-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi all,
I have reviewed this proposal and at this time do not support this. I am netural on the main issue of designating 1.2.3.0/24 as an 'special purpose anycast' block. I have issues with the RPKI portion. It creates additional burden on APNIC to support non-member entities, which I do not support. As a fee paying member, this whole idea of supporting the 46K ASNs currently visible on the Internet doesn't scale and I'd find it a waste of fee paying member resources. - -gaurab > > ------------------------------------------------------------------------ > > prop-110v001: Designate 1.2.3.0/24 <http://1.2.3.0/24> as Anycast to > support DNS Infrastructure > ------------------------------------------------------------------------ > > > > Proposers: Dean Pemberton, d...@internetnz.net.nz > <mailto:d...@internetnz.net.nz> Geoff Huston, g...@apnic.net > <mailto:g...@apnic.net> > > > 1. Problem statement -------------------- > > Network 1 (1.0.0.0/8 <http://1.0.0.0/8>) was allocated to APNIC by > the IANA on 19 January 2010. In line with standard practice APNIC's > Resource Quality Assurance activities determined that 95% of the > address space would be suitable for delegation as it was found to > be relatively free of unwanted traffic [1]. > > Testing, conducted by APNIC R&D found that certain blocks within > Network 1 attract significant amounts of unwanted traffic, > primarily due to its unauthorised use as private address space > [2]. > > Analysis revealed that, prior to any delegations being made from > the block, 1.0.0.0/8 <http://1.0.0.0/8> attracted an average of > 140Mbps - 160Mbps of unsolicited incoming traffic as a continuous > sustained traffic level, with peak bursts of over 800Mbps. > > The analysis highlighted individual addresses such as 1.2.3.4 with > its covering /24 (identified as 1.2.3.0/24 <http://1.2.3.0/24>) > remain in APNIC quarantine and it is believed they will not be > suitable for normal address distribution. > > The proposal proposes the use of 1.2.3.0/24 <http://1.2.3.0/24> in > a context of locally scoped infrastructure support for DNS > resolvers. > > 2. Objective of policy change ----------------------------- > > As the addresses attract extremely high levels of unsolicited > incoming traffic, the block has been withheld from allocation and > periodically checked to determine if the incoming traffic profile > has altered. None has been observed to date. After four years, it > now seems unlikely there will ever be any change in the incoming > traffic profile. > > The objective of this proposal is to permit the use 1.2.3.0/24 > <http://1.2.3.0/24> as a anycast addresses to be used in context of > scoped routing to support the deployment of DNS resolvers. It is > noted that as long as providers who use this address use basic > route scope limitations, the side effect of large volumes of > unsolicited incoming traffic would be, to some extent mitigated > down to manageable levels. > > > 3. Situation in other regions ----------------------------- > > Improper use of this address space is a globally common issue. > However the block is delegated only APNIC and so therefor, no other > RIR has equivalent policy to deal with the situation. > > > 4. Proposed policy solution --------------------------- > > This proposal recommends that the APNIC community agree to assign > 1.2.3.0/24 <http://1.2.3.0/24> to the APNIC Secretariat, to be > managed as a common anycast address to support DNS infrastructure > deployment > > Any party who applies to APNIC to use this address block on a > non-exclusive basis to number their DNS resolver will receive a > Signed Letter of Authority to permit their Autonomous System to > originate a route for 1.2.3.0/24 <http://1.2.3.0/24>, and APNIC > will also publish a RPKI ROA designating the AS as being permitted > to originate a route. This ROA shall be valid until APNIC is > advised otherwise by the AS holder. > > 5. Advantages / Disadvantages ----------------------------- > > Advantages > > - It will make use of this otherwise unusable address space. - DNS > operators will have an easy-to-remember address they can use to > communicate with their users (e.g. configure "1.2.3.4" as your DNS > resolver") > > > Disadvantages > > - The address attracts a large volume of unsolicited incoming > traffic, and leakage of an anycast advertisement outside of a > limited local scope may impact on the integrity of the DNS service > located at the point associated with the scope leakage. Some > operators with high capacity infrastructure may see this as a > negligible issue. > > 6. Impact on APNIC ------------------ > > Although this space will no longer be available for use by a > single APNIC/NIR account holder, the proposal would result in > benefit for all APNIC community members, as well as the communities > in other regions. > > There is the need to set up an administrative process in the > reception of applications to use the address block, and in the > maintenance of a set of ROAs associated with these applications > > > References ---------- > > [1] Resource Quality Good for Most of IPv4 Network “1” > http://www.apnic.net/publications/press/releases/2010/network-1.pdf > > [2] Traffic in Network 1.0.0.0/8 <http://1.0.0.0/8> > http://www.potaroo.net/ispcol/2010-03/net1.html > > > > > * sig-policy: APNIC SIG on resource management policy > * _______________________________________________ sig-policy > mailing list sig-policy@lists.apnic.net > http://mailman.apnic.net/mailman/listinfo/sig-policy > - -- http://www.gaurab.org.np/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlLsPegACgkQSo7fU26F3X3smQCgqTQrl/sJwTn73azgB0qBQWWE reAAoLX9+bcPpO/SIWWpdDM818VPeNDI =Ziz/ -----END PGP SIGNATURE----- * sig-policy: APNIC SIG on resource management policy * _______________________________________________ sig-policy mailing list sig-policy@lists.apnic.net http://mailman.apnic.net/mailman/listinfo/sig-policy
