[arin-ppml] Draft Policy ARIN-2013-6: Allocation of IPv4 and IPv6 Address Space to Out-of-region Requestors

Tony Hain alh-ietf at tndh.net
Tue Jun 25 18:37:50 EDT 2013

Several messages responded to below:::

David Huberman wrote:
> The internet engineering community purposely designed the RIR system to
> be regional.  

BS ... The RIRs are one artifact of getting the USG out of the central role,
not a 'purposeful design'.

> Different regions have different needs, and grow at different
> rates. Current NRPM text is deficient in the arena of defining who can,
> cannot, request number resources from the Registry.  Importantly, staff
> have (on multiple occasions) presented the ARIN community with the
> challenge of dealing with requestors who are trying to "game" the RIR
> system by obtaining space from ARIN when the customers are primarily (and
> even exclusively) outside the ARIN region. The proposed policy text neatly
> offers staff a good tool to overcome those challenges.

Originally, the RIRs were intended to "facilitate distribution", not be
hoarding gatekeepers.

> The proposed policy text is elegant and operational for a few reasons:
> 1) If a majority of an organization's customers is outside the ARIN
> there organization should be subject to the RIR in which their majority
> resides.  

Where an organization or its customers is has no bearing on facilitating
resource distribution. What matters is that the policies of the RIR doing
the distribution are being met. If they are unable to get verifiable
information, they should not do the allocation. 

It is sad that I was shouted down by shortsightedness claiming I was
raciest, because 5 years ago the proposal for having the RIR with the
largest block become the "logical IANA" (Cooperative  distribution of the
end of the IPv4 free pool) would have distributed the verification part of
this problem to the 'natural home RIR'. From my Feb2008 slides:
     Any RIR that has only a 30 day supply of space becomes a virtual LIR of
     RIR with the largest remaining pool with respect to it's recent run
     Effectively aggregating the requirements for the requesting RIRs
Rather than seeing this as a means to distribute the verification and
customer relationship issue along historical lines, it was bashed as a way
to short circuit Afrinic out of its meger pool. Impacting Afrinic was never
the intent, and that was really just a cheap-shot used to stifle discussion,
as it really came down to the big 3 wanting to hoard their respective pools
from raiding by the other 2 members of the big 3.

> If that majority is in APAC or EMEA, and those regions are out of
> space, that challenge is out-of-scope of ARIN policy. (It is the purview
of that
> region's registry and its policy making community.)

Arguably ARIN needs to give one /8 back to IANA. After all it was acquired
under the pretense that it would be used within 2 years, and now that we are
6 months past that date, with no expectation that it will be used up in the
next few weeks, it should be returned to IANA as an over-allocation. Clearly
the ARIN region has had no need for it within the 2 years claimed, and are
not demonstrating need for it now either. (one could argue both, but the
"last one" was acquired under different pretense)

> 2) It does not impede on the ability of global backbone operators to
> space from ARIN, so long as the ARIN region is the largest consumer of
> devices and addresses.

So if DT or NTT want to expand their footprint in the ARIN region exactly
how are they going to justify that? There is no way they will ever get to
the point of "ARIN region is the largest consumer of addresses".

> 3) The use of the term "majority" presents no functional challenges to
> requestors or staff.  Merriam-Webster has a definition of the word
> stating, "the greater quantity or share".

Ambiguous terms are useless. An organization with 5 equal size sub-entities
in every RIR region will not have a "majority" in any one, yet you would
deny them the ability to grow in the ARIN region, just because you think
there is no functional challenge here.

> I have only one recommended edit to the text.  I recommend replacing "IP
> blocks" with "number resources", so that the text precisely captures the
> activities of the Registry.

At least that statement makes sense.

William Herrin wrote:
> Three points:
> 1. An organization's administrative operation and technical infrastructure
> only occasionally collocated. This is neither an accident nor
> ARIN should not be in the business of micromanaging a "designated" place
> within its region a particular block of addresses may legitimately be


> 2. As Christoph pointed out, it is not just reasonable but is rather the
> *intended* behavior that out-region staff of out-region organizations
> operate their in-region technical infrastructure using ARIN addresses.


> 3. As written, this conflicts with the transfer policy which explicitly
> ARIN addresses to leave the region.


George Herbert wrote:
> I am opposed to the overly vague "majority".  I support organizations
> space needs for customers or infrastructure within the ARIN region from 
> ARIN, regardless of where most of their operations are.

I agree that resources for use within the region covered by any given RIR
should be fulfilled by that RIR when requested, regardless of entity origin
or relative global operations. 

> There is some validity to the question of using those numbers for
> or infrastructure elsewhere,

No there is not. That argument only originates by those that believe
hoarding is the correct action in face of shortage. As a "distribution
facilitator" the only thing that matters is the ability to verify that
policy is being met.

> but I believe that that train left the station about 
> a decade ago, and I think that attempting to cure it now for this reason
is not 
> appropriate.


Milton L Mueller wrote:
> In my view, the demands of law enforcement raise vital substantive issues
> (regardless of whether it is US or some other LEA). That is because of the
> pressure to "territorialize" the Internet; i.e., to make the scope of
> operations and governance institutions conform to the jurisdictional
> boundaries of nation-states. I believe that territorializing or
> alizing Internet operations and governance is a step backwards to the pre-
> 1990s world of telephone companies, and thus to service trade barriers,
> operational efficiency and dozens if not hundreds of sets of rules, and
> eventual de-globalization of the internet. Taken to its logical
> 2013-6 would imply that ARIN be abolished and replaced with 20 NIRs
> (national Internet registries). I mean, if you really want to tie address
> allocation and assignment to specific territories in order to make law
> enforcement and identification easier, you should not have transnational
> at all. We could perhaps as  k the ITU to run this proposed
> system, as they are appropriately organized along nation-
> state/intergovernmental lines. Oh wait, they already proposed that:
> https://datatracker.ietf.org/documents/LIAISON/file1141.pdf



In case it is not clear, I oppose this proposal as written. Further, I
oppose the entire basis for this direction and strongly recommend abandoning
any effort on this path; as pointed out by Milton Mueller it leads to places
we don't want to go. 

I have no issue with LE requiring verified information, but make that
explicitly the requirement, and if the verification fails, so does the
allocation of resources. If it is too hard to do global verification for
distance and time zones (I didn't realize we had rewound the clock 15 years
to the pre-RIR days), get the local RIR to do the work, and aggregate
requests as a virtual LIR as proposed 5 years ago. 

If the intent is simply to hoard rather than facilitate distribution, send
the remaining pool back to IANA, put up a "closed" sign and go to the beach.


More information about the ARIN-PPML mailing list