Re: Important New Requirement for IPv4 Requests
Randy Bush ra...@psg.com writes: mtu clue is also useful. here on tokyo b-flets, and i would guess in many other ppoe environments, you need to tune or lose big-time. But not difficult to beneficially MiM: in pf: scrub in on gre0 max-mss 1400 scrub out on gre0 max-mss 1400 in cisco-land: ip tcp adjust-mss 1400 i'm sure the linux folks can offer up something similar... -r
RE: Important New Requirement for IPv4 Requests
Default MSS for most linux is 0, which causes the kernel to calculate it as the interface MTU-40bytes. You can either change the MTU on the interface or more specifically use the 'ip route ipblock dev interface advmss new mss' command to update it on a per route basis. ~J -Original Message- From: Robert E. Seastrom [mailto:r...@seastrom.com] Sent: Thursday, April 30, 2009 7:12 AM To: Randy Bush Cc: nanog@nanog.org Subject: Re: Important New Requirement for IPv4 Requests Randy Bush ra...@psg.com writes: mtu clue is also useful. here on tokyo b-flets, and i would guess in many other ppoe environments, you need to tune or lose big-time. But not difficult to beneficially MiM: in pf: scrub in on gre0 max-mss 1400 scrub out on gre0 max-mss 1400 in cisco-land: ip tcp adjust-mss 1400 i'm sure the linux folks can offer up something similar... -r
Re: Important New Requirement for IPv4 Requests [re impacting revenue]
On Fri, Apr 24, 2009 at 01:12:42PM +0100, Michael Dillon wrote: I think that many company officers will ask to see the results of an audit before they sign this document, and they will want the audit to be performed by qualified CPAs. Are your IPv4 records in good enough shape that an accountant will sign off on them? My boss (who is an officer of the company within the meaning of the term in the new ARIN requirement) will attest to my employer's next IP assignment (we're an end user with PI space) request to ARIN on nothing but my say-so that it is accurate. He's not a network guy, has no good way of verifying the data himself and won't require some external entity to come audit the request. He might ask me a few questions before signing, but that will be it. If he didn't trust me, he'd have replaced me a long time ago. (For the record, yes, my records are good enough that an accountant would likely sign off on them. But that won't be necessary.) Of course, I haven't been submitting fraudulent requests to ARIN and don't plan to start, so I'm not the target of ARIN's new policy anyway. There are many things the new policy won't stop. It won't stop fraudulent requests where the officer of the company is knowingly in the loop of the fraud (this would include small organizations where the entire network engineering staff is the VP of Enginering). It won't stop fraudulent requests where the requestors are willing to lie to company executives (except in what I expect are relatively rare cases where the executives independantly verify the data before signing off on it). It *will* stop fraudulent requests where the requests are being made by engineers who are (a) willing to lie to ARIN, but (b) not willing to lie to their boss and boss's boss (through however many levels it takes to get to an officer who meets ARIN's requirements). I suspect that's a non-trivial amount of the fraud that is going on. ARIN can't fire anyone. Managers typically don't like to be lied to and might very well fire an engineer caught lying ... many people won't take that sort of chance with their job. (Sure, some will tell their boss the truth and then ask him to lie to ARIN, and some officers will go along with that -- I covered that possibility the previous paragraph -- but no where near all will.) Many of the attacks here against ARIN's policy are centered on the fact that it isn't perfect and there are still lots of ways for fraud to happen. All of those attacks are valid, but they ignore the fact that the policy probably was't intended to stop all fraud, just reduce fraud. I have no data, but my gut tells me it will reduce some fraud. I have no idea how much. -- Brett
Re: Important New Requirement for IPv4 Requests [re impacting revenue]
I can assure you that based on my own experiences in very large companies that I'd have few issues complying with this new requirement. I like the idea and honestly, ARIN is damned if they do (see this pretty inane thread) and damned if they don't (wait until RIR exhaustion 'day' comes and goes and watch the conspiracy theories as to why ARIN didn't 'do more'). Best, Martin On 4/21/09, Jo Rhett jrh...@netconsonance.com wrote: On Apr 21, 2009, at 2:42 PM, Shane Ronan wrote: Mr Curran, given the response you've seen from the group, and in particular the argument that most CEO's or Officers of firms will simply sign off on what they IT staff tells them (as they have little to no understanding of the situation), You really should go ask a CEO if he'd sign off on something that he doesn't understand. Really. I can assure you that your impression is wrong, and most CEOs don't prefer to be standing in court defending their actions. can you explain what exactly you are hoping to achieve by heaping on yet an additional requirement to the already over burdensome process of receiving an IPv4 allocation? Burdensome? Really? If you have your documentation together it takes about 15 minutes from beginning of the application form until receiving your new allocation. I spend longer on hold any time I deal with any other vendor. -- Jo Rhett Net Consonance : consonant endings by net philanthropy, open source and other randomness -- Martin Hannigan mar...@theicelandguy.com p: +16178216079 Power, Network, and Costs Consulting for Iceland Datacenters and Occupants
Re: Important New Requirement for IPv4 Requests
On Apr 21, 2009, at 5:23 PM, Matthew Palmer wrote: Oh, you lucky, lucky person. We've got a couple of customers at the day job that constantly come back to us for more IP addresses for bandwidth accounting purposes for their colo machine(s). Attempts at education are like talking to a particularly stupid brick wall. And not very effective either, because anything they do to solve the problem another way will likely create the valid need for an external IP. These days, virtual hosting is all virtual machines, so the IP justification is just there anyway. -- Jo Rhett Net Consonance : consonant endings by net philanthropy, open source and other randomness
Re: Important New Requirement for IPv4 Requests
On Apr 21, 2009, at 5:20 PM, Matthew Palmer wrote: Then they come back with a request for IPs for SSL certificates, which is a valid technical justification. BTDT. People will find a way to do the stupid thing they want to do. Most of the stupid people don't, actually. That's the funny thing that surprises me -- just how obviously lame the justifications are, and how they are unable even with direct statements about how to justify the IP space to do so. My god, it's really not hard to build a valid justification for more space than you need -- seriously. But these people just can't pull it off. Likewise, every company with whom I've had to debate the topic has failed within 18 months, so the problem pervades the organization ;-) -- Jo Rhett Net Consonance : consonant endings by net philanthropy, open source and other randomness
Re: Important New Requirement for IPv4 Requests
On Apr 21, 2009, at 6:50 PM, bmann...@vacation.karoshi.com wrote: FTP? Who uses FTP these days? Certainly not consumers. Even Cisco well, pretty much anyone who has large datasets to move around. that default 64k buffer in the openssl libs pretty much sucks rocks for large data flows. Large data sets? So you are saying that 512-byte packets with no windowing work better? Bill, have you measured this? Time to download a 100mb file over HTTP and a 100mb interface: 20 seconds. Time to download a 100mb file over FTP and a 100mb interface: ~7 minutes. And yes, that was FreeBSD with the old version openssl library that shipped with 6.3. -- Jo Rhett Net Consonance : consonant endings by net philanthropy, open source and other randomness
Re: Important New Requirement for IPv4 Requests
Large data sets? So you are saying that 512-byte packets with no windowing work better? Bill, have you measured this? Time to download a 100mb file over HTTP and a 100mb interface: 20 seconds. Time to download a 100mb file over FTP and a 100mb interface: ~7 minutes. And yes, that was FreeBSD with the old version openssl library that shipped with 6.3. As someone who copies large network trace files around a bit, 100MB at 100mb, over what I presume is a local (low latency) link is barely a fair test. Many popular web servers choke on serving files 2GB or 4GB in size (Sigh). I'm in New Zealand. It's usually at least 150ms to anywhere, often 300ms, so I feel the pain of small window sizes in popular encryption programs very strongly. Transferring data over high speed research networks means receive windows of at least 2MB, usually more. When popular programs provide their own window of 64kB, things get very slow.
Re: Important New Requirement for IPv4 Requests
On Wed, Apr 22, 2009 at 10:57:31AM +1000, Matthew Palmer wrote: On Tue, Apr 21, 2009 at 08:24:38PM -0400, Ricky Beam wrote: On Tue, 21 Apr 2009 18:40:30 -0400, Chris Adams cmad...@hiwaay.net wrote: SSL and FTP are techincal justifications for an IP per site. No they aren't. SSL will work just fine as a name-based virtual host with any modern webserver / browser. (Server Name Indication (SNI) [RFC3546, sec 3.1]) I encourage my competitors to do this. You only have to get one noisy curmudgeon who can't get to your customer's SSL website because IE 5.0 has worked fine for them for years to make it a completely losing strategy to try deploying this everywhere. Since you can't predict in advance which sites are going to be accessed by said noisy curmudgeon, you don't bother deploying it anywhere, to be on the safe side. The switch to HTTP requests include a hostname had the same problem, but still did occur; it may take a few years, but doable. Probably too late to save IPv4 addresses; though. By then (I really, really, hope) IPv6 will be mainstream. -- Lionel
Re: NAT64/NAT-PT update in IETF, was: Re: Important New Requirement for IPv4 Requests [reimpacting revenue]
On Apr 23, 2009, at 11:31 AM, Manish Karir wrote: Would there be interest in trying to organize a day long mini-nanog with the ietf in March 2010? The regular nanog mtg is scheduled for Feb 22 2010 so this would have to be an extra meeting. and would require all sorts of help and interest from the ietf to put together. Perhaps the NANOG SC can try to figure out if there is sufficient interest in this and what this should consist of? People probably know this, but just in case... If there is interest in organizing a joint meeting during an IETF, the person to contact with logistical concerns (getting a room or rooms, etc.) would be the IAD, Ray Pelletier, i...@ietf.org; I would also cc the IAOC, i...@ietf.org . To coordinate technical concerns, I would start with either the IETF Chair, Russ Housley, ch...@ietf.org, or the OPS area ADs, Dan Romascanu and Ron Bonica (see http://www.ietf.org/IESGmems.html ). Regards Marshall -manish --- * From: Iljitsch van Beijnum * Date: Thu Apr 23 10:37:12 2009 * List-archive: http://mailman.nanog.org/mailman/nanog * List-help: mailto:nanog-requ...@nanog.org?subject=help * List-id: North American Network Operators Group nanog.nanog.org * List-post: mailto:nanog@nanog.org * List-subscribe: http://mailman.nanog.org/mailman/listinfo/ nanog,mailto:nanog-requ...@nanog.org?subject=subscribe * List-unsubscribe: http://mailman.nanog.org/mailman/listinfo/nanog ,mailto:nanog-requ...@nanog.org?subject=unsubscribe On 23 apr 2009, at 14:17, Adrian Chadd wrote: Methinks its time a large cabal of network operators should represent at IETF and make their opinions heard as a collective group. That would be how change is brought about in a participative organisation, no? :) Why don't you start by simpling stating what you want to have happen? So far I've seen a number of messages complaining about the IETF (btw, if you like complaining about the IETF, go to the meetings, there is significant time set aside for that there) but not a single technical request, remark or observation. The IETF works by rough consensus. That means if people disagree, nothing much happens. That is annoying. But a lot of good work gets done when people agree, and a lot of the time good technical arguments help. Like I said, the IETF really wants input from operators. Why not start by giving some? Regards Marshall Eubanks CEO / AmericaFree.TV
Re: Important New Requirement for IPv4 Requests
