[arin-ppml] BGP Hijacking Definition

Mike Burns mike at iptrading.com
Mon May 6 14:27:44 EDT 2019

> If Organization A has an agreement/letter of authority to announce 
> addresses that has been allocated/assigned to Organization B, and 
> Organization B wants to replace Organization A with Organization C, 
> but there was some onerous termination clause with Organization A that 
> has not been met so Organization A continues to announce Organization B’s address space, is that BGP Hijacking? To me, this sounds like a contract dispute that depends on the contents of the private contract between A and B.

Correct. ARIN has allocated addresses to organization B. In that case, org A and org B have to sort out their differences in the legal system.
However, we have to be careful with similarities with your next point just below. What are the differences between them ? the lack of a contract or agreement, or the fact that ARIN does not have access to it ? or some other factor ?

> If an organization A does not have a an agreement/letter of authority 
> to announce addresses that has been allocated/assigned to Organization 
> B but does so anyhow and allows that announcement to propagate to the general internet, is that BGP Hijacking? Seems highly likely to be BGP Hijacking.

I agree. Same as above though, we need a very clear definition of what constitutes not having an agreement or a contract before ARIN can make the determination that it is indeed hijacking.

> From the outside, how do we know that an agreement/letter of authority does not exist, is invalid, or is forged?

This is where we have to be very complete, very comprehensive, and as much exhaustive as possible.

Hello list,

The important issues above would be part of a comprehensive lease policy, and violations of that policy thus subject to ARIN 's rebuke. That at least would provide what some of the policymakers intend while acknowledging ARIN's limitations of rebuke to ARIN members. It would provide clear policy language that make hijacks a violation of policy while restraining ARIN's response to those with whom it has a contract.

We can create a lease policy and within it define comprehensively the answers to the questions above, namely what is a valid agreement and what  is a valid LOA. I believe that in a market environment, the absence of a clear policy regarding leasing is a mistake.

Many addresses are "changing hands" via leasing, and we face the danger that Whois will become less relevant as a result.
If we had a lease policy, we could require registration of the leased blocks via SWIP or some other method. We could define the requirements for a valid LoA, terms for dispute resolution, etc. In other words the issues above, onerous termination requirements, contents of a valid lease contract, and definition of a valid Letter of Authority would all be addressed in a comprehensive lease policy.  These definitions would help innocent upstream providers as well, to know they can deploy policy-compliant agreements/LoAs as a defense to any charges of complicity.

I see a lease policy as a way to address the desires of the community to express its anti-hijacking sentiment and to deal with the absence of policy on a growing address distribution mechanism, while staying within ARIN scope.  If similar lease policies were implemented at other RIRs, where they would also be within scope (I believe), then we would be going a long way to achieve the goals of the policy authors, especially if it developed into an inter-regional lease policy. Any hijack would then be a lease policy violation and any complicit members of any RIR would be subject to penalty.


PS We are seeing more leasing, especially as lessors can function effectively as quasi-RIRs, except with extra services. For example, if I want temporary addresses, if I want disparate addresses, if I want specifically pre-geolocated addresses, if I want a smaller subnet than a /24, I can find that more easily from a lessor than from an RIR in many cases. 


More information about the ARIN-PPML mailing list