[ppml] NANOG IPv4 Exhaustion BoF

[Tom Vest]

On Mar 6, 2008, at 11:29 PM, Scott Leibrand wrote:

> Tom Vest wrote:
>
>> Now the "real world" answer. If RIR-rooted sidr is universally  
>> adopted and continues to be used by all RIR members, then for as  
>> long as that remains true it's possible to imagine that non- 
>> compliant transactions between two RSA signatories might have  
>> "consequences." It's much harder to imagine what consequence  
>> noncompliance could possibly have in any other context (e.g.,  
>> legacy -> RSA, RSA -> legacy, legacy -> legacy). Do you think that  
>> legacy and non-RSA signatories will forebear from advertising or  
>> selling address space to "unqualified" RIR members for a little  
>> extra? What would prevent them from doing so?
>
> I think the main reason legitimate transfers (ones recognized by  
> the recognized authority on who holds a resource, the RIR) will be  
> favored by most potential participants due to the reduced risk of  
> using such a system.  For example, if I need IPv4 space after  
> exhaustion, I could either go to ARIN, demonstrate to them that I  
> need the space, and have access to a centralized listing service of  
> transferors, all of whom ARIN has vouched for as being the  
> legitimate holders of the addresses they're transferring.

Okay, all of this holds, but only for (RSA->RSA) transactions, which  
seem to me to be fairly low probability events until some/many large  
members are well into IPv6 migration. Of course I could turn out to  
be wrong, esp. is sidr is very widely adopted by current RSA non- 
signatories (thereby presumably becoming ARIN members)...

> Or, I could go to some other black market, where I have no  
> assurance that the organization I'm "buying" the addresses from is  
> the legitimate holder of those addresses, and that they haven't or  
> won't "sell" the same addresses to someone else in addition to me.   
> I also have no way to update the authoritative registry if I "buy"  
> the addresses on the black market, and therefore I have a harder  
> time demonstrating (to my ISP or more importantly my customers)  
> that I have any legitimate claim to the space.

If it's currently in production, I doubt that there will be many  
takers. If it's not, then I would reckon that some kind of  
incremental payment plan (i.e., like the kind the black hats always  
use in the movies) would solve most of these problems.

>> I think whois provides a good benchmark. Most people seem to think  
>> that the quality of whois is fairly low. Most would say that data  
>> quality (completeness + accuracy) is substantially higher among  
>> current RSA signatories, but low among legacy resource holders  
>> (with a few giant/obvious exceptions). Setting aside for a moment  
>> the "actual facts", why do people believe this? Assuming that the  
>> facts largely bear this out, I would reckon that the gap between  
>> actual and "perfect" data quality, and the delta between RSA  
>> signatories and legacies provides some indication of the *max  
>> upper threshold* of compliance that one might realistically  
>> expect. After all, when the cost of compliance is so very low, but  
>> many people still decline to go along, then how much lower is it  
>> going to be when the stakes are very very high?
>
> I think that a legitimate transfer market will actually result in a  
> large improvement in the quality of records reflected in whois.  In  
> order for an address holder to transfer addresses, they'll first  
> need to demonstrate to ARIN that they are the legitimate holder of  
> those addresses (through documentation of their relationship to the  
> original recipient listed in whois), and then sign an RSA or legacy  
> RSA.

I think what you mean is, "in order for an address holder to transfer  
addresses by means of the approved transfer mechanism" ...

> I anticipate that this will prompt a large number of resource  
> holders to update out-of-date contact information, and will prompt  
> a number of legacy holders to sign legacy RSAs.

Although there are probably a few real Rip Van Winkles out there, I  
think it is more reasonable to assume that most remaining legacy non- 
signatories are motivated by something other than ignorance of the  
opportunity to follow the rules. Perhaps the proposed transfer  
process will achieve such prominence and critical mass that legacy  
resource holders will waive their self-declared right to do whatever  
they want with their resources. Perhaps none of them will find it  
more convenient/profitable to sell around the official mechanism and  
its rules. I wonder how high "white market" prices will have to go  
for all of these assumptions to hold true (note: foreshadowing for  
the new entrants point below)...

Perhaps no RSA signatory will be tempted to jump the queue and trawl  
the gray market. Perhaps all are willing to continue abiding by needs- 
based allocation rules, even if that means that the wait for address  
space could be very long. But if that's so, there are probably better  
mechanisms to leverage this will to coordination that are less risky  
and volatile and unpredictable...

>> I'll wrap by simply stating that even if all of the above proves  
>> to be wrong or fixable, and the market works "perfectly" but  
>> effectively prices aspiring new entrants out of the industry, then  
>> I believe that would be grounds enough to reject it.
>
> I don't anticipate that a market will price out new entrants.  In  
> fact, I favor the transfer policy proposal precisely because it  
> provides an avenue for new and growing networks who need IPv4 space  
> to get it after free pool exhaustion.


I concede that Richard Branson will always be able to start a new ISP  
if he wants to, so in principle the industry will always remain  
"open" in some trivial sense. The kind of "open" I was referring to  
was the more functional/pragmatic kind -- i.e., the kind that  
mollifies internal critics and makes them more likely to identify  
their interests with community and its institutions rather than an  
aspiring competitor, the kind that persuades anti-trust authorities  
to move on, because there's nothing to see here...


> In my opinion, the supply curve for IPv4 addresses will be somewhat  
> elastic, meaning that as the price goes up many IPv4 address  
> holders will begin to free up IPv4 addresses and make them available.

I agree, but I believe that there are better, less volatile, more  
sustainable methods to leverage that elasticity, so that the needs- 
based allocation regime and all of the collateral values that have  
gotten a (largely unnoticed) free ride on it over the last decade can  
be preserved.

> Demand will be elastic as well (quantity demanded will go down as  
> the price increases),

I agree here too, but I believe that there are better, less volatile,  
more sustainable methods to manage that elasticity so that it is  
spread across all resource users rather than killing the newest/ 
smallest first.

> but I think supply will be more elastic than demand simply because  
> there are so many netblocks out there already,

(in the gray)

> so address conservation efforts will have more effect on freeing up  
> supply to be transferred than on reducing the demands for new space.

We are in 100% agreement here again.
The trick is to marshall price signals to induce this kind of  
behavior sooner rather than later, and to keep the resulting address  
recirculation process more effectively tied to needs-based delegation  
principles. So long as the price/heat continues to go up evenly  
across all resource users, the effects on migration out of v4 should  
be the same. Given that, all that's really necessary is to keep  
everyone approximately equally happy/unhappy but *together* through  
the full (long) transition -- e.g., from gated v4/v6 coexistence to  
LISP or some other, similarly durable/scalable future arrangement.

TV