Has this been discussed here? I did a quickie search and saw nothing. Other than spam to a technical mailing list, do you guys care, or is it a non-issue?
scott
--- Begin forwarded message:
Yes... See ARIN NRPM 8.3 and Simplified Transfer Listing Service (STLS).
If you want to see changes to these, suggest submitting policy via ARIN PPML
or suggestions via the ARIN Consultation and Suggestion Process (ACSP).
Both are documented at the above web site.
Owen
Has this been discussed here?
Not yet for this particular instance.
I did a quickie search and saw nothing. Other than spam to a technical mailing list, do you guys care, or is it a non-issue?
Unfortunately, it's an issue. It's a painfully obvious outcome of the laws of supply and demand and the inability of the RIRs to effectively evolve to meet the changing environment. As with any disruptive event (which the exhaustion of the IPv4 free pool clearly is), there will be a bit of chaos as things settle down into new patterns.
On the positive side, I figure it means it will be more likely that allocated-but-unused IPv4 address space will be put back into play (since there is now a financial incentive to do so). An explicit cost for obtaining IPv4 should also help justify IPv6 deployment (since the (fixed) cost of IPv6 deployment will be able to be compared against the unpredictable but likely increasing cost of obtaining IPv4 addresses). Operationally, there are concerns, specifically how ISPs determine whether the addresses presented to them are owned by the presenter (if they care), but I understand that's already a problem (as demonstrated by Ron's postings).
Interesting times.
Regards,
-drc
Yes... See ARIN NRPM 8.3 and Simplified Transfer Listing Service (STLS).
ARIN allows the listing of non-ARIN blocks on their listing service?
Also, doesn't the Microsoft-Nortel transaction violate NPRM 8.3 in that according to the court documents I've seen, Microsoft appears to have signed an LRSA (not an RSA as would seem to be required by the NPRM and as mentioned on ARIN's press release) and there doesn't appear to be anything suggesting Nortel entered into any agreement with ARIN (RSA or LRSA, however I will admit I haven't looked too closely)?
If you want to see changes to these, suggest submitting policy via ARIN PPML
or suggestions via the ARIN Consultation and Suggestion Process (ACSP).
As far as I can tell, the participants in ARIN's processes are more interested in trying to be a regulator than in being a registry. Given ARIN is not a government body and it does not have full buy-in from those who they would try to regulate, I suspect this will directly result in a proliferation of folks like tradeipv4.com, depository.net, etc. Unfortunately, I figure this will have negative repercussions for network operations (unless someone steps in and provides a definitive "address titles registry").
Regards,
-drc
Also, doesn't the Microsoft-Nortel transaction violate NPRM 8.3 in that according to the court documents I've seen,
John Curran has stated unambiguously (on the ARIN PPML mailing list) that NRPM policy *was* followed. While I may disagree, at present I'm rather focused on understanding how he interprets and implements this policy. Here are my understandings at this time:
Microsoft appears to have signed an LRSA (not an RSA as would seem to be required by the NPRM and as mentioned on ARIN's press release)
Court documents show that "a LRSA" has been agreed rather than "the RSA". As you point out, the actual text of NRPM requires RSA. Thus I assume that ARIN staff procedure will accept any form of RSA as satisfying this requirement, including the standard LRSA or a negotiated LRSA.
(This latter possibility makes me wonder about what MSFT actually agreed to, in their version of the LRSA, and whether it will be fairly offered to all parties...)
and there doesn't appear to be anything suggesting Nortel entered into any agreement with ARIN (RSA or LRSA, however I will admit I haven't looked too closely)?
The court documents do not indicate that Nortel has agreed anything with ARIN. This brings to question, how were the blocks "released" to ARIN for transfer? In answer, John Curran has stated that the court filings satisfy this requirement without any further agreement with Nortel. Thus I assume that ARIN will accept any legal document confirming ownership and the desire to transfer.
