And so it ends...
mysidia at gmail.com
Fri Feb 4 00:57:46 CST 2011
On Thu, Feb 3, 2011 at 1:34 PM, Jay Ashworth <jra at baylink.com> wrote:
> I strongly suspect that his question is actually "Does ARIN have any
> enforceable legal authority to compel an entity to cease using a
> specific block of address space, absent a contract?"
ARIN has about as much to do with legally compelling an entity (who
has signed no contract with ARIN) to stop using a block of IP address
space, as a DNSBL has to do with compelling some random spammer to
stop attempting to send spam.
What keeps people using only IPs they were allocated by a registry are network
policies of cooperating networks who are independent of ARIN (aside
receiving an assignment of their own from ARIN). The RIRs and IANA have not been
shown to have any legally enforceable authority of their own to stop
an IP network
from using IPs not assigned by the registry, or to prevent someone
to use IPs already assigned by the RIR to someone else.
If you need examples; look at all the unofficial usage of 188.8.131.52/8
in private networks, that the RIRs did not attempt to compel anyone to stop.
ARIN does not appear to directly legally compel any entity to cease
using any specific
block of address space. Neither is any other RIR in the business of
that only a registrant uses the IPs, nor does the registry detect if
a wrong entity is
using the IPs.
Neither does any internet registry promise that allocations can be
routed on the public internet.
You can ignore the RIRs and use whatever IP addresses you want, at
your own peril.
That peril is not created by any RIR, however; the "peril" is the
and response by other organizations you rely on for connectivity.
Neither does any internet registry promise that allocations will be
unique on the public internet.
A competing (non-cooperating) registry could have made a conflicting assignment.
The RIRs can only make promises about uniqueness within their own
that they made the allocations within address space they were delegated by other
registries according to their policies.
The only thing a registration tells you the registrant is this
particular registry administers a
database containing that block of IPs, and you are the only
organization currently assigned
that IP space _by that registry_.
If you as a network operator do not cooperate with IANA, then,
perhaps you create
your own registry, and just use whatever IP addresses you want.
However, other networks may refuse to interconnect with you due to
their policies determining that to be "improper addressing".
It is not as if ARIN has a policy of looking for hijacked/unofficial
announcements of address
space and dispatching an army of lawyers with 'cease and decist' letters.
Instead, what happens is members of the internet community
investigate IP space
and AS numbers before turning up new interconnections, and decide on their own,
which blocks to route, based on peering network's request. Internet connected
networks will find the entry in the IANA database
for the /8 the requested prefix resides in, find delegation to ARIN, look
in the ARIN WHOIS database, and then make a decision to route the
blocks or not.
The new peer might be required to show correct current registry
delegation of the block, authorization from the
contact listed in the database, OR merely sign a promise that they
will only originate prefixes assigned to them
through IANA or a RIR recognized by IANA, BUT the registry operator,
ARIN itself is not the entity that imposes any specific requirement.
If IP address space is legacy and not properly kept up to date in the
registry under current RIR policies,
then some community members might choose to reject or disallow their use
by a peer, based on their own internal routing policies.
Also, many members of the community rely on the ICANN delegated DNS
root for all DNS
lookups. the .ARPA TLD servers refer to ARIN for Reverse DNS;
which is important for adequate SMTP operation,
in many mail environments, lack of proper reverse DNS can lead to
mail being rejected.
If IP address spaces appear to be used by a person other than the registrant,
the listed registrant might submit complaints to ISPs in order to act according
to their network's routing policies; if their policy is to recognize ARIN's
listings as the authoritative ones, they might even turn off prior
users of the IP addresses.
There is the RPKI pilot. In the future, members of the community
resource assignment through resource certification according to the
policies of the
accepted registry, through cryptographic methods.
That would certainly give ICANN, IANA, and the RIRs stronger
technical enforcement powers.
It's even conceivable this could be used in the future to "Revoke
such and such evil
outside country network's Resource certificates" (so they will be
But it's still not 'legal' enforcement of resource 'ownership'. The
still have the ability to accept use of IP address blocks outside
what ARIN determines to
be the proper registrations, and recourse is not really ARIN's, if
someone other than the proper registrant is making use of the IP
address space in disagreement with the registry.
More information about the NANOG