Tag Cloud:

On the Horizon: Unmet Requests Policy Activation

By Richard Jimmerson, Chief Information Officer, ARIN

On the Horizon

We expect to take registration actions this week that will activate ARIN’s policy for unmet requests. For the first time, it is expected an organization will receive a block size smaller than they qualified for, and/or an organization will be placed on the waiting list for unmet requests.

When an organization qualifies for a block size that no longer remains in the ARIN IPv4 inventory, they are given the option to either accept a smaller block that is available to fully satisfy their request, or to be placed on the waiting list for unmet requests. As we do with all IPv4 tickets, we take action on customer responses in the date/time stamp order that they were received. We are able to look ahead in our IPv4 response queue and see that we will take the registration actions described above during this business week.

Once we take the registration action of issuing a smaller block than what was qualified for, or place an organization on the waiting list for unmet requests, we will issue an announcement to the community and a press release.

At the time of this post, there is less than 1% of a /8 equivalent remaining in the ARIN IPv4 free pool. The only prefix sizes remaining are /23s and /24s.

 

Registry Data Access Protocol (RDAP): A Common Whois System

By Andy Newton, Chief Engineer, ARIN

For decades the only common method for accessing data in all the Regional Internet Registries (RIRs) has been Whois. Unfortunately, as a protocol, Whois does not specify any queries or responses making true interoperability between RIRs very difficult. This situation is even worse for domain registries.

1.1.1.1-NicInfo

In March, the Internet Engineering Task Force (IETF) published a set of Requests for Comment (RFCs) for a protocol intended to be a replacement for the Whois systems of RIRs and Domain Name Registries (DNRs). This protocol is called the Registry Data Access Protocol (RDAP), and it is based on the common approach of delivering results in JavaScript Object Notation (JSON) format over HTTP (also know as a Representational State Transfer, or RESTful web service). Both LACNIC and APNIC have already fielded servers speaking this new protocol. On 20 June 2015, ARIN officially deployed its RDAP services. The other RIRs and many DNRs are expected to do so very soon as well.

ARIN’s RDAP services are composed of an RDAP version of its WHOIS system, essentially returning ARIN registration data in RDAP format, and an RDAP bootstrap service.

In RDAP, the method to find the proper server for which to send queries is called bootstrapping. It is a set of processes that involve downloading JSON files from IANA and indexing them appropriately. For some types of clients, such as Javascript programs running in web browsers or simple Bash scripts using curl or wget, bootstrapping can be onerous. But ARIN’s bootstrapping service makes this trivial. Clients that do not wish to conduct bootstrapping simply send their RDAP queries to the bootstrap service, and an HTTP(S) redirect will be returned instructing the client where next to send the query.

ARIN’s bootstrap service is located at https://rdap.arin.net/bootstrap. A query for IP address 1.0.0.0 would look like this: https://rdap.arin.net/bootstrap/ip/1.0.0.0. That query results in a redirect to APNIC, whereas http://rdap.arin.net/bootstrap/ip/23.0.0.0 results in a redirect to ARIN’s RDAP registry service (located at https://rdap.arin.net/registry). Incidentally, the code for ARIN’s RDAP bootstrap service is open source and available on GitHub.

ARIN has also made available an RDAP command-line client called NicInfo. This is an open source, Ruby program, and most recent versions of Linux and Mac OS can be simply installed with ‘gem install nicinfo’. More information on NicInfo can be found on its GitHub pages.

 

 

A Closer Look at The Internet of Things

Nick Rojas explores the Internet of Things and how some will appreciate the fundamental changes to the Internet that will allow it to come to fruition, while others will simply take it for granted.

Guest blog post by Nick Rojas

The so-called “Internet of Things” (IoT), is not just about the seemingly endless benefits of connecting everything to the internet, or as some say, making things “smart”. It’s also about infrastructure, intellectual property, education, and increasingly growing business interests. It’s how devices are tied to the cloud for commerce, research, and an endless array of applications.

While considering the benefits of having smart refrigerators and other fun gadgets, many forget the significant potential applications that the Internet of Things could change, such as water conservation due to “smart” sensors, reducing city traffic congestion, and a radical change in health care practices.

IoT

The Main Challenge: Infrastructure

Smartphones alone command a staggering share of smart devices in use today, with more than 143 million of them in use. When phones, refrigerators, bathroom scales, football stadiums, and even entire cities collectively need to connect to the Internet, we may find that we simply don’t have the infrastructure to support this yet. When IP protocols were first designed, futurists couldn’t have envisioned all the devices that would one day connect to the Internet. The concept of connecting virtually everything to the Internet goes well beyond the original framework.

Every device connected to the Internet must be given a unique identifier to function properly, so IP address exhaustion is certainly a thing that could hinder the ability to provide for the “Internet of Everything”. This is where we can enjoy a bit of good news.

IPv4 provided approximately 4.3 billion addresses, and has lasted for about 25 years. IPv6 has been available since 1999 and vastly expands the number of addresses to about 340 trillion, trillion, trillion addresses. Simply put, we’re good to go, for a very long time.

As progress is made, some of us will appreciate the fundamental change to the Internet while others will simply take it for granted.

“There will be so many IP addresses … so many devices, sensors, things that you are wearing, things that you are interacting with that you won’t even sense it. It will be part of your presence all the time.”  – Eric Schmidt, Google’s chairman and former CEO

With Increased Connectivity comes Improved Analysis

In addition to infrastructure and the increasing number of devices, the Internet of Things will prompt the continued development of analytics. Advanced statistics and predictive algorithms will play an ever larger role in decision making.   As an example, smart devices can be used by medical researchers to track the relationship between medicines consumed and heart rate.

