[arin-ppml] Clarify /29 assignment identification requirement
jbates at brightok.net
Thu Apr 26 22:14:03 EDT 2012
On 4/26/2012 8:44 PM, Jimmy Hess wrote:
> While ARIN's auditing and review practices are and internal procedure
> issue, and therefore out of scope of the PDP or the number resource
Only in the fact that it doesn't limit auditing. The NRPM does provide
for auditing, so it could be clarified.
> What I feel should happen is ARIN should actually publish guidance,
> and specific forms, stating what will routinely be requested in
> standard resource reviews and application for resources, information
> such that ISPs are appropriately prepared.
> Or "examples" of the documentation that ARIN will request.
I believe their fear here is that people will just write script kits to
forge such information.
I believe it would be better to strictly push for meeting sessions and
direct viewing of information upon request in collaboration with the ISP
when there is a question concerning the standard forms and the desire to
1. The ARIN representative is viewing the information and signing off on
it. No actual data is being stored by ARIN. This allows the ISP to guide
and restrict what is being viewed to a degree to safeguard against any
unauthorized activity an ARIN representative might engage in. It also
reduces the amount of private data ARIN does store.
2. Except for the smallest requests, it allows ARIN to be very random on
what they want to view and by questioning the ISP, view a variety of
datapoints for verification like dhcp pools, snooping pools, ppp
sessions, dslam screens showing connected ports, data traffic
loads/counters for a variety of interface types. In some cases, ISP
might not be against showing live flow data at PE, which could be
verified against data sent in real time from ARIN representative (see,
this is a real router!). Or, because not everyone is a connectivity
provider, I presume one could view a few commands on a server to see
mass usage of address space for X reason (although I'd think most SSL/IP
setups just generate a quick scan of those sites by ARIN).
3. Makes it much more difficult for someone to make a fraudulent request
without creating what equates to a full ISP.
1. Representatives may spend more time in a meeting than they would
analyzing "paper" which is submitted.
2. Representatives would need to understand ISP technologies to be
versatile in what information to ask for.
More information about the ARIN-PPML