ARIN IP6 policy for those with legacy IP4 Space

> From: Joe Greco [mailto:jgreco@ns.sol.net]
> It seems like you could run an RIR more cheaply by simply handing out
> the space fairly liberally, which would have the added benefit of
> encouraging v6 adoption. The lack of a need for onerous contractual
> clauses as suggested above, combined with less overhead costs, ought
> to make v6 really cheap.

For "fairly liberally" see:
For ISPs: https://www.arin.net/participate/policy/nrpm/
  You have to be an ISP with a plan to have 200 assignment in 5 years
Non-ISP: https://www.arin.net/participate/policy/nrpm/
  Be not-an-ISP and have a need for addresses (per other policies,
  you get to choose which one).

In another post you asked essentially "why does ARIN charge so much?"
ARIN doesn't just maintain a notebook of address assignments. There are
HA servers for Whois,

Yeah, real expensive...

IN-ADDR. and IP6.ARPA,

Ditto...

research in things like
SIDR, DNSsec, other tools-services, and educational outreach on IPv6.

None of which a RIR really /needs/ to do, of course.

You suggest that there's much less to argue about in IPv6 policy,

No, I argue there *could* be much less to argue about in IPv6 policy.

but if
you look at current proposals (https://www.arin.net/policy/proposals/)
you'll see three that are IPv6-specific, and most of the others cover
both IPv4 and IPv6. So ARIN will continue to maintain the mailing
lists, and hold public policy meetings (with remote participation, so
anyone can participate), and facilitate elections so you can throw the
bums out if you don't like how we do things.

None of which really addresses the point I made; that's the sound of a
bureaucracy perpetuating itself.

We don't really know how much IPv6 will cost ARIN. If there were
no more debate about allocation policies, and nobody else had any interest
in us (politically or litigiously), and technology were fairly static, then
we
might just do periodic tech refreshes and be fine. I imagine all of those
things will continue for a while, though, and ARIN will need to be
financially solvent through the transition.

The point I was making is that after the "transition", the justification
for ARIN is one of maintaining the status quo and perpetuating itself.
My question was, what purpose is served by that? With IPv6 designed the
way it is, is there a realistic chance of running out of IPv6 even if
some questionable delegations are made? What's the purpose of having the
complex legal agreements? Handing out numbers without much fuss worked
okay in the early days of IPv4, before it became clear that there would
be eventual depletion. IPv6 was designed to avoid the depletion scenario,
and with that in mind, is there a good reason that a much smaller RIRv6
model wouldn't work?

... JG

Joe,

You're aware that RIPE has already made some /19 and /20 IPv6 allocations?

Yes, with suitably questionable delegations, it is possible to run out
of IPv6 quickly.

Regards,
Bill Herrin

[changing topics, so that it actually reflects the content]

With IPv6 designed the
way it is, is there a realistic chance of running out of IPv6 even if
some questionable delegations are made?

Joe,

You're aware that RIPE has already made some /19 and /20 IPv6 allocations?

Yes, with suitably questionable delegations, it is possible to run out
of IPv6 quickly.

Ever noticed that fat /13 for a certain military network in the ARIN
region!?

At least those /19 are justifyiable under the HD rules (XX million
customers times a /48 and voila). A /13 though, very hard to justify...

Also, please note that the current policies and "waste" (ahem) is only
for 2000::/3, if that runs out we can take another 7 looks at how we
should distribute address space without "waste".
Indeed the folks now getting IPv6 will have an IPv4 A-class advantage,
but heck, if 2000::/3 is full, we finally can say we properly deployed
IPv6 straight all around to the rest of the universe...

Greets,
Jeroen

[changing topics, so that it actually reflects the content]

Yes, with suitably questionable delegations, it is possible to run out
of IPv6 quickly.

The bottom line (IMHO) is that IPv6 is NOT infinite and propagating
that myth will lead to waste. That being said, the IPv6 space is MUCH
larger than IPv4. Somewhere between 16 million and 17 billion times
larger based on current standards by my math[1].

