ARIN 39 Members Meeting Transcript - Wednesday, 5 April 2017 [Archived]


Here in the Vault, information is published in its final form and then not changed or updated. As a result, some content, specifically links to other pages and other references, may be out-of-date or no longer available.

Please Note: This transcript may contain errors due to errors in transcription or in formatting it for posting. Therefore, the material is presented only to assist you, and is not an authoritative representation of discussion at the meeting.

For an executive summary of Day 3 of the meeting, read the daily digest on the TeamARIN website.

Members Meeting - Opening Announcements

John Curran: Good morning. If people will come in and be seated, we’ll get started.

Welcome. Welcome to ARIN’s Members Meeting. This is open to everyone. Everyone’s welcome. We talk about the organization and how we’re doing.

Let me start out with some opening announcements. First, a big thanks for our network sponsor, Cox.


Our webcast is provided by Google.


And our thanks for Avenue4, our break sponsor.


Okay. We’re going to have an Open Mic, and that will give you an opportunity to speak. We want to make sure you say your name and affiliation when you approach the microphones. Please comply with the courtesies in the program.

Let’s see, other announcements: Today’s agenda. We are going to have department updates from each of the ARIN departments.

We’ll have an ARIN Advisory Council report. We’ll have the Financial Report, the Board of Trustees Report, and then Open Microphone.

Don’t forget your meeting surveys. You will get an email with a link, or you can access it here, and enter into a chance to win an iPad.

And now the hard part: At the head table, our Chair, Paul Andersen. Vice Chair, Aaron Hughes. Bill Woodcock. Merike. Yes. Patrick. Bill Sandiford. Thank you for the sign, Bill, that’s helped. And then our Jabber scribe, Dan Alexander, at the end of the –

Paul Andersen: Advisory Council Chair.

John Curran: Oh, Advisory Council Chair. Okay. Thank you.

Paul Andersen: So close.

John Curran: So close, so close.

ARIN Update: Communications and Member Services

John Curran: Okay. Want to move right in, and the first one will be Susan Hamlin to give the Communication and Member Services Department presentation.

Susan Hamlin: Good morning, everyone. So we have a few empty seats this morning. Our NARALO friends have started their general assembly. So have about 30 less bodies.

Okay. We’ll get started. I’m going to talk with you this morning about areas of work in Communication and Member Services, what’s ahead. And then since we don’t have any policy discussions today and raising of hands, I’m going to ask you to engage with me and do a little hand raising at the end.

I am very honored and proud to lead a fabulous team in Communication and Member Services. And these folks, in addition to each having individual responsibilities, are the ones that organize, plan, and put on this meeting.

So I’d like to recognize them. And in the back of the room, Mary Ryan and Melissa Goodwin, our meeting planners, if you two would please stand up.

I ask you give them a round of applause.


And if the rest of the CMSD team in the front here would please stand up. These folks have done a lot of work to put this meeting on for you all.


Thank you. And then two notes within the team. At the end of last year, we ended our engagement with our outside public relations firm. As we moved on with our v6 campaign into one of relationship-building outside of this particular industry, we found it more valuable to make those engagements as ARIN, not as a PR firm.

So in that process we promoted Jennifer Bly to be our Public Affairs Specialist. And she’s taken on a lot of that work.

Then we went looking and hired a new social media and outreach coordinator; and Erin Scherer has joined us. In fact, last week was her first day at ARIN. And this is her first meeting. She’s been doing a lot of the work here on social media. So thank you for jumping right in.

So these are the areas of work we cover in CMSD. And I’ll go through a little bit of what’s new highlighted in these areas.

So communications, the ARIN website is one of our main tools for communicating.

And we are constantly working with the other service departments, everyone at ARIN, on their content, to make sure it’s updated, make sure when they hear from you all, if you’re having issues, we can correct and improve the content.

And we are soon going to be working on a project with engineering to improve the usability of the website, including content. And I’ll get to that more in a minute.

We also have a TeamARIN site, our microsite. How many of you all have been to the TeamARIN site or go to it?

And you’re reading the blogs? How many of you all would be interested in writing a guest blog?

John Curran: Guest.


Susan Hamlin: See Jennifer at the break if you had your hand up, please. But it’s a good resource.

It started out as our microsite for IPv6 information. And there is a lot of v6 information, but we’ve also expanded it to other areas. And you will see our event calendar there, too. So I highly recommend you visit it from time to time.

We also have the IPv6 wiki. And new, last year, we added an opportunity for IPv6 consultants to put their information up there, and we have close to 30.

So if you are in the process of thinking about and need some help on your v6 transition, take a look there. You might find somebody who could assist you.

We recently – last week, I think, Kim, published the annual report. So please take a look at that.

And last summer Jason undertook a big project to move all of the historical documentation on the static site – these would be past meeting reports, Board of Trustees meeting minutes – into a new section.

So you navigate to it the same way, you’re clicking on a link, but it’s a site of its own. It has its own navigation. It’s a responsive design. And we think you will find it very useful.

We do conduct a lot of outreach at ARIN. Obviously these two meetings. You’ve heard about ARIN on the Roads. We have eight scheduled for this year.

We’ve been to Houston, Little Rock, St. John’s Antigua. We’re going to Denver. We’re chatting this week and we’re going to go to San Juan.

This is a one-day program where we try to educate an overview of ARIN. We talk about the technical services. We talk about the policy process, what’s new at ARIN.

We go out to places where we don’t bring a Public Policy and Members Meeting. So smaller areas. And it’s an opportunity for us to show a face of ARIN, to engage with customers who may not interact with us or people who potentially need to.

And I’m always interested in places. If you’re in an area where ARIN hasn’t been and you think there’s an interest, please reach out to us and let us know.

We also continued to exhibit on IPv6 at various areas. We’re doing a lot of outreach still in the Caribbean. And it’s always good if we can send John on the road to talk about v6.

So earlier this year we engaged with the health community and reached out to the Digital Health Summit group. We’re always looking for areas where we can introduce v6, especially in industries where it’s new, they’re working on products, gadgets, or areas where, such as retail, where their websites are important. And we go with a very general message of encouraging folks to enable their websites over IPv6.

We have a video library. You can find us on YouTube. We’ve developed some tools to help you, walking through how you process things on ARIN Online. And we’ll continue to expand those.

Some good news, the Fellowship Program. Paul alluded to this the other day.

The Board this year expanded the program and changed and relaxed the criteria for applications.

So they lifted the domicile requirement. You no longer have to reside in the ARIN region. And I think part of the reason for that, especially in the Caribbean, there are folks who may not reside in the ARIN region but they work throughout the Caribbean. And those folks were excluded from applying.

So we’re interested to see how this works. The program is still 15 folks, and we have a selection committee that will be looking at that.

The application process is open for San Jose now until, I think, the beginning of July. So if you know of anybody, I ask you to pass the word along.

And if our Fellows would please stand up, if you’re in the room. You all have been a terrific group, taken full advantage of the opportunities this week. And I would like everybody to give them a round of applause.


And we hope we will see you back at other ARIN events or certainly online.

Okay. So I want to talk a little bit about ARIN Elections. And we made some changes at the beginning of the year. You know, last year, year before, we got rid of the Designated Member Representative.

And now we have also removed a Voting Point of Contact. So we are trying to make it as simple as possible for organizations to have an eligible voter, and the Voting Contact now is simply a web user linked to the organization.

So it’s no longer a full Point of Contact in the database. And we migrated all of the eligible Voting Contacts who were Points of Contacts into a new sort of database.

So it’s very easy now to go in through ARIN Online, if you’re the administrative Point of Contact for the organization or Tech, and name somebody by pulling up, it will show you a list of eligible ARIN Online web account users linked to your ORG and you can select that person. And then we will interact with them via their email at their web user account.

So the other change in elections, the Board took a look at the nomination committee charter. And it was revised in January this year. And if you – I’m not going to read through this – but basically they increased the number of candidates eligible for the Board slate, and it also must include a minimum of one non-incumbent candidate. And this was in response to a suggestion from a community member.

So Nate was talking about a number of suggestions we completed, not all engineering, and this was one of those.

Our work plan for the rest of this year, IPv6 outreach, remains at the top of our priorities.

We are working internally with some folks in Registration Services to develop an IPv6 Starter Guide. We have a lot of information scattered around the website and questions and answers we pick up on the road, and we hope to develop a short useful guide for folks.

Some of you may have been interviewed while here. We are going to update the Going to an ARIN Meeting video. So I appreciate those of you who took time to work with our team.

And we are working with the engineering department on a new election system for 2018.

This year we will continue to use BigPulse and you will interact the same way you have in the past couple years.

And then the website revamp project. So we are interested in the words on the website, the content. And as part of an overhaul of the site, we are starting a project. And many of you may have picked one of these up at the registration desk.

We’re looking for volunteers who would be willing to do a short online survey, maybe 20 minutes, where we ask you to put topics into buckets.

We’re interested in making sure, when you go to the ARIN website to look for information, you can actually find it.

We’re taking a look at the navigation and how we have content organized. So if you’re interested in participating, if you want to pick one of these up, we’re just asking you now to fill out a short survey with your name and affiliation, because we’d like to get a cross-section of representation of people looking at the content.

