ARIN 41 Members Meeting Transcript - Wednesday, 18 April 2018 [Archived]
OUT OF DATE?
Here in the Vault, information is published in its final form and then not changed or updated. As a result, some content, specifically links to other pages and other references, may be out-of-date or no longer available.
Please Note: This transcript may contain errors due to errors in transcription or in formatting it for posting. Therefore, the material is presented only to assist you, and is not an authoritative representation of discussion at the meeting. If additional clarification and details are required, videos from our original webcast are available on our YouTube channel.
For an executive summary of this day of the meeting, read the daily digest on the TeamARIN website.
Members Meeting - Opening Announcements
John Curran: Good morning. If everyone will come in and be seated, we’ll get started shortly.
Good morning and welcome back. I’m John Curran, ARIN’s President and CEO. I’d like to welcome everyone back to ARIN 41. This is our Members Meeting day. We have an exciting day in front of us. Hopefully everyone has enjoyed their time in Miami.
We’re going to have a day of reports from the organization. So let me start right in first. Let’s welcome our sponsors, Webpass from Google Fiber, the network sponsor.
And our webcast sponsor, Google.
Okay. We’re going to have some discussion. Obviously when we do the committee reports, the staff department reports, please identify yourself clearly at the microphone when you come up. Please be courteous to one another. Give everyone a chance to speak before coming up and speaking again.
There are standards of behavior in your Discussion Guide. Our agenda: Department Updates: Communication and Member Services; Engineering; Registration Services Group; our Financial Services team; Human Resources and Administration team.
We’ll have the ARIN Advisory Council report. We’ll have an ARIN Financial Report, the Board of Trustees report, and then we’ll have an Open Microphone.
Okay. Please fill out your meeting survey. We hear good feedback on the meeting, but I’m sure we can always improve. So fill out your meeting survey.
At the head table, I have the ARIN Board of Trustees. There’s hopefully no way I could get this wrong: Paul, Bill, Nancy, Aaron, Patrick, and Dan. Yes, we have everyone here. Thank you. How nice.
Let’s get started immediately. First presentation will be Susan Hamlin, who will give the Communications and Member Services Update.
Department Update: Communications and Member Services
Susan Hamlin: Good morning, everyone, and happy Wednesday. It’s always a pleasure to get up and talk a little bit about the work going on in the Communications and Member Services Department.
And a little later this morning you’re going to hear Erin Alligood talk about the amazing tenure at ARIN.
In CMSD, we’re a team of 12, and we have a really healthy mix of fresh perspectives and seasoned experience.
So with that in mind, I do want to assure you that we are all really young at heart. We are full of energy, love creative ideas, love to take on new tasks.
So I’m going to talk a little bit about the team members and what they do, starting from top left:
Jennifer Bly, who handles public relations for ARIN, and she’s also leading up the IPv6 campaign and the IPv6 case studies in particular.
She’s here to help you formulate your thoughts, do a lot of the ground work for you and get them published.
In the middle, Jason Byrne, who handles website, website support content. Jason handles a lot of special projects for us. One of the ones he finished last year was the Vault, moving all of ARIN’s historical information off the main site into the vault.
He recently published a new site search on wwww.arin.net – one too many Ws – and he’s involved with the website redesign project.
Far right, Kerry Carmichael, our Technical Writer. And she’s involved – the liaison with Engineering, helping to get the words improved in ARIN Online and other special projects.
Bottom, with her pet there, Melissa Goodwin, our Meeting Planner. Melissa was responsible for the social Monday night. She also is our liaison with the printer and helps order ARIN swag and materials.
In the middle is our Policy Analyst, Sean Hopkins, who facilitates the process and provides Advisory Council support.
And the bottom right, Wendy Leedy, our Membership Engagement Coordinator, who also handles the Fellowship Program and facilitates our election process.
Moving on, we have Hollis Kara, top left, Communications Team Manager and Special Projects. And Hollis is handling the project management on the communications side for the website redesign project.
Next to her, and you probably don’t want to have a meal with Kim Kelly, (laughter), our writer. Some of her special projects are the quarterly ARIN Bits digest, the annual report, and she does a lot of work on web and print content.
Alright. Next to her, Mary Ryan, meeting planner and execution. And Mary was responsible for the logistics of this meeting. She’s in the back of the room. So thank you, Mary. And she also handles our arrangements with exhibits.
Bottom left, Erin Scherer, our Social Media Coordinator and TeamARIN content creator.
In the middle is Lauren Sisk. She’s our part-time graphic designer, and she’s the only member of the team that’s not with us in Miami, so a shout-out to Lauren if she’s watching.
And then me, far right, and I’m responsible for communications strategy and overall department oversight.
So the first quarter this year we have been very busy. We have published the first quarter ARIN Bits. That’s a digest of activities and we have some tips from various customer-facing departments from time to time to help you with your interactions with ARIN.
We’ve had 12 blog posts on the TeamARIN site. These are in addition to the IPv6 case studies. We’ve had a Fellowship process that’s run its course and welcomed 12 Fellows here. And Wendy has been busy with that and finding mentors, et cetera.
We communicated about the February Engineering deployment. We’ve held two ARIN on the Roads in January, and we have four more scheduled, two in early May in Minneapolis and London, Ontario. So thanks, David, for getting the snow out of the way before we got there. And then in June we will be in St. Louis and Atlanta.
We designed and opened tree testing for the website navigation, and there’s still time to do that, if you would like. Provided Advisory Council support.
Jason implemented the new site search. And we’ve planned and have almost executed ARIN 41. So it’s busy and then with the day-to-day communications we take care of.
So coming soon, some new activities. The first one coming soon will happen at the end of the meeting today. We are fulfilling suggestion 2017-19, asking for a raw transcript to be available.
So as soon as our lovely folks over there can get today’s transcript in a raw format, we will publish a raw format of all three days. We’ll leave it up on the website until we publish our meeting report, where we have – we don’t edit the transcript, but we will have at least verified and checked for names and things like that. So you’ll have something to look at in the interim.
For elections this fall, based on somebody’s suggestion from the community, we are adding a confirmation screen as you go through the process.
So once you cast your ballots, you’ll have a screen that shows you, before you hit confirm, who you voted for.
We also are fulfilling suggestion 2018-1. We’re going to provide a bit bucket interface to the Number Resource Policy Manual for ease of tracking changes.
Thank you, Owen, for that suggestion. We’re hoping to get that out Q3.
And then the biggest and most exciting is the website redesign. We’re working with Engineering, who is responsible for the design and interface to provide you a responsive website.
Once we as a team have the templates finalized and once CMSD has done the heavy lifting, because we have to migrate all of the content from one site, then we will also then begin looking systematically at the content for revision.
We can’t do it all at once, so we have a lot of work ahead of us, but look forward as much as you all do to a newly designed website.
And I’m not sure why that’s still on there, but v6 deployment outreach. I talked about that already. Still time to add your tips.
And membership. So talked to quite a few of you at lunch and breakfast about membership and what ARIN Membership is.
Membership is automatic for all organizations that receive a direct allocation of IP address from ARIN. For organizations that receive a direct assignment, membership is optional and available.
So looking today at our statistics, we have a little over 5,700 members, but ARIN serves thousands more organizations. And this is just a breakdown, geographic breakdown of where these members are.
Key dates for the elections, it will be a call for nominations in beginning of July that will last the month of July.
August 20th, the deadline to make sure your organization has a Voting Contact on record and you will be receiving communication from Wendy about that.
September 3rd, we’ll announce the initial slate of candidates produced from the nomination committee. September 24th, the final slate, and then voting will open online in October, and it always opens in conjunction with our third-quarter Public Policy and Members Meeting.
So if you have any questions about the elections leading up to it, please reach out to us at firstname.lastname@example.org.
And also, just a reminder, that there’s multiple ways for you to engage with us, and we’re always welcoming and seeking new voices, new opinions in. And so these are some of the ways, when you go back to your communities, we would welcome your help in talking about the Fellowship Program.
If you know of somebody in your area who you think would benefit from being involved in ARIN, and they need help getting to an ARIN Meeting, please let them know about the Fellowship Program, and I believe the Fellowship Program is now or will shortly be open for Vancouver in the fall.
I also wanted to put out a call for meeting network sponsors. So every spring in April, ARIN holds a stand-alone meeting. At this meeting, and how we determine where we go, is help from the community. We are looking for – always looking for an organization to be a network sponsor to provide bandwidth and to help set up the network.
So this is a general call. If you’re interested in helping ARIN in this manner and you’re interested in bringing a meeting to your location, please reach out to us in the future, whenever. So we are looking for sponsors going forward for all of our spring meetings.
Again, these are just a list of the coming outreach programs, and we will be in Vancouver next October with NANOG. Look forward to seeing you all there. And with that, I’ll take any questions.
John Curran: Microphones are open. Yes, front center microphone.
Owen DeLong: Owen DeLong. It has always, for a very long time, been the fact that membership is an optional thing for end users who pay fees.
And as I understand it, the one and only thing you get from membership that you don’t get without it as a resource holder that doesn’t have membership is the ability to vote in ARIN Elections.
John Curran: Significantly, much of what would normally be in a membership organization, restricted to the members, we’ve actually provided to the entire ARIN community. The one thing we have not is the ability to vote.
Owen DeLong: Why – so making that optional for end user resource holders is tantamount to a poll tax. Why preserve the poll tax and why not extend membership to all of those organizations?
John Curran: So you actually want to have people consciously be a member and be involved. If we suddenly told 15,000 organizations, you’re a member today, it’s unclear whether or not any of them would actually participate. Now, for those who want to be a member, we actually now, for many of those organizations, it’s probably low or no cost, they switch to a Registration Services Plan and they get membership as part of that.
So it’s available for these organizations that want it and it’s likely to be a reduction in fees in some cases. So I don’t really see the poll tax.
Owen DeLong: Well, I’m sorry that you don’t see it. But it’s there. It has been there for a long time. There are other penalties one must incur if one wants to switch in many cases from the current end user situation to the Registration Services Plan besides just the change up or down of your fees, in many cases up and in some cases down.
So the only way that an end user can be a member is if they pay an additional $500 per year. Regardless of how much they are paying for their end user maintenance fees every year, whether it’s $100, $500, $1,000, they’re still subject to having to pay an additional $500 if they want membership without going to a Registration Services Plan.
