Can a customer take IP's with them?

Should a customer be allowed to force a carrier to allow them to announce
non-portable IP space as they see fit to any other carriers of their
choosing when they are no longer buying service from the original carrier
[that the space is assigned to]?

According to ARIN regulations, the space does not "belong" to us but we
have the right to assign or revoke the space to our customers as we see
fit. In addition ARIN regulations specifically prohibit us from transferring
or selling the IP space to another customer (even if we want to).

NAC has a customer who is leaving NAC. As part of normal procedure (and
also because the space provided to us by ARIN is non portable), the
customer has been informed that the IP space used by the customer will not
be available to be used by the customer subsequent to them leaving us.

It should be mentioned that the following facts exist, and cannot be
disputed:

a) customer has obtained space directly from ARIN over a year ago, but has
chosen not to renumber from space allocated from us. This was solely their
choice, and we did not restrict this in any way.

b) customer is exercising the right not to renew the business agreement,
and is leaving NAC voluntarily.

Thus, they are attempting to file for and obtain a temporary restraining
order (TRO), and ask for the following:

-- start --

        "NAC shall permit CUSTOMER to continue utilization through any
carrier or carriers of CUSTOMER's choice of any IP addresses that were
utilized by, through or on behalf of CUSTOMER under the current agreement
during the term thereof (the "Prior CUSTOMER Addresses") and shall not
interfere in any way with the use of the Prior CUSTOMER Addresses,
including, but not limited to:

  (i) by reassignment of IP address space to any customer;
aggregation and/or BGP announcement modifications

  (ii) by directly or indirectly causing the occurrence of
superseding or conflicting BGP Global Routing Table entries; filters
and/or access lists, and/or

  (iii) by directly or indirectly causing reduced prioritization of
access to and/or from the Prior CUSTOMER Addresses.

NAC shall provide CUSTOMER with a LOA within 7 days of CUSTOMERS's written
request for sale,

NAC shall permit announcement of the Prior CUSTOMER Address to ANY
carrier, IP transit, or IP peering network."

-- end --

In other words, customer is asking a court to rule whether or not IP space
should be portable, when an industry-supported organization (ARIN) has
made policy that the space is in fact not portable. It can be further
argued that the court could impose a TRO that would potentially negatively
affect the operation of my network.

NAC does not want to be forced to rely on a customer's ability to properly
make complex routing updates that if done improperly could disrupt the entire
NAC network. We believe there is a great danger to NAC that their routing
mistakes could take down some or all of our network infrastructure.

Another VERY important issue to bring up: If customer is granted the legal
right to continue to use IP space that is registered to NAC by ARIN, NAC
runs into the very serious problem of being liable for all of the Spam
that could be generated by the customer and all of the RBLs that the
carrier may be added to [that of course will effect all of NAC's
customers] with no ability to revoke the IP space to protect itself. This
has to potential to effect the NAC network in a catastrophic manner.

I'd love any comments from anyone.

In other words, customer is asking a court to rule whether or not IP space
should be portable, when an industry-supported organization (ARIN) has
made policy that the space is in fact not portable. It can be further
argued that the court could impose a TRO that would potentially negatively
affect the operation of my network.

  A court will likely decide this based upon the terms of your contract and
what the court thinks is fair. They will likely give very little
consideration to common practice or ARIN's rules.

Another VERY important issue to bring up: If customer is granted the legal
right to continue to use IP space that is registered to NAC by ARIN, NAC
runs into the very serious problem of being liable for all of the Spam
that could be generated by the customer and all of the RBLs that the
carrier may be added to [that of course will effect all of NAC's
customers] with no ability to revoke the IP space to protect itself. This
has to potential to effect the NAC network in a catastrophic manner.

  You'll just have to explain to people that the traffic didn't originate on,
terminate on, or transit your network and therefore there is no
justification for holding you responsible. When arguing against the TRO in
court, make sure to point out that this TRO would make you responsible for
behavior over which you have no control. However, the court will likely find
that failure to grant the TRO puts a greater hardship on your
soon-to-be-former customer than granting the TRO puts on you.

  Courts do not look well on artificial attempts to penalize a customer for
changing providers. Lock in is considered anti-competitive. They will likely
see your revocation of the IP addresses (or failure to offer them separately
for a reasonable fee) as a case of lock in. Standard industry practice,
AFAIK, is to allow customers to keep their IP addresses for a reasonable
amount of time unless you have always had a policy of not allowing customers
to advertise any of your IP space through any other providers ever.