Date: Fri, 24 Apr 2009 19:05:26 +1200 From: Perry Lorier pe...@coders.net Large data sets? So you are saying that 512-byte packets with no windowing work better? Bill, have you measured this? Time to download a 100mb file over HTTP and a 100mb interface: 20 seconds. Time to download a 100mb file over FTP and a 100mb interface: ~7 minutes. And yes, that was FreeBSD with the old version openssl library that shipped with 6.3. As someone who copies large network trace files around a bit, 100MB at 100mb, over what I presume is a local (low latency) link is barely a fair test. Many popular web servers choke on serving files 2GB or 4GB in size (Sigh). I'm in New Zealand. It's usually at least 150ms to anywhere, often 300ms, so I feel the pain of small window sizes in popular encryption programs very strongly. Transferring data over high speed research networks means receive windows of at least 2MB, usually more. When popular programs provide their own window of 64kB, things get very slow. Very few people (including some on this list) have much idea of the difficulty in moving large volumes of data between continents, especially between the Pacific (China, NZ, Australia, Japan, ...) and either Europe or North America. Getting TCP bandwidth over about 1Gbps is very difficult. Getting over 5G is nearly impossible. I can get 5Gbps pretty reliably with tuned end systems over a 100 ms. RTT, but that drops to about 2G at 200 ms. A good web site to read a bout getting fast bulk data transfers is: http://fasterdata.es.net It is aimed at DOE and DOE related researchers, but the information is valid for anyone needing to move data on a Terabyte or greater scale over long distances. We move a LOT of data between our facilities at FermiLab in Chicago and Brookhaven in New York and CERN in Europe. A Terabyte is just the opener for that data. Also, if you see anything that needs improvement or correction, please let me know. -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: ober...@es.net Phone: +1 510 486-8634 Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751
RE: Important New Requirement for IPv4 Requests
Of course, sftp and other ssh-based protocols are *still* hamstrung to a maximum of 32k data outstanding due to hardcoded SSH channel window sizes by default for most people, unless you're patching up both your clients and servers. Sadly, this blows ssh out of the water for anything with even modest high-bitrate requirements over moderate-BDP links. - S -Original Message- From: Jo Rhett jrh...@netconsonance.com Sent: Thursday, April 23, 2009 23:27 To: Joe Greco jgr...@ns.sol.net Cc: bmann...@vacation.karoshi.com bmann...@vacation.karoshi.com; nanog@nanog.org nanog@nanog.org Subject: Re: Important New Requirement for IPv4 Requests On Apr 22, 2009, at 7:42 AM, Joe Greco wrote: While HTTP remains popular as a way to interact with humans, especially if you want to try to do redirects, acknowledge license agreements, etc., FTP is the file transfer protocol of choice for basic file transfer Speak for yourself. I haven't used FTP to transfer files in 10 years now. About 7 years ago I turned off FTP support for all of our webhosting clients, and forced them to use SFTP. 3 left, for a net loss of $45/month. And we stopped having to deal with the massive undertaking that supporting FTP properly chrooted and capable of dealing with all parts of the multi-mount web platform required. We've never looked back. Ever once in a while I find someone who's offering a file I want only via FTP, and I chide them and they fix it ;-) -- Jo Rhett Net Consonance : consonant endings by net philanthropy, open source and other randomness
Re: Important New Requirement for IPv4 Requests
From: Skywing skyw...@valhallalegends.com Date: Fri, 24 Apr 2009 10:55:07 -0500 Of course, sftp and other ssh-based protocols are *still* hamstrung to a maximum of 32k data outstanding due to hardcoded SSH channel window sizes by default for most people, unless you're patching up both your clients and servers. Sadly, this blows ssh out of the water for anything with even modest high-bitrate requirements over moderate-BDP links. The HPN patches for OpenSSH are readily available and, at least on FreeBSD, including them is just a single checkbox when you install. That said, I have been told that there is a corner case where a transfer using the HPN patches will lock up. I have never seen it, but that is purported to be the reason that OpenBSD has not accepted the patches for the base OpenSSH software. -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: ober...@es.net Phone: +1 510 486-8634 Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751
RE: Important New Requirement for IPv4 Requests
Keep in mind that you also need to patch your clients for perf improvements bidirectionally. As well as patching locally means you must assume responsibility for custom builds for security fixes on all of your clients and servers. - S -Original Message- From: Kevin Oberman ober...@es.net Sent: Friday, April 24, 2009 13:39 To: Skywing skyw...@valhallalegends.com Cc: Jo Rhett jrh...@netconsonance.com; Joe Greco jgr...@ns.sol.net; bmann...@vacation.karoshi.com bmann...@vacation.karoshi.com; nanog@nanog.org nanog@nanog.org Subject: Re: Important New Requirement for IPv4 Requests From: Skywing skyw...@valhallalegends.com Date: Fri, 24 Apr 2009 10:55:07 -0500 Of course, sftp and other ssh-based protocols are *still* hamstrung to a maximum of 32k data outstanding due to hardcoded SSH channel window sizes by default for most people, unless you're patching up both your clients and servers. Sadly, this blows ssh out of the water for anything with even modest high-bitrate requirements over moderate-BDP links. The HPN patches for OpenSSH are readily available and, at least on FreeBSD, including them is just a single checkbox when you install. That said, I have been told that there is a corner case where a transfer using the HPN patches will lock up. I have never seen it, but that is purported to be the reason that OpenBSD has not accepted the patches for the base OpenSSH software. -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: ober...@es.net Phone: +1 510 486-8634 Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751
Re: Important New Requirement for IPv4 Requests
A good web site to read a bout getting fast bulk data transfers is: http://fasterdata.es.net indeed mtu clue is also useful. here on tokyo b-flets, and i would guess in many other ppoe environments, you need to tune or lose big-time. randy
Re: NAT64/NAT-PT update in IETF, was: Re: Important New Requirement for IPv4 Requests [re impacting revenue]
On 22 apr 2009, at 23:39, Jack Bates wrote: What really would help is more people who are not on NANOG pushing vendors to support IPv6. Even my Juniper SE has mentioned that I'm one of 2 people he's had seriously pushing for IPv6 features. Other vendors have just blown me off all together (we'll have it sometime). Right. And I'm also the only one asking for 32-bit AS numbers. People who run networks can do a lot: believe it or not, the IETF really wants input from network operators, especially in the early phases of protocol development when the requirements are established. Serious input and participation means work and money. You can participate on mailinglists without attending meetings, so in that sense it doesn't have to cost money. As an operator, it would make sense to spend a little time in the requirements phase but not after that. So yes, it would take time, but we're not talking about hours a day on an ongoing basis. Doesn't help that when I was a wee one, mom dated someone who bragged about his status in the IETF :-) and even had a pen. Sad way to be introduced to any organization, but I have seen similar mentalities regarding IETF mentioned here reinforcing my belief that arrogance is alive and I don't have the time and money to deal with it. In any case, if you have input on this whole NAT64 business, let me and/or Fred know. If you have input on anything else, speak up on this list or a NANOG meeting and there's a decent chance that someone will take those comments back to the IETF.
Re: NAT64/NAT-PT update in IETF, was: Re: Important New Requirement for IPv4 Requests [re impacting revenue]
On 23 apr 2009, at 12:23, Nathan Ward wrote: Just participating in mailing lists is good for keeping up to date, but not so good for getting things changed. That's what I've found, anyway. Might not always be true. Depends on the issue. Sometimes bad ideas get traction in the IETF, it's hard to undo that. But there are also times when even a single message containing good arguments can have an effect. Also don't expect too much from IETF participation: if doing X is going to make a vendor more money than doing Y, they're going to favor X, even if Y is the superior solution.
Re: Important New Requirement for IPv4 Requests
It appears that ARIN wants to raise the IP addressing space issue to the CxO level -- if it was interested in honesty, ARIN would have required a notarized statement by the person submitting the request. No. Those are two entirely different problems. A notary signs only that the person in front of them has been checked to be who they say they are. That's authentication. A Notary cannot attest that what is on the document is valid. Actually, a notary can administer oaths, and the requirement from ARIN ought to require an attestation of the accuracy of the data submitted under oath or affirmation if we're going to go down that route. http://www.commonwealth.virginia.gov/OfficialDocuments/Notary/2008NotaryHandBook.pdf -r
Re: NAT64/NAT-PT update in IETF, was: Re: Important New Requirement for IPv4 Requests [re impacting revenue]
Iljitsch van Beijnum wrote: Depends on the issue. Sometimes bad ideas get traction in the IETF, it's hard to undo that. That's an understatement. Also don't expect too much from IETF participation: if doing X is going to make a vendor more money than doing Y, they're going to favor X, even if Y is the superior solution. Some wag around here re-christened it the IVTF (V stands for Vendor, not Victory). ;-) I haven't bothered to go in years
Re: NAT64/NAT-PT update in IETF, was: Re: Important New Requirement for IPv4 Requests [re impacting revenue]
On Thu, 23 Apr 2009, Nathan Ward wrote: After trying to participate on mailing lists for about 2 or 3 years, it's pretty hard to get anything done without going to meetings. Just participating in mailing lists is good for keeping up to date, but not so good for getting things changed. That's what I've found, anyway. Might not always be true. If you were to go to meetings, you would realize that it won't help in gettings things changed significantly better than active mailing list participation would... :-/ -- Pekka Savola You each name yourselves king, yet the Netcore Oykingdom bleeds. Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
Re: NAT64/NAT-PT update in IETF, was: Re: Important New Requirement for IPv4 Requests [re impacting revenue]
On Thu, Apr 23, 2009, William Allen Simpson wrote: Some wag around here re-christened it the IVTF (V stands for Vendor, not Victory). ;-) I haven't bothered to go in years If the people with operational experience stop going, you can't blame the group for being full of vendors. Methinks its time a large cabal of network operators should represent at IETF and make their opinions heard as a collective group. That would be how change is brought about in a participative organisation, no? :) Adrian
Re: NAT64/NAT-PT update in IETF, was: Re: Important New Requirement for IPv4 Requests [re impacting revenue]
On Thu, Apr 23, 2009 at 08:17:07PM +0800, Adrian Chadd wrote: On Thu, Apr 23, 2009, William Allen Simpson wrote: Some wag around here re-christened it the IVTF (V stands for Vendor, not Victory). ;-) I haven't bothered to go in years If the people with operational experience stop going, you can't blame the group for being full of vendors. Methinks its time a large cabal of network operators should represent at IETF and make their opinions heard as a collective group. That would be how change is brought about in a participative organisation, no? :) Adrian Operator participation in IETF has been a problem for at least 18 years. I remember a fairly large dustup w/ John Curran and Scott Bradner over why the OPS area was so lacking in actual operators at the Columbus IETF. Its never gotten any better. IETF used to be populated by developers and visionaries (grad students with lofty ideas). Once commercialization set in (they graduated and got jobs) their funding sources changed from government grants to salaries. And management took a more active role. the outcome is that vendors now control much of the IETF participation and indirectly control IETF output. just my 0.02 from the cheap seats. --bill
Re: NAT64/NAT-PT update in IETF, was: Re: Important New Requirement for IPv4 Requests [re impacting revenue]
On 24/04/2009, at 12:14 AM, Pekka Savola wrote: On Thu, 23 Apr 2009, Nathan Ward wrote: After trying to participate on mailing lists for about 2 or 3 years, it's pretty hard to get anything done without going to meetings. Just participating in mailing lists is good for keeping up to date, but not so good for getting things changed. That's what I've found, anyway. Might not always be true. If you were to go to meetings, you would realize that it won't help in gettings things changed significantly better than active mailing list participation would... :-/ I got heaps done in SFO - to the point where I'm happy to pay to get to Stockholm and Hiroshima later this year (I'm self employed, and live at the end of the world, so for me it's harder than most who just have to convince the boss :-). -- Nathan Ward
Re: NAT64/NAT-PT update in IETF, was: Re: Important New Requirement for IPv4 Requests [re impacting revenue]
On 23 apr 2009, at 14:17, Adrian Chadd wrote: Methinks its time a large cabal of network operators should represent at IETF and make their opinions heard as a collective group. That would be how change is brought about in a participative organisation, no? :) Why don't you start by simpling stating what you want to have happen? So far I've seen a number of messages complaining about the IETF (btw, if you like complaining about the IETF, go to the meetings, there is significant time set aside for that there) but not a single technical request, remark or observation. The IETF works by rough consensus. That means if people disagree, nothing much happens. That is annoying. But a lot of good work gets done when people agree, and a lot of the time good technical arguments help. Like I said, the IETF really wants input from operators. Why not start by giving some?
