Re: External sanity checks

[Siggi Bjarnason]

I've been using Site24x7 for some time now and am very pleased with them,
plus their pricing is very reasonable.

Siggi Bjarnason
si...@bjarnason.us

"In free countries, every man is entitled to express his opinions and every
other man is entitled not to listen."
- G. Norman Collie



On Thu, Feb 3, 2011 at 10:04 AM, Philip Lavine wrote:

> To all,
>
> Does any one know a Vendor (NOT Keynote) that can do sanity checks against
> your web/smtp/ftp farms with pings, traceroutes, latency checks as well as
> application checks (GET, POST, ESMTP, etc)
>
> Thank you,
>
> Philip
>
>
>
>
>
>

Re: quietly....

[Jack Bates]

On 2/5/2011 1:37 AM, Owen DeLong wrote:

Not sure how I feel about a more adaptive version. Sounds like it would be 
better
than the current state, but, I vastly prefer "I pay, you route. If I want 
filtration, I'll
tell you."

I generally agree with you. However, I also believe that every network 
has a responsibility to assist in the overall well being of the Internet 
as well as provide the best service they can to their customers. In 
general, this means maintaining network stability and stopping abuse 
when detected. The slowest and last resort of abuse handling is done by 
an abuse and/or security department responsible for handling complaints. 
Stopping things prior to a complaint (which sometimes don't come at all 
and sometimes is a screaming roar) is even better.


http://www.merit.edu/mail.archives/nanog/2003-01/msg00579.html
http://www.merit.edu/mail.archives/nanog/2003-08/msg00284.html

Eh, you know all of them anyways, and it's taking forever to troll the 
archives. :)


Filtering is an age old argument, though. I wish I could live without 
it, personally.



Jack

Re: External sanity checks

[Ghislain]

Le 05/02/2011 08:59, Siggi Bjarnason a écrit :
> I've been using Site24x7 for some time now and am very pleased with them,
> plus their pricing is very reasonable.

i am very pleased by serverguard24.com services.

-- 

Cordialement,
Ghislain




smime.p7s
Description: S/MIME Cryptographic Signature

Re: quietly....

[Roland Perry]

In article , 
david raistrick  writes
But NAT does have the useful (I think) side effect that I don't have 
to  renumber my network when I change upstream providers - whether 
that's once


But (what I keep being told) you should never have to renumber!  Get PI 
space and insert magic here!


Part of the problem is knowing in advance what ISPs will and won't do. 
It's all very well saying one shouldn't patronise an ISP that blocks 
port 25, for example, but where is that documented before you buy?


[My current 3G supplier blocks port 25 sometimes, I've yet to work out 
the algorithm used, it flips every day or two].


So will the likes of Vodafone and t-mobile support the PI model 
described above?

--
Roland Perry

Re: quietly....

[Roland Perry]

In article <20110204225150.6fac49b2...@drugs.dv.isc.org>, Mark Andrews 
 writes



But NAT does have the useful (I think) side effect that I don't have to
renumber my network when I change upstream providers - whether that's
once every five years like I just did with my ADSL, or once every time
the new ADSL hiccups[1] now that I have a CPE with 3G failover.

[1] Seems to be about weekly, so far.


And that can be pretty much automated these days.  Windows boxes
if you let them will just register their new addresses in the DNS.
MacOS also has the ability to do this as well.  You should be asking
the other vendors for similar support.


And when my vendor is Sipura, or Sony[1], how does an individual small 
enterprise attract their attention and get the features added?


[1] Quite by accident I have three net-connected items of theirs, a 
PS/3, a TV and a mobile phone.

--
Roland Perry

Re: quietly....

[Roland Perry]

In article , Owen 
DeLong  writes



What is important with IPv6 is to teach the generation of hammer-wielding
mechanics who have grown up rarely seeing a screw and never knowing
that there were wrenches that there are new tools available in IPv6.
That screws or nuts and bolts can usually be superior to nails. That screws,
nuts, and bolts work better if you install them with a screw driver or a wrench.
That small brads lack structural integrity and that lag screws or bolts provide
a superior structural hold when installed properly. That attempting to hammer
every screw into a NAT-hole will destroy both the screw and the NAT-hole in
most cases.


This is all very true, but doesn't qualify (for my small-enterprise 
target audience) as "not noticing the difference" when the upstream 
network swaps from IPv4 to IPv6. I wonder what's the best way to get 
them up the necessary learning curve?


[Maybe I should write a book about it]
--
Roland Perry

Re: "Leasing" of space via non-connectivity providers (was: Re: And so it ends... )

[bmanning]

On Thu, Feb 03, 2011 at 04:54:42PM +, John Curran wrote:
> On Feb 3, 2011, at 11:32 AM, Jon Lewis wrote:
> 
> > My point being, the leasing of IP space to non-connectivity customers is 
> > already well established, whether it's technically permitted by the 
> > [ir]relevant RIRs.  I fully expect this to continue and spread. Eventually, 
> > holders of large legacy blocks will realize they can make good money acting 
> > as an LIR, leasing portions of their unused space to people who need it and 
> > can't get it, want it and don't qualify, etc.
> > 
> > These start-up LIRs won't be bound by RIR policies, both because in some 
> > cases they'll be legacy space holders with no RSA with their region's RIR, 
> > and because they won't be worried about eligibility for future RIR 
> > allocations of v4 space...because there won't be any.
> 
> For the ARIN region, it would be nice to know how you'd like ARIN perform
> in the presence of such activity ("leasing" IP addresses by ISP not providing
> connectivity).  It's possible that such is perfectly reasonable and to simply
> be ignored, it's also possible that such should be considered a fraudulent 
> transfer and the resources reclaimed.  At the end of the day, the policy is
> set by this community, and clarity over ambiguity is very helpful.
> 
> Policy proposal process: https://www.arin.net/policy/pdp.html
> 
> Thanks!
> /John
> 
> John Curran
> President and CEO
> ARIN

the practice predates ARIN by many years...  FWIW...

--bill

Re: quietly....

[Owen DeLong]

On Feb 5, 2011, at 1:54 AM, Roland Perry wrote:

> In article , david 
> raistrick  writes
>>> But NAT does have the useful (I think) side effect that I don't have to  
>>> renumber my network when I change upstream providers - whether that's once
>> 
>> But (what I keep being told) you should never have to renumber!  Get PI 
>> space and insert magic here!
> 
> Part of the problem is knowing in advance what ISPs will and won't do. It's 
> all very well saying one shouldn't patronise an ISP that blocks port 25, for 
> example, but where is that documented before you buy?
> 
If they don't document partial internet access blockage in the contract and the 
contract says they are providing internet access, then, they are in breach and 
you are free to depart without a termination fee and in most cases, demand a 
refund for service to date.

(Yes, I have successfully argued this on multiple occasions).

In fact, I get free internet in most of the more expensive hotel environments 
as a result.

> [My current 3G supplier blocks port 25 sometimes, I've yet to work out the 
> algorithm used, it flips every day or two].
> 
> So will the likes of Vodafone and t-mobile support the PI model described 
> above?

I use SPRINT. They used to. They've stopped. Admittedly, I'm not over-fussed 
about email on my phone and I don't use
a tether device at this point.

I mostly expect 3G and 4G networks to be broken internet anyway. I was more 
speaking in terms of land-line providers.

Owen
(Who only depends on his current residential ISPs for L2 transport and doesn't 
know what they block at L3 and up
as long as they don't break GRE)

Re: Post-Exhaustion-phase "punishment" for early adopters

[Ralph J.Mayer]

Hi,

> If you are using your block, why would you worry?
> 
> If not are not using your block, why would you need it?

You may define "using"

Hint: even IPs not pingable from the Internet are being used. Not
everyone is an ISP/Webhoster ... with public services.

-- 
Viele Grüße / Kind Regards / Cordiali Saluti / Met vriendelijke groet


Ralph J.Mayer

xmpp:rma...@vinotech.de  www.vinoblog.de  mailto:rma...@vinotech.de

Re: "Leasing" of space via non-connectivity providers

[John Curran]

On Feb 5, 2011, at 5:57 AM, bmann...@vacation.karoshi.com wrote:
>> For the ARIN region, it would be nice to know how you'd like ARIN perform
>> in the presence of such activity ("leasing" IP addresses by ISP not providing
>> connectivity).  It's possible that such is perfectly reasonable and to simply
>> be ignored, it's also possible that such should be considered a fraudulent 
>> transfer and the resources reclaimed.  At the end of the day, the policy is
>> set by this community, and clarity over ambiguity is very helpful.
>> ...
> 
>the practice predates ARIN by many years...  FWIW...

Good to know; it makes its omission from RFC2050 even more significant and 
highlights the need for clear policy in this area.  Ultimately, the question
is simply how the operator community wishes to have this treated, and there
should be alignment between that consensus and the number resource policy. 

/John

John Curran
President and CEO
ARIN

Re: Using IPv6 with prefixes shorter than a /64 on a LAN

[Mark Andrews]

In message <4d4ca1b1.5060...@brightok.net>, Jack Bates writes:
> On 2/4/2011 6:45 PM, Mark Andrews wrote:
> >
> > I used to work for CSIRO.  Their /16's which were got back in the
> > late 80's will now be /48's.
> 
> That's why I didn't try doing any adjustments of X is the new /32. The 
> whole paradigm changes.

So why the ~!#! are you insisting on comparing IPv4 allocations with IPv6
alocations.

>  Many ISPs devote large amounts of space to 
> single corporate network sites. Those sites will now have a single /48. 
> On the other hand, we currently give /32 to residential customers. They 
> also are getting a /48.
> 
> Which is why the only way to consider address usage from an ISP and RIR 
> perspective is by how it is handed to a standard ISP of a given size. 

There are two sizes.  Those that fit into a /32 and those that don't.
The latter ones have to justify their allocations.

> Originally, ARIN was being overly restrictive and it was "/32 for every 
> ISP". They have loosened up, and will continue to do so (including ISP 
> to ISP) as future proposals come to fruition. So from an ISP 
> perspective, you have to consider your total IPv6 allocation size 
> (within the first 32 bits of IPv6) in comparison to your total IPv4 
> allocations summed.

No.  You need to compare it to the number of customer sites.  If you
have 1 customer with wires going to two locations thats two /48's.
 
> From what I can tell, on average, all ISPs are shifting between 8 and 
> 16 bits to the right from their total IPv4 size depending on their 
> primary customer type (residential ISPs shift less than ISPs that 
> primarily only service corporations).

Residential ISPs shift 16 bits (48-32=16).  You shift less if you
have less than 64000 customers sites and don't get address space
from a larger ISP.  Commercial ISPs shift more as what was multiple
address at one sites becomes 1 /48.

Mark
-- 
Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117,
Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org

Re: quietly....

[Mark Andrews]

In message , Roland Perry writes:
> In article <20110204225150.6fac49b2...@drugs.dv.isc.org>, Mark Andrews 
>  writes
> 
> >> But NAT does have the useful (I think) side effect that I don't have to
> >> renumber my network when I change upstream providers - whether that's
> >> once every five years like I just did with my ADSL, or once every time
> >> the new ADSL hiccups[1] now that I have a CPE with 3G failover.
> >>
> >> [1] Seems to be about weekly, so far.
> >
> >And that can be pretty much automated these days.  Windows boxes
> >if you let them will just register their new addresses in the DNS.
> >MacOS also has the ability to do this as well.  You should be asking
> >the other vendors for similar support.
> 
> And when my vendor is Sipura, or Sony[1], how does an individual small 
> enterprise attract their attention and get the features added?

You return the equipment as not suitable for the advertised purpose
and demand your money back.  Renumbering is expected to occur with
IPv6, part of renumbering is getting the name to address mappings
right.  With DHCP the DHCP server normally does it.  With SLAAC the
host has to do it as there is no other choice.

Here in Australia it is Repair/Replace/Refund if the product purchased
is faulty.  That applies to all products.  If the milk is off when
we get home we go back and get it replaced and if the store is out
of stock we get a refund.  I've returned and had replaced plenty
of stuff over the years.

> [1] Quite by accident I have three net-connected items of theirs, a 
> PS/3, a TV and a mobile phone.
> -- 
> Roland Perry
> 
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org

Re: quietly....

[Mark Andrews]

In message , Roland Perry writes:
> In article , Owen 
> DeLong  writes
> 
> >What is important with IPv6 is to teach the generation of hammer-wielding
> >mechanics who have grown up rarely seeing a screw and never knowing
> >that there were wrenches that there are new tools available in IPv6.
> >That screws or nuts and bolts can usually be superior to nails. That screws,
> >nuts, and bolts work better if you install them with a screw driver or a wre
> nch.
> >That small brads lack structural integrity and that lag screws or bolts prov
> ide
> >a superior structural hold when installed properly. That attempting to hamme
> r
> >every screw into a NAT-hole will destroy both the screw and the NAT-hole in
> >most cases.
> 
> This is all very true, but doesn't qualify (for my small-enterprise 
> target audience) as "not noticing the difference" when the upstream 
> network swaps from IPv4 to IPv6.

It won't be a swap.  Even when the local ISP can only deliver IPv6
they will still be able to get IPv4.  There will be business which
just deliver IPv4 to IPv6 only connected customers whether they
need server support or client support or both.  The software to do
this is already written.

> I wonder what's the best way to get them up the necessary learning curve?

Turn on IPv6 native or tunnel.  Populate the IP6.ARPA space with
individual PTR records for the machines.  Add matching  records.
The outbound side should just work.  Next you add  records for
all the services you offer after testing them.

> [Maybe I should write a book about it]
> -- 
> Roland Perry
> 
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org

Random Port Blocking at Hotels (was: Re: quietly....)

[Joel M Snyder]

> If they don't document partial internet access blockage in the
> contract and the contract says they are providing internet access,
> then, they are in breach and you are free to depart without a
> termination fee and in most cases, demand a refund for service to
> date.

> (Yes, I have successfully argued this on multiple occasions).

> In fact, I get free internet in most of the more expensive hotel
> environments as a result.

It's more likely you get free internet service in expensive hotels 
because the guy/girl behind the front desk has been empowered to cancel 
out a ridiculously high charge for Internet when a guest starts 
jabbering at them about how the Internet didn't work for them for any 
reason, to keep the line moving and to make the guest happy, rather than 
any higher authority hunkering down with the CEO, legal staff, and CTO 
and saying "by God, this Owen character is right, we're in breach of 
contract and his definition of the purity of Internet ports has so 
stunned us with its symmetry and loveliness that we shall bow down and 
sin no more!  Thank you Mr. DeLong from making the blind see again!"


