Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: NANOG: users

Squeezing IPs out of ARIN

 

 

First page Previous page 1 2 Next page Last page  View All NANOG users RSS feed   Index | Next | Previous | View Threaded


bhmccie at gmail

Apr 25, 2012, 10:59 AM

Post #26 of 50 (1407 views)
Permalink
Re: Squeezing IPs out of ARIN [In reply to]

purchase/lease/rent/titlepawn/etc. We paid for and got a block of IPs.

-Hammer-

"I was a normal American nerd"
-Jack Herer



On 4/25/2012 11:13 AM, Valdis.Kletnieks [at] vt wrote:
> On Wed, 25 Apr 2012 10:54:39 -0500, -Hammer- said:
>> I can say that I recently completed the purchase of a large IPv6 block.
> "purchase"??!?


bhmccie at gmail

Apr 25, 2012, 11:00 AM

Post #27 of 50 (1399 views)
Permalink
Re: Squeezing IPs out of ARIN [In reply to]

Sorry everyone. Bad choice of words. I simply meant they have their
money and we have our allocation.

Stand down. Move along. Nothing to see here.

-Hammer-

"I was a normal American nerd"
-Jack Herer



On 4/25/2012 11:55 AM, Owen DeLong wrote:
> No, you didn't. You may have completed the acquisition of a large IPv6 block, but you did not purchase it.
>
> Number resources are not property and cannot be bought and/or sold.
>
> What you pay to ARIN pays for registration services (the registration of the numbers, not the numbers themselves). While I realize that in practice this may seem like a distinction without a difference, there are major legal and practical implications to this fact that are quite important to the very underpinnings of how the internet works.
>
> Owen
>
> On Apr 25, 2012, at 8:54 AM, -Hammer- wrote:
>
>> I can say that I recently completed the purchase of a large IPv6 block. We've had several large V4 blocks for years and got them with very little effort. For this block, we had to provide a detailed list of all our physical locations as well as how the IP schema would be utilized. I also had to provide site drawings (scrubbed visios) showing my topology layout to justify my additional ASNs. It was not a harsh ordeal. ARIN was very professional about it. But it was a lot more paperwork than what I've needed in the past. None of it seemed unreasonable. We just had to work out NDAs and whatnot so I could share more detailed information with them.
>>
>> -Hammer-
>>
>> "I was a normal American nerd"
>> -Jack Herer
>>
>>
>>
>> On 4/25/2012 10:34 AM, Owen DeLong wrote:
>>> There is not a new policy added on to prevent hoarding. What is required is what
>>> has been required for several years. Utilization information and proper justification.
>>>
>>> If you are seeking an ISP allocation, then, reassignment (customer) information is
>>> in fact part of that utilization information.
>>>
>>> Owen
>>>
>>> On Apr 25, 2012, at 8:22 AM, Kenneth McRae wrote:
>>>
>>>> Negative.. I have never had to provide end user information. I have been
>>>> required to provide utilization information. I am sure this "policy" is
>>>> and add-on to make it more difficult to prevent hoarding..
>>>>
>>>> On Tue, Apr 24, 2012 at 10:47 AM, Jonathan Lassoff<jof [at] thejof> wrote:
>>>>
>>>>> On Tue, Apr 24, 2012 at 10:32 AM,<admin [at] thecpaneladmin> wrote:
>>>>>> Anyone have any tips for getting IPs from ARIN? For an end-user
>>>>> allocation
>>>>>> they are requesting that we provide customer names for existing
>>>>> allocations,
>>>>>> which is information that will take a while to obtain. They are insisting
>>>>>> that this is standard process and something that everyone does when
>>>>>> requesting IPs. Has anyone actually had to do this?
>>>>> Indeed. It's worked this way for a long time.
>>>>>
>>>>> When starting a new organization, there's a bit of a chicken and egg
>>>>> problem with IP space. If anyone could get IP space just for asking
>>>>> for it, it would have been consumed too quickly. So, organizations
>>>>> must first get some space assigned to them from an upstream provider
>>>>> and begin using it.
>>>>> At some point the current usage and growth rate of the assigned space
>>>>> will justify a direct allocation.
>>>>>
>>>>> Then, you can renumber into your new space and be totally independent.
>>>>>
>>>>> Cheers,
>>>>> jof
>>>>>
>>>>>
>>>> --
>>>> Best Regards,
>>>>
>>>>
>>>>
>>>> Kenneth McRae
>>>> *Sr. Network Engineer*
>>>> kenneth.mcrae [at] dreamhost
>>>> Ph: 323-375-3814
>>>> www.dreamhost.com
>>>
>


owen at delong

Apr 25, 2012, 11:15 AM

Post #28 of 50 (1398 views)
Permalink
Re: Squeezing IPs out of ARIN [In reply to]

Nope... You paid for and received registration services for a block of IP Addresses.

