[158774] in North American Network Operators' Group
RE: Why do some providers require IPv6 /64 PA space to have public
daemon@ATHENA.MIT.EDU (Schiller, Heather A)
Mon Dec 10 16:27:46 2012
From: "Schiller, Heather A" <heather.schiller@verizon.com>
To: "Constantine A. Murenin" <mureninc@gmail.com>, "nanog@nanog.org"
<nanog@nanog.org>
Date: Mon, 10 Dec 2012 16:27:20 -0500
In-Reply-To: <CAPKkNb7kYtxnNRescof-jiPReUi3N4X19WN1XSqBsbPZ0D0yag@mail.gmail.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Actually, requiring a public whois record is the way it always has been, th=
at's only recently changed. I think most folks would agree that, IPv4 /32=
:: IPv6 /128 as IPv4 /29 :: IPv6 /64 So, while you are right, that swip'i=
ng a v4 /32 has never been required, I think your analogy of a v6 /64 to a =
v4 /32 is off. The minimum assignment requiring a swip is also ensconced i=
n RIR policy. If you don't like it, may I suggest you propose policy to ch=
ange it?
RIPE's policy:
" When an End User has a network using public address space this must be re=
gistered separately with the contact details of the End User. Where the End=
User is an individual rather than an organisation, the contact information=
of the service provider may be substituted for the End Users."
Note the *may* -- ISP's aren't required to support it.=20
More RIPE policy..=20
"When an organisation holding an IPv6 address allocation makes IPv6 address=
assignments, it must register these assignments in the appropriate RIR dat=
abase.
These registrations can either be made as individual assignments or by inse=
rting a object with a status value of 'AGGREGATED-BY-LIR' where the assignm=
ent-size attribute contains the size of the individual assignments made to =
End Users.When more than a /48 is assigned to an organisation, it must be r=
egistered in the database as a separate object with status 'ASSIGNED'."
So they have to register it, and they get a choice about how they do it=
.. Your provider has chosen a way you don't like. Talk to them about it, r=
ather than complaining on NANOG?=20
It's pretty similar in the ARIN region. In 2004, the ARIN community passe=
d the residential customer privacy policy - specifically allowing ISP's to =
designate a record private. Again, it's optional.=20
https://www.arin.net/policy/nrpm.html
Min assignment swip
6.5.5.1. Reassignment information
Each static IPv6 assignment containing a /64 or more addresses shall be reg=
istered in the WHOIS directory via SWIP or a distributed service which meet=
s the standards set forth in section 3.2. Reassignment registrations shall =
include each client's organizational information, except where specifically=
exempted by this policy.
IPv4
4.2.3.7.3.2. Residential Customer Privacy
To maintain the privacy of their residential customers, an organization wit=
h downstream residential customers holding /29 and larger blocks may substi=
tute that organization's name for the customer's name, e.g. 'Private Custom=
er - XYZ Network', and the customer's street address may read 'Private Resi=
dence'. Each private downstream residential reassignment must have accurate=
upstream Abuse and Technical POCs visible on the WHOIS directory record fo=
r that block.=20
IPv6
6.5.5.3. Residential Subscribers
6.5.5.3.1. Residential Customer Privacy
To maintain the privacy of their residential customers, an organization wit=
h downstream residential customers holding /64 and larger blocks may substi=
tute that organization's name for the customer's name, e.g. 'Private Custom=
er - XYZ Network', and the customer's street address may read 'Private Resi=
dence'. Each private downstream residential reassignment must have accurate=
upstream Abuse and Technical POCs visible on the WHOIS record for that blo=
ck.
--Heather
-----Original Message-----
From: Constantine A. Murenin [mailto:mureninc@gmail.com]=20
Sent: Saturday, December 08, 2012 12:46 AM
To: nanog@nanog.org
Subject: Why do some providers require IPv6 /64 PA space to have public who=
is?
Hello,
I personally don't understand this policy. I've signed up with hetzner.de,=
and I'm trying to get IPv6; however, on the supplementary page where the c=
omplementary IPv6 /64 subnet can be requested (notice that it's not even a =
/48, and not even the second, routed, /64), after I change the selection fr=
om requesting one additional IPv4 address to requesting the IPv6 /64 subnet=
(they offer no other IPv6 options in that menu), they use DOM to remove th=
e IP address justification field ("Purpose of use"), and instead statically=
show my name, physical street address (including the apartment number), em=
ail address and phone number, and ask to confirm that all of this informati=
on can be submitted to RIPE.
They offer no option of modifying any of this; they also offer no option of=
hiding the street address and showing it as "Private Address" instead; the=
y also offer no option of providing contact information different from the =
contact details for the main profile or keeping a separate set of contact d=
etails in the main profile specifically for RIPE; they also offer no option=
of providing a RIPE handle instead (dunno if one can be registered with a =
"Private Address" address, showing only city/state/country and postal code;=
I do know that with ARIN and PA IPv4 subnets you can do "Private Address" =
in the Address field); they also don't let you submit the form unless you a=
gree for the information shown to be passed along to RIPE for getting IPv6 =
connectivity (again, no IPv6 is provided by default or otherwise).
Is this what we're going towards? No probable cause and no court orders fo=
r obtaining individually identifying information about internet customers w=
ith IPv6 addresses? In the future, will the copyright trolls be getting th=
is information directly from public whois, bypassing the internet provider =
abuse teams and even the most minimal court supervision? Is this really th=
e disadvantage of IPv4 that IPv6 proudly fixes? I certainly have never hea=
rd of whois entries for /32 IPv4 address allocations!
Anyhow, just one more provider where it's easier to use HE's tunnelbroker.n=
et instead of obtaining IPv6 natively; due to the data-mining and privacy c=
oncerns now. What's the point of native IPv6 connectivity again? In hetzn=
er.de terms, tunnelbroker.net even provides you with the failover IPv6 addr=
ess(es), something that they themselves only offer for IPv4!
Is it just me, or are there a lot of other folks who use tunnelbroker.net e=
ven when their ISP offers native IPv6 support?
Might be interesting for HE.net to make some kind of a study. :-)
Cheers,
Constantine.
