Re: Important New Requirement for IPv4 Requests
Rich Kulawiec wrote:
If the effort that will go into administering this went instead into reclaiming IPv4 space that's obviously hijacked and/or being used by abusive operations, we'd all benefit.
But they can't do that without impacting revenue. In order to continue charging fees that are wholly out of proportion to their cost ARIN must: A) ignore all the unneeded legacy /16 allocations, even those owned by organizations with fewer than 300 employees (like net.com) who could easily get by with a /24 B) do nothing while IPv6 languishes due to the absence of a standard for one-to-many NAT and NAPT for v6 and v4/v6 C) periodically raise fees and implement minimal measures like requiring someone to sign a statement of need, so they can at least appear to have been proactive when the impacts of this artificial shortage really begin to impact communications Bottom line: it's about the money. Money and short-term self-interest, same as is causing havoc in other sectors of the economy. Nothing new here. IMO, Roger Marquis
On Apr 21, 2009, at 11:19 AM, Roger Marquis wrote:
Rich Kulawiec wrote:
If the effort that will go into administering this went instead into reclaiming IPv4 space that's obviously hijacked and/or being used by abusive operations, we'd all benefit.
But they can't do that without impacting revenue. In order to continue charging fees that are wholly out of proportion to their cost ARIN must:
A) ignore all the unneeded legacy /16 allocations, even those owned by organizations with fewer than 300 employees (like net.com) who could easily get by with a /24
B) do nothing while IPv6 languishes due to the absence of a standard for one-to-many NAT and NAPT for v6 and v4/v6
C) periodically raise fees and implement minimal measures like requiring someone to sign a statement of need, so they can at least appear to have been proactive when the impacts of this artificial shortage really begin to impact communications
Bottom line: it's about the money. Money and short-term self- interest, same as is causing havoc in other sectors of the economy. Nothing new here.
Roger - A few nits: A) ARIN's not ignoring unneeded legacy allocations, but can't take action without the Internet community first making some policy on what action should be taken... Please get together with folks of similar mind either via PPML or via Public Policy meeting at the the Open Policy Bof, and then propose a policy accordingly. B) Technical standards for NAT & NAPT are the IETF's job, not ARIN's. C) We've routinely lowered fees since inception, not raised them. Thanks, /John John Curran Acting CEO ARIN
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Apr 21, 2009, at 11:01 AM, John Curran wrote:
C) We've routinely lowered fees since inception, not raised them.
Well I'm not sure what your definitely of "routinely" is, but we've not seen in decrease in our fees any time in the past 8 years. Chris - ------------------------------------------------------------------------------ Chris Owen - Garden City (620) 275-1900 - Lottery (noun): President - Wichita (316) 858-3000 - A stupidity tax Hubris Communications Inc www.hubris.net - ------------------------------------------------------------------------------ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Darwin) Comment: Public Key: http://home.hubris.net/owenc/pgpkey.txt Comment: Public Key ID: 0xB513D9DD iEYEARECAAYFAknt/dEACgkQElUlCLUT2d1gZgCfeMxGeY2sH2wEzjgqn+l6Ybnh E74An3shoRmt27XCTKUqYNbF8TriwAWG =SY6H -----END PGP SIGNATURE-----
John Curran wrote:
A) ARIN's not ignoring unneeded legacy allocations, but can't take action without the Internet community first making some policy on what action should be taken... Please get together with folks of similar mind either via PPML or via Public Policy meeting at the the Open Policy Bof, and then propose a policy accordingly.
Thanks for the reply John, but PPML has not worked to-date. Too many legacy interests willing and able to veto any such attempt at a sustainable netblock return policy. Not sure how us folks, of a similar mind as it were, would be able to change that equation. IMO this change has to come from the top down. Towards that goal can you give us any hint as to how to effect that?
B) Technical standards for NAT & NAPT are the IETF's job, not ARIN's.
Too true, but no reason ARIN could not be taking a more active role. This is after all, in ARIN's best interest, not the IETF's.
C) We've routinely lowered fees since inception, not raised them.
Not raised since they were raised, granted. Not raised for large unnecessary allocations either. Is that the job of the PPML as well? What telecommunications consumers need here is leadership and direction. What we see is, well, not what we are looking for. Roger Marquis
On Apr 21, 2009, at 10:36 AM, Roger Marquis wrote:
John Curran wrote:
A) ARIN's not ignoring unneeded legacy allocations, but can't take action without the Internet community first making some policy on what action should be taken... Please get together with folks of similar mind either via PPML or via Public Policy meeting at the the Open Policy Bof, and then propose a policy accordingly.
Thanks for the reply John, but PPML has not worked to-date. Too many legacy interests willing and able to veto any such attempt at a sustainable netblock return policy. Not sure how us folks, of a similar mind as it were, would be able to change that equation. IMO this change has to come from the top down. Towards that goal can you give us any hint as to how to effect that?
At this point, the community consists of far more non-legacy holders than legacy holders. Additionally, nobody has "VETO" power other than the ARIN Board as a body in the policy development process. As such, I don't think that your argument quite fits the situation. If folks of a similar mind are able to put a policy proposal together and submit it to policy@arin.net (there's a template on the ARIN web site), it will receive the same treatment as any other policy proposal. How the community as a whole reacts to the proposal is another matter, but, if a substantial majority of the community feels the policy proposal is a good one, then, it should be possible to obtain consensus. If that's not the case, then, I'm not sure how you can justify implementing such a policy contrary to the consensus of the community. I hope there is no way to effect a top-down policy within ARIN since we work very hard to maintain a bottom up policy process. If there is, then, something is very broken. Owen
On Apr 21, 2009, at 10:36 AM, Roger Marquis wrote:
B) Technical standards for NAT & NAPT are the IETF's job, not ARIN's.
Too true, but no reason ARIN could not be taking a more active role. This is after all, in ARIN's best interest, not the IETF's.
