[arin-ppml] Continuation: Policy Change Request: IP Address Assignment to Educational and Non-Commercial Organizations
Jon Radel
jradel at vantage.com
Sat Nov 28 19:49:58 EST 2009
Christopher Mettin wrote:
> We just need maybe 2 or 3 blocks containing up to 255 hosts (of IP v4
> addresses).
>
> We have partner schools in several US states. We plan to create a program
> allowing us to share classroom resources and to communicate directly.
> Unfortunately, our ISPs assign us dynamic IP addresses only and thus they
> change every 24 hours. Static IP addresses allow us to allow a connection
> establishment without allowing people other than our students to join. But
> having dynamic IP addresses only, we are forced to allow access by the
> entire ISP subnet which could mean a potential harm to our network.
>
> Can anyone provide us with a bunch of addresses?
> We would be very grateful. But such a chance should available to anyone else
> of the named parties as well.
>
> Thank you.
>
> Sincerely yours,
> Christopher Mettin
> Gymnasium Querfurt High School
>
>
As somebody has already touched on, I'd be surprised if all the ISPs
involved allowed you to bring /24s to the table, particularly ones
"donated" by somebody else that has no relationship to any of the
involved schools, yet didn't have static addresses available upon
request. What do your ISPs have to say about all this?
Second, might I suggest that you look into VPNs as a partial solution to
your security issues, although admittedly they're easier to setup if you
have static IP addresses at your disposal.
Third, you appear to be going down a path of using fixed IP addresses to
separate insiders from outsiders who use the same ISP, with insiders
trusted and the other ISP customers not trusted. That strikes me as a
rather simplistic threat model to be working with. Frankly, without any
further information, I'd say the odds are that the curious and malicious
that are already on the school networks are much more likely to mess
around with the other school's equipment than random ISP customers
are. Not that it's a bad thing to restrict the outsiders, but.....
I admit the above may be selling your analysis of the situation short,
but nothing I've seen about the problem you're trying to solve even
begins to address why ARIN should change its fee structure or completely
change the requirements for PI space assignment (if my guess that you're
all single-homed school networks and in no danger of justifying a /20 is
correct).
My suggestion would be that you hit up your respective ISPs to give you
static addresses at no extra charge for the good will and possible tax
benefits. Even if they're only willing to give you /29s, you can
harmonize your RFC1918 address space use and use VPNs that properly
reflect your security policies.
--Jon Radel
jon at radel.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3303 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20091128/b5bff25a/attachment.bin>
More information about the ARIN-PPML
mailing list