Anyone can use those integers for many purposes, but, only you are registered to use them as
topological identifiers on the internet according to ARIN and the other RIRs.

Owen

On Apr 25, 2012, at 10:59 AM, -Hammer- wrote:

> purchase/lease/rent/titlepawn/etc. We paid for and got a block of IPs.
>
> -Hammer-
>
> "I was a normal American nerd"
> -Jack Herer
>
>
>
> On 4/25/2012 11:13 AM, Valdis.Kletnieks [at] vt wrote:
>> On Wed, 25 Apr 2012 10:54:39 -0500, -Hammer- said:
>>> I can say that I recently completed the purchase of a large IPv6 block.
>> "purchase"??!?


bhmccie at gmail

Apr 25, 2012, 11:28 AM

Post #29 of 50 (1398 views)
Permalink
Re: Squeezing IPs out of ARIN [In reply to]

Killing me softly Owen....

-Hammer-

"I was a normal American nerd"
-Jack Herer



On 4/25/2012 1:15 PM, Owen DeLong wrote:
> Nope... You paid for and received registration services for a block of IP Addresses.
>
> Anyone can use those integers for many purposes, but, only you are registered to use them as
> topological identifiers on the internet according to ARIN and the other RIRs.
>
> Owen
>
> On Apr 25, 2012, at 10:59 AM, -Hammer- wrote:
>
>> purchase/lease/rent/titlepawn/etc. We paid for and got a block of IPs.
>>
>> -Hammer-
>>
>> "I was a normal American nerd"
>> -Jack Herer
>>
>>
>>
>> On 4/25/2012 11:13 AM, Valdis.Kletnieks [at] vt wrote:
>>> On Wed, 25 Apr 2012 10:54:39 -0500, -Hammer- said:
>>>> I can say that I recently completed the purchase of a large IPv6 block.
>>> "purchase"??!?
>


streiner at cluebyfour

Apr 25, 2012, 11:35 AM

Post #30 of 50 (1395 views)
Permalink
Re: Squeezing IPs out of ARIN [In reply to]

On Wed, 25 Apr 2012, -Hammer- wrote:

> Killing me softly Owen....

The difference is subtle, but important.

jms


kenneth.mcrae at dreamhost

Apr 25, 2012, 12:31 PM

Post #31 of 50 (1403 views)
Permalink
Re: Squeezing IPs out of ARIN [In reply to]

No I am speaking about my previous positons with large providers, telco,
etc.

On Wed, Apr 25, 2012 at 9:09 AM, Jonathan Lassoff <jof [at] thejof> wrote:

> On Wed, Apr 25, 2012 at 8:46 AM, Kenneth McRae <
> kenneth.mcrae [at] dreamhost> wrote:
>
>> I have never provided the names of end users.. How the address space
>> would be utilized? Definitely.. But not the names of end users...
>>
>
> Probably because you are an "end user".
> If you're talking about AS26347, I don't think there is any re-assigned
> space in there.
>
> Do you ever "assign" users CIDR blocks of IP space for their own use? If
> it's just the transitory use of IPs in an operational network you control,
> then that sounds like "end user" use to me, even though you may sell the
> use of those IPs.
>
> If you have questions about this stuff, the ARIN NRPM is a great resource:
> https://www.arin.net/policy/nrpm.html
>
> Cheers,
> jof
>



--
Best Regards,



Kenneth McRae
*Sr. Network Engineer*
kenneth.mcrae [at] dreamhost
Ph: 323-375-3814
www.dreamhost.com


asusag at ifncom

Apr 25, 2012, 2:28 PM

Post #32 of 50 (1392 views)
Permalink
RE: Squeezing IPs out of ARIN [In reply to]

We just recently "wrastled" with ARIN to get a whopping /22 from them,
it wasn't very easy.

Keeping record of what you have allocated downstream is important and I
totally agree with ARIN insisting this be done. Luckily as long as you
have an address, customer name, and a contact, you can issue reassign
simples to hostmaster. You don't have to walk your customers through
creating POCs and ORG-IDs. When you issue a reassign simple, it will
automatically create all that. As long as your allocations are 80% full,
you should be able to make a request. You might not get what you want
though.

Seems kind of counterproductive to ARIN though. I wouldn't think they'd
like a database full of fudged SWIP info, but I guess they're OK with
it...

-----Original Message-----
From: Richey [mailto:mylists [at] battleop]
Sent: Wednesday, April 25, 2012 13:21
To: 'Kenneth McRae'; 'Owen DeLong'
Cc: nanog [at] nanog
Subject: RE: Squeezing IPs out of ARIN

I got a new allocation about 18 months ago. I sent them a spread sheet
of the users and their current IPs. I changed the real customer name to
something that reflected what business they were in. So I had lots of
"Hotel Customer 1" and "Dr. Office 112" with what IPs they were using.
There was no way we were going to release a complete customer list to
anyone. They didn't seem to have a problem with this.

