Almost 20 Years of RIPE NCC: A Personal View on Current Challenges Daniel Karrenberg Fellow NetWorkers, It is now 20 years ago that we started to build the RIPE NCC. That is quite a long time ago and the Internet has come a long way since. The official 20th anniversary will be on the second of April next year, just before our meeting in Ljubljana. Today I will not give you a birthday speech; celebration is for the next time. Today, with the kind permission of the programme committee, I will take ten minutes to give you a personal reflection on the challenges ahead in the context of what we have already achieved together. Much of what I am going to touch on will be the subject of discussions during this meting. So you can also take this speech as an indication of what I consider important this week. 20 years ago the European Internet was starting to grow significantly. We had started RIPE two years earlier and it had become clear that we needed a secretariat. A secretariat to perform some day-today coordination tasks that had become too much of a job for volunteers. The most important task at the time, and notably still today, was to maintain a database of operational contacts: the RIPE Database. Another task was to help organise the mechanics of the RIPE meetings. That has not changed either. Because this secretariat was all about coordination we called it the 'RIPE Network Coordination Center'. This NCC also already provided statistics based on measurements, like we do today. Many of you will remember the famous RIPE host count. When the RIPE NCC started operations, the registration of Internet number resources was still provided by the United States government. Many of us realised that this would not scale and soon the RIPE NCC became the first regional Internet registry. We helped to scale up Internet number resource distribution, one of the few central coordination functions in the Internet architecture.We did so by regionalising it and by building a bottom-up self-governance structure for it within RIPE. We did all this in a calm and determined manner based on consensus. We can be quite proud of these achievements, especially because our way of doing it was later emulated in other regions, even in North America. We can also be proud that we have been good stewards of the IPv4 addresses, and that we are managing the run-out of the IPv4 address pool quite well we have the policies and the structure the is necessary to see it through without major discontinuities. Nowadays also most governments themselves respect our structure and achievements. Competing established institutions, like the ITU, can *not* do a better job by a fair margin, despite some claims to the contrary. The reasons for our success as a community are these: first we know our stuff, second we succeed to achieve consensus across different opinions and interests, and third we adapt well to changing circumstances like the IPv4 run-out. I am proud of our achievements and I believe we all should be. Let me now come to the challenges ahead and some important topics at this meeting: The next big challenge before us is to make the IPv6 Internet perform better than the IPv4 Internet. Unfortunately, we will have to operate two similar but largely separate network layer infrastructures for some time to come. We simply have no alternative available to us that will scale. It is time we all fully realised this, and worked together to make the IPv6 network not only perform as well as the IPv4 network, but *outperform* it. This is vital in order for the Internet to scale - as it must - and for the Internet to remain as open and universal as it is today. As an engineer, I am convinced that it would be a waste of energy and resources to extend the lifetime of the IPv4 network using allmsorts of kludges. Some are calling IV6 a failure today, because it is not deployed as rapidly as they expected. But Let us not just stare the adoption rates. Let us build a production IPv6 network that outperforms the IPv4 network even in times when investments receive extra scrutiny. It is in these times especially that we should be wary of wasting our scarce resources on kludges to extend the lifetime of a technology that will not scale. - Talking about extra scrutiny of expenditure let me spend a minute on the money that most of you, the members of the RIPE NCC association, spend on the RIPE NCC. As an employee of the association it is not my place to discuss details; you members will do that on Wednesday. But let me say this much: All those 20 years the RIPE NCC membership has done a good job of making sure that their money is well spent on coordination activities that benefit the RIPE community. We also have maintained consensus that the charging scheme by which this money is collected is recognised as 'fair enough'. In times when expenses are scrutinised more than usual, there have always been some who would argue for cutting back activities of the RIPE NCC; especially activities not directly related to number resource distribution. I have observed that these arguments are often based much more on emotions than rational reasoning. In these times we often hear: "If *we* have to cut back ourselves, why should we continue to pay for *them*?" To this I have to say first of all that the RIPE NCC is *us* and not *them*, it is an association of the members after all. In addition, I remember quite well the late 1990s, the time of *the* bubble. The work of the RIPE NCC was suddenly increasing manyfold. However, it was near impossible to hire qualified people to do it. Most people at that time wanted both high salaries and stock options. We could offer neither. Then, once the bubble had burst there were the calls to cut back the RIPE NCC budget supported by little more than that "everyone" had to cut back. Ironically some of the more vociferous proponents of cut-backs were the very same people who would not consider to take a job with the NCC before, - for lack of stock options and high salaries. There was no logic in that, but there were a lot of emotions. Today the facts are that the Internet business is not generally shrinking, and that the RIPE NCC membership is still growing at an astonishing pace. So, do we really need less RIPE NCC? Or do we rather need more? Let us also consider the absolute amounts we are talking about: If we were to divide the budget that is currently before the executive board evenly among all members, then each member would have to pay a bit more than 2000 Euros next year. This is not a trivial amount of money in some places, I agree. But compared to other costs of being in the Internet business, it is definitely not of major concern either. My fried Rob Blokzijl has been trying to convince me that we should indeed just divide the cost by the number of members; a very simple charging scheme. Rob has not been able to convince me that charging everyone the same amount would be considered 'fair enough' by most of you. On the other hand, I ask myself how complicated a charging scheme has to be in order to be considered 'fair enough'. But above all I urge all of us to remain rational and not let this discussion become emotional and jeopardise what we have achieved. [The following, final, section of the speech was not actually read due to force majeure.] Another technical challenge before us is the security and reliability of the Internet routing system. I believe that we have actually done pretty well with this despite various incidents, and the justified concerns that have risen slowly over the last decade. As a community we have kept the Internet layer 3 infrastructure working well; and we have done that in the face of phenomenal growth. We have managed to maintain the basis of success, - the *autonomy* of the participants. The very autonomy, that allows them to make *local* decisions when building their part of the *global* Internet. It is not for nothing that we call the important elements in BGP routing "*Autonomous* Systems". Yet a number of us feel that stronger mechanisms are needed in order to ensure continued routing system reliability. That feeling is shared and amplified by governments and institutions that are concerned with the security and reliability of the Internet. Hence, we have developed the RPKI, a PKI infrastructure that is designed to enhance the stability of the routing system while at the same time maintaining the autonomy of all participants. The art in deploying such mechanisms is to choose for the bare minimum of central elements that are needed for the desired result. None of us wants a centralised "Off-Switch" for parts of the Internet. We have not finished that discussion. In fact, I observe that much of the discussion suffers from the lack of real tangible implementations from router vendors. Implementations, which we can touch, try, and be convinced that they provide the enhanced stability while maintaining the autonomy that each participant needs to be successful. Of course we will not see actual router implementations unless the vendors are convinced that the underlying infrastructure, the RPKI, will eventually exist. Hence, we have created and started to operate RPKI infrastructure at the RIPE NCC and other RIRs. Some of you have in fact recently started to generate certificates and, more importantly, ROAs in this infrastructure. This has causes vendors to do their part and implementations are in the pipeline. Maybe at this point it is best to wait for the router implementations to get into our hands and to gain experience with these tools. Once we have tried out something tangible, it will be much easier to both debate and decide how to evolve the policies and operation of the RPKI. If we continue debating before that has happened, I fear that we will just re-iterate arguments in a meta discussion and, more seriously, we will lack the practical experience that is neccessary in order to make good and lasting decisions. There is no reason for haste. I do not see the imminent collapse of the Internet routing system. We have built something quite strong over the past twenty years. So let us proceed with due care. Thank you for listening to my views about what is going to be important this week. I look forward to discuss with all of you during the meeting and of course to meet you - working on the net.