Advantages and disadvantages of legacy assets
Greetings! Let's say you inherit legacy assets (ASN & IPv4 netblock), what are the first advantages that come to mind (beside not having to pay annual fees). Any disadvantages? The ones I can think of is the lack of RIR routing security services (in the ARIN region at least). No IRR, no RPKI at all. Eric
You can get IRR from RADB or AltDB. Rubens Em seg., 20 de nov. de 2023, 16:00, Eric Dugas via NANOG <nanog@nanog.org> escreveu:
Greetings!
Let's say you inherit legacy assets (ASN & IPv4 netblock), what are the first advantages that come to mind (beside not having to pay annual fees).
Any disadvantages? The ones I can think of is the lack of RIR routing security services (in the ARIN region at least). No IRR, no RPKI at all.
Eric
On Mon, 20 Nov 2023 at 20:08, Rubens Kuhl <rubensk@gmail.com> wrote:
You can get IRR from RADB or AltDB.
Which is not going to be useful forever ... see [1]:
Please note that 'route' and 'route6' objects created after 2023-Aug-15 in non-authoritative registries like RADB, NTTCOM, ALTDB won't be processed.
The only advantage is not being subject to an RIR contract and not paying annual fees. Especially with the fee structure games ARIN has been playing over the last decade or so. I made the mistake of bringing my legacy resources under ARIN LRSA contract once upon a time. I ended up transferring them to RIPE Non-Contract in order to get out from under that arrangement. While you can’t get RPKI without paying annual fees, you can get IRR services, just not from ARIN. You can use altdb as an IRR for free with legacy space without any issues at all. It’s unlikely that lack of RPKI will be a significant drawback for the foreseeable future. Worst case, if need arises, transfer your space to RIPE and make arrangements with a RIPE LIR to “sponsor” your prefixes. This is usually around 70+EU per year to the sponsoring LIR. Prices vary greatly, so be prepared to negotiate. Owen
On Nov 20, 2023, at 10:59, Eric Dugas via NANOG <nanog@nanog.org> wrote:
Greetings!
Let's say you inherit legacy assets (ASN & IPv4 netblock), what are the first advantages that come to mind (beside not having to pay annual fees).
Any disadvantages? The ones I can think of is the lack of RIR routing security services (in the ARIN region at least). No IRR, no RPKI at all.
Eric
How so? What do you lose (that matters) by not having RPKI? Owen
On Nov 21, 2023, at 06:40, Eric Dugas <edugas@unknowndevice.ca> wrote:
On Mon, Nov 20, 2023 at 3:25 PM owen@Delong.com <owen@delong.com <mailto:owen@delong.com>> wrote:
It’s unlikely that lack of RPKI will be a significant drawback for the foreseeable future.
It is actually. The older Orgs I manage all have RIR-based IRR and RPKI.
Thanks all for the answers
It’s recently come to my attention that I must stand partially corrected in what I said below. Apparently, Tata is rejecting routes that have neither RPKI nor an RIR-based IRR record created after 1993. This means that virtually all legacy holders who change IRRs or make any of a number of other possible updates to their IRR data will be unreachable to single-homed Tata customers (and unable to reach them). This unfortunate choice by Tata is likely to become a trend in the future, but I figured it would be several more years before that happened. In fact, I was hoping it wouldn’t really take shape in a meaningful way until IPv4 lost its relevance. Unfortunately, Tata has decided to take the lead in disconnecting legacy prefix holders and pushing the RIR contract agenda. Owen
On Nov 20, 2023, at 12:25, owen--- via NANOG <nanog@nanog.org> wrote:
The only advantage is not being subject to an RIR contract and not paying annual fees. Especially with the fee structure games ARIN has been playing over the last decade or so.
I made the mistake of bringing my legacy resources under ARIN LRSA contract once upon a time. I ended up transferring them to RIPE Non-Contract in order to get out from under that arrangement.
While you can’t get RPKI without paying annual fees, you can get IRR services, just not from ARIN.