There is another aspect of NRPM 8.3 (specified transfer policy) that appears, to an outside observer, to have been ignored by this Nortel/Microsoft transfer: needs justification. However, John Curran has stated that it did occur. Somehow, according to him, Microsoft has demonstrated a need for 666,624 IPv4 addresses in the form of the exact block(s) that are being transferred. (For what it's worth, I think "needs justification" is bad policy for a market. My only concern here is whether ARIN follows community developed policy, as John says they have.)
Cheers,
-Benson
As far as I can tell, the participants in ARIN's processes are more interested in trying to be a regulator than in being a registry. Given ARIN is not a government body and it does not have full buy-in from those who they would try to regulate, I suspect this will directly result in a proliferation of folks like tradeipv4.com, depository.net, etc. Unfortunately, I figure this will have negative repercussions for network operations (unless someone steps in and provides a definitive "address titles registry").
I agree completely with this concern. Against good advice of friends (who said I would be wasting my time), I tried to do something about it: I introduced several policy proposals to ARIN that deal with the question of authority and ownership.
At John Curran's advice, the ARIN Advisory Council abandoned my proposals. Two of them are now in "petition" for further discussion, including ARIN-prop-134 which outlines how to identify a "legitimate address holder" and ARIN-prop-136 which allows a Legacy holder to "opt-out" of ARIN's services. The idea is to make it possible for legacy holders (who don't have a contract with ARIN) to disarm ARIN's whois weapon.
If anybody on NANOG supports these concepts, please express your support to PPML so that the proposals can move forward.
Please see these links for more info:
Cheers,
-Benson
Yes... See ARIN NRPM 8.3 and Simplified Transfer Listing Service (STLS).
ARIN allows the listing of non-ARIN blocks on their listing service?
No. If you're talking about inter-RIR transfers, then, that would be subject to draft policy
2011-1 which was reviewed at the recent Public Policy meeting in San Juan, PR and
will be discussed by the AC again in May.
Also, doesn't the Microsoft-Nortel transaction violate NPRM 8.3 in that according to the court documents I've seen, Microsoft appears to have signed an LRSA (not an RSA as would seem to be required by the NPRM and as mentioned on ARIN's press release) and there doesn't appear to be anything suggesting Nortel entered into any agreement with ARIN (RSA or LRSA, however I will admit I haven't looked too closely)?
At the request of counsel, I am not going to comment on this. I do not have enough data available to me
at this time to make any such judgment one way or the other.
If you want to see changes to these, suggest submitting policy via ARIN PPML
or suggestions via the ARIN Consultation and Suggestion Process (ACSP).As far as I can tell, the participants in ARIN's processes are more interested in trying to be a regulator than in being a registry. Given ARIN is not a government body and it does not have full buy-in from those who they would try to regulate, I suspect this will directly result in a proliferation of folks like tradeipv4.com, depository.net, etc. Unfortunately, I figure this will have negative repercussions for network operations (unless someone steps in and provides a definitive "address titles registry").
We have, on multiple occasions agreed to disagree about this, so, it should not come as a surprise
that I continue to disagree with you.
Owen
At John Curran's advice, the ARIN Advisory Council abandoned my proposals. Two of them are now in "petition" for further discussion, including ARIN-prop-134 which outlines how to identify a "legitimate address holder" and ARIN-prop-136 which allows a Legacy holder to "opt-out" of ARIN's services. The idea is to make it possible for legacy holders (who don't have a contract with ARIN) to disarm ARIN's whois weapon.
I don't agree with this characterization of our actions.
I did not feel that John Curran advised us to act in any particular direction. Yes, he did raise some concerns
about the outcome of the policy proposals being adopted, but, many of us already had those concerns in
mind before John said anything.
I believe that if the AC felt that your proposals were in the best interests of the community and/or had the
broad support of the community, we would have placed them on the docket with or without the concerns
expressed by Mr. Curran.
