place. It matters that I’ve reached the wrong site, and only TLS can tell me that’s the genuine site. Only the name system provides security for today’s network and authenticity. The underlying security of routing and so on, nah, incidental, oddly enough.
So what are addresses? Well, they’re merely ephemeral tokens to stop routers getting confused.
This is my stream; this is your stream. They don’t need to have long-term permanence. And as we have seen with NATs that run the entire IPv4 world, all they need to do is last — I was going to say for the length of a session, but I’m lying because, quick said, as a protocol, Oh, you need to have a stable address for two round-trip times.
So I need to have a stable address for my packets for, oh, in a short network, for me to that data center just over there. Oh, about four milliseconds. Then go and change it. I don’t care. Addresses don’t matter anymore. They’re totally malleable.
Names really matter. And the pressure from the transition to IPv6 has been alleviated, not because we’re lazy, not because we didn’t have the budget. It’s because it didn’t matter to consumers. That if I was able to contact the services by name, everything is working, dude. There’s no problem.
And that’s why it’s really hard to persuade people who actually are sitting there on a saturated market, going, you’ve got to do IPv6. Why? My customers are going to pay me the same amount, and it’s name-based anyway. It won’t make any difference to my bottom line.
So the pressure has been removed to transition to IPv6. And all of that slack is being taken up in the DNS. And the DNS is quietly going, not a problem, give me more, because it’s actually managing to scale in ways that we never thought possible.
So, we need to scale further. We have to scale further. And it’s service-level scaling that’s the challenge, right up at that top level of trying to orchestrate named components. Building massive AI data centers is a losing proposition in the same way that building ever-bigger mainframes was a losing proposition.
At some point, it’s not a matter of black holes getting bigger; it’s a matter of dispersing even larger loads across an ever-broader capable system.
That was the secret to get out of the whole mainframe nightmare. And I suspect the entire massive AI data center, UEC, Ethernet, et cetera, is a passing fancy brought on by overenthusiastic venture capital.
But I think we’ll be smarter than that. I think we will distribute that. We’re going to push it and smear it, the same as we’ve always done, because making my problem everyone’s problem is the way we do scaling. Thank you.
(Applause.)
Hollis Kara: Thank you, Geoff.
(Applause.)
Do we have any questions for Geoff before he leaves?
Geoff Huston: Oh, this is ARIN, there are always questions.
Hollis Kara: I know, it feels like a silly question to ask, but I ask anyway.
Lee Howard: Hi, Geoff. Lee Howard, unaffiliated. Always fun, of course. I will note, I felt like I should note, for the deployment of IPv6 in India versus China, the first large deployment of IPv6 in India wasn’t because the nation figured it out; it’s because one multibillionaire decided he wanted to build an affordable telco, an affordable mobile carrier, and couldn’t do that if he had to buy a lot of IPv4 addresses. That was where it started, one guy —
Geoff Huston: One guy with a $2 handset dream and a 50-cent service dream, challenge to do that in IPv4, can’t do it.
Lee Howard: Exactly, and I encourage every other multibillionaire in the room to go do that as well.
(Laughter.)
The other thing is, I guess a question for you is you pointed out 12 slides ago or something about we’re reaching the limit, or we have reached the limit of the number of the clock cycles, right? It’s about where it’s going to be.
And as we may be adding transistors but we’re going to stop doing that because you can’t — it doesn’t really make any sense anymore. But does that mean we’re going to be putting additional pressure on those carrier-grade NATs and we’re going to begin adding latency, because as they become bigger and bigger —
Geoff Huston: This is the billion-dollar question — in fact it’s the trillion-dollar question. What Google’s biggest threat to its current monopoly? The future, because if Moore’s Law keeps on operating one of you are going to have a bright idea and in two years’ time, it will be so damn cheap, Moore’s Law, that you’ll be a threat in a few of these cycles of evolution.
So, Google buys up, they all buy up all their potential competitors because Moore’s Law is unrelenting. My current infrastructure has a use-by date I can measure in months.
