Mailing List Archive

You can get IRR from RADB or AltDB.

Rubens

Em seg., 20 de nov. de 2023, 16:00, Eric Dugas via NANOG <nanog@nanog.org>
escreveu:

> Greetings!
>
> Let's say you inherit legacy assets (ASN & IPv4 netblock), what are the
> first advantages that come to mind (beside not having to pay annual fees).
>
> Any disadvantages? The ones I can think of is the lack of RIR routing
> security services (in the ARIN region at least). No IRR, no RPKI at all.
>
> Eric
>

On Mon, 20 Nov 2023 at 20:08, Rubens Kuhl <rubensk@gmail.com> wrote:
>
> You can get IRR from RADB or AltDB.

Which is not going to be useful forever ... see [1]:

> Please note that 'route' and 'route6' objects created after 2023-Aug-15
> in non-authoritative registries like RADB, NTTCOM, ALTDB won't be
> processed.




[1] https://lg.as6453.net/doc/cust-routing-policy.html

The only advantage is not being subject to an RIR contract and not paying annual fees. Especially with the fee structure games ARIN has been playing over the last decade or so.

I made the mistake of bringing my legacy resources under ARIN LRSA contract once upon a time. I ended up transferring them to RIPE Non-Contract in order to get out from under that arrangement.

While you can’t get RPKI without paying annual fees, you can get IRR services, just not from ARIN.

You can use altdb as an IRR for free with legacy space without any issues at all.

It’s unlikely that lack of RPKI will be a significant drawback for the foreseeable future.

Worst case, if need arises, transfer your space to RIPE and make arrangements with a RIPE LIR to “sponsor” your prefixes. This is usually around 70+EU per year to the sponsoring LIR. Prices vary greatly, so be prepared to negotiate.

Owen


> On Nov 20, 2023, at 10:59, Eric Dugas via NANOG <nanog@nanog.org> wrote:
>
> Greetings!
>
> Let's say you inherit legacy assets (ASN & IPv4 netblock), what are the first advantages that come to mind (beside not having to pay annual fees).
>
> Any disadvantages? The ones I can think of is the lack of RIR routing security services (in the ARIN region at least). No IRR, no RPKI at all.
>
> Eric

On Mon, Nov 20, 2023 at 4:15?PM Lukas Tribus <lukas@ltri.eu> wrote:
>
> On Mon, 20 Nov 2023 at 20:08, Rubens Kuhl <rubensk@gmail.com> wrote:
> >
> > You can get IRR from RADB or AltDB.
>
> Which is not going to be useful forever ... see [1]:
>
> > Please note that 'route' and 'route6' objects created after 2023-Aug-15
> > in non-authoritative registries like RADB, NTTCOM, ALTDB won't be
> > processed.
>
>
>
>
> [1] https://lg.as6453.net/doc/cust-routing-policy.html

First time I see a Tier-1 complaining about non-authoritative IRR. I
wonder what they do with IRR sources that do validate although not
being run by a RIR/NIR, like TC.


Rubens

On Mon, Nov 20, 2023 at 10:59?AM Eric Dugas via NANOG <nanog@nanog.org> wrote:
> Let's say you inherit legacy assets (ASN & IPv4 netblock), what are the first advantages that come to mind (beside not having to pay annual fees).
>
> Any disadvantages? The ones I can think of is the lack of RIR routing security services (in the ARIN region at least). No IRR, no RPKI at all.

Hi Eric,

Disadvantages: Expensive IRR. No RPKI. No vote in ARIN elections. No
legal clarity regarding the status of your resources.

Advantages: Free. No legal clarity regarding the status of your resources.


I listed legal clarity as both an advantage and disadvantage.

When you sign the ARIN registration services agreement (RSA) you get
legal clarity: you are bound by the Number Resource Policy Manual
(NRPM) which is subject to change with the approval of the ARIN Board
of Trustees which usually follows but is not required to follow a
fungible community consensus process. Don't like a change? Too bad.
You can deal with it or you can cancel your ARIN contract. If you
cancel your contract ARIN reclaims the IP addresses and you have no
legal recourse whatsoever.

Not that ARIN would ever behave badly. They're good people who
earnestly endeavor to do right by the community. But if that changes
tomorrow, you'll have no recourse.

