[arin-ppml] Draft Policy ARIN-2013-6: Allocation of IPv4 and IPv6 Address Space to Out-of-region Requestors - Revised

Owen DeLong owen at delong.com
Wed Sep 25 18:55:05 EDT 2013


On Sep 25, 2013, at 3:27 PM, John Santos <JOHN at egh.com> wrote:

> On Wed, 25 Sep 2013, William Herrin wrote:
> 
>> On Wed, Sep 25, 2013 at 10:59 AM, ARIN <info at arin.net> wrote:
> [...]
> 
>> 
>>> , and (2) are operating a
>>> network located within the ARIN service region. In addition to meeting
>>> all other applicable policy requirements, a plurality of new resources
>> 
>> "Plurality" is a non-starter for me. You really want to do this, pick a
>> percent. 
>> 
>> The reasons have all been stated before, both in the previous
>> discussion, the staff comments and the legal assessment. In context,
>> plurality is a sloppy, hard to pin down concept that makes management
>> and analysis needlessly hard.
> 
> Huh?  "Plurality" is a precisely defined mathematical concept.
> 
> The part I have a problem with is "a network located within the ARIN
> service region."

I don't think this is as problematic as you are perceiving.

> Networks intrinsically span service regions.  Nodes can be scattered
> across RIR regions, links between nodes can (and often do) cross regional
> boundaries, and what's worse, nodes can move, both day-to-day (for
> example, an international corporation moves its "www.support.foocorp.com"
> web servers from a data center in Michigan to one in Luxembourg), and
> totally dynamically, as in load-balancing and site failover, as well as
> mobile nodes that can cross RIR boundaries at will.  In which region is a
> Liberian-registered cruise ship sailing out of San Diego currently exploring
> the coast of Patagonia?  Or an airplane or the ISS? 

In the case of spanning regions and scattered across regions, that is the
reason for the "plurality" provision. It allows a company to keep some
portion of its assets in region and still address its out-of-region assets so
long as none of the other regions contain more of the network using ARIN
region numbers than what is in the ARIN region.

As to moving, yes, corporations often use DNS changes to move the
service for "www.support.foocorp.com" from one place to another (or
to balance it across many locations), but that's DNS. Policy here is
about the numbers and corporations rarely move the numbers around
in such a scheme. (Anycast notwithstanding, but I would treat any cast
as used in region so long as at least one site advertising the any cast
prefix was in region).

Mobile nodes that cross RIR boundaries actually tend to get new numbers
when they do so. (At least I haven't roamed across an RIR boundary without
being assigned a new IP address when I did so, and I've been across a lot
of RIR boundaries.

> There needs to be a degree of fuzziness.  If we are going to force a
> regional preponderance of the network (a much vaguer term than
> "plurality"), to be in ARIN's geographical region, then (1) clearly a

Yes.

> network with 30% ARIN, 70% RIPE should be getting its resources from RIPE,

Which would fail the plurality test.

> but (2) one with 29% ARIN, 28% RIPE, 25% APNIC, and the other 17% spread
> across Africa and Latin America should get their resources from ARIN,

Which would pass the plurality test.

> despite having a smaller footprint than the 1st organization.  And what of
> (3), which has 28.99% ARIN, 29.01% RIPE right now, but it could change in
> the next 15 minutes?  Maybe "within 5% of a plurality in the ARIN region"
> would be a better metric. 

In reality, I think that particular boundary condition is an unlikely corner case.
Where is the other 42% of that network, by the way?

As I said above, the numbers do not tend to move as quickly as you claim.
Names tend to be quite dynamic. Numbers tend to be fairly stable. If they
were not, BGP would have a much higher (and unsustainable) level of churn.

> I think right now, an organization can basically deal with the registry it
> finds most convenient, whether for geography, language, culture or
> whatever. The proposal doesn't seem to be about registry shopping (my

No, actually, most of the other RIRs are much stricter about out-of-region
use of address space than ARIN.

> local RIR rejected my request or has too many restrictions on my trying to
> commoditize or speculateon the resources, so I'm going take a dip from
> another well), or double-dipping or playing registries off against each
> other.  Its goal seems to be accountability of the registrants, so I think

These are definitely one aspect of the intended policy, but not exclusively,
no.

> thats what it should try to do directly.  It shouldn't matter *where* an

That is a second aspect of the proposal.

> organization is based, it should matter whether it is contactable,
> receives and pays its bills, handles abuse complaints and technical
> issues, etc.  If these are true, local law enforcement should have no
> problem tracking them down if needed. 

I don't think this is just about law enforcement, though the proposal authors
are primarily representatives of US and Canadian LE organizations. I do
think that the primary intent of the proposal is to address a growing perceived
issue with registry shopping.

Personally, I'm all for making the process more open to out-of-region usage
as you described, but if you look closely at current ARIN operating practice
and this policy proposal, you will see that the proposal is actually more
liberal about this than current (though not some prior) operating practice.

Owen




More information about the ARIN-PPML mailing list