[AfriNIC-rpd] Questions about legacy space

[Owen DeLong]

On Jun 28, 2012, at 12:30 AM, Andrew Alston wrote:

> Hi Guys,
> 
> While not attempting to write a policy on this (yet), I'm trying to figure out what the community consensus on a certain issue is, which I will state as a hypothetical for now.

There is no such thing as legacy space, only legacy registrations. This is a subtle difference, but an important one.

A legacy registration is one which predates the existence of an RIR in its respective region and was created by a predecessor registry. In the APNIC region, for example, I believe all legacy registrations have been converted to standard registrations. I'm not sure of the situation in RIPE-NCC, LACNIC, or AfriNIC.
In the ARIN region, this is a somewhat contentious issue, though in reality, most of the debate is much ado about nothing.

> An institution has been using legacy space for 20+ years, and is under the impression that the space actually belongs to them.  They have always had full control of the space, used the space, and there have been no problems.

First of all, RIRs don't deal with space. RIRs deal with registrations. Space implies a tangible object where none exists. There is no law (at least none that I know of*) that gives the RIRs any power whatsoever to dictate the behavior of network operators. As such, this all depends on a collection of cooperating entities in order to function.

The internet works because people controlling routers choose to follow the guidance of RIRs in mapping addresses to organizations/users and the RIRs cooperate in issuing unique addresses on a regional basis which are coordinated to be globally unique amongst them. IANA assists the RIRs in this process through a hierarchical delegation system.

A network operator is free to use any address any way it wants. Claiming ownership over an IP address is a lot like claiming ownership of the number 5. It's just an integer.

OTOH, claiming ownership over a record in a database (the registration of the address, not the address itself) might have some value and may have some legitimacy. As a general rule, that ownership is retained by the owner/operator of the database, but certain rights may be transferred through agreement or contract.

As a general rule, legacy holders have no contract transferring those rights from the RIR in question and as such have little, if any, legal claim to such rights.

> Now, during an exercise, said institution discovers that the space is actually registered to another institution.

Oops!

> They phone the other institution and the other institution instantly agrees that the space should be with institution 1, and infact within 60 minutes issue a letter to this effect.

All well and good, but, unless said transfer was conducted within the policy framework of the applicable RIR, getting such a transfer recorded could be problematic.

> Now, when asking for the database records to be modified, does this classify as a transfer or is this just an admin screwup that can be rectified.

It is, of course, a transfer. The fact that Org. 1 was using the space for a long time doesn't change the fact that it was not the original registrant. The fact that no money changed hands does not change that fact, either. It's nice that Org. 2 is willing to cooperate with Org. 1 in facilitating the transfer, but it still has to be completed within RIR policy and in most cases, that will require that Org. 1 sign an RSA and the registration for Org. 1 that results will not be a legacy registration, but, rather a conventional contracted modern RIR registration. (At least that's what should happen according to policy in the ARIN region).

> I think the question here comes down to, what classifies as OWNERSHIP of legacy space.  Does consistent use for 20 years qualify?

Nope.

Since you can't own an integer and there is no such thing as legacy space, the question is flawed as is any affirmative answer that could result.

> If not, until there is a policy about the transfer of legacy space, how would one deal with a situation as described above?  Since policies take time to draft, discuss and ratify.

Absent policy for transfers of registrations (IMHO, no such policy should be legacy-specific), I would think that your best bet would be for Org. 2 to re-allocate the space to Org. 1 just as an ISP would re-allocate to a downstream ISP. The lack of a network hierarchy relationship is nearly irrelevant since Org. 1 has been using the space already and it doesn't seem that their upstreams are having a problem with this.

It will make RPKI interesting, but not impossible.

Depending on how this came about and the nature of prior relationships between Org. 1 and Org. 2, there might be other ways to clean this up, but, you've not provided sufficient details to allow for better guidance.

However, it really helps if we remember that RIRs deal in registrations which map addresses to organizations and that those registrations are merely a reference that the public MAY choose to use in managing their routers. Though it would be harmful and difficult to make useful, there is nothing other than the logistics and the lack of value in doing so which actually prevents someone from establishing an independent registry or registry system and building an entirely separate internet among other cooperating providers.

Owen

*There is no such law in the US. I admit I don't know what the laws are in other jurisdictions, but I do believe it to be unlikely such a law would exist.