ARIN 57 Public Policy and Members Meeting, Day 1 Transcript - Monday, 20 April 2026

Opening and Announcements

Hollis Kara: All right. All right. Okay. Kind of waiting for the line to drain on the coffee bar. I know that’s an exciting addition for everyone.

I’m Hollis Kara. What do I do? Why am I here? I don’t know anymore. I’m the Director of Communications for ARIN. This meeting, I’m also sharing duties on conference management. So if I seem more frazzled than usual, that’s why.

Everybody say hi to Melissa. She’s playing along from home. She’s very sorry not to be with us. Hopefully everybody’s found the Wi-Fi. If you haven’t, registration can help you out at the front. But let’s get through some welcome announcements and get the party started, why don’t we?

All right. First of all, do I have all my Board members in the room? Pop up. This is the audience participation part. These are our wonderful Board members, they volunteer tons of time.

(Applause.)

Please find them. They’ve got ribbons on their badges. They’re going to be happy to talk with you through the meeting about anything that you have questions about.

Advisory Council, hop. All right. Here we go. We’ve got our 15-member Advisory Council.

(Applause.)

They’ll be running our policy process —- they shepherd the policy process. They will be running the policy-discussion portion of the presentations tomorrow, and we’re happy to have them here. They put in a ton of time. So we really appreciate them.

And then, clickety click, Number Resource Organization Number Council, are you here in the room?

(Applause.)

All right. Thank you. Good morning. These fine folks fill an important role representing ARIN at the NRO. And you’ll hear more from them later in the program. And, again, they’ll be happy to answer questions and chat with you at any point.

We’ve got a lot of folks registered today. Hopefully, we’re up to 314 virtual participants, I’m hoping to see a big crowd online today. And we’ve got 141 here on site. That puts us well over 400, which I think is a record for us. So let’s hear it for all of you all for being a part of ARIN.

(Applause.)

I’d also like to welcome our Fellows. Are my Fellows in the room? All right. Fellows, on your feet.

(Applause.)

So these folks go through a rigorous application process and then training ahead of the meeting so that they’re here, prepared. We’re looking for great things from you and great interventions when we have discussion points in the agenda. So thank you for that.

We had a meeting orientation last week. For those of you who attended, some of what I’m going to run through next is going to seem painfully familiar. That’s okay.

But if you did, you had an opportunity to give us some feedback. And if you gave us some feedback, you had a chance to win a $100 AMEX gift card. Ashley, do we have a winner?

Ashley Perks: We do.

Hollis Kara: Who is our winner?

Ashley Perks: It is Ryan Cota. I think he’s a virtual attendee.

Hollis Kara: All right, Ryan. Keep an eye on your inbox. We’ll be reaching out about getting you that gift card. Thank you for being part of ARIN 57. Next time come to orientation, whether it’s your first meeting or your 20th or your 50th, you are still eligible to win, and you might learn something, who knows? Okay. So we did that part.

Virtual meeting, navigation. All right. Just some reminders, for folks in the Zoom, chat is for chat. And for questions or discussion, you’re going to use Q&A. Please lead with your name and affiliation. You may also raise your hand, and we will get you live in the room. It’s like being on radio. And we would love to hear from you that way as well.

Please remember, only ARIN staff are allowed to drop links in the chat. That’s for everybody’s safety. And most of those are going to be to help you navigate things you need for the meeting. So please resist the urge to drop URLs in the meeting chat.

Again, lead with your name and affiliation. And, tip, a great advantage you have being online, you can put your questions in before we get to the question-and-answer portion of any presentation. Just make sure you drop that in Q&A, and we will make sure to get that fed into the queue when we open the microphones.

Our Virtual Help Desk will be open until 9:30 if you’re having any problems. But if you’re having problems, you probably didn’t hear me tell you that. So there you go.

If the Zoom disconnects, try to restart it. Hopefully — not that I want you to be having a problem — but hopefully the problem is local to you. If you can’t get back into the Zoom, hop over to the livestream, and we will be talking about what’s going on with the Zoom because we like to keep everybody in sync.

If you can’t get to the livestream, I’m definitely laying on the floor here crying. But keep an eye on your email and there will be a notification when things are back up and you can rejoin.

If you’re here with us, welcome, welcome. You are absolutely allowed to join the Zoom so that you can use that chat to talk to the folks that are here attending virtually. But please do make sure that your device is muted and that you’re disconnected from audio. Do both. It’s just safer. The other advantage of that — well, we’ll get to in a second.

When we open the microphones for conversation and discussion on topics, please remember that we’re going to want you to lead with your name and affiliation. Speak slower than I am now — I can feel the transcriptionist glaring at me — and we’ll get those in. And speak slowly and clearly. I said that already.

All right. Can you imagine if I had caffeine this morning?

We do want to hear from everyone. So if you have come to the mic, please let’s make sure that the line has fully drained and we’ve had a chance to hear from everyone who wants to speak on a topic before you rejoin the line.

And Wi-Fi is available. Hopefully you’re on it. I guess we didn’t have the slide there.

I did want to point out, for those who maybe aren’t comfortable getting up to the microphone — that’s fine, there are lots of reasons why that could be the case — you are welcome to join the Zoom and submit your questions that way. Again, just make sure you’re muted and your audio is disconnected.

We are going to have some discussion tables at lunch today. So look for the signs on the tables when you enter the room if you want to talk to representatives from the Policy Engagement Working Group, the Number Resource Policy Manual Working Group, or the Policy Experience Report Working Group. Phew, lots of working groups.

Tonight, we will be having our social off-site at the Louisville Slugger Museum from 7:00 to 10:00. We look forward to seeing you there. It is a short walk from the hotel, basically, top of the hill, hang a right, keep walking till you see the big bat, and you’re there. It’s about a 10-minute walk, 5 to 10, depends on how fast you walk.

In the event of an emergency, hotel will come over the loudspeakers and make announcements. Listen to them, not me, because I don’t know.

And if you need any assistance — urgent care, pharmacy — in case of an emergency, we have some information available about that. And you’ll be able to find all of this information online as well at the ARIN 57 website.

So once again, we have slides and we are recording. There is a live transcript. We actually have our live transcript up in the room for folks who want to follow along that way.

You can download all the presentations — I think all of them are there — if you want to view them natively on your screen instead of watching them up here because sometimes things can get a little blurry.

Looking at the site, Program Information, all the basics are under the Program Information drop-down. That makes sense.

Please do avail yourself of the acronym guide. We know that this is, as much as we try to use real words, an acronym-heavy industry. And for folks that are maybe newer to the discussion, some might be unfamiliar.

There are actually hard copies of those available outside if you want to play along, or you can download that or open it up on your computer. Just depends on how many tabs you like open, I guess.

If you’re here, all the things you need to know to navigate the meeting on-site are under In-Person Participation on the website. Virtual participants, you’ve got your own drop-down as well.

So what are we going to do today once I stop talking? We’re going to have some welcomes from our Chair and our CEO. We’re going to have a Board of Trustees Update. We’ll have a Financial Report. And then we’ll have our first guest presentation of the meeting about RPKI and a Region Policy Update before we take our first break.

When we come back, we’ll have a little bundle of reports, Policy Implementation and Experience, and update from our Advisory Council and a review of the docket for this meeting, and then updates from our Advisory Council Working Groups.

And this is going to be a nice lead-in to lunch because you’re going to be primed with all kinds of questions to go and take to those topic tables.

After lunch we’ll come back, and we have a keynote from some guest presenters on IPv6. And then we will have some reports from the NRO, the Number Resource Organization. Take our last break. Do a run-through of ARIN’s 2025 Annual Report before Open Mic and closing the day. So it’s a pretty full agenda.

Just a reminder, we do have Standards of Behavior. All of you checked a box agreeing,
acknowledging them when you registered for the meeting. This is something we take very seriously. We want everyone to feel safe and comfortable and able to participate fully in the meetings.

If you have any questions about that, you can find the full links to the full document online. But basically we’re just here to work together. We’re going to have different opinions. Let’s keep discussion on topic and treat each other with civility and understand that we’re all professionals.

And with that, I’d actually — to help facilitate that, we have our ombudsperson, Stacy Goodwin Lightfoot, and I would like her — she’s running on up — to come on down and explain a little bit about her role at the meeting. Come on up, Stacy.

Stacy Goodwin Lightfoot: I don’t get an applause anymore?

(Applause.)

I’m Stacy Goodwin Lightfoot. I am serving — I served last year as the conference ombuds, and I’m privileged and delighted to be back here again supporting, and here with Hinton & Company. I am here to support a respectful and engaging experience for you all. And I’m going to serve as an independent and informal, confidential resource should anything arise.

So I’m going to be available throughout the conference, including the social tonight. And I’m always here. And I will be happy to support a healthy and engaging conversation with you all.

My contact information is on the screen. So if you want to send a text or ask a question via email, we will be checking that throughout.

So, thank you all so much, and I want to say I hope to see you, but I really do hope this is an uneventful experience for me. Have a good one.

(Applause.)

Hollis Kara: You’re allowed to talk to Stacy even if you don’t have a problem. She’s a lot of fun, so I suggest that you do. So, yeah, loads of fun.

All right. Great. So with that, we’re getting to the everybody participates part. Let’s have a round of applause for our Network Sponsor, Spectrum. (Applause.)

Our Platinum Sponsor, AWS. (Applause.)

Our Silver Sponsor, IPXO. (Applause.)

And I feel like this is probably going to get the biggest round of applause with this crowd, our Espresso Bar Host, Verisign.

(Applause.)

You may notice, I think there’s one barista out there. Please be nice to him, guys.

All right. With that, I’d like to welcome up John Curran, our President and CEO, to provide a welcome.

(Applause.)

Welcome from ARIN’s President and CEO and Board Chair

John Curran: Thank you, Hollis. Good morning. I’m John Curran. I’m the president and CEO of ARIN. I’m here to welcome you to ARIN 57 in Louisville, Kentucky. Thank you for coming, thank you for participating in these processes.

As folks know, ARIN is all about administering a registry on the behalf of the community. That’s our purpose. So we need these meetings to make sure we’re going to do a good job of that, that we’re following your directions.

So we’re going to have a great week, or few days; I guess not a week, feels like a week. But we’ll have a great a few days ahead. We will have some policy sessions coming up where we help refine the language and some of the actual fine-tuning of the actual policies themselves. So those sessions are sort of foremost because that sets our policy manual, the Number Resource Policy Manual, also called NRPM. And that’s very important to us because that’s what we administer.

When we run the registry, when we take requests from all of you, we use that manual, the NRPM, to figure out how to process those requests.

And then we run the registry. And the registry has a lot of functions. And we have to make sure it provides all the services that you need. And that’s done by the ARIN organization. It’s done under the Board of Trustees, under their supervision.

And so we also have a lot of reports about what we’re doing, the services we’re offering, all the programs we’re offering. You’ll see some of those today.

But this really is your registry, okay? We’re running it on your behalf. And it’s important for you to participate to make sure we’re doing your registry the way you want.

So I actually am very pleased to see everyone in the room. I’m pleased to see everyone remotely, a high level of attendance. I hope we have some great discussions. We’re looking forward to hearing everything from you.

Don’t hesitate to reach out. And if you have any thoughts and you don’t really know how to engage or you’re not sure which session, reach out to any of the staff, myself is here, our whole management team is here to engage with, as well as the Board members that you saw and the Advisory Council members. If you have a question, don’t hesitate to just ask someone, “How can I get this idea done?” We welcome all of the ideas from everyone. It’s very important.

We need your input. And so it’s one of the things we actually look forward to the meetings exactly to hear from the community.

With that, I’m not going to get in the way. We have a very important speaker up next. I will leave you. Enjoy your next few days. Thank you very much.

(Applause.)

Hollis Kara: Thank you, John. All right. With that, I’d like to welcome Nancy Carter up to the stage. Nancy is the Chair of our Board of Trustees. And once she’s done welcoming everybody, she can roll right on into her update.

Nancy Carter: Thanks, Hollis. Green button?

(Applause.)

Good morning, everybody. Unlike John, I won’t be up here just ad-libbing. I have speaking notes as I always do.

So welcome to Louisville, Kentucky. We’re delighted to see so many of you here in person and many more of you who are joining us virtually.

I tried to practice saying “Lou-ville” the way the locals say it, but I can’t get it right.

So Louisville was named in honor of King Louie XVI of France, recognizing his support during the American Revolution. And this city is steeped in a rich history. So I’m not sure where the “Lou-ville” comes from.

Perhaps most prominently known as Derby City, due to the annual Kentucky Derby, other nicknames for this city include Bourbon City, River City, Falls City, and the Gateway to the South. As John noted, ARIN 57 promises to be a rewarding few days.

We have some notable keynotes. We have Demystifying RPKI with Steve Wallace from Internet2. And we have the Nine Lives of an Early Adopter: Leading Cats to Water in the IPv6 Era with Nick and Inder from Energy Sciences Network.

We have updates from the ARIN Advisory Council, as well as many fulsome organizational and departmental updates, Regional Internet Registry updates, Number Resource Organization updates, and we have a Policy Block on Tuesday afternoon to look forward to as well.

The schedule over the next two and a half days is intense and fast-packed. So let’s get started.

Board of Trustees Report

Nancy Carter: So first up, as John noted and Hollis noted, is the ARIN Board of Trustees Report.

So I’m going to introduce you to the ARIN Board of Trustees, tell you a bit about some of our oversight activities, and then I’m going to share with you some of the work that our Board committees are doing.

Louisville, Kentucky is the home of many things. As it turns out, it’s the birthplace of both the cheeseburger and the song “Happy Birthday.”

The Louisville Slugger Museum & Factory are nearby, and, of course, that’s where we’re having our social this evening. While in Louisville, you can also pay your respects to local legends, like Muhammad Ali and Colonel Sanders, at the beautiful Cave Hill Cemetery.

Louisville, as you know, is gearing up to host the 152nd Kentucky Derby in just a few weeks, on Saturday, May 2nd. There are numerous events taking place before the main festivities at the famous Churchill Downs. Some of you would have been lucky enough to be here Saturday to see the fireworks and the air show.

As I prepared for this meeting, I decided to ask AI for some assistance with some of my slides. I wanted to introduce the ARIN Board of Trustees and make sure that they reflected that Kentucky Derby theme. So, as you know, we have nine elected trustees. And the President and CEO is our 10th trustee. And here we are.

On the top row, we have Tina Morris, Peter Harrison, Lee Howard, and then me, Nancy Carter; in the middle, Rob Seastrom and Dan Alexander; and on the bottom row, Ron da Silva, Hank Kilmer, Chris Tacit, and President and CEO, John Curran, all decked out in their Derby finery.

These are your Board of Trustees, who are entrusted with the governance and oversight of ARIN. They’re responsible for ARIN’s strategic direction and long-term sustainability. So please say hello to them over the next few days.

The ARIN Board of Trustees has made several important decisions to support the ongoing operations and financial stability of the organization. The Board approved the renewal of the lease for the existing office space, ensuring continuity and stability for ARIN’s administrative functions.

The Board also approved the budget for 2026, providing a clear financial plan for the upcoming year and supporting ARIN’s strategic objectives.

Additionally, the Board authorized the treasurer to approve expenses beyond the current budget year, allowing for flexibility and responsiveness in managing organizational expenditures.

The ARIN Board of Trustees has officially endorsed – sorry – the ARIN Board of Trustees has officially endorsed the ARIN Strategic Plan for 2025 to 2028. This plan outlines ARIN’s direction and framework for the next three years, focusing on the achievement of key objectives and guiding ARIN’s ongoing development.

This work is supported by a special committee for strategic planning. The Strategic Plan identifies four primary priorities, accompanied by 21 key actions that will be undertaken over the next 36 months. These priorities provide a clear roadmap for ARIN’s activities and help ensure the organization remains responsive and effective in its mission.

The first priority is global leadership. This is strengthening strategic relationships and ARIN’s position and influence in the international community.

Number two, governance and organizational resilience. This is about enhancing ARIN’s governance structures and ensuring the organization’s ability to adapt and thrive.

Number three, member experience and advocacy. This is about optimizing services and strengthening community engagement.

And finally, number four, operational and technical excellence, maintaining high standards in ARIN’s operations and technical capabilities. Financial and technical sustainability are the drivers here.

The Board has several standing committees, each with a work plan which is aligned with ARIN’s strategic priorities. The Finance Committee is currently chaired by Hank Kilmer, who serves as the ARIN treasurer. Under his leadership, the committee oversees financial matters and ensures fiscal responsibility within the organization, supporting strategic priority number four.

Stay tuned for the upcoming financial presentation, which will provide further insights into ARIN’s financial position and plans.

The Nomination Committee is currently chaired by Peter Harrison. And under his leadership, the committee has recently created a trustee candidate recruitment and nomination guide. This guide is closely aligned with ARIN’s strategic priorities and is designed to support ongoing trustee recruitment efforts.

The Risk & Cybersecurity Committee is currently chaired by Ron da Silva, who assumed the leadership this year, succeeding Rob Seastrom. The committee emphasizes succession planning to ensure continuity and effective leadership of the Risk & Cybersecurity Committee. This important committee provides comprehensive oversight of enterprise risk and cybersecurity practices throughout the organization.

Through its vigilant approach, the committee ensures that all aspects of risk management and cybersecurity are addressed, promoting a secure and resilient operational environment.

Responsibility for managing compliance, maintaining certifications and overseeing the risk registry falls to the CEO and his executive team. This structure ensures clear accountability for those critical functions, with leadership directly involved in upholding organizational standards and regulatory obligations.

Risks are systematically prioritized based on their potential impact and the likelihood of their occurrence. This methodical approach allows ARIN to allocate resources efficiently and develop effective mitigation strategies, addressing the most significant risks in a very timely manner.

The Risk & Cybersecurity Committee also plays a key role in providing accountability and serves as an active sounding Board for risk assessments.

It offers informed advice on both emerging and existing risks, ensuring that ARIN remains proactive in identifying and addressing potential challenges.

Regular reviews are conducted by the committee to ensure that the Board remains fully informed and up to date on all aspects of the overall risk management program.

In 2026, Chris Tacit took on the role of chair of the Governance Committee, succeeding Peter Harrison. The committee has recently updated its work plan, ensuring alignment with the organization’s new strategic plan and corresponding strategic priorities. By doing so, the committee continues to support ARIN’s long-term objectives and maintain consistency across its activities.

To further strengthen succession planning efforts in accordance with ARIN’s strategic priorities, the Board Leadership Succession Planning Procedure was developed. Additionally, a Board Guidance Letter was developed for the Nomination Committee, offering direction and recommendations to facilitate the committee’s work in 2026.

In support of trustee development, the committee prepared a Trustee Development Plan for Board review. This plan includes a comprehensive list of relevant training resources to foster ongoing professional growth for Board members.

To promote continuous improvement within the Board, the committee developed a Board self-evaluation questionnaire. This tool is intended to help Board members reflect on their performance and identify opportunities for development and operational improvement.

The final committee is the Compensation Committee. So each year, the Compensation Committee, led by the Board chair, reviews and approves the annual performance objectives set for the president and CEO.

These objectives are carefully aligned with the organization’s strategic priorities as well as the key actions for which the president and CEO is directly accountable.

This alignment ensures that the president and CEO’s goals directly support the broader mission and the strategic direction of the organization.

In addition to the performance objectives related to strategic priorities and key actions, the committee also considers essential leadership competencies. These competencies form an integral part of the performance evaluation, ensuring that leadership qualities are reflected in the president and CEO’s overall assessment.

The Compensation Committee evaluates the president and CEO’s performance against the established objectives, and this review process provides a structured approach to assessing achievements and progress, maintaining accountability for the president and CEO’s contributions, one of the Board’s main responsibilities.

So I’d like to close by saying that the Board of Trustees doesn’t just exist because the law says we must. We exist to be ARIN’s conscience and its compass. Our goal is to direct and protect so that leadership can focus on doing.

So, remember, we’re your representatives. Our oversight is strongest when we know your perspectives. We’re around all week if you want to chat. Thank you.

Any questions? (Applause.)

Hollis Kara: If anyone has any questions for Nancy, now would be the time to approach the microphones or start typing. I’m going to see if we have anything in Q&A.

Not seeing any questions, I think you are free, Nancy. Thank you. (Applause.)

Moving right along, I’d like to invite up Hank Kilmer, who has the great privilege of providing the Financial Report. (Applause.)

Big shoes to fill on this one, Hank.

Actually, little shoes, but you get it.

Financial Report

Hank Kilmer: Welcome, everybody. Imagine a world where finances of this nonprofit are exciting. Yeah. I heard a “Wooo” earlier. Well, welcome to that world.

I get the privilege to carry the torch Nancy had bravely handed me, and Brian and team have worked so diligently at crafting and keeping the Funan-ance Committee fun. I’m grateful we’ve defined exciting, though, as stable, predictable, and transparent.

So, I’m Hank Kilmer. Let’s start by looking at the agenda today. I’m going to go through this pretty quickly because I know finance is fun, but we have a packed agenda.

So there are a lot of items on this list. But I promise to be quick. As usual, the report will begin with an update of the work that the Finance Committee has been doing since ARIN 56. And then I’ll review the finance performance and financial position, providing the highlights in our revenues and operating expenses, investments, assets, and liabilities. And then, finally, we’ll end up with a short update on the data center project and the leasing of our office space.

So the business conducted by the Finance Committee since ARIN 56 is typical work. We have a pretty nice schedule laid out as we close out one year and start another.

We’ve met four times since then, since Texas. And during those meetings, we’ve reviewed quarterly financial statements, quarterly investment results with our investment advisor, reviewed Finance Committee charter, and the 2025 year-end report to the Board.

We reviewed and approved recommended 2026 investment allocations, reviewed preliminary estimate of the 2027 financial position as well.

So our financial performance. How are we doing? The important things. So here are the major financial results for the year. The revenues performed very close to budget expectations and ending the year at $30.4 million, which was slightly above budget. Operating expenses totaled $32.2 million, which is 2.6 percent under budget. I’m going to look at the drivers of this variance in just a little bit.

So with the revenues slightly above budget and operating expenses below budget, the operating deficit was almost $1 million lower than expected and ended the year at $1.8 million.

We’ll also look at investments in a little more detail later, but you can see that the investment income for 2025 was $3.4 million. This is a really nice amount considering we have a conservative investment portfolio, which is a very important aspect for ARIN.

So let’s dig into revenues a little bit. So this slide shows that the sources of our $30.4 million of revenue in 2025 has the major aspect being the annual Registration Services Plan renewal for revenues for the IPv4, IPv6, and ASN resources.

2025 RSP renewal revenues were $27.4 million. This is just $50,000 more than budget. Having this revenue source on the budget is a key driver for the success of the financial year.

In addition to the annual RSP renewal revenues, ARIN earned $3 million from other revenue sources. Revenues on resource transfer transactions provided $1.7 million. It was slightly below the 2025 budget but was about $100,000 more than revenues in 2024.

It’s a little difficult to estimate annual fees earned from new or initial RSP customers since that’s dependent upon available resources. But our revenues for that and for 2025 were $500,000. This is more than budget, but below the 2024 revenues.

And finally, other revenues were $800,000 during the year. These revenues were earned on fees for Org creation and Org recovery transactions, annual fees for Premier Support Plan customers and qualified facilitators, and cash and service contributions received.

So since the Registration Services Plan revenues are so important, let’s take a closer look at those. They drive the annual revenue very closely.

Total RSP customer counts grew 775 during the year to 24,931. It’s a 3.2 percent increase in total customers. The revenue run rate for RSP customers increased to almost $30.2 million as of January 1, 2026. The change in the revenue run rate is driven by both the increase in customers and the 2026 price increase that we did.

Let’s look deeper into these numbers. So there’s a total of 11 different RSP customer categories. Four of those are small categories. The four small-level RSP categories have a total of 23,316 accounts. This is 93.5 percent of all RSP accounts. And combined, the accounts grew 3.3 percent from the beginning of the year.

