[ppml] NANOG IPv4 Exhaustion BoF

Tom Vest tvest at pch.net
Thu Mar 6 22:19:30 EST 2008

On Mar 6, 2008, at 4:09 PM, Scott Leibrand wrote:

> Tom Vest wrote:
>> If the largest ISPs rush out and buy up as much IPv4 as they can   
>> today, in anticipation of "need" they know they'll have in the  
>> future  -- but also thereby get out ahead other operators that  
>> also have  "need" today -- isn't that a kind of hoarding? When any  
>> buying today  exceeds "need" today, it has a distorting --  
>> inflationary and  anticompetitive -- effect regardless of whether  
>> that was the primary  goal or just a convenient side-effect.
>> Anyone who assumes the kind of operator behavior that makes  
>> markets  absolutely inevitable, should also assume that hoarding  
>> for  profiteering or simply to keep down the competition will be  
>> the norm.  Anyone who assumes the kind of operator behavior that  
>> makes markets  absolutely inevitable, should also assume that any  
>> countervailing  rules that can be easily bypassed without  
>> consequence (i.e.,  "ineffective" rules) will be ignored.
> This is definitely one of the problems we're trying to avoid with  
> the conditions in the transfer policy proposal.  It's clear to me  
> that ARIN's current need-based policies are doing a good job of  
> preventing ISPs from rushing out and getting (for free) a lot more  
> IPv4 addresses than they need, so I believe that requiring similar  
> justification to get IPv4 addresses via transfer will also work well.
> Do you see any of transfer conditions in the proposal as  
> "countervailing rules that can be easily bypassed without  
> consequence (i.e., "ineffective" rules)"?  If so, why do you think  
> they'd be ineffective.

An excellent question.

First the deductive answer. Every claim that I've ever heard that a  
decentralized, every-operator-for-itself resource transfer policy is  
inevitable starts with the assertion that any rule (and any  
rulemaker) that gets in the way of maximum self-help will be  
irrelevant in the post-free pool world.  Perhaps some people quietly  
believe that address resources should always have been available only  
to the highest bidder, but I've never heard anyone admit to that  
belief, now or in the past. In any case, on this view any of the  
proposed transfer rules that actually did anything, i.e., that stood  
to actually impede any operator from obtaining any address resource  
that they could pay for at any time, would be ignored regardless of  
the consequences.

Now the "real world" answer. If RIR-rooted sidr is universally  
adopted and continues to be used by all RIR members, then for as long  
as that remains true it's possible to imagine that non-compliant  
transactions between two RSA signatories might have "consequences."  
It's much harder to imagine what consequence noncompliance could  
possibly have in any other context (e.g., legacy -> RSA, RSA ->  
legacy, legacy -> legacy). Do you think that legacy and non-RSA  
signatories will forebear from advertising or selling address space  
to "unqualified" RIR members for a little extra? What would prevent  
them from doing so?

How credible is even that one (RSA->RSA transactions) kind of  
assurance? If everyone that advocated markets also publicly embraced  
sidr, and was keen to implement sidr as a prerequisite to engaging  
the market, then I would find it easier to believe that enthusiasm  
for markets and willingness to abide by market-limiting rules are  
correlated attitudes. In practice, enthusiasm for one often seems to  
be associated with deep antipathy for the other.

Why won't voluntary compliance "just work" as it largely has under  
the old RIR system? I think that operators and the RIRs have been  
most effective at sustaining "voluntary compliance" or ("voluntary  
coordination" if you prefer) in cases where compliance has been easy/ 
reflexive/automatic, and/or not entirely voluntary. I think that much  
has depended on the long-term relationship/membership model, which in  
turn has been predicated on the incremental, needs-based delegation  
of number resources over time. PDP input and feedback, maintenance of  
whois, the preservation of at least some common interests among large  
operators, small operators, new entrants, and entrants-to-be through  
the "needs-based" allocation rules, and the notion of "membership"  
itself, along with the ability to collect fees to maintain services  
(and reaffirm contact info) -- most or all of these one might think  
are "naturally" aligned with individual operator self-interest -- but  
most didn't work at all until CIDR + RIRs provided the glue to hold  
it all together.

I think whois provides a good benchmark. Most people seem to think  
that the quality of whois is fairly low. Most would say that data  
quality (completeness + accuracy) is substantially higher among  
current RSA signatories, but low among legacy resource holders (with  
a few giant/obvious exceptions). Setting aside for a moment the  
"actual facts", why do people believe this? Assuming that the facts  
largely bear this out, I would reckon that the gap between actual and  
"perfect" data quality, and the delta between RSA signatories and  
legacies provides some indication of the *max upper threshold* of  
compliance that one might realistically expect. After all, when the  
cost of compliance is so very low, but many people still decline to  
go along, then how much lower is it going to be when the stakes are  
very very high?

I'll wrap by simply stating that even if all of the above proves to  
be wrong or fixable, and the market works "perfectly" but effectively  
prices aspiring new entrants out of the industry, then I believe that  
would be grounds enough to reject it. An RIR may avoid antitrust  
scrutiny by divesting all interest and involvement in delegation  
transactions, but that antitrust scrutiny will only be diverted to  
the industry as a whole. We already know that a single disaffected  
community member can exact a heavy toll on the entire system, and  
that external allies are standing by to assist when it serves their  
own interests. We'd better get ready for lots of them...


More information about the ARIN-PPML mailing list