De-bogon not possible via arin policy.

Fyi, I just was rejected from arin for an ipv4 allocation. I demonstrated I
own ~100k ipv4 addresses today.

My customers use over 10 million bogon / squat space ip addresses today,
and I have good attested data on that.

But all I can qualify for is a /18, and then in 3 months maybe a /17. This
is called slow start ? For an established business?

Just fyi, de-bogoning , or private rfc 1918 is not really an option even
with strong and consistent demonstrate load.

Any suggestions on how to navigate this policy ?

Fyi, I just was rejected from arin for an ipv4 allocation. I demonstrated I
own ~100k ipv4 addresses today.>
My customers use over 10 million bogon / squat space ip addresses today,
and I have good attested data on that.
But all I can qualify for is a /18, and then in 3 months maybe a /17. This
is called slow start ? For an established business?
Just fyi, de-bogoning , or private rfc 1918 is not really an option even
with strong and consistent demonstrate load.

Any suggestions on how to navigate this policy ?

You should easily qualify for a /32 or larger IPv6 block.
And it's curious that errors that are likely to be there for decades
are just now trying to be fixed as IPv4 pool is depleted, isn't it ?

Rubens

His users can also switch to DECNET and reach about as many internet sites as they would with IPv6. Ooh well, internet's dieing, lets pack up our routers and go home. Randy Bush will turn out the lights for us.

Andrew

What do you mean by "de-bogon"? Do you mean that your customers'
addresses are listed in various RBLs for previous misbehavior? That
they are using addresses that were never properly allocated to them?
Something different?

You don't "own" IPv4 addresses; they are assigned or allocated to you
in response to demonstrated need.

ARIN takes into account your history of needing IP address space when
evaluating your request for more address space to be assigned or
allocated to you. If you have not been back to ARIN for address space
recently (or ever, if these are legacy addresses), you may find
yourself subject to slow start just like a newly established entity.

It does not sound as if ARIN rejected you for an IPv4 allocation.

From your statement below, it sounds as if ARIN approved you for a

/18, which is reasonable and in accordance with current policies. If
you walked in to ARIN and asked them for 10 million IPv4 addresses
(which is on the order of 1/8 of the total that ARIN has on hand, for
everyone), it is unsurprising that they declined.

If you can clarify the problem, it's possible the community may be
able to offer assistance.

-r

PS: I'm on the ARIN Advisory Council, which means that I help with
policy creation. Neither I nor my 14 colleagues on the AC are
employees; staff won't discuss particular cases, etc. So if you want
us to know something, you'll have to state it here or in private email
or something.

Cameron Byrne <cb.list6@gmail.com> writes:

Given unmet demand, I'd think the solution would be fairly obvious (albeit likely quite expensive with the going rate being around $12/address). I'd guess some of the folks who would be more than happy to help you (in exchange for a transaction fee of course) will contact you in the near future (if they haven't already).

Regards,
-drc

Cameron,

I have a client who went through the same problem in early-2011. They
had several thousand residential and small business end-users behind
NAT and wished to provision public IP addresses for them. They
assumed ARIN would be pleased to issue an appropriate block for their
project. David Huberman rejected their request outright and told them
to request provider space, renumber the customers to provider IPs, and
then apply to ARIN again and renumber their network a second time.
The client did not bother to involve me until after they had already
been told to FOAD.

This is clearly a counter-productive waste of time, but if the client
had applied using the immediate need process, and provided the
additional supporting documentation required by that, I think they
would not have had this problem. The analyst you worked with should
have suggested a different application procedure or otherwise worked
with you to facilitate your request. Sometimes the ARIN staff are
nice and helpful, sometimes they are not. It depends on who you get
assigned to, price of tea in china, phase of the moon, etc.

Fyi, I just was rejected from arin for an ipv4 allocation. I demonstrated I
own ~100k ipv4 addresses today.
My customers use over 10 million bogon / squat space ip addresses today,
and I have good attested data on that.

Wait... you had started using bogon addresses / "squatted" space not
allocated and claimed
the number of IP addresses your network is using that were not
allocated by a RIR
settles the need justification question?

Any suggestions on how to navigate this policy ?

Work with ARIN to provide a satisfactory need justification for the
entire allocation you are requesting.
A mere count of the number of IP addresses you are currently using is
not a need justification.

There has to be a technical reason that each IP address is required.

"I'm making IANA-unsanctioned use of 10^9 bogon IP addresses, please
allocate me 10^9 proper IP addresses, so I can have matching
allocated IP space with global recognition instead"; just doesn't cut
it.

You need to have all the documentation to show the actual justified
technical need for the IPs you request, such as what each specific
address is used for.

Regards,

Fyi, I just was rejected from arin for an ipv4 allocation. I demonstrated I
own ~100k ipv4 addresses today.
My customers use over 10 million bogon / squat space ip addresses today,
and I have good attested data on that.

