In a market where IPv4 space will start getting traded outside of the
auspicious of the RIR, in the so called "second market", as we are very
likely to see as IPv4 space depreciates, RR registries are going to become
imperative to prevent the theft of IP space. In order to properly manage
space, these registries are in my opinion not optional, they are
mandatory.
I don't think it is going to possible for the RIRs to control entries to the
RR's any time soon.
Consider this:
1. Most RR's have automated additions/removals of route objects.
2. Many of the large backbones who adopted the use of RR's did so before the
RIRs started offering RR services. The most popular independent one was
probably the Merit RADB, although some backbones also ran RR services.
While it would be really nice if the RIR's had the means to cross-check RR
route object additions against actual allocations, IMO this will never be
entirely practical.
The basis of an allocation is that address space gets re-assigned to
clients. If a client wants to multi-home, they will need to announce part of
their upstream's IP range out of their own ASN. When they add a route
object, it won't correspond to the allocation database. For the RR operator
to validate such route objects, they would need to cross check against SWIP
or RWHOIS records. Basically, it is just going to make the process so
tedious that many backbones simply resort to manually updating filters
rather than dynamic building filters from RR data. That aside, a large
number still prefer to work off manually updated filters today.
Personally I think AfriNIC should offer a RR service, but only because
AfriNIC's real advantage for African LIRs is that it is 'local' to deal
with, runs local training, etc. I've been using the ARIN RR since before
AfriNIC and continue to use it even for new AfriNIC allocations as I'm more
familiar with it than with RIPE. But one could just as easily use the Merit
RADB if ARIN/RIPE/AfriNIC became too prescriptive about RR route object
entries.
IP transfers via stealth have been happening for many years. In fact I think
the RIRs have a pretty good precautionary measures to prevent this. I've
seen a number of disputes around pre-ARIN InterNIC allocations/assignments
that have got nasty because there are no RIR records to trace the history of
admin/tech contacts, organisations assigned to, etc.
At the end of the day, the RR is not designed to give you control of an IP
block, merely to allow backbones to easily trace the contact persons
associated with specific BGP advertisements. In the event of a dispute, this
allows them to contact the person responsible for the advertisement before
simply filtering it. It also helps affected parties make contact and resolve
issues quickly.
Temporary IP grabs for purposes of spamming are probably a much larger issue
right now than stealth IP grabs will be in the future as a result of
scarcity. The former wreaks havoc in a short space of time (blacklisting of
IPs, etc) whilst the latter is generally reversible.
Also remember that attempting to do a stealth IP grab via the RR will leave
a trail of evidence that is extremely useful for the rightful
assignee/allocatee to present when they prosecute you!
_______________________________________________
rpd mailing list
[email protected]
https://lists.afrinic.net/mailman/listinfo.cgi/rpd
