[arin-ppml] Draft Policy ARIN-2019-18: LIR/ISP Re-Assignment to Non-Connected Networks
Mike Burns
mike at iptrading.com
Mon Sep 30 15:27:43 EDT 2019
Hi Albert,
Thank you for your thoughtful post and sharing your relevant experience.
I also have relevant experience here, as a broker of nearly 800 transfers around the world, a broker of leases, a lessor, an ARIN legacy and RSA resource holder and member and a RIPE legacy and RSA resource holder and LIR who has run a mail server continuously since 1996.
Blacklists of the kind you describe are a daily issue for me. Let me talk about two of them.
Dynamic anti-spamming blacklists are immaterial, they are dynamic and listings are in response to spam or other inputs. They have no place in this discussion.
The other type you mention is a bane. Poorly maintained hard-coded blacklists are an anachronism in today's inter-regional transfer market. Please understand that yesterday's Ukrainian block is today's Australian block. Use dynamic geolocation. Fortunately we encounter these rarely, and almost always the countries being blocked are Russia, China, and sometimes Ukraine. These unfortunate static filters are problems for eyeball networks who purchase addresses. Even when those addresses are properly re-geolocated, various unrelated websites who like you chose the expedient method of providing some security, are unreachable. We find these to be very few in number and almost always very small hosters with these sorts of filters present.
However, the presence of these filters is not the impediment you think it is. We do not find these filters on mail servers. Anybody who is not an eyeballs network has no problem, they are in charge of filtering incoming traffic and of course they won't filter their own blocks. It's a thing, but it's not a big issue in the lease market and not a driver.
As far as ARIN fee reduction if they transitioned to a strictly bookkeeping role and did not spend staff time on justifications, I can't speak to that. In RIPE, LIRs have had fee rebates the last several years, but not due to the time savings of not having to do needs tests, it comes from the swelling of LIR numbers with "new LIRs" joining to slurp up the dregs of the remaining free pool at RIPE, which is reserved for new entrants.
Regards,
Mike
-----Original Message-----
From: hostmaster at uneedus.com <hostmaster at uneedus.com>
Sent: Monday, September 30, 2019 3:05 PM
To: Mike Burns <mike at iptrading.com>
Cc: 'arin-ppml' <arin-ppml at arin.net>
Subject: RE: [arin-ppml] Draft Policy ARIN-2019-18: LIR/ISP Re-Assignment to Non-Connected Networks
I suspect the reason that RIPE address space has not been abused to the extent of ARIN registered space is that a lot of operators already are blocking non ARIN space in their networks, and the abusers are choosing not to lease there.
As an example, I host a BBS type operation for a community in Florida, USA. This board attracted a lot of comment spam. It was dealt with by simply excluding all the non-ARIN /8's from being permitted to post using the Apache .htaccess features. I also know of email operators that block interchange of mail from those in certain regions of the world as well. I use a dynamic list on my mailserver to exclude certain addresses that have been recently been spamming.
I am sure that those who choose to abuse are aware of these restrictions and choose to obtain address blocks that allow them to do whatever they want, at least until they get blacklisted and they move on.
Of course, if we let the marketplace do the work, it means that ARIN will be doing less work screening requests for space and as such there would need to be consideration of cutting ARIN dues to make up for the fact that ARIN would no longer require as big of a budget if the marketplace has taken over the screening job once done by staff before a transfer is permitted.
As for RIPE, did they lower their dues when they got rid of any needs based screening?? Clearly their costs would have went down if they are no longer checking for needs.
Albert Erdmann
Network Administrator
Paradise On Line Inc.
On Mon, 30 Sep 2019, Mike Burns wrote:
> Hi Albert,
>
> You can't just wave away RIPE's experience like that.
> I raised it to dispel the idea that a "free for all" leads to bad results.
>
> All the rest of your post is hand-waving of supposed bad results.
> If bad results will ensue, where are they at RIPE?
> Can you answer that simple question?
>
> Regards,
> Mike
>
>
> -----Original Message-----
> From: hostmaster at uneedus.com <hostmaster at uneedus.com>
> Sent: Monday, September 30, 2019 2:37 PM
> To: Mike Burns <mike at iptrading.com>
> Cc: 'Fernando Frediani' <fhfrediani at gmail.com>; 'arin-ppml'
> <arin-ppml at arin.net>
> Subject: Re: [arin-ppml] Draft Policy ARIN-2019-18: LIR/ISP
> Re-Assignment to Non-Connected Networks
>
> Like Fernando I am also strongly opposed to the leasing of IPv4 addresses and oppose getting rid of the "operational use" requirement in 8.5.2.
