Wednesday, 23 September 2008
The meeting opened and Paul Rendek, RIPE NCC, welcomed the attendees.
RIPE NCC Activities & Services Update
Speaker: Axel Pawlik, Managing Director, RIPE NCC
There were no questions.
RIPE NCC Statistics and Policy Update
Speaker: Andrew de la Haye, Chief Operations Officer, RIPE NCC
Dmitry Burkov, RIPE NCC Executive Board: How unified are the RIPE policies to the other Regional Internet Registry (RIR) policies? What problems does RIPE have and what are the differences in the development of policies in the other regions?
Axel Pawlik, RIPE NCC: Policy development is the same everywhere. The RIPE NCC was the first RIR to be set up and the others have followed. All the RIRs have a regional community that comes together at meetings to discuss policy proposals.
With many cultures across the globe there are many different ways to discuss and many different ways of doing things. When I first went to ARIN's meetings, I was amazed how much discussion there was. There was a lot of people taking part and a whole day was spent on policy discussion. There's also a lot of discussion on ARIN's policy discussion mailing list.
Then I went to an APNIC meeting and there was almost no discussion at all. Paul Wilson, APNIC's Director General, had to implore his Board to start some discussion or to voice an opinion.
At the RIPE Meetings, there's sometimes no discussion at all and sometimes there's hours of discussion. This is the main difference in how policies are made.
It is very important, especially now and in the coming years, for discussion about policy proposals to take place. The RIPE Working Group Chairs have to decide whether there is consensus on a proposal and sometimes it is not easy to decide whether consensus has been reached. So, it is important that you take part as much as possible in policy discussions.
The RIPE NCC strives to make sure that as many people as possible can come the RIPE Meetings. We need to be able to demonstrate participation in the RIPE Policy Development Process (PDP) and to show how many people participated in the discussion about a certain policy.
We also need to be able to show how many people are subscribed to the policy discussion mailing list. We can show these numbers to the Internet Governance Forum (IGF), when we might be asked how we are dealing with policy development. And we will be able to say that a few thousand people are aware of a situation and have discussed it. The more discussion on policy proposals, the better.
Rob Blokzijl, RIPE Chair: If you look at the various regions, you will see that the same subjects are under discussion. At the moment, this discussion is focusing on what to do with the last three blocks of IPv4 addresses. This is a matter that has to be decided about on a per region basis. I would be surprised if, in all of the five regions, the same policy would be decided upon. This is because of the differences in the Internet industry in the regions. In South America and Africa for example, the RIRs started later and there is little Internet connectivity and only a very small amount of address space used. The last block that will be allocated is substantially large in those regions but is almost nothing in the RIPE region. There is a lot more interest in Africa and South America about what to do with the last block. This is not good or bad but it is natural because if something is of not much importance, it does not need to be discussed for a long time.
Dmitry Burkov, RIPE NCC Executive Board: I would like to stress the importance of the RIPE Working Group discussion mailing lists. Only a small percentage of us is involved. The policies made are going to affect you. IPv4 depletion will affect you so if you have a substantial amount of Internet number resources, please sign up for the mailing lists, not only the RIPE lists, but the ARIN lists and the APNIC lists too. They are all open and the discussion is very helpful in the understanding of the future possible scenarios.
Paul Rendek, RIPE NCC: This is your region but it's important to see what your colleagues around the world are doing too. It's easy to join all of the RIR lists. Also, if you attend the RIPE Meetings, representatives from the other RIRs give updates about what's going on in their regions and give overviews about the policy discussions going on there.
Comment: Transition to IPv6 is a crucial issue. Does the RIPE NCC have an interactive course on the website? Can IT specialists get training on IPv6 issues? And, if you don't have it, are you planning to launch something soon?
Paul Rendek, RIPE NCC: In the past, we have wanted to put together IPv6 courses for our membership. However, the RIPE NCC cannot compete with the business of any of our members. It has been made very clear to us that there are members that provide these kinds of courses as a business, which is why we do not offer courses at the moment.
However, we have discussed this and believe that, as an RIR, it is our responsibility to make sure our members are prepared for IPv6 deployment. We will be approaching our membership at some point in the future to say that it's about time we have some comprehensive information about IPv6 transition. It is not just technical people who are asking for this. We have been approached by governments and the community has also bought it up. Governments say that, as we are an RIR, we need to take the lead in this.
