[sig-policy] prop-110v001: Designate as Anycast to support DN

  • To: SIG policy <sig-policy at apnic dot net>
  • Subject: [sig-policy] prop-110v001: Designate as Anycast to support DNS Infrastructure
  • From: Andy Linton <asjl at lpnz dot org>
  • Date: Sun, 26 Jan 2014 14:21:28 +1300
  • Delivered-to: sig-policy at mailman dot apnic dot net
  • Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apnic.net; s=c3po; h=received:received:dkim-signature:x-google-dkim-signature:x-gm-message-state: x-received:mime-version:received:from:date:message-id:subject:to:content-type; bh=wxNSX9L2znvNOtWP7bkxnAe/8NqGlsMuknuqwTZ9Tvo=; b=6umFIeVSbcV+4VA61hBa8mL/TL0zhe/DEHHRKkqYdR3cZa1rzPyPr4kJSw7rpHd2vC5f5lzjsa65i 2mHnWO8JEljoWczhaRwDLf2M+O6Hoii7J/LsGSsyeIdUBU1s5XT5hDAlV/ublgUXNUfLajw0GHeM2S 2wkbyBc34MIcBZ4U=
  • Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lpnz.org; s=dkim; h=mime-version:from:date:message-id:subject:to:content-type; bh=wxNSX9L2znvNOtWP7bkxnAe/8NqGlsMuknuqwTZ9Tvo=; b=Ua04zSSYZ2YgD3/Tk2t6CGjgFbaY9IqVmz8SlM+IheCCGWXm1U2sQpGGOk2ykR3UZU ewnmkzUviuo7LCsrDgD9USSk6Dios7h5PAbWYCJkkpp5T12I9Du0UqMFIUZNzkQptzgJ 81m5oIw4FtH9lN9Xq3oq1PkpaKDm2/dymjs90=
  • List-archive: <http://mailman.apnic.net/mailing-lists/sig-policy/>
  • List-help: <mailto:sig-policy-request@lists.apnic.net?subject=help>
  • List-id: APNIC SIG on resource management policy <sig-policy.lists.apnic.net>
  • List-post: <mailto:sig-policy@lists.apnic.net>
  • List-subscribe: <http://mailman.apnic.net/mailman/listinfo/sig-policy>, <mailto:sig-policy-request@lists.apnic.net?subject=subscribe>
  • List-unsubscribe: <http://mailman.apnic.net/mailman/options/sig-policy>, <mailto:sig-policy-request@lists.apnic.net?subject=unsubscribe>
    • Dear SIG members

      The proposal "prop-110v001: Designate as Anycast to support
      DNS Infrastructure" has been sent to the Policy SIG for review. It will
      be presented at the Policy SIG at APNIC 37 in Petaling Jaya, Malaysia,
      on Thursday, 27 February 2014.

      We invite you to review and comment on the proposal on the mailing list
      before the meeting.

      The comment period on the mailing list before an APNIC meeting is an
      important part of the policy development process. We encourage you to
      express your views on the proposal:

      Â Â Â- Do you support or oppose this proposal?
      Â Â Â- Does this proposal solve a problem you are experiencing? If so,
      Â Â Â Âtell the community about your situation.
      Â Â Â- Do you see any disadvantages in this proposal?
      Â Â Â- Is there anything in the proposal that is not clear?
      Â Â Â- What changes could be made to this proposal to make it more
      Â Â Â Âeffective?

      Information about this policy proposals is available from:

      Andy, Masato

      prop-110v001: Designate as Anycast to support DNS
      Â Â Â Â Â Â Â Infrastructure

      Proposers: Â Â Â Dean Pemberton, dean at internetnz dot net dot nz
      Â Â Â Â Â Â Â Â ÂGeoff Huston, gih at apnic dot net

      1. Problem statement

      Â ÂNetwork 1 ( was allocated to APNIC by the IANA on 19
      Â ÂJanuary 2010. In line with standard practice APNIC's Resource Quality
      Â ÂAssurance activities determined that 95% of the address space would
      Â Âbe suitable for delegation as it was found to be relatively free of
      Â Âunwanted traffic [1].

