IPv4 and ASN Policy draft on-line Enterprise & full IR policy doc
All, I would like to ask for advice and comment, and suggest it Is probably time for a discussion about the differences in operations of the two types LIR's, i.e. with the status of "enterprise" and "full". The current RIPE NCC documentation offers conflicting or no advice - I cannot find any specific enterprise registry instructions / guidance, except for the line "....large international Enterprises can also operate Local IRs". I would expect to see something in either Ripe 212 (Guidelines for Setting up a Local Internet Registry) or Ripe 185 (European Internet Registry Policies and Procedures). Given that IPv4 and ASN policy document is now under review I think that this is a good time to raise this issue again, and hopefully get something agreed in writing. Therefore I am specifically looking for "Enterprise Registry Assignment Policy instructions". I'll try briefly to give the background and a flavour of the issues. As a large company we operate several LIR's: 1. A public Internet Service with a large allocation (many /16) 2. Several small LIR's - product / site / country / subsidiary specific. 3. A large enterprise Registry (several Ripe /16 with both PI and PA ranges and historic UK address space originally assigned by ARIN) These registries are not all necessarily managed by the same teams nor do they all necessarily have specific interfaces with each other. The internet connectivity for them all is not via the same ISP, but the enterprise registry (3) does route via the Public Internet Service ISP (1). For an enterprise registry, assignment window size is irrelevant because all address space used will be assigned within the company "owning" the registry. Therefore a RIPE 141/219 is required for every assignment (this is policy for normal registries using addresses for their own infrastructure). Consider the scenario where an enterprise registry is allocated a block of addresses that it will only ever assign to its own company, and that the enterprise registry advertises & routes the whole block and assigns subnets from it to departments within the company where required. For all practical purposes all of these addresses are used by and assigned to the same place. In our case, problems involving the daily recovery/reassignment of subnets was overcome by agreeing a large corporate assignment window with the hostmaster and by keeping the number of addresses assigned to departments / groups / projects within that number -and then asking for an assignment increase where necessary. But what can an enterprise registry's addresses be used for? * its own company infrastructure * server farms and web hosting ( thus being used indirectly by customers of the registry's company), and * various other uses - but not onward assignment to "paying" customers. Following several previous discussions between myself, my colleagues and with various RIPE NCC hostmasters it has been agreed that RIPE NCC will now allow us to transfer "experimental" addresses (obtained from our enterprise Registry), which are used by a department within the company, into "commercial" status - when the service offering changes from experimental to commercial. This means that systems using these addresses do not have to renumber to the range assigned by the public ISP. Therefore I would like to see this policy formalised within RIPE NCC documentation. And my next question is: If this department splits from the original company and becomes a separate entity, what happens to the addresses space it uses? There are several possibilities: 1. Migrate from the enterprise registry to the public ISP or another ISP (over a reasonable time period - but this could involve considerable pain/cost), or 2. Continue to use the enterprise registry address space, and then the "enterprise" registry converts to a "full" registry, but what are the implications? or 3. Split the enterprise registry into 2 (not contiguous ranges) and create another LIR. regards kevin
Dear Kevin, Enterprise LIRs are treated the same way as any other LIRs. There are no special policies or procedures that only apply to Enterprise LIRs. There are also no specific guidelines for Enterprise LIRs for this reason. The issue you raise about Assignment Windows for organisations that only assign to their own infrastructure has been raised in the past in the lir-wg. As you point out, this does not only affect Enterprise LIRs but any LIR that makes assignments to its own infrastructure (cable providers are an example of this). We have discussed this issue together with the lir-wg chair (Hans Petter Holen) and we are looking to find a solution that would meet this need. I believe this will be discussed at the upcoming RIPE 40 meeting. In the scenario that you describe where part of your organisation is assigning address space to another entity, you are more or less free to choose for any of the options that you describe. There are no guidelines or policies on this, but depends on your needs and future plans. To further discuss a solution that suits your needs, and for any other unresolved issues in your particular case, please write to <lir-help@ripe.net>. Kind regards, Nurani Nimpuno *--------------------------------------------------------* | Nurani Nimpuno <nurani@ripe.net> | | Internet Address Policy Manager | | RIPE Network Co-ordination Centre | | http://www.ripe.net | *--------------------------------------------------------* kevin.bates@bt.com writes: * All, * * I would like to ask for advice and comment, and suggest it Is probably time * for a discussion about the differences in operations of the two types LIR's, * i.e. with the status of "enterprise" and "full". * * The current RIPE NCC documentation offers conflicting or no advice - I * cannot find any specific enterprise registry instructions / guidance, except * for the line "....large international Enterprises can also operate Local * IRs". * * I would expect to see something in either Ripe 212 (Guidelines for Setting * up a Local Internet Registry) or Ripe 185 (European Internet Registry * Policies and Procedures). * * Given that IPv4 and ASN policy document is now under review I think that * this is a good time to raise this issue again, and hopefully get something * agreed in writing. * * Therefore I am specifically looking for "Enterprise Registry Assignment * Policy instructions". * * I'll try briefly to give the background and a flavour of the issues. * * As a large company we operate several LIR's: * 1. A public Internet Service with a large allocation (many /16) * 2. Several small LIR's - product / site / country / subsidiary * specific. * 3. A large enterprise Registry (several Ripe /16 with both PI and PA * ranges and historic UK address space originally assigned by ARIN) * * These registries are not all necessarily managed by the same teams nor do * they all necessarily