Minutes & Presentations

Thursday, 17 September 2009

09:00-10:30

Welcome Note
Andre Kolesnikov, Director, Coordination Center for TLD RU

The meeting opened at 09:30 and Paul Rendek, Head of External Relations and Communications at the RIPE NCC, welcomed the attendees, noting it was the sixth Regional meeting held in Moscow.

Paul introduced representatives of RIPE and the RIPE NCC.

Paul thanked the sponsors of the meeting and introduced Andre Kolesnikov for the welcoming note.

Andre Kolesnikov welcomed the attendees and praised the support of the sponsors and meeting attendees. He noted that, even with the economic crisis, the Internet in Russia continues to grow and prices for connectivity are going down.  He noted the 15th anniversary of the .ru domain and the 20th anniversary of RIPE.  He praised the participation of non-governmental organisations in the Internet today.

Paul Rendek introduced Olaf Kolkman, NLnet Labs, and noted Olaf’s position as the Internet Architecture Board (IAB) Chair in the IETF.

IETF Update
Olaf Kolkman, NLnet Labs

Olaf presented an overview of the IETF, including the organisation’s goal; structure; levels of participation; protocol, applications and document development including RFCs; working groups; what the Internet Research Task Force (IRTF) is; the IAB and its responsibilities; and other group extensions such as the International Association of Software Architects, IETF Trust, RFC Editor and the IANA.

There were no questions from the audience.

Paul Rendek introduced Andrew de la Haye of the RIPE NCC.

RIPE NCC Statistics and Policy Update
Andrew de la Haye, Chief Operations Officer, RIPE NCC

Andrew presented on the recent RIPE policy updates including ongoing discussions on IPv4 depletion; RIPE NCC membership statistics; number resource statistics; and the RIPE NCC Service Center at the meeting venue.

There were no questions from the audience asked.

Paul Rendek introduced Jochem de Ruig of the RIPE NCC.

Draft RIPE NCC Charging Scheme 2010
Jochem de Ruig, Chief Financial Officer, RIPE NCC

Jochem presented on the process of running the RIPE NCC Charging Scheme each year, including its historical evolution and influence of RIPE policy changes. Jochem noted the positive membership development over the year to date; the motivation, overview and impact of RIPE policy 2007-01 and its incorporation into the Charging Scheme; the scoring algorithm used in the Charging Scheme; requirements set for the Charging Scheme; the differences between old and new proposed Charging Schemes; the development of service fees over time.

He encouraged the RIPE NCC members to actively participate in policy and Charging Scheme discussions at the upcoming RIPE NCC General meeting in Lisbon in October.

Question: In the proposed new Charging Scheme, would an LIR be charged per Autonomous System number and PI assignment?

Jochem: Yes. If your organisation has its own ASN infrastructure and PI blocks, these will be charged.

Comment: As I understand it, the requirement for charging for direct assignments is mainly based on management issues. Why is this so difficult? If there’s a problem with End Users not responding to your request, then just block their Role object. It will make things easier for everyone. Also collecting contracts from LIRs is more time-consuming and difficult than just calling them.

Jochem: The fact that we’re talking about 30,000 resources makes this more complex. As for End Users, their data could be from 1997 and the contact email address may not work today. We ask members, as responsible contract holders, to keep their data up-to-date. We are following RIPE policy in how we contact our customers. And the RIPE community approved RIPE policy proposal 2007-01 and the RIPE NCC is implementing it.

Comment: It is technologically impossible to block the addresses. The idea of the contract is not to get money from the LIR but to make clear the link between the RIPE NCC and the requestor.

Question: In which national language should the agreements and other documents be used and signed? How is the RIPE NCC going to deal with this because there so many? Also, in the agreements, am I supposed to provide commercially sensitive information? Why is this important to the RIPE NCC when RIPE has nothing to do with it? It is our information between us and our End User.