There is work happening in the behave wg of the IETF on such. We welcome operator input. http://www.ietf.org/html.charters/behave-charter.html
On Apr 21, 2009, at 10:36 AM, Roger Marquis wrote:
Thanks for the reply John, but PPML has not worked to-date. Too many legacy interests willing and able to veto any such attempt at a sustainable netblock return policy. Not sure how us folks, of a similar mind as it were, would be able to change that equation. IMO this change has to come from the top down. Towards that goal can you give us any hint as to how to effect that?
Let's translate that: There is no consensus in the community who defines goals and objectives for ARIN to do Something. Can you tell me how we can hijack the process and subjugate the community to our will? Roger -- although you'll find I'm no fan of Legacy holders and their "rights", I can't say that I follow your logic on having ARIN just "do something" against the will of the community. -- Jo Rhett Net Consonance : consonant endings by net philanthropy, open source and other randomness
Jo Rhett wrote:
Let's translate that: There is no consensus in the community who defines goals and objectives for ARIN to do Something.
And there is no consensus because the process and/or community has not been capable of the task. Design-by-committee is a problem we are all familiar with. The resolution is to either A) apply direction from outside the committee, B) wait until things get bad enough that they can achieve consensus (if that is an option), or C) wait for a higher authority to step in (as occurred recently when the DOC gave ICANN direction regarding TLDs). Given a choice I'd take plan A. Direction could come from ARIN directors by way of their advocacy, issuing RFCs, offering financial incentives, and a number of other things to speed the process (of reclaiming unused IPs and of incentivizing the IETF). Taking a hands-off position and waiting for consensus to develop, well, that will just lead to B or C. Do you disagree? Are there other options?
Can you tell me how we can hijack the process and subjugate the community to our will?
Would the process survive addresses exhaustion? Roger
I'm not sure if anyone agrees with me, but these responses seem like a big cop out to me. A) If ARIN is so concerned about the potential depletion of v4 resources, they should be taking a more proactive roll in proposing potential solutions and start conversation rather then saying that the users should come up with a proposal which they then get a big vote one. B) Again, while it might be the IETF's "job", shouldn't the group trusted with the management of the IP space at least have a public opinion about these solutions are designed. Ensuring that they are designed is such a way to guarantee maximum adoption of v6 and thus reducing the potential for depletion of v4 space. C) Are ARIN's books open for public inspection? If so, it might be interesting for the group to see where all our money is going, since it's obviously not going to outreach and solution planning. Perhaps it is being spent in a reasonable manner, and the fees are where they need to be to sustain the organizations reasonable operations, but perhaps not. Mr Curran, given the response you've seen from the group, and in particular the argument that most CEO's or Officers of firms will simply sign off on what they IT staff tells them (as they have little to no understanding of the situation), can you explain what exactly you are hoping to achieve by heaping on yet an additional requirement to the already over burdensome process of receiving an IPv4 allocation? Shane Ronan --Opinions contained herein are strictly my own-- On Apr 21, 2009, at 9:01 AM, John Curran wrote:
Roger -
A few nits:
A) ARIN's not ignoring unneeded legacy allocations, but can't take action without the Internet community first making some policy on what action should be taken... Please get together with folks of similar mind either via PPML or via Public Policy meeting at the the Open Policy Bof, and then propose a policy accordingly.
B) Technical standards for NAT & NAPT are the IETF's job, not ARIN's.
C) We've routinely lowered fees since inception, not raised them.
Thanks, /John
John Curran Acting CEO ARIN
Shane Ronan wrote:
C) Are ARIN's books open for public inspection? If so, it might be interesting for the group to see where all our money is going, since it's obviously not going to outreach and solution planning. Perhaps it is being spent in a reasonable manner, and the fees are where they need to be to sustain the organizations reasonable operations, but perhaps not.
A quick search of the website found this: https://www.arin.net/about_us/corp_docs/annual_rprt.html - Kevin
On Tue, Apr 21, 2009 at 4:54 PM, Kevin Loch <kloch@kl.net> wrote:
Shane Ronan wrote:
C) Are ARIN's books open for public inspection? If so, it might be
interesting for the group to see where all our money is going, since it's obviously not going to outreach and solution planning. Perhaps it is being spent in a reasonable manner, and the fees are where they need to be to sustain the organizations reasonable operations, but perhaps not.
A quick search of the website found this:
https://www.arin.net/about_us/corp_docs/annual_rprt.html
- Kevin
More specifically: https://www.arin.net/about_us/corp_docs/annual/2008/ -brandon -- Brandon Galbraith Mobile: 630.400.6992 FNAL: 630.840.2141
Not the annual report, the actual books and records, including details on individual expenses. On Apr 21, 2009, at 2:54 PM, Kevin Loch wrote:
Shane Ronan wrote:
C) Are ARIN's books open for public inspection? If so, it might be interesting for the group to see where all our money is going, since it's obviously not going to outreach and solution planning. Perhaps it is being spent in a reasonable manner, and the fees are where they need to be to sustain the organizations reasonable operations, but perhaps not.
A quick search of the website found this:
https://www.arin.net/about_us/corp_docs/annual_rprt.html
- Kevin
On Apr 21, 2009, at 2:42 PM, Shane Ronan wrote:
Mr Curran, given the response you've seen from the group, and in particular the argument that most CEO's or Officers of firms will simply sign off on what they IT staff tells them (as they have little to no understanding of the situation),
You really should go ask a CEO if he'd sign off on something that he doesn't understand. Really. I can assure you that your impression is wrong, and most CEOs don't prefer to be standing in court defending their actions.
can you explain what exactly you are hoping to achieve by heaping on yet an additional requirement to the already over burdensome process of receiving an IPv4 allocation?
Burdensome? Really? If you have your documentation together it takes about 15 minutes from beginning of the application form until receiving your new allocation. I spend longer on hold any time I deal with any other vendor. -- Jo Rhett Net Consonance : consonant endings by net philanthropy, open source and other randomness
On 22/04/2009, at 7:25 AM, Jo Rhett wrote:
On Apr 21, 2009, at 2:42 PM, Shane Ronan wrote:
Mr Curran, given the response you've seen from the group, and in particular the argument that most CEO's or Officers of firms will simply sign off on what they IT staff tells them (as they have little to no understanding of the situation),
You really should go ask a CEO if he'd sign off on something that he doesn't understand. Really. I can assure you that your impression is wrong, and most CEOs don't prefer to be standing in court defending their actions.
