This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[address-policy-wg] proposal to remove IPv6 PI
- Previous message (by thread): [address-policy-wg] proposal to remove IPv6 PI
- Next message (by thread): [address-policy-wg] proposal to remove IPv6 PI
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
JORDI PALET MARTINEZ
jordi.palet at consulintel.es
Wed May 16 19:37:05 CEST 2018
Responding below, in-line. Regards, Jordi -----Mensaje original----- De: address-policy-wg <address-policy-wg-bounces at ripe.net> en nombre de Martin Huněk <hunekm at gmail.com> Fecha: miércoles, 16 de mayo de 2018, 18:29 Para: <address-policy-wg at ripe.net>, JORDI PALET MARTINEZ <jordi.palet at consulintel.es> Asunto: Re: [address-policy-wg] proposal to remove IPv6 PI in-line Regards, Martin Dne středa 16. května 2018 17:45:01 CEST, JORDI PALET MARTINEZ via address-policy-wg napsal(a): > Below, in-line. > > Regards, > Jordi > > > > -----Mensaje original----- > De: address-policy-wg <address-policy-wg-bounces at ripe.net> en nombre de Martin Huněk <hunekm at gmail.com> > Fecha: miércoles, 16 de mayo de 2018, 17:28 > Para: <address-policy-wg at ripe.net>, JORDI PALET MARTINEZ <jordi.palet at consulintel.es> > Asunto: Re: [address-policy-wg] proposal to remove IPv6 PI > >> Hi Jordi, > >> As I understand it, the PA is only for a LIR and PI is also for sponsored organization. Also the PI is solely for the end user infrastructure and and PA can be further allocated or assigned. > > This is our actual definition. We can change it whenever we want. What I'm asking is what is the *real* distinction among them. Forget for a minute in contracts, fee structure and so on. There is no need to call the same with different names if we don't want. I'm calling here for simplicity. Once we remove the sub-assignment obstacle, there is not anymore a difference. Discussion should be about, if we want to / should remove such *obstacle*. I would personally prefer that policy about PI space would stay the same. Just RIPE NCC should be more investigative and restrictive when assigning those. Being Internet policy is very difficult. If we have ways to avoid that, is an easier way to achieve the same. Policies are for a fair distribution of the resources, to make that distribution simpler, not to have complex policies and then being unable to track how well anyone is behaving with them. >> I'm not competent enough to tell if it is better to have the same contract with members and non-members, maybe someone from RIPE NCC can answer that. > >> I think that they should be isolated because they should be used for different things. PA for networks with single upstream - they should receive ALLOCATED-BY-LIR from LIR's PA. PI for customers with the second upstream. On the other hand we all know that PI is used as small PA, without editing RIPE DB, of course. > > There is not anymore an obligation, for many years, to have multihoming. So, no difference here. Sure it is not an obligation, it is just my understanding what is meant by current policy or what it should mean. >> By removing PI, you would had to allow non-members to receive PA or you would had to force every current PI holder to became LIR. I know that most of the new members are in RIPE just for IPv4, but in the distant IPv6 only future, what would be the result of such change? What would be the reason to be a member in such future? > > Yes, that's the idea, please see my slides. PI holders will need to become members, maybe the fee will get an increase (something on the line of a small one-time setup fee and later on a proportion of the cost of a /32 if you are getting only a /48, etc., but this is for the membership to decide). What we all win with that is a fairer cost distribution and also an easier way to make sure that the rules are followed and nobody tricks the rules using a PI as PA. Specially for the NCC is much simpler. Easy as a flat rate for every LIR. Actually this is the main problem problem for me. LIR should by the name work as local internet registry. This has been broken for IPv4 by IPv4 shortage. Not everyone should be forced to be a RIPE NCC member. I'm perfectly fine with 50 EUR fee for every /48 for those. Such organization which needs PI have no plans for assigning Is easier, but it is fair? addresses to third parties, so why they should be LIR when they don't plan to act as one? The problem is that once we accepted 2016-04, that got broken. End-users being assigned a /48 are using that now to sub-assign addresses to other end-users (employees, students, users of a hot-spot, etc.). This would make IPv6 addresses less accessible. It is like LIR saying: "Do you want to have your own addresses or more then I gave you? Go to the RIPE NCC and pay them 1400 EUR/y! No matter what you do...". Those PI users would either loose protection of their own space or they would had to pay 28x more per year plus 2000 EUR sign up fee. What would do company outside of the internet business? They