Apr 25, 2023

More Reasons to Protect Your Pre-ARIN Legacy IP Addresses with a Legacy Registration Services Agreement

“Legacy” IP addresses—those that were assigned before the American Registry for Internet Numbers (ARIN) existed—are at risk of being hijacked and misused because they lack Resource Public Key Infrastructure - Route Origin Authorizations (RPKI-ROA). This is a particular problem in the research and education community because many institutions currently holding legacy allocations have been reluctant to sign Legacy Registration Services Agreements (LRSA) with ARIN.

If CENIC Associates want to protect their IP addresses with RPKI-ROAs, these IP addresses must be covered by an LRSA with ARIN. If not covered by such an agreement, these legacy IP addresses remain at risk.

Earlier in 2023, Internet2 held office hours sessions at which questions concerning these issues were addressed. More information, including a recording of one of the webinars, can be found at the Internet2 website.

Act During 2023 to Lock In Major Fee Discounts

To encourage the registration of legacy IP addresses, ARIN has been offering substantial discounts—via a fee schedule cap—for legacy addresses brought under an agreement, but these discounts will not apply to LRSAs signed after December 2023. Beginning in 2024, legacy resources brought under an LRSA will be subject to the same annual fees as non-legacy resources.

The difference in fees is substantial. For example, the annual fee for an aggregate allocation size of /16 that is covered by an LRSA is currently $175, with increases capped at $25 annually. For new LRSAs signed in 2024, the same aggregate allocation size will be subject to an annual fee of at least $4,000.

Covering your legacy addresses before the end of 2023 locks in the discounted rate. Internet2 and ARIN estimate that CENIC associates would avoid ARIN fees of at least $340,000 annually by bringing their resources under an LRSA by the end of 2023. Nationwide, Internet2 community members would save over $2.1 million annually.

Modified Property Rights Language in the Latest RSA/LRSA

ARIN’s latest version of the RSA/LRSA, published in September 2022, updated a key provision that may have been a sticking point for some CENIC Associates. Section 7 of the agreement (previously entitled “No Property Rights”) no longer includes significant representations about property rights. The section in its entirety now reads as follows:

7. ACKNOWLEDGED RIGHTS TO INCLUDED NUMBER RESOURCES

Holder acknowledges and agrees that Holder acquires express contractual rights to the Included Number Resources by virtue of this Agreement.

Though CENIC cannot provide legal advice, we believe that this version of the RSA/LRSA is more favorable to associates who may have had concerns about waiving property rights.

Where You Can Learn More

There are only eight short months until the legacy fee cap expires. Now is the time to sign an LRSA and avoid the risk of spending far more money to ensure that your institution is protected by important routing security measures, including RPKI and authenticated IRR.

Additional resources include:

• Internet2 blog post discussing RPKI and ARIN fees (Apr 4, 2023)

• ARIN announcement about end of legacy fee cap (Mar 15, 2023)

• ARIN announcement about new version of RSA (Sep 12, 2022)

• ARIN RSA FAQs

• ARIN LRSA guide

• ARIN services available to legacy resource holders without an LRSA

Related blog posts

CENIC AIR and Your Campus: From Concept to Connection

Learn more about how to get started thinking about how your campus can connect to and use the CENIC AI Resource.

CENIC Network Automation Update: New Network-Source-of-Truth Tool Implemented

CENIC has evaluated and worked with various DCIM platforms to meet this need and concluded that NetBox was the best fit for its environment as its Network Source of Truth.