I am speaking here only of my own personal perspective, but, I can assure you that my vote in favor
of abandoning your proposals was based entirely on the lack of community support for the proposals
and the nature of the proposals themselves being contrary to what I believed was the good of the
community.
Owen
ARIN has all the buy-in they need: No transit network will (except by
act of omission/mistake) allow you to announce IPs that aren't
registered to you in an RIR database, or delegated to you by the
registrant of those IPs.
I am unapologetic when it comes to ARIN. They are very bad at a lot
of things, and they allow themselves to be railroaded by organizations
that have out-sized budgets / influence (see my post a few years ago
regarding Verizon Wireless.) My list of "ARIN gripes" is as long as
the day, but I'll spare you the details.
If we didn't have ARIN, we would probably have one of two things:
1) no "regulator" at all, thus BGP anarchy (we came surprisingly close
to that in the 1990s at least once)
2) a worse "regulator" who is totally uninterested in the small ISP /
hosting shop / Fortune 50,000, as opposed to the Fortune 500
If ARIN's primary benefit to us is to protect us from these two
unarguably worse evils, they are doing a fine job. Even from my
outsider's perspective, I understand that ARIN is sometimes forced to
make significant compromises, which we may find objectionable, to
prevent us from being truly thrown to the wolves.
Would I like ARIN to function better? Sure, in plenty of ways. I do
not think it would function better if it were "just a WHOIS database."
I introduced several policy proposals to ARIN that deal with the
question of authority and ownership.
...
If anybody on NANOG supports these concepts, please express your
support to PPML so that the proposals can move forward.
perhaps, if you are seeking support for commercial activity, you should
make your employment more clear and declare any conflicts of interest.
randy
Jeff,
ARIN has all the buy-in they need: No transit network will (except by
act of omission/mistake) allow you to announce IPs that aren't
registered to you in an RIR database, or delegated to you by the
registrant of those IPs.
And yet, Ron has recently raged on this list about hijacked prefixes used for spamming, so clearly "no transit network" is inaccurate.
Regardless, for sake of argument, let's assume ARIN refused to recognize the Microsoft/Nortel sale and Microsoft deploys a few prefixes of those 666K addresses for (say) new MSN services. Do you think ISPs, particularly the larger ones, all over the world would refuse to accept those announcements (especially when their call centers start getting calls from irate customers who aren't able to gain access to MSN services)?
If we didn't have ARIN, we would probably have one of two things:
Just to be clear, I don't believe the suggestion is that ARIN goes away, rather that "post allocation services" (e.g., reverse DNS, registration maintenance, etc.) for IPv4 no longer be a geographical monopoly. However, taking the bait:
1) no "regulator" at all, thus BGP anarchy (we came surprisingly close to that in the 1990s at least once)
And the solution to that "BGP anarchy" (by which I assume you mean a flood of long prefixes) in the 1990s was some ISPs deploying prefix length filters to protect their own infrastructures. Been there, got several t-shirts. Yes, over time, the sales/marketing folks will force the network engineers to remove the filters once hardware has been upgraded, but once established, minimum prefix lengths (at least the perception of them) seem to have a long half-life.
It's also true that ARIN (at least currently, before RPKI is deployed) has no control over routing policy so suggesting that they regulate BGP anarchy may not be accurate.
2) a worse "regulator" who is totally uninterested in the small ISP / hosting shop / Fortune 50,000, as opposed to the Fortune 500
We're talking about IPv4 addresses which will (soon) be unavailable from the RIRs because the free pool has been exhausted. The small ISP/hosting shop/Fortune 50,000 who have not already taken steps to adjust to this new reality will simply be screwed regardless of what ARIN or the other RIRs do. Even if alternative "post allocation services" providers didn't exist, the Fortune 500 are going to be able to pay more to the folks with allocated-but-unused addresses than the 'all but Fortune 500' and I have no doubt that the Fortune 500 will be able to justify "need" (to any level of detail) just as well as the 'all but Fortune 500'. Or do you believe ARIN et al. will be establishing price caps and establishing who among the various requesters for the same block deserves to get the SLS seller's blocks?