John Curran: Right. Now in most membership organizations, the discussion of fees, this member meeting here, many things, the consultations we do, would be restricted to members. Okay. We’ve provided those to non-members.
And so it makes it look like the last item is voting and it’s a poll tax. Now, you’re basically saying that appearance is bad. We could restrict this meeting. We could restrict the participation in things like consultations to strictly ARIN members. And then paying the fee would give you access to a voice similar to what the members have.
Please don’t cause us to disenfranchise everyone in order to make a bigger distinction between members and non-members.
Owen DeLong: Alternatively, you could, even if you do it in an opt-in basis, so that the end user has to take an action of going to their ARIN Online account and saying, yes, I want to be a member, offer that to the end users without the poll tax.
John Curran: Thank you. Would anyone else like to comment on this point?
Paul Andersen: I understand, but I think the other thing to point out that we’ve been trying to encourage as many organizations to move to the Registration Services Plan that has actually – and we do see that as one encouragement to it.
I know you disagree, and we’ve spoken about your specific issues on why you don’t want to, but we’ve tried to do everything in our power to create, especially lowering the fees to the lowest levels, so that it, in most cases, saves you money and you get the membership entitlement.
John Curran: Remote? No. Anyone else like to speak on this topic?
Kevin Blumberg: Kevin Blumberg, The Wire. We’ve had significant discussions about membership fees over the years.
My understanding was the give on having the membership, sorry, the services plan was that reassignments would be a part of it. Voting would be a part of it.
All the new services would be a part of it. The historical things that were given to end users, where the end users weren’t really paying any more, would now be a part of membership services moving forward – the services plan moving forward.
I’m happy about the concept of, the old end users concept being equated to just voting when the reality is that the service providers have been paying the brunt – because of the services that were given to them for all these years, if there’s no difference and everybody can have everything, great, make the price the same. But that’s not what we do today.
We give a huge incentive break to the end user, old end users, and then really what they should be doing is everybody should move to the Member Services Plan.
That’s my understanding from all of the things that have gone on over the years. So I would like to – I’m actually happy with that. I don’t know what the numbers are anymore. This keeps coming up.
The disenfranchised users, how many number of LRSAs who can’t be part of – or don’t want to be, excuse me, don’t want to be a part of the Member Services Plan, are we talking about here? Is this 10 percent?
John Curran: Presently, in terms of numbers, we have 5,700 approximate members. We have, end users, 14,000.
In addition to end users, there’s 500 LRSA holders. And then there’s another 14,000 non-legacy holders who have no agreement with ARIN. You’ve got 500 legacy holders who are the only constituency of end users on a different agreement.
We are not going to – we’ve had the discussion at the Board level for many years, we’re unlikely to afford the benefits of membership to people on different agreements.
So, yes, you would need to leave your LRSA and move to an RSA to become an ARIN member. There are people who object to that, and the objection in that aspect is something that is an understandable disagreement in views on this.
If someone is going to be a member and participate in membership and help set the fees and terms, they should be on equal ground with every other member.
So, in particular, Owen notes that LRSA holders would be moving to the regular RSA and would end up, getting a Registration Services Plan, would end up giving up something.
In many cases their fees are different and lower; some cases they’re different and higher because one fee schedule is per object and one fee schedule is based on total holdings. There is a difference.
But right now, for the smallest organizations, the fee schedules are very comparable. If you’re holding a /24 or several /24s, the transition between end user and Registration Services Plan member is very small in general.
If you’re holding a /16 as a legacy holder, it’s going to be a very different matter because we’ve charged more to people, ISPs who have a /16. But if you’re holding a few resource blocks, the real change, as Owen notes, that you’re moving to a regular Registration Services Agreement.
And if you’re not willing to do that, it’s not clear that we’ll ever facilitate you being an equal member with everyone else.
Kevin Blumberg: To clarify, 30,000 Orgs, give or take, under contract, not under contract, whatever, 500 Orgs that are under LRSA.
John Curran: Right.
Kevin Blumberg: Of those 500, many of them could have v6 under an RSA where they could be a Member Services?
John Curran: Sure.
Kevin Blumberg: Have other Orgs en masse out of the 500 brought this up as an issue?
John Curran: Not really. We haven’t had a lot of adoption, though, of parties that become members, end users who become paid members. We have 60 of them. Of the 5,740 members, 60 of them are parties that would be end users and have opted to switch and pay Registration Services Plan, or are paying the $500 fee, one or the other.
Kevin Blumberg: Thank you.
Owen DeLong: I’d like to respond. As a point of clarification, your small increase for a holder of a /24 is a 150 percent annual increase in fees.
John Curran: Yes, it might be, as a percentage, quite big.
$5 is 500 percent increase over one but it’s still a $4 change. Thank you.
We have a remote participant.
John Springer: Several remote participants, one on this subject, which I’ll do now, leave the others for later.
Timothy Morizot, IRS: As an LRSA holder for our IPv4 allocations, I want to point out that if you also hold IPv6 under an RSA agreement you get membership under that agreement.
John Curran: Right.
John Springer: Of course the way we justified our allocation way back, when in ancient history, wasn’t as an end user.
John Curran: Yup, excellent point. Far microphone. You have others, understood, I’ll come back. On this topic?
Joe Provo: Not on this subject.
John Springer: I have a comment on this topic. John Springer, speaking on my own behalf but in this context a member of the ARIN Advisory Council.
The lack of voting rights is not the only distinction here. There’s also a distinction in which non-members are allowed to be members of the Advisory Council but are not allowed to participate in subcommittees.
John Curran: It is true that there’s a number of governance committees of ARIN, committees of the Board, which specify you must be a member of good standing in order to be appointed to that committee.
So there are cases where you do have to be associated with an ARIN member in order to facilitate a committee role. Good point.
Anything else on this topic? Owen, would you like a final remark on this topic?
Owen DeLong: I don’t have anything more on this topic, but I have another topic.
John Curran: Okay. Anyone else on that?
Owen, your second topic.
Owen DeLong: I notice you had IPv6 listed as preferred for network sponsors and not listed as required. Are we having that much difficulty finding IPv6-capable network sponsors?
Susan Hamlin: I would defer maybe to Mark. I don’t think that it’s been an issue. And we’ve had this same requirement for a while. So I think it depends on locations. Perhaps in the Caribbean it’s been more of a challenge.
John Curran: Much like ARIN’s own philosophy on IPv6, we encourage strongly IPv6 support. But we’re not going to disadvantage our mission because of it.
So, for example, the third-party services that we use, such as webcasting and registration tools and polling tools, we tell those vendors we expect IPv6.
We emphasize that every meeting with them. And in some cases we resolicit for other vendors if we know that there’s one out there that will support it.
But we won’t not do a member poll or not do an election because we can’t find a vendor that supports v6.
Similarly, for meeting sites, particularly in the Caribbean, there’s times when there’s infrastructure challenges.
It’s our strong preference that all the vendor supports IPv6. But we wouldn’t curtail meeting in a certain region, part of the Caribbean if we couldn’t get IPv6 because we want to be able to rotate and serve many parts of the community.
So it’s a very strong preference but it’s not required.
Mark Kosters: To sort of add on to that, John, if I could, one of the things that we do, especially for the Caribbean, is that we tunnel v6 back to the office. So you do have v6 in the meeting. It’s just not coming native from the vendor.
John Curran: And that gives Geoff Huston more things to study.
Anyone else on that v6 requirement topic? Okay. Moving on to another topic, I’m going to take the remote first go ahead.
John Springer: Remote is actually back to Owen’s original comment. Jason Schiller, Google, ASO AC: I prefer a low $100 per year fee for the smallest end users and optional added $500 fee for membership over a larger $500 fee or end user fee with membership included.
John Curran: Acknowledged. Far microphone, new topic.
Joe Provo: Joe Provo, Google, ARIN AC: if you put the election calendar slide up, the dates listed there for the Nom window don’t seem to match what’s on the URL. That’s all.
Susan Hamlin: Thank you, we’ll take a look at that.
John Curran: Thank you, Joe.
Any other remote comments?
John Springer: Ryan Jones, enjoyed the introduction with the great pictures, smiley face.
Susan Hamlin: Yay!
John Curran: Thank you, Susan.
John Curran: Next up, we have Mark Kosters, who will give the Engineering report.
Department Update: Engineering
Mark Kosters: Alright. So I have no pictures. Actually, engineers really don’t like pictures. If you see them in pictures they try to duck out of the way.
But I’m here to tell you that they do exist. In fact, we have a bunch of them in the back row. So the engineers here – Pete, Frankie, Jeffers. There’s Deb and there’s Andy. They’re all in the back row.
We try to be here, but we try to be kind of anonymous. In operations, we have 13 engineers and two managers; development, we have 12 engineers and a manager. The user experience expert and user interface expert, they’re in the back.
Jan and Jesse are back there, and I’m sure many of you have spoken to them. And software integration, we have 10 engineers and a manager. Project management, we have Deb and her sidekick Sherrie, who works part-time, and of course me.
They all work very hard, and I think you’ve seen some of the results they’ve been doing.
Okay, accomplishments since ARIN 40. So one of the things that we do is we work on ACSPs, as many as we can. Many of the ones that are currently on the list, that are outstanding, are really big lists. And we take them in as we can. But here’s a few of them that are coming out on May 12th.
And you may have noticed, if you’re a careful study of these presentations, that a lot of the things that Nate and I say are the same.
But it’s kind of sad that I’m always after Nate. So anyways, we work on a lot of technical debt. I’m sad to say that we still have a CentOS 4 box in our infrastructure. We have a couple of them. Any of you remember CentOS 4. How many of you were born after CentOS 4 came out?
So anyways, we have a lot of work to do. In fact, with ARIN, we don’t have a garage, we actually have a computer facility, and it’s more than two computers; it’s actually 500 to 600 boxes that we manage.
So you say, wow, there’s actually a lot to do here, there’s actually a lot of moving parts that go within ARIN. And frankly there’s a lot of effort that has to be undertaken in terms of updating these machines.
We also have been doing lots of improvements for internal customer service. With transfers, for example, we are using a tool that wasn’t intended really for doing transfers that actually kind of sucked wind, and we had to fix it for John and RSD so they could do the right thing with transfers, and we’ve done that, as well as many other customer service enhancements.
We’ve moved a lot of our ARIN Online components to Ansible. And I just want to give you an idea on ARIN Online, you all use ARIN Online. And anyone have any idea how many pages are in ARIN Online? Almost 400.
