NINTH ANNUAL MEETING OF THE INTERNET GOVERNANCE FORUM 2014
"CONNECTING CONTINENTS FOR ENHANCED
MULTI‑STAKEHOLDER INTERNET GOVERNANCE"
02 SEPTEMBER 2014
INTERNET INFRASTRUCTURE: TECHNOLOGY AND TERMINOLOGY
The following is the output of the real‑time captioning taken during the IGF 2014 Istanbul, Turkey, meetings. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid to understanding the proceedings at the session, but should not be treated as an authoritative record.
>> BILL W.: So I think we'll get started. If people come in a few minutes afterwards, they'll catch up.
This session has always been an informal one, and try to take the first half with slides and try to drop a lot of terms on you. The slides will, of course, be available on the internet afterwards.
Since this conversation is likely to be a relatively intimate one, and we are hoping to spend half the time on your questions and answers, would people mind coming up to the table? Join us up here, please. Not to compel you, if you want to duck out the back, but if you are willing to join us up here, we'll be that much more convivial.
Yes, I believe there is power underneath the tables there.
So I think we'll get started, and if people come in a few minutes afterwards, you know, they'll catch up.
And I think this session has always been a very informal one. We try and take the first half with slides to move very quickly and try and drop a lot of terms on you. The slides will, of course, be available online afterwards for your reference. And, most importantly, all of us will be available to you by Email, or catch us in the hallways, and we can answer questions throughout the rest of the week.
We'll get to introductions here in a moment.
Rowan Somerjuva, I found out late last night that his flight was arriving here at 6:00 A.M. so he will not than joining us, I think, or he will show up a little later.
So, to begin with introductions. To my left, your right, Audrey Plonk, director of cybersecurity at Internet Governance Intel Corporation.
And to her left, your right, Nishal Goburdhan, who works with me at Packet Clearinghouse based in Johannesburg. He ran the technical operations for AFRINIC before that.
The Internet is ‑‑ sorry. I'm Bill Woodcock, also with Packet Clearinghouse. I'm the executive director.
So, the Internet is often depicted as a cloud, which is of course an abstraction. It is an idea that represents a lot of complexity without having to go into the details. We're going to try and take you into the details a little bit.
So, specifically, the Internet is a whole lot of separate networks that are all interconnected in a sparse mesh. That means every network does not have to connect directly to every other network in order to pass messages. You can get messages from anywhere on the Internet to anywhere else on the Internet indirectly through other networks. Transiting other networks.
So we're going to use this convention here where we have definitions for terms. A little dictionary will pop up. The distinction here is between Internet with a capital I and internet with a lower case i. This is the distinction between the Internet, which is the network of all networks that use the Internet protocol, it's the sum of all of them, versus an internet, which is just a network of connected machines or networks that doesn't necessarily use the Internet protocol.
So, with that, I will move over to Nishal.
>>NISHAL G.: Good morning everybody, and welcome to IGF 2014.
So, Bill has very kindly asked me to help out with a panel on how the internet works, and he hasn't given me a lot of speaking time, so I'm going to go through at least the presentation quite quickly and, hopefully, we'll have a lot more time to do a lot more questions later on.
We already have a paradigm for finding information. If you think about using the telephones systems that you do today, you have a mechanism where you have a name, and attached to that name is some unique identifier that you used to place your transaction, make a telephone call, for example.
And if using that example, just like how we have ‑‑ just like how you would look up my name, Nishal Goburdhan, in some ‑‑ hopefully there was a global address book, we have similar mechanisms for finding information on the Internet. Of course, on the internet things look slightly different, and we have a few different technologies that we're using. So we're going to de‑bunk some of that today. You'll see the boards in bold are the terms that we're going to discuss.
So probably starting off with what is the unique Identifier that we use? In the world that you're used to, you know that you have a unique telephone number, for example, a +27 for South Africa, followed by something else that follows.
On the Internet world, we have something called IP addresses. This is a unique identifier that you get assigned either from your Internet service provider or a different regional Internet registry or something like that when you connect to the Internet.
There are two versions of this. IPv4, which has been around since the start of the internet, way back when. So this is over 30 years ago, but as the Internet as progressed, as more and more people have come online, you all know the numbers, we have over two billion online today, we need to get more and more of these unique identifiers out, and to do that today we have a new technology called IPv6. And the number is somewhere down there. It's 340 under Scillion. That is a lot of zeroes. We're not going to discuss that in too much detail. You have the unique identifier, which was ‑‑ sorry.
You have the unique identifier, which was the IP address. The thing that will allow you to connect to some resource on the Internet. But you need a mechanism to be able to translate something that you know. How do I translate my name to a telephone number? Well, your brain does that intuitively, but for use on the Internet, we have a different tool.
