[arin-discuss] Question about legacy IPv4 and RADB

John Von Essen john at quonix.net
Thu May 3 13:33:01 EDT 2012

Not sure if this is the right forum, but something came up with a  
potential new BGP customer regarding a legacy IP block (1993, pre- 
Arin) they want to advertise. This new customer is planning to buy  
internet from us, a 100MB pipe.

Whenever a customer is advertising a subnet that is not directly  
issued to them via Arin, we have a process to verify authority before  
we allow that block to propagate out to our BGP upstreams.

Since I dont want to get in trouble with the client, the info here is  
fictitious but represents the situation we need help with. Names/IPs  
have been replaced.

Here is the situation:

1. The IP block (say X.X.0.0/16) our new BGP customer wants to  
advertise is a 1993 IP block, pre-Arin, it is in the Arin whois  
database, as well as RA DB.
2. The OrgID (say AAA) for X.X.0.0/16 is defunct, does not exist at  
all anymore.
3. There are 4 POCs listed for OrgID AAA, 3 of which are defunct and  
even labeled as bad within Arin whois, the 4th (Tech POC) is valid,  
and the email address for this POC is completely unrelated to OrgID  
AAA. This "4th POC" is clearly not associated with OrgID AAA, but  
another Organization will call FOO.

At first glance, when I look at this, I think its a legacy hijacked IP  
range. Somebody got a hold of the 4th POC in some way and changed it.  
We DO NOT work with people remotely connected to hijacked IP space, in  
fact, we use the SpamHaus DROP list and wont route any of those  
suspicious IP ranges. This range is not in SpamHaus's DROP list.

Problem is I am not entirely certain if my assumption is correct  
because Merits RA DB shows a different story. If I lookup X.X.0.0/16  
in Merit's RA DB, the resource looks 100% legit.  You dont see any  
mention of OrgID AAA, no bad POCs, everything in Merit's DB is related  
to Org FOO.

Now, our upstreams all use different mechanisms to verify who has the  
right to announce certain blocks. Level3 for example uses RA DB, so in  
Level3's eye's there is nothing wrong here. But if Cogent uses Arin's  
whois database, then Cogent might refuse it because it cant be  
verified or if it is verified its very suspect.

I dont know what to do here.... All of our other BGP customers have  
been easy since they all use post-Arin IP space which is very easy to  
verify, this is the first time we've had a customer try to announce  
"old" space.

Any input would be appreciated.

John Von Essen

More information about the ARIN-discuss mailing list