ARIN XXIX Members Meeting Draft Transcript - 25 April 2012 [Archived]
OUT OF DATE?
Here in the Vault, information is published in its final form and then not changed or updated. As a result, some content, specifically links to other pages and other references, may be out-of-date or no longer available.
Opening and Announcements
John Curran: Okay. Good morning. I’d like to call us to order, and first thing I want to say, welcome to our Members Meeting. This is open to everyone in the community. But it’s focused on members, those folks, because we’re talking about how we manage and spend your money in making sure we get the mission done. But everyone is welcome to listen. It’s a wonderful thing. So first a thank you to our sponsor for this meeting and the prior days. Network connectivity has been provided by Telus. I’d like to invite Matt up. Come on up.
John Curran: This is Matt Wilder, who is with TELUS, our network sponsor, and he’s going to say a few words.
Matt Wilder: Thank you, John. Hello, everyone, or what looks like the remnants of the conference.
Matt Wilder: Thank you on behalf of TELUS for the recognition, John, and it’s been a privilege again to provide network. We’re happy this time we’re able to get v6 up for the meeting. And that’s been very exciting.
Matt Wilder: I hope the network has been smooth and fine, and if you have any comments regarding our network or the v6 part in particular, please do give that to me. I did check the stats yesterday. Looks like about 10 percent of the traffic is v6. So that’s great to see. So thank you.
John Curran: Thank you. Excellent job.
John Curran: Okay. Don’t forget your Meeting Survey. In your meeting folder you have a survey. Fill it out or you can go online. We have a copy of it there. All respondents will be entered to win a Samsung Galaxy Tab. Rules and reminders. The chair moderates discussion of Draft Policies so all can speak and be heard. He’ll also moderate this meeting today. State your name and affiliation when you come to the microphone. Please comply with the rules and courtesies in the program. Today’s agenda. We give ARIN updates from the various departments. We have the ARIN Advisory Council report, ARIN’s Financial Report from the Treasurer, the Board of Trustees report from the Chair, and then Open Microphone.
So at the head table we have the Board of Trustees: Chairman Tim Denton; our Treasurer, Paul Andersen. I guess you’re Vice Chair, right, Scott? Vice Chair Scott Bradner. We also have an interloper. We have the Chair of the Advisory Council. He’s not a member of the Board, but he’s very important, John Sweeting. And Paul Vixie, who is our Secretary this year. We do not have Mr. Vint Cerf. He’s off in Geneva because of the Global INET conference. And we don’t have Bill Woodcock because he had to go back.
So at this time I’d like to move directly into the meeting reports. And the first departmental report is going to be Communications and Member Services by Susan Hamlin.
ARIN Updates: Communications and Member Services
Susan Hamlin: Thank you, everyone. I’m pleased to present an update on communications, organization, member services, activities that we’ve conducted since our last meeting. And we’re going to start with a drawing today. Many of you picked up a pedometer at registration. This is a giveaway we’ve used at many events, many booths, has been very popular, the IPv6 theme. So I have a bowl here with those of you who put a business card in and your numbers. And we’re going to have John randomly draw five. Five. Because I have five special prizes. There are more than five in the bowl, in case you’re wondering.
All right. Thank you. So if the following people would come up: Sam Weiler, Justin Clutter, Darren Norman ‑‑ are you all here? ‑‑ Peter Kumbalek, and Ron da Silva. And we have new ARIN hats, IPv6. So congratulations and thanks for participating.
John Curran: I think they were waiting to see what the prize was before they came up. Limited edition. Be proud.
Susan Hamlin: Okay. So quick look at the ARIN membership growth. Here are stats from the last five years. And you’ll see pretty much a steady growth. This is broken by region, and it’s pretty proportional in the amount of growth. Okay. I’m not going to go through this list, but these are many of the activities the Communication and Member Services department is responsible for, starting with all aspects of the meeting, outreach events, public relations, Policy Development Process, elections, et cetera. Some of the projects we’ve been involved with starting with last year, and every year we have a different election theme.
And last year’s was setting the course towards a new horizon, and it obviously registered with you all because in our election last year we had the highest voter participation ever; 15 percent of eligible voters voted in the Board or AC election. So I want to thank you for your great participation and get an early start in encouraging you to make sure you have a registered designated member representative and start thinking about this year’s election. Nominations will open in July. Again, there will be two seats on the Board of Trustees and five on the Advisory Council.
Our annual report for last year is up. You can find that off the main page of the website. We have a new meeting video, something we send and point people to who have not attended an ARIN meeting to encourage them to come. We point first‑timers to it. I’d also like to thank those of you. We had I think almost 40 first‑time attendees at this meeting. We had a great First‑Timers Breakfast, seen some of you already register for the mailing list, so that’s great and we look forward to your continued participation. We also opened a guest blog program recently, and you can find information about this on our microsite teamarin.net.
Any of you who have an interest in blogging, have an interesting topic you think would be of value to the community, education bent, we’d love to hear from you. And Jennifer will work with you and we’ll get that published. We recently did a little reorganization of the home page. Two big things: To move the IPv4 countdown counter up to the middle of the page to make it more readily apparent. And today, if you would click on that counter page, you will also find a link to the IPv4 countdown plan that Leslie went over the other day. We also reorganized the transfer information. And you’ll see that in the right‑hand middle of the page.
We have a couple new fact sheets. And we had a new handout in your registration materials about understanding the IPv4 transfer market. We’ve obviously been getting a lot of questions at outreach events, and we think this will be a good educational tool. This is a look at some of the outreach activities, places where ARIN staff has been, where Advisory Council has helped us. We’ve been to many exhibits, road shows throughout the ARIN region. And we have a pretty active schedule for this fall. We continue to grow our social media efforts. We had, I think, 500 new Twitter followers since the fall. I know we’ve been mentioned more than 900 times on Twitter in the last couple of months.
Just a show of hands. How many of you all follow ARIN on any of these? Good to know. We don’t get much feedback. So it’s good to see that. Okay. And then just want to remind you about participation and ask ‑‑ we have the IPv6 wiki. It’s out there. It grows. Continuing to have people post to it. Post your good/bad experiences. It’s a good resource for you to visit. A lot of information out there. We also have a 4‑byte ASN wiki we put up a couple of years ago that’s had very little to no traffic. So if you are experiencing issues and you have something you’d like to share, that’s a good place to park information.
Nate went over yesterday the open suggestions. We have a consultation currently open on those. And if you look at the home page of www.arin.net, under Highlights, you’ll find a link to that open consultation. It’s open until the 30th of this month. I encourage you to let us know what you think, which of those suggestions you think are worthwhile for ARIN to pursue, and the same with the engineering projects prioritization. On the home page, under Announcements, you’ll find a link to that survey in Survey Monkey.
John Curran: With respect to the 4byteasn.info, it would be helpful if people who have experienced problems making use of 4‑byte ASNs would document those in this wiki. That would let us understand some of the things that myself and Geoff have been asking for a while. So it’s a wiki. Go in and edit it. You can even choose an IP address from somewhere else to edit it. And put frank and forthright commentary about issues using 4‑byte ASNs. And that would be very helpful to some of us. Thank you.
Susan Hamlin: Okay. So Sunday morning some of us took a walk around town. And Einar and I saw this graphic and we were talking about participation of this meeting. And I thought it was great. And I also think because the last two days we’ve had a lot of participation. So we thank you for that and encourage you to continue. Okay. Look at all the mailing lists and just a reminder that all of these mailing lists are open with the exception at the bottom of the ARIN Discuss, which is a members list. Upcoming meetings. Invite you to join us in Dallas. Again we’ll be back to back with NANOG. And spring 2013, we’re looking to go south again, somewhere in the Caribbean.
For those of you who are familiar with the Fellowship Program, we could also use your help encouraging others in your community, folks who have never attended an ARIN meeting. If you feel like it’s worthwhile, we’d love you to spread the word and encourage them to apply for the fellowships for the upcoming meetings. And with that, I would just like to thank the team. It takes a lot of effort. CMSD has a lot of different activities. Not only do we develop the communications, but we also support internally engineering department, registration services, trying to communicate about our new activities, their developments. And I’d like all of the CMSD team sitting up front to stand, and I’d ask you give them a round of applause for all their work in this meeting in addition to everything else on their plates.
Susan Hamlin: Okay. That’s it. Any questions?
John Curran: Any questions?
David Farmer: David Farmer, University of Minnesota, ARIN AC. This isn’t the question; this is a thank you for doing the ARIN on the Road, and I want to encourage anybody who is at the meeting to come to the ARIN on the Road events if they’re in your city or a nearby city. They’re very useful. It’s also very useful to have experienced people come to the meeting so that the first‑time participants at those meetings have other people to talk to that kind of know what’s going on with ARIN as well.
John Curran: Thank you. Good feedback.
Bevil Wooding: Good morning, everyone. Bevil Wooding, Packet Clearing House and Caribbean Telecommunications Union. This is also not a question but a thank you for ARIN support in the Caribbean region. ARIN has played a crucial role in the ongoing Caribbean ICT Road Show bringing awareness to IPv6, RPKI, and so on, and they have also supported the very recently formed Caribbean Network Operators Group. And both initiatives have benefited tremendously from the work that Team ARIN has provided. So I just wanted to acknowledge that and say thank you and look forward to seeing you in the region.
John Curran: We’re happy to support those initiatives.
Frank Hoonhout: Good morning. Frank Hoonhout, State of Oregon, Fellowship member. I wanted to thank you for the opportunity to be here as a Fellow, being selected as one of the three members. I can’t speak for the other two, but I’m sure they’re just as grateful as I am. I’ve learned a lot and I appreciate the opportunity to meet everyone here.
John Curran: Thank you. Glad to have you.
John Curran: Okay. Next up we have the engineering department report by Mark Kosters.
ARIN Updates: Engineering
Mark Kosters: I’ll be happy to let you guys know that I’ve not had any geese encounters so far this year.
For you who don’t know, I was attacked two years ago riding my bike to work. I came to work, I was all bloodied, everybody made fun of me because I look disheveled and they were kind of amazed that a goose did that much damage, but it did. So let’s go on and talk about what’s going on within ARIN engineering. We’ve had a lot of success this past year or this year so far. We’re aided by a bunch of contractors, but not as many as over the past few years. We’re starting to run down this year with contractors. It’s also a new age for engineers. We have a number of new faces on staff, some of which you’ve seen here today or this past ‑‑ this week. And we continue to have open positions that I’ll be mentioning here very soon.
We have done a lot of work, but we have a lot more to do. So here you can go ahead and see our staffing. The number of people we have in operations, we have six people and a manager. One slot that’s open. In development we have five developers and a manager. We also have five contractors helping out. And that’s down two since the last meeting. And quality assurance, we have three QA personnel and a manager. And four contractors, one of which or two of which are part time. We have project management slot that’s soon to be open. Actually, Erika’s last day is on Friday. We’re very sad to see her go. She’s been a critical part of our success managing all our projects. So if you know of anyone who wants to work in an agile environment, please talk to me. And, of course, me.
What is operations doing? We’re upgrading end‑of‑life equipment. And this is kind of a continual theme for many of us here in this room, is that we have a lot of gear that’s old and crusty. And it’s good to get rid of that. We’ve rolled out anycast on the /8s that we’re authoritative for. We’re running now in St. Maarten, San Jose, and Ashburn. And soon in Toronto. We’re maintaining various environments that we have running. We have production. We also have an operational testing environment operation, called OT&E, that you’re more than welcome to test in. We’re working on getting a Whois server out there, and some other things as well. So look forward to ‑‑ look forward to seeing some enhancements to that particular environment.
Of course we have development, Q&A, and staging; making sure we got everything right before we deploy. We’re getting very close to putting https out on Whois, on Whois‑RWS. And we’re in our final stages of testing, and we soon will actually put this out as well. So this will actually be a great enhancement to the Whois‑RWS environment.
We of course have a lot of IT support from day to day, mainly making sure I turn on my wireless switch on my laptop when I don’t have it working, that sort of thing. And, of course, RPKI rollout. That’s one of the big things that we’re working on now. What I’d like to talk about next is Whois‑RWS traffic loads. We’ve had a pretty good run over the last two years. Pretty it’s amazing. Currently running at 475 queries per second. But one of the things that’s kind of interesting on this ‑‑ and I’m not sure how many of you realize this ‑‑ but we put out a new protocol that displays Whois data, if you want to call it that way.
