[arin-discuss] Question about legacy IPv4 and RADB
Otis L. Surratt, Jr.
otis at ocosa.com
Thu May 3 13:55:56 EDT 2012
I would have the client talk to ARIN. Also speak with your upstreams.
Does this client have their own ASN?
Have your client prove that it's in fact their block.
Otis L. Surratt, Jr.
President / Chief Engineer
OCOSA Communication, LLC
321 S. Boston Ave. Suite LL06
Tulsa, Oklahoma, USA 74103
E otis at ocosa.com
O (918) 585-9882
F (918) 585-5857
Sent from my LG Thrill™ 4G smartphone with glasses-free 3D on AT&T
From : John Von Essen
Subject : [arin-discuss] Question about legacy IPv4 and RADB
Not sure if this is the right forum, but something came up with a
potential new BGP customer regarding a legacy IP block (1993, pre-
Arin) they want to advertise. This new customer is planning to buy
internet from us, a 100MB pipe.
Whenever a customer is advertising a subnet that is not directly
issued to them via Arin, we have a process to verify authority before
we allow that block to propagate out to our BGP upstreams.
Since I dont want to get in trouble with the client, the info here is
fictitious but represents the situation we need help with. Names/IPs
have been replaced.
Here is the situation:
1. The IP block (say X.X.0.0/16) our new BGP customer wants to
advertise is a 1993 IP block, pre-Arin, it is in the Arin whois
database, as well as RA DB.
2. The OrgID (say AAA) for X.X.0.0/16 is defunct, does not exist at
3. There are 4 POCs listed for OrgID AAA, 3 of which are defunct and
even labeled as bad within Arin whois, the 4th (Tech POC) is valid,
and the email address for this POC is completely unrelated to OrgID
AAA. This "4th POC" is clearly not associated with OrgID AAA, but
another Organization will call FOO.
At first glance, when I look at this, I think its a legacy hijacked IP
range. Somebody got a hold of the 4th POC in some way and changed it.
We DO NOT work with people remotely connected to hijacked IP space, in
fact, we use the SpamHaus DROP list and wont route any of those
suspicious IP ranges. This range is not in SpamHaus's DROP list.
Problem is I am not entirely certain if my assumption is correct
because Merits RA DB shows a different story. If I lookup X.X.0.0/16
in Merit's RA DB, the resource looks 100% legit. You dont see any
mention of OrgID AAA, no bad POCs, everything in Merit's DB is related
to Org FOO.
Now, our upstreams all use different mechanisms to verify who has the
right to announce certain blocks. Level3 for example uses RA DB, so in
Level3's eye's there is nothing wrong here. But if Cogent uses Arin's
whois database, then Cogent might refuse it because it cant be
verified or if it is verified its very suspect.
I dont know what to do here.... All of our other BGP customers have
been easy since they all use post-Arin IP space which is very easy to
verify, this is the first time we've had a customer try to announce
Any input would be appreciated.
John Von Essen
You are receiving this message because you are subscribed to
the ARIN Discussion Mailing List (ARIN-discuss at arin.net).
Unsubscribe or manage your mailing list subscription at:
Please contact info at arin.net if you experience any issues.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the ARIN-discuss