From a revenue-run-rate perspective, these small RSP categories generate total revenues of $14.9 million. This is 49 percent of the total RSP revenues. And combined, the revenue run rate from these accounts grew by 8 percent from the beginning of the year.

The other bucket is the seven RSP categories from medium to the 5X large. The seven RSP categories have a total of 1,615 accounts. This is 6.5 percent of all RSP accounts. These accounts grew by 2.2 percent from January 1, 2025.

From a revenue-run-rate perspective, these seven RSP categories generate total revenues of $15.3 million and is 51 percent of the total RSP revenues. Combined, the revenue run rate from these accounts grew 10 percent from the beginning of the year. We will continue to monitor changes in the RSP customer account as we drive towards the achievement of our balanced budget.

So now let’s look at the operating expenses. So I mentioned earlier that total operating expenses were $32.2 million for the year, which was 2.6 percent below budget.

When we talk about ARIN’s operating expense, the conversation needs to start with salaries and benefits. At $21.6 million, salaries and benefits expenses represent 67 percent of total expenses.

We averaged just over 102 employees during the year. This is a few positions below the planned head count of 106. And that drove the below-budget salaries variance of more than $365,000. In addition to the salaries expense variance, the employees benefit expenses were below budget by almost $330,000.

As Nancy pointed out in the October meeting, that favorable budget variance in 2025 medical expenses was driven by three things: zero premium increase in 2025, a discretionary credit that we got in 2025 based on our 2024 medical plan expenses, and 2025 participants being below the budgeted amount.

So the last category is engineering operations, and that constitutes another significant expense category for ARIN. Engineering expenses for 2025 were $4.6 million, which is a little more than 14 percent of total expenses. This category includes the data center costs, hardware and software expenses, and depreciation.

While there were minor expense variants in the different expense categories, total engineering operations and expenses ended the year very close to budget.

So all of the other expenses were $5.9 million during 2025. In total, these other expenses are 18.5 percent of ARIN’s total expenses, and they were 4 percent under budget.

So this is another way to look at the variances for the year. You can see that the favorable budget variances outpaced unfavorable variances by more than $900,000. This is something we track very closely. We want to make sure we’re budgeting very accurately and have a good, predictable, and fun experience in the finance world.

So now let’s look at investments. So I’m happy to report that our investment funds performed well again in 2025. Long-term investment fund gained $3.3 million, which was more than 10 percent. It ended the year at $36 million.

Interest rates on the operating investment fund money market accounts continued to stay relatively high during 2025. This led to interest income of almost $100,000, a year-to-date performance of 4.2 percent.

And as expected and budgeted, withdrawals were made from this fund during the year. Again, I’m happy to report that, although expected, 2025 withdrawals were $4.1 million to fund both a budgeted operating deficit and the new data center project. We only withdrew $2.6 million of that during the year.

I don’t want to jinx us, but the ARIN investments have been performing very well since the last dip in the market in 2022. Since then, the long-term investment fund has grown $8.4 million. This is a 30 percent gain over a three-year period.

So our first quarter of each year, the Finance Committee meets with our investment advisor to review the allocations of the investments across available investment classes.

The ARIN investment allocations remain relatively conservative, with the majority of the investment in money market and other fixed-income investment funds. This is important when you see how the economy is doing in years like this year where it’s been up and down and very unpredictable. Conservative is not always bad.

Looking at the operating investment fund, this chart shows the changes in the fund mentioned before during the first quarter of 2026. We initiated transactions to replenish this fund. This is a reminder of our operating reserve program. Our target reserve is defined as nine months of annual budgeted expenditures. As we head into 2026, the adjusted target reserve is $26 million.

One purpose of the ARIN investments is to fund the desired target reserve as we began 2026. The investment balance of $36.6 million was more than the target reserve by $10.6 million.

So let’s look at our financial position. ARIN’s financial position continues to be strong. There are a couple of year-over-year changes to point out, though.

Other assets grew from $7.7 million at the end of 2024 to $14.9 million at the end of 2025. Two things are driving this change. First, there were computer equipment purchases for the data center project. And, second, accounting requirements require us to record the value of the new office lease agreement as a right-of-use asset.

Like other assets, liabilities also grew in 2025. Again, like other assets, accounting requirements require us to record the net present value of the total payments for the new office lease as a liability.

In addition to the increased lease liabilities, our liability recorded for deferred revenues increased. That, however, is expected as revenues increase each year. So, again, when you look at the picture as a whole, ARIN’s financial position remains very strong.

So as we come to the end of my fun, exciting numbers presentation, we’ll hit a few other items here.

In October, we reported that the build-out of the new data center in Culpeper was on target to be completed by the end of the year. The project was completed and is in service. And, additionally, the project was completed on budget. It’s such a big project. To hit that, it’s impressive. (Applause.)

Yeah. I also talked about the new office lease. We spent a lot of time negotiating during much of the second half of 2025. And the negotiations resulted in a lease extension being signed in December.

We looked at various options regarding office space for ARIN. Staying at the current property with the same square footage ended up being the best financial option.

The current building owner was very motivated to retain ARIN as a tenant and provided really good financial incentives for us that the other properties just couldn’t match. So we are going to be in Centreville until the first quarter of 2038.

Finally, as we use this Financial Report as an opportunity to remind our community of our long-term financial plan, there is no changes to the plan. This is just a reminder that we continue to head towards a balanced budget, and we’re going to focus on spending discipline and reasonable management of the RSP price increases to get to our balanced budget by 2030.

And that’s it. Questions?

Hollis Kara: All right, folks, microphones are open. If you have questions for Hank about the Financial Report, come on down. Whoa, it’s shocking. Here he comes.

Kevin Blumberg: Kevin Blumberg, The Wire. And for anybody who is using betting pools, yes, I was the first up.

It’s an awesome budget report, Hank. It’s helpful to everybody. The numbers are all under 5 percent variance, which is a solid goal to have any Board and be able to have come back.

My only question is the one problem when you have such small variances is that you worked those variances. I.e., I have a million-dollar budget; I’m going to spend $999,000 so my budget looks good. That is the one downside to having such a tight budget, is that you spend to the budget, not spend to what should have been done, which could be we need to spend more or we need to — the real problem is when you need to spend less. Hey, we budgeted for something, we didn’t need to do it, but we’re going to do it anyway.

And that is a cultural issue. So you’ve got an absolutely solid budget here. You’ve really shown it. And this is year over year. hat’s awesome. But how do you deal, at the Board level — because this is sort of a Board presentation — how do you deal with the cultural issue of now spending money that maybe you shouldn’t have spent?

Hank Kilmer: It is a very good question, and it is something that we do talk about at the Board. We talk about both sides of it. We talk about are there things that we should be doing? And we do have, you know, the ability to tap into, you know, our investment funds, if there’s something we need to do, like we did for the data center move and things like that.

So it is regularly discussed as to how to do it and to make sure that our budget is what it should be. We’re not — and to your point, we’re not spending where we don’t need to either.

I actually think we are tight enough that that would jump out at us with how we do our internal checks on what we are doing. But we do — it is discussed regularly. John, do you want to —

John Curran: The Board did a very prudent thing by adopting a long-term financial plan. And the long-term financial plan requires that ARIN’s annual operating expense be reduced to hit the annual revenue and that the revenue line is going to increase a little bit through some fee increases, but that’s only to get us to alignment.

So as much as I love the budget and love to spend budgeted money, the recurring operating expense of ARIN has to be tightly contained with straps and belts and every possible function so that next year’s budget is the minimum, either what we’re at or lower than this year’s every year, year over year, until we get to 2030, or we won’t hit that long-term financial plan. So even if we were budgeted for more, that doesn’t change the fact that we’re on a very constrained operating expense budget long-term to bring the revenues in line with the expense.

So if someone says, “Can I take this? We have the room in this year’s budget, it’s just going to be a $6K service recurring,” whatever, that’s $6K every year; that’s $6K away from my 2030 target.

So budgeted or not, it’s a long-term plan that we also have to fit within. Does that help?

Hank Kilmer: It’s also that a big part of the operating budget is salaries and benefits. And so it’s a review of sort of that as a very key aspect of it.

Kevin Blumberg: Absolutely. And part of why I’m asking this is to help the room because I think there’s a lot of mysticism around these documents.

But it also comes down to the value for the community, which is no more ponies. We don’t have money for ponies. The budget doesn’t really handle asking for things, which is great, because one of the problems I have with not-for-profits is scope creep. And if you don’t have the budget to scope creep, then you can’t do it.

John Curran: Very much so.

Hank Kilmer: It comes at a cost, right? You have to find money somewhere else. And the great thing, as John pointed out, heading to the balanced budget, is it really drives the focus on what is important. What is it that we do? Our Registration Services is the primary, you know, driver.

Adair Thaxton: Adair Thaxton, Internet2. For anyone else in the pool, of course, I’m second.

How frequently is the investment strategy reviewed with both internal and external advisers?

Hank Kilmer: So we review it every quarter, and we’ve reviewed it already once this year. And so we track it every quarter.

Adair Thaxton: Have there been any major changes to the investment strategy recommended as a result of current U.S. market things?

Hank Kilmer: There have not. But a big part of that is that our investments are very conservative. And so the other aspect of it is that with all of the instabilities, it would be unclear exactly what to do, right, if you were to try and be more aggressive.

So the combination of the two, our recommendations have been to hold steady.

Adair Thaxton: Thank you.

Hollis Kara: All right. We have time for one last comment from our CFO. Come on down, Brian.

Brian Kirk: Brian Kirk, CFO, ARIN. Just one more comment regarding the budget variances. I think over the last few years, we’ve tried to get smarter about budgeting and really looked at where our variances have been in the past few years and trying to take out of the budget where we weren’t spending it, trying to eliminate those recurring budget items that we weren’t using.

So finally we said let’s get smart; let’s take them out. So that’s another reason why those variances are getting a little bit better.

Hollis Kara: Awesome. Thank you, Brian. Thank you, Hank. I think we’re all done here.

And I can say that when Brian mentions budget scrutiny, as someone who has to get a budget past him, he’s not kidding.

All right, with that, I’d like to welcome Steve Wallace from Internet2 to come on up and talk about demystifying RPKI.(Applause.)

KEYNOTE: Demystifying RPKI: Exploring Tools to Simplify ROA Planning and Visualize Validation

Steve Wallace: Good morning. Two and a half years, I spoke with you about the challenges of RPKI in research and education environment. We’re making some progress, which is good.

I don’t know if I’m going to demystify everything, but hopefully I’ll show you some tools that are useful.

So Internet2 and CAIDA have joined together to work on a project to improve routing security, principally for the global research and education ecosystem. But some of the tools that we’ve developed can be useful beyond that, essentially to any network operator that wants to make RPKI objects. And this work is also supported in part by the National Science Foundation.

So an important disclaimer: We all are learning that software can hallucinate, and these tools help you create ROAs and ASPAs and other things.

And if you make a ROA incorrectly, you may put your network at risk of an outage. So these tools are meant to help, to provide assistance to someone who is making the decisions themselves in terms of what ROA their network needs.

So when you first use these tools, you’ll have to click through a disclaimer, and that disclaimer will, I think, reappear every 30 days.

But take this seriously. If you create a ROA incorrectly, just like if you were configuring the BGP in your router, if you make a mistake, there can be consequences.

So the first thing I’m going to talk about is the ROA Planner. And you give the ROA Planner a prefix, and it looks at data, IRR route objects, current routing data in the Internet and history of routing data from RIPE. And it lists – it basically puts all this information together and gives you candidate ROAs.

So if you were to create a ROA that would cover every existing announcement, announcements in the past, and every announcement that’s sort of suggested by a particular route object entry, it’s going to show you all of them.

So this has proven to be pretty useful. So for a while, we’ve had an internal command line tool. So it turns out that a lot of my job is helping people create ROAs. So I’ve interacted with many institutions and helped them walk through the process to create ROAs. And we built some internal tools to ensure that we have good information about their network before we assisted them.

And every now and then, we find something pretty interesting. So, for example, we have helped schools create ROAs where the person creating the ROA was not necessarily aware that the school, on a periodic basis, once a year, took some of their address space to another network and announced it differently.

And so that’s not in the current routing table. And so if they had created a simple ROA based on what they currently saw, that next event probably wouldn’t have gone very well.

We also have a number of schools who use DDoS scrubbing services. So these are on-demand cloud-based DDoS scrubbing services. And there’s some hints of that sometimes in route objects. So there can be a telltale sign that the campus is using or the university is using that kind of service in the route objects.

We’ve also run against cases where people had disaster-recovery sites. We’ve seen two different things. We’ve seen a route, you know, maybe two years ago, from that site, and it may originate as more specific prefix or from a different ASN. Or we may see the DR site actually have an IRR object to accommodate that route.

So you can look at your current routes, but it’s safer, I think, to look at more information when you’re thinking about how to create a ROA.

We built a ROA Visualizer. This was my 100 percent vibe-coded thing. I had an unexpected day where I could do some work. It’s been my experience that it can be difficult to explain how a ROA is evaluated against a BGP route. And so we built, specifically answering the question, does the ROA cover the route? And then if it does, how is it evaluated?

So we built just a simple one – you know, it’s just one webpage, where the user can type in a BGP route and they can type in a ROA, and they can see sort of bit by bit how those are compared and what the result is.

So if you’re learning about ROAs and you want to see, well, how does this ROA work and how is this ROA going to affect my route, we have a webpage that will let you do that.

So we also have an ASPA Planner. This is experimental. So don’t just use it and make your ASPA based on it, please. It generally appears to work pretty well for networks that are at the relatively edge of the Internet. As you back up more into the core of the Internet, its results aren’t always consistent.

It uses data that’s refreshed daily from CAIDA. CAIDA maintains a dataset that shows AS relationships. And there’s a paper you can get at CAIDA if you want to see exactly how they present that data. But it uses that data, but then it also looks at sort of how thick the connectivity is to a particular peer.

So it looks at routing data. And if the routing data fans out in a certain way, it may also suggest a provider which is not in the set of the CAIDA AS-set relationship data. And it will suggest a possible ASPA.

And like I said, when I’ve used it, it’s worked well, nearly 100 percent, for the test cases where a network is near the leaf or near the edge of the Internet. As you back up a little bit, it doesn’t work quite as well.

So we’re going to try and demo these tools. We’ll see how this works. Okay. Plugged in. Great. All right. Okay. So this is the ROA Planner. Now, these may load a little more quickly. The ROA Planner, all these tools, actually, cache the data that they fetch for a little while. So the first time you load one, it may take a little while.

So if you look at the data sources – so we get registration data from ARIN. Currently, this doesn’t do a good job at getting registration data from the other RIRs, and we’re going to enhance it to do that. But it gets the reallocations from ARIN.

So one of the things it does is it depicts both the hierarchical structure of the IP allocations as well as the announcements. We get a sort of current snapshot of routes that are in the research and education infrastructure from RouteViews.

And RouteViews has a good view of that infrastructure, and it’s not uncommon for more specifics to be in that infrastructure. So it’s critical when you’re creating a ROA that whatever tool you’re using picks up those routes.

We also get current routing and historical routing data from RIPEstat. So those are critical providers of data for this.You put in a prefix. And here’s a really simple prefix. This is a prefix at Indiana University. And they already have their ROA. You see it’s valid for all the routing history that we see and all the IRR objects that we see.

So on the left-hand side, you can select if this particular row gets calculated into the suggested candidate ROAs. And we’re going to look at something that doesn’t have ROAs in a second so you can see more how that works.

The next column is “Days Old.” Well, for the RouteViews data, it’s going to be zero days old, and for current routes from RIPEstat it’s going to be zero days old.

But for other data, like Internet Routing Registry data, it’s going to show you how long ago the route object was created. And for RIPEstat routing history it’s going to show you how many days ago that route was seen by RIPE.

The next column is essentially the Source, where did this data come from, then the Prefix. And the prefixes are displayed hierarchically. So it’s pretty easy to see what you’ve done in terms of carving up that address space.

We get the name; what the Origin AS is for that route object or for the route; if there’s an existing ROA, what’s its status. You can also create a test ROA. So if you want to see how a particular ROA might get evaluated against the prefix and all the evidence of possible other routes, you can create a test ROA.

So let me go to one that has – so here is a prefix, an IPv4 prefix, where there’s been some reallocation. None of it has a ROA.

So because of the way we use these, we’ve added a few tools that night make it easier for someone using this tool to help with the ROA. So for each allocation or reallocation, it lists the Point of Contacts for that allocation and makes it easy to copy it to the clipboard. So why would you have that? Well, imagine this prefix is one of the allocations to OARNET, which is a research and education regional network in Ohio. And they’ve reallocated to lots of their customers.

So if you wanted to go through here and easily send emails to those customers saying, hey, by the way, we’re going to make a ROA, and that ROA expects you to originate this route with this particular AS, that just made a little tool to make it a little easier.

So, again, what this has gone through, it’s looking at current routing data, routing history, and route objects that apply to this prefix. And it’s saying, by default it’s saying, ‘Well, we’re going to show you all the candidate ROAs that cover all of those things.’

If you go up here and it says “Required Multi-prefix ROAs” – and I know this isn’t technically best practice, but I think that’s going to change because it really should be best practice, the multi-prefix ROAs.

And if you click on the multi-prefix ROAs, it essentially shows you the information needed to create all the ROAs to cover all of those routing history, current routes, route objects. If you want to make single-prefix ROAs, it will show you those as well.

And you can go back and you can say, well, you know, I don’t want to include things in here that are more than 100 days old for routing history.

So I can go through and say I don’t want to include in those candidate ROAs routing history beyond a certain number of days, and it will unselect those rows – I guess there’s one row – two – no, more – it’ll unselect those rows.

And when they’re unselected, the multi-prefix and the single-prefix ROA calculations are instantly updated, and you can see what ROAs to create.

It does work for IPv6. Works the same for IPv6 as for IPv4. So here’s a IPv6 reallocation where, again, someone has a /32, and they have – I think this is LEARN, which is a regional network in Texas. They have reallocated it to a number of organizations. And here it is calculating, showing you the hierarchy of those address allocations, which could be useful.

The horizontal lines divide up different prefixes. So, for example, the first one, you see three prefixes here, and you notice they’re the same prefix. So they’re all within one horizontal long grouping. One is the RIR allocation, the other is the routing history, and the other is route object.

So some of the single ones are typically routing history. So, again, you can go in and you can make a sample ROA to see how it would affect these.

So, for example, if I made a ROA – I don’t know if I have time to do it, but if I made a ROA just for the /32, the /32 might say valid; but, of course, all the longer ones here would be invalid. That wouldn’t be the kind of ROA you would want to start off with here.

What it does present you with is a list of ROAs to make. It gives you them in the order in which you should create them, mostly. So it can’t do that fully if they originate from different AS’s. So that’s a bit of a trick that you have to be aware of.

So those are the ROA Planner. We’ll go to the ROA Visualizer. So as I was saying before, the ROA Visualizer is sort of a tool to help better understand how ROAs are evaluated against BGP routes.

I find it really incredibly common – first of all, it’s been my experience with the people I’ve helped create ROAs, it’s someone with some BGP knowledge, but they’re probably going to make a ROA once in their life or maybe a couple of ROAs once in their life.

It’s not something they’re going to get really proficient at because it’s not something that, at least in the customers I deal with, that it’s likely to change very often. And a ROA is just a little bit different from sort of longest prefix match routing; that there’s frequently a little bit of confusion over what a covering ROA means.

So, for example, if I have a ROA that’s a /16, anything longer than the /16 that ROA covers, but if it doesn’t accommodate it with max length or something else, then it’s going to be invalid.

So this tool has some presets. There’s a valid example, there’s an invalid example, and there’s a not found example. So it can preload data to show you those examples. But then you can put in – oops – you can put in your own data and take a look at what that’s going to look like.

It also shows you, for the ROA, what the covering prefixes are. And it will show you – you know, if you have an IPv6 that’s /32 to /48 or whatever, it has a nice nomenclature for depicting all of the subnets that would be – or all the prefixes that would be covered by the ROA.

Then it shows you, you know, if it is covering, it looks at the possible Origin AS’s and tells you if it’s valid or not. So nice little tool to help people if they want to dive a little deeper, make sure that they understand how ROAs work.

This was vibe coded in a day. This was the first totally vibe coded thing I did. And vibe coding is amazing. If anybody wants to talk about that later, I don’t write code anymore; but I write more code than I ever have.

We have an ASPA Planner. And I mentioned earlier, it’s not perfect. It works well if you’re near the edge of the Internet. You put in an AS number, and it will look at the CAIDA AS relationship data and find your providers. It will then look at routing data and try and figure out if you peer with somebody else and if they’re likely a provider.

So this AS belongs to – I’m pretty sure this is the Indiana GigaPOP, the regional network in Indiana. It shows Hurricane. WiscNet is sort of a partial transit provider in Wisconsin. And it’s correct, these are this AS’s peers, and they’re all service providers except ESnet. ESnet is a simple peer.

So you get a full list of all the networks the AS peers with, and it automatically just selects the ones that it thinks, based on CAIDA data or routing data, is likely a service provider. And it checks those.

Also, it draws a nice diagram of what it assumes the peering relationships are, and it gives you the information that you can use to create an ASPA. If you have an existing ASPA, it will show the details on the existing ASPA.

Interesting thing. So Internet2, the customer cone is about 1100 AS’s. Global R&E is about 2,700 AS’s in 108 countries.

When I first looked at – we have a report that shows us who has ASPAs and who doesn’t within those communities. And when I looked at the Internet2-only portion of the global R&E community, there were two networks with ASPAs. This is last week.

So I sent them an email. I’m like, This is cool. Why do you have these?

And one of the networks was being operated by someone who came from the commercial sector and said, ‘Well, you’re supposed to do this.’

And the other one said – I won’t say what their provider was, but they said, ‘One of our providers said we had to have one of these or eventually our service wouldn’t work.’ Which I think is a little surprising, but in any event.

So if you look at the percentage of IP address space covered by origins with ASPAs in the Internet2 community, it’s about 0.3 percent today. If you look at that for GÉANT, sort of the equivalent of Internet2 in Europe, it’s 33 percent. So their adoption rate is 100 times higher right now than ours. So that’s work I need to do.

One other thing I’ll show you, but I’ll warn you that this is not for you, this is designed specifically to help R&E networks make their AS-sets.

So this will help a network make a customer cone representing AS-set given their ASN. But it only looks at the R&E prefixes. So this would definitely not work for other people.

However, this is pretty useful. It turns out that the adoption of AS-sets to represent your customer cone is most consistent, I would say, in Europe, pretty consistent in the R&E community in the US, and then it drops off in other parts of the world.

And part of developing this tool is to provide something useful to make it a little easier so that all of these networks can improve their routing security. You can, with a ROA Planner, do crazy things like point it at the AT&T /8. I thought this was cached. This may take a few more seconds. We don’t have to see this. Oh, there you go.

So here’s 12 /8s, a lot of information here. This is a long webpage. But if they were to create ROAs for their routes that had been seen in the past in all the IRR entries, there would be over a thousand of them.

Now, they create ROAs for parts of the prefix space that are important. But the tool will work even if you have lots of suballocations and lots of information related to that.

So those are the tools I wanted to share. The ROA Planner, I use on a regular basis. And it’s been very valuable and reliable. Again, before you create a ROA, everything can hallucinate. Don’t just take its output, but I think it helps people make more informed decisions about creating their ROA.

The ASPA Planner, we’re still working on. I think it’s useful. At the edges of a network, it works pretty well.

The AS-set thing, don’t do that unless you’re an R&E network because it will make an AS-set that excludes non-R&E stuff.

So I want to thank – there’s a team of people that have created these tools. And we have – we’re building a whole set of tools that we’ll roll out over the next two years, mostly designed to improve security for the research and education global community. So that’s what I wanted to share.

