[lacnog] Subasignación de prefijos a otro ASN y el tema con los RoA
Mike Burns
mike en iptrading.com
Jue Feb 3 17:59:54 -03 2022
Hi Fernando,
Maybe you should stop making pronouncements which you can’t support?
At least you see now that the practice of creating ROAs for leased blocks is easily accomplished.
ROAs that specify a foreign ASN as permitted to advertise the block are required by Amazon and Oracle.
As you can see below, Salvador’s initial question revolved around the ability to acquire ROAs for leased blocks.
In thinking this wasn’t possible, he was concerned about RPKI’s progress.
Now he knows that there are lessors who will offer ROAs and that there is nothing unusual in that practice.
Regards,
Mike
From: LACNOG <lacnog-bounces en lacnic.net> On Behalf Of Fernando Frediani
Sent: Thursday, February 03, 2022 3:47 PM
To: lacnog en lacnic.net
Subject: Re: [lacnog] Subasignación de prefijos a otro ASN y el tema con los RoA
Hi Mike
I will not provide it right now. If you don't believe and wish to get a strong evidence I suggest you consult LACNIC directly and take the chances in the case you are participating on this type of activities.
Regarding the AWS example if the prefixes are used under those circunstances I saw no problem with it as long the resource holder can prove that if asked by the RIR.
Regards
Fernando
Em 03/02/2022 17:42, Mike Burns escreveu:
Please, for the third time, can you provide a link to anything but your own opinion?
Leasing is allowed in ARIN, in RIPE, and in APNIC without question.
Can I get the LACNIC link prohibiting it?
With the AWS thing, at least you acknowledge there is no inherent problem with the advertising of blocks under an ASN not the same as the block owner.
So there is some progress…
From: LACNOG <mailto:lacnog-bounces en lacnic.net> <lacnog-bounces en lacnic.net> On Behalf Of Fernando Frediani
Sent: Thursday, February 03, 2022 3:36 PM
To: lacnog en lacnic.net <mailto:lacnog en lacnic.net>
Subject: Re: [lacnog] Subasignación de prefijos a otro ASN y el tema con los RoA
Hi, you don´t need to believe me, you need to believe LACNIC.
If you still don't then I suggest you tell them some LACNIC registered prefixes that are currently leased to another ASN to make a little test.
AWS case is a completely different scenario. That´s not a leasing. Their customer, which is the rightful resource holder of those prefixes wish to use them inside AWS environment so there is no problem for them to use their own prefixes there. In those cases if the resource holder is using those prefixes according to what they have been justified for then all if good.
Fernando
Em 03/02/2022 17:29, Mike Burns escreveu:
You keep stating it’s prohibited, but I don’t believe you.
Can you provide links supporting your statements?
What do you say about AWS and other cloud providers advertising their clients’ addresses under the AWS ASN?
From: LACNOG <mailto:lacnog-bounces en lacnic.net> <lacnog-bounces en lacnic.net> On Behalf Of Fernando Frediani
Sent: Thursday, February 03, 2022 3:14 PM
To: lacnog en lacnic.net <mailto:lacnog en lacnic.net>
Subject: Re: [lacnog] Subasignación de prefijos a otro ASN y el tema con los RoA
Leasing is prohibited for LACNIC registered prefixes and LACNIC already confirmed it, either is is good or not to broker business. If you don't believe I invite you to publish LACNIC registered prefixes from organizations you have knowledge and that are currently rented to other ASNs so they can "have a look". And to make it more clear in AfriNic and APNIC regions it is also prohibited there. Even if you can point it is being done over there in some cases, thankfully it is prohibited.
If you dint's understand it clear my response to Salvador is to warn that as there is a leasing involved it cannot be used with LACNIC prefixes independent if there is a ROA or not. My point was not specifically about the ROA but about something that comes before it and is more important.
Fernando
Em 03/02/2022 16:48, Mike Burns escreveu:
Untrue, leasing is not prohibited, if it were, there wouldn’t be sites like ipxo.com.
Do a google search for “ipv4 leasing” and see how prohibited it is.
Fernando, can you do us the favor of pointing out where leasing is prohibited in policy or law?
I have already told you that advertising blocks under the ASN of non-owners of the block is perfectly acceptable and commonplace among cloud providers who offer “bring-your-own-addresses” services, like Oracle and AWS.