The process of getting that in place we call resolution. That's the process of converting a human readable domain name to some unique IP address that we can ‑‑ we'll get to on the Internet. We do this through a query to a DNS server.
A DNS server ‑‑ sorry. A query is basically the same as saying who is or what is and, of course, we get it applied back to that. And, of course, anything on the internet has got to find the mechanism to move backwards and forward, so the jargon we use, the technical guys, is called a packet. This is the smallest transferable unit of information that can be sent. So all Internet communication literally is the exchange of packets. I send the packet as a query to you. Hi, would you like to talk to me? And you send back a much ‑‑ probably a much larger packet with more information. Yes, I would like to talk to you, here is information about what we can discuss.
So, that's a lot of jargon. Let's look at this from a practical perspective.
How does web browsing work for example? What happens when you open your browser and type in something like www.ICANN.org. Well, you've heard some of the jargon. You've heard me talk about DNS and queries. Here is a new one for you. A url or uniform resource locator. This is effectively a combination of some protocol, some language that needs to happen for communication to happen, and probably the one that most of you are familiar with, the one that drives the web today is called HTTP. The URL, in turn ‑‑ sorry. We seem to have a bit of a lag here. There we go.
The URL, in turn, contains what we call a domain name. The domain name is really our hint, our clue, for where the information we're looking for actually lives on the Internet. So looking at those two elements, we said that there would be something like the protocol that's spoken. And in this case you can see it says HTTP, or the example here is HTTPS, which is secure http.
The domain name part of the example that we're using is www.ICANN.org. That is the unique part ‑‑ that's the unique bit on the Internet that identifies this.
NO, this, in turn, is quite complex and made up of quite a few things. We have ‑‑ domain names usually start from the right‑hand side in some sort of hierarchical manner working their way down. So on the right we have .org, and .org is a generic top level name where typically nonprofit
organisations would have registered their name. The particular nonprofit that is part of this .org is called ICANN. We'll talk about that a little bit later on. And the actual machine, the host, the service that you're trying to connect to in this case is called www. So there is probably a machine somewhere just called www.
So that's ‑‑ if you combine all of that, that gives you the domain name. But that doesn't really help your computer too much. The computer sees this only as one long string. It sees www.ICANN.org. While that's great for us, we still need mechanisms to get computers to understand binary to be able to resolve this.
Before we move on, it's worth mentioning, talking a little bit about a top level domain. We've seen an example of a top level domain is .org. That is one type of top level domain. That is one we call a GTLD, a generic top level domain. Other ones that you're probably familiar with are .com. If you have been around for a while, .mo for the U.S. military, for example, but there are also special country code top level domains. I live in South Africa, and the top level domain for my Country is .ZDA. The top level for Turkey is .dr.
Today we're getting new top level domains. You may have been involved in this. You may have heard that there are lots of new names out, like .coffee, for instance, which is something that I'm quite fond of.
We also have a large portion of the Internet that is not natively English speaking, so it is really in the interest of all of us to be able to get them online. And the mechanism that we use to get non‑Latin script characters into the domain name is called IDNs. So Egypt has .naz, for example, and there is about a dozen others that are out there.
The last example you saw that we have a mechanism for getting to www.ICANN.org, we know that we want to get to that, we want to retrieve the information, what is the process that actually happens? How do we get that information pushed to us?
Let's look at the typical example. We have our computer, and our computer is trying to do this magic DNS transaction. The DNS transaction is the thing that translates www.ICANN.org to some information that our computer can then use to request the information.
So the first part in that process is, in the domain name resolution process, is that our computer has to contact our ISPs through a course of DNS resolver. That is a lot of text for saying it's a server at our ISP that will try to help us in the first step in this process. So it's going to take responsibility for finding out the magic IP address for ICANN.org.
Now, of course, our ISPs DNS server doesn't know everything in the world, so going back into the DNS hierarchy it has got to have a structure, it has got to have a way to identify how do I do this. And the first thing that it does is it tries to contact the nearest any cast root DNS server. These are special devices. They're about 1,200 of them numbered to about 13, and it asks the DNS root server who the ‑‑ asks for information about www.dot.ICANN.org. Now, of course, the DNS roots don't know everything either. What they do is they work on a system of hierarchy. We don't know about www.ICANN.org, but we do know about .org. So the root servers that apply were the IP address for the information for the .org name server.
Now, our ISPs DNS server doesn't have the entire answer, but it's one step closer. What it does is it then goes to the nearest anycast.org name server and it says hi, I'm looking for information about www.ICANN.org. And you're supposed to be responsible for.org. So I kind of expect that you should be able to tell me at least about ICANN.org. And that's pretty much what we get back
Anycast.org name servers responds with information about ICANN.org. You can see the chain of delegation has gone from organize now to ICANN.org.
