[ppml] Incentive to legacy address holders

John Santos JOHN at egh.com
Sun Jul 8 21:47:07 EDT 2007


GD it.  Why can't I reply properly to this?

Some where you say "All I need to do is sign an RSA and pay my
$100 per year, and I get to keep my addresses for ever."

Is this really true?

I have a legacy class C (/24) that used to be connected to the
Internet but no longer is.  Our orignal ISP (TIAC, hi there Martin),
published a route to us.  Later we switched to another, larger
regional ISP which also published a route to our class C.  About
a year ago we switched ISPs again, and now have a handful of
ISP-assigned addresses, and use outbound NAT to reach the Internet
and inbound PAT to reach our servers from the Internet.

But here's the rub, we also have 3 private connections to 3 of
our customers, 2 via SSH tunnels over the Internet and 1 via a
private T1 circuit.

All 3 private connections are firewalled at both ends to allow
a certain subset of our original class C hosts to connect to
various subsets of our customers' hosts via various protocols.

If we were to renumber using RFC1918 numbers, we would have to
ensure none of our hosts collided with any of the 3 different,
competing customers, all of whom have their own RFC1918 usage,
and, much harder, ensure we also don't collide with any of those
customers' future use of RFC1918, nor any future customers we
network with, nor with any other vendors or customers they
our customers eventually network with.

This is on top of the pain of coordinating a renumbering with
3 other parties.

But we only have about 100 assigned addresses at the moment.
Probably about 30 of these need to be accessible to the customers'
networks.  So I don't think we would qualify for a /24 PI under
the current rules.  Not because we don't need provider-independent
addresses, but because we don't need enough of them.

Under these circumstances, I can't see any sense in doing anything
else but what we are doing now, continuing as a legacy, non-RSA-
signing holder.


-- 
John Santos
Evans Griffiths & Hart, Inc.
781-861-0670 ext 539
-------------- next part --------------
In a message written on Sun, Jul 08, 2007 at 07:17:06PM -0500, Robert Bonomi wrote:
> Sarcastic or not, you materially misrepresent what the letter says. :)
> 
> It says that *IF* you connect to ARPA, or DDN you musc go through a BBN
> gateway, or the gateway of another ASN, and that some gateway to ARPA or
> DDN (yours or that other ASNs) must speak EGP.
> 
> If you're *not* connecting to ARPA or DDN, then those restrictions are moot.

Actually, I believe you got what I was trying to get across perfectly.

> Now, if/when the time comes that major network operators 'cannot' get additional
> address-space assignments -they- need, because of a lack of 'unassigned'
> address-space, *AND* there are significant blocks of 'unannounced' space,
> one *will* see operators starting to use that space, regardless of what 
> the 'authorities' decree. 

Exactly.  Back to the original poster's argument that he was not
bound by RFC 2050 because his allocation predates RFC 2050.  If the
operators, 99.9% of which are bound by 2050 decide those principals
should apply to legacy space they will apply.  It's not hard to
envision a future where operators require holders of large blocks
to show they are efficiently utilizing them prior to connection to
return them to ARIN simply because there is no more IPv4 space and
that's the only way the industry as a whole can create a more.

Is it likely, I sure hope not.  But it's far from impossible as well.

> The _only_ tool available is 'persuasion'.

Yes, but persuasion comes in many forms.  While at the end of the
day it may be all ARIN does is some begging, ISP's may force the
issue by dropping routes.  The government may step in and "fix" the
situation as part of saving the national infrastructure from
terrorists or some other nonsense.

Which comes back to my point.  If I were a legacy holder I would
see those as significant risks.  If we get to a point where Microsoft
and Google and IBM and GM say that they can't do business because
there are no more IPv4 addresses and you're one of the people who
has a letter from someone who can't be found anymore, that isn't
even on stationary, and only talks about networks that ceased to
exist 15 years ago who do you think is going to win and who is going
to loose?

If I was a legacy holder of a smaller block (the /8 people are a
different story, but small in number) I would be jumping to comply
with current rules (which isn't all that hard) and sign an RSA.  In
particular, if I were a legacy holder that can't find my original
letter and/or e-mail (and I bet there's a few) I would be beating
down a path to ARIN's door to get a signed document dated this year
saying I have an assignment under current rules.

In short, legacy holders are (in my opinion) running a huge risk
by not staying current with the changing process.  I would like to
persuade them to work in their own best interest, which I think is
also in ARIN's best interest.

There's also a significant second part of this problem that we keep
ignoring.  Estimates exist saying 10-20% of the legacy space is no
longer in use by anyone.  It was given to someone who is now dead,
or to a corporation that no longer exists.  It's not routed, and
in some cases hasn't been over over 10 years.

I doubt very many people would object to putting a dead person's
address space back in the free pool.  Surely being given the block
does not mean we must keep it reserved in case of reincarnation.
Who has the authority to recover those blocks?  Put the other way,
who has the authority to demand a legacy holder simply stand up and
say "yep, still here, still in use", as that's the only way it's
going to happen.  Surely we haven't put all these addresses in the
virtual bit-bucket because of some implied "no one will ever ask
you later if you're still using it" clause.  But can ARIN do that?
IANA?  Does the government have to come back and do it, since they
gave it out?

-- 
       Leo Bicknell - bicknell at ufp.org - CCIE 3440
        PGP keys at http://www.ufp.org/~bicknell/
Read TMBG List - tmbg-list-request at tmbg.org, www.tmbg.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20070708/5161c5c6/attachment.sig>
-------------- next part --------------
_______________________________________________
This message sent to you through the ARIN Public Policy Mailing List
(PPML at arin.net).
Manage your mailing list subscription at:
http://lists.arin.net/mailman/listinfo/ppml


More information about the ARIN-PPML mailing list