Re: Important New Requirement for IPv4 Requests [re impacting revenue]
Apologies for a somewhat latent response - I was attending an IPv6 Seminar (of which ARIN was a sponsor) the last two days and am just getting to nanog mail today. On Tue, Apr 21, 2009 at 15:42, Shane Ronan sro...@fattoc.com wrote: I'm not sure if anyone agrees with me, but these responses seem like a big cop out to me. A) If ARIN is so concerned about the potential depletion of v4 resources, they should be taking a more proactive roll in proposing potential solutions and start conversation rather then saying that the users should come up with a proposal which they then get a big vote one. They is YOU. ARIN policy is created by the community - Your voice, your community. The statement should read: If [you] are so concerned about the potential depletion of v4 resources, [you] should be taking a more proactive [role] in proposing potential solutions and start[ing] conversation. If you participated in the ARIN PDP (1), even by just lurking on the ppml (2), you would already be aware that many folks have proposed many potential solutions (some of which have already been adopted) and that there _is_ an ongoing conversation that I strongly encourage you to join. B) Again, while it might be the IETF's job, shouldn't the group trusted with the management of the IP space at least have a public opinion about these solutions are designed. Ensuring that they are designed is such a way to guarantee maximum adoption of v6 and thus reducing the potential for depletion of v4 space. I think that developing resource management policy to meet those goals is much more in line with ARINs mandate. As I mentioned above, this is happening. C) Are ARIN's books open for public inspection? If so, it might be interesting for the group to see where all our money is going, since it's obviously not going to outreach and solution planning. Perhaps it is being spent in a reasonable manner, and the fees are where they need to be to sustain the organizations reasonable operations, but perhaps not. Links to annual statements etc. have already been provided. I am sure an email to ARIN (3) would help you answer your question further. Mr Curran, given the response you've seen from the group, and in particular the argument that most CEO's or Officers of firms will simply sign off on what they IT staff tells them (as they have little to no understanding of the situation), can you explain what exactly you are hoping to achieve by heaping on yet an additional requirement to the already over burdensome process of receiving an IPv4 allocation? I obviously can not speak for Mr. Curran, but I do applaud this effort. I believe that adding this requirement will lower exaggeration and fraud as well as raise awareness. These are both noble goals and well worth the marginal effort required. The argument that most officers will sign anything put in front of them is not very convincing to me. I have a hard time accepting incompetence or laziness as a valid rational for any argument at all really. ~Chris (speaking for myself) (1) - https://www.arin.net/knowledge/pdp/ (2) - https://www.arin.net/participate/mailing_lists/index.html (3) - mailto:i...@arin.net Shane Ronan --Opinions contained herein are strictly my own-- On Apr 21, 2009, at 9:01 AM, John Curran wrote: Roger - A few nits: A) ARIN's not ignoring unneeded legacy allocations, but can't take action without the Internet community first making some policy on what action should be taken... Please get together with folks of similar mind either via PPML or via Public Policy meeting at the the Open Policy Bof, and then propose a policy accordingly. B) Technical standards for NAT NAPT are the IETF's job, not ARIN's. C) We've routinely lowered fees since inception, not raised them. Thanks, /John John Curran Acting CEO ARIN -- Chris Grundemann weblog.chrisgrundemann.com
Re: Important New Requirement for IPv4 Requests [re impacting revenue]
Chris Grundemann wrote: They is YOU. ARIN policy is created by the community - Your voice, your community. ... If you participated in the ARIN PDP (1)... Ok, so am I the only one who missed which policy proposal this was that generated the new requirement that an officer sign off on the request for more IPv4 space? I can't find the Policy Proposal number or the Draft Policy ID, but then maybe I'm not looking hard enough. Matthew Kaufman
Re: Important New Requirement for IPv4 Requests
Net-Admin: This IPv6 stuff is important, we should already be deploying it full-tilt. Manager:Some IPv6 testing should be reflected in next years budget. Director: I hear IPv6 is the future, but customers just aren't demanding it. VP Network: Humm, maybe I should have read the Network World article on IPv6 rather than the one on Google World Dominance. ...you forgot the rest of the conversation: VP Network: Why doesn't www.google.com return one of these v6 addresses? Director: Yeah, did do a limited v6 deployment last year, why doesn't i work? Net-Admin: We aren't one of the networks that have been individually vetted by Google to return an to without complications. Director: So even with all their scale, influence and technology resources, they still won't do it by default? VP Network: Sounds like we can hold back on that budget for another year.
Re: Important New Requirement for IPv4 Requests
Ricky Beam wrote: On Tue, 21 Apr 2009 19:22:08 -0400, Ken A k...@pacific.net wrote: Also, monthly bandwidth monitoring/shaping/capping are more easily done using one ip per hosted domain... That's why the infrastructure is virtualized and you monitor at or behind the firewall(s) and/or load balancer(s) -- where it *is* one IP per customer. Sure, it's easier (and cheaper) to be lazy and waste address space than setup a proper hosting network. I wasn't trying to point towards the 'right way', only adding to the list of motivations that are out there, and being discussed here. As ipv4 gets less cheap, and less easy to obtain, these motivations cease. That's a good thing. Ken -- Ken Anderson Pacific Internet - http://www.pacific.net
Re: Important New Requirement for IPv4 Requests
On 21-Apr-2009, at 21:50, bmann...@vacation.karoshi.com wrote: On Tue, Apr 21, 2009 at 08:24:38PM -0400, Ricky Beam wrote: FTP? Who uses FTP these days? Certainly not consumers. Even Cisco pushes almost everything via a webserver. (they still have ftp servers, they just don't put much on them these days.) well, pretty much anyone who has large datasets to move around. that default 64k buffer in the openssl libs pretty much sucks rocks for large data flows. So you're saying FTP with no SSL is better than HTTP with no SSL? Joe
Re: Important New Requirement for IPv4 Requests
On Wed, Apr 22, 2009 at 10:17:38AM -0400, Joe Abley wrote: On 21-Apr-2009, at 21:50, bmann...@vacation.karoshi.com wrote: On Tue, Apr 21, 2009 at 08:24:38PM -0400, Ricky Beam wrote: FTP? Who uses FTP these days? Certainly not consumers. Even Cisco pushes almost everything via a webserver. (they still have ftp servers, they just don't put much on them these days.) well, pretty much anyone who has large datasets to move around. that default 64k buffer in the openssl libs pretty much sucks rocks for large data flows. So you're saying FTP with no SSL is better than HTTP with no SSL? Joe (see me LEAPING to conclusions) yes. (although I was actually thinking http w/ SSL vs FTP w/o SSL) a really good review of the options was presented at the DoE/JT meeting at UNL last summer. Basically, tuned FTP w/ large window support is still king for pushing large datasets around. --bill
Re: Important New Requirement for IPv4 Requests
On Wed, Apr 22, 2009 at 02:27:14PM +, bmann...@vacation.karoshi.com wrote: On Wed, Apr 22, 2009 at 10:17:38AM -0400, Joe Abley wrote: On 21-Apr-2009, at 21:50, bmann...@vacation.karoshi.com wrote: On Tue, Apr 21, 2009 at 08:24:38PM -0400, Ricky Beam wrote: FTP? Who uses FTP these days? Certainly not consumers. Even Cisco pushes almost everything via a webserver. (they still have ftp servers, they just don't put much on them these days.) well, pretty much anyone who has large datasets to move around. that default 64k buffer in the openssl libs pretty much sucks rocks for large data flows. So you're saying FTP with no SSL is better than HTTP with no SSL? Joe (see me LEAPING to conclusions) yes. (although I was actually thinking http w/ SSL vs FTP w/o SSL) a really good review of the options was presented at the DoE/JT meeting at UNL last summer. Basically, tuned FTP w/ large window support is still king for pushing large datasets around. --bill whiner Joe... here's the link: http://www.internet2.edu/presentations/jt2008jul/20080720-tierney.pdf --bill
Re: Important New Requirement for IPv4 Requests
On Wed, Apr 22, 2009 at 10:17:38AM -0400, Joe Abley wrote: On 21-Apr-2009, at 21:50, bmann...@vacation.karoshi.com wrote: On Tue, Apr 21, 2009 at 08:24:38PM -0400, Ricky Beam wrote: FTP? Who uses FTP these days? Certainly not consumers. Even Cisco pushes almost everything via a webserver. (they still have ftp servers, they just don't put much on them these days.) well, pretty much anyone who has large datasets to move around. that default 64k buffer in the openssl libs pretty much sucks rocks for large data flows. So you're saying FTP with no SSL is better than HTTP with no SSL? (see me LEAPING to conclusions) yes. (although I was actually thinking http w/ SSL vs FTP w/o SSL) a really good review of the options was presented at the DoE/JT meeting at UNL last summer. Basically, tuned FTP w/ large window support is still king for pushing large datasets around. Why not just put it all in an e-mail attachment. Geez. Everyone knows that's a great idea. While HTTP remains popular as a way to interact with humans, especially if you want to try to do redirects, acknowledge license agreements, etc., FTP is the file transfer protocol of choice for basic file transfer, and can be trivially automated, optimized, and is overall a good choice for file transfer. Does anyone know what FTP stands for, anyways? I've always wondered... ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again. - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.
Re: Important New Requirement for IPv4 Requests
On Wed, 2009-04-22 at 09:42 -0500, Joe Greco wrote: FTP is the file transfer protocol of choice for basic file transfer, [...] Does anyone know what FTP stands for, anyways? I've always wondered... File Transfer Protocol. I know - it's a tricky one that, don't feel bad :-) Regards, K. -- ~~~ Karl Auer (ka...@biplane.com.au) +61-2-64957160 (h) http://www.biplane.com.au/~kauer/ +61-428-957160 (mob) GPG fingerprint: 07F3 1DF9 9D45 8BCD 7DD5 00CE 4A44 6A03 F43A 7DEF signature.asc Description: This is a digitally signed message part
NAT64/NAT-PT update in IETF, was: Re: Important New Requirement for IPv4 Requests [re impacting revenue]
On 22 apr 2009, at 0:19, Owen DeLong wrote: B) Again, while it might be the IETF's job, shouldn't the group trusted with the management of the IP space at least have a public opinion about these solutions are designed. Ensuring that they are designed is such a way to guarantee maximum adoption of v6 and thus reducing the potential for depletion of v4 space. The IETF specifically does not accept organizational input and requires instead that individuals participate. So how is the RIR model where you become a member and then participate better? If ARIN or the other RIRs have compelling arguments the only reason those arguments are compelling is because of their merit, not because they're from a RIR. it means that even if ARIN could develop a public opinion (which would have to come from the ARIN community by some process which we don't really have as yet), this opinion wouldn't mean much in the IETF's eyes. Well, if you, ARIN, or anyone else has input that should be considered when writing with a better specification for an IPv6-IPv4 translator, please let us know. For the past year or so the IETF behave working group has been considering the issue, and looked at a whole bunch of scenarios: from a small IPv6 network to the public IPv4 internet, to private IPv4 addresses, from a small IPv4 network to the public IPv6 internet, to (not entirely) private IPv6 addresses. The IPv6-IPv4 case seems doable with a bunch of caveats (it's still NAT) and we (for some value of we) want to get it out fast, but the other way around looks much more difficult and will at the very least take longer. The softwire(s?) working group is looking at tunneling IPv4 over IPv6 towards a big carrier grade NAT so IPv4 hosts/applications can still work across an IPv6 access network with only one layer of NAT. In v6ops CPE requirements are being discussed so in the future, it should be possible to buy a $50 home router and hook it up to your broadband service or get a cable/DSL modem from your provider and the IPv6 will be routed without requiring backflips from the user. So there is a fair chance that we'll be in good shape for IPv6 deployment before we've used up the remaining 893 million IPv4 addresses.