So who's going to have standing to drag them into court over false declarations to ARIN? Will ARIN be suing their members? Not likely. - mark -- Mark Newton Email: newton@internode.com.au (W) Network Engineer Email: newton@atdot.dotat.org (H) Internode Pty Ltd Desk: +61-8-82282999 "Network Man" - Anagram of "Mark Newton" Mobile: +61-416-202-223
You really should go ask a CEO if he'd sign off on something that he doesn't understand. Really. I can assure you that your impression is wrong, and most CEOs don't prefer to be standing in court defending their actions.
Actually, being a CTO of a company, I know that my CEO signs things ALL the time based just on my say so. I don't see how signing a document for ARIN would land them in court, further if he were to go to court, he'd simply say that he relied on the opinions of his technical staff since he does not have the experience or expertise to evaluate it's validity. And as history shows, this is an acceptable answer, it happens all the time in the case of financial filings that others produce for the CEO to sign.
Burdensome? Really? If you have your documentation together it takes about 15 minutes from beginning of the application form until receiving your new allocation. I spend longer on hold any time I deal with any other vendor.
Really, 15 minutes? I applied for a new AS Record recently, presented all the valid documentation, as well as additional documentation in the form of network diagrams, and was asked to explain things that were clearly spelled out in the documents I provided. This entire process took DAYS.
Actually, being a CTO of a company, I know that my CEO signs things ALL the time based just on my say so. I don't see how signing a document for ARIN would land them in court, further if he were to go to court, he'd simply say that he relied on the opinions of his technical staff since he does not have the experience or expertise to evaluate it's validity. And as history shows, this is an acceptable answer, it happens all the time in the case of financial filings that others produce for the CEO to sign.
It didn't work very well for the CEOs of Worldcom, Enron and Tyco, I think that many company officers will ask to see the results of an audit before they sign this document, and they will want the audit to be performed by qualified CPAs. Are your IPv4 records in good enough shape that an accountant will sign off on them? --Michael Dillon
On Fri, Apr 24, 2009 at 01:12:42PM +0100, Michael Dillon wrote:
I think that many company officers will ask to see the results of an audit before they sign this document, and they will want the audit to be performed by qualified CPAs. Are your IPv4 records in good enough shape that an accountant will sign off on them?
My boss (who is an officer of the company within the meaning of the term in the new ARIN requirement) will attest to my employer's next IP assignment (we're an end user with PI space) request to ARIN on nothing but my say-so that it is accurate. He's not a network guy, has no good way of verifying the data himself and won't require some external entity to come audit the request. He might ask me a few questions before signing, but that will be it. If he didn't trust me, he'd have replaced me a long time ago. (For the record, yes, my records are good enough that an accountant would likely sign off on them. But that won't be necessary.) Of course, I haven't been submitting fraudulent requests to ARIN and don't plan to start, so I'm not the target of ARIN's new policy anyway. There are many things the new policy won't stop. It won't stop fraudulent requests where the officer of the company is knowingly in the loop of the fraud (this would include small organizations where the entire network engineering staff is the VP of Enginering). It won't stop fraudulent requests where the requestors are willing to lie to company executives (except in what I expect are relatively rare cases where the executives independantly verify the data before signing off on it). It *will* stop fraudulent requests where the requests are being made by engineers who are (a) willing to lie to ARIN, but (b) not willing to lie to their boss and boss's boss (through however many levels it takes to get to an officer who meets ARIN's requirements). I suspect that's a non-trivial amount of the fraud that is going on. ARIN can't fire anyone. Managers typically don't like to be lied to and might very well fire an engineer caught lying ... many people won't take that sort of chance with their job. (Sure, some will tell their boss the truth and then ask him to lie to ARIN, and some officers will go along with that -- I covered that possibility the previous paragraph -- but no where near all will.) Many of the attacks here against ARIN's policy are centered on the fact that it isn't perfect and there are still lots of ways for fraud to happen. All of those attacks are valid, but they ignore the fact that the policy probably was't intended to stop all fraud, just reduce fraud. I have no data, but my gut tells me it will reduce some fraud. I have no idea how much. -- Brett
I can assure you that based on my own experiences in very large companies that I'd have few issues complying with this new requirement. I like the idea and honestly, ARIN is damned if they do (see this pretty inane thread) and damned if they don't (wait until RIR exhaustion 'day' comes and goes and watch the conspiracy theories as to why ARIN didn't 'do more'). Best, Martin On 4/21/09, Jo Rhett <jrhett@netconsonance.com> wrote:
On Apr 21, 2009, at 2:42 PM, Shane Ronan wrote:
Mr Curran, given the response you've seen from the group, and in particular the argument that most CEO's or Officers of firms will simply sign off on what they IT staff tells them (as they have little to no understanding of the situation),
You really should go ask a CEO if he'd sign off on something that he doesn't understand. Really. I can assure you that your impression is wrong, and most CEOs don't prefer to be standing in court defending their actions.
can you explain what exactly you are hoping to achieve by heaping on yet an additional requirement to the already over burdensome process of receiving an IPv4 allocation?
Burdensome? Really? If you have your documentation together it takes about 15 minutes from beginning of the application form until receiving your new allocation. I spend longer on hold any time I deal with any other vendor.
-- Jo Rhett Net Consonance : consonant endings by net philanthropy, open source and other randomness
-- Martin Hannigan martin@theicelandguy.com p: +16178216079 Power, Network, and Costs Consulting for Iceland Datacenters and Occupants
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Apr 21, 2009, at 4:42 PM, Shane Ronan wrote:
C) Are ARIN's books open for public inspection? If so, it might be interesting for the group to see where all our money is going, since it's obviously not going to outreach and solution planning. Perhaps it is being spent in a reasonable manner, and the fees are where they need to be to sustain the organizations reasonable operations, but perhaps not.
