[LACNIC/Politicas] NP: LAC-2023-6 - global-crit-infra-exception
Carlos Martinez - Cagnazzo
carlos at cagnazzo.uy
Tue Oct 17 15:16:51 -03 2023
Hi Max,
(speaking as staff, not explicitly supporting or opposing the policy
proposal here.)
The goal of this policy proposal and the goal of +Raices may sound
similar but are fundamentally different. See below.
On 10/16/23 6:31 PM, Max Larson Henry wrote:
> One option is to associate existing organisations in our region.
>
> In this case the allocation would be made to the organisation LAC-Org which
> already has a presence in our region.
> However, the resource could be "used" by a global critical infrastructure
> provider as part of a partnership with LAC-Org.
>
> For example, LACNIC has an existing +Raices a +10 years initiative
> undertaken jointly with the ISC to deploy DNS root servers.
> Now if ISC needs additional resources, LACNIC would make them available to
> ISC in the context of this initiative
> (LACNIC staff may shime in to help clarify on how/if it has been dealt
> with).
+Raices is not comparable. An anycast deployment of F, K, L or I (the
servers +Raices has had informal agreements with for a long time) simply
reuses the original addresses assigned by other RIRs in the copies
deployed in our region.
The goal of this policy is, in a way, to provide a path in the other
direction. Allow the actual root server operators to use IP space
allocated by LACNIC.
In the years before RPKI and before other widely publicized events this
could be perceived as unnecesary. Today, I think any diligent risk
assesment would flag the current situation of having 10 (soon to be 9!)
out of 13 RS numbered under a single TA and assigned in a single
jurisdiction as a risk to be managed.
Also, +Raices has not, with the exception of ISC and F root, had any
formal association with any RSO. All deployments have been done under a
loose umbrella of mutual collaboration in a way very similar to how
settlement-free peering agreements are implemented. I believe that the
additional requirement of an association with an organization in our
region would introduce complexities into how space is managed, who can
create ROAs, etc.
Also bear in mind that *renumbering an RS* is a monumental task with
many ramifications beyond the actual new addresses to be used.
> ... snipped ..
>
> Best,
>
> -ML
I hope this clarifies how the goal of this policy and +Raices differ.
/Carlos
>
> On Mon, Oct 16, 2023 at 4:45 PM Hugo Salgado <hsalgado at vulcano.cl> wrote:
>
>> Hola Sergio.
>> Comparto un poco la inquietud de Douglas. Creo que una forma de
>> protegernos mejor, es agregar la condición que además de ser un
>> proveedor de insfraestructura crítica global, que tenga presencia
>> en la región. En el caso de los root-servers, la mayoría ya tiene
>> copias anycast dentro de LAC, por lo que cumpliría la condición.
>> Eso dejaría fuera el caso de IXPs que plantea Douglas, no?
>>
>> Mi propuesta "** Se podrán otorgar excepciones a organizaciones
>> fuera de la región que sean proveedores de infraestructura de Internet
>> crítica global, que tengan puntos de presencia en la región (por
>> ejemplo servidores raíz DNS con instancias localizadas en LAC).**"
>>
>> Saludos,
>>
>> Hugo
>>
>>
>> On 17:05 16/10, Sergio Rojas. . . wrote:
>>> Hola Douglas,
>>> Gracias por tu respuesta. Invitamos a los suscriptores de la lista a
>> enviar
>>> sus comentarios o sugerencias para esta propuesta en discusión.
>>>
>>> Les recordamos que esta propuesta modifica el punto 1.2 del Manual de
>>> Políticas, agregando una sección (entre *) al final del párrafo.
>> Copiamos a
>>> continuación:
>>> ________________________________________
>>> Modificar el segundo párrafo en el punto "1.2. Principios para una buena
>>> administración/custodia", agregando lo siguiente:
>>>
>>> 1.2. Principios para una buena administración/custodia
>>> [...]
>>> Los recursos de numeración de Internet bajo la custodia de LACNIC se
>> deben
>>> distribuir a organizaciones legalmente establecidas en su región de
>>> servicio y para atender mayoritariamente redes y servicios que operan en
>>> dicha región. Se permite que clientes externos se conecten directamente a
>>> una infraestructura principal ubicada dentro de la región. **Se podrán
>>> otorgar excepciones a organizaciones fuera de la región que sean
>>> proveedores de infraestructura de Internet crítica global (por ejemplo,
>>> servidores raíz DNS).**
>>> ________________________________________
>>>
>>> La fecha límite para la discusión de esta propuesta finaliza el 15 de
>>> noviembre de 2.023.
>>>
>>> Por más información sobre la propuesta pueden visitar el sistema de
>>> políticas:
>>> Español:
>>> https://politicas.lacnic.net/politicas/detail/id/LAC-2023-6/language/sp
>>> Ingles:
>>> https://politicas.lacnic.net/politicas/detail/id/LAC-2023-6/language/en
>>> Portugués:
>>> https://politicas.lacnic.net/politicas/detail/id/LAC-2023-6/language/pt
>>>
>>> Cordiales saludos,
>>>
>>> --
>>> Marcela Orbiscay
>>> Sergio Rojas. . .