So we have 397 pages, to be exact, in ARIN Online. Out of that – and this is the dynamic portion of the website – out of that, 276 have been converted from JSF, which is old framework that we used to use when we started ARIN Online 10 years ago, to Angular (corrected upon review). And Angular (corrected upon review) is going to be used as a bootstrap to start moving into more modern technologies like Java 8. We’re on Java 7. Java 9 just came out. Again, it just shows you we have to kind of keep up.
We have 121 pages left to go. And a lot of these pages are not pages that you could say there’s one-to-one. As we go through these things, we’re also designing them, and you’ll see this in the next couple slides, we’re trying to make them more user friendly, because we heard you: Hey, there’s things that just not as intuitive as they should be, and we’re trying to fix that now through Jan and Jesse’s help.
We also do the new framework for the new website. We’ve sort of taken over the responsibility in making sure that the static portion of the website with the new framework is going to be under Engineering’s control, and that it seems to be in the loop for some of that framework in that they can do primarily content.
We’ve moved to a dev ops model. And I’m going to show you an example of that in future slides when we were moving our components into Ansible as well. Again, lots of user interface work that’s going in ARIN Online.
So I’m going to show you two of these examples. Nate showed you two others. Thankfully I don’t have any lists, Owen. So no more control F on these particular pages.
Here’s a couple more examples where you have the old on the left, where you can see that the functions are sort of listed. And now you can see the new on the right where you can see that the actions are sort of broken out.
So we had this framework to the left. And it turns out that it was really kind of hard to understand. So we’ve moved to a – a subcomponent of this is what you see on the right.
Again, hopefully this is something that’s much easier to understand and is more intuitive. And I think we’ve heard that.
Operational achievements. One of the things that we’re doing internally is we’re building up operational security.
We’re baking in two-factor authentication for access within our ARIN Online networks for all staff, for example. We’ve improved our firewalling. We used to have ACLs on our routers for our public-facing sites. Now we moved that to a firewall for better capability.
We’re working on a lot of technical debt. Much you’ve heard about with our OSs that we have to maintain our various hardware systems that need to be updated and so on.
And we have moved from in the process of moving from three configuration management systems into one, to help that framework along.
And, of course, we’re modernizing our virtualization managers as well. We use a lot of virtualized boxes in our environment, too.
Here you can see our ARIN Online usage. It continues to be fairly impressive in terms of number of users that log in over the years – 137,000 and change have come in since Q1 of 2018. What’s more impressive is the number of people that are power users.
And if you looked at this over the years, you’ll see that more and more people are sort of gravitating to the greater than 16 log-ins. Kind of makes sense because it’s been there for a couple of years and you need to log in every once in a while. But there’s some people that log in, it seems to be, daily. That’s fine, that’s good.
Here you can see the provisioning transactions. The RESTful are the ones in red. Templates are the ones in orange.
And you can see that the RESTful transactions are overtaking cumulatively over templates. Templates are still growing, but at a lesser rate.
DNSSEC. I’m sad to say that DNSSEC isn’t doing so well. You can see here that we’ve had 10 additional organizations that have come in. We have 5,000 organizations within ARIN that are members. 158 have taken advantage of DNSSEC. Out of the total number of delegations that we have, 645,000, there’s 878 secured zones in the reverse. Okay. So that’s about a fraction of a percent.
RPKI, this is actually about the same. So you can see here that a number of organizations, 361, are playing within ARIN Online now, with RPKI, and they’ve created 604 ROAs which cover 825 networks.
One of the things that’s interesting here is you can see that up/down, the people that are using the delegate model, has actually decreased. And that one is actually sort of a misnomer, because there’s a two-step process in terms of doing up/down and they’ve never followed through in step two in becoming operational.
So really we have no one using the delegate model right now. And the person that did use it, they spent a tremendous amount of resources making that happen and realized that it wasn’t worth their while and has come back into the fold using the hosted model, which most the people do here.
Here you can see our Whois/Whois-RWS queries per second. You can see that we’re starting to rise again. We hit this period back in 2010 which is just amazing, the number of queries that we saw was just unbelievable, out of the world.
And it since has come down quite a bit. But it’s starting to come up again. And it’s giving us a little bit of time to focus in on that.
Here you can see Whois and Whois-RWS and RDAP queries over v6. And you can see that, frankly, it’s about 2, 3 percent as time goes on. And that’s the way it is.
With RDAP, you can see here with v4 and v6 that we have a number of queries that is going up and down per month, but it’s definitely some usage.
What I’d like to do at this point is talk to you about an example of directory service abuse that we’ve had. And what you have here – can you all see that graph? Is it pretty good? John, you used the pointer thing.
John Curran: There’s a little center button.
Mark Kosters: The center button? Okay. Sure enough.
You can see the spike that happened here. So this started happening about 6:00 AM on February 2nd – on February 1st, rather. It was a Thursday.
And we started seeing an increasing amount of traffic against our Whois-RWS servers. At that point we started looking at the logs. What’s going on here?
Turns out that there’s some user who decided to get a Python script, and somehow he took advantage of a huge amount of IP address space. And he was coming at it from hundreds of thousands of IP addresses hitting us and asking us for, tell us what 188.8.131.52 is. Now tell us what 184.108.40.206 is. And now 220.127.116.11 is. And all the way up the line through 255 – .255.255.255. We were, like, okay, this is kind of crazy. And it was affecting our service.
And we actually had this timed out when they were going to hit the next /8 and so on and so forth. We actually contacted the regional registry in which this ISP – well, there’s a bunch of ISPs associated with this – that were affected by that, that were sending out this traffic. And they never called us back. They never sort of did anything about it.
So anyways, and we actually ended up having to filter them out. So when we were doing this, what we had is we’re using the dev ops model now.
So it’s not just operations that gets paged to deal with this. And if you looked at the graphs a couple days earlier, I mentioned a little bit earlier, it actually spanned the weekend. And over that weekend both operations and development and SI were all looking at, okay, what can we do to, one, mitigate this immediate issue; two, optimize the code so we can actually do a better job of this sort of things well in the future.
And of course optimizing the code, you can’t just have that fixed right away, but we definitely saw some things we needed to change. But it gave the developers a real-time sort of way of seeing how the code is actually performing in the wild.
So it gave us some good ideas to go back and what to fix. And what we ended up doing is putting filters into place to block traffic from those offending ISPs.
Occasionally we would lift them, see did it go away. And it did not. So we closed them up again. As of today the filters are still in place. I’m pretty confident the traffic has stopped and at some point we need to lift them.
So is this a reasonable course of action? I’ve talked about this a number of times in terms of dealing with directory service abuse. And here’s just another example of what we deal with.
Going back to the slides and statistics, our IRR maintainers are increasing at a normal rate. The number of routes and Route 6 objects that we have in IRR are increasing at a normal rate.
Inetnum and inet6num objects are also increasing at a normal rate. And here you can see the IRR object breakout by organization. What’s interesting about this is when I put it together is there’s a lot of sort of drift going up north – the number of organizations that are getting into a larger and larger number of objects that they manage within our IRR.
And I thought it was kind of interesting seeing that there’s some people – one organization has 7,802 objects, inetnums, inet6nums, Route6, et cetera.
So, what are we working through Q3? We continue to work on automated software installation and working on fully redundant services.
We’re also working on user experience engineering, working on this responsive website that Richard is heading up.
And we’re doing test drives and have been doing test drives – we’re out there in the hallway right now asking for your input.
And IRR. With the consultation that’s ending soon, we encourage you to put your input into place on what you would like to see for us to do so that we can actually put it on the roadmap and definitely would love to hear your feedback on what we should do.
We’re doing some other work as well, counting system upgrade, RESTful API and Postgres. The current version is almost out of support. We need to upgrade to 10.3. And it also uses a high reliability solution that’s reliant on an old Cisco 3750G switch, which was made in 2004.
It’s getting kind of old. We need to find a replacement for it.
We have a lot of technical backlog, as I mentioned before, going from Java 7 to Java 8, moving to a stateless application service, which we’re on our way with, as you’ve seen with ARIN Online, and using automated build systems using Ansible and using Puppet iterations into Ansible for configuration management, and replacing end-of-life boxes.
Some of them are really old. I go into the computer room, the oldest boxes have yellow tabs on them. And I count those yellow tabs. And in fact they have one in my office right now for me to take to my farm to actually shoot.
So anyways, that’s what we hope to be taken care of.
Our coordination with other regional registries, we’re working on differences with our autograph implementations. Andy gave a great presentation about that earlier. It turns out even though there’s a spec, we still do things a different way.
Accordingly, we also have a spec but we do some a different way with extended statistics as well, and we need to coalesce on a common framework for both of them.
With our Internet Technology Health Indicators, our work that’s going on, our work with coordinating with our brethren, with the regional registries in terms of where our framework should be in terms of reporting.
RPKI, we work within RPKI. We work within IETF, working on various operational enhancements. We like to see the protocol. And that is like, for example, sort of a looser way of doing validation, so that we don’t have operational snafus in a big way that takes out part of the Internet.
Objects for trust anchor locaters to make it more secure. And we put out an all-resources trust anchor applicability statement that all the regional registries have taken care of.
And as Cathy reported, within the IETF they seem to have amnesia that we’ve done this.
So with that, I’m done. And are there any questions?
John Springer: Remote participant, Jason Schiller, Google ASO AC: Mark K., out of the 397 pages on ARIN Online, how many have a first previous, one, two, dot dot dot, next, last button?
Mark Kosters: I don’t really know at this point in time.
John Springer: How difficult is it to get Owen’s button to show me all in a list for all of these?
John Curran: Okay, so noted.
John Springer: How about a setting to default to the list version with a button to show me less?
John Curran: Okay. We’ll explore that. Thank you. Rear microphone.
Chris Woodfield: Chris Woodfield, Salesforce, ARIN AC. Could we get back to the Whois abuse slide?
Okay. Just wanted to clarify a question on this. Was this considered abuse because of breadth of the queries or the rate of the queries impacting, negatively impacting the overall system?
Mark Kosters: So it was certainly the rate. So you can look here and you can say, wow, that’s not really that high. And you’re right. We actually have some performance things that we’re fixing as well.
And actually part of this was actually a good learning experience for the developers looking at this and saying, in this part of the code I actually got to optimize a little bit better because it’s performing fairly poorly.
