1. 1 of 23

3. Richard Jimmerson Chief Information Officer Internet Governance

5. 5 of 23

6. 6 of 23

7. 7 of 23

8. 8 of 23

9. 9 of 23

10. Number Resource Provisioning Hierarchy ICANN / IANA (Internet Assigned Numbers Authority) Manage global unallocated IP address pool ISPs End Users ISPs RIRs (AfriNIC, APNIC, ARIN, LACNIC, RIPE NCC) Manage regional unallocated IP address pool Re-AllocateRe-Assign End Users Allocate AssignAllocate

11. Richard Jimmerson Chief Information Officer ARIN History & Overview

12. 1993 IR function contracted by NSF to NSI; InterNIC, APNIC formed. DoD oversight ends.   Registrant 1992 RFC 1366: Regional IRs established; RIPE NCC formed   Registrant 1991 RFC 1261: DoD IR function contract moved to Network Solutions, Inc.   Registrant 1980s Internet Registry (IR) function contracted by DoD to SRI International   Registrant 1980s NSFNET/ARPANET - Jon Postel managed addressing via DoD contract; this was called the Internet Assigned Numbers Authority (IANA)  Registrant Government Oversight Historical Timeline DDN NIC InterNIC

13. Historical Timeline 2005 Regionalization complete; AfriNIC formed   Registrant 2002 Regionalization continues; LACNIC formed   Registrant 1998 ICANN formed   Registrant 1997 IR regionalization completed; ARIN formed. USG oversight of IR function ends.   Registrant Community Oversight

14. Regional Internet Registries

15. The NRO exists to protect the unallocated number resource pool, to promote and protect the bottom-up policy development process, and to act as a focal point for Internet community input into the RIR system. Number Resource Organization

16. ARIN’s Service Region ARIN’s region includesCanada, many Caribbean and North Atlantic islands, and the United States.

17. Nonprofit Membership Organization Community- regulated Fee for services, not number resources 100% community funded Open Broad-based - Private sector - Public sector - Civil society Community developed policies Member-elected executive board Open and transparent RIR Structure

18. Number ResourcesOrganizationPolicy Development IP address allocation & assignment ASN assignment Directory services WHOIS IRR Reverse DNS Elections Meetings Information dissemination Website Newsletters Roundtables Training Maintain e-mail discussion lists Conduct public policy meetings Publish policy documents RIR Services

19. About ARIN One of five Regional Internet Registries Services 25 Economies in the Caribbean and North America Nonprofit corporation based in Chantilly, VA Established December 1997 100% community funded

20. Applying the principles of stewardship, ARIN, a nonprofit corporation: – allocates Internet Protocol resources; – develops consensus-based policies; and – facilitates the advancement of the Internet through information and educational outreach. ARIN’s Mission

21. ARIN’s Services Like the other RIRs, ARIN: – Allocates and assigns Internet number resources – Maintains WHOIS, in-addr.arpa, and other community services – Participates in the global Internet community – Facilitates policy development – Is a nonprofit, membership organization

22. Registration Services Manage Internet number resources and related services Manage Directory Services (WHOIS & IRR)

23. Organization Services Public Policy & Members Meetings Executive Board Elections

24. Organization Services Information publication and dissemination Education & Training

25. Organizational Chart

26. Learn More and Get Involved Your participation Important, critical, needed, appreciated… Get Involved in ARIN Public Policy Mailing List Member Elections Attend a Meeting http://www.arin.net/participate/ 26

27. Next ARIN Meeting Remote participation Policy discussions Tutorials Social event Adjacent to NANOG https://www.arin.net/participate/meetings

28. Einar Bohlin Policy Analyst The ARIN Policy Development Process

29. Overview What is a Policy The Policy Development Process – Origin – Principles – Process Steps A Case Study and Some Examples

30. Number Resource Policy Manual (NRPM) NRPM is ARIN’s policy document – Version 2010.2 (7 June 2010) – This is the 19 th version Contains Change Logs Available as PDF Index https://www.arin.net/policy/nrpm.html