Richey

-----Original Message-----
From: Kenneth McRae [mailto:kenneth.mcrae [at] dreamhost]
Sent: Wednesday, April 25, 2012 11:46 AM
To: Owen DeLong
Cc: nanog [at] nanog
Subject: Re: Squeezing IPs out of ARIN

I have never provided the names of end users.. How the address space
would be utilized? Definitely.. But not the names of end users...

On Wed, Apr 25, 2012 at 8:34 AM, Owen DeLong <owen [at] delong> wrote:

> There is not a new policy added on to prevent hoarding. What is
> required is what has been required for several years. Utilization
> information and proper justification.
>
> If you are seeking an ISP allocation, then, reassignment (customer)
> information is in fact part of that utilization information.
>
> Owen
>
> On Apr 25, 2012, at 8:22 AM, Kenneth McRae wrote:
>
> > Negative.. I have never had to provide end user information. I
> > have
> been
> > required to provide utilization information. I am sure this
> > "policy" is and add-on to make it more difficult to prevent
hoarding..
> >
> > On Tue, Apr 24, 2012 at 10:47 AM, Jonathan Lassoff <jof [at] thejof>
> wrote:
> >
> >> On Tue, Apr 24, 2012 at 10:32 AM, <admin [at] thecpaneladmin>
wrote:
> >>> Anyone have any tips for getting IPs from ARIN? For an end-user
> >> allocation
> >>> they are requesting that we provide customer names for existing
> >> allocations,
> >>> which is information that will take a while to obtain. They are
> insisting
> >>> that this is standard process and something that everyone does
> >>> when requesting IPs. Has anyone actually had to do this?
> >>
> >> Indeed. It's worked this way for a long time.
> >>
> >> When starting a new organization, there's a bit of a chicken and
> >> egg problem with IP space. If anyone could get IP space just for
> >> asking for it, it would have been consumed too quickly. So,
> >> organizations must first get some space assigned to them from an
> >> upstream provider and begin using it.
> >> At some point the current usage and growth rate of the assigned
> >> space will justify a direct allocation.
> >>
> >> Then, you can renumber into your new space and be totally
independent.
> >>
> >> Cheers,
> >> jof
> >>
> >>
> >
> >
> > --
> > Best Regards,
> >
> >
> >
> > Kenneth McRae
> > *Sr. Network Engineer*
> > kenneth.mcrae [at] dreamhost
> > Ph: 323-375-3814
> > www.dreamhost.com
>
>


--
Best Regards,



Kenneth McRae
*Sr. Network Engineer*
kenneth.mcrae [at] dreamhost
Ph: 323-375-3814
www.dreamhost.com


rs at seastrom

Apr 25, 2012, 2:59 PM

Post #33 of 50 (1400 views)
Permalink
Re: Squeezing IPs out of ARIN [In reply to]

"Andy Susag" <asusag [at] ifncom> writes:

> Seems kind of counterproductive to ARIN though. I wouldn't think they'd
> like a database full of fudged SWIP info, but I guess they're OK with
> it...

They require an officer attestation. SWIP info that is made up out of
whole cloth sounds suspiciously like fraud to me, but I'm neither a
lawyer nor your CxO. Choose wisely.

-r


jcurran at arin

Apr 25, 2012, 3:19 PM

Post #34 of 50 (1396 views)
Permalink
Re: Squeezing IPs out of ARIN [In reply to]

On Apr 25, 2012, at 2:28 PM, Andy Susag wrote:

> We just recently "wrastled" with ARIN to get a whopping /22 from them,
> it wasn't very easy.
>
> Keeping record of what you have allocated downstream is important and I
> totally agree with ARIN insisting this be done. Luckily as long as you
> have an address, customer name, and a contact, you can issue reassign
> simples to hostmaster. You don't have to walk your customers through
> creating POCs and ORG-IDs. When you issue a reassign simple, it will
> automatically create all that. As long as your allocations are 80% full,
> you should be able to make a request. You might not get what you want
> though.
>
> Seems kind of counterproductive to ARIN though. I wouldn't think they'd
> like a database full of fudged SWIP info, but I guess they're OK with
> it...

Andy -

You're 90% right in your quick summary about reassignment data; more details are
available here: <https://www.arin.net/resources/request/reassignments.html>
If you've got concerns regarding privacy for residential subscribers, there are
specific mechanisms for handling that, but otherwise you should be putting in
accurate reassignment data (including organization) for each IPv4 assignment of
/29 or more. To not do so would be very awkward for you and your customers if
your network block were reported for Internet number resource fraud due to
being "full of fudged SWIP info"...