  IANAL, seek competent legal advice from a lawyer with experience in this
area. I'm sure you can work out some sort of compromise where you let them
keep using their IP space for a reasonable period of time (3 months? 6
months?) and they renumber in that time. I'm fairly sure they don't expect
to keep your IPs forever and I'm fairly sure you don't need them back
immediately.

  DS

Then what was the whole year they had ARIN assigned IP space for? 12 months is plenty of time to renumber for most size organizations.

I wonder if their ARIN application says anything about planning to renumber their existing space from NAC into the newly assigned space...

-davidu

David,

Isn't renumbering an obligation?

David,

Isn't renumbering an obligation?

>I wonder if their ARIN application says anything about planning to
>renumber their existing space from NAC into the newly assigned space...
>
>-davidu

  It's hard to see how his customer failing to meet obligations to ARIN is
going to be considered relevant to his relationship to his customer. ARIN
isn't a party to the dispute, and the ARIN renumbering requirements aren't
directly intended to benefit the ISP. In fact, one could argue that a
customer renumbering is to the detriment of their ISP because it reduces
lock in.

  A court is going to look very specifically at three things:

  1) What is the hardship to the customer if the TRO is not granted.

  2) What is the hardship to the ISP if the TRO is granted.

  3) Is the customer likely to prevail in whatever is the actual claim that
gave rose to the TRO (which we have no clue).

  I think it doesn't impose a significant hardship on the ISP for the court
to grant the customer the right to continue using the IPs and advertise them
from another provider for some reasonable amount of time. How much of a
hardship forcing the customer to renumber immediately is, I don't know. And
what the real claim is, I don't know either.

  The tack I would take is to use the kettle defense -- to attack all the
prongs. First, I'd argue that there is no hardship to the customer in
forcing them to renumber immediately, spreading the pain out over time
doesn't lessen it. I'd further add that the TRO's false urgency was created
by the customer -- they already had plenty of time to renumber, so if losing
the IPs was such a hardship, it's only because they failed to mitigate it by
acting diligently. Second, I'd argue that letting them keep the IPs is a
significant hardship on me, because it makes me responsible for resources
over which I have no control whatsoever. A security problem might require
immediate filtering to protect my other customers, and I won't be able to do
that. Third, I'd argue that the customer always knew that the ISP's were his
only so long as he continued to buy my service, and so he is asking for
something to which he knows he has no entitlement.

  All of this assumes that you didn't disconnect him for a bad reason and
were reasonable in negotiations with him. You weren't really trying to lock
him in and using his IPs and his difficulty with renumbering to blackmail
him for more money, were you?

  DS

I am not sure however RFC 2071 Touches on this subject in section 4.2.3 but is ambiguous as to the nature of when the renumber should take place.

4.2.3 Change of Internet Service Provider

    As mentioned previously in Section 2, it is increasingly becoming
    current practice for organizations to have their IP addresses
    allocated by their upstream ISP. Also, with the advent of Classless
    Inter Domain Routing (CIDR) [11], and the considerable growth in the
    size of the global Internet table, Internet Service Providers are
    becoming more and more reluctant to allow customers to continue using
    addresses which were allocated by the ISP, when the customer
    terminates service and moves to another ISP.
[SNIP]
             For obvious reasons, this practice is highly discouraged by
    ISP's with CIDR blocks, and some ISP's are making this a contractual
    issue, so that customers understand that addresses allocated by the
    ISP are non-portable.
[SNIP]
    It should also be noted that (contrary to opinions sometimes voiced)
    this form of renumbering is a technically necessary consequence of
    changing ISP's, rather than a commercial or political mandate.

In my opinion, which counts for nothing in this case, I would hope that 12 months was enough time for the company to renumber. Unless this decision to terminate services with NAC was 'just made' I think that space from ARIN 12 months ago was a heads up that their non-portable space should be eliminated from their network.

Just my $.02 with some RFCs tossed in,
davidu

I don't even see a time limit mentioned here. Are they planning to snatch
the IPs away from NAC indefinitely? Which part of non-portable did they
not understand?

