[arin-ppml] Draft Policy ARIN-2013-6: Allocation of IPv4 and IPv6 Address Space to Out-of-region Requestors - Revised Problem Statement and Policy Text

Kevin Kargel kkargel at polartel.com
Fri Sep 13 17:20:22 EDT 2013

-----Original Message-----
From: David Conrad [mailto:drc at virtualized.org] 
Sent: Friday, September 13, 2013 4:13 PM
To: Kevin Kargel
Cc: arin-ppml at arin.net
Subject: Re: [arin-ppml] Draft Policy ARIN-2013-6: Allocation of IPv4 and IPv6 Address Space to Out-of-region Requestors - Revised Problem Statement and Policy Text


On Sep 13, 2013, at 2:42 PM, Kevin Kargel <kkargel at polartel.com> wrote:
> I still don't see how this is going to be enforceable. To my eye it would entail getting geo-data for all last mile routers that service IP's under ARIN control and having someone or a sophisticated AI bot continuously scanning the BGP tables to enumerate and verify the geo-locations of the endpoints.

>>Why wouldn't an assertion by the applicant that they run a network in the ARIN region and perhaps a traceroute or two be sufficient to meet the "operating a network located in the ARIN service region" requirement?

A traceroute would only satisfy an initial test.  Trivially easy to set one up, get your allocation, and then move the network to where you really wanted it.

> If the idea is just to ask people if they are in the ARIN governance area and make them promise to never move offshore (knowing it will not be subsequently policed) then I submit that the algorithm is way too easy to game by unscrupulous operators and will end up being a token policy that creates more bureaucracy and trouble for legitimate operators.  

>>I don't see this being significantly different than gaming the "operational needs" requirement. I think the issue here is establishing a policy basis upon which violations, when detected, can be addressed. If it is discovered that someone is getting addresses to stockpile them for later sale, ARIN policy exists to allow ARIN to revoke those addresses.  This draft policy is saying that if someone is getting addresses for use outside ARIN's region, there would be a policy to allow ARIN to address that issue.

Just like ARIN follows up on the utilization requirement?  

>>And, FWIW, I'll note that both AfriNIC and LACNIC (the remaining RIRs that have not gone into "last /8" policy) require companies to demonstrate in-region legal status and network usage. 

Maybe they have a way to test and enforce their requirement.  If so perhaps it is a model we should pattern after.

> If you can figure out a way to enforce *and* implement it I would support the policy, but until that time I have to vote "nay".  I suspect that even if it were implemented enforcement would only be possible if it were written with an anti-grandfather clause.

>>Wait, I liked my grandfather... :) (sorry, not sure what an 'anti-grandfather clause is)

Anti-grandfather means that the restrictions should equally apply to existing allocations, and current allocations that are operating outside of the ARIN region should be required to obtain allocations from their region and return the ARIN allocation.  Old allocations should not have a 'grandfather' exemption.  We would probably need to forgive their latest set of fees.
It would be onerously difficult to separate the pre and post allocations for enforcement.


More information about the ARIN-PPML mailing list