There’s a little bit – a lot of it is really sort of defense because I want to make sure that not only this one person or people or whoever they were who got access to the system, but you, too, can get access to the system when you needed it.
Chris Woodfield: My point being I don’t believe that being able to query everything in the database is in itself abuse, and there’s been a number of things. But obviously rate is an issue. I just wanted to get it clarified.
Mark Kosters: Yes, it was definitely rate. It was interesting seeing the pattern because we were trying to figure out who is the actor here and what do we need to do to mitigate it.
Chris Woodfield: Is this a common occurrence, this sort of pattern?
Mark Kosters: Sadly it’s – it’s not – it doesn’t happen every week. But it does happen maybe once every three months or to that effect. And it always seems to happen over the weekends and probably when one of the ops managers decides to go on vacation.
Chris Woodfield: Thank you.
John Curran: Far microphone.
Blaise Arbouet: My name is Blaise. I’m a new ARIN Fellow. I have a question regarding something that we received last year and those emails were in regards of ARIN website which were under the OS attacks. I would like to know, as I said to you, if you have taken steps to mitigate those risks, and also can you respond if, for example, we have other types of attacks that were concerned integrity or confidentiality of information for our members?
Mark Kosters: Good questions. So first of all, we have two ways – two methods of flows really within ARIN. One is our provisioning systems. Data that comes in. And it comes in from you and it’s authenticated. And the other is the display of that information. That’s put on our public-facing sites.
So in both cases, what we have is we have inline DDOS mitigation services put into place.
So if we see we’re under attack, especially in a denial of service activity, we go ahead and call these guys and immediately things are starting to be mitigated.
And we work in concert with them. We’ve had one case where a DDOS attacker actually was quite crafty. And we spent a number of hours working with our DDOS mitigation vendor to tamp him down, or her down.
So as far as confidentiality, we have a security team at ARIN, and we watch – we monitor our traffic making sure that everything is okay. All our laptops are remotely managed by our operations team and only a few people have administrative rights on those boxes.
Blaise Arbouet: Thank you.
Kevin Blumberg: Kevin Blumberg, The Wire. Starting with Whois, if it was a single IP, I wouldn’t see it as a DDOS or whatever, attack of service.
The whole point was it was coming from, as you said, hundreds of thousands of IPs. It was meant to be disguised. It was meant to be done for whatever purpose, and it was probably outside of what I would consider acceptable norms.
Mark Kosters: I agree.
Kevin Blumberg: As long as ARIN has a fair use, fair AUP, you need to protect it so that the 99.999 percent of people have fair access. If you need to increase your systems to allow for that, that’s one way of doing it. That’s one model.
If you can’t do that, and it’s going to affect 99.999 percent of people, then do what you need to do. And I’m perfectly fine with that.
That’s the one there. Can you go to the IRR slides? We’re having an open consultation right now. The ones about the number of objects per – you had the 7,000 – yeah, that one. Thank you.
Have you looked at any of those top six at the very top for however many of them are actually legit ARIN records where they’re just using ARIN’s IRR as a place to store everything or do whatever they may be doing?
Mark Kosters: We’ve done some, a modicum of analysis. And there’s at least one of those organizations that’s using them for back-up routes.
So they’re not there to hold that space, but they’re using it as back-up routes in case there’s some sort of attack in their DDOS mitigation brethren.
Kevin Blumberg: So the number that I’m actually most interested in is the bottom one, that’s grown substantially over the last couple of years, correct?
Mark Kosters: Yes.
Kevin Blumberg: Thank you. That’s awesome. And those are people that weren’t in IRR at all but now have records in IRR. So that’s great to see.
The last thing was – sorry, Mark – a couple of years ago you did a security audit.
Mark Kosters: Yes.
Kevin Blumberg: Is that still being done regularly?
Mark Kosters: We had a security audit done last year. Actually, we had redesigned our network and it came out very favorably. So every time we’ve had a security audit we’ve actually improved our security.
Kevin Blumberg: With the CentOS 4 boxes and the Java 7 that you’re still running and the Cisco 3750 you mentioned on the page and all of that, you guys came out clean?
Mark Kosters: We came out clean. So thankfully these boxes I mentioned on the very – the internal part of our network. So, for example, the Cisco switches that I mentioned, they’re in a very protected, on a very protected network that holds the database of all ARIN’s records, for example.
So if someone got on there that – first of all, the switches are, them themselves aren’t so much the issue. Getting on to the Postgres boxes certainly would be an issue.
Kevin Blumberg: So my comment on this was: I know there are a lot of new features that our community is asking for. One of those new features probably should be to make sure that stuff like CentOS 4 boxes aren’t on the network and maybe we lose sight of that and we want the new feature but keeping the playground clean might be also just as important.
John Curran: So this actually, internal to ARIN and at the Board level, is a topic that is not lost on us. The Board actually asked for a report regarding the more aging aspects of ARIN’s infrastructure and received that and it has caused a bit of discussion.
So that came up, actually, at the last meeting and budget cycle. And so I’ve been talking with the Board about what we were referring to as the technical debt of the organization: What have we built over time that hasn’t been updated because we haven’t touched it that needs to be swept behind so it doesn’t cause problems.
And we’re paying a bit of attention to that. In terms of prioritization, you guys asked for a lot of stuff, so it’s a balancing act.
But, yes, I do appreciate it. We’re taking the lowest part of the technical debt and trying to kill it, the things that have the highest exposure.
Kevin Blumberg: I appreciate that, John. A spoiler on a Model-T Ford is still a Model-T Ford. Thank you.
Owen DeLong: Owen DeLong, ARIN AC. With regards to the Whois abuse, that is a disturbing pattern. I think the actions you took are entirely reasonable.
I would like to see us perhaps be very proactive in preventing people from data mining Whois in that manner if they’ve not signed the Bulk Whois agreement, because that is almost certainly somebody attempting to do an end run on acquiring all the Bulk Whois data without signing the agreement and therefore feeling that they are not subject to the AUP that is shrink-wrapped in every Whois result and also even more stringent in the Bulk agreement.
So perhaps if there is some low-hanging fruit automated way to rate limit a pattern of queries seen even when it comes in from a distributed group of hosts where we are able to, in an automated way, identify the pattern and put all of those hosts into a host group and say, okay, combine these hosts have a rate limit of one query per 10 seconds or whatever, that might be worth doing if it’s not too much of an Engineering lift.
Mark Kosters: Actually, truth be told, we’re going to start looking at tar pitting. If you get to a certain query limit over a period of time, we’re going to start slowing you down.
So that’s one of the things that we’re looking at. We also have been looking at this, interesting to see, that you would see all of a sudden amazing spike of queries from a particular IP address and then it will go away. And so we would ingest all those queries and respond to them, and it wouldn’t be a blip in our monitoring systems because it was just one second.
So it’s interesting when you look at the logs what people are doing with our systems.
So – R.S.
Rob Seastrom: Rob Seastrom, Neustar. Asking on behalf of not only my current employer but other folks that I’ve talked to, back to the tech debt retiring subject. I’ve worked with both Puppet and Ansible, and I applaud your choice. It’s very easy to quantify the costs of doing the migration.
You figure out how much work it’s going to take at large and then you multiply it by, you know, the fully loaded rate and you’ve got a number.
However, there are savings associated with the retirement of that tech debt. The one I always explain to people who are sufficiently tech savvy is the huge value that a well-curated core brings to you as opposed to leaning on contrib.
Have you managed to capture that in any way? I believe that ARIN is uniquely suited you don’t believe the cost to be secret sauce competitive information, and to be able to share that migration story would be valuable to those of us who are trying to sell other organizations on retiring that exact tech debt.
John Curran: We are focusing primarily on characterizing the tradeoff for our own budget decisions. And given the high pressures to get things done and retire the tech debt, we haven’t put any cycles in to trying to better quantify, characterize, share and publish that.
And even that request becomes yet another resource drain.
Rob Seastrom: I’m not asking you to do it. I’m asking if you’ve already done it.
John Curran: We have not done it.
Rob Seastrom: That’s fine. Mark and I both know that the value is there. I’m just fishing for something to help sell other people on it.
John Curran: And we recognize the value’s there. I am not without experience managing technical operations of various sizes. And so we’ve had the discussion both at the management team and Board level about the balance between retirement versus new features.
And we’ve pushed hard on new features. We’re going to be pushing a little bit harder now on retirement of technical debt.
Rob Seastrom: Good. Thank you.
Larry Blunk: Larry Blunk, Merit. I’m curious how many queries you’ve seen from cloud providers like Amazon. We took a big jump in February and now it’s the dominant source of queries and we’re not sure what to do about it.
Mark Kosters: So that must – you must know this. So the answer to that question is, yes, we’re seeing a large increase fractionally coming from content – from CDN providers from the cloud.
And what’s interesting here, I mentioned this I think maybe three or four talks ago, but someone actually put out a cookbook on how you can actually scan our database, and here’s the tools I use to make it happen and how do you use the AWS cloud to make that happen.
So it’s out there. And people are doing it. Some are better than others, frankly, making that happen. But, yes, we’re definitely seeing a larger and larger share of our traffic coming from places like AWS.
Larry Blunk: Do you do anything to limit it or rate limit it?
Mark Kosters: So not at this point in time. So we’re playing with different technologies in terms of what we think we can do. That seems to make sense.
And the tar pitting thing is something that we’re going to try to implement here very shortly.
Larry Blunk: You mentioned inetnum and inet6num objects. Those aren’t really IRR objects, are you going to continue to support those in the new IRR? I think it would be better to steer people to use the IRR for that information.
Mark Kosters: Understood. It’s just that right now they’re decoupled systems and you have to have this to have it in that framework.
So thank you, Larry.
John Curran: Any other questions for Mark?
Paul Andersen: Yes, one very important question, will there be video in October of the shooting of the CentOS box at your farm?
Mark Kosters: I think we can make that happen.
Paul Andersen: Excellent. Excellent work.
John Curran: Thank you, Mark.
Next up I’ll call John Sweeting to give the Registration Services Department Report.
Department Update: Registration Services
John Sweeting: Alright. Good morning, everyone. Glad to see everybody here on this final wrap-up day, half day.
I’m John Sweeting, Senior Director, Registration Services. Let me give you the Registration Services Department update. It’s going to be some different topics that I cover than normally.
I’ve got an inventory manager – Jon Worley – who challenged me to let him spice up our presentation and what we deliver to you guys and tell you about.
