[lacnog] Subasignación de prefijos a otro ASN y el tema con los RoA

Fernando Frediani fhfrediani en gmail.com
Jue Feb 3 18:15:51 -03 2022


In this case I am not concerned to support it really. Those who may be
violating the policy in this regard should be more concerned.

Important is make people know this is official and those who are willing to
take the chances regardless may be at risk to go under a revokation process.
This may help people who may not be aware of these restrictions to keep
operating under the current rules they agreed to when they signed their
contracts with the RIR.

As I said on my initial response, even if the ROAs are correctlly published
for whatever ASN, if those prefixes covered are LACNIC (or any other RIR
the phroibits leasing) registered ones and are being used for leasing the
ROAs makes no difference.

Having that in mind people willing to use leased prefixes with ROAs can
look into these details to make sure there is nothing wrong before they
commit to anything that may affect their operation.

Fernando

On Thu, 3 Feb 2022, 18:00 Mike Burns, <mike en iptrading.com> wrote:

> Hi Fernando,
>
>
>
> Maybe you should stop making pronouncements which you can’t support?
>
> At least  you see now that the practice of creating ROAs for leased blocks
> is easily accomplished.
>
> ROAs that specify a foreign ASN as permitted to advertise the block are
> required by Amazon and Oracle.
>
>
>
> As you can see below, Salvador’s initial question revolved around the
> ability to acquire ROAs for leased blocks.
>
> In thinking this wasn’t possible, he was concerned about RPKI’s progress.
>
>
>
> Now he knows that there are lessors who will offer ROAs and that there is
> nothing unusual in that practice.
>
>
>
> Regards,
>
> Mike
>
>
>
>
>
>
>
> *From:* LACNOG <lacnog-bounces en lacnic.net> *On Behalf Of *Fernando
> Frediani
> *Sent:* Thursday, February 03, 2022 3:47 PM
> *To:* lacnog en lacnic.net
> *Subject:* Re: [lacnog] Subasignación de prefijos a otro ASN y el tema
> con los RoA
>
>
>
> Hi Mike
>
> I will not provide it right now. If you don't believe and wish to get a
> strong evidence I suggest you consult LACNIC directly and take the chances
> in the case you are participating on this type of activities.
>
> Regarding the AWS example if the prefixes are used under those
> circunstances I saw no problem with it as long the resource holder can
> prove that if asked by the RIR.
>
> Regards
> Fernando
>
> Em 03/02/2022 17:42, Mike Burns escreveu:
>
> Please, for the third time, can you provide a link to anything but your
> own opinion?
>
> Leasing is allowed in ARIN, in RIPE, and in APNIC without question.
>
> Can I get the LACNIC link prohibiting it?
>
>
>
> With the AWS thing, at least you acknowledge there is no inherent problem
> with the advertising of blocks under an ASN not the same as the block owner.
>
> So there is some progress…
>
>
>
>
>
>
>
> *From:* LACNOG <lacnog-bounces en lacnic.net> <lacnog-bounces en lacnic.net> *On
> Behalf Of *Fernando Frediani
> *Sent:* Thursday, February 03, 2022 3:36 PM
> *To:* lacnog en lacnic.net
> *Subject:* Re: [lacnog] Subasignación de prefijos a otro ASN y el tema
> con los RoA
>
>
>
> Hi, you don´t need to believe me, you need to believe LACNIC.
> If you still don't then I suggest you tell them some LACNIC registered
> prefixes that are currently leased to another ASN to make a little test.
>
> AWS case is a completely different scenario. That´s not a leasing. Their
> customer, which is the rightful resource holder of those prefixes wish to
> use them inside AWS environment so there is no problem for them to use
> their own prefixes there. In those cases if the resource holder is using
> those prefixes according to what they have been justified for then all if
> good.
>
> Fernando
>
> Em 03/02/2022 17:29, Mike Burns escreveu:
>
> You keep stating it’s prohibited, but I don’t believe  you.
>
> Can you provide links supporting your statements?
>
> What do you say about AWS and other cloud providers advertising their
> clients’ addresses  under the AWS ASN?
>
>
>
>
>
>
>
>
>
> *From:* LACNOG <lacnog-bounces en lacnic.net> <lacnog-bounces en lacnic.net> *On
> Behalf Of *Fernando Frediani
> *Sent:* Thursday, February 03, 2022 3:14 PM
> *To:* lacnog en lacnic.net
> *Subject:* Re: [lacnog] Subasignación de prefijos a otro ASN y el tema
> con los RoA
>
>
>
> Leasing is prohibited for LACNIC registered prefixes and LACNIC already
> confirmed it, either is is good or not to broker business. If you don't
> believe I invite you to publish LACNIC registered prefixes from
> organizations you have knowledge and that are currently rented to other
> ASNs so they can "have a look". And to make it more clear in AfriNic and
> APNIC regions it is also prohibited there. Even if you can point it is
> being done over there in some cases, thankfully it is prohibited.
>
> If you dint's understand it clear my response to Salvador is to warn that
> as there is a leasing involved it cannot be used with LACNIC prefixes
> independent if there is a ROA or not. My point was not specifically about
