Hi Nathalie, I appreciate your views but I don't think that the law enforcement's insight should even be considered in this discussion.
I have no security concerns because I secure my networks. That will not change if it's IPv4 or IPv6. Both ranges will be trackable so I see no reason to change things. On Sat, Oct 5, 2013 at 5:04 PM, nathalie coupet <[email protected]>wrote: > Hello John, > > As far as law enforcement agencies are concerned, the problem is not so > much a question of depletion of the IPv4 pool but of traceability back to > the attacker in case of misuse of the Internet, such as for MitMA or DDoS > (many attackers of US websites being located in the APNIC/Middle East > Regions). The problem is even more acute for IPv6 addresses, since blocks > allocated are larger than those for IPv4. > Maybe ARIN's policy should be consistent regarding the allocation of both > IPv4 and IPv6 addresses requesting that stakeholders have sufficient > attachment to the region prior to receiving IP addresses from ARIN. > If we do not take into consideration security concerns into our own hands > and decide for ourselves what we tolerate and what we don't, others will > enact rules and procedures that might end up affecting the organization in > a way that could really detrimental to business. > > > Nathalie Coupet > ARIN Member > > ------------------------------ > *From:* "[email protected]" <[email protected]> > *To:* [email protected] > *Sent:* Friday, October 4, 2013 7:32 PM > *Subject:* ARIN-PPML Digest, Vol 100, Issue 2 > > Send ARIN-PPML mailing list submissions to > [email protected] > > To subscribe or unsubscribe via the World Wide Web, visit > http://lists.arin.net/mailman/listinfo/arin-ppml > or, via email, send a message with subject or body 'help' to > [email protected] > > You can reach the person managing the list at > [email protected] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of ARIN-PPML digest..." > > > Today's Topics: > > 1. Re: Draft Policy ARIN-2013-6: Allocation of IPv4 and IPv6 > Address Space to Out-of-region Requestors - Revised (John Curran) > 2. Out-of-region overreaction? (Frank Bulk) > 3. Re: Out-of-region overreaction? (Scott Leibrand) > 4. Re: Out-of-region overreaction? (Jimmy Hess) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Fri, 4 Oct 2013 19:55:59 +0000 > From: John Curran <[email protected]> > To: Gary Buhrmaster <[email protected]> > Cc: "[email protected]" <[email protected]> > Subject: Re: [arin-ppml] Draft Policy ARIN-2013-6: Allocation of IPv4 > and IPv6 Address Space to Out-of-region Requestors - Revised > Message-ID: <[email protected]> > Content-Type: text/plain; charset="us-ascii" > > Gary - > > Since June 2013, there have been 52 requests that would not have > been approved under the new policy because these organizations > had only some equipment in a data center in the ARIN region, but > either all or most of their technical infrastructure outside of the region > and most or all of their customers outside of the ARIN region. > > Total amount of space issued to these 52 organizations: 9,672 /24s, > (which is a bit more than a /11 in total) and nearly all organizations > were based in the APNIC region. > > FYI, > /John > > John Curran > President and CEO > ARIN > > > On Sep 27, 2013, at 11:37 PM, John Curran <[email protected]> wrote: > > > >> On Sep 26, 2013, at 3:06 PM, Gary Buhrmaster <[email protected]> > wrote: > >> > >>> On Thu, Sep 26, 2013 at 6:21 PM, John Curran <[email protected]> wrote: > >>> ... > >>> That is correct (and reflects current practice handling resource > requests.) > >> > >> John, > >> > >> I support the policy, but I do have a few questions that > >> would help finalize my thinking (that I do not recall seeing > >> asked or answered). I understand that any answers are > >> going to be more WAGs than facts, and you may not > >> have the information or ability to provide the answers, > >> but any answers would help me (and perhaps others) > >> recognize the implications of such a change (if any)? > >> I'll accept as many additional caveats you want to add > >> to any response. > >> > >> * If this policy was in place for (say) the last year, what > >> is the order of magnitude of number of requests that > >> would have been referred to another RIR (1, 10, 100, 1000)? > >> > >> * If this policy was in place for (say) the last year, can > >> you break down the requests by the RIR that the > >> requester appeared to be have their plurality? > >> > >> * If this policy was in place for (say) the last year, what > >> is the order of magnitude of the IPv4 numbers that > >> would not have been issued by ARIN (/24 ... /8)? > > > > Gary - > > > > We're looking into your concerns, and will see whether we > > can provide any insights/WAGs can be provided regarding > > the potential impact of the policy (as compared to past > > requests.) > > > > Thanks for the thought-provoking questions! > > /John > > > > John Curran > > President and CEO > > ARIN > > > > _______________________________________________ > > PPML > > You are receiving this message because you are subscribed to > > the ARIN Public Policy Mailing List ([email protected]). > > Unsubscribe or manage your mailing list subscription at: > > http://lists.arin.net/mailman/listinfo/arin-ppml > > Please contact [email