> On Nov 3, 2019, at 13:22 , Jim <mysi...@gmail.com> wrote: > > On Fri, Nov 1, 2019 at 5:17 PM Scott Leibrand <scottleibr...@gmail.com> wrote: >> > [snip]> actually want ARIN to try to enforce. IMO the current policy > requiring only a VPN >> tunnel or unused switch port as a fig leaf to allow address leasing is >> untenable [...] > > Perhaps IP leasing should be allowed, But all consideration must be > declared to ARIN, and 50% of all revenue from any lease or transfer with > consideration must be paid to ARIN specifically to be dedicated to funding > enforcement and fraud prevention efforts. ^_` > > These "Fig leafs" for address leasing sound like basically fraud. > If there's a fig leaf, that's used to conceal a lack of valid justification > under existent policy with intended purpose as merely a device to > circumvent the policy language; its a form of fraud.
The “fig leafs” are artificial connectivity for an essentially non-connected network. This does not necessarily mean that the utilization/need would not be valid under ARIN policy, merely that they wish to get the addresses from party A while getting connectivity (if any) from party B and that for whatever reason, either party A does not wish to sell the addresses or the lessee wishes to lease rather than buy them. Ignoring the purely fraudulent or abusive cases (which abound), let’s consider if there’s a policy mechanism to address these cases which would be legitimate except that current ARIN policy forces an artificial connectivity requirement into the transaction. > At least in theory; > that ought to be rejected in most cases -- just b/c there might be some > allowable applications for IP space that involve VPNs, Etc; does not > mean that arbitrarily creating a VPN, etc, for IP address association > is not fraud. Rejected by whom at what stage of what process? I run a completely legitimate network. It’s entirely valid under ARIN policy and I am using PI space. I originate a /23, a /24, and a /48 to my upstream transit providers. My only connectivity to those upstream transit providers is via tunnels. In one case, the tunnel is within my ASN and I lease a router at the other end of the tunnel for connecting to the ISP (a VM running VyOS). In another case, the tunnels are directly to my ISPs routers. The tunnels run over traditional residential ISP circuits and the internet in order to reach my upstream ISPs. Is there some reason you feel this should be a violation of ARIN policy? (currently, it is not). Is there some reason you feel it should be a violation of ARIN policy if I were to get some addresses from either or both of my upstream ISPs (not the residential ones providing transport services for the tunnels over IP)? (currently, it is not). If your answer to the above two questions is “no”, then I have trouble seeing why we should not consider a legitimate network who wishes to lease addresses from one of the providers and terminate his connectivity with one or more other providers should not be considered equally legitimate. If you feel otherwise, then please explain the distinction. > At the end of the day, any applicant can design some technical > concoction which artificially requires IP addresses. Yes, but that’s not what we are talking about here. In reality, what we are talking about is seeing if there is a way to remove an artificial concocted policy requirement without opening up major abuse potential. > I believe ARIN staff ought to be able to investigate applications for IP > space and consider based on surrounding facts and circumstances — When the applicant is applying to ARIN for transfer or for allocation or assignment, they can. When the applicant is engaged in a private transaction with a third party that is never reported to ARIN, what mechanism is going to make ARIN aware of the transaction and/or the need to investigate? What policy will enable them to do so? Why would a party leasing the address space with no contractual relationship with ARIN cooperate with such an investigation? > Whether there is adequate proof that something looking like a > VPN or Switch port "Fig leaf" has a well-established reason for > existing with a purpose of providing primary or at least equal network > connectivity to other methods of connectivity commercially available to > that service. Or, perhaps instead, we recognize that fig leafs are silly and we look for ways to stop requiring them in situations where they don’t make sense without creating major avenue for abuse (of ARIN policy). Owen _______________________________________________ ARIN-PPML You are receiving this message because you are subscribed to the ARIN Public Policy Mailing List (ARIN-PPML@arin.net). Unsubscribe or manage your mailing list subscription at: https://lists.arin.net/mailman/listinfo/arin-ppml Please contact i...@arin.net if you experience any issues.