You're paying ARIN a yearly maintenance fee on those IPs. If you end up
in court, that should be pointed out. If the ex-customer is no longer
paying you for service, then they have no right to continue to use
your IP space. If you wanted to be "really nice", you might allow them
some grace period (days, weeks?) in which to renumber into either their
own IP space or their next provider's. AFAIK, common practice when
switching carriers and renumbering is to have overlapping service with the
old and new providers while you renumber. At the very least, you should
get an IP rental fee out of them if they want the space indefinitely.

If this case goes badly, it'll have some pretty serious implications wrt
current ARIN policies. i.e. All address space becomes portable...who pays
the fees if ARIN says it's your space but a customer has "stolen" it from
you in court?. I suggest you contact ARIN and see if they're aware of any
legal precedents that would be helpful or if they have counsel that might
be helpful to you in upholding ARIN policy in court.

BTW...who's the customer? I think this is someone most providers would
want to avoid dealing with.

This has also served as an example suggesting that if it's not already in
there, all customer contracts should specifically say that any IP space
assigned by the provider to the customer will be revoked if/when the
customer's service is terminated. I'll have to see if ours have anything
about that.

This
has to potential to effect the NAC network in a catastrophic manner.

I'd love any comments from anyone.

Legal comments should be solved by legal means.

1. Ask ARIN if their legal counsel would be willing to file a "friend of
the court" brief to help the judge understand that this customer has no
legal right to those addresses.

2. If the TRO is already in place, then ask the court to order your
customer to cease and desist any current and future spamming or network
abuse activities. And ask the court for permission to take appropriate
action to protect your network in the event that any such activities are
reported to you. At least that way there will be some limits.

Should a customer be allowed to force a carrier to allow them to announce
non-portable IP space as they see fit to any other carriers of their
choosing when they are no longer buying service from the original carrier
[that the space is assigned to]?

Non-portable is non-portable. Historically, a sane renumbering window
is provided. According to some stories, enforcement of renumbering
windows has occasionally taken place by re-use of to-be-revoked space,
or its reannouncement to peers in smaller chunks.

Of course, the new provider should be able to vet the space, see the
'non-portable' note and tell the customer about multioming-vs-moving,
their renumbering guides, contact NAC, etc. It would be an
irresponsible provider that would announce another provider's NON-
portable spacewithout the customer clearly multihoming and without
clearance from the originating provider.

In other words, customer is asking a court to rule whether or not IP space
should be portable, when an industry-supported organization (ARIN) has
made policy that the space is in fact not portable. It can be further
argued that the court could impose a TRO that would potentially negatively
affect the operation of my network.

Portable space is available from the registry. That is their recourse.

Christopher J. Wolff wrote:

Isn't renumbering an obligation?

It depends on what day you talk to ARIN. Or perhaps it depends on what
most benefits ARIN when you talk to them, I'm not sure.

I had an allocation from ARIN that wasn't big enough to renumber into
(after telling them that I planned to do exactly that), and was told
that I didn't need to, and wasn't expected to. Then when I came back
for another allocation later, I was told I didn't qualify for a larger
space (again, this second allocation still wouldn't be enough for me
even to renumber into from the space I had the first time I went to them
for an allocation). I was told that I didn't qualify because I hadn't
renumbered after the first allocation.

I would have to say no.

However, we will typically send an email to the customer and their new
provider giving them 60 days to renumber their network. After that time it is
fair game to reallocate to another customer or blackhole or whatever. The new
provider will typically push the customer to renumber once they get the email.

[Wed, Jun 23, 2004 at 01:15:14AM -0400]
Alex Rubenstein Inscribed these words...

Actually, I don't think that's the case. ARIN still owns the numbers, NAC
is just leasing them. Therefore, ARINs rules supercede anything
contractual between NAC and the customer.

For instance, if what you say were true, all an ISP would have to do in
order to "sell" their IP space is to create a contract stating that they
are doing so.

Contracts are rarely as binding as people think they are. Of course, I'm
no lawyer, I just hate paying them.

Andy

I may be missing the point here, but the address space in question is
probably of a PA status as opposed to PI - hence they are deemed
non-portable in the first instance.

Given that the customer has had an alternative block and been given more
than reasonable time to renumber I would say that the ball is firmly in
Alex's court - not his fault if they can't get their sh*t together.

