Table of Contents
- Members Meeting - Opening Announcements
- ARIN Reports: Engineering
- ARIN Reports: Registration Services
- Advisory Council Report
- ARIN Financial Report
- Board of Trustees Report
- Open Microphone
- Members Meeting - Closing Announcements and Adjournment
Members Meeting - Opening Announcements
John Curran: We have our Members Meeting. This will go from about 1:05, our start time, to about 11:00 tonight. No, sorry. Should go two hours. Should be pretty quick and pretty informative.
See, it all seems reasonable after I said it went 10 hours. Two hours, we should be done by 3:00.
So let me start right out. At the head table we have the Board of Trustees I see. So Bill Woodcock, Bill Sandiford, Tim Denton, Aaron Hughes, myself, Paul Andersen, who is our Chairman, and Vint was here but escaped.
Oh, Vint's there. I'm sorry.
Dan, you leaned forward.
Paul Andersen: No respect. Just like you're out the door.
John Curran: That's not an excuse. You can't go.
John Curran: We have the Board and the Chair of the Advisory Council. We're going to go through today: We'll have reports from all the departments and we'll also have the Advisory Council report and the Board of Trustees report and then we'll do an open microphone session and we're done.
So, starting right up, first one up is the Engineering Report. Mark Kosters will come up and give it.
ARIN Reports: Engineering
Mark Kosters: So I was told I did a pretty good Donald Trump impersonation. Sorry. I don't have blond hair, though.
Paul Andersen: He doesn't have blond hair.
John Curran: He doesn't either.
Mark Kosters: I guess a wig would be in order. I'm not going to go there.
Okay. Here's our staffing so far. We have – the big sort of notable thing I'll mention here is within operations we have an open DBA/sysadmin. We're really looking for someone that's a good sysadmin who has interest in knowing database.
And if you know of someone, please send them my way. We are looking for a good quality engineer. Everybody else is full.
I'm particularly full myself because I just had lunch.
Mark Kosters: Okay.
Vint Cerf: (Indiscernible.)
Mark Kosters: Okay. So we've done a lot of work lately, mainly on SWIP‑EZ. And I think you can see that if you log in to ARIN Online. We'll go through a couple of demos where you can see some of the fruits of our labor.
You can do almost anything you want with ARIN Online now. There's no need for doing templates if you've got a onesy or twosy and everything else and you edit it and send it into hostmaster.
You can actually go online and make whatever modifications you want to your reassignments.
We've had a lot of feedback from user experience. And we try to make this very, very user‑friendly. And we'd like to hear from you, both the positive sides and the negative sides regarding that.
We also finished 8.4 transfers. That is both front‑end work as well as back‑end work, making sure that John Sweeting's group's job is done well and that they don't miss anything.
And the final part is we moved into our office, which is a pretty significant undertaking. It affected operations a lot in terms of setting up our network, but also impacted the rest of the company, and especially the developers as we were going through the frenzy of actually doing the move.
So let's go through some of the ARIN Online user interface work. So we have a new dashboard. Has anyone actually seen the dashboard?
(Show of hands.)
Mark Kosters: Anyone actually seen the "Vote Now" button?
(Show of hands.)
Mark Kosters: Excellent. So today we're having some issues with BigPulse. So Dyn, which is BigPulse's DNS provider, is under DDoS attack – it's been happening since earlier this morning – when Dyn goes off the air, so does BigPulse. When BigPulse is down because of DNS issues, you don't see the button. But it will come back.
So come back a little bit later and you will see it.
We did do some updating of our navigation that we'll go through as well which was necessary for SWIP‑EZ. And we've done a lot of usability tests with the community. So going to various ARIN on the Road events, having people take a look at this code, saying "hey, what do you think," actually running through, doing reassignment, or whatever.
Having local volunteers coming to our office and playing with it as well. Testing of the new dashboard and seeing if it's intuitive for them.
And if you have anything that you would like to see, there's firstname.lastname@example.org, and our User Experience Expert is online to take those suggestions into effect.
So here you can see that the dashboard is dynamic. It shows alerts. You can see that there's three Point of Contact records. You can see that your allocations as a summary and you can actually see if you have a bill that's due.
Here you can see it in a bigger fashion. And you can see that we have actually added on basically sub navigation items. So you click on a major link and it actually rolls down to the sub navigable parts of the elements.
And we'll go through an actual demo of this a little bit later.
Here's how you can actually do a reassignment. And one of the things that's kind of interesting on this, if you're not sure what detailed reassignment, reallocation, what all these mean, you can click the information button to find out what that means, that "i" there.
And here it gives you a short quiz as well so you know exactly what you're doing.
So going back to the operational moves. It was really a lot of work to make this move seamless. We had a build‑out of a new server room, which was pretty impactful.
We learned a lot of the stuff. We learned a lot of things, what to do and what not to do based on our existing server room.
And we wanted to make sure we improved on what we had and make it much better. We also redid our internal network. So we've had a security audit done over the last two years.
And some of the recommendations that they've given us we've actually improved our network posture, our security posture, based on doing some network modifications.
And, of course, according to the audit recommendations as well, we've done lots and lots of changes to make our systems more resilient.
We've had operational challenges. I reported about this at the last meeting about DDoS attacks. They've subsided. I really like that.
Most of the attacks happened on Friday and almost happened when one of our operation managers, Pete Toscano, was out of the office.
Don't know why.
Mark Kosters: But it wasn't him. It wasn't him.
And one of the stories I want to tell you about is our old computer room in our old building.
So the computer room was sort of incrementally built. And one of the things that was added a little bit later was our generator. And the generator was almost like a baby generator.
It had a very small gas tank associated with it. And as we were getting close to the end of our days there at ARIN, we started suffering low voltage events.
And you guys who have computer rooms know that when a low voltage event happens, your generator kicks on, right?
So here it is, stinking hot, really hot. We're talking over 105, approximately, and our generator's running. And unfortunately, since our tank was so small, we couldn't find a fuel provider who would actually deliver fuel for us.
So thankfully I live on a farm and I have the capability to deliver quite a bit of diesel fuel.
So I became the fuel delivery man for our diesel generator. And also if the generator wouldn't start, I brought my pickup truck to work and I would actually jump‑start it with my truck.
So in our new building, we will not have this problem. So we have lots of gas and a good battery.
