ARIN 44 Members Meeting Transcript - Friday, 1 November 2019

Table of Contents

 

 

 

 

 

Members Meeting ‑ Opening Announcements

John Curran:  Okay. If people will come in and be seated, we'll get started. A few less faces, but not many. It's like the Survivor theme, round after round watching the attrition. You're in the advanced round.

I'd like to start off ARIN's Member Meeting. I'm John Curran. I'm the President and CEO of ARIN. We all had a productive Public Policy Meeting, but now we talk a little more about the business of ARIN.

So our agenda is going to be getting departmental updates. We'll get those from Registration and Engineering today. We'll get a report from the ARIN Advisory Council. We'll get a Financial Report from our Treasurer, Nancy Carter. We'll get a Board of Trustees Report from Paul Andersen.

And then we'll open it up to discussions about ARIN's business with Open Microphone. And it should be ‑‑ the whole thing should run between an hour and a half and two hours, depending on how long we go.

I'll start right ahead at the head table. We have our Chair, Paul Andersen, who has returned. Vice Chair of ARIN, Bill Sandiford. Board member Dan Alexander, Board member Peter Harrison, and Board member Patrick Gilmore. Almost, Patrick. I'm bad with faces.

So at this point I'm going to start with the first report, which will be Mark Kosters giving the Engineering Update. Come on up, Mark.

Department Update: Engineering

Mark Kosters:  One of the things I wanted to let you know before I begin the report is a number of years ago I had geese attack me while I was riding my bike to work, and it was quite a funny story at the time that this geese attacked me.

And John has noticed and remarked to me that I've been losing some weight. And it's a result of me running away from animals by my house so I wouldn't have to report on another attack.

So just to let you know, one of those attacks was actually a bat. So I had a bat actually attack me while I'm walking the dog at night. The next one is skunks. So in the D.C. area, it's the time when skunk season is coming out, and I'm always watching for skunks. So far it's attacked my dog, which hasn't been so good because that means you have to clean him up.

But I've been running away from that as well. Thankfully they don't run really fast, but they certainly do spray really fast.

That's it. I'm here. I'm healthy. I'm losing weight because of the darned dog and the animals around my house. So let's go ahead and get started.

What we're going to talk about is -- first we're going to talk about staffing, recent accomplishments, statistics, engineering plans through ARIN 45, and I'm going to end with a challenge question. So you guys can stay awake.

So here's our staffing summary. We have, in Operations, five engineers and a manager. Information Systems and Security, we have three engineers and a manager. Development, we have ten engineers and a manager. We have a user experience expert and user interface designer. And those are the two people with the white frocks out in the hallway.

Please, if you haven't had a chance to meet them and talk to them about our ongoing UI efforts, please do so.

Software Integration, we have six engineers and a manager and a manual/UI tester. And in project manager, we have two people, one full time and one part time. And, of course, me.

So highlights since ARIN 42. So who has noticed that we've had 16 updates to our website through ARIN Online? Did you notice any downtime during that time? Okay. Cool. That's great. That's a good thing about stateless websites.

We can actually down part of the infrastructure, do what we need to do and bring it back up since we have multiple copies of it running.

We also have new POCs. We have two different types of POCs that came out through two ACSPs. And now for those people that want to have routing‑only POCs useful for both RPKI and IRR, this is available for you.

So if you have people within your organization that you do not want them to have access to changing the organizational information and so on, as admin and tech POCs do, you can actually allow them to see only certain parts of the infrastructure, essentially, through our application. They can only actually interface with either RPKI or, upcoming soon, the IRR.

So you can actually start segmenting your user base if you want. We also have the same thing for DNS for those DNS people. If you want to only set up contacts that deal with DNS, you can do so through ARIN Online.

We've also re‑networked our network provisioning site in Ashburn. That did involve some downtime, actually quite a bit of downtime. And Matt Rowley, in the back there, has a little more gray hair as a result. But we did actually make it come up fine. We also have a bunch of technical debt that we actually took care of as well.

ACSPs, here are the ones that we actually put it out. As I mentioned, we added routing and DNS POCs. It's ACSP 2019.3 and 2018.15. They are both the same type of ACSPs. We also have put in ACSP 2019.11, ROA search functionality, so you can actually look for your ROA via network. And also ACSP 2013.29, Online, we actually change it from being a sort of server‑side to a client‑side sort of thing. So you can actually resume your work with an indeterminate period of time going forward.

We've had RDAP improvements, thanks to the father of RDAP, Mr. Andy Newton, in the back. Linking entities through search results, improvements for single word query behavior, and returning nameservers and domain queries.

And NRO, we've done our part, ARIN's part of ITHI reporting that John Sweeting talked about a little earlier.

Here you can see our normal source stats. It's amazingly consistent, the number of people who use ARIN Online, the number of people that have come in and put in new accounts. Here's the logins through inception. And what's interesting here is that there's a lot of power users, a lot of power users that have logged in 16 or more times.

One person has logged in like a bazillion times. So I don't know why. I think he likes hitting that return button a lot. So anyways, there you can see the logins from inception. And here's provisioning.

So the ones that are in yellow, it's the new RESTful interface. The ones in black is our old interface. And this is aggregate over time. And you can see that still a number of SWIPs that comes through, but we also have more and more usage against a RESTful API for doing reassignments and so on.

And here is RPKI usage. And what you'll notice here, if you look to the far right, is that we're seeing a pretty significant amount of growth in RPKI, which is great. Actually, I have a question for you. Who's actually been on a network that's been protected by RPKI?

From the Floor:  Everybody.

Mark Kosters:  Actually, everyone in this room, if you've been on your laptop, you've been protected by RPKI. We set it up on Wednesday. So you're actually on this network. Has a ROA associated with the NANOG AS, and it is now available for the rest of the Internet to actually validate. Isn't that cool? So now all of you can now say you've touched RPKI in some sort of fashion.

I'm going to ask the same question again, and I'm going to remember each and every one of you and see if you raise your hands.

Okay. Next one, Whois‑RWS query per second. Whois‑RWS is, of course, in black. Whois, which is off the traditional Port 43, is in yellow. What's interesting here, if you do the aggregate of the two, we're close to the peak where we saw 3500 queries per second. Not quite. But we're getting there, which is kind of interesting.

We see a significant amount of usage on people actually querying our directory services. Here's RDAP. You can see it's increasing as well. One of the reasons it's increasing, frankly, is we're using it on our website. But you can see here that we're also seeing a significant amount of growth on especially v4.

And here is the percentage of traffic that's coming across both those directory service interface over v6, which, sadly enough, is around 4 percent, 3 to 4 percent.

And here's our wonderful IRR, the number of maintainers, it keeps on growing. The number of route and route6 objects keeps on growing. Actually, it doubled over the last ‑‑ within the last year, which is pretty interesting.

