On Aug 13, 2010, at 1:55 PM, bmanning@vacation.karoshi.com wrote:
could you provide 4 numbers for me please?
% of ARIN managed resource covered by standard RSA? % of ARIN managed legacy resource covered by legacy RSA? % of ARIN managed legacy resource not otherwise covered? % of ARIN region entities (A & B above) that have offices/relationships with other RIRs that have a divergent transfer process in place?
Bill - We'll work on generating these numbers to the extent possible for the upcoming meeting; back in April, I noted that we had about 21% of the legacy space (by total IP address count) under an LRSA (6%) or RSA (15%). For now, this is first order estimate for your second and third questions. These numbers keep going up, so we'll need some work to generate current ones for the next meeting. Regarding the last one, that's very difficult to obtain; how do you see it impacting the overall outcome? /John John Curran President and CEO ARIN
On Fri, Aug 13, 2010 at 03:43:11PM -0400, John Curran wrote:
On Aug 13, 2010, at 1:55 PM, bmanning@vacation.karoshi.com wrote:
could you provide 4 numbers for me please?
% of ARIN managed resource covered by standard RSA? % of ARIN managed legacy resource covered by legacy RSA? % of ARIN managed legacy resource not otherwise covered? % of ARIN region entities (A & B above) that have offices/relationships with other RIRs that have a divergent transfer process in place?
Bill -
We'll work on generating these numbers to the extent possible for the upcoming meeting; back in April, I noted that we had about 21% of the legacy space (by total IP address count) under an LRSA (6%) or RSA (15%). For now, this is first order estimate for your second and third questions. These numbers keep going up, so we'll need some work to generate current ones for the next meeting. Regarding the last one, that's very difficult to obtain; how do you see it impacting the overall outcome?
/John
these questions were asked in response to Owens views on the ARIN reclaimation process in the case of documented transfers outside the existing ARIN processes. my assertion to Owen was that his views would apply directly to the folks under a standard RSA. My reading of the LRSA suggests that ARIN has a much narrower remit on recovery of resources covered by that document. the third camp was/is a much thornier patch of ground, fraught w/ peril if ARIN takes action on recovery, at least imho. #4, well that sounds like fruitful ground for inter-RIR coordination. for example, if 75% of the total resource under ARIN administration is legacy, then 25% is covered by the standard RSA. Within the 75%, 6% of it is under LRSA and 15% of it is under the standard RSA. if this characterization is in ballpark, then Owens view on reclaimation only holds for ~30% of the resource under ARIN administration. Correct? --bill
On Aug 13, 2010, at 4:06 PM, <bmanning@vacation.karoshi.com> wrote:
my assertion to Owen was that his views would apply directly to the folks under a standard RSA. My reading of the LRSA suggests that ARIN has a much narrower remit on recovery of resources covered by that document. the third camp was/is a much thornier patch of ground, fraught w/ peril if ARIN takes action on recovery, at least imho. #4, well that sounds like fruitful ground for inter-RIR coordination.
for example, if 75% of the total resource under ARIN administration is legacy, then 25% is covered by the standard RSA. Within the 75%, 6% of it is under LRSA and 15% of it is under the standard RSA.
if this characterization is in ballpark, then Owens view on reclaimation only holds for ~30% of the resource under ARIN administration.
