Assignment Clarification in IPv6 Policy
- State:
- Withdrawn
- Publication date
- Affects
- Draft document
- Draft
- Author
- Proposal Version
- 2.0 - 21 Aug 2018
- All Versions
-
- Withdrawn
- 12 Mar 2019
- Working Group
- Address Policy Working Group
- Proposal type
-
- Modify
- Policy term
- Permanent
Summary of Proposal:
This proposal aims to clarify the definition of "Assign" in RIPE-707 (section 2.6).
The proposal solves the inconsistencies raised during community discussions on the policy proposal 2016-04, “IPv6 Sub-Assignment Clarification” where the RIPE NCC’s understanding, as explained in the impact analysis, didn’t match with the current policy text.
The policy text says “Providing another entity with separate addresses (not prefixes)”, while the impact analysis said “as long as the subnet size does not exceed a /64”.
In addition to cases where a /64 is used for a point-to-point link, VPNs and similar, where typically a single address is used on the “customer side” (in addition to the one used at the LIR side), the IETF has recently approved the use of a unique /64 prefix per interface/host (RFC 8273) instead of a unique address. This, for example, allows users to connect to a hotspot, receive a /64 such that they are “isolated” from other users (for reasons of security, regulatory requirements, etc.) and they can also use multiple virtual machines on their devices with a unique address for each one (within the same /64).
Another case involves a third party contracted by the End User to provide services in their network that require the deployment of other devices, servers, network equipment, etc. For example, a security surveillance system may involve the contractor providing their own cameras, recording system, even their own firewall and/or router for a dedicated VPN. In many cases, this surveillance system would need to use the addressing space of the End User.
We need to understand that the concept of BYOD (Bring Your Own Device), even in enterprise networks, universities, etc., doesn't limit the number of addresses that a single device may decide to use. In fact, previous standards already allow this because a single device can get an IPv6 address by means of SLAAC, another with DHCPv6, and one more using privacy addresses. The actual policy text will not allow this, while the RIPE NCC’s understanding seems to support it.
Current Policy Text:
2.6. Assign
To “assign” means to delegate address space to an ISP or End User for specific use within the Internet infrastructure they operate. Assignments must only be made for specific purposes documented by specific organisations and are not to be sub-assigned to other parties.
Providing another entity with separate addresses (not prefixes) from a subnet used on a link operated by the assignment holder is not considered a sub-assignment. This includes for example letting visitors connect to the assignment holder's network, connecting a server or appliance to an assignment holder's network and setting up point-to-point links with 3rd parties.
New Policy text:
2.6. Assign
To “assign” means to delegate address space to an ISP or End User for specific use within the Internet infrastructure they operate. Assignments must only be made for specific purposes documented by specific organisations and are not to be sub-assigned to other parties.
Providing addressing space to third party devices including addresses for point-to-point links and/or non-permanently providing addressing space to third parties, for use on a network managed and operated by the assignment holder, shall not be considered a sub-assignment.
The provision of addressing space for permanent or semi-permanent connectivity, such as broadband services, is still considered a sub-assignment and is prohibited under this policy.
Rationale:
a. Arguments Supporting the Proposal
This proposal will avoid the above-mentioned discrepancies and simplify RIPE NCC clarifications and avoid misunderstandings.
b. Arguments Opposing the Proposal
None foreseen beyond the impact analysis of 2016-04.