Tag Cloud:

Invitation to Review CRISP Draft Proposal

By John Sweeting, ARIN CRISP Team Member

The ARIN Consolidated RIR IANA Stewardship Proposal (CRISP) team members, along with our colleagues from each of the other four RIRs, are hard at work preparing the proposal to submit to the IANA Stewardship Transition Coordination Group (ICG).  (Check here for background on the IANA Stewardship Transition) We’ve had four conference calls so far in addition to an initial face-to-face meeting.  We held our most recent conference call yesterday on 18 December, and we are making good progress. The first draft of the Consolidated RIR IANA Transition Proposal is now available for review and comment.  See the PDF of the Draft Response to the Internet Coordination Group Request for Proposals on IANA from the RIR community.

IANA Transition Discussion

The draft addresses all six parts of the ICG’s RFP including:

  • Number Community’s Use of IANA
  • Existing, Pre-Transition Arrangements,
  • Proposed Post-Transition Oversight and Accountability Arrangements
  • Transition Implications
  • NTIA Requirements
  • Community Process

Key points in the proposed transition are:

  • Continue with ICANN as operator of the IANA function
  • Exchange a service-level agreement with ICANN as the IANA function operator on number resources
  • Establish a Review Committee with representatives from each RIR region

Discussion of this proposal will be held on the NRO global mailing list, so please subscribe to ianaxfer@nro.net to provide your feedback on the first proposal from the numbers community.

For links to all documents and meeting notes please visit the NRO CRISP Team Page. Your comments on the first draft of the proposal are due by Monday, 5 Jan. 2015. The second draft of the proposal is scheduled to be published on 8 Jan. 2015 with the end goal of the submitting the final proposal to the ICG on 15 Jan. 2015. With these tight deadlines in mind, please take the time to review the proposal soon and provide your input to the mailing list.


Set Up IPv6 in Your Own Home

Jeremy Duncan, Managing Partner and IPv6 Architect at  Tachyon Dynamics, gives his opinion on some good applications and tunneling providers you can use to get IPv6 in your home if your ISP doesn’t offer it already.

Guest blog post by Jeremy Duncan, Tachyon Dynamics

IPv6 in home or residential networks is getting much better.  North America has seen exponential IPv6 use on the Internet year after year since World IPv6 Launch (6 June 2012).  Residential Internet service providers like Comcast and Time Warner are almost singularly responsible for this sharp and dramatic growth.  However, if you aren’t a Comcast or Time Warner user, it’s a totally different story.  I’m one of those users, and I want to pass on some of the great ways to setup your own IPv6 internet access using one of the great (and free) IPv6 over IPv4 tunnel providers.

Don’t Have IPv6 at Home?

So your ISP is one of any of the minor and major ISPs that have no IPv6 implementation currently.  What can one do?  Do it yourself!  I’ll show you a few applications and tunneling providers to use, as well as ones to never use.

Hurricane Electric

This is probably the best IPv6 in IPv4 tunneling provider out there today. Also, it’s free for small networks. The provisioning is very easy. The graphic below shows how to provision a tunnel and it gives you sample configurations for your gateway of choice. Basically, anything that can do a 6in4 tunnel (IPv4 protocol 41) can use this service. This includes any workstation or server operating system, router, firewall, or custom CPE (e.g. OpenWRT).


Just go to http://tunnelbroker.net. Once there, you can create an account, and select “Create Regular Tunnel.” There it will ask you which PoP you’d like to use and what your public IPv4 source address is. Once you click “apply,” the full configuration screen will be presented and your tunnel is activated and ready to connect. If you aren’t sure how to do tunneling configured you can click “example configurations,” and it will give you the exact CLI configuration needed for your gateway of choice. For example, here is one for a Cisco IOS router:

configure terminal

interface Tunnel0

description Hurricane Electric IPv6 Tunnel Broker

no ip address

ipv6 enable

ipv6 address 2001:db:1:1::2/64

tunnel source

tunnel destination

tunnel mode ipv6ip

ipv6 route ::/0 Tunnel0


Once you have the tunnel up and running, go back into the provisioning page and click “request a routed /48 prefix.” With this prefix you can assign 65,536 /64 network on your home LAN. That will probably be enough for now. :)

Other Hurricane Electric Services:


SixXs is more of a community supported tunneling service. They aren’t backed by a large corporate entity like Hurricane Electric, but still provide a few good tunneling services. They were one of the first 6in4 tunneling providers to the industry.

When you navigate to https://www.sixxs.net, sign up for an account. SixXs is very diligent about keeping tunnels up and healthy and are constantly checking on the health. When you have an account you get points for how long your tunnel remains up, and are subtracted points when your tunnel is down. You can cash these points in for /48 prefixes and other little goodies along the way. These incentives keep the overhead of maintaining dead tunnels to a minimum as it is community supported.

Their data rates don’t match Hurricane Electric. I see comparable IPv4 to IPv6 tests with Hurricane Electric, but much slower with SixXs. However, it remains a very good, free, and relevant IPv6 in IPv4 tunneling service. SixXs also provides:

  • Automatic IPv6 Client Utility (AICCU): This is a client-side software application that uses UDP port 5072 to tunnel IPv6 over IPv4 UDP. Certain networks may not allow UDP port 5072 outbound, so use this with care. Details are here: https://www.sixxs.net/tools/aiccu/
  • IPv6 website gateway: This URL-based proxy allows you to connect to IPv6 enabled website using an IPv6 domain name. For example, http://ipv6.google.com.ipv4.sixxs.org will get you to the IPv6 only Google website, but the SixXs gateways will proxy you using IPv4 to your web browser. Details are here: https://www.sixxs.net/tools/gateway/
  • IPv6 Unique Local Address (ULA) registration site: As per RFC 4193, ULA address must not be routable, but must still be globally unique. This site will use the algorithm to generate globally unique addresses, then will register them so organizations can use them later as bogon lists if needed. Details are here: https://www.sixxs.net/tools/grh/ula/


GoGo6 was a company that sprang from Hexago. Hexago was the company that created the appliance-based IPv6 tunnel broker. It was an all in one, and easy to deploy, full tunneling solution. The company is called GoGo6 now and it’s product is called GoGoServer. It offers a free service for users to connect using a client application similar to SixXs, but with more tunneling options: 6in4, UDP port 3653, and DS-Lite. More details on this service is here: http://www.gogo6.com/freenet6/tunnelbroker  That client application configuration looks like this:


GoGo6 also offers the following services:

  • Appliance/CPE for the client-side tunneling called GoGoCPE that is sold for a very small cost: http://www.gogo6.com/gogoware/gogocpe
  • You can register for the free IPv6 social network called GoGoNET. Most of the IPv6 industry professionals are here and able to talk and answer questions. Details are here: http://www.gogo6.com/getting-started
  • GoGo6 also has an annual conference where they bring in industry experts and talk about IPv6 issues of the day called GoGoNET Live. Details for that event is here: http://gogonetlive.com/

Tunneling You Should Never Do – Ever!

