Partial Use Of one Regions IP Block in another
Hi folks, Are there any policies set by internet registries and/or transit providers today that prohibits organizations from using a Partially used IP Block allocated in one region say AP through APNIC to be comissioned and Propagated in another region such as EMEA serviced by RIPE?. Obv, the best approach would be to acquire a new Block in the 2nd region through its own registry, but sometimes due to strict prvisioning timelines, legal delays in getting the necessary approvals involved etc make this option less attractive. From an IPV4 space depletion perspective as well, it might be feasible if organizations having a large block in one region could split it amongst multiple regions to prevent Wastage. Any thoughts/expereinces and feedback would be appreciated. Regards, -- Sent from my mobile device
From my experience with the provider I have, when I try to acquire IP space to let's say on the RIPE side (Im on the LACNIC side) for reasons like greater visibility (some how). I believe that RIPE requires me to have a company registered on the EMEA side or have my provider place it for me. but i guess when i disengage with that provider, I may need to give back the IP space they have provided me. On Thu, May 20, 2010 at 6:06 AM, Net <funkyfun@gmail.com> wrote:
Hi folks,
Are there any policies set by internet registries and/or transit providers today that prohibits organizations from using a Partially used IP Block allocated in one region say AP through APNIC to be comissioned and Propagated in another region such as EMEA serviced by RIPE?.
Obv, the best approach would be to acquire a new Block in the 2nd region through its own registry, but sometimes due to strict prvisioning timelines, legal delays in getting the necessary approvals involved etc make this option less attractive. From an IPV4 space depletion perspective as well, it might be feasible if organizations having a large block in one region could split it amongst multiple regions to prevent Wastage.
Any thoughts/expereinces and feedback would be appreciated.
Regards,
-- Sent from my mobile device
-- () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments
There is absolutely nothing wrong with an organization getting all of it's IP resources world wide from a single registry if they prefer to do so. There is no policy prohibiting this in any registry. The policies are designed to prevent "registry shopping" by organizations with neither infrastructure nor presence in a region. There is no need, whatsoever to procure multiple address chunks from multiple registries in order to have infrastructure in more than one region. You state "Obv, the best approach...". I don't think so. I think the best approach is whatever allows you to make most efficient use of your address space. Usually this will be from a single RIR rather than a multiple RIR approach. Owen On May 20, 2010, at 5:06 AM, Net wrote:
Hi folks,
Are there any policies set by internet registries and/or transit providers today that prohibits organizations from using a Partially used IP Block allocated in one region say AP through APNIC to be comissioned and Propagated in another region such as EMEA serviced by RIPE?.
Obv, the best approach would be to acquire a new Block in the 2nd region through its own registry, but sometimes due to strict prvisioning timelines, legal delays in getting the necessary approvals involved etc make this option less attractive. From an IPV4 space depletion perspective as well, it might be feasible if organizations having a large block in one region could split it amongst multiple regions to prevent Wastage.
Any thoughts/expereinces and feedback would be appreciated.
Regards,
-- Sent from my mobile device
-----Original Message----- From: Owen DeLong [mailto:owen@delong.com] Sent: Thursday, May 20, 2010 7:37 AM To: Net Cc: nanog@nanog.org Subject: Re: Partial Use Of one Regions IP Block in another
You state "Obv, the best approach...". I don't think so. I think the best approach is whatever allows you to make most efficient use of your address space. Usually this will be from a single RIR rather than a multiple RIR approach.
Owen
The one drawback to that would be people who attempt to do geographical based service provisioning. Say a company based in the US uses part of their block in Europe or APAC. When they do a DNS request for a service address from $GLOBAL_CONTENT_PROVIDER, they end up getting the US service address because the content provider believes the request is coming from the US resulting in poor performance. In other words, if a service relies on connection to other services that try to do geographical affinity, it could lead to a sub-optimal experience. It could also cause problems where the content is different (or possibly prohibited) depending on the geographical location of the requestor which some folks try to determine by source address (but which is actually quite idiotic, in my opinion, because as you see from this thread, an IP address in no way relates to where the person really is, it only relates to where the entity to whom it was issued is located). Been there and experienced issues like that before. It can even be bad when you are given an IP block that might have been used before by someone in another region. George
On May 20, 2010, at 9:14 AM, George Bonser wrote:
-----Original Message----- From: Owen DeLong [mailto:owen@delong.com] Sent: Thursday, May 20, 2010 7:37 AM To: Net Cc: nanog@nanog.org Subject: Re: Partial Use Of one Regions IP Block in another
You state "Obv, the best approach...". I don't think so. I think the best approach is whatever allows you to make most efficient use of your address space. Usually this will be from a single RIR rather than a multiple RIR approach.
