IP Address News

Providing you with a single site about IP Addresses News and Usage

IP Address News - Providing you with a single site about IP Addresses News and Usage

ARIN 40 Public Policy Preview

Next week is the ARIN 40 meeting in San Jose, CA.     Here is my look ahead at the policies being discussed at the meeting.  We will have five draft policies to discuss during the meeting.  This time there are no recommended drafts so no policies will be headed to last-call after this meeting.  If you aren’t going to be there in person check out the remote participation options.

2017-3 Update to NPRM 3.6: Annual Whois POC Validation

Policy Summary: This draft policy make changes to the requirements for managing POC (Point of Contact) records in the ARIN database.

Discussion: This policy is intended increase the accuracy of the WHOIS information by removing records and removing ARIN services if records are not updated.  This policy was discussed at the last meeting in New Orleans.  While this policy so far does not seem to have a lot of support the AC is using this policy draft as a tool to continue the needed discussion around making changes to improve the accuracy of WHOIS records.

2017-4 Remove Reciprocity Requirement for Inter-RIR Transfers

Policy Summary: This draft policy is intended to allow one-way Inter-RIR transfers to the smaller RIRs (AfriNIC & LacNIC).

Discussion: For a while various policies in AfriNIC and LacNIC have proposed one-way policies such that addresses could be transferred into these regions.  There is a feeling amongst those in the LacNIC and AfriNIC communities if they allow 2 way transfers, all their IPv4 addresses will just be lost to other regions with more money.  This policy was intended to allow those smaller RIRs to obtain additional addresses via transfer from the regions which have older legacy space address holdings.

2017-5 Improved IPv6 Registration Requirements

Policy Summary: This draft policy changes the WHOIS reassignment requirements for IPv6.

Discussion: The current policy for IPv6 WHOIS reassignments requires /64 records to be put into the ARIN database.  This does not mirror the current situation with /28’s being required for IPv4.  This policy seeks to make a new threshold of /47 or larger OR any block which will be announced separately.

2017-6 Improve Reciprocity Requirement for Inter-RIR Transfers

Policy Summary: This draft policy is intended to block Inter-RIR transfers to RIRs which do not have reciprocal two-way transfer agreements with their NIRs.

Discussion: Some regions (such as APNIC) have NIRs (National Internet Registries) where organizations within that country go to obtain Internet resources.  It is suggested that some regions do not have reciprocal needs-based transfer policies between the RIR & NIR, and thus one should prohibit transfers to these RIRs since they do not meet the current ARIN requirements of a “RIRs who agree to the transfer and share reciprocal, compatible, needs-based policies.”

2017-8 Amend the Definition of Community Network

Policy Summary: This draft policy changes the definition of a community network in ARIN policy.

Discussion:  The community network policy in the ARIN region has been very rarely used.  Since it has been so rarely used we have discussed if it should just be removed from the policy manual or if it should be updated such that more organizations and networks could qualify.  This new definition attempts to redefine the policy such that additional organizations can qualify for resources under the community networks policy.

APNIC 44 Observations

Earlier this month I was fortunate to travel to Taichung, Taiwan for APNIC 44.  I’d like to share with you a few a few notes from the meeting.

The conference website for those wishing to jump for more details… https://conference.apnic.net/44/

 

Policy SIG

Prop-116 – Block transfers from last /8 (103/8). APNIC’s last /8 policy gives /22s to new entrants.  Some new entrants are getting blocks and then just selling them.  So this policy blocks transfers and requires organizations to return the unused blocks to APNIC for reallocation under the last /8 policy. This policy reached consensus and is moving to last call. As a result of consensus, the APNIC EC has issued a statement that all transfers are now blocked from 103/8.

Prop-118 – No need in APNIC. This is a policy to mirror the RIPE policy. After discussion it failed to reach consensus and is going back to the mailing-list. There was a question to APNIC secretariat about how many transfers thus far have been blocked for lack of need. The answer was 1. No details were given on why, but people used this fact to say there is not problem that needs to be solved here.