Hollis Kara: Wonderful. Thank you, Steve. If anybody has any questions for Steve here in the room or online, please feel free to approach the microphone. We’ve got a few minutes.

Alison Wood: Thank you, Steve, that was awesome. My name is Alison Wood. I work for the State of Oregon AS1798. And you as you were speaking, I was bringing this up and checking out our own RPKI ROA information, and this is amazing.

And what’s most amazing is that as you were speaking, and it’s very early in Oregon, I was sending screen shots of this to – of my own AS1798 back to my executive staff who have struggled to understand the visual of how we’re set up.

And when I went back to the RPKI ASPA diagrams, it was very clear what our upstream was and what our downstream peers were and to be able to give it to them at a glance.

I got a million thumbs up this morning. This is incredibly applicable and amazing. Thank you so much. We are going to use this constantly.

Steve Wallace: So cool to hear. So just so you know, most of these tools, whatever you’re looking at, the URL won’t change. So you can forward the URL, and they’ll see exactly what you see.

Hollis Kara: Awesome.

Kevin Blumberg: Kevin Blumberg, Toronto Internet Exchange, changing my hat today for now.

Route validation is a critical component of an Internet Exchange point. And many of us – many of us – have signed on with things like MANRS for route validation. So having tools that make life easier is awesome.

We are in our region at, what, 30 percent take-up validation of routes. Whether it’s 30, 40, 50, we are so far away from actually having the Internet be – and I’m going to put big air quotes – protected by RPKI.

ASPA helps quite a bit. But if we haven’t even gotten to – if we’re below 50 percent on our RPKI validation, we’re going to have the same problem with ASPA, which is going to take 10, 15 years of people kicking and screaming before we get there.

Here’s the most interesting part, and I’d love to know how we can deal with this. The most interesting part is people don’t do it because they’re afraid it will break things, and this tool helps significantly with that.

But they’re okay with people breaking their networks intentionally. They’re okay with their routes being hijacked, just not breaking it themselves. That has to be fixed, and I think it’s a bigger issue longer term.

Everybody in the room, especially you, have made the tools available for people. You’ve brought them to the water, right? None of them are drinking that water, and I don’t know what the next five years will be to get that to happen.

Steve Wallace: Thanks.

Hollis Kara: All right. I don’t have anybody online. So we’ll go once more to the floor.

Henrik Van Tassell: Great presentation. My name is Henrik Van Tassell. I am one of the Fellows, student at the University of Vermont, and also an operator of an itty-bitty network, AS63477.

Forgive me if I missed this during your presentation, but have you identified a potential reason why the research, like, research and education community in Europe has picked up ASPAs a lot faster versus North America?

Steve Wallace: So I’m going to guess it’s a couple of things. So first of all, ROA coverage is greater as well. I think RIPE, which is their RIR generally, supported ASPAs before ARIN. I’m not poking at ARIN; I think that’s true, though.

So they had an earlier opportunity to make them. And there are some very vocal people about ASPA that live in Europe, and I’m sure Job had some influence over a handful – a handful of the networks have full coverage. GÉANT does it all together. But a handful of their networks.

And when I look at that, I suspect there’s Job Snijders footprints. He’s one of the authors of the ASPA RFCs and a champion for routing security. So I think there’s an individual who probably was a good influencer for some of those networks. Just my guess.

Henrik Van Tassell: Thank you.

Hollis Kara: Thank you. Seeing no further questions, Steve, thank you for a really informative presentation. And please, folks, find him to chat about this in your free time. (Applause.)

All right. We’re going to have – whoops, we need to switch back to the other – Here we go. Where are we? There we go. Thank you. All right. Next up, before we go to break, I’d like to invite Eddie Diego up to the stage to give the Regional Policy Update. (Applause.)

Regional Policy Update

Eddie Diego: Thank you, Hollis. Hello, everybody. I’ll be going over policy proposals at APNIC, AFRINIC, LACNIC, and RIPE NCC.

Actually, starting with AFRINIC, many of you may recognize these four policy proposals. They’ve been on AFRINIC’s docket for at least three years now. But I’m happy to have some news.

They reconstituted their Board of Directors at the end of last year, and we have some policy updates. So you’ll see the first three on this list are marked as ratified.

The Board has ratified the first three proposals on here, and they’re all awaiting implementation. The first one is AFRINIC Number Resources Transfer Policy. This basically updates their transfer policies, including the addition of inter-RIR transfers. So that’s the ability to transfer resources, IPv4 and ASNs, between the other RIRs and AFRINIC.

They have updated their policy page to indicate that the four other RIRs have confirmed or indicated the compatible policies that will allow them to perform these transfers.

John Sweeting is up after the break, and he’ll actually be talking a little more about inter-RIR transfers with AFRINIC during his Policy Implementation and Experience Report. So that is waiting implementation.

And next, also awaiting implementation, is RPKI ROAs for Unallocated and Unassigned AFRINIC Address Space. This will create ROAs, or Route Origin Authorizations, with an AS0 for any of the unallocated space AFRINIC has. This should help prevent any unauthorized announcements from these unassigned networks.

And last awaiting implementation is Abuse Contact Policy Update. This adds abuse contact requirements to the policy manual, including the requirement of having an active or operational email address and that the organization maintain this abuse information.

Lastly, you’ll see one mark as expired, Policy Compliance Dashboard. This actually reached consensus with the AFRINIC community, but it was not ratified by the Board. And per their policy manual, since it was submitted over 12 months ago, it has now expired. The author or authors have the ability to submit a new proposal if they would like to.

Moving over to APNIC. They had their meeting, APNIC 61, in February, and the following two proposals were presented but did not reach consensus.

Prop-164: Allocations of IPv6 Resources longer than a /32 with a nibble boundary alignment. This reduces the minimum allocation of IPv6 from a /32 down to a /36, staying on the nibble boundary.

And prop-168: Increase to maximum IPv4 delegations. Around six or seven years ago, the maximum IPv4 delegation was a /22, and a policy proposal reduced that down to a /23. Prop-168 would like to increase that back up to a /22.

Moving over to LACNIC, 2025 Sub-Assignment of IPv4 Resources to Third Parties. This has been ratified and is awaiting implementation.

Current LACNIC policy specifically forbids the subdelegation of resources to third parties, so organizations outside of your own network.

2025-5, this policy will allow the subdelegation to third parties under a very narrow set of exceptions and rules. And also John Sweeting will be talking about this policy as well during his Policy Implementation and Experience Report, so I’ll save some of those details for his slides.

And lastly, we move over to RIPE NCC. 2024-1: Revised IPv6 PI Assignment Policy. This has been around since 2024. It’s still in under discussion. It adds clarifications to IPv6 PI Assignment policy, including wording, definitions, and requirements.

And this one is still quite extensive. So I always recommend, when I talk about this one, to review the full policy text on RIPE’s policy page.

And 2025-01: ASN assignment criteria revisited. This revises and simplifies the eligibility and criteria for obtaining ASNs. I’ve also found it interesting that the proposed policy text is very similar to ARIN’s current ASN policy, but it has not met consensus in RIPE. So the author has indicated their intentions to submit a new policy to proposal text, a new version.

That was a brief overview of all of the policies at each of the RIRs. If you’d like to review the full policy text and any of the additional information like staff assessments, those can be viewed on each of the RIR’s policy pages listed here, including ARIN’s.

And the Number Resource Organization also maintains a comparative policy overview, which is a document that lists all current policies where you can relatively easily compare the current policies across all five RIRs, and that can be found on the NRO’s page here.

That’s actually all I had. Pretty quick one.

Hollis Kara: All right. Anybody have any questions or comments for Eddie, please feel free to approach the microphone, or start banging on those keys if you’re joining us online. I’ll give it just a minute.

We can see lots of folks online, but everybody’s quiet this morning. All right. Thank you. (Applause.)

All right, thanks, everybody. We’ve made it through our first block of the agenda. Congratulations. We’re actually right on time. Break is set out in the hall. We will resume at 11:00.

And, Fellows, if you could please, before you head outside, head up toward the stage so we can get some photos. Otherwise, I will see everybody back at 11:00. Thank you.

(Break from 10:27 AM to 11:00 AM.)

Ashley Perks: We’re going to go ahead and get started with our next segment. You may be wondering, where is Hollis? Well, we’re going to give her a little break, let her experience the espresso bar for herself. We’ve gotten a lot of good feedback on that, so that’s exciting.

My name is Ashley Perks. I’m the Communications Manager here at ARIN. We are in our last block before lunch.

I would like to go ahead and invite John Sweeting, our Chief Experience Officer, to give our Policy Implementation and Experience Report.

I do want to note that, based on your feedback from previous meetings, we have changed the format of this just a little bit. You will have opportunities for questions and comments after each segment. So please feel free to do that to John. Thanks. (Applause.)

Policy Implementation and Experience Report

John Sweeting: Good morning. Can you hear me? You can hear me. Yes, this was Ashley’s initial sticking her toe in the water. She will be sharing duties with Hollis going forward at all our meetings.

We’ll probably work another person into that rotation as well. But let’s give Ashley a little bit of love here. (Applause.)

All right. I’m going to go into a few of the policies that Eddie already talked about. He talked briefly about them. I’ll go deeper into them. And it’s not so much as ARIN policies, but how they affect ARIN policies.

So that’s who I am. And the policies we’re going to review are the Number Resource Policy Manual 8.4, which is the inter-RIR transfers. We’ll look at how does that work with the new AFRINIC policy.

We’re going to look at the LACNIC Sub-Assignment of IPv4 Resources to Third Parties. And then we’re going to have another couple of slides
on talking about how do we use policy to help encourage the adoption of IPv6. We’ll talk about that when we get to it.

Okay, so this is 8.4, which is our inter-RIR transfers to specified recipients. As you can see, it’s IPv4 addresses, Autonomous System Numbers, they can only take place with Regional Internet Registries who agree to the transfer and share reciprocal, compatible needs-based policies.

Current staff practice and experience. ARIN, APNIC, and LACNIC and RIPE NCC, we already have it in place. We share reciprocal compatible needs. And we are currently all, between those four RIRs, we are exchanging transfers.

AFRINIC has recently reached consensus on a policy that allows inter-RIR transfers out of AFRINIC and into AFRINIC, and it’s both IPv4 and AS numbers. So their Number Resource transfer policy was ratified. You can see the title of it there. For February, it was ratified.

Their policy people there reached out to our policy people, all the policy folks in the RIRs, and asked for a review and whether it would meet our policy around compatible reciprocal needs.

We reviewed it, ARIN reviewed it, ARIN staff reviewed it, reviewed it with some of the executives, and concluded, yes, they are reciprocal with ARIN’s needs-based inter-RIR transfer policies. And so we intend to allow the transfer of IPv4 addresses and ASNs to and from AFRINIC once their staff has completed the implementation.

So they do have some additional qualifications around their inter-RIR transfers. The AFRINIC pool, which is the managed pool of IPv4 and ASNs obtained from IANA, allocated and recovered, or through the early registration transfers, they call that their regional pool.

They have a special purpose pool, which is reserved. That’s the resources reserved for critical infrastructure such as our 4.4 policy. And they also have resources distributed during the exhaustion phase of the soft-landing policy, the last /8, which is Section 5.4 of their policy manual.

Then they have a pool of legacy, which is reserved IPv4 – received IPv4 address space and ASNs before the RIR system existed. And then others, which they call global, which are resources received via an inter-RIR transfer.

So basically the legacy and the global can be transferred out of Africa, AFRINIC. Legacy resources transferred into AFRINIC are marked as global as well.

So basically they have some special pools, just like ARIN has some special pools, that cannot be transferred on an inter-RIR transfer.

And we look at that – they’ve got those two, the regional and the reserved, that they will not transfer out of the AFRINIC region. We looked at that and determined that’s compatible with our policy.

So with that, we’re going to take a quick break just to see if there’s any questions or discussion on that policy. I see Mike Burns heading to the mic.

Mike Burns: Mike Burns, IPTrading. I just want to point out that the AFRINIC inter-regional transfer is restricted, as you just said, to legacy and global addresses. Yet, that was declared to be a compatible policy to allow addresses to flow.

I just wanted to point out that the RIPE policies aren’t an exact match either, in some ways, in terms of their need tests. Yet, we continue to call it a compatible policy.

I just want people to understand, compatible is not matching. And your decision here makes that clear.

John Sweeting: Thank you, Mike. Lee.

Lee Howard: Lee Howard, ARIN Board of Trustees, although not speaking on behalf of the Board.

A minor correction, really super minor. You noted that this AFRINIC policy had recently been found consensus. That’s not actually correct. It found consensus years ago. It was recently ratified by the Board, and they couldn’t ratify it until they could empanel a Board.

John Sweeting: Thank you for that correction, Lee. I stand corrected in my language.

Do we have any online? All right. Kevin.

Kevin Blumberg: Kevin Blumberg, The Wire. The word “compatible” is actually really helpful, I think, for the community overall because it’s not the policy, the transfer policy itself that’s compatible; it’s the needs component being compatible.

So what the – the sausage behind the scenes that goes on in terms of what space can and can’t be inside of each of the regions is not the compatibility matrix. Correct, John? It’s the needs component; that there is a needs component in the policy. End of story. It’s not what can or can’t be. Because we have also different things.

I am very curious about the other, not the legacy space, but if it comes into the AFRINIC region that can then go out. So how does it work if something from APNIC goes into AFRINIC and then out and then can go to ARIN, as an example? That’s a very circuitous route. But are you looking at the pedigree of the history, or is it specific to ARIN? Is it specific to this was somewhere else? Like, or is it –

John Sweeting: We don’t look at the pedigree. They look at the pedigree. They put it in the pool it belongs in.

If it comes into AFRINIC through an inter-RIR transfer, they put it in the global pool, which can then be transferred out based on their any other qualifications they might have around a wait period or anything like that.

But, yes, anything that gets transferred in can be transferred out. And legacy can also be transferred out, whether it was transferred in or it’s been there.

Kevin Blumberg: Perfect. Thank you.

John Sweeting: Nothing online?

Ashley Perks: No online.

John Sweeting: All right. So we’ll move right along, and we’ll now talk about the LACNIC Sub-Assignment of IPv4 Resources to Third Parties, which is – in a looser term, it’s a leasing policy, but a leasing policy with some stricter guidelines to it, some guardrails around what they can do and what they can’t do. So they ratified the policy that allows leasing under specific requirements and restrictions.

It’s got to be used exclusively within the LACNIC service region. So they can’t sub-assign something to somebody in another region. It has to be within the LACNIC service region.

I’m not sure – I’d have to get a reading on that, if they could do it – if they could sub-assign it to somebody that’s in the ARIN region but has services in the LACNIC region. We’ll figure that out when we get deeper into it.

The receiving organization must hold at least one ASN and one IPv6 address space assigned by LACNIC. So they’re using it to kind of spur the deployment of IPv6, hopefully, or at least the assignments of IPv6.

The minimum size is a /24 and the maximum is a /22. Realizing this is a big step in the LACNIC region of actually allowing these types of reassignments, I think they felt they needed to put guardrails around it, which is great. It’s what their community wanted.

Needs-based, no further sub-assignments to third parties. So if – in the ARIN region, if you’re connected to the direct allocation holder from ARIN, they can reallocate it to you, and then you can reallocate it, reassignment further down. And if you do that under this policy in LACNIC, whoever you’re leasing it to cannot then further reassign it to someone else.

Then the IPv4 blocks obtained directly from LACNIC through assignment or allocation or via transfer may not be sub-assigned for a period of three years after their receipt.

So it’s kind of – I’ll be interested to hear from Mike on this one – it’s kind of like if they do a transfer in, they cannot then take that space right away and lease it out. At least that’s the way we read it.

And then the organizations that sub-assign IPv4 addresses under this may not request new IPv4 blocks or receive IPv4 block transfers for a period of three years from the date of their last sub-assignment. So you can’t lease out a bunch of space and then go get some more from the transfer market to lease out again under this policy.

So current staff practice and experience. The ARIN region does not have any policies that specifically allow leasing. I’d say we probably don’t have any specific policies that specifically don’t allow leasing.

It’s kind of been a gray area we’ve talked about and walked around for several years. But ARIN does not consider leasing to be efficient needs-based utilization for approving a recipient transfer request under the Number Resource Policy Manual 8.3/8.4 transfer policies. And we do not consider leasing to be efficient needs-based utilization for the purpose of qualifying to receive address space from the IPv4 Waiting List.

ARIN has stated – and there’s a blog out there that states this – that if you have excess IPv4 space that you have acquired from ARIN over the years and you no longer have a need for it in your network, that you can re-assign it, re-allocate it to somebody that’s not connected to your network. So basically leasing.

However, if you do that, you cannot say that space is in use if you want to come back and get more space from the waitlist or a transfer. So that’s basically what that says.

You can lease all the unused space that you currently already have unless it’s one of those allocations that has other policies that say you can’t do it for five years, three years.

But if it’s space that you got 10 years ago and you no longer need it for your network needs or your customers, you, by all means, can lease that out to a third party. You just can’t come back and get more space to replace it because obviously you didn’t need it if you can lease it.

That is the viewpoint currently with the policies we have in place.

So, policy proposals regarding IPv4 address leasing have not reached consensus in the ARIN region. And we’ve had several over the last 10 years. We’ve had – I think we had IPv4 leasing is allowed, IPv4 leasing isn’t allowed, IPv4 leasing might be allowed. None of them have come to consensus.

So staff observations. We’ve observed on numerous occasions that IPv4 address space transfer from ARIN via inter-RIR transfers shows up on leasing platforms in other regions.

That’s just an observation we’re just throwing out there for anybody. If you don’t think that ARIN knows or doesn’t follow what happens with space that we transfer, we do. We keep a very good eye on even the space that we transfer to other regions to see what the trend is and what’s going on with it and to make sure that they’re still compatible.

All right. That’s it on the LACNIC leasing policy. Are there any questions or discussion?

Hollis Kara: Question from online. Brandon Powell, no affiliation, listed from Saint Kitts and Nevis. Is this the same policies applied to ISPs in the Latin Americas region where the subleasing arrangements are concerned?

I don’t know, I just read it.

John Sweeting: This is the LACNIC region policy.

Hollis Kara: Right, exactly; that to be clear, yes, this is the policy for the LACNIC region. Thank you.

Mike Burns: Mike Burns, IPTrading. I congratulate LACNIC. It’s a first step. It’s a good one.

But I missed something on one of your slides. I think it was related to whether leased addresses could be used as a demonstration of need after three years or something to get more addresses from LACNIC. I just wasn’t clear on whether they –

John Sweeting: I don’t think you missed it. I don’t think I had it on there. And I don’t think I’m clear on that right now. It’s probably something that I would ask Eddie to get clarification from LACNIC on that.

Mike Burns: Thanks.

Kevin Blumberg: Kevin Blumberg, The Wire. There’s a little commingling between free pool and 8 transfers. They’re very different for our region. And I think it’s helpful for the community if we really separate them out, especially the waitlist. The waitlist is still going back and is now really a community resource and community use.

We’re sharing what is the little bit that’s left. So I think differentiating and showing how it’s different would be helpful for the future.

I think there’s going to be more tightening of the waitlist, hopefully, to prevent out, you know, a misuse of it, because to me it is now just it’s a shared resource.

But just it’s a great presentation. I appreciate it. Just commingling those two, they’re very different for our region, and we should call that out more often.

John Sweeting: Sure. I agree with you on that, Kevin. Should the same policies apply to somebody that can’t participate in transfers for whatever reason? So they’re willing to sit and wait until there’s some space available they can get directly from ARIN. And then somebody that actually has the resources to participate in the transfer market and is going to go out and purchase IPv4 space.

The minimums, how to qualify for them and all that, there is a difference in the policies; but there is some similarities that are still carrying on that, yeah, we’d be glad to put together a presentation on the differences there hopefully for -well, we will, we’ll do it, we’ll make sure we do it for the October meeting.

Ashley Perks: You are clear online.

John Sweeting: Now we’ll step into encouraging IPv6 adoption. So this is just some things that staff has thrown out there, saying, hey, possible options for encouraging IPv6 adoption that the community could consider.

So requiring that applicants to the IPv4 Waiting List demonstrate that they have an active IPv6 deployment within the ARIN region. I think it maybe has been tried before, unsuccessfully, but that was one of the things that was suggested by staff out of RSD is, hey, could we put – would the community consider putting a requirement of having IPv6 deployed before you could get on the waitlist and get space off the waitlist?

Reducing the IPv4 Waiting List size to a /24. There’s a policy currently going on – no, not currently. It was abandoned. So there was a policy about that. It got abandoned – or reducing the size of the block to be issued from the IPv4 Waiting List and demonstrating an active IPv6 deployment.

So it’s kind of like we have this 4.10 space. You can get a /24 to help you deploy IPv6. Then you got the waitlist where you can get a /22, but you don’t have to have IPv6 deployed.

Is there a way to – even with the 4.4 space, is there a way to take all these different pools of IPv4 addresses that are scarce and people need out there and put them into a single pool with the right protections that the community considers getting it to the people out there that really need it? That’s basically for the IPv4.

For the IPv6, we’re really looking at how do we make policy easier. I did give a presentation to the Advisory Council in January about all the IPv6 policies. And I believe one of their Working Groups is working. I’m going through the IPv6 policies and really trying to make them very easy, simple to follow.

It should be – for IPv6, it should be very easy to have a policy that, hey, here’s what you have to do to get IPv6, and here’s the size you get. You fill out this worksheet. It tells you the size, whether you need a /40, a /36, a /48, a /32, whatever you need. Share that worksheet with ARIN, and you should be able to get approved for the IPv6.

We’ve got a lot of words in policy on IPv6. So we have asked the AC to look at that and to work with the community on it.

All right. Any questions, discussions on that?

Ashley Perks: We do have an online question. Hollis?

Hollis Kara: This question actually pertains to the last section. Do you want to see if we have questions about the IPv6 policy first, or do you want to go back?

John Sweeting: We don’t have anybody up at the mics.

Hollis Kara: I was hoping I could maybe motivate someone. It didn’t work.

All right. We’ll go back. Justin Gehrke from Rush University Medical Center would like to know if there’s a concern, as it pertains to the leasing policy, that an organization that has maxed out their IP address eligibility could use third parties to obtain blocks, essentially getting more than they were otherwise entitled to, and then lease back that space.

John Sweeting: There’s not a concern here because it’s not an ARIN policy. There may be a concern with LACNIC. I don’t know how to address that.

If you’re asking if there’s a concern that somebody in the ARIN region could get space from LACNIC, well, they can’t because LACNIC has said it has to be used in the LACNIC service region.

So ARIN definitely does not have that concern. I can have Eddie, again, check with his policy counterpart at LACNIC to find out how they addressed it.

Hollis Kara: Cool. Sounds good. Thanks.

John Sweeting: We’ve got one. Hold on.

Adair Thaxton: I didn’t write this down beforehand so it’s going to be a little disjointed. Adair Thaxton, Internet2.

I’m going to put on my pessimistic hat right now and my rawr, smash, burn-it-all-down hat. And I kind of support the idea of requiring IPv6 utilization before you can get IPv4 utilization. My pessimistic hat says that people –don’t necessarily have a technical need for IPv4 that cannot be resolved by IPv6 at this point. But that’s my pessimistic hat. I think they’d want it for psychological and economic reasons, not technical reasons. So, yay, IPv6.

John Sweeting: Thank you. And now you’ve got Kevin up again.

Kevin Blumberg: Kevin Blumberg, The Wire. There are always historical reasons why somebody can come to the mic and say, I need IPv4 because my legacy equipment from 1983, which I still put on the Internet, my Commodore 64, does not work with IPv6, and therefore this happened with AS numbers, 2-byte versus 4-byte AS numbers, where there was actually a very – and I would go up and say, there’s a very technical reason why you can’t use a 4-byte if you are a transit provider, compatibility, compatibility.