31. Policies in the NRPM IPv4 Address Space IPv6 Address Space Autonomous System Numbers (ASNs) Directory Services (WHOIS) Reverse DNS (in-addr) Transfers Experimental Assignments Resource Review Policy

32. Policy Development Process (PDP) Flowchart Proposal Template Archive Movie https://www.arin.net/policy/pdp.html

33. PDP Origin - Rough Consensus The foundation of the PDP Rough consensus is a term used in consensus decision-making to indicate the "sense of the group" concerning a particular matter under consideration.* Note that 51% of the working group does not qualify as "rough consensus" and 99% is better than rough.* (*from wikipedia.org)

34. Consensus Decision Making* (*from wikipedia.org)

35. PDP Versions Current version is the 4 th First written version - April 2001 Two revisions Major overhaul - January 2009

36. The current PDP Empowers the Advisory Council as a development body (balanced by expanded petitions) Establishes goal = clear, technically sound and useful policy Requires staff and legal assessments and freezes text prior to Public Policy Meetings

37. Process Principles Open Forum - Anyone can participate Public Policy Mailing List Public Policy Meetings Transparent PDP documented Policies documented Meetings documented Bottom Up ARIN does not create policy, ARIN implements it

38. Roles Community Submit proposals! If there is a problem, raise it Comment on proposals (in favor or not?) Participate in Petitions Advisory Council “AC” (elected volunteers) Write the policy text to ensure that it is clear, technically sound and useful Determine Consensus

39. Roles ARIN “Board” (elected volunteers) Provide process oversight Provide corporate fiduciary oversight ARIN Staff Provide feedback Clarity and Understanding Staff Assessments Implement Policy

40. Basic Steps 1.Community member submits a proposal 2.Community discusses the proposal on the “List” 3.AC creates a draft policy or abandons the proposal 4.Community discusses the draft policy on the “List” and at the meeting 5.AC conducts its consensus review 6.Community performs last call 7.Board adopts 8.Staff implements

41. Petitions Anyone dissatisfied with a decision by the AC can petition to keep the proposal moving forward 1.Petition to bring proposal to list and meeting 4 successful* 3 unsuccessful 2. Last call petition (to send to Board) One – unsuccessful *2 ultimately abandoned, 2 under discussion

42. Public Policy Mailing List Open to anyone Easy to subscribe to Contains: ideas, proposals, draft policies, last calls, announcements of adoption and implementation, and petitions Archives RSS available for ARIN only posts https://www.arin.net/participate/mailing_lists/index.html

43. The ARIN Website

44. How to monitor and not be overwhelmed? The AC meets monthly Front page of the ARIN site to see proposals and draft policies under discussion New proposals need feedback for the AC’s initial decision Web site will help you focus on what’s important to you and your company

45. ARIN Meetings Two meetings a year Check the ARIN Public Policy Meeting site 4-6 weeks prior to meeting Proposals/Draft Policies on Agenda Discussion Guide (summaries and text) Attend in Person/Remote AC meeting last day Watch list for AC’s decisions Last Calls – For or against?

46. Policy Participation You must be a member to Vote for AC and Board Nominate for those positions Don’t let others say that such and such can’t be done because ARIN won’t allow it https://www.arin.net/participate/elections/index.html

47. Total Draft Policies Active current drafts – 7 Adopted – 57 (plus 2 more global policies awaiting ICANN Board review) Abandoned – 46

48. A Case Study: Policy 2008-5

49. 2008-5 Summary Name: Dedicated IPv4 block to facilitate IPv6 Deployment (2008-5) Proposal: Reserve some IPv4 space (a /10), and make it available to organizations that need some IPv4 space to deploy IPv6. Rationale: “[This policy] will facilitate IPv6 deployment by ensuring that some small chunks of IPv4 space will remain available for a long time to ease the co-existence of IPv4 & IPv6.”

