Slashdot Mirror
Court Says Customers May Take IPs Away From ISP
Jeremy Kister writes "According to a post on the North American Network Operators Group mailing-list, The State of New Jersey has issued a temporary restraining order, allowing a former customer of Net Access Corporation (NAC) to take non-portable IP Address space (issued from ARIN), away from NAC." The post argues: "This is a matter is of great importance to the entire Internet community. This type of precedent is very dangerous. If this ruling is upheld it has
the potential to disrupt routing throughout the Internet, and change practices of business for any Internet Service Provider."
Hands up who understands the legal concept of a temporary restraining order?
Answer : It's temporary, to make sure neither party suffers to greatly until the Actual Judgement gets made.
Nothing to see here, move along.
Athletic Scholarships to universities make as much sense as academic scholarships to sports teams.
Full article text - minus karma whoring.
There has been a Temporary Restraining Order (TRO) issued by state court
that customers may take non-portable IP space with them when they leave
their provider. Important to realize: THIS TEMPORARY RESTRAINING ORDER HAS
BEEN GRANTED, AND IS CURRENTLY IN EFFECT. THIS IS NOT SOMETHING THAT COULD
HAPPEN, THIS IS SOMETHING THAT HAS HAPPENED. THERE IS AN ABILITY TO
DISSOLVE IT, AND THAT IS WHAT WE ARE TRYING TO DO.
This is a matter is of great importance to the entire Internet community.
This type of precedent is very dangerous. If this ruling is upheld it has
the potential to disrupt routing throughout the Internet, and change
practices of business for any Internet Service Provider.
In the TRO, the specific language that is enforced is as follows:
"NAC shall permit CUSTOMER to continue utilization through any
carrier or carriers of CUSTOMER's choice of any IP addresses that were
utilized by, through or on behalf of CUSTOMER under the April 2003
Agreement during the term thereof (the "Prior CUSTOMER Addresses") and
shall not interfere in any way with the use of the Prior CUSTOMER
Addresses, including, but not limited to:
(i) by reassignment of IP address space to any customer;
aggregation and/or BGP announcement modifications,
(ii) by directly or indirectly causing the occurrence of
superseding or conflicting BGP Global Routing Table entries; filters
and/or access lists, and/or
(iii) by directly or indirectly causing reduced prioritization or
access to and/or from the Prior CUSTOMER Addresses, (c) provide CUSTOMER
with a Letter of Authorization (LOA) within seven (7) days of CUSTOMER's
written request for same to the email address/ticket system
(network@nac.net), and (d) permit announcement of the Prior CUSTOMER
Addresses to any carrier, IP transit or IP peering network."
We believe this order to be in direct violation of ARIN policy and the
standard contract that is signed by every entity that is given an
allocation of IP space. The ARIN contract strictly states that the IP
space is NOT property of the ISP and can not be sold or transferred. The
IP blocks in question in this case are very clearly defined as
non-portable space by ARIN.
Section 9 of ARIN's standard Service Agreement clearly states:
"9. NO PROPERTY RIGHTS. Applicant acknowledges and agrees that the
numbering resources are not property (real, personal or intellectual) and
that Applicant shall not acquire any property rights in or to any
numbering resources by virtue of this Agreement or otherwise. Applicant
further agrees that it will not attempt, directly or indirectly, to obtain
or assert any trademark, service mark, copyright or any other form of
property rights in any numbering resources in the United States or any
other country."
[ Full ARIN agreement http://www.arin.net/library/agreements/rsa.pdf ]
Further, it is important to realize that this CUSTOMER has already gotten
allocations from ARIN over 15 months ago, and has chosen not to renumber
out of NAC IP space. They have asserted that ARIN did not supply them with
IP space fast enough to allow them to renumber. Since they have gotten
allocations from ARIN, we are confident they have signed ARIN's RSA as
well, and are aware of the above point (9).
If this ruling stands and a new precedent is set, any customer of any
carrier would be allowed to take their IP space with them when they leave
just because it is not convenient for them to renumber. That could be a
single static IP address for a dial-up customer or many thousands of
addresses for a web hosting company. This could mean that if you want to
revoke the address space of a spammer customer, that the court could allow
the customer to simply take the space with them and deny you as the
carrier (and ARIN) their rights to control the space as you (and ARIN)
However, this became a big problem as the Internet grew and grew, and the BGP tables grew and grew, so finally companies stopped doing this, and now IP ranges are considered to be not portable unless they're a certain size. `CIDRize or die' was the saying ... and people chose not to die.
