Revised 2007-01 moved back to Review Period (Direct Internet Resource Assignments to End Users from the RIPE NCC)
PDP Number: 2007-01 Direct Internet Resource Assignments to End Users from the RIPE NCC Dear Colleagues, The new version of the proposal described in 2007-01 has now been published and is moved back to Review Period. Also, the new draft document "Contractual Requirements for Provider Independent Resource Holders in the RIPE NCC Service Region" has been published. This document describes the contractual requirements necessary for End Users of provider independent resources and also speaks to the status of pre-existing assignments. You can find the full proposal at: http://ripe.net/ripe/policies/proposals/2007-01.html and the draft documents at: http://ripe.net/ripe/draft-documents/ripe-424-draft-2007-01-v3.html http://ripe.net/ripe/draft-documents/ripe-421-draft.html http://ripe.net/ripe/draft-documents/ripe-389-draft.html http://ripe.net/ripe/draft-documents/ripe-new-draft-2007-01-v3.html We encourage you to review this revised policy proposal and the draft documents and send your comments to address-policy-wg@ripe.net before 24 July 2008. Regards, Ana Matic RIPE NCC
Hi APWG folks, this proposal keep being difficult for our processes. We got a rebound from the WG chair collective, because they felt that there was no explicit consensus for version *2* of the proposal, which had some signficant changes (inclusion of ERX in the text). Now this is v3, trying to work out the last wrinkles, and get it through the process properly, and we got *NO* comments on it. "No comments" does not mean "consensus". It means "nobody is interested, leave us alone with this". I think that this is a very important milestone, and it needs good backing by the community (or if you don't want it, it should be explicitely torn down). The main difference v2 -> v3 is that ERX space has been completely taken out [because RIPE has no legal basis to enforce anything - we'll come back to this with a new proposal], and that there is a *new* document that describes what to do with existing end-user assignments - which has exactly the same intent as v2, but we can't put requirements for existing assignments into a "new assignments" documents, so this needed cleaning up. So - please read the documents, as referenced in Ana's mail below, and then explicitely voice agreement or disagreement with 2007-01 v3. thanks, Gert Doering, APWG Chair On Thu, Jun 26, 2008 at 04:22:44PM +0200, Ana Matic wrote:
PDP Number: 2007-01 Direct Internet Resource Assignments to End Users from the RIPE NCC
Dear Colleagues,
The new version of the proposal described in 2007-01 has now been published and is moved back to Review Period.
Also, the new draft document "Contractual Requirements for Provider Independent Resource Holders in the RIPE NCC Service Region" has been published. This document describes the contractual requirements necessary for End Users of provider independent resources and also speaks to the status of pre-existing assignments.
You can find the full proposal at:
http://ripe.net/ripe/policies/proposals/2007-01.html
and the draft documents at:
http://ripe.net/ripe/draft-documents/ripe-424-draft-2007-01-v3.html http://ripe.net/ripe/draft-documents/ripe-421-draft.html http://ripe.net/ripe/draft-documents/ripe-389-draft.html http://ripe.net/ripe/draft-documents/ripe-new-draft-2007-01-v3.html
We encourage you to review this revised policy proposal and the draft documents and send your comments to address-policy-wg@ripe.net before 24 July 2008.
Regards,
Ana Matic RIPE NCC
Gert Doering -- NetMaster -- Total number of prefixes smaller than registry allocations: 110584 SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279
* Gert Doering wrote:
Now this is v3, trying to work out the last wrinkles, and get it through the process properly, and we got *NO* comments on it.
In order to prevent a drop of the proposal soley by not commenting it: First of all, I support this proposal. Historic experience shows, that direct assigned ressources are lost, because nobody can determine who is using the ressource currently. This 2007-1 (v3) solves this issue for new assignments. Especially the point of forbitten subassignments make me happy. To tell a story from this week: A customer changed his internet connection to us and choosed to exchange his PI to PA. I run into trouble giving the PI back: The inetnum won't disappear for months. On request I was told, that this PI space was never given out, but part of an larger block. Fortunely the admins of the assigned PI space does exists and respond, so the inetnum could be deleted this week. It's interesting to see, that there was no connection between the assigned PI and the subassigned PI anymore. The was a reseller chain for at least three companies, all of them does not exist anymore (one was gone in 1997). In summary 2007-1 (v3) does solve a real issue, so I support it.
The main difference v2 -> v3 is that ERX space has been completely taken out [because RIPE has no legal basis to enforce anything - we'll come back to this with a new proposal], and that there is a *new* document that describes what to do with existing end-user assignments - which has exactly the same intent as v2, but we can't put requirements for existing assignments into a "new assignments" documents, so this needed cleaning up.
I still think that we are making this more complex than it needs to be and the language is horrible. How hard is it to say: All applicants for Provider Independent resources must have a signed contract with RIPE or with an LIR before receiving such resources. Existing holders of Provider Independent resources received from RIPE LIRs or from RIPE, must sign a contract with RIPE or with an LIR before 01Dec2009 or RIPE will take back the resources. One improvement would be to give the standard contract a name like ARIN does. They call their contract a Registration Services Agreement or RSA. This allows them to say things in plain English such as "An RSA must be signed before ARIN will issue resources to the applicant". If we use the term RSA, then it seems to me this policy is trying to say: - All applicants for Provider Independent resources must sign an RSA before receiving any resources. - Any existing holders of Provider Independent resources must sign an RSA before The-End-Date or RIPE will take back their resources. - An RSA can be signed with RIPE or with an LIR. - If a PI resource holder ceases their business relationship with an LIR, then they must sign an RSA with a new LIR or with RIPE within 2 months or RIPE will take back their resources. - RIPE will provide a standard RSA contract for LIRs to use. - The RSA will include: - point a - point b - etc. But the language is unclear so I'm not sure. Also there are some things that don't make sense to me. Why is the applicant responsible for making sure that a contract is signed. RIPE or the LIR should be responsible for making sure that a contract is in place before resources are issued. And RIPE or the LIRs should be responsible for chasing existing resource holders to get contracts signed. So, in general I support the ideas behind this policy. I just wish that it was structured differently and written more clearly. --Michael Dillon P.S. my comments about language have nothing to do with the fact that it is in English. I would say the same things if it were in French or German.
Gert, On Thu, Jul 10, 2008 at 09:28:31AM +0200, Gert Doering wrote:
So - please read the documents, as referenced in Ana's mail below, and then explicitely voice agreement or disagreement with 2007-01 v3.
I support the proposal, with the documents as they in the v3 draft. -- Shane
Hello,
So - please read the documents, as referenced in Ana's mail below, and then explicitely voice agreement or disagreement with 2007-01 v3.
I fully support 2007-01 *v3* in the form it has been proposed. Bernhard
Hi altogether, Gert Doering schrieb:
Hi APWG folks,
this proposal keep being difficult for our processes.
We got a rebound from the WG chair collective, because they felt that there was no explicit consensus for version *2* of the proposal, which had some signficant changes (inclusion of ERX in the text).
Now this is v3, trying to work out the last wrinkles, and get it through the process properly, and we got *NO* comments on it.
"No comments" does not mean "consensus". It means "nobody is interested, leave us alone with this".
I think that this is a very important milestone, and it needs good backing by the community (or if you don't want it, it should be explicitely torn down).
The main difference v2 -> v3 is that ERX space has been completely taken out [because RIPE has no legal basis to enforce anything - we'll come back to this with a new proposal], and that there is a *new* document that describes what to do with existing end-user assignments - which has exactly the same intent as v2, but we can't put requirements for existing assignments into a "new assignments" documents, so this needed cleaning up.
So - please read the documents, as referenced in Ana's mail below, and then explicitely voice agreement or disagreement with 2007-01 v3.
thanks, [...]
the PDP we have starts to annoy me over this proposal. Very sad. My clear p.o.v., as private netizen, as consultant and as LIR still is: We need a contractual relationship in those cases we're talking about here. So i still support this proposal - "2007-01 v3", even though i'm a little unhappy about all the redesigns and the political debate around it. I still have one or two issues with the details, too (like we still don't have actual NUMBERS as in $$$ etc.), but i'm not that self-centric to stop the whole process about that. If there's a problem, we can start again from there, AFTER THIS IS FINALLY IMPLEMENTED. Policies can be CHANGED again guys... politicians do it all the time... PLEASE go on with this, now. It's a start at least. -- ======================================================================== = Sascha Lenz SLZ-RIPE slz@baycix.de = = Network Design & Operations = = BayCIX GmbH, Landshut * PGP public Key on demand * = ========================================================================
Sascha and all, Sure changing policies can be done on a daily basis. But what does that say for stability? Not much IMO. Setting a good long term policy is far better and again IMHO, necessary. Sascha Lenz wrote:
Hi altogether,
Gert Doering schrieb:
Hi APWG folks,
this proposal keep being difficult for our processes.
We got a rebound from the WG chair collective, because they felt that there was no explicit consensus for version *2* of the proposal, which had some signficant changes (inclusion of ERX in the text).
Now this is v3, trying to work out the last wrinkles, and get it through the process properly, and we got *NO* comments on it.
"No comments" does not mean "consensus". It means "nobody is interested, leave us alone with this".
I think that this is a very important milestone, and it needs good backing by the community (or if you don't want it, it should be explicitely torn down).
The main difference v2 -> v3 is that ERX space has been completely taken out [because RIPE has no legal basis to enforce anything - we'll come back to this with a new proposal], and that there is a *new* document that describes what to do with existing end-user assignments - which has exactly the same intent as v2, but we can't put requirements for existing assignments into a "new assignments" documents, so this needed cleaning up.
So - please read the documents, as referenced in Ana's mail below, and then explicitely voice agreement or disagreement with 2007-01 v3.
thanks, [...]
the PDP we have starts to annoy me over this proposal. Very sad.
My clear p.o.v., as private netizen, as consultant and as LIR still is:
We need a contractual relationship in those cases we're talking about here. So i still support this proposal - "2007-01 v3", even though i'm a little unhappy about all the redesigns and the political debate around it.
I still have one or two issues with the details, too (like we still don't have actual NUMBERS as in $$$ etc.), but i'm not that self-centric to stop the whole process about that. If there's a problem, we can start again from there, AFTER THIS IS FINALLY IMPLEMENTED. Policies can be CHANGED again guys... politicians do it all the time...