As the volume of people using such devices increases, and the amount of data reaches statistical significance, analyzing the data can help researchers glean valuable information about the impact of certain foods on heart rate.

According to M.V. Greene, “”The “Internet of Things,” where objects in the physical world are connected to electronic virtual networks, is poised to turn retail on its head. Not since the introduction of online shopping – and before that credit and debit cards for purchasing – has something in retail had the potential to be so transformative.”

As the applications of these smart devices are dreamed of and manufactured, the opportunities for scientists and researchers are endless. Dreaming up ways of connecting human activities with data can lead to major advances in how we lead our lives. With the recent launch of Apple’s Smart Watch, which signifies the first massive step into mass adoption of wearable technology, the potential of the Internet of Things has just begun.

 

Nick RojasNick Rojas is a business consultant and writer who lives in Los Angeles. He has consulted small and medium-sized enterprises for over twenty years. He has contributed articles to Visual.ly, Entrepreneur, and TechCrunch. You can follow him on Twitter @NickARojas, or you can reach him at NickAndrewRojas@gmail.com.

 

 

 

 

 

 

Breaking down ARIN’s remaining IPv4 Pool

By Richard Jimmerson, Chief Information Officer, ARIN

At the time of this post, there is only .15 of a /8 remaining in the ARIN IPv4 free pool. The largest prefix that remains available is a /11. Within days, that /11 will either be issued to a qualifying organization, or broken down to make smaller prefixes available for organizations who have qualified for a block size that falls between a /11 and the next available block size in inventory. Given the limited amount of address space remaining in the ARIN IPv4 inventory, a common question has been about the concept of “breaking blocks”, so let me explain why and how it works.

IPv4 Review Team
 

When an organization qualifies for a block size that is not available in the ARIN IPv4 inventory, but there is a larger block size available, we split the closest available larger block to create the newly qualified/approved block size for that organization. For instance, if an organization qualifies for a /14, but it is not available in the inventory, ARIN will split the next available, larger block to create the block that is needed to fulfill that request. In this case, for example, the next larger block is a /11, which would be split to fulfill that approved /14 request. The blocks remaining after that split, a /12, /13, and a /14, would remain in the ARIN IPv4 free pool inventory and be displayed accordingly.

We have hundreds of open IPv4 requests at ARIN today. We are very carefully reviewing and responding to tickets in the order they were received and in accordance with Phase 4 of our IPv4 Countdown Plan. We are aware that this has created delays in our response times, as the request volume and customer questions we are receiving have significantly increased our workload. Rest assured that we are working diligently, and that our number one priority is ensuring Phase 4 procedures are followed during this unique time in the IPv4 history.

The number of days remaining before depletion are dwindling. It is very likely that we are already processing a request that we will be unable to fulfill. We will manage the distribution of the remaining IPv4 in accordance with policy and by following the procedures we outlined in 2011 as part of the IPv4 Countdown Plan.

As a community, we have been preparing for this milestone for years, and now that it is here the Registration Services team is fully committed to making sure that we exercise full diligence with each IPv4 request. As anticipated, this has slowed our request processing pace, and we appreciate the patience of all our customers at this time.

 

 

Turning Bits into Bites

I can has IPv6? Mathew Newton knows how to make IPv6 fun – by involving cats of course. Here’s how he connected a DIY device to the Internet of Things to solve a problem and make his feline friends extra happy on World IPv6 Day.

Guest blog post by Mathew Newton

If we are to believe the figures being banded around, the Internet looks set to be dominated by the number of devices connecting under the ‘Internet of Things’ banner at some point over the coming years. If there’s any domination of the Internet before then it is arguably by cats – cat photos, cat videos, pretty much cat anything. I actually think there’s room for both though in the form of Internet-enabled cat feeders

Back in 2009 I was looking for a solution to ensure our two cats didn’t go hungry if my wife and I had to work late or go out for the evening straight from work. I couldn’t help but feel that I already had half the solution by virtue of my home-grown security solution based around the use of IP cameras. We could see the cats via the Internet wherever we were, so why not feed them this way on an occasional basis also? Cutting a long story short (the full details of which can be found on my website with the obligatory cat video on YouTube) I built the first version (the ‘Mark 1’) of my cat feeder:

Cat Feeder

Aesthetics didn’t feature on the requirements list (well, not mine anyway – it turns out they did on my wife’s!) but function and reliability definitely did. It seemed to tick both of these boxes completely with little room for improvement.

That’s not to say my work was done however – I had to do something about the Cisco Catalyst switch (I know, pun intended; it was clearly meant to be!) which I’d used to interface the feeder to the network through some hacked-together RJ45 loopback adapters and piggybacking on the port status LED driver ICs. Not only was the switch noisy but also bulky and had to be tethered to a nearby network port. After rummaging through piles of kits that ‘may come in handy one day’ I found a Cisco-Linksys WRT54GL broadband router and used it to make the improved ‘Mark 2’ version:

Cat Feeder 2

Cat Feeder Schematic

Not only was the feeder now a self-contained device, but it was also wireless (well, apart from the main power) and, by reflashing the firmware, could also support IPv6! The immediate benefit of this was, of course, being able to assign an appropriate ‘vanity’ address involving ::f00d and ::feed and no doubt others! Once that novelty wore off, the other benefits became obvious – there was no messing about with port forwarding and dynamic DNS update scripts. It just worked. Out of the box. This could of course be a double-edged sword where network security relies solely on the stateful property of a NAT and so my first IoT lesson to learn was making sure that my firewall was configured to protect the feeder accordingly.

