[ppml] Policy Proposal: 2007-12 IPv4 Countdown Policy Proposal

Jay Sudowski - Handy Networks LLC jay at handynetworks.com
Thu Mar 22 02:47:27 EDT 2007 


>-----Original Message-----
>From: Stephen Sprunk [mailto:stephen at sprunk.org] 
>Sent: Thursday, March 22, 2007 12:05 AM
>To: Jay Sudowski - Handy Networks LLC
>Cc: ARIN PPML
>Subject: Re: [ppml] Policy Proposal: 2007-12 IPv4 Countdown Policy
Proposal

>It's easy to point to allocation reclamation policies:
>
>4.1.3. Invalidation
>ARIN may invalidate any IP allocation if it determines that the
requirement 
>for the address space no longer exists.
>
>4.1.4. Recall
>In the event of address space recall, ARIN will make every reasonable
effort 
>to inform the organization that the addresses are being returned to the
free 
>pool of IPv4 address space.
>
>4.2.3.1. Efficient utilization
>ISPs are required to apply a utilization efficiency criterion in
providing 
>address space to their customers. To this end, ISPs should have
documented 
>justification available for each reassignment. ARIN may request this 
>justification at any time. If justification is not provided, future
receipt 
>of allocations may be impacted. In extreme cases, existing allocations
may 
>be affected.
>
>
>However, I can't seem to find anything equivalent for direct
assignments. 
>Logic says that the authority is implied, but if we made a point of
calling 
>it out for allocations and were silent on assignments, one could argue
we 
>intended ARIN _not_ to have that power.
>
>Alternately, one can look at the RSA and find clauses that allow ARIN
to 
>revoke _any_ number resource at (4)(c)(i) and (8)(i) if its use does
not 
>continue to be in compliance with policy.  That power is pretty clear.

It would be most interesting to know how frequently and under what
circumstances ARIN has elected to utilize these provisions.  That these
policies already exist begs the question: what can the membership can do
to get ARIN staff to more actively enforce the existing policies that
speak to address reclamation?  

If these policies are rarely utilized, one possible cause for this is
that that the policies are written so broadly (eg "ARIN may request this
justification at any time"), ARIN fails to take any action at all
because they are not required to do so.  The use of "may" implies that
ARIN has total discretion as to when it would be acceptable to request
justification information and reclaim an IP allocation.  Perhaps the
policy simply needs to be refined to the point that ARIN has to take
action when certain criteria are met.  Specifically, the policy would be
littered with "must" and "shall" and not a single instance of "may",
except as a general catch all.

Here are some thoughts:

1. Semi-annual review of justification data for all allocations.  
 
	- Policy Statement: ARIN must review IP justification data for
each IP allocation once every twenty four months.

	- Rational: If a member has not requested more IP space in a 2
year period, there is a good possibility their network is contracting or
that there is no actual continued need for the existing IP allocations.


2. Random audits.

	- Policy Statement: ARIN shall conduct random audits of IP
justification data on X% of all IP allocations per year.

	- Rational: Yes, it would be unfortunate to be subject of a
random audit, but I don't think it's unreasonable to select some low
percentage of allocations a year for random audit.

3. Severe late payment of registration fees (90+ days past due).

	- Policy Statement:  If a member is severely past due with
paying their annual membership fees, then ARIN must request
justification data from member.

	- Rational: If an organization is not diligent enough to pay
their bills within 90 days of being due, then it's very likely other
business areas are lacking.  It would make sense to scrutinize these IP
allocations.

4 - Verified report from other ARIN members that rWHOIS/WHOIS/SWIP data
is out dated/incorrect.  

	- Policy Statement: If ARIN determines that a member has stale
SWIP/rWHOIS entries, which in aggregate total more than a /22 worth of
IP space, ARIN must review justification data from the member.

	- Rational/Example: We were allocated a /20 in Nov 2004 under
the multi-homing policy at the time.  We renumbered out of our existing
IP allocations, but when we applied for another /20 in mid 2006, all of
our previous net blocks, which had not been used by us in over a year,
where still swip'd to us.  It's very likely that these organizations
were claiming that we continued to use the IP allocations in question
many months after we stopped using them.  There's a good chance these
out-dated SWIP entries were used as justification to grant additional IP
allocations to both of the companies.   While it's very likely this
happened due to poor record keeping and not malicious intent, it is
still an problem that merits further scrutiny.  I am only one duck in a
very big pond, and at one point my allocated IP space was inflated by
50% because of poor record keeping.  

5. Lame delegation in IN-ADDR.ARPA that is not corrected after
notification by ARIN.

	- Policy Statement:  If ARIN contacts a member regarding lame
delegations and does not receive a response from said member within 30
days, ARIN must review the member's justification data.

	- Rational: Failure to correct lame delegation is an indication
that no one is home and that the need for the allocation may no longer
exist.

6. Total Non-payment. 

	- Policy Statement:  If a member fails to pay their membership
fees within 180 days of invoice due date, ARIN shall reclaim member's
resources.  The member will have a 90 day period where they can bring
their account current and may resubmit their IP justification data in
order to be re-issued the same allocations as in the past.  If a member
is past due on their membership dues for a total of 270 days or longer,
ARIN must release member's resources to other members who demonstrate a
need.  

	- Rational:  This is a no brainer.  Don't pay your bill, lose
your IPs.

	* On a side note, if non-paying member keeps announcing their
revoked IP allocation via BGP, is it possible to technically prevent
them from doing so without contacting their transit providers / peers
and informing them of this transgression? 

7 Any Reason.

	- Policy Statement: ARIN may request justification data at any
time.


Consequences: 

If ARIN initiates a review of justification data and does not receive a
response within 30 days of initial contact:

	- Policy Statement: If member fails to provide ARIN with
requested usage data within 60 days, ARIN shall notify member that ARIN
will elect to terminate RSA with member if justification data is not
submitted within an additional 30 days.  ARIN shall contact the member
at this point using all possible means.

If ARIN initiates a review of justification data and does not receive a
response within 90 days of initial contact:

	- Policy Statement: ARIN will elect to terminate the RSA with
the member and resources in use by this member shall be re-allocated to
other members.

	- Rational: Failure to respond to a request for justification
data is a violation of existing policy, which is a grounds for
termination of the RSA.  No member should be believe that they are above
ARIN in status, and ARIN should take a strong line against members who
fail to respond to ARIN requests for justification.


If ARIN initiates a review of justification data and determines that
member is using less than 40% of allocated resources:

	- ARIN shall  require the member to renumber their IP allocation
so that their need for IP space is per existing ARIN policy (80%
utilization, multi-homed policy, etc).  

		- Allow the member to split their existing allocation
into two contiguous segments and return the unneeded segment to ARIN.
The unneeded portion of the allocation must be returned to ARIN within 6
months.
		- Issue the member a new allocation based upon their
actual need and require the member to return their other allocation
within 3 months.

If ARIN initiates a review of justification data and determines that
member is using greater than 40% and less than 70% of allocated
resources:

	- ??? (I am tired, and this is an area where possible
consequences would vary based upon age of allocation, aggregate size of
unused allocation, etc)  


I didn't intend for this to get so long.  Would appreciate your thoughts
and feedback.  I am not sure if these standards would be too "Attila the
Hun" for people to tolerate.  But if the authority exists for such
actions to be taken in existing policy, and the policies are not
actively used, something should be done to clarify the position the
membership has on this topic.  

-Jay Sudowski

More information about the ARIN-PPML mailing list