Okay. Now to the engagement part. I’d like you to raise your hand if this is your second ARIN meeting.

Now, your fifth? I’m going in increments. Nobody’s been here – tenth? Greater than 10? Sorry. Alright. Thank you. Raise your hand if you’re subscribed to the ARIN Announce Mailing List. Awesome. Okay. The Public Policy Mailing List. The Tech Discuss Mailing List. Okay. We have a little work to do there.

Have you ever voted in an ARIN Election? Any of the three? Awesome. Okay.

Are you here as a representative of a new member organization, meaning your organization received an allocation within the last 12 months? Welcome. I want to talk to you all at break.

So as a communications department, we like to know that we are giving you the information you need and want, enough of it, not too much.

When we’re out on the road, we often hear: We didn’t know you did this. We didn’t know about this policy. So we’re trying to figure out ways to get more information out.

Just curious, how many of you all would be receptive to some kind of quarterly, semi-annual email news update or other type from us? Okay. Team, we have new work to do.

And then if you have ideas about how we can improve our community’s engagement, how we can bring more people to meetings, how we can see more people on the Public Policy Mailing List, how we can increase voter participation, I would love to hear from you. All of our team would. So catch us at break.

And then sort of reiterating what Richard presented the other day, we are very much a service organization. And we’re interested in how we can better serve you.

So these are some of the ways that you can interact with us, find us, ask questions, in addition to face-to-face.

So the ARIN Online, info@arin, members, the Consultation and Suggestion Process. And just to remind you, we do have a consultation open right now on CKN-23, No Known Contact. And it’s open until I think the end of May.

So if you’re interested in that, you’ll see an announcement on the website, join the consultation, let us know what you think about it.

And then the Board and Advisory Council, their emails are online under About Us, and they’re always receptive to hearing from you.

Okay. So with that, I’ll take questions.

John Curran: Any questions for Susan?

Susan Hamlin: Owen.

Owen DeLong: Owen DeLong, Akamai, ARIN AC. One of the things I’ve noticed the other RIRs, or at least some other subset of the other RIRs, have that ARIN doesn’t, is if you’re navigating the website and it isn’t going as planned, they have a Chat With Staff button that allows you to actually get a live chat in a little pop-up window where you can actually get help right then and there, during their business hours. And that might be something worth looking into.

Susan Hamlin: Sounds like use of the suggestion process.

John Curran: For people in the room, would you use – if a little chat window popped up, would you use it? Yes? Yes? Okay.

Owen, ARIN suggestion process, can you throw that in? Thank you.

Susan Hamlin: Kevin.

Kevin Blumberg: So question and a comment. Kevin Blumberg, The Wire. The question: The revamp of the website, when is that scheduled for?

Susan Hamlin: It is a long-term project. We are just starting the initial stages. So I don’t really have a definitive date when that will happen.

Again, we’re working with engineering. There are a lot of factors involved.

Kevin Blumberg: The reason I’m mentioning this is, because I think this is probably the fourth time I’m come up to the mic about this. Having a non-responsive website in a mobile world is brutal, especially when I’m at other conferences and I’m trying to pull up information.

I would rather see a little less on the ARIN website and it being responsive than you trying to make it perfect.

So I was hoping to hear a little more definitive timeline. It sounds like it’s going to be a long way out. And that’s going to really start impacting things, not having mobile-friendly. So that’s my one comment there.

The second is in regards to your raising the hands of a quarterly semi-annual newsletter, love it. Beautiful idea. But then you’ve got to stop other stuff.

You’ve got to stop sending the other garbage. And what I mean by that is I would like to – and I will send this in as a CSP – I would like to not get updates when you’re being DDoSed and then you’ve been fixed.

I’d like to be able to check off a button to say please don’t send me when your credit card processing is down for the day or all the things I really don’t care about, because I actually do care about an update from you, Susan, a quarterly update.

But the minutia of how ARIN operates on a day-to-day basis, I can’t keep up with that. So I’ll suggest that, but I’d love it just so that I could select it inside of the system.

John Curran: That’s great feedback, Kevin. Regarding – we send a bunch of updates like credit card processing is down because our processor is having problems, we send that, we post it on the website and then we send it to ARIN-Announce; you just want us to put it on the website or not tell you at all?

Kevin Blumberg: Correct. Just put it on the website because that’s where it’s a problem. And I don’t need to see that in my inbox. I know the DDoS one is a little harder because you’re under an attack.

But even the ARIN updates, all of those things, the system is down, the system has been restored, as somebody who doesn’t use RESTful, it doesn’t matter to me – I can see it on your website if you’re down, you can have a note there, and that’s more useful to me.

John Curran: Okay. Good feedback. On the first one, on the website redesign, we are definitely aiming to be mobile friendly. It’s just we were told to be very careful in doing this, make sure we get a design consultant, make sure we know our priorities for grouping things.

One of the things we have to be very careful about is a lot of people know how to navigate the current website. So we don’t want to change and then have to change again.

We want to do one change right, and we’ve been told, make sure we get it right. So we are taking a bit of time to do it.

Kevin Blumberg: I understand. A large airline that I have to unfortunately use quite often had beta.airline for 12 months before they launched their – the beta became the full site, to allow for that.

You don’t – I know it’s a duplication, but it’s becoming detrimental.

John Curran: Okay.

Other questions for Susan? Thank you, Susan.


ARIN Update: Engineering

John Curran: Next up, the Engineering Department report, Mark Kosters.

Mark Kosters: Good morning. So let’s go ahead and get going on this. So within engineering, we have 15 people in operations. We have 13 people in development. And we have two open slots. So if you know any developer, Java developer, who is interested in working at ARIN, please have them contact Andy. You want to raise your hand, Andy. And he’s a great manager from what I hear.

So anyone who is interested in working at ARIN, more than welcome to have you sign up.

We’re also looking for a user interface and user experience designer person as well, going along with the sort of website redevelopment effort.

Software integration, which also does a lot of our testing. We have 11 people in that department. We have one and a half people in project management, and of course me as the CTO.

So let’s go on and talk about the various accomplishments since ARIN 38.

We’ve fixed many kinks in our new office.

It had that new car smell when you first moved in. But you know what it’s like when you go to the dealership because the engine starts knocking, it’s sort of a depressing feeling having to take it to the dealership.

We’ve had to take our computer room to the dealership a number of times. So, sadly, this is an ongoing issue. We’re hoping for a recall. We’ll see how that works out.

We’ve worked on modernizing our Voting Contacts. We’ve done lots and lots of UI work. Nate sort of described that in his software development status report yesterday.

And we’re working on a lot of technical debt, which I’m going to go into here shortly.

We’ve gone Agile with our operations staff. This is something that we tried various forms of over the past, and it’s mainly the management technique to get more exposure for the rest of the company, not only what development is doing, but also the operations group. We’re doing that as well.

We’ve had another third-party audit, security audit, done. And from our initial findings it seems that we’re doing quite well.

When we moved into our new building, we did a network redesign, and it seems like that worked out pretty well and the people who came to do the audit weren’t able to get to as many places as they were before.

We’ve been working on lots of technical debt, as I mentioned before, and we have two things to bring to your attention that way.

For example, one of the things that ARIN operations has is we have three monitoring systems. So it depends what year this particular system was put in place and what monitoring system it was using.

And we just hadn’t had time to actually sort of convert all these things. So we’re folding them into one, which is Sensu, and we’re working on that right now; and it’s making some fairly good progress.

We also have three configuration management systems. Again, depending on the vintage in which the system was built is what configuration management system was put into place. We’re also folding that down into one.

As you can see, there’s lots and lots of work to do. A lot of stuff you guys don’t see, but if any of this stuff breaks, obviously you see it then.

Last time we talked about DDoS attacks, filling our pipes, and we have a DDoS mitigation vendor put in place, and it worked out quite well.

And all that subsided. Except then we ran into the next challenge. And that’s distributed abuse of our directory services.

So we’ve had multiple types of abuse. Some of it may not even be abuse.

One is someone came in and started querying our Whois clusters at very high rates, 600 queries per second, and it turned out to be a legitimate use. Our lawyers talked to their lawyers. We figured out a way for them to actually get their information in line in a bulk format and they’ve gone away.

You’ll see it on the Whois slides here in a little bit. But then we also started running into problems where people were saying, hitting us a lot from EC2. Amazon EC2. And we started seeing hundreds of thousands of queries per second coming against our Whois cluster.

And we found out that someone, this guy here, Mark’s Text Blog, actually wrote a how-to, how to crawl the entire distributed database of all the regional registries and how to do it with AWS cluster.

What they were doing is getting around the rating limiting that’s been traditionally put in place where you can only do so many queries per second per IP address. You can just use a Amazon web cluster and hit it from hundreds and hundreds of various servers, thousands.

So this is our next upcoming challenge. What’s interesting about this is I’m on part of ARIN’s – not ARIN – ICANN’s Security and Stability Committee.

And they’ve been looking at this at a different side. They’ve been looking at the side from, hey, these registrars, these domain registrars are really restricting access and we need to get access so people can actually transfer their registrars from one registrar to another.

And to do that, what you need to do is you need to – the receiving registrar needs to find out what the registration information is for that domain.

So they do a Whois lookup. Some of these registrars have extremely draconian limits. So you can have only one like – one is having like only one request per day from an AS.

