[arin-ppml] Draft Policy ARIN-2019-2: Waiting List Block Size Restriction

Chris Woodfield chris at semihuman.com
Sat Mar 2 13:43:12 EST 2019


IMO the PDP is designed to allow for incremental progress on these issues. As such, I disagree that a proposal should be abandoned because it’s not a panacea. As David has said in the past, ARIN’s mission is stewardship, which requires a balance between curbing abuse and allowing the resources to be used by the community with minimal friction. I believe that this policy change will lessen the incentive and impact of such abuse (ergo, raising the costs which effectively reduces the profit motive) while having a minimal impact on the operational community.

If the community desires a fundamental rethinking of how ARIN allocates resources from the waiting list, other options are on the table. In the meantime, I’m in support of this change to the existing policy.

Thanks,

-Chris

> On Mar 2, 2019, at 10:27 AM, Robert Clarke <robert at cubemotion.com> wrote:
> 
> Sure it definitely cuts down on the abuse, but that isn’t good enough. I don’t think we should support a policy that cuts out “most” of the abuse. 
> 
> If there are other community members interested in co-authoring a policy for ARIN auctioning space, please give me a ping.
> 
> Best Regards,
> 
> Robert Clarke
> CubeMotion LLC
> robert at cubemotion.com <mailto:robert at cubemotion.com>
> M: +1 (844) 244-8140 ex. 512
> 300 Lenora Street #454, Seattle, WA, 98121
> 
>> On Mar 2, 2019, at 10:16 AM, hostmaster at uneedus.com <mailto:hostmaster at uneedus.com> wrote:
>> 
>> This proposal is to lower the maximum to a /22.  I believe that this is justified to make the waiting list process serve mainly smaller players. While the /22 size will still allow abuse, it clearly does make it harder on the abusers versus the current policy.  Changing the waiting list process to an auction process is something that I think will require drafting a different Draft Policy, and may have to address many other related matters that have been discussed.
>> 
>> When a Draft Policy to auction the waiting list space is proposed and appears on the list, I will likely support it.  However it is much out of scope for this Draft Policy, whose main feature is to make the maximum waiting list block size a /22.
>> 
>> If you think an auction is best, draft a policy and lets see how that idea is accepted.
>> 
>> Albert Erdmann
>> Network Administrator
>> Paradise On Line Inc.
>> 
>> On Sat, 2 Mar 2019, Robert Clarke wrote:
>> 
>>> Hi Albert,
>>> 
>>> As has been discussed previously in this thread, /22 requests still leave a serious disincentive problem on the table which is counter-productive in the community. Bad actors are incentivized to create multiple shell companies to hoard space. In my opinion we should work to come up with an alternative solution that puts the incentives back in alignment such as allowing ARIN to auction off the space for market rates.
>>> 
>>> While ARIN hands out free money in the form of IPv4 under existing policies there will always be a problem with fraud in this community.
>>> 
>>> Best Regards,
>>> 
>>> Robert Clarke
>>> CubeMotion LLC
>>> robert at cubemotion.com <mailto:robert at cubemotion.com>
>>> M: +1 (844) 244-8140 ex. 512
>>> 300 Lenora Street #454, Seattle, WA, 98121
>>> 
>>>> On Mar 2, 2019, at 9:27 AM, hostmaster at uneedus.com wrote:
>>>> 
>>>> I think that changing the waiting list limit to a /22 has merit, even when NOT considering those gaming the system and support the proposal.
>>>> 
>>>> I think of the waiting list process is more for the benefit of the smaller player, and making the limit a /22 is consistent with this.
>>>> 
>>>> Those that are larger and seeking larger blocks can more aptly afford to hire a broker, or exert internal resources to finding IPv4 space.
>>>> 
>>>> I was looking thru the recent transaction list, and I can see that people/brokers have been quite creative in finding space.  I found a couple of instances of smaller colleges who received a class B who have decided to sell off the top half of that space. Since they were likely already behind NAT with the student network and may have never actually used that upper block of numbers, this allows them to make some needed cash for other needs.  Even some of the class A networks like the US Postal Service do not seem to have exposed to the internet anything except the lowest ranges of their allocation, and I guess once the "Price is Right" some of this space may move as well.
>>>> 
>>>> Since it has been over 8 years since the official exhaust of IPv4 at the meeting in Miami, I believe that new actors should be instead of using the transfer list to get space should be using the IPv6 deployment block. Since every major OS already has IPv6 support baked in for many years, those setting up new are fools not to be using IPv6 as well. ARIN should do all it can in its policies to promote IPv6.