What if Moore’s Law stops? Whoa! That means the music stops. That means the threat model of the future has just been devalued by a thousand percent. That means the giants of today don’t need to worry as much to be the giants of tomorrow.
And the fact that we’re hitting these limits and trying to go to 3-D silicon lattices to make it bigger, faster, cheaper, and no one knows how to build silicon lattices — we can say the word. It’s a bit like quantum computing; we know how to say but we have no idea how to build a really big one.
That’s the problem. Because if we can’t get there, we’ve stopped the speed of evolution, which locks the incumbents into place and makes them harder to unseat.
Lee Howard: I’m kind of, I think, trying to bring it just a little bit closer to home. Assuming we don’t have a quantum AI CGN, that we’re going to begin using IPv4, as we have been, you’ve said — we’ve taken away the problem. The problem scales. We’ve got NATs. It solved the problem. And we no longer have a scaling problem.
But if we begin having a scaling problem because NATs are going to begin introducing latencies that they don’t introduce now, now do we have a new market driver for IPv6 because we no longer have that 40 milliseconds to the local data center.
Geoff Huston: Counter argument, it’s the DNS, dude. We don’t care as much anymore.
Lee Howard: DNS is not carrying my query to Google.
Geoff Huston: Oh, yes it is. There’s a brilliant presentation, and one of them I really like is a bit like, you know, whatever is the new black, DNS is the new routing. There is no BGP anymore. It doesn’t work like that anymore. Everything is in the DNS.
Lee Howard: And now we have NAT for DNS with DoT and DoH, and it’s sort of obscured and harder to get there.
Geoff Huston: But anyway, I should have caught the plane to Dublin before I started down that line of thought. Thank you very much.
Hollis Kara: Good save, Geoff. Thank you so much.
(Applause.)
All right. Thank you for that interesting presentation because it was interesting. I learned something.
All right, now we’re on to our Open Microphone. I’d like to invite John Curran and Nancy Carter to come up, and we will be opening the floor for questions, comments, thoughts and opinions from the audience.
Open Microphone
John Curran: Okay. It comes to that Open Mic at the end of the day. Microphones are open for any questions you might have.
I’ll get things going. It occurs to me earlier, someone asked me, “Do you need to sign an RSA to transfer address space?” And I said, yeah. Well, I only deal with a subset of transfers. I deal with all the ones that are colorful, fuzzy, all sorts of strange circumstances. And they’re all 8.2 transfers. They’re all cleaning up things that aren’t named under the organization that should be. And all of those, yeah, we require an RSA.
If you’re doing a very clean 8.3, 8.4 transfer, it’s in your name, everything’s fine, yes, it is possible for a legacy holder to do the transfer without entering an RSA because we don’t have to do the 8.2 org recovery, et cetera, et cetera.
I forgot there’s simple transfers in the world, and I should have checked with John. There are some, very few, increasingly few, as we get to the bottom and we’re scraping that barrel. But they do exist. For those, you can do a transfer if it’s in your name and it’s appropriate.
Increasingly, though, we see people with the ones that require an RSA, because the first thing is an 8.2 transfer.
Tina Morris: Tina Morris, AWS. John, I just want to clarify one thing real quick. Are you trying to say you were wrong?
John Curran: Oh, yeah. (Laughter.)
Not only — not only am I wrong, I’m proud to say I’m wrong. You know? The thing is, if you don’t live through your mistakes and admit them, they become institutionalized. So I’m the first one to say I’m wrong. And I will say, no, I’m not up here often doing that.
(Laughter.)
Hollis Kara: Do we have anything else in the room or online? Come on, guys, it’s Open Microphone. Let’s do this. Kat, go ahead.
Kathleen Hunter: Kat Hunter, Comcast, ARIN AC. Speaking as Chair, actually, since it is election season, one thing I wanted to point out is for the Advisory Council selection slate, everyone is listed as “Qualified.”
I have had numerous questions why current AC members are not listed as “well-qualified.” Why is everyone “qualified”? There’s a lot of people in this room that know why that is. There was some back history, where it had disenfranchised certain people.
