[ppml] IPv6 assignment - proposal for change to nrpm

Ted Mittelstaedt tedm at ipinc.net
Tue Oct 30 16:38:54 EDT 2007



>-----Original Message-----
>From: Stephen Sprunk [mailto:stephen at sprunk.org]
>Sent: Tuesday, October 30, 2007 10:57 AM
>To: Ted Mittelstaedt
>Cc: ARIN PPML
>Subject: Re: [ppml] IPv6 assignment - proposal for change to nrpm
>
>
>Thus spake "Ted Mittelstaedt" <tedm at ipinc.net>
>>>If you want to talk about waste, look at the folks with a /8 (or two) who
>>>could likely fit into a handful of /16s, or the folks with dozens of /16s
>>>who only use a single /24 outside of 10/8.
>>
>> I'll look - but nobody has named names, so I have to assume that
>> these /8's  that are supposedly out there are more a matter of myth
>> than fact.
>
>They are not myth; I've done consulting work for companies in those exact
>situations.
>
>>>I've seen plenty of horrifying examples, though NDAs prevent me
>>>from naming names.
>>
>> Please don't say stuff like that, it is just a bunch of straw men.  We
>> do not sign NDAs with any customers we do service work for,
>> (none have asked)
>
>Lucky you.  I'm under NDA to that (past) employer, and that employer is
>under NDA to those customers; my NDA bound me to their NDAs.  I've asked,
>and I'm not even allowed to say who those customers are, and certainly not
>details of their internal networks.  Even on my own, I've never done
>consulting work for any company that _didn't_ demand an NDA, nor
>have I been
>employed by a company that didn't since I was worked retail as a teenager.
>

Any contract that obligates you to conceal something illegal is
unenforceable.
You can ask any lawyer that does whistleblower work about this and get
PLENTY of cites.  Unless those /8's are legacy, that NDA is not enforcable
against you because those companies are illegally breaking their RSA with
ARIN.

So let's have no more of this, please.  You are CHOOSING to not say
anything.  Many people have what they feel are legitimate reasons for
not being whistleblowers, and I understand that and would respect your
decision to not whistle blow for your own reasons.  But, be a man and
be responsible for your own choices.  The NDA is not a barrier here,
it is you who have made that choice.

>
>For that matter, a substantial fraction of legacy assignments are
>to defense
>contractors, who have parts of their network that are not only
>under NDA but
>classified.  ARIN can't get details about those networks, since AFAIK they
>have no staff with the appropriate clearances, and no court can order
>disclosure.  Even employees in the "white" parts of those companies often
>have no clue what the "black" parts look like.
>

That is a different deal.  However, those classifications only hold true
in the US.  If I am not a US citizen and I live outside the US I can talk
publically about any US DoD classified things I feel like.  The US DoD
certainly returns the favor by doing the same with a lot of other countries
classified military secrets.  And in any case, my example wasn't legacy,
and I already said I wasn't talking about legacy holders.

>> In any case, you cannot hold someone to an NDA to cover up
>> criminal actions, it's an illegal contract in that case.
>
>Now you're alleging criminal actions?  All I've seen so far is a
>_potential_
>breach of contract, which is a civil matter.
>

Fraud is not a civil matter.

>> A holder like SBC Global who is under RSA is arguably violating
>> their contract with ARIN by assigning an overage of IP addresses
>> to customers that the customers aren't asking for, in an effort to
>> hoard IPs.
>
>That's a matter for ARIN's counsel and/or staff, not us.

ARIN's policy is set by us, we elect ARIN officers, this is definitely
a matter for us.

It's no different than any other representative government.

I think your probably not that familiar with how these sorts of
organizations operate?  Openness rules the roost.

>For that matter,
>since the details are almost assuredly under NDA, we have no clue if staff
>has reviewed the practice and whether or not they've found it
>acceptable for
>reasons we're not privvy to.
>

ARIN is required to abide by it's policies which call for, what is it,
100% utilization?  In other words, ARIN staff has no ability to give
a group, whether under NDA or not, a special exemption from the
utilization requirements unless such exemption is spelled out in
policy.