Tough. It’s 2026. I agree 100 percent with Adair on this. There’s no more, I need IPv4-only. We really need to tie it – this is not directed at staff. This is really directed at the community.

So I agree 100 percent with you. And I think that I just saw the UK government today said, hey, we’re turning down a whole bunch of PSTNs, phone central offices, over the next five years. It’s dead tech.

IPv4 should be the same thing. We’re turning it down, not we’re firing up more of it. So that’s the optimist in me. And I also realize the realist in me says we need to allow for niche situations and all that. But our policy should not be dictated by niche situations.

John Sweeting: Good. Thank you.

Lily Botsyoe: Lily Botsyoe, ARIN AC. Just a little bit of an invitation for everyone tomorrow. Our table topic would have discussions around this.

So if you’re excited to talk about the future of IPv4 space and all of that, Brian and I will be waiting for you, so please come. Let’s do some more discussion.

John Sweeting: Thank you, Lily

Ashley Perks: Hollis, you really did motivate people.

John Sweeting: Yeah, thanks, Hollis.

Hollis Kara: That’s what I’m here for.

Roman Tatarnikov: Roman Tatarnikov, IntLos. It’s kind of interesting because on one side my mind was set on, yeah, we probably shouldn’t require people to utilize IPv6 as they request IPv4 addresses. On the other hand, no, we really should start doing that.

And one of the items that I think we should start looking into, is their IPv6 routed. Not just that it’s assigned to their ASN, not that it exists in the records, but is it actually used?

There was one wireless ISP I worked with a few years ago. I deployed IPv6 for them. They didn’t route it through the upstream provider. And no matter how much I would try and encourage them to switch upstream provider or to call their tech support and so on, they wouldn’t do it.

Then there’s another wireless ISP I’m consulting right now, and the issue here is they have really, really good deal at the data center, and the data center does not provide IPv6. So now I’m stuck also in a situation where I have to encourage the data center to deploy it.

And that was the other item that I was going to mention, is we shouldn’t just require people to have IPv6 and route it; but also what we might start thinking as a community, how do we encourage our peers and parties to adopt IPv6? How can we help them?

Because some of those people who wanted to use IPv6, like those wireless ISPs, sometimes they’re just limited by what they have.

And I know that someone is going to tell me it’s a free market, they should just switch to a bigger upstream and better upstream that actually provides it. I agree with you. But those execs, those people, will not do that.

John Sweeting: Business versus technical.

Roman Tatarnikov: Thank you.

John Sweeting: Always good. And I just want to remind everybody in this room: Should be an ambassador for being out there and talking to people about deploying IPv6, everybody in this room, especially because you all have a vested interest in the numbers community. And IPv6, its time has come, I would hope. (Applause.)

Ashley Perks: Thank you, John. It was really good to hear from everyone.

Okay, next up we have Kat Hunter, our Advisory Council chair. She will be giving our Advisory Council – let me hit a little button first; there we go – our Advisory Council Update and On-Docket Report so you can know what’s going on with the AC. Kat. (Applause.)

Advisory Council Update and On-Docket

Kat Hunter: Good morning. My name is Kat Hunter, and I’m the Advisory Council chair. And as stated, this is the Advisory Council Update and On-Docket Report.

So the Advisory Council serves in an advisory capacity to the Board of Trustees on Internet number resource Policy and related matters.

And adhering to the procedures in the Policy Development Process, or PDP, the AC forwards consensus-based policy proposals to the Board for ratification.

The current Advisory Council consists of 15 members. This is the 2026 Advisory Council. Doug Camin is my vice chair. And welcome E. Marie Brierley on your first year of the AC. (Applause.)

AC members are elected to three-year terms. Five seats are typically up for election each year.AC members terms who end this year are Doug Camin, Liz Goodson, Kaitlyn Pellak, Leif Sawyer, and Matthew Wilder.

I was really happy to be able to steal this picture from the NANOG meeting where we presented. You can find the AC in a number of RIR engagements and NANOG meetings as well.

Typically we send two Advisory Council members to each other RIR meetings and each of the NANOG meetings. The last NANOG meeting at the end of the year is sort of back to back with the ARIN meeting. So you’ll find most of us at that meeting as well.

You can find the AC in a number of other volunteering roles: the Advisory Council Working Groups, the Nomination Committee, the Grant Selection Committee, and the Fellowship Mentors.

So what have we been up to since ARIN 56?We’ve had one proposal come in since the last meeting, super interesting one. A lot of space topics, the beginning of 2026. ARIN Prop 349: Taking IPs to Other Planets, or TIPTOP – there we go.

Policies implemented since ARIN 56. ARIN 2025-2: Clarify 8.5.1 Registration Service Agreement. The RSA, as most of us refer to it. This removed the specific requirement within the NRPM that the RSA had to be within the last two versions, as this was considered a business practice.

We’ve had one abandoned since the last meeting, ARIN 2024-5: Rewrite of NRPM of 4.4 Micro-Allocations, as it was considered to be – or it didn’t have the community support that it needed.

So interestingly enough, we have no recommended policy at this point. All of the recommended drafts were either abandoned or moved forward to the Board for adoption. It sort of proves that the Number Resource Policy Manual Working Group, as brainstorm teams, have done a really good job of trying to push some of this policy forward to get to it the next stage.

In order to be a recommended policy, it needs to be impartial, technically sound, and have a good level of community support.

That third part is super important. A lot of people are afraid to come to the microphones, but we can’t move policy forward unless we know that you either want policy or you don’t want it.

So whether you come to the microphone and let us know that you want the policy moved forward or you text or you put something in the chat, a comment, concern, whatever, let us know what to do with the Draft Policies that we currently have because there are six of them.

We have ARIN Draft Policy 2025-1: Clarify ISP and LIR Definitions and References to Address Ambiguity in NRPM Text.

The long and short of this policy is ISP and LIR are in a number of areas within the NRPM. Leif Sawyer is the primary shepherd for this policy.

First attempt was to change everything to ISP. The community didn’t seem to support that. This time around, he’s trying to change that all to LIR and see how everyone feels about that.

ARIN 2025-3: NRPM Section 9, Out of Region Use. This is to reduce the requirement for Out-of-Region Use from a /22 to a /24.

ARIN 2025-6: Fix Formula in 6.5.2.1c. That’s the formula for calculation of IPv6 allocations.

ARIN 2025-7: Make Policy in 6.5.8.2 Match the Examples. That’s to clarify the language for end user initial allocations.

ARIN 2025-8: Reserve 4.10 Space for In-Region Use. Quick reminder, 4.10, we throw a lot of numbers for sections out, 4.10 is the transition to IPv6 space. Currently, ARIN staff treats that space as not to be used out of region. This would just codify that language.

ARIN 2026-1: Taking IPs to Other Planets. That’s the new proposal that came in that establishes a framework for Extra-Terrestrial Networking. This was developed jointly with the IETF group with Alison Wood and Brian Jones, who are shepherds.

So I’m really happy that the 2019 bar is finally gone. That was when the Working Groups had a backlog of topics to work on.

You can see that the policy that has come into the AC is pretty consistent; if anything, going down a little bit.

So the Advisory Council Working Groups. So for the first time, we’re going to have a Working Group presentation. The Number Resource Policy Manual Working Group, being a brainstorming group, is not going to have a presentation. However, the other two Working Groups will.

I’m going to get into the Number Resource Policy Manual Working Group first. So this group initially was focused on taking sections of the Number Resource Policy Manual, finding problems, rewriting it. That’s already been done. The charter was rewritten for this. That team basically works on brainstorming with shepherds that can get writer’s block, getting new ideas, finding places that we can correct text.

The chair is Brian Jones. Lily Botsyoe and Kaitlyn Pellak are also members. And Doug Camin and Eddie Diego are there in an advisory capacity.

We have a Policy Experience Report Working Group. Alison Wood is the chair. Liz Goodson, Chris Woodfield, and Gus Reese are also members. Doug Camin and Eddie Diego are also there in an advisory capacity. Super awesome.

We just had the Policy Experience Report. They typically will take that, evaluate it, come up with some solutions for policy, send that information out to PPML with some sort of proposals or some sort of ideas that the community can work with. More than likely, the community will decide, no, we don’t want to work on that; yes, we’ll work on that, we’ll write it.

And then the third option that does happen sometimes is, we think that’s an awesome idea and you guys should totally write policy on that. So sometimes you’ll see policy come out of that Working Group because of that reason.

The last group was started last year, the Policy Engagement Working Group. The community wanted better ways to engage in policy discussions. So we spun up this group just to see if we can come up with better ways to work with the community.

A lot of people who don’t like dealing with PPML and email had stated it was outdated and things like that. So this was the AC’s attempt to try to work better with the community.

Don’t want to steal too much thunder from that group, because they’re going to have a presentation on the things that they’ve worked on, but some of you have seen an initial survey that went out. The topics that were in that were all things that could have been quick wins for the AC to work on immediately. Another survey is probably going to go out with some more advanced things that we can work on.

And we have Matthew Wilder is the chair. Alicia Trotman is a member. Doug Camin and Eddie Diego are in an advisory capacity. And Ashley Perks is also there from the communications team to let that team know some upcoming training that’s available so we don’t throw things in the survey that’s kind of already going to happen anyway.

And they’ve also been there to help us get some of the stuff posted to the ARIN blog and the websites so that their surveys actually reach people that might not be on PPML and some of those Mailing Lists.

So Working Group proposals. There are none this year. And you can see over time they’ve kind of dwindled down. The ones that are highlighted are ones that made it to the Board for adoption. Crossed out were ones that were ultimately abandoned. And there’s one more still kind of kicking around from 2025.

So join a table topic at lunch. This is actually not going to be today, it’s going to be tomorrow. Policy Engagement Working Group has improving the policy engagement experience. That is Alicia Trotman and Matthew Wilder.

The NRPM Working Group is going to have the future of ARIN IPv4 Allocated Space. That’s Brian Jones and Lily Botsyoe.

Policy Experience Report Working Group, Section 6, IPv6 Allocations. That’s Liz Goodson, Gus Reese, and Alison Wood.

Before I get to questions and comments, just a reminder that the Working Group presentation is up next. So if you have any questions on the survey or the Working Groups, I just ask that you save that for the Working Group team so that they can answer those questions.

But with that, are there any comments or questions?

Ashley Perks: Let’s give it a minute to get some comments online as well. Go ahead, Kevin.

Kevin Blumberg: Kevin Blumberg, The Wire. I know, Hollis, you were looking.

Ninety minutes. That’s what this ARIN meeting has for policy in a block tomorrow at the end of the day. Six policies, 15 minutes a policy. This is a policy meeting. And this is not directed at you as the chair. You’re a volunteer. This is directed at whoever makes up these meetings.

First of all, we are going to run out of head space. Six policies, rapid fire, 15 minutes. Could have split it into two. Could have split it into three. We are going to have a brain drain, first.

Second, I know there’s a very specific reason why it’s at a specific time slot; so that remote participation is not aggrieved, and I fully support that. There’s lots of opportunity for that.

I do not want the community, myself, to have to temper the amount of time that I spend at the mic talking about policy. This is a policy meeting. We all need to do a better job. And if that’s directing the staff, if that’s directing the organizers of this meeting to remind everybody that this is a policy meeting.

And if we’re going to have six policies, we need more time. If we don’t use that time, wonderful. Let’s talk about how we can improve IPv6 policy or something like that.

But I am disappointed that, unfortunately, policy is the thing that gets removed for the benefit of other things, when this is a policy meeting.

So I’ve said my piece, and hopefully we can come up with a way of improving it.

Kat Hunter: Thank you.

Ashley Perks: We are clear online. Thank you, Kat. (Applause.)

Next up, she really hinted at it during her presentation, but we have the Advisory Council Working Group Updates with Doug Camin. (Applause.)

Advisory Council Working Group Updates

Doug Camin: All right. Thank you, everyone. Doug Camin, Vice Chair of the Advisory Council.

So this is a new segment that we’ve put together. We have three Working Groups now. We talked to our Working Group chairs, and we said, hey, what more time – I think, Kevin, even speaking to some of the things you brought up here – what can we do to make sure that we’re creating more engagement time, more feedback time, and updating on the hard work that these teams are doing?

So in between the regular Advisory Council meetings, we have three different Working Groups. They have a regular session of meetings.

One of the things I learned about as Vice Chair is that I have to attend all of them. So I know all the hard work they’re doing. It’s a lot of it.

We’re going to go through the Policy Experience Report workgroup, which Alison is going to present. And then Matt Wilder is going to come up and talk about some of the work the Policy Engagement Workgroup is doing.

So with that, I’m going to turn the microphone over to Alison, and then she will turn it over to Matt. Thanks, Alison.

Alison Wood: Thank you, Doug. Congratulations on your new role as Vice Chair. So happy to have you. All right, you guys, I have had a whole lot of coffee. So I’m if I’m talking really fast go like this or something, and I will try to slow down.

So my name is Alison Wood. I’m the chair of the Policy Experience Report Working Group, definitely one of the top three Working Groups that we have here on the Advisory Council.

I’d like to start with thanking my amazing Working Group of Liz, Gus, and Chris. You guys are amazing. We meet once a month, first Friday of the month, 9:00 AM. And we talk about all kinds of amazing different Policy Experience Report things.

Also, after I get done presenting, Matt’s going to present, and then we’ll take questions at the conclusion of Matt’s presentation. So hold onto your questions. I know you guys will have some.

All right. So we are the Policy Experience Report Working Group. We focus on taking real-world operational feedback from the community, from the ARIN staff, and that is captured in the Policy Experience Report that you guys just heard part of from Mr. Sweeting.

We review these reports after each policy meeting, so twice a year. And then once a year, in January, the Advisory Council meets, and we have a face-to-face meeting. We get a Policy Experience Report after the conclusion of that meeting. So we have a lot of work to do, as you can imagine.

All right. So we’ve had one proposal that came out of our group in 2023, three in 2024, two in 2025. 2026, we’re optimistic that we’re going to have several, especially after I present to you guys today.

All right. Phew, what’s hot? All right. So right now we’re focusing on a few areas where policy might be outdated, overly complex or inconsistent with current operational philosophies.

So these include the potential elimination of rarely used transfer criteria. We would love to simplify IPv6. It’s a little confusing. And there’s some overlapping IPv4 allocation policies. So we are reviewing those as well.

All right. So we’re going to start with the NRPM Number Resource Policy Manual, Section 8.5.7. Section 8.5.7 allows organizations to qualify for IPv4 transfers using alternative criteria instead of standard needs-based approaches.

We’ve found that this has been really limited. I think that staff said we’ve only used this one time ever. And so our Policy Experience Report Working Group is seeing if this is something that’s necessary. And also we found that it’s kind of complex. Man, there’s so many of these.

All right. So I would love to get feedback from the community on the usage of 8.5.7 – sorry, I know you guys are like, slow down, slow down – anyway, to see if removal would simplify the transfer framework.

IPv6 initial allocation simplification. I’m sure that universally everyone would love to simplify IPv6 transfers, allocations, all parts of it. So we found that the language may be more complex than necessary, that we could definitely improve the criteria for getting IPv6, super confusing, and that alignment with modern IPv6 deployment practices may be beneficial.

So there’s a lot to talk about with IPv6. And there’s a lot that we’re working on inside our Working Group.

All right. So I would love to know what qualification requirements that you guys think that we should be working on for IPv6. We need to improve clarity for any new LIRs or ISPs, depending on how that policy comes out, and maintaining consistency with operational realities. So, so exciting.

All right. So inter-RIR transfer discrepancies is a big one that we’re working on. I guess I have to stay behind the mic. So as Mr. Sweeting presented in the last meeting, I can’t remember where it was, in Texas, we found that there is a lot of IPv4 space that’s going out and maybe less that’s coming in.

And there’s a lot of discrepancies in the transfer policies. And so our Working Group needs to address what those discrepancies are, if it is beneficial or detrimental to ARIN, and perhaps if there’s policy that needs to be written regarding those transfer policies.

We’ve had a lot of IP space go to RIPE last year. And it’s kind of important to find out if there’s any changes that need to be made to our reciprocal policies so we’re following the spirit of what the community wants and what’s best for the community.

It’s super interesting. I don’t know if you guys had a chance to look into that. But it is amazing, definitely something that our Working Group needs to spend a lot of time on.

All right. So we also have multiple IPv4 direct allocation policies. So our Working Group is reviewing Section 4.1.8, 4.4, and 4.10. Sometimes there’s some vulnerabilities in these policies where they may potentially bring on abuse. Sometimes we see it in 4.10 space. Definitely is something that the Working Group is reviewing and something we would really like your feedback on.

One of the things that we’re doing in the Working Group is reviewing how these policies are used operationally and looking at simplification of those policies. I think that one of the best things that’s come out of the Policy Experience Report is ways that the community can benefit from the NRPM and the policies in it.

So we’re working really hard with your feedback and staff’s feedback to make sure that the NRPM is as useful as possible.

All right. So that’s my last slide. So one of the things I really wanted to talk to you guys about is the PPML. So there is a lot of useful information on the PPML if you are not already on it. And if you need information on how to join the PPML, please come see me. I would love to talk to you about it. But it’s one of the main ways that our Working Group communicates with the community.

So where we may have suggestions, we may need your feedback. And with that we really need to have everyone engaging in the Mailing List and then able to respond to questions that we have, to give us feedback – am I talking too fast? – anything like that. So super important that we communicate with that.

And let’s see. Hang on. And then also the Policy Experience Report Working Group really welcomes any communications with you guys. So we’re here, and we have a table topic at the lunch tomorrow, but we’re all around.

And so it is our job, our mission, our goal, our hours of volunteer work, to make things better for you. So please, please don’t hesitate to talk to us, to give us your feedback, to share any information or any ideas that you have that might make the ARIN NRPM better and easier for you to use.

That was super-duper fast. There you go, Kevin. I got some time back for us. Anyway, I’d like to turn it over to Matt Wilder for the Policy Experience Working Group update. And I will be close by if you guys need anything.

Ashley Perks: Good luck matching that energy, Matt.

Matthew Wilder: I know, okay, I’ll do my best. And I think I’m the last thing between everyone and lunch. So I’ve got a captive audience here. So, yes, happy to present to you our Policy Engagement Working Group, what we’re up to. So what is this Working Group about? Let’s talk about what is our purpose and what is our scope.

So this is our charter. Our purpose is to engage and promote awareness for engagement, for informed participation by the ARIN community in the Policy Development Process.

And the scope is how we want to do that, and we want to work in coordination with the AC chair and relevant staff. So obviously we’ve got communications here to increase community awareness and participation in the Policy Development Process or PDP.

And we want to explicitly look at different ways that we might explore how we engage, what kind of tools and what kind of methods we use to engage with the community, to get community feedback. Because that is, as has been mentioned, very, very important to us, to understand what the community wants.

So, surveys. We’ve heard talk about surveys. You may have seen surveys or even filled them out. Keep your eye out for more. But we’ll talk about what we’ve done so far.

Today, if you look at how we engage in policy development, we have two platforms, effectively. We have PPML, or the policy mailing list, and then we have the Public Policy meetings, like these meetings here.

So these are our two core platforms for how we engage in developing the policies that we might put into NRPM, or the Number Resource Policy Manual, and we want to look at how we can explore new ways of engaging in those discussions that might be more modern perhaps.

By the way, does anyone know what year email was invented? I looked it up. It’s 1971.

Apparently on ARPANET someone was using email. I was going to make a joke, “Come here, Mr. Watson, I need you,” or whatever, like that’s the first phone call. I don’t know what the first email was. But there you go. So it’s an older platform.

It is obviously ubiquitous. So it’s convenient. We understand it. If we do go to a new tool, or add a new tool, we obviously have to make sure it conforms to the principles that are very important to the Public Policy concept, how we develop the policies.

So, yeah, we’re using surveys to kind of engage and explore those different ways we might enhance how we communicate with you, the community.

If you have a phone handy and you want to take a look at the survey results that we’ve got. So we’ve had one survey so far. You can scan this QR Code, and you’ll be taken to a blog that came out last week, and this blog explores what is the feedback that we received. We had around 40 survey responses for our first survey.

The first survey didn’t look at the tools that we’re looking to think about introducing. It was more about what kind of things could the Advisory Council do to make ourselves accessible to the community and help in the development of policy.

So have a look at that. I’m just going to highlight one question that we asked in the responses that we got to it.

This slide is showing you how many people or what percent agreed to the idea that this might be a useful thing to introduce. It’s a bit of an eye chart.

So you can feel free to pull it up on your – you can pull up the slides for any of these presentations from the ARIN 57 website. But I’ll read it out to you as well.

The first one here is online surveys on new Public Policy proposals. So imagine if a new policy comes along, shepherds who want to get a sense of the community’s initial response to a different policy that’s being proposed, they might put out a survey and get just a quick litmus test, how much does the community feel we should explore one avenue or another or whatever it might be. This is kind of one tool that we could very easily adopt.

And another thing we have is a self-service training or videos on ARIN’s PDP, Public – I’m going to keep getting this wrong – Policy Development Process, and NRPM, Number Resource Policy Manual.

And I don’t know if you know this, but ARIN has ARIN Academy. So this could be, you know, training modules that fit within that platform.

So another might be to publish a monthly policy activity digest. Again, not everyone’s able to keep up with all the emails on a Mailing List. So an archive or a digest of what has been happening recently might be useful to some people.

And then we have a few more suggestions, like virtual Advisory Council office hours to discuss policy. Or we have policy engagement sessions in the fall NANOG meeting. Something we did in the most recent NANOG.

We have virtual and in-person workshops on proposals under discussion, and then virtual policy help desk for proposal authoring. So some authors may come along and they want just a little bit of help in submitting their policy in a way that is most effective.

So these are ways that we’re thinking about making ourselves available.

So the next phase of surveys will probably focus more on how we might expand the tooling the platforms that we have. So we talked about the Mailing Lists. We talked about the Public Policy Meetings.

And if we were to introduce a new tool, let’s just say something like a Discord, something where it’s easier to get really interactive and drill down into different areas of policy, that’s kind of what we’re after is looking at what might those tools do, what does the community need them to do.

Of course, we do need to make sure it conforms to the principles that are very important to PDP.

But what other requirements does the community have? What kind of features does the community want to see? So that’s the kind of thing we’re thinking about, we want to you start thinking about as well, as we develop those next surveys.

And really what we’re thinking about is how do we minimize that friction of engagement? How do we maximize ease of engagement? And how do we foster a sense of community?

I think all of us, you know, can commiserate with certain experiences on PPML, or whatever it might be, there’s some strong opinions from time to time.

So making sure that we’re receptive is always in our benefit, but we’re thinking about how can we have platforms that kind of give you that sense of community more effectively.

So I invite you to think about those as well. Okay. So, again, I’ve said it several times, watch for those surveys. We would love to have your input as we go about this.

Questions and comments? Again, feel free to ask questions of other Working Groups. We’re all here for you. (Applause.)

Ashley Perks: We’ll take the first question at the mic.

Mike Burns: Mike Burns, IPTrading. My question is about using a different tool in addition to email, such as a Discord server. I know that Discord has capabilities that email doesn’t have. But is there a provision for a mirroring of posts on Discord to the PPML to facilitate the transition?

Matthew Wilder: This is going to be a part of that exploration. We have to think about how do we make sure it’s streamlined. So this is going to be a very functional task for staff to really think through mechanics on how to streamline that. So we don’t have an answer for you on that, Mike, just yet.

But I would say that is one of the ambitions, is we want to make sure that we’re not fragmenting and fracturing needlessly that experience.

Mike Burns: I have one more, if I could sneak it in. On the issue of addresses leaving ARIN towards RIPE, do we have a number reflected as, say, a percentage of ARIN’s holdings?