PLEASE go on with this, now. It's a start at least.
-- ======================================================================== = Sascha Lenz SLZ-RIPE slz@baycix.de = = Network Design & Operations = = BayCIX GmbH, Landshut * PGP public Key on demand * = ========================================================================
Regards, Spokesman for INEGroup LLA. - (Over 281k members/stakeholders strong!) "Obedience of the law is the greatest freedom" - Abraham Lincoln "Credit should go with the performance of duty and not with what is very often the accident of glory" - Theodore Roosevelt "If the probability be called P; the injury, L; and the burden, B; liability depends upon whether B is less than L multiplied by P: i.e., whether B is less than PL." United States v. Carroll Towing (159 F.2d 169 [2d Cir. 1947] =============================================================== Updated 1/26/04 CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS. div. of Information Network Eng. INEG. INC. ABA member in good standing member ID 01257402 E-Mail jwkckid1@ix.netcom.com My Phone: 214-244-4827
Hi again, Jeffrey A. Williams schrieb:
Sascha and all,
Sure changing policies can be done on a daily basis. But what does that say for stability? Not much IMO. Setting a good long term policy is far better and again IMHO, necessary.
Sascha Lenz wrote: [...]
things are constantly changing; change is good if it's for the better. Policies get changed all the time if the need arises. That has nothing to do with stability, since there is no stability. <philosophy> Stability can also be bad, we wouldn't even exist if everything was in perfect equilibration. </philosophy> ==> This damned little discussion about absolutely irrelevant details currently hinders the further policy development long enought now, like - amongst other things - the "PIv6 policy". This is not acceptable any longer! Please folks, let us put this version in place now. You can continue your discussions later, noone will get instantly shot, no IP space will be withdrawn and noone will have to file bankruptcy at least for a while :-) after the policy is in place. There is absolutely no sane reason why we wouldn't go on with this version now for starters. It's as good as any other possible version, you won't reach 100% consensus at any given time. -- ======================================================================== = Sascha Lenz SLZ-RIPE slz@baycix.de = = Network Design & Operations = = BayCIX GmbH, Landshut * PGP public Key on demand * = ========================================================================
* Ana Matic:
What's the status of EARLY-REGISTRATION space with regards to sub-assignment and the establishment of contracts?
http://ripe.net/ripe/draft-documents/ripe-new-draft-2007-01-v3.html
I don't think recovering resources from unwilling end users is a good way to spend the membership fees. (I don't speak for any member, though.) And unless there is a clear incentive (which I don't see--the thread of revoking the assignment is not particularly convincing), a lot of end users will be unwilling.
Hi, On Thu, Jul 10, 2008 at 10:11:59AM +0200, Florian Weimer wrote:
What's the status of EARLY-REGISTRATION space with regards to sub-assignment and the establishment of contracts?
Well, the "new document" draft very clearly states this:
http://ripe.net/ripe/draft-documents/ripe-new-draft-2007-01-v3.html
----------- quote ---------- 1.1 Scope This policy document describes the contractual requirements for End Users of provider independent resources which have been assigned either directly by the RIPE NCC or through a Local Internet Registry in the RIPE NCC Service area. ----------- quote ---------- As ERX space has not been assigned by the RIPE NCC or a RIPE LIR, it is not covered by v3 of the 2007-01 proposal. We will come up with a new proposal how to handle ERX space (which is not yet written and thus cannot be discussed yet). Regarding sub-assignments of ERX space: I'm not sure exactly how the policy is right now, but since we're not going to touch ERX anyway, so nothing would change there.
I don't think recovering resources from unwilling end users is a good way to spend the membership fees. (I don't speak for any member, though.) And unless there is a clear incentive (which I don't see--the thread of revoking the assignment is not particularly convincing), a lot of end users will be unwilling.
One of the incentives would be "without a clear contractual relationship, we can't give out a certificate for this resource". The main focus for the implementation is "new resource assignments", of course, but for consistency reasons it's important to have a plan how to tackle existing stuff. Gert Doering -- NetMaster -- Total number of prefixes smaller than registry allocations: 110584 SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279
* Gert Doering:
We will come up with a new proposal how to handle ERX space (which is not yet written and thus cannot be discussed yet).
It would make sense to handle this in the same document because some LIRs have converted EARLY-REGISTRATION to to ASSIGNED PI and some didn't.
I don't think recovering resources from unwilling end users is a good way to spend the membership fees. (I don't speak for any member, though.) And unless there is a clear incentive (which I don't see--the thread of revoking the assignment is not particularly convincing), a lot of end users will be unwilling.
One of the incentives would be "without a clear contractual relationship, we can't give out a certificate for this resource".
What kind of certificate? All RIPE policies say that the address space might not be usable for routing purposes. 2007-01, if implemented, could lead to competing claims of ownership for an address block which cannot be dismissed immediately as without merit.
The main focus for the implementation is "new resource assignments", of course, but for consistency reasons it's important to have a plan how to tackle existing stuff.
I see no consistency here because ERX and PA waste is totally ignored. Focusing on new assignments only would actually improve consistency.
Florian, [ I realize the contents of this post may be somewhat controversial. In fact, I expect most people to oppose the basic ideas. ] On Thu, Jul 10, 2008 at 10:11:59AM +0200, Florian Weimer wrote:
http://ripe.net/ripe/draft-documents/ripe-new-draft-2007-01-v3.html
I don't think recovering resources from unwilling end users is a good way to spend the membership fees. (I don't speak for any member, though.) And unless there is a clear incentive (which I don't see--the thread of revoking the assignment is not particularly convincing), a lot of end users will be unwilling.
I also don't speak for any member, but I think revoking assignments is a fantastic idea. In fact, I don't see how it makes sense to do otherwise. Someone claims to be the authorized user of some addresses. *Nobody* has any relationship wth this person. The only evidence you have is that at one time in the past someone was assigned the addresses. Sure, I can call the people peering with the originator of the advertisement, and see why they are carrying the traffic. They might or might not be willing to give me that information, or privacy or business reasons. Also, all because it is convenient for them to carry the advertisements does not mean somebody else won't do the same thing for the same space for a different originator. And finally, we have a perfectly workable system so I don't *have* to go through this kind of nonsense: the RIR system. If people are unwilling to sign a contract which basically says, "I am using this address space", then take their space back. It's not scary, really. Revokation is a good thing. -- Shane
Shane, On 10/07/2008 11:58, "Shane Kerr" <shane@time-travellers.org> wrote: [...]
If people are unwilling to sign a contract which basically says, "I am using this address space", then take their space back. It's not scary, really.
Revokation is a good thing.
What would you propose the RIPE NCC do with revoked address space assignments? Should they just keep them in a "sin bin" or should they allocate or assign the address space to other network operators? Regards, Leo Vegoda
What would you propose the RIPE NCC do with revoked address space assignments? Should they just keep them in a "sin bin" or should they allocate or assign the address space to other network operators?
sell them at a price high enough to pay for some extremely large lawyer bills. randy
Randy and all, Is your suggestion a joke? I hope so. If not, it certainly isn't wise or ethical as such would only be passing on to unsuspecting recipients problems that were not originated by them. Bad policy! Randy Bush wrote:
What would you propose the RIPE NCC do with revoked address space assignments? Should they just keep them in a "sin bin" or should they allocate or assign the address space to other network operators?
sell them at a price high enough to pay for some extremely large lawyer bills.
randy
Regards, Spokesman for INEGroup LLA. - (Over 281k members/stakeholders strong!) "Obedience of the law is the greatest freedom" - Abraham Lincoln "Credit should go with the performance of duty and not with what is very often the accident of glory" - Theodore Roosevelt "If the probability be called P; the injury, L; and the burden, B; liability depends upon whether B is less than L multiplied by P: i.e., whether B is less than PL." United States v. Carroll Towing (159 F.2d 169 [2d Cir. 1947] =============================================================== Updated 1/26/04 CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS. div. of Information Network Eng. INEG. INC. ABA member in good standing member ID 01257402 E-Mail jwkckid1@ix.netcom.com My Phone: 214-244-4827
On Fri, Jul 11, 2008 at 04:58:41PM +0900, Randy Bush wrote:
What would you propose the RIPE NCC do with revoked address space assignments? Should they just keep them in a "sin bin" or should they allocate or assign the address space to other network operators?
sell them at a price high enough to pay for some extremely large lawyer bills.
Why would there be large lawyer bills? Wouldn't it be much, MUCH cheaper to simply sign a contract with the RIPE NCC saying "I am the assignee of this space" rather than spend money on laywers? -- Shane
Why would there be large lawyer bills? Wouldn't it be much, MUCH cheaper to simply sign a contract with the RIPE NCC saying "I am the assignee of this space" rather than spend money on laywers?
all depends on the actual agreement. the devil is in the details. randy
* Shane Kerr:
Why would there be large lawyer bills? Wouldn't it be much, MUCH cheaper to simply sign a contract with the RIPE NCC saying "I am the assignee of this space" rather than spend money on laywers?
The real fun starts when RIPE recovers address space, reassigns it, and the depossessed party starts to sue the new owner. (Please substitute mentally the correct concept for "owning".)
Florian and all, Exactly right. Again a expected result of poor leadership, rule making, and enforcment of however poor rules that may be in place. The other problem is the ever changing of the rules/contracts that leads to confusion and begins a circular conflagration as well as a level of inconsistance of rules between RIR's. Florian Weimer wrote:
* Shane Kerr:
Why would there be large lawyer bills? Wouldn't it be much, MUCH cheaper to simply sign a contract with the RIPE NCC saying "I am the assignee of this space" rather than spend money on laywers?
The real fun starts when RIPE recovers address space, reassigns it, and the depossessed party starts to sue the new owner.
(Please substitute mentally the correct concept for "owning".)
Regards, Spokesman for INEGroup LLA. - (Over 281k members/stakeholders strong!) "Obedience of the law is the greatest freedom" - Abraham Lincoln "Credit should go with the performance of duty and not with what is very often the accident of glory" - Theodore Roosevelt "If the probability be called P; the injury, L; and the burden, B; liability depends upon whether B is less than L multiplied by P: i.e., whether B is less than PL." United States v. Carroll Towing (159 F.2d 169 [2d Cir. 1947] =============================================================== Updated 1/26/04 CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS. div. of Information Network Eng. INEG. INC. ABA member in good standing member ID 01257402 E-Mail jwkckid1@ix.netcom.com My Phone: 214-244-4827
The real fun starts when RIPE recovers address space, reassigns it, and the depossessed party starts to sue the new owner.
