On Mon, 12 February 2001, John Fraizer wrote:
Any time a network is caught announcing non-allocated address space, the registry should bill them accordingly. If they refuse to pay, the registry should yank their ASN. That would be strong encouragement to do the right thing.
Other than making it difficult for people to figure out WHOIS using that ASN, "yanking" an ASN's registration has little practical effect. You can use an un-allocated ASN almost as easily as using an un-allocated address block.
At 22:56 12/02/2001 -0800, Sean Donelan wrote:
On Mon, 12 February 2001, John Fraizer wrote:
Any time a network is caught announcing non-allocated address space, the registry should bill them accordingly. If they refuse to pay, the registry should yank their ASN. That would be strong encouragement to do the right thing.
Other than making it difficult for people to figure out WHOIS using that ASN, "yanking" an ASN's registration has little practical effect. You can use an un-allocated ASN almost as easily as using an un-allocated address block.
And announcing both unallocated address space and unallocated AS space will mean an entry in my little summary which I send out every week to RIPE NCC, ARIN and APNIC mailing lists... I've see these: Network Origin AS Description 39.96.40.224/30 14408 iCAIR 50.198.0.0/16 2548 Digital Express Group, Inc. 91.16.23.0/24 11770 Net56 103.22.7.0/24 9768 PubNet (Korea Telecom) And the large amount of private and unallocated ASes has already been mentioned on the list this week... Someone is watching, it's another issue what to do about it, if anything can be done at all... philip --
At 21:53 15/02/01 +1000, Philip Smith wrote:
At 22:56 12/02/2001 -0800, Sean Donelan wrote:
On Mon, 12 February 2001, John Fraizer wrote:
Any time a network is caught announcing non-allocated address space, the registry should bill them accordingly. If they refuse to pay, the registry should yank their ASN. That would be strong encouragement to do the right thing.
Other than making it difficult for people to figure out WHOIS using that ASN, "yanking" an ASN's registration has little practical effect. You can use an un-allocated ASN almost as easily as using an un-allocated address block.
And announcing both unallocated address space and unallocated AS space will mean an entry in my little summary which I send out every week to RIPE NCC, ARIN and APNIC mailing lists...
I've see these:
Network Origin AS Description 39.96.40.224/30 14408 iCAIR 50.198.0.0/16 2548 Digital Express Group, Inc. 91.16.23.0/24 11770 Net56 103.22.7.0/24 9768 PubNet (Korea Telecom)
And the large amount of private and unallocated ASes has already been mentioned on the list this week...
Someone is watching, it's another issue what to do about it, if anything can be done at all...
Has RIPE/ARIN/APNIC responded yet? I can hound RIPE as well if you want. -Hnak
philip --
At 22:56 12/02/01 -0800, Sean Donelan wrote:
On Mon, 12 February 2001, John Fraizer wrote:
Any time a network is caught announcing non-allocated address space, the registry should bill them accordingly. If they refuse to pay, the registry should yank their ASN. That would be strong encouragement to do the right thing.
Other than making it difficult for people to figure out WHOIS using that ASN, "yanking" an ASN's registration has little practical effect. You can use an un-allocated ASN almost as easily as using an un-allocated address block.
The registries, ARIN/RIPE/APNIC should announce the offending block themselves and shunt it to null0. If the offender announces a /18 then they should announce theirs as 2x/19s and thereby override the bogus /18. I don't think the problem is so huge that a few dozen extra prefixes announced by the registries will bloat and kill the routing table size. If the registries don't do this, these cybersquatters will come thru later on and demand to keep the IP address space they have grabbed just as the .sex, and .web and all the other alternate DNSers have done. -Hank
The registries, ARIN/RIPE/APNIC should announce the offending block themselves and shunt it to null0. If the offender announces a /18 then they should announce theirs as 2x/19s and thereby override the bogus /18.
While a novel idea, I believe it is particularly dangerous to have an allocation registry strictly control operational use. A separation of power between the allocation and the dynamic-real-time use of address space is beneficial for many reasons. Historically, this separation of power has been maintained. For example, Sprint/smd's draconian filtering and aggregation policies were synergistic with address allocation policies, however, allocation rules were based upon different enforcement methods. Allocation registries allocate 'temporary ownership' of address space, without any respect for routability of address space. Allow the ISPs to police themselves, perhaps with assistance from ARIN/RIPE/APNIC. If they choose not to police themselves, that is their prerogative. I would support an available list of routes or BGP feed of allocated v. unallocated space, which ISPs could subscribe to so as to self-police proper address usage. In fact, it's unclear to me how ARIN could affect the routing of others, without dictating that ISPs respect their announcements. And I certainly would not want that. All in all, this proposal is flawed for many reasons. The goal of keeping the internet from splintering and properly using allocated space is a good one. This proposal is not the right way to help achieve that goal. -alan Thus spake Hank Nussbacher (hank@att.net.il) on or about Thu, Feb 15, 2001 at 07:31:52PM +0200:
At 22:56 12/02/01 -0800, Sean Donelan wrote:
On Mon, 12 February 2001, John Fraizer wrote:
Any time a network is caught announcing non-allocated address space, the registry should bill them accordingly. If they refuse to pay, the registry should yank their ASN. That would be strong encouragement to do the right thing.