Dmitry Burkov, RIPE NCC Executive Board: I don't think there is an issue of competition. The RIPE NCC should have more information about IPv6 to assist its members.
RIPE NCC Draft Charging Scheme 2008 and Administrative Update
Speaker: Jochem de Ruig, Chief Financial Officer, RIPE NCC
Question: After implementing charges for a Direct End User will the Provider Independent (PI) addresses also be scored for the LIR?
Jochem de Ruig, RIPE NCC: It will depend on whether the Direct End User has a contract directly with us or whether the End User has a contract with the LIR. If it has a contract with the LIR, it will be scored in the LIR's charging scheme.
Question: After implementing Direct End User charging, will it be possible for an LIR to cooperate with the RIPE NCC and the End User to receive the PI space for the End User or would the End User need something else before this happens?
Jochem de Ruig, RIPE NCC: The proposal has two options. One is that an End User gets resources from an LIR and signs a contract with an LIR. The LIR tells the RIPE NCC that it has a contract with the End User. The other option is that the End User goes directly to the RIPE NCC for the resources.
Question: If an End User gets a PI address via the provider can you substitute this allocation to the direct contract with the End User? We have existing assignments made by our providers - LIRS. Can you delegate this assignment directly so that the End User signs a direct contract with the RIPE NCC?
Axel Pawlik, RIPE NCC: It depends whether the End User wants to sign a contract with the RIPE NCC. The cost for the End User will likely be considerably high because, for the RIPE NCC, making the contract incurs the same expense as what we charge to a member in the extra small membership category. It would be more economical for the End user to sign a contract with an LIR, assuming that you charge a reasonable fee.
Jochem de Ruig, RIPE NCC: If the End User signs a contract with the RIPE NCC, for the first year, the End User will pay 2,000 euros plus the fee for an extra small member, which will be around 3,300 total for the full year. For the following years, the charge will depend on how many resources the End User receives. This is a big fee for an End User. The proposal is made so that, in general, the End User should get resources via an LIR and have a contractual relationship with them instead of the RIPE NCC.
Comment: Sometimes users take the PI addresses in order to make some kind of multihoming scheme. So when End Users select providers, this happens, and many LIRs also perform as Internet Service Providers. If the End User leaves the LIR that has allocated the addresses to them, a problem is encountered. It doesn't really matter how much they should pay because if they really need the IP addresses they are going to pay. It they don't need them, they will return them to the provider that allocated them. In this situation, the 'owner' of the PI addresses is the one who has the maintainer for them.
Comment: In terms of the policy, if you do not change the legal entity, this is the case. In all the other cases, it depends. The addresses are not an item that can be "owned". It is something the "owner" inherits and may "own" forever. Starting from this year, the RIPE NCC has a scoring system and all the scores and all the PI space that I have allocated to an End User will be scored to me. And if I say to the RIPE NCC that I don't need these addresses, the End Users will lose them. I am not going to pay for these PI addresses. In effect, an LIR will be an intermediary between the RIPE NCC and the End User and it is up to the LIR to make a good relationship with the End User. It used to be like this when PI addresses were not scored. A lot of LIRs have given PI addresses to End Users without any contracts. LIRs will start dropping those End Users. The LIR will say to the RIPE NCC that they don't have the pre-requisites which would satisfy the requirements and then there is no connection between the RIR and the End User.
Comment: The main problem is what happens with legacy PI space. There are many cases where there have been changes and no one can find the actual address users from a legal point of view.
Axel Pawlik, RIPE NCC: The reason the RIPE NCC has been asked to do this through a policy proposal is to make sure that we know precisely who is using legacy space. Finding this out for legacy space is complicated so this is why we have started with the new space we give out because we assume we know our members and the space they have given to their customers.
From 2009, in the RIPE NCC Charging Scheme, what we will do is take PI space into consideration for assigning a score to an LIR. For most LIRs, it's unlikely that the actual fee and your membership category will change due to this. As a member, you might say: "I don't want to pay more so I want to disassociate myself from those PI space holders." And then those End Users could go to the RIPE NCC or find an another LIR. Your business relationship with the PI space End User is supposed to be documented by a contract. So if you need to go to the PI space holder and tell them that you are now charged for their PI space and could you please pay me x amount, that is up to you.