Jochem: Regarding languages, we accept national languages and can ask for translations (from the country’s local Chamber of Commerce). If it is unclear to us, we’ll have to ask for more information for clarity and verification.

Regarding confidential information, we treat this sensitively and confidentially. But the RIPE NCC must see the contract and what is in the contract to ensure that it fits with RIPE policy. If you question specific requests made by us or if you have information that you do not wish to have in the contract, we can discuss this. We deal with this on a case-by-case basis. Not every contract has such confidential information.

Comment: It’s the complexity of the policy’s implementation. The amount of paperwork required can be a burden and will add to our costs. This will be covered in the new fees when it could be processed in a simpler, technological way. And how are you going to block PI addresses if you do not have accurate, up-to-date LIR information?

Jochem: I think this is more a technical problem but, from an administrative point, we’ll remove the record from our database and it returns to the free pool. We won’t make an effort to block the space.

Andrew de la Haye of the RIPE NCC added that, among all of the RIPE NCC LIRs to date, around 65 percent of them with PI space have participated in the policy.

There were no further questions or comments.

11:15 - Coffee break

11:30 - meeting continued

Internet Governance Panel Session – What Does it Mean in Russia?

Panel members:
Dmitry Burkov, RIPE NCC Executive Board
Michael Yakushev, Chairman, Coordination Center for TLD RU
Andrei Kolesnikov, Director, Coordination Center for TLD RU
Rob Blokzijl, RIPE Chair
Axel Pawlik, Managing Director, RIPE NCC
Alexey Soldatov, Ministry of Telecommunications and Mass Communications of the Russian Federation

Michael Yakushev, Chairman of the RU Coordination Centre, introduced the panel. He noted that the word “governance” does not have a direct translation in Russian, Arabic or Spanish. He noted that it could mean “management” or “maintenance” and proposed that, for this meeting, the word should be translated as “distribution of powers”.

Alexey asked, “what do we want from the Internet?” He noted the guiding principles of “do no harm” and to keep the Internet working as it has over the years. He said that this is the way the Russian government presently thinks. He also noted that if the government sees something improper taking place, the government has a right to stop what is happening, but this does not happen often. He noted that businesses, community and government should come together and participate together in Internet coordination.

Alexey noted a general misunderstanding over what the Internet is, confusing domain names with IP addresses, with the latter not getting much visibility. Therefore, government officials don’t have a clear, complete picture as to how the Internet actually works. He said that more PR is needed to help educate people. He noted the need to work with industry experts in building this knowledge for the Internet community, including governments. He added that his definition of what “governance” means is “interplay” or “interconnection”. He warned that if people do not engage in politics, politics will engage in people and he encouraged the Russian Internet community members to take an active interest in Internet development.

Rob Blokzijl thanked Alexey for a good definition of what Internet governance should be. Rob reiterated the theme of “do not harm the Internet; we all must work together to develop it”. He noted that the development of the Internet starts at home and that it is a true, unified global system. He stressed the importance of community involvement to assist in the healthy development of the Internet, and said this was equal to the influence of government interest.

Chair noted the broader understanding of Internet governance that includes infrastructure, digital divide, linguistic diversity, internationlisation of domain names, etc. He commented on the complexity of domain names in Cyrillic script. Translating from this to email addresses points to the cultural and psychological implications inherent therein. He noted that these are global issues needing to be addressed on a global level, but the discussion begins at home.

Andrei Kolesnikov noted “Internet governance” has been translated as the management of the use of the Internet. He commented on the introduction of local languages in domain names and how this reflects the changing world of the Internet. He noted that the Internet is now a commodity and impacts individuals on several levels. He noted how the Internet is changing the minds, hearts and lives of the people using it. He noted that the Internet cannot be censored like television can be and this makes things potentially difficult for government. He noted the difference in information that people can get on the Internet versus television. He proposed that TV is more harmful than the Internet. He asked Axel Pawlik if there were ever demands by government on the RIPE NCC to regulate the Internet on a technological level.

