[arin-ppml] IPv4 Transfer Policy Change to Keep Whois Accurate

Owen DeLong owen at delong.com
Thu May 19 12:45:34 EDT 2011


On May 19, 2011, at 7:59 AM, Mike Burns wrote:

> Hi Owen,
> 
>> You also left off:
> 
>> 4. It might actually reduce whois accuracy rather than increase it.
> 
> Why does anybody think that removing the needs requirement for transfers would degrade whois accuracy?

Because that is exactly what happened to DNS whois when stewardship was abandoned there in favor
of an uncontrolled market.

> The only support for that contention was the idea that because the needs requirement involved some extra informational flow, the contact information would be more accurate.

No, that was ONE element of support and I believe it holds true.

> I argue that registration will become more and more important, and John Curran indicated there was an uptick in 8.2 Transfers for old M&A activity, which I held to be an indication that holders of addresses find registration valuable, and likely more so as the addresses increase in monetary value.

Which would argue that removing needs basis will not improve that situation.

> People will naturally want their ownership rights established in whatever venue is appropriate, and for ip address holdings, that venue is Whois.
> I don't think the argument that my proposal will reduce Whois accuracy holds water, is there anybody who wants to continue to make that charge?
> 

I will continue to make the charge that it is one possible outcome and just as likely as any claim that your proposal could somehow
improve it.

> 
>> 5. Markets without additional controls inevitably lead to manipulation and dysfunction
>> which requires later regulation to correct. These later corrections are rarely (if ever)
>> effective at making the original victims of the manipulations and dysfunction whole.
> 
> First, this is  your opinion only, second, I already alluded to speculators and hoarders, and your number 5 is merely a restatement.
> 

Speculators and hoarders are not the only forms of manipulation and dysfunction that
tend to occur. Can you cite a single example of a long-term market that was unregulated
and did not devolve as I describe? I believe that this is a statement of fact over the
entire history of markets rather than merely my opinion.

> 
>>> As far as 2, this danger seems to be manageable, and there haven't been too many objections related to this lately. I have argued that the stewards of the APNIC region, led by Geoff Huston, considered this problem when deciding whether to have needs requirements on transfers, and decided the benefits to >>Whois accuracy outweighed the potential disaggregation problems. This cost is borne most by network operators, who presumably can make decisions on minimum block size which will allow them to run profitably. Those decisions will likely shape the transfer market, so nobody expects there to be much >>value in a /32 netblock, because network operators find this size unprofitable to route today. This ability of network operators provides a constraint on disaggregation in the transfer market.
>> 
> 
>> People haven't been repeating what they already said. That does not mean that it is not still a factor, merely that we didn't
>> think we needed to repeat ourselves on a topic already covered.
> 
>> In what way do you believe this danger would be manageable and/or managed under the proposed policy?
> 
> Primarily, I associate my decision with Geoff Huston's decision at APNIC.

OK...

> Geoff is one of the world's top experts on BGP, I think it fair to say, and yet he viewed the danger to Whois accuracy in maintaining needs as outweighing the danger of disaggregation.

Geoff's statements were actually more along the lines of what's about to happen with BGP will happen whether we register it in whois or not and
he did not believe that efforts at stewardship on the part of the RIRs could prevent it, so, he thought it was better for the RIRs to attempt to
accurately record the disaster than try to prevent it.

I am not as fatalistic as Geoff and I think that in general, the ARIN community is less fatalistic than the APNIC community. As such, I think there
is value in attempting to prevent the disaster rather than merely standing in front of the damn throwing my hands up in the air and writing down
the precise time that it bursts before I am overwhelmed with water (which is basically Geoff's approach).

> Secondarily, I believe that private network operators are the ultimate decisionmakers here. If they won't route a netblock, the value of the netblock is reduced significantly.
> 

Of course they are. I believe that private network operators will see value in RIR stewardship of the resources
and will look to the RIRs for guidance on what should or shouldn't get routed. If the RIRs make insane decisions,
the value of the RIR data for that purpose will be degraded. Allowing a free-for-all in transfers would be an example
of an insane decision that would cause just such a degradation.

> 
>> Your belief that the ability of network operators will place a constraint on disaggregation in the transfer market
>> presumes a number of facts not in evidence. Namely that:
>> + There is some direct correlation between what people will buy and what they can get routed.
> 
> What kind of evidence would satisfy you? The absence of recorded /32 transactions?
> Just use common sense, and put yourself in the position of a buyer.
> 

Buyers will believe that they can get /24s routed. However, beyond a relatively small number of
additional /24s, this will prove to be impossible to sustain on the internet.

I'm not talking about the obvious case of /32s. I'm talking about the fact that this market will force
a shortening of acceptable prefixes to prevent collapse. The speed at which that shortening will
occur is likely to exceed the speed at which the buyers can adapt.