50. Policy 2008-5 History Proposal was submitted on June 2008. Draft policy text discussed on the list and at ARIN XXII meeting (Oct 2008). The policy was sent to last call (Oct/Nov). Minor revision by the AC, reposted to last call Nov/Dec. Adopted by the Board 5 Jan 2009. Implemented 1 Apr 2009 (NRPM Section 4.10). https://www.arin.net/policy/proposals/2008_5.html

51. Policy Examples Adopted 2010-2: /24 End User Minimum Assignment Unit (to be implemented early September) 2009-8: Equitable IPv4 Run-Out (ISP allocation timeframe to reduce from 12 months to 3 upon receipt of last /8) 2009-1: Transfer Policy (transfers allowed to specified recipients, based on need) Abandoned 2010-7: Simplified IPv6 (Everyone allowed one each of the following /48, /40, /32, /28, /24) 2007-27: Cooperative distribution of the end of the IPv4 free pool (RIR to RIR requests)

52. References Policy Development Process https://www.arin.net/policy/pdp.html https://www.arin.net/policy/pdp.html Draft Policies and Proposals https://www.arin.net/policy/proposals/index.html https://www.arin.net/policy/proposals/index.html Number Resource Policy Manual https://www.arin.net/policy/nrpm.html https://www.arin.net/policy/nrpm.html

53. Suggestions -> Policy

54. Policies Under Discussion Einar Bohlin Policy Analyst

55. Draft Policies 7 on PPML for discussion and feedback right now They will be presented and discussed at ARIN meeting in Atlanta You have two ways to voice your opinion about these, on the PPML or at the PPM (in person or remote)

56. 2010-8 Rework of IPv6 assignment criteria Allows almost all organizations to receive a /48 or larger block. Organizations can request a block that would allow each site in their network to be assigned a /48. Criteria: have an IPv4 end user assignment; or be multi- homed; or provide technical justification why upstream space will not suffice. Also allows space for non-connected (private) networks. Point: Makes available IPv6 assignments from ARIN to most organizations, connected or not. Text is being worked on (carried over from previous ARIN meeting)

57. 2010-9 IPv6 for 6rd Allows organizations with at least two blocks of non-contiguous IPv4 space to request an IPv6 /32 or larger block to be used for a 6rd deployment. These allocations/assignments will be reviewed every 3 years by ARIN staff. Point: IPv6 allocations specifically for 6rd.

58. 2010-10 (Global Proposal): Global Policy for IPv4 Allocations by the IANA Post Exhaustion Establishes an IANA reclamation pool of IPv4 address space. This pool will be comprised of any “eligible” IPv4 address space returned to IANA. Point: Allows IANA to allocate space after the free pool is gone. Assumes IANA will get space back.

59. 2010-11 Required Resource Reviews Requires ARIN staff to initiate resource reviews when M&A activity occurs but IP addresses are not transferred; when fraud or abuse is reported to ARIN (either about a specific IP address range or about an organization); when a specified recipient transfer occurs; or when staff are reviewing an additional IP address request and find that more than a quarter of an ISP’s downstream SWIPs are covered under the Residential Customer Privacy policy. Point: Original policy said ARIN can do reviews, how often, and what can happen after a review, etc. This proposal adds mandatory triggers which cause reviews.

60. 2010-12 IPv6 Subsequent Allocation Allows an additional IPv6 allocation for transitional technologies (IPv4 to IPv6). The allocations will be reviewed every 3 years by ARIN staff. Point: IPv6 space for IPv4 to IPv6 transition technologies (like 6rd).