> the ROA but about something that comes before it and is more important.
>
> Fernando
>
> Em 03/02/2022 16:48, Mike Burns escreveu:
>
> Untrue, leasing is not prohibited, if it were, there wouldn’t be sites
> like ipxo.com.
>
> Do a google search for “ipv4 leasing” and see how prohibited it is.
>
> Fernando, can you do us the favor of pointing out where leasing is
> prohibited in policy or law?
>
> I have already told you that advertising blocks under the ASN of
> non-owners of the block is perfectly acceptable and commonplace among cloud
> providers who offer “bring-your-own-addresses” services, like Oracle and
> AWS.
>
>
>
> Salvador, you can certainly get ROAs for leased blocks, except where RPKI
> is prohibited, as it is for ARIN legacy holders who haven’t signed a
> registration agreement.
>
>
>
> If you need to lease blocks with an ROA, it is not difficult to find
> lessors that will offer that.
>
>
>
> Regards,
> Mike Burns
>
>
>
>
>
> *From:* LACNOG <lacnog-bounces en lacnic.net> <lacnog-bounces en lacnic.net> *On
> Behalf Of *Fernando Frediani
> *Sent:* Thursday, February 03, 2022 2:27 PM
> *To:* lacnog en lacnic.net
> *Subject:* Re: [lacnog] Subasignación de prefijos a otro ASN y el tema
> con los RoA
>
>
>
> Hola Salvador
>
> Como mencionaste que están involucrados brokers/renters de IP, es claro
> que estamos hablando de arrendamiento de direcciones IP y es importante
> aclarar algunos puntos importantes para que nadie esté operando direcciones
> registradas en la región de LACNIC de manera incorrecta. Con o sin
> existencia de ROAs para el prefijo en cuestión *en la región de LACNIC* (y
> en algunas otras regiones del mundo) *no se permite el arrendamiento o
> préstamo de direcciones IP de un ASN a otro*.
>
> Independiente el motivo, ya sea por escasez de direcciones IPv4 o por
> otro, no está permitido arrendamiento y no es correcto que una ASN alquile
> direcciones registradas en la región LACNIC a otra ASN.
> Incluso se pueden utilizar prefijos registrados en otras regiones que lo
> permitan, pero no los registrados en la región de LACNIC.
>
> Las únicas 2 formas de lidiar con este problema aquí son el proceso de
> Transferencias de prefijos de un ASN a otro de manera definitiva (que puede
> ser facilitado por un intermediario) o con mayor uso de IPv6 y menor
> dependencia de IPv4.
> Por lo tanto, incluso si la propuesta de política LAC-2020-10 llega a un
> consenso, no podría usarse para los prefijos de la región de LACNIC si se
> están arrendando a otra ASN.
>
> Los ASN quien hizo sus prefijos registrados per LACNIC estén disponibles
> para alquiler a través de un intermediario corren el riesgo de caer en el
> proceso de recuperación.
>
> Fernando
>
> Em 03/02/2022 15:31, Salvador Bertenbreiter escreveu:
>
> Hola a todos,
>
> Espero estén bien, hay un tema sobre el cual me gustaría iniciar la
> conversación, IP brokers/renters y certificados RoA.
>
>
>
> Due to the exhaustion of IPv4 blocks, new ISPs that are getting their ASN
> and IPv6 block in LACNIC are needed to obtain at least one IPv4 /24 block
> with an IP broker (or similar). Because even if they are delivering IPv6
> addressing to their clients, they still need even a /24 to raise bgp in
> IPv4 and then do CG-NAT for that traffic.
>
>
>
> The problem I see is that most, at least of the several I've had contact
> with, of IP brokers (and international carriers that undersign IPs) are not
> offering to issue a RoA for prefixes that they sub-assign to another ASN,
> which I think is a problem as it breaks the path to greater adoption of
> RPKI. How do you think this situation could be improved/solved?
>
>
>
>  Saludos,
>
>
>
> Salvador
>
>
>
> _______________________________________________
>
> LACNOG mailing list
>
> LACNOG en lacnic.net
>
> https://mail.lacnic.net/mailman/listinfo/lacnog
>
> Cancelar suscripcion: https://mail.lacnic.net/mailman/options/lacnog
>
>
>
>
> _______________________________________________
>
> LACNOG mailing list
>
> LACNOG en lacnic.net
>
> https://mail.lacnic.net/mailman/listinfo/lacnog
>
> Cancelar suscripcion: https://mail.lacnic.net/mailman/options/lacnog
>
>
>
> _______________________________________________
>
> LACNOG mailing list
>
> LACNOG en lacnic.net
>
> https://mail.lacnic.net/mailman/listinfo/lacnog
>
> Cancelar suscripcion: https://mail.lacnic.net/mailman/options/lacnog
>
>
>
> _______________________________________________
>
> LACNOG mailing list
>
> LACNOG en lacnic.net
>
> https://mail.lacnic.net/mailman/listinfo/lacnog
>
> Cancelar suscripcion: https://mail.lacnic.net/mailman/options/lacnog
>
> _______________________________________________
> LACNOG mailing list
> LACNOG en lacnic.net
> https://mail.lacnic.net/mailman/listinfo/lacnog
> Cancelar suscripcion: https://mail.lacnic.net/mailman/options/lacnog
>
------------ próxima parte ------------
Se ha borrado un adjunto en formato HTML...
URL: <https://mail.lacnic.net/pipermail/lacnog/attachments/20220203/311c3d0b/attachment-0001.htm>


Más información sobre la lista de distribución LACNOG