ARIN Proposal

Michael Dillon michael at MEMRA.COM
Mon Jan 20 20:49:17 EST 1997 

On Mon, 20 Jan 1997, Karl Denninger wrote:

> ANY ISP which obtains non-portable blocks and then resells anything which
> can't be instantly renumbered has a huge problem.

ISP's can take preemptive actions to protect themselves from some of this
and there are ways in which they can deal with renumbering to alleviate
some of the problems. Of course, life is not perfect but it's often not as
bad as it seems.

> 1)      Static IP individual customers (I know that registries HATE this
>         practice, but it really *IS* quite address-conservative if you
>         do it right -- and for ISDN LAN-style connections it is the ONLY
>         way you get interoperability with all hardware across the board!)

If a LAN customer wants to protect themselves from renumbering problems
they can do two things. One is to run a DHCP server for all internal IP
address allocations so that renumbering is quick and painless. The other
is to use RFC1918 addresses internally and access the Internet through a
proxy server thus requiring no more than two IP addresses (one on the
router and one on the proxy server). Then renumbering requires only two
pieces of equipment to be updated.

> 2)      Web servers.  Folks, try forcing all the DNS caches on the net to
>         flush instantly.  Can't be done.  You WILL screw customers if you
>         renumber their servers.  The depth of the "screwing" is not under
>         your control, and will CERTAINLY by more than a full business day.
>         You WILL lose customers over that event.

Instantly is a problem. However if the changes are planned you can adjust
the expire time of DNS downwards in steps so that there are only very
short term caches to be flushed at the switchover point.

> 3)      Dedicated connections.  Go ahead.  Call your customers and tell
>         them THEY have to renumber their LANs.  Try it once.  See how many
>         customers you have left and how likely it is YOU get sued based
>         on either a tort or equity claim.

With both this situation and the web server situation there is no reason
why you cannot maintain the old provider connection and the old provider
addresses simultaneously with the new. You don't even need to run BGP to
do this, you just end up with an asymmetrical network in which address
block A travels via provider A and address block B travels via provider B.
I find that ISP's usually change providers because of oversold capacity
problems, i.e. the service is too slow, so the customer relations approcah
is that they can stick with the old addresses and the old slow service or
they can renumber and gain the speed boost as a benefit. Their choice.

> You WILL lose a BOATLOAD of YOUR customers if you get boxed like this.  The
> only option you have left as an ISP is to sue the people who are putting
> you in the box.

In order to successfully sue for damages you have to prove to the courts
that you have taken steps to minimize those damages. I believe that there
are enough possible ways to minimize the damage that the few customer you
may lose would not be a hardship in the vast majority of cases. Since most
ISP's will run into renumbering when they are increasing capacity due to
growth, there is an incentive for the customer to renumber and presumably
there is enough new business to compensate the ISP for a few lost
customers.

I think it is wrong to imply that renumbering necessarily results in lost
customers. If an ISP has a strong relationship with their customer and is
proactive in explaining the reason for renumbering then they will not have
problems. Far more business decisions are made based on personal
relationships between customer and supplier than are made based on
these sorts of technical issues.

> The only way you can PREVENT having this happen with provider-based space is
> to "marry" the company that has the block.  Now, do you really want to do
> that?  Do you want to EVER be put in the position where you have a supplier
> that you just CANNOT get rid of?  No matter what you do?
>
> No businessperson in their right mind would accept this as a business
> premise.

I disagree with the basic premise. Especially since there is well
understood technology that not only makes your customer independent of
upstream address changes but also makes them independent of you, the
supplier. It is to their benefit to learn about and use this technology
especially since proxy technology also brings along the protection of a
firewall.

> Therefore, every ISP must be an ARIN "associate" if they have an ounce of
> sense, and they must be able to get those magic /19s (or larger if they can
> justify them).

I disagree. Not all ISP's have the same business planm or offer the same
services. Those ISP's who have multihoming on the business plan already
know about these renumbering requirements because they have been in place
for over a year. It may be trial by fire to go through a renumbering but
competent ISP's have already done so and survived with their customer base
intact.

> To fail to provide that on a *level* playing field is going to invite
> lawsuits -- I'm talking SERIOUS lawsuits here -- not based on some trivial
> matter, or to annoy, but multi-million lawsuits which are based on *HARD*
> damages to companies and their customer base!

Anybody with that kind of money tied up already has PI (Provider
Independent) address space. If not, they are bonehead incompetents
because this subject has been broad public knowledge in the industry for a
long time.

> This is why we worked VERY hard to get Provider-Independant space when we
> needed original space, maintain that stance through whatever process is
> necessary today, and urge OTHERS to do so as well.  It is also why ARIN must
> be *CAREFULLY* constructed to insure that it meets the essential need of NOT
> interfering with normal business operations and vendor/supplier
> relationships.

Nothing wrong with this at all. If an ISP really does have a business plan
that requires /19 address space or better then there is no reason for ARIN
to prevent them from getting that space. But the key thing is that it
should not be possible to just buy /19 space and it should not be possible
to just request the space and get it tomorrow. If the company has money to
throw around they can hire consultants and network engineers to produce a
workable and believable network architecture which justifies a /19. And
if a company is so lazy that they can't prepare a network plan then they
are arguably so incompetent that they could never reach the size which
justifies a /19 anyway.

>  If it serves to tie INDIRECT customers to a given vendor,
> not only will the vendors get sued but so will ARIN and its board -- and
> THAT eventuality is a very un-good thing.

My understanding is that ARIN is only applying the address allocation
policies that have been agreed upon by the international Internet
community, thus any lawsuits would have to include IANA and the IAB as
well. I think the prospect of getting anywhere with such a lawsuit
would be daunting to most any potential attacker. But if you seriously
believe that this could happen then it is certainly possible to increase
ARIN's fees to cover the legal fees and liability insurance that would be
required. After all, nothing is cast in stone yet.


Michael Dillon                   -               Internet & ISP Consulting
Memra Software Inc.              -                  Fax: +1-250-546-3049
http://www.memra.com             -               E-mail: michael at memra.com

More information about the Naipr mailing list