Announcing address resources
Apropos of, oh I don't know, the weather or the phase of the moon or something, could someone point me to the RIPE policy which says that if you're assigned address resources from the RIPE NCC, that they cannot be announced from outside the RIPE NCC service region? [This is a genuine request, btw. I've been flicking down through RIPE policies for an hour or two today and can't find the reference.] Nick
Hi Nick, Policy https://www.ripe.net/ripe/docs/ripe-592 states .... 1.1 Scope This document describes the policies for the responsible management of globally unique IPv4 Internet address space in the RIPE NCC service region. But that is as close I could find it ... The policy is valid for allocation and assignment IN the RIPE service region ... Not outside .. Can you use the IP addresses within the region but for customers originating outside the region: yes. Can you use the IP adresses outside the region but for EU region customers: that is a bit grey I think, but I'm going for yes. The issue is that you should have a RIPE region based entity to qualify to request resources. Also if you want to obtain for instance with an EU entity at ARIN, to host US based customers, it isn't possible. they require you to have an ARIN region based entity as well. Although RIPE is generally easier in that respect (policy interpertation) You should be able to route your resources at multiple locations, as long as they are not single homed in the incorrect service region (imho) ... But there might be a clearer definition required if desired... What is your interpertation of it ? Erik Bais Verstuurd vanaf mijn iPad Op 21 nov. 2013 om 22:35 heeft Nick Hilliard <nick@inex.ie> het volgende geschreven:
Apropos of, oh I don't know, the weather or the phase of the moon or something, could someone point me to the RIPE policy which says that if you're assigned address resources from the RIPE NCC, that they cannot be announced from outside the RIPE NCC service region?
[This is a genuine request, btw. I've been flicking down through RIPE policies for an hour or two today and can't find the reference.]
Nick
On 21/11/2013 22:51, Erik Bais wrote:
But there might be a clearer definition required if desired... What is your interpertation of it ?
I saw that while trawling earlier today; at best it's ambiguous. As it's stated, I don't see anything in there which could stop anyone announcing ripe-ncc-assigned address space outside the ripe service region. Nick
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
I saw that while trawling earlier today; at best it's ambiguous. As it's stated, I don't see anything in there which could stop anyone announcing ripe-ncc-assigned address space outside the ripe service region.
For what it is worth, which isn't much, I had a draft email sitting about most of this afternoon asking the same question of someone that appeared to be quoting such a policy. I couldn't find it either. Cheers, Rob -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlKOlHsACgkQF83fs8P8zalWuwCfS8HwSzmOH0L2U1cHwybuGC3X X8gAnRciTT9+fvghug1rqwFN7agciYkv =tU1S -----END PGP SIGNATURE-----
Apropos of, oh I don't know, the weather or the phase of the moon or something, could someone point me to the RIPE policy which says that if you're assigned address resources from the RIPE NCC, that they cannot be announced from outside the RIPE NCC service region?
null set. what a ridiculous idea. only arin would think of such undeployable st00pidity randy
On Nov 21, 2013, at 9:41 PM, Randy Bush <randy@psg.com> wrote:
Apropos of, oh I don't know, the weather or the phase of the moon or something, could someone point me to the RIPE policy which says that if you're assigned address resources from the RIPE NCC, that they cannot be announced from outside the RIPE NCC service region?
null set. what a ridiculous idea. only arin would think of such undeployable st00pidity
Randy - While the thought is appreciated, there is no such policy in the ARIN region. Since we do have a service region, we require requesters to be operating in the ARINregion and to announce the least-specific in the region, but nothing precludes announcement of same or more specifics from outside the region. <https://www.arin.net/participate/meetings/reports/ARIN_31/PDF/monday/nobile_policy.pdf> Thanks! /John John Curran President and CEO ARIN
Since we do have a service region, we require requesters to be operating in the ARINregion and to announce the least-specific in the region, but nothing precludes announcement of same or more specifics from outside the region.
i thought rirs did not regulate routing. silly me. glad you think you can better design my network than i. foad. randy
On Nov 21, 2013, at 10:08 PM, Randy Bush <randy@psg.com> wrote:
Since we do have a service region, we require requesters to be operating in the ARINregion and to announce the least-specific in the region, but nothing precludes announcement of same or more specifics from outside the region.
i thought rirs did not regulate routing. silly me. glad you think you can better design my network than i. foad.