We actually are seeing more Whois data queries across our RESTful interface than we have over port 43. And what’s interesting about this is you’ve had this established protocol out there for years. We call it Whois. And Whois actually has different meanings to different folks, but the real sort of meaning for Whois is actually the protocol itself. The protocol is really stupid. And basically you send in the query and you get back a response, none of which is in any sort of expected format. You just kind of hope and pray what you send out is what you expect to see in your result.
Well, this has been regularized over time, of course, as people realized what they need to do and clients and so on. And we’ve actually gone to the point of actually creating an interface that has expected queries and expected results, so therefore if one wants to do improvements to this, it can be done in a way that clients aren’t broken. And this is actually a problem with old Whois protocol on port 43.
And here you can see the graphs on the amount of traffic we have. And this is really from ARIN’s ‑‑ almost ARIN’s inception to the point of where we are today. And you can see that in 2010 and 2011, we had just amazing number of spikes. And that’s calmed down quite a bit, but we’re way over where we were over the last ten years. And here’s a graph that shows the combination of RESTful, port 43, and of course the total that’s above. I’m not sure how much you can see it, but that sort of greenish line there is the RESTful interface. And over the last two months it’s surpassed what’s ‑‑ total queries what’s going on in port 43.
Here is our total queries per month on Whois‑RWS over IPv6. Note that I’m not doing queries per second. But I’m very proud to announce that we’re getting closer to 1 percent of our total traffic being over v6.
Mark Kosters: We’re currently at .58. If you want to do it from a percentage perspective, it’s .0058. So we’re getting closer to 1 percent. And I guess you can round up and say we are at 1 percent. But we’re not quite there yet. But over the past couple of months it was at like 2 percent or low ‑‑ or .02 percent or lower. Now let’s go ahead and talk about development and Q&A. We have lots of improvements to existing systems of which you’ve seen on online releases that we’ve had since ARIN at the last meeting ‑‑ I can’t do that. What was that? ARIN XXVIII. We now have invoice reminders in ARIN Online. We’ve implemented the policy of 2011.3, and one of the things that you guys didn’t notice is before that we actually had a cut across all our v6 zone at a /20 boundary basis. And we actually had this hard coded in our systems.
The reason why is we thought that nobody was going to have an allocation that large. Well, with this new policy, there is the possibility of actually making that happen. So we’ve actually gone back to a flat zone, which means that over time it could be as large as dotcom in terms of size. But that’s what it is.We’ve put out WhoWas. We’ve also been moving to new Java concepts. Java is always changing. There’s all sorts of machinery that’s changing underneath as improvements and so on that we try to keep up with. And we’ve had various Whois‑RWS improvements and ACSP requests that we’ve been able to satisfy.
Current tasks. We’re currently moving from Red Hat JBoss to JBoss AS 7. This is a cost reduction measure. When we first got into this, we thought that Red Hat JBoss was a wonderful thing, hey, we can pay a little bit of support costs and have a wonderful system. Well, over time the support costs have grown and grown and grown, and it’s time to actually go to a freely available system to actually look at this. We’re now in the home stretch for hosted RPKI. We’re working on some of the loose ends, some of the documentation, and we have a couple of issues that we’re looking at from the validator perspective.
For you who don’t know what RPKI is, it’s a framework using for routing security. There’s two components of it: one is registering your routes, essentially, or where your routes originate from, and there’s these tools called validators that actually validate this information that’s generated from these registries and actually are fed into routers actually used to help ISPs realize which routes they actually want to accept or reject or whatever. And we found that some of our requirements are breaking existing validators. And this has gone to the validating ‑‑ to the community, development community, who’s working on these validators to fix.
Upcoming tasks for 2012. We’re going to be deploying hosted RPKI. We’re going to be starting the implementation of delegated RPKI, which is up/down, which allows ISPs to manage their own RPKI infrastructure if they so wish. We’re working on moving from Oracle to open source database. Cost reduction measure. It’s much like Red Hat JBoss in that we are being held hostage by essentially fairly high prices and we want to reduce that. Again, we’re moving off of Red Hat operating system. Again, another cost reduction measure again. V4 runout changes that Leslie talked about earlier this week and integrated payments, integrating some of the things that seem kind of not so great right now; that you have to actually type in multiple times to pay your bill. So we want to integrate that with ARIN Online as well.
So how is ARIN Online used? Well, Nate talked about this earlier this week in terms of number of accounts. Actually, we’ve been incredibly successful in the number of people that have set up accounts with ARIN Online. And you can see that we’re doing quite well this year, too. We’re on track to be over 20,000 for the year. Last year we did almost nearly 20,000, and we now have over 54,000 actual accounts in the system. And here’s a schematic that gives you an idea and the number of logins. A lot of people have come in and just logged in once and that’s it. But there’s a number of people who have come in, a whole multitude of times, and you look at the number of people that have come in and logged in over 16 times.
So these systems are being used by the community, which is great. I’d love to hear from you in terms of additional improvements, and we have gotten those. But this has turned out to be a very useful tool. Here it gives you an idea of the management of the POCs, in terms of what’s being used. The color ‑‑ the shades that’s depicted in blue is what’s actually done within ARIN Online. And you can see that we have pretty significant uptake with ARIN Online in terms of management of POCs. The same thing with management of ORGs. You can see we have a significant portion dealing with ARIN Online as well.
And here you can see the breakout on what’s happening with Net Record Management. And finally we have this RESTful provisioning interface that could be used instead of a SWIP to actually submit your reassignment information. And there’s a number of vendors that are coming in place with their tools and they’re selling it to their clients and their clients are starting to use these tools. So this is a great thing as well. And this, again, is a much ‑‑ from a programming point of view, this is a very simple way of submitting information to us.
What I’d like to do now is kind of talk about the evolution and development of services. And I’d like for you to kind of think about this as we go forward and things that you want as a community for us to do. I want to look at WhoWas, RPKI, and Whois to Whois‑RWS.
WhoWas requests. We had this demo period that was made available to the community. During that demo period ‑‑ I believe it was five months‑ish or so ‑‑ we had nine inquiries during that time. And only one person actually used the system. And so we were wondering: So are we doing the Field of Dreams approach? Are we building it and hoping that people will come? In this case it looks like it has happened. But you kind of wonder about that based on feedback that we saw during our pilot period on how many people are actually using the system. We currently have 45 authorized users. 125 requests have come through, and one user has actually done 66 of those.
RPKI pilot. It’s been operational since 2009. There’s 63 users on that system. It’s been out there for two years. And there’s 76 ROAs in that pilot. Basically people have said attach this particular prefix to this autonomous system number, and that’s where the origin of its announcement is coming from. There’s instructions on there how to use and it includes a TAL, which you need for validators. And many services are hooked into the pilot. Andree Toonk is here, and he’s using it with BGPmon, and the RIPE validator actually has this included in their system as well. So you can actually see how these things are used in a global context. For RPKI, I’ve been talking about this for years, and it would be really nice to see this go into production, and I really truly want to see this go into production, as well as all the developers and Q&A people and everybody else who has been working with ARIN on this as well.
It’s been a huge challenge for us. We’ve had to work with a secure embedded device, and APIs that you deal with there are very different and very highly specialized. We actually had to create a generator, RPKI generator, as well as a validator within HSM itself to make this work. And this is nontrivial work to actually do. I’m glad to say we’re over that hump now. We actually have the HSM doing the right things. We have expected inputs, expected outputs, everything validates, aside from the issues that we have with the validator not taking our CPS sets embedded in it.
We estimate this to be in production within this year. I’m not quite willing to say that it’s going to be in July or August. But we’re very close. One of the things that we will require is that you sign for the resources you have with us that they be under RSA or LRSA.
Finally, I want to say, and there’s a few people in here that are part of the protocol development of this, is that the protocol is mature, but not really. For example, the validators don’t allow for an extension that we require. We went through the drafts to make sure they could. Initially the drafts explicitly would not allow this to occur. And mysteriously that was taken out in later drafts. And I talked to the author about this earlier today, and he didn’t realize that it was taken out. But it has been.
Which is good, but a lot of validators were built on those earlier drafts. So there has to be a settling that occurs. And this came up at the last IETF, in that Rsync may not be the best protocol to actually deal with repository management. That’s another thing that we need to be looking at. And we’ll see. And I see I got one of the co‑chairs of the RPKI working group coming up ‑‑ standing up already. This is cool.
Mark Kosters: So now for challenges. What we plan on doing is after we get hosted done we plan on doing delegated, which allows up/down, which allows ISPs to actually do their own RPKI hosting themselves. We’re looking at whether or not we should do the distribution protocol that has come up. That’s actually in the IETF right now. That allows for people who have their own hosting but want us to actually publish their data. We have distribution protocol changes that I talked about earlier. Another thing we’re working on is ERX and inter‑RIR transfers, and it’s great that these global policies are coming out, because it’s actually helpful for us in terms of what we need to do from an RPKI perspective.
We’re also interfacing with IANA ‑‑ or ICANN, excuse me, on this issue as well, merging with a Global Trust Anchor, and there’s some talk about a simultaneous operation of a Global Trust Anchor and a RIR Trust Anchor. This is going to be kind of interesting when these things come out, for those who want to do that. Do you guys want to ‑‑ take questions now? Go ahead, Geoff.
Geoff Huston: I got stumped there when you said it had been changed. I’m actually reading from the RFC and it says here that any other fields must not, in broad capitals, appear in a conforming resource certificate. So I’d suggest you have a look. And if you really want to put a CP pointer in, we’ve actually either got to revise that spec or just understand what’s going on. Because, yeah, I was right, you can’t add things to these certificates in the current state. You just can’t.
John Curran: So, Geoff, there’s a certificate used for two different purposes. For what purpose is that one?
Geoff Huston: This is the resource certificate that is actually used to certify that a subject has those resources. So I’d just like to check. We’ll need to talk. But I don’t think you can do it.
Mark Kosters: I have to go look at a confluence plate, and we’ll look at the diffs. All right. So, Chris, do you have a question?
Chris Morrow: Sure. First one correction. It’s not the RPKI working group; it’s the SIDR working group.
Mark Kosters: Oh, yeah, yeah. I know.
Chris Morrow: SIDR, Secure Inter‑Domain Routing.
Mark Kosters: Thank you, thank you.
Chris Morrow: I know you know that, but for people here that may have gotten confused. Let’s say that if you’re running into these sorts of problems, either talking to the group of validator folks that are doing testing would be good ‑‑ maybe you’re already doing that.
Mark Kosters: Oh, we are doing that.
Chris Morrow: Super cool. Letting folks know on the SIDR mailing list that you’re ‑‑ the working group mailing list that you’re running into these sorts of problems and these are things, corner cases or operational cases, that need to be addressed would be good, because they’re a set of folks that are doing things there that aren’t running into this problem or perhaps are and don’t care as much as you do. So feedback is good. And the last thing is that the folks in the room, if you don’t know what this stuff is yet, you probably want to get educated. There are workshops. There have been workshops at ARIN, NANOG, RIPE, other sorts of meetings. It would be useful to do some reading and do some investigation and think about how you’re going to integrate this function into your operations. Thanks.
Mark Kosters: Thank you, Chris, and thanks for the correction. Sometimes the whole naming structure of the IETF and dealing with people not dealing with IETF makes it kind of tough. So SIDR dealing with RPKI, I was trying to simplify things, but thank you for that correction. So Whois circa 2011. Whois was at the end of life. You can see we had a number of spikes. It’s expensive to run and maintain. At that point we were doing I think one or two refreshes a day, not the near real time that we do now. It needed to have a replacement. We were starting to run lots and lots of boxes out to our co‑los, and it was just ‑‑ we needed to deal with it.