(Please substitute mentally the correct concept for "owning".)
We are heading towards address resource scarcity. Fights have a habit of breaking out when people jostle for scarce resources. Are you saying that revocation shouldn't happen? It means that all assignments are given in perpetuity, unless the holder explicitly hands the address space back. If the address space isn't used, or if the holder disappears, then the address space is lost forever. It's a memory leak which needs to be fixed. Nick -- Network Ability Ltd. | Head of Operations | Tel: +353 1 6169698 3 Westland Square | INEX - Internet Neutral | Fax: +353 1 6041981 Dublin 2, Ireland | Exchange Association | Email: nick@inex.ie
Nick Hilliard wrote:
Are you saying that revocation shouldn't happen? It means that all assignments are given in perpetuity, unless the holder explicitly hands the address space back. If the address space isn't used, or if the holder disappears, then the address space is lost forever. It's a memory leak which needs to be fixed.
And even with knowing the v4 situation, als RIRs seem to be running into the same trap yet again, eyes closed ... Apart from technical issues (like e.g. no recommendations as to IP usage - do I need to quote people advocating use of /64 for PTP-Transfernetworks? How many machines do they actually expect to see on a Point-to-Point link?) Why not start doing it right while we still can - at least RIPE doesn't have PIv6 yet, so when better to start (and that is for all RIRs) ... Hand out PI only with either a reasonable yearly renewal fee (billed to the user, not the LIR getting it for them), or at least implement an active renewal policy - once a year, a user/company has 3 months to confirm continued use by a simple web interface (should take less than a week's work to program), with 3 final notices reminding them to actively do confirm use. If they don't answer or don't exist anymore, the space is automatically returned to the RIR for reuse (possibly with some internal grace period), as they obviously don't need it anymore. Also, put this in the contract and you're pretty much safe. Is this really so hard to implement? Is there any provider that could be opposed to such a handling? After all, any of you having PA already are in the same position - you pay yearly dues to keep your IP space. The same should apply to already given out PI space, though I do understand the problem of contacting owners of some ancient PI registrations - but maybe some legal advocate could point out whether the requirement to have your RIPE db data up to date could be used as a basis to reclaim IP space from people that can't be contacted and whose space isn't in the global routing tables ... Anyway, anybody falling into the "no more IPv4 addresses" pit in some 18-36 months is at his own fault for not preparing for v6 in time ... Yes it costs money (both for hard/software and time spent), but v4 is a dead man walking, so don't wait until he's strapped down and waiting for the switch to be flicked ... -garry
Nick Hilliard wrote:
Are you saying that revocation shouldn't happen? It means that all assignments are given in perpetuity, unless the holder explicitly hands the address space back. If the address space isn't used, or if the holder disappears, then the address space is lost forever. It's a memory leak which needs to be fixed.
And even with knowing the v4 situation, als RIRs seem to be running into the same trap yet again, eyes closed ... Apart from technical issues (like e.g. no recommendations as to IP usage - do I need to quote people advocating use of /64 for PTP-Transfernetworks? How many machines do they actually expect to see on a Point-to-Point link?) Why not start doing it right while we still can - at least RIPE doesn't have PIv6 yet, so when better to start (and that is for all RIRs) ... Hand out PI only with either a reasonable yearly renewal fee (billed to the user, not the LIR getting it for them), or at least implement an active renewal policy - once a year, a user/company has 3 months to confirm continued use by a simple web interface (should take less than a week's work to program), with 3 final notices reminding them to actively do confirm use. If they don't answer or don't exist anymore, the space is automatically returned to the RIR for reuse (possibly with some internal grace period), as they obviously don't need it anymore. Also, put this in the contract and you're pretty much safe. Is this really so hard to implement? Is there any provider that could be opposed to such a handling? After all, any of you having PA already are in the same position - you pay yearly dues to keep your IP space. The same should apply to already given out PI space, though I do understand the problem of contacting owners of some ancient PI registrations - but maybe some legal advocate could point out whether the requirement to have your RIPE db data up to date could be used as a basis to reclaim IP space from people that can't be contacted and whose space isn't in the global routing tables ... Anyway, anybody falling into the "no more IPv4 addresses" pit in some 18-36 months is at his own fault for not preparing for v6 in time ... Yes it costs money (both for hard/software and time spent), but v4 is a dead man walking, so don't wait until he's strapped down and waiting for the switch to be flicked ... -garry
The same should apply to already given out PI space, though I do understand the problem of contacting owners of some ancient PI registrations - but maybe some legal advocate could point out whether the requirement to have your RIPE db data up to date could be used as a basis to reclaim IP space from people that can't be contacted and whose space isn't in the global routing tables ...
Just for the record (and to show that the Board/RIPE NCC isn't asleep on the job) we are taking legal advice on the best way to go about framing the contact/contract with existing PI address holders if/when 2007-01 reaches consensus. If the legal advice is that there is no realistic way to do this, then we will of course report back to the apwg. I have to record, from a personal point of view that I feel very nervous about going back to existing PI holders and asking them to sign a contract. Whilst accepting all the arguments that this is a good thing, and allows us to garbage collect dead space, I can still see troubles ahead. However, man is born to trouble as the sparks fly upward.... we will plan as best we can. Nigel
I have to record, from a personal point of view that I feel very nervous about going back to existing PI holders and asking them to sign a contract. Whilst accepting all the arguments that this is a good thing, and allows us to garbage collect dead space, I can still see troubles ahead.
thank you. as one of those who think arin's approach to this is insulting and legally unjustified, i would be quite cheered by a more even-handed and less self-righteous example being set by ripe. randy
Randy Bush wrote:
as one of those who think arin's approach to this is insulting and legally unjustified, i would be quite cheered by a more even-handed and less self-righteous example being set by ripe.
The self-righteousness is mine, tyvm. But, you've expressed an opinion that 2007-01 is objectionable. Maybe you could outline what you'd like to see changed? Nick
Hi, On Tue, Jul 15, 2008 at 02:54:58AM -0700, Randy Bush wrote:
as one of those who think arin's approach to this is insulting and legally unjustified, i would be quite cheered by a more even-handed and less self-righteous example being set by ripe.
So what do you propose how to tackle this? (As in "this" being "establish stronger ties to the existing resource holders", to figure out where the resources are today, and possibly reclaim those that have been truly lost). I assume that you don't worry about requiring the contracts for *new* end-user assignments, but only worry about retroactively applying those? (I want to point out that the audience at the last RIPE meeting in Amsterdam explicitely asked Nick Hilliard to change 2007-01 v1 to include existing assignments, which v1 did *not* do. So this is how we arrived here...) Gert Doering -- APWG chair -- Total number of prefixes smaller than registry allocations: 110584 SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279
as one of those who think arin's approach to this is insulting and legally unjustified, i would be quite cheered by a more even-handed and less self-righteous example being set by ripe. So what do you propose how to tackle this?
i was supporting nigel saying that the board was working on a reasonable and fair contractual structure. i have nothing against offering holders of historical space reasonable contracts for keeping whois and rpki certificates and dns delegation. i do have a problem of confiscating their rights if they choose not to sign. instead of escalating threats and breaching the long established contract, perhaps hesitation to sign can be treated as problem in communication and maybe a weakness in common understanding of rights, concerns, ... we are all a community. we do have fairly common interests. perhaps there is a path building on the common ground instead of polarizing and us and them games.
I assume that you don't worry about requiring the contracts for *new* end-user assignments, but only worry about retroactively applying those?
i am more open than that. i hope/think there is a large space for agreement on formalizing the relationship(s) over historical space. take a look at section nine of the arin contract. it is that kind of thing to which i object. randy
take a look at section nine of the arin contract. it is that kind of thing to which i object.
Randy, for the benefit of those people who are unfamiliar with ARIN's procedures, could you provide a URL reference here? Nick
Nick Hilliard wrote:
take a look at section nine of the arin contract. it is that kind of thing to which i object. for the benefit of those people who are unfamiliar with ARIN's procedures, could you provide a URL reference here?
i just looked at arin's front page, saw the link in big blue on the right hand side, and found the link prominently noted on the linked page. <http://www.arin.net/registration/agreements/legacy_rsa.pdf> randy, why use the web when you have me?
i just looked at arin's front page, saw the link in big blue on the right hand side, and found the link prominently noted on the linked page.
<http://www.arin.net/registration/agreements/legacy_rsa.pdf>
Indeed. In fact, I had downloaded this document a full two minutes before sending my previous email, looked at section 9, decided that it was pretty unobjectionable, and therefore thought that this probably wasn't what you were talking about. Clearly, we find different things objectionable.
randy, why use the web when you have me?
Because we love and trust you more than the web? And also something about semantic analysis of what you mean by "arin contract". There are more than one of these. Seriously, though, you have objections to 2007-01, a subset of which are scattered here and there in the 8 or so emails that you've sent to apwg in the last couple of days. So, for the benefit of everyone, can I repeat my request of earlier this morning: - could you outline all the things that you feel are objectionable in 2007-01? - could you express an opinion of how these should be changed for the better? Nick
Nick Hilliard wrote:
i just looked at arin's front page, saw the link in big blue on the right hand side, and found the link prominently noted on the linked page.
<http://www.arin.net/registration/agreements/legacy_rsa.pdf>
Indeed. In fact, I had downloaded this document a full two minutes before sending my previous email, looked at section 9, decided that it was pretty unobjectionable, and therefore thought that this probably wasn't what you were talking about. Clearly, we find different things objectionable. I guess this is because that some early registration holders did get the address space without such a clause.
-hph
* Randy Bush:
i just looked at arin's front page, saw the link in big blue on the right hand side, and found the link prominently noted on the linked page.
