At the ARIN meeting

I have been attending the American Registry for Internet Numbers (ARIN) meeting in Toronto. ARIN is one of the RIRs, i.e., the Internet address registry and policy making authority for North America. Although I have observed and participated on RIR lists for some time and interacted with RIR representatives at ICANN, WSIS and IGF, this is the first time I have been able to attend a meeting. I'm glad I did.

The ARIN meeting is very well organized. It is smaller-scale and much more focused than an ICANN or IGF meeting. The staff goes out of its way to be welcoming and friendly. Attendees are mostly network technicians of various flavors. Real Internet governance is taking place here, because organizations with real control of private and shared resources and operational capabilities are involved.

Its hard not to compare-contrast ARIN with ICANN, although ICANN can only suffer by comparison. One comes away with the conviction that the so-called bottom up policymaking which ICANN constantly claims to do is actually (more or less) seriously pursued here. The key differences are the smaller scale; the homogeneity of the participants; a more well-defined process that is grounded in a membership. Activities are focused on that area where highly technical decisions (e.g. routing policies, or minimum address block size) intersect with public (Internet-wide) policy issues such as security, privacy, and efficient utilization of scarce, shared resources.

The ARIN meeting is far more focused on policy making than its European counterpart (RIPE-NCC) – which I think is good. RIPE meetings contain a lot of parallel sessions with educational/informational content, all of which are interesting. But there is less of a sense of focused, collective decision making there – it is more like a conference. I really liked the way nearly all ARIN discussions are in plenary and decisions are actually made. Participants are provided with materials which concisely and with reasonable neutrality summarize the proposals, and the issues and concerns associated with them. Even the lunches were organized around discussion topics, where tables were set aside for discussion of particular topics. I sat at a table for discussion of Governmental involvement in RIRs, and had a great exploration of that topic with a law professor from Michigan State, people from the U.S. Drug Enforcement Agency, the U.S. Department of Homeland Security, and ARIN Council members Dave Farmer and Bill Darte.

Indeed, the basic framework of the ARIN meeting was so well done that the one act of process manipulation that occurred stood out like a sore thumb. The meeting got off to a bad start on Monday, with the FBI and Royal Canadian Mounted Police making a presentation on how badly they need Whois data. This presentation came right before consideration of a proposal that attempted to increase the confidentiality of Whois information. This proposal, #2010-3 concerning “Customer Confidentiality, had been proposed by some small, independent hosting service providers. Whereas all other proposals were considered in numerical sequence, 2010-3 was taken out of sequence and considered right after the FBI/RCMP presentation, which was inserted into the program at the last minute. So instead of being given the same opportunity to speak from the floor regarding 2010-3 as the rest of us, the FBI and the RCMP got 30 minutes of proselytizing, and it was all too obvious that these police agencies had mobilised to oppose the customer confidentiality proposal. (As an aside, the proposal was supported by AT&T, while opposition was voiced by Google and Paypal.)

Although the agenda manipulation was disturbing, the results were not that bad. The proponents learned that certain aspects of the status quo Whois policy allowed them to do pretty much what they wanted to do anyway, and its main advocate withdrew his own support for the proposal. He noted that he had been lobbied heavily by the FBI contingent the night before.

The presentation of Geoff Huston on the scalability of routing was another highlight of the meeting. I don't have the space to go into the technicalities and data of the presentation, which you can download here anyway, but the upshot was this. Huston's data about growth in the number of unique routing table entries, and in the number of Autonomous Systems (networks connected to the Internet) uncovers a counter-intuitive anomaly. Despite the regular annual growth in the number of networks connected, the number of routing table updates exchanged by BGP routers is remaining more or less constant. In other words, despite massive, long-term growth in the number of networks and routes on the Internet, the number of updates is remaining almost exactly the same – about 40,000 per year. Huston interprets this to mean that the distance or diameter of the Internet as a whole is not increasing; instead, the density of connections is increasing. From there, Huston went on to to conclude that BGP is scaling because of the RIRs' “policies and practices” that encourage aggregation. The scalability of BGP is not, he claimed a “natural” phenomenon but a product of the RIR's policies. This of course was music to the ears of the ARIN community, but the claim was quickly deflated by Chris Morrow from Google. It is actually money that drives this, he claimed. Service providers don't want latency. In order to limit latency, they organize their networks to avoid too many hops and thus constrain the diameter of the internet as a whole. In other words, the result Huston found could be more a result of “natural” market incentives than a product of wise policies imposed on the Internet by wise RIRs.

The informational discussion of RPKI here was a bit disappointing – it came near the end of the day, time was short and people were getting tired. None of the governance implications were explored or discussed adequately; indeed, if you listened only to Mark Koster's presentation you would have thought that there were no policy or governance implications at all. ARIN, like other RIRs is pursuing a very aggressive implementation schedule; inital producion is planned for th end of 2010, and Koster estimated that miraculously, a single trust anchor would emerge by the end of 2011. One participant (Joe Jaegli) did raise concerns about how much this changed the openness of the system. Danny McPherson admitted that “you are trading off autonomy for security” but the nature of this trade off was not explored. Some commenters insisted that RPKI “doesn't really change anything” because ISPs can use alternative trust anchors. But if you probe this argument it is almost exactly the same as saying that we don't need to worry about ICANN because you can always form an alternate root.

To sum up, we've had pretty open, focused and (with the one exception noted) fair discussions here. For those with the technical background to understand the Internet governance implications of RIR decisions and policies, I'd encourage participation and membership in ARIN.

16 comments

  1. Anonymous

    Were Term Limits Discussed ?
    Many ARIN insiders seem to have found a very
    comfortable and well-funded lounge. (Since Day 0)
    By the way, what happened to the CEO of ARIN ?
    How did he end up on the ICANN Board ?
    Why did the new CEO of ARIN decide not to take
    the position weeks before reporting ?
    Does ARIN really think people will pay them for
    FREE Internet Address space with no Whois ?

