1. Louisville, Kentucky 11 September 2012

2. ARIN Speakers Einar Bohlin, Senior Policy Analyst Tim Christensen, Quality Assurance Manager Jon Worley, Senior Resource Analyst Special Guest Bill Darte, ARIN Advisory Council

3. Today’s Agenda ARIN and Internet Governance Requesting and Managing Internet Number Resources Automating Your Interactions with ARIN IPv4 Depletion and IPv6 Adoption in the ARIN Region Number Resource Policies and Procedures Networking Lunch ARIN’s Policy Development Process Current Number Resource Policy Discussions Securing DNS and Routing: DNSSEC and RPKI IPv4 Transfer Market Why Participate in the ARIN Community? Q&A / Open Mic Session

4. Let’s Get Started! Self introductions – Name – Organization Suggestions for discussion topics – ARIN topic that you are especially interested in

5. ARIN and Internet Governance Einar Bohlin Senior Policy Analyst

6. What is an RIR? An RIR is an organization that manages the allocation and registration of Internet number resources within a particular region of the world. – Internet number resources include IP addresses and autonomous system (AS) numbers.

7. Regional Internet Registries

8. Historical Timeline

10. Not-for-profit Membership Organization Community Regulated Fee for services, not number resources 100% community funded Broad-based - Private sector - Public sector - Civil society Community developed policies Member-elected executive board Open and transparent RIR Structure

11. Number ResourcesOrganizationPolicy Development IP address allocation & assignment ASN assignment Directory services Whois IRR Reverse DNS Elections Meetings Information dissemination Website Newsletters Roundtables Training Maintain email discussion lists Conduct public policy meetings Publish policy documents RIR Services

12. The NRO exists to protect the unallocated number resource pool, to promote and protect the bottom-up policy development process, and to act as a focal point for Internet community input into the RIR system. Number Resource Organization

13. Who Provisions IP Addresses & ASNs? ICANN IANA Top level technical coordination of the Internet (Names, Numbers, Root Servers) Manage global unallocated IP address pool Allocate number resources to RIRs RIR Manage regional unallocated IP address pool Allocate number resources to ISPs/LIRs Assign number resources to End-users ISP/LIR Manage local IP address pool for use by customers and for infrastructure Allocate number resources to ISPs Assign number resources to End-users

14. Number Resource Provisioning Hierarchy ICANN / IANA (Internet Assigned Numbers Authority) Manage global unallocated IP address pool ISPs End Users ISPs RIRs (AfriNIC, APNIC, ARIN, LACNIC, RIPE NCC) Manage regional unallocated IP address pool Re-AllocateRe-Assign End Users Allocate AssignAllocate

15. "Applying the principles of stewardship, ARIN, a nonprofit corporation, allocates Internet Protocol resources; develops consensus- based policies; and facilitates the advancement of the Internet through information and educational outreach."

16. About ARIN One of five Regional Internet Registries (RIRs) Established December 1997 Provides services related to the technical coordination and management of Internet number resources Is a non-profit, community-based organization governed by a member-elected executive board

17. ARIN’s Service Region ARIN’s region includes Canada, many Caribbean and North Atlantic islands, and the United States.

18. ARIN Structure

19. ARIN’s Core Services Like the other RIRs, ARIN: – Allocates and assigns Internet number resources – Maintains Whois, in-addr.arpa, and other technical services – Facilitates policy development – Provides training, education and outreach – Participates in the global Internet community

20. 2012 Community Outreach Events Upcoming Events include: – Caribbean Telecommunications Union ICT Roadshow – Barbados – ARIN on the Road (Louisville, Minneapolis) – Interop New York – ICANN 45 – NANOG 56 – Canadian ISP Summit

22. Internet Governance

23. Q&A

24. Jon Worley Senior Resource Analyst Requesting & Managing Internet Number Resources

25. Overview Request and Manage Number Resources – Recently Added ARIN Online Functionality – RESTful Provisioning Recently Implemented Policies Status of IPv4 Future Services

26. Major Changes in Functionality 1)Resource Requests 2)POC Validation 3)Reverse DNS Zone Management 4)DNSSEC 5)View Invoices 6)WhoWas

27. Requesting IP addresses & ASNs Via ARIN Online only Officer attestation for IP requests now done via a signed form (instead of email) Can no longer specify resource POCs or reverse DNS delegation in request

28. Annual POC Validation Annual validation of each POC handle required (NRPM 3.6) If an ARIN Online account is linked to any POC that has been unvalidated for 60+ days, the system forces validation by preventing the account from performing normal actions.

29. Reverse DNS All reverse zones managed individually now All zone management takes place inside ARIN Online or via REST calls (no templates!)

30. Reverse DNS in ARIN Online

32. Querying ARIN’s Whois Query for the zone directly: whois> 81.147.204.in-addr.arpa Name: 81.147.204.in-addr.arpa. Updated: 2006-05-15 NameServer: AUTHNS2.DNVR.QWEST.NET NameServer: AUTHNS3.STTL.QWEST.NET NameServer: AUTHNS1.MPLS.QWEST.NET Ref: http://whois.arin.net/rest/rdns/81.147.204.in-addr.arpa.

33. Reverse DNS ARIN issues blocks without any working DNS – Must establish delegations after registration

34. Reverse DNS Authority to manage reverse zones follows SWIP – “Shared Authority” model

35. Reverse DNS - Shared Authority Joe’s Bar and Grill has reassigned a /24 to HELLO WORLD. Both can manage the /24 zone.

36. DNSSEC Same interface as reverse DNS DS records generated by user Zone must have nameservers before you can add DS records

37. 1)Paste DS Record 2)Parse DS Record 3)Apply

38. View Invoices Can now view paid and open invoices via ARIN Online Goes back 2 years Available to Admin, Tech, and Billing POC

39. WhoWas Made publicly available in March 2012 Historical Information for registration of IP addresses and AS numbers Provided as a series of TSV files in.zip Requires agreement to WhoWas ToU

40. Template Changes Resource request templates deprecated Transfers and SWIPs still done with templates API key required to authorize processing – Generated via ARIN Online – http://www.arin.net/features/api_keys.ht ml http://www.arin.net/features/api_keys.ht ml

41. Routing Registry Upgrade New software deployed 9/29/2011 Support for MD5-PW and PGP authentication Mail-from works a little differently – If you encounter problems, contact us directly for a manual upgrade

42. Q&A

43. Tim Christensen Quality Assurance Manager Automating Your Interactions with ARIN

44. REST – The New Services Three RESTful Web Services – Whois-RWS Exposes our public Whois data via REST – Reg-RWS (or Registration-RWS) Registration and maintenance of your data in a programmatic fashion – Bulk Whois Download of Bulk Whois is now done RESTfully

45. What is REST? Representational State Transfer As applied to web services – defines a pattern of usage with HTTP to create, read, update, and delete (CRUD) data – “Resources” are addressable in URLs Very popular protocol model – Amazon S3, Yahoo & Google services, …

46. The BIG Advantage of REST Easily understood – Any modern programmer can incorporate it – Can look like web pages Re-uses HTTP in a simple manner – Many, many clients – Other HTTP advantages This is why it is very, very popular with Google, Amazon, Yahoo, Twitter, Facebook, YouTube, Flickr, …

47. What does it look like? And who can use it? Where the data is. What type of data it is. The ID of the data. It is a standard URL. Go ahead, put it into your browser.

48. Where can more information on REST be found? RESTful Web Services – O’Reilly Media – Leonard Richardson – Sam Ruby

49. Whois-RWS Publicly accessible, just like traditional Whois Searches and lookups on IP addresses, AS numbers, POCs, Orgs, etc… Very popular – As of March 2012, constitutes 60% of our query load For more information: – http://www.arin.net/resources/whoisrws/inde x.html

50. Registration RESTful Web Service (Reg-RWS) Programmatic way to interact with ARIN – Intended to be used for automation – Not meant to be used by humans Useful for ISPs that manage a large number of SWIP records Requires an investment of time to achieve those benefits

51. Reg-RWS Requires an API Key – You generate one in ARIN Online Register and manage your data – But only your data More information – http://www.arin.net/resources/restful- interfaces.html http://www.arin.net/resources/restful- interfaces.html – We are working on enhanced documentation – to be released soon

52. Example – Reassign Detailed Your automated system issues a PUT call to ARIN using the following URL: http://www.arin.net/rest/net/NET-10-129-0-0-1/reassign?apikey=API-1234-5678-9ABC-DEFG The call contains the following data: 4 HW-1 A Reassigned 10.129.0.0 10.129.0.255 24 NET-10-129-0-0-1 HELLOWORLD

53. Example – Reassign Detailed ARIN’s web server returns the following to your automated system: 4 Tue Jan 25 16:17:18 EST 2011 HW-1 NET-10-129-0-0-2 A Reassigned 10.129.0.0 10.129.0.255 24 NET-10-129-0-0-1 netName>HELLOWORLD Reg date and net handle added

54. Reg-RWS Has More Than Templates Only programmatic way to do IPv6 Reassign Simple Only programmatic way to manage Reverse DNS Only programmatic way to access your ARIN tickets

55. Testing Your Reg-RWS Client We offer an Operational Test & Evaluation environment for Reg-RWS Your real data, but isolated – Helps you develop against a real system without the worry that real data could get corrupted. For more information: – http://www.arin.net/announcements/201 1/20110215.html http://www.arin.net/announcements/201 1/20110215.html

56. Obtaining RESTful Assistance ARIN Online’s Ask ARIN feature arin-tech-discuss mailing list – Make sure to subscribe – Someone on the list will help you ASAP – Archives on the web site Registration Services Help Desk telephone not a good fit – Debugging these problems requires a detailed look at the method, URL, and payload being used

57. Bulk Whois You must first sign an AUP – ARIN staff will review your need to access bulk Whois data Also requires an API Key More information – http://www.arin.net/resources/request/bu lkwhois.html http://www.arin.net/resources/request/bu lkwhois.html

58. Q&A

59. Jon Worley Senior Resource Analyst IPv4 Depletion and IPv6 Adoption in the ARIN Region

60. Inventory Report IANA IPv4 free pool now exhausted – ARIN received its last /8 from IANA in mid- February At that time, ARIN had ~5.49 /8 equivalents in its available pool Daily inventory published on ARIN’s web site – Now includes CIDR breakdown

61. ARIN’s IPv4 Inventory As of 6 September 2012, ARIN has 3.03 /8s of IPv4 addresses remaining 61 IPv4 inventory published on ARIN’s website: www.arin.net www.arin.net Updated daily @ 8PM ET

62. ARIN 2012 Requests for IPv4 Address Space (by category)

63. 2012 IPv4 Delegations Issued by ARIN (listed in /24s)

64. IPv4 ISP Annual Burn Rate

65. ARIN’s IPv4 Free Pool

66. Corrected IPv4 Free Pool

67. Linear Depletion Projection

68. Run On The Bank Projection

69. ARIN’s IPv4 Countdown Plan Phased implementation Phase 2: 3 /8 Equivalents Left – /16 and larger requests team-reviewed in a first in, first out fashion – 60 days to complete payment/RSA for IPv4 requests – IPv4 hold period moves from 6 to 3 months

70. ARIN’s IPv4 Countdown Plan Phase 3: 2 /8 Equivalents Left – Examine process changes implemented in phase 2 and adjust as necessary Phase 4: 1 /8 Equivalent Left – All IPv4 requests team-reviewed and processed on a first in, first out basis – IPv4 hold period drops to 1 month

71. IPv4 Waiting List Starts when ARIN can’t fill a justified request Option to specify smallest acceptable size If no block available between approved and smallest acceptable size, option to go on the waiting list May receive only one allocation every three months

72. IPv4 Churn IPv4 addresses go back into ARIN’s free pool 3 ways – Return = voluntary – Revoke = for cause (usually nonpayment) – Reclaimed = fraud or business dissolution 3.54 /8s received back since 2005 – /8 equivalent returned to IANA in 2012

73. Burn Rate vs. Churn Rate

74. ARIN 2012 IPv6 Address Allocations & Requests

75. IPv4 vs IPv6 Subscribers Total of 4,190 ISP Subscriber Members *as of 6 Sept 2012

76. ISP Members with IPv4 and IPv6

77. The Solution to IPv4 Depletion IPv6 must be adopted for continued internet growth Now is the time to deploy IPv6

78. Interest in IPv6 ARIN IPv6 Address Requests

79. IPv6 on the Rise ARIN IPv6 Allocations and Assignments

80. Everyone needs an IPv6 Plan Each organization must decide on a unique IPv6 deployment plan right for them – Timeline will vary – Investment level will vary

81. Your IPv6 Check List IPv6 address space IPv6 connectivity (native or tunneled) Operating systems, software, and network management tool upgrades Router, firewall, and other hardware upgrades IT staff and customer service training

82. Take steps toward IPv6 Visit the ARIN IPv6 Info Center www.arin.net/knowledge/ipv6_info_center.html

83. Resources www.ARIN.net www.GetIPv6.info www.TeamARIN.net http://www.InternetSociety.org/ Deploy360/ http://www.NANOG.org/archives/

84. Q&A

85. Jon Worley Senior Resource Analyst Number Resource Policies and Procedures

86. 3 Month Supply For ISPs Prior to IANA IPv4 exhaustion, experienced ISPs could get a 12 month supply Dropped to 3 month supply immediately upon IANA exhaustion

87. IPv6 End-user Changes Before: Block size based on HD-Ratio – Complex (used logarithms) After: Block size based solely on number of sites within a network Number of SitesBlock Size Justified 1/48 2-12/44 13-192/40 193-3,072/36 3,073-49,152/32

88. IPv6 End User Block Sizes * Since new policy implemented on 3/16/2011

89. Better IPv6 Allocation for ISPs Block size based on three things: – number of serving sites – number of customers at largest serving site – prefix length to be assigned to customers Nibble-aligned Can request a second initial allocation Not required to deploy in this manner

90. IPv6 ISP Block Sizes * Since new policy implemented 9/27/2011

91. Standardize IP Reassignment Registration Requirements Abuse contact required Residential ISPs with dynamic pools: – must submit SWIP information for each market area – must show 80% assigned with a 50-80% utilization rate across markets IPv6 /64 and larger static reassignments must be visible via SWIP/RWhois

92. IPv6 Subsequent Allocations for Transitional Technologies Additional allocation for IPv4 -> IPv6 transitional technology (usually 6rd) /24 maximum allocation – Allows a typical ISP to map a /56 to each of their existing IPv4 addresses in a 6rd deployment 8 allocations issued – 2 /24s, 2 /28s, 4 /32s

93. M&A Transfer Changes Must develop a plan to show justified use via growth, returning resources, or transferring unused IPv4 addresses to another org

94. Q&A

95. Today’s Agenda ARIN and Internet Governance Requesting and Managing Internet Number Resources Automating Your Interactions with ARIN IPv4 Depletion and IPv6 Adoption in the ARIN Region Number Resource Policies and Procedures Networking Lunch ARIN’s Policy Development Process Current Number Resource Policy Discussions Securing DNS and Routing: DNSSEC and RPKI IPv4 Transfer Market Why Participate in the ARIN Community? Q&A / Open Mic Session

96. Einar Bohlin Senior Policy Analyst ARIN’s Policy Development Process

97. Policy Development Process (PDP) Flowchart Proposal Template Archive Movie http://www.arin.net/policy/pdp.html

98. Policy Development Principles Open – Developed in open forum Public Policy Mailing List Public Policy Meetings – Anyone can participate Transparent – All aspects documented and available on website Policy process, meetings, and policies Bottom-up – Policies developed by the community – Staff implements, but does not make policy

99. Who Plays a Role in the Policy Process? Community – Submit proposals – Participate in discussions and petitions Advisory Council (elected volunteers) – Facilitate the policy process – Develop policy that is “clear, technically sound and useful” – Determine consensus based on community input

100. Roles… ARIN Board of Trustees (elected volunteers) – Provide corporate fiduciary oversight – Ensure the policy process has been followed – Ratify policies ARIN Staff – Provide feedback to community Staff and legal assessments for all proposals Policy experience reports – Implement ratified policies

101. Basic Steps 1.Community member submits a proposal 2.Community discusses the proposal on the “List” 3.AC creates a draft policy or abandons the proposal 4.Community discusses the draft policy on the “List” and at the meeting 5.AC conducts its consensus review 6.Community performs last call 7.Board adopts 8.Staff implements

102. Petitions Anyone dissatisfied with a decision by the AC can petition in order to keep a proposal moving forward – Occurs between proposal and draft policy stage – 5 day petition period – Needs 10 different people from 10 different organizations to publicly support the petition

103. Number Resource Policy Manual NRPM is ARIN’s policy document – Version 2012.3 (31 July 2012) – 27th version Contains Change Logs HTML/PDF/txt http://www.arin.net/policy/nrpm.html

104. Policies in the NRPM IPv4 Address Space IPv6 Address Space Autonomous System Numbers (ASNs) Directory Services (Whois) Reverse DNS (in-addr) Transfers Experimental Assignments Resource Review Policy

105. References Policy Development Process http://www.arin.net/policy/pdp.html http://www.arin.net/policy/pdp.html Draft Policies and Proposals http://www.arin.net/policy/proposals/index.html http://www.arin.net/policy/proposals/index.html Number Resource Policy Manual http://www.arin.net/policy/nrpm.html http://www.arin.net/policy/nrpm.html