Axel commented that the RIPE NCC is focused on the technical coordination of the Internet today as it did in its beginning. He noted that the membership was not keen to have the RIPE NCC act as a lobbyist for their interests at the time. He noted that the RIPE NCC is now a part of Internet governance following the World Summit on the Information Society and the Internet Governance Forum and said that Internet governance has been useful to the organisation and the community it serves to help understand the various points of view in the various industry groups. He acknowledged past interest by governments in the RIPE NCC and its services. He suggests using Internet governance as a tool to use in furthering discussions and involvement with governments and regulators.

Chair noted similarities with the Russian telephone system and how regulation has been employed. He asked if such regulation is needed in the allocation and assignment of addresses. He noted that this is a relevant issue for the RIPE NCC and Russian law to consider in light of the new protocol coming to the Internet and any attempts to regulate it by law.

Rob Blokzijl noted the comparison between telephone systems and regulations and the developing Internet. Rob noted that the Internet does not work in the same way as telephone technology on a technical level. He said that imposing similar, last century regulations would hinder the healthy evolution of the Internet and the development of networks. He noted how present Internet telephony developments are being hindered by POT system regulations.

Chair asked for more opinions.

Question: What about national encoding domain names? If we have both Russian and Chinese domain names, there will be no easy way to translate between languages. Why are we trying to fragment the Internet?

Chair noted that the presence of Cyrillic script does not mean that the Latin script would cease to exist. He noted that the Chinese have a patch on the DNS to help them write in Chinese.

Dmitry Burkov noted that this will be the Tower of Babylon but that the process exists and it will not stop. He said that it has poisoned the Internet and that the reality cannot be ignored. He warned of future problems with email delivery. He noted that there would not be a guarantee of email delivery in the future or other services without bugs.

Chair noted that IP addresses would still be in digits so this would not be a problem.

Comment: Rob encouraged everyone to speak their minds but he noted that a person from the Ministry of Communications is running from the panel and this is inappropriate.

Question: Will we be heard or not? Does the person from the Ministry of Communications not want to listen to us?

Andrei Kolesnikov: I am not responsible for the people from the Ministry. But know that there are a series of papers that need to be completed and submitted in order to be heard by the Ministry. I can tell you that Alexey is a guy who will listen to you but he is just very busy.

Rob Blokzijl noted that the representatives of the international Internet community would listen to comments from the community. Rob noted that RIPE Meetings are true international meetings. He noted how they operate and said that there are over 1,000 RIPE NCC members from the Russian area and too few attend and participate at the meetings. He encouraged more Russian participation in policy discussions to influence the outcomes. He stressed that it is the community that sets policy and not the RIPE NCC. He noted that there is full democracy in action with regard to the RIPE NCC Executive Board and how members are elected to it. He again stressed participation by the membership.

Comment: There’s strict zonal regulation in telephone networks regarding the convenience for the user. Where is the convenience? Second question regards the potential regulation of IP addresses by the state; again it’s a question of convenience of the user.

Dmitry Burkov: The regulation of telephones is an economic issue and this is a historic model. There is no convenience for the user there. As for a change to other schemes, there is no realistic chance of discussing this in the near future.

Comment: In this country many people want to regulate everything even if they don’t know whether regulation is needed. The Internet, while a chaotic phenomenon, is self-regulating.  There is a need for some rules but there was a question on the regulation of allocation of address space and why this is needed. Only when we see an urgent need should we begin to consider government regulation.

Andrei Kolesnikov: We need to hear the voice of the Internet community and civil society in the discussion of regulation. There is a bill being re-introduced to regulate the Internet. I encourage everyone to be educated, follow up on local issues and be aware of what is developing. We must continue to talk and stand up for our interests and rights.

Andrei noted a meeting between the Internet community and Vladamir Putin in 1999 when Putin commented that regulation of the Internet should not be considered without the input and consent of the Internet community. The Russian Prime Minister and the President seem aligned with our position today.