Skip signing and you have whatever common law rights you have to the
IP addresses. Whatever those are. When InterNIC, acting as an agent of
the U.S. Government, granted the addresses decades ago, they didn't
spend a lot of (or really any) words on the question of legal rights.
It hasn't been well tested in court. ARIN claims that the NRPM applies
to you anyway, but as a matter of history no provision of the NRPM has
ever been adversely applied to the legitimate holder of a then-legacy
resource. Not even once. The legal foundation for a claim that it can
be is weak at best. The legal risk to ARIN, should it ever attempt to
do so, is not trivial.

In a nutshell, you can either have a lack of clarity as to your rights
or you can clearly have no rights.

Regards,
Bill Herrin


--
William Herrin
bill@herrin.us
https://bill.herrin.us/

On Mon, Nov 20, 2023 at 3:25?PM owen@Delong.com <owen@delong.com> wrote:

>
> It’s unlikely that lack of RPKI will be a significant drawback for the
> foreseeable future.
>

It is actually. The older Orgs I manage all have RIR-based IRR and RPKI.

Thanks all for the answers

It’s recently come to my attention that I must stand partially corrected in what I said below.

Apparently, Tata is rejecting routes that have neither RPKI nor an RIR-based IRR record created after 1993.

This means that virtually all legacy holders who change IRRs or make any of a number of other possible updates to their IRR data will be unreachable to single-homed Tata customers (and unable to reach them).

This unfortunate choice by Tata is likely to become a trend in the future, but I figured it would be several more years before that happened. In fact, I was hoping it wouldn’t really take shape in a meaningful way until IPv4 lost its relevance.

Unfortunately, Tata has decided to take the lead in disconnecting legacy prefix holders and pushing the RIR contract agenda.

Owen


> On Nov 20, 2023, at 12:25, owen--- via NANOG <nanog@nanog.org> wrote:
>
> The only advantage is not being subject to an RIR contract and not paying annual fees. Especially with the fee structure games ARIN has been playing over the last decade or so.
>
> I made the mistake of bringing my legacy resources under ARIN LRSA contract once upon a time. I ended up transferring them to RIPE Non-Contract in order to get out from under that arrangement.
>
> While you can’t get RPKI without paying annual fees, you can get IRR services, just not from ARIN.
>
> You can use altdb as an IRR for free with legacy space without any issues at all.
>
> It’s unlikely that lack of RPKI will be a significant drawback for the foreseeable future.
>
> Worst case, if need arises, transfer your space to RIPE and make arrangements with a RIPE LIR to “sponsor” your prefixes. This is usually around 70+EU per year to the sponsoring LIR. Prices vary greatly, so be prepared to negotiate.
>
> Owen
>
>
>> On Nov 20, 2023, at 10:59, Eric Dugas via NANOG <nanog@nanog.org> wrote:
>>
>> Greetings!
>>
>> Let's say you inherit legacy assets (ASN & IPv4 netblock), what are the first advantages that come to mind (beside not having to pay annual fees).
>>
>> Any disadvantages? The ones I can think of is the lack of RIR routing security services (in the ARIN region at least). No IRR, no RPKI at all.
>>
>> Eric
>

> On Nov 21, 2023, at 01:38, William Herrin <bill@herrin.us> wrote:
>
> On Mon, Nov 20, 2023 at 10:59?AM Eric Dugas via NANOG <nanog@nanog.org> wrote:
>> Let's say you inherit legacy assets (ASN & IPv4 netblock), what are the first advantages that come to mind (beside not having to pay annual fees).
>>
>> Any disadvantages? The ones I can think of is the lack of RIR routing security services (in the ARIN region at least). No IRR, no RPKI at all.
>
> Hi Eric,
>
> Disadvantages: Expensive IRR. No RPKI. No vote in ARIN elections. No
> legal clarity regarding the status of your resources.

Expensive IRR? ALTDB is free?

Owen

How so? What do you lose (that matters) by not having RPKI?

Owen


> On Nov 21, 2023, at 06:40, Eric Dugas <edugas@unknowndevice.ca> wrote:
>
>
>
> On Mon, Nov 20, 2023 at 3:25?PM owen@Delong.com <owen@delong.com <mailto:owen@delong.com>> wrote:
>>
>> It’s unlikely that lack of RPKI will be a significant drawback for the foreseeable future.
>
> It is actually. The older Orgs I manage all have RIR-based IRR and RPKI.
>
> Thanks all for the answers

Small correction inline:

> On Nov 22, 2023, at 11:16, owen@Delong.com <owen@delong.com> wrote:
>
> It’s recently come to my attention that I must stand partially corrected in what I said below.
>
> Apparently, Tata is rejecting routes that have neither RPKI nor an RIR-based IRR record created after 1993.

