Re: Your Input Needed: Can ROA Replace LOA? ? Short Survey (7 mins)
There is IPV4 exhaustion and many ISPs lease IPV4 space from other entities, such as brokers and other providers. One of the biggest IPv4 lessors is Cogent. By Cogent having legacy IP space from IANA which it inherited when it acquired PSInet, Cogent was not required to sign a contract when RIR ARIN was created. Therefore, Cogent currently does not have and is not member of ARIN. It refuses to sign contract with ARIN and currently Cogent is not bound by this RUD rules and regulations. There is one downfall to not being ARIN member, Cogent cannot currently issue ROAs or RPKIs. They only update RIR in ROADB database for the leased out IP addresses. By implicitly requiring ROA or RPKI for IPv4 space leased from Covent, about 70% of small ISPs that were created after IPv4 space exhaustion, would not be able to route their IPV4 traffic, because currently they lease IPv4 space from Cogent, and as we mentioned, by Cogent refusing to become ARIN member, it cannot issue ROAs or RPKIs, and therefore ISPs using this leased IPV4 space can only use LOAs for validation.
Therefore, Cogent currently does not have and is not member of ARIN. It refuses to sign contract with ARIN and currently Cogent is not bound by this RUD rules and regulations.
There is one downfall to not being ARIN member, Cogent cannot currently issue ROAs or RPKIs. They only update RIR in ROADB database for the leased out IP addresses.
Not entirely accurate. Cogent Communications is already a General Member of ARIN. You can see that for yourself here : https://account.arin.net/public/member-list . *Membership* is not a prerequisite for anything RPKI. ARIN requires an RSA or LRSA in place covering a number resource before they will be the trust anchor for that number resource. In the design of RPKI, this should make logical sense. Many legacy resource holders have their own reasons on why they chose not to sign an LRSA for those resources, so there is a chicken/egg problem here. Cogent can participate in RPKI with any non-legacy resources without a problem, as anything non-legacy is covered by an RSA. On Fri, Nov 17, 2023 at 8:13 AM George Toma <toma@visnetworkrd.com> wrote:
There is IPV4 exhaustion and many ISPs lease IPV4 space from other entities, such as brokers and other providers. One of the biggest IPv4 lessors is Cogent. By Cogent having legacy IP space from IANA which it inherited when it acquired PSInet, Cogent was not required to sign a contract when RIR ARIN was created.
Therefore, Cogent currently does not have and is not member of ARIN. It refuses to sign contract with ARIN and currently Cogent is not bound by this RUD rules and regulations.
There is one downfall to not being ARIN member, Cogent cannot currently issue ROAs or RPKIs. They only update RIR in ROADB database for the leased out IP addresses.
By implicitly requiring ROA or RPKI for IPv4 space leased from Covent, about 70% of small ISPs that were created after IPv4 space exhaustion, would not be able to route their IPV4 traffic, because currently they lease IPv4 space from Cogent, and as we mentioned, by Cogent refusing to become ARIN member, it cannot issue ROAs or RPKIs, and therefore ISPs using this leased IPV4 space can only use LOAs for validation.
On Nov 17, 2023, at 07:02, Tom Beecher <beecher@beecher.cc> wrote:
Therefore, Cogent currently does not have and is not member of ARIN. It refuses to sign contract with ARIN and currently Cogent is not bound by this RUD rules and regulations.
There is one downfall to not being ARIN member, Cogent cannot currently issue ROAs or RPKIs. They only update RIR in ROADB database for the leased out IP addresses.
Not entirely accurate.
Cogent Communications is already a General Member of ARIN. You can see that for yourself here : https://account.arin.net/public/member-list . *Membership* is not a prerequisite for anything RPKI.
Membership is not, but… You can’t have ARIN resources under contract without also getting membership along with them any more, so, effectively, you can’t get RPKI without membership. However, just because you are a member doesn't mean you can get RPKI for all of your resources… Indeed, you can only get RPKI for your resources under ARIN contract.
ARIN requires an RSA or LRSA in place covering a number resource before they will be the trust anchor for that number resource. In the design of RPKI, this should make logical sense. Many legacy resource holders have their own reasons on why they chose not to sign an LRSA for those resources, so there is a chicken/egg problem here.
Interestingly, RIPE-NCC will issue RPKI for non-contracted resources if they have a sponsoring LIR. Generally this means paying 70-100EU/year/resource to some RIPE member (who ends up passing 50EU of that to RIPE as part of their annual fees). LIR Prices vary greatly, so be prepared to negotiate. Or just don’t bother with RPKI, you’re not really missing anything. Owen
participants (3)
-
George Toma -
owen@Delong.com -
Tom Beecher