IP Addresses delegated from "NZGATE" in use within New Zealand

  A description of an addressing issue in New Zealand, and a suggestion of
  one possible policy to manage it in the future. Fresh copies of this
  document are available at http://www.patho.gen.nz/~jabley/nznumber.txt


  The problem at hand ..................................................... 1
    Overview ............................................................ 1.1
    Issues .............................................................. 1.2
      Stability and RFC2050 ........................................... 1.2.1
      Impact on end-users ............................................. 1.2.2
      Impact on national providers .................................... 1.2.3
      Competitive advantage ........................................... 1.2.4
    Unified approach .................................................... 1.3
  One possible solution ................................................... 2
    Overview ............................................................ 2.1
    Rationalisation of historical NZGATE delegations .................... 2.2
    Classification of actual, existing NZGATE delegations ............... 2.3
    Administrative control of NZGATE blocks returned to APNIC ........... 2.4
    IN-ADDR.ARPA DNS delegations for NZGATE blocks ...................... 2.5
    Forced renumbering .................................................. 2.6
    Process for extending address space delegations ..................... 2.7
    Process for managing ISP-hopping by operators with "small blocks" ... 2.8
  References .............................................................. 3
    Netblocks delegated historically to NZGATE-NZ ....................... 3.1
    Transition of NZGATE services to other providers .................... 3.2
    Various RIPE and APNIC documents .................................... 3.3
  Contributors ............................................................ 4
  Document History ........................................................ 5


1. The problem at hand

1.1. Overview

RFC2050 documents the best current practice for address delegation for
the global Internet. It imposes a framework of restrictions driven by a
growing scarcity of globally-unique IP addresses and a need to summarise
or aggregate routing advertisements globally to keep the Internet running
reliably.

The history of the Internet in New Zealand includes, at an early stage,
a single domestic provider known as "NZGATE". This provider was facilitated
by the University of Waikato, with international connectivity to NASA.
Initially, NZGATE provided the sum total of international Internet
connectivity for New Zealand.

The regional authority for IP address allocation, APNIC, delegated a number
of address ranges to NZGATE [3.1]. Early entrants to the Internet community
in New Zealand, obtaining transit through NZGATE, were delegated address
space out of these blocks according to the guidelines set down by APNIC and,
indirectly, IANA.

NZGATE faded out of existance in 1996 [3.2]. Since that time additional
providers have added global internet transit using dedicated international
circuits to their portfolio of products, including (in no particular order)
Netway, IBM, CLEAR, IHUG, Telstra NZ and Voyager. Most of these participants
have obtained address delegations directly from an appropriate regional
registry, as they are diversely connected and don't favour a single provider
for "default routing".

Newly-connected customers of these transit providers (be they end users
or resellers, i.e. ISPs) have been delegated provider-aggregatable address
space by their providers, from the blocks delegated to those providers from
APNIC, according to RFC2050. If these customers change providers, they are
obliged to return the address delegations to their old provider, and obtain
corresponding new ranges from their new provider.


1.2. Issues

1.2.1. Stability and RFC2050

It is important from a technical standpoint that provider-based aggregation
delegation are adhered to for all customers who do not meet the criteria for
operating under addresses delegated directly from APNIC.

Although there is debatable urgency in how soon a transition is required
towards exclusively provider-aggregatable addresses, any solution that
involves the number space becoming more fragmented will not scale as
the Internet continues to grow.

There are reports of longer-prefix advertisements being more enthusiastically
damped by core backbone routers in the US, and rumours about possible
filtering to refuse transit based on prefix length, within the address
ranges under discussion. Although neither of these have been reliably
substantiated, there is recognition that these kinds of penalties may well
be required in the future to protect global routing stability.


1.2.2. Impact on end-users

Renumbering can be an expensive exercise for some end users, especially
those whose networks have evolved for some years.

In the early days of the Internet in New Zealand, provider-based addressing
was not part of the network design. Provider-based addressing first came
under discussion as a solution to problems of scale, and only gradually
moved from being a radical departure from good practice to an accepted
reality. The evolutionary nature of this change was good in the sense that
the impact could be somewhat tuned to the timeline of the allocations and
expectations, but was bad in the sense that the moving situation added
to the complexity and uncertainty.