Prop-119 – Temporary transfers. This policy was promoted as needed because reallocations or reassignments weren’t “good enough.”  The policy draft required an end date to transfer, then a block would be returned to original organization.  The policy didn’t specify minimum term.  There was an interesting and quite lively discussion on this one. It failed to reach consensus and there was significant opposition. The policy will be returned to the mailing-list.

Prop-120 – Adjust the last /8 policy. The policy sought to combine the two current pools 103/8 & recovered pool (which currently has a wait list) after 103/8 is exhausted. The community wanted to preserve the “new entrant” gets something ideal, so combining the two pools didn’t make sense to many. There was a discussion of then how to combine/prioritize the wait-list. This policy failed to reach consensus and is going back to the mailing-list.

Prop-121 – Simpler Initial Ipv6 allocations. Removes the 200 assignments plan requirement, everyone gets the minimum, unless you want to provide a detailed plan for getting more.  Policy reached consensus, moving to last call.

Prop-122 – Simpler Subsequent Ipv6 allocations. If 121 reaches consensus, then prop-122 subsequent allocations policy should also be adjusted to bring it in line with initial allocation. Policy reached consensus, moving to last call.

NIR SIG

I always find it interesting to see how the NIRs work within the RIR structure. While the update reports are sometimes just some quite repetitive stats, I did find the following interesting to note.

CNNIC – reports 93% of Chinese internet users use mobile as their connection method. They are spending significant effort to promote and train people to use RPKI.

KRNIC – KRNIC is undergoing a process to update all of their reallocation records with ISPs within their subregion. Still working on completing DNSsec signing of all their reverse zones.

INNIC – The “national” internet exchange in Indonesia has a peak rate of over 300Gbps and an interesting distributed topology throughout larger islands. INNIC is building their own “myINNIC” portal for members to access their records.

NAT w/ Geoff

Geoff Huston is off promoting NAT as the savior of the Internet now. Not really, but sort of, I certainly disagree with some of his conclusions. As someone who has lost days dealing with nat10 overlap between organizations, and trying to route/nat/encrypt/nat between multiple enterprise networks, the idea that we’d want to continue to add more NAT just sounds crazy to me if we don’t have to. Has NAT solved the issue with extra addresses needed at the edge, yes, and well it works well in the home CPE market. But beyond that, I’m not sure I’d promote NAT as a solution.

APNIC services

APNIC now has an organization object structure within its database. (Also some new contacts features in their portal)

APNIC continues to see fraud with address records, with people creating fake documentation and justification for resource needs. Often seen attempts at quick transfers with these kinds of fraud activities.

APNIC is continuing to look at how they want to be involved in the IP-geo-location issues.  They have a geoloc field in their database objects, but it is seldom used. Many other organizations feel like APNIC records are responsible for their addresses being located “somewhere else.” The conversation seemed to ignore that there are many different large commercial organizations which build geolocation databases (not off of whois information) and those records need to be updated too when a block is moved between organizations.

George Michaelson had a presentation about IRR and RPKI. With the idea to try and start people talking about how routing records should be created/stored in the future.  One interesting note there was that JPNIC now has (or will have soon) expiration dates on all RPSL records such that a regular review cycle is now required for all routing records. This certainly sounds like a good idea, if you assume RPSL is a good idea long term.  I don’t know if this would work well in other regions outside of JPNIC.

ASO review

APNIC will be chartering a working group to gather info from the public for the future structure of the ASO based upon the ITEMs consulting review of the ASO. Aftab Siddiqui and Izumi Okutani will be the co-chairs.

APNIC member meeting

Based on trends so far APNIC expects to transfer less (when measured by total addresses transferred) IPv4 addresses in 2017 compared to 2016 & 2015. A comparable year to 2014. Total number of transfers is projected to be up slightly in 2017 compared to 2016.