Wait... you had started using bogon addresses / "squatted" space not
allocated and claimed
the number of IP addresses your network is using that were not
allocated by a RIR
settles the need justification question?

Anyone who has used their network in the last decade that actually
bother to look at their assigned ip address knows this.

Any suggestions on how to navigate this policy ?

Work with ARIN to provide a satisfactory need justification for the
entire allocation you are requesting.
A mere count of the number of IP addresses you are currently using is
not a need justification.

The wikipedia page shows something on the order of 34 million customers.
I don't expect they all need an ip at the same time.

Wait... you had started using bogon addresses / "squatted" space not
allocated and claimed the number of IP addresses your network is using that were not
allocated by a RIR settles the need justification question?

I'm confused. When justifying 'need' in an address allocation request, what difference does it make whether an address in use was allocated by an RIR or was squatted upon? Last I heard, renumbering out of (say) RFC 1918 space into public space was still a justification for address space. Has this changed?

You need to have all the documentation to show the actual justified
technical need for the IPs you request, such as what each specific
address is used for.

Perhaps I'm naive, but I tend to give folks like Cameron the benefit of the doubt when it comes to dealing with IP address allocation requests and assume he provided a bit more information than what you're suggesting. I find the suggestions by other posters that he look at IPv6 particularly amusing.

Unfortunately, regardless of the specifics of Cameron's case, the reality is that the traditional model of address allocation (i.e., "to each according to need" to quote a 19th century philosopher) is rapidly coming to a close. I expect there will be many more situations like Cameron's in the future.

Regards,
-drc

[snip]

I'm confused. When justifying 'need' in an address allocation request, what difference does it make >whether an address in use was allocated by an RIR or was squatted upon? Last I heard, renumbering >out of (say) RFC 1918 space into public space was still a justification for address space. Has this >changed?

It is a potential network change that could require additional address
space, if an operator plans a complete and immediate renumbering, but
the choice to renumber is not an automatic justification for the same
number of non-RFC1918 IPs as the count of IPs available in their
RFC1918 space networks.
I'm sure the RIRs are not allowing that.

A RFC1918 network is not a "normal" network; and this is not a
renumbering in the same manner as a renumbering from public IP space
to new public IP space.

The operator might have to show why they shouldn't renumber their 1918
network partially, over time, in a manner compatible with the RIR
policy for initial service provider allocations, instead of all at
once.

In other words: What is the technical justification that all those
rfc1918 addressed hosts suddenly need to be moved immediately, and
not over a normal allocation time frame for new public networks?

When building the rfc1918 network originally, the architect did not
need to follow RFC 2050, RFC3194, etc, so it is quite possible that
the 1918 network does not efficiently utilize IP addresses.

That means the RIR has to establish that the criterion is good enough.
"I have a rfc1918 /16 that I use, so give me a public /16, please"
is not good enough.

That would essentially provide a backdoor around normal RIR justified
need policy, if it were allowed......

I'm also aware of at least one network that has consumed all private address space, perhaps even including the testing /15 as well.

If you are using a /8 /12 and /16 in total, ones future life could be very interesting. Almost makes the case for v6 easier at their site. I'm hoping we see 2012 as the date of broadband v6 becoming commonly available in the states at least.

Jared Mauch

I tend to think of squatting in the sense of using a resource (could be an IP address block, could be an empty house, could be just about anything) that the person who is using it does not have permission to do so. I would think that definition holds up even when taking into account that people do not own their IP address allocations. An RIR or ISP assigning address space to a particular entity would establish a legitimate (but not irrevocable) claim to use a block of address space.

Squatting is maybe one notch above hijacking in this sense.

jms

Well here's the thing about allocations. All an IP allocation is, is a entry
in a data base saying an ORG has a right (from an RIR perspective) to use use
an address range.

Now a AS can actually use any IP space it wants internally, and if it gets
another AS to accept their routes for that IP space and that AS's peers agree
to accept those routes, the first AS can actually use that IP space. The RIR
or IANA has zero legal authority to stop this as it's just a bunch of private
networks agreeing on some one using IP space.

Now this gets a lot more fun as we get closer to true IPv4 exhaustion. If
there is a business case between two or more providers to side step a RIR
process and recognize IP allocations that the RIR does not, who really has the
power to stop them?

Think about this, if you're a service provider in the US, and the big US
networks agree to route your IP space that is actually registered to some
network in Kazakhstan according to the RIR's, what will happen? from the
service providers perspective the average user will have access to 99% of the
US networks (which is really all people want and most likely half way
decent connectivity to other AS's. Sure, this sucks, but 99% of the people
don't care, and still provides better connectivity to services people want
than IPv6 does.

So follow the money and see how IPv4 exhaustion plays out

Here's a simple one involving "squat" space: You have a network that internally is using *all* of 10.0.0.0/8 *and* 5.0.0.0/8 (because you have enough customers to fill two /8s).