>
> I really DO NOT CARE what RIPE policy is, since we are discussing ARIN policy on this list. I do not agree with RIPE policy on this subject, and have no desire whatsoever to move ARIN's policy in the direction of RIPE.
>
> It is wrong to get rid of the "operational use" requirement in 8.5.2. If one wants to have addresses that are not connected to the Internet, they can use RFC1918 addresses, the CGNAT block of addresses, or camp out on certain class A government space that is not currently being routed.
>
> With 7 billion people on the earth, and only 4.3 billion possible IPv4 addresses, addresses should be only assigned, allocated and registered by ARIN for active use.
>
> All of the proceedures for determining the network size that an organization qualifies for goes out the window if leasing is actively permitted by ARIN policy, as this wording change is attempting to allow.
> I strongly suspect that should the operational use requirement be struck, the next policy proposal will be to remove all the qualification requirements in section 4, which will have the effect of turning the IPv4 market into a free for all.
>
> Currently, the ability to obtain IPv4 resources is constrained by the requirement to prove to ARIN that you need the addresses for your operational use in a network, which will be claimed to be no unneeded once the "operational use" requirement is gone, leaving ARIN to be nothing more than a registration operation.
>
> While this is claimed to reduce one problem with leasing IPv4 addresses (lack of registration and associated abuse contacts) it causes other issues. Often network abusers lease addresses for abuse, dumping them and leasing others when they get blacklisted.
>
> I realize that some of the larger North American Cellular Carriers also have been known to lease IPv4 space, these carriers would be forced to go the normal route (and have no problems doing so) if leasing is prohibited.
>
> Fernando spelled out in his statement a lot of other reasons why leasing should not be allowed, and why the "operational use" requirement should not be permitted to go away to allow leasing.
>
> Albert Erdmann
> Network Administrator
> Paradise On Line Inc.
>
>
>
> On Mon, 30 Sep 2019, Mike Burns wrote:
>
>>
>> Hi Fernando,
>>
>>
>>
>> You said “RIR is and has always been the one who drives the resources
>> to be efficientlly assigned by analysing justifications not private
>> transfer companies. If an organization is not using resouces efficiently it either may change its resource assignment strategy otherwise it doesn't justify for those addresses anymore and should return them back to the RIR.”
>>
>>
>>
>> There is no policy in ARIN to return un-needed space. IPv4 resource
>> holders own something of value, which is what economists call an
>> “alienable asset”. It is possible for such resource holders to return such space to ARIN, but you don’t have to be an economist to understand why they don’t and haven’t for the most part.
>>
>>
>>
>> Your method has been tried, and it was really a good try. The effort was decades-long, yet recognized a failure by the clear evidence of the routing table.
>> So much space allocated, yet not routed. Not enough to be explained
>> away by internal use; this is unconvincing. No, the space sat on the
>> sidelines, it was not returned to ARIN. Until the market provided the
>> missing incentive to action, and that action is also quite visible in the routing table and transfer logs. The profit incentive, the draw of lucre, the absurd effect of price have led to an increase in the efficient use of the IPv4 address universe. Geoff Huston did a good analysis of the source of transferred addresses and showed the market brought many never-routed addresses into efficient use.
>> https://blog.apnic.net/2017/01/09/studying-ipv4-transfer-market-repor
>> t
>> ed-transfers/
>>
>>
>>
>> You also said “It is pretty reasonable to think that in no RIRs you
>> are able justify more IP space by saying ‘I need these addresses in order to lease them to someone else’. If that is never a possible justification that can be used therefore leases don't make any sense.”
>>
>>
>>
>> Anybody can indeed purchase RIPE addresses via transfer solely for
>> the purpose of leasing them out. That is because RIPE does not have a
>> needs justification for transfers (nor policy forbidding leasing).
>> And that is because, in my opinion, the RIPE community realized that their intrinsic role of conservation would now be undertaken by market forces. These can be relied upon to bring un- and under-utilized addresses to their “highest and best use”, again as economists say.
