How to Enable ARIN’s Registry Services to Secure Legacy IP Resources

By Steven Wallace, Internet2 Security Architect

Estimated reading time: 2 minutes

Many Internet2 community organizations have IP networks that were allocated before ARIN, or the American Registry for Internet Numbers, was formed. These networks are known as “legacy resources.”

While ARIN has never required holders of legacy resources to bring them under the terms of an ARIN registration services agreement (RSA), ARIN does require an RSA to use its routing security services. In other words, to use ARIN’s reverse DNSSEC, RPKI ROAs, and authenticated IRR, an IP network must be covered by an RSA.

To ease the process of allowing legacy resource holders to better secure their routing through the use of ARIN’s services – without requiring a new agreement – ARIN now permits an organization to modify its existing RSA with an addendum to cover its legacy resources. Any organization with an existing ARIN RSA for non-legacy resources (e.g., IPv6 networks, autonomous system numbers, newer IPv4 networks) may take advantage of this new option.

Determine if Your IP Resources are Eligible

To check if your organization has legacy resources that qualify for this approach, you can view the route reports Internet2 generates for the community. IP networks that are eligible to move to an existing RSA will show the word “Eligible” in column Y of the report.

Submit a Request 

If you have an IP network that is eligible and wish to pursue having it covered by an ARIN agreement, you can initiate a request via ARIN’s portal:

If you have questions about this process or the route reports generated by Internet2, contact me at manrs@internet2.edu.