protected] if you experience any issues. > > > ------------------------------ > > Message: 2 > Date: Fri, 4 Oct 2013 15:31:32 -0500 > From: "Frank Bulk" <[email protected]> > To: <[email protected]> > Subject: [arin-ppml] Out-of-region overreaction? > Message-ID: <[email protected]> > Content-Type: text/plain; charset="iso-8859-1" > > I was requesting some ISP IPv6 space and the kindly ARIN staff posted this > in their response: > > Please reply and verify that you will be using > the requested number resources within the ARIN region > and announcing all routing prefixes of the requested > space from within the ARIN region. In accordance with > section 2.2 of the NRPM, ARIN issues number resources > only for use within its region. ARIN is therefore only > able to provide for your in-region numbering needs.? > > I'm familiar with the concern about out-of-region folk taking advantage of > ARIN's current IPv4 supply, but I have a few concerns about the wording of > the staff communication. > > a) It's been my understanding thus far that if I'm an ISP that provides > service in multiple places around the world that I may divide my allocation > into smaller prefixes and advertise those to area peers. It seems ARIN > staff would preclude me from doing any of that. "All" is a pretty strong > word, and if ARIN really believes it, a lot of violators could be found. > > b) It seems that Section 2.2 of the NRPM is being misapplied. > 2.2. Regional Internet Registry (RIR) > > Regional Internet Registries (RIRs) are established and > authorized by respective regional communities, and > recognized by the IANA to serve and represent large > geographical regions. The primary role of RIRs is to > manage and distribute public Internet address space > within their respective regions. > > While ARIN does issue numbers within its region, section 2.2 does not say > "only for use". If an "only" had be applied, I would suggest that it's > "only manage and distribute". > > If I could be so bold, I'd suggest ARIN to use language something along > these lines in their communications: > > Please reply and verify that you will be using > the requested number resources primarily within the > ARIN region and announcing the majority of routing prefixes > of the requested space from within the ARIN region. > In accordance with section 2.2 of the NRPM, ARIN issues > number resources within its region. > > Frank > > > > ------------------------------ > > Message: 3 > Date: Fri, 4 Oct 2013 14:42:50 -0700 > From: Scott Leibrand <[email protected]> > To: Frank Bulk <[email protected]> > Cc: ARIN-PPML List <[email protected]> > Subject: Re: [arin-ppml] Out-of-region overreaction? > Message-ID: > <cagkmwz4coch2v8m6hbw4-2n4x_qg9x5dyu8arehow1+86y9...@mail.gmail.com> > Content-Type: text/plain; charset="iso-8859-1" > > Agreed. IMO this is *not* was intended by current policy, *particularly* > IPv6 policy. If you get a /32, there's no reason you shouldn't be able to > use it globally. > > Thanks for bringing this up. I think we're going to have a lively > discussion next week in Phoenix. :-) > > -Scott > > > On Fri, Oct 4, 2013 at 1:31 PM, Frank Bulk <[email protected]> wrote: > > > I was requesting some ISP IPv6 space and the kindly ARIN staff posted > this > > in their response: > > > > Please reply and verify that you will be using > > the requested number resources within the ARIN region > > and announcing all routing prefixes of the requested > > space from within the ARIN region. In accordance with > > section 2.2 of the NRPM, ARIN issues number resources > > only for use within its region. ARIN is therefore only > > able to provide for your in-region numbering needs. > > > > I'm familiar with the concern about out-of-region folk taking advantage > of > > ARIN's current IPv4 supply, but I have a few concerns about the wording > of > > the staff communication. > > > > a) It's been my understanding thus far that if I'm an ISP that provides > > service in multiple places around the world that I may divide my > allocation > > into smaller prefixes and advertise those to area peers. It seems ARIN > > staff would preclude me from doing any of that. "All" is a pretty strong > > word, and if ARIN really believes it, a lot of violators could be found. > > > > b) It seems that Section 2.2 of the NRPM is being misapplied. > > 2.2. Regional Internet Registry (RIR) > > > > Regional Internet Registries (RIRs) are established and > > authorized by respective regional communities, and > > recognized by the IANA to serve and represent large > > geographical regions. The primary role of RIRs is to > > manage and distribute public Internet address space > > within their respective regions. > > > > While ARIN does issue numbers within its region, section 2.2 does not say > > "only for use". If an "only" had be applied, I would suggest that it's > > "only manage and distribute". > > > > If I could be so bold, I'd suggest ARIN to use language something along > > these lines in their communications: > > > > Please reply and verify that you will be using > > the requested number resources primarily within the > > ARIN region and announcing the majority of routing prefixes > > of the requested space from within the ARIN region. > > In accordance with section 2.2 of the NRPM, ARIN issues > > number resources within