[arin-ppml] ARIN-2011-5: Shared Transition Space for IPv4 Address Extension - Last Call

William Herrin
Mon May 2 19:14:08 EDT 2011

On Mon, May 2, 2011 at 4:39 PM, George, Wes E [NTK]
<Wesley.E.George at sprint.com> wrote:
> On Mon, Apr 25, 2011 at 8:46 AM, George, Wes E [NTK] <Wesley.E.George at sprint.com> wrote:
>> IPv4 addresses used behind a NAT (inside pool) cannot be used for
>> justification of new resources nor counted towards utilization
>> calculations for existing resources.
>> NRPM 4.10.x (Shared Transition Space) defines a specific non-unique
>> block to  be shared among multiple networks for this purpose.

> I don't understand your example, specifically how a transfer would figure into the discussion. Please try to rephrase.

Sorry, I was being snarky.

Under your wording, once I have placed equipment behind a NAT, I can
never move it out in front of a NAT because its existence doesn't
justify addresses. You could probably fix that particular problem by
saying "addresses _intended to be_ used behind a NAT."

But there are more problems. For example, addresses behind a bastion
host firewall would still qualify even though that's basically the
same use as the NAT. That's fundamentally unfair, which violates a
basic precept of any public policy process..

And what about folks who decide to consume public addresses inside
their stateful non-translating firewalls even though they've locked it
down where the only thing that passes is outbound tcp? Is it fair that
folks trying to conserve with NAT should pay an additional
policy-level penalty while wasters don't?

> I remain convinced that something should make it
>into this version of the policy, not wait for subsequent policy action.

We're going to have to deal with address revocation for unjustifiable
use soon anyway. If this proposal is acceptable with changes to
justified use then there's no harm in letting it past and figuring out
the right changes on the other side.

Bill Herrin