      Â ÂTesting, conducted by APNIC R&D found that certain blocks within
      Â ÂNetwork 1 attract significant amounts of unwanted traffic, primarily
      Â Âdue to its unauthorised use as private address space [2].

      Â ÂAnalysis revealed that, prior to any delegations being made from the
      Â Âblock, attracted an average of 140Mbps - 160Mbps of
      Â Âunsolicited incoming traffic as a continuous sustained traffic level,
      Â Âwith peak bursts of over 800Mbps.

      Â ÂThe analysis highlighted individual addresses such as with
      Â Âits covering /24 (identified as remain in APNIC
      Â Âquarantine and it is believed they will not be suitable for normal
      Â Âaddress distribution.

      Â ÂThe proposal proposes the use of in a context of locally
      Â Âscoped infrastructure support for DNS resolvers.

      2. Objective of policy change

      Â ÂAs the addresses attract extremely high levels of unsolicited
      Â Âincoming traffic, the block has been withheld from allocation and
      Â Âperiodically checked to determine if the incoming traffic profile has
      Â Âaltered. None has been observed to date. After four years, it now
      Â Âseems unlikely there will ever be any change in the incoming traffic
      Â Âprofile.

      Â ÂThe objective of this proposal is to permit the use as a
      Â Âanycast addresses to be used in context of scoped routing to support
      Â Âthe deployment of DNS resolvers. It is noted that as long as
      Â Âproviders who use this address use basic route scope limitations, the
      Â Âside effect of large volumes of unsolicited incoming traffic would
      Â Âbe, to some extent mitigated down to manageable levels.

      3. Situation in other regions

      Â ÂImproper use of this address space is a globally common issue. However
      Â Âthe block is delegated only APNIC and so therefor, no other RIR has
      Â Âequivalent policy to deal with the situation.

      4. Proposed policy solution

      Â ÂThis proposal recommends that the APNIC community agree to assign
      Â Â1.2.3.0/24 to the APNIC Secretariat, to be managed as a common
      Â Âanycast address to support DNS infrastructure deployment

      Â ÂAny party who applies to APNIC to use this address block on a
      Â Ânon-exclusive basis to number their DNS resolver will receive a
      Â ÂSigned Letter of Authority to permit their Autonomous System to
      Â Âoriginate a route for, and APNIC will also publish a RPKI
      Â ÂROA designating the AS as being permitted to originate a route. This
      Â ÂROA shall be valid until APNIC is advised otherwise by the AS holder.

      5. Advantages / Disadvantages


      Â Â- It will make use of this otherwise unusable address space.
      Â Â- DNS operators will have an easy-to-remember address they can use to
      Â Â Âcommunicate with their users (e.g. configure "" as your DNS
      Â Â Âresolver")


      Â Â- The address attracts a large volume of unsolicited incoming
      Â Â Âtraffic, and leakage of an anycast advertisement outside of a
      Â Â Âlimited local scope may impact on the integrity of the DNS service
      Â Â Âlocated at the point associated with the scope leakage. Some
      Â Â Âoperators with high capacity infrastructure may see this as a
      Â Â Ânegligible issue.

      6. Impact on APNIC

      Â ÂAlthough this space will no longer be available for use by a single
      Â ÂAPNIC/NIR account holder, the proposal would result in benefit for
      Â Âall APNIC community members, as well as the communities in other
      Â Âregions.

      Â ÂThere is the need to set up an administrative process in the
      Â Âreception of applications to use the address block, and in the
      Â Âmaintenance of a set of ROAs associated with these applications


      Â Â[1] Resource Quality Good for Most of IPv4 Network â1â

      Â Â[2] Traffic in Network