The court needs a clue though. As does the customer who asked for the TRO -- they'll find that many (most?) ISPs will not route to their IP range at their new ISP, in spite of what the court said. I guess their old ISP could set up a VPN for them, but I'm guessing they won't.
Not.Not exactly. If I want to send you to my web site, I don't give you my IP address, I give you my host name. However, if I want you to call my cell, I have to give you my cell phone number. Therefore, in order to change cell phone numbers, I would have to contact people outside my control. If I have a sane network, I control the assignment of hostnames to IP addresses. That means that I can switch IP's "easily" but can't switch cell phones easily.
Go Badgers! -- #include "std/disclaimer.h"
I'm afraid it rather is like taking your home address (or zip code) with you.
The reason is that the internet core routers already have over 100.000 entries in the IPv4 routing table. When routing millions of packets a second, the router needs to do millions of route lookups a second.
This still works (barely) because the number of entries in the routing table (think of them as zip codes) can be looked up easily. If the postal service had portable, personal zip codes, the zip code system would also be completely useless...
Beyond a certain point, there is simply no physical way that you could fit all the routing table entries in a cache that can be accessed fast enough to look up the routing table entries as fast as the packets come in.
I'm sure the state of New Jersey will legislate a higher speed of light to get around this problem, but that's not going to fix it for the rest of us...
The problem is that if IP addresses are well aggregated, all a BGP-speaking router (that's the big ones in the core) needs to know is "for this very large block of addresses, use interface A; for that very large block of addresses, use interface B; for this other very large block of addresses, use interface A again." That is your routing table, it takes processor time to traverse for every packet, and it's growing; and if sizeof(routing table)*sizeof(traffic throughput) grows faster than Moore's law, it gets rather troublesome for the internet.
If you route geographically or per end-user or (shudder) per person, the number of entries that your core router has to potentially traverse explodes. This is the essence of CIDR, and we have separate naming (i.e. DNS) and routing (i.e. IP addresses) specifically so that end users may have a portable name irrespective of the routing infrastructure.
In the phone system, where naming and addressing are both conflated into your phone number, it's a lot more painful. (All of a sudden there isn't a simple programmatic way of mapping a three-digit prefix to to the operator that will handle the call.)
The problem of routing table size remains regardless of the size of the IP space - IPv6 will solve a lot of problems, but this isn't one of them.
...it looks like they may have actually tried. D'oh! Didn't see that little paragraph in there.
Though the claim about the Alabama state legislature is pure nonsense, it is similar to an event that happened more than a century ago. In 1897 the Indiana House of Representatives unanimously passed a measure redefining the area of a circle and the value of pi. (House Bill no. 246, introduced by Rep. Taylor I. Record.) The bill died in the state Senate.
I spent half my day yesterday reading the NANOG thread related to this. Knew I should have submitted it. =)
Anyways, the customer wanted to avoid renumbering their network computers. Their argument was that there is a significant amount of inconvenience involved in renumbering their network. (Yes, we all know how easy it would be to use a NAT. The judge obviously does not.) The original NANOG discussion started here.
I think they were also leveraging a supposed anti-competitiveness nature to non-portable IP space. Yes, that's right. One of a bajillion ISP's is hurting competition by following the globally accepted rules of the Internet that is the foundation of CIDR.
--LordPixie
The company in question is Pegasus Web Technology run by a Mr. Jason Silvergate.
-davidu
# Hack the planet, it's important.
Interesting paralell.. lets fix it up, and it'll be usable.
:)
IP is not a phone number. It's an address. Such as "123 Baker St, State, Country". IPv4 can be thought of as being of the form Country.State.Street.Number (except with numbers from 1-255 for each field).
IRL, Hostname is like a name in a guide to the city, like "Joe's pizzaria", that you want to get to. On the net, it's a website like "www.yahoo.com" that you want to get to.
IRL, a DNS server would be an addressbook. It tells you Joe's pizzaria is at 123 Baker St. If Joe's pizzaria moves, the addressbook can be updated, and can tell subsequent users that Joe's pizzaria is at 456 Main St. Likewise, it will tell you that "www.yahoo.com" is at 15.234.43.23
With the above descriptions, even the n00bs can feel smart, and think they understand the whole interweb thing..
DJ kRYPT's Free MP3s!
Please read RFC 2772. Having portable IP addresses the way you describe is explicitly forbidden with IPv6, for good technical reasons!
