[arin-ppml] IP leasing policy
Mike Burns
mike at iptrading.com
Wed May 29 20:13:10 EDT 2019
Hi Scott and Fernando,
Thank you for the change of subject and the discussion.
Fernando, your vision of how things should be is reasonable and consistent, but archaic in the market era.
We did things your way for decades, people did not return addresses for reasons involving utilization.
Why not audit them? Too expensive and fraught.
The community decided to provide incentives in the form of payment for IPv4 blocks.
We began that in 2010 and since then transfers have provided the bulk of new allocations worldwide.
The lure of lucre brought un- and under-utilized addresses to the market, which by nature elevates them to their most productive use.
That has brought us to the current state. Whereas leasing was always problematical because it allowed the lessor to claim more address space from the RIRs by demonstrating efficient usage of his blocks, now there are basically no free pools at the RIRs, so there shouldn't be the same worries.
In the absence of a policy, leasing is quite openly advertised and is legitimate, although not a valid justification for ARIN to approve more space for the Lessor.
For the present, we should have a policy that recognizes legitimate leasing types (LOA, VPN) and requires the same sorts of assignment and delegation records commonly done by ISPs for their customers.
It should recognize that blocks can be legitimately advertised under un-related ASNs with a valid Letter of Authorization, which must contain certain information.
It could have a process for identifying ARIN members who are participating in a lease policy violation, for notifying them, and for potentially punishing them under RSA terms.
We see more market participants who have a longer view of the duration of the transition to IPv6, and in a time of continually rising IPv4 prices, who can blame address block holders who want to lease their blocks?
At the end of the lease, instead of depreciated and worn-out assets, they could be shiny and more valuable then when the lease started.
(Or they could be blacklisted.)
Regards,
Mike
---- On Wed, 29 May 2019 19:33:25 -0400 Scott Leibrand <scottleibrand at gmail.com> wrote ----
On Wed, May 29, 2019 at 4:11 PM Fernando Frediani <mailto:fhfrediani at gmail.com> wrote:
On 29/05/2019 19:26, Scott Leibrand
wrote:
(New subject line for a new topic.)
You just described a lease policy: one where
leasing is not allowed. Such a policy would have to exist to
be enforced. Right now there is no policy, so leasing is
allowed because it's not prohibited.
No it doesn't. When someone leases IP addressing it proves it
doesn't have use for its original justification. No one can think
asking for more IP addressing and justify as "I need them to lease
them" is something that would be ever accepted. If it is not a
justification you can give to get more IPs from the RIR than it is
not a accepted practice.
ISPs lease space to their customers all the time, bundled
with IP connectivity. Hosting companies do the same. So do
VPN providers. The challenge with a "no leasing allowed"
policy is differentiating between a valid reassignment of
space to accompany multihomed IP connectivity, vs. an
invalid reassignment of space intended primarily as a lease,
where any IP connectivity provided is incidental, or a fig
leaf VPN that simply is set up to comply with the policy.
That has nothing to do with the topic and is a totally different
matter. It is conceptual. ISPs allocate IP address to their
customers **which are not autonomous system** and cannot get them
directly from the RIR.
That's not the only way IPs are allocated, reallocated, and assigned in the RIR system. It's also possible, and common, for an ISP to receive an allocation from ARIN, and reallocate it to multihomed downstream customers who do have their own ASN and are running BGP. The ISP assigning the space may be the primary provider of IP connectivity for the customer at the time of the reallocation, but may not remain so. Or they may be one of multiple upstream transit providers, and just happen to be the one from whom it's easiest/cheapest to get the needed IPv4 space.
That's the main propose of an ISP Autonomous
System go to the RIR to ask for IP space, to serve their internal
needs and customers with Internet Services.
When IP leases becomes the only service and **to another ASN** which
inside the rules can ask directly to the RIR is certainly not the
same thing as an ISP who allocates IP space to their end-user
customer.