61. 2010-13 Permitted Uses of space reserved under NRPM 4.10 – Ups the reserved space from a /10 to the actual entire /8. – Makes two pools of space available, both of which can be drawn from by an organization. "Part A" for ISPs to issue single addressess to customers (/24 to /18, max /16, 6 months, customers must be using IPv6). "Part B" for ISPs or end users to deploy IPv6 (/28 to /24, max /20, 6 months, assignment/infrastructure.) Part A gets 3/4 of the /8. Part B gets 1/4. – Space returned to ARIN goes to the 4.10 pool or back to IANA. – Utilization is 80% most recent, 90% other space. Utilization must be for transitional technology purposes (examples provided). – Quarterly reviews. With allocation/assignment reduction possible. [Point: The current policy makes IPv4 space available to facilitate IPv6 deployment (/28 to /24, 6 months). The proposal expands the reserved block, makes larger allocations available, attempts to replenish the block with returns, has stricter utilization both in terms of percentages and permitted use, and adds quarterly monitoring.]

62. 2010-14 Standardize IP Reassignment Registration Requirements The policy: – Specifies that organization information is: Legal name, street address, and one technical POC and one abuse POC. Each POC must have an email and phone number. – Defines residential customer. – Expands the current Cable Address Policy with a broader policy applicable to all Residential Market Areas. – Extends the Residential Market Area policy to IPv6. – Broadens the threshold for required SWIPing in IPv6 from /56 to /64. – Allows a resource review when ARIN believes an organization is not complying with reassignment policy. Point: Specifies what organizational information is required to be added to WHOIS, defines residential customer, expands the current cable only residential policy to all residential areas (makes it easier to register utilization and apply for more), requires individual IPv6 subnets be registered in WHOIS, and allows for resource reviews for failure to comply with reassignment policy.

63. Do any of these possibly impact you? You have two ways to voice your opinion about these, on the PPML or at the PPM (in person or remote)

64. References Draft Policies & Proposals – https://www.arin.net/policy/proposals/ind ex.html

65. ARIN Services Jon Worley Senior Resource Analyst

66. Current Policies

67. /24s are back! Only for multi-homed end-users Must still show at least 25% used immediately and at least 50% used within one year Must renumber and return to get another block

68. IPv4 For The Rest of Us Single-homed end-users – /20 minimum; show at least 25% used immediately and at least 50% within a year ISPs – Single-homed: /20 minimum, show you’re already using a /20 (or equivalent) – Multi-homed: /22 minimum, show you’re already using a /23 (or equivalent), agree to renumber

69. Additional IPv4 Allocations Show you’ve efficiently used all previous allocations and at least 80% of your most recent allocation ISPs allowed to request a three month supply of addresses for their first year, then a twelve month supply after that Allocation size based on demonstrated utilization rate, not projected growth – Block size lags growth

70. Special Policies Multiple Discrete Networks – Networks operated separately from one another – Can request IPs for networks that need more, even when other networks aren’t fully used, as long as some basic overall criteria are met Cable ISPs – Show 80% of IPs assigned, with a 50-80% utilization rate

71. What ARIN Will Need ISPs – List of dynamic pools with information on purpose, utilization metrics, etc – List of statically assigned customers with subnets/IPs /29 and larger need to be published via SWIP/Rwhois Can mark name/street address private if the service is delivered to a residence End-users – Subnet mappings for any previous assignments – Proposed subnet mapping for new block

72. New Aspects to IPv4 Requests Officer attestation – Required by ARIN’s Board of Trustees – Prior to approval, officer is sent request data via e-mail, reviews, and replies to verify data is correct Utilization data for previous allocations – Has always been required by policy – Typically a utilization percentage, although may ask for more if needed

73. Many legacy IPv4 registrations are no longer used We can definitely rely on our community to be good samaritans and return them, right? What about unused IPv4 addresses?

75. Enter NRPM 8.3 NRPM policy 8.3 allows orgs with unused IPv4 addresses to transfer them to a network that needs IPv4 addresses Network must qualify for the IPv4 addresses under a current ARIN policy ARIN will operate a listing service Why? IPv4 depletion

76. IPv6 Policies ISPs – Known, existing ISPs automatically qualify – /32 minimum Really really really big; ~4.2 Billion subnets End-users – Typically qualify by showing you qualify for IPv4 – /48 minimum 65,536 subnets Qualify for larger by showing proposed use – Guidelines: /48 for a large site, /56 for a small site

77. Interacting With ARIN

78. Service Delivery ARIN services traditionally delivered via e-mail Not reliable – E-mails get lost in the bit bucket Errors not noted until reviewed by ARIN – Delays your request by hours or days There’s got to be a better way!

