Would like to hear from anyone who purchased independent address space
from ARIN, what issues you had (technical, or otherwise).
-Dan
Also Sprach Dan Hollis
Would like to hear from anyone who purchased independent address space
from ARIN, what issues you had (technical, or otherwise).
Nothing other than the usually utter inability to apply any sort of
critical thinking to address space allocations. Attitudes along the
lines of, "We're doing what the policy says, even if the policy makes
absolutely no sense given the facts of past allocations and the current
allocation request."
Common sense at ARIN is dead.
Also Sprach Jeff McAdams
Also Sprach Dan Hollis
Would like to hear from anyone who purchased independent address space
from ARIN, what issues you had (technical, or otherwise).
Nothing other than the usually utter inability to apply any sort of
critical thinking to address space allocations. Attitudes along the
lines of, "We're doing what the policy says, even if the policy makes
absolutely no sense given the facts of past allocations and the current
allocation request."
Common sense at ARIN is dead.
Following up to myself. 
I should think more before sending...
I guess I should also mention their complete lack of communication about
the allocations and how they apply their policy.
Some of you *might* remember a rant I posted here several years ago
about getting our first allocation from ARIN...many here suggested that
I call ARIN and get clarification on the allocation (ie, they gave me a
/20 when I offered to renumber out of a /20 plus a smattering of other
blocks...mathematically impossible, of course). So, when I called them
back, they told me that renumbering out of our upstream provided space
wasn't part of getting the allocation, and wasn't considered in the
allocation process.
So, now, when I go for them for the next allocation, stating that I
*wanted* to renumber out of these blocks, what do I get? Another /20
(now even more mathematically impossible than ever). So, when I called
emailed them for clarification, pointing out that I was actively looking
to renumber out of upstream provided space and that a /20 wasn't enough
space to do so...they told me that they weren't going to give me the
space because the policy's wouldn't allow it (thus my first post), and
that "You were going to renumber when you got your last allocation
several years ago, and you didn't." (quote isn't exact, but captures the
spirit of what was said).
Needless to say...ARIN needs a big foam cluebat upside the head...alas,
I don't see it happening.
I've see the posts from people suggesting that people get involved in
shaping policy at ARIN through the mailing lists and the like...but I
don't go in much for futile efforts.
What do you mean by "purchased" and "independent"? Do you just mean
provider independent space, or is this some other use of independent?
I think ARIN would argue that nobody purchases space from them...you
basically pay (recurring fees) to use the space (more like a lease).
ARIN is certainly a PITA to deal with. I've gone through the initial
allocation for one company where we renumbered out of multiple provider
assigned blocks, second and third allocations and a transfer from a
smaller ISP we bought at my current employer (Atlantic.Net). IIRC (it has
been quite a while) the initial allocation wasn't so bad. The biggest
problem is just record keeping...keeping track of your IP assignments in a
format that lends itself to easily filling out the ARIN IP request form
(which keeps changing and getting more detailed).
In my dealings with them, policy and RFC adherence have been inconsistent.
When we got close to filling our initial allocation (a /18), it was
expanded to a /17 even though our own projections said we'd only use a
fraction of that additional space in the next few months. A couple years
later, when we got close to running out of IPs again, I asked for another
large block and was given a /19 (which I expect we'll burn through pretty
quickly if we ever start using it...damn 69/8 filters) and told that we
should only request/receive a few months supply of IPs at a time. I
don't know about everyone else, but I've got better things to do than go
through the IP request process every few months. We're a stable company
that's been doing the ISP thing for 8 years. Why can't ARIN trust us to
stick around and keep growing our IP utilization? Why shouldn't we keep
getting largeish blocks every year or so and keep our number of announced
routes down rather than a new little block a couple times a year? I'd
much rather announce a few /17's or /16's than a whole bunch of /20's and
/19's. I suspect people with BGP routers running short on memory feel the
same way. Multiply this by a few thousand ARIN members, and it could make
a real impact on routing table growth.
Anyone who's bothered to clean up the ARIN records for IP blocks or ASN's
for networks they've acquired probably knows what a pain that is. Ours
took many months and some help from a 3rd party.
Their latest trick, adding the requirement that IP requests come from a
POC on your ORGID (even if your ORGID has no POCs), and then requiring
requests to modify an ORGID come from a POC on the ORGID (even if your
ORGID has no POCs) was a neat one. Getting that taken care of was made
even more interesting by the fact that we've changed company names since
our first allocation, and ARIN still knows us as our original name
(changing that is another PITA that hasn't been worth tackling/paying
for...we still own the old name, we just don't use it)...so when they
wanted a fax on company letterhead (for a name that hasn't been used for
several years) where do you think the letterhead came from?
ARIN must be predominantly staffed by Vogons.
First, to satisfy those who care deeply about terminology, you don't
"purchase" IP address space from ARIN. You have space allocated to you,
and then pay ARIN dues. You can be the judge of whether that shift in
terminology is of any practical consequence. I think it's not worth
debating.