What a bunch of folks seem to have gotten their panties in a bunch about is the idea that without our Benevolent RIR Overlords, Enron-wannabes are going to go around and buy up all the unused IPv4 address space and make a killing selling it to the highest bidder. I'm afraid I haven't been able to get worked up about this: the only difference between the world with the BRO and without I can see is who gets the money (and this is ignoring the debate as to whether speculators can encourage bringing more addresses into play since their sitting on lost opportunity cost of they simply hoard IPv4 addresses). I find the whole discussion quite odd: laws of economics are pretty clear about situations with limited supply and increased demand and the reality is that ARIN is not a regulator and has essentially no enforcement mechanisms outside of contractual relationships. It is a 501(c)(6) consisting of 3865 members, of which a couple of hundred technical folks participate in policy definition processes that affect tens of millions of people, the vast majority of which have never heard of ARIN. As long as the policies ARIN defined by the technical folk don't affect folks with money/power in negative ways, everything is fine. That time is just about over. People really need to adjust.
I do not think it would function better if it were "just a WHOIS database."
To try to bring this back to NANOG (instead of PPML-light), the issue is that since at least two alternative registries have apparently been established, how are network operators going to deal with the fact that the currently execrable "whois database" is almost certainly going to get worse?
Regards,
-drc
Hi, Randy.
perhaps, if you are seeking support for commercial activity, you should
make your employment more clear and declare any conflicts of interest.Fair enough.
I am employed by Cisco Systems, but all of my statements are my own and I do not represent my employer. I believe that my employer may benefit from any policy that makes IP addresses more available to more of our customers - we can perhaps sell more routers if more people have addresses - but nobody from Cisco has encouraged me to work in this topic. Otherwise, I have no commercial interest in the outcome of the policy proposals that I've made. The proposals that I've put forward are an honest attempt to motivate conversation.
On the contrary, I believe router vendors including but not limited to
Cisco benefits more from IPv4 address exhaustion, as it's an
opportunity to sell new gear that can do hardware forwarding of IPv6
packets, or sell software upgrades to CPU-based platforms (either due
to lack of IPv6 altogether or lack of support of newer IPv6 features).
That doesn't mean that router vendors are promoting address exhaustion
chaos to get new business. That would be a nice conspiracy theory,
though...
Rubens
If anybody has any doubts and/or I can clarify anything about my
interests, let me know.
could you please clarify your relationship to depository.com?
randy
I know some of the people involved in Depository, and I have spoken with them about what they're trying to do. I might go so far as to call some of them friends. But to my knowledge I have no formal relationship with Depository or any affiliated company.
Cheers,
-Benson
And yet, Ron has recently raged on this list about hijacked prefixes used for spamming, so clearly "no transit network" is inaccurate.
I try to qualify my remarks when necessary. In this case, I wrote
"except by act of omission/mistake," and you evidently did not read
that carefully, or have construed "transit network" to mean any
two-bit ISP with one BGP customer (or shell company downstream of
them), rather than serious, global networks.
Regardless, for sake of argument, let's assume ARIN refused to recognize the Microsoft/Nortel sale and Microsoft deploys a few prefixes of those 666K addresses for (say) new MSN services. Do you think ISPs, particularly the larger ones, all over the world would refuse to accept those announcements (especially when their call centers start getting calls from irate customers who aren't able to gain access to MSN services)?
ARIN has very carefully allowed our industry to largely avoid this
choice, as InterNIC did before. Their methods have sometimes been
objectionable, but the devil we know is better than the devil we
don't.
1) no "regulator" at all, thus BGP anarchy (we came surprisingly close to that in the 1990s at least once)
And the solution to that "BGP anarchy" (by which I assume you mean a flood of long prefixes)
No, I mean if ARIN had lost its perceived or actual legitimacy, and
networks really were able to "permanently hijack" whatever IPs they
decided to claim for themselves, we would have had anarchy at worst,
or more likely, transit-free ISPs with commercial interest in
customers not having portable address space controlling all
allocations of portable addresses.