The second lesson was also security-themed, and I’ve only got myself to blame for this one. On World IPv6 Day in June 2011, I decided to open up the feeder for 24 hours for anyone to access. For those connecting over IPv4 they could only view the feeder-mounted webcams, but for those with IPv6 they could also take control of the feeder and feed the cats. You can probably imagine how it went – food pretty much everywhere and two very full cats! The real problem, however, was that some users had spotted that I was passing control parameters through the URL to a PHP script (e.g. /catfeedercontrol.php?action=feed&time=5) and so were trying to abuse this by manipulating the feed durations, fishing for other commands and goodness knows what else. I quickly added some sanity checking to the scripts to mitigate this (I didn’t do this previously because access was usually password controlled). A key point to note here is that this attack vector was not directly related to the use of IPv6 as such – the vulnerability was at the application layer after all – however the ease with which IPv6 allows devices to be reachable from the Internet highlights the importance of ensuring that security is properly considered at all layers of the stack.

Even with sanity checking I would have benefited from being able to rate limit access but didn’t have time to work out how to do this. Instead, I opted to filter the source address of repeat offenders using the firewall and this became my third security lesson. The IPv6 double-edge sword was back – the offender was either hopping between addresses (whether that be manually or using short-term privacy addresses) or an entire organisation was seemingly in on the act because the addresses were all over the place within a very large prefix! I assumed the former but given the futility of playing cat and mouse with the offender (pun not intended!) I gave up blocking individual addresses and filtered the entire prefix instead. In a ‘real world’ application this could of course have significant unintended consequences, and so it did make me realise that our approach to filter-by-address strategies in IPv4 might need further thought when it comes to IPv6.

All in all, the cat feeder has been a great success and has never let us down in the six years we’ve been using it (I should point out that we only use it on occasion and not as a substitute for in-person contact with our pets!). Indeed, the cats seem to love it although it has to be said they’d love anything that feeds them! I suspect though that they might be particularly keen on the IPv6 aspect as normally they are fed twice a day but on World IPv6 Day they were fed a total of 168 meals. So from their perspective, this answers the question as to how much better IPv6 is than IPv4… 84 times of course!

 

Mathew NewtonMathew has nearly 20 years of network-related experience with a particular focus on all aspects relating to the design and deployment of IP (v4 and v6) and DNS.

His interest in computing, electronics and ‘how things work’ arguably stems from a childhood of taking things apart. He is now at the level where hardly any screws are left over when putting them back together again.

 

 

 

 

3 Reasons Not to Delay your IPv6 Deployment

By John Curran, President and CEO, ARIN

Lately there has been some remarkably bad advice circulating that suggests companies would be better off delaying their IPv6 deployment ­– effectively deferring their IPv6 efforts until there’s no other option. Deferring the roll out of IPv6 while the Internet is moving ahead with IPv6 is a flawed strategy with serious impacts to your business. Let’s take a look at three reasons why companies should make their IPv6 websites reachable now versus waiting until later.

Don't Delay

1. The public Internet is moving to IPv6 whether you’re ready for it or not

First, it’s important to remember that it is the public Internet that now is migrating to IPv6, so for most organizations it is not your whole enterprise that is impacted at this point. Unless you’re an Internet service provider, the migration to IPv6 only impacts the public-facing servers (e.g. web servers) that you use to communicate with your customers and business partners. No one is saying that the printer in the copy room needs to find IPv6, or that every desktop needs it – it is the public Internet is moving to IPv6, and this means whether you like it or not, your public servers are going to be reached increasingly via the IPv6 protocol.  This ongoing migration of the public Internet to IPv6 is easy to confirm – just look at deployment of mobile devices in the US, where nearly every leading carrier is using IPv6 to expand their networks. Google indicates that more than 15% of search queries in the US are now coming over IPv6, and this is increasing each week.

 

2. The costs of moving to IPv6 aren’t as high as you think

The costs of IPv6-enabling your public facing servers are actually are quite modest, and consist primarily of confirming that your external connectivity/ISP has enabled IPv6, and then configuring your existing firewalls, load balancing, and web servers with the additional IPv6 addresses. For many who have third-party hosting of their website, it’s quite possible that the much of work has already been done. The return on investment is quite real, since an increasing number of mobile users have IPv6-based connectivity and see faster performance from IPv6-enabled websites than IPv4-only websites (which must be accessed via dynamic translation.)

 

3. The longer you wait, the longer your competitors are gaining valuable experience working with IPv6 that you aren’t

Finally, when deciding whether putting off your IPv6 efforts make sense, it’s probably best to think about what happens at the end of that process. By deferring your experience with IPv6, you’re effectively putting your enterprise behind the technology curve compared to the marketplace and your competitors. At some point you will need to expend more resources at a faster rate to build the skills and competency needed to catch up. This is poor situation to put your technology team in, and may even surprise your financial folks with the sudden need to invest in new, more capable technology that your competition has been using for years. But there might be some good news – dealing with these consequences of delaying your IPv6 efforts is more likely going to be your successor’s problem, once the deferment and resulting impacts to the company become evident.

 

For more information on IPv6, go to Get6.

 

IPv4 Request Pipeline

By Richard Jimmerson, Chief Information Officer, ARIN

IPv4 pipeline

Today we have .20 of a /8 remaining in the ARIN IPv4 free pool. At the same time, we have over 200 open tickets from organizations requesting IPv4 address space from that free pool. These requests are for sizes ranging from a /23 to larger than a /16. This does not count the many open tickets we have for /24s.

IPv4 inventory 5.7.2015It is possible in the coming weeks we will have enough IPv4 address space requests in the pipeline to account for all the remaining IPv4 address space in the ARIN IPv4 free pool. Because of this, the first organization to elect to be placed on the waiting list for unmet resources may already have an open request for IPv4 address space today.

