[arin-ppml] ARIN-prop-139 No reassignment without networkservice
George Herbert
george.herbert at gmail.com
Tue Apr 12 21:56:11 EDT 2011
On Tue, Apr 12, 2011 at 6:49 PM, Matthew Kaufman <matthew at matthew.at> wrote:
> On 4/12/2011 5:25 PM, George Herbert wrote:
>>
>> Forgive me if this sounds dense, as I've been staring at
>> fluorine-based rocket propellant reactions all day and not doing
>> networking, but...
>>
>> On Tue, Apr 12, 2011 at 5:16 PM, Matthew Kaufman<matthew at matthew.at>
>> wrote:
>>>
>>> Ok. How about:
>>>
>>> 8) I sell you a "network service" which lets you access a few servers I
>>> run
>>> in public address space that you can store backups on. I let you use a
>>> /20
>>> of my space at your end to access those servers, but I don't have a
>>> circuit
>>> or tunnel to you... you just use IP routing to reach them. Since I don't
>>> provide you with a circuit, I give you an LOA so you can use this space
>>> with
>>> some other transit provider.
>>>
>> Service provider A provides customized backups service to end user C.
>> A provides C some dedicated IPs for the backup service to use, as part
>> of the backup service, organized into a /20.
>
> Service provider A provides customized backups service to end user C.
> The backup servers run in one block. A provides C some IP addresses from a
> different block and configures their ACLs to let backups be done only from
> the block A is letting C use. (For instance). That's the /20.
>
>> You seem to have the actual servers at A's location.
>>
> Yes.
>>
>> Why would C need to or want to advertise the /20 ? - It's using it to
>> get from itself to A, across public internet links. The servers are
>> not at C's premise...
>>
>
> Right. The servers are at A's premise, and C can only get to A's premise
> using the public Internet... and only get through the ACLs if they use
> addresses from the /20 that A is letting them use. So they *must* advertise
> and use them on the public Internet in order to use the backup service at
> all, if nothing else.
Ok, this at least makes coherent networking sense.
>From an applications point of view, though, my experience has been
that this gets solved by the vendor putting the customer's allowed IPs
into the vendor's ACLs, rather than the vendor giving the customer
some of the vendor's IPs to use for this.
If it's being done your way somewhere, then that's a good argument for
it. Are there any practical examples of it, or a business plan... ?
--
-george william herbert
george.herbert at gmail.com
More information about the ARIN-PPML
mailing list