What if IP leases aren't the *only* service, but the IP space is bundled with IP connectivity of some sort? What kind of IP connectivity is sufficient to make this "an ISP who allocates IP space to their end-user customer" vs. an impermissible case of "IP leases becomes the only service"?
A more tractable policy on leasing might focus on things
like requiring registration of the downstream recipient of
any leased space. There may be other requirements that
could be meaningfully enforced as well, but you'll need to
be careful not to try to enforce requirements that impinge
on the business of legitimate IP transit and hosting
providers.
That's not legitimate I'm sorry. It's not difficult to think
things like: 1) Any Autonomous System should always go to the RIR
and ask for more IP addresses
Such a policy would put most multihomed autonomous systems in violation of your policy at some point in their growth.
2) If it has to go around it and get
from another ASN there is something very wrong with it. Those
addresses where given **to that ASN** for their internal use or
end-user customers
The downstream ASN is their end-user customer. That's why reallocations exist, and not just reassignments. But even reassignments are often made to ASNs defined as end users (organizations not themselves acting as ISPs and performing further reassignments).
3) If those addresses were given for this
proposes and someone is not using (internal use or end-user who
are not ASN) then that ASN doesn't justify for the IP space
received anymore.
Such a policy would force the reclamation of a lot of legitimately in-use space that is still in use primarily because it's difficult to renumber out of.
Before going ahead and writing a more specific and clear policy
for that need to find out how ARIN currently reads and apply that.
Then think in a proper and well written policy to cover where else
needed.
I find very concerning defenses "as something pretty normal" use
of IP address for proposes which they were never meant over the
last decades, be a speculating and monetizing asset rather than
serve to get people connected to the internet going against
conversation and justification concepts. I see it seems the recent
times of IPv4 exhaustion is making many to forget the very basics
of Internet foundation and treat IP space as his very own asset
and something irrevocable and unrecoverable.
You seem to have a very limited view of how IPs are allocated, reallocated, and reassigned between legitimate network operators who aren't trying to circumvent the rules. Such practices have been in place since before IPv6 existed. It's not about treating IP space as property. In fact, it's the reverse: historically the use of Provider Assigned space when possible was the norm, and "everyone gets their own IP space from an RIR via direct allocation/assignment or via transfer" is a fairly recent practice (much more common within the last decade or so).
-Scott
On Wed, May 29, 2019 at 2:46
PM Fernando Frediani <mailto:fhfrediani at gmail.com>
wrote:
A lease policy should never exist in my opinion and
registries should stand strong against it for the simple
reason that IPs are not assets or something that belong
to a company for it to lease.
Is it always necessary to remind that IP addresses are
meant to be used by the resource holders who justified
for that ? If someone is leasing it it obviously means
it does not need and justify anymore for that IP space
and any RIR should recover them immediately. If such a
policy doesn't exist on its terms it should exist and
should be discussed to make it sooner.
I would recommend some Jon Postel reading to those who
believe "it is Ok to lease IPs" as if they were they
very own asset as a router or a server that you buy with
a invoice and you do whatever you like with it.
This type of thing goes pretty much against concepts of
conservation and justification.
Imagine if someone asked a RIR more IP address and may
justify as "I need them in order to lease them". That's
what a lease policy would walk towards to.
As I mentioned in the other message, the fact the
people do anyway and the whois doesn't get updated is
**less important** than having people monetizing IP
addresses in such way while there are others on waiting
lists that truly justify for those addresses.
Regards
Fernando
On
29/05/2019 18:02, Mike Burns wrote:
Hi Robert,
The problem of leasing space
before the 12 month waiting period, so as *only*
to avoid that period, is small in my experience.
After a year, any such lessor
could sell if they wanted to, and they have the same
sell/lease incentives as any other ARIN holder.
Do you have evidence that people
are monetizing waiting-list addresses prior to the
12 month period by leasing them?
What you say below, however, is
completely correct.
I have tried to direct the
community towards the glaring absence of a lease
policy at any registry.