It is a little out of date and not terribly detailed but they did post the 2008 budget at: https://www.arin.net/about_us/corp_docs/budget.html Budget is just over 13M. About 1/2 of that is salaries/benefits (maybe more if you add in 'legal fees'). A couple of interesting notes when looking at it: 12+M divided by the 3300 "members" is just shy of $4,000 per customer. Payroll is $5,707,134 for 47 full time employees. That is an average salary of $121,428 across all employees. Internet Research and Support is $164,500 Travel (which includes travel for board members, etc) is $1,315,349. There is more detail but older data at: https://www.arin.net/about_us/corp_docs/annual/2007_audited_financials.pdf Chris - ------------------------------------------------------------------------------ Chris Owen - Garden City (620) 275-1900 - Lottery (noun): President - Wichita (316) 858-3000 - A stupidity tax Hubris Communications Inc www.hubris.net - ------------------------------------------------------------------------------ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Darwin) Comment: Public Key: http://home.hubris.net/owenc/pgpkey.txt Comment: Public Key ID: 0xB513D9DD iEYEARECAAYFAknuQOUACgkQElUlCLUT2d3YDACgswR2sqikAunbbgVdRKrlQBeE a1cAoJPkHf25ZKua73NVEWg0wz+ZYQLY =6Ceo -----END PGP SIGNATURE-----
On Apr 21, 2009, at 2:42 PM, Shane Ronan wrote:
I'm not sure if anyone agrees with me, but these responses seem like a big cop out to me.
A) If ARIN is so concerned about the potential depletion of v4 resources, they should be taking a more proactive roll in proposing potential solutions and start conversation rather then saying that the users should come up with a proposal which they then get a big vote one.
Well... ARIN is structured with a bottom-up community driven policy process. That has served us well for many years, and, I think that changing it would be a mistake. However, in this case, that means that the following people are specifically excluded from proposing policy: The BoT (other than via the emergency process) ARIN Staff Policy proposals must come from the community. Either at large, or, from the ARIN AC which is an elected subgroup of the community tasked with developing good policy for ARIN. The AC itself depends largely on community input for what kind of policy the community wants us to develop, and, at the end of the day, community consensus is required in order for a proposal to become policy.
B) Again, while it might be the IETF's "job", shouldn't the group trusted with the management of the IP space at least have a public opinion about these solutions are designed. Ensuring that they are designed is such a way to guarantee maximum adoption of v6 and thus reducing the potential for depletion of v4 space.
The IETF specifically does not accept organizational input and requires instead that individuals participate. This is one of the great strengths, and, also one of the great weaknesses of the IETF. However, it means that even if ARIN could develop a public opinion (which would have to come from the ARIN community by some process which we don't really have as yet), this opinion wouldn't mean much in the IETF's eyes.
C) Are ARIN's books open for public inspection? If so, it might be interesting for the group to see where all our money is going, since it's obviously not going to outreach and solution planning. Perhaps it is being spent in a reasonable manner, and the fees are where they need to be to sustain the organizations reasonable operations, but perhaps not.
I will leave this to the BoT to answer, but, I know that the treasurer presents a report at every members meeting which provides at least some high level details. I believe that as a non-profit corporation, a great deal of openness is required for accountability to ARIN members.
Mr Curran, given the response you've seen from the group, and in particular the argument that most CEO's or Officers of firms will simply sign off on what they IT staff tells them (as they have little to no understanding of the situation), can you explain what exactly you are hoping to achieve by heaping on yet an additional requirement to the already over burdensome process of receiving an IPv4 allocation?
I can't say what Mr. Curran expects, but, here's how I see it: 1. If an officer of the organization signs off, then, that means that both the organization and the officer personally can be held accountable for any fraud that is later uncovered. If the officer is an idiot, perhaps he'll just sign, but, most officers I have experience with don't do that. They usually engage in some level of verification before signing such a statement. 2. Organizations which are submitting fraudulent requests may be less willing to do that when someone has to make a signed attestation under penalty of perjury. Especially when that person has fiduciary liability to the organization as an officer. 3. There are lots of things people will do if they don't think there are potential consequences. A signed attestation by a corporate officer dramatically reduces the apparent lack of consequences to a fraudulent application. Sure, there will always be criminals and criminals may not be bothered by this signed attestation process. However, having it does give the ARIN legal team a better shot at them as well. I am not a lawyer and these are just my own opinions. Owen
On Apr 21, 2009, at 3:19 PM, Owen DeLong wrote:
Well... ARIN is structured with a bottom-up community driven policy process. That has served us well for many years, and, I think that changing it would be a mistake. However, in this case, that means that the following people are specifically excluded from proposing policy:
The BoT (other than via the emergency process) ARIN Staff
Policy proposals must come from the community. Either at large, or, from the ARIN AC which is an elected subgroup of the community tasked with developing good policy for ARIN. The AC itself depends largely on community input for what kind of policy the community wants us to develop, and, at the end of the day, community consensus is required in order for a proposal to become policy.
It's served us so well that we are running out of IP space and no effective way to migrate to the already existing replacement solution. The argument that it's always been that way, just doesn't cut it. It's the same with all these issues. If ARIN were to hire someone whose job it was to avangelize a workable solution, I am sure you would see individuals willing to come forth and support it and create a consensus. And FYI, there is nothing saying that consensus is required for a proposal to become policy, look at the US government, they make policy every day without consensus. If the situation is as bad as it's being made out to be, then ARIN MUST act in the best interest of the community as a whole.
B) Again, while it might be the IETF's "job", shouldn't the group trusted with the management of the IP space at least have a public opinion about these solutions are designed. Ensuring that they are designed is such a way to guarantee maximum adoption of v6 and thus reducing the potential for depletion of v4 space.
The IETF specifically does not accept organizational input and requires instead that individuals participate. This is one of the great strengths, and, also one of the great weaknesses of the IETF. However, it means that even if ARIN could develop a public opinion (which would have to come from the ARIN community by some process which we don't really have as yet), this opinion wouldn't mean much in the IETF's eyes.