If you're requested addresses for use in the region, then have usage of them in the region. If not, don't ask for them. It's not regulating the applicants routing at all, it's simply integrity to request application they just submitted. Thanks! /John John Curran President and CEO ARIN
Hello John, On 22/11/13 02:03, John Curran wrote: [...]
Since we do have a service region, we require requesters to be operating in the ARINregion and to announce the least-specific in the region, but nothing precludes announcement of same or more specifics from outside the region. <https://www.arin.net/participate/meetings/reports/ARIN_31/PDF/monday/nobile_policy.pdf>
the link you have provided is from a presentation made at ARIN31. It's a presentation showing ARIN's current practices. Regarding the 'least-specific announcement', I see there are some questions already in the presentation, have these questions been answered by any updates of the policy (or procedure) since then? If not, as Nick's initial question was regarding RIPE policies, can you please point us to the ARIN policy or procedure document saying that less specifics *must* be announced from the ARIN region? Kind regards, Elvis -- V4Escrow, LLC
On Nov 21, 2013, at 10:46 PM, Elvis Daniel Velea <elvis@v4escrow.net<mailto:elvis@v4escrow.net>> wrote: On 22/11/13 02:03, John Curran wrote: [...] Since we do have a service region, we require requesters to be operating in the ARINregion and to announce the least-specific in the region, but nothing precludes announcement of same or more specifics from outside the region. <https://www.arin.net/participate/meetings/reports/ARIN_31/PDF/monday/nobile_policy.pdf><https://www.arin.net/participate/meetings/reports/ARIN_31/PDF/monday/nobile_policy.pdf> the link you have provided is from a presentation made at ARIN31. It's a presentation showing ARIN's current practices. Regarding the 'least-specific announcement', I see there are some questions already in the presentation, have these questions been answered by any updates of the policy (or procedure) since then? If not, as Nick's initial question was regarding RIPE policies, can you please point us to the ARIN policy or procedure document saying that less specifics *must* be announced from the ARIN region? The presentation resulted in discussion of changing current ARIN practices and/or codifying them into policy, and this led to Draft Policy ARIN-2013-6 "Allocation of IPv4 and IPv6 Address Space to Out-of-region Requestors" <https://www.arin.net/policy/proposals/2013_6.html>, which was discussed at length and then abandoned. We continue to operate as I explained above, and I felt was important to note that here since there easily could have been some confusion about ARIN's practices given the list comments and recent policy discussions. Thanks! /John John Curran President and CEO ARIN
Since we do have a service region, we require requesters to be operating in the ARIN region.
understandable, though not clearly more than maintaining geo monopoly, of little real benefit to the internet.
and to announce the least-specific in the region
and what is the utility of telling me which part of the prefix to announce were? as i said, you are telling me what my routing policy should be. foad. randy
On Nov 22, 2013, at 12:09 AM, Randy Bush <randy@psg.com> wrote:
and to announce the least-specific in the region
and what is the utility of telling me which part of the prefix to announce were?
