I have reviewed this proposal and at this time do not support this. I
am netural on the main issue of designating 1.2.3.0/24 as an 'special
purpose anycast' block.
I have issues with the RPKI portion. It creates additional burden on
APNIC to support non-member entities, which I do not support. As a fee
paying member, this whole idea of supporting the 46K ASNs currently
visible on the Internet doesn't scale and I'd find it a waste of fee
paying member resources.
support DNS Infrastructure
Proposers: Dean Pemberton, dean@internetnz.net.nz
mailto:dean@internetnz.net.nz Geoff Huston, gih@apnic.net
mailto:gih@apnic.net
- Problem statement --------------------
Network 1 (1.0.0.0/8 http://1.0.0.0/8) was allocated to APNIC by
the IANA on 19 January 2010. In line with standard practice APNIC's
Resource Quality Assurance activities determined that 95% of the
address space would be suitable for delegation as it was found to
be relatively free of unwanted traffic [1].
Testing, conducted by APNIC R&D found that certain blocks within
Network 1 attract significant amounts of unwanted traffic,
primarily due to its unauthorised use as private address space
[2].
Analysis revealed that, prior to any delegations being made from
the block, 1.0.0.0/8 http://1.0.0.0/8 attracted an average of
140Mbps - 160Mbps of unsolicited incoming traffic as a continuous
sustained traffic level, with peak bursts of over 800Mbps.
The analysis highlighted individual addresses such as 1.2.3.4 with
its covering /24 (identified as 1.2.3.0/24 http://1.2.3.0/24)
remain in APNIC quarantine and it is believed they will not be
suitable for normal address distribution.
The proposal proposes the use of 1.2.3.0/24 http://1.2.3.0/24 in
a context of locally scoped infrastructure support for DNS
resolvers.
- Objective of policy change -----------------------------
As the addresses attract extremely high levels of unsolicited
incoming traffic, the block has been withheld from allocation and
periodically checked to determine if the incoming traffic profile
has altered. None has been observed to date. After four years, it
now seems unlikely there will ever be any change in the incoming
traffic profile.
The objective of this proposal is to permit the use 1.2.3.0/24
http://1.2.3.0/24 as a anycast addresses to be used in context of
scoped routing to support the deployment of DNS resolvers. It is
noted that as long as providers who use this address use basic
route scope limitations, the side effect of large volumes of
unsolicited incoming traffic would be, to some extent mitigated
down to manageable levels.
- Situation in other regions -----------------------------
Improper use of this address space is a globally common issue.
However the block is delegated only APNIC and so therefor, no other
RIR has equivalent policy to deal with the situation.
- Proposed policy solution ---------------------------
This proposal recommends that the APNIC community agree to assign
1.2.3.0/24 http://1.2.3.0/24 to the APNIC Secretariat, to be
managed as a common anycast address to support DNS infrastructure
deployment
Any party who applies to APNIC to use this address block on a
non-exclusive basis to number their DNS resolver will receive a
Signed Letter of Authority to permit their Autonomous System to
originate a route for 1.2.3.0/24 http://1.2.3.0/24, and APNIC
will also publish a RPKI ROA designating the AS as being permitted
to originate a route. This ROA shall be valid until APNIC is
advised otherwise by the AS holder.
- Advantages / Disadvantages -----------------------------
Advantages
- It will make use of this otherwise unusable address space. - DNS
operators will have an easy-to-remember address they can use to
communicate with their users (e.g. configure "1.2.3.4" as your DNS
resolver")
Disadvantages
- The address attracts a large volume of unsolicited incoming
traffic, and leakage of an anycast advertisement outside of a
limited local scope may impact on the integrity of the DNS service
located at the point associated with the scope leakage. Some
operators with high capacity infrastructure may see this as a
negligible issue.
- Impact on APNIC ------------------
Although this space will no longer be available for use by a
single APNIC/NIR account holder, the proposal would result in
benefit for all APNIC community members, as well as the communities
in other regions.
There is the need to set up an administrative process in the
reception of applications to use the address block, and in the
maintenance of a set of ROAs associated with these applications
References ----------
[1] Resource Quality Good for Most of IPv4 Network “1”
http://www.apnic.net/publications/press/releases/2010/network-1.pdf
[2] Traffic in Network 1.0.0.0/8 http://1.0.0.0/8
http://www.potaroo.net/ispcol/2010-03/net1.html
mailing list sig-policy@lists.apnic.net
http://mailman.apnic.net/mailman/listinfo/sig-policy
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: Using GnuPG with Thunderbird -
http://www.enigmail.net/
iEYEARECAAYFAlLsPegACgkQSo7fU26F3X3smQCgqTQrl/sJwTn73azgB0qBQWWE
reAAoLX9+bcPpO/SIWWpdDM818VPeNDI
=Ziz/
-----END PGP SIGNATURE-----