106. Q&A

107. Current Number Resource Policy Discussions Einar Bohlin Senior Policy Analyst

108. Current Draft Policies and Proposals 5 Active Draft Policies – On the list for adoption discussion; to be presented at upcoming Public Policy Meeting 1 Policy Proposal – Newer items; under development

109. Draft Policies ARIN-2012-5: Removal of Renumbering Requirement for Small Multihomers IPv4: Removes a renumbering requirement that affects small, multihomed end users. ARIN-2012-7: Reassignments for Third Party Internet Access (TPIA) over Cable IPv4: Makes it easier for certain ISPs to get subsequent IPv4 allocations. ARIN-2012-6: Revising Section 4.4 C/I Reserved Pool Size IPv4: Increases the reserve for critical infrastructure from a /16 to a /15. Text available at: https://www.arin.net/policy/proposals/

110. Draft Policies… ARIN-2012-2: IPv6 Subsequent Allocations Utilization Requirement IPv6: Makes it easier for ISPs to get subsequent allocations. ARIN-2012-8: Aligning 8.2 and 8.3 Transfer Policy Transfer Policy: Adds some of the 8.3 criteria to 8.2 transfers. Text available at: https://www.arin.net/policy/proposals/

111. Proposals ARIN-prop-180 ISP Private Reassignment – Directory Services: Creates an “unlisted number” state which ISPs may apply to some of their customer IP network address records. Text available at: https://www.arin.net/policy/proposals/

112. How Can You Get Involved? There are two methods to voice your opinion: – Public Policy Mailing List – Public Policy Meeting (in person or remotely)

113. ARIN Meetings Two meetings a year Check the ARIN Public Policy Meeting site 4- 6 weeks prior to meeting – Proposals/Draft Policies on Agenda – Discussion Guide (summaries and text) – Attend in Person/ Remote Participation AC meeting last day – Watch list for AC’s decisions – Last Calls – For or against?

114. Public Policy Mailing List (PPML) Open to anyone Easy to subscribe to Contains: ideas, proposals, draft policies, last calls, announcements of adoption and implementation, and petitions Archived RSS feed https://www.arin.net/participate/mailing_lists/index.html

115. References Draft Policies & Proposals – https://www.arin.net/policy/proposals/index.html https://www.arin.net/policy/proposals/index.html ARIN Public Policy Mailing List – https://www.arin.net/participate/mailing_lists/index.html https://www.arin.net/participate/mailing_lists/index.html

116. Q&A

117. Securing DNS and Routing: DNSSEC and RPKI Tim Christensen Quality Assurance Manager

118. Agenda DNSSEC – a brief update RPKI – the major focus – What is it? – What it will look like within ARIN Online?

119. Why are DNSSEC and RPKI important? Two critical resources – DNS – Routing Hard to tell when resource is compromised Focus of ARIN-region government funding

120. What is DNSSEC? DNS responses are not secure – Easy to spoof – Notable malicious attacks DNSSEC attaches signatures – Validates responses – Can not spoof

121. Changes required to make DNSSEC work Signing in-addr.arpa., ip6.arpa., and delegations that ARIN manages Provisioning of DS Records – ARIN Online – RESTful interface (deployed July 2011)

122. Using DNSSEC in ARIN Online Available on ARIN’s website http://www.arin.net/knowledge/dnssec/

123. RPKI Pilot Available since June 2009 – ARIN-branded version of RIPE NCC software http://rpki-pilot.arin.net > 50 organizations participating Shutting down with the deployment of Productional RPKI system on 15 Sept 2012

124. What is RPKI? Attaches certificates to network resources – AS Numbers – IP Addresses Allows ISPs to associate the two – Route Origin Authorizations (ROAs) – Follow the address allocation chain to the top

125. What is RPKI? Allows routers to validate Origins Start of validated routing Need minimal bootstrap info – Trust Anchors – Lots of focus on Trust Anchors

126. What does RPKI Create? It creates a repository – RFC 3779 (RPKI) Certificates – ROAs – CRLs – Manifest records – Supports “ghostbusters” records