Other than making it difficult for people to figure out WHOIS using that ASN, "yanking" an ASN's registration has little practical effect. You can use an un-allocated ASN almost as easily as using an un-allocated address block.
The registries, ARIN/RIPE/APNIC should announce the offending block themselves and shunt it to null0. If the offender announces a /18 then they should announce theirs as 2x/19s and thereby override the bogus /18.
I don't think the problem is so huge that a few dozen extra prefixes announced by the registries will bloat and kill the routing table size. If the registries don't do this, these cybersquatters will come thru later on and demand to keep the IP address space they have grabbed just as the .sex, and .web and all the other alternate DNSers have done.
-Hank
At 10:58 15/02/01 -0800, Alan Hannan wrote:
The registries, ARIN/RIPE/APNIC should announce the offending block themselves and shunt it to null0. If the offender announces a /18 then they should announce theirs as 2x/19s and thereby override the bogus /18.
While a novel idea, I believe it is particularly dangerous to have an allocation registry strictly control operational use.
A separation of power between the allocation and the dynamic-real-time use of address space is beneficial for many reasons.
Historically, this separation of power has been maintained. For example, Sprint/smd's draconian filtering and aggregation policies were synergistic with address allocation policies, however, allocation rules were based upon different enforcement methods.
Allocation registries allocate 'temporary ownership' of address space, without any respect for routability of address space.
Allow the ISPs to police themselves, perhaps with assistance from ARIN/RIPE/APNIC. If they choose not to police themselves, that is their prerogative.
I would support an available list of routes or BGP feed of allocated v. unallocated space, which ISPs could subscribe to so as to self-police proper address usage. In fact, it's unclear to me how ARIN could affect the routing of others, without dictating that ISPs respect their announcements. And I certainly would not want that.
Self policing has been tried for years. It don't work. "Seperation of power" is a nice utopian ideal, but when you have IP cybersquatters out there who know how to abuse the system, they will win. I know of a case where a LIR assigned a block to an organization and revoked it a year later after the organization did not meet the standard requirements. The organization is signed on an agreement to follow the standards. The LIR revoked the IP block, but the upstream ISP continues to announce it since it is signed on an agreement with the organization to provide routing and doesn't want to risk a lawsuit from the organization. So this block is now dead in the water since it can't be reassigned to any other client since it is in pseudo-use. No ISP will risk a lawsuit by black-holing something. This has to be done by the allocation agency (ICANN or ARIN/RIPE/APNIC). -Hank
All in all, this proposal is flawed for many reasons.
The goal of keeping the internet from splintering and properly using allocated space is a good one.
This proposal is not the right way to help achieve that goal.
-alan
Thus spake Hank Nussbacher (hank@att.net.il) on or about Thu, Feb 15, 2001 at 07:31:52PM +0200:
At 22:56 12/02/01 -0800, Sean Donelan wrote:
On Mon, 12 February 2001, John Fraizer wrote:
Any time a network is caught announcing non-allocated address
space, the
registry should bill them accordingly. If they refuse to pay, the registry should yank their ASN. That would be strong encouragement to do the right thing.
Other than making it difficult for people to figure out WHOIS using that ASN, "yanking" an ASN's registration has little practical effect. You can use an un-allocated ASN almost as easily as using an un-allocated address block.
The registries, ARIN/RIPE/APNIC should announce the offending block themselves and shunt it to null0. If the offender announces a /18 then they should announce theirs as 2x/19s and thereby override the bogus /18.
I don't think the problem is so huge that a few dozen extra prefixes announced by the registries will bloat and kill the routing table size. If the registries don't do this, these cybersquatters will come thru later on and demand to keep the IP address space they have grabbed just as the .sex, and .web and all the other alternate DNSers have done.
-Hank
I know of a case where a LIR assigned a block to an organization and revoked it a year later after the organization did not meet the standard requirements. The organization is signed on an agreement to follow the standards. The LIR revoked the IP block, but the upstream ISP continues to announce it since it is signed on an agreement with the organization to provide routing and doesn't want to risk a lawsuit from the organization. So this block is now dead in the water since it can't be reassigned to any other client since it is in pseudo-use.
In this scenario you outline, combined with your proposal of a registry announcing 'black-holing routes' -- what compels the ISP to accept and act upon the routing announcement? And how does this different situation protect them from the lawsuits you suggest below?
No ISP will risk a lawsuit by black-holing something. This has to be done by the allocation agency (ICANN or ARIN/RIPE/APNIC).
