nanog mailing list archives
Past policies versus present and future uses
From: Matthew Petach <mpetach () netflight com>
Date: Sun, 24 Jan 2021 15:15:03 -0800
On Sun, Jan 24, 2021 at 4:22 AM JORDI PALET MARTINEZ via NANOG < nanog () nanog org> wrote: [...]
So, you end up with 2-3 RIRs allocations, not 5. And the real situation is that 3 out of 5 RIRs communities, decided to be more relaxed on that requirement, so you don’t need actually more than 1 or may be 2 allocations. Of course, we are talking “in the past” because if we are referring to IPv4 addresses, you actually have a different problem trying to get them from the RIRs.
Hi Jordi, I've adjusted the subject line to reflect the real thrust of this discussion. You're right--if we're trying to get "new" allocations of IPv4 addresses, we've got bigger problems to solve. But when it comes to IPv6 address blocks and ASNs, these questions are still very relevant. And, going back to the original article that spawned the parent thread, the problem wasn't about companies requesting *new* blocks, it was about the usage of old, already granted blocks that were now being reclaimed. Historically, ISPs have focused on ensuring their usage of IP space reflected the then-current requirements at the time the blocks were requested. This action by Ron, well-intentioned as it is, raises a new challenge for ISPs: network numbering decisions that were made in the past, which may have been done perfectly according to the guidelines in place at the time the blocks were assigned, may later on violate *newly added* requirements put in place by RIRs. How many global networks allocate manpower and time cycles to potentially renumbering portions of their network each time a new policy is put in place at an RIR that makes previously-conforming addressing topologies no longer conforming? Historically, once addresses were granted by an RIR, and the exercise of ensuring all the requirements were met, and the addresses were in place, that was it; nobody went back every time a new policy was put in place and re-audited the network to ensure it was still in compliance, and did the work to bring it back into compliance if the new policy created violations, because the RIRs generally didn't go back to see if new policies had been retroactively applied to all member networks. Ron's actions have now put every network on notice; it wasn't good enough to be in compliance at the time you obtained your address space, you MUST re-audit your network any time new policies are put into force by the RIR in a region in which you do business, or your address space may be revoked due to retroactive application of the new policy against addresses you have already put into use. This is a bigger deal that I think many people on the list are first grasping. We grow up accustomed to the notion that laws can't be applied retroactively. If you smoked pot last year, before it was criminalized, they can't arrest you this year after a new law was passed for smoking it before the law was passed. In the DDoS-guard case, the address blocks in question seem to have been granted by LACNIC nearly a decade ago back in 2013, under whatever policies were in force at the time. But they're being revoked and reclaimed based on the policies that are in place *now*, nearly a decade later. It sends a very clear message--it's not enough to be in compliance with policies at the time the addresses are granted. New policies can and will be applied retroactively, so decisions you made in the past that were valid and legal, may now be invalid, and subject you to revocation. It's bad enough when it's your own infrastructure that you have some control over that you may need to re-number; woe to you if you assign address blocks to *customers* in a manner that was valid under previous policy, but is no longer valid under new policies--you get to go back to your customers, and explain that *they* now have to redo their network addressing so that it is in compliance, in order for *you* to be in compliance with the new policies. Otherwise, you can *all* end up losing your IP address blocks. So--while I think Ron's actions were done with the best of intentions, I think the fallout from those actions should be sending a chill down the spine of every network operator who obtained address blocks under policies in place a decade ago that hasn't gone back and re-audited their network for compliance after ever subsequent policy decision. What if one of *your* customers falls into Ron's spotlight; is the rest of your network still in compliance with every RIR policy passed in the years or decades since the addresses were allocated? Are you at risk of having chunks of your IP space revoked? I know this sets a precedent *I* find frightening. If it isn't scaring you, either you don't run a network, or I suspect you haven't thought all the way through how it could impact your business at some unforeseen point in the future, when a future policy is passed. :/ Thanks! Matt
Current thread:
- Re: Nice work Ron, (continued)
- Re: Nice work Ron Masataka Ohta (Jan 24)
- Re: Nice work Ron JORDI PALET MARTINEZ via NANOG (Jan 24)
- Re: Nice work Ron JORDI PALET MARTINEZ via NANOG (Jan 23)
- Re: Nice work Ron Matthew Petach (Jan 23)
- Re: Nice work Ron JORDI PALET MARTINEZ via NANOG (Jan 24)
- Re: Nice work Ron Masataka Ohta (Jan 24)
- Re: Nice work Ron JORDI PALET MARTINEZ via NANOG (Jan 24)
- Re: Nice work Ron J. Hellenthal via NANOG (Jan 24)
- Re: Nice work Ron Masataka Ohta (Jan 24)
- Re: Nice work Ron John Sage (Jan 24)
- Past policies versus present and future uses Matthew Petach (Jan 24)
- Re: Past policies versus present and future uses John Sage (Jan 24)
- Re: Past policies versus present and future uses JORDI PALET MARTINEZ via NANOG (Jan 24)
- Re: Past policies versus present and future uses Rob McEwen (Jan 25)
- Re: Past policies versus present and future uses Rob McEwen (Jan 25)
- Re: Past policies versus present and future uses Rubens Kuhl (Jan 25)
- Re: Past policies versus present and future uses Rob McEwen (Jan 25)
- Re: Past policies versus present and future uses Rich Kulawiec (Jan 26)
- Re: Nice work Ron Töma Gavrichenkov (Jan 22)
- Re: Nice work Ron Mark Andrews (Jan 22)
- Re: Nice work Ron George Herbert (Jan 22)