We also needed to add CIDR query support, and the existing code was just ‑‑ it was going to be hard to actually make that work with that code base. And we needed a way to handle change. So Andy, who is sitting in the back, came up with this idea of a RESTful interface. And then he added realtime updates. And he did this mostly on his own. And he had also added a way to evolve features into REST, because that’s what we were working with this and what we were sitting down and discussing with John. John said: Whatever you do, don’t break things on port 43. So we had to be very careful in the engineering of this and actually document the changes and behavior that was going to happen between the two.
And, as I spoke about earlier, port 43 Whois is a very old protocol. You don’t have any idea what you expect as input. At least the server doesn’t. And from a client perspective, you just kind of hope and pray what you query for is the response that you expect back. With the RESTful interface, all these things are actually very well defined, so you have an expected way of doing the query and a way of getting expected results, and if you can make changes, these changes can actually be put into the system in a very seamless way. And what’s interesting about this is this work has actually started culminating with other regional registries saying, hey, this is a good idea, and they started looking at this as well.
It’s actually expanded beyond that now. The IETF has gotten involved. They have a working group called WEIRDS. So Whois‑RWS is now in this working group called WEIRDS. And it’s actually dealing with both ‑‑ don’t you love the names? We have SIDR for RPKI ‑‑ you guys should have come up with a sexier name ‑‑ and then you have WEIRDS for Whois‑RWS. And one of the reasons for this is ICANN has seen this and said, you know, this is really great work. And this protocol, this Whois protocol of port 43, this is really crusty, it’s end of life; we’ve got to fix this.
So there’s been various working groups within the ICANN community that says we need to replace Whois, the protocol as well, and they actually have very much supported this effort and actually are working with the forward registries ‑‑ .com, .net, .org, all the rest of them ‑‑ to put this within their infrastructure as well. So as I look at this ‑‑ I’ve been here for four and a half years now ‑‑ ARIN has matured and has come a long way. When I first came, there was a lot of core stuff that was actually ignored for a long time. An example of this was we were running Oracle 8 on Solaris 8. Solaris 8 was released in 2000, and this is 2007. Oracle 8 end of life was between 2004 and 2006. So we were running on very old unsupported hardware and software.
And one of the things that we learned as doing the evolution from Oracle 8 to where we are now, 10 G, that the deployment in making that happen was tough. Because almost everything that was put in there said, oh, we just need this report. Hack that in Perl and just put it into the system. No documentation. And once that person left that legacy of what that thing was and what it did, left with them. And we had to go through that as part of this deployment to actually put this together. And, again, there’s no interactive website at that point either.
So what we have today. We have almost a complete rewrite of all the systems. We have additional functionality. Reg‑RWS, which is the registration interface; Whois‑RWS, which is the directory service interface; we have DNSSEC, which was a very big deal because we had to do a large amount of rewrites within our systems as well to make that happen; and additional security with API keys. So users can’t actually use templates to take someone else’s network registrations. And that essentially has gone away. We also have an IRR feature set that’s on par with most of the IRRs that are out there, aside from RIPE and some of the integration that they have there. It’s still using templates, but it’s available and most of that feature set is there.
So where does this put us? Well, we have items modified, documented, tested, deployed with confidence. So when we put out things, we feel very confident that we’re able to deploy where we’re not going to have a major meltdown. We can also bolt on things faster. WhoWas took us three months to actually implement by a fairly small team of developers and QA staff. And it was actually fairly complicated on the back side getting all these relationships right and making sure that things weren’t exposed that should not be exposed and so on and so forth. So these things actually came out, and they’re actually working right out of the gate.
We also have a RESTful interface. So for those who don’t want to use the Web interface for it, you can actually go use the RESTful interface for it as well. We also have schedule challenges going up. We have hosted RPKI, we have delegated RPKI. Neither of these are trivial. We have Managing Unmet v4 Requests; payment integration; SWIP Easy, which allows for people to do onesies and twosies on ARIN Online, using ARIN Online interface to make those happen; and migration off of Red Hat and Oracle. None of those things are nontrivial in a running operational environment. We also have all these unplanned functionalities that have been asked for for us to do. These are not scheduled yet. We need to figure out where to place these into our queue.
We have extended stats for NRO. Right now the stats that we generate and the stats that the other regional registries generate are different. And there’s an effort underway to make them more consistent between the regional registries. There’s DNSSEC improvements. There’s some things that I want to add to it that are currently lacking. Streamlined Transfer Service, that’s something that Leslie really wants. CMSD membership/voter functionality. Integration of meeting membership ‑‑ or meeting registration into the system. Integration of IRR within ARIN Online. Lame delegation reporting, do we want to turn that back on.Additional OT&E services. What sort of things do we want to add to it so that you guys can do your testing.
And alternative RPKI‑like services. Who knows what they are, but actually Andy and I came from the research part of Verisign, and there’s some ‑‑ there may be some things that we could look at. We don’t know yet, but we’ll just have to see. Retrievable meeting registration data. And there’s of course the community needs and policy needs that are upcoming and the engineering implications of that. We need to do a better job vetting that and implementing the needs that you have, and we need to hear from you.We also have some technical and operational debt that we have to deal with. Because what we don’t want to do is be back into the 2007 period where we had undocumented code and we were kind of hoping and praying that migrations actually worked.
And thought leadership. Whois‑RWS, we’re doing that right now. RPKI, we came to the ‑‑ really came to the game essentially late, so we’re just following. So you won’t see any ARIN staff with names on drafts that currently exist in the SIDR working group. And other additional research. So comments.
Kevin Blumberg: Kevin Blumberg, ARIN AC and The Wire. I want to say thank you for the WhoWas. I know the community really mentioned it a lot during our last Members Meeting, and I was incredibly impressed at the speed and voracity that you managed to get it out and get it done. So thank you. That was the first thing. The second one, with regard to the IRR, last meeting nobody was using it. It was a statistical anomaly, the number of people using it compared to our membership base. Has that changed?
Mark Kosters: Actually, it has. One of the things that’s actually occurred ‑‑ and this kind of goes in the same sort of category as WhoWas ‑‑ is you had this sort of trial period where there wasn’t a lot of use or kind of like building it, will they come. After we did the improvements to the IRR ‑‑ and, unfortunately, I should have had some graphs dealing with this, but I could see on the number of maintainers that are being upgraded from mail from to password authentication.And one of the things that ‑‑ we’re seeing this, a lot more activity now. Unfortunately I can’t quantify it. But we are seeing more activity on the IRR now than we did before we made the change, before the last meeting.
Kevin Blumberg: I know there are people behind me, so if for the next meeting we could look at that, because obviously being able to prioritize and things like that would be wonderful to see how that is changing.
Mark Kosters: Agreed, agreed.
John Curran: You’re popular. Keep going.
Andrew Dul: I just want to say thanks to Mark and his team again, and I think they deserve a big round of applause for the past four years of work, and I think we’re probably going to really be seeing some really great things.
Mark Kosters: Thank you. Back center mic.
Rob Seastrom: I’d like to echo Kevin’s thank you for WhoWas. I really appreciate it. I did not see ‑‑ maybe I was just not paying close enough attention. You mentioned that Red Hat is out. What operating system is now available in the Mark Kosters Signature Edition?
Mark Kosters: It depends. Most of the systems out there that we are planning on using are going to be CentOS.
Rob Seastrom: So Red Hat, by any other name, you just decided that paying for the support wasn’t worth it?
Mark Kosters: Oh, not at all. My apologies to the Red Hat folk that may be in the audience.
Owen DeLong: Owen DeLong, Hurricane Electric, ARIN AC. So I’m looking at Nate’s presentation yesterday, and for 2011.29, where you’ve got a request to instead of returning the results of a URL return the URL itself along with the results, you’ve estimated it will cost almost $100,000 to do that. I am very confused by that estimate to say the least.
John Curran: Give me a moment to look at it and I’ll explain it.
Mark Kosters: Go ahead, back center mic.
Aaron Hughes: Aaron Hughes, 6connect. I’ll echo the things as well, the RESTful interface improvements and the WhoWas is lovely. But one thing I did not see on any list was the upgrades to error boarding on REST. It would be really, really nice to stop seeing 401s and start seeing some detailed error messages back in the REST interface and would just like to publicly make sure that it’s on a list somewhere.
Mark Kosters: Yep. So, actually, one thing that hasn’t been announced yet because of what’s going on within the meeting is we have enhanced the documentation with Reg‑RWS. And it’s actually on the website I believe right now. Yeah, it is. And so you’re welcome to look at it. I think ‑‑ I’m not sure how much error reporting we have in there. How much did we do, Sean? Do you remember?
Sean Hopkins: We addressed concerns that were brought up on the tech-discuss mailing list regarding specific errors that were not reported or clarified properly and made enhancements through that feedback. Further enhancements I would assume would come from the same sort of feedback, and we look forward to that.
Mark Kosters: So actually what I encourage you to do, Aaron, is actually take a look at it and see if it’s along the path. I don’t think it’s entirely there yet, but I think it’s along the path.
Aaron Hughes: Okay. It’s notable that when bringing up things like this on arin-tech-discuss, I have not specified specific errors because answers have been generically “don’t worry about that, we realize we need to work on our error coding and our documentation,” therefore I had no reason to report specifics. So I think it’s probably got a good deal of work that needs to be done, and I will report them all specifically there.
Mark Kosters: Thank you.
John Curran: Let me pick up on something. So we will enter ‑‑ come this summer we will be trying to figure out workload in terms of enhancing things. So it’s, yeah, timely to take the ones that you’ve got, Aaron, and report them, because we will put more resources into RESTful codes if that’s what’s needed.
Mark Kosters: Front center.
Kevin Blumberg: Kevin Blumberg. In regard to Rob Seastrom’s question, which was the last one, I just wanted to give people some time, I’m actually very concerned about the migrations you mentioned, not because you’re going from a paid unit experience to an open source unit experience, I have no problem with that in the slightest, but what my concern is and my cautionary tale, because I’ve seen this time and time again in our industry, is moving from a first tier of support to somebody who is relying on the first tier and then spinning it down days and in sometimes weeks and months later. And I think it is putting you as a company in a risk factor for security patches that you’re not going to get in a timely fashion. So open source, good; free, good; proper response, better.
Mark Kosters: So one of the things we’re looking at here is there are companies that actually provide support for those freely available database packages. And actually we plan on actually using one of those. The cost is quite a bit less. We are actually in the process of testing this now on the package that we are planning on using.
Kevin Blumberg: Sorry, just to clarify, I’m not referring to the database; I was specifically referring to your operating system.
Mark Kosters: Oh, the operating system. Okay. Well, they’re both kind of in the same boat, actually. From an OS perspective ‑‑ how can one say this without denigrating support too much?
Kevin Blumberg: Again, it’s not support that I’m concerned about; it is timely access to patches and updates.
John Curran: Okay. So I have run a datacenter that spent a lot of time doing its own OS builds. I will tell you that I am not sure that a commercial operating system, when a security incident occurs, necessarily provides a patch in a timely manner, as fast as the open source community does, for many of the things that you’d consider a security situation. And so I don’t know whether or not that’s a race that the commercial OS vendors win compared to the open source community.
Kevin Blumberg: I think we’ll take this offline.
John Curran: Sure.
Kevin Blumberg: But just ‑‑ yeah. Okay.
Rob Seastrom: This is Rob Seastrom again. This isn’t an open source versus closed source thing. It’s more of a tolerance stacking and timeline issue. And it’s certainly something I’d welcome the chance to talk about offline as well.
John Curran: Sure. Happy to do so. So we have an open item. I’m going to refer ‑‑ this is the slide. If you want to try to bring up Nate’s presentation from yesterday, Slide 8, and it was adding links to query response, and Owen was wondering 99k price tag. Could you explain that.
Mark Kosters: Sure. I’ll try to do the best I can on this, is the way that this was architected, in terms of it’s actually using RESTful calls on the back side, and there’s a lot of enveloping that is occurring to make it visually appealing to the user. We have to untussle most of that and reengineer it to make it ‑‑ to ‑‑ to put it back into place. And so the cost is not only developing it, sort of reenveloping it, but also doing the whole Q&A cycles that are involved in making sure that everything is, again, validated.
John Curran: Owen.
Owen DeLong: So I understand that there’s some certain cost of developing it and I understand the Q&A. What I don’t understand is ‑‑ as I understand the request in the AC SB suggestion, all he wants you to do is give him that RESTful URL that you’re querying on the back side in addition to those nice pretty results.