No idea (feel free to go read the archives of the discussion if you're curious), and in any case unrelated to the question asked about being able to route the address space outside the region, which is "yes" in ARIN's case. Thanks! /John
Hi John. I've recently been asked some questions about IPv6 allocations. So I went back and reviewed the current ARIN NRPM. John Curran <jcurran@arin.net> writes:
Since we do have a service region, we require requesters to be operating in the ARINregion and to announce the least-specific in the region, but nothing precludes announcement of same or more specifics from outside the region. <https://www.arin.net/participate/meetings/reports/ARIN_31/PDF/monday/nobile_policy.pdf>
FWIW, I couldn't find any mention of announcements in the NRPM, other than in the context of multihoming. So, where exactly does the above requirement about announcements come from? Also, if one is required to announce the full prefix within ARIN, doesn't that imply one can't get an allocation for private use where there is no intention to announce publically? Finally, there does not seem to be much clarity in the term "operating in the ARIN region". Consider a global entity that effectively operates in multiple, if not all regions. Let's assume their primary or legal home is within the ARIN region. Is that enough? Apparently not entirely. I've been told that when providing justification for obtaining IPv6 address space, ARIN only counts usage within the ARIN region. That implies multi-nationals are expected to go to multiple RIRs, and get fragmented address space, something I thought RIR addressing policies were supposed to discourage. Do I understand ARIN policies correctly? And do other RIRs do the same? I.e., do the collective RIR policies really say multi-nationals need to go to each RIR to get the address space they need, rather than going to one, and getting a single aggregate? Thomas
Hi John.
I've recently been asked some questions about IPv6 allocations. So I went back and reviewed the current ARIN NRPM.
John Curran <jcurran@arin.net> writes:
Since we do have a service region, we require requesters to be operating in the ARINregion and to announce the least-specific in the region, but nothing precludes announcement of same or more specifics from outside the region. <https://www.arin.net/participate/meetings/reports/ARIN_31/PDF/monday/nobile_policy.pdf>
FWIW, I couldn't find any mention of announcements in the NRPM, other than in the context of multihoming. So, where exactly does the above requirement about announcements come from?
Also, if one is required to announce the full prefix within ARIN, doesn't that imply one can't get an allocation for private use where there is no intention to announce publically?
Finally, there does not seem to be much clarity in the term "operating in the ARIN region". Consider a global entity that effectively operates in multiple, if not all regions. Let's assume their primary or legal home is within the ARIN region. Is that enough? Apparently not entirely. I've been told that when providing justification for obtaining IPv6 address space, ARIN only counts usage within the ARIN region. That implies multi-nationals are expected to go to multiple RIRs, and get fragmented address space, something I thought RIR addressing policies were supposed to discourage.
Do I understand ARIN policies correctly?
And do other RIRs do the same? I.e., do the collective RIR policies really say multi-nationals need to go to each RIR to get the address space they need, rather than going to one, and getting a single aggregate?
Thomas
thomas, you must be misunderstanding something. for many years, arin has said that they have nothing to do with routing. randy
On Jan 6, 2014, at 2:33 PM, Thomas Narten <narten@us.ibm.com> wrote:
Hi John.
I've recently been asked some questions about IPv6 allocations. So I went back and reviewed the current ARIN NRPM.
John Curran <jcurran@arin.net> writes:
Since we do have a service region, we require requesters to be operating in the ARIN region and to announce the least-specific in the region, but nothing precludes announcement of same or more specifics from outside the region. <https://www.arin.net/participate/meetings/reports/ARIN_31/PDF/monday/nobile_policy.pdf>
FWIW, I couldn't find any mention of announcements in the NRPM, other than in the context of multihoming. So, where exactly does the above requirement about announcements come from?
As noted in the presentation, the current processes are result of ARIN's mission to manage address space in the region and the current lack of a clear definition in the number resource policy manual regarding how that should be interpreted with respect to out of region requestors.
Also, if one is required to announce the full prefix within ARIN, doesn't that imply one can't get an allocation for private use where there is no intention to announce publically?
We do approve requests for private use of IPv6, as long as it is routed on private infrastructure in the region.
Finally, there does not seem to be much clarity in the term "operating in the ARIN region". Consider a global entity that effectively operates in multiple, if not all regions. Let's assume their primary or legal home is within the ARIN region. Is that enough?
Yes, as long as they have legal presence and intend to use the allocation in the region, it's fine; the fact that some of it may be used outside the region does not prevent allocation.
Apparently not entirely. I've been told that when providing justification for obtaining IPv6 address space, ARIN only counts usage within the ARIN region. That implies multi-nationals are expected to go to multiple RIRs, and get fragmented address space, something I thought RIR addressing policies were supposed to discourage.
