This policy proposal has been accepted
The new RIPE Document is: ripe-684
You're looking at an older version: 1
The current (published) version is 2This policy proposal aims to match the subsequent IPv6 allocation requirements with the initial allocation requirements, which were modified in October 2015 (RIPE-655).
This synchronisation with the initial IPv6 allocation policy is needed because the policy proposal 2015-03 introduced new criteria for evaluation, including hierarchical and geographical structuring, segmentation for security, and planned longevity of the allocation.
However, organisations that have already received an initial allocation and started their deployment are not able to apply for more IPv6 address space using the new criteria. Their only choice is to return their current address space, which forces them to renumber their network. Otherwise they can justify additional addressing space based on the actual utilisation calculated with the HD-ratio, which in turn means they need to be using a large part of the initial allocation, about 30% depending on the size of the allocation. This disadvantages LIRs that have already received an initial IPv6 allocation against newcomers
This discriminatory situation may contribute to a delay in IPv6 deployment, especially in big organisations.
The current policy text is attached to a standard notion that End Sites should be assigned a /56 IPv6 block each, but in reality different ISPs and different services within the same ISP may provide different assignment sizes, such as a /48. So, this need must also be considered for subsequent allocations.
The current policy text also refers to a strict two-year period, instead of being about the desired longevity of any new allocation. To achieve parity with the initial allocation policy this issue also needs to be addressed.
Finally, the initial allocation policy text allowed networks to rely on the justification of other needs and not only on the total number of users. Networks are now able to reference the extent of their infrastructure, the hierarchical and geographical structuring of the organisation, the segmentation of infrastructure for security, and the planned longevity of the allocation. It makes sense to synchronise the subsequent allocation criteria with this as well.
Organisations that hold an existing IPv6 allocation may receive a subsequent allocation in accordance with the following policies.
Subsequent allocation will be provided when an organisation (i.e. ISP/LIR) satisfies the evaluation threshold of past address utilisation in terms of the number of sites in units of /56 assignments. The HD-Ratio [RFC 3194] is used to determine the utilisation thresholds that justify the allocation of additional address as described below.
[...]
When an organisation has achieved an acceptable utilisation for its allocated address space, it is immediately eligible to obtain an additional allocation that results in a doubling of the address space allocated to it. Where possible, the allocation will be made from an adjacent address block, meaning that its existing allocation is extended by one bit to the left.
If an organisation needs more address space, it must provide documentation justifying its requirements for a two-year period. The allocation made will be based on this requirement.
Organisations that hold an existing IPv6 allocation may receive a subsequent allocation in accordance with the following policies.
Subsequent allocation will be provided when an organisation (i.e. ISP/LIR):
[...]
When an organisation meets the subsequent allocation criteria, it is immediately eligible to obtain an additional allocation that results in a doubling of the address space allocated to it. Where possible, the allocation will be made from an adjacent address block, meaning that its existing allocation is extended by one bit to the left.
If an organisation needs more address space, it must provide documentation justifying its requirements for the planned longevity of the allocation. The allocation made will be based on this requirement.
The same considerations that were discussed when the initial IPv6 allocation policy was proposed (2015-03) and successfully amended can be considered here. For further details, please refer to https://www.ripe.net/participate/policies/proposals/2015-03.
The text on ripe-655 (5.1.2) implies that it will be easier for a new LIR to justify an allocation larger than a /29 compared to an LIR that has already received a first IPv6 allocation.
This proposal will benefit LIRs with particular dynamics in terms of grouping both their user base and infrastructure. Having more bits to keep for future changes to their IPv6 addressing plan should be a clear benefit.
IPv6 address conservation should not be an issue. If abuse occurs, the policy can be further amended by a new policy proposal that will probably also include amendments to the initial allocation criteria.
Furthermore, a few years ago Tony Hain did some calculations around the expected lifetime of IPv6. Even if we allocate a /48 for every possible human on planet Earth, this is close to 480 years. This means that we don’t have a risk of exhaustion as with IPv4. The authors believe that the next big Internet problem will not be associated with the lack of addresses, but instead will be related to other technological challenges.
In terms of management, having all the infrastructure under the same addressing hierarchy on the same IPv6 prefix will facilitate building «allow filters».
Regarding the global routing table, having a bigger prefix should avoid using more routing slots. However, this ultimately depends on how the prefix is used by each organisation.
With this policy proposal, the authors also wish to avoid cases where /58s, /60s or smaller IPv6 address blocks are distributed to lower hierarchical organisations (within extensive vertical organisations) due to the constraints that a /29 could represent. The authors believe that End Sites must be able to subnet, even residential ones, which implies a /48 prefix assignment.
It can be argued that an alternative to the HD-ratio (hierarchy requirements, etc…) could consume the RIPE NCC’s IPv6 pool faster.
Mitigation/counter-argument: If this becomes an issue, the first allocation policy will be falling into the same issue and so far the RIPE NCC has not identified this as a risk after the last policy change.
RIPE NCC IP Resource Analysts will need to spend additional effort to understand requests and the details supplied.
Mitigation/counter-argument: This will not be any different to the current process with initial allocations.
Some security related concerns may arise, especially if large infrastructures stay exclusively under a single prefix (easily filtered out from third party networks, i.e. «deny filters»).
Mitigation/counter-argument: On the other hand, more aggregation can also favour the build-up of «allow filters».
The current different rules regarding a first allocation and a subsequent allocation can be circumvented by either creating a new LIR, or returning an initial allocation made under the old criteria to the RIPE NCC (which could imply a costly renumbering process).
Mitigation/counter-argument: The path described above will be time consuming – synchronising the criteria is much simpler.
There could be global IPv6 routing table concerns if bigger prefixes are split into smaller ones.
Mitigation/counter-argument: This could also happen with initial IPv6 allocations. In the end it depends on the policy of the organisation using the prefix. There is also no guarantee that this won’t happen if the prefix is smaller – smaller prefixes may be split into even smaller blocks, which may be worse. The minimum acceptable routing advertisement size is not touched in any way by this policy proposal.