The previous services and providers I mentioned are very good and have a lot of management and oversight around them. However, there are a few services you should never use for the following reasons:


Don’t ever enable this. If your Windows machine is on a Windows domain, whatever you do don’t re-enable it. If you have a home PC, then you need to disable it ASAP! Use the DisabledComponents registry key to do this. Just follow this registry path:


Now in this path create (or edit) the 32-bit DWORD file DisabledComponents with a decimal value of 1. Then reboot your machine. This setting will disable all IPv6 tunneling mechanisms on your machine. This is best practice for all Windows machines unless it is a DirectAccess Server.

So why is Teredo so bad? One word: control. First, the tunneling mechanism uses UDP port 3544 for client-to-server communication. However, that’s not the only port. Once the server assignes the address to the client it then directs the client to a Teredo relay based on Anycast. This means the client could theoretically be pointed to a Teredo relay anywhere in the world. At this point the Teredo-enabled client can get to the IPv6 Internet through the Teredo relay anywhere in the world. That is the bad part. So I recommend never using it, ever.

  • Disable IPv6 tunneling in DisabledComponents
  • Block UDP destination port 3544 and 3545 on your gateway device


Don’t ever enable this either. Regardless if your Windows machine is on a domain or not this function is always enabled. However, it will not configure itself unless it has a public IPv4 address. However, if it does have a public IPv4 address, then the Windows machine does not need a server to configure its address. It uses a 6to4 addressing algorithm as explained in RFC 3056. This algorithm from an IPv4 only client to the IPv6 Internet uses the 6to4 prefix, IPv4 public source address, the subnet ID, and the local IPv4 private address. So it looks something like this: 2002:4A7D:2B63: 5EFE::C0A8:0064

When setting up 6to4 on a local LAN, the subnet ID can be configurable, but Microsoft uses the 5EFE subnet ID. Once it auto configures this address the windows machine will go out to ipv6.microsoft.com. That DNS name resolves to the public IPv4 address of the Anycast 6to4 relay. This machine will then be able to go to the IPv6 Internet. The same security problems remains as with Teredo, it could go anywhere in the world.


  • Disable IPv6 tunneling in DisabledComponents
  • Block protocol 41 on your gateway device


The residential ISPs are doing better. Between Comcast and Time Warner, users mostly likely have IPv6 in their networks. However, others still trail behind. There are many good and free tunneling solutions from Hurricane Electric, SixXS, GoGo6, for home users to try. However, I recommend to never use Teredo and 6to4 for security reasons outlined above. If you have any questions or comments about this blog please don’t hesitate to reach out to me at jduncan@tachyondynamics.com


Jeremy DuncanJeremy has spent over 10 years working in enterprise IT doing next generation technology deployments like IPv6, advanced networking, and open source solutions.  He participates regularly with the North American IPv6 Task Force; often speaking at the North American IPv6 Summits each year.  Jeremy spent 11 years in the U.S Marine Corps deploying to Iraq twice during Operation Iraqi Freedom 1 and 2 as a Communications and Information Systems Officer.  Jeremy has worked in the DoD with a wide range of information security, network engineering, and network architecture experiences with DISA, JITC, DTRA, and DTIC.  He currently leads up Tachyon Dynamics’ DoD UC APL and IPv6 training and engineering portfolios. He has a Masters of Science in Information Systems and is married with two wonderful children.


5,000 Reasons to Celebrate

By Jud Lewis, Member Services Coordinator, ARIN

We are glowing because we have just reached 5,000 Members! We wanted to get you each a cupcake with 5,000 candles but with local fire ordinances and all, we hope you enjoy this picture instead.

Cupcake with candles

ARIN is a member-based organization, and we couldn’t have made it this far without the support and guidance of our Membership. Since our inception, you have participated in 34 Public Policy and Members Meetings, initiated and discussed over 88 community-developed policies, and cast over 21,000 votes in ARIN Elections. Thank you!

When ARIN was established in 1997, we had just 100 member organizations. As the Internet expanded so did ARIN, averaging about 30 new Members each month.

ARIN membership graph

ARIN’s Membership structure differs from most of the other Regional Internet Registries as holding Internet number resources from ARIN Is a prerequisite for obtaining ARIN Membership.

The vast majority of ARIN Members are Internet Service Providers, who are granted automatic membership when they receive a direct allocation of IPv4 or IPv6 addresses. Currently ARIN has 4,949 Subscriber Members. Some examples of ARIN Subscriber Member organizations include Google, Galaxy Networks, Comcast, and PGI Solutions LLC. ARIN also offers an option to be a Paid Member to organizations that have Autonomous System numbers (ASNs) or direct assignments of IPv4 or IPv6. Currently ARIN has 53 Paid Members like Blue Cross and the National Water Commission (Jamaica).

We rely on our members to be “good citizens” by voting in elections, attending meetings, and participating in the policy process, so we can continue to fulfill our mission. The primary benefit and responsibility of the ARIN Membership is voting each year in ARIN Elections for the ARIN Board of Trustees and Advisory Council. So we especially appreciate all the Designated Member Representatives (DMRs) of member organizations  who vote in ARIN Elections. ARIN Members can also subscribe to the ARIN Discuss Mailing List, publish the ARIN Member logo on their website, and appear in our online member list.