Many established end-user networks were built without the expectation
that the IP addresses delegated to them were tied to a particular provider.
Now that provider-based addressing is widely recognised as best current
practice and is required by the regional registries, the requirement to
renumber upon changing provider is still widely misunderstood.

It is worth noting that there was no way that NZGATE (or any other ISP
at the time) could solve all the issues of address portability raised by
the addressing policy changes sweeping across the internet.

Many NZGATE-numbered end-users may already have changed providers without
renumbering, reinforcing the unfortunate myth that the NZGATE addresses they
are using are still inherently portable, and "owned" by them.

Although some providers now include clauses in their customer contracts
underlining the point that addresses delegated as part of service delivery
must be returned at the end of the contract, this is by no means universal,
and the myth of "customer-owned IP addresses" lives on.

It is imperative going forward that the concept of provider-based addressing
and the non-portability of most network numbers is widely publicised
amongst end-users.


1.2.3. Impact on national providers

For ISPs that obtain global transit through other providers, and who have
not arranged address delegations directly from APNIC, renumbering may be
just as onerous as for end-users.

Additionally national providers may supply end-users for whom renumbering
is expensive, and the associated inconvenience mentioned in [1.2.2] is
cumulative.

ISPs that operate under blocks originally delegated from NZGATE are not
as prone to future penalties against long-prefix advertisements as end users,
so long as the addresses they used can be aggregated under shorter-prefix
supernets.


1.2.4. Competitive advantage

There has been a misconception within the NZ Internet community that Netway
communications (and, latterly, NetGate/Telecom NZ) assumed the NZGATE role
by providing connectivity to the Waikato network in early 1996, and by
virtue of this fact the addresses delegated by APNIC to NZGATE are now,
by proxy, effectively delegated to Telecom NZ.

This does not appear to be a view held by others involved in the
"transition" [3.2]. More accurately, for a time Netway was the sole
provider to NZGATE, and hence also to all downstream networks of NZGATE.
This situation soon changed, with other providers bringing international
transit to NZGATE subscribers, and NZGATE slowly faded out of existance
leaving end-user networks direct customers of the new international
providers.

It is not at all obvious that any single provider can lay legitimate
claim to operational responsibility of the NZGATE blocks.

The effective use of these addresses as "portable" between providers over
the past few years is not compatible with a delegation model whereby it is
acceptable for NetGate customer networks to use them, but not acceptable for
a customer of another provider.

In effect, an expectation has been raised by Telecom NZ that customers
who have been happily numbered under NZGATE addresses (and have used a
variety of ISPs for some time) are now faced with a choice of (a) renumber,
or (b) change providers to NetGate/Xtra. Due to the operational cost
of renumbering, this gives Telecom NZ competitive advantages over other
ISPs based on the contentious belief that Telecom has assumed operational
responsibility for the NZGATE address blocks.

Many address ranges delegated from the NZGATE blocks, although well
documented at the time, have since been unofficially "transferred" to other
operators, or are not currently in use. Hence documentation of the current
state of NZGATE delegations is out of date.


1.3. Unified approach

It is in the interests of all providers within NZ that a solution to the
problems outlined in this document be found. It is also important that no
single provider is seen to be responsible for what may be seen by end-users
as restrictions, or inconvenient changes of policy.

By taking a unified approach to the problem with a policy document agreed
by the majority of New Zealand providers, the risk of confusion is minimised
and the chances of productive user education are increased.

It is proposed that the unified policy be agreed as an operational exercise
within the provider community, by the usual open discussion within the NZNOG
forum.


2. One possible solution

2.1. Overview

The proposed solution attempts to minimise the risks discussed in [1.2],
whilst providing a clear migration path towards full provider-based
addressing within New Zealand.


2.2. Rationalisation of historical NZGATE delegations

A list should be generated (and published) documenting subnets of the
NZGATE blocks [3.1] which are in use at some agreed time. All blocks
being so-used should be documented.