would not implement IPv6, that is easy! :-) As said before, this is fixed in combination with the fee structure decision by the AGM. So *no*, on the contrary, will be fairer. I think probably a 50 Euros cost for a /48 is really too low, and may be a /32 will become cheaper, and of course, a /20 more expensive. There are many possible models for that, but it can be perfectly managed to avoid anyone having a requirement from a /48 to not being able to afford it. >> In my opinion PI should still be here, but only for a special cases, non-ISP non-LIR organizations. So if there will be any use of PI space by ISP for its clients, it should be immediately reclaimed by RIPE NCC. Also LIR should not be entitled to claim PI for itself. But this is just my point of view. > > So then, again, let's roll back 2016-04, because is non-sense that somebody instead of using the addressing space for their own organization as end-user, is using it for a hotspot or datacenter. 2016-04 is not the problem, it doesn't say that you can use PI as PA. It just allows you to use your PI range on your premise and give access to such network to the third party. It does not allow you to give whole range to CPE. It allows sub-assigments, which was not the intent of the original IPv6 PI, at all. > I'm more and more convinced as we exchange emails on this, that either we clarify very well what is a sub-assignment (and if you follow the last couple of emails on that discussion you will see how difficult may be to clarify that with a "short" text), or we just put all in the same "class" of addressing space. Actually I don't think so. I still thinks that PI should stay PI, but it should be checked more thoroughly to whom it is given. >> Sincerely, >> Martin > > Dne středa 16. května 2018 16:10:13 CEST, JORDI PALET MARTINEZ via address-policy-wg napsal(a): > > Hi Martin, > > > > I'm clear about the IPv4 situation. No discussion on that. > > > > I also understand that both (ISP for special infrastructure and also large non-ISP) need addressing space. Call it PI or PA is another question. > > > > Having a single contract doesn't goes against the need for both kind of organizations. > > > > I think we both agree. What I'm saying is that there is no need to have both into different policies if are able to simplify for both organizations to have a single contract and a single policy (with of course, require a small different justification mechanism - or may be not even to make it much simpler). > > > > Can you tell me why you believe we need to keep them *isolated* ? I mean specific needs that makes impossible to accommodate both into a single policy? > > > > The only *real* difference in the policy is that one starts with /48 per end-site, the other with /32. Anything else? > > > > Regards, > > Jordi > > > > > > > > -----Mensaje original----- > > De: address-policy-wg <address-policy-wg-bounces at ripe.net> en nombre de Martin Huněk <hunekm at gmail.com> > > Fecha: miércoles, 16 de mayo de 2018, 16:01 > > Para: <address-policy-wg at ripe.net>, JORDI PALET MARTINEZ <jordi.palet at consulintel.es> > > Asunto: Re: [address-policy-wg] proposal to remove IPv6 PI > > > > Hi Jordi, > > > > I must say that I'm strongly against this proposal. > > > > Reasons: > > - Situation between IPv4 and IPv6 is quite different - reasons for canceling IPv4 PI was simply not enough space > > - Not everyone in the business had to be a LIR and some large non ISP organization could be legitimate user of PI space > > - Insufficient checks and under-educated LIRs doesn't necessary mean that concept of PI space is bad, only that it is misused > > > > Now some details. Even in IPv4 there is still PI space left, not for the ordinary networks, but for the IXPs. It is a fact that there are missuses of IPv6 PI space like ISP running in PI space. But if we want to cast the blame, it would come to the uneducated LIR operators and partially to the RIPE NCC because it did not educate them well (or at least explain when to ask for PI in the LIR portal). > > > > Personally, I had to ask my formal upstream (before we became LIR) specifically to make ALLOCATED-BY-LIR object and to make me mnt-lower, step by step because they didn't know how to do that. For such LIR it is easier to ask for PI just because they use to do that for the IPv4. > > > > There are also some large companies that would be legitimate to use current PI space. Not every organization had to be in internet business, so it should not be a LIR at all. Current concept of every major end-user to be a LIR is broken because need of IPv4, lets not spoil the IPv6 world the same way. > > > > Current PI space misuse could have been solved by more in depth checks. Like if the end user is an ISP, it is most likely misuse. Also if someone asks for PI, RIPE NCC should either pick up the phone or write an e-mail and ask LIR why they want to ask for PI. > > > > Can RIPE NCC make video about proper way how to make allocations for LIR's "downstream"/client? Maybe