RIRs give out unique addresses (Was: something has a /8! ...)
bmanning at vacation.karoshi.com
bmanning at vacation.karoshi.com
Fri Sep 28 20:14:07 UTC 2012
ah... again the distinction between routed and routable.
RFC 1918 space is clearly routeable and routed. one does not need ARIN to assign such space.
what i -think- the NRPM section you refered to actually touches on (but does not state outright)
the concept of uniqueness. In the dim mists of the past, the NIC (SRI) ran two sets of books,
the "connected" database and the "unconnected" database. There was a lack of address block
uniquenss between these two databases; e.g. 220.127.116.11/24 was assigned -TWICE-. This occured
for hundreds of delegations I was responsible for - I can only assume there were thousands of
sites affected (Impacted for the gramatically challanged).
This was problematic when "unconnected" sites connected... and is why some of the admonitions
in RFC 1918 exist. The section of the ARIN NRPM you quote was developed when there was:
a) a shortage of globally unique IPv4 blocks available and
b) NAT and RFC 1918 space was easy.
Hence the admonishion to use RFC 1918 space if you were "unconnected" and when you decided to
"connect", ARIN would be willing to listen to your request.
Two thing have changed:
a) IPv4 is nearing equalibrium ... Most of it is fielded and so it is not clear ARIN can supply
IPv4 on demand as it has in the past. Yes, please tell me the IPv6 story Grandpa, I've
-never- heard it before... :(
b) Many networks are not "connected" or "unconnected" (begs the question, from what PoV/ASN?) but
are transients - with connections being sporadic either in time or by service.
What this boils down to is global uniqueness - not routed (by whom) or routability (are the headers
legal)... And that (IMHO) is a key attribute of what the RIRs are trying to protect.
YMMV of course.
On Fri, Sep 28, 2012 at 07:04:43AM -0700, Owen DeLong wrote:
> Bill, I am unable to make sense of your reply.
> The question I was answering was:
> "Wouldn't you say that there is a very real expectation that when you request address space through ARIN or RIPE that it would be routable?" (Which I admit at the time I interpreted to also indicate an expectation that it would be routed, but I see now could be ambiguous).
> In that context, I believe that the policy section I quoted indicates that there is no expectation that numbers issued by ARIN or RIPE (or any other RIR) "will be routed" and other policy sections certainly convey that ARIN (and the other RIRs) have no control over routers, so I'm not sure it matters what they say about routability.
> As to your statement about legacy assignments, I fail to see any part of ARIN policy that distinguishes them from any other assignment with regards to the application of policy. However, other than the section quoted below (which essentially states that some level of connectivity is required to justify new resource allocations or assignments), I believe that the NRPM is mute with regards to connectivity on all addresses. Since there are, by definition, no new legacy allocations or assignments, I'm not sure how legacy is relevant to the discussion at hand.
> On Sep 28, 2012, at 5:07 AM, bmanning at vacation.karoshi.com wrote:
> > not how i read that section Owen...
> > "...networks require interconnectivity and the private IP address numbers are
> > ineffective, globally unique addresses may be requested and used to provide this interconnectivity."
> > One does not have to request RFC 1918 space from ARIN (or other RIR)
> > and the NRPM is mute on legacy address assignments wrt "connectivity".
> > /bill
> > On Thu, Sep 27, 2012 at 07:32:17PM -0700, Owen DeLong wrote:
> >> I believe that this section of NRPM says no.
> >> 4.3.5. Non-connected Networks
> >> End-users not currently connected to an ISP and/or not planning to be connected to the Internet are encouraged to use private IP address numbers reserved for non-connected networks (see RFC 1918). When private, non-connected networks require interconnectivity and the private IP address numbers are ineffective, globally unique addresses may be requested and used to provide this interconnectivity.
> >> Owen
> >> On Sep 20, 2012, at 7:56 AM, "Naslund, Steve" <SNaslund at medline.com> wrote:
> >>> I suppose that ARIN would say that they do not guarantee routability
> >>> because they do not have operational control of Internet routers.
> >>> However, Wouldn't you say that there is a very real expectation that
> >>> when you request address space through ARIN or RIPE that it would be
> >>> routable? I would think that what ARIN and RIPE are really saying is
> >>> that they issue unique addresses and you need to get your service
> >>> provider to route them. FWIW, the discussion of the military having
> >>> addresses pulled back is pretty much a non-starter unless they want to
> >>> give them back. When the management of IP address space was moved from
> >>> the US DoD, there were memorandums of understanding that the military
> >>> controlled their assigned address space and nothing would change that.
> >>> I know this for a fact because I was around this discussion in the US
> >>> Air Force.
> >>> Steven Naslund
> >>> -----Original Message-----
> >>> From: John Curran [mailto:jcurran at arin.net]
> >>> Sent: Thursday, September 20, 2012 9:40 AM
> >>> To: Jeroen Massar
> >>> Cc: NANOG list
> >>> Subject: Re: RIRs give out unique addresses (Was: something has a /8!
> >>> ...)
> >>> On Sep 20, 2012, at 10:10 AM, Jeroen Massar <jeroen at unfix.org>
> >>> wrote:
> >>>> On 2012-09-20 16:01 , John Curran wrote:
> >>>>> It's very clear in the ARIN region as well. From the ARIN Number
> >>>>> Resource Policy Manual (NRPM),
> >>>>> <https://www.arin.net/policy/nrpm.html#four11> -
> >>>>> "4.1. General Principles 4.1.1. Routability Provider independent
> >>>>> (portable) addresses issued directly from ARIN or other Regional
> >>>>> Registries are not guaranteed to be globally routable."
> >>>> While close, that is not the same.
> >>>> The RIPE variant solely guarantees uniqueness of the addresses.
> >>>> The ARIN variant states "we don't guarantee that you can route it
> >>>> everywhere", which is on top of the uniqueness portion.
> >>> Agreed - I called it out because ARIN, like RIPE, does not assert that
> >>> the address blocks issued are "publicly routable address space"
> >>> (i.e. which was Tim Franklin's original statement, but he did not have
> >>> on hand the comparable ARIN reference for that point.)
> >>> FYI,
> >>> /John
More information about the NANOG