Under the information about I can's DNS server we can query I can's DNS server again and say what is the information for www.ICANN.org. What is the IP address and because this is where we expect that information to live, under the ICANN.org domain, we should get an answer that says our dearest server would get an answer that says this is the IP address. Now that point our DNS server can then pass that information to our host, our smart devisor laptop or whatever it is that you want to use.
That's the first part of the transaction and that is all happening under the hood be known to you because you will you've done is literally just typed in www.ICANN.org and hit enter. You now have the IP address and you're able to contact I can's web server, if it is up. There we go. If e we are able to contact I can's web server and they will respond with the information. Maybe you're looking for information about policies or anything.
Great. We have got the process for finding information in place, but that is only part of the equation. We know whom to ask at this point. But remember I said at the start that in order to move information on the Internet we put information into packets. So how do the packets move backwards and forwards? Well ISPs have this ‑‑ and the network guys have this technique called routing. Rooting is a decision‑making process which where by data packets are folded through some sort of network, the IP network that we run the big network of networks that we call the Internet.
As we're going to see a routing example to see how this works. So we've simplified a model of the Internet for you. Here we have a very simple user on the ‑‑ my left, your right ‑‑ your left, as well. Sorry. We've got ‑‑ you have got a use other the left trying to get to content on the right‑hand side, the server. We have two ISPs and each ISPs connected to an Internet exchange point. An Internet exchange point is a place where internet service providers go in to connect and exchange information.
Now, of course, as I said this is a simplification. Aside from one user, today we have close to 3 billion users online from one or two Internet service providers, there are probably over 6,000 service providers and we're using two internet exchange points, but in reality there are 400 more Internet exchange points globally.
So how do you the packets move backwards and forwards? Well, we know the destination. We have an IP address by virtue of a fact that we're connected to the Internet. We have our own unique Identifier. That's us.
We know who we need to speak to because we've gone through the process of finding that through DNS. Now we ask our ISP to move this packet backwards and forwards.
ISPs move packets in literally one of two ways. There is a relationship that they keep with other Internet service providers called transit. Transit is a relationship where one Internet service provider pays another to carry the first ISPs traffic through their network. So it is really very simple. That is the base model for how most Internet servers providers work, at least in my part of the world.
But that is not the only model for how Internet service providers connect. Sometimes two internet service providers agree that it's in their best interest to interconnect their network and change traffic freely with each other. And that's called peering.
Typically peering happens at what we call Internet exchange points. A location, usually a neutral location where lots of Internet service providers agree to connect to and then in that shared location they exchange traffic with each other.
So, we're in the process of trying to make the connection from the eyeballs, the user to the server. The first thing we do is we send packets, we send a request to our ISP in this case, ISP red. ISP red is connected with ISP green at two exchanges. You can see the exchange on the left Internet exchange west is close to ISP red. Where as Internet exchange point east is closer to ISP green. ISP red has two potential ways to get that information into ISP green. It can go to the exchange point on the left, ISP west, or it can go to the exchange point on the right.
But what it aims to do, what ISP red, in fact what all ISPs will want to do is a technique that we call hot potato routing. So imagine holding a hot potato in your hand. And you want to get rid of this as quickly as possible. And in the same way ISPs make that economic decision to try to get traffic off their network and on to another network as quickly as possible. All right.
So now a simple example here, ISP red is handed across the traffic to the exchange point west, which in turn gets it into ISP green's network and ISP green is able to deliver the traffic to our customer. Sorry, to the content on the other side.
Now, of course, this is one part of the transaction. This is the simple request. There has got to be a reply. And in the reply the server sends information back to ISP green. And ISP green has the same choice that ISP red had a short while ago. Should I send my traffic to exchange point west or I should send it to exchange points east? Again, using the same methodology, the same idea of hot potato routing, trying to get traffic to the destination as quickly as possible and off my network as quickly as possible, it in turn will move traffic to ISP east where ISP red is connected, ISP red will pull this traffic into its network and then in turn deliver this to the user.
That's the process for how a simple Internet transaction happens.
The important thing to note here is that each ISP is involved in half of that transaction. So ISP red gets a sum of money from the user, and it uses a portion of that money, a portion of the fee that is paid by the user to provision its network, obviously its own infrastructure and connections to the Internet exchange point.
ISP green does exactly the same on the other side. So what you have are two internet service providers that are literally splitting the costs of interconnecting almost in half pretty much in half most of the time to get the Internet transactions happening. And that's what we rely on on a daily basis.
And that is my time, so I'll hand off to Audrey to finish the rest. Thank you.