And if you have any more from that AS, you are blocked for a period of time. Maybe weeks.

So that makes it really hard, if you have transfers going on from registrar to registrar. And so I saw this as kind of interesting, we’re looking at this from two different sides.

One is people are really – have nailed down directory services, which were meant to be used for the community good, and they have restricted for various reasons.

And we’re saying, hey, look, we have so much information here and lots of people are pulling down. So what is reasonable here? Do we allow bulk access for all people? And if that’s true, should there be AUP? If not, what sort of rate limits should we put into place? Or do we just build out more machines?

Right now, frankly, ARIN doesn’t have a rate limit. You can hit it us as much as you want, but if you start hurting our system, we get alerted and we’re going to filter you out.

So the next part is how do you guard against scraping? You can hit this at a very low level and you can get the entire contents of our directory services on your own machine. And we won’t see it if you stay low enough. Do we want to guard against that? That’s another question.

And we’ve heard in the past people want to do one of two things. I don’t know what the answer is. What the community wants to do here is certainly what we would actually want to put into place.

So these things are sort of important for us to figure out what we’re going to do, because the Internet is changing from the way it was before.

The other thing is other regional registries are dependent on us, on many different things. Since ARIN has been sort of the legacy provider in many different ways, has all these legacy addresses, everybody – a lot of people’s Whois clients and so on bootstrap off of our services.

So Whois defaults to ARIN. We actually tell which registry they go to, and then they go to that registry and ask for that information. As a result, our query rates are much higher than the other regional registries.

We talk about Denial of Service attacks and everything else within the operational realms within the regional registries, and we talk about these rates and what other people are seeing as DoS attacks, we’re seeing as normal query behavior.

So it’s an interesting sort of scenario that’s under – occurring. And we also have DNS coordination. Who saw the stuff that hit NANOG a couple of weeks ago about various IN-ADDRs being missing, that was within ARIN’s /8s? A few of you. Alright. Couple of you. Actually APNIC was hit by this as well.

There’s occasional misfires that happen with how we handle DNS, we call them snippets, where we can’t really follow the DNS delegation hierarchy to send out – to provide DNS delegation information.

So the registries years and years ago figured out a way to make DNS work, given that we’re doing all of these inter-RIR transfers.

And in doing so, we created a fairly good system making it happen. Until about three weeks ago, there hasn’t been a major misfire. There was a fairly significant misfire at RIPE.

But there’s also other mistakes that were made that we just catch. And the main thing we catch in this is making sure that another regional registry can’t stomp on your data.

And we get reported on that. And then we go back to them and say, hey, what are you guys doing; you’re trying to overclaim on stuff that’s not yours. This is actually in ARIN’s realm, not your realm.

There’s a lot of stuff that goes on under the covers that we’re sort of exposing here. I’m going to go through some of the numbers and I’m going to end on what’s happening with Whois. So just a little bit of anticipation, right?


Okay. So here you can see that we have 123-, almost 124,000 accounts activated. And it’s fairly consistent over the years, which I find fairly amazing.

And here is another interesting stat, is that we have, out of that 124,000 users, that almost 20,000 of them are power users.

So you can see that they’ve logged in over greater than 16 times within ARIN Online, which is great; it’s awesome. It means the system’s working.

And here’s another part that always makes me really happy is the RESTful service is the system that is to some day hopefully replace templates.

And you can see here that the RESTful interfaces is certainly overtaking templates. And now it’s about three times as great, or actually a little bit over two times as great as what happens with templates.

So this is great. This is what people use for reassignments. I’m really happy to see that people are moving on to the new systems using RESTful technology.

DNSSEC, what can you say? Less than 1 percent secured. I think this is universal for DNSSEC. We’ve had a debate inside: How useful is DNSSEC?

Well, we at ARIN validate DNS responses that are DNSSEC-signed. If they’re not, if they fail, we actually notice that. So this stuff is actually deployed. It’s useful in some way. But less than 1 percent is our current usage rate.

RPKI usage is – it continually goes up just by little bit by little bit. And still there’s some work to be done here as well.

Here we go. Whois Queries Per Second. You notice that there’s a rise. We had just a tremendous rise in 2010 where we’re seeing almost 3,700 queries per second. Since then, everything’s kind of settled down at various things, but then it started to rise.

It started to rise and it fell precipitously, because we actually started looking at the logs, trying to figure out, okay, what’s going on here, who is doing this and let’s start trying to talk to some of these people and try to figure out how we can better serve them other than them hitting us at 600 queries per second.

So actually Owen actually started seeing this and notified me. And we made some tweaks to make some of the issues that he had seen go away. But it made us look at this stuff in a little bit closer detail than we had before.

Directory services over v6. There’s a wide skew here. And it’s mainly because – that one bump that we had where it’s over 23 percent was a guy scraping us over v6. We shut him off and everything went down and we’re around 3 to 4 percent right now.

RDAP. RDAP continues to churn along. Again, there’s a little scraping activity that occurred. The numbers are pretty large as a summary total because this is a fairly new technology.

But this is something that the IETF is for, we’re for, and many people within the domain industry are for as a replacement to Whois.

IRR maintainers keeps on going up. Routes and Route6 stuff keeps on going up in the IRR. Inetnum and inet6num also continues to go up; and I find that fairly impressive because this is a legacy system.

Here’s our breakout per organization. You can see that five organizations are power users in this space, and a great majority have less than 10 objects within the IRR.

So there’s a large – there’s five organizations that are using this big time, mainly as back-up routes. And then there’s a bunch of little guys in there as well.

So what are we working on through Q3 when we meet again? So we’re working on fully redundant-izing – new word – our services. We’re not quite there yet. We have a couple single points of failure that we need to work on.

We have integration of OAuth within RDAP, which is going to allow us to, once you authenticate, you can get as many results as you want, which is an ACSP out there. And it’s also going to help us with a timeout issue, since we can use OAuth to no longer have sessions based on – tracked by the server itself, it’s actually offloaded to the client.

And then also with our usability, we’re looking at – right now we’ve been focusing on the dynamic portion of the website, making it more accessible, and hopefully you guys have noticed. Anyone get lost on the dynamic portion where you log into ARIN Online? Has anyone been lost in there lately? No? Good. Good.

Alright. Technical backlog. Java6 has been out of commission or out of support since 2013. Sadly we’re still running Java6. So this is something we want to upgrade to Java8, like to get that done this year.

As I mentioned before, we want to overhaul our monitoring systems, transition to Sensu. One is almost put to bed. We almost got one done. Zenoss is almost gone.

And we also want to improve our logging so we’re able to detect things in a more responsive way instead of dealing with reactions.

And we’re moving to Ansible for our build systems. We were using Puppet, but we found that Puppet was just way too complex for what we needed and it involved way too much engineering. So we’ve sort of, took a step back, looked at it, and said Ansible seems to be a better CM tool for us as well.

So we’re doing coordination work with the other regional registries. One of the things that’s going on is there was talk before by Geoff yesterday about transfer logs, and this is something that’s a weakness in what’s called extended stats, which gives you what’s been assigned, what’s been allocated and what’s in the inventory under each RIR.

And one of the things that’s not as clear is when transfers are taking place. And especially those that are in flight. So this allows you the ability to actually see this. So this is a good addition to do it. And you’re more than welcome to take a look at this file if you want.

Geoff sees it every day, lets me know every day.

Geoff Huston: It’s a pleasure.

Mark Kosters: Thank you, Geoff. The other thing is dealing with RPKI. The regional registries are – we currently have three different ways of doing trust anchors between the five RIRs. And so we’re going to become aligned in a better way here.

And we hope to have this done by third quarter this year so that we have a more uniform way for the community to actually see how things are done with RPKI.

This helps “make before break.” So when you have a transfer and you’re using RPKI, RPKI doesn’t break. And so it has some good features as part of it.

This has gone into the IETF. I would like to say it was noncontroversial. It is controversial. So it’s something that we’re working through, and we’ll see whether or not the IETF accepts it. If not, it goes someplace live so people can see operationally how RPKI works.

So with that, I’m done. Any comments?

John Curran: Questions for Mark? Thank you, Mark.

Mark Kosters: Alright. You’re welcome.


ARIN Update: Registration Services

John Curran: Next up we have John Sweeting to give the Registration Services Report.

John Sweeting: Alright. Good morning, everyone. I hope everybody has enjoyed their time here in New Orleans and you’re able to get out and enjoy whatever time you have left.

I’m going to run through some slides telling you about what we actually do in Registration Services.

First off is the team. We have 11 people in Registration Services. Cathy Clements, who I’m sure you have all stopped and talked to, or I hope you have, because she does a great job and deserves to hear that from everyone, is here and out at the help desk. She’s actually in the room. Cathy, you want to stand up?


I’m going to skip to Mike Pappano, who is Papanino, Papapapo. It’s a running joke with him. Mike’s standing back there in the back also. He’s been out at the help desk helping everybody clear up any issues they had and giving them great information.

But going down, back to going down to the list, because I guess James is also out there at the desk, but I guess he’s holding down the desk. Oh, he’s there. James. There’s James as well. Let’s give a hand to James and Mike.


