Search RPD Archives
Limit search to: Subject & Body Subject Author
Sort by:

[AfriNIC-rpd] Proposal: Out of region sales of IPv4 space

Owen DeLong owen at
Mon Feb 14 02:02:24 UTC 2011

On Feb 13, 2011, at 7:16 AM, Andrew Alston wrote:

> Hi Walu,
> I have just submitted a revised policy to the policy-submission address and as soon as I have a proper policy number, it will be posted here.
> But let me attempt to explain the spirit of the policy. 
> You are right in some sense that I implied we have no other choice, and at this point, I honestly do believe that to be the case, and I’ll attempt a further explanation of why in a second.  As to fixing it, there is a fix in the works, however, the email that I will send to the list following this one will appeal to our community to reject that so called fix in its current form because its far more dangerous and creates far more problems than it would ever solve (keep an eye out for my emails to follow on the currently proposed RPKI stuff)
> Now, to get back to what I said in the original proposal, lets analyze this for a second:
> A.) We know that we are going to have space available for allocation long after the rest of the world runs out (with the exception perhaps of the LACNIC region), and a fair amount of space at that
> B.) When the other RIR’s run out of space, people are going to have no alternative but to either look at IPv6 or make grabs at other available IPv4 space (and I suspect in some cases grabs at “not so available IPv4 space”)
> C.) In the case of the former mentioned in point (B), we will start seeing services available ONLY on IPv6, and as a result, the value of IPv4 addresses will start decreasing, they will have less and less reach on the global internet.
> D.) In the case of the latter, the more you have available that isn’t being used, the higher the chance that it gets hijacked/taken/whatever.
> Now, we have a policy currently ratified (the soft landing policy), which says that IP address space assigned under that policy must be announced 90% in the african region or the space gets revoked, so lets hold up for a second and analyze what this means.
> A.) For a policy to have any substance beyond a statement of intent requires that the policy can be enforced.  Enforcement of the 90/10 rule is, in my opinion, nigh impossible for the following reasons
> A.1.) How do you determine the geographic location of an announcement?  Judging by latency, reverse dns entries on routers, traceroutes etc, are all non-starters (You cannot use any of the above for definitive geographic location)

Among other things, much space is advertised at exchange points. If the exchange points with the shortest
AS-Paths are not in region, then, likely the space is being used out of region.

> A.2.) How do you define what is “used” on the african continent.  What is stopping someone taking a 56k line to europe, doing his network statements in africa (at this point the space is announced from within the region), doing some next-hop rewrites in europe, and now using his space as he wants in the european region as he wants?

The next-hop rewrites in Europe would constitute using the space outside the region contrary to the policy.

> A.3.) Does AfriNIC have the resources, time, people, money etc for policy enforcement?

Active enforcement? Probably not. The ability to help the party that receives the space from AfriNIC after it has been
hijacked by someone else in getting those announcements turned of by service providers so that the announcements
from the compliant resource holder can be heard? Probably.

This, of course, depends on the ideas that the hijackers will be smaller, less reputable firms (I think they will) and
not major US ISPs (I doubt they would engage in hijacking of AfriNIC resources. The PR potential is just far
too negative).

> A.4.) If the policy is not adhered to,  and the space is withdrawn, is that withdrawl of space from a large entity really doable?  With the current state of IRR and the fact that routing registry entries can be inserted in a number of recognized databases by virtually anyone, this could result in long and protracted battles, and at best, you might end up with a partial return of the space if the person allocated the space decides to dig their heels in.  Space that has been “hijacked” in this manner could not be reliably allocated to anyone else with them being guaranteed full reachability when they use it.  
It won't be large entities that refuse to comply with policy for the most part, IMHO. Large entities have too much
to lose on the PR front by looking like they are attempting to support their business by stealing from developing

Space allocated today without hijacks comes with no guarantee of any reachability, so, I don't see how your
last sentence matters at all.

> B.) The question needs to be asked, by the time the soft landing policy kicks in (when we are down to a single /8), will the rest of the world still be completely dual-stacked, or will we have started to see a lot of IPv6 only addresses appearing.  If the latter is the case, the space is now getting worth less and less, and in effect, we have held onto space that could have been used faster and to the benefit of the african community through the proposal as outlined, rather than letting it lie there unused until there was little point to it any more.
Ideally, this will be the case. However, due to the uncertainty of the situation, I would hate to see the space
squandered for a very small short-term gain and subsequently become otherwise important within the
region, yet unavailable.

> C.) IANA is already working on policies to allow for inter-RIR IP space transfer, how long before the rest of the world starts demanding AfriNIC return its resources because we’re not using them fast enough, and once again, the resources are gone from africa without ANY benefit to the african community?
This is not completely correct. Members of the ASO AC are moving a global policy proposal through the PDP
in each region to see if they can create a global inter-RIR transfer policy. (Actually, I forget whether it is
global or globally coordinated).

