Normal ARIN registration service fees for LRSA entrants after 31 Dec 2023 (was: Fwd: [arin-announce] Availability of the Legacy Fee Cap for New LRSA Entrants Ending as of 31 December 2023)

NANOGers -

At present ARIN continues to provide the favorable annual maintenance fee cap for legacy resource holders who enter
into an LRSA with ARIN, but this cap on total maintenance fees not be offered to those entering an LRSA after 31 Dec
2023 and they will instead paying the same registration services plan fees as all other ARIN customers. See attached
announcement for details.

We strongly encourage all legacy resource holders who have not yet signed an LRSA to cover their legacy resources to
consider doing so before 31 December 2023 in order to secure the most favorable fees for their ARIN Services as well
as being able to access ARIN’s more advanced services such as the Internet Routing Registry (IRR) and Resource Public
Key Infrastructure (RPKI) services.

FYI,
/John

John Curran
President and CEO
American Registry for Internet Numbers

We strongly encourage all legacy resource holders who have not yet
signed an LRSA to cover their legacy resources to

consult a competent lawyer before signing an LRSA

randy

I concur , And seconded .

   Hth , JimL

John Curran wrote:

> We strongly encourage all legacy resource holders who have not yet
> signed an LRSA to cover their legacy resources to

consult a competent lawyer before signing an LRSA

Amen to that. ARIN's stance on legacy resources has traditionally been
that ARIN would prefer to charge you annually for them, and then
"recover" them (take them away from you) if you ever stop paying, or if
they ever decide that you are not using them wisely. If you once agree
to an ARIN contract, your resources lose their "legacy" status and you
become just another sharecropper subject to ARIN's future benevolence or
lack thereof.

The change recently announced by John Curran will make the situation
very slightly worse, by making ARIN's annual fees for legacy resources
changeable at their option, instead of being capped by contract. ARIN
management could have changed their offer to be better, if they wanted
to attract legacy users, but they made an explicit choice to do the
opposite.

By contrast, RIPE has developed a much more welcoming stance on legacy
resources, including:

  * retaining the legacy status of resources after a transfer or sale
  * allowing resources to be registered without paying annual fees to RIPE
     (merely paying a one-time transaction fee), so that later non-payment
     of annual fees can't be used as an excuse to steal the resources.
  * agreeing that RIPE members will keep all their legacy resources even if
     they later cease to be RIPE members

You are within the RIPE service area if your network touches Europe,
northern Asia, or Greenland. This can be as simple as having a rented
or donated server located in Europe, or as complicated as running a
worldwide service provider. If you have a presence there, you can
transfer your worldwide resources out from under ARIN policies and put
them under RIPE's jurisdiction instead.

Moving to RIPE is not an unalloyed good; Europeans invented bureaucracy,
and RIPE pursues it with vigor. And getting the above treatment may
require firmly asserting to RIPE that you want it, rather than accepting
the defaults. But their motives are more benevolent than ARIN's toward
legacy resource holders; RIPE honestly seems to want to gather in legacy
resource holders, either as RIPE members or not, without reducing any of
the holders' rights or abilities. I commend them for that.

Other RIRs may have other good or bad policies about legacy resource
holders. As Randy proposed, consult a lawyer competent in legacy domain
registration issues before making any changes.

  John

John -

Your summary is not inaccurate; I will note that ARIN’s approach is the result of aiming for
a different target – that more specifically being the lowest possible fees administered on an
equitable basis for _all resource holders_ in the region.

For more than two decades legacy resource holders have been provided the opportunity to
normalize their relations with ARIN by entry into an LRSA - thus receiving the same services
on the same terms and conditions as all others in the region (and also with a favorable fee cap
applied to their total annual registry fees.) While many folks have taken advantage of that
offer over the years, it’s quite possible that all of those interested have already considered
the matter and hence going forward we are returning to the refrain of the entire community
in seeking the lowest fees applied equitably to all in the region.

As we’ve recently added more advanced services that may be of interest to many in the
community (RPKI and authenticated IRR) and also have just made a favorable simplification
to the RSA in section 7 (an area that has been problematic for some organizations in the past),
it is important that ARIN not subset availability of the legacy fee cap without significant notice,
as there many be a few folks out there who were unaware of LRSA with fee cap availability
and/or haven’t recently taken a look at the various tradeoffs.

In any case, legacy resource holders who don’t care for these advanced services (whose
development and maintenance is paid for by the ARIN community) can simply continue to
maintain their legacy resources in the ARIN registry. They do not have to do anything, as
ARIN is continuing to provide basic registration services to the thousands of non-contracted
legacy resource holders (including online updates to your resources, reverse DNS services,
etc.) without fee or contract.

Thanks!
/John

John Curran
President and CEO
American Registry for Internet Numbers

NANOGers -

  My bad – one typo in the message that follows; it should read “… it is important that ARIN not _sunset_ availability of the legacy fee cap …” (NOT subset, subnet, subject, etc.)

Thanks!
/John

John Curran
President and CEO
American Registry for Internet Numbers

Yo John!

Gary -

We do have some cases where folks have difficulty demonstrating that the resources were issued to
them (and/or have disputes between parties over who is the actual rights holder), but otherwise you
should be able to create an ARIN Online account and administer ARIN services for the address block
without any agreement - see https://www.arin.net/resources/guide/legacy/services/ for details. The
intent is that legacy resource holders receive the same registry services (w/o fee or contract) as they
did before ARIN’s inception.