The LRSA provides specific rights which could very likely preclude reclamation in some circumstances and result in the resources then remaining as-is with address holder, i.e., this would still prevent transfer contrary to the community policy but also prevent reissue. (this occurs in the LRSA under some circumstances recognizing the history of the legacy address space with the community). Okay, to try and get some numbers back into the thread: From Leslie's Registration Services report in Toronto, pages 6 and 9: <https://www.arin.net/participate/meetings/reports/ARIN_XXV/PDF/Wednesday/Nobile_RSD.pdf> First, I note that the 700 number I used from memory for number of organizations was not correct; I gave the total signed, approved, and pending. The number 444 signed is what corresponds to the 6% under LRSA. Nicely, the actual numbers are in the report, so we see 6.49 /8 equivalents space under LRSA, out of the total legacy space of 73 /8 equivalents (page 9). The RSA space is 33 /8 equivalents, and total inventory is 106 /8 equivalents. (Randy, does this level of reporting suffice for your purposes?) So, recasting final numbers back to the original context: 63% (66.5/106) of the address space managed by ARIN is Legacy-not-under-agreement, and ARIN's action with this space is governed by the policies adopted by the community. ARIN clearly could be in a difficult situation if policies adopted needlessly result in impact to these legacy address holders. 6% (6.5/106) of the address space managed by ARIN is Legacy-under-LRSA, and has specific contractual language which may take precedence over community adopted policy (and could both prevent transfers from completing and reclamation from occurring). 31% (33/106) of the address space managed by ARIN is per-RSA, and ARIN's action with this space is clearly governed by the policies adopted by the community. /John John Curran President and CEO ARIN
On Fri, Aug 13, 2010 at 05:19:20PM -0400, John Curran wrote:
if this characterization is in ballpark, then Owens view on reclaimation only holds for ~30% of the resource under ARIN administration.
31% (33/106) of the address space managed by ARIN is per-RSA, and ARIN's action with this space is clearly governed by the policies adopted by the community.
/John
Thanks for this John. My hope is that folks will try and avoid using the courts as the arbitor in the event of dispute over right to use. --bill
On Fri, Aug 13, 2010 at 09:39:42PM +0000, bmanning@vacation.karoshi.com said:
Thanks for this John. My hope is that folks will try and avoid using the courts as the arbitor in the event of dispute over right to use.
--bill
Civil courts is one thing - criminal courts for fraudulent use might pack a bit more punch. Not sure if anyone wants to go down that road - once that happens I can see the levels of govt funding these courts wanting more control of the community if they're going to be footing the bill for policing it. I'm not a fan of 'series-of-tubes' types getting more involved in this, much less of it coming under the aegis of the 'cyberwar command centre'-or-whatever-it's- called ridiculousness that I'm sure would quickly be suggested. (Remember when simple hacking and phreaking suddenly became "terr'ism"? Namespace/terminology is everything in politics.) Something needs doing though - we personally were once the victims of another org we had a dispute with announcing our prefixes to AS701 through some legacy LOA for our block and nullrouting all incoming traffic. Not much we could do but whine and bleat at whoever would listen (was > 12 years ago, we didnt know about nanog in our clubie state at the time...). Calling 701 and asking them to shut it down was met with "we'd have to ask our superiors" and what not, and never resulted in anything. We even contacted the RCMP here in Canada, who were less clued than even we were. The offender eventually stopped 24-30 hours later and ultimately went unpunished. Can't even think of what the solution today would be other than posting to Nanog-l and bleating some more. Ideas? Without an officially sanctioned and seriously-operated 'policing' arm by and for the community, the community and individual members will remain victims of malicious activity of this nature. This does cover delinquent use for non-payment as well, all the way up to spammer and other criminal activity. Are there any BGP-related protocols that can be leveraged to provide this action, but are also resistant to tampering/exploit? (Im sure "yes" with a big "it's complicated"). I don't know what to suggest, but perhaps a more binding set of policies for ARIN members to engage in policing/responding to shutdown requests on the community's behalf and some penalties for not upholding agreements is in order. /kc -- Ken Chase - ken@heavycomputing.ca - +1 416 897 6284 - Toronto CANADA Heavy Computing - Clued bandwidth, colocation and managed linux VPS @151 Front St. W.
On Aug 13, 2010, at 6:03 PM, Ken Chase wrote:
I don't know what to suggest, but perhaps a more binding set of policies for ARIN members to engage in policing/responding to shutdown requests on the community's behalf and some penalties for not upholding agreements is in order.