Again, if ARIN were to put out a "best practices" guide, and promote it as a way to push forward IPv6. Instead they are saying "not my problem" and "the guys who are working on it, won't let us play with them"
C) Are ARIN's books open for public inspection? If so, it might be interesting for the group to see where all our money is going, since it's obviously not going to outreach and solution planning. Perhaps it is being spent in a reasonable manner, and the fees are where they need to be to sustain the organizations reasonable operations, but perhaps not.
I will leave this to the BoT to answer, but, I know that the treasurer presents a report at every members meeting which provides at least some high level details. I believe that as a non-profit corporation, a great deal of openness is required for accountability to ARIN members.
Why is travel such a large percentage of their expenses? If people want to be on the board, they should pay for their own travel to the meetings. This is a Not For Profit, not a corporation, big difference.
Mr Curran, given the response you've seen from the group, and in particular the argument that most CEO's or Officers of firms will simply sign off on what they IT staff tells them (as they have little to no understanding of the situation), can you explain what exactly you are hoping to achieve by heaping on yet an additional requirement to the already over burdensome process of receiving an IPv4 allocation?
I can't say what Mr. Curran expects, but, here's how I see it:
1. If an officer of the organization signs off, then, that means that both the organization and the officer personally can be held accountable for any fraud that is later uncovered. If the officer is an idiot, perhaps he'll just sign, but, most officers I have experience with don't do that. They usually engage in some level of verification before signing such a statement.
How do you figure, under what law is this enforceable? Most Officers will simply say to the person asking them to sign it "Is this true" and when they say yes, he'll sign it. The CEO of most corporation does not have the time, experience or expertise to determine if his firm truly needs additional IP Space.
2. Organizations which are submitting fraudulent requests may be less willing to do that when someone has to make a signed attestation under penalty of perjury. Especially when that person has fiduciary liability to the organization as an officer.
Again, what law are they violating? How is this considered perjury?
3. There are lots of things people will do if they don't think there are potential consequences. A signed attestation by a corporate officer dramatically reduces the apparent lack of consequences to a fraudulent application.
Sure, there will always be criminals and criminals may not be bothered by this signed attestation process. However, having it does give the ARIN legal team a better shot at them as well.
Again how does signing an attestation = criminal liability? Maybe civil liability, but certainly not criminal liability.
I am not a lawyer and these are just my own opinions.
Owen
On 22 apr 2009, at 0:19, Owen DeLong wrote:
B) Again, while it might be the IETF's "job", shouldn't the group trusted with the management of the IP space at least have a public opinion about these solutions are designed. Ensuring that they are designed is such a way to guarantee maximum adoption of v6 and thus reducing the potential for depletion of v4 space.
The IETF specifically does not accept organizational input and requires instead that individuals participate.
So how is the RIR model where you become a member and then participate better? If ARIN or the other RIRs have compelling arguments the only reason those arguments are compelling is because of their merit, not because they're from a RIR.
it means that even if ARIN could develop a public opinion (which would have to come from the ARIN community by some process which we don't really have as yet), this opinion wouldn't mean much in the IETF's eyes.
Well, if you, ARIN, or anyone else has input that should be considered when writing with a better specification for an IPv6-IPv4 translator, please let us know. For the past year or so the IETF behave working group has been considering the issue, and looked at a whole bunch of scenarios: from a small IPv6 network to the public IPv4 internet, to private IPv4 addresses, from a small IPv4 network to the public IPv6 internet, to (not entirely) private IPv6 addresses. The IPv6->IPv4 case seems doable with a bunch of caveats (it's still NAT) and we (for some value of "we") want to get it out fast, but the other way around looks much more difficult and will at the very least take longer. The softwire(s?) working group is looking at tunneling IPv4 over IPv6 towards a big "carrier grade NAT" so IPv4 hosts/applications can still work across an IPv6 access network with only one layer of NAT. In v6ops CPE requirements are being discussed so in the future, it should be possible to buy a $50 home router and hook it up to your broadband service or get a cable/DSL modem from your provider and the IPv6 will be routed without requiring backflips from the user. So there is a fair chance that we'll be in good shape for IPv6 deployment before we've used up the remaining 893 million IPv4 addresses.
Iljitsch van Beijnum wrote:
In v6ops CPE requirements are being discussed so in the future, it should be possible to buy a $50 home router and hook it up to your broadband service or get a cable/DSL modem from your provider and the IPv6 will be routed without requiring backflips from the user.
So there is a fair chance that we'll be in good shape for IPv6 deployment before we've used up the remaining 893 million IPv4 addresses.
I think this annoys people more than anything. We're how many years into the development and deployment cycle of IPv6? What development cycle is expected out of these CPE devices after a spec is FINALLY published? If the IETF is talking "future" and developers are also talking "future", us little guys that design, build, and maintain the networks can't really do much. I so hope that vendors get sick of it and just make up their own proprietary methods of doing things. Let the IETF catch up later on. /RANT Jack
On 22 apr 2009, at 22:12, Jack Bates wrote:
I think this annoys people more than anything. We're how many years into the development and deployment cycle of IPv6? What development cycle is expected out of these CPE devices after a spec is FINALLY published?
That's certainly one way to look at this, and I'm just as unhappy about how long this has taken as you. On the other hand, it has been argued that these issues are outside the scope of the IETF in the first place, as it's just application of already established protocols, not developing something new. So another way to look at it is that at least the IETF is finally doing something because so far, nobody else has. What would have helped here is more push in this direction.
If the IETF is talking "future" and developers are also talking "future", us little guys that design, build, and maintain the networks can't really do much. I so hope that vendors get sick of it and just make up their own proprietary methods of doing things. Let the IETF catch up later on.
People who run networks can do a lot: believe it or not, the IETF really wants input from network operators, especially in the early phases of protocol development when the requirements are established. Proprietary methods duking it out in the market place is nice for stuff that happens inside one box or at least within one administrative domain, but it would be a nightmare in broadband deployment where I want my Windows box to talk to my Apple wifi base station and my Motorola cable modem to the ISP's Cisco headend and their Extreme switches and Juniper routers.
