nanog mailing list archives

Previous By Date Next
Previous By Thread Next

RE: IPv4 Legacy assignment frustration

From: "Spurling, Shannon" <shannon () more net>
Date: Wed, 22 Jun 2016 13:36:56 +0000
It’s a problem with the miss-use of the RIR delegation of a legacy block.

The assumption that because a block is assigned to a particular RIR, all users in that block have to be in that RIR’s 
territory, without actually running a query against that RIR’s Whois database.



From: christopher.morrow () gmail com [mailto:christopher.morrow () gmail com] On Behalf Of Christopher Morrow
Sent: Tuesday, June 21, 2016 10:36 PM
To: Suresh Ramasubramanian <ops.lists () gmail com>
Cc: Spurling, Shannon <shannon () more net>; nanog () nanog org
Subject: Re: IPv4 Legacy assignment frustration

how is this a problem with  the RIR ?

On Tue, Jun 21, 2016 at 11:01 PM, Suresh Ramasubramanian <ops.lists () gmail com<mailto:ops.lists () gmail com>> wrote:
There is absolutely no budgeting for idiots.  Beyond a long hard process that is helped by internal escalations from 
affected people on a corporate network - ideally as senior as you can get - ot their IT staff.  “Missouri isn’t in 
China, you nitwit.  Fix it or I, the CFO, will go have a word with the CIO and ..”

In other words, have affected people escalate up the chain to the ISP or more likely corporate IT team that’s doing 
this sort of stupid filteringg.


On 21-Jun-2016, at 8:07 PM, Spurling, Shannon <shannon () more net<mailto:shannon () more net>> wrote:

I am not sure how many on the list are Legacy resource holders from before the RIR's were established, but there is 
an extremely short sighted security practice that is being used across the internet.

Apparently, the RIR that has been given "authority" for an IP prefix range that was a legacy assignment is being used 
as a geographical locator for those prefixes. For instance, we provide access for several /16's that are in the 150/8 
prefix that was set as APNIC. I am aware of quite a few organizations in the US that have prefixes in that range. We 
have registered our legacy resources with ARIN, but there are some people insist that somehow the state of Missouri 
must be part of China because... "APNIC!". They set firewalls and access rules based on that, and are hard pressed to 
not fix them.

Is there any way to raise awareness to this inconsistency so that security people will stop doing this?
Previous By Date Next
Previous By Thread Next

Current thread: