Notes taken by Bruce Campbell.

Opening Comments - Elise Gerich

1. RIR Report - Ray Plzak, ARIN

Statistics and Activities

Internet Number Resource Status Report

RIR Activities Joint NRO individual

IPv4 /8 Address space status IANA reserve 2nd largest after 'Central Registry' (91 and 94)

Q: Clarify what the experimental (16 /8s) is?

A: The old 'class E' space

Q: Would that be allocatable space?

A: Problem with doing that is that its hardwired (into various software/hardware etc). Don't know what IANA's plans are for it or IETF's.

Q: We don't know what the experimental space is being used for.

A: Right.

IPv4 Allocations RIRs to LIRs/ISPs - Yearly comparision. People in Asia not having any trouble getting IP space

IPv4 Allocations RIRs to LIRs/ISPs - Cumulative Total

Q: How has this changed from last IEPG?

A: Its gone up, largest jump is the RIPE NCC

ASN Assignments from RIRs to LIRs/ISPs - Yearly Comparison all RIRs roughly following the same curve ARIN has the largest chunk in cumulative total

IPv6 Allocations RIRs to LIRs/ISPs - Yearly Comparision Largest is RIPE NCC, ARIN 2nd and APNIC following

Total IPv6 Allocations from RIRs to LIRs/ISPs by economy All other countries, JP/US (equal), DE, NL, UK

Number resources in Africa across RIRs Estimations: IPv4 /24 37890 IPv6 /32 4 ASNs 179

Joint Activities

ASO: currently with APNIC, moving to RIPE NCC 2004

Outreach: Participate in WSIS

Coordination: NRO MoU

Policy: IANA to RIR v4 & v6, RIR to ISP/LIR v6 200 /48s in 2 years - arbitary number

ERX Project - Early Registrations eXchange Moving at a steady pace, no real hiccups

Staff Exchange Primarily outreach/communications related


Number Resource Organisation

Formalise the RIR coop efforts Provide single interface to RIRs Protect the bottom up policy process
Protect the Unallocated Number Resource Pool Organisation:


APNIC 16 Policy Update: Technical Services Next APNIC Open Policy meeting in conjunction with APRICOT 2004 in KL



Q: Whats the timescale for the completion of ERX?

A: Cathy: class Bs in April, 2 (/8s) with class Cs. Would be 2nd/3rd quarter 2004

Policy Proposals (ARIN-X) On-demand training Next Meeting - Vancouver BC, CA, April 18-21 2004


Just completed first full year of operation. Very positive evaluation, growing at a good rate.


policy: LACNIC V



Q: discussion started because allocations were being made >/24 K anycast cluster deployment done. AMS-IX/LINX/Assessing further locations.

Documentation renewal LIR Portal RIPE NCC GM 2003 RIPE NCC Regional Meeting - middle east 2004 Activities


Call for hosting proposals in Feb 2003 - 5 received. Via consensus, AFRINIC functions will distributed across 4 locations: Kampala Jun 2003 (AFNOG IV) AfriNIC - Johannesburg Sep 17 2003 Activity reports
Questions on all RIR reports:

Q: Clarification of IPv6 policies?

A: You need to meet the qualification. Service Provider with expectation of 200 customers in 2 years, thats easy. End-user - nothing in any policy now for IPv6 directly from any RIRs. Go find an ISP that provides service; growth should mean that soon there will be coverage locally. Its just something that will take a while

Q: Working on a draft to denounce practice of embedding (magic) IP addresses in routers. Is there any listing of 'tainted' prefixes within the RIRs (when returned and re-issued)

A: RIRs do not keep track of the use that prefixes were put to. When it gets returned, it gets put in a pool and thats the last place we allocate from, so any issues with a particular prefix should have gone away after a few years.

A: The logical place to have a blacklist of used prefixes is perhaps IANA, not RIRs. On RFCs, 2101 (?) says its a really bad idea to embed IP addresses, but it hasn't really been followed.

