On Fri, Oct 25, 2013 at 8:03 PM, Gert Doering <gert@space.net> wrote:
Dear Address Policy WG,

On Thu, Sep 26, 2013 at 04:36:24PM +0200, Marco Schmidt wrote:
> A proposed change to RIPE Documents ripe-589, "IPv6 Address
> Allocation and Assignment Policy", ripe-451, "IPv6 Address
> Space Policy For Internet Exchange Points" and ripe-233,
> "IPv6 Addresses for Internet Root Servers In The RIPE Region"
> is now available for discussion.
[..]
> We encourage you to review this proposal and send your comments to
> <address-policy-wg@ripe.net> before 25 October 2013.

The discussion phase for this proposal is now over, but after the
feedback received at the RIPE meeting in Athens (and here on the list,
even if in the wrong thread :) ) the chairs have deviced to take a step
back, and re-state the fundamental "do we want to go there?" question
(and extend the discussion phase by +4 weeks).

The proposal aims to unify IPv6 PA and IPv6 PI space into one kind of
address space, "IPv6 addresses".  This is the goal.

The idea to go there came from various people in the community, mostly
for one reason - having two differently "coloured" addresses that do
the same thing, routingwise, but follow different policies and have
different strings attached, creates quite some confusion for the folks
out there that can no longer be nicely separated into "ISPs" (->become
RIPE members, use PA) and "end-users" (->use PI, if BGP-based multihoming
and/or upstream independence is required).

In my opinion, this distinction is not particularly useful in itself, and could very well be a floating definition.

Coming from the DNS registrar side, I cannot help thinking that looking at the registry/registrar model might be beneficial for making things clearer for people out there.

One way of seeing this, is that the LIRs are "registrars" for IP address space, and that their role could simply be about registering and brokering assignments and allocations for the RIR.

An ISP or an "end user" then becomes an unnecessary distinction, as they would both have to go to a LIR to get their address space, and it's just a matter of placing a request for the correct size, at the discretion of the applicant and the LIR.

Mind you, I think this is mostly about perspective, but if we could use the similarities with DNS registrations, then end customers (ISPs or whatever) might have less confusion.

I could very well be wrong.
 

Most notably, "garage style hosting providers" seem to have issues
with the requirement of the IPv6 PI policy that PI space MUST NOT be
sub-assigned, which the NCC interprets most strictly (because the vast
amount of "grey" between "ok" and "not ok" is hard to codify into
hostmaster guidelines).  OTOH, I have not heard that complaint from
actual hosting providers for a while, so maybe the issue is not that
big anymore.

From what I've seen – and this is anecdata – this is "solved" by subletting the address space without leaving other traces of it than a PTR record, if that.

*If* we go to "there is only one type of addresses" anymore, we have two
options

 - abandon IPv6 PI (as in "not so expensive, but independent space")
   completely, problem solved  -> I do not think we can reasonably do that

 - find a way to solve the needs for both RIPE members and non-members,
   with maximum flexibility, with only one type of addresses, taking
   "real world" address distribution chains (LIR->network operator->
   hosting provider->customer->hosted virtual machines, for example)
   and "real world" financial constraints into account.

2013-06 aims to achieve the latter, while proposing / finding specific
solutions for all the small details that come up if such a radical change
is implemented.

I think the latter is how it should be done, and I think it would be easier to explain.
 


I think the presentation at RIPE67 was a bit too fast for the WG - it
could have spent a bit more time on the background and "do we want to
go there" before overwhelming you with questions about details to be
solved.  For that, I apologize - I did review the presentation beforehand
with the proposers, and assumed "yes, this should work out nicely"...


Anyway.  I think what we need to hear now from the community (*you*) is
where we want to go:

 - do nothing, our policy for IPv6 PA and IPv6 PI "as of today" is fine

 - keep the distinction, work on the IPv6 PI policy (if the pain is
   large enough that someone actually volunteers to come with a proposal)

 - go the big step, unify IPv6 PA and IPv6 PI, and solve all the detail
   problems that need to be addressed if we go there.


Going for one of the first options would mean abandoning 2013-06 - but
if that's what the community wants, it's much better to do it *now* than
to invest more time in text, impact analysis, a few rounds of review
phase, and *then* give up the project.

I think going the big step is where we need to go. But it's a nice extra workload.

Keeping the current policy is less work, and I don't think it will hurt much of anything.

But right now, I think the ideal should be the third option, especially considering that this will seem to be much harder to change at a later point in time.
 

Gert Doering
        -- APWG chair
--
have you enabled IPv6 on something today...?


(Yes!)

--
Jan