And of course these are just sort of supplemental objects for inetnum and inet6num. Not really required, there for posterity purposes.

And here's the breakout per organization. So you can see there's at least one organization that has almost 20,000 objects in our IRR. But a majority of them are the small guys. There's almost 2,000 people that have one to four objects in our IRR.

So typically routes at ISPs, their upstreams have mandated that they put in. But you can see that there's certainly some use here with our legacy system.

So now I'm going to move into what we're going to be doing for the next year. One of the things I want to make clear is that what the priority setting is. And you've heard Nate Davis talk about this. You've heard Richard Jimmerson talk about this.

Now you're going to hear me talk about it in terms of the things that influence our priorities in terms of what's put into the engineering queue. Legal and regulatory sort of things; we've just got to get those things done.

Ratify policies, gotta get them done. ACSPs, that's next on the list. Board of Trustees initiatives. May trump some of the others, depending on what's going on. Operating plan objectives. We put out an operating plan, the two‑year plan that we actually try to achieve.

We have defects, maintenance, and upgrades that we put out. Mailing List ad hoc requests, environmental changes, customer feedback, and customer surveys. They are all part of the process that we use to actually figure out what an engineer is going to do.

Now let's talk about what an engineer is going to do until ARIN 45. So IRR, we're going to be working on the IRR. Just had a presentation about that.

Website phase II. We're going to be adding in fairly soon a website chat functionality for people to chat while ARIN is in the office.

Also we've done a number of usability improvements because you've all asked for not only people to use their laptops but also their phones to access ARIN's website and through ARIN Online. And these things change all the time, and we need to make sure that we keep up.

We also have a technical backlog that many of you are familiar with. We have some services that we've upgraded. Some services are still on Java 7, JBoss and CentOS 6. These are sort of longer in the tooth. We're working on getting them upgraded, but they are certainly things that we're very much aware of and need to work on.

We also have this bump‑in‑the‑wire DNSSEC signer that we have that's called ‑‑ by Secure64. We need to upgrade that as well. That's getting also old in the tooth. It employs our DNSSEC. We need to re‑roll our keys for the various /8s. We're dealing with some legacy crypto algorithms that we're using that we need to upgrade as well.

And perhaps even move off of Secure64. It was a good thing at the time, but now that there's other tools available, it may be better for us to think about moving on.

And of course we're putting in our RPKI HSM upgrade, moving from the 4767 ‑‑ we're moving to the 4767 from the 4765. So we're staying in the same sort of family line within IBM, and it's ‑‑ there's just not a lot of HSM vendors out there.

Then we're looking at GSLB, which is near and dear to my heart. I certainly would like to move around from round‑robin DNS that we use today for service offerings.

We're going to be working on technical debt and IRR work at the same time. One of the things that we're doing is we're looking at how we've done business in the past.

Before, everything else was fairly monolithic. We had a pretty significant set of applications that we build. They're all sort of interrelated with each other.

And we're starting to separate them because we found through doing the website upgrade it was a multiyear process and maybe we need to rethink about how we're doing things and how to make things sort of simpler, because that was a pretty significant uptick that engineering had to take care of.

So we're looking at doing things in smaller components, and I think this is great because a lot of the software I wrote 20 years ago was smaller UNIX‑like components, and some of those things are still being run today, sadly, but they're still out there.

So we want to start doing things. And we're looking at using Kubernetes as sort of underlying infrastructure to make that happen. And we're going to be modernizing incrementally, adding new features, adding in new services, but also making it smaller using Kubernetes as sort of a deployment mechanism.

So the end result of all this is being more robust and easier to maintain because we'll only have to do smaller portions of our service offerings as we go forward.

So we've also had coordination with other regional registries. We're working out differences on our RDAP implementations. It's interesting, you have all these standards out there, but there's lots of areas where you can interpret things. We're trying to fix those issues.

We're also working on extended stats file formats. We have a specification out there, but there's a couple things that we need to clarify between the various regional registries.

We've been, of course, working on ITHI that John Sweeting talked about earlier. We've gotten our work done, and other regional registries are working on theirs as we speak. And RPKI. And we're working through the IETF in making RPKI more robust.

There's a couple of areas that are fairly weak. There's a number of initiatives that we put through the IETF, we're trying to put through the IETF to make RPKI more robust, in our opinion.

So challenge question. So this is the part that you can start looking up from your screens. Okay. So we have various overlapping services. It's been very easy for ARIN over the years to add new services, but it's really, really, really hard to retire these services, really, really hard.

Each service has a cost and effort to run. These things don't come for free. Especially some of the older ones. And there's many of them.

But I'm going to focus on three of them. First one is report access. We have stuff available from FTP and HTTP.

Who uses FTP these days? Three.

What does it even stand for? No, no...

(Laughter.)

So basically most people actually use HTTP and HTTPS now. So it's maybe something we need to consider retiring because you can get the same information over a different transport.

And then the bigger thing is provisioning for reassignments. We have three ways of doing that. You have templates that started when I started working back at the DoD NIC in 1991, that's what we used. That was just awesome technology at the time.

Have things moved on since then? Well, we have a RESTful API now, and we have SWIP‑EZ through the ARIN Online. So there's multiple ways of getting the same information in the database.

So do we still ‑‑ what do we do? Continue the three ways? Do we reduce it? Certainly it has costs to do so. Then we have more duplicate services.

And now let's talk about directory services. So you have Port 43 Whois, has been around since, I don't know, forever, since before I was born, and that was a really long time ago.

You have RWhois, which, sadly, I helped create, and that's where some of my code still lives. You have RESTful, Whois‑RWS that Andy created about 10 years ago with ARIN.

Then you have RDAP, which is sort of bootstrapped off the rest of Whois‑RWS. And you have web‑based RDAP. Web‑based RDAP and RDAP are probably both important, and that's sort of the future, but how long do we keep these things around as well?

So, anyways, one of the things we're thinking about is, hey, maybe that we need to think about retiring these things and how do we do this in sort of a transparent way. So it requires your input, and I'd like you to start thinking about this.

So what's not useful: Hey, this is the way it's always been done, and I just want to continue doing it because I don't want to put any thought into it.

But what's useful is: Hey, I have to get some money to actually fix this to go to a more modern interface, and it's spent for this coming year, and I will do it the following year.

That would be useful. And the other thing is maybe on the new services we're missing some key functionality that would ‑‑ that was only existed in the old system. It would be good to know about those things.

So some of the things that are being considered is pushing some of these things out to the community and see what we want to do. So there will be plenty of time for transition.

And again I want to sort of stress that we have a lot of services. A lot of them are fairly redundant or are redundant, and it does have a cost to actually keep and maintain these essentially redundant services. So think about those things as we go forward. So thank you. And are there any questions?