You can use altdb as an IRR for free with legacy space without any issues at all.
It’s unlikely that lack of RPKI will be a significant drawback for the foreseeable future.
Worst case, if need arises, transfer your space to RIPE and make arrangements with a RIPE LIR to “sponsor” your prefixes. This is usually around 70+EU per year to the sponsoring LIR. Prices vary greatly, so be prepared to negotiate.
Owen
On Nov 20, 2023, at 10:59, Eric Dugas via NANOG <nanog@nanog.org> wrote:
Greetings!
Let's say you inherit legacy assets (ASN & IPv4 netblock), what are the first advantages that come to mind (beside not having to pay annual fees).
Any disadvantages? The ones I can think of is the lack of RIR routing security services (in the ARIN region at least). No IRR, no RPKI at all.
Eric
Small correction inline:
On Nov 22, 2023, at 11:16, owen@Delong.com <owen@delong.com> wrote:
It’s recently come to my attention that I must stand partially corrected in what I said below.
Apparently, Tata is rejecting routes that have neither RPKI nor an RIR-based IRR record created after 1993.
The actual date is 2023-08-15. https://lg.as6453.net/doc/cust-routing-policy.html
This means that virtually all legacy holders who change IRRs or make any of a number of other possible updates to their IRR data will be unreachable to single-homed Tata customers (and unable to reach them).
This unfortunate choice by Tata is likely to become a trend in the future, but I figured it would be several more years before that happened. In fact, I was hoping it wouldn’t really take shape in a meaningful way until IPv4 lost its relevance.
Unfortunately, Tata has decided to take the lead in disconnecting legacy prefix holders and pushing the RIR contract agenda.
Owen
On Nov 20, 2023, at 12:25, owen--- via NANOG <nanog@nanog.org> wrote:
The only advantage is not being subject to an RIR contract and not paying annual fees. Especially with the fee structure games ARIN has been playing over the last decade or so.
I made the mistake of bringing my legacy resources under ARIN LRSA contract once upon a time. I ended up transferring them to RIPE Non-Contract in order to get out from under that arrangement.
While you can’t get RPKI without paying annual fees, you can get IRR services, just not from ARIN.
You can use altdb as an IRR for free with legacy space without any issues at all.
It’s unlikely that lack of RPKI will be a significant drawback for the foreseeable future.
Worst case, if need arises, transfer your space to RIPE and make arrangements with a RIPE LIR to “sponsor” your prefixes. This is usually around 70+EU per year to the sponsoring LIR. Prices vary greatly, so be prepared to negotiate.
Owen
On Nov 20, 2023, at 10:59, Eric Dugas via NANOG <nanog@nanog.org> wrote:
Greetings!
Let's say you inherit legacy assets (ASN & IPv4 netblock), what are the first advantages that come to mind (beside not having to pay annual fees).
Any disadvantages? The ones I can think of is the lack of RIR routing security services (in the ARIN region at least). No IRR, no RPKI at all.
Eric
On Mon, Nov 20, 2023 at 10:59 AM Eric Dugas via NANOG <nanog@nanog.org> wrote:
Let's say you inherit legacy assets (ASN & IPv4 netblock), what are the first advantages that come to mind (beside not having to pay annual fees).
Any disadvantages? The ones I can think of is the lack of RIR routing security services (in the ARIN region at least). No IRR, no RPKI at all.
