Re: [address-policy-wg] proposal to remove IPv6 PI

[Jan Hugo Prins | BetterBe]

I think we introduced IPv6 PI because we needed to be able to give
address space to entities that only need internal address space, want to
be multi-homed, but would never allocate to 3rd party networks because
they would only use it internally for their own business (for example a
SAAS provider hosting it's own product inhouse).

When we stop allowing IPv6 PI we would force those entities to, either
become a LIR and pay a lot more for the same IPv6 address space, or they
will probably not start using IPv6 at all. Both would not be a good idea
I think.

Jan Hugo


On 05/16/2018 02:52 PM, JORDI PALET MARTINEZ via address-policy-wg wrote:
> Hi all,
>
> For those that haven't been in the meeting, the slides are available at 
> https://ripe76.ripe.net/presentations/97-RIPE-2018-05-v1.pdf
>
> I believe we have several problems that my proposal is trying to fix.
>
> 1) See my previous email on the clarification of IPv6 PI sub-assignments. Is 
> not just a matter of IPv6, but also IPv4. This is an alternative solution (at 
> least of the IPv6 part - we could do the same for IPv4 of course and also 
> remove IPv4 PI).
>
> 2) It was clear in the meeting, as we *all* know, that many folks in the 
> community (and not only in this region) are abusing the policy and they 
> actually use end-user space (PI policies) to *assign* (call it sub-assign if 
> you prefer it), to third parties.
>
> 3) It may be the case that this happens because the fee structure. An LIR, 
> currently, pays 1.400 Euros per year (plus one-time setup-fee of 2.000 
> Euros). And end-user just pay 50 Euros per resource assignment. So, it makes 
> sense to just pay for 50 Euros, and then you may be providing services using 
> NAT+CGN (in the case of IPv4) or a single /64 to each subscriber in the case 
> of IPv6. It is broken, of course, but people do that.
>
> 4) The fee scheme is somehow responsible of that as well, as there is in my 
> opinion, unfairness. A big ISP having an IPv6 /20, or /24 or /29 or /32 is 
> paying always the same. This is the only region that have a "flat" rate.
>
> 5) We could fix the point above, auditing every end-user. But we could also 
> fix it in a better way by:
>   a) A policy change in the line the one I've proposed (see the slides 
> and the links for a diff)
>   b) Having a single LIR contract, instead of LIR and end-user
>   c) This may be (as an option), also become a way to make a price scheme 
> which is proportional to the amount of resources allocated.
>
> Note that we don't need to change the fee scheme, but it is an opportunity 
> for taking a look into that. It may be perfectly possible to keep the cost of 
> end-users as 50 Euros (for a single /48, for example), but having a single 
> contract. I know perfectly that fees are not "policy", however only if we 
> address that we can do correctly the policy. A demonstration of that: When I 
> proposed the IPv6 PI and it reached consensus, it was needed to create the 
> "end-user" contract and the corresponding fee, so is something that we have 
> done before.
>
> I know that the proposed text may be very imperfect, for example the usage of 
> "ISPs", but this is not the key now, there are for sure several alternatives 
> to that. For example, we could just differentiate both cases with "LIR that 
> do subsequent distributions initially qualify for /32 up to /29 etc. LIRs 
> that do not do subsequent distributions initially qualify for a /48 for each 
> end-site". So please, don't consider specific text at this point of the 
> discussion.
>
> And last, but not least, repeating myself, we could do this just for IPv6, or 
> also work in parallel in a policy proposal for IPv4 PI removal as well. This 
> will be probably the best choice, so we can let the NCC to have a simplified 
> policy, a single contract and consequently less overhead: Simplification for 
> everyone.
>
> Thoughts?
>
>
> Regards,
> Jordi
>  
>  
>
>
>
> **
> IPv4 is over
> Are you ready for the new Internet ?
> http://www.consulintel.es
> The IPv6 Company
>
> This electronic message contains information which may be privileged or 
> confidential. The information is intended to be for the exclusive use of the 
> individual(s) named above and further non-explicilty authorized disclosure, 
> copying, distribution or use of the contents of this information, even if 
> partially, including attached files, is strictly prohibited and will be 
> considered a criminal offense. If you are not the intended recipient be aware 
> that any disclosure, copying, distribution or use of the contents of this 
> information, even if partially, including attached files, is strictly 
> prohibited, will be considered a criminal offense, so you must reply to the 
> original sender to inform about this communication and delete it.
>
>
>
>
>

-- 
Kind regards

Jan Hugo Prins
/DevOps Engineer/

Auke Vleerstraat 140 E
7547 AN Enschede
CC no. 