Yes, sir, far mic.

Kevin Blumberg:  Kevin Blumberg, The Wire. Couple things. One of the requests many years ago was for security audit; and I know that you did implement a security audit, and then it just sort of disappeared.

We did it. There was some things that we got a very, very, very high‑level thing that wouldn't even work for a corporate summary. I would love to be able to see a corporate summary that says we have engaged. We have done ‑‑ based on an agreed set of rules, here's the rating that we have applied, we've improved, and keep that ongoing.

Seeing CentOS 6 listed there for the fifth year as something that needs to be done sort of plays into that.

You have a huge technical debt, and I know you're working really hard on that technical debt. You talk about phasing out legacy systems to help with that technical debt. But then you have to realize the rest of the world has those same systems and is reliant on those archaic systems.

I don't think Whois is going away anytime soon. I don't think email is going away anytime soon because just as you have technical debt, so does every enterprise and every type of company out there.

Front end it. Make it as easy as possible to manage those archaic systems. If you're going to retire something like the email system, give us a script, give us a pointer, give us something that we can do to interface to it so that it is not just a drop and go over here with no help.

You want to retire something, give a long leg to it and give the help to assist people in code snippets or in other ways to allow them to migrate to those new systems.

Mark Kosters:  So noted. Thank you. Center mic here.

Scott Johnson:  Scott Johnson, SolarNetOne. Speaking to the other gentleman's point, can we have some kind of a summary of what said security audit included? I mean, was this pen testing? Was it simply a port scan, fuzzing? What do we do?

Mark Kosters:  Thank you. We have done multiple security audits. We have one planned for every year. So there are ‑‑ and we do them in secret so the rest of the staff doesn't know.

John Curran:  Our security audits, it's not fire and forget. We budget them, and we've been doing them on an ongoing basis.

Obviously we don't take the results of the security audit and say, "Here's our exposures." But providing some sort of summary so you know they're happening on a reliable basis and that we're improving, we'll try to figure out how to do that in a way that's meaningful.

I will say we do ‑‑ our security audits are ‑‑ there are security audits that happen in ARIN that only a few of us know and the rest of us are subject to. And so I may not talk to you about all the security audits that we do. That's all I'm saying.

Mark Kosters:  Center mic.

Joe Provo:  Remote participant, Matthew Wilder, Telus:  Thank you, Mark and TeamARIN, for eating your own dog food with respect to RPKI.

Mark Kosters:  Great. Glad to hear it. Front mic.

Dmitry Kohmanyuk:  I'm Dmitry Kohmanyuk, Intuix LLC, in a personal capacity.

It's great you're going to retire some services. I would start with the RWhois because who else uses that?

But the point of that, I think you should separate the data format from the data interface, right? I mean, you list web RDAP Whois -- there’s also web classic Whois and I can probably weave in RFC drafts for Whois over SSL on the weekend, right? It will be secure.

My concern here is that we still have HTTP interfaces. I think that's a good policy maybe to eliminate non‑encrypted transport.

And I'm not sure if you can do FTP over SSL, but you get my point. Sometimes you have to say legacy, but things that are not so legacy, but the new, like ‑‑ say RDAP use non‑encrypted RDAP transport, should we have it at all? So I think that's another concern I have if you're talking about security.

John Curran:  Thank you.

Mark Kosters:  Thank you very much. Back mic.

Owen DeLong:  Owen DeLong, ARIN AC. I want to thank you guys for all the UI improvements on ARIN Online. It's turned out very nice. It's much easier to navigate and much easier to find stuff. And I really appreciate all the effort that went into that.

Mark Kosters:  Great. Thank you.

John Curran:  All right. Thank you, Mark. No, we got one more.

Lee Howard:  Lee Howard, IPv4.Global. Are you going to do a series of consultations on things like that, or is this the input -- is this the question and now you're waiting for answers?

Mark Kosters:  The thing ‑‑ we're discussing the idea of actually putting out a consultation for this coming year. On one or more of these services.

Lee Howard:  Thanks.

Mark Kosters:  Okay, thank you.

John Curran:  Along these lines, addressing our technical debt, making sure we don't have systems that make it hard to be agile and responsive to you and request new features is something the Board's asked me to pay a bit of attention to.

Of course, at the same time, as Kevin points out, we need to support older interfaces because we don't want to be driving software upgrades at all of our customers. That's not what we're intending to do.

But those of you who are on feature sets that are 15 years old that probably you and only a handful of other people are using, you know, we'll need to figure out whether we continue to support it or maybe we make it a special optional feature for older organizations to pay for the maintenance they're dragging along. I don't know.

But we are going to talk a little bit about the large number of services that we have that are more than 10 years old that are used by a handful of people, because otherwise everyone pays for it, and that may not be equitable.

Mark, thank you for your presentation.

(Applause.)

Next up, I see him on deck, John Sweeting, come on up here. John will give our Registration Services Department Report.

Department Update: Registration Services

John Sweeting:  I think this is my last presentation of these two days. It's a very hard one because I have to follow that act that Mark gave up here. And I don't have any animal stories. So I'm just going to jump right into the presentation.

Going to go through current staff org. Go through this quickly. This is my team. Myself, Lisa Liedel, who manages the team and actually makes sure all the work does get done. Cathy Clements, who is now on 21 years at ARIN. She's been there from the start. And she is our transfer expert.

Jon Worley, who is our tech services expert ‑‑ I think we had the question from Anthony Delacruz just before the break in the last meeting. He's already reached out to Anthony. They've already set up a time to go through and clean up all of Anthony's bogus inputs in our IRR. So that's how fast we work.

Eddie Diego, who's back at the office, Senior Analyst, Customer Service Senior Analyst. Mike Pappano. You might have met him. He's out at the help desk. I hope everybody had a chance to stop by and talk to those guys and help them -- I mean, let them help you.

Misuk, who does a lot of our transfers. Jonathan Roberts, who does all our Org creations and a lot of other tasks. Suzanne Evans, who is a paralegal who really looks after ‑‑ works with Jennifer Lee a lot on bankruptcies and really digging into the really, really tough cases.

Jennifer should be part of this team. She spends most of her time working on it. She's an honorary member of the RSD team, and she's in the back there. I hope you guys got a chance to meet her.

James has also been out there. James is over there waving at everybody. He was out at the help desk as well. And Shawn Sullivan, who does the majority of our 8.3 transfers.

Organizations that are served by ARIN: We have legacy organizations, 15,000, 41 percent of members. Members are, of course, the ISPs and anyone under an RSP, Registration Services Plan. That's 16 percent. And then our customers, which consist mostly of end users, which is 42 percent.