ARIN Member Logo Sample

Considering applying for Membership?  You can click here to find application instructions.  Perhaps your organization is already an ARIN Member.  If so, we encourage you to consider becoming more involved by attending an ARIN Meeting.  Our next meeting is ARIN 35 in San Francisco from 12-15 of April. If attendance isn’t in your budget, we encourage you apply to an ARIN Fellowship for a chance to attend your first meeting at no cost.

ARIN Members are the organizations that have paved the Information Superhighway that is increasingly critical to our region’s economic, educational, and social lives. Thank you ARIN Members for all of your vital work and we look forward to watching our membership numbers continue to rise as the Internet soars to unseen heights!

If you have questions about membership please reach out to ARIN’s Communications and Member Services Department at info@arin.net.



Meet your 3 ARIN Region CRISP Team Members

By Bill Woodcock, John Sweeting, and Michael Abejuela

If you’ve been involved in the Internet community for any length of time, then you know we can’t speak more than a couple minutes without dropping 1 or 2 (or 10) acronyms at a time. Well, here’s one more to add to the alphabet soup – the CRISP team, short for the Consolidated RIR IANA Stewardship Proposal (CRISP) team.

The CRISP team was established by the five RIRs (there we go again, the Regional Internet Registries) to develop a single proposal on behalf of the numbers community for the IANA Stewardship Transition to the IANA Stewardship Transition Coordination Group (ICG). Each of the global numbers, protocol, and names communities are tasked with presenting unified proposals, and the CRISP team will be facilitating the process for the IP addressing community.

Meet the 3 representatives on the CRISP team from the ARIN region as they introduce themselves to you:

Bill WoodcockBill Woodcock

President and Research Director at Packet Clearing House

In addition to his seat on the ARIN Board of Trustees, Bill Woodcock is the Executive Director of Packet Clearing House, the international non-governmental organization that builds and supports critical Internet infrastructure, including Internet exchange points and the core of the domain name system. Since entering the Internet industry in 1985, Bill has helped establish more than two hundred Internet exchange points; was one of the developers of the anycast routing technique that now protects the domain name system; was one of the principal drivers of California 17538.4, the world’s first anti-spam legislation; and was principal author of the Multicast DNS and Operator Requirements of Infrastructure Management Methods IETF drafts.

He co-founded INOC-DBA, the security-coordination hotline system that interconnects the network operations centers of more than three thousand ISPs around the world. And in 2007, Bill was one of the two NSP-Sec international liaisons in the Estonian CERT during the Russian cyber-attack.  Bill has been working on the IANA oversight transition issue since 2004, when he began pressuring NTIA to allow ICANN to DNSSEC-sign the root zone, and found considerable opposition for non-technical reasons.

John SweetingJohn Sweeting

Sr. Director, Network Architecture & Engineering at Time Warner Cable

John Sweeting is the Sr. Director, Network Architecture & Engineering at Time Warner Cable, working out of their Herndon, VA office.  His team is responsible for engineering of the Time Warner Cable backbone and providing standards, documentation, and guidance for the regional networks. John has over 25 years of experience in engineering networks. Previous to Time Warner Cable he worked for international carriers, MCI, Cable & Wireless and Teleglobe (Tata Communications) building out global IP networks. John previously served on the ARIN Advisory Council (AC) from 2000 – 2005. He rejoined the ARIN AC in 2008 and has served as the AC Chair for the past 3 years. He was reelected in 2011 and his current term expires 31 December 2014.

My interest in serving on the CRISP team originates from my years serving on the ARIN advisory council. I have had an interest in the management of Internet Number resources since my first involvement with ARIN over 16 years ago. I view the transition of the IANA functions oversight as it relates to this topic as a very logical and timely next step in the evolution of the Internet. My experience as a member of the advisory council, most recently as the Chair, provides me with a unique insight into working with the community to develop a solid proposal for the transition.

Michael AbejuelaMichael Abejuela

Associate General Counsel at ARIN

Michael Abejuela is ARIN’s in-house legal counsel and has been with ARIN for over four years.  He has practiced law for over ten years, and from the beginning of his legal career, has worked on various Internet law issues including CAN-SPAM Act litigation, UDRP disputes, online copyright/trademark infringement, online business consulting and contracts. Since coming to ARIN, he has counseled the organization on a variety of corporate legal matters and supported both the ARIN Board of Trustees and Advisory Council as well as ARIN executive management and staff.

I am excited to be working as the ARIN staff representative with the CRISP team on this critical issue of IANA stewardship oversight transition.  I look forward to supporting our ARIN region community representatives as we participate in the development of the IANA stewardship transition proposal from the global IP addressing community. My work with ARIN, specifically engagement with the ARIN community and our bottom up, consensus driven policy development process, has provided me with the ability to ensure the incorporation and consideration of valuable community feedback in the preparation of the transition proposal to be submitted to the ICG.


The CRISP team will be communicating via a public mailing list – ianaxfer@nro.net – Subscribe to join in the conversations about this important transition.  If you’d like to learn more about the process, the Number Resource Organization (NRO), representing the five RIRs, has more information on the CRISP Team that will be diligently working on the IANA Stewardshiptransition proposal to present to the ICG by 15 January 2015 on behalf of the numbers community.


The Sun Sets on the 2014 ITU Plenipot

Part 1 by Cathy Handley, Executive Director of Government Affairs & Public Policy, ARIN

As the sun rises in the ARIN region, the sun sets on another Plenipot…

ITU Plenipot In Busan, Republic of Korea, the main policy-making conference of International Telecommunications Union (ITU) just concluded after a long three weeks. This Plenipotentiary Conference (PP for short) is held every four years for Member States to decide on the future role of the organization.

It’s funny how things change in four short years. At this time four years ago at the ITU PP in Guadalajara the mood was far from collegial. The RIR community was in attendance physically, but not there in the eyes of many of the Member States.

This PP we were there with our friends. Yes friends. It was nice to be greeted with open arms and smiling faces. We had made it, we were recognized as members of the ITU that had a stake in the game and were included in the negotiations during the conference. That is not to say we didn’t have our differences of opinion; we did, but this time we all listened to each other and worked through the issues as colleagues not as adversaries.