>>
>>
>>
>> But you do bring up the relevant question in the context of this ARIN
>> policy proposal, which is whether leasing to a “connected” customer
>> is all that different from leasing to a “non-connected” customer when
>> it comes to justifications. In the first case, the ISP normally registers the assignment of this block to his customer in Whois and can use it as justification. In the second there is no such registration requirement and the lease can’t be used as a justification. To me this is a problem, and I think there is a solution.
>>
>>
>>
>> Conservation and Registration are our lodestars. In this case pricing
>> will handle conservation, but what about registration? What about
>> when pricing drives Conservation at the expense of Registration? I am on record as supporting the RIPE model, which allows for lessors to purchase lease inventory, with registered transfers, and also allows them to record leases as assignments that include access to important contact information.
>>
>>
>>
>> The simple and straightforward answer here is to end the needs-test for transfers. RIPE has shown us the way, taken the “risk” and now we can look at years’
>> and thousands of transfers’ worth of data. Anybody see any problems resulting from the dropping of the needs test in RIPE?
>>
>>
>>
>> Absent dropping the needs test for transfers, the logical step in the
>> context of this policy allowing leasing, is to allow certain leases
>> to be used for justifications while at the same time providing policy
>> requiring registration (SWIP) and documentation (Letter Of Agency).
>> It’s my opinion that this carrot and stick approach will induce Lessors to properly register their leases while also providing a clear demarcation of leasing versus hijacking that will empower our community and potentially law enforcement. You want to purchase addresses because you think you can make money in their rental? Fine, show us that you are efficiently using your prior allocations and properly registering assignments.
>>
>>
>>
>> There should be no difference in the way we treat those who assign to
>> “non-connected” or “connected” networks. ARIN calls a VPN a
>> connection. Times have moved on, and any two networks can be easily “connected” for the purposes of policy-compliance only. So why trade the lack of insight into IPv4 block contact information for the maintenance of this fig-leaf?
>>
>>
>>
>> Regards,
>> Mike Burns
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> From: ARIN-PPML <arin-ppml-bounces at arin.net> On Behalf Of Fernando
>> Frediani
>> Sent: Saturday, September 28, 2019 7:20 PM
>> To: arin-ppml <arin-ppml at arin.net>
>> Subject: Re: [arin-ppml] Draft Policy ARIN-2019-18: LIR/ISP
>> Re-Assignment to Non-Connected Networks
>>
>>
>>
>> I strongly oppose this proposal.
>>
>>
>>
>> Leasing of IP addresses in such way should never be permmited and is a distortion of the way IP addresses must be used by organizations.
>>
>>
>>
>> The main reason is simple: if an organization is "leasing" IP address
>> it is a clear sign that the organization does not have usage for that
>> IP space and as it doesn't justify anymore it should therefore return them back to the RIR in order to be re-assigned to those who really have a need for it, via waiting list or other methods covered by the policies.
>>
>>
>>
>> It is pretty reasonable to think that in no RIRs you are able justify
>> more IP space by saying "I need these addresses in order to lease them to someone else".
>>
>> If that is never a possible justification that can be used therefore leases don't make any sense.
>>
>>
>>
>> If an organization needs further IP space for a temporary project it
>> may just get from the LIR or ISP but if that is not possible and the organization is an Autonomous System it can just go to market and get it transfered permanentlly.
>>
>> Either from the RIR or transfered via market addresses must be justified and leases are nothing but unused address by who is willing to lease.
>>
>>
>>
>> The justification given to allow organizations to facilitate
>> transition to IPv6 does not apply at all as organizations can go directlly to the RIR for that (4.10). Why would it get via a lease bypassing the RIR ?
>>
>>
>>
>>
>>
>> By allowing leases it is just skipping the RIR's function to fairly re-distribute them and passing it private companies with financial interests.
>>
>>
>>
>> I think 8.5.2 is already properly written and doesn't require any change.
>>
>> Also Non-Connected Networks is not properly defined.
>>
>>
>>
>> Regarding the point about Conservation to be done through market pricing I will skip to comment such absurd thing.
>>
>>
>>
>> Regards
>>
>> Fernando
>>
>>
>>
>> On Tue, 24 Sep 2019, 17:41 ARIN, <info at arin.net> wrote:
>>
>> On 19 September 2019, the ARIN Advisory Council (AC) accepted
>> "ARIN-prop-277: LIR/ISP Re-Assignment to Non-Connected Networks" as a
>> Draft Policy.