So just going back to ARIN Online. You can see that we've had over a million accounts that are going through and almost every year it's fairly consistent in terms of number of accounts activated.
What's interesting on this one is the number of logins. We have a lot of power users that go on to ARIN Online. There's almost 20,000 users that logged in at least 16 times, which is pretty amazing.
Here you see our RESTful transactions using Reg‑RWS for assignments versus templates. And this is all cumulative. You can see that the RESTful transactions have way overtaken the templates as people are moving to REST.
Here you can see that people are using DNSSEC. Less than one percent are secured. Pretty low penetration rate.
You say, well, that's not so good. But then again if you look at com and net, what their penetration rates are, they're actually fairly close. So this is actually not a bad number.
RPKI usage is fairly flat in terms of its growth. We do have growth.
One of the things that's quite notable is that we have an up/down customer that's actually actively using up/down and using RPKI and it's a fairly complex mechanism, but they got it going.
You can see that RPKI is going. It's going about the same speed as DNSSEC.
Now, this slide is interesting. Here we have RWhois queries per second. You can see the spike back in 2010 where we had a bunch of different activities that occurred and went away.
We're starting to see another spike starting to emerge, both for Whois, which is in orange, and Whois‑RWS, which is in black.
So we're not exactly sure what that means yet. But we're keeping a close eye on it.
Here is Whois over v6 as a percentage. It's actually sort of wavering around 4 percent or so, 3 to 4 percent in terms of traffic.
And here is RDAP. We also broke this out in terms of v4 and v6. And that as a new protocol actually has fairly equal distribution between v4 and v6. Although there was a spike on v4 that happened earlier this year.
IRR maintainers continues to grow. The same with Route and Route6 objects and InetNums and Inet6Nums, just continually grows.
And here you can see the breakout per organization, which is fairly interesting. Number of organizations, there's 44 that have 100 to 2,000 objects in the IRR. So there's a number of heavy users into the system.
Here's what we're going to be working on this coming year. You can see that there's a lot of this stuff is somewhat repetitive from what Nate had talked about earlier, because he frankly drives a lot of things that prioritizes what we do.
Better management of Voting Contacts which we like to make easier on you. Automated installation of new services and redundancy, a thing that Kevin Blumberg talked about earlier, like Reg‑RWS.
The next thing that's kind of interesting is we're starting to work on a user authentication scheme called OAuth. It's going to do two things for us:
One is for those people who authenticate via this new protocol, which is actually fairly common in the industry, if you authenticate, then we'll give you unlimited responses back.
Right now you get 255 coming back if you're unauthenticated. If you're authenticated, we'll know who you are and you can actually use the system in greater detail.
And this is based on an ACSP that Dani Roisman put into place a couple years ago.
And as a bonus, one of the other things we have, is we had a couple of ACSPs that complained about ARIN Online timing out. So you go for a coffee break. You're halfway through something; you come back. ARIN Online timed out. Online timed out, and your work is lost.
So with this OAuth work that we're doing, we're also going to allow for unlimited time. Because it goes from being session‑based on the server to session‑based on the client.
And, finally, we're doing lots of accessibility, things going on with ARIN Online.
What I'd like to do is I'm going to hand it off to Hollis here in a minute and show you sort of a pilot of things that we're thinking about doing with ARIN Online.
And you can see this is off a mobile device, which right now is actually fairly hard to do if you want to do ARIN Online in its present form. So, Hollis, if you want to take it from here.
Okay. So what's going to happen here is a person is actually going to do a simple reassignment. And the question is whose reassignment is it? We're going to find out here. It might be coming up fairly soon.
John Curran: (Indiscernible.)
Mark Kosters: As you can, see this is all being done on a mobile device. And this is just going through an animation of how this actually can all work out.
You can see that this is actually a fairly interesting approach. And hopefully if you guys like it, this is something that we'll be implementing.
And I've seen a few people in the audience nod, saying yeah, yeah, this sounds like a good idea. Is there any more that are going to nod? Maybe not.
So here you can see that we're doing just a test of a little bit more information. And that's pretty much close to it. Whoever did the demos, actually they type like me.
All right. That is the end of the demo. So, anyways, it gives you sort of a preview of what we're looking at.
And if you have any feedback, email@example.com is the place to go, and you can actually give us some further feedback.
So the other thing that we're working on that Nate also alluded to is we have a pretty significant technical backlog.
One of the things that we've done, when we did ARIN Online, starting about eight years ago, we used the most modern Java that's available, which is Java 6. That's no longer in support. So if there's any serious issue, we're in kind of a world of hurt.
So what we're doing is upgrading this to a more recent version, Java 8, for application servers. So all our applications are Java‑based. They all run on a Java stack. And we want to move from 4 to 6. I'm sorry, from 6 to 8. I'm thinking of v4 and v6.
So we also are doing an overhaul of our monitoring system. The main system that we're going to is Sensu. We currently have a mixture of three, which is never good, Zenoss, Icinga, and moving to Sensu. So we're moving all of our stuff from Zenoss, which is very old, and our stuff that was on Icinga, which is a little bit newer, to Sensu. Which will give us a much better feeling what's going on with our networks and our services.
And we're also working in automated build systems. We're currently using Puppet. We're kind of wondering based on the effort that we've put in so far if that's actually the right tool for the job. And we're looking at alternatives. So we'll see where that goes. And of course we're looking at improved login to make sure that we know what our systems are doing.
So any comments?
Vint Cerf: It's Vint from Google. Just a question about the Java 8 choice. There had been reports over the last several years of Java having serious security problems. Maybe because of the virtual machines.
Is that an issue for you, or is it used in such a way that you don't have that risk?
Mark Kosters: We're very careful how we craft these things and making sure all these things are protected by firewalls on the front side.
And actually – they're actually not on the back side either. So they're sort of in the middle. They're application gateways, for the most part.
So you never know. Obviously you don't know what you don't know. But for the most part we feel fairly confident that we're okay.
Plus, we've had a couple of security audits which they've not flagged anything that we've done as issues in this area.
Good question, though.
David Huberman: David Huberman, Oracle, speaking strongly in favor of Java.
Vint Cerf: So there.
David Huberman: Two quick comments: I'm an ARIN Online power user over the last three and a half years. And the improvements that have been steadily made over the last three and a half years that I've been using it have been fantastic.
Kudos to you and your team. Really getting better.
Mark Kosters: Thank you.
David Huberman: Especially where it came from. Good first effort. Good stuff.