Iljitsch van Beijnum wrote:
What would have helped here is more push in this direction.
What really would help is more people who are not on NANOG pushing vendors to support IPv6. Even my Juniper SE has mentioned that I'm one of 2 people he's had seriously pushing for IPv6 features. Other vendors have just blown me off all together (we'll have it sometime).
People who run networks can do a lot: believe it or not, the IETF really wants input from network operators, especially in the early phases of protocol development when the requirements are established.
Serious input and participation means work and money. Too much for me. Doesn't help that when I was a wee one, mom dated someone who bragged about his status in the IETF and even had a pen. Sad way to be introduced to any organization, but I have seen similar mentalities regarding IETF mentioned here reinforcing my belief that arrogance is alive and I don't have the time and money to deal with it.
Proprietary methods duking it out in the market place is nice for stuff that happens inside one box or at least within one administrative domain, but it would be a nightmare in broadband deployment where I want my Windows box to talk to my Apple wifi base station and my Motorola cable modem to the ISP's Cisco headend and their Extreme switches and Juniper routers.
Sure, but the largest missing pieces for IPv6 are single box implementations. Proprietary NAT is single box. Will it break stuff? Probably, but when hasn't it? Corporate networks won't care. They'll deploy the vendor that supports it if that is what they want. BRAS/Aggregation is another single box solution but defines everything about an edge broadband network, supported by the access devices (switches, dslams, wireless ap/backhauls, etc). The layer 3 aware access devices all tend to have their own single box methods of security (DHCP snooping, broadcast scoping, etc, etc). I've seen quite a few systems that can't turn the security support off and break IPv6 because of it. Jack
On 22 apr 2009, at 23:39, Jack Bates wrote:
What really would help is more people who are not on NANOG pushing vendors to support IPv6. Even my Juniper SE has mentioned that I'm one of 2 people he's had seriously pushing for IPv6 features. Other vendors have just blown me off all together (we'll have it sometime).
Right. And I'm also the only one asking for 32-bit AS numbers.
People who run networks can do a lot: believe it or not, the IETF really wants input from network operators, especially in the early phases of protocol development when the requirements are established.
Serious input and participation means work and money.
You can participate on mailinglists without attending meetings, so in that sense it doesn't have to cost money. As an operator, it would make sense to spend a little time in the requirements phase but not after that. So yes, it would take time, but we're not talking about hours a day on an ongoing basis.
Doesn't help that when I was a wee one, mom dated someone who bragged about his status in the IETF
:-)
and even had a pen. Sad way to be introduced to any organization, but I have seen similar mentalities regarding IETF mentioned here reinforcing my belief that arrogance is alive and I don't have the time and money to deal with it.
In any case, if you have input on this whole NAT64 business, let me and/or Fred know. If you have input on anything else, speak up on this list or a NANOG meeting and there's a decent chance that someone will take those comments back to the IETF.
On 23/04/2009, at 8:37 PM, Iljitsch van Beijnum wrote:
On 22 apr 2009, at 23:39, Jack Bates wrote:
Serious input and participation means work and money.
You can participate on mailinglists without attending meetings, so in that sense it doesn't have to cost money. As an operator, it would make sense to spend a little time in the requirements phase but not after that. So yes, it would take time, but we're not talking about hours a day on an ongoing basis.
After trying to participate on mailing lists for about 2 or 3 years, it's pretty hard to get anything done without going to meetings. Just participating in mailing lists is good for keeping up to date, but not so good for getting things changed. That's what I've found, anyway. Might not always be true. -- Nathan Ward
On 23 apr 2009, at 12:23, Nathan Ward wrote:
Just participating in mailing lists is good for keeping up to date, but not so good for getting things changed.
That's what I've found, anyway. Might not always be true.
Depends on the issue. Sometimes bad ideas get traction in the IETF, it's hard to undo that. But there are also times when even a single message containing good arguments can have an effect. Also don't expect too much from IETF participation: if doing X is going to make a vendor more money than doing Y, they're going to favor X, even if Y is the superior solution.
Iljitsch van Beijnum wrote:
Depends on the issue. Sometimes bad ideas get traction in the IETF, it's hard to undo that. ....
That's an understatement.
Also don't expect too much from IETF participation: if doing X is going to make a vendor more money than doing Y, they're going to favor X, even if Y is the superior solution.
Some wag around here re-christened it the IVTF (V stands for Vendor, not Victory). ;-) I haven't bothered to go in years....
On Thu, Apr 23, 2009, William Allen Simpson wrote:
Some wag around here re-christened it the IVTF (V stands for Vendor, not Victory). ;-) I haven't bothered to go in years....
If the people with operational experience stop going, you can't blame the group for being full of vendors. Methinks its time a large cabal of network operators should represent at IETF and make their opinions heard as a collective group. That would be how change is brought about in a participative organisation, no? :) Adrian
On Thu, Apr 23, 2009 at 08:17:07PM +0800, Adrian Chadd wrote:
On Thu, Apr 23, 2009, William Allen Simpson wrote:
Some wag around here re-christened it the IVTF (V stands for Vendor, not Victory). ;-) I haven't bothered to go in years....
If the people with operational experience stop going, you can't blame the group for being full of vendors.
Methinks its time a large cabal of network operators should represent at IETF and make their opinions heard as a collective group. That would be how change is brought about in a participative organisation, no? :)
Adrian
Operator participation in IETF has been a problem for at least 18 years. I remember a fairly large dustup w/ John Curran and Scott Bradner over why the OPS area was so lacking in actual operators at the Columbus IETF. Its never gotten any better. IETF used to be populated by developers and visionaries (grad students with lofty ideas). Once commercialization set in (they graduated and got jobs) their funding sources changed from government grants to salaries. And management took a more active role. the outcome is that vendors now control much of the IETF participation and indirectly control IETF output. just my 0.02 from the cheap seats. --bill
On 23 apr 2009, at 14:17, Adrian Chadd wrote:
Methinks its time a large cabal of network operators should represent at IETF and make their opinions heard as a collective group. That would be how change is brought about in a participative organisation, no? :)
Why don't you start by simpling stating what you want to have happen? So far I've seen a number of messages complaining about the IETF (btw, if you like complaining about the IETF, go to the meetings, there is significant time set aside for that there) but not a single technical request, remark or observation. The IETF works by rough consensus. That means if people disagree, nothing much happens. That is annoying. But a lot of good work gets done when people agree, and a lot of the time good technical arguments help. Like I said, the IETF really wants input from operators. Why not start by giving some?