Ken - Be careful what you ask for... There is a fairly significant difference between ARIN administering number resources (as a trade association based on a body of openly-developed policy) and parties deciding not to engage in business with suppliers or customers except under certain conditions. Some countries prohibit discussions of collective business actions of any form, unless the government is involved to insure that the public interest is protected. As Vadim noted, you can certainly bilaterally negotiate with another ISP regarding the nature of the routes/IP addresses/traffic that you exchange, but you might want to seek counsel before trying such on a collective basis... /John John Curran President and CEO ARIN
John et al, I have read many of your articles about the need to migrate to IPv6 and how failure to do so will impact business continuity sometime in the next 1 - 3 years. I've pressed our vendors to support IPv6 (note: keep in mind we're a DDoS mitigation firm, our needs extend beyond routers and switches) and found that it's a chicken and egg situation. Vendors are neglecting to support IPv6 because there is "no demand." I've pointed out your articles and demanded IPv6 support, some are promising results in the next several months. We will see. Meanwhile, there are hosting companies, dedicated server companies, etc. with /17 and /18 allocations who are either forging justification or wildly abusing the use of that space outside of the declared need. I know of at least a couple of companies roughly the same size as my own that fit this category. I'm actually a customer of one company that will sell a /24 without substantial justification (eg. just write "SSL web sites" in a block on the order form and you're good). Meanwhile, we have used a /21 since 2006 and to this day have not requested additional space. Instead we make more efficient use of space and avoid selling them in bulk to dedicated server customers or charge substantially for the space and let economics do the work for us. A disgusting number of companies are involved in: - Black hat SEO ("I need 2000 IP's from at least 20 different Class C's.","No","Why not, companies A, B, and C are offering this for $X") - IRC virtual host abuse ("My customers want 2 x Class C per shell server for their bots and vhosts","No","OK fine, we'll buy one from Company X for $Y") ARIN needs to investigate these companies and start reclaiming space. Pose as a customer, see if they'll sell you a /24 or shorter on a dedicated server for some arbitrary reason, and if so they're busted.
From there launch a full investigation and start reclaiming space.
The other day I had a customer asking if he could buy a /16 for some ungodly reason. Best regards, Jeff On Sat, Aug 14, 2010 at 4:08 AM, John Curran <jcurran@arin.net> wrote:
On Aug 13, 2010, at 6:03 PM, Ken Chase wrote:
I don't know what to suggest, but perhaps a more binding set of policies for ARIN members to engage in policing/responding to shutdown requests on the community's behalf and some penalties for not upholding agreements is in order.
Ken -
Be careful what you ask for... There is a fairly significant difference between ARIN administering number resources (as a trade association based on a body of openly-developed policy) and parties deciding not to engage in business with suppliers or customers except under certain conditions. Some countries prohibit discussions of collective business actions of any form, unless the government is involved to insure that the public interest is protected.
As Vadim noted, you can certainly bilaterally negotiate with another ISP regarding the nature of the routes/IP addresses/traffic that you exchange, but you might want to seek counsel before trying such on a collective basis...
/John
John Curran President and CEO ARIN
-- Jeffrey Lyon, Leadership Team jeffrey.lyon@blacklotus.net | http://www.blacklotus.net Black Lotus Communications of The IRC Company, Inc. Follow us on Twitter at http://twitter.com/ddosprotection to find out about news, promotions, and (gasp!) system outages which are updated in real time. Platinum sponsor of HostingCon 2010. Come to Austin, TX on July 19 - 21 to find out how to "protect your booty."
On Aug 14, 2010, at 12:12 AM, Jeffrey Lyon wrote:
ARIN needs to investigate these companies and start reclaiming space. Pose as a customer, see if they'll sell you a /24 or shorter on a dedicated server for some arbitrary reason, and if so they're busted.
From there launch a full investigation and start reclaiming space.
Jeff - Yes and No. Yes, we'd like to know if you believe that an organization is forging their address space justification. We always do some cross-checking and verification but it is not foolproof. No, we will not pose as a customer, although we will verify some customer assignments and speak with them. If we find evidence of fraud in company's request to ARIN, we will perform resource review and have them return space to match what they should have received (as described in <https://www.arin.net/policy/nrpm.html> NRPM section 12). We will also make certain that future requests are very closely reviewed. Recognize that these creative hosting firms are also businesses with customers, and reclaiming IP space out from under them to impact customers isn't the intent of policy. We do occasionally have egregious acts (e.g. where the "ISP" turns out to be simply a purveyor of IP addresses to online marketing firms), and circumstances such as those are where reclamation is used. Does that clarify things? /John John Curran President and CEO ARIN
John, I have privately e-mailed you 5 x /18 and 3 x /19 that are being abused. If ARIN takes action against even one of these allocations I will commend you publicly. I'll go do the investigation for you if you need evidence. Best regards, Jeff On Sat, Aug 14, 2010 at 9:07 AM, John Curran <jcurran@arin.net> wrote:
On Aug 14, 2010, at 12:12 AM, Jeffrey Lyon wrote:
ARIN needs to investigate these companies and start reclaiming space. Pose as a customer, see if they'll sell you a /24 or shorter on a dedicated server for some arbitrary reason, and if so they're busted.