<http://www.arin.net/registration/agreements/legacy_rsa.pdf>
Is this the "no property rights" section? | 9. NO PROPERTY RIGHTS | Legacy Applicant acknowledges and agrees that the number resources | are not property (real, personal, or intellectual) and that Legacy | Applicant does not have any property rights in or to the Included | Number Resources, including but not limited by this Legacy Agreement | or the prior issuance of these resources to it. Legacy Applicant | further agrees that it will not attempt, directly or indirectly, to | obtain or assert any trademark, service mark, copyright, or any other | form of property rights in any included number resources in the | United States or any other country. I thought that this was somehow part of the assignment rules in the RIPE region, but I can;t find it in the relevant documents. Am I wrong?
Randy Bush wrote:
i was supporting nigel saying that the board was working on a reasonable and fair contractual structure. i have nothing against offering holders of historical space reasonable contracts for keeping whois and rpki certificates and dns delegation.
I am hoping fervently that we can come up with something fair and just (for some definition of those two words). And I thank you, Randy, for your support. Nigel
take a look at section nine of the arin contract. it is that kind of thing to which i object.
9. NO PROPERTY RIGHTS Legacy Applicant acknowledges and agrees that the number resources are not property (real, personal, or intellectual) and that Legacy Applicant does not have any property rights in or to the Included Number Resources, including but not limited by this Legacy Agreement or the prior issuance of these resources to it. Legacy Applicant further agrees that it will not attempt, directly or indirectly, to obtain or assert any trademark, service mark, copyright, or any other form of property rights in any included number resources in the United States or any other country. This is identical to section 9 of the normal ARIN RSA and it is consistent with RFC 2050 as well. Why do you object? --Michael Dillon <http://www.arin.net/registration/agreements/legacy_rsa.pdf> <http://www.arin.net/registration/agreements/rsa.pdf>
Shane and all, Good point IF whomever will sign. IF not, than how does anyone expect bad IP's from being routed anyway or stolen for that matter? Shane Kerr wrote:
On Fri, Jul 11, 2008 at 04:58:41PM +0900, Randy Bush wrote:
What would you propose the RIPE NCC do with revoked address space assignments? Should they just keep them in a "sin bin" or should they allocate or assign the address space to other network operators?
sell them at a price high enough to pay for some extremely large lawyer bills.
Why would there be large lawyer bills? Wouldn't it be much, MUCH cheaper to simply sign a contract with the RIPE NCC saying "I am the assignee of this space" rather than spend money on laywers?
-- Shane
Regards, Spokesman for INEGroup LLA. - (Over 281k members/stakeholders strong!) "Obedience of the law is the greatest freedom" - Abraham Lincoln "Credit should go with the performance of duty and not with what is very often the accident of glory" - Theodore Roosevelt "If the probability be called P; the injury, L; and the burden, B; liability depends upon whether B is less than L multiplied by P: i.e., whether B is less than PL." United States v. Carroll Towing (159 F.2d 169 [2d Cir. 1947] =============================================================== Updated 1/26/04 CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS. div. of Information Network Eng. INEG. INC. ABA member in good standing member ID 01257402 E-Mail jwkckid1@ix.netcom.com My Phone: 214-244-4827
Leo, On Fri, Jul 11, 2008 at 12:56:11AM -0700, Leo Vegoda wrote:
On 10/07/2008 11:58, "Shane Kerr" <shane@time-travellers.org> wrote:
[...]
If people are unwilling to sign a contract which basically says, "I am using this address space", then take their space back. It's not scary, really.
Revokation is a good thing.
What would you propose the RIPE NCC do with revoked address space assignments? Should they just keep them in a "sin bin" or should they allocate or assign the address space to other network operators?
[ Warning: I should not be attempting to design process in a mailing list, but I can't help myself. :( ] Fortunately there are no secrets in the routing table! So, it is easy to see if any given space is being routed or not. The only time there is a problem is if revoked space is still being routed by someone. If so, then there are reasonable actions that can be taken to stop this, such as calling them and their peers and explaining the space should no longer be routed. Remember, the only thing that a PI address space holder needs to do is sign a contract with the RIPE NCC saying "I am the holder of this PI space", so it should not cause any fuss. Can someone come up with a scenario where this would be difficult or impossible for some individual or organization? Cheers, -- Shane
Remember, the only thing that a PI address space holder needs to do is sign a contract with the RIPE NCC saying "I am the holder of this PI space", so it should not cause any fuss.
perhaps you have not looked at arin's legacy holder agreement. check out section nine, in particular. essentially it says you give up the rights. randy
On Fri, Jul 11, 2008 at 10:11:41PM +0900, Randy Bush wrote:
Remember, the only thing that a PI address space holder needs to do is sign a contract with the RIPE NCC saying "I am the holder of this PI space", so it should not cause any fuss.
perhaps you have not looked at arin's legacy holder agreement. check out section nine, in particular. essentially it says you give up the rights.
No thanks, I don't really have the inclination to waste my time reading legalese. ARIN is way too uptight about legalities, but I guess that reflects the culture of the region. I think the RIPE region is a bit more practical, and we can worry about making the system work better instead of who has what rights and who gets to sue who. And anyway, the current RIPE proposal (2007-01) does not cover legacy space, so I will happily ignore the problem for now. ;) -- Shane
Randy and all, Yes, give up rights. But that doesn't preclude use necessarly now does it? Of course not. So a scheme for reclaiming that PI space seems to be in order that doesn't require legal fees. A daunting task indeed. Randy Bush wrote:
Remember, the only thing that a PI address space holder needs to do is sign a contract with the RIPE NCC saying "I am the holder of this PI space", so it should not cause any fuss.
perhaps you have not looked at arin's legacy holder agreement. check out section nine, in particular. essentially it says you give up the rights.
randy
Regards, Spokesman for INEGroup LLA. - (Over 281k members/stakeholders strong!) "Obedience of the law is the greatest freedom" - Abraham Lincoln "Credit should go with the performance of duty and not with what is very often the accident of glory" - Theodore Roosevelt "If the probability be called P; the injury, L; and the burden, B; liability depends upon whether B is less than L multiplied by P: i.e., whether B is less than PL." United States v. Carroll Towing (159 F.2d 169 [2d Cir. 1947] =============================================================== Updated 1/26/04 CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS. div. of Information Network Eng. INEG. INC. ABA member in good standing member ID 01257402 E-Mail jwkckid1@ix.netcom.com My Phone: 214-244-4827
* Shane Kerr:
Fortunately there are no secrets in the routing table! So, it is easy to see if any given space is being routed or not.
The only time there is a problem is if revoked space is still being routed by someone.
Some address space owners rely the uniqueness property. This applies to 3/8 and 9/8, for example, but I'm sure that it happens on a smaller scale, too.
Florian Weimer wrote:
* Shane Kerr:
Fortunately there are no secrets in the routing table! So, it is easy to see if any given space is being routed or not.
The only time there is a problem is if revoked space is still being routed by someone.
Some address space owners rely the uniqueness property. This applies to 3/8 and 9/8, for example, but I'm sure that it happens on a smaller scale, too.
And, more importantly, PI space that is not publicly routed but must be unique. On behalf of clients in the past I have applied for and had assigned PI space for intra-organisational and/or VPN space. These large, sometimes multinational, companies have public connectivity and use private address space internally and where they need a VPN or secure connection between themselves they do not want that in the public routing tables but cannot use private space. If this space is reclaimed on the simplistic basis of "it wasn't in the public routing table yesterday (or ever)" then reassigned, suddenly the original assignee finds their private and confidetial traffic might start leaking out one of their public connections. Great. Peter
On Sat, 2008-07-12 at 07:58 +0100, Peter Galbavy wrote:
If this space is reclaimed on the simplistic basis of "it wasn't in the public routing table yesterday (or ever)" then reassigned, suddenly the original assignee finds their private and confidetial traffic might start leaking out one of their public connections. Great.
You have a problem if security depends on your network resources not being announced to the outside. Nothing prevents the RIR-community from changing the rules to reclaim un-announced space *if* there is consensus in support for such a move. The legitimacy of private use of allocations is an important issue in that discussion. Poor network security, however, is no excuse. //per
On Jul 12, 2008, at 1:59 AM, Per Heldal wrote:
Nothing prevents the RIR-community from changing the rules to reclaim un-announced space *if* there is consensus in support for such a move.
I'm curious: un-announced to whom?
The legitimacy of private use of allocations is an important issue in that discussion.
Indeed. Regards, -drc
On Sat, 2008-07-12 at 09:54 -0700, David Conrad wrote:
On Jul 12, 2008, at 1:59 AM, Per Heldal wrote:
Nothing prevents the RIR-community from changing the rules to reclaim un-announced space *if* there is consensus in support for such a move.
I'm curious: un-announced to whom?
That's a matter of definition. A definition that would have to be included in such a policy. For the RIPE region one could for example argue that a block that isn't visible to RIS in a given set of locations is not used publicly. //per
Nothing prevents the RIR-community from changing the rules to reclaim un-announced space *if* there is consensus in support for such a move.
There never will be consensus as long as I, and other people from global IP network operators are involved in RIPE policy making. I would say that is a guarantee that there will *NEVER* be any change to addressing policy which would give public Internet usage some kind of priority over private internet usage. My company has an important part of our business, i.e. very important customers, using a global IP internet which is not interconnected to the public Internet. Let me quote from the July 1st issue of Waters magazine, a publication serving the technology side of the global financial services industry: In one of the few categories to remain completely unchanged in this year's rankings, BT Radianz has clinched a fifth successive victory in the race to be the best financial network provider. Since 2004, Waters readers have consistently voted for Radianz and that trend shows no sign of changing just yet. That global IP internet is one of the many non-public internets that are used by multiple companies in one industry or another. Some of these networks are big, like ours, for instance in the automotive industry or in aviation. Others are small and are basically an extranet with a handful of business partners who want to exchange IP traffic but do not want it to transit the public Internet. This is the reality of today, where IP networking technology is ubiquitous. That does not mean that everyone just plugs into the nearest Internet access connectivity. It means that private internets are growing faster, and some day they may be growing collectively faster than the public Internet. --Michael Dillon
Michael and all, Good points, and largely accurate. And indeed the I would contend that due to the nature of the public internet, the private internet with links to the public internet are growing faster than the public internet, and have been for several years. michael.dillon@bt.com wrote:
Nothing prevents the RIR-community from changing the rules to reclaim un-announced space *if* there is consensus in support for such a move.
There never will be consensus as long as I, and other people from global IP network operators are involved in RIPE policy making. I would say that is a guarantee that there will *NEVER* be any change to addressing policy which would give public Internet usage some kind of priority over private internet usage.