Alright. Back in the office, taking care of things back there so that we can all be here enjoying New Orleans and helping you guys with any requests you’ve had here, we have Lisa Liedel, who is our Resource Services Manager. Jon Worley, who is the Technical Services Manager. Eddie Diego, Senior Resource Analyst. And then our Resource Analysts are Misuk Kwon, Doreen Marraffa, James is here, Jonathan Roberts, and Shawn Sullivan.

And we also have a paralegal on the staff now that – I think Suzzie has been there a little over a year. She just hit her one-year anniversary last month, I believe, if I remember correctly.

RSD core responsibilities. Of course it’s Internet number resources. Kind of reordered – we used to show IPv4 up there as the first thing, but actually we’ve reordered that. IPv6 requests, initial and follow on, that’s I believe our core, core responsibility.

Autonomous System Numbers and then IPv4 requests, which today consists of requests for critical infrastructure out of that special pool, the transition to IPv6 pool, which is the 4.10, and the wait list requests.

Another core responsibility is the change of authority transactions, which we’ve heard a lot about this week. And that would be the transfers, the merger and acquisition, specified transfers within the region, and the specified transfers that go between the regions, the inter-RIR transfers. We also handle the Specified Transfer Listing Service, which everyone has heard a lot about this week as well.

I feel like this is the fourth time I’m up here talking about these things, which it is.

Okay. Some other core responsibilities is the Internet number resource inventory management. A lot of this is done by Jon Worley. He administers most of this. He is the one that requests our additional resources from IANA, which is not very often these days since we only go and request IPv6 and Autonomous System Numbers.

So a good year, we might have two requests to IANA. Normally we will probably have one request to IANA a year.

We have been getting resources back from them. Jon also manages those and administers the wait list for those. As he gets them in, we try to do a very quick turnaround on the resources we get from IANA every September 1st and March 1st.

He also does and manages the return and revoked resources, which I went through that new process – well, not a new process, but a very in-depth process that we do to go through the returned and revoked resources to get them back out to the people on the wait list. And he tracks and he maintains the reserved resources.

And we have the customer support desk which is always there 7:00 to 7:00 Eastern Time, Monday through Friday. Ask ARIN Online. And we also still answer hostmaster.

Some of the support functions that we do as a team: We support the Policy Development and Implementation Process. Sean is in my office more than he probably wants to, and probably more than I want him to be. Just kidding, Sean. It’s alright.

Software development support. We have to – as the team is going through and they get input from customers and they’re using the ARIN Online system, the management system, there’s always things that can be improved.

So we’ll write a story and put it into the engineering team, and they will look at it and tell us whether they can do it or not.

Usually they will get it done one way or the other and help us to do our job better and to help the customer have a better experience.

We also support ARIN on the Road, trade shows, presentations.

You’ve been to an ARIN on the Road, you’ve probably ran into Jon Worley, who is from RSD. Eddie Diego is going to start supporting that a little bit more as well.

Eddie also supports the NANOG help desk. Mike back there supports it once in a while as well. Misuk will be supporting the one in San Jose this year.

Let’s see. Statistics and database analysis. We do provide monthly statistics to the Communication Member Services Department to post on the website each month.

We also have to collect quarterly statistics that we have to send to the NRO. And actually our CMSD department actually does all the graphing and slides presentation for those statistics for the NRO quarterly statistics.

And we respond to community requests for data, research, and other statistics as the requests come in, if it’s something to do with RSD and what we’re doing. We’ve probably responded to a few for Owen, I’m sure, through the years.

Okay. So organizations served by ARIN. A lot of times people – the question is how many members do you have? Which doesn’t tell the whole story.

There’s actually 37,458 total organizations served by ARIN, of which 16,000+ of those are legacy. 5,475 of them are under an RSP.

So that’s mostly your ISPs with a few end users that have opted to buy into the Resource Service Plan, and then there’s 15,568 end users.

Okay. So a summary on the request activity. IPv4 requests. Of course it’s decreasing. The IPv4 free pool tickets have been decreasing. What’s increasing is the preapprovals and specified recipient transfers.

On the IPv6 requests, it’s been steady. It hasn’t gone up. It doesn’t go down. It just stays steady month over month, it stays steady. There’s a graph you’ll see maybe in the next slide.

And there is an increase in help desk inquiries. And I think that’s probably directly related to transfers, because transfers are a little bit more complicated than just going in and asking for resources from ARIN. And, of course, the transfers are starting to increase. And it’s expected that the increase will continue.

Here’s the graph. As you can see, IPv4 requests have come way down since – so the 400 is left there because that’s what they were kind of averaging a month was 400.

So we took that, last month it was at 400 and showed as it started to decline right about the time we started to run out.

I think September was the runout. And you can see – but it’s a little funny. It still has stayed – we still get more IPv4 requests a month than we do IPv6 requests per month.

But as you can see on the purple line there, IPv6 requests have remained steady. There was no big increase. We thought there might be. There wasn’t. It’s just been steady.

IPv4 requests in 2016. There was 1,220 total requests over the year. About 100 a month. Of those requests, 68 are still in progress. 70 were completed. Of the 70 that were completed, 60 of those were the 4.10 transition to IPv6 pool, and 10 were 4.4 critical infrastructure pool. 185 went on to the wait list. And 897 were closed.

The closed represents mostly abandoned requests. People will put in a request. It will get assigned to an analyst and an analyst will start telling them, okay, this will qualify you to put you on the wait list, and they say, oh, never mind, and they close the ticket. So that is what that large number of closed requests are.

So this slide, this is an interesting slide that Jon Worley wanted me to show to you guys. This is IPv6 block size over time for end users only. ISP numbers aren’t in there because he says those aren’t interesting, because they get /32s or larger, and it’s always the same stuff.

But what he really wanted me to point out in this slide was the fact that in 2011 there was a new policy change written by David Farmer and approved and went through the process.

I hear they had a really great Chair that year. I’m not sure, but I’ve heard that.


And so he just wanted to show that that change was a successful change. It took the number of /48s from 80 percent of the requests for /48s to like, they’re only 50 percent now.

So I think the purpose of the policy actually did what it was supposed to. Also, so just to tell you the numbers on that: For 2016, there was 131 /48s, 70 /44s, 64 /40s, 13 /36s, and 2 /32s, for a total of 280 end user IPv6.

And it’s pretty representative since that change in policy, the percentages, that’s pretty representative of each year.

8.3, 8.4 transfers completed per month. 8.4s, they haven’t grown a lot but they’ve grown steady. They got up to 20 and they’re staying right between 15, 20 a month.

The 8.3s, actually we had a big spike, as you can see, in January of this year. And we expect that to at least stay up there, maybe go even higher.

Total IPv4 consumption. So what this graph shows you is the green is what has been issued out to the wait list from the free pool. And the purple is the transfer market, people – requests being satisfied by the transfer market, which really aren’t requests, but it just shows movement of v4 resources from somebody that wasn’t using them to people that needed them and were going to use them.

So this is a slide that – we actually added another chunk in there for Owen. The IPv6 only. But this represents the RSP end user organizations, IPv4, IPv6 holdings.

As you can see IPv4 only, for ISPs, it’s about 50/50 there. And there’s 450, close to 450 that have IPv6 only. And end users, there’s 295 that have IPv6 only.

There is a side note to that. Just because they only – they only have IPv6 from ARIN doesn’t mean that they only have IPv6, because these could be people that have IPv4 from their upstream.

So we don’t have any way to really measure that. So, just especially for Owen, I just wanted to mention that to you.

Once again, the telephone help desk is staffed 7 AM to 7 PM. We average around 700 calls a month.

And the most common topics, as you can see: POC validation, ticket status, ARIN Online, transfer-related questions.

And that is it.

John Curran: Any questions for John?

Kevin Blumberg: Hey, John. Kevin Blumberg, The Wire. Just one question. There was a policy a couple of years ago that put more space into the critical infrastructure pool based on the assumption that IXs would be growing, there would be more of them, we’d need more of them.

Have you tracked the amount of space coming out of that pool, the critical infrastructure pool? I know you mentioned 4.10.

But as an example, in 2016, 2015, that sort of thing, has there been an increase in the number of critical infrastructure requests?

John Sweeting: As I showed on this chart, out of the 70 requests completed last year, 60 of them that were completed were for 4.10 space. Ten requests were for – you want to know the total number?

Kevin Blumberg: I’m just wondering historically.

John Sweeting: Whether they were /24s, /23s, /22s?

Kevin Blumberg: Size is not as important as the histogram change over time. That’s actually what I’m curious about. Because there was a lot more put into the pool because the expectation was it would be – they would be significantly more.

John Sweeting: We have not seen that. It’s been steady.

Kevin Blumberg: Thank you.

John Curran: Any other questions for John?

(No response.)

Thank you, John.


ARIN Update: Financial Services

John Curran: Now we’ll have Val Winkelman up to give the Financial Services Report.

Val Winkelman: Good morning. I’m Val Winkelman, Director of Financial Services. Our staff, there’s six of us there.

Tammy Rowe is the Accounts Receivable Manager. She’s been with ARIN for 17 years. And she’s our definite go-to person whenever you have questions in that area.

And Tammy has four people working for her – Tanya Gomez, Amy Sanchez, Amaris Wang, and Lindsay Norman. And they’re back at the office holding down the fort. Tammy has been on the registration desk the whole time you’ve been here. I hope you had a chance to go talk to her.

