IPv6 blocks for micro-allocation

Steve Bertrand iaccounts at ibctech.ca
Wed Jun 4 02:16:30 CEST 2008 

Nick Hilliard wrote:
>> Yes, and to the unwashed little operator like me, it is completely
>> beyond me, why there isn't a hierarchic authentication and authorization
>> scheme, with IANA holding the toplevel "maintainer" objects for
>> inet(6)nums and route(6) objects (and others).
>>
>> Almost all RIRs have adopted the RIPE DB software, only(?) ARIN still
>> using some vintage system, not tying IRR data to IP space registration
>> data.
>>
>> Must be some kind of Not Invented Here syndrome...
>>
>> Or I must be overlooking something...
> 
> it's a bit more involved than that.  ARIN inherited some revision of the 
> InterNIC database, poked it to the point of complete incompatibility 
> with anything whatever, and currently serve data in a format which is 
> rather less than compatible with anything at all.  It was a great pity 
> that they didn't take the chance to migrate to either the Merit or the 
> RIPE whois database daemon at the InterNIC->ARIN split.  APNIC and 
> Afrinic use fairly recent RIPE daemons, and LACNIC front-ended 
> everything with Joint Whois, which means that you could get anything at 
> all from them.
> 
> There are lots of other routing registries out there.  Jos Boumans gave 
> an interesting talk at RIPE-56 about the difficulties faced in mirroring 
> the systems, but the main problem appears to be that there are too many 
> of them around, supporting different features, and often with 
> conflicting data for the same lookup keys.  He mentioned a figure of 40+.
> 
> Also, while lots of these IRRs use the RIPE code, lots more use the IRRd 
> code.  And many use slightly older code versions which don't support 
> later features.  For example, the Level 3 IRR (rr.level3.net) uses 
> RIPEdb 3.0.0a13, which dates from the pre-RPSL days.  It's pretty 
> ancient code at this stage.
> 
> IRRd and RIPE support different syntax too, and it's annoying.  RADB 
> natively supports server-side as-set expansion, but RIPE doesn't. RIPE 
> supports a well structured mnt-routes and mnt-lower hierarchy, but RADB 
> doesn't.  And so forth.  The list of grievances and incompatibilities is 
> long.
> 
> Anyway, to deal with your question, IANA has no relationship with most 
> of these routing registries.  RIPE happens to be particularly well 
> organised, because it manages address ownership with the IRRDB in the 
> same database, and has a relationship with IANA, so it can do funky 
> stuff like allowing its users to have some level of security when 
> dealing with routing info. But this can't really happen with any of the 
> other non-RIR IRRDBs because they are just organisations on the net who 
> happen to run IRRDBs; they have no particular relationship with IANA or 
> ARIN in this respect.  It might be nice if ARIN were to dump their 
> fossilized format and go down the route of all the other RIRs, but that 
> doesn't appear likely to happen any time soon.  Mean-time, you can 
> expect the current situation to stay much them same.
> 
> In fact the only thing you can say for sure about all these whois 
> servers is that they listen on port 43/tcp and may provide useful 
> information if given some arguments.  Beyond that, you're on your own.  
> Of course, getting people to change requires dealing with politics:  
> "why are you changing this?  it works fine".  Just like the imperial 
> measurement system*.  It works fine.
> 
> Summary: it's a mess.

So, given that this is a mess (as I see it, as a small operator with 
working-'at' knowledge), is there at least some form of consensus on a 
path forward? Are the IRRs going to be ignored completely, or segmentally?

It sounds like there is a massive prefix-filter list issue even before 
IPv6 really is anything more than something that is glued between 
different areas of IPv4 access.

I concur with Daniel's curiosity as to why there is no auth/auth scheme 
(however, I have an understanding that it may be out of IANA's 
jurisdiction), so is this something that the IETF can fix with 
consideration of a new standard, or am I way off base?

Is there at least tentative consensus that most follow the list Jeroen 
mentioned?:

http://www.space.net/~gert/RIPE/ipv6-filters.html

Steve

More information about the ipv6-ops mailing list