Re: [address-policy-wg] proposal to remove IPv6 PI

[Havard Eidnes]

>> > Responding below, in-line.
>> 
>> *PLEASE* use some meaningful way to quote and answer inline so a
>> reader can distinguish between the original text and your answer. You
>> current mode of answering is making this really hard.
>
> I will use [Jordi] to make it clear.

Then how far does that extend/apply?

Speaking for myself, you are significantly increasing your chances of
being summarily ignored if you're using difficult-to-decipher quoting
conventions.

Best regards,

- Håvard

Re: [address-policy-wg] 2018-02 Assignment Clarification in IPv6 Policy - comments from today meeting

[JORDI PALET MARTINEZ via address-policy-wg]

Hi Kai,

Responding below, in-line.

Regards,
Jordi
 
 

-Mensaje original-
De: address-policy-wg  en nombre de Kai 
'wusel' Siering 
Organización: Unseen University, Department of Magic Mails
Fecha: miércoles, 16 de mayo de 2018, 20:37
Para: 
Asunto: [address-policy-wg] 2018-02 Assignment Clarification in IPv6 Policy - 
comments from today meeting

Hi there,

on 16.05.2018 17:33, JORDI PALET MARTINEZ via address-policy-wg wrote:
> So, to make sure I understood your point. You think that a single /128 
prefix is ok to be sub-assigned (as per the current policy), but a single /64 
prefix is not?
> Or you will agree in a change that only fix that?

I think that the current text serves it's purpose and _can_ be understood 
in the way it was intended to (i. e. countering the, non-standard, RIPE NCC 
idea that using SLAAC or DHCPv6 constitutes an act of sub-assigning addresses, 
forbidden as per section 2.6).

[Jordi] So there is a contradiction here, because according you, only if you 
use manual setup, then it will not be a sub-assignment?

If you read it while suffering from an overdose of technical writings, a 
normal reaction could be "R U kidding me? Addresses, even plural, but not 
prefixes — does not compute".

I do *not* agree that _that paragraph_ needs another band-aid.

[Jordi] The fact that you and I are interpreting different things, shows 
clearly, that the text is not good.

I think that rough consensus should be sought on what uses by the 
assignment holder of assigned IPv6 space are considered ok. Afterwards, 
amending the policy at least should be more easy — if still considered 
necessary by then.

> Regarding the specific wording, you're totally right and we should decide 
*if* there is a way to re-formulate it.

I think we should keep it as it is, take a step back and consider what 
issue, if any, there is. Frankly, I do not see one ATM; policy texts should not 
try to micromanage the readers mind, IMO.

> That's the reason I initially suggested, even when discussing 2016-04, 
that the text should be only in the IPv6 PI section ... the consensus was in 
the other direction.

Well, the current policy does allow »minor« third-party-usage for any (note 
the word) assigned IPv6 space. Previously, adopting RIPE NCCs view on SLAAC 
being an act of address assignment, no-one was allowed to run a Guest WiFi or 
similar with RIPE area assigned IPv6 space, PA or PI — as sub-assignments were 
(and are) forbidden and providing a third party with single addresses out of an 
assignment holder's addresses constituted a sub-assignment according to RIPE 
NCC (this is now fixed per policy in ripe-699's section 2.6). So, if you agree 
with RIPE NCCs view, 2.6 is the correct location. If not, the policy maybe was 
fine and the issue lay elsewhere.


[Jordi] Again, then because I'm using latest standards which allow me to use 
/64 per hosts, it means I can't use it. We have moved the limit to a single 
address while it was NONE. The community can decide then to move to a single 
prefix, or why not, later to several /64 prefixes ... Thinks about that please.

> This is the big problem in my opinion, and I actually forgot the mention 
it before. I think policy must be as much as possible, a text which has only 
one interpretation, even if that means it is longer. Otherwise, and I explained 
this in emails when discussing 2016-04, people that "follows" the policy 
process has advantage in terms of interpretation vs a newcomer that will read 
only the *policy text*, but not the impact analysis, and all the discussions 
used to clarify the policy text.

I totally disagree with you on this. The more words go into a policy, the 
more loopholes are opened, which then have to backfill with new wordings, 
leading to pages after pages of policy text. A policy text should be easy to 
understand (especially for non-native speakers of the english language ;)), 
give a guideline on what use case it expects to cover and at all costs refrain 
from giving examples. The thing with examples is that, from my experience, they 
invite people to game the rules.