Comment: The more restrictions we face, the more chaos we’ll have. We need only rules of education and enlightenment and not restriction.

Comment: Young radicals may need to be restricted but not the Internet.

Chair asked the panel for summaries of their impressions on the discussion.

Axel noted the need for discussion and dialogue for the basis of a healthy, functioning Internet. Regulation the way it exists in the Internet community today works. Internet governance in the self-regulating way it exists today furthers the opportunity for discussion and positive evolution.

Rob Blokzijl noted that if attendees don’t speak up, their opinions will not be heard. He suggested an “Internet Day” for the Duma as an educational opportunity and as a way to connect the various members of the community. He encouraged engagement in discussions and repeated that governance starts at home.

Andrei noted the need to continue to enlighten members of the community and government as to what the Internet is and what is needed.

Chair agreed and noted “together we are invincible” and brought the panel discussion to a close.

Paul Rendek thanked the panel and introduced Daniel Karrenberg.

RIPE Labs
Daniel Karrenberg, Chief Scientist, RIPE NCC

Daniel introduced RIPE Labs, a new effort at the RIPE NCC. He noted that the initiative would be launched at the RIPE 59 meeting in Lisbon. He noted that RIPE Labs is a new website that will draw on the input of the Internet community.

Question: How will you govern and maintain the quality of discussions on this site?

Daniel: Good question. We considered this and this is why we implemented forums, where we can move things around. But we will not be censors. If things go off topic, we can move those discussions to special places, such as “Hallway Chat”, for instance. Then we will see how this works.

Question: Will existing mailing lists be replaced by the forums?

Daniel: The guiding principle is “do no harm”.  There is no immediate need to remove or regulate mailing lists but we hope that discussions can be held on the forums. And if forums become a better medium, mailing lists can die by themselves.

There were no further questions.

Paul Rendek introduced Andrei Robachevsky.

RIPE NCC Information Services

Andrei Robachevsky, Chief Technical Officer, RIPE NCC

Andrei presented on Information Services (IS) at the RIPE NCC, including active and passive measurements; their benefits and how to use them; the existing IS portfolio of services; the recent review of the services and users’ needs and expectations. He also unveiled the proposed new IS Portal (“Netsense”) and its tools and potential uses.

Question: About six weeks ago, BGP Play disappeared from the RIPE NCC website. It’s a good utility. Do you plan to restore it?

Andrei: Yes. It has disappeared but there is another application called BGPviz. It has the same functionality as BGP Play and will be developed further at the RIPE NCC.

Comment: We found that application (BGPviz) but were already familiar with BGP Play. What was wrong with BGP Play?

Andrei: BGP Play was not a RIPE NCC development.  In order for us to evolve that product, we could not open it up. It still exists and is maintained at a university but the RIPE NCC felt a need to develop the application further and from the ground up to answer the needs of our community and users. We welcome more discussion from users like you about this service on the RIPE Labs site in our move to develop our services further to meet your needs.

There were no further questions.

Paul Rendek closed the session at 13:00.

Lunch Break

Afternoon session began at 14:05.

Paul Rendek introduced Richard Lamb, ICANN.

DNSSEC Signing the Root & ICANN Update
Richard Lamb, ICANN DNSSEC Program Manager

Richard presented on DNS Security (DNSSEC); its development over time; RIPE community input to ICANN regarding DNSSEC development issues; history of the signing of the root; the proposed process of root signing in progress at ICANN; the validation of the key and various signing mechanisms; protection against encrypted attacks; the need for community involvement in the key-signing process development; other ICANN-related zones on the list to be signed.

Dmitry Burkov: What is the real practice or consequences for ISPs in root signing?

Richard: The registries, registrars and ISPs are on the front line. They need to make sure they have an automated scheme to sign. There is also the question of who owns the root key, especially when registries go away.  ICANN recognises these problems but does not have answers to all the questions yet. We hope the problems get solved through interest in DNSSEC.