  2. Anonymous

    WOW someone has enough clue to discover the
    concept of Internet Diameter. That IS impressive.
    At some point Geoff Huston will finally have to admit
    Australia has no BANDWIDTH to the USA. That will
    never change.
    RIPE ? Do they still need IP Address Space with
    the volcano wiping them out ? .EU is toast

  3. Anonymous

    > Huston interprets this to mean that the distance or diameter of the Internet as a whole is not increasing; instead, the density of connections is increasing.
    The observation that the average minimum path distance between Internet hosts (either by physical connection or routing advertisements) is very small compared to the total number of hosts in the network was made in a 2004 paper, Topology, Hierarchy, and Correlations in Internet Graphs. The paper examined traceroute and AS advertisements from 1999 and 2001, respectively.
    > From there, Huston went on to to conclude that BGP is scaling
    Actually, BGP continues to work because it has “scale-free” properties. Why it has these properties, we still don't really know.
    > because of the RIRs' “policies and practices” that encourage aggregation.
    Ah, seems Huston forgot a basic tenant of science – correlation does not imply causation. Would be interesting to test his and others' hypotheses.

  4. Anonymous

    Geoff Huston writes very long papers that APPEAR
    to be scientific. People do not challenge the content.
    He tells them what they want to hear.
    It is largely BS, like Twomey & Co.

  5. Anonymous

    MPLS is much more important than BGP.
    BGP is not required (or desired) for a secure core
    transport. Nefarious individuals can use BGP to
    redirect YOUR traffic to their black-holes. That is
    how the Internet Mafia does “Social Engineering”.
    They of course run ARIN.

  6. Anonymous

    nice comments, thanks. Huston was indeed making the argument that route churn has scale-free properties. As you suggest, he jumped to a conclusion about the cause of that – but the observation was quite well presented and documented.

  7. Anonymous

    GOOGLE is now the #3 CARRIER
    On November 6, 2009, Paul Watson and Peter Moody gave a presentation
    at the Usenix LISA09 conference in Baltimore, MD introducing the
    public release of the Capirca ACL generation system. A copy of this
    talk is available in both powerpoint and PDF format in the download
    section of http://code.google.com/p/capirca.
    The code has been released at http://code.google.com/p/capirca, and
    can be downloaded as either a compressed tar-ball, or through SVN.

  8. Anonymous

    > MPLS is much more important than BGP.
    Good point. Yet another factor (i.e., advent/use of MPLS) that could explain the lack of growth of BGP announcements.

  9. Anonymous

    Using a special electron micro-scope 4 more UN-USED BITS have been found after EVERY /8
    Upon closer inspection, they ALL have the value 0100 (4) in IPv4 packets

  10. Anonymous

    http://mailman.nanog.org/pipermail/nanog/2010-April/021142.html
    John,
    On Apr 12, 2010, at 5:23 AM, John Curran wrote:
    > On this matter we do agree, since allocations prior to ARIN's formation were
    > generally made pursuant to a US Government contract or cooperative agreement.
    As we're both aware, Jon was funded in part via the ISI Teranode Network Technologies project. Folks who were directly involved have told me that IANA-related activities weren't even identified in the original contracts until the mid- to late-90s (around the time when lawsuits were being thrown at Jon because of the domain name wars — odd coincidence, that) when the IANA activities were codified as “Task 4”. IANAL, but it seems a bit of a stretch to me for ARIN to assert policy control over resources allocated prior to ARIN's existence without any sort of documentation that explicitly lists that policy control in ARIN's predecessor (ever). Like I said, it'll be an interesting court case.
    Regards,
    -drc

  11. Anonymous

    I've been reading comments and need to add a few emendations. First, as a participant at the meeting noted to me, identifying a speaker by their organizational affiliation does not necessarily mean that the organization as a whole has that opinion. Second, I said I liked the plenary format because “decisions were made”; that was an inaccurate formulation. The actual policy decisions get made by the Board later – after further consultations with the email ppml list. The participant straw polls are advisory. I knew this at the time of writing, what I meant by saying “decisions are made” is that closure is brought to the discussion as the participants are polled and one can see which proposals have strong support and which don't.

  12. Anonymous

    The bottom line is ARIN is John Curran, Paul Vixie & Scott Bradner's GOLD-MINE.
    That derives from /8 allocations from Jon Postel and
    now perpetuated by David Conrad.
    Lynn St. Amour loves the structure with her
    $15,000,000 “donation” from the Eco-System
    for doing NOTHING.
    You can put the entire Eco-System on an
    Academic Spread-Sheet with less than 100
    people ALL pulling millions from Netizens.
    The rest is pure theater.

  13. Anonymous

    http://mailman.nanog.org/pipermail/nanog/2010-April/021142.html
    John,
    On Apr 12, 2010, at 5:23 AM, John Curran wrote:
    > On this matter we do agree, since allocations prior to ARIN's formation were
    > generally made pursuant to a US Government contract or cooperative agreement.
    As we're both aware, Jon was funded in part via the ISI Teranode Network Technologies project. Folks who were directly involved have told me that IANA-related activities weren't even identified in the original contracts until the mid- to late-90s (around the time when lawsuits were being thrown at Jon because of the domain name wars — odd coincidence, that) when the IANA activities were codified as “Task 4”. IANAL, but it seems a bit of a stretch to me for ARIN to assert policy control over resources allocated prior to ARIN's existence without any sort of documentation that explicitly lists that policy control in ARIN's predecessor (ever). Like I said, it'll be an interesting court case.
    Regards,
    -drc