[arin-ppml] 2011-1 dissent Was: Re: ARIN-2011-1: ARINInter-RIRTransfers - Last Call
Brett Frankenberger
rbf+arin-ppml at panix.com
Sat Oct 22 12:04:05 EDT 2011
On Sat, Oct 22, 2011 at 05:16:03AM +0000, John Curran wrote:
> On Oct 21, 2011, at 8:44 PM, William Herrin wrote:
>
> > So to summarize: I would find it difficult to be a repeat offender,
> > but as long as I dot my i's cross my t's and content myself with just
> > one grab, draft policy 2011-1 as presently written would enable me to
> > buy a Lexus by raiding the free pool and more or less immediately
> > selling the results out-region... to someone with no access to a free
> > pool operating under a much more permissive needs-based justification
> > than ARIN requires. And with little risk: at worst really just the
> > loss of the $4500 allocation fee.
>
> If you follow through on using the assigned resources as
> specified on the request, then no resource fraud would be
> found.
>
> This indeed means that parties with existing address space
> could optimize their network address usage and monetize the
> result. As long as the resources had been used operationally
> as specified, the subsequent optimization and transfer would
> be allowable per policy (whether the resources were received
> years, months, or weeks ago)
The point is that this appears to be loopable. I start with a /16 of
SmartPhones behind NAT. I request a /16 from ARIN to give all the
phones routable addresses. As soon as I get the allocation, I promptly
use it -- I assign all the SmartPhones addresses from my new /16.
Then, a few weeks later, I monetize the /16 and put the phones back
behind NAT. No fraud -- I requested addresses for devices that really
existed, and I really did assign the addresses to those devices.
Now I'm back where I started, and I can do it all over again.
> Note also that this potential concern exists in the existing NRPM 8.3
> policy with respect to in-region transfers.
In-region, there's no motivation to do it. The "loop" I describe above
only works if there are addresses in ARIN's free pool (because if
ARIN's pool is empty, obviously ARIN won't be allocating me any
addresses, regardless of my justification). As long as there are
addresses in ARIN's free pool, there's no motivation for anyone
in-region to offer me $100K to go through the motions I describe
above -- they can't transfer the addresses from me unless they can justify
their need, and if they can justify their need, ARIN will allocate
them addresses directly (and at a considerably lower price than buying
the addresses from me).
But ... someone in a different region, where there is no free pool, has
no ability to get addresses directly from ARIN's free pool, because,
regardless of need, ARIN won't allocate to an organization in another
region. So organizations in a region that has no free addresses
remaining can offer me (the hypothetical me described above -- I
actually have no SmartPhone business) $100K to un-NAT my phones, get
addresses from ARIN, re-NAT my phones, and sell the addresses.
-- Brett
More information about the ARIN-PPML
mailing list