From there launch a full investigation and start reclaiming space.
Jeff -
Yes and No.
Yes, we'd like to know if you believe that an organization is forging their address space justification. We always do some cross-checking and verification but it is not foolproof.
No, we will not pose as a customer, although we will verify some customer assignments and speak with them. If we find evidence of fraud in company's request to ARIN, we will perform resource review and have them return space to match what they should have received (as described in <https://www.arin.net/policy/nrpm.html> NRPM section 12). We will also make certain that future requests are very closely reviewed. Recognize that these creative hosting firms are also businesses with customers, and reclaiming IP space out from under them to impact customers isn't the intent of policy. We do occasionally have egregious acts (e.g. where the "ISP" turns out to be simply a purveyor of IP addresses to online marketing firms), and circumstances such as those are where reclamation is used.
Does that clarify things? /John
John Curran President and CEO ARIN
-- Jeffrey Lyon, Leadership Team jeffrey.lyon@blacklotus.net | http://www.blacklotus.net Black Lotus Communications of The IRC Company, Inc. Follow us on Twitter at http://twitter.com/ddosprotection to find out about news, promotions, and (gasp!) system outages which are updated in real time. Platinum sponsor of HostingCon 2010. Come to Austin, TX on July 19 - 21 to find out how to "protect your booty."
On Aug 14, 2010, at 1:00 AM, Jeffrey Lyon wrote:
John,
I have privately e-mailed you 5 x /18 and 3 x /19 that are being abused. If ARIN takes action against even one of these allocations I will commend you publicly. I'll go do the investigation for you if you need evidence.
I'm not seeking commendation, but thanks for the thought. Whether action will be taken will be based on the findings, and while many people are indeed disappointed that we act less often than desired, I think folks understand why we need to be rather cautious in this area. /John John Curran President and CEO ARIN
On Aug 13, 2010, at 9:12 PM, Jeffrey Lyon wrote:
Vendors are neglecting to support IPv6 because there is "no demand."
It would probably be useful to be public about which vendors are still saying there is no demand for IPv6.
Meanwhile, there are hosting companies, dedicated server companies, etc. with /17 and /18 allocations who are either forging justification or wildly abusing the use of that space outside of the declared need.
It is and always has been trivial to come up with justifications for pretty much anything, regardless of reality. The RIRs do not have the staff or resources to go into requesters and audit them to verify they aren't lying through their teeth. The RIR system fundamentally relies on trust. Always has and always will. Customers of the RIRs must trust that the RIRs are "doing the right thing" and the RIRs must trust that their customers are not "abusing the system". In a world of plentiful resources, this works fine since the costs of abusing the system (on either side) generally outweigh the benefits. To state the obvious, we're (very) soon no longer going to be in a world of plentiful resources. I would be very surprised if the outcome in the addressing world is any different than any other situation where you have a scarce resource and lots of folks with need of that resource. You seem to be suggesting that ARIN (and presumably the other RIRs) invest more in policing the address space and otherwise regulating the market. How much are you willing to pay for that service? Regards, -drc
You seem to be suggesting that ARIN (and presumably the other RIRs) invest more in policing the address space and otherwise regulating the market. How much are you willing to pay for that service?
and how would it make the internet any better? randy
I'm not sure it would make the internet better but it would reinforce integrity in a general sense. If we're to get away with lying on justification I might as well go grab a few /18's before the last /8 is issued. Jeff On Sat, Aug 14, 2010 at 9:36 AM, Randy Bush <randy@psg.com> wrote:
You seem to be suggesting that ARIN (and presumably the other RIRs) invest more in policing the address space and otherwise regulating the market. How much are you willing to pay for that service?
and how would it make the internet any better?
randy
-- Jeffrey Lyon, Leadership Team jeffrey.lyon@blacklotus.net | http://www.blacklotus.net Black Lotus Communications of The IRC Company, Inc. Follow us on Twitter at http://twitter.com/ddosprotection to find out about news, promotions, and (gasp!) system outages which are updated in real time. Platinum sponsor of HostingCon 2010. Come to Austin, TX on July 19 - 21 to find out how to "protect your booty."
