AS Numbers unused/sitting for long periods of time

Before I take this to the ARIN PPML, wanted to get NANOG's thoughts.

I'm amazed at the number of AS numbers that are assigned, but not actively being used. I'm not talking just like they are offline for a week or month, this is complete non-use of the AS in the global routing table within *years*. They are completely abandoned resources - Whois data is inaccurate by 5-10 years, no routeviews data in the same time period, the owning organization (if you can find it) scratches their heads about responding whether they use it or not, etc.

I know we're currently not in a push to get AS numbers or close to exhaustion, but I do believe that people who have global AS numbers should have a requirement to use them or return them to the global pool. Am I the only one thinking this?

And before you come back with "Well they may be using it internally where it doesn't need to be in the GRT" - that's why we have Private AS numbers.

I.e. some form of ARIN or global policy that basically says "If AS number not routed or whois updated or used in 24 months, said AS number can be public noticed via mailing list and website and then revoked and reissued to a pending, approved AS request"

Just thinking aloud. Happy New Year all!

James W. Breeden

Managing Partner

[logo_transparent_background]

Arenal Group: Arenal Consulting Group | Acilis Telecom | Pines Media

PO Box 1063 | Smithville, TX 78957

Email: james@arenalgroup.co<mailto:james@arenalgroup.co> | office 512.360.0000 | cell 512.304.0745 | www.arenalgroup.co<http://www.arenalgroup.co/>

Once upon a time, James Breeden <James@arenalgroup.co> said:

I'm amazed at the number of AS numbers that are assigned, but not actively being used. I'm not talking just like they are offline for a week or month, this is complete non-use of the AS in the global routing table within *years*. They are completely abandoned resources - Whois data is inaccurate by 5-10 years, no routeviews data in the same time period, the owning organization (if you can find it) scratches their heads about responding whether they use it or not, etc.

I know of two (from a former job) that pre-date ARIN that haven't been
used since 1999 because those two companies no longer exist (nor AFAIK
does any successor company). The whois information is bogus at this
point, but I couldn't prove that.

I expect that AS numbers allocated by ARIN and other current RIRs are
not abandoned like that (since they charge annual fees, and I assume
they reclaim for non-payment), so the number of abandoned AS numbers is
probably not growing significantly (and would not grow beyond the
pre-RIR pool).

With 32 bit AS numbers though, what's the point of making an effort to
reclaim the old AS numbers? BGP4 has been shown to handle alternate
length AS numbers, so if somehow 4 billion are allocated, it probably
won't be a big deal to extend BGP again.

Just because a number is NOT VISIBLE on the global Internet, it does NOT mean that it is not IN USE.

This applies to IPv4 addresses, IPv6 addresses and AS numbers.

Apart from legacy IPv4 addresses and legacy AS, these resources require annual payments to maintain the assignment from the RIR.

Mark

Inaccurate whois data from ARIN is not a good way to tell anything as ARIN is terrible to deal with when you need to update an address or phone number or anything. I know personally as I had to fight for years to update the data on an ASN that ARIN was billing me to manage the data for.

Dear James,

Before I take this to the ARIN PPML, wanted to get NANOG's thoughts.

I'm amazed at the number of AS numbers that are assigned, but not
actively being used. I'm not talking just like they are offline for a
week or month, this is complete non-use of the AS in the global
routing table within *years*. They are completely abandoned resources
- Whois data is inaccurate by 5-10 years, no routeviews data in the
same time period, the owning organization (if you can find it)
scratches their heads about responding whether they use it or not,
etc.

I know we're currently not in a push to get AS numbers or close to
exhaustion, but I do believe that people who have global AS numbers
should have a requirement to use them or return them to the global
pool. Am I the only one thinking this?

The most important property of ASNs assigned by RIRs is that they are
globally _unique_. This doesn't mean they are globally visible.

I worry that a proposal like this will introduce quite some work for all
parties involved, for no obvious benefit. As you point out yourself we
are nowhere close to exhaustion.

And before you come back with "Well they may be using it internally
where it doesn't need to be in the GRT" - that's why we have Private
AS numbers.

I beg to differ, private ASNs are useful when you control all aspects of
the administrative domain, but with M&A in mind, using globally unique
ASNs can be quite beneficial. Or, maybe as the result of M&A you end up
having multiple ASNs inside your network, but globally only one ASN is
visible (confederations).

