[arin-ppml] "Millions of Internet Addresses Are Lying Idle"(slashdot)

Ted Mittelstaedt tedm at ipinc.net
Wed Oct 22 15:41:30 EDT 2008

> -----Original Message-----
> From: Stephen Sprunk [mailto:stephen at sprunk.org] 
> Sent: Wednesday, October 22, 2008 11:53 AM
> To: Ted Mittelstaedt
> Cc: 'Jo Rhett'; ppml at arin.net
> Subject: Re: [arin-ppml] "Millions of Internet Addresses Are 
> Lying Idle"(slashdot)
> Ted Mittelstaedt wrote:
> >> -----Original Message-----
> >> From: Stephen Sprunk [mailto:stephen at sprunk.org]
> >>
> >> Ted Mittelstaedt wrote:
> >>     
> >>>> -----Original Message-----
> >>>> From: Jo Rhett [mailto:jrhett at svcolo.com]
> >>>>
> >>>> On Oct 21, 2008, at 2:39 PM, Ted Mittelstaedt wrote:
> >>>>     
> >>>>         
> >>>>> They ARE doing it.  Anyone who has allocated space gets a bill 
> >>>>> every year.  If their contact info becomes invalid, the 
> bill then gets returned by USPS and after 6 months or 
> whatever, the account goes to collections and the allocated 
> IP addressing becomes forfeit.
> >>>>>           
> >>>> That is the billing contact, entirely separate from the 
> POC data.   
> >>>>         
> >>> So you are saying that ARIN still has entries in it's POC 
> database 
> >>> for orgs that paid for allocations then stopped paying for them a 
> >>> few years later when those orgs went bankrupt or otherwise 
> >>> disappeared?
> >>>
> >>> I am sure ARIN staff would be most interested in this facinating
> >>> interpretation of how badly they mis-manage the WHOIS database.
> >>>       
> >> Interpretation?  Mis-management?  There was a recent 
> presentations (I
> >> forget by who) which called out the number of "orphan" POC 
> entries.  
> >>     
> >
> > Stephen,
> >
> >   You missed Jo's original statement, I'll repost it here:
> >
> > "...Asking ARIN to validate POC data for RSA contractees is like 
> > reminding the teacher to show up in class.  It is function 
> 1 of their 
> > job.  Why aren't they doing it?..."
> >
> > Jo wasn't concerned with orphaned POCs but rather with RSA 
> contractees 
> > that had stale POC data.
> There are many orphaned POCs and even OrgIDs that are (or were) 
> associated with an RSA contractee somehow.  Most are probably stale.
> > By definition, an org that isn't paying it's bill is no 
> longer a RSA 
> > contractee.  (ie: they have broken their contract) and ARIN would 
> > remove numbering resources allocated to it, thus 
> "orphaning" all the 
> > POCs.
> That's not the only reason that records get orphaned.
> > I presumed she wouldn't care if orphan POC data was stale.
> >   
> IMHO _any_ stale information in a database is a Bad Thing(tm).  If we 
> don't want to spend the effort to clean up stale orphans, 
> they should be 
> deleted.
> >> However, I don't think that is the problem Jo was 
> referring to.  That an org's Accounts Payable department pays 
> an invoice on time does _not_ 
> >> guarantee that all the various POCs listed on each of their 
> >> registrations are still valid.
> >>     
> >
> > Both you and Jo are asserting here that ARIN billing addressing info
> > is separate from the POC info associated with that org.  Do 
> EITHER of you
> > have ANY authoratative statement from anyone at ARIN that 
> states this?
> >   
> Directly from ARIN staff?  Not me.  However, it's a trivial thing to 
> look up my own employer's records and see stale and/or 
> orphaned POCs and 
> OrgIDs, and if we weren't paying our bills I presume our ASN 
> would have 
> been taken away by now.  I thus deduce it is possible, though 
> I'm open 
> to correction.
> > Because if you do, I feel another NPRM policy proposal 
> change suggestion
> > coming on...
> >   
> Are you proposing that a "billing" contact be added, in 
> addition to the 
> "admin", "tech", "abuse", and "noc" contacts?
> None of the existing (or at least visible) POC types necessarily has 
> anything to do with the name/address where invoices are 
> mailed, which is 
> all that receipt of payment validates.  Besides, an org could have 
> hundreds or thousands of networks, each with different tech/abuse/noc 
> contacts, any one of which could be stale; how could paying 
> one invoice, 
> sent to some Accounts Payable person, validate all of them?

whois is a relational database.

When you request numbering and receive it and an account is opened
that you start paying a bill on, ARIN assigns you an ORG id and
relates that to the network numbering you got.  When you create your
POCs you relate them to the network numbering.  When the numbering is
queried it shows those relations.

When the legacy networks were put into whois at ARINs formation they
were assigned POC handles as well.

It is a simple matter to take the list of currently billed orgs and
query whois for all of the POC handles, then take that list of POC
handles and query every non-legacy network to make sure that one
of those POC handles is related to a network.

Fundamentally, every allocated network either needs to be related to
a currently billed org or be on the inherited legacy list.

Sure, it's true a particular POC data might go stale, but for us to care
about it, that POC must be related to a network, that network is related
to an ORG id and if that org ID is no longer paying their bills and
not on the legacy list, then that network and all related POCs need to
go away from whois.


More information about the ARIN-PPML mailing list