Which gets back to the original thrust of my response - the devil
is in the details.  What is your definition of 100% utilization?
Mine certainly isn't an empty /8.

>> In any case, without names of actual consumers this discussion
>> is merely an idea of what someone thinks is the reality, it is not
>> the actual reality.
>
>I know the reality (at least at a specific time in the past) of
>the networks
>where I was the one to design or approve the IP addressing plan --
>and that
>includes nearly a dozen Fortune 100 companies.
>

I understand that - but unless your willing to discuss names, we
simply cannot make policy based on your experiences.  Thus, there
is really no point in even saying that there's free /8s out there,
because unless you or someone else is willing to name names,
those /8s aren't going to be available.  And this is just for stuff
under RSA - the legacy stuff is a whole different discussion.

I know you are certain in what you have seen.  You must understand
that me saying what you have seen has to be considered mythical,
does not mean I personally disbelieve you have seen this.  I am
just saying nobody can do anything about these since we don't know
who the abusers are.

>>>However, I know better than to think that all, or even the majority
>>>of, legacy holders deserved to be tarred with that brush;
>>
>> I was not tarring legacy holders - the block I brought up as an
>> example is not legacy.
>
>The company you were referring to is a legacy holder, two /8s in fact.

The specific block in particular I cited 76.192.0.0/10 is not legacy.
Whether they have legacy blocks or not had no bearing on the example.

>If
>they also have non-legacy blocks, then we can presume ARIN staff is on top
>of the matter -- or will be next time they come back for more.
>

Whether ARIN is on top of the matter and may or may not take care of it
sometime in the future if they ever come back for more IPv4, has absolutely
no relevance to the validity of the example in how I used it in the
post.

>>>many have been quite willing to voluntarily return space they don't
>>>need.  So far, just asking politely has netted ARIN quite a number
>>>of returned blocks -- and threats have, so far, netted the
>>>community nothing but a bunch of animosity and/or fear.
>>
>> You don't have any proof of threats doing anything because, as
>> you say, ARIN hasn't used threats.  Therefore there is no data as
>> to how wasteful holders would respond to a threat.
>
>ARIN staff has not, no, but there have been a large number of discussions
>here about sticks which show certain participants are out to get legacy
>holders and certain other large companies.

Fine.  The example I cited wasn't legacy.

>We've also heard from legacy
>holders that they perceive these to be threats by "ARIN", by which
>they mean
>the community and not the corporation.
>

Fine.  The example I cited wasn't legacy.

>Note that this isn't just "wasteful" holders that feel threatened; it also
>includes those that are completely within policy.
>

No, anyone completely within policy is unthreatenable.

The threat we are talking about here is someone NOT fulfilling utilization
requirements.  An org that is completely within policy IS fulfilling
utilization requirements, as well as many other requirements, and thus
cannot be threatened.

Unless you are talking about some other kind of threat?

>> I should hope that everyone reading, even those with feeble
>> minds, would understand the fundamental basic that you get
>> more flies with honey than vinegar.  In short, IF your going to
>> launch a reclamation effort you START with the Mr. Nice Guy
>> approach.
>
>If you truly believe that, then the only point we disagree on must be
>whether we should discuss threats before we exhaust politeness.  I
>find that
>distasteful and unnecessarily harmful to public perception.
>

I think the effort to sweep any threats under the rug to be much
more distasteful.  If your an RSA holder, your already committed,
you signed on the dotted line, buddy.  You certainly are going to want
to know the extent of how much ARIN could screw you over if they
had a mind to, and you are going to want to know if they have a
mind to.  Capability does not imply intent.

If your a legacy holder, your already being threatened by
the existence of the Legacy RSA.  The very existence of it implies
that if you don't sign it, something bad might happen.  Would you
rather know what that bad thing might be instead of every time
you ask anyone about it, just being given a bunch of assurances that
there is this bad thing out there somewhere?  I think most Legacy
holders that haven't signed the Legacy RSA would much prefer to
have whatever possible threats ARIN could make out on the table,
discussed in an open forum, so they can see if there really are
benefits to signing the Legacy RSA and make an informed decision.