Ever noticed that fat /13 for a certain military network in the ARIN
region!?

At least those /19 are justifyiable under the HD rules (XX million
customers times a /48 and voila). A /13 though, very hard to justify...

Not every customer needs a /48. In fact most probably don't.

Also, please note that the current policies and "waste" (ahem) is only
for 2000::/3, if that runs out we can take another 7 looks at how we
should distribute address space without "waste".
Indeed the folks now getting IPv6 will have an IPv4 A-class advantage,
but heck, if 2000::/3 is full, we finally can say we properly deployed
IPv6 straight all around to the rest of the universe...

Very good point and likely our saving grace in v6. The space is big
enough that we will get a sanity check after (possibly) burning
through the first /3 much faster than expected.

~Chris

[1] - "How much IPv6 is there?"

[changing topics, so that it actually reflects the content]

You're aware that RIPE has already made some /19 and /20 IPv6 allocations?

Yes, with suitably questionable delegations, it is possible to run out
of IPv6 quickly.

Ever noticed that fat /13 for a certain military network in the ARIN region!?

I think that was William's point.

At least those /19 are justifyiable under the HD rules (XX million customers times a /48 and voila). A /13 though, very hard to justify...

Both are questionable, it's just a matter of degree.

Also, please note that the current policies and "waste" (ahem) is only
for 2000::/3, if that runs out we can take another 7 looks at how we
should distribute address space without "waste".

Unfortunately, since address allocation policy is subject to the whims of the public policy definition process there is a risk (e.g., the proposal to allocate /24s of IPv6 if you knew the magic word or the proposals out of the ITU to allocate country blocks (/8s have been mentioned)). There is no finite resource that people can't waste.

Regards,
-drc

[changing topics, so that it actually reflects the content]

Yes, with suitably questionable delegations, it is possible to run out
of IPv6 quickly.

The bottom line (IMHO) is that IPv6 is NOT infinite and propagating
that myth will lead to waste. That being said, the IPv6 space is MUCH
larger than IPv4. Somewhere between 16 million and 17 billion times
larger based on current standards by my math[1].

Agreed

Ever noticed that fat /13 for a certain military network in the ARIN
region!?

At least those /19 are justifyiable under the HD rules (XX million
customers times a /48 and voila). A /13 though, very hard to justify...

Not every customer needs a /48. In fact most probably don't.

Whether they need it or not, it is common allocation/assignment
practice. I agree that smaller (SOHO, for example) customers should
get a /56 by default and a /48 on request, but, this is by no means
a universal truth of current practice.

Owen

You're aware that RIPE has already made some /19 and /20 IPv6 allocations?

10 years ago ARIN rarely allocated less than a /19 or a /20 in IPv4. And we
are still breathing today.

Yes, with suitably questionable delegations, it is possible to run out
of IPv6 quickly.

Fortunately, there haven't been any questionable IPv6 delegations
noticed anywhere yet.

--Michael Dillon

P.S. A block of /19 in IPv4 is the same percentage of the total IPV4
address space as a block of /19 in IPv6 is of the total IPv6 address space.

What I would need if I were to go with IP6 would be to have a parallel address for every one of
my current addresses. Right now we have 2 - legacy /24's and one legacy /23 - thats it.

I'd just need the "equivalent" IP6 space.

We could just get that from our current provider (Steadfast in this case), but it would not
be portable and with our root servers, (INS - please, not interested in discussing the merits of ICANN vs Inclusive Namespace), we would need portable IPs that wouldn't change.

ARIN does provide microallocations, but ICANN forced them to put "for ICANN approved
root service only" into their policy for microallocations, so that leaves us out.

John

What I would need if I were to go with IP6 would be to have a parallel address for every one of
my current addresses. Right now we have 2 - legacy /24's and one legacy /23 - thats it.

I'd just need the "equivalent" IP6 space.
We could just get that from our current provider (Steadfast in this case), but it would not
be portable and with our root servers, (INS - please, not interested in discussing the merits of ICANN vs Inclusive Namespace), we would need portable IPs that wouldn't change.