FYI,
/John

John Curran
President and CEO
ARIN


jbates at brightok

Apr 25, 2012, 3:31 PM

Post #35 of 50 (1395 views)
Permalink
Re: Squeezing IPs out of ARIN [In reply to]

This is the first time I've seen ARIN request actual individual names.
I've had them requests SWIP and I've had them request exact user counts,
and I generally get much larger allocations than what was being
allocated. In addition, all their numbers matched up with all of my
numbers and the allocated space matched what I had assigned them minus 1
/24 (they had 5 /23's from me). After their initial renumber into the
/21, they had to return to get the additional /24. They reorganized some
networks to squeeze off the tenth /24.

On 4/25/2012 10:31 AM, Owen DeLong wrote:
> There is nothing whatsoever wrong with providing the information to
> ARIN under NDA. ARIN provides a very good (IMHO) plain English mutual
> NDA for just this purpose. What rational ethical ISP fails to include
> a provision for this process in their TOS?
Sure, and small ISP techs immediately think of NDAs when talking to
ARIN. ARIN didn't suggest it. In addition, the entire "provide all this
customer detail information" was overkill as well, given that the /21
was justified without the last little bit of justification requiring
customer names (or for that matter, the management equipment model/type
info).

>> I sometimes wonder what happens to that information; if it sits around in an archive somewhere in the vast digital repositories of ARIN awaiting someone to steal it.
> That's a very cynical view. I happen to know that ARIN takes the security of that data very seriously and I think they do a good job of protecting it. If you have any reason to believe otherwise, I invite you to offer some form of substantiation to support such a claim.
>
>
I would like to assume they do a good job protecting the data (although
I have no proof that this is true). However, leaving unnecessary data
laying around for no valid reason is careless. Historical information of
customer names/addresses is not necessary, even if said information is
provided to ARIN. A note on the account verifying that necessary
information was seen by the ARIN representative is enough. Requiring
this level of detail on the smallest fraction of the justified space
makes it even worse.

Of course, ARIN might delete the information. I've seen nothing in the
documentation to suggest if they do or not.

I never presume data is secure. The more unnecessary copies of it there
are, the more likely it will be obtained by an unauthorized individual.


Jack


mysidia at gmail

Apr 25, 2012, 11:05 PM

Post #36 of 50 (1393 views)
Permalink
Re: Squeezing IPs out of ARIN [In reply to]

On 4/25/12, Jack Bates <jbates [at] brightok> wrote:
> On 4/25/2012 10:31 AM, Owen DeLong wrote:
>> There is nothing whatsoever wrong with providing the information to
>> ARIN under NDA. ARIN provides a very good (IMHO) plain English mutual
--
> Sure, and small ISP techs immediately think of NDAs when talking to
> ARIN. ARIN didn't suggest it. In addition, the entire "provide all this
[snip]

Before anyone received their first allocation from ARIN, they had to
sign a Registration Services Agreement, which contains a section
explaining that ARIN may review Holder's utilization of previously
assigned resources to ensure the Holder is complying with the terms,
when a transfer or additional IPs are requested.

In other words, they have been forewarned, that ARIN may at any time
require them to show thorough documentation proving the utilization
of the resources, and exactly who or what resources have been
reassigned or reallocated to, and eligibility for future resource
transfers/allocations may be impacted.

If resources are used to provide service to a customer, it is not
unreasonable that ARIN require that this to be shown, what customer,
etc -- the org. assigning or reallocating the resources is required
to have documented this.

In addition to this documentation, for reallocations of /29 or more
IPs, SWIP or Rwhois is also required by policy.

That is all discussed in the ARIN Number resource policy manual, that
resource holders have agreed to be bound to by signing a RSA.


The requirement to document utilization and maintain evidence for the
justification for utilization at all times, does not start when
applying for additional resources.
The policy is in effect at all times.

The requirement is that the justification be made and documented,
before resources
are reallocated.

In short... please don't blame the registry for failure to adhere to
the rules and advice
"should" rules given in number resource policies by maintaining proper
documentation.