Hi Eric, Disadvantages: Expensive IRR. No RPKI. No vote in ARIN elections. No legal clarity regarding the status of your resources. Advantages: Free. No legal clarity regarding the status of your resources. I listed legal clarity as both an advantage and disadvantage. When you sign the ARIN registration services agreement (RSA) you get legal clarity: you are bound by the Number Resource Policy Manual (NRPM) which is subject to change with the approval of the ARIN Board of Trustees which usually follows but is not required to follow a fungible community consensus process. Don't like a change? Too bad. You can deal with it or you can cancel your ARIN contract. If you cancel your contract ARIN reclaims the IP addresses and you have no legal recourse whatsoever. Not that ARIN would ever behave badly. They're good people who earnestly endeavor to do right by the community. But if that changes tomorrow, you'll have no recourse. Skip signing and you have whatever common law rights you have to the IP addresses. Whatever those are. When InterNIC, acting as an agent of the U.S. Government, granted the addresses decades ago, they didn't spend a lot of (or really any) words on the question of legal rights. It hasn't been well tested in court. ARIN claims that the NRPM applies to you anyway, but as a matter of history no provision of the NRPM has ever been adversely applied to the legitimate holder of a then-legacy resource. Not even once. The legal foundation for a claim that it can be is weak at best. The legal risk to ARIN, should it ever attempt to do so, is not trivial. In a nutshell, you can either have a lack of clarity as to your rights or you can clearly have no rights. Regards, Bill Herrin -- William Herrin bill@herrin.us https://bill.herrin.us/
On Nov 21, 2023, at 01:38, William Herrin <bill@herrin.us> wrote:
On Mon, Nov 20, 2023 at 10:59 AM Eric Dugas via NANOG <nanog@nanog.org> wrote:
Let's say you inherit legacy assets (ASN & IPv4 netblock), what are the first advantages that come to mind (beside not having to pay annual fees).
Any disadvantages? The ones I can think of is the lack of RIR routing security services (in the ARIN region at least). No IRR, no RPKI at all.
Hi Eric,
Disadvantages: Expensive IRR. No RPKI. No vote in ARIN elections. No legal clarity regarding the status of your resources.
Expensive IRR? ALTDB is free? Owen
On Wed, Nov 22, 2023 at 11:22 AM owen@Delong.com <owen@delong.com> wrote:
On Nov 21, 2023, at 01:38, William Herrin <bill@herrin.us> wrote: Disadvantages: Expensive IRR. No RPKI. No vote in ARIN elections. No legal clarity regarding the status of your resources.
Expensive IRR? ALTDB is free?
I don't know anything about ALTDB. RADB is pricey. On Wed, Nov 22, 2023 at 11:16 AM owen--- via NANOG <nanog@nanog.org> wrote:
Apparently, Tata is rejecting routes that have neither RPKI nor an RIR-based IRR record created after 1993.
Are you sure? The way I read it, that policy applies to -customer- announced routes, not broad Internet routes received from peers and transit. It still seems unwise, but not entirely insane. Regards, Bill Herrin -- William Herrin bill@herrin.us https://bill.herrin.us/
I’ve been using AltDB for years. Works great and is indeed, free. The fine folks at FCIX have taken over the project and manage it now. Lots of good documentstion out there for it as well. -Mike
On Nov 22, 2023, at 12:15, William Herrin <bill@herrin.us> wrote:
On Wed, Nov 22, 2023 at 11:22 AM owen@Delong.com <owen@delong.com> wrote:
On Nov 21, 2023, at 01:38, William Herrin <bill@herrin.us> wrote: Disadvantages: Expensive IRR. No RPKI. No vote in ARIN elections. No legal clarity regarding the status of your resources.
Expensive IRR? ALTDB is free?
I don't know anything about ALTDB. RADB is pricey.
On Wed, Nov 22, 2023 at 11:16 AM owen--- via NANOG <nanog@nanog.org> wrote: Apparently, Tata is rejecting routes that have neither RPKI nor an RIR-based IRR record created after 1993.
Are you sure? The way I read it, that policy applies to -customer- announced routes, not broad Internet routes received from peers and transit.
It still seems unwise, but not entirely insane.
Regards, Bill Herrin
-- William Herrin bill@herrin.us https://bill.herrin.us/
On Nov 22, 2023, at 12:13, William Herrin <bill@herrin.us> wrote:
On Wed, Nov 22, 2023 at 11:22 AM owen@Delong.com <owen@delong.com> wrote:
On Nov 21, 2023, at 01:38, William Herrin <bill@herrin.us> wrote: Disadvantages: Expensive IRR. No RPKI. No vote in ARIN elections. No legal clarity regarding the status of your resources.