Certainly there are ISPs that black hole routes for many reasons. For example, MFNX/Abovenet black hole routes which are considered sources of spam. Others are listed at http://mail-abuse.org/rbl/participants.html. -alan
On Thu, Feb 15, 2001 at 09:13:52PM +0200, Hank Nussbacher wrote:
At 10:58 15/02/01 -0800, Alan Hannan wrote:
The registries, ARIN/RIPE/APNIC should announce the offending block themselves and shunt it to null0. If the offender announces a /18 then they should announce theirs as 2x/19s and thereby override the bogus /18.
While a novel idea, I believe it is particularly dangerous to have an allocation registry strictly control operational use.
A separation of power between the allocation and the dynamic-real-time use of address space is beneficial for many reasons.
Historically, this separation of power has been maintained. For example, Sprint/smd's draconian filtering and aggregation policies were synergistic with address allocation policies, however, allocation rules were based upon different enforcement methods.
Allocation registries allocate 'temporary ownership' of address space, without any respect for routability of address space.
Allow the ISPs to police themselves, perhaps with assistance from ARIN/RIPE/APNIC. If they choose not to police themselves, that is their prerogative.
I would support an available list of routes or BGP feed of allocated v. unallocated space, which ISPs could subscribe to so as to self-police proper address usage. In fact, it's unclear to me how ARIN could affect the routing of others, without dictating that ISPs respect their announcements. And I certainly would not want that.
Self policing has been tried for years. It don't work. "Seperation of power" is a nice utopian ideal, but when you have IP cybersquatters out there who know how to abuse the system, they will win. I know of a case where a LIR assigned a block to an organization and revoked it a year later after the organization did not meet the standard requirements. The organization is signed on an agreement to follow the standards. The LIR revoked the IP block, but the upstream ISP continues to announce it since it is signed on an agreement with the organization to provide routing and doesn't want to risk a lawsuit from the organization. So this block is now dead in the water since it can't be reassigned to any other client since it is in pseudo-use.
No ISP will risk a lawsuit by black-holing something. This has to be done by the allocation agency (ICANN or ARIN/RIPE/APNIC).
So now we need someone to hold the hand of 17,000 ASes because of 1 or 2 mishaps. Rethink this please. I doubt the DFZ needs a government. If you hate it, filter them, if not ignore it. If you want to let the world know what announcements are legitimate for your netblock(s), use the RPSL and let your peers know about it. If you're lucky, you may become a posterchild or something of the sort. But I disagree with forcing a change on everyone.
-Hank
All in all, this proposal is flawed for many reasons.
The goal of keeping the internet from splintering and properly using allocated space is a good one.
This proposal is not the right way to help achieve that goal.
-alan
Thus spake Hank Nussbacher (hank@att.net.il) on or about Thu, Feb 15, 2001 at 07:31:52PM +0200:
At 22:56 12/02/01 -0800, Sean Donelan wrote:
On Mon, 12 February 2001, John Fraizer wrote:
Any time a network is caught announcing non-allocated address
space, the
registry should bill them accordingly. If they refuse to pay, the registry should yank their ASN. That would be strong encouragement to do the right thing.
Other than making it difficult for people to figure out WHOIS using that ASN, "yanking" an ASN's registration has little practical effect. You can use an un-allocated ASN almost as easily as using an un-allocated address block.
The registries, ARIN/RIPE/APNIC should announce the offending block themselves and shunt it to null0. If the offender announces a /18 then they should announce theirs as 2x/19s and thereby override the bogus /18.
I don't think the problem is so huge that a few dozen extra prefixes announced by the registries will bloat and kill the routing table size. If the registries don't do this, these cybersquatters will come thru later on and demand to keep the IP address space they have grabbed just as the .sex, and .web and all the other alternate DNSers have done.
-Hank
-- Omachonu Ogali missnglnk@informationwave.net http://www.informationwave.net
On Thu, Feb 15, 2001 at 07:31:52PM +0200, Hank Nussbacher wrote:
At 22:56 12/02/01 -0800, Sean Donelan wrote:
On Mon, 12 February 2001, John Fraizer wrote:
Any time a network is caught announcing non-allocated address space, the registry should bill them accordingly. If they refuse to pay, the registry should yank their ASN. That would be strong encouragement to do the right thing.
Other than making it difficult for people to figure out WHOIS using that ASN, "yanking" an ASN's registration has little practical effect. You can use an un-allocated ASN almost as easily as using an un-allocated address block.
The registries, ARIN/RIPE/APNIC should announce the offending block
could someone please explain the benefit of turning the registries into internet police forces? i really don't understand how this could *realistically* solve this problem, and i can imagine plenty of ways that this could become a bigger problem in itself
themselves and shunt it to null0. If the offender announces a /18 then they should announce theirs as 2x/19s and thereby override the bogus /18.
and the offending party will announce 32 /23s.. what will this solve? regards, michael -- e: michael@ele-mental.org c: +1.614.260.6716 u: www.ele-mental.org Wir fahr'n fahr'n fahr'n auf der Autobahn
participants (6)
-
Alan Hannan
-
Hank Nussbacher
-
michael thomas guldan
-
Omachonu Ogali
-
Philip Smith
-
Sean Donelan