[arin-ppml] /20 initial allocation for single-homed server?

[Ted Mittelstaedt]

On 5/24/2010 12:05 AM, James Hess wrote:
>
> Number of pieces of metal is irrelevent.    If there is a technical
> requirement for each customer to have multiple IPs,  and he can make a
> justified need case based on number of customers, then the allocation
> is with merit.
>

The central problem IS the definition of what a justified technical 
requirement for numbers is.

For example, a few years ago we got contacted by one of these proxy
companies.  What the guy was doing is selling proxy services to other
companies.  Those companies were placing front-ends on other sites.

How it worked is this.

As we all know eBay runs a successful auction site.

Jim Jones wants to run an auction site too and make money off 
advertising.  So he writes up a website that acts as a front end
to the Ebay listings.  Users can search and even bid on this site.
Jim's site of course has his own advertising and scrapes off the
Ebay advertising, but his site makes it perfectly clear to the
user that they are using Ebay, through him.

Ebay as you can imagine takes a dim view of this.  So they erect
IP blocks so that Jim Jones site cannot access Ebay.

Jim then goes to Company X and purchases proxy services.  Company X
was the company that had contacted me, by the way.

Company X needs several thousand IP addresses because they proxy all
Jim's sites Ebay queries and spread them over those thousand IP
addresses, so that EBay doesn't see an excessive number of queries
coming in from a single IP and thus be alerted and block it.

Now, there is NOTHING ILLEGAL about what Jim Jones or Company X is
doing.  And you can certainly make a SOLID technical argument that
Company X needs that many IP addresses for it's scheme to work.

The reason that -I- got contacted from Company X was that Company X
had purchased a DSL line from us.  We provision all our DSL as bridged
DHCP-supplied IP numbers and instruct end users to set their equipment
to obtain an IP automatically.  That part of it this guy liked.  However
he didn't like the fact that we hard-code all customer MAC addresses
into our DHCP server so that no matter how many times they re-request an
IP they always get the same one - and to add insult to injury, we
run a nightly report that checks for CHANGED mac addresses, and when
we see that a customer has changed their MAC address we modify the
DHCP server for the new address, so after 24 hours they are back at
their old IP number.  This guy couldn't understand why he wasn't getting
a different IP number each time he disconnected and reconnected his DSL
modem.

I talked to him a while and got him to explain his entire system, he had
a script that would do this proxy stuff and when it saw network blocks
beginning to be erected, it would down and up it's interface multiple
times at varying lengths until it got a new IP number.

I thought it a very clever system and told him so.  I also told him that
in my opinion as network admin, regardless of the legalities, it was a 
highly immoral system and I wasn't going to make any allowances for him, 
whereupon he apparently slammed the phone down in a huff, and 
disconnected his system a few days later.  Sometimes it pays to sell 
service to people at such a low amount of money that they cannot justify 
paying an attorney to sue you.

Anyway, getting back to this ARIN issue.  The fundamental issue is what
constitutes a justified technical need.  IMHO ARIN spells nothing
concrete out in policy that would preclude a scheme like this.  Such a 
scheme would no doubt rotate between all of the IP numbers in it's block 
at a sufficient rate of speed that you would see traffic from all IP 
numbers over a period of a month, just to different destinations.  And 
it is not illegal for an end user to essentially use a proxy to reformat 
someone else's content to their own liking for their own personal 
viewing - the fact that the content provider may not like it is
just tough.  So, ARIN cannot argue that what the proxy holder wants to 
do is illegal, and thus they aren't going to assign numbering for it. 
All ARIN can do is take the same position I did - which is what he's 
doing is immoral, and they aren't going to support it and thus they will 
deny numbering.  And, unfortunately, ARIN -is- large enough to get sued 
over it.

Ted