Now that 5.0.0.0/8 is being allocated, you need to move out of it (so that your users can reach the real 5.0.0.0/8 sites).

Why wouldn't this be sufficient justification for a new /8 from ARIN?

Matthew Kaufman

Because you can probably use the other two 10/8's you already have.
And if thiose run out, a third 10/8 is cheap even on the secondary market.

Jimmy,

A RFC1918 network is not a "normal" network; and this is not a
renumbering in the same manner as a renumbering from public IP space
to new public IP space.

I'll admit I haven't been following ARIN policy making for some time. Can you point to the ARIN policy that makes this distinction?

In other words: What is the technical justification that all those
rfc1918 addressed hosts suddenly need to be moved immediately, and
not over a normal allocation time frame for new public networks?

I used RFC 1918 space as an example. A more likely scenario is needing to renumber out of recently allocated squat space (particularly in situations where RFC 1918 is not an alternative).

That means the RIR has to establish that the criterion is good enough.
"I have a rfc1918 /16 that I use, so give me a public /16, please"
is not good enough.

That would essentially provide a backdoor around normal RIR justified
need policy, if it were allowed......

Hmm. If one makes the assumption that the (1918/squat) address space is being used in an efficient manner and there is a business/technical requirement to renumber that space into public space, I would have thought the acceptance of justification would depend more on the business/technical requirement, not the fact that 1918/squat space is being used.

Regards,
-drc

Right, but how does that impact whether or not non-squat space is justified? From my perspective, the actual bit patterns associated with an address in use shouldn't have any impact on the whether or not it is deemed by our ARIN overlords to be needed to be in use.

Regards,
-drc

In a message written on Wed, Dec 14, 2011 at 01:15:48PM -0800, Cameron Byrne wrote:

But all I can qualify for is a /18, and then in 3 months maybe a /17. This
is called slow start ? For an established business?

https://www.arin.net/policy/nrpm.html#four216

You should be able to get a /16 under the "immediate need" policy
if you can prove to ARIN you need it and can use it in 30 days or
less.

Otherwise, yes, the slow-start policies apply.

You're assuming a network architecture which is not required by policy.

Matthew Kaufman

Here's a simple one involving "squat" space: You have a network that
internally is using *all* of 10.0.0.0/8 *and* 5.0.0.0/8 (because you
have enough customers to fill two /8s).
Now that 5.0.0.0/8 is being allocated, you need to move out of it (so
that your users can reach the real 5.0.0.0/8 sites).
Why wouldn't this be sufficient justification for a new /8 from ARIN?

It is valid justification you may have available to obtain some
additional address space from ARIN.
Probably not a /8, however. With such a large request, you can be
sure the RIR will want to vet it in great detail,
and make sure everything is fully justified technically, to the
letter and spirit of the policy.
If it is, then you get a /8, providing it is available, and the policy
is still justified need.

If you don't immediately require an entire /8 equivalent, you can
expect to get a smaller amount immediately.
You are only allowed a 3 months supply, anyways, and you may not get
to have the /8 as a single aggregate.

The limitation is that "Efficiently utilizing 10.0.0.0/8" or
"Efficiently utilizing 5.0.0.0/8"
Cannot be used to obtain a /7 or another /8, because 10.0.0.0/8
and 5.0.0.0/8 are not your allocation.

If the allocation is not yours, then you cannot apply the policy that
says "Efficient utilization of previous blocks assigned
and requirement for more addresses" as the justification for more
IPs, because 10/8 wasn't assigned to you anyways.

You are left having to justify based on number of simultaneous HOSTS
on your network, not number of customers.

The RIRs do not currently require you to utilize NAT or RFC1918
addresses for hosts on your network,
so if you met the requirements, you can justify the allocations
required to renumber your entire 10/8 and
your entire 5/8 into public IP space, at the rate you intend to
renumber them.

You however don't get to say "I have 10 million DSL customers",
therefore, I get 10 million IPs, right now.

Because you can probably use the other two 10/8's you already have.
And if thiose run out, a third 10/8 is cheap even on the secondary market.

You're assuming a network architecture which is not required by policy.
Matthew Kaufman

The RIRs do not require you to utilize NAT in the first place.
It follows that they also don't require you to segment your network
and re-use the same NAT ranges.

But in utilizing NAT, you might be utilizing your address space
inefficiently, because the pressure to
utilize addresses efficiently is reduced by the large size of 1918 space.

An example would be having 10 million dialup customers, with hosts
that are only transiently connected
to a network, and never 10 million simultaneously, each you
addressed with a permanent IP.

The problem with that, is you only get to assign addresses to
addressable objects.
When a device is not connected to your network, it is not an addressable object.

In obtaining an allocation from an RIR, you can expect to be required
to utilize your address space
efficiently, which means that devices not connected to your network
at any point in time are not hosts,
and therefore do not have IP addresses assigned from you.

And the number of IP addresses you can justify is related to the
number of simultaneous connected devices.