At the risk of getting called out for posting possibly operationally significant stuff in the middle of a massive retrospective about WCOM's acquisitions, here's a circleid post from a couple days ago from John Curran at ARIN.
6. ARIN receives a fraud/abuse complaint that A's space is being used by B.
7. ARIN discovers that A is no longer using the space in accordance with their RSA
8. ARIN reclaims the space and A and B are left to figure out who owes what to whom.
So is there a fine line between "selling"/"renting" the space to B and
providing 1Mbit of bandwidth over a GRE tunnel to B and allowing them to
announce the space via any other transit provider? I'm just curious what the
difference is (besides a bit of technical work with the latter). It will be
interesting to see what happens as the last of the IPv4 space is exhausted.
  ) % of ARIN managed resource covered by standard RSA?
  ) % of ARIN managed legacy resource covered by legacy RSA?
  ) % of ARIN managed legacy resource not otherwise covered?
  ) % of ARIN region entities (A & B above) that have offices/relationships
    with other RIRs that have a divergent transfer process in place?
  I think your analysis might be true for my first bucket, am less sure it would
  work for the remaining three.
how does ARIN or whomever deal with similar situations where someone is advertising un-allocated, un-assigned by ARIN IP space in NA? do they have a deal/agreement with the 'backbone' providers?
I don't entirely understand the process. Here's the flow chart as far
as I've figured it out:
1. A sells a /20 of IPv4 space to B for, say, $5,000
2. A tells ARIN to transfer the chunk to B
3. ARIN says no, B hasn't shown that they need it
4. A and B say screw it, and B announces the space anyway
5. ???
R's,
John
Owen Said:
6. ARIN receives a fraud/abuse complaint that A's space is being used
by B.
7. ARIN discovers that A is no longer using the space in accordance
with their RSA
8. ARIN reclaims the space and A and B are left to figure out who owes
what to whom.
You know I love you Owen.
9. A sues ARIN for tortuous contract interference.
10. B sues ARIN for same.
11. C and D join the law suit.
12. Judges step in.
13. ARIN gets mired in lawsuit after lawsuit
14. Dogs and cats start living together
I don't entirely understand the process. Here's the flow chart as far
as I've figured it out:
1. A sells a /20 of IPv4 space to B for, say, $5,000
2. A tells ARIN to transfer the chunk to B
3. ARIN says no, B hasn't shown that they need it
4. A and B say screw it, and B announces the space anyway
5. ???
6. ARIN receives a fraud/abuse complaint that A's space is being used by B.
7. ARIN discovers that A is no longer using the space in accordance with their RSA
8. ARIN reclaims the space and A and B are left to figure out who owes what to whom.
9. A and B ignore ARIN's email and continue to announce what they've been announcing.
10. ARIN attempts to allocate the /20 to someone else, who is not amused.
Note that at this point ARIN presumably has no more v4 space left, so a threat never to allocate more space to A or B isn't very scary. Given its limited practical leverage, ARIN is only effective insofar as its members and customers agree that playing by ARIN's rules is more beneficial than ignoring them.
Right, and Im answering my own question here, for (8) about the reclaiming -
what upstream is going to stop carrying prefixes from a downstream that's
'illegally' announcing them? Is this upstream going to cut that customer off and
lose the revenue, just to satisfy ARIN's bleating? From what I gather, all that
ARIN can do is remove the NS records for the i-a.a reverse zone for the offending
block, making SMTP a little trickier from the block, but not much else.
Unless I didnt see the other large sticks ARIN's carrying? I've never seen them
send hired goons to anyone's door... yet?
Is this upstream going to cut that customer off and
lose the revenue, just to satisfy ARIN's bleating?
Isn't this a little bit like an SSL daemon? One which refuses to process a revocation list on the basis of the function of the certificate is useless. The revocation list only has authority if the agent asks for and processes it. Would you use this SSL daemon, knowing that it had this bug?
I would consider a transit provider who subverted an ARIN revocation to be disreputable, and seek other sources of transit.
Best Regards,
Nathan Eisenberg
Atlas Networks, LLC
Is this upstream going to cut that customer off and
lose the revenue, just to satisfy ARIN's bleating?
Isn't this a little bit like an SSL daemon? One which refuses to process a revocation list on the basis of the function of the certificate is useless. The revocation list only has authority if the agent asks for and processes it. Would you use this SSL daemon, knowing that it had this bug?
It seems to me that most people trust certificates even if there is no certificate authority at all, revocations or no. So if "you" means "the market," I would say the answer is yes.
One which refuses to process a revocation list on the basis of the
function of the certificate is useless.
no, it's not. ssl as a form of identity assurance itself is what is
useless.
The revocation list only has authority if the agent asks for and
processes it.
most don't do this, because:
- most SSL daemons don't serve the revocation lists;
- most SSL agents don't know how to download the revocation lists from
another source.
see previous note about SSL being worthless for identity assurance.
Would you use this SSL daemon, knowing that it had this bug?
i wouldn't care - see above points.
I would consider a transit provider who subverted an ARIN revocation
to be disreputable, and seek other sources of transit.
how do you know if the ARIN revocation is proper? with the IPv4
exhaustion becoming very close to happening now, it is possible that
ARIN could "go rogue."
following a corporation (yes, ARIN is a corporation) as if you were a
sheep will empower them to do precisely this in the future.
I would consider a transit provider who subverted an ARIN revocation to be disreputable, and seek other sources of transit.
easy to say, but the reality is you may chose not to do so due to logistical, monetary or management/boss reasons which trumps your constitutionally balanced nature.
If someone who was downstream from this provider in a similar situation, I'd say there is a stronger propensity for them to not 'do the right thing'. which by the way isn't a law, so who says its right? its a set of guide lines a group of folks put together.
Thank you John for saying this... As noted, ARIN's just trying to administer
the policies that the community has developed. This means that we will revoke
the address space for cases of fraud, and will reissue to one of you to use.
Now, if that's not the desired outcome, the policies are subject to change
via the public policy process. As it is, folks need to expect that they may
receive address space that was revoked as a result of such misuse, or change
the policies to have ARIN do something else.