The actual date is 2023-08-15.
https://lg.as6453.net/doc/cust-routing-policy.html?


>
> This means that virtually all legacy holders who change IRRs or make any of a number of other possible updates to their IRR data will be unreachable to single-homed Tata customers (and unable to reach them).
>
> This unfortunate choice by Tata is likely to become a trend in the future, but I figured it would be several more years before that happened. In fact, I was hoping it wouldn’t really take shape in a meaningful way until IPv4 lost its relevance.
>
> Unfortunately, Tata has decided to take the lead in disconnecting legacy prefix holders and pushing the RIR contract agenda.
>
> Owen
>
>
>> On Nov 20, 2023, at 12:25, owen--- via NANOG <nanog@nanog.org> wrote:
>>
>> The only advantage is not being subject to an RIR contract and not paying annual fees. Especially with the fee structure games ARIN has been playing over the last decade or so.
>>
>> I made the mistake of bringing my legacy resources under ARIN LRSA contract once upon a time. I ended up transferring them to RIPE Non-Contract in order to get out from under that arrangement.
>>
>> While you can’t get RPKI without paying annual fees, you can get IRR services, just not from ARIN.
>>
>> You can use altdb as an IRR for free with legacy space without any issues at all.
>>
>> It’s unlikely that lack of RPKI will be a significant drawback for the foreseeable future.
>>
>> Worst case, if need arises, transfer your space to RIPE and make arrangements with a RIPE LIR to “sponsor” your prefixes. This is usually around 70+EU per year to the sponsoring LIR. Prices vary greatly, so be prepared to negotiate.
>>
>> Owen
>>
>>
>>> On Nov 20, 2023, at 10:59, Eric Dugas via NANOG <nanog@nanog.org> wrote:
>>>
>>> Greetings!
>>>
>>> Let's say you inherit legacy assets (ASN & IPv4 netblock), what are the first advantages that come to mind (beside not having to pay annual fees).
>>>
>>> Any disadvantages? The ones I can think of is the lack of RIR routing security services (in the ARIN region at least). No IRR, no RPKI at all.
>>>
>>> Eric
>>
>

On Wed, Nov 22, 2023 at 11:22?AM owen@Delong.com <owen@delong.com> wrote:
> > On Nov 21, 2023, at 01:38, William Herrin <bill@herrin.us> wrote:
> > Disadvantages: Expensive IRR. No RPKI. No vote in ARIN elections. No
> > legal clarity regarding the status of your resources.
>
> Expensive IRR? ALTDB is free?

I don't know anything about ALTDB. RADB is pricey.


On Wed, Nov 22, 2023 at 11:16?AM owen--- via NANOG <nanog@nanog.org> wrote:
> Apparently, Tata is rejecting routes that have neither RPKI nor an RIR-based IRR record created after 1993.

Are you sure? The way I read it, that policy applies to -customer-
announced routes, not broad Internet routes received from peers and
transit.

It still seems unwise, but not entirely insane.

Regards,
Bill Herrin

--
William Herrin
bill@herrin.us
https://bill.herrin.us/

I’ve been using AltDB for years. Works great and is indeed, free.

The fine folks at FCIX have taken over the project and manage it now.

Lots of good documentstion out there for it as well.

-Mike

> On Nov 22, 2023, at 12:15, William Herrin <bill@herrin.us> wrote:
>
> ?On Wed, Nov 22, 2023 at 11:22?AM owen@Delong.com <owen@delong.com> wrote:
>>>> On Nov 21, 2023, at 01:38, William Herrin <bill@herrin.us> wrote:
>>> Disadvantages: Expensive IRR. No RPKI. No vote in ARIN elections. No
>>> legal clarity regarding the status of your resources.
>>
>> Expensive IRR? ALTDB is free?
>
> I don't know anything about ALTDB. RADB is pricey.
>
>
>> On Wed, Nov 22, 2023 at 11:16?AM owen--- via NANOG <nanog@nanog.org> wrote:
>> Apparently, Tata is rejecting routes that have neither RPKI nor an RIR-based IRR record created after 1993.
>
> Are you sure? The way I read it, that policy applies to -customer-
> announced routes, not broad Internet routes received from peers and
> transit.
>
> It still seems unwise, but not entirely insane.
>
> Regards,
> Bill Herrin
>
> --
> William Herrin
> bill@herrin.us
> https://bill.herrin.us/