Salvador, you can certainly get ROAs for leased blocks, except where RPKI is prohibited, as it is for ARIN legacy holders who haven’t signed a registration agreement.
If you need to lease blocks with an ROA, it is not difficult to find lessors that will offer that.
Regards,
Mike Burns
From: LACNOG <mailto:lacnog-bounces en lacnic.net> <lacnog-bounces en lacnic.net> On Behalf Of Fernando Frediani
Sent: Thursday, February 03, 2022 2:27 PM
To: lacnog en lacnic.net <mailto:lacnog en lacnic.net>
Subject: Re: [lacnog] Subasignación de prefijos a otro ASN y el tema con los RoA
Hola Salvador
Como mencionaste que están involucrados brokers/renters de IP, es claro que estamos hablando de arrendamiento de direcciones IP y es importante aclarar algunos puntos importantes para que nadie esté operando direcciones registradas en la región de LACNIC de manera incorrecta. Con o sin existencia de ROAs para el prefijo en cuestión *en la región de LACNIC* (y en algunas otras regiones del mundo) *no se permite el arrendamiento o préstamo de direcciones IP de un ASN a otro*.
Independiente el motivo, ya sea por escasez de direcciones IPv4 o por otro, no está permitido arrendamiento y no es correcto que una ASN alquile direcciones registradas en la región LACNIC a otra ASN.
Incluso se pueden utilizar prefijos registrados en otras regiones que lo permitan, pero no los registrados en la región de LACNIC.
Las únicas 2 formas de lidiar con este problema aquí son el proceso de Transferencias de prefijos de un ASN a otro de manera definitiva (que puede ser facilitado por un intermediario) o con mayor uso de IPv6 y menor dependencia de IPv4.
Por lo tanto, incluso si la propuesta de política LAC-2020-10 llega a un consenso, no podría usarse para los prefijos de la región de LACNIC si se están arrendando a otra ASN.
Los ASN quien hizo sus prefijos registrados per LACNIC estén disponibles para alquiler a través de un intermediario corren el riesgo de caer en el proceso de recuperación.
Fernando
Em 03/02/2022 15:31, Salvador Bertenbreiter escreveu:
Hola a todos,
Espero estén bien, hay un tema sobre el cual me gustaría iniciar la conversación, IP brokers/renters y certificados RoA.
Due to the exhaustion of IPv4 blocks, new ISPs that are getting their ASN and IPv6 block in LACNIC are needed to obtain at least one IPv4 /24 block with an IP broker (or similar). Because even if they are delivering IPv6 addressing to their clients, they still need even a /24 to raise bgp in IPv4 and then do CG-NAT for that traffic.
The problem I see is that most, at least of the several I've had contact with, of IP brokers (and international carriers that undersign IPs) are not offering to issue a RoA for prefixes that they sub-assign to another ASN, which I think is a problem as it breaks the path to greater adoption of RPKI. How do you think this situation could be improved/solved?
Saludos,
Salvador
_______________________________________________
LACNOG mailing list
LACNOG en lacnic.net <mailto:LACNOG en lacnic.net>
https://mail.lacnic.net/mailman/listinfo/lacnog
Cancelar suscripcion: https://mail.lacnic.net/mailman/options/lacnog
_______________________________________________
LACNOG mailing list
LACNOG en lacnic.net <mailto:LACNOG en lacnic.net>
https://mail.lacnic.net/mailman/listinfo/lacnog
Cancelar suscripcion: https://mail.lacnic.net/mailman/options/lacnog
_______________________________________________
LACNOG mailing list
LACNOG en lacnic.net <mailto:LACNOG en lacnic.net>
https://mail.lacnic.net/mailman/listinfo/lacnog
Cancelar suscripcion: https://mail.lacnic.net/mailman/options/lacnog
_______________________________________________
LACNOG mailing list
LACNOG en lacnic.net <mailto:LACNOG en lacnic.net>
https://mail.lacnic.net/mailman/listinfo/lacnog
Cancelar suscripcion: https://mail.lacnic.net/mailman/options/lacnog
------------ próxima parte ------------
Se ha borrado un adjunto en formato HTML...
URL: <https://mail.lacnic.net/pipermail/lacnog/attachments/20220203/5494b6b6/attachment-0001.htm>
Más información sobre la lista de distribución LACNOG