Expensive IRR? ALTDB is free?
I don't know anything about ALTDB. RADB is pricey.
RADB is one of MANY alternatives. ALTDB has been pretty reliable and useful to me and costs $0. YMMV.
On Wed, Nov 22, 2023 at 11:16 AM owen--- via NANOG <nanog@nanog.org> wrote:
Apparently, Tata is rejecting routes that have neither RPKI nor an RIR-based IRR record created after 1993.
Are you sure? The way I read it, that policy applies to -customer- announced routes, not broad Internet routes received from peers and transit.
It’s not entirely clear what Tata’s policy on peer-received routes is, but it’s not at all unlikely that the vast majority of systems are reaching Tata via indirect transit.
It still seems unwise, but not entirely insane.
My word was obnoxious, but yeah. Owen
Are you sure? The way I read it, that policy applies to -customer- announced routes, not broad Internet routes received from peers and transit.
You are reading it correctly. On Wed, Nov 22, 2023 at 3:15 PM William Herrin <bill@herrin.us> wrote:
On Wed, Nov 22, 2023 at 11:22 AM owen@Delong.com <owen@delong.com> wrote:
On Nov 21, 2023, at 01:38, William Herrin <bill@herrin.us> wrote: Disadvantages: Expensive IRR. No RPKI. No vote in ARIN elections. No legal clarity regarding the status of your resources.
Expensive IRR? ALTDB is free?
I don't know anything about ALTDB. RADB is pricey.
On Wed, Nov 22, 2023 at 11:16 AM owen--- via NANOG <nanog@nanog.org> wrote:
Apparently, Tata is rejecting routes that have neither RPKI nor an RIR-based IRR record created after 1993.
Are you sure? The way I read it, that policy applies to -customer- announced routes, not broad Internet routes received from peers and transit.
It still seems unwise, but not entirely insane.
Regards, Bill Herrin
-- William Herrin bill@herrin.us https://bill.herrin.us/
On Wed, Nov 22, 2023 at 8:14 PM William Herrin <bill@herrin.us> wrote:
It still seems unwise, but not entirely insane.
I would expect that at some point in the future that many/all of the major players will require RIR validated routing information, and whether that is due to regulation or best practices for which the majors will not want to become liable for ignoring (and "think of the children") is hard to know. In the end I suspect we are likely just trying to discern when that date will be, not the eventual end result ("not today" is not, really, a valid target goal).
Gary - It is unclear if/when such an outcome will occur, but the potential of such an endstate highlights the importance of being involved in governance activities of one (or more) of the community-based RIR organizations – as a preparatory measure should such a change occur in the future. Note that there is a near-universal expectation of governments that forbearance of public regulation (due to industry self-regulation) is only warranted when the private alternative covers all of those engaged in similar business, so your expressed trajectory has a sound basis. Best wishes (& Happy Holidays!), /John John Curran President and CEO American Registry for Internet Numbers On Nov 22, 2023, at 10:02 PM, Gary Buhrmaster <gary.buhrmaster@gmail.com> wrote: On Wed, Nov 22, 2023 at 8:14 PM William Herrin <bill@herrin.us> wrote: It still seems unwise, but not entirely insane. I would expect that at some point in the future that many/all of the major players will require RIR validated routing information, and whether that is due to regulation or best practices for which the majors will not want to become liable for ignoring (and "think of the children") is hard to know. In the end I suspect we are likely just trying to discern when that date will be, not the eventual end result ("not today" is not, really, a valid target goal).
participants (9)
-
Eric Dugas -
Gary Buhrmaster -
John Curran -
Lukas Tribus -
Mike Lyon -
owen@Delong.com -
Rubens Kuhl -
Tom Beecher -
William Herrin