In my experience this happens particularly often if, when changing DNS records and TTLs, one forgets to increase the serial number - which tells the querying server that something *has* changed.
I'd expect a caching server to disregard a short TTL as it would defy the purpose.
No, it won't help. With either IPv6 or IPv4, you still need the global routing table entries. That's where the problem is. The global routers will say something like 1.2.3.0/24 are routed to some network equipment in New Jersey. With this ruling, those same global tables in all those routers need to add another entry for a particular IP address in that range to instead go to some other providor. Now imagine if everyone kept their own personal IP address. Those tables wouldn't be able to cleanly route chunks of the IP address space to the ISPs using them, but instead must be filled with tons and tons of rules for individual addresses.
IPv6 works in a very similar fashion. The only difference between IPv6 and IPv4 in terms of the routing is that the address ranges/chunks are much more abundant and much larger. If anything, IPv6 will make it flat out impossible for the Internet to work if people keep personal IP addresses, because there is no possible way the routers could handle the mapping tables.
Ranges need to be kept to individual ISPs as they are now. AT&T leases a big chunk of several billion IPv6 addresses and then assigns those as they see fit to their customers and internal network equipment. All the global routers need to know then is that any address in that chunk AT&T leases just gets routed along to AT&T's network. If a customer leaves AT&T, they need to get an IP address in the range of their new ISP. Otherwise, the new ISP needs to add tons of special routing rules to their equipment, AT&T needs to add tons of special routing rules to their equipment, the backbones and global routers need special rules, anyone that has any rules regarding AT&T and/or the new ISP would need special rules added, etc.
I just love people who have no idea what they are talking about trying real hard.
Everything these days is done with DNS. anyone sutpid enough to go to a site via IP address is brainless and should get a nice web page telling them connection refused. Heck, I even have auto updating DDNS to my home cable modem line, I don't even type in an IP address to hit my home machine. In addition to that, would you buy something from a company that says Cheap cd's.. come to our website at https://10.11.12.13/sendusyourcreditcardinfo.html ? Nope, you wouldn't.
These ISP's are contractually assigned these addresses by ARIN, they do not have any ownership of the addresses. Depending on the size of the block of addresses, and their colo setup they could have to disrupt the address range much longer than a simple changing of IP addresses and a TTL expiration on a DNS server.
There are a ton of technical reasons this is a very bad idea(tm) if it gets as bad as people taking individual addresses with them you will never be able to get anywhere becuase BGP tables will become so huge current routers won't hold them.
Just three more hours seapeople and you can finally take me away from this crappy God Damned planet full of hippies
dig a cached entry out of an AOL nameserver sometime ...
slashdot: where everyone yells sarcastic metaphors to themselves to understand the issue
Agreed. I have seen this especially on AOL. I guess that is the price you have to pay for having probably the worst ISP out there. I also noticed this from people running OLD versions of Microsoft proxy server. You would think after all of these years AOL would get a clue about how DNS really works. I can understand caching it for a day or two, but weeks? One solution would be to leave a server or two at the old address, and that is what I have done in the past. Not feasible for everyone, but if you are worried about the few...
Yes, I am an agent of Satan, but my duties are largely ceremonial.
Haven't seen this mentioned here already, but a small update is that according to a later NANOG post, ARIN's legal eagles will be taking up this case.
This is good news.
ifconfig eth0 -hw ether xx:xx:xx:xx:xx
... and now Jenny.com is flooded with pings from slashdot users curious to see if its IP really is 86.75.30.9.
:(
(It's not)
IANAL, but
/32 increments, and indeed, a naive reading of the article might indicate that if I assign a client, and that client sues, the routing table of the internet might soon have 2^32 routes, and most routers crash.
1) the article seems to say a different thing than the actual TRO
2) I'll explain why if the court had ruled like the article said, we'd be in deep shit, and second, I'll document my understand of the TRO
The main difference is that your cell phone company can't lose your cell phone number without a major cause. ARIN can decide to remove any number at its wish, meaning that someone could go to court, trying to block an ARIN reassignment from Provider ISP, even if they are the CAUSE of that reassignment. Say if client is not using 80% of its space, and ARIN, who granted that space(ARIN may grant space in many forms, but most ISPs prefer contiguous blocks, for routing reasons.), then when the Provider notifies the client that they messed up, asking for too large a block from them, the client could try to sue, thereby interfering with the priorly business-as-usual motions of ARIN-Provider-Client.