I mean, it's gratifying to think you've won the argument (hence: this is 
why they do it), but you could also have argued that they were giving 
out non-contiguous subnet masks or Class E addresses and it would have 
had the same effect.


Try that next time and let us know how it works.

jms

--
Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719
Senior Partner, Opus One   Phone: +1 520 324 0494
j...@opus1.comhttp://www.opus1.com/jms

Re: Using IPv6 with prefixes shorter than a /64 on a LAN

[Jack Bates]

On 2/5/2011 6:47 AM, Mark Andrews wrote:

So why the ~!#! are you insisting on comparing IPv4 allocations with IPv6
alocations.

Because that is where the comparison must be made, at the RIR allocation 
size/rate level.



There are two sizes. Those that fit into a /32 and those that don't.
The latter ones have to justify their allocations.


Yeah, tell that to the fee schedules.


No. You need to compare it to the number of customer sites. If you
have 1 customer with wires going to two locations thats two /48's.


That's definitely the wrong way to look at it. Sure that's related to 
justification to an RIR to get an allocation, but ISPs will end up with 
much more flexible address space.



Residential ISPs shift 16 bits (48-32=16). You shift less if you
have less than 64000 customers sites and don't get address space
from a larger ISP.  Commercial ISPs shift more as what was multiple
address at one sites becomes 1 /48.



64,000 customer sites isn't required to receive more than a /32 (unless 
a single router makes up your entire network).


Well, I currently have a /30, which is a 14 bit shift right from my /16. 
(30-16=14). In the near future I expect to be somewhere between a /24 
and a /28, which is an 8 to 12 bit shift right from my IPv4 /16 allocation.


Still, that is a considerable number of bits we'll have left when the 
dust settles and the RIR allocation rate drastically slows.


Jack

Re: Random Port Blocking at Hotels (was: Re: quietly....)

[John Levine]

>and saying "by God, this Owen character is right, we're in breach of 
>contract and his definition of the purity of Internet ports has so 
>stunned us with its symmetry and loveliness that we shall bow down and 
>sin no more!  Thank you Mr. DeLong from making the blind see again!"

More likely "uh, oh, we've got a loony one here.  Maybe if I give him
his ten bucks back, he'll go away."

R's,
John

Re: Using IPv6 with prefixes shorter than a /64 on a LAN

[bmanning]

On Sat, Feb 05, 2011 at 11:47:10PM +1100, Mark Andrews wrote:
> 
> In message <4d4ca1b1.5060...@brightok.net>, Jack Bates writes:
> > On 2/4/2011 6:45 PM, Mark Andrews wrote:
> > >
> > > I used to work for CSIRO.  Their /16's which were got back in the
> > > late 80's will now be /48's.
> > 
> > That's why I didn't try doing any adjustments of X is the new /32. The 
> > whole paradigm changes.
> 
> So why the ~!#! are you insisting on comparing IPv4 allocations with IPv6
> alocations.

"..96 more bits - no majik.."

> Mark

--bill

Re: "Leasing" of space via non-connectivity providers

[bmanning]

On Sat, Feb 05, 2011 at 12:40:44PM +, John Curran wrote:
> On Feb 5, 2011, at 5:57 AM, bmann...@vacation.karoshi.com wrote:
> >> For the ARIN region, it would be nice to know how you'd like ARIN perform
> >> in the presence of such activity ("leasing" IP addresses by ISP not 
> >> providing
> >> connectivity).  It's possible that such is perfectly reasonable and to 
> >> simply
> >> be ignored, it's also possible that such should be considered a fraudulent 
> >> transfer and the resources reclaimed.  At the end of the day, the policy is
> >> set by this community, and clarity over ambiguity is very helpful.
> >> ...
> > 
> >the practice predates ARIN by many years...  FWIW...
> 
> Good to know; it makes its omission from RFC2050 even more significant and 
> highlights the need for clear policy in this area.  Ultimately, the question
> is simply how the operator community wishes to have this treated, and there
> should be alignment between that consensus and the number resource policy. 
> 
> /John

as you pointed out back in oh, IETF-29, actual network operators 
don't participate much in the standards setting process so its
no wonder RFC 2050 has (several) "blind-spots" when it comes to 
operational reality.

and pragmatically, I am not sure that one could come to a single
consistent suite of polciy for management of number resource. there's
just too many ways (some conflicting) to use them.  but this might be
a sigma-six outlying POV.  ARIN's community certinly is dominated by
a particular type of network operator.

--bill

Re: "Leasing" of space via non-connectivity providers

[John Curran]

On Feb 5, 2011, at 11:22 AM, bmann...@vacation.karoshi.com wrote:

>as you pointed out back in oh, IETF-29, actual network operators 
>don't participate much in the standards setting process so its
>no wonder RFC 2050 has (several) "blind-spots" when it comes to 
>operational reality.
> 
>and pragmatically, I am not sure that one could come to a single
>consistent suite of polciy for management of number resource. there's
>just too many ways (some conflicting) to use them.  but this might be
>a sigma-six outlying POV.  ARIN's community certinly is dominated by
>a particular type of network operator.

To the extent that the operator community does not participate 
in the open standards setting process in the IETF, and also opts 
not to participate in the open policy development process in the 
Regional Internet Registries, it is indeed challenging to make 
sure that the outcomes meet any operational reality.  

Since the results are useless for everyone if they don't work for 
the operator community, there is obviously pressure to try to fairly 
consider those needs as best understood, but it takes good inputs 
into the system somewhere if we want reasonable outcomes.

(my humble opinion alone)
/John

Re: "Leasing" of space via non-connectivity providers

[Patrick W. Gilmore]

On Feb 5, 2011, at 12:24 PM, John Curran wrote:
> On Feb 5, 2011, at 11:22 AM, bmann...@vacation.karoshi.com wrote:
> 
>>   as you pointed out back in oh, IETF-29, actual network operators 
>>   don't participate much in the standards setting process so its
>>   no wonder RFC 2050 has (several) "blind-spots" when it comes to 
>>   operational reality.
>> 
>>   and pragmatically, I am not sure that one could come to a single
>>   consistent suite of polciy for management of number resource. there's
>>   just too many ways (some conflicting) to use them.  but this might be
>>   a sigma-six outlying POV.  ARIN's community certinly is dominated by
>>   a particular type of network operator.
> 
> To the extent that the operator community does not participate 
> in the open standards setting process in the IETF, and also opts 
> not to participate in the open policy development process in the 
> Regional Internet Registries, it is indeed challenging to make 
> sure that the outcomes meet any operational reality.  

In fairness, Operators are ruled by business needs.  Convincing management that 
we should spend money, time, and effort to change a process which _may_ have 
some relevance to the bottom line in some very obtuse (and completely unrelated 
- by accounting standards) way is difficult at best.

Add to that the fact most companies are squeezing their employees for every 
possible efficiency, and even spending your own time on it becomes difficult.

Despite all that, I agree it is difficult for the process to take operators' 
PoV into account if no operator is giving input.


> Since the results are useless for everyone if they don't work for 
> the operator community, there is obviously pressure to try to fairly 
> consider those needs as best understood, but it takes good inputs 
> into the system somewhere if we want reasonable outcomes.

We appreciate that.

And let's hope the operators will make some attempt at being more involved in 
the process.  (Guess I'll have to subscribe to PPML now, which I have been 
avoiding like the plague for years.)

-- 
TTFN,
patrick

Re: "Leasing" of space via non-connectivity providers (was: Re: And so it ends... )

[Joel Jaeggli]

> 
>the practice predates ARIN by many years...  FWIW...

No reason to play coy... (ep.net)

> --bill
> 

Re: "Leasing" of space via non-connectivity providers

[Bill Woodcock]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Feb 5, 2011, at 11:22 AM, bmann...@vacation.karoshi.com wrote:
> ARIN's community certinly is dominated by a particular type of network 
> operator.

It's dominated by the type of network operator who shows up and participates.

Generally, I hear what you're saying and don't disagree, but this is one of 
those truisms that applies across the whole spectrum of Internet governance: 
constrained-resource allocation, protocol definition, route and capacity 
forecasting, carrier interconnect, what-have-you.  It's the people who sit back 
and say that someone else is doing it who don't get represented and don't get 
their way.  So while I absolutely recognize the phenomenon you're describing 
and wish it were otherwise, the solution is action, not complaint.

-Bill




-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (Darwin)

iEYEARECAAYFAk1NlDkACgkQGvQy4xTRsBF6KACfe+xqvrt8ikLIJme99rLYT1OZ
tQYAoJ+VsUMsui5W6ss++aOXOPEqqoRh
=Cruc
-END PGP SIGNATURE-

Re: "Leasing" of space via non-connectivity providers

[bmanning]

On Sat, Feb 05, 2011 at 12:24:01PM -0500, John Curran wrote:
> On Feb 5, 2011, at 11:22 AM, bmann...@vacation.karoshi.com wrote:
> 
> >as you pointed out back in oh, IETF-29, actual network operators 
> >don't participate much in the standards setting process so its
> >no wonder RFC 2050 has (several) "blind-spots" when it comes to 
> >operational reality.
> > 
> >and pragmatically, I am not sure that one could come to a single
> >consistent suite of polciy for management of number resource. there's
> >just too many ways (some conflicting) to use them.  but this might be
> >a sigma-six outlying POV.  ARIN's community certinly is dominated by
> >a particular type of network operator.
> 
> To the extent that the operator community does not participate 
> in the open standards setting process in the IETF, and also opts 
> not to participate in the open policy development process in the 
> Regional Internet Registries, it is indeed challenging to make 
> sure that the outcomes meet any operational reality.  
> 
> Since the results are useless for everyone if they don't work for 
> the operator community, there is obviously pressure to try to fairly 
> consider those needs as best understood, but it takes good inputs 
> into the system somewhere if we want reasonable outcomes.
> 
> (my humble opinion alone)
> /John

yeah... we are sharing opinions here.. :)

the only analogy i can draw here is one of "land-grant" vs 
"eminent-domain" in the real estate world.  in the case where
an entity recevied an allocation at some point (being justified 
under then then current policy) it is going to take a bit of
work to justify expropriation just 'cause the policy has changed...
unless of course the RIR is willing to pay the fair market value 
to the holder to reclaim the space.

this report suggests that the question is not RIR specific.

http://ciara.fiu.edu/publications/Rubi%20-%20Property%20Rights%20in%20IP%20Numbers.pdf

but thats just me. 

--bill

Re: "Leasing" of space via non-connectivity providers

[bmanning]

On Sat, Feb 05, 2011 at 10:17:29AM -0800, Bill Woodcock wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> On Feb 5, 2011, at 11:22 AM, bmann...@vacation.karoshi.com wrote:
> > ARIN's community certinly is dominated by a particular type of network 
> > operator.
> 
> It's dominated by the type of network operator who shows up and participates.
> 
> Generally, I hear what you're saying and don't disagree, but this is one of 
> those truisms that applies across the whole spectrum of Internet governance: 
> constrained-resource allocation, protocol definition, route and capacity 
> forecasting, carrier interconnect, what-have-you.  It's the people who sit 
> back and say that someone else is doing it who don't get represented and 
> don't get their way.  So while I absolutely recognize the phenomenon you're 
> describing and wish it were otherwise, the solution is action, not complaint.
> 
> -Bill
> 

there is no complaint here bill.  there is simply the observation that 
if I justified an allocation 20 years ago, under the then current 
policy,
that it is, at best, presumptious to presume the power of expropriation
without taking into account the doctrine of eminent domain.  If the 
RIR's and there active members want to take my right to use space away 
- 
I expect to be compensated at fair market value.  I'm pretty sure that 
those arguments are going to be tested in the courts ... 

--bill

Re: "Leasing" of space via non-connectivity providers

[John Curran]

On Feb 5, 2011, at 1:18 PM, bmann...@vacation.karoshi.com wrote:
> 
>   this report suggests that the question is not RIR specific.
>   
> http://ciara.fiu.edu/publications/Rubi%20-%20Property%20Rights%20in%20IP%20Numbers.pdf
>   but thats just me. 

FYI - Also remember to consider the views from papers that have 
actually been peer-reviewed and published (attached)...

/John

> "Legal And Policy Aspects Of Internet Number Resources"  
>  
> Santa Clara Computer & High Technology Law Journal.
> 
> Volume 24
> Issue 2
> Page 335
> 
> Authors: Stephen M. Ryan, Esq. , Raymond A. Plzak , and John Curran 
> 
> http://www.chtlj.org/sites/default/files/media/articles/v024/v024.i2.Ryan.pdf

Re: "Leasing" of space via non-connectivity providers

[John Curran]

On Feb 5, 2011, at 1:27 PM, bmann...@vacation.karoshi.com wrote:

> On Sat, Feb 05, 2011 at 10:17:29AM -0800, Bill Woodcock wrote:
>> ...
>> It's dominated by the type of network operator who shows up and participates.
>> 
>> Generally, I hear what you're saying and don't disagree, but this is one of 
>> those truisms that applies across the whole spectrum of Internet governance: 
>> constrained-resource allocation, protocol definition, route and capacity 
>> forecasting, carrier interconnect, what-have-you.  It's the people who sit 
>> back and say that someone else is doing it who don't get represented and 
>> don't get their way.  So while I absolutely recognize the phenomenon you're 
>> describing and wish it were otherwise, the solution is action, not complaint.
>> 
>>-Bill
> 
>there is no complaint here bill.  there is simply the observation that 
>if I justified an allocation 20 years ago, under the then current policy,
>that it is, at best, presumptious to presume the power of expropriation
>without taking into account the doctrine of eminent domain.  If the 
>RIR's and there active members want to take my right to use space away - 
>I expect to be compensated at fair market value.   ... 

Bill - 

That seems like a particularly strong reason on your part to participate 
in the policy development process.  I happen to believe that the community 
needs to be particularly respectful of the ability of all address holders 
to use their space undisturbed, but at the end of the day we have to run 
according to whatever policies the community develops.

/John

Re: And so it ends...

[James P. Ashton]

John,
 It seams that by stating "Note that ARIN can't allow transfers contrary to the
community-developed policy" that you intend to say that ARIN, based on your 
current policies and processes, will not actively update whois information for 
legacy block holders that either "sub-assign" or "Transfer" segments of their 
legacy space to another entity.

Is this the case?  If so, as many others seam to be asking, do you and the ARIN 
legal representatives, feel that you can actually legally follow this course 
and do you feel that, as you had nothing to do with the assignment of this 
space that you have any real right to deny these services. The community 
expects you to to have a certain quality of information in the database and not 
offering updating services can present operational issues to those of us using 
the database as intended. 