But I do have a concern that maybe we’re having the opposite effect now, that maybe the AC that are up for re-election do not meet the standard of “well-qualified” of people that are not always at this meeting to know that there’s a different set of rules for the AC slate.
John Curran: So the criteria for “well-qualified,” as Mr. Sweeting explained earlier, has to do with not only meeting the qualifications but meeting additional criteria set by the Board of Trustees in the guidance letter.
The guidance letter talks about what additional things the Board has identified as gaps, either present or future, that need to be filled. And it’s done for Trustees.
Last I checked, we don’t do — we don’t have a guidance letter that has any qualifications for AC, so we don’t have any way of identifying “well-qualified.” You’re all equally qualified.
Kathleen Hunter: I agree with that, but my suggestion would be to not put anything next to the names.
John Curran: Excellent point.
Kathleen Hunter: I think the “qualified” makes it look like there’s an option for something else.
John Curran: Okay. Good point. The governance committee is very active in this area. There’s been a lot of work being done, and we’re going to put that in as part of their discussion, because as the Board actually just looked at a set of documents the other day. But we can — we have time before the next year to cycle this.
Kathleen Hunter: Okay, thanks.
John Curran: Thank you.
Adair Thaxton: Adair Thaxton, Internet2. So, I was looking at all the candidates and trying to go through and reference everything and figure out how everything ties in together, and there is actually an option that is not “qualified” for AC and NRO NC nominees. It’s called “unable to qualify.”
All of our people are qualified. That’s awesome. And I’ve requested, I’ve sent a surprisingly long email to Amanda with some things that I thought should be cross-referenced on the elections page.
John Curran: Yes. Microphones remain open. Go ahead.
Sindhu Bandlapalli: Hi, Sindhu, Colovore, a current Fellow. Again, thank you for the opportunity. And it’s been a great — everyone has been so kind and they’ve been patient — patiently answering all my questions. So I really appreciate it. I’ve been scribbling down my thoughts so that I don’t forget.
I’ve been thinking a lot about AI and automation, how they’re transforming the way organizations operate, not just in governance and policy but across everything. People and companies are spending billions of dollars in AI at the moment, and it’s impacting all of us in one or the other way.
As a community-oriented, nonprofit organization, ARIN is in a great position to explore innovation responsibly. Even starting small, maybe using AI for noncritical things like summarizing discussions, organizing archives or highlighting key updates could make participation more accessible and efficient.
So this is just a suggestion. We don’t have to implement anything right away. But it wouldn’t hurt to start experimenting. Introducing even a small element of innovation could really help modernize how we collaborate and keep ARIN future-ready.
John Curran: Thank you very much for that suggestion. I will say if a member of the Board of Trustees has whispered in your ear to come up and ask that, that would not surprise me, because they actually have whispered the same thing to me on multiple occasions.
We’re actually looking at AI. We have an AI policy on usage of AI within ARIN. And we have to pay a little attention to that because we do deal with customer-confidential data. And AIs enforce security by thinking they’re not going to give you data unless someone tells you to. And that’s kind of nerve-racking.
We right now aren’t using AI as much as we could because we’re a little concerned about the sharing potential. But we’re actively looking at it. The Risk & Cybersecurity Committee has us exploring that as well, not only from the risk perspective, but some of you have gotten creative in what you submit and might be using AI to do that. If you’re using AI to do that, I’d like to use AI to catch you. It’s a very active discussion.
We are using AI right now internally for nonconfidential data. We’re hoping to do it with more. It may require a little infrastructure to do it in a way that doesn’t endanger your information. But the Board has said the same thing you just said in the last 72 hours to me and earlier this year as well. So yes.
Sindhu Bandlapalli: Thank you.
John Curran: Thank you. John?
John Sweeting: John Sweeting, with ARIN. Just want to let everyone know, the election is off to a great start. Three hours in, we’ve passed quorum, but keep voting. Vote, vote, vote.