On Aug 13, 2010, at 9:12 PM, Jeffrey Lyon wrote:
John et al,
I have read many of your articles about the need to migrate to IPv6 and how failure to do so will impact business continuity sometime in the next 1 - 3 years. I've pressed our vendors to support IPv6 (note: keep in mind we're a DDoS mitigation firm, our needs extend beyond routers and switches) and found that it's a chicken and egg situation. Vendors are neglecting to support IPv6 because there is "no demand." I've pointed out your articles and demanded IPv6 support, some are promising results in the next several months. We will see.
I was at a trade show several months back. I watched a series of people walk up to a vendor and each, in turn, asked about IPv6 support. The vendor told each, in turn, "You're the only one asking for it." I walked up to the vendor and took my turn being told "You're the only one asking for it." I pointed out that I had seen the other people get the same answer. The sales person admitted he was caught red handed and explained "We're working on it, but, we don't have a definite date and so our marketing department has told us to downplay the demand and the importance until we have something more definitive."
Meanwhile, there are hosting companies, dedicated server companies, etc. with /17 and /18 allocations who are either forging justification or wildly abusing the use of that space outside of the declared need.
Then those cases should be submitted to the fraud/abuse reporting process so they can be investigated and resolved. Owen
On 08/14/2010 11:27 AM, Owen DeLong wrote:
I was at a trade show several months back. I watched a series of people walk up to a vendor and each, in turn, asked about IPv6 support. The vendor told each, in turn, "You're the only one asking for it."
I walked up to the vendor and took my turn being told "You're the only one asking for it." I pointed out that I had seen the other people get the same answer. The sales person admitted he was caught red handed and explained "We're working on it, but, we don't have a definite date and so our marketing department has told us to downplay the demand and the importance until we have something more definitive."
What company was that? I find it rather odd that any marketing group in any company would tell a sales team to downplay a possible future migration path; especially in the case of IP6 which isn't a possible future migration strategy, but IS a future migration strategy. That's one company I don't want to do business with if that's what they are telling their sales team...shows lack of a road map and a total lack of any understanding of this industry!
On Aug 14, 2010, at 8:47 AM, Bret Clark wrote:
On 08/14/2010 11:27 AM, Owen DeLong wrote:
I was at a trade show several months back. I watched a series of people walk up to a vendor and each, in turn, asked about IPv6 support. The vendor told each, in turn, "You're the only one asking for it."
I walked up to the vendor and took my turn being told "You're the only one asking for it." I pointed out that I had seen the other people get the same answer. The sales person admitted he was caught red handed and explained "We're working on it, but, we don't have a definite date and so our marketing department has told us to downplay the demand and the importance until we have something more definitive."
What company was that? I find it rather odd that any marketing group in any company would tell a sales team to downplay a possible future migration path; especially in the case of IP6 which isn't a possible future migration strategy, but IS a future migration strategy. That's one company I don't want to do business with if that's what they are telling their sales team...shows lack of a road map and a total lack of any understanding of this industry!