>> + There is some correlation between what engineers can profitably route and what sales people
>> will actually sell.
> 
> There is a correlation, because if the sales people continue to sell unprofitably, the company will go out of business.
> 

But there can be a tremendous amount of disruption between event A and event B in your statement
above. Also, if that were actually true, some ISPs that are in business today would be long gone.

>> + The feedback mechanism on these factors is fast enough that the market can keep pace with
>> the effect the market is having on them.
> 
> To keep the market moving at its quickest pace,  lower transactional costs like the artificial needs analysis.
> Surely having that requirement will slow transactional pace as well as drive transactions off the books.
> 

It may slow the transactional pace, but, I don't believe that is contrary to the goal here. The fast transaction
actually makes the problem I am describing worse, not better. If it is slower, the buyer has some time
to realize that the routing situation has changed since he began the transaction and adapt his
behavior. If the transaction closes quickly and the routing environment changes between the time
that he made his purchase and the time he can get it routed, he may have just purchased an
entirely worthless block of addresses with no recourse.

As to driving transactions off the books, I think that the risks associated with an off-the-books
transaction are higher than most organizations will find acceptable. I think that ARIN can take
steps to make them riskier still (and probably should).

>> + There actually is a feedback mechanism by which the market and disaggregation will regulate
>> each other to some livable equilibrium.
> 
> The feedback mechanism is price. The network operators will effectively set the floor for size.
> The price will reflect the netblock's routability.
> 

You have not yet built the case that this feedback will actually be effective at protecting the
buyer's interests. The operators may have to change the floor size faster than the market
will change price, or, at the very least there will be some lag between the two. What
happens to purchasers caught in that lag?

>> In order to believe that this is not an issue, I think you would have to demonstrate that each of those
>> assertions has at least a reasonable chance of being correct.
> 
>>> And as far as 3, I have argued that speculators provide a value to free markets, that most attempts to corner markets fail, that supply uncertainty and IPv6 deployment provide a poor environment for speculators. But inasmuch as this forum is populated by technical types who are making decisions here based >>on their understanding of, and philosophy of, economics, I have decided to take David Farmer's advice and add an anti-speculator, anti-hoarder protection in the form of a limit of a /12 equivalent for needs-free transfers per 12 month period. If more transfers than that are desired, the recipient will have to  >>demonstrate need.
> 
>> Actually many attempts to corner markets in the case of a truly finite market with players that have effectively unlimited
>> resources _AND_ motivations other than direct profit from the value of the market commodity succeed.
> 
> Could I get some examples from the many you allude to?
> 

Tulips

Enron (Natural Gas)

http://blog.uncommonwisdomdaily.com/cornering-the-copper-market-5802 (current price of copper)

http://www.indexmundi.com/commodities/?commodity=cocoa-beans
The spike Jan-Mar 2011 appears to be the result of a 2010 market cornering move by a British gentleman and his hedge fund.

Worldcom (alternate fiber suppliers through much of the 1990s).

I'm sure there are more.


>> While attempts to corner relatively large, and especially dynamically elastic markets (such as finished goods) by relatively small (value
>> of player as compared to overall value of market) players are, in fact, doomed, that is not an accurate description
>> of the likely IPv4 address market.
> 
> I have already pointed out the obvious risk that CGN has for anybody who tries to corner the market.

And I have trouble taking that seriously as LSN is just not a technology that will suit the majority of providers
or consumers well at all.

> There is also the very obvious risk that IPv6 will finally take off.

This will happen regardless of the IPv4 market's behavior. However, that does not prevent extreme short term
disruption by the IPv4 market.

> And when there is an alternative, the very action of the cornerers drives the market to that alternative, posing additional risks to these speculators.

Those alternatives will take time to be implemented and become truly viable alternatives. IPv6, especially cannot be a unilateral alternative
and requires implementation by at least three distinct groups to reach viability. (consumers and their hardware, ISPs, and content providers).

> As to the smallness of the market, we are in fact talking about a trillion dollar network running on a pool of 3.8 billion address units worth at least $40 billion right now.

So? In units of 256 addresses, that's only less than 16.7 million salable unites in the entire market. (or did you forget that you can't sell /32s?).

Any market with a total of 16.7 million units defining the market is pretty small by almost any definition.

> An international commodities market consisting of fungible, valuable, and transportable assets is in the offing.

Hardly.

> The supply source of unknown depth and availabilty, although we know the total upper bound of the market.

The realistic upper bound is somewhere in the neighborhood of about 12 /8s, probably quite a bit less.
That's a total market size of 786,432 /24s. Seems pretty small to me.