James



- Original Message -
On Feb 3, 2011, at 6:38 PM, Benson Schliesser wrote:

> Having said that, it should be clear that I view ARIN "reclaiming" legacy 
> addresses that aren't under contract (i.e. LRSA) as fraud, perhaps even in 
> the legal sense of the word.  It might also be considered theft by some.  But 
> outright reclaiming from ongoing address holders isn't a big concern of mine, 
> because I doubt ARIN will go far down that path (if it goes at all).  My real 
> concern is that ARIN might refuse to recognize legacy transfers, fail to 
> update the Whois database, issue RPKI inappropriately, and cause real damage 
> to live networks.  This would be bad for the networks that implement ARIN 
> Whois-based policy, of course.  

Benson - 

ARIN provides legacy holders with WHOIS and IN-ADDR services without charge.
If a legacy holder simply wishes to make use of their resources and maintains 
current directory information, ARIN left them fairly undisturbed since its 
formation.  

Via the Legacy RSA, ARIN offers contractual assurances to legacy holders of 
ARIN providing these services, as well as certain protections from reclamation 
and policy changes.  Note that ARIN can't allow transfers contrary to the
community-developed policy, so legacy address holders who wish to do more
then just use their resources (e.g. transfer them) are encouraged to get
involved in the community to create policies that match their needs.

/John

John Curran
President and CEO
ARIN

Re: "Leasing" of space via non-connectivity providers

[Bill Woodcock]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


On Feb 5, 2011, at 10:27 AM, bmann...@vacation.karoshi.com wrote:
> If I justified an allocation 20 years ago, under the then current policy, 
> it's presumptuous to presume the power of expropriation.

No one presumes it, and a lot of us are in the same boat as you, some of the 
addresses we're using predating the RIR system.

That said, there will always be people who will turn up on the mailing list, 
participating in the public policy process, who are not in that boat, and whose 
interests differ significantly, and who will speak in favor of those interests.

And the consensus of the public, the people who participate in the public 
policy process, is what decides 

> If the RIR's and there active members want to take my right to use space 
> away...

This is hyperbole.  The RIRs are not people, they have no desires, other 
perhaps than that of self-perpetuation.

I haven't heard _anyone_, active RIR member or otherwise, suggest that a right 
to _use_ space should be rescinded.  The only thing I've heard even the most 
vehement pro-reclamation people argue in favor of is reclamation of _unused_ 
space.

> I'm pretty sure that those arguments are going to be tested in the courts.


And ultimately, the courts uphold community standards.  Which is what the 
public expects.  If the community uses the public policy process to set a 
standard that you cannot meet, it's very _very_ unlikely that a court would 
side with you in the long term.  The community we live in generally believes 
that paint shouldn't have lead in it, and cars should have seatbelts, and 
people shouldn't beat their children when they get frustrated, and although 
each of those things was deemed a god-given right at one time, the courts would 
not side with someone who did any of them, anymore.

So I think the two questions here are whether you really have a grievance (I 
don't believe you do, since you haven't described a problem that many of the 
rest of us wouldn't also face), and if so, whether and how you can better your 
lot (and I think the answer to that is to participate in the public policy 
process and help establish community norms that you're comfortable with, rather 
than hoping that a court will buck the tide).

-Bill




-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (Darwin)

iEYEARECAAYFAk1NnmwACgkQGvQy4xTRsBHqBACdG/EB0mn2C/kd7tANzBVpBUbG
EO8AoJu0gXNrNy3OMy88dsz10B9cWUUf
=jhkb
-END PGP SIGNATURE-

Re: And so it ends...

[John Curran]

James -

ARIN allows legacy holders to update their registration information, in 
fact, we even allow such via ARIN Online.  No agreement is required with ARIN; 
we provide this service as well as WHOIS and reverse DNS without charge.

 If you no longer want to use your address space, you may return it, or 
transfer according to the community developed policies.

/John

John Curran
President and CEO
ARIN

On Feb 5, 2011, at 1:54 PM, "James P. Ashton"  wrote:

> John,
> It seams that by stating "Note that ARIN can't allow transfers contrary to the
> community-developed policy" that you intend to say that ARIN, based on your 
> current policies and processes, will not actively update whois information 
> for legacy block holders that either "sub-assign" or "Transfer" segments of 
> their legacy space to another entity.
> 
> Is this the case?  If so, as many others seam to be asking, do you and the 
> ARIN legal representatives, feel that you can actually legally follow this 
> course and do you feel that, as you had nothing to do with the assignment of 
> this space that you have any real right to deny these services. The community 
> expects you to to have a certain quality of information in the database and 
> not offering updating services can present operational issues to those of us 
> using the database as intended. 
> 
> James
> 
> 
> 
> - Original Message -
> On Feb 3, 2011, at 6:38 PM, Benson Schliesser wrote:
> 
>> Having said that, it should be clear that I view ARIN "reclaiming" legacy 
>> addresses that aren't under contract (i.e. LRSA) as fraud, perhaps even in 
>> the legal sense of the word.  It might also be considered theft by some.  
>> But outright reclaiming from ongoing address holders isn't a big concern of 
>> mine, because I doubt ARIN will go far down that path (if it goes at all).  
>> My real concern is that ARIN might refuse to recognize legacy transfers, 
>> fail to update the Whois database, issue RPKI inappropriately, and cause 
>> real damage to live networks.  This would be bad for the networks that 
>> implement ARIN Whois-based policy, of course.  
> 
> Benson - 
> 
> ARIN provides legacy holders with WHOIS and IN-ADDR services without charge.
> If a legacy holder simply wishes to make use of their resources and maintains 
> current directory information, ARIN left them fairly undisturbed since its 
> formation.  
> 
> Via the Legacy RSA, ARIN offers contractual assurances to legacy holders of 
> ARIN providing these services, as well as certain protections from 
> reclamation 
> and policy changes.  Note that ARIN can't allow transfers contrary to the
> community-developed policy, so legacy address holders who wish to do more
> then just use their resources (e.g. transfer them) are encouraged to get
> involved in the community to create policies that match their needs.
> 
> /John
> 
> John Curran
> President and CEO
> ARIN
> 
> 

Re: "Leasing" of space via non-connectivity providers

[bmanning]

On Sat, Feb 05, 2011 at 11:01:00AM -0800, Bill Woodcock wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> 
> On Feb 5, 2011, at 10:27 AM, bmann...@vacation.karoshi.com wrote:
> > If I justified an allocation 20 years ago, under the then current policy, 
> > it's presumptuous to presume the power of expropriation.
> 
> No one presumes it, and a lot of us are in the same boat as you, some of the 
> addresses we're using predating the RIR system.
> 
> That said, there will always be people who will turn up on the mailing list, 
> participating in the public policy process, who are not in that boat, and 
> whose interests differ significantly, and who will speak in favor of those 
> interests.

yup... said that earlier.

> And the consensus of the public, the people who participate in the public 
> policy process, is what decides 

decides current policy.  when current policy directly contridicts the 
policies
under which old address space was allocated, which policy trumps?  this 
is where
I suspect there will be legal intervention to instruct/enlighten 
network and
rir practice.

> > If the RIR's and there active members want to take my right to use space 
> > away...
> 
> This is hyperbole.  The RIRs are not people, they have no desires, other 
> perhaps than that of self-perpetuation.

absent people - RIRs are an empty shell... :)
right... their v. there... sorry about that.

> I haven't heard _anyone_, active RIR member or otherwise, suggest that a 
> right to _use_ space should be rescinded.  The only thing I've heard even the 
> most vehement pro-reclamation people argue in favor of is reclamation of 
> _unused_ space.

definition of "used" is not particularly clear and rarely has been.
the most pragmatic has been ... "when a recognized authority has 
delegated
the address space"  --  when that was Postel, or SRI, or NSI, or ARIN, 
or
Dupont, or Rice University, or PCH, or ep.net... doesn't really matter.
it was a recognized authority.  when one authority disputes the rights 
of
another, there is really one one venue for resolution...

> > I'm pretty sure that those arguments are going to be tested in the courts.
> 
> And ultimately, the courts uphold community standards.  Which is what the 
> public expects.  If the community uses the public policy process to set a 
> standard that you cannot meet, it's very _very_ unlikely that a court would 
> side with you in the long term.  The community we live in generally believes 
> that paint shouldn't have lead in it, and cars should have seatbelts, and 
> people shouldn't beat their children when they get frustrated, and although 
> each of those things was deemed a god-given right at one time, the courts 
> would not side with someone who did any of them, anymore.

which is where we end up w/ the doctrine of eminent domain.  
and legacy/historical values do have some recognition in courts...
my Ford Model T doesn't have seat belts... :)


> 
> So I think the two questions here are whether you really have a grievance (I 
> don't believe you do, since you haven't described a problem that many of the 
> rest of us wouldn't also face), and if so, whether and how you can better 
> your lot (and I think the answer to that is to participate in the public 
> policy process and help establish community norms that you're comfortable 
> with, rather than hoping that a court will buck the tide).

of course I don't have a grievance... thats your allergic reaction :)
as to your point of changing policy - sure, i could do that and i hope 
people become engaged... HOWEVER - I am not persuaded that a single 
policy
framework will be applicable to all users of IP space... so n matter 
what
current ARIN policy is - its not likely to be an exact match to the 
number 
resource policies of DuPont, or DoD, or Ohio State, or Google, or 
Nintendo, 
Toyota, PCH, or Bills Bait & Sushi.  Nor can it ever be.

Of course ARIN has every right to maintain its database (whois) in any 
way
that it sees fit and how its members dictate - but unless the rights of 
all players are acknowledged/respected - I think ARIN is in danger of 
losing
relevence.

And that would be a great loss.

--bill

Re: "Leasing" of space via non-connectivity providers

[Owen DeLong]

On Feb 5, 2011, at 10:27 AM, bmann...@vacation.karoshi.com wrote:

> On Sat, Feb 05, 2011 at 10:17:29AM -0800, Bill Woodcock wrote:
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA1
>> 
>> On Feb 5, 2011, at 11:22 AM, bmann...@vacation.karoshi.com wrote:
>>> ARIN's community certinly is dominated by a particular type of network 
>>> operator.
>> 
>> It's dominated by the type of network operator who shows up and participates.
>> 
>> Generally, I hear what you're saying and don't disagree, but this is one of 
>> those truisms that applies across the whole spectrum of Internet governance: 
>> constrained-resource allocation, protocol definition, route and capacity 
>> forecasting, carrier interconnect, what-have-you.  It's the people who sit 
>> back and say that someone else is doing it who don't get represented and 
>> don't get their way.  So while I absolutely recognize the phenomenon you're 
>> describing and wish it were otherwise, the solution is action, not complaint.
>> 
>>-Bill
>> 
> 
>   there is no complaint here bill.  there is simply the observation that 
>   if I justified an allocation 20 years ago, under the then current 
> policy,
>   that it is, at best, presumptious to presume the power of expropriation
>   without taking into account the doctrine of eminent domain.  If the 
>   RIR's and there active members want to take my right to use space away 
> - 
>   I expect to be compensated at fair market value.  I'm pretty sure that 
>   those arguments are going to be tested in the courts ... 
> 
> --bill

Bill,

The RIRs can't take your right to do anything away, including your right
to run a competing registry in which you are the sole recipient of 0.0.0.0/2 if 
you
like.

What the RIRs MIGHT do (and note that I would not support such action)
is terminate registration services for those that have no contract with the
RIR. Once they have done that, they are free to register the uniqueness
of numbers previously registered as a free service to those without
contracts to others who do have contracts.

Whether or not anyone in the outside world makes use of that registration
data is a matter of independent decision on the part of each consumer
of registration data.

Your right to use a particular set of addresses on a particular network is
not granted by any RIR. It is granted by the people who run the routers
on that network. It is up to the operators of each individual network to
choose which network numbers they route and to whom.

The fact that a very large number of network operators use the data
contained in the RIR system in a cooperative manner is convenient
and makes the internet substantially more useful than I can imagine
it would be under alternative scenarios. However, that does not mean
that the RIRs are granting any sort of license, right to use, or ownership.
Nor does it mean that terminating a registration constitutes taking away
such a grant that was never given.

Owen

Re: "Leasing" of space via non-connectivity providers

[John Curran]

On Feb 5, 2011, at 2:33 PM, bmann...@vacation.karoshi.com wrote:

>decides current policy.  when current policy directly contridicts the 
> policies
>under which old address space was allocated, which policy trumps?

Bill -

 RFC 2050 is the document which  provides the registry system framework.  
Jon Postel is an author of same, as well as a founder of ARIN.

We've adhered to these principles from RFC 2050 in address management 
without exception, and even in policy development today.

When you speak of the policies of
old allocations, please be specific.  If they predated Jon, that would indeed 
be quite interesting.

/John

John Curran
President and CEO
ARIN

Re: "Leasing" of space via non-connectivity providers

[Jack Bates]

On 2/5/2011 2:25 PM, Owen DeLong wrote:

Your right to use a particular set of addresses on a particular network is
not granted by any RIR. It is granted by the people who run the routers
on that network. It is up to the operators of each individual network to
choose which network numbers they route and to whom.


Which would become extremely fun in a conflict case like this, as 
depending on which network you asked, they could consider either party 
to be the party that is "hijacking" the space.



Jack

Re: And so it ends...

[Jimmy Hess]

On Sat, Feb 5, 2011 at 1:24 PM, John Curran  wrote:
>    ARIN allows legacy holders to update their registration information, in 
> fact, we even allow such via ARIN Online.  No agreement is required with 
> ARIN; we provide this service as well as WHOIS and reverse DNS without charge.
>     If you no longer want to use your address space, you may return it, or 
> transfer according to the community developed policies.

I think he means to ask:What happens if a legacy registrant (who
has not signed any RSA)
ad-hoc decided on their own that they
have  transferred   some portion of their space (or their entire
address space)  to a different organization
who was not named on the original IANA or  Internic registration,  and
the legacy resource holder
(or transfer recipient) cannot show their transfer was made
with/through the approval of IANA,
Internic, any RIR, etc,  under any legacy policy,   the legacy
registry did not reflect it,
 (so there is no existing 'official' record of a transfer).

Does ARIN recognize updates from organizations who claim that some
resources were transferred
to them by a legacy holder  and treat the transfer recipient as a
valid legacy resource holder?

Particularly  in difficult  cases where the original legacy
resource holder is completely defunct; the
original organization named in the IANA or Internic registration might
have moved  (where multiple
organizations have similar names), be bankrupt, have merged, or
renamed itself,
no longer able to be contacted, and the "claimed holder"  might be
claiming the entire legacy
allocation was  transferred to them  (without WHOIS ever being updated) ?


Does ARIN recognize all transfers claimed by the verifiable original
legacy resource holder
and treat transfers they claim to have made as valid?  Or is some
proof required that any transfer
was made before ARIN existed  (if an ARIN transfer policy was not followed)?