We are working hard to reduce the response times for IPv4 requests, but are at the same time being very precise about the order in which we review and respond to tickets. Strict adherence to our Phase 4 countdown procedures is more important than ever as we near the end of our IPv4 free pool. It is imperative that we review and respond to all tickets in the order they were received according to their timestamp.

When the first organization elects to be placed on the Waiting List for Unmet Requests, we will let you know. We will send an announcement out via our arin-announce mailing list, update you with another blog in this series, share it on social media, and issue a press release to notify the media about this milestone. We can’t predict exactly when this will happen, but we expect it to be soon. This will be a signal that full depletion of the ARIN IPv4 free pool is imminent.

Of course, organizations have options to obtain IPv4 address space through the transfer process and to request IPv6 address space from ARIN. We will share more information about the status of the ARIN IPv4 inventory in the coming weeks.

 

Webpass Deploys IPv6 For ARIN 35 Event

The IPv4-IPv6 dual stack network at ARIN 35 last week went off without a hitch. Webpass VP of Technology, Blake Drager, explains what it took to get it up and running. 

Guest blog post by Blake Drager

ARIN partnered with Webpass, an industry leading Internet Service Provider (ISP), to provide the network for the ARIN 35 event held in San Francisco from April 12-15, 2015.

We met with ARIN to determine what type of connectivity was needed:

  • BGP
  • Webpass allocated IPv4 / IPv6
  • ARIN netblocks statically routed to Webpass WAN

Since ARIN has a specifically reserved IPv4 /20 and IPv6 /48 for ARIN and NANOG meeting events, statically routing ARIN’s netblocks within the Webpass network was the best solution.

webpass_microwave_link

Webpass’ network is 100% dual-stacked and running on a Brocade CER and MLXe platform so setting up the IP circuit was as simple as:

  1. Adding an IPv4 /30 and an IPv6 /64 for connectivity between networks
  2. Statically routing ARIN’s netblocks with the next-hop being the Webpass WAN IPs
  3. Redistributing the static routes into our OSPF and OSPFv3 tables

After setting up the IP circuit, ARIN’s netblocks were routing within the Webpass network, but we wanted to redistribute these blocks to our eBGP peers so we had to do the following:

  1. Create prefix lists for the ARIN blocks
  2. Add those prefix lists as an applicable route-map statement attached to eBGP neighbors
  3. Verify that the routes were being advertised to Webpass’ eBGP peers
  4. Contact eBGP NOCs, send them the ARIN LOA for  Webpass to advertise ARIN’s netblocks and request that they update their prefix lists accordingly. This took a few emails and a little coercion with some networks, but after a while, ARIN was able to verify their routes were visible in public BGP looking glasses and route servers.

Once all of the above steps had been successfully executed, and the microwave link was installed at the JW Marriott, ARIN was able to verify public connectivity for both IPv4 and IPv6. All things considered, the process was very simple. IPv6 setup required no additional configuration when compared to the IPv4 setup. This is contrary to popular narrative that IPv6 is overly complicated and makes IP provisioning more difficult. Nothing can be further from the truth. Once your network is 100% dual-stacked and your staff is appropriately trained, IPv6 provisioning gets easier.

In fact, if ARIN’s meeting requirements were for IPv6 only, the configuration would have been as simple as Webpass providing ARIN with a /56 or a /48 via DHCPv6 Prefix Delegation. DHCPv6 would automatically assign them a /48 with a next hop of their local “fe80″ IPv6 address. The Brocade router would see this delegation occur (via DHCPv6 relay) and automatically insert that route into the routing table as a “delegated static” entry. This is the common Webpass customer IPv6 connectivity configuration.

 

 

Blake Drager Blake joined Webpass in 2006 and serves as the Vice President of Technology, leading the Webpass software development and network teams.  Blake started his career at Webpass building systems used to deploy Webpass’ Internet and providing technical support to residential customers. Webpass needed a scalable network that could interface with customers and employees and Blake rose to the challenge of building it. Today, Blake continues to drive software development that enables Webpass to run efficient operations.

 

 

 

 

ARIN 35 Members Meeting Daily Recap

By Jennifer Bly, Public Relations and Social Media Coordinator, ARIN

On the final day of ARIN 35 in San Francisco we wrapped up with a Members Meeting that was open to the entire ARIN community – onsite and online.  Throughout the morning we heard an update on ARIN fees and services and took questions and comments from attendees.

ARIN 35 Meeting 15 April 2015

We received departmental reports from Communications and Member Services, Engineering, Financial Services, Human Resources and Administration, and Registration Services.  Of note, some interesting points shared with the community included:

  • We’re growing our outreach program with more ARIN on the Roads events
  • New Get6 campaign can just launched on TeamARIN
  • There are upcoming changes to the election process and voter eligibility
  • 96,512 ARIN Online accounts have been activated since inception through Q1 of 2015
  • Total Whois traffic reached 12% over IPv6

  • The Operational Test & Evaluation environment is a place to test code and process – about 161 networks have access to today
  •  ARIN has an open source software repository, and you’re invited to make your tools available here too
  • Currently, ARIN has 68 employees and a 95% retention rate
  • ARIN’s IPv4 depletion planning includes maintaining our 2-day service level agreement turn around time
  • We stand ready for the first request that goes on the IPv4 waiting list
  • ARIN expects the IPv4 waiting list will be activated in the coming weeks
  • 65 transfers were approved (all types combined) in March 2015 – that’s more than any other month in ARIN history!