Re: Important New Requirement for IPv4 Requests
On 22 Apr 2009, at 10:42, Joe Greco wrote: While HTTP remains popular as a way to interact with humans, especially if you want to try to do redirects, acknowledge license agreements, etc., FTP is the file transfer protocol of choice for basic file transfer, and can be trivially automated, optimized, and is overall a good choice for file transfer. Does anyone know what FTP stands for, anyways? I've always wondered... :-) I was mainly poking at the fact that Bill seemed to be comparing SSL- wrapped file transfer with non-SSL-wrapped file transfer, but I'm intrigued by the idea that FTP without SSL might be faster than HTTP without SSL, since in my mind outside the minimal amount of signalling involved they both amount to little more than a single TCP stream. Bill sent me a link to a paper. I will read it. However, I take some small issue with the assertion that FTP is easier to script than HTTP. The only way I have ever found it easy to script FTP (outside of writing dedicated expect scripts to drive clients, which really seems like cheating) is to use tools like curl, and I don't see why HTTP is more difficult than FTP as a protocol in that case. Perhaps I'm missing something. Joe
Re: NAT64/NAT-PT update in IETF, was: Re: Important New Requirement for IPv4 Requests [re impacting revenue]
Iljitsch van Beijnum wrote: In v6ops CPE requirements are being discussed so in the future, it should be possible to buy a $50 home router and hook it up to your broadband service or get a cable/DSL modem from your provider and the IPv6 will be routed without requiring backflips from the user. So there is a fair chance that we'll be in good shape for IPv6 deployment before we've used up the remaining 893 million IPv4 addresses. I think this annoys people more than anything. We're how many years into the development and deployment cycle of IPv6? What development cycle is expected out of these CPE devices after a spec is FINALLY published? If the IETF is talking future and developers are also talking future, us little guys that design, build, and maintain the networks can't really do much. I so hope that vendors get sick of it and just make up their own proprietary methods of doing things. Let the IETF catch up later on. /RANT Jack
Re: NAT64/NAT-PT update in IETF, was: Re: Important New Requirement for IPv4 Requests [re impacting revenue]
On 22 apr 2009, at 22:12, Jack Bates wrote: I think this annoys people more than anything. We're how many years into the development and deployment cycle of IPv6? What development cycle is expected out of these CPE devices after a spec is FINALLY published? That's certainly one way to look at this, and I'm just as unhappy about how long this has taken as you. On the other hand, it has been argued that these issues are outside the scope of the IETF in the first place, as it's just application of already established protocols, not developing something new. So another way to look at it is that at least the IETF is finally doing something because so far, nobody else has. What would have helped here is more push in this direction. If the IETF is talking future and developers are also talking future, us little guys that design, build, and maintain the networks can't really do much. I so hope that vendors get sick of it and just make up their own proprietary methods of doing things. Let the IETF catch up later on. People who run networks can do a lot: believe it or not, the IETF really wants input from network operators, especially in the early phases of protocol development when the requirements are established. Proprietary methods duking it out in the market place is nice for stuff that happens inside one box or at least within one administrative domain, but it would be a nightmare in broadband deployment where I want my Windows box to talk to my Apple wifi base station and my Motorola cable modem to the ISP's Cisco headend and their Extreme switches and Juniper routers.
Re: NAT64/NAT-PT update in IETF, was: Re: Important New Requirement for IPv4 Requests [re impacting revenue]
Ron Bonica is leading a BOF during NANOG46 in Philly which may be of interest - BOF: IETF OPS MGMT Area, Ron Bonica, Juniper Networks Presentation Date: June 14, 2009, 2:00 PM - 3:30 PM Abstract: The IETF OPS MGMT Area documents management technologies and operational best common practices. The purpose of this BoF is to review activities in that area and solicit feedback to determine the usefulness of those activities to the operator community. We will also solicit proposals for new work that is of interest to users. The full agenda is up at - http://www.nanog.org/meetings/nanog46/agenda.php Cheers, -ren On Wed, Apr 22, 2009 at 5:18 PM, Iljitsch van Beijnum iljit...@muada.com wrote: On 22 apr 2009, at 22:12, Jack Bates wrote: I think this annoys people more than anything. We're how many years into the development and deployment cycle of IPv6? What development cycle is expected out of these CPE devices after a spec is FINALLY published? That's certainly one way to look at this, and I'm just as unhappy about how long this has taken as you. On the other hand, it has been argued that these issues are outside the scope of the IETF in the first place, as it's just application of already established protocols, not developing something new. So another way to look at it is that at least the IETF is finally doing something because so far, nobody else has. What would have helped here is more push in this direction. If the IETF is talking future and developers are also talking future, us little guys that design, build, and maintain the networks can't really do much. I so hope that vendors get sick of it and just make up their own proprietary methods of doing things. Let the IETF catch up later on. People who run networks can do a lot: believe it or not, the IETF really wants input from network operators, especially in the early phases of protocol development when the requirements are established. Proprietary methods duking it out in the market place is nice for stuff that happens inside one box or at least within one administrative domain, but it would be a nightmare in broadband deployment where I want my Windows box to talk to my Apple wifi base station and my Motorola cable modem to the ISP's Cisco headend and their Extreme switches and Juniper routers.
Re: NAT64/NAT-PT update in IETF, was: Re: Important New Requirement for IPv4 Requests [re impacting revenue]
Iljitsch van Beijnum wrote: What would have helped here is more push in this direction. What really would help is more people who are not on NANOG pushing vendors to support IPv6. Even my Juniper SE has mentioned that I'm one of 2 people he's had seriously pushing for IPv6 features. Other vendors have just blown me off all together (we'll have it sometime). People who run networks can do a lot: believe it or not, the IETF really wants input from network operators, especially in the early phases of protocol development when the requirements are established. Serious input and participation means work and money. Too much for me. Doesn't help that when I was a wee one, mom dated someone who bragged about his status in the IETF and even had a pen. Sad way to be introduced to any organization, but I have seen similar mentalities regarding IETF mentioned here reinforcing my belief that arrogance is alive and I don't have the time and money to deal with it. Proprietary methods duking it out in the market place is nice for stuff that happens inside one box or at least within one administrative domain, but it would be a nightmare in broadband deployment where I want my Windows box to talk to my Apple wifi base station and my Motorola cable modem to the ISP's Cisco headend and their Extreme switches and Juniper routers. Sure, but the largest missing pieces for IPv6 are single box implementations. Proprietary NAT is single box. Will it break stuff? Probably, but when hasn't it? Corporate networks won't care. They'll deploy the vendor that supports it if that is what they want. BRAS/Aggregation is another single box solution but defines everything about an edge broadband network, supported by the access devices (switches, dslams, wireless ap/backhauls, etc). The layer 3 aware access devices all tend to have their own single box methods of security (DHCP snooping, broadcast scoping, etc, etc). I've seen quite a few systems that can't turn the security support off and break IPv6 because of it. Jack
Re: NAT64/NAT-PT update in IETF, was: Re: Important New Requirement for IPv4 Requests [re impacting revenue]
On 23/04/2009, at 8:12 AM, Jack Bates wrote: Iljitsch van Beijnum wrote: In v6ops CPE requirements are being discussed so in the future, it should be possible to buy a $50 home router and hook it up to your broadband service or get a cable/DSL modem from your provider and the IPv6 will be routed without requiring backflips from the user. So there is a fair chance that we'll be in good shape for IPv6 deployment before we've used up the remaining 893 million IPv4 addresses. I think this annoys people more than anything. We're how many years into the development and deployment cycle of IPv6? What development cycle is expected out of these CPE devices after a spec is FINALLY published? If the IETF is talking future and developers are also talking future, us little guys that design, build, and maintain the networks can't really do much. I so hope that vendors get sick of it and just make up their own proprietary methods of doing things. Let the IETF catch up later on. This work is actually mostly being done by some guys at Cisco, and other vendors have plenty of input as well. I would be surprised if CPEs that support the outcome of this work are far behind the RFC being published (or even a late draft). -- Nathan Ward
Re: Important New Requirement for IPv4 Requests
On 23/04/2009, at 3:33 AM, Joe Abley wrote: However, I take some small issue with the assertion that FTP is easier to script than HTTP. The only way I have ever found it easy to script FTP (outside of writing dedicated expect scripts to drive clients, which really seems like cheating) is to use tools like curl, and I don't see why HTTP is more difficult than FTP as a protocol in that case. Perhaps I'm missing something. It looks like curl can upload stuff (-d @file) but you have to have something on the server to accept it. FTP sounds easier. -- Nathan Ward
Re: NAT64/NAT-PT update in IETF, was: Re: Important New Requirement for IPv4 Requests [re impacting revenue]
Jack Bates wrote: Iljitsch van Beijnum wrote: In v6ops CPE requirements are being discussed so in the future, it should be possible to buy a $50 home router and hook it up to your broadband service or get a cable/DSL modem from your provider and the IPv6 will be routed without requiring backflips from the user. So there is a fair chance that we'll be in good shape for IPv6 deployment before we've used up the remaining 893 million IPv4 addresses. I think this annoys people more than anything. We're how many years into the development and deployment cycle of IPv6? What development cycle is expected out of these CPE devices after a spec is FINALLY published? ipv6 cpe devices have been / are being developed already. the doesn't mean there isn't more work to be done, in If the IETF is talking future and developers are also talking future, us little guys that design, build, and maintain the networks can't really do much. I so hope that vendors get sick of it and just make up their own proprietary methods of doing things. Let the IETF catch up later on. Generally the presumption is that people bring work that they are working on to the table. I work for an equipment vendor, if there's no reason for us to implement something why would would we expend cycles to work on it in the IETF either? /RANT Jack
Re: Important New Requirement for IPv4 Requests
If the effort that will go into administering this went instead into reclaiming IPv4 space that's obviously hijacked and/or being used by abusive operations, we'd all benefit. ---Rsk
RE: Important New Requirement for IPv4 Requests
There's a big difference between signing that the books are right (it matters!) and filling out paperwork for ARIN. The first is one of his primary duties as an officer of the company, the second won't even make his secretary's to do list. It appears that ARIN wants to raise the IP addressing space issue to the CxO level -- if it was interested in honesty, ARIN would have required a notarized statement by the person submitting the request. If ARIN really wants to get the interest of CEOs, raise the price! Frank -Original Message- From: Jo Rhett [mailto:jrh...@netconsonance.com] Sent: Monday, April 20, 2009 11:25 PM To: nanog@nanog.org Subject: Re: Important New Requirement for IPv4 Requests On Apr 20, 2009, at 4:39 PM, Joe Greco wrote: So the officer, most likely not being a technical person, is going to contact ... probably the same people who made the request, ask them if they need the space. Right? And why would the answer be any different, now? This is exactly identical to having the CEO signed the quarterly statements. You are saying this is Right. The CEO couldn't do that accounting him/herself -- but they're going to ask more questions and be more cautious before putting their name on it. I applaud this idea. I wish we had done it 10 years ago, but it's not too late to start. Before late than never. -- Jo Rhett Net Consonance : consonant endings by net philanthropy, open source and other randomness
