[arin-discuss] The joy of SWIPping

In my experience ARIN does not care about the accuracy of the
SWIP/RWHOIS info when assessing a member for additional IP address
blocks. Instead, they are happy to accept detailed data from the
member's IP address database.
 
I think there are a number of reasons for this. 
 
1. They realize that SWIP updates could have gotten out of sync with the
ISPs internal database for any number of reasons. The internal database
is more likely to be correct.
 
2. They realize that RWHOIS is an hack job that has never been properly
maintained or updated, and therefore it is entirely possible that bugs
in the rwhois software, or wierdness in the text files from which the
server functions, can result in a less accurate picture than the ISP's
internal database.
 
3. They have in the past allowed some ISPs to submit SWIP data in
non-usual formats, and it is only fair to let any member do this if they
experience difficulties in dealing with the wierd non-standard SWIP and
RWHOIS formats.
 
4. Many ISPs simply will not publish their customer base in whois no
matter what ARIN says, and some of them have privately indicated that
they are willing to go to court over this. Since ARIN only needs this
data at the time of new applications, and since ARIN operates an
internal Chinese wall so that even the head of Registration Services is
not allowed to see potentially confidential ISP data, the most efficient
way to deal with this is to simply accept confidential database dumps
whenever an application is made for additional blocks.
 
5. The purpose and scope of the ARIN whois directory has never been
formally defined, nor was it ever formally defined by any predecessor of
ARIN after the DARPA. In the time of DARPA the purpose was to identify
all users of the ARPANet in order to justify budget allocations. Clearly
that is no longer true. In the absence of a clear purpose and scope, it
is hard to enforce any particular behavior.
 
6. The Internet community generally seems to feel that the whois
directory is there so that when network abuse occurs, other network
operators can quickly make contact with the source of the problem. Since
the Internet has changed and it is no longer common for assignees of IP
addresses to operate a 24-hour NOC capable of responding to external
requests, there is nothing for ARIN to gain by being pedantic about
this. In fact, the people with the problem can identify the ISP who
received the ARIN allocation and these companies almost always do
operate a 24 hour NOC and do have access to their customer's contact
info.
 
7. There is a certain vigilante community that feels the ARIN whois
directory should identify users of any IP address so that the
self-appointed vigilantes can punish the perpetrators of network abuse.
Since ARIN is not the Internet government and since there is a big
downside to being seen as the government, it is to ARIN's advantage to
*NOT* attempt to force ISPs to publish full 3rd-party (customer) info in
the whois directory.
 
By the way, what does "assign" mean? If as a hosting ISP, I configure IP
addresses into my switches and routers to enable a hosting customer to
communicate using these addresses, then this is not the same as the
classic "assignment" scenario. It could be interpreted as internal
architecture usage. This is becoming more common as more specialised IP
network service companies arise, and a single organization may receive
addresses from several different ISPs and only use these addresses for
certain purposes. In the classic scenario, an assignment was like a loan
of 100% of the address that you would need to configure all the devices
in all of your internal networks. Since NAT came on the scene, the
picture has gotten fuzzier and fuzzier.
 
--Michael Dillon
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.arin.net/pipermail/arin-discuss/attachments/20080512/55ada2e0/attachment-0001.html