Correct, they can receive an IPv6 allocation, but it may be smaller than expected if they aren't going to route it all in the ARIN region. We consider global infrastructure and customers as long as a route covering the whole block originates somewhere within the ARIN region in any fashion - publicly, on an extranet, privately, etc. Note that we actually discussed many of these issues with the ARIN community as a result of the presentation you referenced, and this led to Draft Policy ARIN-2013-6 "Allocation of IPv4 and IPv6 Address Space to Out-of-region Requestors" <https://www.arin.net/policy/proposals/2013_6.html>, which was discussed at length and then abandoned. Absent more specific guidance from the community either way on these sorts of issues, we continue to operate as described above. If you are aware of anyone who has had difficulty receiving an IPv6 allocation as a result, please feel free to direct them to me. Thanks! /John John Curran President and CEO ARIN
John Curran <jcurran@arin.net> writes:
Also, if one is required to announce the full prefix within ARIN, doesn't that imply one can't get an allocation for private use where there is no intention to announce publically?
We do approve requests for private use of IPv6, as long as it is routed on private infrastructure in the region.
Finally, there does not seem to be much clarity in the term "operating in the ARIN region". Consider a global entity that effectively operates in multiple, if not all regions. Let's assume their primary or legal home is within the ARIN region. Is that enough?
Yes, as long as they have legal presence and intend to use the allocation in the region, it's fine; the fact that some of it may be used outside the region does not prevent allocation.
What does "use the allocation within the region" really mean? If one addresses devices that physically reside outside of the region, but also routes to those devices from within the region, does that count? This is the key question. You say the "the fact that some of it may be used outside the region does not prevent allocation." suggests that if some of the devices are outside of the region, that is OK. But that then does mean that requestors should be able to justify space based on a combination of customers that reside "inside" and "outside" the region. My understanding is that in fact ARIN does not count (in justifications) addresses that will be used on devices outside of the region, which would seem to contradict your statement. Is it in fact that justifications can include equipment that will be located outside of ARIN's region, or is it actually that all of the addresses must be used by customers/equipment within the region?
Apparently not entirely. I've been told that when providing justification for obtaining IPv6 address space, ARIN only counts usage within the ARIN region. That implies multi-nationals are expected to go to multiple RIRs, and get fragmented address space, something I thought RIR addressing policies were supposed to discourage.
Correct, they can receive an IPv6 allocation, but it may be smaller than expected if they aren't going to route it all in the ARIN region. We consider global infrastructure and customers as long as a route covering the whole block originates somewhere within the ARIN region in any fashion - publicly, on an extranet, privately, etc.
I don't follow this. If a multi-national has customers spread all across the world, and uses a single prefix to cover them all, and uses that prefix within ARIN's region (e.g., by advertising the aggregate from within the region), is that enough to satisfy ARIN's requirement that they "route it all in the ARIN region?
Note that we actually discussed many of these issues with the ARIN community as a result of the presentation you referenced, and this led to Draft Policy ARIN-2013-6 "Allocation of IPv4 and IPv6 Address Space to Out-of-region Requestors" <https://www.arin.net/policy/proposals/2013_6.html>, which was discussed at length and then abandoned. Absent more specific guidance from the community either way on these sorts of issues, we continue to operate as described above. If you are aware of anyone who has had difficulty receiving an IPv6 allocation as a result, please feel free to direct them to me.
I am raising these questions precisely because I have been made aware of such a situation and have been asked if I can share light on what is supposed to happen in such cases. Thomas
On Jan 7, 2014, at 6:21 AM, Thomas Narten <narten@us.ibm.com> wrote:
What does "use the allocation within the region" really mean?
If one addresses devices that physically reside outside of the region, but also routes to those devices from within the region, does that count? This is the key question.
Yes.
You say the "the fact that some of it may be used outside the region does not prevent allocation." suggests that if some of the devices are outside of the region, that is OK. But that then does mean that requestors should be able to justify space based on a combination of customers that reside "inside" and "outside" the region.