ISP v4 RSA coverage in /24s. As you can see, there is 48 percent under the standard RSA. 12 percent under LRSA. So we're up over 60 percent covered under an agreement, and just under 39.9 percent that aren't covered by an agreement.

There you go. There's the growth under agreements and of course the delta of the not under agreements going down ‑‑ there's a word that can be used, and I can't think of it. Sorry, I'm getting old.

John Curran:  Declining.

John Sweeting:  Declining. I'm declining. John was talking about the chart.

John Curran:  Talking about the chart.

(Laughter.)

John Sweeting:  The IPv4 waiting list growth, as you can see, since the new policy was put into effect. We have actually served a whole lot of customers off the last two iterations of the issuance, and the list has gone way down. I believe as of today, we're sitting at 137 organizations on the waitlist.

These are the reserve pools. You can see there's a lot of space available. It's different numbers, but we wanted to show it on the same thing. The 4.4 pool is actually a /15 that was reserved, and the 4.10 pool, it was a /10. We actually put the numbers in there, too, but as you can see, there's a lot available still.

Registration Services Plan IPv6 profile. IPv6‑only is 9 percent, IPv4 and IPv6 is 49.9 percent, and IPv4 only is 40 percent. So that's direct from ARIN. That's the profiles. Realizing that some of the IPv4‑only could have IPv6 from their upstreams, as well as the ones that have IPv6‑only could actually also have IPv4 from their upstreams.

So the end user IPv6 profile, it's not quite as much IPv4‑only. 74 percent. But as I said, some of those could have IPv6 from their upstreams. That could become apparent in the next slide or the slide after that.

So it's going to be this slide. So this is an interesting slide that I haven't shown before. Jon Worely was looking at all this stuff. He came up and showed it to me, the figures, and I thought, well, that's very interesting. It's actually a much ‑‑ I think a better story than the last slide.

This is showing the actual networks that have been issued each year. So these are reassignments and reallocations. And as you can see, it's by year. So there was 68 ‑‑ there's projected to be 68,669 this year; 51,000 last year. So you can see in 2015 is when people actually started reassigning and reallocating IPv6 networks.

I see Owen looking at us. I'll leave it up for a second for him to look at it. Got it? Okay.

Lisa instituted a policy within RSD, and she didn't take it through the PDP, but it's still a good policy.

She has her staff, every year, each of them get assigned a topic to write a blog about. And in 2019 you can see the blogs that ‑‑ some of the blogs that were written and shared.

It's become quite a good resource for the different questions that come in to the help desk. And since these are the people that actually sit there and talk to the customers every day, they actually can capture some really good tips and experiences to share with the community.

We would also like to ask for input from the community on what kind of topics they would like to see some blogs written on for 2020.

The telephone help desk. Of course, I think you also saw ‑‑ I think Mark maybe talked about it ‑‑ we're actually going to have a chat. We're going to actually add a chat to the help desk as well. So next meeting I'll probably be talking about some chat statistics as well. But the phones are staffed 7:00 AM to 7:00 PM Eastern Time Monday to Friday.

We have an average wait time of 17 seconds, which I'm told, like, 15 of those seconds are you listening to the "Welcome to ARIN," blah, blah, blah, and you go in the queue, and you get picked up right away.

These are the most common topics. Transfer‑related questions are very ‑‑ they're the biggest thing because transfers are very complicated sometimes.

And that's it. Like I did say, we are going to start chat. I'm not sure ‑‑ we're not actually sure what the hours of the chat may be. It may be the full time that we have the phone, too, or we may start out trying to figure out what the impact's going to be. So we'll announce it when we get ready to launch it.

John Curran:  Any questions on the RSD report? Remote participant.

Joe Provo:  Anthony Delacruz from CenturyLink says: Thanks, amigos. Service team is great.

Kevin Loch:  One more comment. On this slide with the IPv4‑only versus ‑‑ Kevin Loch, QTS.

Slide with IPv4‑only, IPv6‑only, one other use case you may not have thought of is Orgs with multiple Org IDs. They may have ‑‑ especially since v4 runout, maybe they created a new Org ID for a new discrete network that could only get v6 so it shows up as a v6‑only. But they have access to v4 through their other related entities.

John Sweeting:  Good point. With you just saying that, it led me to think about the fact that when we do these things, we probably count the -Z accounts that are legacy with legacy agreements that might not have v6 in them, so it could, yeah.

John Curran:  Okay. Very good. Having heard the departmental updates that we're going to have, at this time we're now going to move on to hear the Advisory Council Report.

I'll ask Tina Morris, the Chair, to come on up and give it.

Advisory Council Report

Tina Morris:  Hi. We have a 15‑person Advisory Council that works very hard on behalf of the community. It's a lovely picture we take every year. We do this and put it on the website so you can see what our faces look like and all that.

It's a great group of people. Very diverse backgrounds. Very collaborative and collegial at this point. I couldn't really ask for more.

The AC has been incredibly busy. We keep expecting policy development to go away. It just isn't happening.

So we sent several policies and we've been doing a lot of cleanup. It's all not just brand new concepts, but we sent several policies to the Board for adoption. They'll be implemented Q1 2020, listed here: 

Unmet requests; remove IPv4; reference to NRPM 6.10.1; clarification to ISP initial allocation; POC notification validation policy; disallow third‑party record creation.

So you can see some are editorial. Some are significant.

We have a lot of new proposals; in fact, two pages on it here. And during this meeting I believe I have three more ‑‑ two more ‑‑ and I expect this meeting is actually going to generate three or four more on top of that.

So we have 15 shepherds. We assign a primary and secondary shepherd to each policy. We try to spread this across ‑‑ this is a volunteer role. We don't want anybody doing all the work and spending endless hours on this. But we also want to make sure that all the policies are represented well.

So it's quite a docket. This is the second page of what we have going on right now. Compared to other years, this chart shows adopted, abandoned, and to be determined. This year we're on track to beat all but one other year. If they have value, please submit them. But we have been busy.

Wanted to take a moment. David Farmer submitted his resignation this week. He's leaving us after 11 years, 20 draft policies he's shepherded, and attended 120 AC meetings. David has been invaluable to the AC.

He always makes us slow down, talk about things, gives everything incredibly deep thought. He has promised not to leave our community and keep participating in meetings when possible and on PPML. I know our AC will continue to lean on him for his guidance.

David, I just wanted to say thank you from the community.

(Applause.)

And any questions?

John Curran:  Thank you. Excellent.

Okay. Our next report is the ARIN Financial Report presented by our Treasurer, Nancy Carter.

ARIN Financial Report

Nancy Carter:  Good afternoon. Is anybody else freezing? I come from Canada. I thought it was going to be warm here. When I woke up this morning, it was warmer in Ottawa than it was here.