127. Repository View./ba/03a5be-ddf6-4340-a1f9-1ad3f2c39ee6/1: total 40 -rw-r--r-- 1 143 143 1543 Jun 26 2009 ICcaIRKhGHJ-TgUZv8GRKqkidR4.roa -rw-r--r-- 1 143 143 1403 Jun 26 2009 cKxLCU94umS-qD4DOOkAK0M2US0.cer -rw-r--r-- 1 143 143 485 Jun 26 2009 dSmerM6uJGLWMMQTl2esy4xyUAA.crl -rw-r--r-- 1 143 143 1882 Jun 26 2009 dSmerM6uJGLWMMQTl2esy4xyUAA.mnf -rw-r--r-- 1 143 143 1542 Jun 26 2009 nB0gDFtWffKk4VWgln-12pdFtE8.roa A Repository Directory containing an RFC3779 Certificate, two ROAs, a CRL, and a manifest

128. Repository Use Pull down these files using “rcynic” Validate the ROAs contained in the repository Communicate with the router marking routes “valid”, “invalid”, “unknown” Up to ISP to use local policy on how to route

129. Possible Flow RPKI Web interface -> Repository Repository aggregator -> Validator Validated entries -> Route Checking Route checking results -> local routing decisions (based on local policy)

130. AFRINICRIPE NCCAPNICARINLACNIC LIR1 ISP2 ISP ISP4ISP Issued Certificates Resource Allocation Hierarchy Route Origination Authority “ISP4 permits AS65000 to originate a route for the prefix 192.2.200.0/24” Attachment: Signed, ISP4 Route Origination Authority “ISP4 permits AS65000 to originate a route for the prefix 192.2.200.0/24” Attachment: Signed, ISP4 ICANN Resource Cert Validation

131. AFRINICRIPE NCCAPNIC ARIN LACNIC LIR1 ISP2 ISP ISP4 ISP Resource Allocation Hierarchy Route Origination Authority “ISP4 permits AS65000 to originate a route for the prefix 192.2.200.0/24” Attachment: Signed, ISP4 Route Origination Authority “ISP4 permits AS65000 to originate a route for the prefix 192.2.200.0/24” Attachment: Signed, ISP4 1. Did the matching private key sign this text? ICANN Resource Cert Validation Issued Certificates

132. AFRINICRIPE NCCAPNIC ARIN LACNIC LIR1 ISP2 ISP Route Origination Authority “ISP4 permits AS65000 to originate a route for the prefix 192.2.200.0/24” Attachment: Signed, ISP4 Route Origination Authority “ISP4 permits AS65000 to originate a route for the prefix 192.2.200.0/24” Attachment: Signed, ISP4 ISP ISP4 2. Is this certificate valid? ISP Issued Certificates Resource Allocation Hierarchy ICANN Resource Cert Validation

133. AFRINICRIPE NCCAPNIC ARIN LACNIC LIR1 ISP2 ISP Route Origination Authority “ISP4 permits AS65000 to originate a route for the prefix 192.2.200.0/24” Attachment: Signed, ISP4 Route Origination Authority “ISP4 permits AS65000 to originate a route for the prefix 192.2.200.0/24” Attachment: Signed, ISP4 ISP ISP4 ISP Issued Certificates Resource Allocation Hierarchy ICANN 3. Is there a valid certificate path from a Trust Anchor to this certificate? Resource Cert Validation

134. Why is RPKI taking awhile? Intense review of liabilities by legal team and Board of Trustees created additional requirements at ARIN XXVI Two new big requirements – Non-repudiation in ROA generation for hosted CAs – Thwart “Evil Insider” (rogue employee) from making changes

135. General Architecture of RPKI Registration Interface ARIN Online Database Persistence RPKI Engine HSM Tight coupling between resource certificate / ROA entities and registration dataset at the database layer. Once certs/ROAs are created, they must be maintained if the registered dependents are changed.

136. Development before ARIN XXVI ARIN Online Database Persistence RPKI Engine HSM With a few finishing touches, ready to go Jan 1, 2011 with Hosted Model, Delegated Model to follow end of Q1. Highly influenced by RIPE NCC entities. RIPE NCC RPKI Engine with a few tweaks. Sun SCA 6000 Everything is Java, JBoss, Hibernate.

137. Changes Underway Since ARIN XXVI ARIN Online Database Persistence RPKI Engine HSM Minor changes. Message driven engine which delegates to the HSM. Custom programming on IBM 4764’s to enable all DER encoding and crypto. In-browser ROA request signing via AJAX. HSM coding is in C as extensions to IBM CCA. Libtasn1 used for DER encoding.