My company has an important part of our business, i.e. very important customers, using a global IP internet which is not interconnected to the public Internet. Let me quote from the July 1st issue of Waters magazine, a publication serving the technology side of the global financial services industry:
In one of the few categories to remain completely unchanged in this year's rankings, BT Radianz has clinched a fifth successive victory in the race to be the best financial network provider. Since 2004, Waters readers have consistently voted for Radianz and that trend shows no sign of changing just yet.
That global IP internet is one of the many non-public internets that are used by multiple companies in one industry or another. Some of these networks are big, like ours, for instance in the automotive industry or in aviation. Others are small and are basically an extranet with a handful of business partners who want to exchange IP traffic but do not want it to transit the public Internet.
This is the reality of today, where IP networking technology is ubiquitous. That does not mean that everyone just plugs into the nearest Internet access connectivity. It means that private internets are growing faster, and some day they may be growing collectively faster than the public Internet.
--Michael Dillon
Regards, Spokesman for INEGroup LLA. - (Over 281k members/stakeholders strong!) "Obedience of the law is the greatest freedom" - Abraham Lincoln "Credit should go with the performance of duty and not with what is very often the accident of glory" - Theodore Roosevelt "If the probability be called P; the injury, L; and the burden, B; liability depends upon whether B is less than L multiplied by P: i.e., whether B is less than PL." United States v. Carroll Towing (159 F.2d 169 [2d Cir. 1947] =============================================================== Updated 1/26/04 CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS. div. of Information Network Eng. INEG. INC. ABA member in good standing member ID 01257402 E-Mail jwkckid1@ix.netcom.com My Phone: 214-244-4827
Peter and all, Yep this is and will be a problem. So than they need to apply for additional private space again and hope it hasn't been put in other routing tables, or seek a different solution. FWIW, I can acquire plenty of IPv8 private space that I am very sure isn't in anyones public routing tables. Of course the price is VERY reasonable as well! >:) Routes great on any VPN as well... And amazingly enough those businesses won't have any ICANN, ASO, Ripe, ARIN, APNIC, of AFNIC worries to boot. >:) Additionally, encaptulates IPv4 public IP's and IPv6 IP's seamlessly. >:) With the passing of FISA, I'm getting quite a few new discrete inquiries... So all is not lost, just changing... Ya just can't stop progress, slow it down maybe, but never stop it... Peter Galbavy wrote:
Florian Weimer wrote:
* Shane Kerr:
Fortunately there are no secrets in the routing table! So, it is easy to see if any given space is being routed or not.
The only time there is a problem is if revoked space is still being routed by someone.
Some address space owners rely the uniqueness property. This applies to 3/8 and 9/8, for example, but I'm sure that it happens on a smaller scale, too.
And, more importantly, PI space that is not publicly routed but must be unique. On behalf of clients in the past I have applied for and had assigned PI space for intra-organisational and/or VPN space. These large, sometimes multinational, companies have public connectivity and use private address space internally and where they need a VPN or secure connection between themselves they do not want that in the public routing tables but cannot use private space.
If this space is reclaimed on the simplistic basis of "it wasn't in the public routing table yesterday (or ever)" then reassigned, suddenly the original assignee finds their private and confidetial traffic might start leaking out one of their public connections. Great.
Peter
Regards, Spokesman for INEGroup LLA. - (Over 281k members/stakeholders strong!) "Obedience of the law is the greatest freedom" - Abraham Lincoln "Credit should go with the performance of duty and not with what is very often the accident of glory" - Theodore Roosevelt "If the probability be called P; the injury, L; and the burden, B; liability depends upon whether B is less than L multiplied by P: i.e., whether B is less than PL." United States v. Carroll Towing (159 F.2d 169 [2d Cir. 1947] =============================================================== Updated 1/26/04 CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS. div. of Information Network Eng. INEG. INC. ABA member in good standing member ID 01257402 E-Mail jwkckid1@ix.netcom.com My Phone: 214-244-4827
If this space is reclaimed on the simplistic basis of "it wasn't in the public routing table yesterday (or ever)" then reassigned, suddenly the original assignee finds their private and confidetial traffic might start leaking out one of their public connections. Great.
May I remind everyone involved in writing RIPE policies, that RFC 2050, which was co-authored by Daniel Karrenburg of RIPE, describes the IP address Assignment Framework in section 3. In paragraph 3 a), it says: the organization has no intention of connecting to the Internet-either now or in the future-but it still requires a globally unique IP address. The organization should consider using reserved addresses from RFC1918. If it is determined this is not possible, they can be issued unique (if not Internet routable) IP addresses. This has been a fundamental characteristic of IP addresses since day 1. In the early RFCs, the term Internet was used to refer to all internetworks using the Internet Protocol(IP) because most people assumed universal interconnectivity. But now we know better and the term Internet only refers to the public Internet, not to the various private IP internetworks that exist. Most of the large international IP network providers, offer both Internet access and IP VPN services. Some of those IP VPNs are actually internetworks between many independent companies or organizations as described by Peter Galbavy. The organizations who connect to private internets continue to apply for PI address space (and also PA address space) at RIPE and other RIRs. IP addresses are *NOT* reserved for the exclusive used of the public Internet, but are available for use of any internetwork which uses the Internet Protocol (IP). And if you talk to routing researchers you will learn that the global routing table is a bit of a myth since it is not guaranteed that you will see 100% of publicly announced addresses at any given point in the public Internet. --Michael Dillon
Michael and all, michael.dillon@bt.com wrote:
If this space is reclaimed on the simplistic basis of "it wasn't in the public routing table yesterday (or ever)" then reassigned, suddenly the original assignee finds their private and confidetial traffic might start leaking out one of their public connections. Great.
May I remind everyone involved in writing RIPE policies, that RFC 2050, which was co-authored by Daniel Karrenburg of RIPE, describes the IP address Assignment Framework in section 3. In paragraph 3 a), it says:
the organization has no intention of connecting to the Internet-either now or in the future-but it still requires a globally unique IP address. The organization should consider using reserved addresses from RFC1918. If it is determined this is not possible, they can be issued unique (if not Internet routable) IP addresses.
Yes and a not so good policy.
This has been a fundamental characteristic of IP addresses since day 1. In the early RFCs, the term Internet was used to refer to all internetworks using the Internet Protocol(IP) because most people assumed universal interconnectivity. But now we know better and the term Internet only refers to the public Internet, not to the various private IP internetworks that exist. Most of the large international IP network providers, offer both Internet access and IP VPN services. Some of those IP VPNs are actually internetworks between many independent companies or organizations as described by Peter Galbavy.
Peters discription is however not complete, as we now know, and as many have contended sence day 1, was never intended as he discribes it.
The organizations who connect to private internets continue to apply for PI address space (and also PA address space) at RIPE and other RIRs. IP addresses are *NOT* reserved for the exclusive used of the public Internet, but are available for use of any internetwork which uses the Internet Protocol (IP).
And if you talk to routing researchers you will learn that the global routing table is a bit of a myth since it is not guaranteed that you will see 100% of publicly announced addresses at any given point in the public Internet.
Exactly right and therefore presupposes that private PI or PA space wheather public or not are in any routing scheme may or may not reflect the public internet routing policy which is just a fact of the real world.
--Michael Dillon
Regards, Spokesman for INEGroup LLA. - (Over 281k members/stakeholders strong!) "Obedience of the law is the greatest freedom" - Abraham Lincoln "Credit should go with the performance of duty and not with what is very often the accident of glory" - Theodore Roosevelt "If the probability be called P; the injury, L; and the burden, B; liability depends upon whether B is less than L multiplied by P: i.e., whether B is less than PL." United States v. Carroll Towing (159 F.2d 169 [2d Cir. 1947] =============================================================== Updated 1/26/04 CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS. div. of Information Network Eng. INEG. INC. ABA member in good standing member ID 01257402 E-Mail jwkckid1@ix.netcom.com My Phone: 214-244-4827
Jeffrey A. Williams wrote:
Yes and a not so good policy.
An excellent policy, actually. Most "excellent" policies are formulates before greed and commercial interests get a hold; See US Declaration of Independence, early RIPE policies and most RFCs before the IETF happened.
Peters discription is however not complete, as we now know, and as many have contended sence day 1, was never intended as he discribes it.
Er, actually in this context it is and was and hopefully will be. I think I was hanging around in the background when many of these were formulated; not contributing, but drinking the coffee at least. As Michael says the "public" Internet is not completely what the original RFC authors had in mind.
Exactly right and therefore presupposes that private PI or PA space wheather public or not are in any routing scheme may or may not reflect the public internet routing policy which is just a fact of the real world.
Not that simple and probably not true. You are conflating routing between networks (internetworking) and this supposed public infrastructure where a large proportion of the address space is visible in some form. They are not the same and how will you decide who's policy viewpoint is the right one ? Let me guess, a network with a routing policy and a viewpoint you agree with ? Peter
Peter and all Peter Galbavy wrote:
Jeffrey A. Williams wrote:
Yes and a not so good policy.
An excellent policy, actually. Most "excellent" policies are formulates before greed and commercial interests get a hold; See US Declaration of Independence, early RIPE policies and most RFCs before the IETF happened.
Commercial interests already have a hold, and were sense day one eventually going to get a hold. Ergo why this policy was not well thought out. Sorry to disagree here, but I am compeled to do so on practical grounds.
Peters discription is however not complete, as we now know, and as many have contended sence day 1, was never intended as he discribes it.
Er, actually in this context it is and was and hopefully will be. I think I was hanging around in the background when many of these were formulated; not contributing, but drinking the coffee at least. As Michael says the "public" Internet is not completely what the original RFC authors had in mind.
Mixing metaphors here it seems.
Exactly right and therefore presupposes that private PI or PA space wheather public or not are in any routing scheme may or may not reflect the public internet routing policy which is just a fact of the real world.
Not that simple and probably not true. You are conflating routing between networks (internetworking) and this supposed public infrastructure where a large proportion of the address space is visible in some form. They are not the same and how will you decide who's policy viewpoint is the right one ? Let me guess, a network with a routing policy and a viewpoint you agree with ?
Routing and internetworking are intertwined and have to some degree for a very long time now. More in depth is coming wheather or not it is, or is not wise. It's also not a metter if I agree or not, it is a matter of if the majority or providers or various sorts do.
