John et al, I have read many of your articles about the need to migrate to IPv6 and how failure to do so will impact business continuity sometime in the next 1 - 3 years. I've pressed our vendors to support IPv6 (note: keep in mind we're a DDoS mitigation firm, our needs extend beyond routers and switches) and found that it's a chicken and egg situation. Vendors are neglecting to support IPv6 because there is "no demand." I've pointed out your articles and demanded IPv6 support, some are promising results in the next several months. We will see. Meanwhile, there are hosting companies, dedicated server companies, etc. with /17 and /18 allocations who are either forging justification or wildly abusing the use of that space outside of the declared need. I know of at least a couple of companies roughly the same size as my own that fit this category. I'm actually a customer of one company that will sell a /24 without substantial justification (eg. just write "SSL web sites" in a block on the order form and you're good). Meanwhile, we have used a /21 since 2006 and to this day have not requested additional space. Instead we make more efficient use of space and avoid selling them in bulk to dedicated server customers or charge substantially for the space and let economics do the work for us. A disgusting number of companies are involved in: - Black hat SEO ("I need 2000 IP's from at least 20 different Class C's.","No","Why not, companies A, B, and C are offering this for $X") - IRC virtual host abuse ("My customers want 2 x Class C per shell server for their bots and vhosts","No","OK fine, we'll buy one from Company X for $Y") ARIN needs to investigate these companies and start reclaiming space. Pose as a customer, see if they'll sell you a /24 or shorter on a dedicated server for some arbitrary reason, and if so they're busted.
From there launch a full investigation and start reclaiming space.
The other day I had a customer asking if he could buy a /16 for some ungodly reason. Best regards, Jeff On Sat, Aug 14, 2010 at 4:08 AM, John Curran <jcurran@arin.net> wrote:
On Aug 13, 2010, at 6:03 PM, Ken Chase wrote:
I don't know what to suggest, but perhaps a more binding set of policies for ARIN members to engage in policing/responding to shutdown requests on the community's behalf and some penalties for not upholding agreements is in order.
Ken -
Be careful what you ask for... There is a fairly significant difference between ARIN administering number resources (as a trade association based on a body of openly-developed policy) and parties deciding not to engage in business with suppliers or customers except under certain conditions. Some countries prohibit discussions of collective business actions of any form, unless the government is involved to insure that the public interest is protected.
As Vadim noted, you can certainly bilaterally negotiate with another ISP regarding the nature of the routes/IP addresses/traffic that you exchange, but you might want to seek counsel before trying such on a collective basis...
/John
John Curran President and CEO ARIN
-- Jeffrey Lyon, Leadership Team jeffrey.lyon@blacklotus.net | http://www.blacklotus.net Black Lotus Communications of The IRC Company, Inc. Follow us on Twitter at http://twitter.com/ddosprotection to find out about news, promotions, and (gasp!) system outages which are updated in real time. Platinum sponsor of HostingCon 2010. Come to Austin, TX on July 19 - 21 to find out how to "protect your booty."