In kindergarden, they NewSpeak the word "threat" as "consequence"
But it's the same thing.  I'm no longer in kindergarden and I
don't appreciate being talked to like a kindergardener.  A threat
is a threat no matter how you sugar coat it.

Threats don't bother me.  What I want to know is the ability
and willingness to carry them out.  And if your sugar-coating
everything you feed to me, your trying to conceal your willingness
to carry out your threats, and that to me is much more unsettling
than just being honest and open.

>> By the time the law of diminishing returns acts on a reclamation
>> effort, the wasteful holders still out there who have so far ignored
>> the nice pleas aren't going to respond to anything other than
>> a threat.
>
>If they have ignored the "nice pleas", of course they won't respond to
>anything other than a threat.  That doesn't mean we need to start working
>out what that threat may eventually be, or if we'll even use one,
>before we
>see how well the "nice pleas" work.
>

It doesen't mean we shouldn't work out that threat now, either.

>> At that time it becomes a cost/benefit decision.  Making a threat
>> costs money because you have to back it up with lawyers and
>> the willingness to use them and those cost money.  Thus, nobody is
>> going to be daft enough to make a threat over a single wasted /29.
>
>Of course.
>
>> But, I would hope that the will exists in the numbering authority to
>> make a threat over a wasted /8, if the nice guy appeal fails.
>
>OTOH, I bet we could recover 64k /24s for less in legal fees than a single
>/8; the folks with /8s have hundreds of lawyers each at their
>disposal with
>nothing better to do than sue annoyances like ARIN out of
>existance.

Throwing hundreds of lawyers on a lawsuit does not change the
basic dispute or conflict.  In any lawsuit there's a certain amount
of work to be done. You can hire 100 lawyers at an hour each or
1 lawyer at 100 hours each, but just throwing lawyers at it does
not increase the actual work.  I say actual, because of course
those lawyers will definitely find things to do and bill you for
doing, so the perceived work will of course rise.

That's why Erin Brockabitch won, and why there's tons of other
David vs Goliath court cases out there.  The only thing that
helps is the quality of the lawyer you use, and ARIN has enough
money to hire lawyers that are every bit as good as the best
lawyers the other side has.

And if the other side wins, then what?  You gotta have a numbering
clearinghouse somewhere.  Does one of these fightin' wasters want to
be in charge of the numbering?  Hell - let them!  Sure they will
get their own wastage protected - but then they will just turn and
go out there and do the same thing ARIN was doing, and we will
be right back again where we started.

>And if
>we go after one, the rest will counterattack to prevent a precedent being
>established that they don't like.
>

"the rest" aren't going to spend a nickle on counterattacking.  It's like
the
old saw that they came for this guy and I didn't speak up, they came for
that guy and I didn't speak up, they came for this other guy and I didn't
speak up, now they are coming for me, darn, I should have spoke up.

You yourself are unwilling to divulge a "waster" of a /8, your a perfect
example of why "the rest" aren't going to get involved.  You don't want
to get involved or you would name names, NDA be dammed.  The others don't
want to get involved for their reasons, they won't counterattack.
For that matter, many of "the rest" probably need more IPv4 and are going to
greedily wait on the sidelines to see if ARIN can extract any, then
fight with each other over the scraps if it does.

>As you said, it's a cost/benefit decision.
>
>> Thus, I do not agree with your insistence that we have to close
>> the door on threats.
>
>I never said we should "close the door" on them, just that it's
>premature to
>discuss them now.  I believe it would be much more productive to spend all
>this effort figuring out what sort of outreach we need to do, what carrots
>we can offer, etc.  If/when that fails, we will have a much more
>solid idea
>of exactly who is left, what they have to offer, what it'll take
>to get it,
>and whether it's worth the effort.
>
>> You get more cooperation with a 2x4 and a nice word, then with
>> just a nice word.
>
>With the first guy, yes.  The second guy will be watching and find his own
>2x4 -- and a bunch of friends to back him up.
>

Uh huh.  I guess that is why when I get on the freeway that
everyone drives 90Mph when they see a cop.

Ted




More information about the ARIN-PPML mailing list