IP addresses are assigned to your provider by ARIN/RIPE/APNIC and may be taken away from them at a moment's notice. They are also organized in network topologies, meaning that if the ruling stands, the entire routing of the Internet has to be re-thought.
Well ok, just migrating everyone to IPv6, and using v6-to-v4 tunnels might do the trick, Provided the judge doesn't make the claim you own your v4 address too, which with dynamic addresses, would get messy even faster.
Also, for that matter, what about static dhcp addresses, addresses that are assigned by a dynamic method, but keep up coming to the same value for a specific client, does the ruling say the client own them? If they do, I can imagine a whole bunch of dsl providers going "no we don't offer static ips anymore".
And that's because the ISP, which is responsible for routing, and for making sure the routing is coherent, and router-friendly, and that their own AS is reachable, is no longer involved in the assignment of those ips.
The only people who actually use ip addresses, and who have trouble with numbers, are people who operate nameservers, since their job is to offer address to name translation, so having their address be static is a requirement of the job, so they can be found. Now some of those are assigned in
Ruling that they own that ip address, considering the contracts between Arin and suppliers, means all those contracts have been invalidated. If I was ARIN, I'd be very very afraid right now. If you can own a block, what will you do if ARIN takes a block back for lack of use? Sue them of course, it's what the court just indicated by rendering your lease of those ips unenforceable, by virtue of saying you could own your ip numbers.
Now, I'm not sure why, but the article makes no mention that the the court issued a temporary restraining order, until migration is complete.
That means NAC has to offer ip forwarding for a limited time, to help migration, especially since the client applied to own ips at ARIN directly already.
The restraining order also looks(But IANAL) written in such as way as to prevent guerilla action on the part of NAC against the client, more than anything.
I do find it interesting that (I've done a lot of moves for my clients in similar situations, although perhaps smaller than this particular client) the client preferred to go to court, instead of putting pressure on NAC to renew at current prices, while preparing it's migration. 45 days is certainly not a lot of time for a truly large network, but just how many days did they win by going to court, including the TRO and the remand to higher court?
Although, maybe they just wanted some insurance, considering the penalties that NAC would incur if the client was down without "due cause". The amount in dollars for an 8-hour or more outage would certainly help with migra
Actually, IP addresses are like what phone numbers used to be. Back in Ye Olden Days, you phone number essentially described the physical location of the wire pair that delivered your dialtone. A phone number of 471-1234 meant your pair was out of Central Office 47, sub area 1, pair 1234. You could change your last 4 digits, but not your 3 digit prefix, as the prefix designated the physical building where the 10,000 pairs serving your area lived. This is still the case for landlines in many areas (my boss had his shop in 471, but moved a half mile south and Verizon made him change to 477). Portability is possible with wireless phones because (by definition) they aren't tied to any particular physical location. Since a certain degree of soft routing already has to happen to get the call to the cell nearest you, it's not much of a leap to allow routing to other providers.
IP addresses aren't like that, though. They were never designed to be soft routed. That's what DNS is for. They IP address, in the end, is a number pinpointing the exact location of a physical circuit. There is no system below the IP address level to perform the necessary redirection. You can forward traffic from the old IP address to the new, but you can't take the old IP address with you.
If a job's not worth doing, it's not worth doing right.
Well, if you read the court documents, you'll see that the guy suing the ISP is in a bad position; he's selling webhosting to people who sell webhosting to others on servers coloed at the ISP. He's a useless middleman in the deal & has refused attempts at being bought out by the ISP already.
The basis of his case is that he is completely dependant upon the ISP to do his business & they're rasing his rates to a point where he can't keep his business going, possibly in order to force him to sell. I'm not going to say that the ISP is being nice, but they're not entirely out of line.
Even with the network being temporarily re-routed, this guy is fucked; he has a single supplier for what he's selling & his supplier wants to start selling directly to his customers. If he was smart, he'd have set up his own datacenter by now.
my sig's at the bottom of the page.
If you actually read the TRO, you'll see that the plaintiff just wants the addresses for a limited time (ie, until he is done transitioning to the new IPs). And we aren't talking about a small chunk of addresses either, the plaintiff is a web-hosting company with around 400,000 IPs to transition.
The short version is that according to the plaintiff, the defendant got greedy, which prompted the plaintiff to attempt to take his business elsewhere. Again according to the plaintiff, the defendant made threats to hinder the transfer, which prompted this suit.
Not quite a cut-and-dried example of judicial idiocy.
"From my cold, dead hands you damn, dirty apes!" - CH