[arin-ppml] Clean up definition of LIR/ISP vs. end-user

Mon Apr 29 16:41:56 EDT 2013

At ARIN 31 last week, Leslie's Policy Experience Report (slides at
https://www.arin.net/participate/meetings/reports/ARIN_31/PDF/monday/nobile_policy.pdfor
https://www.arin.net/participate/meetings/reports/ARIN_31/PPT/monday/nobile_policy.pptx)
reported that, in ARIN staff's experience, the NRPM does not adequately
define ISP/LIR vs. end-user.  For example, by literally applying the
existing definitions as currently written, my employer would be neither an
ISP nor and end-user, because while they do not *primarily* assign address
space to users, neither do they *exclusively*  use it in their own
networks.  So I think those definitions need a few tweaks.

I would propose that the primary difference between ISPs/LIRs vs.
end-users, for purposes of the NRPM, is whether an organization reassigns
address blocks to third parties.  If an organization maintains full control
of all of the equipment on its network, and doesn't need to make any
reassignments to other organizations, then it can qualify as an end-user.
 In particular, an end user organization must be able to supply a full list
of all the IP addresses in use on its network, and know what devices are
using those addresses.

An ISP/LIR, on the other hand, should be defined by whether they delegate
that responsibility to another organization.  In that case, they need to
reassign the network space via SWIP/rwhois, which makes them an LIR.

I understand that there are other considerations, such as the expectation
in the security community that addresses within an ISP allocation are
generally controlled by third parties, whereas addresses in an end-user
assignment are generally controlled by the end-user organization.  However,
I don't believe it's practical to try to draw a distinction there: rather,
organizations can decide for themselves whether they need to make
reassignments (for that or several other reasons), and that decision can
drive whether they are considered an ISP/LIR or end-user for purposes of
ARIN policy.

In light of the above, I would propose the following revised definitions:

2.4. Local Internet Registry (LIR)
The terms Internet Service Provider (ISP) and LIR are used interchangeably
in this document.  A Local Internet Registry (LIR) is an IR that assigns
address space to the users of the network services that it provides.
 Therefore, LIRs / ISPs are organizations that reassign addresses to end
users and/or reallocate addresses to other ISPs/LIRs.

2.6. End-user
An end-user is an organization receiving assignments of IP addresses
exclusively for use in its operational networks, and does not register any
reassignments of that space.

Thoughts?  Should I submit this as a policy proposal?

-Scott
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20130429/d6f09227/attachment.htm>