Abuse procedures... Reality Checks

Wed Apr 11 12:20:36 UTC 2007

> "SWIP is a process used by organizations to submit information about 
> downstream customer's address space reassignments to ARIN for 
> inclusion 
> in the WHOIS database. Its goal is to ensure the effective 
> and efficient 
> maintenance of records for IP address space.

Lovely language but it ignores the existence of Rwhois and does not
explain by what standard the effectiveness and efficiency is judged.

> "SWIP is intended to:
>      * Provide information to identify the organizations 
> utilizing each 
> subdelegated IP address block.
>      * Provide registration information for each IP address block.
>      * Track utilization of allocated IP address blocks to 
> determine if 
> additional allocations may be justified.

This clearly omits any mention of network abuse. It doesn't even
directly mention that contact information is supplied or what the
contact info may/should be used for. It is heavily slanted towards a
bureaucratic process for counting addresses to support decision-making
about applications for additional address space.

> Of course, SWIP is a ARIN thing, and you work for BRITISH 
> TELECOMMUNICATIONS PLC.  As a US network operator, 

BT is also a US network operator. And a global network operator and a
global network and security consulting firm. And some other stuff too
like the project to run the entire UK telephone network over IP, 21CN.

>I was well 
> aware of 
> the requirements for SWIP, because ARIN rules make it clear 
> that, as a 
> netblock owner of an ARIN allocation, I'm required to do it.
> 
> Which numbering authority do you work with day to day?

ARIN. I have a long history with ARIN predating the existence of the
organization and I was one of the founding members of the ARIN Advisory
Council. I was not asking a typical dumb question here.

The fact is that nobody really has a clear idea what SWIP is, why it
exists, what it is for. What is the purpose and meaning of SWIP? Why is
it different from RIPE or APNIC? All the answers I have ever seen boil
down to "It's traditional!". And I have spent a lot of effort in trying
to track down older documents to see if there was any more clarity back
in the early days of SWIP and whois, but I failed to find anything other
than some references to budget justifications by ealry ARPANET managers.

On two occasions I tried to address this by proposing some policy
language to ARIN which would define the purpose and scope of the whois
directory but the members were not interested in messing with tradition.

The fact is that SWIP/whois/rwhois suck badly. Different groups of
people have different ideas of what these things mean and the different
ideas do not match. If I ask a waitress for two eggs over-easy I do not
want to receive a slice of Quiche Lorraine. But in the world of
SWIP/whois/rwhois, this is what we deal with every day.

Network operators have a CRYING need for a database to identify contacts
for dealing with network abuse issues. They try to use the whois
directory for this, but too often it fails them because the people
stuffing the info into the directory are merely following tradition to
make sure that the numbers come up right the next time they apply for
additional IP addresses.

By the way, as a holder of an ARIN netblock allocation, you are *NOT*
required to do SWIP. That is just another myth propogated by the holders
of tradition and net folklore.  Whenever you ask "Why?" and someone
says, "Because you are required to do it.", they are really telling you
not to think. You pointed me to a page written by ARIN staff as
justification for your views about SWIP but you somehow missed the line
which said:

   SWIPs are required for reallocations of /29 and larger if the
   allocation owner does not operate a RWhoIs server.

But, I take it a step further. Why should I believe what ARIN staff have
written and why should I do what they tell me to do? What is their
justification for writing this page? If you look in the ARIN policies it
always uses the term SWIP in the context of "efficient utilization". So
why do they publish it in the whois directory? Why do people think that
whois contains valid contact info? Why do people think that whois should
contain contacts who are ready, willing and able to act on network abuse
issues? The only reason people think these things is because it is
traditonal net folklore. It was never part of the purpose and scope of
SWIP/whois/Rwhois.

--Michael Dillon