[Jordi] Again, newcomers have a disadvantage if the policy text is not clear 
enough and provides different interpretations vs the impact analysis, because 
the impact analysis is not *referenced* at the policy manual with every policy 
change (which will be way to complex).


Please don't overengineer the policies.
 
[Jordi] On the other way around, I'm trying to make sure that 1) the text is 
more clear or 2) we simplify all the mess by removing IPv6 PI
   
Regards,
-kai






**
IPv4 is over
Are you ready for the new Internet ?
http://www.consulintel.es
The IPv6 Company

This electronic message contains information 

Re: [address-policy-wg] proposal to remove IPv6 PI

[JORDI PALET MARTINEZ via address-policy-wg]

I will use [Jordi] to make it clear.

Regards,
Jordi
 
 

-Mensaje original-
De: address-policy-wg  en nombre de 
Maximilian Wilhelm 
Fecha: jueves, 17 de mayo de 2018, 17:36
Para: 
Asunto: Re: [address-policy-wg] proposal to remove IPv6 PI

Anno domini 2018 JORDI PALET MARTINEZ via address-policy-wg scripsit:

> Responding below, in-line.

*PLEASE* use some meaningful way to quote and answer inline so a
reader can distinguish between the original text and your answer. You
current mode of answering is making this really hard.

> > De: address-policy-wg  en 
nombre de Martin Huněk 
> > Fecha: miércoles, 16 de mayo de 2018, 17:28
> > Para: , JORDI PALET MARTINEZ 

> > Asunto: Re: [address-policy-wg] proposal to remove IPv6 PI
> > 
> >> Hi Jordi,
> > 
> >> As I understand it, the PA is only for a LIR and PI is also 
for sponsored organization. Also the PI is solely for the end user 
infrastructure and and PA can be further allocated or assigned.
> > 
> > This is our actual definition. We can change it whenever we want. 
What I'm asking is what is the *real* distinction among them. Forget for a 
minute in contracts, fee structure and so on. There is no need to call the same 
with different names if we don't want. I'm calling here for simplicity. Once we 
remove the sub-assignment obstacle, there is not anymore a difference.
> 
> Discussion should be about, if we want to / should remove such 
*obstacle*. I would personally prefer that policy about PI space would stay the 
same. Just RIPE NCC should be more investigative and restrictive when assigning 
those. 
> 
> Being Internet policy is very difficult. If we have ways to avoid that, 
is an easier way to achieve the same. Policies are for a fair distribution of 
the resources, to make that distribution simpler, not to have complex policies 
and then being unable to track how well anyone is behaving with them.
> 

> > Yes, that's the idea, please see my slides. PI holders will need to 
become members, maybe the fee will get an increase (something on the line of a 
small one-time setup fee and later on a proportion of the cost of a /32 if you 
are getting only a /48, etc., but this is for the membership to decide). What 
we all win with that is a fairer cost distribution and also an easier way to 
make sure that the rules are followed and nobody tricks the rules using a PI as 
PA. Specially for the NCC is much simpler.
> 
> Easy as a flat rate for every LIR. Actually this is the main problem 
problem for me. LIR should by the name work as local internet registry. This 
has been broken for IPv4 by IPv4 shortage. Not everyone should be forced to be 
a RIPE NCC member. I'm perfectly fine with 50 EUR fee for every /48 for those. 
Such organization which needs PI have no plans for assigning 
> 
> Is easier, but it is fair?

This is not for the AP-WG to decide.

[Jordi] Agree, but it was not either when we created IPv6 PI, and all the 
needed changes were considered in parallel.

> addresses to third parties, so why they should be LIR when they don't 
plan to act as one?
> 
> The problem is that once we accepted 2016-04, that got broken. End-users 
being assigned a /48 are using that now to sub-assign addresses to other 
end-users (employees, students, users of a hot-spot, etc.).

Well, most people obviously don't consider this "broken" as there has
been a consensus after all. And I think we really made clear that it's
not a sub-assigment, which was the whole point of the last two years.

[Jordi] We aren't going to discuss that over and over again. Different people 
who read that text has a different interpretation than the impact analysis, so 
objectively it is broken.

