[arin-ppml] IP leasing policy

Scott Leibrand scottleibrand at gmail.com
Wed May 29 19:33:25 EDT 2019 

On Wed, May 29, 2019 at 4:11 PM Fernando Frediani <fhfrediani at gmail.com>
wrote:

> On 29/05/2019 19:26, Scott Leibrand wrote:
>
> (New subject line for a new topic.)
>
> You just described a lease policy: one where leasing is not allowed.  Such
> a policy would have to exist to be enforced.  Right now there is no policy,
> so leasing is allowed because it's not prohibited.
>
> No it doesn't. When someone leases IP addressing it proves it doesn't have
> use for its original justification. No one can think asking for more IP
> addressing and justify as "I need them to lease them" is something that
> would be ever accepted. If it is not a justification you can give to get
> more IPs from the RIR than it is not a accepted practice.
>
>
> ISPs lease space to their customers all the time, bundled with IP
> connectivity.  Hosting companies do the same.  So do VPN providers.  The
> challenge with a "no leasing allowed" policy is differentiating between a
> valid reassignment of space to accompany multihomed IP connectivity, vs. an
> invalid reassignment of space intended primarily as a lease, where any IP
> connectivity provided is incidental, or a fig leaf VPN that simply is set
> up to comply with the policy.
>
> That has nothing to do with the topic and is a totally different matter.
> It is conceptual. ISPs allocate IP address to their customers **which are
> not autonomous system** and cannot get them directly from the RIR.
>

That's not the only way IPs are allocated, reallocated, and assigned in the
RIR system.  It's also possible, and common, for an ISP to receive an
allocation from ARIN, and reallocate it to multihomed downstream customers
who do have their own ASN and are running BGP.  The ISP assigning the space
may be the primary provider of IP connectivity for the customer at the time
of the reallocation, but may not remain so.  Or they may be one of multiple
upstream transit providers, and just happen to be the one from whom it's
easiest/cheapest to get the needed IPv4 space.


> That's the main propose of an ISP Autonomous System go to the RIR to ask
> for IP space, to serve their internal needs and customers with Internet
> Services.
> When IP leases becomes the only service and **to another ASN** which
> inside the rules can ask directly to the RIR is certainly not the same
> thing as an ISP who allocates IP space to their end-user customer.
>

What if IP leases aren't the *only* service, but the IP space is bundled
with IP connectivity of some sort?  What kind of IP connectivity is
sufficient to make this "an ISP who allocates IP space to their end-user
customer" vs. an impermissible case of "IP leases becomes the only service"?

>
> A more tractable policy on leasing might focus on things like requiring
> registration of the downstream recipient of any leased space.  There may be
> other requirements that could be meaningfully enforced as well, but you'll
> need to be careful not to try to enforce requirements that impinge on the
> business of legitimate IP transit and hosting providers.
>
> That's not legitimate I'm sorry. It's not difficult to think things like:
> 1) Any Autonomous System should always go to the RIR and ask for more IP
> addresses
>

Such a policy would put most multihomed autonomous systems in violation of
your policy at some point in their growth.


> 2) If it has to go around it and get from another ASN there is something
> very wrong with it. Those addresses where given **to that ASN** for their
> internal use or end-user customers
>

The downstream ASN is their end-user customer.  That's why reallocations
exist, and not just reassignments.  But even reassignments are often made
to ASNs defined as end users (organizations not themselves acting as ISPs
and performing further reassignments).

3) If those addresses were given for this proposes and someone is not using
> (internal use or end-user who are not ASN) then that ASN doesn't justify
> for the IP space received anymore.
>

Such a policy would force the reclamation of a lot of legitimately in-use
space that is still in use primarily because it's difficult to renumber out
of.