Mark Kosters: Excellent. Thank you very much, Mr. Huberman.
David Huberman: Not just this morning, but in the last few elections, this morning I voted on my phone while I was sitting here ignoring John.
John Curran: As usual.
David Huberman: As usual. It worked so well. It was so fast. It was so easy. BigPulse has been the best voting – we've had a few voting systems. BigPulse, as a user, has been my favorite voting system.
And I wasn't quite sure what you guys were talking about on the slides about the changes to managing voting records, but I hope you keep BigPulse just the way it is from a user perspective.
Mark Kosters: Thank you. So one of the things Wendy talked about the other day, to give a little background on this, is now users have to go through ARIN Online to get to BigPulse.
Last year you could also go directly to BigPulse if you didn't have an ARIN Online account.
So this is exposing it more to members: "Hey, here's how you actually put in your Voting Contact."
David Huberman: Okay. It's real easy and I really like it.
Mark Kosters: Great. Thank you.
John Curran: On BigPulse, I just want to make clear something. So we have had a number of voting systems. And most recently we've been working with BigPulse. And that's worked out well.
It's getting better and better. We're clearer about what we expect, and they've been responsive in terms of working with us.
There is a lot behind the scenes. ARIN is an interesting – it has an interesting approach to how we do elections because one contact may vote for five Org IDs. And when you first try to describe that, obviously there's a lot of learning that we go between each other.
We are working with them. We are successful. Now that our validation is within ARIN Online, and now that we're working well with them, as long as they continue to evolve with us and we have the support we need, then it's easy to use them.
It's also true that we're now finally – now that we have a front‑end validation for everyone who votes, we're also in the position where we could do the functionality ourselves if we wanted to eliminate outside dependencies.
For example, right now the BigPulse button to vote may not show up if the DNS name isn't there.
We're looking at both options. I do believe we've gotten to a point where at least we're stable on voting. And I'd like to try to stay that way for a while.
Behind the scenes, you should know, we have this vote tabulator person whom we appoint from the Board.
In years past, the reports we get to compare were entertaining to validate the election, were entertaining at best. We've gotten better. Hopefully this year's report is a lot closer to what we want.
But it is an active area where we're looking, because we need an easy interface for you but we also need to be able to readily validate the results. And we're not their typical customer.
So we're happy with it, though, and we would like feedback. We have no particular plans to leave them. But, on the other hand, if we can't get everything working smoothly, or if we have external reliability issues, it may be something we queue up.
Any other questions for Mark?
Kevin Blumberg: Kevin Blumberg, The Wire. I spend a lot of time on my mobile phone. And I'm really happy to see ARIN Online moving to responsive.
Just in your demo, as a quick thing, you can't move all of the content that is done for desktop into responsive and expect it to work the same way.
In fact, you really need to get out of a different mindset. And I saw this as being the version 1.0, which is really "we've made our site responsive, but in the same way as the desktop."
And I hope that – it sounds like you've got a lot of UX people helping you with that and that will move ahead. ARIN Online is not my concern. It's not where I spend my day on ARIN's site.
During this week I've gone to ARIN's main site 30 or 40 times to look up policy, to look up fee structure schedules, et cetera, and ARIN's website, because of the volume of content, is one of the hardest websites to deal with. Especially in the voting area.
There is so much information on the main voting page that trying to navigate to where you want to go without it being responsive is next to impossible.
So I know you've said you're working towards this. You mentioned ARIN Online. But I'd actually say that the actual ARIN website is just as important and hopefully you'll have a good timeline for us.
John Curran: I'll jump in. I don't see Susan here. But we've gone back and forth. The communications team has recommended several times that we, in launch or redesign, to simplify and make things easier, organized on the ARIN website.
And I'm probably the most pedantic stick in the mud in the organization when it comes to this only because we also have people who say: "I finally figured out where everything is, don't move anything. Okay. I know I have to go to this tab and go down here and go here. If you move it, it may not be an improvement."
We are going to redesign the website to make it easier to use. We are going to look at a content management system. We are doing these things and it will change the website.
It's pretty important that we get it right. I don't want to end up going through a redesign and a content management system and then rolling something out that's not thrilled.
So we'll be working with you guys on getting feedback on that. But it's a very – I don't want to try to do it incrementally because people need to know where to find things quickly.
And once they learn it, you don't want to change that more than once. So we will be doing sort of a major design sometime in the next two or three years. Even if we started next week, it might take a year to get the first one to you.
But we'll try to involve the community and let them see early previews of some of those changes.
Kevin Blumberg: Thank you.
John Curran: Thank you very much.
Next one up, we have the Registration Services Report. John Sweeting, our new RSD director, come on up.
ARIN Reports: Registration Services
John Sweeting: Good afternoon. Feels a little funny being up here giving this report with Leslie sitting over there eyeballing me. But hi, Leslie.
There's two things I want to say before I start the report. I have been there a little over two months, and I have been amazed by the staff of RSD.
Not just the staff of RSD, there's the whole ARIN entire organization, it's a great organization to be working for, and I'm very happy to be there.
I don't have any old office stories because I refused to start working until they got us into a new modern building. So my first day was at the new office.
We'll get right into this. So the RSD core functions, of course, is to do the evaluate resource requests and to fulfill them to the best of our ability and to help customers get the resources that they need in order to do their business.
That is the core function. Then we have these other core functions, the transfer request, the Org POCs and change of authority services where people have to come in and prove – show proof that the resources should be put into their name because they haven't been updated in quite a while.
And a lot of that happens because of the transfers. Somebody comes in, tries to transfer resources, and there's no way to really tell that they are supposed to be transferring those resources.
So there's a lot of work behind all of these change of authority services.
Database record maintenance, POC validation, SWIPs, all of that, it's all done in the RSD.
And then there's the customer support portion of it, which is a telephone help desk that is 12 hours a day, Monday through Friday, 7 AM to 7 PM.
The Ask ARIN that comes into us and also the emails to firstname.lastname@example.org. There's still a lot of that. And it's actually tedious, because I think somewhere around 90 percent of what comes in to hostmaster is spam.
So it's very tedious just to work through all of that. Some of the support functions: we work with all of the departments within ARIN. We help with staff – we do staff assessments, implementation plans. We do requirements and testing with Mark's team.
Communications, Susan's team, we work with her on getting the communications out to the community that need to be put out to the community.
