[arin-ppml] 2014-1 Out of Region Use
Jon Lewis
jlewis at lewis.org
Wed Feb 25 13:10:03 EST 2015
On Wed, 22 Oct 2014, Martin Hannigan wrote:
>>> resources stating that this is a no op as well: already using numbers in
>>> other regions and even ARIN (Curran) chimed in and said that it wasn't
>>> a problem.
>>
>> I think you're interpretation of the situation is WAY out of line with
>> the reality. Staff wants to STOP out of region use, and is doing so de
>> facto because of the ambiguities in the policy. Yes, lots of people are
>> already using numbers in other regions but if you want to continue to
>> do that with new requests we need to solidify the policy and make it
>> clear that this is ok.
>>
>
> I don't think I took the discussion out of context at all. Both Matt
> Petach and I stood up and said that we both use numbers out of region.
> What's the big deal? John commented that it wasn't. If that's not
> accurate, I'd be interested in your interpretation.
Sorry about digging up this old thread...
The problem (my problem anyway) is that I was just told by ARIN staff
(Leslie Nobile at the event yesterday and confirmed just now via the
helpdesk) that NRPM 4.5 can't be used by an ARIN member to request
resources to be used out of region and, perhaps more troubling, that v4
space used out of region does not count towards calculating space
utilization when an organization requests additional space from ARIN
unless a less specific route is advertised in-region.
I wasn't prepared to argue about either of these "policies" yesterday, but
after searching the NRPM, I can't find any basis for either of them. So,
I called the helpdesk to double-check / ask where in the NRPM I could find
these "policies". I was told they're based on ARIN's interpretation of
2.2, specifically "The primary role of RIRs is to manage and distribute
public Internet address space within their respective regions." Those are
some very specific "policies" derived from a very vague sentence, which I
think could just as reasonably be interpreted as meaning the RIRs exist to
serve organizations headquartered in their respective service regions.
You're a US corporation, ARIN is your RIR. You're a German corporation,
RIPE is your RIR.
>> "The requirement to have a minimal level of resources deployed in the
>> region (/44 for IPv6, /22 for IPv4, 1 ASN) is an attempt to respond to
>> law enforcement and some community concerns. An absolute threshold
>> ensures that those applying for ARIN resources are actually operating
>> in the region and not simply a shell company, but it avoids the known
>> pitfalls of trying to use percentages of the organization's overall
>> holdings to do that."
I think I understand the intent of that requirement, but it's kind of
pointless, especially as currently written:
ARIN registered resources may be used outside the ARIN service region.
Out of region use of IPv4, IPv6, or ASNs are valid justification for
additional number resources if the applicant is currently using at least
the equivalent of a /22 of IPv4, /44 of IPv6, or 1 ASN within the ARIN
service region, respectively.
If I were a European org wanting to get space from ARIN instead of RIPE,
all I have to do is buy a VM on some ARIN-region cloud provider, get them
to do BGP with my VM, and I've satisfied the requirement? If you think
that's far fetched, see the recent thread on NANOG about cloud providers
willing to do BGP with VMs. All that does is slightly increase the cost
of violating the intent of the policy.
I think 2014-1 shouldn't be necessary, but since current ARIN "policy" is
based on an interpretation I disagree with of vague language in section 2,
I suppose I'm all for passage of 2014-1.
I just hope it doesn't have the sort of unintended consequences I think it
could easily have. Does the helpdesk have many staffers who speak
Romanian?
----------------------------------------------------------------------
Jon Lewis, MCP :) | I route
| therefore you are
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
More information about the ARIN-PPML
mailing list