Owen
The one drawback to that would be people who attempt to do geographical based service provisioning. Say a company based in the US uses part of their block in Europe or APAC. When they do a DNS request for a service address from $GLOBAL_CONTENT_PROVIDER, they end up getting the US service address because the content provider believes the request is coming from the US resulting in poor performance. In other words, if a service relies on connection to other services that try to do geographical affinity, it could lead to a sub-optimal experience.
I have ZERO sympathy for people who attempt to do this getting wrong answers. There is little correlation between geography and IP addresses. In fact, I know lots of people who consider it a benefit to have ARIN addresses in other parts of the world because it allows them to get to content that isn't allowed to APNIC addresses on the belief that this somehow protects copyright or other issues for content distribution. I find that pretty amusing.
It could also cause problems where the content is different (or possibly prohibited) depending on the geographical location of the requestor which some folks try to determine by source address (but which is actually quite idiotic, in my opinion, because as you see from this thread, an IP address in no way relates to where the person really is, it only relates to where the entity to whom it was issued is located).
Again, ZERO sympathy here. Especially where someone is trying to use source IP as a mechansim for determining who they are willing to distribute their content to.
Been there and experienced issues like that before. It can even be bad when you are given an IP block that might have been used before by someone in another region.
Can be bad when given an IP block that might have been used before by someone in the same region. That's not particularly different. Can be bad if you get space from one of the more recent /8s that has lots of cruft from having been used as pseudo-RFC-1918 space, too. We're scraping the bottom of the barrel for IPv4 space these days. It is what it is, and it's only going to get worse in IPv4. Time to go to IPv6. Owen
-----Original Message----- From: joel jaeggli [mailto:joelja@bogus.com] Sent: Thursday, May 20, 2010 10:05 AM To: Owen DeLong Cc: George Bonser; nanog@nanog.org Subject: Re: Partial Use Of one Regions IP Block in another
On 2010-05-20 09:36, Owen DeLong wrote:
We're scraping the bottom of the barrel for IPv4 space these days. It is what it is, and it's only going to get worse in IPv4. Time to go to IPv6.
in ipv6 we're using our arin /32 in all regions where we appear...
joel
Exactly. So migrating to v6 has no bearing on the conversation. The same "problem" (a problem which some people create themselves by relying on the source IP to determine geographic location) exists with either protocol. There is just no way to tell where the device initiating the conversation is located by looking at the IP and the extent to which you can tell by where the traffic enters your network depends on the temperature of the potato as perceived by the network downstream from you. Did they haul it across an ocean before handing it to you? Geographical location by IP address is just plain nuts, but people will find a way to sell anything, I suppose. George
Thanks to all who replied and provided valuable input. Much appreciated Regards, On 5/20/10, George Bonser <gbonser@seven.com> wrote:
-----Original Message----- From: joel jaeggli [mailto:joelja@bogus.com] Sent: Thursday, May 20, 2010 10:05 AM To: Owen DeLong Cc: George Bonser; nanog@nanog.org Subject: Re: Partial Use Of one Regions IP Block in another
On 2010-05-20 09:36, Owen DeLong wrote:
We're scraping the bottom of the barrel for IPv4 space these days. It is what it is, and it's only going to get worse in IPv4. Time to go to IPv6.
in ipv6 we're using our arin /32 in all regions where we appear...
joel
Exactly. So migrating to v6 has no bearing on the conversation. The same "problem" (a problem which some people create themselves by relying on the source IP to determine geographic location) exists with either protocol. There is just no way to tell where the device initiating the conversation is located by looking at the IP and the extent to which you can tell by where the traffic enters your network depends on the temperature of the potato as perceived by the network downstream from you. Did they haul it across an ocean before handing it to you?
Geographical location by IP address is just plain nuts, but people will find a way to sell anything, I suppose.