John Curran: Vote, vote, vote. Thank you. Microphones remain open.
Adair Thaxton: Adair Thaxton, Internet2. I just want to say, compared to previous ARINs I’ve attended, there’s been absolutely reprehensible lack of dad jokes.
(Laughter.)
So given Geoff’s keynote, I wanted to say, how can you tell when a network engineer is in love?
John Curran: I don’t know.
Adair Thaxton: They memorize their partner’s IP address to skip the DNS overhead.
John Curran: That’s funny.
Hollis Kara: Looks like we have one question, comment, from online.
Beverly Hicks: Yes. Preston Ursini. “John, for those of us who want to get more involved in ARIN, especially from the operator/engineering side, what’s your advice on to start contributing more meaningfully?
“Related to that, are there any plans to make more operational data transparent, like RPKI adoption rates, route-validation metrics, inter-RIR coordination stats? That kind of visibility really helps drive engagement. Thanks for taking the time to connect with the community and make decisions accessible.”
John Curran: Okay. Good feedback. We are looking at trying to make more of our information available, and also doing more technical sharing of data. And the point is well taken. Thank you.
Hollis Kara: All right. Do we have any more?
John Curran: Microphones remain open.
Nancy Carter: I have a question. Why is that there?
John Curran: That’s not me.
Hollis Kara: We got ducked.
John Curran: We have a visitor. It appeared.
Hollis Kara: I didn’t do it. It wasn’t me.
John Curran: Microphones remain open. Remote participants. Seeing none, I’d like to do one more thing and invite Mr. Sandiford up on stage.
(Applause.)
Hollis Kara: I have the remote.
John Curran: Next slide. One more thing.
Mr. Sandiford, thank you very much. On behalf of the organization, I just want to say it’s been wonderful having you, 17 years of service both on the AC and on the Board. And, quite frankly, we couldn’t have done it without you.
We collected a few of the more memorable photos. Just wanted to say, you know, truly you’ve made ARIN what it is today. And we’re just very happy, very happy for everything you’ve done.
In recognition of that, we have a small token of appreciation. You can open it up if you want to.
Bill Sandiford: Thank you, John. Thank you.
(Applause.)
John Curran: Very good. One more time. Truly memorable. Thank you, everyone. With that, I would like to thank everyone. And I’ll turn it over to Hollis for the closing remarks. John, one more.
John Sweeting: I just wanted to say, if anybody wants to know who to blame for the 17 years of having Bill around —
Bill Sandiford: This guy.
John Sweeting: I recruited him in 2009 at an Interop in Las Vegas.
(Laughter.)
John Curran: That’s not blame, That’s thanks, John. Thank you very much. At this time, Hollis, closing remarks. Thank you, Nancy.
(Applause.)
Closing Announcements and Adjournment
Hollis Kara: All right. Thank you, everybody. I think we’ve had a good first day. I think we’re about ready to wrap it up.
A little bit more audience participation, with thank-yous for our sponsors. If I could have a round of applause for our Network Sponsor, AT&T.
(Applause.)
Our Platinum Sponsor, AWS.
(Applause.)
Our Silver Sponsor, IPXO. (Applause.)
And our Exhibitor Sponsor, IPv4.Global by Hilco Global. You’re not going to catch me. I’m going to get it right.
Again, we’d like to also thank in advance our social sponsor tonight, Kalorama. We hope you’ll join us at AT&T Stadium. The social will run from 7 to 10:00 p.m. It’s a walking trip. If you need assistance getting over there, please do stop by the Registration Desk and find out about some accessibility support we have to get over there. It’s a little bit of a hike. Please do remember to wear your badge. And the specific directions were in your email this morning as to where to enter the stadium.
Please do join us tomorrow, 8:00 AM, if you’re here on site for breakfast; 9:00 AM here in the room for the final day of ARIN 56.
And thank you, again, for all you do to help make this community keep going forward and doing what it needs to do. So, thank you for being here.
(Applause.)
(Adjourned at 5:00 PM.)