>>>> 
>>>> Setting the waiting list to a /22 is a good start to eventually putting all returns into the IPv6 deployment block.  I also think that the time is soon near to REQUIRE the receiver of transfered IPv4 space to have IPv6 in place as a condition of receiving space.
>>>> 
>>>> When we were talking about the use of passive theft detectors like at supermarkets, I think ARIN has a very good one which is questioning why those who just received numbers a year ago suddenly want to get rid of them.  This is such an unusual condition and should automatically trigger a number review.  As long as this is being done, we may not need to do these other things to prevent abuse.
>>>> 
>>>> The market is still bringing out IPv4 numbers to their highest and best use, but eventually this will not be enough.  Not starting to move toward IPv6 is foolish in todays world, where most commercial circuits will include it without extra charge, and the need for tunnel brokers have therefore been greatly reduced.  I have been doing IPv6 for 12 years, due to a 2008 US Federal Government requirement, and it really is not that hard.  Even this mailing list is nearly always dispatched to me over IPv6 protocol without any issue.  Same with Gmail and other large email providers.  I do think we are close to the tipping point for IPv6. After that point, the value of IPv4 numbers will began to drop.
>>>> 
>>>> Albert Erdmann
>>>> Network Administrator
>>>> Paradise On Line Inc.
>>>> 
>>>> On Fri, 1 Mar 2019, Robert Clarke wrote:
>>>> 
>>>>> Hi Tom,
>>>>> 
>>>>> I agree with your point that the transfer market has been an excellent vehicle for moving space around the ARIN community. If people want to lose 15% of their money to a broker vs. finding a buyer themselves, that is up to them. I don’t think this constitutes bad behavior to any parties involved and I am definitely for brokerage services operating in the space.
>>>>> 
>>>>>> Furthermore, even within the waiting list, the problem appears with only a small percentage of recipients (25 re-transfers out of 682 total), although this does impact a high percentage of the waiting list block space since the abusers are almost entirely doing this with larger blocks.
>>>>> 
>>>>> 
>>>>>> Yes, it’s possible there is abuse with the small blocks off the waiting list as well, but so far we aren’t seeing it (only 3% of smaller blocks have been re-transferred vs. 42% of the larger blocks).  Now, perhaps if we restrict the waiting list block size to a /22 these bad actors will start playing the same game with /22s, but we don’t have any evidence that will occur.
>>>>> 
>>>>> 
>>>>> As I have mentioned on at least 2 occasions in the past few days; the re-transfers statistics are not an indication of the actual scale of the fraud problem we have here in the community. It is in ARIN’s policies that re-transfers are under careful supervision, and I’m sure any smart criminal wouldn’t think to transfer it out immediately but rather sub-lease the space in the meantime. Why are you clinging to the re-transfer stats and not acknowledging the basic misalignment of incentives with the current system?
>>>>> 
>>>>> Best Regards,
>>>>> 
>>>>> Robert Clarke
>>>>> CubeMotion LLC
>>>>> robert at cubemotion.com
>>>>> M: +1 (844) 244-8140 ex. 512
>>>>> 300 Lenora Street #454, Seattle, WA, 98121
>>>>> 
>>>>>> On Mar 1, 2019, at 10:26 AM, Tom Fantacone <tom at iptrading.com> wrote:
>>>>>> 
>>>>>> Hi Bill,
>>>>>> 
>>>>>> At 06:35 PM 2/28/2019, William Herrin wrote:
>>>>>>> On Tue, Feb 26, 2019 at 9:49 AM ARIN <info at arin.net> wrote:
>>>>>>>> A significant percentage of organizations that receive blocks
>>>>>>>> from the waiting list subsequently issue these blocks to other
>>>>>>>> organizations via 8.3 or 8.4 transfers shortly after the one year
>>>>>>>> waiting period required before engaging in such outbound transfers.
>>>>>>> 
>>>>>>> I'm shocked to learn that people are playing arbitrage with the
>>>>>>> transfer process. Oh wait, no I'm not. I may have even expressed my
>>>>>>> expectation that we'd see this sort of behavior back when we debated
>>>>>>> the transfer policies. If I had the time, I might dig out my old
>>>>>>> emails just so I could say I told you so.
>>>>>> 
