Plenary Session Minutes
Date: 24 - 26 September 1997
Chair: Rob Blokzijl
Scribe: Mirjam Kuehne
3 From the Chair
4 Minutes RIPE 27
5 Action points from previous meetings
- 26.R3 on Joachim Schmitz finalise hierarchical authorisation for route objects together with RIPE routing WG ONGOING
- on Geert Jan de Groot to write up recommendations for managing nameserver configurations CLOSED
- on Lars Johan Liman To circulate a minimal set of requirements for TLDs on documenting their procedures OPEN (can possibly be continued as part of TLD WG)
- on Daniele Bovio try to find ISP's that are willing to install test traffic measurement CLOSED (possibly reopen later)
New action points will be discussed later during the plenary
6 Karel Vietsch: Report from the RIPE NCC contributers meeting
The Meeting of the NCC contributors took place on 23.09.1997 right before the RIPE Meeting here in Amsterdam. Karel started his presentation by giving a short introduction to the formal set up of the RIPE NCC and its relation to TERENA: More than 800 Local IRs receive currently service from the RIPE NCC. They sign a contract with TERENA. The RIPE NCC staff is formally employed by TERENA.
Karel Vietsch mentioned that it was a successful meeting . He thanked the chairman Kees Neggers and the RIPE NCC staff who prepared the meeting, specially Carol Orange, Paul Ridley, Daniel Karrenberg and Mirjam Kuehne who gave excellent presentations. Mirjam and Carol gave a presentation about the current activities of the NCC containing a lot of interesting statistics about the growth of the Internet in the RIPE NCC's service region and the growing workload of the NCC.
Daniel presented the new activity plan for 1998. This plan together with the charges that will be slightly higher in 1998 was approved by the NCC Contributors without any changes.
The RIPE NCC will be incorporated as an association as of January 1998 and Karel presented the progress in the separation of the RIPE NCC and TERENA.
The following documents describe the current plan:
Paul presented the financial consequences for the split and the tax agreements that have been arranged with the Dutch tax authorities for the new RIPE NCC association. No taxes will have to be paid for transferring the money from the TERNA bank accounts to the RIPE NCC accounts. It has also been agreed that the new RIPE NCC will not have to pay any company tax.
Finally elections for the Executive Board of the new RNA were held. TERENA appointed Kees Neggers to represent TERENA on the EB for 2 years. Frode Greisen and Keith Mitchell were elected to serve on the board for 3 years. Wilfried Woeber and Wim Vink were elected to serve on the board for 1 year.
Rob Blokzijl announced festivities for next year when the new RNA will finally be established and thanked Karel Vietsch and the TERENA staff for the support during the first years of the RIPE NCC.
7 John Martin: EURO-CERT (European Incident Response Coordination Service )
Started in 1992 when the CERT community in Europe realised that they need coordination in Europe First milestone: Call for proposals first of this year RIPE NCC also submitted proposal which was later withdrawn by DFK for very good reasons. However, the NCC offered to help and support.
CERT/CC is funded by the US government. This is not approporiate for Europe.
Plans: Has already started, very well described in report. Incident reports are planned. Basic coordination service between the members
Phase 1: 1 FTE
Phase2: 1.5 FTEs
Please get involved: Look at the website and documents and join the mailing lists. Please ask your security people to get involved.
Another reason is that TERENA asks for contributors.
Bernhard Stockmann points out that TERENA is an academic organisation and asks if it is appropriate for TERENA to get involved in commercial projects.
John Martin explains that the project plan was defined 2 years ago, but that the ongoing operations are defined by all current contributors.
Daniel Karrenberg mentions that TERENA did a good job by getting the NCC going which now also supports commercial ISPs, not only academic like in the beginning. That means they have a good track record in getting these things started.
Bernhard: This always was an issue during all the years, so the NCC is now moving out of TERENA, is the same development forseeable for the CERT project ?
Rob Blokzijl clarifies that the NCC does not move away from TERENA because they had problems with neutrality etc. It is a scaling issue (RIPE NCC has grown bigger than TERENA).
