[arin-ppml] [EXT] Re: Open Petition for ARIN-prop-266: BGP Hijacking is an ARIN Policy Violation

Keith W. Hare Keith at jcc.com
Fri May 3 13:28:19 EDT 2019 

Andrew,

This example sounds like a dispute over contract terms.

If company X signed an agreement that has an early termination clause with a $xx,000 fee with yyy conditions and company X has violated the those conditions, it is not an ARIN issue.

If company Y issues a spurious invoice to  company X that is not covered by the contract, how will anything that ARIN does affect that?

What information is ARIN likely to have access to that would allow some group at ARIN to decide that company Y was in violation of something?
Why and how would ARIN get access to the contract between companies X and Y?

Next example?

Keith

From: Andrew Bagrin [mailto:abagrin at omninet.io]
Sent: Friday, May 3, 2019 12:41 PM
To: Keith W. Hare <Keith at jcc.com>
Cc: arin-ppml at arin.net
Subject: Re: [arin-ppml] [EXT] Re: Open Petition for ARIN-prop-266: BGP Hijacking is an ARIN Policy Violation

There are many examples...  Here is one:

- Company X hires hosting company Y for hosting service.
- Company X allows company Y to advertise their IP blocks
- Years later, company X decides to move to another hosting provider.
- There is disagreement on the contract terms, agreement length, renewal (or some other caveat of the relationship) clearly Company Y does not want to lose the revenue from company X.
- Since company Y is losing company X as a customer, they decide to send them a random invoice (justified or not) and say they own them $50k (or whatever amount).
- Company X says, this is BS, we don't owe this. - matter needs time to get resolved (perhaps even legally)
- Company X ask company Y to stop advertising their IP blocks because they are now moving to another hosting provider.
- Company Y says "no, we are not going to fulfill any "support requests" until you pay your invoice"

Hosting providers have been struggling since there has been so much competition, which breeds these types of behavior.

Regardless of disagreements of any kind, an AS should not continue to advertise another's IP blocks if the owner does not want them to.

Again, this is just one example.

In this scenario, ARIN could facilitate with a process by notifying company Y that they are in violation, as well as report to their peering AS's.  It is very helpful to have a simple mechanism in place.

Andrew

On Fri, May 3, 2019 at 11:24 AM Keith W. Hare <Keith at jcc.com<mailto:Keith at jcc.com>> wrote:
Andrew,

So far, I have seen lots of discussion of the issue but I have not seen a single concise coherent complete definition of the BGP hijacking problem that includes:

•         What technical mechanisms are used to create a BGP hijack

•         How BGP hijacking is initiated

•         Why BGP hijacking is possible

•         The frequency of BGP hijacking instances

•         How long BGP hijacking instances last

•         The locations of BGP hijacking instances

•         How information about BGP hijacking instances can be gathered

Without a really clear definition of the problem, it is hard to evaluate the effectiveness of the proposed process.

So far, it is not at all clear to me how the process described in proposal 266 will have any effect on the problem, but that may be because I do not fully understand the problem.

Keith

From: ARIN-PPML [mailto:arin-ppml-bounces at arin.net<mailto:arin-ppml-bounces at arin.net>] On Behalf Of Andrew Bagrin
Sent: Friday, May 3, 2019 10:05 AM
To: Marilson Mapa <marilson.mapa at gmail.com<mailto:marilson.mapa at gmail.com>>
Cc: arin-ppml at arin.net<mailto:arin-ppml at arin.net>
Subject: Re: [arin-ppml] [EXT] Re: Open Petition for ARIN-prop-266: BGP Hijacking is an ARIN Policy Violation

I'm curious why do people not want to let ARIN try to start getting involved to help resolve the issue of hijacking?

Are you doing hijacking and don't want interference?
Are you running a competitive service that you charge for?

Does anyone believe there is a valid reason to hijack and advertise IP space that you do not own? (when the owner of that space does not want you to advertise it)

Why would anyone be against ARIN having a process to help resolve these issues?  Sure we can question how effective it will be, but anything will be more effective than nothing, and by actually doing, failing and learning, ARIN will only improve and refine the process. We will all learn from this.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20190503/cfbf58c7/attachment.htm>

More information about the ARIN-PPML mailing list