>>AUDREY P.: Thank you. Have given a bit of technical review and in the next section, how they work together. This is by the Internet Engineering Task Force, which you have probably have at least heard off are in familiar with your experience so far. The Internet Engineering Task Force is distributed body of experts around the world who meet three times a year. They operate continuously with each other in terms of development of protocols and standards online, virtually, in between the times that they meet they also delegate to the IANA, just in the last day. The IANA is Internet assign numbers authority. We'll talk about that a little bit more in a few more slides, but within the ITF there is two bodies that are worth neat financing you're not familiar with this emT Internet engineering steering group which consists of the regional directors of the ITF and they're responsible for keeping things going within the ITF. They produce a lot of documents. They have a lot of communications. They plan a lot of meetings. There is a lot of work to be done with regard to that.
And there is the Internet architecture board which is a body of experts that, with deep technical knowledge who essentially provide guidance to the ITF and we will talk about later how they define and delegate numbering names and numbers to ICANN.
In relation to the few other bodies that operate in the non Internet but related to protocol place, the I triple E, which you're probably familiar with. They mostly work at layer one and layer two, signaling standards of either in the net that it's below layer three as what we think of the Internet and above is where you get I triple E standards. And then the W3C. Nishal talked about the www in the domain address. This is at layer seven, so applications and above.
Then the ITU works mostly on analog telephone and related standards that most of which predate the Internet per se.
Did I go too far? There is actually more. Got it. Okay.
So going back to ‑‑ I just want to note about the standards and the ITF, the thing, in addition to its uniqueness of being distributed in a very bottoms up consensus driven processes the importance of interoperable hardware, software that makes the Internet as vibrant and helpful as and necessary as we all know it to be today. That without that thor ‑‑ those authoritative standards, bodies who work on standardzation across protocols and hardware and software, we would have a different experience on the Internet today than what we do.
So global standards very important. Consensus building process across the industry. Open to any participation from anybody who would like to attend, is some of the unique characteristics of the ITF.
Just moving on to the unique Identifiers that Nishal talked about, they are fundamentally necessary for the Internet to operate to so the obvious question is well who is in charge of keeping that list of unique identifiers, and with regard to the IANA which is responsible for unique IP addresses and the unique domain names, those operations are defined by the IAB. We just spoke about via ITF RFCs which are requests for comments standards documents. So there is a hierarchy as Nishal talked about. And things get delegated down the hierarchy.
And from there, once the IANA has their delegation they Delegate it down to resource specific Registries and then it continues on down to we'll talk about RARs in a minute and often to service providers and eventually an IP address will end up attached to your machine or a server that you're trying to query or something.
So in addition to the IANA there is ICANN which I'm sure everybody has heard of or interacted with. The Internet corporation for assigned names and numbers, the organisation is that is loosely responsible for coordinating the domain name system of the Internet. It also host it is IANA function. It's a separate in Tau fee. It is an entity within ICANN.
I mentioned before that there are five regional Internet Registries. The delegation of unique address toes the ITF to the IANA to the NRO to the number resource organisation and then from there on to the regional bodies. You can see them listed here.
The thing that I think is important to take away from this slide or this concept is not only the hierarchy here but also the global coordination that happens among the five RIR's to maintain the unique addressing system that's critical for the Internet to continue functioning the way that it does today.
And there's a lot of policy issues related to IXP4 addresses and IXP six addresses and how policies get made within the IRRs but they're all communicate tight driven organisations with membership that people participate in the policy making process and they're, generally open organisations from a governance perspective.
This just details out ‑‑ that was a good one ‑‑ how the IANA delegates the address go space down to AP neck. AP neck is in Asia. Air is in the United States and Canada. The ripe is in Europe for those who aren't familiar with all the regions.
In addition to the RIRs there is I think a breath, a very broad technical community across the world. Often characterized in terms of network operations groups or Nogs. They are sometimes national in nature, sometimes regional in nature. We've listed a few of them here. I don't know if anybody ‑‑ if you know exactly how many there are these days.
>>BILL W.: About 30. About 30 around the world. These are folks that get together to work on operational coordination issues with regard to the Internet. There is usually a fair amount of technical knowledge and expertise that sits in these organisations so it is always a good place to go to start, you know, a discussion on technical or to some degree policy issues within a region or a Country.
In addition to that, Nishal talked about exchange points. And exchange points operations, many of the regions have regional meetings that work on exchange point related issues. There's one in Latin America, Lakix. Same in Europe. Same in Africa and Asian Pacific.
The other point here which may not be very clear from the way we wrote that bullet is the exchange points have membership and meet that is help define their operations and their policies. So also from a governance perspective open and participatory.
Just moving on. Just a few notes about advocacy. There are a lot of groups here at the IGF and many that you've probably interacted with. We didn't attempt to make an authoritative list of everything that's out there that's working on advocacy issues. As you look at the agenda for the IGFs for the last nine IGFs the topics have ranged from freedom of expression to security to ICANN related issues. Neutrality. The topics are very broad and there's different advocacy groups within those topics, but we thought we would just highlight a few today.