John Curran: That URL has to come from somewhere.
Owen DeLong: But the URL is getting queried in order to get the nice pretty results that he’s talking about untussling.
Mark Kosters: What I would like you to do, if you would, spend a little bit of time with Andy, and he can explain it better.
John Curran: We’ve got to touch multiple systems to get that data all the way to where you want to get it. Okay?
Owen DeLong: Okay.
John Curran: Anything else on the engineering report?
Mark Kosters: Marla was up there for a minute, if you don’t mind.
Marla Azinger: I wanted to thank you for the ARIN Online. I’m one of the ones that you see frequently logging in. So if you want input, I’d be more than glad to email with you and try and give you some more input. I just didn’t know if you guys were inundated with stuff. But it has made things much easier, and I’ve been able to walk other companies through using it as well and getting them to update their records, too. So it works really well.
Mark Kosters: Thank you.
John Curran: Scott?
Scott Leibrand: This is remote participant, Leif Sawyer. Says: Having dealt with both Red Hat and CentOS support and patch time frames, I fully support the migration to CentOS.
John Curran: Okay. Anything else for Mark? Thank you, Mark. Next one up is Bob Stratton with the Financial Services Department report.
ARIN Updates: Financial Services
Bob Stratton: Good morning.
Tim Denton: Bob will address the question of whether the Battle of Gettysburg could have been won on the second day.
Bob Stratton: Third day. I’m going to go over the staff of FSD, the ARIN Online development, registration revenue history, some financial statistics, and an Economist magazine graphic. First, Val, Michael and Tammy are here. Hopefully you got to chat with them. Amaris, Tanya, and Amy are back home. They work directly for Tammy. They all do a great job. I won’t say anything other than that. But ARIN Online interaction. In previous year we developed the ability for you to see your invoices to administer your billing POCs. Last year we worked with Mark’s team on sending the reminders for open maintenance invoices. It’s also improved interdepartmental communications.
Basically Leslie’s team can see what we’re doing and my team can see what Leslie’s team is doing. This year, as Mark said, we’re working on moving the payments into ARIN Online. That’s credit card payments. So it will give us more functionality and security and make your lives easier, I think. Now to get into some meat. This is some recent revenue history going back to 2008. The first line is ASN, initial registrations. Those are $500 each. You can see that’s a steady stream from 2008 through 2011. I will presage Paul Andersen’s treasury report and say he’s going to give you a lot more detail on our 2011 results that are preaudited, just need to be adopted by the Board. The audit’s done, it’s just in draft form.
Assignments are the IP end users. That’s both v4 and v6. As you’ll see, there’s a spike in 2011. That’s both policy but there’s also a lot of v6 assignments going on in there as well. But that is the real delta. If you look at the other lines, v4 allocations, of course those are our lion’s share. That includes both initials and renewals. Those are the allocations that have been the bread and butter for ARIN from the beginning of time. V6, that also has a waiver involved over the time frame. So it’s not necessarily that there’s a lot of growth there, it’s just that the waiver is coming off. It’s currently under a 75 percent of the fee. It’s 25 percent waiver. And that’s going to adhere through this year as well. And these are allocations.
“Other” is everything else. That’s mainly the maintenance fees for the ASs. After you get an AS, you have to pay a $100 maintenance fee a year later and a year later thereafter. And it also includes the assignments and there’s some transfers. “Other” also include transfer fees, conference fees, other miscellaneous. But the lion’s share of the maintenance of that line of “Other.” You can see the registration revenue, the third line from the bottom in bold, is moving up in a steady state, but the delta between 2010‑2011 spiked up mainly because of the assignments. What I wanted to show you right beneath that is the net change in investments. Volatility plays a role. So you can see in 2008 it was not a good year. 2009, oh, look. And 2010, very nice. Last year was almost a break‑even, a little loss. And then that first quarter this year more than made up for it.
In essence we budget to make ‑‑ for budgeting purposes to cover expenses, 4.5 percent of the reserves are budgeted to be spent in any given year. And over the long term, that works out about right. It’s just it’s a little uncomfortable bumpy ride occasionally. You can see on the bottom the revenue stream has some volatility based on the fact that there’s an oversize effect from the investment part. This is just a graphic of what you saw. Again, it’s really showing that v4 is the lion’s share. Everything else together doesn’t even equal half of the v4 allocation revenue.
Now, in the v4 revenue, these are the revenue streams ‑‑ these are the different categories in v4. You can see that they’re all commiserate in terms of growth in each category. Extra large, large, medium, small, extra small. The fees in each: 1250, extra small; 2250, small; 4500, medium; 9,000 large; 18,000, extra large. Mr. Andersen may talk to this in his presentation coming up. As I said, I’m the setup man.
Revenue recognition. Now I’m going to bore you to tears. ARIN recognizes the allocation revenue on a deferred basis. That means, if you pay us, it’s a 12‑month service that you’re going to get that allocation for. You pay us 18,000, we recognize 1/12 of it, which just happens to be 1500, and then the next 11 months we recognize the remaining 1500 so that the 18 is fully expended. We then do it all over again. Wash, rinse, repeat. And thus it goes. And this is standard GAPP. Some of the revenue streams we recognize as it’s paid, the initial fee for end users, because one year later they only pay a $100 maintenance fee. We don’t defer end users’ maintenance or initial ASNs.
On the invoicing structure, I just wanted to point out that the green is the revenue stream and the blue is the number of invoices for each of those revenue streams. What this is showing you is v4 allocations, where the lion’s share of the fees come in, there’s not that much ‑‑ there’s not that many invoices. Each invoice represents a fairly substantial amount.
Maintenance fees at $100, there’s a lot of them. We realize that the maintenance fees are also a database accuracy effort, not necessarily a financial transaction, but I just wanted you to be aware that the cost or effort for either of those activities is just about the same. Anyway, I just thought this was interesting. One other item is over the last recent history the Board has wanted us to draw down reserves. We’ve actually been doing that from a registration revenue versus operational expense perspective over the last year and the year before.
We drew down reserves from a registration revenue versus expense in 2010, but the effect of the investments overwhelmed that. There was a 350,000 deficit between registration revenue and operations, and last year, preaudited, we drew down. The differential between the two was about 650,000. And this is just a graphic from The Economist magazine I thought was interesting. The fourth item down is the Internet. I’m not sure how they decided it’s only been in existence 11 years, but in the blue it means it’s 50 percent penetration of US households, and then the yellow is after it gets above 50 percent. So the Internet still hasn’t hit 50 percent penetration of US households, according to The Economist.
Tim Denton: What do they know?
Bob Stratton: Yeah, what do they know.
And with that…
John Curran: Questions on Bob’s report. Okay. Thank you, Bob.
John Curran: So Bob gets to do a second report. We have him doing the HR ‑‑ Human Resources and Administration because Mary K. is not here. Go ahead.
ARIN Updates: Human Resources and Administration
Bob Stratton: Obviously that’s not me, but HR Admin Update. They provide organizational support for the rest of the departments. I’m going to go over some Human Resources items and give you a quick graph on the ARIN staff. In our annual audits, both financial and also helping provide the 990 report to the IRS, payroll plays a very important role. So that is scrutinized during the financial audit, so Mary K. and staff give support to us and give us the information that we need and the auditors. She deals directly with the auditors.
Travel arrangements. Misuk Kwon and Thérèse Colosi make travel arrangements for the Board, the AC, the ASO AC, and staff, in addition to their normal duties. And they do a great job with that. Sometimes it can be challenging. Also they take care of ‑‑ this department takes care of the facility. We are a flex building, which means everything internal is our responsibility. So if the bathroom has a problem, we have to take care of that. But if the roof leaks or there’s problems with the windows, that’s on the landlord.
In terms of Human Resources, we endure annual reviews. The employees have to endure them. Us as the management team has to endure them. We also have six‑month reviews. This department supports us and also manages that. Training and education. One of our staff received a technical writing degree last year, and another got a master’s degree. We’re still working on house‑training Andy, and we hope to be successful with that.
Bob Stratton: And we also take ‑‑ this department also takes care of the employee handbook, which is, as you all know, a bible for how things work for policies and such. And here’s a graphic. There’s 21 of us who have been here seven years or more; six of us, five to seven; 14, two to five; and 11 newbies. And I’d like to give a shout out to Jason Byrne who’s celebrated his ten‑year anniversary with us.
Bob Stratton: And I think that’s it.
John Curran: Any questions on Human Resources Department report? Thank you, Bob. Next up we have the Government Affairs and Public Policy report, and I’ll be giving that. Go ahead.
ARIN Updates: Government Affairs and Public Policy Support
John Curran: Okay. Cathy Handley can’t be here, so what we’re doing is I’m going to give her report. She’s actually off in Geneva doing some of this. Wanted to give you an idea of Internet Governance 2012 focus. We’ve been heavily involved paying attention to what’s happening in the registry system to make sure that it actually reflects the needs and wants of this community. This means prepping for the upcoming ITU World Conference on International Telecommunications. This is the first ever WCIT. The outcome is government negotiated treaty, revising the International Telecommunications Regulations, or the ITRs. The last time these were opened up to be meddled with ‑‑ I mean, to be looked at ‑‑ was in 1988.
John Curran: ARIN participates as a sector member in the ITU. Some questions. Are the ITRs still relevant? Meaning, they’re certainly relevant for telephony, but how are they relevant for the world of the Internet today? Should new issues be brought into them? To the extent that telecom companies now use the Internet to do telecom‑like things, and these were supposed to provide for telephony services and how they’re regulated, one can easily argue if that’s happening over the Internet, that should be included. How does the Internet fit on its own, as its own independent service, separate from the use of the Internet to carry telephony.
And should the Internet be specifically addressed in the ITRs? Many participants equals many options. Many participants with different degrees of motivations and knowledge of the subject matter make for a fun time. There is actually a number of good articles. Mr. Geoff Huston’s in the room. He actually teased this out in a couple of columns on the Circle ID blog. I’ll send them to folks. We also have a reference. We’re putting up a webpage on the ARIN page on Internet Governance. We’ll have some pointers to those as well.
But the fact of the matter is this is a very complicated matter. You can easily argue that these ITRs have to change to reflect the new world. But you can also equally argue that they should be constrained through simple telephony, since that’s what they were originally envisioned for. It makes for no obvious answers. Drivers. Well, create a new role for the ITU in Internet standards has come up. Governments have noted that the ITRs are how they actually in some cases influence how things are regulated in their country, whether that be through the ability to collect or encourage the receipt of reciprocal charges or whether or not that’s through actual issuance of licenses. And the telecom revenues are an issue for many of these economies.
So there are discussions to expand the scope to cover all and possible future technologies used. That actually is a quote from one of the submissions, which is just wild. Make ITU recommendations mandatory has also been put in one of the submissions, which would be a major change since right now these are optional. And expand definition of telecommunication service to include Internet traffic has been specifically submitted as a suggestion. We obviously ‑‑ oh. Include the definition of spam in the treaty, adding such issues as such hub, hubbing, and transit centers, exchange points to the tariffing system. So people would pay for exchange of traffic into a country.
Modify the quality of service language as some express path and priority things for things like intergovernmental communications and network restoration traffic, which has priority right now under the ITRs. So this could have a pretty significant impact on the Internet. We are paying a lot of attention to it. The process by which this happens is that there’s a lot of regional groups that make contributions. And then those contributions all eventually get discussed by member states. A lot of this actually happens in conferences leading up to the WCIT, but at the WCIT itself is where member states, governments, to say what they’re willing to agree to.
This means that at the end of the day the votes of the governments, so a lot of our engagement is working with governments in the region. Canada, U.S., economies in the Caribbean we’re busy briefing on these. We’re busy trying to figure out how they will stand on some of these matters. In some cases they’re still developing their positions. So it’s ‑‑ but it’s a dynamic time. So there is a prep meeting going on literally right now, which is why we don’t have Cathy. There’s a final meeting for our preparation in Geneva to set the sort of framework and agenda for this three‑week‑long meeting in Dubai. Sector members are invited during the prep process and we are involved.
