This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/address-policy-wg@ripe.net/
[address-policy-wg] RIPE Access Policy Change Request to allow allocations to critical infrastructure
- Previous message (by thread): [address-policy-wg] RIPE Access Policy Change Request to allow allocations to critical infrastructure
- Next message (by thread): [address-policy-wg] RIPE Access Policy Change Request to allow allocations to critical infrastructure
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Gert Doering
gert at space.net
Wed Jan 7 20:40:17 CET 2004
Hi, On Wed, Jan 07, 2004 at 05:15:54PM +0000, Michael.Dillon at radianz.com wrote: > >On Wed, Jan 07, 2004 at 04:15:11PM +0100, Andreas Bäß/Denic wrote: > >> Request For An IPv4/IPv6 Policy Allowing Assignments > >> For Network Critical Infrastructure > >I strictly oppose anything that has "Assignments For Network Critical > >Infrastructure" in its title. > > I think you are wrong here. I could certainly be wrong, but I'm still opposing it, and I've mentioned good reasons why "critical infrastructure" is not a very useful phrase regarding the decision "who is important enough to gain a special case". > The important part of this proposal is > the critical infrastructure. Anycast is a technical solution and > it can be used for unimportant things as well. Sure, but you'd need a dedicated and routeable prefix for *any* sort of anycast. While there *is no* critical infrastructure (besides the root DNS servers) that's "definitely more critical than everything else that's really so very important". > >NB: the other 3 RIR's "critical infrastructure" policies are just broken > >by design - what's special about ARIN's or ICANN's network, as opposed to > >the network that runs google.com? I'd say Google is much more critical > >to the average network user... > > DNS services are critical infrastructure, especially top level domain > services. DNS services are critical infrastructure, but nothing about DNS services (except the root) needs special network allocation policies. ccTLD/gTLD DNS service works very well using provider aggregateable address space. Changing glue in the root zone is heard to be needlessly difficult, but that's not something thats ideally solved by changing the address allocation policies (to avoid having to change glue records at all). > You might argue that it would be better for all top level domains to pool > their resources and share the same anycast architecture and I would > probably agree with you. But I believe that the .de DNS service is far more > important > than Google's search engine because if the .de service is unavailable then > no-one will be able to resolve google.de so the search engine will become > unreachable. I don't buy that. DENIC has many name servers, spread all over Europe (and further maybe), already now, without changing IP address policy. Whatever happens to one of those servers doesn't affect my capability to resolve "google.de" (and besides, there's google.com as well :) ). If the master zone file is corrupted, google.de is dead indeed - but no matter what you do to address allocation is going to fix *that*. The point here is "they need more servers and the DNS protocol is too restricted to permit more servers with distinct names" -> so the whole issue is *anycast*. Inventing an address policy that permits everyone who is specially important to get "their special address block" will, in itself, do *nothing* to increase ccTLD reliability. Adding anycast will do. [..] > Suggestion... RIPE will allocate /24 blocks from the IPv4 address > range that was once called "Class C" address space > for use by services that are part of the Internet's > critical infrastructure. These blocks are for services > that will exist for the forseeable future, are used > freely by many organizations, and are likely to outlive > the lifetime of the organization currently operating the > service. That's not helpful, as it centers around "critical infrastructure". How is the RIPE NCC supposed to evaluate how "criticial" something is? .de reachability is mostly meaningless for the majority of the Internet users (as are all other ccTLDs). Gert Doering -- NetMaster -- Total number of prefixes smaller than registry allocations: 57882 (57753) SpaceNet AG Mail: netmaster at Space.Net Joseph-Dollinger-Bogen 14 Tel : +49-89-32356-0 80807 Muenchen Fax : +49-89-32356-299
- Previous message (by thread): [address-policy-wg] RIPE Access Policy Change Request to allow allocations to critical infrastructure
- Next message (by thread): [address-policy-wg] RIPE Access Policy Change Request to allow allocations to critical infrastructure
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]