> On Nov 22, 2023, at 12:13, William Herrin <bill@herrin.us> wrote:
>
> On Wed, Nov 22, 2023 at 11:22?AM owen@Delong.com <owen@delong.com> wrote:
>>> On Nov 21, 2023, at 01:38, William Herrin <bill@herrin.us> wrote:
>>> Disadvantages: Expensive IRR. No RPKI. No vote in ARIN elections. No
>>> legal clarity regarding the status of your resources.
>>
>> Expensive IRR? ALTDB is free?
>
> I don't know anything about ALTDB. RADB is pricey.

RADB is one of MANY alternatives. ALTDB has been pretty reliable and useful to me and costs $0.

YMMV.

> On Wed, Nov 22, 2023 at 11:16?AM owen--- via NANOG <nanog@nanog.org> wrote:
>> Apparently, Tata is rejecting routes that have neither RPKI nor an RIR-based IRR record created after 1993.
>
> Are you sure? The way I read it, that policy applies to -customer-
> announced routes, not broad Internet routes received from peers and
> transit.

It’s not entirely clear what Tata’s policy on peer-received routes is, but it’s not at all unlikely that the vast majority of systems are reaching Tata via indirect transit.

> It still seems unwise, but not entirely insane.

My word was obnoxious, but yeah.

Owen

>
> Are you sure? The way I read it, that policy applies to -customer-
> announced routes, not broad Internet routes received from peers and
> transit.
>

You are reading it correctly.

On Wed, Nov 22, 2023 at 3:15?PM William Herrin <bill@herrin.us> wrote:

> On Wed, Nov 22, 2023 at 11:22?AM owen@Delong.com <owen@delong.com> wrote:
> > > On Nov 21, 2023, at 01:38, William Herrin <bill@herrin.us> wrote:
> > > Disadvantages: Expensive IRR. No RPKI. No vote in ARIN elections. No
> > > legal clarity regarding the status of your resources.
> >
> > Expensive IRR? ALTDB is free?
>
> I don't know anything about ALTDB. RADB is pricey.
>
>
> On Wed, Nov 22, 2023 at 11:16?AM owen--- via NANOG <nanog@nanog.org>
> wrote:
> > Apparently, Tata is rejecting routes that have neither RPKI nor an
> RIR-based IRR record created after 1993.
>
> Are you sure? The way I read it, that policy applies to -customer-
> announced routes, not broad Internet routes received from peers and
> transit.
>
> It still seems unwise, but not entirely insane.
>
> Regards,
> Bill Herrin
>
> --
> William Herrin
> bill@herrin.us
> https://bill.herrin.us/
>

On Wed, Nov 22, 2023 at 8:14?PM William Herrin <bill@herrin.us> wrote:

> It still seems unwise, but not entirely insane.

I would expect that at some point in the future
that many/all of the major players will require
RIR validated routing information, and whether
that is due to regulation or best practices for
which the majors will not want to become liable
for ignoring (and "think of the children") is hard
to know. In the end I suspect we are likely just
trying to discern when that date will be, not the
eventual end result ("not today" is not, really,
a valid target goal).

Gary -

It is unclear if/when such an outcome will occur, but the potential of such an endstate highlights the importance of being involved in governance activities of one (or more) of the community-based RIR organizations – as a preparatory measure should such a change occur in the future.

Note that there is a near-universal expectation of governments that forbearance of public regulation (due to industry self-regulation) is only warranted when the private alternative covers all of those engaged in similar business, so your expressed trajectory has a sound basis.

Best wishes (& Happy Holidays!),
/John

John Curran
President and CEO
American Registry for Internet Numbers


On Nov 22, 2023, at 10:02?PM, Gary Buhrmaster <gary.buhrmaster@gmail.com> wrote:

On Wed, Nov 22, 2023 at 8:14?PM William Herrin <bill@herrin.us> wrote:

It still seems unwise, but not entirely insane.

I would expect that at some point in the future
that many/all of the major players will require
RIR validated routing information, and whether
that is due to regulation or best practices for
which the majors will not want to become liable
for ignoring (and "think of the children") is hard
to know. In the end I suspect we are likely just
trying to discern when that date will be, not the
eventual end result ("not today" is not, really,
a valid target goal).