Dmitry: What do you think about transferring DNS traffic to TCP?

Richard: DNSSEC adds keys, so the size of the packets is enlarged. This could conflict with some systems. Packets could get fragmented and firewalls don’t let fragments pass through. It is a problem.  We’re doing the best we can to keep the size of the packets small. There is a test plan associated with ICANN’s investigation and development. There is still more to see and evaluate.

Olaf Kolkman: The main point about DNS and the root and fragmenting is that we need to be very careful not to break anything for people who do not consent to run DNSSEC. The fragmentation problem behind a firewall is noticeable after five seconds after you turn your system on. You have a choice to turn it off. So far, there have been no reported problems with DNSSEC, but we need to be careful of turning on DNSSEC on the root.

Dmitry Burkhov: We’ve tried to solve the problem of cache poisoning using DNSSEC. It is unrealistic to deploy it for the End User.

Olaf Kolkman: DNSSEC is almost 15 years old and has seen several iterations over time. We’re not at the point of pushing DNSSEC to the End User yet. Without an infrastructure, a signed root and TLDs we will never get there. It may take another four or five years. These are the first steps.

Andrei Robachevsky thanked Richad Lamb for his presentation.

Andrei introduced Andrei Kolesnikov.

Expansion of Domain Name Space and Increase of Domain Name Registration System Reliability
Andrei Kolesnikov, Coordination Center for TLD RU

Andrei presented on the .rf Cyrillic domain registration, and some history on the .ru domain development; the complications of internationalised domain name ccTLDs; the timeline of the .rf Cyrillic domain name project;

Question: I want to comment on .rf and Cyrillic domains. While the majority might support this, I do not. Why didn’t you try to get territorial domains, for example, in Latin script?

Andrei: I can’t be responsible for something that happened ten years ago. There are certain relationships between registrars and domain name administrators and .ru. Do we want to break the system? Of course not.

Comment: This is again an attempt to serialise something that was Latin. It’s some sort of orthodox programming.

Andrei: I think that .rf is not a cure-all. You can use it if you want or not.

Question: Is there a list of reserved domain names?

Andrei: What we will reserve, we will publish. This work will take four or five months and we will update the list continuously.

There were no further questions.

Andrei Robachevsky thanked Andrei Kolesnikov and introduced Valery Temnikov

Allocated DNS-Server System as a Way to Support Reliability, Quality and Security of IP-Communications and IP-Services
Valery Temnikov, RIPN

Valery presented on DNS and anycast technology developments; the benefits of the technology; system performance and reliability; and domain zones that RIPN service.

Question: How does this protect from distributed denial of service (DDoS) attacks?

Valery: This system will simply “digest” DDoS attacks due to the close proximity of the nearest server. Otherwise, we can turn off the DNS server.

Comment: If you switch off the DNS server in New York, the attack will go to other DNS systems. So you can’t guarantee the continuity of the service.

Valery: What is important is not the link but the end point. The servers will not know where the attack comes from.

There were no further questions.

Andrei introduced Pavel Khramtsov.

Statistics of Address Space Allocation in Russia
Pavel Khramtsov, RU Center

Pavel presented on the distribution of IPv4 resources in Russia and per region; the number of domain sites per region; .ru domain usage; reverse proxy using, botnets and Fast-flux; and Moscow’s position in address space use.

There were no questions asked.

Andrei Robachevsky thanked the speakers.

15:40-16:00 Break

Paul Rendek introduced Daniel Karrenberg.

A Bit of History
Daniel Karrenberg, Chief Scientist, RIPE NCC

Daniel presented on an email he received 20 years ago. The mail was from a colleague in Russia and it described the key people involved in the beginning of the Internet in Russia who ran the machines, oversaw the servers and provided user support. The mail included statistics on Internet traffic, including how many country institutions were connected.