Of concern to our community, I think the most significant negotiation resulted in the removal of language that suggested the ITU should look into becoming a number registry that allocates IP addresses. This discussion centered around the observation that the Regional Internet Registries (RIRs), already provide this service to the community based on an transparent bottom-up process with proven success.

ITU Plenipot

Part 2 by Einar Bohlin, Senior Policy Analyst, ARIN

I joined Cathy for the second half of the meeting, starting with an adhoc working group on Internet related issues. The adhoc’s agenda included proposed changes to three existing Resolutions:

  • 101 Internet Protocol-based networks
  • 102 ITU’s role with regard to international public policy issues pertaining to the Internet and the management of Internet resources, including domain names and addresses
  • 180 Facilitating the transition from IPv4 to IPv6

These existing Resolutions are ITU policy. As far as changes are concerned, in addition to the item Cathy mentioned above on the number registry, topics of discussion included: multilingualism and IDNs, best practice information for Internet Exchange Points (IXPs), reducing the cost of international connectivity, and the “ITU’s role in realizing Secure Information Society.” This last topic was one of a few new proposals, none of which advanced to become Resolutions.

If you attend a Plenipot, you will notice the meetings are run formally. The Chair must recognize speakers, and he controls the queue. All speakers have their own microphones with a button to push to ask to be recognized. As many speakers pointed out, the discussions took place in an atmosphere of “compromise and collaboration.” It was very interesting to see the give and take, and to see member states align and support each other.

I was intrigued by the process here. In a nutshell, proposals called Limited Distribution Documents (DLs), are discussed first in smaller adhoc groups. Proposals then go to the larger gathering of the working group (WG). When the WG finds consensus, it requests that the proposals be translated into the UN languages (this makes them Temporary Documents (DTs)). Finally, proposals are presented and approved at the full plenary. There is less discussion as proposals climb up the process. That’s how it is supposed to work, and it worked.

Plenipot attendees are a community of colleagues and friends, and I’m grateful for the warm welcome that was extended to me as a new person, by sector members and member state delegates alike. Of course this is due to the outstanding work that Cathy Handley has done making ARIN a recognized and respected sector member here at the ITU.

If you would like to watch some of the sessions from the PP, archive webcasts are available to view and documents are available to download.


8 steps to get your site ready for IPv6

Republished with permission from the Mythic Beasts blog detailing how to get 10/10 on their IPv6 domain readiness checker.

1. Add an IPv6 address to your web server

The first step is to get your web server listening on an IPv6 address, as well as an IPv4 address. How you achieve this will depend on how your web server is managed. If you’re on a shared hosting account, you’ll be dependent on your hosting provider. If you run your own server, you’ll need to obtain an IPv6 address from your hosting provider (assuming they support IPv6), configure your server to use it and then ensure that your web server (e.g. Apache is listening on this address).

2. Add an AAAA record for your website

AAAA records are the IPv6 equivalent of A records, which resolve hostnames to IP addresses.  In order for users to find your website over IPv6, you will need to add an AAAA record for www.yourdomain.com pointing to the IPv6 address configured above.  You can check that this is in place using the dig command:

$ dig +short A www.mythic-beasts.com

$ dig +short AAAA www.mythic-beasts.com

It’s possible that your existing “www” record will be a CNAME for another hostname, in which case you should add the AAAA record to that hostname, rather than the “www” record.

Our health checker will skip this test if your domain doesn’t have an A record for “www”.

3. Add an AAAA record for your bare domain

Most websites are configured to work if the user omits the “www” prefix from the name, for example http://mythic-beasts.com

In order for this to work, you will need an A record for your domain name itself, and to be IPv6-enabled, you’ll also need a corresponding AAAA record.

Once again, our checker will skip this test if the bare domain doesn’t have an A record.

4. Ensure your DNS servers have IPv6 addresses

The steps above make it possible to access your website over IPv6, but unless your DNS servers are accessible over IPv6, users (or more specifically, their DNS resolvers) will still need to use IPv4 in order to find your site in the first place. To avoid this, you need to ensure that your nameservers have IPv6 addresses.

You can find the nameservers for your domain using “whois”, and you can check whether the servers have IPv6 addresses using dig, as before:

$ whois mythic-beasts.com
[ ... ]
Name Server: NS0.BEASTS.ORG
[ ... ]
$ dig +short AAAA ns1.mythic-beasts.com

If your nameservers do not have IPv6 addresses, then unless you run your own nameservers, you’ll either need to persuade your hosting provider to enable IPv6, or switch your DNS provider to a different provider.

For a full pass, our health checker requires that at least two of your servers have IPv6 addresses.

5. Add IPv6 glue for your nameservers, if necessary

In order to find the address for your website, a DNS resolver will first need to find the address of your nameservers. If your nameservers are in your own domain, this creates a bootstrapping problem. For example, in order to find the address for ns1.mythic-beasts.com, you need to ask the nameservers for mythic-beasts.com, which includes ns1.mythic-beasts.com. The solution to this is a glue record, a record containing the address of your nameserver which is held by the nameserver for the next zone up. In this case, the next zone up is .com, so the .com nameservers would contain glue records for the ns*.mythic-beasts.com nameservers.

If a nameserver has an IPv6 address, then any glue records for it should also contain that IPv6 address.

Checking for glue records is a little bit involved. The quickest way to do it is to use “dig +trace” to find a nameserver for the next zone up:

$ dig +trace ns1.mythic-beasts.com
com.      172800  IN  NS  a.gtld-servers.net.
com.      172800  IN  NS  b.gtld-servers.net.
com.      172800  IN  NS  c.gtld-servers.net.

We can now ask any of those servers for the NS records for our domain. Any glue records that exist will be returned in the “additional” section of the response:

$ $ dig NS mythic-beasts.com @a.gtld-servers.net.
ns1.mythic-beasts.com.  172800  IN  AAAA  2600:3c00::f03c:91ff:fe96:beac
ns1.mythic-beasts.com.  172800  IN  A
ns2.mythic-beasts.com.  172800  IN  AAAA  2a00:1098:0:80:1000::10
ns2.mythic-beasts.com.  172800  IN  A

If your servers are missing glue records, you will need to get your domain registrar to add them.