APNIC now using the new RDAP whowas specification implementation. https://www.apnic.net/about-apnic/whois_search/whowas/

There was a comment about the “ready to ROA” program and if it was perhaps distracting from other work that was perhaps more important. It seemed like there was some implication that people were just creating ROAs without fully understanding the implications or have any intent to use the RPKI for routing validation. (But perhaps I was reading too much into the comments I heard offline)

Review of the IPv4 market from Avenue4

Avenue4 has published a report regarding the state of the IPv4 address market.  In their report they note that the pricing per block is dependent on size with smaller blocks being transferred for about $13.50 per IPv4 address and the largest blocks of >1M addresses being transferred for around $11 per address.  The low point in the market is around the /16 blocks of ~65k addresses for around $10 per address.

The IPv4 Market – Looking Back and Forward

ARIN 37 Public Policy Preview

ARIN37Next week is the ARIN 37 meeting in Jamaica.     Here is my look ahead at the policies being discussed at the meeting.  There is one recommended draft that will be discussed along with five other draft policies.  If you aren’t going to be there in person check out the remote participation options.

2015-3 Remove 30 day utilization requirement in end-user IPv4 policy (Recommended Draft)

Policy Summary: This draft policy removes the 30 day usage requirement for IPv4 end-users.

Discussion: This policy is intended to remove what has been considered an onerous requirement on end-users.  Under current policy an end-users is supposed to put 25% of their block into use with 30 days, based upon a 1 year allocation. This requirement has always been very hard for organizations to meet and has skewed the allocation sizes downward.  With end-users now forced to obtain assignments via the transfer market, this policy provision is even more restrictive.

Commentary: There has been some opposition to this policy because a few contributors believe there should be some near-term requirement for organizations which do not have any assignment history with ARIN.  However, I believe most people support removing this requirement.

2015-2 Inter-RIR Transfers to Specified Recipients

Policy Summary: This policy allows an organization which receives a transfer in the ARIN region to transfer it to another RIR within 24 months of receiving the transfer.

Discussion: The policy is intended to benefit large organizations which receive a block via transfer in the ARIN region and then want to transfer it to a subsidiary or other entity in another region.  This is needed for some organizations which wanted to move address blocks to regions/countries which required the addresses be registered in a local NIR before they can be used.  Language was added to the policy requiring the receiving organization be a subsidiary, but despite attempt to finalize the draft language legal issues were raised prevented which the policy from becoming a recommended draft.

2015-7 Simplified requirements for demonstrated need for IPv4 transfers

Policy Summary: Replaces the needs test for transfers with an officer’s attestation to 50% use within 24 months.

Discussion: This policy is intended to loosen the transfer requirements, but leave the other transfer qualification methods intact in case an organization want to use them.  This policy has seen limited support on the mailing list.  The ARIN AC is looking for if there is sufficient support for the ideas within this policy before proceeding to move this policy to recommended.  Issues raised included concern that the 50% utilization level is way to low.  In general, this policy and 2015-9 are supported by organizations which believe in lessening the needs-basis requirements for IPv4 transfers, but not supported by those who believe that the current needs-based requirements are still working and providing value so they should be retained.

Commentary: I personally like the idea of loosening the needs-basis requirements toward officer attestations of use as long as there is a requirement that the address blocks be used on an operational network.  We could quibble about the utilization levels, but 50% per block seems like the lowest one could go and still have the utilization rate be meaningful.  80% has been the requirement for a long time and retaining that level could be beneficial in bridging the gap for those who would otherwise not support the policy.

2015-9 Eliminating needs-based evaluation for Section 8.2, 8.3, and 8.4 transfers

Policy Summary: Removes needs-based testing from the transfer policy.

Discussion: This policy has been supported and not supported by the “usual” sides in this debate.  This policy was recently proposed for abandonment during the March AC’s meeting, but that motion failed.  Most of the issue revolved around the lack of formal support for this policy.  The AC will be looking for statements of support at the upcoming meeting to see if there is a path forward for this policy.  The text of the policy has not really changed much since the last meeting, other than removing Inter-RIR transfers from the policy as to not upset the interdependent policies between RIRs.