So we’re going to go with that. So the first thing I’m going to talk about is serving ARIN customers.
So organizations served by ARIN, this is broken down by your members, which is ISPs or RSPs, end users under RSPs, 15 percent. end users including LRSA, 42 percent. And then legacy with no contract, 43 percent.
And I guess some of the importance of this is paying versus nonpaying.
So he took a look at the resource-intensive manual transactions that we completed in 2017, which includes Org and POC recoveries, Ask ARIN tickets and Org Creates. These are all actions that come in where somebody is trying to reclaim an organization, their POC, all different kinds of questions come in on Ask ARIN and when they come in to do an Org Create.
The point here is there’s no fee captured for any of these, but they’re very resource-intensive.
We do capture the member, the RSPs, actually it’s in their service plan. end users, you could say this, but it’s really not so much because they’re paying for the resources they have and not all these miscellaneous services; and then legacy, which is 43 percent of this resource-intensive work that we do, there’s absolutely no revenue captured, no cost recovery for these actions.
Automated transactions, you can see, this is SWIPs and other things that are automated. Updating addresses and stuff like that.
The member organizations are responsible for 98.5 percent of that. So that’s a lot of the stuff that the members do is fully automated. They come in, they interact with ARIN. They update. They do whatever they have to do and we never see that.
2017 ticket analysis. This is just a breakdown of the types of tickets that we processed in 2017. There was 18,596 tickets that required action. By action, like the tickets come in, an analyst will first – first a manager has to review them, assign them to an analyst and the analyst has to work back and forth with the customer to supply – to finally close out that ticket.
Transfer requests, almost 20 percent. That’s very resource intensive. Resource requests, there’s 20 percent there. It’s a pretty even breakdown. But again you see the Org POC and Billing Contact is the most types of tickets that we get.
I’m going to talk a little bit more about the waiting list than I did on the previous presentation I gave.
Here’s IPv4 waiting list growth. As you can see, it really went up quickly the first year and didn’t have much – it just kept growing. And I explained that was because we had a lot of resources that had been returned, revoked, that needed to wait for that time period to be certified and cleaned and then starting to be reissued.
We have a process in place where we review all these resources before we issue them back out to the community. It’s pretty intensive work there. We check routing. All kinds of things, whether the process was followed on the returns, whether the process was followed on revocations and then we sit in a conference room, myself, our internal lawyer, Michael, Nate, Val from Finance, and we sit there and we review all these resources before we issue them back out.
That was put in place around April of last year and that’s when we started really getting into a process of getting these resources returned back out to the waiting list.
Waiting list statistics. 568 have been filled since the beginning of the waiting list. The last request that was filled, approximate wait time was seven months. 231 have dropped off. Most of those due to an IPv4 via the transfer market, and there’s 193 still sitting on the waiting list and the oldest was added 15 March of 2017.
Waiting time on the waiting list: Of the 568 completed requests, the average time was 15 months. The longest wait was 24 months. Of the 231 closed requests, the average was seven months before they closed, the longest wait was 21 months and then they got filled via transfer.
So maybe if they had waited three more months, who knows.
Okay. IPv6 Outreach and Status Update. One of the things we’re always looking for how do we get better penetration of IPv6 out to our members.
And again Jon Worley, Lisa, and Cathy, they were looking and thinking about this and they said, you know, we have a lot of members that could just come in and request IPv6 and it wouldn’t change their billing at all; they could have it. They could use it in their lab. They can start to deploy it.
But we weren’t sure that they knew that. So we did a little campaign. And the way we went about it is we identified all the members that had v6, members without v6. And of the members without v6, which was 2,435, we went through and analyzed their fee structure. And the ones that could actually get a /32 of IPv6 without changing their fees was 39 percent of the full members but almost 100 percent of the members without v6. There was only 198 ISPs that their fee would have changed had they – if and when they get v6.
So we had an email outreach conducted to help those Orgs get free IPv6 blocks. Of the 2,000 emails that we sent out to these customers we got a response back from 63 organizations. All positive responses. And they’re all working, they have either received their IPv6 or their requests are working through the process to get their v6.
We’re continuing to work on other ways to identify and reach out to these organizations, these ISPs that can actually get IPv6. One of the things we’re doing is we’re looking at people within those organizations that have been active on ARIN Online in the last 30 days, and we’re reaching out to them directly.
It’s usually a good indicator if they’ve been active within the last 30 days that we’re going to get a response from them and get some kind of – either they’re going to say, yes, I understand I get it free and I don’t want it either way. Or they’re going to work with us so we can issue them IPv6.
The team is made up of myself, three managers: Lisa, Cathy, and Jon Worley. Two senior resource analysts, Eddie and Mike Pappano. Mike is actually one of the ones you’ve probably talked to or seen out at the help desk. Resource analysts: Misuk, Doreen, James, Jonathan, Shawn. And I’m sure if you’ve called or submitted any tickets over the last year or so you’ve had the pleasure to talk with them.
They love talking and helping the customers. They will work with you to try to get whatever it is you’re trying to accomplish accomplished. And we have one paralegal, Suzanne Rogers.
We were thinking of doing the same thing Susan did with the early childhood pictures, but there was a problem because there wasn’t – cameras weren’t invented when the Senior Director was a child. So we had to just can that. There was no, no – what’s the stick called? – no selfie sticks.
Another project that Lisa and Cathy worked on last year, we have – CMSD came to us and said, hey, we’d like to get some blogs out and to help the community understand what goes on in RSD and how to interact and everything.
We decided alright, we’ll get each one of our analysts to pick an area that they are very familiar with or they’re not familiar with but want to get familiar with and write a blog.
So we put out – each analyst put out their own blog last year. And if you haven’t seen them, I believe they’re on the TeamARIN site and you can go and visit them. And it’s got really good information in there, plus it will have a little bio about that analyst if you want to get to know them better.
And we’re actually looking for suggestions for topics for 2018. They’ve enjoyed it so much, they all want to do it again this year.
Customer support requests for this year, first quarter, we’ve already had 941 help desk phone calls, 757 Ask ARIN, and 2,654 hostmaster emails.
Again, this is just the information on the telephone help desk. We’re open seven to seven eastern time, Monday to Friday. Average wait time on the phone is 17 seconds until you hear one of our lovely voices.
And the most common topics. Point of Contact, ticket status, ARIN Online use, and transfer-related questions.
It really is – we really would – if there’s a ticket and you get a reply and you don’t understand what we’re asking for or we say go look at this webpage and do this, and you don’t understand – it’s really so much easier if you pick up the phone and give us a call and let us help you walk you through the issue.
It’s just – it takes all the frustration out of four or five different replies going back and forth and kind of like ships passing in the night, we don’t understand it.
I’ve directed my staff to nip it in the bud and pick up the phone and call when they see the confusion happening, and it would help if you guys really are confused and you need to talk to somebody, you’re not going to be on hold for a long time. They’re going to walk you through and they’re going to help you as best as they can.
And that’s it.
John Curran: Microphones are open for any questions for John.
Andrew Dul: Andrew Dul, CrowdStrike, ARIN AC. This isn’t a question for John but more a question for the Board that was sparked by his presentation.
Did the Board consider a transaction fee for legacy holders for manual processes that were highlighted as a very large percent of our manual processes that we have to do?
Paul Andersen: No.
Andrew Dul: Would the Board consider that as an option?
John Curran: So while we didn’t have a specific fee in this round of changes, in our last fee schedule change that occurred two years ago, after a two-year fee consultation process, we significantly increased the transfer fees and put them up front in the process recognizing most of those are transfer-related requests cleaning up records in preparation to have the move.
So we have some transaction processing fees that exist already in that area related to transfers, which do recover a lot of eventually the legacy activity as it comes into the system.
Paul Andersen: So I think when we said transfer fees, while we carefully monitor the costs associated with, there was a feeling that we received from the community that we did not want to impede transfers at least initially.
So we continue to monitor and we’ll adjust that. I think we’d like to get an idea what the run, more longer term running rate which we’re starting to get data from as we start to optimize processes. So we’ll continue to evaluate that, but we just did not want to see it as an impediment to anyone else.
Andrew Dul: Are those manual processes actually transfers and stuff, John, or is that something else?
John Sweeting: These aren’t transfers, specifically the transfers, but a lot of those actions, the ORG recovery, the POC recovery, the ORG create, those are all transactions that are – probably 80 percent of the time lead up to a transfer.
Andrew Dul: Usually end up as a transfer?
John Sweeting: Right. But they’re as intensive a lot of times as the actual transfer process itself.
John Curran: And in doing something regarding fees prior to that point, a fee that doesn’t allow Org recovery or that inhibits Org recovery or POC updates is a fee that would inhibit accuracy of the registry.
So there’s a little bit of caution in terms of going after a segment that’s really trying to clean up their data.
Joe Provo: Joe Provo, Google, ARIN AC. I think we have a couple of comments that are in the same vein, so I struck the one that Andrew covered.
But, yay, slide 6 because that shows the optimization for what the members need and want.
But on slide 5, the whole population of all the manual transactions, I understand a lot of it is really the scrubbing before transfers.
Is it actually more or less evenly distributed across a population, or are there some significant outliers that deserve attention within either the under contract or not under contract populations?
John Sweeting: This slide you’re talking about, Joe?
Joe Provo: No.
John Sweeting: This slide?
Joe Provo: That slide, the unhappiness slide.
John Sweeting: And the question was?
Joe Provo: In the “legacy no contract” population and the “end user includes LRSA” population, is there any data reflecting whether or not those large amounts of manual transactions are distributed evenly amongst the population, or are there significant outlying entities?
John Sweeting: As far as which if they’re an Org POC recovery, Ask ARIN and/or Org create? We didn’t go that deep into it. I can tell you that a lot of the Ask ARIN tickets are from the members.
John Curran: Joe, when you’re asking across the population, you’re asking not different types of the population, you’re asking number per population person.
Joe Provo: Number per entity –
John Curran: We can look to see if there’s an even distribution of requests per organization.
Owen DeLong: Owen DeLong, speaking only for myself. We’re in the process of the Board considering jacking end users for another 50 percent increase in fees.
At present, under the statement that end users represent a disproportionate amount of the manual requests. However, looking up here end users are less than double the number of manual requests, paid end users versus members. And yet they are roughly 1.3 times – sorry. They’re roughly 1.3 times the number of manual requests, but they’re roughly three times the population.
That does not strike me as them being a disproportionate fraction.