> This would make IPv6 addresses less accessible. It is like LIR 
saying: "Do you want to have your own addresses or more then I gave you? Go to 
the RIPE NCC and pay them 1400 EUR/y! No matter what you do...". Those PI users 
would either loose protection of their own space or they would had to pay 28x 
more per year plus 2000 EUR sign up fee. What would do company outside of the 
internet business? They would not implement IPv6, that is easy! :-)
>
> As said before, this is fixed in combination with the fee structure 
decision by the AGM. So *no*, on the contrary, will be fairer. I think probably 
a 50 Euros cost for a /48 is really too low, and may be a /32 will become 
cheaper, and of course, a /20 more expensive. There are many possible models 
for that, but it can be perfectly managed to avoid anyone having a requirement 
from a /48 to not being able 

Re: [address-policy-wg] proposal to remove IPv6 PI

[JORDI PALET MARTINEZ via address-policy-wg]

Hi Max,

Thanks for your inputs.

Responding below in-line.

Regards,
Jordi
 
 

-Mensaje original-
De: address-policy-wg  en nombre de 
Maximilian Wilhelm 
Fecha: viernes, 18 de mayo de 2018, 2:38
Para: 
Asunto: Re: [address-policy-wg] proposal to remove IPv6 PI

Anno domini 2018 JORDI PALET MARTINEZ via address-policy-wg scripsit:

Hi,

> PI and PA are artificial names for the same thing.

They are not.

Please, enumerate what are the differences, so we can check one by one.

> There is only one type of Global Unicast Addresses in IPv6.

Not true.

Sorry, can you point me to the RFC that points to that assertion?


PI and PA are sliced from different pools which may have (I didn't evaluate
that by myself yet) different routing policies in the DFZ. At least
I've seen filters or BCOPs for PA space differ from PI space in the
means of what prefix lengths to accept.

If you look into my presentation you will see that I've already thought about 
that, so the NCC can continue with the same operational practices as per today:

" Actual IPv6 PI assignments are made from a different block. Even if it is an 
operational NCC issues, I believe it still makes sense for the NCC to keep that 
structure (a block for ISPs with /32 and bigger allocations) and another block 
for /48 and bigger allocations (may be up to /33 for organizations/end-sites). 
Also keep using sparse allocation for both, and allow, while possible that 
further allocations are made from an adjacent address block."


> As I already explained before, the same way the AGM created the end-user 
contract and the corresponding fee, they should be a new fee structure within 
the LIR contract, for those that have one of few /48s instead of /32 or /29, 
etc.

And there you are mixing GM and AP-WG again. This is neither a topic
for this WG, nor do I think that there would be any possible
consensus about a change in charging schema.

I know, but BOTH need to be worked somehow with some parallelism. I'm going to 
say this once more: We didn't have the end-user contract before I proposed the 
IPv6 PI, then the board and the AGM did the rest. So there is not any issue 
about repeating that.


And basicly I'm with some other here:

What is your real intent with all this? Simplification does not seem
to be it.

For full disclosure, if you still doubt about it: My intent is only doing work 
whenever I need it helps, for the good of the community. I'm probably the most 
objective guy here. I've no any LIR neither end-user (in any RIR), neither I 
plan. So, whatever is in the policies is not "affecting directly to me". I only 
had an experimental ASN and IPv6 prefix, many years ago, when I started playing 
with IPv6.

Despite that, because you seem to think that I'm hiding something, whatever I 
can say will not convince you. But put yourself in this situation. When anybody 
submit a policy proposal, should we always think that? If we start with this 
kind of prejudices, will never help debating on any topic. Not really smart.

So, once more, can you enumerate what are the special features from IPv6 PI, 
different that IPv6 PA, that I'm missing?

Put aside for a moment all the issues related to fees, because even the AGM 
could decide to keep the exact same fees for "end-users" as per today even if 
we remove the IPv6 PI. So that may not change this specific aspect of the 
overall discussion.


Best
Max





**
IPv4 is over
Are you ready for the new Internet ?
http://www.consulintel.es
The IPv6 Company

This electronic message contains information which may be privileged or 
confidential. The information is intended to be for the exclusive use of the 
individual(s) named above and further non-explicilty authorized disclosure, 
copying, distribution or use of the contents of this information, even if 
partially, including attached files, is strictly prohibited and will be 
considered a criminal offense. If you are not the intended recipient be aware 
that any disclosure, copying, distribution or use of the contents of this 
information, even if partially, including attached files, is strictly 
prohibited, will be considered a criminal offense, so you must reply to the 
original sender to inform about this communication and delete it.