The problem is that equivalent for IPv6 is not calculated on the host boundary.

N = the number of subnets you have in IPv4.
N * /64 = the bare minimum amount of IPv6 space you need.

If you are an ISP, then, it becomes a bit more complicated.

N = the number of customers you have that have a single subnet
O = the number of customers you have that are SO/HO or small business
  and can get by with a /56 and do not request more.
P = the rest of your IP transit customers.

(N+256(O)+65536(P)) * /64 = the bare minimum amount of IPv6 space you need
  for customers. You must, then, add a /64 for each of your own infrastructure
  networks as well.

ARIN does provide microallocations, but ICANN forced them to put "for ICANN approved
root service only" into their policy for microallocations, so that leaves us out.

ICANN can't force anything into ARIN policy. If you want that wording changed in
ARIN policy, you can submit a policy proposal. If it gains community consensus,
the wording will change and ICANN/IANA will have to live with that.

IANA policies are set through a bottom up process that comes from the RIRs,
not the other way around.

Owen

What I would need if I were to go with IP6 would be to have a parallel
address for every one of
my current addresses. Right now we have 2 - legacy /24's and one legacy /23
- thats it.

I'd just need the "equivalent" IP6 space.

The key question is "are you an ISP?". If the answer is yes, then the
IPv6 equivalent
is a /32 block. If no, then it depends on whether more than one site
is involved, since
the allocation size would be a /48 per site.

IPv6 is a combination of classful and classless addressing. The result
of that is
that all allocations are sized to be more addresses than you could possibly ever
need in the majority of cases.

ARIN does provide microallocations, but ICANN forced them to put "for ICANN
approved
root service only" into their policy for microallocations, so that leaves us
out.

You fit under "Direct assignments from ARIN to end-user organizations" and
should have no problem getting a /48. If you need multiple sites then
"IPv6 Multiple Discrete Networks" would apply.

--Michael Dillon

John,

IPv6 assignment is LAN-centric rather than address centric, so think
about how many LANs you have.

LANs are rigged to always be /64. Stateless autoconfiguration doesn't
work right if they're bigger or smaller. You need a /64 for each LAN
including the ones now served with RFC 1918 addresses.

You'll want to set aside one /64 from which you'll assign /126's to
your point to points and /128's to your router loopbacks.

If you have downstream customers, even if they're just dialups, expect
to assign at least a /60 to each one. Many folks recommend /56 or /48.
Delegation on 4-bit boundaries is convenient in IPv6 the same way
delegation on 8-bit boundaries is convenient in IPv4. Since your
downstream customers may have an internal LAN and a DMZ, you'll want
to provide at least two LANs by stepping up to the next 4-bit boundary
above /64.

ARIN details vary depending on whether or not your an ISP and whether
you're connecting a single network or multiple sites independently
connected to the Internet. I recommend you hire or befriend someone
with experience interacting with ARIN who can go over your network's
details with you. ARIN staff are friendly and helpful but there are
some magic words and phrases that will get you the result you want and
it can be hard to un-say the wrong thing.

If you want to look before you leap, do a google search for "6to4" or
get a free IPv6 tunnel via tunnelbroker.net.

Regards,
Bill Herrin

If you have downstream customers, even if they're just dialups, expect
to assign at least a /60 to each one. Many folks recommend /56 or /48.

ARIN counts a /56 or a /48 per customer, your choice. There is no
point in allocating less.

More to the point, soon the IPv4 address shortage and the transition to IPv6
will hit the mainstream press, and hundred of writers will be writing advice
columns about it. From their point of view, more for the customer at the
same price is better, and I fully expect that they will be advising folks to
make their ISP choice based on how much address space is allocated.
If you allocate less than a /56 per customer, then you won't be able to
sell to new customers or hang on to old ones.

Just don't do it, because you are only damaging your own business.
ARIN will not give you a discount or give you better terms just because
you allocate a /60 to dialup customers. There is simply no benefit
to you or to the networking community in allocating a prefix longer
than /56.

--Michael Dillon