[arin-ppml] Change of Use and ARIN (was: Re: AFRINIC And The Stability Of The Internet Number Registry System)
owen at delong.com
Tue Sep 7 12:48:13 EDT 2021
> On Sep 6, 2021, at 12:22 AM, John Curran <jcurran at arin.net> wrote:
> On 5 Sep 2021, at 11:15 PM, William Herrin <bill at herrin.us> wrote:
>> On Sun, Sep 5, 2021 at 5:06 AM John Curran <jcurran at arin.net> wrote:
>>> On 5 Sep 2021, at 2:06 AM, William Herrin <bill at herrin.us> wrote:
>>>> Where would a policy draw the line between "this is an ISP" and "this
>>>> is someone leasing addresses?" And who do you destroy as a result,
>>>> since once you have the rule you can't make arbitrary and capricious
>>>> exceptions when someone reasonable comes along and says, "surely you
>>>> didn't mean me!"
>>> As it turns out, we already handle situations like this as ARIN customers
>>> who receive number resources make certain representations about their
>>> need/intended utilization for the resources. There are occasions where
>>> we have to go back and review the actual deployment of the addresses
>>> – and that can become a rather detailed process for folks who don’t
>>> have any alignment between their claimed intended usage and
>>> apparent reality.
>> No, John, that's a different issue completely. You're talking about
>> lazy fraudsters who present fictional documentation. As you point out,
>> ARIN has and uses its tools to revoke addresses whose grantees both
>> never intended to use their addresses as originally claimed and
>> actually used their addresses in a manner which doesn't meet policy.
>> No new policies are needed to support this activity.
> Agreed in that regard.
>> What I'm saying is that given the rich variation of legitimate address
>> uses, folks whose purpose is to lease address space will, if pressed,
>> find it unchallenging to create a useless and inexpensive network
>> which meets the technical need requirement of any rational ARIN policy
>> that can be written and supports the reality of address leasing. Built
>> for versions of inexpensive which are orders of magnitude less than
>> the proceeds from leasing the addresses, the nominal network thus
>> serves as the foundation for _accurate_ ARIN documentation.
> Thanks for the above clarification; it's very helpful in understanding your point. If I understand you correctly, you’re saying that given the success of network virtualization, the actual infrastructure for associated with real network services may likely be created for nominal cost and effort – excellent point.
> (While I believe this subterfuge could be done by someone interested in concealing leasing activities, it would need to be slightly more nuanced in order to avoid impacting the actual use of the block by the lessor while also disguising any artifacts that usage – this may not dissuade folks, but does raise the challenge somewhat.)
Here’s the required level of nuance:
1. Obtain aggregate.
2. Announce aggregate.
3. Route leased more specifics to customers over tunnels from a cheap VM
4. SWIP leased more specific to customer
5. Customer announces more specific to their transit providers
6. (optional) create ROAs, IRR entries, etc. as needed.
At this point, the service is nearly indistinguishable from virtually any provider that allows its customers to announce their more specifics via other providers.
(this is what I’ve been referring to as a very thin fig leaf in previous posts)
>> Policy tends to fail where there's a broad enough space between
>> accurate and truthful to accommodate the unwanted behavior. It just
>> creates an arms race that the policy body ultimately loses.
> The registry policy is an instantiation of intended manner of cooperation of the community. My point is simply that if the community comes to the determination that the mutual cooperation does/does not support leasing of IP address blocks independent of connectivity services and creates policy to that effect, than ARIN will enforce the resulting policy. Your observation about the challenges in doing so regarding leasing is an excellent reminder of difficulty that could result, and definitely needs to be considered in the calculus of whether any benefit obtained from policy in this area is worth the resulting effort in enforcement for all involved.
IMHO, as long as addresses are getting utilized efficiently, I don’t really care whether they come from a connectivity provider or a lessor. While I think leasing is ill-advised from a financial perspective in most circumstances, I also think that IPv4 is ill-advised for new services in most circumstances these days. As such, my opinions are frequently in the minority and I’m fine with that.
More information about the ARIN-PPML