There aren't really technical issues with this beyond what you'd have to
deal with with normal IP space. If you're running BGP, you'll have to
announce the space and get filters updated to allow it, but you have to do
that with a block of IP space you get from a provider anyway.
The political issues can be a little harder. You'll have to convince your
upstream provder to let you use your own IP space. If you're dealing with
any of the big backbones, this should be a standard request for them. If
you're dealing with somebody who sells mostly to small offices, you may be
asking for a significant departure from standard provisioning procedures.
If you've got a sufficiently small or inexperienced ISP, you may find that
they don't understand the concept. So, depending on who your upstreams
are, this is something to ask about before you go to ARIN and apply for
space.
The process of dealing with ARIN seems to get a lot of people mad, but in
my experience, if you follow the process rather than trying to go around
it, it's pretty easy.
You will have to follow the ARIN guidelines in allocating IP address space
to your customers, and you will need to keep documentation of that. You
should be doing this anyway. This data should be accurate. Most of the
problems I've seen people who otherwise qualified have asking for address
space have been a result of lying on their applications, and then not
being able to keep the lies consistent in response to follow-up questions.
The data should also be kept up to date regularly, not because that's
actually enforced, but because it will cause you to have to do a lot less
scrambling when you suddenly realize you're out of address space.
And then, when you've used up 80% of the space you have, and have all the
assignments SWIPped or in rwhois, you fill out the ARIN form to ask for
more. You'll probably be asked for some clarification, and perhaps for
some justification of the larger assignments you've made to your
customers. Answer those questions truthfully, and if your records are
good, you haven't been making assignments you shouldn't have, and your old
block has more than 80% utilization, you should get your new space.
A recent experience I had with a consulting client is a useful lesson.
The client had been being quite careful about their use of IP space, but
was dangerously close to running out. However, they paniced, decided ARIN
would never believe their story about how the IP space was used, and
instead submitted a form showing what they thought ARIN would want to see.
This resulted in questions, followed by more questions, to the point where
they were ready to give up and declare getting more address space before
running out to be impossible. I then took over, explained the situation
to people at ARIN, submitted an entirely new application showing exactly
what they were using and nothing more. I made a phone call to clarify
some points after getting a response from ARIN asking for more
information, and had the new allocation just over 24 hours after applying
for it.
-Steve
Has anyone run into problems with routing though? If you get space from a
tier1, presumably they have agreements with those they peer with to aceept
traffic from those netblocks.
I'm concerned with independent space, that some providers may refuse to
route/accept the traffic. Has anyone run into issues there?
There's also the possibility being allocated space from some of the "new"
netblocks that were previously bogon space (and being firewalled by
providers who havent updated their filters yet)...
-Dan
Dan Hollis wrote:
Has anyone run into problems with routing though? If you get space from a tier1, presumably they have agreements with those they peer with to aceept traffic from those netblocks.
That's the SOA clause. In reality, most routes are accepted even at /24 lengths. The larger providers are usually not the problem. The problem lies in smaller providers and usually only in the case of misconfigurations (ie out of date BOGON).
I'm concerned with independent space, that some providers may refuse to route/accept the traffic. Has anyone run into issues there?
I advert a /24 that is run independant out of a /16. I've had no issues with routing concerning that particular advert (company owns their own /16 but has a fragmented network requiring smaller adverts).
The only thing you will DEFINATELY have to watch out for is route supression. When you are using a large provider's address space, they announce the shorter prefix and have internal routing to you. When you flap too much and people supress your long prefix, the shorter one takes over and you're still good to go. When you have your own assignments, you no longer have this protection. In other words, flap too much and you go bye bye.
There's also the possibility being allocated space from some of the "new" netblocks that were previously bogon space (and being firewalled by providers who havent updated their filters yet)...
This is inevitable. However, it is improving as traffic is being passed to and from the newer networks. Current damage estimates are rather small, although sometimes a pain to troubleshoot. I recommend running backup MX servers and DNS servers outside of the new address space to limit the ammount of inbound problems.
Jack Bates
BrightNet Oklahoma
Has anyone run into problems with routing though? If you get space from a
tier1, presumably they have agreements with those they peer with to aceept
traffic from those netblocks.I'm concerned with independent space, that some providers may refuse to
route/accept the traffic. Has anyone run into issues there?
As soon as you get the space, register it in altdb (whois.altdb.net).
Some networks apparently filter based on the routing registries. Then
there are the clueless/non-maintained networks that filter based on
outdated info. See http://not69box.atlantic.net/ for more on that.
There's also the possibility being allocated space from some of the "new"
netblocks that were previously bogon space (and being firewalled by
providers who havent updated their filters yet)...
Not "the possibility"...the certainty. If you don't have "old PI space",
you're screwed, because you're going to get tainted space. Until all the
filters get fixed (i.e. likely never), it's probably a good idea to get a
/24 from your provider(s) even if you get PI space, and use a few
addresses from that 'old space', assuming your providers have some old
space they can give you, for backup MX and NS records. It'll make
switching providers a little trickier, but not nearly as bad as if you
were entirely in their space.