Before going ahead and writing a more specific and clear policy for that
> need to find out how ARIN currently reads and apply that. Then think in a
> proper and well written policy to cover where else needed.
>
> I find very concerning defenses "as something pretty normal" use of IP
> address for proposes which they were never meant over the last decades, be
> a speculating and monetizing asset rather than serve to get people
> connected to the internet going against conversation and justification
> concepts. I see it seems the recent times of IPv4 exhaustion is making many
> to forget the very basics of Internet foundation and treat IP space as his
> very own asset and something irrevocable and unrecoverable.
>

You seem to have a very limited view of how IPs are allocated, reallocated,
and reassigned between legitimate network operators who aren't trying to
circumvent the rules.  Such practices have been in place since before IPv6
existed.  It's not about treating IP space as property.  In fact, it's the
reverse: historically the use of Provider Assigned space when possible was
the norm, and "everyone gets their own IP space from an RIR via direct
allocation/assignment or via transfer" is a fairly recent practice (much
more common within the last decade or so).

-Scott

> On Wed, May 29, 2019 at 2:46 PM Fernando Frediani <fhfrediani at gmail.com>
> wrote:
>
>> A lease policy should never exist in my opinion and registries should
>> stand strong against it for the simple reason that IPs are not assets or
>> something that belong to a company for it to lease.
>>
>> Is it always necessary to remind that IP addresses are meant to be used
>> by the resource holders who  justified for that ? If someone is leasing it
>> it obviously means it does not need and justify anymore for that IP space
>> and any RIR should recover them immediately. If such a policy doesn't exist
>> on its terms it should exist and should be discussed to make it sooner.
>> I would recommend some Jon Postel reading to those who believe "it is Ok
>> to lease IPs" as if they were they very own asset as a router or a server
>> that you buy with a invoice and you do whatever you like with it.
>>
>> This type of thing goes pretty much against concepts of conservation and
>> justification.
>> Imagine if someone asked a RIR more IP address and may justify as "I need
>> them in order to lease them". That's what a lease policy would walk towards
>> to.
>>
>> As I mentioned in the other message, the fact the people do anyway and
>> the whois doesn't get updated is **less important** than having people
>> monetizing IP addresses in such way while there are others on waiting lists
>> that truly justify for those addresses.
>>
>> Regards
>> Fernando
>> On 29/05/2019 18:02, Mike Burns wrote:
>>
>> Hi Robert,
>>
>>
>>
>> The problem of leasing space before the 12 month waiting period, so as *
>> *only** to avoid that period, is small in my experience.
>>
>> After a year, any such lessor could sell if they wanted to, and they have
>> the same sell/lease incentives as any other ARIN holder.
>>
>> Do you have evidence that people are monetizing waiting-list addresses
>> prior to the 12 month period by leasing them?
>>
>>
>>
>> What you say below, however, is completely correct.
>>
>> I have tried to direct the community towards the glaring absence of a
>> lease policy at any registry.
>>
>> I believe it’s time for such a policy, given the market circumstances we
>> find ourselves in.
>>
>> Such a policy would allow for open leasing, with certain recording
>> requirements for abuse contacts of the lessee, etc.
>>
>> I think such a policy would be in-scope and would yield, in a negative
>> way, to the desired results of the anti-BGP hacking policy.
>>
>>
>>
>> Regards,
>>
>> Mike
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> *From:* Robert Clarke <robert at rjfc.net> <robert at rjfc.net>
>> *Sent:* Wednesday, May 29, 2019 4:24 PM
>> *To:* Mike Burns <mike at iptrading.com> <mike at iptrading.com>
>> *Cc:* Fernando Frediani <fhfrediani at gmail.com> <fhfrediani at gmail.com>;
>> arin-ppml <arin-ppml at arin.net> <arin-ppml at arin.net>
>> *Subject:* Re: [arin-ppml] Waiting List IPv4 blocks transferred after
>> issuance
>>
>>
>>
>> Hello Mike,
>>
>>
>>
>> Why are you using John's "waiting list IPv4 blocks transferred" numbers