place it in PI assignment wizard in LIR portal. > > > > IPv4 shortage just broke the model LIR. Today just too much end users became a LIRs just to be given IPv4 space, but they would never serve as a local internet registry or would not know how to work as LIR. Canceling the IPv6 PI would not help to solve this problem, it would make it even worse, by pushing more and more end users to became LIR when they are actually not one. > > > > Best regards > > Martin > > > > Dne středa 16. května 2018 14:52:57 CEST, JORDI PALET MARTINEZ via address-policy-wg napsal(a): > > > Hi all, > > > > > > For those that haven't been in the meeting, the slides are available at https://ripe76.ripe.net/presentations/97-RIPE-2018-05-v1.pdf > > > > > > I believe we have several problems that my proposal is trying to fix. > > > > > > 1) See my previous email on the clarification of IPv6 PI sub-assignments. Is not just a matter of IPv6, but also IPv4. This is an alternative solution (at least of the IPv6 part - we could do the same for IPv4 of course and also remove IPv4 PI). > > > > > > 2) It was clear in the meeting, as we *all* know, that many folks in the community (and not only in this region) are abusing the policy and they actually use end-user space (PI policies) to *assign* (call it sub-assign if you prefer it), to third parties. > > > > > > 3) It may be the case that this happens because the fee structure. An LIR, currently, pays 1.400 Euros per year (plus one-time setup-fee of 2.000 Euros). And end-user just pay 50 Euros per resource assignment. So, it makes sense to just pay for 50 Euros, and then you may be providing services using NAT+CGN (in the case of IPv4) or a single /64 to each subscriber in the case of IPv6. It is broken, of course, but people do that. > > > > > > 4) The fee scheme is somehow responsible of that as well, as there is in my opinion, unfairness. A big ISP having an IPv6 /20, or /24 or /29 or /32 is paying always the same. This is the only region that have a "flat" rate. > > > > > > 5) We could fix the point above, auditing every end-user. But we could also fix it in a better way by: > > > a) A policy change in the line the one I've proposed (see the slides and the links for a diff) > > > b) Having a single LIR contract, instead of LIR and end-user > > > c) This may be (as an option), also become a way to make a price scheme which is proportional to the amount of resources allocated. > > > > > > Note that we don't need to change the fee scheme, but it is an opportunity for taking a look into that. It may be perfectly possible to keep the cost of end-users as 50 Euros (for a single /48, for example), but having a single contract. I know perfectly that fees are not "policy", however only if we address that we can do correctly the policy. A demonstration of that: When I proposed the IPv6 PI and it reached consensus, it was needed to create the "end-user" contract and the corresponding fee, so is something that we have done before. > > > > > > I know that the proposed text may be very imperfect, for example the usage of "ISPs", but this is not the key now, there are for sure several alternatives to that. For example, we could just differentiate both cases with "LIR that do subsequent distributions initially qualify for /32 up to /29 etc. LIRs that do not do subsequent distributions initially qualify for a /48 for each end-site". So please, don't consider specific text at this point of the discussion. > > > > > > And last, but not least, repeating myself, we could do this just for IPv6, or also work in parallel in a policy proposal for IPv4 PI removal as well. This will be probably the best choice, so we can let the NCC to have a simplified policy, a single contract and consequently less overhead: Simplification for everyone. > > > > > > Thoughts? > > > > > > > > > Regards, > > > Jordi > > > > > > > > > > > > > > > > > > ********************************************** > > > IPv4 is over > > > Are you ready for the new Internet ? > > > http://www.consulintel.es > > > The IPv6 Company > > > > > > This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > ********************************************** > > IPv4 is over > > Are you ready for the new Internet ? > > http://www.consulintel.es > > The IPv6 Company > > > > This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it. > > > > > > > > > > > > > > > > ********************************************** > IPv4 is over > Are you ready for the new Internet ? > http://www.consulintel.es > The IPv6 Company > > This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it. > > > > > ********************************************** IPv4 is over Are you ready for the new Internet ? http://www.consulintel.es The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
- Previous message (by thread): [address-policy-wg] proposal to remove IPv6 PI
- Next message (by thread): [address-policy-wg] proposal to remove IPv6 PI
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]