The RIPE PDP has bought up a proposal that assumes that our members have a business contract or a relationship with the PI space holders. What should be in that contract has been discussed and the RIPE NCC will be publishing a bit more about this? We ask you to have a contract so we can ascertain exactly who has the space so that we can be sure that the records in the RIPE Database are correctly maintained.
Comment: What is the status of the PI space allocated? Is it allocated to me as the LIR or to the End User? If it is allocated to the End User, what's my role as an LIR and what is the scoring implication? If it is allocated to an LIR, why can't the LIR manage the space itself? As you explain it, it seems that I don't have the right to manage my PI space. Secondly, you mentioned that the user could go to a different LIR or the RIPE NCC and get the addresses from there. But the reason they got PI address space in the first place is so they did not have to go through the RIPE NCC.
Paul Rendek, RIPE NCC: The PI space was given to the End User so, when the End User leaves you, they will need to find someone else to register their address space with. The End User can then either be charged by another LIR to register this space in the database or they will have to enter into an agreement directly with the RIPE NCC. If that End User leaves you, the PI space is no longer the LIR's responsibility. If the End User does not require the PI address space anymore, the RIPE NCC requires that the space is returned.
Comment: Is there any mechanism for giving back the PI address space? If I know for sure that the End User will withdraw from a contract with me, is there any policy for the LIR to give back the address space? Who has the legal right to mange the PI address space that I give to an End User? Who owns the IP addresses? The LIR or the End User? Is there a mechanism for transferring the PI address space to a different LIR? Is there a method for excluding the payment for PI addresses from an LIRs billing score?
Comment: There is a policy that explains how to return the PI address space if the End User does not need it any more. This is part of your contract with the RIPE NCC.
Jochem de Ruig, RIPE NCC: To be clear, there is no ownership of IP addresses. Neither the LIR, an End Users or the RIPE NCC owns Internet number resources. This is a very important legal distinction. What you have is the right to use an IP address. This is why, from a legal view point, it is very difficult to take addresses back from anyone because there is no ownership. The RIPE NCC has consulted its lawyers and the process of reclaiming IP addresses will be extensive. We have no documentation yet because there is no policy yet. As soon as there is a documented process, details will be sent to the Russian Mailing List.
Comment: Who can use the PI addresses that are given to my LIR for the End User?
Jochem de Ruig, RIPE NCC: The End User.
Comment: Why are these addresses scored in my billing score then? They are not used by me.
Jochem de Ruig, RIPE NCC: Because you have the contract with that End User.
Comment: If I have the contract, I should be able to control any address space assigned to me.
Jochem de Ruig, RIPE NCC: Yes, if you have PA address space. Not if you have PI address space. This is the whole concept of PI space.
Axel Pawlik, RIPE NCC: The idea of the policy is to make sure that the RIPE NCC knows who the End User is. If you don't have a contract with them, and you don't know where the address space is, the data in the RIPE Database deteriorates. Remember, it's not the RIPE NCC that is asking for this, it is a policy proposal that was made by the RIPE community. The policy asks you to ensure that you have a contract with the End User. You might or might not charge the End User a fee. It's important that you know who the End User is and who has the right to use that address space because you are the one that made contact with us for that PI address space.
Comment: What part do I play then as an LIR? There is no mechanism. It is a bad policy proposal.
Axel Pawlik, RIPE NCC: There is not a mechanism in place yet but there will be a mechanism if the proposal is accepted by the community. The policy proposal clearly states that if an End User goes away from an LIR and takes the PI address space with them, the LIR that the PI space was given to should tell the RIPE NCC. The contract will back this up. And, an LIR should tell us that the End User has taken the space elsewhere because otherwise the LIR will be charged for the continued use of that End User's space. The RIPE NCC then knows that the address space is floating somewhere.
We expect the LIR that the End User moves to will come to us to tell us that they have been approached by the End User with the PI space and that they now have a contract with that End User. It will be a clause in the RIPE NCC's contract for an LIR to tell us this. If the new LIR does not inform the RIPE NCC, after a certain amount of time the RIPE NCC will recall that address space. And it will not be in the RIPE Database anymore. This will become the mechanism. What happens now is that an End User goes to an LIR and asks that their address space is routed, whether or not the details are in the RIPE Database.