John Curran: If you look at this, it does show that the end users who are paying approximately 15 percent of ARIN’s overall costs are 36 percent of the manual transactions.
If you allocated ARIN’s costs among the, by this chart, then the end user community and the member community making up the paying contracted communities, the end users and the member communities should be paying – the end users should be paying about 60 percent of ARIN’s costs. Presently end user fees add up to 15 percent of our revenue.
David Farmer: If you could go back one slide. I couldn’t remember which direction it was. That one.
The thing that I’d be interested is there any kind of breakdown on these as to whether they’re related to v4 and v6? How much is the new direction of the world versus the old direction?
John Sweeting: I can tell you transfer requests. As far as resource requests, no, I don’t have a breakdown, but that would be v4, v6 and ASNs. That’s one slide that didn’t make it into this. I usually report it, it’s averaging about 100 requests per month of each IPv4 and IPv6.
David Farmer: Okay. Cool. Then the other thing that I just wanted to caution us all, when we’re talking about different groups of legacy end user and members, a not insignificant chunk of the legacy are legacy over here but they have a different hat that’s a member or paying end user, too.
John Sweeting: Yes.
John Curran: By their own choice, yes. Hats have costs.
David Farmer: Yes.
John Sweeting: To state, that breakdown was based on the organization that they came in under for that service.
Charles Thomas: Charles Thomas, Omnipoint Technology. I want to talk to you about my experience, because we’re fairly new into this environment.
And I’ve had a great experience with folks on the phone, walking us through the process. I was telling Richard, I had some calls that were scheduled that came in exactly when they came in and I even had one person that, I could tell he was in his car because I had – I asked him to call me a little bit later.
And I could hear the traffic. But it was just a great experience especially for someone new really coming into this environment and really not knowledgeable about how to go through some of the processes. And it was great. I had a great experience, and I just wanted you guys to know that.
John Sweeting: Awesome. Thank you very much. I’ll be sure to give that feedback to the team.
John Curran: Any other questions for John? No.
Thank you, John.
John Curran: Next up I’ll have Val come up and give the Financial Services Report.
Department Update: Financial Services
Val Winkelman: Good morning. The Financial Services department is one of the smaller departments. We have six people in the staff. And Tammy Rowe is our A/R manager. She’s back at the office holding down the fort.
Amy, Amaris, and Lindsay are also back at the office. And Tanya Gomez has been at the Registration Services Desk this week. I hope you had a chance to go meet with her and speak with her.
Our staff has an average tenure of 13 years. Tammy is going on her 18th year. Tanya her 16th. Amaris her 13th, Amy her 12th and Lindsay her third. And I’m in my 14th year.
With all of this experience, please call or email our help desk with any questions or requests you may have. The help desk is open Monday through Friday, 9-5 excluding holidays.
And FSD received almost 4,000 calls last year and numerous email requests. We don’t have a ticketing system in Financial Services, so it’s hard to get that number.
But the top questions that is asked of the Financial Department staff, number one is can I pay with a credit card over the phone? Do I have to log into my account?
You do not have to log into your ARIN Online account. If you go to our webpage, there’s actually a Pay Now button or you can log into your ARIN Online account and paying online with a credit card is the most secure method and ARIN does not want or keep credit card numbers for security reasons.
And the other: How do I update the Billing Point of Contact? Again, you can create an account an ARIN Online account, or log in if you have an existing account. Select payments and billing and follow the left navigation.
And can you email a copy of the invoice? We’d love to email a copy of the invoice if you ask for it, but again this can be done on ARIN Online.
One of the ones that was slipped in here was a lot of companies ask us for the IRS W-9 form and that’s also online.
So a new resource transfer fee is effective which we just discussed. The 2017 financial audit has been completed, and we’re waiting on the final report. And we are in the process of completing the IRS Form 990 for review by ARIN’s Finance Committee.
A new resource transfer fee was implemented January 1st, 2017, which arose from community consultation. This $300 processing fee replaced a $500 resource transfer fee. This change in fees includes: 8.2, mergers, acquisitions and reorganization transfers; 8.3, transfers to specified recipients; and 8.4, inter-RIR transfers.
And the transfer process fee is waived for 8.3 and 8.4 transfers when the resources are under an existing Registration Services Plan.
Our payment types received at ARIN include: Checks, wire transfers, ACH, and credit cards. The use of credit cards for payment has been increasing each year as well as ACH payments. Credit card payments were 68 percent of the number of all payments and – overall payments, and ACH payments were 7 percent and checks, 25 percent.
But when you look at the dollar amounts, checks are still being used and were about 51 percent of payment dollars in 2017 with credit card payments being 37 percent.
And ARIN emailed 26,000 recurring invoices in 2017, and that doesn’t include initial invoices. The majority of these invoices were for organizations paying per resource object, but the majority of dollars received is from our Registration Services Plan.
And ARIN’s mix of registration revenue remains consistent, but we did have a small drop in revenue from our Registration Services Plan billings mainly for the IPv6 renewals.
And I’m going to briefly go over our invoice and collection process. We have maintained less than one percent of bad debt expense over the year.
We have one person dedicated to the collection activities, plus we have an automated reminder collection process, which we did institute back in December 2013.
And here’s a summarized view of our current process. Invoices are emailed to the Billing Point of Contact approximately 60 days before they are due. Since most organizations only hear from ARIN annually, this is the perfect time to update any of your Billing Point of Contacts before the actual invoice is due.
Friendly reminders are emailed to organizations every 30 days up until the due date and collection reminders are sent every 30 days after the due date.
And here’s the schedule when reminders are sent out. Registration Service Plan customers receive their reminders at the end of the month; whereas maintenance service customer reminders are sent out the 15th of the month.
This helps stagger the workload on the help desk. These subsequent reminders are sent to the admin tech and billing contacts to ensure that someone at the organization receives the message about invoice being due.
All emails are sent from an ARIN-finance email address. ARIN also uses manual collection methods which includes post or mailing a hard copy of the invoice, phone calls, and sending deregistration notices.
These types of mailings and notices are sent to all contacts that we have on file. If no response is received on the account, ARIN will stop providing registration services at 120 days.
This means that ARIN will stop providing the services as well as any associated services. Reinstatement of services can occur between 120 and 180 days overdue.
If a customer does not contact ARIN by the 180th day, the customer will be required to reapply for the resources and qualify under current policy.
If and when a customer does reapply, they will be required to pay any fees that were due before and execute a new Registration Services Agreement.
And there’s more information on our website if you need more.
John Curran: Microphones are open. Any questions for Val?
Kevin Blumberg: Kevin Blumberg, The Wire. Val, thank you. It’s a crappy job having to bill everybody.
Can you go back to the one slide about how people pay. I just wanted to – so about $6 million is coming in from credit cards, correct?
Val Winkelman: Yes.
Kevin Blumberg: That’s $120,000 approximately, maybe $200,000 in transaction fees a year.
A lot of people – I know there’s been a lot of change in the credit card requirements lately. I don’t think you should be on the hook as an organization losing that kind of revenue because of convenience, if it’s – I think you should review if it’s acceptable to add that fee, the convenience fee of using the credit card, so that you don’t lose that revenue, especially when so many people are paying in ways where you’re not losing those fees.
It’s becoming fairly standard in the industry. And if you’re counting the dollars and cents here and there, losing 2 percent to credit cards for the convenience of it, or whatever that number is, should be looked at.
Val Winkelman: Thank you. Remote microphone.
John Springer: Remote comment from Jason Schiller, Google, ASO AC. Please increase my fees, especially on the larger or largest address holders, if that’s what it takes to keep getting IT work.
Please increase my fees, especially on larger address holders, if that’s what it takes to keep the smallest address holders from seeing a fee increase.
I’m channeling former colleague Mike Joseph: “I lament the lack of a services document.”
John Curran: Okay. On the fees, message received.
Regarding service document, we actually did work on that a little bit. And the problem is that we have to put that on hold because we’re still doing the fallout from our normalization of the changeover to the current fee schedule.
And we wanted to get the fee schedule out there, running, get people using it. And now we’re in a situation where we actually can come up with a pretty clear matrix of services and who gets what services.
So that will be picked up. It’s something that we’re going to put back in the plan. And we’ll use the consultation process so people can comment on that.
Any other questions for Val? Okay. Thank you, Val.
John Curran: At this time we’re going to take our morning break. We’re going to stay promptly to schedule, which means we’ll be back here at 11:00 sharp. Look forward to seeing everyone.
Refreshments out there, 11:00 AM. Please be back in the room. Thank you.
Department Update: Human Resources and Administration
John Curran: Welcome back. We’re going to resume our ARIN 41 Members Meeting. And we’re going to pick up with where we left off with the department updates.
The next department update is Erin, coming up and giving our Human Resources and Administration Update.
Erin Alligood: Good morning, everyone. I’m Erin Alligood. I’m the director of HR and Administration here at ARIN.
And as a reminder, I’d first like to share what our team does here at ARIN. As you can see, we have a wide variety of responsibilities.
And I’ll be touching on several of these topics throughout my presentation today.
But first I want to introduce our team. These pictures are recent, just so you know. I’m going to lower that.
I really liked Susan’s pictures that she did of her team. That was really fun. So first, Thérèse Colosi is our Executive Assistant, and she has been here for almost 17 years with ARIN. Thérèse supports our executive team, Board of Trustees, Advisory Council, ASO AC members for travel, and administrative needs.
Next we have Sarah Ba. Sarah Ba is here actually at the meeting. Sarah, if you wouldn’t mind standing. Sarah is our Administrative Coordinator.
Sarah provides HR support such as benefits administration. She secures our employee travel. She helped a lot of us get here today, or this week, and she acts as our facilities coordinator.
And next we have Denise Alston, who is our receptionist. She’s the first person to greet you as you come into the ARIN office. Denise does a great job ordering our office supplies, distributing our mail. She keeps the front part of our office running.
And our whole team really does a great job of doing the back end of the office for our employees. Definitely want to let them know that we appreciate all their hard work.
2017 was a pretty busy year for our team and overall for ARIN. We’re off to a great start in 2018, and it doesn’t really seem to be slowing down as you can tell from the presentations from my fellow directors.
This next slide highlights some of our accomplishments in the last year, since my last presentation at the previous ARIN meeting.
I’m pleased to report that ARIN was ranked at No. 14 in The Washington Post top workplaces listing in the small business category in 2017. This is a great accomplishment for ARIN.