Re: Important New Requirement for IPv4 Requests
Rich Kulawiec wrote: If the effort that will go into administering this went instead into reclaiming IPv4 space that's obviously hijacked and/or being used by abusive operations, we'd all benefit. But they can't do that without impacting revenue. In order to continue charging fees that are wholly out of proportion to their cost ARIN must: A) ignore all the unneeded legacy /16 allocations, even those owned by organizations with fewer than 300 employees (like net.com) who could easily get by with a /24 B) do nothing while IPv6 languishes due to the absence of a standard for one-to-many NAT and NAPT for v6 and v4/v6 C) periodically raise fees and implement minimal measures like requiring someone to sign a statement of need, so they can at least appear to have been proactive when the impacts of this artificial shortage really begin to impact communications Bottom line: it's about the money. Money and short-term self-interest, same as is causing havoc in other sectors of the economy. Nothing new here. IMO, Roger Marquis
Re: Important New Requirement for IPv4 Requests
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Apr 21, 2009, at 5:49 AM, Frank Bulk - iName.com wrote: It appears that ARIN wants to raise the IP addressing space issue to the CxO level -- if it was interested in honesty, ARIN would have required a notarized statement by the person submitting the request. If ARIN really wants to get the interest of CEOs, raise the price! And punish those that do play by the rules? ARIN's prices are already crazy high for what they actually do. Chris - -- Chris Owen - Garden City (620) 275-1900 - Lottery (noun): President - Wichita (316) 858-3000 -A stupidity tax Hubris Communications Inc www.hubris.net - -- -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (Darwin) Comment: Public Key: http://home.hubris.net/owenc/pgpkey.txt Comment: Public Key ID: 0xB513D9DD iEYEARECAAYFAknt5BAACgkQElUlCLUT2d2fNACguc5HUFm7iutmdPPEMXVNpgJG UPsAmQFzuLQ5JdCOjWUALIvfIUZuLcPu =t813 -END PGP SIGNATURE-
Re: Important New Requirement for IPv4 Requests
Oddly enough, someone proposed something very much along these lines at a couple of RIR meetings (see IPv4 Soft Landing), and in fact used the 'driving into a brick wall' analogy. Many of the folks who commented on that policy proposal felt it was inappropriate for RIRs to dictate business models (that is, if an ISP doesn't want to move to IPv6, it wouldn't be 'right' for an RIR to force them to). The proposer eventually gave up as the impedance mismatch between reality and the RIR policy making process became too great to observe without breaking into uncontrollable giggles. Regards, -drc On Apr 20, 2009, at 7:56 PM, Matthew Moyle-Croft wrote: ARIN should ask companies to demonstrate: - demonstration of routing of an IPv6 range/using IPv6 address space - demonstration of services being offered over IPv6 - a plan to migrate customers to IPv6 - automatic allocation of IPv6 range instead of IPv4 for those who can't do so. ie. No more IPv4 for you until you've shown IPv6 clue. Then people can't just get away with driving into the brick wall of IPv4-allocation fail. (Not sure if I'm serious about this suggestion, but it's there now). MMC On 21/04/2009, at 9:09 AM, Joe Greco wrote: Let me see if I can understand this. We're running out of IPv4 space. Knowing that blatant lying about IP space justifications has been an ongoing game in the community, ARIN has decided to do something about it. So now they're going to require an attestation. Which means that they are going to require an officer to attest to the validity of the information. So the officer, most likely not being a technical person, is going to contact ... probably the same people who made the request, ask them if they need the space. Right? And why would the answer be any different, now? ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again. - Direct Marketing Ass'n position on e- mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples. -- Matthew Moyle-Croft Networks, Internode/Agile Level 5, 162 Grenfell Street, Adelaide, SA 5000 Australia Email: m...@internode.com.auWeb: http://www.on.net Direct: +61-8-8228-2909 Mobile: +61-419-900-366 Reception: +61-8-8228-2999Fax: +61-8-8235-6909
Re: Important New Requirement for IPv4 Requests
On Apr 21, 2009, at 6:03 AM, Rich Kulawiec wrote: If the effort that will go into administering this went instead into reclaiming IPv4 space that's obviously hijacked and/or being used by abusive operations, we'd all benefit. Report such cases to ARIN: https://www.arin.net/resources/fraud/ Thanks! /John John Curran Acting CEO ARIN
Re: Important New Requirement for IPv4 Requests [re impacting revenue]
On Apr 21, 2009, at 11:19 AM, Roger Marquis wrote: Rich Kulawiec wrote: If the effort that will go into administering this went instead into reclaiming IPv4 space that's obviously hijacked and/or being used by abusive operations, we'd all benefit. But they can't do that without impacting revenue. In order to continue charging fees that are wholly out of proportion to their cost ARIN must: A) ignore all the unneeded legacy /16 allocations, even those owned by organizations with fewer than 300 employees (like net.com) who could easily get by with a /24 B) do nothing while IPv6 languishes due to the absence of a standard for one-to-many NAT and NAPT for v6 and v4/v6 C) periodically raise fees and implement minimal measures like requiring someone to sign a statement of need, so they can at least appear to have been proactive when the impacts of this artificial shortage really begin to impact communications Bottom line: it's about the money. Money and short-term self- interest, same as is causing havoc in other sectors of the economy. Nothing new here. Roger - A few nits: A) ARIN's not ignoring unneeded legacy allocations, but can't take action without the Internet community first making some policy on what action should be taken... Please get together with folks of similar mind either via PPML or via Public Policy meeting at the the Open Policy Bof, and then propose a policy accordingly. B) Technical standards for NAT NAPT are the IETF's job, not ARIN's. C) We've routinely lowered fees since inception, not raised them. Thanks, /John John Curran Acting CEO ARIN
Re: Important New Requirement for IPv4 Requests [re impacting revenue]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Apr 21, 2009, at 11:01 AM, John Curran wrote: C) We've routinely lowered fees since inception, not raised them. Well I'm not sure what your definitely of routinely is, but we've not seen in decrease in our fees any time in the past 8 years. Chris - -- Chris Owen - Garden City (620) 275-1900 - Lottery (noun): President - Wichita (316) 858-3000 -A stupidity tax Hubris Communications Inc www.hubris.net - -- -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (Darwin) Comment: Public Key: http://home.hubris.net/owenc/pgpkey.txt Comment: Public Key ID: 0xB513D9DD iEYEARECAAYFAknt/dEACgkQElUlCLUT2d1gZgCfeMxGeY2sH2wEzjgqn+l6Ybnh E74An3shoRmt27XCTKUqYNbF8TriwAWG =SY6H -END PGP SIGNATURE-
Re: Important New Requirement for IPv4 Requests [re impacting revenue]
John Curran wrote: A) ARIN's not ignoring unneeded legacy allocations, but can't take action without the Internet community first making some policy on what action should be taken... Please get together with folks of similar mind either via PPML or via Public Policy meeting at the the Open Policy Bof, and then propose a policy accordingly. Thanks for the reply John, but PPML has not worked to-date. Too many legacy interests willing and able to veto any such attempt at a sustainable netblock return policy. Not sure how us folks, of a similar mind as it were, would be able to change that equation. IMO this change has to come from the top down. Towards that goal can you give us any hint as to how to effect that? B) Technical standards for NAT NAPT are the IETF's job, not ARIN's. Too true, but no reason ARIN could not be taking a more active role. This is after all, in ARIN's best interest, not the IETF's. C) We've routinely lowered fees since inception, not raised them. Not raised since they were raised, granted. Not raised for large unnecessary allocations either. Is that the job of the PPML as well? What telecommunications consumers need here is leadership and direction. What we see is, well, not what we are looking for. Roger Marquis
Re: Important New Requirement for IPv4 Requests
David Conrad wrote: The term legacy here is relevant. Under what agreement would an RIR evaluate an allocation that occurred prior to the existence of the RIR? And when the folks who received legacy space and don't like this upstart RIR nosing around in their business, the legal fees that the RIR incur will cost non-trivial amounts of, well, money. Good points all. I fully admit to ignorance of how to remedy this and the other valid points raised in defence of the status quo (except by raising the issue when appropriate). Not sure what could be cited as presidence either, except perhaps the transition from feudal landowning aristocracies a few centuries back. Roger Marquis
Re: Important New Requirement for IPv4 Requests
On Tue, 21 Apr 2009, Roger Marquis wrote: Not sure what could be cited as presidence either, except perhaps the transition from feudal landowning aristocracies a few centuries back. Except they weren't pushing to transition people to LANDv6, just fighting to determine who held control of the existing LANDv4 and its resources :) Not that dissimilar from what we're going through today... jms
Re: Important New Requirement for IPv4 Requests
On Mon, 20 Apr 2009 19:39:47 -0400, Joe Greco jgr...@ns.sol.net wrote: Knowing that blatant lying about IP space justifications has been an ongoing game in the community, ARIN has decided to do something about it. ... That game has been going on for over a decade. I've seen it first hand as far back as '96. I've even seen multiple address allocations using the *exact* same email -- once or twice a year, not like they were 4 requests on the same day; they had been using that same form email for *YEARS* -- (me) And they fall for it? (coworker) Every time. As you point out, this will have zero effect. The COO (officer) will either be clueless as to the fine details of the operation and rely on the information (lies) from his managers and techies. Or, he's the one telling them to lie in the first place.
Re: Important New Requirement for IPv4 Requests [re impacting revenue]
On Apr 21, 2009, at 10:36 AM, Roger Marquis wrote: B) Technical standards for NAT NAPT are the IETF's job, not ARIN's. Too true, but no reason ARIN could not be taking a more active role. This is after all, in ARIN's best interest, not the IETF's. There is work happening in the behave wg of the IETF on such. We welcome operator input. http://www.ietf.org/html.charters/behave-charter.html
Re: Important New Requirement for IPv4 Requests
Oddly enough, someone proposed something very much along these lines at a couple of RIR meetings (see IPv4 Soft Landing), and in fact used the 'driving into a brick wall' analogy. Many of the folks who commented on that policy proposal felt it was inappropriate for RIRs to dictate business models (that is, if an ISP doesn't want to move to IPv6, it wouldn't be 'right' for an RIR to force them to). The proposer eventually gave up as the impedance mismatch between reality and the RIR policy making process became too great to observe without breaking into uncontrollable giggles. A more interesting experiment: We want uptake of IPv6, right? Allocating even fairly large swaths of IPv6 to those who didn't really need it would be less harmful than hoarding IPv4, right? How about actually providing an incentive to return IPv4 space? How about actually providing an incentive to provide IPv6 services along the way? For example, here, we're not currently doing production IPv6, because we're not likely to be able to justify the cost of acquiring space from ARIN. Our legacy IPv4 resources cost us nothing, both what we advertise and what we don't. If there was a way for us to trade in some swamp for IPv6, we might be tempted to do that, which would encourage IPv6 a little more. It would have to be on the same or similar terms as what we currently enjoy, otherwise, it makes more sense just to retain the IPv4. Further, there may be organizations that could be tempted into returning paid ARIN allocations, perhaps by offering them a guaranteed low rate (free, ideally) for IPv6 space in exchange for significant chunks of IPv4 returned. Now, really, would this be successful? Who knows. But I do know that it wouldn't be costly in any meaningful way. If the RIRs get any returned IPv4 space and hand out some free IPv6 space, we (the whole Internet) win on both fronts. Maybe the RIR isn't making oodles of money from registration services for that space, but then again, I've never been convinced that the pay-for-addresses model is a good idea in the greater picture. At some point, it would make sense to evaluate the question of how much IPv4 space is being sat on because of the costs of registering IPv6, etc. Of course, this is the opposite problem: we're now talking about dictating RIR business models. :-) ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again. - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.
