[lacnog] Subasignación de prefijos a otro ASN y el tema con los RoA
Rubens Kuhl
rubensk en gmail.com
Vie Feb 4 18:08:51 -03 2022
> Your pet-project investigations sound like a good idea.
> Will you please reveal the results of your investigations here for others to
> learn from?
Actually, the main focus is to file complaints with the respective
RIRs for each one found to be suspicious, knowing that most of the
time only the RIR will have all the necessary information to make a
determination.
> Of course we know that many cloud providers advertise blocks belonging to
> their clients, not themselves, and they advertise them under the cloud
> provider's ASN. AWS, Cogent, Oracle, Vultr, etc. Not sure how you would
> differentiate those from leases, but with enough investigation you are sure
> to find smaller, non-cloud provider ASNs advertising space belonging to
> others.
Actually, the first false positive that came to mind was DDoS
mitigation services.
Most of them have a bad habit of advertising their customer prefixes
originating in their ASN.
I saw one case of a cloud provider advertising a client address space
once, and they changed that quickly when they knew they were in
violation of their allocation.
> If you would agree to non-disclosure I will share an ARIN non-legacy block
> being leased by a Latin American client off list as I believe I can acquire
> their permission. They know they are breaking no rules leasing ARIN RSA
> space.
A non-disclosure could put me in a situation of malfeasance if I bump
into something wrong or possibly wrong and then fail to report or
investigate it.
So thanks, but no, thanks.
> You still say non-legacy space is not safely leasable, but you can't point
No, I say that it is not safely leasable wholesale. Every block will
have a different safety profile.
> to any policy or RSA language that prevents RSA addresses from being leased.
Because leasing is not the issue, how it is used is the issue. For
instance, by leasing to a network that has not been verified by the
RIR to have real need is now using those resources, now there is no
verification of such need.
> Only in LACNIC and AFRINIC is there a risk, not that I've ever heard of
> LACNIC addresses revoked for usage differing from the original
> justification. Maybe you have?
I can only talk about generics here that most compliance processes of
ICANN, RIRs and NIRs provide opportunities for fixing a breach of
contract before it goes public. Saying more than that would violate
professional duty.
> If what you say is true (that non-legacy space can't be leased), where is it
> in the RSA or the NRPM of ARIN, RIPE, or APNIC?
Again, this will be different block by block and the point is not the
lease, but the subsequent usage by the lessee.
It is also dependent on the policy manual and RSA in force at time of
allocation.
Rubens
Más información sobre la lista de distribución LACNOG