2.3. Classification of actual, existing NZGATE delegations

Documented delegations [2.2] should be classified as:

 + large blocks (aggregatable under 19-bit prefix routes, or shorter), or
 + small blocks (blocks with route prefixes longer than 19 bits, but shorter
     than 25 bits)
 + tiny blocks (blocks with route prefixes longer than 24 bits)

Tiny blocks (i.e. networks routed with >24 bit prefixes) are never provider
independent, and should always be considered provider aggregatable.

A large block may have sub-delegations to other, independently-operated
networks, but only as long as there is clear consensus amongst those
downstream networks that the numbers they have been delegated are
provider-aggregatable, and not provider-independent.

Large blocks which are operated by single operators (or which are able to
be aggregated under one supernet route in the global network) should be
re-documented at APNIC as entirely portable, provider-independent blocks.

The choice of 19 bits as a boundary size is compatable with APNIC's policy
on PI address block delegation.

It is considered that the NZGATE-derived addresses of many ISPs in New
Zealand will be classifiable as "large blocks", although this has not
been confirmed in the field.


2.4. Administrative control of NZGATE blocks returned to APNIC

All NZGATE-derived subnets not in use at the agreed time should be returned
to APNIC for administration or re-delegation. No further delegations from
these blocks is then advisable by any NZ provider; after the addresses
are returned to the free pool they may be redelegated by APNIC elsewhere.
Hence any NZ provider who makes delegations from returned blocks risks those
addresses being made non-unique.


2.5. IN-ADDR.ARPA DNS delegations for NZGATE blocks

Delegations for in-addr.arpa zones should be passed to a third party
facilitator for management. It is not appropriate for these delegations
to be handled by any single network provider.


2.6. Forced renumbering

No end-user network using NZGATE subnets should be obliged to renumber as
part of the normal course of their operation (but see [2.7] and [2.8]).


2.7. Process for extending address space delegations

Any end-user network which requires additional addresses due to growth
should be encouraged to renumber entirely using provider-aggregatable
addresses.

If the end-user does not wish to renumber, then additional delegations
should be made from their providers' address space, according to APNIC's
requirements for documentation and utilisation of existing addresses -- i.e.
the customer must show good utilisation of the existing (NZGATE) addresses
before additional delegations can be made.

This is standard current operating procedure for provider-aggregatable
delegations.


2.8. Process for managing ISP-hopping by users using "small blocks"

Users of networks that are "small blocks" may change ISPs and take their
numbers with them. They should be well aware of the possible jeopardy
moving forward with small-prefix routes, and should be encouraged to
renumber using provider-aggregatable addresses from their new provider.

Any small blocks which are surrendered during a transition between providers
should be returned to APNIC and not re-allocated.


3. References

3.1. Netblocks delegated historically to NZGATE-NZ

The addresses concerned have all been delegated from within the NZGATE-NZ
networks as recorded at APNIC, which are described as:

  netname:     NZGATE-NZ
  descr:       NZ Gate National Service Provider
  descr:       Component of University Of Waikato
  descr:       New Zeland

The netblocks currently assigned to NZGATE-NZ are:

  inetnum:     202.27.0.0 - 202.27.255.255
  inetnum:     202.49.0.0 - 202.49.255.255
  inetnum:     202.50.0.0 - 202.50.255.255
  inetnum:     202.36.0.0 - 202.37.255.255
  inetnum:     203.96.0.0 - 203.97.255.255

The netblock 203.96.0.0 - 203.97.255.255 is perhaps erroneously attributed
to NZGATE-NZ here - in fact, this block was delegated to an APNIC
confederate member, NZNIC, operated by the University of Waikato. NZNIC
no longer operates [3.2].


3.2. Transition of NZGATE services to other providers

The following message outlines the events surrounding the transition of
international internet transit from NZGATE to other providers in early
1996, as recalled by John Houlker of Waikato University (quoted with
permission).