Alison Wood: Absolutely. That was given at the meeting in Texas, and I will get it to you here in just a moment.

Doug Camin: I’ll just real quick jump in on the question about the Discord server or any of these other, like, topics or tools.

One of the key elements here is making sure – and I think in past meetings, not necessarily Discord, but any of these types of things that have come up, one of the things that we have for ARIN is making sure that the discourse itself is always documented. There’s a need to make sure that you can go back and look who said what, what did they say, what were the conversations, and things like that.

So one of the threads we want to pull through with all of these is, while we’re polling the community to understand what they want to see, we’ve got to make sure that it fits with the nature of how ARIN has to conduct business to ensure that there’s continuity that we’re meeting the various legal requirements and other things that go with that.

Ashley Perks: All right.

Kevin Blumberg: Kevin Blumberg, The Wire. Doug, I think that means you need to get rid of table topics because it’s not being documented. Just – I think that there’s absolute place for documentation. But what you just said is not congruent with how things are done.

All of the discussions with the ARIN Advisory Council would need to be transcripts and not just decisions, if that was the way. Just be careful on that one.

There is a difference between Discord, there’s a difference with mailing lists, and there’s a difference with bulletin boards. And I have already commented on the PPML quite significantly on that because I was very disappointed in this survey.

If anybody here is a little older, as a kid played Choose Your Own Adventure books, that is what that survey was. I was given a very, very specific path to follow of what whoever the authors were looking for, and it did not give me any ability to actually say what my concerns were. It was almost like an outcome was being sought after rather than opinion.

And that was why I brought up Discord because it wasn’t in the survey. The very first thing was not there. And this is not directed at an individual in any way, it’s just part of the planning.

The question is, what is the purpose? And PPML is obviously not working the way it used to. That doesn’t mean it’s not working. It’s just not working the way it used to, and that’s because people have changed.

Is Discord the perfect answer? No, because it is a live communication. It’s great when you say, hey, everybody, we’re going to get on at 3:00 in the afternoon, let’s have a scrum. Let’s talk about stuff, and you can move things forward. Discord is great for that. Discord’s not great for, hey, I want to come back to and see how the policy is going for the last three months.

A bulletin board is much better for that. You tie that with a mailing list. I just want to look at this policy. I want to see what’s being said. Here’s the place to go for it.

I would love for the committee to spend more time looking at those areas, how they can be improved, because PPML, for the tenth straight year, is in decline. At some point, people like me just aren’t going to be around posting.

It’s just going to be the way it is. So people need to come up with who and what is being used today, not what was from the 1970s.

Matthew Wilder: I’ll just say on the survey, feel free to find me at any point – or Alicia as well – at any of the breaks. Love to talk to you about surveys. And we haven’t formed that next survey yet; so happy to incorporate any feedback into that survey to make sure it’s an effective one.

Doug Camin: I wanted to comment, Kevin, your statements about like the legalities. I guess my statement was just meant to be a generalization that we always have to be careful about how we’re following the procedures and process, well above my pay grade as a volunteer, to decide which – what is legal and what is not legal or what we’re going to do.

Your point’s well made, and I totally agree with it. My statement was meant to just be a generic kind of like we’re looking at that stuff and that’s what we have to keep in mind.

Roman Tatarnikov: Roman Tatarnikov with IntLos. I would say also what would help is if we have a list of different platforms and proposals that were done and the decision that was made on them.

Because if someone can see this list, then they can be like, oh, what I was going to propose was already decided on and so I don’t have to repeat it, I can come up with something new, kind of like that.

Doug Camin: So, Roman, I think some of that is available on ARIN.net where you can see the old policies and stuff like that, but it may not be in a way that it’s easily accessed.

If, like, there’s some challenge there, let’s have a conversation, because that’s part of how we want to make sure that’s how we’re doing that engagement. There’s a whole list. We can see every proposal going back 20-plus years. But if you can’t find it easily, then it’s not helpful. That’s what we want to make sure.

Roman Tatarnikov: Small clarification, I don’t mean like a list of proposals, but proposed platforms, like a spreadsheet of, hey, here’s the platform that was proposed and that was decided.

So it’s not even a proposal per – as an – not really a proposal but more of an idea of something that people were, like, trying to come up with.

Matthew Wilder: I’d like to comment to say that we’re not going to jump into solutions, I think, at this point. Like, we’re really trying to gather from the ground up what sort of things do we need to see in any kind of platform.

So I wouldn’t be surprised to see it take a few iterations, and we’re going to have to work very closely between the AC and staff to make sure whatever we’re exploring is even feasible, right?

So I have no preconceived notion of what platforms are even really candidates at this point. So we’ll take it step by step, and we’ll let you know and keep you informed, for sure.

Roman Tatarnikov: Thank you.

Tina Morris: Tina Morris, AWS, ARIN Board. I did the survey. First, it was kind of hard to find if I didn’t have your QR code on the website. So that would be one suggestion.

And then I also wrote in Discord. So piling on to what Kevin said, don’t let perfection get in the way of progress.

And the NANOG community also had this problem with the NANOG Mailing List. We had young people come to the meetings, and we did surveys and asked them if they would consider joining the Mailing List, and it was a flat-out no, never, ever, under any circumstances will they join a mailing list.

The ARIN community is also experiencing that. We need to have alternative streams. And personally, you may not believe it, but I’m a bit of a shy introvert at times, and so I’m hesitant to post broadly on a mailing list. But if there’s a channel about a specific topic, I’m happy to put a comment in there.

And we have people that have an abundance of time and respond in two seconds, and we have people that can only look at it once a day. Being able to split out the comments and be able to respond directly really allows for much broader participation. So please give that some consideration.

Ashley Perks: We have time for one more.

Andrew Dul: Andrew Dul, 8 Continents. I’ve been coming to these meetings for probably too long, and things have changed over the years. That’s not a bad thing; it’s about this process becoming more mature and more repeatable.

But the people have also changed. And the people who were here 20 years ago, when I was coming to these meetings, are no longer here. So one of the questions we need to ask ourselves is that are we getting the right information from the right people?

There are 25,000-plus members of ARIN. There are maybe – I’m going to guess – 20 people in this room who are not sponsored by ARIN or an RIR and are an operator. Maybe. Those are the people that actually do the work. So those kind of ideas around who should be here and how do we interact are important questions to answering how do we do it.

So we have to go back a little bit to who do we need here, how do we communicate with them, and what is the best way to capture that information so that if you want to figure out why there’s a Multiple Discrete Networks Policy, you can go back and read it in the mailing list archive from, whatever reason, whatever year that was.

But those kind of conversations are going to happen again. No, they don’t have to be perfect. But we do need a record of most of the conversation that happens that forms this because this is a public process for a public resource.

Thank you.

Ashley Perks: Thank you. And thank you, Doug, Alison, and Matt. (Applause.)

Okay. I’d also like to invite John Sweeting up before we break to lunch. He promises it will be really quick.

John Sweeting: Just before we break for lunch, I want to thank everybody for the conversations that we’ve just had. I know Hollis, our Director of Communications, is very interested in that. Ashley as well, our manager. They absolutely want to drag us into the future and find something, some kind of platform that can work for policy and discussions.

I also want to make it very clear – sorry – that we do not constrain the time given for policy discussion. The Policy Block is not the only thing that is related to policy, as we’ve had about like two and a half hours of policy discussions already today about other policies, other regions, how it affects us. So I do want to point that out.

Our main goal in the Policy Block, whether it be three at a time, six at a time, is to start on time. We always have to start on time. We can’t start early. We can’t move it. We have to start on time.

We take great care, Hollis and her team, when they’re putting the agenda together, to make sure whatever comes after Policy Blocks can be moved or eliminated or whatever. Usually not eliminated. Usually moved to another time slot so that we can extend the Policy Block timing. We just can’t start it early.

I know, Kevin, you have a suggestion, we do the policies, we scatter them around the agenda. We have just as many people saying: We want to have the Policy Block, we want to talk about the policies at one time.

If we had eight policies, there’d be two blocks. We had five. We had another one added really late in the timeframe, which gave us six. So we were looking at only five when we planned the whole agenda. So we extended it out for the six of them.

So, really, staff and the comms department puts a lot of effort, along with Eddie and along with Kat and the Advisory Council. We don’t take policy lightly. It is why we’re here. It’s what we want to talk about.

John, do you want to say anything, or you’re good?

John Curran: So, when we are doing the meeting scheduling, we get the requests from the AC regarding what policies are going to be discussed and how much time they need, and they get that time.

So if you want one of them to ask for half-hour slot, talk to the shepherds, say, “You should have asked for a half-hour slot.” We would have given it to them. We don’t have any constraints on time.

In fact, we have the opposite. Sometimes we have to say, “Hey, you all have short presentations, and we allocated more space.”

But if they want more time, they get more time, and that’s what gets scheduled. That’s the first and foremost constraint, is getting the policy done. So we don’t have any artificial constraints here. If the shepherds want more time, they can.

The challenge is, at the end of the day, though, we do have to get it set before the meeting. As John said, we have some flexibility at the end, but we do have to get it set so people know when the Policy Block is going to actually happen.

John Sweeting: Thank you, John. Any questions on that? Anybody have any questions on the agenda? We’ll take all the input you want to give us on how the agenda is set up. Hollis and her team go to great efforts. We have remote participation to juggle. We have videos to juggle. But policy cannot be juggled. Policy has to be set in stone, and we have to start with that.

Yes, Kevin.

Kevin Blumberg: Kevin Blumberg, The Wire. I’m not new here. I think everybody will know this. You set the discussions to the time that is allotted. You tell the shepherds, “We’d really like you to keep it within 15 minutes.” They come up with slides that are within 15 minutes.

I was doing that, John, back in the day. There was, hey, we’ve got 12 policies, how can we do it? I’m trying to point out that there’s a problem. I’m not looking for the exact solution right now. I’m not looking for it to be justified. But policy blocks have gotten shorter and shorter. They’ve gotten compacted.

I don’t want eight blocks. I’m not asking for that. I’m not asking for solutions today. I’m just saying it has been compacted into one end of the meeting slot. Please be careful with that, was all I was asking.

I think it can be improved. I think it can go back to the way it was done, which is to give a little bit more time and a little bit more deference to the importance of the policy blocks.

I know policy is part of the meeting, but not the policies that are on the docket for now. That has been pigeonholed. I’d appreciate it’s not end of day where people are tired. Let’s be realistic and not shoot the messenger. Thank you.

John Sweeting: Thank you for your input, Kevin. Anybody else have any input? I will remind you, Kevin, I was the chair of the AC for six years. So I do know how this worked before as well.

John Curran: So, Kevin, I would ask that you speak to the ARIN AC and that they tell us what they want, because what they want is what we’ll give them. We’ve had it go back and forth. We have had people who said, I want to be at the meeting for the policy day, which makes it difficult to spread it over two days.

But if the AC says we want it over two days, we’ll do it over two days. If they want it in one, we’ll do it in one.

Truly, it’s first and foremost. But I don’t think the staff should be trying to digest and guess what the community wants. I think the AC should be telling us.

Ashley Perks: Thanks, everyone. I do think we do need to break to lunch. Can we maybe save that for the Open Mic?

Lee Howard: I’m going to suggest people fill out the surveys at the end of the meeting.

Ashley Perks: Yes, that’s also true. We do get a survey at the end of the meeting.

All right. Well, thanks for a very exciting first experience for me. We will break for lunch. I do want to say lunch, although we have been talking a lot about table topics, they are not today. They are tomorrow. Don’t let that stop you from having a discussion anyway, though.

Lunch will be downstairs in the Daisy Room on the second floor, same place breakfast was. And we will be back at 1:30 for our IPv6 keynote with Inder and Nick. Thank you all.

(Lunch break from 12:19 PM to 1:30 PM.)

Hollis Kara: We are back. I’m going to try to honor the schedule. It is 1:30, so we are going to kick it back off.

We have two remote presenters online for our IPv6 keynote, Inder Monga and Nick Buraglio from ESnet, who are going to talk about early adoption and what they learned. Do we have them online? We’re going to bring them up. There they are.

Hi, guys. Can you hear us?

Inder Monga: Yes, we can.

Hollis Kara: And we can hear you. That means you are a go for launch.

Inder Monga: Sounds great. Can you see the slides as well?

Hollis Kara: We can see the slides.

KEYNOTE: The Nine Lives of an Early Adopter: Leading Cats to Water in the IPv6 Era

Inder Monga: Wonderful. Thank you. Hi, everyone. Thank you to the ARIN team for inviting us to give a keynote. Both of us are really sorry we cannot be there. There were some family commitments that prevented both of us to be there. But we would have loved to be there and be part of the ARIN community.

So thank you again so much for giving – for allowing us to give this talk. Really excited to share our perspective, our view, and where we think we are, and end with a call to action.

So the title is Nine Lives of an Early Adopter. You know, I went from the Nine Lives to the Schrodinger Dead or Alive, and the state we have been in is IPv4 more than IPv6. And I think many of you will agree that the state we want to be in is more IPv6 than IPv4. And maybe some of you in the audience will disagree, but that is what a discussion and debate is all about.

Now, let me take an example from what is happening in AI today. Now, this slide was created by AI. So I don’t know how much to believe in this slide.

But if you really look at this very busy slide created by Gemini, the thing that I want you to key on is what was said by Jensen in GTC: That there will be a fleet of AI agents that will be supporting every human. And his guesstimate was that by 2035, there will be 100 AI agents operating for every human being on this planet.

Now, at this point, with wave one, that I would call it, which is AI copilots, you know, the ratio is around 1 to 1,000 right now. And if you go to 1 to 1, maybe by end of this year in 2026, or 2027, and you say there is one AI agent – or human being that creates, you know, around 10 billion agents, but if you do really believe in a 100-to-1 ratio, we will have 900 billion agents running for every human being on the planet.

And that does not mean that every human being does not have their IoT devices, multiple devices per person, or if you think about the enterprise amount of connected devices that are there.

So you can imagine this huge explosion of endpoints. And you can say that the IPv6 designers were prescient, because they built an address space that can easily handle this in its sleep and even more.

So my point is that only IPv6 can handle this AI onslaught. Can you imagine running all these agents and giving them IPv4 private addressing and running NAT in order to have 900 billion agents maybe talk to each other, talk to the Internet?

So, in my mind, for AI to succeed without friction, we need simplicity, which is elimination of the many middleboxes that are there because of IPv4; consistency for end-to-end automation, so one addressing scheme so we are not thinking about which domain are they on, are they on a private domain or not and how do we actually make end-to-end work; and hyperconnectivity, so no matter where the data is, information is on your AI agent, which could be a mixture of experts wants to talk to, you should be available.

You must be watching this funny picture I have on the slide, which says ‘Something Is Wrong!’, because many of you are thinking, ‘Hey, does each agent need an IP address?’ Maybe, maybe not.

If you give the problem to the application designers and say, ‘Sey, application designers, come up with your own addressing scheme to address the agents, we will just stick to the IP address on the NIC or the docker container or whatever,’ then I think you are making what is on the right come true, which is telco becomes the dumb pipe and it does not gain any value from this revolution that’s happening.

So if you want to play in the game, we need to be in the game, and we can be in the game if we adopt IPv6.

Now, that is my initial pitch. While you think about that, we’re going to share with you something about ESnet so you understand what perspective we are coming from, background of ESnet as being an early adopter, and then I will turn it over to Nick, who is going to tell us where IPv6 is today, and then we’ll bring it to a close.

Now, the reason we chose the title ‘Nine Lives’ is because IPv4 has been alive longer than we thought. So it has Nine Lives. And IPv6, which could have died away, has been alive and still going strong longer than we thought. So both of them have had nine lives.

So what is ESnet? ESnet is DOE’s data circulatory system, and it circulates data between the National Labs, the immense amount of investment of public money in user facilities and science instruments worldwide, the public Internet, the cloud, and the global research and education network.

ESnet itself is a research and education network connecting all these national labs together. Now, our vision is very simple; that scientific progress is completely unconstrained by the physical location of instrument, people, computational resources, or data. That is, no matter where interesting data is, no matter where the best instrument is, we should be able to get data from it and connect to it.

And our mission is very simple. We need to build networks that accelerate science. And as you know, science and scientific discovery is very important and has led to the advances in the human race that we have today.

So just giving you a very high-level view of ESnet by the numbers. So we operate on our own infrastructure. We have 15,000 miles of leased dark fiber in the continental U.S. That means we have 79 POPs, and we operate our own amplifiers or at least have leases in locations where we have our own amplifiers and our own 319 locations across the US.

We have seen unique data on our backbone from 31,000 organizations around the world. We peer extensively with around 270 active peerings with R&E, commercial, and other networks around the world.

And we build huge amounts of pipes to our customers. We have around 14 sites connected at 400 gigabits or higher. Our backbone, if you add up all the lit capacities, around 85 terabits per second, with connectivity to Europe, which we operate both on Spectrum and bot circuits at 2.7 terabits per second. And we moved around 2.6 exabytes of data last year.

We do measure how we operate and how we perform, and we have more than 100 percent sometimes – sorry, up to 100 percent uptime for many of our sites. And our customers, through an independent survey, rated the service they get in terms of user satisfaction at 4.95. So we not only do what we do, but we do a good job at what we are able to do for our National Labs.

Now, if you look at our traffic growth, it has grown significantly since 1990. We have been around for 40 years. This year is our 40th anniversary. And we have kept data since 1990 onwards on total data moved in or out of our network. And we moved around 2.6 exabytes of data.

The only dip we have seen was in 2020 during COVID time when the National Labs shut down for a couple of months during that time.

Over the years, we have built many generations of ESnet, and all of them have been innovative, not because we can say that looking back – because at every stage, we were looking forward on what the science needed in order to scale, in order to be effective.

So you add in IPv6 support in production in 2004, but started working on it in ESnet2. And ESnet6, we built an IPv6-only management plane that Nick is going to talk about.

Let me give you a very quick history lesson of our play, ESnet’s play in IPv6, and then I’ll hand it over to Nick.

So this slide represents the various touchpoints between IPv6 and ESnet on a historical timeline. So let’s take a few highlights.

So when the IPv6 spec was a draft, which is now RFC 1883, but was a draft in 1995, we started actively working with Sun, Digital, KAME, and Cisco in the development and testing of IPv6 early code. As you know, IETF is running code and rough consensus, and that’s what we were doing to help with that.

In 1996, we ran through overall management and coordination for the 6bone, which ran from 1996 to 2004, before it was phased out. This was an informal collaborative testbed for IPv6 that we provided the overall management and coordination for.

Just from a timeline perspective, ESnet was not involved directly with that. RFC became a standards track, RFC 1998. By the way, we were the first production IPv6 address that ARIN allocated to us in 1999. And probably that is the reason ARIN invited to us give the keynote today.

We established an IPv6 research and education network for promoting the introduction ofIPv6 into production. There were many participants, both R&E and commercial companies. And we have a list of participants from July 1999 there worldwide, WIDE, SURFnet as well, that played a role in forming the 6REN.

We started figuring out how do we build IPv6 Internet Exchange Points. So we collaborated with a research and education network north of the border, CANARIE. Bob Fink was in ESnet at that point in time and formed something called the 6TAP project. So we could do IPv6 interconnections into startup and provide early production networks the ability to build and demonstrate IPv6 applications.

And in 2004, and since 2004, we have been supporting IPv6 as a fully production service in ESnet, no matter which generation of network that we built.

So that is where we are today. That is where we are speaking from, from the deep history and knowledge of running IPv6.

And I’m going to turn it over to Nick who can talk about where we are now.

Nicholas Buraglio: All right. Inder set the stage for me to tell you a little bit about running IPv6 and where it’s going and where we think it’s going to head.

I’m Nick Buraglio. Can you go to the next slide, please, Inder?

All right. So for most folks, dual stack is probably the steady state that they’ve been in either for a while or that they’re looking at. And that’s been around for quite some time. It was originally considered to be a transitional state, which I believe it still is.

It came around the time that RFC 3484 defined the source address selection, I think is when it became a reasonable deployment model. That was published around 2003, so roughly 23 years ago.

That defines, RFC 3484 defines that when you have more than one protocol what the selection algorithm is. And that’s what allowed dual stack to sort of function in a way that made sense consistently across multiple platforms.

That was eventually replaced by RFC 6724, which modernized that quite a bit. Side bar, that’s soon to be replaced by an update to 6424 that further updates that. RFC 6724 was in roughly 2012. So it’s a little bit old at this point.

And that’s augmented by a technology called Happy Eyeballs, which, on top of the source address selection, allows an application to do essentially a test to see which protocol performs better, and then use that one.

So this has allowed multiple protocols to exist across the global Internet for quite some time now in this transitional state where if one doesn’t work, you can use the other one. It was never really intended to be a permanent solution.

Next slide, please.

Now, right around the time that the World IPv6 Day happened, which was June 6th of 2012, you can look at this screen capture from Google’s IPv6 statistics page here, that’s when it starts to kick up a little bit.

That’s roughly around when RFC 6724 was published. People start to think more seriously about IPv6. Prior to that, you can see here, it was sort of just steady state. But around 2012, it starts to go up a little bit.

Now, this is a short timeframe here in this graph, but it’s meant to illustrate that this is where people started to think seriously about it.

Next slide, please.

Okay. What does all that really mean? Making IPv6 the default chosen protocol in the source address selection within RFC 6724, RFC 3484 was staging it for success. If you have both protocols, you want to use the newer one.

By today’s standards, you want to use the current one because IPv4 is no longer being developed within the IETF. There’s no standards changes to IPv4. If you have both, you want to use IPv6. It’s the current protocol.

However, there was an unintended side effect of that, and I’m going to go into this fairly extensively, but just at the high level, the unintended side effects of dual stack were that, one, it allowed you to use IPv6, right? Because it’s preferred. However, it might obfuscate significant issues within IPv6 connectivity because it fails down to IPv4 if IPv6 is broken.

And that makes troubleshooting hard, and that makes it more complex. Or, worse than that, it can hide the need for the troubleshooting. So operationally running two protocols is not necessarily a good long-term strategy.

Happy Eyeballs does the same thing at the application layer. So you add a bit of complication and complexity on top of a bit of complication and complexity when you’re running in a dual stack transitional state for a long period of time.

Next slide, please.

Now, Inder talked about all the science data that we move around. Now, we do a significant amount of traffic. High-energy physics is a very large contributor to that volume of traffic that we move.

If you see this graph here from our management platform that we run, you can see that the IPv6, being the orange line there, is pretty high. It hits 90 percent traffic. Now, this is high-energy physics data moving from places like the Large Hadron Collider at CERN to the National Lab complex.

They’re actively removing IPv4 from their networks. So they want to reduce that complexity. So you can see here that 90-ish, 80 to 90 percent of the traffic that’s moving around volumetrically being very large is IPv6-only. And they’re actively pruning out IPv4.

Next slide, please.

To give you a numerical view of that, when I say big volumes, if you look at this traffic over time, you know, IPv4 volume is in the terabytes. 529 terabytes, sure, that’s quite a bit of traffic. But if you look right to the right of that, 4.3 petabytes of traffic is significantly larger, and all of that being IPv6.

So the high-energy physics community has realized that there’s no downside for them to remove IPv4 and run in an IPv6-only world. And they’ve been doing this for quite a while. They do very innovative things with IPv6 as well. You know, the tags, specific things in the addresses so that they can flag them across the network. They do a really lot of neat stuff with that.

Next slide, please.

This is just another view volumetrically of IPv6 being significantly more in a scientific research project that runs across our network.

And the point being made here is that, one, you can run without IPv4 at a significant performance; and, two, that the age-old and seemingly never-ending response of no one is asking for IPv6 is just simply not true, right? This is all happening. It happens daily across the backbone of our network.

Next slide, please.

Okay. So to boldly go. I had to put a Star Trek reference in because why not? November 19th, 2020, many people know of the OMB mandate completing the transition to Internet Protocol version 6. This came out as a draft in November. It was very soon after that made an official policy.