>>
>> Draft Policy ARIN-2019-18 is below and can be found at:
>>
>> https://www.arin.net/participate/policy/drafts/2019_18/
>>
>> You are encouraged to discuss all Draft Policies on PPML. The AC will
>> evaluate the discussion in order to assess the conformance of this draft
>> policy with ARIN's Principles of Internet number resource policy as
>> stated in the Policy Development Process (PDP). Specifically, these
>> principles are:
>>
>> * Enabling Fair and Impartial Number Resource Administration
>> * Technically Sound
>> * Supported by the Community
>>
>> The PDP can be found at:
>> https://www.arin.net/participate/policy/pdp/
>>
>> Draft Policies and Proposals under discussion can be found at:
>> https://www.arin.net/participate/policy/drafts/
>>
>> Regards,
>>
>> Sean Hopkins
>> Policy Analyst
>> American Registry for Internet Numbers (ARIN)
>>
>>
>>
>> Draft Policy ARIN-2019-18: LIR/ISP Re-Assignment to
>> Non-Connected Networks
>>
>> Problem Statement:
>>
>> Businesses have a need to lease IPv4 space for limited periods of time,
>> as evidenced by a robust (technically prohibited) subleasing market. The
>> lack of legitimization of the subleasing market hinders innovation,
>> research, reporting, and the development of rules/industry best
>> practices to ensure identifiability and contactability.
>>
>> Policy statement:
>>
>> ORIGINAL POLICY LANGUAGE
>>
>> 2.4. Local Internet Registry (LIR)
>>
>> A Local Internet Registry (LIR) is an IR that primarily assigns address
>> space to the users of the network services that it provides. LIRs are
>> generally Internet Service Providers (ISPs), whose customers are
>> primarily end users and possibly other ISPs.
>>
>> PROPOSED POLICY LANGUAGE
>>
>> A Local Internet Registry (LIR) is an IR that primarily assigns address
>> space to the users of the network services that it provides. LIRs are
>> generally Internet Service Providers (ISPs), whose customers are
>> primarily end users and possibly other ISPs.
>>
>> LIRs may also assign address space to other organizations or customers
>> that request it for use in an operational network.
>>
>> ORIGINAL POLICY LANGUAGE
>>
>> 8.5.2 Operational Use
>>
>> ARIN allocates or assigns number resources to organizations via transfer
>> solely for the purpose of use on an operational network.
>>
>> PROPOSED POLICY LANGUAGE
>>
>> Option 1 : Remove 8.5.2 entirely
>>
>> Option 2 : Edit as follows
>>
>> 8.5.2 Operational Use
>>
>> ARIN allocates or assigns number resources to organizations via transfer
>> solely primarily for the purpose of use on an operational network, but
>> may allocate or assign number resources to organizations for other
>> purposes, including re-assignment to non-connected networks .
>>
>> Comments:
>>
>> Timetable for implementation: Immediate
>>
>> Anything Else:
>>
>> The legitimization of a subleasing market for IPv4 has numerous business
>> and community benefits, including (but not limited to):
>>
>> - Allowing organizations to efficiently utilize IPv4 space without
>> transferring space permanently;
>> - Allowing organizations to obtain IPv4 space for a limited time in
>> order to facilitate transition to IPv6;
>> - Allowing organizations to develop enforceable acceptable use policies
>> in a previously lawless illegitimate space;
>> - Allowing the community to develop reporting and recording standards
>> and/or best practices to the benefit of preserving the integrity of IPv4
>> address space.
>> - We would like to engage further with the ARIN community to discuss the
>> current state of the unauthorized subleasing market, and how this
>> proposed policy change would both update ARIN policies to reflect the
>> reality of the subleasing market, and positively address business and
>> community concerns.
>>
>> _______________________________________________
>> ARIN-PPML
>> You are receiving this message because you are subscribed to
>> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
>> Unsubscribe or manage your mailing list subscription at:
>> https://lists.arin.net/mailman/listinfo/arin-ppml
>> Please contact info at arin.net if you experience any issues.
>>
>>
>>
>
>
More information about the ARIN-PPML
mailing list