[DBWG] All AFRINIC-administered IP space

[Ronald F. Guilmette]

In message <E3A96242-66F7-48F2-B7F2-352E5C3BB6A9 at controlfreak.co.za>, 
"Nishal Goburdhan" <nishal at controlfreak.co.za> wrote:


>the afrinic team has *no* way of creating a verifiable index of what is 

>correct;


I'm not sure, but I think we are not disagreeing with one another.

AFRINIC and the other RIRs all create so-called "stats" files on a daily
basis.  I have the URLs for all five and will post them here if anyone
wants them.

Those five RIR "stats" files, taken together, and with a small bit of 
software munging applied, may be used to deduce which specific parts
of the IPv4 and IPv6 address spaces are actually assigned to resource
members on a daily basis, and conversely, they can also be used to
rather easily deduce which parts of the IPv4 and IPv6 address spaces
are *not* assigned to *any* resource member (from any region) on any
given day.

Quite obviously, a route object which refers to bogon IPv4 or IPv6 address
space is *not* "correct".

Are we in agreement on this much?  I do hope so.


>they also 

>have no way of knowing what is intended to be correct (ie. what the 

>member is planning for tomorrow/next week/month/..)


I am not persuaded that this point is relevant to the discussion at hand.

Are some members clairvoiant?  Can they magically predict which specific
IP address blocks some RIR will assign to them NEXT MONTH?


>"all space should be in the afrinic IRR"

>because if anyone is thinking that, then you're just plain wrong.


I don't think that anyone ever made that claim.

The only claim that *I* have made is that *no* IRR, whether it is being
run by one of the RIRs, or by some third-party (as in the case of the
RADB data base) should be publishing route objects that refer to unassigned
"bogon" IP address space, or to unassigned "bogon" AS numbers.

My hope is that this assertion will not be at all controversial.


>the afrinic team can request that eg. the RADB remove entries for bogon 

>space  (ie. unallocated space) that is tied to afrinic's

>IANA-allocated space.  that's easy to justify;


We agree.


>the space hasn't

>been allocated.  period.  but once space is allocated, the afrinic team 

>can *not* with any degree of certainty, predict what the origin-as is, 

>or will that will be in the future.  and i don't want them to try!


Once again, I think that we are actually in violent agreement.

But you have gone off on a tangent that I don't see as being relevant to
the notion/proposal/idea of getting rid of the (RADB) "bogon routes".

Nobody has suggested dictating to -anybody-, either in the AFRINIC region
or elsewhere what AS numbers they can use or may use or must use in order
to route the IP space that has been legitimately and provably -assigned- to
them by some RIR.  We are not even disussing that.  Rather, we have -only-
been talking about what I am calling "bogon route objects".

I don't believe there is any justification for any of those to exist
anywhere or in any IRR.  (And I guess that hostmaster(at)afrinic.net
agress with me, at least a little, on this point, since they promptly
deleted the few that I informed them about and that were formerly present
within the AFRINIC IRR.)


>*my* interest - and, the way that i read the OP's request was a 

>simple:  "please publish the authoritative set of all your address 

>space."


Well, that was sort of a different thread, or anyway, it was an entirely
separate and only marginally related proposal.  That request was *not*
directly related to the notion of having AFRINIC help to chase the
bogons out of RADB.  And anyway, I ended up being able to compute the
set of all AFRINIC-administered IPv4 CIDRs on my own, and I shared that
with everyone:

    https://pastebin.com/raw/xJARMhT7

(I suppose that if there is interest and/or demand, I could share the shell
scripts and Perl scrpits that I used to deduce that list, but it is
actually not hard to do, once you know where to get the raw data and how
to tweek it in order to get only just what you want out of it.)

Based on the fact that I am now able to rather effortlessly compute, on
a daily basis if need be, the set of all IPv4 CIDRs that are administered
by AFRINIC, I would hereby like to WITHDRAW my request to AFRINIC staff
that they provide this information, either as a "one off" on on a continuing
basis.  They probably have better things to do, and they are already
maintaining their daily "stats" file, which is enough to derive the full
set of AFRINIC-administered IPv4 CIDRs on any given day, via automated /
programatic means.


>but i don't see a call to have afrinic act as the police for the RADB. 

>that's both outside the mandate of *this* working group, and, 

>frankly, an investment of afrinic's time that doesn't offer a high 

>ROI.


Well, you know, everything is relative.  One man's do-or-die project is
another man's complete waste of time & energy.

My argument in favor of just asking AFRINIC staff to help get *AFRINIC*
bogon route objects, specifically, chased out of the RADB data base is
that this would be, in effect, a service to both current and -future-
recipients of IP space allocations from AFRINIC's free pool if they did
this.

