[arin-ppml] ARIN Guidelines, regarding use in ARIN region, curious question

[Matthew Petach]

On Tue, Jul 26, 2022 at 9:46 AM Michael Peddemors <michael at linuxmagic.com>
wrote:

> Noticing more cases of IP Assignments for a 'company' with a North
> American presence, that simply reassigns/reallocates portions of their
> IP assignments to offshore and foreign companies with no North American
> presence at all..
>
> How does the intent of ARIN guidelines apply, when a 'shell' company is
> formed to provide IP ranges for companies outside of the ARIN region?
>
> Just curious..
>

I'm not a lawyer, I'm not an ARIN staff member, so take everything
I write with less than a grain of salt--but with that said:

I think it's important to understand that ARIN requirements generally
aren't transitive.

That is, a requirement in the NRPM that the entity requesting number
resources
have "a real and substantial connection with the ARIN region" does not in
any
way require the *customers* of that entity also have a real and substantial
connection with the ARIN region.

If I form a company, 'X', and build a network predominantly in the ARIN
region,
fulfilling the requirement that 'X' has "a real and substantial connection
with the
ARIN region", and get number resources based on that; but all of my
customers
end up being mostly outside the region, connecting to one of my edge sites
outside
the ARIN region, no fraud has been perpetrated, because the letter of the
NRPM
has been met.

Now, if the initial company is a "shell" company in the literal sense,
in that it has nothing more than a corporate PO box in the ARIN
region, and no tangible assets (no routers, no network, no servers,
etc.), then yes, there's a case to be made that fraud has been
perpetrated.

However, if the original company *does* have a network within the
ARIN region, and appropriately justified its number resources based
on that infrastructure, even if all of their subsequent customers lie
outside the region, according to the current wording of the NRPM,
no fraud has occurred.

You could try proposing a change to the NRPM that would require
ARIN member entities to ensure all their downstream customers
*also* have "a real and substantial connection with the ARIN region",
but I doubt you'll find much support for that, as it would greatly
increase the up-front cost of vetting customers with no corresponding
increase in revenue to support it.

Thanks!

Matt
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20220726/941525c4/attachment.htm>