Peter
Regards, Spokesman for INEGroup LLA. - (Over 281k members/stakeholders strong!) "Obedience of the law is the greatest freedom" - Abraham Lincoln "Credit should go with the performance of duty and not with what is very often the accident of glory" - Theodore Roosevelt "If the probability be called P; the injury, L; and the burden, B; liability depends upon whether B is less than L multiplied by P: i.e., whether B is less than PL." United States v. Carroll Towing (159 F.2d 169 [2d Cir. 1947] =============================================================== Updated 1/26/04 CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS. div. of Information Network Eng. INEG. INC. ABA member in good standing member ID 01257402 E-Mail jwkckid1@ix.netcom.com My Phone: 214-244-4827
Michael, Since you quote a work I co-authored, allow me respond: You state correctly that the current policy states that all IPv4 addresses allocated thorugh the Internet registry system according to the relevant policies at the time of allocation are unique regardless of their use. Policies are not natural laws, they can change over time. Usually they change whenever the environment or the requirements change. The operative change in this case is scarcity of unallocated IPv4 addresses which in turn will limit the growth of the Internet and the private IP networks alike. In this particluar case the operators of the Internet, *could* decide to change the uniqueness requirements such that IP addresses allocated via the present RIR system need only be unique as far as they are used on the Internet, for some definition of that. That would mean that IP addresses that were once guaranteed to be globally unique regardless of whether they were used on the Internet or private IP networks would no longer be guaranteed to be globally unique. Such a policy change would need to be designed and implemented carefully in order to enable all actors to make the necessary operational adjustments and to continue to guarantee registration and uniqueness within the newly defined domains. Such adjustments would almost certainly mean that operators of private or not widely announced IP networks would incur costs. On the other hand in the absence of such adjustments the operators of the Internet would incur costs because of the unavailability of IPv4 addresses. I am sure such trade-offs would be discussed vividly within BT. ;-) Responsible policy making will take into account these basic issues and adjust policies where necessary. In this particular case it is important to consider the likelihood of un-coordinated use of IPv4 addresses which are allocated but not widely used on the Internet and the associated operational costs as well as the consequential loss of credibility of the Internet registry system. Blindly insisting on the status-quo in the face of a changing environment is never helpful and often counter-productive. So I encourage those that favour "reclamation" propose concrete policies which take into account the issues which Michael raises. Making the right trade-offs is the art here. Most requirements are not as absolute as they may appear at first. One avenue to proceed could be to create multiple IPv4 address space registries ... boxes inside Pandora's ? Daniel
Such adjustments would almost certainly mean that operators of private or not widely announced IP networks would incur costs. On the other hand in the absence of such adjustments the operators of the Internet would incur costs because of the unavailability of IPv4 addresses.
Bottom line is that there are no operators of private networks who are not also operators of the Internet.
I am sure such trade-offs would be discussed vividly within BT. ;-)
And within Equant/Orange, and Deutsche Telekom and MCI/Verizon and Savvis and all the other operators who run both private IP networks and public IP networks.
Responsible policy making will take into account these basic issues and adjust policies where necessary.
That's why I raised the issue. Also, please don't assume that I am trying to put BT's interests forward here. I'm not. I am trying to put forward the interests of BT's customers who rely on these globally unique registered IP addresses but who rarely have a voice in RIPE or other RIRs.
In this particular case it is important to consider the likelihood of un-coordinated use of IPv4 addresses which are allocated but not widely used on the Internet and the associated operational costs as well as the consequential loss of credibility of the Internet registry system.
The likelihood is 100% and it has been going on for at least 10 years that I know about. Some people rely on globally unique registered IP addresses and others are happy if they can use addresses that aren't being used by anybody else in their region, or that are on a network that is separate in some way. An RIR registration gives you the right to use certain addresses, but it does not prohibit anybody else from using the same addresses. Same thing goes for AS numbers such as AS 54271.
Blindly insisting on the status-quo in the face of a changing environment is never helpful and often counter-productive.
I assure you that I have given this matter a lot of thought, and I continue to find IPv6 deployment superior to all the proposals for a heroic last gasp of IPv4.
So I encourage those that favour "reclamation" propose concrete policies which take into account the issues which Michael raises.
That is the core of my argument. Most people making policy change proposals are thinking only of the public Internet and are only trying to create something that helps ISPs. But IP addresses and the IP technology suite are not just there for the benefit of ISPs. There is a broader community that relies on this network technology and it is no solution at all if a policy change cuts off some part of the larger community.
One avenue to proceed could be to create multiple IPv4 address space registries ... boxes inside Pandora's ?
It is proven technology. A few years ago I set up a server in the UK which used IP addresses that Afrinic has assigned to a company in Morocco. Internet access worked fine and I downloaded software upgrades and browsed Google and various websites. NAT makes sinning profitable. But, you always have to ask this question. If I am going to spend some money to implement NAT, why not implement NAT-PT and insure that the investment helps me into the brave new world of IPv6, instead of spending money that backs me into a corner with IPv4 NAT? --Michael Dillon
michael.dillon@bt.com wrote:
Bottom line is that there are no operators of private networks who are not also operators of the Internet.
I see no reason to believe this statement or to feel that it has any relevance to 2007-01. PI number assignments are/were made on the basis of technical justification, not on the basis of whether they are used on the Internet (with a capital "I" - whatever that means).
some way. An RIR registration gives you the right to use certain addresses, but it does not prohibit anybody else from using the same addresses. Same thing goes for AS numbers such as AS 54271.
An RIR does not give you a right to use address resources. You have the right to use any address you want, where-ever you want. You think I can't use BT address space on my lab network if I want to, along with AS5400?? Just you wait and see! The RIRs are merely clearing-houses which state that if you abide by their rules, that they will also abide by their rules. One of these rules states that if they associate certain addresses with your name, the RIR will not associate those addresses with anyone else's name. The RIPE NCC is not the police, a deity or anything else. It's merely an trusted third party registration agency. And we are all just part of a community which benefits from agreeing to a consistent set of procedures which is maintained by the RIPE NCC.
That is the core of my argument. Most people making policy change proposals are thinking only of the public Internet and are only trying to create something that helps ISPs.
Look, can we be quite clear here: 2007-01 makes no statement directly or indirectly about whether address resources are used on any particular network, whether that be the Internet-with-a-capital-I, your granny's wifi network at home or my BT-lookalike lab network. It merely states that new and continued registration of certain types of provider independent address resources is contingent on entering into a direct or indirect contractual relationship with the RIPE NCC. No more, no less. Nick -- Network Ability Ltd. | Head of Operations | Tel: +353 1 6169698 3 Westland Square | INEX - Internet Neutral | Fax: +353 1 6041981 Dublin 2, Ireland | Exchange Association | Email: nick@inex.ie
On Mon, 14 Jul 2008 17:15:35 +0100, Nick Hilliard <nick@inex.ie> wrote:
It merely states that new and continued registration of certain types of provider independent address resources is contingent on entering into a direct or indirect contractual relationship with the RIPE NCC.
IMHO, it would be useful to include that statement in (or even instead of) the "Summary" at http://www.ripe.net/ripe/policies/proposals/2007-01.html. Moreover, the following text (flagged "ADDITION TO DOCUMENT >>" in http://www.ripe.net/ripe/draft-documents/ripe-424-draft-2007-01-v3.html) needs a heading of its own as its context is clearly wider than what the heading "End Users requesting PI space should be given this or a similar warning" suggests. The policies stated above about the PI address space covers all non PA address space maintained in the RIPE database, except address space marked as Early Registration (ERX) and address space marked as NON-SET. The RIPE community has requested that the RIPE NCC to take necessary steps to make sure that this is realised. In cases where the RIPE NCC cannot locate the End User that is a PI address space assignee within 3 months, the address space will be returned to the RIPE NCC pool and and made available for re-assignment to other End Users. IIRC, this incongruity was already pointed (not by me) out at some stage during RIPE 56. I can't help feeling that the intention to apply the new policy retro-actively is being understated. This very much isn't something that should be finessed, but rather needs to be made abundantly clear. VBR, Niall O'Reilly
Nick and all, Agreed! Well thought out and presented as well. Thank you! Nick Hilliard wrote:
michael.dillon@bt.com wrote:
Bottom line is that there are no operators of private networks who are not also operators of the Internet.
I see no reason to believe this statement or to feel that it has any relevance to 2007-01. PI number assignments are/were made on the basis of technical justification, not on the basis of whether they are used on the Internet (with a capital "I" - whatever that means).
some way. An RIR registration gives you the right to use certain addresses, but it does not prohibit anybody else from using the same addresses. Same thing goes for AS numbers such as AS 54271.
An RIR does not give you a right to use address resources. You have the right to use any address you want, where-ever you want. You think I can't use BT address space on my lab network if I want to, along with AS5400?? Just you wait and see!
The RIRs are merely clearing-houses which state that if you abide by their rules, that they will also abide by their rules. One of these rules states that if they associate certain addresses with your name, the RIR will not associate those addresses with anyone else's name.
The RIPE NCC is not the police, a deity or anything else. It's merely an trusted third party registration agency. And we are all just part of a community which benefits from agreeing to a consistent set of procedures which is maintained by the RIPE NCC.
That is the core of my argument. Most people making policy change proposals are thinking only of the public Internet and are only trying to create something that helps ISPs.
Look, can we be quite clear here: 2007-01 makes no statement directly or indirectly about whether address resources are used on any particular network, whether that be the Internet-with-a-capital-I, your granny's wifi network at home or my BT-lookalike lab network. It merely states that new and continued registration of certain types of provider independent address resources is contingent on entering into a direct or indirect contractual relationship with the RIPE NCC. No more, no less.