The first is ISAT. The Internet Society which, you know, you've probably at least heard of if not engaged with. They have local chap percent around the world.
They are really chartered with outreach and knowledge building and they're mostly representing the end user and policy making and they're very engaged in, you know, IGFs and related Internet meetings.
Another example of a group, the open net initiative is a group that works on censorship and transparency issues. They look at what Governments are doing in terms of censorship and content filtering and things like that. They public data and much of their data are cited in various reports and policy making endeavors.
The last one we thought ‑‑ we tried to sort of pick organisations that represent a different set of stakeholders T last one is the international Chamber of Commerce, which is mostly a business advocacy platform that represents the private sector not just companies like in tell and Microsoft or whoever, but a broader set of companies that use the Internet for their business.
And a few notes on ‑‑ in addition to advocacy, there is a few groups worth noting on operational support. The one Packet Clearinghouse, which Bill and Nishal are with, they provide operational support and services for internet exchange points and the domain system and I'm sure they would be happy to talk to anyone here and ask questions in that regard.
The NSRS the network start up resource centre they also provide training materials to people in their communities who are work to go connect to the Internet.
First on the secure tight side is a form for incident response security teams is a global coordination group that tries to connect security incident response teams in order to share information better to respond to security incidents on the Internet, of which we know there are many.
Let's see. That was the last one.
>>BILL W.: So let me, yes. This is live. I will turn it over to you guys for questions at this point and we'll try to cover all the many issues that time has been too scarce to throw into the slide deck. We have 22 minutes left.
Who will start with one? Pinder.
>>PINDER W.: Hi. I'm Pinder Wong from Hong Kong. You mention uniqueness in several aspects. Unique IP addresses. Why is it important for these identifiers to be unique?
>>BILL W.: Nishal?
>>NISHAL G.: Good morning. Thanks. That is a good question.
Effectively, think about it this way. How do you achieve uniqueness in the world? If I today say, Pinder, I would expect you to respond. I wouldn't expect anybody else to respond.
When you're communicating with somebody, at least across the Internet, you wants your communication to be one to one, right. That is the kind of expectation that we have. I want to talk to you. So I say Pinder and you say yes, Nishal and once we loosely authenticate with each other we can then have that communication.
So I need a way to identify au across the Internet. Of course the way to identify you, maintain your uniqueness have to have a branch that follows it. There has to be some sort of loose hierarchy in the hierarchy that you would have seen Audrey describe where the numbers come out while the ITF gives the authority to delegate the numbers and the IANA pushes that across to the Re I's and they go across to individual users.
You don't want to be in a position where ‑‑ how would you complete a transaction if ‑‑ sorry. It would be extremely difficult to complete a transaction if half of what I was going to say was going to go to you and then somebody else popped up and pretended to be you and I would pretend to talk to them as well.
So, you know, there is security issues that you can think about there. There is long‑term communication problems. So if you want to have a long communication with somebody, say sending an Email, that is usually a good few hundred packets. You can't do that if you're trying to send to multiple people. You don't know exactly whom you're speaking to.
If you think back, I'm sorry it's a long answer. If you think back to the model of the Internet, the model of the Internet was really simple. The model was as long as you knew whom you wanted to speak to, and that person was able to run a service, then you would be able to connect to them.
That is an important concept. I think we've lost track of that a little in the way we're running the Internet today, but the idea was that if you had a web ‑‑ if you add server sitting on the west coast of the United States, and if you knew how to address that, and you had a piece of software, you had code that could run on that server, and you had a client, you had a different piece, something that could request code and you were in, oh, say, research centre at Sin, could you send information without any knowledge of what was inside. Could you send information to that unique address that was expecting to listen, expecting your response and that could reply to you.
And having that open mechanism, that open unique connectivity mechanism t open mechanism of the Internet where you don't have to worry about how do I get my data there? All you care about is I'm handing it off to an ISP and an ISP then becomes responsible for delivering this to me. That is really important, because that is how we develop the Internet.
If you think about something like the web, the web was an overnight ‑‑ I wouldn't say overnight. I was an over weekend introduction for us. But if you can't contrast with some other systems on the Internet that don't have this hope model for connectivity. We've taken years to get things like DTMF, you know, dialing in my Country.
>>BILL W.: Go ahead.
>>NISHAL G.: So I think, yes, that I agree with what Nishal said. Perhaps even more simply is the idea that you want to be able to communicate with whether it is a machine or an individual behind a machine and if the identifiers aren't unique in that regard you don't ‑‑ you won't necessarily know that you're getting to the place that you want to get to.
