[arin-ppml] Draft Policy 2009-1: Transfer Policy - Revised andforwarded to the Board
George, Wes E [NTK]
Wesley.E.George at sprint.com
Thu May 7 15:30:50 EDT 2009
First, I support the updated text as written.
Big ISPs and other unnamed speculators are getting cited as an example a lot in the overall transfer market discussion, and while I can't say that they're blameless on this, I think some people are assuming that they understand way too much about how things actually work in these companies in accusing them of all of this hoarding and potential IP address speculation. I'm not buying the argument of transfer policy = opportunity for big/greedy/evil companies to exploit the system and continue being big/greedy/evil at the expense of smaller companies. There are opportunities for abuse and speculation, but that should not be a reason to prevent transfers of this type. Rather, that's why it's better for ARIN to be involved to regulate.
First, as to whether or not the "big bad ISPs" are building a war chest of IP addresses, merely waiting with steepled fingers (Mr. Burns style) for IPv4 space to turn into a fungible asset that they can make money on, I think you're giving them too much credit for malevolent intelligence.
Waste or inefficient use is a much better way to characterize it. They played by the same rules as everyone else, but happened to be bigger, and therefore the amount of addresses potentially wasted by percentage amounts to a larger amount of addresses wasted than an ISP 1/10th the size. Yes, not having the address space to start with or having a high cost associated would have driven different solutions. However, that doesn't change the past.
I agree that a transfer market is a carrot, but I think you're missing the point about the incentive. This is not about profit, it's about breaking even on what would otherwise be expensive, but *optional* work for many organizations to reclaim IP space for the good of the Internet community.
There's enough anecdotal evidence even over the last couple of days on this list to say that the appearance of a transfer market will shake loose some of the "lost" IP blocks pretty quickly, but even those require manpower to be used for audits and records keeping, and that's not free. If it's relatively cheap, especially in a non-profit, you might be able to justify throwing some interns at it in the interest of being a good internet citizen, and/or make a few bucks.
Once those easy ones are exhausted, then comes the harder stuff. I say harder because this is address space that is in use, but inefficiently, and will require a non-trivial amount of work to free up. So let's use an example, picking on an auto company that happens to be in the top 15 IPv4 address holders... I'll call them "Bored."
[Note, the following is speculation, I have no knowledge of the company in question's networking practices, I'm just using it as an example]
Bored has no need to use 1918 space, so they've been busily allocating all of their PCs, all of their manufacturing robots, everything that speaks IP, a public address even if it doesn't talk to the internet. They have firewalls, but no NAT.
They look at their current network, and realize that they could probably recover 3/4 or more of their IP space through a conversion to private addressing + NAT. However, they realize that this will cost them $5M in IT parts and labor if they do it in 6 months, and $3M if they do it in 12, and will generate no net benefit to them over doing nothing. Means it'll never happen unless someone forces them to do it, especially given the auto market at the moment. Now, if another company that's in need of space feels that Bored's /9 is worth the money it would cost them to free it up, then maybe it happens, but that assumes that this work is all done in time for "NeedIPCo" to use it long enough to recover their investment before the high demand for IPv4 goes away (aka majority has IPv6 deployed), and that no one else comes along with a similar sized block that they can free up for much cheaper which pops the bubble.
The rough values established by this market will serve as a cost justification for those that have not been careful about their IP usage - in other words, there's a business case for me to spend money on more efficient numbering/records/renumbering (in whatever form) if what I have to spend internally is less than what I'd have to pay to get it on the open market. Either way, the net benefit is an increase in the efficiency of IPv4 allocations' usage.
On a tangent (feel free to stop reading here if you aren't interested in Mr. Herrin's VZ=hoarder discussion)
Regarding whether the existence of a firewall to protect inbound connections directly to the phone/PC constitutes hoarding because it's not done using private addresses...
I don't want to get into a discussion about whether a walled garden is a good thing or not, because it has no bearing on the discussion (which is already a large tangent). Most carriers view their wireless bandwidth as a very scarce resource, and insert things to protect their infrastructure and customers from (often unsolicited) inbound traffic sucking up that resource. Would you like your data connection to stop working because a worm is trying to talk to/port-scan/infect every device on a given tower? Didn't think so. Does that automatically mean that they should be NATting behind that firewall?
I won't re-cover the "NAT doesn't actually work" discussion, as Kevin has covered it.
As to private addresses. Let's do some math here to go with your equation...
10/8 = 16M addresses
172.16/12 = 1M addresses
192.168/16 = 65K addresses
So...using all of the available private space, I get a grand total of 17.1M addresses.