>> as a baseline for the /19 numbers? This is completely arbitrary and doesn't
>> give any scale as to the problem with fraud. See my earlier reply to John's
>> email in the other thread:
>>
>>
>>
>> "Thanks for sharing. I'd like to note that it can be dangerous to use
>> the blocks transferred via 8.2/8.3/9.4 as a metric for abuse. A fraudster
>> that gets past ARIN's scrutiny and obtains IPs with fraudulent information
>> is probably smart enough to lease their IPs as opposed to selling the space
>> outright. There is a huge market for leased space, and those deals happen
>> behind closed doors with no oversight from ARIN. IP addresses go for
>> $0.2-0.5/mo depending on term/IP reputation/size which could lead to
>> $XX,XXX in illicit revenue with no risk of ARIN's scrutiny which would
>> normally occur during the transfer process."
>>
>>
>>
>> Thanks,
>>
>>
>>
>> Robert Clarke
>>
>>
>>
>> On May 29, 2019, at 8:13 AM, Mike Burns <mike at iptrading.com> wrote:
>>
>>
>>
>> Hi Fernando,
>>
>>
>>
>> Thanks for the discussion.
>>
>> Many feel as you do, that unused addresses should be returned to ARIN for
>> subsequent distribution to those in need.
>>
>> Unfortunately, that policy was not successful in bringing unused
>> addresses into actual use by those in need.
>>
>> The community decided to harness the profit motive to incentive this
>> process, and by all accounts it is working.
>>
>>
>>
>> Unfortunately the profit motive also incentivizes fraudulent plundering
>> of the waiting list pool.
>>
>>
>>
>> So I am happy to discuss the correct balancing of things to prevent fraud
>> but allow the market to continue to drive us towards the desirable ends of
>> accurate registration and efficient use.
>>
>>
>>
>> Since the /19 is the threshold number of sorts for flipping, I could
>> accept a /20 as the maximum size.
>>
>> I think a 2 year wait is reasonable, but I don’t see the additional
>> benefit as worth the distinction of ARIN space into more classes.
>>
>> And making it more complicated with multiple waiting periods is even less
>> desirable, IMO.
>>
>>
>>
>> Regards,
>> Mike
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> *From:* ARIN-PPML <arin-ppml-bounces at arin.net> *On Behalf Of *Fernando
>> Frediani
>> *Sent:* Wednesday, May 29, 2019 10:50 AM
>> *To:* arin-ppml at arin.net
>> *Subject:* Re: [arin-ppml] Waiting List IPv4 blocks transferred after
>> issuance
>>
>>
>>
>> On 29/05/2019 11:31, Mike Burns wrote:
>>
>> Orgs will wait out any period, sitting with unused addresses until they
>> reach the resale date. Not efficient use.
>>
>> If it's not a legacy resource and if ARIN gets to know about it, it may
>> just recover this addresses even if the resource holder is paying it
>> correctly. That's how it should work.
>>
>>
>>
>>
>> People will lease unused addresses to others and Whois accuracy will
>> suffer if they can’t resell them. Not accurate registration.
>>
>> If people lease they prove they have no use for the addresses and again
>> ARIN should recover them at any time. If whois is inaccurate, well it is
>> their fault and not policies fault. They must bind to the current rules not
>> the other way round.
>>
>>
>>
>>
>> I think we should give everybody currently on the list up to a /19 and
>> then restrict new entries to a /22.
>>
>> Fair to discuss this scenario, although I still think /19 is too much.
>> Agree on /22 for new entries.
>>
>>
>> I think a 5 year resale wait is too long, based on the paltry resales of
>> prior waiting-list subnets smaller than /19.
>>
>> It may be long, but 2 years seems a little short and 'acceptable' for a
>> fraudster. Perhaps something in between.
>>
>>
>>
>> I support a /22 restriction for new entrants, a /19 max for current list
>> members, and maintenance of the 12 month wait for simplicity’s sake.
>>
>> What about discuss /22 for new entrants, /20 for current list members and
>> 36, 42 or 48 months for transfers ? Seems more reasonable in my view and
>> cover most aspects of this discussion.
>>
>>
>>
>>
>>
>>
>>
>> Regards,
>> Mike
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> *From:* ARIN-PPML <arin-ppml-bounces at arin.net>
>> <arin-ppml-bounces at arin.net> *On Behalf Of *Fernando Frediani
>> *Sent:* Wednesday, May 29, 2019 8:51 AM
>> *To:* arin-ppml at arin.net
>> *Subject:* Re: [arin-ppml] Waiting List IPv4 blocks transferred after
>> issuance
>>
>>
>>
>> +1
>>