Because of the history that ESnet has, not just within the Department of Energy but in the federal government complex as a whole, having so much experience with IPv6, you know, we were brought in pretty early to help with the DOE as a whole.

However, before that – next slide – Inder mentioned that we had been working on an IPv6-only management plane.

And so this predates the OMB mandate by a handful of years actually. So as we were designing the current version of our network, which we call ESnet6 – it’s version 6, not to be conflated with IP version 6, just no pun intended – we decided that it would be interesting to see if we could build an IPv6-only management network. We started prototyping it out just to see if it was feasible. And we realized that we could probably do it.

So this was no small undertaking. This includes everything from the optical network – so all the DWM shelves, the transponder shelves, the ancillary equipment that runs in every POP, you know, PDUs and batteries and switches and all the things that you need to actually run a POP, IPv6-only.

It was a years-long project, and one of the things that it did is it forced us to have significant engagement with the vendors, because we were – again, this was before the OMB mandate. There wasn’t a whole lot of people asking for IPv6-only at this time. So we had a lot of dialogue, a lot of testing, a lot of collaboration with vendors to help set this up and make it work.

Next slide, please.

So we were ahead of the curve. When the OMB mandate was published, we already had all these processes in place and testing and environments for determining the IPv6-only viability of any given device that we needed to use.

And because ESnet had this long history of IPv6, we also had a lot of internal knowledge of just the protocol in general because we’d been running it dual stack for a very, very long time.

This positioned us really, really well as a leader within the U.S. government for these transition projects. And it left us really well prepared for the DOE’s IPv6-only pilot network. But more importantly, it showed us how to interact with both the vendors, who we needed for their equipment and their software, and the constituents who are going to be using it.

I think that’s really the key that made this possible was that very last bullet point. It allowed us how to communicate and ask for the things we needed and help get them.

Next slide, please.

Okay. So you might be thinking the pilot’s probably the management network. No, we decided not to use that. What we wanted – because the management network is a specialty network, right? There’s really no users on it.

And so it wouldn’t give us the full view of what it’s like to operate without IPv4 because no one comes in with a laptop, plugs in and works there all day. Right? It is meant for managing remote POPs. So we built – the pilot network is actually the network that is my office. So there’re two floors on this building that I’m in, have ESnet offices in them. And they have been running IPv6-only for almost six years now.

This design here, very simple, right? The lack of complexity in this shows how we tried to just come in, run this as easily as possible to see how it would work.

And it’s largely the same today. It’s a daily-use office. There’s people in and out of here almost every day, not on the weekends usually, but pretty much every workday there’s someone here doing stuff. There’s no dual-stacked host. Every host we have on the network here does not have an IPv4 address, only IPv6.

We have a NAT64 commercial product in there, a DNS64 running for address synthesis that’s an open-source project. And all this was set up prior to there being the client address translators on all the systems. That only existed really on mobile devices. So we really got to taste what it was like to have IPv6-only with just a NAT64, DNS64. And it ran that way for quite some time. Next slide, please.

What that did, and I would argue that this was an advantage for us, is that when we removed IPv4, it revealed a lot of gaps in software, hardware, documentation, tool capabilities. All kinds of things started showing up that allowed us to say, okay, well, now we need to talk to this vendor. Now we need to update to this version of that firmware, whatever.

So not having the CLAT on the devices and being early in the process of removing IPv4, again, showed us all of the things that we needed to keep looking for and then socialize with the rest of the Department of Energy and the U.S. government and really anyone that wanted the information.

Next slide, please.

From there, we kicked it up, right? So we had the IPv6-only mandate from the US government. So we decided, well, we’re going to build a new data center. Let’s build it as IPv6-only. See how that goes. Overall, from the folks that run that data center, this is their slide. I talked to – one of them is actually here in the office, and we kind of went through, like, what were the advantages? And this was the result of that.

It’s operationally lower overhead because it’s one protocol. It’s perfect for containerization and AI workloads because it’s essentially all-you-can-eat addresses. It’s very easy to provision single-use addresses. So it lends itself really well to zero-trust architectures because there’s so many addresses in a single /64, you can provision a single address and never use it again.

And it frees the environment up from RFC 1918 space. So our data center is fairly – they’re not hyperscalers, right? However, you know, we don’t want to have to repurpose any address space.

And as soon as you start to scale up, RFC 1918 space doesn’t scale well to the hyperscale or even large scale unless you start stamping out repetitions of it. And then you have to do scoping and overlays and all of these things that you don’t really want to have to do if you don’t need to. So it frees us up from any of that.

Lower complexity, there’s no compromises for address space. I don’t have to go and say, oh, I need a /29; where can I grab that? And carve it out of a larger block that might have only that left. Or I need a /27 for over here. Or this new thing needs entire /24 and I don’t have one.

There’s no compromises there. You give everything a /64 or a /48, or whatever, and if you need more, you just give it more. Because it’s easy to get. It’s plentiful. It’s one set of policies. So you don’t need to have duplicate policies for more than one protocol, which significantly reduces the margin of error.

And there’s almost no translation overhead, especially when everything’s IPv6. You’ll have to have a NAT64 at your gateway, and probably a server load balancer for inbound IPv4 requests. But other than that, most of that data center that we’ve been running is IPv6-only, and it’s very little IPv4 traffic.

Next slide, please.

Okay. So this also uncovered some gaps in the standards. Remember back when I said that RFC 6724 is being updated? It’s a direct result of the work that we were doing. We found some inconsistencies with source address selection.

A handful of us got involved with the IETF and said, ‘You know, here’s the problems that we have. Let’s write a draft.’ It’s functionally done. It’s just waiting for publication right now. So this is driven not just vendor engagement and progress within software and hardware vendors, but also standards.

There was a need for things like operational guidelines for IPv6 mostly, which you’re probably starting to hear more about now.

Neighbor discovery security needed an operational guideline. SRv6 security needed some guidelines. Translation prefix discovery needed an updated definition of IPv6-only. That seems self-evident. Doesn’t exist. So we had to write one for ourselves, and that’s now working its way through the standards process as well.

So doing all this work really has shown that there’s a need for involvement in IPv6 and IPv6 work going forward. Next slide, please.

But we still have work to do, and this is where you come in. We need people to work with application developers. We need them to either defer to the system preferences or explicitly support IPv6 because the application developers, they don’t think about the network usually. Maybe they do. But most of them probably don’t.

So education is very key here. We need more vendor engagement all the time. Reiterate the importance of IPv6 as a preferential protocol. It’s a first-class protocol. It is the current Internet protocol.

We still need significant outreach and engagement with enterprises because enterprises are sort of the last bastion where we need deployment. There’s also, you know, users need education, service providers need more information. The small regional providers maybe don’t doIPv6 because they don’t know that they need it or they don’t have the resources.

And we need to research and publish advantages of IPv6 as that preferred protocol. So if you’re capable of doing those things, let’s do those things.

Next slide, Inder.

But we are doing good work. 50 percent of the global Internet traffic overall is IPv6 right now. So let’s pat ourselves on the back a little bit because that’s a big deal – half. And it will peak to 51 sometimes.

If you look at what is usually the referred-to statistics, which is Google’s page, it’s half of the Internet traffic. It is not a fringe protocol. It is 50 percent. It’s half now. U.S. is more than half. Canada is almost half. France is 80 percent.

There’s a lot of these. You can go look them up. There’s a lot of good data out there that shows that IPv6 is now undeniably a protocol that is more than half of the Internet traffic in many places.

Mobile traffic is 50 percent more likely to be IPv6. That’s what’s driving a lot of this. But, again, enterprises remain the last frontier of deployment. So that’s where we need to start focusing going forward, I think.

Next slide. I think you’re going to take this. Oh, nope, there’s one more.

Fifty percent of countries have a mandate and encouragement for IPv6 or IPv6-only. This is a big deal. And, again, remember what I said. “Oh, no one asked for IPv6” is still common. Show them this. Because it’s definitely being asked for, and we need it as a first-class protocol.

Now next slide, Inder.

Inder Monga: So I will take you to the end. My, I mean, I would say, cat landing on all fours is AI agents are coming. And rather than say, ‘Hey, application developers, come up with your own addressing scheme for them,’ I think we should give each agent an IPv6 address. The world needs borderless, end-to-end, physics-only architecture. And don’t suffocate them in the 1918 world.

The alternate is there – OTT, over the top. And they will do it, which will make the network more irrelevant or what I call dumb pipes.

As Nick said, dual stack is a Schrodinger trap, not a destination, not success. It doubles your complexity and hides broken connectivity, which you cannot figure out if you [don’t] go IPv6-only.

And the biggest bottleneck we have is complacency. You say, ‘Oh, we don’t need to do it so why should we.’ If you don’t do IPv6-only, you will not be able to push the software vendors that considerIPv6 as a nice-to-have.

So when you say we are depending onIPv6 on you, and if it doesn’t work, your software is going to be out of our enterprise because it doesn’t supportIPv6, that will force them to fix gaps in their software development.

So just don’t support IPv6 quietly. Prioritize it. Share the lessons. Talk about it. Plant the flag and lead your community.

So if you haven’t done it, start your first IPv6 pilot this year and stop herding those IPv4 cats and start turning it off.

Now, as Nick said, we need more evangelism, more communication, more education, more uncovering of these cracks so that they can be fixed, and then rinse and repeat.

So thank you very much for listening to us. Many of these slides are from ESnet contributors across decades and Michael Sinatra and Dale Carder, who helped us with the slides. All of them could not be here to represent themselves in this keynote.

Thank you for giving us an opportunity. Any questions? I know we have gone a little bit over time.

Hollis Kara: No worries. Thank you. That was a wonderful presentation.

Microphones are open, as is the online chat, if we have questions for Inder and Nick.

Ashley Perks: We have one question online, Hollis.

Hollis Kara: Okay, let’s go with that first.

Ashley Perks: All right. We have a question from Michael Ackermann, no affiliation. Really great presentation. A lot of really good info in a short amount of time. Well done.

ESnet has made amazing progress. My question is, how are other agencies doing with IPv6 with reference to OMB or otherwise? And I assume OMB is Office of Management and Budget for the U.S. government.

Inder Monga: Nick, can you take that?

Nicholas Buraglio: Yeah, I mean, the process is still ongoing. I know that the 80 percent mark was supposed to be reached by September, I think. I don’t know – I can’t say the statistics for any of the other agencies, but I know that the work is still ongoing.

And, again, it’s one of those – it’s one of those things that, I think, over time the amount of effort – as it gets deployed, you ramp up as you’re deploying your IPv6 and you’re turning off your IPv4, but it starts to ramp back down once you hit a certain threshold.

I don’t think we’re quite in the ramp-down phase yet. I think we’re still probably around the plateau. Still ongoing. It’s one of those things that’s just – it’s a long-term project.

Inder Monga: I’ll just say that many in the federal agency also look for financial assistance to do the transition because it’s not easy, they need more people, and that sometimes has gotten challenging.

By the way, Mike, if you’re the same Mike Ackerman I know, hi to you as well.

Hollis Kara: All right. Great. I know we have another follow-up from online. But let’s take one from the floor first.

Adair Thaxton: Adair Thaxton, Internet2. I was wondering, have you seen any issues with the classic, old, expensive, large science things being able to access the IPv6 network?

Inder Monga: So one of the challenges we have are science instruments that were built 20 years or 30 years ago with Windows 95 and have a hard time moving on to that.

We always know that there will be some cases which it will be too expensive to upgrade right away. But there is so much low-hanging fruit at the moment. Rather than focusing on that one lab, which was built a long time ago, a science instrument with Windows 95 still operating. We want to focus on so much low-hanging fruit out there.

I’m not sure if that addressed the question. Nick, if you have anything to add.

Nicholas Buraglio: Well, I mean, I can comment on the DOE’s policy, which I helped to write, which is those items were to be replaced at the end of their natural lifecycle. Like Inder said, you get the low-hanging fruit first, and then – because of the existence of things like DTNs, access to the data that those instruments generate can be pushed to a DTN, which can run IPv6.

And so basically you take the scope of whatever the IPv4 protocol is and you shrink it down to maybe just that one instrument, and then it speaks to whatever the data transfer node – which is what DTN stands for, for those that don’t know – and then it moves the data over IPv6.

But, yeah, I think what Inder said is you focus on the large-scale numbers of low-hanging fruit. And at the end of the natural lifecycle of these large expensive instruments, then they’re replaced with something that runs IPv6.

Hollis Kara: Great, thank you. One more from the floor.

Kevin Blumberg: Kevin Blumberg, The Wire. I don’t like the term “evangelism” anymore. I think evangelism was something we did 15 years ago, something we did 10 years ago, even five years ago. But the problem with evangelism is it’s saying that IPv6 is the ugly stepchild rather than the norm.

And we need to flip it. IPv6 becomes the norm and IPv4 becomes the ugly old legacy stepchild. And I think it’s really important that we get to that point now, because we need to stop being on the defensive about it, and let the people who are still running IPv4-only networks be on the defensive. And they can evangelize why running IPv4 is such a great thing for them.

Inder Monga: Well said. Point taken. We will change our slides.

Kevin Blumberg: Very important. And the second part is, everybody can come up with a reason, and I think you sort of talked about it, I’ve got a device stuck in three feet of concrete at a power plant, right? It’s going to run IPv4, it will never run IPv6. Great. The bigger problem is that device should not be on the Internet ever again.

There’s other reasons why. And I think we are well passed devices no longer supporting IPv6 that should be IPv6. Everything should have refreshed at this point. And if it hasn’t, it’s never going to be refreshed. And so you live with it. You work around it, as I think you said.

But the evangelism one is really important for me because I’m tired of having to sell something that doesn’t need to be sold. Thank you.

Nicholas Buraglio: If I could follow up on that, I think the one really important data point that is very recent is that we’ve now been peaking over 50 percent globally of IPv6 traffic. And I think that that is, in my opinion, the watershed moment of: Now it’s more than half.

So it’s not a – because people could look at it and say, oh, it’s not even half, right, even if it’s 49 percent. But once it peaks over 50, it’s very hard to deny that.

And the other argument that one could make is, oh, well, it isn’t backwards compatible with IPv4. But with the advent of the client address translator on every platform at this point – Apple, Linux, Microsoft has one in public beta, which I’ve tested and it does work very well – you know, every platform has this backwards compatibility now. So it’s very hard to make the argument that it is not the first-class protocol now.

Hollis Kara: Thank you. Okay. We’re going to go back online for one last question there. I’m going to close the queue in the room. So if anybody else has a question, please go ahead and get in line. Okay. Great.

Ashley Perks: Michael Ackermann has a follow-up. Michael Ackermann is from Blue Cross. Two questions here. Nick mentioned using NAT64, DNS64 for a while and then replacing it. What was it replaced with? And the second part is, I am trying to sell IPv6 to management, as are most enterprises. What seems to be lacking is compelling business cases. What would you say the top ones are? I think I heard AI and microservices.

Nicholas Buraglio: I’ll answer the first one, which is, I didn’t say I replaced it. It’s been augmented by CLAT, the Client Address Translator. So everything that we run still has a PLAT or a NAT64 and a DNS64. But for the most part, the translation is done locally on the systems now with the PLAT handling the outbound pieces.

Inder, did you want to take the other one?

Inder Monga: I think AI is coming, and that is one of the reasons for the management to think forward. But I think the things that I would say is simplicity, lack of middleboxes that makes it – and the ability to connect across multiple locations and with cloud, which is essentially running inIPv6. So I think there are other business cases to make.

Now, I think I didn’t construct a business case myself to share, but I’m happy to talk offline if you need any help there.

Hollis Kara: Thank you. All right. Back to the floor. Next question.

Henrik Van Tassell: Hello. My name is Henrik Van Tassell. I am one of the ARIN Fellows and also a big fan of IPv6.

First of all, I just wanted to say thank you for putting this presentation together because I think it’s a really great – the presentation itself is very interesting, but also just having this as a resource to show people, like, hey, this stuff really gets used in a lot of different environments like across both you guys as a service provider and the fact that you use it in your offices.

But I’m curious, what you would say to people who are like, ‘Oh, we’re not going to put in the effort to set up IPv6 because we think that by the time mass adoption is really reached that some other thing might come along to help with IPv4 exhaustion and other things’? Or people are just like, ‘Everything works fine for me now; why would I do something versus doing nothing, which costs me nothing?’

Nicholas Buraglio: I think that comes back to the business case question. Now, there is anecdotal evidence that is as yet unpublished that I have that there are some performance advantages and latency and things like that. And, obviously, it works for high-volume traffic based on the graphs that I’ve shown you. But one thing that I’ve learned is that if someone really doesn’t want to believe something, you’re probably not going to convince them.

You can just show them that it gets used, show them what the advantages of it are, and then they’ll eventually come around. People have to want to do it. Like, if you try to force them to do it, they’re going to recoil because no one wants to be forced to do anything.

But once they see, ‘Oh, hey, it’s 51 percent of the global traffic now. I’ve been carrying an IPv6 device and in some cases an IPv6-only device in my pocket for 10 years and didn’t even know it.’

So that’s a compelling argument, to me, right? The mobile device that you rely on to do your daily life, depending on what provider you have, maybe doesn’t have IPv4 and hasn’t for a decade, more than a decade at this point.

I think that’s compelling evidence, right? Because what happens when somebody leaves their phone at home? There’s a little bit of freak-out. And something that critical that doesn’t even run IPv4 that you use to connect to the rest of the world all day every day, I think that that proves in and of itself that this is an extremely well-traveled, very reliable, obviously usable, protocol.

If the argument is, if I do nothing, it costs me nothing, that’s not an argument, right? That’s true. Like, you can’t argue against that. So personally, I think it’s easier to convince them that they want to do it rather than slowly over time by just showing them advantages because, like I said, if someone doesn’t want to be convinced of something, you’re probably not going to make them – they need to want to want it.

Inder Monga: I will just say, at some point in time, this becomes human psychology on change management. And I’m speaking with my management hat on. People are afraid of change. That’s the bottom line.

So you have to not only think of it as a technical argument or a technical rationale but deal with the change management, deal with what risks they see and try to convince them that the risk of shifting long term on their enterprise is lower, and the risk of not moving – the cost may seem high now, but the risk and the cost they incur longer term is higher on their enterprise.

That is one of the languages that business people do understand, is change management and risk management. And that is how we need to do it rather than just say this has got .5 millisecond of better latency or 2 megabits of better performance.

I think we need to get into those business languages and speak that business-speak in order to get the enterprises to convert.

Nicholas Buraglio: Inder’s answer is much better than mine.

Inder Monga: We just wear different hats.

Hollis Kara: Go ahead, Nancy.

Nancy Carter: Nancy Carter, ARIN Board of Trustees. I wanted to say thank you so much for your presentation. Clearly, IPv6 adoption is something that consumes ARIN, and as a result, the Board of Trustees.

And I encourage you – I was going to say to continue to evangelize; I won’t do that anymore, Kevin – but I encourage you and implore you to continue to, I don’t know, lead the charge and show what can be done and that it can be done. Thank you.

Inder Monga: Thank you, Nancy, for also inviting us to give the keynote, and looking forward to engaging more with the ARIN community.

Hollis Kara: Wonderful. Thank you. See we have two more questions.

E. Marie Brierley: Thank you, Hollis. I’m E. Marie Brierley, ARIN AC. Hi, Mike, glad you joined, and I’m so sorry to hear that you’re still struggling with your management for this long.

I would like to have a voice for business value. I think, you know, one of your end – your last slides was about what we need to do next, and I think what’s missing there is having explicit business value that resonates with nontechnical decision-makers. Those are the people that may partner with you for sponsorship and prioritization.

One of the things that we find is that IPv6 is now being required for some government contracts. So if your gear or your IP is transiting the Internet, it’s a hard requirement that it be IPv6-capable.

If it’s not, they’re actually rejecting them out of hand. It’s a hard rejection. And I don’t have to tell any of you how expensive that is. So if you’re submitting, you or your customers, are submitting through SAM.gov and it requiresIPv6, don’t take it lightly, because it will be rejected.

Inder Monga: Thank you.

Hollis Kara: Thanks, E. Marie. Okay, close us out, Chris.

Christopher Quesada: Chris Quesada, Verisign. Gentlemen, thank you very much for this presentation. It is absolutely wonderful.

I would hope that you submit the same presentation with some variations at each of the RIR meetings and possibly an ICANN meeting as well and the NANOGs.

It’s a message that needs to get out. Also, perhaps maybe add some data that shows your peering and interaction on theIPv6 side versus your IPv4 to basically also help hammer home that message. Thank you.

Inder Monga: Thank you. Your comments are very valid. And we will consider submitting it at NANOG, for sure.

Hollis Kara: Wonderful, okay. Thank you, Nick and Inder. It’s been a pleasure having you. If I can have a big round of applause. (Applause.)

Inder Monga: Thank you all.

Nicholas Buraglio: Thank you.

Hollis Kara: Next up, I’ve got John Curran coming up to give the Number Resource Organization Report.

Number Resource Organization Report

John Curran: Hello, everyone. I’d like to give this presentation. I’m going to be very quick because we’re going to get back on schedule.

I’m also followed by the more interesting part of this is the RIR governance document, and Amy is going to follow me anyway, so I might as well get up, get out of the way so she can get up here.

So Number Resource Organization Report. What is the NRO, the Number Resource Organization? We’ve been around since 2003. We signed an addendum for a joint Internet Number Registry System, uniqueness. So saying we have some principles we try to hold up for the registry system to keep it running and promote it and make sure their entries are timely and accurate.

We have a mission to coordinate and support the joint activities of the RIRs. Our vision is to be the global leader for Internet number resource management, sort of act as a point of contact for that.

We have an Executive Council, and Jia Rong Low from APNIC is the Chair. Hans Petter Holen from RIPE NCC, Vice Chair and Secretary. I’m the Treasurer. Ernesto Majo is from LACNIC. And we have Mukom Tamon, who’s been just appointed from AFRINIC to the Executive Council. So we’re now back with all five seats, which is very nice.

We have a permanent Secretariat hosted by APNIC. We should give a little round of applause. (Applause.)

Thank you. Based in APNIC with German and Laureana.

So we have Coordination Groups. Each RIR coordinates with the others. We try to do that in certain functional areas. So there’s calls between the various registration services teams and engineering teams because, while we have this as five different pieces, it has to act as one joint registry.

We have a budget for joint activities, which includes things like the NRO and Review Committee, the RPKI Program, the ASO Chair travel, Internet governance support.

It includes a charge, an amount that we give to ICANN every year. The majority of that ICANN charge is for the IANA Services Contract, but we also provide a voluntary contribution. The total is about $823,000 to ICANN every year, which seems like a lot, but compared to how much ICANN does, it’s a very, very small piece of ICANN’s budget.

We also all pledge money to a Stability Fund. If an RIR were to suffer an adverse effect and needed to draw on these reserves, we thought it was a good thing to have pledged.

The expenses that we incur, which is the amount on the prior page, plus the ICANN contribution, get divided among a division formula based on the registration services size of each of the various RIRs.

And so for 2026, you’ll see the cost distribution. ARIN has 30 percent of the cost; RIPE, 33; APNIC, 18, 18.98, which is 19; LACNIC at 11; and AFRINIC. And we divide those costs up. That way, when we’re incurring something jointly for the whole system, it gets divided among the size of the whole system.

Publications. One of the significant things the NRO does is do joint publications. So we have some things we update, some daily, some quarterly.

The global stats on IPv4, IPv6, and ASNs and the RPKI adoption reports on the NRO website are updated daily, so you can get the most current stats on the system.

We do a quarterly update of the Internet number status reports, which we often present here, giving the overall picture of distribution of number resources in the globe.

And then we have a Comparative Policy Overview that sometimes is presented, and it talks about the differences between the various RIR policies.

