IPv6 PI justification requirements
Hello ap-wg, I am in the process of requesting 3x /48 of IPv6 PI for a customer, and what confuses me is that the NCC requires way more justification for 3x /48 of PI than for 2x /29 of PA. I do think that saying something like net1 will be used in the Netherlands, net2 in London, and net3 in New York should be enough. I mean after all, any LIR can get 512K /48s and unlike ASNs, PI space does have a small fee attached with it. I can't think of a good reason why this is the case. Once again to make it clear, if you are a member it is easier to get 1 million /48s than it is for a non member to get 3 /48s. - Cynthia
I just want to clarify, that the NCC wanted documentation in the form of an addressing plan (over time?) and why PA space would not work. Now I do also want to clarify that I have already told them that the reason for this is that they have multiple physical locations with servers and they want PI for their infrastructure so it is their resources and not the provider's. I have also been informed that this might be a rather unique case in regards to having multiple physical locations requiring PI space. - Cynthia On 2019-02-26 23:00, Cynthia Revström wrote:
Hello ap-wg,
I am in the process of requesting 3x /48 of IPv6 PI for a customer, and what confuses me is that the NCC requires way more justification for 3x /48 of PI than for 2x /29 of PA.
I do think that saying something like net1 will be used in the Netherlands, net2 in London, and net3 in New York should be enough. I mean after all, any LIR can get 512K /48s and unlike ASNs, PI space does have a small fee attached with it.
I can't think of a good reason why this is the case.
Once again to make it clear, if you are a member it is easier to get 1 million /48s than it is for a non member to get 3 /48s.
- Cynthia
Hi Cynthia,
I have also been informed that this might be a rather unique case in regards to having multiple physical locations requiring PI space.
Not unique at all. That is why the explicit "different routing requirements" rule was included in the policy :) Cheers, Sander
Am 26.02.2019 um 23:13 schrieb Cynthia Revström:
I have also been informed that this might be a rather unique case in regards to having multiple physical locations requiring PI space.
It's not — been there myself, and got really annoyed by the way the NCC entered spanish-inquisition-mode (like asking for physical location of DCs used, IMHO NOTB, and upstream mail contacts, again NOTB). That was pre-GDPR, these days I'd follow up with "provide legal statement under GDPR that allows you to ask this question, and process any answer". Hrmpft. -kai
On 27 Feb 2019, at 01:09, Kai 'wusel' Siering <wusel+ml@uu.org> wrote:
I .... got really annoyed by the way the NCC entered spanish-inquisition-mode
I would have hoped that went away along with the dregs of v4.
On Wed, 27 Feb 2019, Kai 'wusel' Siering wrote:
Am 26.02.2019 um 23:13 schrieb Cynthia Revström:
I have also been informed that this might be a rather unique case in regards to having multiple physical locations requiring PI space.
It's not ? been there myself, and got really annoyed by the way the NCC entered spanish-inquisition-mode (like asking for physical location of DCs used, IMHO NOTB, and upstream mail contacts, again NOTB). That was pre-GDPR, these days I'd follow up with "provide legal statement under GDPR that allows you to ask this question, and process any answer". Hrmpft.
