[AfriNIC-rpd] Proposal: Out of region sales of IPv4 space

[Carlos Martinez-Cagnazzo]

So, there is an apparent wealth and abundance of IPv4 resources in
AfriNICs service region. Wouldn't be better to use these resources and
deepen the soft landing policies so the whole region has enough time
to transition to IPv6 in the most painless manner possible?

Maybe stricter usage controls, smaller allocation, slow start
mechanisms and the like. I don't know, but I'm sure different ideas
can be proposed. These mechanisms would also serve the purpose of
minimizing the space that can be grabbed via shell companies. In the
end, if you need one shell company per /21 you get (for the sake of an
example), any big ISP from ARIN/RIPE/APNIC regions would need perhaps
~100 shell companies to get a minimally usable amount of space.

If current policies would allow shell companies to get large amounts
of IPv4 space, then this is something that needs to be acted upon. A
shell company can lie to get their first allocation, but from that
point on I don't see how they can justify the need for additional
space without revealing their true nature.

I cannot help but see this proposal as a waste of a gigantic strategic
opportunity.

Finally, I realize I'm an outsider to the region and maybe I don't see
other problems/issues at play. In any case, just take this as a
friend's opinion :-)

warm regards,

Carlos

PS: I'm also rehearsing arguments in case a similar proposal pops up here :-)