It’s worth noting that even if you don’t directly require glue because your nameservers are in a different zone, at some point along the chain there will be a nameserver that does require glue.

For a full pass, our glue checker requires at least two nameservers to be discoverable by a single-stack IPv6 resolver at every step of the chain of delegation.

6. Add IPv6 addresses for your incoming mail servers

In order to receive mail over IPv6, at least some of the mail servers listed in the MX records for your domain must have IPv6 addresses. You can find the mail servers for your domain using dig:

$ dig +short MX mythic-beasts.com
10 mx1.mythic-beasts.com.
10 mx2.mythic-beasts.com.

You can then check that these servers have IPv6 address by using dig to resolve an AAAA record, as before.

In order to pass this test, at least one of the servers listed in your MX records must have an IPv6 address.

7. Add reverse DNS for your mail servers’ IPv6 address

It is generally advisable to have working reverse DNS for any addresses from which you send outgoing mail. In the case of IPv6, this becomes pretty much essential, as one of the biggest mail providers in the world, Google, will reject mail over IPv6 unless the sending server has working reverse DNS for its IPv6 address.

Unless you run your own mail servers, adding support for IPv6 will be down to your mail provider.

Unfortunately, there is no reliable way to obtain the outgoing mail servers that are used for a particular domain, so instead our health check makes a bold assumption that your outgoing servers are the same as the incoming servers listed in your MX records, and checks those. This assumption is certainly not true of all domains, which is why a failure of this test is only treated as a warning.

8. Check your SPF records

SPF (Sender Policy Framework) is a mechanism for publicly listing your outgoing mail servers, so that receivers can detect spoofed email sent from other servers. If you enable your outgoing mail servers to start sending mail over IPv6, and you have an existing SPF record, it is important that you make sure that it includes the IPv6 addresses for your mailservers.

There are various ways of doing this. If your incoming and outgoing mail servers are the same, then you can use the “mx” mechanism in your SPF record. This means that any hosts listed in the MX records for your domains will be regarded as a legitimate source of mail for your domain, and this will automatically include any IPv6 addresses (assuming you’ve done step 6).

If you list IPv4 addresses or address ranges in your SPF record explicitly, then you will need to add corresponding IPv6 addresses for those servers.

The rules applied by our health checker aren’t entirely trivial, as it’s not uncommon for legitimate third party servers to be included in a domain’s SPF record, and there’s no way of pairing up IPv6 addresses with their IPv4 counter parts. Our health checker applies some very broad rules: if you use the “mx” mechanism, then the checker requires at least one IPv6 address for a server listed in the relevant MX records. If there are any explicit “ip4″ addresses or ranges specified in the record, then the health checker expects to find at least one explicit “ip6″ mechanism.

If your domain does not list an SPF record then this test will pass automatically, as this effectively defaults to “accept from all”.

These rules aren’t watertight, but have proven to be quite effective in identifying mail sources that either haven’t been enabled by IPv6, or which have but haven’t been added to the SPF record.


Help ARIN Shape Our New IPv6 Campaign

By Jennifer Bly, Public Relations and Social Media Coordinator, ARIN

Have you ever had this conversation?

You: “Hey, did you know the Internet is running out of IP address space?”

Non-technical colleague: “No, really?”

You: “Yeah, IPv4 is running out, and we need to make sure we are planning to support IPv6.  I think enabling our website may be the best place to start.”

We want to hear more about conversations like that. Did you get the buy-in you needed to move forward with an IPv6 transition, or did the idea fall flat? What could have made that conversation easier or more productive?


Get6 Conference Call


In the next few weeks, ARIN will launch Get6, a new IPv6 campaign, aimed at content creators and members of the C-suite who don’t seem to understand why IPv6 is relevant. We think they ought to know about how this element of critical infrastructure stands to impact their success now that nearly all businesses depend on having a stable, reliable and accessible Internet presence.

The question is: How can we get all Internet movers and shakers to pay attention to IPv6 too?

That’s where you come in. We want to pick your brain on how to make the business case for IPv6. We will be hosting a one-hour conference call on Tuesday, October 28th at 4:00 PM EDT (UTC-05:00). We want to hear about your experiences telling your organization the value of IPv6, what challenges you face, and what ARIN can do to serve as a better resource as you make the IPv6 case to your colleagues.

This is your chance to help set us the course for our new Get6 campaign and work toward the overall goal of getting more mobile platforms and web content IPv6-enabled. If you are interested in joining, shoot us a quick email at get6@arin.net for the dial in information.  We hope to talk to you soon!



Give Your Input on the IANA Stewardship Transition

By John Curran, President and CEO, ARIN

The community involved in making sure Internet numbering runs smoothly wants to make sure it continues to run smoothly for years to come.  Since the news broke that the global Internet Community was to develop a proposal for stewardship of the Internet Assigned Numbers Authority (IANA) so that it could be contractually released from US government, there has been a lot of talk about how to proceed.

Here in the ARIN region we’ve been keeping you up to date with developments and now are gathering your input on the work that needs to be done in our region to develop a contribution to the proposal.  At our ARIN 34 Public Policy and Members meeting we held a session on the IANA Stewardship Transition Planning Process.  See the footage from this discussion:



IANA Oversight Survey

After the meeting we opened a survey to gather input from the ARIN community to help prepare for regional submission to the IANA Stewardship Transition Coordination Group (ICG) – the multistakeholder group tasked to coordinate the production of a global proposal for the transition of IANA oversight. This survey is an important way for you to give your feedback regarding the future oversight of the IANA functions. It consists of only 10 questions and a field for comments in case you’d like to elaborate on your answers.

Take the survey now!

IANA Stewardship Transition Process Mailing List

After the survey closes on Monday, we’ll aggregate your responses and share the results with the goal of consolidating all community input by December 2014.  We will discuss the results as a community via a new, public mailing list – iana-tranistion@arin.net – created to facilitate open community discussion in the region regarding the IANA Stewardship Transition planning process.