Rounding out the day, we got reports on ARIN finances, the Advisory Council, and Board of Trustees. Concluding the meeting was one more chance for people to bring up topics with a closing open microphone session, during which several attendees expressed their thanks for the meeting and shared their intent to participate again in the future.

In case you want to reference the slides from today’s meeting, all of them are already posted on the ARIN website; and in the coming days, full transcripts, notes, and webcasts from every day of the meeting will also be made available.  Thanks to each of you who participated in ARIN 35 for contributing your insights and expertise.

Mark your calendars for 1-3 June 2015 for ARIN’s Public Policy Consultation in San Francisco, California and 8-9 October 2015 for ARIN 36 in Montréal, Québec.

 

 

Daily Recap 2: ARIN 35 Public Policy Meeting

ARIN 35 Daily RecapBy Jennifer Bly, Public Relations and Social Media Coordinator, ARIN

Thanks for joining us for our second daily recap about what happened today at ARIN 35.

Kicking off the morning, we heard updates from the Number Resource Organization (NRO) comprising the five Regional Internet Registries (RIRs).  We also viewed many worldwide Internet number resources statistics on ASN, IPv4, and IPv6 allocations and assignments. Later in the day we heard global reports from our colleagues around the world at the IANA, AFRINIC, APNIC, LACNIC, and the RIPE NCC.

In a special Transfer Experience Panel, we heard lessons learned and observations from both brokers and organizations involved in the IPv4 transfer market.  An interesting conversation ensued as attendees asked questions of panelists about IPv4 transfers.

Today the three policies discussed included:

ARIN 35 Hands Raised

In the afternoon we learned about the status of Registration Data Access Protocol (RDAP) which is a new set of IETF specifications to replace the Whois protocol used by the Regional Internet Registries (RIRs) and Domain Name Registries (DNRs).  We finished the day with an open microphone session that covered a range of topics from Internet number transfers to the IANA stewardship transition.

All of today’s discussions will be posted online in in the upcoming weeks, including webcasts, complete transcripts, and abbreviated notes.  In the meanwhile you can download all of the slides decks presented at the meeting already up on the ARIN website.

Lots of ARIN 35 attendees show their support for Get6. See ARIN’s album on Facebook!

 

Remember, you can participate in the final day of ARIN 35 starting at 9:00 AM PDT tomorrow morning whether you’re onsite with us here in San Francisco or at your home/office/local coffee shop through remote participation.

ARIN 35 Public Policy Meeting Daily Recap: Day 1

By Jennifer Bly, Public Relations and Social Media Coordinator, ARIN

ARIN 35 Daily Recap

ARIN’s Public Policy Meeting took place in the Golden Gate City today, bringing together Internet community members from across the region and around the globe to talk about the policies that determine how Internet number resources are distributed.

To start the day off, we heard from the Advisory Council Chair about on-docket proposals.  Then we took a look at regional policies that are being discussed in the four other Regional Internet Registries (RIRs).  We received a report on ARIN’s policy implementation and experiences that identified areas where new or modified policy may be needed based on operational experience and customer feedback.  An IPv6 IAB/IETF Activities Report took a look at what is going on at Internet Engineering Task Force (IETF) meetings.

In the late morning, we heard from a Consolidated RIR IANA Stewardship Proposal (CRISP) Team Panel that reviewed the proposal submitted to the IANA Stewardship Coordination Group (ICG).  The panelists talked about the current status, the next steps, and they also took many questions from attendees.

ARIN 35

The policies we discussed today included:

We wrapped up the day with an ARIN software development update.  Yesterday during ARIN 35, we had two great tutorials.  First, those who attended learned all about Resource Public Key Infrastructure (RPKI) in How to Certify Your ARIN Resources with RPKI.  The hands-on session walked through how to sign up for Hosted RPKI (in a test environment) and how to issue a Route Origin Authorization (ROA).  Second, during a tutorial on Life After IPv4 Depletion, we found out about the various options for obtaining IP address space as we near full IPv4 address depletion.  There was also an orientation for first time meeting attendees.

We enjoyed chatting with you on Twitter throughout the meeting.  Here are some of our favorites using the #ARIN35 hashtag so far.  Keep up the sharing!

If you want to refer to anything you saw or heard at the meeting so far, today’s slides are already up on our website, and the full webcast archives will be added at a later date.

Remember, you don’t have to be with us in San Francisco to participate in the meeting.  There are still two more days of ARIN 35 left, and remote participants can watch the webcasts, follow the live transcript, vote in polls, and submit questions and comments via a Jabber chat room.  Please register to take full advantage of our remote participation options. Tomorrow we’ll be back in session at 9:00 AM PDT and at the end of the day, we’ll be posting another daily recap right here on TeamARIN.

 

 

Get To Know the ARIN 35 Fellows

By the ARIN 35 Fellows

Only a few days are left until ARIN 35 takes to San Francisco. We’re getting excited and hope you are too! Coming to their first ARIN Public Policy and Members meeting are five fellows who are eager to learn more and dive into policy discussions at ARIN 35.

ARIN 35 Fellows
 

Get to know these ARIN 35 fellowship recipients so you can be sure to say hi and strike up a conversation with these outstanding individuals:

Andre Graham

Programme Coordinator, University College of the Caribbean – Jamaica

What is the #1 fun thing you hope to do while in San Francisco?

Riding the tram and visiting Fisherman’s Wharf.

Describe how you would modify a snail so it would go faster. 

Modify its shell and add wheels to it.

What interests you about ARIN?

