[lacnog] Subasignación de prefijos a otro ASN y el tema con los RoA

[Fernando Frediani]

On 04/02/2022 19:22, Mike Burns wrote:
> Hi Fernando,
>
> The point of this list is to educate and discuss.
> I have pointed out very clearly that leasing is not a justification to
> receive more ARIN addresses, you are just repeating what I said. In fact the
> proposal I linked earlier describes that situation exactly.
>
> When one side of the argument is wrong and the other side is right, winning
> the argument educates the list.
> That's not the point, however, and I agree with you there.
>
> The readers of this list should go away with the knowledge that leasing RSA
> addresses and receiving an ROA is something done every day and breaks no
> rules for addresses registered in ARIN, RIPE, and APNIC. And that those
> blocks can be used anywhere, regardless of where they are registered.
Sorry, but for APNIC that remains untrue.

Even if it is a common practice from you knowledge, I suggest you check 
it officially with APNIC in order to avoid people leasing APNIC blocks 
to not get in trouble. APCNIC already said it they do not recognize 
leasing as a justification not only to receive allocations but to keep 
them for that usage. I will share below part of the response that 
explains it well:

"/To receive resources for the purpose of “leasing” them to other 
parties is not recognised under APNIC policies as an acceptable use. 
Fundamental to our commitment to a global, open, stable and secure 
Internet that serves the entire Asia Pacific region, APNIC resource are 
delegated based on demonstrated needs.  In order to receive resources 
(by allocation from APNIC or through transfer from others), the 
recipient must demonstrate their need for those resources by describing 
the proposed use of the resources in some specific network 
infrastructure which they own or control. *Implicitly, the recipient 
could not receive addresses for subsequent reallocation to other 
purposes, because the actual use of the addresses would be unknown and 
cannot be subjected to the required assessment of the need*. //
//APNIC policies also state that if the declared use of allocated 
resources changes fundamentally, then the resources may be subject to 
reclamation by APNIC/"