We recommend you subscribe this IANA-transition mailing list to both follow and contribute to the discussion.


IANA Stewardship Transition Discussion


The next step will be to further consolidate ARIN input with the input of the other four Regional Internet Registries in early 2015 with the goal of coming to a complete submission on behalf of the Number Resource Organization (NRO) to the ICG.

If you want to make sure your voice is heard as a part of the numbers community, please take the time to fill out the survey and subscribe to iana-transition.


Vote Now in 2014 ARIN Elections

By Susan Hamlin, Direction of Communications and Member Services, ARIN

ARIN 2014 ElectionsThe polls are open in this year’s ARIN Board and Advisory Council elections.  If you’re a designated member representative (DMR), you are the person responsible for casting a vote on behalf of your organization.  Note than voter eligibility was set 60 days out from the start of the election, on 11 August 2014.   The election began on 9 October 2014 and will stay open through Sunday, 19 October at 3 PM EDT.

Voting in elections is the main responsibility and benefit of ARIN membership, so make sure you take advantage of this opportunity to shape ARIN leadership.  Each ARIN member organization may cast one vote, so all votes count equally, and your participation is encouraged.  Good voter turnout is a statistic we hope to hold up!

Not sure who to vote for? 

This election, there are 2 seats open on the Board and 7 seats open on the Advisory Council.  You can watch each candidate’s speech, given at ARIN 34 last week, by clicking on their name.

Board of Trustees

Timothy Denton, The Windermere Group

Bernadette Lewis, Caribbean Telecommunications Union

John Sweeting, Time Warner Cable

Bill Woodcock, Packet Clearing House

Advisory Council

Dan Alexander, Comcast Cable

Kevin Blumberg, The Wire Inc

Mike Burns, IPTrading

Andrew Dul, 8 Continents Networks LLC

Robert Duncan, Merit Network

David Farmer, University of Minnesota

Nick Guy, Noel Communications Inc.

David Huberman, Microsoft Corporation

Timothy Kaufman, Net Access LLC

L Sean Kennedy, XO Communications

Leif Sawyer, General Communications, Inc. 

Chris Tacit, Tacit Law

For more background on the candidates, check out their bio and/or statements of support.

Need instructions on how to cast your vote?

To get a full overview of the elections process and the specifics on how to vote, just watch this video:

More information about ARIN elections is available at our Election Headquarters, and as always feel free to ask us if you have any questions. Drop us an email at info@arin.net.



ARIN 34 Members Meeting Daily Recap

By Jennifer Bly, Public Relations and Social Media Coordinator, ARIN

ARIN 34 Daily Recap It’s hard to believe ARIN 34 is already over. Today wrapped up the final of day of our Public Policy and Members Meeting in Baltimore, Maryland. Thanks to those of you joined us onsite and remotely. Here’s a quick version of what happened during today’s meeting.

This morning we began with a warm welcome to attendees, and we heard updates from the Number Resource Organization (NRO) on current activities and objectives. Then each ARIN department head shared about their respective work; Mark Kosters discussed engineering, Susan Hamlin gave the update on Communications and Member Services, Erin Alligood spoke about Human Resources and Administration, Val Winkelman gave an update from the Financial Services Department, and Leslie Nobile spoke about Registration Services.

Bill Darte and Stacy Hughes ARIN 34Advisory Council Chair, John Sweeting, gave the AC Report, thanking both Bill Darte and Stacy Hughes for their long time service on the ARIN Advisory Council. Next, Treasurer, Paul Andersen, gave the financial report and ARIN CEO followed up with a status update on the ARIN Free Structure review. Lastly, Board Chair, Vint Cerf, delivered the Board of Trustees Report.

The day concluded with a time for participants to speak during an open microphone session. Several community members asked questions and provided interesting comments, suggestions, and observations.

The full meeting report will be posted soon on our ARIN 34 Meeting Page where you can now already find meeting materials.  Additionally, you can also find all the slides that were presented during the Public Policy and Members Meeting yesterday and today at:

The winners of our two $100 ThinkGeek gift certificates for using the #ARIN34 hashtag on Twitter are @hajett and @crackmacs. Congrats!

Now that you’ve have the info on ARIN 34, make sure to save the date for both our next Public Policy Consultation and Meeting:

ARIN Public Policy Consultation at NANOG 63

2-4 February 2015 – San Antonio, Texas

ARIN 35 Public Policy and Members Meeting

12-15 April 2015 – San Francisco, California


ARIN 34 Public Policy Meeting Daily Recap

By Jennifer Bly, Public Relations and Social Media Coordinator, ARIN

ARIN 34 Daily RecapARIN’s 34th Public Policy and Members Meeting arrived in the Charm City to hold an open discussion of Internet number resource policies.  Lots of lively conversations ensued today, and more will follow tomorrow.  In case you weren’t with us here in Baltimore, Maryland or online today, here’s a quick recap about what happened along with some info on how YOU can participate in the meeting tomorrow.

We discussed a whopping 10 policies on day one of ARIN 34 including:

Recommended Draft Policy:

Draft Policies:

ARIN 34 Public Policy and Members Meeting

At the start of the day, first time attendees got up to speed on all things ARIN with an orientation breakfast.  Then we jumped right into the public policy meeting with a report on IPv6 IAB/IETF activities from the most recent Internet Engineering Task Force (IETF) meeting.  Next, a policy implementation and experience report reviewed current policies and provided feedback to the community.  Before heading into policy discussion, the Advisory Council Chair presented on-docket proposals.  After lunch, we heard a speech from each Board of Trustees and Advisory Council candidate before the polls opened and voting began.  The current and future software development update took a look at how ARIN engineering evaluates and prioritizes new projects.  Last but not least, an open microphone session closed out the day.

Perhaps the hottest feature today was the session on IANA Stewardship Transition Planning Process. ARIN President John Curran explained the current situation and presented ideas about how the ARIN community can contribute to the process.  There was talk about how to compile information from the ARIN community and RIR community as a whole to provide the IANA Coordination Group (ICG).  You can still share your feedback on the proposed process here, whether we need a new or existing ARIN mailing list to discuss these issues, and on questions for inclusion in the community survey that will open next week.