Commentary: I have specifically noted two issues which I believe should be addressed in this policy. 1. I believe there should be a base requirement that address blocks should only be transferred to organizations which intend to use them on an operational network. 2. I don’t like how the policy is constructed from a textual perspective.  The policy uses the phrase “excluding any policies related to needs-based justification”  While I think I know what that means, there is no definitive definition of what exactly constitutes a “needs-basis policy.”  We should be constructing clear text which clearly states any requirements for a transfer.

2016-1 Reserve pool transfer policy

Policy Summary: Restricts the ability to transfer IPv4 blocks which are received from reserved pools including the critical infrastructure pool (4.4) and the IPv6 transition pool (4.10).

Discussion: This is a new policy which grew out of a discussion at the last NANOG meeting in San Diego.  It was noted by some of the participants there that these reserved blocks could be transferred and that was perhaps not what the authors of the reserved block policy had intended.  The current practice allows an organization to obtain a block for a specific purpose and then transfer it to another organization which can use it without restrictions.   The IPv6 transition block was also intended to allow block sizes smaller than /24.  Some contributors believe that if blocks are allowed to be transferred some operators won’t lower their filters to allow these smaller blocks to propagate in BGP.

APNIC 41 with APRICOT in Auckland, NZ

apnic-41-logo

 

 

 

 

I recently returned from the APNIC meeting in Auckland, New Zealand.  Here are a few notes and highlights from the meeting.

IPv4 Transfer Panel

A interactive panel on current trends in the IPv4 transfer market.

Alain Duran (ICANN Research) – IPv4 market might be considered concentrated depending on how you slice the data.  The RIRs are reporting transfers in different formats and different fields and this is hindering analysis.  Most transfers are happening in the region, but some are moving between the regions (ARIN is a net exporter).  Most of the addresses that are being transferred are “old” ones that were issued more than 20 years ago. (copy)

Geoff Huston (APNIC) – The largest transfers are happening in the ARIN region.  More than 58M addresses were transferred globally in 2015. There is a difference between what we see in the routing table for transfers vs. what is recorded in the registry.  We don’t have a good way to measure the amount of addresses that are being Leased/Rented.  We also can’t measure how many devices are behind NATs.  Transfers aren’t making a difference in the route-table growth. (copy)

Sandra Brown (IPv4 Market Group) – Sandra that price will still rise, but is currently being depressed due to the large blocks (/8’s) coming to market.  Price differentials between regions have largely disappeared since inter-RIR transfers have started with RIPE.  Using the /16 as a base size block, pricing bottomed out in Sept 2015 at about $5/IPv4 address and is now in the $7-8 range for /16s. (copy)

Gabe Fried (HilcoStreambank) – Only 1/3 of large “Elephant” transactions have been recorded with the registry.  Smaller blocks command price premiums, so some holders are choosing to break up their blocks and slowly sell them over the course of a year generating additional value to the current block holder.  Largest transactions (Option Agreements): Buyer pays at closing, seller keeps the block until the buyer is ready to transfer, buyer retains the right to direct the seller to transfer the blocks to a specific receiver at a future time.  10% of the volume of addresses are direct transfers constituting 96% of transfer transactions.    The remaining 4% of the transactions are 90% of the address transfer volume.  (copy)

Q&A period included discussions about how Letters of Authority (LOAs) are being used to route blocks.  Organizations should really check to see if people are really authorized to advertise blocks.  There was some discussion about if reassignment records be used to record renting and leasing records?  How can we bring more transparency to the industry for options contracts and leasing/renting issues.

YouTube video of panel

Address policy working group (Policy sig)

All formal action items were resolved before the meeting; 2 policies were implemented recently: Prop-113 & Prop-114

Prop-113 – new minimum assignment criteria, for a /24

  • Currently multihomed
  • Currently using a /24 and intends to multihome
  • Plans to multihome with 6 months

Prop-114 – new ASN assignment criteria

  • Currently multihomed OR have previous allocated PI space and intend to multihome in the future

2 new proposals submitted were not accepted by chairs:

First proposal submitted allowed aggregation of /21 approvals instead of /22 from 103/8 and /22 from other pool.