>>> Moderadores del Proceso de Desarrollo de Políticas de LACNIC.
>>>
>>> El mar, 10 oct 2023 a la(s) 21:07, Douglas Fischer (
>> fischerdouglas at gmail.com)
>>> escribió:
>>>
>>>> Olá Sergio e demais colegas.
>>>>
>>>> Eu não sou exatamente um Shakespeare pra escrever.
>>>> Então não me sinto capaz para elaborar algo assim.
>>>> Mas se algum colega se dispuser a uma ação conjunta com isso, eu me
>>>> disponho a colaborar.
>>>>
>>>> Em ter., 10 de out. de 2023 15:15, Sergio Rojas. . . <
>>>> sergio.astigarraga at gmail.com> escreveu:
>>>>
>>>>> Hola Douglas,
>>>>>
>>>>> Gracias por compartir tu opinión sobre esta propuesta. En base a lo
>> que
>>>>> comentas, sobre delimitar el alcance del tipo de servicios que
>> abarcará
>>>>> este tipo de asignaciones ¿tienes alguna propuesta para mejorar la
>>>>> redacción que puedas sugerir al autor?
>>>>>
>>>>> Les recordamos que la participación de la comunidad es muy importante
>>>>> para la evaluación del consenso. Si algún participante de la lista
>> tiene
>>>>> otro comentario o sugerencia le solicitamos que por favor lo comparta
>>>>> respondiendo a este correo.
>>>>>
>>>>> Marcela Orbiscay
>>>>> Sergio Rojas. . .
>>>>> Moderadores del Proceso de Desarrollo de Políticas de LACNIC.
>>>>>
>>>>> El 5/10/23 a las 09:09, Douglas Fischer escribió:
>>>>>> Como comentei no microfone presencialmente ontem no FPP.
>>>>>> Estou favorável à proposta de maneira geral.
>>>>>> Entendo perfeitamente a necessidade que instituições sem
>>>>> representatividade
>>>>>> na região LAC tem de operar recursos numéricos aqui de nossa
>> região.
>>>>>> Existe sim um grande range de uso legítimo desse tipo de recurso.
>>>>>>
>>>>>> No entanto, o mundo não é feito só de pessoas boas com boas
>> intenções.
>>>>>> Temos que aceitar que há uma possibilidade de que por exemplo uma
>>>>>> organização queira criar um IXP abrangência global e com base nisso
>>>>> queira
>>>>>> requerir endereços IPs para tal.
>>>>>>
>>>>>> Como o objetivo desta proposta é ser uma exceção de algo que já é
>> uma
>>>>>> exceção, penso que é recomendável que se ajuste o texto para que
>> esta
>>>>> seja
>>>>>> mais estrita no tipo de serviço que vai cobrir.
>>>>>>
>>>>>> Penso que dessa maneira evitamos de colocar o Staff do LACNIC em
>> uma
>>>>>> situação delicada por conta de uma brecha no texto.
>>>>>>
>>>>>> Agradeço vossa atenção.
>>>>>>
>>>>>> Em qua., 20 de set. de 2023 às 17:18, Robert Story <
>> rstory at ant.isi.edu
>>>>>> escreveu:
>>>>>>
>>>>>>> Hola Edmundo,
>>>>>>>
>>>>>>> La intención no es que se asigna direcciones a todos los RSO. Es
>> por
>>>> el
>>>>>>> caso de si un RSO (o otra tipo de infraestructura critica y
>> global)
>>>>>>> quire cambiar su dirección actual por una de LACNIC (o pedir una
>>>>>>> nueva) aunque no es una organización legalmente establecida en la
>>>> región
>>>>>>> de servicio.
>>>>>>>
>>>>>>> Saludos,
>>>>>>> Robert
>>>>>>>
>>>>>>> On Wed 2023-09-20 16:59:01+0000 Edmundo wrote:
>>>>>>>> Hola a todos,
>>>>>>>>
>>>>>>>> Sobre esta propuesta, no sé si la entiendo.
>>>>>>>>
>>>>>>>> Supongo que ¿La excepción sería para asignarles direcciones a
>> los RSO
>>>>>>>> y publiquen esos prefijos globalmente como direcciones de los
>> RS? Por
>>>>>>>> que no creo que sea para instalar copias regionales de los RS.
>> ¿o sí?
>>>>>>>> Saludos.
>>>>>>>> --Edmundo.
>>>>>>> _______________________________________________
>>>>>>> Politicas mailing list
>>>>>>> Politicas at lacnic.net
>>>>>>> https://mail.lacnic.net/mailman/listinfo/politicas
>>>>>>> Desuscribirse/Descadastre-se/Unsubscribe
>>>>>>> <
>> https://mail.lacnic.net/mailman/listinfo/politicasDesuscribirse/Descadastre-se/Unsubscribe
>>>>>> :
>>>>>>> https://mail.lacnic.net/mailman/options/politicas
>>>>>>>
>>>>>>> El Codigo de Conducta de la Comunidad de LACNIC (
>>>>>>> https://rir.la/codigoconducta-SP) aplica a las listas de
>> discusion de
>>>>>>> LACNIC.
