Wednesday, 7 December 2011

PI space scam?

I am sure I have raised this before but we have recently had cause to discuss this with RIPE NCC, and their answers are rather telling.

Basically PI space is IP address space (in this case IPv4) which has been assigned by RIPE to end organisations or individuals for their use. It is normally assigned in order to let people multi-home their network, but the rules allow for it to be used in contexts that are not even connected to the Internet as such.

Traditionally this has been assigned to end users without imposing any contract terms on those end users, and understandably, especially with IPv4 running out, RIPE decided that there should be a clear contract in place for the PI assignments - either directly with RIPE or with an LIR that have a contract with RIPE.

So far, so good.

The bit i think that is wrong in my view is that they are trying to retrospectively apply this requirement to existing assignees. This is where you get a bit of a catch 22...

Because there is no existing contract, you have no legal basis to force the existing assignees to do anything (such as enter a new contract). It is because of this lack of control that RIPE want to have contracts in place. But if they had the control needed to force such contracts they would have a contract in place already.

I think that is the problem, and what is rather telling is that in discussions with RIPE NCC regarding one of our customers long established PI assignment, RIPE NCC have not been able to answer simple questions such as "what legal basis is there compelling our customer to enter in to a new contract". They just keep spouting that it is RIPE policy (now). They can't even tell me what RIPE policy "at the time the assignment was made" would allow the new policy to be imposed on existing assignees. They are just waffling and waffling. I half expected them to come up with some clear legal basis, but they have not. If there is one, someone tell me (and tell RIPE NCC as they seem not to know).

So, if there is no legal basis for compelling the end user to sign a new contract, what is there? You are left with the simple fact that RIPE could simply remove the route record from their database. That would mean the assignment could not be used on the Internet. So RIPE can cut off the Internet for this customer.

Sorry, but that sounds like a typical scam or protection racket to me. RIPE provide lots of records which are key to the operation of the Internet and in many cases do not charge for them. They do charge for membership (ISPs typically). Many people and organisations provide key parts of the Internet infrastructure with not contract in place with the people that use those services. It is not like we contract with someone to provide root name servers, for example.

So surely, threatening to delete the route record is much the same as blackmail? After all, the assignment has no expiry date - it is an assignment and has been made - that is now a simple historical fact, and is recorded in the database as a record of fact. Is that not the case?

Maybe that is, in this context, completely legal, and blackmail is indeed the legal basis by which RIPE can force existing assignees to enter a new contract. Though it sounds like entering in to a contract under duress to me (i.e. not enforceable).

From the customers point of view, they dealt with us, and we arranged for them to be assigned PI space, job done, contract with us over, all obligations completed... Then some third party (RIPE NCC) is asking them for ongoing money for something they already own and to enter in to a new contract.

This also raises other interesting issues as to why a Dutch company is controlling a key part of a UK business and can just dictate terms and force them to do things? Scarily, I start to see where the ITU are coming from on this now - and that is a tad worrying.

It does make you wonder how much of the Internet has no clear contractual conditions or enforcement. I mean, what is to stop RIPE saying PI shall be £1M/year suddenly? Or what is to stop Whoever runs the root servers deciding they want contracts with all ISPs and charging lots of money? Can't happen? I would have thought it can't happen until this whole PI charging thing came up, and now I wonder...


  1. I may have misunderstood the intricacies of dynamic routing on the internet, but I was under the impression that (technologically) there was nothing stopping you just announcing whatever prefix you like over BGP, so can RIPE really stop someone from using a prefix? Of course the prefix may be filtered as a bogon, but if it were ever reassigned to someone then the bogon filter would have to be removed again (who's going to want a disputed prefix that someone else is already announcing?) Also, ISTR that Geoff Huston (APNIC) had been suggesting that now is the time to stop filtering bogons anyway since the unassigned space is practically depleted.

  2. Most transit providers filter based on the RIPE routing database records, so in effect they can stop it working, yes.

    But yes, if the customer could get the prefix in BGP still nobody else would want that prefix from RIPE.

  3. I think that this push maybe coming from govt's (esp. the USA) as this allows them to go to one place to "fix" things that they don't like.

    We are seeing an increasing amount of legislation to control what people can do on the internet and usually hidden behind "think of the children / watch out for terrorists" excuses.