A: Maybe a whois query should state this (previous purpose, its blacklisted, etc)

A: Perhaps a document (method) to pull the information down, informational RFCs, searchable

A: In order for the RIRs to do something, have to be told by their respective communities

2. SIARI by Pablo Allen - German Valdez - LACNIC

Sistema Interactivo de Analisis de Recursos de Internet Internet Resources Analysis Interactive System

Tool to perform analysis of information in an interactive way - based on OLAP and multi-dimensional models

Java or HTML - local or remote execution - updated daily (demonstration of entering interface)

Client server platform (diagram)

Cubes - repositories between users and db
Dimensions - variables to be analysed

Measures - quantitative criteria to measure the variables (demonstration of java interface)
(an interesting abstraction model - different levels)
questions? - [email protected]

Q: is the code available?

A: only the system is

3. Lame Delegation Control (LACNIC) - Frederico Neves

Current procedures

Lame definition

sample of whois output

Statistics of lameness

Graph of amount of lame delegations going down over last few years, taking into account overall number of delegations going up.

Q: whats the increase in the graph?

A: multizone lame tagging - one or more (large) servers went lame

Q: The multizone thing is a registry thing, not directly DNS.

A: more coordination of the measurement terms needed

Next steps

Q: Are the RIRs talking about definitions?

A: Yes, but we haven't taken it much beyond RIPE45 in May (Barcelona)

A: A lot of it is specific to the way each RIR operates its database

4. DNS Report - George Michaelson, APNIC

1 min tcpdump sample every 15 min 24/7
Map to ccTLD of registry object

Measure src,dst ccTLD, volumes, types 4 points of samples - brisbane, japan, hongkong

IPv4 and IPv6 relative volume trends
log scale:

Q: what are the interesting points in the time? (IPv6 specific)

A: some of the fuzziness is due to really low query rate Most of the peaks tend to be coincide with major conferences, or Bill Manning walking the tree.

Q: Does v6 mean queries on v6 transport?

A: Yes

Q Bruce: Do you have mapping of which tree (v4 or v6) comes in on which transport?

A: Not measuring that yet.

v6 queries has a slight upward trend, but has a long way to go.

DNS view of 'attacks in the net?'

Downshift in number of queries when shifted delegation model from step to flat. Spike up when the worms got released in July/August.

Curious peak of Mexico in June 2003 - possible an attack incident somewhere.

5. IP Address Hijacking - An ARIN perspective - Ray Plzak, ARIN

Definition of Hijacking


Current status (apr-oct 2003)

This is mostly legacy space, so this problem will occur with other RIRs as ERX continues.

Typical hijacking MO - flowchart

They don't take steps which requires (extensive) documentation; easier to deal with them legally if they do.

What is ARIN doing?

Q: Do you have a policy of handing out information (regarding investigations)? A: We have NDAs, and follow them. Must have a valid legal reason for seeing info.

What is ARIN not doing?

Possible actions:

Possible actions - legacy records


What can you do?

6. or IP to AS mapping - Henk Uijterwaal, RIPE NCC



TTM service shows (a.o) routes at the IP level
Routing change:

inside an AS usually not that interesting

except for a few very big ISPs
load balancing, backup-router, renumbering

different AS path usually very interesting

Added AS information
Used IRR to do the mapping

How accurate is the mapping?

Which IRR? About 60 of them

1 day of TTM data

3618 unique IP addresses

IRR finds an AS for 2856 IPs (79%)
Looking at Routing Table, one finds an AS for 3584 (99%)


54 (IPs) not in IRR
17 outdated IRR information (AS no longer there!)
11 in aggregates (less specific in IRR)
9 multiple objects in IRR
5 not in routing tables (IX's)

Q: Can you define 'unique IP addresses' ?

A: 50 measuring points, uniqued that way.

Solution: Build a better tool for IP2ASN mapping

Use routing tables
RIS has views from all over the world

10 collectors
325 peers

Side effect:

this tool can be useful for other tools and services
Add a public interface to tool

A new interface to RIS data

answers in RPSL
provides a quick summarised view of prefixes seen in an entire set of RIS collected RIB dumps
use existing tools
all in memory, no external queries, fast

Example-0 - see slide
Example-1 - see slide - shows less specific (aggregate) route
Example-1b - see slide - only the aggregate was registered in an IRR
Example-2 - see slide - show IPv6

What is it good for:

A quick view in the distributed route collector data

how is my address space announced worldwide?