The ARIN policies are community developed; and the ARIN staff
wouldn't be doing their job as steward of scarce IPv4 resources which
will be exhausted before too long;
if they didn't require sufficient details to prove the utilization in
resource reviews for
the new allocations.


https://www.arin.net/policy/nrpm.html#four23
"
4.2.3. Reassigning Address Space to Customers
4.2.3.1. Efficient utilization

ISPs are required to apply a utilization efficiency criterion in
providing address space to their customers. To this end, ISPs should
have documented justification available for each reassignment. ARIN
may request this justification at any time. If justification is not
provided, future receipt of allocations may be impacted.
"


The requirement for End users is even more stringent:
https://www.arin.net/policy/nrpm.html#four33
"
Requesters must show exactly how previous address assignments have
been utilized and must provide appropriate details to verify their
one-year growth projection.
"




--
-JH


jmaimon at ttec

Apr 26, 2012, 6:52 AM

Post #37 of 50 (1412 views)
Permalink
Re: Squeezing IPs out of ARIN [In reply to]

Owen DeLong wrote:
>
>>
> RWHOIS is a perfectly valid alternative to SWIP.
>
> Owen
>


I actually got RWHOIS working a while back. But then faced with the
prospect of loading it up, I decided that ARIN templates were actually
easier to use.

And with their restful interface, even more so.

Unless it is all prerolled for your and bundled with your ip management
software that you are already using, dont bother.

Joe


ops.lists at gmail

Apr 26, 2012, 7:02 AM

Post #38 of 50 (1385 views)
Permalink
Re: Squeezing IPs out of ARIN [In reply to]

It is an extremely rare ISP that has an rwhois server, and then
ensures that it remains available, up and answering queries.

And even rarer when the ISP ensures that its rwhois records are up to
date and not hopelessly stale.

On Thu, Apr 26, 2012 at 7:22 PM, Joe Maimon <jmaimon [at] ttec> wrote:
>
>
> Owen DeLong wrote:
>>
>>
>>>
>> RWHOIS is a perfectly valid alternative to SWIP.
>>
>> Owen
>>
>
>
> I actually got RWHOIS working a while back. But then faced with the prospect
> of loading it up, I decided that ARIN templates were actually easier to use.
>
> And with their restful interface, even more so.
>
> Unless it is all prerolled for your and bundled with your ip management
> software that you are already using, dont bother.
>
> Joe
>



--
Suresh Ramasubramanian (ops.lists [at] gmail)


owen at delong

Apr 26, 2012, 7:37 AM

Post #39 of 50 (1385 views)
Permalink
Re: Squeezing IPs out of ARIN [In reply to]

Actually, most of the ISPs I know that use RWHOIS instead of SWIP do so tying
the RWHOIS server into their IP management database through an automated
process (if not just live queries).

However, you are right that most ISPs use SWIP.

Owen

On Apr 26, 2012, at 7:02 AM, Suresh Ramasubramanian wrote:

> It is an extremely rare ISP that has an rwhois server, and then
> ensures that it remains available, up and answering queries.
>
> And even rarer when the ISP ensures that its rwhois records are up to
> date and not hopelessly stale.
>
> On Thu, Apr 26, 2012 at 7:22 PM, Joe Maimon <jmaimon [at] ttec> wrote:
>>
>>
>> Owen DeLong wrote:
>>>
>>>
>>>>
>>> RWHOIS is a perfectly valid alternative to SWIP.
>>>
>>> Owen
>>>
>>
>>
>> I actually got RWHOIS working a while back. But then faced with the prospect
>> of loading it up, I decided that ARIN templates were actually easier to use.
>>
>> And with their restful interface, even more so.
>>
>> Unless it is all prerolled for your and bundled with your ip management
>> software that you are already using, dont bother.
>>
>> Joe
>>
>
>
>
> --
> Suresh Ramasubramanian (ops.lists [at] gmail)


ops.lists at gmail

Apr 26, 2012, 7:49 AM

Post #40 of 50 (1397 views)
Permalink
Re: Squeezing IPs out of ARIN [In reply to]

They do, they do .. but there's all kinds of rwhois unfortunately.

suresh [at] frod 07:41:38 :~$ telnet rwhois.level3.net 4321
Trying 209.244.1.179...
^C [keeps timing out]

suresh [at] frod 07:48:17 :~$ telnet rwhois.hostnoc.net 4321
Trying 64.191.49.26...
Connected to rwhois.hostnoc.net.
Escape character is '^]'.
%rwhois V-1.5:003fff:00 rwhois.hostnoc.net (by Network Solutions, Inc.
V-1.5.9.5)
[not particularly up to date]

compared to, for example -

suresh [at] frod 07:47:13 :~$ telnet rwhois.cogentco.com 4321
Trying 66.28.3.252...
Connected to plebe.sys.cogentco.com.
Escape character is '^]'.
%rwhois V-1.5:0010b0:00 rwhois.cogentco.com
[fast, works great, accurate]

suresh [at] frod 07:47:22 :~$ telnet rwhois.softlayer.com 4321
Trying 66.228.118.79...
Connected to rwhois.softlayer.com.
Escape character is '^]'.
%rwhois V-1.5:003fff:00 rwhois.softlayer.com (by Network Solutions,
Inc. V-1.5.9.5)
[ditto]


On Thu, Apr 26, 2012 at 8:07 PM, Owen DeLong <owen [at] delong> wrote:
> Actually, most of the ISPs I know that use RWHOIS instead of SWIP do so tying
> the RWHOIS server into their IP management database through an automated
> process (if not just live queries).
>
> However, you are right that most ISPs use SWIP.