With the advent of new and emerging technologies and the need for each device to have an IP address it is imperative to know how the change from IPv4 to IPv6 will impact these devices and communication in general on the various networking platforms. It is interesting to know that ARIN is actively seeking to educate and sensitize the region on how to make the switch from IPv4 to IPv6 and I would love to get the opportunity to be a part of this growing community. Additionally, I am also interested in the area of Internet Governance and the policies being put in place to manage this vast network and its implications for developing Caribbean nations.

How do you think your ARIN Meeting experience will benefit you or your organization when you return home?

In my capacity as a Programme Coordinator for the IT programmes at the University College of the Caribbean I will use my meeting experience and the knowledge gained at the meeting to disseminate the information to the stakeholders that I interface with.

If you could have one super power what would it be and why?

A combination of the powers of Batman, Superman, Spiderman and Hulk with the ability to heal myself.  This would help me to be able to assist persons in danger and to give the aggressors a beat down when necessary.

 

Stephen Ives

Sr. Network Engineer, Matanuska Telephone Assn. – Alaska, USA

What is the #1 fun thing you hope to do while in San Francisco?

Going to a Giants baseball game.

Describe how you would modify a snail so it would go faster.


I would attach lubricating system on the head and miniature water jets on the side so that it could slide faster.

What interests you about ARIN?

I’m interested in the decision making process for IP address allocation.

How do you think your ARIN Meeting experience will benefit you or your organization when you return home?

Allow us to better serve our customers with their IP addressing needs.

If you could have one super power what would it be and why?

My super power would be teleportation, because it would be the most comfortable and fastest way to travel.

 

Andrew Trudgeon

Manager, Scandia ISP Internet Inc. – Ontario, Canada

What is the #1 fun thing you hope to do while in San Francisco?

See the golden gate bridge and the full house tv show house haha.

Describe how you would modify a snail so it would go faster.

Rocket boosters, must have rocket booster.

What interests you about ARIN?

We are a small ISP and as such are always looking for ways to be most efficient. With IP addresses dwindled, moving to IPv6 has been a big under taking for us and would love more info or guidance on how we can better make this transition.

What do you intend to accomplish by attending an ARIN Meeting?

Gain industry knowledge and create friendships within the ARIN industry to help us move forward on the next big undertaking.

If you could have one super power what would it be and why?

Invisibility – seems like you could do a lot of things being invisible to help fight crime.

 

Michael SchlohMichael Schloh

Computer Scientist, MSvB Recherche – California, USA

What is the #1 fun thing you hope to do while in San Francisco?

Take a walk (or run) in some nice place, and visit a hackerspace.

Describe how you would modify a snail so it would go faster.

Give it excellent teammates and coworkers.

What interests you about ARIN? 

Network peering, routing, standardization, general network engineering, and keeping standards and implementations of exotic (like SCTP) protocols consistent during adoption.   But… I’m mostly interested in IPv6 and helping to promote it. I operate three IPv6 networks and try to be instrumental in motivating operators to migrate their legacy IPv4 nodes to IPv6.

What do you intend to accomplish by attending an ARIN Meeting?

Learn of the process that diverse interest groups and regions control the network landscape. I would also like to propose ideas, such as those originating from a current RTC communications project to advance Internet principles communication.   Secondly, I am a ‘Intel Innovator’ with the mandate to promote the Internet of Things (IoT) which I believe will only fly on robust IPv6 networks. This topic is worthy of idea exchange at the San Francisco meeting, as well as networking at home with those getting started with IoT and IPv6.   Lately I’ve been very active with the Tor project, and would like to network with others to enable and facilitate democratic information and communication via standardized interfaces.

If you could have one super power what would it be and why?

To be able to travel through time via a mayonnaise layer.

 

Jon AitchisonJon Aitchison

Senior Policy Advisor,Government of Canada – Ontario, Canada

What is the #1 fun thing you hope to do while in San Francisco?

Escape from Alcatraz.

Describe how you would modify a snail so it would go faster. 

I’d give my snail redbull, that stuff gives you wings.

What do you intend to accomplish by attending an ARIN Meeting?

I have participated in all forms of internet policy debate, whether it be from a private sector, Academic or Government policy perspective. I look forward to the opportunity to bring this experience to the conversation and to deepen/refresh my understanding of the technical discussions around internet architecture in order to inform my perspective on appropriate governance and security debates.

How do you think your ARIN Meeting experience will benefit you or your organization when you return home?

My goal is to deepen my technical knowledge and to understand all sides of the debates over internet’s future. Forward looking policy is difficult and exposure to big, mutifacted ideas is often difficult to solicit in one place. I hope this meeting will do just that and give me broader perspective on medium to long range issues.

If you could have one super power what would it be and why?

Bradley Cooper’s power from limitless. It’s great because it leverages what we all already have.  And if I could manufacture the pills I’d give them to everyone. It’d be great to be brilliant but better to be surrounded by brilliance.

 

Since its inception in 2009, the ARIN Fellowship program has allowed over forty different people to attend their first ARIN Meeting. ARIN warmly welcomes our newest ARIN Fellows to San Francisco and hopes you join their ranks in the future! Applications are already open for our next meeting ARIN 36 in Montreal, so take five short minutes to apply today.