Re: Important New Requirement for IPv4 Requests [re impacting revenue]
I'm not sure if anyone agrees with me, but these responses seem like a big cop out to me. A) If ARIN is so concerned about the potential depletion of v4 resources, they should be taking a more proactive roll in proposing potential solutions and start conversation rather then saying that the users should come up with a proposal which they then get a big vote one. B) Again, while it might be the IETF's job, shouldn't the group trusted with the management of the IP space at least have a public opinion about these solutions are designed. Ensuring that they are designed is such a way to guarantee maximum adoption of v6 and thus reducing the potential for depletion of v4 space. C) Are ARIN's books open for public inspection? If so, it might be interesting for the group to see where all our money is going, since it's obviously not going to outreach and solution planning. Perhaps it is being spent in a reasonable manner, and the fees are where they need to be to sustain the organizations reasonable operations, but perhaps not. Mr Curran, given the response you've seen from the group, and in particular the argument that most CEO's or Officers of firms will simply sign off on what they IT staff tells them (as they have little to no understanding of the situation), can you explain what exactly you are hoping to achieve by heaping on yet an additional requirement to the already over burdensome process of receiving an IPv4 allocation? Shane Ronan --Opinions contained herein are strictly my own-- On Apr 21, 2009, at 9:01 AM, John Curran wrote: Roger - A few nits: A) ARIN's not ignoring unneeded legacy allocations, but can't take action without the Internet community first making some policy on what action should be taken... Please get together with folks of similar mind either via PPML or via Public Policy meeting at the the Open Policy Bof, and then propose a policy accordingly. B) Technical standards for NAT NAPT are the IETF's job, not ARIN's. C) We've routinely lowered fees since inception, not raised them. Thanks, /John John Curran Acting CEO ARIN
Re: Important New Requirement for IPv4 Requests
On Apr 21, 2009, at 3:49 AM, Frank Bulk - iName.com wrote: There's a big difference between signing that the books are right (it matters!) and filling out paperwork for ARIN. The first is one of his primary duties as an officer of the company, the second won't even make his secretary's to do list. It appears that ARIN wants to raise the IP addressing space issue to the CxO level -- if it was interested in honesty, ARIN would have required a notarized statement by the person submitting the request. No. Those are two entirely different problems. A notary signs only that the person in front of them has been checked to be who they say they are. That's authentication. A Notary cannot attest that what is on the document is valid. A CxO signing that the request is valid is Authorization to speak for the company. Different spectrum. -- Jo Rhett Net Consonance : consonant endings by net philanthropy, open source and other randomness
Re: Important New Requirement for IPv4 Requests
On Apr 21, 2009, at 1:58 PM, David Hubbard wrote: Raising the price won't help; there's already a huge amount of wasted address space by web hosts selling IP addresses to customers who need them solely for 'seo purposes' rather It's a common request we see. We refuse it, and point them to the Google documentation that shows that unique IPs don't help or hurt their SEO standings. reasons and even then they don't believe me. If ARIN would enforce a technically justified use of IPv4 space that does not recognize seo as a valid reason, that would definitely help I point to the wording where it says that we need to collect the technical justification for the additional IP addresses. Since virtual web hosting has no technical justification for IP space, I refuse it. And since the policy allows it currently, the CEO signing off on it will also be valid. Depends on how you read the policy. I prefer my reading to yours ;-) That said, if someone who likes writing these things will help me, I'll gladly create and advance a policy demanding a real, provable need for an IP beyond one per physical host. -- Jo Rhett Net Consonance : consonant endings by net philanthropy, open source and other randomness
Re: Important New Requirement for IPv4 Requests [re impacting revenue]
On Apr 21, 2009, at 2:42 PM, Shane Ronan wrote: Mr Curran, given the response you've seen from the group, and in particular the argument that most CEO's or Officers of firms will simply sign off on what they IT staff tells them (as they have little to no understanding of the situation), You really should go ask a CEO if he'd sign off on something that he doesn't understand. Really. I can assure you that your impression is wrong, and most CEOs don't prefer to be standing in court defending their actions. can you explain what exactly you are hoping to achieve by heaping on yet an additional requirement to the already over burdensome process of receiving an IPv4 allocation? Burdensome? Really? If you have your documentation together it takes about 15 minutes from beginning of the application form until receiving your new allocation. I spend longer on hold any time I deal with any other vendor. -- Jo Rhett Net Consonance : consonant endings by net philanthropy, open source and other randomness
Re: Important New Requirement for IPv4 Requests [re impacting revenue]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Apr 21, 2009, at 4:42 PM, Shane Ronan wrote: C) Are ARIN's books open for public inspection? If so, it might be interesting for the group to see where all our money is going, since it's obviously not going to outreach and solution planning. Perhaps it is being spent in a reasonable manner, and the fees are where they need to be to sustain the organizations reasonable operations, but perhaps not. It is a little out of date and not terribly detailed but they did post the 2008 budget at: https://www.arin.net/about_us/corp_docs/budget.html Budget is just over 13M. About 1/2 of that is salaries/benefits (maybe more if you add in 'legal fees'). A couple of interesting notes when looking at it: 12+M divided by the 3300 members is just shy of $4,000 per customer. Payroll is $5,707,134 for 47 full time employees. That is an average salary of $121,428 across all employees. Internet Research and Support is $164,500 Travel (which includes travel for board members, etc) is $1,315,349. There is more detail but older data at: https://www.arin.net/about_us/corp_docs/annual/2007_audited_financials.pdf Chris - -- Chris Owen - Garden City (620) 275-1900 - Lottery (noun): President - Wichita (316) 858-3000 -A stupidity tax Hubris Communications Inc www.hubris.net - -- -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (Darwin) Comment: Public Key: http://home.hubris.net/owenc/pgpkey.txt Comment: Public Key ID: 0xB513D9DD iEYEARECAAYFAknuQOUACgkQElUlCLUT2d3YDACgswR2sqikAunbbgVdRKrlQBeE a1cAoJPkHf25ZKua73NVEWg0wz+ZYQLY =6Ceo -END PGP SIGNATURE-
Re: Important New Requirement for IPv4 Requests [re impacting revenue]
On Tue, Apr 21, 2009 at 4:54 PM, Kevin Loch kl...@kl.net wrote: Shane Ronan wrote: C) Are ARIN's books open for public inspection? If so, it might be interesting for the group to see where all our money is going, since it's obviously not going to outreach and solution planning. Perhaps it is being spent in a reasonable manner, and the fees are where they need to be to sustain the organizations reasonable operations, but perhaps not. A quick search of the website found this: https://www.arin.net/about_us/corp_docs/annual_rprt.html - Kevin More specifically: https://www.arin.net/about_us/corp_docs/annual/2008/ -brandon -- Brandon Galbraith Mobile: 630.400.6992 FNAL: 630.840.2141
Re: Important New Requirement for IPv4 Requests [re impacting revenue]
On Apr 21, 2009, at 2:42 PM, Shane Ronan wrote: I'm not sure if anyone agrees with me, but these responses seem like a big cop out to me. A) If ARIN is so concerned about the potential depletion of v4 resources, they should be taking a more proactive roll in proposing potential solutions and start conversation rather then saying that the users should come up with a proposal which they then get a big vote one. Well... ARIN is structured with a bottom-up community driven policy process. That has served us well for many years, and, I think that changing it would be a mistake. However, in this case, that means that the following people are specifically excluded from proposing policy: The BoT (other than via the emergency process) ARIN Staff Policy proposals must come from the community. Either at large, or, from the ARIN AC which is an elected subgroup of the community tasked with developing good policy for ARIN. The AC itself depends largely on community input for what kind of policy the community wants us to develop, and, at the end of the day, community consensus is required in order for a proposal to become policy. B) Again, while it might be the IETF's job, shouldn't the group trusted with the management of the IP space at least have a public opinion about these solutions are designed. Ensuring that they are designed is such a way to guarantee maximum adoption of v6 and thus reducing the potential for depletion of v4 space. The IETF specifically does not accept organizational input and requires instead that individuals participate. This is one of the great strengths, and, also one of the great weaknesses of the IETF. However, it means that even if ARIN could develop a public opinion (which would have to come from the ARIN community by some process which we don't really have as yet), this opinion wouldn't mean much in the IETF's eyes. C) Are ARIN's books open for public inspection? If so, it might be interesting for the group to see where all our money is going, since it's obviously not going to outreach and solution planning. Perhaps it is being spent in a reasonable manner, and the fees are where they need to be to sustain the organizations reasonable operations, but perhaps not. I will leave this to the BoT to answer, but, I know that the treasurer presents a report at every members meeting which provides at least some high level details. I believe that as a non-profit corporation, a great deal of openness is required for accountability to ARIN members. Mr Curran, given the response you've seen from the group, and in particular the argument that most CEO's or Officers of firms will simply sign off on what they IT staff tells them (as they have little to no understanding of the situation), can you explain what exactly you are hoping to achieve by heaping on yet an additional requirement to the already over burdensome process of receiving an IPv4 allocation? I can't say what Mr. Curran expects, but, here's how I see it: 1. If an officer of the organization signs off, then, that means that both the organization and the officer personally can be held accountable for any fraud that is later uncovered. If the officer is an idiot, perhaps he'll just sign, but, most officers I have experience with don't do that. They usually engage in some level of verification before signing such a statement. 2. Organizations which are submitting fraudulent requests may be less willing to do that when someone has to make a signed attestation under penalty of perjury. Especially when that person has fiduciary liability to the organization as an officer. 3. There are lots of things people will do if they don't think there are potential consequences. A signed attestation by a corporate officer dramatically reduces the apparent lack of consequences to a fraudulent application. Sure, there will always be criminals and criminals may not be bothered by this signed attestation process. However, having it does give the ARIN legal team a better shot at them as well. I am not a lawyer and these are just my own opinions. Owen smime.p7s Description: S/MIME cryptographic signature
Re: Important New Requirement for IPv4 Requests
Once upon a time, Jo Rhett jrh...@netconsonance.com said: Since virtual web hosting has no technical justification for IP space, I refuse it. SSL and FTP are techincal justifications for an IP per site. -- Chris Adams cmad...@hiwaay.net Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
Re: Important New Requirement for IPv4 Requests [re impacting revenue]
Jo Rhett wrote: Let's translate that: There is no consensus in the community who defines goals and objectives for ARIN to do Something. And there is no consensus because the process and/or community has not been capable of the task. Design-by-committee is a problem we are all familiar with. The resolution is to either A) apply direction from outside the committee, B) wait until things get bad enough that they can achieve consensus (if that is an option), or C) wait for a higher authority to step in (as occurred recently when the DOC gave ICANN direction regarding TLDs). Given a choice I'd take plan A. Direction could come from ARIN directors by way of their advocacy, issuing RFCs, offering financial incentives, and a number of other things to speed the process (of reclaiming unused IPs and of incentivizing the IETF). Taking a hands-off position and waiting for consensus to develop, well, that will just lead to B or C. Do you disagree? Are there other options? Can you tell me how we can hijack the process and subjugate the community to our will? Would the process survive addresses exhaustion? Roger
Re: Important New Requirement for IPv4 Requests
Chris Adams wrote: Once upon a time, Jo Rhett jrh...@netconsonance.com said: Since virtual web hosting has no technical justification for IP space, I refuse it. SSL and FTP are techincal justifications for an IP per site. Right. Also, monthly bandwidth monitoring/shaping/capping are more easily done using one ip per hosted domain, or ftp site, or whatever. Otherwise you are parsing logs or using 3rd party apache modules. It's a convenience which would not be looked at twice, if it were on ipv6. All the more reason to move to ipv6. :-) Ken -- Ken Anderson Pacific Internet - http://www.pacific.net
Re: Important New Requirement for IPv4 Requests
On Apr 21, 2009, at 3:40 PM, Chris Adams wrote: Once upon a time, Jo Rhett jrh...@netconsonance.com said: Since virtual web hosting has no technical justification for IP space, I refuse it. SSL and FTP are techincal justifications for an IP per site. Absolutely. But SEO on pure virtual sites is not ;-) -- Jo Rhett Net Consonance : consonant endings by net philanthropy, open source and other randomness
Re: Important New Requirement for IPv4 Requests
On Apr 21, 2009, at 4:22 PM, Ken A wrote: Chris Adams wrote: Once upon a time, Jo Rhett jrh...@netconsonance.com said: Since virtual web hosting has no technical justification for IP space, I refuse it. SSL and FTP are techincal justifications for an IP per site. Right. Also, monthly bandwidth monitoring/shaping/capping are more easily done using one ip per hosted domain, or ftp site, or whatever. Otherwise you are parsing logs or using 3rd party apache modules. *Shrug* I've been doing IP allocations for 14 years and that's never been mentioned to me. I suspect that anyone with enough traffic to need traffic shaping has dedicated hosts or virtual servers, which get a unique IP each. -- Jo Rhett Net Consonance : consonant endings by net philanthropy, open source and other randomness
Re: Important New Requirement for IPv4 Requests
On Tue, 21 Apr 2009, Jo Rhett wrote: It's a common request we see. We refuse it, and point them to the Google documentation that shows that unique IPs don't help or hurt their SEO standings. Some customers have wised up and when providing IP justification, they don't mention SEO anymore. However, I've seen several requests in the past couple weeks from customers/prospective customers wanting /24's or larger subnets (or they're not buying/canceling service) where the justification provided was something ARIN would probably be ok with, but IMO was completely FoS. It's hard to tell sales no when the customer tells you exactly what they think you want to hear [for IP justification], but your gut tells you this is BS. BTW, I admit I've paid little attention to the legacy vs ARIN members arguments, as I'm not a legacy space holder and my time is largely occupied by more pressing [to me] matters...but why do legacy holders get a free ride? If we look at what happened with domain registration (at least for com|net|org), back in the old days, you sent off an email to hostmas...@internic.net and you got your domain registered. There were no fees. Then Network Solutions took over and domain name registrations cost money. Existing domains were not grandfathered in and either you started paying a yearly fee for your domains or you lost them. Why didn't the same thing happen when Internic/IANA stopped directly handing out IPs and the RIRs took over that function? -- Jon Lewis | I route Senior Network Engineer | therefore you are Atlantic Net| _ http://www.lewis.org/~jlewis/pgp for PGP public key_
Re: Important New Requirement for IPv4 Requests
On Apr 21, 2009, at 4:55 PM, Jon Lewis wrote: Some customers have wised up and when providing IP justification, they don't mention SEO anymore. However, I've seen several requests in the past couple weeks from customers/prospective customers wanting /24's or larger subnets (or they're not buying/canceling service) where the justification provided was something ARIN would probably be ok with, but IMO was completely FoS. It's hard to tell sales no when the customer tells you exactly what they think you want to hear [for IP justification], but your gut tells you this is BS. Then you have an obligation to investigate. It's in the NRPM ;-) For our part, it becomes really easy. When someone submits a request for 200 physical hosts and their profile says they are paying for 40 amps of power... yeah, it's easy to know they are lying ;-) It is a problem because some ISPs don't care and just give away IPs, so customers get annoyed with us when I ask for proper justification. Oh well ;-) -- Jo Rhett Net Consonance : consonant endings by net philanthropy, open source and other randomness
Re: Important New Requirement for IPv4 Requests
On Tue, Apr 21, 2009 at 02:51:11PM -0700, Jo Rhett wrote: On Apr 21, 2009, at 1:58 PM, David Hubbard wrote: Raising the price won't help; there's already a huge amount of wasted address space by web hosts selling IP addresses to customers who need them solely for 'seo purposes' rather It's a common request we see. We refuse it, and point them to the Google documentation that shows that unique IPs don't help or hurt their SEO standings. Then they come back with a request for IPs for SSL certificates, which is a valid technical justification. BTDT. People will find a way to do the stupid thing they want to do. - Matt
Re: Important New Requirement for IPv4 Requests
On Tue, Apr 21, 2009 at 04:41:46PM -0700, Jo Rhett wrote: On Apr 21, 2009, at 4:22 PM, Ken A wrote: Chris Adams wrote: Once upon a time, Jo Rhett jrh...@netconsonance.com said: Since virtual web hosting has no technical justification for IP space, I refuse it. SSL and FTP are techincal justifications for an IP per site. Right. Also, monthly bandwidth monitoring/shaping/capping are more easily done using one ip per hosted domain, or ftp site, or whatever. Otherwise you are parsing logs or using 3rd party apache modules. *Shrug* I've been doing IP allocations for 14 years and that's never been mentioned to me. Oh, you lucky, lucky person. We've got a couple of customers at the day job that constantly come back to us for more IP addresses for bandwidth accounting purposes for their colo machine(s). Attempts at education are like talking to a particularly stupid brick wall. - Matt
Re: Important New Requirement for IPv4 Requests
On Tue, 21 Apr 2009 18:40:30 -0400, Chris Adams cmad...@hiwaay.net wrote: SSL and FTP are techincal justifications for an IP per site. No they aren't. SSL will work just fine as a name-based virtual host with any modern webserver / browser. (Server Name Indication (SNI) [RFC3546, sec 3.1]) FTP? Who uses FTP these days? Certainly not consumers. Even Cisco pushes almost everything via a webserver. (they still have ftp servers, they just don't put much on them these days.)