Making this list was due to the results of an employee engagement survey where we received an 88 response rate – 88 percent response rate from our employees for the survey. It’s a great turnout. And we received a lot of great data from the survey.
This is a huge accomplishment for ARIN, as I said earlier. It shows that our employees take a lot of great pride in where they work, and it already adds to our excellent platform for an already wonderful company culture.
And as you can guess, the results of the survey were quite favorable because we made the list. But there were some areas for improvement and some constructive employee feedback from the survey, which we’ve already begun to tackle. And I’m going to touch on that in my next slide.
So the next item on the list is our new COO selection. And John touched on this during his opening remarks. But I just want to add a little bit more context to this. So this next item is a little bittersweet for a lot of us here at ARIN.
As you might have heard, Nate Davis, our current Chief Operating Officer is going to be retiring at the end of this year.
If any of you had the opportunity to meet and work with Nate, you know he has been and continues to be a tremendous asset at ARIN. I’d like to take the time to thank Nate for his many years of outstanding service at ARIN and wish him well as he moves into his next adventure. Please join me in a round of applause for Nate.
As you can see, our new COO has some big shoes to fill. So we opened this position in late 2017 and we received several resumes.
After a thorough selection process, we are very fortunate to have filled the position with an internal candidate, Richard Jimmerson, who is our current Chief Information Officer.
So while Richard will have big shoes to fill, Richard has a terrific amount of experience at ARIN and within the Internet community. And Richard is extremely qualified for the COO role.
So over the next few months Richard and Nate will be working closely together, and they’ve already begun doing this during this transition. And Richard will transition fully and assume full responsibility for the COO role in fourth quarter of this year.
So another item on this slide that we tackled in 2017 is we successfully converted medical insurance companies from Anthem Blue Cross/Blue Shield to Cigna effective January 1, 2018.
Our new medical plan with Cigna is much more robust and offers lower co-pays and out-of-pocket costs for our employees and their families. And at the same time we were able to negotiate lower broker fees at a savings of 10 percent for this new plan.
So moving into some other items that are in progress for this year. As I’ve mentioned in my previous presentations at other ARIN meetings, we conduct a salary survey every two to three years, and our last one was conducted in 2015. So we’ll be tackling this and have already started the process this year.
Our salary survey allows us the opportunity to stay competitive in the metropolitan DC area and ensures that our employees are compensated both within the range of our demographics and their specific roles at ARIN.
I’m also in the preliminary stages of a payroll vendor platform change. So we currently use Paychex as our payroll vendor. And Paychex is in the process of changing their platform for all customers to a cloud-based product.
So I’ll be working with our Engineering and Legal teams over the next couple of weeks for this project in transition.
As I mentioned earlier, we received some really great data from our employment engagement survey related to the Washington Post listing. However, there were some areas for improvement. In order to tackle these specific areas, we’ve secured an outside consulting firm to help us manage addressing the themes within the survey. This team has already begun to work with the management team at ARIN and we’re in the beginning phases of this project.
This will likely result in management and inclusion training for our staff as well as a team-building component where we will further enhance our collaboration and communication between departments. I personally am looking forward to this project in the next few months.
Also in progress for this year and part of 2017 is a full review of our 401(k) plan. In late 2017 we conducted fiduciary training with outside counsel for the 401(k) trustees and investment committee. This training was extremely informative and helpful related to our 401(k) plan.
We are also conducting an ongoing internal audit of our 401(k) plan which will ensure that our processes are followed per our plan documents and IRS guidelines.
So moving into some of the more exciting material of my presentation, I’d like to share some updates on our employee statistics. We currently have 87 employees at ARIN.
We’ve had five new hires come on board in 2017 and one in 2018. And ARIN historically has enjoyed a high employee retention as we mentioned earlier in some of the other director presentations. I’m happy to report that our employee retention remains strong at over 95 percent, which is a slight increase from last year.
And our average employee tenure has also increased since my last presentation from six years to over seven years, which is excellent. As an HR professional it speaks volumes about our organization and its practices to have such a high employee retention.
So with this in mind, each year I show this graphic that highlights our remarkable employee tenure. As you see here, over half of our employees have been with ARIN for five years or more. But we still have a healthy pipeline of newer hires at ARIN.
These demographics are certainly impressive. And to emphasize this outstanding tenure, I’d like to recognize some of our employees who have celebrated their milestone anniversaries, meaning 10, 15, and 20 years over the last couple of years – since my last presentation.
I’d like to recognize those employees who have been with ARIN for 10 years or more. And some of them are here. So I want them to stand as I call your name. Some are going to be back at the office, but I’d like all of us to kind of recognize them as I call their name.
Nate Davis, Garth Dubin, Cathy Handley, Frank Hill, Hollis Kara, Mark Kosters, Lisa Liedel, Andy Newton, Mike Pappano, Matt Rowley, Amy Sanchez, Maureen Seiler, Pete Toscano, Amaris Wang, Val Winkelman, and Jon Worley. Let’s give them a round of applause.
That’s a long list. I’m going to pause for just a second. I’d like Cathy Handley to please stand, she’s in the back there.
So if you haven’t met Cathy, Cathy is our Executive Director of Public Policy – Government Affairs and Public Policy. It was a long title. And Cathy is also getting ready to retire at the end of this year. And I’d really like to recognize Cathy for all of her contributions at ARIN and wish her well as she moves into retirement. So thank you, Cathy.
Some exciting stuff. I’m getting lots of participation. I like it. Alright. So moving into our employees that have been with ARIN for 15 years or more. Again, as I call your name, if you’re here, please stand: Einar Bohlin, Jason Byrne, Tanya Gomez, Susan Hamlin, Richard Jimmerson, Doreen Marraffa, Leslie Nobile, Tammy Rowe, Thérèse Simcox, and Ming Yan. Let’s give them a round of applause.
I have to say, Cathy Clements gave me a hard time and said she’s tired of this, but I am not. And I’m sorry, Cathy. So last but certainly not least, ARIN just celebrated our 20th anniversary last year. And there’s been two employees that have been with ARIN since its beginning stages, and Cathy was with ARIN back in December of 1997. So at this time I would really like to recognize Cathy Clements – I know you don’t want to stand – but for her 20 years of service at ARIN. This is outstanding. Please, join me.
And on that same thread, Michael O’Neill has also been with ARIN and celebrated his 20th anniversary in March of this year. So let’s give him a round of applause as well. He’s back at the office.
Thank you very much. All right. So let’s see. All right. So in addition to providing human resource and facility management, payroll and travel administration and our other daily operational functions, I’ve highlighted some of the work that we’ll be taking on in the next year.
We’ll continue to work on the management and leadership training project that I spoke of earlier related to the employee engagement survey. This will likely be ongoing for the rest of 2018 and may carry over into 2019.
I’ll assist in the COO transition and look forward to working closely with both Nate and Richard during that process.
And we will continue work on our 401(k) plan into 2018 and beyond. And lastly, we will complete our salary survey later this quarter. Thank you for your time. And thank you for your participation.
John Curran: Any questions for Erin and the HR admin report?
John Curran: We’ll now move into the leadership reports from the community. This includes first the ARIN Advisory Council report given by Tina Morris.
Come on up, Tina.
ARIN Advisory Council Report
Tina Morris: Our Advisory Council has changed slightly this year. We lost Dan Alexander to the Board of Trustees during last year’s election.
And we also had David Huberman step down due to a change of employment. But what that did was that offered us an opportunity to backfill those seats with the next two greatest vote recipients.
And so we were able to use those to put Kerrie and Alyssa into the Advisory Council. For the first time, we now have representation from the Caribbean on the Advisory Council, and that’s a really good thing for our Policy Development Process to truly represent all of our regions in that room. We’re pretty excited about that.
The Advisory Council works with authors from the community to develop the policy. They put together the drafts, gather input from the community and move forward recommending draft policies that are fair and impartial, technically sound and most importantly supported by the community.
When we reached that state, then we initiate last call, review final comments and recommend to the Board of Trustees for adoption.
Since ARIN 40, we have sent Recommended Draft Policy 2017-5 for improved v6 registration requirements to the Board, and we have abandoned two policies: First 2017-6, Improve Reciprocity Requirement for Inter-RIR Transfers. It did not gain sufficient community support to justify moving it forward. And, second, the 2017-4: For Bidirectional Requirement for Inter-RIR Transfers. It did not receive any sort of consensus in the community whether it should move forward or go back.
And given that there’s currently no other – it would have no effect on current address transfer processes, it was abandoned.
New proposals since ARIN 40. We’ve had quite a few. Clarification of initial block size for v4 transfers is now Policy 2017-9.
Repeal of immediate need for IPv4 space is now 2017-10. Reallocation and reassignment of language cleanup became 2017-11, and now is actually an editorial change pending AC review.
Prop 247, require new POC validation, is now policy 2017-12. Prop 248, remove ARIN review requirements for large IPv4 reallocations, is now 2017-13.
And Prop 249, verify contacts and new reassignments was actually withdrawn and incorporated into 2017-12, which we see often times when an issue is brought to the community, sometimes we’ll see multiple policies come forward on it.
And that’s part of what the AC does is consolidate those into one supported policy for the community to digest.
Prop 250, allow interregional ASN transfers now in progress, it’s 2018-1. Prop 251, correct references in RWhois, became an editorial change, and it’s currently under community review. So if you have any input on that one it would be appreciated.
And new this year we have Prop 252, clarification to ISP initial allocation permit renumbering; and Prop 253, remove reallocation requirements for residential market assignments. Prop 254, clarification on IPv6 sub-assignments.
Overall, this is our adoption abandonment history. Last year was fairly average for total policies submitted, but we did abandon quite a few. They just could not reach consensus. And this year it’s still to be determined.
John Curran: Microphones are open for questions to the ARIN AC chair.
John Curran: Thank you, Tina.
John Curran: Next up we will have the ARIN Financial Report given by Nancy Carter, ARIN’s Treasurer.
ARIN Financial Report
Nancy Carter: Good morning. As you now know, I was elected Treasurer at the January Board of Trustees meeting. (Moving microphone down) That’s what happens when you follow Tina.
I will do my best to keep you as informed as my predecessors have done. I’m indebted to the guidance and support of both Bill and Paul, the most immediate past Treasurers, as well as the patience of the ARIN staff.
