Skip to main content

Assignment Clarification in IPv6 Policy

This policy proposal has been withdrawn

You're looking at an older version: 1

The current (published) version is 2
2018-02
State:
Withdrawn
Publication date
Affects
Draft document
Draft
Author
Proposal Version
2.0 - 21 Aug 2018
All Versions
Withdrawn
12 Mar 2019
Working Group
Address Policy Working Group
Proposal type
  • Modify
Policy term
Permanent

Summary of Proposal:

This proposal aims to clarify the definition of “Assign” in RIPE-699 (section 2.6).

The proposal solves the inconsistencies raised during community discussions on the policy proposal 2016-04, “IPv6 Sub-Assignment Clarification” where the RIPE NCC’s understanding, as explained in the impact analysis, didn’t match with the current policy text.

The policy text says “Providing another entity with separate addresses (not prefixes)”, while the impact analysis said “as long as the subnet size does not exceed a /64”.

In addition to cases where a /64 is used for a point-to-point link, VPNs and similar, where typically a single address is used on the “customer side” (in addition to the one used at the LIR side), the IETF has recently approved the use of a unique /64 prefix per interface/host (RFC 8273) instead of a unique address. This, for example, allows users to connect to a hotspot, receive a /64 such that they are “isolated” from other users (for reasons of security, regulatory requirements, etc.) and they can also use multiple virtual machines on their devices with a unique address for each one (within the same /64).

We need to understand that the concept of BYOD (Bring Your Own Device), even in enterprise networks, universities, etc., doesn't limit the number of addresses that a single device may decide to use. In fact, previous standards already allow this because a single device can get an IPv6 address by means of SLAAC, another with DHCPv6, and one more using privacy addresses. The actual policy text will not allow this, while the RIPE NCC’s understanding seems to support it.

Current Policy Text:

2.6. Assign

To “assign” means to delegate address space to an ISP or End User for specific use within the Internet infrastructure they operate. Assignments must only be made for specific purposes documented by specific organisations and are not to be sub-assigned to other parties.

Providing another entity with separate addresses (not prefixes) from a subnet used on a link operated by the assignment holder is not considered a sub-assignment. This includes for example letting visitors connect to the assignment holder's network, connecting a server or appliance to an assignment holder's network and setting up point-to-point links with 3rd parties.

New Policy text:

2.6. Assign

To “assign” means to delegate address space to an ISP or End User for specific use within the Internet infrastructure they operate. Assignments must only be made for specific purposes documented by specific organisations and are not to be sub-assigned to other parties.

The fact that a unique address or even a unique /64 prefix is non-permanently provided to third parties, on a link operated by the original receiver of the assignment, shall not be considered a sub-assignment. This includes, for example, guests or employees (devices or servers), hotspots, and point-to-point links or VPNs.

The provision of addressing for permanent connectivity or broadband services is still considered a sub-assignment. Only the addressing of the point-to-point link itself can be permanent and that addressing can't be used (neither directly or indirectly) for the actual communication.

Rationale:

a. Arguments Supporting the Proposal

This proposal will avoid the above-mentioned discrepancies and simplify RIPE NCC clarifications and avoid misunderstandings. 

b. Arguments Opposing the Proposal

None foreseen beyond the impact analysis of 2016-04.