There's one that I see missing is the Financial Services department. We do a lot of work supporting Val and her team on the financial services side of things, revocations, billing issues, a lot of different things that we have to work with them on.
Outreach, we support ARIN on the Road, trade shows, presentations. Most of you are familiar with Jon Worley, if you've been at an ARIN on the Road, he takes care of most of those.
Statistics and database analysis, stats community requests for data, research et cetera, we do a fair amount of that as well.
So this slide is just a quick slide of the organizations served by ARIN. Non‑member customers comprise 41 percent of the customers we serve; our ISP subscriber members, 14 percent; and then Legacy comprises the largest, 44 percent.
I think the big thing to take away is the 37,000 total organizations, over 37,000 total organizations that we support.
This is an interesting slide as well. This is the number of /24s that are covered under agreements, IPv4 /24s. So the total in the database is over six and a half million.
I believe that number is probably down a little bit from the last report due to inter‑RIR transfers. But it's still interesting that there's so many that are not covered under any type of agreement over almost three million. Three million under the standard RSA, and then we have the little over half million under the legacy RSA.
So here's a little graph that shows the RSA coverage over time. It's going up. It's not going up quickly. But some of it, we lose some due to the transfers as well. But we're – it's steadily going up. So we're steadily having more agreements, more of the resources under agreement.
Okay. So on the request side, the IPv4 requests are decreasing due to the IPv4 free pool running out. So basically what we do for IPv4 requests today is for the wait list.
And they're slowing down as well because people are realizing that they're probably not going to get any resources through the wait list, especially with the list that's already there today.
What is increasing, though, and it takes a little bit more time, is the pre‑approvals and the specified recipient transfers.
IPv6 – I have graphs for all these, too, so we'll see that soon coming up.
The IPv6 requests, it's steady traffic. It's not increasing at any fast pace. So that's not great news, but the good news is it's steady. As you'll see on the graph, it's steady across the months.
And the change of authority request, of course it's increasing with the merger and acquisitions and specified recipients, source requests. Again, it's interesting because a lot of times people will come in for an 8.3, which is within the ARIN region transfer or an inter‑RIR transfer, and find out that first they have to do an 8.2 transfer to get the resources into the right organization that can then do the 8.3 or 8.4 transfers. And of course we expect continued increase in volume in that area.
IPv4 requests per month: the first month, July 2015, you'll probably realize that's two months before runout at ARIN. And that was a peak. 400 – almost 400 requests that month. And as you can see, it's steadily – it went down very quickly. Then it's kind of remained steady at 100 a month since then.
The IPv4 waiting list growth: Again, you can see it went up and now it's kind of levelling off a little bit. As I said, people are really going more to the transfer market. We do lose people off the waiting list, because once they have a transfer approved they come off the waiting list.
Some people pull themselves off the waiting list because they're getting ready to go into a transfer and, of course, we've had a few come off due to the return of address space from IANA.
8.3 transfers completed each month. So the 8.3 is, of course, within the ARIN region. ARIN to ARIN plays in the ARIN region. It's steadily climbing. It's been steady for a while.
It went up pretty quickly after the free pool went out, but now it's been pretty steady the last six months.
Inter‑RIR transfers completed per month. I'm not exactly sure, but what I've been told from my staff is that it took a while to get all the bugs out of it. And I think the first months – the first few months there was mainly only one RIR that we did the transfers with.
But in the last few months it's really taken off. The kinks have been worked out of the process. And they're steadily – these types of requests are steadily being increasing and being approved.
Here's the IPv6 requests per month. This is the good news/bad news kind of graph. The good news is that it's been steady. The bad news is it's not growing at any alarming rate.
As a matter of fact, it's not growing at all. It's just staying steady across. You can see the spike in September 2015. That was of course runout and it did spike then but it came right back down to what it had been averaging and has stayed there.
This is a good news slide. For the first time, our percentage of ISP members with both IPv4 and IPv6 holdings is more than IPv4 only.
John Sweeting: The trend is growing and we expect that trend to continue to grow.
The telephone help desk, as I said, 12 hours Monday through Friday, 7 AM to 7 PM Eastern. Average calls a month are 700.
Most of the common topics are Point of Contact validation, ticket status, ARIN Online use, transfer. But we get any kind of question you can imagine coming in through the phone.
And this is the team. As I said in the beginning, this is an amazing team. Kudos to Leslie for putting most of it together, because I know she had a lot to do with this team right here and they, each and every one of them, are amazing employees to have working for you.
John Sweeting: I would like to point out Lisa and Eddie who have been supporting us through this meeting.
And Eddie actually supported all the way – he's been here all week supporting all the way through NANOG and the ARIN meeting.
So if you get a chance, I don't know if they're still out there – I'm not sure they're still out there. But if they are and you get a chance, walk by and let them know you appreciate them.
And I think one other point to probably make because I don't think we had the paralegal at the last meeting. Maybe. Was Suzie on board yet? Was it pointed out?
John Curran: We haven't announced it, but we added staff. And we're adding more paralegal to assist because the transfers for some reason require documentation and a paralegal is someone who has the right skill set for it.
John Sweeting: I just wanted to point that out. And it's been a very big help to everybody in the department.
And that's it.
John Curran: Any questions for John?
David Huberman: David Huberman, Oracle. I have a request and then a question. We've talked a lot over the last few years about Point of Contact validation.
And I like the fact that you've only been the Registration Services Senior Director for two months, because you actually – and you're coming from the outside, because you're bringing a fresh viewpoint at RSD of what's going on with POC validation.
So my request to you, you say it's the number one – one of the number one calls you get. We've been hearing that for a while now.
I'd ask you, over the next six months, to really take a look at that and see how we can improve it and see what you need from the AC, what you need from the community in terms of consensus, or what you need to make the situation a little bit better.
Because we've been hearing about it being not quite right for a while now, and since you have a fresh perspective, you bring a really valuable – that's really valuable to us.
John Sweeting: Thank you, David. And I would like to just say Leslie is actually working on that as well and spending a lot of time with that and working with me, helping me understand the problems, so we can actually resolve those issues. So kudos to Leslie again for doing that, still doing that.
David Huberman: John Curran, you have to guide me here, because I'm not sure if this is appropriate for right now.
So yesterday, John Sweeting, you came up and you gave your Policy Experience Report. And the first thing you highlighted was Autonomous System Numbers and what you characterized as a fairly onerous justification process that you weren't sure you understood why we had it.
