[arin-discuss] Question about legacy IPv4 and RADB

Otis L. Surratt, Jr. otis at ocosa.com
Thu May 3 13:55:56 EDT 2012

I would have the client talk to ARIN. Also speak with your upstreams. 


Does this client have their own ASN?


Have your client prove that it's in fact their block.

Otis L. Surratt, Jr.
President / Chief Engineer
OCOSA Communication, LLC
321 S. Boston Ave. Suite LL06
Tulsa, Oklahoma, USA 74103

E otis at ocosa.com
O (918) 585-9882
F (918) 585-5857


Sent from my LG Thrill™ 4G smartphone with glasses-free 3D on AT&T 


	From : John Von Essen 
	Subject : [arin-discuss] Question about legacy IPv4 and RADB
	Not sure if this is the right forum, but something came up with a  
	potential new BGP customer regarding a legacy IP block (1993, pre- 
	Arin) they want to advertise. This new customer is planning to buy  
	internet from us, a 100MB pipe.
	Whenever a customer is advertising a subnet that is not directly  
	issued to them via Arin, we have a process to verify authority before  
	we allow that block to propagate out to our BGP upstreams.
	Since I dont want to get in trouble with the client, the info here is  
	fictitious but represents the situation we need help with. Names/IPs  
	have been replaced.
	Here is the situation:
	1. The IP block (say X.X.0.0/16) our new BGP customer wants to  
	advertise is a 1993 IP block, pre-Arin, it is in the Arin whois  
	database, as well as RA DB.
	2. The OrgID (say AAA) for X.X.0.0/16 is defunct, does not exist at  
	all anymore.
	3. There are 4 POCs listed for OrgID AAA, 3 of which are defunct and  
	even labeled as bad within Arin whois, the 4th (Tech POC) is valid,  
	and the email address for this POC is completely unrelated to OrgID  
	AAA. This "4th POC" is clearly not associated with OrgID AAA, but  
	another Organization will call FOO.
	At first glance, when I look at this, I think its a legacy hijacked IP  
	range. Somebody got a hold of the 4th POC in some way and changed it.  
	We DO NOT work with people remotely connected to hijacked IP space, in  
	fact, we use the SpamHaus DROP list and wont route any of those  
	suspicious IP ranges. This range is not in SpamHaus's DROP list.
	Problem is I am not entirely certain if my assumption is correct  
	because Merits RA DB shows a different story. If I lookup X.X.0.0/16  
	in Merit's RA DB, the resource looks 100% legit.  You dont see any  
	mention of OrgID AAA, no bad POCs, everything in Merit's DB is related  
	to Org FOO.
	Now, our upstreams all use different mechanisms to verify who has the  
	right to announce certain blocks. Level3 for example uses RA DB, so in  
	Level3's eye's there is nothing wrong here. But if Cogent uses Arin's  
	whois database, then Cogent might refuse it because it cant be  
	verified or if it is verified its very suspect.
	I dont know what to do here.... All of our other BGP customers have  
	been easy since they all use post-Arin IP space which is very easy to  
	verify, this is the first time we've had a customer try to announce  
	"old" space.
	Any input would be appreciated.
	John Von Essen
	You are receiving this message because you are subscribed to
	the ARIN Discussion Mailing List (ARIN-discuss at arin.net).
	Unsubscribe or manage your mailing list subscription at:
	Please contact info at arin.net if you experience any issues.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-discuss/attachments/20120503/1755722f/attachment.html>

More information about the ARIN-discuss mailing list