Anyway, I'm delighted to be here to present the ARIN Treasurer's report. And, as always, I'll remind you that I know the Treasurer's report is the reason you're all here.

I've received a lot of support from the ARIN staff, and I thank them so much for making this presentation so compelling.

I want to tell you a bit about the work that the Finance Committee has undertaken since I last reported to you in April, after which I'll review the financial results for the nine months ending September 30th.

I'll provide some highlights of the investment portfolio, and then we'll look at some customer growth metrics.

The Finance Committee monitors the investment portfolio for compliance with the investment policy statement, and we make any adjustments required in consultation with our investment consultants.

At the end of September, the portfolio balance stood at $28.5 million. We reviewed the unaudited financials for the period ending September 30th. And then earlier this year we also reviewed the IRS 990 form, and we recommended its approval to the Board. Once it was approved, it was subsequently filed by staff.

The year‑to‑date financial results are in front of you. Revenues are within 1 percent of budget and expenses are 5 percent under budget, providing us with an operating surplus at the end of the third quarter.

Investment income, including appreciation of the investment portfolio, was $2.86 million for the first nine months of the year. And this is a strong recovery from the dramatic change in the December 2018 portfolio balance that I had to report to you in April.

As a result, rather than a budgeted $773,000 increase in net assets for the period ending September 30th, we experienced a $3.5 million increase in our net assets.

Operating revenues are detailed on this slide. This is a new slide. We're ahead of budget at this point in the year, and we expect to continue tracking to the budget. The variance that you see is impacted mainly by an increase in maintenance fees.

Here are the operating expenses. It's a bit of an eye chart. Much of the time that I spend with staff reviewing the financials is spent on understanding the variances that you see reported here and confirming whether or not they are timing variances, meaning we'll catch up by the end of the year, or whether they are permanent variances, meaning that we have experienced some cost savings or our budgeted amounts will not be realized.

Many of the variances that you see here are permanent. So we're currently 5 percent underspent on our operating expenses, and we expect that trend to continue to the end of the year.

Capital expenditures are detailed here for nine months ending December 30th, and they're compared with the same period in 2018. You'll note some shifts in the kinds of capital expenditures that ARIN has made in 2019.

ARIN's statement of financial position or balance sheet is highlighted here, September 30th, 2019, as compared to September 30th, 2018. Again, this is a new chart for those of you interested in tracking ARIN's financial position. I'm happy to tell you that these results show a very stable position for the organization.

ARIN's investment portfolio is allocated into three distinct funds, each with a different investment objective. The long‑term reserve fund was by far the largest component at $24.7 million at September 30th, the legal defense fund was $2.2 million at the end of September, and the operating reserve fund had a balance of $1.6 million at the end of September.

This chart represents or illustrates the investment portfolio balances over the last seven years, and you'll note the December market correction and subsequent recovery that we experienced in the first three quarters of 2019.

Net assets as a percentage of expenses is one metric that can be used to demonstrate the financial health of a not‑for‑profit organization. Currently ARIN's net assets are sufficient to cover 19 months of operating expenses.

In an effort to provide meaningful metrics, staff has created new slides for the treasurer's presentation. There's a couple in this presentation. These next two show customer growth. And thanks to the RSD team for putting these together. Over the past four years, you can see the material growth in customers is in the small categories.

This is a graphical representation of Registration Service Plan growth over the same period of the four years, not including the end user. So for those of you who see things pictorially, this is a different representation of the growth.

And that concludes the treasurer's presentation. Any questions?

Wow.

Paul Andersen:  You have to understand, when Nancy took the role, she watched all the previous -- Bill and myself, be Treasurer: "How come you guys always get questions, and I never get questions?" Be careful what you ask for.

John Curran:  The honeymoon period is over.

(Laughter.)

Nancy Carter:  Front mic.

John Olson:  John Olson, Webhiway Communications. Does the fiscal year for ARIN match the calendar year?

Nancy Carter:  Yes, it does.

John Olson:  Thank you.

Nancy Carter:  Whew.

(Laughter.)

Back microphone.

Lee Howard:  Lee Howard, IPv4.Global. Thank you very much. Love the new charts. Those are nice additions. When you were talking about the variance in expenses from budgets, there were a couple of items that were, you know, up in the six digits, you said most of these were permanent items.

Are these changes in objectives? Are these things unforeseen, we budgeted too much money and decided we didn't need to spend it? How would you characterize the variance there?

John Curran:  That's actually mine. It depends on the line item, Lee. It really does. In some cases we realize a cheaper way to do something so we're able to reduce it altogether.

In other cases, it's not a question of timing but it's a question of, well, maybe the need changed or the need disappeared. So, for example, staff, we're taking staff travel down this year by more than $100,000.

My estimate for what we're actually going to spend compared to last year goes up and down month to month because we're also doing things for the last few months we didn't envision at the beginning of the year.

We did an RPKI boot camp with one of the peering groups. It wasn't in the budget. You have to ask me on a per‑line‑item basis, and I would tell you whether or not it's we found a cheaper way to do it or it's going up and down as my forecast does.

Lee Howard:  May I ask you about two particular line items?

John Curran:  Absolutely.

Lee Howard:  One of them was employee salary benefits, $300,000 under. So were those head count budgeted and not hired or are those deferred hires or ‑‑

John Curran:  I missed ‑‑ employee what?

Lee Howard:  Employee salaries and benefits. Were those head count budgeted and not hired or ‑‑

John Curran:  Oh. So we have a number of dynamics there. So there's no way to budget changes in head count due to change in circumstances. So this year we actually did hire a CFO, and people saw that announcement. The CFO ended up having a major change in personal circumstances and ended up leaving.

And therefore the addition, which wasn't in the original budget plan, and then the subtraction did quite a bit of swing to the salary line. That's probably a good way to think about it.

We've had other head count change. We've had several people move on to other organizations, and that also has an impact. Because we end up with a lag until we do the recruitment and backfill.

Lee Howard:  Head count to backfill.

The other big one that I saw was educational outreach/professional fees was also, I think, $300,000 under. Are there particular circumstances that it's changed there too?

John Curran:  So we have to budget a few things in that line item. That line item has services that we get from other people.

And in some cases we will decide not to do something. Like, while we do do a customer survey, we don't do it every year. While we do a security audit, we do security audits many years, but we actually do an operational audit one year and a security audit one year.

So sometimes the audit that we decide to do or the services we decide to change in the year based on what staff I have available to support the audit, and so that impacts that item. It doesn't mean we're not going to get the job done. It just means I've swapped the years for them.

Lee Howard:  Nancy, to almost the first thing you said, yes, actually, this is why I stay for the Members Meeting.