138. Why did RPKI take awhile?

144. Updates within RPKI outside of ARIN The four other RIRs are in production with Hosted CA services Major routing vendor support being tested Announcement of public domain routing code support

145. ARIN Status Hosted CA deployment scheduled for 15 Sept 2012 Delegated CA work underway now and anticipated completion in 2013Q1

146. Why is this important? Provides more credibility to identify resource holders Helps in the transfer market to identify real resource holders Bootstraps routing security

147. Q&A

148. IPv4 Transfer Market Jon Worley Senior Resource Analyst

149. Transfers to Specified Recipients Org releasing resources must not have received IPv4 from ARIN in the past 12 months and may not request additional IPv4 for 12 months Recipient must qualify to receive resources under ARIN policy Recipient may receive up to a 24 month supply

150. IPv4 Specified Recipient Transfers 34 transfers completed (20,047 /24s) Transactions typically arranged through IPv4 brokers

151. Inter-RIR Transfers From ARIN RIR must have reciprocal, compatible needs-based Inter-RIR transfer policy – Currently: APNIC Org releasing resources must not have received IPv4 from ARIN within the past 12 months Recipient must meet other RIR’s Inter- RIR transfer policy requirements

152. Inter-RIR Transfers To ARIN RIR must have reciprocal, compatible needs-based Inter-RIR transfer policy – Currently: APNIC Recipient must qualify to receive resources under current policy Recipient may request up to a 24 month supply

153. Inter-RIR Transfer Notes None requested thus far ARIN & APNIC for now Expectation is primarily ARIN to APNIC given the early exhaustion of IPv4 in the APNIC region

154. STLS 3 ways to participate – Listers: have available IPv4 addresses – Needers: looking for more IPv4 addresses – Facilitators: available to help listers and needers find each other Major Uses – Matchmaking – Obtain preapproval for a transaction arranged outside STLS

155. Misconceptions IPv4 transactions will never be allowed – Transfer of unused IPv4 started June 2009 It’s a trap! – This isn’t a sting operation ARIN recognizes all IPv4 transactions – Must meet policy requirements

156. Tips and Tricks Involve ARIN as early as possible – Make sure a contemplated transfer meets ARIN requirements before finalizing Use ARIN’s STLS to pre-qualify ISPs must still show efficient use of all previous allocations and 80% of their most recent allocation

157. More Tips and Tricks 12 month waiting period – Prevents “flipping” of IPv4 – Can’t release unused addresses if you have received IPv4 from ARIN or via specified transfer in the past 12 months – Can’t get more IPv4 addresses from ARIN or via specified transfer for 12 months after releasing unused IPv4

158. Other Notes ISPs can receive 24 month supply via transfer vs 3 month supply from ARIN ARIN still has IPv4 addresses and will have a post-depletion waiting list IPv6 transition still required

159. Q&A

160. Why Participate in the ARIN Community? Einar Bohlin Senior Policy Analyst

161. Learn More and Get Involved Your participation Important, critical, needed, appreciated… Get Involved in ARIN Public Policy Mailing List ARIN Suggestion and Consultation Process Member Elections Public Policy and Members Meetings http://www.arin.net/participate/

162. ARIN Mailing Lists ARIN Consultation - arin-consult@arin.netarin-consult@arin.net Open to the general public. Used in conjunction with the ARIN Consultation and Suggestion Process (ACSP) to gather comments, this list is only open when there is a call for comments ARIN Issued - arin-issued@arin.netarin-issued@arin.net Read-only list open to the general public. Used by ARIN staff to provide a daily report of IPv4 and IPv6 addresses returned and IPv4 and IPv6 addresses issued directly by ARIN or address blocks returned to ARIN's free pool. ARIN Technical Discussions - arin-tech-discuss@arin.netarin-tech-discuss@arin.net Open to the general public. Provided for those interested in providing technical feedback to ARIN on experiences in the use or evaluation of current ARIN services and features in development. http://www.arin.net/participate/mailing_lists/index.html ARIN Announce: arin-announce@arin.net ARIN Discussion: arin-discuss@arin.net ARIN Public Policy: arin-ppml@arin.net ARIN Consultation: arin-consult@arin.net ARIN Issued: arin-issued@arin.net ARIN Technical Discussions: arin-tech-discuss@arin.net Suggestions: arin-suggestions@arin.net

