Search RPD Archives
Limit search to: Subject & Body Subject Author
Sort by:

[AfriNIC-rpd] Policy Proposal: End user classification for Universities

Owen DeLong owen at delong.com
Fri Jun 29 21:55:35 UTC 2012



Sent from my iPad

On Jun 29, 2012, at 4:46 PM, Seun Ojedeji <seun.ojedeji at gmail.com> wrote:

> 
> On Jun 29, 2012 1:20 PM, "Owen DeLong" <owen at delong.com> wrote:
> >Policy at ARIN is much like that of AfriNIC. If you are assigning addresses to external entities, you are an LIR. If you are not, you are an end-user.
> 
> You have summed this up perfectly, and I think the phrase "external entities" is what needs to be put in perspective. As far as each Nigeria institution is concerned, it does not classify it's faculties, departments, staff quarters, classrooms, dorms, and admin blocks as external entities. So that makes us an end user right?
> 
Not necessarily... Do you have a policy and/or any enforcement mechanism which prevents students from deploying routers in their dorms and/or prevents your faculty from deploying their own routers in their staff quarters and running their own subordinate networks with or without your knowledge?

If not, then I don't see how you can claim those are not external entities just as any other residential ISP.

> For the most part, ARIN allows for organizations to self-select a category, but, there are also advantages and disadvantages associated with each category which tend to push organizations into selecting the correct category to avoid boxing themselves into an uncomfortable corner later.
> 
> Sure everything has pros and cons and the option for a university to either sign up for end user or LIR is there, hence the reason why SF gave an example of a university being an ISP. The point is if I opt for end user option, why should I be denied and given only LIR option when I am not providing service to an external entity (using how external entity is viewed by law in my institution).
> 

See my above clarification of external entity. Unless you allow staff quarters and/or students in dorms to order service from competing ISPs in lieu of connecting to your network and/or have some way to prevent them from installing and operating their own network facilities attached via routers you do not control connected to your network, then, whether you are aware of it or not, you are, in fact, providing addresses to devices not under your administrative control.

I don't know whether AfriNIC's interpretation of the phrase external entities matches mine or not, but, I think you would be hard pressed to argue that my interpretation is not at least one valid interpretation.

Bottom line, IMHO if you have administrative access to every device that receives one of your numbers, then you are an end-user. If you delegate your numbers to devices you do not control, then you are an LIR whether you realize it or not and whether you are recorded as such or not.

To the best of my knowledge, you are unlikely to have administrative access to the laptops, ipads, iphones, ipods, desktop computers, routers, switches, blu-ray players, playstations, xboxes, and other IP consuming devices that your students and/or faculty deploy within their rented spaces in your residential facilities. If your faculty and students are required to surrender such administrative access to the university, then I stand skeptical, but corrected.

> At this point, it can only make sense of AfriNIC note points me to their own policy terms which defines external policies as different from the way I understood it.
> >
> 
> >
> > You would not say that an apartment complex which provides internet to every apartment is an end-user, (or at least I would not), but, would classify them as an LIR because they provide addressing to support networks which are not within their administrative control.
> >
> How do you mean the networks are not within administrative control...Owen the service is not stationary it's suppose to be distributed to all the university community users and ofcourse they will require IP address to connect to the university network. So if I shutdown for instance my dhcp server, will they still be able to use the service? Is that not me controlling the network?
> 

Yes, unless your DHCP server is associated with some form of NAC, ala what happens in DOCSIS, they can forge an address if necessary or continue using their old lease until it expires (and possibly beyond on some clients).

The bigger question is -- can you authoritatively change the network configuration of the device without the end user's additional permission or consent?

I'm not sure what you mean about "the service is not stationary". The ethernet jack in a dorm room (if such exists) is most certainly stationary. If it's not an ethernet jack, then the WAP(s) in the dorm building are also stationary though they may be part of a larger wireless network that affords mobility to (some of) its clients.

I did not say you didn't control the network. I said you are assigning addresses to devices you do not control.

An end-user, such as most enterprises actually retains administrative control over the laptops that the company provides to its employees. I will admit that the new trend towards BYOD in the enterprise creates a significant grey area and the blurring of the line created by that grey area might shift the line to encompass such university networks eventually, but, I tend to doubt it.

I still stand by drawing the division based on whether the device you assign an address to might be a router which you do not control that supports a network topology behind said router outside of your control, whether you know about it or not. In the enterprise, this is (almost always) prohibited by policy and considered a "firing offense" enforced by human administration and not technology, but enforced nonetheless.

In the case of a dorm room and/or a faculty housing unit, I would say that the likely deployment of a router is probably the rule rather than the exception.

> > After it hits the first router in the dorm-room, anything behind that is not within the university's administrative control.
> 
> Ah! Are you kidding me. Who bought the router and placed it there in the first place? who provided IP service to the router. I think you are using the term administrative control wrongly(this is basic networking).
> 
The student or faculty member occupying the dorm. A linksys or netgear or d-link router can be had for about US$40. It probably got its address for its upstream port from your DHCP server and uses RFC-1918 space chosen either by vendor default or by the occupant of said residence for the downstream network(s).

Are you kidding me?

Do you really purport to claim that students can't/don't/won't do this?
> Hence, I argue that dorms are, in fact, external connections where the university is acting as an ISP.
> 

I think you were either misunderstanding what I was talking about or you have a very creative idea of what constitutes administrative control. A residential ISP (DSL, Cable, PON, 3G/4G, whatever) can turn off a household by turning off their upstream facilities. That does not mean they control the have administrative control of the devices within the household or that they are not an ISP.
> >
> As a matter of fact, most internet users are ISP in practical (not in policy) cos you could just share your pppoe connection in your household.
> 

Generally, you have administrative control of every device within your household. If you are getting multiple IP addresses from your provider via that PPPoE connection and distributing them to your neighbor, then, you are, in fact, an ISP and an LIR. However, you are an LIR subordinate to another LIR and not an AfriNIC direct allocation, so, it becomes largely irrelevant whether AfriNIC would consider you an LIR or EU.

> >
> > IMHO there are policy issues which go beyond price.
> >
> And what are the policy issues that goes beyond pricing on the current subject matter. 
> >
> I am gonna assume Owen is just having fun and not responding based on facts and realities on ground. This issue is of importance to African universities and I urge you to be objective on this matter. Many universities are still looking to one day when they did be able to sign up for their space and if the cost is by anyhow further increased, it gives we engineers more though time to
> 
Quite the contrary. Policy affects the requirements for registration of downstream assignments and allocations, contents of the whois database, the nature of your relationship with other ISPs in some cases, and more. All of these go beyond the price you pay to AfriNIC for your registration services.
> convince the school admins to pay that much for what is unseen!
> 
As I said, I do not oppose the idea of a fee structure for educational institutions that removes the pricing considerations. However, I do believe that assigning residential occupants addresses which are used to provide internet access to devices not owned by or administered by the university and still claiming to be an end user is side-stepping the intent and the plain text meaning of the policy, whether that is allowed or not.
> I hope you will identify with my views.
> 
I understand your views and I sympathize with your pricing concerns. However, the clean solution to that is to correct the pricing but recognize that the policies should apply consistently even if the pricing contains an exception for universities and possibly other forms of non-profit community-benefit networks.

Owen

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.afrinic.net/pipermail/rpd/attachments/20120629/f02b8207/attachment.html>


More information about the RPD mailing list