Assigning origin AS numbers to IP addresses

traceroute with AS infor, AS level traces
up to now, tools consulted IRRs, and possibly invalid data


A (recent) snapshot of the RRC routing tables
No sense of history

Code available

Existing RIS tools invaluable for more detailed data, but they take longer to complete (exhaustive backend db searches)M/ul>

How to query:

Default output - any whois client
Pass options

RIPE whois client

Q Elise: Are any other RIRs considering adopting this type of tool?

A: I hope so, but this was released on Friday, so don't know yet

7. IPv4 Address lifetime Expectancy Revisited-Revisited Geoff Huston, Presented by George Michaelson, APNIC

Emphasis on Geoff's point of view, not an RIR point of view.

Reworking of July model (see prev IEPG)

Modelling the process step function of RIR/IANA reserves End of reserves predicted around 2025.

Its noisy data, lots of spikes applied smoothing

applied models to the data - linear and polynominal

But which model to use to get the best predictions?

Downward trend in rate of growth

Q: Is it economy or policy basis?

A: My personal (George) view is its economic, not RIR policy basis.

4-5/8 blocks in 99-00, now 2-4/8 blocks per year

Log of (smoothed) data

More recent data shows a declining rate in growth of the log of the data. (ie, the rate of growth is decreasing)

George Comment - available data is small, and all projection models (linear, poly, exponential) currently fit.

Observations see slide

Modelling the process see slide

Exponential shows next 2 decades - 2018 - 2020 Linear shows next 3 decades - 2030 - 2037 other model shows slightly longer - 2030 - 2040

Questions: Externals: what are the underlying growth drivers? What forms of disruption? effects of the disruption?

Q: Agree with Geoff in economics - some global issues missing, take china, its currently on an upward slope in history. (more about economies - not many have enough address space for 20% of population). Potential for some economies to explode in growth and change projections significantly.

A: Yup. Noise in some media about a 2year horizon for addresses. The longer time (of any model) needs to be in the public eye.

Q: That story came up through the BBC - reporter asked what would cause depletions, the 2 years is a worst worst case, eg all telephones etc.

Q: Its a 20+ year prediction based on 2-3 years of data. No-one knows whats behind NATs etc. New applications, new (exploding) countries, very difficult to model
A: Would slightly disagree with some things not being taken account of. Eg, APNIC had a /10 request for a 3g network, should be in Geoff's data.

Q: Things may change in that (and other) space. They (3g) might figure out how to get past it quickly. Could also be a driver of IPv6 (if they can't get IPv4 quickly enough). If these things start happening, the model will be skewed.

Q Kurtis: More what you are seeing is that the state of the economy is preventing growth to the extent that effects of RIR policy could be seen.

A: Yes, also reflected in change in memberships (mergers and acquisitions), so change in allocation rate.

Q Ray: Same in ARIN meeting, a lot more companies that effectively get address space by acquisitions than direct from RIR.

Q: Pricing models of ISPs affect (end-user) uptake

Q Kurtis: 3g networks might copy 2g networks and NAT everything.

A: Yes, NAT pressure isn't about addresses, its about control.

A: the whole presentation isn't good for IPv6, if the drive is economic.

Q Brian: There is a clear argument that there is a demand for IPv4 availability, suppressed by NAT. Its not about address space at the moment, its about (end-to-end) connectivity. We don't know what the demand (and growth) rate would be without NAT.

Q: ( Applications can be NAT'd, continuing the possible suppression of demand )

Q: Data is from poor economic performance globally, could change remarkably as economy improves. (Awareness of?) v4 availabilty could delay IPv6 rollout.

A: And could be a crux point in the future.

Q: Important to give clear message that IPv4 can continue until much longer under current economic conditions, but need to move to IPv6 (?)

A: Study to do potential size of the (suppressed?) demand pool. Measurements are good.

Q: No-one is criticising Geoff's projections based on data - its the reasons driving the data that are being looked at.