I’ll say a little bit about the new fee schedule. We have completed the 2016 financial audit, but we’ve not received the final report yet. But we’re hoping to get that soon.

And we’re in the process of completing the Form 990 that needs to be filed every year that’s 45, 50 pages. And then that will go to the Finance Committee for review.

The Financial Services Help Desk is open Monday through Friday 9:00 to 5:00, except for holidays. And FSD received 4,081 calls last year. And we usually get the calls when the reminders go out, it peaks. And when invoices go out, it peaks. Otherwise, it’s just pretty steady.

And the questions that we get: Can I pay with a credit card over the phone? The answer to that is ARIN does not want to do that because it’s not safe for ARIN or the person calling in. We always prefer you do it online.

And then: How do I update my Billing Point of Contact? Can you email me a copy of my invoice?

What our staff does is they walk the person through logging into ARIN Online and creating an account, because all of these can be done in ARIN Online. You can do a lot of self-administration. You don’t need to call us, even though we do love to talk to you.

New fee schedule adopted July 1st was the outcome of a community-comprised fee review panel and community consultation process. There were four new service categories created for ISPs, which is 3X-small, 3X-large, 4X-large and 5X-large.

There was a realignment of the v6 and v4 resources for each category. End users can now choose to receive ARIN services via a Registration Services Plan, which is the same services and fee package provided to ISPs.

If you need to find out more about the Registrations Service Plan, you go to the ARIN website, go under the Fees & Invoices tab, and select Fee Schedule, and it describes exactly what that is.

ARIN receives four types of payments: checks, credit cards, ACH, and wires.

The checks, we don’t get – it’s way down from what we have the past few years. Credit cards have gone way up, but the dollar amount of checks is still the greatest, because I think the larger invoices are usually paid with checks.

We started receiving ACHs last April. I think we announced it at the meeting. We went from zero ACHs to about 75 a month now. So people are really enjoying that.

The invoicing structure: The blue is the number of invoices that we send out, and the green is the dollar value. And we do send out over a thousand pay per resource invoices per month, but as you can see, again, the Registration Services Plan is the majority of the money that comes into ARIN.

And registration revenue structure, again, the Registration Services Plan revenue, very steady, and most of the revenue that comes into ARIN. And this is just by mix percentage. And you see it really hasn’t changed much through the years.

And that’s it. Any questions?

John Curran: Any questions for Val? Okay. Thank you, Val.


Next up is the Human Resources and Administration presentation. And it’s Erin.

John Sweeting: So, Kevin Blumberg, I got an answer for you. It’s 13 percent of that reserve pool has been used. Up to now 87 percent is still available. And there has been no rate increase over the years. It’s been steady.

ARIN Update: Human Resources and Administration

Erin Alligood: Good morning, everyone. I’m Erin Alligood, I’m the director of HR and Administration at ARIN.

First, I thought I would share an overview of what our team does at ARIN. As you can see, we have a wide variety of responsibilities. I’ll be touching on several of these topics throughout my presentation today.

But first I wanted to introduce our team. Thérèse Colosi is our executive assistant. Therese just celebrated her 15-year anniversary with ARIN. I think that deserves a round of applause.


Therese provides administrative support for our Board of Trustees, Advisory Council, and our executive team. I know you all are very thankful for Therese.

Next we have Sarah Ba, who is our administrative coordinator. Sarah is working registration with Tammy up in front. I hope you had a chance to say hello to her.

Sarah manages our employee travel and also acts as our facilities coordinator and then she also provides HR support such as benefits administration for our employees.

Denise Alston is the first person to greet you as you come into the ARIN office as our receptionist. Denise does a great job ordering office supplies, distributing our mail, and she keeps the front part of our office running.

So some updates and recent projects. Since my last presentation, we continued to recruit and onboard our new hires. As you might remember, we still had some remaining positions to fill from our hiring surge that was approved by the Board for 2015.

So I’ll get to our employee statistics in a moment, but we onboarded a total of eight new hires in 2016 and two so far in 2017.

Also in 2016 we continued providing administrative and travel support for the Board, Advisory Council, and our employees.

But overall 2016 was extremely busy for our team, in particular, for planning and executing our office move, which was approved by the Board in October of 2015 and took place in August of 2016.

So with any construction project, you can imagine there were several contracts associated with the work, and our team managed this aspect of the project as well.

So I wanted to take some time to share more about the move, because it did take our team quite a bit of time to fulfill that requirement.

So as you might remember from my last report in Jamaica, the management team did extensive research during the process of seeking Board approval to include cost comparisons and financial projections of what it would cost to stay in our previous office versus move.

And based on what we were able to negotiate in terms of the lease, the Board approved the move. And the lease that was signed is highly flexible and allows us more room for growth. And even better, the cost per square footage is at a reduced rate and includes an increase of property management services and oversight.

So we officially moved in August and have been enjoying our beautiful new office over the last few months. And I’m most pleased to report that the overall project came in under budget.


Definitely worth a round of applause on that one, too.

As you can imagine, this was a heavy lift for ARIN, in particular for our team and the engineering team as well. So I wanted to take the opportunity to thank our employees who did make the move a success. These employees put in long hours during the move, leading up to the move, and certainly made my life easier.

And let me just say that we are all very relieved that the move is officially over. I know a lot of the employees back there can probably chuckle when I say that.

I’m just going to read some names here that I have listed. And as I call your name, please stand. Michael Abejuela, Denise Alston, Georg Anderson, Robert Atkinson, Sarah Ba, Steve Bambling, Robert Bellante, Jacob Castello, David Jeffers, Octavis Jones, Mark Kosters, Frankie McDonough, Devon Mizelle, Michael O’Neill, Matt Rowley, Steve Scally, Pete Toscano, and Val Winkelman. Let’s give these folks a round of applause. Thank you.


So moving into our employee statistics: We currently have 84 employees at ARIN. As I stated earlier, of the 84 employees, we’ve had eight new hires in 2016, two new hires so far in 2017, and then in 2015 we onboarded 24 new hires.

Now, these numbers don’t necessarily seem like a lot for some companies, but for ARIN this is more than the norm for us. And to give you some context, I did some research, since I thought this was an interesting fact. Prior to 2015, our average new hire count was usually five new hires per year, dating back since 2007.

ARIN also historically has enjoyed a high employee retention. And I’m happy to report that our employee retention remains strong at over 94 percent. And our average employee tenure is over six years, which is certainly impressive. This demonstrates that even with our hiring surge, our employees stay at ARIN.

With this in mind, each year I show this graphic representing our remarkable employee tenure. As you see here, almost half of our employees have been with ARIN for five years or more. And then given our recent hiring surge and newer hires, these employees make up the rest of our demographics.

So what will we be doing for the rest of 2017? Well, every other year ARIN conducts a salary survey. This allows us the opportunity to stay competitive in the DC metropolitan job market and ensures that our employees are compensated both within the range of our demographics and their specific roles at ARIN.

Also, we’ve had the same medical insurance for some time now, and this year we will be going to market and analyzing if we should switch insurance plans. This will not be taken lightly, considering the impact that this will have on both our employees and their families. So we will be very thoughtful about the decisions that we make based on the research and the bids that we receive.

We were planning to conduct management and leadership training in 2016, but due to the efforts of the move, we decided to postpone this training and we’ll plan for it later this year.

We’ve had a lot of new managers at ARIN, and it’s important we provide this type of training to further enhance our management and leadership skills and at the same time address succession planning.

We also delayed our 401(k) bid analysis in 2016, and we’ll hope to tackle this later this year. This will include an analysis of a potential new 401(k) administrator and compliance vendor. We’ve had the same 401(k) vendor for some time now, and it’s important that, as trustees of the plan, we reevaluate this every few years to show that we’re adhering to our fiduciary responsibilities.

And for your reference, the current trustees of the plan are Val Winkelman, Nate Davis, and myself. And for the rest of 2017, I’m sure we’ll keep ourselves busy with other miscellaneous projects throughout the year.

Thank you. That’s all I have.


John Curran: Excellent. Any questions for Erin? No? Thank you.

Advisory Council Report

John Curran: For those who have a detailed schedule, you would see it says break. But I am mean and nasty and so you don’t get a break. Instead we’re going to pull up – the break is at 10:30. Instead we’re going to pull up the ARIN Advisory Council Report, and we’re going to invite the ARIN AC Chair, Dan Alexander, up to give it.

Come on up, Dan. Walk slow. Your presentation is moving while you are, too.

Dan Alexander: Good morning, everyone. Hopefully at some point in the last few days you have talked policy with several of these AC members.

Our primary role here is to facilitate the Policy Development Process, and they use this meeting as one of the key ways that we get feedback.

We actually have four new members this year, and they’ve been doing a really good job. They hit the ground running and needed very little acclimation. And they’re already contributing. So you made a very good choice in selecting them to serve.

Our primary role here is to move these policies that we’ve discussed over the last three days through this Policy Development Process.

We work with the authors to ensure that they’re clear and have a valid problem statement. We develop these draft policies, several of which were talked here about this week, to get feedback from the community, to understand what implications there are in making a suggested change.

Once we get them to a point where we want to recommend them for adoption, we have to ensure that they’re fair and impartial, technically sound, and supported by the community.

