Operational need for IP address space (Re: An update on the AfriNIC situation)

[John Curran <jcurran () istaff org>]

On 30 Aug 2021, at 9:31 PM, Christopher Morrow <morrowc.lists () gmail com> wrote:
> (I'm going to regret this in the morning, but...)

Perhaps...

> On Mon, Aug 30, 2021 at 8:12 PM Owen DeLong via NANOG <nanog () nanog org <mailto:nanog () nanog org>> wrote:
>
> AFRINIC approves IPv4 for the purpose of leasing every day. It’s what ISPs do. It’s the definition of an LIR.
>
>
> All of the RIR's do this, yes. Also, yes LIR/ISP allocate space to their customers. That space may never be actually 
> seen
> on the ISP/LIR network and may never be seen on the greater Internet...

Quite correct.   The operational need for address space can indeed by “internal”; i.e. not routed on the greater 
Internet. 
 
> Yes, most LIRs are also in the connectivity business and provide addresses (mostly/exclusively) to customers of their 
> connectivity services.
>
>
> If you (royal you) were a datacenter operator and allocated ip space to your customers (machines in racks or vms on 
> machines in racks, etc),
> is there a real difference here if the machines/vms never exposed or used their IP addresses outside if the tiny 
> world they inhabit ? (the rack or machine)
>
> The want of unique addressing is not uncommon, the need for this in the face of M&A or other business requirements 
> isn't new.
> Yes, these addresses may not be used outside of the datacenter, or the rack or the machine, but they are still 
> accounted for in:
>   1) the RIR (to the LIR)
>   2) the LIR (to the customer)
>   3) the customer (on machine/vm)
>
> It's a resource that the LIR/datacenter operator must account for, and must have capacity planning bits/pieces in 
> place to handle.

Also all correct, but I will note that in the above case there is some form of networking services being provided and 
thus require the use of unique addresses to make it happen.   Again, the routing to the greater internet isn’t 
necessarily a component to having the need for IP address space to provide networking services. 

> I think the discussion about 'with connectivity services' is a bit orthogonal. I also think that if there were such a 
> policy requirement
> all RIR and LIR would be in violation of that requirement immediately, so I don't imagine that there's going to be 
> one forthcoming.

You have read “connectivity” to be “routed on the greater Internet” and yet we’re all aware that there are many useful 
networking services that don’t equate - a broadband connection to one’s home may only route a single IP to the greater 
Internet, but all the devices inside still benefit from the network service provided.  Even if the network service 
provided is entirely internal, there is still networking involved and thus an operational need for IP address to make 
such networking work. 

In the ARIN region, if you request IP address space, we assess that per the community-developed Number Resource Policy 
Manual, i.e. <https://www.arin.net/participate/policy/nrpm/ <https://www.arin.net/participate/policy/nrpm/>>   All 
assignments are made accordingly to “operational need” even to this day - i.e. you have to have some actual networking 
requirement if you are to be issued an IP address block, although this doesn’t equate to “must be routed on the public 
Internet”.   

Do we have parties who postulate their operational need based on entirely internal services, or services that live 
within virtual devices in a data center?   Sure…  and some of these are indeed legitimate and fulfilled per policy.  We 
also have folks who get creative and make similar requests for purposes of obtaining address blocks from ARIN – absent 
any bona fide networking need –for subsequent monetization and these reviewed, revoked, and can be referred to criminal 
fraud proceedings.   

For those who need IP address blocks for their network operation, it’s really not complicated – you can call, email, or 
chat with the ARIN Helpdesk and we’ll work you through it.   I don’t know about the policy in the other region, but can 
state unequivocally that if you call with the need for IP address space for an actual operational networking situation, 
we’ll do our best to help you with your request and get it approved based on whatever the policies allow.   I can also 
say that if one's purported operational need for address space is "for reassignment to customers but completely absent 
any networking service”, then don’t bother applying to ARIN – the policies do not provide for issuance under such 
circumstances and have never in the ARIN region.   

FYI,
/John

John Curran
President and CEO
American Registry for Internet Numbers