I.e. some form of ARIN or global policy that basically says "If AS
number not routed or whois updated or used in 24 months, said AS
number can be public noticed via mailing list and website and then
revoked and reissued to a pending, approved AS request"

Uses of invisible ASNs include: lab networks, route servers, GRX
exchanges, route collectors, etc. The Internet is more than what
routeviews/RIS can see.

All pending, approved AS requests can immediately be fullfilled, there
is no shortage of ASNs.

Just thinking aloud. Happy New Year all!

Same to you :slight_smile:

Kind regards,

Job

I think the real issue here will be this :

1. If you are paying an RIR to maintain the registration it is yours to use unless the terms change to require you to justify usage on a recurring basis.

2. If it is pre-RIR I am not sure how you could change the rules at this point to reclaim an AS number. For example, I am sure the government hold hundreds that they are not using. I am also sure that they were given to them in block form. How would you undo that?

I have a little bit of a problem with the "not visible to the Internet as a whole" test. There are a number of valid engineering reasons why an AS might not be visible today but may need to be tomorrow or be dynamically routing or not routing. Maybe you were dual homed and now you temporarily are not. Maybe you are transitioning your architecture to your shiny new IPv6 address space instead of your service provider's space. It would have to be a case by case justification which would hardly be worth the effort. If it was pre-RIR I am not sure how you would establish definitive contacts for old AS numbers. Please don't tell me WHOIS because that is completely inadequate for reclaiming something this significant.

I suppose I would not have a problem with you contacting an entity and asking them voluntarily to give up an unused AS number but you better make sure you have the right guy on the phone and I would think there would need to be some kind of incentive for them to do so otherwise your default answer will be no. All in all it is much easier to support larger AS space than to reclaim the oldest foggiest AS numbers.

Steven Naslund
Chicago IL

I'm amazed at the number of AS numbers that are assigned, but not actively
being used. I'm not talking just like they are offline for a week or month,
this is complete non-use of the AS in the global routing table within
*years*. They are completely abandoned resources - Whois data is inaccurate
by 5-10 years, no routeviews data in the same time period, the owning
organization (if you can find it) scratches their heads about responding
whether they use it or not, etc.

Hi James,

What's it worth to you? Literally, whats the maximum amount of money you're
willing to spend on an AS number recovery effort before you figure, "meh,
it's not worth it?"

And before you come back with "Well they may be using it internally where

it doesn't need to be in the GRT" - that's why we have Private AS numbers.

Private AS numbers suffer from the same interconnection collision issues as
private IP addresses and if you have a private AS it's *because* you're
interconnecting networks.

Regards,
Bill Herrin

That's a very broken idea. Immediately to my mind is any internet exchange with route servers will have an AS number that will never show in a path, let alone a global table. Yet such a route server requires a real AS number.

~Seth

if AS numbers are unused, what operational difference does it make?

but if you have the gloves and long forceps needed to deal with the rir
policy <bleep>, then there is a real need for inter-region AS transfer.

randy

'not actuvely being used' ... how would you (or anyone) know? what if they
were used only on some internal part of a large public network which never
leaked beyond their borders/uses? What if the ASN is used on a large
private network? (for instance.. where I know of several such things).

-chris
(mark andrews makes this same, valid, point)

I'd second those views. Just take IXPs as an example. Their AS does not necessarily get redistributed past the ISPs peering on these.

Not only that, but smaller ones often have non-routable IPv4 allocations, like a /26.

So saying, that an ASN is unused is never very accurate, when you don't have the full picture. And the global routing table certainly isn't the full picture.

Kind regards,
Martin List-Petersen

Internet Exchange route servers would be another case that would appear
unused to the broader internet, but shouldn't use a private ASN.

I.e. some form of ARIN or global policy that basically says "If AS number
not routed or whois updated or used in 24 months, said AS number can be
public noticed via mailing list and website and then revoked and reissued
to a pending, approved AS request"

Why? What is the justification for a reclamation project?
Besides this is Outside the purview, scope, or powers that RIRs/
ARIN in particular have put into their public policy development process.
of.

Number resource policies govern management regarding
number resources: allocation, assignment, and transfer.

Policies are not able to set fees or conditions on any existing services.
Revoking an unused resource would require a condition on
existing services that cannot be defined by a number resource policy.

EXISTING number resources in ARIN region in particular are serviced under
the RSA contract that include terms specifically informs the end user that
ARIN is disclaiming itself from having any ability or authority to
revoke any unused resources or cancel any services for lack of use.