--
Suresh Ramasubramanian (ops.lists [at] gmail)


ops.lists at gmail

Apr 26, 2012, 7:49 AM

Post #41 of 50 (1397 views)
Permalink
Re: Squeezing IPs out of ARIN [In reply to]

Though to be fair that is probably legacy and level3 does swip its customers.

On Thu, Apr 26, 2012 at 8:19 PM, Suresh Ramasubramanian
<ops.lists [at] gmail> wrote:
>
> suresh [at] frod 07:41:38 :~$ telnet rwhois.level3.net 4321
> Trying 209.244.1.179...
> ^C [keeps timing out]



--
Suresh Ramasubramanian (ops.lists [at] gmail)


jbates at brightok

Apr 26, 2012, 8:47 AM

Post #42 of 50 (1397 views)
Permalink
Re: Squeezing IPs out of ARIN [In reply to]

On 4/26/2012 1:05 AM, Jimmy Hess wrote:
> If resources are used to provide service to a customer, it is not
> unreasonable that ARIN require that this to be shown, what customer,
> etc -- the org. assigning or reallocating the resources is required
> to have documented this.
>
> In addition to this documentation, for reallocations of /29 or more
> IPs, SWIP or Rwhois is also required by policy.

It is unreasonable to require detailed customer information on /32
static assignments which make up the smallest fraction of space compared
to the huge blocks of dhcp pools (pools which justify allocations on
their own). In addition, a few show commands on a router displaying arp
(with first 6 filtered) or ppp sessions (with username filtered) or dhcp
pool printouts showing utilization would make much more sense and
provide better "proof" of utilization then handing out private resident
names of the <10% static /32 utilization pool.

For management statics, the same applies. A couple arp table captures
generally should provide enough proof of utilization.

If ARIN really wants to be uptight about it, they can do what all the
vendors do and set up a meeting session to watch us type the commands.
This is probably the hardest method to forge.

I have not argued about any /29 or greater assignment which should be
SWIP'd.

Someone else in the thread complained that someone would be vague
information in a SWIP concerning a customer, but I see it's still listed
under 4.2.3.7.3.2. So the NRPM still apparently recognizes the need for
Residential privacy as long as upstream contacts are available to handle
abuse/technical contact.

I didn't see in the NRPM where SWIP was necessary for /32 assignments,
nor that such contact information should be handed to ARIN. This is the
difference between NRPM and ARIN implementation of NRPM. ARIN has always
asked for dhcp pool counts versus actual customer counts, dialup counts,
dialup ratios, etc. They have also always asked for SWIP/records for /29
or larger assignments. I've always been surprised that they don't ask
for a few router/server captures as verification. Instead they ask for
information which isn't pertinent to justification, the <10% assignments
(when the 90% more than justifies on its own).


Jack


bill at herrin

Apr 26, 2012, 11:59 AM

Post #43 of 50 (1377 views)
Permalink
Re: Squeezing IPs out of ARIN [In reply to]

On 4/26/12, Joe Maimon <jmaimon [at] ttec> wrote:
> Owen DeLong wrote:
>> RWHOIS is a perfectly valid alternative to SWIP.

> I actually got RWHOIS working a while back. But then faced with the
> prospect of loading it up, I decided that ARIN templates were actually
> easier to use.

The rwhois software from about 10 years ago was very difficult to work
with and it periodically crashed to boot. I used it because I already
had my allocation data in a handy machine-readable form and could
write software which would wholesale convert that database into what
rwhois wanted to see. That way I didn't have to write something to
detect changes and "update" the SWIP templates. I could just push a
completely fresh database into rwhois.

Had I needed to import the data by hand, there's no way: I would have
used the SWIP templates.

Regards,
Bill Herrin

--
William D. Herrin ................ herrin [at] dirtside bill [at] herrin
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004


bill at herrin

Apr 26, 2012, 12:14 PM

Post #44 of 50 (1378 views)
Permalink
Re: Squeezing IPs out of ARIN [In reply to]

On 4/26/12, Jack Bates <jbates [at] brightok> wrote:
> On 4/26/2012 1:05 AM, Jimmy Hess wrote:
>> In addition to this documentation, for reallocations of /29 or more
>> IPs, SWIP or Rwhois is also required by policy.
>
> It is unreasonable to require detailed customer information on /32
> static assignments which make up the smallest fraction of space compared
> to the huge blocks of dhcp pools (pools which justify allocations on
> their own).

