[address-policy-wg] Policy Proposal 2006-02 (IPv6 Address Allocation and Assignment Policy)

JORDI PALET MARTINEZ wrote:
[..]
>> "The assigned prefixes must be longer than the one allocated by RIPE
>> NCC." is useless as the LIR can't pass a shorter prefix down as they
>> don't have been assigned that portion.
> 
> The goal of this part of the text is to avoid that a prefix is received and
> assigned totally to the same customer.

So you want to avoid a /48 to be allocated to an organization who can
then use it at their own site? What is the use of changing that then?


> So yes, can't pass a shorter prefix,
> but could pass the same one and this will not be good as it can be a kind of
> "bypass" of the rule in order to provide an alternative way for doing PI to
> customer, which is not the intend of this proposal.

You want to avoid "PI" but you also state in the proposal to make the
policies the same as other RIRs. Bit strange as they don't have these
changes, they have a separate PI policy.

So for whom exactly are these changes that are proposed in this
proposal? I don't see anyone really being helped by it and especially
not the people who have actually been complaining.

>> The "must be advertised" part causes any non-internet usage to be 'illegal'.
> 
> Yes, this has been already raised before.

You stated that all the previous discussion was nullified and that all
arguments should be raised again.

> In my opinion is difficult to
> explain why an ISP could have a need to get a prefix and not use it in
> Internet. If that's the need (customer demand), then he has three possible
> alternatives (I'm not saying all are valid, but for sure one among these 3
> will fit each possible case):
> 
> - Use of link-local addresses

Useless for this purpose as it only works on one link and is far from
globally unique.

> - Use of ULA
> - Use of ULA-central (I know this is still not done, but I'm trying to
> revive it already and you will see soon a new policy proposal on this
> regards)

Neither of these can be globally routed. A company might today want to
move to IPv6 and not have their network routed, ULA will then be fine
indeed. But what if the user want to change to public addresses? Then
they would have to renumber, while they can better get a public
registered address space first, not announce it, and then announce it
anyway later on.

Most networks will end up being connected to the Internet or to another
network one day or another, being able to globally route it is thus a
requirement for quite some organizations. ULA's thus don't cut it.
Unless you want to see those popping up in a BGP near you.

>> Also the "must advertise.. single..prefix" part is currently already not
>> being honored; also you cannot require this and there is currently no
>> way to stop that.
> 
> There are many details in may policies that are not being enforced by RIRs.

Then don't include them. It's like saying that jaywalking is illegal
while everybody does it and nobody will actually care. Don't make it too
difficult, don't try to bury things in words.

> That's debatable I think. Most of the LIRs follow the rules, some others
> not. I'm not arguing here if this is good or bad, as this part of the text
> is the same as in the existing proposal (may be different wording but
> exactly the same meaning).

It is in the original one with different words and they are not enforced
either.

> As explained in previous emails, if we want to change that, it will be
> better to do in a different policy proposal and have a different discussion
> about that, otherwise it may become difficult to achieve consensus in the
> main change here (removing the 200 /48).

This proposal changes the wording, you can then just as well also
completely take out that part instead of fumbling with words.

>> A way to stop it would be requiring S-BGP but that will not be done for
>> the coming years. Also most likely S-BGP will still allow the owner of
>> the certificate to announce more specifics.
> 
> Yes, this is a possibility, but I think there is a more realistic one. Let
> market decide, if you break aggregation and as a consequence this cost money
> to the rest of the ISPs, some of them may decide to filter strictly on
> allocations and not accept more specifics. This already happens today.

If "let the market decide" is the answer then there is a MUCH easier
one: just take 8000::/3 and start picking random blocks from there. No
need for RIRs to be involved, saves a lot of hassle, and as long as you
are large enough (content wise, user wise, money wise) you can get that
prefix to be accepted anyway. Same goes for DNS and all other internet
resources, they are just numbers. The biggest one wins.

>> The whole more-specifics business depends on one factor: Money
>> If you pay people enough or it is important enough one can announce it
>> anyway and no RIR is going to stop that.
>>
>> Including that portion is just a lousy way of trying to inhibit routing
>> table growth which will not work; as can be seen by the multitude of
>> longer prefixes being announced into the global IPv6 routing tables
>> already. (*)
> 
> Having the text in the policy helps to take measures if needed.

What can a RIR do against it? Say that the LIR can't use the prefix
anymore? How will a RIR do that exactly? Tell them they are bad and
evil? Come on, 3ffe::/24 is also still announced and that is now IANA's
block again and in effect 'illegal' to be in use.

[Bill, did you see the black helicopters around your house already? :) ]

> Not having
> that text will not help at all, while keeping the text provide a possible
> way for the community to take actions, if required, and meanwhile doesn't
> hurt.

ISP's are already doing it and nothing is being done against it.
They will and are creating their own PI without the 'community' being
able to do anything about it: except filtering, which is not happening (yet)

>> Lastly "# have a plan for making assignments within two years.",
>> everybody has a PLAN to do something, actually doing it something else.
>> As the number of assignments is removed, there is no way to check up on
>> this, next to there not being any requirement of actually registering
>> these assignments in the RIPE db, thus there is no way to check.
> 
> The point is not asking LIRs to lie about the "size" of the plan. Some LIRs
> could have a plan for just a few customer, and actually if they say the
> true, they will not get an allocation because they don't have a plan for 200
> customers. So they could tell to RIPE that they have a plan for 200
> customers and get the allocation. This is completely artificial.

If it is artificial then why is it included?

If they only have a plan for a few customers then they should say "we
only need a /40" to RIPE and should be able to get that /40.

Then again, address-space wise there is not much wasted in giving a /32
to everybody who wants it. (16^2 is a lot :)

> I don't believe anyone NOT willing to provide services will ask for an
> allocation.

Why not? Maybe some company just wants address space to be able to say
they have it. Just check the current allocations which are allocated but
have not been announced in the last couple of years.

Maybe they just want to secure their address space for later, how can
you know, it is their company not yours.


> RIPE can check that at any time by asking customer contracts.

And then they show 2x /33, one for their games department and one for
their work department. Doesn't really help does it?

As mentioned even if RIPE then finds out that it does not qualify, then
what are they going to do?

> However I think is wrong to set-up an artificial barrier and say if you are
> a small ISP and don't have 200 customers, you can't have access to an IPv6
> block.

That is why I say: take it out completely. Don't make it more confusing
than it already is. Especially not with artificial 'we are going to take
it back' which is never going to happen.

> I thought all the /48s assignments need to be registered (I may be wrong).
> So this is not changed by this policy proposal.

Clearly not as there are enough allocations that don't have a single
assignment but they are announcing the whole block.

Please check BGP before you try to make up a policy.

Greets,
 Jeroen

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 311 bytes
Desc: OpenPGP digital signature
URL: </ripe/mail/archives/address-policy-wg/attachments/20070318/d62171c3/attachment.sig>