[ppml] Suggestion for ARIN to deligate smaller IP blocks

John Santos JOHN at egh.com
Thu May 31 21:40:41 EDT 2007 

On Thu, 31 May 2007, Ted Mittelstaedt wrote:

> 
> 
> >-----Original Message-----
> >From: ppml-bounces at arin.net [mailto:ppml-bounces at arin.net]On Behalf Of
> >John Santos
> >Sent: Thursday, May 31, 2007 4:39 PM
> >To: ppml at arin.net
> >Subject: Re: [ppml] Suggestion for ARIN to deligate smaller IP blocks
> >
> >
> >
> >This is completely wrong.  In Leroy's scenario, his company does not
> >own and does not manage the 2000 firewalls.  Those belong to his
> >customers.  He is not providing a soup-to-nuts internet service to
> >those customers.  He is providing one specific service on one (or a
> >small) number of specific ports, from one (or a small number of specific)
> >servers.  The *CUSTOMER* has to open the *CUSTOMER'S* firewall to
> >those specific ports and services in order to utilize Leroy's service.
> >
> >It is the 2000 customers who would have to pay the cost.
> 
> You and I both know this but Leroy conveniently did not include this.
> Because, of course, it means that it's no longer monstorously unfair
> to Leroy's company.  Just a little unfair.  And life is full of
> little unfairnesses.
> 
> >It may be
> >small for each, but its cumulative, and will certainly generating lots
> >of support calls back to Leroy's company.
> >
> 
> Sorry, I had to renumber more customers than that when MCI pulled out
> of North America and took their blocks with them, I have no sympathy.
> And we are NOT ACME giant ISP, either.  We used those support calls
> to do quite a lot of checking of customer settings and we found lots
> of problems that we corrected - such as people using old DNS names of
> servers long since decomissioned - which would have generated support
> calls from those customers eventually anyhow - and probably when they
> were much more frustrated and ready to quit.  We also got a rare window
> into customer networks and managed to make a number of product sales as a
> result of discovered opportunities.
> 
> There are ways to manage a transition, even with as large a set as
> 2000 customers.  Sitting around whining about it and complaining to
> ARIN isn't the way to do it.  The only scenario with any believability
> is if Leroy wanted to reserve the right to threaten his current service
> provider with immediate disconnection (thereby losing the numbers they
> allocated to him) because he got the proverbial hair up his arse or some
> such.
> 
> Sure, it happens.  Legal vehicles like suing the provider for breach of
> contract are better for the community and more effective than looking
> like an ass yipping that your going to find some other provider unless
> they do what you want.  Most of the time they are going to call your
> bluff anyway - you actually have to disconnect for them to pay attention.
> 
> >My company is in a similar situation to Leroy's customers.  We have an
> >external mail filtering service.  Our published MX records point to
> >the service, and they then forward the (filtered for spam, viruses,
> >RBL, etc.) mail to us, so we have had to open up our firewall to SMTP
> >from their specific IP addresses.  We are certainly *not* going to let
> >them manage our firewalls for us, nor are we going to willy-nilly change
> >our firewall rules on their request without minimally verifying the
> >origin of the request (a support call to them.)
> 
> You pay them.  They get money for you.  They choose to renumber, they
> then choose to use some of this money to handle your support call.
> 
> If you are paying them such a small amount every month for filtering that
> they cannot answer 1 5 minute call from you in a month, then you get what
> you deserve (a busy signal) and they get what they deserve (you going away
> to someone else)
> 
> >
> >If they were to start changing IP addresses frequently, we would start
> >looking for a new service provider.
> >
> 
> OK, so what your saying as I understand it is that you have such a low
> regard for the knowledge of the admins running your filtering service, that
> you do not think they haven't thought of this already, and taken
> contractual steps with their own ISP so that this wouldn't happen - yet
> you are still using them?  Facinating!

What is it about the word "if" that you don't understand?

This has nothing to do with my regard or disregard for their
ethics or competence.


> 
> >This is an *extremely* unlevel playing field, since ACME GIANT ASP,
> >INC. (which is many times the size of Leroy's company), could easily
> >justify an allocation, and thus could promise their customers that
> >their IP addresses and firewall rule would never change.
> >
> 
> MCI  -WAS-  an ACME GIANT ASP INC. - yet, somehow they couldn't guarentee
> it for their customers, either.
> 
> >Of course, Leroy could game the system and provide each of his customers
> >with a single, unique IP address (thus requiring 8 class C's) and
> >then forward them all to the same handfull of servers at his firewalls.
> >
> 
> I do not see that this is "gaming the system"   It is, in fact, a rather
> legitimate use of IP.  IP addresses are just numbers after all.  There is
> really no such thing as a shortage of numbers - I can put you into a corner
> and tell you to start counting and you could spend the rest of your life
> doing
> it.  No shortage there!  And the entire point of IPv6 is to have so many
> numbers that you aren't going to have shortages.
> 

No IPv4 address shortage?  Then what is everyone whinging on about?

> >So is it better for the overburdened routers to route to one Class C
> >(what Leroy actually requires), or to 8 of them?  (Especially given
> >there is no guarantee the 8 would be contiguous and thus could be
> >treated as a single /21 for routing purposes.)
> >
> 
> If Leroy is moral, he will have the decency to give his customers some
> sort of reassurance of reliability by becoming multihomed, getting an
> AS, and getting a portable block the normal way.  If I'm one of his
> customers I certainly have the right after paying Leroy to expect that
> his service is going to be redundant.
> 

So he needs 2 /24's (or more realisticly, 2 /25's for his 75 servers.)

> If Leroy is criminal, this discussion is pointless, because Leroy is
> just going to do whatever is cheapest for him, and damn the rest of us.
> 
> ARIN and numbering allocations in general cannot survive in their present
> form if a significant percentage of admins decide to be criminal.  That
> is what happened to the Domain Name System and as a result of it, DNS
> had to be completely changed around so as to make offenses things that
> real police could actually go after.  And even so, they still have a
> huge problem with squatting.
> 
> Your basically arguing here that people should have the freedom to put a
> car on the road with green brake lights because they think it looks pretty,
> and drive 100Mph on every road, in the LH lane.  IP numbering is a shared
> resource like a road.  You have to do things like putting red brake lights
> on
> the ass end of your car because it helps other people and the roads would
> not work if everyone put whatever color they wanted on brake lights.

Where did this come from?  All I'm saying is people should be entitled
to permanent IP addresses, for as long as they need them, and they
shouldn't be required to fake a need for more than they actually need
just to get them.

> 
> Just because it's not obvious that someone is
> breaking the rules doesen't mean that it isn't possible to catch them -
> and if we have enough rule breaking, your going to see the cops coming.
> I don't want that and I hope you don't either.

Cops?  Now your waving cops at me.  At worst, this would be a civil
issue (breach of contract with ARIN), not a criminal issue.  But my
point is that the contract with ARIN doesn't promote conservation
of number resources by creating artificially high minimums.

> 
> Ted
> 
> 
> 

-- 
John Santos
Evans Griffiths & Hart, Inc.
781-861-0670 ext 539

More information about the ARIN-PPML mailing list