It depends.

If you have a healthy mix of assignment sizes and your contact at ARIN
is hassling you about the /32's, you may want to ask why he's seeking
that information in light of the policy cut-off at /29.

If the bulk of your assignment sizes are /32 then I suspect your ARIN
contact is really saying: This fits a pattern consistent with careless
and poorly tracked assignments which if audited would reveal enough
dead assignments to put you in violation of policy. Show us that's not
the case.

If you have already provided a reasonable demonstration of the actual
utilization of your /32's yet you're still getting hassled about
identifying those customers that would seem, to my read anyway, to
violate ARIN's written policy. In which case I'm confident that ARIN
President John Curran would like to hear from you privately.

Regards,
Bill Herrin

--
William D. Herrin ................ herrin [at] dirtside bill [at] herrin
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004


mpalmer at hezmatt

Apr 26, 2012, 3:54 PM

Post #45 of 50 (1373 views)
Permalink
Re: Squeezing IPs out of ARIN [In reply to]

On Wed, Apr 25, 2012 at 08:31:44AM -0700, Owen DeLong wrote:
> On Apr 24, 2012, at 9:57 PM, Jack Bates wrote:
> > I sometimes wonder what happens to that information; if it sits around
> > in an archive somewhere in the vast digital repositories of ARIN
> > awaiting someone to steal it.
>
> That's a very cynical view. I happen to know that ARIN takes the security
> of that data very seriously and I think they do a good job of protecting
> it. If you have any reason to believe otherwise, I invite you to offer
> some form of substantiation to support such a claim.

I'm sure that if you s/ARIN/Sony/, s/ARIN/Wordpress/, or s/ARIN/RSA/ (just
to name a few), you'd have found people at some point in the past more than
willing to stand behind the resulting statement.

Just sayin'.

- Matt


mysidia at gmail

Apr 26, 2012, 5:09 PM

Post #46 of 50 (1384 views)
Permalink
Re: Squeezing IPs out of ARIN [In reply to]

On 4/26/12, Jack Bates <jbates [at] brightok> wrote:
>> In addition to this documentation, for reallocations of /29 or more
>> IPs, SWIP or Rwhois is also required by policy.
> It is unreasonable to require detailed customer information on /32
> static assignments which make up the smallest fraction of space compared

It is not unreasonable to require detailed information be kept; it is
standard business practice to maintain such documentation for support,
incident handling, and billing purposes. If that customer stops
paying for their service, exactly the right service will be
determined. It is also required that exactly the right /32 be
de-allocated; the previous customer's use of that /32 can no
longer be used to consider the IP still utilized for justifying future
allocations, until it is reassigned.

If the provider failed to "unmark" that static /32 as utilized in
their management system, in that case, it may be ARIN's job to detect
the absence of proof of current utilization for those now-unused /32s.

The provider is required to maintain that detailed level of
documentation, but it is burdensome to publish documentation down to
the /32 level, hence, one of the
reasons that it is actually not required to RWHOIS or SWIP, unless
the allocation is a /29 or larger.

That doesn't excuse the provider from maintaining documentation, that
ARIN may require at any time, it just reduces the operational burden
of constantly updating external databases with single-IP assignments.

> to the huge blocks of dhcp pools (pools which justify allocations on
> their own). In addition, a few show commands on a router displaying arp

Proof implies that you have provided independently verifiable
information, that can be
used to show that the applicant is providing truthful information.

Some "show" commands will show DHCP server usage, but not conclusive
proof of the utilization of the address space.

Because the show commands are not independently verifiable -- for all
the RIR knows, someone plugged in a big stack of $10 modems just to
register with the DHCP server.



--
-JH


owen at delong

Apr 26, 2012, 6:05 PM

Post #47 of 50 (1372 views)
Permalink
Re: Squeezing IPs out of ARIN [In reply to]

On Apr 26, 2012, at 8:47 AM, Jack Bates wrote:

> On 4/26/2012 1:05 AM, Jimmy Hess wrote:
>> If resources are used to provide service to a customer, it is not
>> unreasonable that ARIN require that this to be shown, what customer,
>> etc -- the org. assigning or reallocating the resources is required
>> to have documented this.
>>
>> In addition to this documentation, for reallocations of /29 or more
>> IPs, SWIP or Rwhois is also required by policy.
>
> It is unreasonable to require detailed customer information on /32 static assignments which make up the smallest fraction of space compared to the huge blocks of dhcp pools (pools which justify allocations on their own). In addition, a few show commands on a router displaying arp (with first 6 filtered) or ppp sessions (with username filtered) or dhcp pool printouts showing utilization would make much more sense and provide better "proof" of utilization then handing out private resident names of the <10% static /32 utilization pool.
>

/32s are not required. Get over it.