"ARIN will take no action to reduce the Services currently provided for

Included Number Resources due to lack of utilization by the Holder, and
(ii) ARIN has no right to revoke any included Number Resources under
this Agreement due to lack of utilization by Holder.

However, ARIN may refuse to permit transfers or additional allocations of
number resources to Holder if Holder’s included Number Resources are not
utilized in accordance with Policy."

I'm amazed at the number of AS numbers that are assigned, but not actively

being used.

"Actively being used" is determined only by the resource holder.

And before you come back with "Well they may be using it internally

where it doesn't need to be in the GRT" - that's why we have Private AS

numbers.

It is a valid technical decision to use AS numbers internally, and
there are reasons Not to use the small pool of available Private AS
numbers,

Even if the private AS numbers might be available for some legitimate use
cases;
there is no reason to favor them when privately interconnecting networks
across multiple organizations or policy domains, and it is perfectly valid
to
maintain uniquely-registered AS numbers for such internal purposes.

I updated all applicable records for a new client in the past month. Didn't seem that difficult. *shrugs*

I did have control of the email server for the domain in the POCs, though.

Hi Jimmy,

That's not entirely correct. In this case there are two groups of AS
numbers held by ARIN:

1. AS numbers held under a registration services agreement. ARIN has annual
contact with these organizations in the form of a bill which, if they don't
pay, eventually results in deregistration of the resource. No change to
policy or process is necessary for this to happen.

2. Legacy AS numbers assigned by the registrars that existed prior to ARIN.
ARIN asserts that they have the authority to deregister these resources,
but the legal situation is murky. No explicit contract covering those AS
numbers exists between ARIN and the registrants.

ARIN's authority to refuse action outside of a contract has been only
weakly tested in court: all cases were settled prior to the court ruling or
the court ruled on some basis other than ARIN's authority over number
resources. For example, the Nortel case was settled when Microsoft agreed
to sign a negotiated contract with ARIN while the Kremen case was thrown
out based on the statute of limitations: he waited too long after ARIN's
refusal to sue.

ARIN's authority to act absent a contract has never been tested in court.

And in fact ARIN has never unilaterally deregistered a legacy resource.

Practically speaking, this means that any action to revoke allegedly
abandoned legacy resources places ARIN at legal risk. The prospective gain
from such action would have to exceed the risk.

Regards,
Bill Herrin

Steve’s situation was relatively unique and arduous. It was also resolved
several years ago.

Yes, if you have difficulty authenticating as a legitimate administrator of
the resource, it can be difficult to convince ARIN you should be updating
the contact data on said resource. Hopefully everyone here can see how that
is a desirable thing. I’m quite glad that ARIN makes it difficult for people
who aren’t me to update my resource records.

As to the issue raised regarding unused ASNs, there are several possibilities
not yet considered IMHO:

  1. There were private networks built before private ASNs existed.
  2. There were private networks built that needed ASN coordination
    and include more ASNs than there were private 16-bit ASNs.
  3. While private ASNs may be a solution for some private networks,
    there are other cases where they may not be well suited. Such
    cases can legitimately use public ASNs.
  4. NO single view, nor even any collection of views available to
    any one entity can be considered a complete routing table for
    the entire internet.

Are there ASNs that were issued prior to the creation of ARIN that may languish?
Yes. Probably a few thousand.

All ASNs issued since the creation of ARIN come with an annual fee being paid to
ARIN which means that the ASN isn’t languishing unless someone is paying the fee
for the ASN and/or related resources each year. So in the case of companies that
no longer exist, if you report your suspicions to ARIN, they’ll investigate and
reclaim the ASNs if they can be certain that the organizations are no longer
valid. In the case of ASNs issued in the last 20 years, that’s as easy as checking
that the invoice got paid by someone. ASNs issued prior to 1997 are a much harder
problem to solve.

Personally, I don’t think there’s enough value to the community in a few thousand
ASNs to make it worth the cost involved in ARIN going out and reclaiming them
aggressively. A few years ago, we added 4,294,901,760 ASNs to the original pool
of 65,536 ASNs. (This includes both public and private in both cases). None of
those 4 billion new ASNs will languish as they are all issued under an annual fee.

As such, I see little or no value in trying to reclaim the few thousand ASNs that
might be subject to such a policy.

Owen

Why?

Seriously asking, not trying to be confrontational.

I understand some people want it, but I’m trying to understand the actual “need” vs. want.

Owen