Karel Vietsch points out that TERNA has a track record to support these type of projects inside TERENA which then later can possibly be independent and separate from TERENA (EBONE, DANTE, NCC). They are not interested in staying involved once not necessary anymore.
8 Mike Norris: Spammers hapless fate: ISP toil and sweat
In the name of Luis Miguel Sequeira who contributed valuable ideas on the mailing list. The issue came up during the LIR-WG and was discussed on the list. I It is however not a problem that concerns Local Irs only, all ISPs are concerned, therefor the ideas are presented again during the plenary.
Luis brought up three important questions:
- Is SPAM recognised as a problem?
- Shall we spend resources?
- Shall we coordinate ourselves?
The audience feels that there is a need to do something about it together. How do we get this started?
Bernhard Stockmann asks Mike Norris if he woul see this activity as too small for a separate WG.
Mike Norris replies that this issue is pretty focused and is concerned a serious problem. The setup of a WG might be not the right forum, because this would mean to start a long-term action. This problem should be tackled on a short term basis.
The audience proposes to set up a task force.
Geert Jan de Groot mentions that a WG would acknowledge that SPAM has success. Short term action is needed. He suggests some technical solutions that could be discussed in such a task force.
Wilfried Woeber thinks that the RIPE environment could be a good forum to spread the idea that it is worth to spend resources to watch your customers. It is not only a technical issue, but has also to do with being a good ISP and use the Internet in a responsible way. He pointed out that there are documents published on the IETF about responsible use of the net.
Mike Norris accepts the action for the LIR-WG to write up recommendations (informationally and regarding coordination).
9 Daniel Karrenberg: RIPE NCC - Activities & Expenditure for 1998
The presentation can be found on the RIPE NCC's servers.
Geert Jan de Groot reminds us that the building the RIPE NCC moved to during 1997 will not be big enough to house all additional staff. Where will they be placed?
Daniel Karrenberg explains that this is an operational problem which will be solved. The NCC is looking for a new location in the vacinity and it looks promising.
10 Paul Ridley: The RIPE NCC Charging Scheme for 1998
The presentation can be found on the RIPE NCC's servers.
Summary: The same charging scheme as in 1997 will be used. The size category of a LIR will be dependend on the amount of address space allocated to a LIR and on the age of the allocation ('older' allocations are 'cheaper' because they do not create as much work anymore as 'new' allocations). More details can be found in ripe-163.
The yearly fees will be:
|Small||2450 ECU||2200 ECU|
|Medium||4500 ECU||4000 ECU|
|Large||8500 ECU||8000 ECU|
This is an increase of 10%. Also the sign-up fee will be raised to 2000 ECU (1997: 1300 ECU)
Distribution of sizes:
Current scheme was felt to be fair because it ensures that LIRs are not subsidised by others. It provides stability for the RIPE NCC.
11 Mirjam Kuehne and Carol Orange: RIPE NCC Activities Report
The presentation can be found on the RIPE NCC's servers.
Registration Services Summary
Number of registries growing linearly (1 new LIR per day), therefore the amount of work is still growing. Registration Services addressed this growth with better internal organisation (deputy manager, better registry handler system, better internal documentation), increased automation (reverse delegation is now fully automated, ticketing system has been improved), and hiring more staff. The RIPE NCC is focusing more on internal and external quality. During the last year the RIPE NCC did a lot of liaison work, specially related with the set up of the new Regional Internet Registry for the Americas ARIN and the possible new structure of the IANA.
Administration Activities Summary
The administrative department was specially concerned with preparations for the RIPE NCC association. Much of the administrative work that was previously done at TERENA is now being moved to the RIPE NCC.
Coordination Activities Summary
Database activity has been growing steadily and rapidly. The engineering department is concentrating on keeping the database stable and providing better documentation for users. The department is planning on working on Routing Registry notification/authorisation implementation, a database consistency project, working with the database security task force and RPSL developments. The department is also continuing work on the Test Traffic Measurement project.