On Mon, Feb 14, 2011 at 2:02 AM, Owen DeLong <owen at delong.com> wrote:
>
> On Feb 13, 2011, at 7:16 AM, Andrew Alston wrote:
>
> Hi Walu,
>
> I have just submitted a revised policy to the policy-submission address and
> as soon as I have a proper policy number, it will be posted here.
>
> But let me attempt to explain the spirit of the policy.
>
> You are right in some sense that I implied we have no other choice, and at
> this point, I honestly do believe that to be the case, and I’ll attempt a
> further explanation of why in a second.  As to fixing it, there is a fix in
> the works, however, the email that I will send to the list following this
> one will appeal to our community to reject that so called fix in its current
> form because its far more dangerous and creates far more problems than it
> would ever solve (keep an eye out for my emails to follow on the currently
> proposed RPKI stuff)
>
> Now, to get back to what I said in the original proposal, lets analyze this
> for a second:
>
> A.) We know that we are going to have space available for allocation long
> after the rest of the world runs out (with the exception perhaps of the
> LACNIC region), and a fair amount of space at that
> B.) When the other RIR’s run out of space, people are going to have no
> alternative but to either look at IPv6 or make grabs at other available IPv4
> space (and I suspect in some cases grabs at “not so available IPv4 space”)
> C.) In the case of the former mentioned in point (B), we will start seeing
> services available ONLY on IPv6, and as a result, the value of IPv4
> addresses will start decreasing, they will have less and less reach on the
> global internet.
> D.) In the case of the latter, the more you have available that isn’t being
> used, the higher the chance that it gets hijacked/taken/whatever.
>
> Now, we have a policy currently ratified (the soft landing policy), which
> says that IP address space assigned under that policy must be announced 90%
> in the african region or the space gets revoked, so lets hold up for a
> second and analyze what this means.
>
> A.) For a policy to have any substance beyond a statement of intent requires
> that the policy can be enforced.  Enforcement of the 90/10 rule is, in my
> opinion, nigh impossible for the following reasons
> A.1.) How do you determine the geographic location of an announcement?
>  Judging by latency, reverse dns entries on routers, traceroutes etc, are
> all non-starters (You cannot use any of the above for definitive geographic
> location)
>
> Among other things, much space is advertised at exchange points. If the
> exchange points with the shortest
> AS-Paths are not in region, then, likely the space is being used out of
> region.
>
> A.2.) How do you define what is “used” on the african continent.  What is
> stopping someone taking a 56k line to europe, doing his network statements
> in africa (at this point the space is announced from within the region),
> doing some next-hop rewrites in europe, and now using his space as he wants
> in the european region as he wants?
>
> The next-hop rewrites in Europe would constitute using the space outside the
> region contrary to the policy.
>
> A.3.) Does AfriNIC have the resources, time, people, money etc for policy
> enforcement?
>
> Active enforcement? Probably not. The ability to help the party that
> receives the space from AfriNIC after it has been
> hijacked by someone else in getting those announcements turned of by service
> providers so that the announcements
> from the compliant resource holder can be heard? Probably.
> This, of course, depends on the ideas that the hijackers will be smaller,
> less reputable firms (I think they will) and
> not major US ISPs (I doubt they would engage in hijacking of AfriNIC
> resources. The PR potential is just far
> too negative).
>
> A.4.) If the policy is not adhered to,  and the space is withdrawn, is that
> withdrawl of space from a large entity really doable?  With the current
> state of IRR and the fact that routing registry entries can be inserted in a
> number of recognized databases by virtually anyone, this could result in
> long and protracted battles, and at best, you might end up with a partial
> return of the space if the person allocated the space decides to dig their
> heels in.  Space that has been “hijacked” in this manner could not be
> reliably allocated to anyone else with them being guaranteed full
> reachability when they use it.
>
> It won't be large entities that refuse to comply with policy for the most
> part, IMHO. Large entities have too much
> to lose on the PR front by looking like they are attempting to support their
> business by stealing from developing
> nations.
> Space allocated today without hijacks comes with no guarantee of any
> reachability, so, I don't see how your
> last sentence matters at all.
>
> B.) The question needs to be asked, by the time the soft landing policy
> kicks in (when we are down to a single /8), will the rest of the world still
> be completely dual-stacked, or will we have started to see a lot of IPv6
> only addresses appearing.  If the latter is the case, the space is now
> getting worth less and less, and in effect, we have held onto space that
> could have been used faster and to the benefit of the african community
> through the proposal as outlined, rather than letting it lie there unused
> until there was little point to it any more.
>
> Ideally, this will be the case. However, due to the uncertainty of the
> situation, I would hate to see the space
> squandered for a very small short-term gain and subsequently become
> otherwise important within the
> region, yet unavailable.
>
> C.) IANA is already working on policies to allow for inter-RIR IP space
> transfer, how long before the rest of the world starts demanding AfriNIC
> return its resources because we’re not using them fast enough, and once
> again, the resources are gone from africa without ANY benefit to the african
> community?
>
> This is not completely correct. Members of the ASO AC are moving a global