And you hit a topic near and dear to my heart. For five years I've been bothering Woody over there, who is not listening, about ASNs, because I've always envisioned ASNs as a Pez dispenser.
I don't like the fact that it's difficult to get an ASN as an operator when I need it. I have to go dig up contracts that I can't even find in a big company.
And then I have to pay for them, which I really don't like. So we have RFC 1930, which is one of the best RFCs I've ever read because it's crystal clear and it tells you when you need a global unique ASN and when you don't. And we have Section 5 of the NRPM. It's a different way of saying what's in 1930, which is you get a global unique ASN if you have a need and here's what we think a need is.
But it's unclear to me where the line is between policy in the NRPM and implementation practice of RSD and ARIN as a whole of how we solve the problem that you've brought up and how we make things better for the operators and better for ARIN.
And then the tie‑in for the Board on how we can either charge a lot less money for these things or stop charging for them, because we don't have to put work into it anymore. There aren't any material costs to recover.
John, do you have some thoughts on that?
John Curran: Yeah, so recognize that the moment we assign an ASN to a party, if we want to have those records updated, then, as someone said earlier today, the records that are most current are the ones that occasionally pay an invoice, because they have a relationship with us.
The ones that don't pay languish, and after a few years they point to an organization that name's changed and contacts went away.
So a completely free process you need to think about because it encourages using ASN and ignore it, dispose of it, leave it languishing and doesn't encourage record keeping.
If you've got any record keeping, then you have to have enough to do an invoice, maintain a billing contact, have an online account.
And so you've got a fork in the road. Free is dangerous because it really does encourage use once and discard ASNs. But one that has a cost has a certain minimum associated with it just for record maintenance.
And we're happy to take guidance from the community if it wants a major change with respect to ASNs.
I think one thing that would help is right now ASN policy, you could have a much simpler policy that says if someone wants an ASN, give it to them, issue it to them, and let them pay for it. And the fact that they're willing to pay means they wouldn't do it without some need.
David Huberman: You think the driver – you think the driver is NRPM?
John Curran: You can reduce the ASN processing time to clicking a button and getting on immediately with no requirements if that's what you folks want to do.
David Huberman: That's an interesting answer to me. And I'm not arguing with it, but I will note that the text that's in Section 5 hasn't changed since ARIN's inception, even when there was no NRPM. It was the same guidance that was found on the website in 1997.
John Curran: Right.
David Huberman: In the old days, Michael O'Neill in RSD, who is now in Eng, Michael O'Neill used to just look and see, the only question asked on the template: Who is the provider – who is your contact there?
You would say Time Warner Cable, John Sweeting. And looked at that, made sense, hit approve. The text hasn't changed. The procedures changed, with good reason.
And today, if it needs to go the other way, I'm not clear that that's not a procedural thing in ARIN's written processes and rather NRPM.
John Curran: I think the level of clarification you want should be in the NRPM. If you make it clear that you want a change and you put language that reflects what you want it to be, we'll certainly implement it.
David Huberman: Okay. Then I'll follow up and leave by saying: If it happens that NRPM is changed, if that were to happen one day, and if the burden of work that RSD does is lowered as a result, I strongly request that the Board consider a fee reduction on the amount of money charged to an ASN, because the two correlate.
John Curran: So I'll ask a question. Work with me here. How much more work would it be to get an ASN than it would be to get an IPv6 prefix?
David Huberman: Well, v6 has a lot of moving parts in the policy.
John Curran: I'm saying if you want a /48 as an end user and you come to ARIN.
David Huberman: Both should be very, very easy.
John Curran: When you say you want a reduction, are you saying lower than $100 a year?
David Huberman: No.
John Curran: That's fine. Just checking.
David Huberman: $500 a year.
John Curran: That initial fee you see is particularly disproportionate to the amount of work involved, in the current –
David Huberman: In this imaginary future where there's a lot less processing time by RSD.
John Curran: If you want to simplify the issuance process, we can certainly lower the initial fee to match.
David Huberman: That's all I'm asking you to please consider. Thank you.
John Sweeting: David, thank you for that. But that was part of the reason it was on the Policy Experience Report, because to date there's a lot of effort put into approving a simple AS request.
John Curran: Owen.
Owen DeLong: Owen DeLong, ARIN AC, Akamai. So you're saying a lot of the requests that come in for 8.3 transfers end up requiring an 8.2 transfer up front.
Is there anything that the AC could do to help facilitate doing that as a single process and reducing both the effort and the fees that get thrown into that process as a result?
John Curran: The answer to your question, no. The problem is that we require an 8.2 to make sure we're dealing with the actual source organization. And so we prefer to have that as a distinct process.
John Sweeting: To add to that, Owen, when this happens, 8.2 takes usually a lot more time and effort to verify. Then once that's done, it goes smoothly.
Owen DeLong: I don't doubt that, but then the person ends up paying two transfer fees and going through multiple steps. It seems to me that it's a lot of the same documentation and whatnot in –
John Curran: It's not the same documentation. The 8.2 transfer is required because someone thinks they have rights to a resource, but it's presently not listed in their organization name in Whois.
If you know someone who is in that situation, tell them to clean up their records first. It's very distinct from 8.3.
Once someone is correctly associated with a block under the registry, an 8.3 transfer is predominantly based on verifying the recipient.
Owen DeLong: Right.
John Curran: Two transactions.
Owen DeLong: Okay. If we can go back to the slide where you had the orgs that were non‑members and the orgs that are members.
There is a category that we have created that I don't see up there, which is non‑ISP subscriber members.
John Curran: This doesn't reflect membership at all. I'm sorry, this is the orgs. Yes. This is member customers, ISP subscriber members and legacy.
You're right, there could be a slice added in there for the organizations under Registration Services Agreement.
Owen DeLong: Specifically the ones under Registration Services Subscription Agreement. And what I'm wondering is, are there just currently not any of those organizations yet, or are they missing from the graph or –
John Curran: There's a small number. One part of fixing this is, if we can get a good ARIN Services Document out as part of that, we can clean this up.
Owen DeLong: That's fine. I just was wondering are they on the graph in some other category, or something –
John Sweeting: Good catch. I agree with you. We will start including it.
Owen DeLong: And on the 8.4 transfers, there weren't numbers for August/September. So I'm wondering, did that ramp, did that appear to be starting to continue into August and September, do we know?
