[ppml] Suggestion for ARIN to deligate smaller IP blocks

Ted Mittelstaedt tedm at ipinc.net
Thu May 31 21:00:19 EDT 2007 


>-----Original Message-----
>From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net]On Behalf Of
>John Santos
>Sent: Thursday, May 31, 2007 4:39 PM
>To: ppml at arin.net
>Subject: Re: [ppml] Suggestion for ARIN to deligate smaller IP blocks
>
>
>
>This is completely wrong.  In Leroy's scenario, his company does not
>own and does not manage the 2000 firewalls.  Those belong to his
>customers.  He is not providing a soup-to-nuts internet service to
>those customers.  He is providing one specific service on one (or a
>small) number of specific ports, from one (or a small number of specific)
>servers.  The *CUSTOMER* has to open the *CUSTOMER'S* firewall to
>those specific ports and services in order to utilize Leroy's service.
>
>It is the 2000 customers who would have to pay the cost.

You and I both know this but Leroy conveniently did not include this.
Because, of course, it means that it's no longer monstorously unfair
to Leroy's company.  Just a little unfair.  And life is full of
little unfairnesses.

>It may be
>small for each, but its cumulative, and will certainly generating lots
>of support calls back to Leroy's company.
>

Sorry, I had to renumber more customers than that when MCI pulled out
of North America and took their blocks with them, I have no sympathy.
And we are NOT ACME giant ISP, either.  We used those support calls
to do quite a lot of checking of customer settings and we found lots
of problems that we corrected - such as people using old DNS names of
servers long since decomissioned - which would have generated support
calls from those customers eventually anyhow - and probably when they
were much more frustrated and ready to quit.  We also got a rare window
into customer networks and managed to make a number of product sales as a
result of discovered opportunities.

There are ways to manage a transition, even with as large a set as
2000 customers.  Sitting around whining about it and complaining to
ARIN isn't the way to do it.  The only scenario with any believability
is if Leroy wanted to reserve the right to threaten his current service
provider with immediate disconnection (thereby losing the numbers they
allocated to him) because he got the proverbial hair up his arse or some
such.

Sure, it happens.  Legal vehicles like suing the provider for breach of
contract are better for the community and more effective than looking
like an ass yipping that your going to find some other provider unless
they do what you want.  Most of the time they are going to call your
bluff anyway - you actually have to disconnect for them to pay attention.

>My company is in a similar situation to Leroy's customers.  We have an
>external mail filtering service.  Our published MX records point to
>the service, and they then forward the (filtered for spam, viruses,
>RBL, etc.) mail to us, so we have had to open up our firewall to SMTP
>from their specific IP addresses.  We are certainly *not* going to let
>them manage our firewalls for us, nor are we going to willy-nilly change
>our firewall rules on their request without minimally verifying the
>origin of the request (a support call to them.)

You pay them.  They get money for you.  They choose to renumber, they
then choose to use some of this money to handle your support call.

If you are paying them such a small amount every month for filtering that
they cannot answer 1 5 minute call from you in a month, then you get what
you deserve (a busy signal) and they get what they deserve (you going away
to someone else)

>
>If they were to start changing IP addresses frequently, we would start
>looking for a new service provider.
>

OK, so what your saying as I understand it is that you have such a low
regard for the knowledge of the admins running your filtering service, that
you do not think they haven't thought of this already, and taken
contractual steps with their own ISP so that this wouldn't happen - yet
you are still using them?  Facinating!

>This is an *extremely* unlevel playing field, since ACME GIANT ASP,
>INC. (which is many times the size of Leroy's company), could easily
>justify an allocation, and thus could promise their customers that
>their IP addresses and firewall rule would never change.
>

MCI  -WAS-  an ACME GIANT ASP INC. - yet, somehow they couldn't guarentee
it for their customers, either.

>Of course, Leroy could game the system and provide each of his customers
>with a single, unique IP address (thus requiring 8 class C's) and
>then forward them all to the same handfull of servers at his firewalls.
>

I do not see that this is "gaming the system"   It is, in fact, a rather
legitimate use of IP.  IP addresses are just numbers after all.  There is
really no such thing as a shortage of numbers - I can put you into a corner
and tell you to start counting and you could spend the rest of your life
doing
it.  No shortage there!  And the entire point of IPv6 is to have so many
numbers that you aren't going to have shortages.

>So is it better for the overburdened routers to route to one Class C
>(what Leroy actually requires), or to 8 of them?  (Especially given
>there is no guarantee the 8 would be contiguous and thus could be
>treated as a single /21 for routing purposes.)
>

If Leroy is moral, he will have the decency to give his customers some
sort of reassurance of reliability by becoming multihomed, getting an
AS, and getting a portable block the normal way.  If I'm one of his
customers I certainly have the right after paying Leroy to expect that
his service is going to be redundant.

If Leroy is criminal, this discussion is pointless, because Leroy is
just going to do whatever is cheapest for him, and damn the rest of us.

ARIN and numbering allocations in general cannot survive in their present
form if a significant percentage of admins decide to be criminal.  That
is what happened to the Domain Name System and as a result of it, DNS
had to be completely changed around so as to make offenses things that
real police could actually go after.  And even so, they still have a
huge problem with squatting.

Your basically arguing here that people should have the freedom to put a
car on the road with green brake lights because they think it looks pretty,
and drive 100Mph on every road, in the LH lane.  IP numbering is a shared
resource like a road.  You have to do things like putting red brake lights
on
the ass end of your car because it helps other people and the roads would
not work if everyone put whatever color they wanted on brake lights.

Just because it's not obvious that someone is
breaking the rules doesen't mean that it isn't possible to catch them -
and if we have enough rule breaking, your going to see the cops coming.
I don't want that and I hope you don't either.

Ted

More information about the ARIN-PPML mailing list