> policy proposal through the PDP
> in each region to see if they can create a global inter-RIR transfer policy.
> (Actually, I forget whether it is
> global or globally coordinated).
>
> D.) Considering the points in (A), how will AfriNIC verify that a company
> requesting IP space and membership in AfriNIC is nothing more than a shell
> company created in Africa PURELY for the purposes of taking IP Space outta
> the continent? How is AfriNIC going to verify that the company is actually
> doing legitimate business on the African continent enough to justify that
> space and using it here?  And how do we plan to deal with large African
> companies that have huge international holdings out of the region?  Deny the
> AFRICAN company space because the other RIR’s have run out of space, and
> force the AFRICAN company to stop global expansion because we don’t want our
> IP space used off continent?  Doesn’t that rather fly in the face of the
> ideal of benefiting the African community?
>
> There are a number of possible ways. I trust that the AfriNIC staff can do
> so with a reasonably good
> degree of success.
>
> Yes, its nice to be idealistic and say we can fix the problems and keep the
> resources, but reality says, even if there are fixes for these problems,
> they are not fixes that can be implemented in time to stop the grabbing of
> IP resources.  Further more, the question needs to be asked, do we really
> want to be creating the illusion that IPv4 can last for so many more years
> on the African continent when the reality is, the value of IPv4 space is
> directly proportional to how much of the rest of the world is reachable
> using that space.  As the rest of the world runs out, we need to realize
> that we need to move on, stop looking for ways to drag out the inevitable
> and call a spade a spade, IPv4 is at its end of life.  As such, to avoid the
> psychological illusion that we have loads of it that will last for years,
> lets reduce that, spread it out with the foreign entities and at the same
> time benefit as the African community from doing so.
>
> You appear to live in a different reality than I do.
> I do not believe that current policy creates any such illusion. I believe
> current policy provides that if addresses
> are needed within the region for any of a multitude of reasons, they will
> remain available within the region.
> I think that the vast majority of international content will remain dual
> stacked. I think that what will be IPv6 only
> initially in the other regions will be residential end-users. Since you
> mostly can't directly reach a residential
> end-user in a meaningful way today, I don't see this as a major impediment.
> Keep in mind that I am one of the biggest cheerleaders for IPv6 rollout and
> yet I am still suggestion that
> the AfriNIC community approach disposing of their IPv4 resources with
> caution.
>
> A resource that will never get used is worthless, a resource that will
> inevitably get stolen if you don’t find a way to regulate that is better off
> distributed for some gain before that happens.
>
> We're not sure we won't get carjacked, so, let's sell our car to the first
> person that offers us $100?
> Not my idea of prudence.
>
> I would LOVE to hear the counter arguments that give solid answers as to how
> the problem can be addressed to avoid the situation I describe above, but as
> of yet, and after speaking to many people, I have yet to hear anything that
> shows a solution.  So, let us profit from what we have, and use the money
> generated to promote something that has some longevity, rather than ending
> up with nothing.
>
> See above.
> Owen
>
> Just my thoughts
>
> Andrew
>
> On 2011/02/13 3:59 PM, "Walubengo J" <jwalu at yahoo.com> wrote:
>
> McTim,
>
> 1st, this being a "policy" platform, i would appreciate less abreviations
> and more straight english. SL, AFAIK, etc can only serve to increase
> confusion ;-).
>
> 2ndly, I do appreciate the bit about "out of africa" operators needing abit
> of afrinic resources - for interconnection purposes. Might that be your
> second point?
>
> what i dont understand is the insinuation that Afrinic should accept a
> policy proposal on the simple reason that they have NO choice...I would
> rather we address such a weakness rather than accept policies to re-inforce
> the same.
>
> walu.
> nb: am not saying am against the proposed proposa. that would be premature
> since I still dont understand the spirit behind the summary statement in the
> proposed policy.
>
> --- On Sat, 2/12/11, McTim <dogwallah at gmail.com> wrote:
>
> From: McTim <dogwallah at gmail.com>
> Subject: Re: [AfriNIC-rpd] Proposal: Out of region sales of IPv4 space
> To: "Walubengo J" <jwalu at yahoo.com>
> Cc: rpd at afrinic.net, "Graham Beneke" <graham at apolix.co.za>
> Date: Saturday, February 12, 2011, 2:48 PM
>
>
>
> On Sat, Feb 12, 2011 at 1:47 PM, Walubengo J <jwalu at yahoo.com
> </mc/compose?to=jwalu at yahoo.com> > wrote:
>
> Could someone explain the summary bit that I have highlighted - does it mean
> the african region has no way of protecting its IP resources?
>
> We have the SL policy. AFAIK, no other region has placed such a restriction
> on its resources.
>
> Sometimes folk have good reasons to use addresses in Region B and C, even
> though they were obtained in region A.  If a compnay has a global network
> for example, is it fair to make them become 5 different LIRs, one in each
> region?  It also helps in aggregation to have fewer blocks allocated to
> large networks.
>
> What drc has pointed out is that it is non-trivial to determine where
> resources are used.
>
> _______________________________________________
> rpd mailing list
> rpd at afrinic.net
> https://lists.afrinic.net/mailman/listinfo.cgi/rpd
>
>
> _______________________________________________
> rpd mailing list
> rpd at afrinic.net
> https://lists.afrinic.net/mailman/listinfo.cgi/rpd
>
>



-- 
--
=========================
Carlos M. Martinez-Cagnazzo
http://www.labs.lacnic.net
=========================