Hi, I fail to understand how a DC location could in any way be related to a GDPR violation. I also don't understand how asking for upstream mail contacts (i.e. professional ones, that any ASN should in theory have published, role or individual shouldn't make a difference) can violate GDPR. I guess "purpose" for asking is quite easy to understand -- checking if an upstream really exists at that point in time, which may be part of the process. Cheers, Carlos
-kai
Dear colleagues, I also see nothing wrong with it. A /29 PA allocation is given to a registry for the purpose of re-assigning and use within the policy. End user however is expected to need a /48 PI for multihoming as that’s minimum routable. If someone requires more, I’m more than happy for RIPE to run through checks on any such request, so long as they comply with the policy. I’ve seen enough attempts to send SPAM through large quantities of V6 or to try to circumvent other limitations by attempt to use a large number of IPv6 to know that it is abused, and I appreciate every effort to weed illegitimate cases out by the NCC for the good of the Internet. With Kind Regards, Dominik Nowacki Clouvider Limited is a limited company registered in England and Wales. Registered number: 08750969<tel:08750969>. Registered office: 88 Wood Street, London, United Kingdom, EC2V 7RS. On 27 Feb 2019, at 07:30, Carlos Friaças via address-policy-wg <address-policy-wg@ripe.net<mailto:address-policy-wg@ripe.net>> wrote: On Wed, 27 Feb 2019, Kai 'wusel' Siering wrote: Am 26.02.2019 um 23:13 schrieb Cynthia Revström: I have also been informed that this might be a rather unique case in regards to having multiple physical locations requiring PI space. It's not ? been there myself, and got really annoyed by the way the NCC entered spanish-inquisition-mode (like asking for physical location of DCs used, IMHO NOTB, and upstream mail contacts, again NOTB). That was pre-GDPR, these days I'd follow up with "provide legal statement under GDPR that allows you to ask this question, and process any answer". Hrmpft. Hi, I fail to understand how a DC location could in any way be related to a GDPR violation. I also don't understand how asking for upstream mail contacts (i.e. professional ones, that any ASN should in theory have published, role or individual shouldn't make a difference) can violate GDPR. I guess "purpose" for asking is quite easy to understand -- checking if an upstream really exists at that point in time, which may be part of the process. Cheers, Carlos -kai
Hi Cynthia,
I am in the process of requesting 3x /48 of IPv6 PI for a customer, and what confuses me is that the NCC requires way more justification for 3x /48 of PI than for 2x /29 of PA.
I do think that saying something like net1 will be used in the Netherlands, net2 in London, and net3 in New York should be enough. I mean after all, any LIR can get 512K /48s and unlike ASNs, PI space does have a small fee attached with it.
I can't think of a good reason why this is the case.
The policy says: """ The minimum size of the assignment is a /48. Organisations requesting a larger assignment (shorter prefix) must provide documentation justifying the need for additional subnets. Additional assignments may also be made when the need is demonstrated and documented based on address usage, or because different routing requirements exist for additional assignments. """ Your case seems to fit the "different routing requirements" rule. I would ask the NCC why they think that rule doesn't apply. They may have a reason. Without further data I can't judge their decision.
Once again to make it clear, if you are a member it is easier to get 1 million /48s than it is for a non member to get 3 /48s.
Aggregatable addresses are indeed strongly preferred :) Cheers, Sander
Hi folks, I couldn't agree more with Cynthia, policies are too strict and require justification which doesn't allow expansion over time and is just based on immediate needs. All that especially in the era of exhausted IPv4 is practically unbelievable. No offense of course, just the reality. Best, Krasimir -----Original Message----- From: address-policy-wg [mailto:address-policy-wg-bounces@ripe.net] On Behalf Of Sander Steffann Sent: Tuesday, February 26, 2019 2:14 PM To: Cynthia Revström <me@cynthia.re> Cc: address-policy-wg@ripe.net Subject: Re: [address-policy-wg] IPv6 PI justification requirements Hi Cynthia,
I am in the process of requesting 3x /48 of IPv6 PI for a customer, and what confuses me is that the NCC requires way more justification for 3x /48 of PI than for 2x /29 of PA.
I do think that saying something like net1 will be used in the Netherlands, net2 in London, and net3 in New York should be enough. I mean after all, any LIR can get 512K /48s and unlike ASNs, PI space does have a small fee attached with it.
I can't think of a good reason why this is the case.
The policy says: """ The minimum size of the assignment is a /48. Organisations requesting a larger assignment (shorter prefix) must provide documentation justifying the need for additional subnets. Additional assignments may also be made when the need is demonstrated and documented based on address usage, or because different routing requirements exist for additional assignments. """ Your case seems to fit the "different routing requirements" rule. I would ask the NCC why they think that rule doesn't apply. They may have a reason. Without further data I can't judge their decision.