Here is my reasoning behind that statement...

Current registrants of AFRINIC-administered IP blocks are paying their
fair share, and paying their annual dues and fees in order to keep the
whole system running.  Is it fair to them then that some parties are
being allowed to come along, via this sneaky "back door" that is being
provided by RADB, and pay *nothing* to AFRINIC even as they squat on
unassigned AFRINIC-administered IP space?  Is it fair to the current
dues-paying registrants of legitimately assigned AFRINIC-administered
IP space that some other companies that just don't want to play by the
rules should be able to go to RADB and pay *them* $595 USD per year so
that they can then route all of the unassigned AFRINIC-administered IP
space they want while never having to pay AFRINIC a single penny?

This is obviously wildly unfair to all of those companies that play by
the rules and that pay AFRINIC fees, years after year, to keep AFRINIC
alive.

I already gave one example of exactly such a situation, where some rogue
company is evading the normal AFRINIC allocation process and is instead
paying AFRINIC -zero- dollars per year, even as they are using RADB to
"validate" their illigitimate squatting on unassigned IP space.  Here
is a different and even more egregious example:

    https://bgp.he.net/AS30982#_prefixes

Above and beyond the obvious unfairness of situations like this to the
legtimate dues-paying members of AFRINIC, please keep in mind also that
these interlopers who are squatting on unassigned AFRINIC-administered
IP space are paying $595 USD annually to Merit, Inc.... an ostensibly
"non-profit" U.S. company... so not a single penny of that money goes
to anyone or anything in the AFRINIC region. Worse yet, it probably
only costs Merit, Inc. at most, say, $2 / year to add and maintain
these few additional route objects in their pre-existing data base,
leaving Merit, Inc. to reap perhaps as much as $593 USD per year in
pure profit for doing next to nothing.

So, those are my arguments about how this RADB-facilitated squatting is
bad for -current- AFRINIC resource holders.

Now please consider also the situation for -future- registrants of newly
assigned AFRINIC-administered IP space and/or AS numbers.

Some of that IP space and/or some of thoese AS numbers *are* provably
already going to be squatted on by illicit interlopers.  And not just
any interlopers, but ones that have the apparent public blessing of RADB
for what they are doing.  So in the future, some people and companies who
receive new number resource allocations from AFRINIC will, as their 
first order of business, be obliged to chase out the squatters before
they can even begin to enjoy their fresh new AFRINIC number resource
allocations.  Is that fair to them?

This kind of thing is not entirely unprecedented.  In the current private
IP market, buyers must be wary of buying IP space that may already be
"impared" in the sense of it already having been placed on various anti-
spam blacklists.  Obviously an un-cautious buyer in the private IP space
market can get screwed by unscuplous sellers who don't mention the known
or easily deternmined imparments relating to the property they are
selling.  So the onus is largely or entirely on the buyer to check for
any such possible imparments before making any purchase.

How is this different from AFRINIC awarding some IP block out of its
free pool to some unsuspecting new resource member, even though it can
easily be determined that the block in question is not only currently
being squatted on by some interloper, but also that RADB is effectively
and publicly *endorsing* that very same squatting?

If you are selling a car, don't you wash the windows first?  If you are
selling a house, then don't you have a legal ethical, and moral obligation
to inform prospective buyers if there is some known or easily determined
"imparment" of the property you are selling?  Is it right and ethical to
sell a house to an unsuspecting buyer in the daytime if you know or could
easily find out that squatters are returning to illicitly sleep in the
house every night?  Would doing that, as a seller, be at least "crooked"
and perhaps even criminal?

History and global capitalism have spoken.  IP address block are "property"
and can be exchanged for dollars, schekels, drachmas, rubles, or yuan.
Like it or not, this *is* reality, even though RIRs continue to try their
best to deny it.

AFRINIC holds a certain amount of this property, at present, as its free
pool.

My assertion is a simple and straightforward one:  AFRINIC should take some
responsibility for maintaining the quality of the IP addresses in its free
pool, just as any homeowner would clean his rain gutters on his house from
time to time, and just as that same homeowner would expend at least some
effort to chase off random squatters, even if he himself were not living
in the house at the time.

This isn't "policing".  This is merely taking proper care of one's own
property.

If there are squatters, then in legal parlance the property can be said
to be "impared".  It would not take much effort for AFRINIC to keep its
free pool free of imparments, and I would argue that it is an ethical
and moral obligation for it to do so, and perhaps even a legal one too.
(I can imagine it now... Someday we may all wake up and find out that
some newly minted resource member is now suing AFRINIC, claiming that
AFRINIC behaved improperly because "You never told me that these IP
blocks you gave me had squatters already in them!!!")


Regards,
rfg