I won't name names as that company has since changed their tune and there is nothing to be gained by publicly embarrassing them. Owen
This week I was told by my sales person at Red Condor that I'm the only one of his customers that is asking for IPv6. He sounded annoyed and it seemed like he was trying to make me feel bad for being the "only oddball" pushing the IPv6 feature requirement. I tried to explain to him that by this time next year IANA will likely have handed out all their IPv4 blocks and that I didn't have the time spend the first half of 2011 implementing IPv6 across my $DAYJOB network, but wanted to spread that work over time. To his credit, it's been on their to-do list for at least 6 months if not a year, it's just been pushed back several quarters. Frank -----Original Message----- From: Owen DeLong [mailto:owen@delong.com] Sent: Saturday, August 14, 2010 10:27 AM To: Jeffrey Lyon Cc: John Curran; nanog@nanog.org; Ken Chase Subject: Re: Lightly used IP addresses On Aug 13, 2010, at 9:12 PM, Jeffrey Lyon wrote:
John et al,
I have read many of your articles about the need to migrate to IPv6 and how failure to do so will impact business continuity sometime in the next 1 - 3 years. I've pressed our vendors to support IPv6 (note: keep in mind we're a DDoS mitigation firm, our needs extend beyond routers and switches) and found that it's a chicken and egg situation. Vendors are neglecting to support IPv6 because there is "no demand." I've pointed out your articles and demanded IPv6 support, some are promising results in the next several months. We will see.
I was at a trade show several months back. I watched a series of people walk up to a vendor and each, in turn, asked about IPv6 support. The vendor told each, in turn, "You're the only one asking for it." I walked up to the vendor and took my turn being told "You're the only one asking for it." I pointed out that I had seen the other people get the same answer. The sales person admitted he was caught red handed and explained "We're working on it, but, we don't have a definite date and so our marketing department has told us to downplay the demand and the importance until we have something more definitive." <snip> Owen
On Sat, 14 Aug 2010, Frank Bulk wrote:
This week I was told by my sales person at Red Condor that I'm the only one of his customers that is asking for IPv6. He sounded annoyed and it seemed like he was trying to make me feel bad for being the "only oddball" pushing the IPv6 feature requirement.
FWIW, I asked the same question. My guy was polite, but w/o info. John Springer
On 16/08/10 09:47 -0700, John Springer wrote:
On Sat, 14 Aug 2010, Frank Bulk wrote:
This week I was told by my sales person at Red Condor that I'm the only one of his customers that is asking for IPv6. He sounded annoyed and it seemed like he was trying to make me feel bad for being the "only oddball" pushing the IPv6 feature requirement.
FWIW, I asked the same question. My guy was polite, but w/o info.
John Springer
Hi Frank, I was actually told that there was some demand for it, and that they were targeting 2011 for support, which was acknowledged when I brought it up again in a difference conference call. I'll note that they just got bought out, which may change their priorities, for better or worse. -- Dan White
to make it easiest to understand, i might grind it up into /24 equivalents and present as percentages Type % of all space % of type space % of total holders % of type holders RSA 31% no-RSA LRSA 6% no-LRSA ...
% of ARIN managed resource covered by standard RSA? % of ARIN managed legacy resource covered by legacy RSA? % of ARIN managed legacy resource not otherwise covered? % of ARIN region entities (A & B above) that have offices/relationships with other RIRs that have a divergent transfer process in place?
We'll work on generating these numbers to the extent possible for the upcoming meeting; back in April, I noted that we had about 21% of the legacy space (by total IP address count) under an LRSA (6%) or RSA (15%). For now, this is first order estimate for your second and third questions.
% of space and % of holders, please randy
On Aug 13, 2010, at 4:18 PM, Randy Bush wrote:
We'll work on generating these numbers to the extent possible for the upcoming meeting; back in April, I noted that we had about 21% of the legacy space (by total IP address count) under an LRSA (6%) or RSA (15%). For now, this is first order estimate for your second and third questions.
% of space and % of holders, please
I gave % of space in the April numbers above (the number of holders at that time was approximately 700 of estimated 18000) /John John Curran President and CEO ARIN
We'll work on generating these numbers to the extent possible for the upcoming meeting; back in April, I noted that we had about 21% of the legacy space (by total IP address count) under an LRSA (6%) or RSA (15%). For now, this is first order estimate for your second and third questions.
% of space and % of holders, please
I gave % of space in the April numbers above
i am literate, even at this hour
the number of holders at that time was approximately 700 of estimated 18000
thanks. but i meant when you report at meeting, on web site, whatever. please report both, not just the one with the larger number. randy
participants (11)
-
bmanning@vacation.karoshi.com
-
Bret Clark
-
Dan White
-
David Conrad
-
Frank Bulk
-
Jeffrey Lyon
-
John Curran
-
John Springer
-
Ken Chase
-
Owen DeLong
-
Randy Bush