In addition to that, the value proposition of the Internet to a large degree is sort of global network of information that everybody can take advantage of and, so, the uniqueness is really fundamental because if I go to www.ICANN.org and I see one set of content and Pinder is in Hong Kong and go to www.ICANN.org and sees a different set of content, then the value that we've sort of created by having this global network to distribute essentially communications and information is broken apart and the breaking apart is, you know, it's not advantageous to consumers to business to end users who are looking for data and information.
>>BILL W.: So just very quickly add that what we've just been talking about here is Unicast means I want to talk to one specific other person and so having a unique address allows me to talk to that specific other person or machine.
There is also broadcast. So broadcast is if I yell, hey, everybody, there is a identifier in here, get out, right. That is a communication from one to everyone. It is also multi cast, which is from one to whoever is interested. So it's not necessarily everybody, but anybody who cares about that content can subscribe and receive a copy of the packet.
Lastly, there is any cast, which Nishal mentioned in the context of the domain system. Any cast is whoever is nearest could you pick up that pen I dropped. That's talking to one entity but not an entity that I know in advance which one is. It's just whoever is near us of a set of people who are applicable.
So, move on to the next question.
>>AUDIENCE: So the first is just what is the relationship between the regional Internet Registries and the ISPs? Sort of what are the different roles or accountabilities between them?
And then you mentioned those five RIRs were kind of open participatory communicate tight driven entities, and if you could explain a little bit more about what the avenues for participation in those are.
>>BILL W.: Maybe Nishal should start, because he was the chief technology officers of AFRINIC.
>>NISHAL G.: Thanks. What is the difference between Regional Internet Registries and Internet service providers? If you sort of remember the chain, they're the unique IP addresses. They then need to be distributed and they get handed out to different regions. So they're five RIRs. There is Latnic, AARON for North America, which is Canada, U.S. and some islands. The IPNC which handles Europe, AFRINIC and AP that does Asian Pacific. If you think about the total IP addressES they handout branches of that to these five RIRs to these unique ‑‑ sorry these Internet Registries.
The Internet registries they then have processes, they have their own separate policies and own separate processes so handout IP address toes their membership.
Membership of an RIR is usually to people like Internet service providers, web hosting companies, pretty much anybody that has to do anything in the Internet business in their region.
Now each of the RIRs have their own mechanisms and their own unique bits and quirks for membership, but that is what it comes down to.
If you operate an Internet business in one of these five regions then you will get or you can get IP addresses from the RIR that's responsible for your regions.
So that relationship effectively ISP RIR is sort of retailer/wholesaler. I get addresses from my RIR.
The second part of the question was how do policies work? Did I remember that correctly?
>>BILL W.: Said it was open.
>>NISHAL G.: Open. Right. So the RIR's work in what is called a bottom up model. Effectively what happens with the RIR is they each have their own community. I'm from South Africa. Obviously this is part of the African communicate tight and I can tell you a bit about the AFRINIC process, which is similar, but only ‑‑ but potentially slightly different from what may happen in the American region or may happen in the European region. Those slight differences if at all only come about because of the scale of the networks in some cases. So in some cases what will happen is the region itself is responsible for setting rules for how the RIR will operate.
One of the simplest rules that the region sets is what is the smallest block of address space that I should give to an ISP. So as the ISPs, as the web hosting companies in the region they would have been a policy, there would have been open discussion. All the RIRs have at least two meetings every year and they have active mailing lists.
There would have been discussion on these mailing lists, discussions at these meetings to say how much address space, how much unique IPv4 or unique IPv6 address space should I give to one of my members. And, you know they develop that idea and when it was complete they would call eight policy and that policy has to be ratified by the community and whatever other rules that are typically inside the RIR.
And then the RIR operates specifically au covered to go those policies. That is a founding basis for how the RIR system operates. So you have got this bottom up feeding process into this sort of open collaborative policy setting that then drives how the RIRs operate. As I said allocation of resource says just one policy.
>>BILL W.: There is a very important term that we have not defined yet which you'll here a lot over the upcoming week which is multistakeholderism.
Audrey, could you help define that in this context?
>>AUDREY P.: Well, that wasn't what I was going to say, but however, I was just going to answer your question a slightly different way to say that with regard to the ISPs relationship to the RIR it's a membership driven organisation so they join their regional Internet registry as a member. There is usually some nominal dues related to that and I'm not sure what that is for each region, but it is not just ISPs that are members of the RIR as Nishal said. It's also other companies and organisations that have a need to request addressing space from their RIR.
Regard to multistakeholderism, to be a bit provocative I would say that there is not necessarily one agreed upon definition, but it is generally, perhaps, understood to mean participation from a variety of what we like to call stakeholder groups. Usually that means people from any, you know, any viewpoint or any part of the community, whether that be technical folks like Nishal representing now PCH but formally NIR or an advocacy group like the open net initiative that I mentioned or, you know, there is a whole youth contingent here at IGF where there is young people participating.