Nancy Carter:  Thank you. Can I add on to John's point? In that last item, that last variance you're asking about, there was almost $100,000 in there budgeted for the investment portfolio expenses. And due to a change in legislation, that's now netted out against the investment portfolio. So that was a big change in that line item.

Lee Howard:  That was the specificity I was hoping for. Thank you.

Nancy Carter:  Front mic.

Andrew Dul:  Andrew Dul. I like the new charts. On the last two, I think it would be useful to try to see if we can add the end user category onto those, see how it's trending, see if people are converting to Registration Services Plans out of the end user category. Might be interesting trend to see there.

And one aesthetic comment. It looked like on some of the slides the font got a little squished. So I don't know if that was part of the import or whatever, but might be helpful for people who read slides later.

Nancy Carter:  We'll work on that. Thanks. Great feedback.

John Curran:  Thank you.

John Sweeting:  The end user number is in the slides. You have the graph. Because if we put it in the graph, it would have squished the other titles. The number is on the slide before the graph.

Nancy Carter:  Now I'm going off script. I just want to talk to you about a life lesson that I relearned yesterday, and that life lesson is, "Know your audience." 

So yesterday I showed up at the Halloween party with what I thought was an amazing costume. I thought it was fantastic. But I had to explain it to everybody that I saw. And you know what's the sign of a bad costume? If you have to explain it to everyone that you see.

Anyway, I went as the Paper Bag Princess. It's a fantastic book. I thought it was a children's literary classic, and it is in Canada.

(Laughter.)

I had no idea. So Robert Munsch is an amazing author, written some great books. This was one of the first books he wrote. He's American. However, he moved to Canada and lived in Canada and worked in Canada.

And so I had no concept that this was not an American thing. So next time I will do my research before I show up here with a costume that I have to explain. Anyway. Thank you.

(Applause.)

John Curran:  As we get towards the end of the Member Meeting, the final report is the Board of Trustees Report from Paul Andersen.

Board of Trustees Report

Paul Andersen:  I can back that Robert Munsch is a wonderful author. If you have children, even if you are in the US, I'm sure Amazon can help you out there.

I have a very short report because I know I'm always the one between you and planes and other meetings and such. So I just try and sum up a little bit about some of the stuff you hopefully heard over the last few weeks ‑‑ sorry, days.

As a general rule: What have we been up to? This is the high level of some of the things that we've been going over.

You've heard earlier about the RPKI TAL. We've been working on various reformations of committees, policy actions that we had. We have been working with the CEO and management to bring on a CFO.

As you heard, we had a bit of an issue. We'll continue on that. And we have been dealing with mostly strategic planning and budgeting, which is kind of what I'll take a second to talk about.

We have been doing a lot of focus on strategy this year, both just in trying to evolve the Board as the organization's evolved and matured. So the Board is quite focused on strategy. We've been doing a lot of administrative and more items to try to do this.

We've moved a bunch of work items that used to be in our bucket. One that comes to mind is the Fellowship committee, where that seemed like an operational thing and we've moved that to be a staff function, for instance, because that didn't really ‑‑ other than we want to understand the success of the programs as a whole and the resources are being used efficiently, that didn't seem to be one of the things that the Board needs to get in the middle of.

We're starting to move to a more year‑round strategy planning process. We were just in the final throes of a three‑year strategic plan, the first in some time that we've done a three‑year strategic plan.

It's been an interesting process because not only are we making that plan but we have been evolving a process to make that plan a little bit on the go. And hopefully this will be the process which we hope to publish going forward on how we will be doing strategic planning, of which our hope is that we can get feedback from you.

Obviously, we always ‑‑ this community is never shy on telling us what they think. But we are trying to make sure there's a more formal process at least as it relates to our strategic planning process.

And a few other things, like, for instance, you might have noticed we're a little more around, except me, of course, during the last two days, as opposed to these meetings, throughout every meal break trying to get ‑‑ we're actually now taking a full day every time in both April and October.

Still tweaking it a bit because October became a bit of a challenge obviously with NANOG. But our hope is we're spending quite a bit of our time in person and always trying to move forward the strategy process and tying that in with the operating and budget.

We've been doing a bit of governance work over the past few years as well. I thought to highlight some of the stuff we've done. Just again looking at how the organization has evolved.

It started as early as a few years ago that we actually started stuff such as putting in a formal director orientation process. And that was actually an interesting process because that actually required ‑‑ and I thank John for most of that, as he had to go through 20 years of documents and such and put it all together. Because if you bring in a new Board member and you want to bring them up to speed, this can be death by firehose, effectively.

So we've tried to take all that information and put it together and distill so that directors would ‑‑ if they were newly elected, would have that more formal onboarding and have access to a much cleaner set of documentation.

Last year we worked on again trying to actually formalize what the job actually entailed from our perspective. So we published what we called our Expected Qualifications and Responsibilities, because we got a lot of questions about: What is it actually you guys do? How are the meetings structured? What's the time commitment? So we published that last year.

This year has been fairly busy. We spent much of the first part of this year harmonizing the election procedures, which of course are spread across three documents, the bylaws, which we didn't touch, an election procedure document, which is reasonably new, and the NomCom charter.

So we tried to make them consistent. First of all, it was just minor inconsistencies in terms. So we tried to clean that up, because that's obviously good, and we tried to streamline the process quite a bit.

As part of that, we also committed to publishing a letter to the Nomination Committee detailing what kind of gaps and any guidance we had. Typically we'd put maybe one sentence at the end of the NomCom charter previously, and we were told that was maybe a no‑no.

So there's a great document, and as part of our transparency, even though it's to the NomCom, it has been -- since we submit it to them -- available for you. So if you wish, you might want to have a thing, if you go to ARIN.net/elections, it's right there, or you can go and click on the link later. And, of course, we always look for feedback on that.

And, lastly, we're going to be spending ‑‑ we've just spent actually some time this meeting and we'll be through the year doing a much more holistic look. Much of this has been trying to just clean up the house, but we've actually brought in some outside help.

The corporate governance is a well‑studied, well‑established subject, and we've brought in some expertise just to kind of look and just look at the whole process and the organization to see are there better ways that we can govern ourselves as an organization. So we're going to be working on that as a board for the rest of the year.

So that's the meat of the report, but I would like to take a moment to say some thank‑yous for service to the organization. Many of these you've already seen.

First I'd like to thank Regenie Fräser. She served a one‑year appointment to the Board. She'll be leaving us in December. She's been a contributor to the Board over the last year, and I'd just like to ask the community to thank her for taking the time.

(Applause.)

As Tina mentioned, David Farmer is leaving us after 11 years of service on the Advisory Council. David, it's been great to work with you over the years. I'm glad to hear you're still going to be in the community. And on behalf of the Board, I'd like to thank you again for your service as well.