Will they be allowed to update ARIN to reflect their  ad-hoc
"transfer"   (which did not occur
in a way that is valid under any current ARIN policy).


*Since ARIN policy at the current time requires specified transfers be
made through ARIN,
and  the recipient of address has to meet a utilization criterion.
No ad-hoc transfers would seem to be allowed by current ARIN policies,
except non-permanent reassignments.


For example, if a legacy registrant with a /8  decided  "One
particular /24  somewhere in the middle of
the assignment now permanently  belongs to   $OTHER_ENTITY"   Will
ARIN allow them to
update WHOIS with that, and from then on  treat $OTHER_ENTIY as a
legacy holder of that
one /24...
with $ORIGINAL_ENTITY treated as a legacy holder who 'owns' all the /8
 except one /24 ?


Will ARIN allow the legacy resource holder to indicate  "We have
(non-permanently) reallocated or
 sub-delegated such and such /24  to  $OTHER_ENTITY"
Even if the legacy holder  when obtaining the /8was an "end user"
(and not an ISP)
when they obtained their legacy resources?


> /John
> John Curran
> President and CEO
> ARIN

--
-JH

Re: "Leasing" of space via non-connectivity providers

[John Levine]

>> Your right to use a particular set of addresses on a particular
>> network is not granted by any RIR.

As far as I know, there's no case law about address space assignments.

There's been a bunch of cases where someone stole address space by
pretending to be the original assignee, like the SF Bay Packet Radio
case in 2008, but as far as I know, the ones that have been resolved
were resolved without a court's help.  There's also plenty of stolen
address space still in use by the party that stole it.

If there have been cases with a willing seller and a willing buyer
where ARIN has refused to update WHOIS or rDNS, I'd be interested to
hear about them.

R's,
John

Re: And so it ends...

[Jack Bates]

On 2/5/2011 4:53 PM, Jimmy Hess wrote:

*Since ARIN policy at the current time requires specified transfers be
made through ARIN,
and  the recipient of address has to meet a utilization criterion.
No ad-hoc transfers would seem to be allowed by current ARIN policies,
except non-permanent reassignments.


I think ARIN's stance is they can update whois and issue 
reallocations/assignment information into whois based on their Legacy 
status. If they want to permanently give their space to someone else, 
documentation wise, the most they can do is allocate the entire space to 
the other person. They are still considered the primary holder and the 
only thing that makes it "permanent" is the contract signed between them 
and the other party.


Given the reallocation, I'm sure the receiving party also can update whois.

Jack

Re: "Leasing" of space via non-connectivity providers

[Jack Bates]

On 2/5/2011 5:06 PM, John Levine wrote:

If there have been cases with a willing seller and a willing buyer
where ARIN has refused to update WHOIS or rDNS, I'd be interested to
hear about them.


Isn't it moot when you can reallocate the entire block to the other 
party? Contractual agreements of the sale would enforce the inability to 
reclaim or remove the reallocation.


Jack

RE: "Leasing" of space via non-connectivity providers

[Aaron Wendel]

How can someone steal something from you that you don’t own?

 

 

 

From: John Levine [mailto:jo...@iecc.com] 
Sent: Saturday, February 05, 2011 5:06 PM
To: nanog@nanog.org
Subject: Re: "Leasing" of space via non-connectivity providers

 

>> Your right to use a particular set of addresses on a particular
>> network is not granted by any RIR.

As far as I know, there's no case law about address space assignments.

There's been a bunch of cases where someone stole address space by
pretending to be the original assignee, like the SF Bay Packet Radio
case in 2008, but as far as I know, the ones that have been resolved
were resolved without a court's help.  There's also plenty of stolen
address space still in use by the party that stole it.

If there have been cases with a willing seller and a willing buyer
where ARIN has refused to update WHOIS or rDNS, I'd be interested to
hear about them.

R's,
John

  _  

No virus found in this message.
Checked by AVG - www.avg.com
Version: 10.0.1204 / Virus Database: 1435/3424 - Release Date: 02/05/11

Re: "Leasing" of space via non-connectivity providers

[John R. Levine]

If there have been cases with a willing seller and a willing buyer
where ARIN has refused to update WHOIS or rDNS, I'd be interested to
hear about them.


Isn't it moot when you can reallocate the entire block to the other party? 
Contractual agreements of the sale would enforce the inability to reclaim or 
remove the reallocation.


If the user doesn't match what's in WHOIS, a lot of people will assume 
that the block is hijacked.


Regards,
John Levine, jo...@iecc.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. http://jl.ly

Re: "Leasing" of space via non-connectivity providers

[John Levine]

In article <0d7e01cbc58a$340347a0$9c09d6e0$@net> you write:
>How can someone steal something from you that you don’t own?

Here in the US, until there is statutory or case law, the question of
whether the people with legacy IP space assignments own that space is
entirely a matter of opinion.  I realize a lot of people have made a
lot of assertions, but anyone can assert anything.

R's,
John

Re: "Leasing" of space via non-connectivity providers

[Jack Bates]

On 2/5/2011 5:25 PM, John R. Levine wrote:


Isn't it moot when you can reallocate the entire block to the other 
party? Contractual agreements of the sale would enforce the inability 
to reclaim or remove the reallocation.


If the user doesn't match what's in WHOIS, a lot of people will assume 
that the block is hijacked.


That's my point. If a legacy holder can update WHOIS, I presume they can 
also just allocate the entire block to someone else. It would reflect 
that in WHOIS, no one would consider it hijacked.



Jack

Re: "Leasing" of space via non-connectivity providers

[William Pitcock]

Hi,

On Sat, 5 Feb 2011 17:12:40 -0600
"Aaron Wendel"  wrote:

> How can someone steal something from you that you don’t own?
> 
> 

Legacy space.  The best example I can think of was Choopa's hijacking
of Erie Forge and Steel's legacy space.  In this case, it was theft as
it was a legacy allocation and therefore "owned" by EFS.

EFS however, did not notice because they were not using the legacy
allocation for anything.

William

Re: "Leasing" of space via non-connectivity providers

[Ernie Rubi]

Good question:

Depends on what kind of address space assignment - if you mean legacy IP space, 
then no there is no case law.  

Kremen v. ARIN (Northern District of CA) is the only case law out there, but it 
is on point only as to 'current' IP space.   In Kremen, the district court went 
only as far as saying that ARIN is the only available source for ‘current’ 
allocations. 

The court, in a motion to amend a prior ex parte order, found an applicant 
seeking IP space “could only receive the number resources if he followed ARIN’s 
procedures, applied for...the resources, and signed ARIN’s standard 
Registration Services Agreement in effect when the resources were issued."

There is no statutory (federal / state) authority on point; other than:

Federal statutory law now makes a felony for anyone to “falsely represent 
oneself to be the registrant...of 5 or more Internet Protocol addresses, and 
intentionally initiate the transmission of multiple commercial electronic mail 
messages from such addresses.”  (See 18 U.S.C.A. § 1037(a)(5), (2003))

Compare this to the well established law on domain name transfers (Anti 
Cybersquatting Protection Act; WIPO Treaties; state and federal cases).

Ernie





On Feb 5, 2011, at 6:06 PM, John Levine wrote:

>>> Your right to use a particular set of addresses on a particular
>>> network is not granted by any RIR.
> 
> As far as I know, there's no case law about address space assignments.
> 
> There's been a bunch of cases where someone stole address space by
> pretending to be the original assignee, like the SF Bay Packet Radio
> case in 2008, but as far as I know, the ones that have been resolved
> were resolved without a court's help.  There's also plenty of stolen
> address space still in use by the party that stole it.
> 
> If there have been cases with a willing seller and a willing buyer
> where ARIN has refused to update WHOIS or rDNS, I'd be interested to
> hear about them.
> 
> R's,
> John

Re: External sanity checks

[Zaid Ali]

On Feb 4, 2011, at 1:36 PM, Franck Martin wrote:

> 
> - Original Message -
>> From: "Paul Graydon" 
>> To: nanog@nanog.org
>> Sent: Friday, 4 February, 2011 8:39:09 AM
>> Subject: Re: External sanity checks
>> On 02/03/2011 08:04 AM, Philip Lavine wrote:
>>> To all,
>>> 
>>> Does any one know a Vendor (NOT Keynote) that can do sanity checks
>>> against your web/smtp/ftp farms with pings, traceroutes, latency
>>> checks as well as application checks (GET, POST, ESMTP, etc)
>>> 
>>> Thank you,
>>> 
>>> Philip
>>> 
>> Slight hijack, I'm interested in the answer to this question, but I'm
>> also wondering about a service that will actually phone you (or is
>> there
>> a reliable text/e-mail->phone call service?) I'd appreciate actually
>> being phoned overnight if something dies drastically to the outside
>> world!
> 
> A bit different, but if you are looking for something that works a bit before 
> the problem becomes visible to the user, check:
> 
> http://www.avonsys.com/Application+Monitoring
> 

I used Avonsys before for monitoring. You can have Keynote, Gomez, homegrown 
tool  etc but you still need someone with clue on how to interpret it, verify 
alerts, find odd performance problems etc. Contact me off list if you want 
reference.

Zaid

Re: "Leasing" of space via non-connectivity providers

[Jon Lewis]

On Sat, 5 Feb 2011, Jack Bates wrote:

That's my point. If a legacy holder can update WHOIS, I presume they can also 
just allocate the entire block to someone else. It would reflect that in 
WHOIS, no one would consider it hijacked.


Does ARIN accept SWIP requests for IPs within legacy space assignments?

--
 Jon Lewis, MCP :)   |  I route
 Senior Network Engineer |  therefore you are
 Atlantic Net|
_ http://www.lewis.org/~jlewis/pgp for PGP public key_

Re: Using IPv6 with prefixes shorter than a /64 on a LAN

[Mark Andrews]

In message <4d4d5ffc.6020...@brightok.net>, Jack Bates writes:
> On 2/5/2011 6:47 AM, Mark Andrews wrote:
> > So why the ~!#! are you insisting on comparing IPv4 allocations with IPv6
> > alocations.
> >
> Because that is where the comparison must be made, at the RIR allocation 
> size/rate level.
> 
> > There are two sizes. Those that fit into a /32 and those that don't.
> > The latter ones have to justify their allocations.
> >
> Yeah, tell that to the fee schedules.
> 
> > No. You need to compare it to the number of customer sites. If you
> > have 1 customer with wires going to two locations thats two /48's.
> 
> That's definitely the wrong way to look at it. Sure that's related to 
> justification to an RIR to get an allocation, but ISPs will end up with 
> much more flexible address space.
> 
> > Residential ISPs shift 16 bits (48-32=16). You shift less if you
> > have less than 64000 customers sites and don't get address space
> > from a larger ISP.  Commercial ISPs shift more as what was multiple
> > address at one sites becomes 1 /48.
> >
> 
> 64,000 customer sites isn't required to receive more than a /32 (unless 
> a single router makes up your entire network).

No, but you still need to have reserved growth space sensibly.  /32 for
a town of 3000 is overkill.

Last assume you are serving a home customers so you were at 1 address
per customer.  You still size your pops based on expected customers
and having some growth room without having to renumber.  n customers
requires f(n) sized block of space.  The only difference with IPv6 is
f(n) << 80 bits to support /48's instead of single addresses.

Expected growth rates in customers don't change because you are
suddenly dealing with IPv6.

> Well, I currently have a /30, which is a 14 bit shift right from my /16. 
> (30-16=14).

And did you change the amount of growth space you allowed for each pop?
Were you already constrained in your IPv4 growth space and just restored
your desired growth margins?

> In the near future I expect to be somewhere between a /24 
> and a /28, which is an 8 to 12 bit shift right from my IPv4 /16 allocation.

Only if you can serve all those customers from that /16.  You are
then not comparing apples to apples.  You are comparing a net with
no growth space (IPv4) to one with growth space (IPv6).

> Still, that is a considerable number of bits we'll have left when the 
> dust settles and the RIR allocation rate drastically slows.
> 
> Jack
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org

Re: Random Port Blocking at Hotels (was: Re: quietly....)

[Mark Andrews]

In message <20110205150005.40621.qm...@joyce.lan>, John Levine writes:
> >and saying "by God, this Owen character is right, we're in breach of 
> >contract and his definition of the purity of Internet ports has so 
> >stunned us with its symmetry and loveliness that we shall bow down and 
> >sin no more!  Thank you Mr. DeLong from making the blind see again!"
> 
> More likely "uh, oh, we've got a loony one here.  Maybe if I give him
> his ten bucks back, he'll go away."
> 
> R's,
> John

I have told a hotel they need to install equipment that supports RA
guard as I've checked out.  This was a hotel that only offered IPv4.

Hotels ask for feedback on their services.  If you see a fault report
it in writing.

Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org

Re: Weekend Gedankenexperiment - The Kill Switch

[Fred Baker]

On Feb 4, 2011, at 9:49 PM, Hayden Katzenellenbogen wrote:

> Not sure if it has been said already but wasn't one of the key point for
> the creation of the internet to create and infrastructure that would
> survive in the case of all out war and massive destruction. (strategic
> nuclear strikes)

Urban legend, although widely believed. Someone probably made the observation.

> Does it not bode ill for "national security" if any party could take out
> a massive communication system by destroying/pressuring a few choke
> points? 

You mean, like drop a couple of trade towers and take out three class five 
switches, causing communication outages throughout New England and New Jersey, 
and affecting places as far away as Chicago?

Nope. Couldn't happen.

More seriously, yes, one could in fact take out any connectivity one wants by 
withdrawing routes (which is reportedly what Egypt did), and if you hit enough 
interchange points that could get serious.

At the risk of sounding naive and pollyanna-ish, we have a few more of those 
interchange points in the US than they have in Egypt. In theory, yes. Making it 
actually happen could be quite an operation.

