[arin-ppml] Continuation: Policy Change Request: IP Address Assignment to Educational and Non-Commercial Organizations

Jon Radel jradel at vantage.com
Sat Nov 28 19:49:58 EST 2009



Christopher Mettin wrote:
> We just need maybe 2 or 3 blocks containing up to 255 hosts (of IP v4
> addresses).
>
> We have partner schools in several US states. We plan to create a program
> allowing us to share classroom resources and to communicate directly.
> Unfortunately, our ISPs assign us dynamic IP addresses only and thus they
> change every 24 hours. Static IP addresses allow us to allow a connection
> establishment without allowing people other than our students to join. But
> having dynamic IP addresses only, we are forced to allow access by the
> entire ISP subnet which could mean a potential harm to our network.
>
> Can anyone provide us with a bunch of addresses?
> We would be very grateful. But such a chance should available to anyone else
> of the named parties as well.
>
> Thank you.
>
> Sincerely yours,
> Christopher Mettin
> Gymnasium Querfurt High School
>
>   
As somebody has already touched on, I'd be surprised if all the ISPs 
involved allowed you to bring /24s to the table, particularly ones 
"donated" by somebody else that has no relationship to any of the 
involved schools, yet didn't have static addresses available upon 
request.  What do your ISPs have to say about all this?

Second, might I suggest that you look into VPNs as a partial solution to 
your security issues, although admittedly they're easier to setup if you 
have static IP addresses at your disposal.

Third, you appear to be going down a path of using fixed IP addresses to 
separate insiders from outsiders who use the same ISP, with insiders 
trusted and the other ISP customers not trusted.  That strikes me as a 
rather simplistic threat model to be working with.  Frankly, without any 
further information, I'd say the odds are that the curious and malicious 
that are already on the school networks are much more likely to mess 
around with the other school's equipment than random ISP customers 
are.   Not that it's a bad thing to restrict the outsiders, but.....

I admit the above may be selling your analysis of the situation short, 
but nothing I've seen about the problem you're trying to solve even 
begins to address why ARIN should change its fee structure or completely 
change the requirements for PI space assignment (if my guess that you're 
all single-homed school networks and in no danger of justifying a /20 is 
correct).

My suggestion would be that you hit up your respective ISPs to give you 
static addresses at no extra charge for the good will and possible tax 
benefits.  Even if they're only willing to give you /29s, you can 
harmonize your RFC1918 address space use and use VPNs that properly 
reflect your security policies.


--Jon Radel
jon at radel.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3303 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20091128/b5bff25a/attachment.bin>


More information about the ARIN-PPML mailing list