have specific interfaces with each other. The internet * connectivity for them all is not via the same ISP, but the enterprise * registry (3) does route via the Public Internet Service ISP (1). * * For an enterprise registry, assignment window size is irrelevant because all * address space used will be assigned within the company "owning" the * registry. Therefore a RIPE 141/219 is required for every assignment (this is * policy for normal registries using addresses for their own infrastructure). * Consider the scenario where an enterprise registry is allocated a block of * addresses that it will only ever assign to its own company, and that the * enterprise registry advertises & routes the whole block and assigns subnets * from it to departments within the company where required. For all practical * purposes all of these addresses are used by and assigned to the same place. * * In our case, problems involving the daily recovery/reassignment of subnets * was overcome by agreeing a large corporate assignment window with the * hostmaster and by keeping the number of addresses assigned to departments / * groups / projects within that number -and then asking for an assignment * increase where necessary. * * But what can an enterprise registry's addresses be used for? * * its own company infrastructure * * server farms and web hosting ( thus being used indirectly by * customers of the registry's company), and * * various other uses - but not onward assignment to "paying" * customers. * * Following several previous discussions between myself, my colleagues and * with various RIPE NCC hostmasters it has been agreed that * RIPE NCC will now allow us to transfer "experimental" addresses (obtained * from our enterprise Registry), which are used by a department within the * company, into "commercial" status - when the service offering changes from * experimental to commercial. This means that systems using these addresses do * not have to renumber to the range assigned by the public ISP. * Therefore I would like to see this policy formalised within RIPE NCC * documentation. * * And my next question is: * * If this department splits from the original company and becomes a separate * entity, what happens to the addresses space it uses? * There are several possibilities: * 1. Migrate from the enterprise registry to the public ISP or another * ISP (over a reasonable time period - but this could involve considerable * pain/cost), or * 2. Continue to use the enterprise registry address space, and then the * "enterprise" registry converts to a "full" registry, but what are the * implications? or * 3. Split the enterprise registry into 2 (not contiguous ranges) and * create another LIR. * * * regards * kevin * *
The issue you raise about Assignment Windows for organisations that only assign to their own infrastructure has been raised in the past in the lir-wg. As you point out, this does not only affect Enterprise LIRs but any LIR that makes assignments to its own infrastructure (cable providers are an example of this). We have discussed this issue together with the lir-wg chair (Hans Petter Holen) and we are looking to find a solution that would meet this need. I believe this will be discussed at the upcoming RIPE 40 meeting.
It was my understanding that the RIPE NCC was tasked at RIPE-39 with preparing and posting a policy proposal for the incorporation of AWs for infrastructure assignments. Can we please see this proposal? This issue has been discussed at every RIPE meeting over the past year. To my recollection, there has never been any vocal dissent by the LIR-WG constituency over this issue. /david *--------------------------------* | Global Crossing API | | Manager, Global IP Addressing | | (703) 627-5800 | | huberman@gblx.net | *--------------------------------*
Dear David & lir-wg, My appologies for not posting this earlier, but I have been busy changing jobs. Here is the status on this action from my slides at RIPE 39: 36.5 Assignment window applied on infrastructure An LIR may request a separate assignment window for assignments to its own infrastructure (IIAW Incremental Infrastructure Assignment window). Such an assignment window should apply to the incremental assignment. Do we want the IIAW to be reviewed annualy ? Or should we keep it as it is because LIRs realy can't be trusted in assigning addresses to themselves and we should always have a second opinion. TO be further discussed on lir-wg: .2-4 week discussion .Call for consensus .Forward to RIPE NCC for implementation So far there have been no concrete proposals on how to do this. Some background: RIPE 185 3.7 reads: http://www.ripe.net/ripe/docs/ir-policies-procedures.html#toc39 (...) To assure the conservation, aggregation, and registration goals are met, we must be sure the assignment criteria and procedures are properly applied. In general, this means that Local IRs with little or no experience should receive maximal support in the assignment process, whereas Local IRs with more experience should be allowed to make most assignments without consulting the RIPE NCC. Large assignments always require prior approval because of their impact on the available address space. (...) The assignment window is not only applied to individual assignments, but to multiple assignments to the same end user in a 12 month period If a Local IR makes more than one assignment to an organisation in any 12 month period, the total amount of address space assigned may not exceed the Local IR's assignment window. This also applies to address space used by the Registry for their internal network. Additional address space can only be assigned to that organisation after approval by the RIPE NCC. Problem: Since this applies to address space used by the registry for their internal network, a registry that mainly assignes addresses to its own infrastructure will never qualify for an assignment window. Proposed solution: Change the wording to: This does not apply to address space used by the registry for their internal netowork. On the registrys internal network the asssignment window applies to the individual assignment. In this way the registry can make assignments to its own infrastructure when needed. When the registry has convinced the RIPE NCC that the "assignment criteria and procedures are properly applied. " The registry will get an assignment window, and since the assignment window applies to individual assignment the registry can grow its own network in a timely fashion. If the RIPE NCC feels that a registry is misusing this mechanism the RIPE NCC already have the mechanism of an audit in place, and should be able to uncover improper interpretation of the policy. Sincerely, --- Hans Petter Holen, Technical Manager Tiscali, Norway, +47 24 11 26 44 mobile: +47 99 21 76 70 fax:+47 24 11 24 11
participants (4)
-
David R Huberman
-
Hans Petter Holen
-
kevin.bates@bt.com
-
Nurani Nimpuno