[ppml] NANOG IPv4 Exhaustion BoF
tvest at pch.net
Thu Mar 6 22:19:30 EST 2008
On Mar 6, 2008, at 4:09 PM, Scott Leibrand wrote:
> Tom Vest wrote:
>> If the largest ISPs rush out and buy up as much IPv4 as they can
>> today, in anticipation of "need" they know they'll have in the
>> future -- but also thereby get out ahead other operators that
>> also have "need" today -- isn't that a kind of hoarding? When any
>> buying today exceeds "need" today, it has a distorting --
>> inflationary and anticompetitive -- effect regardless of whether
>> that was the primary goal or just a convenient side-effect.
>> Anyone who assumes the kind of operator behavior that makes
>> markets absolutely inevitable, should also assume that hoarding
>> for profiteering or simply to keep down the competition will be
>> the norm. Anyone who assumes the kind of operator behavior that
>> makes markets absolutely inevitable, should also assume that any
>> countervailing rules that can be easily bypassed without
>> consequence (i.e., "ineffective" rules) will be ignored.
> This is definitely one of the problems we're trying to avoid with
> the conditions in the transfer policy proposal. It's clear to me
> that ARIN's current need-based policies are doing a good job of
> preventing ISPs from rushing out and getting (for free) a lot more
> IPv4 addresses than they need, so I believe that requiring similar
> justification to get IPv4 addresses via transfer will also work well.
> Do you see any of transfer conditions in the proposal as
> "countervailing rules that can be easily bypassed without
> consequence (i.e., "ineffective" rules)"? If so, why do you think
> they'd be ineffective.
An excellent question.
First the deductive answer. Every claim that I've ever heard that a
decentralized, every-operator-for-itself resource transfer policy is
inevitable starts with the assertion that any rule (and any
rulemaker) that gets in the way of maximum self-help will be
irrelevant in the post-free pool world. Perhaps some people quietly
believe that address resources should always have been available only
to the highest bidder, but I've never heard anyone admit to that
belief, now or in the past. In any case, on this view any of the
proposed transfer rules that actually did anything, i.e., that stood
to actually impede any operator from obtaining any address resource
that they could pay for at any time, would be ignored regardless of
Now the "real world" answer. If RIR-rooted sidr is universally
adopted and continues to be used by all RIR members, then for as long
as that remains true it's possible to imagine that non-compliant
transactions between two RSA signatories might have "consequences."
It's much harder to imagine what consequence noncompliance could
possibly have in any other context (e.g., legacy -> RSA, RSA ->
legacy, legacy -> legacy). Do you think that legacy and non-RSA
signatories will forebear from advertising or selling address space
to "unqualified" RIR members for a little extra? What would prevent
them from doing so?
How credible is even that one (RSA->RSA transactions) kind of
assurance? If everyone that advocated markets also publicly embraced
sidr, and was keen to implement sidr as a prerequisite to engaging
the market, then I would find it easier to believe that enthusiasm
for markets and willingness to abide by market-limiting rules are
correlated attitudes. In practice, enthusiasm for one often seems to
be associated with deep antipathy for the other.
Why won't voluntary compliance "just work" as it largely has under
the old RIR system? I think that operators and the RIRs have been
most effective at sustaining "voluntary compliance" or ("voluntary
coordination" if you prefer) in cases where compliance has been easy/
reflexive/automatic, and/or not entirely voluntary. I think that much
has depended on the long-term relationship/membership model, which in
turn has been predicated on the incremental, needs-based delegation
of number resources over time. PDP input and feedback, maintenance of
whois, the preservation of at least some common interests among large
operators, small operators, new entrants, and entrants-to-be through
the "needs-based" allocation rules, and the notion of "membership"
itself, along with the ability to collect fees to maintain services
(and reaffirm contact info) -- most or all of these one might think
are "naturally" aligned with individual operator self-interest -- but
most didn't work at all until CIDR + RIRs provided the glue to hold
it all together.
I think whois provides a good benchmark. Most people seem to think
that the quality of whois is fairly low. Most would say that data
quality (completeness + accuracy) is substantially higher among
current RSA signatories, but low among legacy resource holders (with
a few giant/obvious exceptions). Setting aside for a moment the
"actual facts", why do people believe this? Assuming that the facts
largely bear this out, I would reckon that the gap between actual and
"perfect" data quality, and the delta between RSA signatories and
legacies provides some indication of the *max upper threshold* of
compliance that one might realistically expect. After all, when the
cost of compliance is so very low, but many people still decline to
go along, then how much lower is it going to be when the stakes are
very very high?
I'll wrap by simply stating that even if all of the above proves to
be wrong or fixable, and the market works "perfectly" but effectively
prices aspiring new entrants out of the industry, then I believe that
would be grounds enough to reject it. An RIR may avoid antitrust
scrutiny by divesting all interest and involvement in delegation
transactions, but that antitrust scrutiny will only be diverted to
the industry as a whole. We already know that a single disaffected
community member can exact a heavy toll on the entire system, and
that external allies are standing by to assist when it serves their
own interests. We'd better get ready for lots of them...
More information about the ARIN-PPML