The final report of all the prep meetings go to council. The council approves that and sets the agenda for the actual meeting. Member states have until the third of August to submit contributions to the WCIT. So it’s a very big ramp‑up to this process. It’s not over until the meeting actually happens. From the 3rd to the 14th in December in Dubai, all the issues under discussion until the conference concludes with a treaty signing ceremony. For people who remember, our discussion of the Plenipot just a short while back, took place in Guadalajara, Mexico, it was extremely similar. This is a ramp‑up to a set of decisions that are made by governments as to what goes into a treaty ending in a three‑ or four‑hour‑long treaty signing where everyone goes up and executes it.
In some cases we have insight into how that will get developed right now. In some cases there are countries that haven’t even formed their working group to figure out the team that will make the decision on what they’ll allow in the revised ITR. So in some cases we’re calling on countries and countries are going, oh, we should have a process for how we decide what we put into the treaty. Yes, you should. And we’ll give you input to that. But, at the end of the day, this is a job of educating governments and it takes a bit of time. Myself, Cathy, Mary K., actually, has been helping out. Susan Hamlin has been helping out because of the number of meetings and governments we have to cover over the next six months. It’s going to be a very exciting time.
We’re working with the other RIRs, of course, swapping notes on this. And we’re also working with the Internet Society. The Internet Society is maintaining an active resource of information regarding all of the submissions that have been made. We work with them to understand what sort of issues are being put in because we don’t always hear about what every government or every association is submitting into this process. So if you ask me what the outcome would be, I will tell you the outcome of this is less certain than the outcome that we had for Plenipot. In Plenipot, we’re optimistic that we could have a fruitful outcome. This is too early to call. In October I will either be up here saying that we have a potentially equally similar reasonable outcome, or I will be looking at you with panic in my eyes saying that the structure of all this is subject to a lot of change.
So we’re going to try to continue to engage with governments over the next six months. I’ll be doing some ministerial meetings actually down in the Caribbean. We’ve been engaging with the US and the Canadian government up in the rest of the service area, but it’s still too early to call this question. Because it’s too early to call and it’s too early to know where the discussions are taking place, it’s hard to direct you. We are setting up a page on the website which will try to describe what meetings are available, how individual countries ‑‑ what their delegations are and how to provide input. It is possible at some point we will be asking the ARIN members to consider the issues being discussed and have their public policy or government people speak to delegations in the countries you operate in to let them know what your issues are.
Right now it’s a little early for that, but we will be organizing the information so you at least will know what’s being discussed and whether or not you want to get involved. So for your reading enjoyment. If you want to do a little background work. This document is the ITRs. It’s good reading, actually. It’s worth reading, not because it’s relevant to anything you do, but if you look at it as governments and you try to imagine how they see this document, and what’s happening with telecommunications as it moves increasingly onto the Internet, you’ll see why this might want to be revised.
There are paragraphs in here that are, beyond doubt, 80 years old. And so there’s some places where they’re going to update it. If you want to do the research, now would be the time to read it. That’s it. That’s all I have on Internet Governance. That’s the big thing happening. Questions?
Kevin Blumberg: Kevin Blumberg, ARIN AC, The Wire. In Canada we have a regulation of the number of Internet areas. I think it has worked very well because the main goal of it was to foster competition, which for our region works. I believe there’s similar things that occur in North America. I have one comment and one question. I’ll start with the question. Does ARIN have a public policy on what they would like to see as a community and membership and organization in regards to this? Or as a side stakeholder, I guess.
John Curran: Let me try to ‑‑ at the point in time when we have particular issues that we’ve seen have gone in and we know they’re being put before the governments, the member states, if we have a position paper, we will put it up on the website under the Governance section and we will tell you this is what we think is for the interest of the community, if you want to bring that to your particular constituent. Right now it’s a little early for that, because the problem is that we don’t know which of these are going to make it on to the agenda.
And in some cases, while some of these are probably obvious for ARIN to take a stance on, you’d be amazed, even amongst the room here, on the question of whether or not there should be activity to fight spam. Some of you might say yes and some might say no. On the issue of whether or not there should be settlements for international traffic, again, different members in the room would have different views. But if there are areas where we believe they’re essential to our mission and the outcome is clear, we will give you a policy position point and we will make it clear what you should be bringing to your government if you want to get involved. But we’re about 90 days away from that.
Kevin Blumberg: Thank you.
John Curran: Any other questions on Internet Governance? Louie Lee. Yes, Louie.
Louie Lee: Thanks. Louie Lee, ASO Address Council chair. That link needs to be updated. It’s going to a 404.
John Curran: Okay. We’ll find that. They tend to move things around, but I will find a link to that and get it sent. Okay. Moving right along, I’m going to now pick up with the Registration Services report with Leslie Nobile.
ARIN Updates: Registration Services
Leslie Nobile: Good morning, everyone. I have a short update from RSD. This is the RSD team. I don’t often spend time on this slide, but I think I should because these are the people that really perform the core function of the registry. They issue the resources, run the help desk, maintain the Whois and the IRR. They implement the policies, they maintain the policies, and they do so much more. And I really just wanted to recognize them. They’re the subject matter experts both internally and externally. They provide most of the statistics you see. Do lots of outreach support. They’re out there in the ARIN on the road shows, et cetera, et cetera. I could go on. So I just really wanted to call them out because they’re good.
Leslie Nobile: They’re great at their jobs. Our current focus. So obviously we’re working on IPv4 depletion planning. I went over the initial countdown plan with you. This is something we think about and work on every day, and we’re sort of adapting as we face this new world and these new challenges. Speaking of new challenges, 8.3 transfers, quite focused on those. That’s a whole new thing for us, and we learn every day and we adapt and we try to improve as we go along with these types of transfers. But they are challenging in that every one of them is different and it’s really an experience for all of us.
Resource classification project. This is a new one. This is something that we’ve been trying to do probably for 10 years and we finally finished it. And it’s very significant. I have some slides later that I’ll show you. But this basically had us identifying which resources in ARIN’s database are covered under RSA. We never had a system, a single system, that did that. There was no way of doing it unless we checked three different databases and then matched information, and it was quite difficult.
So there were over 70,000 resource records in the database. Some of those we were able to identify manually and categorize and do some work on, but there were roughly 15‑ to 17,000 that RSD had to work on manually, go through every single one, identify it, clean up any of the errors and mark it as covered under RSA, or LRSA, or no RSA at all. So that was what this project involved. It was a lot of hard work, but we’re so happy to have it done.
And of course we do work on ARIN Online. We support Engineering. We write a lot of the stories, work on enhancements, new requirements, and prioritization. I just got this data this morning. I decided to make it really current. So our current IPv4 inventory. The total that we have right now in here is 5.14 /8s that ARIN has in various stages. We have 4.87 /8 equivalents in our pool of available addresses. That’s stuff we’re issuing on a daily basis. We have 4.82 /16 equivalents in our RRH bucket. That’s RSD shortcut slang. It’s our returned revoked held bucket that basically we hold to clear filters before we reissue, and that’s a six‑month hold currently. And we have that one /10 reserved for NRPM 4.10 dedicated IPv4 block to facilitate IPv6 deployment.
The eye chart. Sorry. This is our recovered resources, but I just wanted to kind of give you an idea of what’s going on with recovered resources. So I went back and looked for the last five years. And IPv4 blocks in /16 equivalents, we’ve gotten a whole variety of space back. 101 ‑‑ 2007, 101 /16 equivalents. 85 percent of those were returns. The rest were reclaimed or revoked due to nonpayment of fees. 2011, I’ll just highlight it. You can read these yourself. But obviously 284.4 /16 equivalents. 96 percent were returns, and that was when Interop returned their block, so that was the largest percentage return‑wise in the past five years.
So we do get space back. But, as you can see, I just wanted to let people know there are still good netizens. They still give space back even though we do inform them that there is a policy that allows them to transfer those resources. They choose to give the space back to ARIN. As far as ASNs go, same thing. We get returns ‑‑ less returns. We do a lot more reclamation ‑‑ I’m sorry, revocation of ASNs for nonpayment. Most people don’t even notice that we take their ASN back. We rarely get a call about it, which tells us they weren’t using them, quite obviously.
But we basically get back about ‑‑ overall, in the past five years ‑‑ about two‑thirds of what we actually issue. So we have a fairly steady supply. It’s not one for one, but it’s a pretty good supply. We haven’t been back to the IANA for ASNs in years. I can’t even remember how many. So back to resource classification project stats. So there’s 47,103 total network registration records in ARIN’s database right now. We’ve found that 41 percent of those are covered under an RSA, a little over 19,000 of them. There’s 30,469 total ASN registration records in ARIN’s db. A little over 17,000, or 58 percent, are covered under RSA.
So if we drill down just a little bit on to the IPv4 side and RSA coverage, we’re looking at /24s covered under RSA, LRSA, or no RSA. And there’s a total of a little over 6 million, as you can see, total /24s in the db. There are 2.5 million covered under a standard RSA or 39 percent of all the /24s in ARIN’s database are covered under an RSA, standard RSA. As far as LRSA, 556,000 /24s or, 8 percent, are covered under LRSA. And then we’ve got that big gray slice that says none. So a little over 3 million /24s, or 53 percent, of all the /24s in ARIN’s database are not covered under any type of RSA. And are therefore likely legacy.
Total organizations served by ARIN. We always hear how many members ARIN has. Susan mentioned that. And I go to the other RIR meetings and they say we have 8,000 members or we have 5,000 members. I wanted to look at how many total ORGs are in ARIN’s database because we serve more than just our members. We have different categories. So we’ve got 35,000 total ORGs in the ARIN database. 4,124 of them are ISP subscriber members, or 11.8 percent. We have our nonmember customers, our end‑user assignment customers and our ASN customers. There’s 14,000, almost 15,000 of them, or 42.8 percent of the total ORGs, and then we’ve got the legacy. And the legacy accounts for 15‑, almost 16,000 organizations, or 45.5 percent, that would be considered legacy.
And so that’s a lot of organizations that we actually cater to and service. Looking at v4 and v6 subscriber members, we like to talk about this. How many of our ISPs actually have both v4 and v6. We saw that 2,453, or 60 percent, of our ISP members have IPv4 only. 245 have IPv6 only. No IPv4 at all from us. And that accounts for 6 percent. And then there are 35 percent or 1424 that have both IPv4 and IPv6. So that number goes up, but it doesn’t go up very fast. And I’ve been doing this same slide for a couple of years, and it’s maybe been 30 percent or 31 percent. Not moving too quickly, but it is moving and it is up as opposed to down, so that’s a good thing. And that’s all I have. Are there any questions?
John Curran: Okay. Any questions on the Registration Services report? Okay. Thank you.
John Curran: We’re going to do one more before break. So we’ll do John Sweeting with the Advisory Council report. Come on up, John.
ARIN ADVISORY COUNCIL REPORT
John Sweeting: Now I have an excuse for going quickly so I can get you guys out on break. Okay. John Sweeting, Chair of the Advisory Council. I’m going to give a quick update on things that have been going on with the Advisory Council over the last year. Quick picture. You’ve seen us all. We’ve all been around here except for maybe Chris Grundemann who is there in the middle. So for those that don’t know Chris, there’s his mug. All right. First off I wanted to do a big thank you out to Marc Crandall for his three years of service on the AC. He had his last day December 31st.
John Sweeting: And also I would like to welcome Kevin Blumberg who started January 1st with the AC.
John Sweeting: Okay. So the AC’s role in the PDP. As most everybody knows, that’s the main purpose that there is an Advisory Council. It is for the purpose of following the PDP and spitting out, as Einar would say, clear, technically sound, and useful policy. So with that being said, if you look at all this, it seems like it would be pretty easy to get some proposals in, have it go through the process, do the discussions on the PPML and here at the PPM and spit out some good, useful policy, which normally is the case. But there are some policies that are very challenging to get through the process, as everyone knows. But we do our best and not a whole lot to say about that. We’ve just got really comfortable with the current PDP so Mr. Curran has decided to change it. Thank you, John.