This is also the reason the RIPE NCC is investigating certification. With certification we can see that address space will be certified and that it is clearly assigned by us. When there is no certificate then it shows that the address space is not assigned by us. Whatever the operators do with this information is beyond our control. The current situation does not contribute to the accuracy of the RIPE Database, and the accuracy needs to be improved. The idea of the policy proposal will help to rectify this. It is an important first step. What we do with the legacy space will also have to be investigated.
RIPE NCC Membership and RIPE Participation
Speaker: Rob Blokzijl, RIPE Chair
There were no questions.
Moderator: Andrei Robachevsky, Chief Technical Officer, RIPE NCC
There was discussion on the following topics:
IPv6 Hour during the RIPE 56 Meeting, Andrei Robachevsky
IPv6 Experience at Consulintel, Jordi Palet
"Me and My IP", Jaap Akkerhuis
RIPE NCC Information Services Update
Speaker: Franz Schwarzinger, Software Engineer, RIPE NCC
There were no questions.
Internet Governance Forum Update - Panel Session
Moderator: Dmitry Burkov, RIPE NCC Executive Board
Paul Rendek, RIPE NCC, explained that there are many new stakeholders entering the world of the Internet and governments are taking a much more active role in the running of the Internet. He said that, as part of the Technical Community, the RIPE NCC wants to make sure that the wishes of its members and the wider Internet community are taken into consideration by governments. Dmitry Burkov, RIPE Executive Board, introduced the panel, gave an update on governance issues and led the discussion on this topic.
IP History Database Implementation
Speaker: Pavel Khramtsov, RU Center
Andrei Robachevsky, RIPE NCC: Where is the IP history?
Pavel Khramtsov: When the provider moves, there are two things that can happen. One, they can inform you that they are moving. The second case is that they don't inform you that they have re-named a block. All the changes in blocks are traced in our database. It is requested daily. If there are any changes being introduced, including automated means like traceroutes to show that somebody moved or if a user gets an address from a neighbouring town, these changes are kept in our database.
Andrei Robachevsky, RIPE NCC: There are users who send you some information about some changes. You have shown the multi-stage process of forming this history. How much is done by humans and how much is automatic?
Pavel Khramtsov: About 80 percent is done automatically and 20% is done by humans. We have students working on the feedback for their internships.
Franz Schwarzinger, RIPE NCC: Is the RIPE Database the only source of information that you base the location of the IP address on?
Pavel Khramtsov: No, it's not the only source. When we started this, the RIPE Database used to be the single source of the placement and we had to study a lot of fields. Originally, we used phone number area codes as the area zone is quite precise for showing the geography. Now the situation is different. Today we only trace the changes from the RIPE Database, such as new allocations or changes in blocks. So, the RIPE Database is around 20% of the source of our information.
It's a two level scheme: we divide a block and then sub divide that among our clients. Nowadays this architecture is only used for the information that we receive from the RIPE Database as the sub levels are much deeper there. For address allocations, four is the normal depth. Sometimes two and three or even four address can be allocated. You probably know all about the governmental program for schools and post offices - no one is going to allocate a lot of IP addresses to a post office, for example. Only two to three addresses are necessary. Imagine a post office in a little town, getting connectivity through wire or an antenna. This is what we trace with our system.
Andrei Robachevsky, RIPE NCC: How do you trace the geography?
Pavel Khramtsov: Because of the user report. School children write a lot. This database is also the database of the gateways and you can trace how far it ran. On the other hand, if you are tracing from another region to the antenna, only the users can tell you where they got the signal from. This is one of the options. There are some other possibilities. For example, tracing from different points and seeing the response.
Comment: Why did you create it that way?
Pavel Khramtsov: This is our service.
Comment: What is the difference? You are telling us that this is a new service.
Pavel Khramtsov: It is new because it is now better.
Comment: This year International Domain Name (IDN) registrations started at RU Centre. Do you have any statistics?