This almost happened.
We're talking about IPv4 addresses which will (soon) be unavailable
I'm not confused about that. If it were up to me, I would simply
freeze all IPv4 allocations immediately. I do not think the current
sale-and-transfer scheme is good. I also don't *care* that much,
because the more screwed up the "legacy IPv4 Internet" becomes, and
the faster it gets there, the better it is for my business. I'm
pretty sure I am not alone in this thinking.
At John Curran's advice, the ARIN Advisory Council abandoned my proposals. Two of them are now in "petition" for further discussion, including ARIN-prop-134 which outlines how to identify a "legitimate address holder" and ARIN-prop-136 which allows a Legacy holder to "opt-out" of ARIN's services. The idea is to make it possible for legacy holders (who don't have a contract with ARIN) to disarm ARIN's whois weapon.
I don't agree with this characterization of our actions.
Nor do I.
Those that wish to understand the ARIN Advisory Council's actions in
earnest can find the results of the AC meeting in question here:
[http://lists.arin.net/pipermail/arin-ppml/2011-March/020373.html\] and
the minutes from that meeting, here:
[https://www.arin.net/about_us/ac/ac2011_0317.html\].
You are also welcome to ping me off-list (or on arin-ppml) if you are
interested in a further explanation of my own reasons for voting to
abandon the proposals in question.
Cheers,
~Chris
David -
Does it have to get worse simply because there is change? I see no particular
reason that the Internet number registry system can't evolve into something
with multiple registries including overlapping service regions and competition
if that's what folks actually want. We've seen this in the DNS space and I can't
say that it necessarily worse or better than what resulted from the prior single
registry model.
However, it's definitely true that what occurred in the DNS space is clearly
documented, has a complete fabric of contractual agreements, and was part of
a multi-year discussion regarding goals of the overall system and various
proposals on how it should best change.
Now, Internet number resources are different in many ways, including the
fact that network operators must have reliable access to the information in
order to keep things running. Registrants may have exclusive use of their
numbers, but the network operators also have a right to know the registration
of any given piece of address space. As you know, multiple IP registries
would definitely pose some coordination challenges in being able to reliably
account for all of the address space at any given moment.
What we lack is any meaningful proposals on how to restructure the Internet
number registry system, including what are the goals of doing such, how are
those goals and the existing requirements are met, and what protections are
needed for integrity of the system. It's possible if this were discussed by
the global community, it might be obvious how to best proceed or not.
Personally, I do not see it as inevitable that "alternative registries" must
have a detrimental impact to the WHOIS database, unless they are introduced
in an uncoordinated manner and without global discussion of the actual goals.
/John
John,
Does it have to get worse simply because there is change?
Have to? No. However, historically, entropy has generally increased.
I see no particular
reason that the Internet number registry system can't evolve into something
with multiple registries including overlapping service regions and competition
if that's what folks actually want.
We already have multiple registries, albeit with arbitrary (and increasingly unjustifiable and unsustainable) geographical service area monopolies. This actually points to one of the symptoms of the underlying problem: a near terminal case of NIH syndrome. For example, just for fun, compare/contrast the results of the following 5 commands (to pick a prefix at semi-random):
% whois -h whois.afrinic.net 128.8.10.5
% whois -h whois.apnic.net 128.8.10.5
% whois -h whois.arin.net 128.8.10.5
% whois -h whois.lacnic.net 128.8.10.5
% whois -h whois.ripe.net 128.8.10.5
Note the wildly differing response structure/schemas/tags/values/etc. Being objective, doesn't this strike you as insane? Even ignoring the simple brokenness of everybody having their own registry data schema/response, I keep hearing from anti-spam folks, law enforcement, network operators, etc., that the quality of the data actually returned is simply abysmal. And soon, network operators are going to be asked to make routing decisions on this data not just at customer acceptance time.
