mailing list archives
Re: De-bogon not possible via arin policy.
From: Jimmy Hess <mysidia () gmail com>
Date: Thu, 15 Dec 2011 13:12:30 -0600
On Thu, Dec 15, 2011 at 10:53 AM, Matthew Kaufman <matthew () matthew at> wrote:
On 12/15/2011 8:05 AM, Valdis.Kletnieks () vt edu wrote:
On Thu, 15 Dec 2011 07:42:40 PST, Matthew Kaufman said:
Here's a simple one involving "squat" space: You have a network that
internally is using *all* of 10.0.0.0/8 *and* 188.8.131.52/8 (because you
have enough customers to fill two /8s).
Now that 184.108.40.206/8 is being allocated, you need to move out of it (so
that your users can reach the real 220.127.116.11/8 sites).
Why wouldn't this be sufficient justification for a new /8 from ARIN?
It is valid justification you may have available to obtain some
additional address space from ARIN.
Probably not a /8, however. With such a large request, you can be
sure the RIR will want to vet it in great detail,
and make sure everything is fully justified technically, to the
letter and spirit of the policy.
If it is, then you get a /8, providing it is available, and the policy
is still justified need.
If you don't immediately require an entire /8 equivalent, you can
expect to get a smaller amount immediately.
You are only allowed a 3 months supply, anyways, and you may not get
to have the /8 as a single aggregate.
The limitation is that "Efficiently utilizing 10.0.0.0/8" or
"Efficiently utilizing 18.104.22.168/8"
Cannot be used to obtain a /7 or another /8, because 10.0.0.0/8
and 22.214.171.124/8 are not your allocation.
If the allocation is not yours, then you cannot apply the policy that
says "Efficient utilization of previous blocks assigned
and requirement for more addresses" as the justification for more
IPs, because 10/8 wasn't assigned to you anyways.
You are left having to justify based on number of simultaneous HOSTS
on your network, not number of customers.
The RIRs do not currently require you to utilize NAT or RFC1918
addresses for hosts on your network,
so if you met the requirements, you can justify the allocations
required to renumber your entire 10/8 and
your entire 5/8 into public IP space, at the rate you intend to
You however don't get to say "I have 10 million DSL customers",
therefore, I get 10 million IPs, right now.
Because you can probably use the other two 10/8's you already have.
And if thiose run out, a third 10/8 is cheap even on the secondary market.
You're assuming a network architecture which is not required by policy.
The RIRs do not require you to utilize NAT in the first place.
It follows that they also don't require you to segment your network
and re-use the same NAT ranges.
But in utilizing NAT, you might be utilizing your address space
inefficiently, because the pressure to
utilize addresses efficiently is reduced by the large size of 1918 space.
An example would be having 10 million dialup customers, with hosts
that are only transiently connected
to a network, and never 10 million simultaneously, each you
addressed with a permanent IP.
The problem with that, is you only get to assign addresses to
When a device is not connected to your network, it is not an addressable object.
In obtaining an allocation from an RIR, you can expect to be required
to utilize your address space
efficiently, which means that devices not connected to your network
at any point in time are not hosts,
and therefore do not have IP addresses assigned from you.
And the number of IP addresses you can justify is related to the
number of simultaneous connected devices.