[arin-ppml] Clarify /29 assignment identification requirement

Joel jaeggli joelja at bogus.com
Sat May 5 00:37:38 EDT 2012

On 5/3/12 14:19 , William Herrin wrote:
> On 5/3/12, Joel jaeggli <joelja at bogus.com> wrote:
>> On 5/3/12 13:21 , William Herrin wrote:
>>> On Thu, May 3, 2012 at 3:30 PM, paul vixie <paul at redbarn.org> wrote:
>>>> and i don't see anyone other than the RIRs who could do it.
>>>> and i don't see any way to continue the internet's prior growth curve
>>>> without this.
>>> As ISPs begin to make use of the carrier NAT space where a single
>>> global IP serves hundreds of customers, is it really necessary for
>>> ARIN to spot-check the identities of the customers sitting behind a
>>> particular address in order to verify that the use is legitimate?
>> ranges used by nat translators should be documented as such. they are
>> not customer assignments. I've done this in the course of direct
>> assignment requests. I have not yet been asked to demonstrate outgoing
>> port utlization efficiency whatever that my imply at some future  date.
> Hi Joel,
> Has anyone at ARIN promised you it won't do so in your next round?

No-one from arin has promised me anything...

> Unless I misunderstood John Curran, he said that and anything else
> which consumes IP addresses is fair game.

If you are using overload nat, but especially in the deterministic  port
range assignment context it's fairly straight forward to calculate your
port consumpution on the basis of a rather small sample of the flows.

> He said they don't ask
> egregiously. But they also won't go out of their way to avoid asking.

The run rate from a cluster in our environment on the logging for
outgoing nat mappings when enabled is around 400,000 lines a second. A 1
minute snapshot of that is super interesting reading once sources and
destinations are anonymized.

> Regards,
> Bill Herrin

More information about the ARIN-PPML mailing list