When we get to that point and we recommend them for adoption, we do have to take them back to this meeting, and we discuss two of them here, to provide one last round of feedback before we’re allowed to send them to last call. Once the last call period is completed, then we can actually forward a recommended proposal to the Board of Trustees for adoption.

There’s also other aspects of the development process, things like a petition process, where, if the community does disagree with the decisions made by the AC, they can actually override our decisions.

And at any point in this process, if we don’t find support by the community or a large problem with the proposal, we can abandon them.

We actually had a very productive couple of months between Dallas and here. We actually sent six proposals to the Board for adoption, one of which is still in the process of being implemented. And that will be done late June.

This all kind of revolves around the past year the AC’s really been focused on trying to simplify the policy manual, make it a little easier to deal with, clean up a lot of the language that’s been around for years that doesn’t necessarily apply in a depleted-v4 world.

This was pretty good output from that effort. We also abandoned two proposals. And we’re currently working on eight, six of which were actually discussed here at the meeting and two are still in development phase. So you may see them in October.

So given that it is only April, we actually have a pretty sizable workload this year. Everybody – every shepherd – sorry, every AC member is shepherding a proposal and we’re all working on something, which is pretty much what we are here for, because thank you for allowing us to serve.


John Curran: Any questions for Dan on the ARIN AC report? Okay. Thank you, Dan.

Okay. Now, I’m going to give it to you early anyway. Now we will have a break. Refreshments are out there. We’re going to resume promptly at 11:00 AM, so you have approximately a 40-minute break.


Financial Report

John Curran: Okay. If people will come in and get seated, we’ll get started. Very good. We’re going to resume our ARIN Members Meeting with our last two presentations.

Our Treasurer, Bill Sandiford, will give the ARIN Financial Report, followed by Paul Andersen giving the Board of Trustees Report. Go ahead, Bill.

Bill Sandiford: Thanks, John. Good morning, everyone. We put together a few slides here to give you a little bit of updated information on what’s going on with the finance committee and the treasurer-related activities.

So since the last update that we gave last October, we’ve continued to adjust our investments with regard to our investment policy statement.

As of the end of February, the balance was $28 million, or thereabouts. We continued to monitor and keep an eye on what’s happened with the organization as a result of the changes to the fee schedule.

There was another change to the fee schedule that came into place in January with regards to transfers.

We worked hard. Nate and Val and their entire team gave us a lot of information so that we could get the 2017-18 budget finalized. And that’s a lot of work they go through for that. That was a big process. And that got completed. And then of course we’ve been dealing with the 2016 financial results and the appropriate forms that have to be prepared and filed.

All right, 2016 results are summarized here. Registration revenues in the order of magnitude of $18.2 million. Expenses in the order of magnitude of $21.5 million, for an operating deficit of 3.2 million. After you take into account the gains as a result of our investments, we looked at a drawdown on the reserves of about $1.5 million, which was planned.

Here is a little bit of an eye buster, but some highlights of some of the areas where there was actuals and budgets and some variances. And on the next slide I have some explanations of some of the greater ones.

So salaries and benefits were a little bit lower than expected. Depreciation was a little bit higher. Professional services, a little bit higher for continuing outreach, and travel expense – sorry – was lower than our budget.

Much to the detriment of Steve Ryan, our outside legal firm was not as active as prior years. But this year we’re expecting that to increase.

We had some higher rent and occupancy last year as a result of the organization moving, but still being committed to lease out the old office on Concorde Parkway. So we’re still dealing with that and paying that on a monthly basis as opposed to buying out the lease.

Our travel for the year was a couple hundred thousand dollars higher. And finally, and most importantly, we contributed $1 million to the IETF Endowment that was not originally accounted for in the budget.

If you take a look at our actual reserves through the end of the year, you can see a breakdown of how things are designated at the various reserves that we have, the three different funds: one for legal defense, one for operating reserves, and the long-term reserve, which is meant for the long-term stability of the organization. Most of it falling into the last category.

My former business partner used to say, “Give Sandiford the money, and we’ll find a way to have less of it.” I took over as the treasurer in 2016, and our reserves are on the decline.


Paul Andersen: I left it in such a good position.

Bill Sandiford: This was planned. We’ve heard from the community in the past that maybe the reserves needed to come down a little bit. So we’ve put in place a plan where we’re going to draw down. Over the course of the next two, three years, we’re going to draw down the reserves somewhere in the order of magnitude of $5 million.

We’ll be running deficits larger than that. But by the time you count the investment gains that we have, we sort of expect to draw down the reserves by about $5 million over a few years.

Looking forward into this coming year that we’ve already started, this is the 2017 budget versus the actuals from last year. So we’re looking to increase salaries and employee benefits, is a large one. There’s going to be some enhanced depreciation this year as a result of a lot of capital purchases, and those are the two major differences.

Some of the other categories are falling pretty much in line with where we would expect them to be.

Some additional variances: Rent and occupancy, as I mentioned previously, is higher because we’re still paying for the old facility. And, of course, we gave the million dollars to the IETF, which we’re not going to do this year. So Internet research and support is a million dollars less. And in totality, expenses are going to be up about $2 million for the year, which was part of also the plan to draw down the reserves.

And I just gave you all these variances.

Any questions? I’d be happy to take them. Left microphone, I think I saw first.

David Huberman: Hi, Bill. David Huberman from Oracle. One of the hot topics of this meeting has been POC validation and the various strategies the AC and the ARIN staff and the community could use to work on making the database more accurate.

One of the things that’s been discussed in the hallways this week is the proposition of ARIN using some of its engineering and human capital resources to make a concerted effort to look at individual records in the database and potentially go out on its own and find contact information.

If that type of effort were to take five or 10 new FTEs, or something like that, do you think that would cause a fee increase?

If the AC or if the community in general were to task ARIN with doing something like this and it had a more than minimal staff impact, do you think we’d increase fees?

Bill Sandiford: I’m going to give the answer to that in two parts. With regards to the actual whether or not we’ll increase fees, I’ll defer to John.

I would suggest that in terms of the idea itself, of throwing FTEs at a problem like this, that if the community feels it’s important, there’s probably two forums which the Board would like to hear from the community, one of them being the Open Mic session, which we’re going to have in about 20-ish minutes, depending on how many more questions you have for me and how long Paul’s report is, and the other one would obviously be the suggestion process.

And we heard from the community in the past that you wanted additional resources thrown at development efforts, and that came through the suggestion process and numerous Jason Schiller dodges to the microphone during Open Mic session. We did that. We took that on.

I think those are the two forums that I would love to hear from.

And, John, if you could answer the fee schedule question.

John Curran: So this is simply a question of what the community wants, not a question of resources.

If you can describe what you want to have done, not in terms of, well, throw bodies at it, but what do you actually mean: We’d like to have contacts that don’t – we’d like to have a phone call, email, we want someone to visit the building and knock – describe what you want.

And then, just as we do with policies, we’ll look at the staff level involved. It may actually be something between automation, engineering, and resources we have, something that actually could fit relatively easy.

It could be very different. It could be a major, something that requires in cases of outsourcing, if you’re actually visiting, for example.

So it starts with a description of what you want. And then we’ll assess the impact, and then we’ll figure out if it fits in the plan. And then we’ll figure out how to fund it.

But the far end of whether it ever results in fees, it might not if other areas of the organization have resources to spare. We can juggle to make that happen.

David Huberman: Thank you.

Bill Sandiford: Rear microphone.

Kevin Blumberg: Kevin Blumberg, The Wire. Bill, could you go back to the Internet research funding slide.

Bill Sandiford: It’s brought up on a few slides.

Kevin Blumberg: Okay so, that’s fine. So when John was mentioning this new funding area being provided a couple of days ago, he said that all of last year, it was turned down. And I now see a $1.1 million – I guess it was – you added that in after the fact –

John Curran: Separate line item.

Kevin Blumberg: But it’s not mentioned as –

John Curran: We actually don’t budget for it. So go back one. If you look at Internet research and support, it currently says 110K.

There’s actually standing items in there. What I mean by that is, for example, we have a membership in the Internet Society. We support the CTU under that particular line item.

So there’s a list of standing projects, none of which are what we’re talking about for external funding and grants.

What happens is, when they put together the budget for 2017, we take a look at a whole bunch of other items. And even though it’s not in the budget proposal, they just tell me: Add this one in and add this one.

We don’t put a standing number on it. We look at each grant just before the budget’s finalized to see if they want to put it in.

So the budget for this line item of external support is zero every year. That’s what I’m going into the Board – some years I propose, if something is particularly worthwhile, I’ll say we had a $5,000 request to fund this activity, and we’ve put it in here, but it’s actually not that Internet research and support item.

Because, depending on what we’re being asked for, it could show up in other line items. It could show up as a travel support item. Or it could show up as a staffing item. Someone asked for support that we end up having to do with staff. So it’s not a particular line item. And it’s not pre-budgeted. It’s based on what requests we get in.

Kevin Blumberg: Sorry. So my confusion was that I believed you said there was a line item so you would have better tracking.

John Curran: There’s a line item, but it has no standing budgeted amount.

Kevin Blumberg: Thank you.

Bill Sandiford: And I see no further questions.

John Curran: Thank you, Bill.

