Assignments, Allocations and Temporary Transfers

by Leo Vegoda

The regulations and processes involved in the use and control of IPv4 addresses is a layered system. This is the case because the internet is comprised of cooperating but autonomous interconnected networks. The collaborative nature of the system requires some governance by those managing it. But rules vary among the Regional Internet Registries (RIRs) that run the system.

Terminology

The RIRs have developed terms of art that give additional meaning to commonly used words.

Assignment

An assignment (or reassignment) is a level of use and control where a block of IP addresses is associated with an end user. That user is not an intermediate network – such as an internet service provider (ISP) – that provides services to someone else. Generally speaking, assignments do not involve ownership. (Note that ownership and possession combine to make for slippery concepts when it comes to IP addresses, anyway.)

An assignment may go to an individual or an organization. There’s no minimum or maximum size. But assignments are likely to be smaller rather than larger. This is the case because an assignment does not include the level of control ownership provides. So, organizations needing many addresses, often as crucial parts of their enterprise, want the added control of owning the addresses they use.

Assignments of single IP addresses are generally not registered with an RIR. ARIN and RIPE NCC only require /29 and larger blocks (8 or more addresses) to be registered with them. One could register a single address but there would be little benefit to doing so.

Allocation

Assignments are the final distribution layer of addresses. They go to the end user. Allocations make up the layer (or layers) of address blocks from which assignments come. There can be multiple service provider allocation layers. An example of a typical set of allocation layers is below:

Note that the “Subscriber” here might be a single IP address from the ISP allocation. That single address does not have to be registered with the appropriate RIR.

Ownership

The question of ownership of IPv4 addresses is thoroughly explored in our blog, “Are IP Addresses Property?” While the route to a policy makes interesting reading there, it’s primarily important to know the registration an IP address is unique, worldwide. Registration maintains uniqueness in the sense that it makes clear who is the authorized controller of an IP address. Registration includes the ability to transfer IP address use to someone else, subject to the policy of the registries, in return for payment. Thus, “ownership” is of the registration, not the address itself.

Allocation, Assignment, and Temporary Transfers

Leasing (or renting) is a common way to have exclusive use temporarily. This form of control includes many levels of authority and permissions. It’s flexible in timeframe and cost and does not convey ownership. Leased addresses can be registered as an assignment, allocation, or sub-allocation. In the RIPE NCC’s systems, they can be registered as a temporary transfer. Each of these methods of arranging temporary use includes different extents to which responsibility can be delegated to the lessee.

Also critical is the broad intended use of addresses by a lessee. Many schools, companies, and other organizations run their own networks. They are the end users of addresses. They do not reassign IPs to other organizations but instead use them to run the enterprise’s own network. Other organizations’ business is to provide network access or other services to end users. ISPs and telecoms delivering internet access are not the end users of the addresses they manage and – generally – own.

Assignments and Reassignments

A lessee that wants to use the addresses for their own network will need an assignment, known as a reassignment in ARIN’s documentation. As an end user the lessee won’t be able to manage registry information themselves, so the address space owner must create the assignment, reverse DNS delegation, and a routing registry entry and RPKI ROA if the lessee will manage its own internet connectivity.

Such a lessee may want to be the first point of contact for abuse reports. But the owner of the IP addresses should also list themselves as an abuse contact for the addresses. It is important for an owner who is leasing IP addresses out to know how many abuse reports the lessee is generating and how quickly and effectively they deal with them.

The owner of the IP addresses may terminate the agreement and remove the assignment if the lessee fails in their responsibilities in some way. This can be done very quickly and easily with an assignment or reassignment.

Allocations, Reallocations, and Sub-Allocations

A lessee who is not an end user but assigns user to subscribers needs an allocation. This is called a reallocation in ARIN’s terminology and can be called a sub-allocation in RIPE’s.

An allocation will normally have assignments below it. This further removes the owner from control of their IP assets . So, it is important for the owner of the addresses to agree to registration requirements with the lessee so that their use and the assignment of use to subscribers is well-understood. Poor management of the allocation (and/or its further assignment) can result in the address space gaining a poor reputation. That could put it out of use for some time while the owner cleans it up.

So, agreements should require that assignments are registered when they are made and deleted when their service ends.

Allocation Set-Up

Rules vary regarding who controls what at an RIR. In all cases, the set-up creates the reverse DNS delegation, routing registry, and RPKI entries for the lessee. In some cases, control to do these things can be delegated to the lessee. For instance, the RIPE NCC’s mnt-lower attribute allows control over the creation and management of assignments and routing registry entries. Sometimes, it can be used to delegate control of the creation of domain objects for reverse DNS. This depends on the size of the allocation. Reverse delegation for allocations smaller than a /16 (65,536 IPv4 addresses) will need to be managed by the IP address owner.

Because the lessee is managing the distribution of addresses to their own subscribers, they are normally held to a higher standard than an end-user customer with an assignment.

These leasing agreements often require specific performance related to abuse reports. This includes a working contact address for abuse reports to go to and some performance metrics for acknowledging, investigating, and resolving abuse reports. One way to make this easier is to require use of a third-party specialist abuse desk service. The advantage of the third-party service is access to reliable reporting. Another option is to require the lessee to include the lessor’s abuse contact address in addition to their own.

The RIPE Database supports a sub-allocation status, which gives the same functionality as an allocation. But sub-allocations must be smaller than the allocation they come from. So, if a lessee needs a block the same as the lessor has available, the lease cannot be registered as a sub-allocation.

If the organization leasing the addresses breaks their agreement, a lessor can remove registry records quickly, disabling the addresses. The RIPE Database has a Force Delete function. ARIN lets you manage these things with an API and through its ARIN Online portal. LACNIC also offers both an API and a web portal called MiLACNIC.

RIPE NCC Temporary Transfers

RIPE policy has specific support for temporary transfers. The RIPE NCC has implemented this with a service that allows an allocation to be transferred for a fixed time from one member to another. The recipient of the transfer gains full control of the allocation.

The RIPE NCC publishes a sample transfer agreement. While the RIPE NCC will revoke a temporary transfer for a breach of law, it won’t revoke a temporary transfer for a breach of the agreement, like non-payment or an abuse problem.

The RIPE NCC’s temporary transfers implementation has a maximum term of one year. This creates some ‘start stop’ for longer term leases. One consequence of this is that RPKI breaks at the end of the term. This is an issue as about a third of temporary transfers run for two years or more.

The RIPE NCC has not allowed indefinitely extendable temporary transfers because of risks like sanctions and court orders. The relatively high number of multi-year transfers suggests that many organizations find these leases work well. But IP address owners bear risks, too. These include the potential loss of their IP addresses for the remainder of the term if the lessee breaks the agreement in some way.

Contact Us

Blog Directory

A listing of thoughts and reflections on the IPv4 industry and marketplace.

News & Insights

Reports, announcements and industry news.

Checklists

Buyer Checklist

A step-by-step guide to our marketplace and transferring addresses.

Seller Checklist

A straightforward guide to the procedure.