Pavel Khramtsov: There were 12,000 IDNs registered on the first day of registration. There is a lot of interest in IDNs from the different regions. A lot of trademarks are made in the Russian language and people are happily registering these types of domains.
Comment: When the prices dropped down, there were 14,000 IDNs registered in the following 24 hours. What was the highest bid that you were offered for a name? How much did the most expensive name cost?
Pavel Khramtsov: The highest bid was US$ 19,000.
Speaker: Konstantin Tchoumatchenko, MSK-IX
Comment: When are you going to fully transfer the exchange. You started that process some time ago but it's only partially completed and we had problems with that.
Konstantin Tchoumatchenko: Actually, we expected to finish that yesterday but when we started to transfer, it turned out that 60% of participants had not checked and verified their configuration settings, which we had alerted them to do some time ago. So in order to keep their data and not lose it, we decided to move only one root server to the new configuration and so the next one will be moved to the new configuration when the remaining participants have checked their settings and altered them. So for those who have done it and finished everything, they are getting the services 100% from the new servers.
Comment: Why don't you roll it back to the previous version until all the participants have changed their settings.
Konstantin Tchoumatchenko: At node 10 we've got the updated version. At node nine we have the previous version. And because of that, we had problems and most of the traffic has gone to number 10.
Alexander Ilin, CTO MSK-IX: We had expected to do the transfer during one single day but since 60% of the participants had not altered their setting we decided to postpone it. But hopefully by the end of this week, we will move to the new root servers. If we are successful within the next two days, we will do it earlier. We will send you an email to let you know. We know you have had problems and your traffic has been distorted between the two nodes, number nine and number 10, but we don't really want to roll anything back because those people who have already altered the settings will suffer and we will have to wait longer.
Konstantin Tchoumatchenko: Unfortunately, or fortunately, the Internet Exchange is a service that is hardly noticeable. It has been operational for many years and people even stopped worrying about these ports and all of a sudden, when people get an alarm message they tend to ignore it.
Amsterdam Internet Exchange (AMS-IX) Update
Speaker: Arien Vijn, AMS-IX
Comment: Regarding remote connections, do you have technical requirements for pseudo wire providers?
Arien Vijn: We only allow one mac address so if a pseudo wire injects more mac address, we'll block those and we will nag you about it because we don't see the wire. A pseudo wire can be as long as you like. We don't do half duplex anymore.
Comment: There is no selection then?
Arien Vijn: No. We do have partners. If you use a so-called partner we know that you are using that particular provider. So, in case of a technical issue we can talk to them directly. If you want to use someone else who is not a partner, you are free to choose.
Comment: How do you define the responsibility zones between the customer and the pseudo wire holder?
Arien Vijn: Firstly, it's the customer or the member that we talk to. So we would say to the member: "We see these new mac addresses here and we don't want that". They will say: "They are not ours, perhaps they are from our pseudo wire provider." Then we are willing to talk with the pseudo wire provider.
AMS-IX is also willing to monitor the traffic. We have the capacity to monitor on 10 gb Ethernet and we can look at your traffic if you want. If it is not clear where traffic is coming from, we can say we will monitor your port if you want us to and will provide you with a frame decode of what it's all about. We are also in contact with all the major router vendors to resolve bugs. We are really active in getting issues resolved. A shared medium - a shared network with multiple mac addresses and multiple parties - is unmanageable.
Comment: Could you explain in more detail why is it necessary to use optical layer one switches?
Arien Vijn: When we started, there were two reasons for this. The most important reason was our experience that new cutting edge ethernet switches were unreliable. We had to connect members and we said we cannot wait five years until the switches become stable so let's do it differently: we'll put just two switches, one of which works. If there is some bug or hardware failure or whatever, we will switch to the other one. That's why we introduced this technology.
It has given us a lot of freedom to work on the non-working side of the platform. It gave us a really reliable network for about two years when we introduced all this stuff and we are happy with this technology. We also use it for other stuff. For example, two weeks ago, one of our network cards broke and I had the network cards on the switch so I moved the members to the other network card on the other switch instead of moving the whole platform over and resolved the issue. The other initial reason to use it was that it was cheaper for us to do it, as we had only two back then. Now it's not cheaper anymore but we keep on using it because it works.
Speaker: Frank Orlowski
There were no questions.
The meeting closed.