Info & FAQ |  Resource services |  Training |  Meetings |  Membership |  Documents |  Whois & Search |  Internet community

You're here:  Home  Mailing Lists sig-policy 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[sig-policy] prop-110v001: Designate as Anycast to support DNS Infrastructure

Dear SIG members

The proposal "prop-110v001: Designate as Anycast to support
DNS Infrastructure" has been sent to the Policy SIG for review. It will
be presented at the Policy SIG at APNIC 37 in Petaling Jaya, Malaysia,
on Thursday, 27 February 2014.

We invite you to review and comment on the proposal on the mailing list
before the meeting.

The comment period on the mailing list before an APNIC meeting is an
important part of the policy development process. We encourage you to
express your views on the proposal:

  Â- Do you support or oppose this proposal?
  Â- Does this proposal solve a problem you are experiencing? If so,
   Âtell the community about your situation.
  Â- Do you see any disadvantages in this proposal?
  Â- Is there anything in the proposal that is not clear?
  Â- What changes could be made to this proposal to make it more

Information about this policy proposals is available from:


Andy, Masato

prop-110v001: Designate as Anycast to support DNS

Proposers: Â Â Â Dean Pemberton, dean@internetnz.net.nz
        ÂGeoff Huston, gih@apnic.net

1. Problem statement

 ÂNetwork 1 ( was allocated to APNIC by the IANA on 19
 ÂJanuary 2010. In line with standard practice APNIC's Resource Quality
 ÂAssurance activities determined that 95% of the address space would
 Âbe suitable for delegation as it was found to be relatively free of
 Âunwanted traffic [1].

 ÂTesting, conducted by APNIC R&D found that certain blocks within
 ÂNetwork 1 attract significant amounts of unwanted traffic, primarily
 Âdue to its unauthorised use as private address space [2].

 ÂAnalysis revealed that, prior to any delegations being made from the
 Âblock, attracted an average of 140Mbps - 160Mbps of
 Âunsolicited incoming traffic as a continuous sustained traffic level,
 Âwith peak bursts of over 800Mbps.

 ÂThe analysis highlighted individual addresses such as with
 Âits covering /24 (identified as remain in APNIC
 Âquarantine and it is believed they will not be suitable for normal
 Âaddress distribution.

 ÂThe proposal proposes the use of in a context of locally
 Âscoped infrastructure support for DNS resolvers.

2. Objective of policy change

 ÂAs the addresses attract extremely high levels of unsolicited
 Âincoming traffic, the block has been withheld from allocation and
 Âperiodically checked to determine if the incoming traffic profile has
 Âaltered. None has been observed to date. After four years, it now
 Âseems unlikely there will ever be any change in the incoming traffic

 ÂThe objective of this proposal is to permit the use as a
 Âanycast addresses to be used in context of scoped routing to support
 Âthe deployment of DNS resolvers. It is noted that as long as
 Âproviders who use this address use basic route scope limitations, the
 Âside effect of large volumes of unsolicited incoming traffic would
 Âbe, to some extent mitigated down to manageable levels.

3. Situation in other regions

 ÂImproper use of this address space is a globally common issue. However
 Âthe block is delegated only APNIC and so therefor, no other RIR has
 Âequivalent policy to deal with the situation.

4. Proposed policy solution

 ÂThis proposal recommends that the APNIC community agree to assign
 Â1.2.3.0/24 to the APNIC Secretariat, to be managed as a common
 Âanycast address to support DNS infrastructure deployment

 ÂAny party who applies to APNIC to use this address block on a
 Ânon-exclusive basis to number their DNS resolver will receive a
 ÂSigned Letter of Authority to permit their Autonomous System to
 Âoriginate a route for, and APNIC will also publish a RPKI
 ÂROA designating the AS as being permitted to originate a route. This
 ÂROA shall be valid until APNIC is advised otherwise by the AS holder.

5. Advantages / Disadvantages


 Â- It will make use of this otherwise unusable address space.
 Â- DNS operators will have an easy-to-remember address they can use to
  Âcommunicate with their users (e.g. configure "" as your DNS


 Â- The address attracts a large volume of unsolicited incoming
  Âtraffic, and leakage of an anycast advertisement outside of a
  Âlimited local scope may impact on the integrity of the DNS service
  Âlocated at the point associated with the scope leakage. Some
  Âoperators with high capacity infrastructure may see this as a
  Ânegligible issue.

6. Impact on APNIC

 ÂAlthough this space will no longer be available for use by a single
 ÂAPNIC/NIR account holder, the proposal would result in benefit for
 Âall APNIC community members, as well as the communities in other

 ÂThere is the need to set up an administrative process in the
 Âreception of applications to use the address block, and in the
 Âmaintenance of a set of ROAs associated with these applications


 Â[1] Resource Quality Good for Most of IPv4 Network â1â

 Â[2] Traffic in Network