George
-- Sent from my mobile device
Some pseudo random thoughts and questions? (my BGP is rusty.) 1. Does it violate your AUP with APNIC? 2. If the larger routing prefix is from APNIC will your upstream in the EMEA region filter or black hole the sub prefix since it is from APNIC and not RIPE and would appear to be a hijacked block? (In my experience in some European countries "rules" are more strictly enforced than in other areas of the globe. I will spare you the American, Russian and French standards organization joke.) 3. It would appear that again since it is in an APNIC sub-prefix would you need to "carry" the packets from a PoP in APNIC region to your facility in the EMEA assuming the sub prefix is not large enough to be propagated in normal BPG updates? 4. And if the bits did get through for a period of time would the transit provider determine that they did not want to carry them any more and add filtering at any random point in time? These questions assume that you do not have a single transit provider that covers both of your locations in the two different regions and can "custom route" the packets. John (ISDN) Lee ________________________________________ From: Net [funkyfun@gmail.com] Sent: Thursday, May 20, 2010 8:06 AM To: nanog@nanog.org Subject: Partial Use Of one Regions IP Block in another Hi folks, Are there any policies set by internet registries and/or transit providers today that prohibits organizations from using a Partially used IP Block allocated in one region say AP through APNIC to be comissioned and Propagated in another region such as EMEA serviced by RIPE?. Obv, the best approach would be to acquire a new Block in the 2nd region through its own registry, but sometimes due to strict prvisioning timelines, legal delays in getting the necessary approvals involved etc make this option less attractive. From an IPV4 space depletion perspective as well, it might be feasible if organizations having a large block in one region could split it amongst multiple regions to prevent Wastage. Any thoughts/expereinces and feedback would be appreciated. Regards, -- Sent from my mobile device
On May 20, 2010, at 9:13 PM, John Lee wrote:
Some pseudo random thoughts and questions? (my BGP is rusty.)
1. Does it violate your AUP with APNIC?
Not if he has infrastructure in the remote location and infrastructure and/or HQ in APNIC region.
2. If the larger routing prefix is from APNIC will your upstream in the EMEA region filter or black hole the sub prefix since it is from APNIC and not RIPE and would appear to be a hijacked block? (In my experience in some European countries "rules" are more strictly enforced than in other areas of the globe. I will spare you the American, Russian and French standards organization joke.)
LoL... In my experience, the guys that are getting money from you will route what you want routed unless they have reason to believe you are not legitimately entitled to route it.
3. It would appear that again since it is in an APNIC sub-prefix would you need to "carry" the packets from a PoP in APNIC region to your facility in the EMEA assuming the sub prefix is not large enough to be propagated in normal BPG updates?
If that is true, yes. i was assuming that he was using a sub-prefix length <=/24 for EMEA region. If he's trying to run a /25 or longer, then, life will indeed suck, but, not because of the RIR issues, because of the long-prefix problem.
4. And if the bits did get through for a period of time would the transit provider determine that they did not want to carry them any more and add filtering at any random point in time?
Unlikely if it's a legitimate route. It wouldn't appear any less legitimate than any other route and there are many inter-regional routes advertised just like this already that work just fine.
These questions assume that you do not have a single transit provider that covers both of your locations in the two different regions and can "custom route" the packets.
LoL Owen
John (ISDN) Lee ________________________________________ From: Net [funkyfun@gmail.com] Sent: Thursday, May 20, 2010 8:06 AM To: nanog@nanog.org Subject: Partial Use Of one Regions IP Block in another
Hi folks,
Are there any policies set by internet registries and/or transit providers today that prohibits organizations from using a Partially used IP Block allocated in one region say AP through APNIC to be comissioned and Propagated in another region such as EMEA serviced by RIPE?.
Obv, the best approach would be to acquire a new Block in the 2nd region through its own registry, but sometimes due to strict prvisioning timelines, legal delays in getting the necessary approvals involved etc make this option less attractive. From an IPV4 space depletion perspective as well, it might be feasible if organizations having a large block in one region could split it amongst multiple regions to prevent Wastage.
Any thoughts/expereinces and feedback would be appreciated.
Regards,
-- Sent from my mobile device
On Thu, 20 May 2010, Owen DeLong wrote:
LoL... In my experience, the guys that are getting money from you will route what you want routed unless they have reason to believe you are not legitimately entitled to route it.
Like spammers buying IPs from RIPE region LIRs such as jump.ro, and then announcing those IPs only in the North American data centers where they're buying server hosting? ---------------------------------------------------------------------- Jon Lewis | I route Senior Network Engineer | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
On 20 May 2010, at 13:06, Net wrote:
Are there any policies set by internet registries and/or transit providers today that prohibits organizations from using a Partially used IP Block allocated in one region say AP through APNIC to be comissioned and Propagated in another region such as EMEA serviced by RIPE?.
In some circumstances, deaggregation of your rir-assigned prefix might lead to partial reachability (some networks filter on rir minimum assignment sizes - not a problem in itself, but some unclever networks exist, that don't additionally take a default). Whatever you announce, make sure it's irr registered too, for the networks who transit or peer with you, who automatically build pfx filters. Happy weekend, Andy
participants (8)
-
Andy Davidson
-
Beavis
-
George Bonser
-
joel jaeggli
-
John Lee
-
Jon Lewis
-
Net
-
Owen DeLong