> -Original Message-
> From: JC Dill [mailto:jcdill.li...@gmail.com] 
> Sent: Thursday, February 03, 2011 11:39 PM
> To: NANOG list
> Subject: Re: Weekend Gedankenexperiment - The Kill Switch
> 
>  On 03/02/11 10:38 PM, Paul Ferguson wrote:
>> 
>> And as an aside, governments will always believe that that they can
> control
>> the flow of information, when push comes to shove.
>> 
>> This has always been a hazard, and will always continue to be so.
>> 
>> As technologists, we need to be cognizant of that fact.
> 
> In the US, by accident (surely not by design) we are lucky that our 
> network of networks does not have the convenient 4 chokepoints that the 
> Egyptian network had, making it easy for the government to shut off the 
> entier internet by putting pressure on just 4 companies.
> 
> Where we *really* need to be fighting this battle is in the laws and 
> policies that are producing a duopoly in much of the US where consumers 
> have 2 choices, the ILEC for DSL or their local cableco for Cable 
> Internet.  As theses companies push smaller competing ISPs out of 
> business, and as they consolidate (e.g. Cablecos buying each other up, 
> resulting in fewer and fewer cablecos over time), we head down the 
> direction of Egypt, where pressure on just a few companies CAN shut down
> 
> the entire internet.  Otherwise we end up with a few companies that will
> 
> play Visa and PayPal and roll over and play dead when a government 
> official says "Wikileaks is bad" - and equally easily will shut down 
> their entire networks for "national security".
> 
> If you *really* believe that the TSA is effective, you would be in favor
> 
> of an Internet Kill Switch.  If you understand that this is really 
> security theater, and despite all the inconvenience we aren't really any
> 
> safer, then you should equally be very concerned that someone ever has 
> the power to order that the internet be "shut down" for our safety.
> 
> jc
> 
> 
> 

Re: Using IPv6 with prefixes shorter than a /64 on a LAN

[Jack Bates]

On 2/5/2011 7:01 PM, Mark Andrews wrote:

And did you change the amount of growth space you allowed for each pop?
Were you already constrained in your IPv4 growth space and just restored
your desired growth margins?

Growth rate has nothing to do with it. ARIN doesn't allow for growth in 
initial assignments. No predictions, no HD-Ratio, and definitely no 
nibble alignments.


Current policy proposal hopes to fix a lot of that.


In the near future I expect to be somewhere between a /24
and a /28, which is an 8 to 12 bit shift right from my IPv4 /16 allocation.

Only if you can serve all those customers from that /16.  You are
then not comparing apples to apples.  You are comparing a net with
no growth space (IPv4) to one with growth space (IPv6).

Not sure I get ya here. I am comparing apples to apples. ARIN gives me a 
/16 of space. There are the same number of /16's in IPv4 as IPv6. 
However, in IPv6, they will allocate a /24 at most to me, and I will 
never exceed that. This shift of 8+ bits is the gains we get shifting 
from IPv4 to IPv6.



Jack

Re: Random Port Blocking at Hotels (was: Re: quietly....)

[Derek J. Balling]

On Feb 5, 2011, at 8:14 PM, Mark Andrews wrote:
> I have told a hotel they need to install equipment that supports RA
> guard as I've checked out.  This was a hotel that only offered IPv4.

Wow... Could that be any more of a waste of yours and their time?

This is like telling the cashier at the hospital when you're being discharged, 
"y'know, I'm not sure that they're using the proper stitch-knot in the ER. You 
should have someone look at that."

Do you honestly think that feedback is even *understood*, let alone passed on 
to anyone even close to the problem?

D

Re: "Leasing" of space via non-connectivity providers

[bmanning]

On Sat, Feb 05, 2011 at 09:12:53PM +, John Curran wrote:
> On Feb 5, 2011, at 2:33 PM, bmann...@vacation.karoshi.com wrote:
> 
> >decides current policy.  when current policy directly contridicts the 
> > policies
> >under which old address space was allocated, which policy trumps?
> 
> Bill -
> 
>  RFC 2050 is the document which  provides the registry system framework.  
> Jon Postel is an author of same, as well as a founder of ARIN.

yup.. i was there when it was written.  what is not clear in that RFC 
is the status and
effect of RFC 2050 (and subsiquent policy built on that foundation) on 
allocations made
-prior- to RFC 2050.  
telling text is here:
"This document describes the IP assignment policies currently used by
the Regional Registries to implement the guidelines developed by the
IANA"

It does not talk to address space allocated to entities from the IANA 
or other
registries prior to the RIRs existance.  

oddly enough, the year prior to RFC 2050 being published, jon asked me 
to run
a specialized address registry for things like exchange points.  that 
service
matched the subject of this thread... we didn't own any 
infrastrucuture, but 
we provided (and successors still provide) neutral address management 
services 
to those who wish it.   it took the RIR system a few years to catch up 
and provide 
a similar service.  


> We've adhered to these principles from RFC 2050 in address management 
> without exception, and even in policy development today.

a firm foundation on which to build.

> When you speak of the policies of
> old allocations, please be specific.  If they predated Jon, that would indeed 
> be quite interesting.

well - jon did point out the butcher-paper agreement, signed by all the 
grad students,
agreeing that jon was the address maven... so anything pre-dating jon 
would be a trick.
(the actual document is in the postel archives ... if you are 
interested...)

i beleive i have produced for ARIN a letter from SRI to me - indicating 
that certain
address blocks were given to me to use.  No reference to an entity 
other than me, no
claim for compliance with "justified need" or "acceptable-use", no 
indication that any 
subsiquant policy would be binding in the future.  Pretty much, "we are 
sorry that you
were forced to renumber 'cause we messed up w/ the 
-connected/unconneted- databases -
please take these blocks as a token of our consideration..."   Doesn't 
sound like RFC 2050 
fodder to me.  

This type of letter flies in the face of current policy; allocations to 
legal entities
that are not natural persons, justified need, requirements to 
periodically check in and
re-affirm usage & compliance  I just think that there are going to 
be turbulent
waters when the ARIN community pushes to hard to force these folk into 
their (narrow)
framework of acceptable use.   I wish it was not so - but I am 
persuaded that it will
be inevitable - given the current course of events.


> 
> /John
> 
> John Curran
> President and CEO
> ARIN

Re: Random Port Blocking at Hotels (was: Re: quietly....)

[John R. Levine]

I have told a hotel they need to install equipment that supports RA
guard as I've checked out.  This was a hotel that only offered IPv4.

Hotels ask for feedback on their services.  If you see a fault report
it in writing.


Sure.  Bet you ten bucks that no hotel in North America offers IPv6 this 
year in the wifi they provide to customers.  (Conference networks don't 
count.)


Regards,
John Levine, jo...@iecc.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. http://jl.ly

Re: Weekend Gedankenexperiment - The Kill Switch

[Dave CROCKER]

On 2/5/2011 6:43 AM, Fred Baker wrote:

On Feb 4, 2011, at 9:49 PM, Hayden Katzenellenbogen wrote:

Not sure if it has been said already but wasn't one of the key point for
the creation of the internet to create and infrastructure that would
survive in the case of all out war and massive destruction. (strategic
nuclear strikes)


Urban legend, although widely believed. Someone probably made the observation.



Maybe not quite an UL...

   

On the average, The Rand Corp is extremely careful about what it publishes, yet 
here it is, repeating the claim.


Back in the '70s, I always heard "survive hostile battlefield conditions" and 
never heard anyone talk about comms survival of a nuclear event, but I wasn't in 
any interesting conversations, such as in front of funding agencies...


d/
--

  Dave Crocker
  Brandenburg InternetWorking
  bbiw.net

RE: Using IPv6 with prefixes shorter than a /64 on a LAN

[Nathan Eisenberg]

> Still, that is a considerable number of bits we'll have left when the dust
> settles and the RIR allocation rate drastically slows.

Like it did for IPv4? ;)

-Nathan

Re: Using IPv6 with prefixes shorter than a /64 on a LAN

[Mark Andrews]

In message <4d4df75e.1040...@brightok.net>, Jack Bates writes:
> On 2/5/2011 7:01 PM, Mark Andrews wrote:
> > And did you change the amount of growth space you allowed for each pop?
> > Were you already constrained in your IPv4 growth space and just restored
> > your desired growth margins?
> >
> Growth rate has nothing to do with it. ARIN doesn't allow for growth in 
> initial assignments. No predictions, no HD-Ratio, and definitely no 
> nibble alignments.
> 
> Current policy proposal hopes to fix a lot of that.
> 
> >> In the near future I expect to be somewhere between a /24
> >> and a /28, which is an 8 to 12 bit shift right from my IPv4 /16 allocation
> .
> > Only if you can serve all those customers from that /16.  You are
> > then not comparing apples to apples.  You are comparing a net with
> > no growth space (IPv4) to one with growth space (IPv6).
>
> Not sure I get ya here. I am comparing apples to apples. ARIN gives me a 
> /16 of space. There are the same number of /16's in IPv4 as IPv6. 
> However, in IPv6, they will allocate a /24 at most to me, and I will 
> never exceed that. This shift of 8+ bits is the gains we get shifting 
> from IPv4 to IPv6.

A IPv4 /16 supports 64000 potential customers.  A IPv6 /32 supports
64000 potential customers.  Either you have changed the customer
estimates or changed the growth space allowances or were using NAT
or 

You don't suddenly need 256 times the amount of space overnight all
other things being equal.  About the only thing I can think of is
you need to advertise 256 routes and you are asking for extra blocks
to get around poorly thought out filtering policies.

A routing slot is a routing slot.  It really doesn't matter if that
slot has a /32 or a /40 or a /48 in it.  They are equally expensive.

If ISPs were being honest and matching IPv4 to IPv6 filtering the
filters would be set a /40 not /32.  By setting the filters to /32
you force the small ISP to ask for up to 256 times as much address
space as they need with absolutely no benefits to anyone just to
get a routing slot that won't be filtered.

What's really needed is seperate the routing slot market from the
address allocation market.

Mark

> Jack
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org

RE: Random Port Blocking at Hotels (was: Re: quietly....)

[Nathan Eisenberg]

> Sure.  Bet you ten bucks that no hotel in North America offers IPv6 this year
> in the wifi they provide to customers.  (Conference networks don't
> count.)

John - 

I happen to know with absolute certainty that the above statement is false.  
But I'd be happy to take your money!  :-)

Nathan

Re: Random Port Blocking at Hotels (was: Re: quietly....)

[Mark Andrews]

In message , "John R. Levine" wr
ites:
> > I have told a hotel they need to install equipment that supports RA
> > guard as I've checked out.  This was a hotel that only offered IPv4.
> >
> > Hotels ask for feedback on their services.  If you see a fault report
> > it in writing.
> 
> Sure.  Bet you ten bucks that no hotel in North America offers IPv6 this 
> year in the wifi they provide to customers.  (Conference networks don't 
> count.)

The point I was trying to make is that hotel still needs to protect
their customers from bad actions by other customers.  Investing in
RA guard gives their current customers a better experience *now*
and is not a wasted expense as they will continue to need it when
they get IPv6 connectivity.  The alternative is to filter all IPv6
packets and remember to turn off the filter when they go to turn
on IPv6.  The RA guard can be configured to allow the hotels routers
to work when IPv6 is finally enabled on them.

Anyway it's all about educating people to be aware that they need
to purchace stuff with IPv6 in mind even if they don't yet use IPv6.
Anything bought now is likely to be used in a envionment with IPv6
enabled at some point.

Mark
> Regards,
> John Levine, jo...@iecc.com, Primary Perpetrator of "The Internet for Dummies
> ",
> Please consider the environment before reading this e-mail. http://jl.ly
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org

Re: Weekend Gedankenexperiment - The Kill Switch

[Jay Ashworth]

- Original Message -
> From: "Fred Baker" 

> You mean, like drop a couple of trade towers and take out three class
> five switches, causing communication outages throughout New England
> and New Jersey, and affecting places as far away as Chicago?

3 class-5s?

I thought it was a 5E and a 4E.

I heard the 4E stayed online *past* 1400, talking to its fiber neighbors...

Cheers
-- jra

Re: Random Port Blocking at Hotels (was: Re: quietly....)

[Mark Andrews]

In message , "Derek J. Balli
ng" writes:
> 
> On Feb 5, 2011, at 8:14 PM, Mark Andrews wrote:
> > I have told a hotel they need to install equipment that supports RA
> > guard as I've checked out.  This was a hotel that only offered IPv4.
> 
> Wow... Could that be any more of a waste of yours and their time?

I put it writing so it could be sent to someone that could actually
do something about it.  I didn't expect the girl at the desk to do
anything about it other than make sure the report got to the right
department.

I expressed in terms of this is a future problem and you need to
be planning for it.

Bitching about problems with hotels networks here doesn't get them
fixed.  Complaining, in writing, has a chance of getting the problem
fixed.

Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org

Re: Random Port Blocking at Hotels (was: Re: quietly....)

[Jima]

On 2/5/2011 8:06 PM, John R. Levine wrote:

Sure. Bet you ten bucks that no hotel in North America offers IPv6 this
year in the wifi they provide to customers. (Conference networks don't
count.)


http://twitter.com/unquietwiki/status/449593712050176 springs to mind -- 
it was even *last* year.


 I think you owe Mark $10.

 Jima

Re: Random Port Blocking at Hotels (was: Re: quietly....)

[Owen DeLong]

On Feb 5, 2011, at 5:14 PM, Mark Andrews wrote:

> 
> In message <20110205150005.40621.qm...@joyce.lan>, John Levine writes:
>>> and saying "by God, this Owen character is right, we're in breach of 
>>> contract and his definition of the purity of Internet ports has so 
>>> stunned us with its symmetry and loveliness that we shall bow down and 
>>> sin no more!  Thank you Mr. DeLong from making the blind see again!"
>> 
>> More likely "uh, oh, we've got a loony one here.  Maybe if I give him
>> his ten bucks back, he'll go away."
>> 
>> R's,
>> John
> 
> I have told a hotel they need to install equipment that supports RA
> guard as I've checked out.  This was a hotel that only offered IPv4.
> 
> Hotels ask for feedback on their services.  If you see a fault report
> it in writing.
> 
Rest assured, I do that as well. I also end up usually spending a fair amount
of time on the phone with their contracted support desk which is usually
staffed by people that can barely spell IP and get confused if you suffix
it with v4 or v6. When I inquired about IPv4 and IPv6 support, I had one
literally tell me "We don't support either of those. Just ordinary Internet 
Protocol."


Owen

Re: Using IPv6 with prefixes shorter than a /64 on a LAN

[Owen DeLong]

On Feb 5, 2011, at 5:20 PM, Jack Bates wrote:

> On 2/5/2011 7:01 PM, Mark Andrews wrote:
>> And did you change the amount of growth space you allowed for each pop?
>> Were you already constrained in your IPv4 growth space and just restored
>> your desired growth margins?
>> 
> Growth rate has nothing to do with it. ARIN doesn't allow for growth in 
> initial assignments. No predictions, no HD-Ratio, and definitely no nibble 
> alignments.
> 
Yet.

> Current policy proposal hopes to fix a lot of that.
> 
Yes... 2011-3 for those who are interested in knowing more.

Owen

Re: Using IPv6 with prefixes shorter than a /64 on a LAN

[Owen DeLong]

On Feb 5, 2011, at 6:38 PM, Nathan Eisenberg wrote:

>> Still, that is a considerable number of bits we'll have left when the dust
>> settles and the RIR allocation rate drastically slows.
> 
> Like it did for IPv4? ;)
> 
> -Nathan
> 

It long since would have if ISPs didn't have to come back annually (or more 
frequently in many cases)
to get additional addresses to support their growth.