79. ARIN Online All services to be delivered through the web site via ARIN Online (eventually) Has been available for ~1 year Accounts are new – If you didn’t create one in the past year, create a new one, even if you already have records in Whois

80. Linking your ARIN Online Account ARIN Online account is associated with your Whois records by linking to your POC handle(s) To link, need to be able to get e-mail sent to an e-mail address listed on the handle Linking to the POC handle allows you to access Org IDs/resources associated with that handle

81. Recovering Old Records POC handle that is yours, but has an incorrect e-mail address – POC Recovery Org ID has no valid POC handles listed – Org recovery

82. Current ARIN Online Functionality Org and POC management Ask ARIN Bulk WHOIS – FTP service retired – XML tagging – Easy to automate using API keys Reassignment Reports

83. Future Functionality Manage in-addr.arpa zones Request and modify AS numbers and IP addresses Manage reassignment information

84. New Services

85. POC Validation NRPM 3.6.1 requires ARIN to contact POCs annually to validate information If information is correct, just click URL in message Otherwise, use ARIN Online to set up account, then validate on POC page

86. WhoisRWS Port 80 queries much improved – XML tagging – Retrieve data via URL Frequently updated (many times per day, instead of once a day) – in-addr.arpa zones still daily Query syntax has changed

87. RPKI X.509 certificates for direct registrants of IPv4 and IPv6 addresses Pilot program at http://rpki- pilot.arin.net has been operating since July 2009 Production system in the near future

88. DNSSEC Cryptographically sign in-addr.arpa delegations ARIN’s /8 zones are signed as trust anchors since in-addr.arpa isn’t signed yet Users able to add DS records to sign their own delegations by the end of the year

89. Outreach And Education

90. Outreach & Education Services Online education resources Event Presentations Exhibits (direct and reverse) Media interviews

91. Outreach & Education Materials Fact and information sheets (and CDs) Multimedia pieces Giveaways (pens, stickers, etc.) Slide decks Comic books More…

92. TeamARIN Microsite http://TeamARIN.net – Event Calendar – Education – Blogs – Spread the word Public use slide deck Materials support request ARIN IPv6 wiki http://getipv6.info ARIN Resource Links

93. ARIN on Social Media Facebook – www.facebook.com/TeamARIN Twitter – www.twitter.com/TeamARIN LinkedIn – www.linkedin.com YouTube – www.youtube.com/TeamARIN

94. IPv4 Depletion IPv6 Adoption 6 August 2010 14 /8s Remaining

95. Quick History of the Internet Protocol Internet Protocol version 4 (IPv4, or just “IP”) – First developed for the original Internet (ARPANET) in spring 1978 – Deployed globally with growth of the Internet – Total of 4 billion IP addresses available – Well entrenched and used by every ISP and hosting company to connect customers to the Internet – Allocated based on documented need Internet Protocol version 6 (IPv6) – Design started in 1993 when IETF forecasts showed IPv4 depletion between 2010 and 2017 – Completed, tested, and available for production since 1999 – Total of 340,282,366,920,938,463,463,374,607,431,768,211,456 IP addresses available – Used and managed similar to IPv4

96. About IPv4 and IPv6 IP versionIPv4IPv6 Deployed 19811999 Address Size 32-bit number128-bit number Address Format Dotted Decimal Notation: 192.0.2.76 Hexadecimal Notation: 2001:0DB8:0234:AB00: 0123:4567:8901:ABCD Number of Addresses 2 32 = 4,294,967,2962 128 = 340,282,366,920,938,463, 463,374,607,431,768,211,456 Examples of Prefix Notation 192.0.2.0/24 10/8 (a “/8” block = 1/256 th of total IPv4 address space = 2 24 = 16,777,216 addresses) 2001:0DB8:0234::/48 2600:0000::/12