On Thu, 23 Apr 2009, Nathan Ward wrote:
After trying to participate on mailing lists for about 2 or 3 years, it's pretty hard to get anything done without going to meetings.
Just participating in mailing lists is good for keeping up to date, but not so good for getting things changed.
That's what I've found, anyway. Might not always be true.
If you were to go to meetings, you would realize that it won't help in "gettings things changed" significantly better than active mailing list participation would... :-/ -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
On 24/04/2009, at 12:14 AM, Pekka Savola wrote:
On Thu, 23 Apr 2009, Nathan Ward wrote:
After trying to participate on mailing lists for about 2 or 3 years, it's pretty hard to get anything done without going to meetings.
Just participating in mailing lists is good for keeping up to date, but not so good for getting things changed.
That's what I've found, anyway. Might not always be true.
If you were to go to meetings, you would realize that it won't help in "gettings things changed" significantly better than active mailing list participation would... :-/
I got heaps done in SFO - to the point where I'm happy to pay to get to Stockholm and Hiroshima later this year (I'm self employed, and live at the end of the world, so for me it's harder than most who just have to convince the boss :-). -- Nathan Ward
Ron Bonica is leading a BOF during NANOG46 in Philly which may be of interest - BOF: IETF OPS & MGMT Area, Ron Bonica, Juniper Networks Presentation Date: June 14, 2009, 2:00 PM - 3:30 PM Abstract: The IETF OPS & MGMT Area documents management technologies and operational best common practices. The purpose of this BoF is to review activities in that area and solicit feedback to determine the usefulness of those activities to the operator community. We will also solicit proposals for new work that is of interest to users. The full agenda is up at - http://www.nanog.org/meetings/nanog46/agenda.php Cheers, -ren On Wed, Apr 22, 2009 at 5:18 PM, Iljitsch van Beijnum <iljitsch@muada.com> wrote:
On 22 apr 2009, at 22:12, Jack Bates wrote:
I think this annoys people more than anything. We're how many years into the development and deployment cycle of IPv6? What development cycle is expected out of these CPE devices after a spec is FINALLY published?
That's certainly one way to look at this, and I'm just as unhappy about how long this has taken as you. On the other hand, it has been argued that these issues are outside the scope of the IETF in the first place, as it's just application of already established protocols, not developing something new. So another way to look at it is that at least the IETF is finally doing something because so far, nobody else has. What would have helped here is more push in this direction.
If the IETF is talking "future" and developers are also talking "future", us little guys that design, build, and maintain the networks can't really do much. I so hope that vendors get sick of it and just make up their own proprietary methods of doing things. Let the IETF catch up later on.
People who run networks can do a lot: believe it or not, the IETF really wants input from network operators, especially in the early phases of protocol development when the requirements are established.
Proprietary methods duking it out in the market place is nice for stuff that happens inside one box or at least within one administrative domain, but it would be a nightmare in broadband deployment where I want my Windows box to talk to my Apple wifi base station and my Motorola cable modem to the ISP's Cisco headend and their Extreme switches and Juniper routers.
On 23/04/2009, at 8:12 AM, Jack Bates wrote:
Iljitsch van Beijnum wrote:
In v6ops CPE requirements are being discussed so in the future, it should be possible to buy a $50 home router and hook it up to your broadband service or get a cable/DSL modem from your provider and the IPv6 will be routed without requiring backflips from the user. So there is a fair chance that we'll be in good shape for IPv6 deployment before we've used up the remaining 893 million IPv4 addresses.
I think this annoys people more than anything. We're how many years into the development and deployment cycle of IPv6? What development cycle is expected out of these CPE devices after a spec is FINALLY published?
If the IETF is talking "future" and developers are also talking "future", us little guys that design, build, and maintain the networks can't really do much. I so hope that vendors get sick of it and just make up their own proprietary methods of doing things. Let the IETF catch up later on.
This work is actually mostly being done by some guys at Cisco, and other vendors have plenty of input as well. I would be surprised if CPEs that support the outcome of this work are far behind the RFC being published (or even a late draft). -- Nathan Ward
Jack Bates wrote:
Iljitsch van Beijnum wrote:
In v6ops CPE requirements are being discussed so in the future, it should be possible to buy a $50 home router and hook it up to your broadband service or get a cable/DSL modem from your provider and the IPv6 will be routed without requiring backflips from the user.
So there is a fair chance that we'll be in good shape for IPv6 deployment before we've used up the remaining 893 million IPv4 addresses.
I think this annoys people more than anything. We're how many years into the development and deployment cycle of IPv6? What development cycle is expected out of these CPE devices after a spec is FINALLY published?
ipv6 cpe devices have been / are being developed already. the doesn't mean there isn't more work to be done, in
If the IETF is talking "future" and developers are also talking "future", us little guys that design, build, and maintain the networks can't really do much. I so hope that vendors get sick of it and just make up their own proprietary methods of doing things. Let the IETF catch up later on.
Generally the presumption is that people bring work that they are working on to the table. I work for an equipment vendor, if there's no reason for us to implement something why would would we expend cycles to work on it in the IETF either?
/RANT
Jack
Apologies for a somewhat latent response - I was attending an IPv6 Seminar (of which ARIN was a sponsor) the last two days and am just getting to nanog mail today. On Tue, Apr 21, 2009 at 15:42, Shane Ronan <sronan@fattoc.com> wrote:
I'm not sure if anyone agrees with me, but these responses seem like a big cop out to me.
A) If ARIN is so concerned about the potential depletion of v4 resources, they should be taking a more proactive roll in proposing potential solutions and start conversation rather then saying that the users should come up with a proposal which they then get a big vote one.