VZW subscriber count = 86.6M
Adding, so that we don't keep singling out VZ:
ATT subscriber count = 78.2M (6M of which are iPhones)
Sprint subscriber count = 49.3M
At best, we're talking about nearly 3:1 oversub on addresses, at worst, 5:1. There's only so much time that reducing DHCP lease times and moving blocks around continues to work as more and more customers adopt data usage, and more always-on applications roll out. How many of you have both a wireless data card AND a phone with internet access?
Assuming that 1918 isn't large enough, you're left with the prospect of having to reuse those private blocks multiple times in the same network, meaning that you now have to NAT *between* devices (yes there are applications where the devices talk directly to one another), as well as out to the internet, and $Deity help you if you have any internal devices/services that are numbered out of private space that need to talk to a handset, because you need another NAT between them.
So maybe you do more bad things like using publically allocated space (say 11/8 and 12/8) as private space, and promise never ever to accidentally announce it to the internet. Is that better or worse than your definition of hoarding?
And before anyone says it, yes, IPv6 *is* the correct answer to this problem, but that's being simplistic. It is not easy to retrofit existing devices for IPv6 support at that scale. Even if one of these carriers was ready to turn on IPv6 tomorrow, only a fraction of the existing devices could use it, and so while carriers are doing the right thing in enabling IPv6, their IPv4 needs are not going to suddenly and precipitously drop anytime in the next 2 years at least. I'm not saying that there are no methods to segment hosts into types and use NAT or even go IPv6-only where appropriate, but the act of enabling IPv6 will not eliminate the need for IPv4 addresses completely. Things like transfer policies cover those eventualities post-runout.
From: arin-ppml-bounces at arin.net [mailto:arin-ppml-bounces at arin.net] On Behalf Of William Herrin
Sent: Thursday, May 07, 2009 1:30 AM
To: Martin Hannigan
Cc: arin ppml
Subject: Re: [arin-ppml] Draft Policy 2009-1: Transfer Policy - Revised andforwarded to the Board
On Thu, May 7, 2009 at 12:54 AM, Martin Hannigan
<martin.hannigan at batelnet.bs> wrote:
> On Thu, May 7, 2009 at 12:41 AM, William Herrin <bill at herrin.us> wrote:
>>>>> In a message written on Wed, May 06, 2009 at 02:14:29PM -0400, William Herrin wrote:
>>>>>> Verizon is hoarding addresses. They requested and acquired millions of
>> NAT = conserves IP addresses.
>> Meets criteria for NAT-compatible device = could be built with NAT
>> Not built with NAT + millions of devices = consumes millions of IP addresses
>> Not built with NAT + could be + consumes millions = hoarding
>> If you got "technology limitations = hoarding" from that, you ain't
>> readin' it right.
> You're saying that just about every service provider on the planet is
> "hoarding". Am I reading you correct?
No. I'm saying that the ones who deliver stateful firewalled service
to a large base of customers using global IPs instead of private IPs,
and who deliberately built it that way just in the last couple of
years did so knowing the score.
The number of service providers delivering that kind of service is
relatively small but scope of some of those services is quite large.
And some of them are hoarding.
On Thu, May 7, 2009 at 1:05 AM, Jon Radel <jradel at vantage.com> wrote:
> "Hoarding" generally carries implications about intent which
> you're not, and probably can't, demonstrate.
You're quite right. And I still won't be able to demonstrate that it
was pre-planned half a decade from now when they "discover" that they
can re-engineer with NAT and then move the addresses to more valuable
uses within the company. I'll be able to say, "I told you so," but I
won't be able to prove that the six-figures-paid address administrator
over at my favorite vendor added two plus two several years ahead of
Which brings me to my second major point: the hoarding is a fact of
life. There is little if anything we can do to stop it. So if we can't
stop the hoarding, how do we deal with the results?
Step 1. The carrot. Transfer market. Incent the hoarders to sell the
addresses so that they become available for general consumption.
Step 2. The stick. Give the ARIN board the authority to declare
categories of use of IP addresses "no longer sufficiently justified"
if after depletion they find there are too few addresses available on
the transfer market.
Before you explode about step 2, let me point out that ARIN has made
comparable policy changes before. There was a time when multiple IP
addresses for each site on a web server was a valid justification for
more addresses. And then the policy changed so that it wasn't.
William D. Herrin ................ herrin at dirtside.com bill at herrin.us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
Unsubscribe or manage your mailing list subscription at:
Please contact info at arin.net if you experience any issues.
This e-mail may contain Sprint Nextel Company proprietary information intended for the sole use of the recipient(s). Any use by others is prohibited. If you are not the intended recipient, please contact the sender and delete all copies of the message.
More information about the ARIN-PPML