I believe it’s time for such a
policy, given the market circumstances we find
ourselves in.
Such a policy would allow for
open leasing, with certain recording requirements
for abuse contacts of the lessee, etc.
I think such a policy would be
in-scope and would yield, in a negative way, to the
desired results of the anti-BGP hacking policy.
Regards,
Mike
From: Robert Clarke mailto:robert at rjfc.net
Sent: Wednesday, May 29, 2019 4:24 PM
To: Mike Burns mailto:mike at iptrading.com
Cc: Fernando Frediani mailto:fhfrediani at gmail.com;
arin-ppml mailto:arin-ppml at arin.net
Subject: Re: [arin-ppml] Waiting List
IPv4 blocks transferred after issuance
Hello Mike,
Why are you using John's
"waiting list IPv4 blocks transferred" numbers as
a baseline for the /19 numbers? This is completely
arbitrary and doesn't give any scale as to the
problem with fraud. See my earlier reply to John's
email in the other thread:
"Thanks
for sharing. I'd like to note that it can be
dangerous to use the blocks transferred via
8.2/8.3/9.4 as a metric for abuse. A fraudster
that gets past ARIN's scrutiny and obtains IPs
with fraudulent information is probably smart
enough to lease their IPs as opposed to selling
the space outright. There is a huge market for
leased space, and those deals happen behind
closed doors with no oversight from ARIN. IP
addresses go for $0.2-0.5/mo depending on
term/IP reputation/size which could lead to
$XX,XXX in illicit revenue with no risk of
ARIN's scrutiny which would normally occur
during the transfer process."
Thanks,
Robert
Clarke
On May 29, 2019, at 8:13
AM, Mike Burns <mailto:mike at iptrading.com>
wrote:
Hi
Fernando,
Thanks
for the discussion.
Many
feel as you do, that unused addresses should
be returned to ARIN for subsequent
distribution to those in need.
Unfortunately,
that policy was not successful in bringing
unused addresses into actual use by those in
need.
The
community decided to harness the profit
motive to incentive this process, and by all
accounts it is working.
Unfortunately
the profit motive also incentivizes
fraudulent plundering of the waiting list
pool.
So
I am happy to discuss the correct balancing
of things to prevent fraud but allow the
market to continue to drive us towards the
desirable ends of accurate registration and
efficient use.
Since
the /19 is the threshold number of sorts for
flipping, I could accept a /20 as the
maximum size.
I
think a 2 year wait is reasonable, but I
don’t see the additional benefit as worth
the distinction of ARIN space into more
classes.
And
making it more complicated with multiple
waiting periods is even less desirable, IMO.
Regards,
Mike
From: ARIN-PPML
<mailto:arin-ppml-bounces at arin.net> On
Behalf Of Fernando
Frediani
Sent: Wednesday,
May 29, 2019 10:50 AM
To: mailto:arin-ppml at arin.net
Subject: Re:
[arin-ppml] Waiting List IPv4 blocks
transferred after issuance
On 29/05/2019
11:31, Mike Burns wrote:
Orgs will wait
out any period, sitting with unused
addresses until they reach the resale
date. Not efficient use.
If it's not a
legacy resource and if ARIN gets to know
about it, it may just recover this
addresses even if the resource holder is
paying it correctly. That's how it should
work.
People will lease
unused addresses to others and Whois
accuracy will suffer if they can’t resell
them. Not accurate registration.
If people lease
they prove they have no use for the
addresses and again ARIN should recover
them at any time. If whois is inaccurate,
well it is their fault and not policies
fault. They must bind to the current rules
not the other way round.
I think we should
give everybody currently on the list up to
a /19 and then restrict new entries to a
/22.
Fair
to discuss this scenario, although I still
think /19 is too much. Agree on /22 for new
entries.
I think a 5 year
resale wait is too long, based on the
paltry resales of prior waiting-list
subnets smaller than /19.
It
may be long, but 2 years seems a little
short and 'acceptable' for a fraudster.