Second proposal submitted required whois contact email should be validated once per month.

Prop-105 – IANA returns pool – allows an organization to get another /22

The IANA returns pool is depleting. The non-103/8 pool is for a second /22 per organization. The pool will deplete soon likely in April/May 2016. March will add a /15. September will add an /18. Recovered blocks, if any, go into this pool as well. When the pool depletes, it’s going to bounce a few times as it gets repeatedly depleted and then refilled. Secretariat proposed at the Jakarta meeting the creation of a waiting list for this pool. The staff has started working on implementation of the wait-list which will be based on a strict order of request.

BGP route Hijacking

prefix hijacked (copy)

Interesting presentation about blocks that are being hijacked and the methods (fraudulently prepared LOAs) to get the blocks routed.  Don’t trust LOAs, they are sometimes not worth the “paper” they are written on.

BGP Hijack Issue on Nov 6 2015

Some hijackings are causing a race to the bottom of announcing everything as /24s in some cases.  This could have longer-term issues if this type of behavior became the norm rather than a transient exception.

vizAS

APNIC has a new tool that one can use to visualize ASN data.

http://labs.apnic.net/vizas

IP Addressing 2015

Geoff Huston recently released his 2015 report on IP addressing.  Here are a few notes from the larger report.

  • AfriNIC is the only RIR which continues to have an IPv4 free pool available
  • ARIN exhausted its free pool in mid-2015 and is now only allocating small blocks from an IPv6 transition pool
  • IPv4 transfers continue to increase with 3,643 transfers recorded in 2015 which is more than double from 2014
  • The volume of IPv4 transfers almost tripled in 2015 to 58,309,888 IPv4 addresses
  • Carrier-grade NAT (CGN) and other NAT applications continue to dampen the real demand for IPv4 addresses
  • IPv6 allocations continue to hold steady with 4,733 allocations made in 2015

Addressing 2015 – Last One Standing! (copy)

IPv4 address exports in Romania

Here at the the RIPE 71 meeting in Bucharest, Romania.  A very interesting presentation was given by one of the IP address brokers about the large scale export of IPv4 addresses from Romania.

According to data from RIPE and Cipiran Nica, 66% of all exported addresses in the RIPE region are from Romania. RO had 13.5M addresses before runout, then exported 5.2 M or more than 1/3 of the total addresses in the country. By contrast the next largest exporter in the region, Germany, was the source of 14% of the RIPE transfers.  This 14%, however, constituted less than 2% of total addresses registered in Germany.  

This export has always seemed a bit of an oddity since it was noted in earlier blog post from Dyn earlier in 2015. 

The presentation at the meeting revealed some of the on the ground details that are not easily explained by the statistics themsevles.  The primary reason so many of these addresses came on to the market was that a majority of the addresses in the country were being rented or were previously used for spam.  Prior to IPv4 exhaustion many RO companies rented addresses due to the cost of becoming a LIR. Additionally, there has been consolidation of the ISPs in the region and as these smaller ISPs were taken over the addreses were returned to the LIRs.  These are the addresses that went into the transfer market along with addresses that were obtained mostly for companies which were doing snowshoe spam. The addresses which were used for spam constituted 68% of exported addresses.  Approximately 30% of the addresses were from formerly rented addresses.

Estimates of actual IPv4 usage from the top 5 companies companies in Romania show that about 4.2M addresses are being used to conver 95% of the Internet access customers in the country.  

It will be interesting to see if this large scale export of IPv4 resources will have a negative effect on the longer term.  A number of the largest providers here are quite agressive in their IPv6 rollouts, but even those require IPv4 to be able to connect end users to the rest of the predominantly IPv4 Internet.

Romania’s Jump to the Number One exporter of IPv4 Addresses