[ipv6-wg] Publication of default assignment sizes for end-user network ?

Fellow WG members,

This is something that seems to be lingering around for some time now  
and from talking to various people seems that there is some basic need  
for a system for this.

I understand the IPv6-WG may not be the correct place to solve the  
issue, however I do think this is a nice platform to try and see if we  
can work out what the actual need is for that and hopefully this can  
result in some draft proposal that can be taken to the appropriate  
working group or even to another body for the actual implementation.

As per RIPE-481 section 5.5 there is no need to register assignments  
of a /48 or longer into the public RIR/NIR database, as long it's  
registered by the LIR and that data is accessible by the RIR.

Now this does not forbid you to register individual assignments into  
the public database, but doing so poses various problems. Not only the  
sheer number of assignments can be a problem, but also keeping that  
registration up-to-date will have serious impact on your day to day  
operations and especially with residential users there might be  
privacy issues as well.

 From an IR perspective this all makes sense and seems like reasonable  
behavior and I'm not intending of changing this.

 From what I see in the emerging deployments is that there are quite  
some differences between various operators on what the default  
assignment size to end users is and even in the same operator the  
actual size assigned might vary in between the various products from  
anywhere between a /128 to establish a link up to the full /48 possible.

Together with these emerging deployments and this is primarily  
focussed on eyeballs but it may also apply to hosting as well, there  
seems to become a need to establish things like GEO-IP services but  
also blacklists for, as an example, email.

Within IPv4 these kind of services can pretty much be done with a  
resolution of the full 32 bits registering individual IP addresses and  
still end up with a manageable list.

With IPv6 emerging this situation changes, as most as not all  
customers will receive at least a /64 it seems natural to do some form  
of aggregation and I already can think of 2 reasons why:

- Doing it on the full /128 will have the risks the lists become too  
big and maintaining and distributing them becomes impossible
- Within the /64 it's fairly easy to switch addresses or to simply  
select multiple, so for instance a virus can use an almost unlimited  
number of source addresses to do evil.

Naturally this has already led to aggregation, people working on  
collecting this data and generating these blacklists and also get-up  
services have invented there own scheme, some of them register  
individual /64's, others seem to have or start using a model where  
presence of X numbers of individual /64 blocks will lead to automatic  
aggregation and the next 'natural' boundary for that is /48.

This in itself can lead to issues for instance when you assign /56 to  
a customer premises and somebody decides to aggregate he may as well  
block 256 house holds and not the one doing evil.

Now talking with people the problem seems big enough that it needs  
fixing, in fact we may as well fix it before it goes wrong. Now I  
realize there are various way how to attack this and various platforms  
or community bodies to address this.

At this point in time the RIR seems a reasonable place and what I'm  
trying with this post is see if there is some consensus about the fact  
this is a problem worth fixing and hopefully together and as a WG we  
can generate some output by for instance writing a draft proposal and  
bring it to other working groups or standardization bodies.

So about the solution, one of the things I'm thinking about is asking  
the database group to implement an additional and optional attribute  
for inet6num which can hold the standard assignment size used for this  
block. So for instance I can put an object there saying  
2001:980:1000::/36 is used for residential DSL assignments and default  
assignment size is /48 and that 2001:980:2000::/36 is used for hosting  
purposes and assignment size is a /64. That way people can find out  
about and aggregate their lists or even abuse complaints according to  
boundaries set by the operator and they no longer have to guess and  
potentially harm themselves or other users because there educate guess  
was of by 8 bits.

This is only one possible solution, I also heard a voice saying we  
could try and solve this in DNS and it might be taken to IETF others  
suggested that instead of the database this should be published as a  
machine parseable list on a static URL.

Now I'm perfectly happy to write that proposal, in fact some of it is  
already done. So is this worth going after, did I miss something here,  
can you provide arguments supporting this or against this approach and  
what sort of solution would you like.

Looking forward to your comments either on this list or privately,  
especially from people who are in the business of data collection/ 
publishing.

While we work on the new charter let's together try and proof this WG  
still is capable of producing something usefull :)

Grtx,

Marco Hogewoning
(Both operator and concerned citizen)