[AfriNIC-rpd] What is our take on the central pool IPv4exhaustion?

[Gregory Massel]

> In a market where IPv4 space will start getting traded outside of the
> auspicious of the RIR, in the so called "second market", as we are very
> likely to see as IPv4 space depreciates, RR registries are going to become
> imperative to prevent the theft of IP space.  In order to properly manage
> space, these registries are in my opinion not optional, they are 
> mandatory.

I don't think it is going to possible for the RIRs to control entries to the 
RR's any time soon.

Consider this:
1. Most RR's have automated additions/removals of route objects.
2. Many of the large backbones who adopted the use of RR's did so before the 
RIRs started offering RR services. The most popular independent one was 
probably the Merit RADB, although some backbones also ran RR services.

While it would be really nice if the RIR's had the means to cross-check RR 
route object additions against actual allocations, IMO this will never be 
entirely practical.

The basis of an allocation is that address space gets re-assigned to 
clients. If a client wants to multi-home, they will need to announce part of 
their upstream's IP range out of their own ASN. When they add a route 
object, it won't correspond to the allocation database. For the RR operator 
to validate such route objects, they would need to cross check against SWIP 
or RWHOIS records. Basically, it is just going to make the process so 
tedious that many backbones simply resort to manually updating filters 
rather than dynamic building filters from RR data. That aside, a large 
number still prefer to work off manually updated filters today.

Personally I think AfriNIC should offer a RR service, but only because 
AfriNIC's real advantage for African LIRs is that it is 'local' to deal 
with, runs local training, etc. I've been using the ARIN RR since before 
AfriNIC and continue to use it even for new AfriNIC allocations as I'm more 
familiar with it than with RIPE. But one could just as easily use the Merit 
RADB if ARIN/RIPE/AfriNIC became too prescriptive about RR route object 
entries.

IP transfers via stealth have been happening for many years. In fact I think 
the RIRs have a pretty good precautionary measures to prevent this. I've 
seen a number of disputes around pre-ARIN InterNIC allocations/assignments 
that have got nasty because there are no RIR records to trace the history of 
admin/tech contacts, organisations assigned to, etc.

At the end of the day, the RR is not designed to give you control of an IP 
block, merely to allow backbones to easily trace the contact persons 
associated with specific BGP advertisements. In the event of a dispute, this 
allows them to contact the person responsible for the advertisement before 
simply filtering it. It also helps affected parties make contact and resolve 
issues quickly.

Temporary IP grabs for purposes of spamming are probably a much larger issue 
right now than stealth IP grabs will be in the future as a result of 
scarcity. The former wreaks havoc in a short space of time (blacklisting of 
IPs, etc) whilst the latter is generally reversible.

Also remember that attempting to do a stealth IP grab via the RR will leave 
a trail of evidence that is extremely useful for the rightful 
assignee/allocatee to present when they prosecute you!