All right. So that’s pretty much what we do as far as the PDP is concerned. Now, there’s a lot of other things that we do as well. And these are some of the things. For 2011, some of the things that we ‑‑ well, we recommended adoption of 11 draft policies and we abandoned 30 proposals and two draft policies. As far as meetings, we attended two ARIN meetings, three NANOGs, eight other RIRs, a bunch of outreach events, three IETFs, and 12 AC meetings we have. We have a monthly conference call, except for the three months when we meet in person, which is January, April, and October, usually. I wanted to do a quick graph, just to show the contrast over the last four years of policy ‑‑ proposal history. So it’s basically the adopted, the abandoned, and the total. So as you can see, 2011 was a very, very busy year. 43 total proposals were put through the grinder, and out of that 11 Draft Policies came out that were recommended and adopted.
Currently for 2012 there have been six proposals submitted. One has been accepted on the docket, five were abandoned, and the status of the one that was accepted on the docket for end 2012 was a Draft Policy that was presented during this meeting. Meetings that we are covering in 2012. Of course the two ARIN meetings, three NANOGs, two RIPEs, an APNIC, two LACNICs, two AFRINICs, three IETFs, and eight outreach events or ARIN on the Road events. I understand there could be some more ARIN on the Road Events coming up, so we will gladly support that, Susan. We also have the Fellowship Program that we support. We have a participant on the selection committee. This year I think it’s Rob Seastrom. And then we have three mentors at each meeting to indoctrinate the fellows that have been selected and sometimes to shield them a little bit.
The outreach program. We participate in the booth at these events. We focus on IPv4 depletion and education of IPv6, promote the ARIN meetings and participation in ARIN as a whole. Nomination committee. We have two members that sit on the nomination committee each year once we get the call. PDP committee is winding down. As you’ve seen, John has put out the draft and we’re getting ready, I think, to put that into action very soon. And then just about anything ‑‑
John Curran: To be clear, the PDP committee wound down and there were so many comments on its final output that it was felt it was not ready to go anywhere. So I attempted to congeal that into one document, which we’ll go through with the AC this week, and then we’ll put out for public comment. If the public comment on the next version is relatively low, then we’ll update the PDP. But it’s your PDP. I’m just trying to get something that, much like policy proposals, makes it through the process.
John Sweeting: Thanks, John. Okay. And of course, as I said, we support Susan, ARIN, all the staff on just about anything they ask us to do. That’s it. Thank you.
John Curran: Questions on the AC report? No questions. Okay. We’re going to take a break. We do get a break in the morning. I’ve asked to remove it on many occasions, but people tell me a break is only fair. So we have a break. It’s a 23‑minute break in the schedule. And we come back promptly at 11:00 to hear the ARIN financial report and the Board of Trustees report. I will see you at 11:00.
ARIN FINANCIAL REPORT
Paul Andersen: Okay, welcome back. Hope you enjoyed the coffee. I’ll try to keep this quick since I know I’m between you and flights and the lovely city of Vancouver. I’m Paul Andersen. I’m the treasurer of ARIN. I chair the ARIN FinCom on the finance committee on the ARIN Board which also consist of Scott Bradner and Bill Woodcock. We’re responsible for overseeing the finances, working with staff to develop budget, and going over the financials as they come in over the year. So changed it up a little bit for this year ‑‑ this presentation. I’m going to quickly go over the 2011 draft financial results. Stress on “draft.”
Even though the audit has been completed, the audit committee has not yet been able to meet to approve them, but that we anticipate to be done very shortly. Give you a quick look at the first quarter of this year’s unaudited results, talk a little bit about our financial reserves and a little bit about fees. So last year we took in 14.3 million. About 10.3 million of that was in our ‑‑ mostly in our subscriber ‑‑ our v4 subscribers, or the allocations. Just shy of 4 million made up all other. As you can see, the expenses came in at just over 15 million, bringing us to about $700,000 loss. As well as, unfortunately, 2011 our investments were not as great as the previous year, so we saw a bit of a result, meaning that we had about a 1 million draw from our reserves overall.
I’ve just hit a few of the highlights from some of the functional expenses on where they change from 2010 to 2011. Salaries were up about 6 percent from actual. But from budget to budget there actually wasn’t much of a change because that’s there were some budgeted positions not filled in 2010 but did become filled in 2011. Depreciation has seen about a 20 percent increase, and that again is mostly the ARIN Online development that Mark came up earlier and talked about and many of the projects he had there.
Communications also saw an increase, and that’s, again, a lot of the work that Mark’s group’s done in some of the infrastructure deployment of anycast and a lot of the other nodes. Important to note here is many of the costs incurred were actually donated in kind by other organizations. So while we actually haven’t expended any money for that, we have to show at least a fair market value in our expenses on it. Legal saw fairly significant increase last year. That was because last year we were involved in several bankruptcy cases in areas such as California, Delaware, New York and Toronto and others.
Just as a reminder, ARIN does have a legal defense fund and most of the increase was drawn from that. Our rent actually went down quite a bit. That was thanks to a renegotiation of our lease by staff. The NRO had a significant increase on a one‑time event, and that mostly revolved around a lot of expenses on outreach for exhaustion. So far this quarter we’re pretty much on par for where we thought we would be on revenue.
Expenses are a little bit below where we expected them, but we likely will be catching up by the end of the year, assuming we fill some hires that we have open right now. And we did a budget to try and have again drawdown from reserves, but so far in this year, 2012, the investments have done much better than last year, so we are looking at actually a significant increase again to the reserves if things continue on as par. Speaking of reserves. So here’s a breakdown of where the balance of our total reserves have been over the last decade. As you can see, there’s been some significant increases, with the odd dip. As many remember, in 2008 it was not the greatest year for the markets.
From the standpoint of the same period, the S&P has been mostly flat actually over a bit, from the standpoint of ARIN here, just to give you an idea where our returns have been. We’ve had more good years than bad. But when it was bad, it was very bad. Last year there was a bit of a downtick. As you can see, in this quarter we’ve done well. But to give you an idea, over the past, since 2001, the net investment gain has been about $10.7 million that ARIN has got from its investments. So we do get a lot of questions about the reserves. Just to give you an idea, the Board has directed the organization to keep a reserve in the area of one to two years of operating expense in reserve.
We do have three reserves. We have an operating reserve, which consists mostly of CDs and short‑term cash; the legal defense fund, which I mentioned earlier; and the longer‑term investment fund, which is where most of the more ‑‑ funds are invested in right now. If you look at the 2012 budget of 16.92 million, we have a current reserve of about 25 million, so we’re in that one to one ‑‑ sorry, one and a half range right now.
To be fair, the Board has asked management to draw on the reserves in the last few years, but we’ve also always been very conservative in our estimates of what our investment revenue will be. And unfortunately, despite our best estimates to drop it down a little bit, because we do feel the reserve is probably a bit on the higher end than we’d like right now, there has been only one year where we’ve actually drawn down, and that was last year.
Fees. So the current fees have been around since the beginning of time from a structure standpoint. We have a variety of fees. We obviously have the v4 and v6 subscriber allocations. That’s what our ISPs generally use. They pay an annual fee, recurring fee. We have our assignments, which is mostly our end users. They pay an initial fee for the resource they receive and then pay a single fee per ORG for the total of the reserves that they hold.
We also have some other fees such as for autonomous system numbers. Minimal maintenance fees, transfers, membership and conference fees, but the bulk of our revenues do come from our IPv4 and IPv6 allocation fees. So the FinCom has been working with staff over the last year to see where we might be able to look at how we do fees and whether or not a new model might be required. A few things that we’ve kind of identified that we would like to pursue is that we have equitable fees based on costs. That if you’re receiving comparable services, hopefully you’re paying a comparable fee. That we try and avoid disincentives for new industry‑wide incentives.
Obviously we had v6 fee waivers for several years because we were hoping to not stifle v6 deployment with costs. Stuff like with resource certification is very expensive to the organization, as Mark said earlier, and some of the developments he’s been doing, but we’ve tried not to increase fees from there. Try and make sure that smaller organizations are ‑‑ trying to have the lowest cost we can have for them to make sure that they’re allowed to innovate, because they’ve always been very important to the development of the Internet. Try and reduce our costs wherever possible, try and make sure in a post‑v4 runout that we are a leaner organization from an expense standpoint. And also promote the open membership and the development process, the Policy Development Process we have and try and get the broadest involvement from those that have a bona fide interest.
So a few questions we have from the current structure that we’d be happy to take input on or hear other questions, goals, or concerns that you may have on what we should be looking at. In our maintenance fees paid via end users registration services for any number of v4 or v6 address blocks of any size equitable and fair, should we focus more on a fee per block or fee based on how many addresses you have, and how should we deal with membership fees on a go‑forward basis. From a timeline standpoint, the Board’s had some strategic discussions last year on this. Staff have been working heavily just to try and understand what our current costs and current base look like.
We’re looking for any input, again, on some of the goals that you might want to see accomplished. Today in the FinCom and Board will be considering a draft proposed change throughout the year with some consultation from the community later this year and potentially having a new fee structure in for the beginning of next year. And I believe, if I’m right, that was the end. So with that, I will take your questions, comments, concerns.
Scott Leibrand: Scott Leibrand, Limelight Networks, speaking on behalf of myself. I just learned this week that the fee structure on the fee page is actually based on the number of addresses per year that were received in the highest growth year for an ISP, not on the total cumulative amount of address space received. One, that’s really unclear from the description on the fee waiver page and needs to be updated. But, two, it doesn’t seem to match my understanding of what makes sense and what I thought everybody else thought made sense. So, John?
Paul Andersen: So, well, yes. And if it makes you feel any better, until I became treasurer, I also was not aware of that fact. I do agree that the fee page could use some clarifications, and we can work with staff on that. And I think that was identified in our early discussions on the fee structure, that that may not make the most sense, especially going forward in a v6 transition era. So that’s definitely one of the areas that we’re looking to change and looking for feedback on. I don’t know if John wants to add anything.
John Curran: We presumed we were going to a model where it was total addresses held by the registrant.
Scott Leibrand: My feedback would be total addresses held is a much more logical system, especially when you’re only getting addresses via transfer and not all smooth like it is now.
Paul Anderson: Is it possible from Sound to get a little more of the mics from the front? I’m sorry, I can’t ‑‑ I’m half deaf from too much rock music when I was younger and I’m having problems hearing.
Kevin Blumberg: Kevin Blumberg. Couple of comments. I believe that Leslie’s numbers show the number of end‑user organizations outstripped ISPs by 3 to 1, 4 to 1, something in that range.
Paul Andersen: 14,000 to ‑‑ sorry 15,000 to about 4,000 roughly.
Kevin Blumberg: I believe that, and, again, community consensus is crucial, that the ISP end of it has always felt that it was important to keep fees down for the end users so that the data was valid and et cetera. I do agree that $100 that has stayed the same for God knows how many years is probably out of line. In fact, I probably suspect that it costs more than $100 just to handle this person as a customer. But I believe the community as a whole would probably want to continue with that side of things. Again, rebalancing it.
Paul Andersen: Supportive of some balancing but maybe not a total rebalancing.
Kevin Blumberg: Correct. I believe that where you can pay the $500 fee today to be a full‑fledged member, if you’re an end user, that that’s ‑‑ something along those lines should continue in that I do not believe that if you’re going to keep fees very low or much lower for the end user, I don’t believe there should be a change in that, I think it should continue the way it is, and that if you want to be a stakeholder as far as a voting member, then you should be accepting the cost responsibilities with that as well. And the last thing is the IPv6 extra small category issue that was recently raised on the ASCP, I urge the Board to deal with this as soon as possible and to not wait on it until October or January; that it is an impediment to that 35 percent of IPv4/IPv6 registrations that the extra small category is the only one that is being unfairly penalized to go with IPv6.
Paul Andersen: Thank you for that.
Andrew Dul: Andrew Dul, Cascadeo. I think an interesting data point that might help us decide what to do with the end user fee structure would be the number of records on average held by an end user. For example, there are probably many end users that hold one record, and there are probably some category that have a thousand records, not counting reassignments, of course. So that would be perhaps creating another kind of scale in a similar fashion to allow people who are at the top end to pay more.