Geert Jan de Groot is no longer working for the RIPE NCC engineering department. He was thanked for his contributions to the RIPE community.
Mike Norris contributed a limerick:
If you need an address on the Net
Or a scheme whereby you can get IP numbers and mask
Then the person to ask Is Geert Jan,
and he'll tell you 'No sweat'!
Thank you Geert Jan!!!
12 Henk Uiterwaal : Test Traffic Measurements Project
The presentation can be found on the RIPE NCC's Web and FTP servers.
What is the practical relevance for this experiment? As an ISP we always get questions about the delay in our network. It would be interesting to use the results from your project to react to our customers questions and to find out what causes the delay.
Also the question arises where the test boxes will be located.
Henk announces a document that will describe the requirements for hosting a test box. This document will be sent to the ripe-list. He will then also ask who is interested in hosting a box.
Henk points out that there is currently no separate mailing list for the Test Traffic Measurement. The ripe-list is used, at the moment mainly for announcements of documents.
Mike Norris asks how the project is applied to larger aggregates like EBONE etc.
Henk explains that traffic is measured between border routers between ISPs.
Niall O'Reilly would like to know how dense the population of the test boxes will be.
Henk clarifies that it is currently planned to have 25 test boxes, by the end of the year. It is still under discussion whether each box will send traffic to all other boxes (n-squared) or whether we will only test a subset of that.
Daniele points out that traffic will be generated. It would be interesting if you could find out what this effects. This will obviously effect the number of boxes.
Henk explains his is discussed in ripe-158. The traffic generated from the test boxes will always be small with respecct to the traffic generated by the ISPs. Otherwise it will not be clear anymore what we will be measuring.
Daniel Karrenberg adds that the project will probably start with an n-square mesh and than detect what will be redundant. The redundant routes will then be removed.
13 Daniel Karrenberg: Towards a Regional Internet Registry for the Commonwealth of Independent States (CIS)
There is a document in preparation that will be published soon after the RIPE Meeting. The authors are Alexei Platonov from RosNIIROS, Rob Blokzijl, the chairman of RIPE and Daniel Karrenberg, general manager of the RIPE NCC.
Current Status: IANA is the ultimate authority over number and name space. There are currently 3 Regional Internet Registries (RIR): The RIPE NCC for Europe and surrounding areas, the InterNIC for the Americas and the APNIC for the Asian Pacific Region. The CIS falls under the service region of the RIPE NCC.
The RIPE NCC has realised that there are problems to serve this region: local language, time zones, travel difficulties, difficulties to reach out in this region (training etc.)
Conclusion: We are dealing with a separate region.
The current plan is to improve the situation in 2 stages. The first stage would be to set up a local office in the CIS region to provide high quality Registration services in the CIS. This will be set up beginning of 1998. The second stage would then be to establish a RIR in the CIS after 12 - 24 months
- RIPE NCC subcontracts local services to RosNIIROS and provides resources
- LIRs in the region can choose where they want to get service from
- LIRs continue to have service contract with RIPE NCC
- RIPE NCC remains responsible
- to build a high quality service
- build user (LIR) acceptance, hope that most LIRs there would choose to go to RosNIIROS
- build RIR governance in that region
- widespread regional consensus
- international scope (not just RU)
- IANA authorisation
- RIR acceptance
- operations are already in place
- at some later point LIRs in that region will have no choice more but will have to go to RosNIIROS to get service
Next week: publish discussion paper
Next months: discussion in the region and also in the RIPE community
Next months: preparation of stage I
Q1/98: local RIR service available via RosNIIROS
Bernhard Stockman asks if there is any knowledge of the current acceptance about this two stage approach. He supports the plan, but is interestied to know if there can be obstacles on the way.
Daniel Karrenberg ensures that the authors are confident. Otherwise it would not have been proposed at this stage. A lot of LIRs already get service from RosNIIROS at the current state.