its region. > > > > Frank > > > > _______________________________________________ > > PPML > > You are receiving this message because you are subscribed to > > the ARIN Public Policy Mailing List ([email protected]). > > Unsubscribe or manage your mailing list subscription at: > > http://lists.arin.net/mailman/listinfo/arin-ppml > > Please contact [email protected] if you experience any issues. > > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: < > http://lists.arin.net/pipermail/arin-ppml/attachments/20131004/54de2c60/attachment-0001.html > > > > ------------------------------ > > Message: 4 > Date: Fri, 4 Oct 2013 18:25:16 -0500 > From: Jimmy Hess <[email protected]> > To: Frank Bulk <[email protected]> > Cc: "[email protected]" <[email protected]> > Subject: Re: [arin-ppml] Out-of-region overreaction? > Message-ID: > <CAAAwwbXKQ6z47bkUtLKMZ0BK3qubpELFE=pkydxu2dedj4b...@mail.gmail.com> > Content-Type: text/plain; charset="iso-8859-1" > > On Fri, Oct 4, 2013 at 3:31 PM, Frank Bulk <[email protected]> wrote: > > > > > I'm familiar with the concern about out-of-region folk taking advantage > of > > ARIN's current IPv4 supply, but I have a few concerns about the wording > of > > the staff communication. > > > > a) It's been my understanding thus far that if I'm an ISP that provides > > service in multiple places around the world that I may divide my > allocation > > into smaller prefixes and advertise those to area peers. It seems ARIN > > > > No. You can subdelegate portions of your allocation to customers. > Your upstreams are not going to necessarily let you pick apart your > allocation > and advertise every /29; Although ARIN staff should have no objections > to this, > if your upstreams will allow it, and you show that to be the case. > > If you are chopping up your block; you do not need a big allocation from > ARIN, though, > of sufficient size for all your regions. It only makes sense if you > intend to keep your block _whole_; > and advertise a single block in multiple regions. > > If you intend to chop up your blocks anyways; then a sensible thing to do > is to obtain multiple blocks instead -- from the appropriate regions > where they will be used. > > > > > staff would preclude me from doing any of that. "All" is a pretty strong > > word, and if ARIN really believes it, a lot of violators could be found. > > > > Routing is out of scope of ARIN policy in the first place; you have an > option of > not advertising your allocation at all. You are allowed to have a > privately interconnected network > that spans regions. > > ARIN staff can reject your verification justification for the allocation; > if you don't show you have an intention > to use a significant amount of resources in the ARIN region > > While ARIN does issue numbers within its region, section 2.2 does not say > > "only for use". If an "only" had be applied, I would suggest that it's > > "only manage and distribute". > > > > Policy does not say "only for use"; however there is not policy > specifically encouraging ARIN to recognize use outside of the ARIN region. > > It is not sufficient for use to merely be "allowed"; ARIN has to have > procedures > for validating and auditing the use. > > It is possible, that you may be allowed to use out of region, but not be > able to > cite your out of region networks requirements as justification for > obtaining > a larger block than if your out-of-region usage did not exist at all, > > or it may not be accepted as current use to satisfy utilization requirement > for a future allocation. > > > > If I could be so bold, I'd suggest ARIN to use language something along > > these lines in their communications: > > > > Please reply and verify that you will be using > > the requested number resources primarily within the > > ARIN region and announcing the majority of routing prefixes > > of the requested space from within the ARIN region. > > In accordance with section 2.2 of the NRPM, ARIN issues > > number resources within its region. > > > > > This is very similar to the original quote of what they had said....... > > > > > Frank > > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: < > http://lists.arin.net/pipermail/arin-ppml/attachments/20131004/7e771055/attachment.html > > > > ------------------------------ > > _______________________________________________ > ARIN-PPML mailing list > [email protected] > http://lists.arin.net/mailman/listinfo/arin-ppml > > End of ARIN-PPML Digest, Vol 100, Issue 2 > ***************************************** > > > > _______________________________________________ > PPML > You are receiving this message because you are subscribed to > the ARIN Public Policy Mailing List ([email protected]). > Unsubscribe or manage your mailing list subscription at: > http://lists.arin.net/mailman/listinfo/arin-ppml > Please contact [email protected] if you experience any issues. > -- Martin Skojec Director of Engineering and Operations - Virtacore Systems Inc. [email protected]
_______________________________________________ PPML You are receiving this message because you are subscribed to the ARIN Public Policy Mailing List ([email protected]). Unsubscribe or manage your mailing list subscription at: http://lists.arin.net/mailman/listinfo/arin-ppml Please contact [email protected] if you experience any issues.