If you’ve got a situation where you believe that has not been the case, reach out to our Registration
Services Helpdesk <https://www.arin.net/resources/guide/helpdesk/>, and if that fails, reach out to
me and provide a reference to the appropriate ARIN ticket(s) so that I can review.

Thanks!
/John

John Curran
President and CEO
American Registry for Internet Numbers

Speaking from the enterprise / end site perspective I would bet there are a lot of legacy holders that other than maybe updating their reverse DNS records once or twice haven’t looked at ARIN policies or their allocation since the late 1980s. In most cases there really is not strong technical reason to, the stuff just keeps working.

We are put in kind of an awkward place by the current policies. On one hand some of us would like to be good Internet citizens and implement things like IRR and RPKI for our resources to help the larger community. But show the RSA/LRSA to your lawyers with the justification that "I would like to implement RPKI, but everything will keep working even if we don't." You can bet they will never jump on board. On one hand there is a push from ARIN and the larger community to use these advanced services, but on the other hand the fees and risk far outweigh the benefits. (Heck the fees aren’t even that big of a deal, just the risk of loosing control of our legacy allocations.)

Tom Krenn
Network Architect
Enterprise Architecture - Information Technology

You could try suggesting IANA/PTI/ICANN to have a different RPKI trust
anchor and provide such services to legacy block holders. As you
mentioned, that would probably have a price tag attached to it to
cover the costs for such operations, but a contract could stay away
from ownership issues and not either say the blocks are yours or that
the blocks could be taken from you. Pay for the services, get RPKI;
don't pay them, RPKI ROAs expire.

I have a feeling that the recurring cost would be higher than using
the scale that the RIR system has in providing those services, and
that doing RIR-shopping (like what was already suggested here, moving
the resources to RIPE) is simpler and more cost effective. But this
would at least expose the real costs without making the RIR-allocated
resource holders subsidize legacy resource holders, which is the good
thing I see in the direction ARIN is going.

Rubens

You could try suggesting IANA/PTI/ICANN to have a different RPKI trust
anchor and provide such services to legacy block holders.

the rpki design cabal assumed the iana would be the rpki root. rir
power players blocked that. so each rir is 0/0. brilliant, eh?

randy

I'm not fond of that decision either, but at this point it is how it
is. We already have the operation of inter-RIR reverse DNS
synchronization since each /8 is not single-RIR anymore, and I believe
a similar mechanism could have allowed for a single RPKI root.

But I note that the 0/0 trust anchors preceded IANA transition to PTI,
and that even after the transition, we still have an organization that
doesn't have jurisdictional immunity in the US to prevent possible
petty challenges to the system. So the world at large still benefits
from the multiple trust anchor design, when all trade-offs are
accounted for.

Rubens

An interesting idea, but like others have said I think the ship may have sailed for RPKI. Really I have no problem with the ARIN fees. They are a drop in the bucket for most network budgets. In fact as a legacy holder I would gladly pay the same as an RIR-allocated resource holder if it would allow the use of the more advanced services. It's the ownership question and RSA/LRSA language that throws the wrench in everything.

As John said " I will note that ARIN’s approach is the result of aiming for a different target – that more specifically being the lowest possible fees administered on an equitable basis for _all resource holders_ in the region.". If that's the goal, give us the option to pay the same without all the legal mess around signing the RSA/LRSA. I'm sure that's what has been holding some organizations back for the couple decades mentioned. It has been the major stumbling point for a few of the ones I've been part of over the years.

Tom Krenn
Network Architect
Enterprise Architecture - Information Technology

Tom -

Over the years, ARIN has made several revisions to the RSA/LRSA to make it both clearer and more customer friendly,
and the most recent version (announced earlier this week - <https://www.arin.net/announcements/20220912/>) strikes
much of the language in section 7 that some legal teams had objection to… It is likely not everything you want, but I
would suggest taking a fresh look at it as it was substantially reduced specifically to address the most cited customer
concern regarding the legal obligations in the prior version of the RSA/LRSA.

FYI,
/John

John Curran
President and CEO
American Registry for Internet Numbers

Which means that all you'd need is a volunteer group with "street
cred" to set up an RPKI for legacy holders and then convince folks to
use their trust anchor too. Or have I missed something?

Regards,
Bill Herrin

Merit, perhaps ?

But they would need to do a much stricter validation that they
currently have in RADB, which is more like Sledgehammer motto "Trust
me, I know what I'm doing".

Rubens

Hi Rubens,

Last I checked, Merit was -really- expensive for RADB. I don't really
see getting more than about 5 figures total per year out of the legacy
registrants for RPKI, if that much. I think it'd have to be a
volunteer effort or something funded by someone who finds it to their
advantage that the legacy registrants publish RPKI records. Like the
way Letsencrypt is funded.

Regards,
Bill Herrin

Legacy holders are sitting on millions or billions worth of assets.
RADB USD 595 a year is pennies in comparison, and USD 1k or 2k a year
for the RPKI service would still be 1E-10 of the asset value.

Rubens

Hi Rubens,

Well, I'm one of the people who'd publish RPKI records for my /23 if I
had the ability to do so and I definitely would NOT pay merit $595/yr
(let alone $1k or $2k) to gain that ability. YMMV but I'm willing to
bet there's not enough money out there to fund it with direct user
fees and even if there was, the level of participation in the presence
of more than trivial user fees would be too low to be worth the
effort.

Regards,
Bill Herrin

Your /23 is worth only USD 30k, so you are definitely not in a
position to find that affordable.
It seems ARIN LRSA with the current fees and caps would be the best
option, and that option has a time limit.

Rubens