Nick -- Network Ability Ltd. | Head of Operations | Tel: +353 1 6169698 3 Westland Square | INEX - Internet Neutral | Fax: +353 1 6041981 Dublin 2, Ireland | Exchange Association | Email: nick@inex.ie
Regards, Spokesman for INEGroup LLA. - (Over 281k members/stakeholders strong!) "Obedience of the law is the greatest freedom" - Abraham Lincoln "Credit should go with the performance of duty and not with what is very often the accident of glory" - Theodore Roosevelt "If the probability be called P; the injury, L; and the burden, B; liability depends upon whether B is less than L multiplied by P: i.e., whether B is less than PL." United States v. Carroll Towing (159 F.2d 169 [2d Cir. 1947] =============================================================== Updated 1/26/04 CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS. div. of Information Network Eng. INEG. INC. ABA member in good standing member ID 01257402 E-Mail jwkckid1@ix.netcom.com My Phone: 214-244-4827
That would mean that IP addresses that were once guaranteed to be globally unique regardless of whether they were used on the Internet or private IP networks would no longer be guaranteed to be globally unique.
not really. that requirement was a very likely enforcable contract. wanna find out? break it. randy
Hi, On Tue, Jul 15, 2008 at 03:23:43AM -0700, Randy Bush wrote:
That would mean that IP addresses that were once guaranteed to be globally unique regardless of whether they were used on the Internet or private IP networks would no longer be guaranteed to be globally unique.
not really. that requirement was a very likely enforcable contract. wanna find out? break it.
Actually this is an interesting side track, so I'll bite - "enforcable contract between *which* two parties"? Especially for "legacy" assignments, done by InterNIC to a company that has been sold and bought 5 times in the meantime... For PA assignments being done under the current RIR system, I agree with you. For PI assignments in the RIPE region (dunno about other regions), it's less clear, because no contracts exist between RIPE NCC and the address holder... Gert Doering -- APWG chair -- Total number of prefixes smaller than registry allocations: 110584 SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279
of course the rules of 'contract' vary between cultures. and i am not a lawyer. i am told that in the states, one does not need paper, it is an exchange with an understanding. e.g. handshakes can be enforced if shown to be unequivocal. i am advised (that is american for i asked a lawyer:) that allocations by the internic had reasonable expectations of uniqueness, long term 'ownership', etc. in our hearts we all pretty much know 98% what the expectation was and still is. and remember, the historical holders, even in ripe's region, received those allocations from the states, from an agency operating under a usg contract, and all that stuff. so maybe finessing these juristictional issues would be worth some friendliness in negotiation a new social contract in the ripe region. :) in the case of arin, there were specific guarantees given to the usg regarding historical space. i happened to be the one doing the presos to the usg to get arin formed (i was a founding board member of arin), so you can look at, for one example, the last bullet on slide nine of <http://rip.psg.com/~randy/970414.fncac.pdf>. i would not want to have to defend in court confiscating someone's property/rights/whayever for which there was any question or doubt. i suspect that the words 'ownerless' and 'revocation' in the $subject would be very hard to define, measure, and defend. perhaps there is another approach to these problems. is not what we really want to have the whois, dns, and rpki for historical space accurate? perhaps there are other approaches to accuracy than confiscation/stealing. randy
Randy Bush said:
of course the rules of 'contract' vary between cultures. and i am not a lawyer. i am told that in the states, one does not need paper, it is an exchange with an understanding. e.g. handshakes can be enforced if shown to be unequivocal.
True. However, at least in England, a contract requires "consideration". That is, each side must be giving something to the other. I have trouble seeing where that is in the case of an IP address allocation. I don't know whether US law recognises the concept or not. In Scotland consideration is not required, so the situation may be different. -- Clive D.W. Feather | Work: <clive@demon.net> | Tel: +44 20 8495 6138 Internet Expert | Home: <clive@davros.org> | Fax: +44 870 051 9937 Demon Internet | WWW: http://www.davros.org | Mobile: +44 7973 377646 THUS plc | |
Especially for "legacy" assignments, done by InterNIC to a company that has been sold and bought 5 times in the meantime...
In the case of ARIN, you have to sign a new Registration Services Agreement if the company name changes. I just went through this for resources registered to CompanyName, Inc. where the network assets are now owned by CompanyName Americas, Inc. Same company name, but ARIN requires the Registration Services Agreement to be formally signed by an officer of the new corporate name. I'm beginning to think that it was simple the *WRONG* decision to try and bundle together the issue of registration services contracts for PI assignments going forward, and migrating existing PI holders into a contractual relationship. I believe we have consensus on requiring a contract to be signed for any future assignments/allocations. --Michael Dillon
Leo Vegoda wrote:
What would you propose the RIPE NCC do with revoked address space assignments? Should they just keep them in a "sin bin" or should they allocate or assign the address space to other network operators?
Phone companies reassign telephone numbers all the time, and people don't get terribly upset by the idea of it. Is there a serious problem with revocation? Re-using scarce resources is something that's going to happen, regardless of 2007-01. Nick -- Network Ability Ltd. | Head of Operations | Tel: +353 1 6169698 3 Westland Square | INEX - Internet Neutral | Fax: +353 1 6041981 Dublin 2, Ireland | Exchange Association | Email: nick@inex.ie
On 14/07/2008 6:36, "Nick Hilliard" <nick@inex.ie> wrote:
Leo Vegoda wrote:
What would you propose the RIPE NCC do with revoked address space assignments? Should they just keep them in a "sin bin" or should they allocate or assign the address space to other network operators?
Phone companies reassign telephone numbers all the time, and people don't get terribly upset by the idea of it.
I'm sure that's covered in the contracts their customers sign. Also, phone companies tend not to reassign numbers to which they continue to provide a service. The RIPE NCC isn't the phone company and its main service is registration, not voice calls. It's a service that many registrants may not realise they receive or benefit from. So while the concept of revoking unused resources is attractive, the practicality of it is awkward.
Is there a serious problem with revocation? Re-using scarce resources is something that's going to happen, regardless of 2007-01.
Of course there will be all sorts of re-use and 'hijacking'. I suspect that a simple transfer policy is the least painful way of minimising the problem. Experience shows that top-down reclamation activities are difficult and slow. Regards, Leo
On Jul 14, 2008, at 1:21 PM, Leo Vegoda wrote:
On 14/07/2008 6:36, "Nick Hilliard" <nick@inex.ie> wrote:
Leo Vegoda wrote:
What would you propose the RIPE NCC do with revoked address space assignments? Should they just keep them in a "sin bin" or should they allocate or assign the address space to other network operators?
Phone companies reassign telephone numbers all the time, and people don't get terribly upset by the idea of it.
I'm sure that's covered in the contracts their customers sign. Also, phone companies tend not to reassign numbers to which they continue to provide a service.
If the phone company called me up and said, "we are changing your phone number starting August 1, have a nice day," I would get pretty upset, and I know a lot of businesses that would get upset. I dare say that some would sue. If, however, I don't pay the phone bill, eventually the number would be reassigned, and that does happen all of the time. That is a much closer analogy to revoked address assignments, and I don't think that they would be a problem to reuse them. It would be reasonable to have a Oldest-Revocation-First queue policy (so that blocks are not immediately reassigned), to provide a margin for the possibility of revocations in error, people who change their minds, etc. I also believe that the phone company does something similar to that. If a company goes out of business, it takes a while before the number gets assigned to someone else. Regards Marshall
The RIPE NCC isn't the phone company and its main service is registration, not voice calls. It's a service that many registrants may not realise they receive or benefit from. So while the concept of revoking unused resources is attractive, the practicality of it is awkward.
Is there a serious problem with revocation? Re-using scarce resources is something that's going to happen, regardless of 2007-01.
Of course there will be all sorts of re-use and 'hijacking'. I suspect that a simple transfer policy is the least painful way of minimising the problem. Experience shows that top-down reclamation activities are difficult and slow.
Regards,
Leo
Marshall Eubanks said:
If the phone company called me up and said, "we are changing your phone number starting August 1, have a nice day," I would get pretty upset, and I know a lot of businesses that would get upset. I dare say that some would sue.
It's happened twice to me at home, and three times in the office. I know you have area code changes in the US. I know these aren't quite analogous, but they involve similar levels of disruption. -- Clive D.W. Feather | Work: <clive@demon.net> | Tel: +44 20 8495 6138 Internet Expert | Home: <clive@davros.org> | Fax: +44 870 051 9937 Demon Internet | WWW: http://www.davros.org | Mobile: +44 7973 377646 THUS plc | |
Nick and all, Yes reassigning of phone numbers is done every day, and it has caused serious problems which is one of several reasons the "Do Not Call List" was established. De-routing of certain IP address blocks is also done every day, and perhaps a "Do not route list" is needed. Nick Hilliard wrote:
Leo Vegoda wrote:
What would you propose the RIPE NCC do with revoked address space assignments? Should they just keep them in a "sin bin" or should they allocate or assign the address space to other network operators?
Phone companies reassign telephone numbers all the time, and people don't get terribly upset by the idea of it. Is there a serious problem with revocation? Re-using scarce resources is something that's going to happen, regardless of 2007-01.
Nick -- Network Ability Ltd. | Head of Operations | Tel: +353 1 6169698 3 Westland Square | INEX - Internet Neutral | Fax: +353 1 6041981 Dublin 2, Ireland | Exchange Association | Email: nick@inex.ie
Regards, Spokesman for INEGroup LLA. - (Over 281k members/stakeholders strong!) "Obedience of the law is the greatest freedom" - Abraham Lincoln "Credit should go with the performance of duty and not with what is very often the accident of glory" - Theodore Roosevelt "If the probability be called P; the injury, L; and the burden, B; liability depends upon whether B is less than L multiplied by P: i.e., whether B is less than PL." United States v. Carroll Towing (159 F.2d 169 [2d Cir. 1947] =============================================================== Updated 1/26/04 CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS. div. of Information Network Eng. INEG. INC. ABA member in good standing member ID 01257402 E-Mail jwkckid1@ix.netcom.com My Phone: 214-244-4827
* Shane Kerr:
I also don't speak for any member, but I think revoking assignments is a fantastic idea.
In fact, I don't see how it makes sense to do otherwise.
I think it depends on the question whether address space is a scarce resource. Current RIPE policies do not actually treat it as such. And if IPv6 is inevitable, it's not really cost-effective to scrape together legacy resources. You burn through RIPE funds to gain perhaps a year or two during which you can carry on with the legacy assignment processes. But nobody knows how many disputes will occur--it could happen that RIPE NCC believes that it's still got legacy resources distribute, but know wants to touch them with a three-meter pole.
Someone claims to be the authorized user of some addresses. *Nobody* has any relationship wth this person. The only evidence you have is that at one time in the past someone was assigned the addresses.
