[ARIN-consult] Reminder on ARIN Consultation on RPKI/BGP

William Herrin bill at herrin.us
Wed Feb 14 17:23:06 EST 2024 

On Wed, Feb 14, 2024 at 1:45 PM Richard Laager <rlaager at wiktel.com> wrote:
> In this subthread, we are talking about whether a legacy resource holder
> can issue ROAs for their legacy space, not whether others honor my ROAs.
> So the risk this helps mitigate is the legacy resource holder's space
> being hijacked.

Hi Richard,

Every packet has two customers. At least one of them pays you. It is
to service -that- customer that anyone implements RPKI validation on
their router. And -that- customer benefits every time RPKI gains an
additional participant.


> Second is the RPKI deployment argument. All it would take is one large
> network to say, "RPKI or we're not going to route it" (or the U.S. FCC
> to mandate that) and then that'd be it. Legacy resource holders would
> have to work things out with ARIN. And, at that point, the legacy
> resource holders would have significantly decreased leverage, so it
> seems unlikely that ARIN would suddenly loosen their stance.

A few months back, one network (I forget which) declared that they
would not accept -customer- routes unless they matched an IRR entry
from one of the RIRs (i.e. not RADB). No change to routes received
from peers and transits. So far, that is the outside limit that anyone
has been willing to push for refusing to route legacy addresses. It'll
be interesting to see if that sticks or if they give up on it like
ISPs gave up on trying to enforce /20 minimum route sizes for
post-legacy RIR assignments. My guess is they walk it back the first
time there's significant money on the table.


> On 2024-02-14 15:31, John Curran wrote:
>  > There are some organizations that that believe that they may have
>  > rights that exceed those expressed in the RSA – while I find that
>  > rather fanciful
>
> Would it be possible for ARIN to modify the LRSA in some way to placate
> this concern? Effectively saying that ARIN takes no position on those
> claims? What would be the practical difference; if they stop paying
> their ARIN bill, the difference would be reclaiming those resources vs.
> just stopping providing any services?

The way to do it while remaining relatively consistent with ARIN's
current business practices would be to have a second legal agreement:
an RPKI services agreement. The RPKI services agreement would apply
only to RPKI services. It would require the registrant to
-demonstrate- registration but would not include any registration
services or make any claims or warranties about such services. As far
as registration services go, it would simply continue to be an
uncontracted legacy network.

Regards,
Bill Herrin


-- 
William Herrin
bill at herrin.us
https://bill.herrin.us/

More information about the ARIN-consult mailing list