"They" is YOU. ARIN policy is created by the community - "Your voice, your community." The statement should read: If [you] are so concerned about the potential depletion of v4 resources, [you] should be taking a more proactive [role] in proposing potential solutions and start[ing] conversation. If you participated in the ARIN PDP (1), even by just lurking on the ppml (2), you would already be aware that many folks have proposed many potential solutions (some of which have already been adopted) and that there _is_ an ongoing conversation that I strongly encourage you to join.
B) Again, while it might be the IETF's "job", shouldn't the group trusted with the management of the IP space at least have a public opinion about these solutions are designed. Ensuring that they are designed is such a way to guarantee maximum adoption of v6 and thus reducing the potential for depletion of v4 space.
I think that developing resource management policy to meet those goals is much more in line with ARINs mandate. As I mentioned above, this is happening.
C) Are ARIN's books open for public inspection? If so, it might be interesting for the group to see where all our money is going, since it's obviously not going to outreach and solution planning. Perhaps it is being spent in a reasonable manner, and the fees are where they need to be to sustain the organizations reasonable operations, but perhaps not.
Links to annual statements etc. have already been provided. I am sure an email to ARIN (3) would help you answer your question further.
Mr Curran, given the response you've seen from the group, and in particular the argument that most CEO's or Officers of firms will simply sign off on what they IT staff tells them (as they have little to no understanding of the situation), can you explain what exactly you are hoping to achieve by heaping on yet an additional requirement to the already over burdensome process of receiving an IPv4 allocation?
I obviously can not speak for Mr. Curran, but I do applaud this effort. I believe that adding this requirement will lower exaggeration and fraud as well as raise awareness. These are both noble goals and well worth the marginal effort required. The argument that most officers will sign anything put in front of them is not very convincing to me. I have a hard time accepting incompetence or laziness as a valid rational for any argument at all really. ~Chris (speaking for myself) (1) - https://www.arin.net/knowledge/pdp/ (2) - https://www.arin.net/participate/mailing_lists/index.html (3) - mailto:info@arin.net
Shane Ronan
--Opinions contained herein are strictly my own--
On Apr 21, 2009, at 9:01 AM, John Curran wrote:
Roger -
A few nits:
A) ARIN's not ignoring unneeded legacy allocations, but can't take action without the Internet community first making some policy on what action should be taken... Please get together with folks of similar mind either via PPML or via Public Policy meeting at the the Open Policy Bof, and then propose a policy accordingly.
B) Technical standards for NAT & NAPT are the IETF's job, not ARIN's.
C) We've routinely lowered fees since inception, not raised them.
Thanks, /John
John Curran Acting CEO ARIN
-- Chris Grundemann weblog.chrisgrundemann.com
Chris Grundemann wrote:
"They" is YOU. ARIN policy is created by the community - "Your voice, your community." ...
If you participated in the ARIN PDP (1)...
Ok, so am I the only one who missed which policy proposal this was that generated the new requirement that an officer sign off on the request for more IPv4 space? I can't find the Policy Proposal number or the Draft Policy ID, but then maybe I'm not looking hard enough. Matthew Kaufman
On Apr 21, 2009, at 8:19 AM, Roger Marquis wrote:
Rich Kulawiec wrote:
If the effort that will go into administering this went instead into reclaiming IPv4 space that's obviously hijacked and/or being used by abusive operations, we'd all benefit. But they can't do that without impacting revenue.
Well, yes, in the sense that pretty much anything an RIR does would impact their revenue one way or another.
In order to continue charging fees that are wholly out of proportion to their cost ARIN must:
A) ignore all the unneeded legacy /16 allocations, even those owned by organizations with fewer than 300 employees (like net.com) who could easily get by with a /24
The term "legacy" here is relevant. Under what agreement would an RIR evaluate an allocation that occurred prior to the existence of the RIR? And when the folks who received legacy space and don't like this upstart RIR nosing around in their business, the legal fees that the RIR incur will cost non-trivial amounts of, well, money.
B) do nothing while IPv6 languishes due to the absence of a standard for one-to-many NAT and NAPT for v6 and v4/v6
So, you'd propose the RIRs become (more) involved in the IETF? But that would cost, you know, money.
C) periodically raise fees and implement minimal measures like requiring someone to sign a statement of need, so they can at least appear to have been proactive when the impacts of this artificial shortage really begin to impact communications
"Artificial"? Heh.
Bottom line: it's about the money.
Well yes, it is _always_ about the money. Regards, -drc
David Conrad wrote:
The term "legacy" here is relevant. Under what agreement would an RIR evaluate an allocation that occurred prior to the existence of the RIR? And when the folks who received legacy space and don't like this upstart RIR nosing around in their business, the legal fees that the RIR incur will cost non-trivial amounts of, well, money.
Good points all. I fully admit to ignorance of how to remedy this and the other valid points raised in defence of the status quo (except by raising the issue when appropriate). Not sure what could be cited as presidence either, except perhaps the transition from feudal landowning aristocracies a few centuries back. Roger Marquis
On Tue, 21 Apr 2009, Roger Marquis wrote:
Not sure what could be cited as presidence either, except perhaps the transition from feudal landowning aristocracies a few centuries back.
Except they weren't pushing to transition people to LANDv6, just fighting to determine who held control of the existing LANDv4 and its resources :) Not that dissimilar from what we're going through today... jms
participants (26)
-
Adrian Chadd
-
bmanning@vacation.karoshi.com
-
Brandon Galbraith
-
Brett Frankenberger
-
Chris Grundemann
-
Chris Owen
-
David Conrad
-
Fred Baker
-
Iljitsch van Beijnum
-
Jack Bates
-
Jo Rhett
-
Joel Jaeggli
-
John Curran
-
Justin M. Streiner
-
Kevin Loch
-
Mark Newton
-
Martin Hannigan
-
Matthew Kaufman
-
Michael Dillon
-
Nathan Ward
-
Owen DeLong
-
Pekka Savola
-
Ren Provo
-
Roger Marquis
-
Shane Ronan
-
William Allen Simpson