ARIN-PPML Message

[arin-ppml] Draft Policy 2010-10 (Global Proposal):GlobalPolicy for IPv4 Allocations by the IANA Post Exhaustion- Last Call (textrevised)

On Nov 5, 2010, at 12:53 AM, Ronald F. Guilmette wrote:

> 
> In message <DDE139AF-24A9-4F9A-B524-2CB78272E735 at delong.com>, 
> Owen DeLong <owen at delong.com> wrote:
> 
>> rfg:
>>> Conversely, if such things DO exist and if ARIN DOES perform any such
>>> {utilization audits}
>>> then please do stop beating about the bush and just describe how that is
>>> done.
>>> 
>> Why? There are very good reasons for ARIN not to publicly disclose the
>> techniques and methods they use for conducting these audits.
> 
> I'm listening.  What are those?
> 
> Do they outweigh the many obvious good reasons to have a clear and transparent
> statement of the process that all members know they may be held to, without
> prejudice or favor?
> 
The process is documented in NRPM12 and is pretty clear.

The specific investigative techniques used inside of ARIN and they particular
smell tests they use to discover fraud should not be disclosed because disclosure
of the techniques makes it easier to circumvent them.

>> The details of any particular audit cannot be public because of non-disclosure
> 
> I took that as a given.  But that's not what I asked about.  I didn't ask
> about any _specific_ review.  I have asked about how reviews/audits are done,
> in general.
> 
Whether it was you or someone else, certain people have brought up their
belief about things that did or did not happen with specific reports that they
had made in this discussion.

> And I am still awaiting even some small clue of what such a thing might entail.
> 
Have you read NRPM 12?

> Look, I think I've made my interest clear.  I believe, based on evidence,
> that there is rampant and profligate waste and fraud in IPv4 allocations
> within ARIN-land, and most of it is unambiguously in the service of spammers.

Care to make any specific claims to back up that sweeping accusation?
As yet I am not convinced this is an accurate statement.

> The waste and fraud hasn't been a big issue for most folks.. with the possible
> exception of virulent die-hand anti-spammers like me... as long as there were
> plenty of IPv4 addresses to go around.  Next year, as I understand it, that
> is all going to change, and leigitimate companies may perhaps start offering
> their eye teeth, just to get a small bit of IPv4 space, once official
> "exhaustion" occurs.  Based on that, I think that it may be safely predicted
> that I and my current opinions (_and_ my current rudeness, such as it is)
> will ultimately be seen to have been but a harbinger of what is sure to come,
> i.e. a whole lot of other and different people asking a whole lot of very
> similar sorts of very pointed questions about EXACTLY how so many organizations
> seem to manage to get away with such apparently large amounts of waste and
> fraud, year after year.

Yes, we're running out of IPv4 addresses. Yes, there will probably be some
people so stubbornly clinging to the idea of continuing to expand the IPv4
legacy environment that they will be willing to surrender large sums of
money towards doing so. Those same people have put off the migration to
IPv6 within their organizations for years (close to a decade at this point)
because they couldn't see the need. I have little sympathy for them.

As I see it, even if you consider "rampant and profligate waste", you might expect
ARIN to reclaim, what, maybe 10 /8s worth of space over the next 5 years? The
internet is consuming 2 /8s per month. 2 per year isn't even a drop in the bucket.

Like it or not, reclamation is a slow, deliberate, careful process that takes
significant time. IPv4 is a quagmire of allocations and assignments that
were issued before ARIN existed. For those allocations and assignments,
it's very unclear that ARIN has any authority to make such reclamations
unless the resources are outright abandoned by the original recipient
or voluntarily returned.

If you think there is rampant and profligate waste and fraud in space
issued by ARIN since ARIN was formed, please present evidence. I am
of the impression that:

	1.	There is not as much fraud and waste as some people would like
		to claim.

	2.	What waste there is is primarily in legacy registrations.

	3.	Most of the legacy registrations that are not abandoned are used
		in compliance with the policies under which they were issued.

	4.	Spammers hijack a lot of space and good reclamation of
		abandoned space _MAY_ be worth while to reduce the
		impact of those hijackings. However, transition to IPv6 and
		subsequent general deprecation of IPv4 will do much more
		to improve this situation than any reclamation efforts could.

	5.	Reclamation for the sake of meeting the perceived needs for
		a continuous supply of IPv4 addresses is like giving small
		doses of heroin to a junky. It doesn't meet their physiological
		needs but it continues their addiction.

> 
> When and if that does indeed occur, I do think that ARIN is going to have to
> come up with some better answer than just saying that it's all secret, and
> that (thus) nobody is even allowed to question the process, or whether it
> is being perform fairly, or whether it is being performed with the best
> possible techniques and technology (e.g. for getting a _true_ measure of
> "hosts" within a given space), or whether it is being performed at all.
> 
I stated that the specific investigative techniques used by staff are secret.
The procedure and the policies to which staff holds resource recipients are
not in any way secret. They are, as previously stated, documented in the
NRPM.

Owen

> 
> Regards,
> rfg
> 
> 
> P.S.  Although it may seem otherwise, my actual goal is not to simply
> criticise or throw rocks at ARIN's existing utilization review processes,
> but rather to try to offer (if it would be accepted) some of my own tools
> and techniques to possibly aid and improve the utilization audit process
> further.  That would be a win-win all around I think... I and others would
> see fewer spammers on the net and the entire ARIN community might benefit
> from having more accurate utilization audits.  But in case it isn't obvious,
> I and other such wlling souls cannot possibly offer any improved technology
> which might be mixed in to improve the existing audit process if we... and
> everyone else on the planet... are all kept utterly in the dark about whatever
> ARIN currently is or isn't doing with respect to the conduct of these audits.
> 
IPv4 reclamation is far less effective in this regard than IPv6 migration.

> How can any well-meaning soul offer improvements to a process that is kept
> entirely hidden behind the curtain, rather like the Wizard of Oz?

The ARIN consultation and suggestion process?

You can always offer whatever tools and suggestions you have.

Again, the process is documented. The exact methods and techniques
used by ARIN staff to carry it out are not disclosed to the public just
as any fraud examiner or other investigative agency does not disclose
their particular methods.

Owen