Just thinking, the easiest way forward might be to simply to refuse to
deaggregate on the basis of "the good of the Internet" - ignoring any
multihomers that NAC may have out of their aggregates, for the sake of
argument.

Additionally according to the size of the block and filtering, 8001 will
probably up transiting the traffic anyway with no commercial agreement in
place, which is obviously unacceptable.

I'd dig out initial contract(s) with the customer, as if there was no
clause there specifically outlining ownership of address space (yes, I
know the concept is a fallacy) then you could go with whatever ARIN
recommendation was in force at the time.

I had some space from way back when which I think was previous to these
sort of issues with regard to portability ('94-95), culminating in a
letter from the RIR involved saying words to the effect of "you should
return the address space for aggregation reasons, but legally you don't
have to"

Regards,
Jess.

Since this customer has it's own space now, and as long as it is as large
as the NAC space, they can do a simple 1-to-1 NAT at the border. This
should minimise the hardship to them drastically.

K

er, right. as long as the customer in question never needs to talk
to whoever NAC reassigns the space to.

i had a customer once who had, for no reason they could
ever clearly explain, arbitrarily used ericson's IP space for
their own internal network. as long as they didn't need to talk
to ericson they were ok (yes, they used NAT at the border,
but we needed to see their internal IP address space, which
made for some serious annoyance.)

richard

Date: Wed, 23 Jun 2004 13:35:06 -0400 (EDT)
From: Richard Welty

i had a customer once who had, for no reason they could
ever clearly explain, arbitrarily used ericson's IP space for
their own internal network.

Only one customer? There are a couple "consulting" firms in
particular around here that use arbitrary space on internal
networks. Sometimes a currently-dark IP block is configured, so
"it works for us". It gets annoying after a while.

Eddy

Reverse NAT the Ericsson space to RFC1918 space, and hax0r the NS to give out 10-dot addresses for Ericsson hostnames.

> Date: Wed, 23 Jun 2004 13:35:06 -0400 (EDT)
> From: Richard Welty

> i had a customer once who had, for no reason they could
> ever clearly explain, arbitrarily used ericson's IP space for
> their own internal network.

Only one customer?

we were a small outsourced network monitoring/management
business (since bought by someone else, several years ago now.)

another way to look at it is that at one point in time, 25% of our
customer base was using "improper" ip address space (not
our fault, we knew better. legacy is a bitch.)

It gets annoying after a while.

when you're trying to do SNMP, it gets beyond annoying, it
seriously cramps your network engineering style.

richard

> > In other words, customer is asking a court to rule whether or
> > not IP space
> > should be portable, when an industry-supported organization (ARIN) has
> > made policy that the space is in fact not portable. It can be further
> > argued that the court could impose a TRO that would
> > potentially negatively
> > affect the operation of my network.

> A court will likely decide this based upon the terms of
> your contract and
> what the court thinks is fair. They will likely give very little
> consideration to common practice or ARIN's rules.

Actually, I don't think that's the case. ARIN still owns the numbers, NAC
is just leasing them. Therefore, ARINs rules supercede anything
contractual between NAC and the customer.

  Yes, but the court won't care about that. They'll simply enjoin the ISP
from interfering with the customer's use of those IP addresses. ARIN can do
whatever they want about it, but that would be a totally separate issue.

For instance, if what you say were true, all an ISP would have to do in
order to "sell" their IP space is to create a contract stating that they
are doing so.

  Exactly. If they did that, a court would likely enjoin them from making any
action to interfere with the customer's use of those IP addresses. A court
would likely find the contract binding upon the parties that entered into
it.

Contracts are rarely as binding as people think they are. Of course, I'm
no lawyer, I just hate paying them.

  Let me try to give you a hypothetical to show you why ARIN is irrelevent.
Suppose I am a member of the Longshoreman's assocation and you have a
contract to buy shrimp for $8/pound provided you only resell it to members
of the LA. You then enter into a contract with me to sell me shrimp for
$10/pound. But then I leave the LA. Ooops, now you can no longer resell me
the shrimp. So you break our contract and I sue you. Does your contract with
your shrimp provider matter? If you continue to sell me shrimp even though
I'm not in the LA, who does your shrimp supplier sue? You or me?

  DS

there's a word for selling something that you don't own.

richard
  (i've got that bridge around here some where, anyone want to buy it?)