  From: John Houlker <john@waikato.ac.nz>
  To: ccc_rex@waikato.ac.nz, "'Joe Abley'" <jabley@clear.co.nz>
  Cc: asjl@netlink.co.nz, Jamie Clark <jclark@clear.co.nz>,
          Roger Hicks <rhicks@clear.co.nz>
  Subject: RE: [jabley@clear.co.nz: NZGATE-NZ]
  Date: Tue, 22 Sep 1998 16:38:45 +1200
  X-Mailer: Internet Mail Service (5.5.2232.9)

  Joe

  > I would be very interested to hear your views on my original e-mail, which
  > is attached; in particular relating to Brett Telfer's comment, quoted in
  > the Herald:
  >
  >   "Netgate service specialist Brett Telfer says most of the Waikato
  >   University provided IP addresses passed to the Telecom subsidiary when
  >   it took over the running of NZ Gate in late 1995."
  >
  > It was my understanding that NZ Gate had ceased to exist in its former
  > role, rather than being subsumed into Telecom?

  Telecom (i.e., Netway) did not "take over" NZGate, but nor did NZGate
  instantly "cease to exist" (such a step was simply not possible).  Netway
  did become NZGate's supplier for a significant period while NZGate gradually
  reduced out of existence (I believe this started in January 1996).  At the
  time NZGate shut down its international links this was phased with the
  introduction of commercial providers offering international capacity at the
  NZIX, but it was a complex transition with Telecom and Clear only slowly
  coming to grips with international IP services, and NZGate clients only
  slowly working out what they should do.

  The NZGate international circuit contracts came up to expiry in January 1996
  (and we were in no position to renew for a further 12 months) and the NASA
  "PACCOM" access was supposed to cease in February 1996 (in the event it
  didn't, but we could not count on further access to the NASA FIX-WEST
  gateway beyond that date).  We were not in a position, however, to disperse
  all the NZGate customers to direct supply from the newly establishing
  commercial suppliers (Clear made a late start with limited bandwidth,
  pricing was still under negotiation, all this was proving harder for the new
  entrants than they expected).  Indeed we were asked to keep NZGate going to
  give our clients more time to sort out alternatives.  As a result NZGate
  continued as a reseller, i.e., an intermediate IP provider, and we bought
  our international supply from Netway (our only option at the time).  The
  University network "Kawaihiko" ceased being a customer of "NZGate" and moved
  to buy directly (also from Netway).  As you know, somewhat later Kawaihiko
  took the considerably more complicated step of "multi-homing", buying from
  Netway and Clear in parallel (and later again, also from Telstra).

  In this way Netway "inherited" the NZGate address blocks as they were at
  that time - since they became suppliers to the remains of NZGate, and
  Kawaihiko (and they later picked up the then "CRINET" and AgNet as well).

  I would be interested in your comments,

  I haven't seen the Herald article, but it does sound like there are sites
  that don't yet know the implications of moving provider.  In terms of the
  old blocks of former NZGate addresses it could indeed be most useful to get
  special treatment from the APNIC to allow greater flexibility in on-going
  devolution of the original NZGate group.  As things stand Telecom have no
  option but to comply with APNIC requirements on efficient use of address
  space (this does not apply to the "NZNIC confederation" space that Waikato
  allocated to ISPs - in an attempt to assist portability - i.e.,
  203.96.0.0/15, which is entirely independent.

  Whether or not the APNIC would agree to a special approach here, it seems
  there may be existing customers of Telecom (or of ISPs using Telecom) who
  aren't yet aware of the portability issues.  If not, perhaps some publicity
  drive out of Telecom and/or perhaps NZNOG contacts could spread the word.

  I asked Jim Higgens if ISOCNZ has good contacts to spread information to
  ISPs but I gather that (especially given the demise of ISPANZ) NZNOG may be
  the best shot.

  John


4. Contributors

  Joe Abley, CLEAR Communications Ltd <jabley@clear.co.nz>
  John Houlker, Waikato University <j.houlker@waikato.ac.nz>
  Andy Linton, NetLink Communications Ltd <asjl@netlink.co.nz>

Many other people have contributed feedback and ideas through the NZNOG list.


5. Document History

$Log: nznumber.txt,v $
Revision 1.5  1998/11/26 00:59:33  jabley
Modified in response to feedback from NZNOG

Revision 1.4  1998/10/08 09:23:46  jabley
Some further clarification

Revision 1.3  1998/10/08 09:01:42  jabley
Modifications following comments from jhoulker

Revision 1.2  1998/10/08 00:22:36  jabley
minor typo corrected as pointed out by wellingtonian pedant

Revision 1.1  1998/10/07 13:01:32  jabley
Initial revision