> And of course, no evidence of this activity that  you can point to in the nascent APNIC marketplace as evidenced by tradeipv4.com.
> 

The APNIC marketplace hasn't started in earnest. Most providers haven't even gotten their final /22 from APNIC yet.
Using that as an example at this time is absurd at best.

>> 
>>> As a whole, then, my policy seeks to recognize that there are transfer transactions which provide incentives for buyers and sellers of addresses but which transactions may not meed the needs requirements which ARIN mandates for transfers.
> 
>> There are thefts of automobiles which meet the needs of car thieves and the resellers who purchase the stolen
>> cars from them. That does not make the legalization of car theft attractive.
> 
> Geez, maybe you should have used kidnappers of children and the child-sex rings who purchase them!

An equally valid example.

> You obviously have an emotional view that transfers of addresses are akin to theft from the rightful owner, ARIN.

Not at all. However, transfers of addresses absent justified need are akin to theft from the community as a whole.
You can call that emotion if you want. I call it stewardship.

> In that I think you act more as king than steward.

I suspect that is a reflection of your misunderstanding of my viewpoint more than anything else.

> At least in terms of legacy space, the holders of address rights *predate* ARIN, and yet in your mind, if they transfer them without telling ARIN, they are thieves and hijackers.
> 

The holders of address registrations predate ARIN, but, ARIN is the successor in interest to the original registries that
issued them. The resources are and were issued in trust in the community interest to the original resource holder.
If a merger or acquisition results in the transfer of the underlying network infrastructure and the addresses go with
it, that is a permitted transaction which should be recorded by the current registry. Any other transaction transferring
addresses outside of policy is a theft of community resources and the registry has the obligation to reclaim them in
the interests of the community.

> 
>>> The question is whether removing the needs basis benefits the ARIN community as a whole, not just the individual participants in any particular
>>> transaction. ARIN does not need to make policy to the benefit of individual participants in a transaction.
>>> Our role as stewards is to make policy to the benefit of the community as a whole. Individual participants in a
>>> transaction are quite capable of looking out for their own immediate interests without involving ARIN policy.
> 
> My rationale is the stewardship of Whois, which benefits the entire Internet community.
> 

Except you have yet to establish any link whatsoever between your policy and any positive effect on whois.

>>> Additionally, I pointed out that network operators, in my experience, will route addresses whose Whois record does not reflect that the network operator's customer is the registrant. The network operator, in my experience, will normally check to make sure that nobody else is advertising the addresses, and >>will solicit from the customer some documentary evidence that the customer has the right to the route the addresses, and then the network operator will route the addresses.
>> 
> 
>> This is not my general experience. Most reputable operators will refuse to route addresses unless they have
>> some reason to believe that the customer asking them to route them has some legitimate registration of those
>> resources.
> 
> The legitimate reason is the documentary evidence of transfer in the form of a merger, acquisition, asset sale, or Letter of Agency.
> 

I suspect that if the LoA is found to conflict with the whois database, it won't be worth the paper it is printed on. I suspect this
will become even more so in the coming years.

>> Sure, there are ISPs that specialize in routing hijacked space to the benefit of snowshoe spammers
>> and the like, but, they are relatively rare and tend to get de-peered over time.
> 
> And how is a company with a three-year planning window like a snowshoe spammer or hijacker?

Huh?

> These companies cannot pass the ARIN needs requirements, and would be incentivized to purchase enough addresses on the transfer market.

That's true today. However, to protect the community overall, the community has come to agreement on a 1 year planning window for addressing
purposes. This provides balance between those with need today and others with need tomorrow.

> The seller is incentivized by the money the buyer will pay.

Not seeing how this is relevant to the point.

> The network operator is incentivized by the money the buyer will pay him, and is satisfied by documentary evidence of the transfer that the buyer has the right to route.

Again, I suspect that when it comes down to an issue of that evidence vs. whois, most ISPs will likely go with whois and suggest
that the buyer go sort it out with ARIN and come back.

> The net result is Whois inaccuracy (and the fact that the buyer will have no RSA with ARIN).
> 

I suspect not as much as you think.


> 
>> I agree that ARIN should get more aggressive about removing registrations for addresses which are no longer
>> being held by the original resource holder or its legitimate successor through some form of section 8 transfer.
>> ARIN should then reissue those available resources to organizations with documented need in a timely manner.
> 
> This is your stick to my carrot. And wielding that stick can get very expensive for ARIN through legal costs.
> And as far as legacy addresses go, ARIN can spend through the nose on lawyers, but my reading of MS/Nortel and the Plzack declaration in the Kremen case leads me to believe that would be money ARIN would waste.
> 

I guess we'll see what happens. Worst case, the market blows out the routing table and we all end up on IPv6
whether the IPv4 stuff is recorded in whois or not. Best case, the market doesn't completely destabilize IPv4
before we get migrated to IPv6 and IPv4 becomes largely irrelevant. I guess either way, this becomes a
relatively temporary problem. I suppose since I favor a faster migration to IPv6, I should probably support
the greater disruption to IPv4 brought about by your policy, but, in the interests of the community, I just
can't bring myself to do so.