Rob Blokzijl adds that about 50% of the LIRs in that region get already service from RosNIIROS
Wilfried Woeber: DFK mentioned that this would concern about 5% of the RIPE NCC customer service. What would the resources be to get it working?
Daniel is confident that we can do some significant work with the money we get in from the region. Not all details have been worked out yet. He has however the feeling that the NCC contributors would not object if we would spend a few % more in the end.
Igor Semenyuk explains that there are more than 300 ISPs in RU alone. About 70 of them are LIRs currently.
Q: There are 12 countries in the CIS, not only RU. How many LIRs in the other countries?
Igor clarifies that many of these countries do not have much Internet development at the moment, but the situation is going to change. It will not only concern RU. More countries and LIRs will join.
Mike Norris is interested if existing LIRs would be oblidged to sign a service contract with RosNIIROS after stage II. He would also like to know what will happen with the allocations? Will they go with them?
Daniel clarifies that the LIRs would be forced to have a service agreement with RosNIIROS and not with the RIPE NCC anymore at the end of stage II. He of course hopes that noone will ahve to be forced, but that the LIRs realise that they will get better servie locally. All allocations will remain valid.
Blasco would like to know if new blocks will be allocated from IANA to this new RIR.
Daniel thinks this would be the best solution in the end. It would then be treated like all other RIRs. At some point their operations will be totally independent from the RIPE NCC's. It might however be that we will always have closer contact with them because we are neighbours.
Joachim Schmitz asks how it was decided that RosNIIROS is independent? Political circumstances are different there and that might create problems.
Daniel explains that stage I is to find out if there is acceptance in the region. If it turns out during that state that all LIRs are getting service from RosNIIROS then this is prove enough. How would you assure that an organisation is independent anyway.
Juergen Rauschenbach: The most crucial issue might be in the long term: the funding from RosNIIROS. Good idea to first outsource. But do you have any idea how this will be funded later?
Rob says that the idea is that the whole operations will be funded by the LIRs in that region like. Only in the early stage RIPE NCC will spend some resources.
Geza Turchanyi brings up the idea to have competing RIRs in the end. he does not like the idea to force LIRs to go to a particular RIR.
Daniel mentions that this has been discussed in length with the other RIRs and IANA. It is very questionable on what they would be compete on. They might end up competing on laxness of assignment criteria.
Blasco slightly agrees with Geza. Specially if we consider that Ipv6 comes in place we will have much more space and the RIRs might have to offer other services they could compete on. Maybe something along the lines of competition of domain names at the moment.
Daniel agrees that this might. However we do not know yet how IPv6 will develop. The feeling is that there will always be some assignment guidelines that will be in place. Conservation is not the only goal. We also have the goal of aggregation which is not solved yet in Ipv6 and also the goal of registration.
14 Working group reports
Joachim Schmitz: Database Security Task Force
Security issues were recognised for a long time but could not be related to a specific WG. To get things started a task force was created.
David Kessens, Cengiz Allattinoglu, Gera;d Winters, Dave Meyer, Don Stikvoort, Janos Zsako, Havard Eidnes, Mike Norris, Wilfried Woeber, Joachim Schmitz, various RIPE NCC staff
What has been done so far
- several smaller informational meetings
- 2 formal meetings
- charter drafted
- boundary conditions compiled
- non-goals defined
- RIPE NCC activity introduced
- incidents response
- legal battles
- define player responsibility to prevent legal battles
- inventory of problems from security requirements
- general approaches
- recommended mechanisms for a web of trust
- clarify and define authentication and authorisation
- define signing and trust model
- define integrity model and mechanisms
- take legal boundaries into account
- develop message signing
- develop objects tagging
- investigate about license problems
Kurt Kayser: Report from MBONE- WG
Magnus asked Kurt to be chairman temporarily. It was now proposed to hand it completely over to Kurt Kayser. All information and documents will be moved to the RIPE NCC's web server. No current action items at the moment. Ask Kurt for slides or short summary.