> D.) Considering the points in (A), how will AfriNIC verify that a company requesting IP space and membership in AfriNIC is nothing more than a shell company created in Africa PURELY for the purposes of taking IP Space outta the continent? How is AfriNIC going to verify that the company is actually doing legitimate business on the African continent enough to justify that space and using it here?  And how do we plan to deal with large African companies that have huge international holdings out of the region?  Deny the AFRICAN company space because the other RIR’s have run out of space, and force the AFRICAN company to stop global expansion because we don’t want our IP space used off continent?  Doesn’t that rather fly in the face of the ideal of benefiting the African community?
There are a number of possible ways. I trust that the AfriNIC staff can do so with a reasonably good
degree of success.

> Yes, its nice to be idealistic and say we can fix the problems and keep the resources, but reality says, even if there are fixes for these problems, they are not fixes that can be implemented in time to stop the grabbing of IP resources.  Further more, the question needs to be asked, do we really want to be creating the illusion that IPv4 can last for so many more years on the African continent when the reality is, the value of IPv4 space is directly proportional to how much of the rest of the world is reachable using that space.  As the rest of the world runs out, we need to realize that we need to move on, stop looking for ways to drag out the inevitable and call a spade a spade, IPv4 is at its end of life.  As such, to avoid the psychological illusion that we have loads of it that will last for years, lets reduce that, spread it out with the foreign entities and at the same time benefit as the African community from doing so.  
You appear to live in a different reality than I do.

I do not believe that current policy creates any such illusion. I believe current policy provides that if addresses
are needed within the region for any of a multitude of reasons, they will remain available within the region.

I think that the vast majority of international content will remain dual stacked. I think that what will be IPv6 only
initially in the other regions will be residential end-users. Since you mostly can't directly reach a residential
end-user in a meaningful way today, I don't see this as a major impediment.

Keep in mind that I am one of the biggest cheerleaders for IPv6 rollout and yet I am still suggestion that
the AfriNIC community approach disposing of their IPv4 resources with caution.

> A resource that will never get used is worthless, a resource that will inevitably get stolen if you don’t find a way to regulate that is better off distributed for some gain before that happens.
We're not sure we won't get carjacked, so, let's sell our car to the first person that offers us $100?

Not my idea of prudence.

> I would LOVE to hear the counter arguments that give solid answers as to how the problem can be addressed to avoid the situation I describe above, but as of yet, and after speaking to many people, I have yet to hear anything that shows a solution.  So, let us profit from what we have, and use the money generated to promote something that has some longevity, rather than ending up with nothing.
See above.


> Just my thoughts
> Andrew
> On 2011/02/13 3:59 PM, "Walubengo J" <jwalu at> wrote:
>> McTim,
>> 1st, this being a "policy" platform, i would appreciate less abreviations and more straight english. SL, AFAIK, etc can only serve to increase confusion ;-).
>> 2ndly, I do appreciate the bit about "out of africa" operators needing abit of afrinic resources - for interconnection purposes. Might that be your second point?
>> what i dont understand is the insinuation that Afrinic should accept a policy proposal on the simple reason that they have NO choice...I would rather we address such a weakness rather than accept policies to re-inforce the same.
>> walu.
>> nb: am not saying am against the proposed proposa. that would be premature since I still dont understand the spirit behind the summary statement in the proposed policy.
>> --- On Sat, 2/12/11, McTim <dogwallah at> wrote:
>>> From: McTim <dogwallah at>
>>> Subject: Re: [AfriNIC-rpd] Proposal: Out of region sales of IPv4 space
>>> To: "Walubengo J" <jwalu at>
>>> Cc: rpd at, "Graham Beneke" <graham at>
>>> Date: Saturday, February 12, 2011, 2:48 PM
>>> On Sat, Feb 12, 2011 at 1:47 PM, Walubengo J <jwalu at </mc/compose?to=jwalu at> > wrote:
>>>> Could someone explain the summary bit that I have highlighted - does it mean the african region has no way of protecting its IP resources? 
>>>> We have the SL policy. AFAIK, no other region has placed such a restriction on its resources.
>>>> Sometimes folk have good reasons to use addresses in Region B and C, even though they were obtained in region A.  If a compnay has a global network for example, is it fair to make them become 5 different LIRs, one in each region?  It also helps in aggregation to have fewer blocks allocated to large networks.
>>>> What drc has pointed out is that it is non-trivial to determine where resources are used.
> _______________________________________________
> rpd mailing list
> rpd at

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the RPD mailing list