ARIN explicitly does not guarantee routability of prefixes it assigns.
If
service providers choose to filter ARIN allocations, then that is an
operational decision. I really don't see what action you expect ARIN to
take along these lines.
Clearly you haven't been following the ppml mailing list. As I have
already suggested on that list, ARIN could publish an authoritative
directory of all unallocated IP address space at the largest aggregate
level in a form that makes it easy for network operators to incorporate
into their martian filters.
Fast forward to the time when everyone gets their filters directly or
indirectly hooked up to the RIR's authoritative directory and this problem
goes away. Yes, ARIN cannot directly make the problem go away but ARIN
definitely can take action that will lead to a solution of the problem of
martian filters.
The only thing ARIN would have to guarantee is that their directory is
authoritative, complete and updated at least once every 24 hours. The base
directory could be published in LDAP form with a BGP version for people
who find it easier to work with this.
And no, I'm not suggested that anyone connect their productions routers
directly to an ARIN BGP feed. Smaller network operators will probably find
such a direct BGP feed to be convenient but I expect all the larger
network operators to use the BGP feed as a way of monitoring for changes
which would be reviewed by some clueful operator before building the
filters. That should not be a problem assuming that ARIN issues addresses
every weekday.
--Michael Dillon
Clearly you haven't been following the ppml mailing list. As I have
already suggested on that list, ARIN could publish an authoritative
directory of all unallocated IP address space at the largest aggregate
level in a form that makes it easy for network operators to incorporate
into their martian filters.
I have been following it quite closely, actually.
Why would ARIN specifically provide such a list? ARIN is not responsible for the unallocated space, and there is more in the world than just ARIN. There are liability issues with that, not to mention the fact that it is more an IANA function (if for the sake of argument someone would implement the list).
And no, I'm not suggested that anyone connect their productions routers
directly to an ARIN BGP feed. Smaller network operators will probably
find such a direct BGP feed to be convenient but I expect all the larger
network operators to use the BGP feed as a way of monitoring for changes
which would be reviewed by some clueful operator before building the
filters. That should not be a problem assuming that ARIN issues addresses
every weekday.
I guess monitoring NANOG or some other mailing list for announcements is somehow a lot more work. Oh well.
Alec
In a message written on Mon, Dec 09, 2002 at 07:29:58AM -0700, Alec H. Peterson wrote:
Why would ARIN specifically provide such a list? ARIN is not responsible
for the unallocated space, and there is more in the world than just ARIN.
There are liability issues with that, not to mention the fact that it is
more an IANA function (if for the sake of argument someone would implement
the list).
The problem here is that ARIN (and the other registries) are the
ones who can contact the users.
When these things change all ISP's need to be notified. As much
as many people on this list think that every ISP in the world reads
Nanog it just isn't so. Who has a list of ISP's? Well, depending
on your view of things I think a good argument can be made that
it's either the list of everyone with an ASN (my preference, since
those are the people who's route filtering matters), or everyone
with IPv4 space allocated to them.
The only entity with either of those lists is the registries, ARIN,
RIPE, APNIC and soforth. If the offical notice needs to come from
IANA that's fine, but it needs to go out to the list of members of
the registries. IMHO it is there job to make sure IANA has a way to
send those sorts of messages.
But Michael is not talking about the registries _contacting_ people with a message about changes in unallocated blocks, he's talking about one specific regional registry providing a list of all unallocated space (that still 'belongs' to IANA/ICANN).
The registries already provide notification about new allocations they receive, though not to individual users.
Alec
In a message written on Mon, Dec 09, 2002 at 07:58:29AM -0700, Alec H. Peterson wrote:
But Michael is not talking about the registries _contacting_ people with a
message about changes in unallocated blocks, he's talking about one
specific regional registry providing a list of all unallocated space (that
still 'belongs' to IANA/ICANN).
Right. Suggest a way IANA could reasonably notify all the users.
I personally don't see one. So, responsible or not, they have no
good way to notify people. The registries have a way to notify
people.
I'm sure these two groups can work together. Maybe ARIN, APNIC,
and RIPE can get IANA mail their user mailing lists. Maybe IANA
authorizes one (or all) of them to publish a list. That's up to
them to work out.
Point is, end users don't deal with IANA. They deal with the
registries and for those in North America (this is nanog, isn't
it) ARIN is it. As the communities desigated represenative to
interface with IANA, I feel it is ARIN's duty to collect and
distribute information from IANA.
That is a good point, but you are talking about a periodic notification when new blocks are allocated. Michael is talking about an automated feed of all unallocated blocks. If we were to invert this and say that ARIN will provide a list of all blocks that are allocated to it, then that might be worth doing. Then each RIR could provide its own list and we don't run into the issues of a registry listing objects that it does not control.
However, I get back to my original question. For people who insist on filtering unallocated address space, is it too much to ask that they either subscribe to NANOG, or potentially subscribe to an RIR-specific announce-only mailing list for such things? It seems really silly to me for the registries to spew a mailing to their entire contact database just to reach a handful of people who actually do route filtering.
It does seem to me that this problem should have a really simple solution.
Alec
So here's a question for people. For those who filter, what about the real-time feed that people want from the RIRs is different from this:
lynx -dump http://www.iana.org/assignments/ipv4-address-space | grep "IANA - Reserved"
?
Alec
Date: Mon, 9 Dec 2002 10:04:52 -0500
From: Leo Bicknell
Right. Suggest a way IANA could reasonably notify all the
users. I personally don't see one. So, responsible or not,
they have no good way to notify people. The registries have
a way to notify people.
Correct. Then the issue is whether or not people respond. I
like Jeff Wheeler's post... people who don't update their filters
lose GTLD (and root?) nameserver service.
And, again, while we're at it -- let's let the NSen in question
end in .0 and .255 to help rid the Net of broken "smurf filters".
Point is, end users don't deal with IANA. They deal with the
registries and for those in North America (this is nanog,
isn't it) ARIN is it. As the communities desigated
represenative to interface with IANA, I feel it is ARIN's
duty to collect and distribute information from IANA.
Give Rob Thomas official authority, a paycheck, and the necessary
bandwidth. 
Eddy
Hi, Eddy.
] Give Rob Thomas official authority, a paycheck, and the necessary
] bandwidth.
Hehe! I'll second that! 
No one would support it, though, once they
saw my lousy code.
Thanks,
Rob.
It beats lousy closed-source software.
## On 2002-12-09 20:19 -0600 Rob Thomas typed:
Hi, Eddy.
] Give Rob Thomas official authority, a paycheck, and the necessary
] bandwidth.
Hehe! I'll second that! No one would support it, though, once they
saw my lousy code.
Hi Rob
1) I'd take your "lousy" >>>working<<< over "clean"
bug riddled code any day ...
(and who says that "closed source" code isn't built from lousy source anyway?)
2) Would you _really_ want official authority ?
Hi, Rafi.
] 1) I'd take your "lousy" >>>working<<< over "clean" ...
Thanks.
] 2) Would you _really_ want official authority ?
No, not really. The way I look at it, I'm filling a niche until such
time as the official authorities take on the task. That might be two
days, or two decades. I'm willing and happy to do it until that day
comes.
Thanks,
Rob.