(Applause.)

My excuse for the last one is why I wasn't here yesterday. It would only be fair to give one more thank you to Susan Hamlin for almost 20 years of service.

She's put up with me over those years and my antics. And I thank you for your work and effort on behalf of the Board. Thank you for your service, and hope you enjoy your retirement.

One more hand for Susan.

(Applause.)

And let me tell you, sometimes they were antics.

Moving on. I would just like to finish off by encouraging you, of course, to take the time to vote. Please vote. Vote as often as you are allowed. Vote early so you don't forget. But please take some time, review all the candidate materials, the speeches, all the background materials.

Please, it's very important. This organization can only succeed if members take the time to give this very, very important duty.

And with that, I will take any questions on my report. And if it's okay, I will also just take Open Microphone since they tend to be the same thing.

Members Meeting ‑ Open Microphone

Paul Andersen:  So the microphones are open for stump the Chair. And as I see them going, I will go to the far microphone who I saw line up quite a bit ago.

Cathy Aronson:  Hi, Cathy Aronson. Two things. One, I just want to say thank you again for allowing the Board members to interact with the community because I think that's super valuable.

And I'm so glad because when you were all sequestered off and we couldn't interact, I don't know, it's just better.

And the second thing, the note that you give to the NomCom of what you're looking for, I think it would be really helpful to go over that at the beginning of the election speeches and such so that everybody, A, knows it exists and, B, has it in their mind while they're listening to people talk. That's just my take on it.

But I think it's important for the community to be well versed in what the Board is looking for or the things that they need.

Paul Andersen:  Thank you for that excellent suggestion. It was a first‑time process. That's great feedback.

I can see Nathalie writing down. I think, yeah, if we can find better ways to integrate that. We are looking for that to be a suggestion ‑‑ I stress a suggestion ‑‑ to the NomCom and the community. If there are ways that the Board is looking for support, that is how we're looking to communicate it going forward. So thank you for that.

I'll go with the front microphone next.

Kevin Loch:  Kevin Loch, QTS. I'd like to address a source of bad registry data, and that is the ARIN staff's policy of extreme vetting when it comes to legal entities and their history and all of that.

It's not a problem when an Org comes to ARIN the first time, signs an RSA, because everything is obviously in real time. But as time passes, 10, 15, 20 years, usually this gets involved in M&A‑type activities, those types of tickets.

You can uncover problems ‑‑ I's not dotted, T's not crossed. There's a real risk in terms of the ARIN user opening the ticket that they could lose access to the resources, regardless of the fact that they've been operating in good faith, serving customers for that whole time.

What I'd like to see the ARIN staff do is move towards the policy that's more similar to the way domain names are handled where there's a presumption of innocence.

If you are the Point of Contact, if you're in control of everything else related to that registration ‑‑ mailing address, billing, and everything else ‑‑ that you assume that they're acting in good faith unless you have positive evidence of fraud.

Now, obviously, I fully support ARIN's mission of combating fraud. Nobody wants to see that. But in the domain space, it's so much easier to manage registrations, and yet there is fraud that sometimes occurred. It's not pervasive.

There's methods of handling it with the UDRP in the civil courts or perhaps even the registry policies themselves of clawing things back, if there's evidence of something happening.

The consequence of this and how this relates to the bad Whois data is there's a very real palpable fear of opening an ARIN ticket. And it turns out it's somewhat justified due to this extreme vetting process.

And by adopting a more ‑‑ an easier process for updating domain records, you may get more records updated and more accurate data. Thanks.

Paul Andersen:  I think the high level, we'd say, is we've always given the staff direction that we want our services to be easy to use and friendly but that the integrity of the registration has to, of course, trump. So I know John wants to comment deeper.

John Curran:  I was actually intrigued by your comment that says there's risk to opening an ARIN ticket. There was a period of time when that was true.

I don't think at this point it is for someone who doesn't have real evidence of bad activity. It is possible for you to approach ARIN and have us say, wow, what you're trying to clean up really doesn't look like it's yours and we're going to lock it.

But I don't know of revocation that takes place. Truly, in the last five years we've gotten away from that. We've told people come in and normalize your resources.

Kevin Loch:  I've heard you say that previously. And I thought ‑‑ and that's true, that may be true. You may not be actually revoking, but you've still got outdated entity names that can't be updated, accounts that can't be consolidated to simplify things for ARIN and the Org.

So there's still very real negative consequences to the extreme vetting. There's benefits and there's cost to that. I would just like to see it move more towards a more practical, easier to use, and then you can publicize that, look, we've made this ‑‑ streamlined this process, and unless we see evidence of fraud, we're going to go forward with these, we're going to believe you're acting in good faith.

John Curran:  I'll switch it around to listen to what you said. I agree with you, but I want to explain your normalization or someone's normalization of their registration is, in some number of cases, someone else hijacking your resources. So if I tell the community when someone shows up and says that your resources are actually theirs, and things look pretty good, I'm going to normalize the record for them, and they'll have your block. Because every block we update was someone else's, and we're protecting that party who may not be in the room at the moment.

When it's you being protected, you're like, oh, wow, you're doing it right. But when you're on the other side, it seems wrong. Do you see the issue there?

Kevin Loch:  Not really, because what I was suggesting is if the ‑‑ maybe I didn't think this clearly enough. If you have a Point of Contact that has an ARIN Online account that's already the authority in the system to do everything else ‑‑ update the address, mailing address ‑‑ that that is sufficient.

Obviously, with legacy resources where there's no RSA, that's really a different topic. I'll give you that one. But in the case where there is a positive control already existing through, in some cases, two‑factor authentication on the website, then ‑‑

John Curran:  We will do what you're asking. Come find me afterwards. I want to know that use case.

Paul Andersen:  My suggestion would be, because my day job also has domain registrar, and there's no amount of ‑‑ sorry, no lack of fraud occurring there, so perhaps we can look at some of the challenges and how they've solved them, because there's some similarities. I think it's good that we could look to see if there are ways to improve.

Rear microphone. Noting we're running out of people speaking. So we will have to close the microphones if people don't come.

Lee Howard:  Lee Howard, IPv4.Global, A, your friendly neighborhood brokerage community is here to help.

Paul Andersen:  No ad, please.

Lee Howard:  Well, in that specific case, there are people in the community who can help with certain facilitation. That's where I was going, not as an advertisement.

B, what I really came up to talk about was to say I complained this morning because I was tired, but as I watched the slides today and thought about the slides yesterday, this community ‑‑ no, really mostly the staff here generates so many acronyms and so much jargon that doesn't need to be there.

I saw so many slides today using acronyms that didn't need to be acronyms. They could have been a word that would make more reference -- and therefore make it not just ‑‑ there was no acronym today that I didn't know what it meant. It took me a minute during Mark Kosters's presentation to remember what HSM stood for.