However, as far as I can tell, multiple registries isn't what is implicitly being proposed. What appears to be eing proposed is something a bit like the registry/registrar split, where there is a _single_ IPv4 registry and multiple competing 'post-allocation services' providers. A single registry with a single database schema and data representation would seem to me to be infinitely better than what we have now (and what it looks like we're moving towards). I personally don't have a strong opinion on the competitive address registrar idea as long as there is a consistent set of registration requirements, but in my experience (reasonably regulated) competition tends to bring higher quality/lower prices vs. monopolies.
Registrants may have exclusive use of their
numbers, but the network operators also have a right to know the registration
of any given piece of address space.
I'm not sure I see that there should be a difference in the operational requirements for the DNS registration data, but that's a separate topic.
As you know, multiple IP registries
would definitely pose some coordination challenges in being able to reliably
account for all of the address space at any given moment.
Which is exactly my point. Given that market forces are driving the establishment of (presumably) competitive "address registrars", of which the first two now apparently exist, how are network operators going to deal with the proliferation of whois databases they're going to need to query to establish 'ownership' of prefixes?
What we lack is any meaningful proposals on how to restructure the Internet
number registry system, including what are the goals of doing such, how are
those goals and the existing requirements are met, and what protections are
needed for integrity of the system.
Unfortunately, I suspect we are past the time in which a well thought out, global consultative action (even assuming an agreeable venue for such a consultation can be identified) would result in a plan of action before being overtaken by events. There are already two "address registrars" and at least 5 (6 if you count IANA) address whois databases. I expect there to be more in the future, particularly now there is an existence proof that you can sell addresses and the Internet doesn't explode.
Hoever, perhaps I'm being too pessimistic. What venue do you propose for a global consultative action to be taken in an open, transparent, an unbiased manner?
Personally, I do not see it as inevitable that "alternative registries" must
have a detrimental impact to the WHOIS database, unless they are introduced
in an uncoordinated manner and without global discussion of the actual goals.
This coming from the CEO of the RIR that decided to come up with their own (and yet another) completely new replacement for the whois protocol (maybe the 5th attempt will be the charm)...
Regards,
-drc
However, as far as I can tell, multiple registries isn't what is implicitly being proposed. What appears to be eing proposed is something a bit like the registry/registrar split, where there is a _single_ IPv4 registry and multiple competing 'post-allocation services' providers. A single registry with a single database schema and data representation would seem to me to be infinitely better than what we have now (and what it looks like we're moving towards). I personally don't have a strong opinion on the competitive address registrar idea as long as there is a consistent set of registration requirements, but in my experience (reasonably regulated) competition tends to bring higher quality/lower prices vs. monopolies.
Alas, you seem to have better perception skills, since I can't find any proposal
containing any of what you outlined above.
What we lack is any meaningful proposals on how to restructure the Internet
number registry system, including what are the goals of doing such, how are
those goals and the existing requirements are met, and what protections are
needed for integrity of the system.Unfortunately, I suspect we are past the time in which a well thought out, global consultative action (even assuming an agreeable venue for such a consultation can be identified) would result in a plan of action before being overtaken by events. There are already two "address registrars" and at least 5 (6 if you count IANA) address whois databases. I expect there to be more in the future, particularly now there is an existence proof that you can sell addresses and the Internet doesn't explode.
How does transfer of number resources within a region imply additional whois
databases?
Hoever, perhaps I'm being too pessimistic. What venue do you propose for a global consultative action to be taken in an open, transparent, an unbiased manner?
I've suggested ICANN, IGF, or the RIRs... (I include the last one specifically
for Mr. Mueller, since he observed "One comes away with the conviction that the
so-called bottom up policymaking .. is actually (more or less) seriously pursued
here." and "I really liked the way nearly all ARIN discussions are in plenary and
decisions are actually made. "
<http://blog.internetgovernance.org/blog/_archives/2010/4/20/4509826.html>\)
FYI,
/John