97. IPv4 Address Space Utilization * as of 6 August 2010

98. Available IPv4 Space in /8s In 2010, RIRs have been allocated twelve /8s blocks as of 6 August, leaving fourteen /8s unallocated (14/256 = 5.46%)

99. IPv4 Demand – RIR Allocations In 2010, RIRs have been allocated twelve /8s blocks as of 6 August.

100. IPv4 Depletion Situation Report The RIRs have needed between 8 and 12 /8s each year worldwide. There are 14 /8s remaining in the available pool as of 6 August 2010. Demand for IPv4 continues to grow from organizations around the world.

101. IPv4 & IPv6 - The Bottom Line We’re running out of IPv4 address space. IPv6 must be adopted for continued Internet growth. IPv6 is not backwards compatible with IPv4. We must maintain IPv4 and IPv6 simultaneously for many years. IPv6 deployment has begun.

102. RIRs have been allocating IPv6 address space since 1999. Thousands of organizations have received an IPv6 allocation to date. ARIN has IPv6 distribution policies for service providers, community networks, and end-user organizations. IPv6 Deployment has begun

103. IPv4 & IPv6 Coexistence Today, the Internet is predominantly based on IPv4. For the foreseeable future, the Internet must run both IP versions (IPv4 & IPv6) at the same time. (When done on a single device, this is called the “dual-stack” approach.) Deployment is already underway: Today, there are organizations attempting to reach your mail, web, and application servers via IPv6...

104. Action Plans What does this mean for: Broadband Access Providers? Internet Service Providers? Internet Content Providers? Enterprise Customers? Equipment Vendors? Government Organizations?

105. Call to Action Broadband Access Providers Your customers want access to the entire Internet, and this means IPv4 and IPv6 websites. Offering full access will require running IPv4/IPv6 transition services and is a significant engineering project. Multiple transition technologies are available, and each provider needs to make its own architectural decisions.

106. Call to Action Internet Service Providers Plan out how to connect businesses via IPv6- only and IPv4/IPv6 in addition to IPv4-only. Businesses are beginning to ask for IPv6 over their existing Internet connections and for their co-located servers. Communicate with your peers and vendors about IPv6, and confirm their timelines for production IPv6 services.

107. Call to Action Internet Content Providers Content must be reachable to newer Internet customers. Content served only via IPv4 will be accessed by IPv6 customers via transition solutions run by the access providers. Plan on serving content via IPv6 in addition to IPv4 as soon as possible.

108. Call to Action Enterprise Customers Mail, web, and application servers must be reachable via IPv6 in addition to IPv4. Open a dialogue with your Internet Service Provider about providing IPv6 services. Each organization must decide on timelines, and investment level will vary.

109. Call to Action Equipment Vendors There was probably limited demand for IPv6 in the past. Demand for IPv6 support will become mandatory very, very quickly. Introduce IPv6 support into your product cycle as soon as possible.

110. Awareness Coordinate with industry Adopt incentives Regulatory Economic Support and promote awareness and educational activities Require IPv6-compatibility in procurement procedures Officially adopt IPv6 Call to Action Government Organizations

111. IPv6 Adoption Needs IPv6 address space IPv6 connectivity (native or tunneled) Operating systems, software, and network management tool upgrades Router, firewall, and other hardware upgrades IT staff and customer service training

112. Resources – Community Use Slide Deck – IPv6 Wiki – Information Page at www.arin.net/knowledge/v4-v6.html www.arin.net/knowledge/v4-v6.html – Outreach Microsite: www.TeamARIN.net www.TeamARIN.net – Social Media at ARIN www.arin.net/social.html www.arin.net/social.html – ARIN Board Resolution – Letter to CEOs

113. Learn More and Get Involved Learn more about IPv6 www.arin.net www.getipv6.info www.TeamARIN.net Get Involved in ARIN Public Policy Mailing List Attend a Meeting http://www.arin.net/participate/