>>>>>>> O Codigo de Conduta da Comunidade do LACNIC (
>>>>>>> https://rir.la/codigoconducta-PT) se aplica as listas de
>> discussao do
>>>>>>> LACNIC.
>>>>>>> LACNIC's Community Code of Conduct (
>> https://rir.la/codigoconducta-EN)
>>>>>>> applies to LACNIC's discussion lists.
>>>>>>>
>>>>>>>
>>>>> _______________________________________________
>>>>> Politicas mailing list
>>>>> Politicas at lacnic.net
>>>>> https://mail.lacnic.net/mailman/listinfo/politicas
>>>>> Desuscribirse/Descadastre-se/Unsubscribe
>>>>> <
>> https://mail.lacnic.net/mailman/listinfo/politicasDesuscribirse/Descadastre-se/Unsubscribe
>>>>> :
>>>>> https://mail.lacnic.net/mailman/options/politicas
>>>>>
>>>>> El Codigo de Conducta de la Comunidad de LACNIC (
>>>>> https://rir.la/codigoconducta-SP) aplica a las listas de discusion
>> de
>>>>> LACNIC.
>>>>> O Codigo de Conduta da Comunidade do LACNIC (
>>>>> https://rir.la/codigoconducta-PT) se aplica as listas de discussao
>> do
>>>>> LACNIC.
>>>>> LACNIC's Community Code of Conduct (https://rir.la/codigoconducta-EN
>> )
>>>>> applies to LACNIC's discussion lists.
>>>>>
>>>>>
>>>> _______________________________________________
>>>> Politicas mailing list
>>>> Politicas at lacnic.net
>>>> https://mail.lacnic.net/mailman/listinfo/politicas
>>>> Desuscribirse/Descadastre-se/Unsubscribe
>>>> <
>> https://mail.lacnic.net/mailman/listinfo/politicasDesuscribirse/Descadastre-se/Unsubscribe
>>> :
>>>> https://mail.lacnic.net/mailman/options/politicas
>>>>
>>>> El Codigo de Conducta de la Comunidad de LACNIC (
>>>> https://rir.la/codigoconducta-SP) aplica a las listas de discusion de
>>>> LACNIC.
>>>> O Codigo de Conduta da Comunidade do LACNIC (
>>>> https://rir.la/codigoconducta-PT) se aplica as listas de discussao do
>>>> LACNIC.
>>>> LACNIC's Community Code of Conduct (https://rir.la/codigoconducta-EN)
>>>> applies to LACNIC's discussion lists.
>>>>
>>>>
>>> _______________________________________________
>>> Politicas mailing list
>>> Politicas at lacnic.net
>>> https://mail.lacnic.net/mailman/listinfo/politicas
>>> Desuscribirse/Descadastre-se/Unsubscribe:
>> https://mail.lacnic.net/mailman/options/politicas
>>> El Codigo de Conducta de la Comunidad de LACNIC (
>> https://rir.la/codigoconducta-SP) aplica a las listas de discusion de
>> LACNIC.
>>> O Codigo de Conduta da Comunidade do LACNIC (
>> https://rir.la/codigoconducta-PT) se aplica as listas de discussao do
>> LACNIC.
>>> LACNIC's Community Code of Conduct (https://rir.la/codigoconducta-EN)
>> applies to LACNIC's discussion lists.
>> _______________________________________________
>> Politicas mailing list
>> Politicas at lacnic.net
>> https://mail.lacnic.net/mailman/listinfo/politicas
>> Desuscribirse/Descadastre-se/Unsubscribe:
>> https://mail.lacnic.net/mailman/options/politicas
>>
>> El Codigo de Conducta de la Comunidad de LACNIC (
>> https://rir.la/codigoconducta-SP) aplica a las listas de discusion de
>> LACNIC.
>> O Codigo de Conduta da Comunidade do LACNIC (
>> https://rir.la/codigoconducta-PT) se aplica as listas de discussao do
>> LACNIC.
>> LACNIC's Community Code of Conduct (https://rir.la/codigoconducta-EN)
>> applies to LACNIC's discussion lists.
>>
>>
> _______________________________________________
> Politicas mailing list
> Politicas at lacnic.net
> https://mail.lacnic.net/mailman/listinfo/politicas
> Desuscribirse/Descadastre-se/Unsubscribe: https://mail.lacnic.net/mailman/options/politicas
>
> El Codigo de Conducta de la Comunidad de LACNIC (https://rir.la/codigoconducta-SP) aplica a las listas de discusion de LACNIC.
> O Codigo de Conduta da Comunidade do LACNIC (https://rir.la/codigoconducta-PT) se aplica as listas de discussao do LACNIC.
> LACNIC's Community Code of Conduct (https://rir.la/codigoconducta-EN) applies to LACNIC's discussion lists.
>
More information about the Politicas
mailing list