Really it means that, essentially, anybody can come, but more important not just that they can come, but that they have equal sort of power in the conversation so that there isn't a decision making thor tight of one person being one group being more powerful than another in terms of what happens with regard to the discussions and so that's I think generally what people mean by multistakeholder.
>>BILL W.: Yeah. I think that is one of the really important defining characteristic of the Internet unlike pretty much any other sort of global scale project. And the Internet Governance and engineering, everything is done by the people who show up. So the policies by which IP addresses are allocated to Internet service providers who regular companies or to individuals, all of those policies are defined by the people who come to the meeting. You don't have to be a member. You don't have to pay anything. You don't have to represent anybody else. So if you're the government of Tocolow, if you're the government of United States, if you're just a 15‑year‑old kid, everyone's voice is equal in that division making process in that conversation.
Next question. Sir.
>>AUDIENCE: Thank you. So how are the IPs allocated to the regional RIR as. Do they request number of IPs? It's by size of population? How does that work?
>>BILL W.: This gets to the needs basis for IP address allocation, which is something that is sort of under continuous pressure and review, but under more pressure now as IPv4 addresses become very, very scarce.
So Europe and the Asia‑Pacific region have already run out of unassigned IPv4 addresses. So if you need an IPv4 address and you're in Europe or the Asia‑Pacific region you have to go to the market to try to convince someone to give you some, right.
There is also a bit of controversy around, for instance there is several Chinese companies that are trying to establish themselves within the African region in order to be able to get some of the remaining IPv4 addresses from the African region. Obviously this spurs debate and controversy within the African policy making community about under what terms, if any, should that be allowable.
So historically with IPv4 and continuing with IPv6 IP addresses are just numbers. They're just integers. So in theory there would be kinds of an infinite number of them, but in fact the packets have a limited amount of space in them so there is only enough room for a number of a certain size. So with IPv4 addresses, there are only about four billion. 4.3 billion addresses. Sounds like a lot, but that's fewer than two per person right now.
And how many IP addresses are you using right at this moment? There is at least one on your telephone. There might be another on your laptop. You might have a web server somewhere. You might have an Email server somewhere. That is four. And it adds up.
So there isn't enough IPv4 space. Space. We knew in 1996 this would be a problem and we began introducing IPv6 which has a much larger address space. Enough space that it is sort of in conceivable to us now as it was in conceivable to us in 1996 that we would run out of this larger space.
So, big chunks of equal size are delegated from the IANA to the regional Internet Registries in response to a request from the Internet ‑‑ the regional Internet Registries. That, in turn, is driven by the needs of their constituents within the region. So the reason why Asia and Europe ran out first is because when the IANA ran out of new IPv4 space, Europe and Asia were using space at the fastest rate. And because it always gets allocated in the same sized chunks from the IANA to the RIRs, those two ran out of their last chunk first. Whereas, Laknik and AFRINIC have several years run rate at current utilization and Aaron in America is going to run out sometime this year, probably.
Yeah, okay. Sir, next question.
>> JERALDO: Yes. My name is Jeraldo. I'm from Argentina. Maybe as a follow‑up question. I'm talking on IPv4, but I think that for IPv6 might be the same.
Very simple question. I connect to the Internet with my computer now. The server provider is going to give me an IPv4; yes. So that means that my computer might have different IPv4 depending on the server provider that I connect, correct.
This is exactly the same for the IPv6 or for the IPv6 it will be possible that I will carry always the same IP number, IP address?
>>BILL W.: So the short answer is it will be exactly the same in IPv6 as it in is IPv4. The slightly longer answer is you're saying, well, I always get a different IP address depending on what Internet service provider I connect to, but if you were an Internet service provider, you would be taking your address space with you because you would have something called an ought ton mouse system. An ought ton mouse system is a network that has IP addresses that it uses that can be advertised throughout the Internet. You can connect to anyone you want to can tell them about your addresses and they will believe you, that those belong to you.
Now, there are different ways of checking to see whether the address actually belongs to someone. If you're an end user and you get an IP address from your Internet service provider there isn't much worry about trust here, right. They're going to give you an address and either it will work or it doesn't, right. It is not a question of you getting a fake address or something.
But, if you're trying to build the whole global Internet, the issue of whether someone is asserting that an address belongs to them when it doesn't, that might be due to fraud or it might be them trying to get in the middle of like a banking transaction or get in the middle some of one else's Email to see what is in the Email. There are a lot of different reasons someone might fraudulently advertise an IP address. So there is a whole area of work being done in the IGF on securing BGP, border gateway protocol which is the routing protocol that internet service providers, anyone with an antonymous system number, autonomous system uses to tell each other about how to get to different places on the Internet.
Because, if we're here in turkey and we want to get a packet to Rome and someone says here, the shortest path is through Tokyo, we don't want to believe that, right. We want to believe that the shortest path from Turkey to roam is going to be around the northeast mediterranean somehow.