John Curran: I will endeavor to do a histogram for that very shortly. One, it’s very popular. Amazingly, two and three are also popular for different reasons. Two, because on v4 and an AS number, two because on v4 and v6, so we’ve got a few of those, and three because I have all three of them, and then it tapers off pretty dramatically. But I’ll try to get a histogram out in the next few days.
Andrew Dul: Thanks.
Paul Andersen: Other questions?
John Curran: Can I ask question to spur discussion, which is the last thing that you want to do on a fee discussion?
John Curran: On a long‑term basis, five or ten years out, it’s very hard to distinguish between a very small ISP and a very large end user in terms of ARIN’s services. But the benefit that they get from using their address space, it could be very different. And I guess is the community comfortable with us continuing with an end user/ISP split? And if that’s the case, that’s fine. Does the community feel as though we need to try to look at that and maybe there’s not as big a difference as we thought? Anyone want to come up and talk on the end user?
Paul Andersen: I see Mr. Huston hovering to the mic.
Geoff Huston: I wasn’t going to talk to that.
John Curran: You’re right after that, Geoff.
Andrew Dul: Andrew Dul. I would be not opposed to considering how the two converge over time, where organizations which have similar amount of space pay similar fees. I don’t know if that’s really what we want to do, but I think it’s a good thought exercise to see what an organization would look like with this many people in a small bucket that all pay the same amount and this many people in a super large bucket that pay some other amount.
John Curran: I guess ‑‑ and that’s great feedback. The reason we ask is because it does run contrary to the remarks of trying to protect the fees end users pay. If we headed all in the direction of looking at the services side and not looking at whether it’s end‑user or ISP, then the fee schedule would be disadvantageous to end users. So you’re saying it’s a thought exercise. But there’s not anyone who is saying we have to go that way.
Andrew Dul: Right. I think the other thing we can look at is transitioning to a fee‑for‑service for all organizations where if ISPs come back and asked ARIN to do something, then there’s a fee incurred at that point, not just included in your subscriber rate. So kind of going both ways, where maybe you try to keep the annual fees low, but the fee‑for‑service part maybe increases when something actually gets turned.
Paul Andersen: I know Geoff was first.
Geoff Huston: Now, I can comment on that. I think I’ve got something directly relevant. This actually comes from the annual general meeting of the RIPE NCC last week, because the fees discussion is a discussion that happens in all RIRs from time to time. And that fee discussion is currently happening inside the RIPE NCC. Their approach was different to the one APNIC did. We wallowed in that discussion for many years, and it was difficult. It is difficult.
They set up a task force. I think there were five folk on it who were drawn from the membership. What they actually did was discuss the principles under which a fee structure could be constructed or altered from their existing one and the pros and cons. And it was actually, I thought, a really helpful document. And I hope it helps them to get to the point of sort of the v6 fee structure. But I would commend that work to you, particularly the Board, and say that I found that work, in reading through that document, very helpful to me in the APNIC context of supporting that discussion. And you might want to take a very close look at it. It was quite an insightful document.
Paul Andersen: Thanks for that, Geoff.
John Curran: Excellent.
Cathy Aronson: Cathy Aronson, ARIN AC, Cascadeo. We have a lot of clients that would be pretty adverse to going from $100 a year to $1,250 a month, for example.
Paul Andersen: A year, you mean?
Cathy Aronson: Yeah. So the end users may not be particularly fond of the ‑‑ I’m sorry, yeah, the yearly fee. But that’s a significant change. So merging them together, I don’t know, especially since most of the people that I deal with personally, they have one entry and ‑‑ well, two, because they have an AS number. But like they don’t ever change it and their business never really moves, so anyway…
John Curran: Thank you.
Paul Andersen: Thank you. Kevin.
Kevin Blumberg: Kevin Blumberg. I believe there are two issues or three issues that you brought up, John, in that. Looking out three years, my suggestion is be very careful. You don’t want to rock the boat, especially in this transition time. That to me is sort of the 1.2 version of your fee structure, the slow migration towards something else. Unfortunately, I can see us doing a 1.5 version that is looking at three to five years out. But ultimately we don’t know how ARIN is going to operate in a more v6 environment, and to try to today design our fee structure around what will be a radical shift, very possibly greater than five, even potentially greater than ten, that swing, I think it’s worth thinking about, but I do not think it is worth trying to set a fee structure that takes care of that. So that was that part of it.
The other option is that there are many times where organizations have collectives that act as a single member. One association with its 50 members behind it becomes one member of that other organization. And maybe something to think about is that it might be worthwhile to have a scenario where end users potentially could fall under one membership record where it is still delineated from a Whois point of view but allows a bunch of people to go in as one larger entity, even though they are a sub rate of that.
Paul Andersen: When you say that for membership, you’re also talking about they would get resources not just as a member; they would come in as a single entity to get resources and then…
Kevin Blumberg: Yes. That entity would request it on behalf of its member. Again, the ‑‑ it is ‑‑ if the cost for end user is a billing and maintenance issue and you can take it from ‑‑ down from 50 to one in terms of who is handling that and sort of push the onus down, it might be one way of looking at it.
Paul Andersen: So on your first point, I don’t think we’re looking to hopefully not have the structure to last another 15 years. I think we should be looking at fees regularly, not necessarily changing them regularly, because I appreciate consistency is difficult for a lot of your organizations. Even changing it a dollar up or down can be more headache than it’s worth because suddenly why is the change and it’s easier when it’s consistent.
But I do think we need to give some idea of what ‑‑ I’ve heard a lot of support that the current fee structure won’t probably work in a v6‑only world. I think we need to start having that discussion of what does that fee structure look like, maybe it’s two phases to transition. I do take what you say in regards ‑‑ we do need to be careful from the standpoint of I guess adding more uncertainty in already a ‑‑ that transition. And from the standpoint of the end user, it’s not that it’s just from a cost standpoint, but we’re setting fees based on the ‑‑ we set our expenses based on the activities that the community asks us to do and the services you asked us to offer, and then we’re using the fee schedule to recover it. So we’re just trying to figure out what’s the right balance for that recovery. Owen.
Owen DeLong: Owen DeLong, Hurricane Electric. I’m not even sure how I feel about this suggestion yet, but it occurs to me that if we have a reserve that we keep trying to prudently draw down but increasing accidentally because we’re too prudent about drawing it down ‑‑
Paul Andersen: And also that our CFO is just that good.
Owen DeLong: Right, right. No, I’m actually about to go in the opposite direction. So since we have trouble getting rid of this reserve, maybe the goal shouldn’t be to get rid of this reserve and should be instead to build the reserve up into an endowment that would allow us to trend fees towards lower levels over all in the future.
Paul Andersen: That has been a suggestion that has been looked at. I don’t know how well that would work, but it is good to hear that there might be support for that. That’s something we can obviously look at. Back microphone.
Mike Joseph: Mike Joseph, Google. A minor point, but if we do start moving towards a fee‑for‑service model, I would request that for ISPs which currently pay annually that they continue to pay annually even if that annual invoice includes more line items. As Marla pointed out I think it was yesterday or Monday, it can be very difficult for large organizations to source POs quickly, and being able to consolidate billing if we move towards a more fee‑for‑service model would be ideal.
Paul Andersen: That would be well understood, and that’s very much under our consideration, to make sure ‑‑ as I said earlier, we understand that getting the invoice paid, especially on some of the smaller ones, can be more expensive than the invoice itself.
Mike Joseph: Certainly we don’t want it to block requests.
Paul Andersen: Yes. Thanks. Anyone else? Only because, Kevin, this would be your third time, so I just wanted to ‑‑ Kevin.
Kevin Blumberg: A fee for service to come up here?
Paul Andersen: What an interesting concept. John is deciding whether or not he’ll respond.
John Curran: Well, you realize that fee for service is an interesting thing to try to base the organization on, because the activity level ‑‑ well, in a long‑term basis, ten years plus, there’s not a lot of activity. Not unless this organization decides that IPv6 allocations should be straitjacket tight and justified, in which case you’ll just end up with organizations creating new organizations and getting new allocations. So since we’re probably not going to see a lot of additional IPv6 over the long, long term, you’ve got to think about a steady state that’s pretty quiet in terms of requests coming into ARIN. Now, that’s long, long term. The question is what do we do in the meantime when we may have enormous work involved with IPv4 transfers, processing those, justified need, et cetera.
Kevin Blumberg: What I was going to say was thank you for actually looking at this issue. It is a bear of an issue. We are in the “still running leaded gasoline” from a pricing point of view. And myself, my personal company has definitely taken I wouldn’t say advantage, but has definitely benefited from what was discussed earlier where as you grow you pay for what your highest year was. And I look forward to being able to pay for services that I actually used rather than what I used in one year.
Paul Andersen: Thank you.
John Curran: Thank you, everyone.
Paul Andersen: Thank you very much.
ARIN Board of Trustees Report
Tim Denton: Good morning, everyone. The Board report has about the same level of interest as the Uzbekistan cotton report of 1998. It’s drafted so as to be as boring as possible, but it’s really because we have some quite boring duties to do. We gather together in January and we have our first meeting, and at that ‑‑ I’ll come to it in a moment. Organizationally what we do is we review and approve the 2012 budget. We elect our officers. We impanel our committees. We did something novel. We adopted an Expected Standards of Behavior document, whereby we hold ourselves to certain sort of standards of parliamentary behavior.
We received our usual wise guidance from Mr. Ryan on what we’re to do and not do as both ‑‑ as a corporation to avoid legal liabilities, et cetera, which is very useful. In terms of reviewing staff work and lawyer work, we reviewed the legacy and current agreements, LRSA 3.0 and RSA 11, and the net effect of which is to make them more compatible and closer together. We reviewed the Registration Services operational and audit results. As to fees, we extended the v6 registration service fee waiver of 25 percent through to the end of this year.
Strategic direction. Basically it’s what you might imagine it to be. We strongly support the continued outreach and education as regards IPv6. We continue the education about the current Internet Registry System model particularly externally, which is to say that we do our best to make people understand, governments understand that the RIR system has its benefits and this has particular relevance in relation to the ITU’s attempt to seize the territory. We considered the long‑term fee structures for ARIN, as was discussed in the previous presentation by the treasurer, and our long‑term budget goals.
In terms of reviewing the legislative activity of the Advisory Council, we have under advisement the ARIN Policy 2011‑1, Inter‑RIR Transfers, which was of course the subject of discussion in the last couple of days. We handed off to the IETF the ARIN Policy 2011‑5, Shared Transition Space for IPv4 Address Extension, and we have adopted the policies that you see before you, 11‑8, M&A and Specified Transfers ‑‑ I don’t need to read them; you’re literate. But that was these ‑‑ these policies were adopted as the recommended by the Advisory Council. And that, ladies and gentlemen, is what we did. Thank you very much.
John Curran: Okay. And now we move into our Open Microphone phase, which is where we consider microphones are open for any topics that have not been considered yet. Feel free to avail yourself of the microphone. We’re here for as long as you need us. The room closes at 5:00. Let’s go.
Tim Denton: What if no one chose to speak?
John Curran: Then we’re actually going to adjourn. Microphones remain open. Remote mics remain open.
Scott Leibrand: Remote participant comment. This is actually from the fee discussion. I missed it as we closed the mics. McTim said that he liked the endowment idea; was not so keen on fee for service.
John Curran: Understood. That would be given to the FinCom. I see people coming up. Yes. Mr. Daniel Alexander.
Dan Alexander: Dan Alexander, Comcast, ARIN AC. I’ll stumble through this one a little bit, so work with me. But during Cathy’s governance presentation with the upcoming WCIT, I’m often kind of conflicted where I appreciate very much all the work that ARIN staff is doing. I mean, if half this room understood all the work and travel and effort you guys have been putting into it, it’s very much appreciated.
But I sometimes wonder, we’ve got ARIN, the organization, doing a whole lot of work along these lines, but ARIN has more than 3,000 member organizations who are tied to an awful lot of companies in multiple countries, and it would be interesting to have some more conversations around how that could be leveraged to better communicate these issues to the local governments in their countries outside of just ARIN showing up with the phone call or trying to get the point across where it would come from more within.
John Curran: Excellent. Susan, do you owe him five dollars because you paid him to stand up?