If you want to reference something you heard at the public policy meeting, slides from today’s presentations are already up online. Soon to follow, webcast archives, transcripts, and summary notes will posted as soon as they are available.

Do you tweet? Make sure to use the #ARIN34 hashtag for a chance to win a $100 ThinkGeek gift certificate.  Tomorrow afternoon we’ll be awarding one prize for most informative or entertaining tweet using #ARIN34 and another prize for the tweet with the most retweets using #ARIN34.

Whether you are member of ARIN or not, you are welcome to participate in the Members Meeting portion of ARIN 34 that begins at 9 AM EDT Friday morning.  Remote participation information is available on our ARIN 34 site.  Plus check back on Team ARIN at meeting’s end for another daily recap.


Current Status of Phase 4 of the IPv4 Countdown Plan

By Leslie Nobile, Director of Registration Services, ARIN

ARIN Team Review in Progress

ARIN has implemented Phase 4 of our IPv4 Countdown Plan, and as a result, our response time for IPv4 requests has increased from our organizational goal of two business days. We acknowledge that this situation has caused some frustration in the community, and we are making adjustments to our IPv4 request procedures in an effort to improve response time.

But the first question is what changed in Phase 4, and why?

First – Phase 4 requires “team review” for all IPv4 requests. This allows us to ensure all organizations are being reviewed under the same set of requirements. By having at least two analysts review each new IPv4 request (and responses to existing IPv4 requests), we have additional verification that each is handled in accordance with policy.

Second – Phase 4 also requires processing of all new IPv4 requests (and responses to existing IPv4 requests) in the order in which they were received. Because multiple organizations will be vying for the limited number of available IPv4 prefixes, we want to make sure our processes are fair and equitable, and that organizations with valid and documented requests receive sequential access to IPv4 free pool resources.

How does team review work?

  • Our team review process involves four analysts.
  • Three analysts are assigned to review approximately 30 tickets per day, starting with the oldest tickets first. These analysts conduct a preliminary review of each and record their conclusions, action items, and any other necessary information.
  • One senior analyst is dedicated to reviewing all of these initial assessments and providing a response to the customer in the order received.
  • Because the prep work has already been done by the three analysts who are conducting preliminary reviews, this analyst can typically respond very quickly throughout the day, which helps to ensure requests are processed as quickly as possible.

What changes have been made to help improve response time?

First, all IPv4 requests that have provided everything necessary for an approval (including officer attestation) will be processed in the order they were received independent of in-progress IPv4 requests. This is expected to cut the overall time required to complete an IPv4 request by several business days.

Second, we’ve removed all requests that would be filled from a reserved block (micro-allocations, IPv6-transition blocks) as well as /24 requests from the IPv4 team review queue.   Because requests filled from a reserve don’t come from our general-use inventory, there’s no need to team review them until we near depletion of those reserved blocks.

We hope these temporary changes will improve our response time and allow us to quickly get back to our two-business day turnaround on IPv4 requests.


IPv6 in Gotham City: Interop New York 2014

By Sean Hopkins, Communications and Technical Writer, ARIN

Interop BoothThis week, ARIN trekked north to the wilds to Manhattan for Interop New York. Surrounded by networking gurus and cloud specialists, we were pleased, but hardly surprised, to see that IPv6 awareness has never been higher. Most passersby had already requested an IPv6 address block for testing purposes, and many were fully deploying it across their networks. Major roadblocks appear few and far between, and many organizations were simply waiting for their upstream providers to turn on IPv6 for them, or for their IPv4 allocations to run out.

With nothing major getting in the way of IPv6 deployment, many eyes have turned to the dwindling pool of IPv4 remaining in the ARIN region, which, at the time of this posting, lies at a minute 0.66 /8 equivalents: down five percent from the beginning of Interop, and down nearly 50 percent since Interop Las Vegas ended in April of this year. With IPv4 depletion reaching new levels of imminence, isn’t it about time you got your hands on some IPv6? Just visit ARIN’s resource request section and see just how easy it can be to get your initial allocation or assignment. Once you are ready to get your feet wet, check out our IPv6 Wiki for helpful advice, informative presentations, and real-world IPv6 adoption stories.

Several of our visitors had questions specific to the policies in our Number Resource Policy Manual (NRPM) or the fees outlined on our fee schedule page. Keep in mind that ARIN policies and fees are set by the ARIN community (hint: that’s you!) so if you have any improvements in mind for either of them, now is a great time to get involved! ARIN’s next Public Policy and Members Meeting is next Thursday and Friday in Baltimore, MD. If you can’t join us in person, fear not! ARIN 34 proceedings will be webcast with a live transcript and chat functionality for remote participants.

There’s never been a better time to get up to speed on IPv6 and the policies in use by ARIN and its community. Learn about the many ways you can participate in ARIN and the Policy Development Process here. If you have any questions, feel free to email us at info@arin.net.

ARIN Public Policy Discussions are heading to Baltimore

By Einar Bohlin, Senior Policy Analyst, ARIN

It has been a busy summer, and things show no sign of slowing in the world of the ARIN Policy Development. Soon you will have two opportunities to take part in the discussion of 10 policy proposals.

Your first chance will be during the Public Policy Consultation (PPC) at NANOG 62 on 7 October 2014 from 9:30 AM – 1:00 PM EDT.


Full calendar on the 7th? How do things look on the 9th? You can join us for the ARIN 34 Public Policy Meeting, from 9:00 AM – 5:00 PM EDT.


Can’t make it to Baltimore? Participating online can be equally rewarding. Anyone can view the live transcript and webcast on the ARIN website throughout the meeting, and registered remote participants can submit questions and comments alongside in-person attendees and raise a virtual hand during straw polls.

Full details about remote participation are available on the meeting websites.

I hope you will plan on joining us and add your voice to the discussion.


Build Your Own IPv6 Lab

Get your hands dirty. Playing with IPv6 can be the best way learn it. Jeffrey L. Carrell lays out how you can build an IPv6 lab from the comfort of your own home for no more than a few dollars.