I asked a lot of questions leading up to this presentation. I’m excited to be here to present the ARIN Treasurer’s report. I know that the Treasurer’s report is the reason you’re all here.
Today I’ll tell you a little bit about the work of the Finance Committee over the past few months, after which I’ll review the 2017 financial results, provide some highlights of the investment portfolio and then look at the 2018 budget.
The Finance Committee continues to monitor the investment portfolio for compliance with the investment policy statement and make adjustments required in consultation with our investment consultants.
At the end of February, the portfolio balance was at $29.7 million. The Finance Committee reviewed the proposed fee schedule changes that are now in front of the community for consultation. ARIN staff worked diligently to develop the 2018-2019 budget, which was then finalized by the Board. I’d like to acknowledge the significant efforts that Nate and Val and their teams put into getting that budget ready. Thank you.
The Finance Committee reviewed the 2017 unaudited financial results earlier this year, and we will review the draft statement shortly, as Val mentioned earlier.
Finally, work on the IRS 990 Form is underway and will soon be ready for Finance Committee review.
The 2017 financial results are in front of you. Registration revenue came in under budget, primarily due to lower IPv6 renewals, while investment income was higher than anticipated due to significantly better yields in the portfolio than were budgeted.
Expenses for the year came in two million under budget, and I will highlight some of the significant variances in the next few slides.
The good news is that instead of a $4.3 million draw on reserves for 2017, there was a $6,000 increase to the reserves.
You can see the salary and benefits are under budget by $400,000. This is due to the ARIN Online salary and fringe benefits capitalization. Software and equipment support is under budget, because some of the NetApp storage for Chantilly came in well under budget.
Depreciation is under budget due to the ARIN Online delayed capitalized expenses and because some computer hardware purchases were postponed in the year.
Rent and occupancy was well under budget in 2017, as a result of the lease for the Concord offices being taken over earlier in the year. This created a savings for the organization.
The NRO expense in 2017 was impacted by a correction for a 2016 overaccrual and the 2017 NRO expense being less than anticipated. Both these factors produced a budget variance of over $200,000.
ARIN’s investment portfolio is allocated into three distinct funds, each with different investment objectives. The long-term reserve fund was by far the largest component at $25.8 million at December 31st.
The legal defense fund stands at $2.1 million at the end of the fiscal year. And the operating reserve fund is at $1.6 million at the end of the year.
The chart in front of you illustrates the investment portfolio balances over the past six years. Over the last four years you can see that the portfolio balance has been quite stable.
Now for the 2018 budget where you will see the 2018 budget compared to 2017 actuals.
I will note that we have projected revenues of 20.9 million for the year and we have budgeted expenses of $23.9 million, which leaves us with an expected $3 million draw on our reserves for the year 2018.
Some budgeted expenses that I’ll draw your attention to: Salaries and employee benefits where we have an increase in personnel costs and slightly lower capitalized costs for ARIN Online development.
Depreciation costs will increase primarily as a result of the ARIN Online capitalization. Professional fees and outreach, increases to include our Caribbean liaison and outreach efforts.
General office budget is increased due to the cost resulting from a rising trend of customer credit card payments. 70 percent of our customers are now paying by credit card.
On this next slide, member meetings, shows an increase for 2018 due to higher costs for hotel and airfare in 2018. The travel budget for 2018 has increased over 2017 actuals by about seven percent, due to the locations involved and also the increased cost of travel as noted above.
And, finally, NRO expenses reflect the reduction in expense that we incurred for 2017.
That’s the end of the Treasurer’s presentation, if there’s any questions.
John Curran: Microphones are open for questions on the Treasurer’s report.
ARIN Board of Trustees Report
John Curran: Our esteemed Board Chair, Paul.
Paul Andersen: Thank you, everybody. I don’t have a long report, because really, one, you’ve heard our report through the reports you’ve heard before that because our work is really the culmination of the excellent work both the community and staff do to run the organization as well as it does.
So it makes my job and the Board’s job relatively easy, but I’ll give you kind of an update what we’ve been up to since you last saw us in San Jose.
Probably the biggest change is that we’ve had a large number of turnover on the Board. We lost two of our esteemed Board members, Tim Denton and of course Bill Woodcock, who served this organization for many years. But if you’ve been on the Mailing List you see he’s not on the Board but he’s still around.
But that did allow us to bring on two new excellent Board members. Both Nancy Carter, who has already risen to the role of Treasurer, and Dan Alexander, who has been assisting us in a lot of various roles including he’s taken over the Chair of the Nomination Committee. So that’s been our first action bringing them on.
We had one of our first formal Board orientation sessions this year. We’ve done some informal ones. But given that we had two, we actually had a day where we could bring the new Board members down and get them oriented. So that’s been going.
Some focuses I’ll point out, one on financial, that’s generally what keeps us a little bit busy between the last meeting and this meeting mainly because we’re finishing off our year end and starting up the next one.
Nancy has already given you a lot of the details but the Board has been busy with the year-end wrap-up. We’ve done some work on the travel policy and, of course, we set the budget for this year.
What has been keeping us also quite busy is, as you’re probably aware, there’s a lot of focus on governance. We’ve been trying to take a retrospective look at how we’re structured over 20 years, looking at things on how we do it, asking why we do it that way.
If we’re hearing the answer “Because we always have” saying that’s probably not good enough and looking to see where we might be able to improve best practices. And we’re trying to do it without distracting from the mission.
Sometimes it’s easy for boards to get a little bit too navel-gazing. But we did think there was quite a bit of work that we should get to. We’ve made some interim changes to the NomCom, mostly improving some of the verification that we’ll be looking at for candidates to give better information to you, the members.
We’ll be doing a more fulsome review in August on that. We’ve had this appointment process available to appoint a seventh or eighth member, depending on the way you want to look at it, to the Board which we’ve used previously.
But we felt it would be better to have a more transparent process so the community know how we would use that when we wanted to use it for a more routine filling. So we pointed that out. And we are in beta testing for it as we speak right now as we go through the first cycle of that.
We are on the final touches of putting a formal skills requirement and request document. We found that was very lacking, even though we all had a very informal view of what it was that we thought the Board should – kind of skill sets we were looking for. We thought it would be good to do that. And you should be seeing that come quite soon, along with we have started to work on an ARIN leadership development program for those that are looking to be involved in the organization from a leadership, trying to find a program that – if you’re perhaps interested but think that you need some assistance and some development, that is a program that we might offer, not just for the Board but some of the other councils and bodies as well. And that’s in the early stages.
And other items: Conflict of interest, we’re looking at. We’ve looked at some professional development that we can do for the Board. And of course we are looking at the Board structure which has resulted in the consultation that’s in front of you.
On some more administration stuff, we’ve retired our governance committee and the Services Working Group.
After review, we just did not think those groups still made sense after that time, but they did provide us great input previously, but just going forward.
We’ve adjusted the wildly popular Fellowship Program, we think, to improve that. Mainly we’ve just looked at – because we’ve now allowed for people to do return visits, we’ve just done a bit of tweaking on how that would work. And also the numbers of Fellows that can be appointed.
We made some, we think, enhancements to the ACSP and also touched the meeting standards participations for these meetings.
That’s the main gist. We’ll, from now until when you see us next time, will be August, we will be having our annual strategy session where we’re going to look at all aspects again specifically just how do we take ARIN into the next 20 years and what does that look like working with the staff who will be bringing forward many proposals on issues that the Board would like to look at from that kind of standpoint.
And of course we always look for any community input. And that’s really all I have, other than to take a second to say that this meeting and organization would not be possible without the great staff.
And I just think it would be wonderful if you could all take a moment to thank all the staff present here and back at the office that makes this meeting and our job seem so seamless. So let’s just give them a round of applause.
With that, I’d take your questions. Might as well be Open Microphone to that degree.
John Curran: We can move right into Open Microphone.
Paul Andersen: You’re all so worn out after – oh, Kevin, I always know I can count on you for a question. Rear microphone.
Kevin Blumberg: Kevin Blumberg, The Wire. No question. I’d like to thank the Board for being available, accessible, and honest with us during this meeting.
The accessibility especially has been well, well-noted. We’ve gone to many previous ARIN Meetings where the Board wasn’t around. They were in meetings. They were doing stuff. And it’s really appreciated. Thank you.
Paul Andersen: Thank you for that. And yes, you are correct, in previous ARINs the Board would mysteriously disappear during lunches, breaks because we were holding sometimes marathon Board meetings. I think with the assistance of John we’ve restructured a lot of our agendas and such so we’re trying to push some of the more meaty stuff out, have more an annual Board calendar of events so that we’re structuring some of those immediate items when we’re not here, January and August, so we don’t have to be locked up away during the meeting.
Because we appreciate having time to see you guys as much as you apparently enjoying seeing us. So that’s good to hear. Thank you for that.
Peter Menzies: Peter Menzies. I just want to take the opportunity here as a first-time Fellow to thank you for the opportunity and thank so many of you for your warm hospitality and allowing me to make a couple of new friends. So thanks a lot. And I learned an amazing amount in two or three days. Much appreciated. Thank you.
Paul Andersen: Thank you. And thank you very much for the participation in the program. As I mentioned earlier in my talk, it’s been a wildly successful program. And I think at least from a Board standpoint we will continue to strongly support that program.
Peter Menzies: And I should add a special thanks to Wendy for being so patient with me over my travel arrangements.
Paul Andersen: Any other questions, comments, before you all run for airplanes or sunnier, outdoor windows, window-less rooms?
Just a reminder, please, please, take the time to give input on any of the community consultations through the methods. We are really seeking that input. But I guess, John, if there’s nothing else, we’ll close the Open Microphone.
John Curran: I’ll take a round of applause for our Chair, Paul.
Members Meeting - Closing Announcements and Adjournment
John Curran: And with that, we conclude Open Microphone. And we’re now concluding the ARIN Meeting. Couple of quick things: One last thanks to our sponsors, Webpass from Google Fiber, and Google, our webcast sponsor.
And don’t forget the meeting survey. We do a good job, but we could always do better. Tell us how.
Thank you for being part of ARIN 41. Please join us at an ARIN on the Road, ARIN in the Caribbean, or, if nothing else, we’ll see you at ARIN 42 in Vancouver in October. Thank you, everyone. We are concluded.
(Meeting adjourned at 11:35 AM)
OUT OF DATE?
Here in the Vault, information is published in its final form and then not changed or updated. As a result, some content, specifically links to other pages and other references, may be out-of-date or no longer available.