The AFRINIC situation, we, of course, have been paying a lot of attention to. We’ve been in tight coordination with their leadership to the extent that they need support. Same with the private receiver, who’s actually, who’s here, and we’re happy to say AFRINIC was able to get its Board seated and was able to, as I said, appoint someone to the NRO EC, which is very good.

So we seem to be moving slowly back into normal operations and looking forward to getting back to continuity and eventually not having a slide here at all.

NRO RPKI Program. We did have a program manager that did joint coordination among the RIRs for RPKI, and that was useful. It let us get a really deep dive and compare our services and set up, let us figure out some things like how we organize trust anchors and timers and the services to try to make sure it’s a little more consistent.

So if someone’s using RPKI, they have to pay attention to RPKI in all the regions a lot of times, if you’re a large organization. Try to get that a little more consistent. We no longer have a joint program, but we still have activities to keep RPKI aligned.

So we did that for a few years, and it was helpful. But now we are able to have the engineering team handle it within the Engineering Coordination Group.

I want to talk about ICP-2. Amy’s coming up after me. Okay. I’m done. That’s it. No. We have an ICP-2, which is the document which is the recognition of RIRs. It was signed many years ago. We decided it needed to be updated to have a more consistent set of requirements on RIRs for governance.

We launched a community process for that, which the NRO Number Council, AKA the ASO AC, has been actually handling. It’s a multiyear process. We now have a very good draft, next-to-final draft, and that draft has actually been released. It’s now been presented at all of the RIRs.

We’ve had substantial issues in the second consultation. They’re now — we’re in the final stage of finalization. We hope to have that document completed by the end of the year. And Amy will talk about it in much more detail, so I don’t need to cover that.

IANA Review Committee. We all draw down number resources from the IANA, and the IANA gives a quarterly report on their performance. We have a community-elected team, community-appointed team that reviews that report to make sure that the IANA is doing a good job.

The IANA services is something done by PTI, Public Technical Identifiers, a little affiliate of ICANN that handles the IANA function. And we’re happy to say it’s been doing an exceptional job. Never had any issues with it. But there is a Public Review Committee that handles that and confirms that that performance is adequate. The Review Committee members are there. From this region, Amy, Alyssa, and John Sweeting.

The IANA SLA Amendment. We have a Service Level Agreement, an SLA, with ICANN for the services we get, and it was recently amended to include the IANA team doing the reverse DNS for those zones, in-addr.arpa, just some little miscellaneous things. It’s not something new.

They’ve been doing it since actually ARIN handed it to them because we were doing it after our formation because we took that over from InterNIC. It was handed over to the team, but when we did the SLA for IANA services, this wasn’t in the SLA even though IANA had been doing it on behalf of the numbers community.

So we realized that, and we just updated the SLA to incorporate something already that they’re doing, and that actually got signed and done in November of 2024.

The ICANN Empowered Community. The RIR system participates in the ICANN Empowered Community function. The Empowered Community is a very small function that sits over the ICANN Board and provides a backstop of accountability. It is the one that ratifies the appointments of directors, changes to bylaws and other things.

There’s a set of enumerated powers. So every time an ICANN director is elected, we have to ratify that particular choice, and there’s a set of actions we have to approve, and there’s a set of actions that we have the option to reject.

The ASO has procedures for how we handle each of the Empowered Community powers. And when we get a request, mostly it involves sending it to the community and saying, should we do anything with this or should we just ratify it?

We realize that we’re missing a couple of procedures. So they’re being updated. There’s one for community review and there’s one for community independent review process. Both of those are being developed, and there will be updated procedures for those out very shortly. They’re in consideration now.

Just to make sure that if we are asked to review some ICANN use power, we have a corresponding procedure that’s documented that you folks know we’re following.

That’s it. I tried to be very quick because I want to get us back on schedule. I’ll take questions. If it’s on the governance document or ICP-2 document, I’d ask you to hold them since that’s the next presentation.

Hollis Kara: Whew, you flew.

John Curran: Boston, quick.

Hollis Kara: Yeah, I hear ya. Anything for John before we move over to Amy? Nope, looks like we’re good.

John Curran: Thank you very much. (Applause.)

Hollis Kara: Next up, as John mentioned, Amy Potter. Come on up. Come on, Amy. Don’t be shy.

Amy’s going to give us an update on the work of the NRO NC and the status of the RIR governance document.

Number Resource Organization Number Council and RIR Governance Document Status Update

Amy Potter: All right. Great. Thank you. All right. So thank you for the introduction to what we’re going to be getting into here, John.

So I’m here with the ASO AC/NRO NC. There’s always a lot of confusion about this. But really all you need to know is that the NRO NC, which y’all elect two of our three members of, all three of the NRO NC members serve the role of the ASO AC.

All right. So each RIR is supposed to have three members that are on the ASO AC; two of them elected, one of them appointed. We’re very excited because we now have one AFRINIC member back to participate with us, which is so important given all of the work that we’re doing right now on ICP-2.

We do a number of other things besides ICP-2, but ICP-2 is really going to be the focus of this presentation here today.

Here are all of our lovely faces. All right. So why are we revisiting ICP-2? ICP-2 was first established, gosh, 25-ish years ago. At that point, there were three RIRs in existence, but we wanted some clear criteria and structure for bringing on new RIRs because at that time they were contemplating bringing on both AFRINIC and LACNIC.

So at that point in time, ICP-2 was created to set forth that sort of structure and criteria. Since then, quite a bit of time has passed, and we’re coming back now to revisit it.

John spoke briefly about some of the AFRINIC things going on there that help to sort of drive us to this place here, but ultimately it’s about wanting to create a more sort of stable structure for the RIR system.

And, yes, so back in, gosh, 2023 now, the NRO EC, so the heads of each of the RIRs, asked the ASO AC to do a couple of things. First, they wanted us to review and advise on a set of implementation procedures. Those implementation procedures apply to the existing ICP-2 document from 25 years ago, just making it a little bit more explicit, some things that we always believed were implicit within the document. For example, the criteria for becoming an RIR. You do continue to have to meet that over time.

So the implementation procedures get a little bit more specific about those procedures there. They also asked us to work on strengthening ICP-2 itself, which has been the focus of our work for the past couple of years now.

All right. So where are we in this process? When we started this process out, we wanted to get some feedback from the community about what are the real core principles that we want to be thinking about and focusing on in a new draft here.

So we started out with a consultation with the RIR communities and the ICANN communities just to make sure we’re all sort of on the same page about what it is exactly we’re trying to do here. Thank you very much to everyone that participated in that. We got quite a lot of feedback from there, and we’re able to take that feedback and start working on our first draft.

We then put together the first draft, published it, went through another set of consultations on that. Got that feedback. Put together a second draft, which also went out for a consultation to the RIRs and ICANN, and we received so much very, very helpful feedback from all of y’all on that. So thank you very much for that.

We’ve been reviewing that feedback since then. Sort of categorizing it, thinking through the implications within the document, and now we’re at the stage where we’re working on putting together a final version of that document, which we’ll then deliver to the EC, because remember the EC was originally who asked us to work on this, and from there the EC and ICANN will go through their own process for finalizing the document.

Here’s a more detailed breakdown of the dates of each of the things that we just spoke about. All right. So as I mentioned, we went through the core principles consultation. We put together a report following that consultation about all of the feedback that we received. You can check that out with the QR code there.

You can check out the first version of the document, which incorporated so much of the feedback that we had received from the previous consultation. And then we took that feedback that we had received from that consultation to incorporate into the current version that has been published and gone through the previous consultation here.

We made a lot of changes in response to the feedback. Some of it included minor changes to the name of the document and expanded the preamble in response to some feedback that people really wanted to see some more going on there. And you can check out all the sort of changes that we made in there.

And you can see the summary reports of the consultations that occurred throughout both the RIR processes for the consultations and ICANN here. And all of this is on the website as well.

All right. So where are we now? Following the consultation period that we had on the second draft of the document, the ASO AC met in Montevideo to go through all of that feedback in detail.

We came to a number of agreements on directions that we wanted to take, and we also had a number of open issues left that we still needed to sort of think about and talk through.

We put together a status report in Q1 of this year, which you can get through the QR code there, and then when we met just last month in Mumbai, we went over all the open issues that we still had after Montevideo to get some direction there.

We are in the process of finalizing a Q2 status report that will give you the same sort of update on where we are now with that. That should be out in the next, I don’t know, week or two there.

But I will be going into, from here on out, what you’ll be seeing in that status report and how we’ve dealt with some of the issues that we’re currently working through.

We now have some direction that we’re taking and are in the process of putting together a third final draft now. So I’ll walk you through some of those.

All right, so one of the major issues that we talked about quite a lot in Mumbai has to do with the recognition process.In version 2 of the document, there’s a mechanism that allows for the recognition of a new RIR without — with unanimity minus one from the existing RIRs.

So the first sort of — one of the first steps in the recognition process is that each of the RIRs independently consider the proposal for recognition, and in version 2, there’s a mechanism that allows for that to move forward with all of the other RIRs except for one.

We received some really interesting feedback about the conflict of interest issues that pop up there. So because the five RIRs currently cover the entire globe, any new RIR is necessarily going to take some portion of a currently existing RIR, sort of, I’ll call it, territory, for lack of a better word here.

And we had a lot of conversations about how does conflict of interest play into that, and also understanding the fact that even if there’s a potential conflict for an RIR that’s giving an opinion there, all the RIRs have to work with and cooperate with any new existing RIR.

So we spent a lot of time talking through that, and we came to an agreement that the unanimity minus one threshold was a bit too high and that we needed to sort of rework the recognition process in light of consideration of conflict issues.

So we’re still working through the precise details of that, going back and forth with Legal to make sure everyone’s good with it. But it looks like we’re going to be incorporating some disclosure statements within the recognition process from the other existing RIRs so that we have a mechanism to deal with conflicts.

Version 2 of the document also has what is essentially an appeals mechanism for the candidate RIR if the other RIRs do not recommend moving forward with their proposal for recognition.

One sort of open issue that we had had was, in version 2, it allows for the candidate RIR to submit a recognition review to ICANN, and there’s an open issue of whether during any sort of appeals mechanism that we have in here that’s being submitted to ICANN, does ICANN want to do that themselves or should there be an independent third party?

We are currently still communicating with ICANN about whether or not using an independent third party will still be necessary. It looks like it might not be, but we’ll see where that comes out.

Another issue that we talked about quite a bit was the audit process. So in version 2 of the document, there are sort of two types of audits. There’s a regular audit that in version 2 was occurring every three years, and then we also had added in a concept of an ad hoc audit to allow either ICANN, the other RIRs, or community members within that RIR to have a mechanism to get review of specific issues that they think might exist outside of the regular audit period.

Now, something that we talked about quite a bit was we don’t want to create a system that could be weaponized where an RIR is going to be constantly going through this sort of audit process. And so we talked about quite a bit how do we deal with this, right?

So on the one hand, we decided that we want to move the regular audit period from three years to five years. And then when it comes to the ad hoc audit process, we wanted that to be much more targeted. So when we decided — the term “audit” has different meanings in different places and different connotations to it — so we decided to change the name from ad hoc audit to compliance review.

And then we decided to put together a more targeted process for initiation and review of the sort of compliance review where whichever party is requesting their review is going to have to state specifically, hey, here’s the provision of this document that we think this RIR might not be in compliance with, and they’ll just be reviewed in a much more targeted way so that we don’t end up in a situation where an RIR is just constantly going through audit all the time.

We also have spent a lot of time talking about emergency continuity. So in version 2, emergency continuity requires unanimous agreement of the other RIRs in ICANN.

We view emergency continuity — it’s a process that we added in a previous version of the document based on feedback that we received from the community that, hey, derecognition is a really extreme step, and what if something happens that requires really urgent actions? Like, we want something sort of in between derecognition and just sort of letting the issue continue.

So we came up with this concept emergency continuity where an emergency continuity operator could step in and take over services for a limited period of time for an RIR that is unable to provide RIR services to their region.

Now, because this is a little less extreme step than derecognition, we’ve sort of gone back and forth about what the sort of threshold should be for initiating that and what those procedures should look like.

Following Mumbai, we decided that, one, we should allow the affected RIR to initiate emergency continuity because they’re going to know first. There might be a situation where something is going on internally there. They know what’s happening. They know that somebody needs to come in and help out, and they should have sort of standing to initiate that process themselves if they want to. So we allowed them to do that.

We also lowered the threshold for initiation by ICANN and the other RIRs so that it no longer requires unanimous agreement by all of the other RIRs so that the process can move quickly. We also decided that we wouldn’t limit the number of times that the emergency continuity process could be renewed.

Sorry, I’ll take a step back. Each emergency continuity period lasts for 90 days. They can be renewed by going through the same process that was followed for starting it. So it has to have the approval of ICANN and the other RIRs.

We talked about whether or not we should cap the number of times that 90-day period could be renewed and ultimately decided against it since we don’t really know what the issue is going to be that gives rise to the problem there. And so we wanted to allow for flexibility to deal with a variety of different types of scenarios that might pop up.

We also decided to add some text to allow the emergency operator that takes over. They’re initially taking over what were a defined term in the document called RIR Services, which is really just the core Whois services.

However, if the emergency goes on for a really long period of time, say, and there are multiple renewals, it’s possible that the emergency operator might be in a position to be able to take on additional services for the impacted community beyond just the sort of core Whois services.

So we’re adding some language that would allow the emergency operator to sort of take on additional services in a more staggered manner as it becomes apparent that that’s needed within a community.

We have a number of other additional items that we’re working on in drafting that you’ll see. One thing that I really want to point out, when you see the next version of the document, when we put out the redlines, the redlines will look significant.

The overwhelming majority of the redlines that are in there that you’re going to see have to do with restructuring the document. We received a lot of feedback that because the derecognition and the recognition sections of the document also had some ongoing responsibilities and some other criteria that were set out in different sections of the document made it difficult to read.

So we restructured it so that the criteria and the process for both recognition and derecognition were dealt with within their own sections. But it’s going to look like a lot of redlines. It’s not substantive. It’s really just moving that stuff around.

As I mentioned, we also added — we moved the regular audits from three years to five years, and we are also adding some language to include the rehabilitation process as a part of the derecognition process.

So when the process is initiated for derecognizing an RIR, there’s a presumption in favor of rehabilitation. But there’s also a cure period that’s being added in to make sure that the impacted RIR has a reasonable opportunity to try and cure whatever harms are occurring there before moving forward with derecognition.

All right. So looking ahead. As I mentioned, we should very shortly have out a second status report that will go into more detail about the issues that I just spoke about.

We’re also in the process of sort of coordinating with RIR legals on a third draft, which we’ll be continuing to work with them and with ICANN, trying to get a good final version for us ready that we will be sending to the EC, likely sometime in June-ish, is where we’re looking at making that handoff. And then the NRO EC and ICANN will then be running their own processes for finalizing the document and moving forward there.

All right. Any questions?

Hollis Kara: That was a lot of ground to cover. Thank you, Amy. We have some time left in this presentation. We were anticipating that this would be a topic that folks might be interested in talking about. So we gave it a nice big chunk of time on the block on the agenda. So microphones are open. We’d really love to get feedback at this stage.

Go for it, Kevin.

Kevin Blumberg: Kevin Blumberg, NRO NC member. Gotta keep things different. I wanted to thank Amy and Alyssa specifically on this because I’ve been around a long time. I speak a lot, but really I’m just one voice, and they have really stepped up over the years and brought a much stronger voice, which is important to this process. So thank you.

The second thing is — and this is very difficult for everybody in the room, it’s the hardest part of this work that we’ve done — is de-techifying it. And that’s one of the strengths that they bring that I unfortunately have a hard time with. I always think that there’s a technical solution to a problem, and the reality is this document is not a technical document.

This document is meant to be an easy read that can be followed, and the more complexity we build into the document, the harder it is to actually do that.

So if there are questions, and I think we all would love to have some questions, just keep that in mind that we can solve things technically. That’s what operations are for. And the hardest part about the work that we’ve done is getting five regions’ worth of the community to agree to nontechnical solutions.

So just one point there. Thank you.

Hollis Kara: Great. OK we’ll take one more from the floor, and then we’ll go to online.

Adair Thaxton: Adair Thaxton, Internet2. You mentioned in the possibility of bringing up a sixth RIR that there would be a conflict, because currently everywhere on Earth is covered by an RIR, and that you would have to appoint like an independent person, an independent arbiter-type person.

How would you find an independent arbiter person if everywhere on Earth and everyone on Earth is already covered by an RIR?

Amy Potter: Let me sort of disentangle two concepts here. So the independent third party had to do with the appeals mechanism within the recognition process, and that was just based on being unsure about whether or not ICANN was willing to do that themselves.

That’s a separate matter from the RIRs deciding themselves what their opinion is on the proposal and what they want to move forward there. So there’s not a third party involved with the RIR sort of step there.

The way we’re talking about dealing with the conflict issue in general is, okay, so the recognition process starts with you want to become an RIR. You have to put forth a proposal showing that you meet all of the criteria for becoming an RIR.

It goes to the other RIRs and ICANN. The other RIRs are going to be the first ones to consider the matter.

As they consider it and start putting forth their own statements, they’re going to have to make disclosures of interests. And we’re playing around with the concept of, because each RIR is ultimately going to have to work with whoever joins the system, we don’t want to prevent any RIR from at least, like, hey, let me look at this proposal and give an evaluation on it.

Everyone gets a stab at giving an evaluation. However, we’re looking at only having the nonconflicted RIRs able to give a recommendation on that.

And then at the ICANN stage, ICANN’s looking at all of those things. They’re looking at the disclosure statements. They’re looking at the assessments. They’re looking at the recommendations there.

And they can then take into account, yes, this RIR wasn’t able to provide a recommendation, but here’s their sort of assessment of what’s going on here and here’s what’s going on with the disclosures.

We’re still working through the fine details of exactly what that process is going to be like and how it’s going to work with — the legals from each side have to get on Board with it. So we’re still fine tuning that. But it’s something roughly like that.

Adair Thaxton: Thank you.

Hollis Kara: Wonderful. I do have a question online. I’m going to take that first.

Ashley Perks: We have one from Andrew Gallo from George Washington University. With emergency continuity being more formally defined in ICP-2, should we expect that the stability funds of each RIR would be restricted only to when emergency continuity is declared?

Amy Potter: So that is not an Amy question. I’ll let John speak to that. Sadly, they don’t give me control of the finances.

(Laughter.)

John Curran: So, yeah, it’s not an Amy question. The Stability Fund is an activity that we all — the RIRs all jointly agree to, and it hasn’t been used. It was put in place long ago when we thought potentially — sorry — when we thought potentially that we had — each of the RIRs had very limited resources, and we thought having a pledge would solve the problem.

Most of the RIRs now have very ample reserves that exceed the actual Stability Fund. So I’m not sure whether or not if we revisit the Stability Fund whether we’d restrict it or whether we’d actually phase it out at this point given that all the RIRs have financial stability already.

It’s a great question. It would ultimately be up to the governing boards of each of the five RIRs to come to a consensus view on, and I can’t predict that any more than I can predict next week’s weather.

Hollis Kara: Thank you. Okay, back to the floor.

Lee Howard: Lee Howard, a member of the ARIN Board, although I haven’t discussed this with him. Again, thank you very much. I do appreciate the work the NRO NC has done on this, and it’s been — I realize how much work it’s been.

I did send some comments to the NRO NC last year before I was a Board member, before I was in any way affiliated. And I just want to say that this — I think this process has worked extremely well, and I feel extremely heard.

I’ve seen some of my comments reflected in the ongoing discussion there and some of the reflection, and I think that’s an excellent example of how this global multistakeholder process is supposed to work, that I’m just one guy on a bus, and I said, Hey, it looks to me like maybe there’s some concerns here. And the NRO NC said, Oh, you know what? In at least some of these cases, you’ve got a point.

And I really appreciate that. I think it’s working great. To clarify, I feel heard, not hurt.

Hollis Kara: Thank you, Lee. Appreciate the clarification.

Go right ahead, John.

John Stitt: John Stitt, Hopkinsville Electric System EnergyNet. On the emergency continuity slide, you listed that they — you were lowering the threshold for initiation to less than unanimity. Is that — do you have a specific how much less, or is that still being worked on?

Amy Potter: Still being worked on. We’re talking about perhaps ICANN and two-thirds. We just want it to be a more nimble process to get into because emergencies could require really quick action as opposed to derecognition, which has a higher threshold.

John Stitt: Perfect. Thank you for all the work you’ve put into this.

Hollis Kara: Thank you. Please go right ahead.

Fiona Asonga: I’m Fiona Asonga, director of AFRINIC. Thank you so much, NRO NC, for putting this document together. It comes right in the nick of time for us and AFRINIC.

I have a question. When you say that —when you’re talking about the setting up of a new RIR and you say that the unconflicted RIRs would participate, what happens in a situation where all the RIRs find that they’re conflicted? Have we looked at that?

And can we consider that? Because in my mind, looking at what we’ve gone through in our region, there could actually be a situation where all the RIRs are conflicted. So what happens? Do we leave it to ICANN to make a decision?

Amy Potter: Sure. So very interesting question. We’ve played through a lot of different scenarios. I don’t know that we thought about specifically when all of the RIRs. So I’m sort of shooting off the hip here. We’ll still need to discuss it with everyone else.

So for the purpose of answering your question, I’ll talk about the sort of draft that’s currently in process, not what is in version 2. The draft currently in process has not been approved by anyone. We’re just trying to work through issues, just as a sort of preface of answering that.

So the process we’re currently talking about sort of has a twofold options for the RIRs providing feedback to a proposal. Everyone gets to make an assessment currently of what we’re discussing.

Everyone should assess the proposal, provide their disclosures, and recommendations would be limited to only those RIRs that are nonconflicted.

We have talked about having a certain threshold that must be met for nonconflicted RIRs before ICANN can approve because ICANN — we don’t want ICANN — sorry, ICANN — to unilaterally be able to recognize a new RIR if all of the other RIRs are opposed, right? We need a certain threshold of support and agreement from the other RIRs.

It’s something I’ll have to take back to the group: What does it look like if all the other RIRs are conflicted?

It’s possible that — so one of the criteria for even becoming a new RIR is that you need to be improving the overall system and not putting another RIR out of compliance. It’s possible that they might not meet those criteria if every other RIR would be conflicted.

But we will have to sort of think that one through more thoroughly, but thank you for bringing up that possibility. We hadn’t really talked about every RIR. We talked about two or three. But that’s certainly an interesting —

Fiona Asonga: Can I just speak to you after this follow up to just throw in there I have, because I’m a bit scared of throwing it out to the open floor because it’s really wild, but it’s a possibility.

Amy Potter: Yeah, absolutely. We’ll have to take that under consideration. But thank you for pointing that out.

Chris Tacit: Hi. Chris Tacit, ARIN Board of Trustees. I had the privilege to attend ICANN 85 where the ASO AC was doing its thing on ICP-2. And I just want this community to know how hard that work really is and how much of a contribution our folks make to it because I sat in on eight sessions where all of these issues were discussed.

And trying to reconcile the views of all of the five RIRs, ICANN, ensure that no legal difficulties are created for any entity or country is not a small thing.

So thank you very much for that, for your contributions, and to our folks who represent our region very, very well.

Hollis Kara: Thank you, Chris. Well said. Go ahead.

E. Marie Brierley: E. Marie Brierley, ARIN AC. I echo Chris’s comments, but in terms of emergency recognition and derecognition criteria, have intentional shutdowns been discussed?

Amy Potter: Can you elaborate on what you mean by intentional shutdowns?

E. Marie Brierley: Well, if a country has a history of intentional shutdowns, not a technical failure, but an intentional shutdown, does that impact their ability to be recognized? Or would that play a role in their derecognition, or would that constitute an emergency situation?

