[arin-ppml] ARIN apathy

[michael.dillon at bt.com]

> > Or should we just leave it alone and be happy that there is 
> now clear 
> > precedent for hijacking addresses? This will go some way to 
> alleviate 
> > the IP address shortage that is looming although this doesn't help
> those
> > who want to hijack 126.0.0.0/8 or 130.0.0.0/8.
> 
> ...I confess I cannot tell whether you are being ironic or serious. 

I am leaving it to the reader to decide whether this is an ironic
suggestion, or a serious one. I expect that it will be interpreted
in both ways and that is fine by me.

> If you are being ironic, then presumably you are spoofing 
> some people who you believe want to hijack addresses. But I 
> don't know of anyone who supports that.

I don't know what you mean by this. Certainly, it is common practice
for people to use registered addresses that are not registered to them.
Many of these instances are companies who connected to the Internet ten
to fifteen years ago, got an address assignment from their ISP, numbered
their internal network, and then, when they changed ISPs, decided that
NAT was easier than renumbering. These cases sometimes get noticed by
abuse desks because the company is running an SMTP server behind the NAT
and that server puts the original not-properly-registered address in
the mail headers.

There are other cases, for instance many companies use 1.0.0.0/8,
2.0.0.0/8, 3.0.0.0/8, 4.0.0.0/8, 5.0.0.0/8, 6.0.0.0/8, 7.0.0.0/8 type
addressing internally. In one case that I learned about, a company had
three separate internal networks, which did not intercommunicate, and
which all used 1.0.0.0/8 addresses. I mention 126.0.0.0/8 and
130.0.0.0/8 because I know that these addresses are also used in IP
internetworks by companies which have not registered them. The first of
these blocks is clearly registered to Softbank Japan and I believe it
was the first time that an RIR allocated an entire /8 to one company.
The second block is of indeterminate status according to IANA and ARIN
records. Check for yourself.

> And this is the 
> second or third message you've sent defending hijacking, and, 
> I hope you are not offended, the humor doesn't wear well with 
> the repetition. 

It's not humour. It happens to be a fact that many IP networks can
function perfectly well without 100% universal connectivity. This is not
only true of private networks and private internetworks, but also of the
public Internet itself. A small to mid-size ISP has to ask themselves
the serious business question, how many of my users would cancel their
contracts if they could not get to <http://www.itusozluk.com/> or
<http://www.kachestvo-21.com/> versus how many would cancel if it became
known that we have run out of IPv4 addresses. 

> If you are serious, then my head spins. I have trouble 
> understanding why someone would strenuously oppose voluntary 
> market transfers to move addresses from unused places to 
> needed places, and prefer random hijacking instead?!

It's not random hijacking when a small to mid-sized business in the ARIN
region, carefully checks the records of IP address allocations in RIPE
or APNIC et al. to choose some address range which their customers are
very unlikely to want to communicate with. The ISP also has access to
their own traffic data which can be used to confirm whether or not they
have made a reasonable choice. When the current supply of IPv4 addresses
runs out, if it is not feasible for your business to deploy IPv6, then
you must acquire more IPv4 addresses, period. At this point, if you are
a prudent business manager you will carefully consider your options
starting with a build or buy decision. I believe that most such
businesses will *NOT* make a buy decision but will instead opt for the
build decision which I have documented in this message. It is cheaper
and carries minimal risk to the business if they are careful in their
choice of address range.

> You 
> _really_ have to hate market forces a _lot_ to take a 
> position like that, i.e. as much as your typical 64 year old 
> British literary studies professor, and one typically doesn't 
> think of people working for BT as being in that category. 

First, I don't hate market forces. The fact is that there are no market
forces in the IP addressing regime because there is no market. The fact
that Geoffrey Mulligan and a few others have managed to sell a few
addresses in a black market is not sufficient to create market forces.
Given that there is only a couple of years left before we run out of the
current free supply, there just is not enough time for a robuts and
liquid market to develop, therefore any market forces that would arise
will be skewed.

As for people working at BT, well we are a rather large global company
doing IT consulting, network security, and a whole range of data and
voice networking services. As one might expect, there is broad diversity
of opinion within the company. As I mentioned before in one earlier
message, there is an official BT opinion that is basically opposed to
market forces in IP addressing, and that opinion is available here on
the ETNO site <http://www.etno.eu/Default.aspx?tabid=2014> under May
2008. You will note that this is the joint opinion of BT and several
other European network operators including France Telecom and Deutsche
Telekom.

In general, I get the impression that you are a fish out of water here,
because this is fundamentally about making technical policy, and there
are technical details involved which are not obvious to a literary
studies professor of any age. I hope that you do hang around, learn a
bit more, and do some writing on the topic, but please understand that
some of us have as much in depth experience with the Internet and IP
addressing as you have with some of of your work. I got my first IP
address allocation back in early 1994, built several ISPs, was a
founding member of the ARIN Advisory Council and so on. I've also done
consulting work with several ISPs, helped numerous companies get ARIN or
RIPE number resources, and I've seen a lot of variety in the IP
networking world. It is not as nice and neat and simple as you have been
led to believe.

--Michael Dillon

P.S. generally it is considered bad form to refer to someone else's
employer since this list is really a public venue in which people speak
for themselves, not for their company.