But there's no acronym I didn't understand, but it's actually I think impeding comprehensibility and the ability to participate rather than making things clearer.

So please try and reduce that for the next meeting.

Paul Andersen:  I "ack" that suggestion.

(Laughter.)

Took a while, but you all got that. Microphones closing shortly. Please approach a microphone.

Far microphone.

Kevin Blumberg:  So I saw something consistently with a number of the speeches, and I'll be extremely generic, which was a complete lack of understanding between the PDP and the ACSP. "We'll just have this go to the community and go through a Policy Development Process --"

Paul Andersen:  I'm sorry, could you do us a favor, please, restate your comment without acronyms, please, for the help of the gentleman over there.

(Laughter.)

Kevin Blumberg:  I'm doing it on purpose, but the point was that the Policy Development Process has an extremely limited set of things that it can touch. The suggestion process has its own set of things that it can touch. And I got a real sense from the candidates generically that there was a complete lack of understanding between those two.

I believe that just like you have a Board briefing document to explain, hey, we're about to now load you with 20 years of history, I think that something similar for both Advisory Council, Board, and NRO in terms of providing a briefing document to somebody who wants to run so they have, A, an understanding of the community and, B, an understanding of the work that they're going to be putting in towards this community.

Paul Andersen:  John?

John Curran:  It would be nice if we had sort of a mini leadership development program. So something that would let people learn about -- this is what ARIN is and we have a Board, we have an AC; if you're familiar with it now, this is the PDP. This is how we're structured, this is what each organization does.

Paul Andersen:  If there was one.

John Curran:  The responsibilities -- if you go look on the ARIN website for Leadership Development Program, it's there. We actually this year rolled it out. We had volunteers, people who wanted to potentially run for the AC or Board, and we trained them in what ARIN was.

We actually gave them a phone call with Board members and AC members who volunteered. And actually the lesson plans are online. It's part of our new training library. But I don't think we're pedantic when it comes to telling them about the key differences like PDP and policy, what can be in policy versus the consultation and suggestion plan.

I am happy to make it more pedantic. I have a forte in this area and shall apply my skills to the training material.

Kevin Blumberg:  The act of being pedantic was an example, John. It's about getting the nominees that information in advance to be able to speak in a way that, A, shows that they're informed and, B, that they understand our community. So that was the first.

Paul Andersen:  We thank you for the feedback. Thank you.

Kevin Blumberg:  Second thing was I want to compliment ARIN on the Fellowship Program for this program. I was a mentor. I've been a mentor for probably eight or nine different meetings, and the caliber of the Fellows was very much appreciated.

We have had a couple times where I was ‑‑ from a personal point of view -- was very disappointed in the people that were chosen, and I was really impressed this time around. And I know it's cyclical and everything else, but I could really see a key difference in the quality of the Fellows that were coming to the community and that would be able to give back to the community.

So I would like to thank staff for the selection and all of that. And I would like to thank the Fellows who have really shone at this meeting. So thank you.

Paul Andersen:  Thank you.

(Applause.)

Thank you for noting that the staff trumped the Board in most cases as always. We suddenly have a surgence of questions.

Scott Johnson:  Scott Johnson, SolarNetOne. I'm an ARIN member as well as a Fellow this time around.

I wanted to thank the Board, the Advisory Council, the staff, my wonderful mentor, Joe Provo. You guys have done a tremendous job putting this program on. And I urge you to continue and expand it in the future, try to target the young people in the colleges to bring some young blood in. Because we're all getting a little gray every now and again, and we need to make sure that the Internet is in good hands as the future moves along. Thank you.

Paul Andersen:  Thank you very much for that comment. Don't forget to vote since you're a member.

Far microphone.

Martin Levy:  There's a comment ‑‑ Martin Levy, Cloudflare. There was a comment five, ten minutes ago about timing on this meeting and running it in conjunction with NANOG. So this is just a repeat, a statement that has been said many, many times. Joint meetings with NANOG are very advantageous and I believe increase the amount of people that are capable of coming, myself included, and I wish that that would continue. Just that's it.

Paul Andersen:  Thank you for that feedback. Front microphone.

John Olson:  John Olson, Webhiway Communications. I want to echo what Scott was saying. This has been incredible for me as a Fellow. I learned a great deal.

And having the opportunity to attend NANOG and realize these resources, when I've been in this industry for most of my life, I mean, I was portmaster boy in the old dial-up days. So this has been incredible.

Tina, you were great last night; a lot of information. You guys are great. Thank you so much.

Paul Andersen:  Thank you so much. This will be the last comment unless somebody approaches a microphone before the end of David's comment.

I started you off. Go ahead.

David Farmer:  David Farmer, University of Minnesota, ARIN AC. Thank you, everybody. But then also to the last couple of points here. We all need to start bringing some of our junior people to these meetings so that we can populate the next time around.

Paul Andersen:  Thank you. Thank you, David. And with that, the microphones are now closed, unless there's a remote participant. With that, we will close Open Microphone. Thank you very much.

John.

Members Meeting ‑ Closing Announcements and Adjournment

John Curran:  I have the honor of making closing announcements and adjourning you. Thank you, everyone, for coming to our Member Meeting.

And I'd like to remind everyone, I don't see slides up ‑‑ are there slides coming? No, there's no slides. I know what's on them anyway. One more round of thanks for our sponsors: Addrex, Google, AT&T.

(Applause.)

Additionally, if you've not voted, go vote. Definitely time.

Do we collect these lanyards? We collect these at the registration table. Take them off, drop them so we can reuse them. We don't like having to buy new lanyards or see them go into landfills. Take them off. Give them back.

We do have slides. I know we have slides. That's okay, I know what they say anyway.

Thank our sponsors. We did that. And vote now. We did that.

And don't forget the meeting survey. I would have forgotten the meeting survey. That's why we have slides. Even though I read every slide you possibly see up here, I would have forgotten. Don't forget the meeting survey. Fill this out. It gives us feedback.

Some of the comments you've provided at the mic I'll remember if they're about meetings or formats, but if you provide something in the meeting survey, a whole team of steely‑eyed ARIN people will go over them in a room and talk about them and put them on checklists. And things that go in the meeting survey get many, many people paying attention to it. Not just my vacant stare up here.

So you might want to fill things out on the meeting survey if you want to make sure they get a rigorous look.

Okay. Thank you for being part of ARIN 44. See you soon. We'll see you at ARIN in the Caribbean, if you go there; our Lunch by the Numbers event; ARIN on the Road; or Louisville, Kentucky, next year.

Thank you, everyone.

(Applause.)

(Meeting adjourned at 1:23 PM.)