/29 and larger.

> For management statics, the same applies. A couple arp table captures generally should provide enough proof of utilization.
>
> If ARIN really wants to be uptight about it, they can do what all the vendors do and set up a meeting session to watch us type the commands. This is probably the hardest method to forge.
>
> I have not argued about any /29 or greater assignment which should be SWIP'd.
>
> Someone else in the thread complained that someone would be vague information in a SWIP concerning a customer, but I see it's still listed under 4.2.3.7.3.2. So the NRPM still apparently recognizes the need for Residential privacy as long as upstream contacts are available to handle abuse/technical contact.
>

The other person spoke of classes of businesses so the residential privacy policy would not apply.

Owen


bill at herrin

Apr 26, 2012, 6:14 PM

Post #48 of 50 (1375 views)
Permalink
Re: Squeezing IPs out of ARIN [In reply to]

On 4/26/12, Owen DeLong <owen [at] delong> wrote:
> On Apr 26, 2012, at 8:47 AM, Jack Bates wrote:
>> It is unreasonable to require detailed customer information on /32 static
>> assignments which make up the smallest fraction of space compared to the
>> huge blocks of dhcp pools (pools which justify allocations on their own).
>> In addition, a few show commands on a router displaying arp (with first 6
>> filtered) or ppp sessions (with username filtered) or dhcp pool printouts
>> showing utilization would make much more sense and provide better "proof"
>> of utilization then handing out private resident names of the <10% static
>> /32 utilization pool.
>
> /32s are not required. Get over it.

Hi Owen,

John Curran says otherwise.

http://lists.arin.net/pipermail/arin-ppml/2012-April/024518.html
http://lists.arin.net/pipermail/arin-ppml/2012-April/024523.html

Regards,
Bill Herrin


--
William D. Herrin ................ herrin [at] dirtside bill [at] herrin
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004


jbates at brightok

Apr 26, 2012, 6:30 PM

Post #49 of 50 (1370 views)
Permalink
Re: Squeezing IPs out of ARIN [In reply to]

On 4/26/2012 7:09 PM, Jimmy Hess wrote:
> ome "show" commands will show DHCP server usage, but not conclusive
> proof of the utilization of the address space. Because the show
> commands are not independently verifiable -- for all the RIR knows,
> someone plugged in a big stack of $10 modems just to register with the
> DHCP server. -- -JH

I believe buying and connecting thousands of $10 modems to register with
a DHCP server actually constitutes valid use of IP addresses. You would
more likely need to create a script to spoof mac addresses in
registering with the DHCP server over time to be in violation. Works
about like a script that pulls names out of a phone book and assigns
them to IP addresses in a report. The difference between the two is that
it's easier to make the report than create a good dhcp script that will
also utilize bandwidth and multiple interfaces or fill dhcp snooping
tables and show up interfaces.

The reason I'm completely for skipping all the extra paperwork and going
straight to a meeting session is that it's easy to view the various
screens depending on the ISP layout to show that a group of addresses
are in use and much more difficult to cover all bases to defraud ARIN
(not impossible, but much more difficult than forging customer names).


Jack


lsc at prgmr

Apr 28, 2012, 12:18 AM

Post #50 of 50 (1345 views)
Permalink
Re: Squeezing IPs out of ARIN [In reply to]

On Tue, Apr 24, 2012 at 01:32:17PM -0400, admin [at] thecpaneladmin wrote:
> Anyone have any tips for getting IPs from ARIN? For an end-user
> allocation they are requesting that we provide customer names for
> existing allocations, which is information that will take a while to
> obtain. They are insisting that this is standard process and something
> that everyone does when requesting IPs. Has anyone actually had to do
> this?

I have.

clearly, I should have asked, or looked closer, but when I started
this mess? it was not at all clear to me that ARIN saw things that went
into a home as 'residential' and everything else as 'business' - but
from my reading and their reactions to my questions, that's how they see
it. If it's in a data center and not in a residence, you need to
give them a name (human or business) for every reassigned IP,
even if the reassignment is a /32.

Probably the majority of my VPSs? personal use, but not residential.

I started with changing the privacy policy, and blogged about it, asking
for at least 80% of the people to opt-in. Maybe 2% did. I gave it
months, then I emailed everyone, asking them to opt-out. I gave them
two weeks, maybe 2% did.

So yeah; eh, nobody got mad at me for it, and I think some people were
impressed that I emailed them when I made such a large change to
the privacy policy (that isn't expected?) so I guess it all turned out
okay, but yeah. ARIN wants a name of some sort for every
/32. (Now, I just did a query against my billing database and returned
the business name and only returned the human name if there was no
business name.)

First page Previous page 1 2 Next page Last page  View All NANOG users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.