Re: Important New Requirement for IPv4 Requests
On Tue, 21 Apr 2009 19:22:08 -0400, Ken A k...@pacific.net wrote: Also, monthly bandwidth monitoring/shaping/capping are more easily done using one ip per hosted domain... That's why the infrastructure is virtualized and you monitor at or behind the firewall(s) and/or load balancer(s) -- where it *is* one IP per customer. Sure, it's easier (and cheaper) to be lazy and waste address space than setup a proper hosting network.
Re: Important New Requirement for IPv4 Requests [re impacting revenue]
On 22/04/2009, at 7:25 AM, Jo Rhett wrote: On Apr 21, 2009, at 2:42 PM, Shane Ronan wrote: Mr Curran, given the response you've seen from the group, and in particular the argument that most CEO's or Officers of firms will simply sign off on what they IT staff tells them (as they have little to no understanding of the situation), You really should go ask a CEO if he'd sign off on something that he doesn't understand. Really. I can assure you that your impression is wrong, and most CEOs don't prefer to be standing in court defending their actions. So who's going to have standing to drag them into court over false declarations to ARIN? Will ARIN be suing their members? Not likely. - mark -- Mark Newton Email: new...@internode.com.au (W) Network Engineer Email: new...@atdot.dotat.org (H) Internode Pty Ltd Desk: +61-8-82282999 Network Man - Anagram of Mark Newton Mobile: +61-416-202-223
Re: Important New Requirement for IPv4 Requests
On Tue, Apr 21, 2009 at 08:24:38PM -0400, Ricky Beam wrote: On Tue, 21 Apr 2009 18:40:30 -0400, Chris Adams cmad...@hiwaay.net wrote: SSL and FTP are techincal justifications for an IP per site. No they aren't. SSL will work just fine as a name-based virtual host with any modern webserver / browser. (Server Name Indication (SNI) [RFC3546, sec 3.1]) I encourage my competitors to do this. You only have to get one noisy curmudgeon who can't get to your customer's SSL website because IE 5.0 has worked fine for them for years to make it a completely losing strategy to try deploying this everywhere. Since you can't predict in advance which sites are going to be accessed by said noisy curmudgeon, you don't bother deploying it anywhere, to be on the safe side. FTP? Who uses FTP these days? Certainly not consumers. Even Cisco pushes almost everything via a webserver. (they still have ftp servers, they just don't put much on them these days.) A depressingly large number of people use FTP. Attempts to move them onto something less insane are fruitless. Even when the tools support it (and plenty of web design tools don't appear to do anything other than FTP), we've always done it that way and it works fine and if we have to change something we'll move to another hosting company rather than click a different button in our program. Business imperatives trump technical considerations, once again. And, for the record, we're moving toward IPv6, so we're *trying* to be part of the solution, in our own small way. - Matt
Re: Important New Requirement for IPv4 Requests [re impacting revenue]
You really should go ask a CEO if he'd sign off on something that he doesn't understand. Really. I can assure you that your impression is wrong, and most CEOs don't prefer to be standing in court defending their actions. Actually, being a CTO of a company, I know that my CEO signs things ALL the time based just on my say so. I don't see how signing a document for ARIN would land them in court, further if he were to go to court, he'd simply say that he relied on the opinions of his technical staff since he does not have the experience or expertise to evaluate it's validity. And as history shows, this is an acceptable answer, it happens all the time in the case of financial filings that others produce for the CEO to sign. Burdensome? Really? If you have your documentation together it takes about 15 minutes from beginning of the application form until receiving your new allocation. I spend longer on hold any time I deal with any other vendor. Really, 15 minutes? I applied for a new AS Record recently, presented all the valid documentation, as well as additional documentation in the form of network diagrams, and was asked to explain things that were clearly spelled out in the documents I provided. This entire process took DAYS.
Re: Important New Requirement for IPv4 Requests [re impacting revenue]
Not the annual report, the actual books and records, including details on individual expenses. On Apr 21, 2009, at 2:54 PM, Kevin Loch wrote: Shane Ronan wrote: C) Are ARIN's books open for public inspection? If so, it might be interesting for the group to see where all our money is going, since it's obviously not going to outreach and solution planning. Perhaps it is being spent in a reasonable manner, and the fees are where they need to be to sustain the organizations reasonable operations, but perhaps not. A quick search of the website found this: https://www.arin.net/about_us/corp_docs/annual_rprt.html - Kevin
Re: Important New Requirement for IPv4 Requests
Once upon a time, Ricky Beam jfb...@gmail.com said: On Tue, 21 Apr 2009 18:40:30 -0400, Chris Adams cmad...@hiwaay.net wrote: SSL and FTP are techincal justifications for an IP per site. No they aren't. SSL will work just fine as a name-based virtual host with any modern webserver / browser. (Server Name Indication (SNI) [RFC3546, sec 3.1]) What is your definition of modern? According to Wikipedia http://en.wikipedia.org/wiki/Server_Name_Indication: Unsupported Operating Systems and Browsers The following combinations do not support SNI. * Windows XP and Internet Explorer 6 or 7 * Konqueror/KDE in any version * Apache with mod_ssl: there is a patch under review by httpd team for inclusion in future releases, after 2.2.11. See doco at [1] * Microsoft Internet Information Server IIS (As of 2007). Seeing as WinXP/IE is still the most common combination, SNI is a long time away from being useful. -- Chris Adams cmad...@hiwaay.net Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
Re: Important New Requirement for IPv4 Requests [re impacting revenue]
On Apr 21, 2009, at 3:19 PM, Owen DeLong wrote: Well... ARIN is structured with a bottom-up community driven policy process. That has served us well for many years, and, I think that changing it would be a mistake. However, in this case, that means that the following people are specifically excluded from proposing policy: The BoT (other than via the emergency process) ARIN Staff Policy proposals must come from the community. Either at large, or, from the ARIN AC which is an elected subgroup of the community tasked with developing good policy for ARIN. The AC itself depends largely on community input for what kind of policy the community wants us to develop, and, at the end of the day, community consensus is required in order for a proposal to become policy. It's served us so well that we are running out of IP space and no effective way to migrate to the already existing replacement solution. The argument that it's always been that way, just doesn't cut it. It's the same with all these issues. If ARIN were to hire someone whose job it was to avangelize a workable solution, I am sure you would see individuals willing to come forth and support it and create a consensus. And FYI, there is nothing saying that consensus is required for a proposal to become policy, look at the US government, they make policy every day without consensus. If the situation is as bad as it's being made out to be, then ARIN MUST act in the best interest of the community as a whole. B) Again, while it might be the IETF's job, shouldn't the group trusted with the management of the IP space at least have a public opinion about these solutions are designed. Ensuring that they are designed is such a way to guarantee maximum adoption of v6 and thus reducing the potential for depletion of v4 space. The IETF specifically does not accept organizational input and requires instead that individuals participate. This is one of the great strengths, and, also one of the great weaknesses of the IETF. However, it means that even if ARIN could develop a public opinion (which would have to come from the ARIN community by some process which we don't really have as yet), this opinion wouldn't mean much in the IETF's eyes. Again, if ARIN were to put out a best practices guide, and promote it as a way to push forward IPv6. Instead they are saying not my problem and the guys who are working on it, won't let us play with them C) Are ARIN's books open for public inspection? If so, it might be interesting for the group to see where all our money is going, since it's obviously not going to outreach and solution planning. Perhaps it is being spent in a reasonable manner, and the fees are where they need to be to sustain the organizations reasonable operations, but perhaps not. I will leave this to the BoT to answer, but, I know that the treasurer presents a report at every members meeting which provides at least some high level details. I believe that as a non-profit corporation, a great deal of openness is required for accountability to ARIN members. Why is travel such a large percentage of their expenses? If people want to be on the board, they should pay for their own travel to the meetings. This is a Not For Profit, not a corporation, big difference. Mr Curran, given the response you've seen from the group, and in particular the argument that most CEO's or Officers of firms will simply sign off on what they IT staff tells them (as they have little to no understanding of the situation), can you explain what exactly you are hoping to achieve by heaping on yet an additional requirement to the already over burdensome process of receiving an IPv4 allocation? I can't say what Mr. Curran expects, but, here's how I see it: 1. If an officer of the organization signs off, then, that means that both the organization and the officer personally can be held accountable for any fraud that is later uncovered. If the officer is an idiot, perhaps he'll just sign, but, most officers I have experience with don't do that. They usually engage in some level of verification before signing such a statement. How do you figure, under what law is this enforceable? Most Officers will simply say to the person asking them to sign it Is this true and when they say yes, he'll sign it. The CEO of most corporation does not have the time, experience or expertise to determine if his firm truly needs additional IP Space. 2. Organizations which are submitting fraudulent requests may be less willing to do that when someone has to make a signed attestation under penalty of perjury. Especially when that person has fiduciary liability to the organization as an officer. Again, what law are they violating? How is this considered perjury? 3. There are lots of things people will do if they don't think there
Re: Important New Requirement for IPv4 Requests
On Tue, Apr 21, 2009 at 08:24:38PM -0400, Ricky Beam wrote: On Tue, 21 Apr 2009 18:40:30 -0400, Chris Adams cmad...@hiwaay.net wrote: SSL and FTP are techincal justifications for an IP per site. No they aren't. SSL will work just fine as a name-based virtual host with any modern webserver / browser. (Server Name Indication (SNI) [RFC3546, sec 3.1]) FTP? Who uses FTP these days? Certainly not consumers. Even Cisco pushes almost everything via a webserver. (they still have ftp servers, they just don't put much on them these days.) well, pretty much anyone who has large datasets to move around. that default 64k buffer in the openssl libs pretty much sucks rocks for large data flows. --bill
Re: Important New Requirement for IPv4 Requests
On Tue, 21 Apr 2009 20:57:31 -0400, Matthew Palmer mpal...@hezmatt.org wrote: FTP? Who uses FTP these days? ... A depressingly large number of people use FTP. Attempts to move them onto something less insane are fruitless. Even when the tools support it (and plenty of web design tools don't appear to do anything other than FTP), we've always done it that way and it works fine and if we have to change something we'll move to another hosting company rather than click a different button in our program. On Tue, 21 Apr 2009 21:07:08 -0400, Daniel Senie d...@senie.com wrote: You are out of touch. FTP is used by nearly EVERY web hosting provider for updates of web sites. Anonymous FTP is not used. These are not random, anonymous ftp connections. These are people who login with a username and password, and are therefore, identifiable; and even then, it's for access to manage their own site. A single IP address pointing to a single server (or farm of servers) will, and DOES, work just fine. I know, because I've done it for ~15 years. When I ask who, I'm asking about a paid for, external service -- just like web hosting. No one calls up 1-800-Host-My-Crap and asks for an FTP server. Bottom line... if your justification for a /19 is FTP servers, you are fully justified in laughing at them as you hang up the phone.