>> On 28/05/2019 23:52, Owen DeLong wrote:
>>
>> Mike,
>>
>>
>>
>> Yes and no. I believe that the lack of legacy holders for any blocks
>> issued under 4.1.8 reduces the need for the market.
>>
>>
>>
>> Defunct organizations can easily be reclaimed in this space because they
>> stop paying their ARIN bill.
>>
>>
>>
>> Eliminating the resale value of these addresses won’t really encourage
>> squatting on them and limiting the size of organization and size of block
>> that can benefit from 4.1.8 further helps to reduce the potential for
>> hoarding.
>>
>>
>>
>> I realize that as a broker, any address that can’t be monetized is a lost
>> opportunity for your organization, but I think there’s plenty of addresses
>> out there that haven’t been processed through 4.1.8, so I don’t think
>> limiting the resale potential of such blocks to reduce fraud is a bad idea.
>>
>>
>>
>> Owen
>>
>>
>>
>>
>>
>>
>>
>> On May 28, 2019, at 12:46 , Mike Burns <mike at iptrading.com> wrote:
>>
>>
>>
>> The percentages of blocks transferred takes a significant leap at the /19
>> size.
>>
>> Below that, the percentages are all below 7%.
>>
>> At /19 and above, the percentages are all above 21%.
>>
>> Seems like a natural demarcation for maximum block size, but prices do
>> continue to rise.
>>
>> While we want to fight fraud, we should still remember the underlying
>> reasons for the Ipv4 transfer market apply to these addresses as well.
>>
>> That is, the market provides incentives for efficient use and accurate
>> registration.
>>
>>
>>
>> Regards,
>> Mike
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> *From:* ARIN-PPML <arin-ppml-bounces at arin.net> *On Behalf Of *John Curran
>> *Sent:* Tuesday, May 28, 2019 1:53 PM
>> *To:* ARIN-PPML List <arin-ppml at arin.net>
>> *Subject:* [arin-ppml] Waiting List IPv4 blocks transferred after
>> issuance
>> *Importance:* High
>>
>>
>>
>> Folks -
>>
>>
>>
>> It occurred to me that it might be useful to have a quick summary of
>> waiting list blocks issued and subsequently transferred.
>>
>>
>>
>> Attached is the distribution (count per prefix size) of all blocks that
>> have been issued via ARIN's waiting list policy and subsequently
>> transferred via NRPM 8.2/8.3/8.4 policy.
>>
>>
>>
>> FYI,
>>
>> /John
>>
>>
>>
>> John Curran
>>
>> President and CEO
>>
>> American Registry for Internet Numbers
>>
>>
>>
>>
>>
>>
>>
>> <image001.png>
>>
>> _______________________________________________
>> ARIN-PPML
>> You are receiving this message because you are subscribed to
>> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
>> Unsubscribe or manage your mailing list subscription at:
>> https://lists.arin.net/mailman/listinfo/arin-ppml
>> Please contact info at arin.net if you experience any issues.
>>
>>
>>
>>
>>
>>
>>
>> _______________________________________________
>>
>> ARIN-PPML
>>
>> You are receiving this message because you are subscribed to
>>
>> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
>>
>> Unsubscribe or manage your mailing list subscription at:
>>
>> https://lists.arin.net/mailman/listinfo/arin-ppml
>>
>> Please contact info at arin.net if you experience any issues.
>>
>> _______________________________________________
>> ARIN-PPML
>> You are receiving this message because you are subscribed to
>> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
>> Unsubscribe or manage your mailing list subscription at:
>> https://lists.arin.net/mailman/listinfo/arin-ppml
>> Please contact info at arin.net if you experience any issues.
>>
>>
>>
>> _______________________________________________
>> ARIN-PPML
>> You are receiving this message because you are subscribed to
>> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
>> Unsubscribe or manage your mailing list subscription at:
>> https://lists.arin.net/mailman/listinfo/arin-ppml
>> Please contact info at arin.net if you experience any issues.
>>
> _______________________________________________
> ARIN-PPML
> You are receiving this message because you are subscribed to
> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
> Unsubscribe or manage your mailing list subscription at:
> https://lists.arin.net/mailman/listinfo/arin-ppml
> Please contact info at arin.net if you experience any issues.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20190529/89f61de2/attachment.htm>

More information about the ARIN-PPML mailing list