Perhaps something in between.
I support a /22
restriction for new entrants, a /19 max
for current list members, and maintenance
of the 12 month wait for simplicity’s
sake.
What
about discuss /22 for new entrants, /20 for
current list members and 36, 42 or 48 months
for transfers ? Seems more reasonable in my
view and cover most aspects of this
discussion.
Regards,
Mike
From: ARIN-PPML mailto:arin-ppml-bounces at arin.net On
Behalf Of Fernando
Frediani
Sent: Wednesday,
May 29, 2019 8:51 AM
To: mailto:arin-ppml at arin.net
Subject: Re:
[arin-ppml] Waiting List IPv4 blocks
transferred after issuance
+1
On 28/05/2019
23:52, Owen DeLong wrote:
Mike,
Yes and no. I
believe that the lack of legacy
holders for any blocks issued under
4.1.8 reduces the need for the market.
Defunct
organizations can easily be reclaimed
in this space because they stop paying
their ARIN bill.
Eliminating
the resale value of these addresses
won’t really encourage squatting on
them and limiting the size of
organization and size of block that
can benefit from 4.1.8 further helps
to reduce the potential for hoarding.
I realize
that as a broker, any address that
can’t be monetized is a lost
opportunity for your organization, but
I think there’s plenty of addresses
out there that haven’t been processed
through 4.1.8, so I don’t think
limiting the resale potential of such
blocks to reduce fraud is a bad idea.
Owen
On May
28, 2019, at 12:46 , Mike Burns
<mailto:mike at iptrading.com>
wrote:
The
percentages of blocks
transferred takes a
significant leap at the /19
size.
Below
that, the percentages are all
below 7%.
At
/19 and above, the percentages
are all above 21%.
Seems
like a natural demarcation for
maximum block size, but prices
do continue to rise.
While
we want to fight fraud, we
should still remember the
underlying reasons for the
Ipv4 transfer market apply to
these addresses as well.
That
is, the market provides
incentives for efficient use
and accurate registration.
Regards,
Mike
From: ARIN-PPML
<mailto:arin-ppml-bounces at arin.net> On
Behalf Of John
Curran
Sent: Tuesday,
May 28, 2019 1:53 PM
To: ARIN-PPML
List <mailto:arin-ppml at arin.net>
Subject: [arin-ppml]
Waiting List IPv4 blocks
transferred after issuance
Importance: High
Folks
-
It
occurred to me that it might
be useful to have a quick
summary of waiting list
blocks issued and
subsequently transferred.
Attached
is the distribution (count
per prefix size) of all
blocks that have been issued
via ARIN's waiting list
policy and subsequently
transferred via NRPM
8.2/8.3/8.4 policy.
FYI,
/John
John
Curran
President
and CEO
American
Registry for Internet
Numbers
<image001.png>
_______________________________________________
ARIN-PPML
You are receiving this message
because you are subscribed to
the ARIN Public Policy Mailing
List (mailto:ARIN-PPML at arin.net).
Unsubscribe or manage your
mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact mailto:info at arin.net if you experience
any issues.
_______________________________________________
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (mailto:ARIN-PPML at arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact mailto:info at arin.net if you experience any issues.
_______________________________________________
ARIN-PPML
You are
receiving this message because you are
subscribed to
the ARIN
Public Policy Mailing List (mailto:ARIN-PPML at arin.net).
Unsubscribe
or manage your mailing list subscription
at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please
contact mailto:info at arin.net if you experience any issues.
_______________________________________________
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (mailto:ARIN-PPML at arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact mailto:info at arin.net if you experience any issues.
_______________________________________________
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (mailto:ARIN-PPML at arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact mailto:info at arin.net if you experience any issues.
_______________________________________________
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (mailto:ARIN-PPML at arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact mailto:info at arin.net if you experience any issues.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20190529/57ed9906/attachment.htm>
More information about the ARIN-PPML
mailing list