On Fri, Oct 25, 2013 at 8:03 PM, Gert Doering <gert@space.net> wrote:
Dear Address Policy WG,
On Thu, Sep 26, 2013 at 04:36:24PM +0200, Marco Schmidt wrote:
A proposed change to RIPE Documents ripe-589, "IPv6 Address Allocation and Assignment Policy", ripe-451, "IPv6 Address Space Policy For Internet Exchange Points" and ripe-233, "IPv6 Addresses for Internet Root Servers In The RIPE Region" is now available for discussion. [..] We encourage you to review this proposal and send your comments to <address-policy-wg@ripe.net> before 25 October 2013.
The discussion phase for this proposal is now over, but after the feedback received at the RIPE meeting in Athens (and here on the list, even if in the wrong thread :) ) the chairs have deviced to take a step back, and re-state the fundamental "do we want to go there?" question (and extend the discussion phase by +4 weeks).
sorry for helping out with that ;) <snip>
The idea to go there came from various people in the community, mostly for one reason - having two differently "coloured" addresses that do the same thing, routingwise, but follow different policies and have different strings attached, creates quite some confusion for the folks out there that can no longer be nicely separated into "ISPs" (->become RIPE members, use PA) and "end-users" (->use PI, if BGP-based multihoming and/or upstream independence is required).
Most notably, "garage style hosting providers" seem to have issues with the requirement of the IPv6 PI policy that PI space MUST NOT be sub-assigned, which the NCC interprets most strictly (because the vast amount of "grey" between "ok" and "not ok" is hard to codify into hostmaster guidelines). OTOH, I have not heard that complaint from actual hosting providers for a while, so maybe the issue is not that big anymore.
Erik Bais's mail touch what is probably the only real difference between PI and PA, and our core problem:
From Erik Bais's post on this thread: "Having garage-style 'hosters' do assignments, just because they can while using PI IPv6 space, is against the policy, however removing that distinction between PI and PA for v6 and allowing sub-assignments from PI space will basically open the door in the near future for cheap resources, without being an LIR. That will have an impact on the number of members the NCC will have once we are beyond the v4 era ... And less members will result in a high fee per member."
Isn't this really about what is the difference between being a member and not? It would be nice to get ride of the PI and PA, and at the same time keeping the difference between member (LIR) and none member (no-LIR).
*If* we go to "there is only one type of addresses" anymore, we have two options
- abandon IPv6 PI (as in "not so expensive, but independent space") completely, problem solved -> I do not think we can reasonably do that
See above, wish we could, but it has this member/not-member side...
- find a way to solve the needs for both RIPE members and non-members, with maximum flexibility, with only one type of addresses, taking "real world" address distribution chains (LIR->network operator-> hosting provider->customer->hosted virtual machines, for example) and "real world" financial constraints into account.
This is the way I think we should pursue and see if we can figure out. It is all just bits/numbers anyhow. Right now I don't see a way to get there, we probably have some other work to get done first.
2013-06 aims to achieve the latter, while proposing / finding specific solutions for all the small details that come up if such a radical change is implemented.
2013-06 is dead in the water right now, it's too complex to get it done the way it was attempted.
I think the presentation at RIPE67 was a bit too fast for the WG - it could have spent a bit more time on the background and "do we want to go there" before overwhelming you with questions about details to be solved. For that, I apologize - I did review the presentation beforehand with the proposers, and assumed "yes, this should work out nicely"...
I think the presentation were good in the way that it showed the complexity we are trying to address. It made it very clear to me that it is not a easy thing to change. The other good thing, it trigged a discussion which is almost always a good thing. It make people think.
Anyway. I think what we need to hear now from the community (*you*) is where we want to go:
- do nothing, our policy for IPv6 PA and IPv6 PI "as of today" is fine
Not an option as I see it.
- keep the distinction, work on the IPv6 PI policy (if the pain is large enough that someone actually volunteers to come with a proposal)
- go the big step, unify IPv6 PA and IPv6 PI, and solve all the detail problems that need to be addressed if we go there.
I think we should remove the difference between PI and PA. However I don't see how to get there, but we can start with something else. What if we start with doing some housekeeping, make the different policies affecting the "PI-domain" clean and neat? Preferable in just one document. Later when that's concluded we might be able to move it one step further? Another side of this PI/PA space, should there be any way to transfer/change a PI allocation into PA? PI holders (not members) should have the options to become members and at that point they should have their addresses also made into PA... I think it's possible to have PI space while being member today? That should not exist, it should just be PA if you are a member... Then we have this concept of "independed resources"... is that PI or PI+ other things? -- Roger Jorgensen | ROJO9-RIPE rogerj@gmail.com | - IPv6 is The Key! http://www.jorgensen.no | roger@jorgensen.no