Regards
Fernando

>
> Regards,
> Mike
>
>
>
>
>
> -----Original Message-----
> From: LACNOG<lacnog-bounces en lacnic.net>  On Behalf Of Fernando Frediani
> Sent: Friday, February 04, 2022 4:54 PM
> To:lacnog en lacnic.net
> Subject: Re: [lacnog] Subasignación de prefijos a otro ASN y el tema con los
> RoA
>
> As I said - as far as I know, but I am not entirely sure about it in that
> case.
> It has been said already on some discussions that ARIN non-legacy blocks may
> not go under a revocation process if they are found to be leased, however
> leasing is NOT a accepted justification to receive them from ARIN (which is
> quiet obvious). For legacy blocks I am not entirely sure how it works in
> regards the RIR RSAs, that's why I am not commenting on that topic
> specifically.
>
> By the way, when I go into these discussions I don't treat it as a battle to
> win a trophy or something, but rather to help clarify things for people
> reading it and that are committed to do things rightly be able to keep that
> up with their agreements and contracts they sign.
> making sure the policies and contracts that apply to each RIR keep being
> respected should be the focus, not simply win the argument.
>
> Regards
> Fernando
>
> On 04/02/2022 18:27, Mike Burns wrote:
>> Hi Rubens,
>> " As far as I now, unfortunately in ARIN there is not currently
>> impediment to lease ARIN non-legacy blocks."
>> Fernando just acknowledged that renting ARIN RSA space is not a
>> problem, yet you persist in your delusions.
>>
>> Sounds like you're unwilling to share your investigation results.
>> If you are going to complain about them why not make them public?
>>
>> I think you should concede on the legacy issue. You lost.
>>
>> Regards,
>> Mike
>>
>>
>>
>>
>>
>>
>>
>> -----Original Message-----
>> From: LACNOG<lacnog-bounces en lacnic.net>  On Behalf Of Rubens Kuhl
>> Sent: Friday, February 04, 2022 4:09 PM
>> To: Latin America and Caribbean Region Network Operators Group
>> <lacnog en lacnic.net>
>> Subject: Re: [lacnog]
>>         Subasignación de
>> prefijos a otro ASN y el tema con los RoA
>>
>>> Your pet-project investigations sound like a good idea.
>>> Will you please reveal the results of your investigations here for
>>> others to learn from?
>> Actually, the main focus is to file complaints with the respective
>> RIRs for each one found to be suspicious, knowing that most of the
>> time only the RIR will have all the necessary information to make a
> determination.
>>
>>> Of course we know that many cloud providers advertise blocks
>>> belonging to their clients, not themselves, and they advertise them
>>> under the cloud provider's ASN.  AWS, Cogent, Oracle, Vultr, etc. Not
>>> sure how you would differentiate those from leases, but with enough
>>> investigation you are sure to find smaller, non-cloud provider ASNs
>>> advertising space belonging to others.
>> Actually, the first false positive that came to mind was DDoS
>> mitigation services.
>> Most of them have a bad habit of advertising their customer prefixes
>> originating in their ASN.
>> I saw one case of a cloud provider advertising a client address space
>> once, and they changed that quickly when they knew they were in
>> violation of their allocation.
>>
>>> If you would agree to non-disclosure I will share an ARIN non-legacy
>>> block being leased by a Latin American client off list as I believe I
>>> can acquire their permission. They know they are breaking no rules
>>> leasing ARIN RSA space.
>> A non-disclosure could put me in a situation of malfeasance if I bump
>> into something wrong or possibly wrong and then fail to report or
> investigate it.
>> So thanks, but no, thanks.
>>
>>> You still say non-legacy space is not safely leasable, but you can't
>>> point
>> No, I say that it is not safely leasable wholesale. Every block will
>> have a different safety profile.
>>
>>> to any policy or RSA language that prevents RSA addresses from being
>> leased.
>>
>> Because leasing is not the issue, how it is used is the issue. For
>> instance, by leasing to a network that has not been verified by the
>> RIR to have real need is now using those resources, now there is no
>> verification of such need.
>>
>>
>>> Only in LACNIC and AFRINIC is there a risk, not that I've ever heard
>>> of LACNIC addresses revoked for usage differing from the original
>>> justification. Maybe you have?
>> I can only talk about generics here that most compliance processes of
>> ICANN, RIRs and NIRs provide opportunities for fixing a breach of
>> contract before it goes public.  Saying more than that would violate
> professional duty.
>>> If what you say is true (that non-legacy space can't be leased),
>>> where is it in the RSA or the NRPM of ARIN, RIPE, or APNIC?
>> Again, this will be different block by block and the point is not the
>> lease, but the subsequent usage by the lessee.
>> It is also dependent on the policy manual and RSA in force at time of
>> allocation.
>>
>>
>> Rubens
>> _______________________________________________
>> LACNOG mailing list
>> LACNOG en lacnic.net
>> https://mail.lacnic.net/mailman/listinfo/lacnog
>> Cancelar suscripcion:https://mail.lacnic.net/mailman/options/lacnog
>>
>> _______________________________________________
>> LACNOG mailing list
>> LACNOG en lacnic.net
>> https://mail.lacnic.net/mailman/listinfo/lacnog
>> Cancelar suscripcion:https://mail.lacnic.net/mailman/options/lacnog
> _______________________________________________
> LACNOG mailing list
> LACNOG en lacnic.net
> https://mail.lacnic.net/mailman/listinfo/lacnog
> Cancelar suscripcion:https://mail.lacnic.net/mailman/options/lacnog
>
> _______________________________________________
> LACNOG mailing list
> LACNOG en lacnic.net
> https://mail.lacnic.net/mailman/listinfo/lacnog
> Cancelar suscripcion:https://mail.lacnic.net/mailman/options/lacnog
------------ próxima parte ------------
Se ha borrado un adjunto en formato HTML...
URL: <https://mail.lacnic.net/pipermail/lacnog/attachments/20220204/2b831614/attachment-0001.htm>