Once again to make it clear, if you are a member it is easier to get 1 million /48s than it is for a non member to get 3 /48s.
Aggregatable addresses are indeed strongly preferred :) Cheers, Sander
Hi, On Wed, Feb 27, 2019 at 08:47:04AM +0000, Krasimir Ganchev via address-policy-wg wrote:
I couldn't agree more with Cynthia, policies are too strict and require justification which doesn't allow expansion over time and is just based on immediate needs.
All that especially in the era of exhausted IPv4 is practically unbelievable.
No offense of course, just the reality.
This claim is just not true. There might be some cases where expectations and grandeur plans do not match reality, and in this cases it's reasonable that the NCC is strict and will not hand out a /19 to someone who can fulfill all their expected needs with a /32. There are other cases where the NCC is asking lots of questions, and maybe there are cases where the NCC is too strict. So we need to talk about these and see if it's "lack of reasonable documentation on the user side" or "annoying interpretation on the NCC side". OTOH, a /48 for an end-user site or a /29 for an ISP is pretty huge (we have not even extended our /32 to a /29 as we assume that we will never manage to fill the /32) - and documented reality shows that *if* you need more, you can get it today. Gert Doering -- APWG chair, and IPv6 user from day one, where the policies were *much* stricter than today -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
Hi Gert, As I attempted to explain this was 3 separate uses that required separate announcements. - Cynthia On 2019-02-27 11:05, Gert Doering wrote:
Hi,
On Wed, Feb 27, 2019 at 08:47:04AM +0000, Krasimir Ganchev via address-policy-wg wrote:
I couldn't agree more with Cynthia, policies are too strict and require justification which doesn't allow expansion over time and is just based on immediate needs.
All that especially in the era of exhausted IPv4 is practically unbelievable.
No offense of course, just the reality. This claim is just not true.
There might be some cases where expectations and grandeur plans do not match reality, and in this cases it's reasonable that the NCC is strict and will not hand out a /19 to someone who can fulfill all their expected needs with a /32.
There are other cases where the NCC is asking lots of questions, and maybe there are cases where the NCC is too strict. So we need to talk about these and see if it's "lack of reasonable documentation on the user side" or "annoying interpretation on the NCC side".
OTOH, a /48 for an end-user site or a /29 for an ISP is pretty huge (we have not even extended our /32 to a /29 as we assume that we will never manage to fill the /32) - and documented reality shows that *if* you need more, you can get it today.
Gert Doering -- APWG chair, and IPv6 user from day one, where the policies were *much* stricter than today
Hi, On Wed, Feb 27, 2019 at 11:08:11AM +0100, Cynthia Revström wrote:
As I attempted to explain this was 3 separate uses that required separate announcements.
I'm not talking your particular case - just the generic statement "the policies are too strict". This is just not true if stated that broadly. As for the particular case, I think some comments from Marco are forthcoming. Gert Doering -- APWG chair -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
Dear Cynthia, Thank you for raising this topic. We are seeing more requests from organisations that want separate /48 PI assignments for different locations. We approve these requests if the policy requirements are met - primarily that their different routing requirements are documented. One of the best ways to do this is through an addressing plan. While I can't discuss the specifics of your case on the mailing list, I can state that it wasn't the physical locations that made your request unique. Feel free to contact me offline if you would like any further clarification around the policy requirements as they apply to your situation. It's also worth noting that if an LIR wants to request a second /29, they would need to provide justification in this case as well. Of course, there's always the option to propose a policy change if the current policy appears too strict or in need of improvement, and I am always available to help people get started with this. Kind regards, Marco Schmidt Policy Officer RIPE NCC On 27/02/2019 11:08, Cynthia Revström wrote:
Hi Gert,
As I attempted to explain this was 3 separate uses that required separate announcements.