Either of you want to ‑‑
>> BILL W.: Okay. Yeah.
>>REMOTE MODERATOR: Question from online. How do we balance the influence of commercial organisations that support the Internet with the needs of its global users? There is a second part, second question. Who pays the Bill for all these different organisations the RIRs, ICANN, et cetera?
Audrey, you want to take that.
>>AUDREY P.: Could you just say the first part of the first question again. I just didn't understand.
>> REMOTE MODERATOR: How do we balance the influence of commercial organisations that support the Internet with the needs of its global users?
>>BILL W.: So I think the short ‑‑ I would say the short answer to that is the multistakeholder model that we talked about earlier and through organisations and opportunities like the IGF, I think it is a challenge when you get to some of the different governance organisations because, you know, there are different interests that are represented there depending on what the policy issue being discussed. There is a lot of meetings to go to every year and not everybody has infinite time and resources to devote to them. So I think that is a big challenge. It's one that has been on the top ‑‑ discussed starting at least for several years now, but certainly last year in Bali when there was an introduction of some new initiatives coming down to say, well, how many more things can we really support.
On the flip side of that, I would say that in terms of balancing the interests ‑‑ the question was who pays for all these organisations and there may be people may have some better answers in the world, so others should chime in, but to some degree it depends on who you're talking about. So this meeting is paid for by the Turkish government and contributions from industry in different capacities. There has been an effort to establish a trust fund for the IGF to provide for financial stability for it. That is just one example.
With regard to an organisation like ICANN, revenue is generated from domain name registration and contracts with the contracted parties.
The RIRs there is membership dues that come from the constituent members. So there is some amounts of variance in terms of how the bills get paid. You know, with regard to ICANN and the new GTLD process that's been well publicized in terms of the costs associated with that.
So I don't know if there is a more specific question about an organisation.
>>STEVE: So I would just comment back to the other person that essentially industry pays for the RIRs. In other words it is not governmental. It is not citizens, it's businesses who essentially pay for those directly.
One of the issues that I am struggling with as a lawyer is to translate the lecture that you gave this morning to judges in different countries, and I would welcome any colleagues that are here who are lawyers and have had the opportunity to try and explain this to a judge in their Country how you do that. I have certain ideas about how to do that and I wanted to share them with you. Thanks.
>>BILL W.: Can I follow up with that, because that is a very good point. I'm also particularly interested in law enforcement, so even before getting to the lawyers and judges. How does law enforcement work in the context that you've explained? For example IP addresses. How do you work with law enforcement agencies?
Let me really quickly just note that we are over time at this point and I'm going to put up our Email addresses in case anybody wants to follow up with any question that didn't get asked yet or there hasn't been time for before we go on to talking about law enforcement cooperation.
Either of you guys want to start out on it?
>>BILL W.: I'm sorry. So the question is how does law enforcement work with IP addresses?
Well, at its most simplest form what a regional Internet Registry does is Registration of the resource that is been allocated. So when an ISP comes to a regional Internet registry and says hello, we would like to get ‑‑ we can show need for and like to get a block of IP addresses, say 1,000 IP addresses, which is a small size, what the regents does is registers them in How z. That is how that works. Hows is the definitive source for where and how these IP addresses should be used.
So in the sense of something illegal happening, the RIRs don't actually have control over any of. That obviously it's whoever is using the resource that may or may not be doing something illegal. What the RIRs have is the registration information for who has the right to use that resource.
Now sometimes that resource right is abused and Bill mentioned some of that and he's mentioned some work that has been done with the RIRs and enforce that there is less badness so to speak that happens on the internet.
I think with regard to who is specifically, there is constantly a discussion and a little bit of a battle between privacy issues regarding, you know t amount of information one has to give into the who is directory and the legitimate needs of law enforcement, which there is a fair amount of debate around these days. So I think that's just something to note, that who is exists and there is some tension around how much information one has to give when one registers either a domain name or when your IP address allocation is noted.
It is less of an issue for corporations, per se, and more of an issue for individuals, but it's certainly ‑‑ you may hear about that. It is certainly a big issue of ongoing couldn't verse see.
Yeah, last year's IGF in Bali was heard after the Snowden disclosure so the majority of questions last year were about security and intelligence and interception and so forth.
With that I thank you all. Nishal and I have to rush off to a session that begins in seven or eight minutes. Again, please just catch any of us in the hallways or Email us if you have any questions that we haven't answered or if things come up over the course of the wing that we can help you understand or give you background on.
Thank you very much, very much for your time and attention.
The following is the output of the real‑time captioning taken during the IGF 2014 Istanbul, Turkey, meetings. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid to understanding the proceedings at the session, but should not be treated as an authoritative record.