Kurt has some new ideas, e.g. multicasting the RIPE Meeting or enabling electronic voting for NCC- CO.
Bernhard Stockman mentioned that there are tools for these type of applications. At the beginning of the WG optimisation was an issue. Is that still discussed?
Kurt explained that MBONE is still in an experimental phase. It is still an issue to have the experimental topology optimised. But there are also commercial developments that are interesting to follow. Maybe a renaming or repositioning for the WG would be useful at some point.
Bernhard thinks that RIPE is mainly concerned with the coordination for MBONE topology.
Kurt respons that there is more to it: applications. If you don't know what to do with it, you don't even care how to connect it. Maybe some sort of an application document or a compilation of possibilities would be useful.
There was some discusssion about the scope or charter of this WG: Research and topology coordination or applications? No conclusion was drawn at this stage.
Joachim Schmitz: Report from Routing WG
- 75 participants
- scribe: Julia Edwards
Authorisation/Notification of route objects
- cross notification on the way
- aut-num authorisation finalised
- if aut-num object carries mnt-route attribute, only those maintainers listed are alowed to add route objects
- if no mnt-route attribute is present anybody may add route objects of the origin described in the aut-num object
- independently from mnt-route attribute maintainers of route objects may always delete them
-> open issue: distributed registry - how to control e.g. entries in other Routing egistries if properly authorised only in RIPE DB?
- hierarchical authorisation open
The were reports given on the following subjects:
- RIPE NCC: implementation of RIPE DB
- Jake Khuon: Policy Analysis of Internet Routing (PAIR)
- Christian Panigl: Route Flap Dampening - 'Golden Networks'
Actions from Routing WG
- 26.R3 on Joachim Schmitz OPEN Hierarchical authorisaton for route objects
- 27.R1 on NCC and Joachim OPEN (not fully implemented yet) Implement Cross Notification
- 27.R2 on Carol and NCC OPEN (not fully implemented yet) Implement aut-num authorisaton
- 27.R4 on task force CLOSED publish a RIPE document on route flap dampening
- 28.R1 on Carol Orange Contact other RRs to coordinate implementation of distributed authorisation
Route Flap Dampening was discussed and Christian Panigl summarised the work of the Route Flap Dampening Task Force. Recommended parameters will be published as a RIPE document.
Bernhard: There is redundancy: We have more than 1 root server. If one gets dampened, you always access the others.
Danile Karrenberg clarifies that the issue is if this should remain the decision of local ISPs or if coordination is necessary. He does not think that golden networks are necessary. Better coordinate parameters.
Mike Norris: There is also a list of martian networks that should be filtered out. Maybe the conversion should also be documented.
Daniel is not sure if it has negative effects if someone does not dampen some network. He does not see a coordination problem there.
Christian Panigl: Redundancy is correct. It depends where the flaps happen? If the flapping happens in the backbone and gets dampened we might loose all name servers. This was the initial argument. Maybe a very small list of golden network that should be globally excluded from dampening. What you add as local golden networks in your own local list is of course up to you.
Daniel mentioned that there was some discussion in RPS-WG about route flap dampening. Maybe a list of networks that should not be dampened should be added to the language.
Bernhard asks if multicast routing can also be an issue for the routing WG?
Joachim respons that this definitely can be an issue of this WG. Has not yet come up on the agenda. Always welcome to suggestions.
Daniel asks if consensus has been reached in the WG that hierarchical authorisation is needed additionally to cross notification.
Joachim: At the moment it is not yet compulsary to register your routes (opposed to networks and domain names). However, this might change it then it will be essential to implement stronger authorisation also for route objects. This is still under discussion.
Joachim Schmitz: Report on RPSL joint session between DB WG and Routing WG
- 38 participants
- scribe: Klaus Landefeld
Daniel Karrenberg gave a short introduction to the Routing Policy Specification Language RPSL.
David Kessens gave a presentation about the developments and current implementations of RPSL and possible changes in the RIPE DB. His slides can be found at http://www.isi.edu/~davidk/presentation.html.