John Sweeting: The inter‑RIR?
Owen DeLong: That one.
John Sweeting: I don't know the numbers exactly. But I can tell you from my emails that the inter‑RIR transfer approvals going back and forth with both RIPE and ARIN or APNIC, that it is going at a very good pace.
Owen DeLong: Okay. And then finally on the IPv4‑only and IPv4‑plus‑v6 graph, a few more slides down – there we go – is there yet an IPv6‑only category that exists?
I'm assuming, since we're out of v4 to issue new entrants, that not everybody has necessarily succeeded in getting a transfer. And at some point we're going to have v6‑onlys, will we start tracking those when they do exist and/or are we just not tracking them even though they do exist?
John Sweeting: Good question. I don't know the answer to your question, but I can answer that, yes, we will track them. And if that's interesting, that you want to see on a graph, we'll absolutely do that.
John Curran: We do have ISP‑only, IPv6‑only organizations. I believe they're all end user. I can let you know in 20 minutes. I have tools.
Owen DeLong: Actually it would be good to track both the ISPs and end users on this graph. I'm not sure it's necessary to break the ISPs out.
Vint Cerf: It's Vint from Google. I want to confirm something. Some people might end up with v6 addresses from one RIR and v4 addresses from another. That can happen. And I assume that because the tables are theoretically aggregated, we could still see that. Is that correct?
John Curran: Yes, that does happen and we can see it, definitely. And just for the data regarding the transfers, August and September, past July you wanted to know, both are continuing. They had – I don't know if they're increasing, but both were 10 and 11, respectively, for those two months, number of transfers in those two months.
So it might be slightly lower than July. But we're still doing more than 10 each month.
Kevin Blumberg: Kevin Blumberg, The Wire. Going back to the earlier discussion regarding ASNs for just a moment. Yesterday I did ask about getting clarification in regards to unique routing policy.
Is this something that would fit in the Services Document, or is the Services Document more geared towards IRR online services, things like that, as the first part of it?
John Curran: For ASNs, to the extent that you require, the community, to the extent that the community has a certain requirement for issuance of an ASN, that should be in the policy in the NRPM for ASN with appropriate definitions in Section 2.
Okay. So that's completely independent of what I was referring to the services, ARIN Services Document was for clarity, on where getting clarity on what services we provide to end users versus ISPs. In truth, an entry in the registry should be an entry in the registry and get all the registry services.
Kevin Blumberg: My recollection historically was one of the concerns was staff interpretation going somewhere outside of the NRPM.
The reason I'm using this as an example is unique routing policy can be an all‑encompassing push button, like David is suggesting, if ARIN interprets it that way.
But we don't know what staff's interpretation of a unique routing policy is. So I don't want to be in a situation where we add 5,000 examples. We've already taken out many things.
But at least having a basis of what ARIN defines as unique routing policy might really help.
John Curran: So we're happy to do that. The normal way this happens is that if you have something that you want us to consider unique routing policy, you put that in a policy proposal but you put it in the notes and say here's how we want this implemented.
And we come back on a staff and legal report and confirm we'd follow that implementation.
We can have the discussion independent of actually having a policy proposal to change ASN policy if you want. That's not a problem. But it's far easier for you to say what you want and us to implement it than the other way around.
Kevin Blumberg: So does that mean that unique routing policy is non‑defined and non‑useable, or – John, we're going in circles. Either you can tell us what unique routing policy is when you apply it, or you say that every time you make a judgment call and this policy is not a good policy – it has to be one or the other.
John Curran: Let me clarify. If your goal is to simplify the issuance of ASNs, remove the requirement of unique routing policy. Done. Done.
Now, trying to refine our operational process to make it simpler to clarify that someone needs unique routing policy and how that's defined won't probably effectively result in any faster ASN improvement.
So if you are actually trying to make it simpler, remove a requirement is much better than trying to refine an operational process.
Is that clear?
Kevin Blumberg: Yes.
Scott Morizot: Scott Morizot, IRS. For Owen's question about IPv6‑only ISP members, because of the policy issues before the changes in 2010 and 2011, I believe IRS is a ISP IPv6‑only organization. Our IPv4 resources are all under a separate legacy organization. So they exist.
John Curran: There's a number of organizations that are multi‑modal in ARIN, i.e., having multiple Org IDs, either because policy encouraged it or pricing encouraged it.
Our long‑term goal is to make it possible for someone to have an Org ID and have simplicity out of ARIN.
But there are a number of organizations that have multiple Org IDs right now entirely because it was the easiest way for them to get their job done.
Anything else for John?
John Sweeting: I'd like to thank the three AC members who came up to the mic to make me feel warm and welcome. Thank you, guys.
John Curran: Thank you, John. Okay. Next up, we're now going to move into the Advisory Council report. And that will be given by Dan Alexander.
Advisory Council Report
Dan Alexander: Hello, everyone. As I'm sure everybody has met one or more of these AC members in the last few days, I just wanted to note Kevin is no longer on the AC because he accepted a role on the NRO. But this is the last known photograph of the entire group. So I stuck with it.
His seat remains until next year.
Oh, I could have Photoshopped something. That would have been priceless.
Dan Alexander: Sorry. As everyone knows, our role in the PDP is to facilitate these policies and try and move them forward.
And after all of you are done with this meeting and get to head out, we will be going into a room to rehash all the things that have been discussed over the past few days and try to make some good work out of all the good feedback you've provided.
So far this year we've sent three proposals to the Board for adoption. We abandoned two drafts, and we also requested that staff initiate the editorial update process regarding the return language in M&A transfers.
And so far this year we've gotten seven new proposals submitted, five of which are currently in a recommended state. We've got one draft and one new proposal that we'll work on shortly.
We've also – we went to a Public Policy Consultation at NANOG back in February. This is now the second of the two PPMs.
So we've got nine items on the docket that we're currently working on. All things considered, though, that's not the worst workload that we've had.
As you can see, the interesting thing is kind of the trends or spikes, typically all related around the transfer proposals, because the really large spike back around 2007 that John Sweeting got to aptly lead, we got through that one. And now a lot of the policies are cleanups or an evolution of how we do transfers.
Also made note that from John's earlier Policy Experience Report took two things away to look at the AS topic, and we'll also be discussing 2016‑4 at our meeting which could possibly resolve the second issue that John raised during his report.
