[arin-ppml] Draft Policy ARIN-2017-12: Require New POC Validation Upon Reassignment

Ted Mittelstaedt tedm at ipinc.net
Sat Dec 2 11:46:12 EST 2017 


On 11/30/2017 10:36 AM, Owen DeLong wrote:
>
>> On Nov 29, 2017, at 22:08 , Ted Mittelstaedt<tedm at ipinc.net>  wrote:
>>
>>
>> And I will point out that the entire point of validating POCs is to discover things like /16's that haven't been used for 15 years.
>
> I’m not convinced this is true.
>

As the originator of the policy I assure you that was the intent for 
IPv4.  It has gathered other very good reasons along the way but that's 
what it's entire point really was.  For IPv6 the goal was completely
different - it was expressing the hope that we might be able to help
admins to contact abusers of IP addressing - even though I knew that was
tilting at windmills since people with malevolent intentions can always 
find a way to abuse IP addressing and hide behind a fake name.  But as
long as I had support from the lets-find-IPv4 crowd I was going to take
advantage of the base craven desires to get something altruistic in as well.

> I think the entire point of validating POCs is to make sure that all resources have valid POCs.
>
> I think that if the entire point were discovering /16s that haven’t been used for 15 years, then POC validation would be tied
> to some process for liberating those resources for reissue.
>

And what makes you think there isn't some process Owen?

The POC requirement was put in there to allow ARIN to force the issue on
these bogus POCs to do what is needed to free up the space.

They can go through a reasonable attempt to contact the former owners 
and if they get nowhere, then they can invalidate all
of the POCS.  Once that's done if a legacy block has all invalid POCs
then it's effectively owned by nobody.  There is no legal concept of
ownership by a non-existent entity, except perhaps in a religion.  ARIN
can legally take control of those and redistribute them.  This is all
internal operations in ARIN not covered in NRPM.  So YOU aren't going to
necessarily know if there's a process or not.

As I recall YOU were arguing against further process being put into the
validation when the policy was going through discussion precisely on
the grounds that such a process wasn't policy.  Pretty disingenuous - 
argue against something then later criticize that thing for not having 
what you argued against?

The reporting requirement was put into the validation to insure that
ARIN was actually doing this as well as giving the community the idea
of how much unused IPv4 was being tied up by abandoned assignments.

Yes we know they are hell-bent on getting IPv6 out there but
IMHO that effort has always been dependent on pushing it out to the last
mile and it certainly seems to me that, that effort has completely 
stalled at this point.  ARIN needs to be apply pressure to CPE device
makers like Cisco for this but that's not happening.

And for orgs that DO exist and want to keep their unused legacy space
because they don't know any better, perhaps, well getting the correct
contact identified allows brokers to know who to pitch to.

I don't think most people have any clue how difficult it is to free up
an unused legacy block of IPv4 from an org that is not using it but is
just sitting on it because they don't know what the hell it is.

The broker has to find a buyer with a lot of money, then go make a 
personal visit to the block holder and start waving the money around 
otherwise there will be zero interest.  And it's going to have to be in 
a significant amount that it will attract and retain that interest
and that amount is going to force the issue all the way up the chain
to the CEO, and the broker is going to have to be educating every
one along that chain as to what the legacy space is, and why they
don't need it anymore.  To add to this task the idea the broker is
going to have to research and dig up owners of old blocks - that is just
impossible.

So the main source of IPv4 from Legacy blocks are going to be abandoned
blocks, where the owners are all gone, where ARIN invalidates the
POCs on them, and takes them back.

Whether or not ARIN has taken this any further is really an internal 
issue within ARIN but at least they now have the foundation to be able 
to do it.   Not being a broker
I don't know where the brokers today are getting their IPv4 addressing
from but I would assume they are also using POCs to do this.

I mean, it doesn't take much effort to run Looking Glass and get
a BGP listing then compare that to the IPv4 assignments to find 
addressing that is owned by orgs and not being used.

Ted

More information about the ARIN-PPML mailing list