Carol presented the transition plan. Her slides can be found at the RIPE NCCs web server. A RIPE document will be published that describes the transition and the various phases.
Tutorials about RPSL are planned for the next RIPE Meetings.
Also look at http://www.isi.edu/ra/rpsl/transition/.
Bernhard Stockman would like to know if conversion SW will be provided.
Joachim confirms that conversion tools will be provided. This is part of the transition plan. Both formats will run in parallel for a time.
Wilfried Woeber: Report from DB WG
- more than 50 participants
- scribe: Mike Norris
- Ambrose Magee: RIPE Database (SW) status
- Jake Khuon: Privacy Issues in a Registry
- Jake Khuon: Tool Interfdace Requirements
- David Kessens: RA whoisD compatibility
- Joachim Schmitz: Authorisation in the aut-num object
DB AUP enforcement
Whois output of the RIPE DB now contains a copyright statement. Please also modify your local tools to reflect this copyright. It is important that customers are aware of this as well.
RIDE (Registry Information Dataformat Exchange) makes progress, will most likely be an IETF WG
- DB Securirity Task Force
- RPSL Transition
- Consistency Project
The budget for the next year has been approved. The RIPE NCC will have resources to address these issues (see ripe-162, RIPE NCC Activities & Expenditure 1998 for more details).
RIPE DB Software
Maybe reimplementation of RIPE DB SW. The design phase has started.
Niall O'Reilley: Are you thinking of also changing the format of the objects or only the tools.
Wilfried explains that there are currently many ideas. The changes might go deeper to the structure of the dataset. We might also try to modulise the code to make it scalable.
Niall thinks it would be nice of have early notice of any changes.
Mike Norris would like to know who is responsible for the data itself stored in the DB.
Wilfried says that the WG tries to come up with the technical solution. The data itself is under the responsibility of the maintainer of the data and any conflicts shall be sorted out between the parties involved.
Lars Johann Liman: Report on DNS WG
Because Ruediger Volk, the chairman of the DNS WG could not be present during the plenary session Lars Johann Liman gave a summary of the DNS WG.
- Scribe: Els Willems
There was a report from the IETF DNSIND WG
wanted: concise, specific, 'official' info for users site administrators to avoid bad configurations (in particular where bad defaults hit the market)
The document 'Classless IN-ADDR.ARPA delegation' by Havard Eidnes and Geert Jan de Groot is still an internet draft (draft-ietf-dnsind-classless-inaddr-03.txt).
- on Geert Jan de Groot and Harvard Eidnes to make sure their draft becomes an RFC
- on Hans Petter Holen to work on a new version of RFC1537 'Common DNS Data File Configuration Errors'
- on Hans Niklasson and Amar Andersson to collect items for recommendations
Mike Norris: Report from the LIR WG
IP address space allocation/asignment issues
- policy document has been revised, new number is ripe-159
- RIPE NCC has allocated about 50 ranges from 62/8 currently. No problems have been reported
- Maldwyn Morris from the RIPE NCC has implemented a web interface to find out about the status of requests sent to hostmaster _at_ ripe _dot_ net.
- Web assisted assignments and reverse delegation were discussed an implemented at the RIPE NCC. Entering data in the DB via the web is a different issue and are currently not planned.
- Action on Mike to identify tools used by registries that could also be useful for other registries
- host count has been shown. September will most likely show more than 5 Million hosts in the region
- error files
- all WG lists are open and are called -wg _at_ ripe _dot_ net
- local-ir _at_ ripe _dot_ net is closed and used to inform contributing registries about things that are only relevant for them
- ncc-co _at_ terena _dot_ nl is a closed list and informs all contributing registries about financial and structural issues.
Anti Spamming Proposal
- there were proposals on the local-ir mailinglist
- need for concerted action
- action on Mike to produce a document about possible solutions
Niall O Reilly: Report from TLD WG
- There was an action on Daniel Karrenberg to produce a paper about current d