>>>>>> While we have a problem with the waiting list that we’re trying to address here, I think it's important to point out that the transfer market as a whole has proven an excellent vehicle for moving number resources from those who no longer need them to those who do.  This “gaming of the system” is restricted to a subset of the waiting list, and the number of blocks issued on the waiting list is less than 10% of the blocks transferred in the ARIN region during the same time period.  (682 blocks have been issued via the waiting list, and a quick look at ARIN’s transfer stats indicates roughly 8,000 blocks transferred in the same time frame since 2015 if I’m reading it correctly).  If we look at the ratio in terms of total address space, I suspect the waiting list comprises an even smaller percentage, though I can’t readily find those figures.
>>>>>> 
>>>>>> Furthermore, even within the waiting list, the problem appears with only a small percentage of recipients (25 re-transfers out of 682 total), although this does impact a high percentage of the waiting list block space since the abusers are almost entirely doing this with larger blocks.
>>>>>> 
>>>>>> The point is that while “The problem statement is pretty damning
>>>>>> ” (quoting Kevin Blumberg), the sky is not falling due to the transfer markets.  It’s damning within the small subset of re-transfers of blocks received off the waiting list.
>>>>>> 
>>>>>>>> the organization will be provided the option to be placed on
>>>>>>>> a waiting list of pre-qualified recipients, listing both the block size
>>>>>>>> qualified for or a /22, whichever is smaller, and the smallest block
>>>>>>>> size acceptable, not to exceed a /22.
>>>>>>> 
>>>>>>> I fail to see how this solves the problem. For $20k a pop, I can clear
>>>>>>> a tidy profit on a year, a shell company and some paperwork. Sure I'd
>>>>>>> rather get $200k a pop but the change doesn't make the effort
>>>>>>> unattractive. I really just need to create more shell companies.
>>>>>>> 
>>>>>>> This approach is reactive. Oh, the fraud is mostly on the big blocks
>>>>>>> so stop that. Oh, now the fraud is on the smaller blocks, what do we
>>>>>>> do? Don't react. Get ahead of the problem. That's what you do.
>>>>>> 
>>>>>> Yes, it’s possible there is abuse with the small blocks off the waiting list as well, but so far we aren’t seeing it (only 3% of smaller blocks have been re-transferred vs. 42% of the larger blocks).  Now, perhaps if we restrict the waiting list block size to a /22 these bad actors will start playing the same game with /22s, but we don’t have any evidence that will occur.
>>>>>> 
>>>>>> Others have pointed out issues of abuse in RIPE where LIRs are spun up to grab /22s from the final /8, but the 2 environments are different.  First, there is no justification requirement in RIPE.  Form a corp, have a presence in the RIPE region, and you get a /22 whether you can justify it or not.  That may not exactly be a noble action in support of the spirit of the RIPE community, but for the most part, it is policy-compliant.  In ARIN, you have to justify your need and sign an affidavit affirming your justification which makes willful misrepresentation fraudulent.   That’s a much higher disincentive to go through for a /22 than in RIPE, where basically it’s just frowned upon.  And per John Curran’s remarks, ARIN has revoked address space when investigating why some of these actors are selling their waiting list space shortly after receiving it.  So these gamers could risk an audit of their full address holdings in order to con ARIN out of a /22.  The “abuse” in RIPE regarding the final /8 is also heavily concentrated in a few member nations and, suffice it to say, those same nations are not ARIN members.
>>>>>> 
>>>>>> Regards,
>>>>>> 
>>>>>> Tom
>>>>>> 
>>>>>> 
>>>>>> _______________________________________________
>>>>>> ARIN-PPML
>>>>>> You are receiving this message because you are subscribed to
>>>>>> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
>>>>>> Unsubscribe or manage your mailing list subscription at:
>>>>>> https://lists.arin.net/mailman/listinfo/arin-ppml
>>>>>> Please contact info at arin.net if you experience any issues.
>>>>> 
>>>> _______________________________________________
>>>> ARIN-PPML
>>>> You are receiving this message because you are subscribed to
>>>> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
>>>> Unsubscribe or manage your mailing list subscription at:
>>>> https://lists.arin.net/mailman/listinfo/arin-ppml
>>>> Please contact info at arin.net if you experience any issues.
>>> 
> 
> _______________________________________________
> ARIN-PPML
> You are receiving this message because you are subscribed to
> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
> Unsubscribe or manage your mailing list subscription at:
> https://lists.arin.net/mailman/listinfo/arin-ppml
> Please contact info at arin.net if you experience any issues.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20190302/6ea48ab5/attachment-0002.html>


More information about the ARIN-PPML mailing list