Amy Potter: Well, so every RIR has —there’s a requirement that it covers a large multinational sort of geography there. So we’re not dealing with sort of NIRs or the possibility that there’s going to be an RIR that is just one specific country. I suppose in theory one specific country could create a lot of issues for a multinational RIR, but we’ll have to sort of think through that possibility.

E. Marie Brierley: Right. But those geographic boundaries may change once the recognition policies change. So it could be one country.

Amy Potter: So there’s still a criteria within it for becoming a new RIR that the RIR has to cover a multinational boundary, and the existing RIRs have to continue to meet that requirement.

So we couldn’t — I’ll have to reread through with a fine-tooth comb, but my initial reaction is that the current draft would not allow for the recognition of a new RIR that left the other RIR that it was sort of taking geography from with only one country.

E. Marie Brierley: Okay. Thank you.

Hollis Kara: Thank you. One last question to close us out.

Kevin Blumberg: I just want to speak to that, actually.

Hollis Kara: Okay.

Kevin Blumberg: So one of the things was a lot of this work that was done originally was done because these were implicit in the document but weren’t written in the document.

So we’re now explicitly calling them out. None of the criteria has been removed out in relation to that. It’s just been implicitly — it was implicitly there. It’s now explicitly.

And, again, this is where we’re not putting in such specificity that everything is complicated. There has to be support from the community. There has to be a not-for-profit type of organization that can be stood up. It has to be financially supported. All of those things have to come there.

But a lot of this very specific individual things get handled as part of a “does this make sense at the time of” scenario, let’s go through everything and make sure we have the support of it.

So nothing was removed. And it’s not that new stuff necessarily was invented. A lot of this was implicit, but we’ve now explicitly called out those things.

The new things were more about lifecycle. And I think you’ve done a great job of explaining that. But it is really about the lifecycle and making sure that it’s explicitly there.

Hollis Kara: Thank you, Kevin. All right, it looks like we have one more question.

Altie Jackson: Altie Jackson, ARIN Fellow. Why is — if every region is covered by different RIR, why is there talk for a sixth one? And if there’s a talk for a sixth one, where would they cover, where would they serve? And even if they’re taken from a different region, which one of the RIR would release that region to them?

Amy Potter: So a new RIR could pop up for a variety of reasons. While the ARIN region is a bit smaller than some of the others, there are other regions that are much, much larger in their geography, have a lot of different economies, a lot of different languages, and a lot of different cultures and things like that.

It’s conceivable that there might be some group that exists within an existing RIR that feels like, hey, it might be better to break this in two because time zones fit better and language would fit better, or for whatever reasons they might believe that that might improve the overall RIR system.

I think it can be easy for us on the ARIN side because we’re a bit more of a homogenous group than some of the other regions, but — RIPE, for example, and APNIC are both really massive, have a lot of different economies going on there, and I could conceive of —

Altie Jackson: So given that, and there’s an issue there, is something in place for, for example, let’s say, ARIN — somebody in the Caribbean wants to start an RIR. Is ARIN willing or is there some policy in place wherein that company can take it from them without any legal issue onany big uproar? —

Amy Potter: So this entire document is putting forth a structure of a lifecycle of that process. It does allow the RIRs to participate within the review of any proposal for recognition of a new RIR. I will not speak for ARIN as to how they would feel about it.

John Curran: John Curran, CEO, ARIN. So, we all agreed to be part of a system. And the system has a principle that says we recognize that communities that organize and can sustain their own RIR operations should be able to do that if they can be financially stable, if they’re supported by the community, supported by the governments of the region, and they’ve organized and they propose to do that.

When we all did ICP-2, okay, we agreed that was a good principle. And it was used. LACNIC was part of the ARIN region and now is LACNIC. And AFRINIC was part of multiple regions, including ARIN, and is now AFRINIC.

Now, that principle is a valid principle, and we still — to my knowledge, no one’s told me.Someone says we don’t support it, they’ve got to tell me, so I believe we still support it. And this whole process is based on updating that document. So that’s the underlying recognition aspect.

Now, there’s some dynamics that go with it, and it’s just realistic. There’s two important dynamics.

The first one is coordination among three RIRs is easier than four. Coordination among four is easier than five. Coordination of five is easier than six, and there is a diminishing return.

I honestly do not think — there’s a limit, an upper limit of RIRs that just the structure is not sustainable. I don’t know where that is. But every time you do something, we have to do more coordination to get decisions and keep a uniform system. So that’s one factor.

The other one is that if you broke an RIR and separated it, there’s a lot of base infrastructure to have systems, people, responsive team, and if you took a third of the operations of an RIR and said we’re forming another RIR, it’s possible what’s left behind is no longer viable in one or more ways.

And so that’s the conflict at RIR. It’s not conflict because, oh, I don’t like losing part of the region. It may be conflicted because I’m not sure what’s left is financially viable.

And so those are real concerns. You want to support community-based self-governance, but you also have to keep the system stable and you have to handle the coordination.

And so we sort of said, yeah, all this should be revisited, have fun ASO AC. And they’ve been doing that and talking to the community and trying to update it. But there’s some real tension on both ends.

Altie Jackson: So it’s tracking the balance on both sides.

John Curran: Right.

Hollis Kara: Wonderful. Thank you. All right, seeing no more questions, Amy, I think we’re done. (Applause.)

All right. Here we go. All right. You see it here. We’re going to break. Because we’re going out on break about 10 minutes late, let’s plan on coming back in at 3:40. I want to make sure everybody has time to get a coffee refill, so I’m not going to short you on your 30 minutes. We’ll see everyone back at 3:40.

(Break from 3:08 PM to 3:39 PM.)

Hollis Kara: All right, so we are back. It’s after break. We have one more presentation before Open Microphone, and, oh, my goodness, he’s right behind me. Richard Jimmerson is here to talk about ARIN’s Annual Report for 2025.

ARIN Annual Report

Richard Jimmerson: Thank you, Hollis. Hello, everyone. I haven’t been on an ARIN stage in a while. I think this is the first presentation I’ve given in like three, maybe four years, perhaps. But I’m glad to be here to talk with all of you. I’d like to thank all of you for being here.

One of the things that we do issue every year, the content of which may not be too much news to a lot of you in the room because, of all the people who participate through the membership at ARIN, there’s no one who participates more than those of you in the room here, this annual report that we issue each year has a lot of information in it that we hope is found interesting by the members that don’t attend these meetings or aren’t in the room, that we don’t see every six months out of the year.

And perhaps some of you in the room review this annual report each year, but perhaps some of you just know the content so well you don’t look at it all the time.

So what we wanted to do was cover it for a few minutes on the stage here to let you know how we report this information annually, what’s basically contained within it, and perhaps get some feedback from you all on perhaps what we put in there in future years.

So the annual report that we’re going to be looking at now is the 2025 Annual Report. So this runs through December 31 of last year for us. Our calendar operating year is January 1 through December 31.

I’m going to talk about a few of these items here. First, an Executive Summary. And this is a good place to start, is the strategic priorities that is given to the organization by the Board of Trustees.

The Board of Trustees is elected by all of you. We have 10 Board members. Nine of them are elected, plus the president and the CEO. And the staff organization follows the instruction of that Board very closely. So each year the Board of Trustees comes together and they talk about the strategic priorities of the organization.

We receive that information from the Board. We build our operating year for that following year based on what we receive from the Board. We build our budget based on what we receive from the Board. And there’s a high amount of mutual respect between the staff and the Board of this organization, and we do a very good job of getting the work of the community done.

So you elect representatives to represent your needs. You provide feedback to the organization. That’s discussed through our strategic priorities, and it drives our operations each year.

We publish this information on our website. You can go and see what the strategic priorities of the organization are there. And you can see the previous plans that we’ve published over the years. We show a history there.

But we respect this document so much that at points throughout the year, as you might imagine in your own organizations, you’ll be in a meeting with your colleagues inside your organization, you’ll have a great idea —— we should do this, or we should do this thing this way — and one of the things that we got around to is basically pointing out the strategic direction given to us by the Board of Trustees.

So much so that John has required over the years, and we continue to do this today, when the Board publishes a new set of strategic priorities for the ARIN organization, not only does it go on the website, it gets put on posters and placed in the hallways of the organization.

And there are many times over the years where we’ve been having conversations and we’ve asked the question, how does this fit into the strategic priorities given to us by the Board? I actually sent someone out in the hallway to find that for us.

Anything that we do come up with that might be considered for a future year, that goes to the Board at their Strategic Planning sessions. And they decide for us if that fits inside the parameters of what they envision for the organization or not, and we follow that very closely.

Here are some highlights that you can see what an operating year looks like for the organization.

We’ve deployed and improved certain services throughout the year. We highlight that information in here. Some things that you see in there that might be improved or additional services, our ASPA support that went into our testing environment last year that you see going into production at the beginning of this year, our Routing Registry Auto-Manager, some other types of services that we’ve improved throughout the year.

But you also see a reflection of a lot of the outreach work that we do throughout the year to make sure that everyone has access to us in the community. The Help Desk is a very featured item at various different outreach events where people can bring their tickets or bring their questions about resource administration and get answers to those and get things resolved right there on the spot.

But you also see things like governance of the RIR system and the ARIN organization in some of the highlights here. ICP-2 work, we heard a little bit about ICP-2 earlier. There are fewer things that will have more impact on the work that we do as ARIN over the next five years than what is being discussed in that document.

When all of you, working together with our Address Support Organization, Address Council, NRO NC, finalize a document, and that goes through a process in cooperation with ICANN, there are going to be some compliance elements inside that document that we will all have to meet as Regional Internet Registries. And that will become a front-featured item in the work that we do in the coming years.

So your attention to that is vital, that you’re defining the operational priorities of this organization and other organizations into the near future.

But those are just some highlights for the 2025 operating year.

In terms of our membership, at the end of last year, we had just over 25,000 Service Members. Service Members are organizations that have Internet number resources directly registered to them by the ARIN organization, with no organization between them. These aren’t reassignments, these are directly registered resource, either IPv4, IPv6, or AS numbers, just over 25,000 organizations.

Of those 25,000 organizations, we had 1,472, at the end of last year, General Members. Any Service Member can choose to be a General Member. And all they have to do is participate in our election process and our Policy Development Process, and they can retain that status.

So those 1,472 are the members that choose to participate in our governance, and they cast votes in our election for our Board, Advisory Council, and also in our NRO NC elections. So that number could grow pretty rapidly from one year to the next depending on the level of interest for our member organizations to participate in our governance processes.

Some statistics. Well, how much of your registry activity has to do with IPv4 versus IPv6 and AS numbers? It’s not too different between IPv4 and IPv6 requests that we process each year and Autonomous System Number requests. But number one is still IPv4. The most interest in terms of requesting resources continues to be with IPv4 address space.

And separate from that, we have our transfer requests. You can see that we’ve done 540 M&A transfers last year, we did almost 1,800 specified transfers last year between one organization and another, and 445 transfers between the other Regional Internet Registries and ARIN.

And it’ll be nice at some point soon, perhaps, to be able to turn that on with AFRINIC so that all five of us are conducting transfers across the globe. That will be wonderful. We’re looking forward to that.

Some routing security statistics. I know a lot of you are interested in that and interested in having other people in the community pick this up.

It was only, I don’t know, 10, 15 years ago, I heard words inside the audience here or inside the industry that RPKI would just never be adopted. It was a dead protocol. No one’s ever going to put ROAs on their Internet number resources. And why are you all even working on this?

And the switch flipped pretty quickly, pretty heavily. We went from, 15 years ago, people having arguments on the NANOG mailing list about the Regional Internet Registries and ARIN having absolutely nothing to do with Internet routing — and no one should ever say they do have anything to do with Internet routing — we went from that to, today, being a single point in failure of someone’s routing on the Internet because of RPKI, because of ROAs.

And we take that very seriously as an organization. We’re tracking the uptake of that service very closely. Our Board is watching that very closely. And we’re rapidly increasing our service availability for RPKI and making sure that we include that in our education and our outreach throughout everything that we do.

There’s a few technical milestones that you’ll see mentioned in the annual report. And one of the big ones for us operationally, as an organization, was a data center move that we did in 2025.

The Board of Trustees worked closely with us in speccing out a project that had their interest and both the staff’s interest. And they gave us a deadline, a timeline to follow, and a budget for that, and we were able to complete that on time with the Board and within budget. So that was very exciting.

We also had some routing security milestones last year with IRR Auto-Manager, a ROA Change Log, and other improvements, like ASPA, to our RPKI services. And those improvements to routing security services will continue over the years. It’s a remaining interest for the organization always.

In terms of community outreach, last year we launched ARIN Academy. This is a place where we can put up education modules about using ARIN’s services or outreach through an academy-type platform. That was launched. It’s an e-learning platform.

We have training modules going up on IPv6, RPKI, and other topics. We’re excited that we’re going to be able to perhaps insert some training modules there for the use of Policy Development Process and other features of the ARIN organization soon.

We continued our Fellowship Program, one of the key and most important programs that we have in the ARIN organization over the years. There are so many people in our elected bodies that have added so much value to this organization that actually first came to ARIN through the Fellowship Program. And that’s something that I don’t see us ever ending. It’s very highly supported by our Board. And we’re happy to have all of you here as Fellows, current and past, and hope that you stay engaged with us.

Of course, we have Community Grant programs, and we hosted many events in the 2025 year. But our public policy meetings, of course, were both in Charlotte and Arlington, Texas, last year.

Here’s a little bit about the outreach statistics. We get invited to events. Basically what’s happened over the years is we weren’t getting invited to a lot of events 20 years ago. People really weren’t looking for ARIN to come their events. And it’s gone from that to us not being really able to handle the demand that we get from other organizations to have us present at their events.

They’re always happy to have us on stage representing all of you, talking about what’s going on inside the ARIN community.

And they’re very interested in support in a help desk that we provide at those events where they can get ticket issues resolved or work through a problem that they may have had for a few years with the organization and actually see that it’s not the —I was at lunch today, and somebody at the table, —you’re in the audience here, probably, somewhere —said that 20 years ago ARIN wasn’t ARIN; they were “No ARIN.” Like, the answer was “no” every time. Of course, that’s not the case, and things have changed over the years. And I think the perspective that people have on this community and the organization are largely due to this outreach that we do throughout the year on your behalf as our membership.

Inclusion and diversity is very important at the ARIN organization. We’ve updated a lot of our practices inside the organization and worked together with our Board. We have invited an ombudsperson to our ARIN Public Policy and Members Meetings. We’ve been doing that for a few years now.

We have in-person training that we do for the leadership team and staff inside the organization on these topics. We’ve updated our value statements. We have value statements inside the organization that feature inclusion and diversity. We have a blog series, last year in 2025, that our CEO published in regard to ARIN’s attention to those topics.

And we have a new e-learning module for staff and volunteers. We conduct training for all staff and volunteers each year that is mandatory harassment-prevention training, inclusion and diversity training for all of us inside the organization annually. And we carry that inside our e-learning inside the organization.

You can learn about our service levels throughout the year. We actually run a status.io page that you can visit on the ARIN website. If you go to the front page of the website and you click on Service Status on the front page, it brings you to reports that indicate these numbers here.

And you can see exactly what happened with the report from the organization. Sometimes it has to do with one of our vendors had a hiccup, for instance, in regards to billing services and being able to pay by credit card or other things that happen throughout the year. But, of course, you can see that by going and checking there.

And if you ever notice any issues with ARIN services, that’s a great first place to look to see what might be going on and how we’re remediating that.

So again, this is just a quick summary of our annual report. I don’t really have anything else to add to the annual report presentation other than inviting you to go to the website and check it out and see what that looks like.

Because for those of us that are members, there’s just over 100 of us in the room here, there are about 25,000 more members of the organization that, perhaps, this is where they get their information about what’s going on with the organization.

They just drop in, they check out our annual report, they look at our financial statements. And that’s the snapshot that they get each year. So we just wanted to highlight that to all of you to know all your member colleagues, that’s what they’re looking for.

And before I close, what I do want to say is, because we don’t get a whole lot of opportunity to do this, is I want to give a great big thank you to our ARIN Board of Trustees, our Advisory Council, and our NRO NC for the enormous amount of work that they put into this organization and the success of what we’re all doing.

I’m in a unique position where I get to see all that work being done, and it is a breathtaking amount of work that they all put in here, all the way across the Board — at our Board, our Advisory Council, and at our NRO Numbers Council.

It’s just unfathomable that anyone would be willing to do that. And you’re truly doing it because you care about the health of the organization and this membership. And I’d like to do a round of applause for all of our volunteers in the organization. (Applause.)

And I would also like to thank the ARIN staff that has dedicated so many years and so much effort into what’s important to you as the membership. It’s our respect for you as a membership and our role inside your trade, inside this industry that drives our respect for the work of our Board, our elected bodies, and the work that we do every day.

And I just want to say that we have a spectacular team of professionals inside the ARIN organization. I’m proud to be part of the team with them. And they are all very proud to do work on behalf of you.

If I could get a round of applause for the ARIN staff during the Annual Report presentation. I’d like to thank them. (Applause.)

And with that, I just hit zero mark on my timer down here. Happy to take any questions or comments on the summary of the ARIN Annual Report.

Hollis Kara: Please feel free to approach the microphone or start typing if you’ve got a comment or question for Richard.

Nothing? Give it 30 more seconds. He was very thorough. We appreciate it. Thank you, Richard, I think we’re good.

Richard Jimmerson: Thank you, everyone. (Applause.)

Hollis Kara: With that, I would like to invite John and Nancy back up to host our Open Microphone. That means it’s time to get in line or start typing if you have any comments, questions, thoughts, feelings, opinions — I don’t know, anything that you’d like to share.

Nancy Carter: Thank you, ma’am.

Open Microphone

John Curran: Microphones are open.

Nancy Carter: Look at them all running to the microphone.

John Curran: We have a remote.

Adair Thaxton: Adair Thaxton, Internet2. What do you call eight hobbits?

Hollis Kara: What do you call eight hobbits? I don’t know.

Adair Thaxton: A hob-byte.

John Curran: Wow, that’s worse than my jokes, which is saying something.

(Laughter.)

Hollis Kara: I don’t see anything online. Surely someone has something to say. The caffeine hasn’t run out yet, has it? Alison, come on

Alison Wood: Alison Wood, State of Oregon. I just wanted to say thank you for having the technical presentations in our meeting. I really appreciate that, and it’s very applicable back to what we’re doing on the Advisory Council and also in my day job.

John Curran: Excellent.

Evghenii Kosatii: Evghenii Kosatii, Addrex. I have a question. Could you please share what are the next plans for ARIN Academy. Is there any plans to add courses? For example, something like a PDP course would be very helpful, I would think.

John Curran: Oh. Okay. Our vision in the past for the academy has been sort of baseline of having to use our services: how to use ARIN Online, how to do RPKI, similar.

We’ve been branching out. We don’t want to duplicate. There’s an enormous amount of coursework out there that other people have done in things, across-the-board technologies.

But if you have any specific course you think ARIN should offer, can you come find me? Give me a little outline, because we’d love to add more courses. We just don’t know what you folks want to see.

Evghenii Kosatii: Thank you.

John Curran: Thank you.

Kevin Blumberg: Kevin Blumberg, The Wire. A great course would be how to knit and listen to John Curran at the same time.

(Laughter.)

I don’t want ARIN spending more money, so please take what I say with a grain of salt. But one of the issues is drip pricing. I don’t know if you’re familiar with the term.

The term “drip pricing” is where you think you’re getting something — let’s say, RPKI training; you’re getting RPKI training — and then you realize that ASPA has come along, and you need ASPA training. And then you realize, and then you realize, and it’s this never-ending cycle where you start with one thing and then you realize you have a whole bunch more stuff to do over time.

And I had this realization this morning that I wasn’t done with RPKI. Right? And I’m worried that the uplift on RPKI has been very hard. We’re reaching the point where the people that want to do it have done it, and it’s getting really difficult to do for the remainder, the usual 50 percent rule.

But now you’re going to be going back to the first 50 percent who have done it and say, hey, we really recommend or support ASPA. We’ve got it now in our portal and we’ve got this low turnout on it.

And for the next five years you’re going to start showing slides, showing ASPA, where, with the training, it really needs to either include it or you say, it’s there, but we don’t think you should use it. Which is it?

John Curran: Let me address that because ARIN serves you, not the other way around. Okay? So the interesting part here is we’re talking about voluntary protocols. So when we talk about RPKI, you don’t have to do RPKI. You can or you cannot do it. You don’t have to do ROA origination, and you don’t necessarily have to do route validation. It’s up to you.

So we have this challenge where, when RPKI comes up, originally we’re like, well, we shouldn’t be telling people you have to do RPKI unless it’s pretty important.

Now, we like people doing RPKI. We like having validated routes. We think you like having validated routes. But we don’t want to lead you down a path that may not be something that you or the operator community want to do.

So ARIN, when it came to RPKI, we were a little slow. We were like, it’s over there. Yeah, we know about it. And then we had to catch up. We had to spend a lot of time to catch up.

So now we’re here, and we have RPKI. And the IETF says, ASPA. Congratulations. And we’re like, okay, I would be the one who would stand up here and say you have to deploy ASPA. But it’s not our job to say you should do it.

So right at this juncture, we haven’t updated all of our RPKI work to not only include RPKI, ROA origination, but include ASPA. We can, and say you need to do both.

This is an adoption sequence, though, where us saying you have to do ASPA — I’m not sure, have you told us that we should be telling everyone to do ASPA? Because we’ll be promoting something that we don’t yet know is validated. We know some people are using it. We know it’s good.

But all these things have a cost to an operator. As you say, they have a cost to deploy.

And so we’re happy to say, if you say you want us to update our training, we want to include ASPA in the base RPKI program and tell this is the right way to do it, we’ll do it. But we’re kind of enshrining your views as the right way to do RPKI, and we’re hesitant to do that without some clear direction.

Kevin Blumberg: A better way to say it is transparency is helpful, especially where today ASPA may not be needed at all. And, John, I have no view one way or the other.

But by ignoring it in terms of at least mentioning it, we’re putting ourselves in the position where five years from now somebody says, why is it that you didn’t say — that’s all I’m trying to get at.

John Curran: Well, we can make sure that our RPKI programming mentions ASPA as the next step and if you want more training.

Kevin Blumberg: Something aspirational. Thank you.

John Curran: We can do that. Not a problem. Happy to do that. I guess we are doing that. Not only are we happy to do it, but we completed it while I’m on stage here.

(Laughter.)

Kevin Blumberg: Well, there you go. That’s wonderful. Thank you.

John Curran: That happens sometimes.

Hollis Kara: Wow, good job.

John Curran: Any other questions?

Hollis Kara: I don’t see anything online.

John Curran: Going once? Going twice? Thank you for having us. (Applause.)

Closing and Adjournment

Hollis Kara: Thank you. All right. That brings us to the end of day one. Thank you for joining us.

I’ve been advised that I should remind everyone here on site that you will — as an in-person attendee, you’ll be receiving a reminder around 5:00 today in your email that has information about the social this evening. But, again, it’s just up the street. There’s a really big bat. Seriously, you can’t miss it.

I’d like to ask everybody to put their hands together and thank our Network Sponsor, Spectrum. (Applause.)

Our Platinum Sponsor, AWS. (Applause.)

Our Silver Sponsor, IPXO. (Applause.)

And our Espresso Bar Host, Verisign. (Applause.)

Please remember, we do post a daily recap blog. Feel free to share it with friends who maybe weren’t able to be here today, or if you have questions, it’s a way to catch yourself up.

And, again, 7:00 to 10:00 tonight, we’ll be at the Louisville Slugger Museum. Look forward to seeing you there.

And we’ll be back bright and early tomorrow. Breakfast will be at 8:00, downstairs in the same room it was this morning, with the meeting beginning at 9:00 a.m.

With that, everyone have a safe evening, and I look forward to seeing you back tomorrow. (Applause.)

(Meeting adjourned at 4:05 PM.)