Yes.
My understanding is that in fact ARIN does not count (in justifications) addresses that will be used on devices outside of the region, which would seem to contradict your statement.
Is it in fact that justifications can include equipment that will be located outside of ARIN's region, or is it actually that all of the addresses must be used by customers/equipment within the region?
There must be some customers/equipment in the region, but it does not need to be all of them.
I don't follow this. If a multi-national has customers spread all across the world, and uses a single prefix to cover them all, and uses that prefix within ARIN's region (e.g., by advertising the aggregate from within the region), is that enough to satisfy ARIN's requirement that they "route it all in the ARIN region?
Yes.
I am raising these questions precisely because I have been made aware of such a situation and have been asked if I can share light on what is supposed to happen in such cases.
Good to know - If you have them contact me or send me the ticket number, I can fairly quickly find out the disconnect. Thanks! /John John Curran President and CEO ARIN
On Nov 21, 2013, at 9:41 PM, Randy Bush <randy@psg.com> wrote:
could someone point me to the RIPE policy which says that if you're assigned address resources from the RIPE NCC, that they cannot be announced from outside the RIPE NCC service region?
null set.
+1
what a ridiculous idea. only arin would think of such undeployable st00pidity
Actually, in practice, I believe both AfriNIC and LACNIC (and not ARIN) require requesters to assert, at least during request time, they will be using the address space allocated from the respective RIR free pools in-region. This has proven to be a bit problematic as this practice appears to be encouraging folks who cannot get address space in their region because their RIR has run out of address space to obtain address space from the ARIN region, thereby increasing the consumption rate from ARIN (not to mention potentially providing folks in AfriNIC/LACNIC with a false sense of IPv4 sufficiency that may decrease pressure for IPv6 deployment in those regions). Regards, -drc
Actually, in practice, I believe both AfriNIC and LACNIC (and not ARIN) require requesters to assert, at least during request time, they will be using the address space allocated from the respective RIR free pools in-region.
if you believe in the regional monopoly koolaid, then one can make a case for getting space from a region in which one operates. and i can even see an expectation that it will be used in that region, though not solely in that region. and not with an anyone saying what routing announcements one can make where. [ i do not want to get into silly corner case examples ] randy
On 22/11/2013 13:27, Randy Bush wrote:
Actually, in practice, I believe both AfriNIC and LACNIC (and not ARIN) require requesters to assert, at least during request time, they will be using the address space allocated from the respective RIR free pools in-region. if you believe in the regional monopoly koolaid, then one can make a case for getting space from a region in which one operates. and i can even see an expectation that it will be used in that region, though not solely in that region. and not with an anyone saying what routing announcements one can make where.
I am reasonably certain that to answer Nick's original question: there is an assumption that RIPE NCC members will be operating in the RIPE NCC service region but that there are no strictures on where they announce prefixes or what size, colour or creed such prefixes should be. From a purely pragmatic point of view this would be a nightmare to police and I can do without any further nightmares. Nigel
* Nick Hilliard <nick@inex.ie> [2013-11-21 22:36]:
Apropos of, oh I don't know, the weather or the phase of the moon or something, could someone point me to the RIPE policy which says that if you're assigned address resources from the RIPE NCC, that they cannot be announced from outside the RIPE NCC service region?
Hi, the way I understood it is that the LIR company has to be in the RIPE region but where you announce your prefixes is your decision. I requested an AS&PA explicitly for announcement in asia without any problems. Regards Sebastian -- GPG Key: 0x93A0B9CE (F4F6 B1A3 866B 26E9 450A 9D82 58A2 D94A 93A0 B9CE) 'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE SCYTHE. -- Terry Pratchett, The Fifth Elephant
participants (10)
-
David Conrad -
Elvis Daniel Velea -
Erik Bais -
John Curran -
Nick Hilliard -
Nigel Titley -
Randy Bush -
Rob Evans -
Sebastian Wiesinger -
Thomas Narten