John Curran: Could we get the ARIN Internet governance Web page that was released last week up on the screen. So we’re in the middle of a major change with respect to Internet governance. First thing is that ‑‑ first step is to provide you some overall guidance. And you’ll see on the governance Web page, which is coming up, you’ll see we’ve actually sort of listed the organizations that we’re participating in and how you can get involved in each one.
That’s sort of the entry price, to let our members know these organizations are out there, how do you get involved with them and whether that’s joining, whether that’s writing to your trade contact in a particular country and letting them know. So if you scroll down a little bit, you will see it’s a list of the organizations. Keep going. ITU. Keep going. So sort of how to participate, who can join, what materials you can get. CITEL. The website, how ARIN participates, who can join, and how you get the materials. IGF, OECD.
So this is the first start of giving the members a guidance that says here’s what’s out there for Internet governance and how to get engaged and how to get their materials. We’re going to revise this, there’s a group working internally right now, to talk about what positions you should be bringing to these organizations that we believe fulfill ARIN’s mission. And that’s the second part. That plus this roadmap I think is what you’re looking for.
Dan Alexander: Because, admittedly, I’m not good at social networking, but there seems to be a social networking experiment here that would just go a long way.
John Curran: Right. I think if we give you the materials, I think the members can go wild using it to engage on Internet governance. But we’re working aggressively to get that done. But I think it’s a great idea. Rear microphone. Owen.
Owen DeLong: I’m actually holding a place for Stacy.
Stacy Hughes: Let’s give a great round of applause for our Internet Hall of Fame inductees Vint Cerf and our own Geoff Huston.
John Curran: Mr. Huston, please rise. Thank you for being here.
John Curran: You would have been rising and bowing and waving for hours and hours if you were in Geneva; you only had to go through it once. So thank you, Geoff, for all of your contributions. Rear microphone.
Bill Darte: This is Bill Darte. When I worked at Washington University, I dealt with a lot of organizations, big companies, and in an IT context, training and professional development and executive interactive services and things like that. And I ran into all kinds of different people in these big companies. And a lot of them, like business continuity people, are extremely knowledgeable and they have a great and powerful role to play. And they have almost no power within the organization to influence it at all, it seems.
And so I think not only is the ARIN website identifying these organizations that exist, but I think to the extent that you could help by producing materials that are consistent, brief ‑‑ or concise but brief but speak to why executives who have the power and authority within these organizations should get involved or might get involved. And it would help the people in this room and others advocate within their organizations for involvement in a level that matters in some of these discussions. So anything that you could do there, it would seem, it would help.
John Curran: I think that’s a great suggestion. I’m going to ask the room a somewhat dangerous question. So there’s nothing wrong with ARIN telling the members “here are some issues that you need to engage in,” because they affect the mission and the community thinks that’s relevant. But I actually don’t get to say that until you folks tell it to me. Now, ARIN hasn’t done a lot of outreach and education with respect to Internet governance other than in areas that plainly fall within our domain. If you want to change the way IPv6 addresses are allocated, we’re probably going to have something to say about that. But there’s a lot of areas that are more general Internet governance matters.
And we predominantly work on number policy here. So when someone brings up a more general Internet governance matter, I don’t know whether or not it’s appropriate for ARIN to tell the community get engaged on this versus look at it and see if you should get engaged. I believe it’s proper for ARIN to tell the community look into these things and see if you should get engaged. I think I’d need a group of members to get together if we actually wanted to tell people you should get engaged, it’s actually ARIN’s recommendation to say all of you find your management and brief them. I wouldn’t dare do that until you collectively said we should tell the rest of the membership.
Bill Darte: So my ‑‑ I’m sorry. In response to that. My suggestion was not that you tell them what to do but to prepare materials that people could use as their ‑‑
John Curran: As their briefing.
Bill Darte: ‑‑ as their briefing of what’s at stake and why would it take an executive involvement to influence this process.
John Curran: It’s more than just giving you here’s the pointer; it’s here’s the briefing material and tools to use for your management team.
Bill Darte: And then it’s up to them to decide how and whether they might use those or modify them for their particular culture, et cetera.
John Curran: Point received and we’ve got it. Scott.
Scott Leibrand: Remote participant. Joe Maimon from CHL, back on fees: Fee per block and even more so fee for address is an interesting contrast to needs based and even more so to addresses are not property.
John Curran: Okay. Rear microphone.
Dan Alexander: Dan Alexander again. To your earlier question, having been following this for quite a while and being on several delegations and being in the room in a number of these meetings, as an ARIN member I can wholeheartedly ask you, yes, be involved; this affects absolutely everybody in the room. It affects the businesses they work for. It affects us all greatly.
John Curran: Daniel, I’m going to put on you the spot, only because you’ve done such a lot of work on Internet governance and done such a great job. So if ARIN sends a message out to all the members saying it’s essential for you to get involved in these five forums to make sure that network neutrality laws are passed, that’s an interesting Internet governance issue. But it wouldn’t be an ARIN position necessarily. It may not be one that you’d advocate on until the members have decided it. Our members have different views on a lot of these issues. So the difference between telling them, as said, get involved, read about it and figure out your company’s position, versus advocate position X, I don’t know if we could ever tell the members to carry a position, because in some cases I’ve got people in this room on opposite sides of it.
Dan Alexander: Agreed. But there’s a fine line between positions, and when you look at what ‑‑ one of the things Bill had mentioned, you can set up a number of briefings that are very informative and that lay out the implications of a lot of things being discussed without necessarily taking a stance one way or another. But they’re in a format that these people within the company who don’t have the in‑depth knowledge can use as an informational packet.
John Curran: Got it. Okay. Very helpful. And microphones remain open. Center rear mic.
Owen DeLong: Owen DeLong, Hurricane Electric. Being as ARIN is one of the few organizations vying for a role in Internet governance that actually gets it reasonably right, in my opinion, I would actually encourage us to at least provide briefing materials and additional data to help people make their executives more aware and get them more involved in these various Internet governance processes before these undereducated, misunderstanding people with too much time on their hands begin raining regulation upon us, if they haven’t already.
As to ARIN advocating that people support network neutrality laws, I don’t see that as a problem because no matter which flavor of ARIN member you are, somebody has a network neutrality law that you probably like, whether it purports anything resembling what I would call neutrality or not.
John Curran: Okay. I was using that as purely an example. Just want to make that… Center front.
Scott Leibrand: Remote participant, Tom Vest: To the extent that opinions about ASN transfers were or are influenced by the need to establish an official position for pending bankruptcy proceedings, would a proposal to insert policy language that treats bankruptcies in a matter similar to M&As represent an interesting or viable alternative? I think that’s probably a topic for policy, but something for people to think about and maybe take it to the list.
John Curran: That’s a very interesting question. And I think that staff will take that under advisement and emerge with it either for discussion with the AC or the Board depending on what happens when I confer with legal. But it is a very, very interesting approach to the problem. Okay. We still have time, and we still have people at the microphones. I see Byron back there.
Byron Holland: Byron Holland from CIRA, the operators of .CA.
John Curran: Right. Our sponsor.
Byron Holland: Yes.
Byron Holland: No more beer on me tonight, though. And, by the way, thanks to the ARIN staff who actually did all the heavy lifting and work on putting that event on. I think it was really well done, so thank you very much. Great to be a sponsor when an event gets pulled off like that. But also as an ARIN member and somebody who spends a lot of time in the governance world, I think I’ll speak both as an individual, how I feel, but I can also say as the representative of CIRA, spending a lot of time in the governance space, I think it’s critical that ARIN stand up and take a position on this and make recommendations specifically to their members. I think the members here have a lot of reach into other countries and other organizations with other countries that should be leveraged. I mean, we are talking fundamentally about a change in the governance structure, the Internet at large, and I think we can’t take this seriously enough.
We really need to leverage all the ability we have to speak to other countries, to inform, to educate and to really state the position, because the very fact that we are here speaking at mics in a multistakeholder, member‑based environment is what is at stake if we go to a treaty‑based, state‑to‑state solution, which much of the world is really advocating for, and many of them because they have didn’t forms of government, but many because they’re not necessarily appreciating what has brought the Internet to the place it is today. And we need to advocate on the Internet’s behalf here, and organizations like ARIN are in an excellent place to do that, particularly with the leverage effect of their members. So I strongly urge ARIN to get involved.
John Curran: Very clear feedback. Thank you. Center rear microphone.
Geoff Huston: Geoff Huston. I shall think that was actually a really good exposition of the issue. This transition from the old telephony model into the Internet was actually a transition in regulatory structures and that really the Internet was a byproduct of progressive deregulation of this industry in many countries. And one of the issues around deregulation is instead of doing things because there is a regulatory framework, we’re doing things because we are self‑regulatory. The policies we put up is actually industry self‑regulation. I don’t believe that the particular topics that you discuss in this forum and in other forums are things that you bring up to the Internet governance forums for approval or anything else. That’s not the issue.
But what you can do is advocate loudly and proudly that this model works; that you can advocate that competing interests who out there in the market compete in the same city and across countries, because they are competing, can indeed sit down and work through self‑regulatory outcomes that work for the entire industry and work for consumers; that you can point to the fact that at the end of the day this Internet is dirt cheap and it works, and part of that is because self‑regulatory structures are working.
And I don’t think you need members’ permission to actually advocate in forums that are discussing alternatives. I think you’re perfectly capable of getting out there and saying industry self‑regulation is here, is working and is efficient in this larger marketplace that we see out there. And I think that’s your role. Go for it.
John Curran: Thank you, Geoff. I think we’ve been doing that role and we’re spurred on to do more of it by this conversation. We have been very active in defending the structure of the registry system as a successful working system, letting people know that we have running code indeed, and it’s done the job. And the question is also on the table, though, about whether or not we go beyond into particular topics and particular areas, which was obviously an interesting discussion. Yes, Bill.
Bill Darte: So in theme with what I was proposing earlier and what’s been said here by Geoff and the folks from CIRA, it’s all about stakeholders and stakes. And so the material I’m advocating that should be developed are about that: Here’s the stakes, here’s the likely outcomes, here’s what impact that might have on an organization like yours, et cetera. I mean, because that’s ‑‑ it’s a cost‑benefit issue. If people don’t see how it’s going to directly impact their business, their operations, their revenues, et cetera, or be able to at least predict from that information those kinds of things, they just won’t take interest.
John Curran: Got it. Yes. Rear microphone.
David Farmer: David Farmer, University of Minnesota, ARIN AC. The question of sort of issues that would be more controversial even within the room. ARIN can still play a role in those. You can provide neutral briefings in why the issue is important. You don’t necessarily have to take sides. And that can be important to everyone in the room, and I think it’s an important role for an industry self‑regulating body to explain the issues in a neutral way. So even for those controversial issues, like net neutrality, just explaining the issue in a neutral way could very much help us all.
John Curran: Understood. Okay. Any other comments? We have one on the back microphone.
Lynne Hamilton: Lynne Hamilton. I’m one of the ARIN Fellows. I again wanted to echo the comments of my other Fellows and thank everybody for being so welcoming, so kind. It ‑‑ learning some of the issues has been more like a learning cliff as opposed to a learning curve, but I think I’m coming back up. And I just wanted to say on the whole issue of the self‑regulating body, it’s been fascinating to watch you work. And someone who comes from a largely government background, we usually believe that consultation is more about predetermining an outcome and then being seen to be consultating, and to watch this actually work in a real forum is tremendous. So thank you.
John Curran: Glad to have you.
John Curran: If there are no further questions, I will close the mics. I’m closing them. Remote participants, also closed. Thank you. That ends our Open Microphone session.
Closing Announcements and Adjournment
John Curran: I would now like to adjourn our meeting. Thank one more time our sponsor.
Tim Denton: And CIRA for the free beer.
John Curran: Yes. And Byron, if he’s out there, yes, I see, and CIRA for all their work. Thank you.
John Curran: Please check your bill. You should not have been billed for the standard in‑room wireless connectivity, unless you paid to upgrade, then you paid to upgrade. Don’t forget the Meeting Survey. We have Meeting Surveys in your packet and available online. Thank you for being part of ARIN XXIX, and we’ll see you in October in Dallas. Thank you for coming.
[ARIN Public Policy Meeting concluded at 11:53 a.m.]