Re: Important New Requirement for IPv4 Requests
On Mon, Apr 20, 2009 at 6:39 PM, Joe Greco jgr...@ns.sol.net wrote: So now they're going to require an attestation. Which means that they are going to require an officer to attest to the validity of the information. So the officer, most likely not being a technical person, is going to contact ... probably the same people who made the request, ask them if they need the space. Right? And why would the answer be any different, now? ... JG -- Easier to take back resources if an officer of the company lied regarding their usage/need, no? Just a thought, although I am by no means an expert in the field of contract law. -brandon -- Brandon Galbraith Voice: 630.400.6992
Re: Important New Requirement for IPv4 Requests
Joe Greco wrote: Forwarded message: Subject: Important New Requirement for IPv4 Requests From: ARIN Registration Services do-not-re...@arin.net Hello, With the approaching depletion of the IPv4 address free pool, the ARIN Board of Trustees has directed ARIN staff to take additional steps to ensure the legitimacy of all IPv4 address space requests. Beginning 18 May 2009, ARIN will require that all applications for IPv4 address space include an attestation of accuracy from an officer of the organization. For more information on this requirement, please see: https://www.arin.net/resources/agreements/officer_attest.html Whenever a request for IPv4 resources is received, ARIN will ask in its initial reply for the name and contact information of an officer of the organization who will be able to attest to the validity of the information provided to ARIN. At the point a request is ready to be approved, ARIN will send a summary of the request (via e-mail) to the officer with a cc: to the requesting POC (Tech or Admin) and ask the officer to attest to the validity of the information provided to ARIN. The summary will provide a brief overview of the request and an explanation of the required attestation. ARIN will include the original request template and any other relevant information the requestor provided. Once ARIN receives the attestation from the officer, the request can be approved. Attestation may also be provided via fax or postal mail. For further assistance, contact ARIN's Registration Services Help Desk via e-mail to hostmas...@arin.net or telephone at +1.703.227.0660. Let me see if I can understand this. We're running out of IPv4 space. Knowing that blatant lying about IP space justifications has been an ongoing game in the community, ARIN has decided to do something about it. So now they're going to require an attestation. Which means that they are going to require an officer to attest to the validity of the information. So the officer, most likely not being a technical person, is going to contact ... probably the same people who made the request, ask them if they need the space. Right? And why would the answer be any different, now? ... JG So I wonder if this applies to some of the players who have recently gotten a /19 for dubious purposes and are so large that an officer of the company may be 1500 miles away. It's a sad state of affairs. Are they going to hold the officer liable if the request is not legit? Manny
Re: Important New Requirement for IPv4 Requests
On Apr 20, 2009, at 7:39 PM, Joe Greco wrote: We're running out of IPv4 space. Knowing that blatant lying about IP space justifications has been an ongoing game in the community, ARIN has decided to do something about it. So now they're going to require an attestation. Which means that they are going to require an officer to attest to the validity of the information. So the officer, most likely not being a technical person, is going to contact ... probably the same people who made the request, ask them if they need the space. Right? And why would the answer be any different, now? Just a thought: A technical person might be very happy to lie to a toothless organization that holds no real sway over him or her, won't revoke the address space once granted, and for whom the benefit of lots of address space in which to play exceeds any potential pain from being caught, er, exaggerating their need for address space. That same technical person might be less inclined to lie to a director of their company who asks: Are you asking me to attest, publicly and perhaps legally, that this information is correct? If you're wrong and you make an ass of me, it's going to be yours that goes out the door. Seems like a reasonable experiment to try, at least. -Dave PGP.sig Description: This is a digitally signed message part
Re: Important New Requirement for IPv4 Requests
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Apr 20, 2009, at 9:04 PM, David Andersen wrote: Just a thought: A technical person might be very happy to lie to a toothless organization that holds no real sway over him or her, won't revoke the address space once granted, and for whom the benefit of lots of address space in which to play exceeds any potential pain from being caught, er, exaggerating their need for address space. That same technical person might be less inclined to lie to a director of their company who asks: Are you asking me to attest, publicly and perhaps legally, that this information is correct? If you're wrong and you make an ass of me, it's going to be yours that goes out the door. Seems like a reasonable experiment to try, at least. I agree there is no harm in the idea but as I was reading the announcement this morning I couldn't help but think Too little, too late. Chris - -- Chris Owen - Garden City (620) 275-1900 - Lottery (noun): President - Wichita (316) 858-3000 -A stupidity tax Hubris Communications Inc www.hubris.net - -- -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (Darwin) Comment: Public Key: http://home.hubris.net/owenc/pgpkey.txt Comment: Public Key ID: 0xB513D9DD iEYEARECAAYFAkntKl0ACgkQElUlCLUT2d0engCgk3EJW7uu0j9p0ArLjRmZHseP cLMAnRqYov8CwxkF1E1pxP4zktUhA+HS =i5o1 -END PGP SIGNATURE-
Re: Important New Requirement for IPv4 Requests
I don't believe I saw anywhere that these attestations were being made under penalty of perjury or any other method of civil punishment. Do they have to notarized? What are the real benefits here, other then putting more people to work at ARIN and increase the workload of those who really do need new IP space. Shane Ronan On Apr 20, 2009, at 7:04 PM, David Andersen wrote: Are you asking me to attest, publicly and perhaps legally, that this information is correct?
RE: Important New Requirement for IPv4 Requests
I think this needlessly involves people who probably don't have a clue in an area we may not really want them involved in. I can hear the conversation now: Officer: Why do I have to sign this thing? Tech: Well your graciousness. We are coming to the end of the available address space and the gods at ARIN want to make you aware of that so you might approve that request I made for new equipment to deploy IPv6 with. Officer: Huh? Do we need it? Tech: Yes, we need the address space. Officer: And they're running out? Tech: Well out of the v4 space which is what we use now but we can move to v6 space and... Officer: Hell, request 10x as much space! I'll sign anything as long as we don't run out and have to spend money! For me, I request all the allocations and I'm also an officer of the company so I'll just attest to my own stuff but I can see this would be a nightmare in a larger company. There was also an e-mail about outreach to the CEOs of all the companies with resources. At my company the CEO will hand it to me without even opening it. I assume that in many larger companies it might get glanced at by the CEO or CEOs secretary before it gets shredded. While I completely understand the reasons behind both initiatives I don't think they'll have the desired effect. Aaron -Original Message- From: Matthew Moyle-Croft [mailto:m...@internode.com.au] Sent: Monday, April 20, 2009 9:56 PM To: Joe Greco Cc: nanog@nanog.org Subject: Re: Important New Requirement for IPv4 Requests ARIN should ask companies to demonstrate: - demonstration of routing of an IPv6 range/using IPv6 address space - demonstration of services being offered over IPv6 - a plan to migrate customers to IPv6 - automatic allocation of IPv6 range instead of IPv4 for those who can't do so. ie. No more IPv4 for you until you've shown IPv6 clue. Then people can't just get away with driving into the brick wall of IPv4-allocation fail. (Not sure if I'm serious about this suggestion, but it's there now). MMC On 21/04/2009, at 9:09 AM, Joe Greco wrote: Let me see if I can understand this. We're running out of IPv4 space. Knowing that blatant lying about IP space justifications has been an ongoing game in the community, ARIN has decided to do something about it. So now they're going to require an attestation. Which means that they are going to require an officer to attest to the validity of the information. So the officer, most likely not being a technical person, is going to contact ... probably the same people who made the request, ask them if they need the space. Right? And why would the answer be any different, now? ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again. - Direct Marketing Ass'n position on e- mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples. -- Matthew Moyle-Croft Networks, Internode/Agile Level 5, 162 Grenfell Street, Adelaide, SA 5000 Australia Email: m...@internode.com.auWeb: http://www.on.net Direct: +61-8-8228-2909 Mobile: +61-419-900-366 Reception: +61-8-8228-2999Fax: +61-8-8235-6909
Re: Important New Requirement for IPv4 Requests
On Apr 20, 2009, at 4:39 PM, Joe Greco wrote: So the officer, most likely not being a technical person, is going to contact ... probably the same people who made the request, ask them if they need the space. Right? And why would the answer be any different, now? This is exactly identical to having the CEO signed the quarterly statements. You are saying this is Right. The CEO couldn't do that accounting him/herself -- but they're going to ask more questions and be more cautious before putting their name on it. I applaud this idea. I wish we had done it 10 years ago, but it's not too late to start. Before late than never. -- Jo Rhett Net Consonance : consonant endings by net philanthropy, open source and other randomness
Re: Important New Requirement for IPv4 Requests
Same reason urgent action networks work for amnesty International. Because when someone thinks other people are watching, truth is revealed. Kind Regards, Carl On Mon, Apr 20, 2009 at 7:39 PM, Joe Greco jgr...@ns.sol.net wrote: Forwarded message: Subject: Important New Requirement for IPv4 Requests From: ARIN Registration Services do-not-re...@arin.net Hello, With the approaching depletion of the IPv4 address free pool, the ARIN Board of Trustees has directed ARIN staff to take additional steps to ensure the legitimacy of all IPv4 address space requests. Beginning 18 May 2009, ARIN will require that all applications for IPv4 address space include an attestation of accuracy from an officer of the organization. For more information on this requirement, please see: https://www.arin.net/resources/agreements/officer_attest.html Whenever a request for IPv4 resources is received, ARIN will ask in its initial reply for the name and contact information of an officer of the organization who will be able to attest to the validity of the information provided to ARIN. At the point a request is ready to be approved, ARIN will send a summary of the request (via e-mail) to the officer with a cc: to the requesting POC (Tech or Admin) and ask the officer to attest to the validity of the information provided to ARIN. The summary will provide a brief overview of the request and an explanation of the required attestation. ARIN will include the original request template and any other relevant information the requestor provided. Once ARIN receives the attestation from the officer, the request can be approved. Attestation may also be provided via fax or postal mail. For further assistance, contact ARIN's Registration Services Help Desk via e-mail to hostmas...@arin.net or telephone at +1.703.227.0660. Let me see if I can understand this. We're running out of IPv4 space. Knowing that blatant lying about IP space justifications has been an ongoing game in the community, ARIN has decided to do something about it. So now they're going to require an attestation. Which means that they are going to require an officer to attest to the validity of the information. So the officer, most likely not being a technical person, is going to contact ... probably the same people who made the request, ask them if they need the space. Right? And why would the answer be any different, now? ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again. - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.