In IPv6, we should be looking to do 5 or 10 year allocations. We can afford to 
be fairly speculative in
our allocations in order to preserve greater aggregation.

In iPv4, the registries were constantly trying to balance shortage of addresses 
with shortage
of routing table slots. In IPv6, we can focus on rational allocation for 
administrative purposes
with some consideration given to routing table slots.

It makes for a significantly different set of tradeoffs and optimizations that 
should be used in
address policy.

That is why I wrote 2011-3 and why we passed 2010-8.

Owen

Re: Using IPv6 with prefixes shorter than a /64 on a LAN

[Jack Bates]

On 2/5/2011 8:40 PM, Mark Andrews wrote:

A IPv4 /16 supports 64000 potential customers. A IPv6 /32 supports
64000 potential customers.  Either you have changed the customer
estimates or changed the growth space allowances or were using NAT
or 

You don't suddenly need 256 times the amount of space overnight all
other things being equal.  About the only thing I can think of is
you need to advertise 256 routes and you are asking for extra blocks
to get around poorly thought out filtering policies.

What filtering policies? My allocation was based on customers per 
terminating router, 1 route per terminating router. A /32 was nowhere 
near enough. The reason a /16 works today is because I have a routing 
table that looks like swiss cheese and a 95%+ utilization rate. 9 /40 
(equiv of 9 /24 IPv4 DHCP pools for residential DSL) networks don't fall 
on a bit boundary. Nibble would make things even easier, but to say I 
have to run multiple routes to a pop and squeeze things in as tight as 
possible is insane. Justifications DO allow for some amount of 
aggregation in numbering plans.



If ISPs were being honest and matching IPv4 to IPv6 filtering the
filters would be set a /40 not /32.  By setting the filters to /32
you force the small ISP to ask for up to 256 times as much address
space as they need with absolutely no benefits to anyone just to
get a routing slot that won't be filtered.

Actually, many router policies, as discussed previously on the list, 
support /48. Routing policies don't force the /32, and a current 
proposal to ARIN even supports a small ISP getting a /36, hopefully at a 
lower cost.



What's really needed is seperate the routing slot market from the
address allocation market.



I agree that inter-AS routing needs to change, though that still has 
nothing to do with address allocation itself. Sizes of allocations were 
chosen to allow for growth. The ISPs don't get near the wiggle room that 
corporations and end users get in address assignment currently.


When analyzing exhaustion rate of IPv6, like IPv4, you have to view it 
at the RIR allocation level. In this case, across the board, we will see 
a minimum of an 8 bit shift in allocations, and often 12-16 bits (what's 
to the right of the allocation bits doesn't matter when we consider 
exhaustion rates, so long as what's to the right is appropriately 
utilized and justified by community standards before another request is 
handled by the RIR).




Jack

Re: Using IPv6 with prefixes shorter than a /64 on a LAN

[Jack Bates]

On 2/5/2011 9:44 PM, Owen DeLong wrote:
In IPv6, we should be looking to do 5 or 10 year allocations. We can 
afford to be fairly speculative in

our allocations in order to preserve greater aggregation.



And even if networks were only getting an 8 bit slide, that's 256 trips 
back to the RIR to get to their current allocations sizes (over 1000 
years if they had to return once every 5 years). However, 12-16 bit 
slides seem more common (perhaps John knows the exact slide ratio, 
though I suspect many ISPs haven't really nailed down what they need in 
v6 yet) and that can exceed 10 year allocation rates for some ISPs.



Jack

Re: Random Port Blocking at Hotels (was: Re: quietly....)

[Paul Timmins]

John R. Levine wrote:

I have told a hotel they need to install equipment that supports RA
guard as I've checked out.  This was a hotel that only offered IPv4.

Hotels ask for feedback on their services.  If you see a fault report
it in writing.


Sure.  Bet you ten bucks that no hotel in North America offers IPv6 
this year in the wifi they provide to customers.  (Conference networks 
don't count.)
I know a hospital in Metro Detroit that was offering it on their patient 
and guest WiFi in 2009. Of course, neither they, nor the individual 
running the rogue IPv6 router knew that, but as a person running an IPv6 
enabled OS, it was really  screwing up access to my dual stacked hosts 
to be getting RAs on their wireless with no prefixes on them. I had to 
filter out RAs in iptables in order to effectively use their WiFi, which 
was a mess to begin with.


The guilty party should remain nameless for google's sake, but if you're 
a netadmin in a largeish, three location hospital entirely in the 
detroit suburbs, say the largest inpatient hospital in the country, 
please make sure you either filter IPv6 or offer it yourself so you'll 
at least know if it's broken.


As much as I hear people whining these days about how to handle rogue 
RAs, they don't seem to realize that this is ALREADY an issue on their 
network, even if they haven't, or won't adopt IPv6, and so this is a NOW 
problem either way and needs to be addressed. It's not a barrier to IPv6 
adoption, it's a security threat right this minute. Either block 
protocol 0x86dd using a mac address prefix list, or traffic with a 
destination of 33:33:00:00:00:01 from all untrusted ports and you can 
now safely enable IPv6, OR just upgrade your gear, and while you're at 
it, you can now safely enable IPv6 anyway.


-Paul

Re: Weekend Gedankenexperiment - The Kill Switch

[Fred Baker]

On Feb 5, 2011, at 6:11 PM, Dave CROCKER wrote:

> 
> 
> On 2/5/2011 6:43 AM, Fred Baker wrote:
>> On Feb 4, 2011, at 9:49 PM, Hayden Katzenellenbogen wrote:
>>> Not sure if it has been said already but wasn't one of the key point for
>>> the creation of the internet to create and infrastructure that would
>>> survive in the case of all out war and massive destruction. (strategic
>>> nuclear strikes)
>> 
>> Urban legend, although widely believed. Someone probably made the 
>> observation.
> 
> 
> Maybe not quite an UL...
> 
>   
> 
> On the average, The Rand Corp is extremely careful about what it publishes, 
> yet here it is, repeating the claim.

But Len Kleinrock adamantly disputes it.

> Back in the '70s, I always heard "survive hostile battlefield conditions" and 
> never heard anyone talk about comms survival of a nuclear event, but I wasn't 
> in any interesting conversations, such as in front of funding agencies...

To survive an EMP, electronics needs some fancy circuitry. I've never worked 
with a bit of equipment that had it. It would therefore have to have been 
through path redundancy.

Re: Random Port Blocking at Hotels (was: Re: quietly....)

[Matthew Kaufman]

On 2/5/2011 8:15 PM, Paul Timmins wrote:
OR just upgrade your gear, and while you're at it, you can now safely 
enable IPv6 anyway.


Well, enable IPv6. Safely? I don't see how upgrading your gear magically 
makes the various security threats -- including the current topic of 
rogue RAs -- go away.


Matthew Kaufman

Re: "Leasing" of space via non-connectivity providers

[Benson Schliesser]

On Feb 5, 2011, at 1:01 PM, Bill Woodcock wrote:
> On Feb 5, 2011, at 10:27 AM, bmann...@vacation.karoshi.com wrote:
>> If I justified an allocation 20 years ago, under the then current policy, 
>> it's presumptuous to presume the power of expropriation.
> 
> No one presumes it, and a lot of us are in the same boat as you, some of the 
> addresses we're using predating the RIR system.
> 
> That said, there will always be people who will turn up on the mailing list, 
> participating in the public policy process, who are not in that boat, and 
> whose interests differ significantly, and who will speak in favor of those 
> interests.
> 
> And the consensus of the public, the people who participate in the public 
> policy process, is what decides 

The ARIN community decides ARIN policy.  That policy doesn't inherently reflect 
"community standards" in the broader sense, or inherently align with the law 
for that matter.  If the ARIN community were to instruct ARIN to operate in an 
illegal capacity, for instance, the fact that a "community" reached "consensus" 
on the matter would be a ridiculous defense.

Cheers,
-Benson

Re: Random Port Blocking at Hotels

[Paul Timmins]

Matthew Kaufman wrote:

On 2/5/2011 8:15 PM, Paul Timmins wrote:
OR just upgrade your gear, and while you're at it, you can now safely 
enable IPv6 anyway.


Well, enable IPv6. Safely? I don't see how upgrading your gear 
magically makes the various security threats -- including the current 
topic of rogue RAs -- go away.




If you upgrade it to something that can filter rogue RA, like I was 
showing in the previous two examples, that would address the security 
issues.


-Paul

Re: Weekend Gedankenexperiment - The Kill Switch

[Fred Baker]

On Feb 5, 2011, at 7:00 PM, Jay Ashworth wrote:

> - Original Message -
>> From: "Fred Baker" 
> 
>> You mean, like drop a couple of trade towers and take out three class
>> five switches, causing communication outages throughout New England
>> and New Jersey, and affecting places as far away as Chicago?
> 
> 3 class-5s?
> 
> I thought it was a 5E and a 4E.

I may have it wrong. My source is a talk given along with 
renesys-030502-NRC-911.pdf to a NAE committee writing 
http://www.nap.edu/openbook.php?isbn=0309087023. The author told us that there 
were two class five switches in one of the towers and one in a neighboring 
building; the neighboring building was damaged by debris from the tower.

> I heard the 4E stayed online *past* 1400, talking to its fiber neighbors...
> 
> Cheers
> -- jra
> 

Re: Random Port Blocking at Hotels (was: Re: quietly....)

[Derek J. Balling]

On Feb 5, 2011, at 11:15 PM, Paul Timmins wrote:
> I know a hospital in Metro Detroit that was offering it on their patient and 
> guest WiFi in 2009. Of course, neither they, nor the individual running the 
> rogue IPv6 router knew that, but as a person running an IPv6 enabled OS, it 
> was really  screwing up access to my dual stacked hosts to be getting RAs on 
> their wireless with no prefixes on them. I had to filter out RAs in iptables 
> in order to effectively use their WiFi, which was a mess to begin with.

Wouldn't it have been awesome if, y'know, you hadn't had to worry about the RAs 
at all, but had just connected your single client machine, and gotten your 
simple gateway address from the DHCP server along with all the rest of your 
network configuration settings, just like has worked pretty darned well for a 
number of years?

Oh, right... IPv6, whose mascot should be the camel[1].

Cheers,
D

[1] http://bit.ly/enLk3c

Re: Random Port Blocking at Hotels (was: Re: quietly....)

[Owen DeLong]

On Feb 5, 2011, at 8:30 PM, Matthew Kaufman wrote:

> On 2/5/2011 8:15 PM, Paul Timmins wrote:
>> OR just upgrade your gear, and while you're at it, you can now safely enable 
>> IPv6 anyway.
> 
> Well, enable IPv6. Safely? I don't see how upgrading your gear magically 
> makes the various security threats -- including the current topic of rogue 
> RAs -- go away.
> 
> Matthew Kaufman

Most rogue RAs are problematic on networks that don't have legitimate RAs to 
override them.

Yes, someone can do a malicious RA, but, the current problem is mostly people 
doing
accidental RAs thanks to Micr0$0ft's convenient "Click here to screw your 
neighbors"
buttons.

Owen

Re: Random Port Blocking at Hotels (was: Re: quietly....)

[Paul Timmins]

Derek J. Balling wrote:

On Feb 5, 2011, at 11:15 PM, Paul Timmins wrote:
  

I know a hospital in Metro Detroit that was offering it on their patient and 
guest WiFi in 2009. Of course, neither they, nor the individual running the 
rogue IPv6 router knew that, but as a person running an IPv6 enabled OS, it was 
really  screwing up access to my dual stacked hosts to be getting RAs on their 
wireless with no prefixes on them. I had to filter out RAs in iptables in order 
to effectively use their WiFi, which was a mess to begin with.



Wouldn't it have been awesome if, y'know, you hadn't had to worry about the RAs 
at all, but had just connected your single client machine, and gotten your 
simple gateway address from the DHCP server along with all the rest of your 
network configuration settings, just like has worked pretty darned well for a 
number of years?
  
Because rogue DHCP servers have never been a problem. Switches supported 
keeping those secure since before DHCP was even commonly used, right?


-Paul

Re: "Leasing" of space via non-connectivity providers

[John Curran]

On Feb 5, 2011, at 11:31 PM, Benson Schliesser wrote:
> ...
> The ARIN community decides ARIN policy.  That policy doesn't inherently 
> reflect "community standards" in the broader sense, or inherently align with 
> the law for that matter.  If the ARIN community were to instruct ARIN to 
> operate in an illegal capacity, for instance, the fact that a "community" 
> reached "consensus" on the matter would be a ridiculous defense.

Benson - 
 
  You are correct that consensus doesn't assure legality; hence
  all draft policies receive a specific staff and legal review 
  during the development process. 

/John

John Curran
President and CEO
ARIN

Re: "Leasing" of space via non-connectivity providers

[Owen DeLong]

On Feb 5, 2011, at 8:31 PM, Benson Schliesser wrote:

> 
> On Feb 5, 2011, at 1:01 PM, Bill Woodcock wrote:
>> On Feb 5, 2011, at 10:27 AM, bmann...@vacation.karoshi.com wrote:
>>> If I justified an allocation 20 years ago, under the then current policy, 
>>> it's presumptuous to presume the power of expropriation.
>> 
>> No one presumes it, and a lot of us are in the same boat as you, some of the 
>> addresses we're using predating the RIR system.
>> 
>> That said, there will always be people who will turn up on the mailing list, 
>> participating in the public policy process, who are not in that boat, and 
>> whose interests differ significantly, and who will speak in favor of those 
>> interests.
>> 
>> And the consensus of the public, the people who participate in the public 
>> policy process, is what decides 
> 
> The ARIN community decides ARIN policy.  That policy doesn't inherently 
> reflect "community standards" in the broader sense, or inherently align with 
> the law for that matter.  If the ARIN community were to instruct ARIN to 
> operate in an illegal capacity, for instance, the fact that a "community" 
> reached "consensus" on the matter would be a ridiculous defense.
> 
> Cheers,
> -Benson
> 

We have a lawyer that does an excellent job of advising us on legal concerns in 
our policy proposals.

That is part of the policy process. As such, yes, they do somewhat inherently 
align with the law.

As to reflecting community standards, I'm not sure what better measure of 
"community standards"
one could propose beyond a bottom-up open consensus driven policy process such 
as what
we have today.

If you know a better way to make policy reflect community standards, there is 
the ACSP and I'm
sure that the PDP committee would be very happy to get your input.