Guest Blog Post by Jeffrey L. Carrell

IPv6 is called the new Internet protocol. However, it’s been running on the Internet since 1999, so it’s really not so new, it’s just that not a lot of networks have implemented it as of yet. The challenge is that it is different from what we are all used to working with. It’s a bigger number: 128 bits compared to IPv4’s 32 bits. It has colons instead of periods (ok, dots for us diehard networking folks).  It has all new routing protocol components. And on, and on. But, it has WAY MORE possible addresses than IPv4! The theory is, we should never run out in our lifetimes! But, it is different.

So, how do you learn about IPv6 if your company is not implementing IPv6? How do you afford the equipment that is capable of running IPv6? More importantly, should you spend your own money and time to learn about IPv6 if there are no other compelling reasons or funding? The answer: YES, you should learn it on your own! A professional technologist should realize that investing in yourself is important and generally does payoff in the future.  How much are you willing to invest, money wise? How about very little (and I mean ‘little’ as in a few bucks)?

For a small investment of a computer (which you probably already have), a free virtualization application, a free full-blown routing application, an Internet connection (even free WiFi at the coffee shop will work), $5.00 USD investment for an IPv6 tunnel account, and free or evaluation versions of client operating systems; you can build a sophisticated lab and learn IPv6 just as effectively as if you had invested a lot more money.

The platform I’d recommend consists of a single computer with 8+ GB ram, 200MB hard disk, dual-core or better processor, one or more networking interfaces, Oracle’s VirtualBox, VyOS (routing software), Freenet6 account and software (IPv6 tunnel service), client OS’s such as a Linux platform and/or Microsoft Windows evaluation versions, and an Internet connection that is IPv4 only. With this as a base system platform, you can also add external equipment and build a larger lab environment.

The purpose here is to “play” with IPv6. What I have found not only for myself, but for many others who I’ve had in IPv6 training classes, only reading about IPv6 does not provide adequate knowledge or the hands-on experience that leads to the actual learning of IPv6. You need to see the configuration components; you need to look at the packets with a protocol analyzer; you need to try different configuration scenarios. The doing will drive home the learning!

You can create your own IPv6 lab environment with just about any option to what I’ve outlined above. Any VM application will work, many routers and/or routing applications will work, and there are a few choices in choosing an IPv6 tunnel provider. My personal goal was to find the combination that didn’t require a lot of money or special hardware, and didn’t require specific types of Internet connectivity (e.g. you’re not required to have a static IPv4 address, generally the way home Internet services is provided). Another major aspect of this IPv6 lab system, is to have real IPv6 Internet connectivity over an IPv4 only connection, which means you can actually use IPv6 to communicate to the outside world. You can even configure a client VM to not have any IPv4 at all! I have tested this system at various WiFi hotspots, friends’ networks, and even at 37K feet in the air while flying on a plane that had WiFi.

I started with an account with Freenet6, which allowed me to build a system that provides for a /56 subnet for IPv6, which could provide up to 256 /64 IPv6 subnets. I generally design breaking the /56 into 16 /60s and then each /60 provides 16 /64s. This lets me build multiple networks, and I can then enable different IPv6 routing protocols to really test my configs. A most excellent resource specifically covering IPv6 addressing topics soon to be published is “IPv6 Address Planning” by Tom Coffeen by O’Reilly. Another great resource is Rick Graziani’s book “IPv6 Fundamentals: A Straightforward Approach to Understanding IPv6” by Cisco Press which covers not only IPv6 basics but routing in an IPv6 network as well, with a focus on Cisco IOS.

So far I’ve made it sound easy to throw all this stuff together in a pot, stir it around a bit, and presto-changeo you have a way-cool IPv6 lab. Unfortunately that is not exactly the case. It does take a bit of tweaking and modifying to make the base system work. Initially you download all the software you need and also sign up for your Freenet6 account. Then you install VirtualBox and create a VyOS virtual machine (VM). After getting the VyOS VM going, the real fun begins. You must do some updates to the Debian base which VyOS runs on and then install the freenet6 (called gogo6) client software. After getting that all going, there are a few tweaks to the gogo6 main configuration file for account info, etc., and to the router config file gogo6 calls within VyOS. It’s a bit more complicated than I have time or space to cover here. After all this, you can then configure one or more client VMs to play with.

Here is what the IPv6 Lab system could look like:

Network Diagram Screenshot

After configuring the system, I have an IPv6 tunnel up and running, and a Linux client on a different IPv6 subnet, on an IPv4 only connection to the Internet, all in VirtualBox:

VB VyOS Screenshot

If you want to learn more about how you can set up your own IPv6 home lab, I will be facilitating two half-day hands-on workshops on this project at the upcoming 2014 North American IPv6 Summit on September 23-25 in Denver Colorado. There is still time to register for the workshop and/or the IPv6 Summit.


Jeff Carrell

Jeffrey L. Carrell is Network Consultant at Network Conversions. Jeff is a frequent industry speaker, freelance writer, blogger, IPv6 Forum Certified Trainer, network instructor and course developer to major networking manufacturers, and technical lead and co-author on 2 books: Guide to TCP/IP 4th Edition (contributing IPv6 content) and Fundamentals of Communications and Networking 2nd Edition. Jeff focus’s on IPv6 interoperability, and delivers lectures and IPv6 hands-on labs at technical conferences worldwide. As an IPv6 Forum Certified IPv6 Trainer, Jeff offers IPv6 Forum Silver and Gold Certified courses, customized IPv6 training courses, is an IPv6 Instructor for HP Education Services for their IPv6 Foundations course, and an IPv6 Instructor for Nephos6 for their IPv6 Foundations course. Jeff is a featured IPv6 instructor for the gogoNET online community, offering webinars and online workshops on IPv6 technologies via the gogoTRAINING initiative. Jeff is also a “Protocol Analysis Workshop” facilitator for Riverbed. Jeff has been involved in the computer industry for 35 years and has concentrated his endeavors in the internetworking portion of the industry for over 28 of those years. Jeff actively participates on IPv6 topics on twitter @JeffCarrell_v6.