 

What the FCC Net Neutrality Order Means for IP Addressing

By Cathy Handley, Executive Director of Government Affairs and Public Policy, ARIN

Earlier this year the US Federal Communications Commission (FCC) approved an “Open Internet Order” that reclassified broadband service providers as public utilities.  There’s been quite a bit of excitement recently about the FCC Reclassification Order and its references to public IP addresses, so it is worth taking a moment to review exactly what is in (and not in) the Order.

cables

As part of the reclassification of Internet services, the Order does expand the definition of “public switched network” to include IP addresses –

“Specifically, we revise the definition of “public switched network” to mean “the network that includes any common carrier switched network … that use[s] the North American Numbering Plan, or public IP addresses, …” (Reclassification Order  ¶ 391)

Public IP addresses are globally routable unicast IP addresses. See Internet Engineering Task Force, The Internet Numbers Registry System, RFC 7020 (Aug. 2013), https://tools.ietf.org/html/rfc7020 (discussing non- reserved globally unique unicast IP addresses assigned through the Internet Numbers Registry System).” (Reclassification Order  ¶ 391, note 1115)

It is quite understandable that this change has set off speculation about the implications, if any, for the existing Internet Numbers Registry System.  The Internet Numbers Registry System consists of parties well known to the Internet service provider community, including the IETF, IANA, ICANN, the Regional Internet Registries (RIRs), ISPs acting as Local Internet Registries, etc.  All told, more than 30,000 organizations globally participate through the RIRs in the Internet Numbers Registry System, and it has been instrumental to the successful growth of the Internet.

So, why did the FCC redefine “public switched network” in this manner, and does it portend an attempt to take over the Internet?  Should the IETF, ICANN, and the RIRs be concerned about future FCC regulations affecting IP address policy?

The short answer to the first question of “why redefine public switched network to include IP addresses?” is simply that in order to include mobile Internet users in the scope of its network neutrality order, the FCC needed to make clear that these users are receiving “commercial mobile services” which are interconnected by nature to a “public switched network” (and thus subject to regulation by the existing regulatory framework).  The FCC updates to these definitions could be seen as reflecting the changes in technology over the last decade and the now ubiquitous use of mobile Internet services by the public.

As to the second question of “should the IETF, ICANN, and the RIRs be concerned about future FCC regulations affecting IP address policy?”, it is probably best to simply look further into the Order for the intent –

“This definitional change to our regulations in no way asserts Commission jurisdiction over the assignment or management of IP addressing by the Internet Numbers Registry System.”  (Reclassification Order  ¶ 391, note 1116)

The FCC recognizes the huge economic, social, and civic benefits afforded by the Internet, and while their Open Internet Order does reference “public IP addresses”, it is clear that this is driven by the desire to place mobile Internet services within regulatory framework rather than any attempt or desire to change the existing and remarkable successful Internet Numbers Registry System.

 

Tinkering with IPv6 on a Home Router

Working in the IT world, Chris Harvey was naturally curious about IPv6, so he decided to set up IPv6 on his home network when it was time to upgrade his router, and now he blogs about his experience.

Guest blog post by Chris Harvey

Some may say I’m crazy, and a few of them would be right, but I’ve long tracked the growth of IPv6 given that I worked at Comcast for a number of years and my manager was instrumental in the Comcast push into IPv6. As a result it’s been fairly well drummed into me that this is something we all have to tackle at some point, or else the results of inaction will tackle everyone to the ground.

I guess you could say that I’m lucky enough to have been in the IT world for all of my career, so I’m one of many IT savvy people that are not too phased by configuring networks and getting my seemingly ever growing body of electrical devices connected to a network. Having said that, what less IT literate folks realize (I’m thinking of my mother here) is that even for those of us “in” the industry, change is usually a learning process too. We just have a level of experience to lean on that helps us catch on a little quicker than someone who’s not exposed at all.

I can clearly remember a few (ok, maybe many) years ago being completely mystified by many aspects of IT that my more senior and experienced colleagues took for granted. My point of saying this is, don’t think “it must be easy for him, because he knows what he’s doing”. Well actually most of the time I don’t, I’m just trying things and seeing the results. I may be able to interpret the results faster than someone with no experience, but I don’t have a magic wand that instantly makes me understand the new technology any more than my mother leaning on years of cooking experience to realize that leaving that toast in for just a bit too long is going to burn it.

Being “in” the industry always makes me lean towards new projects like initiating IPv6 with both a little excitement and trepidation. For my wife it’s more a dread of “oh great, now I’m going to lose my husband to the computer for two days while he figures this out, and in that time nothing else will get done”. That being said, it was time to upgrade my router from Comcast. I’d received a few emails saying it needed upgrading, so I decided to make the change knowing that the next generation of DOCSIS 3 modems would finally give me access to IPv6 for all my computers, tablets, phones and other ancillary and ever-connected devices in the house.

Frankly, enabling IPv6 couldn’t have been easier. Of course I made it much more complex by trying to understand the changes and morph them to my own desires.  At the end of the day simply plugging in the new modem was enough of a change to enable IPv6 to the devices on my network that could already speak that language, which is about every single one of them.

Because it would be pretty boring if I just stopped there, let me give a little more detail around what I did do, what worked and what didn’t and where I’ve ended up.

Firstly, it’s worth knowing we have an almost entirely Apple-based house. There are some devices in my house that are not Apple products, such as Internet radios and wireless HVAC thermostats, but mostly it’s Apple products. OSX has been IPv6-enabled for a long time so I expected this to be relatively easy and in fact it was.

Comcast supplied the modem, and it was provisioned into the account by customer care when I picked it up. Once home, I plugged it into the power and the coax cable. It took a few minutes to get up and running, but all status lights came on correctly.

The xfinity modem by default has a home WIFI which you can either immediately use with the SSID passcode that’s provided, or using the admin interface, you can rename it. Whether you connect an ethernet cable directly to the modem or use the WIFI, it’s IPv6-enabled.

The administration screen is easy to access, although not all that obvious, but Google (or the search engine of your choice) solved that. Essentially from any of your devices that connect to the modem, either hard wired, or wirelessly through the SSID mentioned above, the admin screen can be found on 10.0.0.1 and the administrative credentials are easily found online. As you’d expect, you cannot administer this from the outside network unless you specifically enable it, so just because the admin user’s ID and password are easily discovered, doesn’t mean anyone can access your router.