Owen

RE: Weekend Gedankenexperiment - The Kill Switch

[George Bonser]

> 
> > Back in the '70s, I always heard "survive hostile battlefield
> conditions" and never heard anyone talk about comms survival of a
> nuclear event, but I wasn't in any interesting conversations, such as
> in front of funding agencies...
> 
> To survive an EMP, electronics needs some fancy circuitry. I've never
> worked with a bit of equipment that had it. It would therefore have to
> have been through path redundancy.

It was designed to be robust but it wasn't designed to survive nuclear
war. There WERE some networks that were designed to survive, though, so
maybe some have confused them.  I think what I hear seems to confuse
MILNET with MILSTAR where MILNET was the military portion of the
Internet (what has eventually evolved into NIPRNet) and MILSTAR which is
a satellite network designed to be nuclear survivable.  When it
absolutely positively has to get there.

Re: Weekend Gedankenexperiment - The Kill Switch

[bmanning]

On Sat, Feb 05, 2011 at 08:29:44PM -0800, Fred Baker wrote:
> 
> On Feb 5, 2011, at 6:11 PM, Dave CROCKER wrote:
> 
> > 
> > 
> > On 2/5/2011 6:43 AM, Fred Baker wrote:
> >> On Feb 4, 2011, at 9:49 PM, Hayden Katzenellenbogen wrote:
> >>> Not sure if it has been said already but wasn't one of the key point for
> >>> the creation of the internet to create and infrastructure that would
> >>> survive in the case of all out war and massive destruction. (strategic
> >>> nuclear strikes)
> >> 
> >> Urban legend, although widely believed. Someone probably made the 
> >> observation.
> > 
> > 
> > Maybe not quite an UL...
> > 
> >   
> > 
> > On the average, The Rand Corp is extremely careful about what it publishes, 
> > yet here it is, repeating the claim.
> 
> But Len Kleinrock adamantly disputes it.
> 
> > Back in the '70s, I always heard "survive hostile battlefield conditions" 
> > and never heard anyone talk about comms survival of a nuclear event, but I 
> > wasn't in any interesting conversations, such as in front of funding 
> > agencies...
> 
> To survive an EMP, electronics needs some fancy circuitry. I've never worked 
> with a bit of equipment that had it. It would therefore have to have been 
> through path redundancy.


i suspect that the idea of survivalbility has everything to do 
w/ packet oriented communications vs circuit switching.
packets work best w/ path redundancy... :)

i've worked w/ EMP resistnt kit.  its not something a commercial
offering would ever have.  

--bill

US Warships jamming Lebanon Internet

[Joly MacFie]

Lebanon's Telecom minister is claiming that US Navy radar is blocking the
country's Internet..

http://www.naharnet.com/domino/tn/NewsDesk.nsf/0/93A95CA1A4E42178C225782E007371AF

"The problem, however, is due to a coordination error related to waves,"
> Nahhas told OTV, adding that an investigation was underway to find out
> whether this act is "intentional or not."


also at
http://www.naharnet.com/domino/tn/NewsDesk.nsf/Lebanon/EFCEF203B3C315A5C225782E0020C75F

-- 
---
Joly MacFie  218 565 9365 Skype:punkcast
WWWhatsup NYC - http://wwwhatsup.com
 http://pinstand.com - http://punkcast.com
  VP (Admin) - ISOC-NY - http://isoc-ny.org
---

Re: US Warships jamming Lebanon Internet

[Joel Jaeggli]

On 2/5/11 9:00 PM, Joly MacFie wrote:
> Lebanon's Telecom minister is claiming that US Navy radar is blocking the
> country's Internet..
> 
> http://www.naharnet.com/domino/tn/NewsDesk.nsf/0/93A95CA1A4E42178C225782E007371AF

Those repeaterless submarine optical systems are really impacted by
terrestrial rf transmission...

> "The problem, however, is due to a coordination error related to waves,"
>> Nahhas told OTV, adding that an investigation was underway to find out
>> whether this act is "intentional or not."
> 
> 
> also at
> http://www.naharnet.com/domino/tn/NewsDesk.nsf/Lebanon/EFCEF203B3C315A5C225782E0020C75F
> 

Re: "Leasing" of space via non-connectivity providers

[Benson Schliesser]

On Feb 5, 2011, at 2:25 PM, Owen DeLong wrote:

> The fact that a very large number of network operators use the data
> contained in the RIR system in a cooperative manner is convenient
> and makes the internet substantially more useful than I can imagine
> it would be under alternative scenarios. However, that does not mean
> that the RIRs are granting any sort of license, right to use, or ownership.
> Nor does it mean that terminating a registration constitutes taking away
> such a grant that was never given.

This is a pretty tenuous position.  If the Whois database isn't specifying the 
proper association between an organization and an address block, what is it 
for?  I think you're suggesting that the definition of "proper" in this case is 
no more than ARIN's non-binding recommendation.  If that's the case then ARIN 
has no "authority" as the address registry.  I think ARIN's own statements, 
relationship with NRO and IANA, etc, all contradict this.

On the other hand, if ARIN intends the Whois to reflect the proper association 
between organizations and address blocks, then it has some responsibility for 
the accuracy of that data.  While not a perfect comparison, it would be 
somewhat like a financial services company hired to maintain shareholder 
ownership records of a public company - negligence in maintaining accurate 
records can result in criminal consequences.  In fact, in my example, if the 
company decided to reallocate one group of shares to new owners they'd find 
themselves in a deep pile of trouble - we have laws that govern property 
rights, define theft and fraud, etc, all of which takes precedence over company 
policy.

It would be disingenuous to offer a database of information, recommend it be 
used by the public, support its use as an authoritative source, and then deny 
any responsibility for the contents.  I don't think your position on this 
particular topic reflects ARIN in reality.

Cheers,
-Benson

Re: "Leasing" of space via non-connectivity providers

[Benson Schliesser]

On Feb 5, 2011, at 10:48 PM, John Curran wrote:
>  You are correct that consensus doesn't assure legality; hence
>  all draft policies receive a specific staff and legal review 
>  during the development process. 

Thanks, John.  I'm aware of the legal review, as well as the AC and board 
"gateways" to policy adoption.  I don't have any recommendation for improving 
that process, per se - just a healthy dose of skepticism that it will always 
result in alignment with the law, especially given that the legal authority of 
ARIN isn't clearly defined.


On Feb 5, 2011, at 10:44 PM, Owen DeLong wrote:
> As to reflecting community standards, I'm not sure what better measure of 
> "community standards"
> one could propose beyond a bottom-up open consensus driven policy process 
> such as what
> we have today.

Owen, my point is that the ARIN community does not necessarily reflect the 
community at large.  Just like the common standards within the mafia community 
aren't necessarily aligned with the broader standards of civil society.

If ARIN is appointed in an official capacity (i.e. granted such authority by 
the government, or by popular vote etc) to determine specific community 
standards then we don't have to worry.  Otherwise, ARIN has to work carefully 
to ensure that it doesn't go awry.  In that sense, the relative smallness of 
the ARIN community and ARIN's organizational momentum (natural to any 
self-preserving organization) should be of concern.


Cheers,
-Benson

Re: "Leasing" of space via non-connectivity providers

[John Curran]

On Feb 5, 2011, at 8:40 PM, bmann...@vacation.karoshi.com wrote:

> On Sat, Feb 05, 2011 at 09:12:53PM +, John Curran wrote:
>> RFC 2050 is the document which  provides the registry system framework.  
>> Jon Postel is an author of same, as well as a founder of ARIN.
> 
>   yup.. i was there when it was written.

Excellent; it could prove helpful in clarifying things.

>It does not talk to address space allocated to entities from the IANA or 
> other
>registries prior to the RIRs existance.  

Is it your belief that Jon did not intend RFC 2050 to apply to the existing 
allocations maintained by the three regional registries in existence at the
time (InterNIC, RIPE NCC and APNIC)?

I imagine that is plausible, but it would run contrary to the language which
states that assignments should be viewed as loans and "to this end, ISPs should 
have documented justification available for each assignment.  The regional 
registry 
may, at any time, ask for this information.  If the information is not 
available, 
future allocations may be impacted. In extreme cases, existing loans may be 
impacted."
I'm having trouble understanding how *existing* allocations could be impacted 
if existing registry allocations were not covered.  Or are you suggesting that 
RFC 2050 applies, but there is a select set of ISP allocations that were 
outside 
of InterNIC, APNIC, and RIPE NCC to which special handling is applied?

Further, RFC 2050 states "The transfer of IP addresses from one party to 
another 
must be approved by the regional registries.  The party trying to obtain the IP 
address must meet the same criteria as if they were requesting an IP address 
directly from the IR."  Even one were to hypothecate some type of address space 
 
that could be the *source* of a transfer due to a mystical handling status, how 
could any party be the *recipient* of such without demonstrating need to one of 
the regional registries per the second referenced text?  Is this also a case 
where it was meant to exclude some special parties but just did not get stated 
in the actual RFC 2050 text?

Thanks!
/John

John Curran
President and CEO
ARIN

Re: "Leasing" of space via non-connectivity providers

[Owen DeLong]

On Feb 5, 2011, at 9:25 PM, Benson Schliesser wrote:

> 
> On Feb 5, 2011, at 10:48 PM, John Curran wrote:
>> You are correct that consensus doesn't assure legality; hence
>> all draft policies receive a specific staff and legal review 
>> during the development process. 
> 
> Thanks, John.  I'm aware of the legal review, as well as the AC and board 
> "gateways" to policy adoption.  I don't have any recommendation for improving 
> that process, per se - just a healthy dose of skepticism that it will always 
> result in alignment with the law, especially given that the legal authority 
> of ARIN isn't clearly defined.
> 
> 
> On Feb 5, 2011, at 10:44 PM, Owen DeLong wrote:
>> As to reflecting community standards, I'm not sure what better measure of 
>> "community standards"
>> one could propose beyond a bottom-up open consensus driven policy process 
>> such as what
>> we have today.
> 
> Owen, my point is that the ARIN community does not necessarily reflect the 
> community at large.  Just like the common standards within the mafia 
> community aren't necessarily aligned with the broader standards of civil 
> society.
> 
It reflects those who care to participate. The process is open to anyone in the 
community that want to. That's as close as any body ever comes to such a thing.

Just like you don't get better politicians unless you vote, you can't get 
better ARIN policy unless you participate.

> If ARIN is appointed in an official capacity (i.e. granted such authority by 
> the government, or by popular vote etc) to determine specific community 
> standards then we don't have to worry.  Otherwise, ARIN has to work carefully 
> to ensure that it doesn't go awry.  In that sense, the relative smallness of 
> the ARIN community and ARIN's organizational momentum (natural to any 
> self-preserving organization) should be of concern.
> 
An interesting perspective.

Owen

nlayer contact

[William Pitcock]

Hi,

Could an nLayer network engineer contact me offlist regarding a service
or core router at I'm guessing One Wilshire that is having serious
problems?

Thanks.

William

Re: "Leasing" of space via non-connectivity providers

[Owen DeLong]

On Feb 5, 2011, at 9:24 PM, Benson Schliesser wrote:

> 
> On Feb 5, 2011, at 2:25 PM, Owen DeLong wrote:
> 
>> The fact that a very large number of network operators use the data
>> contained in the RIR system in a cooperative manner is convenient
>> and makes the internet substantially more useful than I can imagine
>> it would be under alternative scenarios. However, that does not mean
>> that the RIRs are granting any sort of license, right to use, or ownership.
>> Nor does it mean that terminating a registration constitutes taking away
>> such a grant that was never given.
> 
I need to be very clear here... The opinions I am expressing are mine and mine
alone. I don't know if ANYONE at ARIN shares them with me.

> This is a pretty tenuous position.  If the Whois database isn't specifying 
> the proper association between an organization and an address block, what is 
> it for?  I think you're suggesting that the definition of "proper" in this 
> case is no more than ARIN's non-binding recommendation.  If that's the case 
> then ARIN has no "authority" as the address registry.  I think ARIN's own 
> statements, relationship with NRO and IANA, etc, all contradict this.
> 
What I am saying is that ARIN and the Whois database ARIN maintains is 
authoritative only
so far as those using the data wish to consider it authoritative.

It does not command any particular network operator to treat any set of numbers 
in any
particular way.

ARIN is the registry recognized as authoritative in its geographic region by 
NRO and IANA.

However, one can maintain a database of integers that is not sanction by NRO 
and IANA
and if people choose to put your numbers into their routers instead of ARIN or 
other NRO
or IANA based registry numbers, who is to stop them or you?

The ability of ARIN to influence the routing table is strictly limited to the 
fact that ISPs
choose to consider ARIN authoritative. That choice is entirely voluntary on the 
part of
the ISPs.

> On the other hand, if ARIN intends the Whois to reflect the proper 
> association between organizations and address blocks, then it has some 
> responsibility for the accuracy of that data.  While not a perfect 
> comparison, it would be somewhat like a financial services company hired to 
> maintain shareholder ownership records of a public company - negligence in 
> maintaining accurate records can result in criminal consequences.  In fact, 
> in my example, if the company decided to reallocate one group of shares to 
> new owners they'd find themselves in a deep pile of trouble - we have laws 
> that govern property rights, define theft and fraud, etc, all of which takes 
> precedence over company policy.
> 
I think ARIN has tremendous responsibility for the accuracy of that data. 
However, the
definition of what is accurate is governed only by ARIN policy and the 
contracts ARIN has
to provide registration services.

> It would be disingenuous to offer a database of information, recommend it be 
> used by the public, support its use as an authoritative source, and then deny 
> any responsibility for the contents.  I don't think your position on this 
> particular topic reflects ARIN in reality.
> 
I am not denying that ARIN has responsibility for the contents of the database. 
I absolutely
feel they are responsible to the members and to the resource holders who pay 
ARIN for
registration services to keep that data accurate. So far, they have also 
voluntarily accepted
additional data which may or may not be accurate in support of a community of 
pre-existing
registrations that have no contract with ARIN. There is no reason I know of 
that ARIN would
not be within its rights to terminate that free voluntary registration service 
at any time.

Note, I think such an action on ARINs part would be ill-advised and contrary to 
the good
of the community and harmful to the internet. It might even be damaging to 
ARINs very
relevance to the internet.

I'm merely pointing out that legacy holders cannot be assured ARIN will 
continue to provide
a free registration service for them in perpetuity. If they want to guarantee 
the services they
have today, signing the LRSA is crucial. If they do not sign the LRSA, there is 
nothing
to prevent the community from changing ARIN policy in such a way that said free 
services
are terminated.

I will oppose any such move by the community. I have strongly opposed previous
efforts in this direction. However, I am one voice in a much larger community.