Also wanted to thank Cathy. Now Cathy has been volunteering her time for longer than Google has been incorporated.
Dan Alexander: And even aside from the length of tenure, I really wanted to point out that it's one thing just to volunteer and serve, but when you stop and think about how many people Cathy has introduced into this whole group and expanded this community, we're on ARIN 38 now, and my first meeting was ARIN 10. And that was actually before the formal Fellowship programs and a lot of the newcomer stuff.
And Cathy was the first person that introduced me to a bunch of people, helped me figure out how this whole thing works, and is really a big contribution into the fact that I'm up here talking to you guys.
So I really want to sincerely personally thank you for all your help.
Dan Alexander: We also have two other people who have moved on or are moving on. Milton is leaving the AC.
And if you said we're going to put a professor and some engineers in a room and make policy, it's like the sound of a weird joke, but I think it really kind of captures what all this is about, because Milton came on board at the time we were trying to work through the evolution of all these transfer policies.
And at least for me, he definitely caused me to think in a lot of directions that I wouldn't have normally gotten to on my own. So I want to thank you for your service as well.
Dan Alexander: Finally, Kevin, my former No. 2.
Dan Alexander: Kevin served as the Vice Chair, and he definitely helped me out when I was taking on this role, because it's definitely a very interesting task that has its share of challenges. And there's a lot of things that go on behind the scenes and a whole lot of work that very few people ever see.
So I definitely wanted to thank Kevin for all the work that he did that very few people see.
Dan Alexander: And as always thank all of for letting us serve.
John Curran: Any questions for the AC, Dan and the rest of them? No? No? Okay.
Thank you, Dan.
John Curran: Okay. We're getting towards the end. We have the Financial Report given by treasurer Bill Sandiford.
ARIN Financial Report
Bill Sandiford: Good afternoon, everyone. I'll give a very brief financial report here. The Finance Committee worked on a few activities throughout the course of the year so far. One of them was the mandatory IRS 990 and other filings.
And, of course, we did a little bit of rebalancing of the investments this year.
The financial results year‑to‑date are sort of what we expected them to be. There wasn't anything that wasn't forecasted.
Current operating result of about a million dollars of a deficit, which gets offset by our investments. And a couple hundred thousand dollars that make their way to reserves.
You can see here the breakdown of where our revenues come from, the bulk of it still coming from ISP registrations compared to the other revenue.
This chart shows our historical registration revenue. And you can see how it's down so far year‑to‑date. And, of course, as with other years, the bulk of it continues to come from ISPs.
Although, you can see the trend over the year where maintenance and transfers is slowly starting to rise. And we expect that will continue to be the case going forward into the future.
And, again, showing it in a little bit more detail in terms of the mix percentage of where everything comes from. Lion share of it still coming from ISPs but with maintenance and transfers continuing to increase.
This slide shows our financial reserve status through August 31 of this year. We have a couple of different reserves or a few different reserve funds that we maintain and show the applicable balances, legal defense reserve fund sitting at a little over $2 million.
Our operating reserve, which is in place to look after ARIN's short‑term financial stability, is just under three million at 2.7. And our long‑term reserve fund sitting at a little over $24 million.
This slide shows the status and the size of our reserves in aggregate over time. And you can see that we're down a little bit from where we were at this point in time last year, which was also planned.
As I mentioned earlier, there was a little bit of jiggling of the way our investments were done over the course of the last year in our different reserve funds.
The next few slides show us exactly how we've comprised the investments in the guidelines for our various funds. Legal defense fund, our objectives are liquidity, preservation of capital and obviously optimizing return. And the bottom section shows the allowable types of investments that we put into this fund.
Same slide again for the operating reserve fund. You can see the objectives are mostly still the same. But due to the nature of the type of fund it is, we have a different set of allowable investments that go into the operating reserve fund.
And finally our long‑term reserve fund, the objectives are quite simply: Long‑term goal of maximizing returns with as little as possible undue risk, and you can see that the asset types and the breakdown of the weights of them in funds are there as well.
And that brings an end to my presentation. I would be willing to field any questions that people have.
John Curran: Any questions for our treasurer?
John Curran: No.
Bill Sandiford: I note they always give you a harder time than they give me, Paul.
Paul Andersen: You've clearly got more skill than I – do you need to –
John Curran: You're allowed to do that.
Board of Trustees Report
Paul Andersen: No one else. Oh, the power of the clicker.
I don't have a very long report because everyone who comes before on this report gives much greater detail, but I'll sum up what your Board has been up to.
It's been a very straightforward year, which we're thankful for. The machine is running very well. We've been up to many of the financial and fiduciary stuff that is very routine, such as 990, dealing with the audit report.
Budgeting. We did do a few minor tweaks on the PDP, specifically regarding Standards of Behavior.
We also took a bit of a – took the feedback, sorry, that you gave us on the Fee Schedule.
While we thought it was great improvement, we thought there was more work we thought we could do based on your feedback. So there was a phase‑in period has been introduced for those higher tiers of fees.
We've been putting a lot of work into an External Grant Program. We from time to time get requests to fund activities, and we're trying to find out what's the best way to put, not a heavy process, but a little bit of structure around that, on what kind of projects fit with our mission and which ones may not, while great projects, may not be a fit.
You may have seen our announcement that we did contribute to the IETF Trust. I would recommend if you haven't looked into that, to Google about that, and if possible see if your organization or such can support it, because that's a great endeavor right now underway to give the IETF a bit more structure and financial stability going forward.
This other little minor thing that went on this year, this little Service Level Agreement, because something happened with IANA. I'm not sure, I don't think it was a big deal or anything – no, no, obviously I jest.
For some that have been under some rock in this community, the IANA transition obviously recently occurred at the beginning of this month.
I'd like to take a moment to thank John, actually, and the staff who put in countless hours, phone calls, night and day. ARIN did a lot of effort, along with the larger community, but I think you should all take a moment to thank John, because I know that he put a ton of effort in to make sure that that occurred.
Paul Andersen: We did something else a little bit different this year, which is why I'm here as opposed to Vint.
Vint was the Chair at the beginning of the year and has been our Chair for many years. But Vint decided that he had had enough of us after six years. After six years, he decided that he would not seek re‑election. And what was thought, after much discussion on the Board, it was decided that as of the mid‑year, on Canada Day of all things, we switched.
