Ryan – Thanks so much for surfacing this discussion on PPML.
Reading through the responses from everyone, I think it’s clear there are use cases for IXPs to reasonably need a block of routable space for administrative purposes, particularly independent ones where there is no guaranteed sponsor pool to pull from. Ryan – did your IXP use a 4.4 allocation for the administrative prefix, or pull that from elsewhere? I think a follow up question, from a policy perspective, would be: The policy (4.4) as written defines several critical infrastructure categories, but does not create a boundary for what services can run on those allocations. Does this create an avenue for abuse of this pool? I think the example already shared of using this as a fast way to get v4 space to use as a CDN node seems like a good one – there may be a use case for it to exist on the member network, but using that IP for access for the Internet at large would appear (to me) to be in violation of the spirit of the policy and the reason for the allocation. In the current setup, ARIN staff is almost certainly having to make interpretations and judgement calls, which leads to the additional question – does the community want more than that? Thank you – Doug -- Douglas J. Camin ARIN Advisory Council [email protected] From: ARIN-PPML <[email protected]> on behalf of Ryan Woolley <[email protected]> Date: Thursday, April 18, 2024 at 6:44 PM To: [email protected] <[email protected]> Subject: [arin-ppml] Feedback on ARIN 53 question on micro-allocations for IXPs At ARIN 53, John Sweeting asked for clarification from the community on whether an internet exchange needs IP space beyond that used for the switching fabric, and whether IP allocations made to an IXP operator may need to be routable. Additionally, John shared a suggestion that the historical basis for maintaining a pool specific to IXPs was to enable the building of filters to prevent those addresses from being globally routable. Community IX operates two IXPs, FL-IX in south Florida and CIX-ATL in Atlanta. FL-IX was founded in 2015 and now connects 158 member networks. CIX-ATL began operations in 2019 and currently connects 66 member networks. Both IXPs have been assigned IP address space from ARIN. Each IXP uses one prefix for the member LAN, which is not announced outside of our members’ networks, and a second, routed, prefix for the IXP infrastructure. The routed prefix supports operations critical to the operation of the exchange. Our member portal, network management systems, and equipment loopback addresses are, by need and design, addressed in routable IP space. For example, route servers build filters based on ROAs and IRR databases, and configurations are replicated off-site. Unlike an IXP affiliated with an ISP or data center operator, we have no line of business which would enable us to borrow IP space from, for example, a pool maintained for allocation to IP transit customers. Our transit is provided as a donation by members, who may come or go as their connectivity needs require, so we cannot reasonably use non-provider-independent IP space. On the second question of whether space reserved for IXP allocations should be unroutable as a feature, we have not, in our years of operation, encountered any issues with reachability for these allocations. If networks are building filters for this purpose, our experience suggests that is not a common practice. IXPs do commonly have a desire to prevent their member LAN prefix from being routable. The current best practice is that this prefix is signed in RPKI with an origin ASN of zero (as described in RFC 6483), and Community IX does this for both our IXPs’ member LANs. To the extent that filtering based on IP addressing may have been contemplated in the past, is it now obsoleted by RPKI. Regards, Ryan Woolley Community IX
_______________________________________________ ARIN-PPML You are receiving this message because you are subscribed to the ARIN Public Policy Mailing List ([email protected]). Unsubscribe or manage your mailing list subscription at: https://lists.arin.net/mailman/listinfo/arin-ppml Please contact [email protected] if you experience any issues.