Bill Sandiford: Thank you.


Board of Trustees Report

Paul Andersen: I plan to have a fairly short presentation, mainly because everyone that comes before me does such a great job of basically summarizing a lot of the activities that we spearhead but the staff and the community do all the hard work on.

But what have we been up to as a Board since we last saw you in October? A lot of it is the more routine stuff. The end of the year is a lot of our planning cycle. We take our August planning retreat that we do every year and start to finalize the strategic plan.

We come out with a lot of great ideas, and staff work over the last few months of the year, putting that strategic plan together and working with the Board. Budgeting is – ending the fiscal is obviously also a lot of the work that we do. A lot of stuff that falls out of that, such as dealing with discretionary matches, approving the budgets, the 990, and such.

We also deal with the election, closing that up. And then we start our new year, which we start a new Board. And this year we welcomed two new Board members, which we haven’t seen for a while.

So we had Patrick Gilmore join the Board. Patrick’s waving for you there. And we decided to make the Board table a little bit bigger. And we’ve welcomed Merike Kaeo as well to the Board starting this year. And it’s been great to have those two on. They’ve been great contributors in just the short time they’ve been on.

We do a lot of the more – a lot of our January – our quarter one stuff is a lot more administrative. We get all the committees formed up, everything from Elections, NomCom, Fellowship, you name it. All those committees that you see. And I’ll leave that. If you want to go find out more about that, on the website, About Us, on the Board, you can see all the committees, charters, structures. We take any feedback.

The two I’ll highlight is we did spend a lot of time discussing the NomCom charter. Specifically we thank the community member that brought to our attention that we probably, at a minimum, need to tweak the formula. We did spent a lot of time, and as was presented earlier by Susan, we have made some adjustments on the NomCom charter. And we hope that will be well received.

And it was also highlighted, we’ve been really tweaking with the Fellowship committee the last few years. We made some changes again this year, but also we’ll be making a few others, including we’ve increased the numbers.

And we’re very proud at the Board on how that seems to be working. I think this is our best April attendance in some time. Or at least when you look at the room, it’s full, which is always good to see people fighting for seats.

And the Board continues to be very strong on outreach and fellowship and anything we can do to enhance and increase participation. And we welcome any ideas the community has with an Open Microphone coming soon on how we can continue to take that further.

The usual other administration stuff. We’ve ratified six policies since we last saw you that you’ve seen. That was discussed earlier.

We’re also discussing ARIN’s scope of services, which might sound a bit odd, but we’ve realized that we need to try and articulate that more in official form. Because that’s come up at the microphone many times, what exactly is ARIN’s scope.

So that’s something we’re currently working on earlier this year. And I think to a certain degree that might be about it, other than saying we will be going – before we see you next time, we will be having our planning retreat.

That, just for those to know, from staff and from community suggestions, the Board gets together and tries to develop the short- and long-term strategic plan for the organization. So when we get to the Open Microphone, or through the suggestion process, or by taking a Board member or John aside, if you have ideas or suggestions on stuff that we should be looking at, I would welcome it.

And I will close, before we jump into questions and Open Microphone, just to say, on behalf of the Board, I’d like to thank our exceptional staff. Running on the Board and sitting on the Board is some work, but it’s made so much easier by having such professional staff that, A, makes sure we have a tip-top operation in delivering our mission and they support the Board – you ask for any kind of information, document proposal, it’s like a magic box, it just appears so quickly and professionally. So a round for our professional staff.


And, again, I want to thank you, on behalf of the Board, to our Advisory Council, our NRO and all our people who volunteer in the community and volunteer so much of their time.

This organization wouldn’t be as successful as it is without, so, again, appreciation to all those who volunteer their time on behalf of the Board on the community.


And that’s about it, I think, unless there are questions on that. Although, if there’s questions, it’s probably just easier to do it on Open Microphone. Stump the Board time.

Open Microphone - Wednesday

John Curran: We’re now in the Open Mic session, the final session of the meeting.

Paul Andersen: Front microphone.

Owen DeLong: Owen DeLong, Akamai, ARIN AC. As I understand the new NomCom rules, you have a potential – potential is the wrong – a possible deadly embrace. I believe you still preserve the requirement of N plus one where N is the number of open slots.

Paul Andersen: No. I will ask you to pull it up, because I want to pull it up, because my memory is not as good. So, let’s not guess.

John Curran: So we changed that requirement, and the actual text is – bringing it up now. Sorry.

It’s on Susan’s slide, but I was bringing up the actual charter. The NomCom charter has the language at the bottom which says: The NomCom shall provide – I’m looking for it.

If you can bring up her slides, that’s faster. There we go.

There it is. The number of candidates shall be a minimum of one non-incumbent candidate and a maximum of five.

Owen DeLong: Right. So you don’t have the deadlock problem, but you do have the potential, at least theoretically, that if the entire Board quits, you have a maximum slate of N minus one. This seems bad to me.

John Curran: Yes, but that would be the least of the problems if the entire Board quit.


Paul Andersen: There does come to those cases where you can’t cover every corner case, and there’s some more general conditions where the Board and Virginia bylaws, nonstock laws deal with. There’s exceptions – yes, if the entire Board quit or we all booked ourselves on the same flight and, you know, it was time.

Owen DeLong: (Indiscernible.)

Paul Andersen: Pardon? If what?

Owen DeLong: I said that’s one way to quit.

Paul Andersen: That’s one way to quit, in more ways than one. Rear microphone.

Louie Lee: Hi, Louie Lee, Google Fiber, ASO Address Council. And this is Louie’s hat this week.

Two comments, if I may. I’m happy for you to raise my registration fees as long as IT development continues to accelerate. And I lament the lack of a services document.

Paul Andersen: We appreciate that. And I think we always try and keep fees manageable. And to kind of go to the earlier point, just because we may expand staffing or resources, our first move is not to go, and let’s just raise the fees.

If we can find other area where those resources can be saved or if it’s a shorter term venture, that’s why we have reserves. Because we do try and also keep the fees as stable as possible, because we know that, especially in some organizations, once an amount is approved or budgeted for, it’s very easy to keep that invoice moving.

If it changes, sometimes even $5, that can cause some people a lot of grief. That’s kind of how we see it when it comes to the fees.

And sorry, the second one was the services document. As noted, that is something we hope to solve for you.

Rear microphone.

Kevin Blumberg: Kevin Blumberg, The Wire. Thank you for not sticking us in a gateway city that we keep going to over and over again. Having this in New Orleans, while I didn’t get to venture out much, I really appreciate not being stuck in a brick, sort of, city.

That being said, even more important to that, this is probably one of the most well-run meetings, and the ARIN meetings have always been well-run, so kudos to all of you for that.


Paul Andersen: To Susan, yes.

Kevin Blumberg: During the financial update, I made a comment about the grants. I would prefer that ARIN only provide grants for things that directly benefit the running of ARIN.

I don’t want to see money going out to tangential Internet-related things. And I don’t believe that you’ve done that in the past, but I know that you’ve now got this document, and I’m sure you’re going to get tons of people submitting to it.

But I would rather have my funds, as a member, go towards all of the tasks that ARIN does have. And there’s lots of other companies and organizations that fund things. I don’t think ARIN should be in the business of that.

And I don’t believe you have been, but now that you’ve set up that webpage, I’m just reiterating I prefer you wouldn’t.

Paul Andersen: To let you know, you need not worry, we didn’t need the document for people to send us requests. That was never a problem.

We’ve always put a lens through that of, how does this impact our mission? Not that you said operations, but it was, like, how does this help the mission?

My third point is on this – or anything else we discussed, by the way, we try our best to go on that way, but if you have views on – someone raises, please approach a microphone. So if you have a view on this, please raise, such as –

Bill Woodcock: Just to clarify what you’re thinking about this, let’s say, hypothetically, that somebody approached ARIN for a grant to do training on Internet resource-related issues within the ARIN region. That’s not assisting ARIN, but that’s assisting the membership, and it’s like clearly sort of –

Kevin Blumberg: So a project that directly benefits the running of – I’ll give you an example. I would like to do something that impacts the IRR and really helps out the ARIN community by dealing with the IRR, which is part of sort of the service mission of ARIN. I could see that.

I can’t see something where there’s a couple of steps off the general Internet community. If the charter includes generics like that, the general Internet community, kind of worries me, because I’ve seen where that can go.

Bill Woodcock: What about giving money to other Internet organizations that already have their own membership or direct fee or donation solicitation paths available? Like NANOG, for instance.

Kevin Blumberg: I’d be very leery of grants that – in the case of NANOG, I believe that was repaid, so there was a different – I guess, you took a risk, but it wasn’t a permanent – it was more loan, correct me if I’m wrong.

Bill Woodcock: Sorry, NANOG is a bad example. IETF, ISOC.

Kevin Blumberg: I believe that we are the wrong organization to be funding the rest of the Internet, even if it’s in our region.

Paul Andersen: John.

John Curran: So, there’s some items that we fund automatically every year because it’s been deemed that it’s necessary for us to do our job.

Now, actually, some of those you just said we shouldn’t be funding. So I’m going to give you an idea. We give money to ITU.

Now, I don’t think I can show a member benefit for that. But it turns out you pretty much have to give money to ITU to be involved in certain processes and have a seat at the table. So we’re an ITU member and we give them money every year.