So I'd been the Vice Chair previous to that. We did a little Chair rotation. So now Vint is serving for the remaining of the year as Vice Chair and has been helping and mentoring in transition. And I've now taken on the Chair, so we can hopefully have a more smooth transition as Vint leaves at the end of this year. So that will also happen.
We've been on our usual appointment spree. Vint will be the Election Verification Officer as mentioned earlier. And Kevin Blumberg has moved on to the NRO to fill John Sweeting's seat.
We did form the Services Working Group. Had wonderful congratulations to Cathy, but she's not quite leaving yet, if you didn't know.
So she has agreed, after much begging on our part, to continue to give you those IETF reports. So don't you worry, the shoes of the IETF are safe at least for another year.
So thank you very much, Cathy, for continuing to dedicate so much time to that.
Dan already kind of went over the policies that we've gone over.
And the only other major activities, we did have a very successful August planning retreat. We reviewed our strategic plan. We reviewed, revised – John, have we posted?
John Curran: Not yet.
Paul Andersen: We'll be posting soon the strategic plan. So please look on that.
Before the nomination slate came out, we talked about the Board diversity, much discussion at our Jamaica meeting.
We are looking at what the process would be to use that. We have made a decision not to – before the nomination committee slate came out, not to utilize that until there was some discussion whether we would do it before or after. We decided to let the election process run itself, and we'll be looking at that at the end of the year, taking a look at the Board and deciding if that is something we'd like to execute.
And we've held two consultations, which there was some great input on them. We continue to look at how we can improve processes used, try to find a balance between making sure that we're recovering fees and that the processes are sustainable. At the same time making your lives as our customers easier.
So we thank you and we'll be discussing in the coming months the feedback from that and whether there will be any changes regarding transfer processing, transfer fees, and just the structure of that.
That's the last of the formal portion. I just thought I'd take a second. First of all, I would again like to thank Cathy, for all your years of service.
I know it's been done a number of times, but I don't think we can clap enough for you, Cathy, on all the –
Paul Andersen: I don't think enough thanks can come. I would just like also like to thank the Board for their support in putting me in this role. I appreciate your support in that.
Special thanks to Vint. It's been an honor and pleasure serving, beyond an honor and pleasure to serve with someone of your stature and experience. I thank you for all your efforts you put into ARIN. All your efforts you've put into making the Internet great.
You've set a very high bar and some big shoes to fill. I wear size 13 shoes at that. But I just wanted to thank you again very much for your service one more time. Thank you.
Paul Andersen: And with that, I open the firing line. We're doing open mic as well. Microphones are open. Open mic. Stump the Chair.
John Curran: We can stay here as long as you like. The only thing between us ending the meeting is open mic.
Paul Andersen: Kevin Blumberg.
Bill Sandiford: I think next time we should do a Chairman dunk tank instead.
John Curran: We can do that.
Kevin Blumberg: Kevin Blumberg, The Wire. I wanted to thank the Board for making and expanding on the Fellowship Program.
When I look at the slate of candidates, without going into it, the election part of it, I see the rewards of being able to go out to the community and allow Fellows to come in and get that fresh, new invigoration that any community needs.
So I thank you for expanding on the Fellowship Program and ask that you continue to do that, and even more so especially in the Caribbean region, moving forward, but I really thank you for that.
Paul Andersen: The Board and I would love to take all the credit, but Susan's team does a lot of the heavy lifting from staff on that, putting together a program. Obviously the Fellowship Committee does the selection.
I'd ask you to give her kudos.
Kevin Blumberg: I'd like to thank all those involved making it possible.
Paul Andersen: We've done a lot of changes. I think in the last few years it's been quite a few tweaks as we changed criteria. We've obviously drastically increased the number of fellowships. I think the Board is very committed to trying to build capacity in the community, especially in some of the areas that we haven't traditionally.
And I know that we'd love, or Susan would love, any of the feedback that any of the Fellows or mentors have or anyone in the community.
We can't stress enough that her team will be spending the next couple of months putting it together, because typically that would be something we'd do in January.
So if you have ideas for next year, Susan – you mind standing for a second, Susan, just in case somebody doesn't know you.
Thank you, Kevin.
Bill Sandiford: If I can add, Paul, from my perspective as the Fellowship Committee Chairman, I want to thank the committee and the staff, including Susan and Wendy, who is absolutely phenomenal on putting together the information. And in particular Tina Morris, who is one of the hardest working committee members I've ever seen in my life when it comes to this fellowship stuff.
Thank you, Tina, too. Big help.
Paul Andersen: Front microphone.
Alfredo Calderon: Alfredo Calderon, one of the newcomers and Fellows. And I'd like to thank Wendy for the fabulous work she did getting us here.
Communication was fabulous. And I want to thank my mentor, Chris Tacit, also fabulous. We've been in touch through email. And as soon as he got here, we've been talking a lot.
And I expect to come back and work actively with ARIN. Thank you.
Paul Andersen: Thank you. That's great success.
Paul Andersen: Any other questions? You're quiet today. Not complaining.
So I did forget one thing as I got a little choked up there with the whole thank you and all that, but on behalf of the Board, please remember to vote. DNS problems notwithstanding.
It's very, very, very, very important to the process. It lets us do our job.
So if there are no other questions, I will end the report and I guess the open mic.
Members Meeting ‑ Closing Announcements and Adjournment
John Curran: I'll close it. That closes open mic. And we will now end the meeting.
As Paul said, vote now. It remains open. We have seen the DNS problems kind of taper off. So you shouldn't have any problem. Just log in. You'll see the banner. If not, give it a minute. If you have any questions, election help desk, which will be there for a brief while, and then email for email@example.com.
One more time: Thank our sponsors, AT&T and Google, for giving us the connectivity.
John Curran: Okay. So with that Meeting Survey. If you go to surveymonkey/r/arin38survey or you'll get an email if you've been registered. Fill it out. And everyone who completes it, as I said, there's a drawing for an Apple iPad for folks. Please fill out your Meeting Survey. We use that quite a bit to figure out how we can improve. It's very important feedback to us.
Okay. And that's it for this meeting. I thank you all for being here. We're going to see you again at ARIN 39 in New Orleans in April. Thank you very much.
John Curran: Badges. These are plastic. If you throw them out, they go in the ground. On your way out, by the Members Registration Desk, drop this off and we will reuse the holders. Thank you.
(Meeting concluded at 2:23 PM)