Policy Proposal 2007-14: Resource Review Process [Archived]

OUT OF DATE?

Here in the Vault, information is published in its final form and then not changed or updated. As a result, some content, specifically links to other pages and other references, may be out-of-date or no longer available.

Status: Adopted - NRPM Section 12

Tracking Information

Discussion Tracking

Mailing List:

Formal introduction on PPML on 24 July 2007

Staff assessment - 14 October 2007
Revised staff assessment - 17 October 2007
AC to revise with author - 23 October 2007
Revised - 21 February 2008
Staff Assessment - 21 March 2008
Revised - 24 March 2008
To be revised - 14 April 2008
Discussed at ARIN Caribbean Sector Meeting - 2 June 2008
Revised - 14 August 2008
Revised - 6 October 2008
Staff Assessment - 8 October 2008
Revised - 10 October 2008
Revised - 14 October 2008
To be revised - 22 October 2008
Revised/Extended Last Call - 25 November 2008 thru 14 January 2009
Transitioned to new PDP - 7 Janaury 2009
AC recommended Board adopt - 28 January 2009 Public Policy Mailing List

ARIN Public Policy Meeting:

ARIN XX
ARIN XXI
 Kingston, Jamaica
Nassau, Bahamas
ARIN XXII

ARIN Advisory Council:

AC Shepherds:
Robert Seastrom and Leo Bicknell

19 July 2007
23 August 2007
20 September 2007
18 October 2007
15 November 2007
20 December 2007
17 January 2008
21 February 2008
20 March 2008
9 April 2008
15 May 2008
19 June 2008
17 July 2008
21 August 2008
18 September 2008
17 October 2008
20 November 2008
18 December 2008
24 January 2009

24 January 2009

19 February 2009

ARIN Board of Trustees:

6 February 2009

Revisions:

Previous versions

Implementation:

1 April 2009

Draft Policy 2007-14
Resource Review Process

Author: Owen DeLong, Stephen Sprunk

Proposal Version: 3.3A

Date: 17 October 2008

Proposal type: modify

Policy term: permanent

Policy statement:

Add the following to the NRPM:

Resource Review

  1. ARIN may review the current usage of any resources maintained in the ARIN database. The organization shall cooperate with any request from ARIN for reasonable related documentation.

  2. ARIN may conduct such reviews:

a. when any new resource is requested,
b. whenever ARIN has reason to believe that the resources were originally obtained fraudulently or in contravention of existing policy, or
c. at any other time without having to establish cause unless a full review has been completed in the preceding 24 months.

  1. At the conclusion of a review in which ARIN has solicited information from the resource holder, ARIN shall communicate to the resource holder that the review has been concluded and what, if any, further actions are required.

  2. Organizations found by ARIN to be materially out of compliance with current ARIN policy shall be requested or required to return resources as needed to bring them into (or reasonably close to) compliance.

a. The degree to which an organization may remain out of compliance shall be based on the reasonable judgment of the ARIN staff and shall balance all facts known, including the organization’s utilization rate, available address pool, and other factors as appropriate so as to avoid forcing returns which will result in near-term additional requests or unnecessary route de-aggregation.
b. To the extent possible, entire blocks should be returned. Partial address blocks shall be returned in such a way that the portion retained will comprise a single aggregate block.

  1. If the organization does not voluntarily return resources as requested, ARIN may revoke any resources issued by ARIN as required to bring the organization into overall compliance. ARIN shall follow the same guidelines for revocation that are required for voluntary return in the previous paragraph.

  2. Except in cases of fraud, or violations of policy, an organization shall be given a minimum of six months to effect a return. ARIN shall negotiate a longer term with the organization if ARIN believes the organization is working in good faith to substantially restore compliance and has a valid need for additional time to renumber out of the affected blocks.

  3. In case of a return under sections 4-6, ARIN shall continue to provide services for the resource(s) while their return or revocation is pending, except any maintenance fees assessed during that period shall be calculated as if the return or revocation was complete.

  4. This policy does not create any additional authority for ARIN to revoke legacy address space. However, the utilization of legacy resources shall be considered during a review to assess overall compliance.

  5. In considering compliance with policies which allow a timeframe (such as a requirement to assign some number of prefixes within 5 years), failure to comply cannot be measured until after the timeframe specified in the applicable policy has elapsed. Blocks subject to such a policy shall be assumed in compliance with that policy until such time as the specified time since issuance has elapsed.

Delete NRPM sections 4.1.2, 4.1.3, 4.1.4
Remove the sentence “In extreme cases, existing allocations may be affected.” from NRPM section 4.2.3.1.

Rationale:

Under current policy and existing RSAs, ARIN has an unlimited authority to audit or review a resource holder’s utilization for compliance at any time and no requirement to communicate the results of any such review to the resource holder.

This policy attempts to balance the needs of the community and the potential for abuse of process by ARIN in a way that better clarifies the purpose, scope, and capabilities of ARIN and codifies some appropriate protections for resource holders while still preserving the ability for ARIN to address cases of fraud and abuse on an expedited basis.

The intended nature of the review is to be no more invasive than what usually happens when an organization applies for additional resources. Additionally, paragraph 2c prevents ARIN from doing excessive without-cause reviews.

The authors believe that this update addresses the majority of the feedback received from the community to date and addresses most of the concerns expressed.

This version incorporates the following changes vs. what was
published in the ARIN XXII meeting discussion guide:

H 1. Proposal Version 3.0 updated to 3.3A
H 2. Date 14 August updated to 25 November 2008
P 3. Paragraph 1 – covered by an ARIN RSA updated to maintained in the ARIN database
L 4. Paragraph 1b – fraudulently updated to fraudulently or in contravention of existing policy
P 5. Paragraph 1c – unless a prior review updated to unless a full review
LS 6. Paragraph 3 Generic updated to Specific statement about staff communication requirements.
L 7. Paragraph 4 substantially out of compliance updated to materially out of compliance
L 8. Paragraph 4a extent to which updated to degree to which
L 9. Paragraph 6 intentional violations updated to violations of policy
L 10. Paragraph 7 Rephrased to convey intent in manner acceptable to legal
(primarily made specific as to return clauses applicable)

L 11. Paragraph 8 Rephrased for compliance with legal.
H 12 Paragraph 9 Comma (,) added after first phrase.

Changes tagged with an H are simple housekeeping.
Changes tagged with a P are the result of public comments.
Changes tagged with an L are made at the request of ARIN Legal Counsel.
Changes tagged with an S are made at the request of ARIN Staff.

The version in the meeting discussion guide was Version 3.0 from
August 14, 2008 and was archived on October 6, 2008.

There were several interim versions on PPML and in the policy
archive. They were not discussed at the meeting, although all
of the changes in them were discussed during ARIN XXII.

OUT OF DATE?

Here in the Vault, information is published in its final form and then not changed or updated. As a result, some content, specifically links to other pages and other references, may be out-of-date or no longer available.