163. ARIN Consultation & Suggestion Process 2012 Closed Suggestion Archive as of 29 August 2012 2012.3 Add language to STLS TOS/AUP Closed 07 May 2012 Add language to STLS TOS/AUP 2012.4 Street Addreess Requirement Closed 21 May 2012 Street Addreess Requirement 2012.6 Add Suggestion Text to ACSP Announcements Implemented 30 April 2012 2012.7 Free Pool Netblock Distribution Statistics Implemented 07 June 2012 Add Suggestion Text to ACSP AnnouncementsFree Pool Netblock Distribution Statistics 2012.8 Officer Attestation Acknowledgements Implemented 30 May 2012 Officer Attestation Acknowledgements 2012.10 Publish NRPM in plain text Implemented 01 June 2012 Publish NRPM in plain text 2012.13 Customer identity not required on /29 and smaller reassignments Closed 30 July 2012 Customer identity not required on /29 and smaller reassignments 2012.14 Website Deactivation Request Closed 06 August 2012Website Deactivation Request Prioritization at ARIN meetings. https://www.arin.net/participate/acsp/index.html

164. Get Involved in Internet Governance 164

166. Current Environment Internet Governance

167. International Telecommunication Union (ITU)

168. ITU Sectors Radiocommunication (ITU-R) – Coordinates radiocommunication services, radio-frequency spectrum, and satellite orbits Telecommunication Standardization (ITU-T) – Produces standards for operation of ICT networks *ARIN a member Telecommunication Development (ITU-D) – Focuses on capacity building to increase access to infrastructure and ICT services worldwide *ARIN a member

169. Current Environment Internet Governance

170. ITU Conducts WCIT

171. What Will Happen at WCIT? Only member states can submit proposals and make decisions on edits & additions to ITRs Result a government- negotiated global treaty

172. Treaty Expansions Overall structure & economics of Internet Number resource management process – Including IP address allocation Internet Exchange Points (IXPs) – Add terms hub, hubbing, transit center Internet networks – Modify Quality of Service (QoS) language Internet interconnectivity – Peering agreements

173. Treaty Expansions Procedural directives in a high-level treaty document New definition of telecommunications to include Internet traffic Required compliance with ITU – Mandatory Recommendations

174. Treaty Expansions Restricted community involvement Hindered Internet evolution – Definition of misuse and fraud Content Regulation – Definition of SPAM

175. How Can You Get Involved? Get informed – ITRs: http://www.itu.int/oth/T3F01000001 http://www.itu.int/oth/T3F01000001 – ARIN’s website: https://www.arin.net/participate/governance/index.html https://www.arin.net/participate/governance/index.html Contribute to ITU public consultation – http://www.itu.int/en/wcit-12/Pages/public.aspx http://www.itu.int/en/wcit-12/Pages/public.aspx Discuss with your government Advocate – Public debate, online forums, etc.

176. Current Environment Internet Governance

177. Internet Governance Forum Discussion of Internet public policy issues Many stakeholders – Equal opportunity & voice for developing and developed countries Provides info and insight for public & private sector policy makers – No negotiated outcomes 7 th Annual IGF – Baku, Azerbaijan, 6-9 Nov 2012 – Internet Governance for Sustainable Human, Economic and Social Development

178. You Can Participate in the IGF Open to all Access all IGF materials at: – http://www.intgovforum.org http://www.intgovforum.org 2012 IGF – List of current workshops: http://www.intgovforum.org/cms/w2012/proposals http://www.intgovforum.org/cms/w2012/proposals – Webcast for remote participation

179. For More Information on Joining in the Internet Governance Discussion Visit ARIN’s webpage: Ways to Participate in Internet Governance https://www.arin.net/participate/governance/participate.html

180. The Discussion Continues… Internet governance discussions won’t end in 2012! Already, the World Telecommunication/ICT Policy Forum (WTPF) is scheduled for 2013 Keeping up with the debate is important for all Internet stakeholders

182. Next ARIN Meetings Discuss policies Attend tutorials Enjoy social events Network with colleagues Participate remotely Your registration fee for ARIN XXX will be waived for attending today www.arin.net/participate/meetings Apply for the fellowship to attend an ARIN meeting for free! Spring 2013 – stay tuned

183. ARIN on Social Media www.TeamARIN.net www.facebook.com/TeamARIN www.twitter.com/TeamARIN www.gplus.to/TeamARIN www.linkedin.com/groups?gid=834217 www.youtube.com/TeamARIN

184. Q&A / Open Mic Session

185. Fill out & submit the survey for your chance to win a $200 Amazon Gift Card!

186. Ask ARIN ARIN staff available until 4:00 PM Ask us your questions one-on-one