> 
>>> The net effect of these types of transactions is a lack of trust in the Whois table as an accurate source to check for authoritative routing rights. My proposal seeks to reduce the harm to Whois accuracy by extending the range of allowable transactions, providing additional incentive to have transfers reflected >>accurately by ARIN's updating of Whois to reflect the transfer.
>> 
> 
>> There is no evidence whatsoever that this newfound range provides any incentive whatsoever for those
>> transactions to be registered.
> 
> Owen, you said a couple of paragraphs ago that network operators would check registration when asked by a customer to route addresses.

Yes... Regardless of the range allowed by policy, so long as it remains reasonably sane.

> I agree that is the first place they would go, and that is one of the incentives for address transferees to seek registration.

Exactly.

> The other is the fact that this is really the only public venue for the registration of ownership rights, and I believe registration increases the resale value of the addresses.

They are not ownership rights. They are registrations.

> I point again to MS/Nortel and the luckiness that MS had a need exactly equal to a previously negotiated sale with Nortel.

You call it luck, I call it planning. Why would you purchase an amount different than your need?

> Had that need not matched precisely with the addresses allocated to Nortel's acquisitions 20 years ago, what would have happened?

The deal would have been modified.

> I think we all know what would have happened, and that is that Microsoft would soon be routing those addresses, and Whois would still list Nortel, or even some Nortel acquistion, as the registrant.

No, I don't think that would have happened.

> This was the spur for my proposal. Had the needs requirement not been in place, the transaction could have flowed through 8.3, and the natural incentives towards registration would have caused Whois to accurately reflect Microsoft as the new registrant.

The transaction is flowing through 8.3 and Micr0$0ft will become the new registrant when it is complete.

> In addition to this public transaction, I offered some other potential transactions which would also fail the needs test, among which is a buyer with a 2  year planning horizon.

Yes, you've offered several instances in which behavior that the community has said is contrary to the interests of the
community would be supported by your policy. That does not change the fact that the behavior in question is contrary
to the stated interests and intents of the community.

> I will continue to use this example, as recent proposals to extend the needs window attest to the belief among some that having a 2  year planning window does not put you in the same league as spammers, speculators, and hijackers.
> 

And I will point out that there is also opposition in the community to those proposals indicating that there is belief among some
that having an ability to glom more than a year of address space at a time to the exclusion of others is contrary to the interests
of the community.

>> Yes, it might actually remove some small amount of disincentive, but, I believe
>> it would be better for ARIN to provide incentive for accurate whois through a more active audit and
>> reclamation process as that would also better serve the community by reducing the probability of hijacked
>> space being invisibly routed as well as making some abandoned resources available to the ARIN community
>> for reuse.
> 
> Again with the stick. How successfully as this stick been weilded in the past?
> 

It has not been wielded yet to my knowledge, so, there is not yet a test on its success.

> 
>>> As we move into a trading world, which will happen whether or not my proposal passes, conflicts over address control are likely to increase, and the value of trust in Whois as the routing authority will also increase. Rather than sit back and watch Whois decay, I urge ARIN stewards to consider making these >>changes to foster accuracy in Whois.
>> 
> 
>> There is no proof these changes will foster accuracy in Whois.
> 
>> Owen
> 
> There is proof that transfers have occurred that have not been reflected in Whois. John mentioned the current 8.2 requests to reflect old mergers and acquisitions.

Yes and I fully support ARIN recognizing appropriate transfers before taking action to reclaim or revoke
resources by removing their registrations from the database and placing the numbers back into the allocation
pool.

> So we know that transfers have occurred among the non-reprobate which are not reflected in Whois.

And? In most of those cases, they were unaware of ARIN and did not know how to go about registering
their transfer. Upon rectification of that ignorance, most complete the transfer without issue. I fail to see
how this provides any support for your proposal.

> I  have pointed out that there is a major change afoot, the development of an ip address transfer market.

Yes. I still haven't seen you provide any evidence that said change means we should stop regulating the
rate of consumption in the interests of the community as a whole as part of good stewardship.

> So looking in the past for proof, or really looking anywhere for proof of results of a change which has not occurred yet, is specious.
> 

At least some supporting evidence that your proposed change would have the results you claim it
would have would be useful. So far, there is none.

Owen

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20110519/80611d56/attachment.html>


More information about the ARIN-PPML mailing list