Actually, ISOC we give money, too, to be a member as well so that we can be involved in their communications. It’s you get more if you’re an actual member of the Internet Society.

So we’ve downsized that membership but we still have one. We give money to the CTU for the support that we do with them in the Caribbean. Our money helps their activities and helps the outreach that we do in the Caribbean.

We give money to NANOG for the webcast support, because occasionally we rely on it to do meetings, like Public Policy Consultations, and it’s nice to have it webcast. Otherwise, we couldn’t use that venue. We’ve always done the NANOG webcast.

We give money to the NRO because, well, the NRO has operating expenses.

And we give money to ICANN for the same reason – it’s part of our contribution.

Those standing items are actually part of that Internet support item. So what’s not there? Let’s talk about what’s not there.

Someone says, I do great software that a lot of the Internet uses to do this Internet service, and I have a consortium of people working on this great software product, and it’s a not-for-profit, and we need people to contribute and join.

Name any layer of the stack. We’ve got someone who has a consortium that has software that wants ARIN to contribute. I don’t know how many ARIN members use or don’t use Package X. But some people are, like, this is essential. This is part of the core of the Internet that you’re funding.

So that’s an example of a lot of the requests we get. We also get requests to support seminars, conferences, meetings, and publications. Again, all of which may be Internet goodness, but I don’t know how many directly affect ARIN members.

This line item of these types of activities is what’s presently zero. And in years where our budget’s particularly overflowing in revenue and underflowing in expense, then, yes, we would consider, I would consider, bringing some to the Board. We haven’t had that in the last two years, and we don’t expect it in the next three.

Kevin Blumberg: So I guess I was being far more focused on the types of things. Memberships in organizations that you’re required or that there’s a necessity to was not where I was going.

Memberships for the requirement of having that – seminars, as you describe, I put that into marketing. John, I’m trying to be very specific about the grants that come out of the woodwork for “please save the puppies.” It’s related to the Internet, but not really.

That’s the stuff – and I don’t think you’ve ever done that, but I didn’t know if that was what you were now looking at doing, being able to provide grants for small projects and things like that on the side.

John Curran: The challenge we have is that the ones we’re getting are not “save the puppies.” They’re “save this software product that everyone is using”; “save this Internet publication that everyone’s relying on”; “save this Internet conference that everyone loves.”

So they are very much – the requests we’re getting are very much Internet-related; they’re not Internet number registry related, per se.

Paul Andersen: Some, to be fair, are help catalyst, they’re new projects that are looking to try and get off the ground as well.

John Curran: So historically our answer has been, no. We have a process you can follow to get that answer of no.


If we ever have a budget surplus –

Paul Andersen: That just became a Cathy slide quote.

John Curran: I’m sorry, am I being too honest here?


We have a process whereby, if we have a surplus, we anticipate a year where the costs are lower, and we have a potential surplus that would accrue to the reserves, I will prioritize whatever we get and give them to the Board and try to fit them in. And they may say something other than no.

Kevin Blumberg: Okay. Thank you. And I guess we can treat it as the IPv4 wait list, then.

Paul Andersen: Thank you for your comment. If you’d like to make a comment on Open Microphone, please approach. You can approach on any topic you’d like, something we’ve discussed over the last few days or something that’s come into your head. Rear microphone.

Craig Thompson: Thank you. Craig Thompson with Caldwell Global. I am a Fellow, and the reason I’m here at ARIN 39 is because I’m a Fellow. So, I wanted to say thank you to the Board for increasing that pool.

And I wanted to give thanks to Wendy for professional and timely and not overindulging in the communication process, but she sent just enough emails.

I want to thank John Springer for being a great mentor and introducing me to people that I wouldn’t have met otherwise. So thank you, John.

In regards to the last comment that was made, I just had a thought that perhaps opening up the list of projects that people want to have funded to the community and just asking, are there any of these things you would like to vote on? And then take the vote to the community, John, into consideration, when you look at your surplus and present them to the Board.

You might find out that the community really does use a magazine or a conference or a piece of software and might help you prioritize that.

What I came up today to discuss was just an idea. Since I’ve been here, the whole topic has been around Whois accuracy. And there’s a Whois and a WhoWas, and it’s just an idea that could either be a policy for ARIN or someone may take it and run with it and make your own open-source website or a commercial website, but just the whole idea of WhoMay.

When law enforcement or community organizations go to the trouble of looking up someone and finding them, either because of a legal case or subpoena or anything like that, they may or may not have a place to put that so that other people can benefit from their research.

And if there were a WhoMay database that was somewhat speculative, could also show a chain of research or custody where someone has gone to the problem of finding a particular net block owner, then that would benefit the next person who comes along and tries to look at that same net block owner.

So it may be that because ARIN is already in the business of doing massive databases and providing this that it could be a simple process, perhaps, to have a WhoMay database that is not authoritative, is seen as transitional and is seen as in some ways speculative. But if it’s useful to you in your attempts to find a net block owner, you can use it.

I would welcome community feedback on that. Again, if ARIN is the best person to do it, great, or best organization to do it, great. If someone wanted to take it and do it themselves, great, but I think it’s an idea that deserves to be looked at.

John Curran: So presently such a database might be very useful to people in the community. It wouldn’t be useful to ARIN, per se, because we’re not trying to discern that. We’re generally asking the person who asserts that they are the rightful owner to show us documentation. And so literally whatever is in such wouldn’t be useful.

However, to the extent that the community wants to work on something like that and ARIN has a coordinating role or facilitating role, we’re all for it. I would recommend getting with others, trying to flesh that out in detail, and then submitting it as a suggestion.

If you folks find it’s something that you think we should be running, we’re happy to do it.

Craig Thompson: The idea there is it may not help you immediately, but in a transitional aspect, it may end up helping you eventually.

And if anyone in this room goes through a long process to find the owner of a net block and actually does find that organization or person who owns that net block, it would benefit everybody to know that and have that listed somewhere, even if it’s not authoritative.

Or if the law enforcement agencies do the same thing, they obviously would typically be seen as having more weight in their research. But everybody could benefit from it.

John Curran: If you find an owner is incorrect right now, you can actually contact us and say, I believe this one’s not correct.

And we will initiate a resource review – we don’t do a lot of them, but we do have resources to do them, particularly if we see it’s a case where it looks like it’s been a hijacking. You can report that to us. And we’ll follow NRPM Section 12 and look to see if it’s fraudulently been used.

Paul Andersen: Thank you very much for your comment. We will close the microphones if we don’t see – no, please come forward – if we don’t see people approaching after this current speaker. Rear microphone.

Jason Hynds: Hi, Jason Hynds from Internet Governance Caribbean. I’m an ARIN Fellow, a repeat ARIN Fellow as well.

This has been a wonderful experience here again. So I would like to thank all the people involved. It’s great to meet with my fellow Fellows, meet the ARIN community, and everyone has been so helpful. So I’m saying thanks for that.

And thanks for opening up the program. I’ve been trying to be a part of the community since I had attended a local meeting for ARIN 31 in 2013. And it was difficult to come as a Fellow before you opened up the rules. So that was a really wonderful thing that you did.

And then expressly for my Caribbean fellowship group, which I got to meet persons face-to-face. Like, we’re separated by water – even though we’re one Caribbean region, we’re separated by water. It’s difficult to get further collaboration going across the sea and to sometimes understand each other as well as we would like with email.

And this opportunity to come together as a group and try to discuss how we can participate more in ARIN and Internet governance activities was especially beautiful and useful. So thanks very much for that as well.

Paul Andersen: Thank you very much. Thank you for that.


And not to harp on that, but like I said, we’re glad that the changes benefited. These changes, while the Board would like to think we know the answer to everything, a lot of these changes come from feedback that come from the very important meeting surveys that go out, from our hallway discussions, at the microphone, our suggestion process.

So, please, if you see there are stuff in our processes or committees that you don’t think are working or inhibiting what you think would be valuable participation at these meetings, please let us know. We’re always happy to consider it going forward.

So with that said, if there’s no other comments from the Jabber, which is over there, I guess; the microphones; from my Board colleagues or Advisory – going once, twice, three times. Open Microphone is closed.

Members Meeting - Closing Announcements and Adjournment

John Curran: With the closing of that session, it’s now time to thank you all for coming and to close the meeting.

So, first, one last round for all of our sponsors.


I will remind you one more time, fill out your meeting survey. We do pay a lot of attention to these. One of the reasons why Susan and her team have this down very well is because we pay attention to the feedback. And it’s very helpful to us. And you may even win a prize, who knows.

There are badges. Do we collect these somewhere? Out there, put them out. Is there a bowl or is there a meeting table? There’s a bowl. Put it on the registration. This badge holder we’ll reuse if you drop it off. If you throw it out, it’ll end up in some landfill. But if you drop it off, we’ll make use of it.

With that, that’s it. I look forward – everyone enjoy the rest of your day, and I’ll see you at the next ARIN meeting.

(Meeting concluded at 11:36 AM.)

Network Sponsor

Cox Communications logo

Webcast Sponsor

Google logo


Here in the Vault, information is published in its final form and then not changed or updated. As a result, some content, specifically links to other pages and other references, may be out-of-date or no longer available.