- Cynthia
On 2019-02-27 11:05, Gert Doering wrote:
Hi,
On Wed, Feb 27, 2019 at 08:47:04AM +0000, Krasimir Ganchev via address-policy-wg wrote:
I couldn't agree more with Cynthia, policies are too strict and require justification which doesn't allow expansion over time and is just based on immediate needs.
All that especially in the era of exhausted IPv4 is practically unbelievable.
No offense of course, just the reality. This claim is just not true.
There might be some cases where expectations and grandeur plans do not match reality, and in this cases it's reasonable that the NCC is strict and will not hand out a /19 to someone who can fulfill all their expected needs with a /32.
There are other cases where the NCC is asking lots of questions, and maybe there are cases where the NCC is too strict. So we need to talk about these and see if it's "lack of reasonable documentation on the user side" or "annoying interpretation on the NCC side".
OTOH, a /48 for an end-user site or a /29 for an ISP is pretty huge (we have not even extended our /32 to a /29 as we assume that we will never manage to fill the /32) - and documented reality shows that *if* you need more, you can get it today.
Gert Doering -- APWG chair, and IPv6 user from day one, where the policies were *much* stricter than today
Hi,
As I attempted to explain this was 3 separate uses that required separate announcements.
To keep things more clear, maybe it's easier to send three separate requests. Each for a /48 with the description where/how that one is going to be used. Combining things into one request might seem easier, but it tends to obfuscate things :) Cheers, Sander
Hi Gert, I understand there should be rules. And I am totally for having meaningful rules and those rules to be followed. It is just that from my own personal experience and the shared experience of people I worked with in my network there are sometimes complications with requesting meaningful space for small business with multiple sites planning for additional sites in the near year or two. On your remark about /48 being pretty huge, I do agree it is huge, but unfortunately it is still the case that a /48 is the norm and upstreams would filter smaller prefixes. As per /32 vs /19 I also agree, /32 is more than enough for almost any needs. What I am trying to say is that sometimes people struggle getting the space they need and the one they planned for in future aggregated because they have no immediate needs. You are right, if there is immediate need they will always get it. Best, Krasimir -----Original Message----- From: Gert Doering [mailto:gert@space.net] Sent: Wednesday, February 27, 2019 2:05 AM To: Krasimir Ganchev <ganchev@fixity.net> Cc: Sander Steffann <sander@steffann.nl>; Cynthia Revström <me@cynthia.re>; address-policy-wg@ripe.net Subject: Re: [address-policy-wg] IPv6 PI justification requirements Hi, On Wed, Feb 27, 2019 at 08:47:04AM +0000, Krasimir Ganchev via address-policy-wg wrote:
I couldn't agree more with Cynthia, policies are too strict and require justification which doesn't allow expansion over time and is just based on immediate needs.
All that especially in the era of exhausted IPv4 is practically unbelievable.
No offense of course, just the reality.
This claim is just not true. There might be some cases where expectations and grandeur plans do not match reality, and in this cases it's reasonable that the NCC is strict and will not hand out a /19 to someone who can fulfill all their expected needs with a /32. There are other cases where the NCC is asking lots of questions, and maybe there are cases where the NCC is too strict. So we need to talk about these and see if it's "lack of reasonable documentation on the user side" or "annoying interpretation on the NCC side". OTOH, a /48 for an end-user site or a /29 for an ISP is pretty huge (we have not even extended our /32 to a /29 as we assume that we will never manage to fill the /32) - and documented reality shows that *if* you need more, you can get it today. Gert Doering -- APWG chair, and IPv6 user from day one, where the policies were *much* stricter than today -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
participants (9)
-
Carlos Friaças
-
Cynthia Revström
-
Dominik Nowacki
-
Gert Doering
-
Jim Reid
-
Kai 'wusel' Siering
-
Krasimir Ganchev
-
Marco Schmidt
-
Sander Steffann