[arin-ppml] Draft Policy 2009-1: Transfer Policy - Revised andforwarded to the Board

[Joe Maimon]

William Herrin wrote:


> No. I'm saying that the ones who deliver stateful firewalled service
> to a large base of customers using global IPs instead of private IPs,
> and who deliberately built it that way just in the last couple of
> years did so knowing the score.

I suppose in this definition, hoarding would be exposed by assigning a 
non trivial dollar value to each address.

Then you would see where it was really necessary and justified and where 
it would be engineered out.

In other words inefficiency is only relevant in a cost versus benefit 
scenario.

> The number of service providers delivering that kind of service is
> relatively small but scope of some of those services is quite large.
> And some of them are hoarding.

And if they want as many cracks at it as they can get, I suppose the 
abandonment of 2009-2 is good news for that.

I seem to recall a recent /9 allocation that seemed to fit this bill 
exactly. A /9 at 18g costs 0.2 cents per address.

> And I still won't be able to demonstrate that it
> was pre-planned half a decade from now when they "discover" that they
> can re-engineer with NAT

Or IPv6. Then they would even be doing the right thing.

> and then move the addresses to more valuable
> uses within the company. I'll be able to say, "I told you so," but I
> won't be able to prove that the six-figures-paid address administrator
> over at my favorite vendor added two plus two several years ahead of
> the deadline.


If we can figure out justifiable within-the-norm behavior right now that 
can reap large benefits later, so can they. In fact they would be remiss 
to not do so.

Just to be helpful to all these large companies, I will try to clarify 
some modes of this behavior.

* ignoring dead and underutilized customer space
* taking customer space request at near face value
* no verification of customer space utilization
* /30 on serials instead of /31, unnumbered, rfc1918
* all other underutilization and dont say they dont exist.

Due to the fee structure these behaviors are not only strategically 
beneficial, but carry the most trivial of costs. In fact, doing 
otherwise is actually more complex and difficult and bears higher costs 
of business.

A small ISP cannot afford to behave that way, and likely would have a 
much harder time trying to do so.

To refine:

There is no benefit and only loss with complying with any more than the 
normative behavior with regards to policy. Use addresses now so that you 
may have them recycled later.

> Which brings me to my second major point: the hoarding is a fact of
> life. There is little if anything we can do to stop it. So if we can't
> stop the hoarding, how do we deal with the results?
> 
> Step 1. The carrot. Transfer market. Incent the hoarders to sell the
> addresses so that they become available for general consumption.
> 
> Step 2. The stick. Give the ARIN board the authority to declare
> categories of use of IP addresses "no longer sufficiently justified"
> if after depletion they find there are too few addresses available on
> the transfer market.

Step 2 is only useful in the context of either reclamation or as review 
of entire space to justify more.
Step 3.

2009-2

Abandoned. Any chance of petition or modified proposals in the works?

How about adding to justification requirements explanation of how nat or 
ipv6 would not eliminate or reduce the size of the request?

Step 4.

Encourage ARIN to do something about the up to 500x disparity in fees.

This could be accompanied with significant credits as reward for returns.

I expect any impartial external observer would view the pie charts in 
this presentation as egregious. 82% of space held by 15% revenue. Is 
this the norm elsewhere?

http://www.arin.net/participate/meetings/reports/ARIN_XXIII/pdf/wednesday/treasurers_report.pdf

In fact, I would consider this a political and public relations 
liability, affording easy opportunity for anyone to paint ARIN as a 
monopolies' puppet, placing barrier to entry and increased friction of 
operation for the more numerous small players, a victim of regulatory 
capture.

The only reasonable excuse has been that ARIN doesnt need the money a 
change in disparity would bring under almost any reasonable formula.

I dont assign much credibility to the notion of lower admin overhead per 
request - that suggests rubber stamping and equal overhead per request.

Large requests should be deserving of far greater scrutiny, they should 
involve much more effort than small requests.

With all the proposals and discussions being floated and flaunted here 
that incur significant overhead, reclamation, verification, outreach, 
training, software advancement, lobbying, lawyers and what-not, I should 
think more revenue would come in handy.

Of course, organizations tend to resist shrinkage, so we would have to 
live with the results for quite some time.

The question becomes, with a significantly higher percentage of revenue 
attributable to large players, does ARIN face significant risk increases 
of regulatory capture?

Or could the large players stage a coup, and would they?

Joe