How to Enable ARIN’s Registry Services to Secure Legacy IP Resources

Subscribe for more like this



By Steven Wallace, Internet2 Security Architect

Estimated reading time: 2 minutes

Many Internet2 community organizations have IP networks that were allocated before ARIN, or the American Registry for Internet Numbers, was formed. These networks are known as “legacy resources.”

While ARIN has never required holders of legacy resources to bring them under the terms of an ARIN registration services agreement (RSA), ARIN does require an RSA to use its routing security services. In other words, to use ARIN’s reverse DNSSEC, RPKI ROAs, and authenticated IRR, an IP network must be covered by an RSA.

To ease the process of allowing legacy resource holders to better secure their routing through the use of ARIN’s services – without requiring a new agreement – ARIN now permits an organization to modify its existing RSA with an addendum to cover its legacy resources. Any organization with an existing ARIN RSA for non-legacy resources (e.g., IPv6 networks, autonomous system numbers, newer IPv4 networks) may take advantage of this new option.

Determine if Your IP Resources are Eligible

To check if your organization has legacy resources that qualify for this approach, you can view the route reports Internet2 generates for the community. IP networks that are eligible to move to an existing RSA will show the word “Eligible” in column Y of the report.

Submit a Request 

If you have an IP network that is eligible and wish to pursue having it covered by an ARIN agreement, you can initiate a request via ARIN’s portal:

  1. Log in to arin.net

  2. Select Dashboard on the dropdown menu located under your name

  3. Under Accounting Manager, select Ask ARIN

  4. In the Topic: field, select Legacy Resources

  5. In the Subject: field, enter “seeking to move legacy networks to existing RSA with addendum”

  6. In the Question: field, list the IP network(s) you wish to move to an existing RSA

If you have questions about this process or the route reports generated by Internet2, contact me at manrs@internet2.edu.