There were no questions asked.

Paul thanked Daniel and introduced Max Tulyev.

The Danger of IP Hijacking

Max Tulyev, NetAssist LLC

Max presented on issues of IP hijacking around the world, using the YouTube incident of 2008 as an example. He noted the far-reaching impact of hijacking; controlling address space and having good peering policies; benefits of SSL certification and digital signatures; and concerns related to using critical data.

Question: You said it is advisable to announce networks shorter than a /24, but will hardware digest a /24?

Max: Hardly.

Comment: From this example you show, was your server on authorisation mode?

Max: It was.

Question: I disagree with you on the statement that you cannot delete people on the routing table. You cannot deny all the people connectivity.

Max: If you are an honest ISP, 90 percent of connectivity is no connectivity. If you are a phishing agent, or a virus writer, they can cover 90 percent of the audience so it’s good business for them.

Comment: It’s much easier to fight single BGPs than single botnets because any ISP can give a hard time to a customer who does that.

Max: I saw people who were getting multi-homed address blocks. ISPs can switch them off but 90 percent of the world can see them.

Question: When you said people who announce illegitimate networks can be deleted from the table, this question has a lot to do with returning PI blocks to the free domain pool. The more general question is how to block people from using these PI addresses.

Max: I don’t think it’s that. If you create 90 percent visibility of illegitimate PI networks in the world, I think owners will understand it and make a contract order than fight. You should punish the providers who do not filter illegitimate traffic through their customers.

Daniel: It’s important for ISPs combat this kind of impersonation. Max is correct to say that you don’t need complete coverage for bad intentions. It is hard to diagnose and I am pleased Max and others have tried to figure it out. Transit providers should actively monitor what’s going on. We need to combat the “bad guys”. If the problem is not curtailed, the governments in the public interest will come to us saying we have to solve this problem. Blocking is a problem. In the end, it gives a reason for censorship. I agree with Max. We have to do something as an industry to combat this problem.

Question: Please clarify what the likelihood of tracing attacks is, if they are distributed from several points around the world?

Max: If you announce from different points, it increases the likelihood of identifying the attacks. The perpetrator will be one and the same. Of course, the AS should be different and should not be used and you should physically trace this back to the originator. And then you can hand the people to the police.

There were no further questions.

Paul Rendek thanked Max and introduced Konstantin Tchoumatchenko.

IXP Updates & Discussion
Konstantin Tchoumatchenko, MSK-IX

Konstantin introduced representatives of some larger IXPs in the region. He noted the discussion would be about Internet exchanges and the traffic they exchange.

Konstantin presented on how Internet exchanges work; traffic forecasts; peering benefits and requirements; BGP applications; and scalability of exchange points.

Konstantin introduced Alexander Ilin of the Moscow Internet Exchange. Alexander gave an update onthe MSX-IX, including the continued growth, quality and speed of traffic; implementation of IPv6 on root servers; routing software; and future plans.

Elisa Jasinska, AMS-IX, presented on the Amsterdam Internet Exchange’s to-date traffic and traffic patterns; predicted port types and predicted port growth; membership connections and growth; exchange topology; and pricing.

Tomas Marsalek presented on NIX in the Czech Republic. The presentation included an overview of the NIX mission; NIX history; IPv6 compatibility; route servers and peering; organisational information; traffic statistics; topology; and future plans.

Frank Orlowski presented on DE-CIX, Frankfurt. The presentation included an update on DE-CIX history; peering traffic; platform topology; pricing; and sponsored events.

Richard Yule presented on LINX, the UK-based exchange. The presentation covered the mission of LINX; peering and topology; membership; platform extension; and infrastructure overview.

Konstantin thanked the panel and closed the session.

Paul Rendek thanked the presenters. He presented gifts to early meeting registrants, and to the most active participant.

Paul thanked meeting host RU Center and the meeting sponsors.

The meeting closed at 18:15.