If there's no other claim to those addresses, what harm is done?
Sure, I can call the people peering with the originator of the advertisement, and see why they are carrying the traffic. They might or might not be willing to give me that information, or privacy or business reasons. Also, all because it is convenient for them to carry the advertisements does not mean somebody else won't do the same thing for the same space for a different originator. And finally, we have a perfectly workable system so I don't *have* to go through this kind of nonsense: the RIR system.
The RIR system does not prevent address space hijacking. I don't think I can call RIPE NCC and demand that they stop it if it affects one of my prefixes. RIPE NCC hasn't got a routing police.
If people are unwilling to sign a contract which basically says, "I am using this address space", then take their space back. It's not scary, really.
We don't know what will be in the contract. I can't envision how many PI-space owners would agree to things like this: | Notice that none of the provider independent resources may be | sub-assigned to a third party | Notice that the resource holder is obliged to pay an annual fee to the | LIR for the resources | A clear statement that the use of resources is subject to RIPE | policies as published on the RIPE web site and which may be amended | from time to time First point seems to imply that I can't run certain services (e.g. hosting) from PI space. Second point requires me to set up billing procedures which might not exist yet. Third point subjects me to the whim of the RIPE processes (which might implement yearly fees payable to RIPE in the future, for instance). I don't think it's a good idea to give resources to end users without any means of contacting them after the assignment. But I think the current proposal is not ready for implementation.
Florian and all, I for one agree with your conclusion. I do have a question. Whom is doing the policing of RIPE's PI space/routing? Is that ICANN/IANA or is such policing done at all? Or are the LIR's supposed to do such policing themselves without oversight? Florian Weimer wrote:
* Shane Kerr:
I also don't speak for any member, but I think revoking assignments is a fantastic idea.
In fact, I don't see how it makes sense to do otherwise.
I think it depends on the question whether address space is a scarce resource. Current RIPE policies do not actually treat it as such. And if IPv6 is inevitable, it's not really cost-effective to scrape together legacy resources. You burn through RIPE funds to gain perhaps a year or two during which you can carry on with the legacy assignment processes. But nobody knows how many disputes will occur--it could happen that RIPE NCC believes that it's still got legacy resources distribute, but know wants to touch them with a three-meter pole.
Someone claims to be the authorized user of some addresses. *Nobody* has any relationship wth this person. The only evidence you have is that at one time in the past someone was assigned the addresses.
If there's no other claim to those addresses, what harm is done?
Sure, I can call the people peering with the originator of the advertisement, and see why they are carrying the traffic. They might or might not be willing to give me that information, or privacy or business reasons. Also, all because it is convenient for them to carry the advertisements does not mean somebody else won't do the same thing for the same space for a different originator. And finally, we have a perfectly workable system so I don't *have* to go through this kind of nonsense: the RIR system.
The RIR system does not prevent address space hijacking. I don't think I can call RIPE NCC and demand that they stop it if it affects one of my prefixes. RIPE NCC hasn't got a routing police.
If people are unwilling to sign a contract which basically says, "I am using this address space", then take their space back. It's not scary, really.
We don't know what will be in the contract. I can't envision how many PI-space owners would agree to things like this:
| Notice that none of the provider independent resources may be | sub-assigned to a third party
| Notice that the resource holder is obliged to pay an annual fee to the | LIR for the resources
| A clear statement that the use of resources is subject to RIPE | policies as published on the RIPE web site and which may be amended | from time to time
First point seems to imply that I can't run certain services (e.g. hosting) from PI space. Second point requires me to set up billing procedures which might not exist yet. Third point subjects me to the whim of the RIPE processes (which might implement yearly fees payable to RIPE in the future, for instance).
I don't think it's a good idea to give resources to end users without any means of contacting them after the assignment. But I think the current proposal is not ready for implementation.
Regards, Spokesman for INEGroup LLA. - (Over 281k members/stakeholders strong!) "Obedience of the law is the greatest freedom" - Abraham Lincoln "Credit should go with the performance of duty and not with what is very often the accident of glory" - Theodore Roosevelt "If the probability be called P; the injury, L; and the burden, B; liability depends upon whether B is less than L multiplied by P: i.e., whether B is less than PL." United States v. Carroll Towing (159 F.2d 169 [2d Cir. 1947] =============================================================== Updated 1/26/04 CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS. div. of Information Network Eng. INEG. INC. ABA member in good standing member ID 01257402 E-Mail jwkckid1@ix.netcom.com My Phone: 214-244-4827
* Jeffrey A. Williams:
I for one agree with your conclusion. I do have a question. Whom is doing the policing of RIPE's PI space/routing?
What kind of policing do you mean?
Florian and all, Routing policing, which was what you earlier on this thread made mantion of that Ripe does not do. So whom does or should? Frankly, I think Ripe should do routhing policing with the IANA oversight and barring the primary legal responsibility. Yet I am sure that the IANA would disagree. Florian Weimer wrote:
* Jeffrey A. Williams:
I for one agree with your conclusion. I do have a question. Whom is doing the policing of RIPE's PI space/routing?
What kind of policing do you mean?
Regards, Spokesman for INEGroup LLA. - (Over 281k members/stakeholders strong!) "Obedience of the law is the greatest freedom" - Abraham Lincoln "Credit should go with the performance of duty and not with what is very often the accident of glory" - Theodore Roosevelt "If the probability be called P; the injury, L; and the burden, B; liability depends upon whether B is less than L multiplied by P: i.e., whether B is less than PL." United States v. Carroll Towing (159 F.2d 169 [2d Cir. 1947] =============================================================== Updated 1/26/04 CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS. div. of Information Network Eng. INEG. INC. ABA member in good standing member ID 01257402 E-Mail jwkckid1@ix.netcom.com My Phone: 214-244-4827
On Fri, 2008-07-11 at 16:43 -0700, Jeffrey A. Williams wrote:
Florian and all,
I for one agree with your conclusion. I do have a question. Whom is doing the policing of RIPE's PI space/routing? Is that ICANN/IANA or is such policing done at all? Or are the LIR's supposed to do such policing themselves without oversight?
Policing is not so important in a regime where the reward for good behaviour is better than what can be achieved by breaking the rules. The community isn't big on penalties. That's why we're struggling so hard to avoid a situation that forces us to use a stick once we're out of carrots. //per
Per and all, Per Heldal wrote:
On Fri, 2008-07-11 at 16:43 -0700, Jeffrey A. Williams wrote:
Florian and all,
I for one agree with your conclusion. I do have a question. Whom is doing the policing of RIPE's PI space/routing? Is that ICANN/IANA or is such policing done at all? Or are the LIR's supposed to do such policing themselves without oversight?
Policing is not so important in a regime where the reward for good behaviour is better than what can be achieved by breaking the rules. The community isn't big on penalties. That's why we're struggling so hard to avoid a situation that forces us to use a stick once we're out of carrots.
//per
Respectfully, I disagree in part. If no stick, carrots are less than useless as if bad behavior goes unchecked and unpunnished, errors and intentional bad behavior remains a threat and will continue to occur as history has already shown us. IP theft is now common place and on the rise as an example. Regards, Spokesman for INEGroup LLA. - (Over 281k members/stakeholders strong!) "Obedience of the law is the greatest freedom" - Abraham Lincoln "Credit should go with the performance of duty and not with what is very often the accident of glory" - Theodore Roosevelt "If the probability be called P; the injury, L; and the burden, B; liability depends upon whether B is less than L multiplied by P: i.e., whether B is less than PL." United States v. Carroll Towing (159 F.2d 169 [2d Cir. 1947] =============================================================== Updated 1/26/04 CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS. div. of Information Network Eng. INEG. INC. ABA member in good standing member ID 01257402 E-Mail jwkckid1@ix.netcom.com My Phone: 214-244-4827
Ana Matic wrote:
PDP Number: 2007-01 Direct Internet Resource Assignments to End Users from the RIPE NCC
Dear Colleagues,
The new version of the proposal described in 2007-01 has now been published and is moved back to Review Period.
Also, the new draft document "Contractual Requirements for Provider Independent Resource Holders in the RIPE NCC Service Region" has been published. This document describes the contractual requirements necessary for End Users of provider independent resources and also speaks to the status of pre-existing assignments.
You can find the full proposal at:
http://ripe.net/ripe/policies/proposals/2007-01.html
and the draft documents at:
I fully support the meaning of this proposal and think it is the right way to make sure that the RIPE DB reflects the real world. However, I think I noticed a small problem in http://ripe.net/ripe/draft-documents/ripe-424-draft-2007-01-v3.html The new text in "9.0 PA vs. PI Address Space" states: |The policies stated above about the PI address space covers all non PA |address space maintained in the RIPE database, except address space |marked as Early Registration (ERX) and address space marked as NON-SET. This somewhat conflicts with: |1.1 Scope | |This document describes the policies for the responsible management of |globally unique IPv4 Internet address space in the RIPE NCC service |region. The policies documented here apply to all IPv4 address space |allocated and assigned by the RIPE NCC. Take 130.83.0.0/16 for example. It is "ASSIGNED PI" now, but it has never been assigned by the RIPE NCC (see RFC 1117, the assignment is first mentioned there). Of course this can easily be fixed, for example by changing the first sentence of the above quoted new text to: The policies stated above about the PI address space covers all non PA address space allocated or assigned by the RIPE NCC and maintained in the RIPE database, ... Marcus -- man-da.de GmbH, AS8365 Phone: +49 6151 16-6956 Petersenstr. 30 Fax: +49 6151 16-3050 D-64287 Darmstadt e-mail: ms@man-da.de Geschäftsführer Dr. Jürgen Ohrnberger AG Darmstadt, HRB 94 84
participants (23)
-
Ana Matic -
Bernhard Schmidt -
Clive D.W. Feather -
Daniel Karrenberg -
David Conrad -
Florian Weimer -
Garry Glendown -
Garry Glendown -
Gert Doering -
Hans Petter Holen -
Jeffrey A. Williams -
Leo Vegoda -
Lutz Donnerhacke -
Marcus Stoegbauer -
Marshall Eubanks -
michael.dillon@bt.com -
Niall O'Reilly -
Nick Hilliard -
Nigel Titley -
Per Heldal -
Peter Galbavy -
Randy Bush -
Sascha Lenz -
Shane Kerr