Since I already have an Apple Airport that is my wireless router, I wanted to keep it. The modem by default comes configured as a router, so having another one inside the network means you end up with a “double NAT” scenario. I’ve yet to find anything specifically poor about this arrangement, but it’s certainly not ideal, and it does not allow for you to have an IPv6 address on your devices. So for that reason, I put the new modem into a “bridge mode”, which essentially makes it transparent to the network and passes traffic through to my Airport which means my devices automagically obtain IPv6 addresses.

To test whether you either have or are using an IPv6 address, the easiest method is to use your web browser. There are many sites to choose from, but I found these two particularly useful: http://test-ipv6.com and http://ipv6-test.com, with the latter doing a very nice job of telling you what your browser is doing. If you want to do something a little more hardcore, you can issue the following command on an OSX terminal.

ifconfig en1

en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500

ether c8:e0:cb:1c:48:69

inet6 fe80::cbb0:ebff:f3fc:4869%en1 prefixlen 64 scopeid 0x5

inet 192.168.0.30 netmask 0xffffff00 broadcast 192.168.0.255

inet6 2601:8:a80:edef9:cab0:ebff:fe3c:4869 prefixlen 64 autoconf

inet6 2601:8:a80:edef9:dd47:5cd1:eaa1:1a4a prefixlen 64 deprecated autoconf temporary

inet6 2601:8:a80:edef9:5ded:d7c2:27b8:de85 prefixlen 64 autoconf temporary

nd6 options=1<PERFORMNUD>

media: autoselect

status: active

But at the end of the day, you shouldn’t need to do this. The point of IPv6 is that it simply works, so you shouldn’t need to mess around trying to make it work. The new modem and the Airport negotiate how to handle the address allocation, and it all works smoothly.

I took a bunch of extra steps that I could document for you regarding setting up my guest network, allocating a different network segment for it and essentially delving pretty deep into getting things setup how I wanted.  But in the end, the only thing I really needed to do to ensure my Airport environment worked was to alter the modem to bridge mode. If I didn’t have my own router and wanted to use the built in SSID that comes on the modem, which by the way you can rename if you want to, then out of the box my IPv6-capable devices would all have started using IPv6. Where they don’t, they fall back to IPv4, which we all still mostly rely on. I note with interest that my Airport Utility still has a strong focus on IPv4. Although it supports IPv6 transparently, any IP setup option still mostly involves IPv4 addresses. I wonder if that will change over time?

 

Chris HarveyChris has over 20 years of experience in the computer industry, including software sales engineering, implementation, consulting and solutions architecture. Chris’ career diversity stems from many years as a successful independent consultant, sales engineer, internal and external solutions architect; all within a variety of well respected companies in senior positions providing leadership, mentoring, product or solution delivery.

 

 

 

 

Defining Depletion: IPv4 Address Availability in the ARIN Region

By Richard Jimmerson, Chief Information Officer, ARIN

Here at ARIN we have been actively discussing the depletion of the IPv4 free pool for many years. Our goal has been to prepare the Internet community for the day when we can no longer issue IPv4 address space to those who need it. As that day approaches, there has been increased interest in how IPv4 addresses are issued and what the options are after we reach depletion. To help provide more insight into the status of IPv4 at ARIN, this will be the first of a blog series to keep you informed about IPv4 depletion and the current status of IP addresses remaining in our free pool.

IPv4 Depletion is Real

One of the major milestones of IPv4 depletion was in February 2011 when the Internet Assigned Numbers Authority (IANA) issued their final /8 blocks to each of the Regional Internet Registries (RIRs). Working with our final /8 blocks, each of the RIRs were well into establishing their respective countdown to depletion procedures.

In the ARIN region, a four-phase countdown plan was created that described how ARIN would distribute its remaining IPv4 address blocks. Today we are in the 4th and final phase of that countdown plan.

Remaining IPv4 Inventory 18 March 2015We have also been publishing information on a regular basis about the remaining IPv4 free pool inventory at ARIN. As of today, our IPv4 inventory stands at .31 of a /8. We also publish the number of discrete block sizes that remain in the inventory. This information is available and updated daily at our IPv4 depletion information page. In addition to the inventory, you can also find information about the various options to obtain IPv4 address space through ARIN policies as the ARIN IPv4 free pool depletes.

Defining Depletion

Depletion means different things in different parts of the world. In some of the other Regional Internet Registries, depletion has been associated with the triggering of “final” IPv4 regional number resource policy when the RIR dug into it’s last /8 of inventory. For ARIN no such policy existed, but we have already been issuing from our last /8 for almost a year now. ARIN’s current IPv4 inventory no longer includes /8s, /9s, or /10s, so depletion of these size blocks has already occurred.

Within the ARIN region, depletion status varies depending on the needs of an organization. For some larger organizations in the ARIN region, their IPv4 address space needs going forward may exceed the amount they can obtain from ARIN’s remaining inventory, i.e., depletion has effectively already occurred for these organizations. For others, depletion will soon become a reality.

We expect to receive requests in the coming months that qualify for IPv4 block sizes that are no longer available in ARIN’s inventory. In these cases, organizations may elect to be placed on a waiting list for their qualified block size, or elect to receive a smaller block size that is still available in the ARIN inventory. Organizations may also obtain IPv4 address space through a transfer from another organization. More information about these options are available at our IPv4 depletion page.

As ARIN gets closer to IPv4 free pool depletion in the coming months, we will provide additional updates. If you have ideas for topics or questions that you’d like us to address in this blog series, please let us know in the comments below or on social media.