North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Net-block issues

  • From: Roeland Meyer
  • Date: Wed Aug 15 11:20:45 2001

|> From: Elisabeth Porteneuve [mailto:[email protected]]
|> Sent: Wednesday, August 15, 2001 1:58 AM

|>     The rivers of comments has been sent out about domain
|>     names, there is a dangereous silence about IP numbers.

It is with wry amusement that I have been following the MAPs debate, on
NANOG, recently. Then you make this comment, it couldn't dove-tail more
beautifully. Those that do not know what MAPs is, please review 

The fundimental function is to create blacklists used for various filtering
of IP blocks. While this sounds innocuous on its face, MAPS has recently
announced intention of charging for their service, in order to raise money
for legal fees (they are under legal attack). Until now, Paul Vixie has been
the main funder of MAPs.

The problem is that MAPS was distributing the lists and there were many
local copies, within places like EarthLink and AOL. As long as those copies
are maintained by MAPS, this is not a serious problem. They have an
efficient and timely distribution mechanism. The result of an net-block
being listed in MAPS is that entire chunks of the Internet cannot reach that
net-block. This is done at the provider level. The effects are global in
that they over-ride ARIN, RIPE, and APNIC.

The problem arises when there are stale entries in the black-list. In fact,
the danger has always been, the issue of stale entries. The effect, given
MAPS market-share, is that a net-block can be issued, to a new business,
that may be perfectly useless and neither the ISP or the business knows
about it until it is too late. I might point out that a similar problem can
occur with DNs, so it is not entirely an PSO issue. There are now stale
entries, in abundance, because many providers are still evaluating the new
cost issues. Meanwhile, they have disconnected from the distro system and
aren't having their black-lists updated. Ergo, they have stale entries.

What this, in effect, does is to over-ride various registry policies. Names
and net-blocks that are issued may not, in fact, be issued. Names are not a
serious cost issue and they can, with some logistical difficulty, be
re-issued. However, net-blocks cost over $1US/month (at the ISP level), or
$2500/year from ARIN (the US registry), and they are not all that plentiful.

The fundimental process disconnect here is that, IMHO, the various
registries should be performing the MAPS function as part of their policy
enforcement mechanism. This is not written into any of the
registrar/registry agreements.

If anything argues for a centralised systems approach, the MAPS
functionality does. IMHO, this makes it an ICANN issue. Yes, this also
politicizes it somewhat. No, some NANOG denizens won't like it and that is

R O E L A N D  M J  M E Y E R
Managing Director
Morgan Hill Software Company
t:01 925 373 3954
c:01 925 352 3615
f:01 925 373 9781