Owen

Re: Using IPv6 with prefixes shorter than a /64 on a LAN

[Mark Andrews]

In message <4d4e1c5d.20...@brightok.net>, Jack Bates writes:
> On 2/5/2011 8:40 PM, Mark Andrews wrote:
> > A IPv4 /16 supports 64000 potential customers. A IPv6 /32 supports
> > 64000 potential customers.  Either you have changed the customer
> > estimates or changed the growth space allowances or were using NAT
> > or 
> >
> > You don't suddenly need 256 times the amount of space overnight all
> > other things being equal.  About the only thing I can think of is
> > you need to advertise 256 routes and you are asking for extra blocks
> > to get around poorly thought out filtering policies.
> >
> What filtering policies? My allocation was based on customers per 
> terminating router, 1 route per terminating router. A /32 was nowhere 
> near enough. The reason a /16 works today is because I have a routing 
> table that looks like swiss cheese and a 95%+ utilization rate. 9 /40 
> (equiv of 9 /24 IPv4 DHCP pools for residential DSL) networks don't fall 
> on a bit boundary. Nibble would make things even easier, but to say I 
> have to run multiple routes to a pop and squeeze things in as tight as 
> possible is insane. Justifications DO allow for some amount of 
> aggregation in numbering plans.

Rationalising to power of 2 allocations shouldn't result in requiring
256 times the space you were claiming with the 8 bits of shift on
average.  A couple of bits will allow that.

> > If ISPs were being honest and matching IPv4 to IPv6 filtering the
> > filters would be set a /40 not /32.  By setting the filters to /32
> > you force the small ISP to ask for up to 256 times as much address
> > space as they need with absolutely no benefits to anyone just to
> > get a routing slot that won't be filtered.
> >
> Actually, many router policies, as discussed previously on the list, 
> support /48. Routing policies don't force the /32, and a current 
> proposal to ARIN even supports a small ISP getting a /36, hopefully at a 
> lower cost.
> 
> > What's really needed is seperate the routing slot market from the
> > address allocation market.
> >
> 
> I agree that inter-AS routing needs to change, though that still has 
> nothing to do with address allocation itself. Sizes of allocations were 
> chosen to allow for growth. The ISPs don't get near the wiggle room that 
> corporations and end users get in address assignment currently.
> 
> When analyzing exhaustion rate of IPv6, like IPv4, you have to view it 
> at the RIR allocation level. In this case, across the board, we will see 
> a minimum of an 8 bit shift in allocations, and often 12-16 bits (what's 
> to the right of the allocation bits doesn't matter when we consider 
> exhaustion rates, so long as what's to the right is appropriately 
> utilized and justified by community standards before another request is 
> handled by the RIR).
 
You need to look very closely at any ISP that only shifts 8 bits going
from IPv4 to IPv6, something dodgy is probably going on.  This is not
to say it is deliberately dodgy.

Mark

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org

Re: "Leasing" of space via non-connectivity providers

[David Conrad]

John,

On Feb 5, 2011, at 7:33 PM, John Curran wrote:
>>   It does not talk to address space allocated to entities from the IANA or 
>> other
>>   registries prior to the RIRs existance.  
> Is it your belief that Jon did not intend RFC 2050 to apply to the existing 
> allocations maintained by the three regional registries in existence at the
> time (InterNIC, RIPE NCC and APNIC)?

Last I checked, the other four authors of RFC 2050 are still alive.  Why not 
ask them? 

> Further, RFC 2050 states "The transfer of IP addresses from one party to 
> another 
> must be approved by the regional registries.  The party trying to obtain the 
> IP 
> address must meet the same criteria as if they were requesting an IP address 
> directly from the IR."  

I'm curious: when HP acquired the assets of Compaq (or when Compaq acquired the 
assets of Digital), is it your position that  HP (or Compaq) "met the same 
criteria as if they were requesting an IP address directly from the IR." for 
16.0.0.0/8?

Regards,
-drc

Re: US Warships jamming Lebanon Internet

[Andrew Kirch]

On 2/6/2011 12:00 AM, Joly MacFie wrote:
> Lebanon's Telecom minister is claiming that US Navy radar is blocking the
> country's Internet..
>
> http://www.naharnet.com/domino/tn/NewsDesk.nsf/0/93A95CA1A4E42178C225782E007371AF
>
> "The problem, however, is due to a coordination error related to waves,"
>
Ok, I'm confused here, did we get one of our Aegis missile cruisers
stuck in their series of tubes?

Andrew

RE: My upstream ISP does not support IPv6

[Frank Bulk]

Here's a chart:
http://en.wikipedia.org/wiki/Comparison_of_IPv6_support_by_major_transit_providers

Frank

-Original Message-
From: Seth Mattinen [mailto:se...@rollernet.us] 
Sent: Friday, February 04, 2011 12:16 PM
To: nanog@nanog.org
Subject: Re: My upstream ISP does not support IPv6

On 2/4/2011 06:13, Jack Bates wrote:
> 
> I waited years and finally turned up a transit to L3 for additional
> bandwidth (had to wait for GE support from the other 2, of which 1 still
> can't give me a GE) and luckily native v6. Within 30 days I should have
> a cogent 10G, and I hear I'll get v6 there as well.
> 

Does anyone know how partitioned Cogent is these days?

~Seth

Re: US Warships jamming Lebanon Internet

[Mike Lyon]

No, it's those Radar Sharks with Frickin' lasers on their heads:

http://pokerterms.com/images/sharks-with-lasers-2.jpg

-Mike


On Sat, Feb 5, 2011 at 10:33 PM, Andrew Kirch  wrote:

> On 2/6/2011 12:00 AM, Joly MacFie wrote:
> > Lebanon's Telecom minister is claiming that US Navy radar is blocking the
> > country's Internet..
> >
> >
> http://www.naharnet.com/domino/tn/NewsDesk.nsf/0/93A95CA1A4E42178C225782E007371AF
> >
> > "The problem, however, is due to a coordination error related to waves,"
> >
> Ok, I'm confused here, did we get one of our Aegis missile cruisers
> stuck in their series of tubes?
>
> Andrew
>
>
>

Re: "Leasing" of space via non-connectivity providers

[John Curran]

On Feb 6, 2011, at 1:25 AM, David Conrad wrote:
> Last I checked, the other four authors of RFC 2050 are still alive.  Why not 
> ask them? 

Bill indicated he "was there when it was written" in reference to Jon being an 
author, and I was inquiring to whether he had any knowledge of Jon's intent 
that 
he could share.  If you have knowledge of Jon's intent, or any insight on why 
RFC 
2050 includes the existing allocations if the intent was actually to leave it 
vague
with respect to same, that also would be helpful.

>> Further, RFC 2050 states "The transfer of IP addresses from one party to 
>> another 
>> must be approved by the regional registries.  The party trying to obtain the 
>> IP 
>> address must meet the same criteria as if they were requesting an IP address 
>> directly from the IR."  
> 
> I'm curious: when HP acquired the assets of Compaq (or when Compaq acquired 
> the assets of Digital), is it your position that  HP (or Compaq) "met the 
> same criteria as if they were requesting an IP address directly from the IR." 
> for 16.0.0.0/8?

The handling of general case varies based on the community developed 
policy over the years, currently as specified by NRPM 8.2 (M&A Transfer)
in https://www.arin.net/policy/nrpm.html.  There's a Change Log on the
page if you want to track the policy at any given point in time.  I can
not comment on any specific transfer request, but will note that at one
time the M&A transfer policy allowed transfer of all held number resources
without justification of need as long as the entire entity was involved, 
but at this point the policy indicates that: "In the event that number 
resources of the combined organizations are no longer justified under ARIN
policy at the time ARIN becomes aware of the transaction, through a transfer 
request or otherwise, ARIN will work with the resource holder(s) to return, 
aggregate, or reclaim resources as appropriate via the processes outlined 
in current ARIN policy (for example, sections 4.6, 4.7, or 12 of the NRPM)."

FYI,
/John

John Curran
President and CEO
ARIN

Re: US Warships jamming Lebanon Internet

[Martin Millnert]

On Sun, Feb 6, 2011 at 12:00 AM, Joly MacFie  wrote:
> Lebanon's Telecom minister is claiming that US Navy radar is blocking the
> country's Internet..
>
> http://www.naharnet.com/domino/tn/NewsDesk.nsf/0/93A95CA1A4E42178C225782E007371AF
>
> "The problem, however, is due to a coordination error related to waves,"
>> Nahhas told OTV, adding that an investigation was underway to find out
>> whether this act is "intentional or not."
>
>
> also at
> http://www.naharnet.com/domino/tn/NewsDesk.nsf/Lebanon/EFCEF203B3C315A5C225782E0020C75F

Well-known problem with radars and wifi (used to live next to a
(military) radar research site):
http://en.wikipedia.org/wiki/Radar#Frequency_bands -- Check who uses S and C
http://en.wikipedia.org/wiki/S_band

Another reason to not rely on radio for your LAN/WAN in times of Aegis
cruisers passing by... ;)

Regards,
Martin

Re: US Warships jamming Lebanon Internet

[Chad Dailey]

I used to work on some of this gear.  The transmitters do indeed go to 11.
If they want to talk, you won't.


On Sun, Feb 6, 2011 at 1:20 AM, Martin Millnert  wrote:

> On Sun, Feb 6, 2011 at 12:00 AM, Joly MacFie  wrote:
> > Lebanon's Telecom minister is claiming that US Navy radar is blocking the
> > country's Internet..
> >
> >
> http://www.naharnet.com/domino/tn/NewsDesk.nsf/0/93A95CA1A4E42178C225782E007371AF
> >
> > "The problem, however, is due to a coordination error related to waves,"
> >> Nahhas told OTV, adding that an investigation was underway to find out
> >> whether this act is "intentional or not."
> >
> >
> > also at
> >
> http://www.naharnet.com/domino/tn/NewsDesk.nsf/Lebanon/EFCEF203B3C315A5C225782E0020C75F
>
> Well-known problem with radars and wifi (used to live next to a
> (military) radar research site):
> http://en.wikipedia.org/wiki/Radar#Frequency_bands -- Check who uses S and
> C
> http://en.wikipedia.org/wiki/S_band
>
> Another reason to not rely on radio for your LAN/WAN in times of Aegis
> cruisers passing by... ;)
>
> Regards,
> Martin
>
>

Re: US Warships jamming Lebanon Internet

[Michael Painter]

Martin Millnert wrote:

On Sun, Feb 6, 2011 at 12:00 AM, Joly MacFie  wrote:

Lebanon's Telecom minister is claiming that US Navy radar is blocking the
country's Internet..

http://www.naharnet.com/domino/tn/NewsDesk.nsf/0/93A95CA1A4E42178C225782E007371AF

"The problem, however, is due to a coordination error related to waves,"

Nahhas told OTV, adding that an investigation was underway to find out
whether this act is "intentional or not."



also at
http://www.naharnet.com/domino/tn/NewsDesk.nsf/Lebanon/EFCEF203B3C315A5C225782E0020C75F


Well-known problem with radars and wifi (used to live next to a
(military) radar research site):
http://en.wikipedia.org/wiki/Radar#Frequency_bands -- Check who uses S and C
http://en.wikipedia.org/wiki/S_band

Another reason to not rely on radio for your LAN/WAN in times of Aegis
cruisers passing by... ;)

Regards,
Martin


I've seen Aegis radar interfere with C-band satellite communications (3720-4180 
MHz.) which is used by all kinds of
services. 

RE: Weekend Gedankenexperiment - The Kill Switch

[Ryan Finnesey]

Does anyone know when they took down connectivity in Egypt did they also
bring down the MPLS networks global companies use?

Cheers
Ryan


-Original Message-
From: Fred Baker [mailto:f...@cisco.com] 
Sent: Saturday, February 05, 2011 9:43 AM
To: Hayden Katzenellenbogen
Cc: NANOG list
Subject: Re: Weekend Gedankenexperiment - The Kill Switch


On Feb 4, 2011, at 9:49 PM, Hayden Katzenellenbogen wrote:

> Not sure if it has been said already but wasn't one of the key point 
> for the creation of the internet to create and infrastructure that 
> would survive in the case of all out war and massive destruction. 
> (strategic nuclear strikes)

Urban legend, although widely believed. Someone probably made the
observation.

> Does it not bode ill for "national security" if any party could take 
> out a massive communication system by destroying/pressuring a few 
> choke points?

You mean, like drop a couple of trade towers and take out three class
five switches, causing communication outages throughout New England and
New Jersey, and affecting places as far away as Chicago?

Nope. Couldn't happen.

More seriously, yes, one could in fact take out any connectivity one
wants by withdrawing routes (which is reportedly what Egypt did), and if
you hit enough interchange points that could get serious.

At the risk of sounding naive and pollyanna-ish, we have a few more of
those interchange points in the US than they have in Egypt. In theory,
yes. Making it actually happen could be quite an operation.

> -Original Message-
> From: JC Dill [mailto:jcdill.li...@gmail.com]
> Sent: Thursday, February 03, 2011 11:39 PM
> To: NANOG list
> Subject: Re: Weekend Gedankenexperiment - The Kill Switch
> 
>  On 03/02/11 10:38 PM, Paul Ferguson wrote:
>> 
>> And as an aside, governments will always believe that that they can
> control
>> the flow of information, when push comes to shove.
>> 
>> This has always been a hazard, and will always continue to be so.
>> 
>> As technologists, we need to be cognizant of that fact.
> 
> In the US, by accident (surely not by design) we are lucky that our 
> network of networks does not have the convenient 4 chokepoints that 
> the Egyptian network had, making it easy for the government to shut 
> off the entier internet by putting pressure on just 4 companies.
> 
> Where we *really* need to be fighting this battle is in the laws and 
> policies that are producing a duopoly in much of the US where 
> consumers have 2 choices, the ILEC for DSL or their local cableco for 
> Cable Internet.  As theses companies push smaller competing ISPs out 
> of business, and as they consolidate (e.g. Cablecos buying each other 
> up, resulting in fewer and fewer cablecos over time), we head down the

> direction of Egypt, where pressure on just a few companies CAN shut 
> down
> 
> the entire internet.  Otherwise we end up with a few companies that 
> will
> 
> play Visa and PayPal and roll over and play dead when a government 
> official says "Wikileaks is bad" - and equally easily will shut down 
> their entire networks for "national security".
> 
> If you *really* believe that the TSA is effective, you would be in 
> favor
> 
> of an Internet Kill Switch.  If you understand that this is really 
> security theater, and despite all the inconvenience we aren't really 
> any
> 
> safer, then you should equally be very concerned that someone ever has

> the power to order that the internet be "shut down" for our safety.
> 
> jc
> 
> 
>